def load_config_file(self):
config_data = util.read_config_data_from_file(self.config_path)
logger.debug("Onionbalance config data: %s", config_data)
# Do some basic validation
if "services" not in config_data:
logger.error("Config file is bad. 'services' is missing. Did you make it with onionbalance-config?")
sys.exit(1)
# More validation
for service in config_data["services"]:
if "key" not in service:
logger.error("Config file is bad. 'key' is missing. Did you make it with onionbalance-config?")
sys.exit(1)
if "instances" not in service:
logger.error("Config file is bad. 'instances' is missing. Did you make it with onionbalance-config?")
sys.exit(1)
for instance in service["instances"]:
if "address" not in instance:
logger.error("Config file is wrong. 'address' missing from instance.")
sys.exit(1)
# Validate that the onion address is legit
try:
_ = HiddenServiceDescriptorV3.identity_key_from_address(instance["address"])
except ValueError:
logger.error("Cannot load instance with address: '%s'.", instance["address"])
logger.error("If you are trying to run onionbalance for v2 onions, please use the --hs-version=v2 switch")
sys.exit(1)
return config_data
def test_identity_key_from_address(self):
self.assertEqual(
HS_PUBKEY,
HiddenServiceDescriptorV3.identity_key_from_address(HS_ADDRESS))
self.assertRaisesWith(
ValueError, "'boom.onion' isn't a valid hidden service v3 address",
HiddenServiceDescriptorV3.identity_key_from_address, 'boom')
self.assertRaisesWith(
ValueError, 'Bad checksum (expected def7 but was 842e)',
HiddenServiceDescriptorV3.identity_key_from_address, '5' * 56)
def load_config_file(self):
config_data = util.read_config_data_from_file(self.config_path)
logger.debug("Onionbalance config data: %s", config_data)
# Do some basic validation
if "services" not in config_data:
raise ConfigError(
"Config file is bad. 'services' is missing. Did you make it with onionbalance-config?"
)
# More validation
for service in config_data["services"]:
if "key" not in service:
raise ConfigError(
"Config file is bad. 'key' is missing. Did you make it with onionbalance-config?"
)
if "instances" not in service:
raise ConfigError(
"Config file is bad. 'instances' is missing. Did you make it with "
"onionbalance-config?")
if not service["instances"]:
raise ConfigError(
"Config file is bad. No backend instances are set. Onionbalance needs at least 1."
)
for instance in service["instances"]:
if "address" not in instance:
raise ConfigError(
"Config file is wrong. 'address' missing from instance."
)
if not instance["address"]:
raise ConfigError(
"Config file is bad. Address field is not set.")
# Validate that the onion address is legit
try:
_ = HiddenServiceDescriptorV3.identity_key_from_address(
instance["address"])
except ValueError:
raise ConfigError(
"Cannot load instance with address: '{}'. If you are trying to run onionbalance "
"for v2 onions, please use the --hs-version=v2 switch".
format(instance["address"]))
return config_data
def test_load_tor_privkey(self):
privkey_bytes = binascii.unhexlify(PRIVKEY_FILE_HEX)
privkey = tor_ed25519.load_tor_key_from_disk(privkey_bytes)
pubkey = privkey.public_key()
# Make sure that the fake instances are right
self.assertTrue(isinstance(privkey, Ed25519PrivateKey))
self.assertTrue(isinstance(pubkey, Ed25519PublicKey))
# Make sure that the public key matches the onion address
onion_addr_pubkey_bytes = HiddenServiceDescriptorV3.identity_key_from_address(
ONION_ADDR)
self.assertEqual(onion_addr_pubkey_bytes, pubkey.public_bytes())
# Check that signature verification works
msg = b"07-04-2020 weird days"
msg_sig = privkey.sign(msg)
onion_addr_pubkey = tor_ed25519.TorEd25519PublicKey(
onion_addr_pubkey_bytes)
onion_addr_pubkey.verify(msg_sig, msg)
# Now check that it won't just verify any message
self.assertRaises(Exception, onion_addr_pubkey.verify, msg_sig,
b"another message another day")
# Now check that stem will accept this
self.assertEqual(stem.util._pubkey_bytes(privkey),
pubkey.public_bytes())
self.assertEqual(stem.util._pubkey_bytes(pubkey),
pubkey.public_bytes())
# Now check that blinding can work
blinded_key_bytes = stem.descriptor.hidden_service._blinded_pubkey(
privkey, b"a" * 32)
blinded_key = tor_ed25519.TorEd25519PublicKey(blinded_key_bytes)
signature = tor_ed25519._blinded_sign_with_tor_key(
b"haha", privkey, blinded_key_bytes, b"a" * 32)
blinded_key.verify(signature, b"haha")