Google Summer of Tor 2010 - JTor Hidden Services

Monday, August 9, 2010, 07:39 PM ( 14 views )  - Posted by Administrator
Today is the unofficial pencils down date. Too bad I am not ready to put my pencil down yet. I have until Friday to pull everything together and complete what I have left, because that is the official pencils down date. I have had a lot of obstacles when facing the challenge of completing my project - both personal and comprehensive. For example, my HDD decided to not want to mount last week while I was out of town. Luckily I was able to get a new one salvage the data.

There are a few bugs currently in the JTor code that I am not mantaining. The first being a problem with the directory fetching and storage of the list of routers. The list gets fetched and stored, but, I believe, that when the initial circuits are created the list gets emptied. The fix I have used for this is to just reload the router information before I have to use it.

The second bug is a problem with the circuits connecting a stream to a destination. The circuits are created upon initialization, and when using the API to attempt to connect to a server over a Tor stream the stream rarely connects. This is apparently caused by JTor wanting a certain type of circuit but it not existing, so it waits indefinitely. These bugs among other missing functionality make it difficult to have a fully functioning Hidden Services. But I am providing as much functionality as I can so that when those features are fixed and others finished, it will work. In addition, since I am using test driven development I am writing all the tests to ensure the working state of hidden services come these features.

There are a few things that I have added placeholders for in the JTor code that do not exist yet. The first is creating circuits for Hidden Service connections. Currently the only circuits allowed are three hop ones and there wasn't a spot in the API to do otherwise. Also the CircuitManager class needs the ability to create exclusive circuits that will not be used regularly, like the ones between the hidden service and its introduction points.

Looking at the list of features for my original proposal below - I am almost there. For the publication parts - I have completed the V2 Service Descriptor, the advertising of the descriptor. The bad directory checking needs to be added - that will be simple, because it is just a fetch of the descriptor after it has been published. Establishing of introduction points is difficult to verify because of the bug with sending data over a circuit. Fetching of the service descriptor, parsing, verification and periodic fetching have all been implemented. Only descriptor cookies are supported for authentication mechanisms right now. The cells have been created but not tested. I still need to write the tests for them and make sure they are complete. For configuration, I have implemented the ability to create a hidden service from a Tor client hidden service folder. As for the authentication mechanisms, I am going to have to cut those off at descriptor cookie auth for the summer. I am still yet to merge my changes into the rend-spec that Karsten had modified. I am going to be working on the things mentioned as incomplete above until the end of the week. All these changes will be on my github.


Monday, June 21, 2010, 10:40 PM ( 12 views )  - Posted by Administrator
I am not posting a pie chart for this progress report, because it would look like pac-man with the big slice reading something like 'silly bug hunt.' I spent way too much time trying to fix the encoded output of the onion address. It turns out that the problem was that I was using the base32 encoding described in rfc4648 instead of rfc3548. It was a very big noob moment for me. Luckily it was a learning experience as I spent a lot of time making sure the PK was encoded correctly and that the hash was being performed correctly. But the reason it was a silly bug was because I hardly considered having the wrong rfc as the source of my problem. Either way I wasted some time that I really didn't want to. The good news is the onion address is now being created correctly (hooray?). I am going try not to dwell on it and focus on what I have done and what I am going to do in the next two weeks.

I believe the output created by the JTor V2 Service Descriptor is accurate. My next step is to write the part of the client that fetches and parses the V2 service descriptor. That way I can run my test Hidden Service through Tor, fetch the descriptor through JTor and test it against the descriptor that I created. I say this so that I can work on parsing/fetching service descriptors, in addition the content of the service descriptor changes over time because of how the descriptor id is calculated. I can't compare the values without getting a recent service descriptor from directory services.

As for the documentation, I have been focusing on rendclient and rendservice, the endpoints of hidden services and not so much on rendmid yet. I have found that the spec is lacking a lot in the parts for client authentication mechanisms. That is pretty obvious when you check out rend-spec and section 2's text just reads 'foo.' I have been making notes about the changes from the proposals and added a new-rend-spec.txt to my git repo. I just need to dig into the tor code to be sure about what was actually implemented from the proposals.

I am planning on working my ass off these next few weeks, because I feel kind of behind from losing a bunch of time this past week due to that silly bug. Also, after talking to my mentor I am trying to make the steps to be more vocal about my road blocks instead of being stubborn for fear of sounding noobish. I had told him about my problem initially, but there was some miscommunication where he thought I had solved the problem. Bottom line is that the more we discuss the better off I am.

Over and out.

Monday, June 7, 2010, 03:58 PM ( 12 views )  - Posted by Administrator
Two weeks into SoC already - that was fast. To make this exciting I made a pie chart of what I have been spending my time on (pie charts are exciting).



I have been spending a lot of my time going through the existing Tor code and seeing how it is implemented. This was a very daunting task initially, but Eclipse has made that task much easier. I have been refactoring my old code, making sure it is correct and writing Tests. I wrote some code to initialize a Hidden Service from a Tor hidden service directory, so that it would be easily compatible with that configuration. Currently I am working on making one of my tests pass - creating the same onion address for the service. Which, at the current point is not working - I believe it has something to do with the way I am hashing in the info or how I am converting it to base32 chars.

My plan for the next two weeks is to drive on with tests. The next test I am writing is to make sure that the V2 Service descriptor created is the same as Tor. Once that part is successful, I will write the tests for establishing intro points and publishing the service descriptor. Once all of those pass, publishing will be mostly done (with the exception of client authentication, which will probably not fit in these two weeks). Be sure to check my github to see my code, any suggestions are encouraged.



Wednesday, May 26, 2010, 10:27 AM ( 12 views )  - Posted by Administrator
Hooray, GSoC is finally here - and I am a little behind. Spent the first two days of GSoC moving from Philadelphia to Austin. But now I am settled and I have the internet, and so it begins. I am going to take on the V2 Service Descriptors first. The Service Descriptor holds the information necessary to connect to the Hidden Service. I am going to need a way to ensure that the service descriptor that JTor creates would be the same as the one created (with the same keypair, port etc.) by Tor. So I need to create a method to facilitate this testing along with the actual descriptor code.

Wednesday, May 19, 2010, 06:25 PM ( 12 views )  - Posted by Administrator
My friend whipped up this spoof on the painting "The Son of Man" by Magritte, that is an onion in front of his face.

| 1 | 2 | Next> Last>>