Leekspin

An Onion Router descriptor generator

Leekspin (á la the original internet masterpiece) is a small tool for generating mock Onion Router (OR) descriptors such as those used by relays, bridges, and Hidden Services (HS) within the Tor network in order to convey information about said relay, bridge, or Hidden Service to the Tor directory authorities, the bridge authority, Tor clients connecting to the network, and/or other relays within the network.

This tool is meant to be used to generate mock descriptors for testing or fuzzing other Tor libraries and programs, such as Stem, BridgeDB, and Tor. The keys, hash digests, and signatures generated within these mock descriptors are meant to be indistinguishable from those generated by real relays, bridges, and Hidden Services within the Tor network.

authors:Isis Lovecruft <isis@torproject.org> licence:MIT licence, see LICENSE file for details copyright:© 2013-2016 Isis Lovecruft, The Tor Project, Inc.

Installing

The very simplest way, if you use pip, would be to do:

$ pip install leekspin

Otherwise, the standard setuptools commands work just fine:

$ git clone https://git.torproject.org/user/isis/leekspin.git
$ cd leekspin
$ python setup.py install --record installed-files.txt

Running

Leekspin will install a script named… leekspin. To use it to generate twenty-three Bridge descriptors, do:

$ leekspin --bridge -n 23

And to generate forty-two Relay descriptors:

$ leekspin --relay -n 42

And, likewise, to generate ten hidden service descriptors, do:

$ leekspin --hidden-service -n 10

Commandline Flags

$ leekspin -h
usage: leekspin [-h] [[-v | -q] [--version] [-r | -b | -hs] [-n DESCRIPTORS]

Generate a signed set of network-status, extra-info, and server descriptor
documents for mock Tor relays or bridges.

Optional arguments:

-h, --help	show this help message and exit
-v, --verbose	print information to stdout
-q, --quiet	don’t print anything
--version	print leekspin version and exit

Descriptor types:

-r, --relay	generate Relay descriptors
-b, --bridge	generate Bridge descriptors
-hs, --hidden-service
	generate Hidden Service rendezvous descriptors

Descriptor variations:

-xt, --without-tap
	generate descriptors without TAP support, e.g. without RSA keys
-xn, --without-ntor
	generate descriptors without ntor support, e.g. without Ed25519 keys

Required arguments:

-n DESCRIPTORS, --descriptors DESCRIPTORS
	generate <n> sets of descriptors

Bugs

Should you decide to use this tool, and especially should you be so insane as to try hacking on it, you will likely find bugs. You may find bugs in Leekspin, BridgeDB, Stem, Tor’s specifications , and possibly even in Tor. Please, for math’s sake! Report them! The Tor developers will love you forever. You can report bugs on our issue tracker here .

Module Documentation

• Leekspin Module Documentation
  • leekspin.const
  • leekspin.crypto
  • leekspin.extrainfo
  • leekspin.generator
  • leekspin.netstatus
  • leekspin.nicknames
  • leekspin.ntor
  • leekspin.rendezvous
    • An example Hidden Service descriptor
  • leekspin.rsa
  • leekspin.server
  • leekspin.tls
  • leekspin.torversions
  • leekspin.util

Help Us Develop Leekspin!

To see all open tickets for Leekspin, please visit the Tor Project’s Trac instance.

Todo List

Todo

What version of PKCS#1? PKCS#1 v1.0? See https://bugs.torproject.org/13042.

(The original entry is located in /home/isis/code/torproject/leekspin/leekspin/crypto.py:docstring of leekspin.crypto.addPKCS1Padding, line 3.)

Todo

Make generation of permanent_ids deal with HS “stealth” authorisation.

(The original entry is located in /home/isis/code/torproject/leekspin/leekspin/generator.py:docstring of leekspin.generator.generateHSDesc, line 4.)

Todo

Implement per-client session_keys and descriptor_cookies, see rend-spec.txt §2.1.

(The original entry is located in /home/isis/code/torproject/leekspin/leekspin/generator.py:docstring of leekspin.generator.generateHSDesc, line 6.)

Todo

Remember to tell nickm to fix the description in his proposal about the ntor-onion-key padding removal.

(The original entry is located in /home/isis/code/torproject/leekspin/leekspin/ntor.py:docstring of leekspin.ntor.getNTORPublicKey, line 6.)

Todo

Which versions are which? What does the version string in an Hidden Service rendezvous-service-descriptor mean? Is it the revision number of the descriptor? The supported handshake protocol version? Currently, we just return the string "version 2", no matter what version is passed in.

(The original entry is located in /home/isis/code/torproject/leekspin/leekspin/rendezvous.py:docstring of leekspin.rendezvous.generateVersionLine, line 14.)

Indices and tables

• Index
• Module Index
• Search Page