[tor-bugs] #17668 [Tor]: moria1, with updated v3 cert: Bug: Generated a networkstatus consensus we couldn't parse.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 22 22:17:39 UTC 2016
#17668: moria1, with updated v3 cert: Bug: Generated a networkstatus consensus we
couldn't parse.
------------------------------------------------+--------------------------
Reporter: arma | Owner: nickm
Type: defect | Status: accepted
Priority: High | Milestone: Tor:
Component: Tor | 0.2.7.x-final
Severity: Blocker | Version:
Keywords: 201512-deferred, TorCoreTeam201602 | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
------------------------------------------------+--------------------------
Comment (by Sebastian):
60efce445b17d4b4153e91527887873812f5599f looks fine. Needs a tor-spec
patch to go with it, tho.
42750ab63c2a5dc2b5c0fd96335fd043b6beef32:
General note: The style for opening and closing comments is inconsistent,
sometimes they go on their own line, sometimes not. Do we care? I don't
necessarily.
{{{
+/** Helper: add a single vote_routerstatus_t <b>vrs</b> to the collator
+ <b>dc</b>, indexing it by */
}}}
this wants expansion
{{{
+/** Sort the entries in <b>dc</b> according to <b>consensus_method</b>,
so
+ * that the consensus process can iterate over them with
+ * <b>dircollator_n_routers</b> and dircollator_get_votes_for_router</b>.
*/
}}}
this wants a <b> before the dircollator_get_votes_for_router
{{{
+/**
+ * Collation function for ed25519 consensuses: collate the votes for each
+ * entry in <b>dc</b> by ed25519 key and by RSA key.
+ *
+ * The rule is:
+ * If an RSA identity key is listed by more than half of the
authorities,
+ * include it, and treat all routers with that identity as the same.
+ */
}}}
This should probably explain what this means for conflicts of the ed25519
keys?
{{{
+ /* If not enough authroties listed this exact <ed,rsa> pair,
+ * don't include it. */
}}}
typo authorities
Should we add asserts to the functions that say "this may only be called
after dircollator_collate"? seems like we have the is_collated field for
that purpose.
{{{
+ /** Map from <ed, RSA-SHA1> pair to an array similar to that used in
+ * by_rsa_sha1 above. */
}}}
what happens for duplicate rsa keys? Should spell it out I think
7cd091220c35c71025ab90cfa0bd18d206c29e8e:
the function name is networkstatus_parse_vote_from_string() - that seems
misleading if we're treating consensuses?
I don't get it especially for stuff like this:
{{{
if (ns->type != NS_TYPE_CONSENSUS) {
if (check_signature_token(ns_digests.d[DIGEST_SHA1], DIGEST_LEN,
tok, ns->cert->signing_key, 0,
- "network-status vote")) {
+ "network-status document")) {
}}}
3941fa64ccf10dda5ac224bb1160564581c0e213:
I'm unsure this is sufficient. Can't we still construct a consensus from a
situation where (consider attacking relays):
one dirauth publishes two rsa keys without ed keys, four dirauths publish
one of the rsa keys with an ed key, the other four publish the other rsa
key with the same ed key? Once I'm convinced this cannot happen I'll
review the logic of this commit, too
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17668#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list