commit ae6b73e847c64b7902a259f9f43f056ab41c0eb4 Author: Nick Mathewson nickm@torproject.org Date: Fri Oct 28 16:22:44 2016 -0400
Dirauth: Don't treat a router as reachable if the Ed25519 key didn't match --- src/or/dirserv.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 54b434d..b141a5d 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -3173,7 +3173,6 @@ dirserv_orconn_tls_done(const tor_addr_t *addr, const char *digest_rcvd, const ed25519_public_key_t *ed_id_rcvd) { - (void)ed_id_rcvd; // XXXX 15056 use this. node_t *node = NULL; tor_addr_port_t orport; routerinfo_t *ri = NULL; @@ -3184,8 +3183,24 @@ dirserv_orconn_tls_done(const tor_addr_t *addr, node = node_get_mutable_by_id(digest_rcvd); if (node == NULL || node->ri == NULL) return; + ri = node->ri;
+ if (ri->cache_info.signing_key_cert) { + /* We allow the node to have an ed25519 key if we haven't been told one in + * the routerinfo, but if we *HAVE* been told one in the routerinfo, it + * needs to match. */ + const ed25519_public_key_t *expected_id = + &ri->cache_info.signing_key_cert->signing_key; + tor_assert(!ed25519_public_key_is_zero(expected_id)); + if (! ed_id_rcvd || ! ed25519_pubkey_eq(ed_id_rcvd, expected_id)) { + log_info(LD_DIRSERV, "Router at %s:%d with RSA ID %s " + "did not present expected Ed25519 ID.", + fmt_addr(addr), or_port, hex_str(digest_rcvd, DIGEST_LEN)); + return; /* Don't mark it as reachable. */ + } + } + tor_addr_copy(&orport.addr, addr); orport.port = or_port; if (router_has_orport(ri, &orport)) {