[tor-commits] [collector/master] Actually check that ed25519 identities match.

commit f4716c257cae3ed5486aa3dbba46a6388da436a2 Author: Karsten Loesing karsten.loesing@gmx.net Date: Wed Sep 28 19:58:20 2016 +0200

Actually check that ed25519 identities match. --- .../bridgedescs/SanitizedBridgesWriter.java | 5 +++ .../bridgedescs/SanitizedBridgesWriterTest.java | 39 ++++++++++++++++++++++ 2 files changed, 44 insertions(+)

diff --git a/src/main/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriter.java b/src/main/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriter.java index d93cd90..e09691c 100644 --- a/src/main/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriter.java +++ b/src/main/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriter.java @@ -816,6 +816,11 @@ public class SanitizedBridgesWriter extends CollecTorMain { masterKeyEd25519FromIdentityEd25519 = this.parseMasterKeyEd25519FromIdentityEd25519( sb.toString()); + if (masterKeyEd25519FromIdentityEd25519 == null) { + logger.warn("Could not parse master-key-ed25519 from " + + "identity-ed25519. Skipping descriptor."); + return; + } String sha256MasterKeyEd25519 = Base64.encodeBase64String( DigestUtils.sha256(Base64.decodeBase64( masterKeyEd25519FromIdentityEd25519 + "="))) diff --git a/src/test/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriterTest.java b/src/test/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriterTest.java index e248b10..c158d1a 100644 --- a/src/test/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriterTest.java +++ b/src/test/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriterTest.java @@ -379,6 +379,45 @@ public class SanitizedBridgesWriterTest { }

@Test + public void testServerDescriptorEd25519IdentityA() throws Exception { + this.defaultServerDescriptorBuilder.replaceLineStartingWith( + "identity-ed25519", Arrays.asList("identity-ed25519", + "-----BEGIN ED25519 CERT-----", + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", + "-----END ED25519 CERT-----")); + this.runTest(); + assertTrue("Ed25519 identity all A's conflicts with master key?", + this.parsedServerDescriptors.isEmpty()); + } + + @Test + public void testServerDescriptorEd25519IdentityEToF() throws Exception { + String change9sTo6s = + "ZEXE7RkiEJ1l5Ij9hc9TJOpM7/9XSPZnF/PbMfE0u3n3JbOO3s82GN6BPuA0v2Cs"; + this.defaultServerDescriptorBuilder.replaceLineStartingWith(change9sTo6s, + Arrays.asList(change9sTo6s.replaceAll("9", "6"))); + this.runTest(); + assertTrue("Mismatch between identity and master key.", + this.parsedServerDescriptors.isEmpty()); + } + + @Test + public void testServerDescriptorEd25519IdentitySlash() throws Exception { + this.defaultServerDescriptorBuilder.replaceLineStartingWith( + "identity-ed25519", Arrays.asList("identity-ed25519", + "-----BEGIN ED25519 CERT-----", + "////////////////////////////////////////////////////////////////", + "////////////////////////////////////////////////////////////////", + "///////////////////////////////////////////////////////////=", + "-----END ED25519 CERT-----")); + this.runTest(); + assertTrue("Ed25519 identity all slashes conflicts with master key.", + this.parsedServerDescriptors.isEmpty()); + } + + @Test public void testServerDescriptorFamilyInvalidFingerprint() throws Exception { this.defaultServerDescriptorBuilder.insertBeforeLineStartingWith(