commit 3fcb74e98b7247f9b35e8a5067bfa915e1705d3e Author: Nick Mathewson nickm@torproject.org Date: Tue Jul 14 11:27:49 2015 -0400
Add more consistency checks in load_ed_keys
Make sure that signing certs are signed by the right identity key, to prevent a recurrence of #16530. Also make sure that the master identity key we find on disk matches the one we have in RAM, if we have one.
This is for #16581. --- src/or/routerkeys.c | 19 +++++++++++++++++++ src/or/torcert.c | 9 +++++---- 2 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 81fa115..d38b5a3 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -569,9 +569,24 @@ load_ed_keys(const or_options_t *options, time_t now) sign_signing_key_with_id = id; }
+ if (master_identity_key && + !ed25519_pubkey_eq(&id->pubkey, &master_identity_key->pubkey)) { + FAIL("Identity key on disk does not match key we loaded earlier!"); + } + if (need_new_signing_key && NULL == sign_signing_key_with_id) FAIL("Can't load master key make a new signing key.");
+ if (sign_cert) { + if (! sign_cert->signing_key_included) + FAIL("Loaded a signing cert with no key included!"); + if (! ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey)) + FAIL("The signing cert we have was not signed with the master key " + "we loaded!"); + if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0) + FAIL("The signing cert we loaded was not signed correctly!"); + } + if (want_new_signing_key && sign_signing_key_with_id) { uint32_t flags = (INIT_ED_KEY_CREATE| INIT_ED_KEY_REPLACE| @@ -589,6 +604,10 @@ load_ed_keys(const or_options_t *options, time_t now) if (!sign) FAIL("Missing signing key"); use_signing = sign; + + tor_assert(sign_cert->signing_key_included); + tor_assert(ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey)); + tor_assert(ed25519_pubkey_eq(&sign_cert->signed_key, &sign->pubkey)); } else if (want_new_signing_key) { static ratelim_t missing_master = RATELIM_INIT(3600); log_fn_ratelim(&missing_master, LOG_WARN, LD_OR, diff --git a/src/or/torcert.c b/src/or/torcert.c index f028910..596cd2b 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -181,9 +181,10 @@ tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out, return 0; }
-/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to - * the current time <b>now</b>. Return 0 on success, -1 on failure. - * Sets flags in <b>cert</b> as appropriate. +/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to the + * current time <b>now</b>. (If <b>now</b> is 0, do not check the expiration + * time.) Return 0 on success, -1 on failure. Sets flags in <b>cert</b> as + * appropriate. */ int tor_cert_checksig(tor_cert_t *cert, @@ -192,7 +193,7 @@ tor_cert_checksig(tor_cert_t *cert, ed25519_checkable_t checkable; int okay;
- if (now > cert->valid_until) { + if (now && now > cert->valid_until) { cert->cert_expired = 1; return -1; }