commit 50ad3939242885b1a1a11688abd0c9756631747f Author: Nick Mathewson nickm@torproject.org Date: Fri Apr 11 10:22:14 2014 -0400

Code to blacklist authority signing keys

(I need a list of actual signing keys to blacklist.) --- changes/bug11464_023 | 5 +++++ src/or/networkstatus.c | 11 +++++++++++ src/or/routerlist.c | 22 ++++++++++++++++++++++ src/or/routerlist.h | 1 + src/or/routerparse.c | 8 ++++++++ 5 files changed, 47 insertions(+)

diff --git a/changes/bug11464_023 b/changes/bug11464_023 new file mode 100644 index 0000000..a9cd658 --- /dev/null +++ b/changes/bug11464_023 @@ -0,0 +1,5 @@ + o Major features (security): + - Block every authority signing key that was used on an authority + vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160). + (We don't have any evidence that these keys _were_ compromised; + we're doing this to be prudent.) Resolves ticket 11464. diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index e780ead..10cc562 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -453,6 +453,17 @@ networkstatus_check_document_signature(const networkstatus_t *consensus, DIGEST_LEN)) return -1;

+ if (authority_cert_is_blacklisted(cert)) { + /* We implement blacklisting for authority signing keys by treating + * all their signatures as always bad. That way we don't get into + * crazy loops of dropping and re-fetching signatures. */ + log_warn(LD_DIR, "Ignoring a consensus signature made with deprecated" + " signing key %s", + hex_str(cert->signing_key_digest, DIGEST_LEN)); + sig->bad_signature = 1; + return 0; + } + signed_digest_len = crypto_pk_keysize(cert->signing_key); signed_digest = tor_malloc(signed_digest_len); if (crypto_pk_public_checksig(cert->signing_key, diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c39e36..e993e13 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -458,6 +458,28 @@ authority_cert_dl_failed(const char *id_digest, int status) download_status_failed(&cl->dl_status, status); }

+static const char *BAD_SIGNING_KEYS[] = { + "----------------------------------------", + NULL, +}; + +/** DOCDOC */ +int +authority_cert_is_blacklisted(const authority_cert_t *cert) +{ + char hex_digest[HEX_DIGEST_LEN+1]; + int i; + base16_encode(hex_digest, sizeof(hex_digest), + cert->signing_key_digest, sizeof(cert->signing_key_digest)); + + for (i = 0; BAD_SIGNING_KEYS[i]; ++i) { + if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) { + return 1; + } + } + return 0; +} + /** Return true iff when we've been getting enough failures when trying to * download the certificate with ID digest <b>id_digest</b> that we're willing * to start bugging the user about it. */ diff --git a/src/or/routerlist.h b/src/or/routerlist.h index 8dcc6eb..bd55b7b 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -25,6 +25,7 @@ void authority_cert_dl_failed(const char *id_digest, int status); void authority_certs_fetch_missing(networkstatus_t *status, time_t now); int router_reload_router_list(void); int authority_cert_dl_looks_uncertain(const char *id_digest); +int authority_cert_is_blacklisted(const authority_cert_t *cert); smartlist_t *router_get_trusted_dir_servers(void);

const routerstatus_t *router_pick_directory_server(dirinfo_type_t type, diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 299d07d..97e0bc8 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -3053,6 +3053,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, log_warn(LD_DIR,"Mismatch between identities in certificate and vote"); goto err; } + if (ns->type != NS_TYPE_CONSENSUS) { + if (authority_cert_is_blacklisted(ns->cert)) { + log_warn(LD_DIR, "Rejecting vote signature made with blacklisted " + "signing key %s", + hex_str(ns->cert->signing_key_digest, DIGEST_LEN)); + goto err; + } + } voter->address = tor_strdup(tok->args[2]); if (!tor_inet_aton(tok->args[3], &in)) { log_warn(LD_DIR, "Error decoding IP address %s in network-status.",