commit 40a971105ff162d0caa9e0a1c5fa3c0f7d3c2b72 Author: Damian Johnson <atagar@torproject.org> Date: Fri May 25 08:59:03 2012 -0700 Validate that signing key hash matches fingerprint When parsing server descriptors checking that their fingerprints match a hash of their signing key as part of validation. This requires the rsa module which is neither built in, nor is it packaged for debian distros. Installation of it is easy, but requires pip or easy-install. Instructions are available at... http://stuvel.eu/files/python-rsa-doc/installation.html It looks like python's builtin crypto module might be capable of doing this as well... http://stackoverflow.com/questions/5000434/python-rsa-library https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RS... However, those instructions include usage of a private member and the function that they suggest dosn't exist on my system (python 2.7.1), so I feel pretty justified in saying "the pycrypto builtin is crap for this use case, and patches welcome if someone can figure out how to make it work". All credit for this patch goes to Beck, who's been diving into the descriptor crypto on... https://trac.torproject.org/projects/tor/ticket/5810 --- stem/descriptor/server_descriptor.py | 36 ++++++++++++++++++++++++++++- test/unit/descriptor/server_descriptor.py | 26 +++++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletions(-) diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index f7d3437..7bf781f 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -31,9 +31,17 @@ import datetime import stem.descriptor import stem.descriptor.extrainfo_descriptor import stem.version +import stem.util.log as log import stem.util.connection import stem.util.tor_tools +try: + import rsa + IS_RSA_AVAILABLE = True +except ImportError: + log.info("Unable to import the rsa module. Because of this we'll be unable to verify server integrity.") + IS_RSA_AVAILABLE = False + # relay descriptors must have exactly one of the following REQUIRED_FIELDS = ( "router", @@ -569,6 +577,17 @@ class RelayDescriptor(ServerDescriptor): self._digest = None ServerDescriptor.__init__(self, raw_contents, validate, annotations) + + # if we have a fingerprint then checks that our fingerprint is a hash of + # our signing key + + if IS_RSA_AVAILABLE and validate and self.fingerprint: + pubkey = rsa.PublicKey.load_pkcs1(self.signing_key) + der_encoded = pubkey.save_pkcs1(format = "DER") + key_hash = hashlib.sha1(der_encoded).hexdigest() + + if key_hash != self.fingerprint.lower(): + raise ValueError("Hash of our signing key doesn't match our fingerprint. Signing key hash: %s, fingerprint: %s" % (key_hash, self.fingerprint.lower())) def is_valid(self): """ @@ -578,7 +597,22 @@ class RelayDescriptor(ServerDescriptor): True if our signature matches our content, False otherwise """ - raise NotImplementedError # TODO: implement + raise NotImplementedError # TODO: finish implementing + + # without validation we may be missing our signature + if not self.signature: return False + + # gets base64 encoded bytes of our signature without newlines nor the + # "-----[BEGIN|END] SIGNATURE-----" header/footer + + sig_content = self.signature.replace("\n", "")[25:-23] + sig_bytes = base64.b64decode(sig_content) + + # TODO: Decrypt the signature bytes with the signing key and remove + # the PKCS1 padding to get the original message, and encode the message + # in hex and compare it to the digest of the descriptor. + + return True def digest(self): if self._digest is None: diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py index 53b4675..6ad92b2 100644 --- a/test/unit/descriptor/server_descriptor.py +++ b/test/unit/descriptor/server_descriptor.py @@ -309,6 +309,32 @@ class TestServerDescriptor(unittest.TestCase): self.assertEquals(None, desc.socks_port) self.assertEquals(None, desc.dir_port) + def test_fingerprint_valid(self): + """ + Checks that a fingerprint matching the hash of our signing key will validate. + """ + + if not stem.descriptor.server_descriptor.IS_RSA_AVAILABLE: + self.skipTest("(rsa module unavailable)") + + fingerprint = "4F0C 867D F0EF 6816 0568 C826 838F 482C EA7C FE44" + desc_text = _make_descriptor({"opt fingerprint": fingerprint}) + desc = RelayDescriptor(desc_text) + self.assertEquals(fingerprint.replace(" ", ""), desc.fingerprint) + + def test_fingerprint_invalid(self): + """ + Checks that, with a correctly formed fingerprint, we'll fail validation if + it doesn't match the hash of our signing key. + """ + + if not stem.descriptor.server_descriptor.IS_RSA_AVAILABLE: + self.skipTest("(rsa module unavailable)") + + fingerprint = "4F0C 867D F0EF 6816 0568 C826 838F 482C EA7C FE45" + desc_text = _make_descriptor({"opt fingerprint": fingerprint}) + self._expect_invalid_attr(desc_text, "fingerprint", fingerprint.replace(" ", "")) + def test_minimal_bridge_descriptor(self): """ Basic sanity check that we can parse a descriptor with minimal attributes.