commit b487951b3a21b758b94baf23eaac54182cf6bdec Author: Damian Johnson atagar@torproject.org Date: Sat Sep 26 15:13:24 2020 -0700
Fix server descriptor fingerprint crypto check
Fixing a server descriptor bug where checking our fingerprint didn't honor our skip_crypto_validation argument. This bug made it difficult to create descriptors with a preset fingerprint...
>>> RelayDescriptor.create({'fingerprint': '4F0C 867D F0EF 6816 0568 C826 838F 482C EA7C FE44'}) ... ValueError: Fingerprint does not match the hash of our signing key (fingerprint: 4f0c867df0ef68160568c826838f482cea7cfe44, signing key hash: 8f54270a36526ab35895d5f899b6ae4059faecb3) --- stem/descriptor/server_descriptor.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index e49688e1..baa14969 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -762,13 +762,13 @@ class RelayDescriptor(ServerDescriptor): super(RelayDescriptor, self).__init__(raw_contents, validate)
if validate: - if self.fingerprint: - key_hash = hashlib.sha1(_bytes_for_block(self.signing_key)).hexdigest() + if not skip_crypto_validation: + if self.fingerprint: + key_hash = hashlib.sha1(_bytes_for_block(self.signing_key)).hexdigest()
- if key_hash != self.fingerprint.lower(): - raise ValueError('Fingerprint does not match the hash of our signing key (fingerprint: %s, signing key hash: %s)' % (self.fingerprint.lower(), key_hash)) + if key_hash != self.fingerprint.lower(): + raise ValueError('Fingerprint does not match the hash of our signing key (fingerprint: %s, signing key hash: %s)' % (self.fingerprint.lower(), key_hash))
- if not skip_crypto_validation: try: signed_digest = self._digest_for_signature(self.signing_key, self.signature)
tor-commits@lists.torproject.org