[tor-bugs] #22006 [Core Tor/Tor]: prop224: Validate ed25519 pubkeys to remove torsion component
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 4 11:39:02 UTC 2017
#22006: prop224: Validate ed25519 pubkeys to remove torsion component
------------------------------------+------------------------------------
Reporter: asn | Owner: asn
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs prop224 ed25519 | Actual Points:
Parent ID: #21888 | Points:
Reviewer: | Sponsor: SponsorR-can
------------------------------------+------------------------------------
Changes (by asn):
* status: assigned => needs_review
Comment:
OK, since Ian no longer has review comments for this branch, I'm pushing a
squashed `bug22006_v3` branch and marking it as `needs_review`.
Gitlab review here: https://gitlab.com/asn/tor/merge_requests/15
The only thing I don't like here is that in `60ed3d0e2` there is no way to
know that we are actually checking all ed25519 keys from the network. I
scanned the codebase to find places where we receive ed25519 keys, and I
think I identified all the high-level places in the code that accept such
keys but I don't know if I found all of them.
I did this because Ian suggested it here:
https://lists.torproject.org/pipermail/tor-dev/2017-April/012230.html
If we want to take this seriously and ensure that we do it for all keys
received on the net, we could add a `int key_is_validated` flag to
`ed25519_public_key_t`, and throw a BUG() (or return -1) if we ever try to
verify a signature with a non-validated pubkey.
What do you guys think? FWIW, for most cases this is not a life-or-death
validation, but more like a nice thing to do to avoid any edge-case
esoteric attacks.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22006#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list