[tor-bugs] #24002 [Core Tor/Tor]: Check for ed25519 key is inverted in pick_intro_point()

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Oct 26 12:52:58 UTC 2017 

#24002: Check for ed25519 key is inverted in pick_intro_point()
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:  (none)
     Type:  defect        |         Status:  needs_information
 Priority:  Medium        |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.2.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  prop224       |  Actual Points:
Parent ID:                |         Points:  0.5
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------
Changes (by dgoulet):

 * status:  new => needs_information


Comment:

 So `extend_info_from_node()` does a series of checks (through other
 functions) before setting the ed25519 key in the extend info object. In
 particular:

 {{{
   /* Don't send the ed25519 pubkey unless the target node actually
 supports
    * authenticating with it. */
   if (node_supports_ed25519_link_authentication(node)) {
     log_info(LD_CIRC, "Including Ed25519 ID for %s", node_describe(node));
     ed_pubkey = node_get_ed25519_id(node);
 }}}

 That `node_get_ed25519_id()` function checks both ri and md and make sure
 the ed key matches if they both exists. A NULL value can be returned but a
 `log_warn()` will happen or a `BUG()` which could ultimately lead to have
 a NULL ed key for a node that supports the ed25519 link auth. I think if
 that can happen, other places in Tor will go mad but lets be safe.

 Then going back to the check that `pick_intro_point()` does, once reached,
 if the link auth is confirmed, we assume the ed key is set. If we don't
 have link auth support, we make sure to not advertise an ed key that will
 make the extend fail if we did.

 All in all, I think we want that current check. We could be extra extra
 careful and check that we actually have an ed key if we support the link
 auth?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24002#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list