[tor-commits] [collector/master] Actually check that ed25519 identities match.
karsten at torproject.org
karsten at torproject.org
Fri Sep 30 13:48:49 UTC 2016
commit f4716c257cae3ed5486aa3dbba46a6388da436a2
Author: Karsten Loesing <karsten.loesing at gmx.net>
Date: Wed Sep 28 19:58:20 2016 +0200
Actually check that ed25519 identities match.
---
.../bridgedescs/SanitizedBridgesWriter.java | 5 +++
.../bridgedescs/SanitizedBridgesWriterTest.java | 39 ++++++++++++++++++++++
2 files changed, 44 insertions(+)
diff --git a/src/main/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriter.java b/src/main/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriter.java
index d93cd90..e09691c 100644
--- a/src/main/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriter.java
+++ b/src/main/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriter.java
@@ -816,6 +816,11 @@ public class SanitizedBridgesWriter extends CollecTorMain {
masterKeyEd25519FromIdentityEd25519 =
this.parseMasterKeyEd25519FromIdentityEd25519(
sb.toString());
+ if (masterKeyEd25519FromIdentityEd25519 == null) {
+ logger.warn("Could not parse master-key-ed25519 from "
+ + "identity-ed25519. Skipping descriptor.");
+ return;
+ }
String sha256MasterKeyEd25519 = Base64.encodeBase64String(
DigestUtils.sha256(Base64.decodeBase64(
masterKeyEd25519FromIdentityEd25519 + "=")))
diff --git a/src/test/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriterTest.java b/src/test/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriterTest.java
index e248b10..c158d1a 100644
--- a/src/test/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriterTest.java
+++ b/src/test/java/org/torproject/collector/bridgedescs/SanitizedBridgesWriterTest.java
@@ -379,6 +379,45 @@ public class SanitizedBridgesWriterTest {
}
@Test
+ public void testServerDescriptorEd25519IdentityA() throws Exception {
+ this.defaultServerDescriptorBuilder.replaceLineStartingWith(
+ "identity-ed25519", Arrays.asList("identity-ed25519",
+ "-----BEGIN ED25519 CERT-----",
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
+ "-----END ED25519 CERT-----"));
+ this.runTest();
+ assertTrue("Ed25519 identity all A's conflicts with master key?",
+ this.parsedServerDescriptors.isEmpty());
+ }
+
+ @Test
+ public void testServerDescriptorEd25519IdentityEToF() throws Exception {
+ String change9sTo6s =
+ "ZEXE7RkiEJ1l5Ij9hc9TJOpM7/9XSPZnF/PbMfE0u3n3JbOO3s82GN6BPuA0v2Cs";
+ this.defaultServerDescriptorBuilder.replaceLineStartingWith(change9sTo6s,
+ Arrays.asList(change9sTo6s.replaceAll("9", "6")));
+ this.runTest();
+ assertTrue("Mismatch between identity and master key.",
+ this.parsedServerDescriptors.isEmpty());
+ }
+
+ @Test
+ public void testServerDescriptorEd25519IdentitySlash() throws Exception {
+ this.defaultServerDescriptorBuilder.replaceLineStartingWith(
+ "identity-ed25519", Arrays.asList("identity-ed25519",
+ "-----BEGIN ED25519 CERT-----",
+ "////////////////////////////////////////////////////////////////",
+ "////////////////////////////////////////////////////////////////",
+ "///////////////////////////////////////////////////////////=",
+ "-----END ED25519 CERT-----"));
+ this.runTest();
+ assertTrue("Ed25519 identity all slashes conflicts with master key.",
+ this.parsedServerDescriptors.isEmpty());
+ }
+
+ @Test
public void testServerDescriptorFamilyInvalidFingerprint()
throws Exception {
this.defaultServerDescriptorBuilder.insertBeforeLineStartingWith(
More information about the tor-commits
mailing list