[tor-commits] [stem/master] Exclude hash constant from signatures

atagar at torproject.org atagar at torproject.org
Tue Jun 20 16:17:12 UTC 2017


commit a41767c7363b2164cad7d666a927ff8eead75799
Author: Damian Johnson <atagar at torproject.org>
Date:   Tue Jun 20 08:54:57 2017 -0700

    Exclude hash constant from signatures
    
    Holy crap that was a pita. Oh well, got it. Python's cryptography module
    appends a constant indicating the hashing algorithm it uses whereas tor
    doesn't. This caused validation of descriptor signatures we add to fail
    with...
    
      ======================================================================
      ERROR: test_descriptor_signing
      ----------------------------------------------------------------------
      Traceback (most recent call last):
        File "/home/atagar/Desktop/stem/test/require.py", line 58, in wrapped
          return func(self, *args, **kwargs)
        File "/home/atagar/Desktop/stem/test/unit/descriptor/server_descriptor.py", line 260, in test_descriptor_signing
          RelayDescriptor.create(sign = True)
        File "/home/atagar/Desktop/stem/stem/descriptor/server_descriptor.py", line 860, in create
          return cls(cls.content(attr, exclude, sign, private_signing_key), validate = validate, skip_crypto_validation = not sign)
        File "/home/atagar/Desktop/stem/stem/descriptor/server_descriptor.py", line 808, in __init__
          raise ValueError('Decrypted digest does not match local digest (calculated: %s, local: %s)' % (signed_digest, self.digest()))
      ValueError: Decrypted digest does not match local digest (calculated: 3021300906052B0E03021A05000414FDE1A32B71718BFEBD610E76B6340EB4795A554A, local: FDE1A32B71718BFEBD610E76B6340EB4795A554A)
    
      ----------------------------------------------------------------------
    
    Note that they *do* actually match. Only trouble is that the former is prefixed
    by the following constant...
    
      3021300906052B0E03021A05000414
    
    Took a full day of head scratching but finally got a hint about what this is
    thanks to...
    
      https://crypto.stackexchange.com/questions/8780/verify-signature-failed
    
    Cryptography embeds a constant indicating the hash algorithm used (in this case
    sha1). Unfortunately this is baked pretty deep so the only way to exclude this
    is mocking out part of its internals. I'll shoot upstream a request in a bit to
    allow this to be toggled.
---
 stem/descriptor/server_descriptor.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index 3ad019a..499b53e 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -840,6 +840,17 @@ class RelayDescriptor(ServerDescriptor):
           backend = default_backend(),
         )
 
+        # When signing the cryptography module includes a constant indicating
+        # the hash algorithm used. Tor doesn't. This causes signature
+        # validation failures and unfortunately cryptography have no nice way
+        # of excluding these so we need to mock out part of their internals...
+        # ewww.
+
+        no_op = lambda *args, **kwargs: None
+
+        private_signing_key._backend._lib.EVP_PKEY_CTX_set_signature_md = no_op
+        private_signing_key._backend.openssl_assert = no_op
+
       # create descriptor content without the router-signature, then
       # appending the content signature
 





More information about the tor-commits mailing list