[tor-commits] [stem/master] Check signing key length
atagar at torproject.org
atagar at torproject.org
Thu Mar 30 04:18:03 UTC 2017
commit ba932a1200b8b8507b01dd70f3c94e1ada9f63ff
Author: Damian Johnson <atagar at torproject.org>
Date: Wed Mar 29 19:00:10 2017 +0200
Check signing key length
Ed25519 signing keys are documented as being 32 bytes. Might as well check for
this.
---
stem/descriptor/certificate.py | 3 +++
test/unit/descriptor/certificate.py | 8 ++++++--
test/unit/descriptor/server_descriptor.py | 1 +
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index e29a079..bab0a44 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -172,6 +172,9 @@ class Ed25519CertificateV1(Ed25519Certificate):
if remaining_flags:
flags.append(ExtensionFlag.UNKNOWN)
+ if extension_type == ExtensionType.HAS_SIGNING_KEY and len(extension_data) != 32:
+ raise ValueError('Ed25519 HAS_SIGNING_KEY extension must be 32 bytes, but was %i.' % len(extension_data))
+
self.extensions.append(Ed25519Extension(extension_type, flags, extension_flags, extension_data))
remaining_data = remaining_data[4 + extension_length:]
diff --git a/test/unit/descriptor/certificate.py b/test/unit/descriptor/certificate.py
index 57f6643..f46965a 100644
--- a/test/unit/descriptor/certificate.py
+++ b/test/unit/descriptor/certificate.py
@@ -41,7 +41,8 @@ class TestEd25519Certificate(unittest.TestCase):
self.assertRaisesRegexp(ValueError, re.escape(exc_msg), Ed25519Certificate.parse, parse_arg)
def test_basic_parsing(self):
- cert_bytes = certificate(extension_data = [b'\x00\x02\x04\x07\x15\x12', b'\x00\x00\x05\x04'])
+ signing_key = b'\x11' * 32
+ cert_bytes = certificate(extension_data = [b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04'])
cert = Ed25519Certificate.parse(cert_bytes)
self.assertEqual(Ed25519CertificateV1, type(cert))
@@ -54,7 +55,7 @@ class TestEd25519Certificate(unittest.TestCase):
self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature)
self.assertEqual([
- Ed25519Extension(type = 4, flags = [ExtensionFlag.AFFECTS_VALIDATION, ExtensionFlag.UNKNOWN], flag_int = 7, data = b'\x15\x12'),
+ Ed25519Extension(type = ExtensionType.HAS_SIGNING_KEY, flags = [ExtensionFlag.AFFECTS_VALIDATION, ExtensionFlag.UNKNOWN], flag_int = 7, data = signing_key),
Ed25519Extension(type = 5, flags = [ExtensionFlag.UNKNOWN], flag_int = 4, data = b''),
], cert.extensions)
@@ -92,6 +93,9 @@ class TestEd25519Certificate(unittest.TestCase):
self.assert_raises(certificate(extension_data = [b'']), 'Ed25519 extension is missing header field data')
self.assert_raises(certificate(extension_data = [b'\x50\x00\x00\x00\x15\x12']), "Ed25519 extension is truncated. It should have 20480 bytes of data but there's only 2.")
+ def test_truncated_signing_key(self):
+ self.assert_raises(certificate(extension_data = [b'\x00\x02\x04\x07\11\12']), "Ed25519 HAS_SIGNING_KEY extension must be 32 bytes, but was 2.")
+
def test_extra_extension_data(self):
self.assert_raises(certificate(extension_data = [b'\x00\x01\x00\x00\x15\x12']), "Ed25519 certificate had 1 bytes of unused extension data")
diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py
index 5a1d94f..8af55c6 100644
--- a/test/unit/descriptor/server_descriptor.py
+++ b/test/unit/descriptor/server_descriptor.py
@@ -9,6 +9,7 @@ import tarfile
import time
import unittest
+import stem.descriptor
import stem.descriptor.server_descriptor
import stem.exit_policy
import stem.prereq
More information about the tor-commits
mailing list