Commit 3fcb74e9 authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Add more consistency checks in load_ed_keys 

Make sure that signing certs are signed by the right identity key,
to prevent a recurrence of #16530.  Also make sure that the master
identity key we find on disk matches the one we have in RAM, if we
have one.

This is for #16581.
parent 13603265

src/or/routerkeys.c

+19 −0
Original line number Diff line number Diff line
@@ -569,9 +569,24 @@ load_ed_keys(const or_options_t *options, time_t now) 
      sign_signing_key_with_id = id;

  }



  if (master_identity_key &&

      !ed25519_pubkey_eq(&id->pubkey, &master_identity_key->pubkey)) {

    FAIL("Identity key on disk does not match key we loaded earlier!");

  }



  if (need_new_signing_key && NULL == sign_signing_key_with_id)

    FAIL("Can't load master key make a new signing key.");



  if (sign_cert) {

    if (! sign_cert->signing_key_included)

      FAIL("Loaded a signing cert with no key included!");

    if (! ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey))

      FAIL("The signing cert we have was not signed with the master key "

           "we loaded!");

    if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0)

      FAIL("The signing cert we loaded was not signed correctly!");

  }



  if (want_new_signing_key && sign_signing_key_with_id) {

    uint32_t flags = (INIT_ED_KEY_CREATE|

                      INIT_ED_KEY_REPLACE|
@@ -589,6 +604,10 @@ load_ed_keys(const or_options_t *options, time_t now) 
    if (!sign)

      FAIL("Missing signing key");

    use_signing = sign;



    tor_assert(sign_cert->signing_key_included);

    tor_assert(ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey));

    tor_assert(ed25519_pubkey_eq(&sign_cert->signed_key, &sign->pubkey));

  } else if (want_new_signing_key) {

    static ratelim_t missing_master = RATELIM_INIT(3600);

    log_fn_ratelim(&missing_master, LOG_WARN, LD_OR,

src/or/torcert.c

+5 −4
Original line number Diff line number Diff line
@@ -181,9 +181,10 @@ tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out, 
  return 0;

}



/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to

 * the current time <b>now</b>.  Return 0 on success, -1 on failure.

 * Sets flags in <b>cert</b> as appropriate.

/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to the

 * current time <b>now</b>.  (If <b>now</b> is 0, do not check the expiration

 * time.) Return 0 on success, -1 on failure.  Sets flags in <b>cert</b> as

 * appropriate.

 */

int

tor_cert_checksig(tor_cert_t *cert,
@@ -192,7 +193,7 @@ tor_cert_checksig(tor_cert_t *cert, 
  ed25519_checkable_t checkable;

  int okay;



  if (now > cert->valid_until) {

  if (now && now > cert->valid_until) {

    cert->cert_expired = 1;

    return -1;

  }