mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-19 18:00:33 +01:00
Code Issues Projects Releases Wiki Activity

ed25519: Dirauths validate router ed25519 pubkeys before pinning.

Browse Source
This commit is contained in:
George Kadianakis 2017-06-27 15:53:00 +03:00 committed by Nick Mathewson
parent e8eee3a50e
commit a155035d20
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/or/dirserv.c
View File

@ -680,10 +680,22 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
/* Do keypinning again ... this time, to add the pin if appropriate */
int keypin_status;
if (ri->cache_info.signing_key_cert) {
ed25519_public_key_t *pkey = &ri->cache_info.signing_key_cert->signing_key;
/* First let's validate this pubkey before pinning it */
if (ed25519_validate_pubkey(pkey) < 0) {
log_warn(LD_DIRSERV, "Received bad key from %s (source %s)",
router_describe(ri), source);
control_event_or_authdir_new_descriptor("REJECTED",
ri->cache_info.signed_descriptor_body,
desclen, *msg);
routerinfo_free(ri);
return ROUTER_AUTHDIR_REJECTS;
}
/* Now pin it! */
keypin_status = keypin_check_and_add(
(const uint8_t*)ri->cache_info.identity_digest,
ri->cache_info.signing_key_cert->signing_key.pubkey,
! key_pinning);
pkey->pubkey, ! key_pinning);
} else {
keypin_status = keypin_check_lone_rsa(
(const uint8_t*)ri->cache_info.identity_digest);