[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [stem/master] Check signing key length



commit ba932a1200b8b8507b01dd70f3c94e1ada9f63ff
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date:   Wed Mar 29 19:00:10 2017 +0200

    Check signing key length
    
    Ed25519 signing keys are documented as being 32 bytes. Might as well check for
    this.
---
 stem/descriptor/certificate.py            | 3 +++
 test/unit/descriptor/certificate.py       | 8 ++++++--
 test/unit/descriptor/server_descriptor.py | 1 +
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index e29a079..bab0a44 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -172,6 +172,9 @@ class Ed25519CertificateV1(Ed25519Certificate):
       if remaining_flags:
         flags.append(ExtensionFlag.UNKNOWN)
 
+      if extension_type == ExtensionType.HAS_SIGNING_KEY and len(extension_data) != 32:
+        raise ValueError('Ed25519 HAS_SIGNING_KEY extension must be 32 bytes, but was %i.' % len(extension_data))
+
       self.extensions.append(Ed25519Extension(extension_type, flags, extension_flags, extension_data))
       remaining_data = remaining_data[4 + extension_length:]
 
diff --git a/test/unit/descriptor/certificate.py b/test/unit/descriptor/certificate.py
index 57f6643..f46965a 100644
--- a/test/unit/descriptor/certificate.py
+++ b/test/unit/descriptor/certificate.py
@@ -41,7 +41,8 @@ class TestEd25519Certificate(unittest.TestCase):
     self.assertRaisesRegexp(ValueError, re.escape(exc_msg), Ed25519Certificate.parse, parse_arg)
 
   def test_basic_parsing(self):
-    cert_bytes = certificate(extension_data = [b'\x00\x02\x04\x07\x15\x12', b'\x00\x00\x05\x04'])
+    signing_key = b'\x11' * 32
+    cert_bytes = certificate(extension_data = [b'\x00\x20\x04\x07' + signing_key, b'\x00\x00\x05\x04'])
     cert = Ed25519Certificate.parse(cert_bytes)
 
     self.assertEqual(Ed25519CertificateV1, type(cert))
@@ -54,7 +55,7 @@ class TestEd25519Certificate(unittest.TestCase):
     self.assertEqual(b'\x01' * ED25519_SIGNATURE_LENGTH, cert.signature)
 
     self.assertEqual([
-      Ed25519Extension(type = 4, flags = [ExtensionFlag.AFFECTS_VALIDATION, ExtensionFlag.UNKNOWN], flag_int = 7, data = b'\x15\x12'),
+      Ed25519Extension(type = ExtensionType.HAS_SIGNING_KEY, flags = [ExtensionFlag.AFFECTS_VALIDATION, ExtensionFlag.UNKNOWN], flag_int = 7, data = signing_key),
       Ed25519Extension(type = 5, flags = [ExtensionFlag.UNKNOWN], flag_int = 4, data = b''),
     ], cert.extensions)
 
@@ -92,6 +93,9 @@ class TestEd25519Certificate(unittest.TestCase):
     self.assert_raises(certificate(extension_data = [b'']), 'Ed25519 extension is missing header field data')
     self.assert_raises(certificate(extension_data = [b'\x50\x00\x00\x00\x15\x12']), "Ed25519 extension is truncated. It should have 20480 bytes of data but there's only 2.")
 
+  def test_truncated_signing_key(self):
+    self.assert_raises(certificate(extension_data = [b'\x00\x02\x04\x07\11\12']), "Ed25519 HAS_SIGNING_KEY extension must be 32 bytes, but was 2.")
+
   def test_extra_extension_data(self):
     self.assert_raises(certificate(extension_data = [b'\x00\x01\x00\x00\x15\x12']), "Ed25519 certificate had 1 bytes of unused extension data")
 
diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py
index 5a1d94f..8af55c6 100644
--- a/test/unit/descriptor/server_descriptor.py
+++ b/test/unit/descriptor/server_descriptor.py
@@ -9,6 +9,7 @@ import tarfile
 import time
 import unittest
 
+import stem.descriptor
 import stem.descriptor.server_descriptor
 import stem.exit_policy
 import stem.prereq



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits