[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [stem/master] Fix server descriptor fingerprint crypto check

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [stem/master] Fix server descriptor fingerprint crypto check
From: atagar@xxxxxxxxxxxxxx
Date: Fri, 2 Oct 2020 23:16:05 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Oct 2020 19:16:24 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit b487951b3a21b758b94baf23eaac54182cf6bdec
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date:   Sat Sep 26 15:13:24 2020 -0700

    Fix server descriptor fingerprint crypto check
    
    Fixing a server descriptor bug where checking our fingerprint didn't honor our
    skip_crypto_validation argument. This bug made it difficult to create
    descriptors with a preset fingerprint...
    
      >>> RelayDescriptor.create({'fingerprint': '4F0C 867D F0EF 6816 0568 C826 838F 482C EA7C FE44'})
      ...
      ValueError: Fingerprint does not match the hash of our signing key
      (fingerprint: 4f0c867df0ef68160568c826838f482cea7cfe44, signing key hash:
      8f54270a36526ab35895d5f899b6ae4059faecb3)
---
 stem/descriptor/server_descriptor.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index e49688e1..baa14969 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -762,13 +762,13 @@ class RelayDescriptor(ServerDescriptor):
     super(RelayDescriptor, self).__init__(raw_contents, validate)
 
     if validate:
-      if self.fingerprint:
-        key_hash = hashlib.sha1(_bytes_for_block(self.signing_key)).hexdigest()
+      if not skip_crypto_validation:
+        if self.fingerprint:
+          key_hash = hashlib.sha1(_bytes_for_block(self.signing_key)).hexdigest()
 
-        if key_hash != self.fingerprint.lower():
-          raise ValueError('Fingerprint does not match the hash of our signing key (fingerprint: %s, signing key hash: %s)' % (self.fingerprint.lower(), key_hash))
+          if key_hash != self.fingerprint.lower():
+            raise ValueError('Fingerprint does not match the hash of our signing key (fingerprint: %s, signing key hash: %s)' % (self.fingerprint.lower(), key_hash))
 
-      if not skip_crypto_validation:
         try:
           signed_digest = self._digest_for_signature(self.signing_key, self.signature)
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [stem/master] Test slow_listener example
Next by Author: [tor-commits] [stem/master] Test custom_path_selection example
Previous by thread: [tor-commits] [stem/master] Stub example directory tests
Next by thread: [tor-commits] [stem/master] Skip client usage tests
Index(es):
- Author
- Thread