[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.4.3] hs-v3: Change all-zeroes hard-assert to a BUG-and-err.
commit f2f718bca504d0fe1cce566185f8c17e23862335
Author: George Kadianakis <desnacked@xxxxxxxxxx>
Date: Mon Mar 30 16:33:30 2020 +0300
hs-v3: Change all-zeroes hard-assert to a BUG-and-err.
And also disallow all-zeroes keys from the filesystem; add a test for it too.
---
src/feature/hs/hs_client.c | 7 +++++++
src/feature/hs/hs_descriptor.c | 8 ++++++--
src/test/test_hs_client.c | 4 ++++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index af8cb0b41..da1202b64 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -2132,6 +2132,13 @@ parse_auth_file_content(const char *client_key_str)
"can't be decoded: %s", seckey_b32);
goto err;
}
+
+ if (fast_mem_is_zero((const char*)auth->enc_seckey.secret_key,
+ sizeof(auth->enc_seckey.secret_key))) {
+ log_warn(LD_REND, "Client authorization private key can't be all-zeroes");
+ goto err;
+ }
+
strncpy(auth->onion_address, onion_address, HS_SERVICE_ADDR_LEN_BASE32);
/* We are reading this from the disk, so set the permanent flag anyway. */
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index 65d6c7a58..27823aa79 100644
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -1424,10 +1424,14 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc,
tor_assert(!fast_mem_is_zero(
(char *) &desc->superencrypted_data.auth_ephemeral_pubkey,
sizeof(desc->superencrypted_data.auth_ephemeral_pubkey)));
- tor_assert(!fast_mem_is_zero((char *) client_auth_sk,
- sizeof(*client_auth_sk)));
tor_assert(!fast_mem_is_zero((char *) desc->subcredential, DIGEST256_LEN));
+ /* Catch potential code-flow cases of an unitialized private key sneaking
+ * into this function. */
+ if (BUG(fast_mem_is_zero((char *)client_auth_sk, sizeof(*client_auth_sk)))) {
+ goto done;
+ }
+
/* Get the KEYS component to derive the CLIENT-ID and COOKIE-KEY. */
keystream_length =
build_descriptor_cookie_keys(desc->subcredential, DIGEST256_LEN,
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 5f7fe9c40..4d938e463 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -732,6 +732,10 @@ test_parse_auth_file_content(void *arg)
/* Bigger key than it should be */
tt_assert(!parse_auth_file_content("xx:descriptor:x25519:"
"vjqea4jbhwwc4hto7ekyvqfbeodghbaq6nxi45hz4wr3qvhqv3yqa"));
+ /* All-zeroes key */
+ tt_assert(!parse_auth_file_content("xx:descriptor:x25519:"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"));
+
done:
tor_free(auth);
}
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits