From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 14 Jul 2015 15:27:49 +0000 (-0400)
Subject: Add more consistency checks in load_ed_keys
X-Git-Tag: tor-0.2.7.2-alpha~32^3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3fcb74e98b7247f9b35e8a5067bfa915e1705d3e;p=thirdparty%2Ftor.git

Add more consistency checks in load_ed_keys

Make sure that signing certs are signed by the right identity key,
to prevent a recurrence of #16530.  Also make sure that the master
identity key we find on disk matches the one we have in RAM, if we
have one.

This is for #16581.
---

diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 81fa1152c1..d38b5a3ba3 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -569,9 +569,24 @@ load_ed_keys(const or_options_t *options, time_t now)
       sign_signing_key_with_id = id;
   }
 
+  if (master_identity_key &&
+      !ed25519_pubkey_eq(&id->pubkey, &master_identity_key->pubkey)) {
+    FAIL("Identity key on disk does not match key we loaded earlier!");
+  }
+
   if (need_new_signing_key && NULL == sign_signing_key_with_id)
     FAIL("Can't load master key make a new signing key.");
 
+  if (sign_cert) {
+    if (! sign_cert->signing_key_included)
+      FAIL("Loaded a signing cert with no key included!");
+    if (! ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey))
+      FAIL("The signing cert we have was not signed with the master key "
+           "we loaded!");
+    if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0)
+      FAIL("The signing cert we loaded was not signed correctly!");
+  }
+
   if (want_new_signing_key && sign_signing_key_with_id) {
     uint32_t flags = (INIT_ED_KEY_CREATE|
                       INIT_ED_KEY_REPLACE|
@@ -589,6 +604,10 @@ load_ed_keys(const or_options_t *options, time_t now)
     if (!sign)
       FAIL("Missing signing key");
     use_signing = sign;
+
+    tor_assert(sign_cert->signing_key_included);
+    tor_assert(ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey));
+    tor_assert(ed25519_pubkey_eq(&sign_cert->signed_key, &sign->pubkey));
   } else if (want_new_signing_key) {
     static ratelim_t missing_master = RATELIM_INIT(3600);
     log_fn_ratelim(&missing_master, LOG_WARN, LD_OR,
diff --git a/src/or/torcert.c b/src/or/torcert.c
index f028910a70..596cd2be31 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -181,9 +181,10 @@ tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,
   return 0;
 }
 
-/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to
- * the current time <b>now</b>.  Return 0 on success, -1 on failure.
- * Sets flags in <b>cert</b> as appropriate.
+/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to the
+ * current time <b>now</b>.  (If <b>now</b> is 0, do not check the expiration
+ * time.) Return 0 on success, -1 on failure.  Sets flags in <b>cert</b> as
+ * appropriate.
  */
 int
 tor_cert_checksig(tor_cert_t *cert,
@@ -192,7 +193,7 @@ tor_cert_checksig(tor_cert_t *cert,
   ed25519_checkable_t checkable;
   int okay;
 
-  if (now > cert->valid_until) {
+  if (now && now > cert->valid_until) {
     cert->cert_expired = 1;
     return -1;
   }