aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2017-05-30 10:27:42 -0400
committerDavid Goulet <dgoulet@torproject.org>2017-05-30 10:27:42 -0400
commit5b33d95a3dfe943625d78983bb53be2901a51150 (patch)
tree9c28a3511f44a2f03eb9ec302ee5db3e527efcd1 /src
parent83439e78cc08f5a05d314de4409e69aa6d1601d7 (diff)
downloadtor-5b33d95a3dfe943625d78983bb53be2901a51150.tar.gz
tor-5b33d95a3dfe943625d78983bb53be2901a51150.zip
hs: Correctly validate v3 descriptor encrypted length
The encrypted_data_length_is_valid() function wasn't validating correctly the length of the encrypted data of a v3 descriptor. The side effect of this is that an HSDir was rejecting the descriptor and ultimately not storing it. Fixes #22447 Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src')
-rw-r--r--src/or/hs_descriptor.c23
-rw-r--r--src/test/test_hs_descriptor.c5
2 files changed, 6 insertions, 22 deletions
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index f16a2fdc14..938b7a77df 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -1023,30 +1023,15 @@ cert_parse_and_validate(tor_cert_t **cert_out, const char *data,
STATIC int
encrypted_data_length_is_valid(size_t len)
{
- /* Check for the minimum length possible. */
- if (len < HS_DESC_ENCRYPTED_MIN_LEN) {
+ /* Make sure there is enough data for the salt and the mac. The equality is
+ * there to ensure that there is at least one byte of encrypted data. */
+ if (len <= HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN) {
log_warn(LD_REND, "Length of descriptor's encrypted data is too small. "
"Got %lu but minimum value is %d",
- (unsigned long)len, HS_DESC_ENCRYPTED_MIN_LEN);
+ (unsigned long)len, HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN);
goto err;
}
- /* Encrypted data has the salt and MAC concatenated to it so remove those
- * from the validation calculation. */
- len -= HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
-
- /* Check that it's aligned on the block size of the crypto algorithm. */
- if (len % HS_DESC_PLAINTEXT_PADDING_MULTIPLE) {
- log_warn(LD_REND, "Length of descriptor's encrypted data is invalid. "
- "Got %lu which is not a multiple of %d.",
- (unsigned long) len, HS_DESC_PLAINTEXT_PADDING_MULTIPLE);
- goto err;
- }
-
- /* XXX: Check maximum size. Will strongly depends on the maximum intro point
- * allowed we decide on and probably if they will all have to use the legacy
- * key which is bigger than the ed25519 key. */
-
return 1;
err:
return 0;
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index 02a71aa473..97fe1910b8 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -587,9 +587,8 @@ test_encrypted_data_len(void *arg)
/* No length, error. */
ret = encrypted_data_length_is_valid(0);
tt_int_op(ret, OP_EQ, 0);
- /* Not a multiple of our encryption algorithm (thus no padding). It's
- * suppose to be aligned on HS_DESC_PLAINTEXT_PADDING_MULTIPLE. */
- value = HS_DESC_PLAINTEXT_PADDING_MULTIPLE * 10 - 1;
+ /* This value is missing data. */
+ value = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
ret = encrypted_data_length_is_valid(value);
tt_int_op(ret, OP_EQ, 0);
/* Valid value. */