diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/hs_client.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/or/hs_client.c b/src/or/hs_client.c index 77348f23e2..71186b2619 100644 --- a/src/or/hs_client.c +++ b/src/or/hs_client.c @@ -800,6 +800,7 @@ hs_client_decode_descriptor(const char *desc_str, { int ret; uint8_t subcredential[DIGEST256_LEN]; + ed25519_public_key_t blinded_pubkey; tor_assert(desc_str); tor_assert(service_identity_pk); @@ -807,7 +808,6 @@ hs_client_decode_descriptor(const char *desc_str, /* Create subcredential for this HS so that we can decrypt */ { - ed25519_public_key_t blinded_pubkey; uint64_t current_time_period = hs_get_time_period_num(approx_time()); hs_build_blinded_pubkey(service_identity_pk, NULL, 0, current_time_period, &blinded_pubkey); @@ -822,6 +822,16 @@ hs_client_decode_descriptor(const char *desc_str, goto err; } + /* Make sure the descriptor signing key cross certifies with the computed + * blinded key. Without this validation, anyone knowing the subcredential + * and onion address can forge a descriptor. */ + if (tor_cert_checksig((*desc)->plaintext_data.signing_key_cert, + &blinded_pubkey, approx_time()) < 0) { + log_warn(LD_GENERAL, "Descriptor signing key certificate signature " + "doesn't validate with computed blinded key."); + goto err; + } + return 0; err: return -1; |