Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003

2020-02-05 Thread Tor Bug Tracker & Wiki 
#33137: Resolve TROVE-2020-003
---+
 Reporter:  nickm  |  Owner:  asn
 Type:  defect | Status:  assigned
 Priority:  Medium |  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  043-must security  |  Actual Points:
Parent ID: | Points:  1-5?
 Reviewer: |Sponsor:
---+
Changes (by nickm):

 * owner:  (none) => asn
 * status:  new => assigned
 * points:   => 1-5?


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003

2020-02-19 Thread Tor Bug Tracker & Wiki 
#33137: Resolve TROVE-2020-003
---+
 Reporter:  nickm  |  Owner:  asn
 Type:  defect | Status:  needs_review
 Priority:  High   |  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  043-must security  |  Actual Points:
Parent ID: | Points:  1-5?
 Reviewer: |Sponsor:
---+
Changes (by nickm):

 * status:  assigned => needs_review


Comment:

 I believe this is currently in review, and has had some attention on the
 security list.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003

2020-02-24 Thread Tor Bug Tracker & Wiki 
#33137: Resolve TROVE-2020-003
---+
 Reporter:  nickm  |  Owner:  asn
 Type:  defect | Status:  needs_review
 Priority:  High   |  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  043-must security  |  Actual Points:
Parent ID: | Points:  1-5?
 Reviewer:  ahf, catalyst  |Sponsor:
---+
Changes (by dgoulet):

 * reviewer:   => ahf, catalyst


Comment:

 teor and dgoulet reviewed it on the security list.

 Adding remaining net team people to do a pass. Then nickm can decide to
 merge once satisfied with the reviews.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003

2020-03-14 Thread Tor Bug Tracker & Wiki 
#33137: Resolve TROVE-2020-003
---+
 Reporter:  nickm  |  Owner:  asn
 Type:  defect | Status:  needs_review
 Priority:  High   |  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  043-must security  |  Actual Points:
Parent ID: | Points:  1-5?
 Reviewer:  ahf, catalyst  |Sponsor:
---+

Comment (by nickm):

 This is currently looking to be "low" severity according to our analysis,
 so our policy would let us make it public before release, in accordance
 with our security policies.  I'm planning to do that Monday; please let me
 know if you don't agree.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from controller

2020-03-17 Thread Tor Bug Tracker & Wiki 
#33137: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from
controller
-+-
 Reporter:  nickm|  Owner:  asn
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  035-backport 041-backport|  Actual Points:  2
  042-backport 043-backport. 043-must security   |
Parent ID:   | Points:  1-5?
 Reviewer:  ahf, catalyst|Sponsor:
-+-

Comment (by nickm):

 This bug was originally reported by Saibato Naga.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from controller

2020-03-21 Thread Tor Bug Tracker & Wiki 
#33137: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from
controller
-+-
 Reporter:  nickm|  Owner:  asn
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  035-backport 041-backport|  Actual Points:  2
  042-backport 043-backport. 043-must security   |
Parent ID:   | Points:  1-5?
 Reviewer:  ahf, catalyst|Sponsor:
-+-

Comment (by saibato):

 Replying to [comment:7 nickm]:
 > This bug was originally reported by Saibato Naga.
 ;)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from controller

2020-03-21 Thread Tor Bug Tracker & Wiki 
#33137: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from
controller
-+-
 Reporter:  nickm|  Owner:  asn
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  035-backport 041-backport|  Actual Points:  2
  042-backport 043-backport. 043-must security   |
Parent ID:   | Points:  1-5?
 Reviewer:  ahf, catalyst|Sponsor:
-+-

Comment (by nickm):

 (Thanks again, Saibato!)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from controller (was: Resolve TROVE-2020-003)

2020-03-17 Thread Tor Bug Tracker & Wiki 
#33137: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from
controller
-+-
 Reporter:  nickm|  Owner:  asn
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  035-backport 041-backport|  Actual Points:  2
  042-backport 043-backport. 043-must security   |
Parent ID:   | Points:  1-5?
 Reviewer:  ahf, catalyst|Sponsor:
-+-
Changes (by nickm):

 * status:  needs_review => closed
 * actualpoints:   => 2
 * keywords:  043-must security => 035-backport 041-backport 042-backport
 043-backport. 043-must security
 * resolution:   => fixed


Old description:



New description:

 This bug is an assertion failure that can only be triggered by an attacker
 with access to the user's controlport: if they use ADD_ONION to pass in an
 invalid ed25519 key, then Tor will exit.

 Here is asn's analysis of the issue:
 {{{

 

 Analysis of TROVE-2020-003
 


 Summary
 


 The issue at hand is that hs_build_address() can crash with an assert
 failure
 if called with an "invalid" ed25519 public key as its 'key' argument.
 Usually
 that function is only called with valid public keys, but after the
 introduction
 of the ADD_ONION control port feature and the hs_service_add_ephemeral()
 function, it can now be called with an invalid public key and cause an
 assert
 crash.

 Tor considers an ed25519 public key to be "invalid" when it has a torsion
 component (see [TORSION-REFS] in rend-spec-v3.txt) so that phishing
 attackers
 cannot generate equivalent onion addresses for a normal onion address.
 This is
 a validation step that is usually not required for normal ed25519-based
 protocols, but it's actually necessary for the security of onion addresses
 or
 in any other place where keys or signatures are used as identifiers and
 security relies on their uniqueness.

 The validating function is ed25519_validate_pubkey() and it's currently
 used in
 two cases:
 1) for onion address validation, so that attackers cannot create
 equivalent
sets of onion addresses
 2) when dirauths validate relay ed25519 keys, for reasons unclear to me
(perhaps this check is not needed)

 Impact
 


 The impact of this bug is a local denial-of-service attack to Tor through
 an
 assert-failure.

 The particular ADD_ONION attack vector can only be triggered by an
 attacker who
 has access to the control port which assumes a local attacker. Also an
 attacker
 who has access to the control port can do various other modifications to
 Tor
 that will result in loss of security. This is the reason this bug is
 marked as
 'low' severity.

 Fix
 


 Given that ed25519 public key validity checks are usually not needed and
 (so
 far) they are only necessary for onion addesses in the Tor protocol, we
 decided
 to fix this specific bug instance without modifying the rest of the
 codebase
 (see below for other fix approaches).

 In our minimal fix we check that the pubkey in hs_service_add_ephemeral()
 is
 valid and error out otherwise.

 This will fix the issue in the current codebase but it doesn't solve it in
 the
 future if a new feature comes in which tried to do something like
 ADD_ONION, or
 if a new feature comes out which tries to use ed25519 in a non-standard
 and
 dangerous way.

 Considerations for the future
 


 ed25519 signature and public key malleability is a complex topic that
 protocol
 designers must be aware of when using ed25519 in non-standard ways in the
 protocol. In our case, we got bitten by passing ed25519 *private* keys
 around,
 but there are other theoretical cases where this can bite us. Hence,
 protocol
 designers and reviewers who work with ed25519 should be aware of such
 threats
 when creating new protocols.

 In the future, we should consider moving to signature schemes based on
 Ristretto (or others) which do not need additional optional key
 validation.

 Other fix approaches
 
==