commit b487951b3a21b758b94baf23eaac54182cf6bdec
Author: Damian Johnson <ata...@torproject.org>
Date: Sat Sep 26 15:13:24 2020 -0700
Fix server descriptor fingerprint crypto check
Fixing a server descriptor bug where checking our fingerprint didn't honor
our
skip_crypto_validation argument. This bug made it difficult to create
descriptors with a preset fingerprint...
>>> RelayDescriptor.create({'fingerprint': '4F0C 867D F0EF 6816 0568 C826
838F 482C EA7C FE44'})
...
ValueError: Fingerprint does not match the hash of our signing key
(fingerprint: 4f0c867df0ef68160568c826838f482cea7cfe44, signing key hash:
8f54270a36526ab35895d5f899b6ae4059faecb3)
---
stem/descriptor/server_descriptor.py | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/stem/descriptor/server_descriptor.py
b/stem/descriptor/server_descriptor.py
index e49688e1..baa14969 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -762,13 +762,13 @@ class RelayDescriptor(ServerDescriptor):
super(RelayDescriptor, self).__init__(raw_contents, validate)
if validate:
- if self.fingerprint:
- key_hash = hashlib.sha1(_bytes_for_block(self.signing_key)).hexdigest()
+ if not skip_crypto_validation:
+ if self.fingerprint:
+ key_hash =
hashlib.sha1(_bytes_for_block(self.signing_key)).hexdigest()
- if key_hash != self.fingerprint.lower():
- raise ValueError('Fingerprint does not match the hash of our signing
key (fingerprint: %s, signing key hash: %s)' % (self.fingerprint.lower(),
key_hash))
+ if key_hash != self.fingerprint.lower():
+ raise ValueError('Fingerprint does not match the hash of our
signing key (fingerprint: %s, signing key hash: %s)' %
(self.fingerprint.lower(), key_hash))
- if not skip_crypto_validation:
try:
signed_digest = self._digest_for_signature(self.signing_key,
self.signature)
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
