[tor-commits] [stem/master] Fix server descriptor fingerprint crypto check

atagar at torproject.org atagar at torproject.org
Fri Oct 2 23:16:05 UTC 2020


commit b487951b3a21b758b94baf23eaac54182cf6bdec
Author: Damian Johnson <atagar at torproject.org>
Date:   Sat Sep 26 15:13:24 2020 -0700

    Fix server descriptor fingerprint crypto check
    
    Fixing a server descriptor bug where checking our fingerprint didn't honor our
    skip_crypto_validation argument. This bug made it difficult to create
    descriptors with a preset fingerprint...
    
      >>> RelayDescriptor.create({'fingerprint': '4F0C 867D F0EF 6816 0568 C826 838F 482C EA7C FE44'})
      ...
      ValueError: Fingerprint does not match the hash of our signing key
      (fingerprint: 4f0c867df0ef68160568c826838f482cea7cfe44, signing key hash:
      8f54270a36526ab35895d5f899b6ae4059faecb3)
---
 stem/descriptor/server_descriptor.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index e49688e1..baa14969 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -762,13 +762,13 @@ class RelayDescriptor(ServerDescriptor):
     super(RelayDescriptor, self).__init__(raw_contents, validate)
 
     if validate:
-      if self.fingerprint:
-        key_hash = hashlib.sha1(_bytes_for_block(self.signing_key)).hexdigest()
+      if not skip_crypto_validation:
+        if self.fingerprint:
+          key_hash = hashlib.sha1(_bytes_for_block(self.signing_key)).hexdigest()
 
-        if key_hash != self.fingerprint.lower():
-          raise ValueError('Fingerprint does not match the hash of our signing key (fingerprint: %s, signing key hash: %s)' % (self.fingerprint.lower(), key_hash))
+          if key_hash != self.fingerprint.lower():
+            raise ValueError('Fingerprint does not match the hash of our signing key (fingerprint: %s, signing key hash: %s)' % (self.fingerprint.lower(), key_hash))
 
-      if not skip_crypto_validation:
         try:
           signed_digest = self._digest_for_signature(self.signing_key, self.signature)
 





More information about the tor-commits mailing list