diff --git a/src/or/hs_common.c b/src/or/hs_common.c index f10fc4d5a4..6fe6b82f5e 100644 --- a/src/or/hs_common.c +++ b/src/or/hs_common.c @@ -918,22 +918,31 @@ hs_address_is_valid(const char *address) uint8_t version; uint8_t checksum[HS_SERVICE_ADDR_CHECKSUM_LEN_USED]; uint8_t target_checksum[DIGEST256_LEN]; - ed25519_public_key_t key; + ed25519_public_key_t service_pubkey; /* Parse the decoded address into the fields we need. */ - if (hs_parse_address(address, &key, checksum, &version) < 0) { + if (hs_parse_address(address, &service_pubkey, checksum, &version) < 0) { goto invalid; } /* Get the checksum it's suppose to be and compare it with what we have * encoded in the address. */ - build_hs_checksum(&key, version, target_checksum); + build_hs_checksum(&service_pubkey, version, target_checksum); if (tor_memcmp(checksum, target_checksum, sizeof(checksum))) { log_warn(LD_REND, "Service address %s invalid checksum.", escaped_safe_str(address)); goto invalid; } + /* Validate that this pubkey does not have a torsion component. We need to do + * this on the prop224 client-side so that attackers can't give equivalent + * forms of an onion address to users. */ + if (ed25519_validate_pubkey(&service_pubkey) < 0) { + log_warn(LD_REND, "Service address %s has bad pubkey .", + escaped_safe_str(address)); + goto invalid; + } + /* Valid address. */ return 1; invalid: diff --git a/src/test/hs_build_address.py b/src/test/hs_build_address.py index 7be9c8b85a..7ff22c3a9a 100644 --- a/src/test/hs_build_address.py +++ b/src/test/hs_build_address.py @@ -21,8 +21,9 @@ if TEST_VALUE != sha3.sha3_256(b"Hello World").hexdigest(): # Checksum is built like so: # CHECKSUM = SHA3(".onion checksum" || PUBKEY || VERSION) PREFIX = ".onion checksum".encode() -# 32 bytes ed25519 pubkey. -PUBKEY = ("\x42" * 32).encode() +# 32 bytes ed25519 pubkey from first test vector of +# https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02#section-6 +PUBKEY = "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a".decode('hex') # Version 3 is proposal224 VERSION = 3 diff --git a/src/test/test_entryconn.c b/src/test/test_entryconn.c index 2d28f1d428..18b5fcc35e 100644 --- a/src/test/test_entryconn.c +++ b/src/test/test_entryconn.c @@ -801,7 +801,7 @@ test_entryconn_rewrite_onion_v3(void *arg) /* Make a SOCKS request */ conn->socks_request->command = SOCKS_COMMAND_CONNECT; strlcpy(conn->socks_request->address, - "git.p3xnclpu4mu22dwaurjtsybyqk4xfjmcfz6z62yl24uwmhjatiwnlnad.onion", + "git.25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid.onion", sizeof(conn->socks_request->address)); /* Make an onion connection using the SOCKS request */ @@ -818,7 +818,7 @@ test_entryconn_rewrite_onion_v3(void *arg) tt_int_op(ENTRY_TO_CONN(conn)->state, OP_EQ, AP_CONN_STATE_CIRCUIT_WAIT); /* check that the address got rewritten */ tt_str_op(conn->socks_request->address, OP_EQ, - "p3xnclpu4mu22dwaurjtsybyqk4xfjmcfz6z62yl24uwmhjatiwnlnad"); + "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid"); /* check that HS information got attached to the connection */ tt_assert(ENTRY_TO_EDGE_CONN(conn)->hs_ident); tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data); diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index da592eb08f..dc146326b8 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -77,7 +77,7 @@ test_validate_address(void *arg) /* Valid address. */ ret = hs_address_is_valid( - "p3xnclpu4mu22dwaurjtsybyqk4xfjmcfz6z62yl24uwmhjatiwnlnad"); + "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid"); tt_int_op(ret, OP_EQ, 1); done: @@ -90,19 +90,23 @@ mock_write_str_to_file(const char *path, const char *str, int bin) (void)bin; tt_str_op(path, OP_EQ, "/double/five"PATH_SEPARATOR"squared"); tt_str_op(str, OP_EQ, - "ijbeeqscijbeeqscijbeeqscijbeeqscijbeeqscijbeeqscijbezhid.onion\n"); + "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid.onion\n"); done: return 0; } -/** Test building HS v3 onion addresses */ +/** Test building HS v3 onion addresses. Uses test vectors from the + * ./hs_build_address.py script. */ static void test_build_address(void *arg) { int ret; char onion_addr[HS_SERVICE_ADDR_LEN_BASE32 + 1]; ed25519_public_key_t pubkey; + /* hex-encoded ed25519 pubkey used in hs_build_address.py */ + char pubkey_hex[] = + "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"; hs_service_t *service = NULL; (void) arg; @@ -112,11 +116,11 @@ test_build_address(void *arg) /* The following has been created with hs_build_address.py script that * follows proposal 224 specification to build an onion address. */ static const char *test_addr = - "ijbeeqscijbeeqscijbeeqscijbeeqscijbeeqscijbeeqscijbezhid"; + "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid"; - /* Let's try to build the same onion address that the script can do. Key is - * a long set of very random \x42 :). */ - memset(&pubkey, '\x42', sizeof(pubkey)); + /* Let's try to build the same onion address as the script */ + base16_decode((char*)pubkey.pubkey, sizeof(pubkey.pubkey), + pubkey_hex, strlen(pubkey_hex)); hs_build_address(&pubkey, HS_VERSION_THREE, onion_addr); tt_str_op(test_addr, OP_EQ, onion_addr); /* Validate that address. */ @@ -474,9 +478,13 @@ test_desc_reupload_logic(void *arg) /* Let's start by building our descriptor and service */ hs_service_descriptor_t *desc = service_descriptor_new(); hs_service_t *service = NULL; + /* hex-encoded ed25519 pubkey used in hs_build_address.py */ + char pubkey_hex[] = + "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"; char onion_addr[HS_SERVICE_ADDR_LEN_BASE32 + 1]; ed25519_public_key_t pubkey; - memset(&pubkey, '\x42', sizeof(pubkey)); + base16_decode((char*)pubkey.pubkey, sizeof(pubkey.pubkey), + pubkey_hex, strlen(pubkey_hex)); hs_build_address(&pubkey, HS_VERSION_THREE, onion_addr); service = tor_malloc_zero(sizeof(hs_service_t)); memcpy(service->onion_address, onion_addr, sizeof(service->onion_address)); @@ -758,7 +766,7 @@ test_parse_extended_hostname(void *arg) char address6[] = "foo.bar.abcdefghijklmnop.onion"; char address7[] = ".abcdefghijklmnop.onion"; char address8[] = - "www.p3xnclpu4mu22dwaurjtsybyqk4xfjmcfz6z62yl24uwmhjatiwnlnad.onion"; + "www.25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid.onion"; tt_assert(BAD_HOSTNAME == parse_extended_hostname(address1)); tt_assert(ONION_V2_HOSTNAME == parse_extended_hostname(address2)); @@ -772,7 +780,7 @@ test_parse_extended_hostname(void *arg) tt_assert(BAD_HOSTNAME == parse_extended_hostname(address7)); tt_assert(ONION_V3_HOSTNAME == parse_extended_hostname(address8)); tt_str_op(address8, OP_EQ, - "p3xnclpu4mu22dwaurjtsybyqk4xfjmcfz6z62yl24uwmhjatiwnlnad"); + "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid"); done: ; }