Opened 4 years ago

Closed 4 years ago

#16581 closed defect (implemented)

Always load public master ed25519 key from disk, check for match with signing cert

Reported by: nickm Owned by:
Priority: Very High Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: TorCoreTeam201507
Cc: Actual Points:
Parent ID: #16530 Points:
Reviewer: Sponsor:

Description

The cause of bug #16530 is a still slightly murky, but one thing is apparent: we need to check harder when we like our ed25519 signing key and cert to make sure that they match our real public key as stored on disk.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by dgoulet

The goal is really to avoid generating a key, not writing it on disk and using it after assuming somehow it has been saved. Sounds like generating and writing a key to disk is a "critical path" that must be confirmed either right away and/or regularly after?

So yes, makes total sense to me to be very thorough about validating key in memory with one on disk.

comment:2 Changed 4 years ago by nickm

Status: newneeds_review

Added a branch for this as feature_16581 . It is based on top of my branch for #16582, since they touch the same code.

comment:3 Changed 4 years ago by nickm

Priority: majorcritical

comment:4 Changed 4 years ago by teor

These changes look sensible to me.

comment:5 Changed 4 years ago by nickm

Keywords: TorCoreTeam201507 added

comment:6 Changed 4 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Great; merged!

Note: See TracTickets for help on using tickets.