vincenzopalazzo
/
arti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netdoc: use new router object parsing API for RSA public keys.

This commit is contained in:
Nick Mathewson 2020-05-15 11:18:32 -04:00
parent f6dd702316
commit 332b9de542
1 changed files with 12 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
tor-netdoc/src/routerdesc.rs
View File

@ -315,20 +315,12 @@ impl RouterDesc {
let mut expiry = identity_cert.get_expiry(); let mut expiry = identity_cert.get_expiry();
// Legacy RSA identity // Legacy RSA identity
let rsa_identity = { let rsa_identity: ll::pk::rsa::PublicKey = body
let ident_tok = body.get_required(SIGNING_KEY)?; .get_required(SIGNING_KEY)?
let ident_val = ident_tok.get_obj("RSA PUBLIC KEY")?; .parse_obj::<RSAPublic>("RSA PUBLIC KEY")?
let k = ll::pk::rsa::PublicKey::from_der(&ident_val).ok_or_else(|| { .check_len_eq(1024)?
Error::BadObjectVal(ident_tok.pos(), "invalid RSA key".to_string()) .check_exponent(65537)?
})?; .into();
if k.bits() != 1024 || !k.exponent_is(65537) {
return Err(Error::BadObjectVal(
ident_tok.pos(),
"invalid RSA parameters".to_string(),
));
}
k
};
let ed_sig = sig.get_required(ROUTER_SIG_ED25519)?; let ed_sig = sig.get_required(ROUTER_SIG_ED25519)?;
let rsa_sig = sig.get_required(ROUTER_SIGNATURE)?; let rsa_sig = sig.get_required(ROUTER_SIGNATURE)?;
@ -433,20 +425,12 @@ impl RouterDesc {
} }
// TAP key // TAP key
let tap_onion_key = { let tap_onion_key: ll::pk::rsa::PublicKey = body
let k_tok = body.get_required(ONION_KEY)?; .get_required(ONION_KEY)?
let k_val = k_tok.get_obj("RSA PUBLIC KEY")?; .parse_obj::<RSAPublic>("RSA PUBLIC KEY")?
let k = ll::pk::rsa::PublicKey::from_der(&k_val) .check_len_eq(1024)?
.ok_or_else(|| Error::BadObjectVal(k_tok.pos(), "invalid RSA key".to_string()))?; .check_exponent(65537)?
if k.bits() != 1024 || !k.exponent_is(65537) { .into();
return Err(Error::BadObjectVal(
k_tok.pos(),
"invalid RSA parameters".to_string(),
));
}
k
};
// TAP crosscert // TAP crosscert
{ {