Allow listing ed25519 fingerprints on the command line

This commit is contained in:
Neel Chauhan 2020-10-20 16:13:26 -07:00 committed by David Goulet
parent 3900b19379
commit 1588767e65
4 changed files with 41 additions and 10 deletions

5
changes/ticket33632 Normal file
View File

@ -0,0 +1,5 @@
o Minor features (relay fingerprint, command line):
- Allow a relay operator to list the ed25519 keys on the command line
by adding the `rsa` and `ed25519` arguments to the --list-fingerprint
flag to show the respective RSA and ed25519 relay fingerprint. Closes
ticket 33632. Patch by Neel Chauhan.

View File

@ -91,8 +91,9 @@ The following options in this section are only recognized on the
[[opt-hash-password]] **`--hash-password`** __PASSWORD__:: [[opt-hash-password]] **`--hash-password`** __PASSWORD__::
Generate a hashed password for control port access. Generate a hashed password for control port access.
[[opt-list-fingerprint]] **`--list-fingerprint`**:: [[opt-list-fingerprint]] **`--list-fingerprint`** [__key type__]::
Generate your keys and output your nickname and fingerprint. Generate your keys and output your nickname and fingerprint. Optionally,
you can specify the key type as `rsa` (default) or `ed25519`.
[[opt-verify-config]] **`--verify-config`**:: [[opt-verify-config]] **`--verify-config`**::
Verify whether the configuration file is valid. Verify whether the configuration file is valid.

View File

@ -2466,6 +2466,7 @@ static const struct {
.command=CMD_DUMP_CONFIG, .command=CMD_DUMP_CONFIG,
.quiet=QUIET_SILENT }, .quiet=QUIET_SILENT },
{ .name="--list-fingerprint", { .name="--list-fingerprint",
.takes_argument=ARGUMENT_OPTIONAL,
.command=CMD_LIST_FINGERPRINT }, .command=CMD_LIST_FINGERPRINT },
{ .name="--keygen", { .name="--keygen",
.command=CMD_KEYGEN }, .command=CMD_KEYGEN },

View File

@ -58,6 +58,7 @@
#include "feature/stats/rephist.h" #include "feature/stats/rephist.h"
#include "lib/compress/compress.h" #include "lib/compress/compress.h"
#include "lib/buf/buffers.h" #include "lib/buf/buffers.h"
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_s2k.h" #include "lib/crypt_ops/crypto_s2k.h"
#include "lib/net/resolve.h" #include "lib/net/resolve.h"
@ -735,29 +736,52 @@ tor_remove_file(const char *filename)
static int static int
do_list_fingerprint(void) do_list_fingerprint(void)
{ {
char buf[FINGERPRINT_LEN+1]; const or_options_t *options = get_options();
const char *arg = options->command_arg;
char rsa[FINGERPRINT_LEN + 1];
crypto_pk_t *k; crypto_pk_t *k;
const char *nickname = get_options()->Nickname; const ed25519_public_key_t *edkey;
const char *nickname = options->Nickname;
sandbox_disable_getaddrinfo_cache(); sandbox_disable_getaddrinfo_cache();
if (!server_mode(get_options())) {
bool show_rsa = !strcmp(arg, "") || !strcmp(arg, "rsa");
bool show_ed25519 = !strcmp(arg, "ed25519");
if (!show_rsa && !show_ed25519) {
log_err(LD_GENERAL,
"If you give a key type, you must specify 'rsa' or 'ed25519'. Exiting.");
return -1;
}
if (!server_mode(options)) {
log_err(LD_GENERAL, log_err(LD_GENERAL,
"Clients don't have long-term identity keys. Exiting."); "Clients don't have long-term identity keys. Exiting.");
return -1; return -1;
} }
tor_assert(nickname); tor_assert(nickname);
if (init_keys() < 0) { if (init_keys() < 0) {
log_err(LD_GENERAL,"Error initializing keys; exiting."); log_err(LD_GENERAL, "Error initializing keys; exiting.");
return -1; return -1;
} }
if (!(k = get_server_identity_key())) { if (!(k = get_server_identity_key())) {
log_err(LD_GENERAL,"Error: missing identity key."); log_err(LD_GENERAL, "Error: missing RSA identity key.");
return -1; return -1;
} }
if (crypto_pk_get_fingerprint(k, buf, 1)<0) { if (crypto_pk_get_fingerprint(k, rsa, 1) < 0) {
log_err(LD_BUG, "Error computing fingerprint"); log_err(LD_BUG, "Error computing RSA fingerprint");
return -1; return -1;
} }
printf("%s %s\n", nickname, buf); if (!(edkey = get_master_identity_key())) {
log_err(LD_GENERAL,"Error: missing ed25519 identity key.");
return -1;
}
if (show_rsa) {
printf("%s %s\n", nickname, rsa);
}
if (show_ed25519) {
char ed25519[ED25519_BASE64_LEN + 1];
digest256_to_base64(ed25519, (const char *) edkey->pubkey);
printf("%s %s\n", nickname, ed25519);
}
return 0; return 0;
} }