mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Allow listing ed25519 fingerprints on the command line
This commit is contained in:
parent
3900b19379
commit
1588767e65
5
changes/ticket33632
Normal file
5
changes/ticket33632
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Minor features (relay fingerprint, command line):
|
||||||
|
- Allow a relay operator to list the ed25519 keys on the command line
|
||||||
|
by adding the `rsa` and `ed25519` arguments to the --list-fingerprint
|
||||||
|
flag to show the respective RSA and ed25519 relay fingerprint. Closes
|
||||||
|
ticket 33632. Patch by Neel Chauhan.
|
@ -91,8 +91,9 @@ The following options in this section are only recognized on the
|
|||||||
[[opt-hash-password]] **`--hash-password`** __PASSWORD__::
|
[[opt-hash-password]] **`--hash-password`** __PASSWORD__::
|
||||||
Generate a hashed password for control port access.
|
Generate a hashed password for control port access.
|
||||||
|
|
||||||
[[opt-list-fingerprint]] **`--list-fingerprint`**::
|
[[opt-list-fingerprint]] **`--list-fingerprint`** [__key type__]::
|
||||||
Generate your keys and output your nickname and fingerprint.
|
Generate your keys and output your nickname and fingerprint. Optionally,
|
||||||
|
you can specify the key type as `rsa` (default) or `ed25519`.
|
||||||
|
|
||||||
[[opt-verify-config]] **`--verify-config`**::
|
[[opt-verify-config]] **`--verify-config`**::
|
||||||
Verify whether the configuration file is valid.
|
Verify whether the configuration file is valid.
|
||||||
|
@ -2466,6 +2466,7 @@ static const struct {
|
|||||||
.command=CMD_DUMP_CONFIG,
|
.command=CMD_DUMP_CONFIG,
|
||||||
.quiet=QUIET_SILENT },
|
.quiet=QUIET_SILENT },
|
||||||
{ .name="--list-fingerprint",
|
{ .name="--list-fingerprint",
|
||||||
|
.takes_argument=ARGUMENT_OPTIONAL,
|
||||||
.command=CMD_LIST_FINGERPRINT },
|
.command=CMD_LIST_FINGERPRINT },
|
||||||
{ .name="--keygen",
|
{ .name="--keygen",
|
||||||
.command=CMD_KEYGEN },
|
.command=CMD_KEYGEN },
|
||||||
|
@ -58,6 +58,7 @@
|
|||||||
#include "feature/stats/rephist.h"
|
#include "feature/stats/rephist.h"
|
||||||
#include "lib/compress/compress.h"
|
#include "lib/compress/compress.h"
|
||||||
#include "lib/buf/buffers.h"
|
#include "lib/buf/buffers.h"
|
||||||
|
#include "lib/crypt_ops/crypto_format.h"
|
||||||
#include "lib/crypt_ops/crypto_rand.h"
|
#include "lib/crypt_ops/crypto_rand.h"
|
||||||
#include "lib/crypt_ops/crypto_s2k.h"
|
#include "lib/crypt_ops/crypto_s2k.h"
|
||||||
#include "lib/net/resolve.h"
|
#include "lib/net/resolve.h"
|
||||||
@ -735,29 +736,52 @@ tor_remove_file(const char *filename)
|
|||||||
static int
|
static int
|
||||||
do_list_fingerprint(void)
|
do_list_fingerprint(void)
|
||||||
{
|
{
|
||||||
char buf[FINGERPRINT_LEN+1];
|
const or_options_t *options = get_options();
|
||||||
|
const char *arg = options->command_arg;
|
||||||
|
char rsa[FINGERPRINT_LEN + 1];
|
||||||
crypto_pk_t *k;
|
crypto_pk_t *k;
|
||||||
const char *nickname = get_options()->Nickname;
|
const ed25519_public_key_t *edkey;
|
||||||
|
const char *nickname = options->Nickname;
|
||||||
sandbox_disable_getaddrinfo_cache();
|
sandbox_disable_getaddrinfo_cache();
|
||||||
if (!server_mode(get_options())) {
|
|
||||||
|
bool show_rsa = !strcmp(arg, "") || !strcmp(arg, "rsa");
|
||||||
|
bool show_ed25519 = !strcmp(arg, "ed25519");
|
||||||
|
if (!show_rsa && !show_ed25519) {
|
||||||
|
log_err(LD_GENERAL,
|
||||||
|
"If you give a key type, you must specify 'rsa' or 'ed25519'. Exiting.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!server_mode(options)) {
|
||||||
log_err(LD_GENERAL,
|
log_err(LD_GENERAL,
|
||||||
"Clients don't have long-term identity keys. Exiting.");
|
"Clients don't have long-term identity keys. Exiting.");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
tor_assert(nickname);
|
tor_assert(nickname);
|
||||||
if (init_keys() < 0) {
|
if (init_keys() < 0) {
|
||||||
log_err(LD_GENERAL,"Error initializing keys; exiting.");
|
log_err(LD_GENERAL, "Error initializing keys; exiting.");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (!(k = get_server_identity_key())) {
|
if (!(k = get_server_identity_key())) {
|
||||||
log_err(LD_GENERAL,"Error: missing identity key.");
|
log_err(LD_GENERAL, "Error: missing RSA identity key.");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (crypto_pk_get_fingerprint(k, buf, 1)<0) {
|
if (crypto_pk_get_fingerprint(k, rsa, 1) < 0) {
|
||||||
log_err(LD_BUG, "Error computing fingerprint");
|
log_err(LD_BUG, "Error computing RSA fingerprint");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
printf("%s %s\n", nickname, buf);
|
if (!(edkey = get_master_identity_key())) {
|
||||||
|
log_err(LD_GENERAL,"Error: missing ed25519 identity key.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (show_rsa) {
|
||||||
|
printf("%s %s\n", nickname, rsa);
|
||||||
|
}
|
||||||
|
if (show_ed25519) {
|
||||||
|
char ed25519[ED25519_BASE64_LEN + 1];
|
||||||
|
digest256_to_base64(ed25519, (const char *) edkey->pubkey);
|
||||||
|
printf("%s %s\n", nickname, ed25519);
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user