nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

sign directories with the signing key

Browse Source 
svn:r274
This commit is contained in:
Roger Dingledine 2003-05-07 22:40:03 +00:00
parent 0f17d09066
commit 2c7e660c62
7 changed files with 49 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/or/command.c
View File

@ -52,7 +52,6 @@ void command_process_cell(cell_t *cell, connection_t *conn) {
current_second = now.tv_sec; current_second = now.tv_sec;
} }
log(LOG_DEBUG,"command_process_cell(): Examining cell type %d.", cell->command);
switch(cell->command) { switch(cell->command) {
case CELL_PADDING: case CELL_PADDING:
/* do nothing */ /* do nothing */

11
src/or/config.c
View File

@ -176,6 +176,7 @@ void config_assign(or_options_t *options, struct config_line *list) {
/* string options */ /* string options */
config_compare(list, "LogLevel", CONFIG_TYPE_STRING, &options->LogLevel) || config_compare(list, "LogLevel", CONFIG_TYPE_STRING, &options->LogLevel) ||
config_compare(list, "PrivateKeyFile", CONFIG_TYPE_STRING, &options->PrivateKeyFile) || config_compare(list, "PrivateKeyFile", CONFIG_TYPE_STRING, &options->PrivateKeyFile) ||
config_compare(list, "SigningPrivateKeyFile", CONFIG_TYPE_STRING, &options->SigningPrivateKeyFile) ||
config_compare(list, "RouterFile", CONFIG_TYPE_STRING, &options->RouterFile) || config_compare(list, "RouterFile", CONFIG_TYPE_STRING, &options->RouterFile) ||
/* int options */ /* int options */
@ -271,9 +272,10 @@ int getconfig(int argc, char **argv, or_options_t *options) {
if (options->loglevel == LOG_DEBUG) { if (options->loglevel == LOG_DEBUG) {
printf("LogLevel=%s\n", printf("LogLevel=%s\n",
options->LogLevel); options->LogLevel);
printf("RouterFile=%s, PrivateKeyFile=%s\n", printf("RouterFile=%s, PrivateKeyFile=%s, SigningPrivateKeyFile=%s\n",
options->RouterFile ? options->RouterFile : "(undefined)", options->RouterFile ? options->RouterFile : "(undefined)",
options->PrivateKeyFile ? options->PrivateKeyFile : "(undefined)"); options->PrivateKeyFile ? options->PrivateKeyFile : "(undefined)",
options->SigningPrivateKeyFile ? options->SigningPrivateKeyFile : "(undefined)");
printf("ORPort=%d, OPPort=%d, APPort=%d DirPort=%d\n", printf("ORPort=%d, OPPort=%d, APPort=%d DirPort=%d\n",
options->ORPort,options->OPPort, options->ORPort,options->OPPort,
options->APPort,options->DirPort); options->APPort,options->DirPort);
@ -328,6 +330,11 @@ int getconfig(int argc, char **argv, or_options_t *options) {
result = -1; result = -1;
} }
if(options->DirPort > 0 && options->SigningPrivateKeyFile == NULL) {
log(LOG_ERR,"SigningPrivateKeyFile option required for DirServer, but not found.");
result = -1;
}
if(options->OPPort < 0) { if(options->OPPort < 0) {
log(LOG_ERR,"OPPort option can't be negative."); log(LOG_ERR,"OPPort option can't be negative.");
result = -1; result = -1;

2
src/or/connection_op.c
View File

@ -51,7 +51,7 @@ int op_handshake_process_keys(connection_t *conn) {
log(LOG_DEBUG,"op_handshake_process_keys() : Received auth."); log(LOG_DEBUG,"op_handshake_process_keys() : Received auth.");
/* decrypt response */ /* decrypt response */
retval = crypto_pk_private_decrypt(getprivatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING); retval = crypto_pk_private_decrypt(get_privatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
if (retval == -1) if (retval == -1)
{ {
log(LOG_ERR,"Decrypting keys from new OP failed."); log(LOG_ERR,"Decrypting keys from new OP failed.");

6
src/or/connection_or.c
View File

@ -464,7 +464,7 @@ int or_handshake_client_process_auth(connection_t *conn) {
log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth."); log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth.");
/* decrypt response */ /* decrypt response */
retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING); retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
if (retval == -1) if (retval == -1)
{ {
log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.", log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
@ -572,7 +572,7 @@ int or_handshake_server_process_auth(connection_t *conn) {
log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth."); log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth.");
/* decrypt response */ /* decrypt response */
retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING); retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
if (retval == -1) if (retval == -1)
{ {
log(LOG_ERR,"or_handshake_server_process_auth: Public-key decryption failed."); log(LOG_ERR,"or_handshake_server_process_auth: Public-key decryption failed.");
@ -691,7 +691,7 @@ int or_handshake_server_process_nonce(connection_t *conn) {
log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth."); log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth.");
/* decrypt response */ /* decrypt response */
retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf,RSA_PKCS1_PADDING); retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
if (retval == -1) if (retval == -1)
{ {
log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.", log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",

37
src/or/main.c
View File

@ -19,21 +19,31 @@ static int please_dumpstats=0; /* whether we should dump stats during the loop *
static int please_fetch_directory=0; /* whether we should fetch a new directory */ static int please_fetch_directory=0; /* whether we should fetch a new directory */
/* private key */ /* private key */
static crypto_pk_env_t *privatekey; static crypto_pk_env_t *privatekey=NULL;
static crypto_pk_env_t *signing_privatekey=NULL;
routerinfo_t *my_routerinfo=NULL; routerinfo_t *my_routerinfo=NULL;
/********* END VARIABLES ************/ /********* END VARIABLES ************/
void setprivatekey(crypto_pk_env_t *k) { void set_privatekey(crypto_pk_env_t *k) {
privatekey = k; privatekey = k;
} }
crypto_pk_env_t *getprivatekey(void) { crypto_pk_env_t *get_privatekey(void) {
assert(privatekey); assert(privatekey);
return privatekey; return privatekey;
} }
void set_signing_privatekey(crypto_pk_env_t *k) {
signing_privatekey = k;
}
crypto_pk_env_t *get_signing_privatekey(void) {
assert(signing_privatekey);
return signing_privatekey;
}
/**************************************************************************** /****************************************************************************
* *
* This section contains accessors and other methods on the connection_array * This section contains accessors and other methods on the connection_array
@ -431,12 +441,25 @@ int do_main_loop(void) {
log(LOG_ERR,"Error creating a crypto environment."); log(LOG_ERR,"Error creating a crypto environment.");
return -1; return -1;
} }
if (crypto_pk_read_private_key_from_filename(prkey, options.PrivateKeyFile)) if (crypto_pk_read_private_key_from_filename(prkey, options.PrivateKeyFile)) {
{
log(LOG_ERR,"Error loading private key."); log(LOG_ERR,"Error loading private key.");
return -1; return -1;
} }
setprivatekey(prkey); set_privatekey(prkey);
}
/* load the private key, if we're supposed to have one */
if(options.DirPort) {
prkey = crypto_new_pk_env(CRYPTO_PK_RSA);
if (!prkey) {
log(LOG_ERR,"Error creating a crypto environment.");
return -1;
}
if (crypto_pk_read_private_key_from_filename(prkey, options.SigningPrivateKeyFile)) {
log(LOG_ERR,"Error loading private key.");
return -1;
}
set_signing_privatekey(prkey);
} }
/* start up the necessary connections based on which ports are /* start up the necessary connections based on which ports are
@ -684,7 +707,7 @@ dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir,
if (crypto_SHA_digest(s, i, digest)) if (crypto_SHA_digest(s, i, digest))
return -1; return -1;
if (crypto_pk_private_sign(private_key, digest, 20, signature) < 0) if (crypto_pk_private_sign(get_signing_privatekey(), digest, 20, signature) < 0)
return -1; return -1;
strncpy(cp, strncpy(cp,

2
src/or/onion.c
View File

@ -190,7 +190,7 @@ static int onionskin_process(circuit_t *circ) {
log(LOG_DEBUG,"onionskin_process(): Entering."); log(LOG_DEBUG,"onionskin_process(): Entering.");
if(onion_skin_server_handshake(circ->onionskin, getprivatekey(), if(onion_skin_server_handshake(circ->onionskin, get_privatekey(),
cell.payload, keys, 32) < 0) { cell.payload, keys, 32) < 0) {
log(LOG_ERR,"onionskin_process(): onion_skin_server_handshake failed."); log(LOG_ERR,"onionskin_process(): onion_skin_server_handshake failed.");
return -1; return -1;

7
src/or/or.h
View File

@ -406,6 +406,7 @@ struct onion_queue_t {
typedef struct { typedef struct {
char *LogLevel; char *LogLevel;
char *RouterFile; char *RouterFile;
char *SigningPrivateKeyFile;
char *PrivateKeyFile; char *PrivateKeyFile;
double CoinWeight; double CoinWeight;
int Daemon; int Daemon;
@ -711,8 +712,10 @@ int dns_master_start(void);
/********************************* main.c ***************************/ /********************************* main.c ***************************/
void setprivatekey(crypto_pk_env_t *k); void set_privatekey(crypto_pk_env_t *k);
crypto_pk_env_t *getprivatekey(void); crypto_pk_env_t *get_privatekey(void);
void set_signing_privatekey(crypto_pk_env_t *k);
crypto_pk_env_t *get_signing_privatekey(void);
int connection_add(connection_t *conn); int connection_add(connection_t *conn);
int connection_remove(connection_t *conn); int connection_remove(connection_t *conn);
void connection_set_poll_socket(connection_t *conn); void connection_set_poll_socket(connection_t *conn);