From 8b2f6b27fdc03f12d092d37c42d1995ff7426916 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 14 Sep 2009 11:57:19 -0400 Subject: [PATCH] Make signature-generation code handle different key and digest lengths. --- src/or/dirserv.c | 9 ++++++--- src/or/dirvote.c | 6 +++--- src/or/or.h | 1 + src/or/rendcommon.c | 3 ++- src/or/router.c | 5 +++-- src/or/routerparse.c | 9 +++++---- 6 files changed, 20 insertions(+), 13 deletions(-) diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 47dc038454..f12ef2f3d5 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1091,7 +1091,8 @@ dirserv_dump_directory_to_string(char **dir_out, return -1; } note_crypto_pk_op(SIGN_DIR); - if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) { + if (router_append_dirobj_signature(buf,buf_len,digest,DIGEST_LEN, + private_key)<0) { tor_free(buf); return -1; } @@ -1549,7 +1550,8 @@ generate_runningrouters(void) goto err; } note_crypto_pk_op(SIGN_DIR); - if (router_append_dirobj_signature(s, len, digest, private_key)<0) + if (router_append_dirobj_signature(s, len, digest, DIGEST_LEN, + private_key)<0) goto err; set_cached_dir(&the_runningrouters, s, time(NULL)); @@ -2743,7 +2745,8 @@ generate_v2_networkstatus_opinion(void) outp += strlen(outp); note_crypto_pk_op(SIGN_DIR); - if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) { + if (router_append_dirobj_signature(outp,endp-outp,digest,DIGEST_LEN, + private_key)<0) { log_warn(LD_BUG, "Unable to sign router status."); goto done; } diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 358246ae9d..4e94eb67e6 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -192,7 +192,7 @@ format_networkstatus_vote(crypto_pk_env_t *private_signing_key, if (router_get_networkstatus_v3_hash(status, digest)<0) goto err; note_crypto_pk_op(SIGN_DIR); - if (router_append_dirobj_signature(outp,endp-outp,digest, + if (router_append_dirobj_signature(outp,endp-outp,digest, DIGEST_LEN, private_signing_key)<0) { log_warn(LD_BUG, "Unable to sign networkstatus vote."); goto err; @@ -1257,7 +1257,7 @@ networkstatus_compute_consensus(smartlist_t *votes, tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint, signing_key_fingerprint); /* And the signature. */ - if (router_append_dirobj_signature(buf, sizeof(buf), digest, + if (router_append_dirobj_signature(buf, sizeof(buf), digest, DIGEST_LEN, signing_key)) { log_warn(LD_BUG, "Couldn't sign consensus networkstatus."); return NULL; /* This leaks, but it should never happen. */ @@ -1272,7 +1272,7 @@ networkstatus_compute_consensus(smartlist_t *votes, signing_key_fingerprint, 0); tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint, signing_key_fingerprint); - if (router_append_dirobj_signature(buf, sizeof(buf), digest, + if (router_append_dirobj_signature(buf, sizeof(buf), digest, DIGEST_LEN, legacy_signing_key)) { log_warn(LD_BUG, "Couldn't sign consensus networkstatus."); return NULL; /* This leaks, but it should never happen. */ diff --git a/src/or/or.h b/src/or/or.h index f0ea25e07e..d9e883f3e8 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4911,6 +4911,7 @@ int router_get_networkstatus_v3_hash(const char *s, char *digest); int router_get_extrainfo_hash(const char *s, char *digest); int router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest, + size_t digest_len, crypto_pk_env_t *private_key); int router_parse_list_from_string(const char **s, const char *eos, smartlist_t *dest, diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index df7195e3ea..c7eb2a9d08 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -618,7 +618,8 @@ rend_encode_v2_descriptors(smartlist_t *descs_out, } if (router_append_dirobj_signature(desc_str + written, desc_len - written, - desc_digest, service_key) < 0) { + desc_digest, DIGEST_LEN, + service_key) < 0) { log_warn(LD_BUG, "Couldn't sign desc."); rend_encoded_v2_service_descriptor_free(enc); goto err; diff --git a/src/or/router.c b/src/or/router.c index 5b260de1ca..85abc8c5fb 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1788,7 +1788,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router, note_crypto_pk_op(SIGN_RTR); if (router_append_dirobj_signature(s+written,maxlen-written, - digest,ident_key)<0) { + digest,DIGEST_LEN,ident_key)<0) { log_warn(LD_BUG, "Couldn't sign router descriptor"); return -1; } @@ -1980,7 +1980,8 @@ extrainfo_dump_to_string(char *s, size_t maxlen, extrainfo_t *extrainfo, len += strlen(s+len); if (router_get_extrainfo_hash(s, digest)<0) return -1; - if (router_append_dirobj_signature(s+len, maxlen-len, digest, ident_key)<0) + if (router_append_dirobj_signature(s+len, maxlen-len, digest, DIGEST_LEN, + ident_key)<0) return -1; { diff --git a/src/or/routerparse.c b/src/or/routerparse.c index e35ece06de..02c5cdb44e 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -643,14 +643,15 @@ router_get_extrainfo_hash(const char *s, char *digest) */ int router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest, - crypto_pk_env_t *private_key) + size_t digest_len, crypto_pk_env_t *private_key) { char *signature; size_t i; + int siglen; signature = tor_malloc(crypto_pk_keysize(private_key)); - if (crypto_pk_private_sign(private_key, signature, digest, DIGEST_LEN) < 0) { - + siglen = crypto_pk_private_sign(private_key, signature, digest, digest_len); + if (siglen < 0) { log_warn(LD_BUG,"Couldn't sign digest."); goto err; } @@ -658,7 +659,7 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest, goto truncated; i = strlen(buf); - if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) { + if (base64_encode(buf+i, buf_len-i, signature, siglen) < 0) { log_warn(LD_BUG,"couldn't base64-encode signature"); goto err; }