Make signature-generation code handle different key and digest lengths.

2024-09-21 05:26:20 +02:00 · 2009-09-14 11:57:19 -04:00 · 2009-09-14 11:57:19 -04:00 · 8b2f6b27fd
commit 8b2f6b27fd
parent 8d41e6c471
6 changed files with 20 additions and 13 deletions
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@ -1091,7 +1091,8 @@ dirserv_dump_directory_to_string(char **dir_out,
    return -1;
  }
  note_crypto_pk_op(SIGN_DIR);
-  if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
+  if (router_append_dirobj_signature(buf,buf_len,digest,DIGEST_LEN,
+                                     private_key)<0) {
    tor_free(buf);
    return -1;
  }
@ -1549,7 +1550,8 @@ generate_runningrouters(void)
    goto err;
  }
  note_crypto_pk_op(SIGN_DIR);
-  if (router_append_dirobj_signature(s, len, digest, private_key)<0)
+  if (router_append_dirobj_signature(s, len, digest, DIGEST_LEN,
+                                     private_key)<0)
    goto err;

  set_cached_dir(&the_runningrouters, s, time(NULL));
@ -2743,7 +2745,8 @@ generate_v2_networkstatus_opinion(void)
  outp += strlen(outp);

  note_crypto_pk_op(SIGN_DIR);
-  if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
+  if (router_append_dirobj_signature(outp,endp-outp,digest,DIGEST_LEN,
+                                     private_key)<0) {
    log_warn(LD_BUG, "Unable to sign router status.");
    goto done;
  }
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@ -192,7 +192,7 @@ format_networkstatus_vote(crypto_pk_env_t *private_signing_key,
  if (router_get_networkstatus_v3_hash(status, digest)<0)
    goto err;
  note_crypto_pk_op(SIGN_DIR);
-  if (router_append_dirobj_signature(outp,endp-outp,digest,
+  if (router_append_dirobj_signature(outp,endp-outp,digest, DIGEST_LEN,
                                     private_signing_key)<0) {
    log_warn(LD_BUG, "Unable to sign networkstatus vote.");
    goto err;
@ -1257,7 +1257,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
    tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint,
                 signing_key_fingerprint);
    /* And the signature. */
-    if (router_append_dirobj_signature(buf, sizeof(buf), digest,
+    if (router_append_dirobj_signature(buf, sizeof(buf), digest, DIGEST_LEN,
                                       signing_key)) {
      log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
      return NULL; /* This leaks, but it should never happen. */
@ -1272,7 +1272,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
                                signing_key_fingerprint, 0);
      tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint,
                   signing_key_fingerprint);
-      if (router_append_dirobj_signature(buf, sizeof(buf), digest,
+      if (router_append_dirobj_signature(buf, sizeof(buf), digest, DIGEST_LEN,
                                         legacy_signing_key)) {
        log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
        return NULL; /* This leaks, but it should never happen. */
--- a/src/or/or.h
+++ b/src/or/or.h
@ -4911,6 +4911,7 @@ int router_get_networkstatus_v3_hash(const char *s, char *digest);
 int router_get_extrainfo_hash(const char *s, char *digest);
 int router_append_dirobj_signature(char *buf, size_t buf_len,
                                   const char *digest,
+                                   size_t digest_len,
                                   crypto_pk_env_t *private_key);
 int router_parse_list_from_string(const char **s, const char *eos,
                                  smartlist_t *dest,
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@ -618,7 +618,8 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
    }
    if (router_append_dirobj_signature(desc_str + written,
                                       desc_len - written,
-                                       desc_digest, service_key) < 0) {
+                                       desc_digest, DIGEST_LEN,
+                                       service_key) < 0) {
      log_warn(LD_BUG, "Couldn't sign desc.");
      rend_encoded_v2_service_descriptor_free(enc);
      goto err;
--- a/src/or/router.c
+++ b/src/or/router.c
@ -1788,7 +1788,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,

  note_crypto_pk_op(SIGN_RTR);
  if (router_append_dirobj_signature(s+written,maxlen-written,
-                                     digest,ident_key)<0) {
+                                     digest,DIGEST_LEN,ident_key)<0) {
    log_warn(LD_BUG, "Couldn't sign router descriptor");
    return -1;
  }
@ -1980,7 +1980,8 @@ extrainfo_dump_to_string(char *s, size_t maxlen, extrainfo_t *extrainfo,
  len += strlen(s+len);
  if (router_get_extrainfo_hash(s, digest)<0)
    return -1;
-  if (router_append_dirobj_signature(s+len, maxlen-len, digest, ident_key)<0)
+  if (router_append_dirobj_signature(s+len, maxlen-len, digest, DIGEST_LEN,
+                                     ident_key)<0)
    return -1;

  {
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@ -643,14 +643,15 @@ router_get_extrainfo_hash(const char *s, char *digest)
 */
 int
 router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
-                               crypto_pk_env_t *private_key)
+                               size_t digest_len, crypto_pk_env_t *private_key)
 {
  char *signature;
  size_t i;
+  int siglen;

  signature = tor_malloc(crypto_pk_keysize(private_key));
-  if (crypto_pk_private_sign(private_key, signature, digest, DIGEST_LEN) < 0) {
-
+  siglen = crypto_pk_private_sign(private_key, signature, digest, digest_len);
+  if (siglen < 0) {
    log_warn(LD_BUG,"Couldn't sign digest.");
    goto err;
  }
@ -658,7 +659,7 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
    goto truncated;

  i = strlen(buf);
-  if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) {
+  if (base64_encode(buf+i, buf_len-i, signature, siglen) < 0) {
    log_warn(LD_BUG,"couldn't base64-encode signature");
    goto err;
  }