mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Remove duplicate siging_key_cert fields.
With the fix for #17150, I added a duplicate certificate here. Here I remove the original location in 0.2.8. (I wouldn't want to do that in 027, due to the amount of authority-voting-related code drift.) Closes 19073.
This commit is contained in:
parent
3f49474349
commit
ab932cd7bf
@ -257,11 +257,11 @@ dirserv_router_get_status(const routerinfo_t *router, const char **msg,
|
|||||||
return FP_REJECT;
|
return FP_REJECT;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (router->signing_key_cert) {
|
if (router->cache_info.signing_key_cert) {
|
||||||
/* This has an ed25519 identity key. */
|
/* This has an ed25519 identity key. */
|
||||||
if (KEYPIN_MISMATCH ==
|
if (KEYPIN_MISMATCH ==
|
||||||
keypin_check((const uint8_t*)router->cache_info.identity_digest,
|
keypin_check((const uint8_t*)router->cache_info.identity_digest,
|
||||||
router->signing_key_cert->signing_key.pubkey)) {
|
router->cache_info.signing_key_cert->signing_key.pubkey)) {
|
||||||
log_fn(severity, LD_DIR,
|
log_fn(severity, LD_DIR,
|
||||||
"Descriptor from router %s has an Ed25519 key, "
|
"Descriptor from router %s has an Ed25519 key, "
|
||||||
"but the <rsa,ed25519> keys don't match what they were before.",
|
"but the <rsa,ed25519> keys don't match what they were before.",
|
||||||
@ -629,10 +629,10 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
|
|||||||
|
|
||||||
/* Do keypinning again ... this time, to add the pin if appropriate */
|
/* Do keypinning again ... this time, to add the pin if appropriate */
|
||||||
int keypin_status;
|
int keypin_status;
|
||||||
if (ri->signing_key_cert) {
|
if (ri->cache_info.signing_key_cert) {
|
||||||
keypin_status = keypin_check_and_add(
|
keypin_status = keypin_check_and_add(
|
||||||
(const uint8_t*)ri->cache_info.identity_digest,
|
(const uint8_t*)ri->cache_info.identity_digest,
|
||||||
ri->signing_key_cert->signing_key.pubkey,
|
ri->cache_info.signing_key_cert->signing_key.pubkey,
|
||||||
! key_pinning);
|
! key_pinning);
|
||||||
} else {
|
} else {
|
||||||
keypin_status = keypin_check_lone_rsa(
|
keypin_status = keypin_check_lone_rsa(
|
||||||
@ -2142,9 +2142,9 @@ routers_make_ed_keys_unique(smartlist_t *routers)
|
|||||||
|
|
||||||
SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
|
SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
|
||||||
ri->omit_from_vote = 0;
|
ri->omit_from_vote = 0;
|
||||||
if (ri->signing_key_cert == NULL)
|
if (ri->cache_info.signing_key_cert == NULL)
|
||||||
continue; /* No ed key */
|
continue; /* No ed key */
|
||||||
const uint8_t *pk = ri->signing_key_cert->signing_key.pubkey;
|
const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
|
||||||
if ((ri2 = digest256map_get(by_ed_key, pk))) {
|
if ((ri2 = digest256map_get(by_ed_key, pk))) {
|
||||||
/* Duplicate; must omit one. Set the omit_from_vote flag in whichever
|
/* Duplicate; must omit one. Set the omit_from_vote flag in whichever
|
||||||
* one has the earlier published_on. */
|
* one has the earlier published_on. */
|
||||||
@ -2897,8 +2897,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
|
|||||||
set_routerstatus_from_routerinfo(rs, node, ri, now,
|
set_routerstatus_from_routerinfo(rs, node, ri, now,
|
||||||
listbadexits);
|
listbadexits);
|
||||||
|
|
||||||
if (ri->signing_key_cert) {
|
if (ri->cache_info.signing_key_cert) {
|
||||||
memcpy(vrs->ed25519_id, ri->signing_key_cert->signing_key.pubkey,
|
memcpy(vrs->ed25519_id, ri->cache_info.signing_key_cert->signing_key.pubkey,
|
||||||
ED25519_PUBKEY_LEN);
|
ED25519_PUBKEY_LEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3528,10 +3528,11 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
|
|||||||
char idbuf[ED25519_BASE64_LEN+1];
|
char idbuf[ED25519_BASE64_LEN+1];
|
||||||
const char *keytype;
|
const char *keytype;
|
||||||
if (consensus_method >= MIN_METHOD_FOR_ED25519_ID_IN_MD &&
|
if (consensus_method >= MIN_METHOD_FOR_ED25519_ID_IN_MD &&
|
||||||
ri->signing_key_cert &&
|
ri->cache_info.signing_key_cert &&
|
||||||
ri->signing_key_cert->signing_key_included) {
|
ri->cache_info.signing_key_cert->signing_key_included) {
|
||||||
keytype = "ed25519";
|
keytype = "ed25519";
|
||||||
ed25519_public_to_base64(idbuf, &ri->signing_key_cert->signing_key);
|
ed25519_public_to_base64(idbuf,
|
||||||
|
&ri->cache_info.signing_key_cert->signing_key);
|
||||||
} else {
|
} else {
|
||||||
keytype = "rsa1024";
|
keytype = "rsa1024";
|
||||||
digest_to_base64(idbuf, ri->cache_info.identity_digest);
|
digest_to_base64(idbuf, ri->cache_info.identity_digest);
|
||||||
|
@ -2117,9 +2117,6 @@ typedef struct {
|
|||||||
crypto_pk_t *identity_pkey; /**< Public RSA key for signing. */
|
crypto_pk_t *identity_pkey; /**< Public RSA key for signing. */
|
||||||
/** Public curve25519 key for onions */
|
/** Public curve25519 key for onions */
|
||||||
curve25519_public_key_t *onion_curve25519_pkey;
|
curve25519_public_key_t *onion_curve25519_pkey;
|
||||||
/** Certificate for ed25519 signing key
|
|
||||||
* (XXXX duplicated in cache_info.) */
|
|
||||||
struct tor_cert_st *signing_key_cert;
|
|
||||||
/** What's the earliest expiration time on all the certs in this
|
/** What's the earliest expiration time on all the certs in this
|
||||||
* routerinfo? */
|
* routerinfo? */
|
||||||
time_t cert_expiration_time;
|
time_t cert_expiration_time;
|
||||||
@ -2195,9 +2192,6 @@ typedef struct extrainfo_t {
|
|||||||
uint8_t digest256[DIGEST256_LEN];
|
uint8_t digest256[DIGEST256_LEN];
|
||||||
/** The router's nickname. */
|
/** The router's nickname. */
|
||||||
char nickname[MAX_NICKNAME_LEN+1];
|
char nickname[MAX_NICKNAME_LEN+1];
|
||||||
/** Certificate for ed25519 signing key
|
|
||||||
* (XXXX duplicated in cache_info.) */
|
|
||||||
struct tor_cert_st *signing_key_cert;
|
|
||||||
/** True iff we found the right key for this extra-info, verified the
|
/** True iff we found the right key for this extra-info, verified the
|
||||||
* signature, and found it to be bad. */
|
* signature, and found it to be bad. */
|
||||||
unsigned int bad_sig : 1;
|
unsigned int bad_sig : 1;
|
||||||
|
@ -2036,7 +2036,6 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
|
|||||||
routerinfo_free(ri);
|
routerinfo_free(ri);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
ri->signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
|
|
||||||
ri->cache_info.signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
|
ri->cache_info.signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
|
||||||
|
|
||||||
get_platform_str(platform, sizeof(platform));
|
get_platform_str(platform, sizeof(platform));
|
||||||
@ -2129,7 +2128,6 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
|
|||||||
ei->cache_info.is_extrainfo = 1;
|
ei->cache_info.is_extrainfo = 1;
|
||||||
strlcpy(ei->nickname, get_options()->Nickname, sizeof(ei->nickname));
|
strlcpy(ei->nickname, get_options()->Nickname, sizeof(ei->nickname));
|
||||||
ei->cache_info.published_on = ri->cache_info.published_on;
|
ei->cache_info.published_on = ri->cache_info.published_on;
|
||||||
ei->signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
|
|
||||||
ei->cache_info.signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
|
ei->cache_info.signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
|
||||||
|
|
||||||
memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest,
|
memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest,
|
||||||
@ -2528,7 +2526,8 @@ router_dump_router_to_string(routerinfo_t *router,
|
|||||||
const or_options_t *options = get_options();
|
const or_options_t *options = get_options();
|
||||||
smartlist_t *chunks = NULL;
|
smartlist_t *chunks = NULL;
|
||||||
char *output = NULL;
|
char *output = NULL;
|
||||||
const int emit_ed_sigs = signing_keypair && router->signing_key_cert;
|
const int emit_ed_sigs = signing_keypair &&
|
||||||
|
router->cache_info.signing_key_cert;
|
||||||
char *ed_cert_line = NULL;
|
char *ed_cert_line = NULL;
|
||||||
char *rsa_tap_cc_line = NULL;
|
char *rsa_tap_cc_line = NULL;
|
||||||
char *ntor_cc_line = NULL;
|
char *ntor_cc_line = NULL;
|
||||||
@ -2540,12 +2539,12 @@ router_dump_router_to_string(routerinfo_t *router,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (emit_ed_sigs) {
|
if (emit_ed_sigs) {
|
||||||
if (!router->signing_key_cert->signing_key_included ||
|
if (!router->cache_info.signing_key_cert->signing_key_included ||
|
||||||
!ed25519_pubkey_eq(&router->signing_key_cert->signed_key,
|
!ed25519_pubkey_eq(&router->cache_info.signing_key_cert->signed_key,
|
||||||
&signing_keypair->pubkey)) {
|
&signing_keypair->pubkey)) {
|
||||||
log_warn(LD_BUG, "Tried to sign a router descriptor with a mismatched "
|
log_warn(LD_BUG, "Tried to sign a router descriptor with a mismatched "
|
||||||
"ed25519 key chain %d",
|
"ed25519 key chain %d",
|
||||||
router->signing_key_cert->signing_key_included);
|
router->cache_info.signing_key_cert->signing_key_included);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2561,14 +2560,14 @@ router_dump_router_to_string(routerinfo_t *router,
|
|||||||
char ed_cert_base64[256];
|
char ed_cert_base64[256];
|
||||||
char ed_fp_base64[ED25519_BASE64_LEN+1];
|
char ed_fp_base64[ED25519_BASE64_LEN+1];
|
||||||
if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
|
if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
|
||||||
(const char*)router->signing_key_cert->encoded,
|
(const char*)router->cache_info.signing_key_cert->encoded,
|
||||||
router->signing_key_cert->encoded_len,
|
router->cache_info.signing_key_cert->encoded_len,
|
||||||
BASE64_ENCODE_MULTILINE) < 0) {
|
BASE64_ENCODE_MULTILINE) < 0) {
|
||||||
log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
|
log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (ed25519_public_to_base64(ed_fp_base64,
|
if (ed25519_public_to_base64(ed_fp_base64,
|
||||||
&router->signing_key_cert->signing_key)<0) {
|
&router->cache_info.signing_key_cert->signing_key)<0) {
|
||||||
log_err(LD_BUG,"Couldn't base64-encode identity key\n");
|
log_err(LD_BUG,"Couldn't base64-encode identity key\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -2595,13 +2594,13 @@ router_dump_router_to_string(routerinfo_t *router,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Cross-certify with RSA key */
|
/* Cross-certify with RSA key */
|
||||||
if (tap_key && router->signing_key_cert &&
|
if (tap_key && router->cache_info.signing_key_cert &&
|
||||||
router->signing_key_cert->signing_key_included) {
|
router->cache_info.signing_key_cert->signing_key_included) {
|
||||||
char buf[256];
|
char buf[256];
|
||||||
int tap_cc_len = 0;
|
int tap_cc_len = 0;
|
||||||
uint8_t *tap_cc =
|
uint8_t *tap_cc =
|
||||||
make_tap_onion_key_crosscert(tap_key,
|
make_tap_onion_key_crosscert(tap_key,
|
||||||
&router->signing_key_cert->signing_key,
|
&router->cache_info.signing_key_cert->signing_key,
|
||||||
router->identity_pkey,
|
router->identity_pkey,
|
||||||
&tap_cc_len);
|
&tap_cc_len);
|
||||||
if (!tap_cc) {
|
if (!tap_cc) {
|
||||||
@ -2625,16 +2624,16 @@ router_dump_router_to_string(routerinfo_t *router,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Cross-certify with onion keys */
|
/* Cross-certify with onion keys */
|
||||||
if (ntor_keypair && router->signing_key_cert &&
|
if (ntor_keypair && router->cache_info.signing_key_cert &&
|
||||||
router->signing_key_cert->signing_key_included) {
|
router->cache_info.signing_key_cert->signing_key_included) {
|
||||||
int sign = 0;
|
int sign = 0;
|
||||||
char buf[256];
|
char buf[256];
|
||||||
/* XXXX Base the expiration date on the actual onion key expiration time?*/
|
/* XXXX Base the expiration date on the actual onion key expiration time?*/
|
||||||
tor_cert_t *cert =
|
tor_cert_t *cert =
|
||||||
make_ntor_onion_key_crosscert(ntor_keypair,
|
make_ntor_onion_key_crosscert(ntor_keypair,
|
||||||
&router->signing_key_cert->signing_key,
|
&router->cache_info.signing_key_cert->signing_key,
|
||||||
router->cache_info.published_on,
|
router->cache_info.published_on,
|
||||||
MIN_ONION_KEY_LIFETIME, &sign);
|
MIN_ONION_KEY_LIFETIME, &sign);
|
||||||
if (!cert) {
|
if (!cert) {
|
||||||
log_warn(LD_BUG,"make_ntor_onion_key_crosscert failed!");
|
log_warn(LD_BUG,"make_ntor_onion_key_crosscert failed!");
|
||||||
goto err;
|
goto err;
|
||||||
@ -2981,7 +2980,8 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
|
|||||||
time_t now = time(NULL);
|
time_t now = time(NULL);
|
||||||
smartlist_t *chunks = smartlist_new();
|
smartlist_t *chunks = smartlist_new();
|
||||||
extrainfo_t *ei_tmp = NULL;
|
extrainfo_t *ei_tmp = NULL;
|
||||||
const int emit_ed_sigs = signing_keypair && extrainfo->signing_key_cert;
|
const int emit_ed_sigs = signing_keypair &&
|
||||||
|
extrainfo->cache_info.signing_key_cert;
|
||||||
char *ed_cert_line = NULL;
|
char *ed_cert_line = NULL;
|
||||||
|
|
||||||
base16_encode(identity, sizeof(identity),
|
base16_encode(identity, sizeof(identity),
|
||||||
@ -2989,19 +2989,19 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
|
|||||||
format_iso_time(published, extrainfo->cache_info.published_on);
|
format_iso_time(published, extrainfo->cache_info.published_on);
|
||||||
bandwidth_usage = rep_hist_get_bandwidth_lines();
|
bandwidth_usage = rep_hist_get_bandwidth_lines();
|
||||||
if (emit_ed_sigs) {
|
if (emit_ed_sigs) {
|
||||||
if (!extrainfo->signing_key_cert->signing_key_included ||
|
if (!extrainfo->cache_info.signing_key_cert->signing_key_included ||
|
||||||
!ed25519_pubkey_eq(&extrainfo->signing_key_cert->signed_key,
|
!ed25519_pubkey_eq(&extrainfo->cache_info.signing_key_cert->signed_key,
|
||||||
&signing_keypair->pubkey)) {
|
&signing_keypair->pubkey)) {
|
||||||
log_warn(LD_BUG, "Tried to sign a extrainfo descriptor with a "
|
log_warn(LD_BUG, "Tried to sign a extrainfo descriptor with a "
|
||||||
"mismatched ed25519 key chain %d",
|
"mismatched ed25519 key chain %d",
|
||||||
extrainfo->signing_key_cert->signing_key_included);
|
extrainfo->cache_info.signing_key_cert->signing_key_included);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
char ed_cert_base64[256];
|
char ed_cert_base64[256];
|
||||||
if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
|
if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
|
||||||
(const char*)extrainfo->signing_key_cert->encoded,
|
(const char*)extrainfo->cache_info.signing_key_cert->encoded,
|
||||||
extrainfo->signing_key_cert->encoded_len,
|
extrainfo->cache_info.signing_key_cert->encoded_len,
|
||||||
BASE64_ENCODE_MULTILINE) < 0) {
|
BASE64_ENCODE_MULTILINE) < 0) {
|
||||||
log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
|
log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
@ -2897,7 +2897,6 @@ routerinfo_free(routerinfo_t *router)
|
|||||||
tor_free(router->onion_curve25519_pkey);
|
tor_free(router->onion_curve25519_pkey);
|
||||||
if (router->identity_pkey)
|
if (router->identity_pkey)
|
||||||
crypto_pk_free(router->identity_pkey);
|
crypto_pk_free(router->identity_pkey);
|
||||||
tor_cert_free(router->signing_key_cert);
|
|
||||||
tor_cert_free(router->cache_info.signing_key_cert);
|
tor_cert_free(router->cache_info.signing_key_cert);
|
||||||
if (router->declared_family) {
|
if (router->declared_family) {
|
||||||
SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
|
SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
|
||||||
@ -2917,7 +2916,6 @@ extrainfo_free(extrainfo_t *extrainfo)
|
|||||||
{
|
{
|
||||||
if (!extrainfo)
|
if (!extrainfo)
|
||||||
return;
|
return;
|
||||||
tor_cert_free(extrainfo->signing_key_cert);
|
|
||||||
tor_cert_free(extrainfo->cache_info.signing_key_cert);
|
tor_cert_free(extrainfo->cache_info.signing_key_cert);
|
||||||
tor_free(extrainfo->cache_info.signed_descriptor_body);
|
tor_free(extrainfo->cache_info.signed_descriptor_body);
|
||||||
tor_free(extrainfo->pending_sig);
|
tor_free(extrainfo->pending_sig);
|
||||||
@ -5217,7 +5215,7 @@ routerinfo_incompatible_with_extrainfo(const crypto_pk_t *identity_pkey,
|
|||||||
goto err; /* different servers */
|
goto err; /* different servers */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! tor_cert_opt_eq(sd->signing_key_cert, ei->signing_key_cert)) {
|
if (! tor_cert_opt_eq(sd->signing_key_cert,ei->cache_info.signing_key_cert)) {
|
||||||
if (msg) *msg = "Extrainfo signing key cert didn't match routerinfo";
|
if (msg) *msg = "Extrainfo signing key cert didn't match routerinfo";
|
||||||
goto err; /* different servers */
|
goto err; /* different servers */
|
||||||
}
|
}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* Copyright (c) 2001 Matej Pfajfar.
|
/* Copyright (c) 2001 Matej Pfajfar.
|
||||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||||
* Copyright (c) 2007-2016, The Tor Project, Inc. */
|
* Copyright (c) 2007-2016, The Tor Project, Inc. */
|
||||||
@ -1405,8 +1405,7 @@ router_parse_entry_from_string(const char *s, const char *end,
|
|||||||
log_warn(LD_DIR, "Couldn't parse ed25519 cert");
|
log_warn(LD_DIR, "Couldn't parse ed25519 cert");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
router->signing_key_cert = cert; /* makes sure it gets freed. */
|
router->cache_info.signing_key_cert = cert; /* makes sure it gets freed.*/
|
||||||
router->cache_info.signing_key_cert = tor_cert_dup(cert);
|
|
||||||
|
|
||||||
if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
|
if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
|
||||||
! cert->signing_key_included) {
|
! cert->signing_key_included) {
|
||||||
@ -1787,8 +1786,9 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
|
|||||||
log_warn(LD_DIR, "Couldn't parse ed25519 cert");
|
log_warn(LD_DIR, "Couldn't parse ed25519 cert");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
extrainfo->signing_key_cert = cert; /* makes sure it gets freed. */
|
/* makes sure it gets freed. */
|
||||||
extrainfo->cache_info.signing_key_cert = tor_cert_dup(cert);
|
extrainfo->cache_info.signing_key_cert = cert;
|
||||||
|
|
||||||
if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
|
if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
|
||||||
! cert->signing_key_included) {
|
! cert->signing_key_included) {
|
||||||
log_warn(LD_DIR, "Invalid form for ed25519 cert");
|
log_warn(LD_DIR, "Invalid form for ed25519 cert");
|
||||||
|
@ -160,15 +160,15 @@ test_dir_formats(void *arg)
|
|||||||
ed25519_secret_key_from_seed(&kp2.seckey,
|
ed25519_secret_key_from_seed(&kp2.seckey,
|
||||||
(const uint8_t*)"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
|
(const uint8_t*)"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
|
||||||
ed25519_public_key_generate(&kp2.pubkey, &kp2.seckey);
|
ed25519_public_key_generate(&kp2.pubkey, &kp2.seckey);
|
||||||
r2->signing_key_cert = tor_cert_create(&kp1,
|
r2->cache_info.signing_key_cert = tor_cert_create(&kp1,
|
||||||
CERT_TYPE_ID_SIGNING,
|
CERT_TYPE_ID_SIGNING,
|
||||||
&kp2.pubkey,
|
&kp2.pubkey,
|
||||||
now, 86400,
|
now, 86400,
|
||||||
CERT_FLAG_INCLUDE_SIGNING_KEY);
|
CERT_FLAG_INCLUDE_SIGNING_KEY);
|
||||||
char cert_buf[256];
|
char cert_buf[256];
|
||||||
base64_encode(cert_buf, sizeof(cert_buf),
|
base64_encode(cert_buf, sizeof(cert_buf),
|
||||||
(const char*)r2->signing_key_cert->encoded,
|
(const char*)r2->cache_info.signing_key_cert->encoded,
|
||||||
r2->signing_key_cert->encoded_len,
|
r2->cache_info.signing_key_cert->encoded_len,
|
||||||
BASE64_ENCODE_MULTILINE);
|
BASE64_ENCODE_MULTILINE);
|
||||||
r2->platform = tor_strdup(platform);
|
r2->platform = tor_strdup(platform);
|
||||||
r2->cache_info.published_on = 5;
|
r2->cache_info.published_on = 5;
|
||||||
@ -279,7 +279,8 @@ test_dir_formats(void *arg)
|
|||||||
strlcat(buf2, "master-key-ed25519 ", sizeof(buf2));
|
strlcat(buf2, "master-key-ed25519 ", sizeof(buf2));
|
||||||
{
|
{
|
||||||
char k[ED25519_BASE64_LEN+1];
|
char k[ED25519_BASE64_LEN+1];
|
||||||
tt_assert(ed25519_public_to_base64(k, &r2->signing_key_cert->signing_key)
|
tt_assert(ed25519_public_to_base64(k,
|
||||||
|
&r2->cache_info.signing_key_cert->signing_key)
|
||||||
>= 0);
|
>= 0);
|
||||||
strlcat(buf2, k, sizeof(buf2));
|
strlcat(buf2, k, sizeof(buf2));
|
||||||
strlcat(buf2, "\n", sizeof(buf2));
|
strlcat(buf2, "\n", sizeof(buf2));
|
||||||
|
@ -483,7 +483,7 @@ test_md_generate(void *arg)
|
|||||||
md = dirvote_create_microdescriptor(ri, 21);
|
md = dirvote_create_microdescriptor(ri, 21);
|
||||||
tt_str_op(md->body, ==, test_md2_21);
|
tt_str_op(md->body, ==, test_md2_21);
|
||||||
tt_assert(ed25519_pubkey_eq(md->ed25519_identity_pkey,
|
tt_assert(ed25519_pubkey_eq(md->ed25519_identity_pkey,
|
||||||
&ri->signing_key_cert->signing_key));
|
&ri->cache_info.signing_key_cert->signing_key));
|
||||||
|
|
||||||
done:
|
done:
|
||||||
microdesc_free(md);
|
microdesc_free(md);
|
||||||
|
Loading…
Reference in New Issue
Block a user