[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] More work on directories. Signed directories not yet teste...



Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv16444/src/or

Modified Files:
	main.c or.h routers.c test.c 
Log Message:
More work on directories.  Signed directories not yet tested. No support for checking sigs yet

Index: main.c
===================================================================
RCS file: /home/or/cvsroot/src/or/main.c,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -d -r1.53 -r1.54
--- main.c	6 May 2003 17:38:15 -0000	1.53
+++ main.c	7 May 2003 02:13:23 -0000	1.54
@@ -555,7 +555,8 @@
 
 int dump_router_to_string(char *s, int maxlen, routerinfo_t *router) {
   char *pkey;
-  int pkeylen;
+  char *signing_pkey, *signing_pkey_tag;
+  int pkeylen, signing_pkeylen;
   int written;
   int result=0;
   struct exit_policy_t *tmpe;
@@ -565,16 +566,30 @@
     return 0;
   }
 
-  result = snprintf(s, maxlen, "router %s %d %d %d %d %d\n%s",
+  signing_pkey = "";
+  signing_pkey_tag = "";
+  if (router->signing_pkey) {
+    if(crypto_pk_write_public_key_to_string(router->signing_pkey,
+                                         &signing_pkey,&signing_pkeylen)<0) {
+      log(LOG_ERR,"dump_router_to_string(): write signing_pkey to string failed!");
+      return 0;
+    }
+    signing_pkey_tag = "signing-key\n";
+  }
+  
+  result = snprintf(s, maxlen, "router %s %d %d %d %d %d\n%s%s%s",
     router->address,
     router->or_port,
     router->op_port,
     router->ap_port,
     router->dir_port,
     router->bandwidth,
-    pkey);
+    pkey,
+    signing_pkey_tag, signing_pkey);
 
   free(pkey);
+  if (*signing_pkey)
+    free(signing_pkey);
 
   if(result < 0 || result > maxlen) {
     /* apparently different glibcs do different things on snprintf error.. so check both */
@@ -607,21 +622,23 @@
 
 }
 
-void dump_directory_to_string(char *s, int maxlen) {
-  int i;
+void dump_directory_to_string(char *s, int maxlen) 
+{
+  directory_t dir;
+  routerinfo_t **routers = NULL;;
   connection_t *conn;
   routerinfo_t *router;
-  int written;
+  int i, n = 0;
 
-  /* first write my own info */
-  if(my_routerinfo) {
-    written = dump_router_to_string(s, maxlen, my_routerinfo);
-    maxlen -= written;
-    s += written;
+  routers = (routerinfo_t**) malloc(sizeof(routerinfo_t*) * (nfds+1));
+  if (!routers) {
+    /* freak out XXX */
+    return;
   }
-
-  /* now write info for other routers */
-  for(i=0;i<nfds;i++) {
+  if (my_routerinfo) {
+    routers[n++] = my_routerinfo;
+  }
+  for(i = 0; i<nfds; ++i) {
     conn = connection_array[i];
 
     if(conn->type != CONN_TYPE_OR)
@@ -633,7 +650,64 @@
       log(LOG_ERR,"dump_directory_to_string(): couldn't find router %d:%d!",conn->addr,conn->port);
       continue;
     }
+    routers[n++] = router;
+  }
+  dir.routers = routers;
+  dir.n_routers = n;
+
+  dump_directory_to_string_impl(s, maxlen, &dir);
+}
 
+int
+dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir,
+                                     crypto_pk_env_t *private_key)
+{
+  char *cp;
+  char digest[20];
+  char signature[128];
+  int i;
+  strncpy(s, 
+          "signed-directory\n"
+          "client-software x y z\n" /* XXX make this real */
+          "server-software a b c\n\n" /* XXX make this real */
+          , maxlen);
+  /* These multiple strlen calls are inefficient, but dwarfed by the RSA
+     signature.
+  */
+  i = strlen(s); 
+
+  dump_directory_to_string_impl(s+i, maxlen-i, dir);
+  i = strlen(s);
+  cp = s + i;
+  
+  if (crypto_SHA_digest(s, i, digest))
+    return -1;
+  if (crypto_pk_private_sign(private_key, digest, 20, signature))
+    return -1;
+  
+
+  strncpy(cp, 
+          "directory-signature\n-----BEGIN SIGNATURE-----\n", maxlen-i);
+          
+  i = strlen(s);
+  cp = s+i;
+  if (base64_encode(cp, maxlen-i, signature, 128) < 0)
+    return -1;
+
+  i = strlen(s);
+  cp = s+i;
+  strcat(cp, "-----END SIGNATURE-----\n");
+
+  return 0;
+}
+
+void dump_directory_to_string_impl(char *s, int maxlen, directory_t *directory) {
+  int i;
+  routerinfo_t *router;
+  int written;
+
+  for (i = 0; i < directory->n_routers; ++i) {
+    router = directory->routers[i];
     written = dump_router_to_string(s, maxlen, router);
 
     if(written < 0) { 
@@ -645,7 +719,6 @@
     maxlen -= written;
     s += written;
   }
-
 }
 
 void daemonize(void) {

Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -d -r1.75 -r1.76
--- or.h	6 May 2003 17:38:16 -0000	1.75
+++ or.h	7 May 2003 02:13:23 -0000	1.76
@@ -320,6 +320,7 @@
   uint16_t dir_port;
  
   crypto_pk_env_t *pkey; /* public RSA key */
+  crypto_pk_env_t *signing_pkey; /* May be null */
  
   /* link info */
   uint32_t bandwidth;
@@ -737,6 +738,7 @@
 
 void dumpstats(void);
 void dump_directory_to_string(char *s, int maxlen);
+void dump_directory_to_string_impl(char *s, int maxlen, directory_t *directory);
 
 int main(int argc, char *argv[]);
 
@@ -793,6 +795,7 @@
 routerinfo_t *router_get_entry_from_string(char **s);
 
 int router_compare_to_exit_policy(connection_t *conn);
+void routerlist_free(routerinfo_t *list);
 
 #endif
 

Index: routers.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routers.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- routers.c	6 May 2003 17:38:16 -0000	1.23
+++ routers.c	7 May 2003 02:13:23 -0000	1.24
@@ -17,7 +17,7 @@
 /****************************************************************************/
 
 /* static function prototypes */
-static void routerlist_free(routerinfo_t *list);
+void routerlist_free(routerinfo_t *list);
 static routerinfo_t **make_rarray(routerinfo_t* list, int *len);
 static char *eat_whitespace(char *s);
 static char *find_whitespace(char *s);
@@ -124,7 +124,7 @@
 }
 
 /* delete a list of routers from memory */
-static void routerlist_free(routerinfo_t *list)
+void routerlist_free(routerinfo_t *list)
 {
   routerinfo_t *tmp = NULL;
   struct exit_policy_t *e = NULL, *etmp = NULL;
@@ -402,7 +402,6 @@
     log(LOG_ERR,"router_get_entry_from_string(): Entry does not start with \"router\"");
     return NULL;
   }
-  puts("X");
 
   router = malloc(sizeof(routerinfo_t));
   if (!router) {
@@ -477,7 +476,7 @@
     goto router_read_failed;
   }
   
-  /* now advance *s so it's at the end of this router entry */
+  /* now advance *s so it's at the end of this public key */
   next = strchr(next, '\n');
   assert(next); /* can't fail, we just checked it was here */
   *next = 0;
@@ -494,10 +493,40 @@
     goto router_read_failed;
   }
 
-//  test_write_pkey(router->pkey);  
-
   *s = next+1;
-  while(**s != '\n') {
+  *s = eat_whitespace(*s);
+  if (!strncasecmp(*s, "signing-key", 11)) {
+    /* We have a signing key */
+    *s = strchr(*s, '\n');
+    *s = eat_whitespace(*s); 
+    next = strstr(*s,OR_PUBLICKEY_END_TAG);
+    router->signing_pkey = crypto_new_pk_env(CRYPTO_PK_RSA);
+    if (!next || !router->signing_pkey) {
+      log(LOG_ERR,"router_get_entry_from_string(): Couldn't find signing_pk in string");
+      goto router_read_failed;
+    }
+    next = strchr(next, '\n');
+    assert(next);
+    *next = 0;
+    if ((crypto_pk_read_public_key_from_string(router->signing_pkey, *s,
+                                               strlen(*s)))<0) {
+      log(LOG_ERR,"router_get_entry_from_string(): Couldn't read signing pk from string");
+      goto router_read_failed;
+    }
+
+    log(LOG_DEBUG,"router_get_entry_from_string(): Signing key size = %u.", crypto_pk_keysize(router->signing_pkey));
+
+    if (crypto_pk_keysize(router->signing_pkey) != 128) { /* keys MUST be 1024 bits in size */
+      log(LOG_ERR,"Signing key for router %s:%u is 1024 bits. All keys must be exactly 1024 bits long.",
+          router->address,router->or_port);
+      goto router_read_failed;
+    }
+    *s = next+1;
+  }
+      
+  //  test_write_pkey(router->pkey);  
+
+  while(**s && **s != '\n') {
     /* pull in a line of exit policy */
     next = strchr(*s, '\n');
     if(!next)
@@ -508,7 +537,6 @@
   }
 
   return router;
-
 
 router_read_failed:
   if(router->address)

Index: test.c
===================================================================
RCS file: /home/or/cvsroot/src/or/test.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- test.c	6 May 2003 17:38:16 -0000	1.13
+++ test.c	7 May 2003 02:13:23 -0000	1.14
@@ -506,8 +506,8 @@
 test_dir_format()
 {
   
-  char buf[2048], buf2[512];
-  char *pk1_str, *pk2_str, *cp;
+  char buf[2048], buf2[2048];
+  char *pk1_str = NULL, *pk2_str = NULL, *cp;
   int pk1_str_len, pk2_str_len;
   routerinfo_t r1, r2;
   crypto_pk_env_t *pk1 = NULL, *pk2 = NULL;
@@ -528,6 +528,7 @@
   r1.ap_port = 9002;
   r1.dir_port = 9003;
   r1.pkey = pk1;
+  r1.signing_pkey = NULL;
   r1.bandwidth = 1000;
   r1.exit_policy = NULL;
   r1.next = &r2;
@@ -548,6 +549,7 @@
   r2.ap_port = 0;
   r2.dir_port = 0;
   r2.pkey = pk2;
+  r2.signing_pkey = pk1;
   r2.bandwidth = 3000;
   r2.exit_policy = &ex1;
   r2.next = NULL;
@@ -574,10 +576,13 @@
   test_eq(rp1->dir_port, r1.dir_port);
   test_eq(rp1->bandwidth, r1.bandwidth);
   test_assert(crypto_pk_cmp_keys(rp1->pkey, pk1) == 0);
+  test_assert(rp1->signing_pkey == NULL);
   test_assert(rp1->exit_policy == NULL);
 
   strcpy(buf2, "router tor.tor.tor 9005 0 0 0 3000\n");
   strcat(buf2, pk2_str);
+  strcat(buf2, "signing-key\n");
+  strcat(buf2, pk1_str);
   strcat(buf2, "accept *:80\nreject 18.*:24\n\n");
   test_assert(dump_router_to_string(buf, 2048, &r2)>0);
   test_streq(buf, buf2);
@@ -592,6 +597,7 @@
   test_eq(rp2->dir_port, r2.dir_port);
   test_eq(rp2->bandwidth, r2.bandwidth);
   test_assert(crypto_pk_cmp_keys(rp2->pkey, pk2) == 0);
+  test_assert(crypto_pk_cmp_keys(rp2->signing_pkey, pk1) == 0);
   test_eq(rp2->exit_policy->policy_type, EXIT_POLICY_ACCEPT);
   test_streq(rp2->exit_policy->string, "accept *:80");
   test_streq(rp2->exit_policy->address, "*");
@@ -601,9 +607,17 @@
   test_streq(rp2->exit_policy->next->address, "18.*");
   test_streq(rp2->exit_policy->next->port, "24");
   test_assert(rp2->exit_policy->next->next == NULL);
+
+  /* Okay, now for the directories. */
   
-  
-  /* XXXX free everything*/
+
+
+  if (pk1_str) free(pk1_str);
+  if (pk2_str) free(pk2_str);
+  if (pk1) crypto_free_pk_env(pk1);
+  if (pk2) crypto_free_pk_env(pk2);
+  if (rp1) routerlist_free(rp1);
+  if (rp2) routerlist_free(rp2);
 }
 
 int 
@@ -617,7 +631,7 @@
   log(LOG_ERR,NULL);         /* make logging quieter */
 
   setup_directory();
-#if 1
+#if 0
   puts("========================== Buffers =========================");
   test_buffers();
   puts("========================== Crypto ==========================");