[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Refactor buffers; implement descriptors.



Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv24061/src/common

Modified Files:
	crypto.c crypto.h tortls.c tortls.h 
Log Message:
Refactor buffers; implement descriptors.

'buf_t' is now an opaque type defined in buffers.c .

Router descriptors now include all keys; routers generate keys as 
needed on startup (in a newly defined "data directory"), and generate
their own descriptors.  Descriptors are now self-signed.

Implementation is not complete: descriptors are never published; and
upon receiving a descriptor, the directory doesn't do anything with
it.

At least "routers.or" and orkeygen are now obsolete, BTW.



Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- crypto.c	15 Sep 2003 19:38:52 -0000	1.34
+++ crypto.c	25 Sep 2003 05:17:10 -0000	1.35
@@ -349,7 +349,7 @@
   return 0;
 }
 
-int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, unsigned char *keyfile)
+int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile)
 {
   FILE *f_pr;
   int retval = 0;
@@ -616,6 +616,43 @@
     default:
       return -1;
   }
+}
+
+int 
+crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out)
+{
+  unsigned char *buf, *bufp;
+  unsigned char digest[20];
+  int len;
+  int i;
+  assert(pk->type == CRYPTO_PK_RSA);
+  len = i2d_RSAPublicKey((RSA*)pk->key, NULL);
+  if (len < 0)
+    return -1;
+  if (len<FINGERPRINT_LEN+1) len = FINGERPRINT_LEN+1;
+  buf = bufp = tor_malloc(len+1);
+  len = i2d_RSAPublicKey((RSA*)pk->key, &bufp);
+  if (len < 0) {
+    free(buf);
+    return -1;
+  }
+  if (crypto_SHA_digest(buf, len, digest) < 0) {
+    free(buf);
+    return -1;
+  }
+  bufp = buf;
+  for (i = 0; i < 20; ++i) {
+    sprintf(bufp,"%02X",digest[i]);
+    bufp += 2;
+    if (i%2 && i != 19) {
+      *bufp++ = ' ';
+    }
+  }
+  *bufp = '\0';
+  assert(strlen(buf) == FINGERPRINT_LEN);
+  strcpy(fp_out, buf);
+  free(buf);
+  return 0;
 }
 
 /* symmetric crypto */

Index: crypto.h
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.h,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- crypto.h	10 Sep 2003 00:47:24 -0000	1.16
+++ crypto.h	25 Sep 2003 05:17:10 -0000	1.17
@@ -42,7 +42,7 @@
 int crypto_pk_write_private_key_to_file(crypto_pk_env_t *env, FILE *dest);
 int crypto_pk_write_public_key_to_file(crypto_pk_env_t *env, FILE *dest);
 int crypto_pk_check_key(crypto_pk_env_t *env);
-int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, unsigned char *keyfile);
+int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile);
 
 int crypto_pk_set_key(crypto_pk_env_t *env, unsigned char *key);
 int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b);
@@ -53,6 +53,8 @@
 int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
 int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
 int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
+#define FINGERPRINT_LEN 49
+int crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out);
 
 int base64_encode(char *dest, int destlen, char *src, int srclen);
 int base64_decode(char *dest, int destlen, char *src, int srclen);

Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- tortls.c	16 Sep 2003 20:53:09 -0000	1.13
+++ tortls.c	25 Sep 2003 05:17:10 -0000	1.14
@@ -33,6 +33,9 @@
   int isServer;
 };
 
+static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa, 
+                                        const char *nickname); 
+
 /* global tls context, keep it here because nobody else needs to touch it */
 static tor_tls_context *global_tls_context=NULL;
 static int tls_library_is_initialized = 0;
@@ -111,8 +114,9 @@
  * commonName 'nickname', and write it, PEM-encoded, to the file named
  * by 'certfile'.  Return 0 on success, -1 for failure.
  */
-int
-tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
+X509 *
+tor_tls_create_certificate(crypto_pk_env_t *rsa, 
+                           const char *nickname)
 {
   time_t start_time, end_time;
   EVP_PKEY *pkey = NULL;
@@ -120,15 +124,15 @@
   X509_NAME *name = NULL;
   BIO *out = NULL;
   int nid;
-  int r;
+  int err;
   
   tor_tls_init();
 
   start_time = time(NULL);
 
-  assert(rsa);
+  assert(rsa && nickname);
   if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa)))
-    return -1;
+    return NULL;
   if (!(x509 = X509_new()))
     goto error;
   if (!(X509_set_version(x509, 2)))
@@ -143,7 +147,7 @@
                                    "TOR", -1, -1, 0))) goto error;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
-                                   nickname, -1, -1, 0))) goto error;
+                                   (char*)nickname, -1, -1, 0))) goto error;
   
   if (!(X509_set_issuer_name(x509, name)))
     goto error;
@@ -158,25 +162,21 @@
     goto error;
   if (!X509_sign(x509, pkey, EVP_sha1()))
     goto error;
-  if (!(out = BIO_new_file(certfile, "w")))
-    goto error;
-  if (!(PEM_write_bio_X509(out, x509)))
-    goto error;
 
-  r = 0;
+  err = 0;
   goto done;
  error:
-  r = -1;
+  err = 1;
  done:
   if (out)
     BIO_free(out);
-  if (x509)
+  if (x509 && err)
     X509_free(x509);
   if (pkey)
     EVP_PKEY_free(pkey);
   if (name)
     X509_NAME_free(name);
-  return r;
+  return x509;
 }
 
 
@@ -201,16 +201,24 @@
  * used for that certificate. Return -1 if failure, else 0.
  */
 int
-tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer)
+tor_tls_context_new(crypto_pk_env_t *rsa,
+                    int isServer, const char *nickname)
 {
   crypto_dh_env_t *dh = NULL;
   EVP_PKEY *pkey = NULL;
   tor_tls_context *result;
-
-  assert((certfile && rsa) || (!certfile && !rsa));
-
+  X509 *cert = NULL;
+  
   tor_tls_init();
 
+  if (rsa) {
+    cert = tor_tls_create_certificate(rsa, nickname);
+    if (!cert) {
+      log(LOG_ERR, "Error creating certificate");
+      return NULL;
+    }
+  }
+
   result = tor_malloc(sizeof(tor_tls_context));
   result->ctx = NULL;
 #ifdef EVERYONE_HAS_AES
@@ -225,8 +233,7 @@
 #endif
   if (!SSL_CTX_set_cipher_list(result->ctx, CIPHER_LIST))
     goto error;
-  if (certfile && !SSL_CTX_use_certificate_file(result->ctx,certfile,
-                                                SSL_FILETYPE_PEM))
+  if (cert && !SSL_CTX_use_certificate(result->ctx,cert))
     goto error;
   SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
   if (rsa) {
@@ -236,7 +243,7 @@
       goto error;
     EVP_PKEY_free(pkey);
     pkey = NULL;
-    if (certfile) {
+    if (cert) {
       if (!SSL_CTX_check_private_key(result->ctx))
         goto error;
     }

Index: tortls.h
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- tortls.h	10 Sep 2003 00:47:39 -0000	1.5
+++ tortls.h	25 Sep 2003 05:17:10 -0000	1.6
@@ -16,8 +16,8 @@
 #define TOR_TLS_WANTWRITE   -1
 #define TOR_TLS_DONE         0
 
-int tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname);
-int tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer);
+/* X509* tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname); */
+int tor_tls_context_new(crypto_pk_env_t *rsa, int isServer, const char *nickname);
 tor_tls *tor_tls_new(int sock, int isServer);
 void tor_tls_free(tor_tls *tls);
 int tor_tls_peer_has_cert(tor_tls *tls);