[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[minion-cvs] Several days worth of hacking. Highlights: Key rotatio...



Update of /home/minion/cvsroot/src/minion/src
In directory moria.mit.edu:/tmp/cvs-serv2846/src

Modified Files:
	crypt.c main.c tls.c 
Log Message:
Several days worth of hacking.  Highlights: Key rotation, robust queues.

TODO:
- Update status, add time estimates
- Break down directory work

etc/mixminiond.conf:
- Rename PublicKeySloppiness to PublicKeyOverlap

*:
- Whitespace normalization

ClientMain:
- Improve path syntax to include ?, *n,  Allow choice-with-replacement
- Use new readPickled functionality from Common
- Add -n argument for flush command
- Add default-path options to ClientConfig
- Be more specific about causes of failure when flushing; be more specific
  about # messages flushed.
- Remove --swap-at option: now path syntax is adequate.

Config, ClientMain, Common:
- Change duration from a 3-tuple to an independent class.  Now we 
  can say duration.getSeconds() rather than duration[2], which makes
  some stuff more readable.

Common:
- Debug checkPrivateFile
- Add AtomicFile class to help with standard create/rename pattern.
- Add readPickled/writePickled wrappers

MMTPClient:
- Document PeerCertificateCache

Packet:
- Correct documentation on overflow, underflow.

benchmark:
- Improve format of printed sizes
- Improve pk timing; time with bizarre exponent.
- Add Timing for ServerQueues

test:
- Add tests for encodeBase64
- Correct tests for new DeliveryQueue implementation
- Add tests for checkPrivateFile
- Revise tests for _parseInterval in response to new Duration class.
- Add tests for generating new descriptors with existing keys
- Fix test for directory with bad signature: make it fail for the
  right reason
- Deal with new validateConfig in Module
- Add test for scheduler.
- Tests for new path selection code

testSupport: 
- Module code uses new interface

EventStats:
- Document, clean

MMTPServer:
- Better warning on TLSClosed while connecting.
- Document new functionality

Modules:
- validateConfig function no longer needs 'sections' and 'entries':
  make it follow the same interface as other validation fns
- _deliverMessages: use new DeliveryQueue interface

PacketHandler:
- Always take a list of keys, never a single one.

ServerConfig:
- Refactor validateRetrySchedule
- Use new Duration class
- Rename PublicKeySloppiness to PublicKeyOverlap

ServerKeys: ***
- Implement key rotation:
   - Notice when to add and remove keys from PacketHandlers, MMTPServer
   - Set keys in packethandlers, mmtpserver 
   - Note that 512-bit DH moduli are kinda silly 
- More code and debugging for descriptor regenration

ServerMain:
- Documentation
- Key rotation
- Respond to refactoring in DeliveryQueue
- Use lambdas to wrap EventStats rotation
- Separate reset method
- Remove obsolete commands

ServerQueue: ***
- Refactor DeliveryQueue so that it has a prayer of working: Keep
  message delivery state in a separate file, and update separately.
  Remember time of queueing for each method, and last attempted
  delivery; n_retries is gone.  This allows us to change the retry schedule
  without putting messages in an inconsistent state.

  An earlier version put the state for _all_ queued objects in a
  single file: this turned out to be screamingly inefficient.

crypt.c, tls.c:
- Documentation fixes




Index: crypt.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/crypt.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- crypt.c	10 Apr 2003 03:01:07 -0000	1.22
+++ crypt.c	17 May 2003 00:08:45 -0000	1.23
@@ -180,7 +180,7 @@
         int inputlen, prng=0;
         long idx=0;
         AES_KEY *aes_key = NULL;
-        
+
         PyObject *output;
 
         if (!PyArg_ParseTupleAndKeywords(args, kwdict,
@@ -920,7 +920,7 @@
         static char *kwlist[] = { "filename", "verbose", "bits", NULL };
         char *filename;
         int bits=512, verbose=0;
- 
+
         BIO *out = NULL;
         DH *dh = NULL;
 
@@ -953,13 +953,15 @@
 }
 
 const char mm_generate_cert__doc__[] =
-  "generate_cert(filename, rsa, cn, start_time, end_time)\n\n"
-  "Generate a self-signed X509 certificate suitable for use by a Mixminion\n"
-  "server.  The certificate will be stored to <filename>, and use the\n"
-  "=private= key <rsa>.  The certificate\'s commonName field will be set to\n"
-  "<cn>.  The key will be valid from <start_time> until <end_time>.\n"
-  "All other fields will be given reasonable defaults.\n";
-/* DOCDOC new arguments */
+  "generate_cert(filename, rsa, rsa_sign, cn, cn_issuer, \n"
+  "              start_time, end_time)\n\n"
+  "Generate a signed X509 certificate suitable for use by a Mixminion\n"
+  "server.  The certificate is stored to <filename>, uses the =private= key\n"
+  "<rsa>, and is signed using the =private= key <rsa_sign>.  The\n"
+  "certificate\'s commonName field is set to <cn>, and the issuer\'s\n"
+  "commonName will be set to <cn_issuer>. The key is valid from <start_time>\n"
+  "until <end_time>.  All other fields are given reasonable defaults.\n";
+
 PyObject *
 mm_generate_cert(PyObject *self, PyObject *args, PyObject *kwargs)
 {
@@ -990,11 +992,11 @@
         PyObject *retval;
         time_t time;
 
-        if (!PyArg_ParseTupleAndKeywords(args, kwargs, 
+        if (!PyArg_ParseTupleAndKeywords(args, kwargs,
                                          "sO!O!ssdd:generate_cert",
                                          kwlist, &filename,
-                                         &mm_RSA_Type, &_rsa, 
-                                         &mm_RSA_Type, &_rsa_sign, 
+                                         &mm_RSA_Type, &_rsa,
+                                         &mm_RSA_Type, &_rsa_sign,
                                          &cn, &cn_issuer,
                                          &start_time, &end_time))
                 return NULL;

Index: main.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/main.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- main.c	20 Feb 2003 16:57:40 -0000	1.13
+++ main.c	17 May 2003 00:08:45 -0000	1.14
@@ -120,7 +120,6 @@
         /* We set ob_type here so that Cygwin is happy. */
         mm_RSA_Type.ob_type = mm_TLSContext_Type.ob_type =
                 mm_TLSSock_Type.ob_type = &PyType_Type;
-                
 
         Py_INCREF(&mm_RSA_Type);
         if (PyDict_SetItemString(d, "RSA", (PyObject*)&mm_RSA_Type) < 0)

Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- tls.c	26 Apr 2003 14:37:43 -0000	1.21
+++ tls.c	17 May 2003 00:08:46 -0000	1.22
@@ -276,7 +276,7 @@
                 mm_SSL_ERR(0);
                 return NULL;
         }
-        
+
 }
 
 static PyMethodDef mm_TLSContext_methods[] = {
@@ -563,8 +563,10 @@
 }
 
 
-static char mm_TLSSock_check_cert_alive__doc__[] = 
-    "DOCDOC";
+static char mm_TLSSock_check_cert_alive__doc__[] =
+  "check_cert_alive()\n\n"
+  "Raise a TLSError if the peer\'s certificate on this TLS connection is\n"
+  "not currently valid.  Otherwise return None.\n";
 
 static PyObject*
 mm_TLSSock_check_cert_alive(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -575,7 +577,7 @@
 
         assert(mm_TLSSock_Check(self));
         FAIL_IF_ARGS();
-        
+
         ssl = ((mm_TLSSock*)self)->ssl;
         if (!(cert = SSL_get_peer_certificate(ssl))) {
                 mm_SSL_ERR(0); return NULL;
@@ -596,8 +598,14 @@
 }
 
 
-static char mm_TLSSock_verify_cert_and_get_identity_pk__doc__[] = 
-    "DOCDOC";
+static char mm_TLSSock_verify_cert_and_get_identity_pk__doc__[] =
+  "verify_cert_and_get_identity_pk()\n\n"
+  "Check whether all of the following conditions hold:\n"
+  "    1) The peer of this TLS connection has a 2-certificate chain.\n"
+  "    2) The certificate for the public key used for this connection is\n"
+  "       signed by the other certificate.\n"
+  "If not, raise a TLSError.  Otherwise, return the public key on the\n"
+  "signing (identity) certificate.\n";
 
 static PyObject*
 mm_TLSSock_verify_cert_and_get_identity_pk(
@@ -615,7 +623,7 @@
 
         assert(mm_TLSSock_Check(self));
         FAIL_IF_ARGS();
-        
+
         ssl = ((mm_TLSSock*)self)->ssl;
         if (!(chain = SSL_get_peer_cert_chain(ssl))) {
                 mm_SSL_ERR(0); return NULL;
@@ -672,7 +680,7 @@
         assert(mm_TLSSock_Check(self));
         FAIL_IF_ARGS();
         ssl = ((mm_TLSSock*)self)->ssl;
-        
+
         Py_BEGIN_ALLOW_THREADS
         r = SSL_renegotiate(ssl);
         Py_END_ALLOW_THREADS
@@ -699,7 +707,7 @@
         assert(mm_TLSSock_Check(self));
         FAIL_IF_ARGS();
         ssl = ((mm_TLSSock*)self)->ssl;
-        
+
         Py_BEGIN_ALLOW_THREADS
         r = SSL_do_handshake(ssl);
         Py_END_ALLOW_THREADS
@@ -724,7 +732,7 @@
         assert(mm_TLSSock_Check(self));
         FAIL_IF_ARGS();
         ssl = ((mm_TLSSock*)self)->ssl;
-        
+
         return PyInt_FromLong(SSL_num_renegotiations(ssl));
 }
 #endif