[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] Add some documentation; move the signature generation logic...
Update of /home/or/cvsroot/tor/src/or
In directory moria:/tmp/cvs-serv18664/src/or
Modified Files:
dirserv.c or.h router.c routerparse.c test.c
Log Message:
Add some documentation; move the signature generation logic into routerparse.c along with the hash generation logic; make router signing use it as well.
Index: dirserv.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/dirserv.c,v
retrieving revision 1.182
retrieving revision 1.183
diff -u -d -r1.182 -r1.183
--- dirserv.c 25 Aug 2005 20:54:12 -0000 1.182
+++ dirserv.c 26 Aug 2005 15:34:53 -0000 1.183
@@ -665,7 +665,10 @@
}
}
-/* DOCDOC */
+/* Given a (possibly empty) list of config_line_t, each line of which contains
+ * a list of comma-separated version numbers surrounded by optional space,
+ * allocate and return a new string containing the version numbers, in order,
+ * separated by commas. Used to generate Recommended(Client|Server)?Versions */
static char *
format_versions_list(config_line_t *ln)
{
@@ -682,38 +685,6 @@
return result;
}
-/* DOCDOC */
-static int
-append_signature(char *buf, size_t buf_len, const char *digest,
- crypto_pk_env_t *private_key)
-{
- char signature[PK_BYTES];
- int i;
-
- if (crypto_pk_private_sign(private_key, signature, digest, DIGEST_LEN) < 0) {
-
- log_fn(LOG_WARN,"Couldn't sign digest.");
- return -1;
- }
- if (strlcat(buf, "-----BEGIN SIGNATURE-----\n", buf_len) >= buf_len)
- goto truncated;
-
- i = strlen(buf);
- if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) {
- log_fn(LOG_WARN,"couldn't base64-encode signature");
- tor_free(buf);
- return -1;
- }
-
- if (strlcat(buf, "-----END SIGNATURE-----\n", buf_len) >= buf_len)
- goto truncated;
-
- return 0;
- truncated:
- log_fn(LOG_WARN,"tried to exceed string length.");
- return -1;
-}
-
/** Generate a new directory and write it into a newly allocated string.
* Point *<b>dir_out</b> to the allocated string. Sign the
* directory with <b>private_key</b>. Return 0 on success, -1 on
@@ -796,7 +767,7 @@
tor_free(buf);
return -1;
}
- if (append_signature(buf,buf_len,digest,private_key)<0) {
+ if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
tor_free(buf);
return -1;
}
@@ -809,27 +780,32 @@
return -1;
}
-/** DOCDOC */
+
+/** A cached_dir_t represents a cacheable directory object, along with its
+ * compressed form. */
typedef struct cached_dir_t {
- char *dir;
- char *dir_z;
- size_t dir_len;
- size_t dir_z_len;
- time_t published;
+ char *dir; /**< Contents of this object */
+ char *dir_z; /**< Compressed contents of this object. */
+ size_t dir_len; /**< Length of <b>dir</b> */
+ size_t dir_z_len; /**< Length of <b>dir_z</b> */
+ time_t published; /**< When was this object published */
} cached_dir_t;
/** Most recently generated encoded signed directory. (auth dirservers only.)*/
static cached_dir_t the_directory = { NULL, NULL, 0, 0, 0 };
-/* used only by non-auth dirservers */
+/* Used only by non-auth dirservers: The directory and runningrouters we'll
+* serve when requested. */
static cached_dir_t cached_directory = { NULL, NULL, 0, 0, 0 };
static cached_dir_t cached_runningrouters = { NULL, NULL, 0, 0, 0 };
-/* Used for other dirservers' network statuses. Map from hexdigest to
+/* Used for other dirservers' v2 network statuses. Map from hexdigest to
* cached_dir_t. */
static strmap_t *cached_v2_networkstatus = NULL;
-/** DOCDOC */
+/** Possibly replace the contents of <b>d</b> with the value of
+ * <b>directory</b> published on <b>when</b>. (Do nothing if <b>when</b> is
+ * older than the last value, or too far in the future. */
static void
set_cached_dir(cached_dir_t *d, const char *directory, time_t when)
{
@@ -853,6 +829,7 @@
}
}
+/** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
static void
clear_cached_dir(cached_dir_t *d)
{
@@ -861,6 +838,7 @@
memset(d, 0, sizeof(cached_dir_t));
}
+/** Free all storage held by the cached_dir_t in <b>d</b>. */
static void
free_cached_dir(void *_d)
{
@@ -888,7 +866,7 @@
}
}
-/** DOCDOC */
+/** Called when we've just received a DOCDOC */
void
dirserv_set_cached_networkstatus_v2(const char *directory, const char *fp,
time_t published)
@@ -1035,7 +1013,7 @@
log_fn(LOG_WARN,"couldn't compute digest");
goto err;
}
- if (append_signature(s, len, digest, private_key)<0)
+ if (router_append_dirobj_signature(s, len, digest, private_key)<0)
goto err;
set_cached_dir(&the_runningrouters, s, time(NULL));
@@ -1231,7 +1209,7 @@
goto done;
}
- if (append_signature(outp,endp-outp,digest,private_key)<0)
+ if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0)
goto done;
set_cached_dir(&the_v2_networkstatus, status, time(NULL));
@@ -1311,6 +1289,8 @@
smartlist_add(digests, d);
});
smartlist_free(hexdigests);
+ /* XXXX should always return own descriptor. or special-case it. or
+ * something. */
SMARTLIST_FOREACH(descriptor_list, routerinfo_t *, ri,
SMARTLIST_FOREACH(digests, const char *, d,
if (!memcmp(d,ri->identity_digest,DIGEST_LEN)) {
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.653
retrieving revision 1.654
diff -u -d -r1.653 -r1.654
--- or.h 26 Aug 2005 07:41:19 -0000 1.653
+++ or.h 26 Aug 2005 15:34:53 -0000 1.654
@@ -2035,6 +2035,8 @@
int router_get_dir_hash(const char *s, char *digest);
int router_get_runningrouters_hash(const char *s, char *digest);
int router_get_networkstatus_v2_hash(const char *s, char *digest);
+int router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
+ crypto_pk_env_t *private_key);
int router_parse_list_from_string(const char **s,
routerlist_t **dest,
smartlist_t *good_nickname_list,
Index: router.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/router.c,v
retrieving revision 1.193
retrieving revision 1.194
diff -u -d -r1.193 -r1.194
--- router.c 26 Aug 2005 07:41:19 -0000 1.193
+++ router.c 26 Aug 2005 15:34:53 -0000 1.194
@@ -857,9 +857,8 @@
{
char *onion_pkey; /* Onion key, PEM-encoded. */
char *identity_pkey; /* Identity key, PEM-encoded. */
- char digest[20];
- char signature[128];
- char published[32];
+ char digest[DIGEST_LEN];
+ char published[ISO_TIME_LEN+1];
char fingerprint[FINGERPRINT_LEN+1];
struct in_addr in;
char addrbuf[INET_NTOA_BUF_LEN];
@@ -1017,19 +1016,12 @@
if (router_get_router_hash(s, digest) < 0)
return -1;
- if (crypto_pk_private_sign(ident_key, signature, digest, 20) < 0) {
- log_fn(LOG_WARN, "Error signing digest");
- return -1;
- }
- strlcat(s+written, "-----BEGIN SIGNATURE-----\n", maxlen-written);
- written += strlen(s+written);
- if (base64_encode(s+written, maxlen-written, signature, 128) < 0) {
- log_fn(LOG_WARN, "Couldn't base64-encode signature");
+ if (router_append_dirobj_signature(s+written,maxlen-written,
+ digest,ident_key)<0) {
+ log_fn(LOG_WARN, "Couldn't sign router descriptor");
return -1;
}
written += strlen(s+written);
- strlcat(s+written, "-----END SIGNATURE-----\n", maxlen-written);
- written += strlen(s+written);
if (written+2 > maxlen)
return -1;
Index: routerparse.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/routerparse.c,v
retrieving revision 1.121
retrieving revision 1.122
diff -u -d -r1.121 -r1.122
--- routerparse.c 25 Aug 2005 20:33:17 -0000 1.121
+++ routerparse.c 26 Aug 2005 15:34:53 -0000 1.122
@@ -187,6 +187,44 @@
"network-status-version","\ndirectory-signature");
}
+/** Helper: used to generate signatures for routers, directories and
+ * network-status objects. Given a digest in <b>digest</b> and a secret
+ * <b>private_key</b>, generate an PKCS1-padded signature, BASE64-encode it,
+ * surround it with -----BEGIN/END----- pairs, and write it to the
+ * <b>buf_len</b>-byte buffer at <b>buf</b>. Return 0 on success, -1 on
+ * failure.
+ */
+int
+router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
+ crypto_pk_env_t *private_key)
+{
+ char signature[PK_BYTES];
+ int i;
+
+ if (crypto_pk_private_sign(private_key, signature, digest, DIGEST_LEN) < 0) {
+
+ log_fn(LOG_WARN,"Couldn't sign digest.");
+ return -1;
+ }
+ if (strlcat(buf, "-----BEGIN SIGNATURE-----\n", buf_len) >= buf_len)
+ goto truncated;
+
+ i = strlen(buf);
+ if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) {
+ log_fn(LOG_WARN,"couldn't base64-encode signature");
+ tor_free(buf);
+ return -1;
+ }
+
+ if (strlcat(buf, "-----END SIGNATURE-----\n", buf_len) >= buf_len)
+ goto truncated;
+
+ return 0;
+ truncated:
+ log_fn(LOG_WARN,"tried to exceed string length.");
+ return -1;
+}
+
/**
* Find the first instance of "recommended-software ...\n" at the start of
* a line; return a newly allocated string containing the "..." portion.
Index: test.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/test.c,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -d -r1.192 -r1.193
--- test.c 22 Aug 2005 00:34:42 -0000 1.192
+++ test.c 26 Aug 2005 15:34:53 -0000 1.193
@@ -1529,6 +1529,7 @@
options_init(options);
options->DataDirectory = tor_strdup(temp_dir);
set_options(options);
+ printf("a\n");
crypto_seed_rng();