[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] sign directories with the signing key

To: or-cvs@freehaven.net
Subject: [or-cvs] sign directories with the signing key
From: arma@seul.org (Roger Dingledine)
Date: Wed, 7 May 2003 18:40:06 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Wed, 07 May 2003 18:40:14 -0400
Reply-to: or-dev@freehaven.net
Sender: owner-or-cvs@freehaven.net
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home/arma/work/onion/cvs/src/or

Modified Files:
	command.c config.c connection_op.c connection_or.c main.c 
	onion.c or.h 
Log Message:
sign directories with the signing key


Index: command.c
===================================================================
RCS file: /home/or/cvsroot/src/or/command.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- command.c	6 May 2003 05:54:42 -0000	1.28
+++ command.c	7 May 2003 22:40:03 -0000	1.29
@@ -52,7 +52,6 @@
     current_second = now.tv_sec; 
   }
 
-  log(LOG_DEBUG,"command_process_cell(): Examining cell type %d.", cell->command);
   switch(cell->command) {
     case CELL_PADDING:
       /* do nothing */

Index: config.c
===================================================================
RCS file: /home/or/cvsroot/src/or/config.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -d -r1.31 -r1.32
--- config.c	16 Apr 2003 23:21:44 -0000	1.31
+++ config.c	7 May 2003 22:40:03 -0000	1.32
@@ -176,6 +176,7 @@
     /* string options */
     config_compare(list, "LogLevel",       CONFIG_TYPE_STRING, &options->LogLevel) ||
     config_compare(list, "PrivateKeyFile", CONFIG_TYPE_STRING, &options->PrivateKeyFile) ||
+    config_compare(list, "SigningPrivateKeyFile", CONFIG_TYPE_STRING, &options->SigningPrivateKeyFile) ||
     config_compare(list, "RouterFile",     CONFIG_TYPE_STRING, &options->RouterFile) ||
 
     /* int options */
@@ -271,9 +272,10 @@
   if (options->loglevel == LOG_DEBUG) {
     printf("LogLevel=%s\n",
            options->LogLevel);
-    printf("RouterFile=%s, PrivateKeyFile=%s\n",
+    printf("RouterFile=%s, PrivateKeyFile=%s, SigningPrivateKeyFile=%s\n",
            options->RouterFile ? options->RouterFile : "(undefined)",
-           options->PrivateKeyFile ? options->PrivateKeyFile : "(undefined)");
+           options->PrivateKeyFile ? options->PrivateKeyFile : "(undefined)",
+           options->SigningPrivateKeyFile ? options->SigningPrivateKeyFile : "(undefined)");
     printf("ORPort=%d, OPPort=%d, APPort=%d DirPort=%d\n",
            options->ORPort,options->OPPort,
            options->APPort,options->DirPort);
@@ -325,6 +327,11 @@
 
   if(options->ORPort > 0 && options->PrivateKeyFile == NULL) {
     log(LOG_ERR,"PrivateKeyFile option required for OR, but not found.");
+    result = -1;
+  }
+
+  if(options->DirPort > 0 && options->SigningPrivateKeyFile == NULL) {
+    log(LOG_ERR,"SigningPrivateKeyFile option required for DirServer, but not found.");
     result = -1;
   }
 

Index: connection_op.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_op.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- connection_op.c	8 Apr 2003 22:31:48 -0000	1.15
+++ connection_op.c	7 May 2003 22:40:03 -0000	1.16
@@ -51,7 +51,7 @@
   log(LOG_DEBUG,"op_handshake_process_keys() : Received auth.");
 
   /* decrypt response */
-  retval = crypto_pk_private_decrypt(getprivatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
+  retval = crypto_pk_private_decrypt(get_privatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
   if (retval == -1)
   { 
     log(LOG_ERR,"Decrypting keys from new OP failed.");

Index: connection_or.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_or.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- connection_or.c	16 Apr 2003 06:18:30 -0000	1.26
+++ connection_or.c	7 May 2003 22:40:03 -0000	1.27
@@ -464,7 +464,7 @@
   log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth.");
 
   /* decrypt response */
-  retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
+  retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
   if (retval == -1)
   { 
     log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
@@ -572,7 +572,7 @@
   log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth.");
 
   /* decrypt response */
-  retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
+  retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
   if (retval == -1)
   { 
     log(LOG_ERR,"or_handshake_server_process_auth: Public-key decryption failed.");
@@ -691,7 +691,7 @@
   log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth.");
 
   /* decrypt response */
-  retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
+  retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
   if (retval == -1)
   {
     log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",

Index: main.c
===================================================================
RCS file: /home/or/cvsroot/src/or/main.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -d -r1.56 -r1.57
--- main.c	7 May 2003 18:30:46 -0000	1.56
+++ main.c	7 May 2003 22:40:03 -0000	1.57
@@ -19,21 +19,31 @@
 static int please_fetch_directory=0; /* whether we should fetch a new directory */
 
 /* private key */
-static crypto_pk_env_t *privatekey;
+static crypto_pk_env_t *privatekey=NULL;
+static crypto_pk_env_t *signing_privatekey=NULL;
 
 routerinfo_t *my_routerinfo=NULL;
 
 /********* END VARIABLES ************/
 
-void setprivatekey(crypto_pk_env_t *k) {
+void set_privatekey(crypto_pk_env_t *k) {
   privatekey = k;
 }
 
-crypto_pk_env_t *getprivatekey(void) {
+crypto_pk_env_t *get_privatekey(void) {
   assert(privatekey);
   return privatekey;
 }
 
+void set_signing_privatekey(crypto_pk_env_t *k) {
+  signing_privatekey = k;
+}
+
+crypto_pk_env_t *get_signing_privatekey(void) {
+  assert(signing_privatekey);
+  return signing_privatekey;
+}
+
 /****************************************************************************
 *
 * This section contains accessors and other methods on the connection_array
@@ -431,12 +441,25 @@
       log(LOG_ERR,"Error creating a crypto environment.");
       return -1;
     }
-    if (crypto_pk_read_private_key_from_filename(prkey, options.PrivateKeyFile))
-    {
+    if (crypto_pk_read_private_key_from_filename(prkey, options.PrivateKeyFile)) {
       log(LOG_ERR,"Error loading private key.");
       return -1;
     }
-    setprivatekey(prkey);
+    set_privatekey(prkey);
+  }
+
+  /* load the private key, if we're supposed to have one */
+  if(options.DirPort) {
+    prkey = crypto_new_pk_env(CRYPTO_PK_RSA);
+    if (!prkey) {
+      log(LOG_ERR,"Error creating a crypto environment.");
+      return -1;
+    }
+    if (crypto_pk_read_private_key_from_filename(prkey, options.SigningPrivateKeyFile)) {
+      log(LOG_ERR,"Error loading private key.");
+      return -1;
+    }
+    set_signing_privatekey(prkey);
   }
 
   /* start up the necessary connections based on which ports are
@@ -684,7 +707,7 @@
   
   if (crypto_SHA_digest(s, i, digest))
     return -1;
-  if (crypto_pk_private_sign(private_key, digest, 20, signature) < 0)
+  if (crypto_pk_private_sign(get_signing_privatekey(), digest, 20, signature) < 0)
     return -1;
   
   strncpy(cp, 

Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/src/or/onion.c,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -d -r1.46 -r1.47
--- onion.c	6 May 2003 17:38:15 -0000	1.46
+++ onion.c	7 May 2003 22:40:03 -0000	1.47
@@ -190,7 +190,7 @@
 
   log(LOG_DEBUG,"onionskin_process(): Entering.");
 
-  if(onion_skin_server_handshake(circ->onionskin, getprivatekey(),
+  if(onion_skin_server_handshake(circ->onionskin, get_privatekey(),
     cell.payload, keys, 32) < 0) {
     log(LOG_ERR,"onionskin_process(): onion_skin_server_handshake failed.");
     return -1;

Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -d -r1.78 -r1.79
--- or.h	7 May 2003 18:30:46 -0000	1.78
+++ or.h	7 May 2003 22:40:03 -0000	1.79
@@ -406,6 +406,7 @@
 typedef struct {
    char *LogLevel;
    char *RouterFile;
+   char *SigningPrivateKeyFile;
    char *PrivateKeyFile;
    double CoinWeight;
    int Daemon;
@@ -711,8 +712,10 @@
 
 /********************************* main.c ***************************/
 
-void setprivatekey(crypto_pk_env_t *k);
-crypto_pk_env_t *getprivatekey(void);
+void set_privatekey(crypto_pk_env_t *k);
+crypto_pk_env_t *get_privatekey(void);
+void set_signing_privatekey(crypto_pk_env_t *k);
+crypto_pk_env_t *get_signing_privatekey(void);
 int connection_add(connection_t *conn);
 int connection_remove(connection_t *conn);
 void connection_set_poll_socket(connection_t *conn);
Prev by Author: [or-cvs] hints for nick on where to integrate
Next by Author: [or-cvs] cheap hack so the dirservers have a signing key
Previous by thread: [or-cvs] hints for nick on where to integrate
Next by thread: [or-cvs] cheap hack so the dirservers have a signing key
Index(es):
- Author
- Thread