[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/master] Make signature-generation code handle different key and digest lengths.

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] [tor/master] Make signature-generation code handle different key and digest lengths.
From: nickm@xxxxxxxx (Nick Mathewson)
Date: Mon, 19 Oct 2009 00:48:27 -0400 (EDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Mon, 19 Oct 2009 00:48:39 -0400
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon, 14 Sep 2009 11:57:19 -0400
Subject: Make signature-generation code handle different key and digest lengths.
Commit: 8b2f6b27fdc03f12d092d37c42d1995ff7426916

---
 src/or/dirserv.c     |    9 ++++++---
 src/or/dirvote.c     |    6 +++---
 src/or/or.h          |    1 +
 src/or/rendcommon.c  |    3 ++-
 src/or/router.c      |    5 +++--
 src/or/routerparse.c |    9 +++++----
 6 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 47dc038..f12ef2f 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1091,7 +1091,8 @@ dirserv_dump_directory_to_string(char **dir_out,
     return -1;
   }
   note_crypto_pk_op(SIGN_DIR);
-  if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
+  if (router_append_dirobj_signature(buf,buf_len,digest,DIGEST_LEN,
+                                     private_key)<0) {
     tor_free(buf);
     return -1;
   }
@@ -1549,7 +1550,8 @@ generate_runningrouters(void)
     goto err;
   }
   note_crypto_pk_op(SIGN_DIR);
-  if (router_append_dirobj_signature(s, len, digest, private_key)<0)
+  if (router_append_dirobj_signature(s, len, digest, DIGEST_LEN,
+                                     private_key)<0)
     goto err;
 
   set_cached_dir(&the_runningrouters, s, time(NULL));
@@ -2743,7 +2745,8 @@ generate_v2_networkstatus_opinion(void)
   outp += strlen(outp);
 
   note_crypto_pk_op(SIGN_DIR);
-  if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
+  if (router_append_dirobj_signature(outp,endp-outp,digest,DIGEST_LEN,
+                                     private_key)<0) {
     log_warn(LD_BUG, "Unable to sign router status.");
     goto done;
   }
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 358246a..4e94eb6 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -192,7 +192,7 @@ format_networkstatus_vote(crypto_pk_env_t *private_signing_key,
   if (router_get_networkstatus_v3_hash(status, digest)<0)
     goto err;
   note_crypto_pk_op(SIGN_DIR);
-  if (router_append_dirobj_signature(outp,endp-outp,digest,
+  if (router_append_dirobj_signature(outp,endp-outp,digest, DIGEST_LEN,
                                      private_signing_key)<0) {
     log_warn(LD_BUG, "Unable to sign networkstatus vote.");
     goto err;
@@ -1257,7 +1257,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
     tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint,
                  signing_key_fingerprint);
     /* And the signature. */
-    if (router_append_dirobj_signature(buf, sizeof(buf), digest,
+    if (router_append_dirobj_signature(buf, sizeof(buf), digest, DIGEST_LEN,
                                        signing_key)) {
       log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
       return NULL; /* This leaks, but it should never happen. */
@@ -1272,7 +1272,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
                                 signing_key_fingerprint, 0);
       tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint,
                    signing_key_fingerprint);
-      if (router_append_dirobj_signature(buf, sizeof(buf), digest,
+      if (router_append_dirobj_signature(buf, sizeof(buf), digest, DIGEST_LEN,
                                          legacy_signing_key)) {
         log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
         return NULL; /* This leaks, but it should never happen. */
diff --git a/src/or/or.h b/src/or/or.h
index f0ea25e..d9e883f 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4911,6 +4911,7 @@ int router_get_networkstatus_v3_hash(const char *s, char *digest);
 int router_get_extrainfo_hash(const char *s, char *digest);
 int router_append_dirobj_signature(char *buf, size_t buf_len,
                                    const char *digest,
+                                   size_t digest_len,
                                    crypto_pk_env_t *private_key);
 int router_parse_list_from_string(const char **s, const char *eos,
                                   smartlist_t *dest,
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index df7195e..c7eb2a9 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -618,7 +618,8 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
     }
     if (router_append_dirobj_signature(desc_str + written,
                                        desc_len - written,
-                                       desc_digest, service_key) < 0) {
+                                       desc_digest, DIGEST_LEN,
+                                       service_key) < 0) {
       log_warn(LD_BUG, "Couldn't sign desc.");
       rend_encoded_v2_service_descriptor_free(enc);
       goto err;
diff --git a/src/or/router.c b/src/or/router.c
index 5b260de..85abc8c 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1788,7 +1788,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
 
   note_crypto_pk_op(SIGN_RTR);
   if (router_append_dirobj_signature(s+written,maxlen-written,
-                                     digest,ident_key)<0) {
+                                     digest,DIGEST_LEN,ident_key)<0) {
     log_warn(LD_BUG, "Couldn't sign router descriptor");
     return -1;
   }
@@ -1980,7 +1980,8 @@ extrainfo_dump_to_string(char *s, size_t maxlen, extrainfo_t *extrainfo,
   len += strlen(s+len);
   if (router_get_extrainfo_hash(s, digest)<0)
     return -1;
-  if (router_append_dirobj_signature(s+len, maxlen-len, digest, ident_key)<0)
+  if (router_append_dirobj_signature(s+len, maxlen-len, digest, DIGEST_LEN,
+                                     ident_key)<0)
     return -1;
 
   {
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index e35ece0..02c5cdb 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -643,14 +643,15 @@ router_get_extrainfo_hash(const char *s, char *digest)
  */
 int
 router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
-                               crypto_pk_env_t *private_key)
+                               size_t digest_len, crypto_pk_env_t *private_key)
 {
   char *signature;
   size_t i;
+  int siglen;
 
   signature = tor_malloc(crypto_pk_keysize(private_key));
-  if (crypto_pk_private_sign(private_key, signature, digest, DIGEST_LEN) < 0) {
-
+  siglen = crypto_pk_private_sign(private_key, signature, digest, digest_len);
+  if (siglen < 0) {
     log_warn(LD_BUG,"Couldn't sign digest.");
     goto err;
   }
@@ -658,7 +659,7 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
     goto truncated;
 
   i = strlen(buf);
-  if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) {
+  if (base64_encode(buf+i, buf_len-i, signature, siglen) < 0) {
     log_warn(LD_BUG,"couldn't base64-encode signature");
     goto err;
   }
-- 
1.5.6.5

Prev by Author: [or-cvs] [tor/master] Signature-checking code can handle longer digests.
Next by Author: [or-cvs] [tor/master] Revise 162's idea of how detached signatures work with flavors
Previous by thread: [or-cvs] [tor/master] Support for encoding and decoding 256-bit digests in base64
Next by thread: [or-cvs] [tor/master] Revise 162's idea of how detached signatures work with flavors
Index(es):
- Author
- Thread