Tested backends for directory signing and checking. Directory parser...

Tested backends for directory signing and checking. Directory parser completely refactored. Need documentation and integration. Explanitory mail forthcoming. svn:r271

Tested backends for directory signing and checking. Directory parser...
Tested backends for directory signing and checking. Directory parser completely refactored. Need documentation and integration. Explanitory mail forthcoming. svn:r271
afc0eb2c · Nick Mathewson · bbddd500 · afc0eb2c · afc0eb2c · afc0eb2c
Commit afc0eb2c authored May 07, 2003 by Nick Mathewson 🎨
--- a/doc/TODO
+++ b/doc/TODO
@@ -22,7 +22,7 @@ ARMA    - arma claims
 NICK            . Handle half-open connections
                        - Figure out what causes connections to close, standardize
                          when we mark a connection vs when we tear it down
-NICK            - Look at what ssl does to keep from mutating data streams
+                o Look at what ssl does to keep from mutating data streams
 NICK    . On the fly compression of each stream
        o Clean up the event loop (optimize and sanitize)
 ARMA    o Remove that awful concept of 'roles'
@@ -55,8 +55,13 @@ SPEC!!  D Non-clique topologies
        . Directory servers
                D Automated reputation management
 NICK            . Include key in source; sign directories
+		        o Signed directory backend
+			- Document
+ARMA			- Integrate
                - Add versions to code
 NICK            . Have directories list recommended-versions
+		        o Include (unused) line in directories
+			o Check for presence of line.
                        - Quit if running the wrong version
                        - Command-line option to override quit
                . Add more information to directory server entries

--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -551,10 +551,8 @@ int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fro

  switch(env->type) {
  case CRYPTO_PK_RSA:
-    if (!(((RSA*)env->key)->p))
-      return -1;
    return RSA_public_decrypt(fromlen, from, to, (RSA *)env->key, 
-			      RSA_PKCS1_OAEP_PADDING);
+			      RSA_PKCS1_PADDING);
    default:
    return -1;
  }
@@ -569,7 +567,7 @@ int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromle
    if (!(((RSA*)env->key)->p))
      return -1;
    return RSA_private_encrypt(fromlen, from, to, (RSA *)env->key, 
-			       RSA_PKCS1_OAEP_PADDING);
+			       RSA_PKCS1_PADDING);
    default:
    return -1;
  }
@@ -836,7 +834,7 @@ base64_encode(char *dest, int destlen, char *src, int srclen)

  EVP_EncodeInit(&ctx);
  EVP_EncodeUpdate(&ctx, dest, &len, src, srclen);
-  EVP_EncodeFinal(&ctx, dest, &ret);
+  EVP_EncodeFinal(&ctx, dest+len, &ret);
  ret += len;
  return ret;
 }

--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -65,7 +65,7 @@ int crypto_pk_keysize(crypto_pk_env_t *env);
 int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
 int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
 int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
-int crypto_pk_private_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
+int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);

 int base64_encode(char *dest, int destlen, char *src, int srclen);
 int base64_decode(char *dest, int destlen, char *src, int srclen);

--- a/src/or/main.c
+++ b/src/or/main.c
@@ -678,16 +678,17 @@ dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir,

  dump_directory_to_string_impl(s+i, maxlen-i, dir);
  i = strlen(s);
+  strncat(s, "directory-signature\n", maxlen-i);
+  i = strlen(s);
  cp = s + i;
  
  if (crypto_SHA_digest(s, i, digest))
    return -1;
-  if (crypto_pk_private_sign(private_key, digest, 20, signature))
+  if (crypto_pk_private_sign(private_key, digest, 20, signature) < 0)
    return -1;
  
-
  strncpy(cp, 
-          "directory-signature\n-----BEGIN SIGNATURE-----\n", maxlen-i);
+          "-----BEGIN SIGNATURE-----\n", maxlen-i);
          
  i = strlen(s);
  cp = s+i;

--- a/src/or/or.h
+++ b/src/or/or.h
@@ -739,6 +739,8 @@ int do_main_loop(void);
 void dumpstats(void);
 void dump_directory_to_string(char *s, int maxlen);
 void dump_directory_to_string_impl(char *s, int maxlen, directory_t *directory);
+int dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir, crypto_pk_env_t *private_key);
+                                         

 int main(int argc, char *argv[]);

@@ -790,10 +792,13 @@ void router_get_directory(directory_t **pdirectory);
 int router_is_me(uint32_t addr, uint16_t port);
 void router_forget_router(uint32_t addr, uint16_t port);
 int router_get_list_from_file(char *routerfile);
+int router_resolve(routerinfo_t *router);
 int router_get_list_from_string(char *s);
 int router_get_list_from_string_impl(char *s, directory_t **dest);
+int router_get_dir_from_string(char *s, crypto_pk_env_t *pkey);
+int router_get_dir_from_string_impl(char *s, directory_t **dest,
+                                    crypto_pk_env_t *pkey);
 routerinfo_t *router_get_entry_from_string(char **s);
-
 int router_compare_to_exit_policy(connection_t *conn);
 void routerlist_free(routerinfo_t *list);


--- a/src/or/routers.c
+++ b/src/or/routers.c
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -405,7 +405,7 @@ test_crypto()
  memcpy(data2+1, "XYZZY", 5);  /* This has fails ~ once-in-2^40 */
  test_eq(-1, crypto_pk_private_decrypt(pk1, data2, 128, data3,
                                        RSA_PKCS1_OAEP_PADDING));
-
+  
  /* File operations: save and load private key */
  f = fopen("/tmp/tor_test/pkey1", "wb");
  test_assert(! crypto_pk_write_private_key_to_file(pk1, f));
@@ -419,11 +419,28 @@ test_crypto()
                                               "/tmp/tor_test/pkey1"));
  test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3,
                                        RSA_PKCS1_OAEP_PADDING));
-    

+  /* Now try signing. */
+  strcpy(data1, "Ossifrage");
+  test_eq(128, crypto_pk_private_sign(pk1, data1, 10, data2));
+  test_eq(10, crypto_pk_public_checksig(pk1, data2, 128, data3));
+  test_streq(data3, "Ossifrage");
+  /*XXXX test failed signing*/
+    
  crypto_free_pk_env(pk1);  
  crypto_free_pk_env(pk2);  

+  /* Base64 tests */
+  strcpy(data1, "Test string that contains 35 chars.");
+  strcat(data1, " 2nd string that contains 35 chars.");
+
+  i = base64_encode(data2, 1024, data1, 71);
+  j = base64_decode(data3, 1024, data2, i);
+  test_streq(data3, data1);
+  test_eq(j, 71);
+  test_assert(data2[i] == '\0');
+
+
  free(data1);
  free(data2);
  free(data3);
@@ -512,9 +529,8 @@ test_dir_format()
  routerinfo_t r1, r2;
  crypto_pk_env_t *pk1 = NULL, *pk2 = NULL;
  routerinfo_t *rp1, *rp2;
-  struct exit_policy_t ex1, ex2, ex3;
-
-  int i;
+  struct exit_policy_t ex1, ex2;
+  directory_t *dir1 = NULL, *dir2 = NULL;

  test_assert( (pk1 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
  test_assert( (pk2 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
@@ -609,8 +625,15 @@ test_dir_format()
  test_assert(rp2->exit_policy->next->next == NULL);

  /* Okay, now for the directories. */
+  dir1 = (directory_t*) malloc(sizeof(directory_t));
+  dir1->n_routers = 2;
+  dir1->routers = (routerinfo_t**) malloc(sizeof(routerinfo_t*)*2);
+  dir1->routers[0] = &r1;
+  dir1->routers[1] = &r2;
+  test_assert(! dump_signed_directory_to_string_impl(buf, 2048, dir1, pk1));
+  /* puts(buf); */
  
-
+  test_assert(! router_get_dir_from_string_impl(buf, &dir2, pk1));

  if (pk1_str) free(pk1_str);
  if (pk2_str) free(pk2_str);
@@ -618,6 +641,8 @@ test_dir_format()
  if (pk2) crypto_free_pk_env(pk2);
  if (rp1) routerlist_free(rp1);
  if (rp2) routerlist_free(rp2);
+  if (dir1) free(dir1); /* And more !*/
+  if (dir1) free(dir2); /* And more !*/
 }

 int