Commit afc0eb2c authored by Nick Mathewson's avatar Nick Mathewson
Browse files

Tested backends for directory signing and checking. Directory parser...

Tested backends for directory signing and checking.  Directory parser completely refactored.  Need documentation and integration.  Explanitory mail forthcoming.


svn:r271
parent bbddd500
...@@ -22,7 +22,7 @@ ARMA - arma claims ...@@ -22,7 +22,7 @@ ARMA - arma claims
NICK . Handle half-open connections NICK . Handle half-open connections
- Figure out what causes connections to close, standardize - Figure out what causes connections to close, standardize
when we mark a connection vs when we tear it down when we mark a connection vs when we tear it down
NICK - Look at what ssl does to keep from mutating data streams o Look at what ssl does to keep from mutating data streams
NICK . On the fly compression of each stream NICK . On the fly compression of each stream
o Clean up the event loop (optimize and sanitize) o Clean up the event loop (optimize and sanitize)
ARMA o Remove that awful concept of 'roles' ARMA o Remove that awful concept of 'roles'
...@@ -55,8 +55,13 @@ SPEC!! D Non-clique topologies ...@@ -55,8 +55,13 @@ SPEC!! D Non-clique topologies
. Directory servers . Directory servers
D Automated reputation management D Automated reputation management
NICK . Include key in source; sign directories NICK . Include key in source; sign directories
o Signed directory backend
- Document
ARMA - Integrate
- Add versions to code - Add versions to code
NICK . Have directories list recommended-versions NICK . Have directories list recommended-versions
o Include (unused) line in directories
o Check for presence of line.
- Quit if running the wrong version - Quit if running the wrong version
- Command-line option to override quit - Command-line option to override quit
. Add more information to directory server entries . Add more information to directory server entries
......
...@@ -551,10 +551,8 @@ int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fro ...@@ -551,10 +551,8 @@ int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fro
switch(env->type) { switch(env->type) {
case CRYPTO_PK_RSA: case CRYPTO_PK_RSA:
if (!(((RSA*)env->key)->p))
return -1;
return RSA_public_decrypt(fromlen, from, to, (RSA *)env->key, return RSA_public_decrypt(fromlen, from, to, (RSA *)env->key,
RSA_PKCS1_OAEP_PADDING); RSA_PKCS1_PADDING);
default: default:
return -1; return -1;
} }
...@@ -569,7 +567,7 @@ int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromle ...@@ -569,7 +567,7 @@ int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromle
if (!(((RSA*)env->key)->p)) if (!(((RSA*)env->key)->p))
return -1; return -1;
return RSA_private_encrypt(fromlen, from, to, (RSA *)env->key, return RSA_private_encrypt(fromlen, from, to, (RSA *)env->key,
RSA_PKCS1_OAEP_PADDING); RSA_PKCS1_PADDING);
default: default:
return -1; return -1;
} }
...@@ -836,7 +834,7 @@ base64_encode(char *dest, int destlen, char *src, int srclen) ...@@ -836,7 +834,7 @@ base64_encode(char *dest, int destlen, char *src, int srclen)
EVP_EncodeInit(&ctx); EVP_EncodeInit(&ctx);
EVP_EncodeUpdate(&ctx, dest, &len, src, srclen); EVP_EncodeUpdate(&ctx, dest, &len, src, srclen);
EVP_EncodeFinal(&ctx, dest, &ret); EVP_EncodeFinal(&ctx, dest+len, &ret);
ret += len; ret += len;
return ret; return ret;
} }
......
...@@ -65,7 +65,7 @@ int crypto_pk_keysize(crypto_pk_env_t *env); ...@@ -65,7 +65,7 @@ int crypto_pk_keysize(crypto_pk_env_t *env);
int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding); int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding); int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to); int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
int crypto_pk_private_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to); int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
int base64_encode(char *dest, int destlen, char *src, int srclen); int base64_encode(char *dest, int destlen, char *src, int srclen);
int base64_decode(char *dest, int destlen, char *src, int srclen); int base64_decode(char *dest, int destlen, char *src, int srclen);
......
...@@ -678,16 +678,17 @@ dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir, ...@@ -678,16 +678,17 @@ dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir,
dump_directory_to_string_impl(s+i, maxlen-i, dir); dump_directory_to_string_impl(s+i, maxlen-i, dir);
i = strlen(s); i = strlen(s);
strncat(s, "directory-signature\n", maxlen-i);
i = strlen(s);
cp = s + i; cp = s + i;
if (crypto_SHA_digest(s, i, digest)) if (crypto_SHA_digest(s, i, digest))
return -1; return -1;
if (crypto_pk_private_sign(private_key, digest, 20, signature)) if (crypto_pk_private_sign(private_key, digest, 20, signature) < 0)
return -1; return -1;
strncpy(cp, strncpy(cp,
"directory-signature\n-----BEGIN SIGNATURE-----\n", maxlen-i); "-----BEGIN SIGNATURE-----\n", maxlen-i);
i = strlen(s); i = strlen(s);
cp = s+i; cp = s+i;
......
...@@ -739,6 +739,8 @@ int do_main_loop(void); ...@@ -739,6 +739,8 @@ int do_main_loop(void);
void dumpstats(void); void dumpstats(void);
void dump_directory_to_string(char *s, int maxlen); void dump_directory_to_string(char *s, int maxlen);
void dump_directory_to_string_impl(char *s, int maxlen, directory_t *directory); void dump_directory_to_string_impl(char *s, int maxlen, directory_t *directory);
int dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir, crypto_pk_env_t *private_key);
int main(int argc, char *argv[]); int main(int argc, char *argv[]);
...@@ -790,10 +792,13 @@ void router_get_directory(directory_t **pdirectory); ...@@ -790,10 +792,13 @@ void router_get_directory(directory_t **pdirectory);
int router_is_me(uint32_t addr, uint16_t port); int router_is_me(uint32_t addr, uint16_t port);
void router_forget_router(uint32_t addr, uint16_t port); void router_forget_router(uint32_t addr, uint16_t port);
int router_get_list_from_file(char *routerfile); int router_get_list_from_file(char *routerfile);
int router_resolve(routerinfo_t *router);
int router_get_list_from_string(char *s); int router_get_list_from_string(char *s);
int router_get_list_from_string_impl(char *s, directory_t **dest); int router_get_list_from_string_impl(char *s, directory_t **dest);
int router_get_dir_from_string(char *s, crypto_pk_env_t *pkey);
int router_get_dir_from_string_impl(char *s, directory_t **dest,
crypto_pk_env_t *pkey);
routerinfo_t *router_get_entry_from_string(char **s); routerinfo_t *router_get_entry_from_string(char **s);
int router_compare_to_exit_policy(connection_t *conn); int router_compare_to_exit_policy(connection_t *conn);
void routerlist_free(routerinfo_t *list); void routerlist_free(routerinfo_t *list);
......
This diff is collapsed.
...@@ -405,7 +405,7 @@ test_crypto() ...@@ -405,7 +405,7 @@ test_crypto()
memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */ memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */
test_eq(-1, crypto_pk_private_decrypt(pk1, data2, 128, data3, test_eq(-1, crypto_pk_private_decrypt(pk1, data2, 128, data3,
RSA_PKCS1_OAEP_PADDING)); RSA_PKCS1_OAEP_PADDING));
/* File operations: save and load private key */ /* File operations: save and load private key */
f = fopen("/tmp/tor_test/pkey1", "wb"); f = fopen("/tmp/tor_test/pkey1", "wb");
test_assert(! crypto_pk_write_private_key_to_file(pk1, f)); test_assert(! crypto_pk_write_private_key_to_file(pk1, f));
...@@ -419,11 +419,28 @@ test_crypto() ...@@ -419,11 +419,28 @@ test_crypto()
"/tmp/tor_test/pkey1")); "/tmp/tor_test/pkey1"));
test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3, test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3,
RSA_PKCS1_OAEP_PADDING)); RSA_PKCS1_OAEP_PADDING));
/* Now try signing. */
strcpy(data1, "Ossifrage");
test_eq(128, crypto_pk_private_sign(pk1, data1, 10, data2));
test_eq(10, crypto_pk_public_checksig(pk1, data2, 128, data3));
test_streq(data3, "Ossifrage");
/*XXXX test failed signing*/
crypto_free_pk_env(pk1); crypto_free_pk_env(pk1);
crypto_free_pk_env(pk2); crypto_free_pk_env(pk2);
/* Base64 tests */
strcpy(data1, "Test string that contains 35 chars.");
strcat(data1, " 2nd string that contains 35 chars.");
i = base64_encode(data2, 1024, data1, 71);
j = base64_decode(data3, 1024, data2, i);
test_streq(data3, data1);
test_eq(j, 71);
test_assert(data2[i] == '\0');
free(data1); free(data1);
free(data2); free(data2);
free(data3); free(data3);
...@@ -512,9 +529,8 @@ test_dir_format() ...@@ -512,9 +529,8 @@ test_dir_format()
routerinfo_t r1, r2; routerinfo_t r1, r2;
crypto_pk_env_t *pk1 = NULL, *pk2 = NULL; crypto_pk_env_t *pk1 = NULL, *pk2 = NULL;
routerinfo_t *rp1, *rp2; routerinfo_t *rp1, *rp2;
struct exit_policy_t ex1, ex2, ex3; struct exit_policy_t ex1, ex2;
directory_t *dir1 = NULL, *dir2 = NULL;
int i;
test_assert( (pk1 = crypto_new_pk_env(CRYPTO_PK_RSA)) ); test_assert( (pk1 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
test_assert( (pk2 = crypto_new_pk_env(CRYPTO_PK_RSA)) ); test_assert( (pk2 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
...@@ -609,8 +625,15 @@ test_dir_format() ...@@ -609,8 +625,15 @@ test_dir_format()
test_assert(rp2->exit_policy->next->next == NULL); test_assert(rp2->exit_policy->next->next == NULL);
/* Okay, now for the directories. */ /* Okay, now for the directories. */
dir1 = (directory_t*) malloc(sizeof(directory_t));
dir1->n_routers = 2;
dir1->routers = (routerinfo_t**) malloc(sizeof(routerinfo_t*)*2);
dir1->routers[0] = &r1;
dir1->routers[1] = &r2;
test_assert(! dump_signed_directory_to_string_impl(buf, 2048, dir1, pk1));
/* puts(buf); */
test_assert(! router_get_dir_from_string_impl(buf, &dir2, pk1));
if (pk1_str) free(pk1_str); if (pk1_str) free(pk1_str);
if (pk2_str) free(pk2_str); if (pk2_str) free(pk2_str);
...@@ -618,6 +641,8 @@ test_dir_format() ...@@ -618,6 +641,8 @@ test_dir_format()
if (pk2) crypto_free_pk_env(pk2); if (pk2) crypto_free_pk_env(pk2);
if (rp1) routerlist_free(rp1); if (rp1) routerlist_free(rp1);
if (rp2) routerlist_free(rp2); if (rp2) routerlist_free(rp2);
if (dir1) free(dir1); /* And more !*/
if (dir1) free(dir2); /* And more !*/
} }
int int
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment