Commit afc0eb2c authored by Nick Mathewson's avatar Nick Mathewson
Browse files

Tested backends for directory signing and checking. Directory parser...

Tested backends for directory signing and checking.  Directory parser completely refactored.  Need documentation and integration.  Explanitory mail forthcoming.


svn:r271
parent bbddd500
......@@ -22,7 +22,7 @@ ARMA - arma claims
NICK . Handle half-open connections
- Figure out what causes connections to close, standardize
when we mark a connection vs when we tear it down
NICK - Look at what ssl does to keep from mutating data streams
o Look at what ssl does to keep from mutating data streams
NICK . On the fly compression of each stream
o Clean up the event loop (optimize and sanitize)
ARMA o Remove that awful concept of 'roles'
......@@ -55,8 +55,13 @@ SPEC!! D Non-clique topologies
. Directory servers
D Automated reputation management
NICK . Include key in source; sign directories
o Signed directory backend
- Document
ARMA - Integrate
- Add versions to code
NICK . Have directories list recommended-versions
o Include (unused) line in directories
o Check for presence of line.
- Quit if running the wrong version
- Command-line option to override quit
. Add more information to directory server entries
......
......@@ -551,10 +551,8 @@ int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fro
switch(env->type) {
case CRYPTO_PK_RSA:
if (!(((RSA*)env->key)->p))
return -1;
return RSA_public_decrypt(fromlen, from, to, (RSA *)env->key,
RSA_PKCS1_OAEP_PADDING);
RSA_PKCS1_PADDING);
default:
return -1;
}
......@@ -569,7 +567,7 @@ int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromle
if (!(((RSA*)env->key)->p))
return -1;
return RSA_private_encrypt(fromlen, from, to, (RSA *)env->key,
RSA_PKCS1_OAEP_PADDING);
RSA_PKCS1_PADDING);
default:
return -1;
}
......@@ -836,7 +834,7 @@ base64_encode(char *dest, int destlen, char *src, int srclen)
EVP_EncodeInit(&ctx);
EVP_EncodeUpdate(&ctx, dest, &len, src, srclen);
EVP_EncodeFinal(&ctx, dest, &ret);
EVP_EncodeFinal(&ctx, dest+len, &ret);
ret += len;
return ret;
}
......
......@@ -65,7 +65,7 @@ int crypto_pk_keysize(crypto_pk_env_t *env);
int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
int crypto_pk_private_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
int base64_encode(char *dest, int destlen, char *src, int srclen);
int base64_decode(char *dest, int destlen, char *src, int srclen);
......
......@@ -678,16 +678,17 @@ dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir,
dump_directory_to_string_impl(s+i, maxlen-i, dir);
i = strlen(s);
strncat(s, "directory-signature\n", maxlen-i);
i = strlen(s);
cp = s + i;
if (crypto_SHA_digest(s, i, digest))
return -1;
if (crypto_pk_private_sign(private_key, digest, 20, signature))
if (crypto_pk_private_sign(private_key, digest, 20, signature) < 0)
return -1;
strncpy(cp,
"directory-signature\n-----BEGIN SIGNATURE-----\n", maxlen-i);
"-----BEGIN SIGNATURE-----\n", maxlen-i);
i = strlen(s);
cp = s+i;
......
......@@ -739,6 +739,8 @@ int do_main_loop(void);
void dumpstats(void);
void dump_directory_to_string(char *s, int maxlen);
void dump_directory_to_string_impl(char *s, int maxlen, directory_t *directory);
int dump_signed_directory_to_string_impl(char *s, int maxlen, directory_t *dir, crypto_pk_env_t *private_key);
int main(int argc, char *argv[]);
......@@ -790,10 +792,13 @@ void router_get_directory(directory_t **pdirectory);
int router_is_me(uint32_t addr, uint16_t port);
void router_forget_router(uint32_t addr, uint16_t port);
int router_get_list_from_file(char *routerfile);
int router_resolve(routerinfo_t *router);
int router_get_list_from_string(char *s);
int router_get_list_from_string_impl(char *s, directory_t **dest);
int router_get_dir_from_string(char *s, crypto_pk_env_t *pkey);
int router_get_dir_from_string_impl(char *s, directory_t **dest,
crypto_pk_env_t *pkey);
routerinfo_t *router_get_entry_from_string(char **s);
int router_compare_to_exit_policy(connection_t *conn);
void routerlist_free(routerinfo_t *list);
......
This diff is collapsed.
......@@ -420,10 +420,27 @@ test_crypto()
test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3,
RSA_PKCS1_OAEP_PADDING));
/* Now try signing. */
strcpy(data1, "Ossifrage");
test_eq(128, crypto_pk_private_sign(pk1, data1, 10, data2));
test_eq(10, crypto_pk_public_checksig(pk1, data2, 128, data3));
test_streq(data3, "Ossifrage");
/*XXXX test failed signing*/
crypto_free_pk_env(pk1);
crypto_free_pk_env(pk2);
/* Base64 tests */
strcpy(data1, "Test string that contains 35 chars.");
strcat(data1, " 2nd string that contains 35 chars.");
i = base64_encode(data2, 1024, data1, 71);
j = base64_decode(data3, 1024, data2, i);
test_streq(data3, data1);
test_eq(j, 71);
test_assert(data2[i] == '\0');
free(data1);
free(data2);
free(data3);
......@@ -512,9 +529,8 @@ test_dir_format()
routerinfo_t r1, r2;
crypto_pk_env_t *pk1 = NULL, *pk2 = NULL;
routerinfo_t *rp1, *rp2;
struct exit_policy_t ex1, ex2, ex3;
int i;
struct exit_policy_t ex1, ex2;
directory_t *dir1 = NULL, *dir2 = NULL;
test_assert( (pk1 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
test_assert( (pk2 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
......@@ -609,8 +625,15 @@ test_dir_format()
test_assert(rp2->exit_policy->next->next == NULL);
/* Okay, now for the directories. */
dir1 = (directory_t*) malloc(sizeof(directory_t));
dir1->n_routers = 2;
dir1->routers = (routerinfo_t**) malloc(sizeof(routerinfo_t*)*2);
dir1->routers[0] = &r1;
dir1->routers[1] = &r2;
test_assert(! dump_signed_directory_to_string_impl(buf, 2048, dir1, pk1));
/* puts(buf); */
test_assert(! router_get_dir_from_string_impl(buf, &dir2, pk1));
if (pk1_str) free(pk1_str);
if (pk2_str) free(pk2_str);
......@@ -618,6 +641,8 @@ test_dir_format()
if (pk2) crypto_free_pk_env(pk2);
if (rp1) routerlist_free(rp1);
if (rp2) routerlist_free(rp2);
if (dir1) free(dir1); /* And more !*/
if (dir1) free(dir2); /* And more !*/
}
int
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment