Feat: adds HARICA's onion-csr

.gitmodules

 [submodule "vendor/mkp224o"]
 	path = vendor/mkp224o
 	url = https://github.com/cathugger/mkp224o
+[submodule "vendor/onion-csr"]
+	path = vendor/onion-csr
+	url = https://github.com/HARICA-official/onion-csr.git

README.md

@@ -181,6 +181,16 @@ correlated. This means that if an attacker takes control of a backend instance t
 uses a keypair generated in the same pool, then the attacker can try to regenerate
 related keys.
 
+### HARICA X.509 certificates compatibility
+
+Onionmine ships with [onion-csr](https://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues/17) as a submodule
+to ease the creation of certificates for HTTPS usage. The provisioning procedure also makes sure that this software is
+compiled.
+
+It can be invoked by running
+
+    ./bin/onion-csr
+
 ## Tasks
 
 Check the [issue queue](https://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues)

bin/onion-csr

+#!/usr/bin/env bash
+#
+# Wrapper around HARICA's onion-csr.rb
+#
+
+# Parameters
+BASENAME="`basename $0`"
+DIRNAME="`dirname $0`"
+source $DIRNAME/params
+
+# Dispatch
+cd $BASEDIR/vendor/onion-csr && ./onion-csr.rb "$@"

bin/params

@@ -38,6 +38,9 @@ ENV_LOCAL="$POOL/local.conf"
 # The libpcre2-dev package is used for regex support
 DEPENDENCIES="gcc libsodium-dev make autoconf libpcre2-dev"
 
+# For HARICA's onion-csr
+DEPENDENCIES="$DEPENDENCIES ruby-dev build-essential"
+
 # Default flags used for mkp224o compilation
 MKP224O_BUILD_FLAGS="--enable-intfilter=native"
 

bin/provision

@@ -29,3 +29,9 @@ sudo apt install -y $DEPENDENCIES
 
 # Compile
 #make -C $BASEDIR compile
+
+# Build HARICA's onion-csr
+sudo gem install ffi
+cd $BASEDIR/vendor/onion-csr
+git submodule update --init --recursive
+gcc -shared -o libed25519.so -fPIC ed25519/src/*.c

onion-csr @ f6c13689

+Subproject commit f6c136892686849d6e908f2ddb5041ccccdda886