current_second = now.tv_sec;
}
- log(LOG_DEBUG,"command_process_cell(): Examining cell type %d.", cell->command);
switch(cell->command) {
case CELL_PADDING:
/* do nothing */
/* string options */
config_compare(list, "LogLevel", CONFIG_TYPE_STRING, &options->LogLevel) ||
config_compare(list, "PrivateKeyFile", CONFIG_TYPE_STRING, &options->PrivateKeyFile) ||
+ config_compare(list, "SigningPrivateKeyFile", CONFIG_TYPE_STRING, &options->SigningPrivateKeyFile) ||
config_compare(list, "RouterFile", CONFIG_TYPE_STRING, &options->RouterFile) ||
/* int options */
if (options->loglevel == LOG_DEBUG) {
printf("LogLevel=%s\n",
options->LogLevel);
- printf("RouterFile=%s, PrivateKeyFile=%s\n",
+ printf("RouterFile=%s, PrivateKeyFile=%s, SigningPrivateKeyFile=%s\n",
options->RouterFile ? options->RouterFile : "(undefined)",
- options->PrivateKeyFile ? options->PrivateKeyFile : "(undefined)");
+ options->PrivateKeyFile ? options->PrivateKeyFile : "(undefined)",
+ options->SigningPrivateKeyFile ? options->SigningPrivateKeyFile : "(undefined)");
printf("ORPort=%d, OPPort=%d, APPort=%d DirPort=%d\n",
options->ORPort,options->OPPort,
options->APPort,options->DirPort);
result = -1;
}
+ if(options->DirPort > 0 && options->SigningPrivateKeyFile == NULL) {
+ log(LOG_ERR,"SigningPrivateKeyFile option required for DirServer, but not found.");
+ result = -1;
+ }
+
if(options->OPPort < 0) {
log(LOG_ERR,"OPPort option can't be negative.");
result = -1;
log(LOG_DEBUG,"op_handshake_process_keys() : Received auth.");
/* decrypt response */
- retval = crypto_pk_private_decrypt(getprivatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
+ retval = crypto_pk_private_decrypt(get_privatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Decrypting keys from new OP failed.");
log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth.");
/* decrypt response */
- retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
+ retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth.");
/* decrypt response */
- retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
+ retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"or_handshake_server_process_auth: Public-key decryption failed.");
log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth.");
/* decrypt response */
- retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
+ retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
static int please_fetch_directory=0; /* whether we should fetch a new directory */
/* private key */
-static crypto_pk_env_t *privatekey;
+static crypto_pk_env_t *privatekey=NULL;
+static crypto_pk_env_t *signing_privatekey=NULL;
routerinfo_t *my_routerinfo=NULL;
/********* END VARIABLES ************/
-void setprivatekey(crypto_pk_env_t *k) {
+void set_privatekey(crypto_pk_env_t *k) {
privatekey = k;
}
-crypto_pk_env_t *getprivatekey(void) {
+crypto_pk_env_t *get_privatekey(void) {
assert(privatekey);
return privatekey;
}
+void set_signing_privatekey(crypto_pk_env_t *k) {
+ signing_privatekey = k;
+}
+
+crypto_pk_env_t *get_signing_privatekey(void) {
+ assert(signing_privatekey);
+ return signing_privatekey;
+}
+
/****************************************************************************
*
* This section contains accessors and other methods on the connection_array
log(LOG_ERR,"Error creating a crypto environment.");
return -1;
}
- if (crypto_pk_read_private_key_from_filename(prkey, options.PrivateKeyFile))
- {
+ if (crypto_pk_read_private_key_from_filename(prkey, options.PrivateKeyFile)) {
+ log(LOG_ERR,"Error loading private key.");
+ return -1;
+ }
+ set_privatekey(prkey);
+ }
+
+ /* load the private key, if we're supposed to have one */
+ if(options.DirPort) {
+ prkey = crypto_new_pk_env(CRYPTO_PK_RSA);
+ if (!prkey) {
+ log(LOG_ERR,"Error creating a crypto environment.");
+ return -1;
+ }
+ if (crypto_pk_read_private_key_from_filename(prkey, options.SigningPrivateKeyFile)) {
log(LOG_ERR,"Error loading private key.");
return -1;
}
- setprivatekey(prkey);
+ set_signing_privatekey(prkey);
}
/* start up the necessary connections based on which ports are
if (crypto_SHA_digest(s, i, digest))
return -1;
- if (crypto_pk_private_sign(private_key, digest, 20, signature) < 0)
+ if (crypto_pk_private_sign(get_signing_privatekey(), digest, 20, signature) < 0)
return -1;
strncpy(cp,
log(LOG_DEBUG,"onionskin_process(): Entering.");
- if(onion_skin_server_handshake(circ->onionskin, getprivatekey(),
+ if(onion_skin_server_handshake(circ->onionskin, get_privatekey(),
cell.payload, keys, 32) < 0) {
log(LOG_ERR,"onionskin_process(): onion_skin_server_handshake failed.");
return -1;
typedef struct {
char *LogLevel;
char *RouterFile;
+ char *SigningPrivateKeyFile;
char *PrivateKeyFile;
double CoinWeight;
int Daemon;
/********************************* main.c ***************************/
-void setprivatekey(crypto_pk_env_t *k);
-crypto_pk_env_t *getprivatekey(void);
+void set_privatekey(crypto_pk_env_t *k);
+crypto_pk_env_t *get_privatekey(void);
+void set_signing_privatekey(crypto_pk_env_t *k);
+crypto_pk_env_t *get_signing_privatekey(void);
int connection_add(connection_t *conn);
int connection_remove(connection_t *conn);
void connection_set_poll_socket(connection_t *conn);
projects / thirdparty / tor.git / commitdiff
