size_t keylen;
smartlist_t *chunks = smartlist_new();
char *output = NULL;
- crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->onion_pkey,
- ri->onion_pkey_len);
+ crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->tap_onion_pkey,
+ ri->tap_onion_pkey_len);
+ if (!rsa_pubkey) {
+ /* We do not yet support creating MDs for relays without TAP onion keys. */
+ goto done;
+ }
if (crypto_pk_write_public_key_to_string(rsa_pubkey, &key, &keylen)<0)
goto done;
"Relay's onion key had invalid exponent.");
goto err;
}
- router->onion_pkey = tor_memdup(tok->object_body, tok->object_size);
- router->onion_pkey_len = tok->object_size;
+ router->tap_onion_pkey = tor_memdup(tok->object_body, tok->object_size);
+ router->tap_onion_pkey_len = tok->object_size;
crypto_pk_free(tok->key);
if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
goto err;
}
- rsa_pubkey = router_get_rsa_onion_pkey(router->onion_pkey,
- router->onion_pkey_len);
+ rsa_pubkey = router_get_rsa_onion_pkey(router->tap_onion_pkey,
+ router->tap_onion_pkey_len);
+ if (rsa_pubkey == NULL) {
+ log_warn(LD_DIR, "No pubkey for TAP cross-verification.");
+ goto err;
+ }
if (check_tap_onion_key_crosscert(
(const uint8_t*)cc_tap_tok->object_body,
(int)cc_tap_tok->object_size,
/**
* Public RSA TAP key for onions, ASN.1 encoded. We store this
* in its encoded format since storing it as a crypto_pk_t uses
- * significantly more memory. */
- char *onion_pkey;
+ * significantly more memory.
+ *
+ * This may be absent.
+ */
+ char *tap_onion_pkey;
/** Length of onion_pkey, in bytes. */
- size_t onion_pkey_len;
+ size_t tap_onion_pkey_len;
crypto_pk_t *identity_pkey; /**< Public RSA key for signing. */
/** Public curve25519 key for onions */
tor_free(router->platform);
tor_free(router->protocol_list);
tor_free(router->contact_info);
- if (router->onion_pkey)
- tor_free(router->onion_pkey);
+ if (router->tap_onion_pkey)
+ tor_free(router->tap_onion_pkey);
tor_free(router->onion_curve25519_pkey);
if (router->identity_pkey)
crypto_pk_free(router->identity_pkey);
/** We allow uptime to vary from how much it ought to be by this much. */
#define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
+/** Return true iff r1 and r2 have the same TAP onion keys. */
+static int
+router_tap_onion_keys_eq(const routerinfo_t *r1, const routerinfo_t *r2)
+{
+ if (r1->tap_onion_pkey_len != r2->tap_onion_pkey_len)
+ return 0;
+
+ if ((r1->tap_onion_pkey == NULL) && (r2->tap_onion_pkey == NULL)) {
+ return 1;
+ } else if ((r1->tap_onion_pkey != NULL) && (r2->tap_onion_pkey != NULL)) {
+ return tor_memeq(r1->tap_onion_pkey, r2->tap_onion_pkey,
+ r1->tap_onion_pkey_len);
+ } else {
+ /* One is NULL; one is not. */
+ return 0;
+ }
+}
+
/** Return true iff the only differences between r1 and r2 are such that
* would not cause a recent (post 0.1.1.6) dirserver to republish.
*/
r1->ipv6_orport != r2->ipv6_orport ||
r1->ipv4_dirport != r2->ipv4_dirport ||
r1->purpose != r2->purpose ||
- r1->onion_pkey_len != r2->onion_pkey_len ||
- !tor_memeq(r1->onion_pkey, r2->onion_pkey, r1->onion_pkey_len) ||
+ !router_tap_onion_keys_eq(r1,r2) ||
!crypto_pk_eq_keys(r1->identity_pkey, r2->identity_pkey) ||
strcasecmp(r1->platform, r2->platform) ||
(r1->contact_info && !r2->contact_info) || /* contact_info is optional */
directory_permits_begindir_requests(options);
ri->cache_info.published_on = time(NULL);
/* get_onion_key() must invoke from main thread */
- router_set_rsa_onion_pkey(get_onion_key(), &ri->onion_pkey,
- &ri->onion_pkey_len);
+ router_set_rsa_onion_pkey(get_onion_key(), &ri->tap_onion_pkey,
+ &ri->tap_onion_pkey_len);
ri->onion_curve25519_pkey =
tor_memdup(&get_current_curve25519_keypair()->pubkey,
char published[ISO_TIME_LEN+1];
char fingerprint[FINGERPRINT_LEN+1];
char *extra_info_line = NULL;
- size_t onion_pkeylen, identity_pkeylen;
+ size_t onion_pkeylen=0, identity_pkeylen;
char *family_line = NULL;
char *extra_or_address = NULL;
const or_options_t *options = get_options();
}
/* PEM-encode the onion key */
- rsa_pubkey = router_get_rsa_onion_pkey(router->onion_pkey,
- router->onion_pkey_len);
- if (crypto_pk_write_public_key_to_string(rsa_pubkey,
- &onion_pkey,&onion_pkeylen)<0) {
- log_warn(LD_BUG,"write onion_pkey to string failed!");
- goto err;
+ rsa_pubkey = router_get_rsa_onion_pkey(router->tap_onion_pkey,
+ router->tap_onion_pkey_len);
+ if (rsa_pubkey) {
+ if (crypto_pk_write_public_key_to_string(rsa_pubkey,
+ &onion_pkey,&onion_pkeylen)<0) {
+ log_warn(LD_BUG,"write onion_pkey to string failed!");
+ goto err;
+ }
}
/* PEM-encode the identity key */
}
/* Cross-certify with RSA key */
- if (tap_key && router->cache_info.signing_key_cert &&
+ if (tap_key && rsa_pubkey && router->cache_info.signing_key_cert &&
router->cache_info.signing_key_cert->signing_key_included) {
char buf[256];
int tap_cc_len = 0;
"uptime %ld\n"
"bandwidth %d %d %d\n"
"%s%s"
- "onion-key\n%s"
+ "%s%s"
"signing-key\n%s"
"%s%s"
"%s%s%s",
extra_info_line ? extra_info_line : "",
(options->DownloadExtraInfo || options->V3AuthoritativeDir) ?
"caches-extra-info\n" : "",
- onion_pkey, identity_pkey,
+ onion_pkey?"onion-key\n":"", onion_pkey?onion_pkey:"",
+ identity_pkey,
rsa_tap_cc_line ? rsa_tap_cc_line : "",
ntor_cc_line ? ntor_cc_line : "",
family_line,
r1->ipv4_dirport = dir_port;
r1->supports_tunnelled_dir_requests = 1;
- router_set_rsa_onion_pkey(pk1, &r1->onion_pkey, &r1->onion_pkey_len);
+ router_set_rsa_onion_pkey(pk1, &r1->tap_onion_pkey, &r1->tap_onion_pkey_len);
r1->identity_pkey = pk2;
r1->bandwidthrate = bandwidthrate;
{
char *block = NULL;
tor_assert(r1);
- crypto_pk_t *pk_tmp = router_get_rsa_onion_pkey(r1->onion_pkey,
- r1->onion_pkey_len);
+ crypto_pk_t *pk_tmp = router_get_rsa_onion_pkey(r1->tap_onion_pkey,
+ r1->tap_onion_pkey_len);
block = get_new_rsa_key_block("onion-key", pk_tmp);
crypto_pk_free(pk_tmp);
return block;
if (rsa_onion_keypair) {
mocked_onionkey = crypto_pk_dup_key(rsa_onion_keypair);
} else {
- mocked_onionkey = router_get_rsa_onion_pkey(r1->onion_pkey,
- r1->onion_pkey_len);
+ mocked_onionkey = router_get_rsa_onion_pkey(r1->tap_onion_pkey,
+ r1->tap_onion_pkey_len);
}
MOCK(get_onion_key, mock_get_onion_key);
}
tt_int_op(rp1->bandwidthrate,OP_EQ, r1->bandwidthrate); \
tt_int_op(rp1->bandwidthburst,OP_EQ, r1->bandwidthburst); \
tt_int_op(rp1->bandwidthcapacity,OP_EQ, r1->bandwidthcapacity); \
- crypto_pk_t *rp1_onion_pkey = router_get_rsa_onion_pkey(rp1->onion_pkey, \
- rp1->onion_pkey_len); \
- crypto_pk_t *r1_onion_pkey = router_get_rsa_onion_pkey(r1->onion_pkey, \
- r1->onion_pkey_len); \
+ crypto_pk_t *rp1_onion_pkey = router_get_rsa_onion_pkey( \
+ rp1->tap_onion_pkey, \
+ rp1->tap_onion_pkey_len); \
+ crypto_pk_t *r1_onion_pkey = router_get_rsa_onion_pkey( \
+ r1->tap_onion_pkey, \
+ r1->tap_onion_pkey_len); \
tt_int_op(crypto_pk_cmp_keys(rp1_onion_pkey, r1_onion_pkey), OP_EQ, 0); \
crypto_pk_free(rp1_onion_pkey); \
crypto_pk_free(r1_onion_pkey); \
tt_int_op(ret, OP_EQ, 0);
ri.onion_curve25519_pkey =
tor_malloc_zero(sizeof(curve25519_public_key_t));
- ri.onion_pkey = tor_malloc_zero(140);
curve25519_public_key_generate(ri.onion_curve25519_pkey,
&curve25519_secret_key);
memset(ri.cache_info.identity_digest, 'A', DIGEST_LEN);
update_all_descriptors_intro_points(now);
tor_free(node->ri->onion_curve25519_pkey); /* Avoid memleak. */
tor_free(node->ri->cache_info.signing_key_cert);
- tor_free(node->ri->onion_pkey);
expect_log_msg_containing("just picked 1 intro points and wanted 3 for next "
"descriptor. It currently has 0 intro points. "
"Launching ESTABLISH_INTRO circuit shortly.");
mock_routerinfo->identity_pkey = crypto_pk_dup_key(ident_key);
mock_routerinfo->protocol_list =
tor_strdup("Cons=1-2 Desc=1-2 DirCache=1-2");
- router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->onion_pkey,
- &mock_routerinfo->onion_pkey_len);
+ router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->tap_onion_pkey,
+ &mock_routerinfo->tap_onion_pkey_len);
mock_routerinfo->bandwidthrate = 9001;
mock_routerinfo->bandwidthburst = 9002;
projects / thirdparty / tor.git / commitdiff
