return FP_REJECT;
}
- if (router->signing_key_cert) {
+ if (router->cache_info.signing_key_cert) {
/* This has an ed25519 identity key. */
if (KEYPIN_MISMATCH ==
keypin_check((const uint8_t*)router->cache_info.identity_digest,
- router->signing_key_cert->signing_key.pubkey)) {
+ router->cache_info.signing_key_cert->signing_key.pubkey)) {
log_fn(severity, LD_DIR,
"Descriptor from router %s has an Ed25519 key, "
"but the <rsa,ed25519> keys don't match what they were before.",
/* Do keypinning again ... this time, to add the pin if appropriate */
int keypin_status;
- if (ri->signing_key_cert) {
+ if (ri->cache_info.signing_key_cert) {
keypin_status = keypin_check_and_add(
(const uint8_t*)ri->cache_info.identity_digest,
- ri->signing_key_cert->signing_key.pubkey,
+ ri->cache_info.signing_key_cert->signing_key.pubkey,
! key_pinning);
} else {
keypin_status = keypin_check_lone_rsa(
SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
ri->omit_from_vote = 0;
- if (ri->signing_key_cert == NULL)
+ if (ri->cache_info.signing_key_cert == NULL)
continue; /* No ed key */
- const uint8_t *pk = ri->signing_key_cert->signing_key.pubkey;
+ const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
if ((ri2 = digest256map_get(by_ed_key, pk))) {
/* Duplicate; must omit one. Set the omit_from_vote flag in whichever
* one has the earlier published_on. */
set_routerstatus_from_routerinfo(rs, node, ri, now,
listbadexits);
- if (ri->signing_key_cert) {
- memcpy(vrs->ed25519_id, ri->signing_key_cert->signing_key.pubkey,
+ if (ri->cache_info.signing_key_cert) {
+ memcpy(vrs->ed25519_id, ri->cache_info.signing_key_cert->signing_key.pubkey,
ED25519_PUBKEY_LEN);
}
char idbuf[ED25519_BASE64_LEN+1];
const char *keytype;
if (consensus_method >= MIN_METHOD_FOR_ED25519_ID_IN_MD &&
- ri->signing_key_cert &&
- ri->signing_key_cert->signing_key_included) {
+ ri->cache_info.signing_key_cert &&
+ ri->cache_info.signing_key_cert->signing_key_included) {
keytype = "ed25519";
- ed25519_public_to_base64(idbuf, &ri->signing_key_cert->signing_key);
+ ed25519_public_to_base64(idbuf,
+ &ri->cache_info.signing_key_cert->signing_key);
} else {
keytype = "rsa1024";
digest_to_base64(idbuf, ri->cache_info.identity_digest);
crypto_pk_t *identity_pkey; /**< Public RSA key for signing. */
/** Public curve25519 key for onions */
curve25519_public_key_t *onion_curve25519_pkey;
- /** Certificate for ed25519 signing key
- * (XXXX duplicated in cache_info.) */
- struct tor_cert_st *signing_key_cert;
/** What's the earliest expiration time on all the certs in this
* routerinfo? */
time_t cert_expiration_time;
uint8_t digest256[DIGEST256_LEN];
/** The router's nickname. */
char nickname[MAX_NICKNAME_LEN+1];
- /** Certificate for ed25519 signing key
- * (XXXX duplicated in cache_info.) */
- struct tor_cert_st *signing_key_cert;
/** True iff we found the right key for this extra-info, verified the
* signature, and found it to be bad. */
unsigned int bad_sig : 1;
routerinfo_free(ri);
return -1;
}
- ri->signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
ri->cache_info.signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
get_platform_str(platform, sizeof(platform));
ei->cache_info.is_extrainfo = 1;
strlcpy(ei->nickname, get_options()->Nickname, sizeof(ei->nickname));
ei->cache_info.published_on = ri->cache_info.published_on;
- ei->signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
ei->cache_info.signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest,
const or_options_t *options = get_options();
smartlist_t *chunks = NULL;
char *output = NULL;
- const int emit_ed_sigs = signing_keypair && router->signing_key_cert;
+ const int emit_ed_sigs = signing_keypair &&
+ router->cache_info.signing_key_cert;
char *ed_cert_line = NULL;
char *rsa_tap_cc_line = NULL;
char *ntor_cc_line = NULL;
goto err;
}
if (emit_ed_sigs) {
- if (!router->signing_key_cert->signing_key_included ||
- !ed25519_pubkey_eq(&router->signing_key_cert->signed_key,
+ if (!router->cache_info.signing_key_cert->signing_key_included ||
+ !ed25519_pubkey_eq(&router->cache_info.signing_key_cert->signed_key,
&signing_keypair->pubkey)) {
log_warn(LD_BUG, "Tried to sign a router descriptor with a mismatched "
"ed25519 key chain %d",
- router->signing_key_cert->signing_key_included);
+ router->cache_info.signing_key_cert->signing_key_included);
goto err;
}
}
char ed_cert_base64[256];
char ed_fp_base64[ED25519_BASE64_LEN+1];
if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
- (const char*)router->signing_key_cert->encoded,
- router->signing_key_cert->encoded_len,
+ (const char*)router->cache_info.signing_key_cert->encoded,
+ router->cache_info.signing_key_cert->encoded_len,
BASE64_ENCODE_MULTILINE) < 0) {
log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
goto err;
}
if (ed25519_public_to_base64(ed_fp_base64,
- &router->signing_key_cert->signing_key)<0) {
+ &router->cache_info.signing_key_cert->signing_key)<0) {
log_err(LD_BUG,"Couldn't base64-encode identity key\n");
goto err;
}
}
/* Cross-certify with RSA key */
- if (tap_key && router->signing_key_cert &&
- router->signing_key_cert->signing_key_included) {
+ if (tap_key && router->cache_info.signing_key_cert &&
+ router->cache_info.signing_key_cert->signing_key_included) {
char buf[256];
int tap_cc_len = 0;
uint8_t *tap_cc =
make_tap_onion_key_crosscert(tap_key,
- &router->signing_key_cert->signing_key,
+ &router->cache_info.signing_key_cert->signing_key,
router->identity_pkey,
&tap_cc_len);
if (!tap_cc) {
}
/* Cross-certify with onion keys */
- if (ntor_keypair && router->signing_key_cert &&
- router->signing_key_cert->signing_key_included) {
+ if (ntor_keypair && router->cache_info.signing_key_cert &&
+ router->cache_info.signing_key_cert->signing_key_included) {
int sign = 0;
char buf[256];
/* XXXX Base the expiration date on the actual onion key expiration time?*/
tor_cert_t *cert =
make_ntor_onion_key_crosscert(ntor_keypair,
- &router->signing_key_cert->signing_key,
- router->cache_info.published_on,
- MIN_ONION_KEY_LIFETIME, &sign);
+ &router->cache_info.signing_key_cert->signing_key,
+ router->cache_info.published_on,
+ MIN_ONION_KEY_LIFETIME, &sign);
if (!cert) {
log_warn(LD_BUG,"make_ntor_onion_key_crosscert failed!");
goto err;
time_t now = time(NULL);
smartlist_t *chunks = smartlist_new();
extrainfo_t *ei_tmp = NULL;
- const int emit_ed_sigs = signing_keypair && extrainfo->signing_key_cert;
+ const int emit_ed_sigs = signing_keypair &&
+ extrainfo->cache_info.signing_key_cert;
char *ed_cert_line = NULL;
base16_encode(identity, sizeof(identity),
format_iso_time(published, extrainfo->cache_info.published_on);
bandwidth_usage = rep_hist_get_bandwidth_lines();
if (emit_ed_sigs) {
- if (!extrainfo->signing_key_cert->signing_key_included ||
- !ed25519_pubkey_eq(&extrainfo->signing_key_cert->signed_key,
+ if (!extrainfo->cache_info.signing_key_cert->signing_key_included ||
+ !ed25519_pubkey_eq(&extrainfo->cache_info.signing_key_cert->signed_key,
&signing_keypair->pubkey)) {
log_warn(LD_BUG, "Tried to sign a extrainfo descriptor with a "
"mismatched ed25519 key chain %d",
- extrainfo->signing_key_cert->signing_key_included);
+ extrainfo->cache_info.signing_key_cert->signing_key_included);
goto err;
}
char ed_cert_base64[256];
if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
- (const char*)extrainfo->signing_key_cert->encoded,
- extrainfo->signing_key_cert->encoded_len,
- BASE64_ENCODE_MULTILINE) < 0) {
+ (const char*)extrainfo->cache_info.signing_key_cert->encoded,
+ extrainfo->cache_info.signing_key_cert->encoded_len,
+ BASE64_ENCODE_MULTILINE) < 0) {
log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
goto err;
}
tor_free(router->onion_curve25519_pkey);
if (router->identity_pkey)
crypto_pk_free(router->identity_pkey);
- tor_cert_free(router->signing_key_cert);
tor_cert_free(router->cache_info.signing_key_cert);
if (router->declared_family) {
SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
{
if (!extrainfo)
return;
- tor_cert_free(extrainfo->signing_key_cert);
tor_cert_free(extrainfo->cache_info.signing_key_cert);
tor_free(extrainfo->cache_info.signed_descriptor_body);
tor_free(extrainfo->pending_sig);
goto err; /* different servers */
}
- if (! tor_cert_opt_eq(sd->signing_key_cert, ei->signing_key_cert)) {
+ if (! tor_cert_opt_eq(sd->signing_key_cert,ei->cache_info.signing_key_cert)) {
if (msg) *msg = "Extrainfo signing key cert didn't match routerinfo";
goto err; /* different servers */
}
- /* Copyright (c) 2001 Matej Pfajfar.
+/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2016, The Tor Project, Inc. */
log_warn(LD_DIR, "Couldn't parse ed25519 cert");
goto err;
}
- router->signing_key_cert = cert; /* makes sure it gets freed. */
- router->cache_info.signing_key_cert = tor_cert_dup(cert);
+ router->cache_info.signing_key_cert = cert; /* makes sure it gets freed.*/
if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
! cert->signing_key_included) {
log_warn(LD_DIR, "Couldn't parse ed25519 cert");
goto err;
}
- extrainfo->signing_key_cert = cert; /* makes sure it gets freed. */
- extrainfo->cache_info.signing_key_cert = tor_cert_dup(cert);
+ /* makes sure it gets freed. */
+ extrainfo->cache_info.signing_key_cert = cert;
+
if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
! cert->signing_key_included) {
log_warn(LD_DIR, "Invalid form for ed25519 cert");
ed25519_secret_key_from_seed(&kp2.seckey,
(const uint8_t*)"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
ed25519_public_key_generate(&kp2.pubkey, &kp2.seckey);
- r2->signing_key_cert = tor_cert_create(&kp1,
+ r2->cache_info.signing_key_cert = tor_cert_create(&kp1,
CERT_TYPE_ID_SIGNING,
&kp2.pubkey,
now, 86400,
CERT_FLAG_INCLUDE_SIGNING_KEY);
char cert_buf[256];
base64_encode(cert_buf, sizeof(cert_buf),
- (const char*)r2->signing_key_cert->encoded,
- r2->signing_key_cert->encoded_len,
+ (const char*)r2->cache_info.signing_key_cert->encoded,
+ r2->cache_info.signing_key_cert->encoded_len,
BASE64_ENCODE_MULTILINE);
r2->platform = tor_strdup(platform);
r2->cache_info.published_on = 5;
strlcat(buf2, "master-key-ed25519 ", sizeof(buf2));
{
char k[ED25519_BASE64_LEN+1];
- tt_assert(ed25519_public_to_base64(k, &r2->signing_key_cert->signing_key)
+ tt_assert(ed25519_public_to_base64(k,
+ &r2->cache_info.signing_key_cert->signing_key)
>= 0);
strlcat(buf2, k, sizeof(buf2));
strlcat(buf2, "\n", sizeof(buf2));
md = dirvote_create_microdescriptor(ri, 21);
tt_str_op(md->body, ==, test_md2_21);
tt_assert(ed25519_pubkey_eq(md->ed25519_identity_pkey,
- &ri->signing_key_cert->signing_key));
+ &ri->cache_info.signing_key_cert->signing_key));
done:
microdesc_free(md);
projects / thirdparty / tor.git / commitdiff
