/** Generate a new certificate for our loaded or generated keys, and write it * to disk. Return 0 on success, nonzero on failure. */ static int generate_certificate(void) { char buf[8192]; time_t now = time(NULL); struct tm tm; char published[ISO_TIME_LEN+1]; char expires[ISO_TIME_LEN+1]; char id_digest[DIGEST_LEN]; char fingerprint[FINGERPRINT_LEN+1]; char *ident = key_to_string(identity_key); char *signing = key_to_string(signing_key); FILE *f; size_t signed_len; char digest[DIGEST_LEN]; char signature[1024]; /* handles up to 8192-bit keys. */ int r; get_fingerprint(identity_key, fingerprint); get_digest(identity_key, id_digest); tor_localtime_r(&now, &tm); tm.tm_mon += months_lifetime; format_iso_time(published, now); format_iso_time(expires, mktime(&tm)); tor_snprintf(buf, sizeof(buf), "dir-key-certificate-version 3" "%s%s" "\nfingerprint %s\n" "dir-key-published %s\n" "dir-key-expires %s\n" "dir-identity-key\n%s" "dir-signing-key\n%s" "dir-key-crosscert\n" "-----BEGIN ID SIGNATURE-----\n", address?"\ndir-address ":"", address?address:"", fingerprint, published, expires, ident, signing ); tor_free(ident); tor_free(signing); /* Append a cross-certification */ r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest, (unsigned char*)signature, EVP_PKEY_get1_RSA(signing_key), RSA_PKCS1_PADDING); signed_len = strlen(buf); base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r); strlcat(buf, "-----END ID SIGNATURE-----\n" "dir-key-certification\n", sizeof(buf)); signed_len = strlen(buf); SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest); r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest, (unsigned char*)signature, EVP_PKEY_get1_RSA(identity_key), RSA_PKCS1_PADDING); strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf)); signed_len = strlen(buf); base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r); strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf)); if (!(f = fopen(certificate_file, "w"))) { log_err(LD_GENERAL, "Couldn't open %s for writing: %s", certificate_file, strerror(errno)); return 1; } fputs(buf, f); fclose(f); return 0; }
/** Read the command line options from <b>argc</b> and <b>argv</b>, * setting global option vars as needed. */ static int parse_commandline(int argc, char **argv) { int i; log_severity_list_t s; for (i = 1; i < argc; ++i) { if (!strcmp(argv[i], "--help") || !strcmp(argv[i], "-h")) { show_help(); return 1; } else if (!strcmp(argv[i], "-i")) { if (i+1>=argc) { fprintf(stderr, "No argument to -i\n"); return 1; } identity_key_file = tor_strdup(argv[++i]); } else if (!strcmp(argv[i], "-s")) { if (i+1>=argc) { fprintf(stderr, "No argument to -s\n"); return 1; } signing_key_file = tor_strdup(argv[++i]); } else if (!strcmp(argv[i], "-c")) { if (i+1>=argc) { fprintf(stderr, "No argument to -c\n"); return 1; } certificate_file = tor_strdup(argv[++i]); } else if (!strcmp(argv[i], "-m")) { if (i+1>=argc) { fprintf(stderr, "No argument to -m\n"); return 1; } months_lifetime = atoi(argv[++i]); if (months_lifetime > 24 || months_lifetime < 0) { fprintf(stderr, "Lifetime (in months) was out of range.\n"); return 1; } } else if (!strcmp(argv[i], "-r") || !strcmp(argv[i], "--reuse")) { reuse_signing_key = 1; } else if (!strcmp(argv[i], "-v")) { verbose = 1; } else if (!strcmp(argv[i], "-a")) { uint32_t addr; uint16_t port; char b[INET_NTOA_BUF_LEN]; struct in_addr in; if (i+1>=argc) { fprintf(stderr, "No argument to -a\n"); return 1; } if (addr_port_lookup(LOG_ERR, argv[++i], NULL, &addr, &port)<0) return 1; in.s_addr = htonl(addr); tor_inet_ntoa(&in, b, sizeof(b)); address = tor_malloc(INET_NTOA_BUF_LEN+32); tor_snprintf(address, INET_NTOA_BUF_LEN+32, "%s:%d", b, (int)port); } else if (!strcmp(argv[i], "--create-identity-key")) { make_new_id = 1; } else if (!strcmp(argv[i], "--passphrase-fd")) { if (i+1>=argc) { fprintf(stderr, "No argument to --passphrase-fd\n"); return 1; } passphrase_fd = atoi(argv[++i]); } else { fprintf(stderr, "Unrecognized option %s\n", argv[i]); return 1; } } memwipe(&s, 0, sizeof(s)); if (verbose) set_log_severity_config(LOG_DEBUG, LOG_ERR, &s); else set_log_severity_config(LOG_WARN, LOG_ERR, &s); add_stream_log(&s, "<stderr>", fileno(stderr)); if (!identity_key_file) { identity_key_file = tor_strdup("./authority_identity_key"); log_info(LD_GENERAL, "No identity key file given; defaulting to %s", identity_key_file); } if (!signing_key_file) { signing_key_file = tor_strdup("./authority_signing_key"); log_info(LD_GENERAL, "No signing key file given; defaulting to %s", signing_key_file); } if (!certificate_file) { certificate_file = tor_strdup("./authority_certificate"); log_info(LD_GENERAL, "No signing key file given; defaulting to %s", certificate_file); } if (passphrase_fd >= 0) { if (load_passphrase()<0) return 1; } return 0; }
static void test_storagedir_read_labeled(void *arg) { (void)arg; char *dirname = tor_strdup(get_fname_rnd("store_dir")); storage_dir_t *d = NULL; uint8_t *inp = tor_malloc_zero(8192); config_line_t *labels = NULL, *labels2 = NULL; char *fname = NULL; tor_mmap_t *map = NULL; uint8_t *as_read = NULL; d = storage_dir_new(dirname, 10); tt_assert(d); tor_snprintf((char*)inp, 8192, "Hello world\n" "This is a test\n" "Yadda yadda.\n"); size_t bodylen = 8192 - strlen((char*)inp) - 1; crypto_rand((char *)inp+strlen((char*)inp)+1, bodylen); int r = storage_dir_save_bytes_to_file(d, inp, 8192, 1, &fname); tt_int_op(r, OP_EQ, 0); /* Try mapping */ const uint8_t *datap = NULL; size_t sz = 0; map = storage_dir_map_labeled(d, fname, &labels, &datap, &sz); tt_assert(map); tt_assert(datap); tt_u64_op(sz, OP_EQ, bodylen); tt_mem_op(datap, OP_EQ, inp+strlen((char*)inp)+1, bodylen); tt_assert(labels); tt_str_op(labels->key, OP_EQ, "Hello"); tt_str_op(labels->value, OP_EQ, "world"); tt_assert(labels->next); tt_str_op(labels->next->key, OP_EQ, "This"); tt_str_op(labels->next->value, OP_EQ, "is a test"); tt_assert(labels->next->next); tt_str_op(labels->next->next->key, OP_EQ, "Yadda"); tt_str_op(labels->next->next->value, OP_EQ, "yadda."); tt_ptr_op(labels->next->next->next, OP_EQ, NULL); /* Try reading this time. */ sz = 0; as_read = storage_dir_read_labeled(d, fname, &labels2, &sz); tt_assert(as_read); tt_u64_op(sz, OP_EQ, bodylen); tt_mem_op(as_read, OP_EQ, inp+strlen((char*)inp)+1, bodylen); tt_assert(config_lines_eq(labels, labels2)); done: storage_dir_free(d); tor_free(dirname); tor_free(inp); tor_free(fname); config_free_lines(labels); config_free_lines(labels2); tor_munmap_file(map); tor_free(as_read); }