/** Generate a new certificate for our loaded or generated keys, and write it
* to disk. Return 0 on success, nonzero on failure. */
static int
generate_certificate(void)
{
char buf[8192];
time_t now = time(NULL);
struct tm tm;
char published[ISO_TIME_LEN+1];
char expires[ISO_TIME_LEN+1];
char id_digest[DIGEST_LEN];
char fingerprint[FINGERPRINT_LEN+1];
char *ident = key_to_string(identity_key);
char *signing = key_to_string(signing_key);
FILE *f;
size_t signed_len;
char digest[DIGEST_LEN];
char signature[1024]; /* handles up to 8192-bit keys. */
int r;
get_fingerprint(identity_key, fingerprint);
get_digest(identity_key, id_digest);
tor_localtime_r(&now, &tm);
tm.tm_mon += months_lifetime;
format_iso_time(published, now);
format_iso_time(expires, mktime(&tm));
tor_snprintf(buf, sizeof(buf),
"dir-key-certificate-version 3"
"%s%s"
"\nfingerprint %s\n"
"dir-key-published %s\n"
"dir-key-expires %s\n"
"dir-identity-key\n%s"
"dir-signing-key\n%s"
"dir-key-crosscert\n"
"-----BEGIN ID SIGNATURE-----\n",
address?"\ndir-address ":"", address?address:"",
fingerprint, published, expires, ident, signing
);
tor_free(ident);
tor_free(signing);
/* Append a cross-certification */
r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest,
(unsigned char*)signature,
EVP_PKEY_get1_RSA(signing_key),
RSA_PKCS1_PADDING);
signed_len = strlen(buf);
base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r);
strlcat(buf,
"-----END ID SIGNATURE-----\n"
"dir-key-certification\n", sizeof(buf));
signed_len = strlen(buf);
SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest);
r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest,
(unsigned char*)signature,
EVP_PKEY_get1_RSA(identity_key),
RSA_PKCS1_PADDING);
strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf));
signed_len = strlen(buf);
base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r);
strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf));
if (!(f = fopen(certificate_file, "w"))) {
log_err(LD_GENERAL, "Couldn't open %s for writing: %s",
certificate_file, strerror(errno));
return 1;
}
fputs(buf, f);
fclose(f);
return 0;
}
/** Read the command line options from <b>argc</b> and <b>argv</b>,
* setting global option vars as needed.
*/
static int
parse_commandline(int argc, char **argv)
{
int i;
log_severity_list_t s;
for (i = 1; i < argc; ++i) {
if (!strcmp(argv[i], "--help") || !strcmp(argv[i], "-h")) {
show_help();
return 1;
} else if (!strcmp(argv[i], "-i")) {
if (i+1>=argc) {
fprintf(stderr, "No argument to -i\n");
return 1;
}
identity_key_file = tor_strdup(argv[++i]);
} else if (!strcmp(argv[i], "-s")) {
if (i+1>=argc) {
fprintf(stderr, "No argument to -s\n");
return 1;
}
signing_key_file = tor_strdup(argv[++i]);
} else if (!strcmp(argv[i], "-c")) {
if (i+1>=argc) {
fprintf(stderr, "No argument to -c\n");
return 1;
}
certificate_file = tor_strdup(argv[++i]);
} else if (!strcmp(argv[i], "-m")) {
if (i+1>=argc) {
fprintf(stderr, "No argument to -m\n");
return 1;
}
months_lifetime = atoi(argv[++i]);
if (months_lifetime > 24 || months_lifetime < 0) {
fprintf(stderr, "Lifetime (in months) was out of range.\n");
return 1;
}
} else if (!strcmp(argv[i], "-r") || !strcmp(argv[i], "--reuse")) {
reuse_signing_key = 1;
} else if (!strcmp(argv[i], "-v")) {
verbose = 1;
} else if (!strcmp(argv[i], "-a")) {
uint32_t addr;
uint16_t port;
char b[INET_NTOA_BUF_LEN];
struct in_addr in;
if (i+1>=argc) {
fprintf(stderr, "No argument to -a\n");
return 1;
}
if (addr_port_lookup(LOG_ERR, argv[++i], NULL, &addr, &port)<0)
return 1;
in.s_addr = htonl(addr);
tor_inet_ntoa(&in, b, sizeof(b));
address = tor_malloc(INET_NTOA_BUF_LEN+32);
tor_snprintf(address, INET_NTOA_BUF_LEN+32, "%s:%d", b, (int)port);
} else if (!strcmp(argv[i], "--create-identity-key")) {
make_new_id = 1;
} else if (!strcmp(argv[i], "--passphrase-fd")) {
if (i+1>=argc) {
fprintf(stderr, "No argument to --passphrase-fd\n");
return 1;
}
passphrase_fd = atoi(argv[++i]);
} else {
fprintf(stderr, "Unrecognized option %s\n", argv[i]);
return 1;
}
}
memwipe(&s, 0, sizeof(s));
if (verbose)
set_log_severity_config(LOG_DEBUG, LOG_ERR, &s);
else
set_log_severity_config(LOG_WARN, LOG_ERR, &s);
add_stream_log(&s, "<stderr>", fileno(stderr));
if (!identity_key_file) {
identity_key_file = tor_strdup("./authority_identity_key");
log_info(LD_GENERAL, "No identity key file given; defaulting to %s",
identity_key_file);
}
if (!signing_key_file) {
signing_key_file = tor_strdup("./authority_signing_key");
log_info(LD_GENERAL, "No signing key file given; defaulting to %s",
signing_key_file);
}
if (!certificate_file) {
certificate_file = tor_strdup("./authority_certificate");
log_info(LD_GENERAL, "No signing key file given; defaulting to %s",
certificate_file);
}
if (passphrase_fd >= 0) {
if (load_passphrase()<0)
return 1;
}
return 0;
}
static void
test_storagedir_read_labeled(void *arg)
{
(void)arg;
char *dirname = tor_strdup(get_fname_rnd("store_dir"));
storage_dir_t *d = NULL;
uint8_t *inp = tor_malloc_zero(8192);
config_line_t *labels = NULL, *labels2 = NULL;
char *fname = NULL;
tor_mmap_t *map = NULL;
uint8_t *as_read = NULL;
d = storage_dir_new(dirname, 10);
tt_assert(d);
tor_snprintf((char*)inp, 8192,
"Hello world\n"
"This is a test\n"
"Yadda yadda.\n");
size_t bodylen = 8192 - strlen((char*)inp) - 1;
crypto_rand((char *)inp+strlen((char*)inp)+1, bodylen);
int r = storage_dir_save_bytes_to_file(d, inp, 8192, 1, &fname);
tt_int_op(r, OP_EQ, 0);
/* Try mapping */
const uint8_t *datap = NULL;
size_t sz = 0;
map = storage_dir_map_labeled(d, fname, &labels, &datap, &sz);
tt_assert(map);
tt_assert(datap);
tt_u64_op(sz, OP_EQ, bodylen);
tt_mem_op(datap, OP_EQ, inp+strlen((char*)inp)+1, bodylen);
tt_assert(labels);
tt_str_op(labels->key, OP_EQ, "Hello");
tt_str_op(labels->value, OP_EQ, "world");
tt_assert(labels->next);
tt_str_op(labels->next->key, OP_EQ, "This");
tt_str_op(labels->next->value, OP_EQ, "is a test");
tt_assert(labels->next->next);
tt_str_op(labels->next->next->key, OP_EQ, "Yadda");
tt_str_op(labels->next->next->value, OP_EQ, "yadda.");
tt_ptr_op(labels->next->next->next, OP_EQ, NULL);
/* Try reading this time. */
sz = 0;
as_read = storage_dir_read_labeled(d, fname, &labels2, &sz);
tt_assert(as_read);
tt_u64_op(sz, OP_EQ, bodylen);
tt_mem_op(as_read, OP_EQ, inp+strlen((char*)inp)+1, bodylen);
tt_assert(config_lines_eq(labels, labels2));
done:
storage_dir_free(d);
tor_free(dirname);
tor_free(inp);
tor_free(fname);
config_free_lines(labels);
config_free_lines(labels2);
tor_munmap_file(map);
tor_free(as_read);
}
