[or-cvs] r10492: Code to check signatures on consensus directories. (in tor/trunk: . doc src/or)

nickm at seul.org nickm at seul.org
Mon Jun 4 22:57:24 UTC 2007


Author: nickm
Date: 2007-06-04 18:57:23 -0400 (Mon, 04 Jun 2007)
New Revision: 10492

Modified:
   tor/trunk/
   tor/trunk/doc/TODO
   tor/trunk/src/or/dirvote.c
   tor/trunk/src/or/or.h
   tor/trunk/src/or/routerparse.c
Log:
 r13252 at catbus:  nickm | 2007-06-04 18:57:21 -0400
 Code to check signatures on consensus directories.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r13252] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2007-06-04 22:29:00 UTC (rev 10491)
+++ tor/trunk/doc/TODO	2007-06-04 22:57:23 UTC (rev 10492)
@@ -79,7 +79,7 @@
         o Code to generate votes
         o Code to generate consensus from a list of votes
         - Add a signature to a consensus.
-        - Code to check signatures on a consensus
+        o Code to check signatures on a consensus
         - Push/pull documents as appropriate.
         o Have clients know which authorities are v3 authorities, and what
           their keys are.

Modified: tor/trunk/src/or/dirvote.c
===================================================================
--- tor/trunk/src/or/dirvote.c	2007-06-04 22:29:00 UTC (rev 10491)
+++ tor/trunk/src/or/dirvote.c	2007-06-04 22:57:23 UTC (rev 10492)
@@ -293,6 +293,7 @@
     int j;
     SMARTLIST_FOREACH(votes, networkstatus_vote_t *, v,
     {
+      tor_assert(v->is_vote);
       smartlist_add(va_times, &v->valid_after);
       smartlist_add(fu_times, &v->fresh_until);
       smartlist_add(vu_times, &v->valid_until);
@@ -629,3 +630,64 @@
   return result;
 }
 
+/** DOCDOC */
+int
+networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
+{
+  int n_good = 0;
+  int n_missing_key = 0;
+  int n_bad = 0;
+  int n_unknown = 0;
+
+  tor_assert(! consensus->is_vote);
+
+  SMARTLIST_FOREACH(consensus->voters, networkstatus_voter_info_t *, voter,
+  {
+    trusted_dir_server_t *ds =
+      trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
+    if (!ds) {
+      ++n_unknown;
+      continue;
+    }
+    if (voter->pending_signature) {
+      char d[DIGEST_LEN];
+      char *signed_digest;
+      size_t signed_digest_len;
+      tor_assert(!voter->good_signature && !voter->bad_signature);
+      if (!ds->v3_cert) {
+        ++n_missing_key;
+        continue;
+      }
+      /*XXXX020 check return*/
+      crypto_pk_get_digest(ds->v3_cert->signing_key, d);
+      if (memcmp(voter->signing_key_digest, d, DIGEST_LEN)) {
+        ++n_missing_key;
+        continue;
+      }
+      signed_digest_len = crypto_pk_keysize(ds->v3_cert->signing_key);
+      signed_digest = tor_malloc(signed_digest_len);
+      if (crypto_pk_public_checksig(ds->v3_cert->signing_key,
+                                signed_digest,
+                                voter->pending_signature,
+                                voter->pending_signature_len) != DIGEST_LEN ||
+          memcmp(signed_digest, consensus->networkstatus_digest, DIGEST_LEN)) {
+        log_warn(LD_DIR, "Got a bad signature."); /*XXXX020 say more*/
+        voter->bad_signature = 1;
+      } else {
+        voter->good_signature = 1;
+      }
+      tor_free(voter->pending_signature);
+    }
+    if (voter->good_signature)
+      ++n_good;
+    else if (voter->bad_signature)
+      ++n_bad;
+    else
+      tor_assert(0);
+  });
+
+  /* XXXX020 actually use the result. */
+
+  return 0;
+}
+

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2007-06-04 22:29:00 UTC (rev 10491)
+++ tor/trunk/src/or/or.h	2007-06-04 22:57:23 UTC (rev 10492)
@@ -1314,7 +1314,8 @@
 
   char *pending_signature;
   int pending_signature_len;
-  int bad_signature;
+  unsigned int bad_signature : 1;
+  unsigned int good_signature : 1;
 } networkstatus_voter_info_t;
 
 /*XXXX020 rename to networkstatus_t once it works. */
@@ -1336,6 +1337,8 @@
 
   struct authority_cert_t *cert; /* vote only. */
 
+  char networkstatus_digest[DIGEST_LEN];
+
   smartlist_t *routerstatus_list; /* holds vote_routerstatus_t if is_vote,
                                    * otherwise just routerstatus_t. */
 } networkstatus_vote_t;
@@ -2732,6 +2735,7 @@
 networkstatus_voter_info_t *networkstatus_get_voter_by_id(
                                        networkstatus_vote_t *vote,
                                        const char *identity);
+int networkstatus_check_consensus_signature(networkstatus_vote_t *consensus);
 
 /********************************* dns.c ***************************/
 

Modified: tor/trunk/src/or/routerparse.c
===================================================================
--- tor/trunk/src/or/routerparse.c	2007-06-04 22:29:00 UTC (rev 10491)
+++ tor/trunk/src/or/routerparse.c	2007-06-04 22:57:23 UTC (rev 10492)
@@ -1801,6 +1801,7 @@
   }
 
   ns = tor_malloc_zero(sizeof(networkstatus_vote_t));
+  memcpy(ns->networkstatus_digest, ns_digest, DIGEST_LEN);
 
   if (is_vote) {
     const char *end_of_cert = NULL;
@@ -2036,6 +2037,7 @@
       if (check_signature_token(ns_digest, tok, ns->cert->signing_key, 0,
                                 "network-status vote"))
         goto err;
+      v->good_signature = 1;
     } else {
       v->pending_signature = tor_memdup(tok->object_body,
                                         tok->object_size);



More information about the tor-commits mailing list