diff options
author | Neel Chauhan <neel@neelc.org> | 2020-10-20 16:13:26 -0700 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2020-11-17 11:23:08 -0500 |
commit | 1588767e655f87f49cf0f71d6e604117be52a135 (patch) | |
tree | f934532338354a858ee59741e17431c197c58255 | |
parent | 3900b1937973141b5c75f7221162375f7a2e1f9c (diff) | |
download | tor-1588767e655f87f49cf0f71d6e604117be52a135.tar.gz tor-1588767e655f87f49cf0f71d6e604117be52a135.zip |
Allow listing ed25519 fingerprints on the command line
-rw-r--r-- | changes/ticket33632 | 5 | ||||
-rw-r--r-- | doc/man/tor.1.txt | 5 | ||||
-rw-r--r-- | src/app/config/config.c | 1 | ||||
-rw-r--r-- | src/app/main/main.c | 40 |
4 files changed, 41 insertions, 10 deletions
diff --git a/changes/ticket33632 b/changes/ticket33632 new file mode 100644 index 0000000000..9d813feaf2 --- /dev/null +++ b/changes/ticket33632 @@ -0,0 +1,5 @@ + o Minor features (relay fingerprint, command line): + - Allow a relay operator to list the ed25519 keys on the command line + by adding the `rsa` and `ed25519` arguments to the --list-fingerprint + flag to show the respective RSA and ed25519 relay fingerprint. Closes + ticket 33632. Patch by Neel Chauhan. diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index ab273925b1..e886d6f801 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -91,8 +91,9 @@ The following options in this section are only recognized on the [[opt-hash-password]] **`--hash-password`** __PASSWORD__:: Generate a hashed password for control port access. -[[opt-list-fingerprint]] **`--list-fingerprint`**:: - Generate your keys and output your nickname and fingerprint. +[[opt-list-fingerprint]] **`--list-fingerprint`** [__key type__]:: + Generate your keys and output your nickname and fingerprint. Optionally, + you can specify the key type as `rsa` (default) or `ed25519`. [[opt-verify-config]] **`--verify-config`**:: Verify whether the configuration file is valid. diff --git a/src/app/config/config.c b/src/app/config/config.c index 04a82a5c43..b5cc382258 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -2466,6 +2466,7 @@ static const struct { .command=CMD_DUMP_CONFIG, .quiet=QUIET_SILENT }, { .name="--list-fingerprint", + .takes_argument=ARGUMENT_OPTIONAL, .command=CMD_LIST_FINGERPRINT }, { .name="--keygen", .command=CMD_KEYGEN }, diff --git a/src/app/main/main.c b/src/app/main/main.c index 31a6fa52ba..e7ffb31b4f 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -58,6 +58,7 @@ #include "feature/stats/rephist.h" #include "lib/compress/compress.h" #include "lib/buf/buffers.h" +#include "lib/crypt_ops/crypto_format.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_s2k.h" #include "lib/net/resolve.h" @@ -735,29 +736,52 @@ tor_remove_file(const char *filename) static int do_list_fingerprint(void) { - char buf[FINGERPRINT_LEN+1]; + const or_options_t *options = get_options(); + const char *arg = options->command_arg; + char rsa[FINGERPRINT_LEN + 1]; crypto_pk_t *k; - const char *nickname = get_options()->Nickname; + const ed25519_public_key_t *edkey; + const char *nickname = options->Nickname; sandbox_disable_getaddrinfo_cache(); - if (!server_mode(get_options())) { + + bool show_rsa = !strcmp(arg, "") || !strcmp(arg, "rsa"); + bool show_ed25519 = !strcmp(arg, "ed25519"); + if (!show_rsa && !show_ed25519) { + log_err(LD_GENERAL, + "If you give a key type, you must specify 'rsa' or 'ed25519'. Exiting."); + return -1; + } + + if (!server_mode(options)) { log_err(LD_GENERAL, "Clients don't have long-term identity keys. Exiting."); return -1; } tor_assert(nickname); if (init_keys() < 0) { - log_err(LD_GENERAL,"Error initializing keys; exiting."); + log_err(LD_GENERAL, "Error initializing keys; exiting."); return -1; } if (!(k = get_server_identity_key())) { - log_err(LD_GENERAL,"Error: missing identity key."); + log_err(LD_GENERAL, "Error: missing RSA identity key."); + return -1; + } + if (crypto_pk_get_fingerprint(k, rsa, 1) < 0) { + log_err(LD_BUG, "Error computing RSA fingerprint"); return -1; } - if (crypto_pk_get_fingerprint(k, buf, 1)<0) { - log_err(LD_BUG, "Error computing fingerprint"); + if (!(edkey = get_master_identity_key())) { + log_err(LD_GENERAL,"Error: missing ed25519 identity key."); return -1; } - printf("%s %s\n", nickname, buf); + if (show_rsa) { + printf("%s %s\n", nickname, rsa); + } + if (show_ed25519) { + char ed25519[ED25519_BASE64_LEN + 1]; + digest256_to_base64(ed25519, (const char *) edkey->pubkey); + printf("%s %s\n", nickname, ed25519); + } return 0; } |