summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorGeorge Kadianakis <desnacked@gmail.com>2011-11-24 00:22:31 +0100
committerGeorge Kadianakis <desnacked@gmail.com>2011-11-24 22:13:44 +0100
commit8a726dd0dd28c4550a7f6f7d9aa5f72507d4716b (patch)
treeaff61b52c21fb9bcd8faa1bd5242cbb09f060a13 /src/or
parent42bda231ee10db0136cf2ffb56a38ce290891794 (diff)
downloadtor-8a726dd0dd28c4550a7f6f7d9aa5f72507d4716b.tar.gz
tor-8a726dd0dd28c4550a7f6f7d9aa5f72507d4716b.zip
Implement dynamic prime reading and storing to disk.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/config.c5
-rw-r--r--src/or/main.c2
-rw-r--r--src/or/router.c94
-rw-r--r--src/or/router.h4
4 files changed, 100 insertions, 5 deletions
diff --git a/src/or/config.c b/src/or/config.c
index a113f7b2da..78e91bbe11 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1373,9 +1373,9 @@ options_act(const or_options_t *old_options)
if (options->DynamicPrimes && !old_options->DynamicPrimes) {
crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
} else if (!options->DynamicPrimes && old_options->DynamicPrimes) {
- crypto_set_tlS_dh_prime(0, NULL);
+ crypto_set_tls_dh_prime(0, NULL);
} else {
- tor_assert(crypto_get_tls_dh_prime);
+ tor_assert(crypto_get_tls_dh_prime());
}
}
@@ -4069,6 +4069,7 @@ options_transition_affects_workers(const or_options_t *old_options,
{
if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
old_options->NumCPUs != new_options->NumCPUs ||
+ old_options->DynamicPrimes != new_options->DynamicPrimes ||
old_options->ORPort != new_options->ORPort ||
old_options->ServerDNSSearchDomains !=
new_options->ServerDNSSearchDomains ||
diff --git a/src/or/main.c b/src/or/main.c
index 0d2127d336..7008d388a1 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2275,7 +2275,7 @@ tor_init(int argc, char *argv[])
if (crypto_global_init(get_options()->HardwareAccel,
get_options()->AccelName,
- get_options()->AccelDir) {
+ get_options()->AccelDir)) {
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
return -1;
}
diff --git a/src/or/router.c b/src/or/router.c
index 414d346bfa..368ea1b741 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -484,6 +484,86 @@ v3_authority_check_key_expiry(void)
last_warned = now;
}
+
+/** Store <b>dynamic_prime</b> to disk for future use. */
+int
+router_store_dynamic_prime(const BIGNUM *dynamic_prime)
+{
+ FILE *fp = NULL;
+ char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ int retval = -1;
+
+ if (file_status(fname) != FN_NOENT) {
+ log_warn(LD_GENERAL, "Dynamic prime already occupied.");
+ goto done;
+ }
+
+ if (!(fp = fopen(fname, "w"))) {
+ log_warn(LD_GENERAL, "Error writing to certificate file");
+ goto done;
+ }
+
+ if (BN_print_fp(fp, dynamic_prime) == 0) {
+ log_warn(LD_GENERAL, "Error on bn_print_fp()");
+ goto done;
+ }
+
+ retval = 0;
+
+ done:
+ if (fp)
+ fclose(fp);
+ tor_free(fname);
+
+ return retval;
+}
+
+/** Return the dynamic prime stored in the disk. If there is no
+ dynamic prime stored in the disk, return NULL. */
+BIGNUM *
+router_get_stored_dynamic_prime(void)
+{
+ int retval;
+ char *contents = NULL;
+ char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ BIGNUM *dynamic_prime = BN_new();
+ if (!dynamic_prime)
+ goto err;
+
+ contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
+ if (!contents) {
+ log_warn(LD_GENERAL, "Error reading dynamic prime from \"%s\"", fname);
+ goto err;
+ }
+
+ retval = BN_hex2bn(&dynamic_prime, contents);
+ if (!retval) {
+ log_warn(LD_GENERAL, "C0rrupted dynamic prime?!?!");
+ goto err;
+ }
+
+ { /* log the dynamic prime: */
+ char *s = BN_bn2hex(dynamic_prime);
+ tor_assert(s);
+ log_notice(LD_OR, "Found stored dynamic prime: [%s]", s);
+ OPENSSL_free(s);
+ }
+
+ goto done;
+
+ err:
+ if (dynamic_prime) {
+ BN_free(dynamic_prime);
+ dynamic_prime = NULL;
+ }
+
+ done:
+ tor_free(fname);
+ tor_free(contents);
+
+ return dynamic_prime;
+}
+
/** Initialize all OR private keys, and the TLS context, as necessary.
* On OPs, this only initializes the tls context. Return 0 on success,
* or -1 if Tor should die.
@@ -514,8 +594,7 @@ init_keys(void)
* openssl to initialize itself. */
if (crypto_global_init(get_options()->HardwareAccel,
get_options()->AccelName,
- get_options()->AccelDir,
- get_options()->DynamicPrimes)) {
+ get_options()->AccelDir)) {
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
return -1;
}
@@ -634,6 +713,17 @@ init_keys(void)
log_err(LD_GENERAL,"Error initializing TLS context");
return -1;
}
+
+ /** 3b. If we use a dynamic prime, store it to disk. */
+ if (get_options()->DynamicPrimes) {
+ BIGNUM *dynamic_prime = crypto_get_tls_dh_prime();
+ if (dynamic_prime) {
+ if (router_store_dynamic_prime(dynamic_prime) < 0)
+ log_warn(LD_GENERAL, "Failed while storing dynamic prime. "
+ "Make sure your data directory is sane.");
+ }
+ }
+
/* 4. Build our router descriptor. */
/* Must be called after keys are initialized. */
mydesc = router_get_my_descriptor();
diff --git a/src/or/router.h b/src/or/router.h
index f9d156cb09..41ff139936 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -28,6 +28,10 @@ void dup_onion_keys(crypto_pk_env_t **key, crypto_pk_env_t **last);
void rotate_onion_key(void);
crypto_pk_env_t *init_key_from_file(const char *fname, int generate,
int severity);
+
+BIGNUM *router_get_stored_dynamic_prime(void);
+int router_store_dynamic_prime(const BIGNUM *dynamic_prime);
+
void v3_authority_check_key_expiry(void);
int init_keys(void);