/* Copyright 2001-2004 Roger Dingledine. * Copyright 2004 Roger Dingledine, Nick Mathewson. */ /* See LICENSE for licensing information */ /* $Id$ */ #include "or.h" /** * \file dirserv.c * \brief Directory server core implementation. **/ /** How far in the future do we allow a router to get? (seconds) */ #define ROUTER_ALLOW_SKEW (30*60) /** How many seconds do we wait before regenerating the directory? */ #define DIR_REGEN_SLACK_TIME 10 /** Do we need to regenerate the directory when someone asks for it? */ static int the_directory_is_dirty = 1; static int runningrouters_is_dirty = 1; static int list_server_status(char **running_routers_out, char **router_status_out); static void directory_remove_unrecognized(void); static int dirserv_regenerate_directory(void); /* Should be static; exposed for testing */ void add_fingerprint_to_dir(const char *nickname, const char *fp); /************** Fingerprint handling code ************/ typedef struct fingerprint_entry_t { char *nickname; char *fingerprint; /**< Stored as HEX_DIGEST_LEN characters, followed by a NUL */ } fingerprint_entry_t; /** List of nickname-\>identity fingerprint mappings for all the routers * that we recognize. Used to prevent Sybil attacks. */ static smartlist_t *fingerprint_list = NULL; /** Add the fingerprint fp for the nickname nickname to * the global list of recognized identity key fingerprints. */ void /* Should be static; exposed for testing */ add_fingerprint_to_dir(const char *nickname, const char *fp) { int i; fingerprint_entry_t *ent; if (!fingerprint_list) fingerprint_list = smartlist_create(); for (i = 0; i < smartlist_len(fingerprint_list); ++i) { ent = smartlist_get(fingerprint_list, i); if (!strcasecmp(ent->nickname,nickname)) { tor_free(ent->fingerprint); ent->fingerprint = tor_strdup(fp); return; } } ent = tor_malloc(sizeof(fingerprint_entry_t)); ent->nickname = tor_strdup(nickname); ent->fingerprint = tor_strdup(fp); tor_strstrip(ent->fingerprint, " "); smartlist_add(fingerprint_list, ent); } /** Add the nickname and fingerprint for this OR to the recognized list. */ int dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk) { char fp[FINGERPRINT_LEN+1]; if (crypto_pk_get_fingerprint(pk, fp, 0)<0) { log_fn(LOG_ERR, "Error computing fingerprint"); return -1; } add_fingerprint_to_dir(nickname, fp); return 0; } /** Parse the nickname-\>fingerprint mappings stored in the file named * fname. The file format is line-based, with each non-blank * holding one nickname, some space, and a fingerprint for that * nickname. On success, replace the current fingerprint list with * the contents of fname and return 0. On failure, leave the * current fingerprint list untouched, and return -1. */ int dirserv_parse_fingerprint_file(const char *fname) { char *cf; char *nickname, *fingerprint; smartlist_t *fingerprint_list_new; int i, result; fingerprint_entry_t *ent; struct config_line_t *front=NULL, *list; cf = read_file_to_str(fname, 0); if (!cf) { log_fn(LOG_WARN, "Cannot open fingerprint file %s", fname); return -1; } result = config_get_lines(cf, &front); tor_free(cf); if (result < 0) { log_fn(LOG_WARN, "Error reading from fingerprint file"); return -1; } fingerprint_list_new = smartlist_create(); for(list=front; list; list=list->next) { nickname = list->key; fingerprint = list->value; if (strlen(nickname) > MAX_NICKNAME_LEN) { log(LOG_WARN, "Nickname %s too long in fingerprint file. Skipping.", nickname); continue; } if(strlen(fingerprint) != FINGERPRINT_LEN || !crypto_pk_check_fingerprint_syntax(fingerprint)) { log_fn(LOG_WARN, "Invalid fingerprint (nickname %s, fingerprint %s). Skipping.", nickname, fingerprint); continue; } if (0==strcasecmp(nickname, DEFAULT_CLIENT_NICKNAME)) { /* If you approved an OR called "client", then clients who use * the default nickname could all be rejected. That's no good. */ log(LOG_WARN, "Authorizing a nickname '%s' would break many clients; skipping.", DEFAULT_CLIENT_NICKNAME); continue; } for (i = 0; i < smartlist_len(fingerprint_list_new); ++i) { ent = smartlist_get(fingerprint_list_new, i); if (0==strcasecmp(ent->nickname, nickname)) { log(LOG_WARN, "Duplicate nickname %s. Skipping.",nickname); break; /* out of the for. the 'if' below means skip to the next line. */ } } if(i == smartlist_len(fingerprint_list_new)) { /* not a duplicate */ ent = tor_malloc(sizeof(fingerprint_entry_t)); ent->nickname = tor_strdup(nickname); ent->fingerprint = tor_strdup(fingerprint); tor_strstrip(ent->fingerprint, " "); smartlist_add(fingerprint_list_new, ent); } } config_free_lines(front); dirserv_free_fingerprint_list(); fingerprint_list = fingerprint_list_new; /* Delete any routers whose fingerprints we no longer recognize */ directory_remove_unrecognized(); return 0; } /** Check whether router has a nickname/identity key combination that * we recognize from the fingerprint list. Return 1 if router's * identity and nickname match, -1 if we recognize the nickname but * the identity key is wrong, and 0 if the nickname is not known. */ int dirserv_router_fingerprint_is_known(const routerinfo_t *router) { int i, found=0; fingerprint_entry_t *ent =NULL; char fp[FINGERPRINT_LEN+1]; if (!fingerprint_list) fingerprint_list = smartlist_create(); log_fn(LOG_DEBUG, "%d fingerprints known.", smartlist_len(fingerprint_list)); for (i=0;inickname, ent->nickname); if (!strcasecmp(router->nickname,ent->nickname)) { found = 1; break; } } if (!found) { /* No such server known */ log_fn(LOG_INFO,"no fingerprint found for %s",router->nickname); return 0; } if (crypto_pk_get_fingerprint(router->identity_pkey, fp, 0)) { log_fn(LOG_WARN,"error computing fingerprint"); return -1; } if (0==strcasecmp(ent->fingerprint, fp)) { log_fn(LOG_DEBUG,"good fingerprint for %s",router->nickname); return 1; /* Right fingerprint. */ } else { log_fn(LOG_WARN,"mismatched fingerprint for %s",router->nickname); return -1; /* Wrong fingerprint. */ } } /** If we are an authoritative dirserver, and the list of approved * servers contains one whose identity key digest is digest, * return that router's nickname. Otherwise return NULL. */ const char *dirserv_get_nickname_by_digest(const char *digest) { char hexdigest[HEX_DIGEST_LEN+1]; if (!fingerprint_list) return NULL; tor_assert(digest); base16_encode(hexdigest, HEX_DIGEST_LEN+1, digest, DIGEST_LEN); SMARTLIST_FOREACH(fingerprint_list, fingerprint_entry_t*, ent, { if (!strcasecmp(hexdigest, ent->fingerprint)) return ent->nickname; } ); return NULL; } #if 0 /** Return true iff any router named nickname with digest * is in the verified fingerprint list. */ static int router_nickname_is_approved(const char *nickname, const char *digest) { const char *n; n = dirserv_get_nickname_by_digest(digest); if (n && !strcasecmp(n,nickname)) return 1; else return 0; } #endif /** Clear the current fingerprint list. */ void dirserv_free_fingerprint_list() { int i; fingerprint_entry_t *ent; if (!fingerprint_list) return; for (i = 0; i < smartlist_len(fingerprint_list); ++i) { ent = smartlist_get(fingerprint_list, i); tor_free(ent->nickname); tor_free(ent->fingerprint); tor_free(ent); } smartlist_free(fingerprint_list); fingerprint_list = NULL; } /* * Descriptor list */ /** A directory server's view of a server descriptor. Contains both * parsed and unparsed versions. */ typedef struct descriptor_entry_t { char *nickname; time_t published; size_t desc_len; char *descriptor; int verified; routerinfo_t *router; } descriptor_entry_t; /** List of all server descriptors that this dirserv is holding. */ static smartlist_t *descriptor_list = NULL; /** Release the storage held by desc */ static void free_descriptor_entry(descriptor_entry_t *desc) { tor_free(desc->descriptor); tor_free(desc->nickname); routerinfo_free(desc->router); tor_free(desc); } /** Release all storage that the dirserv is holding for server * descriptors. */ void dirserv_free_descriptors() { if (!descriptor_list) return; SMARTLIST_FOREACH(descriptor_list, descriptor_entry_t *, d, free_descriptor_entry(d)); smartlist_clear(descriptor_list); } /** Parse the server descriptor at *desc and maybe insert it into the * list of server descriptors, and (if the descriptor is well-formed) * advance *desc immediately past the descriptor's end. * * Return 1 if descriptor is well-formed and accepted; * 0 if well-formed and server is unapproved; * -1 if not well-formed or other error. */ int dirserv_add_descriptor(const char **desc) { descriptor_entry_t *ent = NULL; routerinfo_t *ri = NULL; int i, r, found=-1; char *start, *end; char *desc_tmp = NULL; const char *cp; size_t desc_len; time_t now; int verified=1; /* whether we knew its fingerprint already */ if (!descriptor_list) descriptor_list = smartlist_create(); start = strstr(*desc, "router "); if (!start) { log_fn(LOG_WARN, "no 'router' line found. This is not a descriptor."); return -1; } if ((end = strstr(start+6, "\nrouter "))) { ++end; /* Include NL. */ } else if ((end = strstr(start+6, "\ndirectory-signature"))) { ++end; } else { end = start+strlen(start); } desc_len = end-start; cp = desc_tmp = tor_strndup(start, desc_len); /* Check: is the descriptor syntactically valid? */ ri = router_parse_entry_from_string(cp, NULL); tor_free(desc_tmp); if (!ri) { log(LOG_WARN, "Couldn't parse descriptor"); return -1; } /* Okay. Now check whether the fingerprint is recognized. */ r = dirserv_router_fingerprint_is_known(ri); if(r==-1) { log_fn(LOG_WARN, "Known nickname %s, wrong fingerprint. Not adding.", ri->nickname); routerinfo_free(ri); *desc = end; return 0; } if(r==0) { char fp[FINGERPRINT_LEN+1]; log_fn(LOG_INFO, "Unknown nickname %s (%s:%d). Adding.", ri->nickname, ri->address, ri->or_port); if (crypto_pk_get_fingerprint(ri->identity_pkey, fp, 1) < 0) { log_fn(LOG_WARN, "Error computing fingerprint for %s", ri->nickname); } else { log_fn(LOG_INFO, "Fingerprint line: %s %s", ri->nickname, fp); } verified = 0; } /* Is there too much clock skew? */ now = time(NULL); if (ri->published_on > now+ROUTER_ALLOW_SKEW) { log_fn(LOG_WARN, "Publication time for nickname %s is too far in the future; possible clock skew. Not adding.", ri->nickname); routerinfo_free(ri); *desc = end; return 0; } if (ri->published_on < now-ROUTER_MAX_AGE) { log_fn(LOG_WARN, "Publication time for router with nickname %s is too far in the past. Not adding.", ri->nickname); routerinfo_free(ri); *desc = end; return 0; } /* Do we already have an entry for this router? */ for (i = 0; i < smartlist_len(descriptor_list); ++i) { ent = smartlist_get(descriptor_list, i); if (!strcasecmp(ri->nickname, ent->nickname)) { found = i; break; } } if (found >= 0) { /* if so, decide whether to update it. */ if (ent->published >= ri->published_on) { /* We already have a newer or equal-time descriptor */ log_fn(LOG_INFO,"We already have a new enough desc for nickname %s. Not adding.",ri->nickname); /* This isn't really an error; return success. */ routerinfo_free(ri); *desc = end; return 1; } /* We don't have a newer one; we'll update this one. */ log_fn(LOG_INFO,"Dirserv updating desc for nickname %s",ri->nickname); free_descriptor_entry(ent); smartlist_del_keeporder(descriptor_list, found); } else { /* Add at the end. */ log_fn(LOG_INFO,"Dirserv adding desc for nickname %s",ri->nickname); } ent = tor_malloc(sizeof(descriptor_entry_t)); ent->nickname = tor_strdup(ri->nickname); ent->published = ri->published_on; ent->desc_len = desc_len; ent->descriptor = tor_strndup(start,desc_len); ent->router = ri; ent->verified = verified; smartlist_add(descriptor_list, ent); *desc = end; directory_set_dirty(); return 1; } /** Remove all descriptors whose nicknames or fingerprints we don't * recognize. (Descriptors that used to be good can become * unrecognized when we reload the fingerprint list.) */ static void directory_remove_unrecognized(void) { int i; descriptor_entry_t *ent; if (!descriptor_list) descriptor_list = smartlist_create(); for (i = 0; i < smartlist_len(descriptor_list); ++i) { ent = smartlist_get(descriptor_list, i); if (dirserv_router_fingerprint_is_known(ent->router)<=0) { log(LOG_INFO, "Router %s is no longer recognized", ent->nickname); free_descriptor_entry(ent); smartlist_del(descriptor_list, i--); } } } /** Mark the directory as dirty -- when we're next asked for a * directory, we will rebuild it instead of reusing the most recently * generated one. */ void directory_set_dirty() { time_t now = time(NULL); if(!the_directory_is_dirty) the_directory_is_dirty = now; if(!runningrouters_is_dirty) runningrouters_is_dirty = now; } /** Load all descriptors from a directory stored in the string * dir. */ int dirserv_load_from_directory_string(const char *dir) { const char *cp = dir; while(1) { cp = strstr(cp, "\nrouter "); if (!cp) break; ++cp; if (dirserv_add_descriptor(&cp) < 0) { return -1; } --cp; /*Back up to newline.*/ } return 0; } /** * Allocate and return a description of the status of the server desc, * for use in a running-routers line (if rr_format is true), or in a * router-status line (if rr_format is false. The server is listed * as running iff is_live is true. */ static char * list_single_server_status(descriptor_entry_t *desc, int is_live, int rr_format) { char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */ char *cp; tor_assert(desc); tor_assert(desc->router); cp = buf; if (!is_live) { *cp++ = '!'; } if (desc->verified) { strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf)); cp += strlen(cp); if (!rr_format) *cp++ = '='; } if (!desc->verified || !rr_format) { *cp++ = '$'; base16_encode(cp, HEX_DIGEST_LEN+1, desc->router->identity_digest, DIGEST_LEN); } return tor_strdup(buf); } /** Allocate the contents of a running-routers line and a router-status line, * and store them in *running_routers_out and *router_status_out * respectively. Return 0 on success, -1 on failure. */ static int list_server_status(char **running_routers_out, char **router_status_out) { /* List of entries in running-routers style: An optional !, then either * a nickname or a dollar-prefixed hexdigest. */ smartlist_t *rr_entries; /* List of entries in a router-status style: An optional !, then an optional * equals-suffixed nickname, then a dollar-prefixed hexdigest. */ smartlist_t *rs_entries; tor_assert(running_routers_out || router_status_out); rr_entries = smartlist_create(); rs_entries = smartlist_create(); SMARTLIST_FOREACH(descriptor_list, descriptor_entry_t *, d, { int is_live; connection_t *conn; tor_assert(d->router); conn = connection_get_by_identity_digest( d->router->identity_digest, CONN_TYPE_OR); /* Treat a router as alive if * - It's me, and I'm not hibernating. * or - we're connected to it. */ is_live = (router_is_me(d->router) && !we_are_hibernating()) || (conn && conn->state == OR_CONN_STATE_OPEN); smartlist_add(rr_entries, list_single_server_status(d, is_live, 1)); smartlist_add(rs_entries, list_single_server_status(d, is_live, 0)); }); if (running_routers_out) *running_routers_out = smartlist_join_strings(rr_entries, " ", 0,NULL); if (router_status_out) *router_status_out = smartlist_join_strings(rs_entries, " ", 0,NULL); SMARTLIST_FOREACH(rr_entries, char *, cp, tor_free(cp)); SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp)); smartlist_free(rr_entries); smartlist_free(rs_entries); return 0; } /** Remove any descriptors from the directory that are more than age * seconds old. */ void dirserv_remove_old_servers(int age) { int i; time_t cutoff; descriptor_entry_t *ent; if (!descriptor_list) descriptor_list = smartlist_create(); cutoff = time(NULL) - age; for (i = 0; i < smartlist_len(descriptor_list); ++i) { ent = smartlist_get(descriptor_list, i); if (ent->published <= cutoff) { /* descriptor_list[i] is too old. Remove it. */ free_descriptor_entry(ent); smartlist_del(descriptor_list, i--); directory_set_dirty(); } } } /** Dump all routers currently in the directory into the string * s, using at most maxlen characters, and signing the * directory with private_key. Return 0 on success, -1 on * failure. */ int dirserv_dump_directory_to_string(char *s, size_t maxlen, crypto_pk_env_t *private_key) { char *eos, *cp; char *running_routers, *router_status; char *identity_pkey; /* Identity key, DER64-encoded. */ char *recommended_versions; char digest[20]; char signature[128]; char published[33]; time_t published_on; int i; eos = s+maxlen; if (!descriptor_list) descriptor_list = smartlist_create(); if (list_server_status(&running_routers, &router_status)) return -1; /* ASN.1-encode the public key. This is a temporary measure; once * everyone is running 0.0.9pre3 or later, we can shift to using a * PEM-encoded key instead. */ #if 1 if(crypto_pk_DER64_encode_public_key(private_key, &identity_pkey)<0) { log_fn(LOG_WARN,"write identity_pkey to string failed!"); return -1; } #else { int l; if(crypto_pk_write_public_key_to_string(private_key, &identity_pkey, &l)<0){ log_fn(LOG_WARN,"write identity_pkey to string failed!"); return -1; } } #endif { smartlist_t *versions; struct config_line_t *ln; versions = smartlist_create(); for (ln = get_options()->RecommendedVersions; ln; ln = ln->next) { smartlist_split_string(versions, ln->value, ",", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); } recommended_versions = smartlist_join_strings(versions,",",0,NULL); SMARTLIST_FOREACH(versions,char *,s,tor_free(s)); smartlist_free(versions); } dirserv_remove_old_servers(ROUTER_MAX_AGE); published_on = time(NULL); format_iso_time(published, published_on); tor_snprintf(s, maxlen, "signed-directory\n" "published %s\n" "recommended-software %s\n" "running-routers %s\n" "opt router-status %s\n" "opt dir-signing-key %s\n\n", published, recommended_versions, running_routers, router_status, identity_pkey); tor_free(running_routers); tor_free(router_status); tor_free(identity_pkey); i = strlen(s); cp = s+i; SMARTLIST_FOREACH(descriptor_list, descriptor_entry_t *, d, if (strlcat(s, d->descriptor, maxlen) >= maxlen) goto truncated); /* These multiple strlcat calls are inefficient, but dwarfed by the RSA signature. */ if (strlcat(s, "directory-signature ", maxlen) >= maxlen) goto truncated; if (strlcat(s, get_options()->Nickname, maxlen) >= maxlen) goto truncated; if (strlcat(s, "\n", maxlen) >= maxlen) goto truncated; if (router_get_dir_hash(s,digest)) { log_fn(LOG_WARN,"couldn't compute digest"); return -1; } if (crypto_pk_private_sign(private_key, signature, digest, 20) < 0) { log_fn(LOG_WARN,"couldn't sign digest"); return -1; } log(LOG_DEBUG,"generated directory digest begins with %s",hex_str(digest,4)); if (strlcat(cp, "-----BEGIN SIGNATURE-----\n", maxlen) >= maxlen) goto truncated; i = strlen(s); cp = s+i; if (base64_encode(cp, maxlen-i, signature, 128) < 0) { log_fn(LOG_WARN,"couldn't base64-encode signature"); return -1; } if (strlcat(s, "-----END SIGNATURE-----\n", maxlen) >= maxlen) goto truncated; return 0; truncated: log_fn(LOG_WARN,"tried to exceed string length."); return -1; } /** Most recently generated encoded signed directory. */ static char *the_directory = NULL; static size_t the_directory_len = 0; static char *the_directory_z = NULL; static size_t the_directory_z_len = 0; static char *cached_directory = NULL; /* used only by non-auth dirservers */ static size_t cached_directory_len = 0; static char *cached_directory_z = NULL; static size_t cached_directory_z_len = 0; static time_t cached_directory_published = 0; /** If we have no cached directory, or it is older than when, then * replace it with directory, published at when. */ void dirserv_set_cached_directory(const char *directory, time_t when) { time_t now; char filename[512]; tor_assert(!get_options()->AuthoritativeDir); now = time(NULL); if (when<=cached_directory_published) { log_fn(LOG_INFO, "Ignoring old directory; not caching."); } else if (when>=now+ROUTER_ALLOW_SKEW) { log_fn(LOG_INFO, "Ignoring future directory; not caching."); } else if (when>cached_directory_published && whenDataDirectory); if(write_str_to_file(filename,cached_directory,0) < 0) { log_fn(LOG_WARN, "Couldn't write cached directory to disk. Ignoring."); } } } /** Set *directory to the most recently generated encoded signed * directory, generating a new one as necessary. */ size_t dirserv_get_directory(const char **directory, int compress) { if (!get_options()->AuthoritativeDir) { if (compress?cached_directory_z:cached_directory) { *directory = compress?cached_directory_z:cached_directory; return compress?cached_directory_z_len:cached_directory_len; } else { /* no directory yet retrieved */ return 0; } } if (the_directory_is_dirty && the_directory_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL)) { if (dirserv_regenerate_directory()) return 0; } else { log(LOG_INFO,"Directory still clean, reusing."); } *directory = compress ? the_directory_z : the_directory; return compress ? the_directory_z_len : the_directory_len; } /** * Generate a fresh directory (authdirservers only.) */ static int dirserv_regenerate_directory(void) { char *new_directory; new_directory = tor_malloc(MAX_DIR_SIZE); if (dirserv_dump_directory_to_string(new_directory, MAX_DIR_SIZE, get_identity_key())) { log(LOG_WARN, "Error creating directory."); tor_free(new_directory); return -1; } tor_free(the_directory); the_directory = new_directory; the_directory_len = strlen(the_directory); log_fn(LOG_INFO,"New directory (size %d):\n%s",(int)the_directory_len, the_directory); tor_free(the_directory_z); if (tor_gzip_compress(&the_directory_z, &the_directory_z_len, the_directory, the_directory_len, ZLIB_METHOD)) { log_fn(LOG_WARN, "Error gzipping directory."); return -1; } /* Now read the directory we just made in order to update our own * router lists. This does more signature checking than is strictly * necessary, but safe is better than sorry. */ new_directory = tor_strdup(the_directory); /* use a new copy of the dir, since get_dir_from_string scribbles on it */ if (router_load_routerlist_from_directory(new_directory, get_identity_key(), 1)) { log_fn(LOG_ERR, "We just generated a directory we can't parse. Dying."); tor_cleanup(); exit(0); } tor_free(new_directory); the_directory_is_dirty = 0; return 0; } static char *runningrouters_string=NULL; static size_t runningrouters_len=0; /** Replace the current running-routers list with a newly generated one. */ static int generate_runningrouters(crypto_pk_env_t *private_key) { char *s=NULL, *cp; char *router_status=NULL; char digest[DIGEST_LEN]; char signature[PK_BYTES]; int i; char published[33]; size_t len; time_t published_on; char *identity_pkey; /* Identity key, DER64-encoded. */ len = 1024+(MAX_HEX_NICKNAME_LEN+2)*smartlist_len(descriptor_list); s = tor_malloc_zero(len); if (list_server_status(NULL, &router_status)) { goto err; } /* ASN.1-encode the public key. This is a temporary measure; once * everyone is running 0.0.9pre3 or later, we can shift to using a * PEM-encoded key instead. */ #if 1 if(crypto_pk_DER64_encode_public_key(private_key, &identity_pkey)<0) { log_fn(LOG_WARN,"write identity_pkey to string failed!"); goto err; } #else { int l; if(crypto_pk_write_public_key_to_string(private_key, &identity_pkey, &l)<0){ log_fn(LOG_WARN,"write identity_pkey to string failed!"); goto err; } } #endif published_on = time(NULL); format_iso_time(published, published_on); tor_snprintf(s, len, "network-status\n" "published %s\n" "router-status %s\n" "opt dir-signing-key %s\n" "directory-signature %s\n" "-----BEGIN SIGNATURE-----\n", published, router_status, identity_pkey, get_options()->Nickname); tor_free(router_status); tor_free(identity_pkey); if (router_get_runningrouters_hash(s,digest)) { log_fn(LOG_WARN,"couldn't compute digest"); goto err; } if (crypto_pk_private_sign(private_key, signature, digest, 20) < 0) { log_fn(LOG_WARN,"couldn't sign digest"); goto err; } i = strlen(s); cp = s+i; if (base64_encode(cp, len-i, signature, 128) < 0) { log_fn(LOG_WARN,"couldn't base64-encode signature"); goto err; } if (strlcat(s, "-----END SIGNATURE-----\n", len) >= len) { goto err; } tor_free(runningrouters_string); runningrouters_string = s; runningrouters_len = strlen(s); runningrouters_is_dirty = 0; return 0; err: tor_free(s); tor_free(router_status); return -1; } /** Set *rr to the most recently generated encoded signed * running-routers list, generating a new one as necessary. Return the * size of the directory on success, and 0 on failure. */ size_t dirserv_get_runningrouters(const char **rr) { if (runningrouters_is_dirty && runningrouters_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL)) { if(generate_runningrouters(get_identity_key())) { log_fn(LOG_ERR, "Couldn't generate running-routers list?"); return 0; } } *rr = runningrouters_string; return runningrouters_len; } /* Local Variables: mode:c indent-tabs-mode:nil c-basic-offset:2 End: */