[tor-commits] [tor/master] Allow listing ed25519 fingerprints on the command line
dgoulet at torproject.org
dgoulet at torproject.org
Tue Nov 17 16:27:28 UTC 2020
commit 1588767e655f87f49cf0f71d6e604117be52a135
Author: Neel Chauhan <neel at neelc.org>
Date: Tue Oct 20 16:13:26 2020 -0700
Allow listing ed25519 fingerprints on the command line
---
changes/ticket33632 | 5 +++++
doc/man/tor.1.txt | 5 +++--
src/app/config/config.c | 1 +
src/app/main/main.c | 40 ++++++++++++++++++++++++++++++++--------
4 files changed, 41 insertions(+), 10 deletions(-)
diff --git a/changes/ticket33632 b/changes/ticket33632
new file mode 100644
index 0000000000..9d813feaf2
--- /dev/null
+++ b/changes/ticket33632
@@ -0,0 +1,5 @@
+ o Minor features (relay fingerprint, command line):
+ - Allow a relay operator to list the ed25519 keys on the command line
+ by adding the `rsa` and `ed25519` arguments to the --list-fingerprint
+ flag to show the respective RSA and ed25519 relay fingerprint. Closes
+ ticket 33632. Patch by Neel Chauhan.
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index ab273925b1..e886d6f801 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -91,8 +91,9 @@ The following options in this section are only recognized on the
[[opt-hash-password]] **`--hash-password`** __PASSWORD__::
Generate a hashed password for control port access.
-[[opt-list-fingerprint]] **`--list-fingerprint`**::
- Generate your keys and output your nickname and fingerprint.
+[[opt-list-fingerprint]] **`--list-fingerprint`** [__key type__]::
+ Generate your keys and output your nickname and fingerprint. Optionally,
+ you can specify the key type as `rsa` (default) or `ed25519`.
[[opt-verify-config]] **`--verify-config`**::
Verify whether the configuration file is valid.
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 04a82a5c43..b5cc382258 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -2466,6 +2466,7 @@ static const struct {
.command=CMD_DUMP_CONFIG,
.quiet=QUIET_SILENT },
{ .name="--list-fingerprint",
+ .takes_argument=ARGUMENT_OPTIONAL,
.command=CMD_LIST_FINGERPRINT },
{ .name="--keygen",
.command=CMD_KEYGEN },
diff --git a/src/app/main/main.c b/src/app/main/main.c
index 31a6fa52ba..e7ffb31b4f 100644
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -58,6 +58,7 @@
#include "feature/stats/rephist.h"
#include "lib/compress/compress.h"
#include "lib/buf/buffers.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_s2k.h"
#include "lib/net/resolve.h"
@@ -735,29 +736,52 @@ tor_remove_file(const char *filename)
static int
do_list_fingerprint(void)
{
- char buf[FINGERPRINT_LEN+1];
+ const or_options_t *options = get_options();
+ const char *arg = options->command_arg;
+ char rsa[FINGERPRINT_LEN + 1];
crypto_pk_t *k;
- const char *nickname = get_options()->Nickname;
+ const ed25519_public_key_t *edkey;
+ const char *nickname = options->Nickname;
sandbox_disable_getaddrinfo_cache();
- if (!server_mode(get_options())) {
+
+ bool show_rsa = !strcmp(arg, "") || !strcmp(arg, "rsa");
+ bool show_ed25519 = !strcmp(arg, "ed25519");
+ if (!show_rsa && !show_ed25519) {
+ log_err(LD_GENERAL,
+ "If you give a key type, you must specify 'rsa' or 'ed25519'. Exiting.");
+ return -1;
+ }
+
+ if (!server_mode(options)) {
log_err(LD_GENERAL,
"Clients don't have long-term identity keys. Exiting.");
return -1;
}
tor_assert(nickname);
if (init_keys() < 0) {
- log_err(LD_GENERAL,"Error initializing keys; exiting.");
+ log_err(LD_GENERAL, "Error initializing keys; exiting.");
return -1;
}
if (!(k = get_server_identity_key())) {
- log_err(LD_GENERAL,"Error: missing identity key.");
+ log_err(LD_GENERAL, "Error: missing RSA identity key.");
+ return -1;
+ }
+ if (crypto_pk_get_fingerprint(k, rsa, 1) < 0) {
+ log_err(LD_BUG, "Error computing RSA fingerprint");
return -1;
}
- if (crypto_pk_get_fingerprint(k, buf, 1)<0) {
- log_err(LD_BUG, "Error computing fingerprint");
+ if (!(edkey = get_master_identity_key())) {
+ log_err(LD_GENERAL,"Error: missing ed25519 identity key.");
return -1;
}
- printf("%s %s\n", nickname, buf);
+ if (show_rsa) {
+ printf("%s %s\n", nickname, rsa);
+ }
+ if (show_ed25519) {
+ char ed25519[ED25519_BASE64_LEN + 1];
+ digest256_to_base64(ed25519, (const char *) edkey->pubkey);
+ printf("%s %s\n", nickname, ed25519);
+ }
return 0;
}
More information about the tor-commits
mailing list