Merge 4856f75 into d8ac7d5

src/common/crypto.c

@@ -1318,8 +1318,8 @@ crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
 /** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
  * storing it into <b>out</b>.
  */
-void
-crypto_strongest_rand(uint8_t *out, size_t out_len)
+MOCK_IMPL(void,
+crypto_strongest_rand,(uint8_t *out, size_t out_len))
 {
 #define DLEN SHA512_DIGEST_LENGTH
   /* We're going to hash DLEN bytes from the system RNG together with some

src/common/crypto.h

@@ -109,7 +109,7 @@ int crypto_expand_key_material_rfc5869_sha256(
 int crypto_seed_rng(void) ATTR_WUR;
 MOCK_DECL(void,crypto_rand,(char *to, size_t n));
 void crypto_rand_unmocked(char *to, size_t n);
-void crypto_strongest_rand(uint8_t *out, size_t out_len);
+MOCK_DECL(void,crypto_strongest_rand,(uint8_t *out, size_t out_len));
 int crypto_rand_int(unsigned int max);
 int crypto_rand_int_range(unsigned int min, unsigned int max);
 uint64_t crypto_rand_uint64_range(uint64_t min, uint64_t max);

src/common/crypto_curve25519.h

@@ -81,6 +81,10 @@ int curve25519_public_from_base64(curve25519_public_key_t *pkey,
                                   const char *input);
 int curve25519_public_to_base64(char *output,
                                 const curve25519_public_key_t *pkey);
+int curve25519_secret_to_base64(char *output,
+                                const curve25519_secret_key_t *skey);
+int curve25519_secret_from_base64(curve25519_secret_key_t *skey,
+                                  const char *input);
 
 void curve25519_set_impl_params(int use_ed);
 void curve25519_init(void);

src/common/crypto_format.c

@@ -162,14 +162,52 @@ curve25519_public_from_base64(curve25519_public_key_t *pkey,
   }
 }
 
+/** Encode <b>skey</b> as a base64-encoded string, with trailing "="
+ * characters, in the buffer <b>output</b>, which must have at least
+ * CURVE25519_BASE64_PADDED_LEN+1 bytes available. Return 0 on success, -1 on
+ * failure. */
+int
+curve25519_secret_to_base64(char *output,
+                            const curve25519_secret_key_t *skey)
+{
+  char buf[128];
+  base64_encode(buf, sizeof(buf),
+                (const char*)skey->secret_key, CURVE25519_SECKEY_LEN, 0);
+  buf[CURVE25519_BASE64_PADDED_LEN] = '\0';
+  memcpy(output, buf, CURVE25519_BASE64_PADDED_LEN+1);
+  return 0;
+}
+
+/** Try to decode a base64-encoded curve25519 secret key from <b>input</b>
+ * into the object at <b>skey</b>. Return 0 on success, -1 on failure.
+ * Accepts keys with or without a trailing "=". */
+int
+curve25519_secret_from_base64(curve25519_secret_key_t *skey,
+                              const char *input)
+{
+  size_t len = strlen(input);
+  if (len == CURVE25519_BASE64_PADDED_LEN - 1) {
+    /* not padded */
+    return digest256_from_base64((char*)skey->secret_key, input);
+  } else if (len == CURVE25519_BASE64_PADDED_LEN) {
+    char buf[128];
+    if (base64_decode(buf, sizeof(buf), input, len) != CURVE25519_SECKEY_LEN)
+      return -1;
+    memcpy(skey->secret_key, buf, CURVE25519_SECKEY_LEN);
+    return 0;
+  } else {
+    return -1;
+  }
+}
+
 /** For logging convenience: Convert <b>pkey</b> to a statically allocated
  * base64 string and return it. Not threadsafe. Format not meant to be
  * computer-readable; it may change in the future. Subsequent calls invalidate
  * previous returns. */
 const char *
 ed25519_fmt(const ed25519_public_key_t *pkey)
 {
-  static char formatted[ED25519_BASE64_LEN+1];
+  static char formatted[ED25519_PUBKEY_BASE64_LEN+1];
   if (pkey) {
     if (ed25519_public_key_is_zero(pkey)) {
       strlcpy(formatted, "<unset>", sizeof(formatted));
@@ -194,7 +232,7 @@ ed25519_public_from_base64(ed25519_public_key_t *pkey,
 }
 
 /** Encode the public key <b>pkey</b> into the buffer at <b>output</b>,
- * which must have space for ED25519_BASE64_LEN bytes of encoded key,
+ * which must have space for ED25519_PUBKEY_BASE64_LEN bytes of encoded key,
  * plus one byte for a terminating NUL.  Return 0 on success, -1 on failure.
  */
 int
@@ -204,6 +242,40 @@ ed25519_public_to_base64(char *output,
   return digest256_to_base64(output, (const char *)pkey->pubkey);
 }
 
+/** Try to decode the string <b>input</b> into an ed25519 secret key. On
+ * success, store the value in <b>skey</b> and return 0. Otherwise return
+ * -1. */
+int
+ed25519_secret_from_base64(ed25519_secret_key_t *skey,
+                           const char *input)
+{
+  size_t len = strlen(input);
+  /* No matter whether the input is padded or not,
+   * we should be able to decode it. */
+  if (len == ED25519_SECKEY_BASE64_LEN) {
+    /* not padded */
+    return digest512_from_base64((char*)skey->seckey, input);
+  } else if (len == ED25519_SECKEY_BASE64_PADDED_LEN) {
+    char buf[128];
+    if (base64_decode(buf, sizeof(buf), input, len) != ED25519_SECKEY_LEN)
+      return -1;
+    memcpy(skey->seckey, buf, ED25519_SECKEY_LEN);
+    return 0;
+  } else {
+    return -1;
+  }
+}
+
+/** Encode the secret key <b>skey</b> into the buffer at <b>output</b>,
+ * which must have space for ED25519_SECKEY_BASE64_LEN bytes of encoded key,
+ * plus one byte for a terminating NUL. Return 0 on success, -1 on failure. */
+int
+ed25519_secret_to_base64(char *output,
+                         const ed25519_secret_key_t *skey)
+{
+  return digest512_to_base64(output, (const char *)skey->seckey);
+}
+
 /** Encode the signature <b>sig</b> into the buffer at <b>output</b>,
  * which must have space for ED25519_SIG_BASE64_LEN bytes of encoded signature,
  * plus one byte for a terminating NUL.  Return 0 on success, -1 on failure.
@@ -297,3 +369,30 @@ digest256_from_base64(char *digest, const char *d64)
     return -1;
 }
 
+/** Base64 encode DIGEST512_LINE bytes from <b>digest</b>, remove the
+ * trailing = characters, and store the nul-terminated result in the first
+ * BASE64_DIGEST512_LEN+1 bytes of <b>d64</b>. */
+ /* XXXX unify with crypto_format.c code */
+int
+digest512_to_base64(char *d64, const char *digest)
+{
+  char buf[256];
+  base64_encode(buf, sizeof(buf), digest, DIGEST512_LEN, 0);
+  buf[BASE64_DIGEST512_LEN] = '\0';
+  memcpy(d64, buf, BASE64_DIGEST512_LEN+1);
+  return 0;
+}
+
+/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
+ * trailing newline or = characters), decode it and store the result in the
+ * first DIGEST512_LEN bytes at <b>digest</b>. */
+/* XXXX unify with crypto_format.c code */
+int
+digest512_from_base64(char *digest, const char *d64)
+{
+  if (base64_decode(digest, DIGEST512_LEN, d64, strlen(d64)) == DIGEST512_LEN)
+    return 0;
+  else
+    return -1;
+}
+

src/common/crypto_format.h

@@ -23,11 +23,17 @@ ssize_t crypto_read_tagged_contents_from_file(const char *fname,
                                               uint8_t *data_out,
                                               ssize_t data_out_len);
 
-#define ED25519_BASE64_LEN 43
+#define ED25519_SECKEY_BASE64_PADDED_LEN 88
+#define ED25519_SECKEY_BASE64_LEN 86
+#define ED25519_PUBKEY_BASE64_LEN 43
 int ed25519_public_from_base64(ed25519_public_key_t *pkey,
                                const char *input);
 int ed25519_public_to_base64(char *output,
                              const ed25519_public_key_t *pkey);
+int ed25519_secret_from_base64(ed25519_secret_key_t *skey,
+                               const char *input);
+int ed25519_secret_to_base64(char *output,
+                             const ed25519_secret_key_t *skey);
 const char *ed25519_fmt(const ed25519_public_key_t *pkey);
 
 /* XXXX move these to crypto_format.h */
@@ -42,6 +48,8 @@ int digest_to_base64(char *d64, const char *digest);
 int digest_from_base64(char *digest, const char *d64);
 int digest256_to_base64(char *d64, const char *digest);
 int digest256_from_base64(char *digest, const char *d64);
+int digest512_to_base64(char *d64, const char *digest);
+int digest512_from_base64(char *digest, const char *d64);
 
 #endif /* !defined(TOR_CRYPTO_FORMAT_H) */
 

src/or/config.c

@@ -1873,7 +1873,7 @@ options_act(const or_options_t *old_options)
     // LCOV_EXCL_STOP
   }
 
-  if (running_tor && rend_parse_service_authorization(options, 0) < 0) {
+  if (running_tor && hs_config_client_auth_all(options, 0) < 0) {
     // LCOV_EXCL_START
     log_warn(LD_BUG, "Previously validated client authorization for "
                      "hidden services could not be added!");
@@ -4326,7 +4326,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
     REJECT("Failed to configure rendezvous options. See logs for details.");
 
   /* Parse client-side authorization for hidden services. */
-  if (rend_parse_service_authorization(options, 1) < 0)
+  if (hs_config_client_auth_all(options, 1) < 0)
     REJECT("Failed to configure client authorization for hidden services. "
            "See logs for details.");
 

src/or/connection_or.c

@@ -1892,8 +1892,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
     /* I was aiming for a particular digest. I didn't get it! */
     char seen_rsa[HEX_DIGEST_LEN+1];
     char expected_rsa[HEX_DIGEST_LEN+1];
-    char seen_ed[ED25519_BASE64_LEN+1];
-    char expected_ed[ED25519_BASE64_LEN+1];
+    char seen_ed[ED25519_PUBKEY_BASE64_LEN+1];
+    char expected_ed[ED25519_PUBKEY_BASE64_LEN+1];
     base16_encode(seen_rsa, sizeof(seen_rsa),
                   (const char*)rsa_peer_id, DIGEST_LEN);
     base16_encode(expected_rsa, sizeof(expected_rsa), conn->identity_digest,

src/or/directory.c

@@ -1837,7 +1837,7 @@ directory_send_command(dir_connection_t *conn,
       break;
     case DIR_PURPOSE_FETCH_HSDESC:
       tor_assert(resource);
-      tor_assert(strlen(resource) <= ED25519_BASE64_LEN);
+      tor_assert(strlen(resource) <= ED25519_PUBKEY_BASE64_LEN);
       tor_assert(!payload);
       httpcommand = "GET";
       tor_asprintf(&url, "/tor/hs/3/%s", resource);

src/or/dirvote.c

@@ -3870,7 +3870,7 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
   }
 
   if (consensus_method >= MIN_METHOD_FOR_ID_HASH_IN_MD) {
-    char idbuf[ED25519_BASE64_LEN+1];
+    char idbuf[ED25519_PUBKEY_BASE64_LEN+1];
     const char *keytype;
     if (consensus_method >= MIN_METHOD_FOR_ED25519_ID_IN_MD &&
         ri->cache_info.signing_key_cert &&