[tor-commits] [tor/master] # This is a combination of 2 commits.
nickm at torproject.org
nickm at torproject.org
Thu May 28 15:06:55 UTC 2015
commit 57189acd6f6b56a419d63a7acb012a9b8abac319
Author: Nick Mathewson <nickm at torproject.org>
Date: Sun Mar 1 14:36:40 2015 +0100
# This is a combination of 2 commits.
# The first commit's message is:
Regenerate ed25519 keys when they will expire soon.
Also, have testing-level options to set the lifetimes and
expiration-tolerances of all key types, plus a non-testing-level
option to set the lifetime of any auto-generated signing key.
# The 2nd commit message will be skipped:
# fixup! Regenerate ed25519 keys when they will expire soon.
---
src/or/config.c | 20 ++++++++++++++++++++
src/or/main.c | 13 +++++++++++++
src/or/or.h | 15 +++++++++++++++
src/or/routerkeys.c | 34 ++++++++++++++++++++++++----------
src/or/routerkeys.h | 2 ++
src/test/test_routerkeys.c | 7 +++++++
6 files changed, 81 insertions(+), 10 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index 5ba8c99..34e7e76 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -298,6 +298,7 @@ static config_var_t option_vars_[] = {
VAR("ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL),
V(ServerTransportListenAddr, LINELIST, NULL),
V(ServerTransportOptions, LINELIST, NULL),
+ V(SigningKeyLifetime, INTERVAL, "30 days"),
V(Socks4Proxy, STRING, NULL),
V(Socks5Proxy, STRING, NULL),
V(Socks5ProxyUsername, STRING, NULL),
@@ -356,6 +357,13 @@ static config_var_t option_vars_[] = {
V(TestingTorNetwork, BOOL, "0"),
V(TestingMinExitFlagThreshold, MEMUNIT, "0"),
V(TestingMinFastFlagThreshold, MEMUNIT, "0"),
+
+ V(TestingLinkKeyLifetime, INTERVAL, "2 days"),
+ V(TestingAuthKeyLifetime, INTERVAL, "2 days"),
+ V(TestingLinkKeySlop, INTERVAL, "3 hours"),
+ V(TestingAuthKeySlop, INTERVAL, "3 hours"),
+ V(TestingSigningKeySlop, INTERVAL, "1 day"),
+
V(OptimisticData, AUTOBOOL, "auto"),
V(PortForwarding, BOOL, "0"),
V(PortForwardingHelper, FILENAME, "tor-fw-helper"),
@@ -3625,8 +3633,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
CHECK_DEFAULT(TestingDescriptorMaxDownloadTries);
CHECK_DEFAULT(TestingMicrodescMaxDownloadTries);
CHECK_DEFAULT(TestingCertMaxDownloadTries);
+ CHECK_DEFAULT(TestingAuthKeyLifetime);
+ CHECK_DEFAULT(TestingLinkKeyLifetime);
+ CHECK_DEFAULT(TestingSigningKeySlop);
+ CHECK_DEFAULT(TestingAuthKeySlop);
+ CHECK_DEFAULT(TestingLinkKeySlop);
#undef CHECK_DEFAULT
+ if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
+ REJECT("SigningKeyLifetime is too short.");
+ if (options->TestingLinkKeyLifetime < options->TestingAuthKeySlop*2)
+ REJECT("LinkKeyLifetime is too short.");
+ if (options->TestingAuthKeyLifetime < options->TestingLinkKeySlop*2)
+ REJECT("AuthKeyLifetime is too short.");
+
if (options->TestingV3AuthInitialVotingInterval
< MIN_VOTE_INTERVAL_TESTING_INITIAL) {
REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
diff --git a/src/or/main.c b/src/or/main.c
index 70d075f..c4b5af4 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -134,6 +134,8 @@ time_t time_of_process_start = 0;
long stats_n_seconds_working = 0;
/** When do we next launch DNS wildcarding checks? */
static time_t time_to_check_for_correct_dns = 0;
+/** When do we next make sure our Ed25519 keys aren't about to expire? */
+static time_t time_to_check_ed_keys = 0;
/** How often will we honor SIGNEWNYM requests? */
#define MAX_SIGNEWNYM_RATE 10
@@ -1280,6 +1282,17 @@ run_scheduled_events(time_t now)
router_upload_dir_desc_to_dirservers(0);
}
+ if (is_server && time_to_check_ed_keys < now) {
+ if (should_make_new_ed_keys(options, now)) {
+ if (load_ed_keys(options, now) < 0) {
+ log_err(LD_OR, "Unable to update Ed25519 keys! Exiting.");
+ tor_cleanup();
+ exit(0);
+ }
+ }
+ time_to_check_ed_keys = now + 30;
+ }
+
if (!should_delay_dir_fetches(options, NULL) &&
time_to_try_getting_descriptors < now) {
update_all_descriptor_downloads(now);
diff --git a/src/or/or.h b/src/or/or.h
index b07a596..d45e19a 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4261,6 +4261,21 @@ typedef struct {
* XXXX Eventually, the default will be 0. */
int ExitRelay;
+
+ /** For how long (seconds) do we declare our singning keys to be valid? */
+ int SigningKeyLifetime;
+ /** For how long (seconds) do we declare our link keys to be valid? */
+ int TestingLinkKeyLifetime;
+ /** For how long (seconds) do we declare our auth keys to be valid? */
+ int TestingAuthKeyLifetime;
+
+ /** How long before signing keys expire will we try to make a new one? */
+ int TestingSigningKeySlop;
+ /** How long before link keys expire will we try to make a new one? */
+ int TestingLinkKeySlop;
+ /** How long before auth keys expire will we try to make a new one? */
+ int TestingAuthKeySlop;
+
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index ab12b90..2482f59 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -306,9 +306,6 @@ load_ed_keys(const or_options_t *options, time_t now)
/* XXXX support encrypted identity keys fully */
- /* XXXX use options. */
- (void) options;
-
/* First try to get the signing key to see how it is. */
if (master_signing_key) {
check_signing_cert = signing_key_cert;
@@ -329,7 +326,7 @@ load_ed_keys(const or_options_t *options, time_t now)
EXPIRES_SOON(check_signing_cert, 0);
const int want_new_signing_key =
need_new_signing_key ||
- EXPIRES_SOON(check_signing_cert, 86400/*???*/);
+ EXPIRES_SOON(check_signing_cert, options->TestingSigningKeySlop);
{
uint32_t flags =
@@ -365,7 +362,7 @@ load_ed_keys(const or_options_t *options, time_t now)
options_get_datadir_fname2(options, "keys", "ed25519_signing"),
flags, LOG_WARN,
sign_signing_key_with_id, now,
- 30*86400/*XXX option*/,
+ options->SigningKeyLifetime,
CERT_TYPE_ID_SIGNING, &sign_cert);
if (!sign)
FAIL("Missing signing key");
@@ -383,18 +380,22 @@ load_ed_keys(const or_options_t *options, time_t now)
* it, if we loaded it in the first place. */
memwipe(id->seckey.seckey, 0, sizeof(id->seckey));
- if (!current_link_key || EXPIRES_SOON(link_key_cert, 7200/*???*/)) {
+ if (!current_link_key ||
+ EXPIRES_SOON(link_key_cert, options->TestingLinkKeySlop)) {
link = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT,
- now, 2*86400/*XXX option??*/,
+ now,
+ options->TestingLinkKeyLifetime,
CERT_TYPE_SIGNING_LINK, &link_cert);
if (!link)
FAIL("Can't create link key");
}
- if (!current_auth_key || EXPIRES_SOON(auth_key_cert, 7200)/*???*/) {
+ if (!current_auth_key ||
+ EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop)) {
auth = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT,
- now, 2*86400/*XXX option??*/,
+ now,
+ options->TestingAuthKeyLifetime,
CERT_TYPE_SIGNING_AUTH, &auth_cert);
if (!auth)
@@ -434,9 +435,22 @@ load_ed_keys(const or_options_t *options, time_t now)
#undef FAIL
#undef SET_KEY
#undef SET_CERT
-#undef EXPIRES_SOON
}
+int
+should_make_new_ed_keys(const or_options_t *options, const time_t now)
+{
+ return (!master_identity_key ||
+ !master_signing_key ||
+ !current_link_key ||
+ !current_auth_key ||
+ EXPIRES_SOON(signing_key_cert, options->TestingSigningKeySlop) ||
+ EXPIRES_SOON(link_key_cert, options->TestingLinkKeySlop) ||
+ EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop));
+}
+
+#undef EXPIRES_SOON
+
const ed25519_public_key_t *
get_master_identity_key(void)
{
diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h
index 6c188b7..0c50429 100644
--- a/src/or/routerkeys.h
+++ b/src/or/routerkeys.h
@@ -55,6 +55,8 @@ int check_tap_onion_key_crosscert(const uint8_t *crosscert,
const uint8_t *rsa_id_digest);
int load_ed_keys(const or_options_t *options, time_t now);
+int should_make_new_ed_keys(const or_options_t *options, const time_t now);
+
void routerkeys_free_all(void);
#endif
diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c
index 2434255..4917424 100644
--- a/src/test/test_routerkeys.c
+++ b/src/test/test_routerkeys.c
@@ -419,6 +419,13 @@ test_routerkeys_ed_keys_init_all(void *arg)
ed25519_keypair_t sign, link, auth;
// tor_cert_t *cert_is, *cert_sl, *cert_auth;
+ options->SigningKeyLifetime = 30*86400;
+ options->TestingAuthKeyLifetime = 2*86400;
+ options->TestingLinkKeyLifetime = 2*86400;
+ options->TestingSigningKeySlop = 2*86400;
+ options->TestingAuthKeySlop = 2*3600;
+ options->TestingLinkKeySlop = 2*3600;
+
#ifdef _WIN32
mkdir(dir);
mkdir(get_fname("test_ed_keys_init_all/keys"));
More information about the tor-commits
mailing list