Commit 57189acd authored by Nick Mathewson's avatar Nick Mathewson 👁
Browse files

# This is a combination of 2 commits.

# The first commit's message is:

Regenerate ed25519 keys when they will expire soon.

Also, have testing-level options to set the lifetimes and
expiration-tolerances of all key types, plus a non-testing-level
option to set the lifetime of any auto-generated signing key.

# The 2nd commit message will be skipped:

#	fixup! Regenerate ed25519 keys when they will expire soon.
parent 64450c5f
......@@ -298,6 +298,7 @@ static config_var_t option_vars_[] = {
VAR("ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL),
V(ServerTransportListenAddr, LINELIST, NULL),
V(ServerTransportOptions, LINELIST, NULL),
V(SigningKeyLifetime, INTERVAL, "30 days"),
V(Socks4Proxy, STRING, NULL),
V(Socks5Proxy, STRING, NULL),
V(Socks5ProxyUsername, STRING, NULL),
......@@ -356,6 +357,13 @@ static config_var_t option_vars_[] = {
V(TestingTorNetwork, BOOL, "0"),
V(TestingMinExitFlagThreshold, MEMUNIT, "0"),
V(TestingMinFastFlagThreshold, MEMUNIT, "0"),
V(TestingLinkKeyLifetime, INTERVAL, "2 days"),
V(TestingAuthKeyLifetime, INTERVAL, "2 days"),
V(TestingLinkKeySlop, INTERVAL, "3 hours"),
V(TestingAuthKeySlop, INTERVAL, "3 hours"),
V(TestingSigningKeySlop, INTERVAL, "1 day"),
V(OptimisticData, AUTOBOOL, "auto"),
V(PortForwarding, BOOL, "0"),
V(PortForwardingHelper, FILENAME, "tor-fw-helper"),
......@@ -3625,8 +3633,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
CHECK_DEFAULT(TestingDescriptorMaxDownloadTries);
CHECK_DEFAULT(TestingMicrodescMaxDownloadTries);
CHECK_DEFAULT(TestingCertMaxDownloadTries);
CHECK_DEFAULT(TestingAuthKeyLifetime);
CHECK_DEFAULT(TestingLinkKeyLifetime);
CHECK_DEFAULT(TestingSigningKeySlop);
CHECK_DEFAULT(TestingAuthKeySlop);
CHECK_DEFAULT(TestingLinkKeySlop);
#undef CHECK_DEFAULT
if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
REJECT("SigningKeyLifetime is too short.");
if (options->TestingLinkKeyLifetime < options->TestingAuthKeySlop*2)
REJECT("LinkKeyLifetime is too short.");
if (options->TestingAuthKeyLifetime < options->TestingLinkKeySlop*2)
REJECT("AuthKeyLifetime is too short.");
if (options->TestingV3AuthInitialVotingInterval
< MIN_VOTE_INTERVAL_TESTING_INITIAL) {
REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
......
......@@ -134,6 +134,8 @@ time_t time_of_process_start = 0;
long stats_n_seconds_working = 0;
/** When do we next launch DNS wildcarding checks? */
static time_t time_to_check_for_correct_dns = 0;
/** When do we next make sure our Ed25519 keys aren't about to expire? */
static time_t time_to_check_ed_keys = 0;
/** How often will we honor SIGNEWNYM requests? */
#define MAX_SIGNEWNYM_RATE 10
......@@ -1280,6 +1282,17 @@ run_scheduled_events(time_t now)
router_upload_dir_desc_to_dirservers(0);
}
if (is_server && time_to_check_ed_keys < now) {
if (should_make_new_ed_keys(options, now)) {
if (load_ed_keys(options, now) < 0) {
log_err(LD_OR, "Unable to update Ed25519 keys! Exiting.");
tor_cleanup();
exit(0);
}
}
time_to_check_ed_keys = now + 30;
}
if (!should_delay_dir_fetches(options, NULL) &&
time_to_try_getting_descriptors < now) {
update_all_descriptor_downloads(now);
......
......@@ -4261,6 +4261,21 @@ typedef struct {
* XXXX Eventually, the default will be 0. */
int ExitRelay;
/** For how long (seconds) do we declare our singning keys to be valid? */
int SigningKeyLifetime;
/** For how long (seconds) do we declare our link keys to be valid? */
int TestingLinkKeyLifetime;
/** For how long (seconds) do we declare our auth keys to be valid? */
int TestingAuthKeyLifetime;
/** How long before signing keys expire will we try to make a new one? */
int TestingSigningKeySlop;
/** How long before link keys expire will we try to make a new one? */
int TestingLinkKeySlop;
/** How long before auth keys expire will we try to make a new one? */
int TestingAuthKeySlop;
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
......
......@@ -306,9 +306,6 @@ load_ed_keys(const or_options_t *options, time_t now)
/* XXXX support encrypted identity keys fully */
/* XXXX use options. */
(void) options;
/* First try to get the signing key to see how it is. */
if (master_signing_key) {
check_signing_cert = signing_key_cert;
......@@ -329,7 +326,7 @@ load_ed_keys(const or_options_t *options, time_t now)
EXPIRES_SOON(check_signing_cert, 0);
const int want_new_signing_key =
need_new_signing_key ||
EXPIRES_SOON(check_signing_cert, 86400/*???*/);
EXPIRES_SOON(check_signing_cert, options->TestingSigningKeySlop);
{
uint32_t flags =
......@@ -365,7 +362,7 @@ load_ed_keys(const or_options_t *options, time_t now)
options_get_datadir_fname2(options, "keys", "ed25519_signing"),
flags, LOG_WARN,
sign_signing_key_with_id, now,
30*86400/*XXX option*/,
options->SigningKeyLifetime,
CERT_TYPE_ID_SIGNING, &sign_cert);
if (!sign)
FAIL("Missing signing key");
......@@ -383,18 +380,22 @@ load_ed_keys(const or_options_t *options, time_t now)
* it, if we loaded it in the first place. */
memwipe(id->seckey.seckey, 0, sizeof(id->seckey));
if (!current_link_key || EXPIRES_SOON(link_key_cert, 7200/*???*/)) {
if (!current_link_key ||
EXPIRES_SOON(link_key_cert, options->TestingLinkKeySlop)) {
link = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT,
now, 2*86400/*XXX option??*/,
now,
options->TestingLinkKeyLifetime,
CERT_TYPE_SIGNING_LINK, &link_cert);
if (!link)
FAIL("Can't create link key");
}
if (!current_auth_key || EXPIRES_SOON(auth_key_cert, 7200)/*???*/) {
if (!current_auth_key ||
EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop)) {
auth = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT,
now, 2*86400/*XXX option??*/,
now,
options->TestingAuthKeyLifetime,
CERT_TYPE_SIGNING_AUTH, &auth_cert);
if (!auth)
......@@ -434,9 +435,22 @@ load_ed_keys(const or_options_t *options, time_t now)
#undef FAIL
#undef SET_KEY
#undef SET_CERT
#undef EXPIRES_SOON
}
int
should_make_new_ed_keys(const or_options_t *options, const time_t now)
{
return (!master_identity_key ||
!master_signing_key ||
!current_link_key ||
!current_auth_key ||
EXPIRES_SOON(signing_key_cert, options->TestingSigningKeySlop) ||
EXPIRES_SOON(link_key_cert, options->TestingLinkKeySlop) ||
EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop));
}
#undef EXPIRES_SOON
const ed25519_public_key_t *
get_master_identity_key(void)
{
......
......@@ -55,6 +55,8 @@ int check_tap_onion_key_crosscert(const uint8_t *crosscert,
const uint8_t *rsa_id_digest);
int load_ed_keys(const or_options_t *options, time_t now);
int should_make_new_ed_keys(const or_options_t *options, const time_t now);
void routerkeys_free_all(void);
#endif
......
......@@ -419,6 +419,13 @@ test_routerkeys_ed_keys_init_all(void *arg)
ed25519_keypair_t sign, link, auth;
// tor_cert_t *cert_is, *cert_sl, *cert_auth;
options->SigningKeyLifetime = 30*86400;
options->TestingAuthKeyLifetime = 2*86400;
options->TestingLinkKeyLifetime = 2*86400;
options->TestingSigningKeySlop = 2*86400;
options->TestingAuthKeySlop = 2*3600;
options->TestingLinkKeySlop = 2*3600;
#ifdef _WIN32
mkdir(dir);
mkdir(get_fname("test_ed_keys_init_all/keys"));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment