This module implements a key-pinning mechanism to ensure that it's
safe to use RSA keys as identitifers even as we migrate to Ed25519
keys.  It remembers, for every Ed25519 key we've seen, what the
associated Ed25519 key is.  This way, if we see a different Ed25519
key with that RSA key, we'll know that there's a mismatch.

We persist these entries to disk using a simple format, where each
line has a base64-encoded RSA SHA1 hash, then a base64-endoded
Ed25519 key.  Empty lines, misformed lines, and lines beginning with
a # are ignored. Lines beginning with @ are reserved for future
extensions.

Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.

Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.

Now that we have ed25519 keys, we can sign descriptors with them
and check those signatures as documented in proposal 220.

For prop220, we have a new ed25519 certificate type. This patch
implements the code to create, parse, and validate those, along with
code for routers to maintain their own sets of certificates and
keys.  (Some parts of master identity key encryption are done, but
the implementation of that isn't finished)

Report errors if the notification fails; report success only if it
succeeds; and if we are not notifying systemd because we aren't
running with systemd, don't log at notice.

Fixes #15012; bug not in any released Tor

Fixes bug 15003; bugfix on 0.2.6.3-alpha.

We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket().  Fixes bug 14989, bugfix on 0.2.6.3-alpha.

rl1987 authored 10 years ago and Nick Mathewson committed 10 years ago

Since resolve_my_address() yields IP address in host order there is
no need to use byteorder functions for conversion.

We were sending values that were truncated by the length of the
annotations.