Tor
0.4.7.0-alpha-dev
|
Functions and structures to handle generating and maintaining the set of keypairs necessary to be an OR. More...
#include "core/or/or.h"
#include "app/config/config.h"
#include "feature/relay/router.h"
#include "feature/relay/routerkeys.h"
#include "feature/relay/routermode.h"
#include "feature/keymgt/loadkey.h"
#include "feature/nodelist/torcert.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/tls/tortls.h"
#include "lib/tls/x509.h"
Go to the source code of this file.
Functions | |
int | load_ed_keys (const or_options_t *options, time_t now) |
int | generate_ed_link_cert (const or_options_t *options, time_t now, int force) |
int | should_make_new_ed_keys (const or_options_t *options, const time_t now) |
static void | print_cert_expiration (const char *expiration, const char *description) |
static void | log_ed_cert_expiration (const tor_cert_t *cert, const char *description, const char *fname, key_expiration_format_t time_format) |
static int | log_master_signing_key_cert_expiration (const or_options_t *options) |
int | log_cert_expiration (void) |
const ed25519_public_key_t * | get_master_identity_key (void) |
int | router_ed25519_id_is_me (const ed25519_public_key_t *id) |
const ed25519_keypair_t * | get_master_signing_keypair (void) |
const struct tor_cert_st * | get_master_signing_key_cert (void) |
const ed25519_keypair_t * | get_current_auth_keypair (void) |
const tor_cert_t * | get_current_link_cert_cert (void) |
const tor_cert_t * | get_current_auth_key_cert (void) |
void | get_master_rsa_crosscert (const uint8_t **cert_out, size_t *size_out) |
tor_cert_t * | make_ntor_onion_key_crosscert (const curve25519_keypair_t *onion_key, const ed25519_public_key_t *master_id_key, time_t now, time_t lifetime, int *sign_out) |
uint8_t * | make_tap_onion_key_crosscert (const crypto_pk_t *onion_key, const ed25519_public_key_t *master_id_key, const crypto_pk_t *rsa_id_key, int *len_out) |
void | routerkeys_free_all (void) |
Variables | |
static ed25519_keypair_t * | master_identity_key = NULL |
static ed25519_keypair_t * | master_signing_key = NULL |
static ed25519_keypair_t * | current_auth_key = NULL |
static tor_cert_t * | signing_key_cert = NULL |
static tor_cert_t * | link_cert_cert = NULL |
static tor_cert_t * | auth_key_cert = NULL |
static uint8_t * | rsa_ed_crosscert = NULL |
static size_t | rsa_ed_crosscert_len = 0 |
static time_t | rsa_ed_crosscert_expiration = 0 |
Functions and structures to handle generating and maintaining the set of keypairs necessary to be an OR.
The keys handled here now are the Ed25519 keys that Tor relays use to sign descriptors, authenticate themselves on links, and identify one another uniquely. Other keys are maintained in router.c and rendservice.c.
(TODO: The keys in router.c should go here too.)
Definition in file routerkeys.c.
#define FAIL | ( | msg | ) |
#define SET_CERT | ( | cert, | |
newval | |||
) |
#define SET_KEY | ( | key, | |
newval | |||
) |
int generate_ed_link_cert | ( | const or_options_t * | options, |
time_t | now, | ||
int | force | ||
) |
Retrieve our currently-in-use Ed25519 link certificate and id certificate, and, if they would expire soon (based on the time now, generate new certificates (without embedding the public part of the signing key inside). If force is true, always generate a new certificate.
The signed_key from the current id->signing certificate will be used to sign the new key within newly generated X509 certificate.
Returns -1 upon error. Otherwise, returns 0 upon success (either when the current certificate is still valid, or when a new certificate was successfully generated, or no certificate was needed).
Definition at line 365 of file routerkeys.c.
int load_ed_keys | ( | const or_options_t * | options, |
time_t | now | ||
) |
Running as a server: load, reload, or refresh our ed25519 keys and certificates, creating and saving new ones as needed.
Return -1 on failure; 0 on success if the signing key was not replaced; and 1 on success if the signing key was replaced.
Definition at line 55 of file routerkeys.c.
int log_cert_expiration | ( | void | ) |
Log when a key certificate expires. Used when tor is given the –key-expiration command-line option.
If an command argument is given, which should specify the type of key to get expiry information about (currently supported arguments are "sign"), get info about that type of certificate. Otherwise, print info about the supported arguments.
Returns 0 on success and -1 on failure.
Definition at line 606 of file routerkeys.c.
|
static |
Log when a certificate, cert, with some description and stored in a file named fname, is going to expire. Formats the expire time according to time_format.
Definition at line 524 of file routerkeys.c.
|
static |
Log when our master signing key certificate expires. Used when tor is given the –key-expiration command-line option.
Returns 0 on success and 1 on failure.
Definition at line 560 of file routerkeys.c.
Referenced by log_cert_expiration().
tor_cert_t* make_ntor_onion_key_crosscert | ( | const curve25519_keypair_t * | onion_key, |
const ed25519_public_key_t * | master_id_key, | ||
time_t | now, | ||
time_t | lifetime, | ||
int * | sign_out | ||
) |
Construct cross-certification for the master identity key with the ntor onion key. Store the sign of the corresponding ed25519 public key in *sign_out.
Definition at line 689 of file routerkeys.c.
uint8_t* make_tap_onion_key_crosscert | ( | const crypto_pk_t * | onion_key, |
const ed25519_public_key_t * | master_id_key, | ||
const crypto_pk_t * | rsa_id_key, | ||
int * | len_out | ||
) |
Construct and return an RSA signature for the TAP onion key to cross-certify the RSA and Ed25519 identity keys. Set len_out to its length.
Definition at line 712 of file routerkeys.c.
|
static |
Print the ISO8601-formated expiration for a certificate with some description to stdout.
For example, for a signing certificate, this might print out: signing-cert-expiry: 2017-07-25 08:30:15 UTC
Definition at line 512 of file routerkeys.c.
int router_ed25519_id_is_me | ( | const ed25519_public_key_t * | id | ) |
Return true iff id is our Ed25519 master identity key.
Definition at line 631 of file routerkeys.c.
int should_make_new_ed_keys | ( | const or_options_t * | options, |
const time_t | now | ||
) |
Return 1 if any of the following are true:
Otherwise, returns 0.
Definition at line 419 of file routerkeys.c.