29 #define ENC_KEY_HEADER "Boxed Ed25519 key"
30 #define ENC_KEY_TAG "master"
43 static uint8_t *rsa_ed_crosscert = NULL;
44 static size_t rsa_ed_crosscert_len = 0;
45 static time_t rsa_ed_crosscert_expiration = 0;
65 int signing_key_changed = 0;
69 tor_assert_nonfatal(now >= 2 * 365 * 86400);
71 #define FAIL(msg) do { \
72 log_warn(LD_OR, (msg)); \
75 #define SET_KEY(key, newval) do { \
76 if ((key) != (newval)) \
77 ed25519_keypair_free(key); \
80 #define SET_CERT(cert, newval) do { \
81 if ((cert) != (newval)) \
82 tor_cert_free(cert); \
85 #define HAPPENS_SOON(when, interval) \
86 ((when) < now + (interval))
87 #define EXPIRES_SOON(cert, interval) \
88 (!(cert) || HAPPENS_SOON((cert)->valid_until, (interval)))
99 INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT,
101 NULL, 0, 0, CERT_TYPE_ID_SIGNING, &sign_cert, options);
103 check_signing_cert = sign_cert;
109 if (! master_signing_key) {
111 signing_key_changed = 1;
113 &master_signing_key->pubkey) ||
115 master_signing_key->seckey.
seckey,
118 signing_key_changed = 1;
122 if (!use_signing && master_signing_key) {
124 check_signing_cert = signing_key_cert;
125 use_signing = master_signing_key;
128 const int offline_master =
130 const int need_new_signing_key =
131 NULL == use_signing ||
132 EXPIRES_SOON(check_signing_cert, 0) ||
134 const int want_new_signing_key =
135 need_new_signing_key ||
141 const int can_make_master_id_key = !offline_master &&
144 if (need_new_signing_key) {
145 log_notice(
LD_OR,
"It looks like I need to generate and sign a new "
146 "medium-term signing key, because %s. To do that, I "
147 "need to load%s the permanent master identity key. "
148 "If the master identity key was not moved or encrypted "
149 "with a passphrase, this will be done automatically and "
150 "no further action is required. Otherwise, provide the "
151 "necessary data using 'tor --keygen' to do it manually.",
152 (NULL == use_signing) ?
"I don't have one" :
153 EXPIRES_SOON(check_signing_cert, 0) ?
"the one I have is expired" :
154 "you asked me to make one with --keygen",
155 can_make_master_id_key ?
" (or create)" :
"");
156 }
else if (want_new_signing_key && !offline_master) {
157 log_notice(
LD_OR,
"It looks like I should try to generate and sign a "
158 "new medium-term signing key, because the one I have is "
159 "going to expire soon. To do that, I'm going to have to "
160 "try to load the permanent master identity key. "
161 "If the master identity key was not moved or encrypted "
162 "with a passphrase, this will be done automatically and "
163 "no further action is required. Otherwise, provide the "
164 "necessary data using 'tor --keygen' to do it manually.");
165 }
else if (want_new_signing_key) {
166 log_notice(
LD_OR,
"It looks like I should try to generate and sign a "
167 "new medium-term signing key, because the one I have is "
168 "going to expire soon. But OfflineMasterKey is set, so I "
169 "won't try to load a permanent master identity key. You "
170 "will need to use 'tor --keygen' to make a new signing "
171 "key and certificate.");
177 INIT_ED_KEY_EXTRA_STRONG|INIT_ED_KEY_NO_REPAIR);
178 if (can_make_master_id_key)
179 flags |= INIT_ED_KEY_CREATE;
180 if (! need_new_signing_key)
181 flags |= INIT_ED_KEY_MISSING_SECRET_OK;
182 if (! want_new_signing_key || offline_master)
183 flags |= INIT_ED_KEY_OMIT_SECRET;
185 flags |= INIT_ED_KEY_OFFLINE_SECRET;
187 flags |= INIT_ED_KEY_TRY_ENCRYPTED;
194 if (options->master_key_fname) {
195 fname = tor_strdup(options->master_key_fname);
196 flags |= INIT_ED_KEY_EXPLICIT_FNAME;
203 LOG_WARN, NULL, 0, 0, 0, NULL, options);
206 if (need_new_signing_key) {
208 FAIL(
"Can't load master identity key; OfflineMasterKey is set.");
210 FAIL(
"Missing identity key");
212 log_warn(
LD_OR,
"Master public key was absent; inferring from "
213 "public key in signing certificate and saving to disk.");
215 id = tor_malloc_zero(
sizeof(*
id));
216 memcpy(&id->pubkey, &check_signing_cert->
signing_key,
219 "ed25519_master_id_public_key");
221 log_warn(
LD_OR,
"Error while attempting to write master public key "
230 sign_signing_key_with_id = NULL;
232 sign_signing_key_with_id = id;
235 if (master_identity_key &&
237 FAIL(
"Identity key on disk does not match key we loaded earlier!");
240 if (need_new_signing_key && NULL == sign_signing_key_with_id)
241 FAIL(
"Can't load master key make a new signing key.");
245 FAIL(
"Loaded a signing cert with no key included!");
247 FAIL(
"The signing cert we have was not signed with the master key "
250 log_warn(
LD_OR,
"The signing cert we loaded was not signed "
257 if (want_new_signing_key && sign_signing_key_with_id) {
258 uint32_t flags = (INIT_ED_KEY_CREATE|
260 INIT_ED_KEY_EXTRA_STRONG|
261 INIT_ED_KEY_NEEDCERT|
262 INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT);
265 ed25519_keypair_free(sign);
266 tor_cert_free(sign_cert);
269 sign_signing_key_with_id, now,
271 CERT_TYPE_ID_SIGNING, &sign_cert, options);
274 FAIL(
"Missing signing key");
276 signing_key_changed = 1;
281 }
else if (want_new_signing_key) {
282 static ratelim_t missing_master = RATELIM_INIT(3600);
284 "Signing key will expire soon, but I can't load the "
285 "master key to sign a new one!");
298 (!rsa_ed_crosscert ||
299 HAPPENS_SOON(rsa_ed_crosscert_expiration, 30*86400))) {
301 time_t expiration = now+6*30*86400;
303 get_server_identity_key(),
307 rsa_ed_crosscert_len = crosscert_len;
308 rsa_ed_crosscert = crosscert;
309 rsa_ed_crosscert_expiration = expiration;
312 if (!current_auth_key ||
313 signing_key_changed ||
315 auth =
ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT,
318 CERT_TYPE_SIGNING_AUTH, &auth_cert);
321 FAIL(
"Can't create auth key");
327 if (! master_identity_key) {
328 SET_KEY(master_identity_key,
id);
333 SET_KEY(master_signing_key, sign);
334 SET_CERT(signing_key_cert, sign_cert);
337 SET_KEY(current_auth_key, auth);
338 SET_CERT(auth_key_cert, auth_cert);
341 return signing_key_changed;
343 ed25519_keypair_free(
id);
344 ed25519_keypair_free(sign);
345 ed25519_keypair_free(auth);
346 tor_cert_free(sign_cert);
347 tor_cert_free(auth_cert);
368 const tor_x509_cert_t *link_ = NULL, *
id = NULL;
376 log_warn(
LD_OR,
"Can't get my x509 link cert.");
391 CERT_TYPE_SIGNING_LINK,
392 SIGNED_KEY_TYPE_SHA256_OF_X509,
393 (
const uint8_t*)digests->
d[DIGEST_SHA256],
398 SET_CERT(link_cert_cert, link_cert);
421 if (!master_identity_key ||
422 !master_signing_key ||
430 const tor_x509_cert_t *link_ = NULL, *
id = NULL;
449 #ifdef TOR_UNIT_TESTS
453 init_mock_ed_keys(
const crypto_pk_t *rsa_identity_key)
455 routerkeys_free_all();
458 k = tor_malloc_zero(sizeof(*k)); \
459 if (ed25519_keypair_generate(k, 0) < 0) { \
460 log_warn(LD_BUG, "Couldn't make a keypair"); \
463 MAKEKEY(master_identity_key);
464 MAKEKEY(master_signing_key);
465 MAKEKEY(current_auth_key);
466 #define MAKECERT(cert, signing, signed_, type, flags) \
467 cert = tor_cert_create_ed25519(signing, \
473 log_warn(LD_BUG, "Couldn't make a %s certificate!", #cert); \
477 MAKECERT(signing_key_cert,
478 master_identity_key, master_signing_key, CERT_TYPE_ID_SIGNING,
479 CERT_FLAG_INCLUDE_SIGNING_KEY);
480 MAKECERT(auth_key_cert,
481 master_signing_key, current_auth_key, CERT_TYPE_SIGNING_AUTH, 0);
484 log_warn(
LD_BUG,
"Couldn't make link certificate");
489 &master_identity_key->pubkey,
497 routerkeys_free_all();
513 const char *description)
515 fprintf(stderr,
"%s-cert-expiry: %s\n", description, expiration);
525 const char *description,
529 log_warn(
LD_OR,
"No %s key loaded; can't get certificate expiration.",
532 char expiration[ISO_TIME_LEN+1];
533 switch (time_format) {
534 case KEY_EXPIRATION_FORMAT_ISO8601:
538 case KEY_EXPIRATION_FORMAT_TIMESTAMP:
544 log_err(
LD_BUG,
"Unknown time format value: %d.", time_format);
547 log_notice(
LD_OR,
"The %s certificate stored in %s is valid until %s.",
548 description, fname, expiration);
570 signing_key = get_master_signing_key_cert();
577 signing_key = get_master_signing_key_cert();
585 log_warn(
LD_OR,
"Could not load signing key certificate from %s, so " \
586 "we couldn't learn anything about certificate expiration.", fn);
611 if (!strcmp(arg,
"sign")) {
614 fprintf(stderr,
"No valid argument to --key-expiration found!\n");
615 fprintf(stderr,
"Currently recognised arguments are: 'sign'\n");
622 get_master_identity_key(
void)
624 if (!master_identity_key)
626 return &master_identity_key->pubkey;
633 return id && master_identity_key &&
637 #ifdef TOR_UNIT_TESTS
641 get_master_identity_keypair(
void)
643 return master_identity_key;
648 get_master_signing_keypair,(
void))
650 return master_signing_key;
654 get_master_signing_key_cert,(
void))
656 return signing_key_cert;
660 get_current_auth_keypair(
void)
662 return current_auth_key;
666 get_current_link_cert_cert(
void)
668 return link_cert_cert;
672 get_current_auth_key_cert(
void)
674 return auth_key_cert;
678 get_master_rsa_crosscert(
const uint8_t **cert_out,
681 *cert_out = rsa_ed_crosscert;
682 *size_out = rsa_ed_crosscert_len;
701 master_id_key, now, lifetime, 0);
704 memwipe(&ed_onion_key, 0,
sizeof(ed_onion_key));
722 log_info(
LD_OR,
"crypto_pk_get_digest failed in "
723 "make_tap_onion_key_crosscert!");
729 (
char*)signature,
sizeof(signature),
730 (
const char*)signed_data,
sizeof(signed_data));
733 log_info(
LD_OR,
"crypto_pk_private_sign failed in "
734 "make_tap_onion_key_crosscert!");
740 return tor_memdup(signature, r);
744 routerkeys_free_all(
void)
746 ed25519_keypair_free(master_identity_key);
747 ed25519_keypair_free(master_signing_key);
748 ed25519_keypair_free(current_auth_key);
749 tor_cert_free(signing_key_cert);
750 tor_cert_free(link_cert_cert);
751 tor_cert_free(auth_key_cert);
754 master_identity_key = master_signing_key = NULL;
755 current_auth_key = NULL;
756 signing_key_cert = link_cert_cert = auth_key_cert = NULL;
757 rsa_ed_crosscert = NULL;
758 rsa_ed_crosscert_len = 0;
const or_options_t * get_options(void)
int create_keys_directory(const or_options_t *options)
Header file for config.c.
#define options_get_keydir_fname(options, sub1)
int ed25519_pubkey_write_to_file(const ed25519_public_key_t *pubkey, const char *filename, const char *tag)
int ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out, int *signbit_out, const curve25519_keypair_t *inp)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
int tor_memeq(const void *a, const void *b, size_t sz)
int safe_mem_is_zero(const void *mem, size_t sz)
#define fast_memeq(a, b, c)
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
ed25519_keypair_t * ed_key_new(const ed25519_keypair_t *signing_key, uint32_t flags, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out)
Header file for loadkey.c.
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Master header file for Tor-specific functionality.
int tor_snprintf(char *str, size_t size, const char *format,...)
int server_identity_key_is_set(void)
Header file for router.c.
int load_ed_keys(const or_options_t *options, time_t now)
int should_make_new_ed_keys(const or_options_t *options, const time_t now)
int router_ed25519_id_is_me(const ed25519_public_key_t *id)
static int log_master_signing_key_cert_expiration(const or_options_t *options)
uint8_t * make_tap_onion_key_crosscert(const crypto_pk_t *onion_key, const ed25519_public_key_t *master_id_key, const crypto_pk_t *rsa_id_key, int *len_out)
static void log_ed_cert_expiration(const tor_cert_t *cert, const char *description, const char *fname, key_expiration_format_t time_format)
static void print_cert_expiration(const char *expiration, const char *description)
int log_cert_expiration(void)
int generate_ed_link_cert(const or_options_t *options, time_t now, int force)
tor_cert_t * make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key, const ed25519_public_key_t *master_id_key, time_t now, time_t lifetime, int *sign_out)
int server_mode(const or_options_t *options)
Header file for routermode.c.
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
uint8_t seckey[ED25519_SECKEY_LEN]
int TestingAuthKeyLifetime
int TestingLinkCertLifetime
int TestingSigningKeySlop
tor_cmdline_mode_t command
ed25519_public_key_t signing_key
ed25519_public_key_t signed_key
unsigned signing_key_included
#define MOCK_IMPL(rv, funcname, arglist)
void format_local_iso_time(char *buf, time_t t)
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
tor_cert_t * tor_cert_create_raw(const ed25519_keypair_t *signing_key, uint8_t cert_type, uint8_t signed_key_type, const uint8_t signed_key_info[32], time_t now, time_t lifetime, uint32_t flags)
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
tor_cert_t * tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out)
#define tor_assert_nonfatal_unreached()
#define ED25519_SECKEY_LEN
#define ED25519_PUBKEY_LEN
const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)