17#define ROUTERKEYS_PRIVATE
34#define ENC_KEY_HEADER "Boxed Ed25519 key"
35#define ENC_KEY_TAG "master"
48static uint8_t *rsa_ed_crosscert = NULL;
49static size_t rsa_ed_crosscert_len = 0;
50static time_t rsa_ed_crosscert_expiration = 0;
73 int signing_key_changed = 0;
77 tor_assert_nonfatal(now >= 2 * 365 * 86400);
79#define FAIL(msg) do { \
80 log_warn(LD_OR, (msg)); \
83#define SET_KEY(key, newval) do { \
84 if ((key) != (newval)) \
85 ed25519_keypair_free(key); \
88#define SET_CERT(cert, newval) do { \
89 if ((cert) != (newval)) \
90 tor_cert_free(cert); \
93#define HAPPENS_SOON(when, interval) \
94 ((when) < now + (interval))
95#define EXPIRES_SOON(cert, interval) \
96 (!(cert) || HAPPENS_SOON((cert)->valid_until, (interval)))
106 INIT_ED_KEY_NEEDCERT|
107 INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT,
109 NULL, 0, 0, CERT_TYPE_ID_SIGNING, &sign_cert, options);
111 check_signing_cert = sign_cert;
117 if (! master_signing_key) {
119 signing_key_changed = 1;
121 &master_signing_key->pubkey) ||
123 master_signing_key->seckey.
seckey,
126 signing_key_changed = 1;
130 if (!use_signing && master_signing_key) {
132 check_signing_cert = signing_key_cert;
133 use_signing = master_signing_key;
136 const int offline_master =
138 const int need_new_signing_key =
139 NULL == use_signing ||
140 EXPIRES_SOON(check_signing_cert, 0) ||
142 const int want_new_signing_key =
143 need_new_signing_key ||
149 const int can_make_master_id_key = !offline_master &&
152 if (need_new_signing_key) {
153 log_notice(
LD_OR,
"It looks like I need to generate and sign a new "
154 "medium-term signing key, because %s. To do that, I "
155 "need to load%s the permanent master identity key. "
156 "If the master identity key was not moved or encrypted "
157 "with a passphrase, this will be done automatically and "
158 "no further action is required. Otherwise, provide the "
159 "necessary data using 'tor --keygen' to do it manually.",
160 (NULL == use_signing) ?
"I don't have one" :
161 EXPIRES_SOON(check_signing_cert, 0) ?
"the one I have is expired" :
162 "you asked me to make one with --keygen",
163 can_make_master_id_key ?
" (or create)" :
"");
164 }
else if (want_new_signing_key && !offline_master) {
165 log_notice(
LD_OR,
"It looks like I should try to generate and sign a "
166 "new medium-term signing key, because the one I have is "
167 "going to expire soon. To do that, I'm going to have to "
168 "try to load the permanent master identity key. "
169 "If the master identity key was not moved or encrypted "
170 "with a passphrase, this will be done automatically and "
171 "no further action is required. Otherwise, provide the "
172 "necessary data using 'tor --keygen' to do it manually.");
173 }
else if (want_new_signing_key) {
174 log_notice(
LD_OR,
"It looks like I should try to generate and sign a "
175 "new medium-term signing key, because the one I have is "
176 "going to expire soon. But OfflineMasterKey is set, so I "
177 "won't try to load a permanent master identity key. You "
178 "will need to use 'tor --keygen' to make a new signing "
179 "key and certificate.");
185 INIT_ED_KEY_EXTRA_STRONG|INIT_ED_KEY_NO_REPAIR);
186 if (can_make_master_id_key)
187 flags |= INIT_ED_KEY_CREATE;
188 if (! need_new_signing_key)
189 flags |= INIT_ED_KEY_MISSING_SECRET_OK;
190 if (! want_new_signing_key || offline_master)
191 flags |= INIT_ED_KEY_OMIT_SECRET;
193 flags |= INIT_ED_KEY_OFFLINE_SECRET;
195 flags |= INIT_ED_KEY_TRY_ENCRYPTED;
202 if (options->master_key_fname) {
203 fname = tor_strdup(options->master_key_fname);
204 flags |= INIT_ED_KEY_EXPLICIT_FNAME;
211 LOG_WARN, NULL, 0, 0, 0, NULL, options);
214 if (need_new_signing_key) {
216 FAIL(
"Can't load master identity key; OfflineMasterKey is set.");
218 FAIL(
"Missing identity key");
220 log_warn(
LD_OR,
"Master public key was absent; inferring from "
221 "public key in signing certificate and saving to disk.");
223 id = tor_malloc_zero(
sizeof(*
id));
224 memcpy(&id->pubkey, &check_signing_cert->
signing_key,
227 "ed25519_master_id_public_key");
229 log_warn(
LD_OR,
"Error while attempting to write master public key "
238 sign_signing_key_with_id = NULL;
240 sign_signing_key_with_id = id;
243 if (master_identity_key &&
245 FAIL(
"Identity key on disk does not match key we loaded earlier!");
248 if (need_new_signing_key && NULL == sign_signing_key_with_id)
249 FAIL(
"Can't load master key make a new signing key.");
253 FAIL(
"Loaded a signing cert with no key included!");
255 FAIL(
"The signing cert we have was not signed with the master key "
258 log_warn(
LD_OR,
"The signing cert we loaded was not signed "
265 if (want_new_signing_key && sign_signing_key_with_id) {
266 uint32_t flags = (INIT_ED_KEY_CREATE|
268 INIT_ED_KEY_EXTRA_STRONG|
269 INIT_ED_KEY_NEEDCERT|
270 INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT);
273 ed25519_keypair_free(sign);
274 tor_cert_free(sign_cert);
277 sign_signing_key_with_id, now,
279 CERT_TYPE_ID_SIGNING, &sign_cert, options);
282 FAIL(
"Missing signing key");
284 signing_key_changed = 1;
289 }
else if (want_new_signing_key) {
290 static ratelim_t missing_master = RATELIM_INIT(3600);
292 "Signing key will expire soon, but I can't load the "
293 "master key to sign a new one!");
306 (!rsa_ed_crosscert ||
307 HAPPENS_SOON(rsa_ed_crosscert_expiration, 30*86400))) {
309 time_t expiration = now+6*30*86400;
311 get_server_identity_key(),
315 rsa_ed_crosscert_len = crosscert_len;
316 rsa_ed_crosscert = crosscert;
317 rsa_ed_crosscert_expiration = expiration;
320 if (!current_auth_key ||
321 signing_key_changed ||
323 auth =
ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT,
326 CERT_TYPE_SIGNING_AUTH, &auth_cert);
329 FAIL(
"Can't create auth key");
335 if (! master_identity_key) {
336 SET_KEY(master_identity_key,
id);
341 SET_KEY(master_signing_key, sign);
342 SET_CERT(signing_key_cert, sign_cert);
345 SET_KEY(current_auth_key, auth);
346 SET_CERT(auth_key_cert, auth_cert);
349 return signing_key_changed;
351 ed25519_keypair_free(
id);
352 ed25519_keypair_free(sign);
353 ed25519_keypair_free(auth);
354 tor_cert_free(sign_cert);
355 tor_cert_free(auth_cert);
376 const tor_x509_cert_t *link_ = NULL, *
id = NULL;
384 log_warn(
LD_OR,
"Can't get my x509 link cert.");
399 CERT_TYPE_SIGNING_LINK,
400 SIGNED_KEY_TYPE_SHA256_OF_X509,
401 (
const uint8_t*)digests->
d[DIGEST_SHA256],
406 SET_CERT(link_cert_cert, link_cert);
429 if (!master_identity_key ||
430 !master_signing_key ||
438 const tor_x509_cert_t *link_ = NULL, *
id = NULL;
461init_mock_ed_keys(
const crypto_pk_t *rsa_identity_key)
463 routerkeys_free_all();
466 k = tor_malloc_zero(sizeof(*k)); \
467 if (ed25519_keypair_generate(k, 0) < 0) { \
468 log_warn(LD_BUG, "Couldn't make a keypair"); \
471 MAKEKEY(master_identity_key);
472 MAKEKEY(master_signing_key);
473 MAKEKEY(current_auth_key);
474#define MAKECERT(cert, signing, signed_, type, flags) \
475 cert = tor_cert_create_ed25519(signing, \
481 log_warn(LD_BUG, "Couldn't make a %s certificate!", #cert); \
485 MAKECERT(signing_key_cert,
486 master_identity_key, master_signing_key, CERT_TYPE_ID_SIGNING,
487 CERT_FLAG_INCLUDE_SIGNING_KEY);
488 MAKECERT(auth_key_cert,
489 master_signing_key, current_auth_key, CERT_TYPE_SIGNING_AUTH, 0);
492 log_warn(
LD_BUG,
"Couldn't make link certificate");
497 &master_identity_key->pubkey,
505 routerkeys_free_all();
521 const char *description)
523 fprintf(stderr,
"%s-cert-expiry: %s\n", description, expiration);
533 const char *description,
537 log_warn(
LD_OR,
"No %s key loaded; can't get certificate expiration.",
540 char expiration[ISO_TIME_LEN+1];
541 switch (time_format) {
542 case KEY_EXPIRATION_FORMAT_ISO8601:
546 case KEY_EXPIRATION_FORMAT_TIMESTAMP:
552 log_err(
LD_BUG,
"Unknown time format value: %d.", time_format);
555 log_notice(
LD_OR,
"The %s certificate stored in %s is valid until %s.",
556 description, fname, expiration);
578 signing_key = get_master_signing_key_cert();
585 signing_key = get_master_signing_key_cert();
593 log_warn(
LD_OR,
"Could not load signing key certificate from %s, so " \
594 "we couldn't learn anything about certificate expiration.", fn);
619 if (!strcmp(arg,
"sign")) {
622 fprintf(stderr,
"No valid argument to --key-expiration found!\n");
623 fprintf(stderr,
"Currently recognised arguments are: 'sign'\n");
630get_master_identity_key(
void)
632 if (!master_identity_key)
634 return &master_identity_key->pubkey;
641 return id && master_identity_key &&
649get_master_identity_keypair(
void)
651 return master_identity_key;
656get_master_signing_keypair,(
void))
658 return master_signing_key;
662get_master_signing_key_cert,(
void))
664 return signing_key_cert;
668get_current_auth_keypair(
void)
670 return current_auth_key;
674get_current_link_cert_cert(
void)
676 return link_cert_cert;
680get_current_auth_key_cert(
void)
682 return auth_key_cert;
688#define FAMILY_KEY_SUFFIX ".secret_family_key"
711 if (ed25519_pubkey_eq(k, id))
734#define FAMILY_KEY_FILE_TAG "fmly-id"
748 log_warn(
LD_OR,
"Unable to list contents of directory %s", keydir);
757 } SMARTLIST_FOREACH_END(fn);
762 smartlist_free(result);
766 smartlist_free(files);
808 if (BUG(!options) || BUG(!keydir))
814 char *tag_tmp = NULL;
817 if (key_files == NULL) {
823 kp_tmp = tor_malloc_zero(
sizeof(*kp_tmp));
827 log_warn(
LD_OR,
"%s was not an ed25519 secret key.", fn);
831 log_warn(
LD_OR,
"%s was not a family ID key.", fn);
835 log_warn(
LD_OR,
"Unable to generate public key for %s", fn);
843 log_warn(
LD_OR,
"Found secret family key in %s "
844 "with unexpected FamilyID %s",
848 ed25519_keypair_free(kp_tmp);
850 } SMARTLIST_FOREACH_END(fn);
858 smartlist_free(key_files);
862 ed25519_keypair_free(kp));
863 smartlist_free(new_keys);
866 ed25519_keypair_free(kp_tmp);
881 log_warn(
LD_BUG,
"Can't generate ed25519 key!");
887 log_warn(
LD_BUG,
"Can't write key to file.");
898 ed25519_keypair_free(kp);
919 bool any_missing =
false;
923 log_err(
LD_OR,
"No key was found for listed FamilyID %s",
927 } SMARTLIST_FOREACH_END(
id);
931 log_info(
LD_OR,
"Found %d family ID keys",
940#define FAMILY_INFO_URL \
941 "https://community.torproject.org/relay/setup/post-install/family-ids/"
951 static int have_warned_absent_myfamily = 0;
952 static int have_warned_absent_familykeys = 0;
955 if (!have_warned_absent_myfamily &&
958 "FamilyId was configured, but MyFamily was not. "
959 "FamilyId is good, but the Tor network still requires "
960 "MyFamily while clients are migrating to use family "
962 have_warned_absent_myfamily = 1;
965 if (!have_warned_absent_familykeys &&
969 "MyFamily was configured, but FamilyId was not. "
970 "It's a good time to start migrating your relays "
971 "to use family keys. "
972 "See "FAMILY_INFO_URL
" for instructions.");
973 have_warned_absent_familykeys = 1;
991 if (family_id_keys == NULL)
993 return family_id_keys;
1005 if (family_id_keys) {
1007 ed25519_keypair_free(kp));
1008 smartlist_free(family_id_keys);
1010 family_id_keys = keys;
1014get_master_rsa_crosscert(
const uint8_t **cert_out,
1017 *cert_out = rsa_ed_crosscert;
1018 *size_out = rsa_ed_crosscert_len;
1037 master_id_key, now, lifetime, 0);
1040 memwipe(&ed_onion_key, 0,
sizeof(ed_onion_key));
1058 log_info(
LD_OR,
"crypto_pk_get_digest failed in "
1059 "make_tap_onion_key_crosscert!");
1065 (
char*)signature,
sizeof(signature),
1066 (
const char*)signed_data,
sizeof(signed_data));
1069 log_info(
LD_OR,
"crypto_pk_private_sign failed in "
1070 "make_tap_onion_key_crosscert!");
1076 return tor_memdup(signature, r);
1080routerkeys_free_all(
void)
1082 ed25519_keypair_free(master_identity_key);
1083 ed25519_keypair_free(master_signing_key);
1084 ed25519_keypair_free(current_auth_key);
1087 tor_cert_free(signing_key_cert);
1088 tor_cert_free(link_cert_cert);
1089 tor_cert_free(auth_key_cert);
1097 master_identity_key = master_signing_key = NULL;
1098 current_auth_key = NULL;
1099 signing_key_cert = link_cert_cert = auth_key_cert = NULL;
1100 rsa_ed_crosscert = NULL;
1101 rsa_ed_crosscert_len = 0;
int create_keys_directory(const or_options_t *options)
const or_options_t * get_options(void)
Header file for config.c.
#define options_get_keydir_fname(options, sub1)
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out, const ed25519_secret_key_t *seckey)
int ed25519_seckey_read_from_file(ed25519_secret_key_t *seckey_out, char **tag_out, const char *filename)
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
int ed25519_pubkey_write_to_file(const ed25519_public_key_t *pubkey, const char *filename, const char *tag)
int ed25519_seckey_write_to_file(const ed25519_secret_key_t *seckey, const char *filename, const char *tag)
int ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out, int *signbit_out, const curve25519_keypair_t *inp)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
int tor_memeq(const void *a, const void *b, size_t sz)
int safe_mem_is_zero(const void *mem, size_t sz)
#define fast_memeq(a, b, c)
smartlist_t * tor_listdir(const char *dirname)
Header file for dirvote.c.
#define MIN_METHOD_FOR_FAMILY_IDS
ed25519_keypair_t * ed_key_new(const ed25519_keypair_t *signing_key, uint32_t flags, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out)
ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
Header file for loadkey.c.
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Networkstatus consensus/vote structure.
Master header file for Tor-specific functionality.
int tor_snprintf(char *str, size_t size, const char *format,...)
bool should_publish_family_list(const networkstatus_t *ns)
int server_identity_key_is_set(void)
Header file for router.c.
static bool family_key_id_is_expected(const or_options_t *options, const ed25519_public_key_t *id)
STATIC void set_family_id_keys(smartlist_t *keys)
int load_ed_keys(const or_options_t *options, time_t now)
int should_make_new_ed_keys(const or_options_t *options, const time_t now)
int router_ed25519_id_is_me(const ed25519_public_key_t *id)
static smartlist_t * cached_family_key_file_list
STATIC int load_family_id_keys_impl(const or_options_t *options, const char *keydir)
static int log_master_signing_key_cert_expiration(const or_options_t *options)
STATIC bool is_family_key_fname(const char *fname)
void warn_about_family_id_config(const or_options_t *options, const networkstatus_t *ns)
uint8_t * make_tap_onion_key_crosscert(const crypto_pk_t *onion_key, const ed25519_public_key_t *master_id_key, const crypto_pk_t *rsa_id_key, int *len_out)
smartlist_t * list_family_key_files(const or_options_t *options, const char *keydir)
static bool family_key_is_present(const ed25519_public_key_t *id)
static void log_ed_cert_expiration(const tor_cert_t *cert, const char *description, const char *fname, key_expiration_format_t time_format)
const smartlist_t * get_current_family_id_keys(void)
#define FAMILY_KEY_FILE_TAG
static void print_cert_expiration(const char *expiration, const char *description)
tor_cert_t * make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key, const ed25519_public_key_t *master_id_key, time_t now, time_t lifetime, int *sign_out)
static smartlist_t * list_family_key_files_impl(const char *keydir)
int create_family_id_key(const char *fname, ed25519_public_key_t *pk_out)
int log_cert_expiration(void)
int generate_ed_link_cert(const or_options_t *options, time_t now, int force)
#define FAMILY_KEY_SUFFIX
int load_family_id_keys(const or_options_t *options, const networkstatus_t *ns)
int server_mode(const or_options_t *options)
Header file for routermode.c.
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
uint8_t seckey[ED25519_SECKEY_LEN]
struct config_line_t * MyFamily
char * FamilyKeyDirectory
int TestingAuthKeyLifetime
bool AllFamilyIdsExpected
int TestingLinkCertLifetime
int TestingSigningKeySlop
tor_cmdline_mode_t command
struct smartlist_t * FamilyIds
ed25519_public_key_t signing_key
ed25519_public_key_t signed_key
unsigned signing_key_included
#define MOCK_IMPL(rv, funcname, arglist)
void format_local_iso_time(char *buf, time_t t)
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
tor_cert_t * tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
tor_cert_t * tor_cert_create_raw(const ed25519_keypair_t *signing_key, uint8_t cert_type, uint8_t signed_key_type, const uint8_t signed_key_info[32], time_t now, time_t lifetime, uint32_t flags)
int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out)
#define tor_assert_nonfatal_unreached()
int strcmpend(const char *s1, const char *s2)
#define ED25519_SECKEY_LEN
#define ED25519_PUBKEY_LEN
const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)