commit 57189acd6f6b56a419d63a7acb012a9b8abac319 Author: Nick Mathewson <nickm@torproject.org> Date: Sun Mar 1 14:36:40 2015 +0100 # This is a combination of 2 commits. # The first commit's message is: Regenerate ed25519 keys when they will expire soon. Also, have testing-level options to set the lifetimes and expiration-tolerances of all key types, plus a non-testing-level option to set the lifetime of any auto-generated signing key. # The 2nd commit message will be skipped: # fixup! Regenerate ed25519 keys when they will expire soon. --- src/or/config.c | 20 ++++++++++++++++++++ src/or/main.c | 13 +++++++++++++ src/or/or.h | 15 +++++++++++++++ src/or/routerkeys.c | 34 ++++++++++++++++++++++++---------- src/or/routerkeys.h | 2 ++ src/test/test_routerkeys.c | 7 +++++++ 6 files changed, 81 insertions(+), 10 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index 5ba8c99..34e7e76 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -298,6 +298,7 @@ static config_var_t option_vars_[] = { VAR("ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL), V(ServerTransportListenAddr, LINELIST, NULL), V(ServerTransportOptions, LINELIST, NULL), + V(SigningKeyLifetime, INTERVAL, "30 days"), V(Socks4Proxy, STRING, NULL), V(Socks5Proxy, STRING, NULL), V(Socks5ProxyUsername, STRING, NULL), @@ -356,6 +357,13 @@ static config_var_t option_vars_[] = { V(TestingTorNetwork, BOOL, "0"), V(TestingMinExitFlagThreshold, MEMUNIT, "0"), V(TestingMinFastFlagThreshold, MEMUNIT, "0"), + + V(TestingLinkKeyLifetime, INTERVAL, "2 days"), + V(TestingAuthKeyLifetime, INTERVAL, "2 days"), + V(TestingLinkKeySlop, INTERVAL, "3 hours"), + V(TestingAuthKeySlop, INTERVAL, "3 hours"), + V(TestingSigningKeySlop, INTERVAL, "1 day"), + V(OptimisticData, AUTOBOOL, "auto"), V(PortForwarding, BOOL, "0"), V(PortForwardingHelper, FILENAME, "tor-fw-helper"), @@ -3625,8 +3633,20 @@ options_validate(or_options_t *old_options, or_options_t *options, CHECK_DEFAULT(TestingDescriptorMaxDownloadTries); CHECK_DEFAULT(TestingMicrodescMaxDownloadTries); CHECK_DEFAULT(TestingCertMaxDownloadTries); + CHECK_DEFAULT(TestingAuthKeyLifetime); + CHECK_DEFAULT(TestingLinkKeyLifetime); + CHECK_DEFAULT(TestingSigningKeySlop); + CHECK_DEFAULT(TestingAuthKeySlop); + CHECK_DEFAULT(TestingLinkKeySlop); #undef CHECK_DEFAULT + if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2) + REJECT("SigningKeyLifetime is too short."); + if (options->TestingLinkKeyLifetime < options->TestingAuthKeySlop*2) + REJECT("LinkKeyLifetime is too short."); + if (options->TestingAuthKeyLifetime < options->TestingLinkKeySlop*2) + REJECT("AuthKeyLifetime is too short."); + if (options->TestingV3AuthInitialVotingInterval < MIN_VOTE_INTERVAL_TESTING_INITIAL) { REJECT("TestingV3AuthInitialVotingInterval is insanely low."); diff --git a/src/or/main.c b/src/or/main.c index 70d075f..c4b5af4 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -134,6 +134,8 @@ time_t time_of_process_start = 0; long stats_n_seconds_working = 0; /** When do we next launch DNS wildcarding checks? */ static time_t time_to_check_for_correct_dns = 0; +/** When do we next make sure our Ed25519 keys aren't about to expire? */ +static time_t time_to_check_ed_keys = 0; /** How often will we honor SIGNEWNYM requests? */ #define MAX_SIGNEWNYM_RATE 10 @@ -1280,6 +1282,17 @@ run_scheduled_events(time_t now) router_upload_dir_desc_to_dirservers(0); } + if (is_server && time_to_check_ed_keys < now) { + if (should_make_new_ed_keys(options, now)) { + if (load_ed_keys(options, now) < 0) { + log_err(LD_OR, "Unable to update Ed25519 keys! Exiting."); + tor_cleanup(); + exit(0); + } + } + time_to_check_ed_keys = now + 30; + } + if (!should_delay_dir_fetches(options, NULL) && time_to_try_getting_descriptors < now) { update_all_descriptor_downloads(now); diff --git a/src/or/or.h b/src/or/or.h index b07a596..d45e19a 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4261,6 +4261,21 @@ typedef struct { * XXXX Eventually, the default will be 0. */ int ExitRelay; + + /** For how long (seconds) do we declare our singning keys to be valid? */ + int SigningKeyLifetime; + /** For how long (seconds) do we declare our link keys to be valid? */ + int TestingLinkKeyLifetime; + /** For how long (seconds) do we declare our auth keys to be valid? */ + int TestingAuthKeyLifetime; + + /** How long before signing keys expire will we try to make a new one? */ + int TestingSigningKeySlop; + /** How long before link keys expire will we try to make a new one? */ + int TestingLinkKeySlop; + /** How long before auth keys expire will we try to make a new one? */ + int TestingAuthKeySlop; + } or_options_t; /** Persistent state for an onion router, as saved to disk. */ diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index ab12b90..2482f59 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -306,9 +306,6 @@ load_ed_keys(const or_options_t *options, time_t now) /* XXXX support encrypted identity keys fully */ - /* XXXX use options. */ - (void) options; - /* First try to get the signing key to see how it is. */ if (master_signing_key) { check_signing_cert = signing_key_cert; @@ -329,7 +326,7 @@ load_ed_keys(const or_options_t *options, time_t now) EXPIRES_SOON(check_signing_cert, 0); const int want_new_signing_key = need_new_signing_key || - EXPIRES_SOON(check_signing_cert, 86400/*???*/); + EXPIRES_SOON(check_signing_cert, options->TestingSigningKeySlop); { uint32_t flags = @@ -365,7 +362,7 @@ load_ed_keys(const or_options_t *options, time_t now) options_get_datadir_fname2(options, "keys", "ed25519_signing"), flags, LOG_WARN, sign_signing_key_with_id, now, - 30*86400/*XXX option*/, + options->SigningKeyLifetime, CERT_TYPE_ID_SIGNING, &sign_cert); if (!sign) FAIL("Missing signing key"); @@ -383,18 +380,22 @@ load_ed_keys(const or_options_t *options, time_t now) * it, if we loaded it in the first place. */ memwipe(id->seckey.seckey, 0, sizeof(id->seckey)); - if (!current_link_key || EXPIRES_SOON(link_key_cert, 7200/*???*/)) { + if (!current_link_key || + EXPIRES_SOON(link_key_cert, options->TestingLinkKeySlop)) { link = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT, - now, 2*86400/*XXX option??*/, + now, + options->TestingLinkKeyLifetime, CERT_TYPE_SIGNING_LINK, &link_cert); if (!link) FAIL("Can't create link key"); } - if (!current_auth_key || EXPIRES_SOON(auth_key_cert, 7200)/*???*/) { + if (!current_auth_key || + EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop)) { auth = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT, - now, 2*86400/*XXX option??*/, + now, + options->TestingAuthKeyLifetime, CERT_TYPE_SIGNING_AUTH, &auth_cert); if (!auth) @@ -434,9 +435,22 @@ load_ed_keys(const or_options_t *options, time_t now) #undef FAIL #undef SET_KEY #undef SET_CERT -#undef EXPIRES_SOON } +int +should_make_new_ed_keys(const or_options_t *options, const time_t now) +{ + return (!master_identity_key || + !master_signing_key || + !current_link_key || + !current_auth_key || + EXPIRES_SOON(signing_key_cert, options->TestingSigningKeySlop) || + EXPIRES_SOON(link_key_cert, options->TestingLinkKeySlop) || + EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop)); +} + +#undef EXPIRES_SOON + const ed25519_public_key_t * get_master_identity_key(void) { diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h index 6c188b7..0c50429 100644 --- a/src/or/routerkeys.h +++ b/src/or/routerkeys.h @@ -55,6 +55,8 @@ int check_tap_onion_key_crosscert(const uint8_t *crosscert, const uint8_t *rsa_id_digest); int load_ed_keys(const or_options_t *options, time_t now); +int should_make_new_ed_keys(const or_options_t *options, const time_t now); + void routerkeys_free_all(void); #endif diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c index 2434255..4917424 100644 --- a/src/test/test_routerkeys.c +++ b/src/test/test_routerkeys.c @@ -419,6 +419,13 @@ test_routerkeys_ed_keys_init_all(void *arg) ed25519_keypair_t sign, link, auth; // tor_cert_t *cert_is, *cert_sl, *cert_auth; + options->SigningKeyLifetime = 30*86400; + options->TestingAuthKeyLifetime = 2*86400; + options->TestingLinkKeyLifetime = 2*86400; + options->TestingSigningKeySlop = 2*86400; + options->TestingAuthKeySlop = 2*3600; + options->TestingLinkKeySlop = 2*3600; + #ifdef _WIN32 mkdir(dir); mkdir(get_fname("test_ed_keys_init_all/keys"));