aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-07-30 08:55:57 -0400
committerNick Mathewson <nickm@torproject.org>2018-07-30 08:55:57 -0400
commitff593ae8781941bfe035d43ded5c18eb772ac486 (patch)
treeb8885aab6ffdf64f21acb399ed8e1732b0ce9785
parent13393b2d913545aec54d17fb3402906ab4e04ad7 (diff)
parentabc0a72fd16c59ef6b834e80caa36184267fd494 (diff)
downloadtor-ff593ae8781941bfe035d43ded5c18eb772ac486.tar.gz
tor-ff593ae8781941bfe035d43ded5c18eb772ac486.zip
Merge remote-tracking branch 'rl1987/feature19506_3'
Diffstat
-rw-r--r--.gitignore7
-rw-r--r--changes/feature195063
-rw-r--r--doc/include.am6
-rw-r--r--doc/tor-print-ed-signing-cert.1.txt32
-rw-r--r--src/tools/Makefile.nmake5
-rw-r--r--src/tools/include.am11
-rw-r--r--src/tools/tor-print-ed-signing-cert.c65
7 files changed, 126 insertions, 3 deletions
diff --git a/.gitignore b/.gitignore
index 80c039a684..1cd99dfd38 100644
--- a/.gitignore
+++ b/.gitignore
@@ -116,6 +116,11 @@ uptime-*.json
/doc/torify.html
/doc/torify.html.in
/doc/torify.1.xml
+/doc/tor-print-ed-signing-cert.1
+/doc/tor-print-ed-signing-cert.1.in
+/doc/tor-print-ed-signing-cert.html
+/doc/tor-print-ed-signing-cert.html.in
+/doc/tor-print-ed-signing-cert.1.xml
# /doc/spec/
/doc/spec/Makefile
@@ -258,6 +263,8 @@ uptime-*.json
/src/tools/tor-resolve
/src/tools/tor-cov-resolve
/src/tools/tor-gencert
+/src/tools/tor-print-ed-signing-cert
+/src/tools/tor-print-ed-signing-cert.exe
/src/tools/tor-cov-gencert
/src/tools/tor-checkkey.exe
/src/tools/tor-resolve.exe
diff --git a/changes/feature19506 b/changes/feature19506
new file mode 100644
index 0000000000..83ba9e245f
--- /dev/null
+++ b/changes/feature19506
@@ -0,0 +1,3 @@
+ o Minor features (admin tools):
+ - Add new tool that prints expiration date of signing cert
+ in ed25519_signing_cert. Resolves issue 19506.
diff --git a/doc/include.am b/doc/include.am
index 0e533c1b3b..0a123aae11 100644
--- a/doc/include.am
+++ b/doc/include.am
@@ -12,7 +12,7 @@
# part of the source distribution, so that people without asciidoc can
# just use the .1 and .html files.
-all_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify
+all_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify doc/tor-print-ed-signing-cert
if USE_ASCIIDOC
nodist_man1_MANS = $(all_mans:=.1)
@@ -65,11 +65,13 @@ doc/tor.1.in: doc/tor.1.txt
doc/torify.1.in: doc/torify.1.txt
doc/tor-gencert.1.in: doc/tor-gencert.1.txt
doc/tor-resolve.1.in: doc/tor-resolve.1.txt
+doc/tor-print-ed-signing-cert.1.in: doc/tor-print-ed-signing-cert.1.txt
doc/tor.html.in: doc/tor.1.txt
doc/torify.html.in: doc/torify.1.txt
doc/tor-gencert.html.in: doc/tor-gencert.1.txt
doc/tor-resolve.html.in: doc/tor-resolve.1.txt
+doc/tor-print-ed-signing-cert.html.in: doc/tor-print-ed-signing-cert.1.txt
# use config.status to swap all machine-specific magic strings
# in the asciidoc with their replacements.
@@ -83,11 +85,13 @@ $(asciidoc_product) :
doc/tor.html: doc/tor.html.in
doc/tor-gencert.html: doc/tor-gencert.html.in
doc/tor-resolve.html: doc/tor-resolve.html.in
+doc/tor-print-ed-signing-cert.html: doc/tor-print-ed-signing-cert.html.in
doc/torify.html: doc/torify.html.in
doc/tor.1: doc/tor.1.in
doc/tor-gencert.1: doc/tor-gencert.1.in
doc/tor-resolve.1: doc/tor-resolve.1.in
+doc/tor-print-ed-signing-cert.1: doc/tor-print-ed-signing-cert.1.in
doc/torify.1: doc/torify.1.in
CLEANFILES+= $(asciidoc_product)
diff --git a/doc/tor-print-ed-signing-cert.1.txt b/doc/tor-print-ed-signing-cert.1.txt
new file mode 100644
index 0000000000..1a3109df95
--- /dev/null
+++ b/doc/tor-print-ed-signing-cert.1.txt
@@ -0,0 +1,32 @@
+// Copyright (c) The Tor Project, Inc.
+// See LICENSE for licensing information
+// This is an asciidoc file used to generate the manpage/html reference.
+// Learn asciidoc on http://www.methods.co.nz/asciidoc/userguide.html
+:man source: Tor
+:man manual: Tor Manual
+tor-print-ed-signing-cert(1)
+============================
+Tor Project, Inc.
+
+NAME
+----
+tor-print-ed-signing-cert - print expiration date of ed25519 signing certificate
+
+SYNOPSIS
+--------
+**tor-print-ed-signing-cert** __<path to ed25519_signing_cert file>__
+
+DESCRIPTION
+-----------
+**tor-print-ed-signing-cert** is utility program for Tor relay operators to
+check expiration date of ed25519 signing certificate.
+
+SEE ALSO
+--------
+**tor**(1) +
+
+https://spec.torproject.org/cert-spec
+
+AUTHORS
+-------
+Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.
diff --git a/src/tools/Makefile.nmake b/src/tools/Makefile.nmake
index fda1990e0b..e223d9b135 100644
--- a/src/tools/Makefile.nmake
+++ b/src/tools/Makefile.nmake
@@ -1,4 +1,4 @@
-all: tor-resolve.exe tor-gencert.exe
+all: tor-resolve.exe tor-gencert.exe tor-print-ed-signing-cert.exe
CFLAGS = /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common /I ..\or
@@ -15,5 +15,8 @@ tor-gencert.exe: tor-gencert.obj
tor-resolve.exe: tor-resolve.obj
$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-resolve.obj
+tor-print-ed-signing-cert.exe: tor-print-ed-signing-cert.obj
+ $(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-print-ed-signing-cert.obj
+
clean:
del *.obj *.lib *.exe
diff --git a/src/tools/include.am b/src/tools/include.am
index 8a2ecb23c9..d5924dda5f 100644
--- a/src/tools/include.am
+++ b/src/tools/include.am
@@ -1,4 +1,4 @@
-bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert
+bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert src/tools/tor-print-ed-signing-cert
if COVERAGE_ENABLED
noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert
@@ -29,6 +29,15 @@ src_tools_tor_gencert_LDADD = \
@TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
@TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@
+src_tools_tor_print_ed_signing_cert_SOURCES = src/tools/tor-print-ed-signing-cert.c
+src_tools_tor_print_ed_signing_cert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
+src_tools_tor_print_ed_signing_cert_LDADD = \
+ src/trunnel/libor-trunnel.a \
+ $(TOR_CRYPTO_LIBS) \
+ $(TOR_UTIL_LIBS) \
+ @TOR_LIB_MATH@ @TOR_OPENSSL_LIBS@ \
+ @TOR_LIB_WS32@ @TOR_LIB_USERENV@
+
if COVERAGE_ENABLED
src_tools_tor_cov_gencert_SOURCES = src/tools/tor-gencert.c
src_tools_tor_cov_gencert_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
diff --git a/src/tools/tor-print-ed-signing-cert.c b/src/tools/tor-print-ed-signing-cert.c
new file mode 100644
index 0000000000..bb90e79457
--- /dev/null
+++ b/src/tools/tor-print-ed-signing-cert.c
@@ -0,0 +1,65 @@
+/* Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+#include "ed25519_cert.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/malloc/util_malloc.h"
+
+int
+main(int argc, char **argv)
+{
+ ed25519_cert_t *cert = NULL;
+
+ if (argc != 2) {
+ fprintf(stderr, "Usage:\n");
+ fprintf(stderr, "%s <path to ed25519_signing_cert file>\n", argv[0]);
+ return -1;
+ }
+
+ const char *filepath = argv[1];
+ char *got_tag = NULL;
+
+ uint8_t certbuf[256];
+ ssize_t cert_body_len = crypto_read_tagged_contents_from_file(
+ filepath, "ed25519v1-cert",
+ &got_tag, certbuf, sizeof(certbuf));
+
+ if (cert_body_len <= 0) {
+ fprintf(stderr, "crypto_read_tagged_contents_from_file failed with "
+ "error: %s\n", strerror(errno));
+ return -2;
+ }
+
+ if (!got_tag) {
+ fprintf(stderr, "Found no tag\n");
+ return -3;
+ }
+
+ if (strcmp(got_tag, "type4") != 0) {
+ fprintf(stderr, "Wrong tag: %s\n", got_tag);
+ return -4;
+ }
+
+ tor_free(got_tag);
+
+ ssize_t parsed = ed25519_cert_parse(&cert, certbuf, cert_body_len);
+ if (parsed <= 0) {
+ fprintf(stderr, "ed25519_cert_parse failed with return value %zd\n",
+ parsed);
+ return -5;
+ }
+
+ time_t expires_at = (time_t)cert->exp_field * 60 * 60;
+
+ printf("Expires at: %s", ctime(&expires_at));
+
+ ed25519_cert_free(cert);
+
+ return 0;
+}
+
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion