summaryrefslogtreecommitdiff
path: root/src/or/routerkeys.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2015-09-01 10:22:24 -0400
committerNick Mathewson <nickm@torproject.org>2015-09-04 09:55:07 -0400
commit0ba4e0895ae2395a528aacd1625715a7ffc29211 (patch)
tree998c4aa45c25327adf8db702433c04ab9d053b9e /src/or/routerkeys.c
parentd891e2a9c517e2b097456b7143f955ac66b112ea (diff)
downloadtor-0ba4e0895ae2395a528aacd1625715a7ffc29211.tar.gz
tor-0ba4e0895ae2395a528aacd1625715a7ffc29211.zip
Add "OfflineMasterKey" option
When this is set, and Tor is running as a relay, it will not generate or load its secret identity key. You can manage the secret identity key with --keygen. Implements ticket 16944.
Diffstat (limited to 'src/or/routerkeys.c')
-rw-r--r--src/or/routerkeys.c32
1 files changed, 26 insertions, 6 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 50659fcb69..283effa2fd 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -668,6 +668,9 @@ load_ed_keys(const or_options_t *options, time_t now)
use_signing = sign;
}
+ const int offline_master =
+ options->OfflineMasterKey && options->command != CMD_KEYGEN;
+
const int need_new_signing_key =
NULL == use_signing ||
EXPIRES_SOON(check_signing_cert, 0) ||
@@ -676,29 +679,43 @@ load_ed_keys(const or_options_t *options, time_t now)
need_new_signing_key ||
EXPIRES_SOON(check_signing_cert, options->TestingSigningKeySlop);
+ /* We can only create a master key if we haven't been told that the
+ * master key will always be offline. Also, if we have a signing key,
+ * then we shouldn't make a new master ID key. */
+ const int can_make_master_id_key = !offline_master &&
+ NULL == use_signing;
+
if (need_new_signing_key) {
log_notice(LD_OR, "It looks like I need to generate and sign a new "
"medium-term signing key, because %s. To do that, I need to "
- "load (or create) the permanent master identity key.",
+ "load%s the permanent master identity key.",
(NULL == use_signing) ? "I don't have one" :
EXPIRES_SOON(check_signing_cert, 0) ? "the one I have is expired" :
- "you asked me to make one with --keygen");
- } else if (want_new_signing_key) {
+ "you asked me to make one with --keygen",
+ can_make_master_id_key ? " (or create)" : "");
+ } else if (want_new_signing_key && !offline_master) {
log_notice(LD_OR, "It looks like I should try to generate and sign a "
"new medium-term signing key, because the one I have is "
"going to expire soon. To do that, I'm going to have to try to "
"load the permanent master identity key.");
+ } else if (want_new_signing_key) {
+ log_notice(LD_OR, "It looks like I should try to generate and sign a "
+ "new medium-term signing key, because the one I have is "
+ "going to expire soon. But OfflineMasterKey is set, so I "
+ "won't try to load a permanent master identity key is set. "
+ "You will need to use 'tor --keygen' make a new signing key "
+ "and certificate.");
}
{
uint32_t flags =
(INIT_ED_KEY_SPLIT|
INIT_ED_KEY_EXTRA_STRONG|INIT_ED_KEY_NO_REPAIR);
- if (! use_signing)
+ if (can_make_master_id_key)
flags |= INIT_ED_KEY_CREATE;
if (! need_new_signing_key)
flags |= INIT_ED_KEY_MISSING_SECRET_OK;
- if (! want_new_signing_key)
+ if (! want_new_signing_key || offline_master)
flags |= INIT_ED_KEY_OMIT_SECRET;
if (options->command == CMD_KEYGEN)
flags |= INIT_ED_KEY_TRY_ENCRYPTED;
@@ -724,7 +741,10 @@ load_ed_keys(const or_options_t *options, time_t now)
tor_free(fname);
if (!id) {
if (need_new_signing_key) {
- FAIL("Missing identity key");
+ if (offline_master)
+ FAIL("Can't load master identity key; OfflineMasterKey is set.");
+ else
+ FAIL("Missing identity key");
} else {
log_warn(LD_OR, "Master public key was absent; inferring from "
"public key in signing certificate and saving to disk.");