aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/feature167696
-rw-r--r--src/or/config.c15
-rw-r--r--src/or/or.h1
-rw-r--r--src/or/routerkeys.c20
-rw-r--r--src/or/routerkeys.h1
5 files changed, 39 insertions, 4 deletions
diff --git a/changes/feature16769 b/changes/feature16769
index 62d373e5cc..49e9f3591a 100644
--- a/changes/feature16769
+++ b/changes/feature16769
@@ -1,3 +1,7 @@
o Minor features (ed25519):
- Add a --newpass option to allow changing or removing the
- passphrase of an encrypted key. \ No newline at end of file
+ passphrase of an encrypted key with tor --keygen. Implements
+ part of ticket 16769.
+ - Add a --master-key option to allow overriding the location of
+ the master key when running tor --keygen. Implements part of
+ ticket 16769.
diff --git a/src/or/config.c b/src/or/config.c
index b4a490c70f..d954316b3b 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -762,6 +762,7 @@ or_options_free(or_options_t *options)
}
tor_free(options->BridgePassword_AuthDigest_);
tor_free(options->command_arg);
+ tor_free(options->master_key_fname);
config_free(&options_format, options);
}
@@ -1919,6 +1920,7 @@ static const struct {
{ "--list-fingerprint", TAKES_NO_ARGUMENT },
{ "--keygen", TAKES_NO_ARGUMENT },
{ "--newpass", TAKES_NO_ARGUMENT },
+ { "--master-key", ARGUMENT_NECESSARY },
{ "--no-passphrase", TAKES_NO_ARGUMENT },
{ "--passphrase-fd", ARGUMENT_NECESSARY },
{ "--verify-config", TAKES_NO_ARGUMENT },
@@ -4547,6 +4549,19 @@ options_init_from_torrc(int argc, char **argv)
}
}
+ {
+ const config_line_t *key_line = config_line_find(cmdline_only_options,
+ "--master-key");
+ if (key_line) {
+ if (command != CMD_KEYGEN) {
+ log_err(LD_CONFIG, "--master-key without --keygen!");
+ exit(1);
+ } else {
+ get_options_mutable()->master_key_fname = tor_strdup(key_line->value);
+ }
+ }
+ }
+
err:
tor_free(cf);
diff --git a/src/or/or.h b/src/or/or.h
index 0637325b24..22c1eb29f8 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4303,6 +4303,7 @@ typedef struct {
int use_keygen_passphrase_fd;
int keygen_passphrase_fd;
int change_key_passphrase;
+ char *master_key_fname;
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index be5c2c33a1..197dbf87a1 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -258,6 +258,9 @@ write_secret_key(const ed25519_secret_key_t *key, int encrypted,
*
* If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures
* refer to the --keygen option.
+ *
+ * If INIT_ED_KEY_EXPLICIT_FNAME is set, use the provided file name for the
+ * secret key file, encrypted or not.
*/
ed25519_keypair_t *
ed_key_init_from_file(const char *fname, uint32_t flags,
@@ -279,6 +282,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
const int norepair = !! (flags & INIT_ED_KEY_NO_REPAIR);
const int split = !! (flags & INIT_ED_KEY_SPLIT);
const int omit_secret = !! (flags & INIT_ED_KEY_OMIT_SECRET);
+ const int explicit_fname = !! (flags & INIT_ED_KEY_EXPLICIT_FNAME);
/* we don't support setting both of these flags at once. */
tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) !=
@@ -291,8 +295,13 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
char *got_tag = NULL;
ed25519_keypair_t *keypair = tor_malloc_zero(sizeof(ed25519_keypair_t));
- tor_asprintf(&secret_fname, "%s_secret_key", fname);
- tor_asprintf(&encrypted_secret_fname, "%s_secret_key_encrypted", fname);
+ if (explicit_fname) {
+ secret_fname = tor_strdup(fname);
+ encrypted_secret_fname = tor_strdup(fname);
+ } else {
+ tor_asprintf(&secret_fname, "%s_secret_key", fname);
+ tor_asprintf(&encrypted_secret_fname, "%s_secret_key_encrypted", fname);
+ }
tor_asprintf(&public_fname, "%s_public_key", fname);
tor_asprintf(&cert_fname, "%s_cert", fname);
@@ -729,7 +738,12 @@ load_ed_keys(const or_options_t *options, time_t now)
goto err;
}
tor_free(fname);
- fname = options_get_datadir_fname2(options, "keys", "ed25519_master_id");
+ if (options->master_key_fname) {
+ fname = tor_strdup(options->master_key_fname);
+ flags |= INIT_ED_KEY_EXPLICIT_FNAME;
+ } else {
+ fname = options_get_datadir_fname2(options, "keys", "ed25519_master_id");
+ }
id = ed_key_init_from_file(
fname,
flags,
diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h
index b4e73aa33f..f9eb777e90 100644
--- a/src/or/routerkeys.h
+++ b/src/or/routerkeys.h
@@ -17,6 +17,7 @@
#define INIT_ED_KEY_TRY_ENCRYPTED (1u<<8)
#define INIT_ED_KEY_NO_REPAIR (1u<<9)
#define INIT_ED_KEY_SUGGEST_KEYGEN (1u<<10)
+#define INIT_ED_KEY_EXPLICIT_FNAME (1u<<11)
struct tor_cert_st;
ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags,