summaryrefslogtreecommitdiff
path: root/src/feature/relay/routerkeys.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/feature/relay/routerkeys.c')
-rw-r--r--src/feature/relay/routerkeys.c41
1 files changed, 27 insertions, 14 deletions
diff --git a/src/feature/relay/routerkeys.c b/src/feature/relay/routerkeys.c
index d3de83cb86..116f0b4e3d 100644
--- a/src/feature/relay/routerkeys.c
+++ b/src/feature/relay/routerkeys.c
@@ -387,12 +387,10 @@ generate_ed_link_cert(const or_options_t *options, time_t now,
return 0;
}
- ed25519_public_key_t dummy_key;
- memcpy(dummy_key.pubkey, digests->d[DIGEST_SHA256], DIGEST256_LEN);
-
- link_cert = tor_cert_create(get_master_signing_keypair(),
+ link_cert = tor_cert_create_raw(get_master_signing_keypair(),
CERT_TYPE_SIGNING_LINK,
- &dummy_key,
+ SIGNED_KEY_TYPE_SHA256_OF_X509,
+ (const uint8_t*)digests->d[DIGEST_SHA256],
now,
options->TestingLinkCertLifetime, 0);
@@ -466,7 +464,7 @@ init_mock_ed_keys(const crypto_pk_t *rsa_identity_key)
MAKEKEY(master_signing_key);
MAKEKEY(current_auth_key);
#define MAKECERT(cert, signing, signed_, type, flags) \
- cert = tor_cert_create(signing, \
+ cert = tor_cert_create_ed25519(signing, \
type, \
&signed_->pubkey, \
time(NULL), 86400, \
@@ -519,19 +517,33 @@ print_cert_expiration(const char *expiration,
/**
* Log when a certificate, <b>cert</b>, with some <b>description</b> and
- * stored in a file named <b>fname</b>, is going to expire.
+ * stored in a file named <b>fname</b>, is going to expire. Formats the expire
+ * time according to <b>time_format</b>.
*/
static void
log_ed_cert_expiration(const tor_cert_t *cert,
const char *description,
- const char *fname) {
- char expiration[ISO_TIME_LEN+1];
-
+ const char *fname,
+ key_expiration_format_t time_format) {
if (BUG(!cert)) { /* If the specified key hasn't been loaded */
log_warn(LD_OR, "No %s key loaded; can't get certificate expiration.",
description);
} else {
- format_local_iso_time(expiration, cert->valid_until);
+ char expiration[ISO_TIME_LEN+1];
+ switch (time_format) {
+ case KEY_EXPIRATION_FORMAT_ISO8601:
+ format_local_iso_time(expiration, cert->valid_until);
+ break;
+
+ case KEY_EXPIRATION_FORMAT_TIMESTAMP:
+ tor_snprintf(expiration, sizeof(expiration), "%"PRId64,
+ (int64_t) cert->valid_until);
+ break;
+
+ default:
+ log_err(LD_BUG, "Unknown time format value: %d.", time_format);
+ return;
+ }
log_notice(LD_OR, "The %s certificate stored in %s is valid until %s.",
description, fname, expiration);
print_cert_expiration(expiration, description);
@@ -567,7 +579,8 @@ log_master_signing_key_cert_expiration(const or_options_t *options)
/* If we do have a signing key, log the expiration time. */
if (signing_key) {
- log_ed_cert_expiration(signing_key, "signing", fn);
+ key_expiration_format_t time_format = options->key_expiration_format;
+ log_ed_cert_expiration(signing_key, "signing", fn, time_format);
} else {
log_warn(LD_OR, "Could not load signing key certificate from %s, so " \
"we couldn't learn anything about certificate expiration.", fn);
@@ -684,8 +697,8 @@ make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key,
onion_key) < 0)
goto end;
- cert = tor_cert_create(&ed_onion_key, CERT_TYPE_ONION_ID, master_id_key,
- now, lifetime, 0);
+ cert = tor_cert_create_ed25519(&ed_onion_key, CERT_TYPE_ONION_ID,
+ master_id_key, now, lifetime, 0);
end:
memwipe(&ed_onion_key, 0, sizeof(ed_onion_key));
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion