aboutsummaryrefslogtreecommitdiff
path: root/src/or/routerkeys.h
AgeCommit message (Collapse)Author
2017-09-15Run our #else/#endif annotator on our source code.Nick Mathewson
2017-08-03routerkeys: Add cmdline option for learning signing key expiration.Isis Lovecruft
* CLOSES #17639. * ADDS new --key-expiration commandline option which prints when the signing key expires.
2017-06-05Merge branch 'maint-0.3.0'Nick Mathewson
2017-05-31Bugfix: Regenerate more certificates when appropriateNick Mathewson
Previously we could sometimes change our signing key, but not regenerate the certificates (signing->link and signing->auth) that were signed with it. Also, we would regularly replace our TLS x.509 link certificate (by rotating our TLS context) but not replace our signing->link ed25519 certificate. In both cases, the resulting inconsistency would make other relays reject our link handshakes. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
2017-03-15Run the copyright update script.Nick Mathewson
2017-01-30Make a bunch of signature/digest-checking functions mockableNick Mathewson
2016-12-08Add a function to check whether a given ed id key is oursNick Mathewson
2016-11-03Unit tests for cert-chain-processing, including failed casesNick Mathewson
Check out the coverage!
2016-11-03For testing: function to construct (but not save) Ed keys and certsNick Mathewson
2016-02-27Update the copyright year.Nick Mathewson
2015-09-22Merge branch 'feature16769_squashed'Nick Mathewson
2015-09-22Add a --master-key optionNick Mathewson
This lets the user override the default location for the master key when used with --keygen Part of 16769.
2015-09-04Never ever try to load the secret key if offline_master is setNick Mathewson
(Not even if we can't find the public key.)
2015-08-19More log messages for keygen problemsNick Mathewson
2015-07-14If loading an ed25519 master key fails with errno != ENOENT, give up.Nick Mathewson
This implements feature 16582: if we get EMFILE or something when loading our master key, we should not at that point attempt to overwrite it.
2015-06-17Support encrypted offline master keys with a new --keygen flagNick Mathewson
When --keygen is provided, we prompt for a passphrase when we make a new master key; if it is nonempty, we store the secret key in a new crypto_pwbox. Also, if --keygen is provided and there *is* an encrypted master key, we load it and prompt for a passphrase unconditionally. We make a new signing key unconditionally when --keygen is provided. We never overwrite a master key.
2015-05-28Generate weird certificates correctlyNick Mathewson
(Our link protocol assumes that the link cert certifies the TLS key, and there is an RSA->Ed25519 crosscert)
2015-05-28# This is a combination of 2 commits.Nick Mathewson
# The first commit's message is: Regenerate ed25519 keys when they will expire soon. Also, have testing-level options to set the lifetimes and expiration-tolerances of all key types, plus a non-testing-level option to set the lifetime of any auto-generated signing key. # The 2nd commit message will be skipped: # fixup! Regenerate ed25519 keys when they will expire soon.
2015-05-28Only load master ed25519 secret keys when we absolutely must.Nick Mathewson
2015-05-28Implement proposal 228: cross-certification with onion keysNick Mathewson
Routers now use TAP and ntor onion keys to sign their identity keys, and put these signatures in their descriptors. That allows other parties to be confident that the onion keys are indeed controlled by the router that generated the descriptor.
2015-05-28prop220: Implement certificates and key storage/creationNick Mathewson
For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished)
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion