C++ (Cpp) routerkeys_free_all示例

示例#1

0

显示文件

文件： routerkeys.c 项目： ageis/tor

/* Helper for unit tests: populate the ed25519 keys without saving or
 * loading */
void
init_mock_ed_keys(const crypto_pk_t *rsa_identity_key)
{
  routerkeys_free_all();

#define MAKEKEY(k)                                      \
  k = tor_malloc_zero(sizeof(*k));                      \
  if (ed25519_keypair_generate(k, 0) < 0) {             \
    log_warn(LD_BUG, "Couldn't make a keypair");        \
    goto err;                                           \
  }
  MAKEKEY(master_identity_key);
  MAKEKEY(master_signing_key);
  MAKEKEY(current_auth_key);
#define MAKECERT(cert, signing, signed_, type, flags)            \
  cert = tor_cert_create(signing,                                \
                         type,                                   \
                         &signed_->pubkey,                       \
                         time(NULL), 86400,                      \
                         flags);                                 \
  if (!cert) {                                                   \
    log_warn(LD_BUG, "Couldn't make a %s certificate!", #cert);  \
    goto err;                                                    \
  }

  MAKECERT(signing_key_cert,
           master_identity_key, master_signing_key, CERT_TYPE_ID_SIGNING,
           CERT_FLAG_INCLUDE_SIGNING_KEY);
  MAKECERT(auth_key_cert,
           master_signing_key, current_auth_key, CERT_TYPE_SIGNING_AUTH, 0);

  if (generate_ed_link_cert(get_options(), time(NULL), 0) < 0) {
    log_warn(LD_BUG, "Couldn't make link certificate");
    goto err;
  }

  rsa_ed_crosscert_len = tor_make_rsa_ed25519_crosscert(
                                     &master_identity_key->pubkey,
                                     rsa_identity_key,
                                     time(NULL)+86400,
                                     &rsa_ed_crosscert);

  return;

 err:
  routerkeys_free_all();
  tor_assert_nonfatal_unreached();
}

示例#2

0

显示文件

文件： relay_sys.c 项目： torproject/tor

static void
subsys_relay_shutdown(void)
{
  dns_free_all();
  ext_orport_free_all();
  clear_pending_onions();
  routerkeys_free_all();
  router_free_all();
}

示例#3

0

显示文件

文件： test_routerkeys.c 项目： Samdney/tor

static void
test_routerkeys_ed_keys_init_all(void *arg)
{
  (void)arg;
  char *dir = tor_strdup(get_fname("test_ed_keys_init_all"));
  char *keydir = tor_strdup(get_fname("test_ed_keys_init_all/KEYS"));
  or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
  time_t now = time(NULL);
  ed25519_public_key_t id;
  ed25519_keypair_t sign, auth;
  tor_cert_t *link_cert = NULL;

  get_options_mutable()->ORPort_set = 1;

  crypto_pk_t *rsa = pk_generate(0);

  set_server_identity_key(rsa);
  set_client_identity_key(rsa);

  router_initialize_tls_context();

  options->SigningKeyLifetime = 30*86400;
  options->TestingAuthKeyLifetime = 2*86400;
  options->TestingLinkCertLifetime = 2*86400;
  options->TestingSigningKeySlop = 2*86400;
  options->TestingAuthKeySlop = 2*3600;
  options->TestingLinkKeySlop = 2*3600;

#ifdef _WIN32
  mkdir(dir);
  mkdir(keydir);
#else
  mkdir(dir, 0700);
  mkdir(keydir, 0700);
#endif /* defined(_WIN32) */

  options->DataDirectory = dir;
  options->KeyDirectory = keydir;

  tt_int_op(1, OP_EQ, load_ed_keys(options, now));
  tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
  tt_assert(get_master_identity_key());
  tt_assert(get_master_identity_key());
  tt_assert(get_master_signing_keypair());
  tt_assert(get_current_auth_keypair());
  tt_assert(get_master_signing_key_cert());
  tt_assert(get_current_link_cert_cert());
  tt_assert(get_current_auth_key_cert());
  memcpy(&id, get_master_identity_key(), sizeof(id));
  memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
  memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
  link_cert = tor_cert_dup(get_current_link_cert_cert());

  /* Call load_ed_keys again, but nothing has changed. */
  tt_int_op(0, OP_EQ, load_ed_keys(options, now));
  tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
  tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
  tt_mem_op(&auth, OP_EQ, get_current_auth_keypair(), sizeof(auth));
  tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));

  /* Force a reload: we make new link/auth keys. */
  routerkeys_free_all();
  tt_int_op(1, OP_EQ, load_ed_keys(options, now));
  tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
  tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
  tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
  tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
  tt_assert(get_master_signing_key_cert());
  tt_assert(get_current_link_cert_cert());
  tt_assert(get_current_auth_key_cert());
  tor_cert_free(link_cert);
  link_cert = tor_cert_dup(get_current_link_cert_cert());
  memcpy(&auth, get_current_auth_keypair(), sizeof(auth));

  /* Force a link/auth-key regeneration by advancing time. */
  tt_int_op(0, OP_EQ, load_ed_keys(options, now+3*86400));
  tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+3*86400, 0));
  tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
  tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
  tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
  tt_assert(get_master_signing_key_cert());
  tt_assert(get_current_link_cert_cert());
  tt_assert(get_current_auth_key_cert());
  tor_cert_free(link_cert);
  link_cert = tor_cert_dup(get_current_link_cert_cert());
  memcpy(&auth, get_current_auth_keypair(), sizeof(auth));

  /* Force a signing-key regeneration by advancing time. */
  tt_int_op(1, OP_EQ, load_ed_keys(options, now+100*86400));
  tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+100*86400, 0));
  tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  tt_mem_op(&sign, OP_NE, get_master_signing_keypair(), sizeof(sign));
  tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
  tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
  tt_assert(get_master_signing_key_cert());
  tt_assert(get_current_link_cert_cert());
  tt_assert(get_current_auth_key_cert());
  memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
  tor_cert_free(link_cert);
  link_cert = tor_cert_dup(get_current_link_cert_cert());
  memcpy(&auth, get_current_auth_keypair(), sizeof(auth));

  /* Demonstrate that we can start up with no secret identity key */
  routerkeys_free_all();
  unlink(get_fname("test_ed_keys_init_all/KEYS/"
                   "ed25519_master_id_secret_key"));
  tt_int_op(1, OP_EQ, load_ed_keys(options, now));
  tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
  tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
  tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
  tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
  tt_assert(get_master_signing_key_cert());
  tt_assert(get_current_link_cert_cert());
  tt_assert(get_current_auth_key_cert());

  /* But we're in trouble if we have no id key and our signing key has
     expired. */
  log_global_min_severity_ = LOG_ERR; /* Suppress warnings.
                                       * XXX (better way to do this)? */
  routerkeys_free_all();
  tt_int_op(-1, OP_EQ, load_ed_keys(options, now+200*86400));

 done:
  tor_free(dir);
  tor_free(keydir);
  tor_free(options);
  tor_cert_free(link_cert);
  routerkeys_free_all();
}