7 Commits

Author	SHA1	Message	Date
Nick Mathewson	8f15423b76	Do not allocate our ed-link crosscert till after tls ctx ... We need this to prevent some annoying chutney crash-at-starts	2015-05-28 10:47:47 -04:00
Nick Mathewson	3bee74c6d1	Generate weird certificates correctly ... (Our link protocol assumes that the link cert certifies the TLS key, and there is an RSA->Ed25519 crosscert)	2015-05-28 10:47:47 -04:00
Nick Mathewson	57189acd6f	# This is a combination of 2 commits. ... # The first commit's message is: Regenerate ed25519 keys when they will expire soon. Also, have testing-level options to set the lifetimes and expiration-tolerances of all key types, plus a non-testing-level option to set the lifetime of any auto-generated signing key. # The 2nd commit message will be skipped: # fixup! Regenerate ed25519 keys when they will expire soon.	2015-05-28 10:42:30 -04:00
Nick Mathewson	64450c5f77	Only load master ed25519 secret keys when we absolutely must.	2015-05-28 10:42:29 -04:00
Nick Mathewson	efa21bb941	Implement proposal 228: cross-certification with onion keys ... Routers now use TAP and ntor onion keys to sign their identity keys, and put these signatures in their descriptors. That allows other parties to be confident that the onion keys are indeed controlled by the router that generated the descriptor.	2015-05-28 10:40:57 -04:00
Nick Mathewson	fe5d2477aa	Implement ed25519-signed descriptors ... Now that we have ed25519 keys, we can sign descriptors with them and check those signatures as documented in proposal 220.	2015-05-28 10:40:56 -04:00
Nick Mathewson	818e6f939d	prop220: Implement certificates and key storage/creation ... For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished)	2015-05-28 10:40:56 -04:00