Merge remote-tracking branch 'rl1987/feature19506_3'

.gitignore

@@ -116,6 +116,11 @@ uptime-*.json
 /doc/torify.html
 /doc/torify.html.in
 /doc/torify.1.xml
+/doc/tor-print-ed-signing-cert.1
+/doc/tor-print-ed-signing-cert.1.in
+/doc/tor-print-ed-signing-cert.html
+/doc/tor-print-ed-signing-cert.html.in
+/doc/tor-print-ed-signing-cert.1.xml
 
 # /doc/spec/
 /doc/spec/Makefile
@@ -258,6 +263,8 @@ uptime-*.json
 /src/tools/tor-resolve
 /src/tools/tor-cov-resolve
 /src/tools/tor-gencert
+/src/tools/tor-print-ed-signing-cert
+/src/tools/tor-print-ed-signing-cert.exe
 /src/tools/tor-cov-gencert
 /src/tools/tor-checkkey.exe
 /src/tools/tor-resolve.exe

changes/feature19506

@@ -0,0 +1,3 @@
+  o Minor features (admin tools):
+    - Add new tool that prints expiration date of signing cert
+      in ed25519_signing_cert. Resolves issue 19506.

doc/include.am

@@ -12,7 +12,7 @@
 # part of the source distribution, so that people without asciidoc can
 # just use the .1 and .html files.
 
-all_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify
+all_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify doc/tor-print-ed-signing-cert
 
 if USE_ASCIIDOC
 nodist_man1_MANS = $(all_mans:=.1)
@@ -65,11 +65,13 @@ doc/tor.1.in: doc/tor.1.txt
 doc/torify.1.in: doc/torify.1.txt
 doc/tor-gencert.1.in: doc/tor-gencert.1.txt
 doc/tor-resolve.1.in: doc/tor-resolve.1.txt
+doc/tor-print-ed-signing-cert.1.in: doc/tor-print-ed-signing-cert.1.txt
 
 doc/tor.html.in: doc/tor.1.txt
 doc/torify.html.in: doc/torify.1.txt
 doc/tor-gencert.html.in: doc/tor-gencert.1.txt
 doc/tor-resolve.html.in: doc/tor-resolve.1.txt
+doc/tor-print-ed-signing-cert.html.in: doc/tor-print-ed-signing-cert.1.txt
 
 # use config.status to swap all machine-specific magic strings
 # in the asciidoc with their replacements.
@@ -83,11 +85,13 @@ $(asciidoc_product) :
 doc/tor.html: doc/tor.html.in
 doc/tor-gencert.html: doc/tor-gencert.html.in
 doc/tor-resolve.html: doc/tor-resolve.html.in
+doc/tor-print-ed-signing-cert.html: doc/tor-print-ed-signing-cert.html.in
 doc/torify.html: doc/torify.html.in
 
 doc/tor.1: doc/tor.1.in
 doc/tor-gencert.1: doc/tor-gencert.1.in
 doc/tor-resolve.1: doc/tor-resolve.1.in
+doc/tor-print-ed-signing-cert.1: doc/tor-print-ed-signing-cert.1.in
 doc/torify.1: doc/torify.1.in
 
 CLEANFILES+= $(asciidoc_product)

doc/tor-print-ed-signing-cert.1.txt

@@ -0,0 +1,32 @@
+// Copyright (c) The Tor Project, Inc.
+// See LICENSE for licensing information
+// This is an asciidoc file used to generate the manpage/html reference.
+// Learn asciidoc on http://www.methods.co.nz/asciidoc/userguide.html
+:man source:   Tor
+:man manual:   Tor Manual
+tor-print-ed-signing-cert(1)
+============================
+Tor Project, Inc.
+
+NAME
+----
+tor-print-ed-signing-cert - print expiration date of ed25519 signing certificate
+
+SYNOPSIS
+--------
+**tor-print-ed-signing-cert** __<path to ed25519_signing_cert file>__
+
+DESCRIPTION
+-----------
+**tor-print-ed-signing-cert** is utility program for Tor relay operators to
+check expiration date of ed25519 signing certificate.
+
+SEE ALSO
+--------
+**tor**(1) +
+
+https://spec.torproject.org/cert-spec
+
+AUTHORS
+-------
+Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.

src/tools/Makefile.nmake

@@ -1,4 +1,4 @@
-all: tor-resolve.exe tor-gencert.exe
+all: tor-resolve.exe tor-gencert.exe tor-print-ed-signing-cert.exe
 
 CFLAGS = /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common /I ..\or
 
@@ -15,5 +15,8 @@ tor-gencert.exe: tor-gencert.obj
 tor-resolve.exe: tor-resolve.obj
 	$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-resolve.obj
 
+tor-print-ed-signing-cert.exe: tor-print-ed-signing-cert.obj
+	$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-print-ed-signing-cert.obj
+
 clean:
 	del *.obj *.lib *.exe

src/tools/include.am

@@ -1,4 +1,4 @@
-bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert
+bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert src/tools/tor-print-ed-signing-cert
 
 if COVERAGE_ENABLED
 noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert
@@ -29,6 +29,15 @@ src_tools_tor_gencert_LDADD = \
 	@TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
 	@TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@
 
+src_tools_tor_print_ed_signing_cert_SOURCES = src/tools/tor-print-ed-signing-cert.c
+src_tools_tor_print_ed_signing_cert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
+src_tools_tor_print_ed_signing_cert_LDADD = \
+	src/trunnel/libor-trunnel.a \
+        $(TOR_CRYPTO_LIBS) \
+        $(TOR_UTIL_LIBS) \
+	@TOR_LIB_MATH@ @TOR_OPENSSL_LIBS@ \
+	@TOR_LIB_WS32@ @TOR_LIB_USERENV@
+
 if COVERAGE_ENABLED
 src_tools_tor_cov_gencert_SOURCES = src/tools/tor-gencert.c
 src_tools_tor_cov_gencert_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)

src/tools/tor-print-ed-signing-cert.c

@@ -0,0 +1,65 @@
+/* Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+#include "ed25519_cert.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/malloc/util_malloc.h"
+
+int
+main(int argc, char **argv)
+{
+  ed25519_cert_t *cert = NULL;
+
+  if (argc != 2) {
+    fprintf(stderr, "Usage:\n");
+    fprintf(stderr, "%s <path to ed25519_signing_cert file>\n", argv[0]);
+    return -1;
+  }
+
+  const char *filepath = argv[1];
+  char *got_tag = NULL;
+
+  uint8_t certbuf[256];
+  ssize_t cert_body_len = crypto_read_tagged_contents_from_file(
+                 filepath, "ed25519v1-cert",
+                 &got_tag, certbuf, sizeof(certbuf));
+
+  if (cert_body_len <= 0) {
+    fprintf(stderr, "crypto_read_tagged_contents_from_file failed with "
+                    "error: %s\n", strerror(errno));
+    return -2;
+  }
+
+  if (!got_tag) {
+    fprintf(stderr, "Found no tag\n");
+    return -3;
+  }
+
+  if (strcmp(got_tag, "type4") != 0) {
+    fprintf(stderr, "Wrong tag: %s\n", got_tag);
+    return -4;
+  }
+
+  tor_free(got_tag);
+
+  ssize_t parsed = ed25519_cert_parse(&cert, certbuf, cert_body_len);
+  if (parsed <= 0) {
+    fprintf(stderr, "ed25519_cert_parse failed with return value %zd\n",
+            parsed);
+    return -5;
+  }
+
+  time_t expires_at = (time_t)cert->exp_field * 60 * 60;
+
+  printf("Expires at: %s", ctime(&expires_at));
+
+  ed25519_cert_free(cert);
+
+  return 0;
+}
+