From 41ed9e978b77080c027e50ed831370efbeeeac37 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 1 Jun 2017 10:04:52 -0400
Subject: [PATCH] Regenerate RSA->ed25519 identity crosscertificate as needed

---
 changes/bug22466_regenerate |  8 ++++++++
 src/or/routerkeys.c         | 15 ++++++++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 changes/bug22466_regenerate

diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate
new file mode 100644
index 000000000..8dbda89c8
--- /dev/null
+++ b/changes/bug22466_regenerate
@@ -0,0 +1,8 @@
+  o Minor bugfixes (link handshake):
+    - Lower the lifetime of the RSA->Ed25519 cross-certificate to
+      six months, and regenerate it when it is within one month of expiring.
+      Previously, we had generated this certificate at startup with
+      a ten-year lifetime, but that could lead to weird behavior when
+      Tor was started with a grossly inaccurate clock. Mitigates
+      bug 22466; mitigation on 0.3.0.1-alpha.
+
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 6259e3f5a..611ac9139 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -668,6 +668,7 @@ static tor_cert_t *auth_key_cert = NULL;
 
 static uint8_t *rsa_ed_crosscert = NULL;
 static size_t rsa_ed_crosscert_len = 0;
+static time_t rsa_ed_crosscert_expiration = 0;
 
 /**
  * Running as a server: load, reload, or refresh our ed25519 keys and
@@ -699,8 +700,10 @@ load_ed_keys(const or_options_t *options, time_t now)
       tor_cert_free(cert);                      \
     cert = (newval);                            \
   } while (0)
+#define HAPPENS_SOON(when, interval)            \
+  ((when) < now + (interval))
 #define EXPIRES_SOON(cert, interval)            \
-  (!(cert) || (cert)->valid_until < now + (interval))
+  (!(cert) || HAPPENS_SOON((cert)->valid_until, (interval)))
 
   /* XXXX support encrypted identity keys fully */
 
@@ -899,14 +902,19 @@ load_ed_keys(const or_options_t *options, time_t now)
   if (options->command == CMD_KEYGEN)
     goto end;
 
-  if (!rsa_ed_crosscert && server_mode(options)) {
+  if (server_mode(options) &&
+      (!rsa_ed_crosscert ||
+       HAPPENS_SOON(rsa_ed_crosscert_expiration, 30*86400))) {
     uint8_t *crosscert;
+    time_t expiration = now+6*30*86400; /* 6 months in the future. */
     ssize_t crosscert_len = tor_make_rsa_ed25519_crosscert(&id->pubkey,
                                                    get_server_identity_key(),
-                                                   now+10*365*86400,/*XXXX*/
+                                                   expiration,
                                                    &crosscert);
+    tor_free(rsa_ed_crosscert);
     rsa_ed_crosscert_len = crosscert_len;
     rsa_ed_crosscert = crosscert;
+    rsa_ed_crosscert_expiration = expiration;
   }
 
   if (!current_auth_key ||
@@ -1038,6 +1046,7 @@ should_make_new_ed_keys(const or_options_t *options, const time_t now)
 }
 
 #undef EXPIRES_SOON
+#undef HAPPENS_SOON
 
 #ifdef TOR_UNIT_TESTS
 /* Helper for unit tests: populate the ed25519 keys without saving or