store keys on disk

cmd/pearl/cmd/genkeys.go

@@ -0,0 +1,35 @@
+package cmd
+
+import (
+	"github.com/mmcloughlin/pearl/torconfig"
+	"github.com/spf13/cobra"
+)
+
+// genkeysCmd represents the genkeys command
+var genkeysCmd = &cobra.Command{
+	Use:   "genkeys",
+	Short: "Generate tor relay keys",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return genkeys()
+	},
+}
+
+var (
+	datadir string
+)
+
+func init() {
+	genkeysCmd.Flags().StringVarP(&datadir, "data-dir", "d", "", "data directory")
+
+	rootCmd.AddCommand(genkeysCmd)
+}
+
+func genkeys() error {
+	k, err := torconfig.GenerateKeys()
+	if err != nil {
+		return err
+	}
+
+	d := torconfig.NewDataDirectory(datadir)
+	return d.SetKeys(k)
+}

cmd/pearl/cmd/serve.go

@@ -40,6 +40,7 @@ func init() {
 	serveCmd.Flags().IntVarP(&port, "port", "p", 9111, "relay port")
 	serveCmd.Flags().StringVarP(&logfile, "logfile", "l", "pearl.json", "log file")
 	serveCmd.Flags().StringVarP(&telemetryAddr, "telemetry", "t", "localhost:7142", "telemetry address")
+	serveCmd.Flags().StringVarP(&datadir, "data-dir", "d", "", "data directory")
 
 	rootCmd.AddCommand(serveCmd)
 }
@@ -83,6 +84,12 @@ func serve() error {
 		return err
 	}
 
+	d := torconfig.NewDataDirectory(datadir)
+	config.Keys, err = d.Keys()
+	if err != nil {
+		return err
+	}
+
 	scope, closer := metrics(l)
 	defer check.Close(l, closer)
 

connection.go

@@ -162,7 +162,7 @@ func (c *Connection) newHandshake() *Handshake {
 		Conn:        c.tlsConn,
 		Link:        NewHandshakeLink(c.r, c.w, c.logger),
 		TLSContext:  c.tlsCtx,
-		IdentityKey: &c.router.idKey.PublicKey,
+		IdentityKey: &c.router.IdentityKey().PublicKey,
 		logger:      c.logger,
 	}
 }

create.go

@@ -192,7 +192,8 @@ func ProcessHandshakeNTOR(conn *Connection, c *Create2Cell) error {
 
 	// Verify the NTOR key ID matches.
 	got = clientData.KeyID()
-	expect = conn.router.ntorKey.Public[:]
+	ntorKey := conn.router.config.Keys.Ntor
+	expect = ntorKey.Public[:]
 	ctx = conn.logger
 	ctx = log.WithBytes(ctx, "client_handshake_keyid", got)
 	ctx = log.WithBytes(ctx, "server_keyid", expect)
@@ -212,10 +213,10 @@ func ProcessHandshakeNTOR(conn *Connection, c *Create2Cell) error {
 			ID: conn.router.Fingerprint(),
 			KX: clientData.ClientPK(),
 			KY: serverKeyPair.Public,
-			KB: conn.router.ntorKey.Public,
+			KB: ntorKey.Public,
 		},
 		Ky: serverKeyPair.Private,
-		Kb: conn.router.ntorKey.Private,
+		Kb: ntorKey.Private,
 	}
 
 	// Record results

etc/scripts/launch.sh

@@ -1,11 +1,13 @@
 #!/bin/bash -ex
 
-LOGDIR=logs
+DATADIR=/tmp/pearl/nodes
 
 port=$((3000 + RANDOM % 5000))
 nick=$(printf "pearl%04x" $RANDOM)
-logfile=${LOGDIR}/${nick}.json
+datadir=${DATADIR}/$nick
+logfile=${datadir}/log.json
 
-mkdir -p ${LOGDIR}
+mkdir -p ${datadir}
 make install-race
-pearl serve -n ${nick} -p ${port} -l ${logfile}
+pearl genkeys -d ${datadir}
+pearl serve -n ${nick} -p ${port} -d ${datadir} -l ${logfile}

router.go

@@ -18,11 +18,7 @@ import (
 
 // Router is a Tor router.
 type Router struct {
-	config *torconfig.Config
-
-	idKey       *rsa.PrivateKey
-	onionKey    *rsa.PrivateKey
-	ntorKey     *torcrypto.Curve25519KeyPair
+	config      *torconfig.Config
 	fingerprint []byte
 
 	connections *ConnectionManager
@@ -37,32 +33,14 @@ type Router struct {
 
 // NewRouter constructs a router based on the given config.
 func NewRouter(config *torconfig.Config, scope tally.Scope, logger log.Logger) (*Router, error) {
-	idKey, err := torcrypto.GenerateRSA()
-	if err != nil {
-		return nil, err
-	}
-
-	onionKey, err := torcrypto.GenerateRSA()
-	if err != nil {
-		return nil, err
-	}
-
-	ntorKey, err := torcrypto.GenerateCurve25519KeyPair()
-	if err != nil {
-		return nil, err
-	}
-
-	fingerprint, err := torcrypto.Fingerprint(&idKey.PublicKey)
+	fingerprint, err := torcrypto.Fingerprint(&config.Keys.Identity.PublicKey)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to compute fingerprint")
 	}
 
 	logger = log.ForComponent(logger, "router")
 	return &Router{
 		config:      config,
-		idKey:       idKey,
-		onionKey:    onionKey,
-		ntorKey:     ntorKey,
 		fingerprint: fingerprint,
 		connections: NewConnectionManager(),
 		metrics:     NewMetrics(scope, logger),
@@ -73,7 +51,7 @@ func NewRouter(config *torconfig.Config, scope tally.Scope, logger log.Logger) (
 
 // IdentityKey returns the identity key of the router.
 func (r *Router) IdentityKey() *rsa.PrivateKey {
-	return r.idKey
+	return r.config.Keys.Identity
 }
 
 // Fingerprint returns the router fingerprint.
@@ -169,11 +147,11 @@ func (r *Router) Descriptor() (*tordir.ServerDescriptor, error) {
 	if err := s.SetSigningKey(r.IdentityKey()); err != nil {
 		return nil, err
 	}
-	if err := s.SetOnionKey(&r.onionKey.PublicKey); err != nil {
+	if err := s.SetOnionKey(&r.config.Keys.Onion.PublicKey); err != nil {
 		return nil, err
 	}
 
-	s.SetNtorOnionKey(r.ntorKey)
+	s.SetNtorOnionKey(r.config.Keys.Ntor)
 	s.SetPlatform(r.config.Platform)
 	s.SetContact(r.config.Contact)
 	s.SetBandwidth(1000, 2000, 500) // TODO(mbm): publish real bandwidth values

torconfig/data.go

@@ -0,0 +1,36 @@
+package torconfig
+
+import "path/filepath"
+
+// Data is an interface to router data storage.
+type Data interface {
+	Keys() (*Keys, error)
+	SetKeys(*Keys) error
+}
+
+// dataDirectory manages the data directory structure for a relay.
+type dataDirectory string
+
+// NewDataDirectory constructs a new data directory at dir.
+func NewDataDirectory(dir string) Data {
+	return dataDirectory(dir)
+}
+
+// Keys loads keys from the data directory.
+func (d dataDirectory) Keys() (*Keys, error) {
+	return LoadKeysFromDirectory(d.keysDir())
+}
+
+// SetKeys writes keys to the data directory.
+func (d dataDirectory) SetKeys(k *Keys) error {
+	return k.SaveToDirectory(d.keysDir())
+}
+
+func (d dataDirectory) keysDir() string {
+	return d.path("keys")
+}
+
+// path constructs a path to sub inside the data directory.
+func (d dataDirectory) path(sub string) string {
+	return filepath.Join(string(d), sub)
+}