tor  0.4.1.0-alpha-dev
Macros | Functions
loadkey.h File Reference
#include "lib/crypt_ops/crypto_ed25519.h"

Go to the source code of this file.

Macros

#define INIT_ED_KEY_CREATE   (1u<<0)
 
#define INIT_ED_KEY_REPLACE   (1u<<1)
 
#define INIT_ED_KEY_SPLIT   (1u<<2)
 
#define INIT_ED_KEY_MISSING_SECRET_OK   (1u<<3)
 
#define INIT_ED_KEY_NEEDCERT   (1u<<4)
 
#define INIT_ED_KEY_EXTRA_STRONG   (1u<<5)
 
#define INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT   (1u<<6)
 
#define INIT_ED_KEY_OMIT_SECRET   (1u<<7)
 
#define INIT_ED_KEY_TRY_ENCRYPTED   (1u<<8)
 
#define INIT_ED_KEY_NO_REPAIR   (1u<<9)
 
#define INIT_ED_KEY_SUGGEST_KEYGEN   (1u<<10)
 
#define INIT_ED_KEY_OFFLINE_SECRET   (1u<<11)
 
#define INIT_ED_KEY_EXPLICIT_FNAME   (1u<<12)
 

Functions

crypto_pk_tinit_key_from_file (const char *fname, int generate, int severity, bool *created_out)
 
ed25519_keypair_ted_key_init_from_file (const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
 
ed25519_keypair_ted_key_new (const ed25519_keypair_t *signing_key, uint32_t flags, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out)
 
int read_encrypted_secret_key (ed25519_secret_key_t *out, const char *fname)
 
int write_encrypted_secret_key (const ed25519_secret_key_t *out, const char *fname)
 

Detailed Description

Header file for loadkey.c.

Definition in file loadkey.h.

Function Documentation

◆ ed_key_init_from_file()

ed25519_keypair_t* ed_key_init_from_file ( const char *  fname,
uint32_t  flags,
int  severity,
const ed25519_keypair_t signing_key,
time_t  now,
time_t  lifetime,
uint8_t  cert_type,
struct tor_cert_st **  cert_out,
const or_options_t options 
)

Read an ed25519 key and associated certificates from files beginning with fname, with certificate type cert_type. On failure, return NULL; on success return the keypair.

The options is used to look at the change_key_passphrase value when writing to disk a secret key. It is safe to be NULL even in that case.

If INIT_ED_KEY_CREATE is set in flags, then create the key (and certificate if requested) if it doesn't exist, and save it to disk.

If INIT_ED_KEY_NEEDCERT is set in flags, load/create a certificate too and store it in *cert_out. Fail if the cert can't be found/created. To create a certificate, signing_key must be set to the key that should sign it; now to the current time, and lifetime to the lifetime of the key.

If INIT_ED_KEY_REPLACE is set in flags, then create and save new key whether we can read the old one or not.

If INIT_ED_KEY_EXTRA_STRONG is set in flags, set the extra_strong flag when creating the secret key.

If INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT is set in flags, and we create a new certificate, create it with the signing key embedded.

If INIT_ED_KEY_SPLIT is set in flags, and we create a new key, store the public key in a separate file from the secret key.

If INIT_ED_KEY_MISSING_SECRET_OK is set in flags, and we find a public key file but no secret key file, return successfully anyway.

If INIT_ED_KEY_OMIT_SECRET is set in flags, do not try to load a secret key unless no public key is found. Do not return a secret key. (but create and save one if needed).

If INIT_ED_KEY_TRY_ENCRYPTED is set, we look for an encrypted secret key and consider encrypting any new secret key.

If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys from disk other than their absence (full or partial), we do not try to replace them.

If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures refer to the –keygen option.

If INIT_ED_KEY_EXPLICIT_FNAME is set, use the provided file name for the secret key file, encrypted or not.

If INIT_ED_KEY_OFFLINE_SECRET is set, we won't try to load the master secret key and we log a message at severity that we've done so.

Definition at line 379 of file loadkey.c.

◆ ed_key_new()

ed25519_keypair_t* ed_key_new ( const ed25519_keypair_t signing_key,
uint32_t  flags,
time_t  now,
time_t  lifetime,
uint8_t  cert_type,
struct tor_cert_st **  cert_out 
)

Create a new signing key and (optionally) certficiate; do not read or write from disk. See ed_key_init_from_file() for more information.

Definition at line 719 of file loadkey.c.

◆ init_key_from_file()

crypto_pk_t* init_key_from_file ( const char *  fname,
int  generate,
int  severity,
bool *  created_out 
)

Try to read an RSA key from fname. If fname doesn't exist and generate is true, create a new RSA key and save it in fname. Return the read/created key, or NULL on error. Log all errors at level severity. If created_out/b> is non-NULL and a new key was created, set *created_out to true.

Definition at line 40 of file loadkey.c.

References file_status(), LD_GENERAL, and tor_log().