tor  0.4.2.0-alpha-dev
torcert.h
1 /* Copyright (c) 2014-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 #ifndef TORCERT_H_INCLUDED
5 #define TORCERT_H_INCLUDED
6 
8 
9 #define SIGNED_KEY_TYPE_ED25519 0x01
10 
11 #define CERT_TYPE_ID_SIGNING 0x04
12 #define CERT_TYPE_SIGNING_LINK 0x05
13 #define CERT_TYPE_SIGNING_AUTH 0x06
14 #define CERT_TYPE_SIGNING_HS_DESC 0x08
15 #define CERT_TYPE_AUTH_HS_IP_KEY 0x09
16 #define CERT_TYPE_ONION_ID 0x0A
17 #define CERT_TYPE_CROSS_HS_IP_KEYS 0x0B
18 
19 #define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1
20 
23 typedef struct tor_cert_st {
30  time_t valid_until;
31 
33  uint8_t *encoded;
35  size_t encoded_len;
36 
38  uint8_t cert_type;
40  unsigned signing_key_included : 1;
42  unsigned sig_bad : 1;
44  unsigned sig_ok : 1;
47  unsigned cert_expired : 1;
49  unsigned cert_valid : 1;
50 } tor_cert_t;
51 
52 struct tor_tls_t;
53 
54 tor_cert_t *tor_cert_create(const ed25519_keypair_t *signing_key,
55  uint8_t cert_type,
56  const ed25519_public_key_t *signed_key,
57  time_t now, time_t lifetime,
58  uint32_t flags);
59 
60 tor_cert_t *tor_cert_parse(const uint8_t *cert, size_t certlen);
61 
62 void tor_cert_free_(tor_cert_t *cert);
63 #define tor_cert_free(cert) FREE_AND_NULL(tor_cert_t, tor_cert_free_, (cert))
64 
66  const tor_cert_t *out,
67  const ed25519_public_key_t *pubkey,
68  time_t *expiration_out);
69 
71  const ed25519_public_key_t *pubkey, time_t now);
72 const char *tor_cert_describe_signature_status(const tor_cert_t *cert);
73 
74 MOCK_DECL(tor_cert_t *,tor_cert_dup,(const tor_cert_t *cert));
75 int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
76 int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
77 
79  const crypto_pk_t *rsa_key,
80  time_t expires,
81  uint8_t **cert);
82 MOCK_DECL(int,
83 rsa_ed25519_crosscert_check, (const uint8_t *crosscert,
84  const size_t crosscert_len,
85  const crypto_pk_t *rsa_id_key,
86  const ed25519_public_key_t *master_key,
87  const time_t reject_if_expired_before));
88 
91 #define or_handshake_certs_free(certs) \
92  FREE_AND_NULL(or_handshake_certs_t, or_handshake_certs_free_, (certs))
93 int or_handshake_certs_rsa_ok(int severity,
94  or_handshake_certs_t *certs,
95  struct tor_tls_t *tls,
96  time_t now);
97 int or_handshake_certs_ed25519_ok(int severity,
98  or_handshake_certs_t *certs,
99  struct tor_tls_t *tls,
100  time_t now);
101 void or_handshake_certs_check_both(int severity,
102  or_handshake_certs_t *certs,
103  struct tor_tls_t *tls,
104  time_t now,
105  const ed25519_public_key_t **ed_id_out,
106  const common_digests_t **rsa_id_out);
107 
108 int tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out);
109 
110 MOCK_DECL(int, check_tap_onion_key_crosscert,(const uint8_t *crosscert,
111  int crosscert_len,
112  const crypto_pk_t *onion_pkey,
113  const ed25519_public_key_t *master_id_pkey,
114  const uint8_t *rsa_id_digest));
115 
116 #endif /* !defined(TORCERT_H_INCLUDED) */
ed25519_public_key_t signed_key
Definition: torcert.h:25
uint8_t * encoded
Definition: torcert.h:33
void tor_cert_free_(tor_cert_t *cert)
Definition: torcert.c:144
unsigned sig_bad
Definition: torcert.h:42
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
Definition: torcert.c:244
int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2)
Definition: torcert.c:304
int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out, const tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t *expiration_out)
Definition: torcert.c:211
void or_handshake_certs_check_both(int severity, or_handshake_certs_t *certs, tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out)
Definition: torcert.c:685
time_t valid_until
Definition: torcert.h:30
uint8_t cert_type
Definition: torcert.h:38
tor_cert_t * tor_cert_create(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:131
ed25519_public_key_t signing_key
Definition: torcert.h:28
unsigned signing_key_included
Definition: torcert.h:40
int or_handshake_certs_ed25519_ok(int severity, or_handshake_certs_t *certs, tor_tls_t *tls, time_t now)
Definition: torcert.c:541
size_t encoded_len
Definition: torcert.h:35
unsigned cert_expired
Definition: torcert.h:47
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
Definition: torcert.c:331
tor_cert_t * tor_cert_parse(const uint8_t *encoded, const size_t len)
Definition: torcert.c:159
or_handshake_certs_t * or_handshake_certs_new(void)
Definition: torcert.c:471
Header for crypto_ed25519.c.
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
Definition: torcert.c:279
unsigned sig_ok
Definition: torcert.h:44
void or_handshake_certs_free_(or_handshake_certs_t *certs)
Definition: torcert.c:478
int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2)
Definition: torcert.c:315
#define MOCK_DECL(rv, funcname, arglist)
Definition: testsupport.h:94
unsigned cert_valid
Definition: torcert.h:49