Macros | Functions
loadkey.c File Reference

Read keys from disk, creating as needed. More...

#include "core/or/or.h"
#include "app/config/config.h"
#include "app/main/main.h"
#include "feature/keymgt/loadkey.h"
#include "feature/nodelist/torcert.h"
#include "lib/crypt_ops/crypto_pwbox.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/term/getpass.h"
#include "lib/crypt_ops/crypto_format.h"

Go to the source code of this file.


#define ENC_KEY_HEADER   "Boxed Ed25519 key"
#define ENC_KEY_TAG   "master"


crypto_pk_tinit_key_from_file (const char *fname, int generate, int severity, bool *created_out)
static ssize_t do_getpass (const char *prompt, char *buf, size_t buflen, int twice, const or_options_t *options)
int read_encrypted_secret_key (ed25519_secret_key_t *out, const char *fname)
int write_encrypted_secret_key (const ed25519_secret_key_t *key, const char *fname)
static int write_secret_key (const ed25519_secret_key_t *key, int encrypted, const char *fname, const char *fname_tag, const char *encrypted_fname)
ed25519_keypair_ted_key_init_from_file (const char *fname, uint32_t flags, int severity, const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out, const or_options_t *options)
ed25519_keypair_ted_key_new (const ed25519_keypair_t *signing_key, uint32_t flags, time_t now, time_t lifetime, uint8_t cert_type, struct tor_cert_st **cert_out)

Detailed Description

Read keys from disk, creating as needed.

This code is shared by relays and onion services, which both need this functionality.

Definition in file loadkey.c.

Function Documentation

◆ ed_key_init_from_file()

ed25519_keypair_t* ed_key_init_from_file ( const char *  fname,
uint32_t  flags,
int  severity,
const ed25519_keypair_t signing_key,
time_t  now,
time_t  lifetime,
uint8_t  cert_type,
struct tor_cert_st **  cert_out,
const or_options_t options 

Read an ed25519 key and associated certificates from files beginning with fname, with certificate type cert_type. On failure, return NULL; on success return the keypair.

The options is used to look at the change_key_passphrase value when writing to disk a secret key. It is safe to be NULL even in that case.

If INIT_ED_KEY_CREATE is set in flags, then create the key (and certificate if requested) if it doesn't exist, and save it to disk.

If INIT_ED_KEY_NEEDCERT is set in flags, load/create a certificate too and store it in *cert_out. Fail if the cert can't be found/created. To create a certificate, signing_key must be set to the key that should sign it; now to the current time, and lifetime to the lifetime of the key.

If INIT_ED_KEY_REPLACE is set in flags, then create and save new key whether we can read the old one or not.

If INIT_ED_KEY_EXTRA_STRONG is set in flags, set the extra_strong flag when creating the secret key.

If INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT is set in flags, and we create a new certificate, create it with the signing key embedded.

If INIT_ED_KEY_SPLIT is set in flags, and we create a new key, store the public key in a separate file from the secret key.

If INIT_ED_KEY_MISSING_SECRET_OK is set in flags, and we find a public key file but no secret key file, return successfully anyway.

If INIT_ED_KEY_OMIT_SECRET is set in flags, do not try to load a secret key unless no public key is found. Do not return a secret key. (but create and save one if needed).

If INIT_ED_KEY_TRY_ENCRYPTED is set, we look for an encrypted secret key and consider encrypting any new secret key.

If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys from disk other than their absence (full or partial), we do not try to replace them.

If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures refer to the –keygen option.

If INIT_ED_KEY_EXPLICIT_FNAME is set, use the provided file name for the secret key file, encrypted or not.

If INIT_ED_KEY_OFFLINE_SECRET is set, we won't try to load the master secret key and we log a message at severity that we've done so.

Definition at line 379 of file loadkey.c.

◆ ed_key_new()

ed25519_keypair_t* ed_key_new ( const ed25519_keypair_t signing_key,
uint32_t  flags,
time_t  now,
time_t  lifetime,
uint8_t  cert_type,
struct tor_cert_st **  cert_out 

Create a new signing key and (optionally) certificate; do not read or write from disk. See ed_key_init_from_file() for more information.

Definition at line 719 of file loadkey.c.

◆ init_key_from_file()

crypto_pk_t* init_key_from_file ( const char *  fname,
int  generate,
int  severity,
bool *  created_out 

Try to read an RSA key from fname. If fname doesn't exist and generate is true, create a new RSA key and save it in fname. Return the read/created key, or NULL on error. Log all errors at level severity. If created_out is non-NULL and a new key was created, set *created_out to true.

Definition at line 40 of file loadkey.c.