Tor 0.4.9.0-alpha-dev
|
#include "lib/crypt_ops/crypto_ed25519.h"
Go to the source code of this file.
Data Structures | |
struct | tor_cert_t |
Macros | |
#define | SIGNED_KEY_TYPE_ED25519 0x01 |
#define | SIGNED_KEY_TYPE_SHA256_OF_RSA 0x02 |
#define | SIGNED_KEY_TYPE_SHA256_OF_X509 0x03 |
#define | CERT_TYPE_ID_SIGNING 0x04 |
#define | CERT_TYPE_SIGNING_LINK 0x05 |
#define | CERT_TYPE_SIGNING_AUTH 0x06 |
#define | CERT_TYPE_SIGNING_HS_DESC 0x08 |
#define | CERT_TYPE_AUTH_HS_IP_KEY 0x09 |
#define | CERT_TYPE_ONION_ID 0x0A |
#define | CERT_TYPE_CROSS_HS_IP_KEYS 0x0B |
#define | CERT_FLAG_INCLUDE_SIGNING_KEY 0x1 |
#define | tor_cert_free(cert) FREE_AND_NULL(tor_cert_t, tor_cert_free_, (cert)) |
#define | or_handshake_certs_free(certs) FREE_AND_NULL(or_handshake_certs_t, or_handshake_certs_free_, (certs)) |
Functions | |
tor_cert_t * | tor_cert_create_ed25519 (const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags) |
tor_cert_t * | tor_cert_create_raw (const ed25519_keypair_t *signing_key, uint8_t cert_type, uint8_t signed_key_type, const uint8_t signed_key_info[32], time_t now, time_t lifetime, uint32_t flags) |
tor_cert_t * | tor_cert_parse (const uint8_t *cert, size_t certlen) |
void | tor_cert_free_ (tor_cert_t *cert) |
int | tor_cert_get_checkable_sig (ed25519_checkable_t *checkable_out, const tor_cert_t *out, const ed25519_public_key_t *pubkey, time_t *expiration_out) |
int | tor_cert_checksig (tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now) |
const char * | tor_cert_describe_signature_status (const tor_cert_t *cert) |
tor_cert_t * | tor_cert_dup (const tor_cert_t *cert) |
int | tor_cert_eq (const tor_cert_t *cert1, const tor_cert_t *cert2) |
int | tor_cert_opt_eq (const tor_cert_t *cert1, const tor_cert_t *cert2) |
ssize_t | tor_make_rsa_ed25519_crosscert (const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert) |
int | rsa_ed25519_crosscert_check (const uint8_t *crosscert, const size_t crosscert_len, const crypto_pk_t *rsa_id_key, const ed25519_public_key_t *master_key, const time_t reject_if_expired_before) |
or_handshake_certs_t * | or_handshake_certs_new (void) |
void | or_handshake_certs_free_ (or_handshake_certs_t *certs) |
int | or_handshake_certs_rsa_ok (int severity, or_handshake_certs_t *certs, struct tor_tls_t *tls, time_t now) |
int | or_handshake_certs_ed25519_ok (int severity, or_handshake_certs_t *certs, struct tor_tls_t *tls, time_t now) |
void | or_handshake_certs_check_both (int severity, or_handshake_certs_t *certs, struct tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out) |
int | tor_cert_encode_ed22519 (const tor_cert_t *cert, char **cert_str_out) |
int | check_tap_onion_key_crosscert (const uint8_t *crosscert, int crosscert_len, const crypto_pk_t *onion_pkey, const ed25519_public_key_t *master_id_pkey, const uint8_t *rsa_id_digest) |
#define or_handshake_certs_free | ( | certs | ) | FREE_AND_NULL(or_handshake_certs_t, or_handshake_certs_free_, (certs)) |
#define tor_cert_free | ( | cert | ) | FREE_AND_NULL(tor_cert_t, tor_cert_free_, (cert)) |
int check_tap_onion_key_crosscert | ( | const uint8_t * | crosscert, |
int | crosscert_len, | ||
const crypto_pk_t * | onion_pkey, | ||
const ed25519_public_key_t * | master_id_pkey, | ||
const uint8_t * | rsa_id_digest | ||
) |
void or_handshake_certs_check_both | ( | int | severity, |
or_handshake_certs_t * | certs, | ||
tor_tls_t * | tls, | ||
time_t | now, | ||
const ed25519_public_key_t ** | ed_id_out, | ||
const common_digests_t ** | rsa_id_out | ||
) |
int or_handshake_certs_ed25519_ok | ( | int | severity, |
or_handshake_certs_t * | certs, | ||
tor_tls_t * | tls, | ||
time_t | now | ||
) |
Check all the ed25519 certificates in certs against each other, and against the peer certificate in tls if appropriate. On success, return 0; on failure, return a negative value and warn at level severity
Definition at line 541 of file torcert.c.
Referenced by or_handshake_certs_check_both().
void or_handshake_certs_free_ | ( | or_handshake_certs_t * | certs | ) |
or_handshake_certs_t * or_handshake_certs_new | ( | void | ) |
int or_handshake_certs_rsa_ok | ( | int | severity, |
or_handshake_certs_t * | certs, | ||
struct tor_tls_t * | tls, | ||
time_t | now | ||
) |
int rsa_ed25519_crosscert_check | ( | const uint8_t * | crosscert, |
const size_t | crosscert_len, | ||
const crypto_pk_t * | rsa_id_key, | ||
const ed25519_public_key_t * | master_key, | ||
const time_t | reject_if_expired_before | ||
) |
Check whether the crosscert_len byte certificate in crosscert is in fact a correct cross-certification of master_key using the RSA key rsa_id_key.
Also reject the certificate if it expired before reject_if_expired_before.
Return 0 on success, negative on failure.
int tor_cert_checksig | ( | tor_cert_t * | cert, |
const ed25519_public_key_t * | pubkey, | ||
time_t | now | ||
) |
tor_cert_t * tor_cert_create_ed25519 | ( | const ed25519_keypair_t * | signing_key, |
uint8_t | cert_type, | ||
const ed25519_public_key_t * | signed_key, | ||
time_t | now, | ||
time_t | lifetime, | ||
uint32_t | flags | ||
) |
Create and return a new new certificate of type cert_type to authenticate signed_key using the key signing_key. The certificate should remain valid for at least lifetime seconds after now.
If CERT_FLAG_INCLUDE_SIGNING_KEY is set in flags, embed the public part of signing_key in the certificate.
Definition at line 131 of file torcert.c.
Referenced by make_ntor_onion_key_crosscert(), and setup_desc_intro_point().
tor_cert_t * tor_cert_create_raw | ( | const ed25519_keypair_t * | signing_key, |
uint8_t | cert_type, | ||
uint8_t | signed_key_type, | ||
const uint8_t | signed_key_info[32], | ||
time_t | now, | ||
time_t | lifetime, | ||
uint32_t | flags | ||
) |
As tor_cert_create(), but accept an arbitrary signed_key_type as the subject key – not just an ed25519 key.
Definition at line 44 of file torcert.c.
Referenced by tor_cert_create_ed25519().
const char * tor_cert_describe_signature_status | ( | const tor_cert_t * | cert | ) |
tor_cert_t * tor_cert_dup | ( | const tor_cert_t * | cert | ) |
int tor_cert_encode_ed22519 | ( | const tor_cert_t * | cert, |
char ** | cert_str_out | ||
) |
int tor_cert_eq | ( | const tor_cert_t * | cert1, |
const tor_cert_t * | cert2 | ||
) |
Return true iff cert1 and cert2 are the same cert.
Definition at line 304 of file torcert.c.
Referenced by tor_cert_opt_eq().
void tor_cert_free_ | ( | tor_cert_t * | cert | ) |
int tor_cert_get_checkable_sig | ( | ed25519_checkable_t * | checkable_out, |
const tor_cert_t * | cert, | ||
const ed25519_public_key_t * | pubkey, | ||
time_t * | expiration_out | ||
) |
int tor_cert_opt_eq | ( | const tor_cert_t * | cert1, |
const tor_cert_t * | cert2 | ||
) |
Return true iff cert1 and cert2 are the same cert, or if they are both NULL.
Definition at line 315 of file torcert.c.
Referenced by routerinfo_incompatible_with_extrainfo().
tor_cert_t * tor_cert_parse | ( | const uint8_t * | encoded, |
const size_t | len | ||
) |
Parse a certificate encoded with len bytes in encoded.
Definition at line 159 of file torcert.c.
Referenced by cert_parse_and_validate().
ssize_t tor_make_rsa_ed25519_crosscert | ( | const ed25519_public_key_t * | ed_key, |
const crypto_pk_t * | rsa_key, | ||
time_t | expires, | ||
uint8_t ** | cert | ||
) |