Tor 0.4.9.2-alpha-dev
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
torcert.h
Go to the documentation of this file.
1/* Copyright (c) 2014-2021, The Tor Project, Inc. */
2/* See LICENSE for licensing information */
3
4/**
5 * @file torcert.h
6 * @brief Header for torcert.c
7 **/
8
9#ifndef TORCERT_H_INCLUDED
10#define TORCERT_H_INCLUDED
11
13
14#define SIGNED_KEY_TYPE_ED25519 0x01
15#define SIGNED_KEY_TYPE_SHA256_OF_RSA 0x02
16#define SIGNED_KEY_TYPE_SHA256_OF_X509 0x03
17
18#define CERT_TYPE_ID_SIGNING 0x04
19#define CERT_TYPE_SIGNING_LINK 0x05
20#define CERT_TYPE_SIGNING_AUTH 0x06
21#define CERT_TYPE_SIGNING_HS_DESC 0x08
22#define CERT_TYPE_AUTH_HS_IP_KEY 0x09
23#define CERT_TYPE_ONION_ID 0x0A
24#define CERT_TYPE_CROSS_HS_IP_KEYS 0x0B
25#define CERT_TYPE_FAMILY_V_IDENTITY 0x0C
26
27#define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1
28
29/** An ed25519-signed certificate as used throughout the Tor protocol.
30 **/
31typedef struct tor_cert_st {
32 /** The key authenticated by this certificate */
34 /** The key that signed this certificate. This value may be unset if the
35 * certificate has never been checked, and didn't include its own key. */
37 /** A time after which this certificate will no longer be valid. */
39
40 /** The encoded representation of this certificate */
41 uint8_t *encoded;
42 /** The length of <b>encoded</b> */
44
45 /** One of CERT_TYPE_... */
46 uint8_t cert_type;
47 /** True iff we received a signing key embedded in this certificate */
49 /** True iff we checked the signature and found it bad */
50 unsigned sig_bad : 1;
51 /** True iff we checked the signature and found it correct */
52 unsigned sig_ok : 1;
53 /** True iff we checked the signature and first found that the cert
54 * had expired */
55 unsigned cert_expired : 1;
56 /** True iff we checked the signature and found the whole cert valid */
57 unsigned cert_valid : 1;
59
60struct tor_tls_t;
61
63 uint8_t cert_type,
64 const ed25519_public_key_t *signed_key,
65 time_t now, time_t lifetime,
66 uint32_t flags);
68 uint8_t cert_type,
69 uint8_t signed_key_type,
70 const uint8_t signed_key_info[32],
71 time_t now, time_t lifetime,
72 uint32_t flags);
73
74tor_cert_t *tor_cert_parse(const uint8_t *cert, size_t certlen);
75
76void tor_cert_free_(tor_cert_t *cert);
77#define tor_cert_free(cert) FREE_AND_NULL(tor_cert_t, tor_cert_free_, (cert))
78
80 const tor_cert_t *out,
81 const ed25519_public_key_t *pubkey,
82 time_t *expiration_out);
83
85 const ed25519_public_key_t *pubkey, time_t now);
86const char *tor_cert_describe_signature_status(const tor_cert_t *cert);
87
89int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
90int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
91
93 const crypto_pk_t *rsa_key,
94 time_t expires,
95 uint8_t **cert);
96MOCK_DECL(int,
97rsa_ed25519_crosscert_check, (const uint8_t *crosscert,
98 const size_t crosscert_len,
99 const crypto_pk_t *rsa_id_key,
100 const ed25519_public_key_t *master_key,
101 const time_t reject_if_expired_before));
102
105#define or_handshake_certs_free(certs) \
106 FREE_AND_NULL(or_handshake_certs_t, or_handshake_certs_free_, (certs))
107int or_handshake_certs_rsa_ok(int severity,
109 struct tor_tls_t *tls,
110 time_t now);
111int or_handshake_certs_ed25519_ok(int severity,
113 struct tor_tls_t *tls,
114 time_t now);
115void or_handshake_certs_check_both(int severity,
117 struct tor_tls_t *tls,
118 time_t now,
119 const ed25519_public_key_t **ed_id_out,
120 const common_digests_t **rsa_id_out);
121
122int tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out);
123
124MOCK_DECL(int, check_tap_onion_key_crosscert,(const uint8_t *crosscert,
125 int crosscert_len,
126 const crypto_pk_t *onion_pkey,
127 const ed25519_public_key_t *master_id_pkey,
128 const uint8_t *rsa_id_digest));
129
130#endif /* !defined(TORCERT_H_INCLUDED) */
Header for crypto_ed25519.c.
unsigned cert_expired
Definition: torcert.h:55
ed25519_public_key_t signing_key
Definition: torcert.h:36
unsigned sig_bad
Definition: torcert.h:50
size_t encoded_len
Definition: torcert.h:43
uint8_t cert_type
Definition: torcert.h:46
time_t valid_until
Definition: torcert.h:38
unsigned cert_valid
Definition: torcert.h:57
uint8_t * encoded
Definition: torcert.h:41
ed25519_public_key_t signed_key
Definition: torcert.h:33
unsigned signing_key_included
Definition: torcert.h:48
unsigned sig_ok
Definition: torcert.h:52
#define MOCK_DECL(rv, funcname, arglist)
Definition: testsupport.h:127
tor_cert_t * tor_cert_dup(const tor_cert_t *cert)
Definition: torcert.c:294
void tor_cert_free_(tor_cert_t *cert)
Definition: torcert.c:144
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, const crypto_pk_t *rsa_key, time_t expires, uint8_t **cert)
Definition: torcert.c:331
int rsa_ed25519_crosscert_check(const uint8_t *crosscert, const size_t crosscert_len, const crypto_pk_t *rsa_id_key, const ed25519_public_key_t *master_key, const time_t reject_if_expired_before)
Definition: torcert.c:395
void or_handshake_certs_free_(or_handshake_certs_t *certs)
Definition: torcert.c:478
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
Definition: torcert.c:244
tor_cert_t * tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, uint8_t cert_type, const ed25519_public_key_t *signed_key, time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:131
int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2)
Definition: torcert.c:315
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
Definition: torcert.c:279
int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2)
Definition: torcert.c:304
or_handshake_certs_t * or_handshake_certs_new(void)
Definition: torcert.c:471
int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out, const tor_cert_t *out, const ed25519_public_key_t *pubkey, time_t *expiration_out)
Definition: torcert.c:211
int check_tap_onion_key_crosscert(const uint8_t *crosscert, int crosscert_len, const crypto_pk_t *onion_pkey, const ed25519_public_key_t *master_id_pkey, const uint8_t *rsa_id_digest)
Definition: torcert.c:649
void or_handshake_certs_check_both(int severity, or_handshake_certs_t *certs, struct tor_tls_t *tls, time_t now, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out)
Definition: torcert.c:685
int or_handshake_certs_ed25519_ok(int severity, or_handshake_certs_t *certs, struct tor_tls_t *tls, time_t now)
Definition: torcert.c:541
tor_cert_t * tor_cert_parse(const uint8_t *cert, size_t certlen)
Definition: torcert.c:159
tor_cert_t * tor_cert_create_raw(const ed25519_keypair_t *signing_key, uint8_t cert_type, uint8_t signed_key_type, const uint8_t signed_key_info[32], time_t now, time_t lifetime, uint32_t flags)
Definition: torcert.c:44