src/or/torcert.h

   1 /* Copyright (c) 2014-2016, The Tor Project, Inc. */
   2 /* See LICENSE for licensing information */
   3
   4 #ifndef TORCERT_H_INCLUDED
   5 #define TORCERT_H_INCLUDED
   6
   7 #include "crypto_ed25519.h"
   8
   9 #define SIGNED_KEY_TYPE_ED25519 0x01
  10
  11 #define CERT_TYPE_ID_SIGNING    0x04
  12 #define CERT_TYPE_SIGNING_LINK  0x05
  13 #define CERT_TYPE_SIGNING_AUTH  0x06
  14 #define CERT_TYPE_ONION_ID      0x0A
  15
  16 #define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1
  17
  18 /** An ed25519-signed certificate as used throughout the Tor protocol.
  19  **/
  20 typedef struct tor_cert_st {
  21   /** The key authenticated by this certificate */
  22   ed25519_public_key_t signed_key;
  23   /** The key that signed this certificate. This value may be unset if the
  24    * certificate has never been checked, and didn't include its own key. */
  25   ed25519_public_key_t signing_key;
  26   /** A time after which this certificate will no longer be valid. */
  27   time_t valid_until;
  28
  29   /** The encoded representation of this certificate */
  30   uint8_t *encoded;
  31   /** The length of <b>encoded</b> */
  32   size_t encoded_len;
  33
  34   /** One of CERT_TYPE_... */
  35   uint8_t cert_type;
  36   /** True iff we received a signing key embedded in this certificate */
  37   unsigned signing_key_included : 1;
  38   /** True iff we checked the signature and found it bad */
  39   unsigned sig_bad : 1;
  40   /** True iff we checked the signature and found it correct */
  41   unsigned sig_ok : 1;
  42   /** True iff we checked the signature and first found that the cert
  43    * had expired */
  44   unsigned cert_expired : 1;
  45   /** True iff we checked the signature and found the whole cert valid */
  46   unsigned cert_valid : 1;
  47 } tor_cert_t;
  48
  49 tor_cert_t *tor_cert_create(const ed25519_keypair_t *signing_key,
  50                             uint8_t cert_type,
  51                             const ed25519_public_key_t *signed_key,
  52                             time_t now, time_t lifetime,
  53                             uint32_t flags);
  54
  55 tor_cert_t *tor_cert_parse(const uint8_t *cert, size_t certlen);
  56
  57 void tor_cert_free(tor_cert_t *cert);
  58
  59 int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,
  60                                  const tor_cert_t *out,
  61                                  const ed25519_public_key_t *pubkey);
  62
  63 int tor_cert_checksig(tor_cert_t *cert,
  64                       const ed25519_public_key_t *pubkey, time_t now);
  65
  66 tor_cert_t *tor_cert_dup(const tor_cert_t *cert);
  67 int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
  68 int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
  69
  70 ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
  71                                        const crypto_pk_t *rsa_key,
  72                                        time_t expires,
  73                                        uint8_t **cert);
  74
  75 #endif
  76