torcert.h 2.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
  1. /* Copyright (c) 2014-2016, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #ifndef TORCERT_H_INCLUDED
  4. #define TORCERT_H_INCLUDED
  5. #include "crypto_ed25519.h"
  6. #define SIGNED_KEY_TYPE_ED25519 0x01
  7. #define CERT_TYPE_ID_SIGNING 0x04
  8. #define CERT_TYPE_SIGNING_LINK 0x05
  9. #define CERT_TYPE_SIGNING_AUTH 0x06
  10. #define CERT_TYPE_ONION_ID 0x0A
  11. #define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1
  12. /** An ed25519-signed certificate as used throughout the Tor protocol.
  13. **/
  14. typedef struct tor_cert_st {
  15. /** The key authenticated by this certificate */
  16. ed25519_public_key_t signed_key;
  17. /** The key that signed this certificate. This value may be unset if the
  18. * certificate has never been checked, and didn't include its own key. */
  19. ed25519_public_key_t signing_key;
  20. /** A time after which this certificate will no longer be valid. */
  21. time_t valid_until;
  22. /** The encoded representation of this certificate */
  23. uint8_t *encoded;
  24. /** The length of <b>encoded</b> */
  25. size_t encoded_len;
  26. /** One of CERT_TYPE_... */
  27. uint8_t cert_type;
  28. /** True iff we received a signing key embedded in this certificate */
  29. unsigned signing_key_included : 1;
  30. /** True iff we checked the signature and found it bad */
  31. unsigned sig_bad : 1;
  32. /** True iff we checked the signature and found it correct */
  33. unsigned sig_ok : 1;
  34. /** True iff we checked the signature and first found that the cert
  35. * had expired */
  36. unsigned cert_expired : 1;
  37. /** True iff we checked the signature and found the whole cert valid */
  38. unsigned cert_valid : 1;
  39. } tor_cert_t;
  40. tor_cert_t *tor_cert_create(const ed25519_keypair_t *signing_key,
  41. uint8_t cert_type,
  42. const ed25519_public_key_t *signed_key,
  43. time_t now, time_t lifetime,
  44. uint32_t flags);
  45. tor_cert_t *tor_cert_parse(const uint8_t *cert, size_t certlen);
  46. void tor_cert_free(tor_cert_t *cert);
  47. int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,
  48. const tor_cert_t *out,
  49. const ed25519_public_key_t *pubkey);
  50. int tor_cert_checksig(tor_cert_t *cert,
  51. const ed25519_public_key_t *pubkey, time_t now);
  52. tor_cert_t *tor_cert_dup(const tor_cert_t *cert);
  53. int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
  54. int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
  55. ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
  56. const crypto_pk_t *rsa_key,
  57. time_t expires,
  58. uint8_t **cert);
  59. #endif