routerkeys.h (5842B)
1 /* Copyright (c) 2014-2021, The Tor Project, Inc. */ 2 /* See LICENSE for licensing information */ 3 4 /** 5 * @file routerkeys.h 6 * @brief Header for routerkeys.c 7 **/ 8 9 #ifndef TOR_ROUTERKEYS_H 10 #define TOR_ROUTERKEYS_H 11 12 #include "lib/crypt_ops/crypto_ed25519.h" 13 14 #ifdef HAVE_MODULE_RELAY 15 16 const ed25519_public_key_t *get_master_identity_key(void); 17 MOCK_DECL(const ed25519_keypair_t *, get_master_signing_keypair,(void)); 18 MOCK_DECL(const struct tor_cert_st *, get_master_signing_key_cert,(void)); 19 20 const ed25519_keypair_t *get_current_auth_keypair(void); 21 const struct tor_cert_st *get_current_link_cert_cert(void); 22 const struct tor_cert_st *get_current_auth_key_cert(void); 23 24 smartlist_t *list_family_key_files(const or_options_t *options, 25 const char *keydir); 26 const smartlist_t *get_current_family_id_keys(void); 27 28 void get_master_rsa_crosscert(const uint8_t **cert_out, 29 size_t *size_out); 30 31 int router_ed25519_id_is_me(const ed25519_public_key_t *id); 32 33 /* These are only used by router.c */ 34 struct tor_cert_st *make_ntor_onion_key_crosscert( 35 const curve25519_keypair_t *onion_key, 36 const ed25519_public_key_t *master_id_key, 37 time_t now, time_t lifetime, 38 int *sign_out); 39 uint8_t *make_tap_onion_key_crosscert(const crypto_pk_t *onion_key, 40 const ed25519_public_key_t *master_id_key, 41 const crypto_pk_t *rsa_id_key, 42 int *len_out); 43 44 int log_cert_expiration(void); 45 int load_ed_keys(const or_options_t *options, time_t now); 46 int load_family_id_keys(const or_options_t *options, 47 const networkstatus_t *ns); 48 int create_family_id_key(const char *fname, ed25519_public_key_t *pk_out); 49 void warn_about_family_id_config(const or_options_t *options, 50 const networkstatus_t *ns); 51 int should_make_new_ed_keys(const or_options_t *options, const time_t now); 52 53 int generate_ed_link_cert(const or_options_t *options, time_t now, int force); 54 55 void routerkeys_free_all(void); 56 57 #else /* !defined(HAVE_MODULE_RELAY) */ 58 59 #define router_ed25519_id_is_me(id) \ 60 ((void)(id), 0) 61 62 static inline void * 63 relay_key_is_unavailable_(void) 64 { 65 return NULL; 66 } 67 #define relay_key_is_unavailable(type) \ 68 ((type)(relay_key_is_unavailable_())) 69 70 // Many of these can be removed once relay_handshake.c is relay-only. 71 #define get_current_auth_keypair() \ 72 relay_key_is_unavailable(const ed25519_keypair_t *) 73 #define get_master_signing_keypair() \ 74 relay_key_is_unavailable(const ed25519_keypair_t *) 75 #define get_current_link_cert_cert() \ 76 relay_key_is_unavailable(const struct tor_cert_st *) 77 #define get_current_auth_key_cert() \ 78 relay_key_is_unavailable(const struct tor_cert_st *) 79 #define get_master_signing_key_cert() \ 80 relay_key_is_unavailable(const struct tor_cert_st *) 81 #define get_master_rsa_crosscert(cert_out, size_out) \ 82 STMT_BEGIN \ 83 tor_assert_nonfatal_unreached(); \ 84 *(cert_out) = NULL; \ 85 *(size_out) = 0; \ 86 STMT_END 87 #define get_master_identity_key() \ 88 relay_key_is_unavailable(const ed25519_public_key_t *) 89 90 #define generate_ed_link_cert(options, now, force) \ 91 ((void)(options), (void)(now), (void)(force), 0) 92 #define should_make_new_ed_keys(options, now) \ 93 ((void)(options), (void)(now), 0) 94 #define warn_about_family_id_config(options,ns) \ 95 ((void)(options), (void)(ns)) 96 #define get_current_family_id_keys() \ 97 (smartlist_new()) 98 99 // These can get removed once router.c becomes relay-only. 100 static inline struct tor_cert_st * 101 make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key, 102 const ed25519_public_key_t *master_id_key, 103 time_t now, time_t lifetime, 104 int *sign_out) 105 { 106 (void)onion_key; 107 (void)master_id_key; 108 (void)now; 109 (void)lifetime; 110 *sign_out = 0; 111 tor_assert_nonfatal_unreached(); 112 return NULL; 113 } 114 static inline uint8_t * 115 make_tap_onion_key_crosscert(const crypto_pk_t *onion_key, 116 const ed25519_public_key_t *master_id_key, 117 const crypto_pk_t *rsa_id_key, 118 int *len_out) 119 { 120 (void)onion_key; 121 (void)master_id_key; 122 (void)rsa_id_key; 123 *len_out = 0; 124 tor_assert_nonfatal_unreached(); 125 return NULL; 126 } 127 128 /* This calls is used outside of relay mode, but only to implement 129 * CMD_KEY_EXPIRATION */ 130 #define log_cert_expiration() \ 131 (puts("Not available: Tor has been compiled without relay support"), 0) 132 /* This calls is used outside of relay mode, but only to implement 133 * CMD_KEYGEN. */ 134 #define load_ed_keys(x,y) \ 135 (puts("Not available: Tor has been compiled without relay support"), 0) 136 #define load_family_id_keys(x,y) \ 137 (puts("Not available: Tor has been compiled without relay support"), 0) 138 #define create_family_id_key(x,y) \ 139 (puts("Not available: Tor has been compiled without relay support"), -1) 140 141 #endif /* defined(HAVE_MODULE_RELAY) */ 142 143 #ifdef TOR_UNIT_TESTS 144 const ed25519_keypair_t *get_master_identity_keypair(void); 145 void init_mock_ed_keys(const crypto_pk_t *rsa_identity_key); 146 #endif 147 148 #ifdef ROUTERKEYS_PRIVATE 149 STATIC void set_family_id_keys(smartlist_t *keys); 150 STATIC bool is_family_key_fname(const char *fname); 151 STATIC int load_family_id_keys_impl(const or_options_t *options, 152 const char *keydir); 153 #endif 154 155 #endif /* !defined(TOR_ROUTERKEYS_H) */