tor/src/or/torcert.h

/* Copyright (c) 2014-2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */

#ifndef TORCERT_H_INCLUDED
#define TORCERT_H_INCLUDED

#include "crypto_ed25519.h"

#define SIGNED_KEY_TYPE_ED25519     0x01

#define CERT_TYPE_ID_SIGNING        0x04
#define CERT_TYPE_SIGNING_LINK      0x05
#define CERT_TYPE_SIGNING_AUTH      0x06
#define CERT_TYPE_SIGNING_HS_DESC   0x08
#define CERT_TYPE_AUTH_HS_IP_KEY    0x09
#define CERT_TYPE_ONION_ID          0x0A
#define CERT_TYPE_CROSS_HS_IP_KEYS  0x0B

#define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1

/** An ed25519-signed certificate as used throughout the Tor protocol.
 **/
typedef struct tor_cert_st {
  /** The key authenticated by this certificate */
  ed25519_public_key_t signed_key;
  /** The key that signed this certificate. This value may be unset if the
   * certificate has never been checked, and didn't include its own key. */
  ed25519_public_key_t signing_key;
  /** A time after which this certificate will no longer be valid. */
  time_t valid_until;

  /** The encoded representation of this certificate */
  uint8_t *encoded;
  /** The length of <b>encoded</b> */
  size_t encoded_len;

  /** One of CERT_TYPE_... */
  uint8_t cert_type;
  /** True iff we received a signing key embedded in this certificate */
  unsigned signing_key_included : 1;
  /** True iff we checked the signature and found it bad */
  unsigned sig_bad : 1;
  /** True iff we checked the signature and found it correct */
  unsigned sig_ok : 1;
  /** True iff we checked the signature and first found that the cert
   * had expired */
  unsigned cert_expired : 1;
  /** True iff we checked the signature and found the whole cert valid */
  unsigned cert_valid : 1;
} tor_cert_t;

tor_cert_t *tor_cert_create(const ed25519_keypair_t *signing_key,
                            uint8_t cert_type,
                            const ed25519_public_key_t *signed_key,
                            time_t now, time_t lifetime,
                            uint32_t flags);

tor_cert_t *tor_cert_parse(const uint8_t *cert, size_t certlen);

void tor_cert_free(tor_cert_t *cert);

int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,
                               const tor_cert_t *out,
                               const ed25519_public_key_t *pubkey,
                               time_t *expiration_out);

int tor_cert_checksig(tor_cert_t *cert,
                      const ed25519_public_key_t *pubkey, time_t now);

tor_cert_t *tor_cert_dup(const tor_cert_t *cert);
int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);

ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
                                       const crypto_pk_t *rsa_key,
                                       time_t expires,
                                       uint8_t **cert);
int rsa_ed25519_crosscert_check(const uint8_t *crosscert,
                                const size_t crosscert_len,
                                const crypto_pk_t *rsa_id_key,
                                const ed25519_public_key_t *master_key,
                                const time_t reject_if_expired_before);

or_handshake_certs_t *or_handshake_certs_new(void);
void or_handshake_certs_free(or_handshake_certs_t *certs);
int or_handshake_certs_rsa_ok(int severity,
                              or_handshake_certs_t *certs,
                              tor_tls_t *tls,
                              time_t now);
int or_handshake_certs_ed25519_ok(int severity,
                                  or_handshake_certs_t *certs,
                                  tor_tls_t *tls,
                                  time_t now);
void or_handshake_certs_check_both(int severity,
                              or_handshake_certs_t *certs,
                              tor_tls_t *tls,
                              time_t now,
                              const ed25519_public_key_t **ed_id_out,
                              const common_digests_t **rsa_id_out);

int tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out);

#endif
Run the copyright update script. 2017-03-15 21:13:17 +01:00			`/* Copyright (c) 2014-2017, The Tor Project, Inc. */`
prop220: Implement certificates and key storage/creation For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished) 2014-09-30 22:00:17 +02:00			`/* See LICENSE for licensing information */`

			`#ifndef TORCERT_H_INCLUDED`
			`#define TORCERT_H_INCLUDED`

			`#include "crypto_ed25519.h"`

prop224: Rename cert type to follow naming convention Signed-off-by: David Goulet <dgoulet@torproject.org> 2016-09-14 21:05:48 +02:00			`#define SIGNED_KEY_TYPE_ED25519 0x01`
prop220: Implement certificates and key storage/creation For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished) 2014-09-30 22:00:17 +02:00
prop224: Rename cert type to follow naming convention Signed-off-by: David Goulet <dgoulet@torproject.org> 2016-09-14 21:05:48 +02:00			`#define CERT_TYPE_ID_SIGNING 0x04`
			`#define CERT_TYPE_SIGNING_LINK 0x05`
			`#define CERT_TYPE_SIGNING_AUTH 0x06`
			`#define CERT_TYPE_SIGNING_HS_DESC 0x08`
			`#define CERT_TYPE_AUTH_HS_IP_KEY 0x09`
			`#define CERT_TYPE_ONION_ID 0x0A`
			`#define CERT_TYPE_CROSS_HS_IP_KEYS 0x0B`
prop220: Implement certificates and key storage/creation For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished) 2014-09-30 22:00:17 +02:00
			`#define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1`

			`/** An ed25519-signed certificate as used throughout the Tor protocol.`
			`**/`
			`typedef struct tor_cert_st {`
			`/** The key authenticated by this certificate */`
			`ed25519_public_key_t signed_key;`
			`/** The key that signed this certificate. This value may be unset if the`
			`* certificate has never been checked, and didn't include its own key. */`
			`ed25519_public_key_t signing_key;`
			`/** A time after which this certificate will no longer be valid. */`
			`time_t valid_until;`

			`/** The encoded representation of this certificate */`
			`uint8_t *encoded;`
			`/** The length of <b>encoded</b> */`
			`size_t encoded_len;`

			`/** One of CERT_TYPE_... */`
			`uint8_t cert_type;`
			`/** True iff we received a signing key embedded in this certificate */`
			`unsigned signing_key_included : 1;`
			`/** True iff we checked the signature and found it bad */`
			`unsigned sig_bad : 1;`
			`/** True iff we checked the signature and found it correct */`
			`unsigned sig_ok : 1;`
			`/** True iff we checked the signature and first found that the cert`
			`* had expired */`
			`unsigned cert_expired : 1;`
			`/** True iff we checked the signature and found the whole cert valid */`
			`unsigned cert_valid : 1;`
			`} tor_cert_t;`

			`tor_cert_t tor_cert_create(const ed25519_keypair_t signing_key,`
			`uint8_t cert_type,`
			`const ed25519_public_key_t *signed_key,`
			`time_t now, time_t lifetime,`
			`uint32_t flags);`

			`tor_cert_t tor_cert_parse(const uint8_t cert, size_t certlen);`

			`void tor_cert_free(tor_cert_t *cert);`

			`int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,`
Fix a misfeature with the Ed cert expiration API The batch-verification helper didn't expose the expiration time, which made it pretty error-prone. This closes ticket 15087. 2016-08-30 14:48:50 +02:00			`const tor_cert_t *out,`
			`const ed25519_public_key_t *pubkey,`
			`time_t *expiration_out);`
prop220: Implement certificates and key storage/creation For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished) 2014-09-30 22:00:17 +02:00
			`int tor_cert_checksig(tor_cert_t *cert,`
			`const ed25519_public_key_t *pubkey, time_t now);`

Implement ed25519-signed descriptors Now that we have ed25519 keys, we can sign descriptors with them and check those signatures as documented in proposal 220. 2014-10-01 05:36:47 +02:00			`tor_cert_t tor_cert_dup(const tor_cert_t cert);`
Enforce more correspondence between ri and ei In particular, they have to list the same ed25519 certificate, and the SHA256 digest of the ei needs to match. 2014-10-24 15:19:49 +02:00			`int tor_cert_eq(const tor_cert_t cert1, const tor_cert_t cert2);`
			`int tor_cert_opt_eq(const tor_cert_t cert1, const tor_cert_t cert2);`
Implement ed25519-signed descriptors Now that we have ed25519 keys, we can sign descriptors with them and check those signatures as documented in proposal 220. 2014-10-01 05:36:47 +02:00
Generate weird certificates correctly (Our link protocol assumes that the link cert certifies the TLS key, and there is an RSA->Ed25519 crosscert) 2015-05-28 16:47:42 +02:00			`ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,`
			`const crypto_pk_t *rsa_key,`
			`time_t expires,`
			`uint8_t **cert);`
Add function to check RSA->Ed cross-certifications Also, adjust signing approach to more closely match the signing scheme in the proposal. (The format doesn't quite match the format in the proposal, since RSA signatures aren't fixed-length.) Closes 19020. 2016-08-10 20:19:09 +02:00			`int rsa_ed25519_crosscert_check(const uint8_t *crosscert,`
			`const size_t crosscert_len,`
			`const crypto_pk_t *rsa_id_key,`
			`const ed25519_public_key_t *master_key,`
			`const time_t reject_if_expired_before);`
Generate weird certificates correctly (Our link protocol assumes that the link cert certifies the TLS key, and there is an RSA->Ed25519 crosscert) 2015-05-28 16:47:42 +02:00
Migrate certificates into a sub-structure of or_handshake_state This will help us do cert-checking in the background in the future, perhaps. 2015-05-21 19:43:34 +02:00			`or_handshake_certs_t *or_handshake_certs_new(void);`
			`void or_handshake_certs_free(or_handshake_certs_t *certs);`
Refactor RSA certificate checking into its own function. 2015-05-21 20:28:12 +02:00			`int or_handshake_certs_rsa_ok(int severity,`
			`or_handshake_certs_t *certs,`
Make the current time an argument to x509 cert-checking functions This makes the code a bit cleaner by having more of the functions be pure functions that don't depend on the current time. 2016-08-11 02:02:03 +02:00			`tor_tls_t *tls,`
			`time_t now);`
Verify ed25519 link handshake certificates This code stores the ed certs as appropriate, and tries to check them. The Ed25519 result is not yet used, and (because of its behavior) this will break RSA authenticate cells. That will get fixed as we go, however. This should implement 19157, but it needs tests, and it needs to get wired in. 2015-06-19 15:09:49 +02:00			`int or_handshake_certs_ed25519_ok(int severity,`
			`or_handshake_certs_t *certs,`
			`tor_tls_t *tls,`
			`time_t now);`
			`void or_handshake_certs_check_both(int severity,`
			`or_handshake_certs_t *certs,`
			`tor_tls_t *tls,`
			`time_t now,`
			`const ed25519_public_key_t **ed_id_out,`
			`const common_digests_t **rsa_id_out);`
Migrate certificates into a sub-structure of or_handshake_state This will help us do cert-checking in the background in the future, perhaps. 2015-05-21 19:43:34 +02:00
Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519() Signed-off-by: David Goulet <dgoulet@torproject.org> 2016-11-10 02:01:26 +01:00			`int tor_cert_encode_ed22519(const tor_cert_t cert, char *cert_str_out);`

prop220: Implement certificates and key storage/creation For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished) 2014-09-30 22:00:17 +02:00			`#endif`