prop220: Implement certificates and key storage/creation

For prop220, we have a new ed25519 certificate type. This patch
implements the code to create, parse, and validate those, along with
code for routers to maintain their own sets of certificates and
keys.  (Some parts of master identity key encryption are done, but
the implementation of that isn't finished)

2 files changed, 14 insertions, 1 deletions

diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index f2e6945ac8..7e8b00abef 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -351,3 +351,13 @@ ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
   return 0;
 }
 
+void
+ed25519_keypair_free(ed25519_keypair_t *kp)
+{
+  if (! kp)
+    return;
+
+  memwipe(kp, 0, sizeof(*kp));
+  tor_free(kp);
+}
+
diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h
index 7efa74bff5..8e06191fc5 100644
--- a/src/common/crypto_ed25519.h
+++ b/src/common/crypto_ed25519.h
@@ -6,6 +6,7 @@
 
 #include "testsupport.h"
 #include "torint.h"
+#include "crypto_curve25519.h"
 
 #define ED25519_PUBKEY_LEN 32
 #define ED25519_SECKEY_LEN 64
@@ -60,7 +61,7 @@ int ed25519_checksig(const ed25519_signature_t *signature,
  */
 typedef struct {
   /** The public key that supposedly generated the signature. */
-  ed25519_public_key_t *pubkey;
+  const ed25519_public_key_t *pubkey;
   /** The signature to check. */
   ed25519_signature_t signature;
   /** The message that the signature is supposed to have been applied to. */
@@ -109,5 +110,7 @@ int ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
                                   char **tag_out,
                                   const char *filename);
 
+void ed25519_keypair_free(ed25519_keypair_t *kp);
+
 #endif