aboutsummaryrefslogtreecommitdiff
path: root/src/feature/relay/routerkeys.h
blob: 2b5f03a2a3063513013e59600e2c27e3f415e63b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/* Copyright (c) 2014-2020, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
 * @file routerkeys.h
 * @brief Header for routerkeys.c
 **/

#ifndef TOR_ROUTERKEYS_H
#define TOR_ROUTERKEYS_H

#include "lib/crypt_ops/crypto_ed25519.h"

#ifdef HAVE_MODULE_RELAY

const ed25519_public_key_t *get_master_identity_key(void);
MOCK_DECL(const ed25519_keypair_t *, get_master_signing_keypair,(void));
MOCK_DECL(const struct tor_cert_st *, get_master_signing_key_cert,(void));

const ed25519_keypair_t *get_current_auth_keypair(void);
const struct tor_cert_st *get_current_link_cert_cert(void);
const struct tor_cert_st *get_current_auth_key_cert(void);

void get_master_rsa_crosscert(const uint8_t **cert_out,
                              size_t *size_out);

int router_ed25519_id_is_me(const ed25519_public_key_t *id);

/* These are only used by router.c */
struct tor_cert_st *make_ntor_onion_key_crosscert(
                                  const curve25519_keypair_t *onion_key,
                                  const ed25519_public_key_t *master_id_key,
                                  time_t now, time_t lifetime,
                                  int *sign_out);
uint8_t *make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
                                  const ed25519_public_key_t *master_id_key,
                                  const crypto_pk_t *rsa_id_key,
                                  int *len_out);

int log_cert_expiration(void);
int load_ed_keys(const or_options_t *options, time_t now);
int should_make_new_ed_keys(const or_options_t *options, const time_t now);

int generate_ed_link_cert(const or_options_t *options, time_t now, int force);

void routerkeys_free_all(void);

#else /* !defined(HAVE_MODULE_RELAY) */

#define router_ed25519_id_is_me(id) \
  ((void)(id), 0)

static inline void *
relay_key_is_unavailable_(void)
{
  tor_assert_nonfatal_unreached();
  return NULL;
}
#define relay_key_is_unavailable(type) \
  ((type)(relay_key_is_unavailable_()))

// Many of these can be removed once relay_handshake.c is relay-only.
#define get_current_auth_keypair() \
  relay_key_is_unavailable(const ed25519_keypair_t *)
#define get_master_signing_keypair() \
  relay_key_is_unavailable(const ed25519_keypair_t *)
#define get_current_link_cert_cert() \
  relay_key_is_unavailable(const struct tor_cert_st *)
#define get_current_auth_key_cert() \
  relay_key_is_unavailable(const struct tor_cert_st *)
#define get_master_signing_key_cert() \
  relay_key_is_unavailable(const struct tor_cert_st *)
#define get_master_rsa_crosscert(cert_out, size_out) \
  STMT_BEGIN                                         \
  tor_assert_nonfatal_unreached();                   \
  *(cert_out) = NULL;                                \
  *(size_out) = 0;                                   \
  STMT_END
#define get_master_identity_key() \
  relay_key_is_unavailable(const ed25519_public_key_t *)

#define generate_ed_link_cert(options, now, force) \
  ((void)(options), (void)(now), (void)(force), 0)
#define should_make_new_ed_keys(options, now) \
  ((void)(options), (void)(now), 0)

// These can get removed once router.c becomes relay-only.
static inline struct tor_cert_st *
make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key,
                              const ed25519_public_key_t *master_id_key,
                              time_t now, time_t lifetime,
                              int *sign_out)
{
  (void)onion_key;
  (void)master_id_key;
  (void)now;
  (void)lifetime;
  (void)sign_out;
  tor_assert_nonfatal_unreached();
  return NULL;
}
static inline uint8_t *
make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
                             const ed25519_public_key_t *master_id_key,
                             const crypto_pk_t *rsa_id_key,
                             int *len_out)
{
  (void)onion_key;
  (void)master_id_key;
  (void)rsa_id_key;
  (void)len_out;
  tor_assert_nonfatal_unreached();
  return NULL;
}

/* This calls is used outside of relay mode, but only to implement
 * CMD_KEY_EXPIRATION */
#define log_cert_expiration()                                           \
  (puts("Not available: Tor has been compiled without relay support"), 0)
/* This calls is used outside of relay mode, but only to implement
 * CMD_KEYGEN. */
#define load_ed_keys(x,y)                                                \
  (puts("Not available: Tor has been compiled without relay support"), 0)

#endif /* defined(HAVE_MODULE_RELAY) */

#ifdef TOR_UNIT_TESTS
const ed25519_keypair_t *get_master_identity_keypair(void);
void init_mock_ed_keys(const crypto_pk_t *rsa_identity_key);
#endif

#endif /* !defined(TOR_ROUTERKEYS_H) */