tor/src/feature/relay/routerkeys.h

/* Copyright (c) 2014-2020, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
 * @file routerkeys.h
 * @brief Header for routerkeys.c
 **/

#ifndef TOR_ROUTERKEYS_H
#define TOR_ROUTERKEYS_H

#include "lib/crypt_ops/crypto_ed25519.h"

#ifdef HAVE_MODULE_RELAY

const ed25519_public_key_t *get_master_identity_key(void);
MOCK_DECL(const ed25519_keypair_t *, get_master_signing_keypair,(void));
MOCK_DECL(const struct tor_cert_st *, get_master_signing_key_cert,(void));

const ed25519_keypair_t *get_current_auth_keypair(void);
const struct tor_cert_st *get_current_link_cert_cert(void);
const struct tor_cert_st *get_current_auth_key_cert(void);

void get_master_rsa_crosscert(const uint8_t **cert_out,
                              size_t *size_out);

int router_ed25519_id_is_me(const ed25519_public_key_t *id);

/* These are only used by router.c */
struct tor_cert_st *make_ntor_onion_key_crosscert(
                                  const curve25519_keypair_t *onion_key,
                                  const ed25519_public_key_t *master_id_key,
                                  time_t now, time_t lifetime,
                                  int *sign_out);
uint8_t *make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
                                  const ed25519_public_key_t *master_id_key,
                                  const crypto_pk_t *rsa_id_key,
                                  int *len_out);

int log_cert_expiration(void);
int load_ed_keys(const or_options_t *options, time_t now);
int should_make_new_ed_keys(const or_options_t *options, const time_t now);

int generate_ed_link_cert(const or_options_t *options, time_t now, int force);

void routerkeys_free_all(void);

#else /* !defined(HAVE_MODULE_RELAY) */

#define router_ed25519_id_is_me(id) \
  ((void)(id), 0)

static inline void *
relay_key_is_unavailable_(void)
{
  tor_assert_nonfatal_unreached();
  return NULL;
}
#define relay_key_is_unavailable(type) \
  ((type)(relay_key_is_unavailable_()))

// Many of these can be removed once relay_handshake.c is relay-only.
#define get_current_auth_keypair() \
  relay_key_is_unavailable(const ed25519_keypair_t *)
#define get_master_signing_keypair() \
  relay_key_is_unavailable(const ed25519_keypair_t *)
#define get_current_link_cert_cert() \
  relay_key_is_unavailable(const struct tor_cert_st *)
#define get_current_auth_key_cert() \
  relay_key_is_unavailable(const struct tor_cert_st *)
#define get_master_signing_key_cert() \
  relay_key_is_unavailable(const struct tor_cert_st *)
#define get_master_rsa_crosscert(cert_out, size_out) \
  STMT_BEGIN                                         \
  tor_assert_nonfatal_unreached();                   \
  *(cert_out) = NULL;                                \
  *(size_out) = 0;                                   \
  STMT_END
#define get_master_identity_key() \
  relay_key_is_unavailable(const ed25519_public_key_t *)

#define generate_ed_link_cert(options, now, force) \
  ((void)(options), (void)(now), (void)(force), 0)
#define should_make_new_ed_keys(options, now) \
  ((void)(options), (void)(now), 0)

// These can get removed once router.c becomes relay-only.
static inline struct tor_cert_st *
make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key,
                              const ed25519_public_key_t *master_id_key,
                              time_t now, time_t lifetime,
                              int *sign_out)
{
  (void)onion_key;
  (void)master_id_key;
  (void)now;
  (void)lifetime;
  *sign_out = 0;
  tor_assert_nonfatal_unreached();
  return NULL;
}
static inline uint8_t *
make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
                             const ed25519_public_key_t *master_id_key,
                             const crypto_pk_t *rsa_id_key,
                             int *len_out)
{
  (void)onion_key;
  (void)master_id_key;
  (void)rsa_id_key;
  *len_out = 0;
  tor_assert_nonfatal_unreached();
  return NULL;
}

/* This calls is used outside of relay mode, but only to implement
 * CMD_KEY_EXPIRATION */
#define log_cert_expiration()                                           \
  (puts("Not available: Tor has been compiled without relay support"), 0)
/* This calls is used outside of relay mode, but only to implement
 * CMD_KEYGEN. */
#define load_ed_keys(x,y)                                                \
  (puts("Not available: Tor has been compiled without relay support"), 0)

#endif /* defined(HAVE_MODULE_RELAY) */

#ifdef TOR_UNIT_TESTS
const ed25519_keypair_t *get_master_identity_keypair(void);
void init_mock_ed_keys(const crypto_pk_t *rsa_identity_key);
#endif

#endif /* !defined(TOR_ROUTERKEYS_H) */