vincenzopalazzo
/
arti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
arti/crates/tor-cert
History
Nick Mathewson a81ab391ae Bump patchlevel on crates with non-breaking changes 
For these crates, the changes are nontrivial, so we
_do_ bump the versions on which their dependent crates depend.

Fortunately, since they are all pre-1.0, we don't need to
distinguish semver-additions from other changes.  (Except for arti,
which _is_ post-1.0, but gets a patchlevel bump anyway.)

These are unstable crates with breaking changes:

```
tor-hscrypto
tor-hsclient
```

These have new or extended APIs:

```
safelog
tor-bytes
tor-cell
tor-linkspec
tor-llcrypto
tor-proto
tor-cert
arti-client
```

These have new unstable APIs or features:
```
tor-netdoc
tor-circmgr (also broke some unstable APIs)
arti (is post-1.0)
```

These have bugfixes only:
```
caret
tor-dirmgr
```
 		2023-03-31 08:24:39 -04:00
..
fuzz Do not .gitignore crates/*/fuzz/corpus 2023-01-20 17:29:00 +00:00
src Use the type system to enforce use of blinded keys. 2023-03-27 11:45:51 +01:00
tests Change tor_bytes::Error::BadMessage to a Cow. 2023-02-09 10:20:31 -05:00
Cargo.toml Bump patchlevel on crates with non-breaking changes 2023-03-31 08:24:39 -04:00
README.md Complete our migration to base64ct. 2023-01-20 08:06:30 -05:00

README.md

tor-cert

Implementation for Tor certificates

Overview

The tor-cert crate implements the binary certificate types documented in Tor's cert-spec.txt, which are used when authenticating Tor channels. (Eventually, support for onion service certificate support will get added too.)

This crate is part of Arti, a project to implement Tor in Rust.

There are other types of certificate used by Tor as well, and they are implemented in other places. In particular, see [tor-netdoc::doc::authcert] for the certificate types used by authorities in the directory protocol.

Design notes

The tor-cert code is in its own separate crate because it is required by several other higher-level crates that do not depend upon each other. For example, [tor-netdoc] parses encoded certificates from router descriptors, while [tor-proto] uses certificates when authenticating relays.

Examples

Parsing, validating, and inspecting a certificate:

use base64ct::{Base64, Encoding as _};
use tor_cert::*;
use tor_checkable::*;
// Taken from a random relay on the Tor network.
let cert_base64 =
 "AQQABrntAThPWJ4nFH1L77Ar+emd4GPXZTPUYzIwmR2H6Zod5TvXAQAgBAC+vzqh
  VFO1SGATubxcrZzrsNr+8hrsdZtyGg/Dde/TqaY1FNbeMqtAPMziWOd6txzShER4
  qc/haDk5V45Qfk6kjcKw+k7cPwyJeu+UF/azdoqcszHRnUHRXpiPzudPoA4=";
// Remove the whitespace, so base64 doesn't choke on it.
let cert_base64: String = cert_base64.split_whitespace().collect();
// Decode the base64.
let cert_bin = Base64::decode_vec(&cert_base64).unwrap();

// Decode the cert and check its signature.
let cert = Ed25519Cert::decode(&cert_bin).unwrap()
    .check_key(None).unwrap()
    .check_signature().unwrap()
    .dangerously_assume_timely();
let signed_key = cert.subject_key();

License: MIT OR Apache-2.0