vincenzopalazzo
/
arti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
arti/crates/tor-checkable
History
Nick Mathewson 96875ea208 Bump crate versions in preparation for Arti 1.0.0 release. 
Because we want to work more on ensuring that our semver stability
story is solid, we are _not_ bumping arti-client to 1.0.0 right now.

Here are the bumps we _are_ doing.  Crates with "minor" bumps have
had API breaks; crates with "patch" bumps have had new APIs added.

Note that `tor-congestion` is not bumped here: it's a new crate, and
hasn't been published before.

```
tor-basic-utils         minor
fs-mistrust             minor
tor-config              minor
tor-rtcompat            minor
tor-rtmock              minor
tor-llcrypto            patch
tor-bytes               patch
tor-linkspec            minor
tor-cell                minor
tor-proto               minor
tor-netdoc              patch
tor-netdir              minor
tor-persist             patch
tor-chanmgr             minor
tor-guardmgr            minor
tor-circmgr             minor
tor-dirmgr              minor
arti-client             minor
arti-hyper              minor
arti                    major
arti-bench              minor
arti-testing            minor
```
 		2022-09-01 08:59:49 -04:00
..
src enable doc_auto_cfg feature on every crate when documenting for docs.rs 2022-08-24 18:22:41 +02:00
Cargo.toml Bump crate versions in preparation for Arti 1.0.0 release. 2022-09-01 08:59:49 -04:00
README.md Move all crates into a `crates` subdirectory. 2021-08-27 09:53:09 -04:00

README.md

tor-checkable

Traits for wrapping up signed and/or time-bound objects

Overview

Frequently (for testing reasons or otherwise), we want to ensure that an object can only be used if a signature is valid, or if some timestamp is recent enough.

As an example, consider a self-signed certificate. You can parse it cheaply enough (and find its key by doing so), but you probably want to make sure that nobody will use that certificate unless its signature is correct and its timestamps are not expired.

With the tor-checkable crate, you can instead return an object that represents the certificate in its unchecked state. The caller can access the certificate, but only after checking the signature and the time.

This crate is part of Arti, a project to implement Tor in Rust. Many other crates in Arti depend on it, but it should be generally useful outside of Arti.

Design notes and alternatives

The types in this crate provide functions to return the underlying objects without checking them. This is very convenient for testing, though you wouldn't want to do it in production code. To prevent mistakes, these functions all begin with the word dangerously.

Another approach you might take is to put signature and timeliness checks inside your parsing function. But if you do that, it will get hard to test your code: you will only be able to parse certificates that are valid when the parser is running. And if you want to test parsing a new kind of certificate, you'll need to make sure to put a valid signature on it. (And all of this signature parsing will slow down any attempts to fuzz your parser.)

You could have your parser take a flag to tell it whether to check signatures and timeliness, but that could be error prone: if anybody sets the flag wrong, they will skip doing the checks.

License: MIT OR Apache-2.0