de13a7319b
Done with the commands below. The following crates have had various changes, and should get a patchlevel bump. Since they are pre-1.0, we do not need to distinguish new APIs from other changes. ``` cargo set-version --bump patch -p arti-client cargo set-version --bump patch -p safelog cargo set-version --bump patch -p tor-bytes cargo set-version --bump patch -p tor-cert cargo set-version --bump patch -p tor-circmgr cargo set-version --bump patch -p tor-config cargo set-version --bump patch -p tor-consdiff cargo set-version --bump patch -p tor-dirclient cargo set-version --bump patch -p tor-dirmgr cargo set-version --bump patch -p tor-error cargo set-version --bump patch -p tor-hsservice cargo set-version --bump patch -p tor-linkspec cargo set-version --bump patch -p tor-llcrypto cargo set-version --bump patch -p tor-netdir cargo set-version --bump patch -p tor-netdoc cargo set-version --bump patch -p tor-proto cargo set-version --bump patch -p tor-rpcbase cargo set-version --bump patch -p tor-socksproto ``` This crate has new features, but no new non-experimental Rust APIs. So even though it is post-1.0, it gets a patchlevel bump. ``` cargo set-version --bump patch -p arti ``` |
||
---|---|---|
.. | ||
fuzz | ||
src | ||
tests | ||
Cargo.toml | ||
README.md |
README.md
tor-cert
Implementation for Tor certificates
Overview
The tor-cert
crate implements the binary certificate types
documented in Tor's cert-spec.txt, which are used when
authenticating Tor channels. (Eventually, support for onion service
certificate support will get added too.)
This crate is part of Arti, a project to implement Tor in Rust.
There are other types of certificate used by Tor as well, and they
are implemented in other places. In particular, see
[tor-netdoc::doc::authcert
] for the certificate types used by
authorities in the directory protocol.
Design notes
The tor-cert
code is in its own separate crate because it is
required by several other higher-level crates that do not depend
upon each other. For example, [tor-netdoc
] parses encoded
certificates from router descriptors, while [tor-proto
] uses
certificates when authenticating relays.
Examples
Parsing, validating, and inspecting a certificate:
use base64ct::{Base64, Encoding as _};
use tor_cert::*;
use tor_checkable::*;
// Taken from a random relay on the Tor network.
let cert_base64 =
"AQQABrntAThPWJ4nFH1L77Ar+emd4GPXZTPUYzIwmR2H6Zod5TvXAQAgBAC+vzqh
VFO1SGATubxcrZzrsNr+8hrsdZtyGg/Dde/TqaY1FNbeMqtAPMziWOd6txzShER4
qc/haDk5V45Qfk6kjcKw+k7cPwyJeu+UF/azdoqcszHRnUHRXpiPzudPoA4=";
// Remove the whitespace, so base64 doesn't choke on it.
let cert_base64: String = cert_base64.split_whitespace().collect();
// Decode the base64.
let cert_bin = Base64::decode_vec(&cert_base64).unwrap();
// Decode the cert and check its signature.
let cert = Ed25519Cert::decode(&cert_bin).unwrap()
.check_key(None).unwrap()
.check_signature().unwrap()
.dangerously_assume_timely();
let signed_key = cert.subject_key();
License: MIT OR Apache-2.0