Crate tor_cert[−][src]
Expand description
Implementation for Tor certificates
Overview
The tor-cert
crate implements the binary certificate types
documented in Tor’s cert-spec.txt, which are used when
authenticating Tor channels. (Eventually, support for onion service
certificate support will get added too.)
This crate is part of Arti, a project to implement Tor in Rust.
There are other types of certificate used by Tor as well, and they
are implemented in other places. In particular, see
[tor-netdoc::doc::authcert
] for the certificate types used by
authorities in the directory protocol.
Design notes
The tor-cert
code is in its own separate crate because it is
required by several other higher-level crates that do not depend
upon each other. For example, [tor-netdoc
] parses encoded
certificates from router descriptors, while [tor-proto
] uses
certificates when authenticating relays.
Examples
Parsing, validating, and inspecting a certificate:
use base64::decode; use tor_cert::*; use tor_checkable::*; // Taken from a random relay on the Tor network. let cert_base64 = "AQQABrntAThPWJ4nFH1L77Ar+emd4GPXZTPUYzIwmR2H6Zod5TvXAQAgBAC+vzqh VFO1SGATubxcrZzrsNr+8hrsdZtyGg/Dde/TqaY1FNbeMqtAPMziWOd6txzShER4 qc/haDk5V45Qfk6kjcKw+k7cPwyJeu+UF/azdoqcszHRnUHRXpiPzudPoA4="; // Remove the whitespace, so base64 doesn't choke on it. let cert_base64: String = cert_base64.split_whitespace().collect(); // Decode the base64. let cert_bin = base64::decode(cert_base64).unwrap(); // Decode the cert and check its signature. let cert = Ed25519Cert::decode(&cert_bin).unwrap() .check_key(&None).unwrap() .check_signature().unwrap() .dangerously_assume_timely(); let signed_key = cert.subject_key();
Modules
rsa | RSA->Ed25519 cross-certificates |
Structs
CertType | Recognized values for Tor’s certificate type field. |
Ed25519Cert | Structure for an Ed25519-signed certificate as described in Tor’s cert-spec.txt. |
ExtType | Extension identifiers for extensions in certificates. |
KeyType | Identifiers for the type of key or object getting signed. |
KeyUnknownCert | A parsed Ed25519 certificate. Maybe it includes its signing key; maybe it doesn’t. |
SigCheckedCert | A certificate that has been parsed and signature-checked, but whose timeliness has not been checked. |
UncheckedCert | A certificate that has been parsed, but whose signature and timeliness have not been checked. |
UnrecognizedKey | A key whose type we didn’t recognize. |
Enums
CertifiedKey | One of the data types that can be certified by an Ed25519Cert. |