summaryrefslogtreecommitdiff
path: root/src/or/torcert.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2015-05-21 14:28:12 -0400
committerNick Mathewson <nickm@torproject.org>2016-11-03 08:37:22 -0400
commit348b90a915a5867bc0d8888e0fd12e8ec2319628 (patch)
tree3c42aaa4ea9eef11eedfdcd62bf023628e2f9a85 /src/or/torcert.c
parente94f1b4e0d4b31ed80e2eefb8700f2671817f561 (diff)
downloadtor-348b90a915a5867bc0d8888e0fd12e8ec2319628.tar.gz
tor-348b90a915a5867bc0d8888e0fd12e8ec2319628.zip
Refactor RSA certificate checking into its own function.
Diffstat (limited to 'src/or/torcert.c')
-rw-r--r--src/or/torcert.c47
1 files changed, 47 insertions, 0 deletions
diff --git a/src/or/torcert.c b/src/or/torcert.c
index e8bee54d52..2f0cc5381f 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -9,6 +9,7 @@
*/
#include "or.h"
+#include "config.h"
#include "crypto.h"
#include "torcert.h"
#include "ed25519_cert.h"
@@ -315,3 +316,49 @@ or_handshake_certs_free(or_handshake_certs_t *certs)
memwipe(certs, 0xBD, sizeof(*certs));
tor_free(certs);
}
+
+#define ERR(s) \
+ do { \
+ log_fn(severity, LD_PROTOCOL, \
+ "Received a bad CERTS cell: %s", \
+ (s)); \
+ return 0; \
+ } while (0)
+
+int
+or_handshake_certs_rsa_ok(int severity,
+ or_handshake_certs_t *certs,
+ tor_tls_t *tls)
+{
+ tor_x509_cert_t *link_cert = certs->link_cert;
+ tor_x509_cert_t *auth_cert = certs->auth_cert;
+ tor_x509_cert_t *id_cert = certs->id_cert;
+
+ if (certs->started_here) {
+ if (! (id_cert && link_cert))
+ ERR("The certs we wanted were missing");
+ if (! tor_tls_cert_matches_key(tls, link_cert))
+ ERR("The link certificate didn't match the TLS public key");
+ if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0))
+ ERR("The link certificate was not valid");
+ if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1))
+ ERR("The ID certificate was not valid");
+ } else {
+ if (! (id_cert && auth_cert))
+ ERR("The certs we wanted were missing");
+ /* Remember these certificates so we can check an AUTHENTICATE cell */
+ if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1))
+ ERR("The authentication certificate was not valid");
+ if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1))
+ ERR("The ID certificate was not valid");
+ }
+
+ return 1;
+}
+
+int
+or_handshake_certs_ed25519_ok(or_handshake_certs_t *certs)
+{
+ (void) certs;
+ return 0;
+}