summaryrefslogtreecommitdiff
path: root/src/or/torcert.h
AgeCommit message (Collapse)Author
2016-11-10Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519()Neel Chauhan
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04Merge branch 'ticket17238_029_02-resquash'Nick Mathewson
Conflicts: src/or/rendclient.c src/or/rendcommon.c src/or/routerparse.c src/test/test_dir.c src/trunnel/ed25519_cert.h
2016-11-04prop224: Rename cert type to follow naming conventionDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04prop224: Descriptor encoding implementationDavid Goulet
Add hs_descriptor.{c|h} with the needed ABI to represent a descriptor and needed component. Signed-off-by: David Goulet <dgoulet@torproject.org> Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04prop224: Add new cert type for hidden serviceDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org> Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-03Verify ed25519 link handshake certificatesNick Mathewson
This code stores the ed certs as appropriate, and tries to check them. The Ed25519 result is not yet used, and (because of its behavior) this will break RSA authenticate cells. That will get fixed as we go, however. This should implement 19157, but it needs tests, and it needs to get wired in.
2016-11-03Fix a misfeature with the Ed cert expiration APINick Mathewson
The batch-verification helper didn't expose the expiration time, which made it pretty error-prone. This closes ticket 15087.
2016-11-03Make the current time an argument to x509 cert-checking functionsNick Mathewson
This makes the code a bit cleaner by having more of the functions be pure functions that don't depend on the current time.
2016-11-03Add function to check RSA->Ed cross-certificationsNick Mathewson
Also, adjust signing approach to more closely match the signing scheme in the proposal. (The format doesn't quite match the format in the proposal, since RSA signatures aren't fixed-length.) Closes 19020.
2016-11-03Refactor RSA certificate checking into its own function.Nick Mathewson
2016-11-03Migrate certificates into a sub-structure of or_handshake_stateNick Mathewson
This will help us do cert-checking in the background in the future, perhaps.
2016-02-27Update the copyright year.Nick Mathewson
2015-05-28Generate weird certificates correctlyNick Mathewson
(Our link protocol assumes that the link cert certifies the TLS key, and there is an RSA->Ed25519 crosscert)
2015-05-28Enforce more correspondence between ri and eiNick Mathewson
In particular, they have to list the same ed25519 certificate, and the SHA256 digest of the ei needs to match.
2015-05-28Implement proposal 228: cross-certification with onion keysNick Mathewson
Routers now use TAP and ntor onion keys to sign their identity keys, and put these signatures in their descriptors. That allows other parties to be confident that the onion keys are indeed controlled by the router that generated the descriptor.
2015-05-28Implement ed25519-signed descriptorsNick Mathewson
Now that we have ed25519 keys, we can sign descriptors with them and check those signatures as documented in proposal 220.
2015-05-28prop220: Implement certificates and key storage/creationNick Mathewson
For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished)
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion