nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-13 14:43:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,848 Commits 53 Branches 630 Tags 125 MiB
99b3e54691
Commit Graph

11 Commits

Author SHA1 Message Date
Nick Mathewson
fae7060aea Fix a misfeature with the Ed cert expiration API 
The batch-verification helper didn't expose the expiration time,
which made it pretty error-prone.

This closes ticket 15087.
 2016-11-03 08:37:22 -04:00
Nick Mathewson
0b4221f98d Make the current time an argument to x509 cert-checking functions 
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
 2016-11-03 08:37:22 -04:00
Nick Mathewson
e3c8253721 Add function to check RSA->Ed cross-certifications 
Also, adjust signing approach to more closely match the signing
scheme in the proposal.

(The format doesn't quite match the format in the proposal, since
RSA signatures aren't fixed-length.)

Closes 19020.
 2016-11-03 08:37:22 -04:00
Nick Mathewson
348b90a915 Refactor RSA certificate checking into its own function. 2016-11-03 08:37:22 -04:00
Nick Mathewson
e23389841c Migrate certificates into a sub-structure of or_handshake_state 
This will help us do cert-checking in the background in the future,
perhaps.
 2016-11-03 08:37:21 -04:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
Nick Mathewson
3bee74c6d1 Generate weird certificates correctly 
(Our link protocol assumes that the link cert certifies the TLS key,
and there is an RSA->Ed25519 crosscert)
 2015-05-28 10:47:47 -04:00
Nick Mathewson
0b819a2a7c Enforce more correspondence between ri and ei 
In particular, they have to list the same ed25519 certificate, and
the SHA256 digest of the ei needs to match.
 2015-05-28 10:42:29 -04:00
Nick Mathewson
efa21bb941 Implement proposal 228: cross-certification with onion keys 
Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
 2015-05-28 10:40:57 -04:00
Nick Mathewson
fe5d2477aa Implement ed25519-signed descriptors 
Now that we have ed25519 keys, we can sign descriptors with them
and check those signatures as documented in proposal 220.
 2015-05-28 10:40:56 -04:00
Nick Mathewson
818e6f939d prop220: Implement certificates and key storage/creation 
For prop220, we have a new ed25519 certificate type. This patch
implements the code to create, parse, and validate those, along with
code for routers to maintain their own sets of certificates and
keys.  (Some parts of master identity key encryption are done, but
the implementation of that isn't finished)
 2015-05-28 10:40:56 -04:00