tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

certdata.rs (2193B)

      1 /* -*- Mode: rust; rust-indent-offset: 4 -*- */
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 use pkcs11_bindings::nss::*;
      7 use pkcs11_bindings::*;
      8 
      9 // We need to expand some PKCS#11 / NSS constants as byte arrays for pattern matching and
     10 // C_GetAttributeValue queries. We use native endianness, because PKCS#11 sits between an
     11 // application and a device driver that are running on the same machine.
     12 pub const CKC_X_509_BYTES: &[u8] = &CKC_X_509.to_ne_bytes();
     13 pub const CKO_CERTIFICATE_BYTES: &[u8] = &CKO_CERTIFICATE.to_ne_bytes();
     14 pub const CKO_NSS_BUILTIN_ROOT_LIST_BYTES: &[u8] = &CKO_NSS_BUILTIN_ROOT_LIST.to_ne_bytes();
     15 pub const CKO_TRUST_BYTES: &[u8] = &CKO_TRUST.to_ne_bytes();
     16 pub const CKT_TRUST_MUST_VERIFY_TRUST_BYTES: &[u8] = &CKT_TRUST_MUST_VERIFY_TRUST.to_ne_bytes();
     17 pub const CKT_NOT_TRUSTED_BYTES: &[u8] = &CKT_NOT_TRUSTED.to_ne_bytes();
     18 pub const CKT_TRUST_ANCHOR_BYTES: &[u8] = &CKT_TRUST_ANCHOR.to_ne_bytes();
     19 pub const CK_FALSE_BYTES: &[u8] = &CK_FALSE.to_ne_bytes();
     20 pub const CK_TRUE_BYTES: &[u8] = &CK_TRUE.to_ne_bytes();
     21 pub const CKM_SHA256_BYTES: &[u8] = &CKM_SHA256.to_ne_bytes();
     22 
     23 #[derive(PartialEq, Eq)]
     24 pub struct Root {
     25    pub label: &'static str,
     26    pub der_name: (u8, u8),
     27    pub der_serial: (u8, u8),
     28    pub der_cert: &'static [u8],
     29    pub mozilla_ca_policy: Option<&'static [u8]>,
     30    pub server_distrust_after: Option<&'static [u8]>,
     31    pub email_distrust_after: Option<&'static [u8]>,
     32    pub sha256: [u8; 32],
     33    pub trust_server: &'static [u8],
     34    pub trust_email: &'static [u8],
     35 }
     36 
     37 impl Root {
     38    pub fn der_name(&self) -> &'static [u8] {
     39        &self.der_cert[self.der_name.0 as usize..][..self.der_name.1 as usize]
     40    }
     41    pub fn der_serial(&self) -> &'static [u8] {
     42        &self.der_cert[self.der_serial.0 as usize..][..self.der_serial.1 as usize]
     43    }
     44 }
     45 
     46 impl PartialOrd for Root {
     47    fn partial_cmp(&self, other: &Root) -> Option<std::cmp::Ordering> {
     48        self.der_name().partial_cmp(other.der_name())
     49    }
     50 }
     51 
     52 include!(concat!(env!("OUT_DIR"), "/builtins.rs"));