tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE

x509.h (2560B)

      1 /* Copyright (c) 2003, Roger Dingledine
      2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
      3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
      4 /* See LICENSE for licensing information */
      5 
      6 #ifndef TOR_X509_H
      7 #define TOR_X509_H
      8 
      9 /**
     10 * \file x509.h
     11 * \brief Headers for tortls.c
     12 **/
     13 
     14 #include "lib/crypt_ops/crypto_rsa.h"
     15 #include "lib/testsupport/testsupport.h"
     16 
     17 /* Opaque structure to hold an X509 certificate. */
     18 typedef struct tor_x509_cert_t tor_x509_cert_t;
     19 
     20 #ifdef ENABLE_NSS
     21 typedef struct CERTCertificateStr tor_x509_cert_impl_t;
     22 #elif defined(ENABLE_OPENSSL)
     23 typedef struct x509_st tor_x509_cert_impl_t;
     24 #endif
     25 
     26 #ifdef TOR_X509_PRIVATE
     27 /** Structure that we use for a single certificate. */
     28 struct tor_x509_cert_t {
     29  tor_x509_cert_impl_t *cert;
     30 #ifdef ENABLE_OPENSSL
     31  uint8_t *encoded;
     32  size_t encoded_len;
     33 #endif
     34  unsigned pkey_digests_set : 1;
     35  common_digests_t cert_digests;
     36  common_digests_t pkey_digests;
     37 };
     38 #endif /* defined(TOR_X509_PRIVATE) */
     39 
     40 void tor_tls_pick_certificate_lifetime(time_t now,
     41                                       unsigned cert_lifetime,
     42                                       time_t *start_time_out,
     43                                       time_t *end_time_out);
     44 
     45 #ifdef TOR_UNIT_TESTS
     46 tor_x509_cert_t *tor_x509_cert_replace_expiration(
     47                                               const tor_x509_cert_t *inp,
     48                                               time_t new_expiration_time,
     49                                               crypto_pk_t *signing_key);
     50 #endif /* defined(TOR_UNIT_TESTS) */
     51 
     52 tor_x509_cert_t *tor_x509_cert_dup(const tor_x509_cert_t *cert);
     53 
     54 void tor_x509_cert_free_(tor_x509_cert_t *cert);
     55 #define tor_x509_cert_free(c) \
     56  FREE_AND_NULL(tor_x509_cert_t, tor_x509_cert_free_, (c))
     57 tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate,
     58                            size_t certificate_len);
     59 void tor_x509_cert_get_der(const tor_x509_cert_t *cert,
     60                      const uint8_t **encoded_out, size_t *size_out);
     61 
     62 const common_digests_t *tor_x509_cert_get_id_digests(
     63                      const tor_x509_cert_t *cert);
     64 const common_digests_t *tor_x509_cert_get_cert_digests(
     65                      const tor_x509_cert_t *cert);
     66 
     67 crypto_pk_t *tor_tls_cert_get_key(tor_x509_cert_t *cert);
     68 
     69 int tor_tls_cert_is_valid(int severity,
     70                          const tor_x509_cert_t *cert,
     71                          const tor_x509_cert_t *signing_cert,
     72                          time_t now,
     73                          int check_rsa_1024);
     74 
     75 #endif /* !defined(TOR_X509_H) */