Wrapper functions to present a consistent interface to X.509 functions from NSS. More...

#include "lib/tls/x509.h"
#include "lib/tls/x509_internal.h"
#include "lib/tls/tortls.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/crypto_nss_mgt.h"
#include "lib/log/util_bug.h"
#include "lib/encoding/time_fmt.h"
#include "lib/string/printf.h"
#include <pk11pub.h>
#include <cryptohi.h>
#include <cert.h>
#include <keyhi.h>
#include <time.h>

Macros
#define	TOR_X509_PRIVATE

#define	PRTIME_PER_SEC (1000*1000)

Functions
static tor_x509_cert_impl_t *	tor_x509_cert_decode_internal (const uint8_t *certificate, int certificate_len)

static tor_x509_cert_impl_t *	tor_tls_create_certificate_internal (crypto_pk_t rsa, crypto_pk_t rsa_sign, CERTName subject_dn, CERTName issuer_dn, time_t start_time, time_t end_time)

tor_x509_cert_impl_t *	tor_tls_create_certificate (crypto_pk_t rsa, crypto_pk_t rsa_sign, const char cname, const char cname_sign, unsigned int cert_lifetime)

void	tor_x509_cert_get_der (const tor_x509_cert_t cert, const uint8_t encoded_out, size_t size_out)

void	tor_x509_cert_impl_free_ (tor_x509_cert_impl_t *cert)

tor_x509_cert_impl_t *	tor_x509_cert_impl_dup_ (tor_x509_cert_impl_t *cert)

tor_x509_cert_t *	tor_x509_cert_decode (const uint8_t *certificate, size_t certificate_len)

crypto_pk_t *	tor_tls_cert_get_key (tor_x509_cert_t *cert)

int	tor_tls_cert_is_valid (int severity, const tor_x509_cert_t cert, const tor_x509_cert_t signing_cert, time_t now, int check_rsa_1024)

static void	log_cert_lifetime (int severity, const char *status, time_t now, PRTime notBefore, PRTime notAfter)

int	tor_x509_check_cert_lifetime_internal (int severity, const tor_x509_cert_impl_t *cert, time_t now, int past_tolerance, int future_tolerance)

Detailed Description

Wrapper functions to present a consistent interface to X.509 functions from NSS.

Definition in file x509_nss.c.

Macro Definition Documentation

◆ PRTIME_PER_SEC

#define PRTIME_PER_SEC (1000*1000)

Definition at line 35 of file x509_nss.c.

◆ TOR_X509_PRIVATE

#define TOR_X509_PRIVATE

Definition at line 12 of file x509_nss.c.

Function Documentation

◆ log_cert_lifetime()

static void log_cert_lifetime	(	int	severity,
		const char *	status,
		time_t	now,
		PRTime	notBefore,
		PRTime	notAfter )

static

Definition at line 363 of file x509_nss.c.

◆ tor_tls_cert_get_key()

crypto_pk_t * tor_tls_cert_get_key ( tor_x509_cert_t * cert )

Definition at line 287 of file x509_nss.c.

◆ tor_tls_cert_is_valid()

int tor_tls_cert_is_valid	(	int	severity,
		const tor_x509_cert_t *	cert,
		const tor_x509_cert_t *	signing_cert,
		time_t	now,
		int	check_rsa_1024 )

Definition at line 304 of file x509_nss.c.

◆ tor_tls_create_certificate()

tor_x509_cert_impl_t * tor_tls_create_certificate	(	crypto_pk_t *	rsa,
		crypto_pk_t *	rsa_sign,
		const char *	cname,
		const char *	cname_sign,
		unsigned int	cert_lifetime )

Definition at line 174 of file x509_nss.c.

◆ tor_tls_create_certificate_internal()

static tor_x509_cert_impl_t * tor_tls_create_certificate_internal	(	crypto_pk_t *	rsa,
		crypto_pk_t *	rsa_sign,
		CERTName *	subject_dn,
		CERTName *	issuer_dn,
		time_t	start_time,
		time_t	end_time )

static

Definition at line 41 of file x509_nss.c.

◆ tor_x509_cert_decode()

tor_x509_cert_t * tor_x509_cert_decode	(	const uint8_t *	certificate,
		size_t	certificate_len )

Definition at line 271 of file x509_nss.c.

◆ tor_x509_cert_decode_internal()

static tor_x509_cert_impl_t * tor_x509_cert_decode_internal	(	const uint8_t *	certificate,
		int	certificate_len )

static

As tor_x509_cert_decode, but return the NSS certificate type

Definition at line 251 of file x509_nss.c.

Referenced by tor_x509_cert_decode().

◆ tor_x509_cert_get_der()

void tor_x509_cert_get_der	(	const tor_x509_cert_t *	cert,
		const uint8_t **	encoded_out,
		size_t *	size_out )

Set *encoded_out and *size_out to cert's encoded DER representation and length, respectively.

Definition at line 218 of file x509_nss.c.

◆ tor_x509_cert_impl_dup_()

tor_x509_cert_impl_t * tor_x509_cert_impl_dup_ ( tor_x509_cert_impl_t * cert )

Definition at line 239 of file x509_nss.c.

◆ tor_x509_cert_impl_free_()

void tor_x509_cert_impl_free_ ( tor_x509_cert_impl_t * cert )

Definition at line 232 of file x509_nss.c.

◆ tor_x509_check_cert_lifetime_internal()

int tor_x509_check_cert_lifetime_internal	(	int	severity,
		const tor_x509_cert_impl_t *	cert,
		time_t	now,
		int	past_tolerance,
		int	future_tolerance )

Definition at line 387 of file x509_nss.c.

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ PRTIME_PER_SEC

◆ TOR_X509_PRIVATE

Function Documentation

◆ log_cert_lifetime()

◆ tor_tls_cert_get_key()

◆ tor_tls_cert_is_valid()

◆ tor_tls_create_certificate()

◆ tor_tls_create_certificate_internal()

◆ tor_x509_cert_decode()

◆ tor_x509_cert_decode_internal()

◆ tor_x509_cert_get_der()

◆ tor_x509_cert_impl_dup_()

◆ tor_x509_cert_impl_free_()

◆ tor_x509_check_cert_lifetime_internal()