[tor-commits] [tor/master] Functions to get a public RSA key from a cert

Tue Oct 11 03:22:15 UTC 2011

commit 0a4f56277290d4736db3b15dc4c2071000f7883f
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Sep 22 10:18:17 2011 -0400

    Functions to get a public RSA key from a cert
---
 src/common/tortls.c |   34 ++++++++++++++++++++++++++++++++++
 src/common/tortls.h |    2 ++
 2 files changed, 36 insertions(+), 0 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 332d784..5d36fd0 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -838,6 +838,40 @@ tor_tls_get_my_certs(int server,
   return 0;
 }
 
+/**
+ * Return the authentication key that we use to authenticate ourselves as a
+ * client in the V3 in-protocol handshake.
+ */
+crypto_pk_env_t *
+tor_tls_get_my_client_auth_key(void)
+{
+  if (! client_tls_context)
+    return NULL;
+  return client_tls_context->auth_key;
+}
+
+/**
+ * Return the public key that a cetificate certifies.  Return NULL if the
+ * cert's key is not RSA.
+ */
+crypto_pk_env_t *
+tor_tls_cert_get_key(tor_cert_t *cert)
+{
+  crypto_pk_env_t *result = NULL;
+  EVP_PKEY *pkey = X509_get_pubkey(cert->cert);
+  RSA *rsa;
+  if (!pkey)
+    return NULL;
+  rsa = EVP_PKEY_get1_RSA(pkey);
+  if (!rsa) {
+    EVP_PKEY_free(pkey);
+    return NULL;
+  }
+  result = _crypto_new_pk_env_rsa(rsa);
+  EVP_PKEY_free(pkey);
+  return result;
+}
+
 /** Return true iff <b>a</b> and <b>b</b> represent the same public key. */
 static int
 pkey_eq(EVP_PKEY *a, EVP_PKEY *b)
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 70d24a5..b522dd1 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -118,6 +118,8 @@ const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert);
 int tor_tls_get_my_certs(int server,
                          const tor_cert_t **link_cert_out,
                          const tor_cert_t **id_cert_out);
+crypto_pk_env_t *tor_tls_get_my_client_auth_key(void);
+crypto_pk_env_t *tor_tls_cert_get_key(tor_cert_t *cert);
 int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert);
 int tor_tls_cert_is_valid(const tor_cert_t *cert,
                           const tor_cert_t *signing_cert);



