tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

CTSerialization.h (2704B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef CTSerialization_h
      8 #define CTSerialization_h
      9 
     10 #include <vector>
     11 
     12 #include "mozpkix/Input.h"
     13 #include "mozpkix/Result.h"
     14 #include "SignedCertificateTimestamp.h"
     15 
     16 // Utility functions for encoding/decoding structures used by Certificate
     17 // Transparency to/from the TLS wire format encoding.
     18 namespace mozilla {
     19 namespace ct {
     20 
     21 // Encodes the DigitallySigned |data| to |output|.
     22 pkix::Result EncodeDigitallySigned(const DigitallySigned& data, Buffer& output);
     23 
     24 // Reads and decodes a DigitallySigned object from |reader|.
     25 // On failure, the cursor position of |reader| is undefined.
     26 pkix::Result DecodeDigitallySigned(pkix::Reader& reader,
     27                                   DigitallySigned& output);
     28 
     29 // Encodes the |input| LogEntry to |output|. The size of the entry
     30 // must not exceed the allowed size in RFC6962.
     31 pkix::Result EncodeLogEntry(const LogEntry& entry, Buffer& output);
     32 
     33 // Encodes the data signed by a Signed Certificate Timestamp (SCT) into
     34 // |output|. The signature included in the SCT can then be verified over these
     35 // bytes.
     36 // |timestamp| timestamp from the SCT.
     37 // |serializedLogEntry| the log entry signed by the SCT.
     38 // |extensions| CT extensions.
     39 pkix::Result EncodeV1SCTSignedData(uint64_t timestamp,
     40                                   pkix::Input serializedLogEntry,
     41                                   pkix::Input extensions, Buffer& output);
     42 
     43 // Decodes a list of Signed Certificate Timestamps
     44 // (SignedCertificateTimestampList as defined in RFC6962). This list
     45 // is typically obtained from the CT extension in a certificate.
     46 // To extract the individual items of the list, call ReadSCTListItem on
     47 // the returned reader until the reader reaches its end.
     48 // Note that the validity of each extracted SCT should be checked separately.
     49 pkix::Result DecodeSCTList(pkix::Input input, pkix::Reader& listReader);
     50 
     51 // Reads a single SCT from the reader returned by DecodeSCTList.
     52 pkix::Result ReadSCTListItem(pkix::Reader& listReader, pkix::Input& result);
     53 
     54 // Decodes a single SCT from |input| to |output|.
     55 pkix::Result DecodeSignedCertificateTimestamp(
     56    pkix::Reader& input, SignedCertificateTimestamp& output);
     57 
     58 // Encodes a list of SCTs (|scts|) to |output|.
     59 pkix::Result EncodeSCTList(const std::vector<pkix::Input>& scts,
     60                           Buffer& output);
     61 
     62 }  // namespace ct
     63 }  // namespace mozilla
     64 
     65 #endif  // CTSerialization_h