tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pkixc.h (2224B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
      4 */
      5 
      6 #ifndef mozilla_pkix_pkixc_h
      7 #define mozilla_pkix_pkixc_h
      8 
      9 #include "prerror.h"
     10 #include "stdint.h"
     11 
     12 // VerifyCertificateChain will attempt to build a verified certificate chain
     13 // starting from the 0th certificate in the given array to the indicated trust
     14 // anchor. It returns true on success and false otherwise. No particular key
     15 // usage is required, and no particular policy is required. The code signing
     16 // extended key usage is required.  No revocation checking is performed. RSA
     17 // keys must be at least 2048 bits long, and EC keys must be from one of the
     18 // curves secp256r1, secp384r1, or secp521r1. Only SHA256, SHA384, and SHA512
     19 // are acceptable digest algorithms. When doing name checking, the subject
     20 // common name field is ignored.
     21 // certificate is an array of pointers to certificates.
     22 // certificateLengths is an array of the lengths of each certificate.
     23 // numCertificates indicates how many certificates are in certificates.
     24 // secondsSinceEpoch indicates the time at which the certificate chain must be
     25 // valid, in seconds since the epoch.
     26 // rootSHA256Hash identifies a trust anchor by the SHA256 hash of its contents.
     27 // It must be an array of 32 bytes.
     28 // hostname is a doman name for which the end-entity certificate must be valid.
     29 // error will be set if and only if the return value is false. Its value may
     30 // indicate why verification failed.
     31 
     32 #ifdef __cplusplus
     33 extern "C" {
     34 #endif
     35 bool VerifyCodeSigningCertificateChain(const uint8_t** certificates,
     36                                       const uint16_t* certificateLengths,
     37                                       size_t numCertificates,
     38                                       uint64_t secondsSinceEpoch,
     39                                       const uint8_t* rootSHA256Hash,
     40                                       const uint8_t* hostname,
     41                                       size_t hostnameLength,
     42                                       /* out */ PRErrorCode* error);
     43 #ifdef __cplusplus
     44 }
     45 #endif
     46 
     47 #endif  // mozilla_pkix_pkixc_h