tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sslcert.h (2607B)

      1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
      2 /*
      3 * This file is PRIVATE to SSL.
      4 *
      5 * This Source Code Form is subject to the terms of the Mozilla Public
      6 * License, v. 2.0. If a copy of the MPL was not distributed with this
      7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      8 
      9 #ifndef __sslcert_h_
     10 #define __sslcert_h_
     11 
     12 #include "cert.h"
     13 #include "secitem.h"
     14 #include "keyhi.h"
     15 
     16 /* This type is a bitvector that is indexed by SSLAuthType values.  Note that
     17 * the bit for ssl_auth_null(0) - the least significant bit - isn't used. */
     18 typedef PRUint16 sslAuthTypeMask;
     19 PR_STATIC_ASSERT(sizeof(sslAuthTypeMask) * 8 >= ssl_auth_size);
     20 
     21 typedef struct sslServerCertStr {
     22    PRCList link; /* The linked list link */
     23 
     24    /* The auth types that this certificate provides. */
     25    sslAuthTypeMask authTypes;
     26    /* For ssl_auth_ecdsa and ssl_auth_ecdh_*.  This is only the named curve
     27     * of the end-entity certificate key.  The keys in other certificates in
     28     * the chain aren't directly relevant to the operation of TLS (though it
     29     * might make certificate validation difficult, libssl doesn't care). */
     30    const sslNamedGroupDef *namedCurve;
     31 
     32    /* Configuration state for server sockets */
     33    CERTCertificate *serverCert;
     34    CERTCertificateList *serverCertChain;
     35    sslKeyPair *serverKeyPair;
     36    unsigned int serverKeyBits;
     37    /* Each certificate needs its own status. */
     38    SECItemArray *certStatusArray;
     39    /* Serialized signed certificate timestamps to be sent to the client
     40    ** in a TLS extension (server only). Each certificate needs its own
     41    ** timestamps item.
     42    */
     43    SECItem signedCertTimestamps;
     44 
     45    /* The delegated credential (DC) to send to clients who indicate support for
     46     * the ietf-draft-tls-subcerts extension.
     47     */
     48    SECItem delegCred;
     49    /* The key pair used to sign the handshake when serving a DC. */
     50    sslKeyPair *delegCredKeyPair;
     51 } sslServerCert;
     52 
     53 #define SSL_CERT_IS(c, t) ((c)->authTypes & (1 << (t)))
     54 #define SSL_CERT_IS_ONLY(c, t) ((c)->authTypes == (1 << (t)))
     55 #define SSL_CERT_IS_EC(c)                         \
     56    ((c)->authTypes & ((1 << ssl_auth_ecdsa) |    \
     57                       (1 << ssl_auth_ecdh_rsa) | \
     58                       (1 << ssl_auth_ecdh_ecdsa)))
     59 
     60 extern sslServerCert *ssl_NewServerCert();
     61 extern sslServerCert *ssl_CopyServerCert(const sslServerCert *oc);
     62 extern const sslServerCert *ssl_FindServerCert(
     63    const sslSocket *ss, SSLAuthType authType,
     64    const sslNamedGroupDef *namedCurve);
     65 extern void ssl_FreeServerCert(sslServerCert *sc);
     66 
     67 #endif /* __sslcert_h_ */