tls13subcerts.h (2125B)
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* 3 * This file is PRIVATE to SSL. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9 #ifndef __tls13subcerts_h_ 10 #define __tls13subcerts_h_ 11 12 struct sslDelegatedCredentialStr { 13 /* The number of seconds for which the delegated credential (DC) is valid 14 * following the notBefore parameter of the delegation certificate. 15 */ 16 PRUint32 validTime; 17 18 /* The signature algorithm of the DC public key. This expected to the same 19 * as CertificateVerify.scheme. 20 */ 21 SSLSignatureScheme expectedCertVerifyAlg; 22 23 /* The DER-encoded SubjectPublicKeyInfo, the DC public key. 24 */ 25 SECItem derSpki; 26 27 /* The decoded SubjectPublicKeyInfo parsed from |derSpki|. */ 28 CERTSubjectPublicKeyInfo *spki; 29 30 /* The signature algorithm used to verify the DC signature. */ 31 SSLSignatureScheme alg; 32 33 /* The DC signature. */ 34 SECItem signature; 35 }; 36 37 SECStatus tls13_ReadDelegatedCredential(PRUint8 *b, 38 PRUint32 length, 39 sslDelegatedCredential **dcp); 40 void tls13_DestroyDelegatedCredential(sslDelegatedCredential *dc); 41 42 PRBool tls13_IsVerifyingWithDelegatedCredential(const sslSocket *ss); 43 PRBool tls13_IsSigningWithDelegatedCredential(const sslSocket *ss); 44 SECStatus tls13_MaybeSetDelegatedCredential(sslSocket *ss); 45 SECStatus tls13_VerifyDelegatedCredential(sslSocket *ss, 46 sslDelegatedCredential *dc); 47 48 SECStatus SSLExp_DelegateCredential(const CERTCertificate *cert, 49 const SECKEYPrivateKey *certPriv, 50 const SECKEYPublicKey *dcPub, 51 SSLSignatureScheme dcCertVerifyAlg, 52 PRUint32 dcValidFor, 53 PRTime now, 54 SECItem *out); 55 56 #endif