File: CTSerialization.h

package info (click to toggle)
firefox 147.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,683,324 kB
  • sloc: cpp: 7,607,156; javascript: 6,532,492; ansic: 3,775,158; python: 1,415,368; xml: 634,556; asm: 438,949; java: 186,241; sh: 62,751; makefile: 18,079; objc: 13,092; perl: 12,808; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10; exp: 6
file content (65 lines) | stat: -rw-r--r-- 2,704 bytes parent folder | download | duplicates (26) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef CTSerialization_h
#define CTSerialization_h

#include <vector>

#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
#include "SignedCertificateTimestamp.h"

// Utility functions for encoding/decoding structures used by Certificate
// Transparency to/from the TLS wire format encoding.
namespace mozilla {
namespace ct {

// Encodes the DigitallySigned |data| to |output|.
pkix::Result EncodeDigitallySigned(const DigitallySigned& data, Buffer& output);

// Reads and decodes a DigitallySigned object from |reader|.
// On failure, the cursor position of |reader| is undefined.
pkix::Result DecodeDigitallySigned(pkix::Reader& reader,
                                   DigitallySigned& output);

// Encodes the |input| LogEntry to |output|. The size of the entry
// must not exceed the allowed size in RFC6962.
pkix::Result EncodeLogEntry(const LogEntry& entry, Buffer& output);

// Encodes the data signed by a Signed Certificate Timestamp (SCT) into
// |output|. The signature included in the SCT can then be verified over these
// bytes.
// |timestamp| timestamp from the SCT.
// |serializedLogEntry| the log entry signed by the SCT.
// |extensions| CT extensions.
pkix::Result EncodeV1SCTSignedData(uint64_t timestamp,
                                   pkix::Input serializedLogEntry,
                                   pkix::Input extensions, Buffer& output);

// Decodes a list of Signed Certificate Timestamps
// (SignedCertificateTimestampList as defined in RFC6962). This list
// is typically obtained from the CT extension in a certificate.
// To extract the individual items of the list, call ReadSCTListItem on
// the returned reader until the reader reaches its end.
// Note that the validity of each extracted SCT should be checked separately.
pkix::Result DecodeSCTList(pkix::Input input, pkix::Reader& listReader);

// Reads a single SCT from the reader returned by DecodeSCTList.
pkix::Result ReadSCTListItem(pkix::Reader& listReader, pkix::Input& result);

// Decodes a single SCT from |input| to |output|.
pkix::Result DecodeSignedCertificateTimestamp(
    pkix::Reader& input, SignedCertificateTimestamp& output);

// Encodes a list of SCTs (|scts|) to |output|.
pkix::Result EncodeSCTList(const std::vector<pkix::Input>& scts,
                           Buffer& output);

}  // namespace ct
}  // namespace mozilla

#endif  // CTSerialization_h