1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_CT_SERIALIZATION_H_
6 #define NET_CERT_CT_SERIALIZATION_H_
11 #include "base/strings/string_piece.h"
12 #include "net/base/net_export.h"
13 #include "net/cert/signed_certificate_timestamp.h"
17 // Utility functions for encoding/decoding structures used by Certificate
18 // Transparency to/from the TLS wire format encoding.
21 // If |input.signature_data| is less than kMaxSignatureLength, encodes the
22 // |input| to |output| and returns true. Otherwise, returns false.
23 NET_EXPORT_PRIVATE
bool EncodeDigitallySigned(const DigitallySigned
& input
,
26 // Reads and decodes a DigitallySigned object from |input|.
27 // The bytes read from |input| are discarded (i.e. |input|'s prefix removed)
28 // Returns true and fills |output| if all fields can be read, false otherwise.
29 NET_EXPORT_PRIVATE
bool DecodeDigitallySigned(base::StringPiece
* input
,
30 DigitallySigned
* output
);
32 // Encodes the |input| LogEntry to |output|. Returns true if the entry size
33 // does not exceed allowed size in RFC6962, false otherwise.
34 NET_EXPORT_PRIVATE
bool EncodeLogEntry(const LogEntry
& input
,
37 // Encodes the data signed by a Signed Certificate Timestamp (SCT) into
38 // |output|. The signature included in the SCT is then verified over these
40 // |timestamp| timestamp from the SCT.
41 // |serialized_log_entry| the log entry signed by the SCT.
42 // |extensions| CT extensions.
43 // Returns true if the extensions' length does not exceed
44 // kMaxExtensionsLength, false otherwise.
45 NET_EXPORT_PRIVATE
bool EncodeV1SCTSignedData(
46 const base::Time
& timestamp
,
47 const std::string
& serialized_log_entry
,
48 const std::string
& extensions
,
51 // Decode a list of Signed Certificate Timestamps
52 // (SignedCertificateTimestampList as defined in RFC6962): from a single
53 // string in |input| to a vector of individually-encoded SCTs |output|.
54 // This list is typically obtained from the CT extension in a certificate.
55 // Returns true if the list could be read and decoded successfully, false
56 // otherwise (note that the validity of each individual SCT should be checked
58 NET_EXPORT_PRIVATE
bool DecodeSCTList(base::StringPiece
* input
,
59 std::vector
<base::StringPiece
>* output
);
61 // Decodes a single SCT from |input| to |output|.
62 // Returns true if all fields in the SCT could be read and decoded, false
64 NET_EXPORT_PRIVATE
bool DecodeSignedCertificateTimestamp(
65 base::StringPiece
* input
,
66 ct::SignedCertificateTimestamp
* output
);
72 #endif // NET_CERT_CT_SERIALIZATION_H_