security/ct/CTSerialization.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef CTSerialization_h
   8 #define CTSerialization_h
   9
  10 #include <vector>
  11
  12 #include "mozpkix/Input.h"
  13 #include "mozpkix/Result.h"
  14 #include "SignedCertificateTimestamp.h"
  15
  16 // Utility functions for encoding/decoding structures used by Certificate
  17 // Transparency to/from the TLS wire format encoding.
  18 namespace mozilla {
  19 namespace ct {
  20
  21 // Encodes the DigitallySigned |data| to |output|.
  22 pkix::Result EncodeDigitallySigned(const DigitallySigned& data, Buffer& output);
  23
  24 // Reads and decodes a DigitallySigned object from |reader|.
  25 // On failure, the cursor position of |reader| is undefined.
  26 pkix::Result DecodeDigitallySigned(pkix::Reader& reader,
  27                                    DigitallySigned& output);
  28
  29 // Encodes the |input| LogEntry to |output|. The size of the entry
  30 // must not exceed the allowed size in RFC6962.
  31 pkix::Result EncodeLogEntry(const LogEntry& entry, Buffer& output);
  32
  33 // Encodes the data signed by a Signed Certificate Timestamp (SCT) into
  34 // |output|. The signature included in the SCT can then be verified over these
  35 // bytes.
  36 // |timestamp| timestamp from the SCT.
  37 // |serializedLogEntry| the log entry signed by the SCT.
  38 // |extensions| CT extensions.
  39 pkix::Result EncodeV1SCTSignedData(uint64_t timestamp,
  40                                    pkix::Input serializedLogEntry,
  41                                    pkix::Input extensions, Buffer& output);
  42
  43 // Decodes a list of Signed Certificate Timestamps
  44 // (SignedCertificateTimestampList as defined in RFC6962). This list
  45 // is typically obtained from the CT extension in a certificate.
  46 // To extract the individual items of the list, call ReadSCTListItem on
  47 // the returned reader until the reader reaches its end.
  48 // Note that the validity of each extracted SCT should be checked separately.
  49 pkix::Result DecodeSCTList(pkix::Input input, pkix::Reader& listReader);
  50
  51 // Reads a single SCT from the reader returned by DecodeSCTList.
  52 pkix::Result ReadSCTListItem(pkix::Reader& listReader, pkix::Input& result);
  53
  54 // Decodes a single SCT from |input| to |output|.
  55 pkix::Result DecodeSignedCertificateTimestamp(
  56     pkix::Reader& input, SignedCertificateTimestamp& output);
  57
  58 // Encodes a list of SCTs (|scts|) to |output|.
  59 pkix::Result EncodeSCTList(const std::vector<pkix::Input>& scts,
  60                            Buffer& output);
  61
  62 }  // namespace ct
  63 }  // namespace mozilla
  64
  65 #endif  // CTSerialization_h