gecko-dev/security/ct/CTSerialization.h

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef CTSerialization_h
#define CTSerialization_h

#include <vector>

#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
#include "SignedCertificateTimestamp.h"

// Utility functions for encoding/decoding structures used by Certificate
// Transparency to/from the TLS wire format encoding.
namespace mozilla {
namespace ct {

// Encodes the DigitallySigned |data| to |output|.
pkix::Result EncodeDigitallySigned(const DigitallySigned& data, Buffer& output);

// Reads and decodes a DigitallySigned object from |reader|.
// On failure, the cursor position of |reader| is undefined.
pkix::Result DecodeDigitallySigned(pkix::Reader& reader,
                                   DigitallySigned& output);

// Encodes the |input| LogEntry to |output|. The size of the entry
// must not exceed the allowed size in RFC6962.
pkix::Result EncodeLogEntry(const LogEntry& entry, Buffer& output);

// Encodes the data signed by a Signed Certificate Timestamp (SCT) into
// |output|. The signature included in the SCT can then be verified over these
// bytes.
// |timestamp| timestamp from the SCT.
// |serializedLogEntry| the log entry signed by the SCT.
// |extensions| CT extensions.
pkix::Result EncodeV1SCTSignedData(uint64_t timestamp,
                                   pkix::Input serializedLogEntry,
                                   pkix::Input extensions, Buffer& output);

// Decodes a list of Signed Certificate Timestamps
// (SignedCertificateTimestampList as defined in RFC6962). This list
// is typically obtained from the CT extension in a certificate.
// To extract the individual items of the list, call ReadSCTListItem on
// the returned reader until the reader reaches its end.
// Note that the validity of each extracted SCT should be checked separately.
pkix::Result DecodeSCTList(pkix::Input input, pkix::Reader& listReader);

// Reads a single SCT from the reader returned by DecodeSCTList.
pkix::Result ReadSCTListItem(pkix::Reader& listReader, pkix::Input& result);

// Decodes a single SCT from |input| to |output|.
pkix::Result DecodeSignedCertificateTimestamp(
    pkix::Reader& input, SignedCertificateTimestamp& output);

// Encodes a list of SCTs (|scts|) to |output|.
pkix::Result EncodeSCTList(const std::vector<pkix::Input>& scts,
                           Buffer& output);

}  // namespace ct
}  // namespace mozilla

#endif  // CTSerialization_h
Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka MozReview-Commit-ID: KmJOr2crof7 --HG-- extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8 2016-04-11 16:17:25 +03:00			`/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */`
			`/* vim: set ts=8 sts=2 et sw=2 tw=80: */`
			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`#ifndef CTSerialization_h`
			`#define CTSerialization_h`

Bug 1493788 - convert mozilla::Vector to std::vector in certificate transparency implementation r=jcj In order to make our certificate transparency implementation standalone, we have to remove mozilla-specific dependencies such as mozilla::Vector. Depends on D6844 Differential Revision: https://phabricator.services.mozilla.com/D6845 --HG-- extra : moz-landing-system : lando 2018-10-01 23:27:13 +03:00			`#include <vector>`

Bug 1479787 - use NSS mozpkix in Firefox, r=mt,keeler,glandium Differential Revision: https://phabricator.services.mozilla.com/D2725 Differential Revision: https://phabricator.services.mozilla.com/D2860 --HG-- extra : rebase_source : 189c13c2a3104c106fcabad5998af6cb2e20d4a5 2018-10-02 15:59:34 +03:00			`#include "mozpkix/Input.h"`
			`#include "mozpkix/Result.h"`
Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka MozReview-Commit-ID: KmJOr2crof7 --HG-- extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8 2016-04-11 16:17:25 +03:00			`#include "SignedCertificateTimestamp.h"`

			`// Utility functions for encoding/decoding structures used by Certificate`
			`// Transparency to/from the TLS wire format encoding.`
			`namespace mozilla {`
			`namespace ct {`

			`// Encodes the DigitallySigned \|data\| to \|output\|.`
			`pkix::Result EncodeDigitallySigned(const DigitallySigned& data, Buffer& output);`

			`// Reads and decodes a DigitallySigned object from \|reader\|.`
			`// On failure, the cursor position of \|reader\| is undefined.`
			`pkix::Result DecodeDigitallySigned(pkix::Reader& reader,`
			`DigitallySigned& output);`

			`// Encodes the \|input\| LogEntry to \|output\|. The size of the entry`
			`// must not exceed the allowed size in RFC6962.`
			`pkix::Result EncodeLogEntry(const LogEntry& entry, Buffer& output);`

			`// Encodes the data signed by a Signed Certificate Timestamp (SCT) into`
			`// \|output\|. The signature included in the SCT can then be verified over these`
			`// bytes.`
			`// \|timestamp\| timestamp from the SCT.`
			`// \|serializedLogEntry\| the log entry signed by the SCT.`
			`// \|extensions\| CT extensions.`
			`pkix::Result EncodeV1SCTSignedData(uint64_t timestamp,`
			`pkix::Input serializedLogEntry,`
			`pkix::Input extensions, Buffer& output);`

			`// Decodes a list of Signed Certificate Timestamps`
			`// (SignedCertificateTimestampList as defined in RFC6962). This list`
			`// is typically obtained from the CT extension in a certificate.`
			`// To extract the individual items of the list, call ReadSCTListItem on`
			`// the returned reader until the reader reaches its end.`
			`// Note that the validity of each extracted SCT should be checked separately.`
			`pkix::Result DecodeSCTList(pkix::Input input, pkix::Reader& listReader);`

			`// Reads a single SCT from the reader returned by DecodeSCTList.`
			`pkix::Result ReadSCTListItem(pkix::Reader& listReader, pkix::Input& result);`

			`// Decodes a single SCT from \|input\| to \|output\|.`
			`pkix::Result DecodeSignedCertificateTimestamp(`
			`pkix::Reader& input, SignedCertificateTimestamp& output);`

Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka MozReview-Commit-ID: IgcnyBH4Up --HG-- extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3 2016-07-05 08:35:06 +03:00			`// Encodes a list of SCTs (\|scts\|) to \|output\|.`
Bug 1493788 - convert mozilla::Vector to std::vector in certificate transparency implementation r=jcj In order to make our certificate transparency implementation standalone, we have to remove mozilla-specific dependencies such as mozilla::Vector. Depends on D6844 Differential Revision: https://phabricator.services.mozilla.com/D6845 --HG-- extra : moz-landing-system : lando 2018-10-01 23:27:13 +03:00			`pkix::Result EncodeSCTList(const std::vector<pkix::Input>& scts,`
			`Buffer& output);`
Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka MozReview-Commit-ID: IgcnyBH4Up --HG-- extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3 2016-07-05 08:35:06 +03:00
Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka MozReview-Commit-ID: KmJOr2crof7 --HG-- extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8 2016-04-11 16:17:25 +03:00			`} // namespace ct`
			`} // namespace mozilla`

			`#endif // CTSerialization_h`