net/cert/ct_serialization.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_CERT_CT_SERIALIZATION_H_
   6 #define NET_CERT_CT_SERIALIZATION_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/strings/string_piece.h"
  12 #include "net/base/net_export.h"
  13 #include "net/cert/signed_certificate_timestamp.h"
  14 #include "net/cert/signed_tree_head.h"
  15
  16 namespace net {
  17
  18 // Utility functions for encoding/decoding structures used by Certificate
  19 // Transparency to/from the TLS wire format encoding.
  20 namespace ct {
  21
  22 // If |input.signature_data| is less than kMaxSignatureLength, encodes the
  23 // |input| to |output| and returns true. Otherwise, returns false.
  24 NET_EXPORT_PRIVATE bool EncodeDigitallySigned(const DigitallySigned& input,
  25                                               std::string* output);
  26
  27 // Reads and decodes a DigitallySigned object from |input|.
  28 // The bytes read from |input| are discarded (i.e. |input|'s prefix removed)
  29 // Returns true and fills |output| if all fields can be read, false otherwise.
  30 NET_EXPORT_PRIVATE bool DecodeDigitallySigned(base::StringPiece* input,
  31                                               DigitallySigned* output);
  32
  33 // Encodes the |input| LogEntry to |output|. Returns true if the entry size
  34 // does not exceed allowed size in RFC6962, false otherwise.
  35 NET_EXPORT_PRIVATE bool EncodeLogEntry(const LogEntry& input,
  36                                        std::string* output);
  37
  38 // Encodes the data signed by a Signed Certificate Timestamp (SCT) into
  39 // |output|. The signature included in the SCT is then verified over these
  40 // bytes.
  41 // |timestamp| timestamp from the SCT.
  42 // |serialized_log_entry| the log entry signed by the SCT.
  43 // |extensions| CT extensions.
  44 // Returns true if the extensions' length does not exceed
  45 // kMaxExtensionsLength, false otherwise.
  46 NET_EXPORT_PRIVATE bool EncodeV1SCTSignedData(
  47     const base::Time& timestamp,
  48     const std::string& serialized_log_entry,
  49     const std::string& extensions,
  50     std::string* output);
  51
  52 // Encodes the data signed by a Signed Tree Head (STH) |signed_tree_head| into
  53 // |output|. The signature included in the |signed_tree_head| can then be
  54 // verified over these bytes.
  55 NET_EXPORT_PRIVATE void EncodeTreeHeadSignature(
  56     const SignedTreeHead& signed_tree_head,
  57     std::string* output);
  58
  59 // Decode a list of Signed Certificate Timestamps
  60 // (SignedCertificateTimestampList as defined in RFC6962): from a single
  61 // string in |input| to a vector of individually-encoded SCTs |output|.
  62 // This list is typically obtained from the CT extension in a certificate.
  63 // Returns true if the list could be read and decoded successfully, false
  64 // otherwise (note that the validity of each individual SCT should be checked
  65 // separately).
  66 NET_EXPORT_PRIVATE bool DecodeSCTList(base::StringPiece* input,
  67                                       std::vector<base::StringPiece>* output);
  68
  69 // Decodes a single SCT from |input| to |output|.
  70 // Returns true if all fields in the SCT could be read and decoded, false
  71 // otherwise.
  72 NET_EXPORT_PRIVATE bool DecodeSignedCertificateTimestamp(
  73     base::StringPiece* input,
  74     scoped_refptr<ct::SignedCertificateTimestamp>* output);
  75
  76 // Writes an SCTList into |output|, containing a single |sct|.
  77 NET_EXPORT_PRIVATE bool EncodeSCTListForTesting(const base::StringPiece& sct,
  78                                                 std::string* output);
  79 }  // namespace ct
  80
  81 }  // namespace net
  82
  83 #endif  // NET_CERT_CT_SERIALIZATION_H_