1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_CERT_CT_SERIALIZATION_H_
6#define NET_CERT_CT_SERIALIZATION_H_
7
8#include <string>
9#include <vector>
10
11#include "base/strings/string_piece.h"
12#include "net/base/net_export.h"
13#include "net/cert/signed_certificate_timestamp.h"
14#include "net/cert/signed_tree_head.h"
15
16namespace net {
17
18// Utility functions for encoding/decoding structures used by Certificate
19// Transparency to/from the TLS wire format encoding.
20namespace ct {
21
22// If |input.signature_data| is less than kMaxSignatureLength, encodes the
23// |input| to |output| and returns true. Otherwise, returns false.
24NET_EXPORT_PRIVATE bool EncodeDigitallySigned(const DigitallySigned& input,
25                                              std::string* output);
26
27// Reads and decodes a DigitallySigned object from |input|.
28// The bytes read from |input| are discarded (i.e. |input|'s prefix removed)
29// Returns true and fills |output| if all fields can be read, false otherwise.
30NET_EXPORT_PRIVATE bool DecodeDigitallySigned(base::StringPiece* input,
31                                              DigitallySigned* output);
32
33// Encodes the |input| LogEntry to |output|. Returns true if the entry size
34// does not exceed allowed size in RFC6962, false otherwise.
35NET_EXPORT_PRIVATE bool EncodeLogEntry(const LogEntry& input,
36                                       std::string* output);
37
38// Encodes the data signed by a Signed Certificate Timestamp (SCT) into
39// |output|. The signature included in the SCT is then verified over these
40// bytes.
41// |timestamp| timestamp from the SCT.
42// |serialized_log_entry| the log entry signed by the SCT.
43// |extensions| CT extensions.
44// Returns true if the extensions' length does not exceed
45// kMaxExtensionsLength, false otherwise.
46NET_EXPORT_PRIVATE bool EncodeV1SCTSignedData(
47    const base::Time& timestamp,
48    const std::string& serialized_log_entry,
49    const std::string& extensions,
50    std::string* output);
51
52// Encodes the data signed by a Signed Tree Head (STH) |signed_tree_head| into
53// |output|. The signature included in the |signed_tree_head| can then be
54// verified over these bytes.
55NET_EXPORT_PRIVATE void EncodeTreeHeadSignature(
56    const SignedTreeHead& signed_tree_head,
57    std::string* output);
58
59// Decode a list of Signed Certificate Timestamps
60// (SignedCertificateTimestampList as defined in RFC6962): from a single
61// string in |input| to a vector of individually-encoded SCTs |output|.
62// This list is typically obtained from the CT extension in a certificate.
63// Returns true if the list could be read and decoded successfully, false
64// otherwise (note that the validity of each individual SCT should be checked
65// separately).
66NET_EXPORT_PRIVATE bool DecodeSCTList(base::StringPiece* input,
67                                      std::vector<base::StringPiece>* output);
68
69// Decodes a single SCT from |input| to |output|.
70// Returns true if all fields in the SCT could be read and decoded, false
71// otherwise.
72NET_EXPORT_PRIVATE bool DecodeSignedCertificateTimestamp(
73    base::StringPiece* input,
74    scoped_refptr<ct::SignedCertificateTimestamp>* output);
75
76// Writes an SCTList into |output|, containing a single |sct|.
77NET_EXPORT_PRIVATE bool EncodeSCTListForTesting(const base::StringPiece& sct,
78                                                std::string* output);
79}  // namespace ct
80
81}  // namespace net
82
83#endif  // NET_CERT_CT_SERIALIZATION_H_
84