1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_CERT_CT_SERIALIZATION_H_ 6#define NET_CERT_CT_SERIALIZATION_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/strings/string_piece.h" 12#include "net/base/net_export.h" 13#include "net/cert/signed_certificate_timestamp.h" 14#include "net/cert/signed_tree_head.h" 15 16namespace net { 17 18// Utility functions for encoding/decoding structures used by Certificate 19// Transparency to/from the TLS wire format encoding. 20namespace ct { 21 22// If |input.signature_data| is less than kMaxSignatureLength, encodes the 23// |input| to |output| and returns true. Otherwise, returns false. 24NET_EXPORT_PRIVATE bool EncodeDigitallySigned(const DigitallySigned& input, 25 std::string* output); 26 27// Reads and decodes a DigitallySigned object from |input|. 28// The bytes read from |input| are discarded (i.e. |input|'s prefix removed) 29// Returns true and fills |output| if all fields can be read, false otherwise. 30NET_EXPORT_PRIVATE bool DecodeDigitallySigned(base::StringPiece* input, 31 DigitallySigned* output); 32 33// Encodes the |input| LogEntry to |output|. Returns true if the entry size 34// does not exceed allowed size in RFC6962, false otherwise. 35NET_EXPORT_PRIVATE bool EncodeLogEntry(const LogEntry& input, 36 std::string* output); 37 38// Encodes the data signed by a Signed Certificate Timestamp (SCT) into 39// |output|. The signature included in the SCT is then verified over these 40// bytes. 41// |timestamp| timestamp from the SCT. 42// |serialized_log_entry| the log entry signed by the SCT. 43// |extensions| CT extensions. 44// Returns true if the extensions' length does not exceed 45// kMaxExtensionsLength, false otherwise. 46NET_EXPORT_PRIVATE bool EncodeV1SCTSignedData( 47 const base::Time& timestamp, 48 const std::string& serialized_log_entry, 49 const std::string& extensions, 50 std::string* output); 51 52// Encodes the data signed by a Signed Tree Head (STH) |signed_tree_head| into 53// |output|. The signature included in the |signed_tree_head| can then be 54// verified over these bytes. 55NET_EXPORT_PRIVATE void EncodeTreeHeadSignature( 56 const SignedTreeHead& signed_tree_head, 57 std::string* output); 58 59// Decode a list of Signed Certificate Timestamps 60// (SignedCertificateTimestampList as defined in RFC6962): from a single 61// string in |input| to a vector of individually-encoded SCTs |output|. 62// This list is typically obtained from the CT extension in a certificate. 63// Returns true if the list could be read and decoded successfully, false 64// otherwise (note that the validity of each individual SCT should be checked 65// separately). 66NET_EXPORT_PRIVATE bool DecodeSCTList(base::StringPiece* input, 67 std::vector<base::StringPiece>* output); 68 69// Decodes a single SCT from |input| to |output|. 70// Returns true if all fields in the SCT could be read and decoded, false 71// otherwise. 72NET_EXPORT_PRIVATE bool DecodeSignedCertificateTimestamp( 73 base::StringPiece* input, 74 scoped_refptr<ct::SignedCertificateTimestamp>* output); 75 76// Writes an SCTList into |output|, containing a single |sct|. 77NET_EXPORT_PRIVATE bool EncodeSCTListForTesting(const base::StringPiece& sct, 78 std::string* output); 79} // namespace ct 80 81} // namespace net 82 83#endif // NET_CERT_CT_SERIALIZATION_H_ 84