diff options
Diffstat (limited to '')
-rw-r--r-- | security/nss/lib/ssl/tls13subcerts.h | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/security/nss/lib/ssl/tls13subcerts.h b/security/nss/lib/ssl/tls13subcerts.h new file mode 100644 index 0000000000..ce9996bb80 --- /dev/null +++ b/security/nss/lib/ssl/tls13subcerts.h @@ -0,0 +1,56 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is PRIVATE to SSL. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __tls13subcerts_h_ +#define __tls13subcerts_h_ + +struct sslDelegatedCredentialStr { + /* The number of seconds for which the delegated credential (DC) is valid + * following the notBefore parameter of the delegation certificate. + */ + PRUint32 validTime; + + /* The signature algorithm of the DC public key. This expected to the same + * as CertificateVerify.scheme. + */ + SSLSignatureScheme expectedCertVerifyAlg; + + /* The DER-encoded SubjectPublicKeyInfo, the DC public key. + */ + SECItem derSpki; + + /* The decoded SubjectPublicKeyInfo parsed from |derSpki|. */ + CERTSubjectPublicKeyInfo *spki; + + /* The signature algorithm used to verify the DC signature. */ + SSLSignatureScheme alg; + + /* The DC signature. */ + SECItem signature; +}; + +SECStatus tls13_ReadDelegatedCredential(PRUint8 *b, + PRUint32 length, + sslDelegatedCredential **dcp); +void tls13_DestroyDelegatedCredential(sslDelegatedCredential *dc); + +PRBool tls13_IsVerifyingWithDelegatedCredential(const sslSocket *ss); +PRBool tls13_IsSigningWithDelegatedCredential(const sslSocket *ss); +SECStatus tls13_MaybeSetDelegatedCredential(sslSocket *ss); +SECStatus tls13_VerifyDelegatedCredential(sslSocket *ss, + sslDelegatedCredential *dc); + +SECStatus SSLExp_DelegateCredential(const CERTCertificate *cert, + const SECKEYPrivateKey *certPriv, + const SECKEYPublicKey *dcPub, + SSLSignatureScheme dcCertVerifyAlg, + PRUint32 dcValidFor, + PRTime now, + SECItem *out); + +#endif |