/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file is PRIVATE to SSL. * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef __tls13subcerts_h_ #define __tls13subcerts_h_ struct sslDelegatedCredentialStr { /* The number of seconds for which the delegated credential (DC) is valid * following the notBefore parameter of the delegation certificate. */ PRUint32 validTime; /* The signature algorithm of the DC public key. This expected to the same * as CertificateVerify.scheme. */ SSLSignatureScheme expectedCertVerifyAlg; /* The DER-encoded SubjectPublicKeyInfo, the DC public key. */ SECItem derSpki; /* The decoded SubjectPublicKeyInfo parsed from |derSpki|. */ CERTSubjectPublicKeyInfo *spki; /* The signature algorithm used to verify the DC signature. */ SSLSignatureScheme alg; /* The DC signature. */ SECItem signature; }; SECStatus tls13_ReadDelegatedCredential(PRUint8 *b, PRUint32 length, sslDelegatedCredential **dcp); void tls13_DestroyDelegatedCredential(sslDelegatedCredential *dc); PRBool tls13_IsVerifyingWithDelegatedCredential(const sslSocket *ss); PRBool tls13_IsSigningWithDelegatedCredential(const sslSocket *ss); SECStatus tls13_MaybeSetDelegatedCredential(sslSocket *ss); SECStatus tls13_VerifyDelegatedCredential(sslSocket *ss, sslDelegatedCredential *dc); SECStatus SSLExp_DelegateCredential(const CERTCertificate *cert, const SECKEYPrivateKey *certPriv, const SECKEYPublicKey *dcPub, SSLSignatureScheme dcCertVerifyAlg, PRUint32 dcValidFor, PRTime now, SECItem *out); #endif