diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
| commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
| tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/lib/ssl/tls13subcerts.h | |
| parent | Initial commit. (diff) | |
| download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip | |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/ssl/tls13subcerts.h')
| -rw-r--r-- | security/nss/lib/ssl/tls13subcerts.h | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/security/nss/lib/ssl/tls13subcerts.h b/security/nss/lib/ssl/tls13subcerts.h new file mode 100644 index 0000000000..ce9996bb80 --- /dev/null +++ b/security/nss/lib/ssl/tls13subcerts.h @@ -0,0 +1,56 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is PRIVATE to SSL. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __tls13subcerts_h_ +#define __tls13subcerts_h_ + +struct sslDelegatedCredentialStr { + /* The number of seconds for which the delegated credential (DC) is valid + * following the notBefore parameter of the delegation certificate. + */ + PRUint32 validTime; + + /* The signature algorithm of the DC public key. This expected to the same + * as CertificateVerify.scheme. + */ + SSLSignatureScheme expectedCertVerifyAlg; + + /* The DER-encoded SubjectPublicKeyInfo, the DC public key. + */ + SECItem derSpki; + + /* The decoded SubjectPublicKeyInfo parsed from |derSpki|. */ + CERTSubjectPublicKeyInfo *spki; + + /* The signature algorithm used to verify the DC signature. */ + SSLSignatureScheme alg; + + /* The DC signature. */ + SECItem signature; +}; + +SECStatus tls13_ReadDelegatedCredential(PRUint8 *b, + PRUint32 length, + sslDelegatedCredential **dcp); +void tls13_DestroyDelegatedCredential(sslDelegatedCredential *dc); + +PRBool tls13_IsVerifyingWithDelegatedCredential(const sslSocket *ss); +PRBool tls13_IsSigningWithDelegatedCredential(const sslSocket *ss); +SECStatus tls13_MaybeSetDelegatedCredential(sslSocket *ss); +SECStatus tls13_VerifyDelegatedCredential(sslSocket *ss, + sslDelegatedCredential *dc); + +SECStatus SSLExp_DelegateCredential(const CERTCertificate *cert, + const SECKEYPrivateKey *certPriv, + const SECKEYPublicKey *dcPub, + SSLSignatureScheme dcCertVerifyAlg, + PRUint32 dcValidFor, + PRTime now, + SECItem *out); + +#endif |