DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Implementation

Mercurial (5ac55079c87e)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
 * This file is PRIVATE to SSL.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef __tls13subcerts_h_
#define __tls13subcerts_h_

struct sslDelegatedCredentialStr {
    /* The number of seconds for which the delegated credential (DC) is valid
     * following the notBefore parameter of the delegation certificate.
     */
    PRUint32 validTime;

    /* The signature algorithm of the DC public key. This expected to the same
     * as CertificateVerify.scheme.
     */
    SSLSignatureScheme expectedCertVerifyAlg;

    /* The DER-encoded SubjectPublicKeyInfo, the DC public key.
     */
    SECItem derSpki;

    /* The decoded SubjectPublicKeyInfo parsed from |derSpki|. */
    CERTSubjectPublicKeyInfo *spki;

    /* The signature algorithm used to verify the DC signature. */
    SSLSignatureScheme alg;

    /* The DC signature. */
    SECItem signature;
};

SECStatus tls13_ReadDelegatedCredential(PRUint8 *b,
                                        PRUint32 length,
                                        sslDelegatedCredential **dcp);
void tls13_DestroyDelegatedCredential(sslDelegatedCredential *dc);

PRBool tls13_IsVerifyingWithDelegatedCredential(const sslSocket *ss);
PRBool tls13_IsSigningWithDelegatedCredential(const sslSocket *ss);
SECStatus tls13_MaybeSetDelegatedCredential(sslSocket *ss);
SECStatus tls13_VerifyDelegatedCredential(sslSocket *ss,
                                          sslDelegatedCredential *dc);

SECStatus SSLExp_DelegateCredential(const CERTCertificate *cert,
                                    const SECKEYPrivateKey *certPriv,
                                    const SECKEYPublicKey *dcPub,
                                    SSLSignatureScheme dcCertVerifyAlg,
                                    PRUint32 dcValidFor,
                                    PRTime now,
                                    SECItem *out);

#endif