Chromium Code Reviews Chromium Code Reviews
Issue 1943313003:
Adds a function for encoding a Merkle tree leaf in TLS wire format. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_CT_SERIALIZATION_H_ | 5 #ifndef NET_CERT_CT_SERIALIZATION_H_ |
| 6 #define NET_CERT_CT_SERIALIZATION_H_ | 6 #define NET_CERT_CT_SERIALIZATION_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/strings/string_piece.h" | 11 #include "base/strings/string_piece.h" |
| 12 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
| 13 #include "net/cert/signed_certificate_timestamp.h" | 13 #include "net/cert/signed_certificate_timestamp.h" |
| 14 #include "net/cert/signed_tree_head.h" | 14 #include "net/cert/signed_tree_head.h" |
| 15 | 15 |
| 16 namespace net { | 16 namespace net { |
| 17 | 17 |
| 18 // Utility functions for encoding/decoding structures used by Certificate | 18 // Utility functions for encoding/decoding structures used by Certificate |
| 19 // Transparency to/from the TLS wire format encoding. | 19 // Transparency to/from the TLS wire format encoding. |
| 20 namespace ct { | 20 namespace ct { |
| 21 | 21 |
| 22 struct MerkleTreeLeaf; | |
| 23 | |
| 22 // If |input.signature_data| is less than kMaxSignatureLength, encodes the | 24 // If |input.signature_data| is less than kMaxSignatureLength, encodes the |
| 23 // |input| to |output| and returns true. Otherwise, returns false. | 25 // |input| to |output| and returns true. Otherwise, returns false. |
| 24 NET_EXPORT_PRIVATE bool EncodeDigitallySigned(const DigitallySigned& input, | 26 NET_EXPORT_PRIVATE bool EncodeDigitallySigned(const DigitallySigned& input, |
| 25 std::string* output); | 27 std::string* output); |
| 26 | 28 |
| 27 // Reads and decodes a DigitallySigned object from |input|. | 29 // Reads and decodes a DigitallySigned object from |input|. |
| 28 // The bytes read from |input| are discarded (i.e. |input|'s prefix removed) | 30 // The bytes read from |input| are discarded (i.e. |input|'s prefix removed) |
| 29 // Returns true and fills |output| if all fields can be read, false otherwise. | 31 // Returns true and fills |output| if all fields can be read, false otherwise. |
| 30 NET_EXPORT_PRIVATE bool DecodeDigitallySigned(base::StringPiece* input, | 32 NET_EXPORT_PRIVATE bool DecodeDigitallySigned(base::StringPiece* input, |
| 31 DigitallySigned* output); | 33 DigitallySigned* output); |
| 32 | 34 |
| 33 // Encodes the |input| LogEntry to |output|. Returns true if the entry size | 35 // Encodes the |input| LogEntry to |output|. Returns true if the entry size |
| 34 // does not exceed allowed size in RFC6962, false otherwise. | 36 // does not exceed allowed size in RFC6962, false otherwise. |
| 35 NET_EXPORT_PRIVATE bool EncodeLogEntry(const LogEntry& input, | 37 NET_EXPORT_PRIVATE bool EncodeLogEntry(const LogEntry& input, |
| 36 std::string* output); | 38 std::string* output); |
| 37 | 39 |
| 40 // Encodes the Merkle tree |leaf| into |output|. | |
| 41 // These bytes can be hashed for use with inclusion proof fetching. | |
| 42 // Note that the log ID is not serialized. | |
|
eroman
2016/05/07 00:20:52
Not quite sure what this line means.
Does this me
Rob Percival
2016/05/08 04:08:18
Yes - I've clarified this.
| |
| 43 NET_EXPORT bool EncodeTreeLeaf(const MerkleTreeLeaf& leaf, std::string* output); | |
|
eroman
2016/05/07 00:20:52
Please clarify in the comments that this *appends*
Rob Percival
2016/05/08 04:08:17
Clarified. The same ought to be done for the other
| |
| 44 | |
| 38 // Encodes the data signed by a Signed Certificate Timestamp (SCT) into | 45 // Encodes the data signed by a Signed Certificate Timestamp (SCT) into |
| 39 // |output|. The signature included in the SCT is then verified over these | 46 // |output|. The signature included in the SCT is then verified over these |
| 40 // bytes. | 47 // bytes. |
| 41 // |timestamp| timestamp from the SCT. | 48 // |timestamp| timestamp from the SCT. |
| 42 // |serialized_log_entry| the log entry signed by the SCT. | 49 // |serialized_log_entry| the log entry signed by the SCT. |
| 43 // |extensions| CT extensions. | 50 // |extensions| CT extensions. |
| 44 // Returns true if the extensions' length does not exceed | 51 // Returns true if the extensions' length does not exceed |
| 45 // kMaxExtensionsLength, false otherwise. | 52 // kMaxExtensionsLength, false otherwise. |
| 46 NET_EXPORT_PRIVATE bool EncodeV1SCTSignedData( | 53 NET_EXPORT_PRIVATE bool EncodeV1SCTSignedData( |
| 47 const base::Time& timestamp, | 54 const base::Time& timestamp, |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 74 scoped_refptr<ct::SignedCertificateTimestamp>* output); | 81 scoped_refptr<ct::SignedCertificateTimestamp>* output); |
| 75 | 82 |
| 76 // Writes an SCTList into |output|, containing a single |sct|. | 83 // Writes an SCTList into |output|, containing a single |sct|. |
| 77 NET_EXPORT_PRIVATE bool EncodeSCTListForTesting(const base::StringPiece& sct, | 84 NET_EXPORT_PRIVATE bool EncodeSCTListForTesting(const base::StringPiece& sct, |
| 78 std::string* output); | 85 std::string* output); |
| 79 } // namespace ct | 86 } // namespace ct |
| 80 | 87 |
| 81 } // namespace net | 88 } // namespace net |
| 82 | 89 |
| 83 #endif // NET_CERT_CT_SERIALIZATION_H_ | 90 #endif // NET_CERT_CT_SERIALIZATION_H_ |
| OLD | NEW |
