Squashed 'third_party/rawrtc/rawrtc/' content from commit aa3ae4b24
Change-Id: I38a655a4259b62f591334e90a1315bd4e7e4d8ec
git-subtree-dir: third_party/rawrtc/rawrtc
git-subtree-split: aa3ae4b247275cc6e69c30613b3a4ba7fdc82d1b
diff --git a/include/rawrtc/certificate.h b/include/rawrtc/certificate.h
new file mode 100644
index 0000000..b81d461
--- /dev/null
+++ b/include/rawrtc/certificate.h
@@ -0,0 +1,121 @@
+#pragma once
+#include <rawrtcc/code.h>
+#include <re.h>
+
+/*
+ * Certificate private key types.
+ */
+enum rawrtc_certificate_key_type {
+ // An RSA private key.
+ RAWRTC_CERTIFICATE_KEY_TYPE_RSA = TLS_KEYTYPE_RSA,
+ // An elliptic curve private key.
+ RAWRTC_CERTIFICATE_KEY_TYPE_EC = TLS_KEYTYPE_EC,
+};
+
+/*
+ * Certificate signing hash algorithms.
+ */
+enum rawrtc_certificate_sign_algorithm {
+ // Sign algorithm not set.
+ // Note: When passing this as an argument, a sensible default signing
+ // algorithm shall be used.
+ RAWRTC_CERTIFICATE_SIGN_ALGORITHM_NONE = 0,
+ // SHA-256 sign algorithm.
+ RAWRTC_CERTIFICATE_SIGN_ALGORITHM_SHA256 = TLS_FINGERPRINT_SHA256,
+ // SHA-384 sign algorithm.
+ RAWRTC_CERTIFICATE_SIGN_ALGORITHM_SHA384,
+ // SHA-512 sign algorithm.
+ RAWRTC_CERTIFICATE_SIGN_ALGORITHM_SHA512,
+};
+
+/*
+ * Certificate encoding.
+ */
+enum rawrtc_certificate_encode {
+ // Only encode the certificate.
+ RAWRTC_CERTIFICATE_ENCODE_CERTIFICATE,
+ // Only encode the private key.
+ RAWRTC_CERTIFICATE_ENCODE_PRIVATE_KEY,
+ // Encode both the certificate and the private key.
+ RAWRTC_CERTIFICATE_ENCODE_BOTH,
+};
+
+/*
+ * Certificate options.
+ */
+struct rawrtc_certificate_options;
+
+/*
+ * Certificate.
+ */
+struct rawrtc_certificate;
+
+/*
+ * Certificates.
+ * Note: Inherits `struct rawrtc_array_container`.
+ */
+struct rawrtc_certificates {
+ size_t n_certificates;
+ struct rawrtc_certificate* certificates[];
+};
+
+/*
+ * Create certificate options.
+ *
+ * All arguments but `key_type` are optional. Sane and safe default
+ * values will be applied, don't worry!
+ *
+ * `*optionsp` must be unreferenced.
+ *
+ * If `common_name` is `NULL` the default common name will be applied.
+ * If `valid_until` is `0` the default certificate lifetime will be
+ * applied.
+ * If the key type is `ECC` and `named_curve` is `NULL`, the default
+ * named curve will be used.
+ * If the key type is `RSA` and `modulus_length` is `0`, the default
+ * amount of bits will be used. The same applies to the
+ * `sign_algorithm` if it has been set to `NONE`.
+ */
+enum rawrtc_code rawrtc_certificate_options_create(
+ struct rawrtc_certificate_options** const optionsp, // de-referenced
+ enum rawrtc_certificate_key_type const key_type,
+ char* common_name, // nullable, copied
+ uint_fast32_t valid_until,
+ enum rawrtc_certificate_sign_algorithm sign_algorithm,
+ char* named_curve, // nullable, copied, ignored for RSA
+ uint_fast32_t modulus_length // ignored for ECC
+);
+
+/*
+ * Create and generate a self-signed certificate.
+ *
+ * Sane and safe default options will be applied if `options` is
+ * `NULL`.
+ *
+ * `*certificatep` must be unreferenced.
+ */
+enum rawrtc_code rawrtc_certificate_generate(
+ struct rawrtc_certificate** const certificatep,
+ struct rawrtc_certificate_options* options // nullable
+);
+
+/*
+ * TODO http://draft.ortc.org/#dom-rtccertificate
+ * rawrtc_certificate_from_bytes
+ * rawrtc_certificate_get_expires
+ * rawrtc_certificate_get_fingerprint
+ * rawrtc_certificate_get_algorithm
+ */
+
+/*
+ * Translate a certificate sign algorithm to str.
+ */
+char const* rawrtc_certificate_sign_algorithm_to_str(
+ enum rawrtc_certificate_sign_algorithm const algorithm);
+
+/*
+ * Translate a str to a certificate sign algorithm (case-insensitive).
+ */
+enum rawrtc_code rawrtc_str_to_certificate_sign_algorithm(
+ enum rawrtc_certificate_sign_algorithm* const algorithmp, // de-referenced
+ char const* const str);