Bug 1822876: Add H3 ECH Telemetry. r=kershaw,necko-reviewers
This patch adds telemetry which records when H3 connections succeed / fail
and what kind of ECH they used. Our H3 ECH tests are extended to test these
different modes and that the telemetry is recorded correctly.
Differential Revision:
https://phabricator.services.mozilla.com/D172813
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is PRIVATE to SSL.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef __tls13subcerts_h_
#define __tls13subcerts_h_
struct sslDelegatedCredentialStr {
/* The number of seconds for which the delegated credential (DC) is valid
* following the notBefore parameter of the delegation certificate.
*/
PRUint32 validTime;
/* The signature algorithm of the DC public key. This expected to the same
* as CertificateVerify.scheme.
*/
SSLSignatureScheme expectedCertVerifyAlg;
/* The DER-encoded SubjectPublicKeyInfo, the DC public key.
*/
SECItem derSpki;
/* The decoded SubjectPublicKeyInfo parsed from |derSpki|. */
CERTSubjectPublicKeyInfo *spki;
/* The signature algorithm used to verify the DC signature. */
SSLSignatureScheme alg;
/* The DC signature. */
SECItem signature;
};
SECStatus tls13_ReadDelegatedCredential(PRUint8 *b,
PRUint32 length,
sslDelegatedCredential **dcp);
void tls13_DestroyDelegatedCredential(sslDelegatedCredential *dc);
PRBool tls13_IsVerifyingWithDelegatedCredential(const sslSocket *ss);
PRBool tls13_IsSigningWithDelegatedCredential(const sslSocket *ss);
SECStatus tls13_MaybeSetDelegatedCredential(sslSocket *ss);
SECStatus tls13_VerifyDelegatedCredential(sslSocket *ss,
sslDelegatedCredential *dc);
SECStatus SSLExp_DelegateCredential(const CERTCertificate *cert,
const SECKEYPrivateKey *certPriv,
const SECKEYPublicKey *dcPub,
SSLSignatureScheme dcCertVerifyAlg,
PRUint32 dcValidFor,
PRTime now,
SECItem *out);
#endif
