1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef SignedCertificateTimestamp_h
8 #define SignedCertificateTimestamp_h
9
10 #include "Buffer.h"
11 #include "mozpkix/Input.h"
12 #include "mozpkix/Result.h"
13
14 // Structures related to Certificate Transparency (RFC 6962).
15 namespace mozilla {
16 namespace ct {
17
18 // LogEntry struct in RFC 6962, Section 3.1.
19 struct LogEntry {
20 // LogEntryType enum in RFC 6962, Section 3.1.
21 enum class Type { X509 = 0, Precert = 1 };
22
23 void Reset();
24
25 Type type;
26
27 // Set if type == X509.
28 Buffer leafCertificate;
29
30 // Set if type == Precert.
31 Buffer issuerKeyHash;
32 Buffer tbsCertificate;
33 };
34
35 // Helper structure to represent Digitally Signed data, as described in
36 // Sections 4.7 and 7.4.1.4.1 of RFC 5246.
37 struct DigitallySigned {
38 enum class HashAlgorithm {
39 None = 0,
40 MD5 = 1,
41 SHA1 = 2,
42 SHA224 = 3,
43 SHA256 = 4,
44 SHA384 = 5,
45 SHA512 = 6,
46 };
47
48 enum class SignatureAlgorithm { Anonymous = 0, RSA = 1, DSA = 2, ECDSA = 3 };
49
50 // Returns true if |aHashAlgorithm| and |aSignatureAlgorithm|
51 // match this DigitallySigned hash and signature algorithms.
52 bool SignatureParametersMatch(HashAlgorithm aHashAlgorithm,
53 SignatureAlgorithm aSignatureAlgorithm) const;
54
55 HashAlgorithm hashAlgorithm;
56 SignatureAlgorithm signatureAlgorithm;
57 // 'signature' field.
58 Buffer signatureData;
59 };
60
61 // SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
62 struct SignedCertificateTimestamp {
63 // Version enum in RFC 6962, Section 3.2.
64 enum class Version {
65 V1 = 0,
66 };
67
68 Version version;
69 Buffer logId;
70 // "timestamp" is the current time in milliseconds, measured since the epoch,
71 // ignoring leap seconds. See RFC 6962, Section 3.2.
72 uint64_t timestamp;
73 Buffer extensions;
74 DigitallySigned signature;
75 };
76
BufferToInput(const Buffer & buffer,pkix::Input & input)77 inline pkix::Result BufferToInput(const Buffer& buffer, pkix::Input& input) {
78 if (buffer.empty()) {
79 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
80 }
81 return input.Init(buffer.data(), buffer.size());
82 }
83
InputToBuffer(pkix::Input input,Buffer & buffer)84 inline void InputToBuffer(pkix::Input input, Buffer& buffer) {
85 buffer.assign(input.UnsafeGetData(),
86 input.UnsafeGetData() + input.GetLength());
87 }
88
89 } // namespace ct
90 } // namespace mozilla
91
92 #endif // SignedCertificateTimestamp_h
93