1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this
5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 
7 #ifndef SignedCertificateTimestamp_h
8 #define SignedCertificateTimestamp_h
9 
10 #include "Buffer.h"
11 #include "mozpkix/Input.h"
12 #include "mozpkix/Result.h"
13 
14 // Structures related to Certificate Transparency (RFC 6962).
15 namespace mozilla {
16 namespace ct {
17 
18 // LogEntry struct in RFC 6962, Section 3.1.
19 struct LogEntry {
20   // LogEntryType enum in RFC 6962, Section 3.1.
21   enum class Type { X509 = 0, Precert = 1 };
22 
23   void Reset();
24 
25   Type type;
26 
27   // Set if type == X509.
28   Buffer leafCertificate;
29 
30   // Set if type == Precert.
31   Buffer issuerKeyHash;
32   Buffer tbsCertificate;
33 };
34 
35 // Helper structure to represent Digitally Signed data, as described in
36 // Sections 4.7 and 7.4.1.4.1 of RFC 5246.
37 struct DigitallySigned {
38   enum class HashAlgorithm {
39     None = 0,
40     MD5 = 1,
41     SHA1 = 2,
42     SHA224 = 3,
43     SHA256 = 4,
44     SHA384 = 5,
45     SHA512 = 6,
46   };
47 
48   enum class SignatureAlgorithm { Anonymous = 0, RSA = 1, DSA = 2, ECDSA = 3 };
49 
50   // Returns true if |aHashAlgorithm| and |aSignatureAlgorithm|
51   // match this DigitallySigned hash and signature algorithms.
52   bool SignatureParametersMatch(HashAlgorithm aHashAlgorithm,
53                                 SignatureAlgorithm aSignatureAlgorithm) const;
54 
55   HashAlgorithm hashAlgorithm;
56   SignatureAlgorithm signatureAlgorithm;
57   // 'signature' field.
58   Buffer signatureData;
59 };
60 
61 // SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
62 struct SignedCertificateTimestamp {
63   // Version enum in RFC 6962, Section 3.2.
64   enum class Version {
65     V1 = 0,
66   };
67 
68   Version version;
69   Buffer logId;
70   // "timestamp" is the current time in milliseconds, measured since the epoch,
71   // ignoring leap seconds. See RFC 6962, Section 3.2.
72   uint64_t timestamp;
73   Buffer extensions;
74   DigitallySigned signature;
75 };
76 
BufferToInput(const Buffer & buffer,pkix::Input & input)77 inline pkix::Result BufferToInput(const Buffer& buffer, pkix::Input& input) {
78   if (buffer.empty()) {
79     return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
80   }
81   return input.Init(buffer.data(), buffer.size());
82 }
83 
InputToBuffer(pkix::Input input,Buffer & buffer)84 inline void InputToBuffer(pkix::Input input, Buffer& buffer) {
85   buffer.assign(input.UnsafeGetData(),
86                 input.UnsafeGetData() + input.GetLength());
87 }
88 
89 }  // namespace ct
90 }  // namespace mozilla
91 
92 #endif  // SignedCertificateTimestamp_h
93