security/ct/SignedCertificateTimestamp.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef SignedCertificateTimestamp_h
   8 #define SignedCertificateTimestamp_h
   9
  10 #include "Buffer.h"
  11 #include "mozpkix/Input.h"
  12 #include "mozpkix/Result.h"
  13
  14 // Structures related to Certificate Transparency (RFC 6962).
  15 namespace mozilla {
  16 namespace ct {
  17
  18 // LogEntry struct in RFC 6962, Section 3.1.
  19 struct LogEntry {
  20   // LogEntryType enum in RFC 6962, Section 3.1.
  21   enum class Type { X509 = 0, Precert = 1 };
  22
  23   void Reset();
  24
  25   Type type;
  26
  27   // Set if type == X509.
  28   Buffer leafCertificate;
  29
  30   // Set if type == Precert.
  31   Buffer issuerKeyHash;
  32   Buffer tbsCertificate;
  33 };
  34
  35 // Helper structure to represent Digitally Signed data, as described in
  36 // Sections 4.7 and 7.4.1.4.1 of RFC 5246.
  37 struct DigitallySigned {
  38   enum class HashAlgorithm {
  39     None = 0,
  40     MD5 = 1,
  41     SHA1 = 2,
  42     SHA224 = 3,
  43     SHA256 = 4,
  44     SHA384 = 5,
  45     SHA512 = 6,
  46   };
  47
  48   enum class SignatureAlgorithm { Anonymous = 0, RSA = 1, DSA = 2, ECDSA = 3 };
  49
  50   // Returns true if |aHashAlgorithm| and |aSignatureAlgorithm|
  51   // match this DigitallySigned hash and signature algorithms.
  52   bool SignatureParametersMatch(HashAlgorithm aHashAlgorithm,
  53                                 SignatureAlgorithm aSignatureAlgorithm) const;
  54
  55   HashAlgorithm hashAlgorithm;
  56   SignatureAlgorithm signatureAlgorithm;
  57   // 'signature' field.
  58   Buffer signatureData;
  59 };
  60
  61 // SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
  62 struct SignedCertificateTimestamp {
  63   // Version enum in RFC 6962, Section 3.2.
  64   enum class Version {
  65     V1 = 0,
  66   };
  67
  68   Version version;
  69   Buffer logId;
  70   // "timestamp" is the current time in milliseconds, measured since the epoch,
  71   // ignoring leap seconds. See RFC 6962, Section 3.2.
  72   uint64_t timestamp;
  73   Buffer extensions;
  74   DigitallySigned signature;
  75 };
  76
  77 inline pkix::Result BufferToInput(const Buffer& buffer, pkix::Input& input) {
  78   if (buffer.empty()) {
  79     return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
  80   }
  81   return input.Init(buffer.data(), buffer.size());
  82 }
  83
  84 inline void InputToBuffer(pkix::Input input, Buffer& buffer) {
  85   buffer.assign(input.UnsafeGetData(),
  86                 input.UnsafeGetData() + input.GetLength());
  87 }
  88
  89 }  // namespace ct
  90 }  // namespace mozilla
  91
  92 #endif  // SignedCertificateTimestamp_h