tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

SignedCertificateTimestamp.h (2745B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef SignedCertificateTimestamp_h
      8 #define SignedCertificateTimestamp_h
      9 
     10 #include "Buffer.h"
     11 #include "mozilla/Maybe.h"
     12 #include "mozpkix/Input.h"
     13 #include "mozpkix/Result.h"
     14 
     15 // Structures related to Certificate Transparency (RFC 6962).
     16 namespace mozilla {
     17 namespace ct {
     18 
     19 // LogEntry struct in RFC 6962, Section 3.1.
     20 struct LogEntry {
     21  // LogEntryType enum in RFC 6962, Section 3.1.
     22  enum class Type { X509 = 0, Precert = 1 };
     23 
     24  void Reset();
     25 
     26  Type type;
     27 
     28  // Set if type == X509.
     29  Buffer leafCertificate;
     30 
     31  // Set if type == Precert.
     32  Buffer issuerKeyHash;
     33  Buffer tbsCertificate;
     34 };
     35 
     36 // Helper structure to represent Digitally Signed data, as described in
     37 // Sections 4.7 and 7.4.1.4.1 of RFC 5246.
     38 struct DigitallySigned {
     39  enum class HashAlgorithm {
     40    None = 0,
     41    MD5 = 1,
     42    SHA1 = 2,
     43    SHA224 = 3,
     44    SHA256 = 4,
     45    SHA384 = 5,
     46    SHA512 = 6,
     47  };
     48 
     49  enum class SignatureAlgorithm { Anonymous = 0, RSA = 1, DSA = 2, ECDSA = 3 };
     50 
     51  // Returns true if |aHashAlgorithm| and |aSignatureAlgorithm|
     52  // match this DigitallySigned hash and signature algorithms.
     53  bool SignatureParametersMatch(HashAlgorithm aHashAlgorithm,
     54                                SignatureAlgorithm aSignatureAlgorithm) const;
     55 
     56  HashAlgorithm hashAlgorithm;
     57  SignatureAlgorithm signatureAlgorithm;
     58  // 'signature' field.
     59  Buffer signatureData;
     60 };
     61 
     62 // SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
     63 struct SignedCertificateTimestamp {
     64  // Version enum in RFC 6962, Section 3.2.
     65  enum class Version {
     66    V1 = 0,
     67  };
     68 
     69  pkix::Result DecodeExtensions();
     70 
     71  Version version;
     72  Buffer logId;
     73  // "timestamp" is the current time in milliseconds, measured since the epoch,
     74  // ignoring leap seconds. See RFC 6962, Section 3.2.
     75  uint64_t timestamp;
     76  Buffer extensions;
     77  // Maybe the index of the entry in the log, if specified by a LeafIndex
     78  // extension in `extensions`.
     79  Maybe<uint64_t> leafIndex;
     80  DigitallySigned signature;
     81 };
     82 
     83 inline pkix::Result BufferToInput(const Buffer& buffer, pkix::Input& input) {
     84  if (buffer.empty()) {
     85    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
     86  }
     87  return input.Init(buffer.data(), buffer.size());
     88 }
     89 
     90 inline void InputToBuffer(pkix::Input input, Buffer& buffer) {
     91  buffer.assign(input.UnsafeGetData(),
     92                input.UnsafeGetData() + input.GetLength());
     93 }
     94 
     95 }  // namespace ct
     96 }  // namespace mozilla
     97 
     98 #endif  // SignedCertificateTimestamp_h