summaryrefslogtreecommitdiffstats
path: root/security/ct/SignedCertificateTimestamp.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 14:29:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 14:29:10 +0000
commit2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
treeb80bf8bf13c3766139fbacc530efd0dd9d54394c /security/ct/SignedCertificateTimestamp.h
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/ct/SignedCertificateTimestamp.h')
-rw-r--r--security/ct/SignedCertificateTimestamp.h92
1 files changed, 92 insertions, 0 deletions
diff --git a/security/ct/SignedCertificateTimestamp.h b/security/ct/SignedCertificateTimestamp.h
new file mode 100644
index 0000000000..2803439295
--- /dev/null
+++ b/security/ct/SignedCertificateTimestamp.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SignedCertificateTimestamp_h
+#define SignedCertificateTimestamp_h
+
+#include "Buffer.h"
+#include "mozpkix/Input.h"
+#include "mozpkix/Result.h"
+
+// Structures related to Certificate Transparency (RFC 6962).
+namespace mozilla {
+namespace ct {
+
+// LogEntry struct in RFC 6962, Section 3.1.
+struct LogEntry {
+ // LogEntryType enum in RFC 6962, Section 3.1.
+ enum class Type { X509 = 0, Precert = 1 };
+
+ void Reset();
+
+ Type type;
+
+ // Set if type == X509.
+ Buffer leafCertificate;
+
+ // Set if type == Precert.
+ Buffer issuerKeyHash;
+ Buffer tbsCertificate;
+};
+
+// Helper structure to represent Digitally Signed data, as described in
+// Sections 4.7 and 7.4.1.4.1 of RFC 5246.
+struct DigitallySigned {
+ enum class HashAlgorithm {
+ None = 0,
+ MD5 = 1,
+ SHA1 = 2,
+ SHA224 = 3,
+ SHA256 = 4,
+ SHA384 = 5,
+ SHA512 = 6,
+ };
+
+ enum class SignatureAlgorithm { Anonymous = 0, RSA = 1, DSA = 2, ECDSA = 3 };
+
+ // Returns true if |aHashAlgorithm| and |aSignatureAlgorithm|
+ // match this DigitallySigned hash and signature algorithms.
+ bool SignatureParametersMatch(HashAlgorithm aHashAlgorithm,
+ SignatureAlgorithm aSignatureAlgorithm) const;
+
+ HashAlgorithm hashAlgorithm;
+ SignatureAlgorithm signatureAlgorithm;
+ // 'signature' field.
+ Buffer signatureData;
+};
+
+// SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
+struct SignedCertificateTimestamp {
+ // Version enum in RFC 6962, Section 3.2.
+ enum class Version {
+ V1 = 0,
+ };
+
+ Version version;
+ Buffer logId;
+ // "timestamp" is the current time in milliseconds, measured since the epoch,
+ // ignoring leap seconds. See RFC 6962, Section 3.2.
+ uint64_t timestamp;
+ Buffer extensions;
+ DigitallySigned signature;
+};
+
+inline pkix::Result BufferToInput(const Buffer& buffer, pkix::Input& input) {
+ if (buffer.empty()) {
+ return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+ }
+ return input.Init(buffer.data(), buffer.size());
+}
+
+inline void InputToBuffer(pkix::Input input, Buffer& buffer) {
+ buffer.assign(input.UnsafeGetData(),
+ input.UnsafeGetData() + input.GetLength());
+}
+
+} // namespace ct
+} // namespace mozilla
+
+#endif // SignedCertificateTimestamp_h