/usr/include/thunderbird/SignedCertificateTimestamp.h is in thunderbird-dev 1:52.8.0-1~deb8u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef SignedCertificateTimestamp_h
#define SignedCertificateTimestamp_h
#include "mozilla/Vector.h"
#include "pkix/Input.h"
#include "pkix/Result.h"
// Structures related to Certificate Transparency (RFC 6962).
namespace mozilla { namespace ct {
typedef Vector<uint8_t> Buffer;
// LogEntry struct in RFC 6962, Section 3.1.
struct LogEntry
{
// LogEntryType enum in RFC 6962, Section 3.1.
enum class Type {
X509 = 0,
Precert = 1
};
void Reset();
Type type;
// Set if type == X509.
Buffer leafCertificate;
// Set if type == Precert.
Buffer issuerKeyHash;
Buffer tbsCertificate;
};
// Helper structure to represent Digitally Signed data, as described in
// Sections 4.7 and 7.4.1.4.1 of RFC 5246.
struct DigitallySigned
{
enum class HashAlgorithm {
None = 0,
MD5 = 1,
SHA1 = 2,
SHA224 = 3,
SHA256 = 4,
SHA384 = 5,
SHA512 = 6,
};
enum class SignatureAlgorithm {
Anonymous = 0,
RSA = 1,
DSA = 2,
ECDSA = 3
};
// Returns true if |aHashAlgorithm| and |aSignatureAlgorithm|
// match this DigitallySigned hash and signature algorithms.
bool SignatureParametersMatch(HashAlgorithm aHashAlgorithm,
SignatureAlgorithm aSignatureAlgorithm) const;
HashAlgorithm hashAlgorithm;
SignatureAlgorithm signatureAlgorithm;
// 'signature' field.
Buffer signatureData;
};
// SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
struct SignedCertificateTimestamp
{
// Version enum in RFC 6962, Section 3.2.
enum class Version {
V1 = 0,
};
Version version;
Buffer logId;
// "timestamp" is the current time in milliseconds, measured since the epoch,
// ignoring leap seconds. See RFC 6962, Section 3.2.
uint64_t timestamp;
Buffer extensions;
DigitallySigned signature;
// Supplementary fields, not defined in CT RFC. Set during the various
// stages of processing the received SCTs.
enum class Origin {
Unknown,
Embedded,
TLSExtension,
OCSPResponse
};
enum class VerificationStatus {
None,
// The SCT is from a known log, and the signature is valid.
OK,
// The SCT is from an unknown log and can not be verified.
UnknownLog,
// The SCT is from a known log, but the signature is invalid.
InvalidSignature,
// The SCT signature is valid, but the timestamp is in the future.
// Such SCT are considered invalid (see RFC 6962, Section 5.2).
InvalidTimestamp
};
Origin origin;
VerificationStatus verificationStatus;
};
inline pkix::Result BufferToInput(const Buffer& buffer, pkix::Input& input)
{
return input.Init(buffer.begin(), buffer.length());
}
inline pkix::Result InputToBuffer(pkix::Input input, Buffer& buffer)
{
buffer.clear();
if (!buffer.append(input.UnsafeGetData(), input.GetLength())) {
return pkix::Result::FATAL_ERROR_NO_MEMORY;
}
return pkix::Success;
}
} } // namespace mozilla::ct
namespace mozilla {
// Comparison operators are placed under mozilla namespace since
// mozilla::ct::Buffer is actually mozilla::Vector.
bool operator==(const ct::Buffer& a, const ct::Buffer& b);
bool operator!=(const ct::Buffer& a, const ct::Buffer& b);
} // namespace mozilla
#endif // SignedCertificateTimestamp_h
|