tls_parser/
certificate_transparency.rs

1// Certificate Trasparency structures are defined in
2// [RFC6962](https://datatracker.ietf.org/doc/html/rfc6962).
3use alloc::vec::Vec;
4use core::convert::TryInto;
5
6use nom::{
7    bytes::streaming::take,
8    combinator::{complete, map_parser},
9    multi::{length_data, many0},
10    number::streaming::{be_u16, be_u64, be_u8},
11    IResult,
12};
13use nom_derive::*;
14use rusticata_macros::newtype_enum;
15
16use crate::{parse_digitally_signed, DigitallySigned};
17
18/// Certificate Transparency Version as defined in [RFC6962 Section 3.2](https://datatracker.ietf.org/doc/html/rfc6962#section-3.2)
19#[derive(Clone, Copy, Debug, PartialEq, Eq, Nom)]
20pub struct CtVersion(pub u8);
21
22newtype_enum! {
23impl display CtVersion {
24    V1 = 0,
25}
26}
27
28/// LogID as defined in [RFC6962 Section 3.2](https://datatracker.ietf.org/doc/html/rfc6962#section-3.2)
29#[derive(Clone, Debug, PartialEq)]
30pub struct CtLogID<'a> {
31    pub key_id: &'a [u8; 32],
32}
33
34/// CtExtensions as defined in [RFC6962 Section 3.2](https://datatracker.ietf.org/doc/html/rfc6962#section-3.2)
35#[derive(Clone, Debug, PartialEq)]
36pub struct CtExtensions<'a>(pub &'a [u8]);
37
38/// Signed Certificate Timestamp as defined in [RFC6962 Section 3.2](https://datatracker.ietf.org/doc/html/rfc6962#section-3.2)
39#[derive(Clone, Debug, PartialEq)]
40pub struct SignedCertificateTimestamp<'a> {
41    pub version: CtVersion,
42    pub id: CtLogID<'a>,
43    pub timestamp: u64,
44    pub extensions: CtExtensions<'a>,
45    pub signature: DigitallySigned<'a>,
46}
47
48pub(crate) fn parse_log_id(i: &[u8]) -> IResult<&[u8], CtLogID> {
49    let (i, key_id) = take(32usize)(i)?;
50    Ok((
51        i,
52        CtLogID {
53            key_id: key_id
54                .try_into()
55                .expect("take(32) is in sync with key_id size"),
56        },
57    ))
58}
59
60pub(crate) fn parse_ct_extensions(i: &[u8]) -> IResult<&[u8], CtExtensions> {
61    let (i, ext_len) = be_u16(i)?;
62    let (i, ext_data) = take(ext_len as usize)(i)?;
63    Ok((i, CtExtensions(ext_data)))
64}
65
66pub(crate) fn parse_ct_signed_certificate_timestamp_content(
67    i: &[u8],
68) -> IResult<&[u8], SignedCertificateTimestamp> {
69    let (i, version) = be_u8(i)?;
70    let (i, id) = parse_log_id(i)?;
71    let (i, timestamp) = be_u64(i)?;
72    let (i, extensions) = parse_ct_extensions(i)?;
73    let (i, signature) = parse_digitally_signed(i)?;
74    Ok((
75        i,
76        SignedCertificateTimestamp {
77            version: CtVersion(version),
78            id,
79            timestamp,
80            extensions,
81            signature,
82        },
83    ))
84}
85
86/// Parses as single Signed Certificate Timestamp entry
87pub fn parse_ct_signed_certificate_timestamp(
88    i: &[u8],
89) -> IResult<&[u8], SignedCertificateTimestamp> {
90    map_parser(
91        length_data(be_u16),
92        parse_ct_signed_certificate_timestamp_content,
93    )(i)
94}
95
96/// Parses a list of Signed Certificate Timestamp entries
97pub fn parse_ct_signed_certificate_timestamp_list(
98    i: &[u8],
99) -> IResult<&[u8], Vec<SignedCertificateTimestamp>> {
100    let (i, sct_len) = be_u16(i)?;
101    let (i, sct_list) = map_parser(
102        take(sct_len as usize),
103        many0(complete(parse_ct_signed_certificate_timestamp)),
104    )(i)?;
105    Ok((i, sct_list))
106}
tls_parser/certificate_transparency.rs

tls_parser/
certificate_transparency.rs
