aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-05 19:23:40 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-05 19:23:40 +0100
commit0cd966dd8405df6244db051faf5ebc112e1c5a1e (patch)
tree6fa6e41b335c2d458a7f577420fd192b8a625faf
parent5ba3cec231989ba1deb5926f8fdcd8caec169821 (diff)
fixed get-entries output and client-side verification
-rw-r--r--client/client.go24
-rw-r--r--client/get-entries/main.go36
-rw-r--r--client/verify.go17
-rw-r--r--markup/api.md6
-rw-r--r--reqres.go12
-rw-r--r--x509util/x509util.go29
6 files changed, 95 insertions, 29 deletions
diff --git a/client/client.go b/client/client.go
index 43386b0..a7f8abb 100644
--- a/client/client.go
+++ b/client/client.go
@@ -193,6 +193,13 @@ func (c *Client) GetProofByHash(ctx context.Context, treeSize uint64, rootHash,
return item, nil
}
+// GetEntries fetches a range of entries from the log, verifying that they are
+// of type checksum_v1 and signed by a valid certificate chain in the appendix.
+// Fewer entries may be returned if too large range, in which case the end is
+// truncated. Safe to use without a client chain and corresponding private key.
+//
+// Note that a certificate chain is considered valid if it is chained correctly.
+// In other words, the caller may want to check whether the anchor is trusted.
func (c *Client) GetEntries(ctx context.Context, start, end uint64) ([]*stfe.GetEntryResponse, error) {
req, err := http.NewRequest("GET", c.protocol()+c.Log.BaseUrl+"/get-entries", nil)
if err != nil {
@@ -209,7 +216,22 @@ func (c *Client) GetEntries(ctx context.Context, start, end uint64) ([]*stfe.Get
if err := c.doRequest(ctx, req, &rsp); err != nil {
return nil, err
}
- // TODO: verify signature over leaf data
+ for _, entry := range rsp {
+ var item stfe.StItem
+ if err := item.Unmarshal(entry.Item); err != nil {
+ return nil, fmt.Errorf("unmarshal failed: %v (%v)", err, entry)
+ }
+ if item.Format != stfe.StFormatChecksumV1 {
+ return nil, fmt.Errorf("bad StFormat: %v (%v)", err, entry)
+ }
+ if chain, err := x509util.ParseDerChainToList(entry.Chain); err != nil {
+ return nil, fmt.Errorf("bad certificate chain: %v (%v)", err, entry)
+ } else if err := x509util.VerifyChain(chain); err != nil {
+ return nil, fmt.Errorf("invalid certificate chain: %v (%v)", err, entry)
+ } else if err := VerifyChecksumV1(&item, chain[0].PublicKey, entry.Signature, tls.SignatureScheme(entry.SignatureScheme)); err != nil {
+ return nil, fmt.Errorf("invalid signature: %v (%v)", err, entry)
+ }
+ }
return rsp, nil
}
diff --git a/client/get-entries/main.go b/client/get-entries/main.go
index 6a45707..511d53d 100644
--- a/client/get-entries/main.go
+++ b/client/get-entries/main.go
@@ -22,39 +22,47 @@ var (
func main() {
flag.Parse()
- client, err := client.NewClientFromPath(*logId, "", "", *operators, &http.Client{}, true)
- if err != nil {
+ if client, err := client.NewClientFromPath(*logId, "", "", *operators, &http.Client{}, true); err != nil {
+ glog.Fatal(err)
+ } else if items, err := getRange(client, *start, *end); err != nil {
+ glog.Fatal(err)
+ } else if err := printRange(items); err != nil {
glog.Fatal(err)
}
- items := make([]*stfe.StItem, 0, *end-*start+1)
- i := *start
+ glog.Flush()
+}
+
+func getRange(client *client.Client, start, end uint64) ([]*stfe.StItem, error) {
+ items := make([]*stfe.StItem, 0, end-start+1)
for len(items) != cap(items) {
- rsps, err := client.GetEntries(context.Background(), i, *end)
+ rsps, err := client.GetEntries(context.Background(), start, end)
if err != nil {
- glog.Fatal(err)
+ return nil, fmt.Errorf("fetching entries failed: %v", err)
}
for _, rsp := range rsps {
var item stfe.StItem
- if err := item.Unmarshal(rsp.Leaf); err != nil {
- glog.Fatalf("bad StItem: unmarshal failed: %v", err)
+ if err := item.Unmarshal(rsp.Item); err != nil {
+ return nil, fmt.Errorf("expected valid StItem but unmarshal failed: %v", err)
} else if item.Format != stfe.StFormatChecksumV1 {
- glog.Fatalf("bad StFormat: %v", item.Format)
+ return nil, fmt.Errorf("expected checksum_v1 but got: %v", item.Format)
}
items = append(items, &item)
}
- i += uint64(len(rsps))
+ start += uint64(len(rsps))
}
+ return items, nil
+}
+func printRange(items []*stfe.StItem) error {
for i, item := range items {
- glog.V(2).Infof("Index(%d): %s", *start+uint64(i), item)
+ glog.V(3).Infof("Index(%d): %s", *start+uint64(i), item)
str, err := item.MarshalB64()
if err != nil {
- glog.Fatalf("bad StItem: marshal failed: %v", err)
+ glog.Fatalf("expected valid StItem but marshal failed: %v", err)
}
fmt.Printf("Index(%d): %s\n", *start+uint64(i), str)
}
-
- glog.Flush()
+ return nil
}
diff --git a/client/verify.go b/client/verify.go
index 8d64211..d9c18bf 100644
--- a/client/verify.go
+++ b/client/verify.go
@@ -12,6 +12,7 @@ import (
"github.com/system-transparency/stfe"
)
+// VerifySignedDebugInfoV1 verifies an SDI signature
func VerifySignedDebugInfoV1(sdi *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey, message []byte) error {
if err := supportedScheme(scheme, key); err != nil {
return err
@@ -31,13 +32,27 @@ func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key cr
if err := supportedScheme(scheme, key); err != nil {
return err
}
-
if !ed25519.Verify(key.(ed25519.PublicKey), serialized, sth.SignedTreeHeadV1.Signature) {
return fmt.Errorf("bad signature")
}
return nil
}
+// VerifyChecksumV1 verifies a checksum signature
+func VerifyChecksumV1(checksum *stfe.StItem, key crypto.PublicKey, signature []byte, scheme tls.SignatureScheme) error {
+ serialized, err := checksum.Marshal()
+ if err != nil {
+ return fmt.Errorf("failed marshaling StItem: %v", err)
+ }
+ if err := supportedScheme(scheme, key); err != nil {
+ return err
+ }
+ if !ed25519.Verify(key.(ed25519.PublicKey), serialized, signature) {
+ return fmt.Errorf("bad signature")
+ }
+ return nil
+}
+
// VerifyConsistencyProofV1 verifies that a consistency proof is valid without
// checking any sth signature
func VerifyConsistencyProofV1(proof, first, second *stfe.StItem) error {
diff --git a/markup/api.md b/markup/api.md
index 45c6deb..8a4f527 100644
--- a/markup/api.md
+++ b/markup/api.md
@@ -161,8 +161,10 @@ Input:
Output:
- an array of objects, each consisting of
- leaf: `StItem` that corresponds to the leaf's type.
- - signature: signature that covers the retrieved item using the log's
- configured signature algorithm.
+ - signature: signature that covers the retrieved item using the below
+ signature scheme.
+ - signature_scheme: one that the log accepts, see supported signature
+ schemes and how they are represeneted in the log's parameters.
- chain: an array of base-64 encoded certificates, where the first
corresponds to the signing certificate and the final one a trust anchor.
diff --git a/reqres.go b/reqres.go
index a5464ea..5013d95 100644
--- a/reqres.go
+++ b/reqres.go
@@ -39,13 +39,9 @@ type GetConsistencyProofRequest struct {
Second int64 `json:"second"` // size of the newer Merkle tree
}
-// GetEntryResponse is an assembled log entry and its associated appendix
-// TODO: fix GetEntryResponse and update doc: should have signature scheme
-type GetEntryResponse struct {
- Leaf []byte `json:"leaf"` // tls-serialized StItem
- Signature []byte `json:"signature"` // Serialized signature using the log's signature scheme
- Chain [][]byte `json:"chain"` // der-encoded certificates
-}
+// GetEntryResponse is an assembled log entry and its associated appendix. It
+// is identical to the add-entry request that the log once accepted.
+type GetEntryResponse AddEntryRequest
// newAddEntryRequest parses and sanitizes the JSON-encoded add-entry
// parameters from an incoming HTTP post. The serialized leaf value and
@@ -158,7 +154,7 @@ func (lp *LogParameters) newGetEntryResponse(leaf, appendix []byte) (*GetEntryRe
for _, c := range app.Chain {
chain = append(chain, c.Data)
}
- return &GetEntryResponse{leaf, app.Signature, chain}, nil
+ return &GetEntryResponse{leaf, app.Signature, app.SignatureScheme, chain}, nil
}
// newGetEntriesResponse assembles a get-entries response
diff --git a/x509util/x509util.go b/x509util/x509util.go
index b33b4e9..b300ef3 100644
--- a/x509util/x509util.go
+++ b/x509util/x509util.go
@@ -108,9 +108,9 @@ func ParseChain(rest []byte) ([]*x509.Certificate, error) {
return chain, nil
}
-// ParseDerChain parses a list of base64 DER-encoded X.509 certificates, such
-// that the first (zero-index) string is interpretted as an end-entity
-// certificate and the remaining ones as the an intermediate CertPool.
+// ParseDerChain parses a list of DER-encoded X.509 certificates, such that the
+// first (zero-index) string is interpretted as an end-entity certificate and
+// the remaining ones as the an intermediate CertPool.
func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) {
var certificate *x509.Certificate
intermediatePool := x509.NewCertPool()
@@ -132,3 +132,26 @@ func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) {
return certificate, intermediatePool, nil
}
+// ParseDerChainToList parses a list of DER-encoded certificates
+func ParseDerChainToList(chain [][]byte) ([]*x509.Certificate, error) {
+ ret := make([]*x509.Certificate, 0, len(chain))
+ for _, der := range chain {
+ c, err := x509.ParseCertificate(der)
+ if err != nil {
+ return nil, fmt.Errorf("certificate decoding failed: %v", err)
+ }
+ ret = append(ret, c)
+ }
+ return ret, nil
+}
+
+// VerifyChain checks whether the listed certificates are chained such
+// that the first is signed by the second, the second by the third, etc.
+func VerifyChain(chain []*x509.Certificate) error {
+ for i := 0; i < len(chain)-1; i++ {
+ if err := chain[i].CheckSignatureFrom(chain[i+1]); err != nil {
+ return err
+ }
+ }
+ return nil
+}