From 0cd966dd8405df6244db051faf5ebc112e1c5a1e Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 5 Nov 2020 19:23:40 +0100 Subject: fixed get-entries output and client-side verification --- client/client.go | 24 +++++++++++++++++++++++- client/get-entries/main.go | 36 ++++++++++++++++++++++-------------- client/verify.go | 17 ++++++++++++++++- markup/api.md | 6 ++++-- reqres.go | 12 ++++-------- x509util/x509util.go | 29 ++++++++++++++++++++++++++--- 6 files changed, 95 insertions(+), 29 deletions(-) diff --git a/client/client.go b/client/client.go index 43386b0..a7f8abb 100644 --- a/client/client.go +++ b/client/client.go @@ -193,6 +193,13 @@ func (c *Client) GetProofByHash(ctx context.Context, treeSize uint64, rootHash, return item, nil } +// GetEntries fetches a range of entries from the log, verifying that they are +// of type checksum_v1 and signed by a valid certificate chain in the appendix. +// Fewer entries may be returned if too large range, in which case the end is +// truncated. Safe to use without a client chain and corresponding private key. +// +// Note that a certificate chain is considered valid if it is chained correctly. +// In other words, the caller may want to check whether the anchor is trusted. func (c *Client) GetEntries(ctx context.Context, start, end uint64) ([]*stfe.GetEntryResponse, error) { req, err := http.NewRequest("GET", c.protocol()+c.Log.BaseUrl+"/get-entries", nil) if err != nil { @@ -209,7 +216,22 @@ func (c *Client) GetEntries(ctx context.Context, start, end uint64) ([]*stfe.Get if err := c.doRequest(ctx, req, &rsp); err != nil { return nil, err } - // TODO: verify signature over leaf data + for _, entry := range rsp { + var item stfe.StItem + if err := item.Unmarshal(entry.Item); err != nil { + return nil, fmt.Errorf("unmarshal failed: %v (%v)", err, entry) + } + if item.Format != stfe.StFormatChecksumV1 { + return nil, fmt.Errorf("bad StFormat: %v (%v)", err, entry) + } + if chain, err := x509util.ParseDerChainToList(entry.Chain); err != nil { + return nil, fmt.Errorf("bad certificate chain: %v (%v)", err, entry) + } else if err := x509util.VerifyChain(chain); err != nil { + return nil, fmt.Errorf("invalid certificate chain: %v (%v)", err, entry) + } else if err := VerifyChecksumV1(&item, chain[0].PublicKey, entry.Signature, tls.SignatureScheme(entry.SignatureScheme)); err != nil { + return nil, fmt.Errorf("invalid signature: %v (%v)", err, entry) + } + } return rsp, nil } diff --git a/client/get-entries/main.go b/client/get-entries/main.go index 6a45707..511d53d 100644 --- a/client/get-entries/main.go +++ b/client/get-entries/main.go @@ -22,39 +22,47 @@ var ( func main() { flag.Parse() - client, err := client.NewClientFromPath(*logId, "", "", *operators, &http.Client{}, true) - if err != nil { + if client, err := client.NewClientFromPath(*logId, "", "", *operators, &http.Client{}, true); err != nil { + glog.Fatal(err) + } else if items, err := getRange(client, *start, *end); err != nil { + glog.Fatal(err) + } else if err := printRange(items); err != nil { glog.Fatal(err) } - items := make([]*stfe.StItem, 0, *end-*start+1) - i := *start + glog.Flush() +} + +func getRange(client *client.Client, start, end uint64) ([]*stfe.StItem, error) { + items := make([]*stfe.StItem, 0, end-start+1) for len(items) != cap(items) { - rsps, err := client.GetEntries(context.Background(), i, *end) + rsps, err := client.GetEntries(context.Background(), start, end) if err != nil { - glog.Fatal(err) + return nil, fmt.Errorf("fetching entries failed: %v", err) } for _, rsp := range rsps { var item stfe.StItem - if err := item.Unmarshal(rsp.Leaf); err != nil { - glog.Fatalf("bad StItem: unmarshal failed: %v", err) + if err := item.Unmarshal(rsp.Item); err != nil { + return nil, fmt.Errorf("expected valid StItem but unmarshal failed: %v", err) } else if item.Format != stfe.StFormatChecksumV1 { - glog.Fatalf("bad StFormat: %v", item.Format) + return nil, fmt.Errorf("expected checksum_v1 but got: %v", item.Format) } items = append(items, &item) } - i += uint64(len(rsps)) + start += uint64(len(rsps)) } + return items, nil +} +func printRange(items []*stfe.StItem) error { for i, item := range items { - glog.V(2).Infof("Index(%d): %s", *start+uint64(i), item) + glog.V(3).Infof("Index(%d): %s", *start+uint64(i), item) str, err := item.MarshalB64() if err != nil { - glog.Fatalf("bad StItem: marshal failed: %v", err) + glog.Fatalf("expected valid StItem but marshal failed: %v", err) } fmt.Printf("Index(%d): %s\n", *start+uint64(i), str) } - - glog.Flush() + return nil } diff --git a/client/verify.go b/client/verify.go index 8d64211..d9c18bf 100644 --- a/client/verify.go +++ b/client/verify.go @@ -12,6 +12,7 @@ import ( "github.com/system-transparency/stfe" ) +// VerifySignedDebugInfoV1 verifies an SDI signature func VerifySignedDebugInfoV1(sdi *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey, message []byte) error { if err := supportedScheme(scheme, key); err != nil { return err @@ -31,13 +32,27 @@ func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key cr if err := supportedScheme(scheme, key); err != nil { return err } - if !ed25519.Verify(key.(ed25519.PublicKey), serialized, sth.SignedTreeHeadV1.Signature) { return fmt.Errorf("bad signature") } return nil } +// VerifyChecksumV1 verifies a checksum signature +func VerifyChecksumV1(checksum *stfe.StItem, key crypto.PublicKey, signature []byte, scheme tls.SignatureScheme) error { + serialized, err := checksum.Marshal() + if err != nil { + return fmt.Errorf("failed marshaling StItem: %v", err) + } + if err := supportedScheme(scheme, key); err != nil { + return err + } + if !ed25519.Verify(key.(ed25519.PublicKey), serialized, signature) { + return fmt.Errorf("bad signature") + } + return nil +} + // VerifyConsistencyProofV1 verifies that a consistency proof is valid without // checking any sth signature func VerifyConsistencyProofV1(proof, first, second *stfe.StItem) error { diff --git a/markup/api.md b/markup/api.md index 45c6deb..8a4f527 100644 --- a/markup/api.md +++ b/markup/api.md @@ -161,8 +161,10 @@ Input: Output: - an array of objects, each consisting of - leaf: `StItem` that corresponds to the leaf's type. - - signature: signature that covers the retrieved item using the log's - configured signature algorithm. + - signature: signature that covers the retrieved item using the below + signature scheme. + - signature_scheme: one that the log accepts, see supported signature + schemes and how they are represeneted in the log's parameters. - chain: an array of base-64 encoded certificates, where the first corresponds to the signing certificate and the final one a trust anchor. diff --git a/reqres.go b/reqres.go index a5464ea..5013d95 100644 --- a/reqres.go +++ b/reqres.go @@ -39,13 +39,9 @@ type GetConsistencyProofRequest struct { Second int64 `json:"second"` // size of the newer Merkle tree } -// GetEntryResponse is an assembled log entry and its associated appendix -// TODO: fix GetEntryResponse and update doc: should have signature scheme -type GetEntryResponse struct { - Leaf []byte `json:"leaf"` // tls-serialized StItem - Signature []byte `json:"signature"` // Serialized signature using the log's signature scheme - Chain [][]byte `json:"chain"` // der-encoded certificates -} +// GetEntryResponse is an assembled log entry and its associated appendix. It +// is identical to the add-entry request that the log once accepted. +type GetEntryResponse AddEntryRequest // newAddEntryRequest parses and sanitizes the JSON-encoded add-entry // parameters from an incoming HTTP post. The serialized leaf value and @@ -158,7 +154,7 @@ func (lp *LogParameters) newGetEntryResponse(leaf, appendix []byte) (*GetEntryRe for _, c := range app.Chain { chain = append(chain, c.Data) } - return &GetEntryResponse{leaf, app.Signature, chain}, nil + return &GetEntryResponse{leaf, app.Signature, app.SignatureScheme, chain}, nil } // newGetEntriesResponse assembles a get-entries response diff --git a/x509util/x509util.go b/x509util/x509util.go index b33b4e9..b300ef3 100644 --- a/x509util/x509util.go +++ b/x509util/x509util.go @@ -108,9 +108,9 @@ func ParseChain(rest []byte) ([]*x509.Certificate, error) { return chain, nil } -// ParseDerChain parses a list of base64 DER-encoded X.509 certificates, such -// that the first (zero-index) string is interpretted as an end-entity -// certificate and the remaining ones as the an intermediate CertPool. +// ParseDerChain parses a list of DER-encoded X.509 certificates, such that the +// first (zero-index) string is interpretted as an end-entity certificate and +// the remaining ones as the an intermediate CertPool. func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) { var certificate *x509.Certificate intermediatePool := x509.NewCertPool() @@ -132,3 +132,26 @@ func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) { return certificate, intermediatePool, nil } +// ParseDerChainToList parses a list of DER-encoded certificates +func ParseDerChainToList(chain [][]byte) ([]*x509.Certificate, error) { + ret := make([]*x509.Certificate, 0, len(chain)) + for _, der := range chain { + c, err := x509.ParseCertificate(der) + if err != nil { + return nil, fmt.Errorf("certificate decoding failed: %v", err) + } + ret = append(ret, c) + } + return ret, nil +} + +// VerifyChain checks whether the listed certificates are chained such +// that the first is signed by the second, the second by the third, etc. +func VerifyChain(chain []*x509.Certificate) error { + for i := 0; i < len(chain)-1; i++ { + if err := chain[i].CheckSignatureFrom(chain[i+1]); err != nil { + return err + } + } + return nil +} -- cgit v1.2.3