From 7ba39431438ea37504f4901e50e1ff3fd4ca9939 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 5 Nov 2020 12:38:13 +0100 Subject: renamed verify.go to crypto.go Chains and signatures are verified here, but signatures are also produced. --- crypto.go | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ verify.go | 81 --------------------------------------------------------------- 2 files changed, 81 insertions(+), 81 deletions(-) create mode 100644 crypto.go delete mode 100644 verify.go diff --git a/crypto.go b/crypto.go new file mode 100644 index 0000000..47c16bb --- /dev/null +++ b/crypto.go @@ -0,0 +1,81 @@ +package stfe + +import ( + "fmt" + "time" + + "crypto" + "crypto/rand" + "crypto/tls" + "crypto/x509" + + "github.com/system-transparency/stfe/x509util" +) + +// buildChainFromDerList builds an X.509 certificate chain from a list of +// DER-encoded certificates using the log's configured trust anchors, extended +// key-usages, and maximum chain length (which includes the trust anchor). +func (lp *LogParameters) buildChainFromDerList(derChain [][]byte) ([]*x509.Certificate, error) { + certificate, intermediatePool, err := x509util.ParseDerChain(derChain) + if err != nil { + return nil, err + } + opts := x509.VerifyOptions{ + Roots: lp.AnchorPool, + Intermediates: intermediatePool, + KeyUsages: lp.KeyUsage, // no extended key usage passes by default + } + + chains, err := certificate.Verify(opts) + if err != nil { + return nil, fmt.Errorf("chain verification failed: %v", err) + } + if len(chains) == 0 { + return nil, fmt.Errorf("bad certificate chain length: empty") + } + + // there might be several valid chains + for _, chain := range chains { + if int64(len(chain)) <= lp.MaxChain { + return chain, nil // just pick the first valid chain + } + } + return nil, fmt.Errorf("bad certificate chain length: too large") +} + +// verifySignature checks if signature is valid for some serialized data. The +// only supported signature scheme is ed25519(0x0807), see §4.2.3 in RFC 8446. +func (lp *LogParameters) verifySignature(certificate *x509.Certificate, scheme tls.SignatureScheme, serialized, signature []byte) error { + if scheme != tls.Ed25519 { + return fmt.Errorf("unsupported signature scheme: %v", scheme) + } + if err := certificate.CheckSignature(x509.PureEd25519, serialized, signature); err != nil { + return fmt.Errorf("invalid signature: %v", err) + } + return nil +} + +// genV1Sdi issues a new SignedDebugInfoV1 StItem from a serialized leaf value +func (lp *LogParameters) genV1Sdi(serialized []byte) (*StItem, error) { + sig, err := lp.Signer.Sign(rand.Reader, serialized, crypto.Hash(0)) // ed25519 + if err != nil { + return nil, fmt.Errorf("ed25519 signature failed: %v", err) + } + lastSdiTimestamp.Set(float64(time.Now().Unix()), lp.id()) + return NewSignedDebugInfoV1(lp.LogId, []byte("reserved"), sig), nil +} + +// genV1Sth issues a new SignedTreeHeadV1 StItem from a TreeHeadV1 structure +func (lp *LogParameters) genV1Sth(th *TreeHeadV1) (*StItem, error) { + serialized, err := th.Marshal() + if err != nil { + return nil, fmt.Errorf("failed tls marshaling tree head: %v", err) + } + sig, err := lp.Signer.Sign(rand.Reader, serialized, crypto.Hash(0)) // ed25519 + if err != nil { + return nil, fmt.Errorf("ed25519 signature failed: %v", err) + } + lastSthTimestamp.Set(float64(time.Now().Unix()), lp.id()) + lastSthSize.Set(float64(th.TreeSize), lp.id()) + return NewSignedTreeHeadV1(th, lp.LogId, sig), nil +} diff --git a/verify.go b/verify.go deleted file mode 100644 index 47c16bb..0000000 --- a/verify.go +++ /dev/null @@ -1,81 +0,0 @@ -package stfe - -import ( - "fmt" - "time" - - "crypto" - "crypto/rand" - "crypto/tls" - "crypto/x509" - - "github.com/system-transparency/stfe/x509util" -) - -// buildChainFromDerList builds an X.509 certificate chain from a list of -// DER-encoded certificates using the log's configured trust anchors, extended -// key-usages, and maximum chain length (which includes the trust anchor). -func (lp *LogParameters) buildChainFromDerList(derChain [][]byte) ([]*x509.Certificate, error) { - certificate, intermediatePool, err := x509util.ParseDerChain(derChain) - if err != nil { - return nil, err - } - opts := x509.VerifyOptions{ - Roots: lp.AnchorPool, - Intermediates: intermediatePool, - KeyUsages: lp.KeyUsage, // no extended key usage passes by default - } - - chains, err := certificate.Verify(opts) - if err != nil { - return nil, fmt.Errorf("chain verification failed: %v", err) - } - if len(chains) == 0 { - return nil, fmt.Errorf("bad certificate chain length: empty") - } - - // there might be several valid chains - for _, chain := range chains { - if int64(len(chain)) <= lp.MaxChain { - return chain, nil // just pick the first valid chain - } - } - return nil, fmt.Errorf("bad certificate chain length: too large") -} - -// verifySignature checks if signature is valid for some serialized data. The -// only supported signature scheme is ed25519(0x0807), see §4.2.3 in RFC 8446. -func (lp *LogParameters) verifySignature(certificate *x509.Certificate, scheme tls.SignatureScheme, serialized, signature []byte) error { - if scheme != tls.Ed25519 { - return fmt.Errorf("unsupported signature scheme: %v", scheme) - } - if err := certificate.CheckSignature(x509.PureEd25519, serialized, signature); err != nil { - return fmt.Errorf("invalid signature: %v", err) - } - return nil -} - -// genV1Sdi issues a new SignedDebugInfoV1 StItem from a serialized leaf value -func (lp *LogParameters) genV1Sdi(serialized []byte) (*StItem, error) { - sig, err := lp.Signer.Sign(rand.Reader, serialized, crypto.Hash(0)) // ed25519 - if err != nil { - return nil, fmt.Errorf("ed25519 signature failed: %v", err) - } - lastSdiTimestamp.Set(float64(time.Now().Unix()), lp.id()) - return NewSignedDebugInfoV1(lp.LogId, []byte("reserved"), sig), nil -} - -// genV1Sth issues a new SignedTreeHeadV1 StItem from a TreeHeadV1 structure -func (lp *LogParameters) genV1Sth(th *TreeHeadV1) (*StItem, error) { - serialized, err := th.Marshal() - if err != nil { - return nil, fmt.Errorf("failed tls marshaling tree head: %v", err) - } - sig, err := lp.Signer.Sign(rand.Reader, serialized, crypto.Hash(0)) // ed25519 - if err != nil { - return nil, fmt.Errorf("ed25519 signature failed: %v", err) - } - lastSthTimestamp.Set(float64(time.Now().Unix()), lp.id()) - lastSthSize.Set(float64(th.TreeSize), lp.id()) - return NewSignedTreeHeadV1(th, lp.LogId, sig), nil -} -- cgit v1.2.3