From 9ab61d6884a9ac26592723523ed2521c79c47a1a Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 3 Nov 2020 13:17:11 +0100 Subject: fixed signature verification and client get-sth --- client/client.go | 31 +++++++++-------------- client/verify.go | 55 +++++++++++++++++++++++++++++++++++++++++ server/descriptor/descriptor.go | 10 ++++++++ verify.go | 36 --------------------------- 4 files changed, 77 insertions(+), 55 deletions(-) create mode 100644 client/verify.go delete mode 100644 verify.go diff --git a/client/client.go b/client/client.go index 34fa8a2..c9aaee3 100644 --- a/client/client.go +++ b/client/client.go @@ -92,30 +92,20 @@ func (c *Client) AddEntry(ctx context.Context, name, checksum []byte) (*stfe.StI return nil, fmt.Errorf("failed creating http request: %v", err) } req.Header.Set("Content-Type", "application/json") - glog.V(2).Infof("created request: %s %s", req.Method, req.URL) + glog.V(2).Infof("created http request: %s %s", req.Method, req.URL) - var itemStr string - if err := c.doRequest(ctx, req, &itemStr); err != nil { - return nil, err - } - b, err := base64.StdEncoding.DecodeString(itemStr) + item, err := c.doRequestWithStItemResponse(ctx, req) if err != nil { - return nil, fmt.Errorf("failed decoding base64 body: %v", err) - } - var item stfe.StItem - if err := item.Unmarshal(b); err != nil { - return nil, fmt.Errorf("failed decoding StItem: %v", err) + return nil, err } - glog.V(3).Infof("got StItem: %s", item) - if item.Format != stfe.StFormatSignedDebugInfoV1 { return nil, fmt.Errorf("bad StItem format: %v", item.Format) } - if err := item.SignedDebugInfoV1.Verify(c.Log.Scheme, c.Log.PublicKey, leaf); err != nil { + + if err := VerifySignedDebugInfoV1(item, c.Log.Scheme, c.Log.Key(), leaf); err != nil { return nil, fmt.Errorf("bad SignedDebugInfoV1 signature: %v", err) } - glog.V(2).Infof("add-entry request succeeded") - return &item, nil + return item, nil } func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) { @@ -123,7 +113,7 @@ func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) { if err != nil { return nil, fmt.Errorf("failed creating http request: %v", err) } - glog.V(2).Infof("created request: %s %s", req.Method, req.URL) + glog.V(2).Infof("created http request: %s %s", req.Method, req.URL) item, err := c.doRequestWithStItemResponse(ctx, req) if err != nil { @@ -132,10 +122,10 @@ func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) { if item.Format != stfe.StFormatSignedTreeHeadV1 { return nil, fmt.Errorf("bad StItem format: %v", item.Format) } - if err := item.SignedTreeHeadV1.Verify(c.Log.Scheme, c.Log.PublicKey); err != nil { + + if err := VerifySignedTreeHeadV1(item, c.Log.Scheme, c.Log.Key()); err != nil { return nil, fmt.Errorf("bad SignedDebugInfoV1 signature: %v", err) } - glog.V(2).Infof("get-sth request succeeded") return item, nil } @@ -187,6 +177,8 @@ func (c *Client) doRequest(ctx context.Context, req *http.Request, out interface return nil } +// doRequestWithStItemResponse sends an HTTP request and returns a decoded +// StItem that the resulting HTTP response contained json:ed and marshaled func (c *Client) doRequestWithStItemResponse(ctx context.Context, req *http.Request) (*stfe.StItem, error) { var itemStr string if err := c.doRequest(ctx, req, &itemStr); err != nil { @@ -200,6 +192,7 @@ func (c *Client) doRequestWithStItemResponse(ctx context.Context, req *http.Requ if err := item.Unmarshal(b); err != nil { return nil, fmt.Errorf("failed decoding StItem: %v", err) } + glog.V(3).Infof("got StItem: %s", item) return &item, nil } diff --git a/client/verify.go b/client/verify.go new file mode 100644 index 0000000..cd2023b --- /dev/null +++ b/client/verify.go @@ -0,0 +1,55 @@ +package client + +import ( + "fmt" + + "crypto" + "crypto/ed25519" + "crypto/tls" + + "github.com/system-transparency/stfe" +) + +// TODO: fix so that publicKey is already passed as crypto.PublicKey +//k, err := x509.ParsePKIXPublicKey(publicKey) +//if err != nil { +// return fmt.Errorf("failed parsing public key: %v", err) +//} + +func VerifySignedDebugInfoV1(sdi *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey, message []byte) error { + if err := supportedScheme(scheme, key); err != nil { + return err + } + if !ed25519.Verify(key.(ed25519.PublicKey), message, sdi.SignedDebugInfoV1.Signature) { + return fmt.Errorf("bad signature") + } + return nil +} + +// VerifySignedTreeHeadV1 verifies an STH signature +func VerifySignedTreeHeadV1(sth *stfe.StItem, scheme tls.SignatureScheme, key crypto.PublicKey) error { + serialized, err := sth.SignedTreeHeadV1.TreeHead.Marshal() + if err != nil { + return fmt.Errorf("failed marshaling tree head: %v", err) + } + if err := supportedScheme(scheme, key); err != nil { + return err + } + + if !ed25519.Verify(key.(ed25519.PublicKey), serialized, sth.SignedTreeHeadV1.Signature) { + return fmt.Errorf("bad signature") + } + return nil +} + +// supportedScheme checks whether the client library supports the log's +// signature scheme and public key type +func supportedScheme(scheme tls.SignatureScheme, key crypto.PublicKey) error { + if _, ok := key.(ed25519.PublicKey); ok && scheme == tls.Ed25519 { + return nil + } + switch t := key.(type) { + default: + return fmt.Errorf("unsupported scheme(%v) and key(%v)", scheme, t) + } +} diff --git a/server/descriptor/descriptor.go b/server/descriptor/descriptor.go index 6e46790..295e03f 100644 --- a/server/descriptor/descriptor.go +++ b/server/descriptor/descriptor.go @@ -4,7 +4,9 @@ import ( "bytes" "fmt" + "crypto" "crypto/tls" + "crypto/x509" "encoding/base64" "encoding/json" "io/ioutil" @@ -55,3 +57,11 @@ func LoadOperators(path string) ([]Operator, error) { } return ops, nil } + +func (l *Log) Key() crypto.PublicKey { + k, err := x509.ParsePKIXPublicKey(l.PublicKey) + if err != nil { + panic("TODO: make a new function and parse public key there") + } + return k +} diff --git a/verify.go b/verify.go deleted file mode 100644 index 50bd923..0000000 --- a/verify.go +++ /dev/null @@ -1,36 +0,0 @@ -package stfe - -import ( - "fmt" - - "crypto/ed25519" - "crypto/tls" - "crypto/x509" -) - -func (sdi *SignedDebugInfoV1) Verify(scheme tls.SignatureScheme, publicKey, message []byte) error { - if scheme != tls.Ed25519 { - return fmt.Errorf("unsupported signature scheme: %v", scheme) - } - - // TODO: fix so that publicKey is already passed as crypto.PublicKey - k, err := x509.ParsePKIXPublicKey(publicKey) - if err != nil { - return fmt.Errorf("failed parsing public key: %v", err) - } - - switch t := k.(type) { - case ed25519.PublicKey: - vk := k.(ed25519.PublicKey) - if !ed25519.Verify(vk, message, sdi.Signature) { - return fmt.Errorf("invalid signature: PublicKey(%v) Message(%v) Signature(%v)", vk, message, sdi.Signature) - } - return nil - default: - return fmt.Errorf("Unsupported public key: %s", t) - } -} - -func (sth *SignedTreeHeadV1) Verify(scheme tls.SignatureScheme, publicKey []byte) error { - return fmt.Errorf("TODO: verify signature") -} -- cgit v1.2.3