From 7d186fff4f0d510581207b0603ea1c946286d7ae Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 29 Oct 2020 16:39:42 +0100 Subject: updated api documentation Specified additional details and simplified http output formatting. --- markup/api.md | 73 +++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 43 insertions(+), 30 deletions(-) (limited to 'markup') diff --git a/markup/api.md b/markup/api.md index 2cf85c5..60658b5 100644 --- a/markup/api.md +++ b/markup/api.md @@ -18,11 +18,19 @@ largest extent possible. ## Log parameters A log is defined by the following immutable parameters: -- Log identifier: a unique identifier -- Public key: a unique public key +- Log identifier: `SHA256(public key)`, see RFC 6962 +[§3.2](https://tools.ietf.org/html/rfc6962#section-3.2) +- Public key: DER encoding of the key represented as `SubjectPublicKeyInfo` +- Hash algorithm: used to maintain the log's Merkle tree, e.g., SHA256 +- Supported signature algorithms: a list of signature algorithms that the +log recognizes. Possible values are defined in RFC 8446, +[§4.2.3](https://tools.ietf.org/html/rfc8446#section-4.2.3). Submitters must +use a signature algorithm that the log supports. +- Signature algorithm: the signature algorithm that the log uses to sign +tree heads and debug info statements. +- Maximum chain length: e.g., three means that we would reject submissions that +were signed by a certificate chain of length four. - Base URL: where can this log be reached? E.g., example.com:1234/log -- Hash algorithm: e.g., SHA-256 -- Signature algorithm: e.g., ECDSA on a given curve. Note that **there is no MMD**. The idea is to merge added entries as soon as possible, and no client should trust that something is logged until an inclusion @@ -70,27 +78,22 @@ struct { } StItem; ``` -An `StItem` can be serialized into a list as described in RFC 6962/bis, -[§6.2](https://datatracker.ietf.org/doc/html/draft-ietf-trans-rfc6962-bis-34#section-6.2). - ### Merkle tree leaf types In the future there might be several types of leaves. Say, one for operating system packages, another one for Debian packages, and a third one for general-purpose checksums. For now we only define the latter. #### Checksum -A checksum entry contains a package identifier such as `foobar-1.2.3` and an -artifact hash that uses the log's configured hash function. - ``` struct { - opaque package<0..2^8-1>; // package identifier - opaque checksum<32..2^8-1>; // artifact hash that used the log's hash func + opaque package<1..2^8-1>; // package identifier + opaque checksum<1..64>; // hash of some artifact } ChecksumV1; ``` -For example, the checksum type could be used by Firefox to [enforce public -binary logging before accepting a new software +A checksum entry contains a package identifier such as `foobar-1.2.3` and an +artifact hash. For example, the checksum type could be used by Firefox to +[enforce public binary logging before accepting a new software update](https://wiki.mozilla.org/Security/Binary_Transparency). It is assumed that the entities relying on the checksum type know how to find the artifact source (if not already at hand) and then reproduce the logged hash from it. @@ -105,11 +108,18 @@ If an unexpected delay is encountered, the submitter can present the issued SDI to the log operator (who can then investigate the underlying reason further). ``` struct { - LogID log_id; // defined in RFC 6962 - opaque message<0..2^16-1> // debug string that is only meant for the log - opaque signature; // computed by the log over the StItem in question + LogID log_id; // defined in RFC 6962, basically SHA256(pub key) + opaque message<1..2^16-1> // debug string that is only meant for the log + opaque signature <1..2^16-1; // computed over a leaf-type StItem } SignedDebugInfoV1; ``` + +The signature's encoding follows from the log's signature algorithm parameter, +e.g., `ed25519(0x0807)` refers to [RFC +8032](https://tools.ietf.org/html/rfc8032). A complete list of signature +schemes and their interpretations can be found in RFC 8446, +[§4.2.3](https://tools.ietf.org/html/rfc8446#section-4.2.3). + ## Public endpoints Clients talk to the log with HTTPS GET/POST requests. POST parameters are JSON objects, GET parameters are URL encoded, and serialized data is @@ -126,14 +136,16 @@ POST https:///st/v1/add-entry Input: - item: an `StItem` that corresponds to a valid leaf type. Only `checksum_v1` at this time. -- signature: a `DigitallySigned` object as defined in RFC 5246, -[§4.7](https://tools.ietf.org/html/rfc5246#section-4.7), that covers this item. +- signature_algorithm: decimal, possible values are defined in RFC 8446 +[§4.2.3](https://tools.ietf.org/html/rfc8446#section-4.2.3). The serialized +signature encoding follows from this. +- signature: covers the submitted item. - certificate: base-64 encoded X.509 certificate that is vouched for by a trust anchor and which produced the above signature. Output: -- sdi: an `StItem` structure of type `signed_debug_info_v1` that covers the -added item. +- an `StItem` structure of type `signed_debug_info_v1` that covers the added +item. ### get-entries ``` @@ -145,9 +157,10 @@ Input: - end: 0-based index of last entry to retrieve in decimal. Output: -- entries: an array of objects, each consisting of +- an array of objects, each consisting of - leaf: `StItem` that corresponds to the leaf's type. - - signature: `DigitallySigned` object that covers the retrieved item. + - signature: signature that covers the retrieved item using the log's + configured signature algorithm. - chain: an array of base-64 encoded certificates, where the first corresponds to the signing certificate and the final one a trust anchor. @@ -162,7 +175,7 @@ GET https:///st/v1/get-anchors No input. Output: -- certificates: an array of base-64 encoded trust anchors that the log accept. +- an array of base-64 encoded trust anchors that the log accept. ### get-proof-by-hash ``` @@ -171,14 +184,14 @@ GET https:///st/v1/get-proof-by-hash Input: - hash: a base-64 encoded leaf hash. -- tree_size: the thee size that the proof should be based on in decimal. +- tree_size: the tree size that the proof should be based on in decimal. The leaf hash value is computed as in RFC 6962/bis, [§4.7](https://datatracker.ietf.org/doc/html/draft-ietf-trans-rfc6962-bis-34#section-4.7). Output: -- inclusion_proof: an `StItem` of type `inclusion_proof_v1`. Note that this -structure includes both the leaf index and an audit path for the tree size. +- an `StItem` of type `inclusion_proof_v1`. Note that this structure includes +both the leaf index and an audit path for the tree size. ### get-consistency-proof ``` @@ -190,7 +203,7 @@ Input: - second: the `tree_size` of the newer tree in decimal. Output: -- consistency: an `StItem` of type `consistency_proof_v1` that corresponds to +- an `StItem` of type `consistency_proof_v1` that corresponds to the requested tree sizes. ### get-sth @@ -201,5 +214,5 @@ GET https:///st/v1/get-sth No input. Output: -- sth: an `StItem` of type `signed_tree_head_v1`, which corresponds to the most -recently known STH, which corresponds to the most recently known STH. +- an `StItem` of type `signed_tree_head_v1`, which corresponds to the most +recently known STH. -- cgit v1.2.3