2018-06-17 07:32:44 +00:00
|
|
|
// Copyright 2015 Google Inc. All Rights Reserved.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package ct
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto"
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/elliptic"
|
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/sha256"
|
2018-07-03 07:25:07 +00:00
|
|
|
"encoding/base64"
|
2018-06-17 07:32:44 +00:00
|
|
|
"encoding/pem"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
|
|
|
|
"github.com/google/certificate-transparency-go/tls"
|
|
|
|
"github.com/google/certificate-transparency-go/x509"
|
|
|
|
)
|
|
|
|
|
2018-07-07 01:22:35 +00:00
|
|
|
// AllowVerificationWithNonCompliantKeys may be set to true in order to allow
|
|
|
|
// SignatureVerifier to use keys which are technically non-compliant with
|
|
|
|
// RFC6962.
|
|
|
|
var AllowVerificationWithNonCompliantKeys = false
|
2018-06-17 07:32:44 +00:00
|
|
|
|
|
|
|
// PublicKeyFromPEM parses a PEM formatted block and returns the public key contained within and any remaining unread bytes, or an error.
|
|
|
|
func PublicKeyFromPEM(b []byte) (crypto.PublicKey, SHA256Hash, []byte, error) {
|
|
|
|
p, rest := pem.Decode(b)
|
|
|
|
if p == nil {
|
|
|
|
return nil, [sha256.Size]byte{}, rest, fmt.Errorf("no PEM block found in %s", string(b))
|
|
|
|
}
|
|
|
|
k, err := x509.ParsePKIXPublicKey(p.Bytes)
|
|
|
|
return k, sha256.Sum256(p.Bytes), rest, err
|
|
|
|
}
|
|
|
|
|
2018-07-03 07:25:07 +00:00
|
|
|
// PublicKeyFromB64 parses a base64-encoded public key.
|
|
|
|
func PublicKeyFromB64(b64PubKey string) (crypto.PublicKey, error) {
|
|
|
|
der, err := base64.StdEncoding.DecodeString(b64PubKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("error decoding public key: %s", err)
|
|
|
|
}
|
|
|
|
return x509.ParsePKIXPublicKey(der)
|
|
|
|
}
|
|
|
|
|
2018-06-17 07:32:44 +00:00
|
|
|
// SignatureVerifier can verify signatures on SCTs and STHs
|
|
|
|
type SignatureVerifier struct {
|
|
|
|
pubKey crypto.PublicKey
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewSignatureVerifier creates a new SignatureVerifier using the passed in PublicKey.
|
|
|
|
func NewSignatureVerifier(pk crypto.PublicKey) (*SignatureVerifier, error) {
|
|
|
|
switch pkType := pk.(type) {
|
|
|
|
case *rsa.PublicKey:
|
|
|
|
if pkType.N.BitLen() < 2048 {
|
|
|
|
e := fmt.Errorf("public key is RSA with < 2048 bits (size:%d)", pkType.N.BitLen())
|
2018-07-07 01:22:35 +00:00
|
|
|
if !AllowVerificationWithNonCompliantKeys {
|
2018-06-17 07:32:44 +00:00
|
|
|
return nil, e
|
|
|
|
}
|
|
|
|
log.Printf("WARNING: %v", e)
|
|
|
|
}
|
|
|
|
case *ecdsa.PublicKey:
|
|
|
|
params := *(pkType.Params())
|
|
|
|
if params != *elliptic.P256().Params() {
|
|
|
|
e := fmt.Errorf("public is ECDSA, but not on the P256 curve")
|
2018-07-07 01:22:35 +00:00
|
|
|
if !AllowVerificationWithNonCompliantKeys {
|
2018-06-17 07:32:44 +00:00
|
|
|
return nil, e
|
|
|
|
}
|
|
|
|
log.Printf("WARNING: %v", e)
|
|
|
|
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("Unsupported public key type %v", pkType)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &SignatureVerifier{
|
|
|
|
pubKey: pk,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// VerifySignature verifies the given signature sig matches the data.
|
|
|
|
func (s SignatureVerifier) VerifySignature(data []byte, sig tls.DigitallySigned) error {
|
|
|
|
return tls.VerifySignature(s.pubKey, data, sig)
|
|
|
|
}
|
|
|
|
|
|
|
|
// VerifySCTSignature verifies that the SCT's signature is valid for the given LogEntry.
|
|
|
|
func (s SignatureVerifier) VerifySCTSignature(sct SignedCertificateTimestamp, entry LogEntry) error {
|
|
|
|
sctData, err := SerializeSCTSignatureInput(sct, entry)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return s.VerifySignature(sctData, tls.DigitallySigned(sct.Signature))
|
|
|
|
}
|
|
|
|
|
|
|
|
// VerifySTHSignature verifies that the STH's signature is valid.
|
|
|
|
func (s SignatureVerifier) VerifySTHSignature(sth SignedTreeHead) error {
|
|
|
|
sthData, err := SerializeSTHSignatureInput(sth)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return s.VerifySignature(sthData, tls.DigitallySigned(sth.TreeHeadSignature))
|
|
|
|
}
|