| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_serialization.h" | 5 #include "net/cert/ct_serialization.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <limits> | 10 #include <limits> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/numerics/safe_math.h" | 13 #include "base/numerics/safe_math.h" |
| 14 #include "crypto/sha2.h" |
| 15 #include "net/cert/merkle_tree_leaf.h" |
| 14 #include "net/cert/signed_certificate_timestamp.h" | 16 #include "net/cert/signed_certificate_timestamp.h" |
| 15 #include "net/cert/signed_tree_head.h" | 17 #include "net/cert/signed_tree_head.h" |
| 16 | 18 |
| 17 namespace net { | 19 namespace net { |
| 18 | 20 |
| 19 namespace ct { | 21 namespace ct { |
| 20 | 22 |
| 21 namespace { | 23 namespace { |
| 22 | 24 |
| 23 // Note: length is always specified in bytes. | 25 // Note: length is always specified in bytes. |
| 24 // Signed Certificate Timestamp (SCT) Version length | 26 // CT protocol version length |
| 25 const size_t kVersionLength = 1; | 27 const size_t kVersionLength = 1; |
| 26 | 28 |
| 29 // Common V1 struct members |
| 30 const size_t kTimestampLength = 8; |
| 31 const size_t kLogEntryTypeLength = 2; |
| 32 const size_t kAsn1CertificateLengthBytes = 3; |
| 33 const size_t kTbsCertificateLengthBytes = 3; |
| 34 const size_t kExtensionsLengthBytes = 2; |
| 35 |
| 27 // Members of a V1 SCT | 36 // Members of a V1 SCT |
| 28 const size_t kLogIdLength = 32; | 37 const size_t kLogIdLength = crypto::kSHA256Length; |
| 29 const size_t kTimestampLength = 8; | |
| 30 const size_t kExtensionsLengthBytes = 2; | |
| 31 const size_t kHashAlgorithmLength = 1; | 38 const size_t kHashAlgorithmLength = 1; |
| 32 const size_t kSigAlgorithmLength = 1; | 39 const size_t kSigAlgorithmLength = 1; |
| 33 const size_t kSignatureLengthBytes = 2; | 40 const size_t kSignatureLengthBytes = 2; |
| 34 | 41 |
| 35 // Members of the digitally-signed struct of a V1 SCT | 42 // Members of the digitally-signed struct of a V1 SCT |
| 36 const size_t kSignatureTypeLength = 1; | 43 const size_t kSignatureTypeLength = 1; |
| 37 const size_t kLogEntryTypeLength = 2; | |
| 38 const size_t kAsn1CertificateLengthBytes = 3; | |
| 39 const size_t kTbsCertificateLengthBytes = 3; | |
| 40 | 44 |
| 41 const size_t kSCTListLengthBytes = 2; | 45 const size_t kSCTListLengthBytes = 2; |
| 42 const size_t kSerializedSCTLengthBytes = 2; | 46 const size_t kSerializedSCTLengthBytes = 2; |
| 43 | 47 |
| 44 // Members of digitally-signed struct of a STH | 48 // Members of digitally-signed struct of a STH |
| 45 const size_t kTreeSizeLength = 8; | 49 const size_t kTreeSizeLength = 8; |
| 46 | 50 |
| 51 // Members of a V1 MerkleTreeLeaf |
| 52 const size_t kMerkleLeafTypeLength = 1; |
| 53 const size_t kIssuerKeyHashLength = crypto::kSHA256Length; |
| 54 |
| 47 enum SignatureType { | 55 enum SignatureType { |
| 48 SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP = 0, | 56 SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP = 0, |
| 49 TREE_HASH = 1, | 57 TREE_HASH = 1, |
| 50 }; | 58 }; |
| 51 | 59 |
| 52 // Reads a TLS-encoded variable length unsigned integer from |in|. | 60 // Reads a TLS-encoded variable length unsigned integer from |in|. |
| 53 // The integer is expected to be in big-endian order, which is used by TLS. | 61 // The integer is expected to be in big-endian order, which is used by TLS. |
| 54 // The bytes read from |in| are discarded (i.e. |in|'s prefix removed) | 62 // The bytes read from |in| are discarded (i.e. |in|'s prefix removed) |
| 55 // |length| indicates the size (in bytes) of the integer. On success, returns | 63 // |length| indicates the size (in bytes) of the integer. On success, returns |
| 56 // true and stores the result in |*out|. | 64 // true and stores the result in |*out|. |
| (...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 249 } | 257 } |
| 250 | 258 |
| 251 // Writes a LogEntry of type PreCertificate to |output|. | 259 // Writes a LogEntry of type PreCertificate to |output|. |
| 252 // |input| is the LogEntry containing the TBSCertificate and issuer key hash. | 260 // |input| is the LogEntry containing the TBSCertificate and issuer key hash. |
| 253 // Returns true if the TBSCertificate component in the LogEntry does not | 261 // Returns true if the TBSCertificate component in the LogEntry does not |
| 254 // exceed kMaxTbsCertificateLength and so can be written to |output|. | 262 // exceed kMaxTbsCertificateLength and so can be written to |output|. |
| 255 bool EncodePrecertLogEntry(const LogEntry& input, std::string* output) { | 263 bool EncodePrecertLogEntry(const LogEntry& input, std::string* output) { |
| 256 WriteEncodedBytes( | 264 WriteEncodedBytes( |
| 257 base::StringPiece( | 265 base::StringPiece( |
| 258 reinterpret_cast<const char*>(input.issuer_key_hash.data), | 266 reinterpret_cast<const char*>(input.issuer_key_hash.data), |
| 259 kLogIdLength), | 267 kIssuerKeyHashLength), |
| 260 output); | 268 output); |
| 261 return WriteVariableBytes(kTbsCertificateLengthBytes, | 269 return WriteVariableBytes(kTbsCertificateLengthBytes, |
| 262 input.tbs_certificate, output); | 270 input.tbs_certificate, output); |
| 263 } | 271 } |
| 264 | 272 |
| 265 } // namespace | 273 } // namespace |
| 266 | 274 |
| 267 bool EncodeDigitallySigned(const DigitallySigned& input, | 275 bool EncodeDigitallySigned(const DigitallySigned& input, |
| 268 std::string* output) { | 276 std::string* output) { |
| 269 WriteUint(kHashAlgorithmLength, input.hash_algorithm, output); | 277 WriteUint(kHashAlgorithmLength, input.hash_algorithm, output); |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 330 | 338 |
| 331 return true; | 339 return true; |
| 332 } | 340 } |
| 333 | 341 |
| 334 static void WriteTimeSinceEpoch(const base::Time& timestamp, | 342 static void WriteTimeSinceEpoch(const base::Time& timestamp, |
| 335 std::string* output) { | 343 std::string* output) { |
| 336 base::TimeDelta time_since_epoch = timestamp - base::Time::UnixEpoch(); | 344 base::TimeDelta time_since_epoch = timestamp - base::Time::UnixEpoch(); |
| 337 WriteUint(kTimestampLength, time_since_epoch.InMilliseconds(), output); | 345 WriteUint(kTimestampLength, time_since_epoch.InMilliseconds(), output); |
| 338 } | 346 } |
| 339 | 347 |
| 348 bool EncodeTreeLeaf(const MerkleTreeLeaf& leaf, std::string* output) { |
| 349 WriteUint(kVersionLength, 0, output); // version: 1 |
| 350 WriteUint(kMerkleLeafTypeLength, 0, output); // type: timestamped entry |
| 351 WriteTimeSinceEpoch(leaf.timestamp, output); |
| 352 if (!EncodeLogEntry(leaf.log_entry, output)) |
| 353 return false; |
| 354 if (!WriteVariableBytes(kExtensionsLengthBytes, leaf.extensions, output)) |
| 355 return false; |
| 356 |
| 357 return true; |
| 358 } |
| 359 |
| 340 bool EncodeV1SCTSignedData(const base::Time& timestamp, | 360 bool EncodeV1SCTSignedData(const base::Time& timestamp, |
| 341 const std::string& serialized_log_entry, | 361 const std::string& serialized_log_entry, |
| 342 const std::string& extensions, | 362 const std::string& extensions, |
| 343 std::string* output) { | 363 std::string* output) { |
| 344 WriteUint(kVersionLength, SignedCertificateTimestamp::V1, | 364 WriteUint(kVersionLength, SignedCertificateTimestamp::V1, |
| 345 output); | 365 output); |
| 346 WriteUint(kSignatureTypeLength, SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP, | 366 WriteUint(kSignatureTypeLength, SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP, |
| 347 output); | 367 output); |
| 348 WriteTimeSinceEpoch(timestamp, output); | 368 WriteTimeSinceEpoch(timestamp, output); |
| 349 // NOTE: serialized_log_entry must already be serialized and contain the | 369 // NOTE: serialized_log_entry must already be serialized and contain the |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 409 bool EncodeSCTListForTesting(const base::StringPiece& sct, | 429 bool EncodeSCTListForTesting(const base::StringPiece& sct, |
| 410 std::string* output) { | 430 std::string* output) { |
| 411 std::string encoded_sct; | 431 std::string encoded_sct; |
| 412 return WriteVariableBytes(kSerializedSCTLengthBytes, sct, &encoded_sct) && | 432 return WriteVariableBytes(kSerializedSCTLengthBytes, sct, &encoded_sct) && |
| 413 WriteVariableBytes(kSCTListLengthBytes, encoded_sct, output); | 433 WriteVariableBytes(kSCTListLengthBytes, encoded_sct, output); |
| 414 } | 434 } |
| 415 | 435 |
| 416 } // namespace ct | 436 } // namespace ct |
| 417 | 437 |
| 418 } // namespace net | 438 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1943313003:
Adds a function for encoding a Merkle tree leaf in TLS wire format. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master