Chromium Code Reviews Chromium Code Reviews
Issue 1943313003:
Adds a function for encoding a Merkle tree leaf in TLS wire format. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_serialization.h" | 5 #include "net/cert/ct_serialization.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <limits> | 10 #include <limits> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/numerics/safe_math.h" | 13 #include "base/numerics/safe_math.h" |
| 14 | 14 |
| 15 namespace net { | 15 namespace net { |
| 16 | 16 |
| 17 namespace ct { | 17 namespace ct { |
| 18 | 18 |
| 19 namespace { | 19 namespace { |
| 20 | 20 |
| 21 // Note: length is always specified in bytes. | 21 // Note: length is always specified in bytes. |
| 22 // Signed Certificate Timestamp (SCT) Version length | 22 // CT protocol version length |
| 23 const size_t kVersionLength = 1; | 23 const size_t kVersionLength = 1; |
| 24 const size_t kSha256HashLength = 32; | |
|
Eran Messeri
2016/05/04 10:29:23
This is redundant, you can use the definition from
Rob Percival
2016/05/05 15:45:31
Done.
| |
| 25 | |
| 26 // Common V1 struct members | |
| 27 const size_t kTimestampLength = 8; | |
| 28 const size_t kLogEntryTypeLength = 2; | |
| 29 const size_t kAsn1CertificateLengthBytes = 3; | |
| 30 const size_t kTbsCertificateLengthBytes = 3; | |
| 31 const size_t kExtensionsLengthBytes = 2; | |
| 24 | 32 |
| 25 // Members of a V1 SCT | 33 // Members of a V1 SCT |
| 26 const size_t kLogIdLength = 32; | 34 const size_t kLogIdLength = kSha256HashLength; |
| 27 const size_t kTimestampLength = 8; | |
| 28 const size_t kExtensionsLengthBytes = 2; | |
| 29 const size_t kHashAlgorithmLength = 1; | 35 const size_t kHashAlgorithmLength = 1; |
| 30 const size_t kSigAlgorithmLength = 1; | 36 const size_t kSigAlgorithmLength = 1; |
| 31 const size_t kSignatureLengthBytes = 2; | 37 const size_t kSignatureLengthBytes = 2; |
| 32 | 38 |
| 33 // Members of the digitally-signed struct of a V1 SCT | 39 // Members of the digitally-signed struct of a V1 SCT |
| 34 const size_t kSignatureTypeLength = 1; | 40 const size_t kSignatureTypeLength = 1; |
| 35 const size_t kLogEntryTypeLength = 2; | |
| 36 const size_t kAsn1CertificateLengthBytes = 3; | |
| 37 const size_t kTbsCertificateLengthBytes = 3; | |
| 38 | 41 |
| 39 const size_t kSCTListLengthBytes = 2; | 42 const size_t kSCTListLengthBytes = 2; |
| 40 const size_t kSerializedSCTLengthBytes = 2; | 43 const size_t kSerializedSCTLengthBytes = 2; |
| 41 | 44 |
| 42 // Members of digitally-signed struct of a STH | 45 // Members of digitally-signed struct of a STH |
| 43 const size_t kTreeSizeLength = 8; | 46 const size_t kTreeSizeLength = 8; |
| 44 | 47 |
| 48 // Members of a V1 MerkleTreeLeaf | |
| 49 const size_t kMerkleLeafTypeLength = 1; | |
| 50 const size_t kIssuerKeyHashLength = kSha256HashLength; | |
| 51 | |
| 45 enum SignatureType { | 52 enum SignatureType { |
| 46 SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP = 0, | 53 SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP = 0, |
| 47 TREE_HASH = 1, | 54 TREE_HASH = 1, |
| 48 }; | 55 }; |
| 49 | 56 |
| 50 // Reads a TLS-encoded variable length unsigned integer from |in|. | 57 // Reads a TLS-encoded variable length unsigned integer from |in|. |
| 51 // The integer is expected to be in big-endian order, which is used by TLS. | 58 // The integer is expected to be in big-endian order, which is used by TLS. |
| 52 // The bytes read from |in| are discarded (i.e. |in|'s prefix removed) | 59 // The bytes read from |in| are discarded (i.e. |in|'s prefix removed) |
| 53 // |length| indicates the size (in bytes) of the integer. On success, returns | 60 // |length| indicates the size (in bytes) of the integer. On success, returns |
| 54 // true and stores the result in |*out|. | 61 // true and stores the result in |*out|. |
| (...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 247 } | 254 } |
| 248 | 255 |
| 249 // Writes a LogEntry of type PreCertificate to |output|. | 256 // Writes a LogEntry of type PreCertificate to |output|. |
| 250 // |input| is the LogEntry containing the TBSCertificate and issuer key hash. | 257 // |input| is the LogEntry containing the TBSCertificate and issuer key hash. |
| 251 // Returns true if the TBSCertificate component in the LogEntry does not | 258 // Returns true if the TBSCertificate component in the LogEntry does not |
| 252 // exceed kMaxTbsCertificateLength and so can be written to |output|. | 259 // exceed kMaxTbsCertificateLength and so can be written to |output|. |
| 253 bool EncodePrecertLogEntry(const LogEntry& input, std::string* output) { | 260 bool EncodePrecertLogEntry(const LogEntry& input, std::string* output) { |
| 254 WriteEncodedBytes( | 261 WriteEncodedBytes( |
| 255 base::StringPiece( | 262 base::StringPiece( |
| 256 reinterpret_cast<const char*>(input.issuer_key_hash.data), | 263 reinterpret_cast<const char*>(input.issuer_key_hash.data), |
| 257 kLogIdLength), | 264 kIssuerKeyHashLength), |
| 258 output); | 265 output); |
| 259 return WriteVariableBytes(kTbsCertificateLengthBytes, | 266 return WriteVariableBytes(kTbsCertificateLengthBytes, |
| 260 input.tbs_certificate, output); | 267 input.tbs_certificate, output); |
| 261 } | 268 } |
| 262 | 269 |
| 263 } // namespace | 270 } // namespace |
| 264 | 271 |
| 265 bool EncodeDigitallySigned(const DigitallySigned& input, | 272 bool EncodeDigitallySigned(const DigitallySigned& input, |
| 266 std::string* output) { | 273 std::string* output) { |
| 267 WriteUint(kHashAlgorithmLength, input.hash_algorithm, output); | 274 WriteUint(kHashAlgorithmLength, input.hash_algorithm, output); |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 328 | 335 |
| 329 return true; | 336 return true; |
| 330 } | 337 } |
| 331 | 338 |
| 332 static void WriteTimeSinceEpoch(const base::Time& timestamp, | 339 static void WriteTimeSinceEpoch(const base::Time& timestamp, |
| 333 std::string* output) { | 340 std::string* output) { |
| 334 base::TimeDelta time_since_epoch = timestamp - base::Time::UnixEpoch(); | 341 base::TimeDelta time_since_epoch = timestamp - base::Time::UnixEpoch(); |
| 335 WriteUint(kTimestampLength, time_since_epoch.InMilliseconds(), output); | 342 WriteUint(kTimestampLength, time_since_epoch.InMilliseconds(), output); |
| 336 } | 343 } |
| 337 | 344 |
| 345 bool EncodeTreeLeaf(const MerkleTreeLeaf& leaf, std::string* output) { | |
| 346 WriteUint(kVersionLength, MerkleTreeLeaf::VERSION_1, output); | |
| 347 WriteUint(kMerkleLeafTypeLength, MerkleTreeLeaf::TYPE_TIMESTAMPED_ENTRY, | |
| 348 output); | |
| 349 WriteTimeSinceEpoch(leaf.timestamp, output); | |
| 350 if (!EncodeLogEntry(leaf.log_entry, output)) | |
| 351 return false; | |
| 352 if (!WriteVariableBytes(kExtensionsLengthBytes, leaf.extensions, output)) | |
| 353 return false; | |
| 354 | |
| 355 return true; | |
| 356 } | |
| 357 | |
| 338 bool EncodeV1SCTSignedData(const base::Time& timestamp, | 358 bool EncodeV1SCTSignedData(const base::Time& timestamp, |
| 339 const std::string& serialized_log_entry, | 359 const std::string& serialized_log_entry, |
| 340 const std::string& extensions, | 360 const std::string& extensions, |
| 341 std::string* output) { | 361 std::string* output) { |
| 342 WriteUint(kVersionLength, SignedCertificateTimestamp::SCT_VERSION_1, | 362 WriteUint(kVersionLength, SignedCertificateTimestamp::SCT_VERSION_1, |
| 343 output); | 363 output); |
| 344 WriteUint(kSignatureTypeLength, SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP, | 364 WriteUint(kSignatureTypeLength, SIGNATURE_TYPE_CERTIFICATE_TIMESTAMP, |
| 345 output); | 365 output); |
| 346 WriteTimeSinceEpoch(timestamp, output); | 366 WriteTimeSinceEpoch(timestamp, output); |
| 347 // NOTE: serialized_log_entry must already be serialized and contain the | 367 // NOTE: serialized_log_entry must already be serialized and contain the |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 407 bool EncodeSCTListForTesting(const base::StringPiece& sct, | 427 bool EncodeSCTListForTesting(const base::StringPiece& sct, |
| 408 std::string* output) { | 428 std::string* output) { |
| 409 std::string encoded_sct; | 429 std::string encoded_sct; |
| 410 return WriteVariableBytes(kSerializedSCTLengthBytes, sct, &encoded_sct) && | 430 return WriteVariableBytes(kSerializedSCTLengthBytes, sct, &encoded_sct) && |
| 411 WriteVariableBytes(kSCTListLengthBytes, encoded_sct, output); | 431 WriteVariableBytes(kSCTListLengthBytes, encoded_sct, output); |
| 412 } | 432 } |
| 413 | 433 |
| 414 } // namespace ct | 434 } // namespace ct |
| 415 | 435 |
| 416 } // namespace net | 436 } // namespace net |
| OLD | NEW |
