net/cert/ct_log_response_parser.cc - Issue 230713002: Certificate Transparency: Parse Signed Tree Heads and validate them

Side by Side Diff: net/cert/ct_log_response_parser.cc

Issue 230713002: Certificate Transparency: Parse Signed Tree Heads and validate them (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Explicitly exporting symbol Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/cert/ct_log_response_parser.h"

	6

	7 #include "base/base64.h"

	8 #include "base/json/json_reader.h"

	9 #include "base/json/json_value_converter.h"

	10 #include "base/logging.h"

	11 #include "base/time/time.h"

	12 #include "base/values.h"

	13 #include "net/cert/ct_serialization.h"

	14 #include "net/cert/signed_tree_head.h"

	15

	16 namespace net {

	17

	18 namespace ct {

	19

	20 namespace {

	21

	22 // Structure for making JSON decoding easier. The string fields

	23 // are base64-encoded so will require further decoding.

	24 struct JsonSignedTreeHead {

	25 int tree_size;

	26 double timestamp;

	27 std::string sha256_root_hash;

	28 std::string tree_head_signature;

	29

	30 static void RegisterJSONConverter(

	31 base::JSONValueConverter<JsonSignedTreeHead>* converted);

	32 };

	33

	34 void JsonSignedTreeHead::RegisterJSONConverter(

	35 base::JSONValueConverter<JsonSignedTreeHead>* converter) {

	36 converter->RegisterIntField("tree_size", &JsonSignedTreeHead::tree_size);

	37 converter->RegisterDoubleField("timestamp", &JsonSignedTreeHead::timestamp);

	38 converter->RegisterStringField("sha256_root_hash",

	39 &JsonSignedTreeHead::sha256_root_hash);

	40 converter->RegisterStringField("tree_head_signature",

	41 &JsonSignedTreeHead::tree_head_signature);
	Ryan Sleevi 2014/04/25 23:33:19 SECURITY: Should there be any customer converters SECURITY: Should there be any customer converters attached to these, so that you can validate their well-formedness? tree_size or timestamp being negative numbers immediately springs to mind as being potential security issues Eran Messeri 2014/04/29 15:22:24 Good catch - I've added custom converters for the Show quoted text On 2014/04/25 23:33:19, Ryan Sleevi wrote: > SECURITY: Should there be any customer converters attached to these, so that you > can validate their well-formedness? > > tree_size or timestamp being negative numbers immediately springs to mind as > being potential security issues Good catch - I've added custom converters for the sha256_root_hash and tree_head_signature. Since I'm further processing this struct later on I've opted for checks in the FillSignedTreeHead function below for the timestamp and tree_size. I could use custom converters for these fields as well but that would require manually converting the StringPiece to the Int/Double value before doing any validation checks on them.
	42 }

	43

	44 } // namespace

	45

	46 bool FillSignedTreeHead(const base::StringPiece& json_signed_tree_head,

	47 SignedTreeHead* signed_tree_head) {

	48 base::JSONReader json_reader;

	49 scoped_ptr<base::Value> json(json_reader.Read(json_signed_tree_head));

	50 if (json.get() == NULL) {

	51 DVLOG(1) << "Empty Signed Tree Head JSON.";

	52 return false;

	53 }

	54

	55 JsonSignedTreeHead parsed_sth;

	56 base::JSONValueConverter<JsonSignedTreeHead> converter;

	57 if (!converter.Convert(*json.get(), &parsed_sth)) {

	58 DVLOG(1) << "Invalid Signed Tree Head JSON.";

	59 return false;

	60 }

	61

	62 std::string decoded_root_hash;

	63 if (!base::Base64Decode(parsed_sth.sha256_root_hash, &decoded_root_hash)) {

	64 DVLOG(1) << "Failed decoding sha256_root_hash";

	65 return false;

	66 }

	67

	68 if (decoded_root_hash.length() != kSthRootHashLength) {

	69 DVLOG(1) << "sha256_root_hash is expected to be 32 bytes, but is "

	70 << decoded_root_hash.length() << " bytes.";

	71 return false;

	72 }

	73

	74 std::string decoded_signature;

	75 if (!base::Base64Decode(parsed_sth.tree_head_signature, &decoded_signature)) {

	76 DVLOG(1) << "Failed decoding tree_head_signature";

	77 return false;

	78 }

	79

	80 // It's OK to decode the signature directly into the output as this is the

	81 // last check before filling in all other fields.

	82 // If decoding of the DigitallySigned part fails, the STH will not contain

	83 // partial data. If it passes, all other fields will be filled as well.

	84 base::StringPiece sp(decoded_signature);

	85 if (!DecodeDigitallySigned(&sp, &(signed_tree_head->signature))) {

	86 DVLOG(1) << "Failed decoding signature to DigitallySigned";

	87 return false;

	88 }

	89

	90 signed_tree_head->version = SignedTreeHead::V1;

	91 signed_tree_head->tree_size = parsed_sth.tree_size;

	92 signed_tree_head->timestamp =

	93 base::Time::UnixEpoch() +

	94 base::TimeDelta::FromMilliseconds(parsed_sth.timestamp);

	95 memcpy(signed_tree_head->sha256_root_hash,

	96 decoded_root_hash.c_str(),

	97 kSthRootHashLength);

	98 return true;

	99 }

	100

	101 } // namespace ct

	102

	103 } // namespace net

OLD	NEW

« net/cert/ct_log_response_parser.h ('K') | « net/cert/ct_log_response_parser.h ('k') | net/cert/ct_log_response_parser_unittest.cc » ('j') | net/cert/ct_log_response_parser_unittest.cc » ('J')