gecko-dev/security/certverifier/MultiLogCTVerifier.h

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef MultiLogCTVerifier_h
#define MultiLogCTVerifier_h

#include "CTLogVerifier.h"
#include "mozilla/Vector.h"
#include "pkix/Input.h"
#include "pkix/Result.h"
#include "SignedCertificateTimestamp.h"

namespace mozilla { namespace ct {

typedef Vector<SignedCertificateTimestamp> SCTList;

// Holds Signed Certificate Timestamps, arranged by their verification results.
class CTVerifyResult
{
public:
  // SCTs from known logs where the signature verified correctly.
  SCTList verifiedScts;

  // SCTs from known logs where the signature failed to verify.
  SCTList invalidScts;

  // SCTs from unknown logs and as such are unverifiable.
  SCTList unknownLogsScts;

  // For a certificate to pass Certificate Transparency verification, at least
  // one of the provided SCTs must validate. The verifier makes the best effort
  // to extract the available SCTs from the binary sources provided to it.
  // If some SCT cannot be extracted due to encoding errors, the verifier
  // proceeds to the next available one. In other words, decoding errors are
  // effectively ignored.
  // Note that a serialized SCT may fail to decode for a "legitimate" reason,
  // e.g. if the SCT is from a future version of the Certificate Transparency
  // standard.
  // |decodingErrors| field counts the errors of the above kind.
  // This field is purely informational; there is probably nothing to do with it
  // in release builds, but it is useful in unit tests.
  size_t decodingErrors;

  void Reset();
};

// A Certificate Transparency verifier that can verify Signed Certificate
// Timestamps from multiple logs.
class MultiLogCTVerifier
{
public:
  // Adds a new log to the list of known logs to verify against.
  pkix::Result AddLog(pkix::Input publicKey);

  // Verifies SCTs embedded in the certificate itself, SCTs embedded in a
  // stapled OCSP response, and SCTs obtained via the
  // signed_certificate_timestamp TLS extension on the given |cert|.
  //
  // A certificate is permitted but not required to use multiple sources for
  // SCTs. It is expected that most certificates will use only one source
  // (embedding, TLS extension or OCSP stapling).
  //
  // The verifier stops on fatal errors (such as out of memory or invalid
  // DER encoding of |cert|), but it does not stop on SCT decoding errors. See
  // CTVerifyResult for more details.
  //
  // The internal state of the verifier object is not modified
  // during the verification process.
  //
  // |cert|  DER-encoded certificate to be validated using the provided SCTs.
  // |sctListFromCert|  SCT list embedded in |cert|, empty if not present.
  // |issuerSubjectPublicKeyInfo|  SPKI of |cert|'s issuer. Can be empty,
  //                               in which case the embedded SCT list
  //                               won't be verified.
  // |sctListFromOCSPResponse|  SCT list included in a stapled OCSP response
  //                            for |cert|. Empty if not available.
  // |sctListFromTLSExtension|  is the SCT list from the TLS extension. Empty
  //                            if no extension was present.
  // |time|  the current time. Used to make sure SCTs are not in the future.
  //         Measured in milliseconds since the epoch, ignoring leap seconds
  //         (same format as used by the "timestamp" field of
  //         SignedCertificateTimestamp).
  // |result|  will be filled with the SCTs present, divided into categories
  //           based on the verification result.
  pkix::Result Verify(pkix::Input cert,
                      pkix::Input issuerSubjectPublicKeyInfo,
                      pkix::Input sctListFromCert,
                      pkix::Input sctListFromOCSPResponse,
                      pkix::Input sctListFromTLSExtension,
                      uint64_t time,
                      CTVerifyResult& result);

private:
  // Verifies a list of SCTs from |encodedSctList| over |expectedEntry|,
  // placing the verification results in |result|. The SCTs in the list
  // come from |origin| (as will be reflected in the origin field of each SCT).
  pkix::Result VerifySCTs(pkix::Input encodedSctList,
                          const LogEntry& expectedEntry,
                          SignedCertificateTimestamp::Origin origin,
                          uint64_t time,
                          CTVerifyResult& result);

  // Verifies a single, parsed SCT against all known logs.
  // Note: moves |sct| to the target list in |result|, invalidating |sct|.
  pkix::Result VerifySingleSCT(SignedCertificateTimestamp&& sct,
                               const ct::LogEntry& expectedEntry,
                               uint64_t time,
                               CTVerifyResult& result);

  // The list of known logs.
  Vector<CTLogVerifier> mLogs;
};

} } // namespace mozilla::ct

#endif  // MultiLogCTVerifier_h
Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka MozReview-Commit-ID: IgcnyBH4Up --HG-- extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3 2016-07-05 08:35:06 +03:00			`/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */`
			`/* vim: set ts=8 sts=2 et sw=2 tw=80: */`
			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`#ifndef MultiLogCTVerifier_h`
			`#define MultiLogCTVerifier_h`

			`#include "CTLogVerifier.h"`
			`#include "mozilla/Vector.h"`
			`#include "pkix/Input.h"`
			`#include "pkix/Result.h"`
			`#include "SignedCertificateTimestamp.h"`

			`namespace mozilla { namespace ct {`

			`typedef Vector<SignedCertificateTimestamp> SCTList;`

			`// Holds Signed Certificate Timestamps, arranged by their verification results.`
			`class CTVerifyResult`
			`{`
			`public:`
			`// SCTs from known logs where the signature verified correctly.`
			`SCTList verifiedScts;`

			`// SCTs from known logs where the signature failed to verify.`
			`SCTList invalidScts;`

			`// SCTs from unknown logs and as such are unverifiable.`
			`SCTList unknownLogsScts;`

			`// For a certificate to pass Certificate Transparency verification, at least`
			`// one of the provided SCTs must validate. The verifier makes the best effort`
			`// to extract the available SCTs from the binary sources provided to it.`
			`// If some SCT cannot be extracted due to encoding errors, the verifier`
			`// proceeds to the next available one. In other words, decoding errors are`
			`// effectively ignored.`
			`// Note that a serialized SCT may fail to decode for a "legitimate" reason,`
			`// e.g. if the SCT is from a future version of the Certificate Transparency`
			`// standard.`
			`// \|decodingErrors\| field counts the errors of the above kind.`
			`// This field is purely informational; there is probably nothing to do with it`
			`// in release builds, but it is useful in unit tests.`
			`size_t decodingErrors;`

			`void Reset();`
			`};`

			`// A Certificate Transparency verifier that can verify Signed Certificate`
			`// Timestamps from multiple logs.`
			`class MultiLogCTVerifier`
			`{`
			`public:`
			`// Adds a new log to the list of known logs to verify against.`
			`pkix::Result AddLog(pkix::Input publicKey);`

			`// Verifies SCTs embedded in the certificate itself, SCTs embedded in a`
			`// stapled OCSP response, and SCTs obtained via the`
			`// signed_certificate_timestamp TLS extension on the given \|cert\|.`
			`//`
			`// A certificate is permitted but not required to use multiple sources for`
			`// SCTs. It is expected that most certificates will use only one source`
			`// (embedding, TLS extension or OCSP stapling).`
			`//`
			`// The verifier stops on fatal errors (such as out of memory or invalid`
			`// DER encoding of \|cert\|), but it does not stop on SCT decoding errors. See`
			`// CTVerifyResult for more details.`
			`//`
			`// The internal state of the verifier object is not modified`
			`// during the verification process.`
			`//`
			`// \|cert\| DER-encoded certificate to be validated using the provided SCTs.`
			`// \|sctListFromCert\| SCT list embedded in \|cert\|, empty if not present.`
			`// \|issuerSubjectPublicKeyInfo\| SPKI of \|cert\|'s issuer. Can be empty,`
			`// in which case the embedded SCT list`
			`// won't be verified.`
			`// \|sctListFromOCSPResponse\| SCT list included in a stapled OCSP response`
			`// for \|cert\|. Empty if not available.`
			`// \|sctListFromTLSExtension\| is the SCT list from the TLS extension. Empty`
			`// if no extension was present.`
			`// \|time\| the current time. Used to make sure SCTs are not in the future.`
			`// Measured in milliseconds since the epoch, ignoring leap seconds`
			`// (same format as used by the "timestamp" field of`
			`// SignedCertificateTimestamp).`
			`// \|result\| will be filled with the SCTs present, divided into categories`
			`// based on the verification result.`
			`pkix::Result Verify(pkix::Input cert,`
			`pkix::Input issuerSubjectPublicKeyInfo,`
			`pkix::Input sctListFromCert,`
			`pkix::Input sctListFromOCSPResponse,`
			`pkix::Input sctListFromTLSExtension,`
			`uint64_t time,`
			`CTVerifyResult& result);`

			`private:`
			`// Verifies a list of SCTs from \|encodedSctList\| over \|expectedEntry\|,`
			`// placing the verification results in \|result\|. The SCTs in the list`
			`// come from \|origin\| (as will be reflected in the origin field of each SCT).`
			`pkix::Result VerifySCTs(pkix::Input encodedSctList,`
			`const LogEntry& expectedEntry,`
			`SignedCertificateTimestamp::Origin origin,`
			`uint64_t time,`
			`CTVerifyResult& result);`

			`// Verifies a single, parsed SCT against all known logs.`
			`// Note: moves \|sct\| to the target list in \|result\|, invalidating \|sct\|.`
			`pkix::Result VerifySingleSCT(SignedCertificateTimestamp&& sct,`
			`const ct::LogEntry& expectedEntry,`
			`uint64_t time,`
			`CTVerifyResult& result);`

			`// The list of known logs.`
			`Vector<CTLogVerifier> mLogs;`
			`};`

			`} } // namespace mozilla::ct`

			`#endif // MultiLogCTVerifier_h`