tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

MultiLogCTVerifier.h (4723B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef MultiLogCTVerifier_h
      8 #define MultiLogCTVerifier_h
      9 
     10 #include <vector>
     11 
     12 #include "CTLogVerifier.h"
     13 #include "CTVerifyResult.h"
     14 #include "SignedCertificateTimestamp.h"
     15 #include "mozpkix/Input.h"
     16 #include "mozpkix/Result.h"
     17 #include "mozpkix/Time.h"
     18 #include "signature_cache_ffi.h"
     19 #include "mozilla/UniquePtr.h"
     20 
     21 namespace mozilla {
     22 namespace ct {
     23 
     24 void DecodeSCTs(pkix::Input encodedSctList,
     25                std::vector<SignedCertificateTimestamp>& decodedSCTs,
     26                size_t& decodingErrors);
     27 
     28 // A Certificate Transparency verifier that can verify Signed Certificate
     29 // Timestamps from multiple logs.
     30 class MultiLogCTVerifier {
     31 public:
     32  MultiLogCTVerifier();
     33 
     34  // Adds a new log to the list of known logs to verify against.
     35  void AddLog(CTLogVerifier&& log);
     36 
     37  // Verifies SCTs embedded in the certificate itself, SCTs embedded in a
     38  // stapled OCSP response, and SCTs obtained via the
     39  // signed_certificate_timestamp TLS extension on the given |cert|.
     40  //
     41  // A certificate is permitted but not required to use multiple sources for
     42  // SCTs. It is expected that most certificates will use only one source
     43  // (embedding, TLS extension or OCSP stapling).
     44  //
     45  // The verifier stops on fatal errors (such as out of memory or invalid
     46  // DER encoding of |cert|), but it does not stop on SCT decoding errors. See
     47  // CTVerifyResult for more details.
     48  //
     49  // The internal state of the verifier object is not modified
     50  // during the verification process.
     51  //
     52  // |cert|  DER-encoded certificate to be validated using the provided SCTs.
     53  // |sctListFromCert|  SCT list embedded in |cert|, empty if not present.
     54  // |issuerSubjectPublicKeyInfo|  SPKI of |cert|'s issuer. Can be empty,
     55  //                               in which case the embedded SCT list
     56  //                               won't be verified.
     57  // |sctListFromOCSPResponse|  SCT list included in a stapled OCSP response
     58  //                            for |cert|. Empty if not available.
     59  // |sctListFromTLSExtension|  The SCT list from the TLS extension. Empty
     60  //                            if no extension was present.
     61  // |time|  The current time. Used to make sure SCTs are not in the future.
     62  // |distrustAfterTime|  If the root CA has a time past which newly issued
     63  //                      certificates are no longer trusted, this will be set
     64  //                      to that time. Used to ensure no SCTs with timestamps
     65  //                      after that time are accepted.
     66  // |result|  will be filled with the SCTs present, divided into categories
     67  //           based on the verification result.
     68  pkix::Result Verify(pkix::Input cert, pkix::Input issuerSubjectPublicKeyInfo,
     69                      pkix::Input sctListFromCert,
     70                      pkix::Input sctListFromOCSPResponse,
     71                      pkix::Input sctListFromTLSExtension, pkix::Time time,
     72                      Maybe<pkix::Time> distrustAfterTime,
     73                      CTVerifyResult& result);
     74 
     75 private:
     76  // Verifies a list of SCTs from |encodedSctList| over |expectedEntry|,
     77  // placing the verification results in |result|. The SCTs in the list
     78  // come from |origin| (as will be reflected in the origin field of each SCT).
     79  pkix::Result VerifySCTs(pkix::Input encodedSctList,
     80                          const LogEntry& expectedEntry, SCTOrigin origin,
     81                          pkix::Time time, Maybe<pkix::Time> distrustAfterTime,
     82                          CTVerifyResult& result);
     83 
     84  // Verifies a single, parsed SCT against all known logs.
     85  // Note: moves |sct| to the target list in |result|, invalidating |sct|.
     86  pkix::Result VerifySingleSCT(SignedCertificateTimestamp&& sct,
     87                               const ct::LogEntry& expectedEntry,
     88                               SCTOrigin origin, pkix::Time time,
     89                               Maybe<pkix::Time> distrustAfterTime,
     90                               CTVerifyResult& result);
     91 
     92  // The list of known logs.
     93  std::vector<CTLogVerifier> mLogs;
     94 
     95  // If many connections are made to a site using a particular certificate,
     96  // this cache will speed up verifications after the first one by saving the
     97  // results of verifying the signatures on the SCTs for that certificate.
     98  UniquePtr<SignatureCache, decltype(&signature_cache_free)> mSignatureCache;
     99 };
    100 
    101 }  // namespace ct
    102 }  // namespace mozilla
    103 
    104 #endif  // MultiLogCTVerifier_h