diff options
author | Magnus Ahltorp <map@kth.se> | 2015-05-29 18:15:22 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2015-06-10 16:54:55 +0200 |
commit | d941ea72210224c4ee80c304b8b0d3aa54b80e3b (patch) | |
tree | 0cf764f1e5361945cbb7dd86bee3c5c00f17bb65 /src | |
parent | 19fef0841db6998a4b19d49e4feca83149f077c5 (diff) |
Add verification of whole entry. Implement library call for plop verification.
Diffstat (limited to 'src')
-rw-r--r-- | src/catlfish.erl | 50 |
1 files changed, 44 insertions, 6 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl index 5865626..0a14961 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -5,7 +5,7 @@ -export([add_chain/3, entries/2, entry_and_proof/2]). -export([known_roots/0, update_known_roots/0]). -export([init_cache_table/0]). --export([entryhash_from_entry/1, chain_from_entry/1]). +-export([entryhash_from_entry/1, verify_entry/1, verify_entry/2]). -include_lib("eunit/include/eunit.hrl"). -define(PROTOCOL_VERSION, 0). @@ -249,10 +249,7 @@ deserialise_extra_data(ExtraData) -> {E, Rest} = decode_tls_vector(ExtraData, 3), [E | deserialise_extra_data(Rest)]. -chain_from_entry(Entry) -> - {MTLText, ExtraDataPacked} = unpack_entry(Entry), - {ExtraData, <<>>} = decode_tls_vector(ExtraDataPacked, 3), - MTL = deserialise_mtl(MTLText), +chain_from_mtl_extradata(MTL, ExtraData) -> TimestampedEntry = MTL#mtl.entry, Chain = deserialise_extra_data(ExtraData), Data = @@ -265,8 +262,49 @@ chain_from_entry(Entry) -> end, Data. +mtl_and_extra_from_entry(Entry) -> + {MTLText, ExtraDataPacked} = unpack_entry(Entry), + {ExtraData, <<>>} = decode_tls_vector(ExtraDataPacked, 3), + MTL = deserialise_mtl(MTLText), + {MTL, ExtraData}. + +verify_mtl(MTL, LeafCert, CertChain) -> + Timestamp = MTL#mtl.entry#timestamped_entry.timestamp, + EntryType = MTL#mtl.entry#timestamped_entry.entry_type, + TSE = timestamped_entry(Timestamp, EntryType, LeafCert, CertChain), + case MTL of + #mtl{leaf_version = v1, + leaf_type = timestamped_entry, + entry = TSE} -> + ok; + _ -> + error + end. + +verify_entry(Entry) -> + RootCerts = known_roots(), + verify_entry(Entry, RootCerts). + +verify_entry(Entry, RootCerts) -> + {MTL, ExtraData} = mtl_and_extra_from_entry(Entry), + Chain = chain_from_mtl_extradata(MTL, ExtraData), + + case x509:normalise_chain(RootCerts, Chain) of + {ok, [LeafCert|CertChain]} -> + case verify_mtl(MTL, LeafCert, CertChain) of + ok -> + {ok, ht:leaf_hash(serialise(MTL))}; + error -> + {error, "MTL verification failed"} + end; + {error, Reason} -> + {error, Reason} + end. + entryhash_from_entry(Entry) -> - crypto:hash(sha256, chain_from_entry(Entry)). + {MTL, ExtraData} = mtl_and_extra_from_entry(Entry), + Chain = chain_from_mtl_extradata(MTL, ExtraData), + crypto:hash(sha256, Chain). %% Private functions. -spec unpack_entry(binary()) -> {binary(), binary()}. |