summaryrefslogtreecommitdiff
path: root/src/catlfish.erl
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-05-29 18:15:22 +0200
committerMagnus Ahltorp <map@kth.se>2015-05-29 18:15:22 +0200
commit4dad3a362533c17a30d501f98698ae04aa029e7c (patch)
tree1efca49eb3c28fb4e356edc7c4e525492c45579b /src/catlfish.erl
parent42eebf1c68849b1367a8e87757f8019732058c50 (diff)
Add verification of whole entry. Implement library call for plop verification.frontendverify
Diffstat (limited to 'src/catlfish.erl')
-rw-r--r--src/catlfish.erl50
1 files changed, 44 insertions, 6 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl
index 5865626..0a14961 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -5,7 +5,7 @@
-export([add_chain/3, entries/2, entry_and_proof/2]).
-export([known_roots/0, update_known_roots/0]).
-export([init_cache_table/0]).
--export([entryhash_from_entry/1, chain_from_entry/1]).
+-export([entryhash_from_entry/1, verify_entry/1, verify_entry/2]).
-include_lib("eunit/include/eunit.hrl").
-define(PROTOCOL_VERSION, 0).
@@ -249,10 +249,7 @@ deserialise_extra_data(ExtraData) ->
{E, Rest} = decode_tls_vector(ExtraData, 3),
[E | deserialise_extra_data(Rest)].
-chain_from_entry(Entry) ->
- {MTLText, ExtraDataPacked} = unpack_entry(Entry),
- {ExtraData, <<>>} = decode_tls_vector(ExtraDataPacked, 3),
- MTL = deserialise_mtl(MTLText),
+chain_from_mtl_extradata(MTL, ExtraData) ->
TimestampedEntry = MTL#mtl.entry,
Chain = deserialise_extra_data(ExtraData),
Data =
@@ -265,8 +262,49 @@ chain_from_entry(Entry) ->
end,
Data.
+mtl_and_extra_from_entry(Entry) ->
+ {MTLText, ExtraDataPacked} = unpack_entry(Entry),
+ {ExtraData, <<>>} = decode_tls_vector(ExtraDataPacked, 3),
+ MTL = deserialise_mtl(MTLText),
+ {MTL, ExtraData}.
+
+verify_mtl(MTL, LeafCert, CertChain) ->
+ Timestamp = MTL#mtl.entry#timestamped_entry.timestamp,
+ EntryType = MTL#mtl.entry#timestamped_entry.entry_type,
+ TSE = timestamped_entry(Timestamp, EntryType, LeafCert, CertChain),
+ case MTL of
+ #mtl{leaf_version = v1,
+ leaf_type = timestamped_entry,
+ entry = TSE} ->
+ ok;
+ _ ->
+ error
+ end.
+
+verify_entry(Entry) ->
+ RootCerts = known_roots(),
+ verify_entry(Entry, RootCerts).
+
+verify_entry(Entry, RootCerts) ->
+ {MTL, ExtraData} = mtl_and_extra_from_entry(Entry),
+ Chain = chain_from_mtl_extradata(MTL, ExtraData),
+
+ case x509:normalise_chain(RootCerts, Chain) of
+ {ok, [LeafCert|CertChain]} ->
+ case verify_mtl(MTL, LeafCert, CertChain) of
+ ok ->
+ {ok, ht:leaf_hash(serialise(MTL))};
+ error ->
+ {error, "MTL verification failed"}
+ end;
+ {error, Reason} ->
+ {error, Reason}
+ end.
+
entryhash_from_entry(Entry) ->
- crypto:hash(sha256, chain_from_entry(Entry)).
+ {MTL, ExtraData} = mtl_and_extra_from_entry(Entry),
+ Chain = chain_from_mtl_extradata(MTL, ExtraData),
+ crypto:hash(sha256, Chain).
%% Private functions.
-spec unpack_entry(binary()) -> {binary(), binary()}.