pax_global_header00006660000000000000000000000064132661643470014526gustar00rootroot0000000000000052 comment=ca1acc7d7757383c11656d05a111e8145b1a46f0 certspotter-0.9/000077500000000000000000000000001326616434700137545ustar00rootroot00000000000000certspotter-0.9/CONTRIBUTING000066400000000000000000000033071326616434700156110ustar00rootroot00000000000000All contributors to Cert Spotter must accept the Developer Certificate of Origin (DCO): Developer Certificate of Origin Version 1.1 Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 660 York Street, Suite 102, San Francisco, CA 94110 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. To accept the DCO, add the following line to each commit message with your real name and email address (`git commit -s` will do this for you): Signed-off-by: Alex Smith certspotter-0.9/COPYING000066400000000000000000000405261326616434700150160ustar00rootroot00000000000000Mozilla Public License Version 2.0 ================================== 1. Definitions -------------- 1.1. "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. "Contributor Version" means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. "Contribution" means Covered Software of a particular Contributor. 1.4. "Covered Software" means Source Code Form to which the initial Contributor has attached the notice in Exhibit A, the Executable Form of such Source Code Form, and Modifications of such Source Code Form, in each case including portions thereof. 1.5. "Incompatible With Secondary Licenses" means (a) that the initial Contributor has attached the notice described in Exhibit B to the Covered Software; or (b) that the Covered Software was made available under the terms of version 1.1 or earlier of the License, but not also under the terms of a Secondary License. 1.6. "Executable Form" means any form of the work other than Source Code Form. 1.7. "Larger Work" means a work that combines Covered Software with other material, in a separate file or files, that is not Covered Software. 1.8. "License" means this document. 1.9. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently, any and all of the rights conveyed by this License. 1.10. "Modifications" means any of the following: (a) any file in Source Code Form that results from an addition to, deletion from, or modification of the contents of Covered Software; or (b) any new file in Source Code Form that contains any Covered Software. 1.11. "Patent Claims" of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. "Secondary License" means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General Public License, Version 3.0, or any later versions of those licenses. 1.13. "Source Code Form" means the form of the work preferred for making modifications. 1.14. "You" (or "Your") means an individual or a legal entity exercising rights under this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. License Grants and Conditions -------------------------------- 2.1. Grants Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: (a) under intellectual property rights (other than patent or trademark) Licensable by such Contributor to use, reproduce, make available, modify, display, perform, distribute, and otherwise exploit its Contributions, either on an unmodified basis, with Modifications, or as part of a Larger Work; and (b) under Patent Claims of such Contributor to make, use, sell, offer for sale, have made, import, and otherwise transfer either its Contributions or its Contributor Version. 2.2. Effective Date The licenses granted in Section 2.1 with respect to any Contribution become effective for each Contribution on the date the Contributor first distributes such Contribution. 2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: (a) for any code that a Contributor has removed from Covered Software; or (b) for infringements caused by: (i) Your and any other third party's modifications of Covered Software, or (ii) the combination of its Contributions with other software (except as part of its Contributor Version); or (c) under Patent Claims infringed by Covered Software in the absence of its Contributions. This License does not grant any rights in the trademarks, service marks, or logos of any Contributor (except as may be necessary to comply with the notice requirements in Section 3.4). 2.4. Subsequent Licenses No Contributor makes additional grants as a result of Your choice to distribute the Covered Software under a subsequent version of this License (see Section 10.2) or under the terms of a Secondary License (if permitted under the terms of Section 3.3). 2.5. Representation Each Contributor represents that the Contributor believes its Contributions are its original creation(s) or it has sufficient rights to grant the rights to its Contributions conveyed by this License. 2.6. Fair Use This License is not intended to limit any rights You have under applicable copyright doctrines of fair use, fair dealing, or other equivalents. 2.7. Conditions Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in Section 2.1. 3. Responsibilities ------------------- 3.1. Distribution of Source Form All distribution of Covered Software in Source Code Form, including any Modifications that You create or to which You contribute, must be under the terms of this License. You must inform recipients that the Source Code Form of the Covered Software is governed by the terms of this License, and how they can obtain a copy of this License. You may not attempt to alter or restrict the recipients' rights in the Source Code Form. 3.2. Distribution of Executable Form If You distribute Covered Software in Executable Form then: (a) such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable Form how they can obtain a copy of such Source Code Form by reasonable means in a timely manner, at a charge no more than the cost of distribution to the recipient; and (b) You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the Executable Form does not attempt to limit or alter the recipients' rights in the Source Code Form under this License. 3.3. Distribution of a Larger Work You may create and distribute a Larger Work under terms of Your choice, provided that You also comply with the requirements of this License for the Covered Software. If the Larger Work is a combination of Covered Software with a work governed by one or more Secondary Licenses, and the Covered Software is not Incompatible With Secondary Licenses, this License permits You to additionally distribute such Covered Software under the terms of such Secondary License(s), so that the recipient of the Larger Work may, at their option, further distribute the Covered Software under the terms of either this License or such Secondary License(s). 3.4. Notices You may not remove or alter the substance of any license notices (including copyright notices, patent notices, disclaimers of warranty, or limitations of liability) contained within the Source Code Form of the Covered Software, except that You may alter any license notices to the extent required to remedy known factual inaccuracies. 3.5. Application of Additional Terms You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, You may do so only on Your own behalf, and not on behalf of any Contributor. You must make it absolutely clear that any such warranty, support, indemnity, or liability obligation is offered by You alone, and You hereby agree to indemnify every Contributor for any liability incurred by such Contributor as a result of warranty, support, indemnity or liability terms You offer. You may include additional disclaimers of warranty and limitations of liability specific to any jurisdiction. 4. Inability to Comply Due to Statute or Regulation --------------------------------------------------- If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Software due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be placed in a text file included with all distributions of the Covered Software under this License. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Termination -------------- 5.1. The rights granted under this License will terminate automatically if You fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor explicitly and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor fails to notify You of the non-compliance by some reasonable means prior to 60 days after You have come back into compliance. Moreover, Your grants from a particular Contributor are reinstated on an ongoing basis if such Contributor notifies You of the non-compliance by some reasonable means, this is the first time You have received notice of non-compliance with this License from such Contributor, and You become compliant prior to 30 days after Your receipt of the notice. 5.2. If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate. 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or Your distributors under this License prior to termination shall survive termination. ************************************************************************ * * * 6. Disclaimer of Warranty * * ------------------------- * * * * Covered Software is provided under this License on an "as is" * * basis, without warranty of any kind, either expressed, implied, or * * statutory, including, without limitation, warranties that the * * Covered Software is free of defects, merchantable, fit for a * * particular purpose or non-infringing. The entire risk as to the * * quality and performance of the Covered Software is with You. * * Should any Covered Software prove defective in any respect, You * * (not any Contributor) assume the cost of any necessary servicing, * * repair, or correction. This disclaimer of warranty constitutes an * * essential part of this License. No use of any Covered Software is * * authorized under this License except under this disclaimer. * * * ************************************************************************ ************************************************************************ * * * 7. Limitation of Liability * * -------------------------- * * * * Under no circumstances and under no legal theory, whether tort * * (including negligence), contract, or otherwise, shall any * * Contributor, or anyone who distributes Covered Software as * * permitted above, be liable to You for any direct, indirect, * * special, incidental, or consequential damages of any character * * including, without limitation, damages for lost profits, loss of * * goodwill, work stoppage, computer failure or malfunction, or any * * and all other commercial damages or losses, even if such party * * shall have been informed of the possibility of such damages. This * * limitation of liability shall not apply to liability for death or * * personal injury resulting from such party's negligence to the * * extent applicable law prohibits such limitation. Some * * jurisdictions do not allow the exclusion or limitation of * * incidental or consequential damages, so this exclusion and * * limitation may not apply to You. * * * ************************************************************************ 8. Litigation ------------- Any litigation relating to this License may be brought only in the courts of a jurisdiction where the defendant maintains its principal place of business and such litigation shall be governed by laws of that jurisdiction, without reference to its conflict-of-law provisions. Nothing in this Section shall prevent a party's ability to bring cross-claims or counter-claims. 9. Miscellaneous ---------------- This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not be used to construe this License against a Contributor. 10. Versions of the License --------------------------- 10.1. New Versions Mozilla Foundation is the license steward. Except as provided in Section 10.3, no one other than the license steward has the right to modify or publish new versions of this License. Each version will be given a distinguishing version number. 10.2. Effect of New Versions You may distribute the Covered Software under the terms of the version of the License under which You originally received the Covered Software, or under the terms of any subsequent version published by the license steward. 10.3. Modified Versions If you create software not governed by this License, and you want to create a new license for such software, you may create and use a modified version of this License if you rename the license and remove any references to the name of the license steward (except to note that such modified license differs from this License). 10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses If You choose to distribute Source Code Form that is Incompatible With Secondary Licenses under the terms of this version of the License, the notice described in Exhibit B of this License must be attached. Exhibit A - Source Code Form License Notice ------------------------------------------- This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. If it is not possible or desirable to put the notice in a particular file, then You may include the notice in a location (such as a LICENSE file in a relevant directory) where a recipient would be likely to look for such a notice. You may add additional accurate notices of copyright ownership. Exhibit B - "Incompatible With Secondary Licenses" Notice --------------------------------------------------------- This Source Code Form is "Incompatible With Secondary Licenses", as defined by the Mozilla Public License, v. 2.0. certspotter-0.9/NEWS000066400000000000000000000040021326616434700144470ustar00rootroot00000000000000v0.9 (2018-04-19) * Add Cloudflare Nimbus logs * Remove Google Argon 2017 log * Remove WoSign and StartCom logs due to disqualification by Chromium and extended downtime v0.8 (2017-12-08) * Add Symantec Sirius log * Add DigiCert 2 log v0.7 (2017-11-13) * Add Google Argon logs * Fix bug that caused crash on 32 bit architectures v0.6 (2017-10-19) * Add Comodo Mammoth and Comodo Sabre logs * Minor bug fixes and improvements v0.5 (2017-05-18) * Remove PuChuangSiDa 1 log due to excessive downtime and presumptive disqualification from Chrome * Add Venafi Gen2 log * Improve monitoring robustness under certain pathological behavior by logs * Minor documentation improvements v0.4 (2017-04-03) * Add PuChuangSiDa 1 log * Remove Venafi log due to fork and disqualification from Chrome v0.3 (2017-02-20) * Revise -all_time flag (behavior change): - If -all_time is specified, scan the entirety of all logs, even existing logs - When a new log is added, scan it in its entirety even if -all_time is not specified * Add new logs: - Google Icarus - Google Skydiver - StartCom - WoSign * Overhaul log processing and auditing logic: - STHs are never deleted unless they can be verified - Multiple unverified STHs can be queued per log, laying groundwork for STH pollination support - New state directory layout; current state directories will be migrated, but migration will be removed in a future version - Persist condensed Merkle Tree state between runs, instead of reconstructing it from consistency proof every time * Use a lock file to prevent multiple instances of Cert Spotter from running concurrently (which could clobber the state directory). * Minor bug fixes and improvements v0.2 (2016-08-25) * Suppress duplicate identifiers in output. * Fix "EOF" error when running under Go 1.7. * Fix bug where hook script could fail silently. * Fix compilation under Go 1.5. v0.1 (2016-07-27) * Initial release. certspotter-0.9/README000066400000000000000000000130341326616434700146350ustar00rootroot00000000000000Cert Spotter is a Certificate Transparency log monitor from SSLMate that alerts you when a SSL/TLS certificate is issued for one of your domains. Cert Spotter is easier than other open source CT monitors, since it does not require a database. It's also more robust, since it uses a special certificate parser that ensures it won't miss certificates. Cert Spotter is also available as a hosted service by SSLMate that requires zero setup and provides an easy web dashboard to centrally manage your certificates. Visit to sign up. You can use Cert Spotter to detect: * Certificates issued to attackers who have compromised a certificate authority and want to impersonate your site. * Certificates issued to attackers who are using your infrastructure to serve malware. * Certificates issued in violation of your corporate policy or outside of your centralized certificate procurement process. * Certificates issued to your infrastructure providers without your consent. USING CERT SPOTTER The easiest way to use Cert Spotter is to sign up for an account at . If you want to run Cert Spotter on your own server, follow these instructions. Cert Spotter requires Go version 1.5 or higher. 1. Install Cert Spotter using go get: go get software.sslmate.com/src/certspotter/cmd/certspotter 2. Create a file called ~/.certspotter/watchlist listing the DNS names you want to monitor, one per line. To monitor an entire domain tree (including the domain itself and all sub-domains) prefix the domain name with a dot (e.g. ".example.com"). To monitor a single DNS name only, do not prefix the name with a dot. 3. Create a cron job to periodically run: certspotter When Cert Spotter detects a certificate for a name on your watchlist, it writes a report to standard out, which the Cron daemon emails to you. Make sure you are able to receive emails sent by Cron. Cert Spotter also saves a copy of matching certificates in ~/.certspotter/certs. You can add and remove domains on your watchlist at any time. However, the certspotter command only notifies you of certificates that were logged since adding a domain to the watchlist, unless you specify the -all_time option, which requires scanning the entirety of every log and takes several hours to complete with a fast Internet connection. To examine preexisting certificates, it's better to use the Cert Spotter service , the Cert Spotter API , or a CT search engine such as . COMMAND LINE FLAGS -watchlist FILENAME File containing identifiers to watch, one per line, as described above (use - to read from stdin). Default: ~/.certspotter/watchlist -no_save Do not save a copy of matching certificates. -all_time Scan for certificates from all time, not just those added since the last run of Cert Spotter. Unless this option is specified, no certificates are scanned the first time Cert Spotter is run. -logs FILENAME JSON file containing logs to scan, in the format documented at . Default: use the logs trusted by Chromium. -state_dir PATH Directory for storing state. Default: ~/.certspotter -verbose Be verbose. WHAT CERTIFICATES ARE DETECTED BY CERT SPOTTER? Any certificate that is logged to a Certificate Transparency log trusted by Chromium will be detected by Cert Spotter. All certificates issued after April 30, 2018 must be logged to such a log to be trusted by Chromium. Generally, certificate authorities will automatically submit certificates to logs so that they will work in Chromium. In addition, certificates that are discovered during Internet-wide scans are submitted to Certificate Transparency logs. SECURITY Cert Spotter assumes an adversarial model in which an attacker produces a certificate that is accepted by at least some clients but goes undetected because of an encoding error that prevents CT monitors from understanding it. To defend against this attack, Cert Spotter uses a special certificate parser that keeps the certificate unparsed except for the identifiers. If one of the identifiers matches a domain on your watchlist, you will be notified, even if other parts of the certificate are unparsable. Cert Spotter takes special precautions to ensure identifiers are parsed correctly, and implements defenses against identifier-based attacks. For instance, if a DNS identifier contains a null byte, Cert Spotter interprets it as two identifiers: the complete identifier, and the identifier formed by truncating at the first null byte. For example, a certificate for example.org\0.example.com will alert the owners of both example.org and example.com. This defends against null prefix attacks . SSLMate continuously monitors CT logs to make sure every certificate's identifiers can be successfully parsed, and will release updates to Cert Spotter as necessary to fix parsing failures. Cert Spotter understands wildcard and redacted DNS names, and will alert you if a wildcard or redacted certificate might match an identifier on your watchlist. For example, a watchlist entry for sub.example.com would match certificates for *.example.com or ?.example.com. Cert Spotter is not just a log monitor, but also a log auditor which checks that the log is obeying its append-only property. A future release of Cert Spotter will support gossiping with other log monitors to ensure the log is presenting a single view. certspotter-0.9/asn1.go000066400000000000000000000045101326616434700151450ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "bytes" "encoding/asn1" "encoding/binary" "errors" "unicode/utf8" ) func stringFromByteSlice(chars []byte) string { runes := make([]rune, len(chars)) for i, ch := range chars { runes[i] = rune(ch) } return string(runes) } func stringFromUint16Slice(chars []uint16) string { runes := make([]rune, len(chars)) for i, ch := range chars { runes[i] = rune(ch) } return string(runes) } func stringFromUint32Slice(chars []uint32) string { runes := make([]rune, len(chars)) for i, ch := range chars { runes[i] = rune(ch) } return string(runes) } func decodeASN1String(value *asn1.RawValue) (string, error) { if !value.IsCompound && value.Class == 0 { if value.Tag == 12 { // UTF8String if !utf8.Valid(value.Bytes) { return "", errors.New("Malformed UTF8String") } return string(value.Bytes), nil } else if value.Tag == 19 || value.Tag == 22 || value.Tag == 20 { // * PrintableString - subset of ASCII // * IA5String - ASCII // * TeletexString - 8 bit charset; not quite ISO-8859-1, but often treated as such // Don't enforce character set rules. Allow any 8 bit character, since // CAs routinely mess this up return stringFromByteSlice(value.Bytes), nil } else if value.Tag == 30 { // BMPString - Unicode, encoded in big-endian format using two octets runes := make([]uint16, len(value.Bytes)/2) if err := binary.Read(bytes.NewReader(value.Bytes), binary.BigEndian, runes); err != nil { return "", errors.New("Malformed BMPString: " + err.Error()) } return stringFromUint16Slice(runes), nil } else if value.Tag == 28 { // UniversalString - Unicode, encoded in big-endian format using four octets runes := make([]uint32, len(value.Bytes)/4) if err := binary.Read(bytes.NewReader(value.Bytes), binary.BigEndian, runes); err != nil { return "", errors.New("Malformed UniversalString: " + err.Error()) } return stringFromUint32Slice(runes), nil } } return "", errors.New("Not a string") } certspotter-0.9/asn1time.go000066400000000000000000000154241326616434700160320ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "encoding/asn1" "errors" "strconv" "time" "unicode" ) const ( tagUTCTime = 23 tagGeneralizedTime = 24 ) func isDigit(b byte) bool { return unicode.IsDigit(rune(b)) } func bytesToInt(bytes []byte) (int, error) { return strconv.Atoi(string(bytes)) } func parseUTCTime(bytes []byte) (time.Time, error) { var err error var year, month, day int var hour, min, sec int var tz *time.Location // YYMMDDhhmm if len(bytes) < 10 { return time.Time{}, errors.New("UTCTime is too short") } year, err = bytesToInt(bytes[0:2]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } month, err = bytesToInt(bytes[2:4]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } day, err = bytesToInt(bytes[4:6]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } hour, err = bytesToInt(bytes[6:8]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } min, err = bytesToInt(bytes[8:10]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } bytes = bytes[10:] // (optional) ss if len(bytes) >= 2 && isDigit(bytes[0]) { sec, err = bytesToInt(bytes[0:2]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } bytes = bytes[2:] } // timezone (required but allow it to be omitted, since this is a common error) if len(bytes) >= 1 { if bytes[0] == 'Z' { tz = time.UTC bytes = bytes[1:] } else if bytes[0] == '+' { // +hhmm if len(bytes) < 5 { return time.Time{}, errors.New("UTCTime positive timezone offset is too short") } tzHour, err := bytesToInt(bytes[1:3]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } tzMin, err := bytesToInt(bytes[3:5]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } tz = time.FixedZone("", tzHour*3600+tzMin*60) bytes = bytes[5:] } else if bytes[0] == '-' { // -hhmm if len(bytes) < 5 { return time.Time{}, errors.New("UTCTime negative timezone offset is too short") } tzHour, err := bytesToInt(bytes[1:3]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } tzMin, err := bytesToInt(bytes[3:5]) if err != nil { return time.Time{}, errors.New("UTCTime contains invalid integer: " + err.Error()) } tz = time.FixedZone("", -1*(tzHour*3600+tzMin*60)) bytes = bytes[5:] } } else { tz = time.UTC } if len(bytes) > 0 { return time.Time{}, errors.New("UTCTime has trailing garbage") } // https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 if year >= 50 { year = 1900 + year } else { year = 2000 + year } return time.Date(year, time.Month(month), day, hour, min, sec, 0, tz), nil } func parseGeneralizedTime(bytes []byte) (time.Time, error) { var err error var year, month, day int var hour, min, sec, ms int var tz *time.Location // YYYYMMDDHH if len(bytes) < 10 { return time.Time{}, errors.New("GeneralizedTime is too short") } year, err = bytesToInt(bytes[0:4]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } month, err = bytesToInt(bytes[4:6]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } day, err = bytesToInt(bytes[6:8]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } hour, err = bytesToInt(bytes[8:10]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } bytes = bytes[10:] // (optional) MM if len(bytes) >= 2 && isDigit(bytes[0]) { min, err = bytesToInt(bytes[0:2]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } bytes = bytes[2:] // (optional) SS if len(bytes) >= 2 && isDigit(bytes[0]) { sec, err = bytesToInt(bytes[0:2]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } bytes = bytes[2:] // (optional) .fff if len(bytes) >= 1 && bytes[0] == '.' { if len(bytes) < 4 { return time.Time{}, errors.New("GeneralizedTime fractional seconds is too short") } ms, err = bytesToInt(bytes[1:4]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } bytes = bytes[4:] } } } // timezone (Z or +hhmm or -hhmm or nothing) if len(bytes) >= 1 { if bytes[0] == 'Z' { bytes = bytes[1:] tz = time.UTC } else if bytes[0] == '+' { // +hhmm if len(bytes) < 5 { return time.Time{}, errors.New("GeneralizedTime positive timezone offset is too short") } tzHour, err := bytesToInt(bytes[1:3]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } tzMin, err := bytesToInt(bytes[3:5]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } tz = time.FixedZone("", tzHour*3600+tzMin*60) bytes = bytes[5:] } else if bytes[0] == '-' { // -hhmm if len(bytes) < 5 { return time.Time{}, errors.New("GeneralizedTime negative timezone offset is too short") } tzHour, err := bytesToInt(bytes[1:3]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } tzMin, err := bytesToInt(bytes[3:5]) if err != nil { return time.Time{}, errors.New("GeneralizedTime contains invalid integer: " + err.Error()) } tz = time.FixedZone("", -1*(tzHour*3600+tzMin*60)) bytes = bytes[5:] } } else { tz = time.UTC } if len(bytes) > 0 { return time.Time{}, errors.New("GeneralizedTime has trailing garbage") } return time.Date(year, time.Month(month), day, hour, min, sec, ms*1000*1000, tz), nil } func decodeASN1Time(value *asn1.RawValue) (time.Time, error) { if !value.IsCompound && value.Class == 0 { if value.Tag == tagUTCTime { return parseUTCTime(value.Bytes) } else if value.Tag == tagGeneralizedTime { return parseGeneralizedTime(value.Bytes) } } return time.Time{}, errors.New("Not a time value") } certspotter-0.9/asn1time_test.go000066400000000000000000000126311326616434700170660ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "testing" "time" ) type timeTest struct { in string ok bool out time.Time } var utcTimeTests = []timeTest{ {"9502101525Z", true, time.Date(1995, time.February, 10, 15, 25, 0, 0, time.UTC)}, {"950210152542Z", true, time.Date(1995, time.February, 10, 15, 25, 42, 0, time.UTC)}, {"1502101525Z", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.UTC)}, {"150210152542Z", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.UTC)}, {"1502101525+1000", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.FixedZone("", 10*3600))}, {"1502101525-1000", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.FixedZone("", -1*(10*3600)))}, {"1502101525+1035", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.FixedZone("", 10*3600+35*60))}, {"1502101525-1035", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.FixedZone("", -1*(10*3600+35*60)))}, {"150210152542+1000", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.FixedZone("", 10*3600))}, {"150210152542-1000", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.FixedZone("", -1*(10*3600)))}, {"150210152542+1035", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.FixedZone("", 10*3600+35*60))}, {"150210152542-1035", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.FixedZone("", -1*(10*3600+35*60)))}, {"1502101525", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.UTC)}, {"150210152542", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.UTC)}, {"", false, time.Time{}}, {"123", false, time.Time{}}, {"150210152542-10", false, time.Time{}}, {"150210152542F", false, time.Time{}}, {"150210152542ZF", false, time.Time{}}, } func TestUTCTime(t *testing.T) { for i, test := range utcTimeTests { ret, err := parseUTCTime([]byte(test.in)) if err != nil { if test.ok { t.Errorf("#%d: parseUTCTime(%q) failed with error %v", i, test.in, err) } continue } if !test.ok { t.Errorf("#%d: parseUTCTime(%q) succeeded, should have failed", i, test.in) continue } if !test.out.Equal(ret) { t.Errorf("#%d: parseUTCTime(%q) = %v, want %v", i, test.in, ret, test.out) } } } var generalizedTimeTests = []timeTest{ {"2015021015", true, time.Date(2015, time.February, 10, 15, 0, 0, 0, time.UTC)}, {"201502101525", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.UTC)}, {"20150210152542", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.UTC)}, {"20150210152542.123", true, time.Date(2015, time.February, 10, 15, 25, 42, 123000000, time.UTC)}, {"20150210152542.12", false, time.Time{}}, {"20150210152542.1", false, time.Time{}}, {"20150210152542.", false, time.Time{}}, {"2015021015Z", true, time.Date(2015, time.February, 10, 15, 0, 0, 0, time.UTC)}, {"201502101525Z", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.UTC)}, {"20150210152542Z", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.UTC)}, {"20150210152542.123Z", true, time.Date(2015, time.February, 10, 15, 25, 42, 123000000, time.UTC)}, {"20150210152542.12Z", false, time.Time{}}, {"20150210152542.1Z", false, time.Time{}}, {"20150210152542.Z", false, time.Time{}}, {"2015021015+1000", true, time.Date(2015, time.February, 10, 15, 0, 0, 0, time.FixedZone("", 10*3600))}, {"201502101525+1000", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.FixedZone("", 10*3600))}, {"20150210152542+1000", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.FixedZone("", 10*3600))}, {"20150210152542.123+1000", true, time.Date(2015, time.February, 10, 15, 25, 42, 123000000, time.FixedZone("", 10*3600))}, {"20150210152542.12+1000", false, time.Time{}}, {"20150210152542.1+1000", false, time.Time{}}, {"20150210152542.+1000", false, time.Time{}}, {"2015021015-0835", true, time.Date(2015, time.February, 10, 15, 0, 0, 0, time.FixedZone("", -1*(8*3600+35*60)))}, {"201502101525-0835", true, time.Date(2015, time.February, 10, 15, 25, 0, 0, time.FixedZone("", -1*(8*3600+35*60)))}, {"20150210152542-0835", true, time.Date(2015, time.February, 10, 15, 25, 42, 0, time.FixedZone("", -1*(8*3600+35*60)))}, {"20150210152542.123-0835", true, time.Date(2015, time.February, 10, 15, 25, 42, 123000000, time.FixedZone("", -1*(8*3600+35*60)))}, {"20150210152542.12-0835", false, time.Time{}}, {"20150210152542.1-0835", false, time.Time{}}, {"20150210152542.-0835", false, time.Time{}}, {"", false, time.Time{}}, {"123", false, time.Time{}}, {"2015021015+1000Z", false, time.Time{}}, {"2015021015x", false, time.Time{}}, {"201502101525Zf", false, time.Time{}}, } func TestGeneralizedTime(t *testing.T) { for i, test := range generalizedTimeTests { ret, err := parseGeneralizedTime([]byte(test.in)) if err != nil { if test.ok { t.Errorf("#%d: parseGeneralizedTime(%q) failed with error %v", i, test.in, err) } continue } if !test.ok { t.Errorf("#%d: parseGeneralizedTime(%q) succeeded, should have failed", i, test.in) continue } if !test.out.Equal(ret) { t.Errorf("#%d: parseGeneralizedTime(%q) = %v, want %v", i, test.in, ret, test.out) } } } certspotter-0.9/auditing.go000066400000000000000000000130171326616434700161110ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "bytes" "crypto/sha256" "encoding/json" "errors" "software.sslmate.com/src/certspotter/ct" ) func reverseHashes(hashes []ct.MerkleTreeNode) { for i := 0; i < len(hashes)/2; i++ { j := len(hashes) - i - 1 hashes[i], hashes[j] = hashes[j], hashes[i] } } func VerifyConsistencyProof(proof ct.ConsistencyProof, first *ct.SignedTreeHead, second *ct.SignedTreeHead) bool { // TODO: make sure every hash in proof is right length? otherwise input to hashChildren is ambiguous if second.TreeSize < first.TreeSize { // Can't be consistent if tree got smaller return false } if first.TreeSize == second.TreeSize { if !(bytes.Equal(first.SHA256RootHash[:], second.SHA256RootHash[:]) && len(proof) == 0) { return false } return true } if first.TreeSize == 0 { // The purpose of the consistency proof is to ensure the append-only // nature of the tree; i.e. that the first tree is a "prefix" of the // second tree. If the first tree is empty, then it's trivially a prefix // of the second tree, so no proof is needed. if len(proof) != 0 { return false } return true } // Guaranteed that 0 < first.TreeSize < second.TreeSize node := first.TreeSize - 1 lastNode := second.TreeSize - 1 // While we're the right child, everything is in both trees, so move one level up. for node%2 == 1 { node /= 2 lastNode /= 2 } var newHash ct.MerkleTreeNode var oldHash ct.MerkleTreeNode if node > 0 { if len(proof) == 0 { return false } newHash = proof[0] proof = proof[1:] } else { // The old tree was balanced, so we already know the first hash to use newHash = first.SHA256RootHash[:] } oldHash = newHash for node > 0 { if node%2 == 1 { // node is a right child; left sibling exists in both trees if len(proof) == 0 { return false } newHash = hashChildren(proof[0], newHash) oldHash = hashChildren(proof[0], oldHash) proof = proof[1:] } else if node < lastNode { // node is a left child; rigth sibling only exists in the new tree if len(proof) == 0 { return false } newHash = hashChildren(newHash, proof[0]) proof = proof[1:] } // else node == lastNode: node is a left child with no sibling in either tree node /= 2 lastNode /= 2 } if !bytes.Equal(oldHash, first.SHA256RootHash[:]) { return false } // If trees have different height, continue up the path to reach the new root for lastNode > 0 { if len(proof) == 0 { return false } newHash = hashChildren(newHash, proof[0]) proof = proof[1:] lastNode /= 2 } if !bytes.Equal(newHash, second.SHA256RootHash[:]) { return false } return true } func hashNothing() ct.MerkleTreeNode { return sha256.New().Sum(nil) } func hashLeaf(leafBytes []byte) ct.MerkleTreeNode { hasher := sha256.New() hasher.Write([]byte{0x00}) hasher.Write(leafBytes) return hasher.Sum(nil) } func hashChildren(left ct.MerkleTreeNode, right ct.MerkleTreeNode) ct.MerkleTreeNode { hasher := sha256.New() hasher.Write([]byte{0x01}) hasher.Write(left) hasher.Write(right) return hasher.Sum(nil) } type CollapsedMerkleTree struct { nodes []ct.MerkleTreeNode size uint64 } func calculateNumNodes(size uint64) int { numNodes := 0 for size > 0 { numNodes += int(size & 1) size >>= 1 } return numNodes } func EmptyCollapsedMerkleTree() *CollapsedMerkleTree { return &CollapsedMerkleTree{} } func NewCollapsedMerkleTree(nodes []ct.MerkleTreeNode, size uint64) (*CollapsedMerkleTree, error) { if len(nodes) != calculateNumNodes(size) { return nil, errors.New("NewCollapsedMerkleTree: nodes has incorrect size") } return &CollapsedMerkleTree{nodes: nodes, size: size}, nil } func CloneCollapsedMerkleTree(source *CollapsedMerkleTree) *CollapsedMerkleTree { nodes := make([]ct.MerkleTreeNode, len(source.nodes)) copy(nodes, source.nodes) return &CollapsedMerkleTree{nodes: nodes, size: source.size} } func (tree *CollapsedMerkleTree) Add(hash ct.MerkleTreeNode) { tree.nodes = append(tree.nodes, hash) tree.size++ size := tree.size for size%2 == 0 { left, right := tree.nodes[len(tree.nodes)-2], tree.nodes[len(tree.nodes)-1] tree.nodes = tree.nodes[:len(tree.nodes)-2] tree.nodes = append(tree.nodes, hashChildren(left, right)) size /= 2 } } func (tree *CollapsedMerkleTree) CalculateRoot() ct.MerkleTreeNode { if len(tree.nodes) == 0 { return hashNothing() } i := len(tree.nodes) - 1 hash := tree.nodes[i] for i > 0 { i -= 1 hash = hashChildren(tree.nodes[i], hash) } return hash } func (tree *CollapsedMerkleTree) GetSize() uint64 { return tree.size } func (tree *CollapsedMerkleTree) MarshalJSON() ([]byte, error) { return json.Marshal(map[string]interface{}{ "nodes": tree.nodes, "size": tree.size, }) } func (tree *CollapsedMerkleTree) UnmarshalJSON(b []byte) error { var rawTree struct { Nodes []ct.MerkleTreeNode `json:"nodes"` Size uint64 `json:"size"` } if err := json.Unmarshal(b, &rawTree); err != nil { return errors.New("Failed to unmarshal CollapsedMerkleTree: " + err.Error()) } if len(rawTree.Nodes) != calculateNumNodes(rawTree.Size) { return errors.New("Failed to unmarshal CollapsedMerkleTree: nodes has incorrect length") } tree.size = rawTree.Size tree.nodes = rawTree.Nodes return nil } certspotter-0.9/cmd/000077500000000000000000000000001326616434700145175ustar00rootroot00000000000000certspotter-0.9/cmd/certspotter/000077500000000000000000000000001326616434700170755ustar00rootroot00000000000000certspotter-0.9/cmd/certspotter/.gitignore000066400000000000000000000000151326616434700210610ustar00rootroot00000000000000/certspotter certspotter-0.9/cmd/certspotter/main.go000066400000000000000000000120341326616434700203500ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package main import ( "bufio" "flag" "fmt" "io" "os" "path/filepath" "strings" "golang.org/x/net/idna" "software.sslmate.com/src/certspotter" "software.sslmate.com/src/certspotter/cmd" "software.sslmate.com/src/certspotter/ct" ) func defaultStateDir() string { if envVar := os.Getenv("CERTSPOTTER_STATE_DIR"); envVar != "" { return envVar } else { return cmd.DefaultStateDir("certspotter") } } func defaultConfigDir() string { if envVar := os.Getenv("CERTSPOTTER_CONFIG_DIR"); envVar != "" { return envVar } else { return cmd.DefaultConfigDir("certspotter") } } func trimTrailingDots(value string) string { length := len(value) for length > 0 && value[length-1] == '.' { length-- } return value[0:length] } var stateDir = flag.String("state_dir", defaultStateDir(), "Directory for storing state") var watchlistFilename = flag.String("watchlist", filepath.Join(defaultConfigDir(), "watchlist"), "File containing identifiers to watch (- for stdin)") type watchlistItem struct { Domain []string AcceptSuffix bool } var watchlist []watchlistItem func parseWatchlistItem(str string) (watchlistItem, error) { if str == "." { // "." as in root zone (matches everything) return watchlistItem{ Domain: []string{}, AcceptSuffix: true, }, nil } else { acceptSuffix := false if strings.HasPrefix(str, ".") { acceptSuffix = true str = str[1:] } asciiDomain, err := idna.ToASCII(strings.ToLower(trimTrailingDots(str))) if err != nil { return watchlistItem{}, fmt.Errorf("Invalid domain `%s': %s", str, err) } return watchlistItem{ Domain: strings.Split(asciiDomain, "."), AcceptSuffix: acceptSuffix, }, nil } } func readWatchlist(reader io.Reader) ([]watchlistItem, error) { items := []watchlistItem{} scanner := bufio.NewScanner(reader) for scanner.Scan() { line := scanner.Text() if line == "" || strings.HasPrefix(line, "#") { continue } item, err := parseWatchlistItem(line) if err != nil { return nil, err } items = append(items, item) } return items, scanner.Err() } func dnsLabelMatches(certLabel string, watchLabel string) bool { // For fail-safe behavior, if a label was unparsable, it matches everything. // Similarly, redacted labels match everything, since the label _might_ be // for a name we're interested in. return certLabel == "*" || certLabel == "?" || certLabel == certspotter.UnparsableDNSLabelPlaceholder || certspotter.MatchesWildcard(watchLabel, certLabel) } func dnsNameMatches(dnsName []string, watchDomain []string, acceptSuffix bool) bool { for len(dnsName) > 0 && len(watchDomain) > 0 { certLabel := dnsName[len(dnsName)-1] watchLabel := watchDomain[len(watchDomain)-1] if !dnsLabelMatches(certLabel, watchLabel) { return false } dnsName = dnsName[:len(dnsName)-1] watchDomain = watchDomain[:len(watchDomain)-1] } return len(watchDomain) == 0 && (acceptSuffix || len(dnsName) == 0) } func dnsNameIsWatched(dnsName string) bool { labels := strings.Split(dnsName, ".") for _, item := range watchlist { if dnsNameMatches(labels, item.Domain, item.AcceptSuffix) { return true } } return false } func anyDnsNameIsWatched(dnsNames []string) bool { for _, dnsName := range dnsNames { if dnsNameIsWatched(dnsName) { return true } } return false } func processEntry(scanner *certspotter.Scanner, entry *ct.LogEntry) { info := certspotter.EntryInfo{ LogUri: scanner.LogUri, Entry: entry, IsPrecert: certspotter.IsPrecert(entry), FullChain: certspotter.GetFullChain(entry), } info.CertInfo, info.ParseError = certspotter.MakeCertInfoFromLogEntry(entry) if info.CertInfo != nil { info.Identifiers, info.IdentifiersParseError = info.CertInfo.ParseIdentifiers() } // Fail safe behavior: if info.Identifiers is nil (which is caused by a // parse error), report the certificate because we can't say for sure it // doesn't match a domain we care about. We try very hard to make sure // parsing identifiers always succeeds, so false alarms should be rare. if info.Identifiers == nil || anyDnsNameIsWatched(info.Identifiers.DNSNames) { cmd.LogEntry(&info) } } func main() { flag.Parse() if *watchlistFilename == "-" { var err error watchlist, err = readWatchlist(os.Stdin) if err != nil { fmt.Fprintf(os.Stderr, "%s: (stdin): %s\n", os.Args[0], err) os.Exit(1) } } else { file, err := os.Open(*watchlistFilename) if err != nil { fmt.Fprintf(os.Stderr, "%s: %s: %s\n", os.Args[0], *watchlistFilename, err) os.Exit(1) } defer file.Close() watchlist, err = readWatchlist(file) if err != nil { fmt.Fprintf(os.Stderr, "%s: %s: %s\n", os.Args[0], *watchlistFilename, err) os.Exit(1) } } os.Exit(cmd.Main(*stateDir, processEntry)) } certspotter-0.9/cmd/common.go000066400000000000000000000244351326616434700163460ustar00rootroot00000000000000// Copyright (C) 2016-2017 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package cmd import ( "bytes" "flag" "fmt" "log" "os" "os/user" "path/filepath" "sync" "software.sslmate.com/src/certspotter" "software.sslmate.com/src/certspotter/ct" ) var batchSize = flag.Int("batch_size", 1000, "Max number of entries to request at per call to get-entries (advanced)") var numWorkers = flag.Int("num_workers", 2, "Number of concurrent matchers (advanced)") var script = flag.String("script", "", "Script to execute when a matching certificate is found") var logsFilename = flag.String("logs", "", "JSON file containing log information") var underwater = flag.Bool("underwater", false, "Monitor certificates from distrusted CAs instead of trusted CAs") var noSave = flag.Bool("no_save", false, "Do not save a copy of matching certificates") var verbose = flag.Bool("verbose", false, "Be verbose") var allTime = flag.Bool("all_time", false, "Scan certs from all time, not just since last scan") var state *State var printMutex sync.Mutex func homedir() string { home := os.Getenv("HOME") if home != "" { return home } user, err := user.Current() if err == nil { return user.HomeDir } panic("Unable to determine home directory") } func DefaultStateDir(programName string) string { return filepath.Join(homedir(), "."+programName) } func DefaultConfigDir(programName string) string { return filepath.Join(homedir(), "."+programName) } func LogEntry(info *certspotter.EntryInfo) { if !*noSave { var alreadyPresent bool var err error alreadyPresent, info.Filename, err = state.SaveCert(info.IsPrecert, info.FullChain) if err != nil { log.Print(err) } if alreadyPresent { return } } if *script != "" { if err := info.InvokeHookScript(*script); err != nil { log.Print(err) } } else { printMutex.Lock() info.Write(os.Stdout) fmt.Fprintf(os.Stdout, "\n") printMutex.Unlock() } } func loadLogList() ([]certspotter.LogInfo, error) { if *logsFilename != "" { var logFileObj certspotter.LogInfoFile if err := readJSONFile(*logsFilename, &logFileObj); err != nil { return nil, fmt.Errorf("Error reading logs file: %s: %s", *logsFilename, err) } return logFileObj.Logs, nil } else if *underwater { return certspotter.UnderwaterLogs, nil } else { return certspotter.DefaultLogs, nil } } type logHandle struct { scanner *certspotter.Scanner state *LogState tree *certspotter.CollapsedMerkleTree verifiedSTH *ct.SignedTreeHead } func makeLogHandle(logInfo *certspotter.LogInfo) (*logHandle, error) { ctlog := new(logHandle) logKey, err := logInfo.ParsedPublicKey() if err != nil { return nil, fmt.Errorf("Bad public key: %s", err) } ctlog.scanner = certspotter.NewScanner(logInfo.FullURI(), logInfo.ID(), logKey, &certspotter.ScannerOptions{ BatchSize: *batchSize, NumWorkers: *numWorkers, Quiet: !*verbose, }) ctlog.state, err = state.OpenLogState(logInfo) if err != nil { return nil, fmt.Errorf("Error opening state directory: %s", err) } ctlog.tree, err = ctlog.state.GetTree() if err != nil { return nil, fmt.Errorf("Error loading tree: %s", err) } ctlog.verifiedSTH, err = ctlog.state.GetVerifiedSTH() if err != nil { return nil, fmt.Errorf("Error loading verified STH: %s", err) } if ctlog.tree == nil && ctlog.verifiedSTH == nil { // This branch can be removed eventually legacySTH, err := state.GetLegacySTH(logInfo) if err != nil { return nil, fmt.Errorf("Error loading legacy STH: %s", err) } if legacySTH != nil { log.Printf("Initializing log state from legacy state directory") ctlog.tree, err = ctlog.scanner.MakeCollapsedMerkleTree(legacySTH) if err != nil { return nil, fmt.Errorf("Error reconstructing Merkle Tree for legacy STH: %s", err) } if err := ctlog.state.StoreTree(ctlog.tree); err != nil { return nil, fmt.Errorf("Error storing tree: %s", err) } if err := ctlog.state.StoreVerifiedSTH(legacySTH); err != nil { return nil, fmt.Errorf("Error storing verified STH: %s", err) } state.RemoveLegacySTH(logInfo) } } return ctlog, nil } func (ctlog *logHandle) refresh() error { if *verbose { log.Printf("Retrieving latest STH from log") } latestSTH, err := ctlog.scanner.GetSTH() if err != nil { return fmt.Errorf("Error retrieving STH from log: %s", err) } if ctlog.verifiedSTH == nil { if *verbose { log.Printf("No existing STH is known; presuming latest STH (%d) is valid", latestSTH.TreeSize) } ctlog.verifiedSTH = latestSTH if err := ctlog.state.StoreVerifiedSTH(ctlog.verifiedSTH); err != nil { return fmt.Errorf("Error storing verified STH: %s", err) } } else { if err := ctlog.state.StoreUnverifiedSTH(latestSTH); err != nil { return fmt.Errorf("Error storing unverified STH: %s", err) } } return nil } func (ctlog *logHandle) verifySTH(sth *ct.SignedTreeHead) error { isValid, err := ctlog.scanner.CheckConsistency(ctlog.verifiedSTH, sth) if err != nil { return fmt.Errorf("Error fetching consistency proof: %s", err) } if !isValid { return fmt.Errorf("Consistency proof between %d and %d is invalid", ctlog.verifiedSTH.TreeSize, sth.TreeSize) } return nil } func (ctlog *logHandle) audit() error { sths, err := ctlog.state.GetUnverifiedSTHs() if err != nil { return fmt.Errorf("Error loading unverified STHs: %s", err) } for _, sth := range sths { if *verbose { log.Printf("Verifying consistency of STH %d (%x) with previously-verified STH %d (%x)", sth.TreeSize, sth.SHA256RootHash, ctlog.verifiedSTH.TreeSize, ctlog.verifiedSTH.SHA256RootHash) } if err := ctlog.verifySTH(sth); err != nil { log.Printf("Unable to verify consistency of STH %d (%s) (if this error persists, it should be construed as misbehavior by the log): %s", sth.TreeSize, ctlog.state.UnverifiedSTHFilename(sth), err) continue } if sth.TreeSize > ctlog.verifiedSTH.TreeSize { if *verbose { log.Printf("STH %d (%x) is now the latest verified STH", sth.TreeSize, sth.SHA256RootHash) } ctlog.verifiedSTH = sth if err := ctlog.state.StoreVerifiedSTH(ctlog.verifiedSTH); err != nil { return fmt.Errorf("Error storing verified STH: %s", err) } } if err := ctlog.state.RemoveUnverifiedSTH(sth); err != nil { return fmt.Errorf("Error removing redundant STH: %s", err) } } return nil } func (ctlog *logHandle) scan(processCallback certspotter.ProcessCallback) error { startIndex := int64(ctlog.tree.GetSize()) endIndex := int64(ctlog.verifiedSTH.TreeSize) if endIndex > startIndex { tree := certspotter.CloneCollapsedMerkleTree(ctlog.tree) if err := ctlog.scanner.Scan(startIndex, endIndex, processCallback, tree); err != nil { return fmt.Errorf("Error scanning log (if this error persists, it should be construed as misbehavior by the log): %s", err) } rootHash := tree.CalculateRoot() if !bytes.Equal(rootHash, ctlog.verifiedSTH.SHA256RootHash[:]) { return fmt.Errorf("Log has misbehaved: log entries at tree size %d do not correspond to signed tree root", ctlog.verifiedSTH.TreeSize) } ctlog.tree = tree if err := ctlog.state.StoreTree(ctlog.tree); err != nil { return fmt.Errorf("Error storing tree: %s", err) } } return nil } func processLog(logInfo *certspotter.LogInfo, processCallback certspotter.ProcessCallback) int { log.SetPrefix(os.Args[0] + ": " + logInfo.Url + ": ") ctlog, err := makeLogHandle(logInfo) if err != nil { log.Printf("%s\n", err) return 1 } if err := ctlog.refresh(); err != nil { log.Printf("%s\n", err) return 1 } if err := ctlog.audit(); err != nil { log.Printf("%s\n", err) return 1 } if *allTime { ctlog.tree = certspotter.EmptyCollapsedMerkleTree() if *verbose { log.Printf("Scanning all %d entries in the log because -all_time option specified", ctlog.verifiedSTH.TreeSize) } } else if ctlog.tree != nil { if *verbose { log.Printf("Existing log; scanning %d new entries since previous scan", ctlog.verifiedSTH.TreeSize-ctlog.tree.GetSize()) } } else if state.IsFirstRun() { ctlog.tree, err = ctlog.scanner.MakeCollapsedMerkleTree(ctlog.verifiedSTH) if err != nil { log.Printf("Error reconstructing Merkle Tree: %s", err) return 1 } if *verbose { log.Printf("First run of Cert Spotter; not scanning %d existing entries because -all_time option not specified", ctlog.verifiedSTH.TreeSize) } } else { ctlog.tree = certspotter.EmptyCollapsedMerkleTree() if *verbose { log.Printf("New log; scanning all %d entries in the log", ctlog.verifiedSTH.TreeSize) } } if err := ctlog.state.StoreTree(ctlog.tree); err != nil { log.Printf("Error storing tree: %s\n", err) return 1 } if err := ctlog.scan(processCallback); err != nil { log.Printf("%s\n", err) return 1 } if *verbose { log.Printf("Final log size = %d, final root hash = %x", ctlog.verifiedSTH.TreeSize, ctlog.verifiedSTH.SHA256RootHash) } return 0 } func Main(statePath string, processCallback certspotter.ProcessCallback) int { var err error logs, err := loadLogList() if err != nil { fmt.Fprintf(os.Stderr, "%s: %s\n", os.Args[0], err) return 1 } state, err = OpenState(statePath) if err != nil { fmt.Fprintf(os.Stderr, "%s: %s\n", os.Args[0], err) return 1 } locked, err := state.Lock() if err != nil { fmt.Fprintf(os.Stderr, "%s: Error locking state directory: %s\n", os.Args[0], err) return 1 } if !locked { var otherPidInfo string if otherPid := state.LockingPid(); otherPid != 0 { otherPidInfo = fmt.Sprintf(" (as process ID %d)", otherPid) } fmt.Fprintf(os.Stderr, "%s: Another instance of %s is already running%s; remove the file %s if this is not the case\n", os.Args[0], os.Args[0], otherPidInfo, state.LockFilename()) return 1 } exitCode := 0 for i := range logs { exitCode |= processLog(&logs[i], processCallback) } if state.IsFirstRun() && exitCode == 0 { if err := state.WriteOnceFile(); err != nil { fmt.Fprintf(os.Stderr, "%s: Error writing once file: %s\n", os.Args[0], err) exitCode |= 1 } } if err := state.Unlock(); err != nil { fmt.Fprintf(os.Stderr, "%s: Error unlocking state directory: %s\n", os.Args[0], err) exitCode |= 1 } return exitCode } certspotter-0.9/cmd/ctparsewatch/000077500000000000000000000000001326616434700172075ustar00rootroot00000000000000certspotter-0.9/cmd/ctparsewatch/.gitignore000066400000000000000000000000161326616434700211740ustar00rootroot00000000000000/ctparsewatch certspotter-0.9/cmd/ctparsewatch/main.go000066400000000000000000000025131326616434700204630ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package main import ( "flag" "os" "software.sslmate.com/src/certspotter" "software.sslmate.com/src/certspotter/cmd" "software.sslmate.com/src/certspotter/ct" ) func DefaultStateDir() string { if envVar := os.Getenv("CTPARSEWATCH_STATE_DIR"); envVar != "" { return envVar } else { return cmd.DefaultStateDir("ctparsewatch") } } var stateDir = flag.String("state_dir", DefaultStateDir(), "Directory for storing state") func processEntry(scanner *certspotter.Scanner, entry *ct.LogEntry) { info := certspotter.EntryInfo{ LogUri: scanner.LogUri, Entry: entry, IsPrecert: certspotter.IsPrecert(entry), FullChain: certspotter.GetFullChain(entry), } info.CertInfo, info.ParseError = certspotter.MakeCertInfoFromLogEntry(entry) if info.CertInfo != nil { info.Identifiers, info.IdentifiersParseError = info.CertInfo.ParseIdentifiers() } if info.HasParseErrors() { cmd.LogEntry(&info) } } func main() { flag.Parse() os.Exit(cmd.Main(*stateDir, processEntry)) } certspotter-0.9/cmd/helpers.go000066400000000000000000000036301326616434700165120ustar00rootroot00000000000000// Copyright (C) 2017 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package cmd import ( "crypto/sha256" "encoding/hex" "encoding/json" "io/ioutil" "os" "software.sslmate.com/src/certspotter/ct" ) func fileExists(path string) bool { _, err := os.Lstat(path) return err == nil } func writeFile(filename string, data []byte, perm os.FileMode) error { tempname := filename + ".new" if err := ioutil.WriteFile(tempname, data, perm); err != nil { return err } if err := os.Rename(tempname, filename); err != nil { os.Remove(tempname) return err } return nil } func writeJSONFile(filename string, obj interface{}, perm os.FileMode) error { tempname := filename + ".new" f, err := os.OpenFile(tempname, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, perm) if err != nil { return err } if err := json.NewEncoder(f).Encode(obj); err != nil { f.Close() os.Remove(tempname) return err } if err := f.Close(); err != nil { os.Remove(tempname) return err } if err := os.Rename(tempname, filename); err != nil { os.Remove(tempname) return err } return nil } func readJSONFile(filename string, obj interface{}) error { bytes, err := ioutil.ReadFile(filename) if err != nil { return err } if err = json.Unmarshal(bytes, obj); err != nil { return err } return nil } func readSTHFile(filename string) (*ct.SignedTreeHead, error) { sth := new(ct.SignedTreeHead) if err := readJSONFile(filename, sth); err != nil { return nil, err } return sth, nil } func sha256sum(data []byte) []byte { sum := sha256.Sum256(data) return sum[:] } func sha256hex(data []byte) string { return hex.EncodeToString(sha256sum(data)) } certspotter-0.9/cmd/log_state.go000066400000000000000000000100701326616434700170250ustar00rootroot00000000000000// Copyright (C) 2017 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package cmd import ( "crypto/sha256" "encoding/base64" "encoding/binary" "fmt" "os" "path/filepath" "strconv" "strings" "software.sslmate.com/src/certspotter" "software.sslmate.com/src/certspotter/ct" ) type LogState struct { path string } // generate a filename that uniquely identifies the STH (within the context of a particular log) func sthFilename(sth *ct.SignedTreeHead) string { hasher := sha256.New() switch sth.Version { case ct.V1: binary.Write(hasher, binary.LittleEndian, sth.Timestamp) binary.Write(hasher, binary.LittleEndian, sth.SHA256RootHash) default: panic(fmt.Sprintf("Unsupported STH version %d", sth.Version)) } // For 6962-bis, we will need to handle a variable-length root hash, and include the signature in the filename hash (since signatures must be deterministic) return strconv.FormatUint(sth.TreeSize, 10) + "-" + base64.RawURLEncoding.EncodeToString(hasher.Sum(nil)) + ".json" } func makeLogStateDir(logStatePath string) error { if err := os.Mkdir(logStatePath, 0777); err != nil && !os.IsExist(err) { return fmt.Errorf("%s: %s", logStatePath, err) } for _, subdir := range []string{"unverified_sths"} { path := filepath.Join(logStatePath, subdir) if err := os.Mkdir(path, 0777); err != nil && !os.IsExist(err) { return fmt.Errorf("%s: %s", path, err) } } return nil } func OpenLogState(logStatePath string) (*LogState, error) { if err := makeLogStateDir(logStatePath); err != nil { return nil, fmt.Errorf("Error creating log state directory: %s", err) } return &LogState{path: logStatePath}, nil } func (logState *LogState) VerifiedSTHFilename() string { return filepath.Join(logState.path, "sth.json") } func (logState *LogState) GetVerifiedSTH() (*ct.SignedTreeHead, error) { sth, err := readSTHFile(logState.VerifiedSTHFilename()) if err != nil { if os.IsNotExist(err) { return nil, nil } else { return nil, err } } return sth, nil } func (logState *LogState) StoreVerifiedSTH(sth *ct.SignedTreeHead) error { return writeJSONFile(logState.VerifiedSTHFilename(), sth, 0666) } func (logState *LogState) GetUnverifiedSTHs() ([]*ct.SignedTreeHead, error) { dir, err := os.Open(filepath.Join(logState.path, "unverified_sths")) if err != nil { if os.IsNotExist(err) { return []*ct.SignedTreeHead{}, nil } else { return nil, err } } filenames, err := dir.Readdirnames(0) if err != nil { return nil, err } sths := make([]*ct.SignedTreeHead, 0, len(filenames)) for _, filename := range filenames { if !strings.HasPrefix(filename, ".") { sth, _ := readSTHFile(filepath.Join(dir.Name(), filename)) if sth != nil { sths = append(sths, sth) } } } return sths, nil } func (logState *LogState) UnverifiedSTHFilename(sth *ct.SignedTreeHead) string { return filepath.Join(logState.path, "unverified_sths", sthFilename(sth)) } func (logState *LogState) StoreUnverifiedSTH(sth *ct.SignedTreeHead) error { filename := logState.UnverifiedSTHFilename(sth) if fileExists(filename) { return nil } return writeJSONFile(filename, sth, 0666) } func (logState *LogState) RemoveUnverifiedSTH(sth *ct.SignedTreeHead) error { filename := logState.UnverifiedSTHFilename(sth) err := os.Remove(filepath.Join(filename)) if err != nil && !os.IsNotExist(err) { return err } return nil } func (logState *LogState) GetTree() (*certspotter.CollapsedMerkleTree, error) { tree := new(certspotter.CollapsedMerkleTree) if err := readJSONFile(filepath.Join(logState.path, "tree.json"), tree); err != nil { if os.IsNotExist(err) { return nil, nil } else { return nil, err } } return tree, nil } func (logState *LogState) StoreTree(tree *certspotter.CollapsedMerkleTree) error { return writeJSONFile(filepath.Join(logState.path, "tree.json"), tree, 0666) } certspotter-0.9/cmd/state.go000066400000000000000000000147731326616434700162020ustar00rootroot00000000000000// Copyright (C) 2017 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package cmd import ( "bytes" "encoding/base64" "encoding/pem" "fmt" "io/ioutil" "log" "os" "path/filepath" "strconv" "strings" "software.sslmate.com/src/certspotter" "software.sslmate.com/src/certspotter/ct" ) type State struct { path string } func legacySTHFilename(logInfo *certspotter.LogInfo) string { return strings.Replace(strings.Replace(logInfo.FullURI(), "://", "_", 1), "/", "_", -1) } func readVersionFile(statePath string) (int, error) { versionFilePath := filepath.Join(statePath, "version") versionBytes, err := ioutil.ReadFile(versionFilePath) if err == nil { version, err := strconv.Atoi(string(bytes.TrimSpace(versionBytes))) if err != nil { return -1, fmt.Errorf("%s: contains invalid integer: %s", versionFilePath, err) } if version < 0 { return -1, fmt.Errorf("%s: contains negative integer", versionFilePath) } return version, nil } else if os.IsNotExist(err) { if fileExists(filepath.Join(statePath, "sths")) { // Original version of certspotter had no version file. // Infer version 0 if "sths" directory is present. return 0, nil } return -1, nil } else { return -1, fmt.Errorf("%s: %s", versionFilePath, err) } } func writeVersionFile(statePath string) error { version := 1 versionString := fmt.Sprintf("%d\n", version) versionFilePath := filepath.Join(statePath, "version") if err := ioutil.WriteFile(versionFilePath, []byte(versionString), 0666); err != nil { return fmt.Errorf("%s: %s\n", versionFilePath, err) } return nil } func makeStateDir(statePath string) error { if err := os.Mkdir(statePath, 0777); err != nil && !os.IsExist(err) { return fmt.Errorf("%s: %s", statePath, err) } for _, subdir := range []string{"certs", "logs"} { path := filepath.Join(statePath, subdir) if err := os.Mkdir(path, 0777); err != nil && !os.IsExist(err) { return fmt.Errorf("%s: %s", path, err) } } return nil } func OpenState(statePath string) (*State, error) { version, err := readVersionFile(statePath) if err != nil { return nil, fmt.Errorf("Error reading version file: %s", err) } if version < 1 { if err := makeStateDir(statePath); err != nil { return nil, fmt.Errorf("Error creating state directory: %s", err) } if version == 0 { log.Printf("Migrating state directory (%s) to new layout...", statePath) if err := os.Rename(filepath.Join(statePath, "sths"), filepath.Join(statePath, "legacy_sths")); err != nil { return nil, fmt.Errorf("Error migrating STHs directory: %s", err) } for _, subdir := range []string{"evidence", "legacy_sths"} { os.Remove(filepath.Join(statePath, subdir)) } if err := ioutil.WriteFile(filepath.Join(statePath, "once"), []byte{}, 0666); err != nil { return nil, fmt.Errorf("Error creating once file: %s", err) } } if err := writeVersionFile(statePath); err != nil { return nil, fmt.Errorf("Error writing version file: %s", err) } } else if version > 1 { return nil, fmt.Errorf("%s was created by a newer version of Cert Spotter; please remove this directory or upgrade Cert Spotter", statePath) } return &State{path: statePath}, nil } func (state *State) IsFirstRun() bool { return !fileExists(filepath.Join(state.path, "once")) } func (state *State) WriteOnceFile() error { if err := ioutil.WriteFile(filepath.Join(state.path, "once"), []byte{}, 0666); err != nil { return fmt.Errorf("Error writing once file: %s", err) } return nil } func (state *State) SaveCert(isPrecert bool, certs [][]byte) (bool, string, error) { if len(certs) == 0 { return false, "", fmt.Errorf("Cannot write an empty certificate chain") } fingerprint := sha256hex(certs[0]) prefixPath := filepath.Join(state.path, "certs", fingerprint[0:2]) var filenameSuffix string if isPrecert { filenameSuffix = ".precert.pem" } else { filenameSuffix = ".cert.pem" } if err := os.Mkdir(prefixPath, 0777); err != nil && !os.IsExist(err) { return false, "", fmt.Errorf("Failed to create prefix directory %s: %s", prefixPath, err) } path := filepath.Join(prefixPath, fingerprint+filenameSuffix) file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0666) if err != nil { if os.IsExist(err) { return true, path, nil } else { return false, path, fmt.Errorf("Failed to open %s for writing: %s", path, err) } } for _, cert := range certs { if err := pem.Encode(file, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil { file.Close() return false, path, fmt.Errorf("Error writing to %s: %s", path, err) } } if err := file.Close(); err != nil { return false, path, fmt.Errorf("Error writing to %s: %s", path, err) } return false, path, nil } func (state *State) OpenLogState(logInfo *certspotter.LogInfo) (*LogState, error) { return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.ID()))) } func (state *State) GetLegacySTH(logInfo *certspotter.LogInfo) (*ct.SignedTreeHead, error) { sth, err := readSTHFile(filepath.Join(state.path, "legacy_sths", legacySTHFilename(logInfo))) if err != nil { if os.IsNotExist(err) { return nil, nil } else { return nil, err } } return sth, nil } func (state *State) RemoveLegacySTH(logInfo *certspotter.LogInfo) error { err := os.Remove(filepath.Join(state.path, "legacy_sths", legacySTHFilename(logInfo))) os.Remove(filepath.Join(state.path, "legacy_sths")) return err } func (state *State) LockFilename() string { return filepath.Join(state.path, "lock") } func (state *State) Lock() (bool, error) { file, err := os.OpenFile(state.LockFilename(), os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0666) if err != nil { if os.IsExist(err) { return false, nil } else { return false, err } } if _, err := fmt.Fprintf(file, "%d\n", os.Getpid()); err != nil { file.Close() os.Remove(state.LockFilename()) return false, err } if err := file.Close(); err != nil { os.Remove(state.LockFilename()) return false, err } return true, nil } func (state *State) Unlock() error { return os.Remove(state.LockFilename()) } func (state *State) LockingPid() int { pidBytes, err := ioutil.ReadFile(state.LockFilename()) if err != nil { return 0 } pid, err := strconv.Atoi(string(bytes.TrimSpace(pidBytes))) if err != nil { return 0 } return pid } certspotter-0.9/cmd/submitct/000077500000000000000000000000001326616434700163515ustar00rootroot00000000000000certspotter-0.9/cmd/submitct/main.go000066400000000000000000000120641326616434700176270ustar00rootroot00000000000000// Copyright (C) 2017 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package main import ( "software.sslmate.com/src/certspotter" "software.sslmate.com/src/certspotter/ct" "software.sslmate.com/src/certspotter/ct/client" "bytes" "crypto/sha256" "encoding/pem" "flag" "fmt" "io/ioutil" "log" "os" "sync" "sync/atomic" "time" ) var verbose = flag.Bool("v", false, "Enable verbose output") type Certificate struct { Subject []byte Issuer []byte Raw []byte } func (cert *Certificate) Fingerprint() [32]byte { return sha256.Sum256(cert.Raw) } func (cert *Certificate) CommonName() string { subject, err := certspotter.ParseRDNSequence(cert.Subject) if err != nil { return "???" } cns, err := subject.ParseCNs() if err != nil || len(cns) == 0 { return "???" } return cns[0] } func parseCertificate(data []byte) (*Certificate, error) { crt, err := certspotter.ParseCertificate(data) if err != nil { return nil, err } tbs, err := crt.ParseTBSCertificate() if err != nil { return nil, err } return &Certificate{ Subject: tbs.Subject.FullBytes, Issuer: tbs.Issuer.FullBytes, Raw: data, }, nil } type Chain []*Certificate func (c Chain) GetRawCerts() [][]byte { rawCerts := make([][]byte, len(c)) for i := range c { rawCerts[i] = c[i].Raw } return rawCerts } type CertificateBunch struct { byFingerprint map[[32]byte]*Certificate bySubject map[[32]byte]*Certificate } func MakeCertificateBunch() CertificateBunch { return CertificateBunch{ byFingerprint: make(map[[32]byte]*Certificate), bySubject: make(map[[32]byte]*Certificate), } } func (certs *CertificateBunch) Add(cert *Certificate) { certs.byFingerprint[cert.Fingerprint()] = cert certs.bySubject[sha256.Sum256(cert.Subject)] = cert } func (certs *CertificateBunch) FindBySubject(subject []byte) *Certificate { return certs.bySubject[sha256.Sum256(subject)] } type Log struct { info certspotter.LogInfo verify *ct.SignatureVerifier client *client.LogClient } func (ctlog *Log) SubmitChain(chain Chain) (*ct.SignedCertificateTimestamp, error) { rawCerts := chain.GetRawCerts() sct, err := ctlog.client.AddChain(rawCerts) if err != nil { return nil, err } if err := certspotter.VerifyX509SCT(sct, rawCerts[0], ctlog.verify); err != nil { return nil, fmt.Errorf("Bad SCT signature: %s", err) } return sct, nil } func buildChain(cert *Certificate, certs *CertificateBunch) Chain { chain := make([]*Certificate, 0) for len(chain) < 16 && cert != nil && !bytes.Equal(cert.Subject, cert.Issuer) { chain = append(chain, cert) cert = certs.FindBySubject(cert.Issuer) } return chain } func main() { flag.Parse() log.SetPrefix("submitct: ") certsPem, err := ioutil.ReadAll(os.Stdin) if err != nil { log.Fatalf("Error reading stdin: %s", err) } logs := make([]Log, 0, len(certspotter.OpenLogs)) for _, loginfo := range certspotter.OpenLogs { pubkey, err := loginfo.ParsedPublicKey() if err != nil { log.Fatalf("%s: Failed to parse log public key: %s", loginfo.Url, err) } verify, err := ct.NewSignatureVerifier(pubkey) if err != nil { log.Fatalf("%s: Failed to create signature verifier for log: %s", loginfo.Url, err) } logs = append(logs, Log{ info: loginfo, verify: verify, client: client.New(loginfo.FullURI()), }) } certs := MakeCertificateBunch() var parseErrors uint32 var submitErrors uint32 for len(certsPem) > 0 { var pemBlock *pem.Block pemBlock, certsPem = pem.Decode(certsPem) if pemBlock == nil { log.Fatalf("Invalid PEM read from stdin") } if pemBlock.Type != "CERTIFICATE" { log.Printf("Ignoring non-certificate read from stdin") continue } cert, err := parseCertificate(pemBlock.Bytes) if err != nil { log.Printf("Ignoring un-parseable certificate read from stdin: %s", err) parseErrors++ continue } certs.Add(cert) } wg := sync.WaitGroup{} for fingerprint, cert := range certs.byFingerprint { cn := cert.CommonName() chain := buildChain(cert, &certs) if len(chain) == 0 { continue } for _, ctlog := range logs { wg.Add(1) go func(fingerprint [32]byte, ctlog Log) { sct, err := ctlog.SubmitChain(chain) if err != nil { log.Printf("%x (%s): %s: Submission Error: %s", fingerprint, cn, ctlog.info.Url, err) atomic.AddUint32(&submitErrors, 1) } else if *verbose { timestamp := time.Unix(int64(sct.Timestamp)/1000, int64(sct.Timestamp%1000)*1000000) log.Printf("%x (%s): %s: Submitted at %s", fingerprint, cn, ctlog.info.Url, timestamp) } wg.Done() }(fingerprint, ctlog) } } wg.Wait() exitStatus := 0 if parseErrors > 0 { log.Printf("%d certificates failed to parse and were ignored", parseErrors) exitStatus |= 4 } if submitErrors > 0 { log.Printf("%d submission errors occurred", submitErrors) exitStatus |= 8 } os.Exit(exitStatus) } certspotter-0.9/ct/000077500000000000000000000000001326616434700143625ustar00rootroot00000000000000certspotter-0.9/ct/AUTHORS000066400000000000000000000014241326616434700154330ustar00rootroot00000000000000# This is the official list of benchmark authors for copyright purposes. # This file is distinct from the CONTRIBUTORS files. # See the latter for an explanation. # # Names should be added to this file as: # Name or Organization # The email address is not required for organizations. # # Please keep the list sorted. Comodo CA Limited Ed Maste Fiaz Hossain Google Inc. Jeff Trawick Katriel Cohn-Gordon Mark Schloesser NORDUnet A/S Nicholas Galbreath Oliver Weidner Ruslan Kovalov Venafi, Inc. Vladimir Rutsky Ximin Luo certspotter-0.9/ct/LICENSE000066400000000000000000000261361326616434700153770ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. certspotter-0.9/ct/README000066400000000000000000000002511326616434700152400ustar00rootroot00000000000000The code in this directory is from https://github.com/google/certificate-transparency/tree/master/go See AUTHORS for the copyright holders, and LICENSE for the license. certspotter-0.9/ct/client/000077500000000000000000000000001326616434700156405ustar00rootroot00000000000000certspotter-0.9/ct/client/logclient.go000066400000000000000000000236251326616434700201570ustar00rootroot00000000000000// Package client is a CT log client implementation and contains types and code // for interacting with RFC6962-compliant CT Log instances. // See http://tools.ietf.org/html/rfc6962 for details package client import ( "bytes" "crypto/sha256" "crypto/tls" "encoding/base64" "encoding/json" "errors" "fmt" "io" "io/ioutil" "net/http" "net/url" "time" "github.com/mreiferson/go-httpclient" "software.sslmate.com/src/certspotter/ct" ) // URI paths for CT Log endpoints const ( GetSTHPath = "/ct/v1/get-sth" GetEntriesPath = "/ct/v1/get-entries" GetSTHConsistencyPath = "/ct/v1/get-sth-consistency" GetProofByHashPath = "/ct/v1/get-proof-by-hash" AddChainPath = "/ct/v1/add-chain" ) // LogClient represents a client for a given CT Log instance type LogClient struct { uri string // the base URI of the log. e.g. http://ct.googleapis/pilot httpClient *http.Client // used to interact with the log via HTTP } ////////////////////////////////////////////////////////////////////////////////// // JSON structures follow. // These represent the structures returned by the CT Log server. ////////////////////////////////////////////////////////////////////////////////// // getSTHResponse respresents the JSON response to the get-sth CT method type getSTHResponse struct { TreeSize uint64 `json:"tree_size"` // Number of certs in the current tree Timestamp uint64 `json:"timestamp"` // Time that the tree was created SHA256RootHash []byte `json:"sha256_root_hash"` // Root hash of the tree TreeHeadSignature []byte `json:"tree_head_signature"` // Log signature for this STH } // base64LeafEntry respresents a Base64 encoded leaf entry type base64LeafEntry struct { LeafInput []byte `json:"leaf_input"` ExtraData []byte `json:"extra_data"` } // getEntriesReponse respresents the JSON response to the CT get-entries method type getEntriesResponse struct { Entries []base64LeafEntry `json:"entries"` // the list of returned entries } // getConsistencyProofResponse represents the JSON response to the CT get-consistency-proof method type getConsistencyProofResponse struct { Consistency [][]byte `json:"consistency"` } // getAuditProofResponse represents the JSON response to the CT get-proof-by-hash method type getAuditProofResponse struct { LeafIndex uint64 `json:"leaf_index"` AuditPath [][]byte `json:"audit_path"` } type addChainRequest struct { Chain [][]byte `json:"chain"` } type addChainResponse struct { SCTVersion uint8 `json:"sct_version"` ID []byte `json:"id"` Timestamp uint64 `json:"timestamp"` Extensions []byte `json:"extensions"` Signature []byte `json:"signature"` } // New constructs a new LogClient instance. // |uri| is the base URI of the CT log instance to interact with, e.g. // http://ct.googleapis.com/pilot func New(uri string) *LogClient { var c LogClient c.uri = uri transport := &httpclient.Transport{ ConnectTimeout: 10 * time.Second, RequestTimeout: 60 * time.Second, ResponseHeaderTimeout: 30 * time.Second, MaxIdleConnsPerHost: 10, DisableKeepAlives: false, TLSClientConfig: &tls.Config{ // We have to disable TLS certificate validation because because several logs // (WoSign, StartCom, GDCA) use certificates that are not widely trusted. // Since we verify that every response we receive from the log is signed // by the log's CT public key (either directly, or indirectly via the Merkle Tree), // TLS certificate validation is not actually necessary. (We don't want to ship // our own trust store because that adds undesired complexity and would require // updating should a log ever change to a different CA.) InsecureSkipVerify: true, }, } c.httpClient = &http.Client{Transport: transport} return &c } // Makes a HTTP call to |uri|, and attempts to parse the response as a JSON // representation of the structure in |res|. // Returns a non-nil |error| if there was a problem. func (c *LogClient) fetchAndParse(uri string, respBody interface{}) error { req, err := http.NewRequest("GET", uri, nil) if err != nil { return fmt.Errorf("GET %s: Sending request failed: %s", uri, err) } return c.doAndParse(req, respBody) } func (c *LogClient) postAndParse(uri string, body interface{}, respBody interface{}) error { bodyReader, bodyWriter := io.Pipe() go func() { json.NewEncoder(bodyWriter).Encode(body) bodyWriter.Close() }() req, err := http.NewRequest("POST", uri, bodyReader) if err != nil { return fmt.Errorf("POST %s: Sending request failed: %s", uri, err) } req.Header.Set("Content-Type", "application/json") return c.doAndParse(req, respBody) } func (c *LogClient) doAndParse(req *http.Request, respBody interface{}) error { // req.Header.Set("Keep-Alive", "timeout=15, max=100") resp, err := c.httpClient.Do(req) var respBodyBytes []byte if resp != nil { respBodyBytes, err = ioutil.ReadAll(resp.Body) resp.Body.Close() if err != nil { return fmt.Errorf("%s %s: Reading response failed: %s", req.Method, req.URL, err) } } if err != nil { return err } if resp.StatusCode/100 != 2 { return fmt.Errorf("%s %s: %s (%s)", req.Method, req.URL, resp.Status, string(respBodyBytes)) } if err = json.Unmarshal(respBodyBytes, &respBody); err != nil { return fmt.Errorf("%s %s: Parsing response JSON failed: %s", req.Method, req.URL, err) } return nil } // GetSTH retrieves the current STH from the log. // Returns a populated SignedTreeHead, or a non-nil error. func (c *LogClient) GetSTH() (sth *ct.SignedTreeHead, err error) { var resp getSTHResponse if err = c.fetchAndParse(c.uri+GetSTHPath, &resp); err != nil { return } sth = &ct.SignedTreeHead{ TreeSize: resp.TreeSize, Timestamp: resp.Timestamp, } if len(resp.SHA256RootHash) != sha256.Size { return nil, fmt.Errorf("STH returned by server has invalid sha256_root_hash (expected length %d got %d)", sha256.Size, len(resp.SHA256RootHash)) } copy(sth.SHA256RootHash[:], resp.SHA256RootHash) ds, err := ct.UnmarshalDigitallySigned(bytes.NewReader(resp.TreeHeadSignature)) if err != nil { return nil, err } // TODO(alcutter): Verify signature sth.TreeHeadSignature = *ds return } // GetEntries attempts to retrieve the entries in the sequence [|start|, |end|] from the CT // log server. (see section 4.6.) // Returns a slice of LeafInputs or a non-nil error. func (c *LogClient) GetEntries(start, end int64) ([]ct.LogEntry, error) { if end < 0 { return nil, errors.New("GetEntries: end should be >= 0") } if end < start { return nil, errors.New("GetEntries: start should be <= end") } var resp getEntriesResponse err := c.fetchAndParse(fmt.Sprintf("%s%s?start=%d&end=%d", c.uri, GetEntriesPath, start, end), &resp) if err != nil { return nil, err } entries := make([]ct.LogEntry, len(resp.Entries)) for index, entry := range resp.Entries { leaf, err := ct.ReadMerkleTreeLeaf(bytes.NewBuffer(entry.LeafInput)) if err != nil { return nil, fmt.Errorf("Reading Merkle Tree Leaf at index %d failed: %s", start+int64(index), err) } entries[index].LeafBytes = entry.LeafInput entries[index].Leaf = *leaf var chain []ct.ASN1Cert switch leaf.TimestampedEntry.EntryType { case ct.X509LogEntryType: chain, err = ct.UnmarshalX509ChainArray(entry.ExtraData) case ct.PrecertLogEntryType: chain, err = ct.UnmarshalPrecertChainArray(entry.ExtraData) default: return nil, fmt.Errorf("Unknown entry type at index %d: %v", start+int64(index), leaf.TimestampedEntry.EntryType) } if err != nil { return nil, fmt.Errorf("Parsing entry of type %d at index %d failed: %s", leaf.TimestampedEntry.EntryType, start+int64(index), err) } entries[index].Chain = chain entries[index].Index = start + int64(index) } return entries, nil } // GetConsistencyProof retrieves a Merkle Consistency Proof between two STHs (|first| and |second|) // from the log. Returns a slice of MerkleTreeNodes (a ct.ConsistencyProof) or a non-nil error. func (c *LogClient) GetConsistencyProof(first, second int64) (ct.ConsistencyProof, error) { if second < 0 { return nil, errors.New("GetConsistencyProof: second should be >= 0") } if second < first { return nil, errors.New("GetConsistencyProof: first should be <= second") } var resp getConsistencyProofResponse err := c.fetchAndParse(fmt.Sprintf("%s%s?first=%d&second=%d", c.uri, GetSTHConsistencyPath, first, second), &resp) if err != nil { return nil, err } nodes := make([]ct.MerkleTreeNode, len(resp.Consistency)) for index, nodeBytes := range resp.Consistency { nodes[index] = nodeBytes } return nodes, nil } // GetAuditProof retrieves a Merkle Audit Proof (aka Inclusion Proof) for the given // |hash| based on the STH at |treeSize| from the log. Returns a slice of MerkleTreeNodes // and the index of the leaf. func (c *LogClient) GetAuditProof(hash ct.MerkleTreeNode, treeSize uint64) (ct.AuditPath, uint64, error) { var resp getAuditProofResponse err := c.fetchAndParse(fmt.Sprintf("%s%s?hash=%s&tree_size=%d", c.uri, GetProofByHashPath, url.QueryEscape(base64.StdEncoding.EncodeToString(hash)), treeSize), &resp) if err != nil { return nil, 0, err } path := make([]ct.MerkleTreeNode, len(resp.AuditPath)) for index, nodeBytes := range resp.AuditPath { path[index] = nodeBytes } return path, resp.LeafIndex, nil } func (c *LogClient) AddChain(chain [][]byte) (*ct.SignedCertificateTimestamp, error) { req := addChainRequest{Chain: chain} var resp addChainResponse if err := c.postAndParse(c.uri+AddChainPath, &req, &resp); err != nil { return nil, err } sct := &ct.SignedCertificateTimestamp{ SCTVersion: ct.Version(resp.SCTVersion), Timestamp: resp.Timestamp, Extensions: resp.Extensions, } if len(resp.ID) != sha256.Size { return nil, fmt.Errorf("SCT returned by server has invalid id (expected length %d got %d)", sha256.Size, len(resp.ID)) } copy(sct.LogID[:], resp.ID) ds, err := ct.UnmarshalDigitallySigned(bytes.NewReader(resp.Signature)) if err != nil { return nil, err } sct.Signature = *ds return sct, nil } certspotter-0.9/ct/serialization.go000066400000000000000000000331421326616434700175710ustar00rootroot00000000000000package ct import ( "bytes" "container/list" "crypto" "encoding/binary" "errors" "fmt" "io" ) // Variable size structure prefix-header byte lengths const ( CertificateLengthBytes = 3 PreCertificateLengthBytes = 3 ExtensionsLengthBytes = 2 CertificateChainLengthBytes = 3 SignatureLengthBytes = 2 ) // Max lengths const ( MaxCertificateLength = (1 << 24) - 1 MaxExtensionsLength = (1 << 16) - 1 ) func writeUint(w io.Writer, value uint64, numBytes int) error { buf := make([]uint8, numBytes) for i := 0; i < numBytes; i++ { buf[numBytes-i-1] = uint8(value & 0xff) value >>= 8 } if value != 0 { return errors.New("numBytes was insufficiently large to represent value") } if _, err := w.Write(buf); err != nil { return err } return nil } func writeVarBytes(w io.Writer, value []byte, numLenBytes int) error { if err := writeUint(w, uint64(len(value)), numLenBytes); err != nil { return err } if _, err := w.Write(value); err != nil { return err } return nil } func readUint(r io.Reader, numBytes int) (uint64, error) { var l uint64 for i := 0; i < numBytes; i++ { l <<= 8 var t uint8 if err := binary.Read(r, binary.BigEndian, &t); err != nil { return 0, err } l |= uint64(t) } return l, nil } // Reads a variable length array of bytes from |r|. |numLenBytes| specifies the // number of (BigEndian) prefix-bytes which contain the length of the actual // array data bytes that follow. // Allocates an array to hold the contents and returns a slice view into it if // the read was successful, or an error otherwise. func readVarBytes(r io.Reader, numLenBytes int) ([]byte, error) { switch { case numLenBytes > 8: return nil, fmt.Errorf("numLenBytes too large (%d)", numLenBytes) case numLenBytes == 0: return nil, errors.New("numLenBytes should be > 0") } l, err := readUint(r, numLenBytes) if err != nil { return nil, err } data := make([]byte, l) if n, err := io.ReadFull(r, data); err != nil { if err == io.EOF || err == io.ErrUnexpectedEOF { return nil, fmt.Errorf("short read: expected %d but got %d", l, n) } return nil, err } return data, nil } // Reads a list of ASN1Cert types from |r| func readASN1CertList(r io.Reader, totalLenBytes int, elementLenBytes int) ([]ASN1Cert, error) { listBytes, err := readVarBytes(r, totalLenBytes) if err != nil { return []ASN1Cert{}, err } list := list.New() listReader := bytes.NewReader(listBytes) var entry []byte for err == nil { entry, err = readVarBytes(listReader, elementLenBytes) if err != nil { if err != io.EOF { return []ASN1Cert{}, err } } else { list.PushBack(entry) } } ret := make([]ASN1Cert, list.Len()) i := 0 for e := list.Front(); e != nil; e = e.Next() { ret[i] = e.Value.([]byte) i++ } return ret, nil } // ReadTimestampedEntryInto parses the byte-stream representation of a // TimestampedEntry from |r| and populates the struct |t| with the data. See // RFC section 3.4 for details on the format. // Returns a non-nil error if there was a problem. func ReadTimestampedEntryInto(r io.Reader, t *TimestampedEntry) error { var err error if err = binary.Read(r, binary.BigEndian, &t.Timestamp); err != nil { return err } if err = binary.Read(r, binary.BigEndian, &t.EntryType); err != nil { return err } switch t.EntryType { case X509LogEntryType: if t.X509Entry, err = readVarBytes(r, CertificateLengthBytes); err != nil { return err } case PrecertLogEntryType: if err := binary.Read(r, binary.BigEndian, &t.PrecertEntry.IssuerKeyHash); err != nil { return err } if t.PrecertEntry.TBSCertificate, err = readVarBytes(r, PreCertificateLengthBytes); err != nil { return err } default: return fmt.Errorf("unknown EntryType: %d", t.EntryType) } t.Extensions, err = readVarBytes(r, ExtensionsLengthBytes) return nil } // ReadMerkleTreeLeaf parses the byte-stream representation of a MerkleTreeLeaf // and returns a pointer to a new MerkleTreeLeaf structure containing the // parsed data. // See RFC section 3.4 for details on the format. // Returns a pointer to a new MerkleTreeLeaf or non-nil error if there was a // problem func ReadMerkleTreeLeaf(r io.Reader) (*MerkleTreeLeaf, error) { var m MerkleTreeLeaf if err := binary.Read(r, binary.BigEndian, &m.Version); err != nil { return nil, err } if m.Version != V1 { return nil, fmt.Errorf("unknown Version %d", m.Version) } if err := binary.Read(r, binary.BigEndian, &m.LeafType); err != nil { return nil, err } if m.LeafType != TimestampedEntryLeafType { return nil, fmt.Errorf("unknown LeafType %d", m.LeafType) } if err := ReadTimestampedEntryInto(r, &m.TimestampedEntry); err != nil { return nil, err } return &m, nil } // UnmarshalX509ChainArray unmarshalls the contents of the "chain:" entry in a // GetEntries response in the case where the entry refers to an X509 leaf. func UnmarshalX509ChainArray(b []byte) ([]ASN1Cert, error) { return readASN1CertList(bytes.NewReader(b), CertificateChainLengthBytes, CertificateLengthBytes) } // UnmarshalPrecertChainArray unmarshalls the contents of the "chain:" entry in // a GetEntries response in the case where the entry refers to a Precertificate // leaf. func UnmarshalPrecertChainArray(b []byte) ([]ASN1Cert, error) { var chain []ASN1Cert reader := bytes.NewReader(b) // read the pre-cert entry: precert, err := readVarBytes(reader, CertificateLengthBytes) if err != nil { return chain, err } chain = append(chain, precert) // and then read and return the chain up to the root: remainingChain, err := readASN1CertList(reader, CertificateChainLengthBytes, CertificateLengthBytes) if err != nil { return chain, err } chain = append(chain, remainingChain...) return chain, nil } // UnmarshalDigitallySigned reconstructs a DigitallySigned structure from a Reader func UnmarshalDigitallySigned(r io.Reader) (*DigitallySigned, error) { var h byte if err := binary.Read(r, binary.BigEndian, &h); err != nil { return nil, fmt.Errorf("failed to read HashAlgorithm: %v", err) } var s byte if err := binary.Read(r, binary.BigEndian, &s); err != nil { return nil, fmt.Errorf("failed to read SignatureAlgorithm: %v", err) } sig, err := readVarBytes(r, SignatureLengthBytes) if err != nil { return nil, fmt.Errorf("failed to read Signature bytes: %v", err) } return &DigitallySigned{ HashAlgorithm: HashAlgorithm(h), SignatureAlgorithm: SignatureAlgorithm(s), Signature: sig, }, nil } // MarshalDigitallySigned marshalls a DigitallySigned structure into a byte array func MarshalDigitallySigned(ds DigitallySigned) ([]byte, error) { var b bytes.Buffer if err := b.WriteByte(byte(ds.HashAlgorithm)); err != nil { return nil, fmt.Errorf("failed to write HashAlgorithm: %v", err) } if err := b.WriteByte(byte(ds.SignatureAlgorithm)); err != nil { return nil, fmt.Errorf("failed to write SignatureAlgorithm: %v", err) } if err := writeVarBytes(&b, ds.Signature, SignatureLengthBytes); err != nil { return nil, fmt.Errorf("failed to write HashAlgorithm: %v", err) } return b.Bytes(), nil } func checkCertificateFormat(cert ASN1Cert) error { if len(cert) == 0 { return errors.New("certificate is zero length") } if len(cert) > MaxCertificateLength { return errors.New("certificate too large") } return nil } func checkExtensionsFormat(ext CTExtensions) error { if len(ext) > MaxExtensionsLength { return errors.New("extensions too large") } return nil } func serializeV1CertSCTSignatureInput(timestamp uint64, cert ASN1Cert, ext CTExtensions) ([]byte, error) { if err := checkCertificateFormat(cert); err != nil { return nil, err } if err := checkExtensionsFormat(ext); err != nil { return nil, err } var buf bytes.Buffer if err := binary.Write(&buf, binary.BigEndian, V1); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, CertificateTimestampSignatureType); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, timestamp); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, X509LogEntryType); err != nil { return nil, err } if err := writeVarBytes(&buf, cert, CertificateLengthBytes); err != nil { return nil, err } if err := writeVarBytes(&buf, ext, ExtensionsLengthBytes); err != nil { return nil, err } return buf.Bytes(), nil } func serializeV1PrecertSCTSignatureInput(timestamp uint64, issuerKeyHash [issuerKeyHashLength]byte, tbs []byte, ext CTExtensions) ([]byte, error) { if err := checkCertificateFormat(tbs); err != nil { return nil, err } if err := checkExtensionsFormat(ext); err != nil { return nil, err } var buf bytes.Buffer if err := binary.Write(&buf, binary.BigEndian, V1); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, CertificateTimestampSignatureType); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, timestamp); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, PrecertLogEntryType); err != nil { return nil, err } if _, err := buf.Write(issuerKeyHash[:]); err != nil { return nil, err } if err := writeVarBytes(&buf, tbs, CertificateLengthBytes); err != nil { return nil, err } if err := writeVarBytes(&buf, ext, ExtensionsLengthBytes); err != nil { return nil, err } return buf.Bytes(), nil } func serializeV1SCTSignatureInput(sct SignedCertificateTimestamp, entry LogEntry) ([]byte, error) { if sct.SCTVersion != V1 { return nil, fmt.Errorf("unsupported SCT version, expected V1, but got %s", sct.SCTVersion) } if entry.Leaf.LeafType != TimestampedEntryLeafType { return nil, fmt.Errorf("Unsupported leaf type %s", entry.Leaf.LeafType) } switch entry.Leaf.TimestampedEntry.EntryType { case X509LogEntryType: return serializeV1CertSCTSignatureInput(sct.Timestamp, entry.Leaf.TimestampedEntry.X509Entry, entry.Leaf.TimestampedEntry.Extensions) case PrecertLogEntryType: return serializeV1PrecertSCTSignatureInput(sct.Timestamp, entry.Leaf.TimestampedEntry.PrecertEntry.IssuerKeyHash, entry.Leaf.TimestampedEntry.PrecertEntry.TBSCertificate, entry.Leaf.TimestampedEntry.Extensions) default: return nil, fmt.Errorf("unknown TimestampedEntryLeafType %s", entry.Leaf.TimestampedEntry.EntryType) } } // SerializeSCTSignatureInput serializes the passed in sct and log entry into // the correct format for signing. func SerializeSCTSignatureInput(sct SignedCertificateTimestamp, entry LogEntry) ([]byte, error) { switch sct.SCTVersion { case V1: return serializeV1SCTSignatureInput(sct, entry) default: return nil, fmt.Errorf("unknown SCT version %d", sct.SCTVersion) } } func serializeV1SCT(sct SignedCertificateTimestamp) ([]byte, error) { if err := checkExtensionsFormat(sct.Extensions); err != nil { return nil, err } var buf bytes.Buffer if err := binary.Write(&buf, binary.BigEndian, V1); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, sct.LogID); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, sct.Timestamp); err != nil { return nil, err } if err := writeVarBytes(&buf, sct.Extensions, ExtensionsLengthBytes); err != nil { return nil, err } sig, err := MarshalDigitallySigned(sct.Signature) if err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, sig); err != nil { return nil, err } return buf.Bytes(), nil } // SerializeSCT serializes the passed in sct into the format specified // by RFC6962 section 3.2 func SerializeSCT(sct SignedCertificateTimestamp) ([]byte, error) { switch sct.SCTVersion { case V1: return serializeV1SCT(sct) default: return nil, fmt.Errorf("unknown SCT version %d", sct.SCTVersion) } } func deserializeSCTV1(r io.Reader, sct *SignedCertificateTimestamp) error { if err := binary.Read(r, binary.BigEndian, &sct.LogID); err != nil { return err } if err := binary.Read(r, binary.BigEndian, &sct.Timestamp); err != nil { return err } ext, err := readVarBytes(r, ExtensionsLengthBytes) if err != nil { return err } sct.Extensions = ext ds, err := UnmarshalDigitallySigned(r) if err != nil { return err } sct.Signature = *ds return nil } func DeserializeSCT(r io.Reader) (*SignedCertificateTimestamp, error) { var sct SignedCertificateTimestamp if err := binary.Read(r, binary.BigEndian, &sct.SCTVersion); err != nil { return nil, err } switch sct.SCTVersion { case V1: return &sct, deserializeSCTV1(r, &sct) default: return nil, fmt.Errorf("unknown SCT version %d", sct.SCTVersion) } } func serializeV1STHSignatureInput(sth SignedTreeHead) ([]byte, error) { if sth.Version != V1 { return nil, fmt.Errorf("invalid STH version %d", sth.Version) } if sth.TreeSize < 0 { return nil, fmt.Errorf("invalid tree size %d", sth.TreeSize) } if len(sth.SHA256RootHash) != crypto.SHA256.Size() { return nil, fmt.Errorf("invalid TreeHash length, got %d expected %d", len(sth.SHA256RootHash), crypto.SHA256.Size()) } var buf bytes.Buffer if err := binary.Write(&buf, binary.BigEndian, V1); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, TreeHashSignatureType); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, sth.Timestamp); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, sth.TreeSize); err != nil { return nil, err } if err := binary.Write(&buf, binary.BigEndian, sth.SHA256RootHash); err != nil { return nil, err } return buf.Bytes(), nil } // SerializeSTHSignatureInput serializes the passed in sth into the correct // format for signing. func SerializeSTHSignatureInput(sth SignedTreeHead) ([]byte, error) { switch sth.Version { case V1: return serializeV1STHSignatureInput(sth) default: return nil, fmt.Errorf("unsupported STH version %d", sth.Version) } } certspotter-0.9/ct/signatures.go000066400000000000000000000063521326616434700171030ustar00rootroot00000000000000package ct import ( "crypto" "crypto/ecdsa" "crypto/rsa" "crypto/sha256" "crypto/x509" "encoding/asn1" "encoding/pem" "errors" "fmt" "log" "math/big" ) // PublicKeyFromPEM parses a PEM formatted block and returns the public key contained within and any remaining unread bytes, or an error. func PublicKeyFromPEM(b []byte) (crypto.PublicKey, SHA256Hash, []byte, error) { p, rest := pem.Decode(b) if p == nil { return nil, [sha256.Size]byte{}, rest, fmt.Errorf("no PEM block found in %s", string(b)) } k, err := x509.ParsePKIXPublicKey(p.Bytes) return k, sha256.Sum256(p.Bytes), rest, err } // SignatureVerifier can verify signatures on SCTs and STHs type SignatureVerifier struct { pubKey crypto.PublicKey } // NewSignatureVerifier creates a new SignatureVerifier using the passed in PublicKey. func NewSignatureVerifier(pk crypto.PublicKey) (*SignatureVerifier, error) { switch pkType := pk.(type) { case *rsa.PublicKey: case *ecdsa.PublicKey: default: return nil, fmt.Errorf("Unsupported public key type %v", pkType) } return &SignatureVerifier{ pubKey: pk, }, nil } // verifySignature verifies that the passed in signature over data was created by our PublicKey. // Currently, only SHA256 is supported as a HashAlgorithm, and only ECDSA and RSA signatures are supported. func (s SignatureVerifier) verifySignature(data []byte, sig DigitallySigned) error { if sig.HashAlgorithm != SHA256 { return fmt.Errorf("unsupported HashAlgorithm in signature: %v", sig.HashAlgorithm) } hasherType := crypto.SHA256 hasher := hasherType.New() if _, err := hasher.Write(data); err != nil { return fmt.Errorf("failed to write to hasher: %v", err) } hash := hasher.Sum([]byte{}) switch sig.SignatureAlgorithm { case RSA: rsaKey, ok := s.pubKey.(*rsa.PublicKey) if !ok { return fmt.Errorf("cannot verify RSA signature with %T key", s.pubKey) } if err := rsa.VerifyPKCS1v15(rsaKey, hasherType, hash, sig.Signature); err != nil { return fmt.Errorf("failed to verify rsa signature: %v", err) } case ECDSA: ecdsaKey, ok := s.pubKey.(*ecdsa.PublicKey) if !ok { return fmt.Errorf("cannot verify ECDSA signature with %T key", s.pubKey) } var ecdsaSig struct { R, S *big.Int } rest, err := asn1.Unmarshal(sig.Signature, &ecdsaSig) if err != nil { return fmt.Errorf("failed to unmarshal ECDSA signature: %v", err) } if len(rest) != 0 { log.Printf("Garbage following signature %v", rest) } if !ecdsa.Verify(ecdsaKey, hash, ecdsaSig.R, ecdsaSig.S) { return errors.New("failed to verify ecdsa signature") } default: return fmt.Errorf("unsupported signature type %v", sig.SignatureAlgorithm) } return nil } // VerifySCTSignature verifies that the SCT's signature is valid for the given LogEntry func (s SignatureVerifier) VerifySCTSignature(sct SignedCertificateTimestamp, entry LogEntry) error { sctData, err := SerializeSCTSignatureInput(sct, entry) if err != nil { return err } return s.verifySignature(sctData, sct.Signature) } // VerifySTHSignature verifies that the STH's signature is valid. func (s SignatureVerifier) VerifySTHSignature(sth SignedTreeHead) error { sthData, err := SerializeSTHSignatureInput(sth) if err != nil { return err } return s.verifySignature(sthData, sth.TreeHeadSignature) } certspotter-0.9/ct/types.go000066400000000000000000000226011326616434700160560ustar00rootroot00000000000000package ct import ( "bytes" "crypto/sha256" "encoding/base64" "encoding/json" "fmt" ) const ( issuerKeyHashLength = 32 ) /////////////////////////////////////////////////////////////////////////////// // The following structures represent those outlined in the RFC6962 document: /////////////////////////////////////////////////////////////////////////////// // LogEntryType represents the LogEntryType enum from section 3.1 of the RFC: // enum { x509_entry(0), precert_entry(1), (65535) } LogEntryType; type LogEntryType uint16 func (e LogEntryType) String() string { switch e { case X509LogEntryType: return "X509LogEntryType" case PrecertLogEntryType: return "PrecertLogEntryType" } panic(fmt.Sprintf("No string defined for LogEntryType constant value %d", e)) } // LogEntryType constants, see section 3.1 of RFC6962. const ( X509LogEntryType LogEntryType = 0 PrecertLogEntryType LogEntryType = 1 ) // MerkleLeafType represents the MerkleLeafType enum from section 3.4 of the // RFC: enum { timestamped_entry(0), (255) } MerkleLeafType; type MerkleLeafType uint8 func (m MerkleLeafType) String() string { switch m { case TimestampedEntryLeafType: return "TimestampedEntryLeafType" default: return fmt.Sprintf("UnknownLeafType(%d)", m) } } // MerkleLeafType constants, see section 3.4 of the RFC. const ( TimestampedEntryLeafType MerkleLeafType = 0 // Entry type for an SCT ) // Version represents the Version enum from section 3.2 of the RFC: // enum { v1(0), (255) } Version; type Version uint8 func (v Version) String() string { switch v { case V1: return "V1" default: return fmt.Sprintf("UnknownVersion(%d)", v) } } // CT Version constants, see section 3.2 of the RFC. const ( V1 Version = 0 ) // SignatureType differentiates STH signatures from SCT signatures, see RFC // section 3.2 type SignatureType uint8 func (st SignatureType) String() string { switch st { case CertificateTimestampSignatureType: return "CertificateTimestamp" case TreeHashSignatureType: return "TreeHash" default: return fmt.Sprintf("UnknownSignatureType(%d)", st) } } // SignatureType constants, see RFC section 3.2 const ( CertificateTimestampSignatureType SignatureType = 0 TreeHashSignatureType SignatureType = 1 ) // ASN1Cert type for holding the raw DER bytes of an ASN.1 Certificate // (section 3.1) type ASN1Cert []byte // PreCert represents a Precertificate (section 3.2) type PreCert struct { IssuerKeyHash [issuerKeyHashLength]byte TBSCertificate []byte } // CTExtensions is a representation of the raw bytes of any CtExtension // structure (see section 3.2) type CTExtensions []byte // MerkleTreeNode represents an internal node in the CT tree type MerkleTreeNode []byte // ConsistencyProof represents a CT consistency proof (see sections 2.1.2 and // 4.4) type ConsistencyProof []MerkleTreeNode // AuditPath represents a CT inclusion proof (see sections 2.1.1 and 4.5) type AuditPath []MerkleTreeNode // LeafInput represents a serialized MerkleTreeLeaf structure type LeafInput []byte // HashAlgorithm from the DigitallySigned struct type HashAlgorithm byte // HashAlgorithm constants const ( None HashAlgorithm = 0 MD5 HashAlgorithm = 1 SHA1 HashAlgorithm = 2 SHA224 HashAlgorithm = 3 SHA256 HashAlgorithm = 4 SHA384 HashAlgorithm = 5 SHA512 HashAlgorithm = 6 ) func (h HashAlgorithm) String() string { switch h { case None: return "None" case MD5: return "MD5" case SHA1: return "SHA1" case SHA224: return "SHA224" case SHA256: return "SHA256" case SHA384: return "SHA384" case SHA512: return "SHA512" default: return fmt.Sprintf("UNKNOWN(%d)", h) } } // SignatureAlgorithm from the the DigitallySigned struct type SignatureAlgorithm byte // SignatureAlgorithm constants const ( Anonymous SignatureAlgorithm = 0 RSA SignatureAlgorithm = 1 DSA SignatureAlgorithm = 2 ECDSA SignatureAlgorithm = 3 ) func (s SignatureAlgorithm) String() string { switch s { case Anonymous: return "Anonymous" case RSA: return "RSA" case DSA: return "DSA" case ECDSA: return "ECDSA" default: return fmt.Sprintf("UNKNOWN(%d)", s) } } // DigitallySigned represents an RFC5246 DigitallySigned structure type DigitallySigned struct { HashAlgorithm HashAlgorithm SignatureAlgorithm SignatureAlgorithm Signature []byte } // FromBase64String populates the DigitallySigned structure from the base64 data passed in. // Returns an error if the base64 data is invalid. func (d *DigitallySigned) FromBase64String(b64 string) error { raw, err := base64.StdEncoding.DecodeString(b64) if err != nil { return fmt.Errorf("failed to unbase64 DigitallySigned: %v", err) } ds, err := UnmarshalDigitallySigned(bytes.NewReader(raw)) if err != nil { return fmt.Errorf("failed to unmarshal DigitallySigned: %v", err) } *d = *ds return nil } // Base64String returns the base64 representation of the DigitallySigned struct. func (d DigitallySigned) Base64String() (string, error) { b, err := MarshalDigitallySigned(d) if err != nil { return "", err } return base64.StdEncoding.EncodeToString(b), nil } // MarshalJSON implements the json.Marshaller interface. func (d DigitallySigned) MarshalJSON() ([]byte, error) { b64, err := d.Base64String() if err != nil { return []byte{}, err } return []byte(`"` + b64 + `"`), nil } // UnmarshalJSON implements the json.Unmarshaler interface. func (d *DigitallySigned) UnmarshalJSON(b []byte) error { var content string if err := json.Unmarshal(b, &content); err != nil { return fmt.Errorf("failed to unmarshal DigitallySigned: %v", err) } return d.FromBase64String(content) } // LogEntry represents the contents of an entry in a CT log, see section 3.1. type LogEntry struct { Index int64 Leaf MerkleTreeLeaf Chain []ASN1Cert LeafBytes []byte } // SHA256Hash represents the output from the SHA256 hash function. type SHA256Hash [sha256.Size]byte // FromBase64String populates the SHA256 struct with the contents of the base64 data passed in. func (s *SHA256Hash) FromBase64String(b64 string) error { bs, err := base64.StdEncoding.DecodeString(b64) if err != nil { return fmt.Errorf("failed to unbase64 LogID: %v", err) } if len(bs) != sha256.Size { return fmt.Errorf("invalid SHA256 length, expected 32 but got %d", len(bs)) } copy(s[:], bs) return nil } // Base64String returns the base64 representation of this SHA256Hash. func (s SHA256Hash) Base64String() string { return base64.StdEncoding.EncodeToString(s[:]) } // MarshalJSON implements the json.Marshaller interface for SHA256Hash. func (s SHA256Hash) MarshalJSON() ([]byte, error) { return []byte(`"` + s.Base64String() + `"`), nil } // UnmarshalJSON implements the json.Unmarshaller interface. func (s *SHA256Hash) UnmarshalJSON(b []byte) error { var content string if err := json.Unmarshal(b, &content); err != nil { return fmt.Errorf("failed to unmarshal SHA256Hash: %v", err) } return s.FromBase64String(content) } // SignedTreeHead represents the structure returned by the get-sth CT method // after base64 decoding. See sections 3.5 and 4.3 in the RFC) type SignedTreeHead struct { Version Version `json:"sth_version"` // The version of the protocol to which the STH conforms TreeSize uint64 `json:"tree_size"` // The number of entries in the new tree Timestamp uint64 `json:"timestamp"` // The time at which the STH was created SHA256RootHash SHA256Hash `json:"sha256_root_hash"` // The root hash of the log's Merkle tree TreeHeadSignature DigitallySigned `json:"tree_head_signature"` // The Log's signature for this STH (see RFC section 3.5) LogID SHA256Hash `json:"log_id"` // The SHA256 hash of the log's public key } // SignedCertificateTimestamp represents the structure returned by the // add-chain and add-pre-chain methods after base64 decoding. (see RFC sections // 3.2 ,4.1 and 4.2) type SignedCertificateTimestamp struct { SCTVersion Version `json:"sct_version"` // The version of the protocol to which the SCT conforms LogID SHA256Hash `json:"id"` // the SHA-256 hash of the log's public key, calculated over // the DER encoding of the key represented as SubjectPublicKeyInfo. Timestamp uint64 `json:"timestamp"` // Timestamp (in ms since unix epoc) at which the SCT was issued Extensions CTExtensions `json:"extensions"` // For future extensions to the protocol Signature DigitallySigned `json:"signature"` // The Log's signature for this SCT } func (s SignedCertificateTimestamp) String() string { return fmt.Sprintf("{Version:%d LogId:%s Timestamp:%d Extensions:'%s' Signature:%v}", s.SCTVersion, base64.StdEncoding.EncodeToString(s.LogID[:]), s.Timestamp, s.Extensions, s.Signature) } // TimestampedEntry is part of the MerkleTreeLeaf structure. // See RFC section 3.4 type TimestampedEntry struct { Timestamp uint64 EntryType LogEntryType X509Entry ASN1Cert PrecertEntry PreCert Extensions CTExtensions } // MerkleTreeLeaf represents the deserialized sructure of the hash input for the // leaves of a log's Merkle tree. See RFC section 3.4 type MerkleTreeLeaf struct { Version Version // the version of the protocol to which the MerkleTreeLeaf corresponds LeafType MerkleLeafType // The type of the leaf input, currently only TimestampedEntry can exist TimestampedEntry TimestampedEntry // The entry data itself } certspotter-0.9/helpers.go000066400000000000000000000240301326616434700157440ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "bytes" "crypto/sha256" "encoding/hex" "encoding/json" "fmt" "io" "io/ioutil" "math/big" "os" "os/exec" "strconv" "strings" "time" "software.sslmate.com/src/certspotter/ct" ) func ReadSTHFile(path string) (*ct.SignedTreeHead, error) { content, err := ioutil.ReadFile(path) if err != nil { if os.IsNotExist(err) { return nil, nil } return nil, err } var sth ct.SignedTreeHead if err := json.Unmarshal(content, &sth); err != nil { return nil, err } return &sth, nil } func WriteSTHFile(path string, sth *ct.SignedTreeHead) error { sthJson, err := json.MarshalIndent(sth, "", "\t") if err != nil { return err } sthJson = append(sthJson, byte('\n')) return ioutil.WriteFile(path, sthJson, 0666) } func WriteProofFile(path string, proof ct.ConsistencyProof) error { proofJson, err := json.MarshalIndent(proof, "", "\t") if err != nil { return err } proofJson = append(proofJson, byte('\n')) return ioutil.WriteFile(path, proofJson, 0666) } func IsPrecert(entry *ct.LogEntry) bool { return entry.Leaf.TimestampedEntry.EntryType == ct.PrecertLogEntryType } func GetFullChain(entry *ct.LogEntry) [][]byte { certs := make([][]byte, 0, len(entry.Chain)+1) if entry.Leaf.TimestampedEntry.EntryType == ct.X509LogEntryType { certs = append(certs, entry.Leaf.TimestampedEntry.X509Entry) } for _, cert := range entry.Chain { certs = append(certs, cert) } return certs } func formatSerialNumber(serial *big.Int) string { if serial != nil { return fmt.Sprintf("%x", serial) } else { return "" } } func sha256sum(data []byte) []byte { sum := sha256.Sum256(data) return sum[:] } func sha256hex(data []byte) string { return hex.EncodeToString(sha256sum(data)) } type EntryInfo struct { LogUri string Entry *ct.LogEntry IsPrecert bool FullChain [][]byte // first entry is logged X509 cert or pre-cert CertInfo *CertInfo ParseError error // set iff CertInfo is nil Identifiers *Identifiers IdentifiersParseError error Filename string } type CertInfo struct { TBS *TBSCertificate Subject RDNSequence SubjectParseError error Issuer RDNSequence IssuerParseError error SANs []SubjectAltName SANsParseError error SerialNumber *big.Int SerialNumberParseError error Validity *CertValidity ValidityParseError error IsCA *bool IsCAParseError error } func MakeCertInfoFromTBS(tbs *TBSCertificate) *CertInfo { info := &CertInfo{TBS: tbs} info.Subject, info.SubjectParseError = tbs.ParseSubject() info.Issuer, info.IssuerParseError = tbs.ParseIssuer() info.SANs, info.SANsParseError = tbs.ParseSubjectAltNames() info.SerialNumber, info.SerialNumberParseError = tbs.ParseSerialNumber() info.Validity, info.ValidityParseError = tbs.ParseValidity() info.IsCA, info.IsCAParseError = tbs.ParseBasicConstraints() return info } func MakeCertInfoFromRawTBS(tbsBytes []byte) (*CertInfo, error) { tbs, err := ParseTBSCertificate(tbsBytes) if err != nil { return nil, err } return MakeCertInfoFromTBS(tbs), nil } func MakeCertInfoFromRawCert(certBytes []byte) (*CertInfo, error) { cert, err := ParseCertificate(certBytes) if err != nil { return nil, err } return MakeCertInfoFromRawTBS(cert.GetRawTBSCertificate()) } func MakeCertInfoFromLogEntry(entry *ct.LogEntry) (*CertInfo, error) { switch entry.Leaf.TimestampedEntry.EntryType { case ct.X509LogEntryType: return MakeCertInfoFromRawCert(entry.Leaf.TimestampedEntry.X509Entry) case ct.PrecertLogEntryType: return MakeCertInfoFromRawTBS(entry.Leaf.TimestampedEntry.PrecertEntry.TBSCertificate) default: return nil, fmt.Errorf("MakeCertInfoFromCTEntry: unknown CT entry type (neither X509 nor precert)") } } func (info *CertInfo) NotBefore() *time.Time { if info.ValidityParseError == nil { return &info.Validity.NotBefore } else { return nil } } func (info *CertInfo) NotAfter() *time.Time { if info.ValidityParseError == nil { return &info.Validity.NotAfter } else { return nil } } func (info *CertInfo) PubkeyHash() string { return sha256hex(info.TBS.GetRawPublicKey()) } func (info *CertInfo) PubkeyHashBytes() []byte { return sha256sum(info.TBS.GetRawPublicKey()) } func (info *CertInfo) Environ() []string { env := make([]string, 0, 10) env = append(env, "PUBKEY_HASH="+info.PubkeyHash()) if info.SerialNumberParseError != nil { env = append(env, "SERIAL_PARSE_ERROR="+info.SerialNumberParseError.Error()) } else { env = append(env, "SERIAL="+formatSerialNumber(info.SerialNumber)) } if info.ValidityParseError != nil { env = append(env, "VALIDITY_PARSE_ERROR="+info.ValidityParseError.Error()) } else { env = append(env, "NOT_BEFORE="+info.Validity.NotBefore.String()) env = append(env, "NOT_BEFORE_UNIXTIME="+strconv.FormatInt(info.Validity.NotBefore.Unix(), 10)) env = append(env, "NOT_AFTER="+info.Validity.NotAfter.String()) env = append(env, "NOT_AFTER_UNIXTIME="+strconv.FormatInt(info.Validity.NotAfter.Unix(), 10)) } if info.SubjectParseError != nil { env = append(env, "SUBJECT_PARSE_ERROR="+info.SubjectParseError.Error()) } else { env = append(env, "SUBJECT_DN="+info.Subject.String()) } if info.IssuerParseError != nil { env = append(env, "ISSUER_PARSE_ERROR="+info.IssuerParseError.Error()) } else { env = append(env, "ISSUER_DN="+info.Issuer.String()) } // TODO: include SANs in environment return env } func (info *EntryInfo) HasParseErrors() bool { return info.ParseError != nil || info.IdentifiersParseError != nil || info.CertInfo.SubjectParseError != nil || info.CertInfo.IssuerParseError != nil || info.CertInfo.SANsParseError != nil || info.CertInfo.SerialNumberParseError != nil || info.CertInfo.ValidityParseError != nil || info.CertInfo.IsCAParseError != nil } func (info *EntryInfo) Fingerprint() string { if len(info.FullChain) > 0 { return sha256hex(info.FullChain[0]) } else { return "" } } func (info *EntryInfo) FingerprintBytes() []byte { if len(info.FullChain) > 0 { return sha256sum(info.FullChain[0]) } else { return []byte{} } } func (info *EntryInfo) typeString() string { if info.IsPrecert { return "precert" } else { return "cert" } } func (info *EntryInfo) typeFriendlyString() string { if info.IsPrecert { return "Pre-certificate" } else { return "Certificate" } } func yesnoString(value bool) string { if value { return "yes" } else { return "no" } } func (info *EntryInfo) Environ() []string { env := []string{ "FINGERPRINT=" + info.Fingerprint(), "CERT_TYPE=" + info.typeString(), "CERT_PARSEABLE=" + yesnoString(info.ParseError == nil), "LOG_URI=" + info.LogUri, "ENTRY_INDEX=" + strconv.FormatInt(info.Entry.Index, 10), } if info.Filename != "" { env = append(env, "CERT_FILENAME="+info.Filename) } if info.ParseError != nil { env = append(env, "PARSE_ERROR="+info.ParseError.Error()) } else if info.CertInfo != nil { certEnv := info.CertInfo.Environ() env = append(env, certEnv...) } if info.IdentifiersParseError != nil { env = append(env, "IDENTIFIERS_PARSE_ERROR="+info.IdentifiersParseError.Error()) } else if info.Identifiers != nil { env = append(env, "DNS_NAMES="+info.Identifiers.dnsNamesString(",")) env = append(env, "IP_ADDRESSES="+info.Identifiers.ipAddrsString(",")) } return env } func writeField(out io.Writer, name string, value interface{}, err error) { if err == nil { fmt.Fprintf(out, "\t%13s = %s\n", name, value) } else { fmt.Fprintf(out, "\t%13s = *** UNKNOWN (%s) ***\n", name, err) } } func (info *EntryInfo) Write(out io.Writer) { fingerprint := info.Fingerprint() fmt.Fprintf(out, "%s:\n", fingerprint) if info.IdentifiersParseError != nil { writeField(out, "Identifiers", nil, info.IdentifiersParseError) } else if info.Identifiers != nil { for _, dnsName := range info.Identifiers.DNSNames { writeField(out, "DNS Name", dnsName, nil) } for _, ipaddr := range info.Identifiers.IPAddrs { writeField(out, "IP Address", ipaddr, nil) } } if info.ParseError != nil { writeField(out, "Parse Error", "*** "+info.ParseError.Error()+" ***", nil) } else if info.CertInfo != nil { writeField(out, "Pubkey", info.CertInfo.PubkeyHash(), nil) writeField(out, "Issuer", info.CertInfo.Issuer, info.CertInfo.IssuerParseError) writeField(out, "Not Before", info.CertInfo.NotBefore(), info.CertInfo.ValidityParseError) writeField(out, "Not After", info.CertInfo.NotAfter(), info.CertInfo.ValidityParseError) } writeField(out, "Log Entry", fmt.Sprintf("%d @ %s (%s)", info.Entry.Index, info.LogUri, info.typeFriendlyString()), nil) writeField(out, "crt.sh", "https://crt.sh/?sha256="+fingerprint, nil) if info.Filename != "" { writeField(out, "Filename", info.Filename, nil) } } func (info *EntryInfo) InvokeHookScript(command string) error { cmd := exec.Command(command) cmd.Env = os.Environ() infoEnv := info.Environ() cmd.Env = append(cmd.Env, infoEnv...) stderrBuffer := bytes.Buffer{} cmd.Stderr = &stderrBuffer if err := cmd.Run(); err != nil { if _, isExitError := err.(*exec.ExitError); isExitError { return fmt.Errorf("Script failed: %s: %s", command, strings.TrimSpace(stderrBuffer.String())) } else { return fmt.Errorf("Failed to execute script: %s: %s", command, err) } } return nil } func MatchesWildcard(dnsName string, pattern string) bool { for len(pattern) > 0 { if pattern[0] == '*' { if len(dnsName) > 0 && dnsName[0] != '.' && MatchesWildcard(dnsName[1:], pattern) { return true } pattern = pattern[1:] } else { if len(dnsName) == 0 || pattern[0] != dnsName[0] { return false } pattern = pattern[1:] dnsName = dnsName[1:] } } return len(dnsName) == 0 } certspotter-0.9/helpers_test.go000066400000000000000000000036151326616434700170110ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "testing" ) func doWildcardTest(t *testing.T, dnsName string, wildcard string, expected bool) { if MatchesWildcard(dnsName, wildcard) != expected { t.Errorf("MatchesWildcard(%q, %q) != %v", dnsName, wildcard, expected) } } func TestMatchesWildcard(t *testing.T) { doWildcardTest(t, "", "", true) doWildcardTest(t, "example.com", "example.com", true) doWildcardTest(t, "example.org", "example.com", false) doWildcardTest(t, "example.com", "", false) doWildcardTest(t, "", "example.com", false) doWildcardTest(t, "", "*.example.com", false) doWildcardTest(t, "", "exam*ple.com", false) doWildcardTest(t, "", "exam*ple.co*m", false) doWildcardTest(t, "example.org", "example.com", false) doWildcardTest(t, "example.org", "*.example.com", false) doWildcardTest(t, "example.org", "exam*ple.com", false) doWildcardTest(t, "example.org", "exam*ple.co*m", false) doWildcardTest(t, "example.com", "*.example.com", false) doWildcardTest(t, "www.example.com", "*.example.com", true) doWildcardTest(t, "", "*", true) doWildcardTest(t, "", "****", true) doWildcardTest(t, "a", "****", true) doWildcardTest(t, "a", "*", true) doWildcardTest(t, "a", "****", true) doWildcardTest(t, "abcd", "****", true) doWildcardTest(t, "abcdef", "****", true) doWildcardTest(t, "www-example.com", "*-example.com", true) doWildcardTest(t, "www-example-www.com", "*-example-*.com", true) doWildcardTest(t, "examplecom", "example*", true) doWildcardTest(t, "example.com", "example*", false) doWildcardTest(t, "examplea.com", "example*", false) } certspotter-0.9/identifiers.go000066400000000000000000000216031326616434700166120ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "bytes" "golang.org/x/net/idna" "net" "strings" "unicode/utf8" ) const UnparsableDNSLabelPlaceholder = "" /* const ( IdentifierSourceSubjectCN = iota IdentifierSourceDNSName IdentifierSourceIPAddr ) type IdentifierSource int type UnknownIdentifier struct { Source IdentifierSource Value []byte } */ type Identifiers struct { DNSNames []string // stored as ASCII, with IDNs in Punycode IPAddrs []net.IP //Unknowns []UnknownIdentifier } func NewIdentifiers() *Identifiers { return &Identifiers{ DNSNames: []string{}, IPAddrs: []net.IP{}, //Unknowns: []UnknownIdentifier{}, } } func parseIPAddrString(str string) net.IP { return net.ParseIP(str) } func isASCIIString(value []byte) bool { for _, b := range value { if b > 127 { return false } } return true } func isUTF8String(value []byte) bool { return utf8.Valid(value) } func latin1ToUTF8(value []byte) string { runes := make([]rune, len(value)) for i, b := range value { runes[i] = rune(b) } return string(runes) } // Make sure the DNS label doesn't have any weird characters that // could cause trouble during later processing. func isSaneDNSLabelChar(ch rune) bool { return ch == '\t' || (ch >= 32 && ch <= 126) } func isSaneDNSLabel(label string) bool { for _, ch := range label { if !isSaneDNSLabelChar(ch) { return false } } return true } func trimHttpPrefixString(value string) string { if strings.HasPrefix(value, "http://") { return value[7:] } else if strings.HasPrefix(value, "https://") { return value[8:] } else { return value } } func trimHttpPrefixBytes(value []byte) []byte { if bytes.HasPrefix(value, []byte("http://")) { return value[7:] } else if bytes.HasPrefix(value, []byte("https://")) { return value[8:] } else { return value } } func trimTrailingDots(value string) string { length := len(value) for length > 0 && value[length-1] == '.' { length-- } return value[0:length] } // Try to canonicalize/sanitize the DNS name: // 1. Trim leading and trailing whitespace // 2. Trim trailing dots // 3. Convert to lower case // 4. Replace totally nonsensical labels (e.g. having non-printable characters) with a placeholder func sanitizeDNSName(value string) string { value = strings.ToLower(trimTrailingDots(strings.TrimSpace(value))) labels := strings.Split(value, ".") for i, label := range labels { if !isSaneDNSLabel(label) { labels[i] = UnparsableDNSLabelPlaceholder } } return strings.Join(labels, ".") } // Like sanitizeDNSName, but labels that are Unicode are converted to Punycode. func sanitizeUnicodeDNSName(value string) string { value = strings.ToLower(trimTrailingDots(strings.TrimSpace(value))) labels := strings.Split(value, ".") for i, label := range labels { if asciiLabel, err := idna.ToASCII(label); err == nil && isSaneDNSLabel(asciiLabel) { labels[i] = asciiLabel } else { labels[i] = UnparsableDNSLabelPlaceholder } } return strings.Join(labels, ".") } func (ids *Identifiers) appendDNSName(dnsName string) { if dnsName != "" && !ids.hasDNSName(dnsName) { ids.DNSNames = append(ids.DNSNames, dnsName) } } func (ids *Identifiers) appendIPAddress(ipaddr net.IP) { if !ids.hasIPAddress(ipaddr) { ids.IPAddrs = append(ids.IPAddrs, ipaddr) } } func (ids *Identifiers) hasDNSName(target string) bool { for _, value := range ids.DNSNames { if value == target { return true } } return false } func (ids *Identifiers) hasIPAddress(target net.IP) bool { for _, value := range ids.IPAddrs { if value.Equal(target) { return true } } return false } func (ids *Identifiers) addDnsSANfinal(value []byte) { if ipaddr := parseIPAddrString(string(value)); ipaddr != nil { // Stupid CAs put IP addresses in DNS SANs because stupid Microsoft // used to not support IP address SANs. Since there's no way for an IP // address to also be a valid DNS name, just treat it like an IP address // and not try to process it as a DNS name. ids.appendIPAddress(ipaddr) } else if isASCIIString(value) { ids.appendDNSName(sanitizeDNSName(string(value))) } else { // DNS SANs are supposed to be IA5Strings (i.e. ASCII) but CAs can't follow // simple rules. Unfortunately, we have no idea what the encoding really is // in this case, so interpret it as both UTF-8 (if it's valid UTF-8) // and Latin-1. if isUTF8String(value) { ids.appendDNSName(sanitizeUnicodeDNSName(string(value))) } ids.appendDNSName(sanitizeUnicodeDNSName(latin1ToUTF8(value))) } } func (ids *Identifiers) addDnsSANnonull(value []byte) { if slashIndex := bytes.IndexByte(value, '/'); slashIndex != -1 { // If the value contains a slash, then this might be a URL, // so process the part of the value up to the first slash, // which should be the domain. Even though no client should // ever successfully validate such a DNS name, the domain owner // might still want to know about it. ids.addDnsSANfinal(value[0:slashIndex]) } ids.addDnsSANfinal(value) } func (ids *Identifiers) AddDnsSAN(value []byte) { // Trim http:// and https:// prefixes, which are all too common in the wild, // so http://example.com becomes just example.com. Even though clients // should never successfully validate a DNS name like http://example.com, // the owner of example.com might still want to know about it. value = trimHttpPrefixBytes(value) if nullIndex := bytes.IndexByte(value, 0); nullIndex != -1 { // If the value contains a null byte, process the part of // the value up to the first null byte in addition to the // complete value, in case this certificate is an attempt to // fake out validators that only compare up to the first null. ids.addDnsSANnonull(value[0:nullIndex]) } ids.addDnsSANnonull(value) } func (ids *Identifiers) addCNfinal(value string) { if ipaddr := parseIPAddrString(value); ipaddr != nil { ids.appendIPAddress(ipaddr) } else if !strings.ContainsRune(value, ' ') { // If the CN contains a space it's clearly not a DNS name, so ignore it. ids.appendDNSName(sanitizeUnicodeDNSName(value)) } } func (ids *Identifiers) addCNnonull(value string) { if slashIndex := strings.IndexRune(value, '/'); slashIndex != -1 { // If the value contains a slash, then this might be a URL, // so process the part of the value up to the first slash, // which should be the domain. Even though no client should // ever successfully validate such a DNS name, the domain owner // might still want to know about it. ids.addCNfinal(value[0:slashIndex]) } ids.addCNfinal(value) } func (ids *Identifiers) AddCN(value string) { // Trim http:// and https:// prefixes, which are all too common in the wild, // so http://example.com becomes just example.com. Even though clients // should never successfully validate a DNS name like http://example.com, // the owner of example.com might still want to know about it. value = trimHttpPrefixString(value) if nullIndex := strings.IndexRune(value, 0); nullIndex != -1 { // If the value contains a null byte, process the part of // the value up to the first null byte in addition to the // complete value, in case this certificate is an attempt to // fake out validators that only compare up to the first null. ids.addCNnonull(value[0:nullIndex]) } ids.addCNnonull(value) } func (ids *Identifiers) AddIPAddress(value net.IP) { ids.appendIPAddress(value) } func (ids *Identifiers) dnsNamesString(sep string) string { return strings.Join(ids.DNSNames, sep) } func (ids *Identifiers) ipAddrsString(sep string) string { str := "" for _, ipAddr := range ids.IPAddrs { if str != "" { str += sep } str += ipAddr.String() } return str } func (cert *CertInfo) ParseIdentifiers() (*Identifiers, error) { ids := NewIdentifiers() if cert.SubjectParseError != nil { return nil, cert.SubjectParseError } cns, err := cert.Subject.ParseCNs() if err != nil { return nil, err } for _, cn := range cns { ids.AddCN(cn) } if cert.SANsParseError != nil { return nil, cert.SANsParseError } for _, san := range cert.SANs { switch san.Type { case sanDNSName: ids.AddDnsSAN(san.Value) case sanIPAddress: if len(san.Value) == 4 || len(san.Value) == 16 { ids.AddIPAddress(net.IP(san.Value)) } // TODO: decide what to do with IP addresses with an invalid length. // The two encoding errors I've observed in CT logs are: // 1. encoding the IP address as a string // 2. a value of 0x00000000FFFFFF00 (WTF?) // IP addresses aren't a high priority so just ignore invalid ones for now. // Hopefully no clients out there are dumb enough to process IP address // SANs encoded as strings... } } return ids, nil } certspotter-0.9/logs.go000066400000000000000000000175771326616434700152700ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "crypto" "crypto/sha256" "crypto/x509" "encoding/base64" "time" ) type LogInfoFile struct { Logs []LogInfo `json:"logs"` } type LogInfo struct { Description string `json:"description"` Key []byte `json:"key"` Url string `json:"url"` MMD int `json:"maximum_merge_delay"` CertExpiryBegin *time.Time `json:"cert_expiry_begin"` CertExpiryEnd *time.Time `json:"cert_expiry_end"` } func (info *LogInfo) FullURI() string { return "https://" + info.Url } func (info *LogInfo) ParsedPublicKey() (crypto.PublicKey, error) { if info.Key != nil { return x509.ParsePKIXPublicKey(info.Key) } else { return nil, nil } } func (info *LogInfo) ID() []byte { sum := sha256.Sum256(info.Key) return sum[:] } var DefaultLogs = []LogInfo{ { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA=="), Url: "ct.googleapis.com/pilot", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q=="), Url: "ct.googleapis.com/aviator", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A=="), Url: "ct1.digicert-ct.com/log", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg=="), Url: "ct.googleapis.com/rocketeer", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg=="), Url: "ct.ws.symantec.com", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6pWeAv/u8TNtS4e8zf0ZF2L/lNPQWQc/Ai0ckP7IRzA78d0NuBEMXR2G3avTK0Zm+25ltzv9WWis36b4ztIYTQ=="), Url: "vega.ws.symantec.com", MMD: 86400, }, { Key: mustDecodeBase64("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7UIYZopMgTTJWPp2IXhhuAf1l6a9zM7gBvntj5fLaFm9pVKhKYhVnno94XuXeN8EsDgiSIJIj66FpUGvai5samyetZhLocRuXhAiXXbDNyQ4KR51tVebtEq2zT0mT9liTtGwiksFQccyUsaVPhsHq9gJ2IKZdWauVA2Fm5x9h8B9xKn/L/2IaMpkIYtd967TNTP/dLPgixN1PLCLaypvurDGSVDsuWabA3FHKWL9z8wr7kBkbdpEhLlg2H+NAC+9nGKx+tQkuhZ/hWR65aX+CNUPy2OB9/u2rNPyDydb988LENXoUcMkQT0dU3aiYGkFAY0uZjD2vH97TM20xYtNQIDAQAB"), Url: "ctserver.cnnic.cn", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETtK8v7MICve56qTHHDhhBOuV4IlUaESxZryCfk9QbG9co/CqPvTsgPDbCpp6oFtyAHwlDhnvr7JijXRD9Cb2FA=="), Url: "ct.googleapis.com/icarus", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEmyGDvYXsRJsNyXSrYc9DjHsIa2xzb4UR7ZxVoV6mrc9iZB7xjI6+NrOiwH+P/xxkRmOFG6Jel20q37hTh58rA=="), Url: "ct.googleapis.com/skydiver", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjicnerZVCXTrbEuUhGW85BXx6lrYfA43zro/bAna5ymW00VQb94etBzSg4j/KS/Oqf/fNN51D8DMGA2ULvw3AQ=="), Url: "ctlog-gen2.api.venafi.com", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7+R9dC4VFbbpuyOL+yy14ceAmEf7QGlo/EmtYU6DRzwat43f/3swtLr/L8ugFOOt1YU/RFmMjGCL17ixv66MZw=="), Url: "mammoth.ct.comodo.com", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8m/SiQ8/xfiHHqtls9m7FyOMBg4JVZY9CgiixXGz0akvKD6DEL8S0ERmFe9U4ZiA0M4kbT5nmuk3I85Sk4bagA=="), Url: "sabre.ct.comodo.com", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0gBVBa3VR7QZu82V+ynXWD14JM3ORp37MtRxTmACJV5ZPtfUA7htQ2hofuigZQs+bnFZkje+qejxoyvk2Q1VaA=="), Url: "ct.googleapis.com/logs/argon2018", MMD: 86400, CertExpiryBegin: makeTime(1514764800), CertExpiryEnd: makeTime(1546300800), }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI3MQm+HzXvaYa2mVlhB4zknbtAT8cSxakmBoJcBKGqGwYS0bhxSpuvABM1kdBTDpQhXnVdcq+LSiukXJRpGHVg=="), Url: "ct.googleapis.com/logs/argon2019", MMD: 86400, CertExpiryBegin: makeTime(1546300800), CertExpiryEnd: makeTime(1577836800), }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6Tx2p1yKY4015NyIYvdrk36es0uAc1zA4PQ+TGRY+3ZjUTIYY9Wyu+3q/147JG4vNVKLtDWarZwVqGkg6lAYzA=="), Url: "ct.googleapis.com/logs/argon2020", MMD: 86400, CertExpiryBegin: makeTime(1577836800), CertExpiryEnd: makeTime(1609459200), }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETeBmZOrzZKo4xYktx9gI2chEce3cw/tbr5xkoQlmhB18aKfsxD+MnILgGNl0FOm0eYGilFVi85wLRIOhK8lxKw=="), Url: "ct.googleapis.com/logs/argon2021", MMD: 86400, CertExpiryBegin: makeTime(1609459200), CertExpiryEnd: makeTime(1640995200), }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEowJkhCK7JewN47zCyYl93UXQ7uYVhY/Z5xcbE4Dq7bKFN61qxdglnfr0tPNuFiglN+qjN2Syxwv9UeXBBfQOtQ=="), Url: "sirius.ws.symantec.com", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzF05L2a4TH/BLgOhNKPoioYCrkoRxvcmajeb8Dj4XQmNY+gxa4Zmz3mzJTwe33i0qMVp+rfwgnliQ/bM/oFmhA=="), Url: "ct2.digicert-ct.com/log", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAsVpWvrH3Ke0VRaMg9ZQoQjb5g/xh1z3DDa6IuxY5DyPsk6brlvrUNXZzoIg0DcvFiAn2kd6xmu4Obk5XA/nRg=="), Url: "ct.cloudflare.com/logs/nimbus2018", MMD: 86400, CertExpiryBegin: makeTime(1514764800), CertExpiryEnd: makeTime(1546300800), }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkZHz1v5r8a9LmXSMegYZAg4UW+Ug56GtNfJTDNFZuubEJYgWf4FcC5D+ZkYwttXTDSo4OkanG9b3AI4swIQ28g=="), Url: "ct.cloudflare.com/logs/nimbus2019", MMD: 86400, CertExpiryBegin: makeTime(1546300800), CertExpiryEnd: makeTime(1577836800), }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01EAhx4o0zPQrXTcYjgCt4MVFsT0Pwjzb1RwrM0lhWDlxAYPP6/gyMCXNkOn/7KFsjL7rwk78tHMpY8rXn8AYg=="), Url: "ct.cloudflare.com/logs/nimbus2020", MMD: 86400, CertExpiryBegin: makeTime(1577836800), CertExpiryEnd: makeTime(1609459200), }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExpon7ipsqehIeU1bmpog9TFo4Pk8+9oN8OYHl1Q2JGVXnkVFnuuvPgSo2Ep+6vLffNLcmEbxOucz03sFiematg=="), Url: "ct.cloudflare.com/logs/nimbus2021", MMD: 86400, CertExpiryBegin: makeTime(1609459200), CertExpiryEnd: makeTime(1640995200), }, } // Logs which monitor certs from distrusted roots var UnderwaterLogs = []LogInfo{ { Description: "Google 'Submariner' log", Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOfifIGLUV1Voou9JLfA5LZreRLSUMOCeeic8q3Dw0fpRkGMWV0Gtq20fgHQweQJeLVmEByQj9p81uIW4QkWkTw=="), Url: "ct.googleapis.com/submariner", MMD: 86400, }, } // Logs which accept submissions from anyone var OpenLogs = []LogInfo{ { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA=="), Url: "ct.googleapis.com/pilot", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg=="), Url: "ct.googleapis.com/rocketeer", MMD: 86400, }, { Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELPXCMfVjQ2oWSgrewu4fIW4Sfh3lco90CwKZ061pvAI1eflh6c8ACE90pKM0muBDHCN+j0HV7scco4KKQPqq4A=="), Url: "dodo.ct.comodo.com", MMD: 86400, }, } func mustDecodeBase64(str string) []byte { bytes, err := base64.StdEncoding.DecodeString(str) if err != nil { panic("MustDecodeBase64: " + err.Error()) } return bytes } func makeTime(seconds int64) *time.Time { t := time.Unix(seconds, 0) return &t } certspotter-0.9/precerts.go000066400000000000000000000122211326616434700161300ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "bytes" "encoding/asn1" "errors" "fmt" ) func bitStringEqual(a, b *asn1.BitString) bool { return a.BitLength == b.BitLength && bytes.Equal(a.Bytes, b.Bytes) } var ( oidExtensionAuthorityKeyId = []int{2, 5, 29, 35} oidExtensionSCT = []int{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2} oidExtensionCTPoison = []int{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3} ) type PrecertInfo struct { SameIssuer bool // The pre-certificate was issued from the same CA as the final certificate Issuer []byte // The pre-certificate's issuer, if different from the final certificate AKI []byte // The pre-certificate's AKI, if present and different from the final certificate } func ValidatePrecert(precertBytes []byte, tbsBytes []byte) (*PrecertInfo, error) { precert, err := ParseCertificate(precertBytes) if err != nil { return nil, errors.New("failed to parse pre-certificate: " + err.Error()) } precertTBS, err := precert.ParseTBSCertificate() if err != nil { return nil, errors.New("failed to parse pre-certificate TBS: " + err.Error()) } tbs, err := ParseTBSCertificate(tbsBytes) if err != nil { return nil, errors.New("failed to parse TBS: " + err.Error()) } // Everything must be equal except: // issuer // Authority Key Identifier extension (both must have it OR neither can have it) // CT poison extension (precert must have it, TBS must not have it) if precertTBS.Version != tbs.Version { return nil, errors.New("version not equal") } if !bytes.Equal(precertTBS.SerialNumber.FullBytes, tbs.SerialNumber.FullBytes) { return nil, errors.New("serial number not equal") } sameIssuer := bytes.Equal(precertTBS.Issuer.FullBytes, tbs.Issuer.FullBytes) if !bytes.Equal(precertTBS.SignatureAlgorithm.FullBytes, tbs.SignatureAlgorithm.FullBytes) { return nil, errors.New("SignatureAlgorithm not equal") } if !bytes.Equal(precertTBS.Validity.FullBytes, tbs.Validity.FullBytes) { return nil, errors.New("Validity not equal") } if !bytes.Equal(precertTBS.Subject.FullBytes, tbs.Subject.FullBytes) { return nil, errors.New("Subject not equal") } if !bytes.Equal(precertTBS.PublicKey.FullBytes, tbs.PublicKey.FullBytes) { return nil, errors.New("PublicKey not equal") } if !bitStringEqual(&precertTBS.UniqueId, &tbs.UniqueId) { return nil, errors.New("UniqueId not equal") } if !bitStringEqual(&precertTBS.SubjectUniqueId, &tbs.SubjectUniqueId) { return nil, errors.New("SubjectUniqueId not equal") } precertHasPoison := false tbsIndex := 0 var aki []byte for precertIndex := range precertTBS.Extensions { precertExt := &precertTBS.Extensions[precertIndex] if precertExt.Id.Equal(oidExtensionCTPoison) { if !precertExt.Critical { return nil, errors.New("pre-cert poison extension is not critical") } /* CAs can't even get this right, and Google's logs don't check. Fortunately, it's not that important. if !bytes.Equal(precertExt.Value, []byte{0x05, 0x00}) { return errors.New("pre-cert poison extension contains incorrect value") } */ precertHasPoison = true continue } if tbsIndex >= len(tbs.Extensions) { return nil, errors.New("pre-cert contains extension not in TBS") } tbsExt := &tbs.Extensions[tbsIndex] if !precertExt.Id.Equal(tbsExt.Id) { return nil, fmt.Errorf("pre-cert and TBS contain different extensions (%v vs %v)", precertExt.Id, tbsExt.Id) } if precertExt.Critical != tbsExt.Critical { return nil, fmt.Errorf("pre-cert and TBS %v extension differs in criticality", precertExt.Id) } if !sameIssuer && precertExt.Id.Equal(oidExtensionAuthorityKeyId) { aki = precertExt.Value } else { if !bytes.Equal(precertExt.Value, tbsExt.Value) { return nil, fmt.Errorf("pre-cert and TBS %v extension differs in value", precertExt.Id) } } tbsIndex++ } if tbsIndex < len(tbs.Extensions) { return nil, errors.New("TBS contains extension not in pre-cert") } if !precertHasPoison { return nil, errors.New("pre-cert does not have poison extension") } return &PrecertInfo{SameIssuer: sameIssuer, Issuer: precertTBS.Issuer.FullBytes, AKI: aki}, nil } func ReconstructPrecertTBS(tbs *TBSCertificate) (*TBSCertificate, error) { precertTBS := TBSCertificate{ Version: tbs.Version, SerialNumber: tbs.SerialNumber, SignatureAlgorithm: tbs.SignatureAlgorithm, Issuer: tbs.Issuer, Validity: tbs.Validity, Subject: tbs.Subject, PublicKey: tbs.PublicKey, UniqueId: tbs.UniqueId, SubjectUniqueId: tbs.SubjectUniqueId, Extensions: make([]Extension, 0, len(tbs.Extensions)), } for _, ext := range tbs.Extensions { switch { case ext.Id.Equal(oidExtensionSCT): default: precertTBS.Extensions = append(precertTBS.Extensions, ext) } } var err error precertTBS.Raw, err = asn1.Marshal(precertTBS) return &precertTBS, err } certspotter-0.9/scanner.go000066400000000000000000000216751326616434700157470ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. // // This file contains code from https://github.com/google/certificate-transparency/tree/master/go // See ct/AUTHORS and ct/LICENSE for copyright and license information. package certspotter import ( // "container/list" "bytes" "crypto" "errors" "fmt" "log" "sync" "sync/atomic" "time" "software.sslmate.com/src/certspotter/ct" "software.sslmate.com/src/certspotter/ct/client" ) type ProcessCallback func(*Scanner, *ct.LogEntry) const ( FETCH_RETRIES = 10 FETCH_RETRY_WAIT = 1 ) // ScannerOptions holds configuration options for the Scanner type ScannerOptions struct { // Number of entries to request in one batch from the Log BatchSize int // Number of concurrent proecssors to run NumWorkers int // Don't print any status messages to stdout Quiet bool } // Creates a new ScannerOptions struct with sensible defaults func DefaultScannerOptions() *ScannerOptions { return &ScannerOptions{ BatchSize: 1000, NumWorkers: 1, Quiet: false, } } // Scanner is a tool to scan all the entries in a CT Log. type Scanner struct { // Base URI of CT log LogUri string // Public key of the log publicKey crypto.PublicKey LogId []byte // Client used to talk to the CT log instance logClient *client.LogClient // Configuration options for this Scanner instance opts ScannerOptions } // fetchRange represents a range of certs to fetch from a CT log type fetchRange struct { start int64 end int64 } // Worker function to process certs. // Accepts ct.LogEntries over the |entries| channel, and invokes processCert on them. // Returns true over the |done| channel when the |entries| channel is closed. func (s *Scanner) processerJob(id int, certsProcessed *int64, entries <-chan ct.LogEntry, processCert ProcessCallback, wg *sync.WaitGroup) { for entry := range entries { atomic.AddInt64(certsProcessed, 1) processCert(s, &entry) } wg.Done() } func (s *Scanner) fetch(r fetchRange, entries chan<- ct.LogEntry, tree *CollapsedMerkleTree) error { success := false retries := FETCH_RETRIES retryWait := FETCH_RETRY_WAIT for !success { s.Log(fmt.Sprintf("Fetching entries %d to %d", r.start, r.end)) logEntries, err := s.logClient.GetEntries(r.start, r.end) if err != nil { if retries == 0 { s.Warn(fmt.Sprintf("Problem fetching entries %d to %d from log: %s", r.start, r.end, err.Error())) return err } else { s.Log(fmt.Sprintf("Problem fetching entries %d to %d from log (will retry): %s", r.start, r.end, err.Error())) time.Sleep(time.Duration(retryWait) * time.Second) retries-- retryWait *= 2 continue } } retries = FETCH_RETRIES retryWait = FETCH_RETRY_WAIT for _, logEntry := range logEntries { if tree != nil { tree.Add(hashLeaf(logEntry.LeafBytes)) } logEntry.Index = r.start entries <- logEntry r.start++ } if r.start > r.end { // Only complete if we actually got all the leaves we were // expecting -- Logs MAY return fewer than the number of // leaves requested. success = true } } return nil } // Worker function for fetcher jobs. // Accepts cert ranges to fetch over the |ranges| channel, and if the fetch is // successful sends the individual LeafInputs out into the // |entries| channel for the processors to chew on. // Will retry failed attempts to retrieve ranges indefinitely. // Sends true over the |done| channel when the |ranges| channel is closed. /* disabled becuase error handling is broken func (s *Scanner) fetcherJob(id int, ranges <-chan fetchRange, entries chan<- ct.LogEntry, wg *sync.WaitGroup) { for r := range ranges { s.fetch(r, entries, nil) } wg.Done() } */ // Returns the smaller of |a| and |b| func min(a int64, b int64) int64 { if a < b { return a } else { return b } } // Returns the larger of |a| and |b| func max(a int64, b int64) int64 { if a > b { return a } else { return b } } // Pretty prints the passed in number of |seconds| into a more human readable // string. func humanTime(seconds int) string { nanos := time.Duration(seconds) * time.Second hours := int(nanos / (time.Hour)) nanos %= time.Hour minutes := int(nanos / time.Minute) nanos %= time.Minute seconds = int(nanos / time.Second) s := "" if hours > 0 { s += fmt.Sprintf("%d hours ", hours) } if minutes > 0 { s += fmt.Sprintf("%d minutes ", minutes) } if seconds > 0 { s += fmt.Sprintf("%d seconds ", seconds) } return s } func (s Scanner) Log(msg string) { if !s.opts.Quiet { log.Print(msg) } } func (s Scanner) Warn(msg string) { log.Print(msg) } func (s *Scanner) GetSTH() (*ct.SignedTreeHead, error) { latestSth, err := s.logClient.GetSTH() if err != nil { return nil, err } if s.publicKey != nil { verifier, err := ct.NewSignatureVerifier(s.publicKey) if err != nil { return nil, err } if err := verifier.VerifySTHSignature(*latestSth); err != nil { return nil, errors.New("STH signature is invalid: " + err.Error()) } } copy(latestSth.LogID[:], s.LogId) return latestSth, nil } func (s *Scanner) CheckConsistency(first *ct.SignedTreeHead, second *ct.SignedTreeHead) (bool, error) { if first.TreeSize < second.TreeSize { proof, err := s.logClient.GetConsistencyProof(int64(first.TreeSize), int64(second.TreeSize)) if err != nil { return false, err } return VerifyConsistencyProof(proof, first, second), nil } else if first.TreeSize > second.TreeSize { proof, err := s.logClient.GetConsistencyProof(int64(second.TreeSize), int64(first.TreeSize)) if err != nil { return false, err } return VerifyConsistencyProof(proof, second, first), nil } else { // There is no need to ask the server for a consistency proof if the trees // are the same size, and the DigiCert log returns a 400 error if we try. return bytes.Equal(first.SHA256RootHash[:], second.SHA256RootHash[:]), nil } } func (s *Scanner) MakeCollapsedMerkleTree(sth *ct.SignedTreeHead) (*CollapsedMerkleTree, error) { if sth.TreeSize == 0 { return &CollapsedMerkleTree{}, nil } entries, err := s.logClient.GetEntries(int64(sth.TreeSize-1), int64(sth.TreeSize-1)) if err != nil { return nil, err } if len(entries) == 0 { return nil, fmt.Errorf("Log did not return entry %d", sth.TreeSize-1) } leafHash := hashLeaf(entries[0].LeafBytes) var tree *CollapsedMerkleTree if sth.TreeSize > 1 { auditPath, _, err := s.logClient.GetAuditProof(leafHash, sth.TreeSize) if err != nil { return nil, err } reverseHashes(auditPath) tree, err = NewCollapsedMerkleTree(auditPath, sth.TreeSize-1) if err != nil { return nil, fmt.Errorf("Error returned bad audit proof for %x to %d", leafHash, sth.TreeSize) } } else { tree = EmptyCollapsedMerkleTree() } tree.Add(leafHash) if !bytes.Equal(tree.CalculateRoot(), sth.SHA256RootHash[:]) { return nil, fmt.Errorf("Calculated root hash does not match signed tree head at size %d", sth.TreeSize) } return tree, nil } func (s *Scanner) Scan(startIndex int64, endIndex int64, processCert ProcessCallback, tree *CollapsedMerkleTree) error { s.Log("Starting scan...") certsProcessed := new(int64) startTime := time.Now() /* TODO: only launch ticker goroutine if in verbose mode; kill the goroutine when the scanner finishes ticker := time.NewTicker(time.Second) go func() { for range ticker.C { throughput := float64(s.certsProcessed) / time.Since(startTime).Seconds() remainingCerts := int64(endIndex) - int64(startIndex) - s.certsProcessed remainingSeconds := int(float64(remainingCerts) / throughput) remainingString := humanTime(remainingSeconds) s.Log(fmt.Sprintf("Processed: %d certs (to index %d). Throughput: %3.2f ETA: %s", s.certsProcessed, startIndex+int64(s.certsProcessed), throughput, remainingString)) } }() */ // Start processor workers jobs := make(chan ct.LogEntry, 100) var processorWG sync.WaitGroup for w := 0; w < s.opts.NumWorkers; w++ { processorWG.Add(1) go s.processerJob(w, certsProcessed, jobs, processCert, &processorWG) } for start := startIndex; start < int64(endIndex); { end := min(start+int64(s.opts.BatchSize), int64(endIndex)) - 1 if err := s.fetch(fetchRange{start, end}, jobs, tree); err != nil { return err } start = end + 1 } close(jobs) processorWG.Wait() s.Log(fmt.Sprintf("Completed %d certs in %s", *certsProcessed, humanTime(int(time.Since(startTime).Seconds())))) return nil } // Creates a new Scanner instance using |client| to talk to the log, and taking // configuration options from |opts|. func NewScanner(logUri string, logId []byte, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner { var scanner Scanner scanner.LogUri = logUri scanner.LogId = logId scanner.publicKey = publicKey scanner.logClient = client.New(logUri) scanner.opts = *opts return &scanner } certspotter-0.9/sct.go000066400000000000000000000024661326616434700151040ustar00rootroot00000000000000// Copyright (C) 2017 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "software.sslmate.com/src/certspotter/ct" ) func VerifyX509SCT(sct *ct.SignedCertificateTimestamp, cert []byte, verify *ct.SignatureVerifier) error { entry := ct.LogEntry{ Leaf: ct.MerkleTreeLeaf{ Version: 0, LeafType: ct.TimestampedEntryLeafType, TimestampedEntry: ct.TimestampedEntry{ Timestamp: sct.Timestamp, EntryType: ct.X509LogEntryType, X509Entry: cert, Extensions: sct.Extensions, }, }, } return verify.VerifySCTSignature(*sct, entry) } func VerifyPrecertSCT(sct *ct.SignedCertificateTimestamp, precert ct.PreCert, verify *ct.SignatureVerifier) error { entry := ct.LogEntry{ Leaf: ct.MerkleTreeLeaf{ Version: 0, LeafType: ct.TimestampedEntryLeafType, TimestampedEntry: ct.TimestampedEntry{ Timestamp: sct.Timestamp, EntryType: ct.PrecertLogEntryType, PrecertEntry: precert, Extensions: sct.Extensions, }, }, } return verify.VerifySCTSignature(*sct, entry) } certspotter-0.9/x509.go000066400000000000000000000246761326616434700150270ustar00rootroot00000000000000// Copyright (C) 2016 Opsmate, Inc. // // This Source Code Form is subject to the terms of the Mozilla // Public License, v. 2.0. If a copy of the MPL was not distributed // with this file, You can obtain one at http://mozilla.org/MPL/2.0/. // // This software is distributed WITHOUT A WARRANTY OF ANY KIND. // See the Mozilla Public License for details. package certspotter import ( "bytes" "encoding/asn1" "errors" "fmt" "math/big" "net" "time" ) var ( oidExtensionSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17} oidExtensionBasicConstraints = asn1.ObjectIdentifier{2, 5, 29, 19} oidCountry = asn1.ObjectIdentifier{2, 5, 4, 6} oidOrganization = asn1.ObjectIdentifier{2, 5, 4, 10} oidOrganizationalUnit = asn1.ObjectIdentifier{2, 5, 4, 11} oidCommonName = asn1.ObjectIdentifier{2, 5, 4, 3} oidSerialNumber = asn1.ObjectIdentifier{2, 5, 4, 5} oidLocality = asn1.ObjectIdentifier{2, 5, 4, 7} oidProvince = asn1.ObjectIdentifier{2, 5, 4, 8} oidStreetAddress = asn1.ObjectIdentifier{2, 5, 4, 9} oidPostalCode = asn1.ObjectIdentifier{2, 5, 4, 17} ) type CertValidity struct { NotBefore time.Time NotAfter time.Time } type basicConstraints struct { IsCA bool `asn1:"optional"` MaxPathLen int `asn1:"optional,default:-1"` } type Extension struct { Id asn1.ObjectIdentifier Critical bool `asn1:"optional"` Value []byte } const ( sanOtherName = 0 sanRfc822Name = 1 sanDNSName = 2 sanX400Address = 3 sanDirectoryName = 4 sanEdiPartyName = 5 sanURI = 6 sanIPAddress = 7 sanRegisteredID = 8 ) type SubjectAltName struct { Type int Value []byte } type RDNSequence []RelativeDistinguishedNameSET type RelativeDistinguishedNameSET []AttributeTypeAndValue type AttributeTypeAndValue struct { Type asn1.ObjectIdentifier Value asn1.RawValue } func ParseRDNSequence(rdnsBytes []byte) (RDNSequence, error) { var rdns RDNSequence if rest, err := asn1.Unmarshal(rdnsBytes, &rdns); err != nil { return nil, errors.New("failed to parse RDNSequence: " + err.Error()) } else if len(rest) != 0 { return nil, fmt.Errorf("trailing data after RDNSequence: %v", rest) // XXX: too strict? } return rdns, nil } type TBSCertificate struct { Raw asn1.RawContent Version int `asn1:"optional,explicit,default:1,tag:0"` SerialNumber asn1.RawValue SignatureAlgorithm asn1.RawValue Issuer asn1.RawValue Validity asn1.RawValue Subject asn1.RawValue PublicKey asn1.RawValue UniqueId asn1.BitString `asn1:"optional,tag:1"` SubjectUniqueId asn1.BitString `asn1:"optional,tag:2"` Extensions []Extension `asn1:"optional,explicit,tag:3"` } type Certificate struct { Raw asn1.RawContent TBSCertificate asn1.RawValue SignatureAlgorithm asn1.RawValue SignatureValue asn1.RawValue } func (rdns RDNSequence) ParseCNs() ([]string, error) { var cns []string for _, rdn := range rdns { if len(rdn) == 0 { continue } atv := rdn[0] if atv.Type.Equal(oidCommonName) { cnString, err := decodeASN1String(&atv.Value) if err != nil { return nil, errors.New("Error decoding CN: " + err.Error()) } cns = append(cns, cnString) } } return cns, nil } func rdnLabel(oid asn1.ObjectIdentifier) string { switch { case oid.Equal(oidCountry): return "C" case oid.Equal(oidOrganization): return "O" case oid.Equal(oidOrganizationalUnit): return "OU" case oid.Equal(oidCommonName): return "CN" case oid.Equal(oidSerialNumber): return "serialNumber" case oid.Equal(oidLocality): return "L" case oid.Equal(oidProvince): return "ST" case oid.Equal(oidStreetAddress): return "street" case oid.Equal(oidPostalCode): return "postalCode" } return oid.String() } func (rdns RDNSequence) String() string { var buf bytes.Buffer for _, rdn := range rdns { if len(rdn) == 0 { continue } atv := rdn[0] if buf.Len() != 0 { buf.WriteString(", ") } buf.WriteString(rdnLabel(atv.Type)) buf.WriteString("=") valueString, err := decodeASN1String(&atv.Value) if err == nil { buf.WriteString(valueString) // TODO: escape non-printable characters, '\', and ',' } else { fmt.Fprintf(&buf, "%v", atv.Value.FullBytes) } } return buf.String() } func (san SubjectAltName) String() string { switch san.Type { case sanDNSName: return "DNS:" + string(san.Value) // TODO: escape non-printable characters, '\', and ',' case sanIPAddress: if len(san.Value) == 4 || len(san.Value) == 16 { return "IP:" + net.IP(san.Value).String() } else { return fmt.Sprintf("IP:%v", san.Value) } default: // TODO: support other types of SANs return fmt.Sprintf("%d:%v", san.Type, san.Value) } } func ParseTBSCertificate(tbsBytes []byte) (*TBSCertificate, error) { var tbs TBSCertificate if rest, err := asn1.Unmarshal(tbsBytes, &tbs); err != nil { return nil, errors.New("failed to parse TBS: " + err.Error()) } else if len(rest) > 0 { return nil, fmt.Errorf("trailing data after TBS: %v", rest) // XXX: too strict? } return &tbs, nil } func (tbs *TBSCertificate) ParseValidity() (*CertValidity, error) { var rawValidity struct { NotBefore asn1.RawValue NotAfter asn1.RawValue } if rest, err := asn1.Unmarshal(tbs.Validity.FullBytes, &rawValidity); err != nil { return nil, errors.New("failed to parse validity: " + err.Error()) } else if len(rest) > 0 { return nil, fmt.Errorf("trailing data after validity: %v", rest) } var validity CertValidity var err error if validity.NotBefore, err = decodeASN1Time(&rawValidity.NotBefore); err != nil { return nil, errors.New("failed to decode notBefore time: " + err.Error()) } if validity.NotAfter, err = decodeASN1Time(&rawValidity.NotAfter); err != nil { return nil, errors.New("failed to decode notAfter time: " + err.Error()) } return &validity, nil } func (tbs *TBSCertificate) ParseBasicConstraints() (*bool, error) { isCA := false isNotCA := false // Some certs in the wild have multiple BasicConstraints extensions (is there anything // that CAs haven't screwed up???), so we process all of them and only choke if they // are contradictory (which has not been observed...yet). for _, ext := range tbs.GetExtension(oidExtensionBasicConstraints) { var constraints basicConstraints if rest, err := asn1.Unmarshal(ext.Value, &constraints); err != nil { return nil, errors.New("failed to parse Basic Constraints: " + err.Error()) } else if len(rest) > 0 { return nil, fmt.Errorf("trailing data after Basic Constraints: %v", rest) } if constraints.IsCA { isCA = true } else { isNotCA = true } } if !isCA && !isNotCA { return nil, nil } else if isCA && !isNotCA { trueValue := true return &trueValue, nil } else if !isCA && isNotCA { falseValue := false return &falseValue, nil } else { return nil, fmt.Errorf("Certificate has more than one Basic Constraints extension and they are contradictory") } } func (tbs *TBSCertificate) ParseSerialNumber() (*big.Int, error) { serialNumber := big.NewInt(0) if rest, err := asn1.Unmarshal(tbs.SerialNumber.FullBytes, &serialNumber); err != nil { return nil, errors.New("failed to parse serial number: " + err.Error()) } else if len(rest) > 0 { return nil, fmt.Errorf("trailing data after serial number: %v", rest) } return serialNumber, nil } func (tbs *TBSCertificate) GetRawPublicKey() []byte { return tbs.PublicKey.FullBytes } func (tbs *TBSCertificate) GetRawSubject() []byte { return tbs.Subject.FullBytes } func (tbs *TBSCertificate) GetRawIssuer() []byte { return tbs.Issuer.FullBytes } func (tbs *TBSCertificate) ParseSubject() (RDNSequence, error) { subject, err := ParseRDNSequence(tbs.GetRawSubject()) if err != nil { return nil, errors.New("failed to parse certificate subject: " + err.Error()) } return subject, nil } func (tbs *TBSCertificate) ParseIssuer() (RDNSequence, error) { issuer, err := ParseRDNSequence(tbs.GetRawIssuer()) if err != nil { return nil, errors.New("failed to parse certificate issuer: " + err.Error()) } return issuer, nil } func (tbs *TBSCertificate) ParseSubjectCommonNames() ([]string, error) { subject, err := tbs.ParseSubject() if err != nil { return nil, err } cns, err := subject.ParseCNs() if err != nil { return nil, errors.New("failed to process certificate subject: " + err.Error()) } return cns, nil } func (tbs *TBSCertificate) ParseSubjectAltNames() ([]SubjectAltName, error) { sans := []SubjectAltName{} for _, sanExt := range tbs.GetExtension(oidExtensionSubjectAltName) { var err error sans, err = parseSANExtension(sans, sanExt.Value) if err != nil { return nil, err } } return sans, nil } func (tbs *TBSCertificate) GetExtension(id asn1.ObjectIdentifier) []Extension { var exts []Extension for _, ext := range tbs.Extensions { if ext.Id.Equal(id) { exts = append(exts, ext) } } return exts } func ParseCertificate(certBytes []byte) (*Certificate, error) { var cert Certificate if rest, err := asn1.Unmarshal(certBytes, &cert); err != nil { return nil, errors.New("failed to parse certificate: " + err.Error()) } else if len(rest) > 0 { return nil, fmt.Errorf("trailing data after certificate: %v", rest) // XXX: too strict? } return &cert, nil } func (cert *Certificate) GetRawTBSCertificate() []byte { return cert.TBSCertificate.FullBytes } func (cert *Certificate) ParseTBSCertificate() (*TBSCertificate, error) { return ParseTBSCertificate(cert.GetRawTBSCertificate()) } func parseSANExtension(sans []SubjectAltName, value []byte) ([]SubjectAltName, error) { var seq asn1.RawValue if rest, err := asn1.Unmarshal(value, &seq); err != nil { return nil, errors.New("failed to parse subjectAltName extension: " + err.Error()) } else if len(rest) != 0 { // Don't complain if the SAN is followed by exactly one zero byte, // which is a common error. if !(len(rest) == 1 && rest[0] == 0) { return nil, fmt.Errorf("trailing data in subjectAltName extension: %v", rest) // XXX: too strict? } } if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 { return nil, errors.New("failed to parse subjectAltName extension: bad SAN sequence") // XXX: too strict? } rest := seq.Bytes for len(rest) > 0 { var val asn1.RawValue var err error rest, err = asn1.Unmarshal(rest, &val) if err != nil { return nil, errors.New("failed to parse subjectAltName extension item: " + err.Error()) } sans = append(sans, SubjectAltName{Type: val.Tag, Value: val.Bytes}) } return sans, nil }