2016-05-04 20:53:48 +02:00
|
|
|
// Copyright (C) 2016 Opsmate, Inc.
|
|
|
|
//
|
|
|
|
// This Source Code Form is subject to the terms of the Mozilla
|
|
|
|
// Public License, v. 2.0. If a copy of the MPL was not distributed
|
|
|
|
// with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
//
|
|
|
|
// This software is distributed WITHOUT A WARRANTY OF ANY KIND.
|
|
|
|
// See the Mozilla Public License for details.
|
|
|
|
|
2016-05-04 20:49:07 +02:00
|
|
|
package certspotter
|
2016-03-24 05:03:00 +01:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/asn1"
|
2016-07-28 20:55:46 +02:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2016-03-24 05:03:00 +01:00
|
|
|
)
|
|
|
|
|
2016-07-28 20:55:46 +02:00
|
|
|
func bitStringEqual(a, b *asn1.BitString) bool {
|
2016-03-24 05:03:00 +01:00
|
|
|
return a.BitLength == b.BitLength && bytes.Equal(a.Bytes, b.Bytes)
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
2016-07-28 20:55:46 +02:00
|
|
|
oidExtensionAuthorityKeyId = []int{2, 5, 29, 35}
|
|
|
|
oidExtensionSCT = []int{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2}
|
|
|
|
oidExtensionCTPoison = []int{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3}
|
2016-03-24 05:03:00 +01:00
|
|
|
)
|
2016-07-28 20:55:46 +02:00
|
|
|
|
2017-04-18 21:29:04 +02:00
|
|
|
type PrecertInfo struct {
|
|
|
|
SameIssuer bool // The pre-certificate was issued from the same CA as the final certificate
|
|
|
|
Issuer []byte // The pre-certificate's issuer, if different from the final certificate
|
|
|
|
AKI []byte // The pre-certificate's AKI, if present and different from the final certificate
|
|
|
|
}
|
|
|
|
|
|
|
|
func ValidatePrecert(precertBytes []byte, tbsBytes []byte) (*PrecertInfo, error) {
|
2016-03-24 05:03:00 +01:00
|
|
|
precert, err := ParseCertificate(precertBytes)
|
|
|
|
if err != nil {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("failed to parse pre-certificate: " + err.Error())
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
precertTBS, err := precert.ParseTBSCertificate()
|
|
|
|
if err != nil {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("failed to parse pre-certificate TBS: " + err.Error())
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
tbs, err := ParseTBSCertificate(tbsBytes)
|
|
|
|
if err != nil {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("failed to parse TBS: " + err.Error())
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Everything must be equal except:
|
|
|
|
// issuer
|
|
|
|
// Authority Key Identifier extension (both must have it OR neither can have it)
|
|
|
|
// CT poison extension (precert must have it, TBS must not have it)
|
|
|
|
if precertTBS.Version != tbs.Version {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("version not equal")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
if !bytes.Equal(precertTBS.SerialNumber.FullBytes, tbs.SerialNumber.FullBytes) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("serial number not equal")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
sameIssuer := bytes.Equal(precertTBS.Issuer.FullBytes, tbs.Issuer.FullBytes)
|
|
|
|
if !bytes.Equal(precertTBS.SignatureAlgorithm.FullBytes, tbs.SignatureAlgorithm.FullBytes) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("SignatureAlgorithm not equal")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
if !bytes.Equal(precertTBS.Validity.FullBytes, tbs.Validity.FullBytes) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("Validity not equal")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
if !bytes.Equal(precertTBS.Subject.FullBytes, tbs.Subject.FullBytes) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("Subject not equal")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
if !bytes.Equal(precertTBS.PublicKey.FullBytes, tbs.PublicKey.FullBytes) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("PublicKey not equal")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
if !bitStringEqual(&precertTBS.UniqueId, &tbs.UniqueId) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("UniqueId not equal")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
if !bitStringEqual(&precertTBS.SubjectUniqueId, &tbs.SubjectUniqueId) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("SubjectUniqueId not equal")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
precertHasPoison := false
|
|
|
|
tbsIndex := 0
|
2017-04-18 21:29:04 +02:00
|
|
|
var aki []byte
|
2016-03-24 05:03:00 +01:00
|
|
|
for precertIndex := range precertTBS.Extensions {
|
|
|
|
precertExt := &precertTBS.Extensions[precertIndex]
|
|
|
|
|
|
|
|
if precertExt.Id.Equal(oidExtensionCTPoison) {
|
|
|
|
if !precertExt.Critical {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("pre-cert poison extension is not critical")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
2016-05-10 00:46:14 +02:00
|
|
|
/* CAs can't even get this right, and Google's logs don't check. Fortunately,
|
|
|
|
it's not that important.
|
2016-03-24 05:03:00 +01:00
|
|
|
if !bytes.Equal(precertExt.Value, []byte{0x05, 0x00}) {
|
|
|
|
return errors.New("pre-cert poison extension contains incorrect value")
|
|
|
|
}
|
2016-05-10 00:46:14 +02:00
|
|
|
*/
|
2016-03-24 05:03:00 +01:00
|
|
|
precertHasPoison = true
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if tbsIndex >= len(tbs.Extensions) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("pre-cert contains extension not in TBS")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
tbsExt := &tbs.Extensions[tbsIndex]
|
|
|
|
|
|
|
|
if !precertExt.Id.Equal(tbsExt.Id) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, fmt.Errorf("pre-cert and TBS contain different extensions (%v vs %v)", precertExt.Id, tbsExt.Id)
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
if precertExt.Critical != tbsExt.Critical {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, fmt.Errorf("pre-cert and TBS %v extension differs in criticality", precertExt.Id)
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
2017-04-18 21:29:04 +02:00
|
|
|
if !sameIssuer && precertExt.Id.Equal(oidExtensionAuthorityKeyId) {
|
|
|
|
aki = precertExt.Value
|
|
|
|
} else {
|
2016-03-24 05:03:00 +01:00
|
|
|
if !bytes.Equal(precertExt.Value, tbsExt.Value) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, fmt.Errorf("pre-cert and TBS %v extension differs in value", precertExt.Id)
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
tbsIndex++
|
|
|
|
}
|
|
|
|
if tbsIndex < len(tbs.Extensions) {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("TBS contains extension not in pre-cert")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
if !precertHasPoison {
|
2017-04-18 21:29:04 +02:00
|
|
|
return nil, errors.New("pre-cert does not have poison extension")
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
|
|
|
|
2017-04-18 21:29:04 +02:00
|
|
|
return &PrecertInfo{SameIssuer: sameIssuer, Issuer: precertTBS.Issuer.FullBytes, AKI: aki}, nil
|
2016-03-24 05:03:00 +01:00
|
|
|
}
|
2016-07-28 20:55:46 +02:00
|
|
|
func ReconstructPrecertTBS(tbs *TBSCertificate) (*TBSCertificate, error) {
|
2016-05-16 20:32:48 +02:00
|
|
|
precertTBS := TBSCertificate{
|
2016-07-28 20:55:46 +02:00
|
|
|
Version: tbs.Version,
|
|
|
|
SerialNumber: tbs.SerialNumber,
|
|
|
|
SignatureAlgorithm: tbs.SignatureAlgorithm,
|
|
|
|
Issuer: tbs.Issuer,
|
|
|
|
Validity: tbs.Validity,
|
|
|
|
Subject: tbs.Subject,
|
|
|
|
PublicKey: tbs.PublicKey,
|
|
|
|
UniqueId: tbs.UniqueId,
|
|
|
|
SubjectUniqueId: tbs.SubjectUniqueId,
|
|
|
|
Extensions: make([]Extension, 0, len(tbs.Extensions)),
|
2016-05-16 20:32:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, ext := range tbs.Extensions {
|
2016-06-09 00:57:56 +02:00
|
|
|
switch {
|
|
|
|
case ext.Id.Equal(oidExtensionSCT):
|
|
|
|
default:
|
2016-05-16 20:32:48 +02:00
|
|
|
precertTBS.Extensions = append(precertTBS.Extensions, ext)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var err error
|
|
|
|
precertTBS.Raw, err = asn1.Marshal(precertTBS)
|
|
|
|
return &precertTBS, err
|
|
|
|
}
|