1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/multi_log_ct_verifier.h"
6
7 #include <string_view>
8 #include <vector>
9
10 #include "base/logging.h"
11 #include "base/metrics/histogram_macros.h"
12 #include "base/values.h"
13 #include "net/base/net_errors.h"
14 #include "net/cert/ct_log_verifier.h"
15 #include "net/cert/ct_objects_extractor.h"
16 #include "net/cert/ct_serialization.h"
17 #include "net/cert/ct_signed_certificate_timestamp_log_param.h"
18 #include "net/cert/sct_status_flags.h"
19 #include "net/cert/signed_certificate_timestamp_and_status.h"
20 #include "net/cert/x509_certificate.h"
21 #include "net/log/net_log_event_type.h"
22 #include "net/log/net_log_with_source.h"
23
24 namespace net {
25
26 namespace {
27
28 // Record SCT verification status. This metric would help detecting presence
29 // of unknown CT logs as well as bad deployments (invalid SCTs).
LogSCTStatusToUMA(ct::SCTVerifyStatus status)30 void LogSCTStatusToUMA(ct::SCTVerifyStatus status) {
31 // Note SCT_STATUS_MAX + 1 is passed to the UMA_HISTOGRAM_ENUMERATION as that
32 // macro requires the values to be strictly less than the boundary value,
33 // and SCT_STATUS_MAX is the last valid value of the SCTVerifyStatus enum
34 // (since that enum is used for IPC as well).
35 UMA_HISTOGRAM_ENUMERATION("Net.CertificateTransparency.SCTStatus", status,
36 ct::SCT_STATUS_MAX + 1);
37 }
38
39 // Record SCT origin enum. This metric measure the popularity
40 // of the various channels of providing SCTs for a certificate.
LogSCTOriginToUMA(ct::SignedCertificateTimestamp::Origin origin)41 void LogSCTOriginToUMA(ct::SignedCertificateTimestamp::Origin origin) {
42 UMA_HISTOGRAM_ENUMERATION("Net.CertificateTransparency.SCTOrigin",
43 origin,
44 ct::SignedCertificateTimestamp::SCT_ORIGIN_MAX);
45 }
46
AddSCTAndLogStatus(scoped_refptr<ct::SignedCertificateTimestamp> sct,ct::SCTVerifyStatus status,SignedCertificateTimestampAndStatusList * sct_list)47 void AddSCTAndLogStatus(scoped_refptr<ct::SignedCertificateTimestamp> sct,
48 ct::SCTVerifyStatus status,
49 SignedCertificateTimestampAndStatusList* sct_list) {
50 LogSCTStatusToUMA(status);
51 sct_list->push_back(SignedCertificateTimestampAndStatus(sct, status));
52 }
53
CreateLogsMap(const std::vector<scoped_refptr<const CTLogVerifier>> & log_verifiers)54 std::map<std::string, scoped_refptr<const CTLogVerifier>> CreateLogsMap(
55 const std::vector<scoped_refptr<const CTLogVerifier>>& log_verifiers) {
56 std::map<std::string, scoped_refptr<const CTLogVerifier>> logs;
57 for (const auto& log_verifier : log_verifiers) {
58 logs[log_verifier->key_id()] = log_verifier;
59 }
60 return logs;
61 }
62
63 } // namespace
64
MultiLogCTVerifier(const std::vector<scoped_refptr<const CTLogVerifier>> & log_verifiers)65 MultiLogCTVerifier::MultiLogCTVerifier(
66 const std::vector<scoped_refptr<const CTLogVerifier>>& log_verifiers)
67 : logs_(CreateLogsMap(log_verifiers)) {}
68
69 MultiLogCTVerifier::~MultiLogCTVerifier() = default;
70
Verify(X509Certificate * cert,std::string_view stapled_ocsp_response,std::string_view sct_list_from_tls_extension,base::Time current_time,SignedCertificateTimestampAndStatusList * output_scts,const NetLogWithSource & net_log) const71 void MultiLogCTVerifier::Verify(
72 X509Certificate* cert,
73 std::string_view stapled_ocsp_response,
74 std::string_view sct_list_from_tls_extension,
75 base::Time current_time,
76 SignedCertificateTimestampAndStatusList* output_scts,
77 const NetLogWithSource& net_log) const {
78 DCHECK(cert);
79 DCHECK(output_scts);
80
81 output_scts->clear();
82
83 std::string embedded_scts;
84 if (!cert->intermediate_buffers().empty() &&
85 ct::ExtractEmbeddedSCTList(cert->cert_buffer(), &embedded_scts)) {
86 ct::SignedEntryData precert_entry;
87
88 if (ct::GetPrecertSignedEntry(cert->cert_buffer(),
89 cert->intermediate_buffers().front().get(),
90 &precert_entry)) {
91 VerifySCTs(embedded_scts, precert_entry,
92 ct::SignedCertificateTimestamp::SCT_EMBEDDED, current_time,
93 cert, output_scts);
94 }
95 }
96
97 std::string sct_list_from_ocsp;
98 if (!stapled_ocsp_response.empty() && !cert->intermediate_buffers().empty()) {
99 ct::ExtractSCTListFromOCSPResponse(
100 cert->intermediate_buffers().front().get(), cert->serial_number(),
101 stapled_ocsp_response, &sct_list_from_ocsp);
102 }
103
104 // Log to Net Log, after extracting SCTs but before possibly failing on
105 // X.509 entry creation.
106 net_log.AddEvent(
107 NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, [&] {
108 return NetLogRawSignedCertificateTimestampParams(
109 embedded_scts, sct_list_from_ocsp, sct_list_from_tls_extension);
110 });
111
112 ct::SignedEntryData x509_entry;
113 if (ct::GetX509SignedEntry(cert->cert_buffer(), &x509_entry)) {
114 VerifySCTs(sct_list_from_ocsp, x509_entry,
115 ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE,
116 current_time, cert, output_scts);
117
118 VerifySCTs(sct_list_from_tls_extension, x509_entry,
119 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
120 current_time, cert, output_scts);
121 }
122
123 net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED, [&] {
124 return NetLogSignedCertificateTimestampParams(output_scts);
125 });
126 }
127
VerifySCTs(std::string_view encoded_sct_list,const ct::SignedEntryData & expected_entry,ct::SignedCertificateTimestamp::Origin origin,base::Time current_time,X509Certificate * cert,SignedCertificateTimestampAndStatusList * output_scts) const128 void MultiLogCTVerifier::VerifySCTs(
129 std::string_view encoded_sct_list,
130 const ct::SignedEntryData& expected_entry,
131 ct::SignedCertificateTimestamp::Origin origin,
132 base::Time current_time,
133 X509Certificate* cert,
134 SignedCertificateTimestampAndStatusList* output_scts) const {
135 if (logs_.empty())
136 return;
137
138 std::vector<std::string_view> sct_list;
139
140 if (!ct::DecodeSCTList(encoded_sct_list, &sct_list))
141 return;
142
143 for (std::vector<std::string_view>::const_iterator it = sct_list.begin();
144 it != sct_list.end(); ++it) {
145 std::string_view encoded_sct(*it);
146 LogSCTOriginToUMA(origin);
147
148 scoped_refptr<ct::SignedCertificateTimestamp> decoded_sct;
149 if (!DecodeSignedCertificateTimestamp(&encoded_sct, &decoded_sct)) {
150 LogSCTStatusToUMA(ct::SCT_STATUS_NONE);
151 continue;
152 }
153 decoded_sct->origin = origin;
154
155 VerifySingleSCT(decoded_sct, expected_entry, current_time, cert,
156 output_scts);
157 }
158 }
159
VerifySingleSCT(scoped_refptr<ct::SignedCertificateTimestamp> sct,const ct::SignedEntryData & expected_entry,base::Time current_time,X509Certificate * cert,SignedCertificateTimestampAndStatusList * output_scts) const160 bool MultiLogCTVerifier::VerifySingleSCT(
161 scoped_refptr<ct::SignedCertificateTimestamp> sct,
162 const ct::SignedEntryData& expected_entry,
163 base::Time current_time,
164 X509Certificate* cert,
165 SignedCertificateTimestampAndStatusList* output_scts) const {
166 // Assume this SCT is untrusted until proven otherwise.
167 const auto& it = logs_.find(sct->log_id);
168 if (it == logs_.end()) {
169 AddSCTAndLogStatus(sct, ct::SCT_STATUS_LOG_UNKNOWN, output_scts);
170 return false;
171 }
172
173 sct->log_description = it->second->description();
174
175 if (!it->second->Verify(expected_entry, *sct.get())) {
176 AddSCTAndLogStatus(sct, ct::SCT_STATUS_INVALID_SIGNATURE, output_scts);
177 return false;
178 }
179
180 // SCT verified ok, just make sure the timestamp is legitimate.
181 if (sct->timestamp > current_time) {
182 AddSCTAndLogStatus(sct, ct::SCT_STATUS_INVALID_TIMESTAMP, output_scts);
183 return false;
184 }
185
186 AddSCTAndLogStatus(sct, ct::SCT_STATUS_OK, output_scts);
187 return true;
188 }
189
190 } // namespace net
191