Start adding more verification with VerificationOpts struct

cmd/timestamp-cli/app/verify.go

@@ -17,9 +17,15 @@ package app
 
 import (
 	"crypto/x509"
+	"encoding/pem"
 	"fmt"
+	"math/big"
 	"os"
 	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/digitorus/timestamp"
 
 	"github.com/sigstore/timestamp-authority/cmd/timestamp-cli/app/format"
 	"github.com/sigstore/timestamp-authority/pkg/log"
@@ -43,6 +49,10 @@ func addVerifyFlags(cmd *cobra.Command) {
 	cmd.MarkFlagRequired("timestamp") //nolint:errcheck
 	cmd.Flags().Var(NewFlagValue(fileFlag, ""), "cert-chain", "path to certificate chain PEM file")
 	cmd.MarkFlagRequired("cert-chain") //nolint:errcheck
+	cmd.Flags().String("nonce", "", "optional nonce passed with the request")
+	cmd.Flags().Var(NewFlagValue(oidFlag, ""), "oid", "optional oid passed with the request")
+	cmd.Flags().String("subject", "", "expected leaf certificate subject")
+	cmd.Flags().Var(NewFlagValue(fileFlag, ""), "tsa-cert", "path to TSA cert")
 }
 
 var verifyCmd = &cobra.Command{
@@ -66,6 +76,10 @@ func runVerify() (interface{}, error) {
 	if err != nil {
 		return nil, fmt.Errorf("error reading request from file: %w", err)
 	}
+	ts, err := timestamp.ParseResponse(tsrBytes)
+	if err != nil {
+		return nil, err
+	}
 
 	certChainPEM := viper.GetString("cert-chain")
 	pemBytes, err := os.ReadFile(filepath.Clean(certChainPEM))
@@ -79,13 +93,75 @@ func runVerify() (interface{}, error) {
 		return nil, fmt.Errorf("error parsing response into Timestamp while appending certs from PEM")
 	}
 
+	tsaCertPath := viper.GetString("tsa-cert")
+	pemBytes, err = os.ReadFile(filepath.Clean(tsaCertPath))
+	if err != nil {
+		return nil, fmt.Errorf("error reading request from file: %w", err)
+	}
+	block, rest := pem.Decode(pemBytes)
+	if block == nil || block.Type != "PUBLIC KEY" {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, fmt.Errorf("failed to decode PEM block containing public key")
+	}
+	if rest != nil {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, fmt.Errorf("only expected one certificate")
+	}
+
+	tsaCert, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, err
+	}
+
 	artifactPath := viper.GetString("artifact")
 	artifact, err := os.Open(filepath.Clean(artifactPath))
 	if err != nil {
 		return nil, err
 	}
 
-	err = verification.VerifyTimestampResponse(tsrBytes, artifact, certPool)
+	opts, err := verification.NewVerificationOpts(tsrBytes, artifact, pemBytes)
+	if err != nil {
+		return nil, err
+	}
+
+	reqOIDStr := strings.Split(viper.GetString("oid"), ".")
+	reqOID := make([]int, len(reqOIDStr))
+	for i, el := range reqOIDStr {
+		intVar, err := strconv.Atoi(el)
+		if err != nil {
+			return nil, err
+		}
+		reqOID[i] = intVar
+	}
+
+	if err := verification.VerifyOID(reqOID, opts); err != nil {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, err
+	}
+
+	nonce := new(big.Int)
+	nonce, ok = nonce.SetString(viper.GetString("nonce"), 10)
+	if !ok {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, fmt.Errorf("SetString: error")
+	}
+	if err := verification.VerifyNonce(nonce, opts); err != nil {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, err
+	}
+
+	if err := verification.VerifyLeafCertSubject(viper.GetString("subject"), opts); err != nil {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, err
+	}
+
+	if err := verification.VerifyEmbeddedLeafCert(tsaCert, opts); err != nil {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, err
+	}
+
+	if err := verification.VerifyESSCertID(tsaCert, opts); err != nil {
+		return &verifyCmdOutput{TimestampPath: tsrPath}, err
+	}
+
+	if verified := verification.VerifyTSRSignature(ts, opts); !verified {
+		return nil, err
+	}
+
+	err = verification.VerifyTimestampResponse(opts, tsrBytes, artifact, certPool)
 
 	return &verifyCmdOutput{TimestampPath: tsrPath}, err
 }

pkg/verification/verify.go

@@ -18,17 +18,156 @@ package verification
 import (
 	"bytes"
 	"crypto/x509"
-	"errors"
+	"encoding/asn1"
+	"encoding/pem"
 	"fmt"
 	"hash"
 	"io"
+	"math/big"
 
 	"github.com/digitorus/pkcs7"
 	"github.com/digitorus/timestamp"
+	"github.com/pkg/errors"
 )
 
+type VerificationOpts struct {
+	Oid            asn1.ObjectIdentifier
+	TsaCertificate *x509.Certificate
+	Intermediates  []*x509.Certificate
+	Roots          []*x509.Certificate
+	Nonce          *big.Int
+	Subject        string
+	HashAlgorithm  hash.Hash
+	HashedMessage  []byte
+}
+
+func NewVerificationOpts(ts *timestamp.Timestamp, artifact io.Reader, pemCerts []byte) (VerificationOpts, error) {
+	intermediateCerts := []*x509.Certificate{}
+	rootCerts := []*x509.Certificate{}
+	for len(pemCerts) > 0 {
+		block, rest := pem.Decode(pemCerts)
+		// if there is nothing left, we have found the last block
+		// which should be the root
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return VerificationOpts{}, fmt.Errorf("failed to parse certificate")
+		}
+		if rest == nil {
+			rootCerts = append(rootCerts, cert)
+		} else {
+			intermediateCerts = append(intermediateCerts, cert)
+		}
+		pemCerts = rest
+	}
+
+	opts := VerificationOpts{}
+	opts.Oid = ts.Policy
+	opts.TsaCertificate = ts.Certificates[0]
+	opts.Intermediates = intermediateCerts
+	opts.Roots = rootCerts
+	opts.Nonce = ts.Nonce
+	opts.Subject = ts.Certificates[0].Subject.String()
+	opts.HashAlgorithm = ts.HashAlgorithm.New()
+	opts.HashedMessage = ts.HashedMessage
+
+	return opts, nil
+}
+
+func createCertPool(certBytes []byte) (*x509.CertPool, error) {
+	certPool := x509.NewCertPool()
+	if ok := certPool.AppendCertsFromPEM(certBytes); !ok {
+		return nil, fmt.Errorf("failed to append certs to cert pool")
+	}
+	return certPool, nil
+}
+
+// Verify the TSR's certificate identifier matches a provided TSA certificate
+func VerifyESSCertID(tsaCert *x509.Certificate, opt VerificationOpts) error {
+	var err error = nil
+	if opt.TsaCertificate.Issuer.String() != tsaCert.Issuer.String() {
+		err = errors.Wrap(err, "TSR cert issuer does not match provided TSA cert issuer")
+	}
+	if opt.TsaCertificate.SerialNumber != tsaCert.SerialNumber {
+		errors.Wrap(err, "TSR cert issuer does not match provided TSA cert issuer")
+	}
+	return err
+}
+
+// Verify the leaf certificate's subject and/or subject alternative name matches a provided subject
+func VerifyLeafCertSubject(subject string, opts VerificationOpts) error {
+	leafCertSubject := opts.TsaCertificate.Subject.String()
+	if leafCertSubject != subject {
+		return fmt.Errorf("Leaf cert subject %s does not match provided subject %s", leafCertSubject, subject)
+	}
+	return nil
+}
+
+func verifyExtendedKeyUsage(cert *x509.Certificate) error {
+	certEKULen := len(cert.ExtKeyUsage)
+	if certEKULen != 1 {
+		return fmt.Errorf("cert has %d extended key usages, expected only one", certEKULen)
+	}
+
+	if cert.ExtKeyUsage[0] != x509.ExtKeyUsageTimeStamping {
+		return fmt.Errorf("leaf cert EKU is not set to TimeStamping as required")
+	}
+	return nil
+}
+
+// Verify the TSA certificate and the intermediates (called "EKU chaining") all
+// have the extended key usage set to only time stamping usage
+func VerifyExtendedKeyUsageForLeafAndIntermediates(opts VerificationOpts) error {
+	leafCert := opts.TsaCertificate
+	err := verifyExtendedKeyUsage(leafCert)
+	if err != nil {
+		return fmt.Errorf("failed to verify EKU on leaf cert: %w", err)
+	}
+
+	for _, cert := range opts.Intermediates {
+		err := verifyExtendedKeyUsage(cert)
+		if err != nil {
+			return fmt.Errorf("failed to verify EKU on intermediate cert: %w", err)
+		}
+	}
+	return nil
+}
+
+// If embedded in the TSR, verify the TSR's leaf certificate matches a provided TSA certificate
+func VerifyEmbeddedLeafCert(tsaCert *x509.Certificate, opts VerificationOpts) error {
+	if opts.TsaCertificate != nil {
+		if !opts.TsaCertificate.Equal(tsaCert) {
+			return fmt.Errorf("certificate embedded in the TSR does not match the provided TSA certificate")
+		}
+	}
+	return nil
+}
+
+// Verify the OID of the TSR matches an expected OID
+func VerifyOID(oid []int, opts VerificationOpts) error {
+	responseOid := opts.Oid
+	if len(oid) != len(responseOid) {
+		return fmt.Errorf("OID lengths do not match")
+	}
+	for i, v := range oid {
+		if v != responseOid[i] {
+			return fmt.Errorf("OID content does not match")
+		}
+	}
+	return nil
+}
+
+// Verify the nonce - Mostly important for when the response is first returned
+func VerifyNonce(requestNonce *big.Int, opts VerificationOpts) error {
+	if opts.Nonce.Cmp(requestNonce) != 0 {
+		return fmt.Errorf("incoming nonce %d does not match TSR nonce %d", requestNonce, opts.Nonce)
+	}
+	return nil
+}
+
 // VerifyTimestampResponse the timestamp response using a timestamp certificate chain.
 func VerifyTimestampResponse(tsrBytes []byte, artifact io.Reader, certPool *x509.CertPool) error {
+	// Verify the status of the TSR does not contain an error
+	// handled by the timestamp.ParseResponse function
 	ts, err := timestamp.ParseResponse(tsrBytes)
 	if err != nil {
 		pe := timestamp.ParseError("")
@@ -62,6 +201,7 @@ func verifyTSRWithChain(ts *timestamp.Timestamp, certPool *x509.CertPool) error
 	return nil
 }
 
+// Verify that the TSR's hashed message matches the digest of the artifact to be timestamped
 func verifyHashedMessages(hashAlg hash.Hash, hashedMessage []byte, artifactReader io.Reader) error {
 	h := hashAlg
 	if _, err := io.Copy(h, artifactReader); err != nil {