From a658ff7ba87d500d4db0c394738a3fcd8f3953e7 Mon Sep 17 00:00:00 2001 From: MunyDev Date: Thu, 8 Aug 2024 18:43:48 -0400 Subject: [PATCH] icarus: brand new stuff --- .gitignore | 4 +++ Makefile | 7 +++++ crs.proto | 65 +++++++++++++++++++++++++++++++++++++++++++++ generate_new_pbs.py | 16 +++++++++++ instructions.md | 1 + 5 files changed, 93 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 crs.proto create mode 100644 generate_new_pbs.py create mode 100644 instructions.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fe1528e --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.venv +__pycache__ +gen +original \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..caa0832 --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +setup-venv: + python3 -m venv .venv + exit +setup-python: + mkdir -p gen/python + protoc --python_out=gen/python crs.proto + exit \ No newline at end of file diff --git a/crs.proto b/crs.proto new file mode 100644 index 0000000..a5edf88 --- /dev/null +++ b/crs.proto @@ -0,0 +1,65 @@ +// Copyright 2021 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Proto definitions supporting the Chrome Root Store. +// This file should be manually kept in sync with the corresponding google3 +// file. + +syntax = "proto3"; + +package chrome_root_store; + +// Specifies a set of constraints, all of which that have values must be +// satisfied for the ConstraintSet to be satisfied. +message ConstraintSet { + // The leaf certificate must have at least one valid SCT timestamp that is + // not after the specified value, specified in seconds since the unix epoch. + optional int64 sct_not_after_sec = 1; + + // The leaf certificate must have at least one valid SCT timestamp and all + // valid SCT timestamps must be after the specified value, specified in + // seconds since the unix epoch. + optional int64 sct_all_after_sec = 2; + + // The browser version must be equal to or greater than the specified version. + // Specified as a dotted version string, for example, "121.0.6167.160". A + // partial version is also allowed, for example min_version="121" will match + // any M-121 version or later. + optional string min_version = 3; + + // The browser version must be less than the specified version. + // For example, max_version_exclusive="122" will match any M-121 or earlier + // version, and will not match any M-122 version. + optional string max_version_exclusive = 4; +} + +message TrustAnchor { + // The human-editable textproto version of the root store references roots in + // a separate file by SHA-256 hash for convenience. It is converted to the DER + // representation as part of the build process. + oneof certificate { + bytes der = 1; + string sha256_hex = 2; + } + + // OID should be expressed as dotted-decimal text (e.g. "1.3.159.1.17.1") + repeated string ev_policy_oids = 3; + + // If not empty, the anchor is only trusted if at least one of the + // ConstraintSets is satisfied. + repeated ConstraintSet constraints = 4; + + // Human-readable display name used to identify the certificate. + optional string display_name = 5; +} + +// Message storing a complete Chrome Root Store. +message RootStore { + repeated TrustAnchor trust_anchors = 1; + + // Major version # of the Chrome Root Store. It is assumed that if + // root_store_1.version_major > root_store_2.version_major, then root_store_1 + // is newer and should be preferred over root_store_2. + int64 version_major = 2; +} \ No newline at end of file diff --git a/generate_new_pbs.py b/generate_new_pbs.py new file mode 100644 index 0000000..da4ab3d --- /dev/null +++ b/generate_new_pbs.py @@ -0,0 +1,16 @@ +import sys +import os.path as path +import pathlib +import importlib.util +import sys +import crs_pb2 +def usage(): + print("Usage: ") +cwd = path.dirname(path.abspath(sys.argv[0])) +if len(sys.argv) < 2: + usage() + exit(-1) +buf= open(sys.argv[1], 'rb') +rs = crs_pb2.RootStore() +rs.ParseFromString(buf.read()) +print(rs.trust_anchors[0]) \ No newline at end of file diff --git a/instructions.md b/instructions.md new file mode 100644 index 0000000..a8964ae --- /dev/null +++ b/instructions.md @@ -0,0 +1 @@ +# TODO: \ No newline at end of file