A local copy of OpenSSL from GitHub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

412 lines
9.6 KiB

  1. /*
  2. * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifdef OPENSSL_NO_CT
  10. # error "CT is disabled"
  11. #endif
  12. #include <limits.h>
  13. #include <string.h>
  14. #include <openssl/asn1.h>
  15. #include <openssl/buffer.h>
  16. #include <openssl/ct.h>
  17. #include <openssl/err.h>
  18. #include "ct_locl.h"
  19. int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
  20. {
  21. size_t siglen;
  22. size_t len_remaining = len;
  23. const unsigned char *p;
  24. if (sct->version != SCT_VERSION_V1) {
  25. CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
  26. return -1;
  27. }
  28. /*
  29. * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
  30. * Signature algorithm (2 bytes + ?) Signature
  31. *
  32. * This explicitly rejects empty signatures: they're invalid for
  33. * all supported algorithms.
  34. */
  35. if (len <= 4) {
  36. CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
  37. return -1;
  38. }
  39. p = *in;
  40. /* Get hash and signature algorithm */
  41. sct->hash_alg = *p++;
  42. sct->sig_alg = *p++;
  43. if (SCT_get_signature_nid(sct) == NID_undef) {
  44. CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
  45. return -1;
  46. }
  47. /* Retrieve signature and check it is consistent with the buffer length */
  48. n2s(p, siglen);
  49. len_remaining -= (p - *in);
  50. if (siglen > len_remaining) {
  51. CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
  52. return -1;
  53. }
  54. if (SCT_set1_signature(sct, p, siglen) != 1)
  55. return -1;
  56. len_remaining -= siglen;
  57. *in = p + siglen;
  58. return len - len_remaining;
  59. }
  60. SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
  61. {
  62. SCT *sct = NULL;
  63. const unsigned char *p;
  64. if (len == 0 || len > MAX_SCT_SIZE) {
  65. CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
  66. goto err;
  67. }
  68. if ((sct = SCT_new()) == NULL)
  69. goto err;
  70. p = *in;
  71. sct->version = *p;
  72. if (sct->version == SCT_VERSION_V1) {
  73. int sig_len;
  74. size_t len2;
  75. /*-
  76. * Fixed-length header:
  77. * struct {
  78. * Version sct_version; (1 byte)
  79. * log_id id; (32 bytes)
  80. * uint64 timestamp; (8 bytes)
  81. * CtExtensions extensions; (2 bytes + ?)
  82. * }
  83. */
  84. if (len < 43) {
  85. CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
  86. goto err;
  87. }
  88. len -= 43;
  89. p++;
  90. sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
  91. if (sct->log_id == NULL)
  92. goto err;
  93. sct->log_id_len = CT_V1_HASHLEN;
  94. p += CT_V1_HASHLEN;
  95. n2l8(p, sct->timestamp);
  96. n2s(p, len2);
  97. if (len < len2) {
  98. CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
  99. goto err;
  100. }
  101. if (len2 > 0) {
  102. sct->ext = BUF_memdup(p, len2);
  103. if (sct->ext == NULL)
  104. goto err;
  105. }
  106. sct->ext_len = len2;
  107. p += len2;
  108. len -= len2;
  109. sig_len = o2i_SCT_signature(sct, &p, len);
  110. if (sig_len <= 0) {
  111. CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
  112. goto err;
  113. }
  114. len -= sig_len;
  115. *in = p + len;
  116. } else {
  117. /* If not V1 just cache encoding */
  118. sct->sct = BUF_memdup(p, len);
  119. if (sct->sct == NULL)
  120. goto err;
  121. sct->sct_len = len;
  122. *in = p + len;
  123. }
  124. if (psct != NULL) {
  125. SCT_free(*psct);
  126. *psct = sct;
  127. }
  128. return sct;
  129. err:
  130. SCT_free(sct);
  131. return NULL;
  132. }
  133. int i2o_SCT_signature(const SCT *sct, unsigned char **out)
  134. {
  135. size_t len;
  136. unsigned char *p = NULL;
  137. if (!SCT_signature_is_complete(sct)) {
  138. CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
  139. goto err;
  140. }
  141. if (sct->version != SCT_VERSION_V1) {
  142. CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
  143. goto err;
  144. }
  145. /*
  146. * (1 byte) Hash algorithm
  147. * (1 byte) Signature algorithm
  148. * (2 bytes + ?) Signature
  149. */
  150. len = 4 + sct->sig_len;
  151. if (out != NULL) {
  152. if (*out != NULL) {
  153. p = *out;
  154. *out += len;
  155. } else {
  156. p = OPENSSL_malloc(len);
  157. if (p == NULL) {
  158. CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
  159. goto err;
  160. }
  161. *out = p;
  162. }
  163. *p++ = sct->hash_alg;
  164. *p++ = sct->sig_alg;
  165. s2n(sct->sig_len, p);
  166. memcpy(p, sct->sig, sct->sig_len);
  167. }
  168. return len;
  169. err:
  170. OPENSSL_free(p);
  171. return -1;
  172. }
  173. int i2o_SCT(const SCT *sct, unsigned char **out)
  174. {
  175. size_t len;
  176. unsigned char *p = NULL;
  177. if (!SCT_is_complete(sct)) {
  178. CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
  179. goto err;
  180. }
  181. /*
  182. * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
  183. * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
  184. * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
  185. * bytes + ?) Signature
  186. */
  187. if (sct->version == SCT_VERSION_V1)
  188. len = 43 + sct->ext_len + 4 + sct->sig_len;
  189. else
  190. len = sct->sct_len;
  191. if (out == NULL)
  192. return len;
  193. if (*out != NULL) {
  194. p = *out;
  195. *out += len;
  196. } else {
  197. p = OPENSSL_malloc(len);
  198. if (p == NULL) {
  199. CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
  200. goto err;
  201. }
  202. *out = p;
  203. }
  204. if (sct->version == SCT_VERSION_V1) {
  205. *p++ = sct->version;
  206. memcpy(p, sct->log_id, CT_V1_HASHLEN);
  207. p += CT_V1_HASHLEN;
  208. l2n8(sct->timestamp, p);
  209. s2n(sct->ext_len, p);
  210. if (sct->ext_len > 0) {
  211. memcpy(p, sct->ext, sct->ext_len);
  212. p += sct->ext_len;
  213. }
  214. if (i2o_SCT_signature(sct, &p) <= 0)
  215. goto err;
  216. } else {
  217. memcpy(p, sct->sct, len);
  218. }
  219. return len;
  220. err:
  221. OPENSSL_free(p);
  222. return -1;
  223. }
  224. void SCT_LIST_free(STACK_OF(SCT) *a)
  225. {
  226. sk_SCT_pop_free(a, SCT_free);
  227. }
  228. STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
  229. size_t len)
  230. {
  231. STACK_OF(SCT) *sk = NULL;
  232. size_t list_len, sct_len;
  233. if (len < 2 || len > MAX_SCT_LIST_SIZE) {
  234. CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
  235. return NULL;
  236. }
  237. n2s(*pp, list_len);
  238. if (list_len != len - 2) {
  239. CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
  240. return NULL;
  241. }
  242. if (a == NULL || *a == NULL) {
  243. sk = sk_SCT_new_null();
  244. if (sk == NULL)
  245. return NULL;
  246. } else {
  247. SCT *sct;
  248. /* Use the given stack, but empty it first. */
  249. sk = *a;
  250. while ((sct = sk_SCT_pop(sk)) != NULL)
  251. SCT_free(sct);
  252. }
  253. while (list_len > 0) {
  254. SCT *sct;
  255. if (list_len < 2) {
  256. CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
  257. goto err;
  258. }
  259. n2s(*pp, sct_len);
  260. list_len -= 2;
  261. if (sct_len == 0 || sct_len > list_len) {
  262. CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
  263. goto err;
  264. }
  265. list_len -= sct_len;
  266. if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
  267. goto err;
  268. if (!sk_SCT_push(sk, sct)) {
  269. SCT_free(sct);
  270. goto err;
  271. }
  272. }
  273. if (a != NULL && *a == NULL)
  274. *a = sk;
  275. return sk;
  276. err:
  277. if (a == NULL || *a == NULL)
  278. SCT_LIST_free(sk);
  279. return NULL;
  280. }
  281. int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
  282. {
  283. int len, sct_len, i, is_pp_new = 0;
  284. size_t len2;
  285. unsigned char *p = NULL, *p2;
  286. if (pp != NULL) {
  287. if (*pp == NULL) {
  288. if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
  289. CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
  290. return -1;
  291. }
  292. if ((*pp = OPENSSL_malloc(len)) == NULL) {
  293. CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
  294. return -1;
  295. }
  296. is_pp_new = 1;
  297. }
  298. p = *pp + 2;
  299. }
  300. len2 = 2;
  301. for (i = 0; i < sk_SCT_num(a); i++) {
  302. if (pp != NULL) {
  303. p2 = p;
  304. p += 2;
  305. if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
  306. goto err;
  307. s2n(sct_len, p2);
  308. } else {
  309. if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
  310. goto err;
  311. }
  312. len2 += 2 + sct_len;
  313. }
  314. if (len2 > MAX_SCT_LIST_SIZE)
  315. goto err;
  316. if (pp != NULL) {
  317. p = *pp;
  318. s2n(len2 - 2, p);
  319. }
  320. if (!is_pp_new)
  321. *pp += len2;
  322. return len2;
  323. err:
  324. if (is_pp_new) {
  325. OPENSSL_free(*pp);
  326. *pp = NULL;
  327. }
  328. return -1;
  329. }
  330. STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
  331. long len)
  332. {
  333. ASN1_OCTET_STRING *oct = NULL;
  334. STACK_OF(SCT) *sk = NULL;
  335. const unsigned char *p;
  336. p = *pp;
  337. if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
  338. return NULL;
  339. p = oct->data;
  340. if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
  341. *pp += len;
  342. ASN1_OCTET_STRING_free(oct);
  343. return sk;
  344. }
  345. int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
  346. {
  347. ASN1_OCTET_STRING oct;
  348. int len;
  349. oct.data = NULL;
  350. if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
  351. return -1;
  352. len = i2d_ASN1_OCTET_STRING(&oct, out);
  353. OPENSSL_free(oct.data);
  354. return len;
  355. }