ct_oct.c 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407
  1. /*
  2. * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifdef OPENSSL_NO_CT
  10. # error "CT is disabled"
  11. #endif
  12. #include <limits.h>
  13. #include <string.h>
  14. #include <openssl/asn1.h>
  15. #include <openssl/buffer.h>
  16. #include <openssl/ct.h>
  17. #include <openssl/err.h>
  18. #include "ct_locl.h"
  19. int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
  20. {
  21. size_t siglen;
  22. size_t len_remaining = len;
  23. const unsigned char *p;
  24. if (sct->version != SCT_VERSION_V1) {
  25. CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
  26. return -1;
  27. }
  28. /*
  29. * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
  30. * Signature algorithm (2 bytes + ?) Signature
  31. *
  32. * This explicitly rejects empty signatures: they're invalid for
  33. * all supported algorithms.
  34. */
  35. if (len <= 4) {
  36. CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
  37. return -1;
  38. }
  39. p = *in;
  40. /* Get hash and signature algorithm */
  41. sct->hash_alg = *p++;
  42. sct->sig_alg = *p++;
  43. if (SCT_get_signature_nid(sct) == NID_undef) {
  44. CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
  45. return -1;
  46. }
  47. /* Retrieve signature and check it is consistent with the buffer length */
  48. n2s(p, siglen);
  49. len_remaining -= (p - *in);
  50. if (siglen > len_remaining) {
  51. CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
  52. return -1;
  53. }
  54. if (SCT_set1_signature(sct, p, siglen) != 1)
  55. return -1;
  56. len_remaining -= siglen;
  57. *in = p + siglen;
  58. return len - len_remaining;
  59. }
  60. SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
  61. {
  62. SCT *sct = NULL;
  63. const unsigned char *p;
  64. if (len == 0 || len > MAX_SCT_SIZE) {
  65. CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
  66. goto err;
  67. }
  68. if ((sct = SCT_new()) == NULL)
  69. goto err;
  70. p = *in;
  71. sct->version = *p;
  72. if (sct->version == SCT_VERSION_V1) {
  73. int sig_len;
  74. size_t len2;
  75. /*-
  76. * Fixed-length header:
  77. * struct {
  78. * Version sct_version; (1 byte)
  79. * log_id id; (32 bytes)
  80. * uint64 timestamp; (8 bytes)
  81. * CtExtensions extensions; (2 bytes + ?)
  82. * }
  83. */
  84. if (len < 43) {
  85. CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
  86. goto err;
  87. }
  88. len -= 43;
  89. p++;
  90. sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
  91. if (sct->log_id == NULL)
  92. goto err;
  93. sct->log_id_len = CT_V1_HASHLEN;
  94. p += CT_V1_HASHLEN;
  95. n2l8(p, sct->timestamp);
  96. n2s(p, len2);
  97. if (len < len2) {
  98. CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
  99. goto err;
  100. }
  101. if (len2 > 0) {
  102. sct->ext = BUF_memdup(p, len2);
  103. if (sct->ext == NULL)
  104. goto err;
  105. }
  106. sct->ext_len = len2;
  107. p += len2;
  108. len -= len2;
  109. sig_len = o2i_SCT_signature(sct, &p, len);
  110. if (sig_len <= 0) {
  111. CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
  112. goto err;
  113. }
  114. len -= sig_len;
  115. *in = p + len;
  116. } else {
  117. /* If not V1 just cache encoding */
  118. sct->sct = BUF_memdup(p, len);
  119. if (sct->sct == NULL)
  120. goto err;
  121. sct->sct_len = len;
  122. *in = p + len;
  123. }
  124. if (psct != NULL) {
  125. SCT_free(*psct);
  126. *psct = sct;
  127. }
  128. return sct;
  129. err:
  130. SCT_free(sct);
  131. return NULL;
  132. }
  133. int i2o_SCT_signature(const SCT *sct, unsigned char **out)
  134. {
  135. size_t len;
  136. unsigned char *p = NULL, *pstart = NULL;
  137. if (!SCT_signature_is_complete(sct)) {
  138. CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
  139. goto err;
  140. }
  141. if (sct->version != SCT_VERSION_V1) {
  142. CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
  143. goto err;
  144. }
  145. /*
  146. * (1 byte) Hash algorithm
  147. * (1 byte) Signature algorithm
  148. * (2 bytes + ?) Signature
  149. */
  150. len = 4 + sct->sig_len;
  151. if (out != NULL) {
  152. if (*out != NULL) {
  153. p = *out;
  154. *out += len;
  155. } else {
  156. pstart = p = OPENSSL_malloc(len);
  157. if (p == NULL) {
  158. CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
  159. goto err;
  160. }
  161. *out = p;
  162. }
  163. *p++ = sct->hash_alg;
  164. *p++ = sct->sig_alg;
  165. s2n(sct->sig_len, p);
  166. memcpy(p, sct->sig, sct->sig_len);
  167. }
  168. return len;
  169. err:
  170. OPENSSL_free(pstart);
  171. return -1;
  172. }
  173. int i2o_SCT(const SCT *sct, unsigned char **out)
  174. {
  175. size_t len;
  176. unsigned char *p = NULL, *pstart = NULL;
  177. if (!SCT_is_complete(sct)) {
  178. CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
  179. goto err;
  180. }
  181. /*
  182. * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
  183. * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
  184. * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
  185. * bytes + ?) Signature
  186. */
  187. if (sct->version == SCT_VERSION_V1)
  188. len = 43 + sct->ext_len + 4 + sct->sig_len;
  189. else
  190. len = sct->sct_len;
  191. if (out == NULL)
  192. return len;
  193. if (*out != NULL) {
  194. p = *out;
  195. *out += len;
  196. } else {
  197. pstart = p = OPENSSL_malloc(len);
  198. if (p == NULL) {
  199. CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
  200. goto err;
  201. }
  202. *out = p;
  203. }
  204. if (sct->version == SCT_VERSION_V1) {
  205. *p++ = sct->version;
  206. memcpy(p, sct->log_id, CT_V1_HASHLEN);
  207. p += CT_V1_HASHLEN;
  208. l2n8(sct->timestamp, p);
  209. s2n(sct->ext_len, p);
  210. if (sct->ext_len > 0) {
  211. memcpy(p, sct->ext, sct->ext_len);
  212. p += sct->ext_len;
  213. }
  214. if (i2o_SCT_signature(sct, &p) <= 0)
  215. goto err;
  216. } else {
  217. memcpy(p, sct->sct, len);
  218. }
  219. return len;
  220. err:
  221. OPENSSL_free(pstart);
  222. return -1;
  223. }
  224. STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
  225. size_t len)
  226. {
  227. STACK_OF(SCT) *sk = NULL;
  228. size_t list_len, sct_len;
  229. if (len < 2 || len > MAX_SCT_LIST_SIZE) {
  230. CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
  231. return NULL;
  232. }
  233. n2s(*pp, list_len);
  234. if (list_len != len - 2) {
  235. CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
  236. return NULL;
  237. }
  238. if (a == NULL || *a == NULL) {
  239. sk = sk_SCT_new_null();
  240. if (sk == NULL)
  241. return NULL;
  242. } else {
  243. SCT *sct;
  244. /* Use the given stack, but empty it first. */
  245. sk = *a;
  246. while ((sct = sk_SCT_pop(sk)) != NULL)
  247. SCT_free(sct);
  248. }
  249. while (list_len > 0) {
  250. SCT *sct;
  251. if (list_len < 2) {
  252. CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
  253. goto err;
  254. }
  255. n2s(*pp, sct_len);
  256. list_len -= 2;
  257. if (sct_len == 0 || sct_len > list_len) {
  258. CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
  259. goto err;
  260. }
  261. list_len -= sct_len;
  262. if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
  263. goto err;
  264. if (!sk_SCT_push(sk, sct)) {
  265. SCT_free(sct);
  266. goto err;
  267. }
  268. }
  269. if (a != NULL && *a == NULL)
  270. *a = sk;
  271. return sk;
  272. err:
  273. if (a == NULL || *a == NULL)
  274. SCT_LIST_free(sk);
  275. return NULL;
  276. }
  277. int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
  278. {
  279. int len, sct_len, i, is_pp_new = 0;
  280. size_t len2;
  281. unsigned char *p = NULL, *p2;
  282. if (pp != NULL) {
  283. if (*pp == NULL) {
  284. if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
  285. CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
  286. return -1;
  287. }
  288. if ((*pp = OPENSSL_malloc(len)) == NULL) {
  289. CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
  290. return -1;
  291. }
  292. is_pp_new = 1;
  293. }
  294. p = *pp + 2;
  295. }
  296. len2 = 2;
  297. for (i = 0; i < sk_SCT_num(a); i++) {
  298. if (pp != NULL) {
  299. p2 = p;
  300. p += 2;
  301. if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
  302. goto err;
  303. s2n(sct_len, p2);
  304. } else {
  305. if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
  306. goto err;
  307. }
  308. len2 += 2 + sct_len;
  309. }
  310. if (len2 > MAX_SCT_LIST_SIZE)
  311. goto err;
  312. if (pp != NULL) {
  313. p = *pp;
  314. s2n(len2 - 2, p);
  315. if (!is_pp_new)
  316. *pp += len2;
  317. }
  318. return len2;
  319. err:
  320. if (is_pp_new) {
  321. OPENSSL_free(*pp);
  322. *pp = NULL;
  323. }
  324. return -1;
  325. }
  326. STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
  327. long len)
  328. {
  329. ASN1_OCTET_STRING *oct = NULL;
  330. STACK_OF(SCT) *sk = NULL;
  331. const unsigned char *p;
  332. p = *pp;
  333. if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
  334. return NULL;
  335. p = oct->data;
  336. if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
  337. *pp += len;
  338. ASN1_OCTET_STRING_free(oct);
  339. return sk;
  340. }
  341. int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
  342. {
  343. ASN1_OCTET_STRING oct;
  344. int len;
  345. oct.data = NULL;
  346. if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
  347. return -1;
  348. len = i2d_ASN1_OCTET_STRING(&oct, out);
  349. OPENSSL_free(oct.data);
  350. return len;
  351. }