ct_sct_ctx.c 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
  1. /*
  2. * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifdef OPENSSL_NO_CT
  10. # error "CT is disabled"
  11. #endif
  12. #include <stddef.h>
  13. #include <string.h>
  14. #include <openssl/err.h>
  15. #include <openssl/obj_mac.h>
  16. #include <openssl/x509.h>
  17. #include "ct_local.h"
  18. SCT_CTX *SCT_CTX_new(OPENSSL_CTX *libctx, const char *propq)
  19. {
  20. SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
  21. if (sctx == NULL) {
  22. CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
  23. return NULL;
  24. }
  25. sctx->libctx = libctx;
  26. if (propq != NULL) {
  27. sctx->propq = OPENSSL_strdup(propq);
  28. if (sctx->propq == NULL) {
  29. CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
  30. OPENSSL_free(sctx);
  31. return NULL;
  32. }
  33. }
  34. return sctx;
  35. }
  36. void SCT_CTX_free(SCT_CTX *sctx)
  37. {
  38. if (sctx == NULL)
  39. return;
  40. EVP_PKEY_free(sctx->pkey);
  41. OPENSSL_free(sctx->pkeyhash);
  42. OPENSSL_free(sctx->ihash);
  43. OPENSSL_free(sctx->certder);
  44. OPENSSL_free(sctx->preder);
  45. OPENSSL_free(sctx->propq);
  46. OPENSSL_free(sctx);
  47. }
  48. /*
  49. * Finds the index of the first extension with the given NID in cert.
  50. * If there is more than one extension with that NID, *is_duplicated is set to
  51. * 1, otherwise 0 (unless it is NULL).
  52. */
  53. static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
  54. {
  55. int ret = X509_get_ext_by_NID(cert, nid, -1);
  56. if (is_duplicated != NULL)
  57. *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;
  58. return ret;
  59. }
  60. /*
  61. * Modifies a certificate by deleting extensions and copying the issuer and
  62. * AKID from the presigner certificate, if necessary.
  63. * Returns 1 on success, 0 otherwise.
  64. */
  65. __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
  66. {
  67. int preidx, certidx;
  68. int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
  69. if (presigner == NULL)
  70. return 1;
  71. preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
  72. &pre_akid_ext_is_dup);
  73. certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
  74. &cert_akid_ext_is_dup);
  75. /* An error occurred whilst searching for the extension */
  76. if (preidx < -1 || certidx < -1)
  77. return 0;
  78. /* Invalid certificate if they contain duplicate extensions */
  79. if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
  80. return 0;
  81. /* AKID must be present in both certificate or absent in both */
  82. if (preidx >= 0 && certidx == -1)
  83. return 0;
  84. if (preidx == -1 && certidx >= 0)
  85. return 0;
  86. /* Copy issuer name */
  87. if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
  88. return 0;
  89. if (preidx != -1) {
  90. /* Retrieve and copy AKID encoding */
  91. X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
  92. X509_EXTENSION *certext = X509_get_ext(cert, certidx);
  93. ASN1_OCTET_STRING *preextdata;
  94. /* Should never happen */
  95. if (preext == NULL || certext == NULL)
  96. return 0;
  97. preextdata = X509_EXTENSION_get_data(preext);
  98. if (preextdata == NULL ||
  99. !X509_EXTENSION_set_data(certext, preextdata))
  100. return 0;
  101. }
  102. return 1;
  103. }
  104. int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
  105. {
  106. unsigned char *certder = NULL, *preder = NULL;
  107. X509 *pretmp = NULL;
  108. int certderlen = 0, prederlen = 0;
  109. int idx = -1;
  110. int poison_ext_is_dup, sct_ext_is_dup;
  111. int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
  112. /* Duplicate poison extensions are present - error */
  113. if (poison_ext_is_dup)
  114. goto err;
  115. /* If *cert doesn't have a poison extension, it isn't a precert */
  116. if (poison_idx == -1) {
  117. /* cert isn't a precert, so we shouldn't have a presigner */
  118. if (presigner != NULL)
  119. goto err;
  120. certderlen = i2d_X509(cert, &certder);
  121. if (certderlen < 0)
  122. goto err;
  123. }
  124. /* See if cert has a precert SCTs extension */
  125. idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
  126. /* Duplicate SCT extensions are present - error */
  127. if (sct_ext_is_dup)
  128. goto err;
  129. if (idx >= 0 && poison_idx >= 0) {
  130. /*
  131. * cert can't both contain SCTs (i.e. have an SCT extension) and be a
  132. * precert (i.e. have a poison extension).
  133. */
  134. goto err;
  135. }
  136. if (idx == -1) {
  137. idx = poison_idx;
  138. }
  139. /*
  140. * If either a poison or SCT extension is present, remove it before encoding
  141. * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
  142. * RFC5280) from cert, which is what the CT log signed when it produced the
  143. * SCT.
  144. */
  145. if (idx >= 0) {
  146. X509_EXTENSION *ext;
  147. /* Take a copy of certificate so we don't modify passed version */
  148. pretmp = X509_dup(cert);
  149. if (pretmp == NULL)
  150. goto err;
  151. ext = X509_delete_ext(pretmp, idx);
  152. X509_EXTENSION_free(ext);
  153. if (!ct_x509_cert_fixup(pretmp, presigner))
  154. goto err;
  155. prederlen = i2d_re_X509_tbs(pretmp, &preder);
  156. if (prederlen <= 0)
  157. goto err;
  158. }
  159. X509_free(pretmp);
  160. OPENSSL_free(sctx->certder);
  161. sctx->certder = certder;
  162. sctx->certderlen = certderlen;
  163. OPENSSL_free(sctx->preder);
  164. sctx->preder = preder;
  165. sctx->prederlen = prederlen;
  166. return 1;
  167. err:
  168. OPENSSL_free(certder);
  169. OPENSSL_free(preder);
  170. X509_free(pretmp);
  171. return 0;
  172. }
  173. __owur static int ct_public_key_hash(SCT_CTX *sctx, X509_PUBKEY *pkey,
  174. unsigned char **hash, size_t *hash_len)
  175. {
  176. int ret = 0;
  177. unsigned char *md = NULL, *der = NULL;
  178. int der_len;
  179. unsigned int md_len;
  180. EVP_MD *sha256 = EVP_MD_fetch(sctx->libctx, "SHA2-256", sctx->propq);
  181. if (sha256 == NULL)
  182. goto err;
  183. /* Reuse buffer if possible */
  184. if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
  185. md = *hash;
  186. } else {
  187. md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
  188. if (md == NULL)
  189. goto err;
  190. }
  191. /* Calculate key hash */
  192. der_len = i2d_X509_PUBKEY(pkey, &der);
  193. if (der_len <= 0)
  194. goto err;
  195. if (!EVP_Digest(der, der_len, md, &md_len, sha256, NULL))
  196. goto err;
  197. if (md != *hash) {
  198. OPENSSL_free(*hash);
  199. *hash = md;
  200. *hash_len = SHA256_DIGEST_LENGTH;
  201. }
  202. md = NULL;
  203. ret = 1;
  204. err:
  205. EVP_MD_free(sha256);
  206. OPENSSL_free(md);
  207. OPENSSL_free(der);
  208. return ret;
  209. }
  210. int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
  211. {
  212. return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
  213. }
  214. int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
  215. {
  216. return ct_public_key_hash(sctx, pubkey, &sctx->ihash, &sctx->ihashlen);
  217. }
  218. int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
  219. {
  220. EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
  221. if (pkey == NULL)
  222. return 0;
  223. if (!ct_public_key_hash(sctx, pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
  224. EVP_PKEY_free(pkey);
  225. return 0;
  226. }
  227. EVP_PKEY_free(sctx->pkey);
  228. sctx->pkey = pkey;
  229. return 1;
  230. }
  231. void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
  232. {
  233. sctx->epoch_time_in_ms = time_in_ms;
  234. }