1 /*
2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifdef OPENSSL_NO_CT
11 # error "CT is disabled"
12 #endif
13
14 #include <limits.h>
15 #include <string.h>
16
17 #include <openssl/asn1.h>
18 #include <openssl/buffer.h>
19 #include <openssl/ct.h>
20 #include <openssl/err.h>
21
22 #include "ct_local.h"
23
o2i_SCT_signature(SCT * sct,const unsigned char ** in,size_t len)24 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
25 {
26 size_t siglen;
27 size_t len_remaining = len;
28 const unsigned char *p;
29
30 if (sct->version != SCT_VERSION_V1) {
31 ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
32 return -1;
33 }
34 /*
35 * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
36 * Signature algorithm (2 bytes + ?) Signature
37 *
38 * This explicitly rejects empty signatures: they're invalid for
39 * all supported algorithms.
40 */
41 if (len <= 4) {
42 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
43 return -1;
44 }
45
46 p = *in;
47 /* Get hash and signature algorithm */
48 sct->hash_alg = *p++;
49 sct->sig_alg = *p++;
50 if (SCT_get_signature_nid(sct) == NID_undef) {
51 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
52 return -1;
53 }
54 /* Retrieve signature and check it is consistent with the buffer length */
55 n2s(p, siglen);
56 len_remaining -= (p - *in);
57 if (siglen > len_remaining) {
58 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
59 return -1;
60 }
61
62 if (SCT_set1_signature(sct, p, siglen) != 1)
63 return -1;
64 len_remaining -= siglen;
65 *in = p + siglen;
66
67 return len - len_remaining;
68 }
69
o2i_SCT(SCT ** psct,const unsigned char ** in,size_t len)70 SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
71 {
72 SCT *sct = NULL;
73 const unsigned char *p;
74
75 if (len == 0 || len > MAX_SCT_SIZE) {
76 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
77 goto err;
78 }
79
80 if ((sct = SCT_new()) == NULL)
81 goto err;
82
83 p = *in;
84
85 sct->version = *p;
86 if (sct->version == SCT_VERSION_V1) {
87 int sig_len;
88 size_t len2;
89 /*-
90 * Fixed-length header:
91 * struct {
92 * Version sct_version; (1 byte)
93 * log_id id; (32 bytes)
94 * uint64 timestamp; (8 bytes)
95 * CtExtensions extensions; (2 bytes + ?)
96 * }
97 */
98 if (len < 43) {
99 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
100 goto err;
101 }
102 len -= 43;
103 p++;
104 sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN);
105 if (sct->log_id == NULL)
106 goto err;
107 sct->log_id_len = CT_V1_HASHLEN;
108 p += CT_V1_HASHLEN;
109
110 n2l8(p, sct->timestamp);
111
112 n2s(p, len2);
113 if (len < len2) {
114 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
115 goto err;
116 }
117 if (len2 > 0) {
118 sct->ext = OPENSSL_memdup(p, len2);
119 if (sct->ext == NULL)
120 goto err;
121 }
122 sct->ext_len = len2;
123 p += len2;
124 len -= len2;
125
126 sig_len = o2i_SCT_signature(sct, &p, len);
127 if (sig_len <= 0) {
128 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
129 goto err;
130 }
131 len -= sig_len;
132 *in = p + len;
133 } else {
134 /* If not V1 just cache encoding */
135 sct->sct = OPENSSL_memdup(p, len);
136 if (sct->sct == NULL)
137 goto err;
138 sct->sct_len = len;
139 *in = p + len;
140 }
141
142 if (psct != NULL) {
143 SCT_free(*psct);
144 *psct = sct;
145 }
146
147 return sct;
148 err:
149 SCT_free(sct);
150 return NULL;
151 }
152
i2o_SCT_signature(const SCT * sct,unsigned char ** out)153 int i2o_SCT_signature(const SCT *sct, unsigned char **out)
154 {
155 size_t len;
156 unsigned char *p = NULL, *pstart = NULL;
157
158 if (!SCT_signature_is_complete(sct)) {
159 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
160 goto err;
161 }
162
163 if (sct->version != SCT_VERSION_V1) {
164 ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
165 goto err;
166 }
167
168 /*
169 * (1 byte) Hash algorithm
170 * (1 byte) Signature algorithm
171 * (2 bytes + ?) Signature
172 */
173 len = 4 + sct->sig_len;
174
175 if (out != NULL) {
176 if (*out != NULL) {
177 p = *out;
178 *out += len;
179 } else {
180 pstart = p = OPENSSL_malloc(len);
181 if (p == NULL)
182 goto err;
183 *out = p;
184 }
185
186 *p++ = sct->hash_alg;
187 *p++ = sct->sig_alg;
188 s2n(sct->sig_len, p);
189 memcpy(p, sct->sig, sct->sig_len);
190 }
191
192 return len;
193 err:
194 OPENSSL_free(pstart);
195 return -1;
196 }
197
i2o_SCT(const SCT * sct,unsigned char ** out)198 int i2o_SCT(const SCT *sct, unsigned char **out)
199 {
200 size_t len;
201 unsigned char *p = NULL, *pstart = NULL;
202
203 if (!SCT_is_complete(sct)) {
204 ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
205 goto err;
206 }
207 /*
208 * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
209 * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
210 * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
211 * bytes + ?) Signature
212 */
213 if (sct->version == SCT_VERSION_V1)
214 len = 43 + sct->ext_len + 4 + sct->sig_len;
215 else
216 len = sct->sct_len;
217
218 if (out == NULL)
219 return len;
220
221 if (*out != NULL) {
222 p = *out;
223 *out += len;
224 } else {
225 pstart = p = OPENSSL_malloc(len);
226 if (p == NULL)
227 goto err;
228 *out = p;
229 }
230
231 if (sct->version == SCT_VERSION_V1) {
232 *p++ = sct->version;
233 memcpy(p, sct->log_id, CT_V1_HASHLEN);
234 p += CT_V1_HASHLEN;
235 l2n8(sct->timestamp, p);
236 s2n(sct->ext_len, p);
237 if (sct->ext_len > 0) {
238 memcpy(p, sct->ext, sct->ext_len);
239 p += sct->ext_len;
240 }
241 if (i2o_SCT_signature(sct, &p) <= 0)
242 goto err;
243 } else {
244 memcpy(p, sct->sct, len);
245 }
246
247 return len;
248 err:
249 OPENSSL_free(pstart);
250 return -1;
251 }
252
STACK_OF(SCT)253 STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
254 size_t len)
255 {
256 STACK_OF(SCT) *sk = NULL;
257 size_t list_len, sct_len;
258
259 if (len < 2 || len > MAX_SCT_LIST_SIZE) {
260 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
261 return NULL;
262 }
263
264 n2s(*pp, list_len);
265 if (list_len != len - 2) {
266 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
267 return NULL;
268 }
269
270 if (a == NULL || *a == NULL) {
271 sk = sk_SCT_new_null();
272 if (sk == NULL)
273 return NULL;
274 } else {
275 SCT *sct;
276
277 /* Use the given stack, but empty it first. */
278 sk = *a;
279 while ((sct = sk_SCT_pop(sk)) != NULL)
280 SCT_free(sct);
281 }
282
283 while (list_len > 0) {
284 SCT *sct;
285
286 if (list_len < 2) {
287 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
288 goto err;
289 }
290 n2s(*pp, sct_len);
291 list_len -= 2;
292
293 if (sct_len == 0 || sct_len > list_len) {
294 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
295 goto err;
296 }
297 list_len -= sct_len;
298
299 if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
300 goto err;
301 if (!sk_SCT_push(sk, sct)) {
302 SCT_free(sct);
303 goto err;
304 }
305 }
306
307 if (a != NULL && *a == NULL)
308 *a = sk;
309 return sk;
310
311 err:
312 if (a == NULL || *a == NULL)
313 SCT_LIST_free(sk);
314 return NULL;
315 }
316
i2o_SCT_LIST(const STACK_OF (SCT)* a,unsigned char ** pp)317 int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
318 {
319 int len, sct_len, i, is_pp_new = 0;
320 size_t len2;
321 unsigned char *p = NULL, *p2;
322
323 if (pp != NULL) {
324 if (*pp == NULL) {
325 if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
326 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
327 return -1;
328 }
329 if ((*pp = OPENSSL_malloc(len)) == NULL)
330 return -1;
331 is_pp_new = 1;
332 }
333 p = *pp + 2;
334 }
335
336 len2 = 2;
337 for (i = 0; i < sk_SCT_num(a); i++) {
338 if (pp != NULL) {
339 p2 = p;
340 p += 2;
341 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
342 goto err;
343 s2n(sct_len, p2);
344 } else {
345 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
346 goto err;
347 }
348 len2 += 2 + sct_len;
349 }
350
351 if (len2 > MAX_SCT_LIST_SIZE)
352 goto err;
353
354 if (pp != NULL) {
355 p = *pp;
356 s2n(len2 - 2, p);
357 if (!is_pp_new)
358 *pp += len2;
359 }
360 return len2;
361
362 err:
363 if (is_pp_new) {
364 OPENSSL_free(*pp);
365 *pp = NULL;
366 }
367 return -1;
368 }
369
STACK_OF(SCT)370 STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
371 long len)
372 {
373 ASN1_OCTET_STRING *oct = NULL;
374 STACK_OF(SCT) *sk = NULL;
375 const unsigned char *p;
376
377 p = *pp;
378 if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
379 return NULL;
380
381 p = oct->data;
382 if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
383 *pp += len;
384
385 ASN1_OCTET_STRING_free(oct);
386 return sk;
387 }
388
i2d_SCT_LIST(const STACK_OF (SCT)* a,unsigned char ** out)389 int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
390 {
391 ASN1_OCTET_STRING oct;
392 int len;
393
394 oct.data = NULL;
395 if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
396 return -1;
397
398 len = i2d_ASN1_OCTET_STRING(&oct, out);
399 OPENSSL_free(oct.data);
400 return len;
401 }
402
