• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #ifdef OPENSSL_NO_CT
11 # error "CT is disabled"
12 #endif
13 
14 #include <stddef.h>
15 #include <string.h>
16 
17 #include <openssl/err.h>
18 #include <openssl/obj_mac.h>
19 #include <openssl/x509.h>
20 
21 #include "ct_local.h"
22 
SCT_CTX_new(void)23 SCT_CTX *SCT_CTX_new(void)
24 {
25     SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
26 
27     if (sctx == NULL)
28         CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
29 
30     return sctx;
31 }
32 
SCT_CTX_free(SCT_CTX * sctx)33 void SCT_CTX_free(SCT_CTX *sctx)
34 {
35     if (sctx == NULL)
36         return;
37     EVP_PKEY_free(sctx->pkey);
38     OPENSSL_free(sctx->pkeyhash);
39     OPENSSL_free(sctx->ihash);
40     OPENSSL_free(sctx->certder);
41     OPENSSL_free(sctx->preder);
42     OPENSSL_free(sctx);
43 }
44 
45 /*
46  * Finds the index of the first extension with the given NID in cert.
47  * If there is more than one extension with that NID, *is_duplicated is set to
48  * 1, otherwise 0 (unless it is NULL).
49  */
ct_x509_get_ext(X509 * cert,int nid,int * is_duplicated)50 static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
51 {
52     int ret = X509_get_ext_by_NID(cert, nid, -1);
53 
54     if (is_duplicated != NULL)
55         *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;
56 
57     return ret;
58 }
59 
60 /*
61  * Modifies a certificate by deleting extensions and copying the issuer and
62  * AKID from the presigner certificate, if necessary.
63  * Returns 1 on success, 0 otherwise.
64  */
ct_x509_cert_fixup(X509 * cert,X509 * presigner)65 __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
66 {
67     int preidx, certidx;
68     int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
69 
70     if (presigner == NULL)
71         return 1;
72 
73     preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
74                              &pre_akid_ext_is_dup);
75     certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
76                               &cert_akid_ext_is_dup);
77 
78     /* An error occurred whilst searching for the extension */
79     if (preidx < -1 || certidx < -1)
80         return 0;
81     /* Invalid certificate if they contain duplicate extensions */
82     if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
83         return 0;
84     /* AKID must be present in both certificate or absent in both */
85     if (preidx >= 0 && certidx == -1)
86         return 0;
87     if (preidx == -1 && certidx >= 0)
88         return 0;
89     /* Copy issuer name */
90     if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
91         return 0;
92     if (preidx != -1) {
93         /* Retrieve and copy AKID encoding */
94         X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
95         X509_EXTENSION *certext = X509_get_ext(cert, certidx);
96         ASN1_OCTET_STRING *preextdata;
97 
98         /* Should never happen */
99         if (preext == NULL || certext == NULL)
100             return 0;
101         preextdata = X509_EXTENSION_get_data(preext);
102         if (preextdata == NULL ||
103             !X509_EXTENSION_set_data(certext, preextdata))
104             return 0;
105     }
106     return 1;
107 }
108 
SCT_CTX_set1_cert(SCT_CTX * sctx,X509 * cert,X509 * presigner)109 int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
110 {
111     unsigned char *certder = NULL, *preder = NULL;
112     X509 *pretmp = NULL;
113     int certderlen = 0, prederlen = 0;
114     int idx = -1;
115     int poison_ext_is_dup, sct_ext_is_dup;
116     int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
117 
118     /* Duplicate poison extensions are present - error */
119     if (poison_ext_is_dup)
120         goto err;
121 
122     /* If *cert doesn't have a poison extension, it isn't a precert */
123     if (poison_idx == -1) {
124         /* cert isn't a precert, so we shouldn't have a presigner */
125         if (presigner != NULL)
126             goto err;
127 
128         certderlen = i2d_X509(cert, &certder);
129         if (certderlen < 0)
130             goto err;
131     }
132 
133     /* See if cert has a precert SCTs extension */
134     idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
135     /* Duplicate SCT extensions are present - error */
136     if (sct_ext_is_dup)
137         goto err;
138 
139     if (idx >= 0 && poison_idx >= 0) {
140         /*
141          * cert can't both contain SCTs (i.e. have an SCT extension) and be a
142          * precert (i.e. have a poison extension).
143          */
144         goto err;
145     }
146 
147     if (idx == -1) {
148         idx = poison_idx;
149     }
150 
151     /*
152      * If either a poison or SCT extension is present, remove it before encoding
153      * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
154      * RFC5280) from cert, which is what the CT log signed when it produced the
155      * SCT.
156      */
157     if (idx >= 0) {
158         X509_EXTENSION *ext;
159 
160         /* Take a copy of certificate so we don't modify passed version */
161         pretmp = X509_dup(cert);
162         if (pretmp == NULL)
163             goto err;
164 
165         ext = X509_delete_ext(pretmp, idx);
166         X509_EXTENSION_free(ext);
167 
168         if (!ct_x509_cert_fixup(pretmp, presigner))
169             goto err;
170 
171         prederlen = i2d_re_X509_tbs(pretmp, &preder);
172         if (prederlen <= 0)
173             goto err;
174     }
175 
176     X509_free(pretmp);
177 
178     OPENSSL_free(sctx->certder);
179     sctx->certder = certder;
180     sctx->certderlen = certderlen;
181 
182     OPENSSL_free(sctx->preder);
183     sctx->preder = preder;
184     sctx->prederlen = prederlen;
185 
186     return 1;
187 err:
188     OPENSSL_free(certder);
189     OPENSSL_free(preder);
190     X509_free(pretmp);
191     return 0;
192 }
193 
ct_public_key_hash(X509_PUBKEY * pkey,unsigned char ** hash,size_t * hash_len)194 __owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
195                                      size_t *hash_len)
196 {
197     int ret = 0;
198     unsigned char *md = NULL, *der = NULL;
199     int der_len;
200     unsigned int md_len;
201 
202     /* Reuse buffer if possible */
203     if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
204         md = *hash;
205     } else {
206         md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
207         if (md == NULL)
208             goto err;
209     }
210 
211     /* Calculate key hash */
212     der_len = i2d_X509_PUBKEY(pkey, &der);
213     if (der_len <= 0)
214         goto err;
215 
216     if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))
217         goto err;
218 
219     if (md != *hash) {
220         OPENSSL_free(*hash);
221         *hash = md;
222         *hash_len = SHA256_DIGEST_LENGTH;
223     }
224 
225     md = NULL;
226     ret = 1;
227  err:
228     OPENSSL_free(md);
229     OPENSSL_free(der);
230     return ret;
231 }
232 
SCT_CTX_set1_issuer(SCT_CTX * sctx,const X509 * issuer)233 int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
234 {
235     return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
236 }
237 
SCT_CTX_set1_issuer_pubkey(SCT_CTX * sctx,X509_PUBKEY * pubkey)238 int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
239 {
240     return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);
241 }
242 
SCT_CTX_set1_pubkey(SCT_CTX * sctx,X509_PUBKEY * pubkey)243 int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
244 {
245     EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
246 
247     if (pkey == NULL)
248         return 0;
249 
250     if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
251         EVP_PKEY_free(pkey);
252         return 0;
253     }
254 
255     EVP_PKEY_free(sctx->pkey);
256     sctx->pkey = pkey;
257     return 1;
258 }
259 
SCT_CTX_set_time(SCT_CTX * sctx,uint64_t time_in_ms)260 void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
261 {
262     sctx->epoch_time_in_ms = time_in_ms;
263 }
264