• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #ifdef OPENSSL_NO_CT
11 # error "CT is disabled"
12 #endif
13 
14 #include <stddef.h>
15 #include <string.h>
16 
17 #include <openssl/err.h>
18 #include <openssl/obj_mac.h>
19 #include <openssl/x509.h>
20 
21 #include "ct_local.h"
22 
SCT_CTX_new(OSSL_LIB_CTX * libctx,const char * propq)23 SCT_CTX *SCT_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
24 {
25     SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
26 
27     if (sctx == NULL) {
28         ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
29         return NULL;
30     }
31 
32     sctx->libctx = libctx;
33     if (propq != NULL) {
34         sctx->propq = OPENSSL_strdup(propq);
35         if (sctx->propq == NULL) {
36             ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
37             OPENSSL_free(sctx);
38             return NULL;
39         }
40     }
41 
42     return sctx;
43 }
44 
SCT_CTX_free(SCT_CTX * sctx)45 void SCT_CTX_free(SCT_CTX *sctx)
46 {
47     if (sctx == NULL)
48         return;
49     EVP_PKEY_free(sctx->pkey);
50     OPENSSL_free(sctx->pkeyhash);
51     OPENSSL_free(sctx->ihash);
52     OPENSSL_free(sctx->certder);
53     OPENSSL_free(sctx->preder);
54     OPENSSL_free(sctx->propq);
55     OPENSSL_free(sctx);
56 }
57 
58 /*
59  * Finds the index of the first extension with the given NID in cert.
60  * If there is more than one extension with that NID, *is_duplicated is set to
61  * 1, otherwise 0 (unless it is NULL).
62  */
ct_x509_get_ext(X509 * cert,int nid,int * is_duplicated)63 static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
64 {
65     int ret = X509_get_ext_by_NID(cert, nid, -1);
66 
67     if (is_duplicated != NULL)
68         *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;
69 
70     return ret;
71 }
72 
73 /*
74  * Modifies a certificate by deleting extensions and copying the issuer and
75  * AKID from the presigner certificate, if necessary.
76  * Returns 1 on success, 0 otherwise.
77  */
ct_x509_cert_fixup(X509 * cert,X509 * presigner)78 __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
79 {
80     int preidx, certidx;
81     int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
82 
83     if (presigner == NULL)
84         return 1;
85 
86     preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
87                              &pre_akid_ext_is_dup);
88     certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
89                               &cert_akid_ext_is_dup);
90 
91     /* An error occurred whilst searching for the extension */
92     if (preidx < -1 || certidx < -1)
93         return 0;
94     /* Invalid certificate if they contain duplicate extensions */
95     if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
96         return 0;
97     /* AKID must be present in both certificate or absent in both */
98     if (preidx >= 0 && certidx == -1)
99         return 0;
100     if (preidx == -1 && certidx >= 0)
101         return 0;
102     /* Copy issuer name */
103     if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
104         return 0;
105     if (preidx != -1) {
106         /* Retrieve and copy AKID encoding */
107         X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
108         X509_EXTENSION *certext = X509_get_ext(cert, certidx);
109         ASN1_OCTET_STRING *preextdata;
110 
111         /* Should never happen */
112         if (preext == NULL || certext == NULL)
113             return 0;
114         preextdata = X509_EXTENSION_get_data(preext);
115         if (preextdata == NULL ||
116             !X509_EXTENSION_set_data(certext, preextdata))
117             return 0;
118     }
119     return 1;
120 }
121 
SCT_CTX_set1_cert(SCT_CTX * sctx,X509 * cert,X509 * presigner)122 int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
123 {
124     unsigned char *certder = NULL, *preder = NULL;
125     X509 *pretmp = NULL;
126     int certderlen = 0, prederlen = 0;
127     int idx = -1;
128     int poison_ext_is_dup, sct_ext_is_dup;
129     int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
130 
131     /* Duplicate poison extensions are present - error */
132     if (poison_ext_is_dup)
133         goto err;
134 
135     /* If *cert doesn't have a poison extension, it isn't a precert */
136     if (poison_idx == -1) {
137         /* cert isn't a precert, so we shouldn't have a presigner */
138         if (presigner != NULL)
139             goto err;
140 
141         certderlen = i2d_X509(cert, &certder);
142         if (certderlen < 0)
143             goto err;
144     }
145 
146     /* See if cert has a precert SCTs extension */
147     idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
148     /* Duplicate SCT extensions are present - error */
149     if (sct_ext_is_dup)
150         goto err;
151 
152     if (idx >= 0 && poison_idx >= 0) {
153         /*
154          * cert can't both contain SCTs (i.e. have an SCT extension) and be a
155          * precert (i.e. have a poison extension).
156          */
157         goto err;
158     }
159 
160     if (idx == -1) {
161         idx = poison_idx;
162     }
163 
164     /*
165      * If either a poison or SCT extension is present, remove it before encoding
166      * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
167      * RFC5280) from cert, which is what the CT log signed when it produced the
168      * SCT.
169      */
170     if (idx >= 0) {
171         /* Take a copy of certificate so we don't modify passed version */
172         pretmp = X509_dup(cert);
173         if (pretmp == NULL)
174             goto err;
175 
176         X509_EXTENSION_free(X509_delete_ext(pretmp, idx));
177 
178         if (!ct_x509_cert_fixup(pretmp, presigner))
179             goto err;
180 
181         prederlen = i2d_re_X509_tbs(pretmp, &preder);
182         if (prederlen <= 0)
183             goto err;
184     }
185 
186     X509_free(pretmp);
187 
188     OPENSSL_free(sctx->certder);
189     sctx->certder = certder;
190     sctx->certderlen = certderlen;
191 
192     OPENSSL_free(sctx->preder);
193     sctx->preder = preder;
194     sctx->prederlen = prederlen;
195 
196     return 1;
197 err:
198     OPENSSL_free(certder);
199     OPENSSL_free(preder);
200     X509_free(pretmp);
201     return 0;
202 }
203 
ct_public_key_hash(SCT_CTX * sctx,X509_PUBKEY * pkey,unsigned char ** hash,size_t * hash_len)204 __owur static int ct_public_key_hash(SCT_CTX *sctx, X509_PUBKEY *pkey,
205                                      unsigned char **hash, size_t *hash_len)
206 {
207     int ret = 0;
208     unsigned char *md = NULL, *der = NULL;
209     int der_len;
210     unsigned int md_len;
211     EVP_MD *sha256 = EVP_MD_fetch(sctx->libctx, "SHA2-256", sctx->propq);
212 
213     if (sha256 == NULL)
214         goto err;
215 
216     /* Reuse buffer if possible */
217     if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
218         md = *hash;
219     } else {
220         md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
221         if (md == NULL)
222             goto err;
223     }
224 
225     /* Calculate key hash */
226     der_len = i2d_X509_PUBKEY(pkey, &der);
227     if (der_len <= 0)
228         goto err;
229 
230     if (!EVP_Digest(der, der_len, md, &md_len, sha256, NULL))
231         goto err;
232 
233     if (md != *hash) {
234         OPENSSL_free(*hash);
235         *hash = md;
236         *hash_len = SHA256_DIGEST_LENGTH;
237     }
238 
239     md = NULL;
240     ret = 1;
241  err:
242     EVP_MD_free(sha256);
243     OPENSSL_free(md);
244     OPENSSL_free(der);
245     return ret;
246 }
247 
SCT_CTX_set1_issuer(SCT_CTX * sctx,const X509 * issuer)248 int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
249 {
250     return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
251 }
252 
SCT_CTX_set1_issuer_pubkey(SCT_CTX * sctx,X509_PUBKEY * pubkey)253 int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
254 {
255     return ct_public_key_hash(sctx, pubkey, &sctx->ihash, &sctx->ihashlen);
256 }
257 
SCT_CTX_set1_pubkey(SCT_CTX * sctx,X509_PUBKEY * pubkey)258 int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
259 {
260     EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
261 
262     if (pkey == NULL)
263         return 0;
264 
265     if (!ct_public_key_hash(sctx, pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
266         EVP_PKEY_free(pkey);
267         return 0;
268     }
269 
270     EVP_PKEY_free(sctx->pkey);
271     sctx->pkey = pkey;
272     return 1;
273 }
274 
SCT_CTX_set_time(SCT_CTX * sctx,uint64_t time_in_ms)275 void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
276 {
277     sctx->epoch_time_in_ms = time_in_ms;
278 }
279