• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #ifdef OPENSSL_NO_CT
11 # error "CT is disabled"
12 #endif
13 
14 #include <limits.h>
15 #include <string.h>
16 
17 #include <openssl/asn1.h>
18 #include <openssl/buffer.h>
19 #include <openssl/ct.h>
20 #include <openssl/err.h>
21 
22 #include "ct_local.h"
23 
o2i_SCT_signature(SCT * sct,const unsigned char ** in,size_t len)24 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
25 {
26     size_t siglen;
27     size_t len_remaining = len;
28     const unsigned char *p;
29 
30     if (sct->version != SCT_VERSION_V1) {
31         ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
32         return -1;
33     }
34     /*
35      * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
36      * Signature algorithm (2 bytes + ?) Signature
37      *
38      * This explicitly rejects empty signatures: they're invalid for
39      * all supported algorithms.
40      */
41     if (len <= 4) {
42         ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
43         return -1;
44     }
45 
46     p = *in;
47     /* Get hash and signature algorithm */
48     sct->hash_alg = *p++;
49     sct->sig_alg = *p++;
50     if (SCT_get_signature_nid(sct) == NID_undef) {
51         ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
52         return -1;
53     }
54     /* Retrieve signature and check it is consistent with the buffer length */
55     n2s(p, siglen);
56     len_remaining -= (p - *in);
57     if (siglen > len_remaining) {
58         ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
59         return -1;
60     }
61 
62     if (SCT_set1_signature(sct, p, siglen) != 1)
63         return -1;
64     len_remaining -= siglen;
65     *in = p + siglen;
66 
67     return len - len_remaining;
68 }
69 
o2i_SCT(SCT ** psct,const unsigned char ** in,size_t len)70 SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
71 {
72     SCT *sct = NULL;
73     const unsigned char *p;
74 
75     if (len == 0 || len > MAX_SCT_SIZE) {
76         ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
77         goto err;
78     }
79 
80     if ((sct = SCT_new()) == NULL)
81         goto err;
82 
83     p = *in;
84 
85     sct->version = *p;
86     if (sct->version == SCT_VERSION_V1) {
87         int sig_len;
88         size_t len2;
89         /*-
90          * Fixed-length header:
91          *   struct {
92          *     Version sct_version;     (1 byte)
93          *     log_id id;               (32 bytes)
94          *     uint64 timestamp;        (8 bytes)
95          *     CtExtensions extensions; (2 bytes + ?)
96          *   }
97          */
98         if (len < 43) {
99             ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
100             goto err;
101         }
102         len -= 43;
103         p++;
104         sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN);
105         if (sct->log_id == NULL)
106             goto err;
107         sct->log_id_len = CT_V1_HASHLEN;
108         p += CT_V1_HASHLEN;
109 
110         n2l8(p, sct->timestamp);
111 
112         n2s(p, len2);
113         if (len < len2) {
114             ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
115             goto err;
116         }
117         if (len2 > 0) {
118             sct->ext = OPENSSL_memdup(p, len2);
119             if (sct->ext == NULL)
120                 goto err;
121         }
122         sct->ext_len = len2;
123         p += len2;
124         len -= len2;
125 
126         sig_len = o2i_SCT_signature(sct, &p, len);
127         if (sig_len <= 0) {
128             ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
129             goto err;
130         }
131         len -= sig_len;
132         *in = p + len;
133     } else {
134         /* If not V1 just cache encoding */
135         sct->sct = OPENSSL_memdup(p, len);
136         if (sct->sct == NULL)
137             goto err;
138         sct->sct_len = len;
139         *in = p + len;
140     }
141 
142     if (psct != NULL) {
143         SCT_free(*psct);
144         *psct = sct;
145     }
146 
147     return sct;
148 err:
149     SCT_free(sct);
150     return NULL;
151 }
152 
i2o_SCT_signature(const SCT * sct,unsigned char ** out)153 int i2o_SCT_signature(const SCT *sct, unsigned char **out)
154 {
155     size_t len;
156     unsigned char *p = NULL, *pstart = NULL;
157 
158     if (!SCT_signature_is_complete(sct)) {
159         ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
160         goto err;
161     }
162 
163     if (sct->version != SCT_VERSION_V1) {
164         ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
165         goto err;
166     }
167 
168     /*
169     * (1 byte) Hash algorithm
170     * (1 byte) Signature algorithm
171     * (2 bytes + ?) Signature
172     */
173     len = 4 + sct->sig_len;
174 
175     if (out != NULL) {
176         if (*out != NULL) {
177             p = *out;
178             *out += len;
179         } else {
180             pstart = p = OPENSSL_malloc(len);
181             if (p == NULL) {
182                 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
183                 goto err;
184             }
185             *out = p;
186         }
187 
188         *p++ = sct->hash_alg;
189         *p++ = sct->sig_alg;
190         s2n(sct->sig_len, p);
191         memcpy(p, sct->sig, sct->sig_len);
192     }
193 
194     return len;
195 err:
196     OPENSSL_free(pstart);
197     return -1;
198 }
199 
i2o_SCT(const SCT * sct,unsigned char ** out)200 int i2o_SCT(const SCT *sct, unsigned char **out)
201 {
202     size_t len;
203     unsigned char *p = NULL, *pstart = NULL;
204 
205     if (!SCT_is_complete(sct)) {
206         ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
207         goto err;
208     }
209     /*
210      * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
211      * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
212      * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
213      * bytes + ?) Signature
214      */
215     if (sct->version == SCT_VERSION_V1)
216         len = 43 + sct->ext_len + 4 + sct->sig_len;
217     else
218         len = sct->sct_len;
219 
220     if (out == NULL)
221         return len;
222 
223     if (*out != NULL) {
224         p = *out;
225         *out += len;
226     } else {
227         pstart = p = OPENSSL_malloc(len);
228         if (p == NULL) {
229             ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
230             goto err;
231         }
232         *out = p;
233     }
234 
235     if (sct->version == SCT_VERSION_V1) {
236         *p++ = sct->version;
237         memcpy(p, sct->log_id, CT_V1_HASHLEN);
238         p += CT_V1_HASHLEN;
239         l2n8(sct->timestamp, p);
240         s2n(sct->ext_len, p);
241         if (sct->ext_len > 0) {
242             memcpy(p, sct->ext, sct->ext_len);
243             p += sct->ext_len;
244         }
245         if (i2o_SCT_signature(sct, &p) <= 0)
246             goto err;
247     } else {
248         memcpy(p, sct->sct, len);
249     }
250 
251     return len;
252 err:
253     OPENSSL_free(pstart);
254     return -1;
255 }
256 
STACK_OF(SCT)257 STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
258                             size_t len)
259 {
260     STACK_OF(SCT) *sk = NULL;
261     size_t list_len, sct_len;
262 
263     if (len < 2 || len > MAX_SCT_LIST_SIZE) {
264         ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
265         return NULL;
266     }
267 
268     n2s(*pp, list_len);
269     if (list_len != len - 2) {
270         ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
271         return NULL;
272     }
273 
274     if (a == NULL || *a == NULL) {
275         sk = sk_SCT_new_null();
276         if (sk == NULL)
277             return NULL;
278     } else {
279         SCT *sct;
280 
281         /* Use the given stack, but empty it first. */
282         sk = *a;
283         while ((sct = sk_SCT_pop(sk)) != NULL)
284             SCT_free(sct);
285     }
286 
287     while (list_len > 0) {
288         SCT *sct;
289 
290         if (list_len < 2) {
291             ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
292             goto err;
293         }
294         n2s(*pp, sct_len);
295         list_len -= 2;
296 
297         if (sct_len == 0 || sct_len > list_len) {
298             ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
299             goto err;
300         }
301         list_len -= sct_len;
302 
303         if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
304             goto err;
305         if (!sk_SCT_push(sk, sct)) {
306             SCT_free(sct);
307             goto err;
308         }
309     }
310 
311     if (a != NULL && *a == NULL)
312         *a = sk;
313     return sk;
314 
315  err:
316     if (a == NULL || *a == NULL)
317         SCT_LIST_free(sk);
318     return NULL;
319 }
320 
i2o_SCT_LIST(const STACK_OF (SCT)* a,unsigned char ** pp)321 int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
322 {
323     int len, sct_len, i, is_pp_new = 0;
324     size_t len2;
325     unsigned char *p = NULL, *p2;
326 
327     if (pp != NULL) {
328         if (*pp == NULL) {
329             if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
330                 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
331                 return -1;
332             }
333             if ((*pp = OPENSSL_malloc(len)) == NULL) {
334                 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
335                 return -1;
336             }
337             is_pp_new = 1;
338         }
339         p = *pp + 2;
340     }
341 
342     len2 = 2;
343     for (i = 0; i < sk_SCT_num(a); i++) {
344         if (pp != NULL) {
345             p2 = p;
346             p += 2;
347             if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
348                 goto err;
349             s2n(sct_len, p2);
350         } else {
351           if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
352               goto err;
353         }
354         len2 += 2 + sct_len;
355     }
356 
357     if (len2 > MAX_SCT_LIST_SIZE)
358         goto err;
359 
360     if (pp != NULL) {
361         p = *pp;
362         s2n(len2 - 2, p);
363         if (!is_pp_new)
364             *pp += len2;
365     }
366     return len2;
367 
368  err:
369     if (is_pp_new) {
370         OPENSSL_free(*pp);
371         *pp = NULL;
372     }
373     return -1;
374 }
375 
STACK_OF(SCT)376 STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
377                             long len)
378 {
379     ASN1_OCTET_STRING *oct = NULL;
380     STACK_OF(SCT) *sk = NULL;
381     const unsigned char *p;
382 
383     p = *pp;
384     if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
385         return NULL;
386 
387     p = oct->data;
388     if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
389         *pp += len;
390 
391     ASN1_OCTET_STRING_free(oct);
392     return sk;
393 }
394 
i2d_SCT_LIST(const STACK_OF (SCT)* a,unsigned char ** out)395 int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
396 {
397     ASN1_OCTET_STRING oct;
398     int len;
399 
400     oct.data = NULL;
401     if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
402         return -1;
403 
404     len = i2d_ASN1_OCTET_STRING(&oct, out);
405     OPENSSL_free(oct.data);
406     return len;
407 }
408