1 /*
2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifdef OPENSSL_NO_CT
11 # error "CT is disabled"
12 #endif
13
14 #include <limits.h>
15 #include <string.h>
16
17 #include <openssl/asn1.h>
18 #include <openssl/buffer.h>
19 #include <openssl/ct.h>
20 #include <openssl/err.h>
21
22 #include "ct_local.h"
23
o2i_SCT_signature(SCT * sct,const unsigned char ** in,size_t len)24 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
25 {
26 size_t siglen;
27 size_t len_remaining = len;
28 const unsigned char *p;
29
30 if (sct->version != SCT_VERSION_V1) {
31 ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
32 return -1;
33 }
34 /*
35 * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
36 * Signature algorithm (2 bytes + ?) Signature
37 *
38 * This explicitly rejects empty signatures: they're invalid for
39 * all supported algorithms.
40 */
41 if (len <= 4) {
42 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
43 return -1;
44 }
45
46 p = *in;
47 /* Get hash and signature algorithm */
48 sct->hash_alg = *p++;
49 sct->sig_alg = *p++;
50 if (SCT_get_signature_nid(sct) == NID_undef) {
51 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
52 return -1;
53 }
54 /* Retrieve signature and check it is consistent with the buffer length */
55 n2s(p, siglen);
56 len_remaining -= (p - *in);
57 if (siglen > len_remaining) {
58 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
59 return -1;
60 }
61
62 if (SCT_set1_signature(sct, p, siglen) != 1)
63 return -1;
64 len_remaining -= siglen;
65 *in = p + siglen;
66
67 return len - len_remaining;
68 }
69
o2i_SCT(SCT ** psct,const unsigned char ** in,size_t len)70 SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
71 {
72 SCT *sct = NULL;
73 const unsigned char *p;
74
75 if (len == 0 || len > MAX_SCT_SIZE) {
76 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
77 goto err;
78 }
79
80 if ((sct = SCT_new()) == NULL)
81 goto err;
82
83 p = *in;
84
85 sct->version = *p;
86 if (sct->version == SCT_VERSION_V1) {
87 int sig_len;
88 size_t len2;
89 /*-
90 * Fixed-length header:
91 * struct {
92 * Version sct_version; (1 byte)
93 * log_id id; (32 bytes)
94 * uint64 timestamp; (8 bytes)
95 * CtExtensions extensions; (2 bytes + ?)
96 * }
97 */
98 if (len < 43) {
99 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
100 goto err;
101 }
102 len -= 43;
103 p++;
104 sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN);
105 if (sct->log_id == NULL)
106 goto err;
107 sct->log_id_len = CT_V1_HASHLEN;
108 p += CT_V1_HASHLEN;
109
110 n2l8(p, sct->timestamp);
111
112 n2s(p, len2);
113 if (len < len2) {
114 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
115 goto err;
116 }
117 if (len2 > 0) {
118 sct->ext = OPENSSL_memdup(p, len2);
119 if (sct->ext == NULL)
120 goto err;
121 }
122 sct->ext_len = len2;
123 p += len2;
124 len -= len2;
125
126 sig_len = o2i_SCT_signature(sct, &p, len);
127 if (sig_len <= 0) {
128 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
129 goto err;
130 }
131 len -= sig_len;
132 *in = p + len;
133 } else {
134 /* If not V1 just cache encoding */
135 sct->sct = OPENSSL_memdup(p, len);
136 if (sct->sct == NULL)
137 goto err;
138 sct->sct_len = len;
139 *in = p + len;
140 }
141
142 if (psct != NULL) {
143 SCT_free(*psct);
144 *psct = sct;
145 }
146
147 return sct;
148 err:
149 SCT_free(sct);
150 return NULL;
151 }
152
i2o_SCT_signature(const SCT * sct,unsigned char ** out)153 int i2o_SCT_signature(const SCT *sct, unsigned char **out)
154 {
155 size_t len;
156 unsigned char *p = NULL, *pstart = NULL;
157
158 if (!SCT_signature_is_complete(sct)) {
159 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
160 goto err;
161 }
162
163 if (sct->version != SCT_VERSION_V1) {
164 ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
165 goto err;
166 }
167
168 /*
169 * (1 byte) Hash algorithm
170 * (1 byte) Signature algorithm
171 * (2 bytes + ?) Signature
172 */
173 len = 4 + sct->sig_len;
174
175 if (out != NULL) {
176 if (*out != NULL) {
177 p = *out;
178 *out += len;
179 } else {
180 pstart = p = OPENSSL_malloc(len);
181 if (p == NULL) {
182 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
183 goto err;
184 }
185 *out = p;
186 }
187
188 *p++ = sct->hash_alg;
189 *p++ = sct->sig_alg;
190 s2n(sct->sig_len, p);
191 memcpy(p, sct->sig, sct->sig_len);
192 }
193
194 return len;
195 err:
196 OPENSSL_free(pstart);
197 return -1;
198 }
199
i2o_SCT(const SCT * sct,unsigned char ** out)200 int i2o_SCT(const SCT *sct, unsigned char **out)
201 {
202 size_t len;
203 unsigned char *p = NULL, *pstart = NULL;
204
205 if (!SCT_is_complete(sct)) {
206 ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
207 goto err;
208 }
209 /*
210 * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
211 * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
212 * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
213 * bytes + ?) Signature
214 */
215 if (sct->version == SCT_VERSION_V1)
216 len = 43 + sct->ext_len + 4 + sct->sig_len;
217 else
218 len = sct->sct_len;
219
220 if (out == NULL)
221 return len;
222
223 if (*out != NULL) {
224 p = *out;
225 *out += len;
226 } else {
227 pstart = p = OPENSSL_malloc(len);
228 if (p == NULL) {
229 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
230 goto err;
231 }
232 *out = p;
233 }
234
235 if (sct->version == SCT_VERSION_V1) {
236 *p++ = sct->version;
237 memcpy(p, sct->log_id, CT_V1_HASHLEN);
238 p += CT_V1_HASHLEN;
239 l2n8(sct->timestamp, p);
240 s2n(sct->ext_len, p);
241 if (sct->ext_len > 0) {
242 memcpy(p, sct->ext, sct->ext_len);
243 p += sct->ext_len;
244 }
245 if (i2o_SCT_signature(sct, &p) <= 0)
246 goto err;
247 } else {
248 memcpy(p, sct->sct, len);
249 }
250
251 return len;
252 err:
253 OPENSSL_free(pstart);
254 return -1;
255 }
256
STACK_OF(SCT)257 STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
258 size_t len)
259 {
260 STACK_OF(SCT) *sk = NULL;
261 size_t list_len, sct_len;
262
263 if (len < 2 || len > MAX_SCT_LIST_SIZE) {
264 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
265 return NULL;
266 }
267
268 n2s(*pp, list_len);
269 if (list_len != len - 2) {
270 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
271 return NULL;
272 }
273
274 if (a == NULL || *a == NULL) {
275 sk = sk_SCT_new_null();
276 if (sk == NULL)
277 return NULL;
278 } else {
279 SCT *sct;
280
281 /* Use the given stack, but empty it first. */
282 sk = *a;
283 while ((sct = sk_SCT_pop(sk)) != NULL)
284 SCT_free(sct);
285 }
286
287 while (list_len > 0) {
288 SCT *sct;
289
290 if (list_len < 2) {
291 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
292 goto err;
293 }
294 n2s(*pp, sct_len);
295 list_len -= 2;
296
297 if (sct_len == 0 || sct_len > list_len) {
298 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
299 goto err;
300 }
301 list_len -= sct_len;
302
303 if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
304 goto err;
305 if (!sk_SCT_push(sk, sct)) {
306 SCT_free(sct);
307 goto err;
308 }
309 }
310
311 if (a != NULL && *a == NULL)
312 *a = sk;
313 return sk;
314
315 err:
316 if (a == NULL || *a == NULL)
317 SCT_LIST_free(sk);
318 return NULL;
319 }
320
i2o_SCT_LIST(const STACK_OF (SCT)* a,unsigned char ** pp)321 int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
322 {
323 int len, sct_len, i, is_pp_new = 0;
324 size_t len2;
325 unsigned char *p = NULL, *p2;
326
327 if (pp != NULL) {
328 if (*pp == NULL) {
329 if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
330 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
331 return -1;
332 }
333 if ((*pp = OPENSSL_malloc(len)) == NULL) {
334 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
335 return -1;
336 }
337 is_pp_new = 1;
338 }
339 p = *pp + 2;
340 }
341
342 len2 = 2;
343 for (i = 0; i < sk_SCT_num(a); i++) {
344 if (pp != NULL) {
345 p2 = p;
346 p += 2;
347 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
348 goto err;
349 s2n(sct_len, p2);
350 } else {
351 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
352 goto err;
353 }
354 len2 += 2 + sct_len;
355 }
356
357 if (len2 > MAX_SCT_LIST_SIZE)
358 goto err;
359
360 if (pp != NULL) {
361 p = *pp;
362 s2n(len2 - 2, p);
363 if (!is_pp_new)
364 *pp += len2;
365 }
366 return len2;
367
368 err:
369 if (is_pp_new) {
370 OPENSSL_free(*pp);
371 *pp = NULL;
372 }
373 return -1;
374 }
375
STACK_OF(SCT)376 STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
377 long len)
378 {
379 ASN1_OCTET_STRING *oct = NULL;
380 STACK_OF(SCT) *sk = NULL;
381 const unsigned char *p;
382
383 p = *pp;
384 if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
385 return NULL;
386
387 p = oct->data;
388 if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
389 *pp += len;
390
391 ASN1_OCTET_STRING_free(oct);
392 return sk;
393 }
394
i2d_SCT_LIST(const STACK_OF (SCT)* a,unsigned char ** out)395 int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
396 {
397 ASN1_OCTET_STRING oct;
398 int len;
399
400 oct.data = NULL;
401 if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
402 return -1;
403
404 len = i2d_ASN1_OCTET_STRING(&oct, out);
405 OPENSSL_free(oct.data);
406 return len;
407 }
408