1 /*
2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #ifdef OPENSSL_NO_CT
11 # error "CT is disabled"
12 #endif
13
14 #include <limits.h>
15 #include <string.h>
16
17 #include <openssl/asn1.h>
18 #include <openssl/buffer.h>
19 #include <openssl/ct.h>
20 #include <openssl/err.h>
21
22 #include "ct_local.h"
23
o2i_SCT_signature(SCT * sct,const unsigned char ** in,size_t len)24 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
25 {
26 size_t siglen;
27 size_t len_remaining = len;
28 const unsigned char *p;
29
30 if (sct->version != SCT_VERSION_V1) {
31 ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
32 return -1;
33 }
34 /*
35 * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
36 * Signature algorithm (2 bytes + ?) Signature
37 *
38 * This explicitly rejects empty signatures: they're invalid for
39 * all supported algorithms.
40 */
41 if (len <= 4) {
42 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
43 return -1;
44 }
45
46 p = *in;
47 /* Get hash and signature algorithm */
48 sct->hash_alg = *p++;
49 sct->sig_alg = *p++;
50 if (SCT_get_signature_nid(sct) == NID_undef) {
51 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
52 return -1;
53 }
54 /* Retrieve signature and check it is consistent with the buffer length */
55 n2s(p, siglen);
56 len_remaining -= (p - *in);
57 if (siglen > len_remaining) {
58 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
59 return -1;
60 }
61
62 if (SCT_set1_signature(sct, p, siglen) != 1)
63 return -1;
64 len_remaining -= siglen;
65 *in = p + siglen;
66
67 return (int)(len - len_remaining);
68 }
69
o2i_SCT(SCT ** psct,const unsigned char ** in,size_t len)70 SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
71 {
72 SCT *sct = NULL;
73 const unsigned char *p;
74
75 if (len == 0 || len > MAX_SCT_SIZE) {
76 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
77 goto err;
78 }
79
80 if ((sct = SCT_new()) == NULL)
81 goto err;
82
83 p = *in;
84
85 sct->version = *p;
86 if (sct->version == SCT_VERSION_V1) {
87 int sig_len;
88 size_t len2;
89 /*-
90 * Fixed-length header:
91 * struct {
92 * Version sct_version; (1 byte)
93 * log_id id; (32 bytes)
94 * uint64 timestamp; (8 bytes)
95 * CtExtensions extensions; (2 bytes + ?)
96 * }
97 */
98 if (len < 43) {
99 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
100 goto err;
101 }
102 len -= 43;
103 p++;
104 sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN);
105 if (sct->log_id == NULL)
106 goto err;
107 sct->log_id_len = CT_V1_HASHLEN;
108 p += CT_V1_HASHLEN;
109
110 n2l8(p, sct->timestamp);
111
112 n2s(p, len2);
113 if (len < len2) {
114 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
115 goto err;
116 }
117 if (len2 > 0) {
118 sct->ext = OPENSSL_memdup(p, len2);
119 if (sct->ext == NULL)
120 goto err;
121 }
122 sct->ext_len = len2;
123 p += len2;
124 len -= len2;
125
126 sig_len = o2i_SCT_signature(sct, &p, len);
127 if (sig_len <= 0) {
128 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
129 goto err;
130 }
131 len -= sig_len;
132 *in = p + len;
133 } else {
134 /* If not V1 just cache encoding */
135 sct->sct = OPENSSL_memdup(p, len);
136 if (sct->sct == NULL)
137 goto err;
138 sct->sct_len = len;
139 *in = p + len;
140 }
141
142 if (psct != NULL) {
143 SCT_free(*psct);
144 *psct = sct;
145 }
146
147 return sct;
148 err:
149 SCT_free(sct);
150 return NULL;
151 }
152
i2o_SCT_signature(const SCT * sct,unsigned char ** out)153 int i2o_SCT_signature(const SCT *sct, unsigned char **out)
154 {
155 size_t len;
156 unsigned char *p = NULL, *pstart = NULL;
157
158 if (!SCT_signature_is_complete(sct)) {
159 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
160 goto err;
161 }
162
163 if (sct->version != SCT_VERSION_V1) {
164 ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
165 goto err;
166 }
167
168 /*
169 * (1 byte) Hash algorithm
170 * (1 byte) Signature algorithm
171 * (2 bytes + ?) Signature
172 */
173 len = 4 + sct->sig_len;
174
175 if (out != NULL) {
176 if (*out != NULL) {
177 p = *out;
178 *out += len;
179 } else {
180 pstart = p = OPENSSL_malloc(len);
181 if (p == NULL)
182 goto err;
183 *out = p;
184 }
185
186 *p++ = sct->hash_alg;
187 *p++ = sct->sig_alg;
188 s2n(sct->sig_len, p);
189 memcpy(p, sct->sig, sct->sig_len);
190 }
191
192 return (int)len;
193 err:
194 OPENSSL_free(pstart);
195 return -1;
196 }
197
i2o_SCT(const SCT * sct,unsigned char ** out)198 int i2o_SCT(const SCT *sct, unsigned char **out)
199 {
200 size_t len;
201 unsigned char *p = NULL, *pstart = NULL;
202
203 if (!SCT_is_complete(sct)) {
204 ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
205 goto err;
206 }
207 /*
208 * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
209 * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
210 * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
211 * bytes + ?) Signature
212 */
213 if (sct->version == SCT_VERSION_V1)
214 len = 43 + sct->ext_len + 4 + sct->sig_len;
215 else
216 len = sct->sct_len;
217
218 if (len > INT_MAX)
219 return -1;
220 if (out == NULL)
221 return (int)len;
222
223 if (*out != NULL) {
224 p = *out;
225 *out += len;
226 } else {
227 pstart = p = OPENSSL_malloc(len);
228 if (p == NULL)
229 goto err;
230 *out = p;
231 }
232
233 if (sct->version == SCT_VERSION_V1) {
234 *p++ = sct->version;
235 memcpy(p, sct->log_id, CT_V1_HASHLEN);
236 p += CT_V1_HASHLEN;
237 l2n8(sct->timestamp, p);
238 s2n(sct->ext_len, p);
239 if (sct->ext_len > 0) {
240 memcpy(p, sct->ext, sct->ext_len);
241 p += sct->ext_len;
242 }
243 if (i2o_SCT_signature(sct, &p) <= 0)
244 goto err;
245 } else {
246 memcpy(p, sct->sct, len);
247 }
248
249 return (int)len;
250 err:
251 OPENSSL_free(pstart);
252 return -1;
253 }
254
STACK_OF(SCT)255 STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
256 size_t len)
257 {
258 STACK_OF(SCT) *sk = NULL;
259 size_t list_len, sct_len;
260
261 if (len < 2 || len > MAX_SCT_LIST_SIZE) {
262 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
263 return NULL;
264 }
265
266 n2s(*pp, list_len);
267 if (list_len != len - 2) {
268 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
269 return NULL;
270 }
271
272 if (a == NULL || *a == NULL) {
273 sk = sk_SCT_new_null();
274 if (sk == NULL)
275 return NULL;
276 } else {
277 SCT *sct;
278
279 /* Use the given stack, but empty it first. */
280 sk = *a;
281 while ((sct = sk_SCT_pop(sk)) != NULL)
282 SCT_free(sct);
283 }
284
285 while (list_len > 0) {
286 SCT *sct;
287
288 if (list_len < 2) {
289 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
290 goto err;
291 }
292 n2s(*pp, sct_len);
293 list_len -= 2;
294
295 if (sct_len == 0 || sct_len > list_len) {
296 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
297 goto err;
298 }
299 list_len -= sct_len;
300
301 if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
302 goto err;
303 if (!sk_SCT_push(sk, sct)) {
304 SCT_free(sct);
305 goto err;
306 }
307 }
308
309 if (a != NULL && *a == NULL)
310 *a = sk;
311 return sk;
312
313 err:
314 if (a == NULL || *a == NULL)
315 SCT_LIST_free(sk);
316 return NULL;
317 }
318
i2o_SCT_LIST(const STACK_OF (SCT)* a,unsigned char ** pp)319 int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
320 {
321 int len, sct_len, i, is_pp_new = 0;
322 size_t len2;
323 unsigned char *p = NULL, *p2;
324
325 if (pp != NULL) {
326 if (*pp == NULL) {
327 if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
328 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
329 return -1;
330 }
331 if ((*pp = OPENSSL_malloc(len)) == NULL)
332 return -1;
333 is_pp_new = 1;
334 }
335 p = *pp + 2;
336 }
337
338 len2 = 2;
339 for (i = 0; i < sk_SCT_num(a); i++) {
340 if (pp != NULL) {
341 p2 = p;
342 p += 2;
343 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
344 goto err;
345 s2n(sct_len, p2);
346 } else {
347 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
348 goto err;
349 }
350 len2 += 2 + sct_len;
351 }
352
353 if (len2 > MAX_SCT_LIST_SIZE)
354 goto err;
355
356 if (pp != NULL) {
357 p = *pp;
358 s2n(len2 - 2, p);
359 if (!is_pp_new)
360 *pp += len2;
361 }
362 return (int)len2;
363
364 err:
365 if (is_pp_new) {
366 OPENSSL_free(*pp);
367 *pp = NULL;
368 }
369 return -1;
370 }
371
STACK_OF(SCT)372 STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
373 long len)
374 {
375 ASN1_OCTET_STRING *oct = NULL;
376 STACK_OF(SCT) *sk = NULL;
377 const unsigned char *p;
378
379 p = *pp;
380 if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
381 return NULL;
382
383 p = oct->data;
384 if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
385 *pp += len;
386
387 ASN1_OCTET_STRING_free(oct);
388 return sk;
389 }
390
i2d_SCT_LIST(const STACK_OF (SCT)* a,unsigned char ** out)391 int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
392 {
393 ASN1_OCTET_STRING oct;
394 int len;
395
396 oct.data = NULL;
397 if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
398 return -1;
399
400 len = i2d_ASN1_OCTET_STRING(&oct, out);
401 OPENSSL_free(oct.data);
402 return len;
403 }
404