1 /* 2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifdef OPENSSL_NO_CT 11 # error "CT is disabled" 12 #endif 13 14 #include <limits.h> 15 #include <string.h> 16 17 #include <openssl/asn1.h> 18 #include <openssl/buffer.h> 19 #include <openssl/ct.h> 20 #include <openssl/err.h> 21 22 #include "ct_local.h" 23 24 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) 25 { 26 size_t siglen; 27 size_t len_remaining = len; 28 const unsigned char *p; 29 30 if (sct->version != SCT_VERSION_V1) { 31 ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION); 32 return -1; 33 } 34 /* 35 * digitally-signed struct header: (1 byte) Hash algorithm (1 byte) 36 * Signature algorithm (2 bytes + ?) Signature 37 * 38 * This explicitly rejects empty signatures: they're invalid for 39 * all supported algorithms. 40 */ 41 if (len <= 4) { 42 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); 43 return -1; 44 } 45 46 p = *in; 47 /* Get hash and signature algorithm */ 48 sct->hash_alg = *p++; 49 sct->sig_alg = *p++; 50 if (SCT_get_signature_nid(sct) == NID_undef) { 51 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); 52 return -1; 53 } 54 /* Retrieve signature and check it is consistent with the buffer length */ 55 n2s(p, siglen); 56 len_remaining -= (p - *in); 57 if (siglen > len_remaining) { 58 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); 59 return -1; 60 } 61 62 if (SCT_set1_signature(sct, p, siglen) != 1) 63 return -1; 64 len_remaining -= siglen; 65 *in = p + siglen; 66 67 return len - len_remaining; 68 } 69 70 SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len) 71 { 72 SCT *sct = NULL; 73 const unsigned char *p; 74 75 if (len == 0 || len > MAX_SCT_SIZE) { 76 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); 77 goto err; 78 } 79 80 if ((sct = SCT_new()) == NULL) 81 goto err; 82 83 p = *in; 84 85 sct->version = *p; 86 if (sct->version == SCT_VERSION_V1) { 87 int sig_len; 88 size_t len2; 89 /*- 90 * Fixed-length header: 91 * struct { 92 * Version sct_version; (1 byte) 93 * log_id id; (32 bytes) 94 * uint64 timestamp; (8 bytes) 95 * CtExtensions extensions; (2 bytes + ?) 96 * } 97 */ 98 if (len < 43) { 99 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); 100 goto err; 101 } 102 len -= 43; 103 p++; 104 sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN); 105 if (sct->log_id == NULL) 106 goto err; 107 sct->log_id_len = CT_V1_HASHLEN; 108 p += CT_V1_HASHLEN; 109 110 n2l8(p, sct->timestamp); 111 112 n2s(p, len2); 113 if (len < len2) { 114 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); 115 goto err; 116 } 117 if (len2 > 0) { 118 sct->ext = OPENSSL_memdup(p, len2); 119 if (sct->ext == NULL) 120 goto err; 121 } 122 sct->ext_len = len2; 123 p += len2; 124 len -= len2; 125 126 sig_len = o2i_SCT_signature(sct, &p, len); 127 if (sig_len <= 0) { 128 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); 129 goto err; 130 } 131 len -= sig_len; 132 *in = p + len; 133 } else { 134 /* If not V1 just cache encoding */ 135 sct->sct = OPENSSL_memdup(p, len); 136 if (sct->sct == NULL) 137 goto err; 138 sct->sct_len = len; 139 *in = p + len; 140 } 141 142 if (psct != NULL) { 143 SCT_free(*psct); 144 *psct = sct; 145 } 146 147 return sct; 148 err: 149 SCT_free(sct); 150 return NULL; 151 } 152 153 int i2o_SCT_signature(const SCT *sct, unsigned char **out) 154 { 155 size_t len; 156 unsigned char *p = NULL, *pstart = NULL; 157 158 if (!SCT_signature_is_complete(sct)) { 159 ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); 160 goto err; 161 } 162 163 if (sct->version != SCT_VERSION_V1) { 164 ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION); 165 goto err; 166 } 167 168 /* 169 * (1 byte) Hash algorithm 170 * (1 byte) Signature algorithm 171 * (2 bytes + ?) Signature 172 */ 173 len = 4 + sct->sig_len; 174 175 if (out != NULL) { 176 if (*out != NULL) { 177 p = *out; 178 *out += len; 179 } else { 180 pstart = p = OPENSSL_malloc(len); 181 if (p == NULL) { 182 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); 183 goto err; 184 } 185 *out = p; 186 } 187 188 *p++ = sct->hash_alg; 189 *p++ = sct->sig_alg; 190 s2n(sct->sig_len, p); 191 memcpy(p, sct->sig, sct->sig_len); 192 } 193 194 return len; 195 err: 196 OPENSSL_free(pstart); 197 return -1; 198 } 199 200 int i2o_SCT(const SCT *sct, unsigned char **out) 201 { 202 size_t len; 203 unsigned char *p = NULL, *pstart = NULL; 204 205 if (!SCT_is_complete(sct)) { 206 ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET); 207 goto err; 208 } 209 /* 210 * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) 211 * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions 212 * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 213 * bytes + ?) Signature 214 */ 215 if (sct->version == SCT_VERSION_V1) 216 len = 43 + sct->ext_len + 4 + sct->sig_len; 217 else 218 len = sct->sct_len; 219 220 if (out == NULL) 221 return len; 222 223 if (*out != NULL) { 224 p = *out; 225 *out += len; 226 } else { 227 pstart = p = OPENSSL_malloc(len); 228 if (p == NULL) { 229 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); 230 goto err; 231 } 232 *out = p; 233 } 234 235 if (sct->version == SCT_VERSION_V1) { 236 *p++ = sct->version; 237 memcpy(p, sct->log_id, CT_V1_HASHLEN); 238 p += CT_V1_HASHLEN; 239 l2n8(sct->timestamp, p); 240 s2n(sct->ext_len, p); 241 if (sct->ext_len > 0) { 242 memcpy(p, sct->ext, sct->ext_len); 243 p += sct->ext_len; 244 } 245 if (i2o_SCT_signature(sct, &p) <= 0) 246 goto err; 247 } else { 248 memcpy(p, sct->sct, len); 249 } 250 251 return len; 252 err: 253 OPENSSL_free(pstart); 254 return -1; 255 } 256 257 STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, 258 size_t len) 259 { 260 STACK_OF(SCT) *sk = NULL; 261 size_t list_len, sct_len; 262 263 if (len < 2 || len > MAX_SCT_LIST_SIZE) { 264 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); 265 return NULL; 266 } 267 268 n2s(*pp, list_len); 269 if (list_len != len - 2) { 270 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); 271 return NULL; 272 } 273 274 if (a == NULL || *a == NULL) { 275 sk = sk_SCT_new_null(); 276 if (sk == NULL) 277 return NULL; 278 } else { 279 SCT *sct; 280 281 /* Use the given stack, but empty it first. */ 282 sk = *a; 283 while ((sct = sk_SCT_pop(sk)) != NULL) 284 SCT_free(sct); 285 } 286 287 while (list_len > 0) { 288 SCT *sct; 289 290 if (list_len < 2) { 291 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); 292 goto err; 293 } 294 n2s(*pp, sct_len); 295 list_len -= 2; 296 297 if (sct_len == 0 || sct_len > list_len) { 298 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); 299 goto err; 300 } 301 list_len -= sct_len; 302 303 if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL) 304 goto err; 305 if (!sk_SCT_push(sk, sct)) { 306 SCT_free(sct); 307 goto err; 308 } 309 } 310 311 if (a != NULL && *a == NULL) 312 *a = sk; 313 return sk; 314 315 err: 316 if (a == NULL || *a == NULL) 317 SCT_LIST_free(sk); 318 return NULL; 319 } 320 321 int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) 322 { 323 int len, sct_len, i, is_pp_new = 0; 324 size_t len2; 325 unsigned char *p = NULL, *p2; 326 327 if (pp != NULL) { 328 if (*pp == NULL) { 329 if ((len = i2o_SCT_LIST(a, NULL)) == -1) { 330 ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); 331 return -1; 332 } 333 if ((*pp = OPENSSL_malloc(len)) == NULL) { 334 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); 335 return -1; 336 } 337 is_pp_new = 1; 338 } 339 p = *pp + 2; 340 } 341 342 len2 = 2; 343 for (i = 0; i < sk_SCT_num(a); i++) { 344 if (pp != NULL) { 345 p2 = p; 346 p += 2; 347 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) 348 goto err; 349 s2n(sct_len, p2); 350 } else { 351 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) 352 goto err; 353 } 354 len2 += 2 + sct_len; 355 } 356 357 if (len2 > MAX_SCT_LIST_SIZE) 358 goto err; 359 360 if (pp != NULL) { 361 p = *pp; 362 s2n(len2 - 2, p); 363 if (!is_pp_new) 364 *pp += len2; 365 } 366 return len2; 367 368 err: 369 if (is_pp_new) { 370 OPENSSL_free(*pp); 371 *pp = NULL; 372 } 373 return -1; 374 } 375 376 STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, 377 long len) 378 { 379 ASN1_OCTET_STRING *oct = NULL; 380 STACK_OF(SCT) *sk = NULL; 381 const unsigned char *p; 382 383 p = *pp; 384 if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) 385 return NULL; 386 387 p = oct->data; 388 if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) 389 *pp += len; 390 391 ASN1_OCTET_STRING_free(oct); 392 return sk; 393 } 394 395 int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) 396 { 397 ASN1_OCTET_STRING oct; 398 int len; 399 400 oct.data = NULL; 401 if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) 402 return -1; 403 404 len = i2d_ASN1_OCTET_STRING(&oct, out); 405 OPENSSL_free(oct.data); 406 return len; 407 } 408