Verify SCT signatures

GENERAL=Makefile

LIB=$(TOP)/libcrypto.a

LIBSRC= ct_err.c ct_oct.c ct_prn.c ct_sct.c ct_x509v3.c

LIBOBJ= ct_err.o ct_oct.o ct_prn.o ct_sct.o ct_x509v3.o

LIBSRC= ct_b64.c ct_err.c ct_log.c ct_oct.c ct_prn.c ct_sct.c ct_sct_ctx.c \

        ct_vfy.c ct_x509v3.c

LIBOBJ= ct_b64.o ct_err.o ct_log.o ct_oct.o ct_prn.o ct_sct.o ct_sct_ctx.o \

        ct_vfy.o ct_x509v3.o

SRC= $(LIBSRC)

LIBS=../../libcrypto

SOURCE[../../libcrypto]= ct_err.c ct_oct.c ct_prn.c ct_sct.c ct_x509v3.c

SOURCE[../../libcrypto]= ct_b64.c ct_err.c ct_log.c ct_oct.c ct_prn.c ct_sct.c \

                         ct_sct_ctx.c ct_vfy.c ct_x509v3.c

/*

 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson

 * (steve@openssl.org) for the OpenSSL project 2014.

 */

/* ====================================================================

 * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    licensing@OpenSSL.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 * ====================================================================

 *

 * This product includes cryptographic software written by Eric Young

 * (eay@cryptsoft.com).  This product includes software written by Tim

 * Hudson (tjh@cryptsoft.com).

 *

 */

#include <limits.h>

#include <string.h>

#include <openssl/ct.h>

#include <openssl/err.h>

#include <openssl/evp.h>

/*

 * TODO(robpercival): These macros are getting duplicated all over the place.

 * Is there a single place they should be defined for re-use?

 * Also, is there a good reason they aren't functions?

 */

#define n2s(c,s) ((s=(((unsigned int)((c)[0]))<<8) | \

                     (((unsigned int)((c)[1])))), \

                  c+=2)

/*

 * Decodes the base64 string |in| into |out|.

 * A new string will be malloc'd and assigned to |out|. This will be owned by

 * the caller. Do not provide a pre-allocated string in |out|.

 */

static int CT_base64_decode(const char *in, unsigned char **out)

{

    size_t inlen;

    int outlen;

    unsigned char *outbuf = NULL;

    if (in == NULL || out == NULL) {

        CTerr(CT_F_CT_BASE64_DECODE, ERR_R_PASSED_NULL_PARAMETER);

        goto err;

    }

    inlen = strlen(in);

    if (inlen == 0) {

        *out = NULL;

        return 0;

    }

    outlen = (inlen / 4) * 3;

    outbuf = OPENSSL_malloc(outlen);

    if (outbuf == NULL) {

        CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);

        goto err;

    }

    outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);

    if (outlen < 0) {

        OPENSSL_free(outbuf);

        CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);

        goto err;

    }

    *out = outbuf;

    return outlen;

err:

    OPENSSL_free(outbuf);

    return -1;

}

SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,

                         ct_log_entry_type_t entry_type, uint64_t timestamp,

                         const char *extensions_base64,

                         const char *signature_base64)

{

    SCT *sct;

    unsigned char *dec = NULL;

    int declen;

    if (logid_base64 == NULL ||

        extensions_base64 == NULL ||

        signature_base64 == NULL) {

        CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_PASSED_NULL_PARAMETER);

        return NULL;

    }

    sct = SCT_new();

    if (sct == NULL) {

        CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);

        return NULL;

    }

    /*

     * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we

     * can only construct SCT versions that have been defined.

     */

    if (!SCT_set_version(sct, version)) {

        CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);

        goto err;

    }

    declen = CT_base64_decode(logid_base64, &dec);

    if (declen < 0) {

        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);

        goto err;

    }

    if (!SCT_set0_log_id(sct, dec, declen))

        goto err;

    dec = NULL;

    declen = CT_base64_decode(extensions_base64, &dec);

    if (declen < 0) {

        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);

        goto err;

    }

    SCT_set0_extensions(sct, dec, declen);

    dec = NULL;

    declen = CT_base64_decode(signature_base64, &dec);

    if (declen < 0) {

        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);

        goto err;

    }

    if (o2i_SCT_signature(sct, (const unsigned char **)&dec, declen) <= 0)

        goto err;

    SCT_set_timestamp(sct, timestamp);

    if (!SCT_set_log_entry_type(sct, entry_type))

        goto err;

    return sct;

 err:

    OPENSSL_free(dec);

    SCT_free(sct);

    return NULL;

}

CTLOG *CTLOG_new_from_base64(const char *pkey_base64, const char *name)

{

    unsigned char *pkey_der;

    int pkey_der_len;

    EVP_PKEY *pkey = NULL;

    CTLOG *log = NULL;

    pkey_der_len = CT_base64_decode(pkey_base64, &pkey_der);

    if (pkey_der_len <= 0) {

        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);

        return NULL;

    }

    pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pkey_der, pkey_der_len);

    if (pkey == NULL) {

        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);

        return NULL;

    }

    log = CTLOG_new(pkey, name);

    if (log == NULL) {

        EVP_PKEY_free(pkey);

        return NULL;

    }

    return log;

}

# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CT,0,reason)

static ERR_STRING_DATA CT_str_functs[] = {

    {ERR_FUNC(CT_F_CTLOG_NEW), "CTLOG_new"},

    {ERR_FUNC(CT_F_CTLOG_NEW_FROM_BASE64), "CTLOG_new_from_base64"},

    {ERR_FUNC(CT_F_CTLOG_NEW_FROM_CONF), "CTLOG_new_from_conf"},

    {ERR_FUNC(CT_F_CTLOG_NEW_NULL), "CTLOG_new_null"},

    {ERR_FUNC(CT_F_CTLOG_STORE_GET0_LOG_BY_ID), "CTLOG_STORE_get0_log_by_id"},

    {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_CTX_NEW), "CTLOG_STORE_LOAD_CTX_new"},

    {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_FILE), "CTLOG_STORE_load_file"},

    {ERR_FUNC(CT_F_CT_BASE64_DECODE), "CT_base64_decode"},

    {ERR_FUNC(CT_F_CT_V1_LOG_ID_FROM_PKEY), "CT_v1_log_id_from_pkey"},

    {ERR_FUNC(CT_F_D2I_SCT_LIST), "d2i_SCT_LIST"},

    {ERR_FUNC(CT_F_I2D_SCT_LIST), "i2d_SCT_LIST"},

    {ERR_FUNC(CT_F_I2O_SCT), "i2o_SCT"},

    {ERR_FUNC(CT_F_O2I_SCT), "o2i_SCT"},

    {ERR_FUNC(CT_F_O2I_SCT_LIST), "o2i_SCT_LIST"},

    {ERR_FUNC(CT_F_O2I_SCT_SIGNATURE), "o2i_SCT_signature"},

    {ERR_FUNC(CT_F_SCT_CTX_NEW), "SCT_CTX_new"},

    {ERR_FUNC(CT_F_SCT_NEW), "SCT_new"},

    {ERR_FUNC(CT_F_SCT_NEW_FROM_BASE64), "SCT_new_from_base64"},

    {ERR_FUNC(CT_F_SCT_SET0_LOG_ID), "SCT_set0_log_id"},

    {ERR_FUNC(CT_F_SCT_SET1_EXTENSIONS), "SCT_set1_extensions"},

    {ERR_FUNC(CT_F_SCT_SET1_LOG_ID), "SCT_set1_log_id"},

    {ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"},

    {ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"},

    {ERR_FUNC(CT_F_SCT_SIGNATURE_IS_VALID), "SCT_signature_is_valid"},

    {ERR_FUNC(CT_F_SCT_VERIFY), "SCT_verify"},

    {ERR_FUNC(CT_F_SCT_VERIFY_V1), "SCT_verify_v1"},

    {0, NULL}

};

static ERR_STRING_DATA CT_str_reasons[] = {

    {ERR_REASON(CT_R_BASE64_DECODE_ERROR), "base64 decode error"},

    {ERR_REASON(CT_R_INVALID_LOG_ID_LENGTH), "invalid log id length"},

    {ERR_REASON(CT_R_LOG_CONF_INVALID), "log conf invalid"},

    {ERR_REASON(CT_R_LOG_CONF_INVALID_KEY), "log conf invalid key"},

    {ERR_REASON(CT_R_LOG_CONF_MISSING_DESCRIPTION),

     "log conf missing description"},

    {ERR_REASON(CT_R_LOG_CONF_MISSING_KEY), "log conf missing key"},

    {ERR_REASON(CT_R_LOG_KEY_INVALID), "log key invalid"},

    {ERR_REASON(CT_R_SCT_INVALID), "sct invalid"},

    {ERR_REASON(CT_R_SCT_INVALID_SIGNATURE), "sct invalid signature"},

    {ERR_REASON(CT_R_SCT_LIST_INVALID), "sct list invalid"},

    {ERR_REASON(CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},

    {ERR_REASON(CT_R_SCT_NOT_SET), "sct not set"},

    {ERR_REASON(CT_R_SCT_UNSUPPORTED_VERSION), "sct unsupported version"},

    {ERR_REASON(CT_R_UNRECOGNIZED_SIGNATURE_NID),

     "unrecognized signature nid"},

    {ERR_REASON(CT_R_UNSUPPORTED_ENTRY_TYPE), "unsupported entry type"},

    size_t sig_len;

    /* Log entry type */

    ct_log_entry_type_t entry_type;

    /* Where this SCT was found, e.g. certificate, OCSP response, etc. */

    sct_source_t source;

    /* The CT log that produced this SCT. */

    CTLOG *log;

};

/* Miscellaneous data that is useful when verifying an SCT  */

struct sct_ctx_st {

    /* Public key */

    EVP_PKEY *pkey;

    /* Hash of public key */

    unsigned char *pkeyhash;

    size_t pkeyhashlen;

    /* For pre-certificate: issuer public key hash */

    unsigned char *ihash;

    size_t ihashlen;

    /* certificate encoding */

    unsigned char *certder;

    size_t certderlen;

    /* pre-certificate encoding */

    unsigned char *preder;

    size_t prederlen;

};

/*

 * Creates a new context for verifying an SCT.

 */

SCT_CTX *SCT_CTX_new(void);

/*

 * Deletes an SCT verification context.

 */

void SCT_CTX_free(SCT_CTX *sctx);

/* Sets the certificate that the SCT is related to */

int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);

/* Sets the issuer of the certificate that the SCT is related to */

int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);

/* Sets the public key of the issuer of the certificate that the SCT relates to */

int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);

/* Sets the public key of the CT log that the SCT is from */

int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);

/*

 * Does this SCT have the minimum fields populated to be usuable?

 * Returns 1 if so, 0 otherwise.