| 1 | /* |
|---|---|
| 2 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #ifdef OPENSSL_NO_CT |
| 11 | # error "CT is disabled" |
| 12 | #endif |
| 13 | |
| 14 | #include <limits.h> |
| 15 | #include <string.h> |
| 16 | |
| 17 | #include <openssl/asn1.h> |
| 18 | #include <openssl/buffer.h> |
| 19 | #include <openssl/ct.h> |
| 20 | #include <openssl/err.h> |
| 21 | |
| 22 | #include "ct_local.h" |
| 23 | |
| 24 | int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) |
| 25 | { |
| 26 | size_t siglen; |
| 27 | size_t len_remaining = len; |
| 28 | const unsigned char *p; |
| 29 | |
| 30 | if (sct->version != SCT_VERSION_V1) { |
| 31 | CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION); |
| 32 | return -1; |
| 33 | } |
| 34 | /* |
| 35 | * digitally-signed struct header: (1 byte) Hash algorithm (1 byte) |
| 36 | * Signature algorithm (2 bytes + ?) Signature |
| 37 | * |
| 38 | * This explicitly rejects empty signatures: they're invalid for |
| 39 | * all supported algorithms. |
| 40 | */ |
| 41 | if (len <= 4) { |
| 42 | CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE); |
| 43 | return -1; |
| 44 | } |
| 45 | |
| 46 | p = *in; |
| 47 | /* Get hash and signature algorithm */ |
| 48 | sct->hash_alg = *p++; |
| 49 | sct->sig_alg = *p++; |
| 50 | if (SCT_get_signature_nid(sct) == NID_undef) { |
| 51 | CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE); |
| 52 | return -1; |
| 53 | } |
| 54 | /* Retrieve signature and check it is consistent with the buffer length */ |
| 55 | n2s(p, siglen); |
| 56 | len_remaining -= (p - *in); |
| 57 | if (siglen > len_remaining) { |
| 58 | CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE); |
| 59 | return -1; |
| 60 | } |
| 61 | |
| 62 | if (SCT_set1_signature(sct, p, siglen) != 1) |
| 63 | return -1; |
| 64 | len_remaining -= siglen; |
| 65 | *in = p + siglen; |
| 66 | |
| 67 | return len - len_remaining; |
| 68 | } |
| 69 | |
| 70 | SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len) |
| 71 | { |
| 72 | SCT *sct = NULL; |
| 73 | const unsigned char *p; |
| 74 | |
| 75 | if (len == 0 || len > MAX_SCT_SIZE) { |
| 76 | CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); |
| 77 | goto err; |
| 78 | } |
| 79 | |
| 80 | if ((sct = SCT_new()) == NULL) |
| 81 | goto err; |
| 82 | |
| 83 | p = *in; |
| 84 | |
| 85 | sct->version = *p; |
| 86 | if (sct->version == SCT_VERSION_V1) { |
| 87 | int sig_len; |
| 88 | size_t len2; |
| 89 | /*- |
| 90 | * Fixed-length header: |
| 91 | * struct { |
| 92 | * Version sct_version; (1 byte) |
| 93 | * log_id id; (32 bytes) |
| 94 | * uint64 timestamp; (8 bytes) |
| 95 | * CtExtensions extensions; (2 bytes + ?) |
| 96 | * } |
| 97 | */ |
| 98 | if (len < 43) { |
| 99 | CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); |
| 100 | goto err; |
| 101 | } |
| 102 | len -= 43; |
| 103 | p++; |
| 104 | sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN); |
| 105 | if (sct->log_id == NULL) |
| 106 | goto err; |
| 107 | sct->log_id_len = CT_V1_HASHLEN; |
| 108 | p += CT_V1_HASHLEN; |
| 109 | |
| 110 | n2l8(p, sct->timestamp); |
| 111 | |
| 112 | n2s(p, len2); |
| 113 | if (len < len2) { |
| 114 | CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); |
| 115 | goto err; |
| 116 | } |
| 117 | if (len2 > 0) { |
| 118 | sct->ext = OPENSSL_memdup(p, len2); |
| 119 | if (sct->ext == NULL) |
| 120 | goto err; |
| 121 | } |
| 122 | sct->ext_len = len2; |
| 123 | p += len2; |
| 124 | len -= len2; |
| 125 | |
| 126 | sig_len = o2i_SCT_signature(sct, &p, len); |
| 127 | if (sig_len <= 0) { |
| 128 | CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); |
| 129 | goto err; |
| 130 | } |
| 131 | len -= sig_len; |
| 132 | *in = p + len; |
| 133 | } else { |
| 134 | /* If not V1 just cache encoding */ |
| 135 | sct->sct = OPENSSL_memdup(p, len); |
| 136 | if (sct->sct == NULL) |
| 137 | goto err; |
| 138 | sct->sct_len = len; |
| 139 | *in = p + len; |
| 140 | } |
| 141 | |
| 142 | if (psct != NULL) { |
| 143 | SCT_free(*psct); |
| 144 | *psct = sct; |
| 145 | } |
| 146 | |
| 147 | return sct; |
| 148 | err: |
| 149 | SCT_free(sct); |
| 150 | return NULL; |
| 151 | } |
| 152 | |
| 153 | int i2o_SCT_signature(const SCT *sct, unsigned char **out) |
| 154 | { |
| 155 | size_t len; |
| 156 | unsigned char *p = NULL, *pstart = NULL; |
| 157 | |
| 158 | if (!SCT_signature_is_complete(sct)) { |
| 159 | CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE); |
| 160 | goto err; |
| 161 | } |
| 162 | |
| 163 | if (sct->version != SCT_VERSION_V1) { |
| 164 | CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION); |
| 165 | goto err; |
| 166 | } |
| 167 | |
| 168 | /* |
| 169 | * (1 byte) Hash algorithm |
| 170 | * (1 byte) Signature algorithm |
| 171 | * (2 bytes + ?) Signature |
| 172 | */ |
| 173 | len = 4 + sct->sig_len; |
| 174 | |
| 175 | if (out != NULL) { |
| 176 | if (*out != NULL) { |
| 177 | p = *out; |
| 178 | *out += len; |
| 179 | } else { |
| 180 | pstart = p = OPENSSL_malloc(len); |
| 181 | if (p == NULL) { |
| 182 | CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE); |
| 183 | goto err; |
| 184 | } |
| 185 | *out = p; |
| 186 | } |
| 187 | |
| 188 | *p++ = sct->hash_alg; |
| 189 | *p++ = sct->sig_alg; |
| 190 | s2n(sct->sig_len, p); |
| 191 | memcpy(p, sct->sig, sct->sig_len); |
| 192 | } |
| 193 | |
| 194 | return len; |
| 195 | err: |
| 196 | OPENSSL_free(pstart); |
| 197 | return -1; |
| 198 | } |
| 199 | |
| 200 | int i2o_SCT(const SCT *sct, unsigned char **out) |
| 201 | { |
| 202 | size_t len; |
| 203 | unsigned char *p = NULL, *pstart = NULL; |
| 204 | |
| 205 | if (!SCT_is_complete(sct)) { |
| 206 | CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET); |
| 207 | goto err; |
| 208 | } |
| 209 | /* |
| 210 | * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) |
| 211 | * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions |
| 212 | * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 |
| 213 | * bytes + ?) Signature |
| 214 | */ |
| 215 | if (sct->version == SCT_VERSION_V1) |
| 216 | len = 43 + sct->ext_len + 4 + sct->sig_len; |
| 217 | else |
| 218 | len = sct->sct_len; |
| 219 | |
| 220 | if (out == NULL) |
| 221 | return len; |
| 222 | |
| 223 | if (*out != NULL) { |
| 224 | p = *out; |
| 225 | *out += len; |
| 226 | } else { |
| 227 | pstart = p = OPENSSL_malloc(len); |
| 228 | if (p == NULL) { |
| 229 | CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE); |
| 230 | goto err; |
| 231 | } |
| 232 | *out = p; |
| 233 | } |
| 234 | |
| 235 | if (sct->version == SCT_VERSION_V1) { |
| 236 | *p++ = sct->version; |
| 237 | memcpy(p, sct->log_id, CT_V1_HASHLEN); |
| 238 | p += CT_V1_HASHLEN; |
| 239 | l2n8(sct->timestamp, p); |
| 240 | s2n(sct->ext_len, p); |
| 241 | if (sct->ext_len > 0) { |
| 242 | memcpy(p, sct->ext, sct->ext_len); |
| 243 | p += sct->ext_len; |
| 244 | } |
| 245 | if (i2o_SCT_signature(sct, &p) <= 0) |
| 246 | goto err; |
| 247 | } else { |
| 248 | memcpy(p, sct->sct, len); |
| 249 | } |
| 250 | |
| 251 | return len; |
| 252 | err: |
| 253 | OPENSSL_free(pstart); |
| 254 | return -1; |
| 255 | } |
| 256 | |
| 257 | STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, |
| 258 | size_t len) |
| 259 | { |
| 260 | STACK_OF(SCT) *sk = NULL; |
| 261 | size_t list_len, sct_len; |
| 262 | |
| 263 | if (len < 2 || len > MAX_SCT_LIST_SIZE) { |
| 264 | CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID); |
| 265 | return NULL; |
| 266 | } |
| 267 | |
| 268 | n2s(*pp, list_len); |
| 269 | if (list_len != len - 2) { |
| 270 | CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID); |
| 271 | return NULL; |
| 272 | } |
| 273 | |
| 274 | if (a == NULL || *a == NULL) { |
| 275 | sk = sk_SCT_new_null(); |
| 276 | if (sk == NULL) |
| 277 | return NULL; |
| 278 | } else { |
| 279 | SCT *sct; |
| 280 | |
| 281 | /* Use the given stack, but empty it first. */ |
| 282 | sk = *a; |
| 283 | while ((sct = sk_SCT_pop(sk)) != NULL) |
| 284 | SCT_free(sct); |
| 285 | } |
| 286 | |
| 287 | while (list_len > 0) { |
| 288 | SCT *sct; |
| 289 | |
| 290 | if (list_len < 2) { |
| 291 | CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID); |
| 292 | goto err; |
| 293 | } |
| 294 | n2s(*pp, sct_len); |
| 295 | list_len -= 2; |
| 296 | |
| 297 | if (sct_len == 0 || sct_len > list_len) { |
| 298 | CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID); |
| 299 | goto err; |
| 300 | } |
| 301 | list_len -= sct_len; |
| 302 | |
| 303 | if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL) |
| 304 | goto err; |
| 305 | if (!sk_SCT_push(sk, sct)) { |
| 306 | SCT_free(sct); |
| 307 | goto err; |
| 308 | } |
| 309 | } |
| 310 | |
| 311 | if (a != NULL && *a == NULL) |
| 312 | *a = sk; |
| 313 | return sk; |
| 314 | |
| 315 | err: |
| 316 | if (a == NULL || *a == NULL) |
| 317 | SCT_LIST_free(sk); |
| 318 | return NULL; |
| 319 | } |
| 320 | |
| 321 | int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) |
| 322 | { |
| 323 | int len, sct_len, i, is_pp_new = 0; |
| 324 | size_t len2; |
| 325 | unsigned char *p = NULL, *p2; |
| 326 | |
| 327 | if (pp != NULL) { |
| 328 | if (*pp == NULL) { |
| 329 | if ((len = i2o_SCT_LIST(a, NULL)) == -1) { |
| 330 | CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID); |
| 331 | return -1; |
| 332 | } |
| 333 | if ((*pp = OPENSSL_malloc(len)) == NULL) { |
| 334 | CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE); |
| 335 | return -1; |
| 336 | } |
| 337 | is_pp_new = 1; |
| 338 | } |
| 339 | p = *pp + 2; |
| 340 | } |
| 341 | |
| 342 | len2 = 2; |
| 343 | for (i = 0; i < sk_SCT_num(a); i++) { |
| 344 | if (pp != NULL) { |
| 345 | p2 = p; |
| 346 | p += 2; |
| 347 | if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) |
| 348 | goto err; |
| 349 | s2n(sct_len, p2); |
| 350 | } else { |
| 351 | if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) |
| 352 | goto err; |
| 353 | } |
| 354 | len2 += 2 + sct_len; |
| 355 | } |
| 356 | |
| 357 | if (len2 > MAX_SCT_LIST_SIZE) |
| 358 | goto err; |
| 359 | |
| 360 | if (pp != NULL) { |
| 361 | p = *pp; |
| 362 | s2n(len2 - 2, p); |
| 363 | if (!is_pp_new) |
| 364 | *pp += len2; |
| 365 | } |
| 366 | return len2; |
| 367 | |
| 368 | err: |
| 369 | if (is_pp_new) { |
| 370 | OPENSSL_free(*pp); |
| 371 | *pp = NULL; |
| 372 | } |
| 373 | return -1; |
| 374 | } |
| 375 | |
| 376 | STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, |
| 377 | long len) |
| 378 | { |
| 379 | ASN1_OCTET_STRING *oct = NULL; |
| 380 | STACK_OF(SCT) *sk = NULL; |
| 381 | const unsigned char *p; |
| 382 | |
| 383 | p = *pp; |
| 384 | if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) |
| 385 | return NULL; |
| 386 | |
| 387 | p = oct->data; |
| 388 | if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) |
| 389 | *pp += len; |
| 390 | |
| 391 | ASN1_OCTET_STRING_free(oct); |
| 392 | return sk; |
| 393 | } |
| 394 | |
| 395 | int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) |
| 396 | { |
| 397 | ASN1_OCTET_STRING oct; |
| 398 | int len; |
| 399 | |
| 400 | oct.data = NULL; |
| 401 | if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) |
| 402 | return -1; |
| 403 | |
| 404 | len = i2d_ASN1_OCTET_STRING(&oct, out); |
| 405 | OPENSSL_free(oct.data); |
| 406 | return len; |
| 407 | } |
| 408 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.