]>
Commit | Line | Data |
---|---|---|
8c6afbc5 | 1 | /* |
d2e9e320 | 2 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. |
8c6afbc5 | 3 | * |
5477e842 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8c6afbc5 RP |
8 | */ |
9 | ||
10 | #ifdef OPENSSL_NO_CT | |
11 | # error "CT is disabled" | |
12 | #endif | |
13 | ||
14 | #include <stddef.h> | |
15 | #include <string.h> | |
16 | ||
17 | #include <openssl/err.h> | |
18 | #include <openssl/obj_mac.h> | |
19 | #include <openssl/x509.h> | |
20 | ||
706457b7 | 21 | #include "ct_local.h" |
8c6afbc5 RP |
22 | |
23 | SCT_CTX *SCT_CTX_new(void) | |
24 | { | |
0dfd6cf9 RP |
25 | SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx)); |
26 | ||
8c6afbc5 RP |
27 | if (sctx == NULL) |
28 | CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE); | |
0dfd6cf9 | 29 | |
8c6afbc5 RP |
30 | return sctx; |
31 | } | |
32 | ||
33 | void SCT_CTX_free(SCT_CTX *sctx) | |
34 | { | |
35 | if (sctx == NULL) | |
36 | return; | |
37 | EVP_PKEY_free(sctx->pkey); | |
38 | OPENSSL_free(sctx->pkeyhash); | |
39 | OPENSSL_free(sctx->ihash); | |
40 | OPENSSL_free(sctx->certder); | |
41 | OPENSSL_free(sctx->preder); | |
42 | OPENSSL_free(sctx); | |
43 | } | |
44 | ||
0dfd6cf9 RP |
45 | /* |
46 | * Finds the index of the first extension with the given NID in cert. | |
47 | * If there is more than one extension with that NID, *is_duplicated is set to | |
48 | * 1, otherwise 0 (unless it is NULL). | |
49 | */ | |
50 | static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) | |
8c6afbc5 | 51 | { |
0dfd6cf9 RP |
52 | int ret = X509_get_ext_by_NID(cert, nid, -1); |
53 | ||
54 | if (is_duplicated != NULL) | |
55 | *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0; | |
56 | ||
57 | return ret; | |
8c6afbc5 RP |
58 | } |
59 | ||
60 | /* | |
0dfd6cf9 RP |
61 | * Modifies a certificate by deleting extensions and copying the issuer and |
62 | * AKID from the presigner certificate, if necessary. | |
63 | * Returns 1 on success, 0 otherwise. | |
8c6afbc5 | 64 | */ |
5da65ef2 | 65 | __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) |
8c6afbc5 RP |
66 | { |
67 | int preidx, certidx; | |
0dfd6cf9 RP |
68 | int pre_akid_ext_is_dup, cert_akid_ext_is_dup; |
69 | ||
8c6afbc5 RP |
70 | if (presigner == NULL) |
71 | return 1; | |
0dfd6cf9 RP |
72 | |
73 | preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, | |
74 | &pre_akid_ext_is_dup); | |
75 | certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, | |
76 | &cert_akid_ext_is_dup); | |
77 | ||
78 | /* An error occurred whilst searching for the extension */ | |
79 | if (preidx < -1 || certidx < -1) | |
80 | return 0; | |
81 | /* Invalid certificate if they contain duplicate extensions */ | |
82 | if (pre_akid_ext_is_dup || cert_akid_ext_is_dup) | |
8c6afbc5 RP |
83 | return 0; |
84 | /* AKID must be present in both certificate or absent in both */ | |
85 | if (preidx >= 0 && certidx == -1) | |
86 | return 0; | |
87 | if (preidx == -1 && certidx >= 0) | |
88 | return 0; | |
89 | /* Copy issuer name */ | |
90 | if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) | |
91 | return 0; | |
92 | if (preidx != -1) { | |
93 | /* Retrieve and copy AKID encoding */ | |
94 | X509_EXTENSION *preext = X509_get_ext(presigner, preidx); | |
95 | X509_EXTENSION *certext = X509_get_ext(cert, certidx); | |
96 | ASN1_OCTET_STRING *preextdata; | |
0dfd6cf9 | 97 | |
8c6afbc5 RP |
98 | /* Should never happen */ |
99 | if (preext == NULL || certext == NULL) | |
100 | return 0; | |
101 | preextdata = X509_EXTENSION_get_data(preext); | |
0dfd6cf9 RP |
102 | if (preextdata == NULL || |
103 | !X509_EXTENSION_set_data(certext, preextdata)) | |
8c6afbc5 RP |
104 | return 0; |
105 | } | |
106 | return 1; | |
107 | } | |
108 | ||
109 | int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) | |
110 | { | |
111 | unsigned char *certder = NULL, *preder = NULL; | |
112 | X509 *pretmp = NULL; | |
113 | int certderlen = 0, prederlen = 0; | |
0dfd6cf9 RP |
114 | int idx = -1; |
115 | int poison_ext_is_dup, sct_ext_is_dup; | |
116 | int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup); | |
117 | ||
98af7310 | 118 | /* Duplicate poison extensions are present - error */ |
0dfd6cf9 | 119 | if (poison_ext_is_dup) |
8c6afbc5 | 120 | goto err; |
0dfd6cf9 | 121 | |
98af7310 | 122 | /* If *cert doesn't have a poison extension, it isn't a precert */ |
0dfd6cf9 | 123 | if (poison_idx == -1) { |
98af7310 | 124 | /* cert isn't a precert, so we shouldn't have a presigner */ |
0dfd6cf9 | 125 | if (presigner != NULL) |
8c6afbc5 | 126 | goto err; |
0dfd6cf9 | 127 | |
8c6afbc5 RP |
128 | certderlen = i2d_X509(cert, &certder); |
129 | if (certderlen < 0) | |
130 | goto err; | |
131 | } | |
0dfd6cf9 | 132 | |
98af7310 | 133 | /* See if cert has a precert SCTs extension */ |
0dfd6cf9 | 134 | idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); |
98af7310 | 135 | /* Duplicate SCT extensions are present - error */ |
0dfd6cf9 | 136 | if (sct_ext_is_dup) |
8c6afbc5 | 137 | goto err; |
0dfd6cf9 | 138 | |
98af7310 RP |
139 | if (idx >= 0 && poison_idx >= 0) { |
140 | /* | |
141 | * cert can't both contain SCTs (i.e. have an SCT extension) and be a | |
142 | * precert (i.e. have a poison extension). | |
143 | */ | |
144 | goto err; | |
145 | } | |
146 | ||
147 | if (idx == -1) { | |
0dfd6cf9 RP |
148 | idx = poison_idx; |
149 | } | |
150 | ||
98af7310 RP |
151 | /* |
152 | * If either a poison or SCT extension is present, remove it before encoding | |
153 | * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see | |
154 | * RFC5280) from cert, which is what the CT log signed when it produced the | |
155 | * SCT. | |
156 | */ | |
8c6afbc5 RP |
157 | if (idx >= 0) { |
158 | X509_EXTENSION *ext; | |
0dfd6cf9 RP |
159 | |
160 | /* Take a copy of certificate so we don't modify passed version */ | |
8c6afbc5 RP |
161 | pretmp = X509_dup(cert); |
162 | if (pretmp == NULL) | |
163 | goto err; | |
0dfd6cf9 | 164 | |
8c6afbc5 RP |
165 | ext = X509_delete_ext(pretmp, idx); |
166 | X509_EXTENSION_free(ext); | |
0dfd6cf9 RP |
167 | |
168 | if (!ct_x509_cert_fixup(pretmp, presigner)) | |
8c6afbc5 RP |
169 | goto err; |
170 | ||
171 | prederlen = i2d_re_X509_tbs(pretmp, &preder); | |
172 | if (prederlen <= 0) | |
173 | goto err; | |
174 | } | |
175 | ||
176 | X509_free(pretmp); | |
177 | ||
178 | OPENSSL_free(sctx->certder); | |
179 | sctx->certder = certder; | |
180 | sctx->certderlen = certderlen; | |
181 | ||
182 | OPENSSL_free(sctx->preder); | |
183 | sctx->preder = preder; | |
184 | sctx->prederlen = prederlen; | |
185 | ||
186 | return 1; | |
0dfd6cf9 | 187 | err: |
8c6afbc5 RP |
188 | OPENSSL_free(certder); |
189 | OPENSSL_free(preder); | |
190 | X509_free(pretmp); | |
191 | return 0; | |
192 | } | |
193 | ||
5da65ef2 RP |
194 | __owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, |
195 | size_t *hash_len) | |
8c6afbc5 | 196 | { |
5da65ef2 | 197 | int ret = 0; |
8c6afbc5 RP |
198 | unsigned char *md = NULL, *der = NULL; |
199 | int der_len; | |
200 | unsigned int md_len; | |
0dfd6cf9 | 201 | |
8c6afbc5 RP |
202 | /* Reuse buffer if possible */ |
203 | if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) { | |
204 | md = *hash; | |
205 | } else { | |
206 | md = OPENSSL_malloc(SHA256_DIGEST_LENGTH); | |
207 | if (md == NULL) | |
0dfd6cf9 | 208 | goto err; |
8c6afbc5 RP |
209 | } |
210 | ||
211 | /* Calculate key hash */ | |
212 | der_len = i2d_X509_PUBKEY(pkey, &der); | |
213 | if (der_len <= 0) | |
214 | goto err; | |
0dfd6cf9 | 215 | |
8c6afbc5 RP |
216 | if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL)) |
217 | goto err; | |
0dfd6cf9 | 218 | |
8c6afbc5 RP |
219 | if (md != *hash) { |
220 | OPENSSL_free(*hash); | |
221 | *hash = md; | |
222 | *hash_len = SHA256_DIGEST_LENGTH; | |
223 | } | |
0dfd6cf9 | 224 | |
8c6afbc5 RP |
225 | md = NULL; |
226 | ret = 1; | |
227 | err: | |
228 | OPENSSL_free(md); | |
229 | OPENSSL_free(der); | |
230 | return ret; | |
231 | } | |
232 | ||
233 | int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer) | |
234 | { | |
5da65ef2 | 235 | return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer)); |
8c6afbc5 RP |
236 | } |
237 | ||
238 | int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) | |
239 | { | |
0dfd6cf9 | 240 | return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen); |
8c6afbc5 RP |
241 | } |
242 | ||
243 | int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) | |
244 | { | |
245 | EVP_PKEY *pkey = X509_PUBKEY_get(pubkey); | |
0dfd6cf9 | 246 | |
8c6afbc5 RP |
247 | if (pkey == NULL) |
248 | return 0; | |
249 | ||
0dfd6cf9 | 250 | if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) { |
8c6afbc5 RP |
251 | EVP_PKEY_free(pkey); |
252 | return 0; | |
253 | } | |
254 | ||
255 | EVP_PKEY_free(sctx->pkey); | |
256 | sctx->pkey = pkey; | |
257 | return 1; | |
258 | } | |
1fa9ffd9 RP |
259 | |
260 | void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms) | |
261 | { | |
262 | sctx->epoch_time_in_ms = time_in_ms; | |
263 | } |