[thirdparty/openssl.git] / crypto / ct / ct_vfy.c

/*
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>

#include <openssl/ct.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>

#include "ct_local.h"

typedef enum sct_signature_type_t {
    SIGNATURE_TYPE_NOT_SET = -1,
    SIGNATURE_TYPE_CERT_TIMESTAMP,
    SIGNATURE_TYPE_TREE_HASH
} SCT_SIGNATURE_TYPE;

/*
 * Update encoding for SCT signature verification/generation to supplied
 * EVP_MD_CTX.
 */
static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
{
    unsigned char tmpbuf[12];
    unsigned char *p, *der;
    size_t derlen;
    /*+
     * digitally-signed struct {
     *   (1 byte) Version sct_version;
     *   (1 byte) SignatureType signature_type = certificate_timestamp;
     *   (8 bytes) uint64 timestamp;
     *   (2 bytes) LogEntryType entry_type;
     *   (? bytes) select(entry_type) {
     *     case x509_entry: ASN.1Cert;
     *     case precert_entry: PreCert;
     *   } signed_entry;
     *   (2 bytes + sct->ext_len) CtExtensions extensions;
     * }
     */
    if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
        return 0;
    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
        return 0;

    p = tmpbuf;
    *p++ = sct->version;
    *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
    l2n8(sct->timestamp, p);
    s2n(sct->entry_type, p);

    if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
        return 0;

    if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
        der = sctx->certder;
        derlen = sctx->certderlen;
    } else {
        if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
            return 0;
        der = sctx->preder;
        derlen = sctx->prederlen;
    }

    /* If no encoding available, fatal error */
    if (der == NULL)
        return 0;

    /* Include length first */
    p = tmpbuf;
    l2n3(derlen, p);

    if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
        return 0;
    if (!EVP_DigestUpdate(ctx, der, derlen))
        return 0;

    /* Add any extensions */
    p = tmpbuf;
    s2n(sct->ext_len, p);
    if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
        return 0;

    if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
        return 0;

    return 1;
}

int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
{
    EVP_MD_CTX *ctx = NULL;
    int ret = 0;

    if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
        sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
        (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
        return 0;
    }
    if (sct->version != SCT_VERSION_V1) {
        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
        return 0;
    }
    if (sct->log_id_len != sctx->pkeyhashlen ||
        memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
        return 0;
    }
    if (sct->timestamp > sctx->epoch_time_in_ms) {
        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP);
        return 0;
    }

    ctx = EVP_MD_CTX_new();
    if (ctx == NULL)
        goto end;

    if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
        goto end;

    if (!sct_ctx_update(ctx, sctx, sct))
        goto end;

    /* Verify signature */
    ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
    /* If ret < 0 some other error: fall through without setting error */
    if (ret == 0)
        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);

end:
    EVP_MD_CTX_free(ctx);
    return ret;
}
Commit	Line	Data
8c6afbc5	1	/*
d2e9e320	2	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
8c6afbc5	3	*
5477e842	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
d2e9e320 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
8c6afbc5 RP	8	*/
	9
	10	#include <string.h>
	11
	12	#include <openssl/ct.h>
	13	#include <openssl/err.h>
	14	#include <openssl/evp.h>
	15	#include <openssl/x509.h>
	16
706457b7	17	#include "ct_local.h"
8c6afbc5	18
8c6afbc5 RP	19	typedef enum sct_signature_type_t {
	20	SIGNATURE_TYPE_NOT_SET = -1,
	21	SIGNATURE_TYPE_CERT_TIMESTAMP,
	22	SIGNATURE_TYPE_TREE_HASH
	23	} SCT_SIGNATURE_TYPE;
	24
	25	/*
	26	* Update encoding for SCT signature verification/generation to supplied
	27	* EVP_MD_CTX.
	28	*/
	29	static int sct_ctx_update(EVP_MD_CTX ctx, const SCT_CTX sctx, const SCT *sct)
	30	{
	31	unsigned char tmpbuf[12];
	32	unsigned char p, der;
	33	size_t derlen;
0dfd6cf9 RP	34	/*+
	35	* digitally-signed struct {
	36	* (1 byte) Version sct_version;
	37	* (1 byte) SignatureType signature_type = certificate_timestamp;
	38	* (8 bytes) uint64 timestamp;
	39	* (2 bytes) LogEntryType entry_type;
	40	* (? bytes) select(entry_type) {
	41	* case x509_entry: ASN.1Cert;
	42	* case precert_entry: PreCert;
	43	* } signed_entry;
	44	* (2 bytes + sct->ext_len) CtExtensions extensions;
	45	* }
8c6afbc5	46	*/
8c6afbc5 RP	47	if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
8c6afbc5 RP	48	return 0;
8c6afbc5 RP	49	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
	50	return 0;
	51
	52	p = tmpbuf;
8c6afbc5 RP	53	*p++ = sct->version;
	54	*p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
	55	l2n8(sct->timestamp, p);
	56	s2n(sct->entry_type, p);
	57
	58	if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
	59	return 0;
	60
	61	if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
	62	der = sctx->certder;
	63	derlen = sctx->certderlen;
	64	} else {
	65	if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
	66	return 0;
	67	der = sctx->preder;
	68	derlen = sctx->prederlen;
	69	}
	70
	71	/* If no encoding available, fatal error */
	72	if (der == NULL)
	73	return 0;
	74
	75	/* Include length first */
	76	p = tmpbuf;
	77	l2n3(derlen, p);
	78
	79	if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
	80	return 0;
	81	if (!EVP_DigestUpdate(ctx, der, derlen))
	82	return 0;
	83
	84	/* Add any extensions */
	85	p = tmpbuf;
	86	s2n(sct->ext_len, p);
	87	if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
	88	return 0;
	89
	90	if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
	91	return 0;
	92
	93	return 1;
	94	}
	95
cdb2a603	96	int SCT_CTX_verify(const SCT_CTX sctx, const SCT sct)
8c6afbc5 RP	97	{
8c6afbc5 RP	98	EVP_MD_CTX *ctx = NULL;
70073f3e	99	int ret = 0;
0dfd6cf9	100
8c6afbc5 RP	101	if (!SCT_is_complete(sct) \|\| sctx->pkey == NULL \|\|
	102	sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET \|\|
	103	(sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
cdb2a603	104	CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
70073f3e	105	return 0;
8c6afbc5 RP	106	}
8c6afbc5 RP	107	if (sct->version != SCT_VERSION_V1) {
cdb2a603	108	CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
8c6afbc5 RP	109	return 0;
	110	}
	111	if (sct->log_id_len != sctx->pkeyhashlen \|\|
	112	memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
cdb2a603	113	CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
8c6afbc5 RP	114	return 0;
8c6afbc5 RP	115	}
1fa9ffd9 RP	116	if (sct->timestamp > sctx->epoch_time_in_ms) {
	117	CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP);
	118	return 0;
	119	}
0dfd6cf9	120
8c6afbc5 RP	121	ctx = EVP_MD_CTX_new();
	122	if (ctx == NULL)
	123	goto end;
	124
	125	if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
	126	goto end;
	127
	128	if (!sct_ctx_update(ctx, sctx, sct))
	129	goto end;
	130
	131	/* Verify signature */
	132	ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
	133	/* If ret < 0 some other error: fall through without setting error */
	134	if (ret == 0)
cdb2a603	135	CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
8c6afbc5	136
0dfd6cf9	137	end:
8c6afbc5 RP	138	EVP_MD_CTX_free(ctx);
	139	return ret;
	140	}