[thirdparty/openssl.git] / crypto / ct / ct_log.c

/* Author: Adam Eijdenberg <adam.eijdenberg@gmail.com>. */
/* ====================================================================
 * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/conf.h>
#include <openssl/ct.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/safestack.h>

#include "internal/cryptlib.h"

/*
 * Information about a CT log server.
 */
struct ctlog_st {
    char *name;
    uint8_t log_id[CT_V1_HASHLEN];
    EVP_PKEY *public_key;
};

/*
 * A store for multiple CTLOG instances.
 * It takes ownership of any CTLOG instances added to it.
 */
struct ctlog_store_st {
    STACK_OF(CTLOG) *logs;
};

/* The context when loading a CT log list from a CONF file. */
typedef struct ctlog_store_load_ctx_st {
    CTLOG_STORE *log_store;
    CONF *conf;
} CTLOG_STORE_LOAD_CTX;

/*
 * Creates an empty context for loading a CT log store.
 * It should be populated before use.
 */
static CTLOG_STORE_LOAD_CTX *CTLOG_STORE_LOAD_CTX_new();

/*
 * Deletes a CT log store load context.
 * Does not delete any of the fields.
 */
static void CTLOG_STORE_LOAD_CTX_free(CTLOG_STORE_LOAD_CTX* ctx);

static CTLOG_STORE_LOAD_CTX *CTLOG_STORE_LOAD_CTX_new()
{
    CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(CTLOG_STORE_LOAD_CTX));
    if (ctx == NULL) {
        CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    return ctx;

err:
    CTLOG_STORE_LOAD_CTX_free(ctx);
    return NULL;
}

static void CTLOG_STORE_LOAD_CTX_free(CTLOG_STORE_LOAD_CTX* ctx)
{
    if (ctx == NULL)
        return;

    OPENSSL_free(ctx);
}

/* Converts a log's public key into a SHA256 log ID */
static int CT_v1_log_id_from_pkey(EVP_PKEY *pkey,
                                  unsigned char log_id[CT_V1_HASHLEN])
{
    int ret = 0;
    unsigned char *pkey_der = NULL;
    int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
    if (pkey_der_len <= 0) {
        CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
        goto err;
    }
    SHA256(pkey_der, pkey_der_len, log_id);
    ret = 1;
err:
    OPENSSL_free(pkey_der);
    return ret;
}

CTLOG_STORE *CTLOG_STORE_new(void)
{
    CTLOG_STORE *ret = OPENSSL_malloc(sizeof(CTLOG_STORE));
    if (ret == NULL)
        goto err;
    ret->logs = sk_CTLOG_new_null();
    if (ret->logs == NULL)
        goto err;
    return ret;
err:
    CTLOG_STORE_free(ret);
    return NULL;
}

void CTLOG_STORE_free(CTLOG_STORE *store)
{
    if (store != NULL) {
        sk_CTLOG_pop_free(store->logs, CTLOG_free);
        OPENSSL_free(store);
    }
}

static CTLOG *CTLOG_new_from_conf(const CONF *conf, const char *section)
{
    CTLOG *ret = NULL;
    char *description;
    char *pkey_base64;
    if (conf == NULL || section == NULL) {
        CTerr(CT_F_CTLOG_NEW_FROM_CONF, ERR_R_PASSED_NULL_PARAMETER);
        goto end;
    }

    description = NCONF_get_string(conf, section, "description");

    if (description == NULL) {
        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
        goto end;
    }

    pkey_base64 = NCONF_get_string(conf, section, "key");

    if (pkey_base64 == NULL) {
        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
        goto end;
    }

    ret = CTLOG_new_from_base64(pkey_base64, description);
    if (ret == NULL) {
        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_INVALID);
        goto end;
    }

end:
    return ret;
}

int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
{
    char *fpath = (char *)getenv(CTLOG_FILE_EVP);
    if (fpath == NULL)
      fpath = CTLOG_FILE;
    return CTLOG_STORE_load_file(store, fpath);
}

static int CTLOG_STORE_load_log(const char *log_name, int log_name_len, void *arg)
{
    CTLOG_STORE_LOAD_CTX *load_ctx = arg;
    CTLOG *ct_log;

    /* log_name may not be null-terminated, so fix that before using it */
    char *tmp = OPENSSL_strndup(log_name, log_name_len);
    ct_log = CTLOG_new_from_conf(load_ctx->conf, tmp);
    OPENSSL_free(tmp);
    if (ct_log == NULL)
        return 0;

    sk_CTLOG_push(load_ctx->log_store->logs, ct_log);
    return 1;
}

int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
{
    int ret = -1;
    char *enabled_logs;
    CTLOG_STORE_LOAD_CTX* load_ctx = CTLOG_STORE_LOAD_CTX_new();
    load_ctx->log_store = store;
    load_ctx->conf = NCONF_new(NULL);
    if (load_ctx->conf == NULL)
        goto end;

    ret = NCONF_load(load_ctx->conf, file, NULL);
    if (ret <= 0) {
        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
        goto end;
    }

    enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
    CONF_parse_list(enabled_logs, ',', 1, CTLOG_STORE_load_log, load_ctx);

end:
    NCONF_free(load_ctx->conf);
    CTLOG_STORE_LOAD_CTX_free(load_ctx);
    return ret;
}

/*
 * Initialize a new CTLOG object.
 * Takes ownership of the public key.
 * Copies the name.
 */
CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name)
{
    CTLOG *ret = NULL;
    if (public_key == NULL || name == NULL) {
        CTerr(CT_F_CTLOG_NEW, ERR_R_PASSED_NULL_PARAMETER);
        goto err;
    }
    ret = CTLOG_new_null();
    if (ret == NULL)
        goto err;
    ret->name = OPENSSL_strdup(name);
    if (ret->name == NULL)
        goto err;
    ret->public_key = public_key;
    if (CT_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
        goto err;
    return ret;
err:
    CTLOG_free(ret);
    return NULL;
}

CTLOG *CTLOG_new_null(void)
{
    CTLOG *ret = OPENSSL_zalloc(sizeof(CTLOG));
    if (ret == NULL)
        CTerr(CT_F_CTLOG_NEW_NULL, ERR_R_MALLOC_FAILURE);
    return ret;
}

/* Frees CT log and associated structures */
void CTLOG_free(CTLOG *log)
{
    if (log != NULL) {
        OPENSSL_free(log->name);
        log->name = NULL;

        EVP_PKEY_free(log->public_key);
        log->public_key = NULL;

        OPENSSL_free(log);
    }
}

const char *CTLOG_get0_name(CTLOG *log)
{
    return log->name;
}

void CTLOG_get0_log_id(CTLOG *log, uint8_t **log_id, size_t *log_id_len)
{
    *log_id = log->log_id;
    *log_id_len = CT_V1_HASHLEN;
}

EVP_PKEY *CTLOG_get0_public_key(CTLOG *log)
{
    return log->public_key;
}

/*
 * Given a log ID, finds the matching log.
 * Returns NULL if no match found.
 */
CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
                                  const uint8_t *log_id,
                                  size_t log_id_len)
{
    int i;
    if (store == NULL) {
        CTerr(CT_F_CTLOG_STORE_GET0_LOG_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
        goto end;
    }
    for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
        CTLOG *log = sk_CTLOG_value(store->logs, i);
        if (memcmp(log->log_id, log_id, log_id_len) == 0)
            return log;
    }
end:
    return NULL;
}
Commit	Line	Data
8c6afbc5 RP	1	/* Author: Adam Eijdenberg <adam.eijdenberg@gmail.com>. */
	2	/* ====================================================================
	3	* Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	*
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* 3. All advertising materials mentioning features or use of this
	18	* software must display the following acknowledgment:
	19	* "This product includes software developed by the OpenSSL Project
	20	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	21	*
	22	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	23	* endorse or promote products derived from this software without
	24	* prior written permission. For written permission, please contact
	25	* openssl-core@openssl.org.
	26	*
	27	* 5. Products derived from this software may not be called "OpenSSL"
	28	* nor may "OpenSSL" appear in their names without prior written
	29	* permission of the OpenSSL Project.
	30	*
	31	* 6. Redistributions of any form whatsoever must retain the following
	32	* acknowledgment:
	33	* "This product includes software developed by the OpenSSL Project
	34	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	35	*
	36	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	37	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	39	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	40	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	41	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	42	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	43	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	44	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	45	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	46	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	47	* OF THE POSSIBILITY OF SUCH DAMAGE.
	48	* ====================================================================
	49	*
	50	* This product includes cryptographic software written by Eric Young
	51	* (eay@cryptsoft.com). This product includes software written by Tim
	52	* Hudson (tjh@cryptsoft.com).
	53	*
	54	*/
	55
	56	#include <openssl/conf.h>
	57	#include <openssl/ct.h>
	58	#include <openssl/err.h>
	59	#include <openssl/evp.h>
	60	#include <openssl/safestack.h>
	61
	62	#include "internal/cryptlib.h"
	63
	64	/*
65	* Information about a CT log server.
66	*/
67	struct ctlog_st {
68	char *name;
69	uint8_t log_id[CT_V1_HASHLEN];
70	EVP_PKEY *public_key;
71	};
72
73	/*
74	* A store for multiple CTLOG instances.
75	* It takes ownership of any CTLOG instances added to it.
76	*/
77	struct ctlog_store_st {
78	STACK_OF(CTLOG) *logs;
79	};
80
81	/* The context when loading a CT log list from a CONF file. */
82	typedef struct ctlog_store_load_ctx_st {
83	CTLOG_STORE *log_store;
84	CONF *conf;
85	} CTLOG_STORE_LOAD_CTX;
86
87	/*
88	* Creates an empty context for loading a CT log store.
89	* It should be populated before use.
90	*/
91	static CTLOG_STORE_LOAD_CTX *CTLOG_STORE_LOAD_CTX_new();
92
93	/*
94	* Deletes a CT log store load context.
95	* Does not delete any of the fields.
96	*/
97	static void CTLOG_STORE_LOAD_CTX_free(CTLOG_STORE_LOAD_CTX* ctx);
98
99	static CTLOG_STORE_LOAD_CTX *CTLOG_STORE_LOAD_CTX_new()
100	{
101	CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(CTLOG_STORE_LOAD_CTX));
102	if (ctx == NULL) {
103	CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
104	goto err;
105	}
106
107	return ctx;
108
109	err:
110	CTLOG_STORE_LOAD_CTX_free(ctx);
111	return NULL;
112	}
113
114	static void CTLOG_STORE_LOAD_CTX_free(CTLOG_STORE_LOAD_CTX* ctx)
115	{
116	if (ctx == NULL)
117	return;
118
119	OPENSSL_free(ctx);
120	}
121
122	/* Converts a log's public key into a SHA256 log ID */
123	static int CT_v1_log_id_from_pkey(EVP_PKEY *pkey,
124	unsigned char log_id[CT_V1_HASHLEN])
125	{
126	int ret = 0;
127	unsigned char *pkey_der = NULL;
128	int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
129	if (pkey_der_len <= 0) {
130	CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
131	goto err;
132	}
133	SHA256(pkey_der, pkey_der_len, log_id);
134	ret = 1;
135	err:
136	OPENSSL_free(pkey_der);
137	return ret;
138	}
139
140	CTLOG_STORE *CTLOG_STORE_new(void)
141	{
142	CTLOG_STORE *ret = OPENSSL_malloc(sizeof(CTLOG_STORE));
143	if (ret == NULL)
144	goto err;
145	ret->logs = sk_CTLOG_new_null();
146	if (ret->logs == NULL)
147	goto err;
148	return ret;
149	err:
150	CTLOG_STORE_free(ret);
151	return NULL;
152	}
153
154	void CTLOG_STORE_free(CTLOG_STORE *store)
155	{
156	if (store != NULL) {
157	sk_CTLOG_pop_free(store->logs, CTLOG_free);
158	OPENSSL_free(store);
159	}
160	}
161
162	static CTLOG CTLOG_new_from_conf(const CONF conf, const char *section)
163	{
164	CTLOG *ret = NULL;
165	char *description;
166	char *pkey_base64;
167	if (conf == NULL \|\| section == NULL) {
168	CTerr(CT_F_CTLOG_NEW_FROM_CONF, ERR_R_PASSED_NULL_PARAMETER);
169	goto end;
170	}
171
172	description = NCONF_get_string(conf, section, "description");
173
174	if (description == NULL) {
175	CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
176	goto end;
177	}
178
179	pkey_base64 = NCONF_get_string(conf, section, "key");
180
181	if (pkey_base64 == NULL) {
182	CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
183	goto end;
184	}
185
186	ret = CTLOG_new_from_base64(pkey_base64, description);
187	if (ret == NULL) {
188	CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_INVALID);
189	goto end;
190	}
191
192	end:
193	return ret;
194	}
195
196	int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
197	{
198	char fpath = (char )getenv(CTLOG_FILE_EVP);
199	if (fpath == NULL)
200	fpath = CTLOG_FILE;
201	return CTLOG_STORE_load_file(store, fpath);
202	}
203
204	static int CTLOG_STORE_load_log(const char log_name, int log_name_len, void arg)
205	{
206	CTLOG_STORE_LOAD_CTX *load_ctx = arg;
207	CTLOG *ct_log;
208
209	/* log_name may not be null-terminated, so fix that before using it */
210	char *tmp = OPENSSL_strndup(log_name, log_name_len);
211	ct_log = CTLOG_new_from_conf(load_ctx->conf, tmp);
212	OPENSSL_free(tmp);
213	if (ct_log == NULL)
214	return 0;
215
216	sk_CTLOG_push(load_ctx->log_store->logs, ct_log);
217	return 1;
218	}
219
220	int CTLOG_STORE_load_file(CTLOG_STORE store, const char file)
221	{
222	int ret = -1;
223	char *enabled_logs;
224	CTLOG_STORE_LOAD_CTX* load_ctx = CTLOG_STORE_LOAD_CTX_new();
225	load_ctx->log_store = store;
226	load_ctx->conf = NCONF_new(NULL);
227	if (load_ctx->conf == NULL)
228	goto end;
229
230	ret = NCONF_load(load_ctx->conf, file, NULL);
231	if (ret <= 0) {
232	CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
233	goto end;
234	}
235
236	enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
237	CONF_parse_list(enabled_logs, ',', 1, CTLOG_STORE_load_log, load_ctx);
238
239	end:
240	NCONF_free(load_ctx->conf);
241	CTLOG_STORE_LOAD_CTX_free(load_ctx);
242	return ret;
243	}
244
245	/*
246	* Initialize a new CTLOG object.
247	* Takes ownership of the public key.
248	* Copies the name.
249	*/
250	CTLOG CTLOG_new(EVP_PKEY public_key, const char *name)
251	{
252	CTLOG *ret = NULL;
253	if (public_key == NULL \|\| name == NULL) {
254	CTerr(CT_F_CTLOG_NEW, ERR_R_PASSED_NULL_PARAMETER);
255	goto err;
256	}
257	ret = CTLOG_new_null();
258	if (ret == NULL)
259	goto err;
260	ret->name = OPENSSL_strdup(name);
261	if (ret->name == NULL)
262	goto err;
263	ret->public_key = public_key;
264	if (CT_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
265	goto err;
266	return ret;
267	err:
268	CTLOG_free(ret);
269	return NULL;
270	}
271
272	CTLOG *CTLOG_new_null(void)
273	{
274	CTLOG *ret = OPENSSL_zalloc(sizeof(CTLOG));
275	if (ret == NULL)
276	CTerr(CT_F_CTLOG_NEW_NULL, ERR_R_MALLOC_FAILURE);
277	return ret;
278	}
279
280	/* Frees CT log and associated structures */
281	void CTLOG_free(CTLOG *log)
282	{
283	if (log != NULL) {
284	OPENSSL_free(log->name);
285	log->name = NULL;
286
287	EVP_PKEY_free(log->public_key);
288	log->public_key = NULL;
289
290	OPENSSL_free(log);
291	}
292	}
293
294	const char CTLOG_get0_name(CTLOG log)
295	{
296	return log->name;
297	}
298
299	void CTLOG_get0_log_id(CTLOG log, uint8_t log_id, size_t log_id_len)
300	{
301	*log_id = log->log_id;
302	*log_id_len = CT_V1_HASHLEN;
303	}
304
305	EVP_PKEY CTLOG_get0_public_key(CTLOG log)
306	{
307	return log->public_key;
308	}
309
310	/*
311	* Given a log ID, finds the matching log.
312	* Returns NULL if no match found.
313	*/
314	CTLOG CTLOG_STORE_get0_log_by_id(const CTLOG_STORE store,
315	const uint8_t *log_id,
316	size_t log_id_len)
317	{
318	int i;
319	if (store == NULL) {
320	CTerr(CT_F_CTLOG_STORE_GET0_LOG_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
321	goto end;
322	}
323	for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
324	CTLOG *log = sk_CTLOG_value(store->logs, i);
325	if (memcmp(log->log_id, log_id, log_id_len) == 0)
326	return log;
327	}
328	end:
329	return NULL;
330	}