]>
Commit | Line | Data |
---|---|---|
8c6afbc5 | 1 | /* |
3c2bdd7d | 2 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. |
8c6afbc5 | 3 | * |
5477e842 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8c6afbc5 RP |
8 | */ |
9 | ||
10 | #include <string.h> | |
11 | ||
12 | #include <openssl/ct.h> | |
13 | #include <openssl/err.h> | |
14 | #include <openssl/evp.h> | |
15 | #include <openssl/x509.h> | |
16 | ||
706457b7 | 17 | #include "ct_local.h" |
8c6afbc5 | 18 | |
8c6afbc5 RP |
19 | typedef enum sct_signature_type_t { |
20 | SIGNATURE_TYPE_NOT_SET = -1, | |
21 | SIGNATURE_TYPE_CERT_TIMESTAMP, | |
22 | SIGNATURE_TYPE_TREE_HASH | |
23 | } SCT_SIGNATURE_TYPE; | |
24 | ||
25 | /* | |
26 | * Update encoding for SCT signature verification/generation to supplied | |
27 | * EVP_MD_CTX. | |
28 | */ | |
29 | static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct) | |
30 | { | |
31 | unsigned char tmpbuf[12]; | |
32 | unsigned char *p, *der; | |
33 | size_t derlen; | |
0dfd6cf9 RP |
34 | /*+ |
35 | * digitally-signed struct { | |
36 | * (1 byte) Version sct_version; | |
37 | * (1 byte) SignatureType signature_type = certificate_timestamp; | |
38 | * (8 bytes) uint64 timestamp; | |
39 | * (2 bytes) LogEntryType entry_type; | |
40 | * (? bytes) select(entry_type) { | |
41 | * case x509_entry: ASN.1Cert; | |
42 | * case precert_entry: PreCert; | |
43 | * } signed_entry; | |
44 | * (2 bytes + sct->ext_len) CtExtensions extensions; | |
45 | * } | |
8c6afbc5 | 46 | */ |
8c6afbc5 RP |
47 | if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET) |
48 | return 0; | |
8c6afbc5 RP |
49 | if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL) |
50 | return 0; | |
51 | ||
52 | p = tmpbuf; | |
8c6afbc5 RP |
53 | *p++ = sct->version; |
54 | *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP; | |
55 | l2n8(sct->timestamp, p); | |
56 | s2n(sct->entry_type, p); | |
57 | ||
58 | if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf)) | |
59 | return 0; | |
60 | ||
61 | if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) { | |
62 | der = sctx->certder; | |
63 | derlen = sctx->certderlen; | |
64 | } else { | |
65 | if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen)) | |
66 | return 0; | |
67 | der = sctx->preder; | |
68 | derlen = sctx->prederlen; | |
69 | } | |
70 | ||
71 | /* If no encoding available, fatal error */ | |
72 | if (der == NULL) | |
73 | return 0; | |
74 | ||
75 | /* Include length first */ | |
76 | p = tmpbuf; | |
77 | l2n3(derlen, p); | |
78 | ||
79 | if (!EVP_DigestUpdate(ctx, tmpbuf, 3)) | |
80 | return 0; | |
81 | if (!EVP_DigestUpdate(ctx, der, derlen)) | |
82 | return 0; | |
83 | ||
84 | /* Add any extensions */ | |
85 | p = tmpbuf; | |
86 | s2n(sct->ext_len, p); | |
87 | if (!EVP_DigestUpdate(ctx, tmpbuf, 2)) | |
88 | return 0; | |
89 | ||
90 | if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len)) | |
91 | return 0; | |
92 | ||
93 | return 1; | |
94 | } | |
95 | ||
cdb2a603 | 96 | int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) |
8c6afbc5 RP |
97 | { |
98 | EVP_MD_CTX *ctx = NULL; | |
70073f3e | 99 | int ret = 0; |
0dfd6cf9 | 100 | |
8c6afbc5 RP |
101 | if (!SCT_is_complete(sct) || sctx->pkey == NULL || |
102 | sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || | |
103 | (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) { | |
9311d0c4 | 104 | ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET); |
70073f3e | 105 | return 0; |
8c6afbc5 RP |
106 | } |
107 | if (sct->version != SCT_VERSION_V1) { | |
9311d0c4 | 108 | ERR_raise(ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION); |
8c6afbc5 RP |
109 | return 0; |
110 | } | |
111 | if (sct->log_id_len != sctx->pkeyhashlen || | |
112 | memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { | |
9311d0c4 | 113 | ERR_raise(ERR_LIB_CT, CT_R_SCT_LOG_ID_MISMATCH); |
8c6afbc5 RP |
114 | return 0; |
115 | } | |
1fa9ffd9 | 116 | if (sct->timestamp > sctx->epoch_time_in_ms) { |
9311d0c4 | 117 | ERR_raise(ERR_LIB_CT, CT_R_SCT_FUTURE_TIMESTAMP); |
1fa9ffd9 RP |
118 | return 0; |
119 | } | |
0dfd6cf9 | 120 | |
8c6afbc5 RP |
121 | ctx = EVP_MD_CTX_new(); |
122 | if (ctx == NULL) | |
123 | goto end; | |
124 | ||
d8652be0 | 125 | if (!EVP_DigestVerifyInit_ex(ctx, NULL, "SHA2-256", sctx->libctx, |
1666eec8 | 126 | sctx->propq, sctx->pkey, NULL)) |
8c6afbc5 RP |
127 | goto end; |
128 | ||
129 | if (!sct_ctx_update(ctx, sctx, sct)) | |
130 | goto end; | |
131 | ||
132 | /* Verify signature */ | |
133 | ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len); | |
134 | /* If ret < 0 some other error: fall through without setting error */ | |
135 | if (ret == 0) | |
9311d0c4 | 136 | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); |
8c6afbc5 | 137 | |
0dfd6cf9 | 138 | end: |
8c6afbc5 RP |
139 | EVP_MD_CTX_free(ctx); |
140 | return ret; | |
141 | } |