[thirdparty/openssl.git] / crypto / ct / ct_vfy.c

/*
 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
 * (steve@openssl.org) for the OpenSSL project 2014.
 */
/* ====================================================================
 * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <string.h>

#include <openssl/ct.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>

#include "ct_locl.h"

typedef enum sct_signature_type_t {
    SIGNATURE_TYPE_NOT_SET = -1,
    SIGNATURE_TYPE_CERT_TIMESTAMP,
    SIGNATURE_TYPE_TREE_HASH
} SCT_SIGNATURE_TYPE;

/*
 * Update encoding for SCT signature verification/generation to supplied
 * EVP_MD_CTX.
 */
static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
{
    unsigned char tmpbuf[12];
    unsigned char *p, *der;
    size_t derlen;
    /*+
     * digitally-signed struct {
     *   (1 byte) Version sct_version;
     *   (1 byte) SignatureType signature_type = certificate_timestamp;
     *   (8 bytes) uint64 timestamp;
     *   (2 bytes) LogEntryType entry_type;
     *   (? bytes) select(entry_type) {
     *     case x509_entry: ASN.1Cert;
     *     case precert_entry: PreCert;
     *   } signed_entry;
     *   (2 bytes + sct->ext_len) CtExtensions extensions;
     * }
     */
    if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
        return 0;
    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
        return 0;

    p = tmpbuf;
    *p++ = sct->version;
    *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
    l2n8(sct->timestamp, p);
    s2n(sct->entry_type, p);

    if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
        return 0;

    if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
        der = sctx->certder;
        derlen = sctx->certderlen;
    } else {
        if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
            return 0;
        der = sctx->preder;
        derlen = sctx->prederlen;
    }

    /* If no encoding available, fatal error */
    if (der == NULL)
        return 0;

    /* Include length first */
    p = tmpbuf;
    l2n3(derlen, p);

    if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
        return 0;
    if (!EVP_DigestUpdate(ctx, der, derlen))
        return 0;

    /* Add any extensions */
    p = tmpbuf;
    s2n(sct->ext_len, p);
    if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
        return 0;

    if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
        return 0;

    return 1;
}

int SCT_verify(const SCT_CTX *sctx, const SCT *sct)
{
    EVP_MD_CTX *ctx = NULL;
    int ret = 0;

    if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
        sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
        (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
        CTerr(CT_F_SCT_VERIFY, CT_R_SCT_NOT_SET);
        return 0;
    }
    if (sct->version != SCT_VERSION_V1) {
        CTerr(CT_F_SCT_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
        return 0;
    }
    if (sct->log_id_len != sctx->pkeyhashlen ||
        memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
        CTerr(CT_F_SCT_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
        return 0;
    }

    ctx = EVP_MD_CTX_new();
    if (ctx == NULL)
        goto end;

    if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
        goto end;

    if (!sct_ctx_update(ctx, sctx, sct))
        goto end;

    /* Verify signature */
    ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
    /* If ret < 0 some other error: fall through without setting error */
    if (ret == 0)
        CTerr(CT_F_SCT_VERIFY, CT_R_SCT_INVALID_SIGNATURE);

end:
    EVP_MD_CTX_free(ctx);
    return ret;
}

int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer,
                  X509_PUBKEY *log_pubkey, X509 *issuer_cert)
{
    int ret = 0;
    SCT_CTX *sctx = NULL;

    if (!SCT_is_complete(sct)) {
        CTerr(CT_F_SCT_VERIFY_V1, CT_R_SCT_NOT_SET);
        return 0;
    }

    if (sct->version != 0) {
        CTerr(CT_F_SCT_VERIFY_V1, CT_R_SCT_UNSUPPORTED_VERSION);
        return 0;
    }

    sctx = SCT_CTX_new();
    if (sctx == NULL)
        goto done;

    if (!SCT_CTX_set1_pubkey(sctx, log_pubkey))
        goto done;

    if (!SCT_CTX_set1_cert(sctx, cert, preissuer))
        goto done;

    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT &&
        !SCT_CTX_set1_issuer(sctx, issuer_cert))
        goto done;

    ret = SCT_verify(sctx, sct);
done:
    SCT_CTX_free(sctx);
    return ret;
}
Commit	Line	Data
8c6afbc5 RP	1	/*
	2	* Written by Rob Stradling (rob@comodo.com) and Stephen Henson
	3	* (steve@openssl.org) for the OpenSSL project 2014.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2014 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59	#include <string.h>
	60
	61	#include <openssl/ct.h>
	62	#include <openssl/err.h>
	63	#include <openssl/evp.h>
	64	#include <openssl/x509.h>
65
66	#include "ct_locl.h"
67
8c6afbc5 RP	68	typedef enum sct_signature_type_t {
	69	SIGNATURE_TYPE_NOT_SET = -1,
	70	SIGNATURE_TYPE_CERT_TIMESTAMP,
	71	SIGNATURE_TYPE_TREE_HASH
	72	} SCT_SIGNATURE_TYPE;
	73
	74	/*
	75	* Update encoding for SCT signature verification/generation to supplied
	76	* EVP_MD_CTX.
	77	*/
	78	static int sct_ctx_update(EVP_MD_CTX ctx, const SCT_CTX sctx, const SCT *sct)
	79	{
	80	unsigned char tmpbuf[12];
	81	unsigned char p, der;
	82	size_t derlen;
0dfd6cf9 RP	83	/*+
	84	* digitally-signed struct {
	85	* (1 byte) Version sct_version;
	86	* (1 byte) SignatureType signature_type = certificate_timestamp;
	87	* (8 bytes) uint64 timestamp;
	88	* (2 bytes) LogEntryType entry_type;
	89	* (? bytes) select(entry_type) {
	90	* case x509_entry: ASN.1Cert;
	91	* case precert_entry: PreCert;
	92	* } signed_entry;
	93	* (2 bytes + sct->ext_len) CtExtensions extensions;
	94	* }
8c6afbc5	95	*/
8c6afbc5 RP	96	if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
8c6afbc5 RP	97	return 0;
8c6afbc5 RP	98	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
	99	return 0;
	100
	101	p = tmpbuf;
8c6afbc5 RP	102	*p++ = sct->version;
	103	*p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
	104	l2n8(sct->timestamp, p);
	105	s2n(sct->entry_type, p);
	106
	107	if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
	108	return 0;
	109
	110	if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
	111	der = sctx->certder;
	112	derlen = sctx->certderlen;
	113	} else {
	114	if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
	115	return 0;
	116	der = sctx->preder;
	117	derlen = sctx->prederlen;
	118	}
	119
	120	/* If no encoding available, fatal error */
	121	if (der == NULL)
	122	return 0;
	123
	124	/* Include length first */
	125	p = tmpbuf;
	126	l2n3(derlen, p);
	127
	128	if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
	129	return 0;
	130	if (!EVP_DigestUpdate(ctx, der, derlen))
	131	return 0;
	132
	133	/* Add any extensions */
	134	p = tmpbuf;
	135	s2n(sct->ext_len, p);
	136	if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
	137	return 0;
	138
	139	if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
	140	return 0;
	141
	142	return 1;
	143	}
	144
	145	int SCT_verify(const SCT_CTX sctx, const SCT sct)
	146	{
	147	EVP_MD_CTX *ctx = NULL;
70073f3e	148	int ret = 0;
0dfd6cf9	149
8c6afbc5 RP	150	if (!SCT_is_complete(sct) \|\| sctx->pkey == NULL \|\|
	151	sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET \|\|
	152	(sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
	153	CTerr(CT_F_SCT_VERIFY, CT_R_SCT_NOT_SET);
70073f3e	154	return 0;
8c6afbc5 RP	155	}
	156	if (sct->version != SCT_VERSION_V1) {
	157	CTerr(CT_F_SCT_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
	158	return 0;
	159	}
	160	if (sct->log_id_len != sctx->pkeyhashlen \|\|
	161	memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
	162	CTerr(CT_F_SCT_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
	163	return 0;
	164	}
0dfd6cf9	165
8c6afbc5 RP	166	ctx = EVP_MD_CTX_new();
	167	if (ctx == NULL)
	168	goto end;
	169
	170	if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
	171	goto end;
	172
	173	if (!sct_ctx_update(ctx, sctx, sct))
	174	goto end;
	175
	176	/* Verify signature */
	177	ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
	178	/* If ret < 0 some other error: fall through without setting error */
	179	if (ret == 0)
	180	CTerr(CT_F_SCT_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
	181
0dfd6cf9	182	end:
8c6afbc5 RP	183	EVP_MD_CTX_free(ctx);
	184	return ret;
	185	}
	186
	187	int SCT_verify_v1(SCT sct, X509 cert, X509 *preissuer,
	188	X509_PUBKEY log_pubkey, X509 issuer_cert)
	189	{
	190	int ret = 0;
	191	SCT_CTX *sctx = NULL;
	192
0dfd6cf9	193	if (!SCT_is_complete(sct)) {
8c6afbc5	194	CTerr(CT_F_SCT_VERIFY_V1, CT_R_SCT_NOT_SET);
70073f3e	195	return 0;
0dfd6cf9 RP	196	}
	197
	198	if (sct->version != 0) {
8c6afbc5 RP	199	CTerr(CT_F_SCT_VERIFY_V1, CT_R_SCT_UNSUPPORTED_VERSION);
	200	return 0;
	201	}
	202
	203	sctx = SCT_CTX_new();
	204	if (sctx == NULL)
	205	goto done;
	206
70073f3e	207	if (!SCT_CTX_set1_pubkey(sctx, log_pubkey))
8c6afbc5 RP	208	goto done;
8c6afbc5 RP	209
70073f3e	210	if (!SCT_CTX_set1_cert(sctx, cert, preissuer))
8c6afbc5 RP	211	goto done;
8c6afbc5 RP	212
70073f3e RP	213	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT &&
	214	!SCT_CTX_set1_issuer(sctx, issuer_cert))
	215	goto done;
8c6afbc5 RP	216
8c6afbc5 RP	217	ret = SCT_verify(sctx, sct);
0dfd6cf9 RP	218	done:
0dfd6cf9 RP	219	SCT_CTX_free(sctx);
8c6afbc5 RP	220	return ret;
8c6afbc5 RP	221	}