]>
Commit | Line | Data |
---|---|---|
ded18639 | 1 | /* v3_scts.c */ |
0f113f3e MC |
2 | /* |
3 | * Written by Rob Stradling (rob@comodo.com) for the OpenSSL project 2014. | |
ded18639 DSH |
4 | */ |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2014 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 13 | * notice, this list of conditions and the following disclaimer. |
ded18639 DSH |
14 | * |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | ||
ded18639 DSH |
59 | #include <stdio.h> |
60 | #include "cryptlib.h" | |
61 | #include <openssl/asn1.h> | |
62 | #include <openssl/x509v3.h> | |
77b1f872 | 63 | #include "../../ssl/ssl_locl.h" |
ded18639 | 64 | |
3a325c60 | 65 | #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) |
0f113f3e | 66 | # define SCT_TIMESTAMP unsigned __int64 |
3a325c60 | 67 | #elif defined(__arch64__) |
0f113f3e | 68 | # define SCT_TIMESTAMP unsigned long |
3a325c60 | 69 | #else |
0f113f3e | 70 | # define SCT_TIMESTAMP unsigned long long |
3a325c60 DSH |
71 | #endif |
72 | ||
0f113f3e MC |
73 | #define n2l8(c,l) (l =((SCT_TIMESTAMP)(*((c)++)))<<56, \ |
74 | l|=((SCT_TIMESTAMP)(*((c)++)))<<48, \ | |
75 | l|=((SCT_TIMESTAMP)(*((c)++)))<<40, \ | |
76 | l|=((SCT_TIMESTAMP)(*((c)++)))<<32, \ | |
77 | l|=((SCT_TIMESTAMP)(*((c)++)))<<24, \ | |
78 | l|=((SCT_TIMESTAMP)(*((c)++)))<<16, \ | |
79 | l|=((SCT_TIMESTAMP)(*((c)++)))<< 8, \ | |
80 | l|=((SCT_TIMESTAMP)(*((c)++)))) | |
e0520c65 | 81 | |
fd2309aa | 82 | typedef struct SCT_st { |
0f113f3e MC |
83 | /* The encoded SCT */ |
84 | unsigned char *sct; | |
85 | unsigned short sctlen; | |
86 | /* | |
87 | * Components of the SCT. "logid", "ext" and "sig" point to addresses | |
88 | * inside "sct". | |
89 | */ | |
90 | unsigned char version; | |
91 | unsigned char *logid; | |
92 | unsigned short logidlen; | |
93 | SCT_TIMESTAMP timestamp; | |
94 | unsigned char *ext; | |
95 | unsigned short extlen; | |
96 | unsigned char hash_alg; | |
97 | unsigned char sig_alg; | |
98 | unsigned char *sig; | |
99 | unsigned short siglen; | |
fd2309aa RS |
100 | } SCT; |
101 | ||
102 | DECLARE_STACK_OF(SCT) | |
103 | ||
104 | static void SCT_LIST_free(STACK_OF(SCT) *a); | |
0f113f3e MC |
105 | static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, |
106 | const unsigned char **pp, long length); | |
fd2309aa | 107 | static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, |
0f113f3e | 108 | BIO *out, int indent); |
ded18639 DSH |
109 | |
110 | const X509V3_EXT_METHOD v3_ct_scts[] = { | |
0f113f3e MC |
111 | {NID_ct_precert_scts, 0, NULL, |
112 | 0, (X509V3_EXT_FREE)SCT_LIST_free, | |
113 | (X509V3_EXT_D2I)d2i_SCT_LIST, 0, | |
114 | 0, 0, 0, 0, | |
115 | (X509V3_EXT_I2R)i2r_SCT_LIST, 0, | |
116 | NULL}, | |
117 | ||
118 | {NID_ct_cert_scts, 0, NULL, | |
119 | 0, (X509V3_EXT_FREE)SCT_LIST_free, | |
120 | (X509V3_EXT_D2I)d2i_SCT_LIST, 0, | |
121 | 0, 0, 0, 0, | |
122 | (X509V3_EXT_I2R)i2r_SCT_LIST, 0, | |
123 | NULL}, | |
ded18639 DSH |
124 | }; |
125 | ||
fd2309aa | 126 | static void tls12_signature_print(BIO *out, const unsigned char hash_alg, |
0f113f3e MC |
127 | const unsigned char sig_alg) |
128 | { | |
129 | int nid = NID_undef; | |
130 | /* RFC6962 only permits two signature algorithms */ | |
131 | if (hash_alg == TLSEXT_hash_sha256) { | |
132 | if (sig_alg == TLSEXT_signature_rsa) | |
133 | nid = NID_sha256WithRSAEncryption; | |
134 | else if (sig_alg == TLSEXT_signature_ecdsa) | |
135 | nid = NID_ecdsa_with_SHA256; | |
136 | } | |
137 | if (nid == NID_undef) | |
138 | BIO_printf(out, "%02X%02X", hash_alg, sig_alg); | |
139 | else | |
140 | BIO_printf(out, "%s", OBJ_nid2ln(nid)); | |
141 | } | |
ded18639 | 142 | |
fd2309aa | 143 | static void timestamp_print(BIO *out, SCT_TIMESTAMP timestamp) |
0f113f3e MC |
144 | { |
145 | ASN1_GENERALIZEDTIME *gen; | |
146 | char genstr[20]; | |
147 | gen = ASN1_GENERALIZEDTIME_new(); | |
148 | ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, | |
149 | (int)(timestamp / 86400000), | |
150 | (timestamp % 86400000) / 1000); | |
151 | /* | |
152 | * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 | |
153 | * characters long with a final Z. Update it with fractional seconds. | |
154 | */ | |
155 | BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ", | |
156 | ASN1_STRING_data(gen), (unsigned int)(timestamp % 1000)); | |
157 | ASN1_GENERALIZEDTIME_set_string(gen, genstr); | |
158 | ASN1_GENERALIZEDTIME_print(out, gen); | |
159 | ASN1_GENERALIZEDTIME_free(gen); | |
160 | } | |
ded18639 | 161 | |
fd2309aa | 162 | static void SCT_free(SCT *sct) |
0f113f3e | 163 | { |
895cba19 RS |
164 | if (!sct) |
165 | return; | |
166 | if (sct->sct) | |
167 | OPENSSL_free(sct->sct); | |
168 | OPENSSL_free(sct); | |
0f113f3e | 169 | } |
fd2309aa RS |
170 | |
171 | static void SCT_LIST_free(STACK_OF(SCT) *a) | |
0f113f3e MC |
172 | { |
173 | sk_SCT_pop_free(a, SCT_free); | |
174 | } | |
175 | ||
176 | static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, | |
177 | const unsigned char **pp, long length) | |
178 | { | |
179 | ASN1_OCTET_STRING *oct = NULL; | |
180 | STACK_OF(SCT) *sk = NULL; | |
181 | SCT *sct; | |
182 | unsigned char *p, *p2; | |
183 | unsigned short listlen, sctlen = 0, fieldlen; | |
184 | ||
185 | if (d2i_ASN1_OCTET_STRING(&oct, pp, length) == NULL) | |
186 | return NULL; | |
187 | if (oct->length < 2) | |
188 | goto done; | |
189 | p = oct->data; | |
190 | n2s(p, listlen); | |
191 | if (listlen != oct->length - 2) | |
192 | goto done; | |
193 | ||
194 | if ((sk = sk_SCT_new_null()) == NULL) | |
195 | goto done; | |
196 | ||
197 | while (listlen > 0) { | |
198 | if (listlen < 2) | |
199 | goto err; | |
200 | n2s(p, sctlen); | |
201 | listlen -= 2; | |
202 | ||
203 | if ((sctlen < 1) || (sctlen > listlen)) | |
204 | goto err; | |
205 | listlen -= sctlen; | |
206 | ||
207 | sct = OPENSSL_malloc(sizeof(SCT)); | |
208 | if (!sct) | |
209 | goto err; | |
210 | if (!sk_SCT_push(sk, sct)) { | |
211 | OPENSSL_free(sct); | |
212 | goto err; | |
213 | } | |
214 | ||
215 | sct->sct = OPENSSL_malloc(sctlen); | |
216 | if (!sct->sct) | |
217 | goto err; | |
218 | memcpy(sct->sct, p, sctlen); | |
219 | sct->sctlen = sctlen; | |
220 | p += sctlen; | |
221 | p2 = sct->sct; | |
222 | ||
223 | sct->version = *p2++; | |
224 | if (sct->version == 0) { /* SCT v1 */ | |
50e735f9 MC |
225 | /*- |
226 | * Fixed-length header: | |
227 | * struct { | |
228 | * (1 byte) Version sct_version; | |
229 | * (32 bytes) LogID id; | |
230 | * (8 bytes) uint64 timestamp; | |
231 | * (2 bytes + ?) CtExtensions extensions; | |
232 | */ | |
0f113f3e MC |
233 | if (sctlen < 43) |
234 | goto err; | |
235 | sctlen -= 43; | |
236 | ||
237 | sct->logid = p2; | |
238 | sct->logidlen = 32; | |
239 | p2 += 32; | |
240 | ||
241 | n2l8(p2, sct->timestamp); | |
242 | ||
243 | n2s(p2, fieldlen); | |
244 | if (sctlen < fieldlen) | |
245 | goto err; | |
246 | sct->ext = p2; | |
247 | sct->extlen = fieldlen; | |
248 | p2 += fieldlen; | |
249 | sctlen -= fieldlen; | |
250 | ||
50e735f9 MC |
251 | /*- |
252 | * digitally-signed struct header: | |
253 | * (1 byte) Hash algorithm | |
254 | * (1 byte) Signature algorithm | |
255 | * (2 bytes + ?) Signature | |
256 | */ | |
0f113f3e MC |
257 | if (sctlen < 4) |
258 | goto err; | |
259 | sctlen -= 4; | |
260 | ||
261 | sct->hash_alg = *p2++; | |
262 | sct->sig_alg = *p2++; | |
263 | n2s(p2, fieldlen); | |
264 | if (sctlen != fieldlen) | |
265 | goto err; | |
266 | sct->sig = p2; | |
267 | sct->siglen = fieldlen; | |
268 | } | |
269 | } | |
270 | ||
271 | done: | |
272 | ASN1_OCTET_STRING_free(oct); | |
273 | return sk; | |
274 | ||
275 | err: | |
276 | SCT_LIST_free(sk); | |
277 | sk = NULL; | |
278 | goto done; | |
279 | } | |
fd2309aa RS |
280 | |
281 | static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, | |
0f113f3e MC |
282 | BIO *out, int indent) |
283 | { | |
284 | SCT *sct; | |
285 | int i; | |
286 | ||
287 | for (i = 0; i < sk_SCT_num(sct_list);) { | |
288 | sct = sk_SCT_value(sct_list, i); | |
289 | ||
290 | BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, ""); | |
291 | BIO_printf(out, "\n%*sVersion : ", indent + 4, ""); | |
292 | ||
293 | if (sct->version == 0) { /* SCT v1 */ | |
294 | BIO_printf(out, "v1(0)"); | |
295 | ||
296 | BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); | |
297 | BIO_hex_string(out, indent + 16, 16, sct->logid, sct->logidlen); | |
298 | ||
299 | BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); | |
300 | timestamp_print(out, sct->timestamp); | |
301 | ||
302 | BIO_printf(out, "\n%*sExtensions: ", indent + 4, ""); | |
303 | if (sct->extlen == 0) | |
304 | BIO_printf(out, "none"); | |
305 | else | |
306 | BIO_hex_string(out, indent + 16, 16, sct->ext, sct->extlen); | |
307 | ||
308 | BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); | |
309 | tls12_signature_print(out, sct->hash_alg, sct->sig_alg); | |
310 | BIO_printf(out, "\n%*s ", indent + 4, ""); | |
311 | BIO_hex_string(out, indent + 16, 16, sct->sig, sct->siglen); | |
312 | } else { /* Unknown version */ | |
313 | ||
314 | BIO_printf(out, "unknown\n%*s", indent + 16, ""); | |
315 | BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sctlen); | |
316 | } | |
317 | ||
318 | if (++i < sk_SCT_num(sct_list)) | |
319 | BIO_printf(out, "\n"); | |
320 | } | |
321 | ||
322 | return 1; | |
323 | } |