2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/ct.h>
13 #include <openssl/err.h>
14 #include <openssl/evp.h>
15 #include <openssl/x509.h>
19 typedef enum sct_signature_type_t
{
20 SIGNATURE_TYPE_NOT_SET
= -1,
21 SIGNATURE_TYPE_CERT_TIMESTAMP
,
22 SIGNATURE_TYPE_TREE_HASH
26 * Update encoding for SCT signature verification/generation to supplied
29 static int sct_ctx_update(EVP_MD_CTX
*ctx
, const SCT_CTX
*sctx
, const SCT
*sct
)
31 unsigned char tmpbuf
[12];
32 unsigned char *p
, *der
;
35 * digitally-signed struct {
36 * (1 byte) Version sct_version;
37 * (1 byte) SignatureType signature_type = certificate_timestamp;
38 * (8 bytes) uint64 timestamp;
39 * (2 bytes) LogEntryType entry_type;
40 * (? bytes) select(entry_type) {
41 * case x509_entry: ASN.1Cert;
42 * case precert_entry: PreCert;
44 * (2 bytes + sct->ext_len) CtExtensions extensions;
47 if (sct
->entry_type
== CT_LOG_ENTRY_TYPE_NOT_SET
)
49 if (sct
->entry_type
== CT_LOG_ENTRY_TYPE_PRECERT
&& sctx
->ihash
== NULL
)
54 *p
++ = SIGNATURE_TYPE_CERT_TIMESTAMP
;
55 l2n8(sct
->timestamp
, p
);
56 s2n(sct
->entry_type
, p
);
58 if (!EVP_DigestUpdate(ctx
, tmpbuf
, p
- tmpbuf
))
61 if (sct
->entry_type
== CT_LOG_ENTRY_TYPE_X509
) {
63 derlen
= sctx
->certderlen
;
65 if (!EVP_DigestUpdate(ctx
, sctx
->ihash
, sctx
->ihashlen
))
68 derlen
= sctx
->prederlen
;
71 /* If no encoding available, fatal error */
75 /* Include length first */
79 if (!EVP_DigestUpdate(ctx
, tmpbuf
, 3))
81 if (!EVP_DigestUpdate(ctx
, der
, derlen
))
84 /* Add any extensions */
87 if (!EVP_DigestUpdate(ctx
, tmpbuf
, 2))
90 if (sct
->ext_len
&& !EVP_DigestUpdate(ctx
, sct
->ext
, sct
->ext_len
))
96 int SCT_CTX_verify(const SCT_CTX
*sctx
, const SCT
*sct
)
98 EVP_MD_CTX
*ctx
= NULL
;
101 if (!SCT_is_complete(sct
) || sctx
->pkey
== NULL
||
102 sct
->entry_type
== CT_LOG_ENTRY_TYPE_NOT_SET
||
103 (sct
->entry_type
== CT_LOG_ENTRY_TYPE_PRECERT
&& sctx
->ihash
== NULL
)) {
104 CTerr(CT_F_SCT_CTX_VERIFY
, CT_R_SCT_NOT_SET
);
107 if (sct
->version
!= SCT_VERSION_V1
) {
108 CTerr(CT_F_SCT_CTX_VERIFY
, CT_R_SCT_UNSUPPORTED_VERSION
);
111 if (sct
->log_id_len
!= sctx
->pkeyhashlen
||
112 memcmp(sct
->log_id
, sctx
->pkeyhash
, sctx
->pkeyhashlen
) != 0) {
113 CTerr(CT_F_SCT_CTX_VERIFY
, CT_R_SCT_LOG_ID_MISMATCH
);
116 if (sct
->timestamp
> sctx
->epoch_time_in_ms
) {
117 CTerr(CT_F_SCT_CTX_VERIFY
, CT_R_SCT_FUTURE_TIMESTAMP
);
121 ctx
= EVP_MD_CTX_new();
125 if (!EVP_DigestVerifyInit(ctx
, NULL
, EVP_sha256(), NULL
, sctx
->pkey
))
128 if (!sct_ctx_update(ctx
, sctx
, sct
))
131 /* Verify signature */
132 ret
= EVP_DigestVerifyFinal(ctx
, sct
->sig
, sct
->sig_len
);
133 /* If ret < 0 some other error: fall through without setting error */
135 CTerr(CT_F_SCT_CTX_VERIFY
, CT_R_SCT_INVALID_SIGNATURE
);
138 EVP_MD_CTX_free(ctx
);