[thirdparty/openssl.git] / crypto / ct / ct_sct.c

/*
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#ifdef OPENSSL_NO_CT
# error "CT disabled"
#endif

#include <openssl/ct.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/tls1.h>
#include <openssl/x509.h>

#include "ct_locl.h"

SCT *SCT_new(void)
{
    SCT *sct = OPENSSL_zalloc(sizeof(*sct));

    if (sct == NULL) {
        CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;
    sct->version = SCT_VERSION_NOT_SET;
    return sct;
}

void SCT_free(SCT *sct)
{
    if (sct == NULL)
        return;

    OPENSSL_free(sct->log_id);
    OPENSSL_free(sct->ext);
    OPENSSL_free(sct->sig);
    OPENSSL_free(sct->sct);
    OPENSSL_free(sct);
}

int SCT_set_version(SCT *sct, sct_version_t version)
{
    if (version != SCT_VERSION_V1) {
        CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);
        return 0;
    }
    sct->version = version;
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
    return 1;
}

int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
{
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;

    switch (entry_type) {
    case CT_LOG_ENTRY_TYPE_X509:
    case CT_LOG_ENTRY_TYPE_PRECERT:
        sct->entry_type = entry_type;
        return 1;
    default:
        CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
        return 0;
    }
}

int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
{
    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
        CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
        return 0;
    }

    OPENSSL_free(sct->log_id);
    sct->log_id = log_id;
    sct->log_id_len = log_id_len;
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
    return 1;
}

int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)
{
    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
        CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
        return 0;
    }

    OPENSSL_free(sct->log_id);
    sct->log_id = NULL;
    sct->log_id_len = 0;
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;

    if (log_id != NULL && log_id_len > 0) {
        sct->log_id = OPENSSL_memdup(log_id, log_id_len);
        if (sct->log_id == NULL) {
            CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);
            return 0;
        }
        sct->log_id_len = log_id_len;
    }
    return 1;
}


void SCT_set_timestamp(SCT *sct, uint64_t timestamp)
{
    sct->timestamp = timestamp;
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
}

int SCT_set_signature_nid(SCT *sct, int nid)
{
  switch (nid) {
    case NID_sha256WithRSAEncryption:
        sct->hash_alg = TLSEXT_hash_sha256;
        sct->sig_alg = TLSEXT_signature_rsa;
        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
        return 1;
    case NID_ecdsa_with_SHA256:
        sct->hash_alg = TLSEXT_hash_sha256;
        sct->sig_alg = TLSEXT_signature_ecdsa;
        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
        return 1;
    default:
        CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);
        return 0;
    }
}

void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)
{
    OPENSSL_free(sct->ext);
    sct->ext = ext;
    sct->ext_len = ext_len;
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
}

int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)
{
    OPENSSL_free(sct->ext);
    sct->ext = NULL;
    sct->ext_len = 0;
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;

    if (ext != NULL && ext_len > 0) {
        sct->ext = OPENSSL_memdup(ext, ext_len);
        if (sct->ext == NULL) {
            CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);
            return 0;
        }
        sct->ext_len = ext_len;
    }
    return 1;
}

void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)
{
    OPENSSL_free(sct->sig);
    sct->sig = sig;
    sct->sig_len = sig_len;
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
}

int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)
{
    OPENSSL_free(sct->sig);
    sct->sig = NULL;
    sct->sig_len = 0;
    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;

    if (sig != NULL && sig_len > 0) {
        sct->sig = OPENSSL_memdup(sig, sig_len);
        if (sct->sig == NULL) {
            CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);
            return 0;
        }
        sct->sig_len = sig_len;
    }
    return 1;
}

sct_version_t SCT_get_version(const SCT *sct)
{
    return sct->version;
}

ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct)
{
    return sct->entry_type;
}

size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id)
{
    *log_id = sct->log_id;
    return sct->log_id_len;
}

uint64_t SCT_get_timestamp(const SCT *sct)
{
    return sct->timestamp;
}

int SCT_get_signature_nid(const SCT *sct)
{
    if (sct->version == SCT_VERSION_V1) {
        if (sct->hash_alg == TLSEXT_hash_sha256) {
            switch (sct->sig_alg) {
            case TLSEXT_signature_ecdsa:
                return NID_ecdsa_with_SHA256;
            case TLSEXT_signature_rsa:
                return NID_sha256WithRSAEncryption;
            default:
                return NID_undef;
            }
        }
    }
    return NID_undef;
}

size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext)
{
    *ext = sct->ext;
    return sct->ext_len;
}

size_t SCT_get0_signature(const SCT *sct, unsigned char **sig)
{
    *sig = sct->sig;
    return sct->sig_len;
}

int SCT_is_complete(const SCT *sct)
{
    switch (sct->version) {
    case SCT_VERSION_NOT_SET:
        return 0;
    case SCT_VERSION_V1:
        return sct->log_id != NULL && SCT_signature_is_complete(sct);
    default:
        return sct->sct != NULL; /* Just need cached encoding */
    }
}

int SCT_signature_is_complete(const SCT *sct)
{
    return SCT_get_signature_nid(sct) != NID_undef &&
        sct->sig != NULL && sct->sig_len > 0;
}

sct_source_t SCT_get_source(const SCT *sct)
{
    return sct->source;
}

int SCT_set_source(SCT *sct, sct_source_t source)
{
    sct->source = source;
    switch (source) {
    case SCT_SOURCE_TLS_EXTENSION:
    case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
    case SCT_SOURCE_X509V3_EXTENSION:
        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
    default: /* if we aren't sure, leave the log entry type alone */
        return 1;
    }
}

sct_validation_status_t SCT_get_validation_status(const SCT *sct)
{
    return sct->validation_status;
}

int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
{
    int is_sct_valid = -1;
    SCT_CTX *sctx = NULL;
    X509_PUBKEY *pub = NULL, *log_pkey = NULL;
    const CTLOG *log;

    /*
     * With an unrecognized SCT version we don't know what such an SCT means,
     * let alone validate one.  So we return validation failure (0).
     */
    if (sct->version != SCT_VERSION_V1) {
        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
        return 0;
    }

    log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
                                     sct->log_id, sct->log_id_len);

    /* Similarly, an SCT from an unknown log also cannot be validated. */
    if (log == NULL) {
        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
        return 0;
    }

    sctx = SCT_CTX_new();
    if (sctx == NULL)
        goto err;

    if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
        goto err;
    if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
        goto err;

    if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
        EVP_PKEY *issuer_pkey;

        if (ctx->issuer == NULL) {
            sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
            goto end;
        }

        issuer_pkey = X509_get0_pubkey(ctx->issuer);

        if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
            goto err;
        if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
            goto err;
    }

    /*
     * XXX: Potential for optimization.  This repeats some idempotent heavy
     * lifting on the certificate for each candidate SCT, and appears to not
     * use any information in the SCT itself, only the certificate is
     * processed.  So it may make more sense to to do this just once, perhaps
     * associated with the shared (by all SCTs) policy eval ctx.
     *
     * XXX: Failure here is global (SCT independent) and represents either an
     * issue with the certificate (e.g. duplicate extensions) or an out of
     * memory condition.  When the certificate is incompatible with CT, we just
     * mark the SCTs invalid, rather than report a failure to determine the
     * validation status.  That way, callbacks that want to do "soft" SCT
     * processing will not abort handshakes with false positive internal
     * errors.  Since the function does not distinguish between certificate
     * issues (peer's fault) and internal problems (out fault) the safe thing
     * to do is to report a validation failure and let the callback or
     * application decide what to do.
     */
    if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
        sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
    else
        sct->validation_status = SCT_verify(sctx, sct) == 1 ?
            SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;

end:
    is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;
err:
    X509_PUBKEY_free(pub);
    X509_PUBKEY_free(log_pkey);
    SCT_CTX_free(sctx);

    return is_sct_valid;
}

int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx)
{
    int are_scts_valid = 1;
    int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
    int i;

    for (i = 0; i < sct_count; ++i) {
        int is_sct_valid = -1;
        SCT *sct = sk_SCT_value(scts, i);

        if (sct == NULL)
            continue;

        is_sct_valid = SCT_validate(sct, ctx);
        if (is_sct_valid < 0)
            return is_sct_valid;
        are_scts_valid &= is_sct_valid;
    }

    return are_scts_valid;
}
Commit	Line	Data
3149baf8	1	/*
d2e9e320	2	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3149baf8	3	*
d2e9e320 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
3149baf8 AE	8	*/
3149baf8 AE	9
0cea8832 RP	10	#ifdef OPENSSL_NO_CT
	11	# error "CT disabled"
	12	#endif
	13
	14	#include <openssl/ct.h>
	15	#include <openssl/err.h>
	16	#include <openssl/evp.h>
	17	#include <openssl/tls1.h>
	18	#include <openssl/x509.h>
3149baf8	19
0cea8832	20	#include "ct_locl.h"
3149baf8 AE	21
	22	SCT *SCT_new(void)
	23	{
0dfd6cf9	24	SCT sct = OPENSSL_zalloc(sizeof(sct));
0cea8832	25
3149baf8 AE	26	if (sct == NULL) {
	27	CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);
	28	return NULL;
	29	}
0cea8832 RP	30
	31	sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;
	32	sct->version = SCT_VERSION_NOT_SET;
3149baf8 AE	33	return sct;
	34	}
	35
	36	void SCT_free(SCT *sct)
	37	{
0cea8832 RP	38	if (sct == NULL)
	39	return;
	40
	41	OPENSSL_free(sct->log_id);
	42	OPENSSL_free(sct->ext);
	43	OPENSSL_free(sct->sig);
	44	OPENSSL_free(sct->sct);
	45	OPENSSL_free(sct);
3149baf8 AE	46	}
	47
	48	int SCT_set_version(SCT *sct, sct_version_t version)
	49	{
0cea8832	50	if (version != SCT_VERSION_V1) {
3149baf8 AE	51	CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);
	52	return 0;
	53	}
	54	sct->version = version;
6d7fd9c1	55	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
3149baf8 AE	56	return 1;
	57	}
	58
0cea8832	59	int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
3149baf8	60	{
6d7fd9c1 RP	61	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
6d7fd9c1 RP	62
0cea8832 RP	63	switch (entry_type) {
	64	case CT_LOG_ENTRY_TYPE_X509:
	65	case CT_LOG_ENTRY_TYPE_PRECERT:
	66	sct->entry_type = entry_type;
	67	return 1;
	68	default:
3149baf8 AE	69	CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
	70	return 0;
	71	}
3149baf8 AE	72	}
	73
	74	int SCT_set0_log_id(SCT sct, unsigned char log_id, size_t log_id_len)
	75	{
0cea8832	76	if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
3149baf8 AE	77	CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
	78	return 0;
	79	}
0cea8832	80
3149baf8 AE	81	OPENSSL_free(sct->log_id);
	82	sct->log_id = log_id;
	83	sct->log_id_len = log_id_len;
6d7fd9c1	84	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
3149baf8 AE	85	return 1;
	86	}
	87
5ad29c54 AE	88	int SCT_set1_log_id(SCT sct, const unsigned char log_id, size_t log_id_len)
5ad29c54 AE	89	{
0cea8832	90	if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
5ad29c54 AE	91	CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
	92	return 0;
	93	}
	94
	95	OPENSSL_free(sct->log_id);
0cea8832 RP	96	sct->log_id = NULL;
0cea8832 RP	97	sct->log_id_len = 0;
6d7fd9c1	98	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
5ad29c54	99
0cea8832 RP	100	if (log_id != NULL && log_id_len > 0) {
0cea8832 RP	101	sct->log_id = OPENSSL_memdup(log_id, log_id_len);
5ad29c54 AE	102	if (sct->log_id == NULL) {
	103	CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);
	104	return 0;
	105	}
0cea8832	106	sct->log_id_len = log_id_len;
5ad29c54	107	}
5ad29c54 AE	108	return 1;
	109	}
	110
	111
3149baf8 AE	112	void SCT_set_timestamp(SCT *sct, uint64_t timestamp)
	113	{
	114	sct->timestamp = timestamp;
6d7fd9c1	115	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
3149baf8 AE	116	}
	117
	118	int SCT_set_signature_nid(SCT *sct, int nid)
	119	{
	120	switch (nid) {
	121	case NID_sha256WithRSAEncryption:
	122	sct->hash_alg = TLSEXT_hash_sha256;
	123	sct->sig_alg = TLSEXT_signature_rsa;
6d7fd9c1	124	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
3149baf8 AE	125	return 1;
	126	case NID_ecdsa_with_SHA256:
	127	sct->hash_alg = TLSEXT_hash_sha256;
	128	sct->sig_alg = TLSEXT_signature_ecdsa;
6d7fd9c1	129	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
3149baf8 AE	130	return 1;
	131	default:
	132	CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);
	133	return 0;
	134	}
	135	}
	136
	137	void SCT_set0_extensions(SCT sct, unsigned char ext, size_t ext_len)
	138	{
	139	OPENSSL_free(sct->ext);
	140	sct->ext = ext;
	141	sct->ext_len = ext_len;
6d7fd9c1	142	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
3149baf8 AE	143	}
3149baf8 AE	144
5ad29c54 AE	145	int SCT_set1_extensions(SCT sct, const unsigned char ext, size_t ext_len)
	146	{
	147	OPENSSL_free(sct->ext);
	148	sct->ext = NULL;
	149	sct->ext_len = 0;
6d7fd9c1	150	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
5ad29c54 AE	151
	152	if (ext != NULL && ext_len > 0) {
	153	sct->ext = OPENSSL_memdup(ext, ext_len);
	154	if (sct->ext == NULL) {
	155	CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);
	156	return 0;
	157	}
	158	sct->ext_len = ext_len;
	159	}
	160	return 1;
	161	}
	162
3149baf8 AE	163	void SCT_set0_signature(SCT sct, unsigned char sig, size_t sig_len)
	164	{
	165	OPENSSL_free(sct->sig);
	166	sct->sig = sig;
	167	sct->sig_len = sig_len;
6d7fd9c1	168	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
3149baf8 AE	169	}
3149baf8 AE	170
5ad29c54 AE	171	int SCT_set1_signature(SCT sct, const unsigned char sig, size_t sig_len)
	172	{
	173	OPENSSL_free(sct->sig);
0cea8832 RP	174	sct->sig = NULL;
0cea8832 RP	175	sct->sig_len = 0;
6d7fd9c1	176	sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
0cea8832 RP	177
0cea8832 RP	178	if (sig != NULL && sig_len > 0) {
5ad29c54 AE	179	sct->sig = OPENSSL_memdup(sig, sig_len);
	180	if (sct->sig == NULL) {
	181	CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);
	182	return 0;
	183	}
0cea8832	184	sct->sig_len = sig_len;
5ad29c54	185	}
5ad29c54 AE	186	return 1;
	187	}
	188
3149baf8 AE	189	sct_version_t SCT_get_version(const SCT *sct)
	190	{
	191	return sct->version;
	192	}
	193
0cea8832	194	ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct)
3149baf8 AE	195	{
	196	return sct->entry_type;
	197	}
	198
	199	size_t SCT_get0_log_id(const SCT sct, unsigned char *log_id)
	200	{
	201	*log_id = sct->log_id;
	202	return sct->log_id_len;
	203	}
	204
	205	uint64_t SCT_get_timestamp(const SCT *sct)
	206	{
	207	return sct->timestamp;
	208	}
	209
	210	int SCT_get_signature_nid(const SCT *sct)
	211	{
0cea8832	212	if (sct->version == SCT_VERSION_V1) {
3149baf8 AE	213	if (sct->hash_alg == TLSEXT_hash_sha256) {
	214	switch (sct->sig_alg) {
	215	case TLSEXT_signature_ecdsa:
	216	return NID_ecdsa_with_SHA256;
	217	case TLSEXT_signature_rsa:
	218	return NID_sha256WithRSAEncryption;
	219	default:
	220	return NID_undef;
	221	}
	222	}
	223	}
	224	return NID_undef;
	225	}
	226
	227	size_t SCT_get0_extensions(const SCT sct, unsigned char *ext)
	228	{
	229	*ext = sct->ext;
	230	return sct->ext_len;
	231	}
	232
	233	size_t SCT_get0_signature(const SCT sct, unsigned char *sig)
	234	{
	235	*sig = sct->sig;
	236	return sct->sig_len;
	237	}
	238
0cea8832	239	int SCT_is_complete(const SCT *sct)
5ad29c54 AE	240	{
5ad29c54 AE	241	switch (sct->version) {
0cea8832	242	case SCT_VERSION_NOT_SET:
5ad29c54	243	return 0;
0cea8832 RP	244	case SCT_VERSION_V1:
0cea8832 RP	245	return sct->log_id != NULL && SCT_signature_is_complete(sct);
5ad29c54 AE	246	default:
	247	return sct->sct != NULL; /* Just need cached encoding */
	248	}
	249	}
	250
0cea8832 RP	251	int SCT_signature_is_complete(const SCT *sct)
	252	{
	253	return SCT_get_signature_nid(sct) != NID_undef &&
	254	sct->sig != NULL && sct->sig_len > 0;
	255	}
	256
8c6afbc5 RP	257	sct_source_t SCT_get_source(const SCT *sct)
	258	{
	259	return sct->source;
	260	}
	261
	262	int SCT_set_source(SCT *sct, sct_source_t source)
	263	{
	264	sct->source = source;
	265	switch (source) {
	266	case SCT_SOURCE_TLS_EXTENSION:
	267	case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
	268	return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
	269	case SCT_SOURCE_X509V3_EXTENSION:
	270	return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
	271	default: /* if we aren't sure, leave the log entry type alone */
	272	return 1;
	273	}
	274	}
	275
7d054e5a RP	276	sct_validation_status_t SCT_get_validation_status(const SCT *sct)
	277	{
	278	return sct->validation_status;
	279	}
	280
	281	int SCT_validate(SCT sct, const CT_POLICY_EVAL_CTX ctx)
	282	{
	283	int is_sct_valid = -1;
	284	SCT_CTX *sctx = NULL;
	285	X509_PUBKEY pub = NULL, log_pkey = NULL;
8359b57f	286	const CTLOG *log;
7d054e5a	287
43341433 VD	288	/*
	289	* With an unrecognized SCT version we don't know what such an SCT means,
	290	* let alone validate one. So we return validation failure (0).
	291	*/
8359b57f	292	if (sct->version != SCT_VERSION_V1) {
7d054e5a	293	sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
43341433	294	return 0;
7d054e5a RP	295	}
7d054e5a RP	296
8359b57f RP	297	log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
	298	sct->log_id, sct->log_id_len);
	299
43341433	300	/* Similarly, an SCT from an unknown log also cannot be validated. */
8359b57f	301	if (log == NULL) {
7d054e5a	302	sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
43341433	303	return 0;
7d054e5a RP	304	}
	305
	306	sctx = SCT_CTX_new();
	307	if (sctx == NULL)
	308	goto err;
	309
8359b57f	310	if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
7d054e5a RP	311	goto err;
	312	if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
	313	goto err;
	314
	315	if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
	316	EVP_PKEY *issuer_pkey;
	317
	318	if (ctx->issuer == NULL) {
	319	sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
	320	goto end;
	321	}
	322
147e54a7	323	issuer_pkey = X509_get0_pubkey(ctx->issuer);
7d054e5a RP	324
	325	if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
	326	goto err;
	327	if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
	328	goto err;
	329	}
	330
43341433 VD	331	/*
	332	* XXX: Potential for optimization. This repeats some idempotent heavy
	333	* lifting on the certificate for each candidate SCT, and appears to not
	334	* use any information in the SCT itself, only the certificate is
	335	* processed. So it may make more sense to to do this just once, perhaps
	336	* associated with the shared (by all SCTs) policy eval ctx.
	337	*
	338	* XXX: Failure here is global (SCT independent) and represents either an
	339	* issue with the certificate (e.g. duplicate extensions) or an out of
	340	* memory condition. When the certificate is incompatible with CT, we just
	341	* mark the SCTs invalid, rather than report a failure to determine the
	342	* validation status. That way, callbacks that want to do "soft" SCT
	343	* processing will not abort handshakes with false positive internal
	344	* errors. Since the function does not distinguish between certificate
	345	* issues (peer's fault) and internal problems (out fault) the safe thing
	346	* to do is to report a validation failure and let the callback or
	347	* application decide what to do.
	348	*/
7d054e5a	349	if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
43341433 VD	350	sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
	351	else
	352	sct->validation_status = SCT_verify(sctx, sct) == 1 ?
7d054e5a RP	353	SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
	354
	355	end:
	356	is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;
	357	err:
	358	X509_PUBKEY_free(pub);
	359	X509_PUBKEY_free(log_pkey);
	360	SCT_CTX_free(sctx);
	361
	362	return is_sct_valid;
	363	}
	364
	365	int SCT_LIST_validate(const STACK_OF(SCT) scts, CT_POLICY_EVAL_CTX ctx)
	366	{
	367	int are_scts_valid = 1;
	368	int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
	369	int i;
	370
	371	for (i = 0; i < sct_count; ++i) {
	372	int is_sct_valid = -1;
	373	SCT *sct = sk_SCT_value(scts, i);
	374
	375	if (sct == NULL)
	376	continue;
	377
	378	is_sct_valid = SCT_validate(sct, ctx);
	379	if (is_sct_valid < 0)
	380	return is_sct_valid;
	381	are_scts_valid &= is_sct_valid;
	382	}
	383
	384	return are_scts_valid;
	385	}