ct_sct_ctx.c 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263
  1. /*
  2. * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifdef OPENSSL_NO_CT
  10. # error "CT is disabled"
  11. #endif
  12. #include <stddef.h>
  13. #include <string.h>
  14. #include <openssl/err.h>
  15. #include <openssl/obj_mac.h>
  16. #include <openssl/x509.h>
  17. #include "ct_local.h"
  18. SCT_CTX *SCT_CTX_new(void)
  19. {
  20. SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
  21. if (sctx == NULL)
  22. CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
  23. return sctx;
  24. }
  25. void SCT_CTX_free(SCT_CTX *sctx)
  26. {
  27. if (sctx == NULL)
  28. return;
  29. EVP_PKEY_free(sctx->pkey);
  30. OPENSSL_free(sctx->pkeyhash);
  31. OPENSSL_free(sctx->ihash);
  32. OPENSSL_free(sctx->certder);
  33. OPENSSL_free(sctx->preder);
  34. OPENSSL_free(sctx);
  35. }
  36. /*
  37. * Finds the index of the first extension with the given NID in cert.
  38. * If there is more than one extension with that NID, *is_duplicated is set to
  39. * 1, otherwise 0 (unless it is NULL).
  40. */
  41. static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
  42. {
  43. int ret = X509_get_ext_by_NID(cert, nid, -1);
  44. if (is_duplicated != NULL)
  45. *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;
  46. return ret;
  47. }
  48. /*
  49. * Modifies a certificate by deleting extensions and copying the issuer and
  50. * AKID from the presigner certificate, if necessary.
  51. * Returns 1 on success, 0 otherwise.
  52. */
  53. __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
  54. {
  55. int preidx, certidx;
  56. int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
  57. if (presigner == NULL)
  58. return 1;
  59. preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
  60. &pre_akid_ext_is_dup);
  61. certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
  62. &cert_akid_ext_is_dup);
  63. /* An error occurred whilst searching for the extension */
  64. if (preidx < -1 || certidx < -1)
  65. return 0;
  66. /* Invalid certificate if they contain duplicate extensions */
  67. if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
  68. return 0;
  69. /* AKID must be present in both certificate or absent in both */
  70. if (preidx >= 0 && certidx == -1)
  71. return 0;
  72. if (preidx == -1 && certidx >= 0)
  73. return 0;
  74. /* Copy issuer name */
  75. if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
  76. return 0;
  77. if (preidx != -1) {
  78. /* Retrieve and copy AKID encoding */
  79. X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
  80. X509_EXTENSION *certext = X509_get_ext(cert, certidx);
  81. ASN1_OCTET_STRING *preextdata;
  82. /* Should never happen */
  83. if (preext == NULL || certext == NULL)
  84. return 0;
  85. preextdata = X509_EXTENSION_get_data(preext);
  86. if (preextdata == NULL ||
  87. !X509_EXTENSION_set_data(certext, preextdata))
  88. return 0;
  89. }
  90. return 1;
  91. }
  92. int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
  93. {
  94. unsigned char *certder = NULL, *preder = NULL;
  95. X509 *pretmp = NULL;
  96. int certderlen = 0, prederlen = 0;
  97. int idx = -1;
  98. int poison_ext_is_dup, sct_ext_is_dup;
  99. int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
  100. /* Duplicate poison extensions are present - error */
  101. if (poison_ext_is_dup)
  102. goto err;
  103. /* If *cert doesn't have a poison extension, it isn't a precert */
  104. if (poison_idx == -1) {
  105. /* cert isn't a precert, so we shouldn't have a presigner */
  106. if (presigner != NULL)
  107. goto err;
  108. certderlen = i2d_X509(cert, &certder);
  109. if (certderlen < 0)
  110. goto err;
  111. }
  112. /* See if cert has a precert SCTs extension */
  113. idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
  114. /* Duplicate SCT extensions are present - error */
  115. if (sct_ext_is_dup)
  116. goto err;
  117. if (idx >= 0 && poison_idx >= 0) {
  118. /*
  119. * cert can't both contain SCTs (i.e. have an SCT extension) and be a
  120. * precert (i.e. have a poison extension).
  121. */
  122. goto err;
  123. }
  124. if (idx == -1) {
  125. idx = poison_idx;
  126. }
  127. /*
  128. * If either a poison or SCT extension is present, remove it before encoding
  129. * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
  130. * RFC5280) from cert, which is what the CT log signed when it produced the
  131. * SCT.
  132. */
  133. if (idx >= 0) {
  134. X509_EXTENSION *ext;
  135. /* Take a copy of certificate so we don't modify passed version */
  136. pretmp = X509_dup(cert);
  137. if (pretmp == NULL)
  138. goto err;
  139. ext = X509_delete_ext(pretmp, idx);
  140. X509_EXTENSION_free(ext);
  141. if (!ct_x509_cert_fixup(pretmp, presigner))
  142. goto err;
  143. prederlen = i2d_re_X509_tbs(pretmp, &preder);
  144. if (prederlen <= 0)
  145. goto err;
  146. }
  147. X509_free(pretmp);
  148. OPENSSL_free(sctx->certder);
  149. sctx->certder = certder;
  150. sctx->certderlen = certderlen;
  151. OPENSSL_free(sctx->preder);
  152. sctx->preder = preder;
  153. sctx->prederlen = prederlen;
  154. return 1;
  155. err:
  156. OPENSSL_free(certder);
  157. OPENSSL_free(preder);
  158. X509_free(pretmp);
  159. return 0;
  160. }
  161. __owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
  162. size_t *hash_len)
  163. {
  164. int ret = 0;
  165. unsigned char *md = NULL, *der = NULL;
  166. int der_len;
  167. unsigned int md_len;
  168. /* Reuse buffer if possible */
  169. if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
  170. md = *hash;
  171. } else {
  172. md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
  173. if (md == NULL)
  174. goto err;
  175. }
  176. /* Calculate key hash */
  177. der_len = i2d_X509_PUBKEY(pkey, &der);
  178. if (der_len <= 0)
  179. goto err;
  180. if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))
  181. goto err;
  182. if (md != *hash) {
  183. OPENSSL_free(*hash);
  184. *hash = md;
  185. *hash_len = SHA256_DIGEST_LENGTH;
  186. }
  187. md = NULL;
  188. ret = 1;
  189. err:
  190. OPENSSL_free(md);
  191. OPENSSL_free(der);
  192. return ret;
  193. }
  194. int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
  195. {
  196. return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
  197. }
  198. int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
  199. {
  200. return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);
  201. }
  202. int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
  203. {
  204. EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
  205. if (pkey == NULL)
  206. return 0;
  207. if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
  208. EVP_PKEY_free(pkey);
  209. return 0;
  210. }
  211. EVP_PKEY_free(sctx->pkey);
  212. sctx->pkey = pkey;
  213. return 1;
  214. }
  215. void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
  216. {
  217. sctx->epoch_time_in_ms = time_in_ms;
  218. }