/src/openssl/crypto/ct/ct_vfy.c

Source (jump to first uncovered line)
/*
 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>

#include <openssl/ct.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>

#include "ct_local.h"

typedef enum sct_signature_type_t {
    SIGNATURE_TYPE_NOT_SET = -1,
    SIGNATURE_TYPE_CERT_TIMESTAMP,
    SIGNATURE_TYPE_TREE_HASH
} SCT_SIGNATURE_TYPE;

/*
 * Update encoding for SCT signature verification/generation to supplied
 * EVP_MD_CTX.
 */
static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
{
    unsigned char tmpbuf[12];
    unsigned char *p, *der;
    size_t derlen;
    /*+
     * digitally-signed struct {
     *   (1 byte) Version sct_version;
     *   (1 byte) SignatureType signature_type = certificate_timestamp;
     *   (8 bytes) uint64 timestamp;
     *   (2 bytes) LogEntryType entry_type;
     *   (? bytes) select(entry_type) {
     *     case x509_entry: ASN.1Cert;
     *     case precert_entry: PreCert;
     *   } signed_entry;
     *   (2 bytes + sct->ext_len) CtExtensions extensions;
     * }
     */
    if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
        return 0;
    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
        return 0;

    p = tmpbuf;
    *p++ = sct->version;
    *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
    l2n8(sct->timestamp, p);
    s2n(sct->entry_type, p);

    if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
        return 0;

    if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
        der = sctx->certder;
        derlen = sctx->certderlen;
    } else {
        if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
            return 0;
        der = sctx->preder;
        derlen = sctx->prederlen;
    }

    /* If no encoding available, fatal error */
    if (der == NULL)
        return 0;

    /* Include length first */
    p = tmpbuf;
    l2n3(derlen, p);

    if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
        return 0;
    if (!EVP_DigestUpdate(ctx, der, derlen))
        return 0;

    /* Add any extensions */
    p = tmpbuf;
    s2n(sct->ext_len, p);
    if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
        return 0;

    if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
        return 0;

    return 1;
}

int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
{
    EVP_MD_CTX *ctx = NULL;
    int ret = 0;

    if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
        sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
        (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
        return 0;
    }
    if (sct->version != SCT_VERSION_V1) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION);
        return 0;
    }
    if (sct->log_id_len != sctx->pkeyhashlen ||
        memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_LOG_ID_MISMATCH);
        return 0;
    }
    if (sct->timestamp > sctx->epoch_time_in_ms) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_FUTURE_TIMESTAMP);
        return 0;
    }

    ctx = EVP_MD_CTX_new();
    if (ctx == NULL)
        goto end;

    if (!EVP_DigestVerifyInit_ex(ctx, NULL, "SHA2-256", sctx->libctx,
                                 sctx->propq, sctx->pkey, NULL))
        goto end;

    if (!sct_ctx_update(ctx, sctx, sct))
        goto end;

    /* Verify signature */
    ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
    /* If ret < 0 some other error: fall through without setting error */
    if (ret == 0)
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);

end:
    EVP_MD_CTX_free(ctx);
    return ret;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <string.h>
11
12		#include <openssl/ct.h>
13		#include <openssl/err.h>
14		#include <openssl/evp.h>
15		#include <openssl/x509.h>
16
17		#include "ct_local.h"
18
19		typedef enum sct_signature_type_t {
20		SIGNATURE_TYPE_NOT_SET = -1,
21		SIGNATURE_TYPE_CERT_TIMESTAMP,
22		SIGNATURE_TYPE_TREE_HASH
23		} SCT_SIGNATURE_TYPE;
24
25		/*
26		* Update encoding for SCT signature verification/generation to supplied
27		* EVP_MD_CTX.
28		*/
29		static int sct_ctx_update(EVP_MD_CTX ctx, const SCT_CTX sctx, const SCT *sct)
30	0	{
31	0	unsigned char tmpbuf[12];
32	0	unsigned char p, der;
33	0	size_t derlen;
34		/*+
35		* digitally-signed struct {
36		* (1 byte) Version sct_version;
37		* (1 byte) SignatureType signature_type = certificate_timestamp;
38		* (8 bytes) uint64 timestamp;
39		* (2 bytes) LogEntryType entry_type;
40		* (? bytes) select(entry_type) {
41		* case x509_entry: ASN.1Cert;
42		* case precert_entry: PreCert;
43		* } signed_entry;
44		* (2 bytes + sct->ext_len) CtExtensions extensions;
45		* }
46		*/
47	0	if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
48	0	return 0;
49	0	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
50	0	return 0;
51
52	0	p = tmpbuf;
53	0	*p++ = sct->version;
54	0	*p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
55	0	l2n8(sct->timestamp, p);
56	0	s2n(sct->entry_type, p);
57
58	0	if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
59	0	return 0;
60
61	0	if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
62	0	der = sctx->certder;
63	0	derlen = sctx->certderlen;
64	0	} else {
65	0	if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
66	0	return 0;
67	0	der = sctx->preder;
68	0	derlen = sctx->prederlen;
69	0	}
70
71		/* If no encoding available, fatal error */
72	0	if (der == NULL)
73	0	return 0;
74
75		/* Include length first */
76	0	p = tmpbuf;
77	0	l2n3(derlen, p);
78
79	0	if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
80	0	return 0;
81	0	if (!EVP_DigestUpdate(ctx, der, derlen))
82	0	return 0;
83
84		/* Add any extensions */
85	0	p = tmpbuf;
86	0	s2n(sct->ext_len, p);
87	0	if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
88	0	return 0;
89
90	0	if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
91	0	return 0;
92
93	0	return 1;
94	0	}
95
96		int SCT_CTX_verify(const SCT_CTX sctx, const SCT sct)
97	0	{
98	0	EVP_MD_CTX *ctx = NULL;
99	0	int ret = 0;
100
101	0	if (!SCT_is_complete(sct) \|\| sctx->pkey == NULL \|\|
102	0	sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET \|\|
103	0	(sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
104	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
105	0	return 0;
106	0	}
107	0	if (sct->version != SCT_VERSION_V1) {
108	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION);
109	0	return 0;
110	0	}
111	0	if (sct->log_id_len != sctx->pkeyhashlen \|\|
112	0	memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
113	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_LOG_ID_MISMATCH);
114	0	return 0;
115	0	}
116	0	if (sct->timestamp > sctx->epoch_time_in_ms) {
117	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_FUTURE_TIMESTAMP);
118	0	return 0;
119	0	}
120
121	0	ctx = EVP_MD_CTX_new();
122	0	if (ctx == NULL)
123	0	goto end;
124
125	0	if (!EVP_DigestVerifyInit_ex(ctx, NULL, "SHA2-256", sctx->libctx,
126	0	sctx->propq, sctx->pkey, NULL))
127	0	goto end;
128
129	0	if (!sct_ctx_update(ctx, sctx, sct))
130	0	goto end;
131
132		/* Verify signature */
133	0	ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
134		/* If ret < 0 some other error: fall through without setting error */
135	0	if (ret == 0)
136	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
137
138	0	end:
139	0	EVP_MD_CTX_free(ctx);
140	0	return ret;
141	0	}

Coverage Report

Created: 2025-06-13 06:55