From be3230fd7fcdc95265cc67149095e17a29a4a09f Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Wed, 10 Jun 2026 19:44:13 +0800
Subject: [PATCH] Add sctverify command

---
 CMakeLists.txt    |   3 +-
 tools/gmssl.c     |   4 +
 tools/sctverify.c | 249 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 255 insertions(+), 1 deletion(-)
 create mode 100644 tools/sctverify.c

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 00c1bf05..11c1090e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -575,7 +575,8 @@ if (ENABLE_TLS)
 		tools/tls12_client.c
 		tools/tls12_server.c
 		tools/tls13_client.c
-		tools/tls13_server.c)
+		tools/tls13_server.c
+		tools/sctverify.c)
 	list(APPEND tests tls tls13 tls_ocsp)
 endif()
 
diff --git a/tools/gmssl.c b/tools/gmssl.c
index f5550347..400faece 100644
--- a/tools/gmssl.c
+++ b/tools/gmssl.c
@@ -88,6 +88,7 @@ extern int tls12_client_main(int argc, char **argv);
 extern int tls12_server_main(int argc, char **argv);
 extern int tls13_client_main(int argc, char **argv);
 extern int tls13_server_main(int argc, char **argv);
+extern int sctverify_main(int argc, char **argv);
 #endif
 #ifdef ENABLE_SECP256R1
 extern int p256keygen_main(int argc, char **argv);
@@ -253,6 +254,7 @@ static const char *options =
 	"  tls12_server      TLS 1.2 server\n"
 	"  tls13_client      TLS 1.3 client\n"
 	"  tls13_server      TLS 1.3 server\n"
+	"  sctverify         Verify Signed Certificate Timestamp list\n"
 #endif
 	"\n"
 	"run `gmssl <command> -help` to print help of the given command\n"
@@ -405,6 +407,8 @@ int main(int argc, char **argv)
 			return tls13_client_main(argc, argv);
 		} else if (!strcmp(*argv, "tls13_server")) {
 			return tls13_server_main(argc, argv);
+		} else if (!strcmp(*argv, "sctverify")) {
+			return sctverify_main(argc, argv);
 #endif
 #ifdef ENABLE_SECP256R1
 		} else if (!strcmp(*argv, "p256keygen")) {
diff --git a/tools/sctverify.c b/tools/sctverify.c
new file mode 100644
index 00000000..61da48b8
--- /dev/null
+++ b/tools/sctverify.c
@@ -0,0 +1,249 @@
+/*
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/hex.h>
+#include <gmssl/x509.h>
+#include <gmssl/sct.h>
+#include <gmssl/error.h>
+
+
+#define SCTVERIFY_MAX_SCT_LIST_SIZE	65536
+#define SCTVERIFY_MAX_ENTRY_SIZE	65536
+#define SCTVERIFY_MAX_CT_LOGS		16
+
+
+static const char *options =
+	"-in file [-cert pem | -precert der] [-issuer_key_hash hex]"
+	" -log_key pem [-log_key pem ...] [-at_least num] [-digest name]"
+	" [-verbose]";
+
+static const char *help =
+"Options\n"
+"\n"
+"    -in file            Input SignedCertificateTimestampList in binary format\n"
+"    -cert pem           Input certificate and verify SCTs over an x509_entry\n"
+"    -precert der        Input TBSCertificate DER and verify SCTs over a precert_entry\n"
+"    -issuer_key_hash hex\n"
+"                        32-byte issuer key hash, required with -precert\n"
+"    -log_key pem        CT Log public key in SubjectPublicKeyInfo PEM format\n"
+"                        This option can be repeated\n"
+"    -at_least num       Required number of successful SCT verifications, default 1\n"
+"    -digest name        Digest for CT Log ID, default sha256\n"
+"    -verbose            Print verification result to stderr\n"
+"\n"
+"Examples\n"
+"\n"
+"    gmssl sctverify -in sctlist.bin -cert cert.pem -log_key ctlog.pem -at_least 1\n"
+"    gmssl sctverify -in sctlist.bin -precert tbs.der -issuer_key_hash HEX -log_key ctlog.pem\n"
+"\n";
+
+static int read_file(const char *file, uint8_t *buf, size_t *buflen, size_t maxlen)
+{
+	FILE *fp;
+	size_t len;
+
+	if (!(fp = fopen(file, "rb"))) {
+		return -1;
+	}
+	len = fread(buf, 1, maxlen, fp);
+	if (ferror(fp) || (len == maxlen && fgetc(fp) != EOF)) {
+		fclose(fp);
+		return -1;
+	}
+	fclose(fp);
+	*buflen = len;
+	return 1;
+}
+
+int sctverify_main(int argc, char **argv)
+{
+	int ret = 1;
+	char *prog = argv[0];
+	char *infile = NULL;
+	char *certfile = NULL;
+	char *precertfile = NULL;
+	char *digest_name = "sha256";
+	char *str;
+	FILE *certfp = NULL;
+	FILE *logkeyfp = NULL;
+	int entry_type = -1;
+	int verbose = 0;
+	size_t at_least = 1;
+	size_t i;
+
+	uint8_t sct_list[SCTVERIFY_MAX_SCT_LIST_SIZE];
+	size_t sct_list_len = 0;
+	uint8_t entry[SCTVERIFY_MAX_ENTRY_SIZE];
+	size_t entry_len = 0;
+	uint8_t issuer_key_hash[SCT_ISSUER_KEY_HASH_SIZE];
+	size_t issuer_key_hash_len = 0;
+	CT_LOG_INFO ct_logs[SCTVERIFY_MAX_CT_LOGS];
+	size_t ct_logs_cnt = 0;
+	const DIGEST *digest;
+
+	argc--;
+	argv++;
+
+	while (argc > 0) {
+		if (!strcmp(*argv, "-help")) {
+			printf("usage: %s %s\n\n", prog, options);
+			printf("%s\n", help);
+			ret = 0;
+			goto end;
+		} else if (!strcmp(*argv, "-in")) {
+			if (--argc < 1) goto bad;
+			infile = *(++argv);
+		} else if (!strcmp(*argv, "-cert")) {
+			if (--argc < 1) goto bad;
+			certfile = *(++argv);
+			entry_type = SCT_log_entry_type_x509_entry;
+		} else if (!strcmp(*argv, "-precert")) {
+			if (--argc < 1) goto bad;
+			precertfile = *(++argv);
+			entry_type = SCT_log_entry_type_precert_entry;
+		} else if (!strcmp(*argv, "-issuer_key_hash")) {
+			if (--argc < 1) goto bad;
+			str = *(++argv);
+			if (hex_to_bytes(str, strlen(str), issuer_key_hash,
+				&issuer_key_hash_len) != 1
+				|| issuer_key_hash_len != sizeof(issuer_key_hash)) {
+				fprintf(stderr, "%s: invalid `-issuer_key_hash` value\n", prog);
+				goto end;
+			}
+		} else if (!strcmp(*argv, "-log_key")) {
+			if (--argc < 1) goto bad;
+			if (ct_logs_cnt >= SCTVERIFY_MAX_CT_LOGS) {
+				fprintf(stderr, "%s: too many `-log_key` options\n", prog);
+				goto end;
+			}
+			str = *(++argv);
+			if (!(logkeyfp = fopen(str, "rb"))) {
+				fprintf(stderr, "%s: open '%s' failure : %s\n",
+					prog, str, strerror(errno));
+				goto end;
+			}
+			memset(&ct_logs[ct_logs_cnt], 0, sizeof(CT_LOG_INFO));
+			if (x509_public_key_info_from_pem(&ct_logs[ct_logs_cnt].log_key,
+				logkeyfp) != 1) {
+				fprintf(stderr, "%s: parse CT log public key failure\n", prog);
+				goto end;
+			}
+			fclose(logkeyfp);
+			logkeyfp = NULL;
+			ct_logs[ct_logs_cnt].log_name = str;
+			ct_logs_cnt++;
+		} else if (!strcmp(*argv, "-at_least")) {
+			if (--argc < 1) goto bad;
+			str = *(++argv);
+			at_least = (size_t)atoi(str);
+			if (!at_least) {
+				fprintf(stderr, "%s: invalid `-at_least` value\n", prog);
+				goto end;
+			}
+		} else if (!strcmp(*argv, "-digest")) {
+			if (--argc < 1) goto bad;
+			digest_name = *(++argv);
+		} else if (!strcmp(*argv, "-verbose")) {
+			verbose = 1;
+		} else {
+			fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
+			goto end;
+bad:
+			fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv);
+			goto end;
+		}
+
+		argc--;
+		argv++;
+	}
+
+	if (!infile) {
+		fprintf(stderr, "%s: '-in' option required\n", prog);
+		goto end;
+	}
+	if ((certfile && precertfile) || (!certfile && !precertfile)) {
+		fprintf(stderr, "%s: exactly one of '-cert' or '-precert' required\n", prog);
+		goto end;
+	}
+	if (!ct_logs_cnt) {
+		fprintf(stderr, "%s: '-log_key' option required\n", prog);
+		goto end;
+	}
+	if (at_least > ct_logs_cnt) {
+		fprintf(stderr, "%s: `-at_least` must be <= number of CT log keys\n", prog);
+		goto end;
+	}
+	if (!(digest = digest_from_name(digest_name))) {
+		fprintf(stderr, "%s: invalid `-digest` value\n", prog);
+		goto end;
+	}
+	if (read_file(infile, sct_list, &sct_list_len, sizeof(sct_list)) != 1) {
+		fprintf(stderr, "%s: read SCT list failure\n", prog);
+		goto end;
+	}
+
+	switch (entry_type) {
+	case SCT_log_entry_type_x509_entry:
+		if (!(certfp = fopen(certfile, "rb"))) {
+			fprintf(stderr, "%s: open '%s' failure : %s\n",
+				prog, certfile, strerror(errno));
+			goto end;
+		}
+		if (x509_cert_from_pem(entry, &entry_len, sizeof(entry), certfp) != 1) {
+			fprintf(stderr, "%s: read certificate failure\n", prog);
+			goto end;
+		}
+		break;
+	case SCT_log_entry_type_precert_entry:
+		if (issuer_key_hash_len != SCT_ISSUER_KEY_HASH_SIZE) {
+			fprintf(stderr, "%s: '-issuer_key_hash' option required with '-precert'\n", prog);
+			goto end;
+		}
+		if (read_file(precertfile, entry, &entry_len, sizeof(entry)) != 1) {
+			fprintf(stderr, "%s: read TBSCertificate failure\n", prog);
+			goto end;
+		}
+		break;
+	}
+
+	for (i = 0; i < ct_logs_cnt; i++) {
+		size_t dgstlen;
+
+		if (x509_public_key_digest_ex(&ct_logs[i].log_key, digest,
+			ct_logs[i].log_id, &dgstlen) != 1
+			|| dgstlen != SCT_LOG_ID_SIZE) {
+			fprintf(stderr, "%s: compute CT log id failure\n", prog);
+			goto end;
+		}
+	}
+
+	if (sct_list_verify(sct_list, sct_list_len, entry_type,
+		issuer_key_hash_len ? issuer_key_hash : NULL,
+		entry, entry_len, ct_logs, ct_logs_cnt, at_least) != 1) {
+		fprintf(stderr, "%s: SCT list verification failure\n", prog);
+		goto end;
+	}
+
+	if (verbose) {
+		fprintf(stderr, "%s: SCT list verification success\n", prog);
+		fprintf(stderr, "%s: verified at least %zu SCT(s) with %zu CT log key(s)\n",
+			prog, at_least, ct_logs_cnt);
+	}
+	ret = 0;
+
+end:
+	if (certfp) fclose(certfp);
+	if (logkeyfp) fclose(logkeyfp);
+	return ret;
+}