abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1bf47fea14b0ba31cc08bab30c7a131089cf6ab0
GmSSL/src/tls_sct.c
Zhi Guan b48f2c3772 Update TLS SCT
2026-06-10 23:44:31 +08:00

192 lines
4.6 KiB
C
Raw Blame History

/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <time.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <gmssl/rand.h>
#include <gmssl/x509.h>
#include <gmssl/error.h>
#include <gmssl/sm2.h>
#include <gmssl/sm3.h>
#include <gmssl/sm4.h>
#include <gmssl/pem.h>
#include <gmssl/mem.h>
#include <gmssl/tls.h>
#include <gmssl/sct.h>
/*
18. signed_certificate_timestamp
ClientHello.exts.signed_certificate_timestamp
ext_data := empty
Certificate.certificate_list.CertificateEntry.exts.signed_certificate_timestamp
ext_data := SignedCertificateTimestamp sct_list<0..2^16-1>;
struct {
opaque key_id[32];
uint64 timestamp;
opaque signature<0..2^16-1>;
} SignedCertificateTimestamp;
// SignedCertificateTimestamp 的格式不对
*/
/*
int tls_signed_certificate_timestamp_entry_to_bytes(const uint8_t key_id[32],
uint64_t timestamp, const uint8_t *signature, size_t signature_len,
uint8_t **out, size_t *outlen)
{
if (!key_id || !signature || !signature_len || !outlen) {
error_print();
return -1;
}
tls_array_to_bytes(key_id, 32, out, outlen);
tls_uint64_to_bytes(timestamp, out, outlen);
tls_uint16array_to_bytes(signature, signature_len, out, outlen);
return 1;
}
int tls_signed_certificate_timestamp_entry_from_bytes(const uint8_t **key_id,
uint64_t *timestamp, const uint8_t **signature, size_t *signature_len,
const uint8_t **in, size_t *inlen)
{
if (!key_id || !timestamp || !signature || !signature_len || !in || !(*in) || !inlen) {
error_print();
return -1;
}
if (tls_array_from_bytes(key_id, 32, in, inlen) != 1
|| tls_uint64_from_bytes(timestamp, in, inlen) != 1
|| tls_uint16array_from_bytes(signature, signature_len, in, inlen) != 1) {
error_print();
return -1;
}
return 1;
}
*/
int tls_signed_certificate_timestamp_ext_to_bytes(const uint8_t *sct_list, size_t sct_list_len,
uint8_t **out, size_t *outlen)
{
if (!sct_list || !sct_list_len || !outlen) {
error_print();
return -1;
}
tls_uint16array_to_bytes(sct_list, sct_list_len, out, outlen);
return 1;
}
int tls_signed_certificate_timestamp_from_bytes(const uint8_t **sct_list, size_t *sct_list_len,
const uint8_t **in, size_t *inlen)
{
if (!sct_list || !sct_list_len || !in || !(*in) || !inlen) {
error_print();
return -1;
}
if (tls_uint16array_from_bytes(sct_list, sct_list_len, in, inlen) != 1) {
error_print();
return -1;
}
return 1;
}
int tls_signed_certificate_timestamp_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen)
{
const uint8_t *sct_list;
size_t sct_list_len;
size_t i = 0;
if (!fp || !d) {
error_print();
return -1;
}
if (tls_uint16array_from_bytes(&sct_list, &sct_list_len, &d, &dlen) != 1
|| dlen) {
error_print();
return -1;
}
format_print(fp, fmt, ind, "sct_list\n");
ind += 4;
if (!sct_list_len) {
format_print(fp, fmt, ind, "(null)\n");
}
while (sct_list_len) {
const uint8_t *sct;
size_t sct_len;
char label[64];
if (tls_uint16array_from_bytes(&sct, &sct_len,
&sct_list, &sct_list_len) != 1) {
error_print();
return -1;
}
snprintf(label, sizeof(label), "SignedCertificateTimestamp[%zu]", i++);
if (signed_certificate_timestamp_print(fp, fmt, ind, label,
sct, sct_len) != 1) {
error_print();
return -1;
}
}
return 1;
}
int tls_enable_signed_certificate_timestamp(TLS_CONNECT *conn, int enable)
{
if (!conn) {
error_print();
return -1;
}
conn->signed_certificate_timestamp = enable ? 1 : 0;
return 1;
}
int tls_ctx_enable_signed_certificate_timestamp(TLS_CTX *ctx, int enable)
{
if (!ctx) {
error_print();
return -1;
}
ctx->signed_certificate_timestamp = enable ? 1 : 0;
return 1;
}
int tls_ctx_set_ct_logs(TLS_CTX *ctx, const CT_LOG_INFO *ct_logs,
size_t ct_logs_cnt, size_t at_least)
{
if (!ctx || (ct_logs_cnt && !ct_logs) || at_least > ct_logs_cnt) {
error_print();
return -1;
}
ctx->ct_logs = ct_logs;
ctx->ct_logs_cnt = ct_logs_cnt;
ctx->ct_at_least = at_least;
return 1;
}
int tls13_signed_certificate_timestamp_verify(const uint8_t *sct_list, size_t sct_list_len,
int entry_type, const uint8_t issuer_key_hash[SCT_ISSUER_KEY_HASH_SIZE],
const uint8_t *entry, size_t entry_len,
const CT_LOG_INFO *ct_logs, size_t ct_logs_cnt, size_t at_least)
{
if (!ct_logs_cnt) {
return 1;
}
if (!at_least) {
at_least = 1;
}
return sct_list_verify(sct_list, sct_list_len, entry_type,
issuer_key_hash, entry, entry_len, ct_logs, ct_logs_cnt, at_least);
}
Reference in New Issue View Git Blame Copy Permalink