SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
ct_log_entry_type_t entry_type, uint64_t timestamp,
const char *extensions_base64,
const char *signature_base64)
{
SCT *sct = SCT_new();
unsigned char *dec = NULL;
int declen;
if (sct == NULL) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
return NULL;
}
/*
* RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
* can only construct SCT versions that have been defined.
*/
if (!SCT_set_version(sct, version)) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
goto err;
}
declen = ct_base64_decode(logid_base64, &dec);
if (declen < 0) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
goto err;
}
if (!SCT_set0_log_id(sct, dec, declen))
goto err;
dec = NULL;
declen = ct_base64_decode(extensions_base64, &dec);
if (declen < 0) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
goto err;
}
SCT_set0_extensions(sct, dec, declen);
dec = NULL;
declen = ct_base64_decode(signature_base64, &dec);
if (declen < 0) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
goto err;
}
if (o2i_SCT_signature(sct, (const unsigned char **)&dec, declen) <= 0)
goto err;
OPENSSL_free(dec);
dec = NULL;
SCT_set_timestamp(sct, timestamp);
if (!SCT_set_log_entry_type(sct, entry_type))
goto err;
return sct;
err:
OPENSSL_free(dec);
SCT_free(sct);
return NULL;
}
SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
{
SCT *sct = NULL;
const unsigned char *p;
if (len == 0 || len > MAX_SCT_SIZE) {
CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
goto err;
}
if ((sct = SCT_new()) == NULL)
goto err;
p = *in;
sct->version = *p;
if (sct->version == SCT_VERSION_V1) {
int sig_len;
size_t len2;
/*-
* Fixed-length header:
* struct {
* Version sct_version; (1 byte)
* log_id id; (32 bytes)
* uint64 timestamp; (8 bytes)
* CtExtensions extensions; (2 bytes + ?)
* }
*/
if (len < 43) {
CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
goto err;
}
len -= 43;
p++;
sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
if (sct->log_id == NULL)
goto err;
sct->log_id_len = CT_V1_HASHLEN;
p += CT_V1_HASHLEN;
n2l8(p, sct->timestamp);
n2s(p, len2);
if (len < len2) {
CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
goto err;
}
if (len2 > 0) {
sct->ext = BUF_memdup(p, len2);
if (sct->ext == NULL)
goto err;
}
sct->ext_len = len2;
p += len2;
len -= len2;
sig_len = o2i_SCT_signature(sct, &p, len);
if (sig_len <= 0) {
CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
goto err;
}
len -= sig_len;
*in = p + len;
} else {
/* If not V1 just cache encoding */
sct->sct = BUF_memdup(p, len);
if (sct->sct == NULL)
goto err;
sct->sct_len = len;
*in = p + len;
}
if (psct != NULL) {
SCT_free(*psct);
*psct = sct;
}
return sct;
err:
SCT_free(sct);
return NULL;
}
