static int test_encode_tls_sct()
{
SETUP_CT_TEST_FIXTURE();
SCT *sct = SCT_new();
SCT_set_version(sct, 0);
SCT_set1_log_id(sct, (unsigned char *)
"\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79"
"\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64", 32);
SCT_set_timestamp(sct, 1);
SCT_set1_extensions(sct, (unsigned char *)"", 0);
SCT_set_signature_nid(sct, NID_ecdsa_with_SHA256);
SCT_set1_signature(sct, (unsigned char *)
"\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE"
"\x1F\xD6\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3"
"\xE5\xE2\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5"
"\xE8\xAB\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51"
"\x9D\x89\xED\xBF\x08", 71);
fixture.sct = sct;
fixture.sct_text_file_path = "ct/tls1.sct";
EXECUTE_CT_TEST();
}
SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
ct_log_entry_type_t entry_type, uint64_t timestamp,
const char *extensions_base64,
const char *signature_base64)
{
SCT *sct = SCT_new();
unsigned char *dec = NULL;
int declen;
if (sct == NULL) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
return NULL;
}
/*
* RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
* can only construct SCT versions that have been defined.
*/
if (!SCT_set_version(sct, version)) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
goto err;
}
declen = ct_base64_decode(logid_base64, &dec);
if (declen < 0) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
goto err;
}
if (!SCT_set0_log_id(sct, dec, declen))
goto err;
dec = NULL;
declen = ct_base64_decode(extensions_base64, &dec);
if (declen < 0) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
goto err;
}
SCT_set0_extensions(sct, dec, declen);
dec = NULL;
declen = ct_base64_decode(signature_base64, &dec);
if (declen < 0) {
CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
goto err;
}
if (o2i_SCT_signature(sct, (const unsigned char **)&dec, declen) <= 0)
goto err;
OPENSSL_free(dec);
dec = NULL;
SCT_set_timestamp(sct, timestamp);
if (!SCT_set_log_entry_type(sct, entry_type))
goto err;
return sct;
err:
OPENSSL_free(dec);
SCT_free(sct);
return NULL;
}
SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
{
SCT *sct = NULL;
const unsigned char *p;
if (len == 0 || len > MAX_SCT_SIZE) {
CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
goto err;
}
if ((sct = SCT_new()) == NULL)
goto err;
p = *in;
sct->version = *p;
if (sct->version == SCT_VERSION_V1) {
int sig_len;
size_t len2;
/*-
* Fixed-length header:
* struct {
* Version sct_version; (1 byte)
* log_id id; (32 bytes)
* uint64 timestamp; (8 bytes)
* CtExtensions extensions; (2 bytes + ?)
* }
*/
if (len < 43) {
CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
goto err;
}
len -= 43;
p++;
sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
if (sct->log_id == NULL)
goto err;
sct->log_id_len = CT_V1_HASHLEN;
p += CT_V1_HASHLEN;
n2l8(p, sct->timestamp);
n2s(p, len2);
if (len < len2) {
CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
goto err;
}
if (len2 > 0) {
sct->ext = BUF_memdup(p, len2);
if (sct->ext == NULL)
goto err;
}
sct->ext_len = len2;
p += len2;
len -= len2;
sig_len = o2i_SCT_signature(sct, &p, len);
if (sig_len <= 0) {
CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
goto err;
}
len -= sig_len;
*in = p + len;
} else {
/* If not V1 just cache encoding */
sct->sct = BUF_memdup(p, len);
if (sct->sct == NULL)
goto err;
sct->sct_len = len;
*in = p + len;
}
if (psct != NULL) {
SCT_free(*psct);
*psct = sct;
}
return sct;
err:
SCT_free(sct);
return NULL;
}
