int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
{
size_t siglen;
size_t len_remaining = len;
const unsigned char *p;
if (sct->version != SCT_VERSION_V1) {
CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
return -1;
}
/*
* digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
* Signature algorithm (2 bytes + ?) Signature
*
* This explicitly rejects empty signatures: they're invalid for
* all supported algorithms.
*/
if (len <= 4) {
CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
return -1;
}
p = *in;
/* Get hash and signature algorithm */
sct->hash_alg = *p++;
sct->sig_alg = *p++;
if (SCT_get_signature_nid(sct) == NID_undef) {
CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
return -1;
}
/* Retrieve signature and check it is consistent with the buffer length */
n2s(p, siglen);
len_remaining -= (p - *in);
if (siglen > len_remaining) {
CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
return -1;
}
if (SCT_set1_signature(sct, p, siglen) != 1)
return -1;
len_remaining -= siglen;
*in = p + siglen;
return len - len_remaining;
}
static int test_encode_tls_sct()
{
SETUP_CT_TEST_FIXTURE();
SCT *sct = SCT_new();
SCT_set_version(sct, 0);
SCT_set1_log_id(sct, (unsigned char *)
"\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79"
"\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64", 32);
SCT_set_timestamp(sct, 1);
SCT_set1_extensions(sct, (unsigned char *)"", 0);
SCT_set_signature_nid(sct, NID_ecdsa_with_SHA256);
SCT_set1_signature(sct, (unsigned char *)
"\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE"
"\x1F\xD6\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3"
"\xE5\xE2\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5"
"\xE8\xAB\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51"
"\x9D\x89\xED\xBF\x08", 71);
fixture.sct = sct;
fixture.sct_text_file_path = "ct/tls1.sct";
EXECUTE_CT_TEST();
}