CT policy validation

Specifies a callback that will, in the future, be used by the SSL code to
decide whether to abort a connection on Certificate Transparency grounds.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

2 files changed, 92 insertions, 0 deletions

diff --git a/include/openssl/ct.h b/include/openssl/ct.h
index de130c4678..7ea7ff236c 100644
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -90,9 +90,62 @@ typedef enum {
     SCT_SOURCE_OCSP_STAPLED_RESPONSE
 } sct_source_t;
 
+typedef enum {
+    SCT_VALIDATION_STATUS_NOT_SET,
+    SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+    SCT_VALIDATION_STATUS_VALID,
+    SCT_VALIDATION_STATUS_INVALID,
+    SCT_VALIDATION_STATUS_UNVERIFIED,
+    SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+} sct_validation_status_t;
+
 DEFINE_STACK_OF(SCT)
 DEFINE_STACK_OF(CTLOG)
 
+/******************************************
+ * CT policy evaluation context functions *
+ ******************************************/
+
+/* Creates a new, empty policy evaluation context */
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+
+/* Deletes a policy evaluation context */
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+
+/* Gets the peer certificate that the SCTs are for */
+X509* CT_POLICY_EVAL_CTX_get0_cert(CT_POLICY_EVAL_CTX *ctx);
+
+/* Sets the certificate associated with the received SCTs */
+void CT_POLICY_EVAL_CTX_set0_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+
+/* Gets the issuer of the aforementioned certificate */
+X509* CT_POLICY_EVAL_CTX_get0_issuer(CT_POLICY_EVAL_CTX *ctx);
+
+/* Sets the issuer of the certificate associated with the received SCTs */
+void CT_POLICY_EVAL_CTX_set0_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+
+/* Gets the CT logs that are trusted sources of SCTs */
+CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(CT_POLICY_EVAL_CTX *ctx);
+
+/* Sets the log store that is in use */
+void CT_POLICY_EVAL_CTX_set0_log_store(CT_POLICY_EVAL_CTX *ctx,
+                                       CTLOG_STORE *log_store);
+
+/*
+ * A callback for verifying that the received SCTs are sufficient.
+ * Expected to return 1 if they are sufficient, otherwise 0.
+ * May return a negative integer if an error occurs.
+ * A connection should be aborted if the SCTs are deemed insufficient.
+ */
+typedef int(*ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                               const STACK_OF(SCT) *scts, void *arg);
+/* Returns 0 if there are invalid SCTs */
+int CT_verify_no_bad_scts(const CT_POLICY_EVAL_CTX *ctx,
+                          const STACK_OF(SCT) *scts, void *arg);
+/* Returns 0 if there are invalid SCTS or fewer than one valid SCT */
+int CT_verify_at_least_one_good_sct(const CT_POLICY_EVAL_CTX *ctx,
+                                    const STACK_OF(SCT) *scts, void *arg);
+
 /*****************
  * SCT functions *
  *****************/
@@ -304,6 +357,31 @@ int SCT_verify(const SCT_CTX *sctx, const SCT *sct);
 int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer,
                   X509_PUBKEY *log_pubkey, X509 *issuer_cert);
 
+/*
+ * Gets the last result of validating this SCT.
+ * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET.
+ */
+sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+
+/*
+ * Validates the given SCT with the provided context.
+ * Sets the "validation_status" field of the SCT.
+ * Returns 1 if the SCT is valid and the signature verifies.
+ * Returns 0 if the SCT is invalid or could not be verified.
+ * Returns -1 if an error occurs.
+ */
+int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Validates the given list of SCTs with the provided context.
+ * Populates the "good_scts" and "bad_scts" of the evaluation context.
+ * Returns 1 if there are no invalid SCTs and all signatures verify.
+ * Returns 0 if at least one SCT is invalid or could not be verified.
+ * Returns a negative integer if an error occurs.
+ */
+int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx);
+
+
 /*********************************
  * SCT parsing and serialisation *
  *********************************/
@@ -494,7 +572,16 @@ void ERR_load_CT_strings(void);
 # define CT_F_CTLOG_STORE_LOAD_CTX_NEW                    122
 # define CT_F_CTLOG_STORE_LOAD_FILE                       123
 # define CT_F_CT_BASE64_DECODE                            124
+# define CT_F_CT_POLICY_EVAL_CTX_GET0_CERT                130
+# define CT_F_CT_POLICY_EVAL_CTX_GET0_ISSUER              131
+# define CT_F_CT_POLICY_EVAL_CTX_GET0_LOG_STORE           132
+# define CT_F_CT_POLICY_EVAL_CTX_NEW                      133
+# define CT_F_CT_POLICY_EVAL_CTX_SET0_CERT                134
+# define CT_F_CT_POLICY_EVAL_CTX_SET0_ISSUER              135
+# define CT_F_CT_POLICY_EVAL_CTX_SET0_LOG_STORE           136
 # define CT_F_CT_V1_LOG_ID_FROM_PKEY                      125
+# define CT_F_CT_VERIFY_AT_LEAST_ONE_GOOD_SCT             137
+# define CT_F_CT_VERIFY_NO_BAD_SCTS                       138
 # define CT_F_D2I_SCT_LIST                                105
 # define CT_F_I2D_SCT_LIST                                106
 # define CT_F_I2O_SCT                                     107
@@ -504,6 +591,7 @@ void ERR_load_CT_strings(void);
 # define CT_F_O2I_SCT_LIST                                111
 # define CT_F_O2I_SCT_SIGNATURE                           112
 # define CT_F_SCT_CTX_NEW                                 126
+# define CT_F_SCT_LIST_VALIDATE                           139
 # define CT_F_SCT_NEW                                     100
 # define CT_F_SCT_NEW_FROM_BASE64                         127
 # define CT_F_SCT_SET0_LOG_ID                             101
@@ -514,6 +602,7 @@ void ERR_load_CT_strings(void);
 # define CT_F_SCT_SET_SIGNATURE_NID                       103
 # define CT_F_SCT_SET_VERSION                             104
 # define CT_F_SCT_SIGNATURE_IS_VALID                      113
+# define CT_F_SCT_VALIDATE                                140
 # define CT_F_SCT_VERIFY                                  128
 # define CT_F_SCT_VERIFY_V1                               129
 
@@ -525,12 +614,14 @@ void ERR_load_CT_strings(void);
 # define CT_R_LOG_CONF_MISSING_DESCRIPTION                111
 # define CT_R_LOG_CONF_MISSING_KEY                        112
 # define CT_R_LOG_KEY_INVALID                             113
+# define CT_R_NOT_ENOUGH_SCTS                             116
 # define CT_R_SCT_INVALID                                 104
 # define CT_R_SCT_INVALID_SIGNATURE                       107
 # define CT_R_SCT_LIST_INVALID                            105
 # define CT_R_SCT_LOG_ID_MISMATCH                         114
 # define CT_R_SCT_NOT_SET                                 106
 # define CT_R_SCT_UNSUPPORTED_VERSION                     115
+# define CT_R_SCT_VALIDATION_STATUS_NOT_SET               117
 # define CT_R_UNRECOGNIZED_SIGNATURE_NID                  101
 # define CT_R_UNSUPPORTED_ENTRY_TYPE                      102
 # define CT_R_UNSUPPORTED_VERSION                         103
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index 013296618c..7a8d319989 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -204,6 +204,7 @@ typedef struct sct_st SCT;
 typedef struct sct_ctx_st SCT_CTX;
 typedef struct ctlog_st CTLOG;
 typedef struct ctlog_store_st CTLOG_STORE;
+typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX;
 
 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
     defined(INTMAX_MAX) && defined(UINTMAX_MAX)