| /* asn.c |
| * |
| * Copyright (C) 2006-2015 wolfSSL Inc. |
| * |
| * This file is part of wolfSSL. (formerly known as CyaSSL) |
| * |
| * wolfSSL is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License as published by |
| * the Free Software Foundation; either version 2 of the License, or |
| * (at your option) any later version. |
| * |
| * wolfSSL is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
| */ |
| |
| #ifdef HAVE_CONFIG_H |
| #include <config.h> |
| #endif |
| |
| #include <wolfssl/wolfcrypt/settings.h> |
| |
| #ifndef NO_ASN |
| |
| #ifdef HAVE_RTP_SYS |
| #include "os.h" /* dc_rtc_api needs */ |
| #include "dc_rtc_api.h" /* to get current time */ |
| #endif |
| |
| #include <wolfssl/wolfcrypt/asn.h> |
| #include <wolfssl/wolfcrypt/coding.h> |
| #include <wolfssl/wolfcrypt/md2.h> |
| #include <wolfssl/wolfcrypt/hmac.h> |
| #include <wolfssl/wolfcrypt/error-crypt.h> |
| #include <wolfssl/wolfcrypt/pwdbased.h> |
| #include <wolfssl/wolfcrypt/des3.h> |
| #include <wolfssl/wolfcrypt/logging.h> |
| |
| #include <wolfssl/wolfcrypt/random.h> |
| |
| |
| #ifndef NO_RC4 |
| #include <wolfssl/wolfcrypt/arc4.h> |
| #endif |
| |
| #ifdef HAVE_NTRU |
| #include "ntru_crypto.h" |
| #endif |
| |
| #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) |
| #include <wolfssl/wolfcrypt/sha512.h> |
| #endif |
| |
| #ifndef NO_SHA256 |
| #include <wolfssl/wolfcrypt/sha256.h> |
| #endif |
| |
| #ifdef HAVE_ECC |
| #include <wolfssl/wolfcrypt/ecc.h> |
| #endif |
| |
| #ifdef WOLFSSL_DEBUG_ENCODING |
| #ifdef FREESCALE_MQX |
| #include <fio.h> |
| #else |
| #include <stdio.h> |
| #endif |
| #endif |
| |
| #ifdef _MSC_VER |
| /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */ |
| #pragma warning(disable: 4996) |
| #endif |
| |
| |
| #ifndef TRUE |
| #define TRUE 1 |
| #endif |
| #ifndef FALSE |
| #define FALSE 0 |
| #endif |
| |
| |
| #ifdef HAVE_RTP_SYS |
| /* uses parital <time.h> structures */ |
| #define XTIME(tl) (0) |
| #define XGMTIME(c, t) my_gmtime((c)) |
| #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) |
| #elif defined(MICRIUM) |
| #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) |
| #define XVALIDATE_DATE(d,f,t) NetSecure_ValidateDateHandler((d),(f),(t)) |
| #else |
| #define XVALIDATE_DATE(d, f, t) (0) |
| #endif |
| #define NO_TIME_H |
| /* since Micrium not defining XTIME or XGMTIME, CERT_GEN not available */ |
| #elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) |
| #include <time.h> |
| #define XTIME(t1) pic32_time((t1)) |
| #define XGMTIME(c, t) gmtime((c)) |
| #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) |
| #elif defined(FREESCALE_MQX) |
| #define XTIME(t1) mqx_time((t1)) |
| #define XGMTIME(c, t) mqx_gmtime((c), (t)) |
| #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) |
| #elif defined(WOLFSSL_MDK_ARM) |
| #if defined(WOLFSSL_MDK5) |
| #include "cmsis_os.h" |
| #else |
| #include <rtl.h> |
| #endif |
| #undef RNG |
| #include "wolfssl_MDK_ARM.h" |
| #undef RNG |
| #define RNG wolfSSL_RNG /*for avoiding name conflict in "stm32f2xx.h" */ |
| #define XTIME(tl) (0) |
| #define XGMTIME(c, t) wolfssl_MDK_gmtime((c)) |
| #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) |
| #elif defined(USER_TIME) |
| /* user time, and gmtime compatible functions, there is a gmtime |
| implementation here that WINCE uses, so really just need some ticks |
| since the EPOCH |
| */ |
| |
| struct tm { |
| int tm_sec; /* seconds after the minute [0-60] */ |
| int tm_min; /* minutes after the hour [0-59] */ |
| int tm_hour; /* hours since midnight [0-23] */ |
| int tm_mday; /* day of the month [1-31] */ |
| int tm_mon; /* months since January [0-11] */ |
| int tm_year; /* years since 1900 */ |
| int tm_wday; /* days since Sunday [0-6] */ |
| int tm_yday; /* days since January 1 [0-365] */ |
| int tm_isdst; /* Daylight Savings Time flag */ |
| long tm_gmtoff; /* offset from CUT in seconds */ |
| char *tm_zone; /* timezone abbreviation */ |
| }; |
| typedef long time_t; |
| |
| /* forward declaration */ |
| struct tm* gmtime(const time_t* timer); |
| extern time_t XTIME(time_t * timer); |
| |
| #define XGMTIME(c, t) gmtime((c)) |
| #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) |
| |
| #ifdef STACK_TRAP |
| /* for stack trap tracking, don't call os gmtime on OS X/linux, |
| uses a lot of stack spce */ |
| extern time_t time(time_t * timer); |
| #define XTIME(tl) time((tl)) |
| #endif /* STACK_TRAP */ |
| |
| #elif defined(TIME_OVERRIDES) |
| /* user would like to override time() and gmtime() functionality */ |
| |
| #ifndef HAVE_TIME_T_TYPE |
| typedef long time_t; |
| #endif |
| extern time_t XTIME(time_t * timer); |
| |
| #ifndef HAVE_TM_TYPE |
| struct tm { |
| int tm_sec; /* seconds after the minute [0-60] */ |
| int tm_min; /* minutes after the hour [0-59] */ |
| int tm_hour; /* hours since midnight [0-23] */ |
| int tm_mday; /* day of the month [1-31] */ |
| int tm_mon; /* months since January [0-11] */ |
| int tm_year; /* years since 1900 */ |
| int tm_wday; /* days since Sunday [0-6] */ |
| int tm_yday; /* days since January 1 [0-365] */ |
| int tm_isdst; /* Daylight Savings Time flag */ |
| long tm_gmtoff; /* offset from CUT in seconds */ |
| char *tm_zone; /* timezone abbreviation */ |
| }; |
| #endif |
| extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp); |
| |
| #ifndef HAVE_VALIDATE_DATE |
| #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) |
| #endif |
| #else |
| /* default */ |
| /* uses complete <time.h> facility */ |
| #include <time.h> |
| #define XTIME(tl) time((tl)) |
| #define XGMTIME(c, t) gmtime((c)) |
| #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) |
| #endif |
| |
| |
| #ifdef _WIN32_WCE |
| /* no time() or gmtime() even though in time.h header?? */ |
| |
| #include <windows.h> |
| |
| |
| time_t time(time_t* timer) |
| { |
| SYSTEMTIME sysTime; |
| FILETIME fTime; |
| ULARGE_INTEGER intTime; |
| time_t localTime; |
| |
| if (timer == NULL) |
| timer = &localTime; |
| |
| GetSystemTime(&sysTime); |
| SystemTimeToFileTime(&sysTime, &fTime); |
| |
| XMEMCPY(&intTime, &fTime, sizeof(FILETIME)); |
| /* subtract EPOCH */ |
| intTime.QuadPart -= 0x19db1ded53e8000; |
| /* to secs */ |
| intTime.QuadPart /= 10000000; |
| *timer = (time_t)intTime.QuadPart; |
| |
| return *timer; |
| } |
| |
| #endif /* _WIN32_WCE */ |
| #if defined( _WIN32_WCE ) || defined( USER_TIME ) |
| |
| struct tm* gmtime(const time_t* timer) |
| { |
| #define YEAR0 1900 |
| #define EPOCH_YEAR 1970 |
| #define SECS_DAY (24L * 60L * 60L) |
| #define LEAPYEAR(year) (!((year) % 4) && (((year) % 100) || !((year) %400))) |
| #define YEARSIZE(year) (LEAPYEAR(year) ? 366 : 365) |
| |
| static const int _ytab[2][12] = |
| { |
| {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, |
| {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31} |
| }; |
| |
| static struct tm st_time; |
| struct tm* ret = &st_time; |
| time_t secs = *timer; |
| unsigned long dayclock, dayno; |
| int year = EPOCH_YEAR; |
| |
| dayclock = (unsigned long)secs % SECS_DAY; |
| dayno = (unsigned long)secs / SECS_DAY; |
| |
| ret->tm_sec = (int) dayclock % 60; |
| ret->tm_min = (int)(dayclock % 3600) / 60; |
| ret->tm_hour = (int) dayclock / 3600; |
| ret->tm_wday = (int) (dayno + 4) % 7; /* day 0 a Thursday */ |
| |
| while(dayno >= (unsigned long)YEARSIZE(year)) { |
| dayno -= YEARSIZE(year); |
| year++; |
| } |
| |
| ret->tm_year = year - YEAR0; |
| ret->tm_yday = (int)dayno; |
| ret->tm_mon = 0; |
| |
| while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) { |
| dayno -= _ytab[LEAPYEAR(year)][ret->tm_mon]; |
| ret->tm_mon++; |
| } |
| |
| ret->tm_mday = (int)++dayno; |
| ret->tm_isdst = 0; |
| |
| return ret; |
| } |
| |
| #endif /* _WIN32_WCE || USER_TIME */ |
| |
| |
| #ifdef HAVE_RTP_SYS |
| |
| #define YEAR0 1900 |
| |
| struct tm* my_gmtime(const time_t* timer) /* has a gmtime() but hangs */ |
| { |
| static struct tm st_time; |
| struct tm* ret = &st_time; |
| |
| DC_RTC_CALENDAR cal; |
| dc_rtc_time_get(&cal, TRUE); |
| |
| ret->tm_year = cal.year - YEAR0; /* gm starts at 1900 */ |
| ret->tm_mon = cal.month - 1; /* gm starts at 0 */ |
| ret->tm_mday = cal.day; |
| ret->tm_hour = cal.hour; |
| ret->tm_min = cal.minute; |
| ret->tm_sec = cal.second; |
| |
| return ret; |
| } |
| |
| #endif /* HAVE_RTP_SYS */ |
| |
| |
| #if defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) |
| |
| /* |
| * time() is just a stub in Microchip libraries. We need our own |
| * implementation. Use SNTP client to get seconds since epoch. |
| */ |
| time_t pic32_time(time_t* timer) |
| { |
| #ifdef MICROCHIP_TCPIP_V5 |
| DWORD sec = 0; |
| #else |
| uint32_t sec = 0; |
| #endif |
| time_t localTime; |
| |
| if (timer == NULL) |
| timer = &localTime; |
| |
| #ifdef MICROCHIP_MPLAB_HARMONY |
| sec = TCPIP_SNTP_UTCSecondsGet(); |
| #else |
| sec = SNTPGetUTCSeconds(); |
| #endif |
| *timer = (time_t) sec; |
| |
| return *timer; |
| } |
| |
| #endif /* MICROCHIP_TCPIP */ |
| |
| |
| #ifdef FREESCALE_MQX |
| |
| time_t mqx_time(time_t* timer) |
| { |
| time_t localTime; |
| TIME_STRUCT time_s; |
| |
| if (timer == NULL) |
| timer = &localTime; |
| |
| _time_get(&time_s); |
| *timer = (time_t) time_s.SECONDS; |
| |
| return *timer; |
| } |
| |
| /* CodeWarrior GCC toolchain only has gmtime_r(), no gmtime() */ |
| struct tm* mqx_gmtime(const time_t* clock, struct tm* tmpTime) |
| { |
| return gmtime_r(clock, tmpTime); |
| } |
| |
| #endif /* FREESCALE_MQX */ |
| |
| #ifdef WOLFSSL_TIRTOS |
| |
| time_t XTIME(time_t * timer) |
| { |
| time_t sec = 0; |
| |
| sec = (time_t) Seconds_get(); |
| |
| if (timer != NULL) |
| *timer = sec; |
| |
| return sec; |
| } |
| |
| #endif /* WOLFSSL_TIRTOS */ |
| |
| static INLINE word32 btoi(byte b) |
| { |
| return b - 0x30; |
| } |
| |
| |
| /* two byte date/time, add to value */ |
| static INLINE void GetTime(int* value, const byte* date, int* idx) |
| { |
| int i = *idx; |
| |
| *value += btoi(date[i++]) * 10; |
| *value += btoi(date[i++]); |
| |
| *idx = i; |
| } |
| |
| |
| #if defined(MICRIUM) |
| |
| CPU_INT32S NetSecure_ValidateDateHandler(CPU_INT08U *date, CPU_INT08U format, |
| CPU_INT08U dateType) |
| { |
| CPU_BOOLEAN rtn_code; |
| CPU_INT32S i; |
| CPU_INT32S val; |
| CPU_INT16U year; |
| CPU_INT08U month; |
| CPU_INT16U day; |
| CPU_INT08U hour; |
| CPU_INT08U min; |
| CPU_INT08U sec; |
| |
| i = 0; |
| year = 0u; |
| |
| if (format == ASN_UTC_TIME) { |
| if (btoi(date[0]) >= 5) |
| year = 1900; |
| else |
| year = 2000; |
| } |
| else { /* format == GENERALIZED_TIME */ |
| year += btoi(date[i++]) * 1000; |
| year += btoi(date[i++]) * 100; |
| } |
| |
| val = year; |
| GetTime(&val, date, &i); |
| year = (CPU_INT16U)val; |
| |
| val = 0; |
| GetTime(&val, date, &i); |
| month = (CPU_INT08U)val; |
| |
| val = 0; |
| GetTime(&val, date, &i); |
| day = (CPU_INT16U)val; |
| |
| val = 0; |
| GetTime(&val, date, &i); |
| hour = (CPU_INT08U)val; |
| |
| val = 0; |
| GetTime(&val, date, &i); |
| min = (CPU_INT08U)val; |
| |
| val = 0; |
| GetTime(&val, date, &i); |
| sec = (CPU_INT08U)val; |
| |
| return NetSecure_ValidateDate(year, month, day, hour, min, sec, dateType); |
| } |
| |
| #endif /* MICRIUM */ |
| |
| |
| WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, |
| word32 maxIdx) |
| { |
| int length = 0; |
| word32 i = *inOutIdx; |
| byte b; |
| |
| *len = 0; /* default length */ |
| |
| if ( (i+1) > maxIdx) { /* for first read */ |
| WOLFSSL_MSG("GetLength bad index on input"); |
| return BUFFER_E; |
| } |
| |
| b = input[i++]; |
| if (b >= ASN_LONG_LENGTH) { |
| word32 bytes = b & 0x7F; |
| |
| if ( (i+bytes) > maxIdx) { /* for reading bytes */ |
| WOLFSSL_MSG("GetLength bad long length"); |
| return BUFFER_E; |
| } |
| |
| while (bytes--) { |
| b = input[i++]; |
| length = (length << 8) | b; |
| } |
| } |
| else |
| length = b; |
| |
| if ( (i+length) > maxIdx) { /* for user of length */ |
| WOLFSSL_MSG("GetLength value exceeds buffer length"); |
| return BUFFER_E; |
| } |
| |
| *inOutIdx = i; |
| if (length > 0) |
| *len = length; |
| |
| return length; |
| } |
| |
| |
| WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, |
| word32 maxIdx) |
| { |
| int length = -1; |
| word32 idx = *inOutIdx; |
| |
| if (input[idx++] != (ASN_SEQUENCE | ASN_CONSTRUCTED) || |
| GetLength(input, &idx, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| *len = length; |
| *inOutIdx = idx; |
| |
| return length; |
| } |
| |
| |
| WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, |
| word32 maxIdx) |
| { |
| int length = -1; |
| word32 idx = *inOutIdx; |
| |
| if (input[idx++] != (ASN_SET | ASN_CONSTRUCTED) || |
| GetLength(input, &idx, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| *len = length; |
| *inOutIdx = idx; |
| |
| return length; |
| } |
| |
| |
| /* winodws header clash for WinCE using GetVersion */ |
| WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, int* version) |
| { |
| word32 idx = *inOutIdx; |
| |
| WOLFSSL_ENTER("GetMyVersion"); |
| |
| if (input[idx++] != ASN_INTEGER) |
| return ASN_PARSE_E; |
| |
| if (input[idx++] != 0x01) |
| return ASN_VERSION_E; |
| |
| *version = input[idx++]; |
| *inOutIdx = idx; |
| |
| return *version; |
| } |
| |
| |
| #ifndef NO_PWDBASED |
| /* Get small count integer, 32 bits or less */ |
| static int GetShortInt(const byte* input, word32* inOutIdx, int* number) |
| { |
| word32 idx = *inOutIdx; |
| word32 len; |
| |
| *number = 0; |
| |
| if (input[idx++] != ASN_INTEGER) |
| return ASN_PARSE_E; |
| |
| len = input[idx++]; |
| if (len > 4) |
| return ASN_PARSE_E; |
| |
| while (len--) { |
| *number = *number << 8 | input[idx++]; |
| } |
| |
| *inOutIdx = idx; |
| |
| return *number; |
| } |
| #endif /* !NO_PWDBASED */ |
| |
| |
| /* May not have one, not an error */ |
| static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version) |
| { |
| word32 idx = *inOutIdx; |
| |
| WOLFSSL_ENTER("GetExplicitVersion"); |
| if (input[idx++] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { |
| *inOutIdx = ++idx; /* eat header */ |
| return GetMyVersion(input, inOutIdx, version); |
| } |
| |
| /* go back as is */ |
| *version = 0; |
| |
| return 0; |
| } |
| |
| |
| WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, |
| word32 maxIdx) |
| { |
| word32 i = *inOutIdx; |
| byte b = input[i++]; |
| int length; |
| |
| if (b != ASN_INTEGER) |
| return ASN_PARSE_E; |
| |
| if (GetLength(input, &i, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if ( (b = input[i++]) == 0x00) |
| length--; |
| else |
| i--; |
| |
| if (mp_init(mpi) != MP_OKAY) |
| return MP_INIT_E; |
| |
| if (mp_read_unsigned_bin(mpi, (byte*)input + i, length) != 0) { |
| mp_clear(mpi); |
| return ASN_GETINT_E; |
| } |
| |
| *inOutIdx = i + length; |
| return 0; |
| } |
| |
| |
| static int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, |
| word32 maxIdx) |
| { |
| int length; |
| word32 i = *inOutIdx; |
| byte b; |
| *oid = 0; |
| |
| b = input[i++]; |
| if (b != ASN_OBJECT_ID) |
| return ASN_OBJECT_ID_E; |
| |
| if (GetLength(input, &i, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| while(length--) |
| *oid += input[i++]; |
| /* just sum it up for now */ |
| |
| *inOutIdx = i; |
| |
| return 0; |
| } |
| |
| |
| WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, |
| word32 maxIdx) |
| { |
| int length; |
| word32 i = *inOutIdx; |
| byte b; |
| *oid = 0; |
| |
| WOLFSSL_ENTER("GetAlgoId"); |
| |
| if (GetSequence(input, &i, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| b = input[i++]; |
| if (b != ASN_OBJECT_ID) |
| return ASN_OBJECT_ID_E; |
| |
| if (GetLength(input, &i, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| while(length--) { |
| /* odd HC08 compiler behavior here when input[i++] */ |
| *oid += input[i]; |
| i++; |
| } |
| /* just sum it up for now */ |
| |
| /* could have NULL tag and 0 terminator, but may not */ |
| b = input[i++]; |
| |
| if (b == ASN_TAG_NULL) { |
| b = input[i++]; |
| if (b != 0) |
| return ASN_EXPECT_0_E; |
| } |
| else |
| /* go back, didn't have it */ |
| i--; |
| |
| *inOutIdx = i; |
| |
| return 0; |
| } |
| |
| #ifndef NO_RSA |
| |
| |
| #ifdef HAVE_CAVIUM |
| |
| static int GetCaviumInt(byte** buff, word16* buffSz, const byte* input, |
| word32* inOutIdx, word32 maxIdx, void* heap) |
| { |
| word32 i = *inOutIdx; |
| byte b = input[i++]; |
| int length; |
| |
| if (b != ASN_INTEGER) |
| return ASN_PARSE_E; |
| |
| if (GetLength(input, &i, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if ( (b = input[i++]) == 0x00) |
| length--; |
| else |
| i--; |
| |
| *buffSz = (word16)length; |
| *buff = XMALLOC(*buffSz, heap, DYNAMIC_TYPE_CAVIUM_RSA); |
| if (*buff == NULL) |
| return MEMORY_E; |
| |
| XMEMCPY(*buff, input + i, *buffSz); |
| |
| *inOutIdx = i + length; |
| return 0; |
| } |
| |
| static int CaviumRsaPrivateKeyDecode(const byte* input, word32* inOutIdx, |
| RsaKey* key, word32 inSz) |
| { |
| int version, length; |
| void* h = key->heap; |
| |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetMyVersion(input, inOutIdx, &version) < 0) |
| return ASN_PARSE_E; |
| |
| key->type = RSA_PRIVATE; |
| |
| if (GetCaviumInt(&key->c_n, &key->c_nSz, input, inOutIdx, inSz, h) < 0 || |
| GetCaviumInt(&key->c_e, &key->c_eSz, input, inOutIdx, inSz, h) < 0 || |
| GetCaviumInt(&key->c_d, &key->c_dSz, input, inOutIdx, inSz, h) < 0 || |
| GetCaviumInt(&key->c_p, &key->c_pSz, input, inOutIdx, inSz, h) < 0 || |
| GetCaviumInt(&key->c_q, &key->c_qSz, input, inOutIdx, inSz, h) < 0 || |
| GetCaviumInt(&key->c_dP, &key->c_dP_Sz, input, inOutIdx, inSz, h) < 0 || |
| GetCaviumInt(&key->c_dQ, &key->c_dQ_Sz, input, inOutIdx, inSz, h) < 0 || |
| GetCaviumInt(&key->c_u, &key->c_uSz, input, inOutIdx, inSz, h) < 0 ) |
| return ASN_RSA_KEY_E; |
| |
| return 0; |
| } |
| |
| |
| #endif /* HAVE_CAVIUM */ |
| |
| int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, |
| word32 inSz) |
| { |
| int version, length; |
| |
| #ifdef HAVE_CAVIUM |
| if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) |
| return CaviumRsaPrivateKeyDecode(input, inOutIdx, key, inSz); |
| #endif |
| |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetMyVersion(input, inOutIdx, &version) < 0) |
| return ASN_PARSE_E; |
| |
| key->type = RSA_PRIVATE; |
| |
| if (GetInt(&key->n, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->e, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->d, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->p, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->q, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->dP, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->dQ, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E; |
| |
| return 0; |
| } |
| |
| #endif /* NO_RSA */ |
| |
| /* Remove PKCS8 header, move beginning of traditional to beginning of input */ |
| int ToTraditional(byte* input, word32 sz) |
| { |
| word32 inOutIdx = 0, oid; |
| int version, length; |
| |
| if (GetSequence(input, &inOutIdx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetMyVersion(input, &inOutIdx, &version) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (input[inOutIdx] == ASN_OBJECT_ID) { |
| /* pkcs8 ecc uses slightly different format */ |
| inOutIdx++; /* past id */ |
| if (GetLength(input, &inOutIdx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| inOutIdx += length; /* over sub id, key input will verify */ |
| } |
| |
| if (input[inOutIdx++] != ASN_OCTET_STRING) |
| return ASN_PARSE_E; |
| |
| if (GetLength(input, &inOutIdx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| XMEMMOVE(input, input + inOutIdx, length); |
| |
| return length; |
| } |
| |
| |
| #ifndef NO_PWDBASED |
| |
| /* Check To see if PKCS version algo is supported, set id if it is return 0 |
| < 0 on error */ |
| static int CheckAlgo(int first, int second, int* id, int* version) |
| { |
| *id = ALGO_ID_E; |
| *version = PKCS5; /* default */ |
| |
| if (first == 1) { |
| switch (second) { |
| case 1: |
| *id = PBE_SHA1_RC4_128; |
| *version = PKCS12; |
| return 0; |
| case 3: |
| *id = PBE_SHA1_DES3; |
| *version = PKCS12; |
| return 0; |
| default: |
| return ALGO_ID_E; |
| } |
| } |
| |
| if (first != PKCS5) |
| return ASN_INPUT_E; /* VERSION ERROR */ |
| |
| if (second == PBES2) { |
| *version = PKCS5v2; |
| return 0; |
| } |
| |
| switch (second) { |
| case 3: /* see RFC 2898 for ids */ |
| *id = PBE_MD5_DES; |
| return 0; |
| case 10: |
| *id = PBE_SHA1_DES; |
| return 0; |
| default: |
| return ALGO_ID_E; |
| |
| } |
| } |
| |
| |
| /* Check To see if PKCS v2 algo is supported, set id if it is return 0 |
| < 0 on error */ |
| static int CheckAlgoV2(int oid, int* id) |
| { |
| switch (oid) { |
| case 69: |
| *id = PBE_SHA1_DES; |
| return 0; |
| case 652: |
| *id = PBE_SHA1_DES3; |
| return 0; |
| default: |
| return ALGO_ID_E; |
| |
| } |
| } |
| |
| |
| /* Decrypt intput in place from parameters based on id */ |
| static int DecryptKey(const char* password, int passwordSz, byte* salt, |
| int saltSz, int iterations, int id, byte* input, |
| int length, int version, byte* cbcIv) |
| { |
| int typeH; |
| int derivedLen; |
| int decryptionType; |
| int ret = 0; |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* key; |
| #else |
| byte key[MAX_KEY_SIZE]; |
| #endif |
| |
| switch (id) { |
| case PBE_MD5_DES: |
| typeH = MD5; |
| derivedLen = 16; /* may need iv for v1.5 */ |
| decryptionType = DES_TYPE; |
| break; |
| |
| case PBE_SHA1_DES: |
| typeH = SHA; |
| derivedLen = 16; /* may need iv for v1.5 */ |
| decryptionType = DES_TYPE; |
| break; |
| |
| case PBE_SHA1_DES3: |
| typeH = SHA; |
| derivedLen = 32; /* may need iv for v1.5 */ |
| decryptionType = DES3_TYPE; |
| break; |
| |
| case PBE_SHA1_RC4_128: |
| typeH = SHA; |
| derivedLen = 16; |
| decryptionType = RC4_TYPE; |
| break; |
| |
| default: |
| return ALGO_ID_E; |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| key = (byte*)XMALLOC(MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (key == NULL) |
| return MEMORY_E; |
| #endif |
| |
| if (version == PKCS5v2) |
| ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations, |
| derivedLen, typeH); |
| #ifndef NO_SHA |
| else if (version == PKCS5) |
| ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations, |
| derivedLen, typeH); |
| #endif |
| else if (version == PKCS12) { |
| int i, idx = 0; |
| byte unicodePasswd[MAX_UNICODE_SZ]; |
| |
| if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return UNICODE_SIZE_E; |
| } |
| |
| for (i = 0; i < passwordSz; i++) { |
| unicodePasswd[idx++] = 0x00; |
| unicodePasswd[idx++] = (byte)password[i]; |
| } |
| /* add trailing NULL */ |
| unicodePasswd[idx++] = 0x00; |
| unicodePasswd[idx++] = 0x00; |
| |
| ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz, |
| iterations, derivedLen, typeH, 1); |
| if (decryptionType != RC4_TYPE) |
| ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, |
| iterations, 8, typeH, 2); |
| } |
| else { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ALGO_ID_E; |
| } |
| |
| if (ret != 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ret; |
| } |
| |
| switch (decryptionType) { |
| #ifndef NO_DES3 |
| case DES_TYPE: |
| { |
| Des dec; |
| byte* desIv = key + 8; |
| |
| if (version == PKCS5v2 || version == PKCS12) |
| desIv = cbcIv; |
| |
| ret = wc_Des_SetKey(&dec, key, desIv, DES_DECRYPTION); |
| if (ret != 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ret; |
| } |
| |
| wc_Des_CbcDecrypt(&dec, input, input, length); |
| break; |
| } |
| |
| case DES3_TYPE: |
| { |
| Des3 dec; |
| byte* desIv = key + 24; |
| |
| if (version == PKCS5v2 || version == PKCS12) |
| desIv = cbcIv; |
| ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION); |
| if (ret != 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ret; |
| } |
| ret = wc_Des3_CbcDecrypt(&dec, input, input, length); |
| if (ret != 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ret; |
| } |
| break; |
| } |
| #endif |
| #ifndef NO_RC4 |
| case RC4_TYPE: |
| { |
| Arc4 dec; |
| |
| wc_Arc4SetKey(&dec, key, derivedLen); |
| wc_Arc4Process(&dec, input, input, length); |
| break; |
| } |
| #endif |
| |
| default: |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ALGO_ID_E; |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return 0; |
| } |
| |
| |
| /* Remove Encrypted PKCS8 header, move beginning of traditional to beginning |
| of input */ |
| int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) |
| { |
| word32 inOutIdx = 0, oid; |
| int first, second, length, version, saltSz, id; |
| int iterations = 0; |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* salt = NULL; |
| byte* cbcIv = NULL; |
| #else |
| byte salt[MAX_SALT_SIZE]; |
| byte cbcIv[MAX_IV_SIZE]; |
| #endif |
| |
| if (GetSequence(input, &inOutIdx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) |
| return ASN_PARSE_E; |
| |
| first = input[inOutIdx - 2]; /* PKCS version alwyas 2nd to last byte */ |
| second = input[inOutIdx - 1]; /* version.algo, algo id last byte */ |
| |
| if (CheckAlgo(first, second, &id, &version) < 0) |
| return ASN_INPUT_E; /* Algo ID error */ |
| |
| if (version == PKCS5v2) { |
| |
| if (GetSequence(input, &inOutIdx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (oid != PBKDF2_OID) |
| return ASN_PARSE_E; |
| } |
| |
| if (GetSequence(input, &inOutIdx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (input[inOutIdx++] != ASN_OCTET_STRING) |
| return ASN_PARSE_E; |
| |
| if (GetLength(input, &inOutIdx, &saltSz, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (saltSz > MAX_SALT_SIZE) |
| return ASN_PARSE_E; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| salt = (byte*)XMALLOC(MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (salt == NULL) |
| return MEMORY_E; |
| #endif |
| |
| XMEMCPY(salt, &input[inOutIdx], saltSz); |
| inOutIdx += saltSz; |
| |
| if (GetShortInt(input, &inOutIdx, &iterations) < 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_PARSE_E; |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (cbcIv == NULL) { |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| return MEMORY_E; |
| } |
| #endif |
| |
| if (version == PKCS5v2) { |
| /* get encryption algo */ |
| if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_PARSE_E; |
| } |
| |
| if (CheckAlgoV2(oid, &id) < 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_PARSE_E; /* PKCS v2 algo id error */ |
| } |
| |
| if (input[inOutIdx++] != ASN_OCTET_STRING) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &inOutIdx, &length, sz) < 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_PARSE_E; |
| } |
| |
| XMEMCPY(cbcIv, &input[inOutIdx], length); |
| inOutIdx += length; |
| } |
| |
| if (input[inOutIdx++] != ASN_OCTET_STRING) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &inOutIdx, &length, sz) < 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_PARSE_E; |
| } |
| |
| if (DecryptKey(password, passwordSz, salt, saltSz, iterations, id, |
| input + inOutIdx, length, version, cbcIv) < 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_INPUT_E; /* decrypt failure */ |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| XMEMMOVE(input, input + inOutIdx, length); |
| return ToTraditional(input, length); |
| } |
| |
| #endif /* NO_PWDBASED */ |
| |
| #ifndef NO_RSA |
| |
| int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, |
| word32 inSz) |
| { |
| int length; |
| |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| key->type = RSA_PUBLIC; |
| |
| #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) |
| { |
| byte b = input[*inOutIdx]; |
| if (b != ASN_INTEGER) { |
| /* not from decoded cert, will have algo id, skip past */ |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| b = input[(*inOutIdx)++]; |
| if (b != ASN_OBJECT_ID) |
| return ASN_OBJECT_ID_E; |
| |
| if (GetLength(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| *inOutIdx += length; /* skip past */ |
| |
| /* could have NULL tag and 0 terminator, but may not */ |
| b = input[(*inOutIdx)++]; |
| |
| if (b == ASN_TAG_NULL) { |
| b = input[(*inOutIdx)++]; |
| if (b != 0) |
| return ASN_EXPECT_0_E; |
| } |
| else |
| /* go back, didn't have it */ |
| (*inOutIdx)--; |
| |
| /* should have bit tag length and seq next */ |
| b = input[(*inOutIdx)++]; |
| if (b != ASN_BIT_STRING) |
| return ASN_BITSTR_E; |
| |
| if (GetLength(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| /* could have 0 */ |
| b = input[(*inOutIdx)++]; |
| if (b != 0) |
| (*inOutIdx)--; |
| |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| } /* end if */ |
| } /* openssl var block */ |
| #endif /* OPENSSL_EXTRA */ |
| |
| if (GetInt(&key->n, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->e, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E; |
| |
| return 0; |
| } |
| |
| /* import RSA public key elements (n, e) into RsaKey structure (key) */ |
| int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, |
| word32 eSz, RsaKey* key) |
| { |
| if (n == NULL || e == NULL || key == NULL) |
| return BAD_FUNC_ARG; |
| |
| key->type = RSA_PUBLIC; |
| |
| if (mp_init(&key->n) != MP_OKAY) |
| return MP_INIT_E; |
| |
| if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) { |
| mp_clear(&key->n); |
| return ASN_GETINT_E; |
| } |
| |
| if (mp_init(&key->e) != MP_OKAY) { |
| mp_clear(&key->n); |
| return MP_INIT_E; |
| } |
| |
| if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) { |
| mp_clear(&key->n); |
| mp_clear(&key->e); |
| return ASN_GETINT_E; |
| } |
| |
| return 0; |
| } |
| |
| #endif |
| |
| #ifndef NO_DH |
| |
| int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) |
| { |
| int length; |
| |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->g, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E; |
| |
| return 0; |
| } |
| |
| |
| int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, |
| byte* g, word32* gInOutSz) |
| { |
| word32 i = 0; |
| byte b; |
| int length; |
| |
| if (GetSequence(input, &i, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| b = input[i++]; |
| if (b != ASN_INTEGER) |
| return ASN_PARSE_E; |
| |
| if (GetLength(input, &i, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if ( (b = input[i++]) == 0x00) |
| length--; |
| else |
| i--; |
| |
| if (length <= (int)*pInOutSz) { |
| XMEMCPY(p, &input[i], length); |
| *pInOutSz = length; |
| } |
| else |
| return BUFFER_E; |
| |
| i += length; |
| |
| b = input[i++]; |
| if (b != ASN_INTEGER) |
| return ASN_PARSE_E; |
| |
| if (GetLength(input, &i, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if (length <= (int)*gInOutSz) { |
| XMEMCPY(g, &input[i], length); |
| *gInOutSz = length; |
| } |
| else |
| return BUFFER_E; |
| |
| return 0; |
| } |
| |
| #endif /* NO_DH */ |
| |
| |
| #ifndef NO_DSA |
| |
| int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, |
| word32 inSz) |
| { |
| int length; |
| |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->q, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->g, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->y, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E; |
| |
| key->type = DSA_PUBLIC; |
| return 0; |
| } |
| |
| |
| int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, |
| word32 inSz) |
| { |
| int length, version; |
| |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetMyVersion(input, inOutIdx, &version) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->q, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->g, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->y, input, inOutIdx, inSz) < 0 || |
| GetInt(&key->x, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E; |
| |
| key->type = DSA_PRIVATE; |
| return 0; |
| } |
| |
| #endif /* NO_DSA */ |
| |
| |
| void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) |
| { |
| cert->publicKey = 0; |
| cert->pubKeySize = 0; |
| cert->pubKeyStored = 0; |
| cert->version = 0; |
| cert->signature = 0; |
| cert->subjectCN = 0; |
| cert->subjectCNLen = 0; |
| cert->subjectCNEnc = CTC_UTF8; |
| cert->subjectCNStored = 0; |
| cert->weOwnAltNames = 0; |
| cert->altNames = NULL; |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| cert->altEmailNames = NULL; |
| cert->permittedNames = NULL; |
| cert->excludedNames = NULL; |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| cert->issuer[0] = '\0'; |
| cert->subject[0] = '\0'; |
| cert->source = source; /* don't own */ |
| cert->srcIdx = 0; |
| cert->maxIdx = inSz; /* can't go over this index */ |
| cert->heap = heap; |
| XMEMSET(cert->serial, 0, EXTERNAL_SERIAL_SIZE); |
| cert->serialSz = 0; |
| cert->extensions = 0; |
| cert->extensionsSz = 0; |
| cert->extensionsIdx = 0; |
| cert->extAuthInfo = NULL; |
| cert->extAuthInfoSz = 0; |
| cert->extCrlInfo = NULL; |
| cert->extCrlInfoSz = 0; |
| XMEMSET(cert->extSubjKeyId, 0, KEYID_SIZE); |
| cert->extSubjKeyIdSet = 0; |
| XMEMSET(cert->extAuthKeyId, 0, KEYID_SIZE); |
| cert->extAuthKeyIdSet = 0; |
| cert->extKeyUsageSet = 0; |
| cert->extKeyUsage = 0; |
| cert->extExtKeyUsageSet = 0; |
| cert->extExtKeyUsage = 0; |
| cert->isCA = 0; |
| #ifdef HAVE_PKCS7 |
| cert->issuerRaw = NULL; |
| cert->issuerRawLen = 0; |
| #endif |
| #ifdef WOLFSSL_CERT_GEN |
| cert->subjectSN = 0; |
| cert->subjectSNLen = 0; |
| cert->subjectSNEnc = CTC_UTF8; |
| cert->subjectC = 0; |
| cert->subjectCLen = 0; |
| cert->subjectCEnc = CTC_PRINTABLE; |
| cert->subjectL = 0; |
| cert->subjectLLen = 0; |
| cert->subjectLEnc = CTC_UTF8; |
| cert->subjectST = 0; |
| cert->subjectSTLen = 0; |
| cert->subjectSTEnc = CTC_UTF8; |
| cert->subjectO = 0; |
| cert->subjectOLen = 0; |
| cert->subjectOEnc = CTC_UTF8; |
| cert->subjectOU = 0; |
| cert->subjectOULen = 0; |
| cert->subjectOUEnc = CTC_UTF8; |
| cert->subjectEmail = 0; |
| cert->subjectEmailLen = 0; |
| #endif /* WOLFSSL_CERT_GEN */ |
| cert->beforeDate = NULL; |
| cert->beforeDateLen = 0; |
| cert->afterDate = NULL; |
| cert->afterDateLen = 0; |
| #ifdef OPENSSL_EXTRA |
| XMEMSET(&cert->issuerName, 0, sizeof(DecodedName)); |
| XMEMSET(&cert->subjectName, 0, sizeof(DecodedName)); |
| cert->extBasicConstSet = 0; |
| cert->extBasicConstCrit = 0; |
| cert->extBasicConstPlSet = 0; |
| cert->pathLength = 0; |
| cert->extSubjAltNameSet = 0; |
| cert->extSubjAltNameCrit = 0; |
| cert->extAuthKeyIdCrit = 0; |
| cert->extSubjKeyIdCrit = 0; |
| cert->extKeyUsageCrit = 0; |
| cert->extExtKeyUsageCrit = 0; |
| cert->extExtKeyUsageSrc = NULL; |
| cert->extExtKeyUsageSz = 0; |
| cert->extExtKeyUsageCount = 0; |
| cert->extAuthKeyIdSrc = NULL; |
| cert->extAuthKeyIdSz = 0; |
| cert->extSubjKeyIdSrc = NULL; |
| cert->extSubjKeyIdSz = 0; |
| #endif /* OPENSSL_EXTRA */ |
| #if defined(OPENSSL_EXTRA) || !defined(IGNORE_NAME_CONSTRAINTS) |
| cert->extNameConstraintSet = 0; |
| #endif /* OPENSSL_EXTRA || !IGNORE_NAME_CONSTRAINTS */ |
| #ifdef HAVE_ECC |
| cert->pkCurveOID = 0; |
| #endif /* HAVE_ECC */ |
| #ifdef WOLFSSL_SEP |
| cert->deviceTypeSz = 0; |
| cert->deviceType = NULL; |
| cert->hwTypeSz = 0; |
| cert->hwType = NULL; |
| cert->hwSerialNumSz = 0; |
| cert->hwSerialNum = NULL; |
| #ifdef OPENSSL_EXTRA |
| cert->extCertPolicySet = 0; |
| cert->extCertPolicyCrit = 0; |
| #endif /* OPENSSL_EXTRA */ |
| #endif /* WOLFSSL_SEP */ |
| } |
| |
| |
| void FreeAltNames(DNS_entry* altNames, void* heap) |
| { |
| (void)heap; |
| |
| while (altNames) { |
| DNS_entry* tmp = altNames->next; |
| |
| XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME); |
| XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME); |
| altNames = tmp; |
| } |
| } |
| |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| |
| void FreeNameSubtrees(Base_entry* names, void* heap) |
| { |
| (void)heap; |
| |
| while (names) { |
| Base_entry* tmp = names->next; |
| |
| XFREE(names->name, heap, DYNAMIC_TYPE_ALTNAME); |
| XFREE(names, heap, DYNAMIC_TYPE_ALTNAME); |
| names = tmp; |
| } |
| } |
| |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| |
| void FreeDecodedCert(DecodedCert* cert) |
| { |
| if (cert->subjectCNStored == 1) |
| XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN); |
| if (cert->pubKeyStored == 1) |
| XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
| if (cert->weOwnAltNames && cert->altNames) |
| FreeAltNames(cert->altNames, cert->heap); |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| if (cert->altEmailNames) |
| FreeAltNames(cert->altEmailNames, cert->heap); |
| if (cert->permittedNames) |
| FreeNameSubtrees(cert->permittedNames, cert->heap); |
| if (cert->excludedNames) |
| FreeNameSubtrees(cert->excludedNames, cert->heap); |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| #ifdef WOLFSSL_SEP |
| XFREE(cert->deviceType, cert->heap, 0); |
| XFREE(cert->hwType, cert->heap, 0); |
| XFREE(cert->hwSerialNum, cert->heap, 0); |
| #endif /* WOLFSSL_SEP */ |
| #ifdef OPENSSL_EXTRA |
| if (cert->issuerName.fullName != NULL) |
| XFREE(cert->issuerName.fullName, NULL, DYNAMIC_TYPE_X509); |
| if (cert->subjectName.fullName != NULL) |
| XFREE(cert->subjectName.fullName, NULL, DYNAMIC_TYPE_X509); |
| #endif /* OPENSSL_EXTRA */ |
| } |
| |
| |
| static int GetCertHeader(DecodedCert* cert) |
| { |
| int ret = 0, len; |
| byte serialTmp[EXTERNAL_SERIAL_SIZE]; |
| #if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) |
| mp_int* mpi = NULL; |
| #else |
| mp_int stack_mpi; |
| mp_int* mpi = &stack_mpi; |
| #endif |
| |
| if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| cert->certBegin = cert->srcIdx; |
| |
| if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| cert->sigIndex = len + cert->srcIdx; |
| |
| if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version) < 0) |
| return ASN_PARSE_E; |
| |
| #if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) |
| mpi = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (mpi == NULL) |
| return MEMORY_E; |
| #endif |
| |
| if (GetInt(mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0) { |
| #if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) |
| XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_PARSE_E; |
| } |
| |
| len = mp_unsigned_bin_size(mpi); |
| if (len < (int)sizeof(serialTmp)) { |
| if ( (ret = mp_to_unsigned_bin(mpi, serialTmp)) == MP_OKAY) { |
| XMEMCPY(cert->serial, serialTmp, len); |
| cert->serialSz = len; |
| } |
| } |
| mp_clear(mpi); |
| |
| #if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH) |
| XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret; |
| } |
| |
| #if !defined(NO_RSA) |
| /* Store Rsa Key, may save later, Dsa could use in future */ |
| static int StoreRsaKey(DecodedCert* cert) |
| { |
| int length; |
| word32 recvd = cert->srcIdx; |
| |
| if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| recvd = cert->srcIdx - recvd; |
| length += recvd; |
| |
| while (recvd--) |
| cert->srcIdx--; |
| |
| cert->pubKeySize = length; |
| cert->publicKey = cert->source + cert->srcIdx; |
| cert->srcIdx += length; |
| |
| return 0; |
| } |
| #endif |
| |
| |
| #ifdef HAVE_ECC |
| |
| /* return 0 on sucess if the ECC curve oid sum is supported */ |
| static int CheckCurve(word32 oid) |
| { |
| int ret = 0; |
| |
| switch (oid) { |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160) |
| case ECC_160R1: |
| #endif |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192) |
| case ECC_192R1: |
| #endif |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224) |
| case ECC_224R1: |
| #endif |
| #if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256) |
| case ECC_256R1: |
| #endif |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384) |
| case ECC_384R1: |
| #endif |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521) |
| case ECC_521R1: |
| #endif |
| break; |
| |
| default: |
| ret = ALGO_ID_E; |
| } |
| |
| return ret; |
| } |
| |
| #endif /* HAVE_ECC */ |
| |
| |
| static int GetKey(DecodedCert* cert) |
| { |
| int length; |
| #ifdef HAVE_NTRU |
| int tmpIdx = cert->srcIdx; |
| #endif |
| |
| if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetAlgoId(cert->source, &cert->srcIdx, &cert->keyOID, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| switch (cert->keyOID) { |
| #ifndef NO_RSA |
| case RSAk: |
| { |
| byte b = cert->source[cert->srcIdx++]; |
| if (b != ASN_BIT_STRING) |
| return ASN_BITSTR_E; |
| |
| if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| b = cert->source[cert->srcIdx++]; |
| if (b != 0x00) |
| return ASN_EXPECT_0_E; |
| |
| return StoreRsaKey(cert); |
| } |
| |
| #endif /* NO_RSA */ |
| #ifdef HAVE_NTRU |
| case NTRUk: |
| { |
| const byte* key = &cert->source[tmpIdx]; |
| byte* next = (byte*)key; |
| word16 keyLen; |
| word32 rc; |
| word32 remaining = cert->maxIdx - cert->srcIdx; |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* keyBlob = NULL; |
| #else |
| byte keyBlob[MAX_NTRU_KEY_SZ]; |
| #endif |
| rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, |
| &keyLen, NULL, &next, &remaining); |
| if (rc != NTRU_OK) |
| return ASN_NTRU_KEY_E; |
| if (keyLen > MAX_NTRU_KEY_SZ) |
| return ASN_NTRU_KEY_E; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| keyBlob = (byte*)XMALLOC(MAX_NTRU_KEY_SZ, NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| if (keyBlob == NULL) |
| return MEMORY_E; |
| #endif |
| |
| rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, |
| &keyLen, keyBlob, &next, &remaining); |
| if (rc != NTRU_OK) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_NTRU_KEY_E; |
| } |
| |
| if ( (next - key) < 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ASN_NTRU_KEY_E; |
| } |
| |
| cert->srcIdx = tmpIdx + (int)(next - key); |
| |
| cert->publicKey = (byte*) XMALLOC(keyLen, cert->heap, |
| DYNAMIC_TYPE_PUBLIC_KEY); |
| if (cert->publicKey == NULL) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return MEMORY_E; |
| } |
| XMEMCPY(cert->publicKey, keyBlob, keyLen); |
| cert->pubKeyStored = 1; |
| cert->pubKeySize = keyLen; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return 0; |
| } |
| #endif /* HAVE_NTRU */ |
| #ifdef HAVE_ECC |
| case ECDSAk: |
| { |
| int oidSz = 0; |
| byte b = cert->source[cert->srcIdx++]; |
| |
| if (b != ASN_OBJECT_ID) |
| return ASN_OBJECT_ID_E; |
| |
| if (GetLength(cert->source,&cert->srcIdx,&oidSz,cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| while(oidSz--) |
| cert->pkCurveOID += cert->source[cert->srcIdx++]; |
| |
| if (CheckCurve(cert->pkCurveOID) < 0) |
| return ECC_CURVE_OID_E; |
| |
| /* key header */ |
| b = cert->source[cert->srcIdx++]; |
| if (b != ASN_BIT_STRING) |
| return ASN_BITSTR_E; |
| |
| if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| b = cert->source[cert->srcIdx++]; |
| if (b != 0x00) |
| return ASN_EXPECT_0_E; |
| |
| /* actual key, use length - 1 since ate preceding 0 */ |
| length -= 1; |
| |
| cert->publicKey = (byte*) XMALLOC(length, cert->heap, |
| DYNAMIC_TYPE_PUBLIC_KEY); |
| if (cert->publicKey == NULL) |
| return MEMORY_E; |
| XMEMCPY(cert->publicKey, &cert->source[cert->srcIdx], length); |
| cert->pubKeyStored = 1; |
| cert->pubKeySize = length; |
| |
| cert->srcIdx += length; |
| |
| return 0; |
| } |
| #endif /* HAVE_ECC */ |
| default: |
| return ASN_UNKNOWN_OID_E; |
| } |
| } |
| |
| |
| /* process NAME, either issuer or subject */ |
| static int GetName(DecodedCert* cert, int nameType) |
| { |
| int length; /* length of all distinguished names */ |
| int dummy; |
| int ret; |
| char* full; |
| byte* hash; |
| word32 idx; |
| #ifdef OPENSSL_EXTRA |
| DecodedName* dName = |
| (nameType == ISSUER) ? &cert->issuerName : &cert->subjectName; |
| #endif /* OPENSSL_EXTRA */ |
| |
| WOLFSSL_MSG("Getting Cert Name"); |
| |
| if (nameType == ISSUER) { |
| full = cert->issuer; |
| hash = cert->issuerHash; |
| } |
| else { |
| full = cert->subject; |
| hash = cert->subjectHash; |
| } |
| |
| if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) { |
| WOLFSSL_MSG("Trying optional prefix..."); |
| |
| if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| cert->srcIdx += length; |
| WOLFSSL_MSG("Got optional prefix"); |
| } |
| |
| /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be |
| * calculated over the entire DER encoding of the Name field, including |
| * the tag and length. */ |
| idx = cert->srcIdx; |
| if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| #ifdef NO_SHA |
| ret = wc_Sha256Hash(&cert->source[idx], length + cert->srcIdx - idx, hash); |
| #else |
| ret = wc_ShaHash(&cert->source[idx], length + cert->srcIdx - idx, hash); |
| #endif |
| if (ret != 0) |
| return ret; |
| |
| length += cert->srcIdx; |
| idx = 0; |
| |
| #ifdef HAVE_PKCS7 |
| /* store pointer to raw issuer */ |
| if (nameType == ISSUER) { |
| cert->issuerRaw = &cert->source[cert->srcIdx]; |
| cert->issuerRawLen = length - cert->srcIdx; |
| } |
| #endif |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| if (nameType == SUBJECT) { |
| cert->subjectRaw = &cert->source[cert->srcIdx]; |
| cert->subjectRawLen = length - cert->srcIdx; |
| } |
| #endif |
| |
| while (cert->srcIdx < (word32)length) { |
| byte b; |
| byte joint[2]; |
| byte tooBig = FALSE; |
| int oidSz; |
| |
| if (GetSet(cert->source, &cert->srcIdx, &dummy, cert->maxIdx) < 0) { |
| WOLFSSL_MSG("Cert name lacks set header, trying sequence"); |
| } |
| |
| if (GetSequence(cert->source, &cert->srcIdx, &dummy, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| b = cert->source[cert->srcIdx++]; |
| if (b != ASN_OBJECT_ID) |
| return ASN_OBJECT_ID_E; |
| |
| if (GetLength(cert->source, &cert->srcIdx, &oidSz, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint)); |
| |
| /* v1 name types */ |
| if (joint[0] == 0x55 && joint[1] == 0x04) { |
| byte id; |
| byte copy = FALSE; |
| int strLen; |
| |
| cert->srcIdx += 2; |
| id = cert->source[cert->srcIdx++]; |
| b = cert->source[cert->srcIdx++]; /* encoding */ |
| |
| if (GetLength(cert->source, &cert->srcIdx, &strLen, |
| cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if ( (strLen + 14) > (int)(ASN_NAME_MAX - idx)) { |
| /* include biggest pre fix header too 4 = "/serialNumber=" */ |
| WOLFSSL_MSG("ASN Name too big, skipping"); |
| tooBig = TRUE; |
| } |
| |
| if (id == ASN_COMMON_NAME) { |
| if (nameType == SUBJECT) { |
| cert->subjectCN = (char *)&cert->source[cert->srcIdx]; |
| cert->subjectCNLen = strLen; |
| cert->subjectCNEnc = b; |
| } |
| |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/CN=", 4); |
| idx += 4; |
| copy = TRUE; |
| } |
| #ifdef OPENSSL_EXTRA |
| dName->cnIdx = cert->srcIdx; |
| dName->cnLen = strLen; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| else if (id == ASN_SUR_NAME) { |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/SN=", 4); |
| idx += 4; |
| copy = TRUE; |
| } |
| #ifdef WOLFSSL_CERT_GEN |
| if (nameType == SUBJECT) { |
| cert->subjectSN = (char*)&cert->source[cert->srcIdx]; |
| cert->subjectSNLen = strLen; |
| cert->subjectSNEnc = b; |
| } |
| #endif /* WOLFSSL_CERT_GEN */ |
| #ifdef OPENSSL_EXTRA |
| dName->snIdx = cert->srcIdx; |
| dName->snLen = strLen; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| else if (id == ASN_COUNTRY_NAME) { |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/C=", 3); |
| idx += 3; |
| copy = TRUE; |
| } |
| #ifdef WOLFSSL_CERT_GEN |
| if (nameType == SUBJECT) { |
| cert->subjectC = (char*)&cert->source[cert->srcIdx]; |
| cert->subjectCLen = strLen; |
| cert->subjectCEnc = b; |
| } |
| #endif /* WOLFSSL_CERT_GEN */ |
| #ifdef OPENSSL_EXTRA |
| dName->cIdx = cert->srcIdx; |
| dName->cLen = strLen; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| else if (id == ASN_LOCALITY_NAME) { |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/L=", 3); |
| idx += 3; |
| copy = TRUE; |
| } |
| #ifdef WOLFSSL_CERT_GEN |
| if (nameType == SUBJECT) { |
| cert->subjectL = (char*)&cert->source[cert->srcIdx]; |
| cert->subjectLLen = strLen; |
| cert->subjectLEnc = b; |
| } |
| #endif /* WOLFSSL_CERT_GEN */ |
| #ifdef OPENSSL_EXTRA |
| dName->lIdx = cert->srcIdx; |
| dName->lLen = strLen; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| else if (id == ASN_STATE_NAME) { |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/ST=", 4); |
| idx += 4; |
| copy = TRUE; |
| } |
| #ifdef WOLFSSL_CERT_GEN |
| if (nameType == SUBJECT) { |
| cert->subjectST = (char*)&cert->source[cert->srcIdx]; |
| cert->subjectSTLen = strLen; |
| cert->subjectSTEnc = b; |
| } |
| #endif /* WOLFSSL_CERT_GEN */ |
| #ifdef OPENSSL_EXTRA |
| dName->stIdx = cert->srcIdx; |
| dName->stLen = strLen; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| else if (id == ASN_ORG_NAME) { |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/O=", 3); |
| idx += 3; |
| copy = TRUE; |
| } |
| #ifdef WOLFSSL_CERT_GEN |
| if (nameType == SUBJECT) { |
| cert->subjectO = (char*)&cert->source[cert->srcIdx]; |
| cert->subjectOLen = strLen; |
| cert->subjectOEnc = b; |
| } |
| #endif /* WOLFSSL_CERT_GEN */ |
| #ifdef OPENSSL_EXTRA |
| dName->oIdx = cert->srcIdx; |
| dName->oLen = strLen; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| else if (id == ASN_ORGUNIT_NAME) { |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/OU=", 4); |
| idx += 4; |
| copy = TRUE; |
| } |
| #ifdef WOLFSSL_CERT_GEN |
| if (nameType == SUBJECT) { |
| cert->subjectOU = (char*)&cert->source[cert->srcIdx]; |
| cert->subjectOULen = strLen; |
| cert->subjectOUEnc = b; |
| } |
| #endif /* WOLFSSL_CERT_GEN */ |
| #ifdef OPENSSL_EXTRA |
| dName->ouIdx = cert->srcIdx; |
| dName->ouLen = strLen; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| else if (id == ASN_SERIAL_NUMBER) { |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/serialNumber=", 14); |
| idx += 14; |
| copy = TRUE; |
| } |
| #ifdef OPENSSL_EXTRA |
| dName->snIdx = cert->srcIdx; |
| dName->snLen = strLen; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| |
| if (copy && !tooBig) { |
| XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen); |
| idx += strLen; |
| } |
| |
| cert->srcIdx += strLen; |
| } |
| else { |
| /* skip */ |
| byte email = FALSE; |
| byte uid = FALSE; |
| int adv; |
| |
| if (joint[0] == 0x2a && joint[1] == 0x86) /* email id hdr */ |
| email = TRUE; |
| |
| if (joint[0] == 0x9 && joint[1] == 0x92) /* uid id hdr */ |
| uid = TRUE; |
| |
| cert->srcIdx += oidSz + 1; |
| |
| if (GetLength(cert->source, &cert->srcIdx, &adv, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if (adv > (int)(ASN_NAME_MAX - idx)) { |
| WOLFSSL_MSG("ASN name too big, skipping"); |
| tooBig = TRUE; |
| } |
| |
| if (email) { |
| if ( (14 + adv) > (int)(ASN_NAME_MAX - idx)) { |
| WOLFSSL_MSG("ASN name too big, skipping"); |
| tooBig = TRUE; |
| } |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/emailAddress=", 14); |
| idx += 14; |
| } |
| |
| #ifdef WOLFSSL_CERT_GEN |
| if (nameType == SUBJECT) { |
| cert->subjectEmail = (char*)&cert->source[cert->srcIdx]; |
| cert->subjectEmailLen = adv; |
| } |
| #endif /* WOLFSSL_CERT_GEN */ |
| #ifdef OPENSSL_EXTRA |
| dName->emailIdx = cert->srcIdx; |
| dName->emailLen = adv; |
| #endif /* OPENSSL_EXTRA */ |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| { |
| DNS_entry* emailName = NULL; |
| |
| emailName = (DNS_entry*)XMALLOC(sizeof(DNS_entry), |
| cert->heap, DYNAMIC_TYPE_ALTNAME); |
| if (emailName == NULL) { |
| WOLFSSL_MSG("\tOut of Memory"); |
| return MEMORY_E; |
| } |
| emailName->name = (char*)XMALLOC(adv + 1, |
| cert->heap, DYNAMIC_TYPE_ALTNAME); |
| if (emailName->name == NULL) { |
| WOLFSSL_MSG("\tOut of Memory"); |
| return MEMORY_E; |
| } |
| XMEMCPY(emailName->name, |
| &cert->source[cert->srcIdx], adv); |
| emailName->name[adv] = 0; |
| |
| emailName->next = cert->altEmailNames; |
| cert->altEmailNames = emailName; |
| } |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| if (!tooBig) { |
| XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv); |
| idx += adv; |
| } |
| } |
| |
| if (uid) { |
| if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) { |
| WOLFSSL_MSG("ASN name too big, skipping"); |
| tooBig = TRUE; |
| } |
| if (!tooBig) { |
| XMEMCPY(&full[idx], "/UID=", 5); |
| idx += 5; |
| |
| XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv); |
| idx += adv; |
| } |
| #ifdef OPENSSL_EXTRA |
| dName->uidIdx = cert->srcIdx; |
| dName->uidLen = adv; |
| #endif /* OPENSSL_EXTRA */ |
| } |
| |
| cert->srcIdx += adv; |
| } |
| } |
| full[idx++] = 0; |
| |
| #ifdef OPENSSL_EXTRA |
| { |
| int totalLen = 0; |
| |
| if (dName->cnLen != 0) |
| totalLen += dName->cnLen + 4; |
| if (dName->snLen != 0) |
| totalLen += dName->snLen + 4; |
| if (dName->cLen != 0) |
| totalLen += dName->cLen + 3; |
| if (dName->lLen != 0) |
| totalLen += dName->lLen + 3; |
| if (dName->stLen != 0) |
| totalLen += dName->stLen + 4; |
| if (dName->oLen != 0) |
| totalLen += dName->oLen + 3; |
| if (dName->ouLen != 0) |
| totalLen += dName->ouLen + 4; |
| if (dName->emailLen != 0) |
| totalLen += dName->emailLen + 14; |
| if (dName->uidLen != 0) |
| totalLen += dName->uidLen + 5; |
| if (dName->serialLen != 0) |
| totalLen += dName->serialLen + 14; |
| |
| dName->fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509); |
| if (dName->fullName != NULL) { |
| idx = 0; |
| |
| if (dName->cnLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/CN=", 4); |
| idx += 4; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->cnIdx], dName->cnLen); |
| dName->cnIdx = idx; |
| idx += dName->cnLen; |
| } |
| if (dName->snLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/SN=", 4); |
| idx += 4; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->snIdx], dName->snLen); |
| dName->snIdx = idx; |
| idx += dName->snLen; |
| } |
| if (dName->cLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/C=", 3); |
| idx += 3; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->cIdx], dName->cLen); |
| dName->cIdx = idx; |
| idx += dName->cLen; |
| } |
| if (dName->lLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/L=", 3); |
| idx += 3; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->lIdx], dName->lLen); |
| dName->lIdx = idx; |
| idx += dName->lLen; |
| } |
| if (dName->stLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/ST=", 4); |
| idx += 4; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->stIdx], dName->stLen); |
| dName->stIdx = idx; |
| idx += dName->stLen; |
| } |
| if (dName->oLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/O=", 3); |
| idx += 3; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->oIdx], dName->oLen); |
| dName->oIdx = idx; |
| idx += dName->oLen; |
| } |
| if (dName->ouLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/OU=", 4); |
| idx += 4; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->ouIdx], dName->ouLen); |
| dName->ouIdx = idx; |
| idx += dName->ouLen; |
| } |
| if (dName->emailLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14); |
| idx += 14; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->emailIdx], dName->emailLen); |
| dName->emailIdx = idx; |
| idx += dName->emailLen; |
| } |
| if (dName->uidLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/UID=", 5); |
| idx += 5; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->uidIdx], dName->uidLen); |
| dName->uidIdx = idx; |
| idx += dName->uidLen; |
| } |
| if (dName->serialLen != 0) { |
| dName->entryCount++; |
| XMEMCPY(&dName->fullName[idx], "/serialNumber=", 14); |
| idx += 14; |
| XMEMCPY(&dName->fullName[idx], |
| &cert->source[dName->serialIdx], dName->serialLen); |
| dName->serialIdx = idx; |
| idx += dName->serialLen; |
| } |
| dName->fullName[idx] = '\0'; |
| dName->fullNameLen = totalLen; |
| } |
| } |
| #endif /* OPENSSL_EXTRA */ |
| |
| return 0; |
| } |
| |
| |
| #ifndef NO_TIME_H |
| |
| /* to the second */ |
| static int DateGreaterThan(const struct tm* a, const struct tm* b) |
| { |
| if (a->tm_year > b->tm_year) |
| return 1; |
| |
| if (a->tm_year == b->tm_year && a->tm_mon > b->tm_mon) |
| return 1; |
| |
| if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && |
| a->tm_mday > b->tm_mday) |
| return 1; |
| |
| if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && |
| a->tm_mday == b->tm_mday && a->tm_hour > b->tm_hour) |
| return 1; |
| |
| if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && |
| a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour && |
| a->tm_min > b->tm_min) |
| return 1; |
| |
| if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && |
| a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour && |
| a->tm_min == b->tm_min && a->tm_sec > b->tm_sec) |
| return 1; |
| |
| return 0; /* false */ |
| } |
| |
| |
| static INLINE int DateLessThan(const struct tm* a, const struct tm* b) |
| { |
| return DateGreaterThan(b,a); |
| } |
| |
| |
| /* like atoi but only use first byte */ |
| /* Make sure before and after dates are valid */ |
| int ValidateDate(const byte* date, byte format, int dateType) |
| { |
| time_t ltime; |
| struct tm certTime; |
| struct tm* localTime; |
| struct tm* tmpTime = NULL; |
| int i = 0; |
| |
| #if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES) |
| struct tm tmpTimeStorage; |
| tmpTime = &tmpTimeStorage; |
| #else |
| (void)tmpTime; |
| #endif |
| |
| ltime = XTIME(0); |
| XMEMSET(&certTime, 0, sizeof(certTime)); |
| |
| if (format == ASN_UTC_TIME) { |
| if (btoi(date[0]) >= 5) |
| certTime.tm_year = 1900; |
| else |
| certTime.tm_year = 2000; |
| } |
| else { /* format == GENERALIZED_TIME */ |
| certTime.tm_year += btoi(date[i++]) * 1000; |
| certTime.tm_year += btoi(date[i++]) * 100; |
| } |
| |
| /* adjust tm_year, tm_mon */ |
| GetTime((int*)&certTime.tm_year, date, &i); certTime.tm_year -= 1900; |
| GetTime((int*)&certTime.tm_mon, date, &i); certTime.tm_mon -= 1; |
| GetTime((int*)&certTime.tm_mday, date, &i); |
| GetTime((int*)&certTime.tm_hour, date, &i); |
| GetTime((int*)&certTime.tm_min, date, &i); |
| GetTime((int*)&certTime.tm_sec, date, &i); |
| |
| if (date[i] != 'Z') { /* only Zulu supported for this profile */ |
| WOLFSSL_MSG("Only Zulu time supported for this profile"); |
| return 0; |
| } |
| |
| localTime = XGMTIME(<ime, tmpTime); |
| |
| if (dateType == BEFORE) { |
| if (DateLessThan(localTime, &certTime)) |
| return 0; |
| } |
| else |
| if (DateGreaterThan(localTime, &certTime)) |
| return 0; |
| |
| return 1; |
| } |
| |
| #endif /* NO_TIME_H */ |
| |
| |
| static int GetDate(DecodedCert* cert, int dateType) |
| { |
| int length; |
| byte date[MAX_DATE_SIZE]; |
| byte b; |
| word32 startIdx = 0; |
| |
| if (dateType == BEFORE) |
| cert->beforeDate = &cert->source[cert->srcIdx]; |
| else |
| cert->afterDate = &cert->source[cert->srcIdx]; |
| startIdx = cert->srcIdx; |
| |
| b = cert->source[cert->srcIdx++]; |
| if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME) |
| return ASN_TIME_E; |
| |
| if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE) |
| return ASN_DATE_SZ_E; |
| |
| XMEMCPY(date, &cert->source[cert->srcIdx], length); |
| cert->srcIdx += length; |
| |
| if (dateType == BEFORE) |
| cert->beforeDateLen = cert->srcIdx - startIdx; |
| else |
| cert->afterDateLen = cert->srcIdx - startIdx; |
| |
| if (!XVALIDATE_DATE(date, b, dateType)) { |
| if (dateType == BEFORE) |
| return ASN_BEFORE_DATE_E; |
| else |
| return ASN_AFTER_DATE_E; |
| } |
| |
| return 0; |
| } |
| |
| |
| static int GetValidity(DecodedCert* cert, int verify) |
| { |
| int length; |
| int badDate = 0; |
| |
| if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetDate(cert, BEFORE) < 0 && verify) |
| badDate = ASN_BEFORE_DATE_E; /* continue parsing */ |
| |
| if (GetDate(cert, AFTER) < 0 && verify) |
| return ASN_AFTER_DATE_E; |
| |
| if (badDate != 0) |
| return badDate; |
| |
| return 0; |
| } |
| |
| |
| int DecodeToKey(DecodedCert* cert, int verify) |
| { |
| int badDate = 0; |
| int ret; |
| |
| if ( (ret = GetCertHeader(cert)) < 0) |
| return ret; |
| |
| WOLFSSL_MSG("Got Cert Header"); |
| |
| if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID, |
| cert->maxIdx)) < 0) |
| return ret; |
| |
| WOLFSSL_MSG("Got Algo ID"); |
| |
| if ( (ret = GetName(cert, ISSUER)) < 0) |
| return ret; |
| |
| if ( (ret = GetValidity(cert, verify)) < 0) |
| badDate = ret; |
| |
| if ( (ret = GetName(cert, SUBJECT)) < 0) |
| return ret; |
| |
| WOLFSSL_MSG("Got Subject Name"); |
| |
| if ( (ret = GetKey(cert)) < 0) |
| return ret; |
| |
| WOLFSSL_MSG("Got Key"); |
| |
| if (badDate != 0) |
| return badDate; |
| |
| return ret; |
| } |
| |
| |
| static int GetSignature(DecodedCert* cert) |
| { |
| int length; |
| byte b = cert->source[cert->srcIdx++]; |
| |
| if (b != ASN_BIT_STRING) |
| return ASN_BITSTR_E; |
| |
| if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| cert->sigLength = length; |
| |
| b = cert->source[cert->srcIdx++]; |
| if (b != 0x00) |
| return ASN_EXPECT_0_E; |
| |
| cert->sigLength--; |
| cert->signature = &cert->source[cert->srcIdx]; |
| cert->srcIdx += cert->sigLength; |
| |
| return 0; |
| } |
| |
| |
| static word32 SetDigest(const byte* digest, word32 digSz, byte* output) |
| { |
| output[0] = ASN_OCTET_STRING; |
| output[1] = (byte)digSz; |
| XMEMCPY(&output[2], digest, digSz); |
| |
| return digSz + 2; |
| } |
| |
| |
| static word32 BytePrecision(word32 value) |
| { |
| word32 i; |
| for (i = sizeof(value); i; --i) |
| if (value >> ((i - 1) * WOLFSSL_BIT_SIZE)) |
| break; |
| |
| return i; |
| } |
| |
| |
| WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output) |
| { |
| word32 i = 0, j; |
| |
| if (length < ASN_LONG_LENGTH) |
| output[i++] = (byte)length; |
| else { |
| output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); |
| |
| for (j = BytePrecision(length); j; --j) { |
| output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE)); |
| i++; |
| } |
| } |
| |
| return i; |
| } |
| |
| |
| WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output) |
| { |
| output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; |
| return SetLength(len, output + 1) + 1; |
| } |
| |
| WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output) |
| { |
| output[0] = ASN_OCTET_STRING; |
| return SetLength(len, output + 1) + 1; |
| } |
| |
| /* Write a set header to output */ |
| WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output) |
| { |
| output[0] = ASN_SET | ASN_CONSTRUCTED; |
| return SetLength(len, output + 1) + 1; |
| } |
| |
| WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output) |
| { |
| |
| output[0] = ((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0) |
| | ASN_CONTEXT_SPECIFIC | number; |
| return SetLength(len, output + 1) + 1; |
| } |
| |
| WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output) |
| { |
| output[0] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number; |
| return SetLength(len, output + 1) + 1; |
| } |
| |
| |
| #if defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) |
| |
| static word32 SetCurve(ecc_key* key, byte* output) |
| { |
| |
| /* curve types */ |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192) |
| static const byte ECC_192v1_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d, |
| 0x03, 0x01, 0x01}; |
| #endif |
| #if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256) |
| static const byte ECC_256v1_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d, |
| 0x03, 0x01, 0x07}; |
| #endif |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160) |
| static const byte ECC_160r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00, |
| 0x02}; |
| #endif |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224) |
| static const byte ECC_224r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00, |
| 0x21}; |
| #endif |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384) |
| static const byte ECC_384r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00, |
| 0x22}; |
| #endif |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521) |
| static const byte ECC_521r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00, |
| 0x23}; |
| #endif |
| |
| int oidSz = 0; |
| int idx = 0; |
| int lenSz = 0; |
| const byte* oid = 0; |
| |
| output[0] = ASN_OBJECT_ID; |
| idx++; |
| |
| switch (key->dp->size) { |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160) |
| case 20: |
| oidSz = sizeof(ECC_160r1_AlgoID); |
| oid = ECC_160r1_AlgoID; |
| break; |
| #endif |
| |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192) |
| case 24: |
| oidSz = sizeof(ECC_192v1_AlgoID); |
| oid = ECC_192v1_AlgoID; |
| break; |
| #endif |
| |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224) |
| case 28: |
| oidSz = sizeof(ECC_224r1_AlgoID); |
| oid = ECC_224r1_AlgoID; |
| break; |
| #endif |
| |
| #if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256) |
| case 32: |
| oidSz = sizeof(ECC_256v1_AlgoID); |
| oid = ECC_256v1_AlgoID; |
| break; |
| #endif |
| |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384) |
| case 48: |
| oidSz = sizeof(ECC_384r1_AlgoID); |
| oid = ECC_384r1_AlgoID; |
| break; |
| #endif |
| |
| #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521) |
| case 66: |
| oidSz = sizeof(ECC_521r1_AlgoID); |
| oid = ECC_521r1_AlgoID; |
| break; |
| #endif |
| |
| default: |
| return ASN_UNKNOWN_OID_E; |
| } |
| lenSz = SetLength(oidSz, output+idx); |
| idx += lenSz; |
| |
| XMEMCPY(output+idx, oid, oidSz); |
| idx += oidSz; |
| |
| return idx; |
| } |
| |
| #endif /* HAVE_ECC && WOLFSSL_CERT_GEN */ |
| |
| |
| WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) |
| { |
| /* adding TAG_NULL and 0 to end */ |
| |
| /* hashTypes */ |
| static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a, |
| 0x05, 0x00 }; |
| static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, |
| 0x04, 0x02, 0x01, 0x05, 0x00 }; |
| static const byte sha384AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, |
| 0x04, 0x02, 0x02, 0x05, 0x00 }; |
| static const byte sha512AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, |
| 0x04, 0x02, 0x03, 0x05, 0x00 }; |
| static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, |
| 0x02, 0x05, 0x05, 0x00 }; |
| static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, |
| 0x02, 0x02, 0x05, 0x00}; |
| |
| /* blkTypes, no NULL tags because IV is there instead */ |
| static const byte desCbcAlgoID[] = { 0x2B, 0x0E, 0x03, 0x02, 0x07 }; |
| static const byte des3CbcAlgoID[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, |
| 0x0D, 0x03, 0x07 }; |
| |
| /* RSA sigTypes */ |
| #ifndef NO_RSA |
| static const byte md5wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, |
| 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00}; |
| static const byte shawRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, |
| 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00}; |
| static const byte sha256wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, |
| 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00}; |
| static const byte sha384wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, |
| 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00}; |
| static const byte sha512wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, |
| 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00}; |
| #endif /* NO_RSA */ |
| |
| /* ECDSA sigTypes */ |
| #ifdef HAVE_ECC |
| static const byte shawECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d, |
| 0x04, 0x01, 0x05, 0x00}; |
| static const byte sha256wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d, |
| 0x04, 0x03, 0x02, 0x05, 0x00}; |
| static const byte sha384wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d, |
| 0x04, 0x03, 0x03, 0x05, 0x00}; |
| static const byte sha512wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d, |
| 0x04, 0x03, 0x04, 0x05, 0x00}; |
| #endif /* HAVE_ECC */ |
| |
| /* RSA keyType */ |
| #ifndef NO_RSA |
| static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, |
| 0x01, 0x01, 0x01, 0x05, 0x00}; |
| #endif /* NO_RSA */ |
| |
| #ifdef HAVE_ECC |
| /* ECC keyType */ |
| /* no tags, so set tagSz smaller later */ |
| static const byte ECC_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d, |
| 0x02, 0x01}; |
| #endif /* HAVE_ECC */ |
| |
| int algoSz = 0; |
| int tagSz = 2; /* tag null and terminator */ |
| word32 idSz, seqSz; |
| const byte* algoName = 0; |
| byte ID_Length[MAX_LENGTH_SZ]; |
| byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ |
| |
| if (type == hashType) { |
| switch (algoOID) { |
| case SHAh: |
| algoSz = sizeof(shaAlgoID); |
| algoName = shaAlgoID; |
| break; |
| |
| case SHA256h: |
| algoSz = sizeof(sha256AlgoID); |
| algoName = sha256AlgoID; |
| break; |
| |
| case SHA384h: |
| algoSz = sizeof(sha384AlgoID); |
| algoName = sha384AlgoID; |
| break; |
| |
| case SHA512h: |
| algoSz = sizeof(sha512AlgoID); |
| algoName = sha512AlgoID; |
| break; |
| |
| case MD2h: |
| algoSz = sizeof(md2AlgoID); |
| algoName = md2AlgoID; |
| break; |
| |
| case MD5h: |
| algoSz = sizeof(md5AlgoID); |
| algoName = md5AlgoID; |
| break; |
| |
| default: |
| WOLFSSL_MSG("Unknown Hash Algo"); |
| return 0; /* UNKOWN_HASH_E; */ |
| } |
| } |
| else if (type == blkType) { |
| switch (algoOID) { |
| case DESb: |
| algoSz = sizeof(desCbcAlgoID); |
| algoName = desCbcAlgoID; |
| tagSz = 0; |
| break; |
| case DES3b: |
| algoSz = sizeof(des3CbcAlgoID); |
| algoName = des3CbcAlgoID; |
| tagSz = 0; |
| break; |
| default: |
| WOLFSSL_MSG("Unknown Block Algo"); |
| return 0; |
| } |
| } |
| else if (type == sigType) { /* sigType */ |
| switch (algoOID) { |
| #ifndef NO_RSA |
| case CTC_MD5wRSA: |
| algoSz = sizeof(md5wRSA_AlgoID); |
| algoName = md5wRSA_AlgoID; |
| break; |
| |
| case CTC_SHAwRSA: |
| algoSz = sizeof(shawRSA_AlgoID); |
| algoName = shawRSA_AlgoID; |
| break; |
| |
| case CTC_SHA256wRSA: |
| algoSz = sizeof(sha256wRSA_AlgoID); |
| algoName = sha256wRSA_AlgoID; |
| break; |
| |
| case CTC_SHA384wRSA: |
| algoSz = sizeof(sha384wRSA_AlgoID); |
| algoName = sha384wRSA_AlgoID; |
| break; |
| |
| case CTC_SHA512wRSA: |
| algoSz = sizeof(sha512wRSA_AlgoID); |
| algoName = sha512wRSA_AlgoID; |
| break; |
| #endif /* NO_RSA */ |
| #ifdef HAVE_ECC |
| case CTC_SHAwECDSA: |
| algoSz = sizeof(shawECDSA_AlgoID); |
| algoName = shawECDSA_AlgoID; |
| break; |
| |
| case CTC_SHA256wECDSA: |
| algoSz = sizeof(sha256wECDSA_AlgoID); |
| algoName = sha256wECDSA_AlgoID; |
| break; |
| |
| case CTC_SHA384wECDSA: |
| algoSz = sizeof(sha384wECDSA_AlgoID); |
| algoName = sha384wECDSA_AlgoID; |
| break; |
| |
| case CTC_SHA512wECDSA: |
| algoSz = sizeof(sha512wECDSA_AlgoID); |
| algoName = sha512wECDSA_AlgoID; |
| break; |
| #endif /* HAVE_ECC */ |
| default: |
| WOLFSSL_MSG("Unknown Signature Algo"); |
| return 0; |
| } |
| } |
| else if (type == keyType) { /* keyType */ |
| switch (algoOID) { |
| #ifndef NO_RSA |
| case RSAk: |
| algoSz = sizeof(RSA_AlgoID); |
| algoName = RSA_AlgoID; |
| break; |
| #endif /* NO_RSA */ |
| #ifdef HAVE_ECC |
| case ECDSAk: |
| algoSz = sizeof(ECC_AlgoID); |
| algoName = ECC_AlgoID; |
| tagSz = 0; |
| break; |
| #endif /* HAVE_ECC */ |
| default: |
| WOLFSSL_MSG("Unknown Key Algo"); |
| return 0; |
| } |
| } |
| else { |
| WOLFSSL_MSG("Unknown Algo type"); |
| return 0; |
| } |
| |
| idSz = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */ |
| seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray); |
| /* +1 for object id, curveID of curveSz follows for ecc */ |
| seqArray[seqSz++] = ASN_OBJECT_ID; |
| |
| XMEMCPY(output, seqArray, seqSz); |
| XMEMCPY(output + seqSz, ID_Length, idSz); |
| XMEMCPY(output + seqSz + idSz, algoName, algoSz); |
| |
| return seqSz + idSz + algoSz; |
| |
| } |
| |
| |
| word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, |
| int hashOID) |
| { |
| byte digArray[MAX_ENCODED_DIG_SZ]; |
| byte algoArray[MAX_ALGO_SZ]; |
| byte seqArray[MAX_SEQ_SZ]; |
| word32 encDigSz, algoSz, seqSz; |
| |
| encDigSz = SetDigest(digest, digSz, digArray); |
| algoSz = SetAlgoID(hashOID, algoArray, hashType, 0); |
| seqSz = SetSequence(encDigSz + algoSz, seqArray); |
| |
| XMEMCPY(out, seqArray, seqSz); |
| XMEMCPY(out + seqSz, algoArray, algoSz); |
| XMEMCPY(out + seqSz + algoSz, digArray, encDigSz); |
| |
| return encDigSz + algoSz + seqSz; |
| } |
| |
| |
| int wc_GetCTC_HashOID(int type) |
| { |
| switch (type) { |
| #ifdef WOLFSSL_MD2 |
| case MD2: |
| return MD2h; |
| #endif |
| #ifndef NO_MD5 |
| case MD5: |
| return MD5h; |
| #endif |
| #ifndef NO_SHA |
| case SHA: |
| return SHAh; |
| #endif |
| #ifndef NO_SHA256 |
| case SHA256: |
| return SHA256h; |
| #endif |
| #ifdef WOLFSSL_SHA384 |
| case SHA384: |
| return SHA384h; |
| #endif |
| #ifdef WOLFSSL_SHA512 |
| case SHA512: |
| return SHA512h; |
| #endif |
| default: |
| return 0; |
| }; |
| } |
| |
| |
| /* return true (1) or false (0) for Confirmation */ |
| static int ConfirmSignature(const byte* buf, word32 bufSz, |
| const byte* key, word32 keySz, word32 keyOID, |
| const byte* sig, word32 sigSz, word32 sigOID, |
| void* heap) |
| { |
| int typeH = 0, digestSz = 0, ret = 0; |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* digest; |
| #else |
| byte digest[MAX_DIGEST_SIZE]; |
| #endif |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| digest = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (digest == NULL) |
| return 0; /* not confirmed */ |
| #endif |
| |
| (void)key; |
| (void)keySz; |
| (void)sig; |
| (void)sigSz; |
| (void)heap; |
| |
| switch (sigOID) { |
| #ifndef NO_MD5 |
| case CTC_MD5wRSA: |
| if (wc_Md5Hash(buf, bufSz, digest) == 0) { |
| typeH = MD5h; |
| digestSz = MD5_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| #if defined(WOLFSSL_MD2) |
| case CTC_MD2wRSA: |
| if (wc_Md2Hash(buf, bufSz, digest) == 0) { |
| typeH = MD2h; |
| digestSz = MD2_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| #ifndef NO_SHA |
| case CTC_SHAwRSA: |
| case CTC_SHAwDSA: |
| case CTC_SHAwECDSA: |
| if (wc_ShaHash(buf, bufSz, digest) == 0) { |
| typeH = SHAh; |
| digestSz = SHA_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| #ifndef NO_SHA256 |
| case CTC_SHA256wRSA: |
| case CTC_SHA256wECDSA: |
| if (wc_Sha256Hash(buf, bufSz, digest) == 0) { |
| typeH = SHA256h; |
| digestSz = SHA256_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| #ifdef WOLFSSL_SHA512 |
| case CTC_SHA512wRSA: |
| case CTC_SHA512wECDSA: |
| if (wc_Sha512Hash(buf, bufSz, digest) == 0) { |
| typeH = SHA512h; |
| digestSz = SHA512_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| #ifdef WOLFSSL_SHA384 |
| case CTC_SHA384wRSA: |
| case CTC_SHA384wECDSA: |
| if (wc_Sha384Hash(buf, bufSz, digest) == 0) { |
| typeH = SHA384h; |
| digestSz = SHA384_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| default: |
| WOLFSSL_MSG("Verify Signautre has unsupported type"); |
| } |
| |
| if (typeH == 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return 0; /* not confirmed */ |
| } |
| |
| switch (keyOID) { |
| #ifndef NO_RSA |
| case RSAk: |
| { |
| word32 idx = 0; |
| int encodedSigSz, verifySz; |
| byte* out; |
| #ifdef WOLFSSL_SMALL_STACK |
| RsaKey* pubKey; |
| byte* plain; |
| byte* encodedSig; |
| #else |
| RsaKey pubKey[1]; |
| byte plain[MAX_ENCODED_SIG_SZ]; |
| byte encodedSig[MAX_ENCODED_SIG_SZ]; |
| #endif |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| pubKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| plain = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| |
| if (pubKey == NULL || plain == NULL || encodedSig == NULL) { |
| WOLFSSL_MSG("Failed to allocate memory at ConfirmSignature"); |
| |
| if (pubKey) |
| XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (plain) |
| XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (encodedSig) |
| XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| |
| break; /* not confirmed */ |
| } |
| #endif |
| |
| if (sigSz > MAX_ENCODED_SIG_SZ) { |
| WOLFSSL_MSG("Verify Signautre is too big"); |
| } |
| else if (wc_InitRsaKey(pubKey, heap) != 0) { |
| WOLFSSL_MSG("InitRsaKey failed"); |
| } |
| else if (wc_RsaPublicKeyDecode(key, &idx, pubKey, keySz) < 0) { |
| WOLFSSL_MSG("ASN Key decode error RSA"); |
| } |
| else { |
| XMEMCPY(plain, sig, sigSz); |
| |
| if ((verifySz = wc_RsaSSL_VerifyInline(plain, sigSz, &out, |
| pubKey)) < 0) { |
| WOLFSSL_MSG("Rsa SSL verify error"); |
| } |
| else { |
| /* make sure we're right justified */ |
| encodedSigSz = |
| wc_EncodeSignature(encodedSig, digest, digestSz, typeH); |
| if (encodedSigSz != verifySz || |
| XMEMCMP(out, encodedSig, encodedSigSz) != 0) { |
| WOLFSSL_MSG("Rsa SSL verify match encode error"); |
| } |
| else |
| ret = 1; /* match */ |
| |
| #ifdef WOLFSSL_DEBUG_ENCODING |
| { |
| int x; |
| |
| printf("wolfssl encodedSig:\n"); |
| |
| for (x = 0; x < encodedSigSz; x++) { |
| printf("%02x ", encodedSig[x]); |
| if ( (x % 16) == 15) |
| printf("\n"); |
| } |
| |
| printf("\n"); |
| printf("actual digest:\n"); |
| |
| for (x = 0; x < verifySz; x++) { |
| printf("%02x ", out[x]); |
| if ( (x % 16) == 15) |
| printf("\n"); |
| } |
| |
| printf("\n"); |
| } |
| #endif /* WOLFSSL_DEBUG_ENCODING */ |
| |
| } |
| |
| } |
| |
| wc_FreeRsaKey(pubKey); |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| break; |
| } |
| |
| #endif /* NO_RSA */ |
| #ifdef HAVE_ECC |
| case ECDSAk: |
| { |
| int verify = 0; |
| #ifdef WOLFSSL_SMALL_STACK |
| ecc_key* pubKey; |
| #else |
| ecc_key pubKey[1]; |
| #endif |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| pubKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| if (pubKey == NULL) { |
| WOLFSSL_MSG("Failed to allocate pubKey"); |
| break; /* not confirmed */ |
| } |
| #endif |
| |
| if (wc_ecc_init(pubKey) < 0) { |
| WOLFSSL_MSG("Failed to initialize key"); |
| break; /* not confirmed */ |
| } |
| if (wc_ecc_import_x963(key, keySz, pubKey) < 0) { |
| WOLFSSL_MSG("ASN Key import error ECC"); |
| } |
| else { |
| if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz, &verify, |
| pubKey) != 0) { |
| WOLFSSL_MSG("ECC verify hash error"); |
| } |
| else if (1 != verify) { |
| WOLFSSL_MSG("ECC Verify didn't match"); |
| } else |
| ret = 1; /* match */ |
| |
| } |
| wc_ecc_free(pubKey); |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| break; |
| } |
| #endif /* HAVE_ECC */ |
| default: |
| WOLFSSL_MSG("Verify Key type unknown"); |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret; |
| } |
| |
| |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| |
| static int MatchBaseName(int type, const char* name, int nameSz, |
| const char* base, int baseSz) |
| { |
| if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 || |
| name[0] == '.' || nameSz < baseSz || |
| (type != ASN_RFC822_TYPE && type != ASN_DNS_TYPE)) |
| return 0; |
| |
| /* If an email type, handle special cases where the base is only |
| * a domain, or is an email address itself. */ |
| if (type == ASN_RFC822_TYPE) { |
| const char* p = NULL; |
| int count = 0; |
| |
| if (base[0] != '.') { |
| p = base; |
| count = 0; |
| |
| /* find the '@' in the base */ |
| while (*p != '@' && count < baseSz) { |
| count++; |
| p++; |
| } |
| |
| /* No '@' in base, reset p to NULL */ |
| if (count >= baseSz) |
| p = NULL; |
| } |
| |
| if (p == NULL) { |
| /* Base isn't an email address, it is a domain name, |
| * wind the name forward one character past its '@'. */ |
| p = name; |
| count = 0; |
| while (*p != '@' && count < baseSz) { |
| count++; |
| p++; |
| } |
| |
| if (count < baseSz && *p == '@') { |
| name = p + 1; |
| nameSz -= count + 1; |
| } |
| } |
| } |
| |
| if ((type == ASN_DNS_TYPE || type == ASN_RFC822_TYPE) && base[0] == '.') { |
| int szAdjust = nameSz - baseSz; |
| name += szAdjust; |
| nameSz -= szAdjust; |
| } |
| |
| while (nameSz > 0) { |
| if (XTOLOWER((unsigned char)*name++) != |
| XTOLOWER((unsigned char)*base++)) |
| return 0; |
| nameSz--; |
| } |
| |
| return 1; |
| } |
| |
| |
| static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) |
| { |
| if (signer == NULL || cert == NULL) |
| return 0; |
| |
| /* Check against the excluded list */ |
| if (signer->excludedNames) { |
| Base_entry* base = signer->excludedNames; |
| |
| while (base != NULL) { |
| if (base->type == ASN_DNS_TYPE) { |
| DNS_entry* name = cert->altNames; |
| while (name != NULL) { |
| if (MatchBaseName(ASN_DNS_TYPE, |
| name->name, (int)XSTRLEN(name->name), |
| base->name, base->nameSz)) |
| return 0; |
| name = name->next; |
| } |
| } |
| else if (base->type == ASN_RFC822_TYPE) { |
| DNS_entry* name = cert->altEmailNames; |
| while (name != NULL) { |
| if (MatchBaseName(ASN_RFC822_TYPE, |
| name->name, (int)XSTRLEN(name->name), |
| base->name, base->nameSz)) |
| return 0; |
| |
| name = name->next; |
| } |
| } |
| else if (base->type == ASN_DIR_TYPE) { |
| if (cert->subjectRawLen == base->nameSz && |
| XMEMCMP(cert->subjectRaw, base->name, base->nameSz) == 0) { |
| |
| return 0; |
| } |
| } |
| base = base->next; |
| } |
| } |
| |
| /* Check against the permitted list */ |
| if (signer->permittedNames != NULL) { |
| int needDns = 0; |
| int matchDns = 0; |
| int needEmail = 0; |
| int matchEmail = 0; |
| int needDir = 0; |
| int matchDir = 0; |
| Base_entry* base = signer->permittedNames; |
| |
| while (base != NULL) { |
| if (base->type == ASN_DNS_TYPE) { |
| DNS_entry* name = cert->altNames; |
| |
| if (name != NULL) |
| needDns = 1; |
| |
| while (name != NULL) { |
| matchDns = MatchBaseName(ASN_DNS_TYPE, |
| name->name, (int)XSTRLEN(name->name), |
| base->name, base->nameSz); |
| name = name->next; |
| } |
| } |
| else if (base->type == ASN_RFC822_TYPE) { |
| DNS_entry* name = cert->altEmailNames; |
| |
| if (name != NULL) |
| needEmail = 1; |
| |
| while (name != NULL) { |
| matchEmail = MatchBaseName(ASN_DNS_TYPE, |
| name->name, (int)XSTRLEN(name->name), |
| base->name, base->nameSz); |
| name = name->next; |
| } |
| } |
| else if (base->type == ASN_DIR_TYPE) { |
| needDir = 1; |
| if (cert->subjectRaw != NULL && |
| cert->subjectRawLen == base->nameSz && |
| XMEMCMP(cert->subjectRaw, base->name, base->nameSz) == 0) { |
| |
| matchDir = 1; |
| } |
| } |
| base = base->next; |
| } |
| |
| if ((needDns && !matchDns) || (needEmail && !matchEmail) || |
| (needDir && !matchDir)) { |
| |
| return 0; |
| } |
| } |
| |
| return 1; |
| } |
| |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| |
| |
| static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0; |
| int length = 0; |
| |
| WOLFSSL_ENTER("DecodeAltNames"); |
| |
| if (GetSequence(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tBad Sequence"); |
| return ASN_PARSE_E; |
| } |
| |
| cert->weOwnAltNames = 1; |
| |
| while (length > 0) { |
| byte b = input[idx++]; |
| |
| length--; |
| |
| /* Save DNS Type names in the altNames list. */ |
| /* Save Other Type names in the cert's OidMap */ |
| if (b == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) { |
| DNS_entry* dnsEntry; |
| int strLen; |
| word32 lenStartIdx = idx; |
| |
| if (GetLength(input, &idx, &strLen, sz) < 0) { |
| WOLFSSL_MSG("\tfail: str length"); |
| return ASN_PARSE_E; |
| } |
| length -= (idx - lenStartIdx); |
| |
| dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap, |
| DYNAMIC_TYPE_ALTNAME); |
| if (dnsEntry == NULL) { |
| WOLFSSL_MSG("\tOut of Memory"); |
| return ASN_PARSE_E; |
| } |
| |
| dnsEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, |
| DYNAMIC_TYPE_ALTNAME); |
| if (dnsEntry->name == NULL) { |
| WOLFSSL_MSG("\tOut of Memory"); |
| XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); |
| return ASN_PARSE_E; |
| } |
| |
| XMEMCPY(dnsEntry->name, &input[idx], strLen); |
| dnsEntry->name[strLen] = '\0'; |
| |
| dnsEntry->next = cert->altNames; |
| cert->altNames = dnsEntry; |
| |
| length -= strLen; |
| idx += strLen; |
| } |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| else if (b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { |
| DNS_entry* emailEntry; |
| int strLen; |
| word32 lenStartIdx = idx; |
| |
| if (GetLength(input, &idx, &strLen, sz) < 0) { |
| WOLFSSL_MSG("\tfail: str length"); |
| return ASN_PARSE_E; |
| } |
| length -= (idx - lenStartIdx); |
| |
| emailEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap, |
| DYNAMIC_TYPE_ALTNAME); |
| if (emailEntry == NULL) { |
| WOLFSSL_MSG("\tOut of Memory"); |
| return ASN_PARSE_E; |
| } |
| |
| emailEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, |
| DYNAMIC_TYPE_ALTNAME); |
| if (emailEntry->name == NULL) { |
| WOLFSSL_MSG("\tOut of Memory"); |
| XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); |
| return ASN_PARSE_E; |
| } |
| |
| XMEMCPY(emailEntry->name, &input[idx], strLen); |
| emailEntry->name[strLen] = '\0'; |
| |
| emailEntry->next = cert->altEmailNames; |
| cert->altEmailNames = emailEntry; |
| |
| length -= strLen; |
| idx += strLen; |
| } |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| #ifdef WOLFSSL_SEP |
| else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) |
| { |
| int strLen; |
| word32 lenStartIdx = idx; |
| word32 oid = 0; |
| |
| if (GetLength(input, &idx, &strLen, sz) < 0) { |
| WOLFSSL_MSG("\tfail: other name length"); |
| return ASN_PARSE_E; |
| } |
| /* Consume the rest of this sequence. */ |
| length -= (strLen + idx - lenStartIdx); |
| |
| if (GetObjectId(input, &idx, &oid, sz) < 0) { |
| WOLFSSL_MSG("\tbad OID"); |
| return ASN_PARSE_E; |
| } |
| |
| if (oid != HW_NAME_OID) { |
| WOLFSSL_MSG("\tincorrect OID"); |
| return ASN_PARSE_E; |
| } |
| |
| if (input[idx++] != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { |
| WOLFSSL_MSG("\twrong type"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &idx, &strLen, sz) < 0) { |
| WOLFSSL_MSG("\tfail: str len"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetSequence(input, &idx, &strLen, sz) < 0) { |
| WOLFSSL_MSG("\tBad Sequence"); |
| return ASN_PARSE_E; |
| } |
| |
| if (input[idx++] != ASN_OBJECT_ID) { |
| WOLFSSL_MSG("\texpected OID"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &idx, &strLen, sz) < 0) { |
| WOLFSSL_MSG("\tfailed: str len"); |
| return ASN_PARSE_E; |
| } |
| |
| cert->hwType = (byte*)XMALLOC(strLen, cert->heap, 0); |
| if (cert->hwType == NULL) { |
| WOLFSSL_MSG("\tOut of Memory"); |
| return MEMORY_E; |
| } |
| |
| XMEMCPY(cert->hwType, &input[idx], strLen); |
| cert->hwTypeSz = strLen; |
| idx += strLen; |
| |
| if (input[idx++] != ASN_OCTET_STRING) { |
| WOLFSSL_MSG("\texpected Octet String"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &idx, &strLen, sz) < 0) { |
| WOLFSSL_MSG("\tfailed: str len"); |
| return ASN_PARSE_E; |
| } |
| |
| cert->hwSerialNum = (byte*)XMALLOC(strLen + 1, cert->heap, 0); |
| if (cert->hwSerialNum == NULL) { |
| WOLFSSL_MSG("\tOut of Memory"); |
| return MEMORY_E; |
| } |
| |
| XMEMCPY(cert->hwSerialNum, &input[idx], strLen); |
| cert->hwSerialNum[strLen] = '\0'; |
| cert->hwSerialNumSz = strLen; |
| idx += strLen; |
| } |
| #endif /* WOLFSSL_SEP */ |
| else { |
| int strLen; |
| word32 lenStartIdx = idx; |
| |
| WOLFSSL_MSG("\tUnsupported name type, skipping"); |
| |
| if (GetLength(input, &idx, &strLen, sz) < 0) { |
| WOLFSSL_MSG("\tfail: unsupported name length"); |
| return ASN_PARSE_E; |
| } |
| length -= (strLen + idx - lenStartIdx); |
| idx += strLen; |
| } |
| } |
| return 0; |
| } |
| |
| |
| static int DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0; |
| int length = 0; |
| |
| WOLFSSL_ENTER("DecodeBasicCaConstraint"); |
| if (GetSequence(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: bad SEQUENCE"); |
| return ASN_PARSE_E; |
| } |
| |
| if (length == 0) |
| return 0; |
| |
| /* If the basic ca constraint is false, this extension may be named, but |
| * left empty. So, if the length is 0, just return. */ |
| |
| if (input[idx++] != ASN_BOOLEAN) |
| { |
| WOLFSSL_MSG("\tfail: constraint not BOOLEAN"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &idx, &length, sz) < 0) |
| { |
| WOLFSSL_MSG("\tfail: length"); |
| return ASN_PARSE_E; |
| } |
| |
| if (input[idx++]) |
| cert->isCA = 1; |
| |
| #ifdef OPENSSL_EXTRA |
| /* If there isn't any more data, return. */ |
| if (idx >= (word32)sz) |
| return 0; |
| |
| /* Anything left should be the optional pathlength */ |
| if (input[idx++] != ASN_INTEGER) { |
| WOLFSSL_MSG("\tfail: pathlen not INTEGER"); |
| return ASN_PARSE_E; |
| } |
| |
| if (input[idx++] != 1) { |
| WOLFSSL_MSG("\tfail: pathlen too long"); |
| return ASN_PARSE_E; |
| } |
| |
| cert->pathLength = input[idx]; |
| cert->extBasicConstPlSet = 1; |
| #endif /* OPENSSL_EXTRA */ |
| |
| return 0; |
| } |
| |
| |
| #define CRLDP_FULL_NAME 0 |
| /* From RFC3280 SS4.2.1.14, Distribution Point Name*/ |
| #define GENERALNAME_URI 6 |
| /* From RFC3280 SS4.2.1.7, GeneralName */ |
| |
| static int DecodeCrlDist(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0; |
| int length = 0; |
| |
| WOLFSSL_ENTER("DecodeCrlDist"); |
| |
| /* Unwrap the list of Distribution Points*/ |
| if (GetSequence(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| /* Unwrap a single Distribution Point */ |
| if (GetSequence(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| /* The Distribution Point has three explicit optional members |
| * First check for a DistributionPointName |
| */ |
| if (input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) |
| { |
| idx++; |
| if (GetLength(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (input[idx] == |
| (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CRLDP_FULL_NAME)) |
| { |
| idx++; |
| if (GetLength(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) |
| { |
| idx++; |
| if (GetLength(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| cert->extCrlInfoSz = length; |
| cert->extCrlInfo = input + idx; |
| idx += length; |
| } |
| else |
| /* This isn't a URI, skip it. */ |
| idx += length; |
| } |
| else |
| /* This isn't a FULLNAME, skip it. */ |
| idx += length; |
| } |
| |
| /* Check for reasonFlags */ |
| if (idx < (word32)sz && |
| input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) |
| { |
| idx++; |
| if (GetLength(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| idx += length; |
| } |
| |
| /* Check for cRLIssuer */ |
| if (idx < (word32)sz && |
| input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2)) |
| { |
| idx++; |
| if (GetLength(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| idx += length; |
| } |
| |
| if (idx < (word32)sz) |
| { |
| WOLFSSL_MSG("\tThere are more CRL Distribution Point records, " |
| "but we only use the first one."); |
| } |
| |
| return 0; |
| } |
| |
| |
| static int DecodeAuthInfo(byte* input, int sz, DecodedCert* cert) |
| /* |
| * Read the first of the Authority Information Access records. If there are |
| * any issues, return without saving the record. |
| */ |
| { |
| word32 idx = 0; |
| int length = 0; |
| byte b; |
| word32 oid; |
| |
| WOLFSSL_ENTER("DecodeAuthInfo"); |
| |
| /* Unwrap the list of AIAs */ |
| if (GetSequence(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| while (idx < (word32)sz) { |
| /* Unwrap a single AIA */ |
| if (GetSequence(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| oid = 0; |
| if (GetObjectId(input, &idx, &oid, sz) < 0) |
| return ASN_PARSE_E; |
| |
| /* Only supporting URIs right now. */ |
| b = input[idx++]; |
| if (GetLength(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI) && |
| oid == AIA_OCSP_OID) |
| { |
| cert->extAuthInfoSz = length; |
| cert->extAuthInfo = input + idx; |
| break; |
| } |
| idx += length; |
| } |
| |
| return 0; |
| } |
| |
| |
| static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0; |
| int length = 0, ret = 0; |
| |
| WOLFSSL_ENTER("DecodeAuthKeyId"); |
| |
| if (GetSequence(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: should be a SEQUENCE\n"); |
| return ASN_PARSE_E; |
| } |
| |
| if (input[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) { |
| WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available\n"); |
| return 0; |
| } |
| |
| if (GetLength(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: extension data length"); |
| return ASN_PARSE_E; |
| } |
| |
| #ifdef OPENSSL_EXTRA |
| cert->extAuthKeyIdSrc = &input[idx]; |
| cert->extAuthKeyIdSz = length; |
| #endif /* OPENSSL_EXTRA */ |
| |
| if (length == KEYID_SIZE) { |
| XMEMCPY(cert->extAuthKeyId, input + idx, length); |
| } |
| else { |
| #ifdef NO_SHA |
| ret = wc_Sha256Hash(input + idx, length, cert->extAuthKeyId); |
| #else |
| ret = wc_ShaHash(input + idx, length, cert->extAuthKeyId); |
| #endif |
| } |
| |
| return ret; |
| } |
| |
| |
| static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0; |
| int length = 0, ret = 0; |
| |
| WOLFSSL_ENTER("DecodeSubjKeyId"); |
| |
| if (input[idx++] != ASN_OCTET_STRING) { |
| WOLFSSL_MSG("\tfail: should be an OCTET STRING"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: extension data length"); |
| return ASN_PARSE_E; |
| } |
| |
| #ifdef OPENSSL_EXTRA |
| cert->extSubjKeyIdSrc = &input[idx]; |
| cert->extSubjKeyIdSz = length; |
| #endif /* OPENSSL_EXTRA */ |
| |
| if (length == SIGNER_DIGEST_SIZE) { |
| XMEMCPY(cert->extSubjKeyId, input + idx, length); |
| } |
| else { |
| #ifdef NO_SHA |
| ret = wc_Sha256Hash(input + idx, length, cert->extSubjKeyId); |
| #else |
| ret = wc_ShaHash(input + idx, length, cert->extSubjKeyId); |
| #endif |
| } |
| |
| return ret; |
| } |
| |
| |
| static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0; |
| int length; |
| byte unusedBits; |
| WOLFSSL_ENTER("DecodeKeyUsage"); |
| |
| if (input[idx++] != ASN_BIT_STRING) { |
| WOLFSSL_MSG("\tfail: key usage expected bit string"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: key usage bad length"); |
| return ASN_PARSE_E; |
| } |
| |
| unusedBits = input[idx++]; |
| length--; |
| |
| if (length == 2) { |
| cert->extKeyUsage = (word16)((input[idx] << 8) | input[idx+1]); |
| cert->extKeyUsage >>= unusedBits; |
| } |
| else if (length == 1) |
| cert->extKeyUsage = (word16)(input[idx] << 1); |
| |
| return 0; |
| } |
| |
| |
| static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0, oid; |
| int length; |
| |
| WOLFSSL_ENTER("DecodeExtKeyUsage"); |
| |
| if (GetSequence(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: should be a SEQUENCE"); |
| return ASN_PARSE_E; |
| } |
| |
| #ifdef OPENSSL_EXTRA |
| cert->extExtKeyUsageSrc = input + idx; |
| cert->extExtKeyUsageSz = length; |
| #endif |
| |
| while (idx < (word32)sz) { |
| if (GetObjectId(input, &idx, &oid, sz) < 0) |
| return ASN_PARSE_E; |
| |
| switch (oid) { |
| case EKU_ANY_OID: |
| cert->extExtKeyUsage |= EXTKEYUSE_ANY; |
| break; |
| case EKU_SERVER_AUTH_OID: |
| cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH; |
| break; |
| case EKU_CLIENT_AUTH_OID: |
| cert->extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH; |
| break; |
| case EKU_OCSP_SIGN_OID: |
| cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN; |
| break; |
| } |
| |
| #ifdef OPENSSL_EXTRA |
| cert->extExtKeyUsageCount++; |
| #endif |
| } |
| |
| return 0; |
| } |
| |
| |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| static int DecodeSubtree(byte* input, int sz, Base_entry** head, void* heap) |
| { |
| word32 idx = 0; |
| |
| (void)heap; |
| |
| while (idx < (word32)sz) { |
| int seqLength, strLength; |
| word32 nameIdx; |
| byte b; |
| |
| if (GetSequence(input, &idx, &seqLength, sz) < 0) { |
| WOLFSSL_MSG("\tfail: should be a SEQUENCE"); |
| return ASN_PARSE_E; |
| } |
| |
| nameIdx = idx; |
| b = input[nameIdx++]; |
| if (GetLength(input, &nameIdx, &strLength, sz) <= 0) { |
| WOLFSSL_MSG("\tinvalid length"); |
| return ASN_PARSE_E; |
| } |
| |
| if (b == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE) || |
| b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE) || |
| b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { |
| |
| Base_entry* entry = (Base_entry*)XMALLOC(sizeof(Base_entry), |
| heap, DYNAMIC_TYPE_ALTNAME); |
| |
| if (entry == NULL) { |
| WOLFSSL_MSG("allocate error"); |
| return MEMORY_E; |
| } |
| |
| entry->name = (char*)XMALLOC(strLength, heap, DYNAMIC_TYPE_ALTNAME); |
| if (entry->name == NULL) { |
| WOLFSSL_MSG("allocate error"); |
| return MEMORY_E; |
| } |
| |
| XMEMCPY(entry->name, &input[nameIdx], strLength); |
| entry->nameSz = strLength; |
| entry->type = b & 0x0F; |
| |
| entry->next = *head; |
| *head = entry; |
| } |
| |
| idx += seqLength; |
| } |
| |
| return 0; |
| } |
| |
| |
| static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0; |
| int length = 0; |
| |
| WOLFSSL_ENTER("DecodeNameConstraints"); |
| |
| if (GetSequence(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: should be a SEQUENCE"); |
| return ASN_PARSE_E; |
| } |
| |
| while (idx < (word32)sz) { |
| byte b = input[idx++]; |
| Base_entry** subtree = NULL; |
| |
| if (GetLength(input, &idx, &length, sz) <= 0) { |
| WOLFSSL_MSG("\tinvalid length"); |
| return ASN_PARSE_E; |
| } |
| |
| if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) |
| subtree = &cert->permittedNames; |
| else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) |
| subtree = &cert->excludedNames; |
| else { |
| WOLFSSL_MSG("\tinvalid subtree"); |
| return ASN_PARSE_E; |
| } |
| |
| DecodeSubtree(input + idx, length, subtree, cert->heap); |
| |
| idx += length; |
| } |
| |
| return 0; |
| } |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| |
| |
| #ifdef WOLFSSL_SEP |
| static int DecodeCertPolicy(byte* input, int sz, DecodedCert* cert) |
| { |
| word32 idx = 0; |
| int length = 0; |
| |
| WOLFSSL_ENTER("DecodeCertPolicy"); |
| |
| /* Unwrap certificatePolicies */ |
| if (GetSequence(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tdeviceType isn't OID"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetSequence(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tdeviceType isn't OID"); |
| return ASN_PARSE_E; |
| } |
| |
| if (input[idx++] != ASN_OBJECT_ID) { |
| WOLFSSL_MSG("\tdeviceType isn't OID"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tCouldn't read length of deviceType"); |
| return ASN_PARSE_E; |
| } |
| |
| if (length > 0) { |
| cert->deviceType = (byte*)XMALLOC(length, cert->heap, 0); |
| if (cert->deviceType == NULL) { |
| WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); |
| return MEMORY_E; |
| } |
| cert->deviceTypeSz = length; |
| XMEMCPY(cert->deviceType, input + idx, length); |
| } |
| |
| WOLFSSL_LEAVE("DecodeCertPolicy", 0); |
| return 0; |
| } |
| #endif /* WOLFSSL_SEP */ |
| |
| |
| static int DecodeCertExtensions(DecodedCert* cert) |
| /* |
| * Processing the Certificate Extensions. This does not modify the current |
| * index. It is works starting with the recorded extensions pointer. |
| */ |
| { |
| word32 idx = 0; |
| int sz = cert->extensionsSz; |
| byte* input = cert->extensions; |
| int length; |
| word32 oid; |
| byte critical = 0; |
| byte criticalFail = 0; |
| |
| WOLFSSL_ENTER("DecodeCertExtensions"); |
| |
| if (input == NULL || sz == 0) |
| return BAD_FUNC_ARG; |
| |
| if (input[idx++] != ASN_EXTENSIONS) |
| return ASN_PARSE_E; |
| |
| if (GetLength(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetSequence(input, &idx, &length, sz) < 0) |
| return ASN_PARSE_E; |
| |
| while (idx < (word32)sz) { |
| if (GetSequence(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: should be a SEQUENCE"); |
| return ASN_PARSE_E; |
| } |
| |
| oid = 0; |
| if (GetObjectId(input, &idx, &oid, sz) < 0) { |
| WOLFSSL_MSG("\tfail: OBJECT ID"); |
| return ASN_PARSE_E; |
| } |
| |
| /* check for critical flag */ |
| critical = 0; |
| if (input[idx] == ASN_BOOLEAN) { |
| int boolLength = 0; |
| idx++; |
| if (GetLength(input, &idx, &boolLength, sz) < 0) { |
| WOLFSSL_MSG("\tfail: critical boolean length"); |
| return ASN_PARSE_E; |
| } |
| if (input[idx++]) |
| critical = 1; |
| } |
| |
| /* process the extension based on the OID */ |
| if (input[idx++] != ASN_OCTET_STRING) { |
| WOLFSSL_MSG("\tfail: should be an OCTET STRING"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(input, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: extension data length"); |
| return ASN_PARSE_E; |
| } |
| |
| switch (oid) { |
| case BASIC_CA_OID: |
| #ifdef OPENSSL_EXTRA |
| cert->extBasicConstSet = 1; |
| cert->extBasicConstCrit = critical; |
| #endif |
| if (DecodeBasicCaConstraint(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| |
| case CRL_DIST_OID: |
| if (DecodeCrlDist(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| |
| case AUTH_INFO_OID: |
| if (DecodeAuthInfo(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| |
| case ALT_NAMES_OID: |
| #ifdef OPENSSL_EXTRA |
| cert->extSubjAltNameSet = 1; |
| cert->extSubjAltNameCrit = critical; |
| #endif |
| if (DecodeAltNames(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| |
| case AUTH_KEY_OID: |
| cert->extAuthKeyIdSet = 1; |
| #ifdef OPENSSL_EXTRA |
| cert->extAuthKeyIdCrit = critical; |
| #endif |
| if (DecodeAuthKeyId(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| |
| case SUBJ_KEY_OID: |
| cert->extSubjKeyIdSet = 1; |
| #ifdef OPENSSL_EXTRA |
| cert->extSubjKeyIdCrit = critical; |
| #endif |
| if (DecodeSubjKeyId(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| |
| case CERT_POLICY_OID: |
| WOLFSSL_MSG("Certificate Policy extension not supported yet."); |
| #ifdef WOLFSSL_SEP |
| #ifdef OPENSSL_EXTRA |
| cert->extCertPolicySet = 1; |
| cert->extCertPolicyCrit = critical; |
| #endif |
| if (DecodeCertPolicy(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| #endif |
| break; |
| |
| case KEY_USAGE_OID: |
| cert->extKeyUsageSet = 1; |
| #ifdef OPENSSL_EXTRA |
| cert->extKeyUsageCrit = critical; |
| #endif |
| if (DecodeKeyUsage(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| |
| case EXT_KEY_USAGE_OID: |
| cert->extExtKeyUsageSet = 1; |
| #ifdef OPENSSL_EXTRA |
| cert->extExtKeyUsageCrit = critical; |
| #endif |
| if (DecodeExtKeyUsage(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| case NAME_CONS_OID: |
| cert->extNameConstraintSet = 1; |
| #ifdef OPENSSL_EXTRA |
| cert->extNameConstraintCrit = critical; |
| #endif |
| if (DecodeNameConstraints(&input[idx], length, cert) < 0) |
| return ASN_PARSE_E; |
| break; |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| |
| case INHIBIT_ANY_OID: |
| WOLFSSL_MSG("Inhibit anyPolicy extension not supported yet."); |
| break; |
| |
| default: |
| /* While it is a failure to not support critical extensions, |
| * still parse the certificate ignoring the unsupported |
| * extention to allow caller to accept it with the verify |
| * callback. */ |
| if (critical) |
| criticalFail = 1; |
| break; |
| } |
| idx += length; |
| } |
| |
| return criticalFail ? ASN_CRIT_EXT_E : 0; |
| } |
| |
| |
| int ParseCert(DecodedCert* cert, int type, int verify, void* cm) |
| { |
| int ret; |
| char* ptr; |
| |
| ret = ParseCertRelative(cert, type, verify, cm); |
| if (ret < 0) |
| return ret; |
| |
| if (cert->subjectCNLen > 0) { |
| ptr = (char*) XMALLOC(cert->subjectCNLen + 1, cert->heap, |
| DYNAMIC_TYPE_SUBJECT_CN); |
| if (ptr == NULL) |
| return MEMORY_E; |
| XMEMCPY(ptr, cert->subjectCN, cert->subjectCNLen); |
| ptr[cert->subjectCNLen] = '\0'; |
| cert->subjectCN = ptr; |
| cert->subjectCNStored = 1; |
| } |
| |
| if (cert->keyOID == RSAk && |
| cert->publicKey != NULL && cert->pubKeySize > 0) { |
| ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap, |
| DYNAMIC_TYPE_PUBLIC_KEY); |
| if (ptr == NULL) |
| return MEMORY_E; |
| XMEMCPY(ptr, cert->publicKey, cert->pubKeySize); |
| cert->publicKey = (byte *)ptr; |
| cert->pubKeyStored = 1; |
| } |
| |
| return ret; |
| } |
| |
| |
| /* from SSL proper, for locking can't do find here anymore */ |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| WOLFSSL_LOCAL Signer* GetCA(void* signers, byte* hash); |
| #ifndef NO_SKID |
| WOLFSSL_LOCAL Signer* GetCAByName(void* signers, byte* hash); |
| #endif |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| |
| int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) |
| { |
| word32 confirmOID; |
| int ret; |
| int badDate = 0; |
| int criticalExt = 0; |
| |
| if ((ret = DecodeToKey(cert, verify)) < 0) { |
| if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) |
| badDate = ret; |
| else |
| return ret; |
| } |
| |
| WOLFSSL_MSG("Parsed Past Key"); |
| |
| if (cert->srcIdx < cert->sigIndex) { |
| #ifndef ALLOW_V1_EXTENSIONS |
| if (cert->version < 2) { |
| WOLFSSL_MSG(" v1 and v2 certs not allowed extensions"); |
| return ASN_VERSION_E; |
| } |
| #endif |
| /* save extensions */ |
| cert->extensions = &cert->source[cert->srcIdx]; |
| cert->extensionsSz = cert->sigIndex - cert->srcIdx; |
| cert->extensionsIdx = cert->srcIdx; /* for potential later use */ |
| |
| if ((ret = DecodeCertExtensions(cert)) < 0) { |
| if (ret == ASN_CRIT_EXT_E) |
| criticalExt = ret; |
| else |
| return ret; |
| } |
| |
| /* advance past extensions */ |
| cert->srcIdx = cert->sigIndex; |
| } |
| |
| if ((ret = GetAlgoId(cert->source, &cert->srcIdx, &confirmOID, |
| cert->maxIdx)) < 0) |
| return ret; |
| |
| if ((ret = GetSignature(cert)) < 0) |
| return ret; |
| |
| if (confirmOID != cert->signatureOID) |
| return ASN_SIG_OID_E; |
| |
| #ifndef NO_SKID |
| if (cert->extSubjKeyIdSet == 0 |
| && cert->publicKey != NULL && cert->pubKeySize > 0) { |
| #ifdef NO_SHA |
| ret = wc_Sha256Hash(cert->publicKey, cert->pubKeySize, |
| cert->extSubjKeyId); |
| #else |
| ret = wc_ShaHash(cert->publicKey, cert->pubKeySize, |
| cert->extSubjKeyId); |
| #endif |
| if (ret != 0) |
| return ret; |
| } |
| #endif |
| |
| if (verify && type != CA_TYPE) { |
| Signer* ca = NULL; |
| #ifndef NO_SKID |
| if (cert->extAuthKeyIdSet) |
| ca = GetCA(cm, cert->extAuthKeyId); |
| if (ca == NULL) |
| ca = GetCAByName(cm, cert->issuerHash); |
| #else /* NO_SKID */ |
| ca = GetCA(cm, cert->issuerHash); |
| #endif /* NO SKID */ |
| WOLFSSL_MSG("About to verify certificate signature"); |
| |
| if (ca) { |
| #ifdef HAVE_OCSP |
| /* Need the ca's public key hash for OCSP */ |
| #ifdef NO_SHA |
| ret = wc_Sha256Hash(ca->publicKey, ca->pubKeySize, |
| cert->issuerKeyHash); |
| #else /* NO_SHA */ |
| ret = wc_ShaHash(ca->publicKey, ca->pubKeySize, |
| cert->issuerKeyHash); |
| #endif /* NO_SHA */ |
| if (ret != 0) |
| return ret; |
| #endif /* HAVE_OCSP */ |
| /* try to confirm/verify signature */ |
| if (!ConfirmSignature(cert->source + cert->certBegin, |
| cert->sigIndex - cert->certBegin, |
| ca->publicKey, ca->pubKeySize, ca->keyOID, |
| cert->signature, cert->sigLength, cert->signatureOID, |
| cert->heap)) { |
| WOLFSSL_MSG("Confirm signature failed"); |
| return ASN_SIG_CONFIRM_E; |
| } |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| /* check that this cert's name is permitted by the signer's |
| * name constraints */ |
| if (!ConfirmNameConstraints(ca, cert)) { |
| WOLFSSL_MSG("Confirm name constraint failed"); |
| return ASN_NAME_INVALID_E; |
| } |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| } |
| else { |
| /* no signer */ |
| WOLFSSL_MSG("No CA signer to verify with"); |
| return ASN_NO_SIGNER_E; |
| } |
| } |
| |
| if (badDate != 0) |
| return badDate; |
| |
| if (criticalExt != 0) |
| return criticalExt; |
| |
| return 0; |
| } |
| |
| |
| /* Create and init an new signer */ |
| Signer* MakeSigner(void* heap) |
| { |
| Signer* signer = (Signer*) XMALLOC(sizeof(Signer), heap, |
| DYNAMIC_TYPE_SIGNER); |
| if (signer) { |
| signer->pubKeySize = 0; |
| signer->keyOID = 0; |
| signer->publicKey = NULL; |
| signer->nameLen = 0; |
| signer->name = NULL; |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| signer->permittedNames = NULL; |
| signer->excludedNames = NULL; |
| #endif /* IGNORE_NAME_CONSTRAINTS */ |
| signer->next = NULL; |
| } |
| (void)heap; |
| |
| return signer; |
| } |
| |
| |
| /* Free an individual signer */ |
| void FreeSigner(Signer* signer, void* heap) |
| { |
| XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN); |
| XFREE(signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); |
| #ifndef IGNORE_NAME_CONSTRAINTS |
| if (signer->permittedNames) |
| FreeNameSubtrees(signer->permittedNames, heap); |
| if (signer->excludedNames) |
| FreeNameSubtrees(signer->excludedNames, heap); |
| #endif |
| XFREE(signer, heap, DYNAMIC_TYPE_SIGNER); |
| |
| (void)heap; |
| } |
| |
| |
| /* Free the whole singer table with number of rows */ |
| void FreeSignerTable(Signer** table, int rows, void* heap) |
| { |
| int i; |
| |
| for (i = 0; i < rows; i++) { |
| Signer* signer = table[i]; |
| while (signer) { |
| Signer* next = signer->next; |
| FreeSigner(signer, heap); |
| signer = next; |
| } |
| table[i] = NULL; |
| } |
| } |
| |
| |
| WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header) |
| { |
| int i = 0; |
| |
| if (header) { |
| output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; |
| output[i++] = ASN_BIT_STRING; |
| } |
| output[i++] = ASN_INTEGER; |
| output[i++] = 0x01; |
| output[i++] = (byte)version; |
| |
| return i; |
| } |
| |
| |
| WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output) |
| { |
| int result = 0; |
| |
| WOLFSSL_ENTER("SetSerialNumber"); |
| |
| if (snSz <= EXTERNAL_SERIAL_SIZE) { |
| output[0] = ASN_INTEGER; |
| /* The serial number is always positive. When encoding the |
| * INTEGER, if the MSB is 1, add a padding zero to keep the |
| * number positive. */ |
| if (sn[0] & 0x80) { |
| output[1] = (byte)snSz + 1; |
| output[2] = 0; |
| XMEMCPY(&output[3], sn, snSz); |
| result = snSz + 3; |
| } |
| else { |
| output[1] = (byte)snSz; |
| XMEMCPY(&output[2], sn, snSz); |
| result = snSz + 2; |
| } |
| } |
| return result; |
| } |
| |
| |
| |
| |
| #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) |
| |
| /* convert der buffer to pem into output, can't do inplace, der and output |
| need to be different */ |
| int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, |
| int type) |
| { |
| #ifdef WOLFSSL_SMALL_STACK |
| char* header = NULL; |
| char* footer = NULL; |
| #else |
| char header[80]; |
| char footer[80]; |
| #endif |
| |
| int headerLen = 80; |
| int footerLen = 80; |
| int i; |
| int err; |
| int outLen; /* return length or error */ |
| |
| if (der == output) /* no in place conversion */ |
| return BAD_FUNC_ARG; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| header = (char*)XMALLOC(headerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (header == NULL) |
| return MEMORY_E; |
| |
| footer = (char*)XMALLOC(footerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (footer == NULL) { |
| XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| return MEMORY_E; |
| } |
| #endif |
| |
| if (type == CERT_TYPE) { |
| XSTRNCPY(header, "-----BEGIN CERTIFICATE-----\n", headerLen); |
| XSTRNCPY(footer, "-----END CERTIFICATE-----\n", footerLen); |
| } |
| else if (type == PRIVATEKEY_TYPE) { |
| XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----\n", headerLen); |
| XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----\n", footerLen); |
| } |
| #ifdef HAVE_ECC |
| else if (type == ECC_PRIVATEKEY_TYPE) { |
| XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----\n", headerLen); |
| XSTRNCPY(footer, "-----END EC PRIVATE KEY-----\n", footerLen); |
| } |
| #endif |
| #ifdef WOLFSSL_CERT_REQ |
| else if (type == CERTREQ_TYPE) |
| { |
| XSTRNCPY(header, |
| "-----BEGIN CERTIFICATE REQUEST-----\n", headerLen); |
| XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----\n", footerLen); |
| } |
| #endif |
| else { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return BAD_FUNC_ARG; |
| } |
| |
| headerLen = (int)XSTRLEN(header); |
| footerLen = (int)XSTRLEN(footer); |
| |
| if (!der || !output) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return BAD_FUNC_ARG; |
| } |
| |
| /* don't even try if outSz too short */ |
| if (outSz < headerLen + footerLen + derSz) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return BAD_FUNC_ARG; |
| } |
| |
| /* header */ |
| XMEMCPY(output, header, headerLen); |
| i = headerLen; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| /* body */ |
| outLen = outSz - (headerLen + footerLen); /* input to Base64_Encode */ |
| if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return err; |
| } |
| i += outLen; |
| |
| /* footer */ |
| if ( (i + footerLen) > (int)outSz) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return BAD_FUNC_ARG; |
| } |
| XMEMCPY(output + i, footer, footerLen); |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return outLen + headerLen + footerLen; |
| } |
| |
| |
| #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ |
| |
| |
| #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) |
| |
| |
| static mp_int* GetRsaInt(RsaKey* key, int idx) |
| { |
| if (idx == 0) |
| return &key->n; |
| if (idx == 1) |
| return &key->e; |
| if (idx == 2) |
| return &key->d; |
| if (idx == 3) |
| return &key->p; |
| if (idx == 4) |
| return &key->q; |
| if (idx == 5) |
| return &key->dP; |
| if (idx == 6) |
| return &key->dQ; |
| if (idx == 7) |
| return &key->u; |
| |
| return NULL; |
| } |
| |
| |
| /* Release Tmp RSA resources */ |
| static INLINE void FreeTmpRsas(byte** tmps, void* heap) |
| { |
| int i; |
| |
| (void)heap; |
| |
| for (i = 0; i < RSA_INTS; i++) |
| XFREE(tmps[i], heap, DYNAMIC_TYPE_RSA); |
| } |
| |
| |
| /* Convert RsaKey key to DER format, write to output (inLen), return bytes |
| written */ |
| int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) |
| { |
| word32 seqSz, verSz, rawLen, intTotalLen = 0; |
| word32 sizes[RSA_INTS]; |
| int i, j, outLen, ret = 0; |
| |
| byte seq[MAX_SEQ_SZ]; |
| byte ver[MAX_VERSION_SZ]; |
| byte* tmps[RSA_INTS]; |
| |
| if (!key || !output) |
| return BAD_FUNC_ARG; |
| |
| if (key->type != RSA_PRIVATE) |
| return BAD_FUNC_ARG; |
| |
| for (i = 0; i < RSA_INTS; i++) |
| tmps[i] = NULL; |
| |
| /* write all big ints from key to DER tmps */ |
| for (i = 0; i < RSA_INTS; i++) { |
| mp_int* keyInt = GetRsaInt(key, i); |
| rawLen = mp_unsigned_bin_size(keyInt); |
| tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, |
| DYNAMIC_TYPE_RSA); |
| if (tmps[i] == NULL) { |
| ret = MEMORY_E; |
| break; |
| } |
| |
| tmps[i][0] = ASN_INTEGER; |
| sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1; /* int tag */ |
| |
| if (sizes[i] <= MAX_SEQ_SZ) { |
| int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); |
| if (err == MP_OKAY) { |
| sizes[i] += rawLen; |
| intTotalLen += sizes[i]; |
| } |
| else { |
| ret = err; |
| break; |
| } |
| } |
| else { |
| ret = ASN_INPUT_E; |
| break; |
| } |
| } |
| |
| if (ret != 0) { |
| FreeTmpRsas(tmps, key->heap); |
| return ret; |
| } |
| |
| /* make headers */ |
| verSz = SetMyVersion(0, ver, FALSE); |
| seqSz = SetSequence(verSz + intTotalLen, seq); |
| |
| outLen = seqSz + verSz + intTotalLen; |
| if (outLen > (int)inLen) |
| return BAD_FUNC_ARG; |
| |
| /* write to output */ |
| XMEMCPY(output, seq, seqSz); |
| j = seqSz; |
| XMEMCPY(output + j, ver, verSz); |
| j += verSz; |
| |
| for (i = 0; i < RSA_INTS; i++) { |
| XMEMCPY(output + j, tmps[i], sizes[i]); |
| j += sizes[i]; |
| } |
| FreeTmpRsas(tmps, key->heap); |
| |
| return outLen; |
| } |
| |
| #endif /* WOLFSSL_KEY_GEN && !NO_RSA */ |
| |
| |
| #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) |
| |
| |
| #ifndef WOLFSSL_HAVE_MIN |
| #define WOLFSSL_HAVE_MIN |
| |
| static INLINE word32 min(word32 a, word32 b) |
| { |
| return a > b ? b : a; |
| } |
| |
| #endif /* WOLFSSL_HAVE_MIN */ |
| |
| |
| /* Initialize and Set Certficate defaults: |
| version = 3 (0x2) |
| serial = 0 |
| sigType = SHA_WITH_RSA |
| issuer = blank |
| daysValid = 500 |
| selfSigned = 1 (true) use subject as issuer |
| subject = blank |
| */ |
| void wc_InitCert(Cert* cert) |
| { |
| cert->version = 2; /* version 3 is hex 2 */ |
| cert->sigType = CTC_SHAwRSA; |
| cert->daysValid = 500; |
| cert->selfSigned = 1; |
| cert->isCA = 0; |
| cert->bodySz = 0; |
| #ifdef WOLFSSL_ALT_NAMES |
| cert->altNamesSz = 0; |
| cert->beforeDateSz = 0; |
| cert->afterDateSz = 0; |
| #endif |
| cert->keyType = RSA_KEY; |
| XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); |
| |
| cert->issuer.country[0] = '\0'; |
| cert->issuer.countryEnc = CTC_PRINTABLE; |
| cert->issuer.state[0] = '\0'; |
| cert->issuer.stateEnc = CTC_UTF8; |
| cert->issuer.locality[0] = '\0'; |
| cert->issuer.localityEnc = CTC_UTF8; |
| cert->issuer.sur[0] = '\0'; |
| cert->issuer.surEnc = CTC_UTF8; |
| cert->issuer.org[0] = '\0'; |
| cert->issuer.orgEnc = CTC_UTF8; |
| cert->issuer.unit[0] = '\0'; |
| cert->issuer.unitEnc = CTC_UTF8; |
| cert->issuer.commonName[0] = '\0'; |
| cert->issuer.commonNameEnc = CTC_UTF8; |
| cert->issuer.email[0] = '\0'; |
| |
| cert->subject.country[0] = '\0'; |
| cert->subject.countryEnc = CTC_PRINTABLE; |
| cert->subject.state[0] = '\0'; |
| cert->subject.stateEnc = CTC_UTF8; |
| cert->subject.locality[0] = '\0'; |
| cert->subject.localityEnc = CTC_UTF8; |
| cert->subject.sur[0] = '\0'; |
| cert->subject.surEnc = CTC_UTF8; |
| cert->subject.org[0] = '\0'; |
| cert->subject.orgEnc = CTC_UTF8; |
| cert->subject.unit[0] = '\0'; |
| cert->subject.unitEnc = CTC_UTF8; |
| cert->subject.commonName[0] = '\0'; |
| cert->subject.commonNameEnc = CTC_UTF8; |
| cert->subject.email[0] = '\0'; |
| |
| #ifdef WOLFSSL_CERT_REQ |
| cert->challengePw[0] ='\0'; |
| #endif |
| } |
| |
| |
| /* DER encoded x509 Certificate */ |
| typedef struct DerCert { |
| byte size[MAX_LENGTH_SZ]; /* length encoded */ |
| byte version[MAX_VERSION_SZ]; /* version encoded */ |
| byte serial[CTC_SERIAL_SIZE + MAX_LENGTH_SZ]; /* serial number encoded */ |
| byte sigAlgo[MAX_ALGO_SZ]; /* signature algo encoded */ |
| byte issuer[ASN_NAME_MAX]; /* issuer encoded */ |
| byte subject[ASN_NAME_MAX]; /* subject encoded */ |
| byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */ |
| byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa / ntru public key encoded */ |
| byte ca[MAX_CA_SZ]; /* basic constraint CA true size */ |
| byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */ |
| #ifdef WOLFSSL_CERT_REQ |
| byte attrib[MAX_ATTRIB_SZ]; /* Cert req attributes encoded */ |
| #endif |
| int sizeSz; /* encoded size length */ |
| int versionSz; /* encoded version length */ |
| int serialSz; /* encoded serial length */ |
| int sigAlgoSz; /* enocded sig alog length */ |
| int issuerSz; /* encoded issuer length */ |
| int subjectSz; /* encoded subject length */ |
| int validitySz; /* encoded validity length */ |
| int publicKeySz; /* encoded public key length */ |
| int caSz; /* encoded CA extension length */ |
| int extensionsSz; /* encoded extensions total length */ |
| int total; /* total encoded lengths */ |
| #ifdef WOLFSSL_CERT_REQ |
| int attribSz; |
| #endif |
| } DerCert; |
| |
| |
| #ifdef WOLFSSL_CERT_REQ |
| |
| /* Write a set header to output */ |
| static word32 SetUTF8String(word32 len, byte* output) |
| { |
| output[0] = ASN_UTF8STRING; |
| return SetLength(len, output + 1) + 1; |
| } |
| |
| #endif /* WOLFSSL_CERT_REQ */ |
| |
| |
| /* Write a serial number to output */ |
| static int SetSerial(const byte* serial, byte* output) |
| { |
| int length = 0; |
| |
| output[length++] = ASN_INTEGER; |
| length += SetLength(CTC_SERIAL_SIZE, &output[length]); |
| XMEMCPY(&output[length], serial, CTC_SERIAL_SIZE); |
| |
| return length + CTC_SERIAL_SIZE; |
| } |
| |
| |
| #ifdef HAVE_ECC |
| |
| |
| /* Write a public ECC key to output */ |
| static int SetEccPublicKey(byte* output, ecc_key* key) |
| { |
| byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */ |
| int algoSz; |
| int curveSz; |
| int lenSz; |
| int idx; |
| word32 pubSz = ECC_BUFSIZE; |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* algo = NULL; |
| byte* curve = NULL; |
| byte* pub = NULL; |
| #else |
| byte algo[MAX_ALGO_SZ]; |
| byte curve[MAX_ALGO_SZ]; |
| byte pub[ECC_BUFSIZE]; |
| #endif |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| pub = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (pub == NULL) |
| return MEMORY_E; |
| #endif |
| |
| int ret = wc_ecc_export_x963(key, pub, &pubSz); |
| if (ret != 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return ret; |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| curve = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (curve == NULL) { |
| XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| return MEMORY_E; |
| } |
| #endif |
| |
| /* headers */ |
| curveSz = SetCurve(key, curve); |
| if (curveSz <= 0) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return curveSz; |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (algo == NULL) { |
| XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| return MEMORY_E; |
| } |
| #endif |
| |
| algoSz = SetAlgoID(ECDSAk, algo, keyType, curveSz); |
| lenSz = SetLength(pubSz + 1, len); |
| len[lenSz++] = 0; /* trailing 0 */ |
| |
| /* write */ |
| idx = SetSequence(pubSz + curveSz + lenSz + 1 + algoSz, output); |
| /* 1 is for ASN_BIT_STRING */ |
| /* algo */ |
| XMEMCPY(output + idx, algo, algoSz); |
| idx += algoSz; |
| /* curve */ |
| XMEMCPY(output + idx, curve, curveSz); |
| idx += curveSz; |
| /* bit string */ |
| output[idx++] = ASN_BIT_STRING; |
| /* length */ |
| XMEMCPY(output + idx, len, lenSz); |
| idx += lenSz; |
| /* pub */ |
| XMEMCPY(output + idx, pub, pubSz); |
| idx += pubSz; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return idx; |
| } |
| |
| |
| #endif /* HAVE_ECC */ |
| |
| |
| /* Write a public RSA key to output */ |
| static int SetRsaPublicKey(byte* output, RsaKey* key) |
| { |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* n = NULL; |
| byte* e = NULL; |
| byte* algo = NULL; |
| #else |
| byte n[MAX_RSA_INT_SZ]; |
| byte e[MAX_RSA_E_SZ]; |
| byte algo[MAX_ALGO_SZ]; |
| #endif |
| byte seq[MAX_SEQ_SZ]; |
| byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */ |
| int nSz; |
| int eSz; |
| int algoSz; |
| int seqSz; |
| int lenSz; |
| int idx; |
| int rawLen; |
| int leadingBit; |
| int err; |
| |
| /* n */ |
| #ifdef WOLFSSL_SMALL_STACK |
| n = (byte*)XMALLOC(MAX_RSA_INT_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (n == NULL) |
| return MEMORY_E; |
| #endif |
| |
| leadingBit = mp_leading_bit(&key->n); |
| rawLen = mp_unsigned_bin_size(&key->n) + leadingBit; |
| n[0] = ASN_INTEGER; |
| nSz = SetLength(rawLen, n + 1) + 1; /* int tag */ |
| |
| if ( (nSz + rawLen) < MAX_RSA_INT_SZ) { |
| if (leadingBit) |
| n[nSz] = 0; |
| err = mp_to_unsigned_bin(&key->n, n + nSz + leadingBit); |
| if (err == MP_OKAY) |
| nSz += rawLen; |
| else { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return MP_TO_E; |
| } |
| } |
| else { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return BUFFER_E; |
| } |
| |
| /* e */ |
| #ifdef WOLFSSL_SMALL_STACK |
| e = (byte*)XMALLOC(MAX_RSA_E_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (e == NULL) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return MEMORY_E; |
| } |
| #endif |
| |
| leadingBit = mp_leading_bit(&key->e); |
| rawLen = mp_unsigned_bin_size(&key->e) + leadingBit; |
| e[0] = ASN_INTEGER; |
| eSz = SetLength(rawLen, e + 1) + 1; /* int tag */ |
| |
| if ( (eSz + rawLen) < MAX_RSA_E_SZ) { |
| if (leadingBit) |
| e[eSz] = 0; |
| err = mp_to_unsigned_bin(&key->e, e + eSz + leadingBit); |
| if (err == MP_OKAY) |
| eSz += rawLen; |
| else { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return MP_TO_E; |
| } |
| } |
| else { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return BUFFER_E; |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (algo == NULL) { |
| XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| return MEMORY_E; |
| } |
| #endif |
| |
| /* headers */ |
| algoSz = SetAlgoID(RSAk, algo, keyType, 0); |
| seqSz = SetSequence(nSz + eSz, seq); |
| lenSz = SetLength(seqSz + nSz + eSz + 1, len); |
| len[lenSz++] = 0; /* trailing 0 */ |
| |
| /* write */ |
| idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output); |
| /* 1 is for ASN_BIT_STRING */ |
| /* algo */ |
| XMEMCPY(output + idx, algo, algoSz); |
| idx += algoSz; |
| /* bit string */ |
| output[idx++] = ASN_BIT_STRING; |
| /* length */ |
| XMEMCPY(output + idx, len, lenSz); |
| idx += lenSz; |
| /* seq */ |
| XMEMCPY(output + idx, seq, seqSz); |
| idx += seqSz; |
| /* n */ |
| XMEMCPY(output + idx, n, nSz); |
| idx += nSz; |
| /* e */ |
| XMEMCPY(output + idx, e, eSz); |
| idx += eSz; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return idx; |
| } |
| |
| |
| static INLINE byte itob(int number) |
| { |
| return (byte)number + 0x30; |
| } |
| |
| |
| /* write time to output, format */ |
| static void SetTime(struct tm* date, byte* output) |
| { |
| int i = 0; |
| |
| output[i++] = itob((date->tm_year % 10000) / 1000); |
| output[i++] = itob((date->tm_year % 1000) / 100); |
| output[i++] = itob((date->tm_year % 100) / 10); |
| output[i++] = itob( date->tm_year % 10); |
| |
| output[i++] = itob(date->tm_mon / 10); |
| output[i++] = itob(date->tm_mon % 10); |
| |
| output[i++] = itob(date->tm_mday / 10); |
| output[i++] = itob(date->tm_mday % 10); |
| |
| output[i++] = itob(date->tm_hour / 10); |
| output[i++] = itob(date->tm_hour % 10); |
| |
| output[i++] = itob(date->tm_min / 10); |
| output[i++] = itob(date->tm_min % 10); |
| |
| output[i++] = itob(date->tm_sec / 10); |
| output[i++] = itob(date->tm_sec % 10); |
| |
| output[i] = 'Z'; /* Zulu profile */ |
| } |
| |
| |
| #ifdef WOLFSSL_ALT_NAMES |
| |
| /* Copy Dates from cert, return bytes written */ |
| static int CopyValidity(byte* output, Cert* cert) |
| { |
| int seqSz; |
| |
| WOLFSSL_ENTER("CopyValidity"); |
| |
| /* headers and output */ |
| seqSz = SetSequence(cert->beforeDateSz + cert->afterDateSz, output); |
| XMEMCPY(output + seqSz, cert->beforeDate, cert->beforeDateSz); |
| XMEMCPY(output + seqSz + cert->beforeDateSz, cert->afterDate, |
| cert->afterDateSz); |
| return seqSz + cert->beforeDateSz + cert->afterDateSz; |
| } |
| |
| #endif |
| |
| |
| /* for systems where mktime() doesn't normalize fully */ |
| static void RebuildTime(time_t* in, struct tm* out) |
| { |
| #ifdef FREESCALE_MQX |
| out = localtime_r(in, out); |
| #else |
| (void)in; |
| (void)out; |
| #endif |
| } |
| |
| |
| /* Set Date validity from now until now + daysValid */ |
| static int SetValidity(byte* output, int daysValid) |
| { |
| byte before[MAX_DATE_SIZE]; |
| byte after[MAX_DATE_SIZE]; |
| |
| int beforeSz; |
| int afterSz; |
| int seqSz; |
| |
| time_t ticks; |
| time_t normalTime; |
| struct tm* now; |
| struct tm* tmpTime = NULL; |
| struct tm local; |
| |
| #if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES) |
| /* for use with gmtime_r */ |
| struct tm tmpTimeStorage; |
| tmpTime = &tmpTimeStorage; |
| #else |
| (void)tmpTime; |
| #endif |
| |
| ticks = XTIME(0); |
| now = XGMTIME(&ticks, tmpTime); |
| |
| /* before now */ |
| local = *now; |
| before[0] = ASN_GENERALIZED_TIME; |
| beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */ |
| |
| /* subtract 1 day for more compliance */ |
| local.tm_mday -= 1; |
| normalTime = mktime(&local); |
| RebuildTime(&normalTime, &local); |
| |
| /* adjust */ |
| local.tm_year += 1900; |
| local.tm_mon += 1; |
| |
| SetTime(&local, before + beforeSz); |
| beforeSz += ASN_GEN_TIME_SZ; |
| |
| /* after now + daysValid */ |
| local = *now; |
| after[0] = ASN_GENERALIZED_TIME; |
| afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */ |
| |
| /* add daysValid */ |
| local.tm_mday += daysValid; |
| normalTime = mktime(&local); |
| RebuildTime(&normalTime, &local); |
| |
| /* adjust */ |
| local.tm_year += 1900; |
| local.tm_mon += 1; |
| |
| SetTime(&local, after + afterSz); |
| afterSz += ASN_GEN_TIME_SZ; |
| |
| /* headers and output */ |
| seqSz = SetSequence(beforeSz + afterSz, output); |
| XMEMCPY(output + seqSz, before, beforeSz); |
| XMEMCPY(output + seqSz + beforeSz, after, afterSz); |
| |
| return seqSz + beforeSz + afterSz; |
| } |
| |
| |
| /* ASN Encoded Name field */ |
| typedef struct EncodedName { |
| int nameLen; /* actual string value length */ |
| int totalLen; /* total encoded length */ |
| int type; /* type of name */ |
| int used; /* are we actually using this one */ |
| byte encoded[CTC_NAME_SIZE * 2]; /* encoding */ |
| } EncodedName; |
| |
| |
| /* Get Which Name from index */ |
| static const char* GetOneName(CertName* name, int idx) |
| { |
| switch (idx) { |
| case 0: |
| return name->country; |
| |
| case 1: |
| return name->state; |
| |
| case 2: |
| return name->locality; |
| |
| case 3: |
| return name->sur; |
| |
| case 4: |
| return name->org; |
| |
| case 5: |
| return name->unit; |
| |
| case 6: |
| return name->commonName; |
| |
| case 7: |
| return name->email; |
| |
| default: |
| return 0; |
| } |
| } |
| |
| |
| /* Get Which Name Encoding from index */ |
| static char GetNameType(CertName* name, int idx) |
| { |
| switch (idx) { |
| case 0: |
| return name->countryEnc; |
| |
| case 1: |
| return name->stateEnc; |
| |
| case 2: |
| return name->localityEnc; |
| |
| case 3: |
| return name->surEnc; |
| |
| case 4: |
| return name->orgEnc; |
| |
| case 5: |
| return name->unitEnc; |
| |
| case 6: |
| return name->commonNameEnc; |
| |
| default: |
| return 0; |
| } |
| } |
| |
| |
| /* Get ASN Name from index */ |
| static byte GetNameId(int idx) |
| { |
| switch (idx) { |
| case 0: |
| return ASN_COUNTRY_NAME; |
| |
| case 1: |
| return ASN_STATE_NAME; |
| |
| case 2: |
| return ASN_LOCALITY_NAME; |
| |
| case 3: |
| return ASN_SUR_NAME; |
| |
| case 4: |
| return ASN_ORG_NAME; |
| |
| case 5: |
| return ASN_ORGUNIT_NAME; |
| |
| case 6: |
| return ASN_COMMON_NAME; |
| |
| case 7: |
| /* email uses different id type */ |
| return 0; |
| |
| default: |
| return 0; |
| } |
| } |
| |
| |
| /* encode all extensions, return total bytes written */ |
| static int SetExtensions(byte* output, const byte* ext, int extSz, int header) |
| { |
| byte sequence[MAX_SEQ_SZ]; |
| byte len[MAX_LENGTH_SZ]; |
| |
| int sz = 0; |
| int seqSz = SetSequence(extSz, sequence); |
| |
| if (header) { |
| int lenSz = SetLength(seqSz + extSz, len); |
| output[0] = ASN_EXTENSIONS; /* extensions id */ |
| sz++; |
| XMEMCPY(&output[sz], len, lenSz); /* length */ |
| sz += lenSz; |
| } |
| XMEMCPY(&output[sz], sequence, seqSz); /* sequence */ |
| sz += seqSz; |
| XMEMCPY(&output[sz], ext, extSz); /* extensions */ |
| sz += extSz; |
| |
| return sz; |
| } |
| |
| |
| /* encode CA basic constraint true, return total bytes written */ |
| static int SetCa(byte* output) |
| { |
| static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, |
| 0x05, 0x30, 0x03, 0x01, 0x01, 0xff }; |
| |
| XMEMCPY(output, ca, sizeof(ca)); |
| |
| return (int)sizeof(ca); |
| } |
| |
| |
| /* encode CertName into output, return total bytes written */ |
| static int SetName(byte* output, CertName* name) |
| { |
| int totalBytes = 0, i, idx; |
| #ifdef WOLFSSL_SMALL_STACK |
| EncodedName* names = NULL; |
| #else |
| EncodedName names[NAME_ENTRIES]; |
| #endif |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| names = (EncodedName*)XMALLOC(sizeof(EncodedName) * NAME_ENTRIES, NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| if (names == NULL) |
| return MEMORY_E; |
| #endif |
| |
| for (i = 0; i < NAME_ENTRIES; i++) { |
| const char* nameStr = GetOneName(name, i); |
| if (nameStr) { |
| /* bottom up */ |
| byte firstLen[MAX_LENGTH_SZ]; |
| byte secondLen[MAX_LENGTH_SZ]; |
| byte sequence[MAX_SEQ_SZ]; |
| byte set[MAX_SET_SZ]; |
| |
| int email = i == (NAME_ENTRIES - 1) ? 1 : 0; |
| int strLen = (int)XSTRLEN(nameStr); |
| int thisLen = strLen; |
| int firstSz, secondSz, seqSz, setSz; |
| |
| if (strLen == 0) { /* no user data for this item */ |
| names[i].used = 0; |
| continue; |
| } |
| |
| secondSz = SetLength(strLen, secondLen); |
| thisLen += secondSz; |
| if (email) { |
| thisLen += EMAIL_JOINT_LEN; |
| thisLen ++; /* id type */ |
| firstSz = SetLength(EMAIL_JOINT_LEN, firstLen); |
| } |
| else { |
| thisLen++; /* str type */ |
| thisLen++; /* id type */ |
| thisLen += JOINT_LEN; |
| firstSz = SetLength(JOINT_LEN + 1, firstLen); |
| } |
| thisLen += firstSz; |
| thisLen++; /* object id */ |
| |
| seqSz = SetSequence(thisLen, sequence); |
| thisLen += seqSz; |
| setSz = SetSet(thisLen, set); |
| thisLen += setSz; |
| |
| if (thisLen > (int)sizeof(names[i].encoded)) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return BUFFER_E; |
| } |
| |
| /* store it */ |
| idx = 0; |
| /* set */ |
| XMEMCPY(names[i].encoded, set, setSz); |
| idx += setSz; |
| /* seq */ |
| XMEMCPY(names[i].encoded + idx, sequence, seqSz); |
| idx += seqSz; |
| /* asn object id */ |
| names[i].encoded[idx++] = ASN_OBJECT_ID; |
| /* first length */ |
| XMEMCPY(names[i].encoded + idx, firstLen, firstSz); |
| idx += firstSz; |
| if (email) { |
| const byte EMAIL_OID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, |
| 0x01, 0x09, 0x01, 0x16 }; |
| /* email joint id */ |
| XMEMCPY(names[i].encoded + idx, EMAIL_OID, sizeof(EMAIL_OID)); |
| idx += (int)sizeof(EMAIL_OID); |
| } |
| else { |
| /* joint id */ |
| byte bType = GetNameId(i); |
| names[i].encoded[idx++] = 0x55; |
| names[i].encoded[idx++] = 0x04; |
| /* id type */ |
| names[i].encoded[idx++] = bType; |
| /* str type */ |
| names[i].encoded[idx++] = GetNameType(name, i); |
| } |
| /* second length */ |
| XMEMCPY(names[i].encoded + idx, secondLen, secondSz); |
| idx += secondSz; |
| /* str value */ |
| XMEMCPY(names[i].encoded + idx, nameStr, strLen); |
| idx += strLen; |
| |
| totalBytes += idx; |
| names[i].totalLen = idx; |
| names[i].used = 1; |
| } |
| else |
| names[i].used = 0; |
| } |
| |
| /* header */ |
| idx = SetSequence(totalBytes, output); |
| totalBytes += idx; |
| if (totalBytes > ASN_NAME_MAX) { |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| return BUFFER_E; |
| } |
| |
| for (i = 0; i < NAME_ENTRIES; i++) { |
| if (names[i].used) { |
| XMEMCPY(output + idx, names[i].encoded, names[i].totalLen); |
| idx += names[i].totalLen; |
| } |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return totalBytes; |
| } |
| |
| /* encode info from cert into DER encoded format */ |
| static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, |
| RNG* rng, const byte* ntruKey, word16 ntruSz) |
| { |
| int ret; |
| |
| (void)eccKey; |
| (void)ntruKey; |
| (void)ntruSz; |
| |
| /* init */ |
| XMEMSET(der, 0, sizeof(DerCert)); |
| |
| /* version */ |
| der->versionSz = SetMyVersion(cert->version, der->version, TRUE); |
| |
| /* serial number */ |
| ret = wc_RNG_GenerateBlock(rng, cert->serial, CTC_SERIAL_SIZE); |
| if (ret != 0) |
| return ret; |
| |
| cert->serial[0] = 0x01; /* ensure positive */ |
| der->serialSz = SetSerial(cert->serial, der->serial); |
| |
| /* signature algo */ |
| der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, sigType, 0); |
| if (der->sigAlgoSz == 0) |
| return ALGO_ID_E; |
| |
| /* public key */ |
| if (cert->keyType == RSA_KEY) { |
| if (rsaKey == NULL) |
| return PUBLIC_KEY_E; |
| der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey); |
| if (der->publicKeySz <= 0) |
| return PUBLIC_KEY_E; |
| } |
| |
| #ifdef HAVE_ECC |
| if (cert->keyType == ECC_KEY) { |
| if (eccKey == NULL) |
| return PUBLIC_KEY_E; |
| der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey); |
| if (der->publicKeySz <= 0) |
| return PUBLIC_KEY_E; |
| } |
| #endif /* HAVE_ECC */ |
| |
| #ifdef HAVE_NTRU |
| if (cert->keyType == NTRU_KEY) { |
| word32 rc; |
| word16 encodedSz; |
| |
| rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, |
| ntruKey, &encodedSz, NULL); |
| if (rc != NTRU_OK) |
| return PUBLIC_KEY_E; |
| if (encodedSz > MAX_PUBLIC_KEY_SZ) |
| return PUBLIC_KEY_E; |
| |
| rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, |
| ntruKey, &encodedSz, der->publicKey); |
| if (rc != NTRU_OK) |
| return PUBLIC_KEY_E; |
| |
| der->publicKeySz = encodedSz; |
| } |
| #endif /* HAVE_NTRU */ |
| |
| der->validitySz = 0; |
| #ifdef WOLFSSL_ALT_NAMES |
| /* date validity copy ? */ |
| if (cert->beforeDateSz && cert->afterDateSz) { |
| der->validitySz = CopyValidity(der->validity, cert); |
| if (der->validitySz == 0) |
| return DATE_E; |
| } |
| #endif |
| |
| /* date validity */ |
| if (der->validitySz == 0) { |
| der->validitySz = SetValidity(der->validity, cert->daysValid); |
| if (der->validitySz == 0) |
| return DATE_E; |
| } |
| |
| /* subject name */ |
| der->subjectSz = SetName(der->subject, &cert->subject); |
| if (der->subjectSz == 0) |
| return SUBJECT_E; |
| |
| /* issuer name */ |
| der->issuerSz = SetName(der->issuer, cert->selfSigned ? |
| &cert->subject : &cert->issuer); |
| if (der->issuerSz == 0) |
| return ISSUER_E; |
| |
| /* CA */ |
| if (cert->isCA) { |
| der->caSz = SetCa(der->ca); |
| if (der->caSz == 0) |
| return CA_TRUE_E; |
| } |
| else |
| der->caSz = 0; |
| |
| /* extensions, just CA now */ |
| if (cert->isCA) { |
| der->extensionsSz = SetExtensions(der->extensions, |
| der->ca, der->caSz, TRUE); |
| if (der->extensionsSz == 0) |
| return EXTENSIONS_E; |
| } |
| else |
| der->extensionsSz = 0; |
| |
| #ifdef WOLFSSL_ALT_NAMES |
| if (der->extensionsSz == 0 && cert->altNamesSz) { |
| der->extensionsSz = SetExtensions(der->extensions, cert->altNames, |
| cert->altNamesSz, TRUE); |
| if (der->extensionsSz == 0) |
| return EXTENSIONS_E; |
| } |
| #endif |
| |
| der->total = der->versionSz + der->serialSz + der->sigAlgoSz + |
| der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz + |
| der->extensionsSz; |
| |
| return 0; |
| } |
| |
| |
| /* write DER encoded cert to buffer, size already checked */ |
| static int WriteCertBody(DerCert* der, byte* buffer) |
| { |
| int idx; |
| |
| /* signed part header */ |
| idx = SetSequence(der->total, buffer); |
| /* version */ |
| XMEMCPY(buffer + idx, der->version, der->versionSz); |
| idx += der->versionSz; |
| /* serial */ |
| XMEMCPY(buffer + idx, der->serial, der->serialSz); |
| idx += der->serialSz; |
| /* sig algo */ |
| XMEMCPY(buffer + idx, der->sigAlgo, der->sigAlgoSz); |
| idx += der->sigAlgoSz; |
| /* issuer */ |
| XMEMCPY(buffer + idx, der->issuer, der->issuerSz); |
| idx += der->issuerSz; |
| /* validity */ |
| XMEMCPY(buffer + idx, der->validity, der->validitySz); |
| idx += der->validitySz; |
| /* subject */ |
| XMEMCPY(buffer + idx, der->subject, der->subjectSz); |
| idx += der->subjectSz; |
| /* public key */ |
| XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz); |
| idx += der->publicKeySz; |
| if (der->extensionsSz) { |
| /* extensions */ |
| XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz, |
| sizeof(der->extensions))); |
| idx += der->extensionsSz; |
| } |
| |
| return idx; |
| } |
| |
| |
| /* Make RSA signature from buffer (sz), write to sig (sigSz) */ |
| static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, |
| RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, |
| int sigAlgoType) |
| { |
| int encSigSz, digestSz, typeH = 0, ret = 0; |
| byte digest[SHA256_DIGEST_SIZE]; /* max size */ |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* encSig; |
| #else |
| byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ]; |
| #endif |
| |
| (void)digest; |
| (void)digestSz; |
| (void)encSig; |
| (void)encSigSz; |
| (void)typeH; |
| |
| (void)buffer; |
| (void)sz; |
| (void)sig; |
| (void)sigSz; |
| (void)rsaKey; |
| (void)eccKey; |
| (void)rng; |
| |
| switch (sigAlgoType) { |
| #ifndef NO_MD5 |
| case CTC_MD5wRSA: |
| if ((ret = wc_Md5Hash(buffer, sz, digest)) == 0) { |
| typeH = MD5h; |
| digestSz = MD5_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| #ifndef NO_SHA |
| case CTC_SHAwRSA: |
| case CTC_SHAwECDSA: |
| if ((ret = wc_ShaHash(buffer, sz, digest)) == 0) { |
| typeH = SHAh; |
| digestSz = SHA_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| #ifndef NO_SHA256 |
| case CTC_SHA256wRSA: |
| case CTC_SHA256wECDSA: |
| if ((ret = wc_Sha256Hash(buffer, sz, digest)) == 0) { |
| typeH = SHA256h; |
| digestSz = SHA256_DIGEST_SIZE; |
| } |
| break; |
| #endif |
| default: |
| WOLFSSL_MSG("MakeSignautre called with unsupported type"); |
| ret = ALGO_ID_E; |
| } |
| |
| if (ret != 0) |
| return ret; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| encSig = (byte*)XMALLOC(MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, |
| NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (encSig == NULL) |
| return MEMORY_E; |
| #endif |
| |
| ret = ALGO_ID_E; |
| |
| #ifndef NO_RSA |
| if (rsaKey) { |
| /* signature */ |
| encSigSz = wc_EncodeSignature(encSig, digest, digestSz, typeH); |
| ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng); |
| } |
| #endif |
| |
| #ifdef HAVE_ECC |
| if (!rsaKey && eccKey) { |
| word32 outSz = sigSz; |
| ret = wc_ecc_sign_hash(digest, digestSz, sig, &outSz, rng, eccKey); |
| |
| if (ret == 0) |
| ret = outSz; |
| } |
| #endif |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(encSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret; |
| } |
| |
| |
| /* add signature to end of buffer, size of buffer assumed checked, return |
| new length */ |
| static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz, |
| int sigAlgoType) |
| { |
| byte seq[MAX_SEQ_SZ]; |
| int idx = bodySz, seqSz; |
| |
| /* algo */ |
| idx += SetAlgoID(sigAlgoType, buffer + idx, sigType, 0); |
| /* bit string */ |
| buffer[idx++] = ASN_BIT_STRING; |
| /* length */ |
| idx += SetLength(sigSz + 1, buffer + idx); |
| buffer[idx++] = 0; /* trailing 0 */ |
| /* signature */ |
| XMEMCPY(buffer + idx, sig, sigSz); |
| idx += sigSz; |
| |
| /* make room for overall header */ |
| seqSz = SetSequence(idx, seq); |
| XMEMMOVE(buffer + seqSz, buffer, idx); |
| XMEMCPY(buffer, seq, seqSz); |
| |
| return idx + seqSz; |
| } |
| |
| |
| /* Make an x509 Certificate v3 any key type from cert input, write to buffer */ |
| static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, |
| RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, |
| const byte* ntruKey, word16 ntruSz) |
| { |
| int ret; |
| #ifdef WOLFSSL_SMALL_STACK |
| DerCert* der; |
| #else |
| DerCert der[1]; |
| #endif |
| |
| cert->keyType = eccKey ? ECC_KEY : (rsaKey ? RSA_KEY : NTRU_KEY); |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| der = (DerCert*)XMALLOC(sizeof(DerCert), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (der == NULL) |
| return MEMORY_E; |
| #endif |
| |
| ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz); |
| |
| if (ret == 0) { |
| if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) |
| ret = BUFFER_E; |
| else |
| ret = cert->bodySz = WriteCertBody(der, derBuffer); |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret; |
| } |
| |
| |
| /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ |
| int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, |
| ecc_key* eccKey, RNG* rng) |
| { |
| return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0); |
| } |
| |
| |
| #ifdef HAVE_NTRU |
| |
| int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz, |
| const byte* ntruKey, word16 keySz, RNG* rng) |
| { |
| return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz); |
| } |
| |
| #endif /* HAVE_NTRU */ |
| |
| |
| #ifdef WOLFSSL_CERT_REQ |
| |
| static int SetReqAttrib(byte* output, char* pw, int extSz) |
| { |
| static const byte cpOid[] = |
| { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, |
| 0x09, 0x07 }; |
| static const byte erOid[] = |
| { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, |
| 0x09, 0x0e }; |
| |
| int sz = 0; /* overall size */ |
| int cpSz = 0; /* Challenge Password section size */ |
| int cpSeqSz = 0; |
| int cpSetSz = 0; |
| int cpStrSz = 0; |
| int pwSz = 0; |
| int erSz = 0; /* Extension Request section size */ |
| int erSeqSz = 0; |
| int erSetSz = 0; |
| byte cpSeq[MAX_SEQ_SZ]; |
| byte cpSet[MAX_SET_SZ]; |
| byte cpStr[MAX_PRSTR_SZ]; |
| byte erSeq[MAX_SEQ_SZ]; |
| byte erSet[MAX_SET_SZ]; |
| |
| output[0] = 0xa0; |
| sz++; |
| |
| if (pw && pw[0]) { |
| pwSz = (int)XSTRLEN(pw); |
| cpStrSz = SetUTF8String(pwSz, cpStr); |
| cpSetSz = SetSet(cpStrSz + pwSz, cpSet); |
| cpSeqSz = SetSequence(sizeof(cpOid) + cpSetSz + cpStrSz + pwSz, cpSeq); |
| cpSz = cpSeqSz + sizeof(cpOid) + cpSetSz + cpStrSz + pwSz; |
| } |
| |
| if (extSz) { |
| erSetSz = SetSet(extSz, erSet); |
| erSeqSz = SetSequence(erSetSz + sizeof(erOid) + extSz, erSeq); |
| erSz = extSz + erSetSz + erSeqSz + sizeof(erOid); |
| } |
| |
| /* Put the pieces together. */ |
| sz += SetLength(cpSz + erSz, &output[sz]); |
| |
| if (cpSz) { |
| XMEMCPY(&output[sz], cpSeq, cpSeqSz); |
| sz += cpSeqSz; |
| XMEMCPY(&output[sz], cpOid, sizeof(cpOid)); |
| sz += sizeof(cpOid); |
| XMEMCPY(&output[sz], cpSet, cpSetSz); |
| sz += cpSetSz; |
| XMEMCPY(&output[sz], cpStr, cpStrSz); |
| sz += cpStrSz; |
| XMEMCPY(&output[sz], pw, pwSz); |
| sz += pwSz; |
| } |
| |
| if (erSz) { |
| XMEMCPY(&output[sz], erSeq, erSeqSz); |
| sz += erSeqSz; |
| XMEMCPY(&output[sz], erOid, sizeof(erOid)); |
| sz += sizeof(erOid); |
| XMEMCPY(&output[sz], erSet, erSetSz); |
| sz += erSetSz; |
| /* The actual extension data will be tacked onto the output later. */ |
| } |
| |
| return sz; |
| } |
| |
| |
| /* encode info from cert into DER encoded format */ |
| static int EncodeCertReq(Cert* cert, DerCert* der, |
| RsaKey* rsaKey, ecc_key* eccKey) |
| { |
| (void)eccKey; |
| |
| /* init */ |
| XMEMSET(der, 0, sizeof(DerCert)); |
| |
| /* version */ |
| der->versionSz = SetMyVersion(cert->version, der->version, FALSE); |
| |
| /* subject name */ |
| der->subjectSz = SetName(der->subject, &cert->subject); |
| if (der->subjectSz == 0) |
| return SUBJECT_E; |
| |
| /* public key */ |
| if (cert->keyType == RSA_KEY) { |
| if (rsaKey == NULL) |
| return PUBLIC_KEY_E; |
| der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey); |
| if (der->publicKeySz <= 0) |
| return PUBLIC_KEY_E; |
| } |
| |
| #ifdef HAVE_ECC |
| if (cert->keyType == ECC_KEY) { |
| if (eccKey == NULL) |
| return PUBLIC_KEY_E; |
| der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey); |
| if (der->publicKeySz <= 0) |
| return PUBLIC_KEY_E; |
| } |
| #endif /* HAVE_ECC */ |
| |
| /* CA */ |
| if (cert->isCA) { |
| der->caSz = SetCa(der->ca); |
| if (der->caSz == 0) |
| return CA_TRUE_E; |
| } |
| else |
| der->caSz = 0; |
| |
| /* extensions, just CA now */ |
| if (cert->isCA) { |
| der->extensionsSz = SetExtensions(der->extensions, |
| der->ca, der->caSz, FALSE); |
| if (der->extensionsSz == 0) |
| return EXTENSIONS_E; |
| } |
| else |
| der->extensionsSz = 0; |
| |
| der->attribSz = SetReqAttrib(der->attrib, |
| cert->challengePw, der->extensionsSz); |
| if (der->attribSz == 0) |
| return REQ_ATTRIBUTE_E; |
| |
| der->total = der->versionSz + der->subjectSz + der->publicKeySz + |
| der->extensionsSz + der->attribSz; |
| |
| return 0; |
| } |
| |
| |
| /* write DER encoded cert req to buffer, size already checked */ |
| static int WriteCertReqBody(DerCert* der, byte* buffer) |
| { |
| int idx; |
| |
| /* signed part header */ |
| idx = SetSequence(der->total, buffer); |
| /* version */ |
| XMEMCPY(buffer + idx, der->version, der->versionSz); |
| idx += der->versionSz; |
| /* subject */ |
| XMEMCPY(buffer + idx, der->subject, der->subjectSz); |
| idx += der->subjectSz; |
| /* public key */ |
| XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz); |
| idx += der->publicKeySz; |
| /* attributes */ |
| XMEMCPY(buffer + idx, der->attrib, der->attribSz); |
| idx += der->attribSz; |
| /* extensions */ |
| if (der->extensionsSz) { |
| XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz, |
| sizeof(der->extensions))); |
| idx += der->extensionsSz; |
| } |
| |
| return idx; |
| } |
| |
| |
| int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, |
| RsaKey* rsaKey, ecc_key* eccKey) |
| { |
| int ret; |
| #ifdef WOLFSSL_SMALL_STACK |
| DerCert* der; |
| #else |
| DerCert der[1]; |
| #endif |
| |
| cert->keyType = eccKey ? ECC_KEY : RSA_KEY; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| der = (DerCert*)XMALLOC(sizeof(DerCert), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (der == NULL) |
| return MEMORY_E; |
| #endif |
| |
| ret = EncodeCertReq(cert, der, rsaKey, eccKey); |
| |
| if (ret == 0) { |
| if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) |
| ret = BUFFER_E; |
| else |
| ret = cert->bodySz = WriteCertReqBody(der, derBuffer); |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret; |
| } |
| |
| #endif /* WOLFSSL_CERT_REQ */ |
| |
| |
| int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, |
| RsaKey* rsaKey, ecc_key* eccKey, RNG* rng) |
| { |
| int sigSz; |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* sig; |
| #else |
| byte sig[MAX_ENCODED_SIG_SZ]; |
| #endif |
| |
| if (requestSz < 0) |
| return requestSz; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (sig == NULL) |
| return MEMORY_E; |
| #endif |
| |
| sigSz = MakeSignature(buffer, requestSz, sig, MAX_ENCODED_SIG_SZ, rsaKey, |
| eccKey, rng, sType); |
| |
| if (sigSz >= 0) { |
| if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) |
| sigSz = BUFFER_E; |
| else |
| sigSz = AddSignature(buffer, requestSz, sig, sigSz, sType); |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return sigSz; |
| } |
| |
| |
| int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng) |
| { |
| int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng); |
| |
| if (ret < 0) |
| return ret; |
| |
| return wc_SignCert(cert->bodySz, cert->sigType, buffer, buffSz, key, NULL,rng); |
| } |
| |
| |
| #ifdef WOLFSSL_ALT_NAMES |
| |
| /* Set Alt Names from der cert, return 0 on success */ |
| static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) |
| { |
| int ret; |
| #ifdef WOLFSSL_SMALL_STACK |
| DecodedCert* decoded; |
| #else |
| DecodedCert decoded[1]; |
| #endif |
| |
| if (derSz < 0) |
| return derSz; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| if (decoded == NULL) |
| return MEMORY_E; |
| #endif |
| |
| InitDecodedCert(decoded, (byte*)der, derSz, 0); |
| ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); |
| |
| if (ret < 0) { |
| WOLFSSL_MSG("ParseCertRelative error"); |
| } |
| else if (decoded->extensions) { |
| byte b; |
| int length; |
| word32 maxExtensionsIdx; |
| |
| decoded->srcIdx = decoded->extensionsIdx; |
| b = decoded->source[decoded->srcIdx++]; |
| |
| if (b != ASN_EXTENSIONS) { |
| ret = ASN_PARSE_E; |
| } |
| else if (GetLength(decoded->source, &decoded->srcIdx, &length, |
| decoded->maxIdx) < 0) { |
| ret = ASN_PARSE_E; |
| } |
| else if (GetSequence(decoded->source, &decoded->srcIdx, &length, |
| decoded->maxIdx) < 0) { |
| ret = ASN_PARSE_E; |
| } |
| else { |
| maxExtensionsIdx = decoded->srcIdx + length; |
| |
| while (decoded->srcIdx < maxExtensionsIdx) { |
| word32 oid; |
| word32 startIdx = decoded->srcIdx; |
| word32 tmpIdx; |
| |
| if (GetSequence(decoded->source, &decoded->srcIdx, &length, |
| decoded->maxIdx) < 0) { |
| ret = ASN_PARSE_E; |
| break; |
| } |
| |
| tmpIdx = decoded->srcIdx; |
| decoded->srcIdx = startIdx; |
| |
| if (GetAlgoId(decoded->source, &decoded->srcIdx, &oid, |
| decoded->maxIdx) < 0) { |
| ret = ASN_PARSE_E; |
| break; |
| } |
| |
| if (oid == ALT_NAMES_OID) { |
| cert->altNamesSz = length + (tmpIdx - startIdx); |
| |
| if (cert->altNamesSz < (int)sizeof(cert->altNames)) |
| XMEMCPY(cert->altNames, &decoded->source[startIdx], |
| cert->altNamesSz); |
| else { |
| cert->altNamesSz = 0; |
| WOLFSSL_MSG("AltNames extensions too big"); |
| ret = ALT_NAME_E; |
| break; |
| } |
| } |
| decoded->srcIdx = tmpIdx + length; |
| } |
| } |
| } |
| |
| FreeDecodedCert(decoded); |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret < 0 ? ret : 0; |
| } |
| |
| |
| /* Set Dates from der cert, return 0 on success */ |
| static int SetDatesFromCert(Cert* cert, const byte* der, int derSz) |
| { |
| int ret; |
| #ifdef WOLFSSL_SMALL_STACK |
| DecodedCert* decoded; |
| #else |
| DecodedCert decoded[1]; |
| #endif |
| |
| WOLFSSL_ENTER("SetDatesFromCert"); |
| if (derSz < 0) |
| return derSz; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| if (decoded == NULL) |
| return MEMORY_E; |
| #endif |
| |
| InitDecodedCert(decoded, (byte*)der, derSz, 0); |
| ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); |
| |
| if (ret < 0) { |
| WOLFSSL_MSG("ParseCertRelative error"); |
| } |
| else if (decoded->beforeDate == NULL || decoded->afterDate == NULL) { |
| WOLFSSL_MSG("Couldn't extract dates"); |
| ret = -1; |
| } |
| else if (decoded->beforeDateLen > MAX_DATE_SIZE || |
| decoded->afterDateLen > MAX_DATE_SIZE) { |
| WOLFSSL_MSG("Bad date size"); |
| ret = -1; |
| } |
| else { |
| XMEMCPY(cert->beforeDate, decoded->beforeDate, decoded->beforeDateLen); |
| XMEMCPY(cert->afterDate, decoded->afterDate, decoded->afterDateLen); |
| |
| cert->beforeDateSz = decoded->beforeDateLen; |
| cert->afterDateSz = decoded->afterDateLen; |
| } |
| |
| FreeDecodedCert(decoded); |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret < 0 ? ret : 0; |
| } |
| |
| |
| #endif /* WOLFSSL_ALT_NAMES && !NO_RSA */ |
| |
| |
| /* Set cn name from der buffer, return 0 on success */ |
| static int SetNameFromCert(CertName* cn, const byte* der, int derSz) |
| { |
| int ret, sz; |
| #ifdef WOLFSSL_SMALL_STACK |
| DecodedCert* decoded; |
| #else |
| DecodedCert decoded[1]; |
| #endif |
| |
| if (derSz < 0) |
| return derSz; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, |
| DYNAMIC_TYPE_TMP_BUFFER); |
| if (decoded == NULL) |
| return MEMORY_E; |
| #endif |
| |
| InitDecodedCert(decoded, (byte*)der, derSz, 0); |
| ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); |
| |
| if (ret < 0) { |
| WOLFSSL_MSG("ParseCertRelative error"); |
| } |
| else { |
| if (decoded->subjectCN) { |
| sz = (decoded->subjectCNLen < CTC_NAME_SIZE) ? decoded->subjectCNLen |
| : CTC_NAME_SIZE - 1; |
| strncpy(cn->commonName, decoded->subjectCN, CTC_NAME_SIZE); |
| cn->commonName[sz] = 0; |
| cn->commonNameEnc = decoded->subjectCNEnc; |
| } |
| if (decoded->subjectC) { |
| sz = (decoded->subjectCLen < CTC_NAME_SIZE) ? decoded->subjectCLen |
| : CTC_NAME_SIZE - 1; |
| strncpy(cn->country, decoded->subjectC, CTC_NAME_SIZE); |
| cn->country[sz] = 0; |
| cn->countryEnc = decoded->subjectCEnc; |
| } |
| if (decoded->subjectST) { |
| sz = (decoded->subjectSTLen < CTC_NAME_SIZE) ? decoded->subjectSTLen |
| : CTC_NAME_SIZE - 1; |
| strncpy(cn->state, decoded->subjectST, CTC_NAME_SIZE); |
| cn->state[sz] = 0; |
| cn->stateEnc = decoded->subjectSTEnc; |
| } |
| if (decoded->subjectL) { |
| sz = (decoded->subjectLLen < CTC_NAME_SIZE) ? decoded->subjectLLen |
| : CTC_NAME_SIZE - 1; |
| strncpy(cn->locality, decoded->subjectL, CTC_NAME_SIZE); |
| cn->locality[sz] = 0; |
| cn->localityEnc = decoded->subjectLEnc; |
| } |
| if (decoded->subjectO) { |
| sz = (decoded->subjectOLen < CTC_NAME_SIZE) ? decoded->subjectOLen |
| : CTC_NAME_SIZE - 1; |
| strncpy(cn->org, decoded->subjectO, CTC_NAME_SIZE); |
| cn->org[sz] = 0; |
| cn->orgEnc = decoded->subjectOEnc; |
| } |
| if (decoded->subjectOU) { |
| sz = (decoded->subjectOULen < CTC_NAME_SIZE) ? decoded->subjectOULen |
| : CTC_NAME_SIZE - 1; |
| strncpy(cn->unit, decoded->subjectOU, CTC_NAME_SIZE); |
| cn->unit[sz] = 0; |
| cn->unitEnc = decoded->subjectOUEnc; |
| } |
| if (decoded->subjectSN) { |
| sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen |
| : CTC_NAME_SIZE - 1; |
| strncpy(cn->sur, decoded->subjectSN, CTC_NAME_SIZE); |
| cn->sur[sz] = 0; |
| cn->surEnc = decoded->subjectSNEnc; |
| } |
| if (decoded->subjectEmail) { |
| sz = (decoded->subjectEmailLen < CTC_NAME_SIZE) |
| ? decoded->subjectEmailLen : CTC_NAME_SIZE - 1; |
| strncpy(cn->email, decoded->subjectEmail, CTC_NAME_SIZE); |
| cn->email[sz] = 0; |
| } |
| } |
| |
| FreeDecodedCert(decoded); |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret < 0 ? ret : 0; |
| } |
| |
| |
| #ifndef NO_FILESYSTEM |
| |
| /* Set cert issuer from issuerFile in PEM */ |
| int wc_SetIssuer(Cert* cert, const char* issuerFile) |
| { |
| int ret; |
| int derSz; |
| byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); |
| |
| if (der == NULL) { |
| WOLFSSL_MSG("wc_SetIssuer OOF Problem"); |
| return MEMORY_E; |
| } |
| derSz = wolfSSL_PemCertToDer(issuerFile, der, EIGHTK_BUF); |
| cert->selfSigned = 0; |
| ret = SetNameFromCert(&cert->issuer, der, derSz); |
| XFREE(der, NULL, DYNAMIC_TYPE_CERT); |
| |
| return ret; |
| } |
| |
| |
| /* Set cert subject from subjectFile in PEM */ |
| int wc_SetSubject(Cert* cert, const char* subjectFile) |
| { |
| int ret; |
| int derSz; |
| byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); |
| |
| if (der == NULL) { |
| WOLFSSL_MSG("wc_SetSubject OOF Problem"); |
| return MEMORY_E; |
| } |
| derSz = wolfSSL_PemCertToDer(subjectFile, der, EIGHTK_BUF); |
| ret = SetNameFromCert(&cert->subject, der, derSz); |
| XFREE(der, NULL, DYNAMIC_TYPE_CERT); |
| |
| return ret; |
| } |
| |
| |
| #ifdef WOLFSSL_ALT_NAMES |
| |
| /* Set atl names from file in PEM */ |
| int wc_SetAltNames(Cert* cert, const char* file) |
| { |
| int ret; |
| int derSz; |
| byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); |
| |
| if (der == NULL) { |
| WOLFSSL_MSG("wc_SetAltNames OOF Problem"); |
| return MEMORY_E; |
| } |
| derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF); |
| ret = SetAltNamesFromCert(cert, der, derSz); |
| XFREE(der, NULL, DYNAMIC_TYPE_CERT); |
| |
| return ret; |
| } |
| |
| #endif /* WOLFSSL_ALT_NAMES */ |
| |
| #endif /* NO_FILESYSTEM */ |
| |
| /* Set cert issuer from DER buffer */ |
| int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz) |
| { |
| cert->selfSigned = 0; |
| return SetNameFromCert(&cert->issuer, der, derSz); |
| } |
| |
| |
| /* Set cert subject from DER buffer */ |
| int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz) |
| { |
| return SetNameFromCert(&cert->subject, der, derSz); |
| } |
| |
| |
| #ifdef WOLFSSL_ALT_NAMES |
| |
| /* Set cert alt names from DER buffer */ |
| int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz) |
| { |
| return SetAltNamesFromCert(cert, der, derSz); |
| } |
| |
| /* Set cert dates from DER buffer */ |
| int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz) |
| { |
| return SetDatesFromCert(cert, der, derSz); |
| } |
| |
| #endif /* WOLFSSL_ALT_NAMES */ |
| |
| #endif /* WOLFSSL_CERT_GEN */ |
| |
| |
| #ifdef HAVE_ECC |
| |
| /* Der Encode r & s ints into out, outLen is (in/out) size */ |
| int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) |
| { |
| word32 idx = 0; |
| word32 rSz; /* encoding size */ |
| word32 sSz; |
| word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ |
| |
| /* If the leading bit on the INTEGER is a 1, add a leading zero */ |
| int rLeadingZero = mp_leading_bit(r); |
| int sLeadingZero = mp_leading_bit(s); |
| int rLen = mp_unsigned_bin_size(r); /* big int size */ |
| int sLen = mp_unsigned_bin_size(s); |
| int err; |
| |
| if (*outLen < (rLen + rLeadingZero + sLen + sLeadingZero + |
| headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */ |
| return BAD_FUNC_ARG; |
| |
| idx = SetSequence(rLen+rLeadingZero+sLen+sLeadingZero+headerSz, out); |
| |
| /* store r */ |
| out[idx++] = ASN_INTEGER; |
| rSz = SetLength(rLen + rLeadingZero, &out[idx]); |
| idx += rSz; |
| if (rLeadingZero) |
| out[idx++] = 0; |
| err = mp_to_unsigned_bin(r, &out[idx]); |
| if (err != MP_OKAY) return err; |
| idx += rLen; |
| |
| /* store s */ |
| out[idx++] = ASN_INTEGER; |
| sSz = SetLength(sLen + sLeadingZero, &out[idx]); |
| idx += sSz; |
| if (sLeadingZero) |
| out[idx++] = 0; |
| err = mp_to_unsigned_bin(s, &out[idx]); |
| if (err != MP_OKAY) return err; |
| idx += sLen; |
| |
| *outLen = idx; |
| |
| return 0; |
| } |
| |
| |
| /* Der Decode ECC-DSA Signautre, r & s stored as big ints */ |
| int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s) |
| { |
| word32 idx = 0; |
| int len = 0; |
| |
| if (GetSequence(sig, &idx, &len, sigLen) < 0) |
| return ASN_ECC_KEY_E; |
| |
| if ((word32)len > (sigLen - idx)) |
| return ASN_ECC_KEY_E; |
| |
| if (GetInt(r, sig, &idx, sigLen) < 0) |
| return ASN_ECC_KEY_E; |
| |
| if (GetInt(s, sig, &idx, sigLen) < 0) |
| return ASN_ECC_KEY_E; |
| |
| return 0; |
| } |
| |
| |
| int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, |
| word32 inSz) |
| { |
| word32 oid = 0; |
| int version, length; |
| int privSz, pubSz; |
| byte b; |
| int ret = 0; |
| #ifdef WOLFSSL_SMALL_STACK |
| byte* priv; |
| byte* pub; |
| #else |
| byte priv[ECC_MAXSIZE]; |
| byte pub[ECC_MAXSIZE * 2 + 1]; /* public key has two parts plus header */ |
| #endif |
| |
| if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) |
| return BAD_FUNC_ARG; |
| |
| if (GetSequence(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetMyVersion(input, inOutIdx, &version) < 0) |
| return ASN_PARSE_E; |
| |
| b = input[*inOutIdx]; |
| *inOutIdx += 1; |
| |
| /* priv type */ |
| if (b != 4 && b != 6 && b != 7) |
| return ASN_PARSE_E; |
| |
| if (GetLength(input, inOutIdx, &length, inSz) < 0) |
| return ASN_PARSE_E; |
| |
| if (length > ECC_MAXSIZE) |
| return BUFFER_E; |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| priv = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (priv == NULL) |
| return MEMORY_E; |
| |
| pub = (byte*)XMALLOC(ECC_MAXSIZE * 2 + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| if (pub == NULL) { |
| XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| return MEMORY_E; |
| } |
| #endif |
| |
| /* priv key */ |
| privSz = length; |
| XMEMCPY(priv, &input[*inOutIdx], privSz); |
| *inOutIdx += length; |
| |
| /* prefix 0, may have */ |
| b = input[*inOutIdx]; |
| if (b == ECC_PREFIX_0) { |
| *inOutIdx += 1; |
| |
| if (GetLength(input, inOutIdx, &length, inSz) < 0) |
| ret = ASN_PARSE_E; |
| else { |
| /* object id */ |
| b = input[*inOutIdx]; |
| *inOutIdx += 1; |
| |
| if (b != ASN_OBJECT_ID) { |
| ret = ASN_OBJECT_ID_E; |
| } |
| else if (GetLength(input, inOutIdx, &length, inSz) < 0) { |
| ret = ASN_PARSE_E; |
| } |
| else { |
| while(length--) { |
| oid += input[*inOutIdx]; |
| *inOutIdx += 1; |
| } |
| if (CheckCurve(oid) < 0) |
| ret = ECC_CURVE_OID_E; |
| } |
| } |
| } |
| |
| if (ret == 0) { |
| /* prefix 1 */ |
| b = input[*inOutIdx]; |
| *inOutIdx += 1; |
| |
| if (b != ECC_PREFIX_1) { |
| ret = ASN_ECC_KEY_E; |
| } |
| else if (GetLength(input, inOutIdx, &length, inSz) < 0) { |
| ret = ASN_PARSE_E; |
| } |
| else { |
| /* key header */ |
| b = input[*inOutIdx]; |
| *inOutIdx += 1; |
| |
| if (b != ASN_BIT_STRING) { |
| ret = ASN_BITSTR_E; |
| } |
| else if (GetLength(input, inOutIdx, &length, inSz) < 0) { |
| ret = ASN_PARSE_E; |
| } |
| else { |
| b = input[*inOutIdx]; |
| *inOutIdx += 1; |
| |
| if (b != 0x00) { |
| ret = ASN_EXPECT_0_E; |
| } |
| else { |
| /* pub key */ |
| pubSz = length - 1; /* null prefix */ |
| if (pubSz < (ECC_MAXSIZE*2 + 1)) { |
| XMEMCPY(pub, &input[*inOutIdx], pubSz); |
| *inOutIdx += length; |
| ret = wc_ecc_import_private_key(priv, privSz, pub, pubSz, |
| key); |
| } else |
| ret = BUFFER_E; |
| } |
| } |
| } |
| } |
| |
| #ifdef WOLFSSL_SMALL_STACK |
| XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| #endif |
| |
| return ret; |
| } |
| |
| |
| #ifdef WOLFSSL_KEY_GEN |
| |
| /* Write a Private ecc key to DER format, length on success else < 0 */ |
| int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) |
| { |
| byte curve[MAX_ALGO_SZ]; |
| byte ver[MAX_VERSION_SZ]; |
| byte seq[MAX_SEQ_SZ]; |
| int ret; |
| int curveSz; |
| int verSz; |
| int privHdrSz = ASN_ECC_HEADER_SZ; |
| int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ; |
| int curveHdrSz = ASN_ECC_CONTEXT_SZ; |
| word32 seqSz; |
| word32 idx = 0; |
| word32 pubSz = ECC_BUFSIZE; |
| word32 privSz; |
| word32 totalSz; |
| |
| if (key == NULL || output == NULL || inLen == 0) |
| return BAD_FUNC_ARG; |
| |
| ret = wc_ecc_export_x963(key, NULL, &pubSz); |
| if (ret != LENGTH_ONLY_E) { |
| return ret; |
| } |
| curveSz = SetCurve(key, curve); |
| if (curveSz < 0) { |
| return curveSz; |
| } |
| |
| privSz = key->dp->size; |
| |
| verSz = SetMyVersion(1, ver, FALSE); |
| if (verSz < 0) { |
| return verSz; |
| } |
| |
| totalSz = verSz + privSz + privHdrSz + curveSz + curveHdrSz + |
| pubSz + pubHdrSz + 1; /* plus null byte b4 public */ |
| seqSz = SetSequence(totalSz, seq); |
| totalSz += seqSz; |
| |
| if (totalSz > inLen) { |
| return BUFFER_E; |
| } |
| |
| /* write it out */ |
| /* seq */ |
| XMEMCPY(output + idx, seq, seqSz); |
| idx += seqSz; |
| |
| /* ver */ |
| XMEMCPY(output + idx, ver, verSz); |
| idx += verSz; |
| |
| /* private */ |
| output[idx++] = ASN_OCTET_STRING; |
| output[idx++] = (byte)privSz; |
| ret = wc_ecc_export_private_only(key, output + idx, &privSz); |
| if (ret < 0) { |
| return ret; |
| } |
| idx += privSz; |
| |
| /* curve */ |
| output[idx++] = ECC_PREFIX_0; |
| output[idx++] = (byte)curveSz; |
| XMEMCPY(output + idx, curve, curveSz); |
| idx += curveSz; |
| |
| /* public */ |
| output[idx++] = ECC_PREFIX_1; |
| output[idx++] = (byte)pubSz + ASN_ECC_CONTEXT_SZ + 1; /* plus null byte */ |
| output[idx++] = ASN_BIT_STRING; |
| output[idx++] = (byte)pubSz + 1; /* plus null byte */ |
| output[idx++] = (byte)0; /* null byte */ |
| ret = wc_ecc_export_x963(key, output + idx, &pubSz); |
| if (ret != 0) { |
| return ret; |
| } |
| /* idx += pubSz if do more later */ |
| |
| return totalSz; |
| } |
| |
| #endif /* WOLFSSL_KEY_GEN */ |
| |
| #endif /* HAVE_ECC */ |
| |
| |
| #if defined(HAVE_OCSP) || defined(HAVE_CRL) |
| |
| /* Get raw Date only, no processing, 0 on success */ |
| static int GetBasicDate(const byte* source, word32* idx, byte* date, |
| byte* format, int maxIdx) |
| { |
| int length; |
| |
| WOLFSSL_ENTER("GetBasicDate"); |
| |
| *format = source[*idx]; |
| *idx += 1; |
| if (*format != ASN_UTC_TIME && *format != ASN_GENERALIZED_TIME) |
| return ASN_TIME_E; |
| |
| if (GetLength(source, idx, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE) |
| return ASN_DATE_SZ_E; |
| |
| XMEMCPY(date, &source[*idx], length); |
| *idx += length; |
| |
| return 0; |
| } |
| |
| #endif |
| |
| |
| #ifdef HAVE_OCSP |
| |
| static int GetEnumerated(const byte* input, word32* inOutIdx, int *value) |
| { |
| word32 idx = *inOutIdx; |
| word32 len; |
| |
| WOLFSSL_ENTER("GetEnumerated"); |
| |
| *value = 0; |
| |
| if (input[idx++] != ASN_ENUMERATED) |
| return ASN_PARSE_E; |
| |
| len = input[idx++]; |
| if (len > 4) |
| return ASN_PARSE_E; |
| |
| while (len--) { |
| *value = *value << 8 | input[idx++]; |
| } |
| |
| *inOutIdx = idx; |
| |
| return *value; |
| } |
| |
| |
| static int DecodeSingleResponse(byte* source, |
| word32* ioIndex, OcspResponse* resp, word32 size) |
| { |
| word32 idx = *ioIndex, prevIndex, oid; |
| int length, wrapperSz; |
| CertStatus* cs = resp->status; |
| |
| WOLFSSL_ENTER("DecodeSingleResponse"); |
| |
| /* Outer wrapper of the SEQUENCE OF Single Responses. */ |
| if (GetSequence(source, &idx, &wrapperSz, size) < 0) |
| return ASN_PARSE_E; |
| |
| prevIndex = idx; |
| |
| /* When making a request, we only request one status on one certificate |
| * at a time. There should only be one SingleResponse */ |
| |
| /* Wrapper around the Single Response */ |
| if (GetSequence(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| |
| /* Wrapper around the CertID */ |
| if (GetSequence(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| /* Skip the hash algorithm */ |
| if (GetAlgoId(source, &idx, &oid, size) < 0) |
| return ASN_PARSE_E; |
| /* Save reference to the hash of CN */ |
| if (source[idx++] != ASN_OCTET_STRING) |
| return ASN_PARSE_E; |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| resp->issuerHash = source + idx; |
| idx += length; |
| /* Save reference to the hash of the issuer public key */ |
| if (source[idx++] != ASN_OCTET_STRING) |
| return ASN_PARSE_E; |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| resp->issuerKeyHash = source + idx; |
| idx += length; |
| |
| /* Read the serial number, it is handled as a string, not as a |
| * proper number. Just XMEMCPY the data over, rather than load it |
| * as an mp_int. */ |
| if (source[idx++] != ASN_INTEGER) |
| return ASN_PARSE_E; |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| if (length <= EXTERNAL_SERIAL_SIZE) |
| { |
| if (source[idx] == 0) |
| { |
| idx++; |
| length--; |
| } |
| XMEMCPY(cs->serial, source + idx, length); |
| cs->serialSz = length; |
| } |
| else |
| { |
| return ASN_GETINT_E; |
| } |
| idx += length; |
| |
| /* CertStatus */ |
| switch (source[idx++]) |
| { |
| case (ASN_CONTEXT_SPECIFIC | CERT_GOOD): |
| cs->status = CERT_GOOD; |
| idx++; |
| break; |
| case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): |
| cs->status = CERT_REVOKED; |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| idx += length; |
| break; |
| case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): |
| cs->status = CERT_UNKNOWN; |
| idx++; |
| break; |
| default: |
| return ASN_PARSE_E; |
| } |
| |
| if (GetBasicDate(source, &idx, cs->thisDate, |
| &cs->thisDateFormat, size) < 0) |
| return ASN_PARSE_E; |
| if (!XVALIDATE_DATE(cs->thisDate, cs->thisDateFormat, BEFORE)) |
| return ASN_BEFORE_DATE_E; |
| |
| /* The following items are optional. Only check for them if there is more |
| * unprocessed data in the singleResponse wrapper. */ |
| |
| if (((int)(idx - prevIndex) < wrapperSz) && |
| (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))) |
| { |
| idx++; |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| if (GetBasicDate(source, &idx, cs->nextDate, |
| &cs->nextDateFormat, size) < 0) |
| return ASN_PARSE_E; |
| } |
| if (((int)(idx - prevIndex) < wrapperSz) && |
| (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))) |
| { |
| idx++; |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| idx += length; |
| } |
| |
| *ioIndex = idx; |
| |
| return 0; |
| } |
| |
| static int DecodeOcspRespExtensions(byte* source, |
| word32* ioIndex, OcspResponse* resp, word32 sz) |
| { |
| word32 idx = *ioIndex; |
| int length; |
| int ext_bound; /* boundary index for the sequence of extensions */ |
| word32 oid; |
| |
| WOLFSSL_ENTER("DecodeOcspRespExtensions"); |
| |
| if (source[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) |
| return ASN_PARSE_E; |
| |
| if (GetLength(source, &idx, &length, sz) < 0) return ASN_PARSE_E; |
| |
| if (GetSequence(source, &idx, &length, sz) < 0) return ASN_PARSE_E; |
| |
| ext_bound = idx + length; |
| |
| while (idx < (word32)ext_bound) { |
| if (GetSequence(source, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: should be a SEQUENCE"); |
| return ASN_PARSE_E; |
| } |
| |
| oid = 0; |
| if (GetObjectId(source, &idx, &oid, sz) < 0) { |
| WOLFSSL_MSG("\tfail: OBJECT ID"); |
| return ASN_PARSE_E; |
| } |
| |
| /* check for critical flag */ |
| if (source[idx] == ASN_BOOLEAN) { |
| WOLFSSL_MSG("\tfound optional critical flag, moving past"); |
| idx += (ASN_BOOL_SIZE + 1); |
| } |
| |
| /* process the extension based on the OID */ |
| if (source[idx++] != ASN_OCTET_STRING) { |
| WOLFSSL_MSG("\tfail: should be an OCTET STRING"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(source, &idx, &length, sz) < 0) { |
| WOLFSSL_MSG("\tfail: extension data length"); |
| return ASN_PARSE_E; |
| } |
| |
| if (oid == OCSP_NONCE_OID) { |
| resp->nonce = source + idx; |
| resp->nonceSz = length; |
| } |
| |
| idx += length; |
| } |
| |
| *ioIndex = idx; |
| return 0; |
| } |
| |
| |
| static int DecodeResponseData(byte* source, |
| word32* ioIndex, OcspResponse* resp, word32 size) |
| { |
| word32 idx = *ioIndex, prev_idx; |
| int length; |
| int version; |
| word32 responderId = 0; |
| |
| WOLFSSL_ENTER("DecodeResponseData"); |
| |
| resp->response = source + idx; |
| prev_idx = idx; |
| if (GetSequence(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| resp->responseSz = length + idx - prev_idx; |
| |
| /* Get version. It is an EXPLICIT[0] DEFAULT(0) value. If this |
| * item isn't an EXPLICIT[0], then set version to zero and move |
| * onto the next item. |
| */ |
| if (source[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) |
| { |
| idx += 2; /* Eat the value and length */ |
| if (GetMyVersion(source, &idx, &version) < 0) |
| return ASN_PARSE_E; |
| } else |
| version = 0; |
| |
| responderId = source[idx++]; |
| if ((responderId == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) || |
| (responderId == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2))) |
| { |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| idx += length; |
| } |
| else |
| return ASN_PARSE_E; |
| |
| /* save pointer to the producedAt time */ |
| if (GetBasicDate(source, &idx, resp->producedDate, |
| &resp->producedDateFormat, size) < 0) |
| return ASN_PARSE_E; |
| |
| if (DecodeSingleResponse(source, &idx, resp, size) < 0) |
| return ASN_PARSE_E; |
| |
| if (DecodeOcspRespExtensions(source, &idx, resp, size) < 0) |
| return ASN_PARSE_E; |
| |
| *ioIndex = idx; |
| return 0; |
| } |
| |
| |
| static int DecodeCerts(byte* source, |
| word32* ioIndex, OcspResponse* resp, word32 size) |
| { |
| word32 idx = *ioIndex; |
| |
| WOLFSSL_ENTER("DecodeCerts"); |
| |
| if (source[idx++] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) |
| { |
| int length; |
| |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetSequence(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| |
| resp->cert = source + idx; |
| resp->certSz = length; |
| |
| idx += length; |
| } |
| *ioIndex = idx; |
| return 0; |
| } |
| |
| static int DecodeBasicOcspResponse(byte* source, |
| word32* ioIndex, OcspResponse* resp, word32 size) |
| { |
| int length; |
| word32 idx = *ioIndex; |
| word32 end_index; |
| |
| WOLFSSL_ENTER("DecodeBasicOcspResponse"); |
| |
| if (GetSequence(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| |
| if (idx + length > size) |
| return ASN_INPUT_E; |
| end_index = idx + length; |
| |
| if (DecodeResponseData(source, &idx, resp, size) < 0) |
| return ASN_PARSE_E; |
| |
| /* Get the signature algorithm */ |
| if (GetAlgoId(source, &idx, &resp->sigOID, size) < 0) |
| return ASN_PARSE_E; |
| |
| /* Obtain pointer to the start of the signature, and save the size */ |
| if (source[idx++] == ASN_BIT_STRING) |
| { |
| int sigLength = 0; |
| if (GetLength(source, &idx, &sigLength, size) < 0) |
| return ASN_PARSE_E; |
| resp->sigSz = sigLength; |
| resp->sig = source + idx; |
| idx += sigLength; |
| } |
| |
| /* |
| * Check the length of the BasicOcspResponse against the current index to |
| * see if there are certificates, they are optional. |
| */ |
| if (idx < end_index) |
| { |
| DecodedCert cert; |
| int ret; |
| |
| if (DecodeCerts(source, &idx, resp, size) < 0) |
| return ASN_PARSE_E; |
| |
| InitDecodedCert(&cert, resp->cert, resp->certSz, 0); |
| ret = ParseCertRelative(&cert, CA_TYPE, NO_VERIFY, 0); |
| if (ret < 0) |
| return ret; |
| |
| ret = ConfirmSignature(resp->response, resp->responseSz, |
| cert.publicKey, cert.pubKeySize, cert.keyOID, |
| resp->sig, resp->sigSz, resp->sigOID, NULL); |
| FreeDecodedCert(&cert); |
| |
| if (ret == 0) |
| { |
| WOLFSSL_MSG("\tOCSP Confirm signature failed"); |
| return ASN_OCSP_CONFIRM_E; |
| } |
| } |
| |
| *ioIndex = idx; |
| return 0; |
| } |
| |
| |
| void InitOcspResponse(OcspResponse* resp, CertStatus* status, |
| byte* source, word32 inSz) |
| { |
| WOLFSSL_ENTER("InitOcspResponse"); |
| |
| resp->responseStatus = -1; |
| resp->response = NULL; |
| resp->responseSz = 0; |
| resp->producedDateFormat = 0; |
| resp->issuerHash = NULL; |
| resp->issuerKeyHash = NULL; |
| resp->sig = NULL; |
| resp->sigSz = 0; |
| resp->sigOID = 0; |
| resp->status = status; |
| resp->nonce = NULL; |
| resp->nonceSz = 0; |
| resp->source = source; |
| resp->maxIdx = inSz; |
| } |
| |
| |
| int OcspResponseDecode(OcspResponse* resp) |
| { |
| int length = 0; |
| word32 idx = 0; |
| byte* source = resp->source; |
| word32 size = resp->maxIdx; |
| word32 oid; |
| |
| WOLFSSL_ENTER("OcspResponseDecode"); |
| |
| /* peel the outer SEQUENCE wrapper */ |
| if (GetSequence(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| |
| /* First get the responseStatus, an ENUMERATED */ |
| if (GetEnumerated(source, &idx, &resp->responseStatus) < 0) |
| return ASN_PARSE_E; |
| |
| if (resp->responseStatus != OCSP_SUCCESSFUL) |
| return 0; |
| |
| /* Next is an EXPLICIT record called ResponseBytes, OPTIONAL */ |
| if (idx >= size) |
| return ASN_INPUT_E; |
| if (source[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) |
| return ASN_PARSE_E; |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| |
| /* Get the responseBytes SEQUENCE */ |
| if (GetSequence(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| |
| /* Check ObjectID for the resposeBytes */ |
| if (GetObjectId(source, &idx, &oid, size) < 0) |
| return ASN_PARSE_E; |
| if (oid != OCSP_BASIC_OID) |
| return ASN_PARSE_E; |
| if (source[idx++] != ASN_OCTET_STRING) |
| return ASN_PARSE_E; |
| |
| if (GetLength(source, &idx, &length, size) < 0) |
| return ASN_PARSE_E; |
| |
| if (DecodeBasicOcspResponse(source, &idx, resp, size) < 0) |
| return ASN_PARSE_E; |
| |
| return 0; |
| } |
| |
| |
| static word32 SetOcspReqExtensions(word32 extSz, byte* output, |
| const byte* nonce, word32 nonceSz) |
| { |
| static const byte NonceObjId[] = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, |
| 0x30, 0x01, 0x02 }; |
| byte seqArray[5][MAX_SEQ_SZ]; |
| word32 seqSz[5], totalSz; |
| |
| WOLFSSL_ENTER("SetOcspReqExtensions"); |
| |
| if (nonce == NULL || nonceSz == 0) return 0; |
| |
| seqArray[0][0] = ASN_OCTET_STRING; |
| seqSz[0] = 1 + SetLength(nonceSz, &seqArray[0][1]); |
| |
| seqArray[1][0] = ASN_OBJECT_ID; |
| seqSz[1] = 1 + SetLength(sizeof(NonceObjId), &seqArray[1][1]); |
| |
| totalSz = seqSz[0] + seqSz[1] + nonceSz + (word32)sizeof(NonceObjId); |
| |
| seqSz[2] = SetSequence(totalSz, seqArray[2]); |
| totalSz += seqSz[2]; |
| |
| seqSz[3] = SetSequence(totalSz, seqArray[3]); |
| totalSz += seqSz[3]; |
| |
| seqArray[4][0] = (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2); |
| seqSz[4] = 1 + SetLength(totalSz, &seqArray[4][1]); |
| totalSz += seqSz[4]; |
| |
| if (totalSz < extSz) |
| { |
| totalSz = 0; |
| XMEMCPY(output + totalSz, seqArray[4], seqSz[4]); |
| totalSz += seqSz[4]; |
| XMEMCPY(output + totalSz, seqArray[3], seqSz[3]); |
| totalSz += seqSz[3]; |
| XMEMCPY(output + totalSz, seqArray[2], seqSz[2]); |
| totalSz += seqSz[2]; |
| XMEMCPY(output + totalSz, seqArray[1], seqSz[1]); |
| totalSz += seqSz[1]; |
| XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId)); |
| totalSz += (word32)sizeof(NonceObjId); |
| XMEMCPY(output + totalSz, seqArray[0], seqSz[0]); |
| totalSz += seqSz[0]; |
| XMEMCPY(output + totalSz, nonce, nonceSz); |
| totalSz += nonceSz; |
| } |
| |
| return totalSz; |
| } |
| |
| |
| int EncodeOcspRequest(OcspRequest* req) |
| { |
| byte seqArray[5][MAX_SEQ_SZ]; |
| /* The ASN.1 of the OCSP Request is an onion of sequences */ |
| byte algoArray[MAX_ALGO_SZ]; |
| byte issuerArray[MAX_ENCODED_DIG_SZ]; |
| byte issuerKeyArray[MAX_ENCODED_DIG_SZ]; |
| byte snArray[MAX_SN_SZ]; |
| byte extArray[MAX_OCSP_EXT_SZ]; |
| byte* output = req->dest; |
| word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, extSz, totalSz; |
| int i; |
| |
| WOLFSSL_ENTER("EncodeOcspRequest"); |
| |
| #ifdef NO_SHA |
| algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0); |
| #else |
| algoSz = SetAlgoID(SHAh, algoArray, hashType, 0); |
| #endif |
| |
| req->issuerHash = req->cert->issuerHash; |
| issuerSz = SetDigest(req->cert->issuerHash, KEYID_SIZE, issuerArray); |
| |
| req->issuerKeyHash = req->cert->issuerKeyHash; |
| issuerKeySz = SetDigest(req->cert->issuerKeyHash, |
| KEYID_SIZE, issuerKeyArray); |
| |
| req->serial = req->cert->serial; |
| req->serialSz = req->cert->serialSz; |
| snSz = SetSerialNumber(req->cert->serial, req->cert->serialSz, snArray); |
| |
| extSz = 0; |
| if (req->useNonce) { |
| RNG rng; |
| if (wc_InitRng(&rng) != 0) { |
| WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce."); |
| } else { |
| if (wc_RNG_GenerateBlock(&rng, req->nonce, MAX_OCSP_NONCE_SZ) != 0) |
| WOLFSSL_MSG("\tCannot run RNG. Skipping the OSCP Nonce."); |
| else { |
| req->nonceSz = MAX_OCSP_NONCE_SZ; |
| extSz = SetOcspReqExtensions(MAX_OCSP_EXT_SZ, extArray, |
| req->nonce, req->nonceSz); |
| } |
| wc_FreeRng(&rng); |
| } |
| } |
| |
| totalSz = algoSz + issuerSz + issuerKeySz + snSz; |
| |
| for (i = 4; i >= 0; i--) { |
| seqSz[i] = SetSequence(totalSz, seqArray[i]); |
| totalSz += seqSz[i]; |
| if (i == 2) totalSz += extSz; |
| } |
| totalSz = 0; |
| for (i = 0; i < 5; i++) { |
| XMEMCPY(output + totalSz, seqArray[i], seqSz[i]); |
| totalSz += seqSz[i]; |
| } |
| XMEMCPY(output + totalSz, algoArray, algoSz); |
| totalSz += algoSz; |
| XMEMCPY(output + totalSz, issuerArray, issuerSz); |
| totalSz += issuerSz; |
| XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz); |
| totalSz += issuerKeySz; |
| XMEMCPY(output + totalSz, snArray, snSz); |
| totalSz += snSz; |
| if (extSz != 0) { |
| XMEMCPY(output + totalSz, extArray, extSz); |
| totalSz += extSz; |
| } |
| |
| return totalSz; |
| } |
| |
| |
| void InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce, |
| byte* dest, word32 destSz) |
| { |
| WOLFSSL_ENTER("InitOcspRequest"); |
| |
| req->cert = cert; |
| req->useNonce = useNonce; |
| req->nonceSz = 0; |
| req->issuerHash = NULL; |
| req->issuerKeyHash = NULL; |
| req->serial = NULL; |
| req->dest = dest; |
| req->destSz = destSz; |
| } |
| |
| |
| int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp) |
| { |
| int cmp; |
| |
| WOLFSSL_ENTER("CompareOcspReqResp"); |
| |
| if (req == NULL) |
| { |
| WOLFSSL_MSG("\tReq missing"); |
| return -1; |
| } |
| |
| if (resp == NULL) |
| { |
| WOLFSSL_MSG("\tResp missing"); |
| return 1; |
| } |
| |
| /* Nonces are not critical. The responder may not necessarily add |
| * the nonce to the response. */ |
| if (req->useNonce && resp->nonceSz != 0) { |
| cmp = req->nonceSz - resp->nonceSz; |
| if (cmp != 0) |
| { |
| WOLFSSL_MSG("\tnonceSz mismatch"); |
| return cmp; |
| } |
| |
| cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz); |
| if (cmp != 0) |
| { |
| WOLFSSL_MSG("\tnonce mismatch"); |
| return cmp; |
| } |
| } |
| |
| cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE); |
| if (cmp != 0) |
| { |
| WOLFSSL_MSG("\tissuerHash mismatch"); |
| return cmp; |
| } |
| |
| cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE); |
| if (cmp != 0) |
| { |
| WOLFSSL_MSG("\tissuerKeyHash mismatch"); |
| return cmp; |
| } |
| |
| cmp = req->serialSz - resp->status->serialSz; |
| if (cmp != 0) |
| { |
| WOLFSSL_MSG("\tserialSz mismatch"); |
| return cmp; |
| } |
| |
| cmp = XMEMCMP(req->serial, resp->status->serial, req->serialSz); |
| if (cmp != 0) |
| { |
| WOLFSSL_MSG("\tserial mismatch"); |
| return cmp; |
| } |
| |
| return 0; |
| } |
| |
| #endif |
| |
| |
| /* store SHA hash of NAME */ |
| WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, |
| int maxIdx) |
| { |
| int length; /* length of all distinguished names */ |
| int ret; |
| word32 dummy; |
| |
| WOLFSSL_ENTER("GetNameHash"); |
| |
| if (source[*idx] == ASN_OBJECT_ID) { |
| WOLFSSL_MSG("Trying optional prefix..."); |
| |
| if (GetLength(source, idx, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| *idx += length; |
| WOLFSSL_MSG("Got optional prefix"); |
| } |
| |
| /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be |
| * calculated over the entire DER encoding of the Name field, including |
| * the tag and length. */ |
| dummy = *idx; |
| if (GetSequence(source, idx, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| #ifdef NO_SHA |
| ret = wc_Sha256Hash(source + dummy, length + *idx - dummy, hash); |
| #else |
| ret = wc_ShaHash(source + dummy, length + *idx - dummy, hash); |
| #endif |
| |
| *idx += length; |
| |
| return ret; |
| } |
| |
| |
| #ifdef HAVE_CRL |
| |
| /* initialize decoded CRL */ |
| void InitDecodedCRL(DecodedCRL* dcrl) |
| { |
| WOLFSSL_MSG("InitDecodedCRL"); |
| |
| dcrl->certBegin = 0; |
| dcrl->sigIndex = 0; |
| dcrl->sigLength = 0; |
| dcrl->signatureOID = 0; |
| dcrl->certs = NULL; |
| dcrl->totalCerts = 0; |
| } |
| |
| |
| /* free decoded CRL resources */ |
| void FreeDecodedCRL(DecodedCRL* dcrl) |
| { |
| RevokedCert* tmp = dcrl->certs; |
| |
| WOLFSSL_MSG("FreeDecodedCRL"); |
| |
| while(tmp) { |
| RevokedCert* next = tmp->next; |
| XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED); |
| tmp = next; |
| } |
| } |
| |
| |
| /* Get Revoked Cert list, 0 on success */ |
| static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl, |
| int maxIdx) |
| { |
| int len; |
| word32 end; |
| byte b; |
| RevokedCert* rc; |
| |
| WOLFSSL_ENTER("GetRevoked"); |
| |
| if (GetSequence(buff, idx, &len, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| end = *idx + len; |
| |
| /* get serial number */ |
| b = buff[*idx]; |
| *idx += 1; |
| |
| if (b != ASN_INTEGER) { |
| WOLFSSL_MSG("Expecting Integer"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(buff, idx, &len, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| if (len > EXTERNAL_SERIAL_SIZE) { |
| WOLFSSL_MSG("Serial Size too big"); |
| return ASN_PARSE_E; |
| } |
| |
| rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), NULL, DYNAMIC_TYPE_CRL); |
| if (rc == NULL) { |
| WOLFSSL_MSG("Alloc Revoked Cert failed"); |
| return MEMORY_E; |
| } |
| |
| XMEMCPY(rc->serialNumber, &buff[*idx], len); |
| rc->serialSz = len; |
| |
| /* add to list */ |
| rc->next = dcrl->certs; |
| dcrl->certs = rc; |
| dcrl->totalCerts++; |
| |
| *idx += len; |
| |
| /* get date */ |
| b = buff[*idx]; |
| *idx += 1; |
| |
| if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME) { |
| WOLFSSL_MSG("Expecting Date"); |
| return ASN_PARSE_E; |
| } |
| |
| if (GetLength(buff, idx, &len, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| /* skip for now */ |
| *idx += len; |
| |
| if (*idx != end) /* skip extensions */ |
| *idx = end; |
| |
| return 0; |
| } |
| |
| |
| /* Get CRL Signature, 0 on success */ |
| static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl, |
| int maxIdx) |
| { |
| int length; |
| byte b; |
| |
| WOLFSSL_ENTER("GetCRL_Signature"); |
| |
| b = source[*idx]; |
| *idx += 1; |
| if (b != ASN_BIT_STRING) |
| return ASN_BITSTR_E; |
| |
| if (GetLength(source, idx, &length, maxIdx) < 0) |
| return ASN_PARSE_E; |
| |
| dcrl->sigLength = length; |
| |
| b = source[*idx]; |
| *idx += 1; |
| if (b != 0x00) |
| return ASN_EXPECT_0_E; |
| |
| dcrl->sigLength--; |
| dcrl->signature = (byte*)&source[*idx]; |
| |
| *idx += dcrl->sigLength; |
| |
| return 0; |
| } |
| |
| |
| /* prase crl buffer into decoded state, 0 on success */ |
| int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) |
| { |
| int version, len; |
| word32 oid, idx = 0; |
| Signer* ca = NULL; |
| |
| WOLFSSL_MSG("ParseCRL"); |
| |
| /* raw crl hash */ |
| /* hash here if needed for optimized comparisons |
| * Sha sha; |
| * wc_InitSha(&sha); |
| * wc_ShaUpdate(&sha, buff, sz); |
| * wc_ShaFinal(&sha, dcrl->crlHash); */ |
| |
| if (GetSequence(buff, &idx, &len, sz) < 0) |
| return ASN_PARSE_E; |
| |
| dcrl->certBegin = idx; |
| |
| if (GetSequence(buff, &idx, &len, sz) < 0) |
| return ASN_PARSE_E; |
| dcrl->sigIndex = len + idx; |
| |
| /* may have version */ |
| if (buff[idx] == ASN_INTEGER) { |
| if (GetMyVersion(buff, &idx, &version) < 0) |
| return ASN_PARSE_E; |
| } |
| |
| if (GetAlgoId(buff, &idx, &oid, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetNameHash(buff, &idx, dcrl->issuerHash, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetBasicDate(buff, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetBasicDate(buff, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { |
| WOLFSSL_MSG("CRL after date is no longer valid"); |
| return ASN_AFTER_DATE_E; |
| } |
| |
| if (idx != dcrl->sigIndex && buff[idx] != CRL_EXTENSIONS) { |
| if (GetSequence(buff, &idx, &len, sz) < 0) |
| return ASN_PARSE_E; |
| |
| len += idx; |
| |
| while (idx < (word32)len) { |
| if (GetRevoked(buff, &idx, dcrl, sz) < 0) |
| return ASN_PARSE_E; |
| } |
| } |
| |
| if (idx != dcrl->sigIndex) |
| idx = dcrl->sigIndex; /* skip extensions */ |
| |
| if (GetAlgoId(buff, &idx, &dcrl->signatureOID, sz) < 0) |
| return ASN_PARSE_E; |
| |
| if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0) |
| return ASN_PARSE_E; |
| |
| /* openssl doesn't add skid by default for CRLs cause firefox chokes |
| we're not assuming it's available yet */ |
| #if !defined(NO_SKID) && defined(CRL_SKID_READY) |
| if (dcrl->extAuthKeyIdSet) |
| ca = GetCA(cm, dcrl->extAuthKeyId); |
| if (ca == NULL) |
| ca = GetCAByName(cm, dcrl->issuerHash); |
| #else /* NO_SKID */ |
| ca = GetCA(cm, dcrl->issuerHash); |
| #endif /* NO_SKID */ |
| WOLFSSL_MSG("About to verify CRL signature"); |
| |
| if (ca) { |
| WOLFSSL_MSG("Found CRL issuer CA"); |
| /* try to confirm/verify signature */ |
| #ifndef IGNORE_KEY_EXTENSIONS |
| if ((ca->keyUsage & KEYUSE_CRL_SIGN) == 0) { |
| WOLFSSL_MSG("CA cannot sign CRLs"); |
| return ASN_CRL_NO_SIGNER_E; |
| } |
| #endif /* IGNORE_KEY_EXTENSIONS */ |
| if (!ConfirmSignature(buff + dcrl->certBegin, |
| dcrl->sigIndex - dcrl->certBegin, |
| ca->publicKey, ca->pubKeySize, ca->keyOID, |
| dcrl->signature, dcrl->sigLength, dcrl->signatureOID, NULL)) { |
| WOLFSSL_MSG("CRL Confirm signature failed"); |
| return ASN_CRL_CONFIRM_E; |
| } |
| } |
| else { |
| WOLFSSL_MSG("Did NOT find CRL issuer CA"); |
| return ASN_CRL_NO_SIGNER_E; |
| } |
| |
| return 0; |
| } |
| |
| #endif /* HAVE_CRL */ |
| #endif |
| |
| #ifdef WOLFSSL_SEP |
| |
| |
| |
| #endif /* WOLFSSL_SEP */ |
| |