[tls] Use our own ASN.1 routines for certificate parsing
Use our own, more robust, ASN.1 parsing routines to extract the RSA public key from a server certificate. Remove the now-unused AXTLS ASN.1 parser.
This commit is contained in:
parent
5a99c586cf
commit
8e960eb67c
|
@ -32,7 +32,7 @@
|
||||||
*
|
*
|
||||||
* @v cursor ASN.1 object cursor
|
* @v cursor ASN.1 object cursor
|
||||||
* @v type Expected type
|
* @v type Expected type
|
||||||
* @ret len Length of object body, or -1 on error
|
* @ret len Length of object body, or negative error
|
||||||
*
|
*
|
||||||
* The object cursor will be updated to point to the start of the
|
* The object cursor will be updated to point to the start of the
|
||||||
* object body (i.e. the first byte following the length byte(s)), and
|
* object body (i.e. the first byte following the length byte(s)), and
|
||||||
|
@ -44,29 +44,32 @@
|
||||||
* the cursor will be invalidated and a negative value will be
|
* the cursor will be invalidated and a negative value will be
|
||||||
* returned.
|
* returned.
|
||||||
*/
|
*/
|
||||||
static int asn1_start_object ( struct asn1_cursor *cursor,
|
static int asn1_start ( struct asn1_cursor *cursor,
|
||||||
unsigned int type ) {
|
unsigned int type ) {
|
||||||
unsigned int len_len;
|
unsigned int len_len;
|
||||||
unsigned int len;
|
unsigned int len;
|
||||||
|
int rc;
|
||||||
|
|
||||||
/* Sanity check */
|
/* Sanity check */
|
||||||
if ( cursor->len < 2 /* Tag byte and first length byte */ ) {
|
if ( cursor->len < 2 /* Tag byte and first length byte */ ) {
|
||||||
if ( cursor->len )
|
if ( cursor->len )
|
||||||
DBGC ( cursor, "ASN1 %p too short\n", cursor );
|
DBGC ( cursor, "ASN1 %p too short\n", cursor );
|
||||||
|
rc = -EINVAL;
|
||||||
goto notfound;
|
goto notfound;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check the tag byte */
|
/* Check the tag byte */
|
||||||
if ( cursor->data[0] != type ) {
|
if ( *( ( uint8_t * ) cursor->data ) != type ) {
|
||||||
DBGC ( cursor, "ASN1 %p type mismatch (expected %d, got %d)\n",
|
DBGC ( cursor, "ASN1 %p type mismatch (expected %d, got %d)\n",
|
||||||
cursor, type, cursor->data[0] );
|
cursor, type, *( ( uint8_t * ) cursor->data ) );
|
||||||
|
rc = -ENXIO;
|
||||||
goto notfound;
|
goto notfound;
|
||||||
}
|
}
|
||||||
cursor->data++;
|
cursor->data++;
|
||||||
cursor->len--;
|
cursor->len--;
|
||||||
|
|
||||||
/* Extract length of the length field and sanity check */
|
/* Extract length of the length field and sanity check */
|
||||||
len_len = cursor->data[0];
|
len_len = *( ( uint8_t * ) cursor->data );
|
||||||
if ( len_len & 0x80 ) {
|
if ( len_len & 0x80 ) {
|
||||||
len_len = ( len_len & 0x7f );
|
len_len = ( len_len & 0x7f );
|
||||||
cursor->data++;
|
cursor->data++;
|
||||||
|
@ -77,19 +80,21 @@ static int asn1_start_object ( struct asn1_cursor *cursor,
|
||||||
if ( cursor->len < len_len ) {
|
if ( cursor->len < len_len ) {
|
||||||
DBGC ( cursor, "ASN1 %p bad length field length %d (max "
|
DBGC ( cursor, "ASN1 %p bad length field length %d (max "
|
||||||
"%zd)\n", cursor, len_len, cursor->len );
|
"%zd)\n", cursor, len_len, cursor->len );
|
||||||
|
rc = -EINVAL;
|
||||||
goto notfound;
|
goto notfound;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Extract the length and sanity check */
|
/* Extract the length and sanity check */
|
||||||
for ( len = 0 ; len_len ; len_len-- ) {
|
for ( len = 0 ; len_len ; len_len-- ) {
|
||||||
len <<= 8;
|
len <<= 8;
|
||||||
len |= cursor->data[0];
|
len |= *( ( uint8_t * ) cursor->data );
|
||||||
cursor->data++;
|
cursor->data++;
|
||||||
cursor->len--;
|
cursor->len--;
|
||||||
}
|
}
|
||||||
if ( cursor->len < len ) {
|
if ( cursor->len < len ) {
|
||||||
DBGC ( cursor, "ASN1 %p bad length %d (max %zd)\n",
|
DBGC ( cursor, "ASN1 %p bad length %d (max %zd)\n",
|
||||||
cursor, len, cursor->len );
|
cursor, len, cursor->len );
|
||||||
|
rc = -EINVAL;
|
||||||
goto notfound;
|
goto notfound;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -98,7 +103,7 @@ static int asn1_start_object ( struct asn1_cursor *cursor,
|
||||||
notfound:
|
notfound:
|
||||||
cursor->data = NULL;
|
cursor->data = NULL;
|
||||||
cursor->len = 0;
|
cursor->len = 0;
|
||||||
return -1;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -112,12 +117,12 @@ static int asn1_start_object ( struct asn1_cursor *cursor,
|
||||||
* current ASN.1 object. If any error occurs, the object cursor will
|
* current ASN.1 object. If any error occurs, the object cursor will
|
||||||
* be invalidated.
|
* be invalidated.
|
||||||
*/
|
*/
|
||||||
int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ) {
|
int asn1_enter ( struct asn1_cursor *cursor, unsigned int type ) {
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
len = asn1_start_object ( cursor, type );
|
len = asn1_start ( cursor, type );
|
||||||
if ( len < 0 )
|
if ( len < 0 )
|
||||||
return -ENOENT;
|
return len;
|
||||||
|
|
||||||
cursor->len = len;
|
cursor->len = len;
|
||||||
DBGC ( cursor, "ASN1 %p entered object type %02x (len %x)\n",
|
DBGC ( cursor, "ASN1 %p entered object type %02x (len %x)\n",
|
||||||
|
@ -137,12 +142,12 @@ int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ) {
|
||||||
* object. If any error occurs, the object cursor will be
|
* object. If any error occurs, the object cursor will be
|
||||||
* invalidated.
|
* invalidated.
|
||||||
*/
|
*/
|
||||||
int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type ) {
|
int asn1_skip ( struct asn1_cursor *cursor, unsigned int type ) {
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
len = asn1_start_object ( cursor, type );
|
len = asn1_start ( cursor, type );
|
||||||
if ( len < 0 )
|
if ( len < 0 )
|
||||||
return -ENOENT;
|
return len;
|
||||||
|
|
||||||
cursor->data += len;
|
cursor->data += len;
|
||||||
cursor->len -= len;
|
cursor->len -= len;
|
||||||
|
|
|
@ -1,867 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright(C) 2006 Cameron Rich
|
|
||||||
*
|
|
||||||
* This library is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU Lesser General Public License as published by
|
|
||||||
* the Free Software Foundation; either version 2.1 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* This library is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU Lesser General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU Lesser General Public License
|
|
||||||
* along with this library; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
||||||
*/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @file asn1.c
|
|
||||||
*
|
|
||||||
* Some primitive asn methods for extraction rsa modulus information. It also
|
|
||||||
* is used for retrieving information from X.509 certificates.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include "crypto.h"
|
|
||||||
|
|
||||||
#define SIG_OID_PREFIX_SIZE 8
|
|
||||||
|
|
||||||
#define SIG_TYPE_MD2 0x02
|
|
||||||
#define SIG_TYPE_MD5 0x04
|
|
||||||
#define SIG_TYPE_SHA1 0x05
|
|
||||||
|
|
||||||
/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
|
|
||||||
static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
|
|
||||||
{
|
|
||||||
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
|
|
||||||
};
|
|
||||||
|
|
||||||
/* CN, O, OU */
|
|
||||||
static const uint8_t g_dn_types[] = { 3, 10, 11 };
|
|
||||||
|
|
||||||
static int get_asn1_length(const uint8_t *buf, int *offset)
|
|
||||||
{
|
|
||||||
int len, i;
|
|
||||||
|
|
||||||
if (!(buf[*offset] & 0x80)) /* short form */
|
|
||||||
{
|
|
||||||
len = buf[(*offset)++];
|
|
||||||
}
|
|
||||||
else /* long form */
|
|
||||||
{
|
|
||||||
int length_bytes = buf[(*offset)++]&0x7f;
|
|
||||||
len = 0;
|
|
||||||
for (i = 0; i < length_bytes; i++)
|
|
||||||
{
|
|
||||||
len <<= 8;
|
|
||||||
len += buf[(*offset)++];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return len;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Skip the ASN1.1 object type and its length. Get ready to read the object's
|
|
||||||
* data.
|
|
||||||
*/
|
|
||||||
int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
|
|
||||||
{
|
|
||||||
if (buf[*offset] != obj_type)
|
|
||||||
return X509_NOT_OK;
|
|
||||||
(*offset)++;
|
|
||||||
return get_asn1_length(buf, offset);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Skip over an ASN.1 object type completely. Get ready to read the next
|
|
||||||
* object.
|
|
||||||
*/
|
|
||||||
int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
|
|
||||||
{
|
|
||||||
int len;
|
|
||||||
|
|
||||||
if (buf[*offset] != obj_type)
|
|
||||||
return X509_NOT_OK;
|
|
||||||
(*offset)++;
|
|
||||||
len = get_asn1_length(buf, offset);
|
|
||||||
*offset += len;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Read an integer value for ASN.1 data
|
|
||||||
* Note: This function allocates memory which must be freed by the user.
|
|
||||||
*/
|
|
||||||
int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
|
|
||||||
{
|
|
||||||
int len;
|
|
||||||
|
|
||||||
if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
|
|
||||||
goto end_int_array;
|
|
||||||
|
|
||||||
*object = (uint8_t *)malloc(len);
|
|
||||||
memcpy(*object, &buf[*offset], len);
|
|
||||||
*offset += len;
|
|
||||||
|
|
||||||
end_int_array:
|
|
||||||
return len;
|
|
||||||
}
|
|
||||||
|
|
||||||
#if 0
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get all the RSA private key specifics from an ASN.1 encoded file
|
|
||||||
*/
|
|
||||||
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
|
|
||||||
{
|
|
||||||
int offset = 7;
|
|
||||||
uint8_t *modulus, *priv_exp, *pub_exp;
|
|
||||||
int mod_len, priv_len, pub_len;
|
|
||||||
#ifdef CONFIG_BIGINT_CRT
|
|
||||||
uint8_t *p, *q, *dP, *dQ, *qInv;
|
|
||||||
int p_len, q_len, dP_len, dQ_len, qInv_len;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* not in der format */
|
|
||||||
if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
|
|
||||||
{
|
|
||||||
#ifdef CONFIG_SSL_FULL_MODE
|
|
||||||
printf("Error: This is not a valid ASN.1 file\n");
|
|
||||||
#endif
|
|
||||||
return X509_INVALID_PRIV_KEY;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* initialise the RNG */
|
|
||||||
RNG_initialize(buf, len);
|
|
||||||
|
|
||||||
mod_len = asn1_get_int(buf, &offset, &modulus);
|
|
||||||
pub_len = asn1_get_int(buf, &offset, &pub_exp);
|
|
||||||
priv_len = asn1_get_int(buf, &offset, &priv_exp);
|
|
||||||
|
|
||||||
if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
|
|
||||||
return X509_INVALID_PRIV_KEY;
|
|
||||||
|
|
||||||
#ifdef CONFIG_BIGINT_CRT
|
|
||||||
p_len = asn1_get_int(buf, &offset, &p);
|
|
||||||
q_len = asn1_get_int(buf, &offset, &q);
|
|
||||||
dP_len = asn1_get_int(buf, &offset, &dP);
|
|
||||||
dQ_len = asn1_get_int(buf, &offset, &dQ);
|
|
||||||
qInv_len = asn1_get_int(buf, &offset, &qInv);
|
|
||||||
|
|
||||||
if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
|
|
||||||
return X509_INVALID_PRIV_KEY;
|
|
||||||
|
|
||||||
RSA_priv_key_new(rsa_ctx,
|
|
||||||
modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
|
|
||||||
p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
|
|
||||||
|
|
||||||
free(p);
|
|
||||||
free(q);
|
|
||||||
free(dP);
|
|
||||||
free(dQ);
|
|
||||||
free(qInv);
|
|
||||||
#else
|
|
||||||
RSA_priv_key_new(rsa_ctx,
|
|
||||||
modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
free(modulus);
|
|
||||||
free(priv_exp);
|
|
||||||
free(pub_exp);
|
|
||||||
return X509_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the time of a certificate. Ignore hours/minutes/seconds.
|
|
||||||
*/
|
|
||||||
static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
|
|
||||||
{
|
|
||||||
int ret = X509_NOT_OK, len, t_offset;
|
|
||||||
struct tm tm;
|
|
||||||
|
|
||||||
if (buf[(*offset)++] != ASN1_UTC_TIME)
|
|
||||||
goto end_utc_time;
|
|
||||||
len = get_asn1_length(buf, offset);
|
|
||||||
t_offset = *offset;
|
|
||||||
|
|
||||||
memset(&tm, 0, sizeof(struct tm));
|
|
||||||
tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
|
|
||||||
|
|
||||||
if (tm.tm_year <= 50) /* 1951-2050 thing */
|
|
||||||
{
|
|
||||||
tm.tm_year += 100;
|
|
||||||
}
|
|
||||||
|
|
||||||
tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
|
|
||||||
tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
|
|
||||||
*t = mktime(&tm);
|
|
||||||
*offset += len;
|
|
||||||
ret = X509_OK;
|
|
||||||
|
|
||||||
end_utc_time:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the version type of a certificate (which we don't actually care about)
|
|
||||||
*/
|
|
||||||
static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
|
|
||||||
{
|
|
||||||
int ret = X509_NOT_OK;
|
|
||||||
|
|
||||||
(*offset) += 2; /* get past explicit tag */
|
|
||||||
if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
|
|
||||||
goto end_version;
|
|
||||||
|
|
||||||
ret = X509_OK;
|
|
||||||
end_version:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Retrieve the notbefore and notafter certificate times.
|
|
||||||
*/
|
|
||||||
static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
|
|
||||||
{
|
|
||||||
return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
|
|
||||||
asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
|
|
||||||
asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the components of a distinguished name
|
|
||||||
*/
|
|
||||||
static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
|
|
||||||
{
|
|
||||||
int dn_type = 0;
|
|
||||||
int len;
|
|
||||||
|
|
||||||
if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
|
|
||||||
goto end_oid;
|
|
||||||
|
|
||||||
/* expect a sequence of 2.5.4.[x] where x is a one of distinguished name
|
|
||||||
components we are interested in. */
|
|
||||||
if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
|
|
||||||
dn_type = buf[(*offset)++];
|
|
||||||
else
|
|
||||||
{
|
|
||||||
*offset += len; /* skip over it */
|
|
||||||
}
|
|
||||||
|
|
||||||
end_oid:
|
|
||||||
return dn_type;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Obtain an ASN.1 printable string type.
|
|
||||||
*/
|
|
||||||
static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
|
|
||||||
{
|
|
||||||
int len = X509_NOT_OK;
|
|
||||||
|
|
||||||
/* some certs have this awful crud in them for some reason */
|
|
||||||
if (buf[*offset] != ASN1_PRINTABLE_STR &&
|
|
||||||
buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR)
|
|
||||||
goto end_pnt_str;
|
|
||||||
|
|
||||||
(*offset)++;
|
|
||||||
len = get_asn1_length(buf, offset);
|
|
||||||
*str = (char *)malloc(len+1); /* allow for null */
|
|
||||||
memcpy(*str, &buf[*offset], len);
|
|
||||||
(*str)[len] = 0; /* null terminate */
|
|
||||||
*offset += len;
|
|
||||||
end_pnt_str:
|
|
||||||
return len;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the subject name (or the issuer) of a certificate.
|
|
||||||
*/
|
|
||||||
static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
|
|
||||||
{
|
|
||||||
int ret = X509_NOT_OK;
|
|
||||||
int dn_type;
|
|
||||||
char *tmp = NULL;
|
|
||||||
|
|
||||||
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
|
|
||||||
goto end_name;
|
|
||||||
|
|
||||||
while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
|
|
||||||
{
|
|
||||||
int i, found = 0;
|
|
||||||
|
|
||||||
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
|
|
||||||
(dn_type = asn1_get_oid_x520(cert, offset)) < 0)
|
|
||||||
goto end_name;
|
|
||||||
|
|
||||||
if (asn1_get_printable_str(cert, offset, &tmp) < 0)
|
|
||||||
{
|
|
||||||
free(tmp);
|
|
||||||
goto end_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* find the distinguished named type */
|
|
||||||
for (i = 0; i < X509_NUM_DN_TYPES; i++)
|
|
||||||
{
|
|
||||||
if (dn_type == g_dn_types[i])
|
|
||||||
{
|
|
||||||
if (dn[i] == NULL)
|
|
||||||
{
|
|
||||||
dn[i] = tmp;
|
|
||||||
found = 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (found == 0) /* not found so get rid of it */
|
|
||||||
{
|
|
||||||
free(tmp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = X509_OK;
|
|
||||||
end_name:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Read the modulus and public exponent of a certificate.
|
|
||||||
*/
|
|
||||||
static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
|
|
||||||
{
|
|
||||||
int ret = X509_NOT_OK, mod_len, pub_len;
|
|
||||||
uint8_t *modulus, *pub_exp;
|
|
||||||
|
|
||||||
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
|
|
||||||
asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
|
|
||||||
asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
|
|
||||||
goto end_pub_key;
|
|
||||||
|
|
||||||
(*offset)++;
|
|
||||||
|
|
||||||
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
|
|
||||||
goto end_pub_key;
|
|
||||||
|
|
||||||
mod_len = asn1_get_int(cert, offset, &modulus);
|
|
||||||
pub_len = asn1_get_int(cert, offset, &pub_exp);
|
|
||||||
|
|
||||||
RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
|
|
||||||
|
|
||||||
free(modulus);
|
|
||||||
free(pub_exp);
|
|
||||||
ret = X509_OK;
|
|
||||||
|
|
||||||
end_pub_key:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
|
||||||
/**
|
|
||||||
* Read the signature of the certificate.
|
|
||||||
*/
|
|
||||||
static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
|
|
||||||
{
|
|
||||||
int ret = X509_NOT_OK;
|
|
||||||
|
|
||||||
if (cert[(*offset)++] != ASN1_BIT_STRING)
|
|
||||||
goto end_sig;
|
|
||||||
|
|
||||||
x509_ctx->sig_len = get_asn1_length(cert, offset);
|
|
||||||
x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
|
|
||||||
memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
|
|
||||||
*offset += x509_ctx->sig_len;
|
|
||||||
ret = X509_OK;
|
|
||||||
|
|
||||||
end_sig:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Compare 2 distinguished name components for equality
|
|
||||||
* @return 0 if a match
|
|
||||||
*/
|
|
||||||
static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
|
|
||||||
{
|
|
||||||
int ret = 1;
|
|
||||||
|
|
||||||
if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
|
|
||||||
|
|
||||||
ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
|
|
||||||
|
|
||||||
err_no_match:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Clean up all of the CA certificates.
|
|
||||||
*/
|
|
||||||
void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
|
|
||||||
{
|
|
||||||
int i = 0;
|
|
||||||
|
|
||||||
while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
|
|
||||||
{
|
|
||||||
x509_free(ca_cert_ctx->cert[i]);
|
|
||||||
ca_cert_ctx->cert[i++] = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
free(ca_cert_ctx);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Compare 2 distinguished names for equality
|
|
||||||
* @return 0 if a match
|
|
||||||
*/
|
|
||||||
static int asn1_compare_dn(char * const dn1[], char * const dn2[])
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
for (i = 0; i < X509_NUM_DN_TYPES; i++)
|
|
||||||
{
|
|
||||||
if (asn1_compare_dn_comp(dn1[i], dn2[i]))
|
|
||||||
{
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0; /* all good */
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Retrieve the signature from a certificate.
|
|
||||||
*/
|
|
||||||
const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
|
|
||||||
{
|
|
||||||
int offset = 0;
|
|
||||||
const uint8_t *ptr = NULL;
|
|
||||||
|
|
||||||
if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 ||
|
|
||||||
asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
|
|
||||||
goto end_get_sig;
|
|
||||||
|
|
||||||
if (asn1_sig[offset++] != ASN1_OCTET_STRING)
|
|
||||||
goto end_get_sig;
|
|
||||||
*len = get_asn1_length(asn1_sig, &offset);
|
|
||||||
ptr = &asn1_sig[offset]; /* all ok */
|
|
||||||
|
|
||||||
end_get_sig:
|
|
||||||
return ptr;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Read the signature type of the certificate. We only support RSA-MD5 and
|
|
||||||
* RSA-SHA1 signature types.
|
|
||||||
*/
|
|
||||||
static int asn1_signature_type(const uint8_t *cert,
|
|
||||||
int *offset, X509_CTX *x509_ctx)
|
|
||||||
{
|
|
||||||
int ret = X509_NOT_OK, len;
|
|
||||||
|
|
||||||
if (cert[(*offset)++] != ASN1_OID)
|
|
||||||
goto end_check_sig;
|
|
||||||
|
|
||||||
len = get_asn1_length(cert, offset);
|
|
||||||
|
|
||||||
if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
|
|
||||||
goto end_check_sig; /* unrecognised cert type */
|
|
||||||
|
|
||||||
x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
|
|
||||||
|
|
||||||
*offset += len;
|
|
||||||
if (asn1_skip_obj(cert, offset, ASN1_NULL))
|
|
||||||
goto end_check_sig;
|
|
||||||
ret = X509_OK;
|
|
||||||
|
|
||||||
end_check_sig:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Construct a new x509 object.
|
|
||||||
* @return 0 if ok. < 0 if there was a problem.
|
|
||||||
*/
|
|
||||||
int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
|
|
||||||
{
|
|
||||||
int begin_tbs, end_tbs;
|
|
||||||
int ret = X509_NOT_OK, offset = 0, cert_size = 0;
|
|
||||||
X509_CTX *x509_ctx;
|
|
||||||
BI_CTX *bi_ctx;
|
|
||||||
|
|
||||||
*ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
|
|
||||||
x509_ctx = *ctx;
|
|
||||||
|
|
||||||
/* get the certificate size */
|
|
||||||
asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE);
|
|
||||||
|
|
||||||
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
|
|
||||||
goto end_cert;
|
|
||||||
|
|
||||||
begin_tbs = offset; /* start of the tbs */
|
|
||||||
end_tbs = begin_tbs; /* work out the end of the tbs */
|
|
||||||
asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
|
|
||||||
|
|
||||||
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
|
|
||||||
goto end_cert;
|
|
||||||
|
|
||||||
if (cert[offset] == ASN1_EXPLICIT_TAG) /* optional version */
|
|
||||||
{
|
|
||||||
if (asn1_version(cert, &offset, x509_ctx))
|
|
||||||
goto end_cert;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */
|
|
||||||
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
|
|
||||||
goto end_cert;
|
|
||||||
|
|
||||||
/* make sure the signature is ok */
|
|
||||||
if (asn1_signature_type(cert, &offset, x509_ctx))
|
|
||||||
{
|
|
||||||
ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
|
|
||||||
goto end_cert;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) ||
|
|
||||||
asn1_validity(cert, &offset, x509_ctx) ||
|
|
||||||
asn1_name(cert, &offset, x509_ctx->cert_dn) ||
|
|
||||||
asn1_public_key(cert, &offset, x509_ctx))
|
|
||||||
goto end_cert;
|
|
||||||
|
|
||||||
bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
|
|
||||||
|
|
||||||
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
|
|
||||||
/* use the appropriate signature algorithm (either SHA1 or MD5) */
|
|
||||||
if (x509_ctx->sig_type == SIG_TYPE_MD5)
|
|
||||||
{
|
|
||||||
MD5_CTX md5_ctx;
|
|
||||||
uint8_t md5_dgst[MD5_SIZE];
|
|
||||||
MD5Init(&md5_ctx);
|
|
||||||
MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
|
|
||||||
MD5Final(&md5_ctx, md5_dgst);
|
|
||||||
x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
|
|
||||||
}
|
|
||||||
else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
|
|
||||||
{
|
|
||||||
SHA1_CTX sha_ctx;
|
|
||||||
uint8_t sha_dgst[SHA1_SIZE];
|
|
||||||
SHA1Init(&sha_ctx);
|
|
||||||
SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
|
|
||||||
SHA1Final(&sha_ctx, sha_dgst);
|
|
||||||
x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
|
|
||||||
}
|
|
||||||
|
|
||||||
offset = end_tbs; /* skip the v3 data */
|
|
||||||
if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
|
|
||||||
asn1_signature(cert, &offset, x509_ctx))
|
|
||||||
goto end_cert;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (len)
|
|
||||||
{
|
|
||||||
*len = cert_size;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = X509_OK;
|
|
||||||
end_cert:
|
|
||||||
|
|
||||||
#ifdef CONFIG_SSL_FULL_MODE
|
|
||||||
if (ret)
|
|
||||||
{
|
|
||||||
printf("Error: Invalid X509 ASN.1 file\n");
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Free an X.509 object's resources.
|
|
||||||
*/
|
|
||||||
void x509_free(X509_CTX *x509_ctx)
|
|
||||||
{
|
|
||||||
X509_CTX *next;
|
|
||||||
int i;
|
|
||||||
|
|
||||||
if (x509_ctx == NULL) /* if already null, then don't bother */
|
|
||||||
return;
|
|
||||||
|
|
||||||
for (i = 0; i < X509_NUM_DN_TYPES; i++)
|
|
||||||
{
|
|
||||||
free(x509_ctx->ca_cert_dn[i]);
|
|
||||||
free(x509_ctx->cert_dn[i]);
|
|
||||||
}
|
|
||||||
|
|
||||||
free(x509_ctx->signature);
|
|
||||||
|
|
||||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
|
||||||
if (x509_ctx->digest)
|
|
||||||
{
|
|
||||||
bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
RSA_free(x509_ctx->rsa_ctx);
|
|
||||||
|
|
||||||
next = x509_ctx->next;
|
|
||||||
free(x509_ctx);
|
|
||||||
x509_free(next); /* clear the chain */
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
|
||||||
/**
|
|
||||||
* Do some basic checks on the certificate chain.
|
|
||||||
*
|
|
||||||
* Certificate verification consists of a number of checks:
|
|
||||||
* - A root certificate exists in the certificate store.
|
|
||||||
* - The date of the certificate is after the start date.
|
|
||||||
* - The date of the certificate is before the finish date.
|
|
||||||
* - The certificate chain is valid.
|
|
||||||
* - That the certificate(s) are not self-signed.
|
|
||||||
* - The signature of the certificate is valid.
|
|
||||||
*/
|
|
||||||
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
|
|
||||||
{
|
|
||||||
int ret = X509_OK, i = 0;
|
|
||||||
bigint *cert_sig;
|
|
||||||
X509_CTX *next_cert = NULL;
|
|
||||||
BI_CTX *ctx;
|
|
||||||
bigint *mod, *expn;
|
|
||||||
struct timeval tv;
|
|
||||||
int match_ca_cert = 0;
|
|
||||||
|
|
||||||
if (cert == NULL || ca_cert_ctx == NULL)
|
|
||||||
{
|
|
||||||
ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
|
|
||||||
goto end_verify;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* last cert in the chain - look for a trusted cert */
|
|
||||||
if (cert->next == NULL)
|
|
||||||
{
|
|
||||||
while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
|
|
||||||
{
|
|
||||||
if (asn1_compare_dn(cert->ca_cert_dn,
|
|
||||||
ca_cert_ctx->cert[i]->cert_dn) == 0)
|
|
||||||
{
|
|
||||||
match_ca_cert = 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
|
|
||||||
{
|
|
||||||
next_cert = ca_cert_ctx->cert[i];
|
|
||||||
}
|
|
||||||
else /* trusted cert not found */
|
|
||||||
{
|
|
||||||
ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
|
|
||||||
goto end_verify;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
next_cert = cert->next;
|
|
||||||
}
|
|
||||||
|
|
||||||
gettimeofday(&tv, NULL);
|
|
||||||
|
|
||||||
/* check the not before date */
|
|
||||||
if (tv.tv_sec < cert->not_before)
|
|
||||||
{
|
|
||||||
ret = X509_VFY_ERROR_NOT_YET_VALID;
|
|
||||||
goto end_verify;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* check the not after date */
|
|
||||||
if (tv.tv_sec > cert->not_after)
|
|
||||||
{
|
|
||||||
ret = X509_VFY_ERROR_EXPIRED;
|
|
||||||
goto end_verify;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* check the chain integrity */
|
|
||||||
if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
|
|
||||||
{
|
|
||||||
ret = X509_VFY_ERROR_INVALID_CHAIN;
|
|
||||||
goto end_verify;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* check for self-signing */
|
|
||||||
if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
|
|
||||||
{
|
|
||||||
ret = X509_VFY_ERROR_SELF_SIGNED;
|
|
||||||
goto end_verify;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* check the signature */
|
|
||||||
ctx = cert->rsa_ctx->bi_ctx;
|
|
||||||
mod = next_cert->rsa_ctx->m;
|
|
||||||
expn = next_cert->rsa_ctx->e;
|
|
||||||
cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len,
|
|
||||||
bi_clone(ctx, mod), bi_clone(ctx, expn));
|
|
||||||
|
|
||||||
if (cert_sig)
|
|
||||||
{
|
|
||||||
ret = cert->digest ? /* check the signature */
|
|
||||||
bi_compare(cert_sig, cert->digest) :
|
|
||||||
X509_VFY_ERROR_UNSUPPORTED_DIGEST;
|
|
||||||
bi_free(ctx, cert_sig);
|
|
||||||
|
|
||||||
if (ret)
|
|
||||||
goto end_verify;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
ret = X509_VFY_ERROR_BAD_SIGNATURE;
|
|
||||||
goto end_verify;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* go down the certificate chain using recursion. */
|
|
||||||
if (ret == 0 && cert->next)
|
|
||||||
{
|
|
||||||
ret = x509_verify(ca_cert_ctx, next_cert);
|
|
||||||
}
|
|
||||||
|
|
||||||
end_verify:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (CONFIG_SSL_FULL_MODE)
|
|
||||||
/**
|
|
||||||
* Used for diagnostics.
|
|
||||||
*/
|
|
||||||
void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
|
|
||||||
{
|
|
||||||
if (cert == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
printf("---------------- CERT DEBUG ----------------\n");
|
|
||||||
printf("* CA Cert Distinguished Name\n");
|
|
||||||
if (cert->ca_cert_dn[X509_COMMON_NAME])
|
|
||||||
{
|
|
||||||
printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cert->ca_cert_dn[X509_ORGANIZATION])
|
|
||||||
{
|
|
||||||
printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
|
|
||||||
{
|
|
||||||
printf("Organizational Unit (OU): %s\n",
|
|
||||||
cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
|
|
||||||
}
|
|
||||||
|
|
||||||
printf("* Cert Distinguished Name\n");
|
|
||||||
if (cert->cert_dn[X509_COMMON_NAME])
|
|
||||||
{
|
|
||||||
printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cert->cert_dn[X509_ORGANIZATION])
|
|
||||||
{
|
|
||||||
printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
|
|
||||||
{
|
|
||||||
printf("Organizational Unit (OU): %s\n",
|
|
||||||
cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
|
|
||||||
}
|
|
||||||
|
|
||||||
printf("Not Before:\t\t%s", ctime(&cert->not_before));
|
|
||||||
printf("Not After:\t\t%s", ctime(&cert->not_after));
|
|
||||||
printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
|
|
||||||
printf("Sig Type:\t\t");
|
|
||||||
switch (cert->sig_type)
|
|
||||||
{
|
|
||||||
case SIG_TYPE_MD5:
|
|
||||||
printf("MD5\n");
|
|
||||||
break;
|
|
||||||
case SIG_TYPE_SHA1:
|
|
||||||
printf("SHA1\n");
|
|
||||||
break;
|
|
||||||
case SIG_TYPE_MD2:
|
|
||||||
printf("MD2\n");
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
printf("Unrecognized: %d\n", cert->sig_type);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf("Verify:\t\t\t");
|
|
||||||
|
|
||||||
if (ca_cert_ctx)
|
|
||||||
{
|
|
||||||
x509_display_error(x509_verify(ca_cert_ctx, cert));
|
|
||||||
}
|
|
||||||
|
|
||||||
printf("\n");
|
|
||||||
#if 0
|
|
||||||
print_blob("Signature", cert->signature, cert->sig_len);
|
|
||||||
bi_print("Modulus", cert->rsa_ctx->m);
|
|
||||||
bi_print("Pub Exp", cert->rsa_ctx->e);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (ca_cert_ctx)
|
|
||||||
{
|
|
||||||
x509_print(ca_cert_ctx, cert->next);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void x509_display_error(int error)
|
|
||||||
{
|
|
||||||
switch (error)
|
|
||||||
{
|
|
||||||
case X509_NOT_OK:
|
|
||||||
printf("X509 not ok");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case X509_VFY_ERROR_NO_TRUSTED_CERT:
|
|
||||||
printf("No trusted cert is available");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case X509_VFY_ERROR_BAD_SIGNATURE:
|
|
||||||
printf("Bad signature");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case X509_VFY_ERROR_NOT_YET_VALID:
|
|
||||||
printf("Cert is not yet valid");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case X509_VFY_ERROR_EXPIRED:
|
|
||||||
printf("Cert has expired");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case X509_VFY_ERROR_SELF_SIGNED:
|
|
||||||
printf("Cert is self-signed");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case X509_VFY_ERROR_INVALID_CHAIN:
|
|
||||||
printf("Chain is invalid (check order of certs)");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
|
|
||||||
printf("Unsupported digest");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case X509_INVALID_PRIV_KEY:
|
|
||||||
printf("Invalid private key");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_SSL_FULL_MODE */
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -0,0 +1,181 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2 of the
|
||||||
|
* License, or any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <gpxe/asn1.h>
|
||||||
|
#include <gpxe/x509.h>
|
||||||
|
|
||||||
|
/** @file
|
||||||
|
*
|
||||||
|
* X.509 certificates
|
||||||
|
*
|
||||||
|
* The structure of X.509v3 certificates is concisely documented in
|
||||||
|
* RFC5280 section 4.1. The structure of RSA public keys is
|
||||||
|
* documented in RFC2313.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/** Object Identifier for "rsaEncryption" (1.2.840.113549.1.1.1) */
|
||||||
|
static const uint8_t oid_rsa_encryption[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||||
|
0x0d, 0x01, 0x01, 0x01 };
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Identify X.509 certificate public key
|
||||||
|
*
|
||||||
|
* @v certificate Certificate
|
||||||
|
* @v algorithm Public key algorithm to fill in
|
||||||
|
* @v pubkey Public key value to fill in
|
||||||
|
* @ret rc Return status code
|
||||||
|
*/
|
||||||
|
static int x509_public_key ( const struct asn1_cursor *certificate,
|
||||||
|
struct asn1_cursor *algorithm,
|
||||||
|
struct asn1_cursor *pubkey ) {
|
||||||
|
struct asn1_cursor cursor;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
/* Locate subjectPublicKeyInfo */
|
||||||
|
memcpy ( &cursor, certificate, sizeof ( cursor ) );
|
||||||
|
rc = ( asn1_enter ( &cursor, ASN1_SEQUENCE ), /* Certificate */
|
||||||
|
asn1_enter ( &cursor, ASN1_SEQUENCE ), /* tbsCertificate */
|
||||||
|
asn1_skip ( &cursor, ASN1_EXPLICIT_TAG ), /* version */
|
||||||
|
asn1_skip ( &cursor, ASN1_INTEGER ), /* serialNumber */
|
||||||
|
asn1_skip ( &cursor, ASN1_SEQUENCE ), /* signature */
|
||||||
|
asn1_skip ( &cursor, ASN1_SEQUENCE ), /* issuer */
|
||||||
|
asn1_skip ( &cursor, ASN1_SEQUENCE ), /* validity */
|
||||||
|
asn1_skip ( &cursor, ASN1_SEQUENCE ), /* name */
|
||||||
|
asn1_enter ( &cursor, ASN1_SEQUENCE )/* subjectPublicKeyInfo*/);
|
||||||
|
if ( rc != 0 ) {
|
||||||
|
DBG ( "Cannot locate subjectPublicKeyInfo in:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Locate algorithm */
|
||||||
|
memcpy ( algorithm, &cursor, sizeof ( *algorithm ) );
|
||||||
|
rc = ( asn1_enter ( algorithm, ASN1_SEQUENCE ) /* algorithm */ );
|
||||||
|
if ( rc != 0 ) {
|
||||||
|
DBG ( "Cannot locate algorithm in:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Locate subjectPublicKey */
|
||||||
|
memcpy ( pubkey, &cursor, sizeof ( *pubkey ) );
|
||||||
|
rc = ( asn1_skip ( pubkey, ASN1_SEQUENCE ), /* algorithm */
|
||||||
|
asn1_enter ( pubkey, ASN1_BIT_STRING ) /* subjectPublicKey*/ );
|
||||||
|
if ( rc != 0 ) {
|
||||||
|
DBG ( "Cannot locate subjectPublicKey in:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Identify X.509 certificate RSA modulus and public exponent
|
||||||
|
*
|
||||||
|
* @v certificate Certificate
|
||||||
|
* @v rsa RSA public key to fill in
|
||||||
|
* @ret rc Return status code
|
||||||
|
*
|
||||||
|
* The caller is responsible for eventually calling
|
||||||
|
* x509_free_rsa_public_key() to free the storage allocated to hold
|
||||||
|
* the RSA modulus and exponent.
|
||||||
|
*/
|
||||||
|
int x509_rsa_public_key ( const struct asn1_cursor *certificate,
|
||||||
|
struct x509_rsa_public_key *rsa_pubkey ) {
|
||||||
|
struct asn1_cursor algorithm;
|
||||||
|
struct asn1_cursor pubkey;
|
||||||
|
struct asn1_cursor modulus;
|
||||||
|
struct asn1_cursor exponent;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
/* First, extract the public key algorithm and key data */
|
||||||
|
if ( ( rc = x509_public_key ( certificate, &algorithm,
|
||||||
|
&pubkey ) ) != 0 )
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
/* Check that algorithm is RSA */
|
||||||
|
rc = ( asn1_enter ( &algorithm, ASN1_OID ) /* algorithm */ );
|
||||||
|
if ( rc != 0 ) {
|
||||||
|
DBG ( "Cannot locate algorithm:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
if ( ( algorithm.len != sizeof ( oid_rsa_encryption ) ) ||
|
||||||
|
( memcmp ( algorithm.data, &oid_rsa_encryption,
|
||||||
|
sizeof ( oid_rsa_encryption ) ) != 0 ) ) {
|
||||||
|
DBG ( "algorithm is not rsaEncryption in:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return -ENOTSUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check that public key is a byte string, i.e. that the
|
||||||
|
* "unused bits" byte contains zero.
|
||||||
|
*/
|
||||||
|
if ( ( pubkey.len < 1 ) ||
|
||||||
|
( ( *( uint8_t * ) pubkey.data ) != 0 ) ) {
|
||||||
|
DBG ( "subjectPublicKey is not a byte string in:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return -ENOTSUP;
|
||||||
|
}
|
||||||
|
pubkey.data++;
|
||||||
|
pubkey.len--;
|
||||||
|
|
||||||
|
/* Pick out the modulus and exponent */
|
||||||
|
rc = ( asn1_enter ( &pubkey, ASN1_SEQUENCE ) /* RSAPublicKey */ );
|
||||||
|
if ( rc != 0 ) {
|
||||||
|
DBG ( "Cannot locate RSAPublicKey in:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return -ENOTSUP;
|
||||||
|
}
|
||||||
|
memcpy ( &modulus, &pubkey, sizeof ( modulus ) );
|
||||||
|
rc = ( asn1_enter ( &modulus, ASN1_INTEGER ) /* modulus */ );
|
||||||
|
if ( rc != 0 ) {
|
||||||
|
DBG ( "Cannot locate modulus in:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return -ENOTSUP;
|
||||||
|
}
|
||||||
|
memcpy ( &exponent, &pubkey, sizeof ( exponent ) );
|
||||||
|
rc = ( asn1_skip ( &exponent, ASN1_INTEGER ), /* modulus */
|
||||||
|
asn1_enter ( &exponent, ASN1_INTEGER ) /* publicExponent */ );
|
||||||
|
if ( rc != 0 ) {
|
||||||
|
DBG ( "Cannot locate publicExponent in:\n" );
|
||||||
|
DBG_HDA ( 0, certificate->data, certificate->len );
|
||||||
|
return -ENOTSUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Allocate space and copy out modulus and exponent */
|
||||||
|
rsa_pubkey->modulus = malloc ( modulus.len + exponent.len );
|
||||||
|
if ( ! rsa_pubkey->modulus )
|
||||||
|
return -ENOMEM;
|
||||||
|
rsa_pubkey->exponent = ( rsa_pubkey->modulus + modulus.len );
|
||||||
|
memcpy ( rsa_pubkey->modulus, modulus.data, modulus.len );
|
||||||
|
rsa_pubkey->modulus_len = modulus.len;
|
||||||
|
memcpy ( rsa_pubkey->exponent, exponent.data, exponent.len );
|
||||||
|
rsa_pubkey->exponent_len = exponent.len;
|
||||||
|
|
||||||
|
DBG2 ( "RSA modulus:\n" );
|
||||||
|
DBG2_HDA ( 0, rsa_pubkey->modulus, rsa_pubkey->modulus_len );
|
||||||
|
DBG2 ( "RSA exponent:\n" );
|
||||||
|
DBG2_HDA ( 0, rsa_pubkey->exponent, rsa_pubkey->exponent_len );
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
|
@ -21,12 +21,12 @@
|
||||||
*/
|
*/
|
||||||
struct asn1_cursor {
|
struct asn1_cursor {
|
||||||
/** Start of data */
|
/** Start of data */
|
||||||
uint8_t *data;
|
void *data;
|
||||||
/** Length of data */
|
/** Length of data */
|
||||||
size_t len;
|
size_t len;
|
||||||
};
|
};
|
||||||
|
|
||||||
extern int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type );
|
extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type );
|
||||||
extern int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type );
|
extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type );
|
||||||
|
|
||||||
#endif /* _GPXE_ASN1_H */
|
#endif /* _GPXE_ASN1_H */
|
||||||
|
|
|
@ -168,6 +168,7 @@
|
||||||
#define ERRFILE_smbios_settings ( ERRFILE_OTHER | 0x00130000 )
|
#define ERRFILE_smbios_settings ( ERRFILE_OTHER | 0x00130000 )
|
||||||
#define ERRFILE_efi_smbios ( ERRFILE_OTHER | 0x00140000 )
|
#define ERRFILE_efi_smbios ( ERRFILE_OTHER | 0x00140000 )
|
||||||
#define ERRFILE_pxemenu ( ERRFILE_OTHER | 0x00150000 )
|
#define ERRFILE_pxemenu ( ERRFILE_OTHER | 0x00150000 )
|
||||||
|
#define ERRFILE_x509 ( ERRFILE_OTHER | 0x00160000 )
|
||||||
|
|
||||||
/** @} */
|
/** @} */
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
#include <gpxe/crypto.h>
|
#include <gpxe/crypto.h>
|
||||||
#include <gpxe/md5.h>
|
#include <gpxe/md5.h>
|
||||||
#include <gpxe/sha1.h>
|
#include <gpxe/sha1.h>
|
||||||
|
#include <gpxe/x509.h>
|
||||||
|
|
||||||
/** A TLS header */
|
/** A TLS header */
|
||||||
struct tls_header {
|
struct tls_header {
|
||||||
|
@ -157,10 +158,7 @@ struct tls_session {
|
||||||
uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
|
uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
|
||||||
|
|
||||||
/** Hack: server RSA public key */
|
/** Hack: server RSA public key */
|
||||||
uint8_t *rsa_mod;
|
struct x509_rsa_public_key rsa;
|
||||||
size_t rsa_mod_len;
|
|
||||||
uint8_t *rsa_pub_exp;
|
|
||||||
size_t rsa_pub_exp_len;
|
|
||||||
|
|
||||||
/** TX sequence number */
|
/** TX sequence number */
|
||||||
uint64_t tx_seq;
|
uint64_t tx_seq;
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
#ifndef _GPXE_X509_H
|
||||||
|
#define _GPXE_X509_H
|
||||||
|
|
||||||
|
/** @file
|
||||||
|
*
|
||||||
|
* X.509 certificates
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
struct asn1_cursor;
|
||||||
|
|
||||||
|
/** An X.509 RSA public key */
|
||||||
|
struct x509_rsa_public_key {
|
||||||
|
/** Modulus */
|
||||||
|
uint8_t *modulus;
|
||||||
|
/** Modulus length */
|
||||||
|
size_t modulus_len;
|
||||||
|
/** Exponent */
|
||||||
|
uint8_t *exponent;
|
||||||
|
/** Exponent length */
|
||||||
|
size_t exponent_len;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Free X.509 RSA public key
|
||||||
|
*
|
||||||
|
* @v rsa_pubkey RSA public key
|
||||||
|
*/
|
||||||
|
static inline void
|
||||||
|
x509_free_rsa_public_key ( struct x509_rsa_public_key *rsa_pubkey ) {
|
||||||
|
free ( rsa_pubkey->modulus );
|
||||||
|
}
|
||||||
|
|
||||||
|
extern int x509_rsa_public_key ( const struct asn1_cursor *certificate,
|
||||||
|
struct x509_rsa_public_key *rsa_pubkey );
|
||||||
|
|
||||||
|
#endif /* _GPXE_X509_H */
|
169
src/net/tls.c
169
src/net/tls.c
|
@ -36,6 +36,8 @@
|
||||||
#include <gpxe/xfer.h>
|
#include <gpxe/xfer.h>
|
||||||
#include <gpxe/open.h>
|
#include <gpxe/open.h>
|
||||||
#include <gpxe/filter.h>
|
#include <gpxe/filter.h>
|
||||||
|
#include <gpxe/asn1.h>
|
||||||
|
#include <gpxe/x509.h>
|
||||||
#include <gpxe/tls.h>
|
#include <gpxe/tls.h>
|
||||||
|
|
||||||
static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
|
static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
|
||||||
|
@ -43,6 +45,33 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
|
||||||
static void tls_clear_cipher ( struct tls_session *tls,
|
static void tls_clear_cipher ( struct tls_session *tls,
|
||||||
struct tls_cipherspec *cipherspec );
|
struct tls_cipherspec *cipherspec );
|
||||||
|
|
||||||
|
/******************************************************************************
|
||||||
|
*
|
||||||
|
* Utility functions
|
||||||
|
*
|
||||||
|
******************************************************************************
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extract 24-bit field value
|
||||||
|
*
|
||||||
|
* @v field24 24-bit field
|
||||||
|
* @ret value Field value
|
||||||
|
*
|
||||||
|
* TLS uses 24-bit integers in several places, which are awkward to
|
||||||
|
* parse in C.
|
||||||
|
*/
|
||||||
|
static unsigned long tls_uint24 ( uint8_t field24[3] ) {
|
||||||
|
return ( ( field24[0] << 16 ) + ( field24[1] << 8 ) + field24[2] );
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************
|
||||||
|
*
|
||||||
|
* Cleanup functions
|
||||||
|
*
|
||||||
|
******************************************************************************
|
||||||
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Free TLS session
|
* Free TLS session
|
||||||
*
|
*
|
||||||
|
@ -57,8 +86,7 @@ static void free_tls ( struct refcnt *refcnt ) {
|
||||||
tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
|
tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
|
||||||
tls_clear_cipher ( tls, &tls->rx_cipherspec );
|
tls_clear_cipher ( tls, &tls->rx_cipherspec );
|
||||||
tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
|
tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
|
||||||
free ( tls->rsa_mod );
|
x509_free_rsa_public_key ( &tls->rsa );
|
||||||
free ( tls->rsa_pub_exp );
|
|
||||||
free ( tls->rx_data );
|
free ( tls->rx_data );
|
||||||
|
|
||||||
/* Free TLS structure itself */
|
/* Free TLS structure itself */
|
||||||
|
@ -622,8 +650,8 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
|
||||||
static int tls_send_client_key_exchange ( struct tls_session *tls ) {
|
static int tls_send_client_key_exchange ( struct tls_session *tls ) {
|
||||||
/* FIXME: Hack alert */
|
/* FIXME: Hack alert */
|
||||||
RSA_CTX *rsa_ctx;
|
RSA_CTX *rsa_ctx;
|
||||||
RSA_pub_key_new ( &rsa_ctx, tls->rsa_mod, tls->rsa_mod_len,
|
RSA_pub_key_new ( &rsa_ctx, tls->rsa.modulus, tls->rsa.modulus_len,
|
||||||
tls->rsa_pub_exp, tls->rsa_pub_exp_len );
|
tls->rsa.exponent, tls->rsa.exponent_len );
|
||||||
struct {
|
struct {
|
||||||
uint32_t type_length;
|
uint32_t type_length;
|
||||||
uint16_t encrypted_pre_master_secret_len;
|
uint16_t encrypted_pre_master_secret_len;
|
||||||
|
@ -641,8 +669,8 @@ static int tls_send_client_key_exchange ( struct tls_session *tls ) {
|
||||||
DBGC ( tls, "RSA encrypting plaintext, modulus, exponent:\n" );
|
DBGC ( tls, "RSA encrypting plaintext, modulus, exponent:\n" );
|
||||||
DBGC_HD ( tls, &tls->pre_master_secret,
|
DBGC_HD ( tls, &tls->pre_master_secret,
|
||||||
sizeof ( tls->pre_master_secret ) );
|
sizeof ( tls->pre_master_secret ) );
|
||||||
DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len );
|
DBGC_HD ( tls, tls->rsa.modulus, tls->rsa.modulus_len );
|
||||||
DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len );
|
DBGC_HD ( tls, tls->rsa.exponent, tls->rsa.exponent_len );
|
||||||
RSA_encrypt ( rsa_ctx, ( const uint8_t * ) &tls->pre_master_secret,
|
RSA_encrypt ( rsa_ctx, ( const uint8_t * ) &tls->pre_master_secret,
|
||||||
sizeof ( tls->pre_master_secret ),
|
sizeof ( tls->pre_master_secret ),
|
||||||
key_xchg.encrypted_pre_master_secret, 0 );
|
key_xchg.encrypted_pre_master_secret, 0 );
|
||||||
|
@ -761,17 +789,16 @@ static int tls_new_alert ( struct tls_session *tls, void *data, size_t len ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Receive new Server Hello record
|
* Receive new Server Hello handshake record
|
||||||
*
|
*
|
||||||
* @v tls TLS session
|
* @v tls TLS session
|
||||||
* @v data Plaintext record
|
* @v data Plaintext handshake record
|
||||||
* @v len Length of plaintext record
|
* @v len Length of plaintext handshake record
|
||||||
* @ret rc Return status code
|
* @ret rc Return status code
|
||||||
*/
|
*/
|
||||||
static int tls_new_server_hello ( struct tls_session *tls,
|
static int tls_new_server_hello ( struct tls_session *tls,
|
||||||
void *data, size_t len ) {
|
void *data, size_t len ) {
|
||||||
struct {
|
struct {
|
||||||
uint32_t type_length;
|
|
||||||
uint16_t version;
|
uint16_t version;
|
||||||
uint8_t random[32];
|
uint8_t random[32];
|
||||||
uint8_t session_id_len;
|
uint8_t session_id_len;
|
||||||
|
@ -818,72 +845,74 @@ static int tls_new_server_hello ( struct tls_session *tls,
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Receive new Certificate record
|
* Receive new Certificate handshake record
|
||||||
*
|
*
|
||||||
* @v tls TLS session
|
* @v tls TLS session
|
||||||
* @v data Plaintext record
|
* @v data Plaintext handshake record
|
||||||
* @v len Length of plaintext record
|
* @v len Length of plaintext handshake record
|
||||||
* @ret rc Return status code
|
* @ret rc Return status code
|
||||||
*/
|
*/
|
||||||
static int tls_new_certificate ( struct tls_session *tls,
|
static int tls_new_certificate ( struct tls_session *tls,
|
||||||
void *data, size_t len ) {
|
void *data, size_t len ) {
|
||||||
struct {
|
struct {
|
||||||
uint32_t type_length;
|
|
||||||
uint8_t length[3];
|
uint8_t length[3];
|
||||||
uint8_t first_cert_length[3];
|
uint8_t certificates[0];
|
||||||
uint8_t asn1_start[0];
|
|
||||||
} __attribute__ (( packed )) *certificate = data;
|
} __attribute__ (( packed )) *certificate = data;
|
||||||
uint8_t *cert = certificate->asn1_start;
|
struct {
|
||||||
int offset = 0;
|
uint8_t length[3];
|
||||||
|
uint8_t certificate[0];
|
||||||
|
} __attribute__ (( packed )) *element =
|
||||||
|
( ( void * ) certificate->certificates );
|
||||||
|
size_t elements_len = tls_uint24 ( certificate->length );
|
||||||
|
void *end = ( certificate->certificates + elements_len );
|
||||||
|
struct asn1_cursor cursor;
|
||||||
|
int rc;
|
||||||
|
|
||||||
/* FIXME */
|
/* Sanity check */
|
||||||
(void) len;
|
if ( end != ( data + len ) ) {
|
||||||
|
DBGC ( tls, "TLS %p received overlength Server Certificate\n",
|
||||||
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
|
tls );
|
||||||
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
|
DBGC_HD ( tls, data, len );
|
||||||
asn1_skip_obj(cert, &offset, ASN1_EXPLICIT_TAG) ||
|
return -EINVAL;
|
||||||
asn1_skip_obj(cert, &offset, ASN1_INTEGER) ||
|
|
||||||
asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
|
|
||||||
asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
|
|
||||||
asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
|
|
||||||
asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
|
|
||||||
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
|
|
||||||
asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
|
|
||||||
asn1_next_obj(cert, &offset, ASN1_BIT_STRING) < 0) {
|
|
||||||
DBGC ( tls, "TLS %p invalid certificate\n", tls );
|
|
||||||
DBGC_HD ( tls, cert + offset, 64 );
|
|
||||||
return -EPERM;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
offset++;
|
/* Traverse certificate chain */
|
||||||
|
do {
|
||||||
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) {
|
cursor.data = element->certificate;
|
||||||
DBGC ( tls, "TLS %p invalid certificate\n", tls );
|
cursor.len = tls_uint24 ( element->length );
|
||||||
DBGC_HD ( tls, cert + offset, 64 );
|
if ( ( cursor.data + cursor.len ) > end ) {
|
||||||
return -EPERM;
|
DBGC ( tls, "TLS %p received corrupt Server "
|
||||||
|
"Certificate\n", tls );
|
||||||
|
DBGC_HD ( tls, data, len );
|
||||||
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
tls->rsa_mod_len = asn1_get_int(cert, &offset, &tls->rsa_mod);
|
// HACK
|
||||||
tls->rsa_pub_exp_len = asn1_get_int(cert, &offset, &tls->rsa_pub_exp);
|
if ( ( rc = x509_rsa_public_key ( &cursor,
|
||||||
|
&tls->rsa ) ) != 0 ) {
|
||||||
DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len );
|
DBGC ( tls, "TLS %p cannot determine RSA public key: "
|
||||||
DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len );
|
"%s\n", tls, strerror ( rc ) );
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
element = ( cursor.data + cursor.len );
|
||||||
|
} while ( element != end );
|
||||||
|
|
||||||
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Receive new Server Hello Done record
|
* Receive new Server Hello Done handshake record
|
||||||
*
|
*
|
||||||
* @v tls TLS session
|
* @v tls TLS session
|
||||||
* @v data Plaintext record
|
* @v data Plaintext handshake record
|
||||||
* @v len Length of plaintext record
|
* @v len Length of plaintext handshake record
|
||||||
* @ret rc Return status code
|
* @ret rc Return status code
|
||||||
*/
|
*/
|
||||||
static int tls_new_server_hello_done ( struct tls_session *tls,
|
static int tls_new_server_hello_done ( struct tls_session *tls,
|
||||||
void *data, size_t len ) {
|
void *data, size_t len ) {
|
||||||
struct {
|
struct {
|
||||||
uint32_t type_length;
|
|
||||||
char next[0];
|
char next[0];
|
||||||
} __attribute__ (( packed )) *hello_done = data;
|
} __attribute__ (( packed )) *hello_done = data;
|
||||||
void *end = hello_done->next;
|
void *end = hello_done->next;
|
||||||
|
@ -910,11 +939,11 @@ static int tls_new_server_hello_done ( struct tls_session *tls,
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Receive new Finished record
|
* Receive new Finished handshake record
|
||||||
*
|
*
|
||||||
* @v tls TLS session
|
* @v tls TLS session
|
||||||
* @v data Plaintext record
|
* @v data Plaintext handshake record
|
||||||
* @v len Length of plaintext record
|
* @v len Length of plaintext handshake record
|
||||||
* @ret rc Return status code
|
* @ret rc Return status code
|
||||||
*/
|
*/
|
||||||
static int tls_new_finished ( struct tls_session *tls,
|
static int tls_new_finished ( struct tls_session *tls,
|
||||||
|
@ -937,33 +966,47 @@ static int tls_new_finished ( struct tls_session *tls,
|
||||||
*/
|
*/
|
||||||
static int tls_new_handshake ( struct tls_session *tls,
|
static int tls_new_handshake ( struct tls_session *tls,
|
||||||
void *data, size_t len ) {
|
void *data, size_t len ) {
|
||||||
uint8_t *type = data;
|
struct {
|
||||||
|
uint8_t type;
|
||||||
|
uint8_t length[3];
|
||||||
|
uint8_t payload[0];
|
||||||
|
} __attribute__ (( packed )) *handshake = data;
|
||||||
|
void *payload = &handshake->payload;
|
||||||
|
size_t payload_len = tls_uint24 ( handshake->length );
|
||||||
|
void *end = ( payload + payload_len );
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
switch ( *type ) {
|
/* Sanity check */
|
||||||
|
if ( end != ( data + len ) ) {
|
||||||
|
DBGC ( tls, "TLS %p received overlength Handshake\n", tls );
|
||||||
|
DBGC_HD ( tls, data, len );
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch ( handshake->type ) {
|
||||||
case TLS_SERVER_HELLO:
|
case TLS_SERVER_HELLO:
|
||||||
rc = tls_new_server_hello ( tls, data, len );
|
rc = tls_new_server_hello ( tls, payload, payload_len );
|
||||||
break;
|
break;
|
||||||
case TLS_CERTIFICATE:
|
case TLS_CERTIFICATE:
|
||||||
rc = tls_new_certificate ( tls, data, len );
|
rc = tls_new_certificate ( tls, payload, payload_len );
|
||||||
break;
|
break;
|
||||||
case TLS_SERVER_HELLO_DONE:
|
case TLS_SERVER_HELLO_DONE:
|
||||||
rc = tls_new_server_hello_done ( tls, data, len );
|
rc = tls_new_server_hello_done ( tls, payload, payload_len );
|
||||||
break;
|
break;
|
||||||
case TLS_FINISHED:
|
case TLS_FINISHED:
|
||||||
rc = tls_new_finished ( tls, data, len );
|
rc = tls_new_finished ( tls, payload, payload_len );
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
DBGC ( tls, "TLS %p ignoring handshake type %d\n",
|
DBGC ( tls, "TLS %p ignoring handshake type %d\n",
|
||||||
tls, *type );
|
tls, handshake->type );
|
||||||
rc = 0;
|
rc = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Add to handshake digest (except for Hello Requests, which
|
/* Add to handshake digest (except for Hello Requests, which
|
||||||
* are explicitly excludede).
|
* are explicitly excluded).
|
||||||
*/
|
*/
|
||||||
if ( *type != TLS_HELLO_REQUEST )
|
if ( handshake->type != TLS_HELLO_REQUEST )
|
||||||
tls_add_handshake ( tls, data, len );
|
tls_add_handshake ( tls, data, len );
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
|
|
Reference in New Issue