1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503215042150521506215072150821509215102151121512215132151421515215162151721518215192152021521215222152321524215252152621527215282152921530215312153221533215342153521536215372153821539215402154121542215432154421545215462154721548215492155021551215522155321554215552155621557215582155921560215612156221563215642156521566215672156821569215702157121572215732157421575215762157721578215792158021581215822158321584215852158621587215882158921590215912159221593215942159521596215972159821599216002160121602216032160421605216062160721608216092161021611216122161321614216152161621617216182161921620216212162221623216242162521626216272162821629216302163121632216332163421635216362163721638216392164021641216422164321644216452164621647216482164921650216512165221653216542165521656216572165821659216602166121662216632166421665216662166721668216692167021671216722167321674216752167621677216782167921680216812168221683216842168521686216872168821689216902169121692216932169421695216962169721698216992170021701217022170321704217052170621707217082170921710217112171221713217142171521716217172171821719217202172121722217232172421725217262172721728217292173021731217322173321734217352173621737217382173921740217412174221743217442174521746217472174821749217502175121752217532175421755217562175721758217592176021761217622176321764217652176621767217682176921770217712177221773217742177521776217772177821779217802178121782217832178421785217862178721788217892179021791217922179321794217952179621797217982179921800218012180221803218042180521806218072180821809218102181121812218132181421815218162181721818218192182021821218222182321824218252182621827218282182921830218312183221833218342183521836218372183821839218402184121842218432184421845218462184721848218492185021851218522185321854218552185621857218582185921860218612186221863218642186521866218672186821869218702187121872218732187421875218762187721878218792188021881218822188321884218852188621887218882188921890218912189221893218942189521896218972189821899219002190121902219032190421905219062190721908219092191021911219122191321914219152191621917219182191921920219212192221923219242192521926219272192821929219302193121932219332193421935219362193721938219392194021941219422194321944219452194621947219482194921950219512195221953219542195521956219572195821959219602196121962219632196421965219662196721968219692197021971219722197321974219752197621977219782197921980219812198221983219842198521986219872198821989219902199121992219932199421995219962199721998219992200022001220022200322004220052200622007220082200922010220112201222013220142201522016220172201822019220202202122022220232202422025220262202722028220292203022031220322203322034220352203622037220382203922040220412204222043220442204522046220472204822049220502205122052220532205422055220562205722058220592206022061220622206322064220652206622067220682206922070220712207222073220742207522076220772207822079220802208122082220832208422085220862208722088220892209022091220922209322094220952209622097220982209922100221012210222103221042210522106221072210822109221102211122112221132211422115221162211722118221192212022121221222212322124221252212622127221282212922130221312213222133221342213522136221372213822139221402214122142221432214422145221462214722148221492215022151221522215322154221552215622157221582215922160221612216222163221642216522166221672216822169221702217122172221732217422175221762217722178221792218022181221822218322184221852218622187221882218922190221912219222193221942219522196221972219822199222002220122202222032220422205222062220722208222092221022211222122221322214222152221622217222182221922220222212222222223222242222522226222272222822229222302223122232222332223422235222362223722238222392224022241222422224322244222452224622247222482224922250222512225222253222542225522256222572225822259222602226122262222632226422265222662226722268222692227022271222722227322274222752227622277222782227922280222812228222283222842228522286222872228822289222902229122292222932229422295222962229722298222992230022301223022230322304223052230622307223082230922310223112231222313223142231522316223172231822319223202232122322223232232422325223262232722328223292233022331223322233322334223352233622337223382233922340223412234222343223442234522346223472234822349223502235122352223532235422355223562235722358223592236022361223622236322364223652236622367223682236922370223712237222373223742237522376223772237822379223802238122382223832238422385223862238722388223892239022391223922239322394223952239622397223982239922400224012240222403224042240522406224072240822409224102241122412224132241422415224162241722418224192242022421224222242322424224252242622427224282242922430224312243222433224342243522436224372243822439224402244122442224432244422445224462244722448224492245022451224522245322454224552245622457224582245922460224612246222463224642246522466224672246822469224702247122472224732247422475224762247722478224792248022481224822248322484224852248622487224882248922490224912249222493224942249522496224972249822499225002250122502225032250422505225062250722508225092251022511225122251322514225152251622517225182251922520225212252222523225242252522526225272252822529225302253122532225332253422535225362253722538225392254022541225422254322544225452254622547225482254922550225512255222553225542255522556225572255822559225602256122562225632256422565225662256722568225692257022571225722257322574225752257622577225782257922580225812258222583225842258522586225872258822589225902259122592225932259422595225962259722598225992260022601226022260322604226052260622607226082260922610226112261222613226142261522616226172261822619226202262122622226232262422625226262262722628226292263022631226322263322634226352263622637226382263922640226412264222643226442264522646226472264822649226502265122652226532265422655226562265722658226592266022661226622266322664226652266622667226682266922670226712267222673226742267522676226772267822679226802268122682226832268422685226862268722688226892269022691226922269322694226952269622697226982269922700227012270222703227042270522706227072270822709227102271122712227132271422715227162271722718227192272022721227222272322724227252272622727227282272922730227312273222733227342273522736227372273822739227402274122742227432274422745227462274722748227492275022751227522275322754227552275622757227582275922760227612276222763227642276522766227672276822769227702277122772227732277422775227762277722778227792278022781227822278322784227852278622787227882278922790227912279222793227942279522796227972279822799228002280122802228032280422805228062280722808228092281022811228122281322814228152281622817228182281922820228212282222823228242282522826228272282822829228302283122832228332283422835228362283722838228392284022841228422284322844228452284622847228482284922850228512285222853228542285522856228572285822859228602286122862228632286422865228662286722868228692287022871228722287322874228752287622877228782287922880228812288222883228842288522886228872288822889228902289122892228932289422895228962289722898228992290022901229022290322904229052290622907229082290922910229112291222913229142291522916229172291822919229202292122922229232292422925229262292722928229292293022931229322293322934229352293622937229382293922940229412294222943229442294522946229472294822949229502295122952229532295422955229562295722958229592296022961229622296322964229652296622967229682296922970229712297222973229742297522976229772297822979229802298122982229832298422985229862298722988229892299022991229922299322994229952299622997229982299923000230012300223003230042300523006230072300823009230102301123012230132301423015230162301723018230192302023021230222302323024230252302623027230282302923030230312303223033230342303523036230372303823039230402304123042230432304423045230462304723048230492305023051230522305323054230552305623057230582305923060230612306223063230642306523066230672306823069230702307123072230732307423075230762307723078230792308023081230822308323084230852308623087230882308923090230912309223093230942309523096230972309823099231002310123102231032310423105231062310723108231092311023111231122311323114231152311623117231182311923120231212312223123231242312523126231272312823129231302313123132231332313423135231362313723138231392314023141231422314323144231452314623147231482314923150231512315223153231542315523156231572315823159231602316123162231632316423165231662316723168231692317023171231722317323174231752317623177231782317923180231812318223183231842318523186231872318823189231902319123192231932319423195231962319723198231992320023201232022320323204232052320623207232082320923210232112321223213232142321523216232172321823219232202322123222232232322423225232262322723228232292323023231232322323323234232352323623237232382323923240232412324223243232442324523246232472324823249232502325123252232532325423255232562325723258232592326023261232622326323264232652326623267232682326923270232712327223273232742327523276232772327823279232802328123282232832328423285232862328723288232892329023291232922329323294232952329623297232982329923300233012330223303233042330523306233072330823309233102331123312233132331423315233162331723318233192332023321233222332323324233252332623327233282332923330233312333223333233342333523336233372333823339233402334123342233432334423345233462334723348233492335023351233522335323354233552335623357233582335923360233612336223363233642336523366233672336823369233702337123372233732337423375233762337723378233792338023381233822338323384233852338623387233882338923390233912339223393233942339523396233972339823399234002340123402234032340423405234062340723408234092341023411234122341323414234152341623417234182341923420234212342223423234242342523426234272342823429234302343123432234332343423435234362343723438234392344023441234422344323444234452344623447234482344923450234512345223453234542345523456234572345823459234602346123462234632346423465234662346723468234692347023471234722347323474234752347623477234782347923480234812348223483234842348523486234872348823489234902349123492234932349423495234962349723498234992350023501235022350323504235052350623507235082350923510235112351223513235142351523516235172351823519235202352123522235232352423525235262352723528235292353023531235322353323534235352353623537235382353923540235412354223543235442354523546235472354823549235502355123552235532355423555235562355723558235592356023561235622356323564235652356623567235682356923570235712357223573235742357523576235772357823579235802358123582235832358423585235862358723588235892359023591235922359323594235952359623597235982359923600236012360223603236042360523606236072360823609236102361123612236132361423615236162361723618236192362023621236222362323624236252362623627236282362923630236312363223633236342363523636236372363823639236402364123642236432364423645236462364723648236492365023651236522365323654236552365623657236582365923660236612366223663236642366523666236672366823669236702367123672236732367423675236762367723678236792368023681236822368323684236852368623687236882368923690236912369223693236942369523696236972369823699237002370123702237032370423705237062370723708237092371023711237122371323714237152371623717237182371923720237212372223723237242372523726237272372823729237302373123732237332373423735237362373723738237392374023741237422374323744237452374623747237482374923750237512375223753237542375523756237572375823759237602376123762237632376423765237662376723768237692377023771237722377323774237752377623777237782377923780237812378223783237842378523786237872378823789237902379123792237932379423795237962379723798237992380023801238022380323804238052380623807238082380923810238112381223813238142381523816238172381823819238202382123822238232382423825238262382723828238292383023831238322383323834238352383623837238382383923840238412384223843238442384523846238472384823849238502385123852238532385423855238562385723858238592386023861238622386323864238652386623867238682386923870238712387223873238742387523876238772387823879238802388123882238832388423885238862388723888238892389023891238922389323894238952389623897238982389923900239012390223903239042390523906239072390823909239102391123912239132391423915239162391723918239192392023921239222392323924239252392623927239282392923930239312393223933239342393523936239372393823939239402394123942239432394423945239462394723948239492395023951239522395323954239552395623957239582395923960239612396223963239642396523966239672396823969239702397123972239732397423975239762397723978239792398023981239822398323984239852398623987239882398923990239912399223993239942399523996239972399823999240002400124002240032400424005240062400724008240092401024011240122401324014240152401624017240182401924020240212402224023240242402524026240272402824029240302403124032240332403424035240362403724038240392404024041240422404324044240452404624047240482404924050240512405224053240542405524056240572405824059240602406124062240632406424065240662406724068240692407024071240722407324074240752407624077240782407924080240812408224083240842408524086240872408824089240902409124092240932409424095240962409724098240992410024101241022410324104241052410624107241082410924110241112411224113241142411524116241172411824119241202412124122241232412424125241262412724128241292413024131241322413324134241352413624137241382413924140241412414224143241442414524146241472414824149241502415124152241532415424155241562415724158241592416024161241622416324164241652416624167241682416924170241712417224173241742417524176241772417824179241802418124182241832418424185241862418724188241892419024191241922419324194241952419624197241982419924200242012420224203242042420524206242072420824209242102421124212242132421424215242162421724218242192422024221242222422324224242252422624227242282422924230242312423224233242342423524236242372423824239242402424124242242432424424245242462424724248242492425024251242522425324254242552425624257242582425924260242612426224263242642426524266242672426824269242702427124272242732427424275242762427724278242792428024281242822428324284242852428624287242882428924290242912429224293242942429524296242972429824299243002430124302243032430424305243062430724308243092431024311243122431324314243152431624317243182431924320243212432224323243242432524326243272432824329243302433124332243332433424335243362433724338243392434024341243422434324344243452434624347243482434924350243512435224353243542435524356243572435824359243602436124362243632436424365243662436724368243692437024371243722437324374243752437624377243782437924380243812438224383243842438524386243872438824389243902439124392243932439424395243962439724398243992440024401244022440324404244052440624407244082440924410244112441224413244142441524416244172441824419244202442124422244232442424425244262442724428244292443024431244322443324434244352443624437244382443924440244412444224443244442444524446244472444824449244502445124452244532445424455244562445724458244592446024461244622446324464244652446624467244682446924470244712447224473244742447524476244772447824479244802448124482244832448424485244862448724488244892449024491244922449324494244952449624497244982449924500245012450224503245042450524506245072450824509245102451124512245132451424515245162451724518245192452024521245222452324524245252452624527245282452924530245312453224533245342453524536245372453824539245402454124542245432454424545245462454724548245492455024551245522455324554245552455624557245582455924560245612456224563245642456524566245672456824569245702457124572245732457424575245762457724578245792458024581245822458324584245852458624587245882458924590245912459224593245942459524596245972459824599246002460124602246032460424605246062460724608246092461024611246122461324614246152461624617246182461924620246212462224623246242462524626246272462824629246302463124632246332463424635246362463724638246392464024641246422464324644246452464624647246482464924650246512465224653246542465524656246572465824659246602466124662246632466424665246662466724668246692467024671246722467324674246752467624677246782467924680246812468224683246842468524686246872468824689246902469124692246932469424695246962469724698246992470024701247022470324704247052470624707247082470924710247112471224713247142471524716247172471824719247202472124722247232472424725247262472724728247292473024731247322473324734247352473624737247382473924740247412474224743247442474524746247472474824749247502475124752247532475424755247562475724758247592476024761247622476324764247652476624767247682476924770247712477224773247742477524776247772477824779247802478124782247832478424785247862478724788247892479024791247922479324794247952479624797247982479924800248012480224803248042480524806248072480824809248102481124812248132481424815248162481724818248192482024821248222482324824248252482624827248282482924830248312483224833248342483524836248372483824839248402484124842248432484424845248462484724848248492485024851248522485324854248552485624857248582485924860248612486224863248642486524866248672486824869248702487124872248732487424875248762487724878248792488024881248822488324884248852488624887248882488924890248912489224893248942489524896248972489824899249002490124902249032490424905249062490724908249092491024911249122491324914249152491624917249182491924920249212492224923249242492524926249272492824929249302493124932249332493424935249362493724938249392494024941249422494324944249452494624947249482494924950249512495224953249542495524956249572495824959249602496124962249632496424965249662496724968249692497024971249722497324974249752497624977249782497924980249812498224983249842498524986249872498824989249902499124992249932499424995249962499724998249992500025001250022500325004250052500625007250082500925010250112501225013250142501525016250172501825019250202502125022250232502425025250262502725028250292503025031250322503325034250352503625037250382503925040250412504225043250442504525046250472504825049250502505125052250532505425055250562505725058250592506025061250622506325064250652506625067250682506925070250712507225073250742507525076250772507825079250802508125082250832508425085250862508725088250892509025091250922509325094250952509625097250982509925100251012510225103251042510525106251072510825109251102511125112251132511425115251162511725118251192512025121251222512325124251252512625127251282512925130251312513225133251342513525136251372513825139251402514125142251432514425145251462514725148251492515025151251522515325154251552515625157251582515925160251612516225163251642516525166251672516825169251702517125172251732517425175251762517725178251792518025181251822518325184251852518625187251882518925190251912519225193251942519525196251972519825199252002520125202252032520425205252062520725208252092521025211252122521325214252152521625217252182521925220252212522225223252242522525226252272522825229252302523125232252332523425235252362523725238252392524025241252422524325244252452524625247252482524925250252512525225253252542525525256252572525825259252602526125262252632526425265252662526725268252692527025271252722527325274252752527625277252782527925280252812528225283252842528525286252872528825289252902529125292252932529425295252962529725298252992530025301253022530325304253052530625307253082530925310253112531225313253142531525316253172531825319253202532125322253232532425325253262532725328253292533025331253322533325334253352533625337253382533925340253412534225343253442534525346253472534825349253502535125352253532535425355253562535725358253592536025361253622536325364253652536625367253682536925370253712537225373253742537525376253772537825379253802538125382253832538425385253862538725388253892539025391253922539325394253952539625397253982539925400254012540225403254042540525406254072540825409254102541125412254132541425415254162541725418254192542025421254222542325424254252542625427254282542925430254312543225433254342543525436254372543825439254402544125442254432544425445254462544725448254492545025451254522545325454254552545625457254582545925460254612546225463254642546525466254672546825469254702547125472254732547425475254762547725478254792548025481254822548325484254852548625487254882548925490254912549225493254942549525496254972549825499255002550125502255032550425505255062550725508255092551025511255122551325514255152551625517255182551925520255212552225523255242552525526255272552825529255302553125532255332553425535255362553725538255392554025541255422554325544255452554625547255482554925550255512555225553255542555525556255572555825559255602556125562255632556425565255662556725568255692557025571255722557325574255752557625577255782557925580255812558225583255842558525586255872558825589255902559125592255932559425595255962559725598255992560025601256022560325604256052560625607256082560925610256112561225613256142561525616256172561825619256202562125622256232562425625256262562725628256292563025631256322563325634256352563625637256382563925640256412564225643256442564525646256472564825649256502565125652256532565425655256562565725658256592566025661256622566325664256652566625667256682566925670256712567225673256742567525676256772567825679256802568125682256832568425685256862568725688256892569025691256922569325694256952569625697256982569925700257012570225703257042570525706257072570825709257102571125712257132571425715257162571725718257192572025721257222572325724257252572625727257282572925730257312573225733257342573525736257372573825739257402574125742257432574425745257462574725748257492575025751257522575325754257552575625757257582575925760257612576225763257642576525766257672576825769257702577125772257732577425775257762577725778257792578025781257822578325784257852578625787257882578925790257912579225793257942579525796257972579825799258002580125802258032580425805258062580725808258092581025811258122581325814258152581625817258182581925820258212582225823258242582525826258272582825829258302583125832258332583425835258362583725838258392584025841258422584325844258452584625847258482584925850258512585225853258542585525856258572585825859258602586125862258632586425865258662586725868258692587025871258722587325874258752587625877258782587925880258812588225883258842588525886258872588825889258902589125892258932589425895258962589725898258992590025901259022590325904259052590625907259082590925910259112591225913259142591525916259172591825919259202592125922259232592425925259262592725928259292593025931259322593325934259352593625937259382593925940259412594225943259442594525946259472594825949259502595125952259532595425955259562595725958259592596025961259622596325964259652596625967259682596925970259712597225973259742597525976259772597825979259802598125982259832598425985259862598725988259892599025991259922599325994259952599625997259982599926000260012600226003260042600526006260072600826009260102601126012260132601426015260162601726018260192602026021260222602326024260252602626027260282602926030260312603226033260342603526036260372603826039260402604126042260432604426045260462604726048260492605026051260522605326054260552605626057260582605926060260612606226063260642606526066260672606826069260702607126072260732607426075260762607726078260792608026081260822608326084260852608626087260882608926090260912609226093260942609526096260972609826099261002610126102261032610426105261062610726108261092611026111261122611326114261152611626117261182611926120261212612226123261242612526126261272612826129261302613126132261332613426135261362613726138261392614026141261422614326144261452614626147261482614926150261512615226153261542615526156261572615826159261602616126162261632616426165261662616726168261692617026171261722617326174261752617626177261782617926180261812618226183261842618526186261872618826189261902619126192261932619426195261962619726198261992620026201262022620326204262052620626207262082620926210262112621226213262142621526216262172621826219262202622126222262232622426225262262622726228262292623026231262322623326234262352623626237262382623926240262412624226243262442624526246262472624826249262502625126252262532625426255262562625726258262592626026261262622626326264262652626626267262682626926270262712627226273262742627526276262772627826279262802628126282262832628426285262862628726288262892629026291262922629326294262952629626297262982629926300263012630226303263042630526306263072630826309263102631126312263132631426315263162631726318263192632026321263222632326324263252632626327263282632926330263312633226333263342633526336263372633826339263402634126342263432634426345263462634726348263492635026351263522635326354263552635626357263582635926360263612636226363263642636526366263672636826369263702637126372263732637426375263762637726378263792638026381263822638326384263852638626387263882638926390263912639226393263942639526396263972639826399264002640126402264032640426405264062640726408264092641026411264122641326414264152641626417264182641926420264212642226423264242642526426264272642826429264302643126432264332643426435264362643726438264392644026441264422644326444264452644626447264482644926450264512645226453264542645526456264572645826459264602646126462264632646426465264662646726468264692647026471264722647326474264752647626477264782647926480264812648226483264842648526486264872648826489264902649126492264932649426495264962649726498264992650026501265022650326504265052650626507265082650926510265112651226513265142651526516265172651826519265202652126522265232652426525265262652726528265292653026531265322653326534265352653626537265382653926540265412654226543265442654526546265472654826549265502655126552265532655426555265562655726558265592656026561265622656326564265652656626567265682656926570265712657226573265742657526576265772657826579265802658126582265832658426585265862658726588265892659026591265922659326594265952659626597265982659926600266012660226603266042660526606266072660826609266102661126612266132661426615266162661726618266192662026621266222662326624266252662626627266282662926630266312663226633266342663526636266372663826639266402664126642266432664426645266462664726648266492665026651266522665326654266552665626657266582665926660266612666226663266642666526666266672666826669266702667126672266732667426675266762667726678266792668026681266822668326684266852668626687266882668926690266912669226693266942669526696266972669826699267002670126702267032670426705267062670726708267092671026711267122671326714267152671626717267182671926720267212672226723267242672526726267272672826729267302673126732267332673426735267362673726738267392674026741267422674326744267452674626747267482674926750267512675226753267542675526756267572675826759267602676126762267632676426765267662676726768267692677026771267722677326774267752677626777267782677926780267812678226783267842678526786267872678826789267902679126792267932679426795267962679726798267992680026801268022680326804268052680626807268082680926810268112681226813268142681526816268172681826819268202682126822268232682426825268262682726828268292683026831268322683326834268352683626837268382683926840268412684226843268442684526846268472684826849268502685126852268532685426855268562685726858268592686026861268622686326864268652686626867268682686926870268712687226873268742687526876268772687826879268802688126882268832688426885268862688726888268892689026891268922689326894268952689626897268982689926900269012690226903269042690526906269072690826909269102691126912269132691426915269162691726918269192692026921269222692326924269252692626927269282692926930269312693226933269342693526936269372693826939269402694126942269432694426945269462694726948269492695026951269522695326954269552695626957269582695926960269612696226963269642696526966269672696826969269702697126972269732697426975269762697726978269792698026981269822698326984269852698626987269882698926990269912699226993269942699526996269972699826999270002700127002270032700427005270062700727008270092701027011270122701327014270152701627017270182701927020270212702227023270242702527026270272702827029270302703127032270332703427035270362703727038270392704027041270422704327044270452704627047270482704927050270512705227053270542705527056270572705827059270602706127062270632706427065270662706727068270692707027071270722707327074270752707627077270782707927080270812708227083270842708527086270872708827089270902709127092270932709427095270962709727098270992710027101271022710327104271052710627107271082710927110271112711227113271142711527116271172711827119271202712127122271232712427125271262712727128271292713027131271322713327134271352713627137271382713927140271412714227143271442714527146271472714827149271502715127152271532715427155271562715727158271592716027161271622716327164271652716627167271682716927170271712717227173271742717527176271772717827179271802718127182271832718427185271862718727188271892719027191271922719327194271952719627197271982719927200272012720227203272042720527206272072720827209272102721127212272132721427215272162721727218272192722027221272222722327224272252722627227272282722927230272312723227233272342723527236272372723827239272402724127242272432724427245272462724727248272492725027251272522725327254272552725627257272582725927260272612726227263272642726527266272672726827269272702727127272272732727427275272762727727278272792728027281272822728327284272852728627287272882728927290272912729227293272942729527296272972729827299273002730127302273032730427305273062730727308273092731027311273122731327314273152731627317273182731927320273212732227323273242732527326273272732827329273302733127332273332733427335273362733727338273392734027341273422734327344273452734627347273482734927350273512735227353273542735527356273572735827359273602736127362273632736427365273662736727368273692737027371273722737327374273752737627377273782737927380273812738227383273842738527386273872738827389273902739127392273932739427395273962739727398273992740027401274022740327404274052740627407274082740927410274112741227413274142741527416274172741827419274202742127422274232742427425274262742727428274292743027431274322743327434274352743627437274382743927440274412744227443274442744527446274472744827449274502745127452274532745427455274562745727458274592746027461274622746327464274652746627467274682746927470274712747227473274742747527476274772747827479274802748127482274832748427485274862748727488274892749027491274922749327494274952749627497274982749927500275012750227503275042750527506275072750827509275102751127512275132751427515275162751727518275192752027521275222752327524275252752627527275282752927530275312753227533275342753527536275372753827539275402754127542275432754427545275462754727548275492755027551275522755327554275552755627557275582755927560275612756227563275642756527566275672756827569275702757127572275732757427575275762757727578275792758027581275822758327584275852758627587275882758927590275912759227593275942759527596275972759827599276002760127602276032760427605276062760727608276092761027611276122761327614276152761627617276182761927620276212762227623276242762527626276272762827629276302763127632276332763427635276362763727638276392764027641276422764327644276452764627647276482764927650276512765227653276542765527656276572765827659276602766127662276632766427665276662766727668276692767027671276722767327674276752767627677276782767927680276812768227683276842768527686276872768827689276902769127692276932769427695276962769727698276992770027701277022770327704277052770627707277082770927710277112771227713277142771527716277172771827719277202772127722277232772427725277262772727728277292773027731277322773327734277352773627737277382773927740277412774227743277442774527746277472774827749277502775127752277532775427755277562775727758277592776027761277622776327764277652776627767277682776927770277712777227773277742777527776277772777827779277802778127782277832778427785277862778727788277892779027791277922779327794277952779627797277982779927800278012780227803278042780527806278072780827809278102781127812278132781427815278162781727818278192782027821278222782327824278252782627827278282782927830278312783227833278342783527836278372783827839278402784127842278432784427845278462784727848278492785027851278522785327854278552785627857278582785927860278612786227863278642786527866278672786827869278702787127872278732787427875278762787727878278792788027881278822788327884278852788627887278882788927890278912789227893278942789527896278972789827899279002790127902279032790427905279062790727908279092791027911279122791327914279152791627917279182791927920279212792227923279242792527926279272792827929279302793127932279332793427935279362793727938279392794027941279422794327944279452794627947279482794927950279512795227953279542795527956279572795827959279602796127962279632796427965279662796727968279692797027971279722797327974279752797627977279782797927980279812798227983279842798527986279872798827989279902799127992279932799427995279962799727998279992800028001280022800328004280052800628007280082800928010280112801228013280142801528016280172801828019280202802128022280232802428025280262802728028280292803028031280322803328034280352803628037280382803928040280412804228043280442804528046280472804828049280502805128052280532805428055280562805728058280592806028061280622806328064280652806628067280682806928070280712807228073280742807528076280772807828079280802808128082280832808428085280862808728088280892809028091280922809328094280952809628097280982809928100281012810228103281042810528106281072810828109281102811128112281132811428115281162811728118281192812028121281222812328124281252812628127281282812928130281312813228133281342813528136281372813828139281402814128142281432814428145281462814728148281492815028151281522815328154281552815628157281582815928160281612816228163281642816528166281672816828169281702817128172281732817428175281762817728178281792818028181281822818328184281852818628187281882818928190281912819228193281942819528196281972819828199282002820128202282032820428205282062820728208282092821028211282122821328214282152821628217282182821928220282212822228223282242822528226282272822828229282302823128232282332823428235282362823728238282392824028241282422824328244282452824628247282482824928250282512825228253282542825528256282572825828259282602826128262282632826428265282662826728268282692827028271282722827328274282752827628277282782827928280282812828228283282842828528286282872828828289282902829128292282932829428295282962829728298282992830028301283022830328304283052830628307283082830928310283112831228313283142831528316283172831828319283202832128322283232832428325283262832728328283292833028331283322833328334283352833628337283382833928340283412834228343283442834528346283472834828349283502835128352283532835428355283562835728358283592836028361283622836328364283652836628367283682836928370283712837228373283742837528376283772837828379283802838128382283832838428385283862838728388283892839028391283922839328394283952839628397283982839928400284012840228403284042840528406284072840828409284102841128412284132841428415284162841728418284192842028421284222842328424284252842628427284282842928430284312843228433284342843528436284372843828439284402844128442284432844428445284462844728448284492845028451284522845328454284552845628457284582845928460284612846228463284642846528466284672846828469284702847128472284732847428475284762847728478284792848028481284822848328484284852848628487284882848928490284912849228493284942849528496284972849828499285002850128502285032850428505285062850728508285092851028511285122851328514285152851628517285182851928520285212852228523285242852528526285272852828529285302853128532285332853428535285362853728538285392854028541285422854328544285452854628547285482854928550285512855228553285542855528556285572855828559285602856128562285632856428565285662856728568285692857028571285722857328574285752857628577285782857928580285812858228583285842858528586285872858828589285902859128592285932859428595285962859728598285992860028601286022860328604286052860628607286082860928610286112861228613286142861528616286172861828619286202862128622286232862428625286262862728628286292863028631286322863328634286352863628637286382863928640286412864228643286442864528646286472864828649286502865128652286532865428655286562865728658286592866028661286622866328664286652866628667286682866928670286712867228673286742867528676286772867828679286802868128682286832868428685286862868728688286892869028691286922869328694286952869628697286982869928700287012870228703287042870528706287072870828709287102871128712287132871428715287162871728718287192872028721287222872328724287252872628727287282872928730287312873228733287342873528736287372873828739287402874128742287432874428745287462874728748287492875028751287522875328754287552875628757287582875928760287612876228763287642876528766287672876828769287702877128772287732877428775287762877728778287792878028781287822878328784287852878628787287882878928790287912879228793287942879528796287972879828799288002880128802288032880428805288062880728808288092881028811288122881328814288152881628817288182881928820288212882228823288242882528826288272882828829288302883128832288332883428835288362883728838288392884028841288422884328844288452884628847288482884928850288512885228853288542885528856288572885828859288602886128862288632886428865288662886728868288692887028871288722887328874288752887628877288782887928880288812888228883288842888528886288872888828889288902889128892288932889428895288962889728898288992890028901289022890328904289052890628907289082890928910289112891228913289142891528916289172891828919289202892128922289232892428925289262892728928289292893028931289322893328934289352893628937289382893928940289412894228943289442894528946289472894828949289502895128952289532895428955289562895728958289592896028961289622896328964289652896628967289682896928970289712897228973289742897528976289772897828979289802898128982289832898428985289862898728988289892899028991289922899328994289952899628997289982899929000290012900229003290042900529006290072900829009290102901129012290132901429015290162901729018290192902029021290222902329024290252902629027290282902929030290312903229033290342903529036290372903829039290402904129042290432904429045290462904729048290492905029051290522905329054290552905629057290582905929060290612906229063290642906529066290672906829069290702907129072290732907429075290762907729078290792908029081290822908329084290852908629087290882908929090290912909229093290942909529096290972909829099291002910129102291032910429105291062910729108291092911029111291122911329114291152911629117291182911929120291212912229123291242912529126291272912829129291302913129132291332913429135291362913729138291392914029141291422914329144291452914629147291482914929150291512915229153291542915529156291572915829159291602916129162291632916429165291662916729168291692917029171291722917329174291752917629177291782917929180291812918229183291842918529186291872918829189291902919129192291932919429195291962919729198291992920029201292022920329204292052920629207292082920929210292112921229213292142921529216292172921829219292202922129222292232922429225292262922729228292292923029231292322923329234292352923629237292382923929240292412924229243292442924529246292472924829249292502925129252292532925429255292562925729258292592926029261292622926329264292652926629267292682926929270292712927229273292742927529276292772927829279292802928129282292832928429285292862928729288292892929029291292922929329294292952929629297292982929929300293012930229303293042930529306293072930829309293102931129312293132931429315293162931729318293192932029321293222932329324293252932629327293282932929330293312933229333293342933529336293372933829339293402934129342293432934429345293462934729348293492935029351293522935329354293552935629357293582935929360293612936229363293642936529366293672936829369293702937129372293732937429375293762937729378293792938029381293822938329384293852938629387293882938929390293912939229393293942939529396293972939829399294002940129402294032940429405294062940729408294092941029411294122941329414294152941629417294182941929420294212942229423294242942529426294272942829429294302943129432294332943429435294362943729438294392944029441294422944329444294452944629447294482944929450294512945229453294542945529456294572945829459294602946129462294632946429465294662946729468294692947029471294722947329474294752947629477294782947929480294812948229483294842948529486294872948829489294902949129492294932949429495294962949729498294992950029501295022950329504295052950629507295082950929510295112951229513295142951529516295172951829519295202952129522295232952429525295262952729528295292953029531295322953329534295352953629537295382953929540295412954229543295442954529546295472954829549295502955129552295532955429555295562955729558295592956029561295622956329564295652956629567295682956929570295712957229573295742957529576295772957829579295802958129582295832958429585295862958729588295892959029591295922959329594295952959629597295982959929600296012960229603296042960529606296072960829609296102961129612296132961429615296162961729618296192962029621296222962329624296252962629627296282962929630296312963229633296342963529636296372963829639296402964129642296432964429645296462964729648296492965029651296522965329654296552965629657296582965929660296612966229663296642966529666296672966829669296702967129672296732967429675296762967729678296792968029681296822968329684296852968629687296882968929690296912969229693296942969529696296972969829699297002970129702297032970429705297062970729708297092971029711297122971329714297152971629717297182971929720297212972229723297242972529726297272972829729297302973129732297332973429735297362973729738297392974029741297422974329744297452974629747297482974929750297512975229753297542975529756297572975829759297602976129762297632976429765297662976729768297692977029771297722977329774297752977629777297782977929780297812978229783297842978529786297872978829789297902979129792297932979429795297962979729798297992980029801298022980329804298052980629807298082980929810298112981229813298142981529816298172981829819298202982129822298232982429825298262982729828298292983029831298322983329834298352983629837298382983929840298412984229843298442984529846298472984829849298502985129852298532985429855298562985729858298592986029861298622986329864298652986629867298682986929870298712987229873298742987529876298772987829879298802988129882298832988429885298862988729888298892989029891298922989329894298952989629897298982989929900299012990229903299042990529906299072990829909299102991129912299132991429915299162991729918299192992029921299222992329924299252992629927299282992929930299312993229933299342993529936299372993829939299402994129942299432994429945299462994729948299492995029951299522995329954299552995629957299582995929960299612996229963299642996529966299672996829969299702997129972299732997429975299762997729978299792998029981299822998329984299852998629987299882998929990299912999229993299942999529996299972999829999300003000130002300033000430005300063000730008300093001030011300123001330014300153001630017300183001930020300213002230023300243002530026300273002830029300303003130032300333003430035300363003730038300393004030041300423004330044300453004630047300483004930050300513005230053300543005530056300573005830059300603006130062300633006430065300663006730068300693007030071300723007330074300753007630077300783007930080300813008230083300843008530086300873008830089300903009130092300933009430095300963009730098300993010030101301023010330104301053010630107301083010930110301113011230113301143011530116301173011830119301203012130122301233012430125301263012730128301293013030131301323013330134301353013630137301383013930140301413014230143301443014530146301473014830149301503015130152301533015430155301563015730158301593016030161301623016330164301653016630167301683016930170301713017230173301743017530176301773017830179301803018130182301833018430185301863018730188301893019030191301923019330194301953019630197301983019930200302013020230203302043020530206302073020830209302103021130212302133021430215302163021730218302193022030221302223022330224302253022630227302283022930230302313023230233302343023530236302373023830239302403024130242302433024430245302463024730248302493025030251302523025330254302553025630257302583025930260302613026230263302643026530266302673026830269302703027130272302733027430275302763027730278302793028030281302823028330284302853028630287302883028930290302913029230293302943029530296302973029830299303003030130302303033030430305303063030730308303093031030311303123031330314303153031630317303183031930320303213032230323303243032530326303273032830329303303033130332303333033430335303363033730338303393034030341303423034330344303453034630347303483034930350303513035230353303543035530356303573035830359303603036130362303633036430365303663036730368303693037030371303723037330374303753037630377303783037930380303813038230383303843038530386303873038830389303903039130392303933039430395303963039730398303993040030401304023040330404304053040630407304083040930410304113041230413304143041530416304173041830419304203042130422304233042430425304263042730428304293043030431304323043330434304353043630437304383043930440304413044230443304443044530446304473044830449304503045130452304533045430455304563045730458304593046030461304623046330464304653046630467304683046930470304713047230473304743047530476304773047830479304803048130482304833048430485304863048730488304893049030491304923049330494304953049630497304983049930500305013050230503305043050530506305073050830509305103051130512305133051430515305163051730518305193052030521305223052330524305253052630527305283052930530305313053230533305343053530536305373053830539305403054130542305433054430545305463054730548305493055030551305523055330554305553055630557305583055930560305613056230563305643056530566305673056830569305703057130572305733057430575305763057730578305793058030581305823058330584305853058630587305883058930590305913059230593305943059530596305973059830599306003060130602306033060430605306063060730608306093061030611306123061330614306153061630617306183061930620306213062230623306243062530626306273062830629306303063130632306333063430635306363063730638306393064030641306423064330644306453064630647306483064930650306513065230653306543065530656306573065830659306603066130662306633066430665306663066730668306693067030671306723067330674306753067630677306783067930680306813068230683306843068530686306873068830689306903069130692306933069430695306963069730698306993070030701307023070330704307053070630707307083070930710307113071230713307143071530716307173071830719307203072130722307233072430725307263072730728307293073030731307323073330734307353073630737307383073930740307413074230743307443074530746307473074830749307503075130752307533075430755307563075730758307593076030761307623076330764307653076630767307683076930770307713077230773307743077530776307773077830779307803078130782307833078430785307863078730788307893079030791307923079330794307953079630797307983079930800308013080230803308043080530806308073080830809308103081130812308133081430815308163081730818308193082030821308223082330824308253082630827308283082930830308313083230833308343083530836308373083830839308403084130842308433084430845308463084730848308493085030851308523085330854308553085630857308583085930860308613086230863308643086530866308673086830869308703087130872308733087430875308763087730878308793088030881308823088330884308853088630887308883088930890308913089230893308943089530896308973089830899309003090130902309033090430905309063090730908309093091030911309123091330914309153091630917309183091930920309213092230923309243092530926309273092830929309303093130932309333093430935309363093730938309393094030941309423094330944309453094630947309483094930950309513095230953309543095530956309573095830959309603096130962309633096430965309663096730968309693097030971309723097330974309753097630977309783097930980309813098230983309843098530986309873098830989309903099130992309933099430995309963099730998309993100031001310023100331004310053100631007310083100931010310113101231013310143101531016310173101831019310203102131022310233102431025310263102731028310293103031031310323103331034310353103631037310383103931040310413104231043310443104531046310473104831049310503105131052310533105431055310563105731058310593106031061310623106331064310653106631067310683106931070310713107231073310743107531076310773107831079310803108131082310833108431085310863108731088310893109031091310923109331094310953109631097310983109931100311013110231103311043110531106311073110831109311103111131112311133111431115311163111731118311193112031121311223112331124311253112631127311283112931130311313113231133311343113531136311373113831139311403114131142311433114431145311463114731148311493115031151311523115331154311553115631157311583115931160311613116231163311643116531166311673116831169311703117131172311733117431175311763117731178311793118031181311823118331184311853118631187311883118931190311913119231193311943119531196311973119831199312003120131202312033120431205312063120731208312093121031211312123121331214312153121631217312183121931220312213122231223312243122531226312273122831229312303123131232312333123431235312363123731238312393124031241312423124331244312453124631247312483124931250312513125231253312543125531256312573125831259312603126131262312633126431265312663126731268312693127031271312723127331274312753127631277312783127931280312813128231283312843128531286312873128831289312903129131292312933129431295312963129731298312993130031301313023130331304313053130631307313083130931310313113131231313313143131531316313173131831319313203132131322313233132431325313263132731328313293133031331313323133331334313353133631337313383133931340313413134231343313443134531346313473134831349313503135131352313533135431355313563135731358313593136031361313623136331364313653136631367313683136931370313713137231373313743137531376313773137831379313803138131382313833138431385313863138731388313893139031391313923139331394313953139631397313983139931400314013140231403314043140531406314073140831409314103141131412314133141431415314163141731418314193142031421314223142331424314253142631427314283142931430314313143231433314343143531436314373143831439314403144131442314433144431445314463144731448314493145031451314523145331454314553145631457314583145931460314613146231463314643146531466314673146831469314703147131472314733147431475314763147731478314793148031481314823148331484314853148631487314883148931490314913149231493314943149531496314973149831499315003150131502315033150431505315063150731508315093151031511315123151331514315153151631517315183151931520315213152231523315243152531526315273152831529315303153131532315333153431535315363153731538315393154031541315423154331544315453154631547315483154931550315513155231553315543155531556315573155831559315603156131562315633156431565315663156731568315693157031571315723157331574315753157631577315783157931580315813158231583315843158531586315873158831589315903159131592315933159431595315963159731598315993160031601316023160331604316053160631607316083160931610316113161231613316143161531616316173161831619316203162131622316233162431625316263162731628316293163031631316323163331634316353163631637316383163931640316413164231643316443164531646316473164831649316503165131652316533165431655316563165731658316593166031661316623166331664316653166631667316683166931670316713167231673316743167531676316773167831679316803168131682316833168431685316863168731688316893169031691316923169331694316953169631697316983169931700317013170231703317043170531706317073170831709317103171131712317133171431715317163171731718317193172031721317223172331724317253172631727317283172931730317313173231733317343173531736317373173831739317403174131742317433174431745317463174731748317493175031751317523175331754317553175631757317583175931760317613176231763317643176531766317673176831769317703177131772317733177431775317763177731778317793178031781317823178331784317853178631787317883178931790317913179231793317943179531796317973179831799318003180131802318033180431805318063180731808318093181031811318123181331814318153181631817318183181931820318213182231823318243182531826318273182831829318303183131832318333183431835318363183731838318393184031841318423184331844318453184631847318483184931850318513185231853318543185531856318573185831859318603186131862318633186431865318663186731868318693187031871318723187331874318753187631877318783187931880318813188231883318843188531886318873188831889318903189131892318933189431895318963189731898318993190031901319023190331904319053190631907319083190931910319113191231913319143191531916319173191831919319203192131922319233192431925319263192731928319293193031931319323193331934319353193631937319383193931940319413194231943319443194531946319473194831949319503195131952319533195431955319563195731958319593196031961319623196331964319653196631967319683196931970319713197231973319743197531976319773197831979319803198131982319833198431985319863198731988319893199031991319923199331994319953199631997319983199932000320013200232003320043200532006320073200832009320103201132012320133201432015320163201732018320193202032021320223202332024320253202632027320283202932030320313203232033320343203532036320373203832039320403204132042320433204432045320463204732048320493205032051320523205332054320553205632057320583205932060320613206232063320643206532066320673206832069320703207132072320733207432075320763207732078320793208032081320823208332084320853208632087320883208932090320913209232093320943209532096320973209832099321003210132102321033210432105321063210732108321093211032111321123211332114321153211632117321183211932120321213212232123321243212532126321273212832129321303213132132321333213432135321363213732138321393214032141321423214332144321453214632147321483214932150321513215232153321543215532156321573215832159321603216132162321633216432165321663216732168321693217032171321723217332174321753217632177321783217932180321813218232183321843218532186321873218832189321903219132192321933219432195321963219732198321993220032201322023220332204322053220632207322083220932210322113221232213322143221532216322173221832219322203222132222322233222432225322263222732228322293223032231322323223332234322353223632237322383223932240322413224232243322443224532246322473224832249322503225132252322533225432255322563225732258322593226032261322623226332264322653226632267322683226932270322713227232273322743227532276322773227832279322803228132282322833228432285322863228732288322893229032291322923229332294322953229632297322983229932300323013230232303323043230532306323073230832309323103231132312323133231432315323163231732318323193232032321323223232332324323253232632327323283232932330323313233232333323343233532336323373233832339323403234132342323433234432345323463234732348323493235032351323523235332354323553235632357323583235932360323613236232363323643236532366323673236832369323703237132372323733237432375323763237732378323793238032381323823238332384323853238632387323883238932390323913239232393323943239532396323973239832399324003240132402324033240432405324063240732408324093241032411324123241332414324153241632417324183241932420324213242232423324243242532426324273242832429324303243132432324333243432435324363243732438324393244032441324423244332444324453244632447324483244932450324513245232453324543245532456324573245832459324603246132462324633246432465324663246732468324693247032471324723247332474324753247632477324783247932480324813248232483324843248532486324873248832489324903249132492324933249432495324963249732498324993250032501325023250332504325053250632507325083250932510325113251232513325143251532516325173251832519325203252132522325233252432525325263252732528325293253032531325323253332534325353253632537325383253932540325413254232543325443254532546325473254832549325503255132552325533255432555325563255732558325593256032561325623256332564325653256632567325683256932570325713257232573325743257532576325773257832579325803258132582325833258432585325863258732588325893259032591325923259332594325953259632597325983259932600326013260232603326043260532606326073260832609326103261132612326133261432615326163261732618326193262032621326223262332624326253262632627326283262932630326313263232633326343263532636326373263832639326403264132642326433264432645326463264732648326493265032651326523265332654326553265632657326583265932660326613266232663326643266532666326673266832669326703267132672326733267432675326763267732678326793268032681326823268332684326853268632687326883268932690326913269232693326943269532696326973269832699327003270132702327033270432705327063270732708327093271032711327123271332714327153271632717327183271932720327213272232723327243272532726327273272832729327303273132732327333273432735327363273732738327393274032741327423274332744327453274632747327483274932750327513275232753327543275532756327573275832759327603276132762327633276432765327663276732768327693277032771327723277332774327753277632777327783277932780327813278232783327843278532786327873278832789327903279132792327933279432795327963279732798327993280032801328023280332804328053280632807328083280932810328113281232813328143281532816328173281832819328203282132822328233282432825328263282732828328293283032831328323283332834328353283632837328383283932840328413284232843328443284532846328473284832849328503285132852328533285432855328563285732858328593286032861328623286332864328653286632867328683286932870328713287232873328743287532876328773287832879328803288132882328833288432885328863288732888328893289032891328923289332894328953289632897328983289932900329013290232903329043290532906329073290832909329103291132912329133291432915329163291732918329193292032921329223292332924329253292632927329283292932930329313293232933329343293532936329373293832939329403294132942329433294432945329463294732948329493295032951329523295332954329553295632957329583295932960329613296232963329643296532966329673296832969329703297132972329733297432975329763297732978329793298032981329823298332984329853298632987329883298932990329913299232993329943299532996329973299832999330003300133002330033300433005330063300733008330093301033011330123301333014330153301633017330183301933020330213302233023330243302533026330273302833029330303303133032330333303433035330363303733038330393304033041330423304333044330453304633047330483304933050330513305233053330543305533056330573305833059330603306133062330633306433065330663306733068330693307033071330723307333074330753307633077330783307933080330813308233083330843308533086330873308833089330903309133092330933309433095330963309733098330993310033101331023310333104331053310633107331083310933110331113311233113331143311533116331173311833119331203312133122331233312433125331263312733128331293313033131331323313333134331353313633137331383313933140331413314233143331443314533146331473314833149331503315133152331533315433155331563315733158331593316033161331623316333164331653316633167331683316933170331713317233173331743317533176331773317833179331803318133182331833318433185331863318733188331893319033191331923319333194331953319633197331983319933200332013320233203332043320533206332073320833209332103321133212332133321433215332163321733218332193322033221332223322333224332253322633227332283322933230332313323233233332343323533236332373323833239332403324133242332433324433245332463324733248332493325033251332523325333254332553325633257332583325933260332613326233263332643326533266332673326833269332703327133272332733327433275332763327733278332793328033281332823328333284332853328633287332883328933290332913329233293332943329533296332973329833299333003330133302333033330433305333063330733308333093331033311333123331333314333153331633317333183331933320333213332233323333243332533326333273332833329333303333133332333333333433335333363333733338333393334033341333423334333344333453334633347333483334933350333513335233353333543335533356333573335833359333603336133362333633336433365333663336733368333693337033371333723337333374333753337633377333783337933380333813338233383333843338533386333873338833389333903339133392333933339433395333963339733398333993340033401334023340333404334053340633407334083340933410334113341233413334143341533416334173341833419334203342133422334233342433425334263342733428334293343033431334323343333434334353343633437334383343933440334413344233443334443344533446334473344833449334503345133452334533345433455334563345733458334593346033461334623346333464334653346633467334683346933470334713347233473334743347533476334773347833479334803348133482334833348433485334863348733488334893349033491334923349333494334953349633497334983349933500335013350233503335043350533506335073350833509335103351133512335133351433515335163351733518335193352033521335223352333524335253352633527335283352933530335313353233533335343353533536335373353833539335403354133542335433354433545335463354733548335493355033551335523355333554335553355633557335583355933560335613356233563335643356533566335673356833569335703357133572335733357433575335763357733578335793358033581335823358333584335853358633587335883358933590335913359233593335943359533596335973359833599336003360133602336033360433605336063360733608336093361033611336123361333614336153361633617336183361933620336213362233623336243362533626336273362833629336303363133632336333363433635336363363733638336393364033641336423364333644336453364633647336483364933650336513365233653336543365533656336573365833659336603366133662336633366433665336663366733668336693367033671336723367333674336753367633677336783367933680336813368233683336843368533686336873368833689336903369133692336933369433695336963369733698336993370033701337023370333704337053370633707337083370933710337113371233713337143371533716337173371833719337203372133722337233372433725337263372733728337293373033731337323373333734337353373633737337383373933740337413374233743337443374533746337473374833749337503375133752337533375433755337563375733758337593376033761337623376333764337653376633767337683376933770337713377233773337743377533776337773377833779337803378133782337833378433785337863378733788337893379033791337923379333794337953379633797337983379933800338013380233803338043380533806338073380833809338103381133812338133381433815338163381733818338193382033821338223382333824338253382633827338283382933830338313383233833338343383533836338373383833839338403384133842338433384433845338463384733848338493385033851338523385333854338553385633857338583385933860338613386233863338643386533866338673386833869338703387133872338733387433875338763387733878338793388033881338823388333884338853388633887338883388933890338913389233893338943389533896338973389833899339003390133902339033390433905339063390733908339093391033911339123391333914339153391633917339183391933920339213392233923339243392533926339273392833929339303393133932339333393433935339363393733938339393394033941339423394333944339453394633947339483394933950339513395233953339543395533956339573395833959339603396133962339633396433965339663396733968339693397033971339723397333974339753397633977339783397933980339813398233983339843398533986339873398833989339903399133992339933399433995339963399733998339993400034001340023400334004340053400634007340083400934010340113401234013340143401534016340173401834019340203402134022340233402434025340263402734028340293403034031340323403334034340353403634037340383403934040340413404234043340443404534046340473404834049340503405134052340533405434055340563405734058340593406034061340623406334064340653406634067340683406934070340713407234073340743407534076340773407834079340803408134082340833408434085340863408734088340893409034091340923409334094340953409634097340983409934100341013410234103341043410534106341073410834109341103411134112341133411434115341163411734118341193412034121341223412334124341253412634127341283412934130341313413234133341343413534136341373413834139341403414134142341433414434145341463414734148341493415034151341523415334154341553415634157341583415934160341613416234163341643416534166341673416834169341703417134172341733417434175341763417734178341793418034181341823418334184341853418634187341883418934190341913419234193341943419534196341973419834199342003420134202342033420434205342063420734208342093421034211342123421334214342153421634217342183421934220342213422234223342243422534226342273422834229342303423134232342333423434235342363423734238342393424034241342423424334244342453424634247342483424934250342513425234253342543425534256342573425834259342603426134262342633426434265342663426734268342693427034271342723427334274342753427634277342783427934280342813428234283342843428534286342873428834289342903429134292342933429434295342963429734298342993430034301343023430334304343053430634307343083430934310343113431234313343143431534316343173431834319343203432134322343233432434325343263432734328343293433034331343323433334334343353433634337343383433934340343413434234343343443434534346343473434834349343503435134352343533435434355343563435734358343593436034361343623436334364343653436634367343683436934370343713437234373343743437534376343773437834379343803438134382343833438434385343863438734388343893439034391343923439334394343953439634397343983439934400344013440234403344043440534406344073440834409344103441134412344133441434415344163441734418344193442034421344223442334424344253442634427344283442934430344313443234433344343443534436344373443834439344403444134442344433444434445344463444734448344493445034451344523445334454344553445634457344583445934460344613446234463344643446534466344673446834469344703447134472344733447434475344763447734478344793448034481344823448334484344853448634487344883448934490344913449234493344943449534496344973449834499345003450134502345033450434505345063450734508345093451034511345123451334514345153451634517345183451934520345213452234523345243452534526345273452834529345303453134532345333453434535345363453734538345393454034541345423454334544345453454634547345483454934550345513455234553345543455534556345573455834559345603456134562345633456434565345663456734568345693457034571345723457334574345753457634577345783457934580345813458234583345843458534586345873458834589345903459134592345933459434595345963459734598345993460034601346023460334604346053460634607346083460934610346113461234613346143461534616346173461834619346203462134622346233462434625346263462734628346293463034631346323463334634346353463634637346383463934640346413464234643346443464534646346473464834649346503465134652346533465434655346563465734658346593466034661346623466334664346653466634667346683466934670346713467234673346743467534676346773467834679346803468134682346833468434685346863468734688346893469034691346923469334694346953469634697346983469934700347013470234703347043470534706347073470834709347103471134712347133471434715347163471734718347193472034721347223472334724347253472634727347283472934730347313473234733347343473534736347373473834739347403474134742347433474434745347463474734748347493475034751347523475334754347553475634757347583475934760347613476234763347643476534766347673476834769347703477134772347733477434775347763477734778347793478034781347823478334784347853478634787347883478934790347913479234793347943479534796347973479834799348003480134802348033480434805348063480734808348093481034811348123481334814348153481634817348183481934820348213482234823348243482534826348273482834829348303483134832348333483434835348363483734838348393484034841348423484334844348453484634847348483484934850348513485234853348543485534856348573485834859348603486134862348633486434865348663486734868348693487034871348723487334874348753487634877348783487934880348813488234883348843488534886348873488834889348903489134892348933489434895348963489734898348993490034901349023490334904349053490634907349083490934910349113491234913349143491534916349173491834919349203492134922349233492434925349263492734928349293493034931349323493334934349353493634937349383493934940349413494234943349443494534946349473494834949349503495134952349533495434955349563495734958349593496034961349623496334964349653496634967349683496934970349713497234973349743497534976349773497834979349803498134982349833498434985349863498734988349893499034991349923499334994349953499634997349983499935000350013500235003350043500535006350073500835009350103501135012350133501435015350163501735018350193502035021350223502335024350253502635027350283502935030350313503235033350343503535036350373503835039350403504135042350433504435045350463504735048350493505035051350523505335054350553505635057350583505935060350613506235063350643506535066350673506835069350703507135072350733507435075350763507735078350793508035081350823508335084350853508635087350883508935090350913509235093350943509535096350973509835099351003510135102351033510435105351063510735108351093511035111351123511335114351153511635117351183511935120351213512235123351243512535126351273512835129351303513135132351333513435135351363513735138351393514035141351423514335144351453514635147351483514935150351513515235153351543515535156351573515835159351603516135162351633516435165351663516735168351693517035171351723517335174351753517635177351783517935180351813518235183351843518535186351873518835189351903519135192351933519435195351963519735198351993520035201352023520335204352053520635207352083520935210352113521235213352143521535216352173521835219352203522135222352233522435225352263522735228352293523035231352323523335234352353523635237352383523935240352413524235243352443524535246352473524835249352503525135252352533525435255352563525735258352593526035261352623526335264352653526635267352683526935270352713527235273352743527535276352773527835279352803528135282352833528435285352863528735288352893529035291352923529335294352953529635297352983529935300353013530235303353043530535306353073530835309353103531135312353133531435315353163531735318353193532035321353223532335324353253532635327353283532935330353313533235333353343533535336353373533835339353403534135342353433534435345353463534735348353493535035351353523535335354353553535635357353583535935360353613536235363353643536535366353673536835369353703537135372353733537435375353763537735378353793538035381353823538335384353853538635387353883538935390353913539235393353943539535396353973539835399354003540135402354033540435405354063540735408354093541035411354123541335414354153541635417354183541935420354213542235423354243542535426354273542835429354303543135432354333543435435354363543735438354393544035441354423544335444354453544635447354483544935450354513545235453354543545535456354573545835459354603546135462354633546435465354663546735468354693547035471354723547335474354753547635477354783547935480354813548235483354843548535486354873548835489354903549135492354933549435495354963549735498354993550035501355023550335504355053550635507355083550935510355113551235513355143551535516355173551835519355203552135522355233552435525355263552735528355293553035531355323553335534355353553635537355383553935540355413554235543355443554535546355473554835549355503555135552355533555435555355563555735558355593556035561355623556335564355653556635567355683556935570355713557235573355743557535576355773557835579355803558135582355833558435585355863558735588355893559035591355923559335594355953559635597355983559935600356013560235603356043560535606356073560835609356103561135612356133561435615356163561735618356193562035621356223562335624356253562635627356283562935630356313563235633356343563535636356373563835639356403564135642356433564435645356463564735648356493565035651356523565335654356553565635657356583565935660356613566235663356643566535666356673566835669356703567135672356733567435675356763567735678356793568035681356823568335684356853568635687356883568935690356913569235693356943569535696356973569835699357003570135702357033570435705357063570735708357093571035711357123571335714357153571635717357183571935720357213572235723357243572535726357273572835729357303573135732357333573435735357363573735738357393574035741357423574335744357453574635747357483574935750357513575235753357543575535756357573575835759357603576135762357633576435765357663576735768357693577035771357723577335774357753577635777357783577935780357813578235783357843578535786357873578835789357903579135792357933579435795357963579735798357993580035801358023580335804358053580635807358083580935810358113581235813358143581535816358173581835819358203582135822358233582435825358263582735828358293583035831358323583335834358353583635837358383583935840358413584235843358443584535846358473584835849358503585135852358533585435855358563585735858358593586035861358623586335864358653586635867358683586935870358713587235873358743587535876358773587835879358803588135882358833588435885358863588735888358893589035891358923589335894358953589635897358983589935900359013590235903359043590535906359073590835909359103591135912359133591435915359163591735918359193592035921359223592335924359253592635927359283592935930359313593235933359343593535936359373593835939359403594135942359433594435945359463594735948359493595035951359523595335954359553595635957359583595935960359613596235963359643596535966359673596835969359703597135972359733597435975359763597735978359793598035981359823598335984359853598635987359883598935990359913599235993359943599535996359973599835999360003600136002360033600436005360063600736008360093601036011360123601336014360153601636017360183601936020360213602236023360243602536026360273602836029360303603136032360333603436035360363603736038360393604036041360423604336044360453604636047360483604936050360513605236053360543605536056360573605836059360603606136062360633606436065360663606736068360693607036071360723607336074360753607636077360783607936080360813608236083360843608536086360873608836089360903609136092360933609436095360963609736098360993610036101361023610336104361053610636107361083610936110361113611236113361143611536116361173611836119361203612136122361233612436125361263612736128361293613036131361323613336134361353613636137361383613936140361413614236143361443614536146361473614836149361503615136152361533615436155361563615736158361593616036161361623616336164361653616636167361683616936170361713617236173361743617536176361773617836179361803618136182361833618436185361863618736188361893619036191361923619336194361953619636197361983619936200362013620236203362043620536206362073620836209362103621136212362133621436215362163621736218362193622036221362223622336224362253622636227362283622936230362313623236233362343623536236362373623836239362403624136242362433624436245362463624736248362493625036251362523625336254362553625636257362583625936260362613626236263362643626536266362673626836269362703627136272362733627436275362763627736278362793628036281362823628336284362853628636287362883628936290362913629236293362943629536296362973629836299363003630136302363033630436305363063630736308363093631036311363123631336314363153631636317363183631936320363213632236323363243632536326363273632836329363303633136332363333633436335363363633736338363393634036341363423634336344363453634636347363483634936350363513635236353363543635536356363573635836359363603636136362363633636436365363663636736368363693637036371363723637336374363753637636377363783637936380363813638236383363843638536386363873638836389363903639136392363933639436395363963639736398363993640036401364023640336404364053640636407364083640936410364113641236413364143641536416364173641836419364203642136422364233642436425364263642736428364293643036431364323643336434364353643636437364383643936440364413644236443364443644536446364473644836449364503645136452364533645436455364563645736458364593646036461364623646336464364653646636467364683646936470364713647236473364743647536476364773647836479364803648136482364833648436485364863648736488364893649036491364923649336494364953649636497364983649936500365013650236503365043650536506365073650836509365103651136512365133651436515365163651736518365193652036521365223652336524365253652636527365283652936530365313653236533365343653536536365373653836539365403654136542365433654436545365463654736548365493655036551365523655336554365553655636557365583655936560365613656236563365643656536566365673656836569365703657136572365733657436575365763657736578365793658036581365823658336584365853658636587365883658936590365913659236593365943659536596365973659836599366003660136602366033660436605366063660736608366093661036611366123661336614366153661636617366183661936620366213662236623366243662536626366273662836629366303663136632366333663436635366363663736638366393664036641366423664336644366453664636647366483664936650366513665236653366543665536656366573665836659366603666136662366633666436665366663666736668366693667036671366723667336674366753667636677366783667936680366813668236683366843668536686366873668836689366903669136692366933669436695366963669736698366993670036701367023670336704367053670636707367083670936710367113671236713367143671536716367173671836719367203672136722367233672436725367263672736728367293673036731367323673336734367353673636737367383673936740367413674236743367443674536746367473674836749367503675136752367533675436755367563675736758367593676036761367623676336764367653676636767367683676936770367713677236773367743677536776367773677836779367803678136782367833678436785367863678736788367893679036791367923679336794367953679636797367983679936800368013680236803368043680536806368073680836809368103681136812368133681436815368163681736818368193682036821368223682336824368253682636827368283682936830368313683236833368343683536836368373683836839368403684136842368433684436845368463684736848368493685036851368523685336854368553685636857368583685936860368613686236863368643686536866368673686836869368703687136872368733687436875368763687736878368793688036881368823688336884368853688636887368883688936890368913689236893368943689536896368973689836899369003690136902369033690436905369063690736908369093691036911369123691336914369153691636917369183691936920369213692236923369243692536926369273692836929369303693136932369333693436935369363693736938369393694036941369423694336944369453694636947369483694936950369513695236953369543695536956369573695836959369603696136962369633696436965369663696736968369693697036971369723697336974369753697636977369783697936980369813698236983369843698536986369873698836989369903699136992369933699436995369963699736998369993700037001370023700337004370053700637007370083700937010370113701237013370143701537016370173701837019370203702137022370233702437025370263702737028370293703037031370323703337034370353703637037370383703937040370413704237043370443704537046370473704837049370503705137052370533705437055370563705737058370593706037061370623706337064370653706637067370683706937070370713707237073370743707537076370773707837079370803708137082370833708437085370863708737088370893709037091370923709337094370953709637097370983709937100371013710237103371043710537106371073710837109371103711137112371133711437115371163711737118371193712037121371223712337124371253712637127371283712937130371313713237133371343713537136371373713837139371403714137142371433714437145371463714737148371493715037151371523715337154371553715637157371583715937160371613716237163371643716537166371673716837169371703717137172371733717437175371763717737178371793718037181371823718337184371853718637187371883718937190371913719237193371943719537196371973719837199372003720137202372033720437205372063720737208372093721037211372123721337214372153721637217372183721937220372213722237223372243722537226372273722837229372303723137232372333723437235372363723737238372393724037241372423724337244372453724637247372483724937250372513725237253372543725537256372573725837259372603726137262372633726437265372663726737268372693727037271372723727337274372753727637277372783727937280372813728237283372843728537286372873728837289372903729137292372933729437295372963729737298372993730037301373023730337304373053730637307373083730937310373113731237313373143731537316373173731837319373203732137322373233732437325373263732737328373293733037331373323733337334373353733637337373383733937340373413734237343373443734537346373473734837349373503735137352373533735437355373563735737358373593736037361373623736337364373653736637367373683736937370373713737237373373743737537376373773737837379373803738137382373833738437385373863738737388373893739037391373923739337394373953739637397373983739937400374013740237403374043740537406374073740837409374103741137412374133741437415374163741737418374193742037421374223742337424374253742637427374283742937430374313743237433374343743537436374373743837439374403744137442374433744437445374463744737448374493745037451374523745337454374553745637457374583745937460374613746237463374643746537466374673746837469374703747137472374733747437475374763747737478374793748037481374823748337484374853748637487374883748937490374913749237493374943749537496374973749837499375003750137502375033750437505375063750737508375093751037511375123751337514375153751637517375183751937520375213752237523375243752537526375273752837529375303753137532375333753437535375363753737538375393754037541375423754337544375453754637547375483754937550375513755237553375543755537556375573755837559375603756137562375633756437565375663756737568375693757037571375723757337574375753757637577375783757937580375813758237583375843758537586375873758837589375903759137592375933759437595375963759737598375993760037601376023760337604376053760637607376083760937610376113761237613376143761537616376173761837619376203762137622376233762437625376263762737628376293763037631376323763337634376353763637637376383763937640376413764237643376443764537646376473764837649376503765137652376533765437655376563765737658376593766037661376623766337664376653766637667376683766937670376713767237673376743767537676376773767837679376803768137682376833768437685376863768737688376893769037691376923769337694376953769637697376983769937700377013770237703377043770537706377073770837709377103771137712377133771437715377163771737718377193772037721377223772337724377253772637727377283772937730377313773237733377343773537736377373773837739377403774137742377433774437745377463774737748377493775037751377523775337754377553775637757377583775937760377613776237763377643776537766377673776837769377703777137772377733777437775377763777737778377793778037781377823778337784377853778637787377883778937790377913779237793377943779537796377973779837799378003780137802378033780437805378063780737808378093781037811378123781337814378153781637817378183781937820378213782237823378243782537826378273782837829378303783137832378333783437835378363783737838378393784037841378423784337844378453784637847378483784937850378513785237853378543785537856378573785837859378603786137862378633786437865378663786737868378693787037871378723787337874378753787637877378783787937880378813788237883378843788537886378873788837889378903789137892378933789437895378963789737898378993790037901379023790337904379053790637907379083790937910379113791237913379143791537916379173791837919379203792137922379233792437925379263792737928379293793037931379323793337934379353793637937379383793937940379413794237943379443794537946379473794837949379503795137952379533795437955379563795737958379593796037961379623796337964379653796637967379683796937970379713797237973379743797537976379773797837979379803798137982379833798437985379863798737988379893799037991379923799337994379953799637997379983799938000380013800238003380043800538006380073800838009380103801138012380133801438015380163801738018380193802038021380223802338024380253802638027380283802938030380313803238033380343803538036380373803838039380403804138042380433804438045380463804738048380493805038051380523805338054380553805638057380583805938060380613806238063380643806538066380673806838069380703807138072380733807438075380763807738078380793808038081380823808338084380853808638087380883808938090380913809238093380943809538096380973809838099381003810138102381033810438105381063810738108381093811038111381123811338114381153811638117381183811938120381213812238123381243812538126381273812838129381303813138132381333813438135381363813738138381393814038141381423814338144381453814638147381483814938150381513815238153381543815538156381573815838159381603816138162381633816438165381663816738168381693817038171381723817338174381753817638177381783817938180381813818238183381843818538186381873818838189381903819138192381933819438195381963819738198381993820038201382023820338204382053820638207382083820938210382113821238213382143821538216382173821838219382203822138222382233822438225382263822738228382293823038231382323823338234382353823638237382383823938240382413824238243382443824538246382473824838249382503825138252382533825438255382563825738258382593826038261382623826338264382653826638267382683826938270382713827238273382743827538276382773827838279382803828138282382833828438285382863828738288382893829038291382923829338294382953829638297382983829938300383013830238303383043830538306383073830838309383103831138312383133831438315383163831738318383193832038321383223832338324383253832638327383283832938330383313833238333383343833538336383373833838339383403834138342383433834438345383463834738348383493835038351383523835338354383553835638357383583835938360383613836238363383643836538366383673836838369383703837138372383733837438375383763837738378383793838038381383823838338384383853838638387383883838938390383913839238393383943839538396383973839838399384003840138402384033840438405384063840738408384093841038411384123841338414384153841638417384183841938420384213842238423384243842538426384273842838429384303843138432384333843438435384363843738438384393844038441384423844338444384453844638447384483844938450384513845238453384543845538456384573845838459384603846138462384633846438465384663846738468384693847038471384723847338474384753847638477384783847938480384813848238483384843848538486384873848838489384903849138492384933849438495384963849738498384993850038501385023850338504385053850638507385083850938510385113851238513385143851538516385173851838519385203852138522385233852438525385263852738528385293853038531385323853338534385353853638537385383853938540385413854238543385443854538546385473854838549385503855138552385533855438555385563855738558385593856038561385623856338564385653856638567385683856938570385713857238573385743857538576385773857838579385803858138582385833858438585385863858738588385893859038591385923859338594385953859638597385983859938600386013860238603386043860538606386073860838609386103861138612386133861438615386163861738618386193862038621386223862338624386253862638627386283862938630386313863238633386343863538636386373863838639386403864138642386433864438645386463864738648386493865038651386523865338654386553865638657386583865938660386613866238663386643866538666386673866838669386703867138672386733867438675386763867738678386793868038681386823868338684386853868638687386883868938690386913869238693386943869538696386973869838699387003870138702387033870438705387063870738708387093871038711387123871338714387153871638717387183871938720387213872238723387243872538726387273872838729387303873138732387333873438735387363873738738387393874038741387423874338744387453874638747387483874938750387513875238753387543875538756387573875838759387603876138762387633876438765387663876738768387693877038771387723877338774387753877638777387783877938780387813878238783387843878538786387873878838789387903879138792387933879438795387963879738798387993880038801388023880338804388053880638807388083880938810388113881238813388143881538816388173881838819388203882138822388233882438825388263882738828388293883038831388323883338834388353883638837388383883938840388413884238843388443884538846388473884838849388503885138852388533885438855388563885738858388593886038861388623886338864388653886638867388683886938870388713887238873388743887538876388773887838879388803888138882388833888438885388863888738888388893889038891388923889338894388953889638897388983889938900389013890238903389043890538906389073890838909389103891138912389133891438915389163891738918389193892038921389223892338924389253892638927389283892938930389313893238933389343893538936389373893838939389403894138942389433894438945389463894738948389493895038951389523895338954389553895638957389583895938960389613896238963389643896538966389673896838969389703897138972389733897438975389763897738978389793898038981389823898338984389853898638987389883898938990389913899238993389943899538996389973899838999390003900139002390033900439005390063900739008390093901039011390123901339014390153901639017390183901939020390213902239023390243902539026390273902839029390303903139032390333903439035390363903739038390393904039041390423904339044390453904639047390483904939050390513905239053390543905539056390573905839059390603906139062390633906439065390663906739068390693907039071390723907339074390753907639077390783907939080390813908239083390843908539086390873908839089390903909139092390933909439095390963909739098390993910039101391023910339104391053910639107391083910939110391113911239113391143911539116391173911839119391203912139122391233912439125391263912739128391293913039131391323913339134391353913639137391383913939140391413914239143391443914539146391473914839149391503915139152391533915439155391563915739158391593916039161391623916339164391653916639167391683916939170391713917239173391743917539176391773917839179391803918139182391833918439185391863918739188391893919039191391923919339194391953919639197391983919939200392013920239203392043920539206392073920839209392103921139212392133921439215392163921739218392193922039221392223922339224392253922639227392283922939230392313923239233392343923539236392373923839239392403924139242392433924439245392463924739248392493925039251392523925339254392553925639257392583925939260392613926239263392643926539266392673926839269392703927139272392733927439275392763927739278392793928039281392823928339284392853928639287392883928939290392913929239293392943929539296392973929839299393003930139302393033930439305393063930739308393093931039311393123931339314393153931639317393183931939320393213932239323393243932539326393273932839329393303933139332393333933439335393363933739338393393934039341393423934339344393453934639347393483934939350393513935239353393543935539356393573935839359393603936139362393633936439365393663936739368393693937039371393723937339374393753937639377393783937939380393813938239383393843938539386393873938839389393903939139392393933939439395393963939739398393993940039401394023940339404394053940639407394083940939410394113941239413394143941539416394173941839419394203942139422394233942439425394263942739428394293943039431394323943339434394353943639437394383943939440394413944239443394443944539446394473944839449394503945139452394533945439455394563945739458394593946039461394623946339464394653946639467394683946939470394713947239473394743947539476394773947839479394803948139482394833948439485394863948739488394893949039491394923949339494394953949639497394983949939500395013950239503395043950539506395073950839509395103951139512395133951439515395163951739518395193952039521395223952339524395253952639527395283952939530395313953239533395343953539536395373953839539395403954139542395433954439545395463954739548395493955039551395523955339554395553955639557395583955939560395613956239563395643956539566395673956839569395703957139572395733957439575395763957739578395793958039581395823958339584395853958639587395883958939590 |
- /* asn.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /*
- * DESCRIPTION
- * This library provides the interface to Abstract Syntax Notation One (ASN.1)
- * objects.
- * ASN.1 is a standard interface description language for defining data
- * structures that can be serialized and deserialized in a cross-platform way.
- *
- * Encoding of ASN.1 is either using Basic Encoding Rules (BER) or
- * Distinguished Encoding Rules (DER). DER has only one possible encoding for a
- * ASN.1 description and the data.
- * Encode using DER and decode BER or DER.
- *
- * Provides routines to convert BER into DER. Replaces indefinite length
- * encoded items with explicit lengths.
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- /*
- ASN Options:
- * NO_ASN_TIME_CHECK: Disables ASN time checks (avoiding the ASN_BEFORE_DATE_E
- * and ASN_AFTER_DATE_E errors). Safer ways to avoid date errors would be to
- * set the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag when calling the _ex versions of
- * cert loading functions or to define the WOLFSSL_NO_OCSP_DATE_CHECK macro to
- * skip OCSP date errors. Defining NO_ASN_TIME_CHECK will skip ALL date checks
- * and could pose a security risk.
- * NO_ASN_TIME: Disables time parts of the ASN code for systems without an RTC
- or wishing to save space.
- * IGNORE_NAME_CONSTRAINTS: Skip ASN name checks.
- * ASN_DUMP_OID: Allows dump of OID information for debugging.
- * RSA_DECODE_EXTRA: Decodes extra information in RSA public key.
- * WOLFSSL_CERT_GEN: Cert generation. Saves extra certificate info in GetName.
- * WOLFSSL_NO_ASN_STRICT: Disable strict RFC compliance checks to
- restore 3.13.0 behavior.
- * WOLFSSL_NO_OCSP_OPTIONAL_CERTS: Skip optional OCSP certs (responder issuer
- must still be trusted)
- * WOLFSSL_NO_TRUSTED_CERTS_VERIFY: Workaround for situation where entire cert
- chain is not loaded. This only matches on subject and public key and
- does not perform a PKI validation, so it is not a secure solution.
- Only enabled for OCSP.
- * WOLFSSL_NO_OCSP_ISSUER_CHECK: Can be defined for backwards compatibility to
- disable checking of https://www.rfc-editor.org/rfc/rfc6960#section-4.2.2.2.
- * WOLFSSL_SMALL_CERT_VERIFY: Verify the certificate signature without using
- DecodedCert. Doubles up on some code but allows smaller dynamic memory
- usage.
- * WOLFSSL_NO_OCSP_DATE_CHECK: Disable date checks for OCSP responses. This
- may be required when the system's real-time clock is not very accurate.
- It is recommended to enforce the nonce check instead if possible.
- * WOLFSSL_NO_CRL_DATE_CHECK: Disable date checks for CRL's.
- * WOLFSSL_NO_CRL_NEXT_DATE: Do not fail if CRL next date is missing
- * WOLFSSL_FORCE_OCSP_NONCE_CHECK: Require nonces to be available in OCSP
- responses. The nonces are optional and may not be supported by all
- responders. If it can be ensured that the used responder sends nonces this
- option may improve security.
- * WOLFSSL_ASN_TEMPLATE: Encoding and decoding using a template.
- * WOLFSSL_DEBUG_ASN_TEMPLATE: Enables debugging output when using ASN.1
- templates.
- * WOLFSSL_ASN_TEMPLATE_TYPE_CHECK: Use ASN functions to better test compiler
- type issues for testing
- * CRLDP_VALIDATE_DATA: For ASN template only, validates the reason data
- * WOLFSSL_AKID_NAME: Enable support for full AuthorityKeyIdentifier extension.
- Only supports copying full AKID from an existing certificate.
- * WOLFSSL_CUSTOM_OID: Enable custom OID support for subject and request
- extensions
- * WOLFSSL_HAVE_ISSUER_NAMES: Store pointers to issuer name components and their
- lengths and encodings.
- * WOLFSSL_SUBJ_DIR_ATTR: Enable support for SubjectDirectoryAttributes
- extension.
- * WOLFSSL_SUBJ_INFO_ACC: Enable support for SubjectInfoAccess extension.
- * WOLFSSL_FPKI: Enable support for FPKI (Federal PKI) extensions.
- * WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the
- cost of taking up more memory. Adds initials, givenname, dnQualifer for
- example.
- * WC_ASN_HASH_SHA256: Force use of SHA2-256 for the internal hash ID calcs.
- * WOLFSSL_ALLOW_ENCODING_CA_FALSE: Allow encoding BasicConstraints CA:FALSE
- * which is discouraged by X.690 specification - default values shall not
- * be encoded.
- * NO_TIME_SIGNEDNESS_CHECK: Disabled the time_t signedness check.
- */
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #ifndef NO_RSA
- #include <wolfssl/wolfcrypt/rsa.h>
- #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL)
- extern int wc_InitRsaHw(RsaKey* key);
- #endif
- #endif
- #ifndef NO_ASN
- #include <wolfssl/wolfcrypt/asn.h>
- #include <wolfssl/wolfcrypt/coding.h>
- #include <wolfssl/wolfcrypt/md2.h>
- #include <wolfssl/wolfcrypt/hmac.h>
- #include <wolfssl/wolfcrypt/pwdbased.h>
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/aes.h>
- #include <wolfssl/wolfcrypt/rc2.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/random.h>
- #include <wolfssl/wolfcrypt/hash.h>
- #ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
- #else
- #define WOLFSSL_MISC_INCLUDED
- #include <wolfcrypt/src/misc.c>
- #endif
- #ifndef NO_RC4
- #include <wolfssl/wolfcrypt/arc4.h>
- #endif
- #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
- #include <wolfssl/wolfcrypt/sha512.h>
- #endif
- #ifndef NO_SHA256
- #include <wolfssl/wolfcrypt/sha256.h>
- #endif
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
- #endif
- #ifdef WOLFSSL_SM2
- #include <wolfssl/wolfcrypt/sm2.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/wolfcrypt/ed25519.h>
- #endif
- #ifdef HAVE_CURVE25519
- #include <wolfssl/wolfcrypt/curve25519.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/wolfcrypt/ed448.h>
- #endif
- #ifdef HAVE_CURVE448
- #include <wolfssl/wolfcrypt/curve448.h>
- #endif
- #ifdef HAVE_PQC
- #if defined(HAVE_FALCON)
- #include <wolfssl/wolfcrypt/falcon.h>
- #endif
- #if defined(HAVE_DILITHIUM)
- #include <wolfssl/wolfcrypt/dilithium.h>
- #endif
- #if defined(HAVE_SPHINCS)
- #include <wolfssl/wolfcrypt/sphincs.h>
- #endif
- #endif
- #ifdef WOLFSSL_QNX_CAAM
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #endif
- #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
- #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
- #endif
- #ifndef NO_DSA
- #include <wolfssl/wolfcrypt/dsa.h>
- #else
- typedef void* DsaKey;
- #endif
- #ifdef WOLF_CRYPTO_CB
- #include <wolfssl/wolfcrypt/cryptocb.h>
- #endif
- #ifndef WOLFCRYPT_ONLY
- #include <wolfssl/internal.h>
- #endif
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- #include <wolfssl/openssl/objects.h>
- #endif
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- #define WOLFSSL_X509_NAME_AVAILABLE
- #endif
- #ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
- #pragma warning(disable: 4996)
- #endif
- #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
- #if !defined(NO_SKID) && (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION))
- #if !defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || \
- HAVE_SELFTEST_VERSION < 2))
- #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
- #define WOLFSSL_AES_KEY_SIZE_ENUM
- enum Asn_Misc {
- AES_IV_SIZE = 16,
- AES_128_KEY_SIZE = 16,
- AES_192_KEY_SIZE = 24,
- AES_256_KEY_SIZE = 32
- };
- #endif
- #endif /* HAVE_SELFTEST */
- #endif
- #if defined(WOLFSSL_ASN_PRINT) || defined(WOLFSSL_DEBUG_ASN_TEMPLATE)
- /* String representations of tags. */
- static const char* tagString[4][32] = {
- /* Universal */
- {
- "EOC",
- "BOOLEAN",
- "INTEGER",
- "BIT STRING",
- "OCTET STRING",
- "NULL",
- "OBJECT ID",
- "ObjectDescriptor",
- "INSTANCE OF",
- "REAL",
- "ENUMERATED",
- "EMBEDDED PDV",
- "UT8String",
- "RELATIVE-OID",
- "(0x0e) 14",
- "(0x0f) 15",
- "SEQUENCE",
- "SET",
- "NumericString",
- "PrintableString",
- "T61String",
- "VideotexString",
- "IA5String",
- "UTCTime",
- "GeneralizedTime",
- "GraphicString",
- "ISO646String",
- "GeneralString",
- "UniversalString",
- "CHARACTER STRING",
- "BMPString",
- "(0x1f) 31",
- },
- /* Application */
- {
- "[A 0]", "[A 1]", "[A 2]", "[A 3]",
- "[A 4]", "[A 5]", "[A 6]", "[A 7]",
- "[A 8]", "[A 9]", "[A 10]", "[A 11]",
- "[A 12]", "[A 13]", "[A 14]", "[A 15]",
- "[A 16]", "[A 17]", "[A 18]", "[A 19]",
- "[A 20]", "[A 21]", "[A 22]", "[A 23]",
- "[A 24]", "[A 25]", "[A 26]", "[A 27]",
- "[A 28]", "[A 20]", "[A 30]", "[A 31]"
- },
- /* Context-Specific */
- {
- "[0]", "[1]", "[2]", "[3]", "[4]", "[5]", "[6]", "[7]",
- "[8]", "[9]", "[10]", "[11]", "[12]", "[13]", "[14]", "[15]",
- "[16]", "[17]", "[18]", "[19]", "[20]", "[21]", "[22]", "[23]",
- "[24]", "[25]", "[26]", "[27]", "[28]", "[20]", "[30]", "[31]"
- },
- /* Private */
- {
- "[P 0]", "[P 1]", "[P 2]", "[P 3]",
- "[P 4]", "[P 5]", "[P 6]", "[P 7]",
- "[P 8]", "[P 9]", "[P 10]", "[P 11]",
- "[P 12]", "[P 13]", "[P 14]", "[P 15]",
- "[P 16]", "[P 17]", "[P 18]", "[P 19]",
- "[P 20]", "[P 21]", "[P 22]", "[P 23]",
- "[P 24]", "[P 25]", "[P 26]", "[P 27]",
- "[P 28]", "[P 20]", "[P 30]", "[P 31]"
- }
- };
- /* Converts a tag byte to string.
- *
- * @param [in] tag BER tag value to interpret.
- * @return String corresponding to tag.
- */
- static const char* TagString(byte tag)
- {
- return tagString[tag >> 6][tag & ASN_TYPE_MASK];
- }
- #endif
- /* Calculates the minimum number of bytes required to encode the value.
- *
- * @param [in] value Value to be encoded.
- * @return Number of bytes to encode value.
- */
- static word32 BytePrecision(word32 value)
- {
- word32 i;
- for (i = (word32)sizeof(value); i; --i)
- if (value >> ((i - 1) * WOLFSSL_BIT_SIZE))
- break;
- return i;
- }
- /* DER encodes the length value in output buffer.
- *
- * 0 -> 2^7-1: <len byte>.
- * 2^7 -> : <0x80 + #bytes> <len big-endian bytes>
- *
- * @param [in] length Value to encode.
- * @param [in, out] output Buffer to encode into.
- * @return Number of bytes used in encoding.
- */
- WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output)
- {
- word32 i = 0;
- if (length < ASN_LONG_LENGTH)
- output[i++] = (byte)length;
- else {
- word32 j;
- output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
- for (j = BytePrecision(length); j; --j) {
- output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
- i++;
- }
- }
- return i;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Calculate the size of a DER encoded length value.
- *
- * 0 -> 2^7-1: <length byte>.
- * 2^7 -> : <0x80 + #bytes> <big-endian length bytes>
- *
- * @param [in] length Value to encode.
- * @return Number of bytes required to encode.
- */
- static word32 SizeASNLength(word32 length)
- {
- return 1 + ((length >= ASN_LONG_LENGTH) ? BytePrecision(length) : 0);
- }
- /* Calculate the size of a DER encoded header.
- *
- * Header = Tag | Encoded length
- *
- * @param [in] length Length value to encode.
- * @return Number of bytes required to encode a DER header.
- */
- #define SizeASNHeader(length) \
- (1 + SizeASNLength(length))
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- #ifdef WOLFSSL_SMALL_STACK
- /* Declare the variable that is the dynamic data for decoding BER data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- */
- #define DECL_ASNGETDATA(name, cnt) \
- ASNGetData* name = NULL
- /* Allocates the dynamic BER decoding data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- * @param [in, out] err Error variable.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define ALLOC_ASNGETDATA(name, cnt, err, heap) \
- do { \
- if ((err) == 0) { \
- (name) = (ASNGetData*)XMALLOC(sizeof(ASNGetData) * (cnt), (heap), \
- DYNAMIC_TYPE_TMP_BUFFER); \
- if ((name) == NULL) { \
- (err) = MEMORY_E; \
- } \
- } \
- } \
- while (0)
- /* Allocates the dynamic BER decoding data and clears the memory.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- * @param [in, out] err Error variable.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define CALLOC_ASNGETDATA(name, cnt, err, heap) \
- do { \
- ALLOC_ASNGETDATA(name, cnt, err, heap); \
- if ((err) == 0) { \
- XMEMSET((name), 0, sizeof(ASNGetData) * (cnt)); \
- } \
- } \
- while (0)
- /* Disposes of the dynamic BER decoding data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define FREE_ASNGETDATA(name, heap) \
- do { \
- if ((name) != NULL) { \
- XFREE((name), (heap), DYNAMIC_TYPE_TMP_BUFFER); \
- } \
- } \
- while (0)
- /* Declare the variable that is the dynamic data for encoding DER data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- */
- #define DECL_ASNSETDATA(name, cnt) \
- ASNSetData* name = NULL
- /* Allocates the dynamic DER encoding data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- * @param [in, out] err Error variable.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define ALLOC_ASNSETDATA(name, cnt, err, heap) \
- do { \
- if ((err) == 0) { \
- (name) = (ASNSetData*)XMALLOC(sizeof(ASNGetData) * (cnt), (heap), \
- DYNAMIC_TYPE_TMP_BUFFER); \
- if ((name) == NULL) { \
- (err) = MEMORY_E; \
- } \
- } \
- } \
- while (0)
- /* Allocates the dynamic DER encoding data and clears the memory.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- * @param [in, out] err Error variable.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define CALLOC_ASNSETDATA(name, cnt, err, heap) \
- do { \
- ALLOC_ASNSETDATA(name, cnt, err, heap); \
- if ((err) == 0) { \
- XMEMSET(name, 0, sizeof(ASNSetData) * (cnt)); \
- } \
- } \
- while (0)
- /* Disposes of the dynamic DER encoding data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define FREE_ASNSETDATA(name, heap) \
- do { \
- if ((name) != NULL) { \
- XFREE(name, heap, DYNAMIC_TYPE_TMP_BUFFER); \
- } \
- } \
- while (0)
- #else
- /* Declare the variable that is the dynamic data for decoding BER data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- */
- #define DECL_ASNGETDATA(name, cnt) \
- ASNGetData name[cnt]
- /* No implementation as declaration is static.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- * @param [in, out] err Error variable.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define ALLOC_ASNGETDATA(name, cnt, err, heap) WC_DO_NOTHING
- /* Clears the memory of the dynamic BER encoding data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- * @param [in, out] err Error variable.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define CALLOC_ASNGETDATA(name, cnt, err, heap) \
- XMEMSET(name, 0, sizeof(name))
- /* No implementation as declaration is static.
- *
- * @param [in] name Variable name to declare.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define FREE_ASNGETDATA(name, heap) WC_DO_NOTHING
- /* Declare the variable that is the dynamic data for encoding DER data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- */
- #define DECL_ASNSETDATA(name, cnt) \
- ASNSetData name[cnt]
- /* No implementation as declaration is static.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- * @param [in, out] err Error variable.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define ALLOC_ASNSETDATA(name, cnt, err, heap) WC_DO_NOTHING
- /* Clears the memory of the dynamic BER encoding data.
- *
- * @param [in] name Variable name to declare.
- * @param [in] cnt Number of elements required.
- * @param [in, out] err Error variable.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define CALLOC_ASNSETDATA(name, cnt, err, heap) \
- XMEMSET(name, 0, sizeof(name))
- /* No implementation as declaration is static.
- *
- * @param [in] name Variable name to declare.
- * @param [in] heap Dynamic memory allocation hint.
- */
- #define FREE_ASNSETDATA(name, heap) WC_DO_NOTHING
- #endif
- #ifdef DEBUG_WOLFSSL
- /* Enable this when debugging the parsing or creation of ASN.1 data. */
- #if 0
- #define WOLFSSL_DEBUG_ASN_TEMPLATE
- #endif
- #endif
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- #include <stdarg.h>
- /* Log a message that has the printf format string.
- *
- * @param [in] <va_args> printf style arguments.
- */
- #define WOLFSSL_MSG_VSNPRINTF(...) \
- do { \
- char line[81]; \
- snprintf(line, sizeof(line) - 1, __VA_ARGS__); \
- line[sizeof(line) - 1] = '\0'; \
- WOLFSSL_MSG(line); \
- } \
- while (0)
- #endif
- /* Returns whether ASN.1 item is an integer and the Most-Significant Bit is set.
- *
- * @param [in] asn ASN.1 items to encode.
- * @param [in] data_a Data to place in each item. Lengths set were not known.
- * @param [in] i Index of item to check.
- * @return 1 when ASN.1 item is an integer and MSB is 1.
- * @return 0 otherwise.
- */
- #define ASNIntMSBSet(asn, data_a, i) \
- (((asn)[i].tag == ASN_INTEGER) && \
- ((data_a)[i].data.buffer.data != NULL && \
- ((data_a)[i].data.buffer.data[0] & 0x80) == 0x80))
- /* Calculate the size of a DER encoded number.
- *
- * @param [in] n Number to be encoded.
- * @param [in] bits Maximum number of bits to encode.
- * @param [in] tag BER tag e.g. INTEGER, BIT_STRING, etc.
- * @return Number of bytes to the ASN.1 item.
- */
- static word32 SizeASN_Num(word32 n, int bits, byte tag)
- {
- int j;
- word32 len;
- len = 1 + 1 + (word32)bits / 8;
- /* Discover actual size by checking for high zeros. */
- for (j = bits - 8; j > 0; j -= 8) {
- if (n >> j)
- break;
- len--;
- }
- if (tag == ASN_BIT_STRING)
- len++;
- else if ((tag == ASN_INTEGER) && (((n >> j) & 0x80) == 0x80))
- len++;
- return len;
- }
- /* Calculate the size of the data in the constructed item based on the
- * length of the ASN.1 items below.
- *
- * @param [in] asn ASN.1 items to encode.
- * @param [in, out] data Data to place in each item. Lengths set were not
- * known.
- * @param [in] idx Index of item working on.
- */
- static void SizeASN_CalcDataLength(const ASNItem* asn, ASNSetData *data,
- int idx, int maxIdx)
- {
- int j;
- data[idx].data.buffer.length = 0;
- /* Sum the item length of all items underneath. */
- for (j = idx + 1; j < maxIdx; j++) {
- /* Stop looking if the next ASN.1 is same level or higher. */
- if (asn[j].depth <= asn[idx].depth)
- break;
- /* Only add in length if it is one level below. */
- if (asn[j].depth - 1 == asn[idx].depth) {
- data[idx].data.buffer.length += data[j].length;
- /* The length of a header only item doesn't include the data unless
- * a replacement buffer is supplied.
- */
- if (asn[j].headerOnly && data[j].data.buffer.data == NULL &&
- data[j].dataType != ASN_DATA_TYPE_REPLACE_BUFFER) {
- data[idx].data.buffer.length += data[j].data.buffer.length;
- }
- }
- }
- }
- /* Calculate the size of the DER encoding.
- *
- * Call SetASN_Items() to write encoding to a buffer.
- *
- * @param [in] asn ASN.1 items to encode.
- * @param [in, out] data Data to place in each item. Lengths set where not
- * known.
- * @param [in] count Count of items to encode.
- * @param [out] encSz Length of the DER encoding.
- * @return 0 on success.
- * @return BAD_STATE_E when the data type is not supported.
- */
- int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz)
- {
- int i;
- word32 sz = 0;
- word32 len;
- word32 dataLen;
- int length;
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_ENTER("SizeASN_Items");
- #endif
- for (i = count - 1; i >= 0; i--) {
- /* Skip this ASN.1 item when encoding. */
- if (data[i].noOut) {
- /* Set the offset to the current size - used in writing DER. */
- data[i].offset = sz;
- continue;
- }
- len = 0;
- switch (data[i].dataType) {
- /* Calculate the size of the number of different sizes. */
- case ASN_DATA_TYPE_WORD8:
- len = SizeASN_Num(data[i].data.u8, 8, asn[i].tag);
- break;
- case ASN_DATA_TYPE_WORD16:
- len = SizeASN_Num(data[i].data.u16, 16, asn[i].tag);
- break;
- #ifdef WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
- /* Not used yet! */
- case ASN_DATA_TYPE_WORD32:
- len = SizeASN_Num(data[i].data.u32, 32, asn[i].tag);
- break;
- #endif
- case ASN_DATA_TYPE_MP:
- /* Calculate the size of the MP integer data. */
- length = mp_unsigned_bin_size(data[i].data.mp);
- length += mp_leading_bit(data[i].data.mp) ? 1 : 0;
- len = (word32)SizeASNHeader((word32)length) + (word32)length;
- break;
- case ASN_DATA_TYPE_REPLACE_BUFFER:
- /* Buffer is put in directly - use the length. */
- len = data[i].data.buffer.length;
- break;
- case ASN_DATA_TYPE_NONE:
- /* Calculate the size based on the data to be included.
- * Mostly used for constructed items.
- */
- if (asn[i].headerOnly) {
- if (data[i].data.buffer.data != NULL) {
- /* Force all child nodes to be ignored. Buffer
- * overwrites children. */
- {
- int ii;
- for (ii = i + 1; ii < count; ii++) {
- if (asn[ii].depth <= asn[i].depth)
- break;
- sz -= data[ii].length;
- data[ii].noOut = 1;
- }
- }
- }
- else {
- /* Calculate data length from items below if no buffer
- * supplied. */
- SizeASN_CalcDataLength(asn, data, i, count);
- }
- }
- if (asn[i].tag == ASN_BOOLEAN) {
- dataLen = 1;
- }
- else {
- dataLen = data[i].data.buffer.length;
- }
- /* BIT_STRING and INTEGER have one byte prepended. */
- if ((asn[i].tag == ASN_BIT_STRING) ||
- ASNIntMSBSet(asn, data, i)) {
- dataLen++;
- /* ASN.1 items are below and cannot include extra byte. */
- if (asn[i].headerOnly) {
- len++;
- }
- }
- /* Add in the size of tag and length. */
- len += SizeASNHeader(dataLen);
- /* Include data in length if not header only or if
- * buffer supplied. */
- if (!asn[i].headerOnly || data[i].data.buffer.data != NULL) {
- len += dataLen;
- }
- break;
- #ifdef DEBUG_WOLFSSL
- default:
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("%2d: %d", i, data[i].dataType);
- WOLFSSL_MSG("Bad data type");
- #endif
- return BAD_STATE_E;
- #endif
- }
- /* Set the total length of the item. */
- data[i].length = len;
- /* Add length to total size. */
- sz += len;
- /* Set the offset to the current size - used in writing DER. */
- data[i].offset = sz;
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("%2d: %4d %4d %c %*s %-16s", i,
- data[i].offset, data[i].length, asn[i].constructed ? '+' : ' ',
- asn[i].depth, "", TagString(asn[i].tag));
- #endif
- }
- *encSz = (int)sz;
- return 0;
- }
- /* Create the DER encoding of a number.
- *
- * Assumes that the out buffer is large enough for encoding.
- *
- * @param [in] n Number to be encoded.
- * @param [in] bits Maximum number of bits to encode.
- * @param [in] tag DER tag e.g. INTEGER, BIT_STRING, etc.
- */
- static void SetASN_Num(word32 n, int bits, byte* out, byte tag)
- {
- int j;
- word32 idx;
- byte len;
- /* Encoding: Tag (1 byte) | Length (1 byte) | Data (number) */
- /* Data will start at index 2 unless BIT_STRING or INTEGER */
- idx = 2;
- /* Set the length of the number based on maximum bit length. */
- len = (byte)(bits / 8);
- /* Discover actual size by checking for leading zero bytes. */
- for (j = bits - 8; j > 0; j -= 8) {
- if ((n >> j) != 0) {
- break;
- }
- len--;
- }
- /* Keep j, index of first non-zero byte, for writing out. */
- /* A BIT_STRING has the number of unused bits in last byte prepended to
- * data.
- */
- if (tag == ASN_BIT_STRING) {
- byte unusedBits = 0;
- byte lastByte = (byte)(n >> j);
- /* Quick check last bit. */
- if ((lastByte & 0x01) == 0x00) {
- unusedBits++;
- /* Check each bit for first least significant bit set. */
- while (((lastByte >> unusedBits) & 0x01) == 0x00)
- unusedBits++;
- }
- /* Add unused bits byte. */
- len++;
- out[idx++] = unusedBits;
- }
- /* An INTEGER has a prepended byte if MSB of number is 1 - makes encoded
- * value positive. */
- if ((tag == ASN_INTEGER) && (((n >> j) & 0x80) == 0x80)) {
- len++;
- out[idx++] = 0;
- }
- /* Go back and put in length. */
- out[1] = len;
- /* Place in the required bytes of the number. */
- for (; j >= 0; j -= 8)
- out[idx++] = (byte)(n >> j);
- }
- /* Creates the DER encoding of the ASN.1 items.
- *
- * Assumes the output buffer is large enough to hold encoding.
- * Must call SizeASN_Items() to determine size of encoding and offsets.
- *
- * @param [in] asn ASN.1 items to encode.
- * @param [in] data Data to place in each item.
- * @param [in] count Count of items to encode.
- * @param [in, out] output Buffer to write encoding into.
- * @return Size of the DER encoding in bytes.
- */
- int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output)
- {
- int i;
- int length;
- int err;
- word32 sz;
- word32 idx;
- byte* out;
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_ENTER("SetASN_Items");
- #endif
- /* Offset of first item is the total length.
- * SizeASN_Items() calculated this. */
- sz = data[0].offset;
- /* Write out each item. */
- for (i = 0; i < count; i++) {
- /* Skip items not writing out. */
- if (data[i].noOut)
- continue;
- /* Start position to write item based on reverse offsets. */
- out = output + sz - data[i].offset;
- /* Index from start of item out. */
- idx = 0;
- if (data[i].dataType != ASN_DATA_TYPE_REPLACE_BUFFER) {
- /* Put in the tag - not dumping in DER from buffer. */
- out[idx++] = asn[i].tag |
- (asn[i].constructed ? ASN_CONSTRUCTED : 0);
- }
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("%2d: %4d %4d %c %*s %-16s", i,
- sz - data[i].offset,
- data[i].length, asn[i].constructed ? '+' : ' ', asn[i].depth,
- "", TagString(asn[i].tag));
- #endif
- switch (data[i].dataType) {
- /* Write out the length and data of a number. */
- case ASN_DATA_TYPE_WORD8:
- SetASN_Num(data[i].data.u8, 8, out, asn[i].tag);
- break;
- case ASN_DATA_TYPE_WORD16:
- SetASN_Num(data[i].data.u16, 16, out, asn[i].tag);
- break;
- #ifdef WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
- /* Not used yet! */
- case ASN_DATA_TYPE_WORD32:
- SetASN_Num(data[i].data.u32, 32, out, asn[i].tag);
- break;
- #endif
- /* Write out the length and data of a multi-precision number. */
- case ASN_DATA_TYPE_MP:
- /* Get length in bytes. */
- length = mp_unsigned_bin_size(data[i].data.mp);
- /* Add one for leading zero to make encoding a positive num. */
- length += mp_leading_bit(data[i].data.mp) ? 1 : 0;
- /* Write out length. */
- idx += SetASNLength((word32)length, out + idx);
- /* Write out leading zero to make positive. */
- if (mp_leading_bit(data[i].data.mp)) {
- out[idx++] = 0;
- }
- /* Encode number in big-endian byte array. */
- err = mp_to_unsigned_bin(data[i].data.mp, out + idx);
- if (err != MP_OKAY) {
- WOLFSSL_MSG("SetASN_Items: Failed to write mp_int");
- return MP_TO_E;
- }
- break;
- case ASN_DATA_TYPE_REPLACE_BUFFER:
- if (data[i].data.buffer.data == NULL) {
- /* Return pointer for caller to use. */
- data[i].data.buffer.data = out + idx;
- }
- else {
- /* Dump in the DER encoded data. */
- XMEMCPY(out + idx, data[i].data.buffer.data,
- data[i].data.buffer.length);
- }
- break;
- case ASN_DATA_TYPE_NONE:
- if (asn[i].tag == ASN_BOOLEAN) {
- /* Always one byte of data. */
- out[idx++] = 1;
- /* TRUE = 0xff, FALSE = 0x00 */
- out[idx] = data[i].data.u8 ? 0xffU : 0x00U;
- }
- else if (asn[i].tag == ASN_TAG_NULL) {
- /* NULL tag is always a zero length item. */
- out[idx] = 0;
- }
- else {
- word32 dataLen = data[i].data.buffer.length;
- /* Add one to data length for BIT_STRING unused bits and
- * INTEGER leading zero to make positive.
- */
- if ((asn[i].tag == ASN_BIT_STRING) ||
- ASNIntMSBSet(asn, data, i)) {
- dataLen++;
- }
- /* Write out length. */
- idx += SetASNLength(dataLen, out + idx);
- if ((asn[i].tag == ASN_BIT_STRING) ||
- ASNIntMSBSet(asn, data, i)) {
- /* Write out leading byte. BIT_STRING has no unused bits
- * - use number data types if needed. */
- out[idx++] = 0x00;
- }
- /* Record pointer for caller if data not supplied. */
- if (data[i].data.buffer.data == NULL) {
- data[i].data.buffer.data = out + idx;
- }
- /* Copy supplied data if not putting out header only or
- * if buffer supplied. */
- else if (!asn[i].headerOnly ||
- data[i].data.buffer.data != NULL) {
- /* Allow data to come from output buffer. */
- XMEMMOVE(out + idx, data[i].data.buffer.data,
- data[i].data.buffer.length);
- }
- }
- break;
- #ifdef DEBUG_WOLFSSL
- default:
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Bad data type: %d", data[i].dataType);
- #endif
- return BAD_STATE_E;
- #endif
- }
- }
- return (int)sz;
- }
- static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
- word32 oidType, int length);
- /* Maximum supported depth in ASN.1 description. */
- #define GET_ASN_MAX_DEPTH 7
- /* Maximum number of checked numbered choices. Only one of the items with the
- * number is allowed.
- */
- #define GET_ASN_MAX_CHOICES 2
- /* Use existing function to decode BER length encoding. */
- #define GetASN_Length GetLength_ex
- /* Check an INTEGER's first byte - must be a positive number.
- *
- * @param [in] input BER encoded data.
- * @param [in] idx Index of BIT_STRING data.
- * @param [in] length Length of input data.
- * @param [in] positive Indicates number must be positive.
- * @return 0 on success.
- * @return ASN_PARSE_E when 0 is not required but seen.
- * @return ASN_EXPECT_0_E when 0 is required and not seen.
- */
- static int GetASN_Integer(const byte* input, word32 idx, int length,
- int positive)
- {
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- /* Check contents consist of one or more octets. */
- if (length == 0) {
- WOLFSSL_MSG("Zero length INTEGER not allowed");
- return ASN_PARSE_E;
- }
- #endif
- if (input[idx] == 0) {
- /* Check leading zero byte required. */
- if ((length > 1) && ((input[idx + 1] & 0x80) == 0)) {
- WOLFSSL_MSG("Zero not required on INTEGER");
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- return ASN_PARSE_E;
- #endif
- }
- }
- /* check for invalid padding on negative integer.
- * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1
- */
- else if ((length > 1) && (input[idx] == 0xff) &&
- ((input[idx + 1] & 0x80) != 0)) {
- WOLFSSL_MSG("Bad INTEGER encoding of negative");
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- return ASN_EXPECT_0_E;
- #endif /* WOLFSSL_ASN_INT_LEAD_0_ANY */
- }
- /* Check whether a leading zero byte was required. */
- else if (positive && (input[idx] & 0x80)) {
- WOLFSSL_MSG("INTEGER is negative");
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- return ASN_EXPECT_0_E;
- #endif /* WOLFSSL_ASN_INT_LEAD_0_ANY */
- }
- return 0;
- }
- /* Check a BIT_STRING's first byte - unused bits.
- *
- * @param [in] input BER encoded data.
- * @param [in] idx Index of BIT_STRING data.
- * @param [in] length Length of input data.
- * @return 0 on success.
- * @return ASN_PARSE_E when unused bits is invalid.
- */
- static int GetASN_BitString(const byte* input, word32 idx, int length)
- {
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- /* Check contents consist of one or more octets. */
- if (length == 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG("Zero length BIT STRING not allowed");
- #endif
- return ASN_PARSE_E;
- }
- #endif
- /* Ensure unused bits value is valid range. */
- if (input[idx] > 7) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("BIT STRING unused bits too big: %d > 7",
- input[idx]);
- #endif
- return ASN_PARSE_E;
- }
- /* Ensure unused bits are zero. */
- if ((byte)(input[idx + (word32)length - 1] << (8 - input[idx])) != 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("BIT STRING unused bits used: %d %02x",
- input[idx], input[idx + length - 1]);
- #endif
- return ASN_PARSE_E;
- }
- return 0;
- }
- #ifndef WOLFSSL_NO_ASN_STRICT
- /* Check a UTF8STRING's data is valid.
- *
- * @param [in] input BER encoded data.
- * @param [in] idx Index of UTF8STRING data.
- * @param [in] length Length of input data.
- * @return 0 on success.
- * @return ASN_PARSE_E when data is invalid.
- */
- static int GetASN_UTF8String(const byte* input, word32 idx, int length)
- {
- int ret = 0;
- word32 i = 0;
- while ((ret == 0) && ((int)i < length)) {
- int cnt;
- /* Check code points and get count of following bytes. */
- if ((input[idx + i] & 0x80) == 0x00) {
- cnt = 0;
- }
- else if ((input[idx + i] & 0xe0) == 0xc0) {
- cnt = 1;
- }
- else if ((input[idx + i] & 0xf0) == 0xe0) {
- cnt = 2;
- }
- else if ((input[idx + i] & 0xf8) == 0xf0) {
- cnt = 3;
- }
- else {
- WOLFSSL_MSG("Invalid character in UTF8STRING\n");
- ret = ASN_PARSE_E;
- break;
- }
- /* Have checked first byte. */
- i++;
- /* Check each following byte. */
- for (; cnt > 0; cnt--) {
- /* Check we have enough data. */
- if ((int)i == length) {
- WOLFSSL_MSG("Missing character in UTF8STRING\n");
- ret = ASN_PARSE_E;
- break;
- }
- /* Check following byte has top bit set. */
- if ((input[idx + i] & 0x80) != 0x80) {
- WOLFSSL_MSG("Invalid character in UTF8STRING\n");
- ret = ASN_PARSE_E;
- break;
- }
- i++;
- }
- }
- return ret;
- }
- #endif
- /* Check an OBJECT IDENTIFIER's data is valid.
- *
- * X.690 8.19
- *
- * @param [in] input BER encoded data.
- * @param [in] idx Index of OBJECT IDENTIFIER data.
- * @param [in] length Length of input data.
- * @return 0 on success.
- * @return ASN_PARSE_E when data is invalid.
- */
- static int GetASN_ObjectId(const byte* input, word32 idx, int length)
- {
- int ret = 0;
- /* OID data must be at least 3 bytes. */
- if (length < 3) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", len);
- #else
- WOLFSSL_MSG("OID length less than 3");
- #endif
- ret = ASN_PARSE_E;
- }
- /* Last octet of a subidentifier has bit 8 clear. Last octet must be last
- * of a subidentifier. Ensure last octet hasn't got top bit set indicating.
- */
- else if ((input[(int)idx + length - 1] & 0x80) != 0x00) {
- WOLFSSL_MSG("OID last octet has top bit set");
- ret = ASN_PARSE_E;
- }
- return ret;
- }
- /* Get the ASN.1 items from the BER encoding.
- *
- * @param [in] asn ASN.1 item expected.
- * @param [in] data Data array to place found item into.
- * @param [in] input BER encoded data.
- * @param [in] idx Starting index of item data.
- * @param [in] len Length of input buffer upto end of this item's data.
- * @param [in] zeroPadded INTEGER was zero padded to make positive.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data is invalid.
- * @return ASN_EXPECT_0_E when NULL tagged item has a non-zero length.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- * @return BAD_STATE_E when the data type is not supported.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
- const byte* input, word32 idx, int len,
- int zeroPadded)
- {
- int i;
- int err;
- /* Parse data based on data type to extract. */
- switch (data->dataType) {
- /* Parse a data into a number of specified bits. */
- case ASN_DATA_TYPE_WORD8:
- /* Check data is small enough to fit. */
- if (len != 1) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Expecting one byte: %d", len);
- #endif
- return ASN_PARSE_E;
- }
- /* Fill number with all of data. */
- *data->data.u8 = input[idx];
- break;
- case ASN_DATA_TYPE_WORD16:
- /* Check data is small enough to fit. */
- if (len == 0 || len > 2) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Expecting 1 or 2 bytes: %d", len);
- #endif
- return ASN_PARSE_E;
- }
- /* Fill number with all of data. */
- *data->data.u16 = 0;
- for (i = 0; i < len; i++) {
- *data->data.u16 <<= 8;
- *data->data.u16 |= input[idx + (word32)i] ;
- }
- break;
- case ASN_DATA_TYPE_WORD32:
- /* Check data is small enough to fit. */
- if (len == 0 || len > 4) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Expecting 1 to 4 bytes: %d", len);
- #endif
- return ASN_PARSE_E;
- }
- /* Fill number with all of data. */
- *data->data.u32 = 0;
- for (i = 0; i < len; i++) {
- *data->data.u32 <<= 8;
- *data->data.u32 |= input[idx + (word32)i] ;
- }
- break;
- case ASN_DATA_TYPE_BUFFER:
- /* Check buffer is big enough to hold data. */
- if (len > (int)*data->data.buffer.length) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Buffer too small for data: %d %d", len,
- *data->data.buffer.length);
- #endif
- return ASN_PARSE_E;
- }
- /* Copy in data and record actual length seen. */
- XMEMCPY(data->data.buffer.data, input + idx, (size_t)len);
- *data->data.buffer.length = (word32)len;
- break;
- case ASN_DATA_TYPE_EXP_BUFFER:
- /* Check data is same size expected. */
- if (len != (int)data->data.ref.length) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Data not expected length: %d %d", len,
- data->data.ref.length);
- #endif
- return ASN_PARSE_E;
- }
- /* Check data is same as expected. */
- if (XMEMCMP(data->data.ref.data, input + idx, (size_t)len) != 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG("Data not as expected");
- #endif
- return ASN_PARSE_E;
- }
- break;
- case ASN_DATA_TYPE_MP:
- case ASN_DATA_TYPE_MP_POS_NEG:
- /* Initialize mp_int and read in big-endian byte array. */
- if (mp_init(data->data.mp) != MP_OKAY) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Failed to init mp: %p", data->data.mp);
- #endif
- return MP_INIT_E;
- }
- FALL_THROUGH;
- case ASN_DATA_TYPE_MP_INITED:
- err = mp_read_unsigned_bin(data->data.mp, (byte*)input + idx,
- (word32)len);
- if (err != 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Failed to read mp: %d", err);
- #endif
- mp_clear(data->data.mp);
- return ASN_GETINT_E;
- }
- #ifdef HAVE_WOLF_BIGINT
- err = wc_bigint_from_unsigned_bin(&data->data.mp->raw, input + idx,
- len);
- if (err != 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Failed to create bigint: %d", err);
- #endif
- mp_clear(data->data.mp);
- return ASN_GETINT_E;
- }
- #endif /* HAVE_WOLF_BIGINT */
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- /* Don't always read as positive. */
- if ((data->dataType == ASN_DATA_TYPE_MP_POS_NEG) && (!zeroPadded) &&
- (input[idx] & 0x80)) {
- #ifdef MP_NEG
- data->data.mp->sign = MP_NEG;
- #else
- #ifdef OPENSSL_EXTRA
- /* public API wolfSSL_ASN1_INTEGER_get() depends
- * indirectly on negative bignum handling here.
- */
- #error OPENSSL_EXTRA requires negative bignum support.
- #endif
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("ASN negative integer without bignum support.");
- #endif
- mp_clear(data->data.mp);
- return ASN_GETINT_E;
- #endif
- }
- #else
- (void)zeroPadded;
- #endif
- break;
- case ASN_DATA_TYPE_CHOICE:
- /* Check if tag matched any of the choices specified. */
- for (i = 0; data->data.choice[i] != 0; i++)
- if (data->data.choice[i] == data->tag)
- break;
- if (data->data.choice[i] == 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG("Tag didn't match a choice");
- #endif
- return ASN_PARSE_E;
- }
- /* Store data pointer and length for caller. */
- data->data.ref.data = input + idx;
- data->data.ref.length = (word32)len;
- break;
- case ASN_DATA_TYPE_NONE:
- /* Default behaviour based on tag. */
- if (asn->tag == ASN_BOOLEAN) {
- /* BOOLEAN has only one byte of data in BER. */
- if (len != 1) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("BOOLEAN length too long: %d", len);
- #endif
- return ASN_PARSE_E;
- }
- if (data->data.u8 == NULL)
- return BAD_STATE_E;
- /* Store C boolean value. */
- *data->data.u8 = (input[idx] != 0);
- break;
- }
- if (asn->tag == ASN_TAG_NULL) {
- /* NULL has no data in BER. */
- if (len != 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("NULL length too long: %d", len);
- #endif
- return ASN_EXPECT_0_E;
- }
- data->data.ref.data = input + idx;
- break;
- }
- if (asn->tag == ASN_OBJECT_ID) {
- word32 oidIdx = 0;
- /* Store OID data pointer and length */
- data->data.oid.data = input + idx;
- data->data.oid.length = (word32)len;
- /* Get the OID sum. */
- err = GetOID(input + idx, &oidIdx, &data->data.oid.sum,
- data->data.oid.type, len);
- if (err < 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("OID check failed: %d", err);
- #endif
- return err;
- }
- break;
- }
- /* Otherwise store data pointer and length. */
- data->data.ref.data = input + idx;
- data->data.ref.length = (word32)len;
- break;
- #ifdef DEBUG_WOLFSSL
- default:
- /* Bad ASN data type. */
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Bad data type: %d", data->dataType);
- #endif
- return BAD_STATE_E;
- #endif
- }
- return 0;
- }
- /* Get the ASN.1 items from the BER encoding.
- *
- * @param [in] asn ASN.1 items expected.
- * @param [in] data Data array to place found items into.
- * @param [in] count Count of items to parse.
- * @param [in] complete Whether the whole buffer is to be used up.
- * @param [in] input BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of data.
- * On out, end of parsed data.
- * @param [in] length Length of input buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- * @return BAD_STATE_E when the data type is not supported.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
- const byte* input, word32* inOutIdx, word32 length)
- {
- int i;
- int j;
- int err;
- int len;
- /* Current index into buffer. */
- word32 idx = *inOutIdx;
- /* Declare the end index array. */
- word32 endIdx[GET_ASN_MAX_DEPTH];
- /* Set choices to -1 to indicate they haven't been seen or found. */
- signed char choiceMet[GET_ASN_MAX_CHOICES] = { -1, -1 };
- /* Not matching a choice right now. */
- int choice = 0;
- /* Current depth of ASN.1 item. */
- int depth;
- /* Minimum depth value seen. */
- int minDepth;
- /* Integer had a zero prepended. */
- int zeroPadded;
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_ENTER("GetASN_Items");
- #endif
- /* Set the end index at each depth to be the length. */
- for (i=0; i<GET_ASN_MAX_DEPTH; i++) {
- endIdx[i] = length;
- }
- /* Start depth at first items depth. */
- minDepth = depth = asn[0].depth;
- /* Check every ASN.1 item. */
- for (i = 0; i < count; i++) {
- /* Store offset of ASN.1 item. */
- data[i].offset = idx;
- /* Length of data in ASN.1 item starts empty. */
- data[i].length = 0;
- /* Get current item depth. */
- depth = asn[i].depth;
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- if (depth > GET_ASN_MAX_DEPTH) {
- WOLFSSL_MSG("Depth in template too large");
- return ASN_PARSE_E;
- }
- #endif
- /* Keep track of minimum depth. */
- if (depth < minDepth) {
- minDepth = depth;
- }
- /* Reset choice if different from previous. */
- if (choice > 0 && asn[i].optional != choice) {
- choice = 0;
- }
- /* Check if first of numbered choice. */
- if (choice == 0 && asn[i].optional > 1) {
- choice = asn[i].optional;
- if (choiceMet[choice - 2] == -1) {
- /* Choice seen but not found a match yet. */
- choiceMet[choice - 2] = 0;
- }
- }
- /* Check for end of data or not a choice and tag not matching. */
- if (idx == endIdx[depth] || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
- (input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) {
- if (asn[i].optional) {
- /* Skip over ASN.1 items underneath this optional item. */
- for (j = i + 1; j < count; j++) {
- if (asn[i].depth >= asn[j].depth)
- break;
- data[j].offset = idx;
- data[j].length = 0;
- }
- i = j - 1;
- continue;
- }
- /* Check for end of data. */
- if (idx == length) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF(
- "%2d: %4d %4d %c %*s %-16s%*s (index past end)",
- i, data[i].offset, data[i].length,
- asn[i].constructed ? '+' : ' ', asn[i].depth, "",
- TagString(asn[i].tag), 6 - asn[i].depth, "");
- WOLFSSL_MSG_VSNPRINTF("Index past end of data: %d %d", idx,
- length);
- #endif
- return BUFFER_E;
- }
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- /* Show expected versus found. */
- WOLFSSL_MSG_VSNPRINTF(
- "%2d: %4d %4d %c %*s %-16s%*s Tag=0x%02x (%s)",
- i, data[i].offset, data[i].length,
- asn[i].constructed ? '+' : ' ', asn[i].depth, "",
- TagString(asn[i].tag), 6 - asn[i].depth, "",
- input[idx], TagString(input[idx]));
- #endif
- /* Check for end of data at this depth. */
- if (idx == endIdx[depth]) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Index past outer item: %d %d", idx,
- endIdx[depth]);
- #endif
- return ASN_PARSE_E;
- }
- /* Expecting an OBJECT_ID */
- if (asn[i].tag == ASN_OBJECT_ID) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG("Expecting OBJECT ID");
- #endif
- return ASN_OBJECT_ID_E;
- }
- /* Expecting a BIT_STRING */
- if (asn[i].tag == ASN_BIT_STRING) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG("Expecting BIT STRING");
- #endif
- return ASN_BITSTR_E;
- }
- /* Not the expected tag. */
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG("Bad tag");
- #endif
- return ASN_PARSE_E;
- }
- /* Store found tag in data. */
- data[i].tag = input[idx];
- if (data[i].dataType != ASN_DATA_TYPE_CHOICE) {
- int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED;
- /* Check constructed match expected for non-choice ASN.1 item. */
- if (asn[i].constructed != constructed) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF(
- "%2d: %4d %4d %c %*s %-16s%*s Tag=0x%02x (%s)",
- i, data[i].offset, data[i].length,
- asn[i].constructed ? '+' : ' ', asn[i].depth, "",
- TagString(asn[i].tag), 6 - asn[i].depth, "",
- input[idx], TagString(input[idx]));
- if (!constructed) {
- WOLFSSL_MSG("Not constructed");
- }
- else {
- WOLFSSL_MSG("Not expected to be constructed");
- }
- #endif
- return ASN_PARSE_E;
- }
- }
- /* Move index to start of length. */
- idx++;
- /* Get the encoded length. */
- if (GetASN_Length(input, &idx, &len, endIdx[depth], 1) < 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("%2d: idx=%d len=%d end=%d", i, idx, len,
- endIdx[depth]);
- #endif
- return ASN_PARSE_E;
- }
- /* Store length of data. */
- data[i].length = (word32)len;
- /* Note the max length of items under this one. */
- endIdx[depth + 1] = idx + (word32)len;
- if (choice > 1) {
- /* Note we found a number choice. */
- choiceMet[choice - 2] = 1;
- }
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("%2d: %4d %4d %c %*s %-16s", i,
- data[i].offset, data[i].length, asn[i].constructed ? '+' : ' ',
- asn[i].depth, "", TagString(data[i].tag));
- #endif
- /* Assume no zero padding on INTEGER. */
- zeroPadded = 0;
- /* Check data types that prepended a byte. */
- if (asn[i].tag == ASN_INTEGER) {
- /* Check validity of first byte. */
- err = GetASN_Integer(input, idx, len,
- data[i].dataType == ASN_DATA_TYPE_MP ||
- data[i].dataType == ASN_DATA_TYPE_MP_INITED);
- if (err != 0)
- return err;
- if (len > 1 && input[idx] == 0) {
- zeroPadded = 1;
- /* Move over prepended byte. */
- idx++;
- len--;
- }
- }
- else if (asn[i].tag == ASN_BIT_STRING) {
- /* Check prepended byte is correct. */
- err = GetASN_BitString(input, idx, len);
- if (err != 0)
- return err;
- /* Move over prepended byte. */
- idx++;
- len--;
- }
- #ifndef WOLFSSL_NO_ASN_STRICT
- else if ((asn[i].tag == ASN_UTF8STRING) ||
- (data[i].tag == ASN_UTF8STRING)) {
- /* Check validity of data. */
- err = GetASN_UTF8String(input, idx, len);
- if (err != 0)
- return err;
- }
- #endif
- else if (asn[i].tag == ASN_OBJECT_ID) {
- /* Check validity of data. */
- err = GetASN_ObjectId(input, idx, len);
- if (err != 0)
- return err;
- }
- /* Don't parse data if only header required. */
- if (asn[i].headerOnly) {
- /* Store reference to data and length. */
- data[i].data.ref.data = input + idx;
- data[i].data.ref.length = (word32)len;
- continue;
- }
- /* Store the data at idx in the ASN data item. */
- err = GetASN_StoreData(&asn[i], &data[i], input, idx, len, zeroPadded);
- if (err != 0) {
- return err;
- }
- /* Move index to next item. */
- idx += (word32)len;
- /* When matched numbered choice ... */
- if (asn[i].optional > 1) {
- /* Skip over other ASN.1 items of the same number. */
- for (j = i + 1; j < count; j++) {
- if (asn[j].depth <= asn[i].depth &&
- asn[j].optional != asn[i].optional) {
- break;
- }
- }
- i = j - 1;
- }
- }
- if (complete) {
- /* When expecting ASN.1 items to completely use data, check we did. */
- for (j = depth; j > minDepth; j--) {
- if (idx < endIdx[j]) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF(
- "More data in constructed item at depth: %d", j - 1);
- #endif
- return ASN_PARSE_E;
- }
- }
- }
- /* Check all choices where met - found an item for them. */
- for (j = 0; j < GET_ASN_MAX_CHOICES; j++) {
- if (choiceMet[j] == 0) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("No choice seen: %d", j + 2);
- #endif
- return ASN_PARSE_E;
- }
- }
- /* Return index after ASN.1 data has been parsed. */
- *inOutIdx = idx;
- return 0;
- }
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- /* Calculate the size of the DER encoding.
- *
- * Call SetASN_Items() to write encoding to a buffer.
- *
- * @param [in] asn ASN.1 items to encode.
- * @param [in, out] data Data to place in each item. Lengths set were not
- * known.
- * @param [in] count Count of items to encode.
- * @param [out] len Length of the DER encoding.
- * @return Size of the DER encoding in bytes.
- */
- static int SizeASN_ItemsDebug(const char* name, const ASNItem* asn,
- ASNSetData *data, int count, int* encSz)
- {
- WOLFSSL_MSG_VSNPRINTF("TEMPLATE: %s", name);
- return SizeASN_Items(asn, data, count, encSz);
- }
- /* Creates the DER encoding of the ASN.1 items.
- *
- * Assumes the output buffer is large enough to hold encoding.
- * Must call SizeASN_Items() to determine size of encoding and offsets.
- *
- * Displays the template name first.
- *
- * @param [in] name Name of ASN.1 template.
- * @param [in] asn ASN.1 items to encode.
- * @param [in] data Data to place in each item.
- * @param [in] count Count of items to encode.
- * @param [in, out] output Buffer to write encoding into.
- * @return Size of the DER encoding in bytes.
- */
- static int SetASN_ItemsDebug(const char* name, const ASNItem* asn,
- ASNSetData *data, int count, byte* output)
- {
- WOLFSSL_MSG_VSNPRINTF("TEMPLATE: %s", name);
- return SetASN_Items(asn, data, count, output);
- }
- /* Get the ASN.1 items from the BER encoding.
- *
- * Displays the template name first.
- *
- * @param [in] name Name of ASN.1 template.
- * @param [in] asn ASN.1 items expected.
- * @param [in] data Data array to place found items into.
- * @param [in] count Count of items to parse.
- * @param [in] complete Whether the whole buffer is to be used up.
- * @param [in] input BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of data.
- * On out, end of parsed data.
- * @param [in] maxIdx Maximum index of input data.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- * @return BAD_STATE_E when the data type is not supported.
- */
- static int GetASN_ItemsDebug(const char* name, const ASNItem* asn,
- ASNGetData *data, int count, int complete, const byte* input,
- word32* inOutIdx, word32 maxIdx)
- {
- WOLFSSL_MSG_VSNPRINTF("TEMPLATE: %s", name);
- return GetASN_Items(asn, data, count, complete, input, inOutIdx, maxIdx);
- }
- /* Calculate the size of the DER encoding.
- *
- * Call SetASN_Items() to write encoding to a buffer.
- *
- * @param [in] asn ASN.1 items to encode.
- * @param [in, out] data Data to place in each item. Lengths set were not
- * known.
- * @param [in] count Count of items to encode.
- * @param [out] len Length of the DER encoding.
- * @return Size of the DER encoding in bytes.
- */
- #define SizeASN_Items(asn, data, count, encSz) \
- SizeASN_ItemsDebug(#asn, asn, data, count, encSz)
- /* Creates the DER encoding of the ASN.1 items.
- *
- * Assumes the output buffer is large enough to hold encoding.
- * Must call SizeASN_Items() to determine size of encoding and offsets.
- *
- * Displays the template name first.
- *
- * @param [in] name Name of ASN.1 template.
- * @param [in] asn ASN.1 items to encode.
- * @param [in] data Data to place in each item.
- * @param [in] count Count of items to encode.
- * @param [in, out] output Buffer to write encoding into.
- * @return Size of the DER encoding in bytes.
- */
- #define SetASN_Items(asn, data, count, output) \
- SetASN_ItemsDebug(#asn, asn, data, count, output)
- /* Get the ASN.1 items from the BER encoding.
- *
- * Displays the template name first.
- *
- * @param [in] name Name of ASN.1 template.
- * @param [in] asn ASN.1 items expected.
- * @param [in] data Data array to place found items into.
- * @param [in] count Count of items to parse.
- * @param [in] complete Whether the whole buffer is to be used up.
- * @param [in] input BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of data.
- * On out, end of parsed data.
- * @param [in] maxIdx Maximum index of input data.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- * @return BAD_STATE_E when the data type is not supported.
- */
- #define GetASN_Items(asn, data, count, complete, input, inOutIdx, maxIdx) \
- GetASN_ItemsDebug(#asn, asn, data, count, complete, input, inOutIdx, maxIdx)
- #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
- /* Decode a BER encoded constructed sequence.
- *
- * @param [in] input Buffer of BER encoded data.
- * @param [in, out] inOutIdx On in, index to start decoding from.
- * On out, index of next encoded byte.
- * @param [out] len Length of data under SEQUENCE.
- * @param [in] maxIdx Maximum index of data. Index of byte after SEQ.
- * @param [in] complete All data used with SEQUENCE and data under.
- * @return 0 on success.
- * @return BUFFER_E when not enough data to complete decode.
- * @return ASN_PARSE when decoding failed.
- */
- static int GetASN_Sequence(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx, int complete)
- {
- int ret = 0;
- word32 idx = *inOutIdx;
- /* Check buffer big enough for tag. */
- if (idx + 1 > maxIdx) {
- ret = BUFFER_E;
- }
- /* Check it is a constructed SEQUENCE. */
- if ((ret == 0) && (input[idx++] != (ASN_SEQUENCE | ASN_CONSTRUCTED))) {
- ret = ASN_PARSE_E;
- }
- /* Get the length. */
- if ((ret == 0) && (GetASN_Length(input, &idx, len, maxIdx, 1) < 0)) {
- ret = ASN_PARSE_E;
- }
- /* Check all data used if complete set. */
- if ((ret == 0) && complete && (idx + (word32)*len != maxIdx)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- /* Return index of next byte of encoded data. */
- *inOutIdx = idx;
- }
- return ret;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
- /* Setup ASN data item to get an 8-bit number.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num Pointer to an 8-bit variable.
- */
- void GetASN_Int8Bit(ASNGetData *dataASN, byte* num)
- {
- dataASN->dataType = ASN_DATA_TYPE_WORD8;
- dataASN->data.u8 = num;
- }
- /* Setup ASN data item to get a 16-bit number.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num Pointer to a 16-bit variable.
- */
- void GetASN_Int16Bit(ASNGetData *dataASN, word16* num)
- {
- dataASN->dataType = ASN_DATA_TYPE_WORD16;
- dataASN->data.u16 = num;
- }
- /* Setup ASN data item to get a 32-bit number.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num Pointer to a 32-bit variable.
- */
- void GetASN_Int32Bit(ASNGetData *dataASN, word32* num)
- {
- dataASN->dataType = ASN_DATA_TYPE_WORD32;
- dataASN->data.u32 = num;
- }
- /* Setup ASN data item to get data into a buffer of a specific length.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] data Buffer to hold data.
- * @param [in] length Length of buffer in bytes.
- */
- void GetASN_Buffer(ASNGetData *dataASN, byte* data, word32* length)
- {
- dataASN->dataType = ASN_DATA_TYPE_BUFFER;
- dataASN->data.buffer.data = data;
- dataASN->data.buffer.length = length;
- }
- /* Setup ASN data item to check parsed data against expected buffer.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] data Buffer containing expected data.
- * @param [in] length Length of buffer in bytes.
- */
- void GetASN_ExpBuffer(ASNGetData *dataASN, const byte* data, word32 length)
- {
- dataASN->dataType = ASN_DATA_TYPE_EXP_BUFFER;
- dataASN->data.ref.data = data;
- dataASN->data.ref.length = length;
- }
- /* Setup ASN data item to get a number into an mp_int.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num Multi-precision number object.
- */
- void GetASN_MP(ASNGetData *dataASN, mp_int* num)
- {
- dataASN->dataType = ASN_DATA_TYPE_MP;
- dataASN->data.mp = num;
- }
- /* Setup ASN data item to get a number into an mp_int that is initialized.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num Multi-precision number object.
- */
- void GetASN_MP_Inited(ASNGetData *dataASN, mp_int* num)
- {
- dataASN->dataType = ASN_DATA_TYPE_MP_INITED;
- dataASN->data.mp = num;
- }
- /* Setup ASN data item to get a positive or negative number into an mp_int.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num Multi-precision number object.
- */
- void GetASN_MP_PosNeg(ASNGetData *dataASN, mp_int* num)
- {
- dataASN->dataType = ASN_DATA_TYPE_MP_POS_NEG;
- dataASN->data.mp = num;
- }
- /* Setup ASN data item to be a choice of tags.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] options 0 terminated list of tags that are valid.
- */
- void GetASN_Choice(ASNGetData *dataASN, const byte* options)
- {
- dataASN->dataType = ASN_DATA_TYPE_CHOICE;
- dataASN->data.choice = options;
- }
- /* Setup ASN data item to get a boolean value.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num Pointer to an 8-bit variable.
- */
- void GetASN_Boolean(ASNGetData *dataASN, byte* num)
- {
- dataASN->dataType = ASN_DATA_TYPE_NONE;
- dataASN->data.choice = num;
- }
- /* Setup ASN data item to be a an OID of a specific type.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] oidType Type of OID to expect.
- */
- void GetASN_OID(ASNGetData *dataASN, int oidType)
- {
- dataASN->data.oid.type = oidType;
- }
- /* Get the data and length from an ASN data item.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [out] data Pointer to data of item.
- * @param [out] length Length of buffer in bytes.
- */
- void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data, word32* length)
- {
- *data = dataASN->data.ref.data;
- *length = dataASN->data.ref.length;
- }
- /* Get the data and length from an ASN data item.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [out] data Pointer to data of item.
- * @param [out] length Length of buffer in bytes.
- */
- void GetASN_GetRef(ASNGetData * dataASN, byte** data, word32* length)
- {
- *data = (byte*)dataASN->data.ref.data;
- *length = dataASN->data.ref.length;
- }
- /* Get the data and length from an ASN data item that is an OID.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [out] data Pointer to .
- * @param [out] length Length of buffer in bytes.
- */
- void GetASN_OIDData(ASNGetData * dataASN, byte** data, word32* length)
- {
- *data = (byte*)dataASN->data.oid.data;
- *length = dataASN->data.oid.length;
- }
- /* Setup an ASN data item to set a boolean.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] val Boolean value.
- */
- void SetASN_Boolean(ASNSetData *dataASN, byte val)
- {
- dataASN->dataType = ASN_DATA_TYPE_NONE;
- dataASN->data.u8 = val;
- }
- /* Setup an ASN data item to set an 8-bit number.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num 8-bit number to set.
- */
- void SetASN_Int8Bit(ASNSetData *dataASN, byte num)
- {
- dataASN->dataType = ASN_DATA_TYPE_WORD8;
- dataASN->data.u8 = num;
- }
- /* Setup an ASN data item to set a 16-bit number.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num 16-bit number to set.
- */
- void SetASN_Int16Bit(ASNSetData *dataASN, word16 num)
- {
- dataASN->dataType = ASN_DATA_TYPE_WORD16;
- dataASN->data.u16 = num;
- }
- /* Setup an ASN data item to set the data in a buffer.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] data Buffer containing data to set.
- * @param [in] length Length of data in buffer in bytes.
- */
- void SetASN_Buffer(ASNSetData *dataASN, const byte* data, word32 length)
- {
- dataASN->data.buffer.data = data;
- dataASN->data.buffer.length = length;
- }
- /* Setup an ASN data item to set the DER encode data in a buffer.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] data Buffer containing BER encoded data to set.
- * @param [in] length Length of data in buffer in bytes.
- */
- void SetASN_ReplaceBuffer(ASNSetData *dataASN, const byte* data, word32 length)
- {
- dataASN->dataType = ASN_DATA_TYPE_REPLACE_BUFFER;
- dataASN->data.buffer.data = data;
- dataASN->data.buffer.length = length;
- }
- /* Setup an ASN data item to set an multi-precision number.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] num Multi-precision number.
- */
- void SetASN_MP(ASNSetData *dataASN, mp_int* num)
- {
- dataASN->dataType = ASN_DATA_TYPE_MP;
- dataASN->data.mp = num;
- }
- /* Setup an ASN data item to set an OID based on id and type.
- *
- * oid and oidType pair are unique.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [in] oid OID identifier.
- * @param [in] oidType Type of OID.
- */
- void SetASN_OID(ASNSetData *dataASN, int oid, int oidType)
- {
- dataASN->data.buffer.data = OidFromId(oid, oidType,
- &dataASN->data.buffer.length);
- }
- #endif /* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK */
- #ifdef CRLDP_VALIDATE_DATA
- /* Get the data of the BIT_STRING as a 16-bit number.
- *
- * @param [in] dataASN Dynamic ASN data item.
- * @param [out] val ASN.1 item's data as a 16-bit number.
- * @return 0 on success.
- * @return ASN_PARSE_E when BITSTRING value is more than 2 bytes.
- * @return ASN_PARSE_E when unused bits of BITSTRING is invalid.
- */
- static int GetASN_BitString_Int16Bit(ASNGetData* dataASN, word16* val)
- {
- int ret;
- int i;
- const byte* input = dataASN->data.ref.data;
- int length = dataASN->data.ref.length;
- /* Validate the BIT_STRING data. */
- ret = GetASN_BitString(input, 0, length);
- if (ret == 0) {
- /* Skip unused bits byte. */
- input++;
- length--;
- /* Check the data is usable. */
- if (length == 0 || length > 2) {
- #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
- WOLFSSL_MSG_VSNPRINTF("Expecting 1 or 2 bytes: %d", length);
- #endif
- ret = ASN_PARSE_E;
- }
- }
- if (ret == 0) {
- /* Fill 16-bit var with all the data. */
- *val = 0;
- for (i = 0; i < length; i++) {
- *val <<= 8;
- *val |= input[i];
- }
- }
- return ret;
- }
- #endif /* CRLDP_VALIDATE_DATA */
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* Decode the BER/DER length field.
- *
- * @param [in] input BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of length.
- * On out, end of parsed length.
- * @param [out] len Length value decoded.
- * @param [in] maxIdx Maximum index of input data.
- * @return Length on success.
- * @return ASN_PARSE_E if the encoding is invalid.
- * @return BUFFER_E when not enough data to complete decode.
- */
- int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx)
- {
- return GetLength_ex(input, inOutIdx, len, maxIdx, 1);
- }
- /* Decode the BER/DER length field and check the length is valid on request.
- *
- * BER/DER has Type-Length-Value triplets.
- * When requested will check that the Length decoded, indicating the number
- * of bytes in the Value, is available in the buffer after the Length bytes.
- *
- * Only supporting a length upto INT_MAX.
- *
- * @param [in] input BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of length.
- * On out, end of parsed length.
- * @param [out] len Length value decoded.
- * @param [in] maxIdx Maximum index of input data.
- * @param [in] check Whether to check the buffer has at least the
- * decoded length of bytes remaining.
- * @return Length on success.
- * @return ASN_PARSE_E if the encoding is invalid.
- * @return BUFFER_E when not enough data to complete decode.
- */
- int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx,
- int check)
- {
- int length = 0;
- word32 idx = (word32)*inOutIdx;
- byte b;
- /* Ensure zero return length on error. */
- *len = 0;
- /* Check there is at least one byte available containing length information.
- */
- if ((idx + 1) > maxIdx) {
- WOLFSSL_MSG("GetLength - bad index on input");
- return BUFFER_E;
- }
- /* Get the first length byte. */
- b = input[idx++];
- /* Check if the first byte indicates the count of bytes. */
- if (b >= ASN_LONG_LENGTH) {
- /* Bottom 7 bits are the number of bytes to calculate length with.
- * Note: 0 indicates indefinite length encoding *not* 0 bytes of length.
- */
- word32 bytes = (word32)b & 0x7FU;
- int minLen;
- /* Calculate minimum length to be encoded with bytes. */
- if (b == ASN_INDEF_LENGTH) {
- /* Indefinite length encoding - no length bytes. */
- minLen = 0;
- }
- else if (bytes == 1) {
- minLen = 0x80;
- }
- /* Only support up to the number of bytes that fit into return var. */
- else if (bytes > sizeof(length)) {
- WOLFSSL_MSG("GetLength - overlong data length spec");
- return ASN_PARSE_E;
- } else {
- minLen = 1 << ((bytes - 1) * 8);
- }
- /* Check the number of bytes required are available. */
- if ((idx + bytes) > maxIdx) {
- WOLFSSL_MSG("GetLength - bad long length");
- return BUFFER_E;
- }
- /* Big-endian encoding of number. */
- while (bytes--) {
- b = input[idx++];
- length = (length << 8) | b;
- }
- /* Negative value indicates we overflowed the signed int. */
- if (length < 0) {
- return ASN_PARSE_E;
- }
- /* Don't allow lengths that are longer than strictly required. */
- if (length < minLen) {
- return ASN_PARSE_E;
- }
- }
- else {
- /* Length in first byte. */
- length = b;
- }
- /* When requested, check the buffer has at least length bytes left. */
- if (check && ((idx + (word32)length) > maxIdx)) {
- WOLFSSL_MSG("GetLength - value exceeds buffer length");
- return BUFFER_E;
- }
- /* Return index after length encoding. */
- *inOutIdx = idx;
- /* Return length if valid. */
- if (length > 0) {
- *len = length;
- }
- /* Return length calculated or error code. */
- return length;
- }
- /* Gets the tag of next BER/DER encoded item.
- *
- * Checks there is enough data in the buffer for the tag byte.
- *
- * @param [in] input BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of tag.
- * On out, end of parsed tag.
- * @param [out] tag Tag value found.
- * @param [in] maxIdx Maximum index of input data.
- *
- * return 0 on success
- * return BAD_FUNC_ARG when tag, inOutIdx or input is NULL.
- * return BUFFER_E when not enough space in buffer for tag.
- */
- int GetASNTag(const byte* input, word32* inOutIdx, byte* tag, word32 maxIdx)
- {
- int ret = 0;
- word32 idx = 0;
- /* Check validity of parameters. */
- if ((tag == NULL) || (inOutIdx == NULL) || (input == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- /* Get index and ensure space for tag. */
- idx = *inOutIdx;
- if (idx + ASN_TAG_SZ > maxIdx) {
- WOLFSSL_MSG("Buffer too small for ASN tag");
- ret = BUFFER_E;
- }
- }
- if (ret == 0) {
- /* Return the tag and the index after tag. */
- *tag = input[idx];
- *inOutIdx = idx + ASN_TAG_SZ;
- }
- /* Return error code. */
- return ret;
- }
- /* Decode the DER/BER header (Type-Length) and check the length when requested.
- *
- * BER/DER has Type-Length-Value triplets.
- * Check that the tag/type is the required value.
- * When requested will check that the Length decoded, indicating the number
- * of bytes in the Value, is available in the buffer after the Length bytes.
- *
- * Only supporting a length upto INT_MAX.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in] tag ASN.1 tag value expected in header.
- * @param [in, out] inOutIdx On in, starting index of header.
- * On out, end of parsed header.
- * @param [out] len Number of bytes in the ASN.1 data.
- * @param [in] maxIdx Length of data in buffer.
- * @param [in] check Whether to check the buffer has at least the
- * decoded length of bytes remaining.
- * @return Number of bytes in the ASN.1 data on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_PARSE_E when the expected tag is not found or length is invalid.
- */
- static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
- int* len, word32 maxIdx, int check)
- {
- int ret = 0;
- word32 idx = *inOutIdx;
- byte tagFound;
- int length = 0;
- /* Get tag/type. */
- if (GetASNTag(input, &idx, &tagFound, maxIdx) != 0) {
- ret = ASN_PARSE_E;
- }
- /* Ensure tag is the expected value. */
- if ((ret == 0) && (tagFound != tag)) {
- ret = ASN_PARSE_E;
- }
- /* Get the encoded length. */
- if ((ret == 0) && (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- /* Return the length of data and index after header. */
- *len = length;
- *inOutIdx = idx;
- ret = length;
- }
- /* Return number of data bytes or error code. */
- return ret;
- }
- /* Decode the DER/BER header (Type-Length) and check the length.
- *
- * BER/DER has Type-Length-Value triplets.
- * Check that the tag/type is the required value.
- * Checks that the Length decoded, indicating the number of bytes in the Value,
- * is available in the buffer after the Length bytes.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in] tag ASN.1 tag value expected in header.
- * @param [in, out] inOutIdx On in, starting index of header.
- * On out, end of parsed header.
- * @param [out] len Number of bytes in the ASN.1 data.
- * @param [in] maxIdx Length of data in buffer.
- * @return Number of bytes in the ASN.1 data on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_PARSE_E when the expected tag is not found or length is invalid.
- */
- static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
- word32 maxIdx)
- {
- return GetASNHeader_ex(input, tag, inOutIdx, len, maxIdx, 1);
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- static int GetHeader(const byte* input, byte* tag, word32* inOutIdx, int* len,
- word32 maxIdx, int check)
- {
- word32 idx = *inOutIdx;
- int length;
- if ((idx + 1) > maxIdx)
- return BUFFER_E;
- *tag = input[idx++];
- if (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)
- return ASN_PARSE_E;
- *len = length;
- *inOutIdx = idx;
- return length;
- }
- #endif
- /* Decode the header of a BER/DER encoded SEQUENCE.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of header.
- * On out, end of parsed header.
- * @param [out] len Number of bytes in the ASN.1 data.
- * @param [in] maxIdx Length of data in buffer.
- * @return Number of bytes in the ASN.1 data on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_PARSE_E when the tag is not a SEQUENCE or length is invalid.
- */
- int GetSequence(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx)
- {
- return GetASNHeader(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
- maxIdx);
- }
- /* Decode the header of a BER/DER encoded SEQUENCE.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of header.
- * On out, end of parsed header.
- * @param [out] len Number of bytes in the ASN.1 data.
- * @param [in] maxIdx Length of data in buffer.
- * @param [in] check Whether to check the buffer has at least the
- * decoded length of bytes remaining.
- * @return Number of bytes in the ASN.1 data on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_PARSE_E when the tag is not a SEQUENCE or length is invalid.
- */
- int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx, int check)
- {
- return GetASNHeader_ex(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
- maxIdx, check);
- }
- /* Decode the header of a BER/DER encoded SET.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of header.
- * On out, end of parsed header.
- * @param [out] len Number of bytes in the ASN.1 data.
- * @param [in] maxIdx Length of data in buffer.
- * @return Number of bytes in the ASN.1 data on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_PARSE_E when the tag is not a SET or length is invalid.
- */
- int GetSet(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx)
- {
- return GetASNHeader(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
- maxIdx);
- }
- /* Decode the header of a BER/DER encoded SET.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of header.
- * On out, end of parsed header.
- * @param [out] len Number of bytes in the ASN.1 data.
- * @param [in] maxIdx Length of data in buffer.
- * @param [in] check Whether to check the buffer has at least the
- * decoded length of bytes remaining.
- * @return Number of bytes in the ASN.1 data on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_PARSE_E when the tag is not a SET or length is invalid.
- */
- int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx, int check)
- {
- return GetASNHeader_ex(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
- maxIdx, check);
- }
- #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_OCSP)
- /* Decode the BER/DER encoded NULL.
- *
- * No data in a NULL ASN.1 item.
- * Ensure that the all fields are as expected and move index past the element.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of NULL item.
- * On out, end of parsed NULL item.
- * @param [in] maxIdx Length of data in buffer.
- * @return 0 on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_TAG_NULL_E when the NULL tag is not found.
- * @return ASN_EXPECT_0_E when the length is not zero.
- */
- static int GetASNNull(const byte* input, word32* inOutIdx, word32 maxIdx)
- {
- int ret = 0;
- word32 idx = *inOutIdx;
- /* Check buffer has enough data for a NULL item. */
- if ((idx + 2) > maxIdx) {
- ret = BUFFER_E;
- }
- /* Check the tag is NULL. */
- if ((ret == 0) && (input[idx++] != ASN_TAG_NULL)) {
- ret = ASN_TAG_NULL_E;
- }
- /* Check the length is zero. */
- if ((ret == 0) && (input[idx++] != 0)) {
- ret = ASN_EXPECT_0_E;
- }
- if (ret == 0) {
- /* Return the index after NULL tag. */
- *inOutIdx = idx;
- }
- /* Return error code. */
- return ret;
- }
- #endif
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* Set the DER/BER encoding of the ASN.1 NULL element.
- *
- * output Buffer to write into.
- * returns the number of bytes added to the buffer.
- */
- static int SetASNNull(byte* output)
- {
- output[0] = ASN_TAG_NULL;
- output[1] = 0;
- return 2;
- }
- #endif
- #ifndef NO_CERTS
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* Get the DER/BER encoding of an ASN.1 BOOLEAN.
- *
- * input Buffer holding DER/BER encoded data.
- * inOutIdx Current index into buffer to parse.
- * maxIdx Length of data in buffer.
- * returns BUFFER_E when there is not enough data to parse.
- * ASN_PARSE_E when the BOOLEAN tag is not found or length is not 1.
- * Otherwise, 0 to indicate the value was false and 1 to indicate true.
- */
- static int GetBoolean(const byte* input, word32* inOutIdx, word32 maxIdx)
- {
- word32 idx = *inOutIdx;
- byte b;
- if ((idx + 3) > maxIdx)
- return BUFFER_E;
- b = input[idx++];
- if (b != ASN_BOOLEAN)
- return ASN_PARSE_E;
- if (input[idx++] != 1)
- return ASN_PARSE_E;
- b = input[idx++] != 0;
- *inOutIdx = idx;
- return b;
- }
- #endif
- #endif /* !NO_CERTS*/
- /* Decode the header of a BER/DER encoded OCTET STRING.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of header.
- * On out, end of parsed header.
- * @param [out] len Number of bytes in the ASN.1 data.
- * @param [in] maxIdx Length of data in buffer.
- * @return Number of bytes in the ASN.1 data on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_PARSE_E when the tag is not a OCTET STRING or length is invalid.
- */
- int GetOctetString(const byte* input, word32* inOutIdx, int* len, word32 maxIdx)
- {
- return GetASNHeader(input, ASN_OCTET_STRING, inOutIdx, len, maxIdx);
- }
- /* Get the DER/BER encoding of an ASN.1 INTEGER header.
- *
- * Removes the leading zero byte when found.
- *
- * input Buffer holding DER/BER encoded data.
- * inOutIdx Current index into buffer to parse.
- * len The number of bytes in the ASN.1 data (excluding any leading zero).
- * maxIdx Length of data in buffer.
- * returns BUFFER_E when there is not enough data to parse.
- * ASN_PARSE_E when the INTEGER tag is not found, length is invalid,
- * or invalid use of or missing leading zero.
- * Otherwise, 0 to indicate success.
- */
- int GetASNInt(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx)
- {
- int ret;
- ret = GetASNHeader(input, ASN_INTEGER, inOutIdx, len, maxIdx);
- if (ret < 0)
- return ret;
- if (*len > 0) {
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- /* check for invalid padding on negative integer.
- * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1
- */
- if (*len > 1) {
- if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80))
- return ASN_PARSE_E;
- }
- #endif
- /* remove leading zero, unless there is only one 0x00 byte */
- if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
- (*inOutIdx)++;
- (*len)--;
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- if (*len > 0 && (input[*inOutIdx] & 0x80) == 0)
- return ASN_PARSE_E;
- #endif
- }
- }
- return 0;
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- #ifndef NO_CERTS
- /* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than
- * 7 bits.
- *
- * input Buffer holding DER/BER encoded data.
- * inOutIdx Current index into buffer to parse.
- * maxIdx Length of data in buffer.
- * returns BUFFER_E when there is not enough data to parse.
- * ASN_PARSE_E when the INTEGER tag is not found or length is invalid.
- * Otherwise, the 7-bit value.
- */
- static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
- {
- word32 idx = *inOutIdx;
- byte b;
- if ((idx + 3) > maxIdx)
- return BUFFER_E;
- if (GetASNTag(input, &idx, &b, maxIdx) != 0)
- return ASN_PARSE_E;
- if (b != ASN_INTEGER)
- return ASN_PARSE_E;
- if (input[idx++] != 1)
- return ASN_PARSE_E;
- b = input[idx++];
- *inOutIdx = idx;
- return b;
- }
- #endif /* !NO_CERTS */
- #if defined(WC_RSA_PSS) && !defined(NO_RSA)
- /* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than
- * 16 bits.
- *
- * input Buffer holding DER/BER encoded data.
- * inOutIdx Current index into buffer to parse.
- * maxIdx Length of data in buffer.
- * returns BUFFER_E when there is not enough data to parse.
- * ASN_PARSE_E when the INTEGER tag is not found or length is invalid.
- * Otherwise, the 16-bit value.
- */
- static int GetInteger16Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
- {
- word32 idx = *inOutIdx;
- byte tag;
- word16 n;
- if ((idx + 2) > maxIdx)
- return BUFFER_E;
- if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
- return ASN_PARSE_E;
- if (tag != ASN_INTEGER)
- return ASN_PARSE_E;
- if (input[idx] == 1) {
- idx++;
- if ((idx + 1) > maxIdx) {
- return ASN_PARSE_E;
- }
- n = input[idx++];
- }
- else if (input[idx] == 2) {
- idx++;
- if ((idx + 2) > maxIdx) {
- return ASN_PARSE_E;
- }
- n = input[idx++];
- n = (n << 8) | input[idx++];
- }
- else
- return ASN_PARSE_E;
- *inOutIdx = idx;
- return n;
- }
- #endif /* WC_RSA_PSS && !NO_RSA */
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #if !defined(NO_DSA) && !defined(NO_SHA)
- static const char sigSha1wDsaName[] = "SHAwDSA";
- static const char sigSha256wDsaName[] = "SHA256wDSA";
- #endif /* NO_DSA */
- #ifndef NO_RSA
- #ifdef WOLFSSL_MD2
- static const char sigMd2wRsaName[] = "md2WithRSAEncryption";
- #endif
- #ifndef NO_MD5
- static const char sigMd5wRsaName[] = "md5WithRSAEncryption";
- #endif
- #ifndef NO_SHA
- static const char sigSha1wRsaName[] = "sha1WithRSAEncryption";
- #endif
- #ifdef WOLFSSL_SHA224
- static const char sigSha224wRsaName[] = "sha224WithRSAEncryption";
- #endif
- #ifndef NO_SHA256
- static const char sigSha256wRsaName[] = "sha256WithRSAEncryption";
- #endif
- #ifdef WOLFSSL_SHA384
- static const char sigSha384wRsaName[] = "sha384WithRSAEncryption";
- #endif
- #ifdef WOLFSSL_SHA512
- static const char sigSha512wRsaName[] = "sha512WithRSAEncryption";
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static const char sigSha3_224wRsaName[] = "sha3_224WithRSAEncryption";
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- static const char sigSha3_256wRsaName[] = "sha3_256WithRSAEncryption";
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- static const char sigSha3_384wRsaName[] = "sha3_384WithRSAEncryption";
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- static const char sigSha3_512wRsaName[] = "sha3_512WithRSAEncryption";
- #endif
- #endif
- #ifdef WC_RSA_PSS
- static const char sigRsaSsaPssName[] = "rsassaPss";
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- static const char sigSha1wEcdsaName[] = "SHAwECDSA";
- #endif
- #ifdef WOLFSSL_SHA224
- static const char sigSha224wEcdsaName[] = "SHA224wECDSA";
- #endif
- #ifndef NO_SHA256
- static const char sigSha256wEcdsaName[] = "SHA256wECDSA";
- #endif
- #ifdef WOLFSSL_SHA384
- static const char sigSha384wEcdsaName[] = "SHA384wECDSA";
- #endif
- #ifdef WOLFSSL_SHA512
- static const char sigSha512wEcdsaName[] = "SHA512wECDSA";
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static const char sigSha3_224wEcdsaName[] = "SHA3_224wECDSA";
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- static const char sigSha3_256wEcdsaName[] = "SHA3_256wECDSA";
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- static const char sigSha3_384wEcdsaName[] = "SHA3_384wECDSA";
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- static const char sigSha3_512wEcdsaName[] = "SHA3_512wECDSA";
- #endif
- #endif
- #endif /* HAVE_ECC */
- static const char sigUnknownName[] = "Unknown";
- /* Get the human readable string for a signature type
- *
- * oid Oid value for signature
- */
- const char* GetSigName(int oid) {
- switch (oid) {
- #if !defined(NO_DSA) && !defined(NO_SHA)
- case CTC_SHAwDSA:
- return sigSha1wDsaName;
- case CTC_SHA256wDSA:
- return sigSha256wDsaName;
- #endif /* NO_DSA && NO_SHA */
- #ifndef NO_RSA
- #ifdef WOLFSSL_MD2
- case CTC_MD2wRSA:
- return sigMd2wRsaName;
- #endif
- #ifndef NO_MD5
- case CTC_MD5wRSA:
- return sigMd5wRsaName;
- #endif
- #ifndef NO_SHA
- case CTC_SHAwRSA:
- return sigSha1wRsaName;
- #endif
- #ifdef WOLFSSL_SHA224
- case CTC_SHA224wRSA:
- return sigSha224wRsaName;
- #endif
- #ifndef NO_SHA256
- case CTC_SHA256wRSA:
- return sigSha256wRsaName;
- #endif
- #ifdef WOLFSSL_SHA384
- case CTC_SHA384wRSA:
- return sigSha384wRsaName;
- #endif
- #ifdef WOLFSSL_SHA512
- case CTC_SHA512wRSA:
- return sigSha512wRsaName;
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- case CTC_SHA3_224wRSA:
- return sigSha3_224wRsaName;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- case CTC_SHA3_256wRSA:
- return sigSha3_256wRsaName;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- case CTC_SHA3_384wRSA:
- return sigSha3_384wRsaName;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- case CTC_SHA3_512wRSA:
- return sigSha3_512wRsaName;
- #endif
- #endif
- #ifdef WC_RSA_PSS
- case CTC_RSASSAPSS:
- return sigRsaSsaPssName;
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- case CTC_SHAwECDSA:
- return sigSha1wEcdsaName;
- #endif
- #ifdef WOLFSSL_SHA224
- case CTC_SHA224wECDSA:
- return sigSha224wEcdsaName;
- #endif
- #ifndef NO_SHA256
- case CTC_SHA256wECDSA:
- return sigSha256wEcdsaName;
- #endif
- #ifdef WOLFSSL_SHA384
- case CTC_SHA384wECDSA:
- return sigSha384wEcdsaName;
- #endif
- #ifdef WOLFSSL_SHA512
- case CTC_SHA512wECDSA:
- return sigSha512wEcdsaName;
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- case CTC_SHA3_224wECDSA:
- return sigSha3_224wEcdsaName;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- case CTC_SHA3_256wECDSA:
- return sigSha3_256wEcdsaName;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- case CTC_SHA3_384wECDSA:
- return sigSha3_384wEcdsaName;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- case CTC_SHA3_512wECDSA:
- return sigSha3_512wEcdsaName;
- #endif
- #endif
- #endif /* HAVE_ECC */
- default:
- return sigUnknownName;
- }
- }
- #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS7) || \
- defined(OPENSSL_EXTRA)
- #if !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_CERTS) || \
- (!defined(NO_RSA) && \
- (defined(WOLFSSL_CERT_GEN) || \
- ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)))))
- /* Set the DER/BER encoding of the ASN.1 INTEGER header.
- *
- * When output is NULL, calculate the header length only.
- *
- * @param [in] len Length of INTEGER data in bytes.
- * @param [in] firstByte First byte of data, most significant byte of integer,
- * to encode.
- * @param [out] output Buffer to write into.
- * @return Number of bytes added to the buffer.
- */
- int SetASNInt(int len, byte firstByte, byte* output)
- {
- int idx = 0;
- if (output) {
- /* Write out tag. */
- output[idx] = ASN_INTEGER;
- }
- /* Step over tag. */
- idx += ASN_TAG_SZ;
- /* Check if first byte has top bit set in which case a 0 is needed to
- * maintain positive value. */
- if (firstByte & 0x80) {
- /* Add pre-prepended byte to length of data in INTEGER. */
- len++;
- }
- /* Encode length - passing NULL for output will not encode. */
- idx += (int)SetLength((word32)len, output ? output + idx : NULL);
- /* Put out prepended 0 as well. */
- if (firstByte & 0x80) {
- if (output) {
- /* Write out 0 byte. */
- output[idx] = 0x00;
- }
- /* Update index. */
- idx++;
- }
- /* Return index after header. */
- return idx;
- }
- #endif
- #endif
- #ifndef WOLFSSL_ASN_TEMPLATE
- #if !defined(NO_DSA) || defined(HAVE_ECC) || (defined(WOLFSSL_CERT_GEN) && \
- !defined(NO_RSA)) || ((defined(WOLFSSL_KEY_GEN) || \
- (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
- defined(OPENSSL_EXTRA)) && !defined(NO_RSA))
- /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
- * The number is assumed to be positive.
- *
- * n Multi-precision integer to encode.
- * maxSz Maximum size of the encoded integer.
- * A negative value indicates no check of length requested.
- * output Buffer to write into.
- * returns BUFFER_E when the data is too long for the buffer.
- * MP_TO_E when encoding the integer fails.
- * Otherwise, the number of bytes added to the buffer.
- */
- static int SetASNIntMP(mp_int* n, int maxSz, byte* output)
- {
- int idx = 0;
- int leadingBit;
- int length;
- leadingBit = mp_leading_bit(n);
- length = mp_unsigned_bin_size(n);
- if (maxSz >= 0 && (1 + length + (leadingBit ? 1 : 0)) > maxSz)
- return BUFFER_E;
- idx = SetASNInt(length, (byte)(leadingBit ? 0x80U : 0x00U), output);
- if (maxSz >= 0 && (idx + length) > maxSz)
- return BUFFER_E;
- if (output) {
- int err = mp_to_unsigned_bin(n, output + idx);
- if (err != MP_OKAY)
- return MP_TO_E;
- }
- idx += length;
- return idx;
- }
- #endif
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for an INTEGER. */
- static const ASNItem intASN[] = {
- /* INT */ { 0, ASN_INTEGER, 0, 0, 0 }
- };
- enum {
- INTASN_IDX_INT = 0
- };
- /* Number of items in ASN.1 template for an INTEGER. */
- #define intASN_Length (sizeof(intASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* Windows header clash for WinCE using GetVersion */
- /* Decode Version - one byte INTEGER.
- *
- * @param [in] input Buffer of BER data.
- * @param [in, out] inOutIdx On in, start of encoded Version.
- * On out, start of next encode ASN.1 item.
- * @param [out] version Number encoded in INTEGER.
- * @param [in] maxIdx Maximum index of data in buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when encoding is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the most significant bit is set.
- */
- int GetMyVersion(const byte* input, word32* inOutIdx,
- int* version, word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = *inOutIdx;
- byte tag;
- if ((idx + MIN_VERSION_SZ) > maxIdx)
- return ASN_PARSE_E;
- if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
- return ASN_PARSE_E;
- if (tag != ASN_INTEGER)
- return ASN_PARSE_E;
- if (input[idx++] != 0x01)
- return ASN_VERSION_E;
- *version = input[idx++];
- *inOutIdx = idx;
- return *version;
- #else
- ASNGetData dataASN[intASN_Length];
- int ret;
- byte num = 0;
- /* Clear dynamic data and set the version number variable. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- GetASN_Int8Bit(&dataASN[INTASN_IDX_INT], &num);
- /* Decode the version (INTEGER). */
- ret = GetASN_Items(intASN, dataASN, intASN_Length, 0, input, inOutIdx,
- maxIdx);
- if (ret == 0) {
- /* Return version through variable and return value. */
- *version = num;
- ret = num;
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifndef NO_PWDBASED
- /* Decode small integer, 32 bits or less.
- *
- * @param [in] input Buffer of BER data.
- * @param [in, out] inOutIdx On in, start of encoded INTEGER.
- * On out, start of next encode ASN.1 item.
- * @param [out] number Number encoded in INTEGER.
- * @param [in] maxIdx Maximum index of data in buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when encoding is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the most significant bit is set.
- */
- int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = *inOutIdx;
- word32 len;
- byte tag;
- *number = 0;
- /* check for type and length bytes */
- if ((idx + 2) > maxIdx)
- return BUFFER_E;
- if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
- return ASN_PARSE_E;
- if (tag != ASN_INTEGER)
- return ASN_PARSE_E;
- len = input[idx++];
- if (len > 4)
- return ASN_PARSE_E;
- if (len + idx > maxIdx)
- return ASN_PARSE_E;
- while (len--) {
- *number = *number << 8 | input[idx++];
- }
- *inOutIdx = idx;
- return *number;
- #else
- ASNGetData dataASN[intASN_Length];
- int ret;
- word32 num = 0;
- /* Clear dynamic data and set the 32-bit number variable. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- GetASN_Int32Bit(&dataASN[INTASN_IDX_INT], &num);
- /* Decode the short int (INTEGER). */
- ret = GetASN_Items(intASN, dataASN, intASN_Length, 0, input, inOutIdx,
- maxIdx);
- if (ret == 0) {
- /* Return number through variable and return value. */
- *number = (int)num;
- ret = (int)num;
- }
- return ret;
- #endif
- }
- #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS8) || \
- defined(HAVE_PKCS12)
- /* Set small integer, 32 bits or less. DER encoding with no leading 0s
- * returns total amount written including ASN tag and length byte on success */
- int SetShortInt(byte* output, word32* inOutIdx, word32 number, word32 maxIdx)
- {
- word32 idx = *inOutIdx;
- word32 len;
- int i;
- if (number == 0)
- len = 1;
- else
- len = BytePrecision(number);
- /* check for room for type and length bytes. */
- if ((idx + 2 + len) > maxIdx)
- return BUFFER_E;
- /* check that MAX_SHORT_SZ allows this size of ShortInt. */
- if (2 + len > MAX_SHORT_SZ)
- return ASN_PARSE_E;
- output[idx++] = ASN_INTEGER;
- output[idx++] = (byte)len;
- for (i = (int)len - 1; i >= 0; --i)
- output[idx++] = (byte)(number >> (i * WOLFSSL_BIT_SIZE));
- len = idx - *inOutIdx;
- *inOutIdx = idx;
- return (int)len;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE || HAVE_PKCS8 || HAVE_PKCS12 */
- #endif /* !NO_PWDBASED */
- #if !defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_CERTS)
- /* May not have one, not an error */
- static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version,
- word32 maxIdx)
- {
- word32 idx = *inOutIdx;
- byte tag;
- WOLFSSL_ENTER("GetExplicitVersion");
- if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
- return ASN_PARSE_E;
- if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) {
- int ret;
- *inOutIdx = ++idx; /* skip header */
- ret = GetMyVersion(input, inOutIdx, version, maxIdx);
- if (ret >= 0) {
- /* check if version is expected value rfc 5280 4.1 {0, 1, 2} */
- if (*version > MAX_X509_VERSION || *version < MIN_X509_VERSION) {
- WOLFSSL_MSG("Unexpected certificate version");
- WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E);
- ret = ASN_VERSION_E;
- }
- }
- return ret;
- }
- /* go back as is */
- *version = 0;
- return 0;
- }
- #endif
- /* Decode small integer, 32 bits or less.
- *
- * mp_int is initialized.
- *
- * @param [out] mpi mp_int to hold number.
- * @param [in] input Buffer of BER data.
- * @param [in, out] inOutIdx On in, start of encoded INTEGER.
- * On out, start of next encode ASN.1 item.
- * @param [in] maxIdx Maximum index of data in buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when encoding is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the most significant bit is set.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- */
- int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = *inOutIdx;
- int ret;
- int length;
- ret = GetASNInt(input, &idx, &length, maxIdx);
- if (ret != 0)
- return ret;
- if (mp_init(mpi) != MP_OKAY)
- return MP_INIT_E;
- if (mp_read_unsigned_bin(mpi, input + idx, (word32)length) != 0) {
- mp_clear(mpi);
- return ASN_GETINT_E;
- }
- #ifdef HAVE_WOLF_BIGINT
- if (wc_bigint_from_unsigned_bin(&mpi->raw, input + idx, length) != 0) {
- mp_clear(mpi);
- return ASN_GETINT_E;
- }
- #endif /* HAVE_WOLF_BIGINT */
- *inOutIdx = idx + (word32)length;
- return 0;
- #else
- ASNGetData dataASN[intASN_Length];
- /* Clear dynamic data and set the mp_int to fill with value. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- GetASN_MP_PosNeg(&dataASN[INTASN_IDX_INT], mpi);
- /* Decode the big number (INTEGER). */
- return GetASN_Items(intASN, dataASN, intASN_Length, 0, input, inOutIdx,
- maxIdx);
- #endif
- }
- #if (defined(HAVE_ECC) || !defined(NO_DSA)) && !defined(WOLFSSL_ASN_TEMPLATE)
- static int GetIntPositive(mp_int* mpi, const byte* input, word32* inOutIdx,
- word32 maxIdx, int initNum)
- {
- word32 idx = *inOutIdx;
- int ret;
- int length;
- ret = GetASNInt(input, &idx, &length, maxIdx);
- if (ret != 0)
- return ret;
- /* should not be hit but adding in an additional sanity check */
- if (idx + length > maxIdx) {
- return MP_INIT_E;
- }
- if ((input[idx] & 0x80) == 0x80) {
- if (idx < 1) {
- /* needs at least one byte for length value */
- return MP_INIT_E;
- }
- if (input[idx - 1] != 0x00) {
- return MP_INIT_E;
- }
- }
- if (initNum) {
- if (mp_init(mpi) != MP_OKAY)
- return MP_INIT_E;
- }
- if (mp_read_unsigned_bin(mpi, input + idx, (word32)length) != 0) {
- mp_clear(mpi);
- return ASN_GETINT_E;
- }
- #ifdef HAVE_WOLF_BIGINT
- if (wc_bigint_from_unsigned_bin(&mpi->raw, input + idx, length) != 0) {
- mp_clear(mpi);
- return ASN_GETINT_E;
- }
- #endif /* HAVE_WOLF_BIGINT */
- *inOutIdx = idx + (word32)length;
- return 0;
- }
- #endif /* (ECC || !NO_DSA) && !WOLFSSL_ASN_TEMPLATE */
- #ifndef WOLFSSL_ASN_TEMPLATE
- #if !defined(NO_RSA) || !defined(NO_DSA)
- static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx)
- {
- word32 idx = *inOutIdx;
- int ret;
- int length;
- ret = GetASNInt(input, &idx, &length, maxIdx);
- if (ret != 0)
- return ret;
- *inOutIdx = idx + (word32)length;
- return 0;
- }
- #endif
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for a BIT_STRING. */
- static const ASNItem bitStringASN[] = {
- /* BIT_STR */ { 0, ASN_BIT_STRING, 0, 1, 0 }
- };
- enum {
- BITSTRINGASN_IDX_BIT_STR = 0
- };
- /* Number of items in ASN.1 template for a BIT_STRING. */
- #define bitStringASN_Length (sizeof(bitStringASN) / sizeof(ASNItem))
- #endif
- /* Decode and check the BIT_STRING is valid. Return length and unused bits.
- *
- * @param [in] input Buffer holding BER encoding.
- * @param [in, out] inOutIdx On in, start of BIT_STRING.
- * On out, start of ASN.1 item after BIT_STRING.
- * @param [out] len Length of BIT_STRING data.
- * @param [in] maxIdx Maximum index of data in buffer.
- * @param [in] zeroBits Indicates whether zero unused bits is expected.
- * @param [in] unusedBits Number of unused bits in last byte.
- * @return 0 on success.
- * @return ASN_PARSE_E when encoding is invalid.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when unused bits is not zero when expected.
- */
- int CheckBitString(const byte* input, word32* inOutIdx, int* len,
- word32 maxIdx, int zeroBits, byte* unusedBits)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = *inOutIdx;
- int length;
- byte b;
- if (GetASNTag(input, &idx, &b, maxIdx) != 0) {
- return ASN_BITSTR_E;
- }
- if (b != ASN_BIT_STRING) {
- return ASN_BITSTR_E;
- }
- if (GetLength(input, &idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
- /* extra sanity check that length is greater than 0 */
- if (length <= 0) {
- WOLFSSL_MSG("Error length was 0 in CheckBitString");
- return BUFFER_E;
- }
- if (idx + 1 > maxIdx) {
- WOLFSSL_MSG("Attempted buffer read larger than input buffer");
- return BUFFER_E;
- }
- b = input[idx];
- if (zeroBits && b != 0x00)
- return ASN_EXPECT_0_E;
- if (b >= 0x08)
- return ASN_PARSE_E;
- if (b != 0) {
- if ((byte)(input[idx + (word32)length - 1] << (8 - b)) != 0)
- return ASN_PARSE_E;
- }
- idx++;
- length--; /* length has been checked for greater than 0 */
- *inOutIdx = idx;
- if (len != NULL)
- *len = length;
- if (unusedBits != NULL)
- *unusedBits = b;
- return 0;
- #else
- ASNGetData dataASN[bitStringASN_Length];
- int ret;
- int bits;
- /* Parse BIT_STRING and check validity of unused bits. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- /* Decode BIT_STRING. */
- ret = GetASN_Items(bitStringASN, dataASN, bitStringASN_Length, 0, input,
- inOutIdx, maxIdx);
- if (ret == 0) {
- /* Get unused bits from dynamic ASN.1 data. */
- bits = GetASNItem_UnusedBits(dataASN[BITSTRINGASN_IDX_BIT_STR]);
- /* Check unused bits is 0 when expected. */
- if (zeroBits && (bits != 0)) {
- ret = ASN_EXPECT_0_E;
- }
- }
- if (ret == 0) {
- /* Return length of data and unused bits if required. */
- if (len != NULL) {
- *len = (int)dataASN[BITSTRINGASN_IDX_BIT_STR].data.ref.length;
- }
- if (unusedBits != NULL) {
- *unusedBits = (byte)bits;
- }
- }
- return ret;
- #endif
- }
- /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 OR ED448 (with CertGen or
- * KeyGen) */
- #if (!defined(NO_RSA) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
- defined(OPENSSL_EXTRA))) || \
- (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) || \
- ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
- defined(OPENSSL_EXTRA))) || \
- (defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(NO_CERT)) || \
- (!defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)) || \
- (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA))
- /* Set the DER/BER encoding of the ASN.1 BIT STRING header.
- *
- * When output is NULL, calculate the header length only.
- *
- * @param [in] len Length of BIT STRING data.
- * That is, the number of least significant zero bits
- * before a one.
- * The last byte is the most-significant non-zero byte
- * of a number.
- * @param [out] output Buffer to write into.
- * @return Number of bytes added to the buffer.
- */
- word32 SetBitString(word32 len, byte unusedBits, byte* output)
- {
- word32 idx = 0;
- if (output) {
- /* Write out tag. */
- output[idx] = ASN_BIT_STRING;
- }
- /* Step over tag. */
- idx += ASN_TAG_SZ;
- /* Encode length - passing NULL for output will not encode.
- * Add one to length for unused bits. */
- idx += SetLength(len + 1, output ? output + idx : NULL);
- if (output) {
- /* Write out unused bits. */
- output[idx] = unusedBits;
- }
- /* Skip over unused bits. */
- idx++;
- /* Return index after header. */
- return idx;
- }
- #endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
- #ifdef ASN_BER_TO_DER
- #ifndef BER_OCTET_LENGTH
- #define BER_OCTET_LENGTH 4096
- #endif
- /* sets the terminating 0x00 0x00 at the end of an indefinite length
- * returns the number of bytes written */
- word32 SetIndefEnd(byte* output)
- {
- byte terminate[ASN_INDEF_END_SZ] = { 0x00, 0x00 };
- if (output != NULL) {
- XMEMCPY(output, terminate, ASN_INDEF_END_SZ);
- }
- return (word32)ASN_INDEF_END_SZ;
- }
- /* Breaks an octet string up into chunks for use with streaming
- * returns 0 on success and updates idx */
- int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz,
- word32* idx)
- {
- word32 i = 0;
- word32 outIdx = *idx;
- byte* tmp = out;
- if (tmp) tmp += outIdx;
- while (i < inBufSz) {
- word32 ret, sz;
- sz = BER_OCTET_LENGTH;
- if ((sz + i) > inBufSz) {
- sz = inBufSz - i;
- }
- ret = SetOctetString(sz, tmp);
- if (ret > 0) {
- outIdx += ret;
- }
- if (tmp) {
- if ((word32)ret + sz + i + outIdx > *outSz) {
- return BUFFER_E;
- }
- XMEMCPY(tmp + ret, inBuf + i, sz);
- tmp += sz + ret;
- }
- outIdx += sz;
- i += sz;
- }
- if (tmp) {
- *idx = outIdx;
- return 0;
- }
- else {
- *outSz = outIdx;
- return LENGTH_ONLY_E;
- }
- }
- /* Convert BER to DER */
- /* Pull informtation from the ASN.1 BER encoded item header */
- static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx,
- byte* pTag, word32* pLen, int* indef)
- {
- int len = 0;
- byte tag;
- word32 i = *idx;
- *indef = 0;
- /* Check there is enough data for a minimal header */
- if (i + 2 > maxIdx) {
- return ASN_PARSE_E;
- }
- /* Retrieve tag */
- tag = data[i++];
- /* Indefinite length handled specially */
- if (data[i] == ASN_INDEF_LENGTH) {
- /* Check valid tag for indefinite */
- if (((tag & 0xc0) == 0) && ((tag & ASN_CONSTRUCTED) == 0x00)) {
- return ASN_PARSE_E;
- }
- i++;
- *indef = 1;
- }
- else if (GetLength(data, &i, &len, maxIdx) < 0) {
- return ASN_PARSE_E;
- }
- /* Return tag, length and index after BER item header */
- *pTag = tag;
- *pLen = (word32)len;
- *idx = i;
- return 0;
- }
- #ifndef INDEF_ITEMS_MAX
- #define INDEF_ITEMS_MAX 20
- #endif
- /* Indef length item data */
- typedef struct Indef {
- word32 start;
- int depth;
- int headerLen;
- word32 len;
- } Indef;
- /* Indef length items */
- typedef struct IndefItems
- {
- Indef len[INDEF_ITEMS_MAX];
- int cnt;
- int idx;
- int depth;
- } IndefItems;
- /* Get header length of current item */
- static int IndefItems_HeaderLen(IndefItems* items)
- {
- return items->len[items->idx].headerLen;
- }
- /* Get data length of current item */
- static word32 IndefItems_Len(IndefItems* items)
- {
- return items->len[items->idx].len;
- }
- /* Add a indefinite length item */
- static int IndefItems_AddItem(IndefItems* items, word32 start)
- {
- int ret = 0;
- int i;
- if (items->cnt == INDEF_ITEMS_MAX) {
- ret = MEMORY_E;
- }
- else {
- i = items->cnt++;
- items->len[i].start = start;
- items->len[i].depth = items->depth++;
- items->len[i].headerLen = 1;
- items->len[i].len = 0;
- items->idx = i;
- }
- return ret;
- }
- /* Increase data length of current item */
- static void IndefItems_AddData(IndefItems* items, word32 length)
- {
- items->len[items->idx].len += length;
- }
- /* Update header length of current item to reflect data length */
- static void IndefItems_UpdateHeaderLen(IndefItems* items)
- {
- items->len[items->idx].headerLen +=
- (int)SetLength(items->len[items->idx].len, NULL);
- }
- /* Go to indefinite parent of current item */
- static void IndefItems_Up(IndefItems* items)
- {
- int i;
- int depth = items->len[items->idx].depth - 1;
- for (i = items->cnt - 1; i >= 0; i--) {
- if (items->len[i].depth == depth) {
- break;
- }
- }
- items->idx = i;
- items->depth = depth + 1;
- }
- /* Calculate final length by adding length of indefinite child items */
- static void IndefItems_CalcLength(IndefItems* items)
- {
- int i;
- int idx = items->idx;
- for (i = idx + 1; i < items->cnt; i++) {
- if (items->len[i].depth == items->depth) {
- items->len[idx].len += (word32)items->len[i].headerLen;
- items->len[idx].len += items->len[i].len;
- }
- }
- items->len[idx].headerLen += (int)SetLength(items->len[idx].len, NULL);
- }
- /* Add more data to indefinite length item */
- static void IndefItems_MoreData(IndefItems* items, word32 length)
- {
- if (items->cnt > 0 && items->idx >= 0) {
- items->len[items->idx].len += length;
- }
- }
- /* Convert a BER encoding with indefinite length items to DER.
- *
- * ber BER encoded data.
- * berSz Length of BER encoded data.
- * der Buffer to hold DER encoded version of data.
- * NULL indicates only the length is required.
- * derSz The size of the buffer to hold the DER encoded data.
- * Will be set if der is NULL, otherwise the value is checked as der is
- * filled.
- * returns ASN_PARSE_E if the BER data is invalid and BAD_FUNC_ARG if ber or
- * derSz are NULL.
- */
- int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz)
- {
- int ret = 0;
- word32 i, j;
- #ifdef WOLFSSL_SMALL_STACK
- IndefItems* indefItems = NULL;
- #else
- IndefItems indefItems[1];
- #endif
- byte tag, basic;
- word32 length;
- int indef;
- if (ber == NULL || derSz == NULL)
- return BAD_FUNC_ARG;
- #ifdef WOLFSSL_SMALL_STACK
- indefItems = (IndefItems *)XMALLOC(sizeof(IndefItems), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (indefItems == NULL) {
- ret = MEMORY_E;
- goto end;
- }
- #endif
- XMEMSET(indefItems, 0, sizeof(*indefItems));
- /* Calculate indefinite item lengths */
- for (i = 0; i < berSz; ) {
- word32 start = i;
- /* Get next BER item */
- ret = GetBerHeader(ber, &i, berSz, &tag, &length, &indef);
- if (ret != 0) {
- goto end;
- }
- if (indef) {
- /* Indefinite item - add to list */
- ret = IndefItems_AddItem(indefItems, i);
- if (ret != 0) {
- goto end;
- }
- if ((tag & 0xC0) == 0 &&
- tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) &&
- tag != (ASN_SET | ASN_CONSTRUCTED)) {
- /* Constructed basic type - get repeating tag */
- basic = (byte)(tag & (~ASN_CONSTRUCTED));
- /* Add up lengths of each item below */
- for (; i < berSz; ) {
- /* Get next BER_item */
- ret = GetBerHeader(ber, &i, berSz, &tag, &length, &indef);
- if (ret != 0) {
- goto end;
- }
- /* End of content closes item */
- if (tag == ASN_EOC) {
- /* Must be zero length */
- if (length != 0) {
- ret = ASN_PARSE_E;
- goto end;
- }
- break;
- }
- /* Must not be indefinite and tag must match parent */
- if (indef || tag != basic) {
- ret = ASN_PARSE_E;
- goto end;
- }
- /* Add to length */
- IndefItems_AddData(indefItems, length);
- /* Skip data */
- i += length;
- }
- /* Ensure we got an EOC and not end of data */
- if (tag != ASN_EOC) {
- ret = ASN_PARSE_E;
- goto end;
- }
- /* Set the header length to include the length field */
- IndefItems_UpdateHeaderLen(indefItems);
- /* Go to indefinite parent item */
- IndefItems_Up(indefItems);
- }
- }
- else if (tag == ASN_EOC) {
- /* End-of-content must be 0 length */
- if (length != 0) {
- ret = ASN_PARSE_E;
- goto end;
- }
- /* Check there is an item to close - missing EOC */
- if (indefItems->depth == 0) {
- ret = ASN_PARSE_E;
- goto end;
- }
- /* Finish calculation of data length for indefinite item */
- IndefItems_CalcLength(indefItems);
- /* Go to indefinite parent item */
- IndefItems_Up(indefItems);
- }
- else {
- /* Known length item to add in - make sure enough data for it */
- if (i + length > berSz) {
- ret = ASN_PARSE_E;
- goto end;
- }
- /* Include all data - can't have indefinite inside definite */
- i += length;
- /* Add entire item to current indefinite item */
- IndefItems_MoreData(indefItems, i - start);
- }
- }
- /* Check we had a EOC for each indefinite item */
- if (indefItems->depth != 0) {
- ret = ASN_PARSE_E;
- goto end;
- }
- /* Write out DER */
- j = 0;
- /* Reset index */
- indefItems->idx = 0;
- for (i = 0; i < berSz; ) {
- word32 start = i;
- /* Get item - checked above */
- (void)GetBerHeader(ber, &i, berSz, &tag, &length, &indef);
- if (indef) {
- if (der != NULL) {
- /* Check enough space for header */
- if (j + (word32)IndefItems_HeaderLen(indefItems) > *derSz) {
- ret = BUFFER_E;
- goto end;
- }
- if ((tag & 0xC0) == 0 &&
- tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) &&
- tag != (ASN_SET | ASN_CONSTRUCTED)) {
- /* Remove constructed tag for basic types */
- tag &= (byte)~ASN_CONSTRUCTED;
- }
- /* Add tag and length */
- der[j] = tag;
- (void)SetLength(IndefItems_Len(indefItems), der + j + 1);
- }
- /* Add header length of indefinite item */
- j += (word32)IndefItems_HeaderLen(indefItems);
- if ((tag & 0xC0) == 0 &&
- tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) &&
- tag != (ASN_SET | ASN_CONSTRUCTED)) {
- /* For basic type - get each child item and add data */
- for (; i < berSz; ) {
- (void)GetBerHeader(ber, &i, berSz, &tag, &length, &indef);
- if (tag == ASN_EOC) {
- break;
- }
- if (der != NULL) {
- if (j + length > *derSz) {
- ret = BUFFER_E;
- goto end;
- }
- XMEMCPY(der + j, ber + i, length);
- }
- j += length;
- i += length;
- }
- }
- /* Move to next indef item in list */
- indefItems->idx++;
- }
- else if (tag == ASN_EOC) {
- /* End-Of-Content is not written out in DER */
- }
- else {
- /* Write out definite length item as is. */
- i += length;
- if (der != NULL) {
- /* Ensure space for item */
- if (j + i - start > *derSz) {
- ret = BUFFER_E;
- goto end;
- }
- /* Copy item as is */
- XMEMCPY(der + j, ber + start, i - start);
- }
- j += i - start;
- }
- }
- /* Return the length of the DER encoded ASN.1 */
- *derSz = j;
- if (der == NULL) {
- ret = LENGTH_ONLY_E;
- }
- end:
- #ifdef WOLFSSL_SMALL_STACK
- if (indefItems != NULL) {
- XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- return ret;
- }
- #endif
- #ifndef WOLFSSL_ASN_TEMPLATE
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- /* Set the DER/BER encoding of the ASN.1 BIT_STRING with a 16-bit value.
- *
- * val 16-bit value to encode.
- * output Buffer to write into.
- * returns the number of bytes added to the buffer.
- */
- static word32 SetBitString16Bit(word16 val, byte* output)
- {
- word32 idx;
- int len;
- byte lastByte;
- byte unusedBits = 0;
- if ((val >> 8) != 0) {
- len = 2;
- lastByte = (byte)(val >> 8);
- }
- else {
- len = 1;
- lastByte = (byte)val;
- }
- while (((lastByte >> unusedBits) & 0x01) == 0x00)
- unusedBits++;
- idx = SetBitString((word32)len, unusedBits, output);
- output[idx++] = (byte)val;
- if (len > 1)
- output[idx++] = (byte)(val >> 8);
- return idx;
- }
- #endif /* WOLFSSL_CERT_EXT || WOLFSSL_CERT_GEN */
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- /* hashType */
- #ifdef WOLFSSL_MD2
- static const byte hashMd2hOid[] = {42, 134, 72, 134, 247, 13, 2, 2};
- #endif
- #ifndef NO_MD5
- static const byte hashMd5hOid[] = {42, 134, 72, 134, 247, 13, 2, 5};
- #endif
- #ifndef NO_SHA
- static const byte hashSha1hOid[] = {43, 14, 3, 2, 26};
- #endif
- #ifdef WOLFSSL_SHA224
- static const byte hashSha224hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 4};
- #endif
- #ifndef NO_SHA256
- static const byte hashSha256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 1};
- #endif
- #ifdef WOLFSSL_SHA384
- static const byte hashSha384hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 2};
- #endif
- #ifdef WOLFSSL_SHA512
- static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3};
- #ifndef WOLFSSL_NOSHA512_224
- static const byte hashSha512_224hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 5};
- #endif
- #ifndef WOLFSSL_NOSHA512_256
- static const byte hashSha512_256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 6};
- #endif
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static const byte hashSha3_224hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 7};
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- static const byte hashSha3_256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 8};
- #endif /* WOLFSSL_NOSHA3_256 */
- #ifndef WOLFSSL_NOSHA3_384
- static const byte hashSha3_384hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 9};
- #endif /* WOLFSSL_NOSHA3_384 */
- #ifndef WOLFSSL_NOSHA3_512
- static const byte hashSha3_512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 10};
- #endif /* WOLFSSL_NOSHA3_512 */
- #endif /* WOLFSSL_SHA3 */
- /* hmacType */
- #ifndef NO_HMAC
- #ifdef WOLFSSL_SHA224
- static const byte hmacSha224Oid[] = {42, 134, 72, 134, 247, 13, 2, 8};
- #endif
- #ifndef NO_SHA256
- static const byte hmacSha256Oid[] = {42, 134, 72, 134, 247, 13, 2, 9};
- #endif
- #ifdef WOLFSSL_SHA384
- static const byte hmacSha384Oid[] = {42, 134, 72, 134, 247, 13, 2, 10};
- #endif
- #ifdef WOLFSSL_SHA512
- static const byte hmacSha512Oid[] = {42, 134, 72, 134, 247, 13, 2, 11};
- #endif
- #endif
- /* sigType */
- #if !defined(NO_DSA) && !defined(NO_SHA)
- static const byte sigSha1wDsaOid[] = {42, 134, 72, 206, 56, 4, 3};
- static const byte sigSha256wDsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 2};
- #endif /* NO_DSA */
- #ifndef NO_RSA
- #ifdef WOLFSSL_MD2
- static const byte sigMd2wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 2};
- #endif
- #ifndef NO_MD5
- static const byte sigMd5wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 4};
- #endif
- #ifndef NO_SHA
- static const byte sigSha1wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 5};
- #endif
- #ifdef WOLFSSL_SHA224
- static const byte sigSha224wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,14};
- #endif
- #ifndef NO_SHA256
- static const byte sigSha256wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,11};
- #endif
- #ifdef WOLFSSL_SHA384
- static const byte sigSha384wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,12};
- #endif
- #ifdef WOLFSSL_SHA512
- static const byte sigSha512wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,13};
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static const byte sigSha3_224wRsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 13};
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- static const byte sigSha3_256wRsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 14};
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- static const byte sigSha3_384wRsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 15};
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- static const byte sigSha3_512wRsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 16};
- #endif
- #endif
- #ifdef WC_RSA_PSS
- static const byte sigRsaSsaPssOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 10};
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- static const byte sigSha1wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 1};
- #endif
- #ifdef WOLFSSL_SHA224
- static const byte sigSha224wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 1};
- #endif
- #ifndef NO_SHA256
- static const byte sigSha256wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 2};
- #endif
- #ifdef WOLFSSL_SHA384
- static const byte sigSha384wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 3};
- #endif
- #ifdef WOLFSSL_SHA512
- static const byte sigSha512wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 4};
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static const byte sigSha3_224wEcdsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 9};
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- static const byte sigSha3_256wEcdsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 10};
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- static const byte sigSha3_384wEcdsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 11};
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- static const byte sigSha3_512wEcdsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 12};
- #endif
- #endif
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- /* 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75 */
- static const byte sigSm3wSm2Oid[] = {42, 129, 28, 207, 85, 1, 131, 117};
- #endif
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- static const byte sigEd25519Oid[] = {43, 101, 112};
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_ED448
- static const byte sigEd448Oid[] = {43, 101, 113};
- #endif /* HAVE_ED448 */
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- /* Falcon Level 1: 1 3 9999 3 6 */
- static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 6};
- /* Falcon Level 5: 1 3 9999 3 9 */
- static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
- #endif /* HAVE_FACON */
- #ifdef HAVE_DILITHIUM
- /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
- static const byte sigDilithium_Level2Oid[] =
- {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
- /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
- static const byte sigDilithium_Level3Oid[] =
- {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
- /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
- static const byte sigDilithium_Level5Oid[] =
- {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
- static const byte sigSphincsFast_Level1Oid[] =
- {43, 206, 15, 6, 7, 4};
- /* Sphincs Fast Level 3: 1 3 9999 6 8 3 */
- static const byte sigSphincsFast_Level3Oid[] =
- {43, 206, 15, 6, 8, 3};
- /* Sphincs Fast Level 5: 1 3 9999 6 9 3 */
- static const byte sigSphincsFast_Level5Oid[] =
- {43, 206, 15, 6, 9, 3};
- /* Sphincs Small Level 1: 1 3 9999 6 7 10 */
- static const byte sigSphincsSmall_Level1Oid[] =
- {43, 206, 15, 6, 7, 10};
- /* Sphincs Small Level 3: 1 3 9999 6 8 7 */
- static const byte sigSphincsSmall_Level3Oid[] =
- {43, 206, 15, 6, 8, 7};
- /* Sphincs Small Level 5: 1 3 9999 6 9 7 */
- static const byte sigSphincsSmall_Level5Oid[] =
- {43, 206, 15, 6, 9, 7};
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- /* keyType */
- #ifndef NO_DSA
- static const byte keyDsaOid[] = {42, 134, 72, 206, 56, 4, 1};
- #endif /* NO_DSA */
- #ifndef NO_RSA
- static const byte keyRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 1};
- #ifdef WC_RSA_PSS
- static const byte keyRsaPssOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 10};
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- static const byte keyEcdsaOid[] = {42, 134, 72, 206, 61, 2, 1};
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- static const byte keyEd25519Oid[] = {43, 101, 112};
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_CURVE25519
- static const byte keyCurve25519Oid[] = {43, 101, 110};
- #endif
- #ifdef HAVE_ED448
- static const byte keyEd448Oid[] = {43, 101, 113};
- #endif /* HAVE_ED448 */
- #ifdef HAVE_CURVE448
- static const byte keyCurve448Oid[] = {43, 101, 111};
- #endif /* HAVE_CURVE448 */
- #ifndef NO_DH
- static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1};
- #endif /* !NO_DH */
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- /* Falcon Level 1: 1 3 9999 3 6 */
- static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 6};
- /* Falcon Level 5: 1 3 9999 3 9 */
- static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
- static const byte keyDilithium_Level2Oid[] =
- {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
- /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
- static const byte keyDilithium_Level3Oid[] =
- {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
- /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
- static const byte keyDilithium_Level5Oid[] =
- {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
- static const byte keySphincsFast_Level1Oid[] =
- {43, 206, 15, 6, 7, 4};
- /* Sphincs Fast Level 3: 1 3 9999 6 8 3 */
- static const byte keySphincsFast_Level3Oid[] =
- {43, 206, 15, 6, 8, 3};
- /* Sphincs Fast Level 5: 1 3 9999 6 9 3 */
- static const byte keySphincsFast_Level5Oid[] =
- {43, 206, 15, 6, 9, 3};
- /* Sphincs Small Level 1: 1 3 9999 6 7 10 */
- static const byte keySphincsSmall_Level1Oid[] =
- {43, 206, 15, 6, 7, 10};
- /* Sphincs Small Level 3: 1 3 9999 6 8 7 */
- static const byte keySphincsSmall_Level3Oid[] =
- {43, 206, 15, 6, 8, 7};
- /* Sphincs Small Level 5: 1 3 9999 6 9 7 */
- static const byte keySphincsSmall_Level5Oid[] =
- {43, 206, 15, 6, 9, 7};
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- /* curveType */
- #ifdef HAVE_ECC
- /* See "ecc_sets" table in ecc.c */
- #endif /* HAVE_ECC */
- #ifdef HAVE_AES_CBC
- /* blkType */
- #ifdef WOLFSSL_AES_128
- static const byte blkAes128CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 2};
- #endif
- #ifdef WOLFSSL_AES_192
- static const byte blkAes192CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 22};
- #endif
- #ifdef WOLFSSL_AES_256
- static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42};
- #endif
- #endif /* HAVE_AES_CBC */
- #ifdef HAVE_AESGCM
- #ifdef WOLFSSL_AES_128
- static const byte blkAes128GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 6};
- #endif
- #ifdef WOLFSSL_AES_192
- static const byte blkAes192GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 26};
- #endif
- #ifdef WOLFSSL_AES_256
- static const byte blkAes256GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 46};
- #endif
- #endif /* HAVE_AESGCM */
- #ifdef HAVE_AESCCM
- #ifdef WOLFSSL_AES_128
- static const byte blkAes128CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 7};
- #endif
- #ifdef WOLFSSL_AES_192
- static const byte blkAes192CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 27};
- #endif
- #ifdef WOLFSSL_AES_256
- static const byte blkAes256CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 47};
- #endif
- #endif /* HAVE_AESCCM */
- #ifndef NO_DES3
- static const byte blkDesCbcOid[] = {43, 14, 3, 2, 7};
- static const byte blkDes3CbcOid[] = {42, 134, 72, 134, 247, 13, 3, 7};
- #endif
- /* keyWrapType */
- #ifdef WOLFSSL_AES_128
- static const byte wrapAes128Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 5};
- #endif
- #ifdef WOLFSSL_AES_192
- static const byte wrapAes192Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 25};
- #endif
- #ifdef WOLFSSL_AES_256
- static const byte wrapAes256Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 45};
- #endif
- #ifdef HAVE_PKCS7
- /* From RFC 3211 */
- static const byte wrapPwriKekOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 16, 3,9};
- #endif
- /* cmsKeyAgreeType */
- #ifndef NO_SHA
- static const byte dhSinglePass_stdDH_sha1kdf_Oid[] =
- {43, 129, 5, 16, 134, 72, 63, 0, 2};
- #endif
- #ifdef WOLFSSL_SHA224
- static const byte dhSinglePass_stdDH_sha224kdf_Oid[] = {43, 129, 4, 1, 11, 0};
- #endif
- #ifndef NO_SHA256
- static const byte dhSinglePass_stdDH_sha256kdf_Oid[] = {43, 129, 4, 1, 11, 1};
- #endif
- #ifdef WOLFSSL_SHA384
- static const byte dhSinglePass_stdDH_sha384kdf_Oid[] = {43, 129, 4, 1, 11, 2};
- #endif
- #ifdef WOLFSSL_SHA512
- static const byte dhSinglePass_stdDH_sha512kdf_Oid[] = {43, 129, 4, 1, 11, 3};
- #endif
- /* ocspType */
- #ifdef HAVE_OCSP
- static const byte ocspBasicOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 1};
- static const byte ocspNonceOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 2};
- static const byte ocspNoCheckOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 5};
- #endif /* HAVE_OCSP */
- /* certExtType */
- static const byte extBasicCaOid[] = {85, 29, 19};
- static const byte extAltNamesOid[] = {85, 29, 17};
- static const byte extCrlDistOid[] = {85, 29, 31};
- static const byte extAuthInfoOid[] = {43, 6, 1, 5, 5, 7, 1, 1};
- static const byte extAuthKeyOid[] = {85, 29, 35};
- static const byte extSubjKeyOid[] = {85, 29, 14};
- static const byte extCertPolicyOid[] = {85, 29, 32};
- static const byte extKeyUsageOid[] = {85, 29, 15};
- static const byte extInhibitAnyOid[] = {85, 29, 54};
- static const byte extExtKeyUsageOid[] = {85, 29, 37};
- #ifndef IGNORE_NAME_CONSTRAINTS
- static const byte extNameConsOid[] = {85, 29, 30};
- #endif
- #ifdef HAVE_CRL
- static const byte extCrlNumberOid[] = {85, 29, 20};
- #endif
- #ifdef WOLFSSL_SUBJ_DIR_ATTR
- static const byte extSubjDirAttrOid[] = {85, 29, 9};
- #endif
- #ifdef WOLFSSL_SUBJ_INFO_ACC
- static const byte extSubjInfoAccessOid[] = {43, 6, 1, 5, 5, 7, 1, 11};
- #endif
- /* certAuthInfoType */
- static const byte extAuthInfoOcspOid[] = {43, 6, 1, 5, 5, 7, 48, 1};
- static const byte extAuthInfoCaIssuerOid[] = {43, 6, 1, 5, 5, 7, 48, 2};
- #ifdef WOLFSSL_SUBJ_INFO_ACC
- static const byte extAuthInfoCaRespOid[] = {43, 6, 1, 5, 5, 7, 48, 5};
- #endif /* WOLFSSL_SUBJ_INFO_ACC */
- /* certPolicyType */
- static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0};
- #ifdef WOLFSSL_FPKI
- #define CERT_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num}
- static const byte extCertPolicyFpkiCommonAuthOid[] =
- CERT_POLICY_TYPE_OID_BASE(13);
- static const byte extCertPolicyFpkiPivAuthOid[] =
- CERT_POLICY_TYPE_OID_BASE(40);
- static const byte extCertPolicyFpkiPivAuthHwOid[] =
- CERT_POLICY_TYPE_OID_BASE(41);
- static const byte extCertPolicyFpkiPiviAuthOid[] =
- CERT_POLICY_TYPE_OID_BASE(45);
- #endif /* WOLFSSL_FPKI */
- /* certAltNameType */
- static const byte extAltNamesHwNameOid[] = {43, 6, 1, 5, 5, 7, 8, 4};
- /* certKeyUseType */
- static const byte extExtKeyUsageAnyOid[] = {85, 29, 37, 0};
- static const byte extExtKeyUsageServerAuthOid[] = {43, 6, 1, 5, 5, 7, 3, 1};
- static const byte extExtKeyUsageClientAuthOid[] = {43, 6, 1, 5, 5, 7, 3, 2};
- static const byte extExtKeyUsageCodeSigningOid[] = {43, 6, 1, 5, 5, 7, 3, 3};
- static const byte extExtKeyUsageEmailProtectOid[] = {43, 6, 1, 5, 5, 7, 3, 4};
- static const byte extExtKeyUsageTimestampOid[] = {43, 6, 1, 5, 5, 7, 3, 8};
- static const byte extExtKeyUsageOcspSignOid[] = {43, 6, 1, 5, 5, 7, 3, 9};
- #ifdef WOLFSSL_WOLFSSH
- #define EXT_KEY_USAGE_OID_BASE(num) {43, 6, 1, 5, 5, 7, 3, num}
- static const byte extExtKeyUsageSshClientAuthOid[] =
- EXT_KEY_USAGE_OID_BASE(21);
- static const byte extExtKeyUsageSshMSCLOid[] =
- {43, 6, 1, 4, 1, 130, 55, 20, 2, 2};
- static const byte extExtKeyUsageSshKpClientAuthOid[] =
- {43, 6, 1, 5, 2, 3, 4};
- #endif /* WOLFSSL_WOLFSSH */
- #ifdef WOLFSSL_SUBJ_DIR_ATTR
- #define SUBJ_DIR_ATTR_TYPE_OID_BASE(num) {43, 6, 1, 5, 5, 7, 9, num}
- static const byte extSubjDirAttrDobOid[] = SUBJ_DIR_ATTR_TYPE_OID_BASE(1);
- static const byte extSubjDirAttrPobOid[] = SUBJ_DIR_ATTR_TYPE_OID_BASE(2);
- static const byte extSubjDirAttrGenderOid[] =
- SUBJ_DIR_ATTR_TYPE_OID_BASE(3);
- static const byte extSubjDirAttrCocOid[] = SUBJ_DIR_ATTR_TYPE_OID_BASE(4);
- static const byte extSubjDirAttrCorOid[] = SUBJ_DIR_ATTR_TYPE_OID_BASE(5);
- #endif
- #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_ASN_TEMPLATE) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)
- /* csrAttrType */
- #define CSR_ATTR_TYPE_OID_BASE(num) {42, 134, 72, 134, 247, 13, 1, 9, num}
- #if !defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) || \
- defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
- defined(WOLFSSL_ASN_TEMPLATE)
- static const byte attrEmailOid[] = CSR_ATTR_TYPE_OID_BASE(1);
- #endif
- #ifdef WOLFSSL_CERT_REQ
- static const byte attrUnstructuredNameOid[] = CSR_ATTR_TYPE_OID_BASE(2);
- static const byte attrPkcs9ContentTypeOid[] = CSR_ATTR_TYPE_OID_BASE(3);
- static const byte attrChallengePasswordOid[] = CSR_ATTR_TYPE_OID_BASE(7);
- static const byte attrExtensionRequestOid[] = CSR_ATTR_TYPE_OID_BASE(14);
- static const byte attrSerialNumberOid[] = {85, 4, 5};
- static const byte attrDnQualifier[] = {85, 4, 46};
- static const byte attrInitals[] = {85, 4, 43};
- static const byte attrSurname[] = {85, 4, 4};
- static const byte attrGivenName[] = {85, 4, 42};
- #endif
- #endif
- /* kdfType */
- static const byte pbkdf2Oid[] = {42, 134, 72, 134, 247, 13, 1, 5, 12};
- /* PKCS5 */
- #if !defined(NO_DES3) && !defined(NO_MD5)
- static const byte pbeMd5Des[] = {42, 134, 72, 134, 247, 13, 1, 5, 3};
- #endif
- #if !defined(NO_DES3) && !defined(NO_SHA)
- static const byte pbeSha1Des[] = {42, 134, 72, 134, 247, 13, 1, 5, 10};
- #endif
- static const byte pbes2[] = {42, 134, 72, 134, 247, 13, 1, 5, 13};
- /* PKCS12 */
- #if !defined(NO_RC4) && !defined(NO_SHA)
- static const byte pbeSha1RC4128[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 1};
- #endif
- #if !defined(NO_DES3) && !defined(NO_SHA)
- static const byte pbeSha1Des3[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 3};
- #endif
- #if defined(WC_RC2) && !defined(NO_SHA)
- static const byte pbe40Rc2Cbc[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 6};
- #endif
- #ifdef HAVE_LIBZ
- /* zlib compression */
- static const byte zlibCompress[] = {42, 134, 72, 134, 247, 13, 1, 9, 16, 3, 8};
- #endif
- #ifdef WOLFSSL_APACHE_HTTPD
- /* tlsExtType */
- static const byte tlsFeatureOid[] = {43, 6, 1, 5, 5, 7, 1, 24};
- /* certNameType */
- static const byte dnsSRVOid[] = {43, 6, 1, 5, 5, 7, 8, 7};
- #endif
- #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) || \
- defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
- defined(WOLFSSL_ASN_TEMPLATE)
- /* Pilot attribute types (0.9.2342.19200300.100.1.*) */
- #define PLT_ATTR_TYPE_OID_BASE(num) {9, 146, 38, 137, 147, 242, 44, 100, 1, num}
- static const byte uidOid[] = PLT_ATTR_TYPE_OID_BASE(1); /* user id */
- static const byte fvrtDrk[] = PLT_ATTR_TYPE_OID_BASE(5);/* favourite drink*/
- #endif
- #if defined(WOLFSSL_CERT_GEN) || \
- defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
- defined(WOLFSSL_ASN_TEMPLATE)
- static const byte dcOid[] = {9, 146, 38, 137, 147, 242, 44, 100, 1, 25}; /* domain component */
- #endif
- /* Looks up the ID/type of an OID.
- *
- * When known returns the OID as a byte array and its length.
- * ID-type are unique.
- *
- * Use oidIgnoreType to autofail.
- *
- * @param [in] id OID id.
- * @param [in] type Type of OID (enum Oid_Types).
- * @param [out] oidSz Length of OID byte array returned.
- * @return Array of bytes for the OID.
- * @return NULL when ID/type not recognized.
- */
- const byte* OidFromId(word32 id, word32 type, word32* oidSz)
- {
- const byte* oid = NULL;
- *oidSz = 0;
- switch (type) {
- case oidHashType:
- switch (id) {
- #ifdef WOLFSSL_MD2
- case MD2h:
- oid = hashMd2hOid;
- *oidSz = sizeof(hashMd2hOid);
- break;
- #endif
- #ifndef NO_MD5
- case MD5h:
- oid = hashMd5hOid;
- *oidSz = sizeof(hashMd5hOid);
- break;
- #endif
- #ifndef NO_SHA
- case SHAh:
- oid = hashSha1hOid;
- *oidSz = sizeof(hashSha1hOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA224
- case SHA224h:
- oid = hashSha224hOid;
- *oidSz = sizeof(hashSha224hOid);
- break;
- #endif
- #ifndef NO_SHA256
- case SHA256h:
- oid = hashSha256hOid;
- *oidSz = sizeof(hashSha256hOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case SHA384h:
- oid = hashSha384hOid;
- *oidSz = sizeof(hashSha384hOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- #ifndef WOLFSSL_NOSHA512_224
- case SHA512_224h:
- oid = hashSha512_224hOid;
- *oidSz = sizeof(hashSha512_224hOid);
- break;
- #endif
- #ifndef WOLFSSL_NOSHA512_256
- case SHA512_256h:
- oid = hashSha512_256hOid;
- *oidSz = sizeof(hashSha512_256hOid);
- break;
- #endif
- case SHA512h:
- oid = hashSha512hOid;
- *oidSz = sizeof(hashSha512hOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- case SHA3_224h:
- oid = hashSha3_224hOid;
- *oidSz = sizeof(hashSha3_224hOid);
- break;
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- case SHA3_256h:
- oid = hashSha3_256hOid;
- *oidSz = sizeof(hashSha3_256hOid);
- break;
- #endif /* WOLFSSL_NOSHA3_256 */
- #ifndef WOLFSSL_NOSHA3_384
- case SHA3_384h:
- oid = hashSha3_384hOid;
- *oidSz = sizeof(hashSha3_384hOid);
- break;
- #endif /* WOLFSSL_NOSHA3_384 */
- #ifndef WOLFSSL_NOSHA3_512
- case SHA3_512h:
- oid = hashSha3_512hOid;
- *oidSz = sizeof(hashSha3_512hOid);
- break;
- #endif /* WOLFSSL_NOSHA3_512 */
- #endif /* WOLFSSL_SHA3 */
- default:
- break;
- }
- break;
- case oidSigType:
- switch (id) {
- #if !defined(NO_DSA) && !defined(NO_SHA)
- case CTC_SHAwDSA:
- oid = sigSha1wDsaOid;
- *oidSz = sizeof(sigSha1wDsaOid);
- break;
- case CTC_SHA256wDSA:
- oid = sigSha256wDsaOid;
- *oidSz = sizeof(sigSha256wDsaOid);
- break;
- #endif /* NO_DSA */
- #ifndef NO_RSA
- #ifdef WOLFSSL_MD2
- case CTC_MD2wRSA:
- oid = sigMd2wRsaOid;
- *oidSz = sizeof(sigMd2wRsaOid);
- break;
- #endif
- #ifndef NO_MD5
- case CTC_MD5wRSA:
- oid = sigMd5wRsaOid;
- *oidSz = sizeof(sigMd5wRsaOid);
- break;
- #endif
- #ifndef NO_SHA
- case CTC_SHAwRSA:
- oid = sigSha1wRsaOid;
- *oidSz = sizeof(sigSha1wRsaOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA224
- case CTC_SHA224wRSA:
- oid = sigSha224wRsaOid;
- *oidSz = sizeof(sigSha224wRsaOid);
- break;
- #endif
- #ifndef NO_SHA256
- case CTC_SHA256wRSA:
- oid = sigSha256wRsaOid;
- *oidSz = sizeof(sigSha256wRsaOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case CTC_SHA384wRSA:
- oid = sigSha384wRsaOid;
- *oidSz = sizeof(sigSha384wRsaOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case CTC_SHA512wRSA:
- oid = sigSha512wRsaOid;
- *oidSz = sizeof(sigSha512wRsaOid);
- break;
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- case CTC_SHA3_224wRSA:
- oid = sigSha3_224wRsaOid;
- *oidSz = sizeof(sigSha3_224wRsaOid);
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- case CTC_SHA3_256wRSA:
- oid = sigSha3_256wRsaOid;
- *oidSz = sizeof(sigSha3_256wRsaOid);
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- case CTC_SHA3_384wRSA:
- oid = sigSha3_384wRsaOid;
- *oidSz = sizeof(sigSha3_384wRsaOid);
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- case CTC_SHA3_512wRSA:
- oid = sigSha3_512wRsaOid;
- *oidSz = sizeof(sigSha3_512wRsaOid);
- break;
- #endif
- #endif
- #ifdef WC_RSA_PSS
- case CTC_RSASSAPSS:
- oid = sigRsaSsaPssOid;
- *oidSz = sizeof(sigRsaSsaPssOid);
- break;
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- case CTC_SHAwECDSA:
- oid = sigSha1wEcdsaOid;
- *oidSz = sizeof(sigSha1wEcdsaOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA224
- case CTC_SHA224wECDSA:
- oid = sigSha224wEcdsaOid;
- *oidSz = sizeof(sigSha224wEcdsaOid);
- break;
- #endif
- #ifndef NO_SHA256
- case CTC_SHA256wECDSA:
- oid = sigSha256wEcdsaOid;
- *oidSz = sizeof(sigSha256wEcdsaOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case CTC_SHA384wECDSA:
- oid = sigSha384wEcdsaOid;
- *oidSz = sizeof(sigSha384wEcdsaOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case CTC_SHA512wECDSA:
- oid = sigSha512wEcdsaOid;
- *oidSz = sizeof(sigSha512wEcdsaOid);
- break;
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- case CTC_SHA3_224wECDSA:
- oid = sigSha3_224wEcdsaOid;
- *oidSz = sizeof(sigSha3_224wEcdsaOid);
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- case CTC_SHA3_256wECDSA:
- oid = sigSha3_256wEcdsaOid;
- *oidSz = sizeof(sigSha3_256wEcdsaOid);
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- case CTC_SHA3_384wECDSA:
- oid = sigSha3_384wEcdsaOid;
- *oidSz = sizeof(sigSha3_384wEcdsaOid);
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- case CTC_SHA3_512wECDSA:
- oid = sigSha3_512wEcdsaOid;
- *oidSz = sizeof(sigSha3_512wEcdsaOid);
- break;
- #endif
- #endif
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- case CTC_SM3wSM2:
- oid = sigSm3wSm2Oid;
- *oidSz = sizeof(sigSm3wSm2Oid);
- break;
- #endif
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- case CTC_ED25519:
- oid = sigEd25519Oid;
- *oidSz = sizeof(sigEd25519Oid);
- break;
- #endif
- #ifdef HAVE_ED448
- case CTC_ED448:
- oid = sigEd448Oid;
- *oidSz = sizeof(sigEd448Oid);
- break;
- #endif
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- case CTC_FALCON_LEVEL1:
- oid = sigFalcon_Level1Oid;
- *oidSz = sizeof(sigFalcon_Level1Oid);
- break;
- case CTC_FALCON_LEVEL5:
- oid = sigFalcon_Level5Oid;
- *oidSz = sizeof(sigFalcon_Level5Oid);
- break;
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- case CTC_DILITHIUM_LEVEL2:
- oid = sigDilithium_Level2Oid;
- *oidSz = sizeof(sigDilithium_Level2Oid);
- break;
- case CTC_DILITHIUM_LEVEL3:
- oid = sigDilithium_Level3Oid;
- *oidSz = sizeof(sigDilithium_Level3Oid);
- break;
- case CTC_DILITHIUM_LEVEL5:
- oid = sigDilithium_Level5Oid;
- *oidSz = sizeof(sigDilithium_Level5Oid);
- break;
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- case CTC_SPHINCS_FAST_LEVEL1:
- oid = sigSphincsFast_Level1Oid;
- *oidSz = sizeof(sigSphincsFast_Level1Oid);
- break;
- case CTC_SPHINCS_FAST_LEVEL3:
- oid = sigSphincsFast_Level3Oid;
- *oidSz = sizeof(sigSphincsFast_Level3Oid);
- break;
- case CTC_SPHINCS_FAST_LEVEL5:
- oid = sigSphincsFast_Level5Oid;
- *oidSz = sizeof(sigSphincsFast_Level5Oid);
- break;
- case CTC_SPHINCS_SMALL_LEVEL1:
- oid = sigSphincsSmall_Level1Oid;
- *oidSz = sizeof(sigSphincsSmall_Level1Oid);
- break;
- case CTC_SPHINCS_SMALL_LEVEL3:
- oid = sigSphincsSmall_Level3Oid;
- *oidSz = sizeof(sigSphincsSmall_Level3Oid);
- break;
- case CTC_SPHINCS_SMALL_LEVEL5:
- oid = sigSphincsSmall_Level5Oid;
- *oidSz = sizeof(sigSphincsSmall_Level5Oid);
- break;
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- default:
- break;
- }
- break;
- case oidKeyType:
- switch (id) {
- #ifndef NO_DSA
- case DSAk:
- oid = keyDsaOid;
- *oidSz = sizeof(keyDsaOid);
- break;
- #endif /* NO_DSA */
- #ifndef NO_RSA
- case RSAk:
- oid = keyRsaOid;
- *oidSz = sizeof(keyRsaOid);
- break;
- #ifdef WC_RSA_PSS
- case RSAPSSk:
- oid = keyRsaPssOid;
- *oidSz = sizeof(keyRsaPssOid);
- break;
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- case ECDSAk:
- oid = keyEcdsaOid;
- *oidSz = sizeof(keyEcdsaOid);
- break;
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- case ED25519k:
- oid = keyEd25519Oid;
- *oidSz = sizeof(keyEd25519Oid);
- break;
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_CURVE25519
- case X25519k:
- oid = keyCurve25519Oid;
- *oidSz = sizeof(keyCurve25519Oid);
- break;
- #endif /* HAVE_CURVE25519 */
- #ifdef HAVE_ED448
- case ED448k:
- oid = keyEd448Oid;
- *oidSz = sizeof(keyEd448Oid);
- break;
- #endif /* HAVE_ED448 */
- #ifdef HAVE_CURVE448
- case X448k:
- oid = keyCurve448Oid;
- *oidSz = sizeof(keyCurve448Oid);
- break;
- #endif /* HAVE_CURVE448 */
- #ifndef NO_DH
- case DHk:
- oid = keyDhOid;
- *oidSz = sizeof(keyDhOid);
- break;
- #endif /* !NO_DH */
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- case FALCON_LEVEL1k:
- oid = keyFalcon_Level1Oid;
- *oidSz = sizeof(keyFalcon_Level1Oid);
- break;
- case FALCON_LEVEL5k:
- oid = keyFalcon_Level5Oid;
- *oidSz = sizeof(keyFalcon_Level5Oid);
- break;
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- case DILITHIUM_LEVEL2k:
- oid = keyDilithium_Level2Oid;
- *oidSz = sizeof(keyDilithium_Level2Oid);
- break;
- case DILITHIUM_LEVEL3k:
- oid = keyDilithium_Level3Oid;
- *oidSz = sizeof(keyDilithium_Level3Oid);
- break;
- case DILITHIUM_LEVEL5k:
- oid = keyDilithium_Level5Oid;
- *oidSz = sizeof(keyDilithium_Level5Oid);
- break;
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- case SPHINCS_FAST_LEVEL1k:
- oid = keySphincsFast_Level1Oid;
- *oidSz = sizeof(keySphincsFast_Level1Oid);
- break;
- case SPHINCS_FAST_LEVEL3k:
- oid = keySphincsFast_Level3Oid;
- *oidSz = sizeof(keySphincsFast_Level3Oid);
- break;
- case SPHINCS_FAST_LEVEL5k:
- oid = keySphincsFast_Level5Oid;
- *oidSz = sizeof(keySphincsFast_Level5Oid);
- break;
- case SPHINCS_SMALL_LEVEL1k:
- oid = keySphincsSmall_Level1Oid;
- *oidSz = sizeof(keySphincsSmall_Level1Oid);
- break;
- case SPHINCS_SMALL_LEVEL3k:
- oid = keySphincsSmall_Level3Oid;
- *oidSz = sizeof(keySphincsSmall_Level3Oid);
- break;
- case SPHINCS_SMALL_LEVEL5k:
- oid = keySphincsSmall_Level5Oid;
- *oidSz = sizeof(keySphincsSmall_Level5Oid);
- break;
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- default:
- break;
- }
- break;
- #ifdef HAVE_ECC
- case oidCurveType:
- if (wc_ecc_get_oid(id, &oid, oidSz) < 0) {
- WOLFSSL_MSG("ECC OID not found");
- }
- break;
- #endif /* HAVE_ECC */
- case oidBlkType:
- switch (id) {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- case AES128CBCb:
- oid = blkAes128CbcOid;
- *oidSz = sizeof(blkAes128CbcOid);
- break;
- #endif
- #ifdef WOLFSSL_AES_192
- case AES192CBCb:
- oid = blkAes192CbcOid;
- *oidSz = sizeof(blkAes192CbcOid);
- break;
- #endif
- #ifdef WOLFSSL_AES_256
- case AES256CBCb:
- oid = blkAes256CbcOid;
- *oidSz = sizeof(blkAes256CbcOid);
- break;
- #endif
- #endif /* HAVE_AES_CBC */
- #ifdef HAVE_AESGCM
- #ifdef WOLFSSL_AES_128
- case AES128GCMb:
- oid = blkAes128GcmOid;
- *oidSz = sizeof(blkAes128GcmOid);
- break;
- #endif
- #ifdef WOLFSSL_AES_192
- case AES192GCMb:
- oid = blkAes192GcmOid;
- *oidSz = sizeof(blkAes192GcmOid);
- break;
- #endif
- #ifdef WOLFSSL_AES_256
- case AES256GCMb:
- oid = blkAes256GcmOid;
- *oidSz = sizeof(blkAes256GcmOid);
- break;
- #endif
- #endif /* HAVE_AESGCM */
- #ifdef HAVE_AESCCM
- #ifdef WOLFSSL_AES_128
- case AES128CCMb:
- oid = blkAes128CcmOid;
- *oidSz = sizeof(blkAes128CcmOid);
- break;
- #endif
- #ifdef WOLFSSL_AES_192
- case AES192CCMb:
- oid = blkAes192CcmOid;
- *oidSz = sizeof(blkAes192CcmOid);
- break;
- #endif
- #ifdef WOLFSSL_AES_256
- case AES256CCMb:
- oid = blkAes256CcmOid;
- *oidSz = sizeof(blkAes256CcmOid);
- break;
- #endif
- #endif /* HAVE_AESCCM */
- #ifndef NO_DES3
- case DESb:
- oid = blkDesCbcOid;
- *oidSz = sizeof(blkDesCbcOid);
- break;
- case DES3b:
- oid = blkDes3CbcOid;
- *oidSz = sizeof(blkDes3CbcOid);
- break;
- #endif /* !NO_DES3 */
- default:
- break;
- }
- break;
- #ifdef HAVE_OCSP
- case oidOcspType:
- switch (id) {
- case OCSP_BASIC_OID:
- oid = ocspBasicOid;
- *oidSz = sizeof(ocspBasicOid);
- break;
- case OCSP_NONCE_OID:
- oid = ocspNonceOid;
- *oidSz = sizeof(ocspNonceOid);
- break;
- default:
- break;
- }
- break;
- #endif /* HAVE_OCSP */
- case oidCertExtType:
- switch (id) {
- case BASIC_CA_OID:
- oid = extBasicCaOid;
- *oidSz = sizeof(extBasicCaOid);
- break;
- case ALT_NAMES_OID:
- oid = extAltNamesOid;
- *oidSz = sizeof(extAltNamesOid);
- break;
- case CRL_DIST_OID:
- oid = extCrlDistOid;
- *oidSz = sizeof(extCrlDistOid);
- break;
- case AUTH_INFO_OID:
- oid = extAuthInfoOid;
- *oidSz = sizeof(extAuthInfoOid);
- break;
- case AUTH_KEY_OID:
- oid = extAuthKeyOid;
- *oidSz = sizeof(extAuthKeyOid);
- break;
- case SUBJ_KEY_OID:
- oid = extSubjKeyOid;
- *oidSz = sizeof(extSubjKeyOid);
- break;
- case CERT_POLICY_OID:
- oid = extCertPolicyOid;
- *oidSz = sizeof(extCertPolicyOid);
- break;
- case KEY_USAGE_OID:
- oid = extKeyUsageOid;
- *oidSz = sizeof(extKeyUsageOid);
- break;
- case INHIBIT_ANY_OID:
- oid = extInhibitAnyOid;
- *oidSz = sizeof(extInhibitAnyOid);
- break;
- case EXT_KEY_USAGE_OID:
- oid = extExtKeyUsageOid;
- *oidSz = sizeof(extExtKeyUsageOid);
- break;
- #ifndef IGNORE_NAME_CONSTRAINTS
- case NAME_CONS_OID:
- oid = extNameConsOid;
- *oidSz = sizeof(extNameConsOid);
- break;
- #endif
- #ifdef HAVE_OCSP
- case OCSP_NOCHECK_OID:
- oid = ocspNoCheckOid;
- *oidSz = sizeof(ocspNoCheckOid);
- break;
- #endif
- #ifdef WOLFSSL_SUBJ_DIR_ATTR
- case SUBJ_DIR_ATTR_OID:
- oid = extSubjDirAttrOid;
- *oidSz = sizeof(extSubjDirAttrOid);
- break;
- #endif
- #ifdef WOLFSSL_SUBJ_INFO_ACC
- case SUBJ_INFO_ACC_OID:
- oid = extSubjInfoAccessOid;
- *oidSz = sizeof(extSubjInfoAccessOid);
- break;
- #endif
- default:
- break;
- }
- break;
- case oidCrlExtType:
- #ifdef HAVE_CRL
- switch (id) {
- case AUTH_KEY_OID:
- oid = extAuthKeyOid;
- *oidSz = sizeof(extAuthKeyOid);
- break;
- case CRL_NUMBER_OID:
- oid = extCrlNumberOid;
- *oidSz = sizeof(extCrlNumberOid);
- break;
- default:
- break;
- }
- #endif
- break;
- case oidCertAuthInfoType:
- switch (id) {
- case AIA_OCSP_OID:
- oid = extAuthInfoOcspOid;
- *oidSz = sizeof(extAuthInfoOcspOid);
- break;
- case AIA_CA_ISSUER_OID:
- oid = extAuthInfoCaIssuerOid;
- *oidSz = sizeof(extAuthInfoCaIssuerOid);
- break;
- #ifdef WOLFSSL_SUBJ_INFO_ACC
- case AIA_CA_REPO_OID:
- oid = extAuthInfoCaRespOid;
- *oidSz = sizeof(extAuthInfoCaRespOid);
- break;
- #endif /* WOLFSSL_SUBJ_INFO_ACC */
- default:
- break;
- }
- break;
- case oidCertPolicyType:
- switch (id) {
- case CP_ANY_OID:
- oid = extCertPolicyAnyOid;
- *oidSz = sizeof(extCertPolicyAnyOid);
- break;
- #if defined(WOLFSSL_FPKI)
- case CP_FPKI_COMMON_AUTH_OID:
- oid = extCertPolicyFpkiCommonAuthOid;
- *oidSz = sizeof(extCertPolicyFpkiCommonAuthOid);
- break;
- case CP_FPKI_PIV_AUTH_OID:
- oid = extCertPolicyFpkiPivAuthOid;
- *oidSz = sizeof(extCertPolicyFpkiPivAuthOid);
- break;
- case CP_FPKI_PIV_AUTH_HW_OID: /* collision with AES256CBCb */
- oid = extCertPolicyFpkiPivAuthHwOid;
- *oidSz = sizeof(extCertPolicyFpkiPivAuthHwOid);
- break;
- case CP_FPKI_PIVI_AUTH_OID:
- oid = extCertPolicyFpkiPiviAuthOid;
- *oidSz = sizeof(extCertPolicyFpkiPiviAuthOid);
- break;
- #endif /* WOLFSSL_FPKI */
- default:
- break;
- }
- break;
- case oidCertAltNameType:
- switch (id) {
- case HW_NAME_OID:
- oid = extAltNamesHwNameOid;
- *oidSz = sizeof(extAltNamesHwNameOid);
- break;
- default:
- break;
- }
- break;
- case oidCertKeyUseType:
- switch (id) {
- case EKU_ANY_OID:
- oid = extExtKeyUsageAnyOid;
- *oidSz = sizeof(extExtKeyUsageAnyOid);
- break;
- case EKU_SERVER_AUTH_OID:
- oid = extExtKeyUsageServerAuthOid;
- *oidSz = sizeof(extExtKeyUsageServerAuthOid);
- break;
- case EKU_CLIENT_AUTH_OID:
- oid = extExtKeyUsageClientAuthOid;
- *oidSz = sizeof(extExtKeyUsageClientAuthOid);
- break;
- case EKU_CODESIGNING_OID:
- oid = extExtKeyUsageCodeSigningOid;
- *oidSz = sizeof(extExtKeyUsageCodeSigningOid);
- break;
- case EKU_EMAILPROTECT_OID:
- oid = extExtKeyUsageEmailProtectOid;
- *oidSz = sizeof(extExtKeyUsageEmailProtectOid);
- break;
- case EKU_TIMESTAMP_OID:
- oid = extExtKeyUsageTimestampOid;
- *oidSz = sizeof(extExtKeyUsageTimestampOid);
- break;
- case EKU_OCSP_SIGN_OID:
- oid = extExtKeyUsageOcspSignOid;
- *oidSz = sizeof(extExtKeyUsageOcspSignOid);
- break;
- #ifdef WOLFSSL_WOLFSSH
- case EKU_SSH_CLIENT_AUTH_OID:
- oid = extExtKeyUsageSshClientAuthOid;
- *oidSz = sizeof(extExtKeyUsageSshClientAuthOid);
- break;
- case EKU_SSH_MSCL_OID:
- oid = extExtKeyUsageSshMSCLOid;
- *oidSz = sizeof(extExtKeyUsageSshMSCLOid);
- break;
- case EKU_SSH_KP_CLIENT_AUTH_OID:
- oid = extExtKeyUsageSshKpClientAuthOid;
- *oidSz = sizeof(extExtKeyUsageSshKpClientAuthOid);
- break;
- #endif /* WOLFSSL_WOLFSSH */
- default:
- break;
- }
- break;
- case oidKdfType:
- switch (id) {
- case PBKDF2_OID:
- oid = pbkdf2Oid;
- *oidSz = sizeof(pbkdf2Oid);
- break;
- default:
- break;
- }
- break;
- case oidPBEType:
- switch (id) {
- #if !defined(NO_SHA) && !defined(NO_RC4)
- case PBE_SHA1_RC4_128_SUM:
- case PBE_SHA1_RC4_128:
- oid = pbeSha1RC4128;
- *oidSz = sizeof(pbeSha1RC4128);
- break;
- #endif
- #if !defined(NO_MD5) && !defined(NO_DES3)
- case PBE_MD5_DES_SUM:
- case PBE_MD5_DES:
- oid = pbeMd5Des;
- *oidSz = sizeof(pbeMd5Des);
- break;
- #endif
- #if !defined(NO_SHA) && !defined(NO_DES3)
- case PBE_SHA1_DES_SUM:
- case PBE_SHA1_DES:
- oid = pbeSha1Des;
- *oidSz = sizeof(pbeSha1Des);
- break;
- #endif
- #if !defined(NO_SHA) && !defined(NO_DES3)
- case PBE_SHA1_DES3_SUM:
- case PBE_SHA1_DES3:
- oid = pbeSha1Des3;
- *oidSz = sizeof(pbeSha1Des3);
- break;
- #endif
- #if !defined(NO_SHA) && defined(WC_RC2)
- case PBE_SHA1_40RC2_CBC_SUM:
- case PBE_SHA1_40RC2_CBC:
- oid = pbe40Rc2Cbc;
- *oidSz = sizeof(pbe40Rc2Cbc);
- break;
- #endif
- case PBES2_SUM:
- case PBES2:
- oid = pbes2;
- *oidSz = sizeof(pbes2);
- break;
- default:
- break;
- }
- break;
- case oidKeyWrapType:
- switch (id) {
- #ifdef WOLFSSL_AES_128
- case AES128_WRAP:
- oid = wrapAes128Oid;
- *oidSz = sizeof(wrapAes128Oid);
- break;
- #endif
- #ifdef WOLFSSL_AES_192
- case AES192_WRAP:
- oid = wrapAes192Oid;
- *oidSz = sizeof(wrapAes192Oid);
- break;
- #endif
- #ifdef WOLFSSL_AES_256
- case AES256_WRAP:
- oid = wrapAes256Oid;
- *oidSz = sizeof(wrapAes256Oid);
- break;
- #endif
- #ifdef HAVE_PKCS7
- case PWRI_KEK_WRAP:
- oid = wrapPwriKekOid;
- *oidSz = sizeof(wrapPwriKekOid);
- break;
- #endif
- default:
- break;
- }
- break;
- case oidCmsKeyAgreeType:
- switch (id) {
- #ifndef NO_SHA
- case dhSinglePass_stdDH_sha1kdf_scheme:
- oid = dhSinglePass_stdDH_sha1kdf_Oid;
- *oidSz = sizeof(dhSinglePass_stdDH_sha1kdf_Oid);
- break;
- #endif
- #ifdef WOLFSSL_SHA224
- case dhSinglePass_stdDH_sha224kdf_scheme:
- oid = dhSinglePass_stdDH_sha224kdf_Oid;
- *oidSz = sizeof(dhSinglePass_stdDH_sha224kdf_Oid);
- break;
- #endif
- #ifndef NO_SHA256
- case dhSinglePass_stdDH_sha256kdf_scheme:
- oid = dhSinglePass_stdDH_sha256kdf_Oid;
- *oidSz = sizeof(dhSinglePass_stdDH_sha256kdf_Oid);
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case dhSinglePass_stdDH_sha384kdf_scheme:
- oid = dhSinglePass_stdDH_sha384kdf_Oid;
- *oidSz = sizeof(dhSinglePass_stdDH_sha384kdf_Oid);
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case dhSinglePass_stdDH_sha512kdf_scheme:
- oid = dhSinglePass_stdDH_sha512kdf_Oid;
- *oidSz = sizeof(dhSinglePass_stdDH_sha512kdf_Oid);
- break;
- #endif
- default:
- break;
- }
- break;
- #ifndef NO_HMAC
- case oidHmacType:
- switch (id) {
- #ifdef WOLFSSL_SHA224
- case HMAC_SHA224_OID:
- oid = hmacSha224Oid;
- *oidSz = sizeof(hmacSha224Oid);
- break;
- #endif
- #ifndef NO_SHA256
- case HMAC_SHA256_OID:
- oid = hmacSha256Oid;
- *oidSz = sizeof(hmacSha256Oid);
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case HMAC_SHA384_OID:
- oid = hmacSha384Oid;
- *oidSz = sizeof(hmacSha384Oid);
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case HMAC_SHA512_OID:
- oid = hmacSha512Oid;
- *oidSz = sizeof(hmacSha512Oid);
- break;
- #endif
- default:
- break;
- }
- break;
- #endif /* !NO_HMAC */
- #ifdef HAVE_LIBZ
- case oidCompressType:
- switch (id) {
- case ZLIBc:
- oid = zlibCompress;
- *oidSz = sizeof(zlibCompress);
- break;
- default:
- break;
- }
- break;
- #endif /* HAVE_LIBZ */
- #ifdef WOLFSSL_APACHE_HTTPD
- case oidCertNameType:
- switch (id) {
- case NID_id_on_dnsSRV:
- oid = dnsSRVOid;
- *oidSz = sizeof(dnsSRVOid);
- break;
- default:
- break;
- }
- break;
- case oidTlsExtType:
- switch (id) {
- case TLS_FEATURE_OID:
- oid = tlsFeatureOid;
- *oidSz = sizeof(tlsFeatureOid);
- break;
- default:
- break;
- }
- break;
- #endif /* WOLFSSL_APACHE_HTTPD */
- #ifdef WOLFSSL_CERT_REQ
- case oidCsrAttrType:
- switch (id) {
- case GIVEN_NAME_OID:
- oid = attrGivenName;
- *oidSz = sizeof(attrGivenName);
- break;
- case SURNAME_OID:
- oid = attrSurname;
- *oidSz = sizeof(attrSurname);
- break;
- case INITIALS_OID:
- oid = attrInitals;
- *oidSz = sizeof(attrInitals);
- break;
- case DNQUALIFIER_OID:
- oid = attrDnQualifier;
- *oidSz = sizeof(attrDnQualifier);
- break;
- case UNSTRUCTURED_NAME_OID:
- oid = attrUnstructuredNameOid;
- *oidSz = sizeof(attrUnstructuredNameOid);
- break;
- case PKCS9_CONTENT_TYPE_OID:
- oid = attrPkcs9ContentTypeOid;
- *oidSz = sizeof(attrPkcs9ContentTypeOid);
- break;
- case CHALLENGE_PASSWORD_OID:
- oid = attrChallengePasswordOid;
- *oidSz = sizeof(attrChallengePasswordOid);
- break;
- case SERIAL_NUMBER_OID:
- oid = attrSerialNumberOid;
- *oidSz = sizeof(attrSerialNumberOid);
- break;
- case USER_ID_OID:
- oid = uidOid;
- *oidSz = sizeof(uidOid);
- break;
- case EXTENSION_REQUEST_OID:
- oid = attrExtensionRequestOid;
- *oidSz = sizeof(attrExtensionRequestOid);
- break;
- default:
- break;
- }
- break;
- #endif
- #ifdef WOLFSSL_SUBJ_DIR_ATTR
- case oidSubjDirAttrType:
- switch (id) {
- case SDA_DOB_OID:
- oid = extSubjDirAttrDobOid;
- *oidSz = sizeof(extSubjDirAttrDobOid);
- break;
- case SDA_POB_OID:
- oid = extSubjDirAttrPobOid;
- *oidSz = sizeof(extSubjDirAttrPobOid);
- break;
- case SDA_GENDER_OID:
- oid = extSubjDirAttrGenderOid;
- *oidSz = sizeof(extSubjDirAttrGenderOid);
- break;
- case SDA_COC_OID:
- oid = extSubjDirAttrCocOid;
- *oidSz = sizeof(extSubjDirAttrCocOid);
- break;
- case SDA_COR_OID:
- oid = extSubjDirAttrCorOid;
- *oidSz = sizeof(extSubjDirAttrCorOid);
- break;
- default:
- break;
- }
- break;
- #endif /* WOLFSSL_SUBJ_DIR_ATTR */
- case oidIgnoreType:
- default:
- break;
- }
- return oid;
- }
- #ifdef HAVE_ECC
- /* Check the OID id is for a known elliptic curve.
- *
- * @param [in] oid OID id.
- * @return ECC set id on success.
- * @return ECC_CURVE_OID_E when OID id is 0 or not supported.
- */
- static int CheckCurve(word32 oid)
- {
- int ret;
- word32 oidSz;
- /* Lookup OID id. */
- ret = wc_ecc_get_oid(oid, NULL, &oidSz);
- /* Check for error or zero length OID size (can't get OID for encoding). */
- if ((ret < 0) || (oidSz == 0)) {
- WOLFSSL_MSG("CheckCurve not found");
- WOLFSSL_ERROR_VERBOSE(ECC_CURVE_OID_E);
- ret = ECC_CURVE_OID_E;
- }
- /* Return ECC set id or error code. */
- return ret;
- }
- #endif
- #ifdef HAVE_OID_ENCODING
- /* Encode dotted form of OID into byte array version.
- *
- * @param [in] in Dotted form of OID.
- * @param [in] inSz Count of numbers in dotted form.
- * @param [in] out Buffer to hold OID.
- * @param [in, out] outSz On in, size of buffer.
- * On out, number of bytes in buffer.
- * @return 0 on success
- * @return BAD_FUNC_ARG when in or outSz is NULL.
- * @return BUFFER_E when buffer too small.
- */
- int wc_EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
- {
- return EncodeObjectId(in, inSz, out, outSz);
- }
- int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
- {
- int i, x, len;
- word32 d, t;
- /* check args */
- if (in == NULL || outSz == NULL || inSz <= 0) {
- return BAD_FUNC_ARG;
- }
- /* compute length of encoded OID */
- d = (in[0] * 40) + in[1];
- len = 0;
- for (i = 1; i < (int)inSz; i++) {
- x = 0;
- t = d;
- while (t) {
- x++;
- t >>= 1;
- }
- len += (x / 7) + ((x % 7) ? 1 : 0) + (d == 0 ? 1 : 0);
- if (i < (int)inSz - 1) {
- d = in[i + 1];
- }
- }
- if (out) {
- /* verify length */
- if ((int)*outSz < len) {
- return BUFFER_E; /* buffer provided is not large enough */
- }
- /* calc first byte */
- d = (in[0] * 40) + in[1];
- /* encode bytes */
- x = 0;
- for (i = 1; i < (int)inSz; i++) {
- if (d) {
- int y = x, z;
- byte mask = 0;
- while (d) {
- out[x++] = (byte)((d & 0x7F) | mask);
- d >>= 7;
- mask |= 0x80; /* upper bit is set on all but the last byte */
- }
- /* now swap bytes y...x-1 */
- z = x - 1;
- while (y < z) {
- mask = out[y];
- out[y] = out[z];
- out[z] = mask;
- ++y;
- --z;
- }
- }
- else {
- out[x++] = 0x00; /* zero value */
- }
- /* next word */
- if (i < (int)inSz - 1) {
- d = in[i + 1];
- }
- }
- }
- /* return length */
- *outSz = len;
- return 0;
- }
- #endif /* HAVE_OID_ENCODING */
- #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \
- defined(OPENSSL_ALL)
- /* Encode dotted form of OID into byte array version.
- *
- * @param [in] in Byte array containing OID.
- * @param [in] inSz Size of OID in bytes.
- * @param [in] out Array to hold dotted form of OID.
- * @param [in, out] outSz On in, number of elements in array.
- * On out, count of numbers in dotted form.
- * @return 0 on success
- * @return BAD_FUNC_ARG when in or outSz is NULL.
- * @return BUFFER_E when dotted form buffer too small.
- */
- int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz)
- {
- int x = 0, y = 0;
- word32 t = 0;
- /* check args */
- if (in == NULL || outSz == NULL) {
- return BAD_FUNC_ARG;
- }
- /* decode bytes */
- while (inSz--) {
- t = (t << 7) | (in[x] & 0x7F);
- if (!(in[x] & 0x80)) {
- if (y >= (int)*outSz) {
- return BUFFER_E;
- }
- if (y == 0) {
- out[0] = (word16)(t / 40);
- out[1] = (word16)(t % 40);
- y = 2;
- }
- else {
- out[y++] = (word16)t;
- }
- t = 0; /* reset tmp */
- }
- x++;
- }
- /* return length */
- *outSz = (word32)y;
- return 0;
- }
- #endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT || OPENSSL_ALL */
- /* Decode the header of a BER/DER encoded OBJECT ID.
- *
- * @param [in] input Buffer holding DER/BER encoded data.
- * @param [in, out] inOutIdx On in, starting index of header.
- * On out, end of parsed header.
- * @param [out] len Number of bytes in the ASN.1 data.
- * @param [in] maxIdx Length of data in buffer.
- * @return 0 on success.
- * @return BUFFER_E when there is not enough data to parse.
- * @return ASN_PARSE_E when the tag is not a OBJECT ID or length is invalid.
- */
- int GetASNObjectId(const byte* input, word32* inOutIdx, int* len, word32 maxIdx)
- {
- int ret = GetASNHeader(input, ASN_OBJECT_ID, inOutIdx, len, maxIdx);
- if (ret > 0) {
- /* Only return 0 on success. */
- ret = 0;
- }
- return ret;
- }
- /* Set the DER/BER encoding of the ASN.1 OBJECT ID header.
- *
- * When output is NULL, calculate the header length only.
- *
- * @param [in] len Length of OBJECT ID data in bytes.
- * @param [out] output Buffer to write into.
- * @return Number of bytes added to the buffer.
- */
- int SetObjectId(int len, byte* output)
- {
- int idx = 0;
- if (output) {
- /* Write out tag. */
- output[idx] = ASN_OBJECT_ID;
- }
- /* Skip tag. */
- idx += ASN_TAG_SZ;
- /* Encode length - passing NULL for output will not encode. */
- idx += (int)SetLength((word32)len, output ? output + idx : NULL);
- /* Return index after header. */
- return idx;
- }
- #ifdef ASN_DUMP_OID
- /* Dump the OID information.
- *
- * Decode the OID too if function available.
- *
- * @param [in] oidData OID data from buffer.
- * @param [in] oidSz Size of OID data in buffer.
- * @param [in] oid OID id.
- * @param [in] oidType Type of OID.
- * @return 0 on success.
- * @return BUFFER_E when not enough bytes for proper decode.
- * (HAVE_OID_DECODING)
- */
- static int DumpOID(const byte* oidData, word32 oidSz, word32 oid,
- word32 oidType)
- {
- int ret = 0;
- word32 i;
- /* support for dumping OID information */
- printf("OID (Type %d, Sz %d, Sum %d): ", oidType, oidSz, oid);
- /* Dump bytes in decimal. */
- for (i = 0; i < oidSz; i++) {
- printf("%d, ", oidData[i]);
- }
- printf("\n");
- /* Dump bytes in hexadecimal. */
- for (i = 0; i < oidSz; i++) {
- printf("%02x, ", oidData[i]);
- }
- printf("\n");
- #ifdef HAVE_OID_DECODING
- {
- word16 decOid[MAX_OID_SZ];
- word32 decOidSz = sizeof(decOid);
- /* Decode the OID into dotted form. */
- ret = DecodeObjectId(oidData, oidSz, decOid, &decOidSz);
- if (ret == 0) {
- printf(" Decoded (Sz %d): ", decOidSz);
- for (i=0; i<decOidSz; i++) {
- printf("%d.", decOid[i]);
- }
- printf("\n");
- }
- else {
- printf("DecodeObjectId failed: %d\n", ret);
- }
- }
- #endif /* HAVE_OID_DECODING */
- return ret;
- }
- #endif /* ASN_DUMP_OID */
- /* Get the OID data and verify it is of the type specified when compiled in.
- *
- * @param [in] input Buffer holding OID.
- * @param [in, out] inOutIdx On in, starting index of OID.
- * On out, end of parsed OID.
- * @param [out] oid OID id.
- * @param [in] oidType Expected type of OID. Define NO_VERIFY_OID to
- * not compile in check.
- * @param [in] length Length of OID data in buffer.
- * @return 0 on success.
- * @return ASN_UNKNOWN_OID_E when OID is not recognized.
- * @return BUFFER_E when not enough bytes for proper decode. (ASN_DUMP_OID and
- * HAVE_OID_DECODING)
- */
- static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
- word32 oidType, int length)
- {
- int ret = 0;
- word32 idx = *inOutIdx;
- #ifndef NO_VERIFY_OID
- word32 actualOidSz;
- const byte* actualOid;
- const byte* checkOid = NULL;
- word32 checkOidSz;
- #endif /* NO_VERIFY_OID */
- #ifdef HAVE_PQC
- word32 found_collision = 0;
- #endif
- (void)oidType;
- *oid = 0;
- #ifndef NO_VERIFY_OID
- /* Keep references to OID data and length for check. */
- actualOid = &input[idx];
- actualOidSz = (word32)length;
- #endif /* NO_VERIFY_OID */
- #if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_SPHINCS)
- /* Since we are summing it up, there could be collisions...and indeed there
- * are: SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3.
- *
- * We will look for the special case of SPHINCS_FAST_LEVEL3 and set *oid to
- * 283 instead of 281; 282 is taken.
- *
- * These hacks will hopefully disappear when new standardized OIDs appear.
- */
- if (idx + (word32)sizeof(sigSphincsFast_Level3Oid) < (word32)length &&
- XMEMCMP(&input[idx], sigSphincsFast_Level3Oid,
- sizeof(sigSphincsFast_Level3Oid)) == 0) {
- found_collision = SPHINCS_FAST_LEVEL3k;
- }
- #endif /* HAVE_PQC */
- /* Sum it up for now. */
- while (length--) {
- /* odd HC08 compiler behavior here when input[idx++] */
- *oid += (word32)input[idx];
- idx++;
- }
- #ifdef HAVE_PQC
- if (found_collision) {
- *oid = found_collision;
- }
- #endif /* HAVE_PQC */
- /* Return the index after the OID data. */
- *inOutIdx = idx;
- #ifndef NO_VERIFY_OID
- /* 'Ignore' type means we don't care which OID it is. */
- if (oidType != oidIgnoreType) {
- /* Get the OID data for the id-type. */
- checkOid = OidFromId(*oid, oidType, &checkOidSz);
- #if defined(WOLFSSL_FPKI)
- /* Handle OID sum collision of
- AES256CBCb (454) 2.16.840.1.101.3.4.1.42
- CP_FPKI_PIV_AUTH_HW_OID (454) 2.16.840.1.101.3.2.1.3.41
- */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- if ((actualOidSz == (word32)sizeof(blkAes256CbcOid)) &&
- (XMEMCMP(actualOid, blkAes256CbcOid,
- sizeof(blkAes256CbcOid)) == 0)) {
- checkOid = blkAes256CbcOid;
- checkOidSz = sizeof(blkAes256CbcOid);
- }
- #endif /* HAVE_AES_CBC */
- #endif /* WOLFSSL_FPKI */
- #ifdef ASN_DUMP_OID
- /* Dump out the data for debug. */
- ret = DumpOID(actualOid, actualOidSz, *oid, oidType);
- #endif
- /* TODO: Want to fail when checkOid is NULL.
- * Can't as too many situations where unknown OID is to be
- * supported. Extra parameter for must not be NULL?
- */
- /* Check that the OID data matches what we found for the OID id. */
- if ((ret == 0) && (checkOid != NULL) && ((checkOidSz != actualOidSz) ||
- (XMEMCMP(actualOid, checkOid, checkOidSz) != 0))) {
- WOLFSSL_MSG("OID Check Failed");
- WOLFSSL_ERROR_VERBOSE(ASN_UNKNOWN_OID_E);
- ret = ASN_UNKNOWN_OID_E;
- }
- }
- #endif /* NO_VERIFY_OID */
- return ret;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for an OBJECT_ID. */
- static const ASNItem objectIdASN[] = {
- /* OID */ { 0, ASN_OBJECT_ID, 0, 0, 0 }
- };
- enum {
- OBJECTIDASN_IDX_OID = 0
- };
- /* Number of items in ASN.1 template for an OBJECT_ID. */
- #define objectIdASN_Length (sizeof(objectIdASN) / sizeof(ASNItem))
- #endif
- /* Get the OID id/sum from the BER encoded OBJECT_ID.
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of OBJECT_ID.
- * On out, start of ASN.1 item after OBJECT_ID.
- * @param [out] oid Id of OID in OBJECT_ID data.
- * @param [in] oidType Type of OID to expect.
- * @param [in] maxIdx Maximum index of data in buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when encoding is invalid.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
- word32 oidType, word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret, length;
- WOLFSSL_ENTER("GetObjectId");
- ret = GetASNObjectId(input, inOutIdx, &length, maxIdx);
- if (ret != 0)
- return ret;
- return GetOID(input, inOutIdx, oid, oidType, length);
- #else
- ASNGetData dataASN[objectIdASN_Length];
- int ret;
- WOLFSSL_ENTER("GetObjectId");
- /* Clear dynamic data and set OID type expected. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- GetASN_OID(&dataASN[OBJECTIDASN_IDX_OID], oidType);
- /* Decode OBJECT_ID. */
- ret = GetASN_Items(objectIdASN, dataASN, objectIdASN_Length, 0, input,
- inOutIdx, maxIdx);
- if (ret == 0) {
- /* Return the id/sum. */
- *oid = dataASN[OBJECTIDASN_IDX_OID].data.oid.sum;
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- static int SkipObjectId(const byte* input, word32* inOutIdx, word32 maxIdx)
- {
- word32 idx = *inOutIdx;
- int length;
- int ret;
- ret = GetASNObjectId(input, &idx, &length, maxIdx);
- if (ret != 0)
- return ret;
- idx += (word32)length;
- *inOutIdx = idx;
- return 0;
- }
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for an algorithm identifier. */
- static const ASNItem algoIdASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* NULL */ { 1, ASN_TAG_NULL, 0, 0, 1 },
- };
- enum {
- ALGOIDASN_IDX_SEQ = 0,
- ALGOIDASN_IDX_OID,
- ALGOIDASN_IDX_NULL
- };
- /* Number of items in ASN.1 template for an algorithm identifier. */
- #define algoIdASN_Length (sizeof(algoIdASN) / sizeof(ASNItem))
- #endif
- /* Get the OID id/sum from the BER encoding of an algorithm identifier.
- *
- * NULL tag is skipped if present.
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of algorithm identifier.
- * On out, start of ASN.1 item after algorithm id.
- * @param [out] oid Id of OID in algorithm identifier data.
- * @param [in] oidType Type of OID to expect.
- * @param [in] maxIdx Maximum index of data in buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when encoding is invalid.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
- word32 oidType, word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length;
- word32 idx = *inOutIdx;
- int ret;
- *oid = 0;
- WOLFSSL_ENTER("GetAlgoId");
- if (GetSequence(input, &idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
- if (GetObjectId(input, &idx, oid, oidType, maxIdx) < 0)
- return ASN_OBJECT_ID_E;
- /* could have NULL tag and 0 terminator, but may not */
- if (idx < maxIdx) {
- word32 localIdx = idx; /*use localIdx to not advance when checking tag*/
- byte tag;
- if (GetASNTag(input, &localIdx, &tag, maxIdx) == 0) {
- if (tag == ASN_TAG_NULL) {
- ret = GetASNNull(input, &idx, maxIdx);
- if (ret != 0)
- return ret;
- }
- }
- }
- *inOutIdx = idx;
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, algoIdASN_Length);
- int ret = 0;
- WOLFSSL_ENTER("GetAlgoId");
- CALLOC_ASNGETDATA(dataASN, algoIdASN_Length, ret, NULL);
- if (ret == 0) {
- /* Set OID type expected. */
- GetASN_OID(&dataASN[ALGOIDASN_IDX_OID], oidType);
- /* Decode the algorithm identifier. */
- ret = GetASN_Items(algoIdASN, dataASN, algoIdASN_Length, 0, input,
- inOutIdx, maxIdx);
- }
- if (ret == 0) {
- /* Return the OID id/sum. */
- *oid = dataASN[ALGOIDASN_IDX_OID].data.oid.sum;
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifndef NO_RSA
- #ifdef WC_RSA_PSS
- /* RFC 8017 - PKCS #1 has RSA PSS parameter ASN definition. */
- /* Convert a hash OID to a hash type.
- *
- * @param [in] oid Hash OID.
- * @param [out] type Hash type.
- * @return 0 on success.
- * @return ASN_PARSE_E when hash OID not supported for RSA PSS.
- */
- static int RsaPssHashOidToType(word32 oid, enum wc_HashType* type)
- {
- int ret = 0;
- switch (oid) {
- /* SHA-1 is missing as it is the default is not allowed to appear. */
- #ifdef WOLFSSL_SHA224
- case SHA224h:
- *type = WC_HASH_TYPE_SHA224;
- break;
- #endif
- #ifndef NO_SHA256
- case SHA256h:
- *type = WC_HASH_TYPE_SHA256;
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case SHA384h:
- *type = WC_HASH_TYPE_SHA384;
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case SHA512h:
- *type = WC_HASH_TYPE_SHA512;
- break;
- /* TODO: SHA512_224h */
- /* TODO: SHA512_256h */
- #endif
- default:
- ret = ASN_PARSE_E;
- break;
- }
- return ret;
- }
- /* Convert a hash OID to a MGF1 type.
- *
- * @param [in] oid Hash OID.
- * @param [out] mgf MGF type.
- * @return 0 on success.
- * @return ASN_PARSE_E when hash OID not supported for RSA PSS.
- */
- static int RsaPssHashOidToMgf1(word32 oid, int* mgf)
- {
- int ret = 0;
- switch (oid) {
- /* SHA-1 is missing as it is the default is not allowed to appear. */
- #ifdef WOLFSSL_SHA224
- case SHA224h:
- *mgf = WC_MGF1SHA224;
- break;
- #endif
- #ifndef NO_SHA256
- case SHA256h:
- *mgf = WC_MGF1SHA256;
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case SHA384h:
- *mgf = WC_MGF1SHA384;
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case SHA512h:
- *mgf = WC_MGF1SHA512;
- break;
- /* TODO: SHA512_224h */
- /* TODO: SHA512_256h */
- #endif
- default:
- ret = ASN_PARSE_E;
- break;
- }
- return ret;
- }
- #ifndef NO_CERTS
- /* Convert a hash OID to a fake signature OID.
- *
- * @param [in] oid Hash OID.
- * @param [out] sigOid Signature OID to pass wto HashForSignature().
- * @return 0 on success.
- * @return ASN_PARSE_E when hash OID not supported for RSA PSS.
- */
- static int RsaPssHashOidToSigOid(word32 oid, word32* sigOid)
- {
- int ret = 0;
- switch (oid) {
- #ifndef NO_SHA
- case WC_HASH_TYPE_SHA:
- *sigOid = CTC_SHAwRSA;
- break;
- #endif
- #ifdef WOLFSSL_SHA224
- case WC_HASH_TYPE_SHA224:
- *sigOid = CTC_SHA224wRSA;
- break;
- #endif
- #ifndef NO_SHA256
- case WC_HASH_TYPE_SHA256:
- *sigOid = CTC_SHA256wRSA;
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case WC_HASH_TYPE_SHA384:
- *sigOid = CTC_SHA384wRSA;
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case WC_HASH_TYPE_SHA512:
- *sigOid = CTC_SHA512wRSA;
- break;
- #endif
- /* TODO: SHA512_224h */
- /* TODO: SHA512_256h */
- /* Not supported by HashForSignature() */
- default:
- ret = ASN_PARSE_E;
- break;
- }
- return ret;
- }
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN tag for hashAlgorigthm. */
- #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | 0)
- /* ASN tag for maskGenAlgorithm. */
- #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | 1)
- /* ASN tag for saltLength. */
- #define ASN_TAG_RSA_PSS_SALTLEN (ASN_CONTEXT_SPECIFIC | 2)
- /* ASN tag for trailerField. */
- #define ASN_TAG_RSA_PSS_TRAILER (ASN_CONTEXT_SPECIFIC | 3)
- /* ASN.1 template for RSA PSS parameters. */
- static const ASNItem rsaPssParamsASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* HASH */ { 1, ASN_TAG_RSA_PSS_HASH, 1, 1, 1 },
- /* HASHSEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* HASHOID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* HASHNULL */ { 3, ASN_TAG_NULL, 0, 0, 1 },
- /* MGF */ { 1, ASN_TAG_RSA_PSS_MGF, 1, 1, 1 },
- /* MGFSEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* MGFOID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* MGFPARAM */ { 3, ASN_SEQUENCE, 1, 1, 0 },
- /* MGFHOID */ { 4, ASN_OBJECT_ID, 0, 0, 0 },
- /* MGFHNULL */ { 4, ASN_TAG_NULL, 0, 0, 1 },
- /* SALTLEN */ { 1, ASN_TAG_RSA_PSS_SALTLEN, 1, 1, 1 },
- /* SALTLENINT */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* TRAILER */ { 1, ASN_TAG_RSA_PSS_TRAILER, 1, 1, 1 },
- /* TRAILERINT */ { 2, ASN_INTEGER, 0, 0, 0 },
- };
- enum {
- RSAPSSPARAMSASN_IDX_SEQ = 0,
- RSAPSSPARAMSASN_IDX_HASH,
- RSAPSSPARAMSASN_IDX_HASHSEQ,
- RSAPSSPARAMSASN_IDX_HASHOID,
- RSAPSSPARAMSASN_IDX_HASHNULL,
- RSAPSSPARAMSASN_IDX_MGF,
- RSAPSSPARAMSASN_IDX_MGFSEQ,
- RSAPSSPARAMSASN_IDX_MGFOID,
- RSAPSSPARAMSASN_IDX_MGFPARAM,
- RSAPSSPARAMSASN_IDX_MGFHOID,
- RSAPSSPARAMSASN_IDX_MGFHNULL,
- RSAPSSPARAMSASN_IDX_SALTLEN,
- RSAPSSPARAMSASN_IDX_SALTLENINT,
- RSAPSSPARAMSASN_IDX_TRAILER,
- RSAPSSPARAMSASN_IDX_TRAILERINT,
- };
- /* Number of items in ASN.1 template for an algorithm identifier. */
- #define rsaPssParamsASN_Length (sizeof(rsaPssParamsASN) / sizeof(ASNItem))
- #else
- /* ASN tag for hashAlgorigthm. */
- #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)
- /* ASN tag for maskGenAlgorithm. */
- #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)
- /* ASN tag for saltLength. */
- #define ASN_TAG_RSA_PSS_SALTLEN (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)
- /* ASN tag for trailerField. */
- #define ASN_TAG_RSA_PSS_TRAILER (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)
- #endif
- /* Decode the RSA PSS parameters.
- *
- * @param [in] params Buffer holding BER encoded RSA PSS parameters.
- * @param [in] sz Size of data in buffer in bytes.
- * @param [out] hash Hash algorithm to use on message.
- * @param [out] mgf MGF algorithm to use with PSS padding.
- * @param [out] saltLen Length of salt in PSS padding.
- * @return BAD_FUNC_ARG when the params is NULL.
- * @return ASN_PARSE_E when the decoding fails.
- * @return 0 on success.
- */
- static int DecodeRsaPssParams(const byte* params, word32 sz,
- enum wc_HashType* hash, int* mgf, int* saltLen)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret = 0;
- word32 idx = 0;
- int len = 0;
- word32 oid = 0;
- byte tag;
- int length;
- if (params == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if ((ret == 0) && (GetSequence_ex(params, &idx, &len, sz, 1) < 0)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_HASH)) {
- /* Hash algorithm to use on message. */
- if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- if (GetAlgoId(params, &idx, &oid, oidHashType, sz) < 0) {
- ret = ASN_PARSE_E;
- }
- }
- if (ret == 0) {
- ret = RsaPssHashOidToType(oid, hash);
- }
- }
- else {
- /* Default hash algorithm. */
- *hash = WC_HASH_TYPE_SHA;
- }
- }
- if (ret == 0) {
- if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_MGF)) {
- /* MGF and hash algorithm to use with padding. */
- if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- if (GetAlgoId(params, &idx, &oid, oidIgnoreType, sz) < 0) {
- ret = ASN_PARSE_E;
- }
- }
- if ((ret == 0) && (oid != MGF1_OID)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- ret = GetAlgoId(params, &idx, &oid, oidHashType, sz);
- if (ret == 0) {
- ret = RsaPssHashOidToMgf1(oid, mgf);
- }
- }
- }
- else {
- /* Default MGF/Hash algorithm. */
- *mgf = WC_MGF1SHA1;
- }
- }
- if (ret == 0) {
- if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_SALTLEN)) {
- /* Salt length to use with padding. */
- if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- ret = GetInteger16Bit(params, &idx, sz);
- if (ret >= 0) {
- *saltLen = ret;
- ret = 0;
- }
- }
- }
- else {
- /* Default salt length. */
- *saltLen = 20;
- }
- }
- if (ret == 0) {
- if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_TRAILER)) {
- /* Unused - trialerField. */
- if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- ret = GetInteger16Bit(params, &idx, sz);
- if (ret > 0) {
- ret = 0;
- }
- }
- }
- }
- if ((ret == 0) && (idx != sz)) {
- ret = ASN_PARSE_E;
- }
- return ret;
- #else
- DECL_ASNGETDATA(dataASN, rsaPssParamsASN_Length);
- int ret = 0;
- word16 sLen = 20;
- if (params == NULL) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNGETDATA(dataASN, rsaPssParamsASN_Length, ret, NULL);
- if (ret == 0) {
- word32 inOutIdx = 0;
- /* Default values. */
- *hash = WC_HASH_TYPE_SHA;
- *mgf = WC_MGF1SHA1;
- /* Set OID type expected. */
- GetASN_OID(&dataASN[RSAPSSPARAMSASN_IDX_HASHOID], oidHashType);
- GetASN_OID(&dataASN[RSAPSSPARAMSASN_IDX_MGFHOID], oidHashType);
- /* Place the salt length into 16-bit var sLen. */
- GetASN_Int16Bit(&dataASN[RSAPSSPARAMSASN_IDX_SALTLENINT], &sLen);
- /* Decode the algorithm identifier. */
- ret = GetASN_Items(rsaPssParamsASN, dataASN, rsaPssParamsASN_Length, 1,
- params, &inOutIdx, sz);
- }
- if ((ret == 0) && (dataASN[RSAPSSPARAMSASN_IDX_HASHOID].tag != 0)) {
- word32 oid = dataASN[RSAPSSPARAMSASN_IDX_HASHOID].data.oid.sum;
- ret = RsaPssHashOidToType(oid, hash);
- }
- if ((ret == 0) && (dataASN[RSAPSSPARAMSASN_IDX_MGFHOID].tag != 0)) {
- word32 oid = dataASN[RSAPSSPARAMSASN_IDX_MGFHOID].data.oid.sum;
- ret = RsaPssHashOidToMgf1(oid, mgf);
- }
- if (ret == 0) {
- *saltLen = sLen;
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* WC_RSA_PSS */
- #if defined(WOLFSSL_ASN_TEMPLATE) || (!defined(NO_CERTS) && \
- (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)))
- /* Byte offset of numbers in RSA key. */
- size_t rsaIntOffset[] = {
- OFFSETOF(RsaKey, n),
- OFFSETOF(RsaKey, e),
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- OFFSETOF(RsaKey, d),
- OFFSETOF(RsaKey, p),
- OFFSETOF(RsaKey, q),
- #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
- OFFSETOF(RsaKey, dP),
- OFFSETOF(RsaKey, dQ),
- OFFSETOF(RsaKey, u)
- #endif
- #endif
- };
- /* Get a number from the RSA key based on an index.
- *
- * Order: { n, e, d, p, q, dP, dQ, u }
- *
- * Caller must ensure index is not invalid!
- *
- * @param [in] key RSA key object.
- * @param [in] idx Index of number.
- * @return A pointer to an mp_int when valid index.
- * @return NULL when invalid index.
- */
- static mp_int* GetRsaInt(RsaKey* key, int idx)
- {
- /* Cast key to byte array to and use offset to get to mp_int field. */
- return (mp_int*)(((byte*)key) + rsaIntOffset[idx]);
- }
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for an RSA private key.
- * PKCS #1: RFC 8017, A.1.2 - RSAPrivateKey
- */
- static const ASNItem rsaKeyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* VER */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* Integers need to be in this specific order
- * as asn code depends on this. */
- /* N */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* E */ { 1, ASN_INTEGER, 0, 0, 0 },
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_KEY_GEN)
- /* D */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* P */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* Q */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* DP */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* DQ */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* U */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* otherPrimeInfos OtherPrimeInfos OPTIONAL
- * v2 - multiprime */
- #endif
- };
- enum {
- RSAKEYASN_IDX_SEQ = 0,
- RSAKEYASN_IDX_VER,
- /* Integers need to be in this specific order
- * as asn code depends on this. */
- RSAKEYASN_IDX_N,
- RSAKEYASN_IDX_E,
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_KEY_GEN)
- RSAKEYASN_IDX_D,
- RSAKEYASN_IDX_P,
- RSAKEYASN_IDX_Q,
- RSAKEYASN_IDX_DP,
- RSAKEYASN_IDX_DQ,
- RSAKEYASN_IDX_U,
- #endif
- WOLF_ENUM_DUMMY_LAST_ELEMENT(RSAKEYASN_IDX)
- };
- /* Number of items in ASN.1 template for an RSA private key. */
- #define rsaKeyASN_Length (sizeof(rsaKeyASN) / sizeof(ASNItem))
- #endif
- /* Decode RSA private key.
- *
- * PKCS #1: RFC 8017, A.1.2 - RSAPrivateKey
- *
- * Compiling with WOLFSSL_RSA_PUBLIC_ONLY will result in only the public fields
- * being extracted.
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of RSA private key.
- * On out, start of ASN.1 item after RSA private key.
- * @param [in, out] key RSA key object. May be NULL.
- * @param [out] keySz Size of key in bytes. May be NULL.
- * @param [in] inSz Number of bytes in buffer.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when input or inOutIdx is NULL.
- * @return BAD_FUNC_ARG when key and keySz are NULL.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- */
- static int _RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
- RsaKey* key, int* keySz, word32 inSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int version, length;
- word32 algId = 0;
- if (inOutIdx == NULL || input == NULL || (key == NULL && keySz == NULL)) {
- return BAD_FUNC_ARG;
- }
- /* if has pkcs8 header skip it */
- if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) {
- /* ignore error, did not have pkcs8 header */
- }
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
- return ASN_PARSE_E;
- if (key == NULL) {
- int i;
- /* Modulus */
- if (GetASNInt(input, inOutIdx, keySz, inSz) < 0) {
- return ASN_PARSE_E;
- }
- *inOutIdx += (word32)*keySz;
- for (i = 1; i < RSA_INTS; i++) {
- if (SkipInt(input, inOutIdx, inSz) < 0) {
- return ASN_RSA_KEY_E;
- }
- }
- }
- else {
- key->type = RSA_PRIVATE;
- #ifdef WOLFSSL_CHECK_MEM_ZERO
- mp_memzero_add("Decode RSA key d", &key->d);
- mp_memzero_add("Decode RSA key p", &key->p);
- mp_memzero_add("Decode RSA key q", &key->q);
- #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- !defined(RSA_LOW_MEM)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- mp_memzero_add("Decode RSA key dP", &key->dP);
- mp_memzero_add("Decode RSA key dQ", &key->dQ);
- mp_memzero_add("Decode RSA key u", &key->u);
- #endif
- #endif
- if (GetInt(&key->n, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->e, input, inOutIdx, inSz) < 0 ||
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- GetInt(&key->d, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->q, input, inOutIdx, inSz) < 0
- #else
- SkipInt(input, inOutIdx, inSz) < 0 ||
- SkipInt(input, inOutIdx, inSz) < 0 ||
- SkipInt(input, inOutIdx, inSz) < 0
- #endif
- ) {
- return ASN_RSA_KEY_E;
- }
- #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) \
- && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- if (GetInt(&key->dP, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->dQ, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
- #else
- if (SkipInt(input, inOutIdx, inSz) < 0 ||
- SkipInt(input, inOutIdx, inSz) < 0 ||
- SkipInt(input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
- #endif
- #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL)
- if (wc_InitRsaHw(key) != 0) {
- return BAD_STATE_E;
- }
- #endif
- }
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, rsaKeyASN_Length);
- int ret = 0;
- byte version = (byte)-1;
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
- word32 algId = 0;
- #endif
- void* heap = NULL;
- /* Check validity of parameters. */
- if ((inOutIdx == NULL) || (input == NULL) || ((key == NULL) &&
- (keySz == NULL))) {
- ret = BAD_FUNC_ARG;
- }
- if ((ret == 0) && (key != NULL)) {
- heap = key->heap;
- }
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
- if (ret == 0) {
- /* if has pkcs8 header skip it */
- if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) {
- /* ignore error, did not have pkcs8 header */
- }
- }
- #endif
- (void)heap;
- CALLOC_ASNGETDATA(dataASN, rsaKeyASN_Length, ret, heap);
- if (ret == 0) {
- /* Register variable to hold version field. */
- GetASN_Int8Bit(&dataASN[RSAKEYASN_IDX_VER], &version);
- /* Setup data to store INTEGER data in mp_int's in RSA object. */
- #if defined(WOLFSSL_RSA_PUBLIC_ONLY)
- #define RSA_ASN_INTS RSA_PUB_INTS
- /* Not extracting all data from BER encoding. */
- #define RSA_ASN_COMPLETE 0
- #else
- #define RSA_ASN_INTS RSA_INTS
- /* Extracting all data from BER encoding. */
- #define RSA_ASN_COMPLETE 1
- #endif
- if (key != NULL) {
- int i;
- /* Extract all public fields. */
- for (i = 0; i < RSA_ASN_INTS; i++) {
- GetASN_MP(&dataASN[(byte)RSAKEYASN_IDX_N + i],
- GetRsaInt(key, i));
- }
- }
- /* Parse BER encoding for RSA private key. */
- ret = GetASN_Items(rsaKeyASN, dataASN, rsaKeyASN_Length,
- RSA_ASN_COMPLETE, input, inOutIdx, inSz);
- }
- /* Check version: 0 - two prime, 1 - multi-prime
- * Multi-prime has optional sequence after coefficient for extra primes.
- * If extra primes, parsing will fail as not all the buffer was used.
- */
- if ((ret == 0) && (version > PKCS1v1)) {
- ret = ASN_PARSE_E;
- }
- if ((ret == 0) && (key != NULL)) {
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- /* RSA key object has all private key values. */
- key->type = RSA_PRIVATE;
- #else
- /* RSA key object has all public key values. */
- key->type = RSA_PUBLIC;
- #endif
- #ifdef WOLFSSL_XILINX_CRYPT
- if (wc_InitRsaHw(key) != 0)
- ret = BAD_STATE_E;
- #endif
- }
- else if (ret == 0) {
- /* Not filling in key but do want key size. */
- *keySz = (int)dataASN[(byte)RSAKEYASN_IDX_N].length;
- /* Check whether first byte of data is 0x00 and drop it. */
- if (input[(int)dataASN[RSAKEYASN_IDX_E].offset - *keySz] == 0) {
- (*keySz)--;
- }
- }
- FREE_ASNGETDATA(dataASN, heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Decode RSA private key.
- *
- * PKCS #1: RFC 8017, A.1.2 - RSAPrivateKey
- *
- * Compiling with WOLFSSL_RSA_PUBLIC_ONLY will result in only the public fields
- * being extracted.
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of RSA private key.
- * On out, start of ASN.1 item after RSA private key.
- * @param [in, out] key RSA key object.
- * @param [in] inSz Number of bytes in buffer.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- */
- int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
- word32 inSz)
- {
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- return _RsaPrivateKeyDecode(input, inOutIdx, key, NULL, inSz);
- }
- /* Valdidate RSA private key ASN.1 encoding.
- *
- * PKCS #1: RFC 8017, A.1.2 - RSAPrivateKey
- *
- * Compiling with WOLFSSL_RSA_PUBLIC_ONLY will result in only the public fields
- * being extracted.
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of RSA private key.
- * On out, start of ASN.1 item after RSA private key.
- * @param [in] inSz Number of bytes in buffer.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when input, inOutIdx or keySz is NULL.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- */
- int wc_RsaPrivateKeyValidate(const byte* input, word32* inOutIdx, int* keySz,
- word32 inSz)
- {
- return _RsaPrivateKeyDecode(input, inOutIdx, NULL, keySz, inSz);
- }
- #endif /* NO_RSA */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for a PKCS #8 key.
- * Ignoring optional attributes and public key.
- * PKCS #8: RFC 5958, 2 - PrivateKeyInfo
- */
- static const ASNItem pkcs8KeyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* VER */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* PKEY_ALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* PKEY_ALGO_OID_KEY */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* PKEY_ALGO_OID_CURVE */ { 2, ASN_OBJECT_ID, 0, 0, 1 },
- /* PKEY_ALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 },
- #ifdef WC_RSA_PSS
- /* PKEY_ALGO_PARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 },
- #endif
- /* PKEY_DATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- /* attributes [0] Attributes OPTIONAL */
- /* [[2: publicKey [1] PublicKey OPTIONAL ]] */
- };
- enum {
- PKCS8KEYASN_IDX_SEQ = 0,
- PKCS8KEYASN_IDX_VER,
- PKCS8KEYASN_IDX_PKEY_ALGO_SEQ,
- PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY,
- PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE,
- PKCS8KEYASN_IDX_PKEY_ALGO_NULL,
- #ifdef WC_RSA_PSS
- PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ,
- #endif
- PKCS8KEYASN_IDX_PKEY_DATA,
- WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX)
- };
- /* Number of items in ASN.1 template for a PKCS #8 key. */
- #define pkcs8KeyASN_Length (sizeof(pkcs8KeyASN) / sizeof(ASNItem))
- #endif
- /* Remove PKCS #8 header around an RSA, ECDSA, Ed25519, or Ed448.
- *
- * @param [in] input Buffer holding BER data.
- * @param [in, out] inOutIdx On in, start of PKCS #8 encoding.
- * On out, start of encoded key.
- * @param [in] sz Size of data in buffer.
- * @param [out] algId Key's algorithm id from PKCS #8 header.
- * @return Length of key data on success.
- * @return BAD_FUNC_ARG when input or inOutIdx is NULL.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- */
- int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
- word32* algId)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx;
- int version, length;
- int ret;
- byte tag;
- if (input == NULL || inOutIdx == NULL)
- return BAD_FUNC_ARG;
- idx = *inOutIdx;
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- if (GetMyVersion(input, &idx, &version, sz) < 0)
- return ASN_PARSE_E;
- if (GetAlgoId(input, &idx, algId, oidKeyType, sz) < 0)
- return ASN_PARSE_E;
- if (GetASNTag(input, &idx, &tag, sz) < 0)
- return ASN_PARSE_E;
- idx = idx - 1; /* reset idx after finding tag */
- #if defined(WC_RSA_PSS) && !defined(NO_RSA)
- if (*algId == RSAPSSk && tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
- word32 seqIdx = idx;
- int seqLen;
- /* Not set when -1. */
- enum wc_HashType hash = WC_HASH_TYPE_NONE;
- int mgf = -1;
- int saltLen = 0;
- if (GetSequence(input, &idx, &seqLen, sz) < 0) {
- return ASN_PARSE_E;
- }
- /* Get the private key parameters. */
- ret = DecodeRsaPssParams(input + seqIdx,
- seqLen + idx - seqIdx, &hash, &mgf, &saltLen);
- if (ret != 0) {
- return ASN_PARSE_E;
- }
- /* TODO: store parameters so that usage can be checked. */
- idx += seqLen;
- }
- #endif /* WC_RSA_PSS && !NO_RSA */
- if (tag == ASN_OBJECT_ID) {
- if (SkipObjectId(input, &idx, sz) < 0)
- return ASN_PARSE_E;
- }
- ret = GetOctetString(input, &idx, &length, sz);
- if (ret < 0) {
- if (ret == BUFFER_E)
- return ASN_PARSE_E;
- /* Some private keys don't expect an octet string */
- WOLFSSL_MSG("Couldn't find Octet string");
- }
- *inOutIdx = idx;
- return length;
- #else
- DECL_ASNGETDATA(dataASN, pkcs8KeyASN_Length);
- int ret = 0;
- word32 oid = 9;
- byte version = 0;
- word32 idx;
- /* Check validity of parameters. */
- if (input == NULL || inOutIdx == NULL) {
- return BAD_FUNC_ARG;
- }
- idx = *inOutIdx;
- CALLOC_ASNGETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL);
- if (ret == 0) {
- /* Get version, check key type and curve type. */
- GetASN_Int8Bit(&dataASN[PKCS8KEYASN_IDX_VER], &version);
- GetASN_OID(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY], oidKeyType);
- GetASN_OID(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE], oidCurveType);
- /* Parse data. */
- ret = GetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, 1, input,
- &idx, sz);
- }
- if (ret == 0) {
- /* Key type OID. */
- oid = dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY].data.oid.sum;
- /* Version 1 includes an optional public key.
- * If public key is included then the parsing will fail as it did not
- * use all the data.
- */
- if (version > PKCS8v1) {
- ret = ASN_PARSE_E;
- }
- }
- if (ret == 0) {
- switch (oid) {
- #ifndef NO_RSA
- case RSAk:
- /* Must have NULL item but not OBJECT_ID item. */
- if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag == 0) ||
- (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
- ret = ASN_PARSE_E;
- }
- break;
- #ifdef WC_RSA_PSS
- case RSAPSSk:
- /* Must not have NULL item. */
- if (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) {
- ret = ASN_PARSE_E;
- }
- if (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ].tag != 0) {
- enum wc_HashType hash;
- int mgf;
- int saltLen;
- const byte* params = GetASNItem_Addr(
- dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ], input);
- word32 paramsSz = GetASNItem_Length(
- dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ], input);
- /* Validate the private key parameters. */
- ret = DecodeRsaPssParams(params, paramsSz, &hash, &mgf,
- &saltLen);
- if (ret != 0) {
- return ASN_PARSE_E;
- }
- /* TODO: store parameters so that usage can be checked. */
- }
- break;
- #endif
- #endif
- #ifdef HAVE_ECC
- case ECDSAk:
- /* Must not have NULL item. */
- if (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) {
- ret = ASN_PARSE_E;
- }
- break;
- #endif
- #ifdef HAVE_ED25519
- case ED25519k:
- /* Neither NULL item nor OBJECT_ID item allowed. */
- if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
- (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
- ret = ASN_PARSE_E;
- }
- break;
- #endif
- #ifdef HAVE_CURVE25519
- case X25519k:
- /* Neither NULL item nor OBJECT_ID item allowed. */
- if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
- (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
- ret = ASN_PARSE_E;
- }
- break;
- #endif
- #ifdef HAVE_ED448
- case ED448k:
- /* Neither NULL item nor OBJECT_ID item allowed. */
- if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
- (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
- ret = ASN_PARSE_E;
- }
- break;
- #endif
- #ifdef HAVE_CURVE448
- case X448k:
- /* Neither NULL item nor OBJECT_ID item allowed. */
- if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
- (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
- ret = ASN_PARSE_E;
- }
- break;
- #endif
- /* DSAk not supported. */
- /* Falcon, Dilithium and Sphincs not supported. */
- /* Ignore OID lookup failures. */
- default:
- break;
- }
- }
- if (ret == 0) {
- /* Return algorithm id of internal key. */
- *algId = oid;
- /* Return index to start of internal key. */
- *inOutIdx = GetASNItem_DataIdx(dataASN[PKCS8KEYASN_IDX_PKEY_DATA], input);
- /* Return value is length of internal key. */
- ret = (int)dataASN[PKCS8KEYASN_IDX_PKEY_DATA].data.ref.length;
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif
- }
- /* TODO: test case */
- int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz)
- {
- word32 oid;
- return ToTraditionalInline_ex(input, inOutIdx, sz, &oid);
- }
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
- /* Remove PKCS8 header, move beginning of traditional to beginning of input */
- int ToTraditional_ex(byte* input, word32 sz, word32* algId)
- {
- word32 inOutIdx = 0;
- int length;
- if (input == NULL)
- return BAD_FUNC_ARG;
- length = ToTraditionalInline_ex(input, &inOutIdx, sz, algId);
- if (length < 0)
- return length;
- if ((word32)length + inOutIdx > sz)
- return BUFFER_E;
- XMEMMOVE(input, input + inOutIdx, (size_t)length);
- return length;
- }
- int ToTraditional(byte* input, word32 sz)
- {
- word32 oid;
- return ToTraditional_ex(input, sz, &oid);
- }
- #endif /* HAVE_PKCS8 || HAVE_PKCS12 */
- #if defined(HAVE_PKCS8)
- int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz)
- {
- int length;
- word32 algId;
- if (input == NULL || inOutIdx == NULL || (*inOutIdx > sz))
- return BAD_FUNC_ARG;
- length = ToTraditionalInline_ex(input, inOutIdx, sz, &algId);
- return length;
- }
- int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
- int algoID, const byte* curveOID, word32 oidSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 keyIdx = 0;
- word32 tmpSz = 0;
- word32 sz;
- word32 tmpAlgId = 0;
- /* If out is NULL then return the max size needed
- * + 2 for ASN_OBJECT_ID and ASN_OCTET_STRING tags */
- if (out == NULL && outSz != NULL) {
- *outSz = keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ
- + MAX_LENGTH_SZ + MAX_LENGTH_SZ + 2;
- if (curveOID != NULL)
- *outSz += oidSz + MAX_LENGTH_SZ + 1;
- WOLFSSL_MSG("Checking size of PKCS8");
- return LENGTH_ONLY_E;
- }
- WOLFSSL_ENTER("wc_CreatePKCS8Key");
- if (key == NULL || out == NULL || outSz == NULL) {
- return BAD_FUNC_ARG;
- }
- /* check the buffer has enough room for largest possible size */
- if (curveOID != NULL) {
- if (*outSz < (keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ
- + MAX_LENGTH_SZ + MAX_LENGTH_SZ + 3 + oidSz + MAX_LENGTH_SZ))
- return BUFFER_E;
- }
- else {
- oidSz = 0; /* with no curveOID oid size must be 0 */
- if (*outSz < (keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ
- + MAX_LENGTH_SZ + MAX_LENGTH_SZ + 2))
- return BUFFER_E;
- }
- /* sanity check: make sure the key doesn't already have a PKCS 8 header */
- if (ToTraditionalInline_ex(key, &keyIdx, keySz, &tmpAlgId) >= 0) {
- (void)tmpAlgId;
- return ASN_PARSE_E;
- }
- /* PrivateKeyInfo ::= SEQUENCE */
- keyIdx = MAX_SEQ_SZ; /* save room for sequence */
- /* version Version
- * no header information just INTEGER */
- sz = (word32)SetMyVersion(PKCS8v0, out + keyIdx, 0);
- tmpSz += sz; keyIdx += sz;
- /* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier */
- sz = 0; /* set sz to 0 and get privateKey oid buffer size needed */
- if (curveOID != NULL && oidSz > 0) {
- byte buf[MAX_LENGTH_SZ];
- sz = SetLength(oidSz, buf);
- sz += 1; /* plus one for ASN object id */
- }
- sz = (word32)SetAlgoID(algoID, out + keyIdx, oidKeyType, (int)(oidSz + sz));
- tmpSz += sz; keyIdx += sz;
- /* privateKey PrivateKey *
- * pkcs8 ecc uses slightly different format. Places curve oid in
- * buffer */
- if (curveOID != NULL && oidSz > 0) {
- sz = (word32)SetObjectId((int)oidSz, out + keyIdx);
- keyIdx += sz; tmpSz += sz;
- XMEMCPY(out + keyIdx, curveOID, oidSz);
- keyIdx += oidSz; tmpSz += oidSz;
- }
- sz = (word32)SetOctetString(keySz, out + keyIdx);
- keyIdx += sz; tmpSz += sz;
- XMEMCPY(out + keyIdx, key, keySz);
- tmpSz += keySz;
- /* attributes optional
- * No attributes currently added */
- /* rewind and add sequence */
- sz = SetSequence(tmpSz, out);
- XMEMMOVE(out + sz, out + MAX_SEQ_SZ, tmpSz);
- *outSz = tmpSz + sz;
- return (int)(tmpSz + sz);
- #else
- DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length);
- int sz;
- int ret = 0;
- word32 keyIdx = 0;
- word32 tmpAlgId = 0;
- WOLFSSL_ENTER("wc_CreatePKCS8Key");
- /* Check validity of parameters. */
- if (out == NULL && outSz != NULL) {
- }
- else if (key == NULL || out == NULL || outSz == NULL) {
- ret = BAD_FUNC_ARG;
- }
- /* Sanity check: make sure key doesn't have PKCS #8 header. */
- if (ToTraditionalInline_ex(key, &keyIdx, keySz, &tmpAlgId) >= 0) {
- (void)tmpAlgId;
- ret = ASN_PARSE_E;
- }
- CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL);
- if (ret == 0) {
- /* Only support default PKCS #8 format - v0. */
- SetASN_Int8Bit(&dataASN[PKCS8KEYASN_IDX_VER], PKCS8v0);
- /* Set key OID that corresponds to key data. */
- SetASN_OID(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_KEY], (word32)algoID,
- oidKeyType);
- if (curveOID != NULL && oidSz > 0) {
- /* ECC key and curveOID set to write. */
- SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE],
- curveOID, oidSz);
- }
- else {
- /* EC curve OID to encode. */
- dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].noOut = 1;
- }
- /* Only RSA keys have NULL tagged item after OID. */
- dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].noOut = (algoID != RSAk);
- #ifdef WC_RSA_PSS
- dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ].noOut = 1;
- #endif
- /* Set key data to encode. */
- SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz);
- /* Get the size of the DER encoding. */
- ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, &sz);
- }
- if (ret == 0) {
- /* Always return the calculated size. */
- *outSz = (word32)sz;
- }
- /* Check for buffer to encoded into. */
- if ((ret == 0) && (out == NULL)) {
- WOLFSSL_MSG("Checking size of PKCS8");
- ret = LENGTH_ONLY_E;
- }
- if (ret == 0) {
- /* Encode PKCS #8 key into buffer. */
- SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, out);
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* HAVE_PKCS8 */
- #if defined(HAVE_PKCS12) || !defined(NO_CHECK_PRIVATE_KEY)
- /* check that the private key is a pair for the public key
- * return 1 (true) on match
- * return 0 or negative value on failure/error
- *
- * privKey : buffer holding DER format private key
- * privKeySz : size of private key buffer
- * pubKey : buffer holding DER format public key
- * pubKeySz : size of public key buffer
- * ks : type of key */
- int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
- const byte* pubKey, word32 pubKeySz, enum Key_Sum ks)
- {
- int ret;
- (void)privKeySz;
- (void)pubKeySz;
- (void)ks;
- if (privKey == NULL || pubKey == NULL) {
- return BAD_FUNC_ARG;
- }
- #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT)
- /* test if RSA key */
- if (ks == RSAk
- #ifdef WC_RSA_PSS
- || ks == RSAPSSk
- #endif
- ) {
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey* a;
- RsaKey* b = NULL;
- #else
- RsaKey a[1], b[1];
- #endif
- word32 keyIdx = 0;
- #ifdef WOLFSSL_SMALL_STACK
- a = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
- if (a == NULL)
- return MEMORY_E;
- b = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
- if (b == NULL) {
- XFREE(a, NULL, DYNAMIC_TYPE_RSA);
- return MEMORY_E;
- }
- #endif
- if ((ret = wc_InitRsaKey(a, NULL)) < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(b, NULL, DYNAMIC_TYPE_RSA);
- XFREE(a, NULL, DYNAMIC_TYPE_RSA);
- #endif
- return ret;
- }
- if ((ret = wc_InitRsaKey(b, NULL)) < 0) {
- wc_FreeRsaKey(a);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(b, NULL, DYNAMIC_TYPE_RSA);
- XFREE(a, NULL, DYNAMIC_TYPE_RSA);
- #endif
- return ret;
- }
- if ((ret = wc_RsaPrivateKeyDecode(privKey, &keyIdx, a, privKeySz)) == 0) {
- WOLFSSL_MSG("Checking RSA key pair");
- keyIdx = 0; /* reset to 0 for parsing public key */
- if ((ret = wc_RsaPublicKeyDecode(pubKey, &keyIdx, b,
- pubKeySz)) == 0) {
- /* both keys extracted successfully now check n and e
- * values are the same. This is dereferencing RsaKey */
- if (mp_cmp(&(a->n), &(b->n)) != MP_EQ ||
- mp_cmp(&(a->e), &(b->e)) != MP_EQ) {
- ret = MP_CMP_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- else
- ret = 1;
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- }
- wc_FreeRsaKey(b);
- wc_FreeRsaKey(a);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(b, NULL, DYNAMIC_TYPE_RSA);
- XFREE(a, NULL, DYNAMIC_TYPE_RSA);
- #endif
- }
- else
- #endif /* !NO_RSA && !NO_ASN_CRYPT */
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
- if (ks == ECDSAk) {
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key* key_pair;
- byte* privDer;
- #else
- ecc_key key_pair[1];
- byte privDer[MAX_ECC_BYTES];
- #endif
- word32 privSz = MAX_ECC_BYTES;
- word32 keyIdx = 0;
- #ifdef WOLFSSL_SMALL_STACK
- key_pair = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
- if (key_pair == NULL)
- return MEMORY_E;
- privDer = (byte*)XMALLOC(MAX_ECC_BYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (privDer == NULL) {
- XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC);
- return MEMORY_E;
- }
- #endif
- if ((ret = wc_ecc_init(key_pair)) < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC);
- #endif
- return ret;
- }
- if ((ret = wc_EccPrivateKeyDecode(privKey, &keyIdx, key_pair,
- privKeySz)) == 0) {
- WOLFSSL_MSG("Checking ECC key pair");
- if ((ret = wc_ecc_export_private_only(key_pair, privDer, &privSz))
- == 0) {
- #ifdef WOLFSSL_CHECK_MEM_ZERO
- wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz);
- #endif
- wc_ecc_free(key_pair);
- ret = wc_ecc_init(key_pair);
- if (ret == 0) {
- ret = wc_ecc_import_private_key(privDer,
- privSz, pubKey,
- pubKeySz, key_pair);
- }
- /* public and private extracted successfully now check if is
- * a pair and also do sanity checks on key. wc_ecc_check_key
- * checks that private * base generator equals pubkey */
- if (ret == 0) {
- if ((ret = wc_ecc_check_key(key_pair)) == 0) {
- ret = 1;
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- }
- ForceZero(privDer, privSz);
- }
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- wc_ecc_free(key_pair);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC);
- #elif defined(WOLFSSL_CHECK_MEM_ZERO)
- wc_MemZero_Check(privDer, MAX_ECC_BYTES);
- #endif
- }
- else
- #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) && !defined(NO_ASN_CRYPT)
- if (ks == ED25519k) {
- #ifdef WOLFSSL_SMALL_STACK
- ed25519_key* key_pair;
- #else
- ed25519_key key_pair[1];
- #endif
- word32 keyIdx = 0;
- #ifdef WOLFSSL_SMALL_STACK
- key_pair = (ed25519_key*)XMALLOC(sizeof(ed25519_key), NULL,
- DYNAMIC_TYPE_ED25519);
- if (key_pair == NULL)
- return MEMORY_E;
- #endif
- if ((ret = wc_ed25519_init(key_pair)) < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519);
- #endif
- return ret;
- }
- if ((ret = wc_Ed25519PrivateKeyDecode(privKey, &keyIdx, key_pair,
- privKeySz)) == 0) {
- WOLFSSL_MSG("Checking ED25519 key pair");
- keyIdx = 0;
- if ((ret = wc_ed25519_import_public(pubKey, pubKeySz,
- key_pair)) == 0) {
- /* public and private extracted successfully no check if is
- * a pair and also do sanity checks on key. wc_ecc_check_key
- * checks that private * base generator equals pubkey */
- if ((ret = wc_ed25519_check_key(key_pair)) == 0) {
- ret = 1;
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- }
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- wc_ed25519_free(key_pair);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519);
- #endif
- }
- else
- #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT && !NO_ASN_CRYPT */
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) && !defined(NO_ASN_CRYPT)
- if (ks == ED448k) {
- #ifdef WOLFSSL_SMALL_STACK
- ed448_key* key_pair = NULL;
- #else
- ed448_key key_pair[1];
- #endif
- word32 keyIdx = 0;
- #ifdef WOLFSSL_SMALL_STACK
- key_pair = (ed448_key*)XMALLOC(sizeof(ed448_key), NULL,
- DYNAMIC_TYPE_ED448);
- if (key_pair == NULL)
- return MEMORY_E;
- #endif
- if ((ret = wc_ed448_init(key_pair)) < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448);
- #endif
- return ret;
- }
- if ((ret = wc_Ed448PrivateKeyDecode(privKey, &keyIdx, key_pair,
- privKeySz)) == 0) {
- WOLFSSL_MSG("Checking ED448 key pair");
- keyIdx = 0;
- if ((ret = wc_ed448_import_public(pubKey, pubKeySz,
- key_pair)) == 0) {
- /* public and private extracted successfully no check if is
- * a pair and also do sanity checks on key. wc_ecc_check_key
- * checks that private * base generator equals pubkey */
- if ((ret = wc_ed448_check_key(key_pair)) == 0) {
- ret = 1;
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- }
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- wc_ed448_free(key_pair);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448);
- #endif
- }
- else
- #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- if ((ks == FALCON_LEVEL1k) || (ks == FALCON_LEVEL5k)) {
- #ifdef WOLFSSL_SMALL_STACK
- falcon_key* key_pair = NULL;
- #else
- falcon_key key_pair[1];
- #endif
- word32 keyIdx = 0;
- #ifdef WOLFSSL_SMALL_STACK
- key_pair = (falcon_key*)XMALLOC(sizeof(falcon_key), NULL,
- DYNAMIC_TYPE_FALCON);
- if (key_pair == NULL)
- return MEMORY_E;
- #endif
- ret = wc_falcon_init(key_pair);
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_FALCON);
- #endif
- return ret;
- }
- if (ks == FALCON_LEVEL1k) {
- ret = wc_falcon_set_level(key_pair, 1);
- }
- else if (ks == FALCON_LEVEL5k) {
- ret = wc_falcon_set_level(key_pair, 5);
- }
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_FALCON);
- #endif
- return ret;
- }
- if ((ret = wc_Falcon_PrivateKeyDecode(privKey, &keyIdx, key_pair,
- privKeySz)) == 0) {
- WOLFSSL_MSG("Checking Falcon key pair");
- keyIdx = 0;
- if ((ret = wc_falcon_import_public(pubKey, pubKeySz,
- key_pair)) == 0) {
- /* Public and private extracted successfully. Sanity check. */
- if ((ret = wc_falcon_check_key(key_pair)) == 0) {
- ret = 1;
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- }
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- wc_falcon_free(key_pair);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_FALCON);
- #endif
- }
- else
- #endif /* HAVE_FALCON */
- #if defined(HAVE_DILITHIUM)
- if ((ks == DILITHIUM_LEVEL2k) ||
- (ks == DILITHIUM_LEVEL3k) ||
- (ks == DILITHIUM_LEVEL5k)) {
- #ifdef WOLFSSL_SMALL_STACK
- dilithium_key* key_pair = NULL;
- #else
- dilithium_key key_pair[1];
- #endif
- word32 keyIdx = 0;
- #ifdef WOLFSSL_SMALL_STACK
- key_pair = (dilithium_key*)XMALLOC(sizeof(dilithium_key), NULL,
- DYNAMIC_TYPE_DILITHIUM);
- if (key_pair == NULL)
- return MEMORY_E;
- #endif
- ret = wc_dilithium_init(key_pair);
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_DILITHIUM);
- #endif
- return ret;
- }
- if (ks == DILITHIUM_LEVEL2k) {
- ret = wc_dilithium_set_level(key_pair, 2);
- }
- else if (ks == DILITHIUM_LEVEL3k) {
- ret = wc_dilithium_set_level(key_pair, 3);
- }
- else if (ks == DILITHIUM_LEVEL5k) {
- ret = wc_dilithium_set_level(key_pair, 5);
- }
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_DILITHIUM);
- #endif
- return ret;
- }
- if ((ret = wc_Dilithium_PrivateKeyDecode(privKey, &keyIdx, key_pair,
- privKeySz)) == 0) {
- WOLFSSL_MSG("Checking Dilithium key pair");
- keyIdx = 0;
- if ((ret = wc_dilithium_import_public(pubKey, pubKeySz,
- key_pair)) == 0) {
- /* Public and private extracted successfully. Sanity check. */
- if ((ret = wc_dilithium_check_key(key_pair)) == 0)
- ret = 1;
- }
- }
- wc_dilithium_free(key_pair);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_DILITHIUM);
- #endif
- }
- else
- #endif /* HAVE_DILITHIUM */
- #if defined(HAVE_SPHINCS)
- if ((ks == SPHINCS_FAST_LEVEL1k) ||
- (ks == SPHINCS_FAST_LEVEL3k) ||
- (ks == SPHINCS_FAST_LEVEL5k) ||
- (ks == SPHINCS_SMALL_LEVEL1k) ||
- (ks == SPHINCS_SMALL_LEVEL3k) ||
- (ks == SPHINCS_SMALL_LEVEL5k)) {
- #ifdef WOLFSSL_SMALL_STACK
- sphincs_key* key_pair = NULL;
- #else
- sphincs_key key_pair[1];
- #endif
- word32 keyIdx = 0;
- #ifdef WOLFSSL_SMALL_STACK
- key_pair = (sphincs_key*)XMALLOC(sizeof(sphincs_key), NULL,
- DYNAMIC_TYPE_SPHINCS);
- if (key_pair == NULL)
- return MEMORY_E;
- #endif
- ret = wc_sphincs_init(key_pair);
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_SPHINCS);
- #endif
- return ret;
- }
- if (ks == SPHINCS_FAST_LEVEL1k) {
- ret = wc_sphincs_set_level_and_optim(key_pair, 1, FAST_VARIANT);
- }
- else if (ks == SPHINCS_FAST_LEVEL3k) {
- ret = wc_sphincs_set_level_and_optim(key_pair, 3, FAST_VARIANT);
- }
- else if (ks == SPHINCS_FAST_LEVEL5k) {
- ret = wc_sphincs_set_level_and_optim(key_pair, 5, FAST_VARIANT);
- }
- else if (ks == SPHINCS_SMALL_LEVEL1k) {
- ret = wc_sphincs_set_level_and_optim(key_pair, 1, SMALL_VARIANT);
- }
- else if (ks == SPHINCS_SMALL_LEVEL3k) {
- ret = wc_sphincs_set_level_and_optim(key_pair, 3, SMALL_VARIANT);
- }
- else if (ks == SPHINCS_SMALL_LEVEL5k) {
- ret = wc_sphincs_set_level_and_optim(key_pair, 5, SMALL_VARIANT);
- }
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_SPHINCS);
- #endif
- return ret;
- }
- if ((ret = wc_Sphincs_PrivateKeyDecode(privKey, &keyIdx, key_pair,
- privKeySz)) == 0) {
- WOLFSSL_MSG("Checking Sphincs key pair");
- keyIdx = 0;
- if ((ret = wc_sphincs_import_public(pubKey, pubKeySz,
- key_pair)) == 0) {
- /* Public and private extracted successfully. Sanity check. */
- if ((ret = wc_sphincs_check_key(key_pair)) == 0)
- ret = 1;
- }
- }
- wc_sphincs_free(key_pair);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key_pair, NULL, DYNAMIC_TYPE_SPHINCS);
- #endif
- }
- else
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- {
- ret = 0;
- }
- (void)ks;
- return ret;
- }
- /* check that the private key is a pair for the public key in certificate
- * return 1 (true) on match
- * return 0 or negative value on failure/error
- *
- * key : buffer holding DER format key
- * keySz : size of key buffer
- * der : a initialized and parsed DecodedCert holding a certificate */
- int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der)
- {
- if (key == NULL || der == NULL) {
- return BAD_FUNC_ARG;
- }
- return wc_CheckPrivateKey(key, keySz, der->publicKey,
- der->pubKeySize, (enum Key_Sum) der->keyOID);
- }
- #endif /* HAVE_PKCS12 || !NO_CHECK_PRIVATE_KEY */
- #ifndef NO_PWDBASED
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
- /* Check the PBE algorithm is supported and return wolfSSL id, version and block
- * size of encryption algorithm.
- *
- * When PBES2, version is PKCS5v2, CheckAlgoV2() must be called to get id and
- * blockSz based on encryption algorithm.
- *
- * @param [in] first First byte of OID to use in check.
- * @param [in] second Second byte of OID to use in check.
- * @param [out] id wolfSSL id for PBE algorithm.
- * @param [out] version Version of PBE OID:
- * PKCS12v1 (PBE), PKCS5 (PBES1), PKCS5v2 (PBES2).
- * @param [out] blockSz Block size of encryption algorithm.
- * @return 0 on success.
- * @return ALGO_ID_E when OID not supported.
- * @return ASN_INPUT_E when first byte is invalid.
- */
- static int CheckAlgo(int first, int second, int* id, int* version, int* blockSz)
- {
- int ret = 0;
- (void)id;
- (void)blockSz;
- *version = -1;
- /* pkcs-12 1 = pkcs-12PbeIds */
- if (first == 1) {
- /* PKCS #12: Appendix C */
- switch (second) {
- #if !defined(NO_SHA)
- #ifndef NO_RC4
- case PBE_SHA1_RC4_128:
- *id = PBE_SHA1_RC4_128;
- *version = PKCS12v1;
- if (blockSz != NULL) {
- *blockSz = 1;
- }
- break;
- #endif
- #ifndef NO_DES3
- case PBE_SHA1_DES3:
- *id = PBE_SHA1_DES3;
- *version = PKCS12v1;
- if (blockSz != NULL) {
- *blockSz = DES_BLOCK_SIZE;
- }
- break;
- #endif
- #ifdef WC_RC2
- case PBE_SHA1_40RC2_CBC:
- *id = PBE_SHA1_40RC2_CBC;
- *version = PKCS12v1;
- if (blockSz != NULL) {
- *blockSz = RC2_BLOCK_SIZE;
- }
- break;
- #endif
- #endif /* !NO_SHA */
- default:
- ret = ALGO_ID_E;
- break;
- }
- }
- else if (first != PKCS5) {
- /* Bad OID. */
- ret = ASN_INPUT_E;
- }
- /* PKCS #5 PBES2: Appendix A.4
- * pkcs-5 13 = id-PBES2 */
- else if (second == PBES2) {
- *version = PKCS5v2;
- /* Id and block size come from CheckAlgoV2() */
- }
- else {
- /* PKCS #5 PBES1: Appendix A.3 */
- /* see RFC 2898 for ids */
- switch (second) {
- #ifndef NO_DES3
- #ifndef NO_MD5
- case PBES1_MD5_DES:
- *id = PBE_MD5_DES;
- *version = PKCS5;
- if (blockSz != NULL) {
- *blockSz = DES_BLOCK_SIZE;
- }
- break;
- #endif
- #ifndef NO_SHA
- case PBES1_SHA1_DES:
- *id = PBE_SHA1_DES;
- *version = PKCS5;
- if (blockSz != NULL) {
- *blockSz = DES_BLOCK_SIZE;
- }
- break;
- #endif
- #endif /* !NO_DES3 */
- default:
- ret = ALGO_ID_E;
- break;
- }
- }
- /* Return error code. */
- return ret;
- }
- #endif /* HAVE_PKCS8 || HAVE_PKCS12 */
- #ifdef HAVE_PKCS8
- /* Check the encryption algorithm with PBES2 is supported and return block size
- * and wolfSSL id for the PBE.
- *
- * @param [in] oid Encryption algorithm OID id.
- * @param [out] id wolfSSL id for PBE algorithm.
- * @param [out] version Version of PBE OID:
- * PKCS12v1 (PBE), PKCS5 (PBES1), PKCS5v2 (PBES2).
- * @return 0 on success.
- * @return ALGO_ID_E when encryption algorithm is not supported with PBES2.
- */
- static int CheckAlgoV2(int oid, int* id, int* blockSz)
- {
- int ret = 0;
- (void)id;
- (void)blockSz;
- switch (oid) {
- #if !defined(NO_DES3) && !defined(NO_SHA)
- case DESb:
- *id = PBE_SHA1_DES;
- if (blockSz != NULL) {
- *blockSz = DES_BLOCK_SIZE;
- }
- break;
- case DES3b:
- *id = PBE_SHA1_DES3;
- if (blockSz != NULL) {
- *blockSz = DES_BLOCK_SIZE;
- }
- break;
- #endif
- #ifdef WOLFSSL_AES_256
- case AES256CBCb:
- *id = PBE_AES256_CBC;
- if (blockSz != NULL) {
- *blockSz = AES_BLOCK_SIZE;
- }
- break;
- #endif
- #ifdef WOLFSSL_AES_128
- case AES128CBCb:
- *id = PBE_AES128_CBC;
- if (blockSz != NULL) {
- *blockSz = AES_BLOCK_SIZE;
- }
- break;
- #endif
- default:
- WOLFSSL_MSG("No PKCS v2 algo found");
- ret = ALGO_ID_E;
- break;
- }
- /* Return error code. */
- return ret;
- }
- #endif /* HAVE_PKCS8 */
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
- int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
- int* algoID, void* heap)
- {
- word32 tmpIdx = 0;
- if (key == NULL || algoID == NULL)
- return BAD_FUNC_ARG;
- *algoID = 0;
- #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT)
- {
- RsaKey *rsa = (RsaKey *)XMALLOC(sizeof *rsa, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsa == NULL)
- return MEMORY_E;
- wc_InitRsaKey(rsa, heap);
- if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) {
- *algoID = RSAk;
- }
- else {
- WOLFSSL_MSG("Not RSA DER key");
- }
- wc_FreeRsaKey(rsa);
- XFREE(rsa, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* !NO_RSA && !NO_ASN_CRYPT */
- #if defined(HAVE_ECC) && !defined(NO_ASN_CRYPT)
- if (*algoID == 0) {
- ecc_key *ecc = (ecc_key *)XMALLOC(sizeof *ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (ecc == NULL)
- return MEMORY_E;
- tmpIdx = 0;
- wc_ecc_init_ex(ecc, heap, INVALID_DEVID);
- if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) {
- *algoID = ECDSAk;
- /* now find oid */
- if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) {
- WOLFSSL_MSG("Error getting ECC curve OID");
- wc_ecc_free(ecc);
- XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return BAD_FUNC_ARG;
- }
- }
- else {
- WOLFSSL_MSG("Not ECC DER key either");
- }
- wc_ecc_free(ecc);
- XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* HAVE_ECC && !NO_ASN_CRYPT */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) && !defined(NO_ASN_CRYPT)
- if (*algoID == 0) {
- ed25519_key *ed25519 = (ed25519_key *)XMALLOC(sizeof *ed25519, heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ed25519 == NULL)
- return MEMORY_E;
- tmpIdx = 0;
- if (wc_ed25519_init_ex(ed25519, heap, INVALID_DEVID) == 0) {
- if (wc_Ed25519PrivateKeyDecode(key, &tmpIdx, ed25519, keySz) == 0) {
- *algoID = ED25519k;
- }
- else {
- WOLFSSL_MSG("Not ED25519 DER key");
- }
- wc_ed25519_free(ed25519);
- }
- else {
- WOLFSSL_MSG("GetKeyOID wc_ed25519_init failed");
- }
- XFREE(ed25519, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT && !NO_ASN_CRYPT */
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) && !defined(NO_ASN_CRYPT)
- if (*algoID == 0) {
- ed448_key *ed448 = (ed448_key *)XMALLOC(sizeof *ed448, heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ed448 == NULL)
- return MEMORY_E;
- tmpIdx = 0;
- if (wc_ed448_init(ed448) == 0) {
- if (wc_Ed448PrivateKeyDecode(key, &tmpIdx, ed448, keySz) == 0) {
- *algoID = ED448k;
- }
- else {
- WOLFSSL_MSG("Not ED448 DER key");
- }
- wc_ed448_free(ed448);
- }
- else {
- WOLFSSL_MSG("GetKeyOID wc_ed448_init failed");
- }
- XFREE(ed448, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- if (*algoID == 0) {
- falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(*falcon), heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (falcon == NULL)
- return MEMORY_E;
- if (wc_falcon_init(falcon) != 0) {
- tmpIdx = 0;
- if (wc_falcon_set_level(falcon, 1) == 0) {
- if (wc_Falcon_PrivateKeyDecode(key, &tmpIdx, falcon, keySz)
- == 0) {
- *algoID = FALCON_LEVEL1k;
- }
- else {
- WOLFSSL_MSG("Not Falcon Level 1 DER key");
- }
- }
- else if (wc_falcon_set_level(falcon, 5) == 0) {
- if (wc_Falcon_PrivateKeyDecode(key, &tmpIdx, falcon, keySz)
- == 0) {
- *algoID = FALCON_LEVEL5k;
- }
- else {
- WOLFSSL_MSG("Not Falcon Level 5 DER key");
- }
- }
- else {
- WOLFSSL_MSG("GetKeyOID falcon initialization failed");
- }
- wc_falcon_free(falcon);
- }
- XFREE(falcon, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* HAVE_FALCON */
- #if defined(HAVE_DILITHIUM)
- if (*algoID == 0) {
- dilithium_key *dilithium = (dilithium_key *)XMALLOC(sizeof(*dilithium),
- heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (dilithium == NULL)
- return MEMORY_E;
- if (wc_dilithium_init(dilithium) != 0) {
- tmpIdx = 0;
- if (wc_dilithium_set_level(dilithium, 2)
- == 0) {
- if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
- keySz) == 0) {
- *algoID = DILITHIUM_LEVEL2k;
- }
- else {
- WOLFSSL_MSG("Not Dilithium Level 2 DER key");
- }
- }
- else if (wc_dilithium_set_level(dilithium, 3)
- == 0) {
- if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
- keySz) == 0) {
- *algoID = DILITHIUM_LEVEL3k;
- }
- else {
- WOLFSSL_MSG("Not Dilithium Level 3 DER key");
- }
- }
- else if (wc_dilithium_set_level(dilithium, 5)
- == 0) {
- if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
- keySz) == 0) {
- *algoID = DILITHIUM_LEVEL5k;
- }
- else {
- WOLFSSL_MSG("Not Dilithium Level 5 DER key");
- }
- }
- else {
- WOLFSSL_MSG("GetKeyOID dilithium initialization failed");
- }
- wc_dilithium_free(dilithium);
- }
- XFREE(dilithium, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* HAVE_DILITHIUM */
- #if defined(HAVE_SPHINCS)
- if (*algoID == 0) {
- sphincs_key *sphincs = (sphincs_key *)XMALLOC(sizeof(*sphincs),
- heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (sphincs == NULL)
- return MEMORY_E;
- if (wc_sphincs_init(sphincs) != 0) {
- tmpIdx = 0;
- if (wc_sphincs_set_level_and_optim(sphincs, 1, FAST_VARIANT)
- == 0) {
- if (wc_Sphincs_PrivateKeyDecode(key, &tmpIdx, sphincs,
- keySz) == 0) {
- *algoID = SPHINCS_FAST_LEVEL1k;
- }
- else {
- WOLFSSL_MSG("Not Sphincs-fast Level 1 DER key");
- }
- }
- else if (wc_sphincs_set_level_and_optim(sphincs, 3, FAST_VARIANT)
- == 0) {
- if (wc_Sphincs_PrivateKeyDecode(key, &tmpIdx, sphincs,
- keySz) == 0) {
- *algoID = SPHINCS_FAST_LEVEL3k;
- }
- else {
- WOLFSSL_MSG("Not Sphincs-fast Level 3 DER key");
- }
- }
- else if (wc_sphincs_set_level_and_optim(sphincs, 5, FAST_VARIANT)
- == 0) {
- if (wc_Sphincs_PrivateKeyDecode(key, &tmpIdx, sphincs,
- keySz) == 0) {
- *algoID = SPHINCS_FAST_LEVEL5k;
- }
- else {
- WOLFSSL_MSG("Not Sphincs-fast Level 5 DER key");
- }
- }
- else if (wc_sphincs_set_level_and_optim(sphincs, 1, SMALL_VARIANT)
- == 0) {
- if (wc_Sphincs_PrivateKeyDecode(key, &tmpIdx, sphincs,
- keySz) == 0) {
- *algoID = SPHINCS_SMALL_LEVEL1k;
- }
- else {
- WOLFSSL_MSG("Not Sphincs-small Level 1 DER key");
- }
- }
- else if (wc_sphincs_set_level_and_optim(sphincs, 3, SMALL_VARIANT)
- == 0) {
- if (wc_Sphincs_PrivateKeyDecode(key, &tmpIdx, sphincs,
- keySz) == 0) {
- *algoID = SPHINCS_SMALL_LEVEL3k;
- }
- else {
- WOLFSSL_MSG("Not Sphincs-small Level 3 DER key");
- }
- }
- else if (wc_sphincs_set_level_and_optim(sphincs, 5, SMALL_VARIANT)
- == 0) {
- if (wc_Sphincs_PrivateKeyDecode(key, &tmpIdx, sphincs,
- keySz) == 0) {
- *algoID = SPHINCS_SMALL_LEVEL5k;
- }
- else {
- WOLFSSL_MSG("Not Sphincs-small Level 5 DER key");
- }
- }
- else {
- WOLFSSL_MSG("GetKeyOID sphincs initialization failed");
- }
- wc_sphincs_free(sphincs);
- }
- XFREE(sphincs, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- /* if flag is not set then this is not a key that we understand. */
- if (*algoID == 0) {
- WOLFSSL_MSG("Bad key DER or compile options");
- return BAD_FUNC_ARG;
- }
- (void)tmpIdx;
- (void)curveOID;
- (void)oidSz;
- (void)keySz;
- (void)heap;
- return 1;
- }
- #endif /* HAVE_PKCS8 || HAVE_PKCS12 */
- #ifdef WOLFSSL_ASN_TEMPLATE
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
- /* ASN.1 template for PBES2 parameters.
- * PKCS #5: RFC 8018, A.4 - PBES2-params without outer SEQUENCE
- * A.2 - PBKDF2-params
- * B.2 - Encryption schemes
- * C - AlgorithmIdentifier
- */
- static const ASNItem pbes2ParamsASN[] = {
- /* KDF_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* PBKDF2 */
- /* KDF_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* PBKDF2_PARAMS_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* Salt */
- /* PBKDF2_PARAMS_SALT */ { 2, ASN_OCTET_STRING, 0, 0, 0 },
- /* Iteration count */
- /* PBKDF2_PARAMS_ITER */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* Key length */
- /* PBKDF2_PARAMS_KEYLEN */ { 2, ASN_INTEGER, 0, 0, 1 },
- /* PRF - default is HMAC-SHA1 */
- /* PBKDF2_PARAMS_PRF */ { 2, ASN_SEQUENCE, 1, 1, 1 },
- /* PBKDF2_PARAMS_PRF_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* PBKDF2_PARAMS_PRF_NULL */ { 3, ASN_TAG_NULL, 0, 0, 1 },
- /* ENCS_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* Encryption algorithm */
- /* ENCS_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* IV for CBC */
- /* ENCS_PARAMS */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- };
- enum {
- PBES2PARAMSASN_IDX_KDF_SEQ = 0,
- PBES2PARAMSASN_IDX_KDF_OID,
- PBES2PARAMSASN_IDX_PBKDF2_PARAMS_SEQ,
- PBES2PARAMSASN_IDX_PBKDF2_PARAMS_SALT,
- PBES2PARAMSASN_IDX_PBKDF2_PARAMS_ITER,
- PBES2PARAMSASN_IDX_PBKDF2_PARAMS_KEYLEN,
- PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF,
- PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID,
- PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_NULL,
- PBES2PARAMSASN_IDX_ENCS_SEQ,
- PBES2PARAMSASN_IDX_ENCS_OID,
- PBES2PARAMSASN_IDX_ENCS_PARAMS
- };
- /* Number of items in ASN.1 template for PBES2 parameters. */
- #define pbes2ParamsASN_Length (sizeof(pbes2ParamsASN) / sizeof(ASNItem))
- /* ASN.1 template for PBES1 parameters.
- * PKCS #5: RFC 8018, A.3. - PBEParameter without outer SEQUENCE
- */
- static const ASNItem pbes1ParamsASN[] = {
- /* Salt */
- /* SALT */ { 0, ASN_OCTET_STRING, 0, 0, 0 },
- /* Iteration count */
- /* ITER */ { 0, ASN_INTEGER, 0, 0, 0 },
- };
- enum {
- PBES1PARAMSASN_IDX_SALT = 0,
- PBES1PARAMSASN_IDX_ITER
- };
- /* Number of items in ASN.1 template for PBES1 parameters. */
- #define pbes1ParamsASN_Length (sizeof(pbes1ParamsASN) / sizeof(ASNItem))
- #endif /* HAVE_PKCS8 || HAVE_PKCS12 */
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #ifdef HAVE_PKCS8
- /*
- * Equivalent to calling TraditionalEnc with the same parameters but with
- * encAlgId set to 0. This function must be kept alive because it's sometimes
- * part of the API (WOLFSSL_ASN_API).
- */
- int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
- const char* password, int passwordSz, int vPKCS, int vAlgo,
- byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap)
- {
- return TraditionalEnc(key, keySz, out, outSz, password, passwordSz,
- vPKCS, vAlgo, 0, salt, saltSz, itt, rng, heap);
- }
- static int GetAlgoV2(int encAlgId, const byte** oid, int *len, int* id,
- int *blkSz)
- {
- int ret = 0;
- switch (encAlgId) {
- #if !defined(NO_DES3) && !defined(NO_SHA)
- case DESb:
- *len = sizeof(blkDesCbcOid);
- *oid = blkDesCbcOid;
- *id = PBE_SHA1_DES;
- *blkSz = 8;
- break;
- case DES3b:
- *len = sizeof(blkDes3CbcOid);
- *oid = blkDes3CbcOid;
- *id = PBE_SHA1_DES3;
- *blkSz = 8;
- break;
- #endif
- #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
- case AES128CBCb:
- *len = sizeof(blkAes128CbcOid);
- *oid = blkAes128CbcOid;
- *id = PBE_AES128_CBC;
- *blkSz = 16;
- break;
- #endif
- #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
- case AES256CBCb:
- *len = sizeof(blkAes256CbcOid);
- *oid = blkAes256CbcOid;
- *id = PBE_AES256_CBC;
- *blkSz = 16;
- break;
- #endif
- default:
- (void)len;
- (void)oid;
- (void)id;
- (void)blkSz;
- ret = ALGO_ID_E;
- }
- return ret;
- }
- int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
- const char* password, int passwordSz, int vPKCS, int pbeOid,
- int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng,
- void* heap)
- {
- #ifdef WOLFSSL_SMALL_STACK
- byte* saltTmp = NULL;
- #else
- byte saltTmp[MAX_SALT_SIZE];
- #endif
- int genSalt = 0;
- int ret = 0;
- int version = 0;
- int pbeId = 0;
- int blockSz = 0;
- const byte* encOid = NULL;
- int encOidSz = 0;
- word32 padSz = 0;
- word32 innerLen = 0;
- const byte* pbeOidBuf = NULL;
- word32 pbeOidBufSz = 0;
- word32 pbeLen = 0;
- word32 kdfLen = 0;
- word32 encLen = 0;
- byte cbcIv[MAX_IV_SIZE];
- word32 idx = 0;
- word32 encIdx = 0;
- (void)heap;
- WOLFSSL_ENTER("wc_EncryptPKCS8Key");
- if (key == NULL || outSz == NULL || password == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- ret = CheckAlgo(vPKCS, pbeOid, &pbeId, &version, &blockSz);
- }
- if (ret == 0 && (salt == NULL || saltSz == 0)) {
- genSalt = 1;
- saltSz = 8;
- }
- if (ret == 0 && version == PKCS5v2) {
- ret = GetAlgoV2(encAlgId, &encOid, &encOidSz, &pbeId, &blockSz);
- }
- if (ret == 0) {
- padSz = (word32)((blockSz - ((int)keySz & (blockSz - 1))) &
- (blockSz - 1));
- /* inner = OCT salt INT itt */
- innerLen = 2 + saltSz + 2 + ((itt < 256) ? 1 : ((itt < 65536) ? 2 : 3));
- if (version != PKCS5v2) {
- pbeOidBuf = OidFromId((word32)pbeId, oidPBEType, &pbeOidBufSz);
- /* pbe = OBJ pbse1 SEQ [ inner ] */
- pbeLen = 2 + pbeOidBufSz + 2 + innerLen;
- }
- else {
- pbeOidBuf = pbes2;
- pbeOidBufSz = sizeof(pbes2);
- /* kdf = OBJ pbkdf2 [ SEQ innerLen ] */
- kdfLen = 2 + sizeof(pbkdf2Oid) + 2 + innerLen;
- /* enc = OBJ enc_alg OCT iv */
- encLen = 2 + (word32)encOidSz + 2 + (word32)blockSz;
- /* pbe = OBJ pbse2 SEQ [ SEQ [ kdf ] SEQ [ enc ] ] */
- pbeLen = (word32)(2 + sizeof(pbes2) + 2 + 2 + (size_t)kdfLen + 2 +
- (size_t)encLen);
- ret = wc_RNG_GenerateBlock(rng, cbcIv, (word32)blockSz);
- }
- }
- if (ret == 0) {
- /* outerLen = length of PBE encoding + octet string data */
- /* Plus 2 for tag and length for pbe */
- word32 outerLen = 2 + pbeLen;
- /* Octet string tag, length */
- outerLen += 1 + SetLength(keySz + padSz, NULL);
- /* Octet string bytes */
- outerLen += keySz + padSz;
- if (out == NULL) {
- /* Sequence tag, length */
- *outSz = 1 + SetLength(outerLen, NULL) + outerLen;
- return LENGTH_ONLY_E;
- }
- SetOctetString(keySz + padSz, out);
- idx += SetSequence(outerLen, out + idx);
- encIdx = idx + outerLen - keySz - padSz;
- /* Put Encrypted content in place. */
- XMEMCPY(out + encIdx, key, keySz);
- if (padSz > 0) {
- XMEMSET(out + encIdx + keySz, (int)padSz, padSz);
- keySz += padSz;
- }
- if (genSalt == 1) {
- #ifdef WOLFSSL_SMALL_STACK
- saltTmp = (byte*)XMALLOC(saltSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (saltTmp == NULL) {
- ret = MEMORY_E;
- }
- else
- #endif
- {
- salt = saltTmp;
- if ((ret = wc_RNG_GenerateBlock(rng, saltTmp, saltSz)) != 0) {
- WOLFSSL_MSG("Error generating random salt");
- }
- }
- }
- }
- if (ret == 0) {
- ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, pbeId,
- out + encIdx, (int)keySz, version, cbcIv, 1, 0);
- }
- if (ret == 0) {
- if (version != PKCS5v2) {
- /* PBE algorithm */
- idx += SetSequence(pbeLen, out + idx);
- idx += (word32)SetObjectId((int)pbeOidBufSz, out + idx);
- XMEMCPY(out + idx, pbeOidBuf, pbeOidBufSz);
- idx += pbeOidBufSz;
- }
- else {
- /* PBES2 algorithm identifier */
- idx += SetSequence(pbeLen, out + idx);
- idx += (word32)SetObjectId((int)pbeOidBufSz, out + idx);
- XMEMCPY(out + idx, pbeOidBuf, pbeOidBufSz);
- idx += pbeOidBufSz;
- /* PBES2 Parameters: SEQ [ kdf ] SEQ [ enc ] */
- idx += SetSequence(2 + kdfLen + 2 + encLen, out + idx);
- /* KDF Algorithm Identifier */
- idx += SetSequence(kdfLen, out + idx);
- idx += (word32)SetObjectId((int)sizeof(pbkdf2Oid), out + idx);
- XMEMCPY(out + idx, pbkdf2Oid, sizeof(pbkdf2Oid));
- idx += sizeof(pbkdf2Oid);
- }
- idx += SetSequence(innerLen, out + idx);
- idx += SetOctetString(saltSz, out + idx);
- XMEMCPY(out + idx, salt, saltSz); idx += saltSz;
- ret = SetShortInt(out, &idx, (word32)itt, *outSz);
- if (ret > 0)
- ret = 0;
- }
- if (ret == 0) {
- if (version == PKCS5v2) {
- /* Encryption Algorithm Identifier */
- idx += SetSequence(encLen, out + idx);
- idx += (word32)SetObjectId(encOidSz, out + idx);
- XMEMCPY(out + idx, encOid, (size_t)encOidSz);
- idx += (word32)encOidSz;
- /* Encryption Algorithm Parameter: CBC IV */
- idx += SetOctetString((word32)blockSz, out + idx);
- XMEMCPY(out + idx, cbcIv, (size_t)blockSz);
- idx += (word32)blockSz;
- }
- idx += SetOctetString(keySz, out + idx);
- /* Default PRF - no need to write out OID */
- idx += keySz;
- ret = (int)idx;
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (saltTmp != NULL) {
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- WOLFSSL_LEAVE("wc_EncryptPKCS8Key", ret);
- return ret;
- }
- int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password,
- int passwordSz)
- {
- int ret;
- int length;
- word32 inOutIdx = 0;
- if (input == NULL || password == NULL) {
- return BAD_FUNC_ARG;
- }
- if (GetSequence(input, &inOutIdx, &length, sz) < 0) {
- ret = ASN_PARSE_E;
- }
- else {
- ret = DecryptContent(input + inOutIdx, sz - inOutIdx, password,
- passwordSz);
- if (ret > 0) {
- XMEMMOVE(input, input + inOutIdx, (size_t)ret);
- }
- }
- if (ret > 0) {
- /* DecryptContent will decrypt the data, but it will leave any padding
- * bytes intact. This code calculates the length without the padding
- * and we return that to the user. */
- inOutIdx = 0;
- if (GetSequence(input, &inOutIdx, &length, (word32)ret) < 0) {
- ret = ASN_PARSE_E;
- }
- else {
- ret = (int)inOutIdx + length;
- }
- }
- return ret;
- }
- /* Takes an unencrypted, traditional DER-encoded key and converts it to a PKCS#8
- * encrypted key. If out is not NULL, it will hold the encrypted key. If it's
- * NULL, LENGTH_ONLY_E will be returned and outSz will have the required out
- * buffer size. */
- int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
- const char* password, int passwordSz, int vPKCS, int vAlgo,
- int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng,
- void* heap)
- {
- int ret = 0;
- byte *pkcs8Key = NULL;
- word32 pkcs8KeySz = 0;
- int algId = 0;
- const byte* curveOid = NULL;
- word32 curveOidSz = 0;
- if (ret == 0) {
- /* check key type and get OID if ECC */
- ret = wc_GetKeyOID(key, keySz, &curveOid, &curveOidSz, &algId, heap);
- if (ret == 1)
- ret = 0;
- }
- if (ret == 0) {
- ret = wc_CreatePKCS8Key(NULL, &pkcs8KeySz, key, keySz, algId, curveOid,
- curveOidSz);
- if (ret == LENGTH_ONLY_E)
- ret = 0;
- }
- if (ret == 0) {
- pkcs8Key = (byte*)XMALLOC(pkcs8KeySz, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (pkcs8Key == NULL)
- ret = MEMORY_E;
- }
- if (ret == 0) {
- ret = wc_CreatePKCS8Key(pkcs8Key, &pkcs8KeySz, key, keySz, algId,
- curveOid, curveOidSz);
- if (ret >= 0) {
- pkcs8KeySz = (word32)ret;
- ret = 0;
- }
- }
- #ifdef WOLFSSL_CHECK_MEM_ZERO
- if (ret == 0) {
- wc_MemZero_Add("TraditionalEnc pkcs8Key", pkcs8Key, pkcs8KeySz);
- }
- #endif
- if (ret == 0) {
- ret = wc_EncryptPKCS8Key(pkcs8Key, pkcs8KeySz, out, outSz, password,
- passwordSz, vPKCS, vAlgo, encAlgId, salt, saltSz, itt, rng, heap);
- }
- if (pkcs8Key != NULL) {
- ForceZero(pkcs8Key, pkcs8KeySz);
- XFREE(pkcs8Key, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- (void)rng;
- return ret;
- }
- /* Same as TraditionalEnc, but in the public API. */
- int wc_CreateEncryptedPKCS8Key(byte* key, word32 keySz, byte* out,
- word32* outSz, const char* password, int passwordSz, int vPKCS,
- int pbeOid, int encAlgId, byte* salt, word32 saltSz, int itt,
- WC_RNG* rng, void* heap)
- {
- return TraditionalEnc(key, keySz, out, outSz, password, passwordSz, vPKCS,
- pbeOid, encAlgId, salt, saltSz, itt, rng, heap);
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for PKCS #8/#7 encrypted key for decrypting
- * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo without outer SEQUENCE
- * PKCS #7: RFC 2315, 10.1 - EncryptedContentInfo without outer SEQUENCE
- */
- static const ASNItem pkcs8DecASN[] = {
- /* ENCALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* ENCALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* ENCALGO_PARAMS */ { 2, ASN_SEQUENCE, 1, 0, 0 },
- /* PKCS #7 */
- /* ENCCONTENT */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ENC_CONTENT,
- 0, 0, 2 },
- /* PKCS #8 */
- /* ENCDATA */ { 1, ASN_OCTET_STRING, 0, 0, 2 },
- };
- enum {
- PKCS8DECASN_IDX_ENCALGO_SEQ = 0,
- PKCS8DECASN_IDX_ENCALGO_OID,
- PKCS8DECASN_IDX_ENCALGO_PARAMS,
- PKCS8DECASN_IDX_ENCCONTENT,
- PKCS8DECASN_IDX_ENCDATA
- };
- /* Number of items in ASN.1 template for PKCS #8/#7 encrypted key. */
- #define pkcs8DecASN_Length (sizeof(pkcs8DecASN) / sizeof(ASNItem))
- #endif
- /* Decrypt data using PBE algorithm.
- *
- * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo without outer SEQUENCE
- * PKCS #7: RFC 2315, 10.1 - EncryptedContentInfo without outer SEQUENCE
- *
- * Note: input buffer is overwritten with decrypted data!
- *
- * Salt is in KDF parameters and IV is PBE parameters when needed.
- *
- * @param [in] input Data to decrypt and unwrap.
- * @param [in] sz Size of encrypted data.
- * @param [in] password Password to derive encryption key with.
- * @param [in] passwordSz Size of password in bytes.
- * @return Length of decrypted data on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return Other when decryption fails.
- */
- int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 inOutIdx = 0, seqEnd, oid, shaOid = 0;
- int ret = 0, first, second, length = 0, version, saltSz, id = 0;
- int iterations = 0, keySz = 0;
- #ifdef WOLFSSL_SMALL_STACK
- byte* salt = NULL;
- byte* cbcIv = NULL;
- #else
- byte salt[MAX_SALT_SIZE];
- byte cbcIv[MAX_IV_SIZE];
- #endif
- byte tag;
- if (passwordSz < 0) {
- WOLFSSL_MSG("Bad password size");
- return BAD_FUNC_ARG;
- }
- if (GetAlgoId(input, &inOutIdx, &oid, oidIgnoreType, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- first = input[inOutIdx - 2]; /* PKCS version always 2nd to last byte */
- second = input[inOutIdx - 1]; /* version.algo, algo id last byte */
- if (CheckAlgo(first, second, &id, &version, NULL) < 0) {
- ERROR_OUT(ASN_INPUT_E, exit_dc); /* Algo ID error */
- }
- if (version == PKCS5v2) {
- if (GetSequence(input, &inOutIdx, &length, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- if (GetAlgoId(input, &inOutIdx, &oid, oidKdfType, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- if (oid != PBKDF2_OID) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- }
- if (GetSequence(input, &inOutIdx, &length, sz) <= 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- /* Find the end of this SEQUENCE so we can check for the OPTIONAL and
- * DEFAULT items. */
- seqEnd = inOutIdx + (word32)length;
- ret = GetOctetString(input, &inOutIdx, &saltSz, sz);
- if (ret < 0)
- goto exit_dc;
- if (saltSz > MAX_SALT_SIZE) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- #ifdef WOLFSSL_SMALL_STACK
- salt = (byte*)XMALLOC(MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (salt == NULL) {
- ERROR_OUT(MEMORY_E, exit_dc);
- }
- #endif
- XMEMCPY(salt, &input[inOutIdx], (size_t)saltSz);
- inOutIdx += (word32)saltSz;
- if (GetShortInt(input, &inOutIdx, &iterations, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- /* OPTIONAL key length */
- if (seqEnd > inOutIdx) {
- word32 localIdx = inOutIdx;
- if (GetASNTag(input, &localIdx, &tag, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- if (tag == ASN_INTEGER &&
- GetShortInt(input, &inOutIdx, &keySz, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- }
- /* DEFAULT HMAC is SHA-1 */
- if (seqEnd > inOutIdx) {
- if (GetAlgoId(input, &inOutIdx, &oid, oidHmacType, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- shaOid = oid;
- }
- #ifdef WOLFSSL_SMALL_STACK
- cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (cbcIv == NULL) {
- ERROR_OUT(MEMORY_E, exit_dc);
- }
- #endif
- if (version == PKCS5v2) {
- /* get encryption algo */
- if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- if (CheckAlgoV2((int)oid, &id, NULL) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc); /* PKCS v2 algo id error */
- }
- if (shaOid == 0)
- shaOid = oid;
- ret = GetOctetString(input, &inOutIdx, &length, sz);
- if (ret < 0)
- goto exit_dc;
- if (length > MAX_IV_SIZE) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- XMEMCPY(cbcIv, &input[inOutIdx], (size_t)length);
- inOutIdx += (word32)length;
- }
- if (GetASNTag(input, &inOutIdx, &tag, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- if (tag != (ASN_CONTEXT_SPECIFIC | 0) && tag != ASN_OCTET_STRING) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- if (GetLength(input, &inOutIdx, &length, sz) < 0) {
- ERROR_OUT(ASN_PARSE_E, exit_dc);
- }
- ret = wc_CryptKey(password, passwordSz, salt, saltSz, iterations, id,
- input + inOutIdx, length, version, cbcIv, 0, (int)shaOid);
- exit_dc:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (ret == 0) {
- XMEMMOVE(input, input + inOutIdx, (size_t)length);
- ret = length;
- }
- return ret;
- #else
- /* pbes2ParamsASN longer than pkcs8DecASN_Length/pbes1ParamsASN_Length. */
- DECL_ASNGETDATA(dataASN, pbes2ParamsASN_Length);
- int ret = 0;
- int id = 0;
- int version;
- word32 idx = 0;
- word32 pIdx = 0;
- word32 iterations = 0;
- word32 keySz = 0;
- word32 saltSz = 0;
- word32 shaOid = 0;
- byte* salt = NULL;
- byte* key = NULL;
- byte cbcIv[MAX_IV_SIZE];
- byte* params = NULL;
- WOLFSSL_ENTER("DecryptContent");
- CALLOC_ASNGETDATA(dataASN, pbes2ParamsASN_Length, ret, NULL);
- if (ret == 0) {
- /* Check OID is a PBE Type */
- GetASN_OID(&dataASN[PKCS8DECASN_IDX_ENCALGO_OID], oidPBEType);
- ret = GetASN_Items(pkcs8DecASN, dataASN, pkcs8DecASN_Length, 0, input,
- &idx, sz);
- }
- if (ret == 0) {
- /* Check the PBE algorithm and get the version and id. */
- idx = dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.length;
- /* Second last byte: 1 (PKCS #12 PBE Id) or 5 (PKCS #5)
- * Last byte: Alg or PBES2 */
- ret = CheckAlgo(dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.data[idx - 2],
- dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.data[idx - 1],
- &id, &version, NULL);
- }
- if (ret == 0) {
- /* Get the parameters data. */
- GetASN_GetRef(&dataASN[PKCS8DECASN_IDX_ENCALGO_PARAMS], ¶ms, &sz);
- /* Having a numbered choice means none or both will have errored out. */
- if (dataASN[PKCS8DECASN_IDX_ENCCONTENT].tag != 0)
- GetASN_GetRef(&dataASN[PKCS8DECASN_IDX_ENCCONTENT], &key, &keySz);
- else if (dataASN[PKCS8DECASN_IDX_ENCDATA].tag != 0)
- GetASN_GetRef(&dataASN[PKCS8DECASN_IDX_ENCDATA], &key, &keySz);
- else
- ret = ASN_RSA_KEY_E;
- }
- if (ret == 0) {
- if (version != PKCS5v2) {
- /* Initialize for PBES1 parameters and put iterations in var. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * pbes1ParamsASN_Length);
- GetASN_Int32Bit(&dataASN[PBES1PARAMSASN_IDX_ITER], &iterations);
- /* Parse the PBES1 parameters. */
- ret = GetASN_Items(pbes1ParamsASN, dataASN, pbes1ParamsASN_Length,
- 0, params, &pIdx, sz);
- if (ret == 0) {
- /* Get the salt data. */
- GetASN_GetRef(&dataASN[PBES1PARAMSASN_IDX_SALT], &salt, &saltSz);
- }
- }
- else {
- word32 ivSz = MAX_IV_SIZE;
- /* Initialize for PBES2 parameters. Put iterations in var; match
- * KDF, HMAC and cipher, and copy CBC into buffer. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * pbes2ParamsASN_Length);
- GetASN_ExpBuffer(&dataASN[PBES2PARAMSASN_IDX_KDF_OID], pbkdf2Oid, sizeof(pbkdf2Oid));
- GetASN_Int32Bit(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_ITER], &iterations);
- GetASN_OID(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID], oidHmacType);
- GetASN_OID(&dataASN[PBES2PARAMSASN_IDX_ENCS_OID], oidBlkType);
- GetASN_Buffer(&dataASN[PBES2PARAMSASN_IDX_ENCS_PARAMS], cbcIv, &ivSz);
- /* Parse the PBES2 parameters */
- ret = GetASN_Items(pbes2ParamsASN, dataASN, pbes2ParamsASN_Length,
- 0, params, &pIdx, sz);
- if (ret == 0) {
- /* Get the salt data. */
- GetASN_GetRef(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_SALT], &salt, &saltSz);
- /* Get the digest and encryption algorithm id. */
- shaOid = dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID].data.oid.sum; /* Default HMAC-SHA1 */
- id = (int)dataASN[PBES2PARAMSASN_IDX_ENCS_OID].data.oid.sum;
- /* Convert encryption algorithm to a PBE algorithm if needed. */
- CheckAlgoV2(id, &id, NULL);
- }
- }
- }
- if (ret == 0) {
- /* Decrypt the key. */
- ret = wc_CryptKey(
- password, passwordSz, salt, (int)saltSz, (int)iterations, id, key,
- (int)keySz, version, cbcIv, 0, (int)shaOid);
- }
- if (ret == 0) {
- /* Copy the decrypted key into the input (inline). */
- XMEMMOVE(input, key, keySz);
- ret = (int)keySz;
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif
- }
- /* Decrypt data using PBE algorithm and get key from PKCS#8 wrapping.
- *
- * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo
- * PKCS #7: RFC 2315, 10.1 - EncryptedContentInfo
- *
- * Note: input buffer is overwritten with decrypted key!
- *
- * Salt is in KDF parameters and IV is PBE parameters when needed.
- *
- * @param [in] input Data to decrypt and unwrap.
- * @param [in] sz Size of encrypted data.
- * @param [in] password Password to derive encryption key with.
- * @param [in] passwordSz Size of password in bytes.
- * @param [out] algId Key algorithm from PKCS#8 wrapper.
- * @return Length of decrypted data on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return Other when decryption fails.
- */
- int ToTraditionalEnc(byte* input, word32 sz, const char* password,
- int passwordSz, word32* algId)
- {
- int ret;
- ret = wc_DecryptPKCS8Key(input, sz, password, passwordSz);
- if (ret > 0) {
- ret = ToTraditional_ex(input, (word32)ret, algId);
- }
- return ret;
- }
- #endif /* HAVE_PKCS8 */
- #ifdef HAVE_PKCS12
- #define PKCS8_MIN_BLOCK_SIZE 8
- static int Pkcs8Pad(byte* buf, int sz, int blockSz)
- {
- int padSz;
- /* calculate pad size */
- padSz = blockSz - (sz & (blockSz - 1));
- /* pad with padSz value */
- if (buf) {
- int i;
- for (i = 0; i < padSz; i++) {
- buf[sz+i] = (byte)(padSz & 0xFF);
- }
- }
- /* return adjusted length */
- return sz + padSz;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for PKCS #8 encrypted key with PBES1 parameters.
- * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo
- * PKCS #5: RFC 8018, A.3 - PBEParameter
- */
- static const ASNItem p8EncPbes1ASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* ENCALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* PBE algorithm */
- /* ENCALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* ENCALGO_PBEPARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* Salt */
- /* ENCALGO_PBEPARAM_SALT */ { 3, ASN_OCTET_STRING, 0, 0, 0 },
- /* Iteration Count */
- /* ENCALGO_PBEPARAM_ITER */ { 3, ASN_INTEGER, 0, 0, 0 },
- /* ENCDATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- };
- enum {
- P8ENCPBES1ASN_IDX_SEQ = 0,
- P8ENCPBES1ASN_IDX_ENCALGO_SEQ,
- P8ENCPBES1ASN_IDX_ENCALGO_OID,
- P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SEQ,
- P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT,
- P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_ITER,
- P8ENCPBES1ASN_IDX_ENCDATA
- };
- #define p8EncPbes1ASN_Length (sizeof(p8EncPbes1ASN) / sizeof(ASNItem))
- #endif
- /* Wrap a private key in PKCS#8 and encrypt.
- *
- * Used for PKCS#12 and PKCS#7.
- * vPKCS is the version of PKCS to use.
- * vAlgo is the algorithm version to use.
- *
- * When salt is NULL, a random number is generated.
- *
- * data returned is :
- * [ seq - obj [ seq -salt,itt]] , construct with encrypted data
- *
- * @param [in] input Data to encrypt.
- * @param [in] inputSz Length of data in bytes.
- * @param [out] out Buffer to write wrapped encrypted data into.
- * @param [out] outSz Length of encrypted data in bytes.
- * @param [in] password Password used to create encryption key.
- * @param [in] passwordSz Length of password in bytes.
- * @param [in] vPKCS First byte used to determine PBE algorithm.
- * @param [in] vAlgo Second byte used to determine PBE algorithm.
- * @param [in] salt Salt to use with KDF.
- * @param [in] saltSz Length of salt in bytes.
- * @param [in] itt Number of iterations to use in KDF.
- * @param [in] rng Random number generator to use to generate salt.
- * @param [in] heap Dynamic memory allocator hint.
- * @return The size of encrypted data on success
- * @return LENGTH_ONLY_E when out is NULL and able to encode.
- * @return ASN_PARSE_E when the salt size is too large.
- * @return ASN_VERSION_E when attempting to use a PBES2 algorithm (use
- * TraditionalEnc).
- * @return MEMORY_E when dynamic memory allocation fails.
- * @return Other when encryption or random number generation fails.
- */
- int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
- const char* password, int passwordSz, int vPKCS, int vAlgo,
- byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 sz;
- word32 inOutIdx = 0;
- word32 tmpIdx = 0;
- word32 totalSz = 0;
- word32 seqSz;
- word32 innerSz;
- int ret;
- int version, id, blockSz = 0;
- #ifdef WOLFSSL_SMALL_STACK
- byte* saltTmp = NULL;
- byte* cbcIv = NULL;
- #else
- byte saltTmp[MAX_SALT_SIZE];
- byte cbcIv[MAX_IV_SIZE];
- #endif
- byte seq[MAX_SEQ_SZ];
- byte shr[MAX_SHORT_SZ];
- word32 maxShr = MAX_SHORT_SZ;
- word32 algoSz;
- const byte* algoName;
- (void)heap;
- WOLFSSL_ENTER("EncryptContent");
- if (CheckAlgo(vPKCS, vAlgo, &id, &version, &blockSz) < 0)
- return ASN_INPUT_E; /* Algo ID error */
- if (version == PKCS5v2) {
- WOLFSSL_MSG("PKCS#5 version 2 not supported yet");
- return BAD_FUNC_ARG;
- }
- if (saltSz > MAX_SALT_SIZE)
- return ASN_PARSE_E;
- if (outSz == NULL) {
- return BAD_FUNC_ARG;
- }
- /* calculate size */
- /* size of constructed string at end */
- sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
- totalSz = ASN_TAG_SZ;
- totalSz += SetLength(sz, seq);
- totalSz += sz;
- /* size of sequence holding object id and sub sequence of salt and itt */
- algoName = OidFromId((word32)id, oidPBEType, &algoSz);
- if (algoName == NULL) {
- WOLFSSL_MSG("Unknown Algorithm");
- return 0;
- }
- innerSz = (word32)SetObjectId((int)algoSz, seq);
- innerSz += algoSz;
- /* get subsequence of salt and itt */
- if (salt == NULL || saltSz == 0) {
- sz = 8;
- }
- else {
- sz = saltSz;
- }
- seqSz = SetOctetString(sz, seq);
- seqSz += sz;
- tmpIdx = 0;
- ret = SetShortInt(shr, &tmpIdx, (word32)itt, maxShr);
- if (ret >= 0) {
- seqSz += (word32)ret;
- }
- else {
- return ret;
- }
- innerSz += seqSz + SetSequence(seqSz, seq);
- totalSz += innerSz + SetSequence(innerSz, seq);
- if (out == NULL) {
- *outSz = totalSz;
- return LENGTH_ONLY_E;
- }
- inOutIdx = 0;
- if (totalSz > *outSz)
- return BUFFER_E;
- inOutIdx += SetSequence(innerSz, out + inOutIdx);
- inOutIdx += (word32)SetObjectId((int)algoSz, out + inOutIdx);
- XMEMCPY(out + inOutIdx, algoName, algoSz);
- inOutIdx += algoSz;
- inOutIdx += SetSequence(seqSz, out + inOutIdx);
- /* create random salt if one not provided */
- if (salt == NULL || saltSz == 0) {
- saltSz = 8;
- #ifdef WOLFSSL_SMALL_STACK
- saltTmp = (byte*)XMALLOC(saltSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (saltTmp == NULL)
- return MEMORY_E;
- #endif
- salt = saltTmp;
- if ((ret = wc_RNG_GenerateBlock(rng, saltTmp, saltSz)) != 0) {
- WOLFSSL_MSG("Error generating random salt");
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- }
- inOutIdx += SetOctetString(saltSz, out + inOutIdx);
- if (saltSz + inOutIdx > *outSz) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return BUFFER_E;
- }
- XMEMCPY(out + inOutIdx, salt, saltSz);
- inOutIdx += saltSz;
- /* place iteration setting in buffer */
- ret = SetShortInt(out, &inOutIdx, (word32)itt, *outSz);
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- if (inOutIdx + 1 > *outSz) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return BUFFER_E;
- }
- out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0;
- /* get pad size and verify buffer room */
- sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
- if (sz + inOutIdx > *outSz) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return BUFFER_E;
- }
- inOutIdx += SetLength(sz, out + inOutIdx);
- /* copy input to output buffer and pad end */
- XMEMCPY(out + inOutIdx, input, inputSz);
- sz = (word32)Pkcs8Pad(out + inOutIdx, (int)inputSz, blockSz);
- #ifdef WOLFSSL_SMALL_STACK
- cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (cbcIv == NULL) {
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
- #endif
- /* encrypt */
- if ((ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id,
- out + inOutIdx, (int)sz, version, cbcIv, 1, 0)) < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret; /* encrypt failure */
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- (void)rng;
- return (int)(inOutIdx + sz);
- #else
- DECL_ASNSETDATA(dataASN, p8EncPbes1ASN_Length);
- int ret = 0;
- int sz = 0;
- int version = 0;
- int id = -1;
- int blockSz = 0;
- word32 pkcs8Sz = 0;
- (void)heap;
- WOLFSSL_ENTER("EncryptContent");
- /* Must have a output size to return or check. */
- if (outSz == NULL) {
- ret = BAD_FUNC_ARG;
- }
- /* Check salt size is valid. */
- if ((ret == 0) && (saltSz > MAX_SALT_SIZE)) {
- ret = ASN_PARSE_E;
- }
- /* Get algorithm parameters for algorithm identifier. */
- if ((ret == 0) && CheckAlgo(vPKCS, vAlgo, &id, &version, &blockSz) < 0) {
- ret = ASN_INPUT_E;
- }
- /* Check PKCS #5 version - only PBSE1 parameters supported. */
- if ((ret == 0) && (version == PKCS5v2)) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNSETDATA(dataASN, p8EncPbes1ASN_Length, ret, heap);
- if (ret == 0) {
- /* Setup data to go into encoding including PBE algorithm, salt,
- * iteration count, and padded key length. */
- SetASN_OID(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_OID], (word32)id,
- oidPBEType);
- if (salt == NULL || saltSz == 0) {
- salt = NULL;
- saltSz = PKCS5_SALT_SZ;
- /* Salt generated into encoding below. */
- }
- SetASN_Buffer(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT],
- salt, saltSz);
- SetASN_Int16Bit(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_ITER],
- (word16)itt);
- pkcs8Sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
- SetASN_Buffer(&dataASN[P8ENCPBES1ASN_IDX_ENCDATA], NULL, pkcs8Sz);
- /* Calculate size of encoding. */
- ret = SizeASN_Items(p8EncPbes1ASN + P8ENCPBES1ASN_IDX_ENCALGO_SEQ,
- dataASN + P8ENCPBES1ASN_IDX_ENCALGO_SEQ,
- (int)(p8EncPbes1ASN_Length - P8ENCPBES1ASN_IDX_ENCALGO_SEQ),
- &sz);
- }
- /* Return size when no output buffer. */
- if ((ret == 0) && (out == NULL)) {
- *outSz = (word32)sz;
- ret = LENGTH_ONLY_E;
- }
- /* Check output buffer is big enough for encoded data. */
- if ((ret == 0) && (sz > (int)*outSz)) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- /* Encode PKCS#8 key. */
- SetASN_Items(p8EncPbes1ASN + P8ENCPBES1ASN_IDX_ENCALGO_SEQ,
- dataASN + P8ENCPBES1ASN_IDX_ENCALGO_SEQ,
- (int)(p8EncPbes1ASN_Length - P8ENCPBES1ASN_IDX_ENCALGO_SEQ),
- out);
- if (salt == NULL) {
- /* Generate salt into encoding. */
- salt = (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT].
- data.buffer.data;
- ret = wc_RNG_GenerateBlock(rng, salt, saltSz);
- }
- }
- if (ret == 0) {
- byte cbcIv[MAX_IV_SIZE];
- /* Store PKCS#8 key in output buffer. */
- byte* pkcs8 =
- (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data;
- XMEMCPY(pkcs8, input, inputSz);
- Pkcs8Pad(pkcs8, (int)inputSz, blockSz);
- /* Encrypt PKCS#8 key inline. */
- ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id,
- pkcs8, (int)pkcs8Sz, version, cbcIv, 1, 0);
- }
- if (ret == 0) {
- /* Returning size on success. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* HAVE_PKCS12 */
- #endif /* NO_PWDBASED */
- #ifndef NO_RSA
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
- /* This function is to retrieve key position information in a cert.*
- * The information will be used to call TSIP TLS-linked API for *
- * certificate verification. */
- static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
- word32 inSz, word32* key_n,
- word32* key_n_len, word32* key_e,
- word32* key_e_len)
- {
- int ret = 0;
- int length = 0;
- #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
- byte b;
- #endif
- if (input == NULL || inOutIdx == NULL)
- return BAD_FUNC_ARG;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
- if ((*inOutIdx + 1) > inSz)
- return BUFFER_E;
- b = input[*inOutIdx];
- if (b != ASN_INTEGER) {
- /* not from decoded cert, will have algo id, skip past */
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (SkipObjectId(input, inOutIdx, inSz) < 0)
- return ASN_PARSE_E;
- /* Option NULL ASN.1 tag */
- if (*inOutIdx >= inSz) {
- return BUFFER_E;
- }
- if (input[*inOutIdx] == ASN_TAG_NULL) {
- ret = GetASNNull(input, inOutIdx, inSz);
- if (ret != 0)
- return ret;
- }
- /* TODO: support RSA PSS */
- /* should have bit tag length and seq next */
- ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL);
- if (ret != 0)
- return ret;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- }
- #endif /* OPENSSL_EXTRA */
- /* Get modulus */
- ret = GetASNInt(input, inOutIdx, &length, inSz);
- *key_n += *inOutIdx;
- if (ret < 0) {
- return ASN_RSA_KEY_E;
- }
- if (key_n_len)
- *key_n_len = length;
- *inOutIdx += length;
- /* Get exponent */
- ret = GetASNInt(input, inOutIdx, &length, inSz);
- *key_e += *inOutIdx;
- if (ret < 0) {
- return ASN_RSA_KEY_E;
- }
- if (key_e_len)
- *key_e_len = length;
- return ret;
- }
- #endif /* WOLFSSL_RENESAS_TSIP */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for an RSA public key.
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- */
- static const ASNItem rsaPublicKeyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* ALGOID_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 },
- #ifdef WC_RSA_PSS
- /* ALGOID_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 },
- #endif
- /* PUBKEY */ { 1, ASN_BIT_STRING, 0, 1, 0 },
- /* RSAPublicKey */
- /* PUBKEY_RSA_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* PUBKEY_RSA_N */ { 3, ASN_INTEGER, 0, 0, 0 },
- /* PUBKEY_RSA_E */ { 3, ASN_INTEGER, 0, 0, 0 },
- };
- enum {
- RSAPUBLICKEYASN_IDX_SEQ = 0,
- RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
- RSAPUBLICKEYASN_IDX_ALGOID_OID,
- RSAPUBLICKEYASN_IDX_ALGOID_NULL,
- #ifdef WC_RSA_PSS
- RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
- #endif
- RSAPUBLICKEYASN_IDX_PUBKEY,
- RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
- RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
- RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
- };
- /* Number of items in ASN.1 template for an RSA public key. */
- #define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
- #endif
- /* Decode RSA public key.
- *
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of RSA public key.
- * On out, start of ASN.1 item after RSA public key.
- * @param [in] inSz Number of bytes in buffer.
- * @param [out] n Pointer to modulus in buffer.
- * @param [out] nSz Size of modulus in bytes.
- * @param [out] e Pointer to exponent in buffer.
- * @param [out] eSz Size of exponent in bytes.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz,
- const byte** n, word32* nSz, const byte** e, word32* eSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret = 0;
- int length = 0;
- #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
- word32 localIdx;
- byte tag;
- #endif
- if (input == NULL || inOutIdx == NULL)
- return BAD_FUNC_ARG;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
- localIdx = *inOutIdx;
- if (GetASNTag(input, &localIdx, &tag, inSz) < 0)
- return BUFFER_E;
- if (tag != ASN_INTEGER) {
- /* not from decoded cert, will have algo id, skip past */
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (SkipObjectId(input, inOutIdx, inSz) < 0)
- return ASN_PARSE_E;
- /* Option NULL ASN.1 tag */
- if (*inOutIdx >= inSz) {
- return BUFFER_E;
- }
- localIdx = *inOutIdx;
- if (GetASNTag(input, &localIdx, &tag, inSz) < 0)
- return ASN_PARSE_E;
- if (tag == ASN_TAG_NULL) {
- ret = GetASNNull(input, inOutIdx, inSz);
- if (ret != 0)
- return ret;
- }
- #ifdef WC_RSA_PSS
- /* Skip RSA PSS parameters. */
- else if (tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- *inOutIdx += length;
- }
- #endif
- /* should have bit tag length and seq next */
- ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL);
- if (ret != 0)
- return ret;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- }
- #endif /* OPENSSL_EXTRA */
- /* Get modulus */
- ret = GetASNInt(input, inOutIdx, &length, inSz);
- if (ret < 0) {
- return ASN_RSA_KEY_E;
- }
- if (nSz)
- *nSz = (word32)length;
- if (n)
- *n = &input[*inOutIdx];
- *inOutIdx += (word32)length;
- /* Get exponent */
- ret = GetASNInt(input, inOutIdx, &length, inSz);
- if (ret < 0) {
- return ASN_RSA_KEY_E;
- }
- if (eSz)
- *eSz = (word32)length;
- if (e)
- *e = &input[*inOutIdx];
- *inOutIdx += (word32)length;
- return ret;
- #else
- DECL_ASNGETDATA(dataASN, rsaPublicKeyASN_Length);
- int ret = 0;
- #ifdef WC_RSA_PSS
- word32 oid = RSAk;
- #endif
- /* Check validity of parameters. */
- if (input == NULL || inOutIdx == NULL) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNGETDATA(dataASN, rsaPublicKeyASN_Length, ret, NULL);
- if (ret == 0) {
- /* Try decoding PKCS #1 public key by ignoring rest of ASN.1. */
- ret = GetASN_Items(&rsaPublicKeyASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ],
- &dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ],
- (int)(rsaPublicKeyASN_Length - RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ),
- 0, input, inOutIdx, inSz);
- if (ret != 0) {
- /* Didn't work - try whole SubjectKeyInfo instead. */
- #ifdef WC_RSA_PSS
- /* Could be RSA or RSA PSS key. */
- GetASN_OID(&dataASN[RSAPUBLICKEYASN_IDX_ALGOID_OID], oidKeyType);
- #else
- /* Set the OID to expect. */
- GetASN_ExpBuffer(&dataASN[RSAPUBLICKEYASN_IDX_ALGOID_OID],
- keyRsaOid, sizeof(keyRsaOid));
- #endif
- /* Decode SubjectKeyInfo. */
- ret = GetASN_Items(rsaPublicKeyASN, dataASN,
- rsaPublicKeyASN_Length, 1, input, inOutIdx,
- inSz);
- }
- }
- #ifdef WC_RSA_PSS
- if ((ret == 0) && (dataASN[RSAPUBLICKEYASN_IDX_ALGOID_OID].tag != 0)) {
- /* Two possible OIDs supported - RSA and RSA PSS. */
- oid = dataASN[RSAPUBLICKEYASN_IDX_ALGOID_OID].data.oid.sum;
- if ((oid != RSAk) && (oid != RSAPSSk)) {
- ret = ASN_PARSE_E;
- }
- }
- if ((ret == 0) && (dataASN[RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ].tag != 0)) {
- /* Can't have NULL and SEQ. */
- if (dataASN[RSAPUBLICKEYASN_IDX_ALGOID_NULL].tag != 0) {
- ret = ASN_PARSE_E;
- }
- /* SEQ present only with RSA PSS. */
- if ((ret == 0) && (oid != RSAPSSk)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- enum wc_HashType hash;
- int mgf;
- int saltLen;
- const byte* params = GetASNItem_Addr(
- dataASN[RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ], input);
- word32 paramsSz = GetASNItem_Length(
- dataASN[RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ], input);
- /* Validate the private key parameters. */
- ret = DecodeRsaPssParams(params, paramsSz, &hash, &mgf, &saltLen);
- /* TODO: store parameters so that usage can be checked. */
- }
- }
- #endif
- if (ret == 0) {
- /* Return the buffers and lengths asked for. */
- if (n != NULL) {
- *n = dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N].data.ref.data;
- }
- if (nSz != NULL) {
- *nSz = dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N].data.ref.length;
- }
- if (e != NULL) {
- *e = dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E].data.ref.data;
- }
- if (eSz != NULL) {
- *eSz = dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E].data.ref.length;
- }
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Decode RSA public key.
- *
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of RSA public key.
- * On out, start of ASN.1 item after RSA public key.
- * @param [in, out] key RSA key object.
- * @param [in] inSz Number of bytes in buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
- word32 inSz)
- {
- int ret;
- const byte *n = NULL, *e = NULL;
- word32 nSz = 0, eSz = 0;
- if (key == NULL)
- return BAD_FUNC_ARG;
- ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, inSz, &n, &nSz, &e, &eSz);
- if (ret == 0) {
- ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, key);
- }
- return ret;
- }
- #endif /* !NO_RSA */
- #ifndef NO_DH
- #if defined(WOLFSSL_DH_EXTRA)
- /*
- * Decodes DH public key to fill specified DhKey.
- *
- * return 0 on success, negative on failure
- */
- int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
- DhKey* key, word32 inSz)
- {
- int ret = 0;
- int length;
- word32 oid = 0;
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
- return BAD_FUNC_ARG;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- ret = GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz);
- if (oid != DHk || ret < 0)
- return ASN_DH_KEY_E;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetInt(&key->p, input, inOutIdx, inSz) < 0)
- return ASN_DH_KEY_E;
- if (GetInt(&key->g, input, inOutIdx, inSz) < 0) {
- mp_clear(&key->p);
- return ASN_DH_KEY_E;
- }
- ret = (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) == 0);
- if (ret > 0) {
- /* Found Bit String WOLFSSL_DH_EXTRA is required to access DhKey.pub */
- if (GetInt(&key->pub, input, inOutIdx, inSz) < 0) {
- mp_clear(&key->p);
- mp_clear(&key->g);
- return ASN_DH_KEY_E;
- }
- }
- else {
- mp_clear(&key->p);
- mp_clear(&key->g);
- return ASN_DH_KEY_E;
- }
- return 0;
- }
- #endif /* WOLFSSL_DH_EXTRA */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for DH key.
- * PKCS #3, 9 - DHParameter.
- * (Also in: RFC 2786, 3)
- */
- static const ASNItem dhParamASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* prime */
- /* PRIME */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* base */
- /* BASE */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* privateValueLength */
- /* PRIVLEN */ { 1, ASN_INTEGER, 0, 0, 1 },
- };
- enum {
- DHPARAMASN_IDX_SEQ = 0,
- DHPARAMASN_IDX_PRIME,
- DHPARAMASN_IDX_BASE,
- DHPARAMASN_IDX_PRIVLEN
- };
- /* Number of items in ASN.1 template for DH key. */
- #define dhParamASN_Length (sizeof(dhParamASN) / sizeof(ASNItem))
- #ifdef WOLFSSL_DH_EXTRA
- /* ASN.1 template for DH key wrapped in PKCS #8 or SubjectPublicKeyInfo.
- * PKCS #8: RFC 5208, 5 - PrivateKeyInfo
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * RFC 3279, 2.3.3 - DH in SubjectPublicKeyInfo
- */
- static const ASNItem dhKeyPkcs8ASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* VER */ { 1, ASN_INTEGER, 0, 0, 1 },
- /* PKEYALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* PKEYALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* DHParameter */
- /* PKEYALGO_PARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* p */
- /* PKEYALGO_PARAM_P */ { 3, ASN_INTEGER, 0, 0, 0 },
- /* g */
- /* PKEYALGO_PARAM_G */ { 3, ASN_INTEGER, 0, 0, 0 },
- /* q - factor of p-1 */
- /* PKEYALGO_PARAM_Q */ { 3, ASN_INTEGER, 0, 0, 1 },
- /* j - subgroup factor */
- /* PKEYALGO_PARAM_J */ { 3, ASN_INTEGER, 0, 0, 1 },
- /* ValidationParms */
- /* PKEYALGO_PARAM_VALID */ { 3, ASN_SEQUENCE, 0, 0, 1 },
- /* PrivateKey - PKCS #8 */
- /* PKEY_STR */ { 1, ASN_OCTET_STRING, 0, 1, 2 },
- /* PKEY_INT */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* PublicKey - SubjectPublicKeyInfo. */
- /* PUBKEY_STR */ { 1, ASN_BIT_STRING, 0, 1, 2 },
- /* PUBKEY_INT */ { 2, ASN_INTEGER, 0, 0, 0 },
- };
- enum {
- DHKEYPKCS8ASN_IDX_SEQ = 0,
- DHKEYPKCS8ASN_IDX_VER,
- DHKEYPKCS8ASN_IDX_PKEYALGO_SEQ,
- DHKEYPKCS8ASN_IDX_PKEYALGO_OID,
- DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_SEQ,
- DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_P,
- DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_G,
- DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_Q,
- DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_J,
- DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_VALID,
- DHKEYPKCS8ASN_IDX_PKEY_STR,
- DHKEYPKCS8ASN_IDX_PKEY_INT,
- DHKEYPKCS8ASN_IDX_PUBKEY_STR,
- DHKEYPKCS8ASN_IDX_PUBKEY_INT
- };
- #define dhKeyPkcs8ASN_Length (sizeof(dhKeyPkcs8ASN) / sizeof(ASNItem))
- #endif
- #endif
- /* Decodes either PKCS#3 DH parameters or PKCS#8 DH key file (WOLFSSL_DH_EXTRA).
- *
- * See also wc_DhParamsLoad(). Loads directly into buffers rather than key
- * object.
- *
- * @param [in] input BER/DER encoded data.
- * @param [in, out] inOutIdx On in, start of DH key data.
- * On out, end of DH key data.
- * @param [in, out] key DH key object.
- * @param [in] inSz Size of data in bytes.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when input, inOutIDx or key is NULL.
- * @return MEMORY_E when dynamic memory allocation fails.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return MP_INIT_E when the unable to initialize an mp_int.
- * @return ASN_GETINT_E when the unable to convert data to an mp_int.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret = 0;
- int length;
- #ifdef WOLFSSL_DH_EXTRA
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- word32 oid = 0, temp = 0;
- #endif
- #endif
- WOLFSSL_ENTER("wc_DhKeyDecode");
- if (inOutIdx == NULL)
- return BAD_FUNC_ARG;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- #ifdef WOLFSSL_DH_EXTRA
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- temp = *inOutIdx;
- #endif
- #endif
- /* Assume input started after 1.2.840.113549.1.3.1 dhKeyAgreement */
- if (GetInt(&key->p, input, inOutIdx, inSz) < 0) {
- ret = ASN_DH_KEY_E;
- }
- if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) {
- mp_clear(&key->p);
- ret = ASN_DH_KEY_E;
- }
- #ifdef WOLFSSL_DH_EXTRA
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- /* If ASN_DH_KEY_E: Check if input started at beginning of key */
- if (ret == ASN_DH_KEY_E) {
- *inOutIdx = temp;
- /* the version (0) - private only (for public skip) */
- if (GetASNInt(input, inOutIdx, &length, inSz) == 0) {
- *inOutIdx += (word32)length;
- }
- /* Size of dhKeyAgreement section */
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- /* Check for dhKeyAgreement */
- ret = GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz);
- if (oid != DHk || ret < 0)
- return ASN_DH_KEY_E;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetInt(&key->p, input, inOutIdx, inSz) < 0) {
- return ASN_DH_KEY_E;
- }
- if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) {
- mp_clear(&key->p);
- return ASN_DH_KEY_E;
- }
- }
- temp = *inOutIdx;
- ret = (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) == 0);
- if (ret > 0) {
- /* Found Bit String */
- if (GetInt(&key->pub, input, inOutIdx, inSz) == 0) {
- WOLFSSL_MSG("Found Public Key");
- ret = 0;
- }
- } else {
- *inOutIdx = temp;
- ret = (GetOctetString(input, inOutIdx, &length, inSz) >= 0);
- if (ret > 0) {
- /* Found Octet String */
- if (GetInt(&key->priv, input, inOutIdx, inSz) == 0) {
- WOLFSSL_MSG("Found Private Key");
- /* Compute public */
- ret = mp_exptmod(&key->g, &key->priv, &key->p, &key->pub);
- }
- } else {
- /* Don't use length from failed CheckBitString/GetOctetString */
- *inOutIdx = temp;
- ret = 0;
- }
- }
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* WOLFSSL_DH_EXTRA */
- WOLFSSL_LEAVE("wc_DhKeyDecode", ret);
- return ret;
- #else
- #ifdef WOLFSSL_DH_EXTRA
- DECL_ASNGETDATA(dataASN, dhKeyPkcs8ASN_Length);
- #else
- DECL_ASNGETDATA(dataASN, dhParamASN_Length);
- #endif
- int ret = 0;
- /* Check input parameters are valid. */
- if ((input == NULL) || (inOutIdx == NULL) || (key == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- #ifdef WOLFSSL_DH_EXTRA
- ALLOC_ASNGETDATA(dataASN, dhKeyPkcs8ASN_Length, ret, key->heap);
- #else
- ALLOC_ASNGETDATA(dataASN, dhParamASN_Length, ret, key->heap);
- #endif
- if (ret == 0) {
- /* Initialize data and set mp_ints to hold p and g. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * dhParamASN_Length);
- GetASN_MP(&dataASN[DHPARAMASN_IDX_PRIME], &key->p);
- GetASN_MP(&dataASN[DHPARAMASN_IDX_BASE], &key->g);
- /* Try simple PKCS #3 template. */
- ret = GetASN_Items(dhParamASN, dataASN, dhParamASN_Length, 1, input,
- inOutIdx, inSz);
- #ifdef WOLFSSL_DH_EXTRA
- if (ret != 0) {
- mp_free(&key->p);
- mp_free(&key->g);
- /* Initialize data and set mp_ints to hold p, g, q, priv and pub. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * dhKeyPkcs8ASN_Length);
- GetASN_ExpBuffer(&dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_OID],
- keyDhOid, sizeof(keyDhOid));
- GetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_P], &key->p);
- GetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_G], &key->g);
- GetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_Q], &key->q);
- GetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PKEY_INT], &key->priv);
- GetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PUBKEY_INT], &key->pub);
- /* Try PKCS #8 wrapped template. */
- ret = GetASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, 1,
- input, inOutIdx, inSz);
- if (ret == 0) {
- /* VERSION only present in PKCS #8 private key structure */
- if ((dataASN[DHKEYPKCS8ASN_IDX_PKEY_INT].length != 0) &&
- (dataASN[DHKEYPKCS8ASN_IDX_VER].length == 0)) {
- ret = ASN_PARSE_E;
- }
- else if ((dataASN[DHKEYPKCS8ASN_IDX_PUBKEY_INT].length != 0) &&
- (dataASN[DHKEYPKCS8ASN_IDX_VER].length != 0)) {
- ret = ASN_PARSE_E;
- }
- }
- if ((ret == 0) && mp_iszero(&key->pub)) {
- ret = mp_exptmod(&key->g, &key->priv, &key->p, &key->pub);
- }
- }
- #endif
- }
- FREE_ASNGETDATA(dataASN, key->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef WOLFSSL_DH_EXTRA
- /* Export DH Key (private or public) */
- int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret, privSz = 0, pubSz = 0;
- word32 keySz, idx, len, total;
- if (key == NULL || outSz == NULL) {
- return BAD_FUNC_ARG;
- }
- /* determine size */
- if (exportPriv) {
- /* octet string: priv */
- privSz = SetASNIntMP(&key->priv, -1, NULL);
- if (privSz < 0)
- return privSz;
- idx = 1 + SetLength((word32)privSz, NULL) +
- (word32)privSz; /* +1 for ASN_OCTET_STRING */
- }
- else {
- /* bit string: public */
- pubSz = SetASNIntMP(&key->pub, -1, NULL);
- if (pubSz < 0)
- return pubSz;
- idx = SetBitString((word32)pubSz, 0, NULL) + (word32)pubSz;
- }
- keySz = idx;
- /* DH Parameters sequence with P and G */
- total = 0;
- ret = wc_DhParamsToDer(key, NULL, &total);
- if (ret != LENGTH_ONLY_E)
- return ret;
- idx += total;
- /* object dhKeyAgreement 1.2.840.113549.1.3.1 */
- idx += (word32)SetObjectId(sizeof(keyDhOid), NULL);
- idx += (word32)sizeof(keyDhOid);
- len = idx - keySz;
- /* sequence - all but pub/priv */
- idx += SetSequence(len, NULL);
- if (exportPriv) {
- /* version: 0 (ASN_INTEGER, 0x01, 0x00) */
- idx += 3;
- }
- /* sequence */
- total = idx + SetSequence(idx, NULL);
- /* if no output, then just getting size */
- if (output == NULL) {
- *outSz = total;
- return LENGTH_ONLY_E;
- }
- /* make sure output fits in buffer */
- if (total > *outSz) {
- return BUFFER_E;
- }
- total = idx;
- /* sequence */
- idx = SetSequence(total, output);
- if (exportPriv) {
- /* version: 0 */
- idx += (word32)SetMyVersion(0, output + idx, 0);
- }
- /* sequence - all but pub/priv */
- idx += SetSequence(len, output + idx);
- /* object dhKeyAgreement 1.2.840.113549.1.3.1 */
- idx += (word32)SetObjectId(sizeof(keyDhOid), output + idx);
- XMEMCPY(output + idx, keyDhOid, sizeof(keyDhOid));
- idx += sizeof(keyDhOid);
- /* DH Parameters sequence with P and G */
- total = *outSz - idx;
- ret = wc_DhParamsToDer(key, output + idx, &total);
- if (ret < 0)
- return ret;
- idx += total;
- /* octet string: priv */
- if (exportPriv) {
- idx += (word32)SetOctetString((word32)privSz, output + idx);
- idx += (word32)SetASNIntMP(&key->priv, -1, output + idx);
- }
- else {
- /* bit string: public */
- idx += (word32)SetBitString((word32)pubSz, 0, output + idx);
- idx += (word32)SetASNIntMP(&key->pub, -1, output + idx);
- }
- *outSz = idx;
- return (int)idx;
- #else
- ASNSetData dataASN[dhKeyPkcs8ASN_Length];
- int ret = 0;
- int sz;
- WOLFSSL_ENTER("wc_DhKeyToDer");
- XMEMSET(dataASN, 0, sizeof(dataASN));
- SetASN_Int8Bit(&dataASN[DHKEYPKCS8ASN_IDX_VER], 0);
- SetASN_OID(&dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_OID], DHk, oidKeyType);
- /* Set mp_int containing p and g. */
- SetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_P], &key->p);
- SetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_G], &key->g);
- dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_Q].noOut = 1;
- dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_J].noOut = 1;
- dataASN[DHKEYPKCS8ASN_IDX_PKEYALGO_PARAM_VALID].noOut = 1;
- if (exportPriv) {
- SetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PKEY_INT], &key->priv);
- dataASN[DHKEYPKCS8ASN_IDX_PUBKEY_STR].noOut = 1;
- dataASN[DHKEYPKCS8ASN_IDX_PUBKEY_INT].noOut = 1;
- }
- else {
- dataASN[DHKEYPKCS8ASN_IDX_VER].noOut = 1;
- dataASN[DHKEYPKCS8ASN_IDX_PKEY_STR].noOut = 1;
- dataASN[DHKEYPKCS8ASN_IDX_PKEY_INT].noOut = 1;
- SetASN_MP(&dataASN[DHKEYPKCS8ASN_IDX_PUBKEY_INT], &key->pub);
- }
- /* Calculate the size of the DH parameters. */
- ret = SizeASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, &sz);
- if (output == NULL) {
- *outSz = (word32)sz;
- ret = LENGTH_ONLY_E;
- }
- /* Check buffer is big enough for encoding. */
- if ((ret == 0) && ((int)*outSz < sz)) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* Encode the DH parameters into buffer. */
- SetASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, output);
- /* Set the actual encoding size. */
- *outSz = (word32)sz;
- /* Return the actual encoding size. */
- ret = sz;
- }
- return ret;
- #endif
- }
- int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz)
- {
- return wc_DhKeyToDer(key, out, outSz, 0);
- }
- int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz)
- {
- return wc_DhKeyToDer(key, out, outSz, 1);
- }
- /* Convert DH key parameters to DER format, write to output (outSz)
- * If output is NULL then max expected size is set to outSz and LENGTH_ONLY_E is
- * returned.
- *
- * Note : static function due to redefinition complications with DhKey and FIPS
- * version 2 build.
- *
- * return bytes written on success */
- int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- word32 idx, total;
- if (key == NULL || outSz == NULL) {
- return BAD_FUNC_ARG;
- }
- /* determine size */
- /* integer - g */
- ret = SetASNIntMP(&key->g, -1, NULL);
- if (ret < 0)
- return ret;
- idx = (word32)ret;
- /* integer - p */
- ret = SetASNIntMP(&key->p, -1, NULL);
- if (ret < 0)
- return ret;
- idx += (word32)ret;
- total = idx;
- /* sequence */
- idx += SetSequence(idx, NULL);
- if (output == NULL) {
- *outSz = idx;
- return LENGTH_ONLY_E;
- }
- /* make sure output fits in buffer */
- if (idx > *outSz) {
- return BUFFER_E;
- }
- /* write DH parameters */
- /* sequence - for P and G only */
- idx = SetSequence(total, output);
- /* integer - p */
- ret = SetASNIntMP(&key->p, -1, output + idx);
- if (ret < 0)
- return ret;
- idx += (word32)ret;
- /* integer - g */
- ret = SetASNIntMP(&key->g, -1, output + idx);
- if (ret < 0)
- return ret;
- idx += (word32)ret;
- *outSz = idx;
- return (int)idx;
- #else
- ASNSetData dataASN[dhParamASN_Length];
- int ret = 0;
- int sz = 0;
- WOLFSSL_ENTER("wc_DhParamsToDer");
- if (key == NULL || outSz == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- XMEMSET(dataASN, 0, sizeof(dataASN));
- /* Set mp_int containing p and g. */
- SetASN_MP(&dataASN[DHPARAMASN_IDX_PRIME], &key->p);
- SetASN_MP(&dataASN[DHPARAMASN_IDX_BASE], &key->g);
- /* privateValueLength not encoded. */
- dataASN[DHPARAMASN_IDX_PRIVLEN].noOut = 1;
- /* Calculate the size of the DH parameters. */
- ret = SizeASN_Items(dhParamASN, dataASN, dhParamASN_Length, &sz);
- }
- if ((ret == 0) && (output == NULL)) {
- *outSz = (word32)sz;
- ret = LENGTH_ONLY_E;
- }
- /* Check buffer is big enough for encoding. */
- if ((ret == 0) && (*outSz < (word32)sz)) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* Encode the DH parameters into buffer. */
- SetASN_Items(dhParamASN, dataASN, dhParamASN_Length, output);
- /* Set the actual encoding size. */
- *outSz = (word32)sz;
- /* Return count of bytes written. */
- ret = sz;
- }
- return ret;
- #endif
- }
- #endif /* WOLFSSL_DH_EXTRA */
- /* Decode DH parameters.
- *
- * PKCS #3, 9 - DHParameter.
- * (Also in: RFC 2786, 3)
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of RSA public key.
- * On out, start of ASN.1 item after RSA public key.
- * @param [in] inSz Number of bytes in buffer.
- * @param [in, out] p Buffer to hold prime.
- * @param [out] pInOutSz On in, size of buffer to hold prime in bytes.
- * On out, size of prime in bytes.
- * @param [in, out] g Buffer to hold base.
- * @param [out] gInOutSz On in, size of buffer to hold base in bytes.
- * On out, size of base in bytes.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set.
- */
- int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz,
- byte* g, word32* gInOutSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int ret;
- int length;
- if (GetSequence(input, &idx, &length, inSz) <= 0)
- return ASN_PARSE_E;
- ret = GetASNInt(input, &idx, &length, inSz);
- if (ret != 0)
- return ret;
- if (length <= (int)*pInOutSz) {
- XMEMCPY(p, &input[idx], (size_t)length);
- *pInOutSz = (word32)length;
- }
- else {
- return BUFFER_E;
- }
- idx += (word32)length;
- ret = GetASNInt(input, &idx, &length, inSz);
- if (ret != 0)
- return ret;
- if (length <= (int)*gInOutSz) {
- XMEMCPY(g, &input[idx], (size_t)length);
- *gInOutSz = (word32)length;
- }
- else {
- return BUFFER_E;
- }
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, dhParamASN_Length);
- word32 idx = 0;
- int ret = 0;
- /* Make sure pointers are valid before use. */
- if ((input == NULL) || (p == NULL) || (pInOutSz == NULL) || (g == NULL) ||
- (gInOutSz == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNGETDATA(dataASN, dhParamASN_Length, ret, NULL);
- if (ret == 0) {
- /* Set the buffers to copy p and g into. */
- GetASN_Buffer(&dataASN[DHPARAMASN_IDX_PRIME], p, pInOutSz);
- GetASN_Buffer(&dataASN[DHPARAMASN_IDX_BASE], g, gInOutSz);
- /* Decode the DH Parameters. */
- ret = GetASN_Items(dhParamASN, dataASN, dhParamASN_Length, 1, input,
- &idx, inSz);
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* !NO_DH */
- #ifndef NO_DSA
- static mp_int* GetDsaInt(DsaKey* key, int idx)
- {
- if (idx == 0)
- return &key->p;
- if (idx == 1)
- return &key->q;
- if (idx == 2)
- return &key->g;
- if (idx == 3)
- return &key->y;
- if (idx == 4)
- return &key->x;
- return NULL;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for DSA public and private keys.
- * Public key: seq, p, q, g, y
- * Private key: seq, version, p, q, g, y, x
- * RFC 3279, 2.3.2 - DSA in SubjectPublicKeyInfo
- */
- static const ASNItem dsaKeyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* VER */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* P */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* Q */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* G */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* Y */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* X */ { 1, ASN_INTEGER, 0, 0, 0 },
- };
- enum {
- DSAKEYASN_IDX_SEQ = 0,
- DSAKEYASN_IDX_VER,
- DSAKEYASN_IDX_P,
- DSAKEYASN_IDX_Q,
- DSAKEYASN_IDX_G,
- DSAKEYASN_IDX_Y,
- DSAKEYASN_IDX_X
- };
- /* Number of items in ASN.1 template for DSA private key. */
- #define dsaKeyASN_Length (sizeof(dsaKeyASN) / sizeof(ASNItem))
- /* Number of items in ASN.1 template for DSA public key. */
- #define dsaPublicKeyASN_Length ((sizeof(dsaKeyASN) / sizeof(ASNItem)) - 2)
- /* ASN.1 template for PublicKeyInfo with DSA.
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * RFC 3279, 2.3.2 - DSA in SubjectPublicKeyInfo
- */
- static const ASNItem dsaPubKeyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* ALGOID_PARAMS */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* p */
- /* ALGOID_PARAMS_P */ { 3, ASN_INTEGER, 0, 0, 0 },
- /* q */
- /* ALGOID_PARAMS_Q */ { 3, ASN_INTEGER, 0, 0, 0 },
- /* g */
- /* ALGOID_PARAMS_G */ { 3, ASN_INTEGER, 0, 0, 0 },
- /* PUBKEY_STR */ { 1, ASN_BIT_STRING, 0, 1, 1 },
- /* y */
- /* PUBKEY_Y */ { 2, ASN_INTEGER, 0, 0, 0 },
- };
- enum {
- DSAPUBKEYASN_IDX_SEQ = 0,
- DSAPUBKEYASN_IDX_ALGOID_SEQ,
- DSAPUBKEYASN_IDX_ALGOID_OID,
- DSAPUBKEYASN_IDX_ALGOID_PARAMS,
- DSAPUBKEYASN_IDX_ALGOID_PARAMS_P,
- DSAPUBKEYASN_IDX_ALGOID_PARAMS_Q,
- DSAPUBKEYASN_IDX_ALGOID_PARAMS_G,
- DSAPUBKEYASN_IDX_PUBKEY_STR,
- DSAPUBKEYASN_IDX_PUBKEY_Y
- };
- /* Number of items in ASN.1 template for PublicKeyInfo with DSA. */
- #define dsaPubKeyASN_Length (sizeof(dsaPubKeyASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* Decode DSA public key.
- *
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * RFC 3279, 2.3.2 - DSA in SubjectPublicKeyInfo
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of DSA public key.
- * On out, start of ASN.1 item after DSA public key.
- * @param [in, out] key DSA key object.
- * @param [in] inSz Number of bytes in buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
- word32 inSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length;
- int ret = 0;
- word32 oid;
- word32 maxIdx;
- if (input == NULL || inOutIdx == NULL || key == NULL)
- return BAD_FUNC_ARG;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- maxIdx = (word32)(*inOutIdx + (word32)length);
- if (GetInt(&key->p, input, inOutIdx, maxIdx) < 0 ||
- GetInt(&key->q, input, inOutIdx, maxIdx) < 0 ||
- GetInt(&key->g, input, inOutIdx, maxIdx) < 0 ||
- GetInt(&key->y, input, inOutIdx, maxIdx) < 0 )
- ret = ASN_DH_KEY_E;
- if (ret != 0) {
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- ret = GetObjectId(input, inOutIdx, &oid, oidIgnoreType, inSz);
- if (ret != 0)
- return ret;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->g, input, inOutIdx, inSz) < 0)
- return ASN_DH_KEY_E;
- if (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) < 0)
- return ASN_PARSE_E;
- if (GetInt(&key->y, input, inOutIdx, inSz) < 0 )
- return ASN_DH_KEY_E;
- ret = 0;
- }
- key->type = DSA_PUBLIC;
- return ret;
- #else
- /* dsaPubKeyASN is longer than dsaPublicKeyASN. */
- DECL_ASNGETDATA(dataASN, dsaPubKeyASN_Length);
- int ret = 0;
- /* Validated parameters. */
- if ((input == NULL) || (inOutIdx == NULL) || (key == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- ALLOC_ASNGETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- int i;
- /* Clear dynamic data items. */
- XMEMSET(dataASN, 0, sizeof(ASNGetData) * dsaPublicKeyASN_Length);
- /* seq
- * p, q, g, y
- * Start DSA ints from DSAKEYASN_IDX_VER instead of DSAKEYASN_IDX_P */
- for (i = 0; i < DSA_INTS - 1; i++)
- GetASN_MP(&dataASN[(int)DSAKEYASN_IDX_VER + i], GetDsaInt(key, i));
- /* Parse as simple form. */
- ret = GetASN_Items(dsaKeyASN, dataASN, dsaPublicKeyASN_Length, 0, input,
- inOutIdx, inSz);
- if (ret != 0) {
- /* Clear dynamic data items. */
- XMEMSET(dataASN, 0, sizeof(ASNGetData) * dsaPubKeyASN_Length);
- /* Set DSA OID to expect. */
- GetASN_ExpBuffer(&dataASN[DSAPUBKEYASN_IDX_ALGOID_OID],
- keyDsaOid, sizeof(keyDsaOid));
- /* p, q, g */
- for (i = 0; i < DSA_INTS - 2; i++)
- GetASN_MP(&dataASN[(int)DSAPUBKEYASN_IDX_ALGOID_PARAMS_P + i],
- GetDsaInt(key, i));
- /* y */
- GetASN_MP(&dataASN[DSAPUBKEYASN_IDX_PUBKEY_Y], GetDsaInt(key, i));
- /* Parse as SubjectPublicKeyInfo. */
- ret = GetASN_Items(dsaPubKeyASN, dataASN, dsaPubKeyASN_Length, 1,
- input, inOutIdx, inSz);
- }
- }
- if (ret == 0) {
- /* Data parsed - set type of key parsed. */
- key->type = DSA_PUBLIC;
- }
- FREE_ASNGETDATA(dataASN, key->heap);
- return ret;
- #endif
- }
- int wc_DsaParamsDecode(const byte* input, word32* inOutIdx, DsaKey* key,
- word32 inSz)
- {
- int length;
- word32 maxIdx;
- if (input == NULL || inOutIdx == NULL || key == NULL)
- return BAD_FUNC_ARG;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- maxIdx = (word32)(*inOutIdx + (word32)length);
- if (GetInt(&key->p, input, inOutIdx, maxIdx) < 0 ||
- GetInt(&key->q, input, inOutIdx, maxIdx) < 0 ||
- GetInt(&key->g, input, inOutIdx, maxIdx) < 0)
- return ASN_DH_KEY_E;
- return 0;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for a DSA key holding private key in an OCTET_STRING. */
- static const ASNItem dsaKeyOctASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* p */
- /* P */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* q */
- /* Q */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* g */
- /* G */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* Private key */
- /* PKEY_STR */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- /* x */
- /* X */ { 2, ASN_INTEGER, 0, 0, 0 },
- };
- enum {
- DSAKEYOCTASN_IDX_SEQ = 0,
- DSAKEYOCTASN_IDX_P,
- DSAKEYOCTASN_IDX_Q,
- DSAKEYOCTASN_IDX_G,
- DSAKEYOCTASN_IDX_PKEY_STR,
- DSAKEYOCTASN_IDX_X
- };
- /* Number of items in ASN.1 template for a DSA key (OCTET_STRING version). */
- #define dsaKeyOctASN_Length (sizeof(dsaKeyOctASN) / sizeof(ASNItem))
- #endif
- /* Decode DSA private key.
- *
- * @param [in] input Buffer holding BER encoded data.
- * @param [in, out] inOutIdx On in, start of DSA public key.
- * On out, start of ASN.1 item after DSA public key.
- * @param [in, out] key DSA key object.
- * @param [in] inSz Number of bytes in buffer.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- */
- int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
- word32 inSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length, version, ret = 0, temp = 0;
- word32 algId = 0;
- /* Sanity checks on input */
- if (input == NULL || inOutIdx == NULL || key == NULL) {
- return BAD_FUNC_ARG;
- }
- /* if has pkcs8 header skip it */
- if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) {
- /* ignore error, did not have pkcs8 header */
- }
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- temp = (int)*inOutIdx;
- /* Default case expects a certificate with OctetString but no version ID */
- ret = GetInt(&key->p, input, inOutIdx, inSz);
- if (ret < 0) {
- mp_clear(&key->p);
- ret = ASN_PARSE_E;
- }
- else {
- ret = GetInt(&key->q, input, inOutIdx, inSz);
- if (ret < 0) {
- mp_clear(&key->p);
- mp_clear(&key->q);
- ret = ASN_PARSE_E;
- }
- else {
- ret = GetInt(&key->g, input, inOutIdx, inSz);
- if (ret < 0) {
- mp_clear(&key->p);
- mp_clear(&key->q);
- mp_clear(&key->g);
- ret = ASN_PARSE_E;
- }
- else {
- ret = GetOctetString(input, inOutIdx, &length, inSz);
- if (ret < 0) {
- mp_clear(&key->p);
- mp_clear(&key->q);
- mp_clear(&key->g);
- ret = ASN_PARSE_E;
- }
- else {
- ret = GetInt(&key->y, input, inOutIdx, inSz);
- if (ret < 0) {
- mp_clear(&key->p);
- mp_clear(&key->q);
- mp_clear(&key->g);
- mp_clear(&key->y);
- ret = ASN_PARSE_E;
- }
- }
- }
- }
- }
- /* An alternate pass if default certificate fails parsing */
- if (ret == ASN_PARSE_E) {
- *inOutIdx = (word32)temp;
- if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
- return ASN_PARSE_E;
- if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->g, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->y, input, inOutIdx, inSz) < 0 ||
- GetInt(&key->x, input, inOutIdx, inSz) < 0 )
- return ASN_DH_KEY_E;
- }
- key->type = DSA_PRIVATE;
- return 0;
- #else
- /* dsaKeyASN is longer than dsaKeyOctASN. */
- DECL_ASNGETDATA(dataASN, dsaKeyASN_Length);
- int ret = 0;
- byte version = 0;
- /* Sanity checks on input */
- if ((input == NULL) || (inOutIdx == NULL) || (key == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNGETDATA(dataASN, dsaKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- int i;
- /* Try dsaKeyOctASN */
- /* Initialize key data and set mp_ints for params */
- for (i = 0; i < DSA_INTS - 2; i++) {
- GetASN_MP(&dataASN[(int)DSAKEYOCTASN_IDX_P + i], GetDsaInt(key, i));
- }
- /* and priv */
- GetASN_MP(&dataASN[DSAKEYOCTASN_IDX_X], GetDsaInt(key, i));
- /* Try simple form. */
- ret = GetASN_Items(dsaKeyOctASN, dataASN, dsaKeyOctASN_Length, 1, input,
- inOutIdx, inSz);
- if (ret != 0) {
- /* Try dsaKeyASN */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * dsaKeyASN_Length);
- GetASN_Int8Bit(&dataASN[DSAKEYASN_IDX_VER], &version);
- for (i = 0; i < DSA_INTS; i++) {
- mp_int* n = GetDsaInt(key, i);
- mp_clear(n);
- GetASN_MP(&dataASN[(int)DSAKEYASN_IDX_P + i], n);
- }
- /* Try simple OCTET_STRING form. */
- ret = GetASN_Items(dsaKeyASN, dataASN, dsaKeyASN_Length, 1, input,
- inOutIdx, inSz);
- }
- }
- if (ret == 0) {
- /* Set the contents to be a private key. */
- key->type = DSA_PRIVATE;
- }
- FREE_ASNGETDATA(dataASN, key->heap);
- return ret;
- #endif
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* Release Tmp DSA resources */
- static WC_INLINE void FreeTmpDsas(byte** tmps, void* heap, int ints)
- {
- int i;
- for (i = 0; i < ints; i++)
- XFREE(tmps[i], heap, DYNAMIC_TYPE_DSA);
- (void)heap;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
- defined(WOLFSSL_CERT_GEN))
- /* Encode a DSA public key into buffer.
- *
- * @param [out] output Buffer to hold encoded data.
- * @param [in] key DSA key object.
- * @param [out] outLen Length of buffer.
- * @param [out] with_header Whether to encode in SubjectPublicKeyInfo block.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when output or key is NULL, or buffer size is less
- * than a minimal size (5 bytes), or buffer size is smaller than
- * encoding size.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* p, g, q = DSA params, y = public exponent */
- #ifdef WOLFSSL_SMALL_STACK
- byte* p = NULL;
- byte* g = NULL;
- byte* q = NULL;
- byte* y = NULL;
- #else
- byte p[MAX_DSA_INT_SZ];
- byte g[MAX_DSA_INT_SZ];
- byte q[MAX_DSA_INT_SZ];
- byte y[MAX_DSA_INT_SZ];
- #endif
- byte innerSeq[MAX_SEQ_SZ];
- byte outerSeq[MAX_SEQ_SZ];
- byte bitString[1 + MAX_LENGTH_SZ + 1];
- int pSz, gSz, qSz, ySz;
- word32 idx, innerSeqSz, outerSeqSz, bitStringSz = 0;
- WOLFSSL_ENTER("wc_SetDsaPublicKey");
- if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ) {
- return BAD_FUNC_ARG;
- }
- /* p */
- #ifdef WOLFSSL_SMALL_STACK
- p = (byte*)XMALLOC(MAX_DSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (p == NULL)
- return MEMORY_E;
- #endif
- if ((pSz = SetASNIntMP(&key->p, MAX_DSA_INT_SZ, p)) < 0) {
- WOLFSSL_MSG("SetASNIntMP Error with p");
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return pSz;
- }
- /* q */
- #ifdef WOLFSSL_SMALL_STACK
- q = (byte*)XMALLOC(MAX_DSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (q == NULL)
- return MEMORY_E;
- #endif
- if ((qSz = SetASNIntMP(&key->q, MAX_DSA_INT_SZ, q)) < 0) {
- WOLFSSL_MSG("SetASNIntMP Error with q");
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return qSz;
- }
- /* g */
- #ifdef WOLFSSL_SMALL_STACK
- g = (byte*)XMALLOC(MAX_DSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (g == NULL)
- return MEMORY_E;
- #endif
- if ((gSz = SetASNIntMP(&key->g, MAX_DSA_INT_SZ, g)) < 0) {
- WOLFSSL_MSG("SetASNIntMP Error with g");
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return gSz;
- }
- /* y */
- #ifdef WOLFSSL_SMALL_STACK
- y = (byte*)XMALLOC(MAX_DSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (y == NULL)
- return MEMORY_E;
- #endif
- if ((ySz = SetASNIntMP(&key->y, MAX_DSA_INT_SZ, y)) < 0) {
- WOLFSSL_MSG("SetASNIntMP Error with y");
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ySz;
- }
- if (with_header) {
- word32 algoSz;
- #ifdef WOLFSSL_SMALL_STACK
- byte* algo = NULL;
- algo = (byte*)XMALLOC(MAX_ALGO_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (algo == NULL) {
- XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
- #else
- byte algo[MAX_ALGO_SZ];
- #endif
- innerSeqSz = SetSequence((word32)(pSz + qSz + gSz), innerSeq);
- algoSz = SetAlgoID(DSAk, algo, oidKeyType, 0);
- bitStringSz = SetBitString((word32)ySz, 0, bitString);
- outerSeqSz = SetSequence(algoSz + innerSeqSz +
- (word32)(pSz + qSz + gSz), outerSeq);
- idx = SetSequence(algoSz + innerSeqSz + (word32)(pSz + qSz + gSz) +
- bitStringSz + (word32)ySz + outerSeqSz, output);
- /* check output size */
- if ((idx + algoSz + bitStringSz + innerSeqSz +
- (word32)(pSz + qSz + gSz + ySz)) > (word32)outLen)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_MSG("Error, output size smaller than outlen");
- return BUFFER_E;
- }
- /* outerSeq */
- XMEMCPY(output + idx, outerSeq, outerSeqSz);
- idx += outerSeqSz;
- /* algo */
- XMEMCPY(output + idx, algo, algoSz);
- idx += algoSz;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- } else {
- innerSeqSz = SetSequence((word32)(pSz + qSz + gSz + ySz), innerSeq);
- /* check output size */
- if ((innerSeqSz + (word32)(pSz + qSz + gSz + ySz)) > (word32)outLen) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_MSG("Error, output size smaller than outlen");
- return BUFFER_E;
- }
- idx = 0;
- }
- /* innerSeq */
- XMEMCPY(output + idx, innerSeq, innerSeqSz);
- idx += innerSeqSz;
- /* p */
- XMEMCPY(output + idx, p, (size_t)pSz);
- idx += (word32)pSz;
- /* q */
- XMEMCPY(output + idx, q, (size_t)qSz);
- idx += (word32)qSz;
- /* g */
- XMEMCPY(output + idx, g, (size_t)gSz);
- idx += (word32)gSz;
- /* bit string */
- if (bitStringSz > 0) {
- XMEMCPY(output + idx, bitString, bitStringSz);
- idx += bitStringSz;
- }
- /* y */
- XMEMCPY(output + idx, y, (size_t)ySz);
- idx += (word32)ySz;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return (int)idx;
- #else
- DECL_ASNSETDATA(dataASN, dsaPubKeyASN_Length);
- int ret = 0;
- int i;
- int sz = 0;
- const ASNItem *data = NULL;
- int count = 0;
- WOLFSSL_ENTER("wc_SetDsaPublicKey");
- if ((output == NULL) || (key == NULL) || (outLen < MAX_SEQ_SZ)) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNSETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- if (with_header) {
- /* Using dsaPubKeyASN */
- data = dsaPubKeyASN;
- count = dsaPubKeyASN_Length;
- /* Set the algorithm OID to write out. */
- SetASN_OID(&dataASN[DSAPUBKEYASN_IDX_ALGOID_OID], DSAk, oidKeyType);
- /* Set the mp_ints to encode - parameters and public value. */
- for (i = 0; i < DSA_INTS - 2; i++) {
- SetASN_MP(&dataASN[(int)DSAPUBKEYASN_IDX_ALGOID_PARAMS_P + i],
- GetDsaInt(key, i));
- }
- SetASN_MP(&dataASN[DSAPUBKEYASN_IDX_PUBKEY_Y], GetDsaInt(key, i));
- }
- else {
- /* Using dsaKeyASN */
- data = dsaKeyASN;
- count = dsaPublicKeyASN_Length;
- /* Set the mp_ints to encode - parameters and public value. */
- for (i = 0; i < DSA_INTS - 1; i++) {
- /* Move all DSA ints up one slot (ignore VERSION so now
- * it means P) */
- SetASN_MP(&dataASN[(int)DSAKEYASN_IDX_VER + i],
- GetDsaInt(key, i));
- }
- }
- ret = SizeASN_Items(data, dataASN, count, &sz);
- }
- /* Check buffer is big enough for encoding. */
- if ((ret == 0) && (sz > (int)outLen)) {
- ret = BAD_FUNC_ARG;
- }
- /* Encode the DSA public key into output buffer. */
- if (ret == 0) {
- ret = SetASN_Items(data, dataASN, count, output);
- }
- FREE_ASNSETDATA(dataASN, key->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Encode a DSA public key into buffer.
- *
- * @param [out] output Buffer to hold encoded data.
- * @param [in] key DSA key object.
- * @param [out] outLen Length of buffer.
- * @param [out] with_header Whether to encode in SubjectPublicKeyInfo block.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when output or key is NULL, or buffer size is less
- * than a minimal size (5 bytes), or buffer size is smaller than
- * encoding size.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- int wc_DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen)
- {
- return wc_SetDsaPublicKey(output, key, (int)inLen, 1);
- }
- #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */
- static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
- int ints, int includeVersion)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen, j;
- word32 sizes[DSA_INTS];
- int i, ret = 0;
- byte seq[MAX_SEQ_SZ];
- byte ver[MAX_VERSION_SZ];
- byte* tmps[DSA_INTS];
- if (ints > DSA_INTS || inLen == NULL)
- return BAD_FUNC_ARG;
- XMEMSET(sizes, 0, sizeof(sizes));
- for (i = 0; i < ints; i++)
- tmps[i] = NULL;
- /* write all big ints from key to DER tmps */
- for (i = 0; i < ints; i++) {
- int mpSz;
- mp_int* keyInt = GetDsaInt(key, i);
- word32 rawLen = (word32)mp_unsigned_bin_size(keyInt) + 1;
- tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
- DYNAMIC_TYPE_DSA);
- if (tmps[i] == NULL) {
- ret = MEMORY_E;
- break;
- }
- mpSz = SetASNIntMP(keyInt, -1, tmps[i]);
- if (mpSz < 0) {
- ret = mpSz;
- break;
- }
- sizes[i] = (word32)mpSz;
- intTotalLen += (word32)mpSz;
- }
- if (ret != 0) {
- FreeTmpDsas(tmps, key->heap, ints);
- return ret;
- }
- /* make headers */
- if (includeVersion)
- verSz = (word32)SetMyVersion(0, ver, FALSE);
- seqSz = SetSequence(verSz + intTotalLen, seq);
- outLen = seqSz + verSz + intTotalLen;
- *inLen = outLen;
- if (output == NULL) {
- FreeTmpDsas(tmps, key->heap, ints);
- return LENGTH_ONLY_E;
- }
- if (outLen > *inLen) {
- FreeTmpDsas(tmps, key->heap, ints);
- return BAD_FUNC_ARG;
- }
- /* write to output */
- XMEMCPY(output, seq, seqSz);
- j = seqSz;
- if (includeVersion) {
- XMEMCPY(output + j, ver, verSz);
- j += verSz;
- }
- for (i = 0; i < ints; i++) {
- XMEMCPY(output + j, tmps[i], sizes[i]);
- j += sizes[i];
- }
- FreeTmpDsas(tmps, key->heap, ints);
- return (int)outLen;
- #else
- DECL_ASNSETDATA(dataASN, dsaKeyASN_Length);
- int ret = 0;
- int sz = 0;
- (void)ints;
- if ((key == NULL) || (inLen == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- if ((ret == 0) && (ints > DSA_INTS)) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNSETDATA(dataASN, dsaKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- int i;
- if (includeVersion) {
- /* Set the version. */
- SetASN_Int8Bit(&dataASN[DSAKEYASN_IDX_VER], 0);
- }
- else {
- dataASN[DSAKEYASN_IDX_VER].noOut = 1;
- }
- dataASN[DSAKEYASN_IDX_Y].noOut = mp_iszero(&key->y);
- dataASN[DSAKEYASN_IDX_X].noOut = mp_iszero(&key->x);
- /* Set the mp_ints to encode - params, public and private value. */
- for (i = 0; i < DSA_INTS; i++) {
- if (i < ints)
- SetASN_MP(&dataASN[(int)DSAKEYASN_IDX_P + i], GetDsaInt(key, i));
- else
- dataASN[(int)DSAKEYASN_IDX_P + i].noOut = 1;
- }
- /* Calculate size of the encoding. */
- ret = SizeASN_Items(dsaKeyASN, dataASN, dsaKeyASN_Length, &sz);
- }
- if ((ret == 0) && (output == NULL)) {
- *inLen = (word32)sz;
- ret = LENGTH_ONLY_E;
- }
- /* Check buffer is big enough for encoding. */
- if ((ret == 0) && (sz > (int)*inLen)) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- /* Encode the DSA private key into output buffer. */
- SetASN_Items(dsaKeyASN, dataASN, dsaKeyASN_Length, output);
- /* Return the size of the encoding. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, key->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Encode a DSA private key into buffer.
- *
- * @param [in] key DSA key object.
- * @param [out] output Buffer to hold encoded data.
- * @param [out] inLen Length of buffer.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when key or output is NULL, or key is not a private key
- * or, buffer size is smaller than encoding size.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
- {
- if (!key || !output)
- return BAD_FUNC_ARG;
- if (key->type != DSA_PRIVATE)
- return BAD_FUNC_ARG;
- return DsaKeyIntsToDer(key, output, &inLen, DSA_INTS, 1);
- }
- /* Convert DsaKey parameters to DER format, write to output (inLen),
- return bytes written. Version is excluded to be compatible with
- OpenSSL d2i_DSAparams */
- int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen)
- {
- if (!key || !output)
- return BAD_FUNC_ARG;
- return DsaKeyIntsToDer(key, output, &inLen, DSA_PARAM_INTS, 0);
- }
- /* This version of the function allows output to be NULL. In that case, the
- DsaKeyIntsToDer will return LENGTH_ONLY_E and the required output buffer
- size will be pointed to by inLen. */
- int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen)
- {
- if (!key || !inLen)
- return BAD_FUNC_ARG;
- return DsaKeyIntsToDer(key, output, inLen, DSA_PARAM_INTS, 0);
- }
- #endif /* NO_DSA */
- #ifndef NO_CERTS
- /* Initialize decoded certificate object with buffer of DER encoding.
- *
- * @param [in, out] cert Decoded certificate object.
- * @param [in] source Buffer containing DER encoded certificate.
- * @param [in] inSz Size of DER data in buffer in bytes.
- * @param [in] heap Dynamic memory hint.
- */
- void InitDecodedCert(DecodedCert* cert,
- const byte* source, word32 inSz, void* heap)
- {
- InitDecodedCert_ex(cert, source, inSz, heap, INVALID_DEVID);
- }
- /* Initialize decoded certificate object with buffer of DER encoding.
- *
- * @param [in, out] cert Decoded certificate object.
- * @param [in] source Buffer containing DER encoded certificate.
- * @param [in] inSz Size of DER data in buffer in bytes.
- * @param [in] heap Dynamic memory hint.
- * @param [in] devId Crypto callback ID to use.
- */
- void InitDecodedCert_ex(DecodedCert* cert,
- const byte* source, word32 inSz, void* heap, int devId)
- {
- if (cert != NULL) {
- XMEMSET(cert, 0, sizeof(DecodedCert));
- cert->subjectCNEnc = CTC_UTF8;
- cert->issuer[0] = '\0';
- cert->subject[0] = '\0';
- cert->source = source; /* don't own */
- cert->maxIdx = inSz; /* can't go over this index */
- cert->heap = heap;
- cert->maxPathLen = WOLFSSL_MAX_PATH_LEN;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- #ifdef WOLFSSL_CERT_NAME_ALL
- cert->subjectNEnc = CTC_UTF8;
- cert->subjectIEnc = CTC_UTF8;
- cert->subjectDNQEnc = CTC_UTF8;
- cert->subjectGNEnc = CTC_UTF8;
- #endif
- cert->subjectSNEnc = CTC_UTF8;
- cert->subjectCEnc = CTC_PRINTABLE;
- cert->subjectLEnc = CTC_UTF8;
- cert->subjectSTEnc = CTC_UTF8;
- cert->subjectOEnc = CTC_UTF8;
- cert->subjectOUEnc = CTC_UTF8;
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- cert->issuerSNEnc = CTC_UTF8;
- cert->issuerCEnc = CTC_PRINTABLE;
- cert->issuerLEnc = CTC_UTF8;
- cert->issuerSTEnc = CTC_UTF8;
- cert->issuerOEnc = CTC_UTF8;
- cert->issuerOUEnc = CTC_UTF8;
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- InitSignatureCtx(&cert->sigCtx, heap, devId);
- }
- }
- void wc_InitDecodedCert(DecodedCert* cert, const byte* source, word32 inSz,
- void* heap)
- {
- InitDecodedCert(cert, source, inSz, heap);
- }
- /* Free the alternative names object.
- *
- * Frees each linked list items and its name.
- *
- * @param [in, out] altNames Alternative names.
- * @param [in] heap Dynamic memory hint.
- */
- void FreeAltNames(DNS_entry* altNames, void* heap)
- {
- (void)heap;
- while (altNames) {
- DNS_entry* tmp = altNames->next;
- XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME);
- #endif
- #if defined(OPENSSL_ALL)
- XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME);
- #endif
- XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME);
- altNames = tmp;
- }
- }
- /* malloc and initialize a new alt name structure */
- DNS_entry* AltNameNew(void* heap)
- {
- DNS_entry* ret;
- ret = (DNS_entry*)XMALLOC(sizeof(DNS_entry), heap, DYNAMIC_TYPE_ALTNAME);
- if (ret != NULL) {
- XMEMSET(ret, 0, sizeof(DNS_entry));
- }
- (void)heap;
- return ret;
- }
- #ifndef IGNORE_NAME_CONSTRAINTS
- /* Free the subtree names object.
- *
- * Frees each linked list items and its name.
- *
- * @param [in, out] names Subtree names.
- * @param [in] heap Dynamic memory hint.
- */
- void FreeNameSubtrees(Base_entry* names, void* heap)
- {
- (void)heap;
- while (names) {
- Base_entry* tmp = names->next;
- XFREE(names->name, heap, DYNAMIC_TYPE_ALTNAME);
- XFREE(names, heap, DYNAMIC_TYPE_ALTNAME);
- names = tmp;
- }
- }
- #endif /* IGNORE_NAME_CONSTRAINTS */
- /* Free the decoded cert object's dynamic data.
- *
- * @param [in, out] cert Decoded certificate object.
- */
- void FreeDecodedCert(DecodedCert* cert)
- {
- if (cert == NULL)
- return;
- if (cert->subjectCNStored == 1) {
- XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
- }
- if (cert->pubKeyStored == 1) {
- XFREE((void*)cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
- }
- if (cert->weOwnAltNames && cert->altNames)
- FreeAltNames(cert->altNames, cert->heap);
- #ifndef IGNORE_NAME_CONSTRAINTS
- if (cert->altEmailNames)
- FreeAltNames(cert->altEmailNames, cert->heap);
- if (cert->altDirNames)
- FreeAltNames(cert->altDirNames, cert->heap);
- if (cert->permittedNames)
- FreeNameSubtrees(cert->permittedNames, cert->heap);
- if (cert->excludedNames)
- FreeNameSubtrees(cert->excludedNames, cert->heap);
- #endif /* IGNORE_NAME_CONSTRAINTS */
- #ifdef WOLFSSL_SEP
- XFREE(cert->deviceType, cert->heap, DYNAMIC_TYPE_X509_EXT);
- XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT);
- XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT);
- #endif /* WOLFSSL_SEP */
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- if (cert->issuerName != NULL)
- wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->issuerName);
- if (cert->subjectName != NULL)
- wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName);
- #endif /* WOLFSSL_X509_NAME_AVAILABLE */
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
- if (cert->sce_tsip_encRsaKeyIdx != NULL)
- XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA);
- #endif
- FreeSignatureCtx(&cert->sigCtx);
- }
- void wc_FreeDecodedCert(DecodedCert* cert)
- {
- FreeDecodedCert(cert);
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- static int GetCertHeader(DecodedCert* cert)
- {
- int ret = 0, len;
- if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0)
- return ASN_PARSE_E;
- /* Reset the max index for the size indicated in the outer wrapper. */
- cert->maxIdx = (word32)len + cert->srcIdx;
- cert->certBegin = cert->srcIdx;
- if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0)
- return ASN_PARSE_E;
- cert->sigIndex = (word32)len + cert->srcIdx;
- if (cert->sigIndex > cert->maxIdx)
- return ASN_PARSE_E;
- if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version,
- cert->sigIndex) < 0)
- return ASN_PARSE_E;
- if (wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial,
- &cert->serialSz, cert->sigIndex) < 0)
- return ASN_PARSE_E;
- return ret;
- }
- #endif
- #if defined(HAVE_ED25519) || defined(HAVE_ED448) || (defined(HAVE_PQC) && \
- defined(HAVE_LIBOQS))
- /* Store the key data under the BIT_STRING in dynamically allocated data.
- *
- * @param [in, out] cert Certificate object.
- * @param [in] source Buffer containing encoded key.
- * @param [in, out] srcIdx On in, start of key data.
- * On out, start of element after key data.
- * @param [in] maxIdx Maximum index of certificate data.
- */
- static int StoreKey(DecodedCert* cert, const byte* source, word32* srcIdx,
- word32 maxIdx)
- {
- int ret;
- int length;
- byte* publicKey;
- ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL);
- if (ret == 0) {
- #ifdef HAVE_OCSP
- ret = CalcHashId_ex(source + *srcIdx, (word32)length,
- cert->subjectKeyHash, HashIdAlg(cert->signatureOID));
- }
- if (ret == 0) {
- #endif
- publicKey = (byte*)XMALLOC((size_t)length, cert->heap,
- DYNAMIC_TYPE_PUBLIC_KEY);
- if (publicKey == NULL) {
- ret = MEMORY_E;
- }
- else {
- XMEMCPY(publicKey, &source[*srcIdx], (size_t)length);
- cert->publicKey = publicKey;
- cert->pubKeyStored = 1;
- cert->pubKeySize = (word32)length;
- *srcIdx += (word32)length;
- }
- }
- return ret;
- }
- #endif /* HAVE_ED25519 || HAVE_ED448 */
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
- static int SetCurve(ecc_key* key, byte* output, size_t outSz)
- {
- #ifdef HAVE_OID_ENCODING
- int ret;
- #endif
- int idx;
- word32 oidSz = 0;
- /* validate key */
- if (key == NULL || key->dp == NULL) {
- return BAD_FUNC_ARG;
- }
- #ifdef HAVE_OID_ENCODING
- ret = EncodeObjectId(key->dp->oid, key->dp->oidSz, NULL, &oidSz);
- if (ret != 0) {
- return ret;
- }
- #else
- oidSz = key->dp->oidSz;
- #endif
- idx = SetObjectId((int)oidSz, output);
- /* length only */
- if (output == NULL) {
- return idx + (int)oidSz;
- }
- /* verify output buffer has room */
- if (oidSz > outSz)
- return BUFFER_E;
- #ifdef HAVE_OID_ENCODING
- ret = EncodeObjectId(key->dp->oid, key->dp->oidSz, output+idx, &oidSz);
- if (ret != 0) {
- return ret;
- }
- #else
- XMEMCPY(output+idx, key->dp->oid, oidSz);
- #endif
- idx += (int)oidSz;
- return idx;
- }
- #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */
- #ifdef HAVE_ECC
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for ECC public key (SubjectPublicKeyInfo).
- * RFC 5480, 2 - Subject Public Key Information Fields
- * 2.1.1 - Unrestricted Algorithm Identifier and Parameters
- * X9.62 ECC point format.
- * See ASN.1 template 'eccSpecifiedASN' for specifiedCurve.
- */
- static const ASNItem eccPublicKeyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* AlgorithmIdentifier */
- /* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* algorithm */
- /* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* namedCurve */
- /* ALGOID_CURVEID */ { 2, ASN_OBJECT_ID, 0, 0, 2 },
- /* specifiedCurve - explicit parameters */
- /* ALGOID_PARAMS */ { 2, ASN_SEQUENCE, 1, 0, 2 },
- /* Public Key */
- /* PUBKEY */ { 1, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- ECCPUBLICKEYASN_IDX_SEQ = 0,
- ECCPUBLICKEYASN_IDX_ALGOID_SEQ,
- ECCPUBLICKEYASN_IDX_ALGOID_OID,
- ECCPUBLICKEYASN_IDX_ALGOID_CURVEID,
- ECCPUBLICKEYASN_IDX_ALGOID_PARAMS,
- ECCPUBLICKEYASN_IDX_PUBKEY
- };
- /* Number of items in ASN.1 template for ECC public key. */
- #define eccPublicKeyASN_Length (sizeof(eccPublicKeyASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #endif /* HAVE_ECC */
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
- /* Encode public ECC key in DER format.
- *
- * RFC 5480, 2 - Subject Public Key Information Fields
- * 2.1.1 - Unrestricted Algorithm Identifier and Parameters
- * X9.62 ECC point format.
- * SEC 1 Ver. 2.0, C.2 - Syntax for Elliptic Curve Domain Parameters
- *
- * @param [out] output Buffer to put encoded data in.
- * @param [in] key ECC key object.
- * @param [in] outLen Size of buffer in bytes.
- * @param [in] with_header Whether to use SubjectPublicKeyInfo format.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when key or key's parameters is NULL.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
- int with_header, int comp)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- word32 idx = 0, curveSz, algoSz, pubSz, bitStringSz;
- byte bitString[1 + MAX_LENGTH_SZ + 1]; /* 6 */
- byte algo[MAX_ALGO_SZ]; /* 20 */
- /* public size */
- pubSz = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES;
- if (comp)
- pubSz = 1 + pubSz;
- else
- pubSz = 1 + 2 * pubSz;
- /* check for buffer overflow */
- if (output != NULL && pubSz > (word32)outLen) {
- return BUFFER_E;
- }
- /* headers */
- if (with_header) {
- ret = SetCurve(key, NULL, 0);
- if (ret <= 0) {
- return ret;
- }
- curveSz = (word32)ret;
- ret = 0;
- /* calculate size */
- algoSz = SetAlgoID(ECDSAk, algo, oidKeyType, (int)curveSz);
- bitStringSz = SetBitString(pubSz, 0, bitString);
- idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, NULL);
- /* check for buffer overflow */
- if (output != NULL &&
- curveSz + algoSz + bitStringSz + idx + pubSz > (word32)outLen) {
- return BUFFER_E;
- }
- idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz,
- output);
- /* algo */
- if (output)
- XMEMCPY(output + idx, algo, algoSz);
- idx += algoSz;
- /* curve */
- if (output)
- (void)SetCurve(key, output + idx, curveSz);
- idx += curveSz;
- /* bit string */
- if (output)
- XMEMCPY(output + idx, bitString, bitStringSz);
- idx += bitStringSz;
- }
- /* pub */
- if (output) {
- PRIVATE_KEY_UNLOCK();
- ret = wc_ecc_export_x963_ex(key, output + idx, &pubSz, comp);
- PRIVATE_KEY_LOCK();
- if (ret != 0) {
- return ret;
- }
- }
- idx += pubSz;
- return (int)idx;
- #else
- word32 pubSz = 0;
- int sz = 0;
- int ret = 0;
- int curveIdSz = 0;
- byte* curveOid = NULL;
- /* Check key validity. */
- if ((key == NULL) || (key->dp == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- /* Calculate the size of the encoded public point. */
- PRIVATE_KEY_UNLOCK();
- #if defined(HAVE_COMP_KEY) && defined(HAVE_FIPS) && \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
- /* in earlier versions of FIPS the get length functionality is not
- * available with compressed keys */
- pubSz = key->dp ? key->dp->size : MAX_ECC_BYTES;
- if (comp)
- pubSz = 1 + pubSz;
- else
- pubSz = 1 + 2 * pubSz;
- ret = LENGTH_ONLY_E;
- #else
- ret = wc_ecc_export_x963_ex(key, NULL, &pubSz, comp);
- #endif
- PRIVATE_KEY_LOCK();
- /* LENGTH_ONLY_E on success. */
- if (ret == LENGTH_ONLY_E) {
- ret = 0;
- }
- }
- if ((ret == 0) && with_header) {
- /* Including SubjectPublicKeyInfo header. */
- DECL_ASNSETDATA(dataASN, eccPublicKeyASN_Length);
- CALLOC_ASNSETDATA(dataASN, eccPublicKeyASN_Length, ret, key->heap);
- /* Get the length of the named curve OID to put into the encoding. */
- curveIdSz = SetCurve(key, NULL, 0);
- if (curveIdSz < 0) {
- ret = curveIdSz;
- }
- if (ret == 0) {
- /* Set the key type OID. */
- SetASN_OID(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], ECDSAk,
- oidKeyType);
- /* Set the curve OID. */
- SetASN_ReplaceBuffer(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_CURVEID],
- NULL, (word32)curveIdSz);
- /* Don't try to write out explicit parameters. */
- dataASN[ECCPUBLICKEYASN_IDX_ALGOID_PARAMS].noOut = 1;
- /* Set size of public point to ensure space is made for it. */
- SetASN_Buffer(&dataASN[ECCPUBLICKEYASN_IDX_PUBKEY], NULL, pubSz);
- /* Calculate size of ECC public key. */
- ret = SizeASN_Items(eccPublicKeyASN, dataASN,
- eccPublicKeyASN_Length, &sz);
- }
- /* Check buffer, if passed in, is big enough for encoded data. */
- if ((ret == 0) && (output != NULL) && (sz > outLen)) {
- ret = BUFFER_E;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode ECC public key. */
- SetASN_Items(eccPublicKeyASN, dataASN, eccPublicKeyASN_Length,
- output);
- /* Skip to where public point is to be encoded. */
- output += sz - (int)pubSz;
- /* Cache the location to place the name curve OID. */
- curveOid = (byte*)
- dataASN[ECCPUBLICKEYASN_IDX_ALGOID_CURVEID].data.buffer.data;
- }
- FREE_ASNSETDATA(dataASN, key->heap);
- }
- else if ((ret == 0) && (output != NULL) && (pubSz > (word32)outLen)) {
- ret = BUFFER_E;
- }
- else {
- /* Total size is the public point size. */
- sz = (int)pubSz;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Put named curve OID data into encoding. */
- curveIdSz = SetCurve(key, curveOid, (size_t)curveIdSz);
- if (curveIdSz < 0) {
- ret = curveIdSz;
- }
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode public point. */
- PRIVATE_KEY_UNLOCK();
- ret = wc_ecc_export_x963_ex(key, output, &pubSz, comp);
- PRIVATE_KEY_LOCK();
- }
- if (ret == 0) {
- /* Return the size of the encoding. */
- ret = sz;
- }
- return ret;
- #endif
- }
- /* Encode the public part of an ECC key in a DER.
- *
- * Pass NULL for output to get the size of the encoding.
- *
- * @param [in] key ECC key object.
- * @param [out] output Buffer to hold DER encoding.
- * @param [in] inLen Size of buffer in bytes.
- * @param [in] with_AlgCurve Whether to use SubjectPublicKeyInfo format.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when key or key's parameters is NULL.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- WOLFSSL_ABI
- int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen,
- int with_AlgCurve)
- {
- return SetEccPublicKey(output, key, (int)inLen, with_AlgCurve, 0);
- }
- int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output, word32 inLen,
- int with_AlgCurve, int comp)
- {
- return SetEccPublicKey(output, key, (int)inLen, with_AlgCurve, comp);
- }
- int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve)
- {
- return SetEccPublicKey(NULL, key, 0, with_AlgCurve, 0);
- }
- #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */
- #ifdef WOLFSSL_ASN_TEMPLATE
- #if defined(WC_ENABLE_ASYM_KEY_EXPORT) || defined(WC_ENABLE_ASYM_KEY_IMPORT)
- /* ASN.1 template for Ed25519 and Ed448 public key (SubkectPublicKeyInfo).
- * RFC 8410, 4 - Subject Public Key Fields
- */
- static const ASNItem edPubKeyASN[] = {
- /* SubjectPublicKeyInfo */
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* AlgorithmIdentifier */
- /* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* Ed25519/Ed448 OID */
- /* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 1 },
- /* Public key stream */
- /* PUBKEY */ { 1, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- EDPUBKEYASN_IDX_SEQ = 0,
- EDPUBKEYASN_IDX_ALGOID_SEQ,
- EDPUBKEYASN_IDX_ALGOID_OID,
- EDPUBKEYASN_IDX_PUBKEY
- };
- /* Number of items in ASN.1 template for Ed25519 and Ed448 public key. */
- #define edPubKeyASN_Length (sizeof(edPubKeyASN) / sizeof(ASNItem))
- #endif /* WC_ENABLE_ASYM_KEY_EXPORT || WC_ENABLE_ASYM_KEY_IMPORT */
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #ifdef WC_ENABLE_ASYM_KEY_EXPORT
- /* Build ASN.1 formatted public key based on RFC 8410
- *
- * Pass NULL for output to get the size of the encoding.
- *
- * @param [in] pubKey public key buffer
- * @param [in] pubKeyLen public key buffer length
- * @param [out] output Buffer to put encoded data in (optional)
- * @param [in] outLen Size of buffer in bytes
- * @param [in] keyType is "enum Key_Sum" like ED25519k
- * @param [in] withHeader Whether to include SubjectPublicKeyInfo around key.
- * @return Size of encoded data in bytes on success
- * @return BAD_FUNC_ARG when key is NULL.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
- byte* output, word32 outLen, int keyType, int withHeader)
- {
- int ret = 0;
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- word32 seqDataSz = 0;
- word32 sz;
- #else
- int sz = 0;
- DECL_ASNSETDATA(dataASN, edPubKeyASN_Length);
- #endif
- if (pubKey == NULL) {
- return BAD_FUNC_ARG;
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* calculate size */
- if (withHeader) {
- word32 algoSz = SetAlgoID(keyType, NULL, oidKeyType, 0);
- word32 bitStringSz = SetBitString(pubKeyLen, 0, NULL);
- seqDataSz = algoSz + bitStringSz + pubKeyLen;
- sz = SetSequence(seqDataSz, NULL) + seqDataSz;
- }
- else {
- sz = pubKeyLen;
- }
- /* checkout output size */
- if (output != NULL && sz > outLen) {
- ret = BUFFER_E;
- }
- /* headers */
- if (ret == 0 && output != NULL && withHeader) {
- /* sequence */
- idx = SetSequence(seqDataSz, output);
- /* algo */
- idx += SetAlgoID(keyType, output + idx, oidKeyType, 0);
- /* bit string */
- idx += SetBitString(pubKeyLen, 0, output + idx);
- }
- if (ret == 0 && output != NULL) {
- /* pub */
- XMEMCPY(output + idx, pubKey, pubKeyLen);
- idx += pubKeyLen;
- sz = idx;
- }
- if (ret == 0) {
- ret = (int)sz;
- }
- #else
- if (withHeader) {
- CALLOC_ASNSETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
- if (ret == 0) {
- /* Set the OID. */
- SetASN_OID(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], (word32)keyType,
- oidKeyType);
- /* Leave space for public point. */
- SetASN_Buffer(&dataASN[EDPUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
- /* Calculate size of public key encoding. */
- ret = SizeASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, &sz);
- }
- if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) {
- ret = BUFFER_E;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode public key. */
- SetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, output);
- /* Set location to encode public point. */
- output = (byte*)dataASN[EDPUBKEYASN_IDX_PUBKEY].data.buffer.data;
- }
- FREE_ASNSETDATA(dataASN, NULL);
- }
- else if ((output != NULL) && (pubKeyLen > outLen)) {
- ret = BUFFER_E;
- }
- else if (ret == 0) {
- sz = (int)pubKeyLen;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Put public key into space provided. */
- XMEMCPY(output, pubKey, pubKeyLen);
- }
- if (ret == 0) {
- ret = sz;
- }
- #endif /* WOLFSSL_ASN_TEMPLATE */
- return ret;
- }
- #endif /* WC_ENABLE_ASYM_KEY_EXPORT */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- /* Encode the public part of an Ed25519 key in DER.
- *
- * Pass NULL for output to get the size of the encoding.
- *
- * @param [in] key Ed25519 key object.
- * @param [out] output Buffer to put encoded data in.
- * @param [in] outLen Size of buffer in bytes.
- * @param [in] withAlg Whether to use SubjectPublicKeyInfo format.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when key is NULL.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- int wc_Ed25519PublicKeyToDer(ed25519_key* key, byte* output, word32 inLen,
- int withAlg)
- {
- int ret;
- byte pubKey[ED25519_PUB_KEY_SIZE];
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- ret = wc_ed25519_export_public(key, pubKey, &pubKeyLen);
- if (ret == 0) {
- ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, output, inLen,
- ED25519k, withAlg);
- }
- return ret;
- }
- #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT */
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- /* Encode the public part of an Ed448 key in DER.
- *
- * Pass NULL for output to get the size of the encoding.
- *
- * @param [in] key Ed448 key object.
- * @param [out] output Buffer to put encoded data in.
- * @param [in] outLen Size of buffer in bytes.
- * @param [in] withAlg Whether to use SubjectPublicKeyInfo format.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when key is NULL.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- int wc_Ed448PublicKeyToDer(ed448_key* key, byte* output, word32 inLen,
- int withAlg)
- {
- int ret;
- byte pubKey[ED448_PUB_KEY_SIZE];
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- ret = wc_ed448_export_public(key, pubKey, &pubKeyLen);
- if (ret == 0) {
- ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, output, inLen,
- ED448k, withAlg);
- }
- return ret;
- }
- #endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT */
- #if !defined(NO_RSA) && !defined(NO_CERTS)
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for header before RSA key in certificate. */
- static const ASNItem rsaCertKeyASN[] = {
- /* STR */ { 0, ASN_BIT_STRING, 0, 1, 0 },
- /* SEQ */ { 1, ASN_SEQUENCE, 1, 0, 0 },
- };
- enum {
- RSACERTKEYASN_IDX_STR = 0,
- RSACERTKEYASN_IDX_SEQ
- };
- /* Number of items in ASN.1 template for header before RSA key in cert. */
- #define rsaCertKeyASN_Length (sizeof(rsaCertKeyASN) / sizeof(ASNItem))
- #endif
- /* Store RSA key pointer and length in certificate object.
- *
- * @param [in, out] cert Certificate object.
- * @param [in] source Buffer containing encoded key.
- * @param [in, out] srcIdx On in, start of RSA key data.
- * On out, start of element after RSA key data.
- * @param [in] maxIdx Maximum index of key data.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- */
- static int StoreRsaKey(DecodedCert* cert, const byte* source, word32* srcIdx,
- word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length;
- int pubLen;
- word32 pubIdx;
- if (CheckBitString(source, srcIdx, &pubLen, maxIdx, 1, NULL) != 0)
- return ASN_PARSE_E;
- pubIdx = *srcIdx;
- if (GetSequence(source, srcIdx, &length, pubIdx + (word32)pubLen) < 0)
- return ASN_PARSE_E;
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
- cert->sigCtx.CertAtt.pubkey_n_start =
- cert->sigCtx.CertAtt.pubkey_e_start = pubIdx;
- #endif
- cert->pubKeySize = (word32)pubLen;
- cert->publicKey = source + pubIdx;
- #ifdef WOLFSSL_MAXQ10XX_TLS
- cert->publicKeyIndex = pubIdx;
- #endif
- *srcIdx += (word32)length;
- #ifdef HAVE_OCSP
- return CalcHashId_ex(cert->publicKey, cert->pubKeySize,
- cert->subjectKeyHash, HashIdAlg(cert->signatureOID));
- #else
- return 0;
- #endif
- #else
- ASNGetData dataASN[rsaCertKeyASN_Length];
- int ret;
- /* No dynamic data. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- /* Decode the header before the key data. */
- ret = GetASN_Items(rsaCertKeyASN, dataASN, rsaCertKeyASN_Length, 1, source,
- srcIdx, maxIdx);
- if (ret == 0) {
- /* Store the pointer and length in certificate object starting at
- * SEQUENCE. */
- GetASN_GetConstRef(&dataASN[RSACERTKEYASN_IDX_STR],
- &cert->publicKey, &cert->pubKeySize);
- #ifdef WOLFSSL_MAXQ10XX_TLS
- cert->publicKeyIndex = dataASN[RSACERTKEYASN_IDX_SEQ].offset;
- #endif
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
- /* Start of SEQUENCE. */
- cert->sigCtx.CertAtt.pubkey_n_start =
- cert->sigCtx.CertAtt.pubkey_e_start = dataASN[RSACERTKEYASN_IDX_SEQ].offset;
- #endif
- #ifdef HAVE_OCSP
- /* Calculate the hash of the public key for OCSP. */
- ret = CalcHashId_ex(cert->publicKey, cert->pubKeySize,
- cert->subjectKeyHash, HashIdAlg(cert->signatureOID));
- #endif
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* !NO_RSA && !NO_CERTS */
- #if defined(HAVE_ECC) && !defined(NO_CERTS)
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for header before ECC key in certificate. */
- static const ASNItem eccCertKeyASN[] = {
- /* OID */ { 1, ASN_OBJECT_ID, 0, 0, 2 },
- /* Algo parameters */
- /* PARAMS */ { 1, ASN_SEQUENCE, 1, 0, 2 },
- /* Subject public key */
- /* SUBJPUBKEY */ { 0, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- ECCCERTKEYASN_IDX_OID = 0,
- ECCCERTKEYASN_IDX_PARAMS,
- ECCCERTKEYASN_IDX_SUBJPUBKEY
- };
- /* Number of items in ASN.1 template for header before ECC key in cert. */
- #define eccCertKeyASN_Length (sizeof(eccCertKeyASN) / sizeof(ASNItem))
- #ifdef WOLFSSL_CUSTOM_CURVES
- static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
- ecc_key* key, void* heap, int* curveSz);
- #endif /* WOLFSSL_CUSTOM_CURVES */
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* Store public ECC key in certificate object.
- *
- * Parse parameters and store public key data.
- *
- * @param [in, out] cert Certificate object.
- * @param [in] source Buffer containing encoded key.
- * @param [in, out] srcIdx On in, start of ECC key data.
- * On out, start of element after ECC key data.
- * @param [in] maxIdx Maximum index of key data.
- * @param [in] pubKey Buffer holding encoded public key.
- * @param [in] pubKeyLen Length of encoded public key in bytes.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when pubKey is NULL.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- */
- static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx,
- word32 maxIdx, const byte* pubKey, word32 pubKeyLen)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- word32 localIdx;
- byte* publicKey;
- byte tag;
- int length;
- if (pubKey == NULL) {
- return BAD_FUNC_ARG;
- }
- localIdx = *srcIdx;
- if (GetASNTag(source, &localIdx, &tag, maxIdx) < 0)
- return ASN_PARSE_E;
- if (tag != (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
- if (GetObjectId(source, srcIdx, &cert->pkCurveOID, oidCurveType,
- maxIdx) < 0)
- return ASN_PARSE_E;
- if ((ret = CheckCurve(cert->pkCurveOID)) < 0)
- return ECC_CURVE_OID_E;
- #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
- cert->sigCtx.CertAtt.curve_id = ret;
- #else
- (void)ret;
- #endif
- /* key header */
- ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL);
- if (ret != 0)
- return ret;
- #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
- cert->sigCtx.CertAtt.pubkey_n_start =
- cert->sigCtx.CertAtt.pubkey_e_start = (*srcIdx + 1);
- cert->sigCtx.CertAtt.pubkey_n_len = ((length - 1) >> 1);
- cert->sigCtx.CertAtt.pubkey_e_start +=
- cert->sigCtx.CertAtt.pubkey_n_len;
- cert->sigCtx.CertAtt.pubkey_e_len =
- cert->sigCtx.CertAtt.pubkey_n_len;
- #endif
- #ifdef WOLFSSL_MAXQ10XX_TLS
- cert->publicKeyIndex = *srcIdx + 1;
- #endif
- #ifdef HAVE_OCSP
- ret = CalcHashId_ex(source + *srcIdx, (word32)length,
- cert->subjectKeyHash, HashIdAlg(cert->signatureOID));
- if (ret != 0)
- return ret;
- #endif
- *srcIdx += (word32)length;
- }
- publicKey = (byte*)XMALLOC(pubKeyLen, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
- if (publicKey == NULL)
- return MEMORY_E;
- XMEMCPY(publicKey, pubKey, pubKeyLen);
- cert->publicKey = publicKey;
- cert->pubKeyStored = 1;
- cert->pubKeySize = pubKeyLen;
- return 0;
- #else
- int ret = 0;
- DECL_ASNGETDATA(dataASN, eccCertKeyASN_Length);
- byte* publicKey;
- /* Validate parameters. */
- if (pubKey == NULL) {
- ret = BAD_FUNC_ARG;
- }
- /* Clear dynamic data and check OID is a curve. */
- CALLOC_ASNGETDATA(dataASN, eccCertKeyASN_Length, ret, cert->heap);
- if (ret == 0) {
- GetASN_OID(&dataASN[ECCCERTKEYASN_IDX_OID], oidCurveType);
- /* Parse ECC public key header. */
- ret = GetASN_Items(eccCertKeyASN, dataASN, eccCertKeyASN_Length, 1,
- source, srcIdx, maxIdx);
- }
- if (ret == 0) {
- if (dataASN[ECCCERTKEYASN_IDX_OID].tag != 0) {
- /* Store curve OID. */
- cert->pkCurveOID = dataASN[ECCCERTKEYASN_IDX_OID].data.oid.sum;
- }
- else {
- #ifdef WOLFSSL_CUSTOM_CURVES
- /* Parse explicit parameters. */
- ret = EccSpecifiedECDomainDecode(
- dataASN[ECCCERTKEYASN_IDX_PARAMS].data.ref.data,
- dataASN[ECCCERTKEYASN_IDX_PARAMS].data.ref.length, NULL,
- NULL, &cert->pkCurveSize);
- #else
- /* Explicit parameters not supported in build configuration. */
- ret = ASN_PARSE_E;
- #endif
- }
- #ifdef WOLFSSL_MAXQ10XX_TLS
- cert->publicKeyIndex =
- GetASNItem_DataIdx(dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY], source)
- + 1;
- #endif
- #ifdef HAVE_OCSP
- if (ret == 0) {
- /* Calculate the hash of the subject public key for OCSP. */
- ret = CalcHashId_ex(
- dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY].data.ref.data,
- dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY].data.ref.length,
- cert->subjectKeyHash, HashIdAlg(cert->signatureOID));
- }
- }
- if (ret == 0) {
- #endif
- /* Store public key data length. */
- cert->pubKeySize = pubKeyLen;
- /* Must allocated space for key.
- * Don't memcpy into constant pointer so use temp. */
- publicKey = (byte*)XMALLOC(cert->pubKeySize, cert->heap,
- DYNAMIC_TYPE_PUBLIC_KEY);
- if (publicKey == NULL) {
- ret = MEMORY_E;
- }
- else {
- /* Copy in whole public key and store pointer. */
- XMEMCPY(publicKey, pubKey, cert->pubKeySize);
- cert->publicKey = publicKey;
- /* Indicate publicKey needs to be freed. */
- cert->pubKeyStored = 1;
- }
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* HAVE_ECC && !NO_CERTS */
- #ifndef NO_CERTS
- #if !defined(NO_DSA)
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for DSA key in certificate.
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * RFC 3279, 2.3.2 - DSA in SubjectPublicKeyInfo
- */
- static const ASNItem dsaCertKeyASN[] = {
- /* 0 */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* 1 */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* 2 */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* 3 */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* 4 */ { 0, ASN_BIT_STRING, 0, 1, 0 },
- /* 5 */ { 1, ASN_INTEGER, 0, 0, 0 },
- };
- /* Number of items in ASN.1 template for DSA key in certificate. */
- #define dsaCertKeyASN_Length (sizeof(dsaCertKeyASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* Parse DSA parameters to ensure valid.
- *
- * @param [in] source Buffer containing encoded key.
- * @param [in, out] srcIdx On in, start of DSA key data.
- * On out, start of element after DSA key data.
- * @param [in] maxIdx Maximum index of key data.
- * @param [in] heap Dynamic memory hint.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- */
- static int ParseDsaKey(const byte* source, word32* srcIdx, word32 maxIdx,
- void* heap)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- int length;
- (void)heap;
- ret = GetSequence(source, srcIdx, &length, maxIdx);
- if (ret < 0)
- return ret;
- ret = SkipInt(source, srcIdx, maxIdx);
- if (ret != 0)
- return ret;
- ret = SkipInt(source, srcIdx, maxIdx);
- if (ret != 0)
- return ret;
- ret = SkipInt(source, srcIdx, maxIdx);
- if (ret != 0)
- return ret;
- ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL);
- if (ret != 0)
- return ret;
- ret = GetASNInt(source, srcIdx, &length, maxIdx);
- if (ret != 0)
- return ASN_PARSE_E;
- *srcIdx += (word32)length;
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, dsaCertKeyASN_Length);
- int ret = 0;
- (void)heap;
- CALLOC_ASNGETDATA(dataASN, dsaCertKeyASN_Length, ret, heap);
- if (ret == 0) {
- /* Parse the DSA key data to ensure valid. */
- ret = GetASN_Items(dsaCertKeyASN, dataASN, dsaCertKeyASN_Length, 1,
- source, srcIdx, maxIdx);
- }
- FREE_ASNGETDATA(dataASN, heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* !NO_DSA */
- /* Decode the SubjectPublicKeyInfo block in a certificate.
- *
- * Stores the public key in fields of the certificate object.
- * Validates the BER/DER items and does not store in a key object.
- *
- * @param [in, out] cert Decoded certificate object.
- * @param [in] source BER/DER encoded SubjectPublicKeyInfo block.
- * @param [in, out] inOutIdx On in, start of public key.
- * On out, start of ASN.1 item after public key.
- * @param [in] maxIdx Maximum index of key data.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- */
- static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
- word32 maxIdx)
- {
- word32 srcIdx = *inOutIdx;
- #if defined(HAVE_ECC) || !defined(NO_DSA)
- int pubLen;
- #endif
- #if defined(HAVE_ECC) || !defined(NO_DSA)
- int pubIdx = (int)srcIdx;
- #endif
- int ret = 0;
- int length;
- /* Validate parameters. */
- if (source == NULL) {
- return ASN_PARSE_E;
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- if (GetSequence(source, &srcIdx, &length, maxIdx) < 0)
- #else
- /* Get SEQUENCE and expect all data to be accounted for. */
- if (GetASN_Sequence(source, &srcIdx, &length, maxIdx, 1) != 0)
- #endif
- {
- return ASN_PARSE_E;
- }
- #if defined(HAVE_ECC) || !defined(NO_DSA)
- pubLen = (int)srcIdx - pubIdx + length;
- #endif
- maxIdx = srcIdx + (word32)length;
- /* Decode the algorithm identifier for the key. */
- if (GetAlgoId(source, &srcIdx, &cert->keyOID, oidKeyType, maxIdx) < 0) {
- return ASN_PARSE_E;
- }
- (void)length;
- /* Parse each type of public key. */
- switch (cert->keyOID) {
- #ifndef NO_RSA
- #ifdef WC_RSA_PSS
- case RSAPSSk:
- if (srcIdx != maxIdx &&
- source[srcIdx] == (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
- word32 seqIdx = srcIdx;
- int seqLen;
- /* Not set when -1. */
- enum wc_HashType hash = WC_HASH_TYPE_NONE;
- int mgf = -1;
- int saltLen = 0;
- /* Defaults for sig algorithm parameters. */
- enum wc_HashType sigHash = WC_HASH_TYPE_SHA;
- int sigMgf = WC_MGF1SHA1;
- int sigSaltLen = 20;
- if (GetSequence(source, &srcIdx, &seqLen, maxIdx) < 0) {
- return ASN_PARSE_E;
- }
- /* Get the pubic key parameters. */
- ret = DecodeRsaPssParams(source + seqIdx,
- (word32)seqLen + srcIdx - seqIdx, &hash, &mgf, &saltLen);
- if (ret != 0) {
- return ASN_PARSE_E;
- }
- /* Get the signature parameters. */
- ret = DecodeRsaPssParams(source + cert->sigParamsIndex,
- cert->sigParamsLength, &sigHash, &sigMgf, &sigSaltLen);
- if (ret != 0) {
- return ASN_PARSE_E;
- }
- /* Validated signature params match public key params. */
- if (hash != WC_HASH_TYPE_NONE && hash != sigHash) {
- WOLFSSL_MSG("RSA PSS: hash not matching signature hash");
- return ASN_PARSE_E;
- }
- if (mgf != -1 && mgf != sigMgf) {
- WOLFSSL_MSG("RSA PSS: MGF not matching signature MGF");
- return ASN_PARSE_E;
- }
- if (saltLen > sigSaltLen) {
- WOLFSSL_MSG("RSA PSS: sig salt length too small");
- return ASN_PARSE_E;
- }
- srcIdx += (word32)seqLen;
- }
- FALL_THROUGH;
- #endif /* WC_RSA_PSS */
- case RSAk:
- ret = StoreRsaKey(cert, source, &srcIdx, maxIdx);
- break;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- case SM2k:
- #endif
- case ECDSAk:
- ret = StoreEccKey(cert, source, &srcIdx, maxIdx, source + pubIdx,
- (word32)pubLen);
- break;
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- case ED25519k:
- cert->pkCurveOID = ED25519k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_ED448
- case ED448k:
- cert->pkCurveOID = ED448k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- #endif /* HAVE_ED448 */
- #if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
- #ifdef HAVE_FALCON
- case FALCON_LEVEL1k:
- cert->pkCurveOID = FALCON_LEVEL1k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- case FALCON_LEVEL5k:
- cert->pkCurveOID = FALCON_LEVEL5k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- case DILITHIUM_LEVEL2k:
- cert->pkCurveOID = DILITHIUM_LEVEL2k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- case DILITHIUM_LEVEL3k:
- cert->pkCurveOID = DILITHIUM_LEVEL3k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- case DILITHIUM_LEVEL5k:
- cert->pkCurveOID = DILITHIUM_LEVEL5k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- case SPHINCS_FAST_LEVEL1k:
- cert->pkCurveOID = SPHINCS_FAST_LEVEL1k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- case SPHINCS_FAST_LEVEL3k:
- cert->pkCurveOID = SPHINCS_FAST_LEVEL3k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- case SPHINCS_FAST_LEVEL5k:
- cert->pkCurveOID = SPHINCS_FAST_LEVEL5k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- case SPHINCS_SMALL_LEVEL1k:
- cert->pkCurveOID = SPHINCS_SMALL_LEVEL1k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- case SPHINCS_SMALL_LEVEL3k:
- cert->pkCurveOID = SPHINCS_SMALL_LEVEL3k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- case SPHINCS_SMALL_LEVEL5k:
- cert->pkCurveOID = SPHINCS_SMALL_LEVEL5k;
- ret = StoreKey(cert, source, &srcIdx, maxIdx);
- break;
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- #ifndef NO_DSA
- case DSAk:
- cert->publicKey = source + pubIdx;
- cert->pubKeySize = (word32)pubLen;
- ret = ParseDsaKey(source, &srcIdx, maxIdx, cert->heap);
- break;
- #endif /* NO_DSA */
- default:
- WOLFSSL_MSG("Unknown or not compiled in key OID");
- WOLFSSL_ERROR_VERBOSE(ASN_UNKNOWN_OID_E);
- ret = ASN_UNKNOWN_OID_E;
- }
- /* Return index after public key. */
- *inOutIdx = srcIdx;
- /* Return error code. */
- return ret;
- }
- #endif
- /* Return the hash algorithm to use with the signature algorithm.
- *
- * @param [in] oidSum Signature id.
- * @return Hash algorithm id.
- */
- int HashIdAlg(word32 oidSum)
- {
- (void)oidSum;
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- if (oidSum == CTC_SM3wSM2) {
- return WC_SM3;
- }
- if (oidSum == SM2k) {
- return WC_SM3;
- }
- #endif
- #if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
- return WC_SHA256;
- #else
- return WC_SHA;
- #endif
- }
- /* Calculate hash of the id using the SHA-1 or SHA-256.
- *
- * @param [in] data Data to hash.
- * @param [in] len Length of data to hash.
- * @param [out] hash Buffer to hold hash.
- * @return 0 on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- int CalcHashId(const byte* data, word32 len, byte* hash)
- {
- /* Use default hash algorithm. */
- return CalcHashId_ex(data, len, hash,
- #if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
- WC_SHA256
- #else
- WC_SHA
- #endif
- );
- }
- /* Calculate hash of the id using the SHA-1 or SHA-256.
- *
- * @param [in] data Data to hash.
- * @param [in] len Length of data to hash.
- * @param [out] hash Buffer to hold hash.
- * @return 0 on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- int CalcHashId_ex(const byte* data, word32 len, byte* hash, int hashAlg)
- {
- int ret;
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- if (hashAlg == WC_SM3) {
- ret = wc_Sm3Hash(data, len, hash);
- }
- else
- #endif
- #if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
- if (hashAlg == WC_SHA256) {
- ret = wc_Sha256Hash(data, len, hash);
- }
- else
- #elif !defined(NO_SHA)
- if (hashAlg == WC_SHA) {
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- XMEMSET(hash + WC_SHA_DIGEST_SIZE, 0, KEYID_SIZE - WC_SHA_DIGEST_SIZE);
- #endif
- ret = wc_ShaHash(data, len, hash);
- }
- else
- #else
- (void)data;
- (void)len;
- (void)hash;
- #endif
- {
- ret = NOT_COMPILED_IN;
- }
- return ret;
- }
- #ifndef NO_CERTS
- /* Get the hash of the id using the SHA-1 or SHA-256.
- *
- * If the id is not the length of the hash, then hash it.
- *
- * @param [in] id Id to get hash for.
- * @param [in] len Length of id in bytes.
- * @param [out] hash Buffer to hold hash.
- * @return 0 on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
- {
- int ret;
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- if (length == wc_HashGetDigestSize(wc_HashTypeConvert(hashAlg)))
- #else
- if (length == KEYID_SIZE)
- #endif
- {
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- XMEMSET(hash + length, 0, KEYID_SIZE - length);
- #endif
- XMEMCPY(hash, id, (size_t)length);
- ret = 0;
- }
- else {
- ret = CalcHashId_ex(id, (word32)length, hash, hashAlg);
- }
- return ret;
- }
- #endif /* !NO_CERTS */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Id for email address. */
- #define ASN_EMAIL 0x100
- /* Id for domain component. */
- #define ASN_DC 0x102
- /* Id for jurisdiction country. */
- #define ASN_JURIS_C 0x203
- /* Id for jurisdiction state. */
- #define ASN_JURIS_ST 0x202
- /* Set the string for a name component into the subject name. */
- #define SetCertNameSubject(cert, id, val) \
- *((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].data)) = (val)
- /* Set the string length for a name component into the subject name. */
- #define SetCertNameSubjectLen(cert, id, val) \
- *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].len)) = (int)(val)
- /* Set the encoding for a name component into the subject name. */
- #define SetCertNameSubjectEnc(cert, id, val) \
- *((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].enc)) = (val)
- /* Get the string of a name component from the subject name. */
- #define GetCertNameSubjectStr(id) \
- (certNameSubject[(id) - 3].str)
- /* Get the string length of a name component from the subject name. */
- #define GetCertNameSubjectStrLen(id) \
- (certNameSubject[(id) - 3].strLen)
- /* Get the NID of a name component from the subject name. */
- #define GetCertNameSubjectNID(id) \
- (certNameSubject[(id) - 3].nid)
- #define ValidCertNameSubject(id) \
- (((id) - 3) >= 0 && ((id) - 3) < certNameSubjectSz && \
- (certNameSubject[(id) - 3].strLen > 0))
- /* Set the string for a name component into the issuer name. */
- #define SetCertNameIssuer(cert, id, val) \
- *((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = (val)
- /* Set the string length for a name component into the issuer name. */
- #define SetCertNameIssuerLen(cert, id, val) \
- *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].lenI)) = (int)(val)
- /* Set the encoding for a name component into the issuer name. */
- #define SetCertNameIssuerEnc(cert, id, val) \
- *((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].encI)) = (val)
- /* Mapping of certificate name component to useful information. */
- typedef struct CertNameData {
- /* Type string of name component. */
- const char* str;
- /* Length of type string of name component. */
- byte strLen;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- /* Offset of data in subject name component. */
- size_t data;
- /* Offset of length in subject name component. */
- size_t len;
- /* Offset of encoding in subject name component. */
- size_t enc;
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- /* Offset of data in subject name component. */
- size_t dataI;
- /* Offset of length in subject name component. */
- size_t lenI;
- /* Offset of encoding in subject name component. */
- size_t encI;
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- /* NID of type for subject name component. */
- int nid;
- #endif
- } CertNameData;
- /* List of data for common name components. */
- static const CertNameData certNameSubject[] = {
- /* Common Name */
- {
- "/CN=", 4,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectCN),
- OFFSETOF(DecodedCert, subjectCNLen),
- OFFSETOF(DecodedCert, subjectCNEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- OFFSETOF(DecodedCert, issuerCN),
- OFFSETOF(DecodedCert, issuerCNLen),
- OFFSETOF(DecodedCert, issuerCNEnc),
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_commonName
- #endif
- },
- /* Surname */
- {
- "/SN=", 4,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectSN),
- OFFSETOF(DecodedCert, subjectSNLen),
- OFFSETOF(DecodedCert, subjectSNEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- OFFSETOF(DecodedCert, issuerSN),
- OFFSETOF(DecodedCert, issuerSNLen),
- OFFSETOF(DecodedCert, issuerSNEnc),
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_surname
- #endif
- },
- /* Serial Number */
- {
- "/serialNumber=", 14,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectSND),
- OFFSETOF(DecodedCert, subjectSNDLen),
- OFFSETOF(DecodedCert, subjectSNDEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- OFFSETOF(DecodedCert, issuerSND),
- OFFSETOF(DecodedCert, issuerSNDLen),
- OFFSETOF(DecodedCert, issuerSNDEnc),
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_serialNumber
- #endif
- },
- /* Country Name */
- {
- "/C=", 3,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectC),
- OFFSETOF(DecodedCert, subjectCLen),
- OFFSETOF(DecodedCert, subjectCEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- OFFSETOF(DecodedCert, issuerC),
- OFFSETOF(DecodedCert, issuerCLen),
- OFFSETOF(DecodedCert, issuerCEnc),
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_countryName
- #endif
- },
- /* Locality Name */
- {
- "/L=", 3,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectL),
- OFFSETOF(DecodedCert, subjectLLen),
- OFFSETOF(DecodedCert, subjectLEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- OFFSETOF(DecodedCert, issuerL),
- OFFSETOF(DecodedCert, issuerLLen),
- OFFSETOF(DecodedCert, issuerLEnc),
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_localityName
- #endif
- },
- /* State Name */
- {
- "/ST=", 4,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectST),
- OFFSETOF(DecodedCert, subjectSTLen),
- OFFSETOF(DecodedCert, subjectSTEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- OFFSETOF(DecodedCert, issuerST),
- OFFSETOF(DecodedCert, issuerSTLen),
- OFFSETOF(DecodedCert, issuerSTEnc),
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_stateOrProvinceName
- #endif
- },
- /* Street Address */
- {
- "/street=", 8,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectStreet),
- OFFSETOF(DecodedCert, subjectStreetLen),
- OFFSETOF(DecodedCert, subjectStreetEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_streetAddress
- #endif
- },
- /* Organization Name */
- {
- "/O=", 3,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectO),
- OFFSETOF(DecodedCert, subjectOLen),
- OFFSETOF(DecodedCert, subjectOEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- OFFSETOF(DecodedCert, issuerO),
- OFFSETOF(DecodedCert, issuerOLen),
- OFFSETOF(DecodedCert, issuerOEnc),
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_organizationName
- #endif
- },
- /* Organization Unit Name */
- {
- "/OU=", 4,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectOU),
- OFFSETOF(DecodedCert, subjectOULen),
- OFFSETOF(DecodedCert, subjectOUEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- OFFSETOF(DecodedCert, issuerOU),
- OFFSETOF(DecodedCert, issuerOULen),
- OFFSETOF(DecodedCert, issuerOUEnc),
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_organizationalUnitName
- #endif
- },
- /* Title */
- {
- NULL, 0,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- 0,
- 0,
- 0,
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- 0,
- #endif
- },
- /* Undefined */
- {
- NULL, 0,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- 0,
- 0,
- 0,
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- 0,
- #endif
- },
- /* Undefined */
- {
- NULL, 0,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- 0,
- 0,
- 0,
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- 0,
- #endif
- },
- /* Business Category */
- {
- "/businessCategory=", 18,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectBC),
- OFFSETOF(DecodedCert, subjectBCLen),
- OFFSETOF(DecodedCert, subjectBCEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_businessCategory
- #endif
- },
- /* Undefined */
- {
- NULL, 0,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- 0,
- 0,
- 0,
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- 0,
- #endif
- },
- /* Postal Code */
- {
- "/postalCode=", 12,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectPC),
- OFFSETOF(DecodedCert, subjectPCLen),
- OFFSETOF(DecodedCert, subjectPCEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_postalCode
- #endif
- },
- /* User Id */
- {
- "/userid=", 8,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectUID),
- OFFSETOF(DecodedCert, subjectUIDLen),
- OFFSETOF(DecodedCert, subjectUIDEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_userId
- #endif
- },
- #ifdef WOLFSSL_CERT_NAME_ALL
- /* Name, id 41 */
- {
- "/N=", 3,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectN),
- OFFSETOF(DecodedCert, subjectNLen),
- OFFSETOF(DecodedCert, subjectNEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_name
- #endif
- },
- /* Given Name, id 42 */
- {
- "/GN=", 4,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectGN),
- OFFSETOF(DecodedCert, subjectGNLen),
- OFFSETOF(DecodedCert, subjectGNEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_givenName
- #endif
- },
- /* initials, id 43 */
- {
- "/initials=", 10,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectI),
- OFFSETOF(DecodedCert, subjectILen),
- OFFSETOF(DecodedCert, subjectIEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_initials
- #endif
- },
- /* DN Qualifier Name, id 46 */
- {
- "/dnQualifier=", 13,
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- OFFSETOF(DecodedCert, subjectDNQ),
- OFFSETOF(DecodedCert, subjectDNQLen),
- OFFSETOF(DecodedCert, subjectDNQEnc),
- #ifdef WOLFSSL_HAVE_ISSUER_NAMES
- 0,
- 0,
- 0,
- #endif
- #endif
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- NID_dnQualifier
- #endif
- },
- #endif /* WOLFSSL_CERT_NAME_ALL */
- };
- static const int certNameSubjectSz =
- (int) (sizeof(certNameSubject) / sizeof(CertNameData));
- /* ASN.1 template for an RDN.
- * X.509: RFC 5280, 4.1.2.4 - RelativeDistinguishedName
- */
- static const ASNItem rdnASN[] = {
- /* SET */ { 1, ASN_SET, 1, 1, 0 },
- /* AttributeTypeAndValue */
- /* ATTR_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* AttributeType */
- /* ATTR_TYPE */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* AttributeValue: Choice of tags - rdnChoice. */
- /* ATTR_VAL */ { 3, 0, 0, 0, 0 },
- };
- enum {
- RDNASN_IDX_SET = 0,
- RDNASN_IDX_ATTR_SEQ,
- RDNASN_IDX_ATTR_TYPE,
- RDNASN_IDX_ATTR_VAL
- };
- /* Number of items in ASN.1 template for an RDN. */
- #define rdnASN_Length (sizeof(rdnASN) / sizeof(ASNItem))
- /* Supported types of encodings (tags) for RDN strings.
- * X.509: RFC 5280, 4.1.2.4 - DirectoryString
- * (IA5 String not listed in RFC but required for alternative types)
- */
- static const byte rdnChoice[] = {
- ASN_PRINTABLE_STRING, ASN_IA5_STRING, ASN_UTF8STRING, ASN_T61STRING,
- ASN_UNIVERSALSTRING, ASN_BMPSTRING, 0
- };
- #endif
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- /* used to set the human readable string for the IP address with a ASN_IP_TYPE
- * DNS entry
- * return 0 on success
- */
- static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
- {
- int ret = 0;
- size_t nameSz = 0;
- char tmpName[WOLFSSL_MAX_IPSTR] = {0};
- unsigned char* ip;
- if (entry == NULL || entry->type != ASN_IP_TYPE) {
- return BAD_FUNC_ARG;
- }
- if (entry->len != WOLFSSL_IP4_ADDR_LEN &&
- entry->len != WOLFSSL_IP6_ADDR_LEN) {
- WOLFSSL_MSG("Unexpected IP size");
- return BAD_FUNC_ARG;
- }
- ip = (unsigned char*)entry->name;
- /* store IP addresses as a string */
- if (entry->len == WOLFSSL_IP4_ADDR_LEN) {
- if (XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFFU & ip[0],
- 0xFFU & ip[1], 0xFFU & ip[2], 0xFFU & ip[3])
- >= (int)sizeof(tmpName))
- {
- WOLFSSL_MSG("IP buffer overrun");
- return BUFFER_E;
- }
- }
- if (entry->len == WOLFSSL_IP6_ADDR_LEN) {
- size_t i;
- for (i = 0; i < 8; i++) {
- if (XSNPRINTF(tmpName + i * 5, sizeof(tmpName) - i * 5,
- "%02X%02X%s", 0xFF & ip[2 * i], 0xFF & ip[2 * i + 1],
- (i < 7) ? ":" : "")
- >= (int)sizeof(tmpName))
- {
- WOLFSSL_MSG("IPv6 buffer overrun");
- return BUFFER_E;
- }
- }
- }
- nameSz = XSTRLEN(tmpName);
- entry->ipString = (char*)XMALLOC(nameSz + 1, heap,
- DYNAMIC_TYPE_ALTNAME);
- if (entry->ipString == NULL) {
- ret = MEMORY_E;
- }
- if (ret == 0) {
- XMEMCPY(entry->ipString, tmpName, nameSz);
- entry->ipString[nameSz] = '\0';
- }
- (void)heap;
- return ret;
- }
- #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
- #if defined(OPENSSL_ALL)
- /* used to set the human readable string for the registeredID with an
- * ASN_RID_TYPE DNS entry
- * return 0 on success
- */
- static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
- {
- int i, j, ret = 0;
- int nameSz = 0;
- int nid = 0;
- int tmpSize = MAX_OID_SZ;
- word32 oid = 0;
- word32 idx = 0;
- word16 tmpName[MAX_OID_SZ];
- char oidName[MAX_OID_SZ];
- char* finalName;
- if (entry == NULL || entry->type != ASN_RID_TYPE) {
- return BAD_FUNC_ARG;
- }
- if (entry->len <= 0) {
- return BAD_FUNC_ARG;
- }
- XMEMSET(&oidName, 0, MAX_OID_SZ);
- ret = GetOID((const byte*)entry->name, &idx, &oid, oidIgnoreType,
- entry->len);
- if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) {
- /* OID has known string value */
- finalName = (char*)wolfSSL_OBJ_nid2ln(nid);
- }
- else {
- /* Decode OBJECT_ID into dotted form array. */
- ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
- tmpName, (word32*)&tmpSize);
- if (ret == 0) {
- j = 0;
- /* Append each number of dotted form. */
- for (i = 0; i < tmpSize; i++) {
- if (j >= MAX_OID_SZ) {
- return BUFFER_E;
- }
- if (i < tmpSize - 1) {
- ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", tmpName[i]);
- }
- else {
- ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", tmpName[i]);
- }
- if (ret >= 0) {
- j += ret;
- }
- else {
- return BUFFER_E;
- }
- }
- ret = 0;
- finalName = oidName;
- }
- }
- if (ret == 0) {
- nameSz = (int)XSTRLEN((const char*)finalName);
- entry->ridString = (char*)XMALLOC(nameSz + 1, heap,
- DYNAMIC_TYPE_ALTNAME);
- if (entry->ridString == NULL) {
- ret = MEMORY_E;
- }
- if (ret == 0) {
- XMEMCPY(entry->ridString, finalName, nameSz + 1);
- }
- }
- return ret;
- }
- #endif /* OPENSSL_ALL && WOLFSSL_ASN_TEMPLATE */
- #ifdef WOLFSSL_ASN_TEMPLATE
- #if defined(WOLFSSL_CERT_GEN) || !defined(NO_CERTS)
- /* Adds a DNS entry to a list of DNS entries
- *
- * @param [in, out] lst Linked list of DNS name entries.
- * @param [in] entry Entry to add to the list
- * @return 0 on success.
- */
- static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry)
- {
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
- entry->next = NULL;
- if (*lst == NULL) {
- /* First on list */
- *lst = entry;
- }
- else {
- DNS_entry* temp = *lst;
- /* Find end */
- for (; (temp->next != NULL); temp = temp->next);
- /* Add to end */
- temp->next = entry;
- }
- #else
- /* Prepend entry to linked list. */
- entry->next = *lst;
- *lst = entry;
- #endif
- return 0;
- }
- /* Allocate a DNS entry and set the fields.
- *
- * @param [in] cert Certificate object.
- * @param [in] str DNS name string.
- * @param [in] strLen Length of DNS name string.
- * @param [in] type Type of DNS name string.
- * @param [in, out] entries Linked list of DNS name entries.
- * @return 0 on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
- int type, DNS_entry** entries)
- {
- DNS_entry* dnsEntry;
- int ret = 0;
- /* Only used for heap. */
- (void)cert;
- /* TODO: consider one malloc. */
- /* Allocate DNS Entry object. */
- dnsEntry = AltNameNew(cert->heap);
- if (dnsEntry == NULL) {
- ret = MEMORY_E;
- }
- if (ret == 0) {
- /* Allocate DNS Entry name - length of string plus 1 for NUL. */
- dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (dnsEntry->name == NULL) {
- XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- ret = MEMORY_E;
- }
- }
- if (ret == 0) {
- /* Set tag type, name length, name and NUL terminate name. */
- dnsEntry->type = type;
- dnsEntry->len = strLen;
- XMEMCPY(dnsEntry->name, str, (size_t)strLen);
- dnsEntry->name[strLen] = '\0';
- #if defined(OPENSSL_ALL)
- /* store registeredID as a string */
- if (type == ASN_RID_TYPE) {
- if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) {
- XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
- XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- }
- }
- #endif
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- /* store IP addresses as a string */
- if (type == ASN_IP_TYPE) {
- if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) {
- XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
- XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- }
- }
- }
- if (ret == 0) {
- #endif
- ret = AddDNSEntryToList(entries, dnsEntry);
- }
- return ret;
- }
- #endif
- /* Set the details of a subject name component into a certificate.
- *
- * @param [in, out] cert Certificate object.
- * @param [in] id Id of component.
- * @param [in] str String for component.
- * @param [in] strLen Length of string.
- * @param [in] tag BER tag representing encoding of string.
- * @return 0 on success, negative values on failure.
- */
- static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen,
- byte tag)
- {
- int ret = 0;
- /* Put string and encoding into certificate. */
- if (id == ASN_COMMON_NAME) {
- cert->subjectCN = (char *)str;
- cert->subjectCNLen = (int)strLen;
- cert->subjectCNEnc = (char)tag;
- }
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) {
- /* Use table and offsets to put data into appropriate fields. */
- SetCertNameSubject(cert, id, (char*)str);
- SetCertNameSubjectLen(cert, id, strLen);
- SetCertNameSubjectEnc(cert, id, tag);
- }
- #endif
- #if !defined(IGNORE_NAME_CONSTRAINTS) || \
- defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- else if (id == ASN_EMAIL) {
- cert->subjectEmail = (char*)str;
- cert->subjectEmailLen = strLen;
- }
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* TODO: consider mapping id to an index and using SetCertNameSubect*(). */
- else if (id == ASN_JURIS_C) {
- cert->subjectJC = (char*)str;
- cert->subjectJCLen = strLen;
- cert->subjectJCEnc = (char)tag;
- }
- else if (id == ASN_JURIS_ST) {
- cert->subjectJS = (char*)str;
- cert->subjectJSLen = strLen;
- cert->subjectJSEnc = (char)tag;
- }
- #endif
- return ret;
- }
- #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
- defined(WOLFSSL_HAVE_ISSUER_NAMES)
- /* Set the details of an issuer name component into a certificate.
- *
- * @param [in, out] cert Certificate object.
- * @param [in] id Id of component.
- * @param [in] str String for component.
- * @param [in] strLen Length of string.
- * @param [in] tag BER tag representing encoding of string.
- * @return 0 on success, negative values on failure.
- */
- static int SetIssuer(DecodedCert* cert, int id, byte* str, int strLen,
- byte tag)
- {
- int ret = 0;
- /* Put string and encoding into certificate. */
- if (id == ASN_COMMON_NAME) {
- cert->issuerCN = (char *)str;
- cert->issuerCNLen = (int)strLen;
- cert->issuerCNEnc = (char)tag;
- }
- else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) {
- /* Use table and offsets to put data into appropriate fields. */
- SetCertNameIssuer(cert, id, (char*)str);
- SetCertNameIssuerLen(cert, id, strLen);
- SetCertNameIssuerEnc(cert, id, tag);
- }
- else if (id == ASN_EMAIL) {
- cert->issuerEmail = (char*)str;
- cert->issuerEmailLen = strLen;
- }
- return ret;
- }
- #endif
- /* Get a RelativeDistinguishedName from the encoding and put in certificate.
- *
- * @param [in, out] cert Certificate object.
- * @param [in, out] full Full name string. ([/<type>=<value>]*)
- * @param [in, out] idx Index int full name to place next component.
- * @param [in, out] nid NID of component type.
- * @param [in] isSubject Whether this data is for a subject name.
- * @param [in] dataASN Decoded data of RDN. Expected rdnASN type.
- * @return 0 on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- * @return ASN_PARSE_E when type not supported.
- */
- static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
- int isSubject, ASNGetData* dataASN)
- {
- int ret = 0;
- const char* typeStr = NULL;
- byte typeStrLen = 0;
- byte* oid;
- word32 oidSz;
- int id = 0;
- (void)nid;
- /* Get name type OID from data items. */
- GetASN_OIDData(&dataASN[RDNASN_IDX_ATTR_TYPE], &oid, &oidSz);
- /* v1 name types */
- if ((oidSz == 3) && (oid[0] == 0x55) && (oid[1] == 0x04)) {
- id = oid[2];
- /* Check range of supported ids in table. */
- if (ValidCertNameSubject(id)) {
- /* Get the type string, length and NID from table. */
- typeStr = GetCertNameSubjectStr(id);
- typeStrLen = GetCertNameSubjectStrLen(id);
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- *nid = GetCertNameSubjectNID(id);
- #endif
- }
- }
- else if (oidSz == sizeof(attrEmailOid) && XMEMCMP(oid, attrEmailOid, oidSz) == 0) {
- /* Set the email id, type string, length and NID. */
- id = ASN_EMAIL;
- typeStr = WOLFSSL_EMAIL_ADDR;
- typeStrLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- *nid = NID_emailAddress;
- #endif
- }
- else if (oidSz == sizeof(uidOid) && XMEMCMP(oid, uidOid, oidSz) == 0) {
- /* Set the user id, type string, length and NID. */
- id = ASN_USER_ID;
- typeStr = WOLFSSL_USER_ID;
- typeStrLen = sizeof(WOLFSSL_USER_ID) - 1;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- *nid = NID_userId;
- #endif
- }
- else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz) == 0) {
- /* Set the domain component, type string, length and NID. */
- id = ASN_DC;
- typeStr = WOLFSSL_DOMAIN_COMPONENT;
- typeStrLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- *nid = NID_domainComponent;
- #endif
- }
- else if (oidSz == sizeof(fvrtDrk) && XMEMCMP(oid, fvrtDrk, oidSz) == 0) {
- /* Set the favourite drink, type string, length and NID. */
- id = ASN_FAVOURITE_DRINK;
- typeStr = WOLFSSL_FAVOURITE_DRINK;
- typeStrLen = sizeof(WOLFSSL_FAVOURITE_DRINK) - 1;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- *nid = NID_favouriteDrink;
- #endif
- }
- #ifdef WOLFSSL_CERT_REQ
- else if (oidSz == sizeof(attrPkcs9ContentTypeOid) &&
- XMEMCMP(oid, attrPkcs9ContentTypeOid, oidSz) == 0) {
- /* Set the pkcs9_contentType, type string, length and NID. */
- id = ASN_CONTENT_TYPE;
- typeStr = WOLFSSL_CONTENT_TYPE;
- typeStrLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- *nid = NID_pkcs9_contentType;
- #endif
- }
- #endif
- /* Other OIDs that start with the same values. */
- else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz-1) == 0) {
- WOLFSSL_MSG("Unknown pilot attribute type");
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- else if (oidSz == ASN_JOI_PREFIX_SZ + 1 &&
- XMEMCMP(oid, ASN_JOI_PREFIX, ASN_JOI_PREFIX_SZ) == 0) {
- /* Set the jurisdiction id. */
- id = 0x200 + oid[ASN_JOI_PREFIX_SZ];
- /* Set the jurisdiction type string, length and NID if known. */
- if (oid[ASN_JOI_PREFIX_SZ] == ASN_JOI_C) {
- typeStr = WOLFSSL_JOI_C;
- typeStrLen = sizeof(WOLFSSL_JOI_C) - 1;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- *nid = NID_jurisdictionCountryName;
- #endif /* WOLFSSL_X509_NAME_AVAILABLE */
- }
- else if (oid[ASN_JOI_PREFIX_SZ] == ASN_JOI_ST) {
- typeStr = WOLFSSL_JOI_ST;
- typeStrLen = sizeof(WOLFSSL_JOI_ST) - 1;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- *nid = NID_jurisdictionStateOrProvinceName;
- #endif /* WOLFSSL_X509_NAME_AVAILABLE */
- }
- else {
- WOLFSSL_MSG("Unknown Jurisdiction, skipping");
- }
- }
- if ((ret == 0) && (typeStr != NULL)) {
- /* OID type to store for subject name and add to full string. */
- byte* str;
- word32 strLen;
- byte tag = dataASN[RDNASN_IDX_ATTR_VAL].tag;
- /* Get the string reference and length. */
- GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen);
- if (isSubject) {
- /* Store subject field components. */
- ret = SetSubject(cert, id, str, (int)strLen, tag);
- }
- #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
- defined(WOLFSSL_HAVE_ISSUER_NAMES)
- /* Put issuer common name string and encoding into certificate. */
- else {
- ret = SetIssuer(cert, id, str, (int)strLen, tag);
- }
- #endif
- if (ret == 0) {
- /* Check there is space for this in the full name string and
- * terminating NUL character. */
- if ((typeStrLen + strLen) < (word32)(WC_ASN_NAME_MAX - *idx))
- {
- /* Add RDN to full string. */
- XMEMCPY(&full[*idx], typeStr, typeStrLen);
- *idx += typeStrLen;
- XMEMCPY(&full[*idx], str, strLen);
- *idx += strLen;
- }
- else {
- WOLFSSL_MSG("ASN Name too big, skipping");
- }
- }
- }
- return ret;
- }
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* Get a certificate name into the certificate object.
- *
- * @param [in, out] cert Decoded certificate object.
- * @param [out] full Buffer to hold full name as a string.
- * @param [out] hash Buffer to hold hash of name.
- * @param [in] nameType ISSUER or SUBJECT.
- * @param [in] input Buffer holding certificate name.
- * @param [in, out] inOutIdx On in, start of certificate name.
- * On out, start of ASN.1 item after cert name.
- * @param [in] maxIdx Index of next item after certificate name.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
- const byte* input, word32* inOutIdx, word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length; /* length of all distinguished names */
- int dummy;
- int ret;
- word32 idx;
- word32 srcIdx = *inOutIdx;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- WOLFSSL_X509_NAME* dName = NULL;
- #endif
- WOLFSSL_MSG("Getting Cert Name");
- /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be
- * calculated over the entire DER encoding of the Name field, including
- * the tag and length. */
- if (CalcHashId_ex(input + *inOutIdx, maxIdx - *inOutIdx, hash,
- HashIdAlg(cert->signatureOID)) != 0) {
- return ASN_PARSE_E;
- }
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- dName = wolfSSL_X509_NAME_new_ex(cert->heap);
- if (dName == NULL) {
- return MEMORY_E;
- }
- #endif /* OPENSSL_EXTRA */
- if (GetSequence(input, &srcIdx, &length, maxIdx) < 0) {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- wolfSSL_X509_NAME_free(dName);
- #endif /* OPENSSL_EXTRA */
- return ASN_PARSE_E;
- }
- #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
- /* store pointer to raw issuer */
- if (nameType == ISSUER) {
- cert->issuerRaw = &input[srcIdx];
- cert->issuerRawLen = length;
- }
- #endif
- #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectRaw = &input[srcIdx];
- cert->subjectRawLen = length;
- }
- #endif
- length += (int)srcIdx;
- idx = 0;
- while (srcIdx < (word32)length) {
- byte b = 0;
- byte joint[3];
- byte tooBig = FALSE;
- int oidSz;
- const char* copy = NULL;
- int copyLen = 0;
- int strLen = 0;
- byte id = 0;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- int nid = NID_undef;
- int enc;
- #endif /* OPENSSL_EXTRA */
- if (GetSet(input, &srcIdx, &dummy, maxIdx) < 0) {
- WOLFSSL_MSG("Cert name lacks set header, trying sequence");
- }
- if (GetSequence(input, &srcIdx, &dummy, maxIdx) <= 0) {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- wolfSSL_X509_NAME_free(dName);
- #endif /* OPENSSL_EXTRA */
- return ASN_PARSE_E;
- }
- ret = GetASNObjectId(input, &srcIdx, &oidSz, maxIdx);
- if (ret != 0) {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- wolfSSL_X509_NAME_free(dName);
- #endif /* OPENSSL_EXTRA */
- return ret;
- }
- /* make sure there is room for joint */
- if ((srcIdx + sizeof(joint)) > (word32)maxIdx) {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- wolfSSL_X509_NAME_free(dName);
- #endif /* OPENSSL_EXTRA */
- return ASN_PARSE_E;
- }
- XMEMCPY(joint, &input[srcIdx], sizeof(joint));
- /* v1 name types */
- if (joint[0] == 0x55 && joint[1] == 0x04) {
- srcIdx += 3;
- id = joint[2];
- if (GetHeader(input, &b, &srcIdx, &strLen, maxIdx, 1) < 0) {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- wolfSSL_X509_NAME_free(dName);
- #endif /* OPENSSL_EXTRA */
- return ASN_PARSE_E;
- }
- if (id == ASN_COMMON_NAME) {
- if (nameType == SUBJECT) {
- cert->subjectCN = (char *)&input[srcIdx];
- cert->subjectCNLen = strLen;
- cert->subjectCNEnc = (char)b;
- }
- #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
- defined(WOLFSSL_HAVE_ISSUER_NAMES)
- else if (nameType == ISSUER) {
- cert->issuerCN = (char*)&input[srcIdx];
- cert->issuerCNLen = strLen;
- cert->issuerCNEnc = (char)b;
- }
- #endif
- copy = WOLFSSL_COMMON_NAME;
- copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_commonName;
- #endif /* OPENSSL_EXTRA */
- }
- #ifdef WOLFSSL_CERT_NAME_ALL
- else if (id == ASN_NAME) {
- copy = WOLFSSL_NAME;
- copyLen = sizeof(WOLFSSL_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectN = (char*)&input[srcIdx];
- cert->subjectNLen = strLen;
- cert->subjectNEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_name;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_INITIALS) {
- copy = WOLFSSL_INITIALS;
- copyLen = sizeof(WOLFSSL_INITIALS) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectI = (char*)&input[srcIdx];
- cert->subjectILen = strLen;
- cert->subjectIEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_initials;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_GIVEN_NAME) {
- copy = WOLFSSL_GIVEN_NAME;
- copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectGN = (char*)&input[srcIdx];
- cert->subjectGNLen = strLen;
- cert->subjectGNEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_givenName;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_DNQUALIFIER) {
- copy = WOLFSSL_DNQUALIFIER;
- copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectDNQ = (char*)&input[srcIdx];
- cert->subjectDNQLen = strLen;
- cert->subjectDNQEnc = b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_dnQualifier;
- #endif /* OPENSSL_EXTRA */
- }
- #endif /* WOLFSSL_CERT_NAME_ALL */
- else if (id == ASN_SUR_NAME) {
- copy = WOLFSSL_SUR_NAME;
- copyLen = sizeof(WOLFSSL_SUR_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectSN = (char*)&input[srcIdx];
- cert->subjectSNLen = strLen;
- cert->subjectSNEnc = (char)b;
- }
- #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
- else if (nameType == ISSUER) {
- cert->issuerSN = (char*)&input[srcIdx];
- cert->issuerSNLen = strLen;
- cert->issuerSNEnc = (char)b;
- }
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_surname;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_COUNTRY_NAME) {
- copy = WOLFSSL_COUNTRY_NAME;
- copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectC = (char*)&input[srcIdx];
- cert->subjectCLen = strLen;
- cert->subjectCEnc = (char)b;
- }
- #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
- else if (nameType == ISSUER) {
- cert->issuerC = (char*)&input[srcIdx];
- cert->issuerCLen = strLen;
- cert->issuerCEnc = (char)b;
- }
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_countryName;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_LOCALITY_NAME) {
- copy = WOLFSSL_LOCALITY_NAME;
- copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectL = (char*)&input[srcIdx];
- cert->subjectLLen = strLen;
- cert->subjectLEnc = (char)b;
- }
- #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
- else if (nameType == ISSUER) {
- cert->issuerL = (char*)&input[srcIdx];
- cert->issuerLLen = strLen;
- cert->issuerLEnc = (char)b;
- }
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_localityName;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_STATE_NAME) {
- copy = WOLFSSL_STATE_NAME;
- copyLen = sizeof(WOLFSSL_STATE_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectST = (char*)&input[srcIdx];
- cert->subjectSTLen = strLen;
- cert->subjectSTEnc = (char)b;
- }
- #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
- else if (nameType == ISSUER) {
- cert->issuerST = (char*)&input[srcIdx];
- cert->issuerSTLen = strLen;
- cert->issuerSTEnc = (char)b;
- }
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_stateOrProvinceName;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_ORG_NAME) {
- copy = WOLFSSL_ORG_NAME;
- copyLen = sizeof(WOLFSSL_ORG_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectO = (char*)&input[srcIdx];
- cert->subjectOLen = strLen;
- cert->subjectOEnc = (char)b;
- }
- #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
- else if (nameType == ISSUER) {
- cert->issuerO = (char*)&input[srcIdx];
- cert->issuerOLen = strLen;
- cert->issuerOEnc = (char)b;
- }
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_organizationName;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_ORGUNIT_NAME) {
- copy = WOLFSSL_ORGUNIT_NAME;
- copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectOU = (char*)&input[srcIdx];
- cert->subjectOULen = strLen;
- cert->subjectOUEnc = (char)b;
- }
- #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
- else if (nameType == ISSUER) {
- cert->issuerOU = (char*)&input[srcIdx];
- cert->issuerOULen = strLen;
- cert->issuerOUEnc = (char)b;
- }
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_organizationalUnitName;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_SERIAL_NUMBER) {
- copy = WOLFSSL_SERIAL_NUMBER;
- copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectSND = (char*)&input[srcIdx];
- cert->subjectSNDLen = strLen;
- cert->subjectSNDEnc = (char)b;
- }
- #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
- else if (nameType == ISSUER) {
- cert->issuerSND = (char*)&input[srcIdx];
- cert->issuerSNDLen = strLen;
- cert->issuerSNDEnc = (char)b;
- }
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_serialNumber;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_USER_ID) {
- copy = WOLFSSL_USER_ID;
- copyLen = sizeof(WOLFSSL_USER_ID) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectUID = (char*)&input[srcIdx];
- cert->subjectUIDLen = strLen;
- cert->subjectUIDEnc = (char)b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_userId;
- #endif /* OPENSSL_EXTRA */
- }
- #ifdef WOLFSSL_CERT_EXT
- else if (id == ASN_STREET_ADDR) {
- copy = WOLFSSL_STREET_ADDR_NAME;
- copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectStreet = (char*)&input[srcIdx];
- cert->subjectStreetLen = strLen;
- cert->subjectStreetEnc = (char)b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_streetAddress;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_BUS_CAT) {
- copy = WOLFSSL_BUS_CAT;
- copyLen = sizeof(WOLFSSL_BUS_CAT) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectBC = (char*)&input[srcIdx];
- cert->subjectBCLen = strLen;
- cert->subjectBCEnc = (char)b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_businessCategory;
- #endif /* OPENSSL_EXTRA */
- }
- else if (id == ASN_POSTAL_CODE) {
- copy = WOLFSSL_POSTAL_NAME;
- copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectPC = (char*)&input[srcIdx];
- cert->subjectPCLen = strLen;
- cert->subjectPCEnc = (char)b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_postalCode;
- #endif /* OPENSSL_EXTRA */
- }
- #endif /* WOLFSSL_CERT_EXT */
- }
- #ifdef WOLFSSL_CERT_EXT
- else if ((srcIdx + ASN_JOI_PREFIX_SZ + 2 <= (word32)maxIdx) &&
- (0 == XMEMCMP(&input[srcIdx], ASN_JOI_PREFIX,
- ASN_JOI_PREFIX_SZ)) &&
- ((input[srcIdx+ASN_JOI_PREFIX_SZ] == ASN_JOI_C) ||
- (input[srcIdx+ASN_JOI_PREFIX_SZ] == ASN_JOI_ST)))
- {
- srcIdx += ASN_JOI_PREFIX_SZ;
- id = input[srcIdx++];
- b = input[srcIdx++]; /* encoding */
- if (GetLength(input, &srcIdx, &strLen,
- maxIdx) < 0) {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- wolfSSL_X509_NAME_free(dName);
- #endif /* OPENSSL_EXTRA */
- return ASN_PARSE_E;
- }
- /* Check for jurisdiction of incorporation country name */
- if (id == ASN_JOI_C) {
- copy = WOLFSSL_JOI_C;
- copyLen = sizeof(WOLFSSL_JOI_C) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectJC = (char*)&input[srcIdx];
- cert->subjectJCLen = strLen;
- cert->subjectJCEnc = (char)b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_jurisdictionCountryName;
- #endif /* OPENSSL_EXTRA */
- }
- /* Check for jurisdiction of incorporation state name */
- else if (id == ASN_JOI_ST) {
- copy = WOLFSSL_JOI_ST;
- copyLen = sizeof(WOLFSSL_JOI_ST) - 1;
- #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectJS = (char*)&input[srcIdx];
- cert->subjectJSLen = strLen;
- cert->subjectJSEnc = (char)b;
- }
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_jurisdictionStateOrProvinceName;
- #endif /* OPENSSL_EXTRA */
- }
- if ((strLen + copyLen) > (int)(WC_ASN_NAME_MAX - idx)) {
- WOLFSSL_MSG("ASN Name too big, skipping");
- tooBig = TRUE;
- }
- }
- #endif /* WOLFSSL_CERT_EXT */
- else {
- /* skip */
- byte email = FALSE;
- byte pilot = FALSE;
- if (joint[0] == 0x2a && joint[1] == 0x86) { /* email id hdr 42.134.* */
- id = ASN_EMAIL_NAME;
- email = TRUE;
- }
- if (joint[0] == 0x9 && joint[1] == 0x92) { /* uid id hdr 9.146.* */
- /* last value of OID is the type of pilot attribute */
- id = input[srcIdx + (word32)oidSz - 1];
- if (id == 0x01)
- id = ASN_USER_ID;
- pilot = TRUE;
- }
- srcIdx += (word32)oidSz + 1;
- if (GetLength(input, &srcIdx, &strLen, maxIdx) < 0) {
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- wolfSSL_X509_NAME_free(dName);
- #endif /* OPENSSL_EXTRA */
- return ASN_PARSE_E;
- }
- if (strLen > (int)(WC_ASN_NAME_MAX - idx)) {
- WOLFSSL_MSG("ASN name too big, skipping");
- tooBig = TRUE;
- }
- if (email) {
- copyLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1;
- if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx)) {
- WOLFSSL_MSG("ASN name too big, skipping");
- tooBig = TRUE;
- }
- else {
- copy = WOLFSSL_EMAIL_ADDR;
- }
- #if !defined(IGNORE_NAME_CONSTRAINTS) || \
- defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
- if (nameType == SUBJECT) {
- cert->subjectEmail = (char*)&input[srcIdx];
- cert->subjectEmailLen = strLen;
- }
- #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
- else if (nameType == ISSUER) {
- cert->issuerEmail = (char*)&input[srcIdx];
- cert->issuerEmailLen = strLen;
- }
- #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
- #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_emailAddress;
- #endif /* OPENSSL_EXTRA */
- }
- if (pilot) {
- switch (id) {
- case ASN_USER_ID:
- copy = WOLFSSL_USER_ID;
- copyLen = sizeof(WOLFSSL_USER_ID) - 1;
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_userId;
- #endif /* OPENSSL_EXTRA */
- break;
- case ASN_DOMAIN_COMPONENT:
- copy = WOLFSSL_DOMAIN_COMPONENT;
- copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_domainComponent;
- #endif /* OPENSSL_EXTRA */
- break;
- case ASN_FAVOURITE_DRINK:
- copy = WOLFSSL_FAVOURITE_DRINK;
- copyLen = sizeof(WOLFSSL_FAVOURITE_DRINK) - 1;
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_favouriteDrink;
- #endif /* OPENSSL_EXTRA */
- break;
- case ASN_CONTENT_TYPE:
- copy = WOLFSSL_CONTENT_TYPE;
- copyLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) \
- && !defined(WOLFCRYPT_ONLY)
- nid = NID_pkcs9_contentType;
- #endif /* OPENSSL_EXTRA */
- break;
- default:
- WOLFSSL_MSG("Unknown pilot attribute type");
- #if (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- wolfSSL_X509_NAME_free(dName);
- #endif /* OPENSSL_EXTRA */
- return ASN_PARSE_E;
- }
- }
- }
- if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx))
- {
- WOLFSSL_MSG("ASN Name too big, skipping");
- tooBig = TRUE;
- }
- if ((copy != NULL) && !tooBig) {
- XMEMCPY(&full[idx], copy, (size_t)copyLen);
- idx += (word32)copyLen;
- XMEMCPY(&full[idx], &input[srcIdx], (size_t)strLen);
- idx += (word32)strLen;
- }
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- switch (b) {
- case CTC_UTF8:
- enc = MBSTRING_UTF8;
- break;
- case CTC_PRINTABLE:
- enc = V_ASN1_PRINTABLESTRING;
- break;
- default:
- WOLFSSL_MSG("Unknown encoding type, using UTF8 by default");
- enc = MBSTRING_UTF8;
- }
- if (nid != NID_undef) {
- if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc,
- &input[srcIdx], strLen, -1, -1) !=
- WOLFSSL_SUCCESS) {
- wolfSSL_X509_NAME_free(dName);
- return ASN_PARSE_E;
- }
- }
- #endif /* OPENSSL_EXTRA */
- srcIdx += (word32)strLen;
- }
- full[idx++] = 0;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(WOLFCRYPT_ONLY)
- if (nameType == ISSUER) {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
- (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
- dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX);
- XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen);
- #endif
- cert->issuerName = dName;
- }
- else {
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
- dName->rawLen = min(cert->subjectRawLen, WC_ASN_NAME_MAX);
- XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen);
- #endif
- cert->subjectName = dName;
- }
- #endif
- *inOutIdx = srcIdx;
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, rdnASN_Length);
- int ret = 0;
- word32 idx = 0;
- int len;
- word32 srcIdx = *inOutIdx;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- WOLFSSL_X509_NAME* dName = NULL;
- #endif /* WOLFSSL_X509_NAME_AVAILABLE */
- WOLFSSL_MSG("Getting Cert Name");
- /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be
- * calculated over the entire DER encoding of the Name field, including
- * the tag and length. */
- if (CalcHashId_ex(input + srcIdx, maxIdx - srcIdx, hash,
- HashIdAlg(cert->signatureOID)) != 0) {
- ret = ASN_PARSE_E;
- }
- CALLOC_ASNGETDATA(dataASN, rdnASN_Length, ret, cert->heap);
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- if (ret == 0) {
- /* Create an X509_NAME to hold data for OpenSSL compatibility APIs. */
- dName = wolfSSL_X509_NAME_new_ex(cert->heap);
- if (dName == NULL) {
- ret = MEMORY_E;
- }
- }
- #endif /* WOLFSSL_X509_NAME_AVAILABLE */
- if (ret == 0) {
- /* Expecting a SEQUENCE using up all data. */
- ret = GetASN_Sequence(input, &srcIdx, &len, maxIdx, 1);
- }
- if (ret == 0) {
- #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
- /* Store pointer and length to raw issuer. */
- if (nameType == ISSUER) {
- cert->issuerRaw = &input[srcIdx];
- cert->issuerRawLen = len;
- }
- #endif
- #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
- /* Store pointer and length to raw subject. */
- if (nameType == SUBJECT) {
- cert->subjectRaw = &input[srcIdx];
- cert->subjectRawLen = len;
- }
- #endif
- /* Process all RDNs in name. */
- while ((ret == 0) && (srcIdx < maxIdx)) {
- int nid = 0;
- /* Initialize for data and setup RDN choice. */
- GetASN_Choice(&dataASN[RDNASN_IDX_ATTR_VAL], rdnChoice);
- /* Ignore type OID as too many to store in table. */
- GetASN_OID(&dataASN[RDNASN_IDX_ATTR_TYPE], oidIgnoreType);
- /* Parse RDN. */
- ret = GetASN_Items(rdnASN, dataASN, rdnASN_Length, 1, input,
- &srcIdx, maxIdx);
- if (ret == 0) {
- /* Put RDN data into certificate. */
- ret = GetRDN(cert, full, &idx, &nid, nameType == SUBJECT,
- dataASN);
- }
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- /* TODO: push this back up to ssl.c
- * (do parsing for WOLFSSL_X509_NAME on demand) */
- if (ret == 0) {
- int enc;
- byte* str;
- word32 strLen;
- byte tag = dataASN[RDNASN_IDX_ATTR_VAL].tag;
- /* Get string reference. */
- GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen);
- /* Convert BER tag to a OpenSSL type. */
- switch (tag) {
- case CTC_UTF8:
- enc = MBSTRING_UTF8;
- break;
- case CTC_PRINTABLE:
- enc = V_ASN1_PRINTABLESTRING;
- break;
- default:
- WOLFSSL_MSG("Unknown encoding type, default UTF8");
- enc = MBSTRING_UTF8;
- }
- if (nid != 0) {
- /* Add an entry to the X509_NAME. */
- if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc, str,
- (int)strLen, -1, -1) != WOLFSSL_SUCCESS) {
- ret = ASN_PARSE_E;
- }
- }
- }
- #endif
- }
- }
- if (ret == 0) {
- /* Terminate string. */
- full[idx] = 0;
- /* Return index into encoding after name. */
- *inOutIdx = srcIdx;
- #ifdef WOLFSSL_X509_NAME_AVAILABLE
- /* Store X509_NAME in certificate. */
- if (nameType == ISSUER) {
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(HAVE_LIGHTY)) && \
- (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
- dName->rawLen = (int)min((word32)cert->issuerRawLen,
- WC_ASN_NAME_MAX);
- XMEMCPY(dName->raw, cert->issuerRaw, (size_t)dName->rawLen);
- #endif
- cert->issuerName = dName;
- }
- else {
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
- dName->rawLen = (int)min((word32)cert->subjectRawLen,
- WC_ASN_NAME_MAX);
- XMEMCPY(dName->raw, cert->subjectRaw, (size_t)dName->rawLen);
- #endif
- cert->subjectName = dName;
- }
- }
- else {
- /* Dispose of unused X509_NAME. */
- wolfSSL_X509_NAME_free(dName);
- #endif
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for certificate name. */
- static const ASNItem certNameASN[] = {
- /* OID */ { 0, ASN_OBJECT_ID, 0, 0, 1 },
- /* NAME */ { 0, ASN_SEQUENCE, 1, 0, 0 },
- };
- enum {
- CERTNAMEASN_IDX_OID = 0,
- CERTNAMEASN_IDX_NAME
- };
- /* Number of items in ASN.1 template for certificate name. */
- #define certNameASN_Length (sizeof(certNameASN) / sizeof(ASNItem))
- #endif
- /* Get a certificate name into the certificate object.
- *
- * Either the issuer or subject name.
- *
- * @param [in, out] cert Decoded certificate object.
- * @param [in] nameType Type of name being decoded: ISSUER or SUBJECT.
- * @param [in] maxIdx Index of next item after certificate name.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- int GetName(DecodedCert* cert, int nameType, int maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- char* full;
- byte* hash;
- int length;
- word32 localIdx;
- byte tag;
- WOLFSSL_MSG("Getting Name");
- if (nameType == ISSUER) {
- full = cert->issuer;
- hash = cert->issuerHash;
- }
- else {
- full = cert->subject;
- hash = cert->subjectHash;
- }
- if (cert->srcIdx >= (word32)maxIdx) {
- return BUFFER_E;
- }
- localIdx = cert->srcIdx;
- if (GetASNTag(cert->source, &localIdx, &tag, (word32)maxIdx) < 0) {
- return ASN_PARSE_E;
- }
- if (tag == ASN_OBJECT_ID) {
- WOLFSSL_MSG("Trying optional prefix...");
- if (SkipObjectId(cert->source, &cert->srcIdx, (word32)maxIdx) < 0)
- return ASN_PARSE_E;
- WOLFSSL_MSG("Got optional prefix");
- }
- localIdx = cert->srcIdx;
- if (GetASNTag(cert->source, &localIdx, &tag, (word32)maxIdx) < 0) {
- return ASN_PARSE_E;
- }
- localIdx = cert->srcIdx + 1;
- if (GetLength(cert->source, &localIdx, &length, (word32)maxIdx) < 0) {
- return ASN_PARSE_E;
- }
- length += (int)(localIdx - cert->srcIdx);
- return GetCertName(cert, full, hash, nameType, cert->source, &cert->srcIdx,
- cert->srcIdx + (word32)length);
- #else
- ASNGetData dataASN[certNameASN_Length];
- word32 idx = cert->srcIdx;
- int ret = 0;
- WOLFSSL_MSG("Getting Name");
- XMEMSET(dataASN, 0, sizeof(dataASN));
- /* Initialize for data and don't check optional prefix OID. */
- GetASN_OID(&dataASN[CERTNAMEASN_IDX_OID], oidIgnoreType);
- ret = GetASN_Items(certNameASN, dataASN, certNameASN_Length, 0,
- cert->source, &idx, (word32)maxIdx);
- if (ret == 0) {
- char* full;
- byte* hash;
- /* Store offset of SEQUENCE that is start of name. */
- cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset;
- /* Get fields to fill in based on name type. */
- if (nameType == ISSUER) {
- full = cert->issuer;
- hash = cert->issuerHash;
- }
- else {
- full = cert->subject;
- hash = cert->subjectHash;
- }
- /* Parse certificate name. */
- ret = GetCertName(cert, full, hash, nameType, cert->source,
- &cert->srcIdx, idx);
- }
- return ret;
- #endif
- }
- #ifndef NO_ASN_TIME
- /* two byte date/time, add to value */
- static WC_INLINE int GetTime(int* value, const byte* date, int* idx)
- {
- int i = *idx;
- if (date[i] < 0x30 || date[i] > 0x39 || date[i+1] < 0x30 ||
- date[i+1] > 0x39) {
- return ASN_PARSE_E;
- }
- *value += (int)btoi(date[i++]) * 10;
- *value += (int)btoi(date[i++]);
- *idx = i;
- return 0;
- }
- #ifdef WOLFSSL_LINUXKM
- static WC_INLINE int GetTime_Long(long* value, const byte* date, int* idx)
- {
- int i = *idx;
- if (date[i] < 0x30 || date[i] > 0x39 || date[i+1] < 0x30 ||
- date[i+1] > 0x39) {
- return ASN_PARSE_E;
- }
- *value += (long)btoi(date[i++]) * 10;
- *value += (long)btoi(date[i++]);
- *idx = i;
- return 0;
- }
- #endif
- int ExtractDate(const unsigned char* date, unsigned char format,
- struct tm* certTime, int* idx)
- {
- XMEMSET(certTime, 0, sizeof(struct tm));
- if (format == ASN_UTC_TIME) {
- if (btoi(date[*idx]) >= 5)
- certTime->tm_year = 1900;
- else
- certTime->tm_year = 2000;
- }
- else { /* format == GENERALIZED_TIME */
- #ifdef WOLFSSL_LINUXKM
- if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0;
- #else
- if (GetTime(&certTime->tm_year, date, idx) != 0) return 0;
- #endif
- certTime->tm_year *= 100;
- }
- #ifdef AVR
- /* Extract the time from the struct tm and adjust tm_year, tm_mon */
- /* AVR libc stores these as uint8_t instead of int */
- /* AVR time_t also offsets from midnight 1 Jan 2000 */
- int tm_year = certTime->tm_year - 2000;
- int tm_mon = certTime->tm_mon - 1;
- int tm_mday = certTime->tm_mday;
- int tm_hour = certTime->tm_hour;
- int tm_min = certTime->tm_min;
- int tm_sec = certTime->tm_sec;
- #ifdef WOLFSSL_LINUXKM
- if (GetTime_Long(&tm_year, date, idx) != 0) return 0;
- #else
- if (GetTime(&tm_year, date, idx) != 0) return 0;
- #endif
- if (GetTime(&tm_mon , date, idx) != 0) return 0;
- if (GetTime(&tm_mday, date, idx) != 0) return 0;
- if (GetTime(&tm_hour, date, idx) != 0) return 0;
- if (GetTime(&tm_min , date, idx) != 0) return 0;
- if (GetTime(&tm_sec , date, idx) != 0) return 0;
- /* Re-populate certTime with computed values */
- certTime->tm_year = tm_year;
- certTime->tm_mon = tm_mon;
- certTime->tm_mday = tm_mday;
- certTime->tm_hour = tm_hour;
- certTime->tm_min = tm_min;
- certTime->tm_sec = tm_sec;
- #else
- /* adjust tm_year, tm_mon */
- #ifdef WOLFSSL_LINUXKM
- if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0;
- #else
- if (GetTime(&certTime->tm_year, date, idx) != 0) return 0;
- #endif
- certTime->tm_year -= 1900;
- if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0;
- certTime->tm_mon -= 1;
- if (GetTime(&certTime->tm_mday, date, idx) != 0) return 0;
- if (GetTime(&certTime->tm_hour, date, idx) != 0) return 0;
- if (GetTime(&certTime->tm_min , date, idx) != 0) return 0;
- if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0;
- #endif
- return 1;
- }
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
- defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
- int GetTimeString(byte* date, int format, char* buf, int len)
- {
- struct tm t;
- int idx = 0;
- if (!ExtractDate(date, (unsigned char)format, &t, &idx)) {
- return 0;
- }
- if (date[idx] != 'Z') {
- WOLFSSL_MSG("UTCtime, not Zulu") ;
- return 0;
- }
- /* place month in buffer */
- buf[0] = '\0';
- switch(t.tm_mon) {
- case 0: XSTRNCAT(buf, "Jan ", 5); break;
- case 1: XSTRNCAT(buf, "Feb ", 5); break;
- case 2: XSTRNCAT(buf, "Mar ", 5); break;
- case 3: XSTRNCAT(buf, "Apr ", 5); break;
- case 4: XSTRNCAT(buf, "May ", 5); break;
- case 5: XSTRNCAT(buf, "Jun ", 5); break;
- case 6: XSTRNCAT(buf, "Jul ", 5); break;
- case 7: XSTRNCAT(buf, "Aug ", 5); break;
- case 8: XSTRNCAT(buf, "Sep ", 5); break;
- case 9: XSTRNCAT(buf, "Oct ", 5); break;
- case 10: XSTRNCAT(buf, "Nov ", 5); break;
- case 11: XSTRNCAT(buf, "Dec ", 5); break;
- default:
- return 0;
- }
- idx = 4; /* use idx now for char buffer */
- if (XSNPRINTF(buf + idx, (size_t)(len - idx), "%2d %02d:%02d:%02d %d GMT",
- t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec, (int)t.tm_year + 1900)
- >= len - idx)
- {
- WOLFSSL_MSG("buffer overrun in GetTimeString");
- return 0;
- }
- return 1;
- }
- #endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
- /* Check time struct for valid values. Returns 0 for success */
- static int ValidateGmtime(struct tm* inTime)
- {
- int ret = 1;
- if ((inTime != NULL) &&
- (inTime->tm_sec >= 0) && (inTime->tm_sec <= 61) &&
- (inTime->tm_min >= 0) && (inTime->tm_min <= 59) &&
- (inTime->tm_hour >= 0) && (inTime->tm_hour <= 23) &&
- (inTime->tm_mday >= 1) && (inTime->tm_mday <= 31) &&
- (inTime->tm_mon >= 0) && (inTime->tm_mon <= 11) &&
- (inTime->tm_wday >= 0) && (inTime->tm_wday <= 6) &&
- (inTime->tm_yday >= 0) && (inTime->tm_yday <= 365)) {
- ret = 0;
- }
- return ret;
- }
- #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
- !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7))
- /* Set current time string, either UTC or GeneralizedTime.
- * (void*) tm should be a pointer to time_t, output is placed in buf.
- *
- * Return time string length placed in buf on success, negative on error */
- int GetAsnTimeString(void* currTime, byte* buf, word32 len)
- {
- byte* data_ptr = buf;
- byte uf_time[ASN_GENERALIZED_TIME_SIZE];
- int data_len = 0;
- WOLFSSL_ENTER("GetAsnTimeString");
- if (buf == NULL || len == 0)
- return BAD_FUNC_ARG;
- XMEMSET(uf_time, 0, sizeof(uf_time));
- /* GetFormattedTime returns length with null terminator */
- data_len = GetFormattedTime(currTime, uf_time, (word32)sizeof(uf_time));
- if (data_len <= 0) {
- return ASN_TIME_E;
- }
- /* ensure room to add 2 bytes (ASN type and length) before proceeding */
- else if (len < (word32)data_len + 2) {
- return BUFFER_E;
- }
- if (data_len == ASN_UTC_TIME_SIZE-1) {
- /* increment data_len for ASN length byte after adding the data_ptr */
- *data_ptr = (byte)ASN_UTC_TIME; data_ptr++; data_len++;
- /* -1 below excludes null terminator */
- *data_ptr = (byte)ASN_UTC_TIME_SIZE - 1; data_ptr++; data_len++;
- XMEMCPY(data_ptr, (byte *)uf_time, ASN_UTC_TIME_SIZE - 1);
- data_ptr += ASN_UTC_TIME_SIZE - 1;
- }
- else if (data_len == ASN_GENERALIZED_TIME_SIZE-1) {
- /* increment data_len for ASN length byte after adding the data_ptr */
- *data_ptr = (byte)ASN_GENERALIZED_TIME; data_ptr++; data_len++;
- /* -1 below excludes null terminator */
- *data_ptr = (byte)ASN_GENERALIZED_TIME_SIZE - 1; data_ptr++; data_len++;
- XMEMCPY(data_ptr, (byte*)uf_time, ASN_GENERALIZED_TIME_SIZE - 1);
- data_ptr += ASN_GENERALIZED_TIME_SIZE - 1;
- }
- else {
- WOLFSSL_MSG("Invalid time size returned");
- return ASN_TIME_E;
- }
- /* append null terminator */
- *data_ptr = 0;
- /* return length without null terminator */
- return data_len;
- }
- /* return just the time string as either UTC or Generalized Time*/
- int GetFormattedTime(void* currTime, byte* buf, word32 len)
- {
- struct tm* ts = NULL;
- struct tm* tmpTime = NULL;
- int year, mon, day, hour, mini, sec;
- int ret;
- #if defined(NEED_TMP_TIME)
- struct tm tmpTimeStorage;
- tmpTime = &tmpTimeStorage;
- #endif
- /* Needed in case XGMTIME does not use the tmpTime argument. */
- (void)tmpTime;
- WOLFSSL_ENTER("GetFormattedTime");
- if (buf == NULL || len == 0)
- return BAD_FUNC_ARG;
- ts = (struct tm *)XGMTIME((time_t*)currTime, tmpTime);
- if (ValidateGmtime(ts)) {
- WOLFSSL_MSG("failed to get time data.");
- return ASN_TIME_E;
- }
- /* Note ASN_UTC_TIME_SIZE and ASN_GENERALIZED_TIME_SIZE include space for
- * the null terminator. ASN encoded values leave off the terminator. */
- if (ts->tm_year >= 50 && ts->tm_year < 150) {
- /* UTC Time */
- if (ts->tm_year >= 50 && ts->tm_year < 100) {
- year = ts->tm_year;
- }
- else {
- year = ts->tm_year - 100;
- }
- mon = ts->tm_mon + 1;
- day = ts->tm_mday;
- hour = ts->tm_hour;
- mini = ts->tm_min;
- sec = ts->tm_sec;
- #if defined(WOLF_C89)
- if (len < ASN_UTC_TIME_SIZE) {
- WOLFSSL_MSG("buffer for GetFormattedTime is too short.");
- return BUFFER_E;
- }
- ret = XSPRINTF((char*)buf,
- "%02d%02d%02d%02d%02d%02dZ", year, mon, day,
- hour, mini, sec);
- #else
- ret = XSNPRINTF((char*)buf, len,
- "%02d%02d%02d%02d%02d%02dZ", year, mon, day,
- hour, mini, sec);
- #endif
- }
- else {
- /* GeneralizedTime */
- year = ts->tm_year + 1900;
- mon = ts->tm_mon + 1;
- day = ts->tm_mday;
- hour = ts->tm_hour;
- mini = ts->tm_min;
- sec = ts->tm_sec;
- #if defined(WOLF_C89)
- if (len < ASN_GENERALIZED_TIME_SIZE) {
- WOLFSSL_MSG("buffer for GetFormattedTime is too short.");
- return BUFFER_E;
- }
- ret = XSPRINTF((char*)buf,
- "%4d%02d%02d%02d%02d%02dZ", year, mon, day,
- hour, mini, sec);
- #else
- ret = XSNPRINTF((char*)buf, len,
- "%4d%02d%02d%02d%02d%02dZ", year, mon, day,
- hour, mini, sec);
- #endif
- }
- return ret;
- }
- #endif /* !NO_ASN_TIME && !USER_TIME && !TIME_OVERRIDES &&
- * (OPENSSL_EXTRA || HAVE_PKCS7) */
- #if defined(USE_WOLF_VALIDDATE)
- /* to the second */
- int DateGreaterThan(const struct tm* a, const struct tm* b)
- {
- if (a->tm_year > b->tm_year)
- return 1;
- if (a->tm_year == b->tm_year && a->tm_mon > b->tm_mon)
- return 1;
- if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
- a->tm_mday > b->tm_mday)
- return 1;
- if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
- a->tm_mday == b->tm_mday && a->tm_hour > b->tm_hour)
- return 1;
- if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
- a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour &&
- a->tm_min > b->tm_min)
- return 1;
- if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
- a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour &&
- a->tm_min == b->tm_min && a->tm_sec > b->tm_sec)
- return 1;
- return 0; /* false */
- }
- static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)
- {
- return DateGreaterThan(b,a);
- }
- /* like atoi but only use first byte */
- /* Make sure before and after dates are valid */
- /* date = ASN.1 raw */
- /* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */
- /* dateType = AFTER or BEFORE */
- int wc_ValidateDate(const byte* date, byte format, int dateType)
- {
- time_t ltime;
- struct tm certTime;
- struct tm* localTime;
- struct tm* tmpTime;
- int i = 0;
- int timeDiff = 0;
- int diffHH = 0, diffMM = 0;
- #if defined(NEED_TMP_TIME)
- struct tm tmpTimeStorage;
- tmpTime = &tmpTimeStorage;
- #else
- tmpTime = NULL;
- #endif
- (void)tmpTime;
- ltime = wc_Time(0);
- #ifndef NO_TIME_SIGNEDNESS_CHECK
- if (sizeof(ltime) == sizeof(word32) && (sword32)ltime < 0){
- /* A negative response here could be due to a 32-bit time_t
- * where the year is 2038 or later. */
- WOLFSSL_MSG("wc_Time failed to return a valid value");
- return 0;
- }
- #endif
- #ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW
- if (dateType == BEFORE) {
- WOLFSSL_MSG("Skewing local time for before date check");
- ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW;
- }
- #endif
- #ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW
- if (dateType == AFTER) {
- WOLFSSL_MSG("Skewing local time for after date check");
- ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW;
- }
- #endif
- if (!ExtractDate(date, format, &certTime, &i)) {
- WOLFSSL_MSG("Error extracting the date");
- return 0;
- }
- if ((date[i] == '+') || (date[i] == '-')) {
- int diffSign;
- WOLFSSL_MSG("Using time differential, not Zulu") ;
- diffSign = date[i++] == '+' ? 1 : -1 ;
- if (GetTime(&diffHH, date, &i) != 0)
- return 0;
- if (GetTime(&diffMM, date, &i) != 0)
- return 0;
- timeDiff = diffSign * (diffHH*60 + diffMM) * 60 ;
- } else if (date[i] != 'Z') {
- WOLFSSL_MSG("UTCtime, neither Zulu or time differential") ;
- return 0;
- }
- ltime -= (time_t)timeDiff;
- localTime = XGMTIME(<ime, tmpTime);
- if (ValidateGmtime(localTime)) {
- WOLFSSL_MSG("XGMTIME failed");
- return 0;
- }
- if (dateType == BEFORE) {
- if (DateLessThan(localTime, &certTime)) {
- WOLFSSL_MSG("Date BEFORE check failed");
- return 0;
- }
- }
- else { /* dateType == AFTER */
- if (DateGreaterThan(localTime, &certTime)) {
- WOLFSSL_MSG("Date AFTER check failed");
- return 0;
- }
- }
- return 1;
- }
- #endif /* USE_WOLF_VALIDDATE */
- int wc_GetTime(void* timePtr, word32 timeSize)
- {
- time_t* ltime = (time_t*)timePtr;
- if (timePtr == NULL) {
- return BAD_FUNC_ARG;
- }
- if ((word32)sizeof(time_t) > timeSize) {
- return BUFFER_E;
- }
- *ltime = wc_Time(0);
- return 0;
- }
- #ifdef TIME_OVERRIDES
- #ifndef HAVE_TIME_T_TYPE
- typedef long time_t;
- #endif
- extern time_t XTIME(time_t* t);
- #endif
- static wc_time_cb timeFunc = NULL;
- int wc_SetTimeCb(wc_time_cb f)
- {
- timeFunc = f;
- return 0;
- }
- time_t wc_Time(time_t* t)
- {
- if (timeFunc != NULL) {
- return timeFunc(t);
- }
- return XTIME(t);
- }
- #endif /* !NO_ASN_TIME */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* TODO: use a CHOICE instead of two items? */
- /* ASN.1 template for a date - either UTC or Generalized Time. */
- static const ASNItem dateASN[] = {
- /* UTC */ { 0, ASN_UTC_TIME, 0, 0, 2 },
- /* GT */ { 0, ASN_GENERALIZED_TIME, 0, 0, 2 },
- };
- enum {
- DATEASN_IDX_UTC = 0,
- DATEASN_IDX_GT
- };
- /* Number of items in ASN.1 template for a date. */
- #define dateASN_Length (sizeof(dateASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* Get date buffer, format and length. Returns 0=success or error */
- /* Decode a DateInfo - choice of UTC TIME or GENERALIZED TIME.
- *
- * @param [in] source Buffer containing encoded date.
- * @param [in, out] idx On in, the index of the date.
- * On out, index after date.
- * @param [out] pDate Pointer into buffer of data bytes.
- * @param [out] pFormat Format of date - BER/DER tag.
- * @param [out] pLength Length of date bytes.
- * @param [in] maxIdx Index of next item after date.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when source or idx is NULL.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- */
- static int GetDateInfo(const byte* source, word32* idx, const byte** pDate,
- byte* pFormat, int* pLength, word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length;
- byte format;
- if (source == NULL || idx == NULL)
- return BAD_FUNC_ARG;
- /* get ASN format header */
- if (*idx+1 > maxIdx)
- return BUFFER_E;
- format = source[*idx];
- *idx += 1;
- if (format != ASN_UTC_TIME && format != ASN_GENERALIZED_TIME) {
- WOLFSSL_ERROR_VERBOSE(ASN_TIME_E);
- return ASN_TIME_E;
- }
- /* get length */
- if (GetLength(source, idx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
- if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE)
- return ASN_DATE_SZ_E;
- /* return format, date and length */
- if (pFormat)
- *pFormat = format;
- if (pDate)
- *pDate = &source[*idx];
- if (pLength)
- *pLength = length;
- *idx += (word32)length;
- return 0;
- #else
- ASNGetData dataASN[dateASN_Length];
- int ret = 0;
- if ((source == NULL) || (idx == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- /* Initialize data. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- /* Parse date. */
- ret = GetASN_Items(dateASN, dataASN, dateASN_Length, 0, source, idx,
- maxIdx);
- }
- if (ret == 0) {
- /* Determine which tag was seen. */
- int i = (dataASN[DATEASN_IDX_UTC].tag != 0) ? DATEASN_IDX_UTC
- : DATEASN_IDX_GT;
- /* Return data from seen item. */
- if (pFormat != NULL) {
- *pFormat = dataASN[i].tag;
- }
- if (pDate != NULL) {
- *pDate = dataASN[i].data.ref.data;
- }
- if (pLength != NULL) {
- *pLength = (int)dataASN[i].data.ref.length;
- }
- }
- return ret;
- #endif
- }
- #if !defined(NO_CERTS) && !defined(WOLFSSL_ASN_TEMPLATE)
- static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
- {
- int ret, length;
- const byte *datePtr = NULL;
- byte date[MAX_DATE_SIZE];
- byte format;
- word32 startIdx = 0;
- if (dateType == BEFORE)
- cert->beforeDate = &cert->source[cert->srcIdx];
- else
- cert->afterDate = &cert->source[cert->srcIdx];
- startIdx = cert->srcIdx;
- ret = GetDateInfo(cert->source, &cert->srcIdx, &datePtr, &format,
- &length, (word32)maxIdx);
- if (ret < 0)
- return ret;
- XMEMSET(date, 0, MAX_DATE_SIZE);
- XMEMCPY(date, datePtr, (size_t)length);
- if (dateType == BEFORE)
- cert->beforeDateLen = (int)(cert->srcIdx - startIdx);
- else
- cert->afterDateLen = (int)(cert->srcIdx - startIdx);
- #ifndef NO_ASN_TIME_CHECK
- if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE &&
- !XVALIDATE_DATE(date, format, dateType)) {
- if (dateType == BEFORE) {
- WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E);
- return ASN_BEFORE_DATE_E;
- }
- else {
- WOLFSSL_ERROR_VERBOSE(ASN_AFTER_DATE_E);
- return ASN_AFTER_DATE_E;
- }
- }
- #else
- (void)verify;
- #endif
- return 0;
- }
- static int GetValidity(DecodedCert* cert, int verify, int maxIdx)
- {
- int length;
- int badDate = 0;
- if (GetSequence(cert->source, &cert->srcIdx, &length, (word32)maxIdx) < 0)
- return ASN_PARSE_E;
- maxIdx = (int)cert->srcIdx + length;
- if (GetDate(cert, BEFORE, verify, maxIdx) < 0)
- badDate = ASN_BEFORE_DATE_E; /* continue parsing */
- if (GetDate(cert, AFTER, verify, maxIdx) < 0)
- return ASN_AFTER_DATE_E;
- if (badDate != 0)
- return badDate;
- return 0;
- }
- #endif /* !NO_CERTS && !WOLFSSL_ASN_TEMPLATE */
- int wc_GetDateInfo(const byte* certDate, int certDateSz, const byte** date,
- byte* format, int* length)
- {
- int ret;
- word32 idx = 0;
- ret = GetDateInfo(certDate, &idx, date, format, length, (word32)certDateSz);
- return ret;
- }
- #ifndef NO_ASN_TIME
- int wc_GetDateAsCalendarTime(const byte* date, int length, byte format,
- struct tm* timearg)
- {
- int idx = 0;
- (void)length;
- if (!ExtractDate(date, format, timearg, &idx))
- return ASN_TIME_E;
- return 0;
- }
- #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES)
- int wc_GetCertDates(Cert* cert, struct tm* before, struct tm* after)
- {
- int ret = 0;
- const byte* date;
- byte format;
- int length;
- if (cert == NULL)
- return BAD_FUNC_ARG;
- if (before && cert->beforeDateSz > 0) {
- ret = wc_GetDateInfo(cert->beforeDate, cert->beforeDateSz, &date,
- &format, &length);
- if (ret == 0)
- ret = wc_GetDateAsCalendarTime(date, length, format, before);
- }
- if (after && cert->afterDateSz > 0) {
- ret = wc_GetDateInfo(cert->afterDate, cert->afterDateSz, &date,
- &format, &length);
- if (ret == 0)
- ret = wc_GetDateAsCalendarTime(date, length, format, after);
- }
- return ret;
- }
- #endif /* WOLFSSL_CERT_GEN && WOLFSSL_ALT_NAMES */
- #endif /* !NO_ASN_TIME */
- #if !defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_CERTS)
- static int GetSigAlg(DecodedCert* cert, word32* sigOid, word32 maxIdx)
- {
- int length;
- word32 endSeqIdx;
- if (GetSequence(cert->source, &cert->srcIdx, &length, maxIdx) < 0)
- return ASN_PARSE_E;
- endSeqIdx = cert->srcIdx + (word32)length;
- if (GetObjectId(cert->source, &cert->srcIdx, sigOid, oidSigType,
- maxIdx) < 0) {
- return ASN_OBJECT_ID_E;
- }
- if (cert->srcIdx != endSeqIdx) {
- #ifdef WC_RSA_PSS
- if (*sigOid == CTC_RSASSAPSS) {
- cert->sigParamsIndex = cert->srcIdx;
- cert->sigParamsLength = endSeqIdx - cert->srcIdx;
- }
- else
- #endif
- /* Only allowed a ASN NULL header with zero length. */
- if (endSeqIdx - cert->srcIdx != 2)
- return ASN_PARSE_E;
- else {
- byte tag;
- if (GetASNTag(cert->source, &cert->srcIdx, &tag, endSeqIdx) != 0)
- return ASN_PARSE_E;
- if (tag != ASN_TAG_NULL)
- return ASN_PARSE_E;
- }
- }
- cert->srcIdx = endSeqIdx;
- return 0;
- }
- #endif
- #ifndef NO_CERTS
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* TODO: move code around to not require this. */
- static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
- int* badDateRet, int stopAtPubKey,
- int stopAfterPubKey);
- #endif
- /* Assumes the target is a Raw-Public-Key certificate and parsed up to the
- * public key. Returns CRYPTOCB_UNAVAILABLE if it determines that the cert is
- * different from the Paw-Public-Key cert. In that case, cert->srcIdx is not
- * consumed so as succeeding parse function can take over.
- * In case that the target is Raw-Public-Key cert and contains a public key,
- * returns 0 and consumes cert->srcIdx so as a public key retrieval function
- * can follow.
- */
- #if defined(HAVE_RPK)
- int TryDecodeRPKToKey(DecodedCert* cert)
- {
- int ret = 0, len;
- word32 tmpIdx;
- word32 oid;
- WOLFSSL_ENTER("TryDecodeRPKToKey");
- if (cert == NULL)
- return BAD_FUNC_ARG;
- tmpIdx = cert->srcIdx;
- /* both X509 cert and RPK cert should start with a Sequence tag */
- if (ret == 0) {
- if (GetSequence(cert->source, &tmpIdx, &len, cert->maxIdx) < 0)
- ret = ASN_PARSE_E;
- }
- /* TBSCertificate of X509 or AlgorithmIdentifier of RPK cert */
- if (ret == 0) {
- if (GetSequence(cert->source, &tmpIdx, &len, cert->maxIdx) < 0)
- ret = ASN_PARSE_E;
- }
- /* OBJ ID should be next in RPK cert */
- if (ret == 0) {
- if (GetObjectId(cert->source, &tmpIdx, &oid, oidKeyType, cert->maxIdx)
- < 0)
- ret = CRYPTOCB_UNAVAILABLE;
- }
- /* consume cert->srcIdx */
- if (ret == 0) {
- WOLFSSL_MSG("Looks like RPK certificate");
- cert->srcIdx = tmpIdx;
- }
- WOLFSSL_LEAVE("TryDecodeRPKToKey", ret);
- return ret;
- }
- #endif /* HAVE_RPK */
- /* Parse the certificate up to the X.509 public key.
- *
- * If cert data is invalid then badDate get set to error value.
- *
- * @param [in, out] cert Decoded certificate object.
- * @param [in] verify Whether to verify dates.
- * @param [out] badDate Error code when verify dates.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when cert or badDate is NULL.
- * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
- * @return ASN_DATE_SZ_E when time data is not supported.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set.
- */
- int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- if (cert == NULL || badDate == NULL)
- return BAD_FUNC_ARG;
- *badDate = 0;
- if ( (ret = GetCertHeader(cert)) < 0)
- return ret;
- WOLFSSL_MSG("Got Cert Header");
- #ifdef WOLFSSL_CERT_REQ
- if (!cert->isCSR) {
- #endif
- /* Using the sigIndex as the upper bound because that's where the
- * actual certificate data ends. */
- if ((ret = GetSigAlg(cert, &cert->signatureOID, cert->sigIndex)) < 0)
- return ret;
- WOLFSSL_MSG("Got Algo ID");
- if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0)
- return ret;
- if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0)
- *badDate = ret;
- #ifdef WOLFSSL_CERT_REQ
- }
- #endif
- if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0)
- return ret;
- WOLFSSL_MSG("Got Subject Name");
- return ret;
- #else
- /* Use common decode routine and stop at public key. */
- int ret;
- *badDate = 0;
- ret = DecodeCertInternal(cert, verify, NULL, badDate, 1, 0);
- if (ret >= 0) {
- /* Store current index: public key. */
- cert->srcIdx = (word32)ret;
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Parse the certificate up to and including X.509 public key.
- *
- * @param [in, out] cert Decoded certificate object.
- * @param [in] verify Whether to verify dates.
- * @return 0 on success.
- * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
- * @return ASN_DATE_SZ_E when time data is not supported.
- * @return ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return ASN_AFTER_DATE_E when AFTER date is invalid.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set.
- */
- int DecodeToKey(DecodedCert* cert, int verify)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int badDate = 0;
- int ret;
- #if defined(HAVE_RPK)
- /* Raw Public Key certificate has only a SubjectPublicKeyInfo structure
- * as its contents. So try to call GetCertKey to get public key from it.
- * If it fails, the cert should be a X509 cert and proceed to process as
- * x509 cert. */
- ret = GetCertKey(cert, cert->source, &cert->srcIdx, cert->maxIdx);
- if (ret == 0) {
- WOLFSSL_MSG("Raw Public Key certificate found and parsed");
- cert->isRPK = 1;
- return ret;
- }
- #endif /* HAVE_RPK */
- if ( (ret = wc_GetPubX509(cert, verify, &badDate)) < 0)
- return ret;
- /* Determine if self signed */
- #ifdef WOLFSSL_CERT_REQ
- if (cert->isCSR)
- cert->selfSigned = 1;
- else
- #endif
- {
- cert->selfSigned = XMEMCMP(cert->issuerHash, cert->subjectHash,
- KEYID_SIZE) == 0 ? 1 : 0;
- }
- ret = GetCertKey(cert, cert->source, &cert->srcIdx, cert->maxIdx);
- if (ret != 0)
- return ret;
- WOLFSSL_MSG("Got Key");
- if (badDate != 0)
- return badDate;
- return ret;
- #else
- int ret;
- int badDate = 0;
- /* Call internal version and stop after public key. */
- ret = DecodeCertInternal(cert, verify, NULL, &badDate, 0, 1);
- /* Always return date errors. */
- if (ret == 0) {
- ret = badDate;
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #if !defined(WOLFSSL_ASN_TEMPLATE)
- static int GetSignature(DecodedCert* cert)
- {
- int length;
- int ret;
- ret = CheckBitString(cert->source, &cert->srcIdx, &length, cert->maxIdx, 1,
- NULL);
- if (ret != 0)
- return ret;
- cert->sigLength = (word32)length;
- cert->signature = &cert->source[cert->srcIdx];
- cert->srcIdx += cert->sigLength;
- if (cert->srcIdx != cert->maxIdx)
- return ASN_PARSE_E;
- return 0;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #endif /* !NO_CERTS */
- #ifndef WOLFSSL_ASN_TEMPLATE
- static word32 SetOctetString8Bit(word32 len, byte* output)
- {
- output[0] = ASN_OCTET_STRING;
- output[1] = (byte)len;
- return 2;
- }
- static word32 SetDigest(const byte* digest, word32 digSz, byte* output)
- {
- word32 idx = SetOctetString8Bit(digSz, output);
- XMEMCPY(&output[idx], digest, digSz);
- return idx + digSz;
- }
- #endif
- /* Encode a length for DER.
- *
- * @param [in] length Value to encode.
- * @param [out] output Buffer to encode into.
- * @return Number of bytes encoded.
- */
- word32 SetLength(word32 length, byte* output)
- {
- /* Start encoding at start of buffer. */
- word32 i = 0;
- if (length < ASN_LONG_LENGTH) {
- /* Only one byte needed to encode. */
- if (output) {
- /* Write out length value. */
- output[i] = (byte)length;
- }
- /* Skip over length. */
- i++;
- }
- else {
- /* Calculate the number of bytes required to encode value. */
- byte j = (byte)BytePrecision(length);
- if (output) {
- /* Encode count byte. */
- output[i] = (byte)(j | ASN_LONG_LENGTH);
- }
- /* Skip over count byte. */
- i++;
- /* Encode value as a big-endian byte array. */
- for (; j > 0; --j) {
- if (output) {
- /* Encode next most-significant byte. */
- output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
- }
- /* Skip over byte. */
- i++;
- }
- }
- /* Return number of bytes in encoded length. */
- return i;
- }
- word32 SetLengthEx(word32 length, byte* output, byte isIndef)
- {
- if (isIndef) {
- if (output != NULL) {
- output[0] = ASN_INDEF_LENGTH;
- }
- return 1;
- }
- else {
- return SetLength(length, output);
- }
- }
- /* Encode a DER header - type/tag and length.
- *
- * @param [in] tag DER tag of ASN.1 item.
- * @param [in] len Length of data in ASN.1 item.
- * @param [out] output Buffer to encode into.
- * @return Number of bytes encoded.
- */
- static word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef)
- {
- if (output) {
- /* Encode tag first. */
- output[0] = tag;
- }
- /* Encode the length. */
- return SetLengthEx(len, output ? output + ASN_TAG_SZ : NULL, isIndef) +
- ASN_TAG_SZ;
- }
- /* Encode a SEQUENCE header in DER.
- *
- * @param [in] len Length of data in SEQUENCE.
- * @param [out] output Buffer to encode into.
- * @return Number of bytes encoded.
- */
- word32 SetSequence(word32 len, byte* output)
- {
- return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output, 0);
- }
- word32 SetSequenceEx(word32 len, byte* output, byte isIndef)
- {
- return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output, isIndef);
- }
- /* Encode an OCTET STRING header in DER.
- *
- * @param [in] len Length of data in OCTET STRING.
- * @param [out] output Buffer to encode into.
- * @return Number of bytes encoded.
- */
- word32 SetOctetString(word32 len, byte* output)
- {
- return SetHeader(ASN_OCTET_STRING, len, output, 0);
- }
- word32 SetOctetStringEx(word32 len, byte* output, byte indef)
- {
- if (indef)
- return SetHeader(ASN_OCTET_STRING | ASN_CONSTRUCTED, len, output, indef);
- return SetOctetString(len, output);
- }
- /* Encode a SET header in DER.
- *
- * @param [in] len Length of data in SET.
- * @param [out] output Buffer to encode into.
- * @return Number of bytes encoded.
- */
- word32 SetSet(word32 len, byte* output)
- {
- return SetHeader(ASN_SET | ASN_CONSTRUCTED, len, output, 0);
- }
- /* Encode an implicit context specific header in DER.
- *
- * Implicit means that it is constructed only if the included ASN.1 item is.
- *
- * @param [in] tag Tag for the implicit ASN.1 item.
- * @param [in] number Context specific number.
- * @param [in] len Length of data in SET.
- * @param [out] output Buffer to encode into.
- * @return Number of bytes encoded.
- */
- word32 SetImplicit(byte tag, byte number, word32 len, byte* output, byte isIndef)
- {
- byte useIndef = 0;
- if ((tag == ASN_OCTET_STRING) && isIndef) {
- tag = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number;
- }
- else {
- tag = (byte)(((tag == ASN_SEQUENCE || tag == ASN_SET) ?
- ASN_CONSTRUCTED : 0) | ASN_CONTEXT_SPECIFIC | number);
- }
- if (isIndef && (tag & ASN_CONSTRUCTED)) {
- useIndef = 1;
- }
- return SetHeader(tag, len, output, useIndef);
- }
- /* Encode an explicit context specific header in DER.
- *
- * Explicit means that there will be an ASN.1 item underneath.
- *
- * @param [in] number Context specific number.
- * @param [in] len Length of data in SET.
- * @param [out] output Buffer to encode into.
- * @return Number of bytes encoded.
- */
- word32 SetExplicit(byte number, word32 len, byte* output, byte isIndef)
- {
- return SetHeader((byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | number),
- len, output, isIndef);
- }
- #if defined(OPENSSL_EXTRA)
- /* Encode an Othername into DER.
- *
- * @param [in] name Pointer to the WOLFSSL_ASN1_OTHERNAME to be encoded.
- * @param [out] output Buffer to encode into. If NULL, don't encode.
- * @return Number of bytes encoded or WOLFSSL_FAILURE if name parameter is bad.
- */
- word32 SetOthername(void *name, byte *output)
- {
- WOLFSSL_ASN1_OTHERNAME *nm = (WOLFSSL_ASN1_OTHERNAME *)name;
- char *nameStr = NULL;
- word32 nameSz = 0;
- word32 len = 0;
- if ((nm == NULL) || (nm->value == NULL)) {
- WOLFSSL_MSG("otherName value is NULL");
- return WOLFSSL_FAILURE;
- }
- nameStr = nm->value->value.utf8string->data;
- nameSz = (word32)nm->value->value.utf8string->length;
- len = nm->type_id->objSz +
- SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) +
- SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz;
- if (output != NULL) {
- /* otherName OID */
- XMEMCPY(output, nm->type_id->obj, nm->type_id->objSz);
- output += nm->type_id->objSz;
- output += SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2,
- output, 0);
- output += SetHeader(CTC_UTF8, nameSz, output, 0);
- XMEMCPY(output, nameStr, nameSz);
- }
- return len;
- }
- #endif /* OPENSSL_EXTRA */
- #ifdef HAVE_ECC
- /* Determines whether the signature algorithm is using ECDSA.
- *
- * @param [in] algoOID Signature algorithm identifier.
- * @return 1 when algorithm is using ECDSA.
- * @return 0 otherwise.
- */
- static WC_INLINE int IsSigAlgoECDSA(word32 algoOID)
- {
- /* ECDSA sigAlgo must not have ASN1 NULL parameters */
- if (algoOID == CTC_SHAwECDSA || algoOID == CTC_SHA256wECDSA ||
- algoOID == CTC_SHA384wECDSA || algoOID == CTC_SHA512wECDSA) {
- return 1;
- }
- return 0;
- }
- #endif
- /* Determines if OID is for an EC signing algorithm including ECDSA and EdDSA
- * and post-quantum algorithms.
- *
- * @param [in] algoOID Algorithm OID.
- * @return 1 when is EC signing algorithm.
- * @return 0 otherwise.
- */
- static WC_INLINE int IsSigAlgoECC(word32 algoOID)
- {
- (void)algoOID;
- return (0
- #ifdef HAVE_ECC
- || IsSigAlgoECDSA(algoOID)
- #endif
- #ifdef WOLFSSL_SM2
- || (algoOID == SM2k)
- #endif
- #ifdef HAVE_ED25519
- || (algoOID == ED25519k)
- #endif
- #ifdef HAVE_CURVE25519
- || (algoOID == X25519k)
- #endif
- #ifdef HAVE_ED448
- || (algoOID == ED448k)
- #endif
- #ifdef HAVE_CURVE448
- || (algoOID == X448k)
- #endif
- #ifdef HAVE_PQC
- #ifdef HAVE_FACON
- || (algoOID == FALCON_LEVEL1k)
- || (algoOID == FALCON_LEVEL5k)
- #endif
- #ifdef HAVE_DILITHIUM
- || (algoOID == DILITHIUM_LEVEL2k)
- || (algoOID == DILITHIUM_LEVEL3k)
- || (algoOID == DILITHIUM_LEVEL5k)
- #endif
- #ifdef HAVE_SPHINCS
- || (algoOID == SPHINCS_FAST_LEVEL1k)
- || (algoOID == SPHINCS_FAST_LEVEL3k)
- || (algoOID == SPHINCS_FAST_LEVEL5k)
- || (algoOID == SPHINCS_SMALL_LEVEL1k)
- || (algoOID == SPHINCS_SMALL_LEVEL3k)
- || (algoOID == SPHINCS_SMALL_LEVEL5k)
- #endif
- #endif /* HAVE_PQC */
- );
- }
- /* Encode an algorithm identifier.
- *
- * [algoOID, type] is unique.
- *
- * @param [in] algoOID Algorithm identifier.
- * @param [out] output Buffer to hold encoding.
- * @param [in] type Type of OID being encoded.
- * @param [in] curveSz Add extra space for curve data.
- * @return Encoded data size on success.
- * @return 0 when dynamic memory allocation fails.
- */
- word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 tagSz, idSz, seqSz, algoSz = 0;
- const byte* algoName = 0;
- byte ID_Length[1 + MAX_LENGTH_SZ];
- byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */
- word32 length = 0;
- tagSz = (type == oidHashType ||
- (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) ||
- (type == oidKeyType && algoOID == RSAk)) ? 2U : 0U;
- algoName = OidFromId((word32)algoOID, (word32)type, &algoSz);
- if (algoName == NULL) {
- WOLFSSL_MSG("Unknown Algorithm");
- return 0;
- }
- idSz = (word32)SetObjectId((int)algoSz, ID_Length);
- seqSz = SetSequence(idSz + algoSz + tagSz + (word32)curveSz, seqArray);
- /* Copy only algo to output for DSA keys */
- if (algoOID == DSAk && output) {
- XMEMCPY(output, ID_Length, idSz);
- XMEMCPY(output + idSz, algoName, algoSz);
- if (tagSz == 2)
- SetASNNull(&output[seqSz + idSz + algoSz]);
- }
- else if (output) {
- XMEMCPY(output, seqArray, seqSz);
- XMEMCPY(output + seqSz, ID_Length, idSz);
- XMEMCPY(output + seqSz + idSz, algoName, algoSz);
- if (tagSz == 2)
- SetASNNull(&output[seqSz + idSz + algoSz]);
- }
- if (algoOID == DSAk)
- length = idSz + algoSz + tagSz;
- else
- length = seqSz + idSz + algoSz + tagSz;
- return length;
- #else
- DECL_ASNSETDATA(dataASN, algoIdASN_Length);
- int ret = 0;
- const byte* algoName = 0;
- word32 algoSz = 0;
- CALLOC_ASNSETDATA(dataASN, algoIdASN_Length, ret, NULL);
- algoName = OidFromId((word32)algoOID, (word32)type, &algoSz);
- if (algoName == NULL) {
- WOLFSSL_MSG("Unknown Algorithm");
- }
- else {
- int sz;
- int o = 0;
- /* Set the OID and OID type to encode. */
- SetASN_OID(&dataASN[ALGOIDASN_IDX_OID], (word32)algoOID, (word32)type);
- /* Hashes, signatures not ECC and keys not RSA output NULL tag. */
- if (!(type == oidHashType ||
- (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) ||
- (type == oidKeyType && algoOID == RSAk))) {
- /* Don't put out NULL DER item. */
- dataASN[ALGOIDASN_IDX_NULL].noOut = 1;
- }
- if (algoOID == DSAk) {
- /* Don't include SEQUENCE for DSA keys. */
- o = 1;
- }
- else if (curveSz > 0) {
- /* Don't put out NULL DER item. */
- dataASN[ALGOIDASN_IDX_NULL].noOut = 0;
- /* Include space for extra data of length curveSz.
- * Subtract 1 for sequence and 1 for length encoding. */
- SetASN_Buffer(&dataASN[ALGOIDASN_IDX_NULL], NULL,
- (word32)curveSz - 2);
- }
- /* Calculate size of encoding. */
- ret = SizeASN_Items(algoIdASN + o, dataASN + o,
- (int)algoIdASN_Length - (int)o, &sz);
- if (ret == 0 && output != NULL) {
- /* Encode into buffer. */
- SetASN_Items(algoIdASN + o, dataASN + o,
- (int)algoIdASN_Length - (int)o, output);
- if (curveSz > 0) {
- /* Return size excluding curve data. */
- sz = (int)(dataASN[o].offset -
- dataASN[ALGOIDASN_IDX_NULL].offset);
- }
- }
- if (ret == 0) {
- /* Return encoded size. */
- ret = sz;
- }
- else {
- /* Unsigned return type so 0 indicates error. */
- ret = 0;
- }
- }
- FREE_ASNSETDATA(dataASN, NULL);
- return (word32)ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Always encode PKCS#1 v1.5 RSA signature and compare to encoded data. */
- /* ASN.1 template for DigestInfo for a PKCS#1 v1.5 RSA signature.
- * PKCS#1 v2.2: RFC 8017, A.2.4 - DigestInfo
- */
- static const ASNItem digestInfoASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* digestAlgorithm */
- /* DIGALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* DIGALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* DIGALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 0 },
- /* digest */
- /* DIGEST */ { 1, ASN_OCTET_STRING, 0, 0, 0 }
- };
- enum {
- DIGESTINFOASN_IDX_SEQ = 0,
- DIGESTINFOASN_IDX_DIGALGO_SEQ,
- DIGESTINFOASN_IDX_DIGALGO_OID,
- DIGESTINFOASN_IDX_DIGALGO_NULL,
- DIGESTINFOASN_IDX_DIGEST
- };
- /* Number of items in ASN.1 template for DigestInfo for RSA. */
- #define digestInfoASN_Length (sizeof(digestInfoASN) / sizeof(ASNItem))
- #endif
- /* Encode signature.
- *
- * @param [out] out Buffer to hold encoding.
- * @param [in] digest Buffer holding digest.
- * @param [in] digSz Length of digest in bytes.
- * @return Encoded data size on success.
- * @return 0 when dynamic memory allocation fails.
- */
- word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
- int hashOID)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- byte digArray[MAX_ENCODED_DIG_SZ];
- byte algoArray[MAX_ALGO_SZ];
- byte seqArray[MAX_SEQ_SZ];
- word32 encDigSz, algoSz, seqSz;
- encDigSz = SetDigest(digest, digSz, digArray);
- algoSz = SetAlgoID(hashOID, algoArray, oidHashType, 0);
- seqSz = SetSequence(encDigSz + algoSz, seqArray);
- XMEMCPY(out, seqArray, seqSz);
- XMEMCPY(out + seqSz, algoArray, algoSz);
- XMEMCPY(out + seqSz + algoSz, digArray, encDigSz);
- return encDigSz + algoSz + seqSz;
- #else
- DECL_ASNSETDATA(dataASN, digestInfoASN_Length);
- int ret = 0;
- int sz;
- unsigned char dgst[WC_MAX_DIGEST_SIZE];
- CALLOC_ASNSETDATA(dataASN, digestInfoASN_Length, ret, NULL);
- if (ret == 0) {
- /* Set hash OID and type. */
- SetASN_OID(&dataASN[DIGESTINFOASN_IDX_DIGALGO_OID], (word32)hashOID,
- oidHashType);
- /* Set digest. */
- if (digest == out) {
- XMEMCPY(dgst, digest, digSz);
- digest = dgst;
- }
- SetASN_Buffer(&dataASN[DIGESTINFOASN_IDX_DIGEST], digest, digSz);
- /* Calculate size of encoding. */
- ret = SizeASN_Items(digestInfoASN, dataASN, digestInfoASN_Length, &sz);
- }
- if (ret == 0) {
- /* Encode PKCS#1 v1.5 RSA signature. */
- SetASN_Items(digestInfoASN, dataASN, digestInfoASN_Length, out);
- ret = sz;
- }
- else {
- /* Unsigned return type so 0 indicates error. */
- ret = 0;
- }
- FREE_ASNSETDATA(dataASN, NULL);
- return (word32)ret;
- #endif
- }
- #ifndef NO_CERTS
- int wc_GetCTC_HashOID(int type)
- {
- int ret;
- enum wc_HashType hType;
- hType = wc_HashTypeConvert(type);
- ret = wc_HashGetOID(hType);
- if (ret < 0) {
- ret = 0; /* backwards compatibility */
- }
- return ret;
- }
- /* Initialize a signature context object.
- *
- * Object used for signing and verifying a certificate signature.
- *
- * @param [in, out] sigCtx Signature context object.
- * @param [in] heap Dynamic memory hint.
- * @param [in] devId Hardware device identifier.
- */
- void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId)
- {
- if (sigCtx) {
- XMEMSET(sigCtx, 0, sizeof(SignatureCtx));
- sigCtx->devId = devId;
- sigCtx->heap = heap;
- }
- }
- /* Free dynamic data in a signature context object.
- *
- * @param [in, out] sigCtx Signature context object.
- */
- void FreeSignatureCtx(SignatureCtx* sigCtx)
- {
- if (sigCtx == NULL)
- return;
- if (sigCtx->digest) {
- XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
- sigCtx->digest = NULL;
- }
- #if !(defined(NO_RSA) && defined(NO_DSA))
- if (sigCtx->sigCpy) {
- XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
- sigCtx->sigCpy = NULL;
- }
- #endif
- #ifndef NO_ASN_CRYPT
- if (sigCtx->key.ptr) {
- switch (sigCtx->keyOID) {
- #ifndef NO_RSA
- #ifdef WC_RSA_PSS
- case RSAPSSk:
- #endif
- case RSAk:
- wc_FreeRsaKey(sigCtx->key.rsa);
- XFREE(sigCtx->key.rsa, sigCtx->heap, DYNAMIC_TYPE_RSA);
- sigCtx->key.rsa = NULL;
- break;
- #endif /* !NO_RSA */
- #ifndef NO_DSA
- case DSAk:
- wc_FreeDsaKey(sigCtx->key.dsa);
- XFREE(sigCtx->key.dsa, sigCtx->heap, DYNAMIC_TYPE_DSA);
- sigCtx->key.dsa = NULL;
- break;
- #endif
- #ifdef HAVE_ECC
- case ECDSAk:
- #ifdef WOLFSSL_SM2
- case SM2k:
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
- defined(WC_ASYNC_ENABLE_ECC)
- if (sigCtx->key.ecc->nb_ctx != NULL) {
- XFREE(sigCtx->key.ecc->nb_ctx, sigCtx->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
- WC_ASYNC_ENABLE_ECC */
- wc_ecc_free(sigCtx->key.ecc);
- XFREE(sigCtx->key.ecc, sigCtx->heap, DYNAMIC_TYPE_ECC);
- sigCtx->key.ecc = NULL;
- break;
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- case ED25519k:
- wc_ed25519_free(sigCtx->key.ed25519);
- XFREE(sigCtx->key.ed25519, sigCtx->heap, DYNAMIC_TYPE_ED25519);
- sigCtx->key.ed25519 = NULL;
- break;
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_ED448
- case ED448k:
- wc_ed448_free(sigCtx->key.ed448);
- XFREE(sigCtx->key.ed448, sigCtx->heap, DYNAMIC_TYPE_ED448);
- sigCtx->key.ed448 = NULL;
- break;
- #endif /* HAVE_ED448 */
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- case FALCON_LEVEL1k:
- case FALCON_LEVEL5k:
- wc_falcon_free(sigCtx->key.falcon);
- XFREE(sigCtx->key.falcon, sigCtx->heap,
- DYNAMIC_TYPE_FALCON);
- sigCtx->key.falcon = NULL;
- break;
- #endif /* HAVE_FALCON */
- #if defined(HAVE_DILITHIUM)
- case DILITHIUM_LEVEL2k:
- case DILITHIUM_LEVEL3k:
- case DILITHIUM_LEVEL5k:
- wc_dilithium_free(sigCtx->key.dilithium);
- XFREE(sigCtx->key.dilithium, sigCtx->heap,
- DYNAMIC_TYPE_DILITHIUM);
- sigCtx->key.dilithium = NULL;
- break;
- #endif /* HAVE_DILITHIUM */
- #if defined(HAVE_SPHINCS)
- case SPHINCS_FAST_LEVEL1k:
- case SPHINCS_FAST_LEVEL3k:
- case SPHINCS_FAST_LEVEL5k:
- case SPHINCS_SMALL_LEVEL1k:
- case SPHINCS_SMALL_LEVEL3k:
- case SPHINCS_SMALL_LEVEL5k:
- wc_sphincs_free(sigCtx->key.sphincs);
- XFREE(sigCtx->key.sphincs, sigCtx->heap,
- DYNAMIC_TYPE_SPHINCS);
- sigCtx->key.sphincs = NULL;
- break;
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- default:
- break;
- } /* switch (keyOID) */
- sigCtx->key.ptr = NULL;
- }
- #endif
- /* reset state, we are done */
- sigCtx->state = SIG_STATE_BEGIN;
- }
- #if !defined(NO_ASN_CRYPT) && !defined(NO_HASH_WRAPPER)
- static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
- byte* digest, int* typeH, int* digestSz, int verify)
- {
- int ret = 0;
- switch (sigOID) {
- #if defined(WOLFSSL_MD2)
- case CTC_MD2wRSA:
- if (!verify) {
- ret = HASH_TYPE_E;
- WOLFSSL_MSG("MD2 not supported for signing");
- }
- else if ((ret = wc_Md2Hash(buf, bufSz, digest)) == 0) {
- *typeH = MD2h;
- *digestSz = MD2_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef NO_MD5
- case CTC_MD5wRSA:
- if ((ret = wc_Md5Hash(buf, bufSz, digest)) == 0) {
- *typeH = MD5h;
- *digestSz = WC_MD5_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef NO_SHA
- case CTC_SHAwRSA:
- case CTC_SHAwDSA:
- case CTC_SHAwECDSA:
- if ((ret = wc_ShaHash(buf, bufSz, digest)) == 0) {
- *typeH = SHAh;
- *digestSz = WC_SHA_DIGEST_SIZE;
- }
- break;
- #endif
- #ifdef WOLFSSL_SHA224
- case CTC_SHA224wRSA:
- case CTC_SHA224wECDSA:
- if ((ret = wc_Sha224Hash(buf, bufSz, digest)) == 0) {
- *typeH = SHA224h;
- *digestSz = WC_SHA224_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef NO_SHA256
- case CTC_SHA256wRSA:
- case CTC_SHA256wECDSA:
- case CTC_SHA256wDSA:
- if ((ret = wc_Sha256Hash(buf, bufSz, digest)) == 0) {
- *typeH = SHA256h;
- *digestSz = WC_SHA256_DIGEST_SIZE;
- }
- break;
- #endif
- #ifdef WOLFSSL_SHA384
- case CTC_SHA384wRSA:
- case CTC_SHA384wECDSA:
- if ((ret = wc_Sha384Hash(buf, bufSz, digest)) == 0) {
- *typeH = SHA384h;
- *digestSz = WC_SHA384_DIGEST_SIZE;
- }
- break;
- #endif
- #ifdef WOLFSSL_SHA512
- case CTC_SHA512wRSA:
- case CTC_SHA512wECDSA:
- if ((ret = wc_Sha512Hash(buf, bufSz, digest)) == 0) {
- *typeH = SHA512h;
- *digestSz = WC_SHA512_DIGEST_SIZE;
- }
- break;
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- case CTC_SHA3_224wRSA:
- case CTC_SHA3_224wECDSA:
- if ((ret = wc_Sha3_224Hash(buf, bufSz, digest)) == 0) {
- *typeH = SHA3_224h;
- *digestSz = WC_SHA3_224_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- case CTC_SHA3_256wRSA:
- case CTC_SHA3_256wECDSA:
- if ((ret = wc_Sha3_256Hash(buf, bufSz, digest)) == 0) {
- *typeH = SHA3_256h;
- *digestSz = WC_SHA3_256_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- case CTC_SHA3_384wRSA:
- case CTC_SHA3_384wECDSA:
- if ((ret = wc_Sha3_384Hash(buf, bufSz, digest)) == 0) {
- *typeH = SHA3_384h;
- *digestSz = WC_SHA3_384_DIGEST_SIZE;
- }
- break;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- case CTC_SHA3_512wRSA:
- case CTC_SHA3_512wECDSA:
- if ((ret = wc_Sha3_512Hash(buf, bufSz, digest)) == 0) {
- *typeH = SHA3_512h;
- *digestSz = WC_SHA3_512_DIGEST_SIZE;
- }
- break;
- #endif
- #endif
- #if defined(WOLFSSL_SM2) & defined(WOLFSSL_SM3)
- case CTC_SM3wSM2:
- if ((ret = wc_Sm3Hash(buf, bufSz, digest)) == 0) {
- *typeH = SM3h;
- *digestSz = WC_SM3_DIGEST_SIZE;
- }
- break;
- #endif
- #ifdef HAVE_ED25519
- case CTC_ED25519:
- /* Hashes done in signing operation.
- * Two dependent hashes with prefixes performed.
- */
- break;
- #endif
- #ifdef HAVE_ED448
- case CTC_ED448:
- /* Hashes done in signing operation.
- * Two dependent hashes with prefixes performed.
- */
- break;
- #endif
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- case CTC_FALCON_LEVEL1:
- case CTC_FALCON_LEVEL5:
- /* Hashes done in signing operation. */
- break;
- #endif
- #ifdef HAVE_DILITHIUM
- case CTC_DILITHIUM_LEVEL2:
- case CTC_DILITHIUM_LEVEL3:
- case CTC_DILITHIUM_LEVEL5:
- /* Hashes done in signing operation. */
- break;
- #endif
- #ifdef HAVE_SPHINCS
- case CTC_SPHINCS_FAST_LEVEL1:
- case CTC_SPHINCS_FAST_LEVEL3:
- case CTC_SPHINCS_FAST_LEVEL5:
- case CTC_SPHINCS_SMALL_LEVEL1:
- case CTC_SPHINCS_SMALL_LEVEL3:
- case CTC_SPHINCS_SMALL_LEVEL5:
- /* Hashes done in signing operation. */
- break;
- #endif
- #endif /* HAVE_PQC */
- default:
- ret = HASH_TYPE_E;
- WOLFSSL_MSG("Hash for Signature has unsupported type");
- }
- (void)buf;
- (void)bufSz;
- (void)sigOID;
- (void)digest;
- (void)digestSz;
- (void)typeH;
- (void)verify;
- return ret;
- }
- #endif /* !NO_ASN_CRYPT && !NO_HASH_WRAPPER */
- /* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */
- static int ConfirmSignature(SignatureCtx* sigCtx,
- const byte* buf, word32 bufSz,
- const byte* key, word32 keySz, word32 keyOID,
- const byte* sig, word32 sigSz, word32 sigOID,
- const byte* sigParams, word32 sigParamsSz,
- byte* rsaKeyIdx)
- {
- int ret = 0;
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
- CertAttribute* certatt = NULL;
- #endif
- if (sigCtx == NULL || buf == NULL || bufSz == 0 || key == NULL ||
- keySz == 0 || sig == NULL || sigSz == 0) {
- return BAD_FUNC_ARG;
- }
- (void)key;
- (void)keySz;
- (void)sig;
- (void)sigSz;
- (void)sigParams;
- (void)sigParamsSz;
- WOLFSSL_ENTER("ConfirmSignature");
- #if !defined(WOLFSSL_RENESAS_TSIP_TLS) && !defined(WOLFSSL_RENESAS_FSPSM_TLS)
- (void)rsaKeyIdx;
- #else
- #if !defined(NO_RSA) || defined(HAVE_ECC)
- certatt = (CertAttribute*)&sigCtx->CertAtt;
- #endif
- if (certatt) {
- certatt->keyIndex = rsaKeyIdx;
- certatt->cert = buf;
- certatt->certSz = bufSz;
- }
- #endif
- #ifndef NO_ASN_CRYPT
- switch (sigCtx->state) {
- case SIG_STATE_BEGIN:
- {
- sigCtx->keyOID = keyOID; /* must set early for cleanup */
- sigCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, sigCtx->heap,
- DYNAMIC_TYPE_DIGEST);
- if (sigCtx->digest == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- #if !defined(NO_RSA) && defined(WC_RSA_PSS)
- /* RSA PSS Defaults */
- sigCtx->hash = WC_HASH_TYPE_SHA;
- sigCtx->mgf = WC_MGF1SHA1;
- sigCtx->saltLen = 20;
- #endif
- sigCtx->state = SIG_STATE_HASH;
- } /* SIG_STATE_BEGIN */
- FALL_THROUGH;
- case SIG_STATE_HASH:
- {
- #if !defined(NO_RSA) && defined(WC_RSA_PSS)
- if (sigOID == RSAPSSk) {
- word32 fakeSigOID = 0;
- ret = DecodeRsaPssParams(sigParams, sigParamsSz, &sigCtx->hash,
- &sigCtx->mgf, &sigCtx->saltLen);
- if (ret != 0) {
- goto exit_cs;
- }
- ret = RsaPssHashOidToSigOid(sigCtx->hash, &fakeSigOID);
- if (ret != 0) {
- goto exit_cs;
- }
- /* Decode parameters. */
- ret = HashForSignature(buf, bufSz, fakeSigOID, sigCtx->digest,
- &sigCtx->typeH, &sigCtx->digestSz, 1);
- if (ret != 0) {
- goto exit_cs;
- }
- }
- else
- #endif
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- if (sigOID == CTC_SM3wSM2) {
- ; /* SM2 hash requires public key. Done later. */
- }
- else
- #endif
- {
- ret = HashForSignature(buf, bufSz, sigOID, sigCtx->digest,
- &sigCtx->typeH, &sigCtx->digestSz, 1);
- if (ret != 0) {
- goto exit_cs;
- }
- }
- sigCtx->state = SIG_STATE_KEY;
- } /* SIG_STATE_HASH */
- FALL_THROUGH;
- case SIG_STATE_KEY:
- {
- switch (keyOID) {
- #ifndef NO_RSA
- #ifdef WC_RSA_PSS
- case RSAPSSk:
- #endif
- case RSAk:
- {
- word32 idx = 0;
- sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey),
- sigCtx->heap, DYNAMIC_TYPE_RSA);
- if (sigCtx->key.rsa == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_InitRsaKey_ex(sigCtx->key.rsa, sigCtx->heap,
- sigCtx->devId)) != 0) {
- goto exit_cs;
- }
- sigCtx->sigCpy = (byte*)XMALLOC(sigSz, sigCtx->heap,
- DYNAMIC_TYPE_SIGNATURE);
- if (sigCtx->sigCpy == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if (sigSz > MAX_ENCODED_SIG_SZ) {
- WOLFSSL_MSG("Verify Signature is too big");
- ERROR_OUT(BUFFER_E, exit_cs);
- }
- if ((ret = wc_RsaPublicKeyDecode(key, &idx, sigCtx->key.rsa,
- keySz)) != 0) {
- WOLFSSL_MSG("ASN Key decode error RSA");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- XMEMCPY(sigCtx->sigCpy, sig, sigSz);
- sigCtx->out = NULL;
- #ifdef WOLFSSL_ASYNC_CRYPT
- sigCtx->asyncDev = &sigCtx->key.rsa->asyncDev;
- #endif
- break;
- }
- #endif /* !NO_RSA */
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
- case DSAk:
- {
- word32 idx = 0;
- if (sigSz < DSA_MIN_SIG_SIZE) {
- WOLFSSL_MSG("Verify Signature is too small");
- ERROR_OUT(BUFFER_E, exit_cs);
- }
- sigCtx->key.dsa = (DsaKey*)XMALLOC(sizeof(DsaKey),
- sigCtx->heap, DYNAMIC_TYPE_DSA);
- if (sigCtx->key.dsa == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_InitDsaKey_h(sigCtx->key.dsa, sigCtx->heap)) != 0) {
- WOLFSSL_MSG("wc_InitDsaKey_h error");
- goto exit_cs;
- }
- sigCtx->sigCpy = (byte*)XMALLOC(sigSz,
- sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
- if (sigCtx->sigCpy == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_DsaPublicKeyDecode(key, &idx, sigCtx->key.dsa,
- keySz)) != 0) {
- WOLFSSL_MSG("ASN Key decode error DSA");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- if (sigSz != DSA_160_SIG_SIZE &&
- sigSz != DSA_256_SIG_SIZE) {
- /* Try to parse it as the contents of a bitstring */
- #ifdef WOLFSSL_SMALL_STACK
- mp_int* r;
- mp_int* s;
- #else
- mp_int r[1];
- mp_int s[1];
- #endif
- int rSz;
- int sSz;
- #ifdef WOLFSSL_SMALL_STACK
- r = (mp_int*)XMALLOC(sizeof(*r), sigCtx->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (r == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- s = (mp_int*)XMALLOC(sizeof(*s), sigCtx->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (s == NULL) {
- XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- #endif
- if ((ret = mp_init_multi(r, s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
- goto exit_cs;
- }
- idx = 0;
- if (DecodeECC_DSA_Sig(sig + idx, sigSz - idx, r, s)
- != 0) {
- WOLFSSL_MSG("DSA Sig is in unrecognized or "
- "incorrect format");
- mp_free(r);
- mp_free(s);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs);
- }
- rSz = mp_unsigned_bin_size(r);
- sSz = mp_unsigned_bin_size(s);
- if (rSz + sSz > (int)sigSz) {
- WOLFSSL_MSG("DSA Sig is in unrecognized or "
- "incorrect format");
- mp_free(r);
- mp_free(s);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs);
- }
- if (mp_to_unsigned_bin(r, sigCtx->sigCpy) != MP_OKAY ||
- mp_to_unsigned_bin(s,
- sigCtx->sigCpy + rSz) != MP_OKAY) {
- WOLFSSL_MSG("DSA Sig is in unrecognized or "
- "incorrect format");
- mp_free(r);
- mp_free(s);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs);
- }
- mp_free(r);
- mp_free(s);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- else {
- XMEMCPY(sigCtx->sigCpy, sig, sigSz);
- }
- break;
- }
- #endif /* !NO_DSA && !HAVE_SELFTEST */
- #ifdef HAVE_ECC
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- case SM2k:
- #endif
- case ECDSAk:
- {
- word32 idx = 0;
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
- defined(WC_ASYNC_ENABLE_ECC)
- ecc_nb_ctx_t* nbCtx;
- #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
- WC_ASYNC_ENABLE_ECC */
- sigCtx->verify = 0;
- sigCtx->key.ecc = (ecc_key*)XMALLOC(sizeof(ecc_key),
- sigCtx->heap, DYNAMIC_TYPE_ECC);
- if (sigCtx->key.ecc == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_ecc_init_ex(sigCtx->key.ecc, sigCtx->heap,
- sigCtx->devId)) < 0) {
- goto exit_cs;
- }
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
- defined(WC_ASYNC_ENABLE_ECC)
- nbCtx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t),
- sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (nbCtx == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- else {
- ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nbCtx);
- if (ret != 0) {
- goto exit_cs;
- }
- }
- #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
- WC_ASYNC_ENABLE_ECC */
- ret = wc_EccPublicKeyDecode(key, &idx, sigCtx->key.ecc,
- keySz);
- if (ret < 0) {
- WOLFSSL_MSG("ASN Key import error ECC");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- #ifdef WOLFSSL_ASYNC_CRYPT
- sigCtx->asyncDev = &sigCtx->key.ecc->asyncDev;
- #endif
- break;
- }
- #endif /* HAVE_ECC */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
- case ED25519k:
- {
- sigCtx->verify = 0;
- sigCtx->key.ed25519 = (ed25519_key*)XMALLOC(
- sizeof(ed25519_key), sigCtx->heap,
- DYNAMIC_TYPE_ED25519);
- if (sigCtx->key.ed25519 == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_ed25519_init_ex(sigCtx->key.ed25519,
- sigCtx->heap, sigCtx->devId)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_ed25519_import_public(key, keySz,
- sigCtx->key.ed25519)) < 0) {
- WOLFSSL_MSG("ASN Key import error ED25519");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- #ifdef WOLFSSL_ASYNC_CRYPT
- sigCtx->asyncDev = &sigCtx->key.ed25519->asyncDev;
- #endif
- break;
- }
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
- case ED448k:
- {
- sigCtx->verify = 0;
- sigCtx->key.ed448 = (ed448_key*)XMALLOC(
- sizeof(ed448_key), sigCtx->heap,
- DYNAMIC_TYPE_ED448);
- if (sigCtx->key.ed448 == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_ed448_init(sigCtx->key.ed448)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_ed448_import_public(key, keySz,
- sigCtx->key.ed448)) < 0) {
- WOLFSSL_MSG("ASN Key import error ED448");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- #ifdef WOLFSSL_ASYNC_CRYPT
- sigCtx->asyncDev = &sigCtx->key.ed448->asyncDev;
- #endif
- break;
- }
- #endif
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- case FALCON_LEVEL1k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.falcon =
- (falcon_key*)XMALLOC(sizeof(falcon_key),
- sigCtx->heap,
- DYNAMIC_TYPE_FALCON);
- if (sigCtx->key.falcon == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
- sigCtx->heap, sigCtx->devId)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_falcon_set_level(sigCtx->key.falcon, 1))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Falcon_PublicKeyDecode(key, &idx,
- sigCtx->key.falcon, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import error Falcon Level 1");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- break;
- }
- case FALCON_LEVEL5k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.falcon =
- (falcon_key*)XMALLOC(sizeof(falcon_key),
- sigCtx->heap,
- DYNAMIC_TYPE_FALCON);
- if (sigCtx->key.falcon == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
- sigCtx->heap, sigCtx->devId)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_falcon_set_level(sigCtx->key.falcon, 5))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Falcon_PublicKeyDecode(key, &idx,
- sigCtx->key.falcon, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import error Falcon Level 5");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- break;
- }
- #endif /* HAVE_FALCON */
- #if defined(HAVE_DILITHIUM)
- case DILITHIUM_LEVEL2k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.dilithium =
- (dilithium_key*)XMALLOC(sizeof(dilithium_key),
- sigCtx->heap,
- DYNAMIC_TYPE_DILITHIUM);
- if (sigCtx->key.dilithium == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
- sigCtx->heap, sigCtx->devId)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_dilithium_set_level(
- sigCtx->key.dilithium, 2))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
- sigCtx->key.dilithium, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import error Dilithium Level 2");
- goto exit_cs;
- }
- break;
- }
- case DILITHIUM_LEVEL3k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.dilithium =
- (dilithium_key*)XMALLOC(sizeof(dilithium_key),
- sigCtx->heap,
- DYNAMIC_TYPE_DILITHIUM);
- if (sigCtx->key.dilithium == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
- sigCtx->heap, sigCtx->devId)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_dilithium_set_level(
- sigCtx->key.dilithium, 3))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
- sigCtx->key.dilithium, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import error Dilithium Level 3");
- goto exit_cs;
- }
- break;
- }
- case DILITHIUM_LEVEL5k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.dilithium =
- (dilithium_key*)XMALLOC(sizeof(dilithium_key),
- sigCtx->heap,
- DYNAMIC_TYPE_DILITHIUM);
- if (sigCtx->key.dilithium == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
- sigCtx->heap, sigCtx->devId)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_dilithium_set_level(
- sigCtx->key.dilithium, 5))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
- sigCtx->key.dilithium, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
- goto exit_cs;
- }
- break;
- }
- #endif /* HAVE_DILITHIUM */
- #if defined(HAVE_SPHINCS)
- case SPHINCS_FAST_LEVEL1k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.sphincs =
- (sphincs_key*)XMALLOC(sizeof(sphincs_key),
- sigCtx->heap,
- DYNAMIC_TYPE_SPHINCS);
- if (sigCtx->key.sphincs == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_sphincs_set_level_and_optim(
- sigCtx->key.sphincs, 1, FAST_VARIANT))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
- sigCtx->key.sphincs, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level1");
- goto exit_cs;
- }
- break;
- }
- case SPHINCS_FAST_LEVEL3k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.sphincs =
- (sphincs_key*)XMALLOC(sizeof(sphincs_key),
- sigCtx->heap,
- DYNAMIC_TYPE_SPHINCS);
- if (sigCtx->key.sphincs == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_sphincs_set_level_and_optim(
- sigCtx->key.sphincs, 3, FAST_VARIANT))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
- sigCtx->key.sphincs, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level3");
- goto exit_cs;
- }
- break;
- }
- case SPHINCS_FAST_LEVEL5k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.sphincs =
- (sphincs_key*)XMALLOC(sizeof(sphincs_key),
- sigCtx->heap,
- DYNAMIC_TYPE_SPHINCS);
- if (sigCtx->key.sphincs == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_sphincs_set_level_and_optim(
- sigCtx->key.sphincs, 5, FAST_VARIANT))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
- sigCtx->key.sphincs, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level5");
- goto exit_cs;
- }
- break;
- }
- case SPHINCS_SMALL_LEVEL1k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.sphincs =
- (sphincs_key*)XMALLOC(sizeof(sphincs_key),
- sigCtx->heap,
- DYNAMIC_TYPE_SPHINCS);
- if (sigCtx->key.sphincs == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_sphincs_set_level_and_optim(
- sigCtx->key.sphincs, 1, SMALL_VARIANT))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
- sigCtx->key.sphincs, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level1");
- goto exit_cs;
- }
- break;
- }
- case SPHINCS_SMALL_LEVEL3k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.sphincs =
- (sphincs_key*)XMALLOC(sizeof(sphincs_key),
- sigCtx->heap,
- DYNAMIC_TYPE_SPHINCS);
- if (sigCtx->key.sphincs == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_sphincs_set_level_and_optim(
- sigCtx->key.sphincs, 3, SMALL_VARIANT))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
- sigCtx->key.sphincs, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level3");
- goto exit_cs;
- }
- break;
- }
- case SPHINCS_SMALL_LEVEL5k:
- {
- word32 idx = 0;
- sigCtx->verify = 0;
- sigCtx->key.sphincs =
- (sphincs_key*)XMALLOC(sizeof(sphincs_key),
- sigCtx->heap,
- DYNAMIC_TYPE_SPHINCS);
- if (sigCtx->key.sphincs == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
- goto exit_cs;
- }
- if ((ret = wc_sphincs_set_level_and_optim(
- sigCtx->key.sphincs, 5, SMALL_VARIANT))
- < 0) {
- goto exit_cs;
- }
- if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
- sigCtx->key.sphincs, keySz)) < 0) {
- WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level5");
- goto exit_cs;
- }
- break;
- }
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- default:
- WOLFSSL_MSG("Verify Key type unknown");
- ret = ASN_UNKNOWN_OID_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- break;
- } /* switch (keyOID) */
- if (ret != 0) {
- goto exit_cs;
- }
- sigCtx->state = SIG_STATE_DO;
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (sigCtx->devId != INVALID_DEVID && sigCtx->asyncDev && sigCtx->asyncCtx) {
- /* make sure event is initialized */
- WOLF_EVENT* event = &sigCtx->asyncDev->event;
- ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL,
- sigCtx->asyncCtx, WC_ASYNC_FLAG_CALL_AGAIN);
- }
- #endif
- } /* SIG_STATE_KEY */
- FALL_THROUGH;
- case SIG_STATE_DO:
- {
- switch (keyOID) {
- #ifndef NO_RSA
- case RSAk:
- #ifdef WC_RSA_PSS
- case RSAPSSk:
- if (sigOID == RSAPSSk) {
- /* TODO: pkCbRsaPss - RSA PSS callback. */
- ret = wc_RsaPSS_VerifyInline_ex(sigCtx->sigCpy, sigSz,
- &sigCtx->out, sigCtx->hash, sigCtx->mgf,
- sigCtx->saltLen, sigCtx->key.rsa);
- }
- else
- #endif
- {
- #if defined(HAVE_PK_CALLBACKS)
- if (sigCtx->pkCbRsa) {
- ret = sigCtx->pkCbRsa(
- sigCtx->sigCpy, sigSz, &sigCtx->out,
- key, keySz,
- sigCtx->pkCtxRsa);
- }
- #if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
- !defined(WOLFSSL_RENESAS_TSIP_TLS)
- else
- #else
- if (!sigCtx->pkCbRsa || ret == CRYPTOCB_UNAVAILABLE)
- #endif /* WOLFSSL_RENESAS_FSPSM_TLS */
- #endif /* HAVE_PK_CALLBACKS */
- {
- ret = wc_RsaSSL_VerifyInline(sigCtx->sigCpy, sigSz,
- &sigCtx->out, sigCtx->key.rsa);
- }
- }
- break;
- #endif /* !NO_RSA */
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
- case DSAk:
- {
- ret = wc_DsaVerify(sigCtx->digest, sigCtx->sigCpy,
- sigCtx->key.dsa, &sigCtx->verify);
- break;
- }
- #endif /* !NO_DSA && !HAVE_SELFTEST */
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- case SM2k:
- {
- /* OpenSSL creates signature without CERT_SIG_ID. */
- ret = wc_ecc_sm2_create_digest(CERT_SIG_ID, 0, buf, bufSz,
- WC_HASH_TYPE_SM3, sigCtx->digest, WC_SM3_DIGEST_SIZE,
- sigCtx->key.ecc);
- if (ret == 0) {
- sigCtx->typeH = SM3h;
- sigCtx->digestSz = WC_SM3_DIGEST_SIZE;
- }
- else {
- WOLFSSL_MSG("SM2wSM3 create digest failed");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- ret = wc_ecc_sm2_verify_hash(sig, sigSz, sigCtx->digest,
- sigCtx->digestSz, &sigCtx->verify, sigCtx->key.ecc);
- break;
- }
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY)
- case ECDSAk:
- {
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- if (sigOID == CTC_SM3wSM2) {
- ret = wc_ecc_sm2_create_digest(CERT_SIG_ID,
- CERT_SIG_ID_SZ, buf, bufSz, WC_HASH_TYPE_SM3,
- sigCtx->digest, WC_SM3_DIGEST_SIZE,
- sigCtx->key.ecc);
- if (ret == 0) {
- sigCtx->typeH = SM3h;
- sigCtx->digestSz = WC_SM3_DIGEST_SIZE;
- }
- else {
- WOLFSSL_MSG("SM2wSM3 create digest failed");
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- ret = wc_ecc_sm2_verify_hash(sig, sigSz, sigCtx->digest,
- sigCtx->digestSz, &sigCtx->verify, sigCtx->key.ecc);
- }
- else
- #endif
- #if defined(HAVE_PK_CALLBACKS)
- if (sigCtx->pkCbEcc) {
- ret = sigCtx->pkCbEcc(
- sig, sigSz,
- sigCtx->digest, (unsigned int)sigCtx->digestSz,
- key, keySz, &sigCtx->verify,
- sigCtx->pkCtxEcc);
- }
- #if !defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
- !defined(WOLFSSL_RENESAS_TSIP_TLS)
- else
- #else
- if (!sigCtx->pkCbEcc || ret == CRYPTOCB_UNAVAILABLE)
- #endif /* WOLFSSL_RENESAS_FSPSM_TLS */
- #endif /* HAVE_PK_CALLBACKS */
- {
- ret = wc_ecc_verify_hash(sig, sigSz, sigCtx->digest,
- (word32)sigCtx->digestSz, &sigCtx->verify,
- sigCtx->key.ecc);
- }
- break;
- }
- #endif /* HAVE_ECC */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_VERIFY)
- case ED25519k:
- {
- ret = wc_ed25519_verify_msg(sig, sigSz, buf, bufSz,
- &sigCtx->verify, sigCtx->key.ed25519);
- break;
- }
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_VERIFY)
- case ED448k:
- {
- ret = wc_ed448_verify_msg(sig, sigSz, buf, bufSz,
- &sigCtx->verify, sigCtx->key.ed448,
- NULL, 0);
- break;
- }
- #endif
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- case FALCON_LEVEL1k:
- case FALCON_LEVEL5k:
- {
- ret = wc_falcon_verify_msg(sig, sigSz, buf, bufSz,
- &sigCtx->verify,
- sigCtx->key.falcon);
- break;
- }
- #endif /* HAVE_FALCON */
- #if defined(HAVE_DILITHIUM)
- case DILITHIUM_LEVEL2k:
- case DILITHIUM_LEVEL3k:
- case DILITHIUM_LEVEL5k:
- {
- ret = wc_dilithium_verify_msg(sig, sigSz, buf, bufSz,
- &sigCtx->verify,
- sigCtx->key.dilithium);
- break;
- }
- #endif /* HAVE_DILITHIUM */
- #if defined(HAVE_SPHINCS)
- case SPHINCS_FAST_LEVEL1k:
- case SPHINCS_FAST_LEVEL3k:
- case SPHINCS_FAST_LEVEL5k:
- case SPHINCS_SMALL_LEVEL1k:
- case SPHINCS_SMALL_LEVEL3k:
- case SPHINCS_SMALL_LEVEL5k:
- {
- ret = wc_sphincs_verify_msg(sig, sigSz, buf, bufSz,
- &sigCtx->verify,
- sigCtx->key.sphincs);
- break;
- }
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- default:
- break;
- } /* switch (keyOID) */
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (ret == WC_PENDING_E) {
- goto exit_cs;
- }
- #endif
- if (ret < 0) {
- /* treat all errors as ASN_SIG_CONFIRM_E */
- ret = ASN_SIG_CONFIRM_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- goto exit_cs;
- }
- sigCtx->state = SIG_STATE_CHECK;
- } /* SIG_STATE_DO */
- FALL_THROUGH;
- case SIG_STATE_CHECK:
- {
- switch (keyOID) {
- #ifndef NO_RSA
- case RSAk:
- #ifdef WC_RSA_PSS
- case RSAPSSk:
- if (sigOID == RSAPSSk) {
- #if (defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || \
- (HAVE_SELFTEST_VERSION < 2))) || \
- (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(sigCtx->digest,
- sigCtx->digestSz, sigCtx->out, ret, sigCtx->hash,
- sigCtx->saltLen);
- #elif (defined(HAVE_SELFTEST) && \
- (HAVE_SELFTEST_VERSION == 2)) || \
- (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION == 2))
- ret = wc_RsaPSS_CheckPadding_ex(sigCtx->digest,
- sigCtx->digestSz, sigCtx->out, ret, sigCtx->hash,
- sigCtx->saltLen, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(sigCtx->digest,
- (word32)sigCtx->digestSz, sigCtx->out, (word32)ret, sigCtx->hash,
- sigCtx->saltLen, wc_RsaEncryptSize(sigCtx->key.rsa) * 8,
- sigCtx->heap);
- #endif
- break;
- }
- else
- #endif
- {
- int encodedSigSz, verifySz;
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
- defined(WOLFSSL_RENESAS_FSPSM_TLS)
- if (sigCtx->CertAtt.verifyByTSIP_SCE == 1) break;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
- sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL) {
- ERROR_OUT(MEMORY_E, exit_cs);
- }
- #else
- byte encodedSig[MAX_ENCODED_SIG_SZ];
- #endif
- verifySz = ret;
- /* make sure we're right justified */
- encodedSigSz = (int)wc_EncodeSignature(encodedSig,
- sigCtx->digest, (word32)sigCtx->digestSz,
- sigCtx->typeH);
- if (encodedSigSz == verifySz && sigCtx->out != NULL &&
- XMEMCMP(sigCtx->out, encodedSig,
- (size_t)encodedSigSz) == 0) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("RSA SSL verify match encode error");
- ret = ASN_SIG_CONFIRM_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encodedSig, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- break;
- }
- #endif /* NO_RSA */
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
- case DSAk:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("DSA Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- break;
- }
- #endif /* !NO_DSA && !HAVE_SELFTEST */
- #ifdef HAVE_ECC
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- case SM2k:
- #endif
- case ECDSAk:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("ECC Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- break;
- }
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- case ED25519k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("ED25519 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- break;
- }
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_ED448
- case ED448k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("ED448 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- break;
- }
- #endif /* HAVE_ED448 */
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- case FALCON_LEVEL1k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("FALCON_LEVEL1 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- break;
- }
- case FALCON_LEVEL5k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("FALCON_LEVEL5 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- break;
- }
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- case DILITHIUM_LEVEL2k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("DILITHIUM_LEVEL2 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- case DILITHIUM_LEVEL3k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("DILITHIUM_LEVEL3 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- case DILITHIUM_LEVEL5k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("DILITHIUM_LEVEL5 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- case SPHINCS_FAST_LEVEL1k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("SPHINCS_FAST_LEVEL1 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- case SPHINCS_FAST_LEVEL3k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("SPHINCS_FAST_LEVEL3 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- case SPHINCS_FAST_LEVEL5k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("SPHINCS_FAST_LEVEL5 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- case SPHINCS_SMALL_LEVEL1k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("SPHINCS_SMALL_LEVEL1 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- case SPHINCS_SMALL_LEVEL3k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("SPHINCS_SMALL_LEVEL3 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- case SPHINCS_SMALL_LEVEL5k:
- {
- if (sigCtx->verify == 1) {
- ret = 0;
- }
- else {
- WOLFSSL_MSG("SPHINCS_SMALL_LEVEL5 Verify didn't match");
- ret = ASN_SIG_CONFIRM_E;
- }
- break;
- }
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- default:
- break;
- } /* switch (keyOID) */
- break;
- } /* SIG_STATE_CHECK */
- default:
- break;
- } /* switch (sigCtx->state) */
- exit_cs:
- #endif /* !NO_ASN_CRYPT */
- (void)keyOID;
- (void)sigOID;
- WOLFSSL_LEAVE("ConfirmSignature", ret);
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (ret == WC_PENDING_E)
- return ret;
- #endif
- FreeSignatureCtx(sigCtx);
- return ret;
- }
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- int wc_ConfirmAltSignature(
- const byte* buf, word32 bufSz,
- const byte* key, word32 keySz, word32 keyOID,
- const byte* sig, word32 sigSz, word32 sigOID,
- void *heap)
- {
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- SignatureCtx* sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap,
- DYNAMIC_TYPE_SIGNATURE);
- if (sigCtx == NULL) {
- ret = MEMORY_E;
- }
- #else
- SignatureCtx sigCtx[1];
- (void)heap;
- #endif
- if (ret == 0) {
- InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
- ret = ConfirmSignature(sigCtx, buf, bufSz, key, keySz,
- keyOID, sig, sigSz, sigOID, NULL, 0, NULL);
- FreeSignatureCtx(sigCtx);
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (sigCtx != NULL)
- XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- #ifndef IGNORE_NAME_CONSTRAINTS
- static int MatchBaseName(int type, const char* name, int nameSz,
- const char* base, int baseSz)
- {
- if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 ||
- name[0] == '.' || nameSz < baseSz ||
- (type != ASN_RFC822_TYPE && type != ASN_DNS_TYPE &&
- type != ASN_DIR_TYPE)) {
- return 0;
- }
- if (type == ASN_DIR_TYPE)
- return XMEMCMP(name, base, (size_t)baseSz) == 0;
- /* If an email type, handle special cases where the base is only
- * a domain, or is an email address itself. */
- if (type == ASN_RFC822_TYPE) {
- const char* p = NULL;
- int count = 0;
- if (base[0] != '.') {
- p = base;
- count = 0;
- /* find the '@' in the base */
- while (*p != '@' && count < baseSz) {
- count++;
- p++;
- }
- /* No '@' in base, reset p to NULL */
- if (count >= baseSz)
- p = NULL;
- }
- if (p == NULL) {
- /* Base isn't an email address, it is a domain name,
- * wind the name forward one character past its '@'. */
- p = name;
- count = 0;
- while (*p != '@' && count < baseSz) {
- count++;
- p++;
- }
- if (count < baseSz && *p == '@') {
- name = p + 1;
- nameSz -= count + 1;
- }
- }
- }
- /* RFC 5280 section 4.2.1.10
- * "...Any DNS name that can be constructed by simply adding zero or more
- * labels to the left-hand side of the name satisfies the name constraint."
- * i.e www.host.example.com works for host.example.com name constraint and
- * host1.example.com does not. */
- if (type == ASN_DNS_TYPE || (type == ASN_RFC822_TYPE && base[0] == '.')) {
- int szAdjust = nameSz - baseSz;
- name += szAdjust;
- nameSz -= szAdjust;
- }
- while (nameSz > 0) {
- if (XTOLOWER((unsigned char)*name) !=
- XTOLOWER((unsigned char)*base))
- return 0;
- name++;
- base++;
- nameSz--;
- }
- return 1;
- }
- /* Search through the list to find if the name is permitted.
- * name The DNS name to search for
- * dnsList The list to search through
- * nameType Type of DNS name to currently searching
- * return 1 if found in list or if not needed
- * return 0 if not found in the list but is needed
- */
- static int PermittedListOk(DNS_entry* name, Base_entry* dnsList, byte nameType)
- {
- Base_entry* current = dnsList;
- int match = 0;
- int need = 0;
- int ret = 1; /* is ok unless needed and no match found */
- while (current != NULL) {
- if (current->type == nameType) {
- need = 1; /* restriction on permitted names is set for this type */
- if (name->len >= current->nameSz &&
- MatchBaseName(nameType, name->name, name->len,
- current->name, current->nameSz)) {
- match = 1; /* found the current name in the permitted list*/
- break;
- }
- }
- current = current->next;
- }
- /* check if permitted name restriction was set and no matching name found */
- if (need && !match)
- ret = 0;
- return ret;
- }
- /* Search through the list to find if the name is excluded.
- * name The DNS name to search for
- * dnsList The list to search through
- * nameType Type of DNS name to currently searching
- * return 1 if found in list and 0 if not found in the list
- */
- static int IsInExcludedList(DNS_entry* name, Base_entry* dnsList, byte nameType)
- {
- int ret = 0; /* default of not found in the list */
- Base_entry* current = dnsList;
- while (current != NULL) {
- if (current->type == nameType) {
- if (name->len >= current->nameSz &&
- MatchBaseName(nameType, name->name, name->len,
- current->name, current->nameSz)) {
- ret = 1;
- break;
- }
- }
- current = current->next;
- }
- return ret;
- }
- static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
- {
- const byte nameTypes[] = {ASN_RFC822_TYPE, ASN_DNS_TYPE, ASN_DIR_TYPE};
- int i;
- if (signer == NULL || cert == NULL)
- return 0;
- if (signer->excludedNames == NULL && signer->permittedNames == NULL)
- return 1;
- for (i=0; i < (int)sizeof(nameTypes); i++) {
- byte nameType = nameTypes[i];
- DNS_entry* name = NULL;
- DNS_entry subjectDnsName; /* temporary node used for subject name */
- XMEMSET(&subjectDnsName, 0, sizeof(DNS_entry));
- switch (nameType) {
- case ASN_DNS_TYPE:
- /* Should it also consider CN in subject? It could use
- * subjectDnsName too */
- name = cert->altNames;
- break;
- case ASN_RFC822_TYPE:
- /* Shouldn't it validate E= in subject as well? */
- name = cert->altEmailNames;
- /* Add subject email for checking. */
- if (cert->subjectEmail != NULL) {
- /* RFC 5280 section 4.2.1.10
- * "When constraints are imposed on the rfc822Name name
- * form, but the certificate does not include a subject
- * alternative name, the rfc822Name constraint MUST be
- * applied to the attribute of type emailAddress in the
- * subject distinguished name" */
- subjectDnsName.next = NULL;
- subjectDnsName.type = ASN_RFC822_TYPE;
- subjectDnsName.len = cert->subjectEmailLen;
- subjectDnsName.name = (char *)cert->subjectEmail;
- }
- break;
- case ASN_DIR_TYPE:
- #ifndef WOLFSSL_NO_ASN_STRICT
- name = cert->altDirNames;
- #endif
- /* RFC 5280 section 4.2.1.10
- "Restrictions of the form directoryName MUST be
- applied to the subject field .... and to any names
- of type directoryName in the subjectAltName
- extension"
- */
- if (cert->subjectRaw != NULL) {
- subjectDnsName.next = NULL;
- subjectDnsName.type = ASN_DIR_TYPE;
- subjectDnsName.len = cert->subjectRawLen;
- subjectDnsName.name = (char *)cert->subjectRaw;
- }
- break;
- default:
- /* Other types of names are ignored for now.
- * Shouldn't it be rejected if it there is a altNamesByType[nameType]
- * and signer->extNameConstraintCrit is set? */
- return 0;
- }
- while (name != NULL) {
- if (IsInExcludedList(name, signer->excludedNames, nameType) == 1) {
- WOLFSSL_MSG("Excluded name was found!");
- return 0;
- }
- /* Check against the permitted list */
- if (PermittedListOk(name, signer->permittedNames, nameType) != 1) {
- WOLFSSL_MSG("Permitted name was not found!");
- return 0;
- }
- name = name->next;
- }
- /* handle comparing against subject name too */
- if (subjectDnsName.len > 0 && subjectDnsName.name != NULL) {
- if (IsInExcludedList(&subjectDnsName, signer->excludedNames,
- nameType) == 1) {
- WOLFSSL_MSG("Excluded name was found!");
- return 0;
- }
- /* Check against the permitted list */
- if (PermittedListOk(&subjectDnsName, signer->permittedNames,
- nameType) != 1) {
- WOLFSSL_MSG("Permitted name was not found!");
- return 0;
- }
- }
- }
- return 1;
- }
- #endif /* IGNORE_NAME_CONSTRAINTS */
- #ifndef WOLFSSL_ASN_TEMPLATE
- static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
- {
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
- dnsEntry->next = NULL;
- if (cert->altNames == NULL) {
- /* First on list */
- cert->altNames = dnsEntry;
- }
- else {
- DNS_entry* temp = cert->altNames;
- /* Find end */
- for (; (temp->next != NULL); temp = temp->next);
- /* Add to end */
- temp->next = dnsEntry;
- }
- #else
- dnsEntry->next = cert->altNames;
- cert->altNames = dnsEntry;
- #endif
- }
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI)
- /* ASN.1 template for OtherName of an X.509 certificate.
- * X.509: RFC 5280, 4.2.1.6 - OtherName (without implicit outer SEQUENCE).
- * HW Name: RFC 4108, 5 - Hardware Module Name
- * Only support HW Name where the type is a HW serial number.
- *
- * Other Names handled for FPKI (Federal PKI) use:
- * UPN (Universal Principal Name), a non-standard Other Name
- * (RFC3280 sec 4.2.1.7). Often used with FIPS 201 smartcard login.
- * FASC-N (Federal Agency Smart Credential Number), defined in the document
- * fpki-x509-cert-policy-common.pdf. Used for a smart card ID.
- */
- static const ASNItem otherNameASN[] = {
- /* TYPEID */ { 0, ASN_OBJECT_ID, 0, 0, 0 },
- /* VALUE */ { 0, ASN_CONTEXT_SPECIFIC | ASN_OTHERNAME_VALUE, 1, 1, 0 },
- /* UPN */ { 1, ASN_UTF8STRING, 0, 0, 2 },
- /* FASC-N */ { 1, ASN_OCTET_STRING, 0, 0, 2 },
- /* HWN_SEQ */ { 1, ASN_SEQUENCE, 1, 0, 2 },
- /* HWN_TYPE */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* HWN_NUM */ { 2, ASN_OCTET_STRING, 0, 0, 0 }
- };
- enum {
- OTHERNAMEASN_IDX_TYPEID = 0,
- OTHERNAMEASN_IDX_VALUE,
- OTHERNAMEASN_IDX_UPN,
- OTHERNAMEASN_IDX_FASCN,
- OTHERNAMEASN_IDX_HWN_SEQ,
- OTHERNAMEASN_IDX_HWN_TYPE,
- OTHERNAMEASN_IDX_HWN_NUM
- };
- /* Number of items in ASN.1 template for OtherName of an X.509 certificate. */
- #define otherNameASN_Length (sizeof(otherNameASN) / sizeof(ASNItem))
- #ifdef WOLFSSL_SEP
- static int DecodeSEP(ASNGetData* dataASN, DecodedCert* cert)
- {
- int ret = 0;
- word32 oidLen, serialLen;
- oidLen = dataASN[OTHERNAMEASN_IDX_HWN_TYPE].data.oid.length;
- serialLen = dataASN[OTHERNAMEASN_IDX_HWN_NUM].data.ref.length;
- /* Allocate space for HW type OID. */
- cert->hwType = (byte*)XMALLOC(oidLen, cert->heap,
- DYNAMIC_TYPE_X509_EXT);
- if (cert->hwType == NULL)
- ret = MEMORY_E;
- if (ret == 0) {
- /* Copy, into cert HW type OID */
- XMEMCPY(cert->hwType,
- dataASN[OTHERNAMEASN_IDX_HWN_TYPE].data.oid.data, oidLen);
- cert->hwTypeSz = (int)oidLen;
- /* TODO: check this is the HW serial number OID - no test data. */
- /* Allocate space for HW serial number, +1 for null terminator. */
- cert->hwSerialNum = (byte*)XMALLOC(serialLen + 1, cert->heap,
- DYNAMIC_TYPE_X509_EXT);
- if (cert->hwSerialNum == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- ret = MEMORY_E;
- }
- }
- if (ret == 0) {
- /* Copy into cert HW serial number. */
- XMEMCPY(cert->hwSerialNum,
- dataASN[OTHERNAMEASN_IDX_HWN_NUM].data.ref.data, serialLen);
- cert->hwSerialNum[serialLen] = '\0';
- cert->hwSerialNumSz = (int)serialLen;
- }
- return ret;
- }
- #endif /* WOLFSSL_SEP */
- static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
- {
- DNS_entry* entry = NULL;
- int ret = 0;
- word32 bufLen = 0;
- const char* buf = NULL;
- switch (oid) {
- #ifdef WOLFSSL_FPKI
- case FASCN_OID:
- bufLen = dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.length;
- buf = (const char*)dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.data;
- break;
- #endif /* WOLFSSL_FPKI */
- case UPN_OID:
- bufLen = dataASN[OTHERNAMEASN_IDX_UPN].data.ref.length;
- buf = (const char*)dataASN[OTHERNAMEASN_IDX_UPN].data.ref.data;
- break;
- default:
- WOLFSSL_ERROR_VERBOSE(ASN_UNKNOWN_OID_E);
- ret = ASN_UNKNOWN_OID_E;
- break;
- }
- if (ret == 0) {
- ret = SetDNSEntry(cert, buf, (int)bufLen, ASN_OTHER_TYPE, &entry);
- if (ret == 0) {
- #ifdef WOLFSSL_FPKI
- entry->oidSum = oid;
- #endif
- AddDNSEntryToList(&cert->altNames, entry);
- }
- }
- return ret;
- }
- /* Decode data with OtherName format from after implicit SEQUENCE.
- *
- * @param [in, out] cert Certificate object.
- * @param [in] input Buffer containing encoded OtherName.
- * @param [in, out] inOutIdx On in, the index of the start of the OtherName.
- * On out, index after OtherName.
- * @param [in] maxIdx Maximum index of data in buffer.
- * @return 0 on success.
- * @return MEMORY_E on dynamic memory allocation failure.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return ASN_PARSE_E when OID does is not HW Name.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- * @return BUFFER_E when data in buffer is too small.
- */
- static int DecodeOtherName(DecodedCert* cert, const byte* input,
- word32* inOutIdx, word32 maxIdx)
- {
- DECL_ASNGETDATA(dataASN, otherNameASN_Length);
- int ret = 0;
- CALLOC_ASNGETDATA(dataASN, otherNameASN_Length, ret, cert->heap);
- if (ret == 0) {
- /* Check the first OID is a recognized Alt Cert Name type. */
- GetASN_OID(&dataASN[OTHERNAMEASN_IDX_TYPEID], oidCertAltNameType);
- /* Parse OtherName. */
- ret = GetASN_Items(otherNameASN, dataASN, otherNameASN_Length, 1, input,
- inOutIdx, maxIdx);
- }
- if (ret == 0) {
- /* Ensure expected OID. */
- switch (dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum) {
- #ifdef WOLFSSL_SEP
- case HW_NAME_OID:
- /* Only support HW serial number. */
- GetASN_OID(&dataASN[OTHERNAMEASN_IDX_HWN_TYPE], oidIgnoreType);
- ret = DecodeSEP(dataASN, cert);
- break;
- #endif /* WOLFSSL_SEP */
- #ifdef WOLFSSL_FPKI
- case FASCN_OID:
- #endif /* WOLFSSL_FPKI */
- case UPN_OID:
- ret = DecodeOtherHelper(dataASN, cert,
- (int)dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum);
- break;
- default:
- WOLFSSL_MSG("\tunsupported OID skipping");
- break;
- }
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- }
- #endif /* WOLFSSL_SEP || WOLFSSL_FPKI */
- /* Decode a GeneralName.
- *
- * @param [in] input Buffer containing encoded OtherName.
- * @param [in, out] inOutIdx On in, the index of the start of the OtherName.
- * On out, index after OtherName.
- * @param [in] len Length of data in buffer.
- * @param [in] cert Decoded certificate object.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
- int len, DecodedCert* cert)
- {
- int ret = 0;
- word32 idx = *inOutIdx;
- /* GeneralName choice: dnsName */
- if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
- ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_DNS_TYPE,
- &cert->altNames);
- if (ret == 0) {
- idx += (word32)len;
- }
- }
- #ifndef IGNORE_NAME_CONSTRAINTS
- /* GeneralName choice: directoryName */
- else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) {
- int strLen;
- word32 idxDir = idx;
- /* Expecting a SEQUENCE using up all data. */
- if (GetASN_Sequence(input, &idxDir, &strLen, idx + (word32)len, 1) < 0)
- {
- WOLFSSL_MSG("\tfail: seq length");
- return ASN_PARSE_E;
- }
- ret = SetDNSEntry(cert, (const char*)(input + idxDir), strLen,
- ASN_DIR_TYPE, &cert->altDirNames);
- if (ret == 0) {
- idx += (word32)len;
- }
- }
- /* GeneralName choice: rfc822Name */
- else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
- ret = SetDNSEntry(cert, (const char*)(input + idx), len,
- ASN_RFC822_TYPE, &cert->altEmailNames);
- if (ret == 0) {
- idx += (word32)len;
- }
- }
- /* GeneralName choice: uniformResourceIdentifier */
- else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
- WOLFSSL_MSG("\tPutting URI into list but not using");
- #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
- /* Verify RFC 5280 Sec 4.2.1.6 rule:
- "The name MUST NOT be a relative URI"
- As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
- a scheme and hier-part. So the only strict requirement is a ':'
- being present after the scheme. If a '/' is present as part of the
- hier-part, it must come after the ':' (see RFC 3986 Sec 3). */
- {
- int i;
- /* skip past scheme (i.e http,ftp,...) finding first ':' char */
- for (i = 0; i < len; i++) {
- if (input[idx + (word32)i] == ':') {
- break;
- }
- if (input[idx + (word32)i] == '/') {
- i = len; /* error, found relative path since '/' was
- * encountered before ':'. Returning error
- * value in next if statement. */
- }
- }
- /* test hier-part is empty */
- if (i == 0 || i == len) {
- WOLFSSL_MSG("\tEmpty or malformed URI");
- WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
- return ASN_ALT_NAME_E;
- }
- /* test if scheme is missing */
- if (input[idx + (word32)i] != ':') {
- WOLFSSL_MSG("\tAlt Name must be absolute URI");
- WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
- return ASN_ALT_NAME_E;
- }
- }
- #endif
- ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_URI_TYPE,
- &cert->altNames);
- if (ret == 0) {
- idx += (word32)len;
- }
- }
- #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
- defined(WOLFSSL_IP_ALT_NAME)
- /* GeneralName choice: iPAddress */
- else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
- ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_IP_TYPE,
- &cert->altNames);
- if (ret == 0) {
- idx += (word32)len;
- }
- }
- #endif /* WOLFSSL_QT || OPENSSL_ALL */
- /* GeneralName choice: registeredID */
- else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
- ret = SetDNSEntry(cert, (const char*)(input + idx), len,
- ASN_RID_TYPE, &cert->altNames);
- if (ret == 0) {
- idx += (word32)len;
- }
- }
- #endif /* IGNORE_NAME_CONSTRAINTS */
- #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI)
- /* GeneralName choice: otherName */
- else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
- /* TODO: test data for code path */
- ret = DecodeOtherName(cert, input, &idx, idx + (word32)len);
- }
- #endif
- /* GeneralName choice: dNSName, x400Address, ediPartyName */
- else {
- WOLFSSL_MSG("\tUnsupported name type, skipping");
- idx += (word32)len;
- }
- if (ret == 0) {
- /* Return index of next encoded byte. */
- *inOutIdx = idx;
- }
- return ret;
- }
- /* ASN.1 choices for GeneralName.
- * X.509: RFC 5280, 4.2.1.6 - GeneralName.
- */
- static const byte generalNameChoice[] = {
- ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0,
- ASN_CONTEXT_SPECIFIC | 1,
- ASN_CONTEXT_SPECIFIC | 2,
- ASN_CONTEXT_SPECIFIC | 3,
- ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 4,
- ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 5,
- ASN_CONTEXT_SPECIFIC | 6,
- ASN_CONTEXT_SPECIFIC | 7,
- ASN_CONTEXT_SPECIFIC | 8,
- 0
- };
- /* ASN.1 template for GeneralName.
- * X.509: RFC 5280, 4.2.1.6 - GeneralName.
- */
- static const ASNItem altNameASN[] = {
- { 0, ASN_CONTEXT_SPECIFIC | 0, 0, 1, 0 }
- };
- enum {
- ALTNAMEASN_IDX_GN = 0
- };
- /* Number of items in ASN.1 template for GeneralName. */
- #define altNameASN_Length (sizeof(altNameASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #if defined(WOLFSSL_SEP) && !defined(WOLFSSL_ASN_TEMPLATE)
- /* return 0 on success */
- static int DecodeSepHwAltName(DecodedCert* cert, const byte* input,
- word32* idxIn, word32 sz)
- {
- word32 idx = *idxIn;
- int strLen;
- int ret;
- byte tag;
- /* Certificates issued with this OID in the subject alt name are for
- * verifying signatures created on a module.
- * RFC 4108 Section 5. */
- if (cert->hwType != NULL) {
- WOLFSSL_MSG("\tAlready seen Hardware Module Name");
- return ASN_PARSE_E;
- }
- if (GetASNTag(input, &idx, &tag, sz) < 0) {
- return ASN_PARSE_E;
- }
- if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) {
- WOLFSSL_MSG("\twrong type");
- return ASN_PARSE_E;
- }
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str len");
- return ASN_PARSE_E;
- }
- if (GetSequence(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tBad Sequence");
- return ASN_PARSE_E;
- }
- ret = GetASNObjectId(input, &idx, &strLen, sz);
- if (ret != 0) {
- WOLFSSL_MSG("\tbad OID");
- return ret;
- }
- cert->hwType = (byte*)XMALLOC((size_t)strLen, cert->heap,
- DYNAMIC_TYPE_X509_EXT);
- if (cert->hwType == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- XMEMCPY(cert->hwType, &input[idx], (size_t)strLen);
- cert->hwTypeSz = strLen;
- idx += (word32)strLen;
- ret = GetOctetString(input, &idx, &strLen, sz);
- if (ret < 0) {
- XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT);
- cert->hwType = NULL;
- return ret;
- }
- cert->hwSerialNum = (byte*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_X509_EXT);
- if (cert->hwSerialNum == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT);
- cert->hwType = NULL;
- return MEMORY_E;
- }
- XMEMCPY(cert->hwSerialNum, &input[idx], (size_t)strLen);
- cert->hwSerialNum[strLen] = '\0';
- cert->hwSerialNumSz = strLen;
- idx += (word32)strLen;
- *idxIn = idx;
- return 0;
- }
- #endif /* WOLFSSL_SEP */
- #if !defined(WOLFSSL_ASN_TEMPLATE)
- /* return 0 on success */
- static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input,
- word32* idx, word32 sz, int oid)
- {
- int ret = 0;
- int strLen = 0;
- byte tag;
- DNS_entry* dnsEntry = NULL;
- if (GetASNTag(input, idx, &tag, sz) < 0) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0 && (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED))) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0 && (GetLength(input, idx, &strLen, sz) < 0)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- dnsEntry = AltNameNew(cert->heap);
- if (dnsEntry == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- switch (oid) {
- #ifdef WOLFSSL_FPKI
- case FASCN_OID:
- ret = GetOctetString(input, idx, &strLen, sz);
- if (ret > 0) {
- ret = 0;
- }
- break;
- #endif /* WOLFSSL_FPKI */
- case UPN_OID:
- if (GetASNTag(input, idx, &tag, sz) < 0) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0 &&
- tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING &&
- tag != ASN_IA5_STRING) {
- WOLFSSL_MSG("Was expecting a string for UPN");
- ret = ASN_PARSE_E;
- }
- if (ret == 0 && (GetLength(input, idx, &strLen, sz) < 0)) {
- WOLFSSL_MSG("Was expecting a string for UPN");
- ret = ASN_PARSE_E;
- }
- break;
- default:
- WOLFSSL_MSG("Unknown constructed other name, skipping");
- XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- dnsEntry = NULL;
- }
- }
- if (ret == 0 && dnsEntry != NULL) {
- dnsEntry->type = ASN_OTHER_TYPE;
- dnsEntry->len = strLen;
- dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- #ifdef WOLFSSL_FPKI
- dnsEntry->oidSum = oid;
- #endif /* WOLFSSL_FPKI */
- if (dnsEntry->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- ret = MEMORY_E;
- }
- else {
- XMEMCPY(dnsEntry->name, &input[*idx], (size_t)strLen);
- dnsEntry->name[strLen] = '\0';
- AddAltName(cert, dnsEntry);
- }
- }
- if (ret == 0) {
- *idx += (word32)strLen;
- }
- else {
- XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- }
- return ret;
- }
- #endif
- /* Decode subject alternative names extension.
- *
- * RFC 5280 4.2.1.6. Subject Alternative Name
- *
- * @param [in] input Buffer holding encoded data.
- * @param [in] sz Size of encoded data in bytes.
- * @param [in, out] cert Decoded certificate object.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int length = 0;
- WOLFSSL_ENTER("DecodeAltNames");
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tBad Sequence");
- return ASN_PARSE_E;
- }
- if (length == 0) {
- /* RFC 5280 4.2.1.6. Subject Alternative Name
- If the subjectAltName extension is present, the sequence MUST
- contain at least one entry. */
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- #ifdef OPENSSL_ALL
- cert->extSubjAltNameSrc = input;
- cert->extSubjAltNameSz = sz;
- #endif
- cert->weOwnAltNames = 1;
- while (length > 0) {
- byte current_byte;
- /* Verify idx can't overflow input buffer */
- if (idx >= (word32)sz) {
- WOLFSSL_MSG("\tBad Index");
- return BUFFER_E;
- }
- current_byte = input[idx++];
- length--;
- /* Save DNS Type names in the altNames list. */
- /* Save Other Type names in the cert's OidMap */
- if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
- DNS_entry* dnsEntry;
- int strLen;
- word32 lenStartIdx = idx;
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str length");
- return ASN_PARSE_E;
- }
- length -= (int)(idx - lenStartIdx);
- dnsEntry = AltNameNew(cert->heap);
- if (dnsEntry == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- dnsEntry->type = ASN_DNS_TYPE;
- dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (dnsEntry->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- dnsEntry->len = strLen;
- XMEMCPY(dnsEntry->name, &input[idx], (size_t)strLen);
- dnsEntry->name[strLen] = '\0';
- AddAltName(cert, dnsEntry);
- length -= strLen;
- idx += (word32)strLen;
- }
- #ifndef IGNORE_NAME_CONSTRAINTS
- else if (current_byte ==
- (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) {
- DNS_entry* dirEntry;
- int strLen;
- word32 lenStartIdx = idx;
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str length");
- return ASN_PARSE_E;
- }
- if (GetSequence(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: seq length");
- return ASN_PARSE_E;
- }
- length -= (int)(idx - lenStartIdx);
- dirEntry = AltNameNew(cert->heap);
- if (dirEntry == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- dirEntry->type = ASN_DIR_TYPE;
- dirEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (dirEntry->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(dirEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- dirEntry->len = strLen;
- XMEMCPY(dirEntry->name, &input[idx], (size_t)strLen);
- dirEntry->name[strLen] = '\0';
- dirEntry->next = cert->altDirNames;
- cert->altDirNames = dirEntry;
- length -= strLen;
- idx += (word32)strLen;
- }
- else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
- DNS_entry* emailEntry;
- int strLen;
- word32 lenStartIdx = idx;
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str length");
- return ASN_PARSE_E;
- }
- length -= (int)(idx - lenStartIdx);
- emailEntry = AltNameNew(cert->heap);
- if (emailEntry == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- emailEntry->type = ASN_RFC822_TYPE;
- emailEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (emailEntry->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- emailEntry->len = strLen;
- XMEMCPY(emailEntry->name, &input[idx], (size_t)strLen);
- emailEntry->name[strLen] = '\0';
- emailEntry->next = cert->altEmailNames;
- cert->altEmailNames = emailEntry;
- length -= strLen;
- idx += (word32)strLen;
- }
- else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
- DNS_entry* uriEntry;
- int strLen;
- word32 lenStartIdx = idx;
- WOLFSSL_MSG("\tPutting URI into list but not using");
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str length");
- return ASN_PARSE_E;
- }
- length -= (int)(idx - lenStartIdx);
- /* check that strLen at index is not past input buffer */
- if ((word32)strLen + idx > sz) {
- return BUFFER_E;
- }
- #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
- /* Verify RFC 5280 Sec 4.2.1.6 rule:
- "The name MUST NOT be a relative URI"
- As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
- a scheme and hier-part. So the only strict requirement is a ':'
- being present after the scheme. If a '/' is present as part of the
- hier-part, it must come after the ':' (see RFC 3986 Sec 3). */
- {
- word32 i;
- /* skip past scheme (i.e http,ftp,...) finding first ':' char */
- for (i = 0; i < (word32)strLen; i++) {
- if (input[idx + i] == ':') {
- break;
- }
- if (input[idx + i] == '/') {
- WOLFSSL_MSG("\tAlt Name must be absolute URI");
- WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
- return ASN_ALT_NAME_E;
- }
- }
- /* test hier-part is empty */
- if (i == 0 || i == (word32)strLen) {
- WOLFSSL_MSG("\tEmpty or malformed URI");
- WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
- return ASN_ALT_NAME_E;
- }
- /* test if scheme is missing */
- if (input[idx + i] != ':') {
- WOLFSSL_MSG("\tAlt Name must be absolute URI");
- WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
- return ASN_ALT_NAME_E;
- }
- }
- #endif
- uriEntry = AltNameNew(cert->heap);
- if (uriEntry == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- uriEntry->type = ASN_URI_TYPE;
- uriEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (uriEntry->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- uriEntry->len = strLen;
- XMEMCPY(uriEntry->name, &input[idx], (size_t)strLen);
- uriEntry->name[strLen] = '\0';
- AddAltName(cert, uriEntry);
- length -= strLen;
- idx += (word32)strLen;
- }
- #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
- DNS_entry* ipAddr;
- int strLen;
- word32 lenStartIdx = idx;
- WOLFSSL_MSG("Decoding Subject Alt. Name: IP Address");
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str length");
- return ASN_PARSE_E;
- }
- length -= (idx - lenStartIdx);
- /* check that strLen at index is not past input buffer */
- if (strLen + idx > sz) {
- return BUFFER_E;
- }
- ipAddr = AltNameNew(cert->heap);
- if (ipAddr == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- ipAddr->type = ASN_IP_TYPE;
- ipAddr->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (ipAddr->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- ipAddr->len = strLen;
- XMEMCPY(ipAddr->name, &input[idx], strLen);
- ipAddr->name[strLen] = '\0';
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) {
- WOLFSSL_MSG("\tOut of Memory for IP string");
- XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
- XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
- AddAltName(cert, ipAddr);
- length -= strLen;
- idx += (word32)strLen;
- }
- #endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
- #if defined(OPENSSL_ALL)
- else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
- DNS_entry* rid;
- int strLen;
- word32 lenStartIdx = idx;
- WOLFSSL_MSG("Decoding Subject Alt. Name: Registered Id");
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: str length");
- return ASN_PARSE_E;
- }
- length -= (idx - lenStartIdx);
- /* check that strLen at index is not past input buffer */
- if (strLen + idx > sz) {
- return BUFFER_E;
- }
- rid = AltNameNew(cert->heap);
- if (rid == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
- rid->type = ASN_RID_TYPE;
- rid->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
- DYNAMIC_TYPE_ALTNAME);
- if (rid->name == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- rid->len = strLen;
- XMEMCPY(rid->name, &input[idx], strLen);
- rid->name[strLen] = '\0';
- if (GenerateDNSEntryRIDString(rid, cert->heap) != 0) {
- WOLFSSL_MSG("\tOut of Memory for registered Id string");
- XFREE(rid->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
- XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- AddAltName(cert, rid);
- length -= strLen;
- idx += (word32)strLen;
- }
- #endif /* OPENSSL_ALL */
- #endif /* IGNORE_NAME_CONSTRAINTS */
- else if (current_byte ==
- (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
- int strLen;
- word32 lenStartIdx = idx;
- word32 oid = 0;
- int ret = 0;
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: other name length");
- return ASN_PARSE_E;
- }
- /* Consume the rest of this sequence. */
- length -= (int)(((word32)strLen + idx - lenStartIdx));
- if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) {
- WOLFSSL_MSG("\tbad OID");
- return ASN_PARSE_E;
- }
- /* handle parsing other type alt names */
- switch (oid) {
- #ifdef WOLFSSL_SEP
- case HW_NAME_OID:
- ret = DecodeSepHwAltName(cert, input, &idx, sz);
- if (ret != 0)
- return ret;
- break;
- #endif /* WOLFSSL_SEP */
- #ifdef WOLFSSL_FPKI
- case FASCN_OID:
- case UPN_OID:
- ret = DecodeConstructedOtherName(cert, input, &idx, sz,
- oid);
- if (ret != 0)
- return ret;
- break;
- #endif /* WOLFSSL_FPKI */
- default:
- WOLFSSL_MSG("\tUnsupported other name type, skipping");
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- /* check to skip constructed other names too */
- if (DecodeConstructedOtherName(cert, input, &idx, sz,
- (int)oid) != 0) {
- WOLFSSL_MSG("\tfail: unsupported other name length");
- return ASN_PARSE_E;
- }
- }
- else {
- idx += (word32)strLen;
- }
- }
- (void)ret;
- }
- else {
- int strLen;
- word32 lenStartIdx = idx;
- WOLFSSL_MSG("\tUnsupported name type, skipping");
- if (GetLength(input, &idx, &strLen, sz) < 0) {
- WOLFSSL_MSG("\tfail: unsupported name length");
- return ASN_PARSE_E;
- }
- length -= (int)((word32)strLen + idx - lenStartIdx);
- idx += (word32)strLen;
- }
- }
- return 0;
- #else
- word32 idx = 0;
- int length = 0;
- int ret = 0;
- WOLFSSL_ENTER("DecodeAltNames");
- /* Get SEQUENCE and expect all data to be accounted for. */
- if (GetASN_Sequence(input, &idx, &length, sz, 1) != 0) {
- WOLFSSL_MSG("\tBad Sequence");
- ret = ASN_PARSE_E;
- }
- if ((ret == 0) && (length == 0)) {
- /* RFC 5280 4.2.1.6. Subject Alternative Name
- If the subjectAltName extension is present, the sequence MUST
- contain at least one entry. */
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- #ifdef OPENSSL_ALL
- cert->extSubjAltNameSrc = input;
- cert->extSubjAltNameSz = sz;
- #endif
- cert->weOwnAltNames = 1;
- if ((word32)length + idx != sz) {
- ret = ASN_PARSE_E;
- }
- }
- while ((ret == 0) && (idx < sz)) {
- ASNGetData dataASN[altNameASN_Length];
- /* Clear dynamic data items. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- /* Parse GeneralName with the choices supported. */
- GetASN_Choice(&dataASN[ALTNAMEASN_IDX_GN], generalNameChoice);
- /* Decode a GeneralName choice. */
- ret = GetASN_Items(altNameASN, dataASN, altNameASN_Length, 0, input,
- &idx, sz);
- if (ret == 0) {
- ret = DecodeGeneralName(input, &idx, dataASN[ALTNAMEASN_IDX_GN].tag,
- (int)dataASN[ALTNAMEASN_IDX_GN].length, cert);
- }
- }
- return ret;
- #endif
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for BasicConstraints.
- * X.509: RFC 5280, 4.2.1.9 - BasicConstraints.
- */
- static const ASNItem basicConsASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* CA */ { 1, ASN_BOOLEAN, 0, 0, 1 },
- /* PLEN */ { 1, ASN_INTEGER, 0, 0, 1 }
- };
- enum {
- BASICCONSASN_IDX_SEQ = 0,
- BASICCONSASN_IDX_CA,
- BASICCONSASN_IDX_PLEN
- };
- /* Number of items in ASN.1 template for BasicContraints. */
- #define basicConsASN_Length (sizeof(basicConsASN) / sizeof(ASNItem))
- #endif
- /* Decode basic constraints extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.9 - BasicConstraints.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return MEMORY_E on dynamic memory allocation failure.
- * @return ASN_PARSE_E when CA boolean is present and false (default is false).
- * @return ASN_PARSE_E when CA boolean is not present unless
- * WOLFSSL_X509_BASICCONS_INT is defined. Only a CA extension.
- * @return ASN_PARSE_E when path length more than 7 bits.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- */
- static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int length = 0;
- int ret;
- WOLFSSL_ENTER("DecodeBasicCaConstraint");
- if (GetSequence(input, &idx, &length, (word32)sz) < 0) {
- WOLFSSL_MSG("\tfail: bad SEQUENCE");
- return ASN_PARSE_E;
- }
- if (length == 0)
- return 0;
- /* If the basic ca constraint is false, this extension may be named, but
- * left empty. So, if the length is 0, just return. */
- ret = GetBoolean(input, &idx, (word32)sz);
- /* Removed logic for WOLFSSL_X509_BASICCONS_INT which was mistreating the
- * pathlen value as if it were the CA Boolean value 7/2/2021 - KH.
- * When CA Boolean not asserted use the default value "False" */
- if (ret < 0) {
- WOLFSSL_MSG("\tfail: constraint not valid BOOLEAN, set default FALSE");
- ret = 0;
- }
- cert->isCA = ret ? 1 : 0;
- /* If there isn't any more data, return. */
- if (idx >= (word32)sz) {
- return 0;
- }
- ret = GetInteger7Bit(input, &idx, (word32)sz);
- if (ret < 0)
- return ret;
- cert->pathLength = (byte)ret;
- cert->pathLengthSet = 1;
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, basicConsASN_Length);
- int ret = 0;
- word32 idx = 0;
- byte isCA = 0;
- WOLFSSL_ENTER("DecodeBasicCaConstraint");
- CALLOC_ASNGETDATA(dataASN, basicConsASN_Length, ret, cert->heap);
- if (ret == 0) {
- /* Get the CA boolean and path length when present. */
- GetASN_Boolean(&dataASN[BASICCONSASN_IDX_CA], &isCA);
- GetASN_Int8Bit(&dataASN[BASICCONSASN_IDX_PLEN], &cert->pathLength);
- ret = GetASN_Items(basicConsASN, dataASN, basicConsASN_Length, 1, input,
- &idx, (word32)sz);
- }
- /* Empty SEQUENCE is OK - nothing to store. */
- if ((ret == 0) && (dataASN[BASICCONSASN_IDX_SEQ].length != 0)) {
- /* Bad encoding when CA Boolean is false
- * (default when not present). */
- #if !defined(ASN_TEMPLATE_SKIP_ISCA_CHECK) && \
- !defined(WOLFSSL_ALLOW_ENCODING_CA_FALSE)
- if ((dataASN[BASICCONSASN_IDX_CA].length != 0) && (!isCA)) {
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- #endif
- /* Path length must be a 7-bit value. */
- if ((ret == 0) && (cert->pathLength >= (1 << 7))) {
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- if ((ret == 0) && cert->pathLength > WOLFSSL_MAX_PATH_LEN) {
- WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_SIZE_E);
- ret = ASN_PATHLEN_SIZE_E;
- }
- /* Store CA boolean and whether a path length was seen. */
- if (ret == 0) {
- /* isCA in certificate is a 1 bit of a byte. */
- cert->isCA = isCA ? 1 : 0;
- cert->pathLengthSet = (dataASN[BASICCONSASN_IDX_PLEN].length > 0);
- }
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- #endif
- }
- static int DecodePolicyConstraints(const byte* input, int sz, DecodedCert* cert)
- {
- word32 idx = 0;
- int length = 0;
- int skipLength = 0;
- int ret;
- byte tag;
- WOLFSSL_ENTER("DecodePolicyConstraints");
- if (GetSequence(input, &idx, &length, (word32)sz) < 0) {
- WOLFSSL_MSG("\tfail: bad SEQUENCE");
- return ASN_PARSE_E;
- }
- if (length == 0)
- return ASN_PARSE_E;
- if (GetASNTag(input, &idx, &tag, (word32)sz) < 0) {
- WOLFSSL_MSG("\tfail: bad TAG");
- return ASN_PARSE_E;
- }
- if (tag == (ASN_CONTEXT_SPECIFIC | 0)) {
- /* requireExplicitPolicy */
- cert->extPolicyConstRxpSet = 1;
- }
- else if (tag == (ASN_CONTEXT_SPECIFIC | 1)) {
- /* inhibitPolicyMapping */
- cert->extPolicyConstIpmSet = 1;
- }
- else {
- WOLFSSL_MSG("\tfail: invalid TAG");
- return ASN_PARSE_E;
- }
- ret = GetLength(input, &idx, &skipLength, (word32)sz);
- if (ret < 0) {
- WOLFSSL_MSG("\tfail: invalid length");
- return ret;
- }
- if (skipLength > 1) {
- WOLFSSL_MSG("\tfail: skip value too big");
- return BUFFER_E;
- }
- if (idx >= (word32)sz) {
- WOLFSSL_MSG("\tfail: no policy const skip to read");
- return BUFFER_E;
- }
- cert->policyConstSkip = input[idx];
- return 0;
- }
- /* Context-Specific value for: DistributionPoint.distributionPoint
- * From RFC5280 SS4.2.1.13, Distribution Point */
- #define DISTRIBUTION_POINT (ASN_CONTEXT_SPECIFIC | 0)
- /* Context-Specific value for: DistributionPoint.DistributionPointName.fullName
- * From RFC3280 SS4.2.1.13, Distribution Point Name */
- #define CRLDP_FULL_NAME (ASN_CONTEXT_SPECIFIC | 0)
- /* Context-Specific value for choice: GeneralName.uniformResourceIdentifier
- * From RFC3280 SS4.2.1.7, GeneralName */
- #define GENERALNAME_URI (ASN_CONTEXT_SPECIFIC | 6)
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for CRL distribution points.
- * X.509: RFC 5280, 4.2.1.13 - CRL Distribution Points.
- */
- static const ASNItem crlDistASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* DP_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* Distribution point name */
- /* DP_DISTPOINT */ { 2, DISTRIBUTION_POINT, 1, 1, 1 },
- /* fullName */
- /* DP_DISTPOINT_FN */ { 3, CRLDP_FULL_NAME, 1, 1, 2 },
- /* DP_DISTPOINT_FN_GN */ { 4, GENERALNAME_URI, 0, 0, 0 },
- /* nameRelativeToCRLIssuer */
- /* DP_DISTPOINT_RN */ { 3, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 },
- /* reasons: IMPLICIT BIT STRING */
- /* DP_REASONS */ { 2, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 1 },
- /* cRLIssuer */
- /* DP_CRLISSUER */ { 2, ASN_CONTEXT_SPECIFIC | 2, 1, 0, 1 },
- };
- enum {
- CRLDISTASN_IDX_SEQ = 0,
- CRLDISTASN_IDX_DP_SEQ,
- CRLDISTASN_IDX_DP_DISTPOINT,
- CRLDISTASN_IDX_DP_DISTPOINT_FN,
- CRLDISTASN_IDX_DP_DISTPOINT_FN_GN,
- CRLDISTASN_IDX_DP_DISTPOINT_RN, /* Relative name */
- CRLDISTASN_IDX_DP_REASONS,
- CRLDISTASN_IDX_DP_CRLISSUER
- };
- /* Number of items in ASN.1 template for CRL distribution points. */
- #define crlDistASN_Length (sizeof(crlDistASN) / sizeof(ASNItem))
- #endif
- /* Decode CRL distribution point extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.13 - CRL Distribution Points.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return MEMORY_E on dynamic memory allocation failure.
- * @return ASN_PARSE_E when invalid bits of reason are set.
- * @return ASN_PARSE_E when BITSTRING value is more than 2 bytes.
- * @return ASN_PARSE_E when unused bits of BITSTRING is invalid.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- */
- static int DecodeCrlDist(const byte* input, word32 sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0, localIdx;
- int length = 0;
- byte tag = 0;
- WOLFSSL_ENTER("DecodeCrlDist");
- cert->extCrlInfoRaw = input;
- cert->extCrlInfoRawSz = (int)sz;
- /* Unwrap the list of Distribution Points*/
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- /* Unwrap a single Distribution Point */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- /* The Distribution Point has three explicit optional members
- * First check for a DistributionPointName
- */
- localIdx = idx;
- if (GetASNTag(input, &localIdx, &tag, sz) == 0 &&
- tag == (ASN_CONSTRUCTED | DISTRIBUTION_POINT))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- localIdx = idx;
- if (GetASNTag(input, &localIdx, &tag, sz) == 0 &&
- tag == (ASN_CONSTRUCTED | CRLDP_FULL_NAME))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- localIdx = idx;
- if (GetASNTag(input, &localIdx, &tag, sz) == 0 &&
- tag == GENERALNAME_URI)
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- cert->extCrlInfoSz = length;
- cert->extCrlInfo = input + idx;
- idx += (word32)length;
- }
- else
- /* This isn't a URI, skip it. */
- idx += (word32)length;
- }
- else {
- /* This isn't a FULLNAME, skip it. */
- idx += (word32)length;
- }
- }
- /* Check for reasonFlags */
- localIdx = idx;
- if (idx < (word32)sz &&
- GetASNTag(input, &localIdx, &tag, sz) == 0 &&
- tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- idx += (word32)length;
- }
- /* Check for cRLIssuer */
- localIdx = idx;
- if (idx < (word32)sz &&
- GetASNTag(input, &localIdx, &tag, sz) == 0 &&
- tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2))
- {
- idx++;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- idx += (word32)length;
- }
- if (idx < (word32)sz)
- {
- WOLFSSL_MSG("\tThere are more CRL Distribution Point records, "
- "but we only use the first one.");
- }
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, crlDistASN_Length);
- word32 idx = 0;
- int ret = 0;
- #ifdef CRLDP_VALIDATE_DATA
- word16 reason;
- #endif
- WOLFSSL_ENTER("DecodeCrlDist");
- CALLOC_ASNGETDATA(dataASN, crlDistASN_Length, ret, cert->heap);
- cert->extCrlInfoRaw = input;
- cert->extCrlInfoRawSz = (int)sz;
- if (ret == 0) {
- /* Get the GeneralName choice */
- GetASN_Choice(&dataASN[CRLDISTASN_IDX_DP_DISTPOINT_FN_GN], generalNameChoice);
- /* Parse CRL distribution point. */
- ret = GetASN_Items(crlDistASN, dataASN, crlDistASN_Length, 0, input,
- &idx, sz);
- }
- if (ret == 0) {
- /* If the choice was a URI, store it in certificate. */
- if (dataASN[CRLDISTASN_IDX_DP_DISTPOINT_FN_GN].tag == GENERALNAME_URI) {
- word32 sz32;
- GetASN_GetConstRef(&dataASN[CRLDISTASN_IDX_DP_DISTPOINT_FN_GN],
- &cert->extCrlInfo, &sz32);
- cert->extCrlInfoSz = (int)sz32;
- }
- #ifdef CRLDP_VALIDATE_DATA
- if (dataASN[CRLDISTASN_IDX_DP_REASONS].data.ref.data != NULL) {
- /* TODO: test case */
- /* Validate ReasonFlags. */
- ret = GetASN_BitString_Int16Bit(&dataASN[CRLDISTASN_IDX_DP_REASONS],
- &reason);
- /* First bit (LSB) unused and eight other bits defined. */
- if ((ret == 0) && ((reason >> 9) || (reason & 0x01))) {
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- }
- #endif
- }
- /* Only parsing the first one. */
- if (ret == 0 && idx < (word32)sz) {
- WOLFSSL_MSG("\tThere are more CRL Distribution Point records, "
- "but we only use the first one.");
- }
- /* TODO: validate other points. */
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for the access description.
- * X.509: RFC 5280, 4.2.2.1 - Authority Information Access.
- */
- static const ASNItem accessDescASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* accessMethod */
- /* METH */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* accessLocation: GeneralName */
- /* LOC */ { 1, ASN_CONTEXT_SPECIFIC | 0, 0, 0, 0 },
- };
- enum {
- ACCESSDESCASN_IDX_SEQ = 0,
- ACCESSDESCASN_IDX_METH,
- ACCESSDESCASN_IDX_LOC
- };
- /* Number of items in ASN.1 template for the access description. */
- #define accessDescASN_Length (sizeof(accessDescASN) / sizeof(ASNItem))
- #endif
- /* Decode authority information access extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.2.1 - Authority Information Access.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return MEMORY_E on dynamic memory allocation failure.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int length = 0;
- byte b = 0;
- word32 oid;
- WOLFSSL_ENTER("DecodeAuthInfo");
- /* Unwrap the list of AIAs */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- while ((idx < (word32)sz)) {
- /* Unwrap a single AIA */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- oid = 0;
- if (GetObjectId(input, &idx, &oid, oidCertAuthInfoType, sz) < 0) {
- return ASN_PARSE_E;
- }
- /* Only supporting URIs right now. */
- if (GetASNTag(input, &idx, &b, sz) < 0)
- return ASN_PARSE_E;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- /* Set ocsp entry */
- if (b == GENERALNAME_URI && oid == AIA_OCSP_OID &&
- cert->extAuthInfo == NULL)
- {
- cert->extAuthInfoSz = length;
- cert->extAuthInfo = input + idx;
- #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
- break;
- #endif
- }
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
- /* Set CaIssuers entry */
- else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID &&
- cert->extAuthInfoCaIssuer == NULL)
- {
- cert->extAuthInfoCaIssuerSz = length;
- cert->extAuthInfoCaIssuer = input + idx;
- }
- #endif
- idx += (word32)length;
- }
- return 0;
- #else
- word32 idx = 0;
- int length = 0;
- int ret = 0;
- WOLFSSL_ENTER("DecodeAuthInfo");
- /* Unwrap the list of AIAs */
- if (GetASN_Sequence(input, &idx, &length, sz, 1) < 0) {
- ret = ASN_PARSE_E;
- }
- while ((ret == 0) && (idx < (word32)sz)) {
- ASNGetData dataASN[accessDescASN_Length];
- /* Clear dynamic data and retrieve OID and name. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- GetASN_OID(&dataASN[ACCESSDESCASN_IDX_METH], oidCertAuthInfoType);
- GetASN_Choice(&dataASN[ACCESSDESCASN_IDX_LOC], generalNameChoice);
- /* Parse AccessDescription. */
- ret = GetASN_Items(accessDescASN, dataASN, accessDescASN_Length, 0,
- input, &idx, sz);
- if (ret == 0) {
- word32 sz32;
- /* Check we have OCSP and URI. */
- if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_OCSP_OID) &&
- (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
- (cert->extAuthInfo == NULL)) {
- /* Store URI for OCSP lookup. */
- GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
- &cert->extAuthInfo, &sz32);
- cert->extAuthInfoSz = (int)sz32;
- #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
- break;
- #endif
- }
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
- /* Check we have CA Issuer and URI. */
- else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
- AIA_CA_ISSUER_OID) &&
- (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
- (cert->extAuthInfoCaIssuer == NULL)) {
- /* Set CaIssuers entry */
- GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
- &cert->extAuthInfoCaIssuer, &sz32);
- cert->extAuthInfoCaIssuerSz = (int)sz32;
- }
- #endif
- /* Otherwise skip. */
- }
- }
- return ret;
- #endif
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for AuthorityKeyIdentifier.
- * X.509: RFC 5280, 4.2.1.1 - Authority Key Identifier.
- */
- static const ASNItem authKeyIdASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* keyIdentifier */
- /* KEYID */ { 1, ASN_CONTEXT_SPECIFIC | ASN_AUTHKEYID_KEYID, 0, 0, 1 },
- /* authorityCertIssuer */
- /* ISSUER */ { 1, ASN_CONTEXT_SPECIFIC | ASN_AUTHKEYID_ISSUER, 1, 0, 1 },
- /* authorityCertSerialNumber */
- /* SERIAL */ { 1, ASN_CONTEXT_SPECIFIC | ASN_AUTHKEYID_SERIAL, 0, 0, 1 },
- };
- enum {
- AUTHKEYIDASN_IDX_SEQ = 0,
- AUTHKEYIDASN_IDX_KEYID,
- AUTHKEYIDASN_IDX_ISSUER,
- AUTHKEYIDASN_IDX_SERIAL
- };
- /* Number of items in ASN.1 template for AuthorityKeyIdentifier. */
- #define authKeyIdASN_Length (sizeof(authKeyIdASN) / sizeof(ASNItem))
- #endif
- /* Decode authority key identifier extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.1 - Authority Key Identifier.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return MEMORY_E on dynamic memory allocation failure.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- */
- static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int length = 0;
- byte tag;
- WOLFSSL_ENTER("DecodeAuthKeyId");
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
- if (GetASNTag(input, &idx, &tag, sz) < 0) {
- return ASN_PARSE_E;
- }
- if (tag != (ASN_CONTEXT_SPECIFIC | 0)) {
- WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available");
- cert->extAuthKeyIdSet = 0;
- return 0;
- }
- if (GetLength(input, &idx, &length, sz) <= 0) {
- WOLFSSL_MSG("\tfail: extension data length");
- return ASN_PARSE_E;
- }
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- #ifdef WOLFSSL_AKID_NAME
- cert->extRawAuthKeyIdSrc = input;
- cert->extRawAuthKeyIdSz = sz;
- #endif
- cert->extAuthKeyIdSrc = &input[idx];
- cert->extAuthKeyIdSz = length;
- #endif /* OPENSSL_EXTRA */
- return GetHashId(input + idx, length, cert->extAuthKeyId,
- HashIdAlg(cert->signatureOID));
- #else
- DECL_ASNGETDATA(dataASN, authKeyIdASN_Length);
- int ret = 0;
- WOLFSSL_ENTER("DecodeAuthKeyId");
- CALLOC_ASNGETDATA(dataASN, authKeyIdASN_Length, ret, cert->heap);
- if (ret == 0) {
- /* Parse an authority key identifier. */
- word32 idx = 0;
- ret = GetASN_Items(authKeyIdASN, dataASN, authKeyIdASN_Length, 1, input,
- &idx, sz);
- }
- /* Each field is optional */
- if (ret == 0 && dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data != NULL) {
- #ifdef OPENSSL_EXTRA
- GetASN_GetConstRef(&dataASN[AUTHKEYIDASN_IDX_KEYID],
- &cert->extAuthKeyIdSrc, &cert->extAuthKeyIdSz);
- #endif /* OPENSSL_EXTRA */
- /* Get the hash or hash of the hash if wrong size. */
- ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data,
- (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length,
- cert->extAuthKeyId, HashIdAlg(cert->signatureOID));
- }
- #ifdef WOLFSSL_AKID_NAME
- if (ret == 0 && dataASN[AUTHKEYIDASN_IDX_ISSUER].data.ref.data != NULL) {
- /* We only support using one (first) name. Parse the name to perform
- * a sanity check. */
- word32 idx = 0;
- ASNGetData nameASN[altNameASN_Length];
- XMEMSET(nameASN, 0, sizeof(nameASN));
- /* Parse GeneralName with the choices supported. */
- GetASN_Choice(&nameASN[ALTNAMEASN_IDX_GN], generalNameChoice);
- /* Decode a GeneralName choice. */
- ret = GetASN_Items(altNameASN, nameASN, altNameASN_Length, 0,
- dataASN[AUTHKEYIDASN_IDX_ISSUER].data.ref.data, &idx,
- dataASN[AUTHKEYIDASN_IDX_ISSUER].data.ref.length);
- if (ret == 0) {
- GetASN_GetConstRef(&nameASN[ALTNAMEASN_IDX_GN],
- &cert->extAuthKeyIdIssuer, &cert->extAuthKeyIdIssuerSz);
- }
- }
- if (ret == 0 && dataASN[AUTHKEYIDASN_IDX_SERIAL].data.ref.data != NULL) {
- GetASN_GetConstRef(&dataASN[AUTHKEYIDASN_IDX_SERIAL],
- &cert->extAuthKeyIdIssuerSN, &cert->extAuthKeyIdIssuerSNSz);
- }
- if (ret == 0) {
- if ((cert->extAuthKeyIdIssuerSz > 0) ^
- (cert->extAuthKeyIdIssuerSNSz > 0)) {
- WOLFSSL_MSG("authorityCertIssuer and authorityCertSerialNumber MUST"
- " both be present or both be absent");
- }
- }
- #endif /* WOLFSSL_AKID_NAME */
- if (ret == 0) {
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME)
- /* Store the raw authority key id. */
- cert->extRawAuthKeyIdSrc = input;
- cert->extRawAuthKeyIdSz = sz;
- #endif /* OPENSSL_EXTRA */
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Decode subject key id extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.2 - Subject Key Identifier.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return ASN_PARSE_E when the OCTET_STRING tag is not found or length is
- * invalid.
- * @return MEMORY_E on dynamic memory allocation failure.
- */
- static int DecodeSubjKeyId(const byte* input, word32 sz, DecodedCert* cert)
- {
- word32 idx = 0;
- int length = 0;
- int ret = 0;
- WOLFSSL_ENTER("DecodeSubjKeyId");
- ret = GetOctetString(input, &idx, &length, sz);
- if (ret > 0) {
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- cert->extSubjKeyIdSrc = &input[idx];
- cert->extSubjKeyIdSz = (word32)length;
- #endif /* OPENSSL_EXTRA */
- /* Get the hash or hash of the hash if wrong size. */
- ret = GetHashId(input + idx, length, cert->extSubjKeyId,
- HashIdAlg(cert->signatureOID));
- }
- return ret;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for KeyUsage.
- * X.509: RFC 5280, 4.2.1.3 - Key Usage.
- */
- static const ASNItem keyUsageASN[] = {
- /* STR */ { 0, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- KEYUSAGEASN_IDX_STR = 0
- };
- /* Number of items in ASN.1 template for KeyUsage. */
- #define keyUsageASN_Length (sizeof(keyUsageASN) / sizeof(ASNItem))
- #endif
- /* Decode key usage extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.3 - Key Usage.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return MEMORY_E on dynamic memory allocation failure.
- */
- static int DecodeKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int length;
- int ret;
- WOLFSSL_ENTER("DecodeKeyUsage");
- ret = CheckBitString(input, &idx, &length, sz, 0, NULL);
- if (ret != 0)
- return ret;
- if (length == 0 || length > 2)
- return ASN_PARSE_E;
- cert->extKeyUsage = (word16)(input[idx]);
- if (length == 2)
- cert->extKeyUsage |= (word16)(input[idx+1] << 8);
- return 0;
- #else
- ASNGetData dataASN[keyUsageASN_Length];
- word32 idx = 0;
- byte keyUsage[2];
- word32 keyUsageSz = sizeof(keyUsage);
- int ret;
- WOLFSSL_ENTER("DecodeKeyUsage");
- /* Clear dynamic data and set where to store extended key usage. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- XMEMSET(keyUsage, 0, sizeof(keyUsage));
- GetASN_Buffer(&dataASN[KEYUSAGEASN_IDX_STR], keyUsage, &keyUsageSz);
- /* Parse key usage. */
- ret = GetASN_Items(keyUsageASN, dataASN, keyUsageASN_Length, 0, input,
- &idx, sz);
- if (ret == 0) {
- /* Decode the bit string number as LE */
- cert->extKeyUsage = (word16)(keyUsage[0]);
- if (keyUsageSz == 2)
- cert->extKeyUsage |= (word16)(keyUsage[1] << 8);
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for KeyPurposeId.
- * X.509: RFC 5280, 4.2.1.12 - Extended Key Usage.
- */
- static const ASNItem keyPurposeIdASN[] = {
- /* OID */ { 0, ASN_OBJECT_ID, 0, 0, 0 },
- };
- enum {
- KEYPURPOSEIDASN_IDX_OID = 0
- };
- /* Number of items in ASN.1 template for KeyPurposeId. */
- #define keyPurposeIdASN_Length (sizeof(keyPurposeIdASN) / sizeof(ASNItem))
- #endif
- /* Decode extended key usage extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.12 - Extended Key Usage.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return MEMORY_E on dynamic memory allocation failure.
- */
- static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0, oid;
- int length, ret;
- WOLFSSL_ENTER("DecodeExtKeyUsage");
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- cert->extExtKeyUsageSrc = input + idx;
- cert->extExtKeyUsageSz = length;
- #endif
- while (idx < (word32)sz) {
- ret = GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz);
- if (ret == ASN_UNKNOWN_OID_E)
- continue;
- else if (ret < 0)
- return ret;
- switch (oid) {
- case EKU_ANY_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_ANY;
- break;
- case EKU_SERVER_AUTH_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
- break;
- case EKU_CLIENT_AUTH_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
- break;
- case EKU_CODESIGNING_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_CODESIGN;
- break;
- case EKU_EMAILPROTECT_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_EMAILPROT;
- break;
- case EKU_TIMESTAMP_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_TIMESTAMP;
- break;
- case EKU_OCSP_SIGN_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
- break;
- #ifdef WOLFSSL_WOLFSSH
- case EKU_SSH_CLIENT_AUTH_OID:
- cert->extExtKeyUsageSsh |= EXTKEYUSE_SSH_CLIENT_AUTH;
- break;
- case EKU_SSH_MSCL_OID:
- cert->extExtKeyUsageSsh |= EXTKEYUSE_SSH_MSCL;
- break;
- case EKU_SSH_KP_CLIENT_AUTH_OID:
- cert->extExtKeyUsageSsh |= EXTKEYUSE_SSH_KP_CLIENT_AUTH;
- break;
- #endif /* WOLFSSL_WOLFSSH */
- default:
- break;
- }
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- cert->extExtKeyUsageCount++;
- #endif
- }
- return 0;
- #else
- word32 idx = 0;
- int length;
- int ret = 0;
- WOLFSSL_ENTER("DecodeExtKeyUsage");
- /* Strip SEQUENCE OF and expect to account for all the data. */
- if (GetASN_Sequence(input, &idx, &length, sz, 1) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Keep reference for WOLFSSL_X509. */
- cert->extExtKeyUsageSrc = input + idx;
- cert->extExtKeyUsageSz = (word32)length;
- #endif
- }
- /* Check all OIDs. */
- while ((ret == 0) && (idx < (word32)sz)) {
- ASNGetData dataASN[keyPurposeIdASN_Length];
- /* Clear dynamic data items and set OID type expected. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- GetASN_OID(&dataASN[KEYPURPOSEIDASN_IDX_OID], oidIgnoreType);
- /* Decode KeyPurposeId. */
- ret = GetASN_Items(keyPurposeIdASN, dataASN, keyPurposeIdASN_Length, 0,
- input, &idx, sz);
- /* Skip unknown OIDs. */
- if (ret == ASN_UNKNOWN_OID_E) {
- ret = 0;
- }
- else if (ret == 0) {
- /* Store the bit for the OID. */
- switch (dataASN[KEYPURPOSEIDASN_IDX_OID].data.oid.sum) {
- case EKU_ANY_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_ANY;
- break;
- case EKU_SERVER_AUTH_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
- break;
- case EKU_CLIENT_AUTH_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
- break;
- case EKU_CODESIGNING_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_CODESIGN;
- break;
- case EKU_EMAILPROTECT_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_EMAILPROT;
- break;
- case EKU_TIMESTAMP_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_TIMESTAMP;
- break;
- case EKU_OCSP_SIGN_OID:
- cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
- break;
- }
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Keep count for WOLFSSL_X509. */
- cert->extExtKeyUsageCount++;
- #endif
- }
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- static int DecodeNsCertType(const byte* input, int sz, DecodedCert* cert)
- {
- word32 idx = 0;
- int len = 0;
- WOLFSSL_ENTER("DecodeNsCertType");
- if (CheckBitString(input, &idx, &len, (word32)sz, 0, NULL) < 0)
- return ASN_PARSE_E;
- /* Don't need to worry about unused bits as CheckBitString makes sure
- * they're zero. */
- if (idx < (word32)sz)
- cert->nsCertType = input[idx];
- else
- return ASN_PARSE_E;
- return 0;
- }
- #endif
- #ifndef IGNORE_NAME_CONSTRAINTS
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for GeneralSubtree.
- * X.509: RFC 5280, 4.2.1.10 - Name Constraints.
- */
- static const ASNItem subTreeASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* base GeneralName */
- /* BASE */ { 1, ASN_CONTEXT_SPECIFIC | 0, 0, 0, 0 },
- /* minimum BaseDistance DEFAULT 0*/
- /* MIN */ { 1, ASN_CONTEXT_SPECIFIC | ASN_SUBTREE_MIN, 0, 0, 1 },
- /* maximum BaseDistance OPTIONAL */
- /* MAX */ { 1, ASN_CONTEXT_SPECIFIC | ASN_SUBTREE_MAX, 0, 0, 1 },
- };
- enum {
- SUBTREEASN_IDX_SEQ = 0,
- SUBTREEASN_IDX_BASE,
- SUBTREEASN_IDX_MIN,
- SUBTREEASN_IDX_MAX
- };
- /* Number of items in ASN.1 template for GeneralSubtree. */
- #define subTreeASN_Length (sizeof(subTreeASN) / sizeof(ASNItem))
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Decode the Subtree's GeneralName.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in] tag BER tag on GeneralName.
- * @param [in, out] head Linked list of subtree names.
- * @param [in] heap Dynamic memory hint.
- * @return 0 on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- * @return ASN_PARSE_E when SEQUENCE is not found as expected.
- */
- static int DecodeSubtreeGeneralName(const byte* input, word32 sz, byte tag,
- Base_entry** head, void* heap)
- {
- Base_entry* entry = NULL;
- word32 nameIdx = 0;
- word32 len = sz;
- int strLen;
- int ret = 0;
- (void)heap;
- /* if constructed has leading sequence */
- if ((tag & ASN_CONSTRUCTED) == ASN_CONSTRUCTED) {
- ret = GetASN_Sequence(input, &nameIdx, &strLen, sz, 0);
- if (ret < 0) {
- ret = ASN_PARSE_E;
- }
- else {
- len = (word32)strLen;
- ret = 0;
- }
- }
- if (ret == 0) {
- /* TODO: consider one malloc. */
- /* Allocate Base Entry object. */
- entry = (Base_entry*)XMALLOC(sizeof(Base_entry), heap,
- DYNAMIC_TYPE_ALTNAME);
- if (entry == NULL) {
- ret = MEMORY_E;
- }
- }
- if (ret == 0) {
- /* Allocate name. */
- entry->name = (char*)XMALLOC(len + 1, heap, DYNAMIC_TYPE_ALTNAME);
- if (entry->name == NULL) {
- XFREE(entry, heap, DYNAMIC_TYPE_ALTNAME);
- ret = MEMORY_E;
- }
- }
- if (ret == 0) {
- /* Store name, size and tag in object. */
- XMEMCPY(entry->name, &input[nameIdx], len);
- entry->name[len] = '\0';
- entry->nameSz = (int)len;
- entry->type = tag & ASN_TYPE_MASK;
- /* Put entry at front of linked list. */
- entry->next = *head;
- *head = entry;
- }
- return ret;
- }
- #endif
- /* Decode a subtree of a name constraints in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.10 - Name Constraints.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] head Linked list of subtree names.
- * @param [in] heap Dynamic memory hint.
- * @return 0 on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- * @return ASN_PARSE_E when SEQUENCE is not found as expected.
- */
- static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
- void* heap)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int ret = 0;
- (void)heap;
- while (idx < (word32)sz) {
- int seqLength, strLength;
- word32 nameIdx;
- byte b, bType;
- if (GetSequence(input, &idx, &seqLength, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
- if (idx >= (word32)sz) {
- WOLFSSL_MSG("\tfail: expecting tag");
- return ASN_PARSE_E;
- }
- nameIdx = idx;
- b = input[nameIdx++];
- if (GetLength(input, &nameIdx, &strLength, sz) <= 0) {
- WOLFSSL_MSG("\tinvalid length");
- return ASN_PARSE_E;
- }
- /* Get type, LSB 4-bits */
- bType = (byte)(b & ASN_TYPE_MASK);
- if (bType == ASN_DNS_TYPE || bType == ASN_RFC822_TYPE ||
- bType == ASN_DIR_TYPE) {
- Base_entry* entry;
- /* if constructed has leading sequence */
- if (b & ASN_CONSTRUCTED) {
- if (GetSequence(input, &nameIdx, &strLength, sz) < 0) {
- WOLFSSL_MSG("\tfail: constructed be a SEQUENCE");
- return ASN_PARSE_E;
- }
- }
- entry = (Base_entry*)XMALLOC(sizeof(Base_entry), heap,
- DYNAMIC_TYPE_ALTNAME);
- if (entry == NULL) {
- WOLFSSL_MSG("allocate error");
- return MEMORY_E;
- }
- entry->name = (char*)XMALLOC((size_t)strLength+1, heap,
- DYNAMIC_TYPE_ALTNAME);
- if (entry->name == NULL) {
- WOLFSSL_MSG("allocate error");
- XFREE(entry, heap, DYNAMIC_TYPE_ALTNAME);
- return MEMORY_E;
- }
- XMEMCPY(entry->name, &input[nameIdx], (size_t)strLength);
- entry->name[strLength] = '\0';
- entry->nameSz = strLength;
- entry->type = bType;
- entry->next = *head;
- *head = entry;
- }
- idx += (word32)seqLength;
- }
- return ret;
- #else
- DECL_ASNGETDATA(dataASN, subTreeASN_Length);
- word32 idx = 0;
- int ret = 0;
- (void)heap;
- ALLOC_ASNGETDATA(dataASN, subTreeASN_Length, ret, heap);
- /* Process all subtrees. */
- while ((ret == 0) && (idx < (word32)sz)) {
- byte minVal = 0;
- byte maxVal = 0;
- /* Clear dynamic data and set choice for GeneralName and location to
- * store minimum and maximum.
- */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * subTreeASN_Length);
- GetASN_Choice(&dataASN[SUBTREEASN_IDX_BASE], generalNameChoice);
- GetASN_Int8Bit(&dataASN[SUBTREEASN_IDX_MIN], &minVal);
- GetASN_Int8Bit(&dataASN[SUBTREEASN_IDX_MAX], &maxVal);
- /* Parse GeneralSubtree. */
- ret = GetASN_Items(subTreeASN, dataASN, subTreeASN_Length, 0, input,
- &idx, sz);
- if (ret == 0) {
- byte t = dataASN[SUBTREEASN_IDX_BASE].tag;
- /* Check GeneralName tag is one of the types we can handle. */
- if (t == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE) ||
- t == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE) ||
- t == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) {
- /* Parse the general name and store a new entry. */
- ret = DecodeSubtreeGeneralName(input +
- GetASNItem_DataIdx(dataASN[SUBTREEASN_IDX_BASE], input),
- dataASN[SUBTREEASN_IDX_BASE].length, t, head, heap);
- }
- /* Skip entry. */
- }
- }
- FREE_ASNGETDATA(dataASN, heap);
- return ret;
- #endif
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for NameConstraints.
- * X.509: RFC 5280, 4.2.1.10 - Name Constraints.
- */
- static const ASNItem nameConstraintsASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* permittedSubtrees */
- /* PERMIT */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 },
- /* excludededSubtrees */
- /* EXCLUDE */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 1 },
- };
- enum {
- NAMECONSTRAINTSASN_IDX_SEQ = 0,
- NAMECONSTRAINTSASN_IDX_PERMIT,
- NAMECONSTRAINTSASN_IDX_EXCLUDE
- };
- /* Number of items in ASN.1 template for NameConstraints. */
- #define nameConstraintsASN_Length (sizeof(nameConstraintsASN) / sizeof(ASNItem))
- #endif
- /* Decode name constraints extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.10 - Name Constraints.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return MEMORY_E on dynamic memory allocation failure.
- */
- static int DecodeNameConstraints(const byte* input, word32 sz,
- DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int length = 0;
- WOLFSSL_ENTER("DecodeNameConstraints");
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
- while (idx < (word32)sz) {
- byte b = input[idx++];
- Base_entry** subtree = NULL;
- if (GetLength(input, &idx, &length, sz) <= 0) {
- WOLFSSL_MSG("\tinvalid length");
- return ASN_PARSE_E;
- }
- if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0))
- subtree = &cert->permittedNames;
- else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
- subtree = &cert->excludedNames;
- else {
- WOLFSSL_MSG("\tinvalid subtree");
- return ASN_PARSE_E;
- }
- if (DecodeSubtree(input + idx, (word32)length, subtree,
- cert->heap) < 0) {
- WOLFSSL_MSG("\terror parsing subtree");
- return ASN_PARSE_E;
- }
- idx += (word32)length;
- }
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, nameConstraintsASN_Length);
- word32 idx = 0;
- int ret = 0;
- CALLOC_ASNGETDATA(dataASN, nameConstraintsASN_Length, ret, cert->heap);
- if (ret == 0) {
- /* Parse NameConstraints. */
- ret = GetASN_Items(nameConstraintsASN, dataASN,
- nameConstraintsASN_Length, 1, input, &idx, sz);
- }
- if (ret == 0) {
- /* If there was a permittedSubtrees then parse it. */
- if (dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.data != NULL) {
- ret = DecodeSubtree(
- dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.data,
- dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.length,
- &cert->permittedNames, cert->heap);
- }
- }
- if (ret == 0) {
- /* If there was a excludedSubtrees then parse it. */
- if (dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.data != NULL) {
- ret = DecodeSubtree(
- dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.data,
- dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.length,
- &cert->excludedNames, cert->heap);
- }
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* IGNORE_NAME_CONSTRAINTS */
- #if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \
- defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Decode ITU-T X.690 OID format to a string representation
- * return string length */
- int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
- {
- word32 val, inIdx = 0, outIdx = 0;
- int w = 0;
- if (out == NULL || in == NULL || outSz < 4 || inSz < 2)
- return BAD_FUNC_ARG;
- /* The first byte expands into b/40 dot b%40. */
- val = in[inIdx++];
- w = XSNPRINTF(out, outSz, "%u.%u", val / 40, val % 40);
- if (w < 0) {
- w = BUFFER_E;
- goto exit;
- }
- outIdx += (word32)w;
- val = 0;
- while (inIdx < inSz && outIdx < outSz) {
- /* extract the next OID digit from in to val */
- /* first bit is used to set if value is coded on 1 or multiple bytes */
- if (in[inIdx] & 0x80) {
- val += in[inIdx] & 0x7F;
- val *= 128;
- }
- else {
- /* write val as text into out */
- val += in[inIdx];
- w = XSNPRINTF(out + outIdx, outSz - outIdx, ".%u", val);
- if (w < 0 || (word32)w > outSz - outIdx) {
- w = BUFFER_E;
- goto exit;
- }
- outIdx += (word32)w;
- val = 0;
- }
- inIdx++;
- }
- if (outIdx == outSz)
- outIdx--;
- out[outIdx] = 0;
- w = (int)outIdx;
- exit:
- return w;
- }
- #endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */
- #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_QT)
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for PolicyInformation.
- * X.509: RFC 5280, 4.2.1.4 - Certificate Policies.
- */
- static const ASNItem policyInfoASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* policyIdentifier */
- /* ID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* policyQualifiers */
- /* QUALI */ { 1, ASN_SEQUENCE, 1, 0, 1 },
- };
- enum {
- POLICYINFOASN_IDX_SEQ = 0,
- POLICYINFOASN_IDX_ID,
- POLICYINFOASN_IDX_QUALI
- };
- /* Number of items in ASN.1 template for PolicyInformation. */
- #define policyInfoASN_Length (sizeof(policyInfoASN) / sizeof(ASNItem))
- #endif
- /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */
- static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- word32 oldIdx;
- int policy_length = 0;
- int ret;
- int total_length = 0;
- #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \
- !defined(WOLFSSL_DUP_CERTPOL)
- int i;
- #endif
- WOLFSSL_ENTER("DecodeCertPolicy");
- #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
- /* Check if cert is null before dereferencing below */
- if (cert == NULL)
- return BAD_FUNC_ARG;
- #else
- (void)cert;
- #endif
- #if defined(WOLFSSL_CERT_EXT)
- cert->extCertPoliciesNb = 0;
- #endif
- if (GetSequence(input, &idx, &total_length, sz) < 0) {
- WOLFSSL_MSG("\tGet CertPolicy total seq failed");
- return ASN_PARSE_E;
- }
- /* Validate total length */
- if (total_length > (int)(sz - idx)) {
- WOLFSSL_MSG("\tCertPolicy length mismatch");
- return ASN_PARSE_E;
- }
- /* Unwrap certificatePolicies */
- do {
- int length = 0;
- if (GetSequence(input, &idx, &policy_length, sz) < 0) {
- WOLFSSL_MSG("\tGet CertPolicy seq failed");
- return ASN_PARSE_E;
- }
- oldIdx = idx;
- ret = GetASNObjectId(input, &idx, &length, sz);
- if (ret != 0)
- return ret;
- policy_length -= (int)(idx - oldIdx);
- if (length > 0) {
- /* Verify length won't overrun buffer */
- if (length > (int)(sz - idx)) {
- WOLFSSL_MSG("\tCertPolicy length exceeds input buffer");
- return ASN_PARSE_E;
- }
- #if defined(WOLFSSL_SEP)
- cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap,
- DYNAMIC_TYPE_X509_EXT);
- if (cert->deviceType == NULL) {
- WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
- return MEMORY_E;
- }
- cert->deviceTypeSz = length;
- XMEMCPY(cert->deviceType, input + idx, (size_t)length);
- break;
- #elif defined(WOLFSSL_CERT_EXT)
- /* decode cert policy */
- if (DecodePolicyOID(cert->extCertPolicies[
- cert->extCertPoliciesNb], MAX_CERTPOL_SZ,
- input + idx, length) <= 0) {
- WOLFSSL_MSG("\tCouldn't decode CertPolicy");
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- #ifndef WOLFSSL_DUP_CERTPOL
- /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
- * NOT appear more than once in a certificate policies
- * extension". This is a sanity check for duplicates.
- * extCertPolicies should only have OID values, additional
- * qualifiers need to be stored in a separate array. */
- for (i = 0; i < cert->extCertPoliciesNb; i++) {
- if (XMEMCMP(cert->extCertPolicies[i],
- cert->extCertPolicies[cert->extCertPoliciesNb],
- MAX_CERTPOL_SZ) == 0) {
- WOLFSSL_MSG("Duplicate policy OIDs not allowed");
- WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
- WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
- return CERTPOLICIES_E;
- }
- }
- #endif /* !WOLFSSL_DUP_CERTPOL */
- cert->extCertPoliciesNb++;
- #else
- WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0);
- return 0;
- #endif
- }
- idx += (word32)policy_length;
- } while((int)idx < total_length
- #if defined(WOLFSSL_CERT_EXT)
- && cert->extCertPoliciesNb < MAX_CERTPOL_NB
- #endif
- );
- WOLFSSL_LEAVE("DecodeCertPolicy", 0);
- return 0;
- #else /* WOLFSSL_ASN_TEMPLATE */
- word32 idx = 0;
- int ret = 0;
- int total_length = 0;
- #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \
- !defined(WOLFSSL_DUP_CERTPOL)
- int i;
- #endif
- WOLFSSL_ENTER("DecodeCertPolicy");
- #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
- /* Check if cert is null before dereferencing below */
- if (cert == NULL)
- ret = BAD_FUNC_ARG;
- #endif
- if (ret == 0) {
- #if defined(WOLFSSL_CERT_EXT)
- cert->extCertPoliciesNb = 0;
- #endif
- /* Strip SEQUENCE OF and check using all data. */
- if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0)
- {
- ret = ASN_PARSE_E;
- }
- }
- /* Unwrap certificatePolicies */
- while ((ret == 0) && ((int)idx < total_length)
- #if defined(WOLFSSL_CERT_EXT)
- && (cert->extCertPoliciesNb < MAX_CERTPOL_NB)
- #endif
- ) {
- ASNGetData dataASN[policyInfoASN_Length];
- byte* data = NULL;
- word32 length = 0;
- /* Clear dynamic data and check OID is a cert policy type. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType);
- ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1,
- input, &idx, (word32)sz);
- if (ret == 0) {
- /* Get the OID. */
- GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length);
- if (length == 0) {
- ret = ASN_PARSE_E;
- }
- }
- #if defined(WOLFSSL_SEP)
- /* Store OID in device type. */
- if (ret == 0) {
- cert->deviceType = (byte*)XMALLOC(length, cert->heap,
- DYNAMIC_TYPE_X509_EXT);
- if (cert->deviceType == NULL) {
- WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
- ret = MEMORY_E;
- }
- }
- if (ret == 0) {
- /* Store device type data and length. */
- cert->deviceTypeSz = (int)length;
- XMEMCPY(cert->deviceType, data, length);
- break;
- }
- #elif defined(WOLFSSL_CERT_EXT)
- if (ret == 0) {
- /* Decode cert policy. */
- if (DecodePolicyOID(
- cert->extCertPolicies[cert->extCertPoliciesNb],
- MAX_CERTPOL_SZ, data, length) <= 0) {
- WOLFSSL_MSG("\tCouldn't decode CertPolicy");
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- }
- #ifndef WOLFSSL_DUP_CERTPOL
- /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
- * NOT appear more than once in a certificate policies
- * extension". This is a sanity check for duplicates.
- * extCertPolicies should only have OID values, additional
- * qualifiers need to be stored in a separate array. */
- for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) {
- if (XMEMCMP(cert->extCertPolicies[i],
- cert->extCertPolicies[cert->extCertPoliciesNb],
- MAX_CERTPOL_SZ) == 0) {
- WOLFSSL_MSG("Duplicate policy OIDs not allowed");
- WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
- WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
- ret = CERTPOLICIES_E;
- }
- }
- #endif /* !defined(WOLFSSL_DUP_CERTPOL) */
- if (ret == 0) {
- /* Keep count of policies seen. */
- cert->extCertPoliciesNb++;
- }
- #else
- (void)data;
- WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0);
- break;
- #endif
- }
- WOLFSSL_LEAVE("DecodeCertPolicy", 0);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* WOLFSSL_SEP */
- #ifdef WOLFSSL_SUBJ_DIR_ATTR
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for subject dir attribute.
- * X.509: RFC 5280, 4.2.1.8 - Subject Directory Attributes.
- */
- static const ASNItem subjDirAttrASN[] = {
- /* SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* PLEN */ { 2, ASN_SET, 1, 0, 0 },
- };
- enum {
- SUBJDIRATTRASN_IDX_SEQ = 0,
- SUBJDIRATTRASN_IDX_OID,
- SUBJDIRATTRASN_IDX_SET,
- };
- /* Number of items in ASN.1 template for BasicConstraints. */
- #define subjDirAttrASN_Length (sizeof(subjDirAttrASN) / sizeof(ASNItem))
- #endif
- /* Decode subject directory attributes extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.1.8 - Subject Directory Attributes.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- */
- static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int length = 0;
- int ret = 0;
- WOLFSSL_ENTER("DecodeSubjDirAttr");
- #ifdef OPENSSL_ALL
- cert->extSubjDirAttrSrc = input;
- cert->extSubjDirAttrSz = sz;
- #endif /* OPENSSL_ALL */
- /* Unwrap the list of Attributes */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- if (length == 0) {
- /* RFC 5280 4.2.1.8. Subject Directory Attributes
- If the subjectDirectoryAttributes extension is present, the
- sequence MUST contain at least one entry. */
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- /* length is the length of the list contents */
- while (idx < (word32)sz) {
- word32 oid;
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- if (GetObjectId(input, &idx, &oid, oidSubjDirAttrType, sz) < 0)
- return ASN_PARSE_E;
- if (GetSet(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- /* There may be more than one countryOfCitizenship, but save the
- * first one for now. */
- if (oid == SDA_COC_OID) {
- byte tag;
- if (GetHeader(input, &tag, &idx, &length, sz, 1) < 0)
- return ASN_PARSE_E;
- if (length != COUNTRY_CODE_LEN)
- return ASN_PARSE_E;
- if (tag == ASN_PRINTABLE_STRING) {
- XMEMCPY(cert->countryOfCitizenship,
- input + idx, COUNTRY_CODE_LEN);
- cert->countryOfCitizenship[COUNTRY_CODE_LEN] = 0;
- }
- }
- idx += length;
- }
- return ret;
- #else
- DECL_ASNGETDATA(dataASN, subjDirAttrASN_Length);
- int ret = 0;
- word32 idx = 0;
- int length;
- WOLFSSL_ENTER("DecodeSubjDirAttr");
- CALLOC_ASNGETDATA(dataASN, subjDirAttrASN_Length, ret, cert->heap);
- /* Strip outer SEQUENCE. */
- if ((ret == 0) && (GetSequence(input, &idx, &length, sz) < 0)) {
- ret = ASN_PARSE_E;
- }
- /* Handle each inner SEQUENCE. */
- while ((ret == 0) && (idx < (word32)sz)) {
- ret = GetASN_Items(subjDirAttrASN, dataASN, subjDirAttrASN_Length, 1,
- input, &idx, sz);
- /* There may be more than one countryOfCitizenship, but save the
- * first one for now. */
- if ((ret == 0) &&
- (dataASN[SUBJDIRATTRASN_IDX_OID].data.oid.sum == SDA_COC_OID)) {
- int cuLen;
- word32 setIdx = 0;
- byte* setData;
- word32 setLen;
- GetASN_GetRef(&dataASN[SUBJDIRATTRASN_IDX_SET], &setData, &setLen);
- if (GetASNHeader(setData, ASN_PRINTABLE_STRING, &setIdx, &cuLen,
- setLen) < 0) {
- ret = ASN_PARSE_E;
- }
- if ((ret == 0) && (cuLen != COUNTRY_CODE_LEN)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- XMEMCPY(cert->countryOfCitizenship, setData + setIdx,
- (size_t)cuLen);
- cert->countryOfCitizenship[COUNTRY_CODE_LEN] = 0;
- }
- }
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* WOLFSSL_SUBJ_DIR_ATTR */
- #ifdef WOLFSSL_SUBJ_INFO_ACC
- /* Decode subject information access extension in a certificate.
- *
- * X.509: RFC 5280, 4.2.2.2 - Subject Information Access.
- *
- * @param [in] input Buffer holding data.
- * @param [in] sz Size of data in buffer.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return MEMORY_E on dynamic memory allocation failure.
- */
- static int DecodeSubjInfoAcc(const byte* input, word32 sz, DecodedCert* cert)
- {
- word32 idx = 0;
- int length = 0;
- int ret = 0;
- WOLFSSL_ENTER("DecodeSubjInfoAcc");
- #ifdef OPENSSL_ALL
- cert->extSubjAltNameSrc = input;
- cert->extSubjAltNameSz = sz;
- #endif /* OPENSSL_ALL */
- /* Unwrap SubjectInfoAccessSyntax, the list of AccessDescriptions */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- if (length == 0) {
- /* RFC 5280 4.2.2.2. Subject Information Access
- If the subjectInformationAccess extension is present, the
- sequence MUST contain at least one entry. */
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- /* Per fpkx-x509-cert-profile-common... section 5.3.
- * [The] subjectInfoAccess extension must contain at least one
- * instance of the id-ad-caRepository access method containing a
- * publicly accessible HTTP URI which returns as certs-only
- * CMS.
- */
- while (idx < (word32)sz) {
- word32 oid = 0;
- byte b;
- /* Unwrap an AccessDescription */
- if (GetSequence(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- /* Get the accessMethod */
- if (GetObjectId(input, &idx, &oid, oidCertAuthInfoType, sz) < 0)
- return ASN_PARSE_E;
- /* Only supporting URIs right now. */
- if (GetASNTag(input, &idx, &b, sz) < 0)
- return ASN_PARSE_E;
- if (GetLength(input, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- /* Set caRepo entry */
- if (b == GENERALNAME_URI && oid == AIA_CA_REPO_OID) {
- cert->extSubjInfoAccCaRepoSz = (word32)length;
- cert->extSubjInfoAccCaRepo = input + idx;
- break;
- }
- idx += (word32)length;
- }
- if (cert->extSubjInfoAccCaRepo == NULL ||
- cert->extSubjInfoAccCaRepoSz == 0) {
- WOLFSSL_MSG("SubjectInfoAccess missing an URL.");
- ret = ASN_PARSE_E;
- }
- WOLFSSL_LEAVE("DecodeSubjInfoAcc", ret);
- return ret;
- }
- #endif /* WOLFSSL_SUBJ_INFO_ACC */
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- /* The subject alternative public key is an extension that holds the same thing
- * as a subject public key. */
- static const ASNItem subjAltPubKeyInfoASN[] = {
- /* subjectPublicKeyInfo SubjectPublicKeyInfo */
- /* ALT_SPUBKEYINFO_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* algorithm AlgorithmIdentifier */
- /* AlgorithmIdentifier ::= SEQUENCE */
- /* ALT_SPUBKEYINFO_ALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* Algorithm OBJECT IDENTIFIER */
- /* ALT_SPUBKEYINFO_ALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* parameters ANY defined by algorithm OPTIONAL */
- /* ALT_SPUBKEYINFO_ALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 },
- /* ALT_SPUBKEYINFO_ALGO_CURVEID */ { 2, ASN_OBJECT_ID, 0, 0, 1 },
- #ifdef WC_RSA_PSS
- /* ALT_SPUBKEYINFO_ALGO_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 },
- #endif
- /* subjectPublicKey BIT STRING */
- /* ALT_SPUBKEYINFO_PUBKEY */ { 1, ASN_BIT_STRING, 0, 0, 0 }
- };
- #define subjAltPubKeyInfoASN_Length (sizeof(subjAltPubKeyInfoASN) / \
- sizeof(ASNItem))
- enum {
- ALT_SPUBKEYINFO_SEQ = 0,
- ALT_SPUBKEYINFO_ALGO_SEQ,
- ALT_SPUBKEYINFO_ALGO_OID,
- ALT_SPUBKEYINFO_ALGO_NULL,
- ALT_SPUBKEYINFO_ALGO_CURVEID,
- #ifdef WC_RSA_PSS
- ALT_SPUBKEYINFO_ALGO_P_SEQ,
- #endif
- ALT_SPUBKEYINFO_PUBKEY
- };
- static int DecodeSubjAltPubKeyInfo(const byte* input, int sz, DecodedCert* cert)
- {
- int ret = 0;
- word32 idx = 0;
- DECL_ASNGETDATA(dataASN, subjAltPubKeyInfoASN_Length);
- WOLFSSL_ENTER("DecodeSubjAltPubKeyInfo");
- if (ret == 0) {
- CALLOC_ASNGETDATA(dataASN, subjAltPubKeyInfoASN_Length, ret,
- cert->heap);
- (void)cert;
- }
- if (ret == 0) {
- GetASN_OID(&dataASN[ALT_SPUBKEYINFO_ALGO_OID], oidKeyType);
- GetASN_OID(&dataASN[ALT_SPUBKEYINFO_ALGO_CURVEID], oidCurveType);
- ret = GetASN_Items(subjAltPubKeyInfoASN, dataASN,
- subjAltPubKeyInfoASN_Length, 1, input, &idx,
- (word32)sz);
- }
- if (ret == 0) {
- /* dataASN[ALT_SPUBKEYINFO_SEQ].data.u8 */
- cert->sapkiDer = (byte *)input;
- /* dataASN[ALT_SPUBKEYINFO_SEQ].length */
- cert->sapkiLen = sz;
- cert->sapkiOID = dataASN[ALT_SPUBKEYINFO_ALGO_OID].data.oid.sum;
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- WOLFSSL_LEAVE("DecodeSubjAltPubKeyInfo", ret);
- return ret;
- }
- /* The alternative signature algorithm extension holds the same thing as a
- * as a signature algorithm identifier. */
- static const ASNItem altSigAlgASN[] = {
- /* AltSigAlg AlgorithmIdentifier */
- /* AlgorithmIdentifier ::= SEQUENCE */
- /* ALTSIG_ALGOID_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* Algorithm OBJECT IDENTIFIER */
- /* ALTSIG_ALGOID_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* parameters ANY defined by algorithm OPTIONAL */
- /* ALTSIG_ALGOID_PARAMS_NULL */ { 1, ASN_TAG_NULL, 0, 0, 1 },
- #ifdef WC_RSA_PSS
- /* ALTSIG_ALGOID_PARAMS */ { 1, ASN_SEQUENCE, 1, 0, 1 },
- #endif
- };
- #define altSigAlgASN_Length (sizeof(altSigAlgASN) / sizeof(ASNItem))
- enum {
- ALTSIG_ALGOID_SEQ = 0,
- ALTSIG_ALGOID_OID,
- ALTSIG_ALGOID_PARAMS_NULL,
- #ifdef WC_RSA_PSS
- ALTSIG_ALGOID_PARAMS,
- #endif
- };
- static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert)
- {
- int ret = 0;
- word32 idx = 0;
- DECL_ASNGETDATA(dataASN, altSigAlgASN_Length);
- WOLFSSL_ENTER("DecodeAltSigAlg");
- if (ret == 0) {
- CALLOC_ASNGETDATA(dataASN, altSigAlgASN_Length, ret, cert->heap);
- (void)cert;
- }
- if (ret == 0) {
- GetASN_OID(&dataASN[ALTSIG_ALGOID_OID], oidSigType);
- ret = GetASN_Items(altSigAlgASN, dataASN,
- altSigAlgASN_Length, 1, input, &idx,
- (word32)sz);
- }
- if (ret == 0) {
- cert->altSigAlgDer = dataASN[ALTSIG_ALGOID_SEQ].data.u8;
- cert->altSigAlgLen = dataASN[ALTSIG_ALGOID_SEQ].length;
- cert->altSigAlgOID = dataASN[ALTSIG_ALGOID_OID].data.oid.sum;
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- WOLFSSL_LEAVE("DecodeAltSigAlg", ret);
- return ret;
- }
- /* The alternative signature value extension holds an ASN.1 bitstring just
- * like a traditional signature in the certificate. */
- static int DecodeAltSigVal(const byte* input, int sz, DecodedCert* cert)
- {
- (void)cert;
- int ret = 0;
- word32 idx = 0;
- int len = 0;
- WOLFSSL_ENTER("DecodeAltSigVal");
- if (ret == 0) {
- ret = CheckBitString(input, &idx, &len, sz, 1, NULL);
- }
- if (ret == 0) {
- cert->altSigValDer = (byte *)input + idx;
- cert->altSigValLen = len;
- }
- WOLFSSL_LEAVE("DecodeAltSigVal", ret);
- return ret;
- }
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- /* Macro to check if bit is set, if not sets and return success.
- Otherwise returns failure */
- /* Macro required here because bit-field operation */
- #ifndef WOLFSSL_NO_ASN_STRICT
- #define VERIFY_AND_SET_OID(bit) \
- if ((bit) == 0) \
- (bit) = 1; \
- else \
- return ASN_OBJECT_ID_E;
- #else
- /* With no strict defined, the verify is skipped */
- #define VERIFY_AND_SET_OID(bit) bit = 1;
- #endif
- /* Parse extension type specific data based on OID sum.
- *
- * Supported extensions:
- * Basic Constraints - BASIC_CA_OID
- * CRL Distribution Points - CRL_DIST_OID
- * Authority Information Access - AUTH_INFO_OID
- * Subject Alternative Name - ALT_NAMES_OID
- * Authority Key Identifier - AUTH_KEY_OID
- * Subject Key Identifier - SUBJ_KEY_OID
- * Certificate Policies - CERT_POLICY_OID (conditional parsing)
- * Key Usage - KEY_USAGE_OID
- * Extended Key Usage - EXT_KEY_USAGE_OID
- * Name Constraints - NAME_CONS_OID
- * Inhibit anyPolicy - INHIBIT_ANY_OID
- * Netscape Certificate Type - NETSCAPE_CT_OID (able to be excluded)
- * OCSP no check - OCSP_NOCHECK_OID (when compiling OCSP)
- * Subject Directory Attributes - SUBJ_DIR_ATTR_OID
- * Subject Information Access - SUBJ_INFO_ACC_OID
- * Unsupported extensions from RFC 5280:
- * 4.2.1.5 - Policy mappings
- * 4.2.1.7 - Issuer Alternative Name
- * 4.2.1.11 - Policy Constraints
- * 4.2.1.15 - Freshest CRL
- *
- * @param [in] input Buffer containing extension type specific data.
- * @param [in] length Length of data.
- * @param [in] oid OID sum for extension.
- * @param [in] critical Whether extension is critical.
- * @param [in, out] cert Certificate object.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoding is invalid.
- * @return MEMORY_E on dynamic memory allocation failure.
- * @return Other negative values on error.
- */
- static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
- byte critical, DecodedCert* cert,
- int *isUnknownExt)
- {
- int ret = 0;
- word32 idx = 0;
- if (isUnknownExt != NULL)
- *isUnknownExt = 0;
- switch (oid) {
- /* Basic Constraints. */
- case BASIC_CA_OID:
- VERIFY_AND_SET_OID(cert->extBasicConstSet);
- cert->extBasicConstCrit = critical ? 1 : 0;
- if (DecodeBasicCaConstraint(input, (int)length, cert) < 0) {
- ret = ASN_PARSE_E;
- }
- break;
- /* CRL Distribution point. */
- case CRL_DIST_OID:
- VERIFY_AND_SET_OID(cert->extCRLdistSet);
- cert->extCRLdistCrit = critical ? 1 : 0;
- if (DecodeCrlDist(input, length, cert) < 0) {
- ret = ASN_PARSE_E;
- }
- break;
- /* Authority information access. */
- case AUTH_INFO_OID:
- VERIFY_AND_SET_OID(cert->extAuthInfoSet);
- cert->extAuthInfoCrit = critical ? 1 : 0;
- #ifndef WOLFSSL_ALLOW_CRIT_AIA
- /* This check is added due to RFC 5280 section 4.2.2.1
- * stating that conforming CA's must mark this extension
- * as non-critical. When parsing extensions check that
- * certificate was made in compliance with this. */
- if (critical) {
- WOLFSSL_MSG("Critical Authority Information Access is not"
- "allowed");
- WOLFSSL_MSG("Use macro WOLFSSL_ALLOW_CRIT_AIA if wanted");
- ret = ASN_CRIT_EXT_E;
- }
- #endif
- if ((ret == 0) && (DecodeAuthInfo(input, length, cert) < 0)) {
- ret = ASN_PARSE_E;
- }
- break;
- /* Subject alternative name. */
- case ALT_NAMES_OID:
- VERIFY_AND_SET_OID(cert->extSubjAltNameSet);
- cert->extSubjAltNameCrit = critical ? 1 : 0;
- ret = DecodeAltNames(input, length, cert);
- break;
- /* Authority Key Identifier. */
- case AUTH_KEY_OID:
- VERIFY_AND_SET_OID(cert->extAuthKeyIdSet);
- cert->extAuthKeyIdCrit = critical ? 1 : 0;
- #ifndef WOLFSSL_ALLOW_CRIT_AKID
- /* This check is added due to RFC 5280 section 4.2.1.1
- * stating that conforming CA's must mark this extension
- * as non-critical. When parsing extensions check that
- * certificate was made in compliance with this. */
- if (critical) {
- WOLFSSL_MSG("Critical Auth Key ID is not allowed");
- WOLFSSL_MSG("Use macro WOLFSSL_ALLOW_CRIT_AKID if wanted");
- ret = ASN_CRIT_EXT_E;
- }
- #endif
- if ((ret == 0) && (DecodeAuthKeyId(input, length, cert) < 0)) {
- ret = ASN_PARSE_E;
- }
- break;
- /* Subject Key Identifier. */
- case SUBJ_KEY_OID:
- VERIFY_AND_SET_OID(cert->extSubjKeyIdSet);
- cert->extSubjKeyIdCrit = critical ? 1 : 0;
- #ifndef WOLFSSL_ALLOW_CRIT_SKID
- /* This check is added due to RFC 5280 section 4.2.1.2
- * stating that conforming CA's must mark this extension
- * as non-critical. When parsing extensions check that
- * certificate was made in compliance with this. */
- if (critical) {
- WOLFSSL_MSG("Critical Subject Key ID is not allowed");
- WOLFSSL_MSG("Use macro WOLFSSL_ALLOW_CRIT_SKID if wanted");
- ret = ASN_CRIT_EXT_E;
- }
- #endif
- if ((ret == 0) && (DecodeSubjKeyId(input, length, cert) < 0)) {
- ret = ASN_PARSE_E;
- }
- break;
- /* Certificate policies. */
- case CERT_POLICY_OID:
- #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
- VERIFY_AND_SET_OID(cert->extCertPolicySet);
- #if defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)
- cert->extCertPolicyCrit = critical ? 1 : 0;
- #endif
- #endif
- #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \
- defined(WOLFSSL_QT)
- if (DecodeCertPolicy(input, length, cert) < 0) {
- ret = ASN_PARSE_E;
- }
- #else
- WOLFSSL_MSG("Certificate Policy extension not supported yet.");
- #endif
- break;
- /* Key usage. */
- case KEY_USAGE_OID:
- VERIFY_AND_SET_OID(cert->extKeyUsageSet);
- cert->extKeyUsageCrit = critical ? 1 : 0;
- if (DecodeKeyUsage(input, length, cert) < 0) {
- ret = ASN_PARSE_E;
- }
- break;
- /* Extended key usage. */
- case EXT_KEY_USAGE_OID:
- VERIFY_AND_SET_OID(cert->extExtKeyUsageSet);
- cert->extExtKeyUsageCrit = critical ? 1 : 0;
- if (DecodeExtKeyUsage(input, length, cert) < 0) {
- ret = ASN_PARSE_E;
- }
- break;
- #ifndef IGNORE_NAME_CONSTRAINTS
- /* Name constraints. */
- case NAME_CONS_OID:
- #ifndef WOLFSSL_NO_ASN_STRICT
- /* Verify RFC 5280 Sec 4.2.1.10 rule:
- "The name constraints extension,
- which MUST be used only in a CA certificate" */
- if (!cert->isCA) {
- WOLFSSL_MSG("Name constraints allowed only for CA certs");
- WOLFSSL_ERROR_VERBOSE(ASN_NAME_INVALID_E);
- ret = ASN_NAME_INVALID_E;
- }
- #endif
- VERIFY_AND_SET_OID(cert->extNameConstraintSet);
- cert->extNameConstraintCrit = critical ? 1 : 0;
- if (DecodeNameConstraints(input, length, cert) < 0) {
- ret = ASN_PARSE_E;
- }
- break;
- #endif /* IGNORE_NAME_CONSTRAINTS */
- /* Inhibit anyPolicy. */
- case INHIBIT_ANY_OID:
- VERIFY_AND_SET_OID(cert->inhibitAnyOidSet);
- WOLFSSL_MSG("Inhibit anyPolicy extension not supported yet.");
- break;
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- /* Netscape's certificate type. */
- case NETSCAPE_CT_OID:
- if (DecodeNsCertType(input, (int)length, cert) < 0)
- ret = ASN_PARSE_E;
- break;
- #endif
- #ifdef HAVE_OCSP
- /* OCSP no check. */
- case OCSP_NOCHECK_OID:
- VERIFY_AND_SET_OID(cert->ocspNoCheckSet);
- ret = GetASNNull(input, &idx, length);
- if (ret != 0) {
- ret = ASN_PARSE_E;
- }
- break;
- #endif
- case POLICY_CONST_OID:
- VERIFY_AND_SET_OID(cert->extPolicyConstSet);
- cert->extPolicyConstCrit = critical ? 1 : 0;
- if (DecodePolicyConstraints(&input[idx], (int)length, cert) < 0)
- return ASN_PARSE_E;
- break;
- #ifdef WOLFSSL_SUBJ_DIR_ATTR
- case SUBJ_DIR_ATTR_OID:
- VERIFY_AND_SET_OID(cert->extSubjDirAttrSet);
- if (DecodeSubjDirAttr(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
- #endif
- #ifdef WOLFSSL_SUBJ_INFO_ACC
- case SUBJ_INFO_ACC_OID:
- VERIFY_AND_SET_OID(cert->extSubjInfoAccSet);
- if (DecodeSubjInfoAcc(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
- #endif
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- case SUBJ_ALT_PUB_KEY_INFO_OID:
- VERIFY_AND_SET_OID(cert->extSapkiSet);
- if (DecodeSubjAltPubKeyInfo(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
- case ALT_SIG_ALG_OID:
- VERIFY_AND_SET_OID(cert->extAltSigAlgSet);
- if (DecodeAltSigAlg(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
- case ALT_SIG_VAL_OID:
- VERIFY_AND_SET_OID(cert->extAltSigValSet);
- if (DecodeAltSigVal(&input[idx], length, cert) < 0)
- return ASN_PARSE_E;
- break;
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- default:
- if (isUnknownExt != NULL)
- *isUnknownExt = 1;
- #ifndef WOLFSSL_NO_ASN_STRICT
- /* While it is a failure to not support critical extensions,
- * still parse the certificate ignoring the unsupported
- * extension to allow caller to accept it with the verify
- * callback. */
- if (critical) {
- WOLFSSL_ERROR_VERBOSE(ASN_CRIT_EXT_E);
- ret = ASN_CRIT_EXT_E;
- }
- #endif
- break;
- }
- return ret;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for extensions.
- * X.509: RFC 5280, 4.1 - Basic Certificate Fields.
- */
- static const ASNItem certExtHdrASN[] = {
- /* EXTTAG */ { 0, ASN_CONTEXT_SPECIFIC | 3, 1, 1, 0 },
- /* EXTSEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- };
- enum {
- CERTEXTHDRASN_IDX_EXTTAG = 0,
- CERTEXTHDRASN_IDX_EXTSEQ
- };
- /* Number of items in ASN.1 template for extensions. */
- #define certExtHdrASN_Length (sizeof(certExtHdrASN) / sizeof(ASNItem))
- /* ASN.1 template for Extension.
- * X.509: RFC 5280, 4.1 - Basic Certificate Fields.
- */
- static const ASNItem certExtASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* Extension object id */
- /* OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* critical - when true, must be parseable. */
- /* CRIT */ { 1, ASN_BOOLEAN, 0, 0, 1 },
- /* Data for extension - leave index at start of data. */
- /* VAL */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- };
- enum {
- CERTEXTASN_IDX_SEQ = 0,
- CERTEXTASN_IDX_OID,
- CERTEXTASN_IDX_CRIT,
- CERTEXTASN_IDX_VAL
- };
- /* Number of items in ASN.1 template for Extension. */
- #define certExtASN_Length (sizeof(certExtASN) / sizeof(ASNItem))
- #endif
- #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
- && defined(HAVE_OID_DECODING)
- int wc_SetUnknownExtCallback(DecodedCert* cert,
- wc_UnknownExtCallback cb) {
- if (cert == NULL) {
- return BAD_FUNC_ARG;
- }
- cert->unknownExtCallback = cb;
- return 0;
- }
- #endif
- /*
- * Processing the Certificate Extensions. This does not modify the current
- * index. It is works starting with the recorded extensions pointer.
- */
- static int DecodeCertExtensions(DecodedCert* cert)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret = 0;
- word32 idx = 0;
- word32 sz = (word32)cert->extensionsSz;
- const byte* input = cert->extensions;
- int length;
- word32 oid;
- byte critical = 0;
- byte criticalFail = 0;
- byte tag = 0;
- WOLFSSL_ENTER("DecodeCertExtensions");
- if (input == NULL || sz == 0)
- return BAD_FUNC_ARG;
- #ifdef WOLFSSL_CERT_REQ
- if (!cert->isCSR)
- #endif
- { /* Not included in CSR */
- if (GetASNTag(input, &idx, &tag, sz) < 0) {
- return ASN_PARSE_E;
- }
- if (tag != ASN_EXTENSIONS) {
- WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
- return ASN_PARSE_E;
- }
- if (GetLength(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: invalid length");
- return ASN_PARSE_E;
- }
- }
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)");
- return ASN_PARSE_E;
- }
- while (idx < (word32)sz) {
- word32 localIdx;
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
- oid = 0;
- if ((ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz)) < 0) {
- WOLFSSL_MSG("\tfail: OBJECT ID");
- return ret;
- }
- /* check for critical flag */
- critical = 0;
- if ((idx + 1) > (word32)sz) {
- WOLFSSL_MSG("\tfail: malformed buffer");
- return BUFFER_E;
- }
- localIdx = idx;
- if (GetASNTag(input, &localIdx, &tag, sz) == 0) {
- if (tag == ASN_BOOLEAN) {
- ret = GetBoolean(input, &idx, sz);
- if (ret < 0) {
- WOLFSSL_MSG("\tfail: critical boolean");
- return ret;
- }
- critical = (byte)ret;
- }
- }
- /* process the extension based on the OID */
- ret = GetOctetString(input, &idx, &length, sz);
- if (ret < 0) {
- WOLFSSL_MSG("\tfail: bad OCTET STRING");
- return ret;
- }
- ret = DecodeExtensionType(input + idx, (word32)length, oid, critical,
- cert, NULL);
- if (ret == ASN_CRIT_EXT_E) {
- ret = 0;
- criticalFail = 1;
- }
- if (ret < 0)
- goto end;
- idx += (word32)length;
- }
- ret = criticalFail ? ASN_CRIT_EXT_E : 0;
- end:
- return ret;
- #else
- DECL_ASNGETDATA(dataASN, certExtASN_Length);
- ASNGetData dataExtsASN[certExtHdrASN_Length];
- int ret = 0;
- const byte* input = cert->extensions;
- int sz = cert->extensionsSz;
- word32 idx = 0;
- int criticalRet = 0;
- int offset = 0;
- WOLFSSL_ENTER("DecodeCertExtensions");
- if (input == NULL || sz == 0)
- ret = BAD_FUNC_ARG;
- ALLOC_ASNGETDATA(dataASN, certExtASN_Length, ret, cert->heap);
- #ifdef WOLFSSL_CERT_REQ
- if (cert->isCSR) {
- offset = CERTEXTHDRASN_IDX_EXTSEQ;
- }
- #endif
- if (ret == 0) {
- /* Clear dynamic data. */
- XMEMSET(dataExtsASN, 0, sizeof(dataExtsASN));
- /* Parse extensions header. */
- ret = GetASN_Items(certExtHdrASN + offset, dataExtsASN + offset,
- (int)(certExtHdrASN_Length - (size_t)offset), 0,
- input, &idx, (word32)sz);
- }
- /* Parse each extension. */
- while ((ret == 0) && (idx < (word32)sz)) {
- byte critical = 0;
- int isUnknownExt = 0;
- /* Clear dynamic data. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * certExtASN_Length);
- /* Ensure OID is an extension type. */
- GetASN_OID(&dataASN[CERTEXTASN_IDX_OID], oidCertExtType);
- /* Set criticality variable. */
- GetASN_Int8Bit(&dataASN[CERTEXTASN_IDX_CRIT], &critical);
- /* Parse extension wrapper. */
- ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, input,
- &idx, (word32)sz);
- if (ret == 0) {
- word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum;
- word32 length = dataASN[CERTEXTASN_IDX_VAL].length;
- /* Decode the extension by type. */
- ret = DecodeExtensionType(input + idx, length, oid, critical, cert,
- &isUnknownExt);
- #if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING)
- if (isUnknownExt && (cert->unknownExtCallback != NULL)) {
- word16 decOid[MAX_OID_SZ];
- word32 decOidSz = sizeof(decOid);
- ret = DecodeObjectId(
- dataASN[CERTEXTASN_IDX_OID].data.oid.data,
- dataASN[CERTEXTASN_IDX_OID].data.oid.length,
- decOid, &decOidSz);
- if (ret != 0) {
- /* Should never get here as the extension was successfully
- * decoded earlier. Something might be corrupted. */
- WOLFSSL_MSG("DecodeObjectId() failed. Corruption?");
- WOLFSSL_ERROR(ret);
- }
- ret = cert->unknownExtCallback(decOid, decOidSz, critical,
- dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
- dataASN[CERTEXTASN_IDX_VAL].length);
- }
- #endif
- (void)isUnknownExt;
- /* Move index on to next extension. */
- idx += length;
- }
- /* Don't fail criticality until all other extensions have been checked.
- */
- if (ret == ASN_CRIT_EXT_E) {
- criticalRet = ASN_CRIT_EXT_E;
- ret = 0;
- }
- }
- if (ret == 0) {
- /* Use criticality return. */
- ret = criticalRet;
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- #endif
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- #if defined(HAVE_RPK)
- /* ASN template for a Raw Public Key certificate defined RFC7250. */
- static const ASNItem RPKCertASN[] = {
- /* SubjectPublicKeyInfo ::= SEQUENCE */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* algorithm AlgorithmIdentifier */
- /* AlgorithmIdentifier ::= SEQUENCE */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* Algorithm OBJECT IDENTIFIER */
- /* TBS_SPUBKEYINFO_ALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* parameters ANY defined by algorithm OPTIONAL */
- /* TBS_SPUBKEYINFO_ALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 2 },
- /* TBS_SPUBKEYINFO_ALGO_CURVEID */ { 2, ASN_OBJECT_ID, 0, 0, 2 },
- #ifdef WC_RSA_PSS
- /* TBS_SPUBKEYINFO_ALGO_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 2 },
- #endif
- /* subjectPublicKey BIT STRING */
- /* TBS_SPUBKEYINFO_PUBKEY */ { 1, ASN_BIT_STRING, 0, 0, 0 },
- };
- /* Number of items in ASN template for a RawPublicKey certificate. */
- #define RPKCertASN_Length (sizeof(RPKCertASN) / sizeof(ASNItem))
- enum {
- RPKCERTASN_IDX_SPUBKEYINFO_SEQ = 0,
- RPKCERTASN_IDX_SPUBKEYINFO_ALGO_SEQ,
- RPKCERTASN_IDX_SPUBKEYINFO_ALGO_OID,
- RPKCERTASN_IDX_SPUBKEYINFO_ALGO_NULL,
- RPKCERTASN_IDX_SPUBKEYINFO_ALGO_CURVEID,
- #ifdef WC_RSA_PSS
- RPKCERTASN_IDX_SPUBKEYINFO_ALGO_P_SEQ,
- #endif
- RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY,
- };
- #endif /* HAVE_RPK */
- /* ASN template for an X509 certificate.
- * X.509: RFC 5280, 4.1 - Basic Certificate Fields.
- */
- static const ASNItem x509CertASN[] = {
- /* Certificate ::= SEQUENCE */
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* tbsCertificate TBSCertificate */
- /* TBSCertificate ::= SEQUENCE */
- /* TBS_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* version [0] EXPLICIT Version DEFAULT v1 */
- /* TBS_VER */ { 2, ASN_CONTEXT_SPECIFIC | ASN_X509_CERT_VERSION, 1, 1, 1 },
- /* Version ::= INTEGER { v1(0), v2(1), v3(2) */
- /* TBS_VER_INT */ { 3, ASN_INTEGER, 0, 0, 0 },
- /* serialNumber CertificateSerialNumber */
- /* CertificateSerialNumber ::= INTEGER */
- /* TBS_SERIAL */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* signature AlgorithmIdentifier */
- /* AlgorithmIdentifier ::= SEQUENCE */
- /* TBS_ALGOID_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* Algorithm OBJECT IDENTIFIER */
- /* TBS_ALGOID_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* parameters ANY defined by algorithm OPTIONAL */
- /* TBS_ALGOID_PARAMS_NULL */ { 3, ASN_TAG_NULL, 0, 0, 2 },
- #ifdef WC_RSA_PSS
- /* TBS_ALGOID_PARAMS */ { 3, ASN_SEQUENCE, 1, 0, 2 },
- #endif
- /* issuer Name */
- /* TBS_ISSUER_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0 },
- /* validity Validity */
- /* Validity ::= SEQUENCE */
- /* TBS_VALIDITY_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* notBefore Time */
- /* Time :: CHOICE { UTCTime, GeneralizedTime } */
- /* TBS_VALIDITY_NOTB_UTC */ { 3, ASN_UTC_TIME, 0, 0, 2 },
- /* TBS_VALIDITY_NOTB_GT */ { 3, ASN_GENERALIZED_TIME, 0, 0, 2 },
- /* notAfter Time */
- /* Time :: CHOICE { UTCTime, GeneralizedTime } */
- /* TBS_VALIDITY_NOTA_UTC */ { 3, ASN_UTC_TIME, 0, 0, 3 },
- /* TBS_VALIDITY_NOTA_GT */ { 3, ASN_GENERALIZED_TIME, 0, 0, 3 },
- /* subject Name */
- /* TBS_SUBJECT_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0 },
- /* subjectPublicKeyInfo SubjectPublicKeyInfo */
- /* TBS_SPUBKEYINFO_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* algorithm AlgorithmIdentifier */
- /* AlgorithmIdentifier ::= SEQUENCE */
- /* TBS_SPUBKEYINFO_ALGO_SEQ */ { 3, ASN_SEQUENCE, 1, 1, 0 },
- /* Algorithm OBJECT IDENTIFIER */
- /* TBS_SPUBKEYINFO_ALGO_OID */ { 4, ASN_OBJECT_ID, 0, 0, 0 },
- /* parameters ANY defined by algorithm OPTIONAL */
- /* TBS_SPUBKEYINFO_ALGO_NULL */ { 4, ASN_TAG_NULL, 0, 0, 2 },
- /* TBS_SPUBKEYINFO_ALGO_CURVEID */ { 4, ASN_OBJECT_ID, 0, 0, 2 },
- #ifdef WC_RSA_PSS
- /* TBS_SPUBKEYINFO_ALGO_P_SEQ */ { 4, ASN_SEQUENCE, 1, 0, 2 },
- #endif
- /* subjectPublicKey BIT STRING */
- /* TBS_SPUBKEYINFO_PUBKEY */ { 3, ASN_BIT_STRING, 0, 0, 0 },
- /* issuerUniqueID UniqueIdentfier OPTIONAL */
- /* TBS_ISSUERUID */ { 2, ASN_CONTEXT_SPECIFIC | 1, 0, 0, 1 },
- /* subjectUniqueID UniqueIdentfier OPTIONAL */
- /* TBS_SUBJECTUID */ { 2, ASN_CONTEXT_SPECIFIC | 2, 0, 0, 1 },
- /* extensions Extensions OPTIONAL */
- /* TBS_EXT */ { 2, ASN_CONTEXT_SPECIFIC | 3, 1, 1, 1 },
- /* TBS_EXT_SEQ */ { 3, ASN_SEQUENCE, 1, 0, 0 },
- /* signatureAlgorithm AlgorithmIdentifier */
- /* AlgorithmIdentifier ::= SEQUENCE */
- /* SIGALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* Algorithm OBJECT IDENTIFIER */
- /* SIGALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* parameters ANY defined by algorithm OPTIONAL */
- /* SIGALGO_PARAMS_NULL */ { 2, ASN_TAG_NULL, 0, 0, 2 },
- #ifdef WC_RSA_PSS
- /* SIGALGO_PARAMS */ { 2, ASN_SEQUENCE, 1, 0, 2 },
- #endif
- /* signature BIT STRING */
- /* SIGNATURE */ { 1, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- X509CERTASN_IDX_SEQ = 0,
- X509CERTASN_IDX_TBS_SEQ,
- X509CERTASN_IDX_TBS_VER,
- X509CERTASN_IDX_TBS_VER_INT,
- X509CERTASN_IDX_TBS_SERIAL,
- X509CERTASN_IDX_TBS_ALGOID_SEQ,
- X509CERTASN_IDX_TBS_ALGOID_OID,
- X509CERTASN_IDX_TBS_ALGOID_PARAMS_NULL,
- #ifdef WC_RSA_PSS
- X509CERTASN_IDX_TBS_ALGOID_PARAMS,
- #endif
- X509CERTASN_IDX_TBS_ISSUER_SEQ,
- X509CERTASN_IDX_TBS_VALIDITY_SEQ,
- X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC,
- X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT,
- X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC,
- X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT,
- X509CERTASN_IDX_TBS_SUBJECT_SEQ,
- X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ,
- X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_SEQ,
- X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID,
- X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_NULL,
- X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_CURVEID,
- #ifdef WC_RSA_PSS
- X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_P_SEQ,
- #endif
- X509CERTASN_IDX_TBS_SPUBKEYINFO_PUBKEY,
- X509CERTASN_IDX_TBS_ISSUERUID,
- X509CERTASN_IDX_TBS_SUBJECTUID,
- X509CERTASN_IDX_TBS_EXT,
- X509CERTASN_IDX_TBS_EXT_SEQ,
- X509CERTASN_IDX_SIGALGO_SEQ,
- X509CERTASN_IDX_SIGALGO_OID,
- X509CERTASN_IDX_SIGALGO_PARAMS_NULL,
- #ifdef WC_RSA_PSS
- X509CERTASN_IDX_SIGALGO_PARAMS,
- #endif
- X509CERTASN_IDX_SIGNATURE,
- WOLF_ENUM_DUMMY_LAST_ELEMENT(X509CERTASN_IDX)
- };
- /* Number of items in ASN template for an X509 certificate. */
- #define x509CertASN_Length (sizeof(x509CertASN) / sizeof(ASNItem))
- /* Check the data data.
- *
- * @param [in] dataASN ASN template dynamic data item.
- * @param [in] dataType BEFORE or AFTER date.
- * @return 0 on success.
- * @return ASN_TIME_E when BER tag is nor UTC or GENERALIZED time.
- * @return ASN_DATE_SZ_E when time data is not supported.
- * @return ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return ASN_AFTER_DATE_E when AFTER date is invalid.
- */
- static int CheckDate(ASNGetData *dataASN, int dateType)
- {
- int ret = 0;
- /* Check BER tag is valid. */
- if ((dataASN->tag != ASN_UTC_TIME) &&
- (dataASN->tag != ASN_GENERALIZED_TIME)) {
- ret = ASN_TIME_E;
- }
- /* Check date length is valid. */
- if ((ret == 0) && ((dataASN->length > MAX_DATE_SIZE) ||
- (dataASN->length < MIN_DATE_SIZE))) {
- ret = ASN_DATE_SZ_E;
- }
- #ifndef NO_ASN_TIME_CHECK
- /* Check date is a valid string and BEFORE or AFTER now. */
- if ((ret == 0) &&
- (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) {
- if (dateType == BEFORE) {
- ret = ASN_BEFORE_DATE_E;
- }
- else {
- ret = ASN_AFTER_DATE_E;
- }
- }
- #endif
- (void)dateType;
- return ret;
- }
- /* Decode a certificate. Internal/non-public API.
- *
- * @param [in] cert Certificate object.
- * @param [in] verify Whether to verify dates before and after now.
- * @param [out] criticalExt Critical extension return code.
- * @param [out] badDateRet Bad date return code.
- * @param [in] stopAtPubKey Stop parsing before subkectPublicKeyInfo.
- * @param [in] stopAfterPubKey Stop parsing after subkectPublicKeyInfo.
- * @return 0 on success.
- * @return ASN_CRIT_EXT_E when a critical extension was not recognized.
- * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
- * @return ASN_DATE_SZ_E when time data is not supported.
- * @return ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return ASN_AFTER_DATE_E when AFTER date is invalid.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
- int* badDateRet, int stopAtPubKey,
- int stopAfterPubKey)
- {
- DECL_ASNGETDATA(dataASN, x509CertASN_Length);
- int ret = 0;
- int badDate = 0;
- byte version;
- word32 idx;
- word32 serialSz;
- const unsigned char* issuer = NULL;
- word32 issuerSz = 0;
- const unsigned char* subject = NULL;
- word32 subjectSz = 0;
- word32 pubKeyOffset = 0;
- word32 pubKeyEnd = 0;
- int done = 0;
- #if defined(HAVE_RPK)
- /* try to parse the cert as Raw Public Key cert */
- DECL_ASNGETDATA(RPKdataASN, RPKCertASN_Length);
- CALLOC_ASNGETDATA(RPKdataASN, RPKCertASN_Length, ret, cert->heap);
- GetASN_OID(&RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_OID],
- oidKeyType);
- GetASN_OID(&RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_CURVEID],
- oidCurveType);
- ret = GetASN_Items(RPKCertASN, RPKdataASN, RPKCertASN_Length, 1,
- cert->source, &cert->srcIdx, cert->maxIdx);
- if (ret == 0) {
- cert->keyOID =
- RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_OID].data.oid.sum;
- /* Parse the public key. */
- pubKeyOffset = RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_SEQ].offset;
- pubKeyEnd = cert->maxIdx;
- ret = GetCertKey(cert, cert->source, &pubKeyOffset, pubKeyEnd);
- if (ret == 0) {
- WOLFSSL_MSG("Raw Public Key certificate found and parsed");
- cert->isRPK = 1;
- }
- }
- /* Dispose of memory before allocating for extension decoding. */
- FREE_ASNGETDATA(RPKdataASN, cert->heap);
- if (ret == 0) {
- return ret;
- }
- else {
- ret = 0; /* proceed to the original x509 parsing */
- }
- #endif /* HAVE_RPK */
- CALLOC_ASNGETDATA(dataASN, x509CertASN_Length, ret, cert->heap);
- if (ret == 0) {
- version = 0;
- serialSz = EXTERNAL_SERIAL_SIZE;
- /* Get the version and put the serial number into the buffer. */
- GetASN_Int8Bit(&dataASN[X509CERTASN_IDX_TBS_VER_INT], &version);
- GetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_SERIAL], cert->serial,
- &serialSz);
- /* Check OID types for signature, algorithm, ECC curve and sigAlg. */
- GetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID], oidSigType);
- GetASN_OID(&dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID],
- oidKeyType);
- GetASN_OID(&dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_CURVEID],
- oidCurveType);
- GetASN_OID(&dataASN[X509CERTASN_IDX_SIGALGO_OID], oidSigType);
- /* Parse the X509 certificate. */
- ret = GetASN_Items(x509CertASN, dataASN, x509CertASN_Length, 1,
- cert->source, &cert->srcIdx, cert->maxIdx);
- #ifdef WOLFSSL_CLANG_TIDY
- /* work around clang-tidy false positive re cert->source. */
- if ((ret == 0) && (cert->source == NULL)) {
- ret = ASN_PARSE_E;
- }
- #endif
- }
- /* Check version is valid/supported - can't be negative. */
- if ((ret == 0) && (version > MAX_X509_VERSION)) {
- WOLFSSL_MSG("Unexpected certificate version");
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- int i;
- pubKeyOffset = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ].offset;
- /* Set fields extracted from data. */
- cert->version = version;
- cert->serialSz = (int)serialSz;
- cert->signatureOID = dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].data.oid.sum;
- cert->keyOID = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID].data.oid.sum;
- cert->certBegin = dataASN[X509CERTASN_IDX_TBS_SEQ].offset;
- /* No bad date error - don't always care. */
- badDate = 0;
- /* Find the item with the BEFORE date and check it. */
- i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0)
- ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC
- : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT;
- if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) &&
- (verify != VERIFY_SKIP_DATE)) {
- badDate = ASN_BEFORE_DATE_E;
- }
- /* Store reference to BEFOREdate. */
- cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source);
- cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
- /* Find the item with the AFTER date and check it. */
- i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0)
- ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC
- : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT;
- if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) &&
- (verify != VERIFY_SKIP_DATE)) {
- badDate = ASN_AFTER_DATE_E;
- }
- /* Store reference to AFTER date. */
- cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source);
- cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
- /* Get the issuer name. */
- issuer = cert->source + dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].offset;
- issuerSz = dataASN[X509CERTASN_IDX_TBS_VALIDITY_SEQ].offset -
- dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].offset;
- /* Get the subject name. */
- subject = cert->source +
- dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].offset;
- subjectSz = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ].offset -
- dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].offset;
- }
- if ((ret == 0) && stopAtPubKey) {
- /* Return any bad date error through badDateRet and return offset of
- * subjectPublicKeyInfo.
- */
- if (badDateRet != NULL) {
- *badDateRet = badDate;
- }
- done = 1;
- }
- if ((ret == 0) && (!done)) {
- /* Store the signature information. */
- cert->sigIndex = dataASN[X509CERTASN_IDX_SIGALGO_SEQ].offset;
- GetASN_GetConstRef(&dataASN[X509CERTASN_IDX_SIGNATURE],
- &cert->signature, &cert->sigLength);
- /* Make sure 'signature' and 'signatureAlgorithm' are the same. */
- if (dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum
- != cert->signatureOID) {
- WOLFSSL_ERROR_VERBOSE(ASN_SIG_OID_E);
- ret = ASN_SIG_OID_E;
- }
- /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
- else if (IsSigAlgoECC(cert->signatureOID)) {
- if ((dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0)
- #ifdef WC_RSA_PSS
- || (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0)
- #endif
- ) {
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- }
- #ifdef WC_RSA_PSS
- /* Check parameters starting with a SEQUENCE. */
- else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
- word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
- word32 sigAlgParamsSz = 0;
- /* Parameters only with RSA PSS. */
- if (oid != CTC_RSASSAPSS) {
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- const byte* tbsParams;
- word32 tbsParamsSz;
- const byte* sigAlgParams;
- /* Check RSA PSS parameters are the same. */
- tbsParams =
- GetASNItem_Addr(dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS],
- cert->source);
- tbsParamsSz =
- GetASNItem_Length(dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS],
- cert->source);
- sigAlgParams =
- GetASNItem_Addr(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS],
- cert->source);
- sigAlgParamsSz =
- GetASNItem_Length(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS],
- cert->source);
- if ((tbsParamsSz != sigAlgParamsSz) ||
- (XMEMCMP(tbsParams, sigAlgParams, tbsParamsSz) != 0)) {
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- ret = ASN_PARSE_E;
- }
- }
- if (ret == 0) {
- /* Store parameters for use in signature verification. */
- cert->sigParamsIndex =
- dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].offset;
- cert->sigParamsLength = sigAlgParamsSz;
- }
- }
- #endif
- }
- if ((ret == 0) && (!done)) {
- pubKeyEnd = dataASN[X509CERTASN_IDX_TBS_ISSUERUID].offset;
- if (stopAfterPubKey) {
- /* Return any bad date error through badDateRed and return offset
- * after subjectPublicKeyInfo.
- */
- if (badDateRet != NULL) {
- *badDateRet = badDate;
- }
- done = 1;
- }
- }
- if ((ret == 0) && (!done) &&
- (dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.ref.data != NULL)) {
- #ifndef ALLOW_V1_EXTENSIONS
- /* Certificate extensions were only defined in version 2. */
- if (cert->version < 2) {
- WOLFSSL_MSG("\tv1 and v2 certs not allowed extensions");
- WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E);
- ret = ASN_VERSION_E;
- }
- #endif
- if (ret == 0) {
- /* Save references to extension data. */
- cert->extensions = GetASNItem_Addr(
- dataASN[X509CERTASN_IDX_TBS_EXT], cert->source);
- cert->extensionsSz = (int)GetASNItem_Length(
- dataASN[X509CERTASN_IDX_TBS_EXT], cert->source);
- cert->extensionsIdx = dataASN[X509CERTASN_IDX_TBS_EXT].offset;
- /* Advance past extensions. */
- cert->srcIdx = dataASN[X509CERTASN_IDX_SIGALGO_SEQ].offset;
- }
- }
- /* Dispose of memory before allocating for extension decoding. */
- FREE_ASNGETDATA(dataASN, cert->heap);
- if ((ret == 0) && (issuer != NULL)) {
- idx = 0;
- /* Put issuer into cert and calculate hash. */
- ret = GetCertName(cert, cert->issuer, cert->issuerHash, ISSUER, issuer,
- &idx, issuerSz);
- }
- if ((ret == 0) && (subject != NULL)) {
- idx = 0;
- /* Put subject into cert and calculate hash. */
- ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT,
- subject, &idx, subjectSz);
- }
- if (ret == 0) {
- /* Determine if self signed by comparing issuer and subject hashes. */
- #ifdef WOLFSSL_CERT_REQ
- if (cert->isCSR) {
- cert->selfSigned = 1;
- }
- else
- #endif
- {
- cert->selfSigned = (XMEMCMP(cert->issuerHash, cert->subjectHash,
- KEYID_SIZE) == 0);
- }
- if (stopAtPubKey) {
- ret = (int)pubKeyOffset;
- }
- }
- if ((ret == 0) && (!stopAtPubKey)) {
- /* Parse the public key. */
- idx = pubKeyOffset;
- ret = GetCertKey(cert, cert->source, &idx, pubKeyEnd);
- }
- if ((ret == 0) && (!stopAtPubKey) && (!stopAfterPubKey) &&
- (cert->extensions != NULL)) {
- /* Decode the extension data starting at [3]. */
- ret = DecodeCertExtensions(cert);
- if (criticalExt != NULL) {
- if (ret == ASN_CRIT_EXT_E) {
- /* Return critical extension not recognized. */
- *criticalExt = ret;
- ret = 0;
- }
- else {
- /* No critical extension error. */
- *criticalExt = 0;
- }
- }
- }
- if ((ret == 0) && (!done) && (badDate != 0)) {
- /* Parsed whole certificate fine but return any date errors. */
- ret = badDate;
- }
- return ret;
- }
- /* Decode BER/DER data into certificate object.
- *
- * BER/DER data information held in source, srcIdx and maxIdx fields of
- * certificate object.
- *
- * @param [in] cert Decoded certificate object.
- * @param [in] verify Whether to find CA and verify certificate.
- * @param [in] criticalExt Any error for critical extensions not recognized.
- * @return 0 on success.
- * @return ASN_CRIT_EXT_E when a critical extension was not recognized.
- * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
- * @return ASN_DATE_SZ_E when time data is not supported.
- * @return ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return ASN_AFTER_DATE_E when AFTER date is invalid.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- int DecodeCert(DecodedCert* cert, int verify, int* criticalExt)
- {
- return DecodeCertInternal(cert, verify, criticalExt, NULL, 0, 0);
- }
- #ifdef WOLFSSL_CERT_REQ
- /* ASN.1 template for certificate request Attribute.
- * PKCS #10: RFC 2986, 4.1 - CertificationRequestInfo
- */
- static const ASNItem reqAttrASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* type */
- /* TYPE */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* values */
- /* VALS */ { 1, ASN_SET, 1, 0, 0 },
- };
- enum {
- REQATTRASN_IDX_SEQ = 0,
- REQATTRASN_IDX_TYPE,
- REQATTRASN_IDX_VALS
- };
- /* Number of items in ASN.1 template for certificate request Attribute. */
- #define reqAttrASN_Length (sizeof(reqAttrASN) / sizeof(ASNItem))
- /* ASN.1 template for a string choice. */
- static const ASNItem strAttrASN[] = {
- { 0, 0, 0, 0, 0 },
- };
- enum {
- STRATTRASN_IDX_STR = 0
- };
- /* Number of items in ASN.1 template for a string choice. */
- #define strAttrASN_Length (sizeof(strAttrASN) / sizeof(ASNItem))
- /* ASN.1 choices for types for a string in an attribute. */
- static const byte strAttrChoice[] = {
- ASN_PRINTABLE_STRING, ASN_IA5_STRING, ASN_UTF8STRING, 0
- };
- /* Decode a certificate request attribute's value.
- *
- * @param [in] cert Certificate request object.
- * @param [out] criticalExt Critical extension return code.
- * @param [in] oid OID describing which attribute was found.
- * @param [in] aIdx Index into certificate source to start parsing.
- * @param [in] input Attribute value data.
- * @param [in] maxIdx Maximum index to parse to.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- */
- static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt,
- word32 oid, word32 aIdx, const byte* input, word32 maxIdx)
- {
- int ret = 0;
- word32 idx = 0;
- ASNGetData strDataASN[strAttrASN_Length];
- switch (oid) {
- case PKCS9_CONTENT_TYPE_OID:
- /* Clear dynamic data and specify choices acceptable. */
- XMEMSET(strDataASN, 0, sizeof(strDataASN));
- GetASN_Choice(&strDataASN[STRATTRASN_IDX_STR], strAttrChoice);
- /* Parse a string. */
- ret = GetASN_Items(strAttrASN, strDataASN, strAttrASN_Length,
- 1, input, &idx, maxIdx);
- if (ret == 0) {
- /* Store references to password data. */
- cert->contentType =
- (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data;
- cert->contentTypeLen =
- (int)strDataASN[STRATTRASN_IDX_STR].data.ref.length;
- }
- break;
- /* A password by which the entity may request certificate revocation.
- * PKCS#9: RFC 2985, 5.4.1 - Challenge password
- */
- case CHALLENGE_PASSWORD_OID:
- /* Clear dynamic data and specify choices acceptable. */
- XMEMSET(strDataASN, 0, sizeof(strDataASN));
- GetASN_Choice(&strDataASN[STRATTRASN_IDX_STR], strAttrChoice);
- /* Parse a string. */
- ret = GetASN_Items(strAttrASN, strDataASN, strAttrASN_Length,
- 1, input, &idx, maxIdx);
- if (ret == 0) {
- /* Store references to password data. */
- cert->cPwd =
- (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data;
- cert->cPwdLen = (int)strDataASN[STRATTRASN_IDX_STR].
- data.ref.length;
- }
- break;
- /* Requested serial number to issue with.
- * PKCS#9: RFC 2985, 5.2.10 - Serial Number
- * (References: ISO/IEC 9594-6:1997)
- */
- case SERIAL_NUMBER_OID:
- /* Clear dynamic data and specify choices acceptable. */
- XMEMSET(strDataASN, 0, sizeof(strDataASN));
- GetASN_Choice(&strDataASN[STRATTRASN_IDX_STR], strAttrChoice);
- /* Parse a string. */
- ret = GetASN_Items(strAttrASN, strDataASN, strAttrASN_Length,
- 1, input, &idx, maxIdx);
- if (ret == 0) {
- /* Store references to serial number. */
- cert->sNum =
- (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data;
- cert->sNumLen = (int)strDataASN[STRATTRASN_IDX_STR].
- data.ref.length;
- /* Store serial number if small enough. */
- if (cert->sNumLen <= EXTERNAL_SERIAL_SIZE) {
- XMEMCPY(cert->serial, cert->sNum, (size_t)cert->sNumLen);
- cert->serialSz = cert->sNumLen;
- }
- }
- break;
- case UNSTRUCTURED_NAME_OID:
- /* Clear dynamic data and specify choices acceptable. */
- XMEMSET(strDataASN, 0, sizeof(strDataASN));
- GetASN_Choice(&strDataASN[STRATTRASN_IDX_STR], strAttrChoice);
- /* Parse a string. */
- ret = GetASN_Items(strAttrASN, strDataASN, strAttrASN_Length,
- 1, input, &idx, maxIdx);
- if (ret == 0) {
- /* Store references to unstructured name. */
- cert->unstructuredName =
- (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data;
- cert->unstructuredNameLen = (int)strDataASN[STRATTRASN_IDX_STR].
- data.ref.length;
- }
- break;
- /* Certificate extensions to be included in generated certificate.
- * PKCS#9: RFC 2985, 5.4.2 - Extension request
- */
- case EXTENSION_REQUEST_OID:
- /* Store references to all extensions. */
- cert->extensions = input;
- cert->extensionsSz = (int)maxIdx;
- cert->extensionsIdx = aIdx;
- /* Decode and validate extensions. */
- ret = DecodeCertExtensions(cert);
- if (ret == ASN_CRIT_EXT_E) {
- /* Return critical extension not recognized. */
- *criticalExt = ret;
- ret = 0;
- }
- else {
- /* No critical extension error. */
- *criticalExt = 0;
- }
- break;
- default:
- ret = ASN_PARSE_E;
- break;
- }
- return ret;
- }
- /* Decode attributes of a BER encoded certificate request.
- *
- * RFC 2986 - PKCS #10: Certification Request Syntax Specification Version 1.7
- *
- * Outer sequence has been removed.
- *
- * @param [in] cert Certificate request object.
- * @param [out] criticalExt Critical extension return code.
- * @param [in] idx Index into certificate source to start parsing.
- * @param [in] maxIdx Maximum index to parse to.
- * @return 0 on success.
- * @return ASN_CRIT_EXT_E when a critical extension was not recognized.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
- static int DecodeCertReqAttributes(DecodedCert* cert, int* criticalExt,
- word32 idx, word32 maxIdx)
- {
- DECL_ASNGETDATA(dataASN, reqAttrASN_Length);
- int ret = 0;
- WOLFSSL_ENTER("DecodeCertReqAttributes");
- ALLOC_ASNGETDATA(dataASN, reqAttrASN_Length, ret, cert->heap);
- /* Parse each attribute until all data used up. */
- while ((ret == 0) && (idx < maxIdx)) {
- /* Clear dynamic data. */
- XMEMSET(dataASN, 0, sizeof(ASNGetData) * reqAttrASN_Length);
- GetASN_OID(&dataASN[REQATTRASN_IDX_TYPE], oidIgnoreType);
- /* Parse an attribute. */
- ret = GetASN_Items(reqAttrASN, dataASN, reqAttrASN_Length, 0,
- cert->source, &idx, maxIdx);
- /* idx is now at end of attribute data. */
- if (ret == 0) {
- ret = DecodeCertReqAttrValue(cert, criticalExt,
- dataASN[REQATTRASN_IDX_TYPE].data.oid.sum,
- GetASNItem_DataIdx(dataASN[REQATTRASN_IDX_VALS], cert->source),
- dataASN[REQATTRASN_IDX_VALS].data.ref.data,
- dataASN[REQATTRASN_IDX_VALS].data.ref.length);
- }
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- }
- /* ASN.1 template for a certificate request.
- * PKCS#10: RFC 2986, 4.1 - CertificationRequestInfo
- * PKCS#10: RFC 2986, 4.2 - CertificationRequest
- */
- static const ASNItem certReqASN[] = {
- /* CertificationRequest */
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* CertificationRequestInfo */
- /* INFO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* version INTEGER { v1(0), v2(1), v3(2) */
- /* INFO_VER */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* subject Name */
- /* INFO_SUBJ_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0 },
- /* subjectPublicKeyInfo SubjectPublicKeyInfo */
- /* INFO_SPUBKEYINFO_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* algorithm AlgorithmIdentifier */
- /* INFO_SPUBKEYINFO_ALGOID_SEQ */ { 3, ASN_SEQUENCE, 1, 1, 0 },
- /* Algorithm OBJECT IDENTIFIER */
- /* INFO_SPUBKEYINFO_ALGOID_OID */ { 4, ASN_OBJECT_ID, 0, 0, 0 },
- /* parameters ANY defined by algorithm OPTIONAL */
- /* INFO_SPUBKEYINFO_ALGOID_NULL */ { 4, ASN_TAG_NULL, 0, 0, 1 },
- /* INFO_SPUBKEYINFO_ALGOID_CURVEID */ { 4, ASN_OBJECT_ID, 0, 0, 1 },
- /* INFO_SPUBKEYINFO_ALGOID_PARAMS */ { 4, ASN_SEQUENCE, 1, 0, 1 },
- /* subjectPublicKey BIT STRING */
- /* INFO_SPUBKEYINFO_PUBKEY */ { 3, ASN_BIT_STRING, 0, 0, 0 },
- /* attributes [0] Attributes */
- /* INFO_ATTRS */ { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 },
- /* signatureAlgorithm AlgorithmIdentifier */
- /* INFO_SIGALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* Algorithm OBJECT IDENTIFIER */
- /* INFO_SIGALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* parameters ANY defined by algorithm OPTIONAL */
- /* INFO_SIGALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 },
- /* signature BIT STRING */
- /* INFO_SIGNATURE */ { 1, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- CERTREQASN_IDX_SEQ = 0,
- CERTREQASN_IDX_INFO_SEQ,
- CERTREQASN_IDX_INFO_VER,
- CERTREQASN_IDX_INFO_SUBJ_SEQ,
- CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ,
- CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_SEQ,
- CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_OID,
- CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_NULL,
- CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_CURVEID,
- CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_PARAMS,
- CERTREQASN_IDX_INFO_SPUBKEYINFO_PUBKEY,
- CERTREQASN_IDX_INFO_ATTRS,
- CERTREQASN_IDX_INFO_SIGALGO_SEQ,
- CERTREQASN_IDX_INFO_SIGALGO_OID,
- CERTREQASN_IDX_INFO_SIGALGO_NULL,
- CERTREQASN_IDX_INFO_SIGNATURE
- };
- /* Number of items in ASN.1 template for a certificate request. */
- #define certReqASN_Length (sizeof(certReqASN) / sizeof(ASNItem))
- /* Parse BER encoded certificate request.
- *
- * RFC 2986 - PKCS #10: Certification Request Syntax Specification Version 1.7
- *
- * @param [in] cert Certificate request object.
- * @param [out] criticalExt Critical extension return code.
- * @return 0 on success.
- * @return ASN_CRIT_EXT_E when a critical extension was not recognized.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return BUFFER_E when data in buffer is too small.
- * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
- * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
- * non-zero length.
- * @return ASN_UNKNOWN_OID_E when the OID cannot be verified.
- * @return MEMORY_E on dynamic memory allocation failure.
- */
- static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
- {
- DECL_ASNGETDATA(dataASN, certReqASN_Length);
- int ret = 0;
- byte version;
- word32 idx;
- CALLOC_ASNGETDATA(dataASN, certReqASN_Length, ret, cert->heap);
- if (ret == 0) {
- /* Default version is 0. */
- version = 0;
- /* Set version var and OID types to expect. */
- GetASN_Int8Bit(&dataASN[CERTREQASN_IDX_INFO_VER], &version);
- GetASN_OID(&dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_OID],
- oidKeyType);
- GetASN_OID(&dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_CURVEID],
- oidCurveType);
- GetASN_OID(&dataASN[CERTREQASN_IDX_INFO_SIGALGO_OID], oidSigType);
- /* Parse a certificate request. */
- ret = GetASN_Items(certReqASN, dataASN, certReqASN_Length, 1,
- cert->source, &cert->srcIdx, cert->maxIdx);
- }
- /* Check version is valid/supported - can't be negative. */
- if ((ret == 0) && (version > MAX_X509_VERSION)) {
- WOLFSSL_MSG("Unexpected certificate request version");
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- /* Set fields of certificate request. */
- cert->version = version;
- cert->signatureOID =
- dataASN[CERTREQASN_IDX_INFO_SIGALGO_OID].data.oid.sum;
- cert->keyOID =
- dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_OID].data.oid.sum;
- cert->certBegin = dataASN[CERTREQASN_IDX_INFO_SEQ].offset;
- /* Parse the subject name. */
- idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset;
- ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT,
- cert->source, &idx,
- dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset);
- }
- if (ret == 0) {
- /* Parse the certificate request Attributes. */
- ret = DecodeCertReqAttributes(cert, criticalExt,
- GetASNItem_DataIdx(dataASN[CERTREQASN_IDX_INFO_ATTRS],
- cert->source),
- dataASN[CERTREQASN_IDX_INFO_SIGALGO_SEQ].offset);
- }
- if (ret == 0) {
- /* Parse the certificate request's key. */
- idx = dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset;
- ret = GetCertKey(cert, cert->source, &idx,
- dataASN[CERTREQASN_IDX_INFO_ATTRS].offset);
- }
- if (ret == 0) {
- /* Store references to signature. */
- cert->sigIndex = dataASN[CERTREQASN_IDX_INFO_SIGALGO_SEQ].offset;
- GetASN_GetConstRef(&dataASN[CERTREQASN_IDX_INFO_SIGNATURE],
- &cert->signature, &cert->sigLength);
- }
- FREE_ASNGETDATA(dataASN, cert->heap);
- return ret;
- }
- #endif /* WOLFSSL_CERT_REQ */
- #endif
- int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
- {
- int ret;
- #if (!defined(WOLFSSL_NO_MALLOC) && !defined(NO_WOLFSSL_CM_VERIFY)) || \
- defined(WOLFSSL_DYN_CERT)
- char* ptr;
- #endif
- ret = ParseCertRelative(cert, type, verify, cm);
- if (ret < 0)
- return ret;
- #if (!defined(WOLFSSL_NO_MALLOC) && !defined(NO_WOLFSSL_CM_VERIFY)) || \
- defined(WOLFSSL_DYN_CERT)
- /* cert->subjectCN not stored as copy of WOLFSSL_NO_MALLOC defined */
- if (cert->subjectCNLen > 0) {
- ptr = (char*)XMALLOC((size_t)cert->subjectCNLen + 1, cert->heap,
- DYNAMIC_TYPE_SUBJECT_CN);
- if (ptr == NULL)
- return MEMORY_E;
- XMEMCPY(ptr, cert->subjectCN, (size_t)cert->subjectCNLen);
- ptr[cert->subjectCNLen] = '\0';
- cert->subjectCN = ptr;
- cert->subjectCNStored = 1;
- }
- #endif
- #if (!defined(WOLFSSL_NO_MALLOC) && !defined(NO_WOLFSSL_CM_VERIFY)) || \
- defined(WOLFSSL_DYN_CERT)
- /* cert->publicKey not stored as copy if WOLFSSL_NO_MALLOC defined */
- if ((cert->keyOID == RSAk
- #ifdef WC_RSA_PSS
- || cert->keyOID == RSAPSSk
- #endif
- ) && cert->publicKey != NULL && cert->pubKeySize > 0) {
- ptr = (char*)XMALLOC(cert->pubKeySize, cert->heap,
- DYNAMIC_TYPE_PUBLIC_KEY);
- if (ptr == NULL)
- return MEMORY_E;
- XMEMCPY(ptr, cert->publicKey, cert->pubKeySize);
- cert->publicKey = (byte *)ptr;
- cert->pubKeyStored = 1;
- }
- #endif
- return ret;
- }
- int wc_ParseCert(DecodedCert* cert, int type, int verify, void* cm)
- {
- return ParseCert(cert, type, verify, cm);
- }
- #ifdef WOLFCRYPT_ONLY
- /* dummy functions, not using wolfSSL so don't need actual ones */
- Signer* GetCA(void* signers, byte* hash);
- Signer* GetCA(void* signers, byte* hash)
- {
- (void)hash;
- return (Signer*)signers;
- }
- #ifndef NO_SKID
- Signer* GetCAByName(void* signers, byte* hash);
- Signer* GetCAByName(void* signers, byte* hash)
- {
- (void)hash;
- return (Signer*)signers;
- }
- #endif /* NO_SKID */
- #ifdef WOLFSSL_AKID_NAME
- Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
- const byte* serial, word32 serialSz);
- Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
- const byte* serial, word32 serialSz)
- {
- (void)issuer;
- (void)issuerSz;
- (void)serial;
- (void)serialSz;
- return (Signer*)vp;
- }
- #endif
- #endif /* WOLFCRYPT_ONLY */
- #if defined(WOLFSSL_NO_TRUSTED_CERTS_VERIFY) && !defined(NO_SKID)
- static Signer* GetCABySubjectAndPubKey(DecodedCert* cert, void* cm)
- {
- Signer* ca = NULL;
- if (cert->extSubjKeyIdSet)
- ca = GetCA(cm, cert->extSubjKeyId);
- if (ca == NULL)
- ca = GetCAByName(cm, cert->subjectHash);
- if (ca) {
- if ((ca->pubKeySize == cert->pubKeySize) &&
- (XMEMCMP(ca->publicKey, cert->publicKey, ca->pubKeySize) == 0)) {
- return ca;
- }
- }
- return NULL;
- }
- #endif
- #if defined(WOLFSSL_SMALL_CERT_VERIFY) || defined(OPENSSL_EXTRA)
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Get the Hash of the Authority Key Identifier from the list of extensions.
- *
- * @param [in] input Input data.
- * @param [in] maxIdx Maximum index for data.
- * @param [in] sigOID Signature OID for determining hash algorithm.
- * @param [out] hash Hash of AKI.
- * @param [out] set Whether the hash buffer was set.
- * @param [in] heap Dynamic memory allocation hint.
- * @return 0 on success.
- * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
- * is invalid.
- * @return MEMORY_E on dynamic memory allocation failure.
- */
- static int GetAKIHash(const byte* input, word32 maxIdx, word32 sigOID,
- byte* hash, int* set, void* heap)
- {
- /* AKI and Certificate Extension ASN.1 templates are the same length. */
- DECL_ASNGETDATA(dataASN, certExtASN_Length);
- int ret = 0;
- word32 idx = 0;
- word32 extEndIdx;
- byte* extData;
- word32 extDataSz;
- byte critical;
- ALLOC_ASNGETDATA(dataASN, certExtASN_Length, ret, heap);
- (void)heap;
- extEndIdx = idx + maxIdx;
- /* Step through each extension looking for AKI. */
- while ((ret == 0) && (idx < extEndIdx)) {
- /* Clear dynamic data and check for certificate extension type OIDs. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * certExtASN_Length);
- GetASN_OID(&dataASN[CERTEXTASN_IDX_OID], oidCertExtType);
- /* Set criticality variable. */
- GetASN_Int8Bit(&dataASN[CERTEXTASN_IDX_CRIT], &critical);
- /* Parse an extension. */
- ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, input,
- &idx, extEndIdx);
- if (ret == 0) {
- /* Get reference to extension data and move index on past this
- * extension. */
- GetASN_GetRef(&dataASN[CERTEXTASN_IDX_VAL], &extData, &extDataSz);
- idx += extDataSz;
- /* Check whether we have the AKI extension. */
- if (dataASN[CERTEXTASN_IDX_OID].data.oid.sum == AUTH_KEY_OID) {
- /* Clear dynamic data. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * authKeyIdASN_Length);
- /* Start parsing extension data from the start. */
- idx = 0;
- /* Parse AKI extension data. */
- ret = GetASN_Items(authKeyIdASN, dataASN, authKeyIdASN_Length,
- 1, extData, &idx, extDataSz);
- if ((ret == 0) &&
- (dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data
- != NULL)) {
- /* We parsed successfully and have data. */
- *set = 1;
- /* Get the hash or hash of the hash if wrong size. */
- ret = GetHashId(
- dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data,
- (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length,
- hash, HashIdAlg(sigOID));
- }
- break;
- }
- }
- }
- FREE_ASNGETDATA(dataASN, heap);
- return ret;
- }
- #endif
- /* Only quick step through the certificate to find fields that are then used
- * in certificate signature verification.
- * Must use the signature OID from the signed part of the certificate.
- * Works also on certificate signing requests.
- *
- * This is only for minimizing dynamic memory usage during TLS certificate
- * chain processing.
- * Doesn't support:
- * OCSP Only: alt lookup using subject and pub key w/o sig check
- */
- static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
- void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID, int req)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- #ifndef WOLFSSL_SMALL_STACK
- SignatureCtx sigCtx[1];
- #else
- SignatureCtx* sigCtx;
- #endif
- byte hash[KEYID_SIZE];
- Signer* ca = NULL;
- word32 idx = 0;
- int len;
- word32 tbsCertIdx = 0;
- word32 sigIndex = 0;
- word32 signatureOID = 0;
- word32 oid = 0;
- word32 issuerIdx = 0;
- word32 issuerSz = 0;
- #ifndef NO_SKID
- int extLen = 0;
- word32 extIdx = 0;
- word32 extEndIdx = 0;
- int extAuthKeyIdSet = 0;
- #endif
- int ret = 0;
- word32 localIdx;
- byte tag;
- const byte* sigParams = NULL;
- word32 sigParamsSz = 0;
- if (cert == NULL) {
- return BAD_FUNC_ARG;
- }
- #ifdef WOLFSSL_SMALL_STACK
- sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap, DYNAMIC_TYPE_SIGNATURE);
- if (sigCtx == NULL)
- return MEMORY_E;
- #endif
- InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
- /* Certificate SEQUENCE */
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- if (ret == 0) {
- tbsCertIdx = idx;
- /* TBSCertificate SEQUENCE */
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- sigIndex = len + idx;
- if ((idx + 1) > certSz)
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* version - optional */
- localIdx = idx;
- if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) {
- if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) {
- idx++;
- if (GetLength(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- idx += len;
- }
- }
- }
- if (ret == 0) {
- /* serialNumber */
- if (GetASNHeader(cert, ASN_INTEGER, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- idx += len;
- /* signature */
- if (!req) {
- if (GetAlgoId(cert, &idx, &signatureOID, oidSigType, certSz) < 0)
- ret = ASN_PARSE_E;
- #ifdef WC_RSA_PSS
- else if (signatureOID == CTC_RSASSAPSS) {
- int start = idx;
- sigParams = cert + idx;
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- if (ret == 0) {
- idx += len;
- sigParamsSz = idx - start;
- }
- }
- #endif
- }
- }
- if (ret == 0) {
- issuerIdx = idx;
- /* issuer for cert or subject for csr */
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- issuerSz = len + idx - issuerIdx;
- }
- #ifndef NO_SKID
- if (!req && ret == 0) {
- idx += len;
- /* validity */
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (!req && ret == 0) {
- idx += len;
- /* subject */
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- idx += len;
- /* subjectPublicKeyInfo */
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (req && ret == 0) {
- idx += len;
- /* attributes */
- if (GetASNHeader_ex(cert,
- ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx,
- &len, certSz, 1) < 0)
- ret = ASN_PARSE_E;
- }
- if (!req) {
- if (ret == 0) {
- idx += len;
- if ((idx + 1) > certSz)
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* issuerUniqueID - optional */
- localIdx = idx;
- if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) {
- if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) {
- idx++;
- if (GetLength(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- idx += len;
- }
- }
- }
- if (ret == 0) {
- if ((idx + 1) > certSz)
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* subjectUniqueID - optional */
- localIdx = idx;
- if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) {
- if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) {
- idx++;
- if (GetLength(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- idx += len;
- }
- }
- }
- if (ret == 0) {
- if ((idx + 1) > certSz)
- ret = BUFFER_E;
- }
- /* extensions - optional */
- localIdx = idx;
- if (ret == 0 && GetASNTag(cert, &localIdx, &tag, certSz) == 0 &&
- tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)) {
- idx++;
- if (GetLength(cert, &idx, &extLen, certSz) < 0)
- ret = ASN_PARSE_E;
- if (ret == 0) {
- if (GetSequence(cert, &idx, &extLen, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- extEndIdx = idx + extLen;
- /* Check each extension for the ones we want. */
- while (ret == 0 && idx < extEndIdx) {
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- if (ret == 0) {
- extIdx = idx;
- if (GetObjectId(cert, &extIdx, &oid, oidCertExtType,
- certSz) < 0) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- if ((extIdx + 1) > certSz)
- ret = BUFFER_E;
- }
- }
- if (ret == 0) {
- localIdx = extIdx;
- if (GetASNTag(cert, &localIdx, &tag, certSz) == 0 &&
- tag == ASN_BOOLEAN) {
- if (GetBoolean(cert, &extIdx, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- }
- if (ret == 0) {
- if (GetOctetString(cert, &extIdx, &extLen, certSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- switch (oid) {
- case AUTH_KEY_OID:
- if (GetSequence(cert, &extIdx, &extLen, certSz) < 0)
- ret = ASN_PARSE_E;
- if (ret == 0 && (extIdx + 1) >= certSz)
- ret = BUFFER_E;
- if (ret == 0 &&
- GetASNTag(cert, &extIdx, &tag, certSz) == 0 &&
- tag == (ASN_CONTEXT_SPECIFIC | 0)) {
- if (GetLength(cert, &extIdx, &extLen, certSz) <= 0)
- ret = ASN_PARSE_E;
- if (ret == 0) {
- extAuthKeyIdSet = 1;
- /* Get the hash or hash of the hash if wrong
- * size. */
- ret = GetHashId(cert + extIdx, extLen,
- hash, HashIdAlg(signatureOID));
- }
- }
- break;
- default:
- break;
- }
- }
- idx += len;
- }
- }
- }
- }
- else if (ret == 0) {
- idx += len;
- }
- if (ret == 0 && pubKey == NULL) {
- if (extAuthKeyIdSet)
- ca = GetCA(cm, hash);
- if (ca == NULL) {
- ret = CalcHashId_ex(cert + issuerIdx, issuerSz, hash,
- HashIdAlg(signatureOID));
- if (ret == 0)
- ca = GetCAByName(cm, hash);
- }
- }
- #else
- if (ret == 0 && pubKey == NULL) {
- ret = CalcHashId_ex(cert + issuerIdx, issuerSz, hash,
- HashIdAlg(signatureOID));
- if (ret == 0)
- ca = GetCA(cm, hash);
- }
- #endif /* !NO_SKID */
- if (ca == NULL && pubKey == NULL)
- ret = ASN_NO_SIGNER_E;
- if (ret == 0) {
- idx = sigIndex;
- /* signatureAlgorithm */
- if (GetAlgoId(cert, &idx, &oid, oidSigType, certSz) < 0)
- ret = ASN_PARSE_E;
- #ifdef WC_RSA_PSS
- else if (signatureOID == CTC_RSASSAPSS) {
- word32 sz = idx;
- const byte* params = cert + idx;
- if (GetSequence(cert, &idx, &len, certSz) < 0)
- ret = ASN_PARSE_E;
- if (ret == 0) {
- idx += len;
- sz = idx - sz;
- if (req) {
- if ((sz != sigParamsSz) ||
- (XMEMCMP(sigParams, params, sz) != 0)) {
- ret = ASN_PARSE_E;
- }
- }
- else {
- sigParams = params;
- sigParamsSz = sz;
- }
- }
- }
- #endif
- /* In CSR signature data is not present in body */
- if (req)
- signatureOID = oid;
- }
- if (ret == 0) {
- if (oid != signatureOID)
- ret = ASN_SIG_OID_E;
- }
- if (ret == 0) {
- /* signatureValue */
- if (CheckBitString(cert, &idx, &len, certSz, 1, NULL) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- if (pubKey != NULL) {
- ret = ConfirmSignature(sigCtx, cert + tbsCertIdx,
- sigIndex - tbsCertIdx, pubKey, pubKeySz, pubKeyOID,
- cert + idx, len, signatureOID, sigParams, sigParamsSz, NULL);
- }
- else {
- ret = ConfirmSignature(sigCtx, cert + tbsCertIdx,
- sigIndex - tbsCertIdx, ca->publicKey, ca->pubKeySize,
- ca->keyOID, cert + idx, len, signatureOID, sigParams,
- sigParamsSz, NULL);
- }
- if (ret != 0) {
- WOLFSSL_ERROR_VERBOSE(ret);
- WOLFSSL_MSG("Confirm signature failed");
- }
- }
- FreeSignatureCtx(sigCtx);
- #ifdef WOLFSSL_SMALL_STACK
- if (sigCtx != NULL)
- XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
- #endif
- return ret;
- #else /* WOLFSSL_ASN_TEMPLATE */
- /* X509 ASN.1 template longer than Certificate Request template. */
- DECL_ASNGETDATA(dataASN, x509CertASN_Length);
- #ifndef WOLFSSL_SMALL_STACK
- SignatureCtx sigCtx[1];
- #else
- SignatureCtx* sigCtx = NULL;
- #endif
- byte hash[KEYID_SIZE];
- Signer* ca = NULL;
- int ret = 0;
- word32 idx = 0;
- #ifndef NO_SKID
- int extAuthKeyIdSet = 0;
- #endif
- const byte* tbs = NULL;
- word32 tbsSz = 0;
- #ifdef WC_RSA_PSS
- const byte* tbsParams = NULL;
- word32 tbsParamsSz = 0;
- #endif
- const byte* sig = NULL;
- word32 sigSz = 0;
- word32 sigOID = 0;
- const byte* sigParams = NULL;
- word32 sigParamsSz = 0;
- const byte* caName = NULL;
- word32 caNameLen = 0;
- #ifndef NO_SKID
- const byte* akiData = NULL;
- word32 akiLen = 0;
- #endif
- (void)req;
- (void)heap;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- ALLOC_ASNGETDATA(dataASN, x509CertASN_Length, ret, heap);
- if ((ret == 0) && (!req)) {
- /* Clear dynamic data for certificate items. */
- XMEMSET(dataASN, 0, sizeof(ASNGetData) * x509CertASN_Length);
- /* Set OID types expected for signature and public key. */
- GetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID], oidSigType);
- GetASN_OID(&dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID],
- oidKeyType);
- GetASN_OID(&dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_CURVEID],
- oidCurveType);
- GetASN_OID(&dataASN[X509CERTASN_IDX_SIGALGO_OID], oidSigType);
- /* Parse certificate. */
- ret = GetASN_Items(x509CertASN, dataASN, x509CertASN_Length, 1, cert,
- &idx, certSz);
- /* Check signature OIDs match. */
- if ((ret == 0) && dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].data.oid.sum
- != dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum) {
- ret = ASN_SIG_OID_E;
- }
- /* Store the data for verification in the certificate. */
- if (ret == 0) {
- tbs = GetASNItem_Addr(dataASN[X509CERTASN_IDX_TBS_SEQ], cert);
- tbsSz = GetASNItem_Length(dataASN[X509CERTASN_IDX_TBS_SEQ], cert);
- caName = GetASNItem_Addr(dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ],
- cert);
- caNameLen = GetASNItem_Length(dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ],
- cert);
- sigOID = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
- #ifdef WC_RSA_PSS
- if (dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS].tag != 0) {
- tbsParams =
- GetASNItem_Addr(dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS],
- cert);
- tbsParamsSz =
- GetASNItem_Length(dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS],
- cert);
- }
- if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
- sigParams =
- GetASNItem_Addr(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS],
- cert);
- sigParamsSz =
- GetASNItem_Length(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS],
- cert);
- }
- #endif
- GetASN_GetConstRef(&dataASN[X509CERTASN_IDX_SIGNATURE], &sig, &sigSz);
- #ifdef WC_RSA_PSS
- if (tbsParamsSz != sigParamsSz) {
- ret = ASN_PARSE_E;
- }
- else if ((tbsParamsSz > 0) && (sigOID != CTC_RSASSAPSS)) {
- ret = ASN_PARSE_E;
- }
- else if ((tbsParamsSz > 0) &&
- (XMEMCMP(tbsParams, sigParams, tbsParamsSz) != 0)) {
- ret = ASN_PARSE_E;
- }
- #endif
- }
- }
- else if (ret == 0) {
- #ifndef WOLFSSL_CERT_REQ
- ret = NOT_COMPILED_IN;
- #else
- /* Clear dynamic data for certificate request items. */
- XMEMSET(dataASN, 0, sizeof(ASNGetData) * certReqASN_Length);
- /* Set OID types expected for signature and public key. */
- GetASN_OID(&dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_OID],
- oidKeyType);
- GetASN_OID(&dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_CURVEID],
- oidCurveType);
- GetASN_OID(&dataASN[CERTREQASN_IDX_INFO_SIGALGO_OID], oidSigType);
- /* Parse certificate request. */
- ret = GetASN_Items(certReqASN, dataASN, certReqASN_Length, 1, cert,
- &idx, certSz);
- if (ret == 0) {
- /* Store the data for verification in the certificate. */
- tbs = GetASNItem_Addr(dataASN[CERTREQASN_IDX_INFO_SEQ], cert);
- tbsSz = GetASNItem_Length(dataASN[CERTREQASN_IDX_INFO_SEQ], cert);
- caName = GetASNItem_Addr(
- dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ], cert);
- caNameLen = GetASNItem_Length(
- dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ], cert);
- sigOID = dataASN[CERTREQASN_IDX_INFO_SIGALGO_OID].data.oid.sum;
- #ifdef WC_RSA_PSS
- sigParams = GetASNItem_Addr(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS],
- cert);
- sigParamsSz =
- GetASNItem_Length(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS],
- cert);
- #endif
- GetASN_GetConstRef(&dataASN[CERTREQASN_IDX_INFO_SIGNATURE], &sig,
- &sigSz);
- }
- #endif
- }
- #ifndef NO_SKID
- if ((ret == 0) && (pubKey == NULL) && !req) {
- akiData = dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.ref.data;
- akiLen = dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.ref.length;
- }
- #endif
- FREE_ASNGETDATA(dataASN, heap);
- /* If no public passed, then find the CA. */
- if ((ret == 0) && (pubKey == NULL)) {
- #ifndef NO_SKID
- /* Find the AKI extension in list of extensions and get hash. */
- if ((!req) && (akiData != NULL)) {
- /* TODO: test case */
- ret = GetAKIHash(akiData, akiLen, sigOID, hash, &extAuthKeyIdSet,
- heap);
- }
- /* Get the CA by hash one was found. */
- if (extAuthKeyIdSet) {
- ca = GetCA(cm, hash);
- }
- if (ca == NULL)
- #endif
- {
- /* Try hash of issuer name. */
- ret = CalcHashId_ex(caName, caNameLen, hash, HashIdAlg(sigOID));
- if (ret == 0) {
- ca = GetCAByName(cm, hash);
- }
- }
- if (ca != NULL) {
- /* Extract public key information. */
- pubKey = ca->publicKey;
- pubKeySz = ca->pubKeySize;
- pubKeyOID = (int)ca->keyOID;
- }
- else {
- /* No public key to verify with. */
- ret = ASN_NO_SIGNER_E;
- }
- }
- if (ret == 0) {
- #ifdef WOLFSSL_SMALL_STACK
- sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap,
- DYNAMIC_TYPE_SIGNATURE);
- if (sigCtx == NULL) {
- ret = MEMORY_E;
- }
- if (ret == 0)
- #endif
- {
- InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
- /* Check signature. */
- ret = ConfirmSignature(sigCtx, tbs, tbsSz, pubKey, pubKeySz,
- (word32)pubKeyOID, sig, sigSz, sigOID, sigParams, sigParamsSz,
- NULL);
- if (ret != 0) {
- WOLFSSL_MSG("Confirm signature failed");
- }
- FreeSignatureCtx(sigCtx);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
- #endif
- }
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef OPENSSL_EXTRA
- /* Call CheckCertSignature_ex using a public key buffer for verification
- */
- int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap,
- const byte* pubKey, word32 pubKeySz, int pubKeyOID)
- {
- return CheckCertSignature_ex(cert, certSz, heap, NULL,
- pubKey, pubKeySz, pubKeyOID, 0);
- }
- int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, void* heap,
- const byte* pubKey, word32 pubKeySz, int pubKeyOID)
- {
- return CheckCertSignaturePubKey(cert, certSz, heap, pubKey, pubKeySz,
- pubKeyOID);
- }
- #ifdef WOLFSSL_CERT_REQ
- int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
- const byte* pubKey, word32 pubKeySz, int pubKeyOID)
- {
- return CheckCertSignature_ex(cert, certSz, heap, NULL,
- pubKey, pubKeySz, pubKeyOID, 1);
- }
- #endif /* WOLFSSL_CERT_REQ */
- #endif /* OPENSSL_EXTRA */
- #ifdef WOLFSSL_SMALL_CERT_VERIFY
- /* Call CheckCertSignature_ex using a certificate manager (cm)
- */
- int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)
- {
- return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0);
- }
- #endif /* WOLFSSL_SMALL_CERT_VERIFY */
- #endif /* WOLFSSL_SMALL_CERT_VERIFY || OPENSSL_EXTRA */
- #if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \
- (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)))
- /* ASN.1 DER decode instruction. */
- typedef struct DecodeInstr {
- /* Tag expected. */
- byte tag;
- /* Operation to perform: step in or go over */
- byte op:1;
- /* ASN.1 item is optional. */
- byte optional:1;
- } DecodeInstr;
- /* Step into ASN.1 item. */
- #define DECODE_INSTR_IN 0
- /* Step over ASN.1 item. */
- #define DECODE_INSTR_OVER 1
- /* Get the public key data from the DER encoded X.509 certificate.
- *
- * Assumes data has previously been parsed for complete validity.
- *
- * @param [in] cert DER encoded X.509 certificate data.
- * @param [in] certSz Length of DER encoding.
- * @param [out] pubKey Public key data. (From the BIT_STRING.)
- * @param [out] pubKeySz Length of public key data in bytes.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when cert, pubKey or pubKeySz is NULL.
- * @return ASN_PARSE_E when certificate encoding is invalid.
- */
- int wc_CertGetPubKey(const byte* cert, word32 certSz,
- const unsigned char** pubKey, word32* pubKeySz)
- {
- int ret = 0;
- int l;
- word32 o = 0;
- int i;
- static DecodeInstr ops[] = {
- /* Outer SEQ */
- { ASN_SEQUENCE | ASN_CONSTRUCTED, DECODE_INSTR_IN , 0 },
- /* TBSCertificate: SEQ */
- { ASN_SEQUENCE | ASN_CONSTRUCTED, DECODE_INSTR_IN , 0 },
- /* Version: [0] */
- { ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_X509_CERT_VERSION,
- DECODE_INSTR_OVER, 1 },
- /* CertificateSerialNumber: INT */
- { ASN_INTEGER, DECODE_INSTR_OVER, 0 },
- /* AlgorithmIdentifier: SEQ */
- { ASN_SEQUENCE | ASN_CONSTRUCTED, DECODE_INSTR_OVER, 0 },
- /* issuer: SEQ */
- { ASN_SEQUENCE | ASN_CONSTRUCTED, DECODE_INSTR_OVER, 0 },
- /* Validity: SEQ */
- { ASN_SEQUENCE | ASN_CONSTRUCTED, DECODE_INSTR_OVER, 0 },
- /* subject: SEQ */
- { ASN_SEQUENCE | ASN_CONSTRUCTED, DECODE_INSTR_OVER, 0 },
- /* subjectPublicKeyInfo SEQ */
- { ASN_SEQUENCE | ASN_CONSTRUCTED, DECODE_INSTR_IN , 0 },
- /* AlgorithmIdentifier: SEQ */
- { ASN_SEQUENCE | ASN_CONSTRUCTED, DECODE_INSTR_OVER, 0 },
- /* PublicKey: BIT_STRING */
- { ASN_BIT_STRING, DECODE_INSTR_IN , 0 },
- };
- /* Validate parameters. */
- if ((cert == NULL) || (pubKey == NULL) || (pubKeySz == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- /* Process each instruction to take us to public key data. */
- for (i = 0; (ret == 0) && (i < (int)(sizeof(ops) / sizeof(*ops))); i++) {
- DecodeInstr op = ops[i];
- /* Check the current ASN.1 item has the expected tag. */
- if (cert[o] != op.tag) {
- /* If not optional then error, otherwise skip op. */
- if (!op.optional) {
- ret = ASN_PARSE_E;
- }
- }
- else {
- /* Move past tag. */
- o++;
- /* Get the length of ASN.1 item and move past length encoding. */
- if (GetLength(cert, &o, &l, certSz) < 0) {
- ret = ASN_PARSE_E;
- }
- /* Skip data if required. */
- else if (op.op == DECODE_INSTR_OVER) {
- o += (word32)l;
- }
- }
- }
- if (ret == 0) {
- /* Return the public key data and length.
- * Skip first byte of BIT_STRING data: unused bits. */
- *pubKey = cert + o + 1;
- *pubKeySz = (word32)(l - 1);
- }
- return ret;
- }
- #endif
- int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
- {
- int ret = 0;
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 confirmOID = 0;
- #ifdef WOLFSSL_CERT_REQ
- int len = 0;
- #endif
- #endif
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
- int idx = 0;
- #endif
- byte* sce_tsip_encRsaKeyIdx;
- if (cert == NULL) {
- return BAD_FUNC_ARG;
- }
- #ifdef WOLFSSL_CERT_REQ
- if (type == CERTREQ_TYPE)
- cert->isCSR = 1;
- #endif
- if (cert->sigCtx.state == SIG_STATE_BEGIN) {
- #ifndef WOLFSSL_ASN_TEMPLATE
- cert->badDate = 0;
- cert->criticalExt = 0;
- if ((ret = DecodeToKey(cert, verify)) < 0) {
- if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) {
- cert->badDate = ret;
- if (verify == VERIFY_SKIP_DATE)
- ret = 0;
- }
- else
- return ret;
- }
- WOLFSSL_MSG("Parsed Past Key");
- #if defined(HAVE_RPK)
- if (cert->isRPK) {
- return ret;
- }
- #endif /* HAVE_RPK */
- #ifdef WOLFSSL_CERT_REQ
- /* Read attributes */
- if (cert->isCSR) {
- if (GetASNHeader_ex(cert->source,
- ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &cert->srcIdx,
- &len, cert->maxIdx, 1) < 0) {
- WOLFSSL_MSG("GetASNHeader_ex error");
- return ASN_PARSE_E;
- }
- if (len) {
- word32 attrMaxIdx = cert->srcIdx + (word32)len;
- word32 oid;
- byte tag;
- if (attrMaxIdx > cert->maxIdx) {
- WOLFSSL_MSG("Attribute length greater than CSR length");
- return ASN_PARSE_E;
- }
- while (cert->srcIdx < attrMaxIdx) {
- /* Attributes have the structure:
- * SEQ -> OID -> SET -> ATTRIBUTE */
- if (GetSequence(cert->source, &cert->srcIdx, &len,
- attrMaxIdx) < 0) {
- WOLFSSL_MSG("attr GetSequence error");
- return ASN_PARSE_E;
- }
- if (GetObjectId(cert->source, &cert->srcIdx, &oid,
- oidCsrAttrType, attrMaxIdx) < 0) {
- WOLFSSL_MSG("attr GetObjectId error");
- return ASN_PARSE_E;
- }
- if (GetSet(cert->source, &cert->srcIdx, &len,
- attrMaxIdx) < 0) {
- WOLFSSL_MSG("attr GetSet error");
- return ASN_PARSE_E;
- }
- switch (oid) {
- case PKCS9_CONTENT_TYPE_OID:
- if (GetHeader(cert->source, &tag,
- &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
- WOLFSSL_MSG("attr GetHeader error");
- return ASN_PARSE_E;
- }
- if (tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING &&
- tag != ASN_IA5_STRING) {
- WOLFSSL_MSG("Unsupported attribute value format");
- return ASN_PARSE_E;
- }
- cert->contentType = (char*)cert->source + cert->srcIdx;
- cert->contentTypeLen = len;
- cert->srcIdx += (word32)len;
- break;
- case CHALLENGE_PASSWORD_OID:
- if (GetHeader(cert->source, &tag,
- &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
- WOLFSSL_MSG("attr GetHeader error");
- return ASN_PARSE_E;
- }
- if (tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING &&
- tag != ASN_IA5_STRING) {
- WOLFSSL_MSG("Unsupported attribute value format");
- return ASN_PARSE_E;
- }
- cert->cPwd = (char*)cert->source + cert->srcIdx;
- cert->cPwdLen = len;
- cert->srcIdx += (word32)len;
- break;
- case SERIAL_NUMBER_OID:
- if (GetHeader(cert->source, &tag,
- &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
- WOLFSSL_MSG("attr GetHeader error");
- return ASN_PARSE_E;
- }
- if (tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING &&
- tag != ASN_IA5_STRING) {
- WOLFSSL_MSG("Unsupported attribute value format");
- return ASN_PARSE_E;
- }
- cert->sNum = (char*)cert->source + cert->srcIdx;
- cert->sNumLen = len;
- cert->srcIdx += (word32)len;
- if (cert->sNumLen <= EXTERNAL_SERIAL_SIZE) {
- XMEMCPY(cert->serial, cert->sNum,
- (size_t)cert->sNumLen);
- cert->serialSz = cert->sNumLen;
- }
- break;
- case DNQUALIFIER_OID:
- if (GetHeader(cert->source, &tag,
- &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
- WOLFSSL_MSG("attr GetHeader error");
- return ASN_PARSE_E;
- }
- cert->dnQualifier = (char*)cert->source + cert->srcIdx;
- cert->dnQualifierLen = len;
- cert->srcIdx += (word32)len;
- break;
- case INITIALS_OID:
- if (GetHeader(cert->source, &tag,
- &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
- WOLFSSL_MSG("attr GetHeader error");
- return ASN_PARSE_E;
- }
- cert->initials = (char*)cert->source + cert->srcIdx;
- cert->initialsLen = len;
- cert->srcIdx += (word32)len;
- break;
- case SURNAME_OID:
- if (GetHeader(cert->source, &tag,
- &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
- WOLFSSL_MSG("attr GetHeader error");
- return ASN_PARSE_E;
- }
- cert->surname = (char*)cert->source + cert->srcIdx;
- cert->surnameLen = len;
- cert->srcIdx += (word32)len;
- break;
- case GIVEN_NAME_OID:
- if (GetHeader(cert->source, &tag,
- &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
- WOLFSSL_MSG("attr GetHeader error");
- return ASN_PARSE_E;
- }
- cert->givenName = (char*)cert->source + cert->srcIdx;
- cert->givenNameLen = len;
- cert->srcIdx += (word32)len;
- break;
- case UNSTRUCTURED_NAME_OID:
- if (GetHeader(cert->source, &tag,
- &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
- WOLFSSL_MSG("attr GetHeader error");
- return ASN_PARSE_E;
- }
- cert->unstructuredName =
- (char*)cert->source + cert->srcIdx;
- cert->unstructuredNameLen = len;
- cert->srcIdx += (word32)len;
- break;
- case EXTENSION_REQUEST_OID:
- /* save extensions */
- cert->extensions = &cert->source[cert->srcIdx];
- cert->extensionsSz = len;
- cert->extensionsIdx = cert->srcIdx; /* for potential later use */
- if ((ret = DecodeCertExtensions(cert)) < 0) {
- if (ret == ASN_CRIT_EXT_E) {
- cert->criticalExt = ret;
- }
- else {
- return ret;
- }
- }
- cert->srcIdx += (word32)len;
- break;
- default:
- WOLFSSL_MSG("Unsupported attribute type");
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- }
- }
- }
- #endif
- if (cert->srcIdx < cert->sigIndex) {
- #ifndef ALLOW_V1_EXTENSIONS
- if (cert->version < 2) {
- WOLFSSL_MSG("\tv1 and v2 certs not allowed extensions");
- WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E);
- return ASN_VERSION_E;
- }
- #endif
- /* save extensions */
- cert->extensions = &cert->source[cert->srcIdx];
- cert->extensionsSz = (int)(cert->sigIndex - cert->srcIdx);
- cert->extensionsIdx = cert->srcIdx; /* for potential later use */
- if ((ret = DecodeCertExtensions(cert)) < 0) {
- if (ret == ASN_CRIT_EXT_E)
- cert->criticalExt = ret;
- else
- return ret;
- }
- #ifdef HAVE_OCSP
- if (verify == VERIFY_OCSP_CERT) {
- /* trust for the lifetime of the responder's cert*/
- if (cert->ocspNoCheckSet)
- verify = VERIFY;
- else
- verify = VERIFY_OCSP;
- }
- #endif
- /* advance past extensions */
- cert->srcIdx = cert->sigIndex;
- }
- if ((ret = GetSigAlg(cert,
- #ifdef WOLFSSL_CERT_REQ
- !cert->isCSR ? &confirmOID : &cert->signatureOID,
- #else
- &confirmOID,
- #endif
- cert->maxIdx)) < 0) {
- return ret;
- }
- if ((ret = GetSignature(cert)) < 0) {
- return ret;
- }
- if (confirmOID != cert->signatureOID
- #ifdef WOLFSSL_CERT_REQ
- && !cert->isCSR
- #endif
- ) {
- WOLFSSL_ERROR_VERBOSE(ASN_SIG_OID_E);
- return ASN_SIG_OID_E;
- }
- #else
- #ifdef WOLFSSL_CERT_REQ
- if (cert->isCSR) {
- ret = DecodeCertReq(cert, &cert->criticalExt);
- if (ret < 0) {
- return ret;
- }
- }
- else
- #endif
- {
- ret = DecodeCert(cert, verify, &cert->criticalExt);
- if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) {
- cert->badDate = ret;
- if (verify == VERIFY_SKIP_DATE)
- ret = 0;
- }
- else if (ret < 0) {
- WOLFSSL_ERROR_VERBOSE(ret);
- return ret;
- }
- #if defined(HAVE_RPK)
- if (cert->isRPK) {
- return ret;
- }
- #endif /* HAVE_RPK */
- }
- #endif
- #ifndef ALLOW_INVALID_CERTSIGN
- /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9
- * If the cA boolean is not asserted, then the keyCertSign bit in the
- * key usage extension MUST NOT be asserted. */
- if (!cert->isCA && cert->extKeyUsageSet &&
- (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) != 0) {
- WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E);
- return KEYUSAGE_E;
- }
- #endif
- #ifndef NO_SKID
- if (cert->extSubjKeyIdSet == 0 && cert->publicKey != NULL &&
- cert->pubKeySize > 0) {
- if (cert->signatureOID == CTC_SM3wSM2) {
- /* TODO: GmSSL creates IDs this way but whole public key info
- * block should be hashed. */
- ret = CalcHashId_ex(cert->publicKey + cert->pubKeySize - 65, 65,
- cert->extSubjKeyId, HashIdAlg(cert->signatureOID));
- }
- else {
- ret = CalcHashId_ex(cert->publicKey, cert->pubKeySize,
- cert->extSubjKeyId, HashIdAlg(cert->signatureOID));
- }
- if (ret != 0) {
- WOLFSSL_ERROR_VERBOSE(ret);
- return ret;
- }
- }
- #endif /* !NO_SKID */
- if (!cert->selfSigned || (verify != NO_VERIFY && type != CA_TYPE &&
- type != TRUSTED_PEER_TYPE)) {
- cert->ca = NULL;
- #ifndef NO_SKID
- if (cert->extAuthKeyIdSet) {
- cert->ca = GetCA(cm, cert->extAuthKeyId);
- #ifdef WOLFSSL_AKID_NAME
- if (cert->ca == NULL) {
- cert->ca = GetCAByAKID(cm, cert->extAuthKeyIdIssuer,
- cert->extAuthKeyIdIssuerSz, cert->extAuthKeyIdIssuerSN,
- cert->extAuthKeyIdIssuerSNSz);
- }
- #endif
- }
- if (cert->ca == NULL && cert->extSubjKeyIdSet
- && verify != VERIFY_OCSP) {
- cert->ca = GetCA(cm, cert->extSubjKeyId);
- }
- if (cert->ca != NULL && XMEMCMP(cert->issuerHash,
- cert->ca->subjectNameHash, KEYID_SIZE) != 0) {
- cert->ca = NULL;
- }
- if (cert->ca == NULL) {
- cert->ca = GetCAByName(cm, cert->issuerHash);
- /* If AKID is available then this CA doesn't have the public
- * key required */
- if (cert->ca && cert->extAuthKeyIdSet) {
- WOLFSSL_MSG("CA SKID doesn't match AKID");
- cert->ca = NULL;
- }
- }
- /* OCSP Only: alt lookup using subject and pub key w/o sig check */
- #ifdef WOLFSSL_NO_TRUSTED_CERTS_VERIFY
- if (cert->ca == NULL && verify == VERIFY_OCSP) {
- cert->ca = GetCABySubjectAndPubKey(cert, cm);
- if (cert->ca) {
- ret = 0; /* success */
- goto exit_pcr;
- }
- }
- #endif /* WOLFSSL_NO_TRUSTED_CERTS_VERIFY */
- #else
- cert->ca = GetCA(cm, cert->issuerHash);
- #endif /* !NO_SKID */
- if (cert->ca) {
- WOLFSSL_MSG("CA found");
- }
- }
- /* Set to WOLFSSL_MAX_PATH_LEN by default in InitDecodedCert_ex */
- if (cert->pathLengthSet)
- cert->maxPathLen = cert->pathLength;
- if (!cert->selfSigned) {
- /* Need to perform a pathlen check on anything that will be used
- * to sign certificates later on. Otherwise, pathLen doesn't
- * mean anything.
- * Nothing to check if we don't have the issuer of this cert. */
- if (type != CERT_TYPE && cert->isCA && cert->extKeyUsageSet &&
- (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) != 0 && cert->ca) {
- if (cert->ca->maxPathLen == 0) {
- /* This cert CAN NOT be used as an intermediate cert. The
- * issuer does not allow it. */
- cert->maxPathLen = 0;
- if (verify != NO_VERIFY) {
- WOLFSSL_MSG("\tNon-entity cert, maxPathLen is 0");
- WOLFSSL_MSG("\tmaxPathLen status: ERROR");
- WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_INV_E);
- return ASN_PATHLEN_INV_E;
- }
- }
- else {
- cert->maxPathLen = (byte)min(cert->ca->maxPathLen - 1,
- cert->maxPathLen);
- }
- }
- }
- #ifdef HAVE_OCSP
- if (verify != NO_VERIFY && type != CA_TYPE &&
- type != TRUSTED_PEER_TYPE) {
- if (cert->ca) {
- /* Need the CA's public key hash for OCSP */
- XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash,
- KEYID_SIZE);
- }
- }
- #endif /* HAVE_OCSP */
- }
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
- /* prepare for TSIP TLS cert verification API use */
- if (cert->keyOID == RSAk) {
- /* to call TSIP API, it needs keys position info in bytes */
- if ((ret = RsaPublicKeyDecodeRawIndex(cert->publicKey, (word32*)&idx,
- cert->pubKeySize,
- &cert->sigCtx.CertAtt.pubkey_n_start,
- &cert->sigCtx.CertAtt.pubkey_n_len,
- &cert->sigCtx.CertAtt.pubkey_e_start,
- &cert->sigCtx.CertAtt.pubkey_e_len)) != 0) {
- WOLFSSL_MSG("Decoding index from cert failed.");
- return ret;
- }
- cert->sigCtx.CertAtt.certBegin = cert->certBegin;
- }
- else if (cert->keyOID == ECDSAk) {
- cert->sigCtx.CertAtt.certBegin = cert->certBegin;
- }
- /* check if we can use TSIP for cert verification */
- /* if the ca is verified as tsip root ca. */
- /* TSIP can only handle 2048 bits(256 byte) key. */
- if (cert->ca && Renesas_cmn_checkCA(cert->ca->cm_idx) != 0 &&
- (cert->sigCtx.CertAtt.pubkey_n_len == 256 ||
- cert->sigCtx.CertAtt.curve_id == ECC_SECP256R1)) {
- /* assign memory to encrypted tsip Rsa key index */
- if (!cert->sce_tsip_encRsaKeyIdx)
- cert->sce_tsip_encRsaKeyIdx =
- (byte*)XMALLOC(TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY,
- cert->heap, DYNAMIC_TYPE_RSA);
- if (cert->sce_tsip_encRsaKeyIdx == NULL)
- return MEMORY_E;
- }
- else {
- if (cert->ca) {
- /* TSIP isn't usable */
- if (Renesas_cmn_checkCA(cert->ca->cm_idx) == 0)
- WOLFSSL_MSG("SCE-TSIP isn't usable because the ca isn't verified "
- "by TSIP.");
- else if (cert->sigCtx.CertAtt.pubkey_n_len != 256)
- WOLFSSL_MSG("SCE-TSIP isn't usable because the ca isn't signed by "
- "RSA 2048.");
- else
- WOLFSSL_MSG("SCE-TSIP isn't usable");
- }
- cert->sce_tsip_encRsaKeyIdx = NULL;
- }
- sce_tsip_encRsaKeyIdx = cert->sce_tsip_encRsaKeyIdx;
- #else
- sce_tsip_encRsaKeyIdx = NULL;
- #endif
- if (verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
- if (cert->ca) {
- if (verify == VERIFY || verify == VERIFY_OCSP ||
- verify == VERIFY_SKIP_DATE) {
- /* try to confirm/verify signature */
- if ((ret = ConfirmSignature(&cert->sigCtx,
- cert->source + cert->certBegin,
- cert->sigIndex - cert->certBegin,
- cert->ca->publicKey, cert->ca->pubKeySize,
- cert->ca->keyOID, cert->signature,
- cert->sigLength, cert->signatureOID,
- #ifdef WC_RSA_PSS
- cert->source + cert->sigParamsIndex,
- cert->sigParamsLength,
- #else
- NULL, 0,
- #endif
- sce_tsip_encRsaKeyIdx)) != 0) {
- if (ret != WC_PENDING_E) {
- WOLFSSL_MSG("Confirm signature failed");
- }
- WOLFSSL_ERROR_VERBOSE(ret);
- return ret;
- }
- }
- #ifndef IGNORE_NAME_CONSTRAINTS
- if (verify == VERIFY || verify == VERIFY_OCSP ||
- verify == VERIFY_NAME || verify == VERIFY_SKIP_DATE) {
- /* check that this cert's name is permitted by the signer's
- * name constraints */
- if (!ConfirmNameConstraints(cert->ca, cert)) {
- WOLFSSL_MSG("Confirm name constraint failed");
- WOLFSSL_ERROR_VERBOSE(ASN_NAME_INVALID_E);
- return ASN_NAME_INVALID_E;
- }
- }
- #endif /* IGNORE_NAME_CONSTRAINTS */
- }
- #ifdef WOLFSSL_CERT_REQ
- else if (type == CERTREQ_TYPE) {
- if ((ret = ConfirmSignature(&cert->sigCtx,
- cert->source + cert->certBegin,
- cert->sigIndex - cert->certBegin,
- cert->publicKey, cert->pubKeySize,
- cert->keyOID, cert->signature,
- cert->sigLength, cert->signatureOID,
- #ifdef WC_RSA_PSS
- cert->source + cert->sigParamsIndex, cert->sigParamsLength,
- #else
- NULL, 0,
- #endif
- sce_tsip_encRsaKeyIdx)) != 0) {
- if (ret != WC_PENDING_E) {
- WOLFSSL_MSG("Confirm signature failed");
- }
- WOLFSSL_ERROR_VERBOSE(ret);
- return ret;
- }
- }
- #endif
- else {
- /* no signer */
- WOLFSSL_MSG("No CA signer to verify with");
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
- /* ret needs to be self-signer error for Qt compat */
- if (cert->selfSigned) {
- WOLFSSL_ERROR_VERBOSE(ASN_SELF_SIGNED_E);
- return ASN_SELF_SIGNED_E;
- }
- else
- #endif
- {
- WOLFSSL_ERROR_VERBOSE(ASN_NO_SIGNER_E);
- return ASN_NO_SIGNER_E;
- }
- }
- }
- #if defined(WOLFSSL_NO_TRUSTED_CERTS_VERIFY) && !defined(NO_SKID)
- exit_pcr:
- #endif
- if (cert->badDate != 0) {
- if (verify != VERIFY_SKIP_DATE) {
- return cert->badDate;
- }
- WOLFSSL_MSG("Date error: Verify option is skipping");
- }
- if (cert->criticalExt != 0)
- return cert->criticalExt;
- return ret;
- }
- /* Create and init an new signer */
- Signer* MakeSigner(void* heap)
- {
- Signer* signer = (Signer*) XMALLOC(sizeof(Signer), heap,
- DYNAMIC_TYPE_SIGNER);
- if (signer) {
- XMEMSET(signer, 0, sizeof(Signer));
- }
- (void)heap;
- return signer;
- }
- /* Free an individual signer.
- *
- * Used by Certificate Manager.
- *
- * @param [in, out] signer On in, signer object.
- * On out, pointer is no longer valid.
- * @param [in] heap Dynamic memory hint.
- */
- void FreeSigner(Signer* signer, void* heap)
- {
- (void)signer;
- (void)heap;
- XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
- XFREE((void*)signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
- #ifndef IGNORE_NAME_CONSTRAINTS
- if (signer->permittedNames)
- FreeNameSubtrees(signer->permittedNames, heap);
- if (signer->excludedNames)
- FreeNameSubtrees(signer->excludedNames, heap);
- #endif
- #ifdef WOLFSSL_SIGNER_DER_CERT
- FreeDer(&signer->derCert);
- #endif
- XFREE(signer, heap, DYNAMIC_TYPE_SIGNER);
- }
- /* Free the whole singer table with number of rows.
- *
- * Each table entry is a linked list of signers.
- * Used by Certificate Manager.
- *
- * @param [in, out] table Array of signer objects.
- * @param [in] rows Number of entries in table.
- * @param [in] heap Dynamic memory hint.
- */
- void FreeSignerTable(Signer** table, int rows, void* heap)
- {
- int i;
- for (i = 0; i < rows; i++) {
- Signer* signer = table[i];
- while (signer) {
- Signer* next = signer->next;
- FreeSigner(signer, heap);
- signer = next;
- }
- table[i] = NULL;
- }
- }
- void FreeSignerTableType(Signer** table, int rows, byte type, void* heap)
- {
- int i;
- for (i = 0; i < rows; i++) {
- Signer* signer = table[i];
- Signer** next = &table[i];
- while (signer) {
- if (signer->type == type) {
- *next = signer->next;
- FreeSigner(signer, heap);
- signer = *next;
- }
- else {
- next = &signer->next;
- signer = signer->next;
- }
- }
- }
- }
- #ifdef WOLFSSL_TRUST_PEER_CERT
- /* Free an individual trusted peer cert.
- *
- * @param [in, out] tp Trusted peer certificate object.
- * @param [in] heap Dynamic memory hint.
- */
- void FreeTrustedPeer(TrustedPeerCert* tp, void* heap)
- {
- if (tp == NULL) {
- return;
- }
- if (tp->name) {
- XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
- }
- if (tp->sig) {
- XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE);
- }
- #ifndef IGNORE_NAME_CONSTRAINTS
- if (tp->permittedNames)
- FreeNameSubtrees(tp->permittedNames, heap);
- if (tp->excludedNames)
- FreeNameSubtrees(tp->excludedNames, heap);
- #endif
- XFREE(tp, heap, DYNAMIC_TYPE_CERT);
- (void)heap;
- }
- /* Free the whole Trusted Peer linked list.
- *
- * Each table entry is a linked list of trusted peer certificates.
- * Used by Certificate Manager.
- *
- * @param [in, out] table Array of trusted peer certificate objects.
- * @param [in] rows Number of entries in table.
- * @param [in] heap Dynamic memory hint.
- */
- void FreeTrustedPeerTable(TrustedPeerCert** table, int rows, void* heap)
- {
- int i;
- for (i = 0; i < rows; i++) {
- TrustedPeerCert* tp = table[i];
- while (tp) {
- TrustedPeerCert* next = tp->next;
- FreeTrustedPeer(tp, heap);
- tp = next;
- }
- table[i] = NULL;
- }
- }
- #endif /* WOLFSSL_TRUST_PEER_CERT */
- #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS7)
- int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
- word32 outputSz, int maxSnSz)
- {
- int i;
- int snSzInt = (int)snSz;
- if (sn == NULL || output == NULL || snSzInt < 0)
- return BAD_FUNC_ARG;
- /* remove leading zeros */
- while (snSzInt > 0 && sn[0] == 0) {
- snSzInt--;
- sn++;
- }
- /* RFC 5280 - 4.1.2.2:
- * Serial numbers must be a positive value (and not zero) */
- if (snSzInt == 0) {
- WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG);
- return BAD_FUNC_ARG;
- }
- if (sn[0] & 0x80)
- maxSnSz--;
- /* truncate if input is too long */
- if (snSzInt > maxSnSz)
- snSzInt = maxSnSz;
- i = SetASNInt(snSzInt, sn[0], NULL);
- /* truncate if input is too long */
- if (snSzInt > (int)outputSz - i)
- snSzInt = (int)outputSz - i;
- /* sanity check number of bytes to copy */
- if (snSzInt <= 0) {
- return BUFFER_E;
- }
- /* write out ASN.1 Integer */
- (void)SetASNInt(snSzInt, sn[0], output);
- XMEMCPY(output + i, sn, (size_t)snSzInt);
- /* compute final length */
- i += snSzInt;
- return i;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #endif /* !NO_CERTS */
- #if defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS12) || \
- (defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT))
- int SetMyVersion(word32 version, byte* output, int header)
- {
- int i = 0;
- if (output == NULL)
- return BAD_FUNC_ARG;
- if (header) {
- output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
- output[i++] = 3;
- }
- output[i++] = ASN_INTEGER;
- output[i++] = 0x01;
- output[i++] = (byte)version;
- return i;
- }
- #endif
- #ifndef WOLFSSL_ASN_TEMPLATE
- int wc_GetSerialNumber(const byte* input, word32* inOutIdx,
- byte* serial, int* serialSz, word32 maxIdx)
- {
- int result = 0;
- int ret;
- WOLFSSL_ENTER("wc_GetSerialNumber");
- if (serial == NULL || input == NULL || serialSz == NULL) {
- return BAD_FUNC_ARG;
- }
- /* First byte is ASN type */
- if ((*inOutIdx+1) > maxIdx) {
- WOLFSSL_MSG("Bad idx first");
- return BUFFER_E;
- }
- ret = GetASNInt(input, inOutIdx, serialSz, maxIdx);
- if (ret != 0)
- return ret;
- if (*serialSz > EXTERNAL_SERIAL_SIZE || *serialSz <= 0) {
- WOLFSSL_MSG("Serial size bad");
- WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- /* return serial */
- XMEMCPY(serial, &input[*inOutIdx], (size_t)*serialSz);
- *inOutIdx += (word32)*serialSz;
- return result;
- }
- #endif
- #ifndef NO_CERTS
- /* TODO: consider moving PEM code out to a different file. */
- int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
- {
- int ret = BAD_FUNC_ARG;
- if (pDer) {
- int dynType = 0;
- DerBuffer* der;
- /* Determine dynamic type */
- switch (type) {
- case CA_TYPE: dynType = DYNAMIC_TYPE_CA; break;
- case CHAIN_CERT_TYPE:
- case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break;
- case CRL_TYPE: dynType = DYNAMIC_TYPE_CRL; break;
- case DSA_TYPE: dynType = DYNAMIC_TYPE_DSA; break;
- case ECC_TYPE: dynType = DYNAMIC_TYPE_ECC; break;
- case RSA_TYPE: dynType = DYNAMIC_TYPE_RSA; break;
- default: dynType = DYNAMIC_TYPE_KEY; break;
- }
- /* Setup new buffer */
- *pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType);
- if (*pDer == NULL) {
- return MEMORY_E;
- }
- XMEMSET(*pDer, 0, sizeof(DerBuffer) + length);
- der = *pDer;
- der->type = type;
- der->dynType = dynType; /* Cache this for FreeDer */
- der->heap = heap;
- der->buffer = (byte*)der + sizeof(DerBuffer);
- der->length = length;
- ret = 0; /* Success */
- }
- return ret;
- }
- void FreeDer(DerBuffer** pDer)
- {
- if (pDer && *pDer)
- {
- DerBuffer* der = (DerBuffer*)*pDer;
- /* ForceZero private keys */
- if (der->type == PRIVATEKEY_TYPE && der->buffer != NULL) {
- ForceZero(der->buffer, der->length);
- }
- der->buffer = NULL;
- der->length = 0;
- XFREE(der, der->heap, der->dynType);
- *pDer = NULL;
- }
- }
- int wc_AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
- {
- return AllocDer(pDer, length, type, heap);
- }
- void wc_FreeDer(DerBuffer** pDer)
- {
- FreeDer(pDer);
- }
- #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
- /* Note: If items added make sure MAX_X509_HEADER_SZ is
- updated to reflect maximum length and pem_struct_min_sz
- to reflect minimum size */
- wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
- wcchar END_CERT = "-----END CERTIFICATE-----";
- #ifdef WOLFSSL_CERT_REQ
- wcchar BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
- wcchar END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
- #endif
- #ifndef NO_DH
- wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
- wcchar END_DH_PARAM = "-----END DH PARAMETERS-----";
- wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----";
- wcchar END_X942_PARAM = "-----END X9.42 DH PARAMETERS-----";
- #endif
- #ifndef NO_DSA
- wcchar BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----";
- wcchar END_DSA_PARAM = "-----END DSA PARAMETERS-----";
- #endif
- wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
- wcchar END_X509_CRL = "-----END X509 CRL-----";
- wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
- wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
- wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----";
- wcchar END_RSA_PUB = "-----END RSA PUBLIC KEY-----";
- wcchar BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
- wcchar END_PRIV_KEY = "-----END PRIVATE KEY-----";
- wcchar BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
- wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
- #ifdef HAVE_ECC
- wcchar BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
- wcchar END_EC_PRIV = "-----END EC PRIVATE KEY-----";
- #ifdef OPENSSL_EXTRA
- wcchar BEGIN_EC_PARAM = "-----BEGIN EC PARAMETERS-----";
- wcchar END_EC_PARAM = "-----END EC PARAMETERS-----";
- #endif
- #endif
- #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
- !defined(NO_DSA)
- wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
- wcchar END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
- #endif
- #ifdef OPENSSL_EXTRA
- const char BEGIN_PRIV_KEY_PREFIX[] = "-----BEGIN";
- const char PRIV_KEY_SUFFIX[] = "PRIVATE KEY-----";
- const char END_PRIV_KEY_PREFIX[] = "-----END";
- #endif
- wcchar BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
- wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
- #if defined(HAVE_ED25519) || defined(HAVE_ED448)
- wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
- wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
- #endif
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----";
- wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----";
- wcchar BEGIN_FALCON_LEVEL5_PRIV = "-----BEGIN FALCON_LEVEL5 PRIVATE KEY-----";
- wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----";
- #endif /* HAVE_FALCON */
- #if defined(HAVE_DILITHIUM)
- wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----";
- wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----";
- wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----";
- wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
- wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
- wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
- #endif /* HAVE_DILITHIUM */
- #if defined(HAVE_SPHINCS)
- wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
- wcchar END_SPHINCS_FAST_LEVEL1_PRIV = "-----END SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
- wcchar BEGIN_SPHINCS_FAST_LEVEL3_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL3 PRIVATE KEY-----";
- wcchar END_SPHINCS_FAST_LEVEL3_PRIV = "-----END SPHINCS_FAST_LEVEL3 PRIVATE KEY-----";
- wcchar BEGIN_SPHINCS_FAST_LEVEL5_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL5 PRIVATE KEY-----";
- wcchar END_SPHINCS_FAST_LEVEL5_PRIV = "-----END SPHINCS_FAST_LEVEL5 PRIVATE KEY-----";
- wcchar BEGIN_SPHINCS_SMALL_LEVEL1_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----";
- wcchar END_SPHINCS_SMALL_LEVEL1_PRIV = "-----END SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----";
- wcchar BEGIN_SPHINCS_SMALL_LEVEL3_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----";
- wcchar END_SPHINCS_SMALL_LEVEL3_PRIV = "-----END SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----";
- wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
- wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----"
- "-----END X509 CRL-----");
- #ifdef WOLFSSL_PEM_TO_DER
- static WC_INLINE const char* SkipEndOfLineChars(const char* line,
- const char* endOfLine)
- {
- /* eat end of line characters */
- while (line < endOfLine &&
- (line[0] == '\r' || line[0] == '\n')) {
- line++;
- }
- return line;
- }
- #endif
- int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
- {
- int ret = BAD_FUNC_ARG;
- switch (type) {
- case CA_TYPE: /* same as below */
- case TRUSTED_PEER_TYPE:
- case CHAIN_CERT_TYPE:
- case CERT_TYPE:
- if (header) *header = BEGIN_CERT;
- if (footer) *footer = END_CERT;
- ret = 0;
- break;
- case CRL_TYPE:
- if (header) *header = BEGIN_X509_CRL;
- if (footer) *footer = END_X509_CRL;
- ret = 0;
- break;
- #ifndef NO_DH
- case DH_PARAM_TYPE:
- if (header) *header = BEGIN_DH_PARAM;
- if (footer) *footer = END_DH_PARAM;
- ret = 0;
- break;
- case X942_PARAM_TYPE:
- if (header) *header = BEGIN_X942_PARAM;
- if (footer) *footer = END_X942_PARAM;
- ret = 0;
- break;
- #endif
- #ifndef NO_DSA
- case DSA_PARAM_TYPE:
- if (header) *header = BEGIN_DSA_PARAM;
- if (footer) *footer = END_DSA_PARAM;
- ret = 0;
- break;
- #endif
- #ifdef WOLFSSL_CERT_REQ
- case CERTREQ_TYPE:
- if (header) *header = BEGIN_CERT_REQ;
- if (footer) *footer = END_CERT_REQ;
- ret = 0;
- break;
- #endif
- #ifndef NO_DSA
- case DSA_TYPE:
- case DSA_PRIVATEKEY_TYPE:
- if (header) *header = BEGIN_DSA_PRIV;
- if (footer) *footer = END_DSA_PRIV;
- ret = 0;
- break;
- #endif
- #ifdef HAVE_ECC
- case ECC_TYPE:
- case ECC_PRIVATEKEY_TYPE:
- if (header) *header = BEGIN_EC_PRIV;
- if (footer) *footer = END_EC_PRIV;
- ret = 0;
- break;
- #ifdef OPENSSL_EXTRA
- case ECC_PARAM_TYPE:
- if (header) *header = BEGIN_EC_PARAM;
- if (footer) *footer = END_EC_PARAM;
- ret = 0;
- break;
- #endif
- #endif
- case RSA_TYPE:
- case PRIVATEKEY_TYPE:
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- case ALT_PRIVATEKEY_TYPE:
- #endif
- if (header) *header = BEGIN_RSA_PRIV;
- if (footer) *footer = END_RSA_PRIV;
- ret = 0;
- break;
- #ifdef HAVE_ED25519
- case ED25519_TYPE:
- #endif
- #ifdef HAVE_ED448
- case ED448_TYPE:
- #endif
- #if defined(HAVE_ED25519) || defined(HAVE_ED448)
- case EDDSA_PRIVATEKEY_TYPE:
- if (header) *header = BEGIN_EDDSA_PRIV;
- if (footer) *footer = END_EDDSA_PRIV;
- ret = 0;
- break;
- #endif
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- case FALCON_LEVEL1_TYPE:
- if (header) *header = BEGIN_FALCON_LEVEL1_PRIV;
- if (footer) *footer = END_FALCON_LEVEL1_PRIV;
- ret = 0;
- break;
- case FALCON_LEVEL5_TYPE:
- if (header) *header = BEGIN_FALCON_LEVEL5_PRIV;
- if (footer) *footer = END_FALCON_LEVEL5_PRIV;
- ret = 0;
- break;
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- case DILITHIUM_LEVEL2_TYPE:
- if (header) *header = BEGIN_DILITHIUM_LEVEL2_PRIV;
- if (footer) *footer = END_DILITHIUM_LEVEL2_PRIV;
- ret = 0;
- break;
- case DILITHIUM_LEVEL3_TYPE:
- if (header) *header = BEGIN_DILITHIUM_LEVEL3_PRIV;
- if (footer) *footer = END_DILITHIUM_LEVEL3_PRIV;
- ret = 0;
- break;
- case DILITHIUM_LEVEL5_TYPE:
- if (header) *header = BEGIN_DILITHIUM_LEVEL5_PRIV;
- if (footer) *footer = END_DILITHIUM_LEVEL5_PRIV;
- ret = 0;
- break;
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- case SPHINCS_FAST_LEVEL1_TYPE:
- if (header) *header = BEGIN_SPHINCS_FAST_LEVEL1_PRIV;
- if (footer) *footer = END_SPHINCS_FAST_LEVEL1_PRIV;
- ret = 0;
- break;
- case SPHINCS_FAST_LEVEL3_TYPE:
- if (header) *header = BEGIN_SPHINCS_FAST_LEVEL3_PRIV;
- if (footer) *footer = END_SPHINCS_FAST_LEVEL3_PRIV;
- ret = 0;
- break;
- case SPHINCS_FAST_LEVEL5_TYPE:
- if (header) *header = BEGIN_SPHINCS_FAST_LEVEL5_PRIV;
- if (footer) *footer = END_SPHINCS_FAST_LEVEL5_PRIV;
- ret = 0;
- break;
- case SPHINCS_SMALL_LEVEL1_TYPE:
- if (header) *header = BEGIN_SPHINCS_SMALL_LEVEL1_PRIV;
- if (footer) *footer = END_SPHINCS_SMALL_LEVEL1_PRIV;
- ret = 0;
- break;
- case SPHINCS_SMALL_LEVEL3_TYPE:
- if (header) *header = BEGIN_SPHINCS_SMALL_LEVEL3_PRIV;
- if (footer) *footer = END_SPHINCS_SMALL_LEVEL3_PRIV;
- ret = 0;
- break;
- case SPHINCS_SMALL_LEVEL5_TYPE:
- if (header) *header = BEGIN_SPHINCS_SMALL_LEVEL5_PRIV;
- if (footer) *footer = END_SPHINCS_SMALL_LEVEL5_PRIV;
- ret = 0;
- break;
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- case PUBLICKEY_TYPE:
- case ECC_PUBLICKEY_TYPE:
- if (header) *header = BEGIN_PUB_KEY;
- if (footer) *footer = END_PUB_KEY;
- ret = 0;
- break;
- case RSA_PUBLICKEY_TYPE:
- if (header) *header = BEGIN_RSA_PUB;
- if (footer) *footer = END_RSA_PUB;
- ret = 0;
- break;
- #ifndef NO_DH
- case DH_PRIVATEKEY_TYPE:
- #endif
- case PKCS8_PRIVATEKEY_TYPE:
- if (header) *header = BEGIN_PRIV_KEY;
- if (footer) *footer = END_PRIV_KEY;
- ret = 0;
- break;
- case PKCS8_ENC_PRIVATEKEY_TYPE:
- if (header) *header = BEGIN_ENC_PRIV_KEY;
- if (footer) *footer = END_ENC_PRIV_KEY;
- ret = 0;
- break;
- default:
- break;
- }
- return ret;
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- static wcchar kProcTypeHeader = "Proc-Type";
- static wcchar kDecInfoHeader = "DEK-Info";
- #ifdef WOLFSSL_PEM_TO_DER
- #ifndef NO_DES3
- static wcchar kEncTypeDes = "DES-CBC";
- static wcchar kEncTypeDes3 = "DES-EDE3-CBC";
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- static wcchar kEncTypeAesCbc128 = "AES-128-CBC";
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192)
- static wcchar kEncTypeAesCbc192 = "AES-192-CBC";
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- static wcchar kEncTypeAesCbc256 = "AES-256-CBC";
- #endif
- int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
- {
- int ret = 0;
- if (info == NULL || cipherInfo == NULL)
- return BAD_FUNC_ARG;
- /* determine cipher information */
- #ifndef NO_DES3
- if (XSTRCMP(cipherInfo, kEncTypeDes) == 0) {
- info->cipherType = WC_CIPHER_DES;
- info->keySz = DES_KEY_SIZE;
- /* DES_IV_SIZE is incorrectly 16 in FIPS v2. It should be 8, same as the
- * block size. */
- #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
- if (info->ivSz == 0) info->ivSz = DES_BLOCK_SIZE;
- #else
- if (info->ivSz == 0) info->ivSz = DES_IV_SIZE;
- #endif
- }
- else if (XSTRCMP(cipherInfo, kEncTypeDes3) == 0) {
- info->cipherType = WC_CIPHER_DES3;
- info->keySz = DES3_KEY_SIZE;
- #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
- if (info->ivSz == 0) info->ivSz = DES_BLOCK_SIZE;
- #else
- if (info->ivSz == 0) info->ivSz = DES_IV_SIZE;
- #endif
- }
- else
- #endif /* !NO_DES3 */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- if (XSTRCMP(cipherInfo, kEncTypeAesCbc128) == 0) {
- info->cipherType = WC_CIPHER_AES_CBC;
- info->keySz = AES_128_KEY_SIZE;
- if (info->ivSz == 0) info->ivSz = AES_IV_SIZE;
- }
- else
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192)
- if (XSTRCMP(cipherInfo, kEncTypeAesCbc192) == 0) {
- info->cipherType = WC_CIPHER_AES_CBC;
- info->keySz = AES_192_KEY_SIZE;
- if (info->ivSz == 0) info->ivSz = AES_IV_SIZE;
- }
- else
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- if (XSTRCMP(cipherInfo, kEncTypeAesCbc256) == 0) {
- info->cipherType = WC_CIPHER_AES_CBC;
- info->keySz = AES_256_KEY_SIZE;
- if (info->ivSz == 0) info->ivSz = AES_IV_SIZE;
- }
- else
- #endif
- {
- ret = NOT_COMPILED_IN;
- }
- return ret;
- }
- int wc_EncryptedInfoParse(EncryptedInfo* info, const char** pBuffer,
- size_t bufSz)
- {
- int err = 0;
- const char* bufferStart;
- const char* bufferEnd;
- char* line;
- if (info == NULL || pBuffer == NULL || bufSz == 0)
- return BAD_FUNC_ARG;
- bufferStart = *pBuffer;
- bufferEnd = bufferStart + bufSz;
- /* find encrypted info marker */
- line = XSTRNSTR(bufferStart, kProcTypeHeader,
- min((word32)bufSz, PEM_LINE_LEN));
- if (line != NULL) {
- word32 lineSz;
- char* finish;
- char* start;
- word32 startSz;
- const char* newline = NULL;
- if (line >= bufferEnd) {
- return BUFFER_E;
- }
- lineSz = (word32)(bufferEnd - line);
- /* find DEC-Info marker */
- start = XSTRNSTR(line, kDecInfoHeader, min(lineSz, PEM_LINE_LEN));
- if (start == NULL)
- return BUFFER_E;
- /* skip dec-info and ": " */
- start += XSTRLEN(kDecInfoHeader);
- if (start >= bufferEnd)
- return BUFFER_E;
- if (start[0] == ':') {
- start++;
- if (start >= bufferEnd)
- return BUFFER_E;
- }
- if (start[0] == ' ')
- start++;
- startSz = (word32)(bufferEnd - start);
- finish = XSTRNSTR(start, ",", min(startSz, PEM_LINE_LEN));
- if ((start != NULL) && (finish != NULL) && (start < finish)) {
- word32 finishSz;
- if (finish >= bufferEnd) {
- return BUFFER_E;
- }
- finishSz = (word32)(bufferEnd - finish);
- newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN));
- /* get cipher name */
- if (NAME_SZ < (finish - start)) /* buffer size of info->name */
- return BUFFER_E;
- if (XMEMCPY(info->name, start, (size_t)(finish - start)) == NULL)
- return BUFFER_E;
- info->name[finish - start] = '\0'; /* null term */
- /* populate info */
- err = wc_EncryptedInfoGet(info, info->name);
- if (err != 0)
- return err;
- /* get IV */
- if (finishSz < info->ivSz + 1)
- return BUFFER_E;
- if (newline == NULL) {
- newline = XSTRNSTR(finish, "\n", min(finishSz,
- PEM_LINE_LEN));
- }
- if ((newline != NULL) && (newline > finish)) {
- finish++;
- info->ivSz = (word32)(newline - finish);
- if (info->ivSz > IV_SZ)
- return BUFFER_E;
- if (XMEMCPY(info->iv, finish, info->ivSz) == NULL)
- return BUFFER_E;
- info->set = 1;
- }
- else
- return BUFFER_E;
- }
- else
- return BUFFER_E;
- /* eat end of line characters */
- newline = SkipEndOfLineChars(newline, bufferEnd);
- /* return new headerEnd */
- *pBuffer = newline;
- }
- return err;
- }
- #endif /* WOLFSSL_PEM_TO_DER */
- #ifdef WOLFSSL_DER_TO_PEM
- static int wc_EncryptedInfoAppend(char* dest, int destSz, char* cipherInfo)
- {
- if (cipherInfo != NULL) {
- int cipherInfoStrLen = (int)XSTRLEN((char*)cipherInfo);
- if (cipherInfoStrLen > HEADER_ENCRYPTED_KEY_SIZE - (9+14+10+3))
- cipherInfoStrLen = HEADER_ENCRYPTED_KEY_SIZE - (9+14+10+3);
- if (destSz - (int)XSTRLEN(dest) >= cipherInfoStrLen + (9+14+8+2+2+1)) {
- /* strncat's src length needs to include the NULL */
- XSTRNCAT(dest, kProcTypeHeader, 10);
- XSTRNCAT(dest, ": 4,ENCRYPTED\n", 15);
- XSTRNCAT(dest, kDecInfoHeader, 9);
- XSTRNCAT(dest, ": ", 3);
- XSTRNCAT(dest, cipherInfo, (size_t)destSz - XSTRLEN(dest) - 1);
- XSTRNCAT(dest, "\n\n", 4);
- }
- }
- return 0;
- }
- #endif /* WOLFSSL_DER_TO_PEM */
- #endif /* WOLFSSL_ENCRYPTED_KEYS */
- #ifdef WOLFSSL_DER_TO_PEM
- /* Used for compatibility API */
- WOLFSSL_ABI
- int wc_DerToPem(const byte* der, word32 derSz,
- byte* output, word32 outSz, int type)
- {
- return wc_DerToPemEx(der, derSz, output, outSz, NULL, type);
- }
- /* convert der buffer to pem into output, can't do inplace, der and output
- need to be different */
- int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
- byte *cipher_info, int type)
- {
- const char* headerStr = NULL;
- const char* footerStr = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- char* header = NULL;
- char* footer = NULL;
- #else
- char header[MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE];
- char footer[MAX_X509_HEADER_SZ];
- #endif
- int headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE;
- int footerLen = MAX_X509_HEADER_SZ;
- int i;
- int err;
- int outLen; /* return length or error */
- (void)cipher_info;
- if (der == output) /* no in place conversion */
- return BAD_FUNC_ARG;
- err = wc_PemGetHeaderFooter(type, &headerStr, &footerStr);
- if (err != 0)
- return err;
- #ifdef WOLFSSL_SMALL_STACK
- header = (char*)XMALLOC(headerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (header == NULL)
- return MEMORY_E;
- footer = (char*)XMALLOC(footerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (footer == NULL) {
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
- #endif
- /* build header and footer based on type */
- XSTRNCPY(header, headerStr, (size_t)headerLen - 1);
- header[headerLen - 2] = 0;
- XSTRNCPY(footer, footerStr, (size_t)footerLen - 1);
- footer[footerLen - 2] = 0;
- /* add new line to end */
- XSTRNCAT(header, "\n", 2);
- XSTRNCAT(footer, "\n", 2);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- err = wc_EncryptedInfoAppend(header, headerLen, (char*)cipher_info);
- if (err != 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return err;
- }
- #endif
- headerLen = (int)XSTRLEN(header);
- footerLen = (int)XSTRLEN(footer);
- /* if null output and 0 size passed in then return size needed */
- if (!output && outSz == 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- outLen = 0;
- if ((err = Base64_Encode(der, derSz, NULL, (word32*)&outLen))
- != LENGTH_ONLY_E) {
- WOLFSSL_ERROR_VERBOSE(err);
- return err;
- }
- return headerLen + footerLen + outLen;
- }
- if (!der || !output) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return BAD_FUNC_ARG;
- }
- /* don't even try if outSz too short */
- if (outSz < (word32)headerLen + (word32)footerLen + derSz) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return BAD_FUNC_ARG;
- }
- /* header */
- XMEMCPY(output, header, (size_t)headerLen);
- i = headerLen;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- /* body */
- outLen = (int)outSz - (headerLen + footerLen); /* input to Base64_Encode */
- if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_ERROR_VERBOSE(err);
- return err;
- }
- i += outLen;
- /* footer */
- if ( (i + footerLen) > (int)outSz) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return BAD_FUNC_ARG;
- }
- XMEMCPY(output + i, footer, (size_t)footerLen);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return outLen + headerLen + footerLen;
- }
- #endif /* WOLFSSL_DER_TO_PEM */
- #ifdef WOLFSSL_PEM_TO_DER
- /* Remove PEM header/footer, convert to ASN1, store any encrypted data
- info->consumed tracks of PEM bytes consumed in case multiple parts */
- int PemToDer(const unsigned char* buff, long longSz, int type,
- DerBuffer** pDer, void* heap, EncryptedInfo* info, int* keyFormat)
- {
- const char* header = NULL;
- const char* footer = NULL;
- const char* headerEnd;
- const char* footerEnd;
- const char* consumedEnd;
- const char* bufferEnd = (const char*)(buff + longSz);
- long neededSz;
- int ret = 0;
- word32 sz = (word32)longSz;
- int encrypted_key = 0;
- DerBuffer* der;
- word32 algId = 0;
- word32 idx;
- #ifdef OPENSSL_EXTRA
- char beginBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */
- char endBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */
- #endif
- WOLFSSL_ENTER("PemToDer");
- /* get PEM header and footer based on type */
- ret = wc_PemGetHeaderFooter(type, &header, &footer);
- if (ret != 0)
- return ret;
- /* map header if not found for type */
- for (;;) {
- headerEnd = XSTRNSTR((char*)buff, header, sz);
- if (headerEnd) {
- break;
- }
- if (type == PRIVATEKEY_TYPE
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- || type == ALT_PRIVATEKEY_TYPE
- #endif
- ) {
- if (header == BEGIN_RSA_PRIV) {
- header = BEGIN_PRIV_KEY;
- footer = END_PRIV_KEY;
- }
- else if (header == BEGIN_PRIV_KEY) {
- header = BEGIN_ENC_PRIV_KEY;
- footer = END_ENC_PRIV_KEY;
- }
- #ifdef HAVE_ECC
- else if (header == BEGIN_ENC_PRIV_KEY) {
- header = BEGIN_EC_PRIV;
- footer = END_EC_PRIV;
- }
- else if (header == BEGIN_EC_PRIV) {
- header = BEGIN_DSA_PRIV;
- footer = END_DSA_PRIV;
- }
- #endif
- #if defined(HAVE_ED25519) || defined(HAVE_ED448)
- #ifdef HAVE_ECC
- else if (header == BEGIN_DSA_PRIV) {
- #else
- else if (header == BEGIN_ENC_PRIV_KEY) {
- #endif
- header = BEGIN_EDDSA_PRIV;
- footer = END_EDDSA_PRIV;
- }
- #endif
- else {
- #ifdef WOLF_PRIVATE_KEY_ID
- /* allow loading a public key for use with crypto or PK callbacks */
- type = PUBLICKEY_TYPE;
- header = BEGIN_PUB_KEY;
- footer = END_PUB_KEY;
- #else
- break;
- #endif
- }
- }
- else if (type == PUBLICKEY_TYPE) {
- if (header == BEGIN_PUB_KEY) {
- header = BEGIN_RSA_PUB;
- footer = END_RSA_PUB;
- }
- else {
- break;
- }
- }
- #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
- else if (type == ECC_PARAM_TYPE) {
- if (header == BEGIN_EC_PARAM) {
- header = BEGIN_EC_PARAM;
- footer = END_EC_PARAM;
- }
- else {
- break;
- }
- }
- #endif
- #ifdef HAVE_CRL
- else if ((type == CRL_TYPE) && (header != BEGIN_X509_CRL)) {
- header = BEGIN_X509_CRL;
- footer = END_X509_CRL;
- }
- #endif
- else {
- break;
- }
- }
- if (!headerEnd) {
- #ifdef OPENSSL_EXTRA
- if (type == PRIVATEKEY_TYPE
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- || type == ALT_PRIVATEKEY_TYPE
- #endif
- ) {
- /* see if there is a -----BEGIN * PRIVATE KEY----- header */
- headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz);
- if (headerEnd) {
- const char* beginEnd;
- unsigned int endLen;
- beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX);
- if (beginEnd >= (char*)buff + sz) {
- return BUFFER_E;
- }
- /* back up to BEGIN_PRIV_KEY_PREFIX */
- while (headerEnd > (char*)buff &&
- XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
- XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 &&
- *headerEnd != '\n') {
- headerEnd--;
- }
- if (headerEnd <= (char*)buff ||
- XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
- XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 ||
- beginEnd - headerEnd > PEM_LINE_LEN) {
- WOLFSSL_MSG("Couldn't find PEM header");
- WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
- return ASN_NO_PEM_HEADER;
- }
- /* headerEnd now points to beginning of header */
- XMEMCPY(beginBuf, headerEnd, (size_t)(beginEnd - headerEnd));
- beginBuf[beginEnd - headerEnd] = '\0';
- /* look for matching footer */
- footer = XSTRNSTR(beginEnd,
- beginBuf + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX),
- (unsigned int)((char*)buff + sz - beginEnd));
- if (!footer) {
- WOLFSSL_MSG("Couldn't find PEM footer");
- WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
- return ASN_NO_PEM_HEADER;
- }
- footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX);
- if (footer > (char*)buff + sz - XSTR_SIZEOF(END_PRIV_KEY_PREFIX)
- || XSTRNCMP(footer, END_PRIV_KEY_PREFIX,
- XSTR_SIZEOF(END_PRIV_KEY_PREFIX)) != 0) {
- WOLFSSL_MSG("Unexpected footer for PEM");
- return BUFFER_E;
- }
- endLen = (unsigned int)((size_t)(beginEnd - headerEnd) -
- (XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) -
- XSTR_SIZEOF(END_PRIV_KEY_PREFIX)));
- XMEMCPY(endBuf, footer, (size_t)endLen);
- endBuf[endLen] = '\0';
- header = beginBuf;
- footer = endBuf;
- headerEnd = beginEnd;
- }
- }
- if (!headerEnd) {
- WOLFSSL_MSG("Couldn't find PEM header");
- WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
- return ASN_NO_PEM_HEADER;
- }
- #else
- WOLFSSL_MSG("Couldn't find PEM header");
- return ASN_NO_PEM_HEADER;
- #endif
- } else {
- headerEnd += XSTRLEN(header);
- }
- /* eat end of line characters */
- headerEnd = SkipEndOfLineChars(headerEnd, bufferEnd);
- if (keyFormat) {
- /* keyFormat is Key_Sum enum */
- if (type == PRIVATEKEY_TYPE
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- || type == ALT_PRIVATEKEY_TYPE
- #endif
- ) {
- #ifndef NO_RSA
- if (header == BEGIN_RSA_PRIV)
- *keyFormat = RSAk;
- #endif
- #ifdef HAVE_ECC
- if (header == BEGIN_EC_PRIV)
- *keyFormat = ECDSAk;
- #endif
- #ifndef NO_DSA
- if (header == BEGIN_DSA_PRIV)
- *keyFormat = DSAk;
- #endif
- }
- #ifdef WOLF_PRIVATE_KEY_ID
- else if (type == PUBLICKEY_TYPE) {
- #ifndef NO_RSA
- if (header == BEGIN_RSA_PUB)
- *keyFormat = RSAk;
- #endif
- }
- #endif
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- if (info) {
- ret = wc_EncryptedInfoParse(info, &headerEnd,
- (size_t)(bufferEnd - headerEnd));
- if (ret < 0)
- return ret;
- if (info->set)
- encrypted_key = 1;
- }
- #endif /* WOLFSSL_ENCRYPTED_KEYS */
- /* find footer */
- footerEnd = XSTRNSTR(headerEnd, footer, (unsigned int)((char*)buff +
- sz - headerEnd));
- if (!footerEnd) {
- if (info)
- info->consumed = longSz; /* No more certs if no footer */
- return BUFFER_E;
- }
- consumedEnd = footerEnd + XSTRLEN(footer);
- if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
- /* eat end of line characters */
- consumedEnd = SkipEndOfLineChars(consumedEnd, bufferEnd);
- /* skip possible null term */
- if (consumedEnd < bufferEnd && consumedEnd[0] == '\0')
- consumedEnd++;
- }
- if (info)
- info->consumed = (long)(consumedEnd - (const char*)buff);
- /* set up der buffer */
- neededSz = (long)(footerEnd - headerEnd);
- if (neededSz > (long)sz || neededSz <= 0)
- return BUFFER_E;
- ret = AllocDer(pDer, (word32)neededSz, type, heap);
- if (ret < 0) {
- return ret;
- }
- der = *pDer;
- if (Base64_Decode((byte*)headerEnd, (word32)neededSz,
- der->buffer, &der->length) < 0) {
- WOLFSSL_ERROR(BUFFER_E);
- return BUFFER_E;
- }
- if ((header == BEGIN_PRIV_KEY
- #ifdef OPENSSL_EXTRA
- || header == beginBuf
- #endif
- #ifdef HAVE_ECC
- || header == BEGIN_EC_PRIV
- #endif
- ) && !encrypted_key)
- {
- /* detect pkcs8 key and get alg type */
- /* keep PKCS8 header */
- idx = 0;
- ret = ToTraditionalInline_ex(der->buffer, &idx, der->length, &algId);
- if (ret > 0) {
- if (keyFormat)
- *keyFormat = (int)algId;
- }
- else {
- /* ignore failure here and assume key is not pkcs8 wrapped */
- }
- return 0;
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- if (encrypted_key || header == BEGIN_ENC_PRIV_KEY) {
- int passwordSz = NAME_SZ;
- #ifdef WOLFSSL_SMALL_STACK
- char* password = NULL;
- #else
- char password[NAME_SZ];
- #endif
- if (!info || !info->passwd_cb) {
- WOLFSSL_MSG("No password callback set");
- WOLFSSL_ERROR_VERBOSE(NO_PASSWORD);
- return NO_PASSWORD;
- }
- #ifdef WOLFSSL_SMALL_STACK
- password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING);
- if (password == NULL) {
- return MEMORY_E;
- }
- #endif
- /* get password */
- ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ,
- info->passwd_userdata);
- if (ret >= 0) {
- passwordSz = ret;
- #ifdef WOLFSSL_CHECK_MEM_ZERO
- wc_MemZero_Add("PEM password", password, passwordSz);
- #endif
- /* convert and adjust length */
- if (header == BEGIN_ENC_PRIV_KEY) {
- #ifndef NO_PWDBASED
- ret = wc_DecryptPKCS8Key(der->buffer, der->length,
- password, passwordSz);
- if (ret > 0) {
- /* update length by decrypted content */
- der->length = (word32)ret;
- idx = 0;
- /* detect pkcs8 key and get alg type */
- /* keep PKCS8 header */
- ret = ToTraditionalInline_ex(der->buffer, &idx, der->length,
- &algId);
- if (ret >= 0) {
- if (keyFormat)
- *keyFormat = (int)algId;
- ret = 0;
- }
- }
- #else
- WOLFSSL_ERROR_VERBOSE(NOT_COMPILED_IN);
- ret = NOT_COMPILED_IN;
- #endif
- }
- /* decrypt the key */
- else {
- if (passwordSz == 0) {
- /* The key is encrypted but does not have a password */
- WOLFSSL_MSG("No password for encrypted key");
- WOLFSSL_ERROR_VERBOSE(NO_PASSWORD);
- ret = NO_PASSWORD;
- }
- else {
- #if ((defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3)) || \
- (!defined(NO_AES) && defined(HAVE_AES_CBC) && \
- defined(HAVE_AES_DECRYPT))) && \
- !defined(NO_WOLFSSL_SKIP_TRAILING_PAD)
- int padVal = 0;
- #endif
- ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
- (byte*)password, passwordSz, WC_MD5);
- #ifndef NO_WOLFSSL_SKIP_TRAILING_PAD
- #ifndef NO_DES3
- if (info->cipherType == WC_CIPHER_DES3) {
- /* Assuming there is padding:
- * (der->length > 0 && der->length > DES_BLOCK_SIZE &&
- * (der->length % DES_BLOCK_SIZE) != 0)
- * and assuming the last value signifies the number of
- * padded bytes IE if last value is 0x08 then there are
- * 8 bytes of padding:
- * padVal = der->buffer[der->length-1];
- * then strip this padding before proceeding:
- * der->length -= padVal;
- */
- if (der->length > DES_BLOCK_SIZE &&
- (der->length % DES_BLOCK_SIZE) != 0) {
- padVal = der->buffer[der->length-1];
- if (padVal < DES_BLOCK_SIZE) {
- der->length -= (word32)padVal;
- }
- }
- }
- #endif /* !NO_DES3 */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && \
- defined(HAVE_AES_DECRYPT)
- if (info->cipherType == WC_CIPHER_AES_CBC) {
- if (der->length > AES_BLOCK_SIZE) {
- padVal = der->buffer[der->length-1];
- if (padVal <= AES_BLOCK_SIZE) {
- der->length -= (word32)padVal;
- }
- }
- }
- #endif
- #endif /* !NO_WOLFSSL_SKIP_TRAILING_PAD */
- }
- }
- #ifdef OPENSSL_EXTRA
- if (ret) {
- PEMerr(0, PEM_R_BAD_DECRYPT);
- }
- #endif
- ForceZero(password, (word32)passwordSz);
- }
- #ifdef OPENSSL_EXTRA
- else {
- PEMerr(0, PEM_R_BAD_PASSWORD_READ);
- }
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(password, heap, DYNAMIC_TYPE_STRING);
- #elif defined(WOLFSSL_CHECK_MEM_ZERO)
- wc_MemZero_Check(password, NAME_SZ);
- #endif
- }
- #endif /* WOLFSSL_ENCRYPTED_KEYS */
- return ret;
- }
- int wc_PemToDer(const unsigned char* buff, long longSz, int type,
- DerBuffer** pDer, void* heap, EncryptedInfo* info, int* keyFormat)
- {
- int ret = PemToDer(buff, longSz, type, pDer, heap, info, keyFormat);
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
- if (ret == 0 && type == PRIVATEKEY_TYPE) {
- DerBuffer* der = *pDer;
- /* if a PKCS8 key header exists remove it */
- ret = ToTraditional(der->buffer, der->length);
- if (ret > 0) {
- der->length = (word32)ret;
- }
- ret = 0; /* ignore error removing PKCS8 header */
- }
- #endif
- return ret;
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- /* our KeyPemToDer password callback, password in userData */
- static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata)
- {
- (void)rw;
- if (userdata == NULL)
- return 0;
- XSTRNCPY(passwd, (char*)userdata, (size_t)sz);
- return (int)min((word32)sz, (word32)XSTRLEN((char*)userdata));
- }
- #endif
- /* Return bytes written to buff or < 0 for error */
- int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
- unsigned char* buff, int buffSz, const char* pass)
- {
- int ret;
- DerBuffer* der = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
- #else
- EncryptedInfo info[1];
- #endif
- WOLFSSL_ENTER("wc_KeyPemToDer");
- if (pem == NULL || (buff != NULL && buffSz <= 0)) {
- WOLFSSL_MSG("Bad pem der args");
- return BAD_FUNC_ARG;
- }
- #ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_ENCRYPTEDINFO);
- if (info == NULL)
- return MEMORY_E;
- #endif
- XMEMSET(info, 0, sizeof(EncryptedInfo));
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- info->passwd_cb = KeyPemToDerPassCb;
- info->passwd_userdata = (void*)pass;
- #else
- (void)pass;
- #endif
- ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, NULL);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
- #endif
- if (ret < 0 || der == NULL) {
- WOLFSSL_MSG("Bad Pem To Der");
- }
- else if (buff == NULL) {
- WOLFSSL_MSG("Return needed der buff length");
- ret = (int)der->length;
- }
- else if (der->length <= (word32)buffSz) {
- XMEMCPY(buff, der->buffer, der->length);
- ret = (int)der->length;
- }
- else {
- WOLFSSL_MSG("Bad der length");
- ret = BAD_FUNC_ARG;
- }
- FreeDer(&der);
- return ret;
- }
- /* Return bytes written to buff or < 0 for error */
- int wc_CertPemToDer(const unsigned char* pem, int pemSz,
- unsigned char* buff, int buffSz, int type)
- {
- int ret;
- DerBuffer* der = NULL;
- WOLFSSL_ENTER("wc_CertPemToDer");
- if (pem == NULL || buff == NULL || buffSz <= 0) {
- WOLFSSL_MSG("Bad pem der args");
- return BAD_FUNC_ARG;
- }
- if (type != CERT_TYPE && type != CHAIN_CERT_TYPE && type != CA_TYPE &&
- type != CERTREQ_TYPE) {
- WOLFSSL_MSG("Bad cert type");
- return BAD_FUNC_ARG;
- }
- ret = PemToDer(pem, pemSz, type, &der, NULL, NULL, NULL);
- if (ret < 0 || der == NULL) {
- WOLFSSL_MSG("Bad Pem To Der");
- }
- else {
- if (der->length <= (word32)buffSz) {
- XMEMCPY(buff, der->buffer, der->length);
- ret = (int)der->length;
- }
- else {
- WOLFSSL_MSG("Bad der length");
- ret = BAD_FUNC_ARG;
- }
- }
- FreeDer(&der);
- return ret;
- }
- #endif /* WOLFSSL_PEM_TO_DER */
- #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
- #ifdef WOLFSSL_PEM_TO_DER
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
- /* Return bytes written to buff, needed buff size if buff is NULL, or less than
- zero for error */
- int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
- unsigned char* buff, int buffSz)
- {
- int ret;
- DerBuffer* der = NULL;
- WOLFSSL_ENTER("wc_PubKeyPemToDer");
- if (pem == NULL || (buff != NULL && buffSz <= 0)) {
- WOLFSSL_MSG("Bad pem der args");
- return BAD_FUNC_ARG;
- }
- ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
- if (ret < 0 || der == NULL) {
- WOLFSSL_MSG("Bad Pem To Der");
- }
- else if (buff == NULL) {
- WOLFSSL_MSG("Return needed der buff length");
- ret = (int)der->length;
- }
- else if (der->length <= (word32)buffSz) {
- XMEMCPY(buff, der->buffer, der->length);
- ret = (int)der->length;
- }
- else {
- WOLFSSL_MSG("Bad der length");
- ret = BAD_FUNC_ARG;
- }
- FreeDer(&der);
- return ret;
- }
- #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
- #endif /* WOLFSSL_PEM_TO_DER */
- #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER)
- #ifdef WOLFSSL_CERT_GEN
- int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der)
- {
- #ifndef WOLFSSL_SMALL_STACK
- byte staticBuffer[FILE_BUFFER_SIZE];
- #endif
- byte* fileBuf = NULL;
- int ret = 0;
- XFILE file = XBADFILE;
- int dynamic = 0;
- long sz = 0;
- WOLFSSL_ENTER("wc_PemCertToDer");
- if (fileName == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- file = XFOPEN(fileName, "rb");
- if (file == XBADFILE) {
- ret = IO_FAILED_E;
- }
- }
- if (ret == 0) {
- if (XFSEEK(file, 0, XSEEK_END) != 0) {
- ret = IO_FAILED_E;
- }
- }
- if (ret == 0) {
- sz = XFTELL(file);
- if (sz <= 0) {
- ret = IO_FAILED_E;
- }
- }
- if (ret == 0) {
- if (XFSEEK(file, 0, XSEEK_SET) != 0) {
- ret = IO_FAILED_E;
- }
- }
- if (ret == 0) {
- #ifndef WOLFSSL_SMALL_STACK
- if (sz <= (long)sizeof(staticBuffer))
- fileBuf = staticBuffer;
- else
- #endif
- {
- fileBuf = (byte*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_FILE);
- if (fileBuf == NULL)
- ret = MEMORY_E;
- else
- dynamic = 1;
- }
- }
- if (ret == 0) {
- if ((size_t)XFREAD(fileBuf, 1, (size_t)sz, file) != (size_t)sz) {
- ret = IO_FAILED_E;
- }
- else {
- ret = PemToDer(fileBuf, sz, CA_TYPE, der, 0, NULL,NULL);
- }
- }
- if (file != XBADFILE)
- XFCLOSE(file);
- if (dynamic)
- XFREE(fileBuf, NULL, DYNAMIC_TYPE_FILE);
- return ret;
- }
- /* load pem cert from file into der buffer, return der size or error */
- int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
- {
- int ret;
- DerBuffer* converted = NULL;
- ret = wc_PemCertToDer_ex(fileName, &converted);
- if (ret == 0) {
- if (converted->length < (word32)derSz) {
- XMEMCPY(derBuf, converted->buffer, converted->length);
- ret = (int)converted->length;
- }
- else
- ret = BUFFER_E;
- FreeDer(&converted);
- }
- return ret;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
- /* load pem public key from file into der buffer, return der size or error */
- int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der)
- {
- #ifndef WOLFSSL_SMALL_STACK
- byte staticBuffer[FILE_BUFFER_SIZE];
- #endif
- byte* fileBuf = NULL;
- int dynamic = 0;
- int ret = 0;
- long sz = 0;
- XFILE file = XBADFILE;
- WOLFSSL_ENTER("wc_PemPubKeyToDer");
- if (fileName == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- file = XFOPEN(fileName, "rb");
- if (file == XBADFILE) {
- ret = IO_FAILED_E;
- }
- }
- if (ret == 0) {
- if (XFSEEK(file, 0, XSEEK_END) != 0) {
- ret = IO_FAILED_E;
- }
- }
- if (ret == 0) {
- sz = XFTELL(file);
- if (sz <= 0) {
- ret = IO_FAILED_E;
- }
- }
- if (ret == 0) {
- if (XFSEEK(file, 0, XSEEK_SET) != 0) {
- ret = IO_FAILED_E;
- }
- }
- if (ret == 0) {
- #ifndef WOLFSSL_SMALL_STACK
- if (sz <= (long)sizeof(staticBuffer))
- fileBuf = staticBuffer;
- else
- #endif
- {
- fileBuf = (byte*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_FILE);
- if (fileBuf == NULL)
- ret = MEMORY_E;
- else
- dynamic = 1;
- }
- }
- if (ret == 0) {
- if ((size_t)XFREAD(fileBuf, 1, (size_t)sz, file) != (size_t)sz) {
- ret = BUFFER_E;
- }
- else {
- ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, der,
- 0, NULL, NULL);
- }
- }
- if (file != XBADFILE)
- XFCLOSE(file);
- if (dynamic)
- XFREE(fileBuf, NULL, DYNAMIC_TYPE_FILE);
- return ret;
- }
- /* load pem public key from file into der buffer, return der size or error */
- int wc_PemPubKeyToDer(const char* fileName,
- unsigned char* derBuf, int derSz)
- {
- int ret;
- DerBuffer* converted = NULL;
- ret = wc_PemPubKeyToDer_ex(fileName, &converted);
- if (ret == 0) {
- if (converted->length < (word32)derSz) {
- XMEMCPY(derBuf, converted->buffer, converted->length);
- ret = (int)converted->length;
- }
- else
- ret = BUFFER_E;
- FreeDer(&converted);
- }
- return ret;
- }
- #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
- #endif /* !NO_FILESYSTEM && WOLFSSL_PEM_TO_DER */
- /* Get public key in DER format from a populated DecodedCert struct.
- *
- * Users must call wc_InitDecodedCert() and wc_ParseCert() before calling
- * this API. wc_InitDecodedCert() accepts a DER/ASN.1 encoded certificate.
- * To convert a PEM cert to DER first use wc_CertPemToDer() before calling
- * wc_InitDecodedCert().
- *
- * cert - populated DecodedCert struct holding X.509 certificate
- * derKey - output buffer to place DER/ASN.1 encoded public key
- * derKeySz [IN/OUT] - size of derKey buffer on input, size of public key
- * on return. If derKey is passed in as NULL, derKeySz
- * will be set to required buffer size for public key
- * and LENGTH_ONLY_E will be returned from function.
- * Returns 0 on success, or negative error code on failure. LENGTH_ONLY_E
- * if derKey is NULL and returning length only.
- */
- int wc_GetPubKeyDerFromCert(struct DecodedCert* cert,
- byte* derKey, word32* derKeySz)
- {
- int ret = 0;
- /* derKey may be NULL to return length only */
- if (cert == NULL || derKeySz == NULL ||
- (derKey != NULL && *derKeySz == 0)) {
- return BAD_FUNC_ARG;
- }
- if (cert->publicKey == NULL) {
- WOLFSSL_MSG("DecodedCert does not contain public key\n");
- return BAD_FUNC_ARG;
- }
- /* if derKey is NULL, return required output buffer size in derKeySz */
- if (derKey == NULL) {
- *derKeySz = cert->pubKeySize;
- ret = LENGTH_ONLY_E;
- }
- if (ret == 0) {
- if (cert->pubKeySize > *derKeySz) {
- WOLFSSL_MSG("Output buffer not large enough for public key DER");
- ret = BAD_FUNC_ARG;
- }
- else {
- XMEMCPY(derKey, cert->publicKey, cert->pubKeySize);
- *derKeySz = cert->pubKeySize;
- }
- }
- return ret;
- }
- #ifdef WOLFSSL_FPKI
- /* Search through list for first matching alt name of the same type
- * If 'current' is null then the search starts at the head of the list
- * otherwise the search starts from the node after 'current' alt name.
- * Returns 0 on success
- */
- static DNS_entry* FindAltName(struct DecodedCert* cert, int nameType,
- DNS_entry* current)
- {
- DNS_entry* entry;
- if (current == NULL) {
- entry = cert->altNames;
- }
- else {
- entry = current->next;
- }
- /* cycle through alt names to check for needed types */
- while (entry != NULL) {
- if (entry->type == nameType) {
- break;
- }
- entry = entry->next;
- }
- return entry;
- }
- /* returns 0 on success */
- int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz)
- {
- int ret = ALT_NAME_E;
- DNS_entry* id = NULL;
- do {
- id = FindAltName(cert, ASN_URI_TYPE, id);
- if (id != NULL) {
- /* check if URI string matches expected format for UUID */
- if (id->len != DEFAULT_UUID_SZ) {
- continue; /* size not right not a UUID URI */
- }
- if (XMEMCMP(id->name, "urn:uuid:", 9) != 0) {
- continue; /* beginning text not right for a UUID URI */
- }
- if (uuid == NULL) {
- *uuidSz = (word32)id->len;
- return LENGTH_ONLY_E;
- }
- if ((int)*uuidSz < id->len) {
- return BUFFER_E;
- }
- XMEMCPY(uuid, id->name, (size_t)id->len);
- ret = 0; /* success */
- break;
- }
- } while (id != NULL);
- return ret;
- }
- /* returns 0 on success */
- int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
- {
- int ret = ALT_NAME_E;
- DNS_entry* id = NULL;
- do {
- id = FindAltName(cert, ASN_OTHER_TYPE, id);
- if (id != NULL && id->oidSum == FASCN_OID) {
- if (fascn == NULL) {
- *fascnSz = (word32)id->len;
- return LENGTH_ONLY_E;
- }
- if ((int)*fascnSz < id->len) {
- return BUFFER_E;
- }
- XMEMCPY(fascn, id->name, (size_t)id->len);
- ret = 0; /* success */
- }
- } while (id != NULL);
- return ret;
- }
- #endif /* WOLFSSL_FPKI */
- #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
- defined(WOLFSSL_KCAPI_RSA) || \
- ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))))
- /* USER RSA ifdef portions used instead of refactor in consideration for
- possible fips build */
- /* Encode a public RSA key to output.
- *
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- *
- * Encoded data can either be SubjectPublicKeyInfo (with header) or just the key
- * (RSAPublicKey).
- *
- * @param [out] output Buffer to put encoded data in.
- * @param [in] key RSA key object.
- * @param [in] outLen Size of the output buffer in bytes.
- * @param [in] with_header Whether to include SubjectPublicKeyInfo around key.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when output or key is NULL, or outLen is less than
- * minimum length (5 bytes).
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
- int with_header)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int nSz, eSz;
- word32 seqSz, algoSz = 0, headSz = 0, bitStringSz = 0, idx;
- byte seq[MAX_SEQ_SZ];
- byte headSeq[MAX_SEQ_SZ];
- byte bitString[1 + MAX_LENGTH_SZ + 1];
- byte algo[MAX_ALGO_SZ]; /* 20 bytes */
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL);
- if (nSz < 0)
- return nSz;
- eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL);
- if (eSz < 0)
- return eSz;
- seqSz = SetSequence((word32)(nSz + eSz), seq);
- /* headers */
- if (with_header) {
- algoSz = SetAlgoID(RSAk, algo, oidKeyType, 0);
- bitStringSz = SetBitString(seqSz + (word32)(nSz + eSz), 0, bitString);
- headSz = SetSequence((word32)(nSz + eSz) + seqSz + bitStringSz + algoSz,
- headSeq);
- }
- /* if getting length only */
- if (output == NULL) {
- return (int)(headSz + algoSz + bitStringSz + seqSz) + nSz + eSz;
- }
- /* check output size */
- if (((int)(headSz + algoSz + bitStringSz + seqSz) + nSz + eSz) > outLen) {
- return BUFFER_E;
- }
- /* write output */
- idx = 0;
- if (with_header) {
- /* header size */
- XMEMCPY(output + idx, headSeq, headSz);
- idx += headSz;
- /* algo */
- XMEMCPY(output + idx, algo, algoSz);
- idx += algoSz;
- /* bit string */
- XMEMCPY(output + idx, bitString, bitStringSz);
- idx += bitStringSz;
- }
- /* seq */
- XMEMCPY(output + idx, seq, seqSz);
- idx += seqSz;
- /* n */
- nSz = SetASNIntMP(&key->n, nSz, output + idx);
- idx += (word32)nSz;
- /* e */
- eSz = SetASNIntMP(&key->e, eSz, output + idx);
- idx += (word32)eSz;
- return (int)idx;
- #else
- DECL_ASNSETDATA(dataASN, rsaPublicKeyASN_Length);
- int sz = 0;
- int ret = 0;
- int o = 0;
- /* Check parameter validity. */
- if ((key == NULL) || ((output != NULL) && (outLen < MAX_SEQ_SZ))) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNSETDATA(dataASN, rsaPublicKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- if (!with_header) {
- /* Start encoding with items after header. */
- o = RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ;
- }
- /* Set OID for RSA key. */
- SetASN_OID(&dataASN[RSAPUBLICKEYASN_IDX_ALGOID_OID], RSAk, oidKeyType);
- #ifdef WC_RSA_PSS
- dataASN[RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ].noOut = 1;
- #endif
- /* Set public key mp_ints. */
- SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N], &key->n);
- SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E], &key->e);
- /* Calculate size of RSA public key. */
- ret = SizeASN_Items(rsaPublicKeyASN + o, dataASN + o,
- (int)rsaPublicKeyASN_Length - o, &sz);
- }
- /* Check output buffer is big enough for encoding. */
- if ((ret == 0) && (output != NULL) && (sz > outLen)) {
- ret = BUFFER_E;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode RSA public key. */
- SetASN_Items(rsaPublicKeyASN + o, dataASN + o,
- (int)rsaPublicKeyASN_Length - o, output);
- }
- if (ret == 0) {
- /* Return size of encoding. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, key->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Calculate size of encoded public RSA key in bytes.
- *
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- *
- * Encoded data can either be SubjectPublicKeyInfo (with header) or just the key
- * (RSAPublicKey).
- *
- * @param [in] key RSA key object.
- * @param [in] with_header Whether to include SubjectPublicKeyInfo around key.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when key is NULL.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header)
- {
- return SetRsaPublicKey(NULL, key, 0, with_header);
- }
- /* Encode public RSA key in DER format.
- *
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- *
- * @param [in] key RSA key object.
- * @param [out] output Buffer to put encoded data in.
- * @param [in] inLen Size of buffer in bytes.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when key or output is NULL.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)
- {
- return SetRsaPublicKey(output, key, (int)inLen, 1);
- }
- /* Returns public DER version of the RSA key. If with_header is 0 then only a
- * seq + n + e is returned in ASN.1 DER format */
- int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
- int with_header)
- {
- return SetRsaPublicKey(output, key, (int)inLen, with_header);
- }
- #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || WOLFSSL_KCAPI_RSA ||
- ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN))) */
- #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)) && \
- !defined(NO_RSA)
- /* Encode private RSA key in DER format.
- *
- * PKCS #1: RFC 8017, A.1.2 - RSAPrivateKey
- *
- * @param [in] key RSA key object.
- * @param [out] output Buffer to put encoded data in.
- * @param [in] inLen Size of buffer in bytes.
- * @return Size of encoded data in bytes on success.
- * @return BAD_FUNC_ARG when key is NULL or not a private key.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret = 0, i;
- word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen = 0;
- word32 sizes[RSA_INTS];
- byte seq[MAX_SEQ_SZ];
- byte ver[MAX_VERSION_SZ];
- byte* tmps[RSA_INTS];
- if (key == NULL)
- return BAD_FUNC_ARG;
- if (key->type != RSA_PRIVATE)
- return BAD_FUNC_ARG;
- for (i = 0; i < RSA_INTS; i++)
- tmps[i] = NULL;
- /* write all big ints from key to DER tmps */
- for (i = 0; i < RSA_INTS; i++) {
- mp_int* keyInt = GetRsaInt(key, i);
- int mpSz;
- word32 rawLen;
- ret = mp_unsigned_bin_size(keyInt);
- if (ret < 0)
- return ret;
- rawLen = (word32)ret + 1;
- ret = 0;
- if (output != NULL) {
- tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
- DYNAMIC_TYPE_RSA);
- if (tmps[i] == NULL) {
- ret = MEMORY_E;
- break;
- }
- }
- mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, tmps[i]);
- if (mpSz < 0) {
- ret = mpSz;
- break;
- }
- sizes[i] = (word32)mpSz;
- intTotalLen += (word32)mpSz;
- }
- if (ret == 0) {
- /* make headers */
- ret = SetMyVersion(0, ver, FALSE);
- }
- if (ret >= 0) {
- verSz = (word32)ret;
- ret = 0;
- seqSz = SetSequence(verSz + intTotalLen, seq);
- outLen = seqSz + verSz + intTotalLen;
- if (output != NULL && outLen > inLen)
- ret = BUFFER_E;
- }
- if (ret == 0 && output != NULL) {
- word32 j;
- /* write to output */
- XMEMCPY(output, seq, seqSz);
- j = seqSz;
- XMEMCPY(output + j, ver, verSz);
- j += verSz;
- for (i = 0; i < RSA_INTS; i++) {
- XMEMCPY(output + j, tmps[i], sizes[i]);
- j += sizes[i];
- }
- }
- for (i = 0; i < RSA_INTS; i++) {
- if (tmps[i])
- XFREE(tmps[i], key->heap, DYNAMIC_TYPE_RSA);
- }
- if (ret == 0)
- ret = (int)outLen;
- return ret;
- #else
- DECL_ASNSETDATA(dataASN, rsaKeyASN_Length);
- int i;
- int sz = 0;
- int ret = 0;
- if ((key == NULL) || (key->type != RSA_PRIVATE)) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNSETDATA(dataASN, rsaKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- /* Set the version. */
- SetASN_Int8Bit(&dataASN[RSAKEYASN_IDX_VER], 0);
- /* Set all the mp_ints in private key. */
- for (i = 0; i < RSA_INTS; i++) {
- SetASN_MP(&dataASN[(byte)RSAKEYASN_IDX_N + i], GetRsaInt(key, i));
- }
- /* Calculate size of RSA private key encoding. */
- ret = SizeASN_Items(rsaKeyASN, dataASN, rsaKeyASN_Length, &sz);
- }
- /* Check output buffer has enough space for encoding. */
- if ((ret == 0) && (output != NULL) && (sz > (int)inLen)) {
- ret = BAD_FUNC_ARG;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode RSA private key. */
- SetASN_Items(rsaKeyASN, dataASN, rsaKeyASN_Length, output);
- }
- if (ret == 0) {
- /* Return size of encoding. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, key->heap);
- return ret;
- #endif
- }
- #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
- #ifdef WOLFSSL_CERT_GEN
- /* Initialize and Set Certificate defaults:
- version = 3 (0x2)
- serial = 0
- sigType = SHA_WITH_RSA
- issuer = blank
- daysValid = 500
- selfSigned = 1 (true) use subject as issuer
- subject = blank
- */
- int wc_InitCert_ex(Cert* cert, void* heap, int devId)
- {
- #ifdef WOLFSSL_MULTI_ATTRIB
- int i = 0;
- #endif
- if (cert == NULL) {
- return BAD_FUNC_ARG;
- }
- XMEMSET(cert, 0, sizeof(Cert));
- cert->version = 2; /* version 3 is hex 2 */
- #ifndef NO_SHA
- cert->sigType = CTC_SHAwRSA;
- #elif !defined(NO_SHA256)
- cert->sigType = CTC_SHA256wRSA;
- #else
- cert->sigType = 0;
- #endif
- cert->daysValid = 500;
- cert->selfSigned = 1;
- cert->keyType = RSA_KEY;
- cert->issuer.countryEnc = CTC_PRINTABLE;
- cert->issuer.stateEnc = CTC_UTF8;
- cert->issuer.streetEnc = CTC_UTF8;
- cert->issuer.localityEnc = CTC_UTF8;
- cert->issuer.surEnc = CTC_UTF8;
- #ifdef WOLFSSL_CERT_NAME_ALL
- cert->issuer.givenNameEnc = CTC_UTF8;
- cert->issuer.initialsEnc = CTC_UTF8;
- cert->issuer.dnQualifierEnc = CTC_UTF8;
- cert->issuer.dnNameEnc = CTC_UTF8;
- #endif
- cert->issuer.orgEnc = CTC_UTF8;
- cert->issuer.unitEnc = CTC_UTF8;
- cert->issuer.commonNameEnc = CTC_UTF8;
- cert->issuer.serialDevEnc = CTC_PRINTABLE;
- cert->issuer.userIdEnc = CTC_UTF8;
- cert->issuer.postalCodeEnc = CTC_UTF8;
- #ifdef WOLFSSL_CERT_EXT
- cert->issuer.busCatEnc = CTC_UTF8;
- cert->issuer.joiCEnc = CTC_UTF8;
- cert->issuer.joiStEnc = CTC_UTF8;
- #endif
- cert->subject.countryEnc = CTC_PRINTABLE;
- cert->subject.stateEnc = CTC_UTF8;
- cert->subject.streetEnc = CTC_UTF8;
- cert->subject.localityEnc = CTC_UTF8;
- cert->subject.surEnc = CTC_UTF8;
- #ifdef WOLFSSL_CERT_NAME_ALL
- cert->subject.givenNameEnc = CTC_UTF8;
- cert->subject.initialsEnc = CTC_UTF8;
- cert->subject.dnQualifierEnc = CTC_UTF8;
- cert->subject.dnNameEnc = CTC_UTF8;
- #endif
- cert->subject.orgEnc = CTC_UTF8;
- cert->subject.unitEnc = CTC_UTF8;
- cert->subject.commonNameEnc = CTC_UTF8;
- cert->subject.serialDevEnc = CTC_PRINTABLE;
- cert->subject.userIdEnc = CTC_UTF8;
- cert->subject.postalCodeEnc = CTC_UTF8;
- #ifdef WOLFSSL_CERT_EXT
- cert->subject.busCatEnc = CTC_UTF8;
- cert->subject.joiCEnc = CTC_UTF8;
- cert->subject.joiStEnc = CTC_UTF8;
- #endif
- #ifdef WOLFSSL_MULTI_ATTRIB
- for (i = 0; i < CTC_MAX_ATTRIB; i++) {
- cert->issuer.name[i].type = CTC_UTF8;
- cert->subject.name[i].type = CTC_UTF8;
- }
- #endif /* WOLFSSL_MULTI_ATTRIB */
- cert->heap = heap;
- (void)devId; /* future */
- return 0;
- }
- WOLFSSL_ABI
- int wc_InitCert(Cert* cert)
- {
- return wc_InitCert_ex(cert, NULL, INVALID_DEVID);
- }
- WOLFSSL_ABI
- Cert* wc_CertNew(void* heap)
- {
- Cert* certNew;
- certNew = (Cert*)XMALLOC(sizeof(Cert), heap, DYNAMIC_TYPE_CERT);
- if (certNew) {
- if (wc_InitCert_ex(certNew, heap, INVALID_DEVID) != 0) {
- XFREE(certNew, heap, DYNAMIC_TYPE_CERT);
- certNew = NULL;
- }
- }
- return certNew;
- }
- WOLFSSL_ABI
- void wc_CertFree(Cert* cert)
- {
- if (cert) {
- void* heap = cert->heap;
- ForceZero(cert, sizeof(Cert));
- XFREE(cert, heap, DYNAMIC_TYPE_CERT);
- (void)heap;
- }
- }
- /* DER encoded x509 Certificate */
- typedef struct DerCert {
- byte size[MAX_LENGTH_SZ]; /* length encoded */
- byte version[MAX_VERSION_SZ]; /* version encoded */
- byte serial[(int)CTC_SERIAL_SIZE + (int)MAX_LENGTH_SZ]; /* serial number encoded */
- byte sigAlgo[MAX_ALGO_SZ]; /* signature algo encoded */
- byte issuer[WC_ASN_NAME_MAX]; /* issuer encoded */
- byte subject[WC_ASN_NAME_MAX]; /* subject encoded */
- byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */
- byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa public key encoded */
- byte ca[MAX_CA_SZ]; /* basic constraint CA true size */
- byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */
- #ifdef WOLFSSL_CERT_EXT
- byte skid[MAX_KID_SZ]; /* Subject Key Identifier extension */
- byte akid[MAX_KID_SZ
- #ifdef WOLFSSL_AKID_NAME
- + sizeof(CertName) + CTC_SERIAL_SIZE
- #endif
- ]; /* Authority Key Identifier extension */
- byte keyUsage[MAX_KEYUSAGE_SZ]; /* Key Usage extension */
- byte extKeyUsage[MAX_EXTKEYUSAGE_SZ]; /* Extended Key Usage extension */
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- byte nsCertType[MAX_NSCERTTYPE_SZ]; /* Extended Key Usage extension */
- #endif
- byte certPolicies[MAX_CERTPOL_NB*MAX_CERTPOL_SZ]; /* Certificate Policies */
- byte crlInfo[CTC_MAX_CRLINFO_SZ]; /* CRL Distribution Points */
- #endif
- #ifdef WOLFSSL_CERT_REQ
- byte attrib[MAX_ATTRIB_SZ]; /* Cert req attributes encoded */
- #ifdef WOLFSSL_CUSTOM_OID
- byte extCustom[MAX_ATTRIB_SZ]; /* Encoded user oid and value */
- #endif
- #endif
- #ifdef WOLFSSL_ALT_NAMES
- byte altNames[CTC_MAX_ALT_SIZE]; /* Alternative Names encoded */
- #endif
- int sizeSz; /* encoded size length */
- int versionSz; /* encoded version length */
- int serialSz; /* encoded serial length */
- int sigAlgoSz; /* encoded sig algo length */
- int issuerSz; /* encoded issuer length */
- int subjectSz; /* encoded subject length */
- int validitySz; /* encoded validity length */
- int publicKeySz; /* encoded public key length */
- int caSz; /* encoded CA extension length */
- #ifdef WOLFSSL_CERT_EXT
- int skidSz; /* encoded SKID extension length */
- int akidSz; /* encoded SKID extension length */
- int keyUsageSz; /* encoded KeyUsage extension length */
- int extKeyUsageSz; /* encoded ExtendedKeyUsage extension length */
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- int nsCertTypeSz; /* encoded Netscape Certificate Type
- * extension length */
- #endif
- int certPoliciesSz; /* encoded CertPolicies extension length*/
- int crlInfoSz; /* encoded CRL Dist Points length */
- #endif
- #ifdef WOLFSSL_ALT_NAMES
- int altNamesSz; /* encoded AltNames extension length */
- #endif
- int extensionsSz; /* encoded extensions total length */
- int total; /* total encoded lengths */
- #ifdef WOLFSSL_CERT_REQ
- int attribSz;
- #ifdef WOLFSSL_CUSTOM_OID
- int extCustomSz;
- #endif
- #endif
- } DerCert;
- #ifdef WOLFSSL_CERT_REQ
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* Write a set header to output */
- static word32 SetPrintableString(word32 len, byte* output)
- {
- output[0] = ASN_PRINTABLE_STRING;
- return SetLength(len, output + 1) + 1;
- }
- static word32 SetUTF8String(word32 len, byte* output)
- {
- output[0] = ASN_UTF8STRING;
- return SetLength(len, output + 1) + 1;
- }
- #endif
- #endif /* WOLFSSL_CERT_REQ */
- #ifndef WOLFSSL_CERT_GEN_CACHE
- /* wc_SetCert_Free is only public when WOLFSSL_CERT_GEN_CACHE is not defined */
- static
- #endif
- WOLFSSL_ABI
- void wc_SetCert_Free(Cert* cert)
- {
- if (cert != NULL) {
- cert->der = NULL;
- if (cert->decodedCert) {
- FreeDecodedCert((DecodedCert*)cert->decodedCert);
- XFREE(cert->decodedCert, cert->heap, DYNAMIC_TYPE_DCERT);
- cert->decodedCert = NULL;
- }
- }
- }
- static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz,
- int devId)
- {
- int ret;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- /* Allocate DecodedCert struct and Zero */
- cert->decodedCert = (void*)XMALLOC(sizeof(DecodedCert), cert->heap,
- DYNAMIC_TYPE_DCERT);
- if (cert->decodedCert == NULL) {
- ret = MEMORY_E;
- }
- else {
- XMEMSET(cert->decodedCert, 0, sizeof(DecodedCert));
- InitDecodedCert_ex((DecodedCert*)cert->decodedCert, der, derSz,
- cert->heap, devId);
- ret = ParseCertRelative((DecodedCert*)cert->decodedCert,
- CERT_TYPE, 0, NULL);
- if (ret >= 0) {
- cert->der = (byte*)der;
- }
- else {
- wc_SetCert_Free(cert);
- }
- }
- }
- return ret;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #ifdef WOLFSSL_CERT_GEN
- #ifndef NO_ASN_TIME
- static WC_INLINE byte itob(int number)
- {
- return (byte)number + 0x30;
- }
- /* write time to output, format */
- static void SetTime(struct tm* date, byte* output)
- {
- int i = 0;
- output[i++] = itob((date->tm_year % 10000) / 1000);
- output[i++] = itob((date->tm_year % 1000) / 100);
- output[i++] = itob((date->tm_year % 100) / 10);
- output[i++] = itob( date->tm_year % 10);
- output[i++] = itob(date->tm_mon / 10);
- output[i++] = itob(date->tm_mon % 10);
- output[i++] = itob(date->tm_mday / 10);
- output[i++] = itob(date->tm_mday % 10);
- output[i++] = itob(date->tm_hour / 10);
- output[i++] = itob(date->tm_hour % 10);
- output[i++] = itob(date->tm_min / 10);
- output[i++] = itob(date->tm_min % 10);
- output[i++] = itob(date->tm_sec / 10);
- output[i++] = itob(date->tm_sec % 10);
- output[i] = 'Z'; /* Zulu profile */
- }
- #endif
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* Copy Dates from cert, return bytes written */
- static int CopyValidity(byte* output, Cert* cert)
- {
- word32 seqSz;
- WOLFSSL_ENTER("CopyValidity");
- /* headers and output */
- seqSz = SetSequence((word32)(cert->beforeDateSz + cert->afterDateSz),
- output);
- if (output) {
- XMEMCPY(output + seqSz, cert->beforeDate, (size_t)cert->beforeDateSz);
- XMEMCPY(output + seqSz + cert->beforeDateSz, cert->afterDate,
- (size_t)cert->afterDateSz);
- }
- return (int)seqSz + cert->beforeDateSz + cert->afterDateSz;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- /* Simple name OID size. */
- #define NAME_OID_SZ 3
- /* Domain name OIDs. */
- static const byte nameOid[][NAME_OID_SZ] = {
- { 0x55, 0x04, ASN_COUNTRY_NAME },
- { 0x55, 0x04, ASN_STATE_NAME },
- { 0x55, 0x04, ASN_STREET_ADDR },
- { 0x55, 0x04, ASN_LOCALITY_NAME },
- #ifdef WOLFSSL_CERT_NAME_ALL
- { 0x55, 0x04, ASN_NAME },
- { 0x55, 0x04, ASN_GIVEN_NAME },
- { 0x55, 0x04, ASN_INITIALS },
- { 0x55, 0x04, ASN_DNQUALIFIER },
- #endif
- { 0x55, 0x04, ASN_SUR_NAME },
- { 0x55, 0x04, ASN_ORG_NAME },
- { 0x00, 0x00, ASN_DOMAIN_COMPONENT}, /* not actual OID - see dcOid */
- /* list all DC values before OUs */
- { 0x55, 0x04, ASN_ORGUNIT_NAME },
- { 0x55, 0x04, ASN_COMMON_NAME },
- { 0x55, 0x04, ASN_SERIAL_NUMBER },
- #ifdef WOLFSSL_CERT_EXT
- { 0x55, 0x04, ASN_BUS_CAT },
- #endif
- { 0x55, 0x04, ASN_POSTAL_CODE },
- { 0x00, 0x00, ASN_EMAIL_NAME}, /* not actual OID - see attrEmailOid */
- { 0x00, 0x00, ASN_USER_ID}, /* not actual OID - see uidOid */
- #ifdef WOLFSSL_CUSTOM_OID
- { 0x00, 0x00, ASN_CUSTOM_NAME} /* OID comes from CertOidField */
- #endif
- };
- #define NAME_ENTRIES (int)(sizeof(nameOid)/NAME_OID_SZ)
- /* Get ASN Name from index */
- byte GetCertNameId(int idx)
- {
- if (idx < NAME_ENTRIES)
- return nameOid[idx][2];
- return 0;
- }
- /* Get Which Name from index */
- const char* GetOneCertName(CertName* name, int idx)
- {
- byte type = GetCertNameId(idx);
- switch (type) {
- case ASN_COUNTRY_NAME:
- return name->country;
- case ASN_STATE_NAME:
- return name->state;
- case ASN_STREET_ADDR:
- return name->street;
- case ASN_LOCALITY_NAME:
- return name->locality;
- #ifdef WOLFSSL_CERT_NAME_ALL
- case ASN_NAME:
- return name->dnName;
- case ASN_GIVEN_NAME:
- return name->givenName;
- case ASN_INITIALS:
- return name->initials;
- case ASN_DNQUALIFIER:
- return name->dnQualifier;
- #endif /* WOLFSSL_CERT_NAME_ALL */
- case ASN_SUR_NAME:
- return name->sur;
- case ASN_ORG_NAME:
- return name->org;
- case ASN_ORGUNIT_NAME:
- return name->unit;
- case ASN_COMMON_NAME:
- return name->commonName;
- case ASN_SERIAL_NUMBER:
- return name->serialDev;
- case ASN_USER_ID:
- return name->userId;
- case ASN_POSTAL_CODE:
- return name->postalCode;
- case ASN_EMAIL_NAME:
- return name->email;
- #ifdef WOLFSSL_CERT_EXT
- case ASN_BUS_CAT:
- return name->busCat;
- #endif
- #ifdef WOLFSSL_CUSTOM_OID
- case ASN_CUSTOM_NAME:
- return (const char*)name->custom.val;
- #endif
- default:
- return NULL;
- }
- }
- /* Get Which Name Encoding from index */
- static char GetNameType(CertName* name, int idx)
- {
- byte type = GetCertNameId(idx);
- switch (type) {
- case ASN_COUNTRY_NAME:
- return name->countryEnc;
- case ASN_STATE_NAME:
- return name->stateEnc;
- case ASN_STREET_ADDR:
- return name->streetEnc;
- case ASN_LOCALITY_NAME:
- return name->localityEnc;
- #ifdef WOLFSSL_CERT_NAME_ALL
- case ASN_NAME:
- return name->dnNameEnc;
- case ASN_GIVEN_NAME:
- return name->givenNameEnc;
- case ASN_INITIALS:
- return name->initialsEnc;
- case ASN_DNQUALIFIER:
- return name->dnQualifierEnc;
- #endif /* WOLFSSL_CERT_NAME_ALL */
- case ASN_SUR_NAME:
- return name->surEnc;
- case ASN_ORG_NAME:
- return name->orgEnc;
- case ASN_ORGUNIT_NAME:
- return name->unitEnc;
- case ASN_COMMON_NAME:
- return name->commonNameEnc;
- case ASN_SERIAL_NUMBER:
- return name->serialDevEnc;
- case ASN_USER_ID:
- return name->userIdEnc;
- case ASN_POSTAL_CODE:
- return name->postalCodeEnc;
- case ASN_EMAIL_NAME:
- return 0; /* special */
- #ifdef WOLFSSL_CERT_EXT
- case ASN_BUS_CAT:
- return name->busCatEnc;
- #endif
- #ifdef WOLFSSL_CUSTOM_OID
- case ASN_CUSTOM_NAME:
- return name->custom.enc;
- #endif
- default:
- return 0;
- }
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- /*
- Extensions ::= SEQUENCE OF Extension
- Extension ::= SEQUENCE {
- extnId OBJECT IDENTIFIER,
- critical BOOLEAN DEFAULT FALSE,
- extnValue OCTET STRING }
- */
- /* encode all extensions, return total bytes written */
- static int SetExtensions(byte* out, word32 outSz, int *IdxInOut,
- const byte* ext, int extSz)
- {
- if (out == NULL || IdxInOut == NULL || ext == NULL)
- return BAD_FUNC_ARG;
- if (outSz < (word32)(*IdxInOut+extSz))
- return BUFFER_E;
- XMEMCPY(&out[*IdxInOut], ext, (size_t)extSz); /* extensions */
- *IdxInOut += extSz;
- return *IdxInOut;
- }
- /* encode extensions header, return total bytes written */
- static int SetExtensionsHeader(byte* out, word32 outSz, word32 extSz)
- {
- byte sequence[MAX_SEQ_SZ];
- byte len[MAX_LENGTH_SZ];
- word32 seqSz, lenSz, idx = 0;
- if (out == NULL)
- return BAD_FUNC_ARG;
- if (outSz < 3)
- return BUFFER_E;
- seqSz = SetSequence(extSz, sequence);
- /* encode extensions length provided */
- lenSz = SetLength(extSz+seqSz, len);
- if (outSz < (word32)(lenSz+seqSz+1))
- return BUFFER_E;
- out[idx++] = ASN_EXTENSIONS; /* extensions id */
- XMEMCPY(&out[idx], len, lenSz); /* length */
- idx += lenSz;
- XMEMCPY(&out[idx], sequence, seqSz); /* sequence */
- idx += seqSz;
- return (int)idx;
- }
- /* encode CA basic constraints true with path length
- * return total bytes written */
- static int SetCaWithPathLen(byte* out, word32 outSz, byte pathLen)
- {
- /* ASN1->DER sequence for Basic Constraints True and path length */
- const byte caPathLenBasicConstASN1[] = {
- 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
- 0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01,
- 0x00
- };
- if (out == NULL)
- return BAD_FUNC_ARG;
- if (outSz < sizeof(caPathLenBasicConstASN1))
- return BUFFER_E;
- XMEMCPY(out, caPathLenBasicConstASN1, sizeof(caPathLenBasicConstASN1));
- out[sizeof(caPathLenBasicConstASN1)-1] = pathLen;
- return (int)sizeof(caPathLenBasicConstASN1);
- }
- /* encode CA basic constraints
- * return total bytes written */
- static int SetCaEx(byte* out, word32 outSz, byte isCa)
- {
- /* ASN1->DER sequence for Basic Constraints True */
- const byte caBasicConstASN1[] = {
- 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
- 0x05, 0x30, 0x03, 0x01, 0x01, 0xff
- };
- if (out == NULL)
- return BAD_FUNC_ARG;
- if (outSz < sizeof(caBasicConstASN1))
- return BUFFER_E;
- XMEMCPY(out, caBasicConstASN1, sizeof(caBasicConstASN1));
- if (!isCa) {
- out[sizeof(caBasicConstASN1)-1] = isCa;
- }
- return (int)sizeof(caBasicConstASN1);
- }
- /* encode CA basic constraints true
- * return total bytes written */
- static int SetCa(byte* out, word32 outSz)
- {
- return SetCaEx(out, outSz, 1);
- }
- /* encode basic constraints without CA Boolean
- * return total bytes written */
- static int SetBC(byte* out, word32 outSz)
- {
- /* ASN1->DER sequence for Basic Constraint without CA Boolean */
- const byte BasicConstASN1[] = {
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
- 0x02, 0x30, 0x00
- };
- if (out == NULL)
- return BAD_FUNC_ARG;
- if (outSz < sizeof(BasicConstASN1))
- return BUFFER_E;
- XMEMCPY(out, BasicConstASN1, sizeof(BasicConstASN1));
- return (int)sizeof(BasicConstASN1);
- }
- #endif
- #ifdef WOLFSSL_CERT_EXT
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* encode OID and associated value, return total bytes written */
- static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz,
- byte *in, word32 inSz)
- {
- word32 idx = 0;
- if (out == NULL || oid == NULL || in == NULL)
- return BAD_FUNC_ARG;
- if (outSz < 3)
- return BUFFER_E;
- /* sequence, + 1 => byte to put value size */
- idx = SetSequence(inSz + oidSz + 1, out);
- if ((idx + inSz + oidSz + 1) > outSz)
- return BUFFER_E;
- XMEMCPY(out+idx, oid, oidSz);
- idx += oidSz;
- out[idx++] = (byte)inSz;
- XMEMCPY(out+idx, in, inSz);
- return (int)(idx+inSz);
- }
- /* encode Subject Key Identifier, return total bytes written
- * RFC5280 : non-critical */
- static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
- {
- byte skid_len[1 + MAX_LENGTH_SZ];
- byte skid_enc_len[MAX_LENGTH_SZ];
- word32 idx = 0, skid_lenSz, skid_enc_lenSz;
- const byte skid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04 };
- if (output == NULL || input == NULL)
- return BAD_FUNC_ARG;
- /* Octet String header */
- skid_lenSz = SetOctetString(length, skid_len);
- /* length of encoded value */
- skid_enc_lenSz = SetLength(length + skid_lenSz, skid_enc_len);
- if (outSz < 3)
- return BUFFER_E;
- idx = SetSequence(length + (word32)sizeof(skid_oid) + skid_lenSz +
- skid_enc_lenSz, output);
- if ((length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz) > outSz)
- return BUFFER_E;
- /* put oid */
- XMEMCPY(output+idx, skid_oid, sizeof(skid_oid));
- idx += sizeof(skid_oid);
- /* put encoded len */
- XMEMCPY(output+idx, skid_enc_len, skid_enc_lenSz);
- idx += skid_enc_lenSz;
- /* put octet header */
- XMEMCPY(output+idx, skid_len, skid_lenSz);
- idx += skid_lenSz;
- /* put value */
- XMEMCPY(output+idx, input, length);
- idx += length;
- return (int)idx;
- }
- /* encode Authority Key Identifier, return total bytes written
- * RFC5280 : non-critical */
- static int SetAKID(byte* output, word32 outSz, byte *input, word32 length,
- byte rawAkid)
- {
- int enc_valSz;
- byte enc_val_buf[MAX_KID_SZ];
- byte* enc_val;
- const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 };
- const byte akid_cs[] = { 0x80 };
- word32 inSeqSz, idx;
- (void)rawAkid;
- if (output == NULL || input == NULL)
- return BAD_FUNC_ARG;
- #ifdef WOLFSSL_AKID_NAME
- if (rawAkid) {
- enc_val = input;
- enc_valSz = length;
- }
- else
- #endif
- {
- enc_val = enc_val_buf;
- enc_valSz = (int)length + 3 + (int)sizeof(akid_cs);
- if (enc_valSz > (int)sizeof(enc_val_buf))
- return BAD_FUNC_ARG;
- /* sequence for ContentSpec & value */
- enc_valSz = SetOidValue(enc_val, (word32)enc_valSz, akid_cs,
- sizeof(akid_cs), input, length);
- if (enc_valSz <= 0)
- return enc_valSz;
- }
- /* The size of the extension sequence contents */
- inSeqSz = (word32)sizeof(akid_oid) +
- SetOctetString((word32)enc_valSz, NULL) + (word32)enc_valSz;
- if (SetSequence(inSeqSz, NULL) + inSeqSz > outSz)
- return BAD_FUNC_ARG;
- /* Write out the sequence header */
- idx = SetSequence(inSeqSz, output);
- /* Write out OID */
- XMEMCPY(output + idx, akid_oid, sizeof(akid_oid));
- idx += sizeof(akid_oid);
- /* Write out AKID */
- idx += SetOctetString((word32)enc_valSz, output + idx);
- XMEMCPY(output + idx, enc_val, (size_t)enc_valSz);
- return (int)idx + enc_valSz;
- }
- /* encode Key Usage, return total bytes written
- * RFC5280 : critical */
- static int SetKeyUsage(byte* output, word32 outSz, word16 input)
- {
- byte ku[5];
- word32 idx;
- const byte keyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f,
- 0x01, 0x01, 0xff, 0x04};
- if (output == NULL)
- return BAD_FUNC_ARG;
- idx = SetBitString16Bit(input, ku);
- return SetOidValue(output, outSz, keyusage_oid, sizeof(keyusage_oid),
- ku, idx);
- }
- static int SetOjectIdValue(byte* output, word32 outSz, word32* idx,
- const byte* oid, word32 oidSz)
- {
- /* verify room */
- if (*idx + 2 + oidSz >= outSz)
- return ASN_PARSE_E;
- *idx += (word32)SetObjectId((int)oidSz, &output[*idx]);
- XMEMCPY(&output[*idx], oid, oidSz);
- *idx += oidSz;
- return 0;
- }
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for extended key usage.
- * X.509: RFC 5280, 4.2.12 - Extended Key Usage
- * Dynamic creation of template for encoding.
- */
- static const ASNItem ekuASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- };
- enum {
- EKUASN_IDX_SEQ = 0,
- EKUASN_IDX_OID
- };
- /* OIDs corresponding to extended key usage. */
- struct {
- const byte* oid;
- word32 oidSz;
- } ekuOid[] = {
- { extExtKeyUsageServerAuthOid, sizeof(extExtKeyUsageServerAuthOid) },
- { extExtKeyUsageClientAuthOid, sizeof(extExtKeyUsageClientAuthOid) },
- { extExtKeyUsageCodeSigningOid, sizeof(extExtKeyUsageCodeSigningOid) },
- { extExtKeyUsageEmailProtectOid, sizeof(extExtKeyUsageEmailProtectOid) },
- { extExtKeyUsageTimestampOid, sizeof(extExtKeyUsageTimestampOid) },
- { extExtKeyUsageOcspSignOid, sizeof(extExtKeyUsageOcspSignOid) },
- };
- #define EKU_OID_LO 1
- #define EKU_OID_HI 6
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* encode Extended Key Usage (RFC 5280 4.2.1.12), return total bytes written */
- static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0, oidListSz = 0, totalSz;
- int ret = 0;
- const byte extkeyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 };
- if (output == NULL)
- return BAD_FUNC_ARG;
- /* Skip to OID List */
- totalSz = 2 + sizeof(extkeyusage_oid) + 4;
- idx = totalSz;
- /* Build OID List */
- /* If any set, then just use it */
- if (input & EXTKEYUSE_ANY) {
- ret |= SetOjectIdValue(output, outSz, &idx,
- extExtKeyUsageAnyOid, sizeof(extExtKeyUsageAnyOid));
- }
- else {
- if (input & EXTKEYUSE_SERVER_AUTH)
- ret |= SetOjectIdValue(output, outSz, &idx,
- extExtKeyUsageServerAuthOid, sizeof(extExtKeyUsageServerAuthOid));
- if (input & EXTKEYUSE_CLIENT_AUTH)
- ret |= SetOjectIdValue(output, outSz, &idx,
- extExtKeyUsageClientAuthOid, sizeof(extExtKeyUsageClientAuthOid));
- if (input & EXTKEYUSE_CODESIGN)
- ret |= SetOjectIdValue(output, outSz, &idx,
- extExtKeyUsageCodeSigningOid, sizeof(extExtKeyUsageCodeSigningOid));
- if (input & EXTKEYUSE_EMAILPROT)
- ret |= SetOjectIdValue(output, outSz, &idx,
- extExtKeyUsageEmailProtectOid, sizeof(extExtKeyUsageEmailProtectOid));
- if (input & EXTKEYUSE_TIMESTAMP)
- ret |= SetOjectIdValue(output, outSz, &idx,
- extExtKeyUsageTimestampOid, sizeof(extExtKeyUsageTimestampOid));
- if (input & EXTKEYUSE_OCSP_SIGN)
- ret |= SetOjectIdValue(output, outSz, &idx,
- extExtKeyUsageOcspSignOid, sizeof(extExtKeyUsageOcspSignOid));
- #ifdef WOLFSSL_EKU_OID
- /* iterate through OID values */
- if (input & EXTKEYUSE_USER) {
- int i, sz;
- for (i = 0; i < CTC_MAX_EKU_NB; i++) {
- sz = cert->extKeyUsageOIDSz[i];
- if (sz > 0) {
- ret |= SetOjectIdValue(output, outSz, &idx,
- cert->extKeyUsageOID[i], sz);
- }
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- }
- if (ret != 0)
- return ASN_PARSE_E;
- /* Calculate Sizes */
- oidListSz = idx - totalSz;
- totalSz = idx - 2; /* exclude first seq/len (2) */
- /* 1. Seq + Total Len (2) */
- idx = SetSequence(totalSz, output);
- /* 2. Object ID (2) */
- XMEMCPY(&output[idx], extkeyusage_oid, sizeof(extkeyusage_oid));
- idx += sizeof(extkeyusage_oid);
- /* 3. Octet String (2) */
- idx += SetOctetString(totalSz - idx, &output[idx]);
- /* 4. Seq + OidListLen (2) */
- idx += SetSequence(oidListSz, &output[idx]);
- /* 5. Oid List (already set in-place above) */
- idx += oidListSz;
- (void)cert;
- return (int)idx;
- #else
- /* TODO: consider calculating size of OBJECT_IDs, setting length into
- * SEQUENCE, encode SEQUENCE, encode OBJECT_IDs into buffer. */
- ASNSetData* dataASN;
- ASNItem* extKuASN = NULL;
- int asnIdx = 1;
- size_t cnt = 1 + EKU_OID_HI;
- int i;
- int ret = 0;
- int sz = 0;
- #ifdef WOLFSSL_EKU_OID
- cnt += CTC_MAX_EKU_NB;
- #endif
- /* Allocate memory for dynamic data items. */
- dataASN = (ASNSetData*)XMALLOC(cnt * sizeof(ASNSetData), cert->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (dataASN == NULL) {
- ret = MEMORY_E;
- }
- if (ret == 0) {
- /* Allocate memory for dynamic ASN.1 template. */
- extKuASN = (ASNItem*)XMALLOC(cnt * sizeof(ASNItem), cert->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (extKuASN == NULL) {
- ret = MEMORY_E;
- }
- }
- if (ret == 0) {
- /* Copy Sequence into dynamic ASN.1 template. */
- XMEMCPY(&extKuASN[EKUASN_IDX_SEQ], ekuASN, sizeof(ASNItem));
- /* Clear dynamic data. */
- XMEMSET(dataASN, 0, cnt * sizeof(ASNSetData));
- /* Build up the template and data. */
- /* If 'any' set, then just use it. */
- if ((input & EXTKEYUSE_ANY) == EXTKEYUSE_ANY) {
- /* Set template item. */
- XMEMCPY(&extKuASN[EKUASN_IDX_OID], &ekuASN[EKUASN_IDX_OID],
- sizeof(ASNItem));
- /* Set data item. */
- SetASN_Buffer(&dataASN[asnIdx], extExtKeyUsageAnyOid,
- sizeof(extExtKeyUsageAnyOid));
- asnIdx++;
- }
- else {
- /* Step through the flagged purposes. */
- for (i = EKU_OID_LO; i <= EKU_OID_HI; i++) {
- if ((input & (1 << i)) != 0) {
- /* Set template item. */
- XMEMCPY(&extKuASN[asnIdx], &ekuASN[EKUASN_IDX_OID],
- sizeof(ASNItem));
- /* Set data item. */
- SetASN_Buffer(&dataASN[asnIdx], ekuOid[i - 1].oid,
- ekuOid[i - 1].oidSz);
- asnIdx++;
- }
- }
- #ifdef WOLFSSL_EKU_OID
- if (input & EXTKEYUSE_USER) {
- /* Iterate through OID values */
- for (i = 0; i < CTC_MAX_EKU_NB; i++) {
- sz = cert->extKeyUsageOIDSz[i];
- if (sz > 0) {
- /* Set template item. */
- XMEMCPY(&extKuASN[asnIdx], &ekuASN[EKUASN_IDX_OID],
- sizeof(ASNItem));
- /* Set data item. */
- SetASN_Buffer(&dataASN[asnIdx], cert->extKeyUsageOID[i],
- sz);
- asnIdx++;
- }
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- (void)cert;
- }
- /* Calculate size of encoding. */
- sz = 0;
- ret = SizeASN_Items(extKuASN, dataASN, asnIdx, &sz);
- }
- /* When buffer to write to, ensure it's big enough. */
- if ((ret == 0) && (output != NULL) && (sz > (int)outSz)) {
- ret = BUFFER_E;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode extended key usage. */
- SetASN_Items(extKuASN, dataASN, asnIdx, output);
- }
- if (ret == 0) {
- /* Return the encoding size. */
- ret = sz;
- }
- /* Dispose of allocated data. */
- if (extKuASN != NULL) {
- XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (dataASN != NULL) {
- XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- #endif
- }
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- #ifndef WOLFSSL_ASN_TEMPLATE
- static int SetNsCertType(Cert* cert, byte* output, word32 outSz, byte input)
- {
- word32 idx;
- byte unusedBits = 0;
- byte nsCertType = input;
- word32 totalSz;
- word32 bitStrSz;
- const byte nscerttype_oid[] = { 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
- 0x86, 0xF8, 0x42, 0x01, 0x01 };
- if (cert == NULL || output == NULL ||
- input == 0)
- return BAD_FUNC_ARG;
- totalSz = sizeof(nscerttype_oid);
- /* Get amount of lsb zero's */
- for (;(input & 1) == 0; input >>= 1)
- unusedBits++;
- /* 1 byte of NS Cert Type extension */
- bitStrSz = SetBitString(1, unusedBits, NULL) + 1;
- totalSz += SetOctetString(bitStrSz, NULL) + bitStrSz;
- if (SetSequence(totalSz, NULL) + totalSz > outSz)
- return BAD_FUNC_ARG;
- /* 1. Seq + Total Len */
- idx = SetSequence(totalSz, output);
- /* 2. Object ID */
- XMEMCPY(&output[idx], nscerttype_oid, sizeof(nscerttype_oid));
- idx += sizeof(nscerttype_oid);
- /* 3. Octet String */
- idx += SetOctetString(bitStrSz, &output[idx]);
- /* 4. Bit String */
- idx += SetBitString(1, unusedBits, &output[idx]);
- output[idx++] = nsCertType;
- return (int)idx;
- }
- #endif
- #endif
- #ifndef WOLFSSL_ASN_TEMPLATE
- static int SetCRLInfo(Cert* cert, byte* output, word32 outSz, byte* input,
- int inSz)
- {
- word32 idx;
- word32 totalSz;
- const byte crlinfo_oid[] = { 0x06, 0x03, 0x55, 0x1D, 0x1F };
- if (cert == NULL || output == NULL ||
- input == 0 || inSz <= 0)
- return BAD_FUNC_ARG;
- totalSz = (word32)sizeof(crlinfo_oid) + SetOctetString((word32)inSz, NULL) +
- (word32)inSz;
- if (SetSequence(totalSz, NULL) + totalSz > outSz)
- return BAD_FUNC_ARG;
- /* 1. Seq + Total Len */
- idx = SetSequence(totalSz, output);
- /* 2. Object ID */
- XMEMCPY(&output[idx], crlinfo_oid, sizeof(crlinfo_oid));
- idx += sizeof(crlinfo_oid);
- /* 3. Octet String */
- idx += SetOctetString((word32)inSz, &output[idx]);
- /* 4. CRL Info */
- XMEMCPY(&output[idx], input, (size_t)inSz);
- idx += (word32)inSz;
- return (int)idx;
- }
- #endif
- /* encode Certificate Policies, return total bytes written
- * each input value must be ITU-T X.690 formatted : a.b.c...
- * input must be an array of values with a NULL terminated for the latest
- * RFC5280 : non-critical */
- static int SetCertificatePolicies(byte *output,
- word32 outputSz,
- char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ],
- word16 nb_certpol,
- void* heap)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- byte oid[MAX_OID_SZ];
- byte der_oid[MAX_CERTPOL_NB][MAX_OID_SZ];
- byte out[MAX_CERTPOL_SZ];
- word32 oidSz;
- word32 outSz;
- word32 i = 0;
- word32 der_oidSz[MAX_CERTPOL_NB];
- int ret;
- const byte certpol_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04 };
- const byte oid_oid[] = { 0x06 };
- if (output == NULL || input == NULL || nb_certpol > MAX_CERTPOL_NB)
- return BAD_FUNC_ARG;
- for (i = 0; i < nb_certpol; i++) {
- oidSz = sizeof(oid);
- XMEMSET(oid, 0, oidSz);
- ret = EncodePolicyOID(oid, &oidSz, input[i], heap);
- if (ret != 0)
- return ret;
- /* compute sequence value for the oid */
- ret = SetOidValue(der_oid[i], MAX_OID_SZ, oid_oid,
- sizeof(oid_oid), oid, oidSz);
- if (ret <= 0)
- return ret;
- else
- der_oidSz[i] = (word32)ret;
- }
- /* concatenate oid, keep two byte for sequence/size of the created value */
- for (i = 0, outSz = 2; i < nb_certpol; i++) {
- XMEMCPY(out+outSz, der_oid[i], der_oidSz[i]);
- outSz += der_oidSz[i];
- }
- /* add sequence */
- ret = (int)SetSequence(outSz-2, out);
- if (ret <= 0)
- return ret;
- /* add Policy OID to compute final value */
- return SetOidValue(output, outputSz, certpol_oid, sizeof(certpol_oid),
- out, outSz);
- #else
- int i;
- int ret = 0;
- byte oid[MAX_OID_SZ];
- word32 oidSz;
- word32 sz = 0;
- int piSz;
- if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) {
- ret = BAD_FUNC_ARG;
- }
- /* Put in policyIdentifier but not policyQualifiers. */
- for (i = 0; (ret == 0) && (i < nb_certpol); i++) {
- ASNSetData dataASN[policyInfoASN_Length];
- oidSz = sizeof(oid);
- XMEMSET(oid, 0, oidSz);
- dataASN[POLICYINFOASN_IDX_QUALI].noOut = 1;
- ret = EncodePolicyOID(oid, &oidSz, input[i], heap);
- if (ret == 0) {
- XMEMSET(dataASN, 0, sizeof(dataASN));
- SetASN_Buffer(&dataASN[POLICYINFOASN_IDX_ID], oid, oidSz);
- ret = SizeASN_Items(policyInfoASN, dataASN, policyInfoASN_Length,
- &piSz);
- }
- if ((ret == 0) && (output != NULL) && (sz + (word32)piSz > outputSz)) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- if (output != NULL) {
- SetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length,
- output);
- output += piSz;
- }
- sz += (word32)piSz;
- }
- }
- if (ret == 0) {
- ret = (int)sz;
- }
- return ret;
- #endif
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_ALT_NAMES
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* encode Alternative Names, return total bytes written */
- static int SetAltNames(byte *output, word32 outSz,
- const byte *input, word32 length, int critical)
- {
- byte san_len[1 + MAX_LENGTH_SZ];
- const byte san_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 };
- const byte san_crit[] = { 0x01, 0x01, 0xff };
- word32 seqSz, san_lenSz, idx = 0;
- if (output == NULL || input == NULL)
- return BAD_FUNC_ARG;
- if (outSz < length)
- return BUFFER_E;
- /* Octet String header */
- san_lenSz = SetOctetString(length, san_len);
- if (outSz < MAX_SEQ_SZ)
- return BUFFER_E;
- seqSz = length + (word32)sizeof(san_oid) + san_lenSz;
- if (critical)
- seqSz += sizeof(san_crit);
- idx = SetSequence(seqSz, output);
- if (seqSz > outSz)
- return BUFFER_E;
- /* put oid */
- XMEMCPY(output+idx, san_oid, sizeof(san_oid));
- idx += sizeof(san_oid);
- if (critical) {
- XMEMCPY(output+idx, san_crit, sizeof(san_crit));
- idx += sizeof(san_crit);
- }
- /* put octet header */
- XMEMCPY(output+idx, san_len, san_lenSz);
- idx += san_lenSz;
- /* put value */
- XMEMCPY(output+idx, input, length);
- idx += length;
- return (int)idx;
- }
- #endif /* WOLFSSL_ASN_TEMPLATE */
- int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
- {
- word32 idx;
- const DNS_entry* curName;
- word32 namesSz = 0;
- #ifdef WOLFSSL_ALT_NAMES_NO_REV
- word32 i;
- #endif
- if (output == NULL)
- return BAD_FUNC_ARG;
- if (names == NULL)
- return 0;
- curName = names;
- do {
- namesSz += (word32)curName->len + 2 +
- ((curName->len < ASN_LONG_LENGTH) ? 0
- : BytePrecision((word32)curName->len));
- curName = curName->next;
- } while (curName != NULL);
- if (outputSz < MAX_SEQ_SZ + namesSz)
- return BUFFER_E;
- idx = SetSequence(namesSz, output);
- #ifdef WOLFSSL_ALT_NAMES_NO_REV
- namesSz += idx;
- i = namesSz;
- #endif
- curName = names;
- do {
- #ifdef WOLFSSL_ALT_NAMES_NO_REV
- word32 len = SetLength(curName->len, NULL);
- idx = i - curName->len - len - 1;
- i = idx;
- #endif
- output[idx] = (byte) (ASN_CONTEXT_SPECIFIC | curName->type);
- if (curName->type == ASN_DIR_TYPE || curName->type == ASN_OTHER_TYPE) {
- output[idx] |= ASN_CONSTRUCTED;
- }
- idx++;
- idx += SetLength((word32)curName->len, output + idx);
- XMEMCPY(output + idx, curName->name, (size_t)curName->len);
- #ifndef WOLFSSL_ALT_NAMES_NO_REV
- idx += (word32)curName->len;
- #endif
- curName = curName->next;
- } while (curName != NULL);
- #ifdef WOLFSSL_ALT_NAMES_NO_REV
- idx = namesSz;
- #endif
- return (int)idx;
- }
- #endif /* WOLFSSL_ALT_NAMES */
- #endif /* WOLFSSL_CERT_GEN */
- #if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Simple domain name OID size. */
- #define DN_OID_SZ 3
- /* Encodes one attribute of the name (issuer/subject)
- *
- * name structure to hold result of encoding
- * nameStr value to be encoded
- * nameTag tag of encoding i.e CTC_UTF8
- * type id of attribute i.e ASN_COMMON_NAME
- * emailTag tag of email i.e CTC_UTF8
- * returns length on success
- */
- static int EncodeName(EncodedName* name, const char* nameStr,
- byte nameTag, byte type, byte emailTag, CertName* cname)
- {
- #if !defined(WOLFSSL_ASN_TEMPLATE)
- word32 idx = 0;
- /* bottom up */
- byte firstLen[1 + MAX_LENGTH_SZ];
- byte secondLen[MAX_LENGTH_SZ];
- byte sequence[MAX_SEQ_SZ];
- byte set[MAX_SET_SZ];
- word32 strLen;
- word32 thisLen;
- word32 firstSz, secondSz, seqSz, setSz;
- if (nameStr == NULL) {
- name->used = 0;
- return 0;
- }
- thisLen = strLen = (word32)XSTRLEN(nameStr);
- #ifdef WOLFSSL_CUSTOM_OID
- if (type == ASN_CUSTOM_NAME) {
- if (cname == NULL || cname->custom.oidSz == 0) {
- name->used = 0;
- return 0;
- }
- thisLen = strLen = (word32)cname->custom.valSz;
- }
- #else
- (void)cname;
- #endif
- if (strLen == 0) { /* no user data for this item */
- name->used = 0;
- return 0;
- }
- /* Restrict country code size */
- if (type == ASN_COUNTRY_NAME && strLen != CTC_COUNTRY_SIZE) {
- WOLFSSL_MSG("Country code size error");
- WOLFSSL_ERROR_VERBOSE(ASN_COUNTRY_SIZE_E);
- return ASN_COUNTRY_SIZE_E;
- }
- secondSz = SetLength(strLen, secondLen);
- thisLen += secondSz;
- switch (type) {
- case ASN_EMAIL_NAME: /* email */
- thisLen += (int)sizeof(attrEmailOid);
- firstSz = (int)sizeof(attrEmailOid);
- break;
- case ASN_DOMAIN_COMPONENT:
- thisLen += (int)sizeof(dcOid);
- firstSz = (int)sizeof(dcOid);
- break;
- case ASN_USER_ID:
- thisLen += (int)sizeof(uidOid);
- firstSz = (int)sizeof(uidOid);
- break;
- case ASN_FAVOURITE_DRINK:
- thisLen += (int)sizeof(fvrtDrk);
- firstSz = (int)sizeof(fvrtDrk);
- break;
- #ifdef WOLFSSL_CUSTOM_OID
- case ASN_CUSTOM_NAME:
- thisLen += cname->custom.oidSz;
- firstSz = cname->custom.oidSz;
- break;
- #endif
- #ifdef WOLFSSL_CERT_REQ
- case ASN_CONTENT_TYPE:
- thisLen += (int)sizeof(attrPkcs9ContentTypeOid);
- firstSz = (int)sizeof(attrPkcs9ContentTypeOid);
- break;
- #endif
- default:
- thisLen += DN_OID_SZ;
- firstSz = DN_OID_SZ;
- }
- thisLen++; /* id type */
- firstSz = (word32)SetObjectId((int)firstSz, firstLen);
- thisLen += firstSz;
- seqSz = SetSequence(thisLen, sequence);
- thisLen += seqSz;
- setSz = SetSet(thisLen, set);
- thisLen += setSz;
- if (thisLen > (int)sizeof(name->encoded)) {
- return BUFFER_E;
- }
- /* store it */
- idx = 0;
- /* set */
- XMEMCPY(name->encoded, set, setSz);
- idx += setSz;
- /* seq */
- XMEMCPY(name->encoded + idx, sequence, seqSz);
- idx += seqSz;
- /* asn object id */
- XMEMCPY(name->encoded + idx, firstLen, firstSz);
- idx += firstSz;
- switch (type) {
- case ASN_EMAIL_NAME:
- /* email joint id */
- XMEMCPY(name->encoded + idx, attrEmailOid, sizeof(attrEmailOid));
- idx += (int)sizeof(attrEmailOid);
- name->encoded[idx++] = emailTag;
- break;
- case ASN_DOMAIN_COMPONENT:
- XMEMCPY(name->encoded + idx, dcOid, sizeof(dcOid)-1);
- idx += (int)sizeof(dcOid)-1;
- /* id type */
- name->encoded[idx++] = type;
- /* str type */
- name->encoded[idx++] = nameTag;
- break;
- case ASN_USER_ID:
- XMEMCPY(name->encoded + idx, uidOid, sizeof(uidOid));
- idx += (int)sizeof(uidOid);
- /* str type */
- name->encoded[idx++] = nameTag;
- break;
- case ASN_FAVOURITE_DRINK:
- XMEMCPY(name->encoded + idx, fvrtDrk, sizeof(fvrtDrk));
- idx += (int)sizeof(fvrtDrk);
- /* str type */
- name->encoded[idx++] = nameTag;
- break;
- #ifdef WOLFSSL_CUSTOM_OID
- case ASN_CUSTOM_NAME:
- XMEMCPY(name->encoded + idx, cname->custom.oid,
- cname->custom.oidSz);
- idx += cname->custom.oidSz;
- /* str type */
- name->encoded[idx++] = nameTag;
- break;
- #endif
- #ifdef WOLFSSL_CERT_REQ
- case ASN_CONTENT_TYPE:
- XMEMCPY(name->encoded + idx, attrPkcs9ContentTypeOid,
- sizeof(attrPkcs9ContentTypeOid));
- idx += (int)sizeof(attrPkcs9ContentTypeOid);
- /* str type */
- name->encoded[idx++] = nameTag;
- break;
- #endif
- default:
- name->encoded[idx++] = 0x55;
- name->encoded[idx++] = 0x04;
- /* id type */
- name->encoded[idx++] = type;
- /* str type */
- name->encoded[idx++] = nameTag;
- }
- /* second length */
- XMEMCPY(name->encoded + idx, secondLen, secondSz);
- idx += secondSz;
- /* str value */
- XMEMCPY(name->encoded + idx, nameStr, strLen);
- idx += strLen;
- name->type = type;
- name->totalLen = (int)idx;
- name->used = 1;
- return (int)idx;
- #else
- DECL_ASNSETDATA(dataASN, rdnASN_Length);
- ASNItem namesASN[rdnASN_Length];
- byte dnOid[DN_OID_SZ] = { 0x55, 0x04, 0x00 };
- int ret = 0;
- int sz = 0;
- const byte* oid;
- word32 oidSz = 0;
- word32 nameSz = 0;
- /* Validate input parameters. */
- if ((name == NULL) || (nameStr == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNSETDATA(dataASN, rdnASN_Length, ret, NULL);
- if (ret == 0) {
- nameSz = (word32)XSTRLEN(nameStr);
- /* Copy the RDN encoding template. ASN.1 tag for the name string is set
- * based on type. */
- XMEMCPY(namesASN, rdnASN, sizeof(namesASN));
- /* Set OID and ASN.1 tag for name depending on type. */
- switch (type) {
- case ASN_EMAIL_NAME:
- /* email OID different to standard types. */
- oid = attrEmailOid;
- oidSz = sizeof(attrEmailOid);
- /* Use email specific type/tag. */
- nameTag = emailTag;
- break;
- case ASN_DOMAIN_COMPONENT:
- /* Domain component OID different to standard types. */
- oid = dcOid;
- oidSz = sizeof(dcOid);
- break;
- case ASN_USER_ID:
- /* Domain component OID different to standard types. */
- oid = uidOid;
- oidSz = sizeof(uidOid);
- break;
- case ASN_FAVOURITE_DRINK:
- oid = fvrtDrk;
- oidSz = sizeof(fvrtDrk);
- break;
- #ifdef WOLFSSL_CUSTOM_OID
- case ASN_CUSTOM_NAME:
- nameSz = cname->custom.valSz;
- oid = cname->custom.oid;
- oidSz = cname->custom.oidSz;
- break;
- #endif
- #ifdef WOLFSSL_CERT_REQ
- case ASN_CONTENT_TYPE:
- oid = attrPkcs9ContentTypeOid;
- oidSz = sizeof(attrPkcs9ContentTypeOid);
- break;
- #endif
- default:
- /* Construct OID using type. */
- dnOid[2] = type;
- oid = dnOid;
- oidSz = DN_OID_SZ;
- break;
- }
- /* Set OID corresponding to the name type. */
- SetASN_Buffer(&dataASN[RDNASN_IDX_ATTR_TYPE], oid, oidSz);
- /* Set name string. */
- SetASN_Buffer(&dataASN[RDNASN_IDX_ATTR_VAL], (const byte *)nameStr, nameSz);
- /* Set the ASN.1 tag for the name string. */
- namesASN[RDNASN_IDX_ATTR_VAL].tag = nameTag;
- /* Calculate size of encoded name and indexes of components. */
- ret = SizeASN_Items(namesASN, dataASN, rdnASN_Length, &sz);
- }
- /* Check if name's buffer is big enough. */
- if ((ret == 0) && (sz > (int)sizeof(name->encoded))) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* Encode name into the buffer. */
- SetASN_Items(namesASN, dataASN, rdnASN_Length, name->encoded);
- /* Cache the type and size, and set that it is used. */
- name->type = type;
- name->totalLen = sz;
- name->used = 1;
- /* Return size of encoding. */
- ret = sz;
- }
- (void)cname;
- FREE_ASNSETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* canonical encoding one attribute of the name (issuer/subject)
- * call EncodeName with CTC_UTF8 for email type
- *
- * name structure to hold result of encoding
- * nameStr value to be encoded
- * nameType type of encoding i.e CTC_UTF8
- * type id of attribute i.e ASN_COMMON_NAME
- *
- * returns length on success
- */
- int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
- char nameType, byte type)
- {
- return EncodeName(name, nameStr, (byte)nameType, type,
- ASN_UTF8STRING, NULL);
- }
- #endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- #if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
- (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
- /* Convert key usage string (comma delimited, null terminated) to word16
- * Returns 0 on success, negative on error */
- int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap)
- {
- int ret = 0;
- char *token, *str, *ptr;
- word32 len = 0;
- word16 usage = 0;
- if (value == NULL || keyUsage == NULL) {
- return BAD_FUNC_ARG;
- }
- /* duplicate string (including terminator) */
- len = (word32)XSTRLEN(value);
- str = (char*)XMALLOC(len + 1, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (str == NULL) {
- return MEMORY_E;
- }
- XMEMCPY(str, value, len + 1);
- /* parse value, and set corresponding Key Usage value */
- if ((token = XSTRTOK(str, ",", &ptr)) == NULL) {
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return KEYUSAGE_E;
- }
- while (token != NULL) {
- if (!XSTRCASECMP(token, "digitalSignature"))
- usage |= KEYUSE_DIGITAL_SIG;
- else if (!XSTRCASECMP(token, "nonRepudiation") ||
- !XSTRCASECMP(token, "contentCommitment"))
- usage |= KEYUSE_CONTENT_COMMIT;
- else if (!XSTRCASECMP(token, "keyEncipherment"))
- usage |= KEYUSE_KEY_ENCIPHER;
- else if (!XSTRCASECMP(token, "dataEncipherment"))
- usage |= KEYUSE_DATA_ENCIPHER;
- else if (!XSTRCASECMP(token, "keyAgreement"))
- usage |= KEYUSE_KEY_AGREE;
- else if (!XSTRCASECMP(token, "keyCertSign"))
- usage |= KEYUSE_KEY_CERT_SIGN;
- else if (!XSTRCASECMP(token, "cRLSign"))
- usage |= KEYUSE_CRL_SIGN;
- else if (!XSTRCASECMP(token, "encipherOnly"))
- usage |= KEYUSE_ENCIPHER_ONLY;
- else if (!XSTRCASECMP(token, "decipherOnly"))
- usage |= KEYUSE_DECIPHER_ONLY;
- else {
- ret = KEYUSAGE_E;
- break;
- }
- token = XSTRTOK(NULL, ",", &ptr);
- }
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0) {
- *keyUsage = usage;
- }
- return ret;
- }
- /* Convert extended key usage string (comma delimited, null terminated) to byte
- * Returns 0 on success, negative on error */
- int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap)
- {
- int ret = 0;
- char *token, *str, *ptr;
- word32 len = 0;
- byte usage = 0;
- if (value == NULL || extKeyUsage == NULL) {
- return BAD_FUNC_ARG;
- }
- /* duplicate string (including terminator) */
- len = (word32)XSTRLEN(value);
- str = (char*)XMALLOC(len + 1, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (str == NULL) {
- return MEMORY_E;
- }
- XMEMCPY(str, value, len + 1);
- /* parse value, and set corresponding Key Usage value */
- if ((token = XSTRTOK(str, ",", &ptr)) == NULL) {
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return EXTKEYUSAGE_E;
- }
- while (token != NULL) {
- if (!XSTRCASECMP(token, "any"))
- usage |= EXTKEYUSE_ANY;
- else if (!XSTRCASECMP(token, "serverAuth"))
- usage |= EXTKEYUSE_SERVER_AUTH;
- else if (!XSTRCASECMP(token, "clientAuth"))
- usage |= EXTKEYUSE_CLIENT_AUTH;
- else if (!XSTRCASECMP(token, "codeSigning"))
- usage |= EXTKEYUSE_CODESIGN;
- else if (!XSTRCASECMP(token, "emailProtection"))
- usage |= EXTKEYUSE_EMAILPROT;
- else if (!XSTRCASECMP(token, "timeStamping"))
- usage |= EXTKEYUSE_TIMESTAMP;
- else if (!XSTRCASECMP(token, "OCSPSigning"))
- usage |= EXTKEYUSE_OCSP_SIGN;
- else {
- ret = EXTKEYUSAGE_E;
- break;
- }
- token = XSTRTOK(NULL, ",", &ptr);
- }
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0) {
- *extKeyUsage = usage;
- }
- return ret;
- }
- #endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */
- #ifdef WOLFSSL_CERT_GEN
- /* Encodes one attribute of the name (issuer/subject)
- * call we_EncodeName_ex with 0x16, IA5String for email type
- * name structure to hold result of encoding
- * nameStr value to be encoded
- * nameType type of encoding i.e CTC_UTF8
- * type id of attribute i.e ASN_COMMON_NAME
- *
- * returns length on success
- */
- int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
- byte type)
- {
- return EncodeName(name, nameStr, (byte)nameType, type,
- ASN_IA5_STRING, NULL);
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- static void SetRdnItems(ASNItem* namesASN, ASNSetData* dataASN, const byte* oid,
- word32 oidSz, byte tag, const byte* data, word32 sz)
- {
- XMEMCPY(namesASN, rdnASN, sizeof(rdnASN));
- SetASN_Buffer(&dataASN[RDNASN_IDX_ATTR_TYPE], oid, oidSz);
- namesASN[RDNASN_IDX_ATTR_VAL].tag = tag;
- SetASN_Buffer(&dataASN[RDNASN_IDX_ATTR_VAL], data, sz);
- }
- #ifdef WOLFSSL_MULTI_ATTRIB
- static int FindMultiAttrib(CertName* name, int id, int* idx)
- {
- int i;
- for (i = *idx + 1; i < CTC_MAX_ATTRIB; i++) {
- if (name->name[i].sz > 0 && name->name[i].id == id) {
- break;
- }
- }
- if (i == CTC_MAX_ATTRIB) {
- i = -1;
- }
- *idx = i;
- return i >= 0;
- }
- #endif
- /* ASN.1 template for the SEQUENCE around the RDNs.
- * X.509: RFC 5280, 4.1.2.4 - RDNSequence
- */
- static const ASNItem nameASN[] = {
- { 0, ASN_SEQUENCE, 1, 1, 0 },
- };
- enum {
- NAMEASN_IDX_SEQ = 0
- };
- /* Number of items in ASN.1 template for the SEQUENCE around the RDNs. */
- #define nameASN_Length (sizeof(nameASN) / sizeof(ASNItem))
- static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN,
- int maxIdx, CertName* name)
- {
- int i;
- int idx;
- int ret = 0;
- word32 nameLen[NAME_ENTRIES];
- #ifdef WOLFSSL_MULTI_ATTRIB
- int j;
- #endif
- for (i = 0; i < NAME_ENTRIES; i++) {
- /* Keep name length to identify component is to be encoded. */
- const char* nameStr = GetOneCertName(name, i);
- nameLen[i] = nameStr ? (word32)XSTRLEN(nameStr) : 0;
- }
- idx = nameASN_Length;
- for (i = 0; i < NAME_ENTRIES; i++) {
- int type = GetCertNameId(i);
- #ifdef WOLFSSL_MULTI_ATTRIB
- j = -1;
- /* Put DomainComponents before OrgUnitName. */
- while (FindMultiAttrib(name, type, &j)) {
- if (GetCertNameId(i) != ASN_DOMAIN_COMPONENT) {
- continue;
- }
- if (dataASN != NULL && namesASN != NULL) {
- if (idx > maxIdx - (int)rdnASN_Length) {
- WOLFSSL_MSG("Wanted to write more ASN than allocated");
- ret = BUFFER_E;
- break;
- }
- /* Copy data into dynamic vars. */
- SetRdnItems(namesASN + idx, dataASN + idx, dcOid,
- sizeof(dcOid), (byte)name->name[j].type,
- (byte*)name->name[j].value,
- (word32)name->name[j].sz);
- }
- idx += (int)rdnASN_Length;
- }
- if (ret != 0)
- break;
- #endif
- if (nameLen[i] > 0) {
- if (dataASN != NULL) {
- if (idx > maxIdx - (int)rdnASN_Length) {
- WOLFSSL_MSG("Wanted to write more ASN than allocated");
- ret = BUFFER_E;
- break;
- }
- /* Write out first instance of attribute type. */
- if (type == ASN_EMAIL_NAME) {
- /* Copy email data into dynamic vars. */
- SetRdnItems(namesASN + idx, dataASN + idx, attrEmailOid,
- sizeof(attrEmailOid), ASN_IA5_STRING,
- (const byte*)GetOneCertName(name, i), nameLen[i]);
- }
- else if (type == ASN_USER_ID) {
- /* Copy userID data into dynamic vars. */
- SetRdnItems(namesASN + idx, dataASN + idx, uidOid,
- sizeof(uidOid), (byte)GetNameType(name, i),
- (const byte*)GetOneCertName(name, i), nameLen[i]);
- }
- else if (type == ASN_FAVOURITE_DRINK) {
- /* Copy favourite drink data into dynamic vars. */
- SetRdnItems(namesASN + idx, dataASN + idx, fvrtDrk,
- sizeof(fvrtDrk), (byte)GetNameType(name, i),
- (const byte*)GetOneCertName(name, i), nameLen[i]);
- }
- else if (type == ASN_CUSTOM_NAME) {
- #ifdef WOLFSSL_CUSTOM_OID
- SetRdnItems(namesASN + idx, dataASN + idx, name->custom.oid,
- name->custom.oidSz, name->custom.enc,
- name->custom.val, name->custom.valSz);
- #endif
- }
- else {
- /* Copy name data into dynamic vars. */
- SetRdnItems(namesASN + idx, dataASN + idx, nameOid[i],
- NAME_OID_SZ, (byte)GetNameType(name, i),
- (const byte*)GetOneCertName(name, i), nameLen[i]);
- }
- }
- idx += (int)rdnASN_Length;
- }
- #ifdef WOLFSSL_MULTI_ATTRIB
- j = -1;
- /* Write all other attributes of this type. */
- while (FindMultiAttrib(name, type, &j)) {
- if (GetCertNameId(i) == ASN_DOMAIN_COMPONENT) {
- continue;
- }
- if (dataASN != NULL && namesASN != NULL) {
- if (idx > maxIdx - (int)rdnASN_Length) {
- WOLFSSL_MSG("Wanted to write more ASN than allocated");
- ret = BUFFER_E;
- break;
- }
- /* Copy data into dynamic vars. */
- SetRdnItems(namesASN + idx, dataASN + idx, nameOid[i],
- NAME_OID_SZ, (byte)name->name[j].type,
- (byte*)name->name[j].value, (word32)name->name[j].sz);
- }
- idx += (int)rdnASN_Length;
- }
- if (ret != 0)
- break;
- #endif
- }
- if (ret == 0)
- ret = idx;
- return ret;
- }
- #endif
- /* encode CertName into output, return total bytes written */
- int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- int i;
- word32 idx, totalBytes = 0;
- #ifdef WOLFSSL_SMALL_STACK
- EncodedName* names = NULL;
- #else
- EncodedName names[NAME_ENTRIES];
- #endif
- #ifdef WOLFSSL_MULTI_ATTRIB
- EncodedName addNames[CTC_MAX_ATTRIB];
- int j, type;
- #endif
- if (output == NULL || name == NULL)
- return BAD_FUNC_ARG;
- if (outputSz < 3)
- return BUFFER_E;
- #ifdef WOLFSSL_SMALL_STACK
- names = (EncodedName*)XMALLOC(sizeof(EncodedName) * NAME_ENTRIES, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (names == NULL)
- return MEMORY_E;
- #endif
- for (i = 0; i < NAME_ENTRIES; i++) {
- const char* nameStr = GetOneCertName(name, i);
- ret = EncodeName(&names[i], nameStr, (byte)GetNameType(name, i),
- GetCertNameId(i), ASN_IA5_STRING, name);
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_MSG("EncodeName failed");
- return BUFFER_E;
- }
- totalBytes += (word32)ret;
- }
- #ifdef WOLFSSL_MULTI_ATTRIB
- for (i = 0; i < CTC_MAX_ATTRIB; i++) {
- if (name->name[i].sz > 0) {
- ret = EncodeName(&addNames[i], name->name[i].value,
- (byte)name->name[i].type, (byte)name->name[i].id,
- ASN_IA5_STRING, NULL);
- if (ret < 0) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_MSG("EncodeName on multiple attributes failed");
- return BUFFER_E;
- }
- totalBytes += (word32)ret;
- }
- else {
- addNames[i].used = 0;
- }
- }
- #endif /* WOLFSSL_MULTI_ATTRIB */
- /* header */
- idx = SetSequence(totalBytes, output);
- totalBytes += idx;
- if (totalBytes > WC_ASN_NAME_MAX) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_MSG("Total Bytes is greater than WC_ASN_NAME_MAX");
- return BUFFER_E;
- }
- for (i = 0; i < NAME_ENTRIES; i++) {
- #ifdef WOLFSSL_MULTI_ATTRIB
- type = GetCertNameId(i);
- for (j = 0; j < CTC_MAX_ATTRIB; j++) {
- if (name->name[j].sz > 0 && type == name->name[j].id) {
- if (outputSz < idx + (word32)addNames[j].totalLen) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_MSG("Not enough space left for DC value");
- return BUFFER_E;
- }
- XMEMCPY(output + idx, addNames[j].encoded,
- (size_t)addNames[j].totalLen);
- idx += (word32)addNames[j].totalLen;
- }
- }
- #endif /* WOLFSSL_MULTI_ATTRIB */
- if (names[i].used) {
- if (outputSz < idx + (word32)names[i].totalLen) {
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return BUFFER_E;
- }
- XMEMCPY(output + idx, names[i].encoded, (size_t)names[i].totalLen);
- idx += (word32)names[i].totalLen;
- }
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- (void)heap;
- return (int)totalBytes;
- #else
- /* TODO: consider calculating size of entries, putting length into
- * SEQUENCE, encode SEQUENCE, encode entries into buffer. */
- ASNSetData* dataASN = NULL; /* Can't use DECL_ASNSETDATA. Always dynamic. */
- ASNItem* namesASN = NULL;
- word32 items = 0;
- int ret = 0;
- int sz = 0;
- /* Calculate length of name entries and size for allocating. */
- ret = SetNameRdnItems(NULL, NULL, 0, name);
- if (ret > 0) {
- items = (word32)ret;
- ret = 0;
- }
- /* Allocate dynamic data items. */
- dataASN = (ASNSetData*)XMALLOC(items * sizeof(ASNSetData), heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (dataASN == NULL) {
- ret = MEMORY_E;
- }
- else {
- /* Allocate dynamic ASN.1 template items. */
- namesASN = (ASNItem*)XMALLOC(items * sizeof(ASNItem), heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (namesASN == NULL) {
- ret = MEMORY_E;
- }
- }
- if (ret == 0) {
- /* Clear the dynamic data. */
- XMEMSET(dataASN, 0, items * sizeof(ASNSetData));
- /* Copy in the outer sequence. */
- XMEMCPY(namesASN, nameASN, sizeof(nameASN));
- ret = SetNameRdnItems(dataASN, namesASN, (int)items, name);
- if (ret == (int)items)
- ret = 0;
- else if (ret > 0) {
- WOLFSSL_MSG("SetNameRdnItems returned different length");
- ret = BUFFER_E;
- }
- }
- if (ret == 0) {
- /* Calculate size of encoding. */
- ret = SizeASN_Items(namesASN, dataASN, (int)items, &sz);
- }
- /* Check buffer size if passed in. */
- if (ret == 0 && output != NULL && sz > (int)outputSz) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- if (output != NULL) {
- /* Encode Name. */
- ret = SetASN_Items(namesASN, dataASN, (int)items, output);
- }
- else {
- /* Return the encoding size. */
- ret = sz;
- }
- }
- if (namesASN != NULL)
- XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (dataASN != NULL)
- XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
- (void)heap;
- return ret;
- #endif
- }
- int SetName(byte* output, word32 outputSz, CertName* name)
- {
- return SetNameEx(output, outputSz, name, NULL);
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- static int EncodePublicKey(int keyType, byte* output, int outLen,
- RsaKey* rsaKey, ecc_key* eccKey,
- ed25519_key* ed25519Key, ed448_key* ed448Key,
- DsaKey* dsaKey)
- {
- int ret = 0;
- (void)outLen;
- (void)rsaKey;
- (void)eccKey;
- (void)ed25519Key;
- (void)ed448Key;
- (void)dsaKey;
- switch (keyType) {
- #ifndef NO_RSA
- case RSA_KEY:
- ret = SetRsaPublicKey(output, rsaKey, outLen, 1);
- if (ret <= 0) {
- ret = PUBLIC_KEY_E;
- }
- break;
- #endif
- #ifdef HAVE_ECC
- case ECC_KEY:
- ret = SetEccPublicKey(output, eccKey, outLen, 1, 0);
- if (ret <= 0) {
- ret = PUBLIC_KEY_E;
- }
- break;
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- case ED25519_KEY:
- ret = wc_Ed25519PublicKeyToDer(ed25519Key, output,
- (word32)outLen, 1);
- if (ret <= 0) {
- ret = PUBLIC_KEY_E;
- }
- break;
- #endif
- #ifdef HAVE_ED448
- case ED448_KEY:
- ret = wc_Ed448PublicKeyToDer(ed448Key, output, (word32)outLen, 1);
- if (ret <= 0) {
- ret = PUBLIC_KEY_E;
- }
- break;
- #endif
- default:
- ret = PUBLIC_KEY_E;
- break;
- }
- return ret;
- }
- /* ASN.1 template for certificate extensions.
- * X.509: RFC 5280, 4.1 - Basic Certificate Fields.
- * All extensions supported for encoding are described.
- */
- static const ASNItem static_certExtsASN[] = {
- /* Basic Constraints Extension - 4.2.1.9 */
- /* BC_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* BC_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* BC_STR */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- /* BC_STR_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* cA */
- /* BC_CA */ { 3, ASN_BOOLEAN, 0, 0, 0 },
- /* pathLenConstraint */
- /* BC_PATHLEN */ { 3, ASN_INTEGER, 0, 0, 1 },
- /* Subject Alternative Name - 4.2.1.6 */
- /* SAN_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* SAN_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* SAN_CRIT */ { 1, ASN_BOOLEAN, 0, 0, 0 },
- /* SAN_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- /* Subject Key Identifier - 4.2.1.2 */
- /* SKID_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* SKID_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* SKID_STR */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- /* SKID_KEYID */ { 2, ASN_OCTET_STRING, 0, 0, 0 },
- /* Authority Key Identifier - 4.2.1.1 */
- /* AKID_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* AKID_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* AKID_STR */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- /* AKID_STR_SEQ, */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* AKID_KEYID */ { 3, ASN_CONTEXT_SPECIFIC | 0, 0, 0, 0 },
- /* Key Usage - 4.2.1.3 */
- /* KU_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* KU_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* KU_CRIT */ { 1, ASN_BOOLEAN, 0, 0, 0 },
- /* KU_STR */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- /* KU_USAGE */ { 2, ASN_BIT_STRING, 0, 0, 0 },
- /* Extended Key Usage - 4,2,1,12 */
- /* EKU_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* EKU_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* EKU_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- /* Certificate Policies - 4.2.1.4 */
- /* POLICIES_SEQ, */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* POLICIES_OID, */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* POLICIES_STR, */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- /* POLICIES_INFO */ { 2, ASN_SEQUENCE, 1, 0, 0 },
- /* Netscape Certificate Type */
- /* NSTYPE_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* NSTYPE_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* NSTYPE_STR */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- /* NSTYPE_USAGE, */ { 2, ASN_BIT_STRING, 0, 0, 0 },
- /* CRLINFO_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* CRLINFO_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* CRLINFO_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- /* SAPKI_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* SAPKI_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* SAPKI_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- /* ALTSIGALG_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* ALTSIGALG_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* ALTSIGALG_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- /* ALTSIGVAL_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* ALTSIGVAL_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* ALTSIGVAL_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- /* CUSTOM_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* CUSTOM_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* CUSTOM_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- };
- enum {
- CERTEXTSASN_IDX_BC_SEQ = 0,
- CERTEXTSASN_IDX_BC_OID,
- CERTEXTSASN_IDX_BC_STR,
- CERTEXTSASN_IDX_BC_STR_SEQ,
- CERTEXTSASN_IDX_BC_CA,
- CERTEXTSASN_IDX_BC_PATHLEN,
- CERTEXTSASN_IDX_SAN_SEQ,
- CERTEXTSASN_IDX_SAN_OID,
- CERTEXTSASN_IDX_SAN_CRIT,
- CERTEXTSASN_IDX_SAN_STR,
- CERTEXTSASN_IDX_SKID_SEQ,
- CERTEXTSASN_IDX_SKID_OID,
- CERTEXTSASN_IDX_SKID_STR,
- CERTEXTSASN_IDX_SKID_KEYID,
- CERTEXTSASN_IDX_AKID_SEQ,
- CERTEXTSASN_IDX_AKID_OID,
- CERTEXTSASN_IDX_AKID_STR,
- CERTEXTSASN_IDX_AKID_STR_SEQ,
- CERTEXTSASN_IDX_AKID_KEYID,
- CERTEXTSASN_IDX_KU_SEQ,
- CERTEXTSASN_IDX_KU_OID,
- CERTEXTSASN_IDX_KU_CRIT,
- CERTEXTSASN_IDX_KU_STR,
- CERTEXTSASN_IDX_KU_USAGE,
- CERTEXTSASN_IDX_EKU_SEQ,
- CERTEXTSASN_IDX_EKU_OID,
- CERTEXTSASN_IDX_EKU_STR,
- CERTEXTSASN_IDX_POLICIES_SEQ,
- CERTEXTSASN_IDX_POLICIES_OID,
- CERTEXTSASN_IDX_POLICIES_STR,
- CERTEXTSASN_IDX_POLICIES_INFO,
- CERTEXTSASN_IDX_NSTYPE_SEQ,
- CERTEXTSASN_IDX_NSTYPE_OID,
- CERTEXTSASN_IDX_NSTYPE_STR,
- CERTEXTSASN_IDX_NSTYPE_USAGE,
- CERTEXTSASN_IDX_CRLINFO_SEQ,
- CERTEXTSASN_IDX_CRLINFO_OID,
- CERTEXTSASN_IDX_CRLINFO_STR,
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- CERTEXTSASN_IDX_SAPKI_SEQ,
- CERTEXTSASN_IDX_SAPKI_OID,
- CERTEXTSASN_IDX_SAPKI_STR,
- CERTEXTSASN_IDX_ALTSIGALG_SEQ,
- CERTEXTSASN_IDX_ALTSIGALG_OID,
- CERTEXTSASN_IDX_ALTSIGALG_STR,
- CERTEXTSASN_IDX_ALTSIGVAL_SEQ,
- CERTEXTSASN_IDX_ALTSIGVAL_OID,
- CERTEXTSASN_IDX_ALTSIGVAL_STR,
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- CERTEXTSASN_IDX_CUSTOM_SEQ,
- CERTEXTSASN_IDX_CUSTOM_OID,
- CERTEXTSASN_IDX_CUSTOM_STR,
- CERTEXTSASN_IDX_START_CUSTOM
- };
- /* Number of items in ASN.1 template for certificate extensions. We multiply
- * by 4 because there are 4 things (seq, OID, crit flag, octet string). */
- #define certExtsASN_Length ((sizeof(static_certExtsASN) / sizeof(ASNItem)) \
- + (NUM_CUSTOM_EXT * 4))
- static const ASNItem customExtASN[] = {
- /* CUSTOM_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* CUSTOM_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* CUSTOM_CRIT */ { 1, ASN_BOOLEAN, 0, 0, 0 },
- /* CUSTOM_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- };
- static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
- int forRequest)
- {
- DECL_ASNSETDATA(dataASN, certExtsASN_Length);
- int sz = 0;
- int ret = 0;
- int i = 0;
- static const byte bcOID[] = { 0x55, 0x1d, 0x13 };
- #ifdef WOLFSSL_ALT_NAMES
- static const byte sanOID[] = { 0x55, 0x1d, 0x11 };
- #endif
- #ifdef WOLFSSL_CERT_EXT
- static const byte skidOID[] = { 0x55, 0x1d, 0x0e };
- static const byte akidOID[] = { 0x55, 0x1d, 0x23 };
- static const byte kuOID[] = { 0x55, 0x1d, 0x0f };
- static const byte ekuOID[] = { 0x55, 0x1d, 0x25 };
- static const byte cpOID[] = { 0x55, 0x1d, 0x20 };
- static const byte nsCertOID[] = { 0x60, 0x86, 0x48, 0x01,
- 0x86, 0xF8, 0x42, 0x01, 0x01 };
- static const byte crlInfoOID[] = { 0x55, 0x1D, 0x1F };
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- static const byte sapkiOID[] = { 0x55, 0x1d, 0x48 };
- static const byte altSigAlgOID[] = { 0x55, 0x1d, 0x49 };
- static const byte altSigValOID[] = { 0x55, 0x1d, 0x4a };
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_SMALL_STACK
- #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_CERT_EXT)
- byte *encodedOids;
- #endif
- ASNItem *certExtsASN = (ASNItem *)XMALLOC(certExtsASN_Length *
- sizeof(ASNItem), cert->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (certExtsASN == NULL) {
- return MEMORY_E;
- }
- #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_CERT_EXT)
- encodedOids = (byte *)XMALLOC(NUM_CUSTOM_EXT * MAX_OID_SZ, cert->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedOids == NULL) {
- XFREE(certExtsASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
- #endif
- #else
- ASNItem certExtsASN[certExtsASN_Length];
- #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_CERT_EXT)
- byte encodedOids[NUM_CUSTOM_EXT * MAX_OID_SZ];
- #endif
- #endif
- /* Clone static_certExtsASN into a certExtsASN and then fill the rest of it
- * with (NUM_CUSTOM_EXT*4) more ASNItems specifying extensions. See comment
- * above definition of certExtsASN_Length. */
- XMEMCPY(certExtsASN, static_certExtsASN, sizeof(static_certExtsASN));
- for (i = sizeof(static_certExtsASN) / sizeof(ASNItem);
- i < (int)certExtsASN_Length; i += 4) {
- XMEMCPY(&certExtsASN[i], customExtASN, sizeof(customExtASN));
- }
- (void)forRequest;
- CALLOC_ASNSETDATA(dataASN, certExtsASN_Length, ret, cert->heap);
- if (ret == 0) {
- if (cert->isCA) {
- /* Set Basic Constraints to be a Certificate Authority. */
- SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CA], 1);
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID));
- if (cert->pathLenSet
- #ifdef WOLFSSL_CERT_EXT
- && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))
- #endif
- ) {
- SetASN_Int8Bit(&dataASN[CERTEXTSASN_IDX_BC_PATHLEN],
- cert->pathLen);
- }
- else {
- dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1;
- }
- }
- #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE
- else if (cert->isCaSet) {
- SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CA], 0);
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID));
- dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1;
- }
- #endif
- else if (cert->basicConstSet) {
- /* Set Basic Constraints to be a non Certificate Authority. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID));
- dataASN[CERTEXTSASN_IDX_BC_CA].noOut = 1;
- dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1;
- }
- else {
- /* Don't write out Basic Constraints extension items. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_BC_SEQ,
- CERTEXTSASN_IDX_BC_PATHLEN);
- }
- #ifdef WOLFSSL_ALT_NAMES
- if (cert->altNamesSz > 0) {
- /* Set Subject Alternative Name OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAN_OID],
- sanOID, sizeof(sanOID));
- if (cert->altNamesCrit) {
- SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_SAN_CRIT], 1);
- }
- else {
- dataASN[CERTEXTSASN_IDX_SAN_CRIT].noOut = 1;
- }
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAN_STR],
- cert->altNames, (word32)cert->altNamesSz);
- }
- else
- #endif
- {
- /* Don't write out Subject Alternative Name extension items. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_SAN_SEQ,
- CERTEXTSASN_IDX_SAN_STR);
- }
- #ifdef WOLFSSL_CERT_EXT
- if (cert->skidSz > 0) {
- /* Set Subject Key Identifier OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SKID_OID],
- skidOID, sizeof(skidOID));
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SKID_KEYID],
- cert->skid, (word32)cert->skidSz);
- }
- else
- #endif
- {
- /* Don't write out Subject Key Identifier extension items. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_SKID_SEQ,
- CERTEXTSASN_IDX_SKID_KEYID);
- }
- #ifdef WOLFSSL_CERT_EXT
- if (cert->akidSz > 0) {
- /* Set Authority Key Identifier OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_AKID_OID],
- akidOID, sizeof(akidOID));
- #ifdef WOLFSSL_AKID_NAME
- if (cert->rawAkid) {
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_AKID_STR],
- cert->akid, (word32)cert->akidSz);
- /* cert->akid contains the internal ext structure */
- SetASNItem_NoOutBelow(dataASN, certExtsASN,
- CERTEXTSASN_IDX_AKID_STR, certExtsASN_Length);
- }
- else
- #endif
- {
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_AKID_KEYID],
- cert->akid, (word32)cert->akidSz);
- }
- }
- else
- #endif
- {
- /* Don't write out Authority Key Identifier extension items. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_AKID_SEQ,
- CERTEXTSASN_IDX_AKID_KEYID);
- }
- #ifdef WOLFSSL_CERT_EXT
- if (cert->keyUsage != 0) {
- /* Set Key Usage OID, critical and value. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_KU_OID],
- kuOID, sizeof(kuOID));
- SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_KU_CRIT], 1);
- SetASN_Int16Bit(&dataASN[CERTEXTSASN_IDX_KU_USAGE],
- cert->keyUsage);
- }
- else
- #endif
- {
- /* Don't write out Key Usage extension items. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_KU_SEQ,
- CERTEXTSASN_IDX_KU_USAGE);
- }
- #ifdef WOLFSSL_CERT_EXT
- if (cert->extKeyUsage != 0) {
- /* Calculate size of Extended Key Usage data. */
- sz = SetExtKeyUsage(cert, NULL, 0, cert->extKeyUsage);
- if (sz <= 0) {
- ret = KEYUSAGE_E;
- }
- /* Set Extended Key Usage OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_EKU_OID],
- ekuOID, sizeof(ekuOID));
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_EKU_STR],
- NULL, (word32)sz);
- }
- else
- #endif
- {
- /* Don't write out Extended Key Usage extension items. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_EKU_SEQ,
- CERTEXTSASN_IDX_EKU_STR);
- }
- #ifdef WOLFSSL_CERT_EXT
- if ((!forRequest) && (cert->certPoliciesNb > 0)) {
- /* Calculate size of certificate policies. */
- sz = SetCertificatePolicies(NULL, 0, cert->certPolicies,
- cert->certPoliciesNb, cert->heap);
- if (sz > 0) {
- /* Set Certificate Policies OID. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_POLICIES_OID],
- cpOID, sizeof(cpOID));
- /* Make space for data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_POLICIES_INFO],
- NULL, (word32)sz);
- }
- else {
- ret = CERTPOLICIES_E;
- }
- }
- else
- #endif
- {
- /* Don't write out Certificate Policies extension items. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_POLICIES_SEQ,
- CERTEXTSASN_IDX_POLICIES_INFO);
- }
- #if defined(WOLFSSL_CERT_EXT) && !defined(IGNORE_NETSCAPE_CERT_TYPE)
- /* Netscape Certificate Type */
- if (cert->nsCertType != 0) {
- /* Set Netscape Certificate Type OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_NSTYPE_OID],
- nsCertOID, sizeof(nsCertOID));
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_NSTYPE_USAGE],
- &cert->nsCertType, 1);
- }
- else
- #endif
- {
- /* Don't write out Netscape Certificate Type. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_NSTYPE_SEQ,
- CERTEXTSASN_IDX_NSTYPE_USAGE);
- }
- #ifdef WOLFSSL_CERT_EXT
- if (cert->crlInfoSz > 0) {
- /* Set CRL Distribution Points OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CRLINFO_OID],
- crlInfoOID, sizeof(crlInfoOID));
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CRLINFO_STR],
- cert->crlInfo, (word32)cert->crlInfoSz);
- }
- else
- #endif
- {
- /* Don't write out CRL Distribution Points. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_CRLINFO_SEQ,
- CERTEXTSASN_IDX_CRLINFO_STR);
- }
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- if (cert->sapkiDer != NULL) {
- /* Set subject alternative public key info OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_OID], sapkiOID,
- sizeof(sapkiOID));
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_STR], cert->sapkiDer,
- cert->sapkiLen);
- }
- else {
- /* Don't write out subject alternative public key info. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_SAPKI_SEQ,
- CERTEXTSASN_IDX_SAPKI_STR);
- }
- if (cert->altSigAlgDer != NULL) {
- /* Set alternative signature algorithm OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_OID], altSigAlgOID,
- sizeof(altSigAlgOID));
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_STR],
- cert->altSigAlgDer, cert->altSigAlgLen);
- }
- else {
- /* Don't write out alternative signature algorithm. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_ALTSIGALG_SEQ,
- CERTEXTSASN_IDX_ALTSIGALG_STR);
- }
- if (cert->altSigValDer != NULL) {
- /* Set alternative signature value OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_OID], altSigValOID,
- sizeof(altSigValOID));
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_STR],
- cert->altSigValDer, cert->altSigValLen);
- }
- else {
- /* Don't write out alternative signature value. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_ALTSIGVAL_SEQ,
- CERTEXTSASN_IDX_ALTSIGVAL_STR);
- }
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CUSTOM_OID)
- /* encode a custom oid and value */
- if (cert->extCustom.oidSz > 0) {
- /* Set CRL Distribution Points OID and data. */
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CUSTOM_OID],
- cert->extCustom.oid, cert->extCustom.oidSz);
- SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CUSTOM_STR],
- cert->extCustom.val, cert->extCustom.valSz);
- }
- else
- #endif
- {
- /* Don't write out custom OID. */
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_CUSTOM_SEQ,
- CERTEXTSASN_IDX_CUSTOM_STR);
- }
- i = 0;
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CUSTOM_OID)
- for (; i < cert->customCertExtCount; i++) {
- int idx = CERTEXTSASN_IDX_START_CUSTOM + (i * 4);
- word32 encodedOidSz = MAX_OID_SZ;
- idx++; /* Skip one for for SEQ. */
- /* EncodePolicyOID() will never return error since we parsed this
- * OID when it was set. */
- EncodePolicyOID(&encodedOids[i * MAX_OID_SZ], &encodedOidSz,
- cert->customCertExt[i].oid, NULL);
- SetASN_Buffer(&dataASN[idx], &encodedOids[i * MAX_OID_SZ],
- encodedOidSz);
- idx++;
- if (cert->customCertExt[i].crit) {
- SetASN_Boolean(&dataASN[idx], 1);
- } else {
- dataASN[idx].noOut = 1;
- }
- idx++;
- SetASN_Buffer(&dataASN[idx], cert->customCertExt[i].val,
- cert->customCertExt[i].valSz);
- }
- #endif
- while (i < NUM_CUSTOM_EXT) {
- SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_START_CUSTOM + (i * 4),
- CERTEXTSASN_IDX_START_CUSTOM + (i * 4) + 3);
- i++;
- }
- }
- if (ret == 0) {
- /* Calculate size of encoded extensions. */
- ret = SizeASN_Items(certExtsASN, dataASN, certExtsASN_Length, &sz);
- }
- if (ret == 0) {
- /* Only SEQUENCE - don't encode extensions. */
- if (sz == 2) {
- sz = 0;
- }
- /* Check buffer is big enough. */
- else if ((output != NULL) && (sz > (int)maxSz)) {
- ret = BUFFER_E;
- }
- }
- if ((ret == 0) && (output != NULL) && (sz > 0)) {
- /* Encode certificate extensions into buffer. */
- SetASN_Items(certExtsASN, dataASN, certExtsASN_Length, output);
- #ifdef WOLFSSL_CERT_EXT
- if (cert->extKeyUsage != 0){
- /* Encode Extended Key Usage into space provided. */
- if (SetExtKeyUsage(cert,
- (byte*)dataASN[CERTEXTSASN_IDX_EKU_STR].data.buffer.data,
- dataASN[CERTEXTSASN_IDX_EKU_STR].data.buffer.length,
- cert->extKeyUsage) <= 0) {
- ret = KEYUSAGE_E;
- }
- }
- if ((!forRequest) && (cert->certPoliciesNb > 0)) {
- /* Encode Certificate Policies into space provided. */
- if (SetCertificatePolicies(
- (byte*)dataASN[CERTEXTSASN_IDX_POLICIES_INFO].data.buffer.data,
- dataASN[CERTEXTSASN_IDX_POLICIES_INFO].data.buffer.length,
- cert->certPolicies, cert->certPoliciesNb, cert->heap) <= 0) {
- ret = CERTPOLICIES_E;
- }
- }
- #endif
- }
- if (ret == 0) {
- /* Return the encoding size. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, cert->heap);
- #ifdef WOLFSSL_SMALL_STACK
- #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_CERT_EXT)
- XFREE(encodedOids, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(certExtsASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* Set Date validity from now until now + daysValid
- * return size in bytes written to output, 0 on error */
- /* TODO https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
- * "MUST always encode certificate validity dates through the year 2049 as
- * UTCTime; certificate validity dates in 2050 or later MUST be encoded as
- * GeneralizedTime." */
- static int SetValidity(byte* output, int daysValid)
- {
- #ifndef NO_ASN_TIME
- byte before[MAX_DATE_SIZE];
- byte after[MAX_DATE_SIZE];
- word32 beforeSz, afterSz, seqSz;
- time_t now;
- time_t then;
- struct tm* tmpTime;
- struct tm* expandedTime;
- struct tm localTime;
- #if defined(NEED_TMP_TIME)
- /* for use with gmtime_r */
- struct tm tmpTimeStorage;
- tmpTime = &tmpTimeStorage;
- #else
- tmpTime = NULL;
- #endif
- (void)tmpTime;
- now = wc_Time(0);
- /* before now */
- before[0] = ASN_GENERALIZED_TIME;
- beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */
- /* subtract 1 day of seconds for more compliance */
- then = now - 86400;
- expandedTime = XGMTIME(&then, tmpTime);
- if (ValidateGmtime(expandedTime)) {
- WOLFSSL_MSG("XGMTIME failed");
- return 0; /* error */
- }
- localTime = *expandedTime;
- /* adjust */
- localTime.tm_year += 1900;
- localTime.tm_mon += 1;
- SetTime(&localTime, before + beforeSz);
- beforeSz += ASN_GEN_TIME_SZ;
- after[0] = ASN_GENERALIZED_TIME;
- afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */
- /* add daysValid of seconds */
- then = now + (daysValid * (time_t)86400);
- expandedTime = XGMTIME(&then, tmpTime);
- if (ValidateGmtime(expandedTime)) {
- WOLFSSL_MSG("XGMTIME failed");
- return 0; /* error */
- }
- localTime = *expandedTime;
- /* adjust */
- localTime.tm_year += 1900;
- localTime.tm_mon += 1;
- SetTime(&localTime, after + afterSz);
- afterSz += ASN_GEN_TIME_SZ;
- /* headers and output */
- seqSz = SetSequence(beforeSz + afterSz, output);
- XMEMCPY(output + seqSz, before, beforeSz);
- XMEMCPY(output + seqSz + beforeSz, after, afterSz);
- return (int)(seqSz + beforeSz + afterSz);
- #else
- (void)output;
- (void)daysValid;
- return NOT_COMPILED_IN;
- #endif
- }
- #else
- static int SetValidity(byte* before, byte* after, int daysValid)
- {
- #ifndef NO_ASN_TIME
- int ret = 0;
- time_t now;
- time_t then;
- struct tm* tmpTime;
- struct tm* expandedTime;
- struct tm localTime;
- #if defined(NEED_TMP_TIME)
- /* for use with gmtime_r */
- struct tm tmpTimeStorage;
- tmpTime = &tmpTimeStorage;
- #else
- tmpTime = NULL;
- #endif
- (void)tmpTime;
- now = wc_Time(0);
- /* subtract 1 day of seconds for more compliance */
- then = now - 86400;
- expandedTime = XGMTIME(&then, tmpTime);
- if (ValidateGmtime(expandedTime)) {
- WOLFSSL_MSG("XGMTIME failed");
- ret = DATE_E;
- }
- if (ret == 0) {
- localTime = *expandedTime;
- /* adjust */
- localTime.tm_year += 1900;
- localTime.tm_mon += 1;
- SetTime(&localTime, before);
- /* add daysValid of seconds */
- then = now + (daysValid * (time_t)86400);
- expandedTime = XGMTIME(&then, tmpTime);
- if (ValidateGmtime(expandedTime)) {
- WOLFSSL_MSG("XGMTIME failed");
- ret = DATE_E;
- }
- }
- if (ret == 0) {
- localTime = *expandedTime;
- /* adjust */
- localTime.tm_year += 1900;
- localTime.tm_mon += 1;
- SetTime(&localTime, after);
- }
- return ret;
- #else
- (void)before;
- (void)after;
- (void)daysValid;
- return NOT_COMPILED_IN;
- #endif
- }
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* encode info from cert into DER encoded format */
- static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
- WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key,
- ed448_key* ed448Key, falcon_key* falconKey,
- dilithium_key* dilithiumKey, sphincs_key* sphincsKey)
- {
- int ret;
- if (cert == NULL || der == NULL || rng == NULL)
- return BAD_FUNC_ARG;
- /* make sure at least one key type is provided */
- if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
- dsaKey == NULL && ed448Key == NULL && falconKey == NULL &&
- dilithiumKey == NULL && sphincsKey == NULL) {
- return PUBLIC_KEY_E;
- }
- /* init */
- XMEMSET(der, 0, sizeof(DerCert));
- /* version */
- der->versionSz = SetMyVersion((word32)cert->version, der->version, TRUE);
- /* serial number (must be positive) */
- if (cert->serialSz == 0) {
- /* generate random serial */
- cert->serialSz = CTC_GEN_SERIAL_SZ;
- ret = wc_RNG_GenerateBlock(rng, cert->serial, (word32)cert->serialSz);
- if (ret != 0)
- return ret;
- /* Clear the top bit to avoid a negative value */
- cert->serial[0] &= 0x7f;
- }
- der->serialSz = SetSerialNumber(cert->serial, (word32)cert->serialSz,
- der->serial, sizeof(der->serial),
- CTC_SERIAL_SIZE);
- if (der->serialSz < 0)
- return der->serialSz;
- /* signature algo */
- der->sigAlgoSz = (int)SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0);
- if (der->sigAlgoSz <= 0)
- return ALGO_ID_E;
- /* public key */
- #ifndef NO_RSA
- if (cert->keyType == RSA_KEY) {
- if (rsaKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey,
- sizeof(der->publicKey), 1);
- }
- #endif
- #ifdef HAVE_ECC
- if (cert->keyType == ECC_KEY) {
- if (eccKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey,
- sizeof(der->publicKey), 1, 0);
- }
- #endif
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
- if (cert->keyType == DSA_KEY) {
- if (dsaKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey,
- sizeof(der->publicKey), 1);
- }
- #endif
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- if (cert->keyType == ED25519_KEY) {
- if (ed25519Key == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_Ed25519PublicKeyToDer(ed25519Key, der->publicKey,
- (word32)sizeof(der->publicKey), 1);
- }
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- if (cert->keyType == ED448_KEY) {
- if (ed448Key == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_Ed448PublicKeyToDer(ed448Key, der->publicKey,
- (word32)sizeof(der->publicKey), 1);
- }
- #endif
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- if ((cert->keyType == FALCON_LEVEL1_KEY) ||
- (cert->keyType == FALCON_LEVEL5_KEY)) {
- if (falconKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz =
- wc_Falcon_PublicKeyToDer(falconKey, der->publicKey,
- (word32)sizeof(der->publicKey), 1);
- }
- #endif /* HAVE_FALCON */
- #if defined(HAVE_DILITHIUM)
- if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
- (cert->keyType == DILITHIUM_LEVEL3_KEY) ||
- (cert->keyType == DILITHIUM_LEVEL5_KEY)) {
- if (dilithiumKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz =
- wc_Dilithium_PublicKeyToDer(dilithiumKey, der->publicKey,
- (word32)sizeof(der->publicKey), 1);
- }
- #endif /* HAVE_DILITHIUM */
- #if defined(HAVE_SPHINCS)
- if ((cert->keyType == SPHINCS_FAST_LEVEL1_KEY) ||
- (cert->keyType == SPHINCS_FAST_LEVEL3_KEY) ||
- (cert->keyType == SPHINCS_FAST_LEVEL5_KEY) ||
- (cert->keyType == SPHINCS_SMALL_LEVEL1_KEY) ||
- (cert->keyType == SPHINCS_SMALL_LEVEL3_KEY) ||
- (cert->keyType == SPHINCS_SMALL_LEVEL5_KEY)) {
- if (sphincsKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz =
- wc_Sphincs_PublicKeyToDer(sphincsKey, der->publicKey,
- (word32)sizeof(der->publicKey), 1);
- }
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- if (der->publicKeySz <= 0)
- return PUBLIC_KEY_E;
- der->validitySz = 0;
- /* copy date validity if already set in cert struct */
- if (cert->beforeDateSz && cert->afterDateSz) {
- der->validitySz = CopyValidity(der->validity, cert);
- if (der->validitySz <= 0)
- return DATE_E;
- }
- /* set date validity using daysValid if not set already */
- if (der->validitySz == 0) {
- der->validitySz = SetValidity(der->validity, cert->daysValid);
- if (der->validitySz <= 0)
- return DATE_E;
- }
- /* subject name */
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
- if (XSTRLEN((const char*)cert->sbjRaw) > 0) {
- /* Use the raw subject */
- word32 idx;
- der->subjectSz = (int)min((word32)sizeof(der->subject),
- (word32)XSTRLEN((const char*)cert->sbjRaw));
- /* header */
- idx = SetSequence((word32)der->subjectSz, der->subject);
- if ((word32)der->subjectSz + idx > (word32)sizeof(der->subject)) {
- return SUBJECT_E;
- }
- XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw,
- (size_t)der->subjectSz);
- der->subjectSz += (int)idx;
- }
- else
- #endif
- {
- /* Use the name structure */
- der->subjectSz = SetNameEx(der->subject, sizeof(der->subject),
- &cert->subject, cert->heap);
- }
- if (der->subjectSz <= 0)
- return SUBJECT_E;
- /* issuer name */
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
- if (XSTRLEN((const char*)cert->issRaw) > 0) {
- /* Use the raw issuer */
- word32 idx;
- der->issuerSz = (int)min((word32)sizeof(der->issuer),
- (word32)XSTRLEN((const char*)cert->issRaw));
- /* header */
- idx = SetSequence((word32)der->issuerSz, der->issuer);
- if ((word32)der->issuerSz + idx > (word32)sizeof(der->issuer)) {
- return ISSUER_E;
- }
- XMEMCPY((char*)der->issuer + idx, (const char*)cert->issRaw,
- (size_t)der->issuerSz);
- der->issuerSz += (int)idx;
- }
- else
- #endif
- {
- /* Use the name structure */
- der->issuerSz = SetNameEx(der->issuer, sizeof(der->issuer),
- cert->selfSigned ? &cert->subject : &cert->issuer, cert->heap);
- }
- if (der->issuerSz <= 0)
- return ISSUER_E;
- /* set the extensions */
- der->extensionsSz = 0;
- /* RFC 5280 : 4.2.1.9. Basic Constraints
- * The pathLenConstraint field is meaningful only if the CA boolean is
- * asserted and the key usage extension, if present, asserts the
- * keyCertSign bit */
- /* Set CA and path length */
- if ((cert->isCA) && (cert->pathLenSet)
- #ifdef WOLFSSL_CERT_EXT
- && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))
- #endif
- ) {
- der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen);
- if (der->caSz <= 0)
- return CA_TRUE_E;
- der->extensionsSz += der->caSz;
- }
- #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE
- /* Set CA */
- else if (cert->isCaSet) {
- der->caSz = SetCaEx(der->ca, sizeof(der->ca), cert->isCA);
- if (der->caSz <= 0)
- return EXTENSIONS_E;
- der->extensionsSz += der->caSz;
- }
- #endif
- /* Set CA true */
- else if (cert->isCA) {
- der->caSz = SetCa(der->ca, sizeof(der->ca));
- if (der->caSz <= 0)
- return CA_TRUE_E;
- der->extensionsSz += der->caSz;
- }
- /* Set Basic Constraint */
- else if (cert->basicConstSet) {
- der->caSz = SetBC(der->ca, sizeof(der->ca));
- if (der->caSz <= 0)
- return EXTENSIONS_E;
- der->extensionsSz += der->caSz;
- }
- else
- der->caSz = 0;
- #ifdef WOLFSSL_ALT_NAMES
- /* Alternative Name */
- if (cert->altNamesSz) {
- der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames),
- cert->altNames, (word32)cert->altNamesSz,
- cert->altNamesCrit);
- if (der->altNamesSz <= 0)
- return ALT_NAME_E;
- der->extensionsSz += der->altNamesSz;
- }
- else
- der->altNamesSz = 0;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* SKID */
- if (cert->skidSz) {
- /* check the provided SKID size */
- if (cert->skidSz > (int)min(CTC_MAX_SKID_SIZE, sizeof(der->skid)))
- return SKID_E;
- /* Note: different skid buffers sizes for der (MAX_KID_SZ) and
- cert (CTC_MAX_SKID_SIZE). */
- der->skidSz = SetSKID(der->skid, sizeof(der->skid),
- cert->skid, (word32)cert->skidSz);
- if (der->skidSz <= 0)
- return SKID_E;
- der->extensionsSz += der->skidSz;
- }
- else
- der->skidSz = 0;
- /* AKID */
- if (cert->akidSz) {
- /* check the provided AKID size */
- if ((
- #ifdef WOLFSSL_AKID_NAME
- !cert->rawAkid &&
- #endif
- cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid)))
- #ifdef WOLFSSL_AKID_NAME
- || (cert->rawAkid && cert->akidSz > (int)sizeof(der->akid))
- #endif
- )
- return AKID_E;
- der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid,
- (word32)cert->akidSz,
- #ifdef WOLFSSL_AKID_NAME
- cert->rawAkid
- #else
- 0
- #endif
- );
- if (der->akidSz <= 0)
- return AKID_E;
- der->extensionsSz += der->akidSz;
- }
- else
- der->akidSz = 0;
- /* Key Usage */
- if (cert->keyUsage != 0){
- der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
- cert->keyUsage);
- if (der->keyUsageSz <= 0)
- return KEYUSAGE_E;
- der->extensionsSz += der->keyUsageSz;
- }
- else
- der->keyUsageSz = 0;
- /* Extended Key Usage */
- if (cert->extKeyUsage != 0){
- der->extKeyUsageSz = SetExtKeyUsage(cert, der->extKeyUsage,
- sizeof(der->extKeyUsage), cert->extKeyUsage);
- if (der->extKeyUsageSz <= 0)
- return EXTKEYUSAGE_E;
- der->extensionsSz += der->extKeyUsageSz;
- }
- else
- der->extKeyUsageSz = 0;
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- /* Netscape Certificate Type */
- if (cert->nsCertType != 0) {
- der->nsCertTypeSz = SetNsCertType(cert, der->nsCertType,
- sizeof(der->nsCertType), cert->nsCertType);
- if (der->nsCertTypeSz <= 0)
- return EXTENSIONS_E;
- der->extensionsSz += der->nsCertTypeSz;
- }
- else
- der->nsCertTypeSz = 0;
- #endif
- if (cert->crlInfoSz > 0) {
- der->crlInfoSz = SetCRLInfo(cert, der->crlInfo, sizeof(der->crlInfo),
- cert->crlInfo, cert->crlInfoSz);
- if (der->crlInfoSz <= 0)
- return EXTENSIONS_E;
- der->extensionsSz += der->crlInfoSz;
- }
- else
- der->crlInfoSz = 0;
- /* Certificate Policies */
- if (cert->certPoliciesNb != 0) {
- der->certPoliciesSz = SetCertificatePolicies(der->certPolicies,
- sizeof(der->certPolicies),
- cert->certPolicies,
- cert->certPoliciesNb,
- cert->heap);
- if (der->certPoliciesSz <= 0)
- return CERTPOLICIES_E;
- der->extensionsSz += der->certPoliciesSz;
- }
- else
- der->certPoliciesSz = 0;
- #endif /* WOLFSSL_CERT_EXT */
- /* put extensions */
- if (der->extensionsSz > 0) {
- /* put the start of extensions sequence (ID, Size) */
- der->extensionsSz = SetExtensionsHeader(der->extensions,
- sizeof(der->extensions),
- (word32)der->extensionsSz);
- if (der->extensionsSz <= 0)
- return EXTENSIONS_E;
- /* put CA */
- if (der->caSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->ca, der->caSz);
- if (ret == 0)
- return EXTENSIONS_E;
- }
- #ifdef WOLFSSL_ALT_NAMES
- /* put Alternative Names */
- if (der->altNamesSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->altNames, der->altNamesSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* put SKID */
- if (der->skidSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->skid, der->skidSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- /* put AKID */
- if (der->akidSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->akid, der->akidSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- /* put CRL Distribution Points */
- if (der->crlInfoSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->crlInfo, der->crlInfoSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- /* put KeyUsage */
- if (der->keyUsageSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->keyUsage, der->keyUsageSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- /* put ExtendedKeyUsage */
- if (der->extKeyUsageSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->extKeyUsage, der->extKeyUsageSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- /* put Netscape Cert Type */
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- if (der->nsCertTypeSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->nsCertType, der->nsCertTypeSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- #endif
- /* put Certificate Policies */
- if (der->certPoliciesSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->certPolicies, der->certPoliciesSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- #endif /* WOLFSSL_CERT_EXT */
- }
- der->total = der->versionSz + der->serialSz + der->sigAlgoSz +
- der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz +
- der->extensionsSz;
- return 0;
- }
- /* write DER encoded cert to buffer, size already checked */
- static int WriteCertBody(DerCert* der, byte* buf)
- {
- word32 idx;
- /* signed part header */
- idx = SetSequence((word32)der->total, buf);
- /* version */
- XMEMCPY(buf + idx, der->version, (size_t)der->versionSz);
- idx += (word32)der->versionSz;
- /* serial */
- XMEMCPY(buf + idx, der->serial, (size_t)der->serialSz);
- idx += (word32)der->serialSz;
- /* sig algo */
- XMEMCPY(buf + idx, der->sigAlgo, (size_t)der->sigAlgoSz);
- idx += (word32)der->sigAlgoSz;
- /* issuer */
- XMEMCPY(buf + idx, der->issuer, (size_t)der->issuerSz);
- idx += (word32)der->issuerSz;
- /* validity */
- XMEMCPY(buf + idx, der->validity, (size_t)der->validitySz);
- idx += (word32)der->validitySz;
- /* subject */
- XMEMCPY(buf + idx, der->subject, (size_t)der->subjectSz);
- idx += (word32)der->subjectSz;
- /* public key */
- XMEMCPY(buf + idx, der->publicKey, (size_t)der->publicKeySz);
- idx += (word32)der->publicKeySz;
- if (der->extensionsSz) {
- /* extensions */
- XMEMCPY(buf + idx, der->extensions,
- min((word32)der->extensionsSz,
- (word32)sizeof(der->extensions)));
- idx += (word32)der->extensionsSz;
- }
- return (int)idx;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- /* Make signature from buffer (sz), write to sig (sigSz) */
- static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
- byte* sig, word32 sigSz, RsaKey* rsaKey, ecc_key* eccKey,
- ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey,
- dilithium_key* dilithiumKey, sphincs_key* sphincsKey, WC_RNG* rng,
- word32 sigAlgoType, void* heap)
- {
- int digestSz = 0, typeH = 0, ret = 0;
- (void)digestSz;
- (void)typeH;
- (void)buf;
- (void)sz;
- (void)sig;
- (void)sigSz;
- (void)rsaKey;
- (void)eccKey;
- (void)ed25519Key;
- (void)ed448Key;
- (void)falconKey;
- (void)dilithiumKey;
- (void)sphincsKey;
- (void)rng;
- (void)heap;
- switch (certSignCtx->state) {
- case CERTSIGN_STATE_BEGIN:
- case CERTSIGN_STATE_DIGEST:
- certSignCtx->state = CERTSIGN_STATE_DIGEST;
- certSignCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (certSignCtx->digest == NULL) {
- ret = MEMORY_E; goto exit_ms;
- }
- ret = HashForSignature(buf, sz, sigAlgoType, certSignCtx->digest,
- &typeH, &digestSz, 0);
- /* set next state, since WC_PENDING_E rentry for these are not "call again" */
- certSignCtx->state = CERTSIGN_STATE_ENCODE;
- if (ret != 0) {
- goto exit_ms;
- }
- FALL_THROUGH;
- case CERTSIGN_STATE_ENCODE:
- #ifndef NO_RSA
- if (rsaKey) {
- certSignCtx->encSig = (byte*)XMALLOC(MAX_DER_DIGEST_SZ, heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (certSignCtx->encSig == NULL) {
- ret = MEMORY_E; goto exit_ms;
- }
- /* signature */
- certSignCtx->encSigSz = (int)wc_EncodeSignature(certSignCtx->encSig,
- certSignCtx->digest, (word32)digestSz, typeH);
- }
- #endif /* !NO_RSA */
- FALL_THROUGH;
- case CERTSIGN_STATE_DO:
- certSignCtx->state = CERTSIGN_STATE_DO;
- ret = ALGO_ID_E; /* default to error */
- #ifndef NO_RSA
- if (rsaKey) {
- /* signature */
- ret = wc_RsaSSL_Sign(certSignCtx->encSig,
- (word32)certSignCtx->encSigSz,
- sig, sigSz, rsaKey, rng);
- }
- #endif /* !NO_RSA */
- #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
- if (!rsaKey && eccKey) {
- word32 outSz = sigSz;
- ret = wc_ecc_sign_hash(certSignCtx->digest, (word32)digestSz,
- sig, &outSz, rng, eccKey);
- if (ret == 0)
- ret = (int)outSz;
- }
- #endif /* HAVE_ECC && HAVE_ECC_SIGN */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
- if (!rsaKey && !eccKey && ed25519Key) {
- word32 outSz = sigSz;
- ret = wc_ed25519_sign_msg(buf, sz, sig, &outSz, ed25519Key);
- if (ret == 0)
- ret = (int)outSz;
- }
- #endif /* HAVE_ED25519 && HAVE_ED25519_SIGN */
- #if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
- if (!rsaKey && !eccKey && !ed25519Key && ed448Key) {
- word32 outSz = sigSz;
- ret = wc_ed448_sign_msg(buf, sz, sig, &outSz, ed448Key, NULL, 0);
- if (ret == 0)
- ret = (int)outSz;
- }
- #endif /* HAVE_ED448 && HAVE_ED448_SIGN */
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) {
- word32 outSz = sigSz;
- ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey, rng);
- if (ret == 0)
- ret = outSz;
- }
- #endif /* HAVE_FALCON */
- #if defined(HAVE_DILITHIUM)
- if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
- dilithiumKey) {
- word32 outSz = sigSz;
- ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng);
- if (ret == 0)
- ret = outSz;
- }
- #endif /* HAVE_DILITHIUM */
- #if defined(HAVE_SPHINCS)
- if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
- !dilithiumKey && sphincsKey) {
- word32 outSz = sigSz;
- ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng);
- if (ret == 0)
- ret = outSz;
- }
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- break;
- }
- exit_ms:
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (ret == WC_PENDING_E) {
- return ret;
- }
- #endif
- #ifndef NO_RSA
- if (rsaKey) {
- XFREE(certSignCtx->encSig, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* !NO_RSA */
- XFREE(certSignCtx->digest, heap, DYNAMIC_TYPE_TMP_BUFFER);
- certSignCtx->digest = NULL;
- /* reset state */
- certSignCtx->state = CERTSIGN_STATE_BEGIN;
- if (ret < 0) {
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- return ret;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Generate a random integer value of at most len bytes.
- *
- * Most-significant bit will not be set when maximum size.
- * Random value may be smaller than maximum size in bytes.
- *
- * @param [in] rng Random number generator.
- * @param [out] out Buffer to hold integer value.
- * @param [in] len Maximum number of bytes of integer.
- * @return 0 on success.
- * @return -ve when random number generation failed.
- */
- static int GenerateInteger(WC_RNG* rng, byte* out, word32 len)
- {
- int ret;
- /* Generate random number. */
- ret = wc_RNG_GenerateBlock(rng, out, len);
- if (ret == 0) {
- int i;
- /* Clear the top bit to make positive. */
- out[0] &= 0x7f;
- /* Find first non-zero byte. One zero byte is valid though. */
- for (i = 0; i < (int)len - 1; i++) {
- if (out[i] != 0) {
- break;
- }
- }
- if (i != 0) {
- /* Remove leading zeros. */
- XMEMMOVE(out, out + i, (size_t)len - (size_t)i);
- }
- }
- return ret;
- }
- /* ASN.1 template for a Certificate.
- * X.509: RFC 5280, 4.1 - Basic Certificate Fields.
- */
- static const ASNItem sigASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* tbsCertificate */
- /* TBS_SEQ */ { 1, ASN_SEQUENCE, 1, 0, 0 },
- /* signatureAlgorithm */
- /* SIGALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* SIGALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* SIGALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 0 },
- /* signatureValue */
- /* SIGNATURE */ { 1, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- SIGASN_IDX_SEQ = 0,
- SIGASN_IDX_TBS_SEQ,
- SIGASN_IDX_SIGALGO_SEQ,
- SIGASN_IDX_SIGALGO_OID,
- SIGASN_IDX_SIGALGO_NULL,
- SIGASN_IDX_SIGNATURE
- };
- /* Number of items in ASN.1 template for a Certificate. */
- #define sigASN_Length (sizeof(sigASN) / sizeof(ASNItem))
- #endif
- /* add signature to end of buffer, size of buffer assumed checked, return
- new length */
- int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
- int sigAlgoType)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- byte seq[MAX_SEQ_SZ];
- word32 idx, seqSz;
- if ((bodySz < 0) || (sigSz < 0))
- return BUFFER_E;
- idx = (word32)bodySz;
- /* algo */
- idx += SetAlgoID(sigAlgoType, buf ? buf + idx : NULL, oidSigType, 0);
- /* bit string */
- idx += SetBitString((word32)sigSz, 0, buf ? buf + idx : NULL);
- /* signature */
- if (buf)
- XMEMCPY(buf + idx, sig, (size_t)sigSz);
- idx += (word32)sigSz;
- /* make room for overall header */
- seqSz = SetSequence(idx, seq);
- if (buf) {
- XMEMMOVE(buf + seqSz, buf, idx);
- XMEMCPY(buf, seq, seqSz);
- }
- return (int)(idx + seqSz);
- #else
- DECL_ASNSETDATA(dataASN, sigASN_Length);
- word32 seqSz;
- int sz;
- int ret = 0;
- CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL);
- /* In place, put body between SEQUENCE and signature. */
- if (ret == 0) {
- /* Set signature OID and signature data. */
- SetASN_OID(&dataASN[SIGASN_IDX_SIGALGO_OID], (word32)sigAlgoType,
- oidSigType);
- if (dataASN[SIGASN_IDX_SIGALGO_OID].data.buffer.data == NULL) {
- /* The OID was not found or compiled in! */
- ret = ASN_UNKNOWN_OID_E;
- }
- }
- if (ret == 0) {
- if (IsSigAlgoECC((word32)sigAlgoType)) {
- /* ECDSA and EdDSA doesn't have NULL tagged item. */
- dataASN[SIGASN_IDX_SIGALGO_NULL].noOut = 1;
- }
- SetASN_Buffer(&dataASN[SIGASN_IDX_SIGNATURE], sig, (word32)sigSz);
- /* Calculate size of signature data. */
- ret = SizeASN_Items(&sigASN[SIGASN_IDX_SIGALGO_SEQ],
- &dataASN[SIGASN_IDX_SIGALGO_SEQ], sigASN_Length - 2, &sz);
- }
- if (ret == 0) {
- /* Calculate size of outer sequence by calculating size of the encoded
- * length and adding 1 for tag. */
- seqSz = SizeASNHeader((word32)bodySz + (word32)sz);
- if (buf != NULL) {
- /* Move body to after sequence. */
- XMEMMOVE(buf + seqSz, buf, (size_t)bodySz);
- }
- /* Leave space for body in encoding. */
- SetASN_ReplaceBuffer(&dataASN[SIGASN_IDX_TBS_SEQ], NULL,
- (word32)bodySz);
- /* Calculate overall size and put in offsets and lengths. */
- ret = SizeASN_Items(sigASN, dataASN, sigASN_Length, &sz);
- }
- if ((ret == 0) && (buf != NULL)) {
- /* Write SEQUENCE and signature around body. */
- SetASN_Items(sigASN, dataASN, sigASN_Length, buf);
- }
- if (ret == 0) {
- /* Return the encoding size. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Make an x509 Certificate v3 any key type from cert input, write to buffer */
- static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
- RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
- DsaKey* dsaKey, ed25519_key* ed25519Key,
- ed448_key* ed448Key, falcon_key* falconKey,
- dilithium_key* dilithiumKey, sphincs_key* sphincsKey)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- DerCert* der;
- #else
- DerCert der[1];
- #endif
- if (derBuffer == NULL)
- return BAD_FUNC_ARG;
- if (eccKey)
- cert->keyType = ECC_KEY;
- else if (rsaKey)
- cert->keyType = RSA_KEY;
- else if (dsaKey)
- cert->keyType = DSA_KEY;
- else if (ed25519Key)
- cert->keyType = ED25519_KEY;
- else if (ed448Key)
- cert->keyType = ED448_KEY;
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- else if ((falconKey != NULL) && (falconKey->level == 1))
- cert->keyType = FALCON_LEVEL1_KEY;
- else if ((falconKey != NULL) && (falconKey->level == 5))
- cert->keyType = FALCON_LEVEL5_KEY;
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
- cert->keyType = DILITHIUM_LEVEL2_KEY;
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
- cert->keyType = DILITHIUM_LEVEL3_KEY;
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
- cert->keyType = DILITHIUM_LEVEL5_KEY;
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
- && (sphincsKey->optim == FAST_VARIANT))
- cert->keyType = SPHINCS_FAST_LEVEL1_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
- && (sphincsKey->optim == FAST_VARIANT))
- cert->keyType = SPHINCS_FAST_LEVEL3_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
- && (sphincsKey->optim == FAST_VARIANT))
- cert->keyType = SPHINCS_FAST_LEVEL5_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
- && (sphincsKey->optim == SMALL_VARIANT))
- cert->keyType = SPHINCS_SMALL_LEVEL1_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
- && (sphincsKey->optim == SMALL_VARIANT))
- cert->keyType = SPHINCS_SMALL_LEVEL3_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
- && (sphincsKey->optim == SMALL_VARIANT))
- cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- else
- return BAD_FUNC_ARG;
- #ifdef WOLFSSL_SMALL_STACK
- der = (DerCert*)XMALLOC(sizeof(DerCert), cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- return MEMORY_E;
- #endif
- ret = EncodeCert(cert, der, rsaKey, eccKey, rng, dsaKey, ed25519Key,
- ed448Key, falconKey, dilithiumKey, sphincsKey);
- if (ret == 0) {
- if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
- ret = BUFFER_E;
- else
- ret = cert->bodySz = WriteCertBody(der, derBuffer);
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(der, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- #else
- /* TODO: issRaw and sbjRaw should be NUL terminated. */
- DECL_ASNSETDATA(dataASN, x509CertASN_Length);
- word32 publicKeySz = 0;
- word32 issuerSz = 0;
- word32 subjectSz = 0;
- word32 extSz = 0;
- int sz = 0;
- int ret = 0;
- word32 issRawLen = 0;
- word32 sbjRawLen = 0;
- /* Unused without OQS */
- (void)falconKey;
- (void)dilithiumKey;
- (void)sphincsKey;
- CALLOC_ASNSETDATA(dataASN, x509CertASN_Length, ret, cert->heap);
- if (ret == 0) {
- /* Set key type into certificate object based on key passed in. */
- if (rsaKey) {
- cert->keyType = RSA_KEY;
- }
- else if (eccKey) {
- cert->keyType = ECC_KEY;
- }
- else if (dsaKey) {
- cert->keyType = DSA_KEY;
- }
- else if (ed25519Key) {
- cert->keyType = ED25519_KEY;
- }
- else if (ed448Key) {
- cert->keyType = ED448_KEY;
- }
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- else if ((falconKey != NULL) && (falconKey->level == 1)) {
- cert->keyType = FALCON_LEVEL1_KEY;
- }
- else if ((falconKey != NULL) && (falconKey->level == 5)) {
- cert->keyType = FALCON_LEVEL5_KEY;
- }
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
- cert->keyType = DILITHIUM_LEVEL2_KEY;
- }
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
- cert->keyType = DILITHIUM_LEVEL3_KEY;
- }
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
- cert->keyType = DILITHIUM_LEVEL5_KEY;
- }
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
- && (sphincsKey->optim == FAST_VARIANT)) {
- cert->keyType = SPHINCS_FAST_LEVEL1_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
- && (sphincsKey->optim == FAST_VARIANT)) {
- cert->keyType = SPHINCS_FAST_LEVEL3_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
- && (sphincsKey->optim == FAST_VARIANT)) {
- cert->keyType = SPHINCS_FAST_LEVEL5_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
- && (sphincsKey->optim == SMALL_VARIANT)) {
- cert->keyType = SPHINCS_SMALL_LEVEL1_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
- && (sphincsKey->optim == SMALL_VARIANT)) {
- cert->keyType = SPHINCS_SMALL_LEVEL3_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
- && (sphincsKey->optim == SMALL_VARIANT)) {
- cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
- }
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- else {
- ret = BAD_FUNC_ARG;
- }
- }
- if ((ret == 0) && (cert->serialSz == 0)) {
- /* Generate random serial number. */
- cert->serialSz = CTC_GEN_SERIAL_SZ;
- ret = GenerateInteger(rng, cert->serial, CTC_GEN_SERIAL_SZ);
- }
- if (ret == 0) {
- /* Determine issuer name size. */
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
- defined(WOLFSSL_CERT_REQ)
- issRawLen = (word32)XSTRLEN((const char*)cert->issRaw);
- if (issRawLen > 0) {
- issuerSz = min(sizeof(cert->issRaw), issRawLen);
- }
- else
- #endif
- {
- /* Calculate issuer name encoding size. If the cert is self-signed
- * use the subject instead of the issuer. */
- ret = SetNameEx(NULL, WC_ASN_NAME_MAX, cert->selfSigned ?
- &cert->subject : &cert->issuer, cert->heap);
- issuerSz = (word32)ret;
- }
- }
- if (ret >= 0) {
- /* Determine subject name size. */
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
- defined(WOLFSSL_CERT_REQ)
- sbjRawLen = (word32)XSTRLEN((const char*)cert->sbjRaw);
- if (sbjRawLen > 0) {
- subjectSz = min(sizeof(cert->sbjRaw), sbjRawLen);
- }
- else
- #endif
- {
- /* Calculate subject name encoding size. */
- ret = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject,
- cert->heap);
- subjectSz = (word32)ret;
- }
- }
- if (ret >= 0) {
- /* Calculate public key encoding size. */
- ret = EncodePublicKey(cert->keyType, NULL, 0, rsaKey,
- eccKey, ed25519Key, ed448Key, dsaKey);
- publicKeySz = (word32)ret;
- }
- if (ret >= 0) {
- /* Calculate extensions encoding size - may be 0. */
- ret = EncodeExtensions(cert, NULL, 0, 0);
- extSz = (word32)ret;
- }
- if (ret >= 0) {
- /* Don't write out outer sequence - only doing body. */
- dataASN[X509CERTASN_IDX_SEQ].noOut = 1;
- /* Set version, serial number and signature OID */
- SetASN_Int8Bit(&dataASN[X509CERTASN_IDX_TBS_VER_INT],
- (byte)cert->version);
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_SERIAL], cert->serial,
- (word32)cert->serialSz);
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- if (cert->sigType == 0) {
- /* sigOID being 0 indicates preTBS. Do not encode signature. */
- dataASN[X509CERTASN_IDX_TBS_ALGOID_SEQ].noOut = 1;
- dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].noOut = 1;
- dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS_NULL].noOut = 1;
- #ifdef WC_RSA_PSS
- dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS].noOut = 1;
- #endif
- }
- else
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- {
- SetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID],
- (word32)cert->sigType, oidSigType);
- }
- if (IsSigAlgoECC((word32)cert->sigType)) {
- /* No NULL tagged item with ECDSA and EdDSA signature OIDs. */
- dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS_NULL].noOut = 1;
- }
- #ifdef WC_RSA_PSS
- /* TODO: Encode RSA PSS parameters. */
- dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS].noOut = 1;
- #endif
- if (issRawLen > 0) {
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
- defined(WOLFSSL_CERT_REQ)
- /* Put in encoded issuer name. */
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ],
- cert->issRaw, issuerSz);
- #endif
- }
- else {
- /* Leave space for issuer name. */
- SetASN_ReplaceBuffer(&dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ],
- NULL, issuerSz);
- }
- if (cert->beforeDateSz && cert->afterDateSz) {
- if (cert->beforeDate[0] == ASN_UTC_TIME) {
- /* Make space for before date data. */
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC],
- cert->beforeDate + 2, ASN_UTC_TIME_SIZE - 1);
- /* Don't put out Generalized Time before data. */
- dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT].noOut = 1;
- }
- else {
- /* Don't put out UTC before data. */
- dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].noOut = 1;
- /* Make space for before date data. */
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT],
- cert->beforeDate + 2, ASN_GEN_TIME_SZ);
- }
- if (cert->afterDate[0] == ASN_UTC_TIME) {
- /* Make space for after date data. */
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC],
- cert->afterDate + 2, ASN_UTC_TIME_SIZE - 1);
- /* Don't put out UTC Generalized Time after data. */
- dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT].noOut = 1;
- }
- else {
- /* Don't put out UTC after data. */
- dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].noOut = 1;
- /* Make space for after date data. */
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT],
- cert->afterDate + 2, ASN_GEN_TIME_SZ);
- }
- }
- else
- {
- /* Don't put out UTC before data. */
- dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].noOut = 1;
- /* Make space for before date data. */
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT],
- NULL, ASN_GEN_TIME_SZ);
- /* Don't put out UTC after data. */
- dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].noOut = 1;
- /* Make space for after date data. */
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT],
- NULL, ASN_GEN_TIME_SZ);
- }
- if (sbjRawLen > 0) {
- /* Put in encoded subject name. */
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
- defined(WOLFSSL_CERT_REQ)
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ],
- cert->sbjRaw, subjectSz);
- #endif
- }
- else {
- /* Leave space for subject name. */
- SetASN_ReplaceBuffer(&dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ],
- NULL, subjectSz);
- }
- /* Leave space for public key. */
- SetASN_ReplaceBuffer(&dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ],
- NULL, publicKeySz);
- /* Replacement buffer instead of algorithm identifier items. */
- SetASNItem_NoOut(dataASN,
- X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_SEQ,
- X509CERTASN_IDX_TBS_SPUBKEYINFO_PUBKEY);
- /* issuerUniqueID and subjectUniqueID not supported. */
- dataASN[X509CERTASN_IDX_TBS_ISSUERUID].noOut = 1;
- dataASN[X509CERTASN_IDX_TBS_SUBJECTUID].noOut = 1;
- /* Leave space for extensions if any set into certificate object. */
- if (extSz > 0) {
- SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_EXT_SEQ], NULL, extSz);
- }
- else {
- SetASNItem_NoOutNode(dataASN, x509CertASN,
- X509CERTASN_IDX_TBS_EXT, x509CertASN_Length);
- }
- /* No signature - added later. */
- SetASNItem_NoOut(dataASN, X509CERTASN_IDX_SIGALGO_SEQ,
- X509CERTASN_IDX_SIGNATURE);
- /* Calculate encoded certificate body size. */
- ret = SizeASN_Items(x509CertASN, dataASN, x509CertASN_Length, &sz);
- }
- /* Check buffer is big enough for encoded data. */
- if ((ret == 0) && (sz > (int)derSz)) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* Encode certificate body into buffer. */
- SetASN_Items(x509CertASN, dataASN, x509CertASN_Length, derBuffer);
- if (issRawLen == 0) {
- /* Encode issuer name into buffer. Use the subject as the issuer
- * if it is self-signed. Size will be correct because we did the
- * same for size. */
- ret = SetNameEx(
- (byte*)dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].data.buffer.data,
- dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].data.buffer.length,
- cert->selfSigned ? &cert->subject : &cert->issuer, cert->heap);
- }
- }
- if ((ret >= 0) && (sbjRawLen == 0)) {
- /* Encode subject name into buffer. */
- ret = SetNameEx(
- (byte*)dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].data.buffer.data,
- dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].data.buffer.length,
- &cert->subject, cert->heap);
- }
- if (ret >= 0) {
- if (cert->beforeDateSz == 0 || cert->afterDateSz == 0)
- {
- /* Encode validity into buffer. */
- ret = SetValidity(
- (byte*)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT]
- .data.buffer.data,
- (byte*)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT]
- .data.buffer.data, cert->daysValid);
- }
- }
- if (ret >= 0) {
- /* Encode public key into buffer. */
- ret = EncodePublicKey(cert->keyType,
- (byte*)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ]
- .data.buffer.data,
- (int)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ]
- .data.buffer.length,
- rsaKey, eccKey, ed25519Key, ed448Key, dsaKey);
- }
- if ((ret >= 0) && (!dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].noOut)) {
- /* Encode extensions into buffer. */
- ret = EncodeExtensions(cert,
- (byte*)dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.data,
- dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.length, 0);
- }
- if (ret >= 0) {
- /* Store encoded certificate body size. */
- cert->bodySz = sz;
- /* Return the encoding size. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, cert->heap);
- return ret;
- #endif
- }
- /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
- int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
- void* key, WC_RNG* rng)
- {
- RsaKey* rsaKey = NULL;
- DsaKey* dsaKey = NULL;
- ecc_key* eccKey = NULL;
- ed25519_key* ed25519Key = NULL;
- ed448_key* ed448Key = NULL;
- falcon_key* falconKey = NULL;
- dilithium_key* dilithiumKey = NULL;
- sphincs_key* sphincsKey = NULL;
- if (keyType == RSA_TYPE)
- rsaKey = (RsaKey*)key;
- else if (keyType == DSA_TYPE)
- dsaKey = (DsaKey*)key;
- else if (keyType == ECC_TYPE)
- eccKey = (ecc_key*)key;
- else if (keyType == ED25519_TYPE)
- ed25519Key = (ed25519_key*)key;
- else if (keyType == ED448_TYPE)
- ed448Key = (ed448_key*)key;
- else if (keyType == FALCON_LEVEL1_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == FALCON_LEVEL5_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == DILITHIUM_LEVEL2_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL3_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL5_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, dsaKey,
- ed25519Key, ed448Key, falconKey, dilithiumKey,
- sphincsKey);
- }
- /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
- WOLFSSL_ABI
- int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
- ecc_key* eccKey, WC_RNG* rng)
- {
- return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, NULL,
- NULL, NULL, NULL, NULL);
- }
- #ifdef WOLFSSL_CERT_REQ
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* return size of data set on success
- * if getting size only then attr and oid should be NULL
- */
- static word32 SetReqAttribSingle(byte* output, word32* idx, char* attr,
- word32 attrSz, const byte* oid, word32 oidSz, byte printable,
- word32 extSz)
- {
- word32 totalSz = 0;
- word32 seqSz = 0;
- word32 setSz = 0;
- word32 strSz = 0;
- byte seq[MAX_SEQ_SZ];
- byte set[MAX_SET_SZ];
- byte str[MAX_PRSTR_SZ];
- totalSz = (word32)SetObjectId((int)oidSz, NULL);
- totalSz += oidSz;
- if (extSz > 0) {
- totalSz += setSz = SetSet(extSz, set);
- totalSz += seqSz = SetSequence(totalSz + extSz, seq);
- totalSz += extSz;
- }
- else {
- if (printable) {
- strSz = SetPrintableString(attrSz, str);
- totalSz += strSz;
- }
- else {
- totalSz += strSz = SetUTF8String(attrSz, str);
- }
- totalSz += setSz = SetSet(strSz + attrSz, set);
- totalSz += seqSz = SetSequence(totalSz + attrSz, seq);
- totalSz += attrSz;
- }
- if (oid) {
- XMEMCPY(&output[*idx], seq, seqSz);
- *idx += seqSz;
- *idx += (word32)SetObjectId((int)oidSz, output + *idx);
- XMEMCPY(&output[*idx], oid, oidSz);
- *idx += oidSz;
- XMEMCPY(&output[*idx], set, setSz);
- *idx += setSz;
- if (strSz > 0) {
- XMEMCPY(&output[*idx], str, strSz);
- *idx += strSz;
- if (attrSz > 0) {
- XMEMCPY(&output[*idx], attr, attrSz);
- *idx += attrSz;
- }
- }
- }
- return totalSz;
- }
- static int SetReqAttrib(byte* output, Cert* cert, word32 extSz)
- {
- word32 sz = 0; /* overall size */
- word32 setSz = 0;
- output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
- sz++;
- if (cert->challengePw[0]) {
- setSz += SetReqAttribSingle(output, &sz, NULL,
- (word32)XSTRLEN(cert->challengePw), NULL,
- sizeof(attrChallengePasswordOid),
- (byte)cert->challengePwPrintableString, 0);
- }
- if (cert->unstructuredName[0]) {
- setSz += SetReqAttribSingle(output, &sz, NULL,
- (word32)XSTRLEN(cert->unstructuredName), NULL,
- sizeof(attrUnstructuredNameOid), 1, 0);
- }
- if (extSz) {
- setSz += SetReqAttribSingle(output, &sz, NULL, 0, NULL,
- sizeof(attrExtensionRequestOid), 1, extSz);
- }
- /* Put the pieces together. */
- sz += SetLength(setSz, &output[sz]);
- if (sz + setSz - extSz > MAX_ATTRIB_SZ) {
- WOLFSSL_MSG("Attribute Buffer is not big enough!");
- return REQ_ATTRIBUTE_E;
- }
- if (cert->challengePw[0]) {
- SetReqAttribSingle(output, &sz, cert->challengePw,
- (word32)XSTRLEN(cert->challengePw),
- &attrChallengePasswordOid[0],
- sizeof(attrChallengePasswordOid),
- (byte)cert->challengePwPrintableString, 0);
- }
- if (cert->unstructuredName[0]) {
- SetReqAttribSingle(output, &sz, cert->unstructuredName,
- (word32)XSTRLEN(cert->unstructuredName),
- &attrUnstructuredNameOid[0],
- sizeof(attrUnstructuredNameOid), 1, 0);
- }
- if (extSz) {
- SetReqAttribSingle(output, &sz, NULL, 0, &attrExtensionRequestOid[0],
- sizeof(attrExtensionRequestOid), 1, extSz);
- /* The actual extension data will be tacked onto the output later. */
- }
- return (int)sz;
- }
- #ifdef WOLFSSL_CUSTOM_OID
- /* encode a custom oid and value */
- static int SetCustomObjectId(Cert* cert, byte* output, word32 outSz,
- CertOidField* custom)
- {
- int idx = 0, cust_lenSz, cust_oidSz;
- if (cert == NULL || output == NULL || custom == NULL) {
- return BAD_FUNC_ARG;
- }
- if (custom->oid == NULL || custom->oidSz <= 0) {
- return 0; /* none set */
- }
- /* Octet String header */
- cust_lenSz = SetOctetString(custom->valSz, NULL);
- cust_oidSz = SetObjectId(custom->oidSz, NULL);
- /* check for output buffer room */
- if ((word32)(custom->valSz + custom->oidSz + cust_lenSz + cust_oidSz) >
- outSz) {
- return BUFFER_E;
- }
- /* put sequence with total */
- idx = SetSequence(custom->valSz + custom->oidSz + cust_lenSz + cust_oidSz,
- output);
- /* put oid header */
- idx += SetObjectId(custom->oidSz, output+idx);
- XMEMCPY(output+idx, custom->oid, custom->oidSz);
- idx += custom->oidSz;
- /* put value */
- idx += SetOctetString(custom->valSz, output+idx);
- XMEMCPY(output+idx, custom->val, custom->valSz);
- idx += custom->valSz;
- return idx;
- }
- #endif /* WOLFSSL_CUSTOM_OID */
- /* encode info from cert into DER encoded format */
- static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
- DsaKey* dsaKey, ecc_key* eccKey,
- ed25519_key* ed25519Key, ed448_key* ed448Key,
- falcon_key* falconKey, dilithium_key* dilithiumKey,
- sphincs_key* sphincsKey)
- {
- int ret;
- (void)eccKey;
- (void)ed25519Key;
- (void)ed448Key;
- (void)falconKey;
- (void)dilithiumKey;
- (void)sphincsKey;
- if (cert == NULL || der == NULL)
- return BAD_FUNC_ARG;
- if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
- dsaKey == NULL && ed448Key == NULL && falconKey == NULL &&
- falconKey == NULL) {
- return PUBLIC_KEY_E;
- }
- /* init */
- XMEMSET(der, 0, sizeof(DerCert));
- /* version */
- der->versionSz = SetMyVersion((word32)cert->version, der->version, FALSE);
- /* subject name */
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
- if (XSTRLEN((const char*)cert->sbjRaw) > 0) {
- /* Use the raw subject */
- int idx;
- der->subjectSz = (int)min(sizeof(der->subject),
- (word32)XSTRLEN((const char*)cert->sbjRaw));
- /* header */
- idx = (int)SetSequence((word32)der->subjectSz, der->subject);
- if (der->subjectSz + idx > (int)sizeof(der->subject)) {
- return SUBJECT_E;
- }
- XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw,
- (size_t)der->subjectSz);
- der->subjectSz += idx;
- }
- else
- #endif
- {
- der->subjectSz = SetNameEx(der->subject, sizeof(der->subject),
- &cert->subject, cert->heap);
- }
- if (der->subjectSz <= 0)
- return SUBJECT_E;
- /* public key */
- #ifndef NO_RSA
- if (cert->keyType == RSA_KEY) {
- if (rsaKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey,
- sizeof(der->publicKey), 1);
- }
- #endif
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
- if (cert->keyType == DSA_KEY) {
- if (dsaKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey,
- sizeof(der->publicKey), 1);
- }
- #endif
- #ifdef HAVE_ECC
- if (cert->keyType == ECC_KEY) {
- if (eccKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey,
- sizeof(der->publicKey), 1, 0);
- }
- #endif
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- if (cert->keyType == ED25519_KEY) {
- if (ed25519Key == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_Ed25519PublicKeyToDer(ed25519Key, der->publicKey,
- (word32)sizeof(der->publicKey), 1);
- }
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- if (cert->keyType == ED448_KEY) {
- if (ed448Key == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_Ed448PublicKeyToDer(ed448Key, der->publicKey,
- (word32)sizeof(der->publicKey), 1);
- }
- #endif
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- if ((cert->keyType == FALCON_LEVEL1_KEY) ||
- (cert->keyType == FALCON_LEVEL5_KEY)) {
- if (falconKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_Falcon_PublicKeyToDer(falconKey,
- der->publicKey, (word32)sizeof(der->publicKey), 1);
- }
- #endif
- #if defined(HAVE_DILITHIUM)
- if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
- (cert->keyType == DILITHIUM_LEVEL3_KEY) ||
- (cert->keyType == DILITHIUM_LEVEL5_KEY)) {
- if (dilithiumKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey,
- der->publicKey, (word32)sizeof(der->publicKey), 1);
- }
- #endif
- #if defined(HAVE_SPHINCS)
- if ((cert->keyType == SPHINCS_FAST_LEVEL1_KEY) ||
- (cert->keyType == SPHINCS_FAST_LEVEL3_KEY) ||
- (cert->keyType == SPHINCS_FAST_LEVEL5_KEY) ||
- (cert->keyType == SPHINCS_SMALL_LEVEL1_KEY) ||
- (cert->keyType == SPHINCS_SMALL_LEVEL3_KEY) ||
- (cert->keyType == SPHINCS_SMALL_LEVEL5_KEY)) {
- if (sphincsKey == NULL)
- return PUBLIC_KEY_E;
- der->publicKeySz = wc_Sphincs_PublicKeyToDer(sphincsKey,
- der->publicKey, (word32)sizeof(der->publicKey), 1);
- }
- #endif
- #endif /* HAVE_PQC */
- if (der->publicKeySz <= 0)
- return PUBLIC_KEY_E;
- /* set the extensions */
- der->extensionsSz = 0;
- /* RFC 5280 : 4.2.1.9. Basic Constraints
- * The pathLenConstraint field is meaningful only if the CA boolean is
- * asserted and the key usage extension, if present, asserts the
- * keyCertSign bit */
- /* Set CA and path length */
- if ((cert->isCA) && (cert->pathLenSet)
- #ifdef WOLFSSL_CERT_EXT
- && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))
- #endif
- ) {
- der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen);
- if (der->caSz <= 0)
- return CA_TRUE_E;
- der->extensionsSz += der->caSz;
- }
- #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE
- /* Set CA */
- else if (cert->isCaSet) {
- der->caSz = SetCaEx(der->ca, sizeof(der->ca), cert->isCA);
- if (der->caSz <= 0)
- return EXTENSIONS_E;
- der->extensionsSz += der->caSz;
- }
- #endif
- /* Set CA true */
- else if (cert->isCA) {
- der->caSz = SetCa(der->ca, sizeof(der->ca));
- if (der->caSz <= 0)
- return CA_TRUE_E;
- der->extensionsSz += der->caSz;
- }
- /* Set Basic Constraint */
- else if (cert->basicConstSet) {
- der->caSz = SetBC(der->ca, sizeof(der->ca));
- if (der->caSz <= 0)
- return EXTENSIONS_E;
- der->extensionsSz += der->caSz;
- }
- else
- der->caSz = 0;
- #ifdef WOLFSSL_ALT_NAMES
- /* Alternative Name */
- if (cert->altNamesSz) {
- der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames),
- cert->altNames, (word32)cert->altNamesSz,
- cert->altNamesCrit);
- if (der->altNamesSz <= 0)
- return ALT_NAME_E;
- der->extensionsSz += der->altNamesSz;
- }
- else
- der->altNamesSz = 0;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* SKID */
- if (cert->skidSz) {
- /* check the provided SKID size */
- if (cert->skidSz > (int)min(CTC_MAX_SKID_SIZE, sizeof(der->skid)))
- return SKID_E;
- der->skidSz = SetSKID(der->skid, sizeof(der->skid),
- cert->skid, (word32)cert->skidSz);
- if (der->skidSz <= 0)
- return SKID_E;
- der->extensionsSz += der->skidSz;
- }
- else
- der->skidSz = 0;
- /* Key Usage */
- if (cert->keyUsage != 0) {
- der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
- cert->keyUsage);
- if (der->keyUsageSz <= 0)
- return KEYUSAGE_E;
- der->extensionsSz += der->keyUsageSz;
- }
- else
- der->keyUsageSz = 0;
- /* Extended Key Usage */
- if (cert->extKeyUsage != 0) {
- der->extKeyUsageSz = SetExtKeyUsage(cert, der->extKeyUsage,
- sizeof(der->extKeyUsage), cert->extKeyUsage);
- if (der->extKeyUsageSz <= 0)
- return EXTKEYUSAGE_E;
- der->extensionsSz += der->extKeyUsageSz;
- }
- else
- der->extKeyUsageSz = 0;
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_CUSTOM_OID
- /* encode a custom oid and value */
- /* zero returns, means none set */
- ret = SetCustomObjectId(cert, der->extCustom,
- sizeof(der->extCustom), &cert->extCustom);
- if (ret < 0)
- return ret;
- der->extCustomSz = ret;
- der->extensionsSz += der->extCustomSz;
- #endif
- /* put extensions */
- if (der->extensionsSz > 0) {
- /* put the start of sequence (ID, Size) */
- der->extensionsSz = (int)SetSequence((word32)der->extensionsSz,
- der->extensions);
- if (der->extensionsSz <= 0)
- return EXTENSIONS_E;
- /* put CA */
- if (der->caSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->ca, der->caSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- #ifdef WOLFSSL_ALT_NAMES
- /* put Alternative Names */
- if (der->altNamesSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->altNames, der->altNamesSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* put SKID */
- if (der->skidSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->skid, der->skidSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- /* put AKID */
- if (der->akidSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->akid, der->akidSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- /* put KeyUsage */
- if (der->keyUsageSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->keyUsage, der->keyUsageSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- /* put ExtendedKeyUsage */
- if (der->extKeyUsageSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->extKeyUsage, der->extKeyUsageSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- #ifdef WOLFSSL_CUSTOM_OID
- if (der->extCustomSz) {
- ret = SetExtensions(der->extensions, sizeof(der->extensions),
- &der->extensionsSz,
- der->extCustom, der->extCustomSz);
- if (ret <= 0)
- return EXTENSIONS_E;
- }
- #endif
- #endif /* WOLFSSL_CERT_EXT */
- }
- der->attribSz = SetReqAttrib(der->attrib, cert, (word32)der->extensionsSz);
- if (der->attribSz <= 0)
- return REQ_ATTRIBUTE_E;
- der->total = der->versionSz + der->subjectSz + der->publicKeySz +
- der->extensionsSz + der->attribSz;
- return 0;
- }
- /* write DER encoded cert req to buffer, size already checked */
- static int WriteCertReqBody(DerCert* der, byte* buf)
- {
- int idx;
- /* signed part header */
- idx = (int)SetSequence((word32)der->total, buf);
- /* version */
- if (buf)
- XMEMCPY(buf + idx, der->version, (size_t)der->versionSz);
- idx += der->versionSz;
- /* subject */
- if (buf)
- XMEMCPY(buf + idx, der->subject, (size_t)der->subjectSz);
- idx += der->subjectSz;
- /* public key */
- if (buf)
- XMEMCPY(buf + idx, der->publicKey, (size_t)der->publicKeySz);
- idx += der->publicKeySz;
- /* attributes */
- if (buf)
- XMEMCPY(buf + idx, der->attrib, (size_t)der->attribSz);
- idx += der->attribSz;
- /* extensions */
- if (der->extensionsSz) {
- if (buf)
- XMEMCPY(buf + idx, der->extensions, min((word32)der->extensionsSz,
- sizeof(der->extensions)));
- idx += der->extensionsSz;
- }
- return idx;
- }
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for Certificate Request body.
- * PKCS #10: RFC 2986, 4.1 - CertificationRequestInfo
- */
- static const ASNItem certReqBodyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* version */
- /* VER */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* subject */
- /* SUBJ_SEQ */ { 1, ASN_SEQUENCE, 1, 0, 0 },
- /* subjectPKInfo */
- /* SPUBKEYINFO_SEQ */ { 1, ASN_SEQUENCE, 1, 0, 0 },
- /* attributes*/
- /* ATTRS */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
- /* Challenge Password Attribute */
- /* ATTRS_CPW_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 1 },
- /* ATTRS_CPW_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* ATTRS_CPW_SET */ { 3, ASN_SET, 1, 1, 0 },
- /* ATTRS_CPW_PS */ { 4, ASN_PRINTABLE_STRING, 0, 0, 0 },
- /* ATTRS_CPW_UTF */ { 4, ASN_UTF8STRING, 0, 0, 0 },
- /* ATTRS_USN_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 1 },
- /* ATTRS_USN_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* ATTRS_USN_SET */ { 3, ASN_SET, 1, 1, 0 },
- /* ATTRS_USN_PS */ { 4, ASN_PRINTABLE_STRING, 0, 0, 0 },
- /* ATTRS_USN_UTF */ { 4, ASN_UTF8STRING, 0, 0, 0 },
- /* Extensions Attribute */
- /* EXT_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 1 },
- /* EXT_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* EXT_SET */ { 3, ASN_SET, 1, 1, 0 },
- /* EXT_BODY */ { 4, ASN_SEQUENCE, 1, 0, 0 },
- };
- enum {
- CERTREQBODYASN_IDX_SEQ = 0,
- CERTREQBODYASN_IDX_VER,
- CERTREQBODYASN_IDX_SUBJ_SEQ,
- CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ,
- CERTREQBODYASN_IDX_ATTRS,
- CERTREQBODYASN_IDX_ATTRS_CPW_SEQ,
- CERTREQBODYASN_IDX_ATTRS_CPW_OID,
- CERTREQBODYASN_IDX_ATTRS_CPW_SET,
- CERTREQBODYASN_IDX_ATTRS_CPW_PS,
- CERTREQBODYASN_IDX_ATTRS_CPW_UTF,
- CERTREQBODYASN_IDX_ATTRS_USN_SEQ,
- CERTREQBODYASN_IDX_ATTRS_USN_OID,
- CERTREQBODYASN_IDX_ATTRS_USN_SET,
- CERTREQBODYASN_IDX_ATTRS_USN_PS,
- CERTREQBODYASN_IDX_ATTRS_USN_UTF,
- CERTREQBODYASN_IDX_EXT_SEQ,
- CERTREQBODYASN_IDX_EXT_OID,
- CERTREQBODYASN_IDX_EXT_SET,
- CERTREQBODYASN_IDX_EXT_BODY
- };
- /* Number of items in ASN.1 template for Certificate Request body. */
- #define certReqBodyASN_Length (sizeof(certReqBodyASN) / sizeof(ASNItem))
- #endif
- static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
- RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey,
- ed25519_key* ed25519Key, ed448_key* ed448Key,
- falcon_key* falconKey, dilithium_key* dilithiumKey,
- sphincs_key* sphincsKey)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- DerCert* der;
- #else
- DerCert der[1];
- #endif
- if (eccKey)
- cert->keyType = ECC_KEY;
- else if (rsaKey)
- cert->keyType = RSA_KEY;
- else if (dsaKey)
- cert->keyType = DSA_KEY;
- else if (ed25519Key)
- cert->keyType = ED25519_KEY;
- else if (ed448Key)
- cert->keyType = ED448_KEY;
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- else if ((falconKey != NULL) && (falconKey->level == 1))
- cert->keyType = FALCON_LEVEL1_KEY;
- else if ((falconKey != NULL) && (falconKey->level == 5))
- cert->keyType = FALCON_LEVEL5_KEY;
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
- cert->keyType = DILITHIUM_LEVEL2_KEY;
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
- cert->keyType = DILITHIUM_LEVEL3_KEY;
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
- cert->keyType = DILITHIUM_LEVEL5_KEY;
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
- && (sphincsKey->optim == FAST_VARIANT))
- cert->keyType = SPHINCS_FAST_LEVEL1_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
- && (sphincsKey->optim == FAST_VARIANT))
- cert->keyType = SPHINCS_FAST_LEVEL3_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
- && (sphincsKey->optim == FAST_VARIANT))
- cert->keyType = SPHINCS_FAST_LEVEL5_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
- && (sphincsKey->optim == SMALL_VARIANT))
- cert->keyType = SPHINCS_SMALL_LEVEL1_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
- && (sphincsKey->optim == SMALL_VARIANT))
- cert->keyType = SPHINCS_SMALL_LEVEL3_KEY;
- else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
- && (sphincsKey->optim == SMALL_VARIANT))
- cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- else
- return BAD_FUNC_ARG;
- #ifdef WOLFSSL_SMALL_STACK
- der = (DerCert*)XMALLOC(sizeof(DerCert), cert->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- return MEMORY_E;
- #endif
- ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key,
- falconKey, dilithiumKey, sphincsKey);
- if (ret == 0) {
- if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
- ret = BUFFER_E;
- else
- ret = cert->bodySz = WriteCertReqBody(der, derBuffer);
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(der, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- #else
- DECL_ASNSETDATA(dataASN, certReqBodyASN_Length);
- word32 publicKeySz = 0;
- word32 subjectSz = 0;
- word32 extSz = 0;
- int sz = 0;
- int ret = 0;
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
- word32 sbjRawSz = 0;
- #endif
- /* Unused without OQS */
- (void)falconKey;
- (void)dilithiumKey;
- (void)sphincsKey;
- CALLOC_ASNSETDATA(dataASN, certReqBodyASN_Length, ret, cert->heap);
- if (ret == 0) {
- /* Set key type into certificate object based on key passed in. */
- if (rsaKey != NULL) {
- cert->keyType = RSA_KEY;
- }
- else if (eccKey != NULL) {
- cert->keyType = ECC_KEY;
- }
- else if (dsaKey != NULL) {
- cert->keyType = DSA_KEY;
- }
- else if (ed25519Key != NULL) {
- cert->keyType = ED25519_KEY;
- }
- else if (ed448Key != NULL) {
- cert->keyType = ED448_KEY;
- }
- #ifdef HAVE_PQC
- #ifdef HAVE_FALCON
- else if ((falconKey != NULL) && (falconKey->level == 1)) {
- cert->keyType = FALCON_LEVEL1_KEY;
- }
- else if ((falconKey != NULL) && (falconKey->level == 5)) {
- cert->keyType = FALCON_LEVEL5_KEY;
- }
- #endif /* HAVE_FALCON */
- #ifdef HAVE_DILITHIUM
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
- cert->keyType = DILITHIUM_LEVEL2_KEY;
- }
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
- cert->keyType = DILITHIUM_LEVEL3_KEY;
- }
- else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
- cert->keyType = DILITHIUM_LEVEL5_KEY;
- }
- #endif /* HAVE_DILITHIUM */
- #ifdef HAVE_SPHINCS
- else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
- && (sphincsKey->optim == FAST_VARIANT)) {
- cert->keyType = SPHINCS_FAST_LEVEL1_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
- && (sphincsKey->optim == FAST_VARIANT)) {
- cert->keyType = SPHINCS_FAST_LEVEL3_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
- && (sphincsKey->optim == FAST_VARIANT)) {
- cert->keyType = SPHINCS_FAST_LEVEL5_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
- && (sphincsKey->optim == SMALL_VARIANT)) {
- cert->keyType = SPHINCS_SMALL_LEVEL1_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
- && (sphincsKey->optim == SMALL_VARIANT)) {
- cert->keyType = SPHINCS_SMALL_LEVEL3_KEY;
- }
- else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
- && (sphincsKey->optim == SMALL_VARIANT)) {
- cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
- }
- #endif /* HAVE_SPHINCS */
- #endif /* HAVE_PQC */
- else {
- ret = BAD_FUNC_ARG;
- }
- }
- if (ret == 0) {
- /* Determine subject name size. */
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
- sbjRawSz = (word32)XSTRLEN((const char*)cert->sbjRaw);
- if (sbjRawSz > 0) {
- subjectSz = min(sizeof(cert->sbjRaw), sbjRawSz);
- }
- else
- #endif
- {
- ret = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, cert->heap);
- subjectSz = (word32)ret;
- }
- }
- if (ret >= 0) {
- /* Determine encode public key size. */
- ret = EncodePublicKey(cert->keyType, NULL, 0, rsaKey,
- eccKey, ed25519Key, ed448Key, dsaKey);
- publicKeySz = (word32)ret;
- }
- if (ret >= 0) {
- /* Determine encode extensions size. */
- ret = EncodeExtensions(cert, NULL, 0, 1);
- extSz = (word32)ret;
- }
- if (ret >= 0) {
- /* Set version. */
- SetASN_Int8Bit(&dataASN[CERTREQBODYASN_IDX_VER], (byte)cert->version);
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
- if (sbjRawSz > 0) {
- /* Put in encoded subject name. */
- SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ], cert->sbjRaw,
- subjectSz);
- }
- else
- #endif
- {
- /* Leave space for subject name. */
- SetASN_ReplaceBuffer(&dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ], NULL,
- subjectSz);
- }
- /* Leave space for public key. */
- SetASN_ReplaceBuffer(&dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ],
- NULL, publicKeySz);
- if (cert->challengePw[0] != '\0') {
- /* Add challenge password attribute. */
- /* Set challenge password OID. */
- SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_ATTRS_CPW_OID],
- attrChallengePasswordOid, sizeof(attrChallengePasswordOid));
- /* Enable the ASN template item with the appropriate tag. */
- if (cert->challengePwPrintableString) {
- /* PRINTABLE_STRING - set buffer */
- SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_ATTRS_CPW_PS],
- (byte*)cert->challengePw,
- (word32)XSTRLEN(cert->challengePw));
- /* UTF8STRING - don't encode */
- dataASN[CERTREQBODYASN_IDX_ATTRS_CPW_UTF].noOut = 1;
- }
- else {
- /* PRINTABLE_STRING - don't encode */
- dataASN[CERTREQBODYASN_IDX_ATTRS_CPW_PS].noOut = 1;
- /* UTF8STRING - set buffer */
- SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_ATTRS_CPW_UTF],
- (byte*)cert->challengePw,
- (word32)XSTRLEN(cert->challengePw));
- }
- }
- else {
- /* Leave out challenge password attribute items. */
- SetASNItem_NoOutNode(dataASN, certReqBodyASN,
- CERTREQBODYASN_IDX_ATTRS_CPW_SEQ, certReqBodyASN_Length);
- }
- if (cert->unstructuredName[0] != '\0') {
- /* Add unstructured name attribute. */
- /* Set unstructured name OID. */
- SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_ATTRS_USN_OID],
- attrUnstructuredNameOid, sizeof(attrUnstructuredNameOid));
- /* PRINTABLE_STRING - set buffer */
- SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_ATTRS_USN_PS],
- (byte*)cert->unstructuredName,
- (word32)XSTRLEN(cert->unstructuredName));
- /* UTF8STRING - don't encode */
- dataASN[CERTREQBODYASN_IDX_ATTRS_USN_UTF].noOut = 1;
- }
- else {
- /* Leave out unstructured name attribute item. */
- SetASNItem_NoOutNode(dataASN, certReqBodyASN,
- CERTREQBODYASN_IDX_ATTRS_USN_SEQ, certReqBodyASN_Length);
- }
- if (extSz > 0) {
- /* Set extension attribute OID. */
- SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_EXT_OID], attrExtensionRequestOid,
- sizeof(attrExtensionRequestOid));
- /* Leave space for data. */
- SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_EXT_BODY], NULL, extSz);
- }
- else {
- /* Leave out extension attribute items. */
- SetASNItem_NoOutNode(dataASN, certReqBodyASN,
- CERTREQBODYASN_IDX_EXT_SEQ, certReqBodyASN_Length);
- }
- /* Calculate size of encoded certificate request body. */
- ret = SizeASN_Items(certReqBodyASN, dataASN, certReqBodyASN_Length,
- &sz);
- }
- /* Check buffer is big enough for encoded data. */
- if ((ret == 0) && (sz > (int)derSz)) {
- ret = BUFFER_E;
- }
- if (ret == 0 && derBuffer != NULL) {
- /* Encode certificate request body into buffer. */
- SetASN_Items(certReqBodyASN, dataASN, certReqBodyASN_Length, derBuffer);
- /* Put in generated data */
- #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
- if (sbjRawSz == 0)
- #endif
- {
- /* Encode subject name into space in buffer. */
- ret = SetNameEx(
- (byte*)dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ].data.buffer.data,
- dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ].data.buffer.length,
- &cert->subject, cert->heap);
- }
- }
- if (ret >= 0 && derBuffer != NULL) {
- /* Encode public key into space in buffer. */
- ret = EncodePublicKey(cert->keyType,
- (byte*)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.data,
- (int)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.length,
- rsaKey, eccKey, ed25519Key, ed448Key, dsaKey);
- }
- if ((ret >= 0 && derBuffer != NULL) &&
- (!dataASN[CERTREQBODYASN_IDX_EXT_BODY].noOut)) {
- /* Encode extensions into space in buffer. */
- ret = EncodeExtensions(cert,
- (byte*)dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.data,
- dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.length, 1);
- }
- if (ret >= 0) {
- /* Store encoded certificate request body size. */
- cert->bodySz = sz;
- /* Return the encoding size. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, cert->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
- void* key)
- {
- RsaKey* rsaKey = NULL;
- DsaKey* dsaKey = NULL;
- ecc_key* eccKey = NULL;
- ed25519_key* ed25519Key = NULL;
- ed448_key* ed448Key = NULL;
- falcon_key* falconKey = NULL;
- dilithium_key* dilithiumKey = NULL;
- sphincs_key* sphincsKey = NULL;
- if (keyType == RSA_TYPE)
- rsaKey = (RsaKey*)key;
- else if (keyType == DSA_TYPE)
- dsaKey = (DsaKey*)key;
- else if (keyType == ECC_TYPE)
- eccKey = (ecc_key*)key;
- else if (keyType == ED25519_TYPE)
- ed25519Key = (ed25519_key*)key;
- else if (keyType == ED448_TYPE)
- ed448Key = (ed448_key*)key;
- else if (keyType == FALCON_LEVEL1_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == FALCON_LEVEL5_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == DILITHIUM_LEVEL2_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL3_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL5_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- return MakeCertReq(cert, derBuffer, derSz, rsaKey, dsaKey, eccKey,
- ed25519Key, ed448Key, falconKey, dilithiumKey,
- sphincsKey);
- }
- WOLFSSL_ABI
- int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
- RsaKey* rsaKey, ecc_key* eccKey)
- {
- return MakeCertReq(cert, derBuffer, derSz, rsaKey, NULL, eccKey, NULL,
- NULL, NULL, NULL, NULL);
- }
- #endif /* WOLFSSL_CERT_REQ */
- static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
- RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key,
- ed448_key* ed448Key, falcon_key* falconKey,
- dilithium_key* dilithiumKey, sphincs_key* sphincsKey,
- WC_RNG* rng)
- {
- int sigSz = 0;
- void* heap = NULL;
- CertSignCtx certSignCtx_lcl;
- CertSignCtx* certSignCtx = &certSignCtx_lcl;
- XMEMSET(certSignCtx, 0, sizeof(*certSignCtx));
- if (requestSz < 0)
- return requestSz;
- /* locate ctx */
- if (rsaKey) {
- #ifndef NO_RSA
- #ifdef WOLFSSL_ASYNC_CRYPT
- certSignCtx = &rsaKey->certSignCtx;
- #endif
- heap = rsaKey->heap;
- #else
- return NOT_COMPILED_IN;
- #endif /* NO_RSA */
- }
- else if (eccKey) {
- #ifdef HAVE_ECC
- #ifdef WOLFSSL_ASYNC_CRYPT
- certSignCtx = &eccKey->certSignCtx;
- #endif
- heap = eccKey->heap;
- #else
- return NOT_COMPILED_IN;
- #endif /* HAVE_ECC */
- }
- if (certSignCtx->sig == NULL) {
- certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (certSignCtx->sig == NULL)
- return MEMORY_E;
- }
- sigSz = MakeSignature(certSignCtx, buf, (word32)requestSz, certSignCtx->sig,
- MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key,
- falconKey, dilithiumKey, sphincsKey, rng, (word32)sType, heap);
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (sigSz == WC_PENDING_E) {
- /* Not free'ing certSignCtx->sig here because it could still be in use
- * with async operations. */
- return sigSz;
- }
- #endif
- if (sigSz >= 0) {
- if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz)
- sigSz = BUFFER_E;
- else
- sigSz = AddSignature(buf, requestSz, certSignCtx->sig, sigSz,
- sType);
- }
- XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER);
- certSignCtx->sig = NULL;
- return sigSz;
- }
- #ifdef WOLFSSL_DUAL_ALG_CERTS
- int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
- word32 bufSz, int keyType, void* key, WC_RNG* rng)
- {
- RsaKey* rsaKey = NULL;
- ecc_key* eccKey = NULL;
- ed25519_key* ed25519Key = NULL;
- ed448_key* ed448Key = NULL;
- falcon_key* falconKey = NULL;
- dilithium_key* dilithiumKey = NULL;
- sphincs_key* sphincsKey = NULL;
- int ret = 0;
- int headerSz;
- void* heap = NULL;
- CertSignCtx certSignCtx_lcl;
- CertSignCtx* certSignCtx = &certSignCtx_lcl;
- if ((sig == NULL) || (sigSz <= 0)) {
- return BAD_FUNC_ARG;
- }
- XMEMSET(certSignCtx, 0, sizeof(*certSignCtx));
- switch (keyType)
- {
- case RSA_TYPE:
- rsaKey = (RsaKey*)key;
- break;
- case ECC_TYPE:
- eccKey = (ecc_key*)key;
- break;
- case ED25519_TYPE:
- ed25519Key = (ed25519_key*)key;
- break;
- case ED448_TYPE:
- ed448Key = (ed448_key*)key;
- break;
- case FALCON_LEVEL1_TYPE:
- case FALCON_LEVEL5_TYPE:
- falconKey = (falcon_key*)key;
- break;
- case DILITHIUM_LEVEL2_TYPE:
- case DILITHIUM_LEVEL3_TYPE:
- case DILITHIUM_LEVEL5_TYPE:
- dilithiumKey = (dilithium_key*)key;
- break;
- case SPHINCS_FAST_LEVEL1_TYPE:
- case SPHINCS_FAST_LEVEL3_TYPE:
- case SPHINCS_FAST_LEVEL5_TYPE:
- case SPHINCS_SMALL_LEVEL1_TYPE:
- case SPHINCS_SMALL_LEVEL3_TYPE:
- case SPHINCS_SMALL_LEVEL5_TYPE:
- sphincsKey = (sphincs_key*)key;
- break;
- default:
- return BAD_FUNC_ARG;
- }
- /* locate ctx */
- if (rsaKey) {
- #ifndef NO_RSA
- #ifdef WOLFSSL_ASYNC_CRYPT
- certSignCtx = &rsaKey->certSignCtx;
- #endif
- heap = rsaKey->heap;
- #else
- return NOT_COMPILED_IN;
- #endif /* NO_RSA */
- }
- else if (eccKey) {
- #ifdef HAVE_ECC
- #ifdef WOLFSSL_ASYNC_CRYPT
- certSignCtx = &eccKey->certSignCtx;
- #endif
- heap = eccKey->heap;
- #else
- return NOT_COMPILED_IN;
- #endif /* HAVE_ECC */
- }
- if (certSignCtx->sig == NULL) {
- certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (certSignCtx->sig == NULL)
- return MEMORY_E;
- }
- ret = MakeSignature(certSignCtx, buf, (word32)bufSz, certSignCtx->sig,
- MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key,
- falconKey, dilithiumKey, sphincsKey, rng, (word32)sType, heap);
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (ret == WC_PENDING_E) {
- /* Not free'ing certSignCtx->sig here because it could still be in use
- * with async operations. */
- return ret;
- }
- #endif
- if (ret <= 0) {
- return ret;
- }
- headerSz = SetBitString(ret, 0, NULL);
- if (headerSz + ret > sigSz) {
- ret = BUFFER_E;
- }
- if (ret > 0) {
- sig += SetBitString(ret, 0, sig);
- XMEMCPY(sig, certSignCtx->sig, ret);
- ret += headerSz;
- }
- XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER);
- certSignCtx->sig = NULL;
- return ret;
- }
- #endif /* WOLFSSL_DUAL_ALG_CERTS */
- int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
- int keyType, void* key, WC_RNG* rng)
- {
- RsaKey* rsaKey = NULL;
- ecc_key* eccKey = NULL;
- ed25519_key* ed25519Key = NULL;
- ed448_key* ed448Key = NULL;
- falcon_key* falconKey = NULL;
- dilithium_key* dilithiumKey = NULL;
- sphincs_key* sphincsKey = NULL;
- if (keyType == RSA_TYPE)
- rsaKey = (RsaKey*)key;
- else if (keyType == ECC_TYPE)
- eccKey = (ecc_key*)key;
- else if (keyType == ED25519_TYPE)
- ed25519Key = (ed25519_key*)key;
- else if (keyType == ED448_TYPE)
- ed448Key = (ed448_key*)key;
- else if (keyType == FALCON_LEVEL1_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == FALCON_LEVEL5_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == DILITHIUM_LEVEL2_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL3_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL5_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- return SignCert(requestSz, sType, buf, buffSz, rsaKey, eccKey, ed25519Key,
- ed448Key, falconKey, dilithiumKey, sphincsKey, rng);
- }
- int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
- RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng)
- {
- return SignCert(requestSz, sType, buf, buffSz, rsaKey, eccKey, NULL, NULL,
- NULL, NULL, NULL, rng);
- }
- WOLFSSL_ABI
- int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
- RsaKey* key, WC_RNG* rng)
- {
- int ret;
- ret = wc_MakeCert(cert, buf, buffSz, key, NULL, rng);
- if (ret < 0)
- return ret;
- return wc_SignCert(cert->bodySz, cert->sigType,
- buf, buffSz, key, NULL, rng);
- }
- #ifdef WOLFSSL_CERT_EXT
- /* Get raw subject from cert, which may contain OIDs not parsed by Decode.
- The raw subject pointer will only be valid while "cert" is valid. */
- WOLFSSL_ABI
- int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert)
- {
- int rc = BAD_FUNC_ARG;
- if ((subjectRaw != NULL) && (cert != NULL)) {
- *subjectRaw = cert->sbjRaw;
- rc = 0;
- }
- return rc;
- }
- /* Set KID from public key */
- static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
- ed25519_key* ed25519Key, ed448_key* ed448Key,
- falcon_key* falconKey,
- dilithium_key* dilithiumKey,
- sphincs_key *sphincsKey, int kid_type)
- {
- byte *buf;
- int bufferSz, ret;
- if (cert == NULL ||
- (rsakey == NULL && eckey == NULL && ed25519Key == NULL &&
- ed448Key == NULL && falconKey == NULL && dilithiumKey == NULL &&
- sphincsKey == NULL) ||
- (kid_type != SKID_TYPE && kid_type != AKID_TYPE))
- return BAD_FUNC_ARG;
- buf = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (buf == NULL)
- return MEMORY_E;
- /* Public Key */
- bufferSz = -1;
- #ifndef NO_RSA
- /* RSA public key */
- if (rsakey != NULL)
- bufferSz = SetRsaPublicKey(buf, rsakey, MAX_PUBLIC_KEY_SZ, 0);
- #endif
- #ifdef HAVE_ECC
- /* ECC public key */
- if (eckey != NULL)
- bufferSz = SetEccPublicKey(buf, eckey, MAX_PUBLIC_KEY_SZ, 0, 0);
- #endif
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- /* ED25519 public key */
- if (ed25519Key != NULL) {
- bufferSz = wc_Ed25519PublicKeyToDer(ed25519Key, buf, MAX_PUBLIC_KEY_SZ, 0);
- }
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- /* ED448 public key */
- if (ed448Key != NULL) {
- bufferSz = wc_Ed448PublicKeyToDer(ed448Key, buf, MAX_PUBLIC_KEY_SZ, 0);
- }
- #endif
- #if defined(HAVE_PQC)
- #if defined(HAVE_FALCON)
- if (falconKey != NULL) {
- bufferSz = wc_Falcon_PublicKeyToDer(falconKey, buf, MAX_PUBLIC_KEY_SZ,
- 0);
- }
- #endif
- #if defined(HAVE_DILITHIUM)
- if (dilithiumKey != NULL) {
- bufferSz = wc_Dilithium_PublicKeyToDer(dilithiumKey, buf,
- MAX_PUBLIC_KEY_SZ, 0);
- }
- #endif
- #if defined(HAVE_SPHINCS)
- if (sphincsKey != NULL) {
- bufferSz = wc_Sphincs_PublicKeyToDer(sphincsKey, buf,
- MAX_PUBLIC_KEY_SZ, 0);
- }
- #endif
- #endif /* HAVE_PQC */
- if (bufferSz <= 0) {
- XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return PUBLIC_KEY_E;
- }
- /* Compute SKID by hashing public key */
- if (kid_type == SKID_TYPE) {
- int hashId = HashIdAlg((word32)cert->sigType);
- ret = CalcHashId_ex(buf, (word32)bufferSz, cert->skid, hashId);
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- cert->skidSz = wc_HashGetDigestSize(wc_HashTypeConvert(hashId));
- #else
- cert->skidSz = KEYID_SIZE;
- #endif
- }
- else if (kid_type == AKID_TYPE) {
- int hashId = HashIdAlg((word32)cert->sigType);
- ret = CalcHashId_ex(buf, (word32)bufferSz, cert->akid, hashId);
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- cert->akidSz = wc_HashGetDigestSize(wc_HashTypeConvert(hashId));
- #else
- cert->akidSz = KEYID_SIZE;
- #endif
- }
- else
- ret = BAD_FUNC_ARG;
- XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
- {
- RsaKey* rsaKey = NULL;
- ecc_key* eccKey = NULL;
- ed25519_key* ed25519Key = NULL;
- ed448_key* ed448Key = NULL;
- falcon_key* falconKey = NULL;
- dilithium_key* dilithiumKey = NULL;
- sphincs_key* sphincsKey = NULL;
- if (keyType == RSA_TYPE)
- rsaKey = (RsaKey*)key;
- else if (keyType == ECC_TYPE)
- eccKey = (ecc_key*)key;
- else if (keyType == ED25519_TYPE)
- ed25519Key = (ed25519_key*)key;
- else if (keyType == ED448_TYPE)
- ed448Key = (ed448_key*)key;
- else if (keyType == FALCON_LEVEL1_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == FALCON_LEVEL5_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == DILITHIUM_LEVEL2_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL3_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL5_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- return SetKeyIdFromPublicKey(cert, rsaKey, eccKey, ed25519Key, ed448Key,
- falconKey, dilithiumKey, sphincsKey,
- SKID_TYPE);
- }
- /* Set SKID from RSA or ECC public key */
- int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey)
- {
- return SetKeyIdFromPublicKey(cert, rsakey, eckey, NULL, NULL, NULL, NULL,
- NULL, SKID_TYPE);
- }
- int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
- {
- RsaKey* rsaKey = NULL;
- ecc_key* eccKey = NULL;
- ed25519_key* ed25519Key = NULL;
- ed448_key* ed448Key = NULL;
- falcon_key* falconKey = NULL;
- dilithium_key* dilithiumKey = NULL;
- sphincs_key* sphincsKey = NULL;
- if (keyType == RSA_TYPE)
- rsaKey = (RsaKey*)key;
- else if (keyType == ECC_TYPE)
- eccKey = (ecc_key*)key;
- else if (keyType == ED25519_TYPE)
- ed25519Key = (ed25519_key*)key;
- else if (keyType == ED448_TYPE)
- ed448Key = (ed448_key*)key;
- else if (keyType == FALCON_LEVEL1_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == FALCON_LEVEL5_TYPE)
- falconKey = (falcon_key*)key;
- else if (keyType == DILITHIUM_LEVEL2_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL3_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == DILITHIUM_LEVEL5_TYPE)
- dilithiumKey = (dilithium_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_FAST_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL1_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL3_TYPE)
- sphincsKey = (sphincs_key*)key;
- else if (keyType == SPHINCS_SMALL_LEVEL5_TYPE)
- sphincsKey = (sphincs_key*)key;
- return SetKeyIdFromPublicKey(cert, rsaKey, eccKey, ed25519Key, ed448Key,
- falconKey, dilithiumKey, sphincsKey,
- AKID_TYPE);
- }
- /* Set SKID from RSA or ECC public key */
- int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey)
- {
- return SetKeyIdFromPublicKey(cert, rsakey, eckey, NULL, NULL, NULL, NULL,
- NULL, AKID_TYPE);
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN_CRYPT)
- /* Set SKID from public key file in PEM */
- int wc_SetSubjectKeyId(Cert *cert, const char* file)
- {
- int ret, derSz;
- byte* der;
- word32 idx;
- RsaKey *rsakey = NULL;
- ecc_key *eckey = NULL;
- if (cert == NULL || file == NULL)
- return BAD_FUNC_ARG;
- der = (byte*)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, DYNAMIC_TYPE_CERT);
- if (der == NULL) {
- WOLFSSL_MSG("wc_SetSubjectKeyId memory Problem");
- return MEMORY_E;
- }
- derSz = MAX_PUBLIC_KEY_SZ;
- XMEMSET(der, 0, (size_t)derSz);
- derSz = wc_PemPubKeyToDer(file, der, derSz);
- if (derSz <= 0) {
- XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
- return derSz;
- }
- /* Load PubKey in internal structure */
- #ifndef NO_RSA
- rsakey = (RsaKey*) XMALLOC(sizeof(RsaKey), cert->heap, DYNAMIC_TYPE_RSA);
- if (rsakey == NULL) {
- XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
- return MEMORY_E;
- }
- if (wc_InitRsaKey(rsakey, cert->heap) != 0) {
- WOLFSSL_MSG("wc_InitRsaKey failure");
- XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA);
- XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
- return MEMORY_E;
- }
- idx = 0;
- ret = wc_RsaPublicKeyDecode(der, &idx, rsakey, (word32)derSz);
- if (ret != 0)
- #endif
- {
- #ifndef NO_RSA
- WOLFSSL_MSG("wc_RsaPublicKeyDecode failed");
- wc_FreeRsaKey(rsakey);
- XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA);
- rsakey = NULL;
- #endif
- #ifdef HAVE_ECC
- /* Check to load ecc public key */
- eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), cert->heap,
- DYNAMIC_TYPE_ECC);
- if (eckey == NULL) {
- XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
- return MEMORY_E;
- }
- if (wc_ecc_init(eckey) != 0) {
- WOLFSSL_MSG("wc_ecc_init failure");
- wc_ecc_free(eckey);
- XFREE(eckey, cert->heap, DYNAMIC_TYPE_ECC);
- XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
- return MEMORY_E;
- }
- idx = 0;
- ret = wc_EccPublicKeyDecode(der, &idx, eckey, (word32)derSz);
- if (ret != 0) {
- WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
- XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
- wc_ecc_free(eckey);
- XFREE(eckey, cert->heap, DYNAMIC_TYPE_ECC);
- return PUBLIC_KEY_E;
- }
- #else
- XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
- return PUBLIC_KEY_E;
- #endif /* HAVE_ECC */
- }
- XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
- ret = wc_SetSubjectKeyIdFromPublicKey(cert, rsakey, eckey);
- #ifndef NO_RSA
- wc_FreeRsaKey(rsakey);
- XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA);
- #endif
- #ifdef HAVE_ECC
- wc_ecc_free(eckey);
- XFREE(eckey, cert->heap, DYNAMIC_TYPE_ECC);
- #endif
- #if defined(NO_RSA) && !defined(HAVE_ECC)
- (void)idx;
- #endif
- return ret;
- }
- #endif /* !NO_FILESYSTEM && !NO_ASN_CRYPT */
- static int SetAuthKeyIdFromDcert(Cert* cert, DecodedCert* decoded)
- {
- int ret = 0;
- /* Subject Key Id not found !! */
- if (decoded->extSubjKeyIdSet == 0) {
- ret = ASN_NO_SKID;
- }
- /* SKID invalid size */
- else if (sizeof(cert->akid) < sizeof(decoded->extSubjKeyId)) {
- ret = MEMORY_E;
- }
- else {
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- cert->akidSz = wc_HashGetDigestSize(wc_HashTypeConvert(HashIdAlg(
- cert->sigType)));
- #else
- cert->akidSz = KEYID_SIZE;
- #endif
- /* Put the SKID of CA to AKID of certificate */
- XMEMCPY(cert->akid, decoded->extSubjKeyId, (size_t)cert->akidSz);
- }
- return ret;
- }
- /* Set AKID from certificate contains in buffer (DER encoded) */
- int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz)
- {
- int ret = 0;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- /* Check if decodedCert is cached */
- if (cert->der != der) {
- /* Allocate cache for the decoded cert */
- ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
- }
- if (ret >= 0) {
- ret = SetAuthKeyIdFromDcert(cert, (DecodedCert*)cert->decodedCert);
- #ifndef WOLFSSL_CERT_GEN_CACHE
- wc_SetCert_Free(cert);
- #endif
- }
- }
- return ret;
- }
- #ifndef NO_FILESYSTEM
- /* Set AKID from certificate file in PEM */
- int wc_SetAuthKeyId(Cert *cert, const char* file)
- {
- int ret;
- DerBuffer* der = NULL;
- if (cert == NULL || file == NULL)
- return BAD_FUNC_ARG;
- ret = wc_PemCertToDer_ex(file, &der);
- if (ret == 0)
- {
- ret = wc_SetAuthKeyIdFromCert(cert, der->buffer, (int)der->length);
- FreeDer(&der);
- }
- return ret;
- }
- #endif /* !NO_FILESYSTEM */
- /* Set KeyUsage from human readable string */
- int wc_SetKeyUsage(Cert *cert, const char *value)
- {
- int ret = 0;
- if (cert == NULL || value == NULL)
- return BAD_FUNC_ARG;
- cert->keyUsage = 0;
- ret = ParseKeyUsageStr(value, &cert->keyUsage, cert->heap);
- return ret;
- }
- /* Set ExtendedKeyUsage from human readable string */
- int wc_SetExtKeyUsage(Cert *cert, const char *value)
- {
- int ret = 0;
- if (cert == NULL || value == NULL)
- return BAD_FUNC_ARG;
- cert->extKeyUsage = 0;
- ret = ParseExtKeyUsageStr(value, &cert->extKeyUsage, cert->heap);
- return ret;
- }
- #ifdef WOLFSSL_EKU_OID
- /*
- * cert structure to set EKU oid in
- * oid the oid in byte representation
- * sz size of oid buffer
- * idx index of array to place oid
- *
- * returns 0 on success
- */
- int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx,
- void* heap)
- {
- byte oid[CTC_MAX_EKU_OID_SZ];
- word32 oidSz = CTC_MAX_EKU_OID_SZ;
- if (idx >= CTC_MAX_EKU_NB || sz >= CTC_MAX_EKU_OID_SZ) {
- WOLFSSL_MSG("Either idx or sz was too large");
- return BAD_FUNC_ARG;
- }
- if (EncodePolicyOID(oid, &oidSz, in, heap) != 0) {
- return BUFFER_E;
- }
- XMEMCPY(cert->extKeyUsageOID[idx], oid, oidSz);
- cert->extKeyUsageOIDSz[idx] = oidSz;
- cert->extKeyUsage |= EXTKEYUSE_USER;
- return 0;
- }
- #endif /* WOLFSSL_EKU_OID */
- #if defined(WOLFSSL_ASN_TEMPLATE) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_ENCODING) && \
- defined(WOLFSSL_CERT_EXT)
- int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
- const byte *der, word32 derSz) {
- CertExtension *ext;
- byte encodedOid[MAX_OID_SZ];
- word32 encodedOidSz = MAX_OID_SZ;
- int ret;
- if (cert == NULL || oid == NULL || der == NULL || derSz == 0) {
- return BAD_FUNC_ARG;
- }
- if (cert->customCertExtCount >= NUM_CUSTOM_EXT) {
- return MEMORY_E;
- }
- /* Make sure we can properly parse the OID. */
- ret = EncodePolicyOID(encodedOid, &encodedOidSz, oid, NULL);
- if (ret != 0) {
- return ret;
- }
- ext = &cert->customCertExt[cert->customCertExtCount];
- ext->oid = (char*)oid;
- ext->crit = (critical == 0) ? 0 : 1;
- ext->val = (byte*)der;
- ext->valSz = derSz;
- cert->customCertExtCount++;
- return 0;
- }
- #endif
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_ALT_NAMES
- static int SetAltNamesFromDcert(Cert* cert, DecodedCert* decoded)
- {
- int ret = 0;
- cert->altNamesSz = 0;
- if (decoded->altNames) {
- ret = FlattenAltNames(cert->altNames,
- sizeof(cert->altNames), decoded->altNames);
- if (ret >= 0) {
- cert->altNamesSz = ret;
- ret = 0;
- }
- }
- return ret;
- }
- #ifndef NO_FILESYSTEM
- /* Set Alt Names from der cert, return 0 on success */
- static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz,
- int devId)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert* decoded;
- #else
- DecodedCert decoded[1];
- #endif
- if (derSz < 0)
- return derSz;
- #ifdef WOLFSSL_SMALL_STACK
- decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cert->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL)
- return MEMORY_E;
- #endif
- InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
- ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
- if (ret < 0) {
- WOLFSSL_MSG("ParseCertRelative error");
- }
- else {
- ret = SetAltNamesFromDcert(cert, decoded);
- }
- FreeDecodedCert(decoded);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(decoded, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret < 0 ? ret : 0;
- }
- #endif
- static int SetDatesFromDcert(Cert* cert, DecodedCert* decoded)
- {
- int ret = 0;
- if (decoded->beforeDate == NULL || decoded->afterDate == NULL) {
- WOLFSSL_MSG("Couldn't extract dates");
- ret = -1;
- }
- else if (decoded->beforeDateLen > MAX_DATE_SIZE ||
- decoded->afterDateLen > MAX_DATE_SIZE) {
- WOLFSSL_MSG("Bad date size");
- ret = -1;
- }
- else {
- XMEMCPY(cert->beforeDate, decoded->beforeDate,
- (size_t)decoded->beforeDateLen);
- XMEMCPY(cert->afterDate, decoded->afterDate,
- (size_t)decoded->afterDateLen);
- cert->beforeDateSz = decoded->beforeDateLen;
- cert->afterDateSz = decoded->afterDateLen;
- }
- return ret;
- }
- #endif /* WOLFSSL_ALT_NAMES */
- static void SetNameFromDcert(CertName* cn, DecodedCert* decoded)
- {
- int sz;
- if (decoded->subjectCN) {
- sz = (decoded->subjectCNLen < CTC_NAME_SIZE) ? decoded->subjectCNLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->commonName, decoded->subjectCN, (size_t)sz);
- cn->commonName[sz] = '\0';
- cn->commonNameEnc = decoded->subjectCNEnc;
- }
- if (decoded->subjectC) {
- sz = (decoded->subjectCLen < CTC_NAME_SIZE) ? decoded->subjectCLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->country, decoded->subjectC, (size_t)sz);
- cn->country[sz] = '\0';
- cn->countryEnc = decoded->subjectCEnc;
- }
- if (decoded->subjectST) {
- sz = (decoded->subjectSTLen < CTC_NAME_SIZE) ? decoded->subjectSTLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->state, decoded->subjectST, (size_t)sz);
- cn->state[sz] = '\0';
- cn->stateEnc = decoded->subjectSTEnc;
- }
- if (decoded->subjectL) {
- sz = (decoded->subjectLLen < CTC_NAME_SIZE) ? decoded->subjectLLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->locality, decoded->subjectL, (size_t)sz);
- cn->locality[sz] = '\0';
- cn->localityEnc = decoded->subjectLEnc;
- }
- if (decoded->subjectO) {
- sz = (decoded->subjectOLen < CTC_NAME_SIZE) ? decoded->subjectOLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->org, decoded->subjectO, (size_t)sz);
- cn->org[sz] = '\0';
- cn->orgEnc = decoded->subjectOEnc;
- }
- if (decoded->subjectOU) {
- sz = (decoded->subjectOULen < CTC_NAME_SIZE) ? decoded->subjectOULen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->unit, decoded->subjectOU, (size_t)sz);
- cn->unit[sz] = '\0';
- cn->unitEnc = decoded->subjectOUEnc;
- }
- if (decoded->subjectSN) {
- sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->sur, decoded->subjectSN, (size_t)sz);
- cn->sur[sz] = '\0';
- cn->surEnc = decoded->subjectSNEnc;
- }
- if (decoded->subjectSND) {
- sz = (decoded->subjectSNDLen < CTC_NAME_SIZE) ? decoded->subjectSNDLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->serialDev, decoded->subjectSND, (size_t)sz);
- cn->serialDev[sz] = '\0';
- cn->serialDevEnc = decoded->subjectSNDEnc;
- }
- if (decoded->subjectUID) {
- sz = (decoded->subjectUIDLen < CTC_NAME_SIZE) ? decoded->subjectUIDLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->userId, decoded->subjectUID, (size_t)sz);
- cn->userId[sz] = '\0';
- cn->userIdEnc = decoded->subjectUIDEnc;
- }
- #ifdef WOLFSSL_CERT_EXT
- if (decoded->subjectBC) {
- sz = (decoded->subjectBCLen < CTC_NAME_SIZE) ? decoded->subjectBCLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->busCat, decoded->subjectBC, (size_t)sz);
- cn->busCat[sz] = '\0';
- cn->busCatEnc = decoded->subjectBCEnc;
- }
- if (decoded->subjectJC) {
- sz = (decoded->subjectJCLen < CTC_NAME_SIZE) ? decoded->subjectJCLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->joiC, decoded->subjectJC, (size_t)sz);
- cn->joiC[sz] = '\0';
- cn->joiCEnc = decoded->subjectJCEnc;
- }
- if (decoded->subjectJS) {
- sz = (decoded->subjectJSLen < CTC_NAME_SIZE) ? decoded->subjectJSLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->joiSt, decoded->subjectJS, (size_t)sz);
- cn->joiSt[sz] = '\0';
- cn->joiStEnc = decoded->subjectJSEnc;
- }
- #endif
- if (decoded->subjectEmail) {
- sz = (decoded->subjectEmailLen < CTC_NAME_SIZE)
- ? decoded->subjectEmailLen : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->email, decoded->subjectEmail, (size_t)sz);
- cn->email[sz] = '\0';
- }
- #if defined(WOLFSSL_CERT_NAME_ALL) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
- if (decoded->subjectN) {
- sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->dnName, decoded->subjectN, (size_t)sz);
- cn->dnName[sz] = '\0';
- cn->dnNameEnc = decoded->subjectNEnc;
- }
- if (decoded->subjectI) {
- sz = (decoded->subjectILen < CTC_NAME_SIZE) ? decoded->subjectILen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->initials, decoded->subjectI, (size_t)sz);
- cn->initials[sz] = '\0';
- cn->initialsEnc = decoded->subjectIEnc;
- }
- if (decoded->subjectGN) {
- sz = (decoded->subjectGNLen < CTC_NAME_SIZE) ? decoded->subjectGNLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->givenName, decoded->subjectGN, (size_t)sz);
- cn->givenName[sz] = '\0';
- cn->givenNameEnc = decoded->subjectGNEnc;
- }
- if (decoded->subjectDNQ) {
- sz = (decoded->subjectDNQLen < CTC_NAME_SIZE) ? decoded->subjectDNQLen
- : CTC_NAME_SIZE - 1;
- XSTRNCPY(cn->dnQualifier, decoded->subjectDNQ, (size_t)sz);
- cn->dnQualifier[sz] = '\0';
- cn->dnQualifierEnc = decoded->subjectDNQEnc;
- }
- #endif /* WOLFSSL_CERT_NAME_ALL */
- }
- #ifndef NO_FILESYSTEM
- /* Set cn name from der buffer, return 0 on success */
- static int SetNameFromCert(CertName* cn, const byte* der, int derSz, int devId)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert* decoded;
- #else
- DecodedCert decoded[1];
- #endif
- if (derSz < 0)
- return derSz;
- #ifdef WOLFSSL_SMALL_STACK
- decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL)
- return MEMORY_E;
- #endif
- InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
- ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
- if (ret < 0) {
- WOLFSSL_MSG("ParseCertRelative error");
- }
- else {
- SetNameFromDcert(cn, decoded);
- }
- FreeDecodedCert(decoded);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret < 0 ? ret : 0;
- }
- /* Set cert issuer from issuerFile in PEM */
- WOLFSSL_ABI
- int wc_SetIssuer(Cert* cert, const char* issuerFile)
- {
- int ret;
- DerBuffer* der = NULL;
- if (cert == NULL || issuerFile == NULL)
- return BAD_FUNC_ARG;
- ret = wc_PemCertToDer_ex(issuerFile, &der);
- if (ret == 0) {
- cert->selfSigned = 0;
- ret = SetNameFromCert(&cert->issuer, der->buffer, (int)der->length,
- INVALID_DEVID);
- FreeDer(&der);
- }
- return ret;
- }
- /* Set cert subject from subjectFile in PEM */
- WOLFSSL_ABI
- int wc_SetSubject(Cert* cert, const char* subjectFile)
- {
- int ret;
- DerBuffer* der = NULL;
- if (cert == NULL || subjectFile == NULL)
- return BAD_FUNC_ARG;
- ret = wc_PemCertToDer_ex(subjectFile, &der);
- if (ret == 0) {
- ret = SetNameFromCert(&cert->subject, der->buffer, (int)der->length,
- INVALID_DEVID);
- FreeDer(&der);
- }
- return ret;
- }
- #ifdef WOLFSSL_ALT_NAMES
- /* Set alt names from file in PEM */
- WOLFSSL_ABI
- int wc_SetAltNames(Cert* cert, const char* file)
- {
- int ret;
- DerBuffer* der = NULL;
- if (cert == NULL) {
- return BAD_FUNC_ARG;
- }
- ret = wc_PemCertToDer_ex(file, &der);
- if (ret == 0) {
- ret = SetAltNamesFromCert(cert, der->buffer, (int)der->length,
- INVALID_DEVID);
- FreeDer(&der);
- }
- return ret;
- }
- #endif /* WOLFSSL_ALT_NAMES */
- #endif /* !NO_FILESYSTEM */
- /* Set cert issuer from DER buffer */
- WOLFSSL_ABI
- int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz)
- {
- int ret = 0;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- cert->selfSigned = 0;
- /* Check if decodedCert is cached */
- if (cert->der != der) {
- /* Allocate cache for the decoded cert */
- ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
- }
- if (ret >= 0) {
- SetNameFromDcert(&cert->issuer, (DecodedCert*)cert->decodedCert);
- #ifndef WOLFSSL_CERT_GEN_CACHE
- wc_SetCert_Free(cert);
- #endif
- }
- }
- return ret;
- }
- /* Set cert subject from DER buffer */
- WOLFSSL_ABI
- int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz)
- {
- int ret = 0;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- /* Check if decodedCert is cached */
- if (cert->der != der) {
- /* Allocate cache for the decoded cert */
- ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
- }
- if (ret >= 0) {
- SetNameFromDcert(&cert->subject, (DecodedCert*)cert->decodedCert);
- #ifndef WOLFSSL_CERT_GEN_CACHE
- wc_SetCert_Free(cert);
- #endif
- }
- }
- return ret;
- }
- #ifdef WOLFSSL_CERT_EXT
- /* Set cert raw subject from DER buffer */
- WOLFSSL_ABI
- int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz)
- {
- int ret = 0;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- /* Check if decodedCert is cached */
- if (cert->der != der) {
- /* Allocate cache for the decoded cert */
- ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
- }
- if (ret >= 0) {
- if ((((DecodedCert*)cert->decodedCert)->subjectRaw) &&
- (((DecodedCert*)cert->decodedCert)->subjectRawLen <=
- (int)sizeof(CertName))) {
- XMEMCPY(cert->sbjRaw,
- ((DecodedCert*)cert->decodedCert)->subjectRaw,
- (size_t)((DecodedCert*)cert->decodedCert)->
- subjectRawLen);
- }
- #ifndef WOLFSSL_CERT_GEN_CACHE
- wc_SetCert_Free(cert);
- #endif
- }
- }
- return ret;
- }
- /* Set cert raw issuer from DER buffer */
- WOLFSSL_ABI
- int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz)
- {
- int ret = 0;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- /* Check if decodedCert is cached */
- if (cert->der != der) {
- /* Allocate cache for the decoded cert */
- ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
- }
- if (ret >= 0) {
- if ((((DecodedCert*)cert->decodedCert)->subjectRaw) &&
- (((DecodedCert*)cert->decodedCert)->subjectRawLen <=
- (int)sizeof(CertName))) {
- /* Copy the subject to the issuer field */
- XMEMCPY(cert->issRaw,
- ((DecodedCert*)cert->decodedCert)->subjectRaw,
- (size_t)((DecodedCert*)cert->decodedCert)->
- subjectRawLen);
- }
- #ifndef WOLFSSL_CERT_GEN_CACHE
- wc_SetCert_Free(cert);
- #endif
- }
- }
- return ret;
- }
- #endif
- #ifdef WOLFSSL_ALT_NAMES
- /* Set cert alt names from DER buffer */
- WOLFSSL_ABI
- int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
- {
- int ret = 0;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- /* Check if decodedCert is cached */
- if (cert->der != der) {
- /* Allocate cache for the decoded cert */
- ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
- }
- if (ret >= 0) {
- ret = SetAltNamesFromDcert(cert, (DecodedCert*)cert->decodedCert);
- #ifndef WOLFSSL_CERT_GEN_CACHE
- wc_SetCert_Free(cert);
- #endif
- }
- }
- return(ret);
- }
- /* Set cert dates from DER buffer */
- WOLFSSL_ABI
- int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz)
- {
- int ret = 0;
- if (cert == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- /* Check if decodedCert is cached */
- if (cert->der != der) {
- /* Allocate cache for the decoded cert */
- ret = wc_SetCert_LoadDer(cert, der, (word32)derSz, INVALID_DEVID);
- }
- if (ret >= 0) {
- ret = SetDatesFromDcert(cert, (DecodedCert*)cert->decodedCert);
- #ifndef WOLFSSL_CERT_GEN_CACHE
- wc_SetCert_Free(cert);
- #endif
- }
- }
- return(ret);
- }
- #endif /* WOLFSSL_ALT_NAMES */
- #endif /* WOLFSSL_CERT_GEN */
- #if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) \
- || defined(OPENSSL_EXTRA)
- /* Encode OID string representation to ITU-T X.690 format */
- int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap)
- {
- word32 idx = 0, nb_val;
- char *token, *str, *ptr;
- word32 len;
- (void)heap;
- if (out == NULL || outSz == NULL || *outSz < 2 || in == NULL)
- return BAD_FUNC_ARG;
- /* duplicate string (including terminator) */
- len = (word32)XSTRLEN(in);
- str = (char *)XMALLOC(len+1, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (str == NULL)
- return MEMORY_E;
- XMEMCPY(str, in, len+1);
- nb_val = 0;
- /* parse value, and set corresponding Policy OID value */
- token = XSTRTOK(str, ".", &ptr);
- while (token != NULL)
- {
- word32 val = (word32)XATOI(token);
- if (nb_val == 0) {
- if (val > 2) {
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return ASN_OBJECT_ID_E;
- }
- out[idx] = (byte)(40 * val);
- }
- else if (nb_val == 1) {
- if (val > 127) {
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return ASN_OBJECT_ID_E;
- }
- if (idx > *outSz) {
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return BUFFER_E;
- }
- out[idx++] += (byte)val;
- }
- else {
- word32 tb = 0;
- int i = 0;
- byte oid[MAX_OID_SZ];
- while (val >= 128) {
- word32 x = val % 128;
- val /= 128;
- oid[i++] = (byte) (((tb++) ? 0x80 : 0) | x);
- }
- if ((idx+(word32)i) >= *outSz) {
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return BUFFER_E;
- }
- oid[i] = (byte) (((tb++) ? 0x80 : 0) | val);
- /* push value in the right order */
- while (i >= 0)
- out[idx++] = oid[i--];
- }
- token = XSTRTOK(NULL, ".", &ptr);
- nb_val++;
- }
- *outSz = idx;
- XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
- #endif /* WOLFSSL_CERT_EXT || OPENSSL_EXTRA */
- #endif /* !NO_CERTS */
- #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
- /* Helper function for wolfSSL_i2d_DHparams */
- int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- word32 total;
- WOLFSSL_ENTER("StoreDHparams");
- if (out == NULL) {
- WOLFSSL_MSG("Null buffer error");
- return BUFFER_E;
- }
- /* determine size */
- /* integer - g */
- idx = SetASNIntMP(g, -1, NULL);
- /* integer - p */
- idx += SetASNIntMP(p, -1, NULL);
- total = idx;
- /* sequence */
- idx += SetSequence(idx, NULL);
- /* make sure output fits in buffer */
- if (idx > *outLen) {
- return BUFFER_E;
- }
- /* write DH parameters */
- /* sequence - for P and G only */
- idx = SetSequence(total, out);
- /* integer - p */
- idx += SetASNIntMP(p, -1, out + idx);
- /* integer - g */
- idx += SetASNIntMP(g, -1, out + idx);
- *outLen = idx;
- return 0;
- #else
- ASNSetData dataASN[dhParamASN_Length];
- int ret = 0;
- int sz = 0;
- WOLFSSL_ENTER("StoreDHparams");
- if (out == NULL) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- XMEMSET(dataASN, 0, sizeof(dataASN));
- /* Set mp_int containing p and g. */
- SetASN_MP(&dataASN[DHPARAMASN_IDX_PRIME], p);
- SetASN_MP(&dataASN[DHPARAMASN_IDX_BASE], g);
- /* privateValueLength not encoded. */
- dataASN[DHPARAMASN_IDX_PRIVLEN].noOut = 1;
- /* Calculate the size of the DH parameters. */
- ret = SizeASN_Items(dhParamASN, dataASN, dhParamASN_Length, &sz);
- }
- /* Check buffer is big enough for encoding. */
- if ((ret == 0) && ((int)*outLen < sz)) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* Encode the DH parameters into buffer. */
- SetASN_Items(dhParamASN, dataASN, dhParamASN_Length, out);
- /* Set the actual encoding size. */
- *outLen = (word32)sz;
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
- #if defined(HAVE_ECC) || !defined(NO_DSA)
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for DSA signature.
- * RFC 5912, 6 - DSA-Sig-Value
- */
- static const ASNItem dsaSigASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* r */
- /* R */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* s */
- /* S */ { 1, ASN_INTEGER, 0, 0, 0 },
- };
- enum {
- DSASIGASN_IDX_SEQ = 0,
- DSASIGASN_IDX_R,
- DSASIGASN_IDX_S
- };
- #define dsaSigASN_Length (sizeof(dsaSigASN) / sizeof(ASNItem))
- #endif
- /* Der Encode r & s ints into out, outLen is (in/out) size */
- int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int rSz; /* encoding size */
- int sSz;
- int headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */
- /* If the leading bit on the INTEGER is a 1, add a leading zero */
- int rLeadingZero = mp_leading_bit(r);
- int sLeadingZero = mp_leading_bit(s);
- int rLen = mp_unsigned_bin_size(r); /* big int size */
- int sLen = mp_unsigned_bin_size(s);
- if (*outLen < (word32)((rLen + rLeadingZero + sLen + sLeadingZero +
- headerSz + 2))) /* SEQ_TAG + LEN(ENUM) */
- return BUFFER_E;
- idx = SetSequence((word32)(rLen + rLeadingZero + sLen + sLeadingZero +
- headerSz), out);
- /* store r */
- rSz = SetASNIntMP(r, (int)(*outLen - idx), &out[idx]);
- if (rSz < 0)
- return rSz;
- idx += (word32)rSz;
- /* store s */
- sSz = SetASNIntMP(s, (int)(*outLen - idx), &out[idx]);
- if (sSz < 0)
- return sSz;
- idx += (word32)sSz;
- *outLen = idx;
- return 0;
- #else
- ASNSetData dataASN[dsaSigASN_Length];
- int ret;
- int sz;
- /* Clear dynamic data and set mp_ints r and s */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- SetASN_MP(&dataASN[DSASIGASN_IDX_R], r);
- SetASN_MP(&dataASN[DSASIGASN_IDX_S], s);
- /* Calculate size of encoding. */
- ret = SizeASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, &sz);
- /* Check buffer is big enough for encoding. */
- if ((ret == 0) && ((int)*outLen < sz)) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* Encode DSA signature into buffer. */
- ret = SetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, out);
- if (ret >= 0) {
- if (ret == sz) {
- /* Set the actual encoding size. */
- *outLen = (word32)sz;
- ret = 0;
- } else {
- ret = BAD_STATE_E;
- }
- }
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* determine if leading bit is set */
- static word32 is_leading_bit_set(const byte* input, word32 sz)
- {
- byte c = 0;
- if (sz > 0)
- c = input[0];
- return (c & 0x80) != 0;
- }
- static word32 trim_leading_zeros(const byte** input, word32 sz)
- {
- int i;
- word32 leadingZeroCount = 0;
- const byte* tmp = *input;
- for (i=0; i<(int)sz; i++) {
- if (tmp[i] != 0)
- break;
- leadingZeroCount++;
- }
- /* catch all zero case */
- if (sz > 0 && leadingZeroCount == sz) {
- leadingZeroCount--;
- }
- *input += leadingZeroCount;
- sz -= leadingZeroCount;
- return sz;
- }
- #endif
- /* Der Encode r & s ints into out, outLen is (in/out) size */
- /* All input/outputs are assumed to be big-endian */
- int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen,
- const byte* s, word32 sLen)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- word32 idx;
- word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */
- word32 rAddLeadZero, sAddLeadZero;
- if ((out == NULL) || (outLen == NULL) || (r == NULL) || (s == NULL))
- return BAD_FUNC_ARG;
- /* Trim leading zeros */
- rLen = trim_leading_zeros(&r, rLen);
- sLen = trim_leading_zeros(&s, sLen);
- /* If the leading bit on the INTEGER is a 1, add a leading zero */
- /* Add leading zero if MSB is set */
- rAddLeadZero = is_leading_bit_set(r, rLen);
- sAddLeadZero = is_leading_bit_set(s, sLen);
- if (*outLen < (rLen + rAddLeadZero + sLen + sAddLeadZero +
- headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */
- return BUFFER_E;
- idx = SetSequence(rLen+rAddLeadZero + sLen+sAddLeadZero + headerSz, out);
- /* store r */
- ret = SetASNInt((int)rLen, (byte)(rAddLeadZero ? 0x80U : 0x00U), &out[idx]);
- if (ret < 0)
- return ret;
- idx += (word32)ret;
- XMEMCPY(&out[idx], r, rLen);
- idx += rLen;
- /* store s */
- ret = SetASNInt((int)sLen, (byte)(sAddLeadZero ? 0x80U : 0x00U), &out[idx]);
- if (ret < 0)
- return ret;
- idx += (word32)ret;
- XMEMCPY(&out[idx], s, sLen);
- idx += sLen;
- *outLen = idx;
- return 0;
- #else
- ASNSetData dataASN[dsaSigASN_Length];
- int ret;
- int sz;
- /* Clear dynamic data and set buffers for r and s */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- while ((rLen > 1) && (r[0] == 0)) {
- rLen--;
- r++;
- }
- while ((sLen > 1) && (s[0] == 0)) {
- sLen--;
- s++;
- }
- SetASN_Buffer(&dataASN[DSASIGASN_IDX_R], r, rLen);
- SetASN_Buffer(&dataASN[DSASIGASN_IDX_S], s, sLen);
- /* Calculate size of encoding. */
- ret = SizeASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, &sz);
- /* Check buffer is big enough for encoding. */
- if ((ret == 0) && ((int)*outLen < sz)) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- /* Encode DSA signature into buffer. */
- SetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, out);
- /* Set the actual encoding size. */
- *outLen = (word32)sz;
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- /* Der Decode ECC-DSA Signature with R/S as unsigned bin */
- /* All input/outputs are assumed to be big-endian */
- int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
- byte* s, word32* sLen)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- word32 idx = 0;
- int len = 0;
- if (GetSequence(sig, &idx, &len, sigLen) < 0) {
- return ASN_ECC_KEY_E;
- }
- #ifndef NO_STRICT_ECDSA_LEN
- /* enable strict length checking for signature */
- if (sigLen != idx + (word32)len) {
- return ASN_ECC_KEY_E;
- }
- #else
- /* allow extra signature bytes at end */
- if ((word32)len > (sigLen - idx)) {
- return ASN_ECC_KEY_E;
- }
- #endif
- ret = GetASNInt(sig, &idx, &len, sigLen);
- if (ret != 0)
- return ret;
- if (rLen)
- *rLen = (word32)len;
- if (r)
- XMEMCPY(r, (byte*)sig + idx, (size_t)len);
- idx += (word32)len;
- ret = GetASNInt(sig, &idx, &len, sigLen);
- if (ret != 0)
- return ret;
- if (sLen)
- *sLen = (word32)len;
- if (s)
- XMEMCPY(s, (byte*)sig + idx, (size_t)len);
- #ifndef NO_STRICT_ECDSA_LEN
- /* sanity check that the index has been advanced all the way to the end of
- * the buffer */
- if (idx + (word32)len != sigLen) {
- ret = ASN_ECC_KEY_E;
- }
- #endif
- return ret;
- #else
- ASNGetData dataASN[dsaSigASN_Length];
- word32 idx = 0;
- /* Clear dynamic data and set buffers to put r and s into. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- GetASN_Buffer(&dataASN[DSASIGASN_IDX_R], r, rLen);
- GetASN_Buffer(&dataASN[DSASIGASN_IDX_S], s, sLen);
- /* Decode the DSA signature. */
- return GetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, 1, sig, &idx,
- sigLen);
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s)
- {
- return DecodeECC_DSA_Sig_Ex(sig, sigLen, r, s, 1);
- }
- int DecodeECC_DSA_Sig_Ex(const byte* sig, word32 sigLen, mp_int* r, mp_int* s,
- int init)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int len = 0;
- if (GetSequence(sig, &idx, &len, sigLen) < 0) {
- return ASN_ECC_KEY_E;
- }
- #ifndef NO_STRICT_ECDSA_LEN
- /* enable strict length checking for signature */
- if (sigLen != idx + (word32)len) {
- return ASN_ECC_KEY_E;
- }
- #else
- /* allow extra signature bytes at end */
- if ((word32)len > (sigLen - idx)) {
- return ASN_ECC_KEY_E;
- }
- #endif
- if (GetIntPositive(r, sig, &idx, sigLen, init) < 0) {
- return ASN_ECC_KEY_E;
- }
- if (GetIntPositive(s, sig, &idx, sigLen, init) < 0) {
- mp_clear(r);
- return ASN_ECC_KEY_E;
- }
- #ifndef NO_STRICT_ECDSA_LEN
- /* sanity check that the index has been advanced all the way to the end of
- * the buffer */
- if (idx != sigLen) {
- mp_clear(r);
- mp_clear(s);
- return ASN_ECC_KEY_E;
- }
- #endif
- return 0;
- #else
- ASNGetData dataASN[dsaSigASN_Length];
- word32 idx = 0;
- int ret;
- /* Clear dynamic data and set mp_ints to put r and s into. */
- XMEMSET(dataASN, 0, sizeof(dataASN));
- if (init) {
- GetASN_MP(&dataASN[DSASIGASN_IDX_R], r);
- GetASN_MP(&dataASN[DSASIGASN_IDX_S], s);
- }
- else {
- GetASN_MP_Inited(&dataASN[DSASIGASN_IDX_R], r);
- GetASN_MP_Inited(&dataASN[DSASIGASN_IDX_S], s);
- }
- /* Decode the DSA signature. */
- ret = GetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, 0, sig, &idx,
- sigLen);
- if (ret != 0) {
- ret = ASN_ECC_KEY_E;
- }
- #ifndef NO_STRICT_ECDSA_LEN
- /* sanity check that the index has been advanced all the way to the end of
- * the buffer */
- if ((ret == 0) && (idx != sigLen)) {
- ret = ASN_ECC_KEY_E;
- }
- #endif
- if (ret != 0) {
- mp_clear(r);
- mp_clear(s);
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif
- #ifdef WOLFSSL_ASN_TEMPLATE
- #if defined(HAVE_ECC) && defined(WOLFSSL_CUSTOM_CURVES)
- /* Convert data to hex string.
- *
- * Big-endian byte array is converted to big-endian hexadecimal string.
- *
- * @param [in] input Buffer containing data.
- * @param [in] inSz Size of data in buffer.
- * @param [out] out Buffer to hold hex string.
- */
- static void DataToHexString(const byte* input, word32 inSz, char* out)
- {
- static const char hexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
- word32 i;
- /* Converting a byte of data at a time to two hex characters. */
- for (i = 0; i < inSz; i++) {
- out[i*2 + 0] = hexChar[input[i] >> 4];
- out[i*2 + 1] = hexChar[input[i] & 0xf];
- }
- /* NUL terminate string. */
- out[i * 2] = '\0';
- }
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- /* Convert data to hex string and place in allocated buffer.
- *
- * Big-endian byte array is converted to big-endian hexadecimal string.
- *
- * @param [in] input Buffer containing data.
- * @param [in] inSz Size of data in buffer.
- * @param [out] out Allocated buffer holding hex string.
- * @param [in] heap Dynamic memory allocation hint.
- * @param [in] heapType Type of heap to use.
- * @return 0 on success.
- * @return MEMORY_E when dynamic memory allocation fails.
- */
- static int DataToHexStringAlloc(const byte* input, word32 inSz, char** out,
- void* heap, int heapType)
- {
- int ret = 0;
- char* str;
- /* Allocate for 2 string characters ber byte plus NUL. */
- str = (char*)XMALLOC(inSz * 2 + 1, heap, heapType);
- if (str == NULL) {
- ret = MEMORY_E;
- }
- else {
- /* Convert to hex string. */
- DataToHexString(input, inSz, str);
- *out = str;
- }
- (void)heap;
- (void)heapType;
- return ret;
- }
- #endif /* WOLFSSL_ECC_CURVE_STATIC */
- /* ASN.1 template for SpecifiedECDomain.
- * SEC 1 Ver. 2.0, C.2 - Syntax for Elliptic Curve Domain Parameters
- * NOTE: characteristic-two-field not supported. */
- static const ASNItem eccSpecifiedASN[] = {
- /* version */
- /* VER */ { 0, ASN_INTEGER, 0, 0, 0 },
- /* fieldID */
- /* PRIME_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* prime-field or characteristic-two-field */
- /* PRIME_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 },
- /* Prime-p */
- /* PRIME_P */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* fieldID */
- /* PARAM_SEQ, */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* a */
- /* PARAM_A */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- /* b */
- /* PARAM_B */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- /* seed */
- /* PARAM_SEED */ { 1, ASN_BIT_STRING, 0, 0, 1 },
- /* base */
- /* BASE */ { 0, ASN_OCTET_STRING, 0, 0, 0 },
- /* order */
- /* ORDER */ { 0, ASN_INTEGER, 0, 0, 0 },
- /* cofactor */
- /* COFACTOR */ { 0, ASN_INTEGER, 0, 0, 1 },
- /* hash */
- /* HASH_SEQ */ { 0, ASN_SEQUENCE, 0, 0, 1 },
- };
- enum {
- ECCSPECIFIEDASN_IDX_VER = 0,
- ECCSPECIFIEDASN_IDX_PRIME_SEQ,
- ECCSPECIFIEDASN_IDX_PRIME_OID,
- ECCSPECIFIEDASN_IDX_PRIME_P,
- ECCSPECIFIEDASN_IDX_PARAM_SEQ,
- ECCSPECIFIEDASN_IDX_PARAM_A,
- ECCSPECIFIEDASN_IDX_PARAM_B,
- ECCSPECIFIEDASN_IDX_PARAM_SEED,
- ECCSPECIFIEDASN_IDX_BASE,
- ECCSPECIFIEDASN_IDX_ORDER,
- ECCSPECIFIEDASN_IDX_COFACTOR,
- ECCSPECIFIEDASN_IDX_HASH_SEQ
- };
- /* Number of items in ASN.1 template for SpecifiedECDomain. */
- #define eccSpecifiedASN_Length (sizeof(eccSpecifiedASN) / sizeof(ASNItem))
- /* OID indicating the prime field is explicitly defined. */
- static const byte primeFieldOID[] = {
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01
- };
- static const char ecSetCustomName[] = "Custom";
- /* Explicit EC parameter values. */
- static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
- ecc_key* key, void* heap, int* curveSz)
- {
- DECL_ASNGETDATA(dataASN, eccSpecifiedASN_Length);
- int ret = 0;
- ecc_set_type* curve = NULL;
- word32 idx = 0;
- byte version = 0;
- byte cofactor = 0;
- const byte *base = NULL;
- word32 baseLen = 0;
- /* Allocate a new parameter set. */
- curve = (ecc_set_type*)XMALLOC(sizeof(*curve), heap,
- DYNAMIC_TYPE_ECC_BUFFER);
- if (curve == NULL) {
- ret = MEMORY_E;
- }
- else {
- /* Clear out parameters and set fields to indicate it is custom. */
- XMEMSET(curve, 0, sizeof(*curve));
- }
- CALLOC_ASNGETDATA(dataASN, eccSpecifiedASN_Length, ret, heap);
- if (ret == 0) {
- /* Set name to be: "Custom" */
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- curve->name = ecSetCustomName;
- #else
- XMEMCPY((void*)curve->name, ecSetCustomName, sizeof(ecSetCustomName));
- #endif
- curve->id = ECC_CURVE_CUSTOM;
- /* Get version, must have prime field OID and get co-factor. */
- GetASN_Int8Bit(&dataASN[ECCSPECIFIEDASN_IDX_VER], &version);
- GetASN_ExpBuffer(&dataASN[ECCSPECIFIEDASN_IDX_PRIME_OID],
- primeFieldOID, sizeof(primeFieldOID));
- GetASN_Int8Bit(&dataASN[ECCSPECIFIEDASN_IDX_COFACTOR], &cofactor);
- /* Decode the explicit parameters. */
- ret = GetASN_Items(eccSpecifiedASN, dataASN, eccSpecifiedASN_Length, 1,
- input, &idx, inSz);
- }
- /* Version must be 1 or 2 for supporting explicit parameters. */
- if ((ret == 0) && (version < 1 || version > 3)) {
- ret = ASN_PARSE_E;
- }
- #ifndef WOLFSSL_NO_ASN_STRICT
- /* Only version 2 and above can have a seed. */
- if (ret == 0) {
- if ((dataASN[ECCSPECIFIEDASN_IDX_PARAM_SEED].tag != 0) &&
- (version < 2)) {
- ret = ASN_PARSE_E;
- }
- }
- #endif
- /* Only version 2 and above can have a hash algorithm. */
- if (ret == 0) {
- if ((dataASN[ECCSPECIFIEDASN_IDX_HASH_SEQ].tag != 0) &&
- (version < 2)) {
- ret = ASN_PARSE_E;
- }
- }
- if ((ret == 0) && (dataASN[ECCSPECIFIEDASN_IDX_COFACTOR].tag != 0)) {
- /* Store optional co-factor. */
- curve->cofactor = cofactor;
- }
- if (ret == 0) {
- /* Length of the prime in bytes is the curve size. */
- curve->size =
- (int)dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length;
- /* Base point: 0x04 <x> <y> (must be uncompressed). */
- GetASN_GetConstRef(&dataASN[ECCSPECIFIEDASN_IDX_BASE], &base,
- &baseLen);
- if ((baseLen < (word32)curve->size * 2 + 1) || (base[0] != 0x4)) {
- ret = ASN_PARSE_E;
- }
- }
- /* Put the curve parameters into the set.
- * Convert the big-endian number byte array to a big-endian string.
- */
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- /* Allocate buffer to put hex strings into. */
- if (ret == 0) {
- /* Base X-ordinate */
- ret = DataToHexStringAlloc(base + 1, (word32)curve->size,
- (char**)&curve->Gx, heap,
- DYNAMIC_TYPE_ECC_BUFFER);
- }
- if (ret == 0) {
- /* Base Y-ordinate */
- ret = DataToHexStringAlloc(base + 1 + curve->size, (word32)curve->size,
- (char**)&curve->Gy, heap,
- DYNAMIC_TYPE_ECC_BUFFER);
- }
- if (ret == 0) {
- /* Prime */
- ret = DataToHexStringAlloc(
- dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data,
- dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length,
- (char**)&curve->prime, heap, DYNAMIC_TYPE_ECC_BUFFER);
- }
- if (ret == 0) {
- /* Parameter A */
- ret = DataToHexStringAlloc(
- dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.data,
- dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.length,
- (char**)&curve->Af, heap, DYNAMIC_TYPE_ECC_BUFFER);
- }
- if (ret == 0) {
- /* Parameter B */
- ret = DataToHexStringAlloc(
- dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.data,
- dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.length,
- (char**)&curve->Bf, heap, DYNAMIC_TYPE_ECC_BUFFER);
- }
- if (ret == 0) {
- /* Order of curve */
- ret = DataToHexStringAlloc(
- dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.data,
- dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.length,
- (char**)&curve->order, heap, DYNAMIC_TYPE_ECC_BUFFER);
- }
- #else
- if (ret == 0) {
- /* Base X-ordinate */
- DataToHexString(base + 1, curve->size, curve->Gx);
- /* Base Y-ordinate */
- DataToHexString(base + 1 + curve->size, curve->size, curve->Gy);
- /* Prime */
- DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data,
- dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length,
- curve->prime);
- /* Parameter A */
- DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.data,
- dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.length,
- curve->Af);
- /* Parameter B */
- DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.data,
- dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.length,
- curve->Bf);
- /* Order of curve */
- DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.data,
- dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.length,
- curve->order);
- }
- #endif /* WOLFSSL_ECC_CURVE_STATIC */
- if (key) {
- /* Store parameter set in key. */
- if ((ret == 0) && (wc_ecc_set_custom_curve(key, curve) < 0)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- /* The parameter set was allocated.. */
- key->deallocSet = 1;
- }
- }
- if ((ret == 0) && (curveSz)) {
- *curveSz = curve->size;
- }
- if ((ret != 0) && (curve != NULL)) {
- /* Failed to set parameters so free parameter set. */
- wc_ecc_free_curve(curve, heap);
- }
- FREE_ASNGETDATA(dataASN, heap);
- return ret;
- }
- #endif /* WOLFSSL_CUSTOM_CURVES */
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #ifdef HAVE_ECC
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for ECC private key.
- * SEC.1 Ver 2.0, C.4 - Syntax for Elliptic Curve Private Keys
- */
- static const ASNItem eccKeyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* version */
- /* VER */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* privateKey */
- /* PKEY */ { 1, ASN_OCTET_STRING, 0, 0, 0 },
- /* parameters */
- /* PARAMS */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ECC_PARAMS, 1, 1, 1 },
- /* named */
- /* CURVEID */ { 2, ASN_OBJECT_ID, 0, 0, 2 },
- /* specified */
- /* CURVEPARAMS */ { 2, ASN_SEQUENCE, 1, 0, 2 },
- /* publicKey */
- /* PUBKEY */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ECC_PUBKEY, 1, 1, 1 },
- /* Uncompressed point - X9.62. */
- /* PUBKEY_VAL, */ { 2, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- ECCKEYASN_IDX_SEQ = 0,
- ECCKEYASN_IDX_VER,
- ECCKEYASN_IDX_PKEY,
- ECCKEYASN_IDX_PARAMS,
- ECCKEYASN_IDX_CURVEID,
- ECCKEYASN_IDX_CURVEPARAMS,
- ECCKEYASN_IDX_PUBKEY,
- ECCKEYASN_IDX_PUBKEY_VAL
- };
- /* Number of items in ASN.1 template for ECC private key. */
- #define eccKeyASN_Length (sizeof(eccKeyASN) / sizeof(ASNItem))
- #endif
- WOLFSSL_ABI
- int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
- word32 inSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 oidSum;
- int version, length;
- int privSz, pubSz = 0;
- byte b;
- int ret = 0;
- int curve_id = ECC_CURVE_DEF;
- #ifdef WOLFSSL_SMALL_STACK
- byte* priv;
- byte* pub = NULL;
- #else
- byte priv[ECC_MAXSIZE+1];
- byte pub[2*(ECC_MAXSIZE+1)]; /* public key has two parts plus header */
- #endif
- word32 algId = 0;
- byte* pubData = NULL;
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
- return BAD_FUNC_ARG;
- /* if has pkcs8 header skip it */
- if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) {
- /* ignore error, did not have pkcs8 header */
- }
- else {
- curve_id = wc_ecc_get_oid(algId, NULL, NULL);
- }
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
- return ASN_PARSE_E;
- if (*inOutIdx >= inSz)
- return ASN_PARSE_E;
- b = input[*inOutIdx];
- *inOutIdx += 1;
- /* priv type */
- if (b != 4 && b != 6 && b != 7)
- return ASN_PARSE_E;
- if (GetLength(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- privSz = length;
- if (privSz > ECC_MAXSIZE)
- return BUFFER_E;
- #ifdef WOLFSSL_SMALL_STACK
- priv = (byte*)XMALLOC(privSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL)
- return MEMORY_E;
- #endif
- /* priv key */
- XMEMCPY(priv, &input[*inOutIdx], (size_t)privSz);
- *inOutIdx += (word32)length;
- if ((*inOutIdx + 1) < inSz) {
- /* prefix 0, may have */
- b = input[*inOutIdx];
- if (b == ECC_PREFIX_0) {
- *inOutIdx += 1;
- if (GetLength(input, inOutIdx, &length, inSz) <= 0)
- ret = ASN_PARSE_E;
- else {
- ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType,
- inSz);
- if (ret == 0) {
- if ((ret = CheckCurve(oidSum)) < 0)
- ret = ECC_CURVE_OID_E;
- else {
- curve_id = ret;
- ret = 0;
- }
- }
- }
- }
- }
- if (ret == 0 && (*inOutIdx + 1) < inSz) {
- /* prefix 1 */
- b = input[*inOutIdx];
- *inOutIdx += 1;
- if (b != ECC_PREFIX_1) {
- ret = ASN_ECC_KEY_E;
- }
- else if (GetLength(input, inOutIdx, &length, inSz) <= 0) {
- ret = ASN_PARSE_E;
- }
- else {
- /* key header */
- ret = CheckBitString(input, inOutIdx, &length, inSz, 0, NULL);
- if (ret == 0) {
- /* pub key */
- pubSz = length;
- if (pubSz > 2*(ECC_MAXSIZE+1))
- ret = BUFFER_E;
- else {
- #ifdef WOLFSSL_SMALL_STACK
- pub = (byte*)XMALLOC(pubSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- ret = MEMORY_E;
- else
- #endif
- {
- XMEMCPY(pub, &input[*inOutIdx], (size_t)pubSz);
- *inOutIdx += (word32)length;
- pubData = pub;
- }
- }
- }
- }
- }
- if (ret == 0) {
- ret = wc_ecc_import_private_key_ex(priv, (word32)privSz, pubData,
- (word32)pubSz, key, curve_id);
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- #else
- DECL_ASNGETDATA(dataASN, eccKeyASN_Length);
- byte version = 0;
- int ret = 0;
- int curve_id = ECC_CURVE_DEF;
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
- word32 algId = 0;
- #endif
- /* Validate parameters. */
- if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) {
- ret = BAD_FUNC_ARG;
- }
- #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
- /* if has pkcs8 header skip it */
- if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) {
- /* ignore error, did not have pkcs8 header */
- }
- else {
- curve_id = wc_ecc_get_oid(algId, NULL, NULL);
- }
- #endif
- CALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- /* Get the version and set the expected OID type. */
- GetASN_Int8Bit(&dataASN[ECCKEYASN_IDX_VER], &version);
- GetASN_OID(&dataASN[ECCKEYASN_IDX_CURVEID], oidCurveType);
- /* Decode the private ECC key. */
- ret = GetASN_Items(eccKeyASN, dataASN, eccKeyASN_Length, 1, input,
- inOutIdx, inSz);
- }
- /* Only version 1 supported. */
- if (ret == 0) {
- if (version != 1) {
- ret = ASN_PARSE_E;
- }
- }
- /* Curve Parameters are optional. */
- if ((ret == 0) && (dataASN[ECCKEYASN_IDX_PARAMS].tag != 0)) {
- if (dataASN[ECCKEYASN_IDX_CURVEID].tag != 0) {
- /* Named curve - check and get id. */
- curve_id = CheckCurve(dataASN[ECCKEYASN_IDX_CURVEID].data.oid.sum);
- if (curve_id < 0) {
- ret = ECC_CURVE_OID_E;
- }
- }
- else {
- #ifdef WOLFSSL_CUSTOM_CURVES
- /* Parse explicit parameters. */
- ret = EccSpecifiedECDomainDecode(
- dataASN[ECCKEYASN_IDX_CURVEPARAMS].data.ref.data,
- dataASN[ECCKEYASN_IDX_CURVEPARAMS].data.ref.length, key,
- key->heap, NULL);
- #else
- /* Explicit parameters not supported in build configuration. */
- ret = ASN_PARSE_E;
- #endif
- }
- }
- if (ret == 0) {
- /* Import private key value and public point (may be NULL). */
- ret = wc_ecc_import_private_key_ex(
- dataASN[ECCKEYASN_IDX_PKEY].data.ref.data,
- dataASN[ECCKEYASN_IDX_PKEY].data.ref.length,
- dataASN[ECCKEYASN_IDX_PUBKEY_VAL].data.ref.data,
- dataASN[ECCKEYASN_IDX_PUBKEY_VAL].data.ref.length,
- key, curve_id);
- }
- FREE_ASNGETDATA(dataASN, key->heap);
- return ret;
- #endif
- }
- #ifdef WOLFSSL_CUSTOM_CURVES
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* returns 0 on success */
- static int ASNToHexString(const byte* input, word32* inOutIdx, char** out,
- word32 inSz, void* heap, int heapType)
- {
- int len;
- int i;
- char* str;
- word32 localIdx;
- byte tag;
- if (*inOutIdx >= inSz) {
- return BUFFER_E;
- }
- localIdx = *inOutIdx;
- if (GetASNTag(input, &localIdx, &tag, inSz) == 0 && tag == ASN_INTEGER) {
- if (GetASNInt(input, inOutIdx, &len, inSz) < 0)
- return ASN_PARSE_E;
- }
- else {
- if (GetOctetString(input, inOutIdx, &len, inSz) < 0)
- return ASN_PARSE_E;
- }
- str = (char*)XMALLOC((size_t)len * 2 + 1, heap, heapType);
- if (str == NULL) {
- return MEMORY_E;
- }
- for (i=0; i<len; i++)
- ByteToHexStr(input[*inOutIdx + (word32)i], str + i*2);
- str[len*2] = '\0';
- *inOutIdx += (word32)len;
- *out = str;
- (void)heap;
- (void)heapType;
- return 0;
- }
- static int EccKeyParamCopy(char** dst, char* src, void* heap)
- {
- int ret = 0;
- #ifdef WOLFSSL_ECC_CURVE_STATIC
- word32 length;
- #endif
- if (dst == NULL || src == NULL)
- return BAD_FUNC_ARG;
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- *dst = src;
- #else
- length = (int)XSTRLEN(src) + 1;
- if (length > MAX_ECC_STRING) {
- WOLFSSL_MSG("ECC Param too large for buffer");
- ret = BUFFER_E;
- }
- else {
- XSTRNCPY(*dst, src, MAX_ECC_STRING);
- }
- XFREE(src, heap, DYNAMIC_TYPE_ECC_BUFFER);
- #endif
- (void)heap;
- return ret;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #endif /* WOLFSSL_CUSTOM_CURVES */
- WOLFSSL_ABI
- int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
- ecc_key* key, word32 inSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- int version, length;
- int curve_id = ECC_CURVE_DEF;
- word32 oidSum, localIdx;
- byte tag, isPrivFormat = 0;
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
- return BAD_FUNC_ARG;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- /* Check if ECC private key is being used and skip private portion */
- if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) {
- isPrivFormat = 1;
- /* Type private key */
- if (*inOutIdx >= inSz)
- return ASN_PARSE_E;
- tag = input[*inOutIdx];
- *inOutIdx += 1;
- if (tag != 4 && tag != 6 && tag != 7)
- return ASN_PARSE_E;
- /* Skip Private Key */
- if (GetLength(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (length > ECC_MAXSIZE)
- return BUFFER_E;
- *inOutIdx += (word32)length;
- /* Private Curve Header */
- if (*inOutIdx >= inSz)
- return ASN_PARSE_E;
- tag = input[*inOutIdx];
- *inOutIdx += 1;
- if (tag != ECC_PREFIX_0)
- return ASN_ECC_KEY_E;
- if (GetLength(input, inOutIdx, &length, inSz) <= 0)
- return ASN_PARSE_E;
- }
- /* Standard ECC public key */
- else {
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- ret = SkipObjectId(input, inOutIdx, inSz);
- if (ret != 0)
- return ret;
- }
- if (*inOutIdx >= inSz) {
- return BUFFER_E;
- }
- localIdx = *inOutIdx;
- if (GetASNTag(input, &localIdx, &tag, inSz) == 0 &&
- tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
- #ifdef WOLFSSL_CUSTOM_CURVES
- ecc_set_type* curve;
- int len;
- char* point = NULL;
- ret = 0;
- curve = (ecc_set_type*)XMALLOC(sizeof(*curve), key->heap,
- DYNAMIC_TYPE_ECC_BUFFER);
- if (curve == NULL)
- ret = MEMORY_E;
- if (ret == 0) {
- static const char customName[] = "Custom";
- XMEMSET(curve, 0, sizeof(*curve));
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- curve->name = customName;
- #else
- XMEMCPY((void*)curve->name, customName, sizeof(customName));
- #endif
- curve->id = ECC_CURVE_CUSTOM;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- GetInteger7Bit(input, inOutIdx, inSz);
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- char* p = NULL;
- SkipObjectId(input, inOutIdx, inSz);
- ret = ASNToHexString(input, inOutIdx, &p, inSz,
- key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- if (ret == 0) {
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- ret = EccKeyParamCopy((char**)&curve->prime, p, key->heap);
- #else
- const char *_tmp_ptr = &curve->prime[0];
- ret = EccKeyParamCopy((char**)&_tmp_ptr, p, key->heap);
- #endif
- }
- }
- if (ret == 0) {
- curve->size = (int)XSTRLEN(curve->prime) / 2;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- char* af = NULL;
- ret = ASNToHexString(input, inOutIdx, &af, inSz,
- key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- if (ret == 0) {
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- ret = EccKeyParamCopy((char**)&curve->Af, af, key->heap);
- #else
- const char *_tmp_ptr = &curve->Af[0];
- ret = EccKeyParamCopy((char**)&_tmp_ptr, af, key->heap);
- #endif
- }
- }
- if (ret == 0) {
- char* bf = NULL;
- ret = ASNToHexString(input, inOutIdx, &bf, inSz,
- key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- if (ret == 0) {
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- ret = EccKeyParamCopy((char**)&curve->Bf, bf, key->heap);
- #else
- const char *_tmp_ptr = &curve->Bf[0];
- ret = EccKeyParamCopy((char**)&_tmp_ptr, bf, key->heap);
- #endif
- }
- }
- if (ret == 0) {
- localIdx = *inOutIdx;
- if (*inOutIdx < inSz && GetASNTag(input, &localIdx, &tag, inSz)
- == 0 && tag == ASN_BIT_STRING) {
- len = 0;
- ret = GetASNHeader(input, ASN_BIT_STRING, inOutIdx, &len, inSz);
- if (ret > 0)
- ret = 0; /* reset on success */
- *inOutIdx += (word32)len;
- }
- }
- if (ret == 0) {
- ret = ASNToHexString(input, inOutIdx, (char**)&point, inSz,
- key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- /* sanity check that point buffer is not smaller than the expected
- * size to hold ( 0 4 || Gx || Gy )
- * where Gx and Gy are each the size of curve->size * 2 */
- if (ret == 0 && (int)XSTRLEN(point) < (curve->size * 4) + 2) {
- XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- ret = BUFFER_E;
- }
- }
- if (ret == 0) {
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- curve->Gx = (const char*)XMALLOC((size_t)curve->size * 2 + 2,
- key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- curve->Gy = (const char*)XMALLOC((size_t)curve->size * 2 + 2,
- key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- if (curve->Gx == NULL || curve->Gy == NULL) {
- XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- ret = MEMORY_E;
- }
- #else
- if (curve->size * 2 + 2 > MAX_ECC_STRING) {
- WOLFSSL_MSG("curve size is too large to fit in buffer");
- ret = BUFFER_E;
- }
- #endif
- }
- if (ret == 0) {
- char* o = NULL;
- XMEMCPY((char*)curve->Gx, point + 2, (size_t)curve->size * 2);
- XMEMCPY((char*)curve->Gy, point + curve->size * 2 + 2,
- (size_t)curve->size * 2);
- ((char*)curve->Gx)[curve->size * 2] = '\0';
- ((char*)curve->Gy)[curve->size * 2] = '\0';
- XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- ret = ASNToHexString(input, inOutIdx, &o, inSz,
- key->heap, DYNAMIC_TYPE_ECC_BUFFER);
- if (ret == 0) {
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- ret = EccKeyParamCopy((char**)&curve->order, o, key->heap);
- #else
- const char *_tmp_ptr = &curve->order[0];
- ret = EccKeyParamCopy((char**)&_tmp_ptr, o, key->heap);
- #endif
- }
- }
- if (ret == 0) {
- curve->cofactor = GetInteger7Bit(input, inOutIdx, inSz);
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- curve->oid = NULL;
- #else
- XMEMSET((void*)curve->oid, 0, sizeof(curve->oid));
- #endif
- curve->oidSz = 0;
- curve->oidSum = 0;
- if (wc_ecc_set_custom_curve(key, curve) < 0) {
- ret = ASN_PARSE_E;
- }
- key->deallocSet = 1;
- curve = NULL;
- }
- if (curve != NULL)
- wc_ecc_free_curve(curve, key->heap);
- if (ret < 0)
- return ret;
- #else
- return ASN_PARSE_E;
- #endif /* WOLFSSL_CUSTOM_CURVES */
- }
- else {
- /* ecc params information */
- ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, inSz);
- if (ret != 0)
- return ret;
- /* get curve id */
- if ((ret = CheckCurve(oidSum)) < 0)
- return ECC_CURVE_OID_E;
- else {
- curve_id = ret;
- }
- }
- if (isPrivFormat) {
- /* Public Curve Header - skip */
- if (*inOutIdx >= inSz)
- return ASN_PARSE_E;
- tag = input[*inOutIdx];
- *inOutIdx += 1;
- if (tag != ECC_PREFIX_1)
- return ASN_ECC_KEY_E;
- if (GetLength(input, inOutIdx, &length, inSz) <= 0)
- return ASN_PARSE_E;
- }
- /* key header */
- ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL);
- if (ret != 0)
- return ret;
- /* This is the raw point data compressed or uncompressed. */
- if (wc_ecc_import_x963_ex(input + *inOutIdx, (word32)length, key,
- curve_id) != 0) {
- return ASN_ECC_KEY_E;
- }
- *inOutIdx += (word32)length;
- return 0;
- #else
- /* eccKeyASN is longer than eccPublicKeyASN. */
- DECL_ASNGETDATA(dataASN, eccKeyASN_Length);
- int ret = 0;
- int curve_id = ECC_CURVE_DEF;
- int oidIdx = ECCPUBLICKEYASN_IDX_ALGOID_CURVEID;
- #ifdef WOLFSSL_CUSTOM_CURVES
- int specIdx = ECCPUBLICKEYASN_IDX_ALGOID_PARAMS;
- #endif
- int pubIdx = ECCPUBLICKEYASN_IDX_PUBKEY;
- if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) {
- ret = BAD_FUNC_ARG;
- }
- ALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- /* Clear dynamic data for ECC public key. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * eccPublicKeyASN_Length);
- #if !defined(WOLFSSL_SM2) || !defined(WOLFSSL_SM3)
- /* Set required ECDSA OID and ignore the curve OID type. */
- GetASN_ExpBuffer(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], keyEcdsaOid,
- sizeof(keyEcdsaOid));
- #else
- GetASN_OID(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], oidKeyType);
- #endif
- GetASN_OID(&dataASN[oidIdx], oidCurveType);
- /* Decode the public ECC key. */
- ret = GetASN_Items(eccPublicKeyASN, dataASN, eccPublicKeyASN_Length, 1,
- input, inOutIdx, inSz);
- if (ret != 0) {
- oidIdx = ECCKEYASN_IDX_CURVEID;
- #ifdef WOLFSSL_CUSTOM_CURVES
- specIdx = ECCKEYASN_IDX_CURVEPARAMS;
- #endif
- pubIdx = ECCKEYASN_IDX_PUBKEY_VAL;
- /* Clear dynamic data for ECC private key. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * eccKeyASN_Length);
- /* Check named curve OID type. */
- GetASN_OID(&dataASN[oidIdx], oidCurveType);
- /* Try private key format .*/
- ret = GetASN_Items(eccKeyASN, dataASN, eccKeyASN_Length, 1, input,
- inOutIdx, inSz);
- if (ret != 0) {
- ret = ASN_PARSE_E;
- }
- }
- }
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- if ((ret == 0) && (oidIdx == ECCPUBLICKEYASN_IDX_ALGOID_CURVEID)) {
- int oidSum = dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID].data.oid.sum;
- if ((oidSum != ECDSAk) && (oidSum != SM2k)) {
- ret = ASN_PARSE_E;
- }
- }
- #endif
- if (ret == 0) {
- if (dataASN[oidIdx].tag != 0) {
- /* Named curve - check and get id. */
- curve_id = CheckCurve(dataASN[oidIdx].data.oid.sum);
- if (curve_id < 0) {
- ret = ASN_OBJECT_ID_E;
- }
- }
- else {
- #ifdef WOLFSSL_CUSTOM_CURVES
- /* Parse explicit parameters. */
- ret = EccSpecifiedECDomainDecode(dataASN[specIdx].data.ref.data,
- dataASN[specIdx].data.ref.length, key,
- key->heap, NULL);
- #else
- /* Explicit parameters not supported in build configuration. */
- ret = ASN_PARSE_E;
- #endif
- }
- }
- if (ret == 0) {
- /* Import public point. */
- ret = wc_ecc_import_x963_ex(dataASN[pubIdx].data.ref.data,
- dataASN[pubIdx].data.ref.length, key, curve_id);
- if (ret != 0) {
- ret = ASN_ECC_KEY_E;
- }
- }
- FREE_ASNGETDATA(dataASN, key->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
- /* build DER formatted ECC key, include optional public key if requested,
- * return length on success, negative on error */
- int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
- int pubIn, int curveIn)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- byte curve[MAX_ALGO_SZ+2];
- byte ver[MAX_VERSION_SZ];
- byte seq[MAX_SEQ_SZ];
- int ret, curveSz, verSz;
- word32 totalSz;
- int privHdrSz = ASN_ECC_HEADER_SZ;
- int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ;
- #ifdef WOLFSSL_NO_MALLOC
- byte prv[MAX_ECC_BYTES + ASN_ECC_HEADER_SZ + MAX_SEQ_SZ];
- byte pub[(MAX_ECC_BYTES * 2) + 1 + ASN_ECC_CONTEXT_SZ +
- ASN_ECC_HEADER_SZ + MAX_SEQ_SZ];
- #else
- byte *prv = NULL, *pub = NULL;
- #endif
- word32 idx = 0, prvidx = 0, pubidx = 0, curveidx = 0;
- word32 seqSz, privSz, pubSz = ECC_BUFSIZE;
- if (key == NULL || (output == NULL && inLen == NULL))
- return BAD_FUNC_ARG;
- if (curveIn) {
- /* curve */
- curve[curveidx++] = ECC_PREFIX_0;
- curveidx++ /* to put the size after computation */;
- curveSz = SetCurve(key, curve+curveidx, MAX_ALGO_SZ);
- if (curveSz < 0)
- return curveSz;
- /* set computed size */
- curve[1] = (byte)curveSz;
- curveidx += (word32)curveSz;
- }
- /* private */
- privSz = (word32)key->dp->size;
- #ifdef WOLFSSL_QNX_CAAM
- /* check if is a black key, and add MAC size if needed */
- if (key->blackKey > 0 && key->blackKey != CAAM_BLACK_KEY_ECB) {
- privSz = privSz + WC_CAAM_MAC_SZ;
- }
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- prv = (byte*)XMALLOC(privSz + (word32)privHdrSz + MAX_SEQ_SZ,
- key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (prv == NULL) {
- return MEMORY_E;
- }
- #else
- if (sizeof(prv) < privSz + privHdrSz + MAX_SEQ_SZ) {
- return BUFFER_E;
- }
- #endif
- if (privSz < ASN_LONG_LENGTH) {
- prvidx += SetOctetString8Bit(privSz, &prv[prvidx]);
- }
- else {
- prvidx += SetOctetString(privSz, &prv[prvidx]);
- }
- ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz);
- if (ret < 0) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- prvidx += privSz;
- /* pubIn */
- if (pubIn) {
- PRIVATE_KEY_UNLOCK();
- ret = wc_ecc_export_x963(key, NULL, &pubSz);
- PRIVATE_KEY_LOCK();
- if (ret != LENGTH_ONLY_E) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #ifndef WOLFSSL_NO_MALLOC
- pub = (byte*)XMALLOC(pubSz + (word32)pubHdrSz + MAX_SEQ_SZ,
- key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL) {
- XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return MEMORY_E;
- }
- #else
- if (sizeof(pub) < pubSz + pubHdrSz + MAX_SEQ_SZ) {
- return BUFFER_E;
- }
- #endif
- pub[pubidx++] = ECC_PREFIX_1;
- if (pubSz > 128) /* leading zero + extra size byte */
- pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 2, pub+pubidx);
- else /* leading zero */
- pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 1, pub+pubidx);
- /* SetBitString adds leading zero */
- pubidx += SetBitString(pubSz, 0, pub + pubidx);
- PRIVATE_KEY_UNLOCK();
- ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz);
- PRIVATE_KEY_LOCK();
- if (ret != 0) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- pubidx += pubSz;
- }
- /* make headers */
- verSz = SetMyVersion(1, ver, FALSE);
- seqSz = SetSequence((word32)verSz + prvidx + pubidx + curveidx, seq);
- totalSz = prvidx + pubidx + curveidx + (word32)verSz + seqSz;
- if (output == NULL) {
- *inLen = totalSz;
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubIn) {
- XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- return LENGTH_ONLY_E;
- }
- if (inLen != NULL && totalSz > *inLen) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubIn) {
- XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- return BAD_FUNC_ARG;
- }
- /* write out */
- /* seq */
- XMEMCPY(output + idx, seq, seqSz);
- idx = seqSz;
- /* ver */
- XMEMCPY(output + idx, ver, (size_t)verSz);
- idx += (word32)verSz;
- /* private */
- XMEMCPY(output + idx, prv, prvidx);
- idx += prvidx;
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- /* curve */
- XMEMCPY(output + idx, curve, curveidx);
- idx += curveidx;
- /* pubIn */
- if (pubIn) {
- XMEMCPY(output + idx, pub, pubidx);
- /* idx += pubidx; not used after write, if more data remove comment */
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- return (int)totalSz;
- #else
- DECL_ASNSETDATA(dataASN, eccKeyASN_Length);
- word32 privSz, pubSz;
- int sz = 0;
- int ret = 0;
- int curveIdSz = 0;
- /* Check validity of parameters. */
- if ((key == NULL) || ((output == NULL) && (inLen == NULL))) {
- ret = BAD_FUNC_ARG;
- }
- /* Check key has parameters when encoding curve. */
- if ((ret == 0) && curveIn && (key->dp == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- CALLOC_ASNSETDATA(dataASN, eccKeyASN_Length, ret, key->heap);
- if (ret == 0) {
- /* Private key size is the curve size. */
- privSz = (word32)key->dp->size;
- if (pubIn) {
- /* Get the length of the public key. */
- PRIVATE_KEY_UNLOCK();
- ret = wc_ecc_export_x963(key, NULL, &pubSz);
- PRIVATE_KEY_LOCK();
- if (ret == LENGTH_ONLY_E)
- ret = 0;
- }
- }
- if (ret == 0) {
- /* Version: 1 */
- SetASN_Int8Bit(&dataASN[ECCKEYASN_IDX_VER], 1);
- /* Leave space for private key. */
- SetASN_Buffer(&dataASN[ECCKEYASN_IDX_PKEY], NULL, privSz);
- if (curveIn) {
- /* Get length of the named curve OID to put into the encoding. */
- curveIdSz = SetCurve(key, NULL, 0);
- if (curveIdSz < 0) {
- ret = curveIdSz;
- }
- /* Curve OID */
- SetASN_ReplaceBuffer(&dataASN[ECCKEYASN_IDX_CURVEID], NULL,
- (word32)curveIdSz);
- /* TODO: add support for SpecifiedECDomain curve. */
- dataASN[ECCKEYASN_IDX_CURVEPARAMS].noOut = 1;
- }
- else {
- SetASNItem_NoOutNode(dataASN, eccKeyASN, ECCKEYASN_IDX_PARAMS,
- eccKeyASN_Length);
- }
- if (ret == 0) {
- if (pubIn) {
- /* Leave space for public key. */
- SetASN_Buffer(&dataASN[ECCKEYASN_IDX_PUBKEY_VAL], NULL, pubSz);
- }
- else {
- /* Don't write out public key. */
- SetASNItem_NoOutNode(dataASN, eccKeyASN, ECCKEYASN_IDX_PUBKEY,
- eccKeyASN_Length);
- }
- /* Calculate size of the private key encoding. */
- ret = SizeASN_Items(eccKeyASN, dataASN, eccKeyASN_Length, &sz);
- }
- }
- /* Return the size if no buffer. */
- if ((ret == 0) && (output == NULL)) {
- *inLen = (word32)sz;
- ret = LENGTH_ONLY_E;
- }
- /* Check the buffer is big enough. */
- if ((ret == 0) && (inLen != NULL) && (sz > (int)*inLen)) {
- ret = BAD_FUNC_ARG;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode the private key. */
- SetASN_Items(eccKeyASN, dataASN, eccKeyASN_Length, output);
- if (curveIn) {
- /* Put named curve OID data into encoding. */
- curveIdSz = SetCurve(key,
- (byte*)dataASN[ECCKEYASN_IDX_CURVEID].data.buffer.data,
- (size_t)curveIdSz);
- if (curveIdSz < 0) {
- ret = curveIdSz;
- }
- }
- if (ret == 0) {
- /* Export the private value into the buffer. */
- ret = wc_ecc_export_private_only(key,
- (byte*)dataASN[ECCKEYASN_IDX_PKEY].data.buffer.data, &privSz);
- }
- if ((ret == 0) && pubIn) {
- /* Export the public point into the buffer. */
- PRIVATE_KEY_UNLOCK();
- ret = wc_ecc_export_x963(key,
- (byte*)dataASN[ECCKEYASN_IDX_PUBKEY_VAL].data.buffer.data,
- &pubSz);
- PRIVATE_KEY_LOCK();
- }
- }
- if (ret == 0) {
- /* Return the encoding size. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, key->heap);
- return ret;
- #endif
- }
- /* Write a Private ecc key, including public to DER format,
- * length on success else < 0 */
- WOLFSSL_ABI
- int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
- {
- return wc_BuildEccKeyDer(key, output, &inLen, 1, 1);
- }
- /* Write only private ecc key to DER format,
- * length on success else < 0 */
- int wc_EccKeyDerSize(ecc_key* key, int pub)
- {
- word32 sz = 0;
- int ret;
- ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
- if (ret != LENGTH_ONLY_E) {
- return ret;
- }
- return (int)sz;
- }
- /* Write only private ecc key to DER format,
- * length on success else < 0 */
- int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen)
- {
- return wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
- }
- #ifdef HAVE_PKCS8
- /* Write only private ecc key or both private and public parts to unencrypted
- * PKCS#8 format.
- *
- * If output is NULL, places required PKCS#8 buffer size in outLen and
- * returns LENGTH_ONLY_E.
- *
- * return length on success else < 0 */
- static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen,
- int includePublic)
- {
- int ret;
- word32 tmpDerSz;
- int algoID = 0;
- word32 oidSz = 0;
- word32 pkcs8Sz = 0;
- const byte* curveOID = NULL;
- #ifdef WOLFSSL_NO_MALLOC
- byte tmpDer[ECC_BUFSIZE];
- #else
- byte* tmpDer = NULL;
- #endif
- word32 sz = ECC_BUFSIZE;
- if (key == NULL || key->dp == NULL || outLen == NULL)
- return BAD_FUNC_ARG;
- /* set algoID, get curve OID */
- algoID = ECDSAk;
- ret = wc_ecc_get_oid(key->dp->oidSum, &curveOID, &oidSz);
- if (ret < 0)
- return ret;
- #ifndef WOLFSSL_NO_MALLOC
- /* temp buffer for plain DER key */
- tmpDer = (byte*)XMALLOC(ECC_BUFSIZE, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmpDer == NULL)
- return MEMORY_E;
- #endif
- XMEMSET(tmpDer, 0, ECC_BUFSIZE);
- ret = wc_BuildEccKeyDer(key, tmpDer, &sz, includePublic, 0);
- if (ret < 0) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- tmpDerSz = (word32)ret;
- /* get pkcs8 expected output size */
- ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, tmpDer, tmpDerSz, algoID,
- curveOID, oidSz);
- if (ret != LENGTH_ONLY_E) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- if (output == NULL) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- *outLen = pkcs8Sz;
- return LENGTH_ONLY_E;
- }
- else if (*outLen < pkcs8Sz) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_MSG("Input buffer too small for ECC PKCS#8 key");
- return BUFFER_E;
- }
- ret = wc_CreatePKCS8Key(output, &pkcs8Sz, tmpDer, tmpDerSz,
- algoID, curveOID, oidSz);
- if (ret < 0) {
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #ifndef WOLFSSL_NO_MALLOC
- XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- *outLen = (word32)ret;
- return ret;
- }
- /* Write only private ecc key to unencrypted PKCS#8 format.
- *
- * return length on success else < 0 */
- int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen)
- {
- return eccToPKCS8(key, output, outLen, 0);
- }
- /* Write both private and public ecc keys to unencrypted PKCS#8 format.
- *
- * return length on success else < 0 */
- int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
- word32* outLen)
- {
- return eccToPKCS8(key, output, outLen, 1);
- }
- #endif /* HAVE_PKCS8 */
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- #endif /* HAVE_ECC */
- #ifdef WC_ENABLE_ASYM_KEY_IMPORT
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for Ed25519 and Ed448 private key.
- * RFC 8410, 7 - Private Key Format (but public value is EXPLICIT OCTET_STRING)
- */
- static const ASNItem edKeyASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* Version */
- /* VER */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* privateKeyAlgorithm */
- /* PKEYALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* PKEYALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 1 },
- /* privateKey */
- /* PKEY */ { 1, ASN_OCTET_STRING, 0, 1, 0 },
- /* CurvePrivateKey */
- /* PKEY_CURVEPKEY */ { 2, ASN_OCTET_STRING, 0, 0, 0 },
- /* attributes */
- /* ATTRS */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_ATTRS, 1, 1, 1 },
- /* publicKey */
- /* PUBKEY */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY, 0, 0, 1 },
- };
- enum {
- EDKEYASN_IDX_SEQ = 0,
- EDKEYASN_IDX_VER,
- EDKEYASN_IDX_PKEYALGO_SEQ,
- EDKEYASN_IDX_PKEYALGO_OID,
- EDKEYASN_IDX_PKEY,
- EDKEYASN_IDX_PKEY_CURVEPKEY,
- EDKEYASN_IDX_ATTRS,
- EDKEYASN_IDX_PUBKEY
- };
- /* Number of items in ASN.1 template for Ed25519 and Ed448 private key. */
- #define edKeyASN_Length (sizeof(edKeyASN) / sizeof(ASNItem))
- #endif
- #if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \
- || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
- || (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
- || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
- || (defined(HAVE_PQC) && defined(HAVE_FALCON)) \
- || (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) \
- || (defined(HAVE_PQC) && defined(HAVE_SPHINCS)))
- int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
- byte* privKey, word32* privKeyLen,
- byte* pubKey, word32* pubKeyLen, int keyType)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 oid;
- int version, length, endKeyIdx, privSz, pubSz;
- const byte* priv;
- const byte* pub;
- #else
- int ret = 0;
- DECL_ASNGETDATA(dataASN, edKeyASN_Length);
- CALLOC_ASNGETDATA(dataASN, edKeyASN_Length, ret, NULL);
- #endif
- if (input == NULL || inOutIdx == NULL || inSz == 0 ||
- privKey == NULL || privKeyLen == NULL) {
- #ifdef WOLFSSL_ASN_TEMPLATE
- FREE_ASNGETDATA(dataASN, NULL);
- #endif
- return BAD_FUNC_ARG;
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- if (GetSequence(input, inOutIdx, &length, inSz) >= 0) {
- endKeyIdx = (int)*inOutIdx + length;
- if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
- return ASN_PARSE_E;
- if (version != 0) {
- WOLFSSL_MSG("Unrecognized version of ED25519 private key");
- return ASN_PARSE_E;
- }
- if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0)
- return ASN_PARSE_E;
- if (oid != (word32)keyType)
- return ASN_PARSE_E;
- if (GetOctetString(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0)
- return ASN_PARSE_E;
- priv = input + *inOutIdx;
- *inOutIdx += (word32)privSz;
- }
- else {
- if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0)
- return ASN_PARSE_E;
- priv = input + *inOutIdx;
- *inOutIdx += (word32)privSz;
- endKeyIdx = (int)*inOutIdx;
- }
- if ((word32)privSz > *privKeyLen)
- return BUFFER_E;
- if (endKeyIdx == (int)*inOutIdx) {
- *privKeyLen = (word32)privSz;
- XMEMCPY(privKey, priv, *privKeyLen);
- if (pubKeyLen != NULL)
- *pubKeyLen = 0;
- }
- else {
- if (pubKeyLen == NULL) {
- return BAD_FUNC_ARG;
- }
- if (GetASNHeader(input, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY | 1,
- inOutIdx, &pubSz, inSz) < 0) {
- return ASN_PARSE_E;
- }
- if ((word32)pubSz > *pubKeyLen)
- return BUFFER_E;
- pub = input + *inOutIdx;
- *inOutIdx += (word32)pubSz;
- *privKeyLen = (word32)privSz;
- XMEMCPY(privKey, priv, *privKeyLen);
- *pubKeyLen = (word32)pubSz;
- if (pubKey != NULL)
- XMEMCPY(pubKey, pub, *pubKeyLen);
- }
- if (endKeyIdx != (int)*inOutIdx)
- return ASN_PARSE_E;
- return 0;
- #else
- if (ret == 0) {
- /* Require OID. */
- word32 oidSz;
- const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz);
- GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oid, oidSz);
- /* Parse full private key. */
- ret = GetASN_Items(edKeyASN, dataASN, edKeyASN_Length, 1, input,
- inOutIdx, inSz);
- if (ret != 0) {
- /* Parse just the OCTET_STRING. */
- ret = GetASN_Items(&edKeyASN[EDKEYASN_IDX_PKEY_CURVEPKEY],
- &dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY], 1, 0, input,
- inOutIdx, inSz);
- if (ret != 0) {
- ret = ASN_PARSE_E;
- }
- }
- }
- /* Check the private value length is correct. */
- if ((ret == 0) && dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length
- > *privKeyLen) {
- ret = ASN_PARSE_E;
- }
- if ((ret == 0) && dataASN[EDKEYASN_IDX_PUBKEY].tag == 0) {
- *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
- XMEMCPY(privKey, dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data,
- *privKeyLen);
- if (pubKeyLen != NULL)
- *pubKeyLen = 0;
- }
- else if ((ret == 0) &&
- (pubKeyLen != NULL) &&
- (dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length > *pubKeyLen)) {
- ret = ASN_PARSE_E;
- }
- else if (ret == 0) {
- /* Import private and public value. */
- *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
- XMEMCPY(privKey, dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data,
- *privKeyLen);
- if (pubKeyLen != NULL)
- *pubKeyLen = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length;
- if (pubKey != NULL && pubKeyLen != NULL)
- XMEMCPY(pubKey, dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data,
- *pubKeyLen);
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
- byte* pubKey, word32* pubKeyLen, int keyType)
- {
- int ret = 0;
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length;
- word32 oid;
- #else
- word32 len;
- DECL_ASNGETDATA(dataASN, edPubKeyASN_Length);
- #endif
- if (input == NULL || inSz == 0 || inOutIdx == NULL ||
- pubKey == NULL || pubKeyLen == NULL) {
- return BAD_FUNC_ARG;
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetSequence(input, inOutIdx, &length, inSz) < 0)
- return ASN_PARSE_E;
- if (GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz) < 0)
- return ASN_PARSE_E;
- if (oid != (word32)keyType)
- return ASN_PARSE_E;
- /* key header */
- ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL);
- if (ret != 0)
- return ret;
- /* check that the value found is not too large for pubKey buffer */
- if ((word32)length > *pubKeyLen)
- return ASN_PARSE_E;
- /* check that input buffer is exhausted */
- if (*inOutIdx + (word32)length != inSz)
- return ASN_PARSE_E;
- /* This is the raw point data compressed or uncompressed. */
- *pubKeyLen = (word32)length;
- XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);
- #else
- len = inSz - *inOutIdx;
- CALLOC_ASNGETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
- if (ret == 0) {
- /* Require OID. */
- word32 oidSz;
- const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz);
- GetASN_ExpBuffer(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], oid, oidSz);
- /* Decode Ed25519 private key. */
- ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input,
- inOutIdx, inSz);
- if (ret != 0)
- ret = ASN_PARSE_E;
- /* check that input buffer is exhausted */
- if (*inOutIdx != inSz)
- ret = ASN_PARSE_E;
- }
- /* Check the public value length is correct. */
- if ((ret == 0) &&
- (dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length > *pubKeyLen)) {
- ret = ASN_PARSE_E;
- }
- /* Check that the all the buffer was used. */
- if ((ret == 0) &&
- (GetASNItem_Length(dataASN[EDPUBKEYASN_IDX_SEQ], input) != len)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- *pubKeyLen = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length;
- XMEMCPY(pubKey, dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data,
- *pubKeyLen);
- }
- FREE_ASNGETDATA(dataASN, NULL);
- #endif /* WOLFSSL_ASN_TEMPLATE */
- return ret;
- }
- #endif
- #endif /* WC_ENABLE_ASYM_KEY_IMPORT */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
- int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
- ed25519_key* key, word32 inSz)
- {
- int ret;
- byte privKey[ED25519_KEY_SIZE], pubKey[2*ED25519_PUB_KEY_SIZE+1];
- word32 privKeyLen = (word32)sizeof(privKey);
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
- return BAD_FUNC_ARG;
- }
- ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
- pubKey, &pubKeyLen, ED25519k);
- if (ret == 0) {
- if (pubKeyLen == 0) {
- ret = wc_ed25519_import_private_only(privKey, privKeyLen, key);
- }
- else {
- ret = wc_ed25519_import_private_key(privKey, privKeyLen,
- pubKey, pubKeyLen, key);
- }
- }
- return ret;
- }
- int wc_Ed25519PublicKeyDecode(const byte* input, word32* inOutIdx,
- ed25519_key* key, word32 inSz)
- {
- int ret;
- byte pubKey[2*ED25519_PUB_KEY_SIZE+1];
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
- return BAD_FUNC_ARG;
- }
- ret = DecodeAsymKeyPublic(input, inOutIdx, inSz,
- pubKey, &pubKeyLen, ED25519k);
- if (ret == 0) {
- ret = wc_ed25519_import_public(pubKey, pubKeyLen, key);
- }
- return ret;
- }
- #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */
- #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)
- int wc_Curve25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
- curve25519_key* key, word32 inSz)
- {
- int ret;
- byte privKey[CURVE25519_KEYSIZE];
- word32 privKeyLen = CURVE25519_KEYSIZE;
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
- return BAD_FUNC_ARG;
- }
- ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
- NULL, NULL, X25519k);
- if (ret == 0) {
- ret = wc_curve25519_import_private(privKey, privKeyLen, key);
- }
- return ret;
- }
- int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx,
- curve25519_key* key, word32 inSz)
- {
- int ret;
- byte pubKey[CURVE25519_KEYSIZE];
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
- return BAD_FUNC_ARG;
- }
- ret = DecodeAsymKeyPublic(input, inOutIdx, inSz,
- pubKey, &pubKeyLen, X25519k);
- if (ret == 0) {
- ret = wc_curve25519_import_public(pubKey, pubKeyLen, key);
- }
- return ret;
- }
- #endif /* HAVE_CURVE25519 && HAVE_ED25519_KEY_IMPORT */
- #ifdef WC_ENABLE_ASYM_KEY_EXPORT
- /* Build ASN.1 formatted key based on RFC 5958 (Asymmetric Key Packages)
- *
- * Pass NULL for output to get the size of the encoding.
- *
- * @param [in] privKey private key buffer
- * @param [in] privKeyLen private key buffer length
- * @param [in] pubKey public key buffer (optional)
- * @param [in] pubKeyLen public key buffer length
- * @param [out] output Buffer to put encoded data in (optional)
- * @param [in] outLen Size of buffer in bytes
- * @param [in] keyType is "enum Key_Sum" like ED25519k
- * @return Size of encoded data in bytes on success
- * @return BAD_FUNC_ARG when key is NULL.
- * @return MEMORY_E when dynamic memory allocation failed.
- */
- int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
- const byte* pubKey, word32 pubKeyLen,
- byte* output, word32 outLen, int keyType)
- {
- int ret = 0;
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz;
- #else
- DECL_ASNSETDATA(dataASN, edKeyASN_Length);
- int sz;
- #endif
- /* Validate parameters. */
- if (privKey == NULL || outLen == 0) {
- return BAD_FUNC_ARG;
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* calculate size */
- if (pubKey) {
- pubSz = 2 + pubKeyLen;
- }
- privSz = 2 + 2 + privKeyLen;
- algoSz = SetAlgoID(keyType, NULL, oidKeyType, 0);
- verSz = 3; /* version is 3 bytes (enum + id + version(byte)) */
- seqSz = SetSequence(verSz + algoSz + privSz + pubSz, NULL);
- sz = seqSz + verSz + algoSz + privSz + pubSz;
- /* checkout output size */
- if (output != NULL && sz > outLen) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0 && output != NULL) {
- /* write out */
- /* seq */
- seqSz = SetSequence(verSz + algoSz + privSz + pubSz, output);
- idx = seqSz;
- /* ver */
- SetMyVersion(0, output + idx, FALSE);
- idx += verSz;
- /* algo */
- algoSz = SetAlgoID(keyType, output + idx, oidKeyType, 0);
- idx += algoSz;
- /* privKey */
- idx += SetOctetString(2 + privKeyLen, output + idx);
- idx += SetOctetString(privKeyLen, output + idx);
- XMEMCPY(output + idx, privKey, privKeyLen);
- idx += privKeyLen;
- /* pubKey */
- if (pubKey) {
- idx += SetHeader(ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY |
- 1, pubKeyLen, output + idx, 0);
- XMEMCPY(output + idx, pubKey, pubKeyLen);
- idx += pubKeyLen;
- }
- sz = idx;
- }
- if (ret == 0) {
- /* Return size of encoding. */
- ret = (int)sz;
- }
- #else
- CALLOC_ASNSETDATA(dataASN, edKeyASN_Length, ret, NULL);
- if (ret == 0) {
- /* Set version = 0 */
- SetASN_Int8Bit(&dataASN[EDKEYASN_IDX_VER], 0);
- /* Set OID. */
- SetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], (word32)keyType,
- oidKeyType);
- /* Leave space for private key. */
- SetASN_Buffer(&dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen);
- /* Don't write out attributes. */
- dataASN[EDKEYASN_IDX_ATTRS].noOut = 1;
- if (pubKey) {
- /* Leave space for public key. */
- SetASN_Buffer(&dataASN[EDKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
- }
- else {
- /* Don't put out public part. */
- SetASNItem_NoOutNode(dataASN, edKeyASN, EDKEYASN_IDX_PUBKEY,
- edKeyASN_Length);
- }
- /* Calculate the size of encoding. */
- ret = SizeASN_Items(edKeyASN, dataASN, edKeyASN_Length, &sz);
- }
- /* Check buffer is big enough. */
- if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) {
- ret = BAD_FUNC_ARG;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode private key. */
- SetASN_Items(edKeyASN, dataASN, edKeyASN_Length, output);
- /* Put private value into space provided. */
- XMEMCPY((byte*)dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data,
- privKey, privKeyLen);
- if (pubKey != NULL) {
- /* Put public value into space provided. */
- XMEMCPY((byte*)dataASN[EDKEYASN_IDX_PUBKEY].data.buffer.data,
- pubKey, pubKeyLen);
- }
- }
- if (ret == 0) {
- /* Return size of encoding. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, NULL);
- #endif
- return ret;
- }
- #endif /* WC_ENABLE_ASYM_KEY_EXPORT */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- /* Write a Private ED25519 key, including public to DER format,
- * length on success else < 0 */
- int wc_Ed25519KeyToDer(ed25519_key* key, byte* output, word32 inLen)
- {
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- return SetAsymKeyDer(key->k, ED25519_KEY_SIZE,
- key->p, ED25519_PUB_KEY_SIZE, output, inLen, ED25519k);
- }
- /* Write only private ED25519 key to DER format,
- * length on success else < 0 */
- int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen)
- {
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- return SetAsymKeyDer(key->k, ED25519_KEY_SIZE,
- NULL, 0, output, inLen, ED25519k);
- }
- #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT */
- #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
- /* Write only private Curve25519 key to DER format,
- * length on success else < 0 */
- int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, word32 inLen)
- {
- int ret;
- byte privKey[CURVE25519_KEYSIZE];
- word32 privKeyLen = CURVE25519_KEYSIZE;
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- ret = wc_curve25519_export_private_raw(key, privKey, &privKeyLen);
- if (ret == 0) {
- ret = SetAsymKeyDer(privKey, privKeyLen, NULL, 0, output, inLen,
- X25519k);
- }
- return ret;
- }
- /* Write a public Curve25519 key to DER format,
- * length on success else < 0 */
- int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
- int withAlg)
- {
- int ret;
- byte pubKey[CURVE25519_PUB_KEY_SIZE];
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (key == NULL || output == NULL) {
- return BAD_FUNC_ARG;
- }
- ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen);
- if (ret == 0) {
- ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, output, inLen,
- X25519k, withAlg);
- }
- return ret;
- }
- #endif /* HAVE_CURVE25519 && HAVE_CURVE25519_KEY_EXPORT */
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
- int wc_Ed448PrivateKeyDecode(const byte* input, word32* inOutIdx,
- ed448_key* key, word32 inSz)
- {
- int ret;
- byte privKey[ED448_KEY_SIZE], pubKey[ED448_PUB_KEY_SIZE];
- word32 privKeyLen = (word32)sizeof(privKey);
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
- return BAD_FUNC_ARG;
- }
- ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
- pubKey, &pubKeyLen, ED448k);
- if (ret == 0) {
- if (pubKeyLen == 0) {
- ret = wc_ed448_import_private_only(privKey, privKeyLen, key);
- }
- else {
- ret = wc_ed448_import_private_key(privKey, privKeyLen,
- pubKey, pubKeyLen, key);
- }
- }
- return ret;
- }
- int wc_Ed448PublicKeyDecode(const byte* input, word32* inOutIdx,
- ed448_key* key, word32 inSz)
- {
- int ret;
- byte pubKey[2 * ED448_PUB_KEY_SIZE + 1];
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
- return BAD_FUNC_ARG;
- }
- ret = DecodeAsymKeyPublic(input, inOutIdx, inSz,
- pubKey, &pubKeyLen, ED448k);
- if (ret == 0) {
- ret = wc_ed448_import_public(pubKey, pubKeyLen, key);
- }
- return ret;
- }
- #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
- #if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)
- int wc_Curve448PrivateKeyDecode(const byte* input, word32* inOutIdx,
- curve448_key* key, word32 inSz)
- {
- int ret;
- byte privKey[CURVE448_KEY_SIZE];
- word32 privKeyLen = CURVE448_KEY_SIZE;
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
- return BAD_FUNC_ARG;
- }
- ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
- NULL, NULL, X448k);
- if (ret == 0) {
- ret = wc_curve448_import_private(privKey, privKeyLen, key);
- }
- return ret;
- }
- int wc_Curve448PublicKeyDecode(const byte* input, word32* inOutIdx,
- curve448_key* key, word32 inSz)
- {
- int ret;
- byte pubKey[CURVE448_PUB_KEY_SIZE];
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
- return BAD_FUNC_ARG;
- }
- ret = DecodeAsymKeyPublic(input, inOutIdx, inSz,
- pubKey, &pubKeyLen, X448k);
- if (ret == 0) {
- ret = wc_curve448_import_public(pubKey, pubKeyLen, key);
- }
- return ret;
- }
- #endif /* HAVE_CURVE448 && HAVE_ED448_KEY_IMPORT */
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- /* Write a Private ecc key, including public to DER format,
- * length on success else < 0 */
- int wc_Ed448KeyToDer(ed448_key* key, byte* output, word32 inLen)
- {
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- return SetAsymKeyDer(key->k, ED448_KEY_SIZE,
- key->p, ED448_KEY_SIZE, output, inLen, ED448k);
- }
- /* Write only private ecc key to DER format,
- * length on success else < 0 */
- int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output, word32 inLen)
- {
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- return SetAsymKeyDer(key->k, ED448_KEY_SIZE,
- NULL, 0, output, inLen, ED448k);
- }
- #endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT */
- #if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)
- /* Write private Curve448 key to DER format,
- * length on success else < 0 */
- int wc_Curve448PrivateKeyToDer(curve448_key* key, byte* output, word32 inLen)
- {
- int ret;
- byte privKey[CURVE448_KEY_SIZE];
- word32 privKeyLen = CURVE448_KEY_SIZE;
- if (key == NULL) {
- return BAD_FUNC_ARG;
- }
- ret = wc_curve448_export_private_raw(key, privKey, &privKeyLen);
- if (ret == 0) {
- ret = SetAsymKeyDer(privKey, privKeyLen, NULL, 0, output, inLen,
- X448k);
- }
- return ret;
- }
- /* Write a public Curve448 key to DER format,
- * length on success else < 0 */
- int wc_Curve448PublicKeyToDer(curve448_key* key, byte* output, word32 inLen,
- int withAlg)
- {
- int ret;
- byte pubKey[CURVE448_PUB_KEY_SIZE];
- word32 pubKeyLen = (word32)sizeof(pubKey);
- if (key == NULL || output == NULL) {
- return BAD_FUNC_ARG;
- }
- ret = wc_curve448_export_public(key, pubKey, &pubKeyLen);
- if (ret == 0) {
- ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, output, inLen,
- X448k, withAlg);
- }
- return ret;
- }
- #endif /* HAVE_CURVE448 && HAVE_CURVE448_KEY_EXPORT */
- #ifndef WOLFSSL_ASN_TEMPLATE
- #if (defined(HAVE_OCSP) || defined(HAVE_CRL)) && !defined(WOLFCRYPT_ONLY)
- /* Get raw Date only, no processing, 0 on success */
- static int GetBasicDate(const byte* source, word32* idx, byte* date,
- byte* format, int maxIdx)
- {
- int ret, length;
- const byte *datePtr = NULL;
- WOLFSSL_ENTER("GetBasicDate");
- ret = GetDateInfo(source, idx, &datePtr, format, &length, maxIdx);
- if (ret < 0)
- return ret;
- XMEMCPY(date, datePtr, length);
- return 0;
- }
- #endif /* HAVE_OCSP || HAVE_CRL */
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY)
- #ifndef WOLFSSL_ASN_TEMPLATE
- static int GetEnumerated(const byte* input, word32* inOutIdx, int *value,
- int sz)
- {
- word32 idx = *inOutIdx;
- word32 len;
- byte tag;
- WOLFSSL_ENTER("GetEnumerated");
- *value = 0;
- if (GetASNTag(input, &idx, &tag, sz) < 0)
- return ASN_PARSE_E;
- if (tag != ASN_ENUMERATED)
- return ASN_PARSE_E;
- if ((int)idx >= sz)
- return BUFFER_E;
- len = input[idx++];
- if (len > 4 || (int)(len + idx) > sz)
- return ASN_PARSE_E;
- while (len--) {
- *value = *value << 8 | input[idx++];
- }
- *inOutIdx = idx;
- return *value;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for OCSP single response.
- * RFC 6960, 4.2.1 - ASN.1 Specification of the OCSP Response
- */
- static const ASNItem singleResponseASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* certId */
- /* CID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* hashAlgorithm */
- /* CID_HASHALGO_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* CID_HASHALGO_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* CID_HASHALGO_NULL */ { 3, ASN_TAG_NULL, 0, 0, 1 },
- /* issuerNameHash */
- /* CID_ISSUERHASH */ { 2, ASN_OCTET_STRING, 0, 0, 0 },
- /* issuerKeyHash */
- /* CID_ISSUERKEYHASH */ { 2, ASN_OCTET_STRING, 0, 0, 0 },
- /* serialNumber */
- /* CID_SERIAL */ { 2, ASN_INTEGER, 0, 0, 0 },
- /* certStatus - CHOICE */
- /* good [0] IMPLICIT NULL */
- /* CS_GOOD */ { 1, ASN_CONTEXT_SPECIFIC | 0, 0, 0, 2 },
- /* revoked [1] IMPLICIT RevokedInfo */
- /* CS_REVOKED */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 1, 2 },
- /* revocationTime */
- /* CS_REVOKED_TIME */ { 2, ASN_GENERALIZED_TIME, 0, 0, 0 },
- /* revocationReason [0] EXPLICIT CRLReason OPTIONAL */
- /* CS_REVOKED_REASON */ { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
- /* crlReason */
- /* CS_REVOKED_REASON_VAL */ { 3, ASN_ENUMERATED, 0, 0, 0 },
- /* unknown [2] IMPLICIT UnknownInfo ::= NULL */
- /* UNKNOWN */ { 1, ASN_CONTEXT_SPECIFIC | 2, 0, 0, 2 },
- /* thisUpdate */
- /* THISUPDATE_GT */ { 1, ASN_GENERALIZED_TIME, 0, 0, 0 },
- /* nextUpdate */
- /* NEXTUPDATE */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
- /* NEXTUPDATE_GT */ { 2, ASN_GENERALIZED_TIME, 0, 0, 0 },
- /* singleExtensions */
- /* EXT */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 1 },
- };
- enum {
- SINGLERESPONSEASN_IDX_SEQ = 0,
- SINGLERESPONSEASN_IDX_CID_SEQ,
- SINGLERESPONSEASN_IDX_CID_HASHALGO_SEQ,
- SINGLERESPONSEASN_IDX_CID_HASHALGO_OID,
- SINGLERESPONSEASN_IDX_CID_HASHALGO_NULL,
- SINGLERESPONSEASN_IDX_CID_ISSUERHASH,
- SINGLERESPONSEASN_IDX_CID_ISSUERKEYHASH,
- SINGLERESPONSEASN_IDX_CID_SERIAL,
- SINGLERESPONSEASN_IDX_CS_GOOD,
- SINGLERESPONSEASN_IDX_CS_REVOKED,
- SINGLERESPONSEASN_IDX_CS_REVOKED_TIME,
- SINGLERESPONSEASN_IDX_CS_REVOKED_REASON,
- SINGLERESPONSEASN_IDX_CS_REVOKED_REASON_VAL,
- SINGLERESPONSEASN_IDX_UNKNOWN,
- SINGLERESPONSEASN_IDX_THISUPDATE_GT,
- SINGLERESPONSEASN_IDX_NEXTUPDATE,
- SINGLERESPONSEASN_IDX_NEXTUPDATE_GT,
- SINGLERESPONSEASN_IDX_EXT,
- };
- /* Number of items in ASN.1 template for OCSP single response. */
- #define singleResponseASN_Length (sizeof(singleResponseASN) / sizeof(ASNItem))
- #endif
- static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
- int wrapperSz, OcspEntry* single)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = *ioIndex, prevIndex, oid, localIdx, certIdIdx;
- int length;
- int ret;
- byte tag;
- WOLFSSL_ENTER("DecodeSingleResponse");
- prevIndex = idx;
- /* Wrapper around the Single Response */
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- /* Wrapper around the CertID */
- certIdIdx = idx;
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- single->rawCertId = source + certIdIdx;
- /* Hash algorithm */
- ret = GetAlgoId(source, &idx, &oid, oidIgnoreType, size);
- if (ret < 0)
- return ret;
- single->hashAlgoOID = oid;
- /* Save reference to the hash of CN */
- ret = GetOctetString(source, &idx, &length, size);
- if (ret < 0)
- return ret;
- if (length > (int)sizeof(single->issuerHash))
- return BUFFER_E;
- XMEMCPY(single->issuerHash, source + idx, length);
- idx += length;
- /* Save reference to the hash of the issuer public key */
- ret = GetOctetString(source, &idx, &length, size);
- if (ret < 0)
- return ret;
- if (length > (int)sizeof(single->issuerKeyHash))
- return BUFFER_E;
- XMEMCPY(single->issuerKeyHash, source + idx, length);
- idx += length;
- /* Get serial number */
- if (wc_GetSerialNumber(source, &idx, single->status->serial,
- &single->status->serialSz, size) < 0)
- return ASN_PARSE_E;
- single->rawCertIdSize = idx - certIdIdx;
- if (idx >= size)
- return BUFFER_E;
- /* CertStatus */
- switch (source[idx++])
- {
- case (ASN_CONTEXT_SPECIFIC | CERT_GOOD):
- single->status->status = CERT_GOOD;
- idx++;
- break;
- case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED):
- single->status->status = CERT_REVOKED;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- idx += length;
- break;
- case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN):
- single->status->status = CERT_UNKNOWN;
- idx++;
- break;
- default:
- return ASN_PARSE_E;
- }
- if (idx >= size)
- return BUFFER_E;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
- single->status->thisDateAsn = source + idx;
- localIdx = 0;
- if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL,
- (byte*)&single->status->thisDateParsed.type,
- &single->status->thisDateParsed.length, size - idx) < 0)
- return ASN_PARSE_E;
- if (idx + localIdx >= size)
- return BUFFER_E;
- XMEMCPY(single->status->thisDateParsed.data,
- single->status->thisDateAsn + localIdx - single->status->thisDateParsed.length,
- single->status->thisDateParsed.length);
- #endif
- if (GetBasicDate(source, &idx, single->status->thisDate,
- &single->status->thisDateFormat, size) < 0)
- return ASN_PARSE_E;
- #ifndef NO_ASN_TIME_CHECK
- #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
- if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE))
- return ASN_BEFORE_DATE_E;
- #endif
- #endif
- /* The following items are optional. Only check for them if there is more
- * unprocessed data in the singleResponse wrapper. */
- localIdx = idx;
- if (((int)(idx - prevIndex) < wrapperSz) &&
- GetASNTag(source, &localIdx, &tag, size) == 0 &&
- tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
- {
- idx++;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
- single->status->nextDateAsn = source + idx;
- localIdx = 0;
- if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL,
- (byte*)&single->status->nextDateParsed.type,
- &single->status->nextDateParsed.length, size - idx) < 0)
- return ASN_PARSE_E;
- if (idx + localIdx >= size)
- return BUFFER_E;
- XMEMCPY(single->status->nextDateParsed.data,
- single->status->nextDateAsn + localIdx - single->status->nextDateParsed.length,
- single->status->nextDateParsed.length);
- #endif
- if (GetBasicDate(source, &idx, single->status->nextDate,
- &single->status->nextDateFormat, size) < 0)
- return ASN_PARSE_E;
- #ifndef NO_ASN_TIME_CHECK
- #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
- if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER))
- return ASN_AFTER_DATE_E;
- #endif
- #endif
- }
- /* Skip the optional extensions in singleResponse. */
- localIdx = idx;
- if (((int)(idx - prevIndex) < wrapperSz) &&
- GetASNTag(source, &localIdx, &tag, size) == 0 &&
- tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))
- {
- idx++;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- idx += length;
- }
- *ioIndex = idx;
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, singleResponseASN_Length);
- int ret = 0;
- word32 ocspDigestSize = OCSP_DIGEST_SIZE;
- CertStatus* cs = NULL;
- word32 serialSz;
- word32 issuerHashLen;
- word32 issuerKeyHashLen;
- word32 thisDateLen;
- word32 nextDateLen;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
- WOLFSSL_ASN1_TIME *at;
- #endif
- (void)wrapperSz;
- WOLFSSL_ENTER("DecodeSingleResponse");
- CALLOC_ASNGETDATA(dataASN, singleResponseASN_Length, ret, NULL);
- if (ret == 0) {
- /* Certificate Status field. */
- cs = single->status;
- /* Set maximum lengths for data. */
- issuerHashLen = OCSP_DIGEST_SIZE;
- issuerKeyHashLen = OCSP_DIGEST_SIZE;
- serialSz = EXTERNAL_SERIAL_SIZE;
- thisDateLen = MAX_DATE_SIZE;
- nextDateLen = MAX_DATE_SIZE;
- /* Set OID type, buffers to hold data and variables to hold size. */
- GetASN_OID(&dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID],
- oidHashType);
- GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_ISSUERHASH],
- single->issuerHash, &issuerHashLen);
- GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_ISSUERKEYHASH],
- single->issuerKeyHash, &issuerKeyHashLen);
- GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_SERIAL], cs->serial,
- &serialSz);
- GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT],
- cs->thisDate, &thisDateLen);
- GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT],
- cs->nextDate, &nextDateLen);
- /* TODO: decode revoked time and reason. */
- /* Decode OCSP single response. */
- ret = GetASN_Items(singleResponseASN, dataASN, singleResponseASN_Length,
- 1, source, ioIndex, size);
- }
- if (ret == 0) {
- single->hashAlgoOID =
- dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID].data.oid.sum;
- ocspDigestSize = (word32)wc_HashGetDigestSize(
- wc_OidGetHash((int)single->hashAlgoOID));
- }
- /* Validate the issuer hash length is the size required. */
- if ((ret == 0) && (issuerHashLen != ocspDigestSize)) {
- ret = ASN_PARSE_E;
- }
- /* Validate the issuer key hash length is the size required. */
- if (ret == 0) {
- if (issuerKeyHashLen != ocspDigestSize) {
- ret = ASN_PARSE_E;
- }
- }
- if (ret == 0) {
- /* Store serial size. */
- cs->serialSz = (int)serialSz;
- /* Set the hash algorithm OID */
- single->hashAlgoOID =
- dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID].data.oid.sum;
- /* Determine status by which item was found. */
- if (dataASN[SINGLERESPONSEASN_IDX_CS_GOOD].tag != 0) {
- cs->status = CERT_GOOD;
- }
- if (dataASN[SINGLERESPONSEASN_IDX_CS_REVOKED].tag != 0) {
- cs->status = CERT_REVOKED;
- }
- if (dataASN[SINGLERESPONSEASN_IDX_UNKNOWN].tag != 0) {
- cs->status = CERT_UNKNOWN;
- }
- /* Store the thisDate format - only one possible. */
- cs->thisDateFormat = ASN_GENERALIZED_TIME;
- #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
- /* Check date is a valid string and BEFORE now. */
- if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, BEFORE)) {
- ret = ASN_BEFORE_DATE_E;
- }
- }
- if (ret == 0) {
- #endif
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
- /* Store ASN.1 version of thisDate. */
- cs->thisDateAsn = GetASNItem_Addr(
- dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], source);
- at = &cs->thisDateParsed;
- at->type = ASN_GENERALIZED_TIME;
- XMEMCPY(at->data, cs->thisDate, thisDateLen);
- at->length = (int)thisDateLen;
- #endif
- }
- if ((ret == 0) &&
- (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
- /* Store the nextDate format - only one possible. */
- cs->nextDateFormat = ASN_GENERALIZED_TIME;
- #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
- /* Check date is a valid string and AFTER now. */
- if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, AFTER)) {
- ret = ASN_AFTER_DATE_E;
- }
- }
- if ((ret == 0) &&
- (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
- #endif
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
- /* Store ASN.1 version of thisDate. */
- cs->nextDateAsn = GetASNItem_Addr(
- dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], source);
- at = &cs->nextDateParsed;
- at->type = ASN_GENERALIZED_TIME;
- XMEMCPY(at->data, cs->nextDate, nextDateLen);
- at->length = (int)nextDateLen;
- #endif
- }
- if (ret == 0) {
- /* OcspEntry now used. */
- single->used = 1;
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for OCSP response extension header.
- * RFC 6960, 4.2.1 - ASN.1 Specification of the OCSP Response
- */
- static const ASNItem respExtHdrASN[] = {
- /* responseExtensions */
- /* EXT */ { 0, ASN_CONTEXT_SPECIFIC | 1, 1, 1, 0 },
- /* extensions */
- /* EXT_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- };
- enum {
- RESPEXTHDRASN_IDX_EXT = 0,
- RESPEXTHDRASN_IDX_EXT_SEQ,
- };
- /* Number of items in ASN.1 template for OCSP response extension header. */
- #define respExtHdrASN_Length (sizeof(respExtHdrASN) / sizeof(ASNItem))
- #endif
- static int DecodeOcspRespExtensions(byte* source, word32* ioIndex,
- OcspResponse* resp, word32 sz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = *ioIndex;
- int length;
- int ext_bound; /* boundary index for the sequence of extensions */
- word32 oid;
- int ret;
- byte tag;
- WOLFSSL_ENTER("DecodeOcspRespExtensions");
- if ((idx + 1) > sz)
- return BUFFER_E;
- if (GetASNTag(source, &idx, &tag, sz) < 0)
- return ASN_PARSE_E;
- if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))
- return ASN_PARSE_E;
- if (GetLength(source, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- if (GetSequence(source, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- ext_bound = idx + length;
- while (idx < (word32)ext_bound) {
- word32 localIdx;
- if (GetSequence(source, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
- oid = 0;
- if (GetObjectId(source, &idx, &oid, oidOcspType, sz) < 0) {
- WOLFSSL_MSG("\tfail: OBJECT ID");
- return ASN_PARSE_E;
- }
- /* check for critical flag */
- if ((idx + 1) > (word32)sz) {
- WOLFSSL_MSG("\tfail: malformed buffer");
- return BUFFER_E;
- }
- localIdx = idx;
- if (GetASNTag(source, &localIdx, &tag, sz) == 0 && tag == ASN_BOOLEAN) {
- WOLFSSL_MSG("\tfound optional critical flag, moving past");
- ret = GetBoolean(source, &idx, sz);
- if (ret < 0)
- return ret;
- }
- ret = GetOctetString(source, &idx, &length, sz);
- if (ret < 0)
- return ret;
- if (oid == OCSP_NONCE_OID) {
- /* get data inside extra OCTET_STRING */
- ret = GetOctetString(source, &idx, &length, sz);
- if (ret < 0)
- return ret;
- resp->nonce = source + idx;
- resp->nonceSz = length;
- }
- idx += length;
- }
- *ioIndex = idx;
- return 0;
- #else
- /* certExtASN_Length is greater than respExtHdrASN_Length */
- DECL_ASNGETDATA(dataASN, certExtASN_Length);
- int ret = 0;
- word32 idx = *ioIndex;
- word32 maxIdx = 0;
- WOLFSSL_ENTER("DecodeOcspRespExtensions");
- CALLOC_ASNGETDATA(dataASN, certExtASN_Length, ret, resp->heap);
- if (ret == 0) {
- /* Check for header and move past. */
- ret = GetASN_Items(respExtHdrASN, dataASN, respExtHdrASN_Length, 0,
- source, &idx, sz);
- }
- if (ret == 0) {
- /* Keep end extensions index for total length check. */
- maxIdx = idx + dataASN[RESPEXTHDRASN_IDX_EXT_SEQ].length;
- }
- /* Step through all extensions. */
- while ((ret == 0) && (idx < maxIdx)) {
- /* Clear dynamic data, set OID type to expect. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * certExtASN_Length);
- GetASN_OID(&dataASN[CERTEXTASN_IDX_OID], oidOcspType);
- /* TODO: check criticality. */
- /* Decode OCSP response extension. */
- ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0,
- source, &idx, sz);
- if (ret == 0) {
- word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum;
- int length = (int)dataASN[CERTEXTASN_IDX_VAL].length;
- if (oid == OCSP_NONCE_OID) {
- /* Extract nonce data. */
- ret = GetOctetString(source, &idx, &length, sz);
- if (ret >= 0) {
- ret = 0;
- /* get data inside extra OCTET_STRING */
- resp->nonce = source + idx;
- resp->nonceSz = length;
- }
- }
- /* Ignore all other extension types. */
- /* Skip over rest of extension. */
- idx += (word32)length;
- }
- }
- /* Return index after extensions. */
- *ioIndex = idx;
- FREE_ASNGETDATA(dataASN, resp->heap);
- return ret;
- #endif
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for OCSP ResponseData.
- * RFC 6960, 4.2.1 - ASN.1 Specification of the OCSP Response
- */
- static const ASNItem ocspRespDataASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* version DEFAULT v1 */
- /* VER_PRESENT */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
- /* VER */ { 2, ASN_INTEGER, 1, 0, 0 },
- /* byName */
- /* BYNAME */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 },
- /* byKey */
- /* BYKEY */ { 1, ASN_CONTEXT_SPECIFIC | 2, 1, 0, 2 },
- /* producedAt */
- /* PA */ { 1, ASN_GENERALIZED_TIME, 0, 0, 0, },
- /* responses */
- /* RESP */ { 1, ASN_SEQUENCE, 1, 0, 0 },
- /* responseExtensions */
- /* RESPEXT */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 1 }
- };
- enum {
- OCSPRESPDATAASN_IDX_SEQ = 0,
- OCSPRESPDATAASN_IDX_VER_PRESENT,
- OCSPRESPDATAASN_IDX_VER,
- OCSPRESPDATAASN_IDX_BYNAME,
- OCSPRESPDATAASN_IDX_BYKEY,
- OCSPRESPDATAASN_IDX_PA,
- OCSPRESPDATAASN_IDX_RESP,
- OCSPRESPDATAASN_IDX_RESPEXT,
- };
- /* Number of items in ASN.1 template for OCSP ResponseData. */
- #define ocspRespDataASN_Length (sizeof(ocspRespDataASN) / sizeof(ASNItem))
- #endif
- static int DecodeResponseData(byte* source, word32* ioIndex,
- OcspResponse* resp, word32 size)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = *ioIndex, prev_idx, localIdx;
- int length;
- int version;
- int ret;
- byte tag;
- int wrapperSz;
- OcspEntry* single;
- WOLFSSL_ENTER("DecodeResponseData");
- resp->response = source + idx;
- prev_idx = idx;
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- resp->responseSz = length + idx - prev_idx;
- /* Get version. It is an EXPLICIT[0] DEFAULT(0) value. If this
- * item isn't an EXPLICIT[0], then set version to zero and move
- * onto the next item.
- */
- localIdx = idx;
- if (GetASNTag(source, &localIdx, &tag, size) == 0 &&
- tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED))
- {
- idx += 2; /* Eat the value and length */
- if (GetMyVersion(source, &idx, &version, size) < 0)
- return ASN_PARSE_E;
- } else
- version = 0;
- localIdx = idx;
- if (GetASNTag(source, &localIdx, &tag, size) == 0 &&
- ( tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1) ||
- tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2) ))
- {
- idx++; /* advance past ASN tag */
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- idx += length;
- }
- else
- return ASN_PARSE_E;
- /* save pointer to the producedAt time */
- if (GetBasicDate(source, &idx, resp->producedDate,
- &resp->producedDateFormat, size) < 0)
- return ASN_PARSE_E;
- /* Outer wrapper of the SEQUENCE OF Single Responses. */
- if (GetSequence(source, &idx, &wrapperSz, size) < 0)
- return ASN_PARSE_E;
- localIdx = idx;
- single = resp->single;
- while (idx - localIdx < (word32)wrapperSz) {
- ret = DecodeSingleResponse(source, &idx, size, wrapperSz, single);
- if (ret < 0)
- return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */
- if (idx - localIdx < (word32)wrapperSz) {
- single->next = (OcspEntry*)XMALLOC(sizeof(OcspEntry), resp->heap,
- DYNAMIC_TYPE_OCSP_ENTRY);
- if (single->next == NULL) {
- return MEMORY_E;
- }
- XMEMSET(single->next, 0, sizeof(OcspEntry));
- single->next->status = (CertStatus*)XMALLOC(sizeof(CertStatus),
- resp->heap, DYNAMIC_TYPE_OCSP_STATUS);
- if (single->next->status == NULL) {
- XFREE(single->next, resp->heap, DYNAMIC_TYPE_OCSP_ENTRY);
- single->next = NULL;
- return MEMORY_E;
- }
- XMEMSET(single->next->status, 0, sizeof(CertStatus));
- single->next->isDynamic = 1;
- single = single->next;
- }
- }
- /*
- * Check the length of the ResponseData against the current index to
- * see if there are extensions, they are optional.
- */
- if (idx - prev_idx < resp->responseSz)
- if (DecodeOcspRespExtensions(source, &idx, resp, size) < 0)
- return ASN_PARSE_E;
- *ioIndex = idx;
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, ocspRespDataASN_Length);
- int ret = 0;
- byte version;
- word32 dateSz = 0;
- word32 idx = *ioIndex;
- OcspEntry* single = NULL;
- WOLFSSL_ENTER("DecodeResponseData");
- CALLOC_ASNGETDATA(dataASN, ocspRespDataASN_Length, ret, resp->heap);
- if (ret == 0) {
- resp->response = source + idx;
- /* Default, not present, is v1 = 0. */
- version = 0;
- /* Max size of date supported. */
- dateSz = MAX_DATE_SIZE;
- /* Set the where to put version an produced date. */
- GetASN_Int8Bit(&dataASN[OCSPRESPDATAASN_IDX_VER], &version);
- GetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_PA], resp->producedDate,
- &dateSz);
- /* Decode the ResponseData. */
- ret = GetASN_Items(ocspRespDataASN, dataASN, ocspRespDataASN_Length,
- 1, source, ioIndex, size);
- }
- /* Only support v1 == 0 */
- if (ret == 0) {
- if (version != 0) {
- ret = ASN_PARSE_E;
- }
- }
- /* Ensure date is a minimal size. */
- if (ret == 0) {
- if (dateSz < MIN_DATE_SIZE) {
- ret = ASN_PARSE_E;
- }
- }
- if (ret == 0) {
- /* TODO: use byName/byKey fields. */
- /* Store size of response. */
- resp->responseSz = *ioIndex - idx;
- /* Store date format/tag. */
- resp->producedDateFormat = dataASN[OCSPRESPDATAASN_IDX_PA].tag;
- /* Get the index of the responses SEQUENCE. */
- idx = GetASNItem_DataIdx(dataASN[OCSPRESPDATAASN_IDX_RESP], source);
- /* Start with the pre-existing OcspEntry. */
- single = resp->single;
- }
- while ((ret == 0) && (idx < dataASN[OCSPRESPDATAASN_IDX_RESPEXT].offset)) {
- /* Allocate and use a new OCSP entry if this is used. */
- if (single->used) {
- single->next = (OcspEntry*)XMALLOC(sizeof(OcspEntry), resp->heap,
- DYNAMIC_TYPE_OCSP_ENTRY);
- if (single->next == NULL) {
- ret = MEMORY_E;
- }
- else {
- XMEMSET(single->next, 0, sizeof(OcspEntry));
- single->next->status = (CertStatus*)XMALLOC(sizeof(CertStatus),
- resp->heap, DYNAMIC_TYPE_OCSP_STATUS);
- if (single->next->status == NULL) {
- XFREE(single->next, resp->heap, DYNAMIC_TYPE_OCSP_ENTRY);
- single->next = NULL;
- ret = MEMORY_E;
- }
- else {
- XMEMSET(single->next->status, 0, sizeof(CertStatus));
- /* Entry to be freed. */
- single->next->isDynamic = 1;
- /* used will be 0 (false) */
- single = single->next;
- }
- }
- }
- if (ret == 0) {
- /* Decode SingleResponse into OcspEntry. */
- ret = DecodeSingleResponse(source, &idx,
- dataASN[OCSPRESPDATAASN_IDX_RESPEXT].offset,
- (int)dataASN[OCSPRESPDATAASN_IDX_RESP].length, single);
- /* single->used set on successful decode. */
- }
- }
- /* Check if there were extensions. */
- if ((ret == 0) &&
- (dataASN[OCSPRESPDATAASN_IDX_RESPEXT].data.buffer.data != NULL)) {
- /* Get index of [1] */
- idx = dataASN[OCSPRESPDATAASN_IDX_RESPEXT].offset;
- /* Decode the response extensions. */
- if (DecodeOcspRespExtensions(source, &idx, resp, *ioIndex) < 0) {
- ret = ASN_PARSE_E;
- }
- }
- FREE_ASNGETDATA(dataASN, resp->heap);
- return ret;
- #endif
- }
- #ifndef WOLFSSL_ASN_TEMPLATE
- #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
- static int DecodeCerts(byte* source,
- word32* ioIndex, OcspResponse* resp, word32 size)
- {
- word32 idx = *ioIndex;
- byte tag;
- WOLFSSL_ENTER("DecodeCerts");
- if (GetASNTag(source, &idx, &tag, size) < 0)
- return ASN_PARSE_E;
- if (tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC))
- {
- int length;
- if (GetLength(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- resp->cert = source + idx;
- resp->certSz = length;
- idx += length;
- }
- *ioIndex = idx;
- return 0;
- }
- #endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for BasicOCSPResponse.
- * RFC 6960, 4.2.1 - ASN.1 Specification of the OCSP Response
- */
- static const ASNItem ocspBasicRespASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* tbsResponseData */
- /* TBS_SEQ */ { 1, ASN_SEQUENCE, 1, 0, 0, },
- /* signatureAlgorithm */
- /* SIGALGO */ { 1, ASN_SEQUENCE, 1, 1, 0, },
- /* SIGALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* SIGALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 },
- /* parameters */
- #ifdef WC_RSA_PSS
- /* SIGALGO_PARAMS */ { 2, ASN_SEQUENCE, 1, 0, 1 },
- #endif
- /* signature */
- /* SIGNATURE */ { 1, ASN_BIT_STRING, 0, 0, 0 },
- /* certs */
- /* CERTS */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
- /* CERTS_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0, },
- };
- enum {
- OCSPBASICRESPASN_IDX_SEQ = 0,
- OCSPBASICRESPASN_IDX_TBS_SEQ,
- OCSPBASICRESPASN_IDX_SIGALGO,
- OCSPBASICRESPASN_IDX_SIGALGO_OID,
- OCSPBASICRESPASN_IDX_SIGALGO_NULL,
- #ifdef WC_RSA_PSS
- OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS,
- #endif
- OCSPBASICRESPASN_IDX_SIGNATURE,
- OCSPBASICRESPASN_IDX_CERTS,
- OCSPBASICRESPASN_IDX_CERTS_SEQ,
- };
- /* Number of items in ASN.1 template for BasicOCSPResponse. */
- #define ocspBasicRespASN_Length (sizeof(ocspBasicRespASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
- OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length;
- word32 idx = *ioIndex;
- #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
- word32 end_index;
- #endif
- int ret;
- int sigLength;
- const byte* sigParams = NULL;
- word32 sigParamsSz = 0;
- WOLFSSL_ENTER("DecodeBasicOcspResponse");
- (void)heap;
- if (GetSequence(source, &idx, &length, size) < 0)
- return ASN_PARSE_E;
- if (idx + length > size)
- return ASN_INPUT_E;
- #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
- end_index = idx + length;
- #endif
- if ((ret = DecodeResponseData(source, &idx, resp, size)) < 0)
- return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */
- /* Get the signature algorithm */
- if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0) {
- return ASN_PARSE_E;
- }
- #ifdef WC_RSA_PSS
- else if (resp->sigOID == CTC_RSASSAPSS) {
- word32 sz;
- int len;
- const byte* params;
- sz = idx;
- params = source + idx;
- if (GetSequence(source, &idx, &len, size) < 0)
- ret = ASN_PARSE_E;
- if (ret == 0) {
- idx += len;
- sigParams = params;
- sigParamsSz = idx - sz;
- }
- }
- #endif
- ret = CheckBitString(source, &idx, &sigLength, size, 1, NULL);
- if (ret != 0)
- return ret;
- resp->sigSz = sigLength;
- resp->sig = source + idx;
- idx += sigLength;
- /*
- * Check the length of the BasicOcspResponse against the current index to
- * see if there are certificates, they are optional.
- */
- #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
- if (idx < end_index)
- {
- int cert_inited = 0;
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert *cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert == NULL)
- return MEMORY_E;
- #else
- DecodedCert cert[1];
- #endif
- do {
- if (DecodeCerts(source, &idx, resp, size) < 0) {
- ret = ASN_PARSE_E;
- break;
- }
- InitDecodedCert(cert, resp->cert, resp->certSz, heap);
- cert_inited = 1;
- /* Don't verify if we don't have access to Cert Manager. */
- ret = ParseCertRelative(cert, CERT_TYPE,
- noVerify ? NO_VERIFY : VERIFY_OCSP_CERT,
- cm);
- if (ret < 0) {
- WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
- break;
- }
- #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
- if ((cert->extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) {
- if (XMEMCMP(cert->subjectHash,
- resp->single->issuerHash, OCSP_DIGEST_SIZE) == 0) {
- WOLFSSL_MSG("\tOCSP Response signed by issuer");
- }
- else {
- WOLFSSL_MSG("\tOCSP Responder key usage check failed");
- #ifdef OPENSSL_EXTRA
- resp->verifyError = OCSP_BAD_ISSUER;
- #else
- ret = BAD_OCSP_RESPONDER;
- break;
- #endif
- }
- }
- #endif
- /* ConfirmSignature is blocking here */
- ret = ConfirmSignature(
- &cert->sigCtx,
- resp->response, resp->responseSz,
- cert->publicKey, cert->pubKeySize, cert->keyOID,
- resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
- NULL);
- if (ret != 0) {
- WOLFSSL_MSG("\tOCSP Confirm signature failed");
- ret = ASN_OCSP_CONFIRM_E;
- break;
- }
- } while(0);
- if (cert_inited)
- FreeDecodedCert(cert);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (ret != 0)
- return ret;
- }
- else
- #endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
- {
- Signer* ca;
- int sigValid = -1;
- #ifndef NO_SKID
- ca = GetCA(cm, resp->single->issuerKeyHash);
- #else
- ca = GetCA(cm, resp->single->issuerHash);
- #endif
- if (ca) {
- SignatureCtx sigCtx;
- InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
- /* ConfirmSignature is blocking here */
- sigValid = ConfirmSignature(&sigCtx, resp->response,
- resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
- resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
- NULL);
- }
- if (ca == NULL || sigValid != 0) {
- WOLFSSL_MSG("\tOCSP Confirm signature failed");
- return ASN_OCSP_CONFIRM_E;
- }
- (void)noVerify;
- }
- *ioIndex = idx;
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, ocspBasicRespASN_Length);
- int ret = 0;
- word32 idx = *ioIndex;
- const byte* sigParams = NULL;
- word32 sigParamsSz = 0;
- #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert* cert = NULL;
- #else
- DecodedCert cert[1];
- #endif
- int certInit = 0;
- #endif
- WOLFSSL_ENTER("DecodeBasicOcspResponse");
- (void)heap;
- CALLOC_ASNGETDATA(dataASN, ocspBasicRespASN_Length, ret, heap);
- if (ret == 0) {
- /* Set expecting signature OID. */
- GetASN_OID(&dataASN[OCSPBASICRESPASN_IDX_SIGALGO_OID], oidSigType);
- /* Decode BasicOCSPResponse. */
- ret = GetASN_Items(ocspBasicRespASN, dataASN, ocspBasicRespASN_Length,
- 1, source, &idx, size);
- }
- if (ret == 0) {
- word32 dataIdx = 0;
- /* Decode the response data. */
- ret = DecodeResponseData(
- GetASNItem_Addr(dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], source),
- &dataIdx, resp,
- GetASNItem_Length(dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], source)
- );
- }
- #ifdef WC_RSA_PSS
- if (ret == 0 && (dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS].tag != 0)) {
- sigParams = GetASNItem_Addr(
- dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS],
- source);
- sigParamsSz =
- GetASNItem_Length(dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS],
- source);
- }
- #endif
- if (ret == 0) {
- /* Get the signature OID and signature. */
- resp->sigOID = dataASN[OCSPBASICRESPASN_IDX_SIGALGO_OID].data.oid.sum;
- GetASN_GetRef(&dataASN[OCSPBASICRESPASN_IDX_SIGNATURE], &resp->sig,
- &resp->sigSz);
- }
- #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
- if ((ret == 0) &&
- (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
- /* TODO: support more than one certificate. */
- /* Store reference to certificate BER data. */
- GetASN_GetRef(&dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ], &resp->cert,
- &resp->certSz);
- /* Allocate a certificate object to decode cert into. */
- #ifdef WOLFSSL_SMALL_STACK
- cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cert == NULL) {
- ret = MEMORY_E;
- }
- }
- if ((ret == 0) &&
- (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
- #endif
- /* Initialize the certificate object. */
- InitDecodedCert(cert, resp->cert, resp->certSz, heap);
- certInit = 1;
- /* Parse the certificate and don't verify if we don't have access to
- * Cert Manager. */
- ret = ParseCertRelative(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY,
- cm);
- if (ret < 0) {
- WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
- }
- }
- #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
- if ((ret == 0) &&
- (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL) &&
- !noVerify) {
- ret = CheckOcspResponder(resp, cert, cm);
- }
- #endif /* WOLFSSL_NO_OCSP_ISSUER_CHECK */
- if ((ret == 0) &&
- (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
- /* TODO: ConfirmSignature is blocking here */
- /* Check the signature of the response. */
- ret = ConfirmSignature(&cert->sigCtx, resp->response, resp->responseSz,
- cert->publicKey, cert->pubKeySize, cert->keyOID, resp->sig,
- resp->sigSz, resp->sigOID, NULL, 0, NULL);
- if (ret != 0) {
- WOLFSSL_MSG("\tOCSP Confirm signature failed");
- ret = ASN_OCSP_CONFIRM_E;
- }
- }
- if ((ret == 0) &&
- (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data == NULL))
- #else
- if (ret == 0)
- #endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
- {
- Signer* ca;
- int sigValid = -1;
- /* Response didn't have a certificate - lookup CA. */
- #ifndef NO_SKID
- ca = GetCA(cm, resp->single->issuerKeyHash);
- #else
- ca = GetCA(cm, resp->single->issuerHash);
- #endif
- if (ca) {
- SignatureCtx sigCtx;
- /* Initialize he signature context. */
- InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
- /* TODO: ConfirmSignature is blocking here */
- /* Check the signature of the response CA public key. */
- sigValid = ConfirmSignature(&sigCtx, resp->response,
- resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
- resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
- NULL);
- }
- if ((ca == NULL) || (sigValid != 0)) {
- /* Didn't find certificate or signature verificate failed. */
- WOLFSSL_MSG("\tOCSP Confirm signature failed");
- ret = ASN_OCSP_CONFIRM_E;
- }
- }
- if (ret == 0) {
- /* Update the position to after response data. */
- *ioIndex = idx;
- }
- #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
- if (certInit) {
- FreeDecodedCert(cert);
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (cert != NULL) {
- /* Dispose of certificate object. */
- XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #endif
- FREE_ASNGETDATA(dataASN, heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status,
- byte* source, word32 inSz, void* heap)
- {
- WOLFSSL_ENTER("InitOcspResponse");
- XMEMSET(status, 0, sizeof(CertStatus));
- XMEMSET(single, 0, sizeof(OcspEntry));
- XMEMSET(resp, 0, sizeof(OcspResponse));
- single->status = status;
- resp->responseStatus = -1;
- resp->single = single;
- resp->source = source;
- resp->maxIdx = inSz;
- resp->heap = heap;
- }
- void FreeOcspResponse(OcspResponse* resp)
- {
- OcspEntry *single, *next;
- if (resp != NULL) {
- for (single = resp->single; single; single = next) {
- next = single->next;
- if (single->isDynamic) {
- XFREE(single->status, resp->heap, DYNAMIC_TYPE_OCSP_STATUS);
- XFREE(single, resp->heap, DYNAMIC_TYPE_OCSP_ENTRY);
- }
- }
- }
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for OCSPResponse.
- * RFC 6960, 4.2.1 - ASN.1 Specification of the OCSP Response
- */
- static const ASNItem ocspResponseASN[] = {
- /* OCSPResponse ::= SEQUENCE */
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* responseStatus OCSPResponseStatus */
- /* STATUS */ { 1, ASN_ENUMERATED, 0, 0, 0, },
- /* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL */
- /* BYTES */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
- /* ResponseBytes ::= SEQUENCE */
- /* BYTES_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* responseType OBJECT IDENTIFIER */
- /* BYTES_TYPE */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* response OCTET STRING */
- /* BYTES_VAL */ { 3, ASN_OCTET_STRING, 0, 0, 0 },
- };
- enum {
- OCSPRESPONSEASN_IDX_SEQ = 0,
- OCSPRESPONSEASN_IDX_STATUS,
- OCSPRESPONSEASN_IDX_BYTES,
- OCSPRESPONSEASN_IDX_BYTES_SEQ,
- OCSPRESPONSEASN_IDX_BYTES_TYPE,
- OCSPRESPONSEASN_IDX_BYTES_VAL,
- };
- /* Number of items in ASN.1 template for OCSPResponse. */
- #define ocspResponseASN_Length (sizeof(ocspResponseASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- int length = 0;
- word32 idx = 0;
- byte* source = resp->source;
- word32 size = resp->maxIdx;
- word32 oid;
- byte tag;
- WOLFSSL_ENTER("OcspResponseDecode");
- /* peel the outer SEQUENCE wrapper */
- if (GetSequence(source, &idx, &length, size) < 0) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- /* First get the responseStatus, an ENUMERATED */
- if (GetEnumerated(source, &idx, &resp->responseStatus, size) < 0) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- if (resp->responseStatus != OCSP_SUCCESSFUL) {
- WOLFSSL_LEAVE("OcspResponseDecode", 0);
- return 0;
- }
- /* Next is an EXPLICIT record called ResponseBytes, OPTIONAL */
- if (idx >= size) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- if (GetASNTag(source, &idx, &tag, size) < 0) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- if (GetLength(source, &idx, &length, size) < 0) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- /* Get the responseBytes SEQUENCE */
- if (GetSequence(source, &idx, &length, size) < 0) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- /* Check ObjectID for the resposeBytes */
- if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- if (oid != OCSP_BASIC_OID) {
- WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
- return ASN_PARSE_E;
- }
- ret = GetOctetString(source, &idx, &length, size);
- if (ret < 0) {
- WOLFSSL_LEAVE("OcspResponseDecode", ret);
- return ret;
- }
- ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, noVerify);
- if (ret < 0) {
- WOLFSSL_LEAVE("OcspResponseDecode", ret);
- return ret;
- }
- WOLFSSL_LEAVE("OcspResponseDecode", 0);
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, ocspResponseASN_Length);
- int ret = 0;
- word32 idx = 0, size = resp->maxIdx;
- byte* source = resp->source;
- byte status = 0;
- byte* basic;
- word32 basicSz;
- WOLFSSL_ENTER("OcspResponseDecode");
- CALLOC_ASNGETDATA(dataASN, ocspResponseASN_Length, ret, resp->heap);
- if (ret == 0) {
- /* Set variable to put status in and expect OCSP OID. */
- GetASN_Int8Bit(&dataASN[OCSPRESPONSEASN_IDX_STATUS], &status);
- GetASN_OID(&dataASN[OCSPRESPONSEASN_IDX_BYTES_TYPE], oidOcspType);
- /* Decode OCSPResponse (and ResponseBytes). */
- ret = GetASN_Items(ocspResponseASN, dataASN, ocspResponseASN_Length, 1,
- source, &idx, size);
- }
- if (ret == 0) {
- /* Get response. */
- resp->responseStatus = status;
- if (dataASN[OCSPRESPONSEASN_IDX_BYTES_TYPE].data.oid.sum
- == OCSP_BASIC_OID) {
- /* Get reference to BasicOCSPResponse. */
- GetASN_GetRef(&dataASN[OCSPRESPONSEASN_IDX_BYTES_VAL], &basic,
- &basicSz);
- idx = 0;
- /* Decode BasicOCSPResponse. */
- ret = DecodeBasicOcspResponse(basic, &idx, resp, basicSz, cm, heap,
- noVerify);
- }
- /* Only support BasicOCSPResponse. */
- else {
- ret = ASN_PARSE_E;
- }
- }
- FREE_ASNGETDATA(dataASN, resp->heap);
- WOLFSSL_LEAVE("OcspResponseDecode", ret);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for OCSP nonce extension.
- * RFC 6960, 4.4.1 - Nonce
- * X.509: RFC 5280, 4.1 - Basic Certificate Fields. (Extension)
- */
- static const ASNItem ocspNonceExtASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* Extension */
- /* EXT */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* extnId */
- /* EXT_OID */ {2, ASN_OBJECT_ID, 0, 0, 0 },
- /* critical not encoded. */
- /* extnValue */
- /* EXT_VAL */ {2, ASN_OCTET_STRING, 0, 1, 0 },
- /* nonce */
- /* EXT_NONCE */ {3, ASN_OCTET_STRING, 0, 0, 0 },
- };
- enum {
- OCSPNONCEEXTASN_IDX_SEQ = 0,
- OCSPNONCEEXTASN_IDX_EXT,
- OCSPNONCEEXTASN_IDX_EXT_OID,
- OCSPNONCEEXTASN_IDX_EXT_VAL,
- OCSPNONCEEXTASN_IDX_EXT_NONCE,
- };
- /* Number of items in ASN.1 template for OCSP nonce extension. */
- #define ocspNonceExtASN_Length (sizeof(ocspNonceExtASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size)
- {
- const byte NonceObjId[] = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x30, 0x01, 0x02 };
- #ifndef WOLFSSL_ASN_TEMPLATE
- byte seqArray[5][MAX_SEQ_SZ];
- word32 seqSz[5], totalSz = (word32)sizeof(NonceObjId);
- WOLFSSL_ENTER("SetOcspReqExtensions");
- if (!req || !output || !req->nonceSz)
- return 0;
- totalSz += req->nonceSz;
- totalSz += seqSz[0] = SetOctetString(req->nonceSz, seqArray[0]);
- totalSz += seqSz[1] = SetOctetString(req->nonceSz + seqSz[0], seqArray[1]);
- totalSz += seqSz[2] = SetObjectId(sizeof(NonceObjId), seqArray[2]);
- totalSz += seqSz[3] = SetSequence(totalSz, seqArray[3]);
- totalSz += seqSz[4] = SetSequence(totalSz, seqArray[4]);
- if (totalSz > size)
- return 0;
- totalSz = 0;
- XMEMCPY(output + totalSz, seqArray[4], seqSz[4]);
- totalSz += seqSz[4];
- XMEMCPY(output + totalSz, seqArray[3], seqSz[3]);
- totalSz += seqSz[3];
- XMEMCPY(output + totalSz, seqArray[2], seqSz[2]);
- totalSz += seqSz[2];
- XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId));
- totalSz += (word32)sizeof(NonceObjId);
- XMEMCPY(output + totalSz, seqArray[1], seqSz[1]);
- totalSz += seqSz[1];
- XMEMCPY(output + totalSz, seqArray[0], seqSz[0]);
- totalSz += seqSz[0];
- XMEMCPY(output + totalSz, req->nonce, req->nonceSz);
- totalSz += req->nonceSz;
- return totalSz;
- #else
- int ret = 0;
- WOLFSSL_ENTER("SetOcspReqExtensions");
- /* Check request has nonce to write in extension. */
- if (req != NULL && req->nonceSz != 0) {
- DECL_ASNSETDATA(dataASN, ocspNonceExtASN_Length);
- int sz = 0;
- CALLOC_ASNSETDATA(dataASN, ocspNonceExtASN_Length, ret, req->heap);
- if (ret == 0) {
- /* Set nonce extension OID and nonce. */
- SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_OID], NonceObjId,
- sizeof(NonceObjId));
- SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_NONCE], req->nonce,
- (word32)req->nonceSz);
- /* Calculate size of nonce extension. */
- ret = SizeASN_Items(ocspNonceExtASN, dataASN,
- ocspNonceExtASN_Length, &sz);
- }
- /* Check buffer big enough for encoding if supplied. */
- if ((ret == 0) && (output != NULL) && (sz > (int)size)) {
- ret = BUFFER_E;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode nonce extension. */
- SetASN_Items(ocspNonceExtASN, dataASN, ocspNonceExtASN_Length,
- output);
- }
- if (ret == 0) {
- /* Return size of encoding. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, req->heap);
- }
- return (word32)ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for OCSPRequest.
- * RFC 6960, 4.1.1 - ASN.1 Specification of the OCSP Request
- */
- static const ASNItem ocspRequestASN[] = {
- /* OCSPRequest */
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* tbsRequest */
- /* TBS */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* version not written - v1 */
- /* requestorName not written */
- /* requestList */
- /* TBS_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* Request */
- /* TBS_LIST */ { 3, ASN_SEQUENCE, 1, 1, 0 },
- /* reqCert */
- /* TBS_REQ_CID */ { 4, ASN_SEQUENCE, 1, 1, 0 },
- /* hashAlgorithm */
- /* TBS_REQ_HASH */ { 5, ASN_SEQUENCE, 1, 1, 0 },
- /* TBS_REQ_HASH_OID */ { 6, ASN_OBJECT_ID, 0, 0, 0 },
- /* issuerNameHash */
- /* TBS_REQ_ISSUER */ { 5, ASN_OCTET_STRING, 0, 0, 0 },
- /* issuerKeyHash */
- /* TBS_REQ_ISSUERKEY */ { 5, ASN_OCTET_STRING, 0, 0, 0 },
- /* serialNumber */
- /* TBS_REQ_SERIAL */ { 5, ASN_INTEGER, 0, 0, 0 },
- /* requestExtensions */
- /* TBS_REQEXT */ { 2, ASN_CONTEXT_SPECIFIC | 2, 1, 0, 0 },
- /* optionalSignature not written. */
- };
- enum {
- OCSPREQUESTASN_IDX_SEQ = 0,
- OCSPREQUESTASN_IDX_TBS,
- OCSPREQUESTASN_IDX_TBS_SEQ,
- OCSPREQUESTASN_IDX_TBS_LIST,
- OCSPREQUESTASN_IDX_TBS_REQ_CID,
- OCSPREQUESTASN_IDX_TBS_REQ_HASH,
- OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID,
- OCSPREQUESTASN_IDX_TBS_REQ_ISSUER,
- OCSPREQUESTASN_IDX_TBS_REQ_ISSUERKEY,
- OCSPREQUESTASN_IDX_TBS_REQ_SERIAL,
- OCSPREQUESTASN_IDX_TBS_REQEXT,
- };
- /* Number of items in ASN.1 template for OCSPRequest. */
- #define ocspRequestASN_Length (sizeof(ocspRequestASN) / sizeof(ASNItem))
- #endif
- int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- byte seqArray[5][MAX_SEQ_SZ];
- /* The ASN.1 of the OCSP Request is an onion of sequences */
- byte algoArray[MAX_ALGO_SZ];
- byte issuerArray[MAX_ENCODED_DIG_SZ];
- byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
- byte snArray[MAX_SN_SZ];
- byte extArray[MAX_OCSP_EXT_SZ];
- word32 seqSz[5], algoSz, issuerSz, issuerKeySz, extSz, totalSz;
- int i, snSz;
- int keyIdSz;
- WOLFSSL_ENTER("EncodeOcspRequest");
- #ifdef NO_SHA
- algoSz = SetAlgoID(SHA256h, algoArray, oidHashType, 0);
- keyIdSz = WC_SHA256_DIGEST_SIZE;
- #else
- algoSz = SetAlgoID(SHAh, algoArray, oidHashType, 0);
- keyIdSz = WC_SHA_DIGEST_SIZE;
- #endif
- issuerSz = SetDigest(req->issuerHash, keyIdSz, issuerArray);
- issuerKeySz = SetDigest(req->issuerKeyHash, keyIdSz, issuerKeyArray);
- snSz = SetSerialNumber(req->serial, req->serialSz, snArray,
- MAX_SN_SZ, MAX_SN_SZ);
- extSz = 0;
- if (snSz < 0)
- return snSz;
- if (req->nonceSz) {
- /* TLS Extensions use this function too - put extensions after
- * ASN.1: Context Specific [2].
- */
- extSz = EncodeOcspRequestExtensions(req, extArray + 2,
- OCSP_NONCE_EXT_SZ);
- extSz += SetExplicit(2, extSz, extArray, 0);
- }
- totalSz = algoSz + issuerSz + issuerKeySz + snSz;
- for (i = 4; i >= 0; i--) {
- seqSz[i] = SetSequence(totalSz, seqArray[i]);
- totalSz += seqSz[i];
- if (i == 2) totalSz += extSz;
- }
- if (output == NULL)
- return totalSz;
- if (totalSz > size)
- return BUFFER_E;
- totalSz = 0;
- for (i = 0; i < 5; i++) {
- XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
- totalSz += seqSz[i];
- }
- XMEMCPY(output + totalSz, algoArray, algoSz);
- totalSz += algoSz;
- XMEMCPY(output + totalSz, issuerArray, issuerSz);
- totalSz += issuerSz;
- XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
- totalSz += issuerKeySz;
- XMEMCPY(output + totalSz, snArray, snSz);
- totalSz += snSz;
- if (extSz != 0) {
- XMEMCPY(output + totalSz, extArray, extSz);
- totalSz += extSz;
- }
- return totalSz;
- #else
- DECL_ASNSETDATA(dataASN, ocspRequestASN_Length);
- word32 extSz = 0;
- int sz = 0;
- int ret = 0;
- word32 keyIdSz;
- WOLFSSL_ENTER("EncodeOcspRequest");
- CALLOC_ASNSETDATA(dataASN, ocspRequestASN_Length, ret, req->heap);
- if (ret == 0) {
- /* Set OID of hash algorithm use on issuer and key. */
- #ifdef NO_SHA
- SetASN_OID(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID], SHA256h,
- oidHashType);
- keyIdSz = WC_SHA256_DIGEST_SIZE;
- #else
- SetASN_OID(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID], SHAh,
- oidHashType);
- keyIdSz = WC_SHA_DIGEST_SIZE;
- #endif
- /* Set issuer, issuer key hash and serial number of certificate being
- * checked. */
- SetASN_Buffer(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_ISSUER],
- req->issuerHash, keyIdSz);
- SetASN_Buffer(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_ISSUERKEY],
- req->issuerKeyHash, keyIdSz);
- SetASN_Buffer(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_SERIAL],
- req->serial, (word32)req->serialSz);
- /* Only extension to write is nonce - check if one to encode. */
- if (req->nonceSz) {
- /* Get size of extensions and leave space for them in encoding. */
- ret = (int)(extSz = EncodeOcspRequestExtensions(req, NULL, 0));
- SetASN_Buffer(&dataASN[OCSPREQUESTASN_IDX_TBS_REQEXT], NULL, extSz);
- if (ret > 0) {
- ret = 0;
- }
- }
- else {
- /* Don't write out extensions. */
- dataASN[OCSPREQUESTASN_IDX_TBS_REQEXT].noOut = 1;
- }
- }
- if (ret == 0) {
- /* Calculate size of encoding. */
- ret = SizeASN_Items(ocspRequestASN, dataASN, ocspRequestASN_Length,
- &sz);
- }
- /* Check buffer big enough for encoding if supplied. */
- if ((ret == 0) && (output != NULL) && (sz > (int)size)) {
- ret = BUFFER_E;
- }
- if ((ret == 0) && (output != NULL)) {
- /* Encode OCSPRequest. */
- SetASN_Items(ocspRequestASN, dataASN, ocspRequestASN_Length, output);
- if (req->nonceSz) {
- /* Encode extensions into space provided. */
- ret = (int)EncodeOcspRequestExtensions(req,
- (byte*)dataASN[OCSPREQUESTASN_IDX_TBS_REQEXT].data.buffer.data,
- extSz);
- if (ret > 0) {
- ret = 0;
- }
- }
- }
- if (ret == 0) {
- /* Return size of encoding. */
- ret = sz;
- }
- FREE_ASNSETDATA(dataASN, req->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce,
- void* heap)
- {
- int ret;
- WOLFSSL_ENTER("InitOcspRequest");
- if (req == NULL)
- return BAD_FUNC_ARG;
- XMEMSET(req, 0, sizeof(OcspRequest));
- req->heap = heap;
- if (cert) {
- XMEMCPY(req->issuerHash, cert->issuerHash, KEYID_SIZE);
- XMEMCPY(req->issuerKeyHash, cert->issuerKeyHash, KEYID_SIZE);
- req->serial = (byte*)XMALLOC((size_t)cert->serialSz, req->heap,
- DYNAMIC_TYPE_OCSP_REQUEST);
- if (req->serial == NULL)
- return MEMORY_E;
- XMEMCPY(req->serial, cert->serial, (size_t)cert->serialSz);
- req->serialSz = cert->serialSz;
- if (cert->extAuthInfoSz != 0 && cert->extAuthInfo != NULL) {
- req->url = (byte*)XMALLOC((size_t)cert->extAuthInfoSz + 1,
- req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
- if (req->url == NULL) {
- XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
- req->serial = NULL;
- return MEMORY_E;
- }
- XMEMCPY(req->url, cert->extAuthInfo, (size_t)cert->extAuthInfoSz);
- req->urlSz = cert->extAuthInfoSz;
- req->url[req->urlSz] = 0;
- }
- }
- if (useNonce) {
- WC_RNG rng;
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, req->heap, INVALID_DEVID);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OCSP Nonce.");
- } else {
- if (wc_RNG_GenerateBlock(&rng, req->nonce, MAX_OCSP_NONCE_SZ) != 0)
- WOLFSSL_MSG("\tCannot run RNG. Skipping the OCSP Nonce.");
- else
- req->nonceSz = MAX_OCSP_NONCE_SZ;
- wc_FreeRng(&rng);
- }
- }
- return 0;
- }
- void FreeOcspRequest(OcspRequest* req)
- {
- WOLFSSL_ENTER("FreeOcspRequest");
- if (req) {
- if (req->serial)
- XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
- req->serial = NULL;
- #ifdef OPENSSL_EXTRA
- if (req->serialInt) {
- if (req->serialInt->isDynamic) {
- XFREE(req->serialInt->data, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- XFREE(req->serialInt, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- req->serialInt = NULL;
- #endif
- if (req->url)
- XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
- req->url = NULL;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
- defined(HAVE_LIGHTY)
- if (req->cid != NULL)
- wolfSSL_OCSP_CERTID_free((WOLFSSL_OCSP_CERTID*)req->cid);
- req->cid = NULL;
- #endif
- }
- }
- int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
- {
- int cmp = -1; /* default as not matching, cmp gets set on each check */
- int ocspDigestSize;
- OcspEntry *single, *next, *prev = NULL, *top;
- WOLFSSL_ENTER("CompareOcspReqResp");
- if (req == NULL) {
- WOLFSSL_MSG("\tReq missing");
- return -1;
- }
- if (resp == NULL || resp->single == NULL) {
- WOLFSSL_MSG("\tResp missing");
- return 1;
- }
- /* Nonces are not critical. The responder may not necessarily add
- * the nonce to the response. */
- if (req->nonceSz && resp->nonce != NULL
- #ifndef WOLFSSL_FORCE_OCSP_NONCE_CHECK
- && resp->nonceSz != 0
- #endif
- ) {
- cmp = req->nonceSz - resp->nonceSz;
- if (cmp != 0) {
- WOLFSSL_MSG("\tnonceSz mismatch");
- return cmp;
- }
- cmp = XMEMCMP(req->nonce, resp->nonce, (size_t)req->nonceSz);
- if (cmp != 0) {
- WOLFSSL_MSG("\tnonce mismatch");
- return cmp;
- }
- }
- /* match based on found status and return */
- for (single = resp->single; single; single = next) {
- #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
- ocspDigestSize = wc_HashGetDigestSize(
- wc_OidGetHash(single->hashAlgoOID));
- #else
- ocspDigestSize = OCSP_DIGEST_SIZE;
- #endif
- cmp = req->serialSz - single->status->serialSz;
- if (cmp == 0) {
- cmp = XMEMCMP(req->serial, single->status->serial,
- (size_t)req->serialSz)
- || XMEMCMP(req->issuerHash, single->issuerHash,
- (size_t)ocspDigestSize)
- || XMEMCMP(req->issuerKeyHash, single->issuerKeyHash,
- (size_t)ocspDigestSize);
- if (cmp == 0) {
- /* match found */
- if (resp->single != single && prev) {
- /* move to top of list */
- top = resp->single;
- resp->single = single;
- prev->next = single->next;
- single->next = top;
- }
- break;
- }
- }
- next = single->next;
- prev = single;
- }
- if (cmp != 0) {
- WOLFSSL_MSG("\trequest and response mismatch");
- return cmp;
- }
- return 0;
- }
- #endif /* HAVE_OCSP */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for certificate name hash. */
- static const ASNItem nameHashASN[] = {
- /* OID */ { 0, ASN_OBJECT_ID, 0, 0, 1 },
- /* NAME */ { 0, ASN_SEQUENCE, 1, 0, 0 },
- };
- enum {
- NAMEHASHASN_IDX_OID = 0,
- NAMEHASHASN_IDX_NAME
- };
- /* Number of items in ASN.1 template for certificate name hash. */
- #define nameHashASN_Length (sizeof(nameHashASN) / sizeof(ASNItem))
- #endif /* WOLFSSL_ASN_TEMPLATE */
- /* store WC_SHA hash of NAME */
- int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx)
- {
- /* Use summy signature OID. */
- return GetNameHash_ex(source, idx, hash, maxIdx, 0);
- }
- /* store WC_SHA hash of NAME */
- int GetNameHash_ex(const byte* source, word32* idx, byte* hash, int maxIdx,
- word32 sigOID)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length; /* length of all distinguished names */
- int ret;
- word32 dummy;
- byte tag;
- WOLFSSL_ENTER("GetNameHash");
- dummy = *idx;
- if (GetASNTag(source, &dummy, &tag, (word32)maxIdx) == 0 &&
- tag == ASN_OBJECT_ID) {
- WOLFSSL_MSG("Trying optional prefix...");
- if (GetLength(source, idx, &length, (word32)maxIdx) < 0)
- return ASN_PARSE_E;
- *idx += (word32)length;
- WOLFSSL_MSG("Got optional prefix");
- }
- /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be
- * calculated over the entire DER encoding of the Name field, including
- * the tag and length. */
- dummy = *idx;
- if (GetSequence(source, idx, &length, (word32)maxIdx) < 0)
- return ASN_PARSE_E;
- ret = CalcHashId_ex(source + dummy, (word32)length + *idx - dummy, hash,
- HashIdAlg(sigOID));
- *idx += (word32)length;
- return ret;
- #else
- ASNGetData dataASN[nameHashASN_Length];
- int ret;
- XMEMSET(dataASN, 0, sizeof(dataASN));
- /* Ignore the OID even when present. */
- GetASN_OID(&dataASN[NAMEHASHASN_IDX_OID], oidIgnoreType);
- /* Decode certificate name. */
- ret = GetASN_Items(nameHashASN, dataASN, nameHashASN_Length, 0, source, idx,
- (word32)maxIdx);
- if (ret == 0) {
- /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be
- * calculated over the entire DER encoding of the Name field, including
- * the tag and length. */
- /* Calculate hash of complete name including SEQUENCE. */
- ret = CalcHashId_ex(
- GetASNItem_Addr(dataASN[NAMEHASHASN_IDX_NAME], source),
- GetASNItem_Length(dataASN[NAMEHASHASN_IDX_NAME], source),
- hash, HashIdAlg(sigOID));
- }
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #if defined(HAVE_CRL) && !defined(WOLFCRYPT_ONLY)
- #ifdef OPENSSL_EXTRA
- static char* GetNameFromDer(const byte* source, int sz)
- {
- char* out;
- out = (char*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_OPENSSL);
- if (out == NULL) {
- WOLFSSL_MSG("Name malloc failed");
- return NULL;
- }
- XMEMCPY(out, source, (size_t)sz);
- return out;
- }
- #endif
- /* initialize decoded CRL */
- void InitDecodedCRL(DecodedCRL* dcrl, void* heap)
- {
- WOLFSSL_MSG("InitDecodedCRL");
- XMEMSET(dcrl, 0, sizeof(DecodedCRL));
- dcrl->heap = heap;
- #ifdef WOLFSSL_HEAP_TEST
- dcrl->heap = (void*)WOLFSSL_HEAP_TEST;
- #endif
- }
- /* free decoded CRL resources */
- void FreeDecodedCRL(DecodedCRL* dcrl)
- {
- RevokedCert* tmp = dcrl->certs;
- WOLFSSL_MSG("FreeDecodedCRL");
- while(tmp) {
- RevokedCert* next = tmp->next;
- XFREE(tmp, dcrl->heap, DYNAMIC_TYPE_REVOKED);
- tmp = next;
- }
- #ifdef OPENSSL_EXTRA
- if (dcrl->issuer != NULL)
- XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL);
- #endif
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for revoked certificates.
- * X.509: RFC 5280, 5.1 - CRL Fields
- */
- static const ASNItem revokedASN[] = {
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* userCertificate CertificateSerialNumber */
- /* CERT */ { 1, ASN_INTEGER, 0, 0, 0 },
- /* revocationDate Time */
- /* TIME_UTC */ { 1, ASN_UTC_TIME, 0, 0, 2 },
- /* TIME_GT */ { 1, ASN_GENERALIZED_TIME, 0, 0, 2 },
- /* crlEntryExensions Extensions */
- /* TIME_EXT */ { 1, ASN_SEQUENCE, 1, 0, 1 },
- };
- enum {
- REVOKEDASN_IDX_SEQ = 0,
- REVOKEDASN_IDX_CERT,
- REVOKEDASN_IDX_TIME_UTC,
- REVOKEDASN_IDX_TIME_GT,
- REVOKEDASN_IDX_TIME_EXT,
- };
- /* Number of items in ASN.1 template for revoked certificates. */
- #define revokedASN_Length (sizeof(revokedASN) / sizeof(ASNItem))
- #endif
- /* Get Revoked Cert list, 0 on success */
- static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx,
- DecodedCRL* dcrl, word32 maxIdx)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int ret;
- int len;
- word32 end;
- RevokedCert* rc;
- #ifdef CRL_STATIC_REVOKED_LIST
- int totalCerts = 0;
- #endif
- WOLFSSL_ENTER("GetRevoked");
- if (GetSequence(buff, idx, &len, maxIdx) < 0)
- return ASN_PARSE_E;
- end = *idx + len;
- #ifdef CRL_STATIC_REVOKED_LIST
- totalCerts = dcrl->totalCerts;
- if (totalCerts >= CRL_MAX_REVOKED_CERTS) {
- return MEMORY_E;
- }
- rc = &rcert[totalCerts];
- ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx);
- if (ret < 0) {
- WOLFSSL_MSG("wc_GetSerialNumber error");
- return ret;
- }
- #else
- rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap,
- DYNAMIC_TYPE_REVOKED);
- if (rc == NULL) {
- WOLFSSL_MSG("Alloc Revoked Cert failed");
- return MEMORY_E;
- }
- ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx);
- if (ret < 0) {
- WOLFSSL_MSG("wc_GetSerialNumber error");
- XFREE(rc, dcrl->heap, DYNAMIC_TYPE_REVOKED);
- return ret;
- }
- /* add to list */
- rc->next = dcrl->certs;
- dcrl->certs = rc;
- (void)rcert;
- #endif /* CRL_STATIC_REVOKED_LIST */
- dcrl->totalCerts++;
- /* get date */
- #ifndef NO_ASN_TIME
- ret = GetBasicDate(buff, idx, rc->revDate, &rc->revDateFormat, maxIdx);
- if (ret < 0) {
- WOLFSSL_MSG("Expecting Date");
- return ret;
- }
- #endif
- /* skip extensions */
- *idx = end;
- return 0;
- #else
- DECL_ASNGETDATA(dataASN, revokedASN_Length);
- int ret = 0;
- word32 serialSz = EXTERNAL_SERIAL_SIZE;
- word32 revDateSz = MAX_DATE_SIZE;
- RevokedCert* rc;
- #ifdef CRL_STATIC_REVOKED_LIST
- int totalCerts = dcrl->totalCerts;
- if (totalCerts >= CRL_MAX_REVOKED_CERTS) {
- return MEMORY_E;
- }
- rc = &rcert[totalCerts];
- #else
- /* Allocate a new revoked certificate object. */
- rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap,
- DYNAMIC_TYPE_CRL);
- if (rc == NULL) {
- ret = MEMORY_E;
- }
- #endif /* CRL_STATIC_REVOKED_LIST */
- CALLOC_ASNGETDATA(dataASN, revokedASN_Length, ret, dcrl->heap);
- if (ret == 0) {
- /* Set buffer to place serial number into. */
- GetASN_Buffer(&dataASN[REVOKEDASN_IDX_CERT], rc->serialNumber,
- &serialSz);
- /* Set buffer to store revocation date. */
- GetASN_Buffer(&dataASN[REVOKEDASN_IDX_TIME_UTC], rc->revDate,
- &revDateSz);
- GetASN_Buffer(&dataASN[REVOKEDASN_IDX_TIME_GT], rc->revDate,
- &revDateSz);
- /* Decode the Revoked */
- ret = GetASN_Items(revokedASN, dataASN, revokedASN_Length, 1, buff, idx,
- maxIdx);
- }
- if (ret == 0) {
- /* Store size of serial number. */
- rc->serialSz = (int)serialSz;
- rc->revDateFormat = (dataASN[REVOKEDASN_IDX_TIME_UTC].tag != 0)
- ? dataASN[REVOKEDASN_IDX_TIME_UTC].tag
- : dataASN[REVOKEDASN_IDX_TIME_GT].tag;
- /* TODO: use extensions, only v2 */
- /* Add revoked certificate to chain. */
- #ifndef CRL_STATIC_REVOKED_LIST
- rc->next = dcrl->certs;
- dcrl->certs = rc;
- #endif
- dcrl->totalCerts++;
- }
- FREE_ASNGETDATA(dataASN, dcrl->heap);
- #ifndef CRL_STATIC_REVOKED_LIST
- if ((ret != 0) && (rc != NULL)) {
- XFREE(rc, dcrl->heap, DYNAMIC_TYPE_CRL);
- }
- (void)rcert;
- #endif
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Parse the revoked certificates of a CRL.
- *
- * @param [in] dcrl Decoded CRL object.
- * @param [in] buff Buffer holding CRL.
- * @param [in] idx Index into buffer of revoked certificates.
- * @param [in] maxIdx Maximum index of revoked cartificates data.
- * @return 0 on success.
- * @return ASN_PARSE_E on failure.
- */
- static int ParseCRL_RevokedCerts(RevokedCert* rcert, DecodedCRL* dcrl,
- const byte* buff, word32 idx, word32 maxIdx)
- {
- int ret = 0;
- /* Parse each revoked certificate. */
- while ((ret == 0) && (idx < maxIdx)) {
- /* Parse a revoked certificate. */
- if (GetRevoked(rcert, buff, &idx, dcrl, maxIdx) < 0) {
- ret = ASN_PARSE_E;
- }
- }
- return ret;
- }
- #endif /* WOLFSSL_ASN_TEMPLATE */
- #ifndef WOLFSSL_ASN_TEMPLATE
- /* Get CRL Signature, 0 on success */
- static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl,
- int maxIdx)
- {
- int length;
- int ret;
- WOLFSSL_ENTER("GetCRL_Signature");
- ret = CheckBitString(source, idx, &length, maxIdx, 1, NULL);
- if (ret != 0)
- return ret;
- dcrl->sigLength = length;
- dcrl->signature = (byte*)&source[*idx];
- *idx += dcrl->sigLength;
- return 0;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned,
- word32 tbsSz, const byte* signature, word32 sigSz,
- word32 signatureOID, const byte* sigParams,
- int sigParamsSz, Signer *ca, void* heap)
- {
- /* try to confirm/verify signature */
- #ifndef IGNORE_KEY_EXTENSIONS
- if ((ca->keyUsage & KEYUSE_CRL_SIGN) == 0) {
- WOLFSSL_MSG("CA cannot sign CRLs");
- WOLFSSL_ERROR_VERBOSE(ASN_CRL_NO_SIGNER_E);
- return ASN_CRL_NO_SIGNER_E;
- }
- #endif /* IGNORE_KEY_EXTENSIONS */
- InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
- if (ConfirmSignature(sigCtx, toBeSigned, tbsSz, ca->publicKey,
- ca->pubKeySize, ca->keyOID, signature, sigSz,
- signatureOID, sigParams, sigParamsSz, NULL) != 0) {
- WOLFSSL_MSG("CRL Confirm signature failed");
- WOLFSSL_ERROR_VERBOSE(ASN_CRL_CONFIRM_E);
- return ASN_CRL_CONFIRM_E;
- }
- return 0;
- }
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Find the signer for the CRL and verify the signature.
- *
- * @param [in] dcrl Decoded CRL object.
- * @param [in] buff Buffer holding CRL.
- * @param [in] cm Certificate manager object.
- * @return 0 on success.
- * @return ASN_CRL_NO_SIGNER_E when no signer found.
- * @return ASN_CRL_CONFIRM_E when signature did not verify.
- */
- static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* sigParams,
- int sigParamsSz, const byte* buff, void* cm)
- {
- int ret = 0;
- Signer* ca = NULL;
- SignatureCtx sigCtx;
- /* OpenSSL doesn't add skid by default for CRLs cause firefox chokes.
- * If experiencing issues uncomment NO_SKID define in CRL section of
- * wolfssl/wolfcrypt/settings.h */
- #ifndef NO_SKID
- if (dcrl->extAuthKeyIdSet) {
- /* more unique than issuerHash */
- ca = GetCA(cm, dcrl->extAuthKeyId);
- }
- /* Check issuerHash matched CA's subjectNameHash. */
- if ((ca != NULL) && (XMEMCMP(dcrl->issuerHash, ca->subjectNameHash,
- KEYID_SIZE) != 0)) {
- ca = NULL;
- }
- if (ca == NULL) {
- ca = GetCAByName(cm, dcrl->issuerHash); /* last resort */
- /* If AKID is available then this CA doesn't have the public
- * key required */
- if (ca && dcrl->extAuthKeyIdSet) {
- WOLFSSL_MSG("CA SKID doesn't match AKID");
- ca = NULL;
- }
- }
- #else
- ca = GetCA(cm, dcrl->issuerHash);
- #endif /* !NO_SKID */
- WOLFSSL_MSG("About to verify CRL signature");
- if (ca == NULL) {
- WOLFSSL_MSG("Did NOT find CRL issuer CA");
- ret = ASN_CRL_NO_SIGNER_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- if (ret == 0) {
- WOLFSSL_MSG("Found CRL issuer CA");
- /* Verify CRL signature with CA. */
- ret = VerifyCRL_Signature(&sigCtx, buff + dcrl->certBegin,
- dcrl->sigIndex - dcrl->certBegin, dcrl->signature, dcrl->sigLength,
- dcrl->signatureOID, sigParams, sigParamsSz, ca, dcrl->heap);
- }
- return ret;
- }
- #endif
- #ifndef WOLFSSL_ASN_TEMPLATE
- static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
- const byte* buf,word32* inOutIdx, int sz, int verify)
- {
- word32 oid, dateIdx, idx, checkIdx;
- int length;
- #ifdef WOLFSSL_NO_CRL_NEXT_DATE
- int doNextDate = 1;
- #endif
- byte tag;
- if (dcrl == NULL || inOutIdx == NULL || buf == NULL) {
- return BAD_FUNC_ARG;
- }
- /* may have version */
- idx = *inOutIdx;
- checkIdx = idx;
- if (GetASNTag(buf, &checkIdx, &tag, sz) == 0 && tag == ASN_INTEGER) {
- if (GetMyVersion(buf, &idx, &dcrl->version, sz) < 0)
- return ASN_PARSE_E;
- dcrl->version++;
- }
- if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0) {
- return ASN_PARSE_E;
- }
- #ifdef WC_RSA_PSS
- else if (oid == CTC_RSASSAPSS) {
- word32 tmpSz;
- int len;
- tmpSz = idx;
- dcrl->sigParamsIndex = idx;
- if (GetSequence(buf, &idx, &len, sz) < 0) {
- dcrl->sigParamsIndex = 0;
- return ASN_PARSE_E;
- }
- idx += len;
- dcrl->sigParamsLength = idx - tmpSz;
- }
- #endif
- checkIdx = idx;
- if (GetSequence(buf, &checkIdx, &length, sz) < 0) {
- return ASN_PARSE_E;
- }
- #ifdef OPENSSL_EXTRA
- dcrl->issuerSz = length + (checkIdx - idx);
- dcrl->issuer = (byte*)GetNameFromDer(buf + idx, (int)dcrl->issuerSz);
- #endif
- if (GetNameHash_ex(buf, &idx, dcrl->issuerHash, sz, oid) < 0)
- return ASN_PARSE_E;
- if (GetBasicDate(buf, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
- return ASN_PARSE_E;
- dateIdx = idx;
- if (GetBasicDate(buf, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
- {
- #ifndef WOLFSSL_NO_CRL_NEXT_DATE
- (void)dateIdx;
- return ASN_PARSE_E;
- #else
- dcrl->nextDateFormat = ASN_OTHER_TYPE; /* skip flag */
- doNextDate = 0;
- idx = dateIdx;
- #endif
- }
- #ifdef WOLFSSL_NO_CRL_NEXT_DATE
- if (doNextDate)
- #endif
- {
- #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
- if (verify != NO_VERIFY &&
- !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
- WOLFSSL_MSG("CRL after date is no longer valid");
- WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
- return CRL_CERT_DATE_ERR;
- }
- #else
- (void)verify;
- #endif
- }
- checkIdx = idx;
- if (idx != dcrl->sigIndex &&
- GetASNTag(buf, &checkIdx, &tag, sz) == 0 && tag != CRL_EXTENSIONS) {
- int len;
- if (GetSequence(buf, &idx, &len, sz) < 0)
- return ASN_PARSE_E;
- len += idx;
- while (idx < (word32)len) {
- if (GetRevoked(rcert, buf, &idx, dcrl, len) < 0)
- return ASN_PARSE_E;
- }
- }
- *inOutIdx = idx;
- return 0;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #ifndef NO_SKID
- static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- word32 idx = 0;
- int length = 0, ret = 0;
- byte tag;
- WOLFSSL_ENTER("ParseCRL_AuthKeyIdExt");
- if (GetSequence(input, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
- if (GetASNTag(input, &idx, &tag, sz) < 0) {
- return ASN_PARSE_E;
- }
- if (tag != (ASN_CONTEXT_SPECIFIC | 0)) {
- WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available");
- return 0;
- }
- if (GetLength(input, &idx, &length, sz) <= 0) {
- WOLFSSL_MSG("\tfail: extension data length");
- return ASN_PARSE_E;
- }
- dcrl->extAuthKeyIdSet = 1;
- /* Get the hash or hash of the hash if wrong size. */
- ret = GetHashId(input + idx, length, dcrl->extAuthKeyId,
- HashIdAlg(dcrl->signatureOID));
- return ret;
- #else
- DECL_ASNGETDATA(dataASN, authKeyIdASN_Length);
- int ret = 0;
- word32 idx = 0;
- WOLFSSL_ENTER("ParseCRL_AuthKeyIdExt");
- CALLOC_ASNGETDATA(dataASN, authKeyIdASN_Length, ret, dcrl->heap);
- if (ret == 0) {
- /* Parse an authority key identifier. */
- ret = GetASN_Items(authKeyIdASN, dataASN, authKeyIdASN_Length, 1, input,
- &idx, (word32)sz);
- }
- if (ret == 0) {
- /* Key id is optional. */
- if (dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data == NULL) {
- WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available");
- }
- else {
- /* Get the hash or hash of the hash if wrong size. */
- ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data,
- (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length,
- dcrl->extAuthKeyId, HashIdAlg(dcrl->signatureOID));
- }
- }
- FREE_ASNGETDATA(dataASN, dcrl->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif
- #ifndef WOLFSSL_ASN_TEMPLATE
- static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
- word32* inOutIdx, word32 sz)
- {
- int length;
- word32 idx;
- word32 ext_bound; /* boundary index for the sequence of extensions */
- word32 oid;
- byte tag;
- WOLFSSL_ENTER("ParseCRL_Extensions");
- (void)dcrl;
- if (inOutIdx == NULL)
- return BAD_FUNC_ARG;
- idx = *inOutIdx;
- /* CRL Extensions are optional */
- if ((idx + 1) > sz)
- return 0;
- /* CRL Extensions are optional */
- if (GetASNTag(buf, &idx, &tag, sz) < 0)
- return 0;
- /* CRL Extensions are optional */
- if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
- return 0;
- if (GetLength(buf, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- if (GetSequence(buf, &idx, &length, sz) < 0)
- return ASN_PARSE_E;
- ext_bound = idx + length;
- while (idx < (word32)ext_bound) {
- word32 localIdx;
- int ret;
- if (GetSequence(buf, &idx, &length, sz) < 0) {
- WOLFSSL_MSG("\tfail: should be a SEQUENCE");
- return ASN_PARSE_E;
- }
- oid = 0;
- if (GetObjectId(buf, &idx, &oid, oidCrlExtType, sz) < 0) {
- WOLFSSL_MSG("\tfail: OBJECT ID");
- return ASN_PARSE_E;
- }
- /* check for critical flag */
- if ((idx + 1) > (word32)sz) {
- WOLFSSL_MSG("\tfail: malformed buffer");
- return BUFFER_E;
- }
- localIdx = idx;
- if (GetASNTag(buf, &localIdx, &tag, sz) == 0 && tag == ASN_BOOLEAN) {
- WOLFSSL_MSG("\tfound optional critical flag, moving past");
- ret = GetBoolean(buf, &idx, sz);
- if (ret < 0)
- return ret;
- }
- ret = GetOctetString(buf, &idx, &length, sz);
- if (ret < 0)
- return ret;
- if (oid == AUTH_KEY_OID) {
- #ifndef NO_SKID
- ret = ParseCRL_AuthKeyIdExt(buf + idx, length, dcrl);
- if (ret < 0) {
- WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension");
- return ret;
- }
- #endif
- }
- else if (oid == CRL_NUMBER_OID) {
- localIdx = idx;
- if (GetASNTag(buf, &localIdx, &tag, sz) == 0 &&
- tag == ASN_INTEGER) {
- ret = GetASNInt(buf, &idx, &length, sz);
- if (ret < 0) {
- WOLFSSL_MSG("\tcouldn't parse CRL number extension");
- return ret;
- }
- else {
- if (length > 1) {
- int i;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (m == NULL) {
- return MEMORY_E;
- }
- #else
- mp_int m[1];
- #endif
- if (mp_init(m) != MP_OKAY) {
- ret = MP_INIT_E;
- }
- if (ret == 0)
- ret = mp_read_unsigned_bin(m, buf + idx, length);
- if (ret != MP_OKAY)
- ret = BUFFER_E;
- if (ret == 0) {
- dcrl->crlNumber = 0;
- for (i = 0; i < (int)(*m).used; ++i) {
- if (i > (CHAR_BIT *
- (int)sizeof(word32) / DIGIT_BIT)) {
- break;
- }
- dcrl->crlNumber |= ((word32)(*m).dp[i]) <<
- (DIGIT_BIT * i);
- }
- }
- mp_free(m);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
- #endif
- if (ret != 0)
- return ret;
- }
- else if (length == 1) {
- dcrl->crlNumber = buf[idx];
- }
- }
- }
- }
- idx += length;
- }
- *inOutIdx = idx;
- return 0;
- }
- #else
- /* Parse the extensions of a CRL.
- *
- * @param [in] dcrl Decoded CRL object.
- * @param [in] buff Buffer holding CRL.
- * @param [in] idx Index into buffer of extensions.
- * @param [in] maxIdx Maximum index of extension data.
- * @return 0 on success.
- * @return ASN_PARSE_E on failure.
- */
- static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
- word32 maxIdx)
- {
- DECL_ASNGETDATA(dataASN, certExtASN_Length);
- int ret = 0;
- ALLOC_ASNGETDATA(dataASN, certExtASN_Length, ret, dcrl->heap);
- while ((ret == 0) && (idx < maxIdx)) {
- byte critical = 0;
- /* Clear dynamic data. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * certExtASN_Length);
- /* Ensure OID is an extension type. */
- GetASN_OID(&dataASN[CERTEXTASN_IDX_OID], oidCertExtType);
- /* Set criticality variable. */
- GetASN_Int8Bit(&dataASN[CERTEXTASN_IDX_CRIT], &critical);
- /* Parse extension wrapper. */
- ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, buf, &idx,
- maxIdx);
- if (ret == 0) {
- /* OID in extension. */
- word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum;
- /* Length of extension data. */
- int length = (int)dataASN[CERTEXTASN_IDX_VAL].length;
- if (oid == AUTH_KEY_OID) {
- #ifndef NO_SKID
- /* Parse Authority Key Id extension.
- * idx is at start of OCTET_STRING data. */
- ret = ParseCRL_AuthKeyIdExt(buf + idx, length, dcrl);
- if (ret != 0) {
- WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension");
- }
- #endif
- }
- /* TODO: Parse CRL Number extension */
- /* TODO: check criticality */
- /* Move index on to next extension. */
- idx += (word32)length;
- }
- }
- if (ret < 0) {
- ret = ASN_PARSE_E;
- }
- FREE_ASNGETDATA(dataASN, dcrl->heap);
- return ret;
- }
- #endif /* !WOLFSSL_ASN_TEMPLATE */
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* ASN.1 template for a CRL- CertificateList.
- * X.509: RFC 5280, 5.1 - CRL Fields
- */
- static const ASNItem crlASN[] = {
- /* CertificateList */
- /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 },
- /* tbsCertList */
- /* TBS */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* version Version OPTIONAL if present must be v2 */
- /* TBS_VER */ { 2, ASN_INTEGER, 0, 0, 1 },
- /* signature */
- /* TBS_SIGALGO */ { 2, ASN_SEQUENCE, 1, 1, 0 },
- /* TBS_SIGALGO_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 },
- /* TBS_SIGALGO_NULL */ { 3, ASN_TAG_NULL, 0, 0, 1 },
- /* issuer */
- #ifdef WC_RSA_PSS
- /* TBS_SIGALGO_P_SEQ */ { 3, ASN_SEQUENCE, 1, 0, 2 },
- #endif
- /* TBS_ISSUER */ { 2, ASN_SEQUENCE, 1, 0, 0 },
- /* thisUpdate */
- /* TBS_THISUPDATE_UTC */ { 2, ASN_UTC_TIME, 0, 0, 2 },
- /* TBS_THISUPDATE_GT */ { 2, ASN_GENERALIZED_TIME, 0, 0, 2 },
- /* nextUpdate */
- /* TBS_NEXTUPDATE_UTC */ { 2, ASN_UTC_TIME, 0, 0, 3 },
- /* TBS_NEXTUPDATE_GT */ { 2, ASN_GENERALIZED_TIME, 0, 0, 3 },
- /* revokedCertificates */
- /* TBS_REVOKEDCERTS */ { 2, ASN_SEQUENCE, 1, 0, 1 },
- /* crlExtensions */
- /* TBS_EXT */ { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
- /* TBS_EXT_SEQ */ { 3, ASN_SEQUENCE, 1, 0, 0 },
- /* signatureAlgorithm */
- /* SIGALGO */ { 1, ASN_SEQUENCE, 1, 1, 0 },
- /* SIGALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
- /* SIGALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 },
- #ifdef WC_RSA_PSS
- /* SIGALGO_PARAMS */ { 2, ASN_SEQUENCE, 1, 0, 2 },
- #endif
- /* signatureValue */
- /* SIGNATURE */ { 1, ASN_BIT_STRING, 0, 0, 0 },
- };
- enum {
- CRLASN_IDX_SEQ = 0,
- CRLASN_IDX_TBS,
- CRLASN_IDX_TBS_VER,
- CRLASN_IDX_TBS_SIGALGO,
- CRLASN_IDX_TBS_SIGALGO_OID,
- CRLASN_IDX_TBS_SIGALGO_NULL,
- #ifdef WC_RSA_PSS
- CRLASN_IDX_TBS_SIGALGO_PARAMS,
- #endif
- CRLASN_IDX_TBS_ISSUER,
- CRLASN_IDX_TBS_THISUPDATE_UTC,
- CRLASN_IDX_TBS_THISUPDATE_GT,
- CRLASN_IDX_TBS_NEXTUPDATE_UTC,
- CRLASN_IDX_TBS_NEXTUPDATE_GT,
- CRLASN_IDX_TBS_REVOKEDCERTS,
- CRLASN_IDX_TBS_EXT,
- CRLASN_IDX_TBS_EXT_SEQ,
- CRLASN_IDX_SIGALGO,
- CRLASN_IDX_SIGALGO_OID,
- CRLASN_IDX_SIGALGO_NULL,
- #ifdef WC_RSA_PSS
- CRLASN_IDX_SIGALGO_PARAMS,
- #endif
- CRLASN_IDX_SIGNATURE,
- };
- /* Number of items in ASN.1 template for a CRL- CertificateList. */
- #define crlASN_Length (sizeof(crlASN) / sizeof(ASNItem))
- #endif
- /* parse crl buffer into decoded state, 0 on success */
- int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
- int verify, void* cm)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- Signer* ca = NULL;
- SignatureCtx sigCtx;
- int ret = 0;
- int len;
- word32 idx = 0;
- #ifdef WC_RSA_PSS
- const byte* sigParams = NULL;
- int sigParamsSz = 0;
- #endif
- WOLFSSL_MSG("ParseCRL");
- /* raw crl hash */
- /* hash here if needed for optimized comparisons
- * wc_Sha sha;
- * wc_InitSha(&sha);
- * wc_ShaUpdate(&sha, buff, sz);
- * wc_ShaFinal(&sha, dcrl->crlHash); */
- if (GetSequence(buff, &idx, &len, sz) < 0)
- return ASN_PARSE_E;
- dcrl->certBegin = idx;
- /* Normalize sz for the length inside the outer sequence. */
- sz = len + idx;
- if (GetSequence(buff, &idx, &len, sz) < 0)
- return ASN_PARSE_E;
- dcrl->sigIndex = len + idx;
- if (ParseCRL_CertList(rcert, dcrl, buff, &idx, dcrl->sigIndex, verify) < 0)
- return ASN_PARSE_E;
- if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0)
- return ASN_PARSE_E;
- idx = dcrl->sigIndex;
- if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0) {
- return ASN_PARSE_E;
- }
- #ifdef WC_RSA_PSS
- else if (dcrl->signatureOID == CTC_RSASSAPSS) {
- word32 tmpSz;
- const byte* params;
- tmpSz = idx;
- params = buff + idx;
- if (GetSequence(buff, &idx, &len, sz) < 0) {
- return ASN_PARSE_E;
- }
- idx += len;
- sigParams = params;
- sigParamsSz = idx - tmpSz;
- }
- #endif
- if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0)
- return ASN_PARSE_E;
- /* openssl doesn't add skid by default for CRLs cause firefox chokes
- if experiencing issues uncomment NO_SKID define in CRL section of
- wolfssl/wolfcrypt/settings.h */
- #ifndef NO_SKID
- if (dcrl->extAuthKeyIdSet) {
- ca = GetCA(cm, dcrl->extAuthKeyId); /* more unique than issuerHash */
- }
- if (ca != NULL && XMEMCMP(dcrl->issuerHash, ca->subjectNameHash,
- KEYID_SIZE) != 0) {
- ca = NULL;
- }
- if (ca == NULL) {
- ca = GetCAByName(cm, dcrl->issuerHash); /* last resort */
- /* If AKID is available then this CA doesn't have the public
- * key required */
- if (ca && dcrl->extAuthKeyIdSet) {
- WOLFSSL_MSG("CA SKID doesn't match AKID");
- ca = NULL;
- }
- }
- #else
- ca = GetCA(cm, dcrl->issuerHash);
- #endif /* !NO_SKID */
- WOLFSSL_MSG("About to verify CRL signature");
- if (ca == NULL) {
- WOLFSSL_MSG("Did NOT find CRL issuer CA");
- ret = ASN_CRL_NO_SIGNER_E;
- WOLFSSL_ERROR_VERBOSE(ret);
- goto end;
- }
- WOLFSSL_MSG("Found CRL issuer CA");
- ret = VerifyCRL_Signature(&sigCtx, buff + dcrl->certBegin,
- dcrl->sigIndex - dcrl->certBegin, dcrl->signature, dcrl->sigLength,
- dcrl->signatureOID, sigParams, sigParamsSz, ca, dcrl->heap);
- end:
- return ret;
- #else
- DECL_ASNGETDATA(dataASN, crlASN_Length);
- int ret = 0;
- /* Default version - v1 = 0 */
- byte version = 0;
- word32 idx = 0;
- /* Size of buffer for date. */
- word32 lastDateSz = MAX_DATE_SIZE;
- word32 nextDateSz = MAX_DATE_SIZE;
- const byte* sigParams = NULL;
- int sigParamsSz = 0;
- #ifdef WC_RSA_PSS
- const byte* tbsParams = NULL;
- int tbsParamsSz = 0;
- #endif
- /* When NO_ASN_TIME is defined, verify not used. */
- (void)verify;
- WOLFSSL_MSG("ParseCRL");
- CALLOC_ASNGETDATA(dataASN, crlASN_Length, ret, dcrl->heap);
- if (ret == 0) {
- /* Set variable to store version. */
- GetASN_Int8Bit(&dataASN[CRLASN_IDX_TBS_VER], &version);
- /* Set expecting signature OID. */
- GetASN_OID(&dataASN[CRLASN_IDX_TBS_SIGALGO_OID], oidSigType);
- /* Set buffer to put last and next date into. */
- GetASN_Buffer(&dataASN[CRLASN_IDX_TBS_THISUPDATE_UTC], dcrl->lastDate,
- &lastDateSz);
- GetASN_Buffer(&dataASN[CRLASN_IDX_TBS_THISUPDATE_GT], dcrl->lastDate,
- &lastDateSz);
- GetASN_Buffer(&dataASN[CRLASN_IDX_TBS_NEXTUPDATE_UTC], dcrl->nextDate,
- &nextDateSz);
- GetASN_Buffer(&dataASN[CRLASN_IDX_TBS_NEXTUPDATE_GT], dcrl->nextDate,
- &nextDateSz);
- /* Set expecting signature OID. */
- GetASN_OID(&dataASN[CRLASN_IDX_SIGALGO_OID], oidSigType);
- /* Decode the CRL. */
- ret = GetASN_Items(crlASN, dataASN, crlASN_Length, 1, buff, &idx, sz);
- }
- /* Version must be v2 = 1 if present. */
- if ((ret == 0) && (dataASN[CRLASN_IDX_TBS_VER].tag != 0) &&
- (version != 1)) {
- ret = ASN_PARSE_E;
- }
- /* Check minimum size of last date. */
- if ((ret == 0) && (lastDateSz < MIN_DATE_SIZE)) {
- ret = ASN_PARSE_E;
- }
- /* Check minimum size of next date. */
- if ((ret == 0) && (nextDateSz < MIN_DATE_SIZE)) {
- ret = ASN_PARSE_E;
- }
- /* 'signatureAlgorithm' OID must be the same as 'signature' OID. */
- if ((ret == 0) && (dataASN[CRLASN_IDX_SIGALGO_OID].data.oid.sum !=
- dataASN[CRLASN_IDX_TBS_SIGALGO_OID].data.oid.sum)) {
- ret = ASN_PARSE_E;
- }
- if (ret == 0) {
- /* Store version */
- dcrl->version = ++version;
- /* Store offset of to be signed part. */
- dcrl->certBegin = dataASN[CRLASN_IDX_TBS].offset;
- /* Store index of signature. */
- dcrl->sigIndex = dataASN[CRLASN_IDX_SIGALGO].offset;
- #ifdef WC_RSA_PSS
- /* get TBS and Signature parameters for PSS */
- if (dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS].tag != 0) {
- tbsParams =
- GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
- buff);
- tbsParamsSz =
- GetASNItem_Length(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
- buff);
- }
- if (dataASN[CRLASN_IDX_SIGALGO_PARAMS].tag != 0) {
- sigParams =
- GetASNItem_Addr(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
- buff);
- sigParamsSz =
- GetASNItem_Length(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
- buff);
- dcrl->sigParamsIndex =
- dataASN[CRLASN_IDX_SIGALGO_PARAMS].offset;
- dcrl->sigParamsLength = sigParamsSz;
- }
- #endif
- /* Store address and length of signature data. */
- GetASN_GetRef(&dataASN[CRLASN_IDX_SIGNATURE], &dcrl->signature,
- &dcrl->sigLength);
- /* Get the signature OID. */
- dcrl->signatureOID = dataASN[CRLASN_IDX_SIGALGO_OID].data.oid.sum;
- #ifdef WC_RSA_PSS
- /* Sanity check on parameters found */
- if (tbsParamsSz != sigParamsSz) {
- WOLFSSL_MSG("CRL TBS and signature parameter sizes mismatch");
- ret = ASN_PARSE_E;
- }
- else if ((tbsParamsSz > 0) &&
- (dataASN[CRLASN_IDX_TBS_SIGALGO_OID].data.oid.sum != CTC_RSASSAPSS)) {
- WOLFSSL_MSG("CRL unexpected signature parameters found");
- ret = ASN_PARSE_E;
- }
- else if ((tbsParamsSz > 0) &&
- (XMEMCMP(tbsParams, sigParams, tbsParamsSz) != 0)) {
- WOLFSSL_MSG("CRL TBS and signature parameter mismatch");
- ret = ASN_PARSE_E;
- }
- #endif
- /* Get the format/tag of the last and next date. */
- dcrl->lastDateFormat = (dataASN[CRLASN_IDX_TBS_THISUPDATE_UTC].tag != 0)
- ? dataASN[CRLASN_IDX_TBS_THISUPDATE_UTC].tag
- : dataASN[CRLASN_IDX_TBS_THISUPDATE_GT].tag;
- dcrl->nextDateFormat = (dataASN[CRLASN_IDX_TBS_NEXTUPDATE_UTC].tag != 0)
- ? dataASN[CRLASN_IDX_TBS_NEXTUPDATE_UTC].tag
- : dataASN[CRLASN_IDX_TBS_NEXTUPDATE_GT].tag;
- #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
- if (dcrl->nextDateFormat != 0) {
- /* Next date was set, so validate it. */
- if (verify != NO_VERIFY &&
- !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
- WOLFSSL_MSG("CRL after date is no longer valid");
- ret = CRL_CERT_DATE_ERR;
- WOLFSSL_ERROR_VERBOSE(ret);
- }
- }
- }
- if (ret == 0) { /* in "no time" cases above "ret" is not set */
- #endif /* !NO_ASN_TIME && !WOLFSSL_NO_CRL_DATE_CHECK */
- #ifdef OPENSSL_EXTRA
- /* Parse and store the issuer name. */
- dcrl->issuerSz = GetASNItem_Length(dataASN[CRLASN_IDX_TBS_ISSUER],
- buff);
- dcrl->issuer = (byte*)GetNameFromDer((byte*)GetASNItem_Addr(
- dataASN[CRLASN_IDX_TBS_ISSUER], buff),
- (int)dcrl->issuerSz);
- #endif
- /* Calculate the Hash id from the issuer name. */
- ret = CalcHashId_ex(
- GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_ISSUER], buff),
- GetASNItem_Length(dataASN[CRLASN_IDX_TBS_ISSUER], buff),
- dcrl->issuerHash, HashIdAlg(dcrl->signatureOID));
- if (ret < 0) {
- ret = ASN_PARSE_E;
- }
- }
- if ((ret == 0) && (dataASN[CRLASN_IDX_TBS_REVOKEDCERTS].tag != 0)) {
- /* Parse revoked certificates - starting after SEQUENCE OF. */
- ret = ParseCRL_RevokedCerts(rcert, dcrl, buff,
- GetASNItem_DataIdx(dataASN[CRLASN_IDX_TBS_REVOKEDCERTS], buff),
- GetASNItem_EndIdx(dataASN[CRLASN_IDX_TBS_REVOKEDCERTS], buff));
- }
- if (ret == 0) {
- /* Parse the extensions - starting after SEQUENCE OF. */
- ret = ParseCRL_Extensions(dcrl, buff,
- GetASNItem_DataIdx(dataASN[CRLASN_IDX_TBS_EXT_SEQ], buff),
- GetASNItem_EndIdx(dataASN[CRLASN_IDX_TBS_EXT_SEQ], buff));
- }
- if (ret == 0) {
- /* Find signer and verify signature. */
- ret = PaseCRL_CheckSignature(dcrl, sigParams, sigParamsSz, buff, cm);
- }
- FREE_ASNGETDATA(dataASN, dcrl->heap);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* HAVE_CRL */
- #ifdef WOLFSSL_CERT_PIV
- #ifdef WOLFSSL_ASN_TEMPLATE
- /* Template for PIV. */
- static const ASNItem pivASN[] = {
- /* CERT */ { 0, ASN_PIV_CERT, 0, 0, 0 },
- /* NONCE */ { 0, ASN_PIV_NONCE, 0, 0, 1 },
- /* SIGNEDNONCE */ { 0, ASN_PIV_SIGNED_NONCE, 0, 0, 1 },
- };
- enum {
- PIVASN_IDX_CERT = 0,
- PIVASN_IDX_NONCE,
- PIVASN_IDX_SIGNEDNONCE,
- };
- #define pivASN_Length (sizeof(pivASN) / sizeof(ASNItem))
- static const ASNItem pivCertASN[] = {
- /* 0x53 = 0x40 | 0x13 */
- /* CERT */ { 1, ASN_APPLICATION | 0x13, 0, 1, 0 },
- /* 0x70 = 0x40 | 0x10 + 0x20 (CONSTRUCTED) */
- /* X509 */ { 2, ASN_APPLICATION | 0x10, 1, 0, 0 },
- /* 0x71 = 0x40 | 0x11 + 0x20 (CONSTRUCTED) */
- /* INFO */ { 2, ASN_APPLICATION | 0x11, 1, 0, 1 },
- /* 0xFE = 0xC0 | 0x1E + 0x20 (CONSTRUCTED) */
- /* ERR */ { 2, ASN_PRIVATE | 0x1e, 1, 0, 1 },
- };
- enum {
- PIVCERTASN_IDX_CERT,
- PIVCERTASN_IDX_X509,
- PIVCERTASN_IDX_INFO,
- PIVCERTASN_IDX_ERR,
- };
- #define pivCertASN_Length (sizeof(pivCertASN) / sizeof(ASNItem))
- #endif
- int wc_ParseCertPIV(wc_CertPIV* piv, const byte* buf, word32 totalSz)
- {
- #ifndef WOLFSSL_ASN_TEMPLATE
- int length = 0;
- word32 idx = 0;
- WOLFSSL_ENTER("wc_ParseCertPIV");
- if (piv == NULL || buf == NULL || totalSz == 0)
- return BAD_FUNC_ARG;
- XMEMSET(piv, 0, sizeof(wc_CertPIV));
- /* Detect Identiv PIV (with 0x0A, 0x0B and 0x0C sections) */
- /* Certificate (0A 82 05FA) */
- if (GetASNHeader(buf, ASN_PIV_CERT, &idx, &length, totalSz) >= 0) {
- /* Identiv Type PIV card */
- piv->isIdentiv = 1;
- piv->cert = &buf[idx];
- piv->certSz = length;
- idx += length;
- /* Nonce (0B 14) */
- if (GetASNHeader(buf, ASN_PIV_NONCE, &idx, &length, totalSz) >= 0) {
- piv->nonce = &buf[idx];
- piv->nonceSz = length;
- idx += length;
- }
- /* Signed Nonce (0C 82 0100) */
- if (GetASNHeader(buf, ASN_PIV_SIGNED_NONCE, &idx, &length, totalSz) >= 0) {
- piv->signedNonce = &buf[idx];
- piv->signedNonceSz = length;
- }
- idx = 0;
- buf = piv->cert;
- totalSz = piv->certSz;
- }
- /* Certificate Buffer Total Size (53 82 05F6) */
- if (GetASNHeader(buf, ASN_APPLICATION | ASN_PRINTABLE_STRING, &idx,
- &length, totalSz) < 0) {
- return ASN_PARSE_E;
- }
- /* PIV Certificate (70 82 05ED) */
- if (GetASNHeader(buf, ASN_PIV_TAG_CERT, &idx, &length,
- totalSz) < 0) {
- return ASN_PARSE_E;
- }
- /* Capture certificate buffer pointer and length */
- piv->cert = &buf[idx];
- piv->certSz = length;
- idx += length;
- /* PIV Certificate Info (71 01 00) */
- if (GetASNHeader(buf, ASN_PIV_TAG_CERT_INFO, &idx, &length,
- totalSz) >= 0) {
- if (length >= 1) {
- piv->compression = (buf[idx] & ASN_PIV_CERT_INFO_COMPRESSED);
- piv->isX509 = ((buf[idx] & ASN_PIV_CERT_INFO_ISX509) != 0);
- }
- idx += length;
- }
- /* PIV Error Detection (FE 00) */
- if (GetASNHeader(buf, ASN_PIV_TAG_ERR_DET, &idx, &length,
- totalSz) >= 0) {
- piv->certErrDet = &buf[idx];
- piv->certErrDetSz = length;
- idx += length;
- }
- return 0;
- #else
- /* pivCertASN_Length is longer than pivASN_Length */
- DECL_ASNGETDATA(dataASN, pivCertASN_Length);
- int ret = 0;
- word32 idx;
- byte info;
- WOLFSSL_ENTER("wc_ParseCertPIV");
- ALLOC_ASNGETDATA(dataASN, pivCertASN_Length, ret, NULL);
- if (ret == 0) {
- /* Clear dynamic data. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * pivASN_Length);
- /* Start parsing from start of buffer. */
- idx = 0;
- /* Parse Identiv wrapper. */
- ret = GetASN_Items(pivASN, dataASN, pivASN_Length, 1, buf, &idx,
- totalSz);
- if (ret == 0) {
- /* Identiv wrapper found. */
- piv->isIdentiv = 1;
- /* Get nonce reference. */
- if (dataASN[PIVASN_IDX_NONCE].tag != 0) {
- GetASN_GetConstRef(&dataASN[PIVASN_IDX_NONCE], &piv->nonce,
- &piv->nonceSz);
- }
- /* Get signedNonce reference. */
- if (dataASN[PIVASN_IDX_SIGNEDNONCE].tag != 0) {
- GetASN_GetConstRef(&dataASN[PIVASN_IDX_SIGNEDNONCE],
- &piv->signedNonce, &piv->signedNonceSz);
- }
- /* Get the certificate data for parsing. */
- GetASN_GetConstRef(&dataASN[PIVASN_IDX_CERT], &buf, &totalSz);
- }
- ret = 0;
- }
- if (ret == 0) {
- /* Clear dynamic data and set variable to put cert info into. */
- XMEMSET(dataASN, 0, sizeof(*dataASN) * pivCertASN_Length);
- GetASN_Int8Bit(&dataASN[PIVCERTASN_IDX_INFO], &info);
- /* Start parsing from start of buffer. */
- idx = 0;
- /* Parse PIV certificate data. */
- ret = GetASN_Items(pivCertASN, dataASN, pivCertASN_Length, 1, buf, &idx,
- totalSz);
- if (ret == 0) {
- /* Get X.509 certificate reference. */
- GetASN_GetConstRef(&dataASN[PIVCERTASN_IDX_X509], &piv->cert,
- &piv->certSz);
- /* Set the certificate info if available. */
- if (dataASN[PIVCERTASN_IDX_INFO].tag != 0) {
- /* Bits 1 and 2 are compression. */
- piv->compression = info & ASN_PIV_CERT_INFO_COMPRESSED;
- /* Bits 3 is X509 flag. */
- piv->isX509 = ((info & ASN_PIV_CERT_INFO_ISX509) != 0);
- }
- /* Get X.509 certificate error detection reference. */
- GetASN_GetConstRef(&dataASN[PIVCERTASN_IDX_ERR], &piv->certErrDet,
- &piv->certErrDetSz);
- }
- ret = 0;
- }
- FREE_ASNGETDATA(dataASN, NULL);
- return ret;
- #endif /* WOLFSSL_ASN_TEMPLATE */
- }
- #endif /* WOLFSSL_CERT_PIV */
- #ifdef HAVE_SMIME
- /*****************************************************************************
- * wc_MIME_parse_headers - Reads the char array in and parses out MIME headers
- * and parameters into headers. Will continue until in has no more content.
- *
- * RETURNS:
- * returns zero on success, non-zero on error.
- */
- int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
- {
- MimeHdr* nextHdr = NULL;
- MimeHdr* curHdr = NULL;
- MimeParam* nextParam = NULL;
- size_t start = 0;
- size_t end = 0;
- char* nameAttr = NULL;
- char* bodyVal = NULL;
- MimeTypes mimeType = MIME_HDR;
- MimeStatus mimeStatus = MIME_NAMEATTR;
- int ret = -1;
- size_t pos = 0;
- size_t lineLen = 0;
- char* curLine = NULL;
- char* ptr = NULL;
- if (in == NULL || inLen <= 0 || in[inLen] != '\0' || headers == NULL) {
- ret = BAD_FUNC_ARG;
- goto error;
- }
- nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL, DYNAMIC_TYPE_PKCS7);
- if (nextHdr == NULL) {
- ret = MEMORY_E;
- goto error;
- }
- XMEMSET(nextHdr, 0, sizeof(MimeHdr));
- nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL,
- DYNAMIC_TYPE_PKCS7);
- if (nextParam == NULL) {
- ret = MEMORY_E;
- goto error;
- }
- XMEMSET(nextParam, 0, sizeof(MimeParam));
- curLine = XSTRTOK(in, "\r\n", &ptr);
- if (curLine == NULL) {
- ret = ASN_PARSE_E;
- goto error;
- }
- while (curLine != NULL) {
- /* Leftover from previous line, add params to previous header. */
- if (curLine[0] == ' ' && curHdr) {
- mimeType = MIME_PARAM;
- }
- else {
- mimeType = MIME_HDR;
- }
- start = 0;
- lineLen = XSTRLEN(curLine);
- if (lineLen == 0) {
- ret = BAD_FUNC_ARG;
- goto error;
- }
- for (pos = 0; pos < lineLen; pos++) {
- char cur = curLine[pos];
- if (mimeStatus == MIME_NAMEATTR && ((cur == ':' &&
- mimeType == MIME_HDR) || (cur == '=' &&
- mimeType == MIME_PARAM)) && pos >= 1) {
- mimeStatus = MIME_BODYVAL;
- end = pos-1;
- if (nameAttr != NULL) {
- XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
- nameAttr = NULL;
- }
- ret = wc_MIME_header_strip(curLine, &nameAttr, start, end);
- if (ret) {
- goto error;
- }
- start = pos+1;
- }
- else if (mimeStatus == MIME_BODYVAL && cur == ';' && pos >= 1) {
- end = pos-1;
- if (bodyVal != NULL) {
- XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
- bodyVal = NULL;
- }
- ret = wc_MIME_header_strip(curLine, &bodyVal, start, end);
- if (ret) {
- goto error;
- }
- if (mimeType == MIME_HDR) {
- nextHdr->name = nameAttr;
- nameAttr = NULL;
- nextHdr->body = bodyVal;
- bodyVal = NULL;
- nextHdr->next = curHdr;
- curHdr = nextHdr;
- nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL,
- DYNAMIC_TYPE_PKCS7);
- if (nextHdr == NULL) {
- ret = MEMORY_E;
- goto error;
- }
- XMEMSET(nextHdr, 0, sizeof(MimeHdr));
- }
- else {
- nextParam->attribute = nameAttr;
- nameAttr = NULL;
- nextParam->value = bodyVal;
- bodyVal = NULL;
- nextParam->next = curHdr->params;
- curHdr->params = nextParam;
- nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL,
- DYNAMIC_TYPE_PKCS7);
- if (nextParam == NULL) {
- ret = MEMORY_E;
- goto error;
- }
- XMEMSET(nextParam, 0, sizeof(MimeParam));
- }
- mimeType = MIME_PARAM;
- mimeStatus = MIME_NAMEATTR;
- start = pos+1;
- }
- }
- end = lineLen-1;
- /* Omit newline characters. */
- while ((curLine[end] == '\r' || curLine[end] == '\n') && end > 0) {
- end--;
- }
- if (end >= start && mimeStatus == MIME_BODYVAL) {
- ret = wc_MIME_header_strip(curLine, &bodyVal, start, end);
- if (ret) {
- goto error;
- }
- if (mimeType == MIME_HDR) {
- nextHdr->name = nameAttr;
- nameAttr = NULL;
- nextHdr->body = bodyVal;
- bodyVal = NULL;
- nextHdr->next = curHdr;
- curHdr = nextHdr;
- nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL,
- DYNAMIC_TYPE_PKCS7);
- if (nextHdr == NULL) {
- ret = MEMORY_E;
- goto error;
- }
- XMEMSET(nextHdr, 0, sizeof(MimeHdr));
- } else {
- nextParam->attribute = nameAttr;
- nameAttr = NULL;
- nextParam->value = bodyVal;
- bodyVal = NULL;
- nextParam->next = curHdr->params;
- curHdr->params = nextParam;
- nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL,
- DYNAMIC_TYPE_PKCS7);
- if (nextParam == NULL) {
- ret = MEMORY_E;
- goto error;
- }
- XMEMSET(nextParam, 0, sizeof(MimeParam));
- }
- }
- curLine = XSTRTOK(NULL, "\r\n", &ptr);
- mimeStatus = MIME_NAMEATTR;
- }
- *headers = curHdr;
- ret = 0; /* success if at this point */
- error:
- if (ret != 0)
- wc_MIME_free_hdrs(curHdr);
- wc_MIME_free_hdrs(nextHdr);
- if (nameAttr != NULL)
- XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
- if (bodyVal != NULL)
- XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
- if (nextParam != NULL)
- XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7);
- return ret;
- }
- /*****************************************************************************
- * wc_MIME_header_strip - Reads the string in from indices start to end, strips
- * out disallowed/separator characters and places the rest into *out.
- *
- * RETURNS:
- * returns zero on success, non-zero on error.
- */
- int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end)
- {
- size_t inPos = start;
- size_t outPos = 0;
- size_t inLen = 0;
- if (end < start || in == NULL || out == NULL) {
- return BAD_FUNC_ARG;
- }
- inLen = XSTRLEN(in);
- if (start > inLen || end > inLen) {
- return BAD_FUNC_ARG;
- }
- *out = (char*)XMALLOC(((end-start)+2)*sizeof(char), NULL,
- DYNAMIC_TYPE_PKCS7);
- if (*out == NULL) {
- return MEMORY_E;
- }
- while (inPos <= end) {
- if (in[inPos] >= MIME_HEADER_ASCII_MIN && in[inPos] <=
- MIME_HEADER_ASCII_MAX && in[inPos] != ';' && in[inPos] != '\"') {
- (*out)[outPos] = in[inPos];
- outPos++;
- }
- inPos++;
- }
- (*out)[outPos] = '\0';
- return 0;
- }
- /*****************************************************************************
- * wc_MIME_find_header_name - Searches through all given headers until a header with
- * a name matching the provided name is found.
- *
- * RETURNS:
- * returns a pointer to the found header, if no match was found, returns NULL.
- */
- MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* header)
- {
- while (header) {
- if (!XSTRCMP(name, header->name)) {
- return header;
- }
- header = header->next;
- }
- return header;
- }
- /*****************************************************************************
- * wc_MIME_find_param_attr - Searches through all parameters until a parameter
- * with a attribute matching the provided attribute is found.
- *
- * RETURNS:
- * returns a pointer to the found parameter, if no match was found,
- * returns NULL.
- */
- MimeParam* wc_MIME_find_param_attr(const char* attribute,
- MimeParam* param)
- {
- while (param) {
- if (!XSTRCMP(attribute, param->attribute)) {
- return param;
- }
- param = param->next;
- }
- return param;
- }
- /*****************************************************************************
- * wc_MIME_single_canonicalize - Canonicalize a line by converting the trailing
- * line ending to CRLF.
- *
- * line - input line to canonicalize
- * len - length of line in chars on input, length of output array on return
- *
- * RETURNS:
- * returns a pointer to a canonicalized line on success, NULL on error.
- */
- char* wc_MIME_single_canonicalize(const char* line, word32* len)
- {
- size_t end = 0;
- char* canonLine = NULL;
- if (line == NULL || len == NULL || *len == 0) {
- return NULL;
- }
- end = *len;
- while (end >= 1 && ((line[end-1] == '\r') || (line[end-1] == '\n'))) {
- end--;
- }
- /* Need 2 chars for \r\n and 1 for EOL */
- canonLine = (char*)XMALLOC((end+3)*sizeof(char), NULL, DYNAMIC_TYPE_PKCS7);
- if (canonLine == NULL) {
- return NULL;
- }
- XMEMCPY(canonLine, line, end);
- canonLine[end] = '\r';
- canonLine[end+1] = '\n';
- canonLine[end+2] = '\0';
- *len = (word32)(end + 3);
- return canonLine;
- }
- /*****************************************************************************
- * wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting from
- * the provided header pointer.
- *
- * RETURNS:
- * returns zero on success, non-zero on error.
- */
- int wc_MIME_free_hdrs(MimeHdr* head)
- {
- MimeHdr* curHdr = NULL;
- MimeParam* curParam = NULL;
- while (head) {
- while (head->params) {
- curParam = head->params;
- head->params = head->params->next;
- XFREE(curParam->attribute, NULL, DYNAMIC_TYPE_PKCS7);
- XFREE(curParam->value, NULL, DYNAMIC_TYPE_PKCS7);
- XFREE(curParam, NULL, DYNAMIC_TYPE_PKCS7);
- }
- curHdr = head;
- head = head->next;
- XFREE(curHdr->name, NULL, DYNAMIC_TYPE_PKCS7);
- XFREE(curHdr->body, NULL, DYNAMIC_TYPE_PKCS7);
- XFREE(curHdr, NULL, DYNAMIC_TYPE_PKCS7);
- }
- return 0;
- }
- #endif /* HAVE_SMIME */
- #undef ERROR_OUT
- #ifdef WOLFSSL_ASN_PRINT
- /*******************************************************************************
- * ASN.1 Parsing and Printing Implementation
- ******************************************************************************/
- /* Initialize ASN.1 print options.
- *
- * @param [in, out] opts ASN.1 options for printing.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when asn1 is NULL.
- */
- int wc_Asn1PrintOptions_Init(Asn1PrintOptions* opts)
- {
- int ret = 0;
- if (opts == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- XMEMSET(opts, 0, sizeof(*opts));
- }
- return ret;
- }
- /* Set a print option into Asn1PrintOptions object.
- *
- * @param [in, out] opts ASN.1 options for printing.
- * @param [in] opt Option to set value of.
- * @param [in] val Value to set for option.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when asn1 is NULL.
- * @return BAD_FUNC_ARG when val is out of range for option.
- */
- int wc_Asn1PrintOptions_Set(Asn1PrintOptions* opts, enum Asn1PrintOpt opt,
- word32 val)
- {
- int ret = 0;
- /* Validate parameters. */
- if (opts == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- switch (opt) {
- /* Offset into DER/BER data to start decoding from. */
- case ASN1_PRINT_OPT_OFFSET:
- opts->offset = val;
- break;
- /* Length of DER/BER encoding to parse. */
- case ASN1_PRINT_OPT_LENGTH:
- opts->length = val;
- break;
- /* Number of spaces to indent for each change in depth. */
- case ASN1_PRINT_OPT_INDENT:
- /* Only 4 bits allowed for value. */
- if (val >= (1 << 4)) {
- ret = BAD_FUNC_ARG;
- }
- else {
- opts->indent = (word8)val;
- }
- break;
- /* Draw branches instead of indenting. */
- case ASN1_PRINT_OPT_DRAW_BRANCH:
- /* Boolean value. */
- opts->draw_branch = (val > 0);
- break;
- /* Show raw data of primitive types as octets. */
- case ASN1_PRINT_OPT_SHOW_DATA:
- /* Boolean value. */
- opts->show_data = (val > 0);
- break;
- /* Show header data as octets. */
- case ASN1_PRINT_OPT_SHOW_HEADER_DATA:
- /* Boolean value. */
- opts->show_header_data = (val > 0);
- break;
- /* Show the wolfSSL OID value for OBJECT_ID. */
- case ASN1_PRINT_OPT_SHOW_OID:
- /* Boolean value. */
- opts->show_oid = (val > 0);
- break;
- /* Don't show text representations of primitive types. */
- case ASN1_PRINT_OPT_SHOW_NO_TEXT:
- /* Boolean value. */
- opts->show_no_text = (val > 0);
- break;
- /* Don't show dump text representations of primitive types. */
- case ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT:
- /* Boolean value. */
- opts->show_no_dump_text = (val > 0);
- break;
- }
- }
- return ret;
- }
- /* Initialize an ASN.1 parse object.
- *
- * @param [in, out] asn1 ASN.1 parse object.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when asn1 is NULL.
- */
- int wc_Asn1_Init(Asn1* asn1)
- {
- int ret = 0;
- if (asn1 == NULL) {
- ret = BAD_FUNC_ARG;
- }
- else {
- XMEMSET(asn1, 0, sizeof(*asn1));
- asn1->file = XBADFILE;
- }
- return ret;
- }
- /* Set the file to use when printing.
- *
- * @param [in, out] asn1 ASN.1 parse object.
- * @param [in] file File to print to.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when asn1 is NULL.
- * @return BAD_FUNC_ARG when file is XBADFILE.
- */
- int wc_Asn1_SetFile(Asn1* asn1, XFILE file)
- {
- int ret = 0;
- if ((asn1 == NULL) || (file == XBADFILE)) {
- ret = BAD_FUNC_ARG;
- }
- else {
- asn1->file = file;
- }
- return ret;
- }
- /* Print OID in dotted form or as hex bytes.
- *
- * @param [in] file File pointer to write to.
- * @param [in] oid OBJECT_ID data.
- * @param [in] oid_len Length of OBJECT_ID data.
- */
- static void PrintObjectIdNum(XFILE file, unsigned char* oid, word32 len)
- {
- word16 dotted_nums[ASN1_OID_DOTTED_MAX_SZ];
- word32 num = ASN1_OID_DOTTED_MAX_SZ;
- word32 i;
- /* Decode OBJECT_ID into dotted form array. */
- if (DecodeObjectId(oid, len, dotted_nums, &num) == 0) {
- /* Print out each number of dotted form. */
- for (i = 0; i < num; i++) {
- XFPRINTF(file, "%d", dotted_nums[i]);
- /* Add separator. */
- if (i < num - 1) {
- XFPRINTF(file, ".");
- }
- }
- }
- else {
- /* Print out bytes as we couldn't decode. */
- for (i = 0; i < len; i++) {
- XFPRINTF(file, "%02x", oid[i]);
- /* Add separator. */
- if (i < len - 1) {
- XFPRINTF(file, ":");
- }
- }
- }
- }
- /* OID value to name mapping. */
- typedef struct OidName {
- /* wolfSSL OID value. */
- word32 oid;
- /* Long name to print when OID seen. */
- const char* name;
- } OidName;
- /* Extra OID to name mappings. */
- static const OidName extraOids[] = {
- { 0x005c, "commonName" },
- { 0x005d, "surname" },
- { 0x005e, "serialNumber" },
- { 0x005f, "countryName" },
- { 0x0060, "localityName" },
- { 0x0061, "stateOrProvinceName" },
- { 0x0062, "streetAddress" },
- { 0x0063, "organizationName" },
- { 0x0064, "organizationUnitName" },
- { 0x0065, "title" },
- { 0x0086, "certificateExtension" },
- { 0x028d, "emailAddress" },
- { 0x0293, "challengePassword" },
- { 0x029a, "extensionReq" },
- };
- /* Length of table of extra OID to name mappings. */
- #define EXTRA_OIDS_LEN ((int)(sizeof(extraOids) / sizeof(*extraOids)))
- /* Convert OID value to long name.
- *
- * @param [in] oid OID value.
- * @param [out] name Long name for OID when known.
- * @return 1 when OID known.
- * @return 0 when OID not known.
- */
- static int Oid2LongName(word32 oid, const char** name)
- {
- int ret = 0;
- int i;
- /* Step through each entry in table. */
- for (i = 0; i < EXTRA_OIDS_LEN; i++) {
- if (extraOids[i].oid == oid) {
- /* Return the name associated with the OID value. */
- *name = extraOids[i].name;
- ret = 1;
- break;
- }
- }
- return ret;
- }
- /* Print the text version of the OBJECT_ID.
- *
- * @param [in] asn1 ASN.1 parse object.
- * @param [in] opts ASN.1 options for printing.
- */
- static void PrintObjectIdText(Asn1* asn1, Asn1PrintOptions* opts)
- {
- word32 oid = (word32)-1;
- #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
- int nid;
- #endif
- const char* ln = NULL;
- word32 i = 0;
- int known = 1;
- /* Get the OID value for the OBJECT_ID. */
- if (GetObjectId(asn1->data + asn1->offset, &i, &oid, oidIgnoreType,
- asn1->item.len + 2) == ASN_PARSE_E) {
- known = 0;
- }
- else
- #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
- /* Lookup NID for OID value. */
- if ((nid = oid2nid(oid, oidIgnoreType)) != -1) {
- /* Lookup long name for NID. */
- ln = wolfSSL_OBJ_nid2ln(nid);
- }
- else
- #endif
- /* Lookup long name for extra known OID values. */
- if (!Oid2LongName(oid, &ln)) {
- /* Unknown OID value. */
- ln = NULL;
- known = 0;
- }
- XFPRINTF(asn1->file, ":");
- /* Show OID value if not known or asked to. */
- if ((!known) || opts->show_oid) {
- XFPRINTF(asn1->file, "(0x%x) ", oid);
- }
- if (ln != NULL) {
- /* Print long name. */
- XFPRINTF(asn1->file, "%s", ln);
- }
- else {
- /* Print out as numbers - either dotted or hex values. */
- PrintObjectIdNum(asn1->file, asn1->data + asn1->item.data_idx,
- asn1->item.len);
- }
- }
- /* Print ASN.1 data as a character string.
- *
- * @param [in] asn1 ASN.1 parse object.
- */
- static void PrintText(Asn1* asn1)
- {
- word32 i;
- XFPRINTF(asn1->file, ":");
- /* Print all data bytes as characters. */
- for (i = 0; i < asn1->item.len; i++) {
- XFPRINTF(asn1->file, "%c", asn1->data[asn1->item.data_idx + i]);
- }
- }
- /* Print data as a hex bytes.
- *
- * @param [in] file File pointer to write to.
- * @param [in] data Data to print.
- * @param [in] len Number of bytes to print.
- */
- static void PrintHex(XFILE file, unsigned char* data, word32 len)
- {
- word32 i;
- /* Print data bytes as hex numbers. */
- for (i = 0; i < len; i++) {
- XFPRINTF(file, "%02x", data[i]);
- }
- }
- /* Print ASN.1 data as a hex bytes.
- *
- * @param [in] asn1 ASN.1 parse object.
- */
- static void PrintHexText(Asn1* asn1)
- {
- XFPRINTF(asn1->file, ":");
- PrintHex(asn1->file, asn1->data + asn1->item.data_idx, asn1->item.len);
- }
- /* Print ASN.1 BIT_STRING data as hex bytes noting special first byte.
- *
- * @param [in] asn1 ASN.1 parse object.
- */
- static void PrintBitStringText(Asn1* asn1)
- {
- if (asn1->item.len > 0) {
- XFPRINTF(asn1->file, ":[%02x]", asn1->data[asn1->item.data_idx]);
- PrintHex(asn1->file, asn1->data + asn1->item.data_idx + 1,
- asn1->item.len - 1);
- }
- }
- /* Print ASN.1 BOOLEAN data as text with value.
- *
- * @param [in] asn1 ASN.1 parse object.
- */
- static void PrintBooleanText(Asn1* asn1)
- {
- /* Booleans should be 1 byte of data. */
- if (asn1->item.len == 1) {
- XFPRINTF(asn1->file, ":%s (%d)",
- (asn1->data[asn1->item.data_idx] == 0) ? "FALSE" : "TRUE",
- asn1->data[asn1->item.data_idx]);
- }
- }
- /* Print ASN.1 data as single byte +/- number.
- *
- * @param [in] asn1 ASN.1 parse object.
- */
- static void PrintNumberText(Asn1* asn1)
- {
- /* Only supporting 1 byte of data for now. */
- if (asn1->item.len == 1) {
- int num = asn1->data[asn1->item.data_idx];
- XFPRINTF(asn1->file, ":%d", num >= 0x80 ? num - 0x100 : num);
- }
- }
- /* Print ASN.1 data as a text based on the tag.
- *
- * TODO: handle more tags.
- *
- * @param [in] asn1 ASN.1 parse object.
- * @param [in] opts ASN.1 options for printing.
- */
- static void PrintAsn1Text(Asn1* asn1, Asn1PrintOptions* opts)
- {
- /* Get the long name for OBJECT_ID where possible. */
- if (asn1->item.tag == ASN_OBJECT_ID) {
- PrintObjectIdText(asn1, opts);
- }
- /* Data is an array of printable characters. */
- else if ((asn1->item.tag == ASN_UTF8STRING) ||
- (asn1->item.tag == ASN_IA5_STRING) ||
- (asn1->item.tag == ASN_PRINTABLE_STRING) ||
- (asn1->item.tag == ASN_T61STRING) ||
- (asn1->item.tag == ASN_BMPSTRING) ||
- (asn1->item.tag == ASN_UTC_TIME) ||
- (asn1->item.tag == ASN_GENERALIZED_TIME) ||
- (asn1->item.tag == ASN_UNIVERSALSTRING) ||
- (asn1->item.tag == ASN_OBJECT_DESC) ||
- (asn1->item.tag == ASN_CHARACTER_STRING)) {
- PrintText(asn1);
- }
- /* Show TRUE and FALSE with number. */
- else if (asn1->item.tag == ASN_BOOLEAN) {
- PrintBooleanText(asn1);
- }
- /* Show number. */
- else if (asn1->item.tag == ASN_ENUMERATED) {
- PrintNumberText(asn1);
- }
- /* Dumping potentially long string of hex digites. */
- else if (!opts->show_no_dump_text) {
- /* Dump all bytes. */
- if ((asn1->item.tag == ASN_INTEGER) ||
- (asn1->item.tag == ASN_OCTET_STRING) ||
- ((asn1->item.tag > ASN_APPLICATION) && (asn1->item.cons))) {
- PrintHexText(asn1);
- }
- /* First byte is number of unused bits in last byte.
- * Print first specially and dump rest of the bytes. */
- else if (asn1->item.tag == ASN_BIT_STRING) {
- PrintBitStringText(asn1);
- }
- }
- }
- #define HexToChar(n) ((((n) >= 32) && ((n) < 127)) ? (n) : '.')
- /* Dump data as hex bytes.
- *
- * @param [in] file File pointer to write to.
- * @param [in] data Data to print.
- * @param [in] len Number of bytes to print.
- */
- static void DumpData(XFILE file, unsigned char* data, word32 len)
- {
- word32 i;
- word32 j;
- for (i = 0; i < len; i += j) {
- /* Print offset. */
- XFPRINTF(file, " %04x:", i);
- for (j = 0; (j < 16) && (i + j < len); j++) {
- /* Print byte as hex number. */
- XFPRINTF(file, "%s%02x", (j == 8) ? " " : " ", data[i + j]);
- }
- /* Print spaces between hex and characters. */
- XFPRINTF(file, " %*s", (16 - j) * 3 + ((j < 8) ? 1 : 0), "");
- for (j = 0; (j < 16) && (i + j < len); j++) {
- /* Print byte as hex number. */
- XFPRINTF(file, "%c", HexToChar(data[i + j]));
- }
- XFPRINTF(file, "\n");
- }
- }
- /* Update current depth based on the current position.
- *
- * @param [in, out] asn1 ASN.1 parse object.
- */
- static void UpdateDepth(Asn1* asn1)
- {
- /* If current index is greater than or equal end index then it is done. */
- while ((asn1->depth > 0) &&
- (asn1->end_idx[asn1->depth-1] <= asn1->curr)) {
- /* Move up a depth. */
- asn1->depth--;
- }
- }
- /* Check validity of end index of constructed ASN.1 items.
- *
- * @param [in, out] asn1 ASN.1 parse object.
- * @return 0 on success.
- * @return ASN_DEPTH_E when end offset invalid.
- */
- static int CheckDepth(Asn1* asn1)
- {
- int ret = 0;
- int i;
- word32 curr_end = asn1->curr + asn1->item.len;
- for (i = 0; (ret == 0) && (i < asn1->depth); i++) {
- /* Each end index must be at least as large as the current one. */
- if (asn1->end_idx[i] < asn1->end_idx[asn1->depth]) {
- ret = ASN_DEPTH_E;
- }
- /* Each end index must be at least as large as current index. */
- if (asn1->end_idx[i] < curr_end) {
- ret = ASN_DEPTH_E;
- }
- }
- return ret;
- }
- /* Draw branching based on depth for an ASN.1 item.
- *
- * @param [in] asn1 ASN.1 parse object.
- */
- static void DrawBranch(Asn1* asn1)
- {
- int i;
- word32 end = asn1->curr + asn1->item.len;
- /* Write out the character for all depths but current. */
- for (i = 0; i < asn1->depth; i++) {
- if (asn1->item.cons || (end < asn1->end_idx[i])) {
- if (i < asn1->depth - 1) {
- /* Constructed or not end index and not current depth: | */
- XFPRINTF(asn1->file, "\xe2\x94\x82");
- }
- else {
- /* Constructed or not end index and current depth: |- */
- XFPRINTF(asn1->file, "\xe2\x94\x9c");
- }
- }
- else if ((i > 1) && (end >= asn1->end_idx[i-1])) {
- /* End index for previous: _|_ (in top half) */
- XFPRINTF(asn1->file, "\xe2\x94\xb4");
- }
- else {
- /* End index but not for previous: L (in top half) */
- XFPRINTF(asn1->file, "\xe2\x94\x94");
- }
- }
- /* Prefix to tag name. */
- if (asn1->item.cons) {
- if (asn1->depth > 0) {
- /* Have other line to connect to: T (in bottom half) */
- XFPRINTF(asn1->file, "\xe2\x94\xac");
- }
- else {
- /* Have no other line to connect to: r */
- XFPRINTF(asn1->file, "\xe2\x94\x8c");
- }
- }
- else {
- /* In a sequence: - */
- XFPRINTF(asn1->file, "\xe2\x94\x80");
- }
- }
- /* Print data as hex bytes separated by space.
- *
- * @param [in] file File pointer to write to.
- * @param [in] data Data to print.
- * @param [in] len Number of bytes to print.
- */
- static void PrintHexBytes(XFILE file, unsigned char* data, word32 len)
- {
- word32 i;
- for (i = 0; i < len; i++) {
- XFPRINTF(file, " %02x", data[i]);
- }
- }
- /* Dump header data.
- *
- * @param [in] asn1 ASN.1 parse object.
- * @param [in] opts ASN.1 options for printing.
- */
- static void DumpHeader(Asn1* asn1, Asn1PrintOptions* opts)
- {
- /* Put on same line when not showing data too and not showing text data. */
- if ((!opts->show_data) && opts->show_no_text) {
- XFPRINTF(asn1->file, "%10s", "");
- }
- else {
- /* Align with start of data. */
- XFPRINTF(asn1->file, "\n%12s", "");
- }
- XFPRINTF(asn1->file, " %02x", asn1->item.tag);
- if (asn1->curr >= asn1->offset + 1) {
- /* Print the header bytes as hex bytes separated by a space. */
- PrintHexBytes(asn1->file, asn1->data + asn1->offset + 1,
- asn1->curr - (asn1->offset + 1));
- }
- }
- /* Print ASN.1 item info based on header and indices.
- *
- * @param [in] asn1 ASN.1 parse object.
- * @param [in] opts ASN.1 options for printing.
- */
- static void PrintInfo(Asn1* asn1, Asn1PrintOptions* opts)
- {
- /* Print offset of this ASN.1 item. */
- XFPRINTF(asn1->file, "%4d: ", asn1->offset);
- /* Print length of header. */
- XFPRINTF(asn1->file, "%1d ", asn1->curr - asn1->offset);
- /* Print data length. */
- XFPRINTF(asn1->file, "%c%4d%c", asn1->item.cons ? '[' : '+', asn1->item.len,
- asn1->item.cons ? ']' : ' ');
- /* Print depth. */
- XFPRINTF(asn1->file, " %s(%d)", (asn1->depth < 10) ? " " : "", asn1->depth);
- if (!opts->draw_branch) {
- /* Indent to depth as required. */
- XFPRINTF(asn1->file, "%*s ", asn1->depth * opts->indent, "");
- if (!opts->indent) {
- /* Indicate constructed if no indent. */
- XFPRINTF(asn1->file, "%c", asn1->item.cons ? '+' : ' ');
- }
- }
- else {
- /* Draw branch structure for ASN.1 item. */
- XFPRINTF(asn1->file, " ");
- DrawBranch(asn1);
- }
- /* Print tag name. */
- XFPRINTF(asn1->file, "%-16s", TagString(asn1->item.tag));
- }
- /* Expecting tag part of ASN.1 item. */
- #define ASN_PART_TAG 0
- /* Expecting length part of ASN.1 item. */
- #define ASN_PART_LENGTH 1
- /* Expecting data part of ASN.1 item. */
- #define ASN_PART_DATA 2
- /* Print next ASN.1 item.
- *
- * @param [in, out] asn1 ASN.1 parse object.
- * @param [in] opts ASN.1 print options.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when asn1 or opts is NULL.
- * @return ASN_LEN_E when ASN.1 item's length too long.
- * @return ASN_DEPTH_E when end offset invalid.
- */
- static int wc_Asn1_Print(Asn1* asn1, Asn1PrintOptions* opts)
- {
- int ret = 0;
- /* Process tag. */
- if (asn1->part == ASN_PART_TAG) {
- /* Recalculate which depth we are at. */
- UpdateDepth(asn1);
- /* Get tag. */
- asn1->item.tag = asn1->data[asn1->curr] & (byte)~ASN_CONSTRUCTED;
- /* Store whether tag indicates constructed. */
- asn1->item.cons = (asn1->data[asn1->curr] & ASN_CONSTRUCTED) ==
- ASN_CONSTRUCTED;
- /* Start of ASN.1 item is current index. */
- asn1->offset = asn1->curr;
- /* Step over tag. */
- asn1->curr++;
- /* Next part is length. */
- asn1->part = ASN_PART_LENGTH;
- }
- /* Process length. */
- if (asn1->part == ASN_PART_LENGTH) {
- int len;
- /* Decode length and step over it. */
- if (GetLength(asn1->data, &asn1->curr, &len, asn1->max) < 0) {
- ret = ASN_LEN_E;
- }
- else {
- /* Store ASN.1 item data offset. */
- asn1->item.data_idx = asn1->curr;
- /* Store ASN.1 item data length. */
- asn1->item.len = (word32)len;
- /* Print info about ASN.1 item. */
- PrintInfo(asn1, opts);
- if (!asn1->item.cons) {
- /* Move on to print data. */
- asn1->part = ASN_PART_DATA;
- }
- else {
- /* Print header now if not printing data. */
- if (opts->show_header_data) {
- DumpHeader(asn1, opts);
- }
- XFPRINTF(asn1->file, "\n");
- /* Record end offset for this depth. */
- asn1->end_idx[asn1->depth++] = asn1->curr + asn1->item.len;
- /* Done with this ASN.1 item. */
- asn1->part = ASN_PART_TAG;
- }
- /* Check end indices are valid. */
- ret = CheckDepth(asn1);
- }
- }
- /* Process data. */
- if ((ret == 0) && (asn1->part == ASN_PART_DATA)) {
- if (!opts->show_no_text) {
- /* Print text representation of data. */
- PrintAsn1Text(asn1, opts);
- }
- if (opts->show_header_data) {
- /* Dump header bytes. */
- DumpHeader(asn1, opts);
- }
- XFPRINTF(asn1->file, "\n");
- if (opts->show_data) {
- /* Dump data bytes. */
- DumpData(asn1->file, asn1->data + asn1->item.data_idx,
- asn1->item.len);
- }
- /* Step past data to next ASN.1 item. */
- asn1->curr += asn1->item.len;
- /* Update the depth based on end indices. */
- UpdateDepth(asn1);
- /* Done with this ASN.1 item. */
- asn1->part = ASN_PART_TAG;
- }
- /* Make ASN.1 item printing go out. */
- fflush(asn1->file);
- return ret;
- }
- /* Print all ASN.1 items.
- *
- * @param [in, out] asn1 ASN.1 parse object.
- * @param [in] opts ASN.1 print options.
- * @param [in] data BER/DER data to print.
- * @param [in] len Length of data to print in bytes.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when asn1, opts or data is NULL.
- * @return ASN_LEN_E when ASN.1 item's length too long.
- * @return ASN_DEPTH_E when end offset invalid.
- * @return ASN_PARSE_E when not all of an ASN.1 item parsed.
- */
- int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data,
- word32 len)
- {
- int ret = 0;
- if ((asn1 == NULL) || (opts == NULL) || (data == NULL)) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- /* Initialize start position. */
- asn1->curr = 0;
- /* Start parsing at tag. */
- asn1->part = ASN_PART_TAG;
- /* Start depth at 0. */
- asn1->depth = 0;
- /* Store the starting point of the data to parse. */
- asn1->data = data + opts->offset;
- if (opts->length > 0) {
- /* Use user specified maximum length. */
- asn1->max = opts->length;
- }
- else {
- /* Maximum length is up to end from offset. */
- asn1->max = len - opts->offset;
- }
- /* Keep going while no error and have data to parse. */
- while ((ret == 0) && (asn1->curr < asn1->max)) {
- /* Print an ASN.1 item. */
- ret = wc_Asn1_Print(asn1, opts);
- }
- }
- if ((ret == 0) && (asn1->part != ASN_PART_TAG)) {
- /* Stopped before finishing ASN.1 item. */
- ret = ASN_PARSE_E;
- }
- if ((ret == 0) && (asn1->depth != 0)) {
- /* Stopped without seeing all items in a constructed item. */
- ret = ASN_DEPTH_E;
- }
- return ret;
- }
- #endif /* WOLFSSL_ASN_PRINT */
- #endif /* !NO_ASN */
- /* Functions that parse, but are not using ASN.1 */
- #if !defined(NO_RSA) && (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
- /* import RSA public key elements (n, e) into RsaKey structure (key) */
- /* this function does not use any ASN.1 parsing */
- int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
- word32 eSz, RsaKey* key)
- {
- if (n == NULL || e == NULL || key == NULL)
- return BAD_FUNC_ARG;
- key->type = RSA_PUBLIC;
- if (mp_init(&key->n) != MP_OKAY)
- return MP_INIT_E;
- if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) {
- mp_clear(&key->n);
- return ASN_GETINT_E;
- }
- #ifdef HAVE_WOLF_BIGINT
- if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) {
- mp_clear(&key->n);
- return ASN_GETINT_E;
- }
- #endif /* HAVE_WOLF_BIGINT */
- if (mp_init(&key->e) != MP_OKAY) {
- mp_clear(&key->n);
- return MP_INIT_E;
- }
- if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) {
- mp_clear(&key->n);
- mp_clear(&key->e);
- return ASN_GETINT_E;
- }
- #ifdef HAVE_WOLF_BIGINT
- if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) {
- mp_clear(&key->n);
- mp_clear(&key->e);
- return ASN_GETINT_E;
- }
- #endif /* HAVE_WOLF_BIGINT */
- #ifdef WOLFSSL_XILINX_CRYPT
- if (wc_InitRsaHw(key) != 0) {
- return BAD_STATE_E;
- }
- #endif
- return 0;
- }
- #endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
- #ifdef WOLFSSL_SEP
- #endif /* WOLFSSL_SEP */
|