1
0

asn1.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510
  1. /*
  2. * Copyright (c) 2007, Cameron Rich
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright notice,
  12. * this list of conditions and the following disclaimer in the documentation
  13. * and/or other materials provided with the distribution.
  14. * * Neither the name of the axTLS project nor the names of its contributors
  15. * may be used to endorse or promote products derived from this software
  16. * without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  22. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  23. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  24. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  25. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  26. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  27. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. */
  30. /**
  31. * Some primitive asn methods for extraction ASN.1 data.
  32. */
  33. #include <stdio.h>
  34. #include <stdlib.h>
  35. #include <string.h>
  36. #include <time.h>
  37. #include "os_port.h"
  38. #include "crypto.h"
  39. #include "crypto_misc.h"
  40. #define SIG_OID_PREFIX_SIZE 8
  41. #define SIG_IIS6_OID_SIZE 5
  42. /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
  43. static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
  44. {
  45. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
  46. };
  47. static const uint8_t sig_iis6_oid[SIG_IIS6_OID_SIZE] =
  48. {
  49. 0x2b, 0x0e, 0x03, 0x02, 0x1d
  50. };
  51. /* CN, O, OU */
  52. static const uint8_t g_dn_types[] = { 3, 10, 11 };
  53. int get_asn1_length(const uint8_t *buf, int *offset)
  54. {
  55. int len, i;
  56. if (!(buf[*offset] & 0x80)) /* short form */
  57. {
  58. len = buf[(*offset)++];
  59. }
  60. else /* long form */
  61. {
  62. int length_bytes = buf[(*offset)++]&0x7f;
  63. len = 0;
  64. for (i = 0; i < length_bytes; i++)
  65. {
  66. len <<= 8;
  67. len += buf[(*offset)++];
  68. }
  69. }
  70. return len;
  71. }
  72. /**
  73. * Skip the ASN1.1 object type and its length. Get ready to read the object's
  74. * data.
  75. */
  76. int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
  77. {
  78. if (buf[*offset] != obj_type)
  79. return X509_NOT_OK;
  80. (*offset)++;
  81. return get_asn1_length(buf, offset);
  82. }
  83. /**
  84. * Skip over an ASN.1 object type completely. Get ready to read the next
  85. * object.
  86. */
  87. int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
  88. {
  89. int len;
  90. if (buf[*offset] != obj_type)
  91. return X509_NOT_OK;
  92. (*offset)++;
  93. len = get_asn1_length(buf, offset);
  94. *offset += len;
  95. return 0;
  96. }
  97. /**
  98. * Read an integer value for ASN.1 data
  99. * Note: This function allocates memory which must be freed by the user.
  100. */
  101. int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
  102. {
  103. int len;
  104. if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
  105. goto end_int_array;
  106. if (len > 1 && buf[*offset] == 0x00) /* ignore the negative byte */
  107. {
  108. len--;
  109. (*offset)++;
  110. }
  111. *object = (uint8_t *)malloc(len);
  112. memcpy(*object, &buf[*offset], len);
  113. *offset += len;
  114. end_int_array:
  115. return len;
  116. }
  117. /**
  118. * Get all the RSA private key specifics from an ASN.1 encoded file
  119. */
  120. int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
  121. {
  122. int offset = 7;
  123. uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
  124. int mod_len, priv_len, pub_len;
  125. #ifdef CONFIG_BIGINT_CRT
  126. uint8_t *p = NULL, *q = NULL, *dP = NULL, *dQ = NULL, *qInv = NULL;
  127. int p_len, q_len, dP_len, dQ_len, qInv_len;
  128. #endif
  129. /* not in der format */
  130. if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
  131. {
  132. #ifdef CONFIG_SSL_FULL_MODE
  133. printf("Error: This is not a valid ASN.1 file\n");
  134. #endif
  135. return X509_INVALID_PRIV_KEY;
  136. }
  137. /* initialise the RNG */
  138. RNG_initialize(buf, len);
  139. mod_len = asn1_get_int(buf, &offset, &modulus);
  140. pub_len = asn1_get_int(buf, &offset, &pub_exp);
  141. priv_len = asn1_get_int(buf, &offset, &priv_exp);
  142. if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
  143. return X509_INVALID_PRIV_KEY;
  144. #ifdef CONFIG_BIGINT_CRT
  145. p_len = asn1_get_int(buf, &offset, &p);
  146. q_len = asn1_get_int(buf, &offset, &q);
  147. dP_len = asn1_get_int(buf, &offset, &dP);
  148. dQ_len = asn1_get_int(buf, &offset, &dQ);
  149. qInv_len = asn1_get_int(buf, &offset, &qInv);
  150. if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
  151. return X509_INVALID_PRIV_KEY;
  152. RSA_priv_key_new(rsa_ctx,
  153. modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
  154. p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
  155. free(p);
  156. free(q);
  157. free(dP);
  158. free(dQ);
  159. free(qInv);
  160. #else
  161. RSA_priv_key_new(rsa_ctx,
  162. modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
  163. #endif
  164. free(modulus);
  165. free(priv_exp);
  166. free(pub_exp);
  167. return X509_OK;
  168. }
  169. /**
  170. * Get the time of a certificate. Ignore hours/minutes/seconds.
  171. */
  172. static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
  173. {
  174. int ret = X509_NOT_OK, len, t_offset;
  175. struct tm tm;
  176. if (buf[(*offset)++] != ASN1_UTC_TIME)
  177. goto end_utc_time;
  178. len = get_asn1_length(buf, offset);
  179. t_offset = *offset;
  180. memset(&tm, 0, sizeof(struct tm));
  181. tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
  182. if (tm.tm_year <= 50) /* 1951-2050 thing */
  183. {
  184. tm.tm_year += 100;
  185. }
  186. tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
  187. tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
  188. *t = mktime(&tm);
  189. *offset += len;
  190. ret = X509_OK;
  191. end_utc_time:
  192. return ret;
  193. }
  194. /**
  195. * Get the version type of a certificate (which we don't actually care about)
  196. */
  197. int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  198. {
  199. int ret = X509_NOT_OK;
  200. (*offset) += 2; /* get past explicit tag */
  201. if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
  202. goto end_version;
  203. ret = X509_OK;
  204. end_version:
  205. return ret;
  206. }
  207. /**
  208. * Retrieve the notbefore and notafter certificate times.
  209. */
  210. int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  211. {
  212. return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
  213. asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
  214. asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
  215. }
  216. /**
  217. * Get the components of a distinguished name
  218. */
  219. static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
  220. {
  221. int dn_type = 0;
  222. int len;
  223. if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
  224. goto end_oid;
  225. /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name
  226. components we are interested in. */
  227. if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
  228. dn_type = buf[(*offset)++];
  229. else
  230. {
  231. *offset += len; /* skip over it */
  232. }
  233. end_oid:
  234. return dn_type;
  235. }
  236. /**
  237. * Obtain an ASN.1 printable string type.
  238. */
  239. static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
  240. {
  241. int len = X509_NOT_OK;
  242. /* some certs have this awful crud in them for some reason */
  243. if (buf[*offset] != ASN1_PRINTABLE_STR &&
  244. buf[*offset] != ASN1_TELETEX_STR &&
  245. buf[*offset] != ASN1_IA5_STR &&
  246. buf[*offset] != ASN1_UNICODE_STR)
  247. goto end_pnt_str;
  248. (*offset)++;
  249. len = get_asn1_length(buf, offset);
  250. if (buf[*offset - 1] == ASN1_UNICODE_STR)
  251. {
  252. int i;
  253. *str = (char *)malloc(len/2+1); /* allow for null */
  254. for (i = 0; i < len; i += 2)
  255. (*str)[i/2] = buf[*offset + i + 1];
  256. (*str)[len/2] = 0; /* null terminate */
  257. }
  258. else
  259. {
  260. *str = (char *)malloc(len+1); /* allow for null */
  261. memcpy(*str, &buf[*offset], len);
  262. (*str)[len] = 0; /* null terminate */
  263. }
  264. *offset += len;
  265. end_pnt_str:
  266. return len;
  267. }
  268. /**
  269. * Get the subject name (or the issuer) of a certificate.
  270. */
  271. int asn1_name(const uint8_t *cert, int *offset, char *dn[])
  272. {
  273. int ret = X509_NOT_OK;
  274. int dn_type;
  275. char *tmp = NULL;
  276. if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
  277. goto end_name;
  278. while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
  279. {
  280. int i, found = 0;
  281. if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
  282. (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
  283. goto end_name;
  284. if (asn1_get_printable_str(cert, offset, &tmp) < 0)
  285. {
  286. free(tmp);
  287. goto end_name;
  288. }
  289. /* find the distinguished named type */
  290. for (i = 0; i < X509_NUM_DN_TYPES; i++)
  291. {
  292. if (dn_type == g_dn_types[i])
  293. {
  294. if (dn[i] == NULL)
  295. {
  296. dn[i] = tmp;
  297. found = 1;
  298. break;
  299. }
  300. }
  301. }
  302. if (found == 0) /* not found so get rid of it */
  303. {
  304. free(tmp);
  305. }
  306. }
  307. ret = X509_OK;
  308. end_name:
  309. return ret;
  310. }
  311. /**
  312. * Read the modulus and public exponent of a certificate.
  313. */
  314. int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  315. {
  316. int ret = X509_NOT_OK, mod_len, pub_len;
  317. uint8_t *modulus = NULL, *pub_exp = NULL;
  318. if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
  319. asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
  320. asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
  321. goto end_pub_key;
  322. (*offset)++; /* ignore the padding bit field */
  323. if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
  324. goto end_pub_key;
  325. mod_len = asn1_get_int(cert, offset, &modulus);
  326. pub_len = asn1_get_int(cert, offset, &pub_exp);
  327. RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
  328. free(modulus);
  329. free(pub_exp);
  330. ret = X509_OK;
  331. end_pub_key:
  332. return ret;
  333. }
  334. #ifdef CONFIG_SSL_CERT_VERIFICATION
  335. /**
  336. * Read the signature of the certificate.
  337. */
  338. int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  339. {
  340. int ret = X509_NOT_OK;
  341. if (cert[(*offset)++] != ASN1_BIT_STRING)
  342. goto end_sig;
  343. x509_ctx->sig_len = get_asn1_length(cert, offset)-1;
  344. (*offset)++; /* ignore bit string padding bits */
  345. x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
  346. memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
  347. *offset += x509_ctx->sig_len;
  348. ret = X509_OK;
  349. end_sig:
  350. return ret;
  351. }
  352. /*
  353. * Compare 2 distinguished name components for equality
  354. * @return 0 if a match
  355. */
  356. static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
  357. {
  358. int ret = 1;
  359. if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
  360. ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
  361. err_no_match:
  362. return ret;
  363. }
  364. /**
  365. * Clean up all of the CA certificates.
  366. */
  367. void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
  368. {
  369. int i = 0;
  370. if (ca_cert_ctx == NULL)
  371. return;
  372. while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
  373. {
  374. x509_free(ca_cert_ctx->cert[i]);
  375. ca_cert_ctx->cert[i++] = NULL;
  376. }
  377. free(ca_cert_ctx);
  378. }
  379. /*
  380. * Compare 2 distinguished names for equality
  381. * @return 0 if a match
  382. */
  383. int asn1_compare_dn(char * const dn1[], char * const dn2[])
  384. {
  385. int i;
  386. for (i = 0; i < X509_NUM_DN_TYPES; i++)
  387. {
  388. if (asn1_compare_dn_comp(dn1[i], dn2[i]))
  389. return 1;
  390. }
  391. return 0; /* all good */
  392. }
  393. #endif
  394. /**
  395. * Read the signature type of the certificate. We only support RSA-MD5 and
  396. * RSA-SHA1 signature types.
  397. */
  398. int asn1_signature_type(const uint8_t *cert,
  399. int *offset, X509_CTX *x509_ctx)
  400. {
  401. int ret = X509_NOT_OK, len;
  402. if (cert[(*offset)++] != ASN1_OID)
  403. goto end_check_sig;
  404. len = get_asn1_length(cert, offset);
  405. if (len == 5 && memcmp(sig_iis6_oid, &cert[*offset],
  406. SIG_IIS6_OID_SIZE) == 0)
  407. {
  408. x509_ctx->sig_type = SIG_TYPE_SHA1;
  409. }
  410. else
  411. {
  412. if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
  413. goto end_check_sig; /* unrecognised cert type */
  414. x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
  415. }
  416. *offset += len;
  417. asn1_skip_obj(cert, offset, ASN1_NULL); /* if it's there */
  418. ret = X509_OK;
  419. end_check_sig:
  420. return ret;
  421. }