This is a fork of the mbed port of axTLS

Dependents:   TLS_axTLS-Example HTTPSClientExample

Overview

This library is a fork from the mbed port of axTLS. It attempts to :

  • reduce the usage of dynamic memory
  • verify certificates with key size up to 2048 bits
  • provide a simple interface

Encryption

This library uses either RC4 or AES for encryption.

Memory usage

During the establishment of a connection, about 10KB of memory is allocated dynamically (it depends on certificates). Once the connection is established, the memory consumption is relatively low. This means that your program must not use too much static memory or allocate memory before you establish a TLS connection.

Certificates

Certificates are the major source of problem and will often be the reason why your program will crash. Due to memory constraint, there are some limitations on certificates :

  • Each certificate must not be bigger than 2KB
  • TLS client can only handle a chain of up to three certificates (excluding the root certificate). This means that the server must not send more than three certificates.

Also, this library can only load certificates following these specifications :

  • encoded in binary DER format (PKCS1)
  • The public key must use RSA only

Once the connection is established, you should free all loaded certificates by calling CertificateManager::clear(). This will free a few kilobytes (it depends on your certificates). In addition, to enable certificate verification during the connection, this library has a "precomputed mode". This mode uses much less memory than a normal certificate verification.

Normal mode

You need to copy the root certificate in binary-DER format on the mbed. Then in your code, let's say that your root certificate is saved on the mbed as "root.der", assuming that you include CertificateManager.h and that you created a LocalFileSystem, you can load this certificate as this ;

Load root certificate

CertificateManager::add("/local/root.der");
CertificateManager::load();

Do not forget that this mode takes quite a lot of memory ( the memory peak is high while verifying certificates) and will only work if the key size is not bigger than 1024 bits (otherwise it will crash while verifying certificates).

Precomputed mode

In this mode, you need to save the entire chain of certificates (in binary-DER format) including the root certificate on the mbed. In practice, this means that you must first retrieve all certificates that the server sends during a connection and then find the right root certificate. In your code, you must call CertificateManager::add for each certificate and in the right order : from the server certificate to the root certificate. Here is how you shoud load certificates in this mode :

Loadcertificates in precomputed mode

CertificateManager::add("/local/server1.der");
CertificateManager::add("/local/server2.der");
CertificateManager::add("/local/server3.der");
CertificateManager::add("/local/root.der");
CertificateManager::load(true);

Using this mode, you should be able to verify certificates with key size up to 2048 bits.

How do I find these certificates ?

I posted an entry in my notebook detailing how to get certificates from a server. You should be able to get all certificates you need except the root certificate. Here is a way how to get the root certificate on windows :

  1. Open (double-click) the last certificate sent by the server
  2. Go to details panel and click on the entry called Issuer. The first line gives you the name of this certificate and the second line indicates the company who created this certificate
  3. Open firefox
  4. Go to options, advanced panel and click on View Certificates
  5. Go to Authorities panel
  6. Choose the certificate whose name match the issuer of the last certificate sent by the server
  7. Export this certificate to binary-DER format.

Connect to mbed.org !

Import programTLS_axTLS-Example

Establishing a connection to mbed.org using TLS

Committer:
feb11
Date:
Thu Sep 12 15:18:04 2013 +0000
Revision:
0:85fceccc1a7c
intial import

Who changed what in which revision?

UserRevisionLine numberNew contents of line
feb11 0:85fceccc1a7c 1 /*
feb11 0:85fceccc1a7c 2 * Copyright (c) 2007, Cameron Rich
feb11 0:85fceccc1a7c 3 *
feb11 0:85fceccc1a7c 4 * All rights reserved.
feb11 0:85fceccc1a7c 5 *
feb11 0:85fceccc1a7c 6 * Redistribution and use in source and binary forms, with or without
feb11 0:85fceccc1a7c 7 * modification, are permitted provided that the following conditions are met:
feb11 0:85fceccc1a7c 8 *
feb11 0:85fceccc1a7c 9 * * Redistributions of source code must retain the above copyright notice,
feb11 0:85fceccc1a7c 10 * this list of conditions and the following disclaimer.
feb11 0:85fceccc1a7c 11 * * Redistributions in binary form must reproduce the above copyright notice,
feb11 0:85fceccc1a7c 12 * this list of conditions and the following disclaimer in the documentation
feb11 0:85fceccc1a7c 13 * and/or other materials provided with the distribution.
feb11 0:85fceccc1a7c 14 * * Neither the name of the axTLS project nor the names of its contributors
feb11 0:85fceccc1a7c 15 * may be used to endorse or promote products derived from this software
feb11 0:85fceccc1a7c 16 * without specific prior written permission.
feb11 0:85fceccc1a7c 17 *
feb11 0:85fceccc1a7c 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
feb11 0:85fceccc1a7c 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
feb11 0:85fceccc1a7c 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
feb11 0:85fceccc1a7c 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
feb11 0:85fceccc1a7c 22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
feb11 0:85fceccc1a7c 23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
feb11 0:85fceccc1a7c 24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
feb11 0:85fceccc1a7c 25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
feb11 0:85fceccc1a7c 26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
feb11 0:85fceccc1a7c 27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
feb11 0:85fceccc1a7c 28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
feb11 0:85fceccc1a7c 29 */
feb11 0:85fceccc1a7c 30
feb11 0:85fceccc1a7c 31 /**
feb11 0:85fceccc1a7c 32 * Some primitive asn methods for extraction ASN.1 data.
feb11 0:85fceccc1a7c 33 */
feb11 0:85fceccc1a7c 34
feb11 0:85fceccc1a7c 35 #include <stdio.h>
feb11 0:85fceccc1a7c 36 #include <stdlib.h>
feb11 0:85fceccc1a7c 37 #include <string.h>
feb11 0:85fceccc1a7c 38 #include <time.h>
feb11 0:85fceccc1a7c 39 #include "os_port.h"
feb11 0:85fceccc1a7c 40 #include "crypto.h"
feb11 0:85fceccc1a7c 41 #include "crypto_misc.h"
feb11 0:85fceccc1a7c 42
feb11 0:85fceccc1a7c 43 #define SIG_OID_PREFIX_SIZE 8
feb11 0:85fceccc1a7c 44 #define SIG_IIS6_OID_SIZE 5
feb11 0:85fceccc1a7c 45 #define SIG_SUBJECT_ALT_NAME_SIZE 3
feb11 0:85fceccc1a7c 46
feb11 0:85fceccc1a7c 47 /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
feb11 0:85fceccc1a7c 48 static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
feb11 0:85fceccc1a7c 49 {
feb11 0:85fceccc1a7c 50 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
feb11 0:85fceccc1a7c 51 };
feb11 0:85fceccc1a7c 52
feb11 0:85fceccc1a7c 53 static const uint8_t sig_sha1WithRSAEncrypt[SIG_IIS6_OID_SIZE] =
feb11 0:85fceccc1a7c 54 {
feb11 0:85fceccc1a7c 55 0x2b, 0x0e, 0x03, 0x02, 0x1d
feb11 0:85fceccc1a7c 56 };
feb11 0:85fceccc1a7c 57
feb11 0:85fceccc1a7c 58 static const uint8_t sig_subject_alt_name[SIG_SUBJECT_ALT_NAME_SIZE] =
feb11 0:85fceccc1a7c 59 {
feb11 0:85fceccc1a7c 60 0x55, 0x1d, 0x11
feb11 0:85fceccc1a7c 61 };
feb11 0:85fceccc1a7c 62
feb11 0:85fceccc1a7c 63 /* CN, O, OU */
feb11 0:85fceccc1a7c 64 static const uint8_t g_dn_types[] = { 3, 10, 11 };
feb11 0:85fceccc1a7c 65
feb11 0:85fceccc1a7c 66 static const uint8_t rsaOID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
feb11 0:85fceccc1a7c 67
feb11 0:85fceccc1a7c 68
feb11 0:85fceccc1a7c 69 int get_asn1_length(const uint8_t *buf, int *offset)
feb11 0:85fceccc1a7c 70 {
feb11 0:85fceccc1a7c 71 int len, i;
feb11 0:85fceccc1a7c 72
feb11 0:85fceccc1a7c 73 if (!(buf[*offset] & 0x80)) /* short form */
feb11 0:85fceccc1a7c 74 {
feb11 0:85fceccc1a7c 75 len = buf[(*offset)++];
feb11 0:85fceccc1a7c 76 }
feb11 0:85fceccc1a7c 77 else /* long form */
feb11 0:85fceccc1a7c 78 {
feb11 0:85fceccc1a7c 79 int length_bytes = buf[(*offset)++]&0x7f;
feb11 0:85fceccc1a7c 80 len = 0;
feb11 0:85fceccc1a7c 81 for (i = 0; i < length_bytes; i++)
feb11 0:85fceccc1a7c 82 {
feb11 0:85fceccc1a7c 83 len <<= 8;
feb11 0:85fceccc1a7c 84 len += buf[(*offset)++];
feb11 0:85fceccc1a7c 85 }
feb11 0:85fceccc1a7c 86 }
feb11 0:85fceccc1a7c 87 return len;
feb11 0:85fceccc1a7c 88 }
feb11 0:85fceccc1a7c 89
feb11 0:85fceccc1a7c 90 /**
feb11 0:85fceccc1a7c 91 * Skip the ASN1.1 object type and its length. Get ready to read the object's
feb11 0:85fceccc1a7c 92 * data.
feb11 0:85fceccc1a7c 93 */
feb11 0:85fceccc1a7c 94 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
feb11 0:85fceccc1a7c 95 {
feb11 0:85fceccc1a7c 96 if (buf[*offset] != obj_type)
feb11 0:85fceccc1a7c 97 return X509_NOT_OK;
feb11 0:85fceccc1a7c 98 (*offset)++;
feb11 0:85fceccc1a7c 99 return get_asn1_length(buf, offset);
feb11 0:85fceccc1a7c 100 }
feb11 0:85fceccc1a7c 101
feb11 0:85fceccc1a7c 102 /**
feb11 0:85fceccc1a7c 103 * Skip over an ASN.1 object type completely. Get ready to read the next
feb11 0:85fceccc1a7c 104 * object.
feb11 0:85fceccc1a7c 105 */
feb11 0:85fceccc1a7c 106 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
feb11 0:85fceccc1a7c 107 {
feb11 0:85fceccc1a7c 108 int len;
feb11 0:85fceccc1a7c 109 if (buf[*offset] != obj_type)
feb11 0:85fceccc1a7c 110 return X509_NOT_OK;
feb11 0:85fceccc1a7c 111 (*offset)++;
feb11 0:85fceccc1a7c 112 len = get_asn1_length(buf, offset);
feb11 0:85fceccc1a7c 113 *offset += len;
feb11 0:85fceccc1a7c 114 return 0;
feb11 0:85fceccc1a7c 115 }
feb11 0:85fceccc1a7c 116
feb11 0:85fceccc1a7c 117 /**
feb11 0:85fceccc1a7c 118 * Read an integer value for ASN.1 data
feb11 0:85fceccc1a7c 119 * Note: This function allocates memory which must be freed by the user.
feb11 0:85fceccc1a7c 120 */
feb11 0:85fceccc1a7c 121 int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
feb11 0:85fceccc1a7c 122 {
feb11 0:85fceccc1a7c 123 int len;
feb11 0:85fceccc1a7c 124
feb11 0:85fceccc1a7c 125 if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
feb11 0:85fceccc1a7c 126 goto end_int_array;
feb11 0:85fceccc1a7c 127
feb11 0:85fceccc1a7c 128 if (len > 1 && buf[*offset] == 0x00) /* ignore the negative byte */
feb11 0:85fceccc1a7c 129 {
feb11 0:85fceccc1a7c 130 len--;
feb11 0:85fceccc1a7c 131 (*offset)++;
feb11 0:85fceccc1a7c 132 }
feb11 0:85fceccc1a7c 133
feb11 0:85fceccc1a7c 134 *object = (uint8_t *)malloc(len);
feb11 0:85fceccc1a7c 135 memcpy(*object, &buf[*offset], len);
feb11 0:85fceccc1a7c 136 *offset += len;
feb11 0:85fceccc1a7c 137
feb11 0:85fceccc1a7c 138 end_int_array:
feb11 0:85fceccc1a7c 139
feb11 0:85fceccc1a7c 140 return len;
feb11 0:85fceccc1a7c 141 }
feb11 0:85fceccc1a7c 142
feb11 0:85fceccc1a7c 143 /**
feb11 0:85fceccc1a7c 144 * Get all the RSA private key specifics from an ASN.1 encoded file
feb11 0:85fceccc1a7c 145 */
feb11 0:85fceccc1a7c 146 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
feb11 0:85fceccc1a7c 147 {
feb11 0:85fceccc1a7c 148 int offset = 7;
feb11 0:85fceccc1a7c 149 uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
feb11 0:85fceccc1a7c 150 int mod_len, priv_len, pub_len;
feb11 0:85fceccc1a7c 151 #ifdef CONFIG_BIGINT_CRT
feb11 0:85fceccc1a7c 152 uint8_t *p = NULL, *q = NULL, *dP = NULL, *dQ = NULL, *qInv = NULL;
feb11 0:85fceccc1a7c 153 int p_len, q_len, dP_len, dQ_len, qInv_len;
feb11 0:85fceccc1a7c 154 #endif
feb11 0:85fceccc1a7c 155
feb11 0:85fceccc1a7c 156 /* not in der format */
feb11 0:85fceccc1a7c 157 if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
feb11 0:85fceccc1a7c 158 {
feb11 0:85fceccc1a7c 159 #ifdef CONFIG_SSL_FULL_MODE
feb11 0:85fceccc1a7c 160 printf("Error: This is not a valid ASN.1 file\n");
feb11 0:85fceccc1a7c 161 #endif
feb11 0:85fceccc1a7c 162 return X509_INVALID_PRIV_KEY;
feb11 0:85fceccc1a7c 163 }
feb11 0:85fceccc1a7c 164
feb11 0:85fceccc1a7c 165 /* Use the private key to mix up the RNG if possible. */
feb11 0:85fceccc1a7c 166 RNG_custom_init(buf, len);
feb11 0:85fceccc1a7c 167
feb11 0:85fceccc1a7c 168 mod_len = asn1_get_int(buf, &offset, &modulus);
feb11 0:85fceccc1a7c 169 pub_len = asn1_get_int(buf, &offset, &pub_exp);
feb11 0:85fceccc1a7c 170 priv_len = asn1_get_int(buf, &offset, &priv_exp);
feb11 0:85fceccc1a7c 171
feb11 0:85fceccc1a7c 172 if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
feb11 0:85fceccc1a7c 173 return X509_INVALID_PRIV_KEY;
feb11 0:85fceccc1a7c 174
feb11 0:85fceccc1a7c 175 #ifdef CONFIG_BIGINT_CRT
feb11 0:85fceccc1a7c 176 p_len = asn1_get_int(buf, &offset, &p);
feb11 0:85fceccc1a7c 177 q_len = asn1_get_int(buf, &offset, &q);
feb11 0:85fceccc1a7c 178 dP_len = asn1_get_int(buf, &offset, &dP);
feb11 0:85fceccc1a7c 179 dQ_len = asn1_get_int(buf, &offset, &dQ);
feb11 0:85fceccc1a7c 180 qInv_len = asn1_get_int(buf, &offset, &qInv);
feb11 0:85fceccc1a7c 181
feb11 0:85fceccc1a7c 182 if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
feb11 0:85fceccc1a7c 183 return X509_INVALID_PRIV_KEY;
feb11 0:85fceccc1a7c 184
feb11 0:85fceccc1a7c 185 RSA_priv_key_new(rsa_ctx,
feb11 0:85fceccc1a7c 186 modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
feb11 0:85fceccc1a7c 187 p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
feb11 0:85fceccc1a7c 188
feb11 0:85fceccc1a7c 189 free(p);
feb11 0:85fceccc1a7c 190 free(q);
feb11 0:85fceccc1a7c 191 free(dP);
feb11 0:85fceccc1a7c 192 free(dQ);
feb11 0:85fceccc1a7c 193 free(qInv);
feb11 0:85fceccc1a7c 194 #else
feb11 0:85fceccc1a7c 195 RSA_priv_key_new(rsa_ctx,
feb11 0:85fceccc1a7c 196 modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
feb11 0:85fceccc1a7c 197 #endif
feb11 0:85fceccc1a7c 198
feb11 0:85fceccc1a7c 199 free(modulus);
feb11 0:85fceccc1a7c 200 free(priv_exp);
feb11 0:85fceccc1a7c 201 free(pub_exp);
feb11 0:85fceccc1a7c 202 return X509_OK;
feb11 0:85fceccc1a7c 203 }
feb11 0:85fceccc1a7c 204
feb11 0:85fceccc1a7c 205 /**
feb11 0:85fceccc1a7c 206 * Get the time of a certificate. Ignore hours/minutes/seconds.
feb11 0:85fceccc1a7c 207 */
feb11 0:85fceccc1a7c 208 static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
feb11 0:85fceccc1a7c 209 {
feb11 0:85fceccc1a7c 210 int ret = X509_NOT_OK, len, t_offset;
feb11 0:85fceccc1a7c 211 struct tm tm;
feb11 0:85fceccc1a7c 212
feb11 0:85fceccc1a7c 213 if (buf[(*offset)++] != ASN1_UTC_TIME)
feb11 0:85fceccc1a7c 214 goto end_utc_time;
feb11 0:85fceccc1a7c 215
feb11 0:85fceccc1a7c 216 len = get_asn1_length(buf, offset);
feb11 0:85fceccc1a7c 217 t_offset = *offset;
feb11 0:85fceccc1a7c 218
feb11 0:85fceccc1a7c 219 memset(&tm, 0, sizeof(struct tm));
feb11 0:85fceccc1a7c 220 tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
feb11 0:85fceccc1a7c 221
feb11 0:85fceccc1a7c 222 if (tm.tm_year <= 50) /* 1951-2050 thing */
feb11 0:85fceccc1a7c 223 {
feb11 0:85fceccc1a7c 224 tm.tm_year += 100;
feb11 0:85fceccc1a7c 225 }
feb11 0:85fceccc1a7c 226
feb11 0:85fceccc1a7c 227 tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
feb11 0:85fceccc1a7c 228 tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
feb11 0:85fceccc1a7c 229 *t = mktime(&tm);
feb11 0:85fceccc1a7c 230 *offset += len;
feb11 0:85fceccc1a7c 231 ret = X509_OK;
feb11 0:85fceccc1a7c 232
feb11 0:85fceccc1a7c 233 end_utc_time:
feb11 0:85fceccc1a7c 234 return ret;
feb11 0:85fceccc1a7c 235 }
feb11 0:85fceccc1a7c 236
feb11 0:85fceccc1a7c 237 /**
feb11 0:85fceccc1a7c 238 * Get the version type of a certificate (which we don't actually care about)
feb11 0:85fceccc1a7c 239 */
feb11 0:85fceccc1a7c 240 int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
feb11 0:85fceccc1a7c 241 {
feb11 0:85fceccc1a7c 242
feb11 0:85fceccc1a7c 243 int ret = X509_NOT_OK;
feb11 0:85fceccc1a7c 244
feb11 0:85fceccc1a7c 245 (*offset) += 2; /* get past explicit tag */
feb11 0:85fceccc1a7c 246 if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
feb11 0:85fceccc1a7c 247 goto end_version;
feb11 0:85fceccc1a7c 248
feb11 0:85fceccc1a7c 249 ret = X509_OK;
feb11 0:85fceccc1a7c 250 end_version:
feb11 0:85fceccc1a7c 251 return ret;
feb11 0:85fceccc1a7c 252 }
feb11 0:85fceccc1a7c 253
feb11 0:85fceccc1a7c 254 /**
feb11 0:85fceccc1a7c 255 * Retrieve the notbefore and notafter certificate times.
feb11 0:85fceccc1a7c 256 */
feb11 0:85fceccc1a7c 257 int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
feb11 0:85fceccc1a7c 258 {
feb11 0:85fceccc1a7c 259 return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
feb11 0:85fceccc1a7c 260 asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
feb11 0:85fceccc1a7c 261 asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
feb11 0:85fceccc1a7c 262 }
feb11 0:85fceccc1a7c 263
feb11 0:85fceccc1a7c 264 /**
feb11 0:85fceccc1a7c 265 * Get the components of a distinguished name
feb11 0:85fceccc1a7c 266 */
feb11 0:85fceccc1a7c 267 static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
feb11 0:85fceccc1a7c 268 {
feb11 0:85fceccc1a7c 269 int dn_type = 0;
feb11 0:85fceccc1a7c 270 int len;
feb11 0:85fceccc1a7c 271
feb11 0:85fceccc1a7c 272 if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
feb11 0:85fceccc1a7c 273 goto end_oid;
feb11 0:85fceccc1a7c 274
feb11 0:85fceccc1a7c 275 /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name
feb11 0:85fceccc1a7c 276 components we are interested in. */
feb11 0:85fceccc1a7c 277 if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
feb11 0:85fceccc1a7c 278 dn_type = buf[(*offset)++];
feb11 0:85fceccc1a7c 279 else
feb11 0:85fceccc1a7c 280 {
feb11 0:85fceccc1a7c 281 *offset += len; /* skip over it */
feb11 0:85fceccc1a7c 282 }
feb11 0:85fceccc1a7c 283
feb11 0:85fceccc1a7c 284 end_oid:
feb11 0:85fceccc1a7c 285 return dn_type;
feb11 0:85fceccc1a7c 286 }
feb11 0:85fceccc1a7c 287
feb11 0:85fceccc1a7c 288 /**
feb11 0:85fceccc1a7c 289 * Obtain an ASN.1 printable string type.
feb11 0:85fceccc1a7c 290 */
feb11 0:85fceccc1a7c 291 static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
feb11 0:85fceccc1a7c 292 {
feb11 0:85fceccc1a7c 293 int len = X509_NOT_OK;
feb11 0:85fceccc1a7c 294 int asn1_type = buf[*offset];
feb11 0:85fceccc1a7c 295
feb11 0:85fceccc1a7c 296 /* some certs have this awful crud in them for some reason */
feb11 0:85fceccc1a7c 297 if (asn1_type != ASN1_PRINTABLE_STR &&
feb11 0:85fceccc1a7c 298 asn1_type != ASN1_PRINTABLE_STR2 &&
feb11 0:85fceccc1a7c 299 asn1_type != ASN1_TELETEX_STR &&
feb11 0:85fceccc1a7c 300 asn1_type != ASN1_IA5_STR &&
feb11 0:85fceccc1a7c 301 asn1_type != ASN1_UNICODE_STR)
feb11 0:85fceccc1a7c 302 goto end_pnt_str;
feb11 0:85fceccc1a7c 303
feb11 0:85fceccc1a7c 304 (*offset)++;
feb11 0:85fceccc1a7c 305 len = get_asn1_length(buf, offset);
feb11 0:85fceccc1a7c 306
feb11 0:85fceccc1a7c 307 if (asn1_type == ASN1_UNICODE_STR)
feb11 0:85fceccc1a7c 308 {
feb11 0:85fceccc1a7c 309 int i;
feb11 0:85fceccc1a7c 310 *str = (char *)malloc(len/2+1); /* allow for null */
feb11 0:85fceccc1a7c 311
feb11 0:85fceccc1a7c 312 for (i = 0; i < len; i += 2)
feb11 0:85fceccc1a7c 313 (*str)[i/2] = buf[*offset + i + 1];
feb11 0:85fceccc1a7c 314
feb11 0:85fceccc1a7c 315 (*str)[len/2] = 0; /* null terminate */
feb11 0:85fceccc1a7c 316 }
feb11 0:85fceccc1a7c 317 else
feb11 0:85fceccc1a7c 318 {
feb11 0:85fceccc1a7c 319 *str = (char *)malloc(len+1); /* allow for null */
feb11 0:85fceccc1a7c 320 memcpy(*str, &buf[*offset], len);
feb11 0:85fceccc1a7c 321 (*str)[len] = 0; /* null terminate */
feb11 0:85fceccc1a7c 322 }
feb11 0:85fceccc1a7c 323
feb11 0:85fceccc1a7c 324 *offset += len;
feb11 0:85fceccc1a7c 325
feb11 0:85fceccc1a7c 326 end_pnt_str:
feb11 0:85fceccc1a7c 327 return len;
feb11 0:85fceccc1a7c 328 }
feb11 0:85fceccc1a7c 329
feb11 0:85fceccc1a7c 330 /**
feb11 0:85fceccc1a7c 331 * Get the subject name (or the issuer) of a certificate.
feb11 0:85fceccc1a7c 332 */
feb11 0:85fceccc1a7c 333 int asn1_name(const uint8_t *cert, int *offset, char *dn[])
feb11 0:85fceccc1a7c 334 {
feb11 0:85fceccc1a7c 335 int ret = X509_NOT_OK;
feb11 0:85fceccc1a7c 336 int dn_type;
feb11 0:85fceccc1a7c 337 char *tmp;
feb11 0:85fceccc1a7c 338
feb11 0:85fceccc1a7c 339 if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
feb11 0:85fceccc1a7c 340 goto end_name;
feb11 0:85fceccc1a7c 341
feb11 0:85fceccc1a7c 342 while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
feb11 0:85fceccc1a7c 343 {
feb11 0:85fceccc1a7c 344 int i, found = 0;
feb11 0:85fceccc1a7c 345
feb11 0:85fceccc1a7c 346 if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
feb11 0:85fceccc1a7c 347 (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
feb11 0:85fceccc1a7c 348 goto end_name;
feb11 0:85fceccc1a7c 349
feb11 0:85fceccc1a7c 350 tmp = NULL;
feb11 0:85fceccc1a7c 351
feb11 0:85fceccc1a7c 352 if (asn1_get_printable_str(cert, offset, &tmp) < 0)
feb11 0:85fceccc1a7c 353 {
feb11 0:85fceccc1a7c 354 free(tmp);
feb11 0:85fceccc1a7c 355 goto end_name;
feb11 0:85fceccc1a7c 356 }
feb11 0:85fceccc1a7c 357
feb11 0:85fceccc1a7c 358 /* find the distinguished named type */
feb11 0:85fceccc1a7c 359 for (i = 0; i < X509_NUM_DN_TYPES; i++)
feb11 0:85fceccc1a7c 360 {
feb11 0:85fceccc1a7c 361 if (dn_type == g_dn_types[i])
feb11 0:85fceccc1a7c 362 {
feb11 0:85fceccc1a7c 363 if (dn[i] == NULL)
feb11 0:85fceccc1a7c 364 {
feb11 0:85fceccc1a7c 365 dn[i] = tmp;
feb11 0:85fceccc1a7c 366 found = 1;
feb11 0:85fceccc1a7c 367 break;
feb11 0:85fceccc1a7c 368 }
feb11 0:85fceccc1a7c 369 }
feb11 0:85fceccc1a7c 370 }
feb11 0:85fceccc1a7c 371
feb11 0:85fceccc1a7c 372 if (found == 0) /* not found so get rid of it */
feb11 0:85fceccc1a7c 373 {
feb11 0:85fceccc1a7c 374 free(tmp);
feb11 0:85fceccc1a7c 375 }
feb11 0:85fceccc1a7c 376 }
feb11 0:85fceccc1a7c 377
feb11 0:85fceccc1a7c 378 ret = X509_OK;
feb11 0:85fceccc1a7c 379 end_name:
feb11 0:85fceccc1a7c 380 return ret;
feb11 0:85fceccc1a7c 381 }
feb11 0:85fceccc1a7c 382
feb11 0:85fceccc1a7c 383 /**
feb11 0:85fceccc1a7c 384 * Read the modulus and public exponent of a certificate.
feb11 0:85fceccc1a7c 385 */
feb11 0:85fceccc1a7c 386 int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
feb11 0:85fceccc1a7c 387 {
feb11 0:85fceccc1a7c 388 int ret = X509_NOT_OK, mod_len, pub_len;
feb11 0:85fceccc1a7c 389 int offset2 = 0, oid_len = 0;
feb11 0:85fceccc1a7c 390 uint8_t *modulus = NULL, *pub_exp = NULL;
feb11 0:85fceccc1a7c 391
feb11 0:85fceccc1a7c 392 if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
feb11 0:85fceccc1a7c 393 goto end_pub_key;
feb11 0:85fceccc1a7c 394
feb11 0:85fceccc1a7c 395 offset2 = *offset;
feb11 0:85fceccc1a7c 396 if(asn1_next_obj(cert, &offset2, ASN1_SEQUENCE) < 0)
feb11 0:85fceccc1a7c 397 goto end_pub_key;
feb11 0:85fceccc1a7c 398 oid_len = asn1_next_obj(cert, &offset2, ASN1_OID);
feb11 0:85fceccc1a7c 399 if(oid_len < 0)
feb11 0:85fceccc1a7c 400 goto end_pub_key;
feb11 0:85fceccc1a7c 401 if(memcmp(rsaOID, &cert[offset2], oid_len))
feb11 0:85fceccc1a7c 402 {
feb11 0:85fceccc1a7c 403 printf("Only RSA public key algorithm is supported\n");
feb11 0:85fceccc1a7c 404 goto end_pub_key;
feb11 0:85fceccc1a7c 405 }
feb11 0:85fceccc1a7c 406
feb11 0:85fceccc1a7c 407 if (asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
feb11 0:85fceccc1a7c 408 asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
feb11 0:85fceccc1a7c 409 goto end_pub_key;
feb11 0:85fceccc1a7c 410
feb11 0:85fceccc1a7c 411 (*offset)++; /* ignore the padding bit field */
feb11 0:85fceccc1a7c 412
feb11 0:85fceccc1a7c 413 if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
feb11 0:85fceccc1a7c 414 goto end_pub_key;
feb11 0:85fceccc1a7c 415
feb11 0:85fceccc1a7c 416 mod_len = asn1_get_int(cert, offset, &modulus);
feb11 0:85fceccc1a7c 417 pub_len = asn1_get_int(cert, offset, &pub_exp);
feb11 0:85fceccc1a7c 418
feb11 0:85fceccc1a7c 419 RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
feb11 0:85fceccc1a7c 420
feb11 0:85fceccc1a7c 421 free(modulus);
feb11 0:85fceccc1a7c 422 free(pub_exp);
feb11 0:85fceccc1a7c 423 ret = X509_OK;
feb11 0:85fceccc1a7c 424
feb11 0:85fceccc1a7c 425 end_pub_key:
feb11 0:85fceccc1a7c 426 return ret;
feb11 0:85fceccc1a7c 427 }
feb11 0:85fceccc1a7c 428
feb11 0:85fceccc1a7c 429 #ifdef CONFIG_SSL_CERT_VERIFICATION
feb11 0:85fceccc1a7c 430 /**
feb11 0:85fceccc1a7c 431 * Read the signature of the certificate.
feb11 0:85fceccc1a7c 432 */
feb11 0:85fceccc1a7c 433 int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
feb11 0:85fceccc1a7c 434 {
feb11 0:85fceccc1a7c 435 int ret = X509_NOT_OK;
feb11 0:85fceccc1a7c 436
feb11 0:85fceccc1a7c 437 if (cert[(*offset)++] != ASN1_BIT_STRING)
feb11 0:85fceccc1a7c 438 goto end_sig;
feb11 0:85fceccc1a7c 439
feb11 0:85fceccc1a7c 440 x509_ctx->sig_len = get_asn1_length(cert, offset)-1;
feb11 0:85fceccc1a7c 441 (*offset)++; /* ignore bit string padding bits */
feb11 0:85fceccc1a7c 442 x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
feb11 0:85fceccc1a7c 443 memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
feb11 0:85fceccc1a7c 444 *offset += x509_ctx->sig_len;
feb11 0:85fceccc1a7c 445 ret = X509_OK;
feb11 0:85fceccc1a7c 446
feb11 0:85fceccc1a7c 447 end_sig:
feb11 0:85fceccc1a7c 448 return ret;
feb11 0:85fceccc1a7c 449 }
feb11 0:85fceccc1a7c 450
feb11 0:85fceccc1a7c 451 /*
feb11 0:85fceccc1a7c 452 * Compare 2 distinguished name components for equality
feb11 0:85fceccc1a7c 453 * @return 0 if a match
feb11 0:85fceccc1a7c 454 */
feb11 0:85fceccc1a7c 455 static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
feb11 0:85fceccc1a7c 456 {
feb11 0:85fceccc1a7c 457 int ret;
feb11 0:85fceccc1a7c 458
feb11 0:85fceccc1a7c 459 if (dn1 == NULL && dn2 == NULL)
feb11 0:85fceccc1a7c 460 ret = 0;
feb11 0:85fceccc1a7c 461 else
feb11 0:85fceccc1a7c 462 ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 1;
feb11 0:85fceccc1a7c 463
feb11 0:85fceccc1a7c 464 return ret;
feb11 0:85fceccc1a7c 465 }
feb11 0:85fceccc1a7c 466
feb11 0:85fceccc1a7c 467 /**
feb11 0:85fceccc1a7c 468 * Clean up all of the CA certificates.
feb11 0:85fceccc1a7c 469 */
feb11 0:85fceccc1a7c 470 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
feb11 0:85fceccc1a7c 471 {
feb11 0:85fceccc1a7c 472 int i = 0;
feb11 0:85fceccc1a7c 473
feb11 0:85fceccc1a7c 474 if (ca_cert_ctx == NULL)
feb11 0:85fceccc1a7c 475 return;
feb11 0:85fceccc1a7c 476
feb11 0:85fceccc1a7c 477 while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
feb11 0:85fceccc1a7c 478 {
feb11 0:85fceccc1a7c 479 x509_free(ca_cert_ctx->cert[i]);
feb11 0:85fceccc1a7c 480 ca_cert_ctx->cert[i++] = NULL;
feb11 0:85fceccc1a7c 481 }
feb11 0:85fceccc1a7c 482
feb11 0:85fceccc1a7c 483 free(ca_cert_ctx);
feb11 0:85fceccc1a7c 484 }
feb11 0:85fceccc1a7c 485
feb11 0:85fceccc1a7c 486 /*
feb11 0:85fceccc1a7c 487 * Compare 2 distinguished names for equality
feb11 0:85fceccc1a7c 488 * @return 0 if a match
feb11 0:85fceccc1a7c 489 */
feb11 0:85fceccc1a7c 490 int asn1_compare_dn(char * const dn1[], char * const dn2[])
feb11 0:85fceccc1a7c 491 {
feb11 0:85fceccc1a7c 492 int i;
feb11 0:85fceccc1a7c 493
feb11 0:85fceccc1a7c 494 for (i = 0; i < X509_NUM_DN_TYPES; i++)
feb11 0:85fceccc1a7c 495 {
feb11 0:85fceccc1a7c 496 if (asn1_compare_dn_comp(dn1[i], dn2[i]))
feb11 0:85fceccc1a7c 497 return 1;
feb11 0:85fceccc1a7c 498 }
feb11 0:85fceccc1a7c 499
feb11 0:85fceccc1a7c 500 return 0; /* all good */
feb11 0:85fceccc1a7c 501 }
feb11 0:85fceccc1a7c 502
feb11 0:85fceccc1a7c 503 int asn1_find_oid(const uint8_t* cert, int* offset,
feb11 0:85fceccc1a7c 504 const uint8_t* oid, int oid_length)
feb11 0:85fceccc1a7c 505 {
feb11 0:85fceccc1a7c 506 int seqlen;
feb11 0:85fceccc1a7c 507 if ((seqlen = asn1_next_obj(cert, offset, ASN1_SEQUENCE))> 0)
feb11 0:85fceccc1a7c 508 {
feb11 0:85fceccc1a7c 509 int end = *offset + seqlen;
feb11 0:85fceccc1a7c 510
feb11 0:85fceccc1a7c 511 while (*offset < end)
feb11 0:85fceccc1a7c 512 {
feb11 0:85fceccc1a7c 513 int type = cert[(*offset)++];
feb11 0:85fceccc1a7c 514 int length = get_asn1_length(cert, offset);
feb11 0:85fceccc1a7c 515 int noffset = *offset + length;
feb11 0:85fceccc1a7c 516
feb11 0:85fceccc1a7c 517 if (type == ASN1_SEQUENCE)
feb11 0:85fceccc1a7c 518 {
feb11 0:85fceccc1a7c 519 type = cert[(*offset)++];
feb11 0:85fceccc1a7c 520 length = get_asn1_length(cert, offset);
feb11 0:85fceccc1a7c 521
feb11 0:85fceccc1a7c 522 if (type == ASN1_OID && length == oid_length &&
feb11 0:85fceccc1a7c 523 memcmp(cert + *offset, oid, oid_length) == 0)
feb11 0:85fceccc1a7c 524 {
feb11 0:85fceccc1a7c 525 *offset += oid_length;
feb11 0:85fceccc1a7c 526 return 1;
feb11 0:85fceccc1a7c 527 }
feb11 0:85fceccc1a7c 528 }
feb11 0:85fceccc1a7c 529
feb11 0:85fceccc1a7c 530 *offset = noffset;
feb11 0:85fceccc1a7c 531 }
feb11 0:85fceccc1a7c 532 }
feb11 0:85fceccc1a7c 533
feb11 0:85fceccc1a7c 534 return 0;
feb11 0:85fceccc1a7c 535 }
feb11 0:85fceccc1a7c 536
feb11 0:85fceccc1a7c 537 int asn1_find_subjectaltname(const uint8_t* cert, int offset)
feb11 0:85fceccc1a7c 538 {
feb11 0:85fceccc1a7c 539 if (asn1_find_oid(cert, &offset, sig_subject_alt_name,
feb11 0:85fceccc1a7c 540 SIG_SUBJECT_ALT_NAME_SIZE))
feb11 0:85fceccc1a7c 541 {
feb11 0:85fceccc1a7c 542 return offset;
feb11 0:85fceccc1a7c 543 }
feb11 0:85fceccc1a7c 544
feb11 0:85fceccc1a7c 545 return 0;
feb11 0:85fceccc1a7c 546 }
feb11 0:85fceccc1a7c 547
feb11 0:85fceccc1a7c 548 #endif /* CONFIG_SSL_CERT_VERIFICATION */
feb11 0:85fceccc1a7c 549
feb11 0:85fceccc1a7c 550 /**
feb11 0:85fceccc1a7c 551 * Read the signature type of the certificate. We only support RSA-MD5 and
feb11 0:85fceccc1a7c 552 * RSA-SHA1 signature types.
feb11 0:85fceccc1a7c 553 */
feb11 0:85fceccc1a7c 554 int asn1_signature_type(const uint8_t *cert,
feb11 0:85fceccc1a7c 555 int *offset, X509_CTX *x509_ctx)
feb11 0:85fceccc1a7c 556 {
feb11 0:85fceccc1a7c 557 int ret = X509_NOT_OK, len;
feb11 0:85fceccc1a7c 558
feb11 0:85fceccc1a7c 559 if (cert[(*offset)++] != ASN1_OID)
feb11 0:85fceccc1a7c 560 goto end_check_sig;
feb11 0:85fceccc1a7c 561
feb11 0:85fceccc1a7c 562 len = get_asn1_length(cert, offset);
feb11 0:85fceccc1a7c 563
feb11 0:85fceccc1a7c 564 if (len == 5 && memcmp(sig_sha1WithRSAEncrypt, &cert[*offset],
feb11 0:85fceccc1a7c 565 SIG_IIS6_OID_SIZE) == 0)
feb11 0:85fceccc1a7c 566 {
feb11 0:85fceccc1a7c 567 x509_ctx->sig_type = SIG_TYPE_SHA1;
feb11 0:85fceccc1a7c 568 }
feb11 0:85fceccc1a7c 569 else
feb11 0:85fceccc1a7c 570 {
feb11 0:85fceccc1a7c 571 if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
feb11 0:85fceccc1a7c 572 goto end_check_sig; /* unrecognised cert type */
feb11 0:85fceccc1a7c 573
feb11 0:85fceccc1a7c 574 x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
feb11 0:85fceccc1a7c 575 }
feb11 0:85fceccc1a7c 576
feb11 0:85fceccc1a7c 577 *offset += len;
feb11 0:85fceccc1a7c 578 asn1_skip_obj(cert, offset, ASN1_NULL); /* if it's there */
feb11 0:85fceccc1a7c 579 ret = X509_OK;
feb11 0:85fceccc1a7c 580
feb11 0:85fceccc1a7c 581 end_check_sig:
feb11 0:85fceccc1a7c 582 return ret;
feb11 0:85fceccc1a7c 583 }
feb11 0:85fceccc1a7c 584
feb11 0:85fceccc1a7c 585
feb11 0:85fceccc1a7c 586