Todd Ouska
/
CyaSSL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: cyassl-client Sync
Embed:
(wiki syntax)
Show/hide line numbers
asn.c
00001 /* asn.c 00002 * 00003 * Copyright (C) 2006-2009 Sawtooth Consulting Ltd. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 00020 */ 00021 00022 00023 #ifdef THREADX 00024 #include "os.h" /* dc_rtc_api needs */ 00025 #include "dc_rtc_api.h" /* to get current time */ 00026 #endif 00027 #include "asn.h" 00028 #include "coding.h" 00029 #include "ctc_sha.h" 00030 #include "ctc_md5.h" 00031 #include "error.h" 00032 00033 #ifdef HAVE_NTRU 00034 #include "crypto_ntru.h" 00035 #endif 00036 00037 00038 #ifdef _MSC_VER 00039 /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */ 00040 #pragma warning(disable: 4996) 00041 #endif 00042 00043 00044 #ifndef TRUE 00045 enum { 00046 FALSE = 0, 00047 TRUE = 1 00048 }; 00049 #endif 00050 00051 enum { 00052 ISSUER = 0, 00053 SUBJECT = 1, 00054 00055 BEFORE = 0, 00056 AFTER = 1 00057 }; 00058 00059 00060 #ifdef THREADX 00061 /* uses parital <time.h> structures */ 00062 #define XTIME(tl) (0) 00063 #define XGMTIME(c) my_gmtime((c)) 00064 #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) 00065 #elif defined(MICRIUM) 00066 #include <clk.h> 00067 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) 00068 #define XVALIDATE_DATE(d, f, t) NetSecure_ValidDate((d), (f), (t)) 00069 #else 00070 #define XVALIDATE_DATE(d, f, t) (0) 00071 #endif 00072 #define NO_TIME_H 00073 /* since Micrium not defining XTIME or XGMTIME, CERT_GEN not available */ 00074 #elif defined(USER_TIME) 00075 /* no <time.h> strucutres used */ 00076 #define NO_TIME_H 00077 /* user time, and gmtime compatible functions, there is a gmtime 00078 implementation here that WINCE uses, so really just need some ticks 00079 since the EPOCH 00080 */ 00081 #else 00082 /* default */ 00083 /* uses complete <time.h> facility */ 00084 #include <time.h> 00085 #define XTIME(tl) time((tl)) 00086 #define XGMTIME(c) gmtime((c)) 00087 #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) 00088 #endif 00089 00090 00091 #ifdef _WIN32_WCE 00092 /* no time() or gmtime() even though in time.h header?? */ 00093 00094 #include <windows.h> 00095 00096 00097 time_t time(time_t* timer) 00098 { 00099 SYSTEMTIME sysTime; 00100 FILETIME fTime; 00101 ULARGE_INTEGER intTime; 00102 time_t localTime; 00103 00104 if (timer == NULL) 00105 timer = &localTime; 00106 00107 GetSystemTime(&sysTime); 00108 SystemTimeToFileTime(&sysTime, &fTime); 00109 00110 XMEMCPY(&intTime, &fTime, sizeof(FILETIME)); 00111 /* subtract EPOCH */ 00112 intTime.QuadPart -= 0x19db1ded53e8000; 00113 /* to secs */ 00114 intTime.QuadPart /= 10000000; 00115 *timer = (time_t)intTime.QuadPart; 00116 00117 return *timer; 00118 } 00119 00120 00121 00122 struct tm* gmtime(const time_t* timer) 00123 { 00124 #define YEAR0 1900 00125 #define EPOCH_YEAR 1970 00126 #define SECS_DAY (24L * 60L * 60L) 00127 #define LEAPYEAR(year) (!((year) % 4) && (((year) % 100) || !((year) %400))) 00128 #define YEARSIZE(year) (LEAPYEAR(year) ? 366 : 365) 00129 00130 static const int _ytab[2][12] = 00131 { 00132 {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, 00133 {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31} 00134 }; 00135 00136 static struct tm st_time; 00137 struct tm* ret = &st_time; 00138 time_t time = *timer; 00139 unsigned long dayclock, dayno; 00140 int year = EPOCH_YEAR; 00141 00142 dayclock = (unsigned long)time % SECS_DAY; 00143 dayno = (unsigned long)time / SECS_DAY; 00144 00145 ret->tm_sec = dayclock % 60; 00146 ret->tm_min = (dayclock % 3600) / 60; 00147 ret->tm_hour = dayclock / 3600; 00148 ret->tm_wday = (dayno + 4) % 7; /* day 0 a Thursday */ 00149 00150 while(dayno >= (unsigned long)YEARSIZE(year)) { 00151 dayno -= YEARSIZE(year); 00152 year++; 00153 } 00154 00155 ret->tm_year = year - YEAR0; 00156 ret->tm_yday = dayno; 00157 ret->tm_mon = 0; 00158 00159 while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) { 00160 dayno -= _ytab[LEAPYEAR(year)][ret->tm_mon]; 00161 ret->tm_mon++; 00162 } 00163 00164 ret->tm_mday = ++dayno; 00165 ret->tm_isdst = 0; 00166 00167 return ret; 00168 } 00169 00170 #endif /* _WIN32_WCE */ 00171 00172 00173 00174 #ifdef THREADX 00175 00176 #define YEAR0 1900 00177 00178 struct tm* my_gmtime(const time_t* timer) /* has a gmtime() but hangs */ 00179 { 00180 static struct tm st_time; 00181 struct tm* ret = &st_time; 00182 00183 DC_RTC_CALENDAR cal; 00184 dc_rtc_time_get(&cal, TRUE); 00185 00186 ret->tm_year = cal.year - YEAR0; /* gm starts at 1900 */ 00187 ret->tm_mon = cal.month - 1; /* gm starts at 0 */ 00188 ret->tm_mday = cal.day; 00189 ret->tm_hour = cal.hour; 00190 ret->tm_min = cal.minute; 00191 ret->tm_sec = cal.second; 00192 00193 return ret; 00194 } 00195 00196 #endif /* THREADX */ 00197 00198 00199 static INLINE word32 btoi(byte b) 00200 { 00201 return b - 0x30; 00202 } 00203 00204 00205 /* two byte date/time, add to value */ 00206 static INLINE void GetTime(int* value, const byte* date, int* idx) 00207 { 00208 int i = *idx; 00209 00210 *value += btoi(date[i++]) * 10; 00211 *value += btoi(date[i++]); 00212 00213 *idx = i; 00214 } 00215 00216 00217 #if defined(MICRIUM) 00218 00219 static int NetSecure_ValidDate(CPU_INT08U *date, CPU_INT08U format, 00220 CPU_INT08U dateType) 00221 { 00222 CLK_DATE_TIME cert_date_time; 00223 CLK_TS_SEC cert_ts_sec; 00224 CLK_TS_SEC local_ts_sec; 00225 CPU_INT32S i; 00226 CPU_INT32S val; 00227 00228 local_ts_sec = Clk_GetTS(); 00229 XMEMSET(&cert_date_time, 0, sizeof(cert_date_time)); 00230 00231 i = 0; 00232 if (format == ASN_UTC_TIME) { 00233 if (btoi(date[0]) >= 5) 00234 cert_date_time.Yr = 1900; 00235 else 00236 cert_date_time.Yr = 2000; 00237 } 00238 else { /* format == GENERALIZED_TIME */ 00239 cert_date_time.Yr += btoi(date[i++]) * 1000; 00240 cert_date_time.Yr += btoi(date[i++]) * 100; 00241 } 00242 00243 val = cert_date_time.Yr; 00244 GetTime(&val, date, &i); 00245 cert_date_time.Yr = (CLK_YR)val; 00246 00247 val = 0; 00248 GetTime(&val, date, &i); 00249 cert_date_time.Month = (CLK_MONTH)val; 00250 00251 val = 0; 00252 GetTime(&val, date, &i); 00253 cert_date_time.Day = (CLK_DAY)val; 00254 00255 val = 0; 00256 GetTime(&val, date, &i); 00257 cert_date_time.Hr = (CLK_HR)val; 00258 00259 val = 0; 00260 GetTime(&val, date, &i); 00261 cert_date_time.Min = (CLK_MIN)val; 00262 00263 val = 0; 00264 GetTime(&val, date, &i); 00265 cert_date_time.Sec = (CLK_SEC)val; 00266 00267 if (date[i] != 'Z') /* only Zulu supported for this profile */ 00268 return 0; 00269 00270 cert_date_time.DayOfWk = 1; 00271 cert_date_time.DayOfYr = 1; 00272 Clk_DateTimeToTS(&cert_ts_sec, &cert_date_time); 00273 00274 00275 if (dateType == BEFORE) { 00276 if (local_ts_sec < cert_ts_sec) /* If cert creation date after 00277 current date... */ 00278 return (DEF_FAIL); /* ... report an error. */ 00279 } else { 00280 if (local_ts_sec > cert_ts_sec) /* If cert expiration date before 00281 current date... */ 00282 return (DEF_FAIL); /* ... report an error. */ 00283 } 00284 00285 return (DEF_OK); 00286 } 00287 00288 #endif /* MICRIUM */ 00289 00290 00291 int GetLength(const byte* input, word32* inOutIdx, int* len) 00292 { 00293 int length = 0; 00294 word32 i = *inOutIdx; 00295 00296 byte b = input[i++]; 00297 if (b >= ASN_LONG_LENGTH) { 00298 word32 bytes = b & 0x7F; 00299 00300 while (bytes--) { 00301 b = input[i++]; 00302 length = (length << 8) | b; 00303 } 00304 } 00305 else 00306 length = b; 00307 00308 *inOutIdx = i; 00309 *len = length; 00310 00311 return length; 00312 } 00313 00314 00315 int GetSequence(const byte* input, word32* inOutIdx, int* len) 00316 { 00317 int length = -1; 00318 word32 idx = *inOutIdx; 00319 00320 if (input[idx++] != (ASN_SEQUENCE | ASN_CONSTRUCTED) || 00321 GetLength(input, &idx, &length) < 0) 00322 return ASN_PARSE_E; 00323 00324 *len = length; 00325 *inOutIdx = idx; 00326 00327 return length; 00328 } 00329 00330 00331 int GetSet(const byte* input, word32* inOutIdx, int* len) 00332 { 00333 int length = -1; 00334 word32 idx = *inOutIdx; 00335 00336 if (input[idx++] != (ASN_SET | ASN_CONSTRUCTED) || 00337 GetLength(input, &idx, &length) < 0) 00338 return ASN_PARSE_E; 00339 00340 *len = length; 00341 *inOutIdx = idx; 00342 00343 return length; 00344 } 00345 00346 00347 /* winodws header clash for WinCE using GetVersion */ 00348 int GetMyVersion(const byte* input, word32* inOutIdx, int* version) 00349 { 00350 word32 idx = *inOutIdx; 00351 00352 if (input[idx++] != ASN_INTEGER) 00353 return ASN_PARSE_E; 00354 00355 if (input[idx++] != 0x01) 00356 return ASN_VERSION_E; 00357 00358 *version = input[idx++]; 00359 *inOutIdx = idx; 00360 00361 return *version; 00362 } 00363 00364 00365 /* May not have one, not an error */ 00366 int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version) 00367 { 00368 word32 idx = *inOutIdx; 00369 00370 if (input[idx++] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { 00371 *inOutIdx = ++idx; /* eat header */ 00372 return GetMyVersion(input, inOutIdx, version); 00373 } 00374 00375 /* go back as is */ 00376 *version = 0; 00377 00378 return 0; 00379 } 00380 00381 00382 int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx ) 00383 { 00384 word32 i = *inOutIdx; 00385 byte b = input[i++]; 00386 int length; 00387 00388 if (b != ASN_INTEGER) 00389 return ASN_PARSE_E; 00390 00391 if (GetLength(input, &i, &length) < 0) 00392 return ASN_PARSE_E; 00393 00394 if ( (b = input[i++]) == 0x00) 00395 length--; 00396 else 00397 i--; 00398 00399 mp_init(mpi); 00400 if (mp_read_unsigned_bin(mpi, (byte*)input + i, length) != 0) { 00401 mp_clear(mpi); 00402 return ASN_GETINT_E; 00403 } 00404 00405 *inOutIdx = i + length; 00406 return 0; 00407 } 00408 00409 00410 static int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid) 00411 { 00412 int length; 00413 word32 i = *inOutIdx; 00414 byte b; 00415 *oid = 0; 00416 00417 if (GetSequence(input, &i, &length) < 0) 00418 return ASN_PARSE_E; 00419 00420 b = input[i++]; 00421 if (b != ASN_OBJECT_ID) 00422 return ASN_OBJECT_ID_E; 00423 00424 if (GetLength(input, &i, &length) < 0) 00425 return ASN_PARSE_E; 00426 00427 while(length--) 00428 *oid += input[i++]; 00429 /* just sum it up for now */ 00430 00431 /* could have NULL tag and 0 terminator, but may not */ 00432 b = input[i++]; 00433 00434 if (b == ASN_TAG_NULL) { 00435 b = input[i++]; 00436 if (b != 0) 00437 return ASN_EXPECT_0_E; 00438 } 00439 else 00440 /* go back, didn't have it */ 00441 i--; 00442 00443 *inOutIdx = i; 00444 00445 return 0; 00446 } 00447 00448 00449 int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, 00450 word32 inSz) 00451 { 00452 word32 begin = *inOutIdx; 00453 int version, length; 00454 00455 if (GetSequence(input, inOutIdx, &length) < 0) 00456 return ASN_PARSE_E; 00457 00458 if ((word32)length > (inSz - (*inOutIdx - begin))) 00459 return ASN_INPUT_E; 00460 00461 if (GetMyVersion(input, inOutIdx, &version) < 0) 00462 return ASN_PARSE_E; 00463 00464 key->type = RSA_PRIVATE; 00465 00466 if (GetInt(&key->n, input, inOutIdx) < 0 || 00467 GetInt(&key->e, input, inOutIdx) < 0 || 00468 GetInt(&key->d, input, inOutIdx) < 0 || 00469 GetInt(&key->p, input, inOutIdx) < 0 || 00470 GetInt(&key->q, input, inOutIdx) < 0 || 00471 GetInt(&key->dP, input, inOutIdx) < 0 || 00472 GetInt(&key->dQ, input, inOutIdx) < 0 || 00473 GetInt(&key->u, input, inOutIdx) < 0 ) return ASN_RSA_KEY_E; 00474 00475 return 0; 00476 } 00477 00478 00479 /* Remove PKCS8 header, move beginning of traditional to beginning of input */ 00480 int ToTraditional(byte* input, word32 sz) 00481 { 00482 word32 inOutIdx = 0, oid; 00483 int version, length; 00484 00485 if (GetSequence(input, &inOutIdx, &length) < 0) 00486 return ASN_PARSE_E; 00487 00488 if ((word32)length > (sz - inOutIdx)) 00489 return ASN_INPUT_E; 00490 00491 if (GetMyVersion(input, &inOutIdx, &version) < 0) 00492 return ASN_PARSE_E; 00493 00494 if (GetAlgoId(input, &inOutIdx, &oid) < 0) 00495 return ASN_PARSE_E; 00496 00497 if (input[inOutIdx++] != ASN_OCTET_STRING) 00498 return ASN_PARSE_E; 00499 00500 if (GetLength(input, &inOutIdx, &length) < 0) 00501 return ASN_PARSE_E; 00502 00503 if ((word32)length > (sz - inOutIdx)) 00504 return ASN_INPUT_E; 00505 00506 XMEMMOVE(input, input + inOutIdx, length); 00507 00508 return 0; 00509 } 00510 00511 00512 int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, 00513 word32 inSz) 00514 { 00515 word32 begin = *inOutIdx; 00516 int length; 00517 byte b; 00518 00519 if (GetSequence(input, inOutIdx, &length) < 0) 00520 return ASN_PARSE_E; 00521 00522 if ((word32)length > (inSz - (*inOutIdx - begin))) 00523 return ASN_INPUT_E; 00524 00525 key->type = RSA_PUBLIC; 00526 b = input[*inOutIdx]; 00527 00528 #ifdef OPENSSL_EXTRA 00529 if (b != ASN_INTEGER) { 00530 /* not from decoded cert, will have algo id, skip past */ 00531 if (GetSequence(input, inOutIdx, &length) < 0) 00532 return ASN_PARSE_E; 00533 00534 b = input[(*inOutIdx)++]; 00535 if (b != ASN_OBJECT_ID) 00536 return ASN_OBJECT_ID_E; 00537 00538 if (GetLength(input, inOutIdx, &length) < 0) 00539 return ASN_PARSE_E; 00540 00541 *inOutIdx += length; /* skip past */ 00542 00543 /* could have NULL tag and 0 terminator, but may not */ 00544 b = input[(*inOutIdx)++]; 00545 00546 if (b == ASN_TAG_NULL) { 00547 b = input[(*inOutIdx)++]; 00548 if (b != 0) 00549 return ASN_EXPECT_0_E; 00550 } 00551 else 00552 /* go back, didn't have it */ 00553 (*inOutIdx)--; 00554 00555 /* should have bit tag length and seq next */ 00556 b = input[(*inOutIdx)++]; 00557 if (b != ASN_BIT_STRING) 00558 return ASN_BITSTR_E; 00559 00560 if (GetLength(input, inOutIdx, &length) < 0) 00561 return ASN_PARSE_E; 00562 00563 /* could have 0 */ 00564 b = input[(*inOutIdx)++]; 00565 if (b != 0) 00566 (*inOutIdx)--; 00567 00568 if (GetSequence(input, inOutIdx, &length) < 0) 00569 return ASN_PARSE_E; 00570 } 00571 #endif /* OPENSSL_EXTRA */ 00572 00573 if (GetInt(&key->n, input, inOutIdx) < 0 || 00574 GetInt(&key->e, input, inOutIdx) < 0 ) return ASN_RSA_KEY_E; 00575 00576 return 0; 00577 } 00578 00579 00580 #ifndef NO_DH 00581 00582 int DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) 00583 { 00584 word32 begin = *inOutIdx; 00585 int length; 00586 00587 if (GetSequence(input, inOutIdx, &length) < 0) 00588 return ASN_PARSE_E; 00589 00590 if ((word32)length > (inSz - (*inOutIdx - begin))) 00591 return ASN_INPUT_E; 00592 00593 if (GetInt(&key->p, input, inOutIdx) < 0 || 00594 GetInt(&key->g, input, inOutIdx) < 0 ) return ASN_DH_KEY_E; 00595 00596 return 0; 00597 } 00598 00599 int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz) 00600 { 00601 /* may have leading 0 */ 00602 if (p[0] == 0) { 00603 pSz--; p++; 00604 } 00605 00606 if (g[0] == 0) { 00607 gSz--; g++; 00608 } 00609 00610 mp_init(&key->p); 00611 if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) { 00612 mp_clear(&key->p); 00613 return ASN_DH_KEY_E; 00614 } 00615 00616 mp_init(&key->g); 00617 if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) { 00618 mp_clear(&key->p); 00619 return ASN_DH_KEY_E; 00620 } 00621 00622 return 0; 00623 } 00624 00625 00626 #endif /* NO_DH */ 00627 00628 00629 #ifndef NO_DSA 00630 00631 int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, 00632 word32 inSz) 00633 { 00634 word32 begin = *inOutIdx; 00635 int length; 00636 00637 if (GetSequence(input, inOutIdx, &length) < 0) 00638 return ASN_PARSE_E; 00639 00640 if ((word32)length > (inSz - (*inOutIdx - begin))) 00641 return ASN_INPUT_E; 00642 00643 if (GetInt(&key->p, input, inOutIdx) < 0 || 00644 GetInt(&key->q, input, inOutIdx) < 0 || 00645 GetInt(&key->g, input, inOutIdx) < 0 || 00646 GetInt(&key->y, input, inOutIdx) < 0 ) return ASN_DH_KEY_E; 00647 00648 key->type = DSA_PUBLIC; 00649 return 0; 00650 } 00651 00652 00653 int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, 00654 word32 inSz) 00655 { 00656 word32 begin = *inOutIdx; 00657 int length, version; 00658 00659 if (GetSequence(input, inOutIdx, &length) < 0) 00660 return ASN_PARSE_E; 00661 00662 if ((word32)length > (inSz - (*inOutIdx - begin))) 00663 return ASN_INPUT_E; 00664 00665 if (GetMyVersion(input, inOutIdx, &version) < 0) 00666 return ASN_PARSE_E; 00667 00668 if (GetInt(&key->p, input, inOutIdx) < 0 || 00669 GetInt(&key->q, input, inOutIdx) < 0 || 00670 GetInt(&key->g, input, inOutIdx) < 0 || 00671 GetInt(&key->y, input, inOutIdx) < 0 || 00672 GetInt(&key->x, input, inOutIdx) < 0 ) return ASN_DH_KEY_E; 00673 00674 key->type = DSA_PRIVATE; 00675 return 0; 00676 } 00677 00678 #endif /* NO_DSA */ 00679 00680 00681 void InitDecodedCert(DecodedCert* cert, byte* source, void* heap) 00682 { 00683 cert->publicKey = 0; 00684 cert->pubKeyStored = 0; 00685 cert->signature = 0; 00686 cert->subjectCN = 0; 00687 cert->subjectCNLen = 0; 00688 cert->source = source; /* don't own */ 00689 cert->srcIdx = 0; 00690 cert->heap = heap; 00691 #ifdef CYASSL_CERT_GEN 00692 cert->subjectSN = 0; 00693 cert->subjectSNLen = 0; 00694 cert->subjectC = 0; 00695 cert->subjectCLen = 0; 00696 cert->subjectL = 0; 00697 cert->subjectLLen = 0; 00698 cert->subjectST = 0; 00699 cert->subjectSTLen = 0; 00700 cert->subjectO = 0; 00701 cert->subjectOLen = 0; 00702 cert->subjectOU = 0; 00703 cert->subjectOULen = 0; 00704 cert->subjectEmail = 0; 00705 cert->subjectEmailLen = 0; 00706 #endif /* CYASSL_CERT_GEN */ 00707 } 00708 00709 00710 void FreeDecodedCert(DecodedCert* cert) 00711 { 00712 if (cert->subjectCNLen == 0) /* 0 means no longer pointer to raw, we own */ 00713 XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN); 00714 if (cert->pubKeyStored == 1) 00715 XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); 00716 } 00717 00718 00719 static int GetCertHeader(DecodedCert* cert, word32 inSz) 00720 { 00721 int ret = 0, version, len; 00722 word32 begin = cert->srcIdx; 00723 mp_int mpi; 00724 00725 if (GetSequence(cert->source, &cert->srcIdx, &len) < 0) 00726 return ASN_PARSE_E; 00727 00728 if ((word32)len > (inSz - (cert->srcIdx - begin))) return ASN_INPUT_E; 00729 00730 cert->certBegin = cert->srcIdx; 00731 00732 GetSequence(cert->source, &cert->srcIdx, &len); 00733 cert->sigIndex = len + cert->srcIdx; 00734 00735 if (GetExplicitVersion(cert->source, &cert->srcIdx, &version) < 0) 00736 return ASN_PARSE_E; 00737 00738 if (GetInt(&mpi, cert->source, &cert->srcIdx) < 0) 00739 ret = ASN_PARSE_E; 00740 00741 mp_clear(&mpi); 00742 return ret; 00743 } 00744 00745 00746 static int StoreKey(DecodedCert* cert) 00747 { 00748 int length; 00749 word32 read = cert->srcIdx; 00750 00751 if (cert->keyOID == NTRUk) 00752 return 0; /* already stored */ 00753 00754 if (GetSequence(cert->source, &cert->srcIdx, &length) < 0) 00755 return ASN_PARSE_E; 00756 00757 read = cert->srcIdx - read; 00758 length += read; 00759 00760 while (read--) 00761 cert->srcIdx--; 00762 00763 cert->pubKeySize = length; 00764 cert->publicKey = cert->source + cert->srcIdx; 00765 cert->srcIdx += length; 00766 00767 return 0; 00768 } 00769 00770 00771 static int GetKey(DecodedCert* cert) 00772 { 00773 int length; 00774 #ifdef HAVE_NTRU 00775 int tmpIdx = cert->srcIdx; 00776 #endif 00777 00778 if (GetSequence(cert->source, &cert->srcIdx, &length) < 0) 00779 return ASN_PARSE_E; 00780 00781 if (GetAlgoId(cert->source, &cert->srcIdx, &cert->keyOID) < 0) 00782 return ASN_PARSE_E; 00783 00784 if (cert->keyOID == RSAk) { 00785 byte b = cert->source[cert->srcIdx++]; 00786 if (b != ASN_BIT_STRING) 00787 return ASN_BITSTR_E; 00788 00789 if (GetLength(cert->source, &cert->srcIdx, &length) < 0) 00790 return ASN_PARSE_E; 00791 b = cert->source[cert->srcIdx++]; 00792 if (b != 0x00) 00793 return ASN_EXPECT_0_E; 00794 } 00795 else if (cert->keyOID == DSAk ) 00796 ; /* do nothing */ 00797 #ifdef HAVE_NTRU 00798 else if (cert->keyOID == NTRUk ) { 00799 const byte* key = &cert->source[tmpIdx]; 00800 byte* next = (byte*)key; 00801 word16 keyLen; 00802 byte keyBlob[MAX_NTRU_KEY_SZ]; 00803 00804 word32 rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, 00805 &keyLen, NULL, &next); 00806 00807 if (rc != NTRU_OK) 00808 return ASN_NTRU_KEY_E; 00809 if (keyLen > sizeof(keyBlob)) 00810 return ASN_NTRU_KEY_E; 00811 00812 rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, &keyLen, 00813 keyBlob, &next); 00814 if (rc != NTRU_OK) 00815 return ASN_NTRU_KEY_E; 00816 00817 if ( (next - key) < 0) 00818 return ASN_NTRU_KEY_E; 00819 00820 cert->srcIdx = tmpIdx + (next - key); 00821 00822 cert->publicKey = (byte*) XMALLOC(keyLen, cert->heap, 00823 DYNAMIC_TYPE_PUBLIC_KEY); 00824 if (cert->publicKey == NULL) 00825 return MEMORY_E; 00826 memcpy(cert->publicKey, keyBlob, keyLen); 00827 cert->pubKeyStored = 1; 00828 cert->pubKeySize = keyLen; 00829 } 00830 #endif 00831 else 00832 return ASN_UNKNOWN_OID_E; 00833 00834 return StoreKey(cert); 00835 } 00836 00837 00838 /* process NAME, either issuer or subject */ 00839 static int GetName(DecodedCert* cert, int nameType) 00840 { 00841 Sha sha; 00842 int length; /* length of all distinguished names */ 00843 int dummy; 00844 char* full = (nameType == ISSUER) ? cert->issuer : cert->subject; 00845 word32 idx = 0; 00846 00847 InitSha(&sha); 00848 00849 if (GetSequence(cert->source, &cert->srcIdx, &length) < 0) 00850 return ASN_PARSE_E; 00851 00852 length += cert->srcIdx; 00853 00854 while (cert->srcIdx < (word32)length) { 00855 byte b; 00856 byte joint[2]; 00857 int oidSz; 00858 00859 if (GetSet(cert->source, &cert->srcIdx, &dummy) < 0) 00860 return ASN_PARSE_E; 00861 00862 if (GetSequence(cert->source, &cert->srcIdx, &dummy) < 0) 00863 return ASN_PARSE_E; 00864 00865 b = cert->source[cert->srcIdx++]; 00866 if (b != ASN_OBJECT_ID) 00867 return ASN_OBJECT_ID_E; 00868 00869 if (GetLength(cert->source, &cert->srcIdx, &oidSz) < 0) 00870 return ASN_PARSE_E; 00871 00872 XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint)); 00873 00874 /* v1 name types */ 00875 if (joint[0] == 0x55 && joint[1] == 0x04) { 00876 byte id; 00877 byte copy = FALSE; 00878 int strLen; 00879 00880 cert->srcIdx += 2; 00881 id = cert->source[cert->srcIdx++]; 00882 b = cert->source[cert->srcIdx++]; /* strType */ 00883 00884 if (GetLength(cert->source, &cert->srcIdx, &strLen) < 0) 00885 return ASN_PARSE_E; 00886 00887 if (strLen > (int)(ASN_NAME_MAX - idx)) 00888 return ASN_PARSE_E; 00889 00890 if (4 > (ASN_NAME_MAX - idx)) /* make sure room for biggest */ 00891 return ASN_PARSE_E; /* pre fix header too "/CN=" */ 00892 00893 if (id == ASN_COMMON_NAME) { 00894 if (nameType == SUBJECT) { 00895 cert->subjectCN = (char *)&cert->source[cert->srcIdx]; 00896 cert->subjectCNLen = strLen; 00897 } 00898 00899 XMEMCPY(&full[idx], "/CN=", 4); 00900 idx += 4; 00901 copy = TRUE; 00902 } 00903 else if (id == ASN_SUR_NAME) { 00904 XMEMCPY(&full[idx], "/SN=", 4); 00905 idx += 4; 00906 copy = TRUE; 00907 #ifdef CYASSL_CERT_GEN 00908 if (nameType == SUBJECT) { 00909 cert->subjectSN = (char*)&cert->source[cert->srcIdx]; 00910 cert->subjectSNLen = strLen; 00911 } 00912 #endif /* CYASSL_CERT_GEN */ 00913 } 00914 else if (id == ASN_COUNTRY_NAME) { 00915 XMEMCPY(&full[idx], "/C=", 3); 00916 idx += 3; 00917 copy = TRUE; 00918 #ifdef CYASSL_CERT_GEN 00919 if (nameType == SUBJECT) { 00920 cert->subjectC = (char*)&cert->source[cert->srcIdx]; 00921 cert->subjectCLen = strLen; 00922 } 00923 #endif /* CYASSL_CERT_GEN */ 00924 } 00925 else if (id == ASN_LOCALITY_NAME) { 00926 XMEMCPY(&full[idx], "/L=", 3); 00927 idx += 3; 00928 copy = TRUE; 00929 #ifdef CYASSL_CERT_GEN 00930 if (nameType == SUBJECT) { 00931 cert->subjectL = (char*)&cert->source[cert->srcIdx]; 00932 cert->subjectLLen = strLen; 00933 } 00934 #endif /* CYASSL_CERT_GEN */ 00935 } 00936 else if (id == ASN_STATE_NAME) { 00937 XMEMCPY(&full[idx], "/ST=", 4); 00938 idx += 4; 00939 copy = TRUE; 00940 #ifdef CYASSL_CERT_GEN 00941 if (nameType == SUBJECT) { 00942 cert->subjectST = (char*)&cert->source[cert->srcIdx]; 00943 cert->subjectSTLen = strLen; 00944 } 00945 #endif /* CYASSL_CERT_GEN */ 00946 } 00947 else if (id == ASN_ORG_NAME) { 00948 XMEMCPY(&full[idx], "/O=", 3); 00949 idx += 3; 00950 copy = TRUE; 00951 #ifdef CYASSL_CERT_GEN 00952 if (nameType == SUBJECT) { 00953 cert->subjectO = (char*)&cert->source[cert->srcIdx]; 00954 cert->subjectOLen = strLen; 00955 } 00956 #endif /* CYASSL_CERT_GEN */ 00957 } 00958 else if (id == ASN_ORGUNIT_NAME) { 00959 XMEMCPY(&full[idx], "/OU=", 4); 00960 idx += 4; 00961 copy = TRUE; 00962 #ifdef CYASSL_CERT_GEN 00963 if (nameType == SUBJECT) { 00964 cert->subjectOU = (char*)&cert->source[cert->srcIdx]; 00965 cert->subjectOULen = strLen; 00966 } 00967 #endif /* CYASSL_CERT_GEN */ 00968 } 00969 00970 if (copy) { 00971 XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen); 00972 idx += strLen; 00973 } 00974 00975 ShaUpdate(&sha, &cert->source[cert->srcIdx], strLen); 00976 cert->srcIdx += strLen; 00977 } 00978 else { 00979 /* skip */ 00980 byte email = FALSE; 00981 int adv; 00982 00983 if (joint[0] == 0x2a && joint[1] == 0x86) /* email id hdr */ 00984 email = TRUE; 00985 00986 cert->srcIdx += oidSz + 1; 00987 00988 if (GetLength(cert->source, &cert->srcIdx, &adv) < 0) 00989 return ASN_PARSE_E; 00990 00991 if (adv > (int)(ASN_NAME_MAX - idx)) 00992 return ASN_PARSE_E; 00993 00994 if (email) { 00995 if (14 > (ASN_NAME_MAX - idx)) 00996 return ASN_PARSE_E; 00997 XMEMCPY(&full[idx], "/emailAddress=", 14); 00998 idx += 14; 00999 01000 #ifdef CYASSL_CERT_GEN 01001 if (nameType == SUBJECT) { 01002 cert->subjectEmail = (char*)&cert->source[cert->srcIdx]; 01003 cert->subjectEmailLen = adv; 01004 } 01005 #endif /* CYASSL_CERT_GEN */ 01006 01007 XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv); 01008 idx += adv; 01009 } 01010 01011 cert->srcIdx += adv; 01012 } 01013 } 01014 full[idx++] = 0; 01015 01016 if (nameType == ISSUER) 01017 ShaFinal(&sha, cert->issuerHash); 01018 else 01019 ShaFinal(&sha, cert->subjectHash); 01020 01021 return 0; 01022 } 01023 01024 01025 #ifndef NO_TIME_H 01026 01027 /* to the second */ 01028 static int DateGreaterThan(const struct tm* a, const struct tm* b) 01029 { 01030 if (a->tm_year > b->tm_year) 01031 return 1; 01032 01033 if (a->tm_year == b->tm_year && a->tm_mon > b->tm_mon) 01034 return 1; 01035 01036 if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && 01037 a->tm_mday > b->tm_mday) 01038 return 1; 01039 01040 if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && 01041 a->tm_mday == b->tm_mday && a->tm_hour > b->tm_hour) 01042 return 1; 01043 01044 if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && 01045 a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour && 01046 a->tm_min > b->tm_min) 01047 return 1; 01048 01049 if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && 01050 a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour && 01051 a->tm_min == b->tm_min && a->tm_sec > b->tm_sec) 01052 return 1; 01053 01054 return 0; /* false */ 01055 } 01056 01057 01058 static INLINE int DateLessThan(const struct tm* a, const struct tm* b) 01059 { 01060 return !DateGreaterThan(a,b); 01061 } 01062 01063 01064 /* like atoi but only use first byte */ 01065 /* Make sure before and after dates are valid */ 01066 static int ValidateDate(const byte* date, byte format, int dateType) 01067 { 01068 time_t ltime; 01069 struct tm certTime; 01070 struct tm* localTime; 01071 int i = 0; 01072 01073 ltime = XTIME(0); 01074 XMEMSET(&certTime, 0, sizeof(certTime)); 01075 01076 if (format == ASN_UTC_TIME) { 01077 if (btoi(date[0]) >= 5) 01078 certTime.tm_year = 1900; 01079 else 01080 certTime.tm_year = 2000; 01081 } 01082 else { /* format == GENERALIZED_TIME */ 01083 certTime.tm_year += btoi(date[i++]) * 1000; 01084 certTime.tm_year += btoi(date[i++]) * 100; 01085 } 01086 01087 GetTime(&certTime.tm_year, date, &i); certTime.tm_year -= 1900; /* adjust */ 01088 GetTime(&certTime.tm_mon, date, &i); certTime.tm_mon -= 1; /* adjust */ 01089 GetTime(&certTime.tm_mday, date, &i); 01090 GetTime(&certTime.tm_hour, date, &i); 01091 GetTime(&certTime.tm_min, date, &i); 01092 GetTime(&certTime.tm_sec, date, &i); 01093 01094 if (date[i] != 'Z') /* only Zulu supported for this profile */ 01095 return 0; 01096 01097 localTime = XGMTIME(<ime); 01098 01099 if (dateType == BEFORE) { 01100 if (DateLessThan(localTime, &certTime)) 01101 return 0; 01102 } 01103 else 01104 if (DateGreaterThan(localTime, &certTime)) 01105 return 0; 01106 01107 return 1; 01108 } 01109 01110 #endif /* NO_TIME_H */ 01111 01112 01113 static int GetDate(DecodedCert* cert, int dateType) 01114 { 01115 int length; 01116 byte date[MAX_DATE_SIZE]; 01117 byte b = cert->source[cert->srcIdx++]; 01118 01119 if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME) 01120 return ASN_TIME_E; 01121 01122 if (GetLength(cert->source, &cert->srcIdx, &length) < 0) 01123 return ASN_PARSE_E; 01124 01125 if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE) 01126 return ASN_DATE_SZ_E; 01127 01128 XMEMCPY(date, &cert->source[cert->srcIdx], length); 01129 cert->srcIdx += length; 01130 01131 if (!XVALIDATE_DATE(date, b, dateType)) { 01132 if (dateType == BEFORE) 01133 return ASN_BEFORE_DATE_E; 01134 else 01135 return ASN_AFTER_DATE_E; 01136 } 01137 01138 return 0; 01139 } 01140 01141 01142 static int GetValidity(DecodedCert* cert, int verify) 01143 { 01144 int length; 01145 int badDate = 0; 01146 01147 if (GetSequence(cert->source, &cert->srcIdx, &length) < 0) 01148 return ASN_PARSE_E; 01149 01150 if (GetDate(cert, BEFORE) < 0 && verify) 01151 badDate = ASN_BEFORE_DATE_E; /* continue parsing */ 01152 01153 if (GetDate(cert, AFTER) < 0 && verify) 01154 return ASN_AFTER_DATE_E; 01155 01156 if (badDate != 0) 01157 return badDate; 01158 01159 return 0; 01160 } 01161 01162 01163 static int DecodeToKey(DecodedCert* cert, word32 inSz, int verify) 01164 { 01165 int badDate = 0; 01166 int ret; 01167 01168 if ( (ret = GetCertHeader(cert, inSz)) < 0) 01169 return ret; 01170 01171 if ( (ret = GetAlgoId(cert->source, &cert->srcIdx,&cert->signatureOID)) < 0) 01172 return ret; 01173 01174 if ( (ret = GetName(cert, ISSUER)) < 0) 01175 return ret; 01176 01177 if ( (ret = GetValidity(cert, verify)) < 0) 01178 badDate = ret; 01179 01180 if ( (ret = GetName(cert, SUBJECT)) < 0) 01181 return ret; 01182 01183 if ( (ret = GetKey(cert)) < 0) 01184 return ret; 01185 01186 if (badDate != 0) 01187 return badDate; 01188 01189 return ret; 01190 } 01191 01192 01193 static int GetSignature(DecodedCert* cert) 01194 { 01195 int length; 01196 byte b = cert->source[cert->srcIdx++]; 01197 01198 if (b != ASN_BIT_STRING) 01199 return ASN_BITSTR_E; 01200 01201 if (GetLength(cert->source, &cert->srcIdx, &length) < 0) 01202 return ASN_PARSE_E; 01203 01204 cert->sigLength = length; 01205 01206 b = cert->source[cert->srcIdx++]; 01207 if (b != 0x00) 01208 return ASN_EXPECT_0_E; 01209 01210 cert->sigLength--; 01211 cert->signature = &cert->source[cert->srcIdx]; 01212 cert->srcIdx += cert->sigLength; 01213 01214 return 0; 01215 } 01216 01217 01218 static word32 SetDigest(const byte* digest, word32 digSz, byte* output) 01219 { 01220 output[0] = ASN_OCTET_STRING; 01221 output[1] = digSz; 01222 XMEMCPY(&output[2], digest, digSz); 01223 01224 return digSz + 2; 01225 } 01226 01227 01228 static word32 BytePrecision(word32 value) 01229 { 01230 word32 i; 01231 for (i = sizeof(value); i; --i) 01232 if (value >> (i - 1) * 8) 01233 break; 01234 01235 return i; 01236 } 01237 01238 01239 static word32 SetLength(word32 length, byte* output) 01240 { 01241 word32 i = 0, j; 01242 01243 if (length < ASN_LONG_LENGTH) 01244 output[i++] = length; 01245 else { 01246 output[i++] = BytePrecision(length) | ASN_LONG_LENGTH; 01247 01248 for (j = BytePrecision(length); j; --j) { 01249 output[i] = length >> (j - 1) * 8; 01250 i++; 01251 } 01252 } 01253 01254 return i; 01255 } 01256 01257 01258 static word32 SetSequence(word32 len, byte* output) 01259 { 01260 output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; 01261 return SetLength(len, output + 1) + 1; 01262 } 01263 01264 01265 static word32 SetAlgoID(int algoOID, byte* output, int type) 01266 { 01267 /* adding TAG_NULL and 0 to end */ 01268 01269 /* hashTypes */ 01270 static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a, 01271 0x05, 0x00 }; 01272 static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 01273 0x02, 0x05, 0x05, 0x00 }; 01274 static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 01275 0x02, 0x02, 0x05, 0x00}; 01276 01277 /* sigTypes */ 01278 static const byte md5wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 01279 0x01, 0x01, 0x04, 0x05, 0x00}; 01280 01281 /* keyTypes */ 01282 static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 01283 0x01, 0x01, 0x01, 0x05, 0x00}; 01284 01285 int algoSz = 0; 01286 word32 idSz, seqSz; 01287 const byte* algoName = 0; 01288 byte ID_Length[MAX_LENGTH_SZ]; 01289 byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ 01290 01291 if (type == hashType) { 01292 switch (algoOID) { 01293 case SHAh: 01294 algoSz = sizeof(shaAlgoID); 01295 algoName = shaAlgoID; 01296 break; 01297 01298 case MD2h: 01299 algoSz = sizeof(md2AlgoID); 01300 algoName = md2AlgoID; 01301 break; 01302 01303 case MD5h: 01304 algoSz = sizeof(md5AlgoID); 01305 algoName = md5AlgoID; 01306 break; 01307 01308 default: 01309 return 0; /* UNKOWN_HASH_E; */ 01310 } 01311 } 01312 else if (type == sigType) { /* sigType */ 01313 switch (algoOID) { 01314 case MD5wRSA: 01315 algoSz = sizeof(md5wRSA_AlgoID); 01316 algoName = md5wRSA_AlgoID; 01317 break; 01318 01319 default: 01320 return 0; /* UNKOWN_HASH_E; */ 01321 } 01322 } 01323 else if (type == keyType) { /* keyType */ 01324 switch (algoOID) { 01325 case RSAk: 01326 algoSz = sizeof(RSA_AlgoID); 01327 algoName = RSA_AlgoID; 01328 break; 01329 01330 default: 01331 return 0; /* UNKOWN_HASH_E; */ 01332 } 01333 } 01334 else 01335 return 0; /* UNKNOWN_TYPE */ 01336 01337 01338 idSz = SetLength(algoSz - 2, ID_Length); /* don't include TAG_NULL/0 */ 01339 seqSz = SetSequence(idSz + algoSz + 1, seqArray); 01340 seqArray[seqSz++] = ASN_OBJECT_ID; 01341 01342 XMEMCPY(output, seqArray, seqSz); 01343 XMEMCPY(output + seqSz, ID_Length, idSz); 01344 XMEMCPY(output + seqSz + idSz, algoName, algoSz); 01345 01346 return seqSz + idSz + algoSz; 01347 01348 } 01349 01350 01351 word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID) 01352 { 01353 byte digArray[MAX_ENCODED_DIG_SZ]; 01354 byte algoArray[MAX_ALGO_SZ]; 01355 byte seqArray[MAX_SEQ_SZ]; 01356 word32 encDigSz, algoSz, seqSz; 01357 01358 encDigSz = SetDigest(digest, digSz, digArray); 01359 algoSz = SetAlgoID(hashOID, algoArray, hashType); 01360 seqSz = SetSequence(encDigSz + algoSz, seqArray); 01361 01362 XMEMCPY(out, seqArray, seqSz); 01363 XMEMCPY(out + seqSz, algoArray, algoSz); 01364 XMEMCPY(out + seqSz + algoSz, digArray, encDigSz); 01365 01366 return encDigSz + algoSz + seqSz; 01367 } 01368 01369 01370 /* return true (1) for Confirmation */ 01371 static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, 01372 word32 keyOID) 01373 { 01374 byte digest[SHA_DIGEST_SIZE]; /* max size */ 01375 int hashType, digestSz, ret; 01376 01377 if (cert->signatureOID == MD5wRSA) { 01378 Md5 md5; 01379 InitMd5(&md5); 01380 Md5Update(&md5, cert->source + cert->certBegin, 01381 cert->sigIndex - cert->certBegin); 01382 Md5Final(&md5, digest); 01383 hashType = MD5h; 01384 digestSz = MD5_DIGEST_SIZE; 01385 } 01386 else if (cert->signatureOID == SHAwRSA || cert->signatureOID == SHAwDSA) { 01387 Sha sha; 01388 InitSha(&sha); 01389 ShaUpdate(&sha, cert->source + cert->certBegin, 01390 cert->sigIndex - cert->certBegin); 01391 ShaFinal(&sha, digest); 01392 hashType = SHAh; 01393 digestSz = SHA_DIGEST_SIZE; 01394 } 01395 else 01396 return 0; /* ASN_SIG_HASH_E; */ 01397 01398 if (keyOID == RSAk) { 01399 RsaKey pubKey; 01400 byte encodedSig[MAX_ENCODED_SIG_SZ]; 01401 byte plain[MAX_ENCODED_SIG_SZ]; 01402 word32 idx = 0; 01403 int sigSz, verifySz; 01404 byte* out; 01405 01406 if (cert->sigLength > MAX_ENCODED_SIG_SZ) 01407 return 0; /* the key is too big */ 01408 01409 InitRsaKey(&pubKey, cert->heap); 01410 if (RsaPublicKeyDecode(key, &idx, &pubKey, keySz) < 0) 01411 ret = 0; /* ASN_KEY_DECODE_E; */ 01412 01413 else { 01414 XMEMCPY(plain, cert->signature, cert->sigLength); 01415 if ( (verifySz = RsaSSL_VerifyInline(plain, cert->sigLength, &out, 01416 &pubKey)) < 0) 01417 ret = 0; /* ASN_VERIFY_E; */ 01418 else { 01419 /* make sure we're right justified */ 01420 sigSz = EncodeSignature(encodedSig, digest, digestSz, hashType); 01421 if (sigSz != verifySz || XMEMCMP(out, encodedSig, sigSz) != 0) 01422 ret = 0; /* ASN_VERIFY_MATCH_E; */ 01423 else 01424 ret = 1; /* match */ 01425 } 01426 } 01427 FreeRsaKey(&pubKey); 01428 return ret; 01429 } 01430 else 01431 return 0; /* ASN_SIG_KEY_E; */ 01432 } 01433 01434 01435 int ParseCert(DecodedCert* cert, word32 inSz, int type, int verify, 01436 Signer* signers) 01437 { 01438 int ret; 01439 char* ptr; 01440 01441 ret = ParseCertRelative(cert, inSz, type, verify, signers); 01442 if (ret < 0) 01443 return ret; 01444 01445 if (cert->subjectCNLen > 0) { 01446 ptr = (char*) XMALLOC(cert->subjectCNLen + 1, cert->heap, 01447 DYNAMIC_TYPE_SUBJECT_CN); 01448 if (ptr == NULL) 01449 return MEMORY_E; 01450 XMEMCPY(ptr, cert->subjectCN, cert->subjectCNLen); 01451 ptr[cert->subjectCNLen] = '\0'; 01452 cert->subjectCN = ptr; 01453 cert->subjectCNLen = 0; 01454 } 01455 01456 if (cert->keyOID == RSAk && cert->pubKeySize > 0) { 01457 ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap, 01458 DYNAMIC_TYPE_PUBLIC_KEY); 01459 if (ptr == NULL) 01460 return MEMORY_E; 01461 XMEMCPY(ptr, cert->publicKey, cert->pubKeySize); 01462 cert->publicKey = (byte *)ptr; 01463 cert->pubKeyStored = 1; 01464 } 01465 01466 return ret; 01467 } 01468 01469 01470 int ParseCertRelative(DecodedCert* cert, word32 inSz, int type, int verify, 01471 Signer* signers) 01472 { 01473 word32 confirmOID; 01474 int ret; 01475 int badDate = 0; 01476 int confirm = 0; 01477 01478 if ((ret = DecodeToKey(cert, inSz, verify)) < 0) { 01479 if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) 01480 badDate = ret; 01481 else 01482 return ret; 01483 } 01484 01485 if (cert->srcIdx != cert->sigIndex) 01486 cert->srcIdx = cert->sigIndex; 01487 01488 if ((ret = GetAlgoId(cert->source, &cert->srcIdx, &confirmOID)) < 0) 01489 return ret; 01490 01491 if ((ret = GetSignature(cert)) < 0) 01492 return ret; 01493 01494 if (confirmOID != cert->signatureOID) 01495 return ASN_SIG_OID_E; 01496 01497 if (verify && type != CA_TYPE) { 01498 while (signers) { 01499 if (XMEMCMP(cert->issuerHash, signers->hash, SHA_DIGEST_SIZE) 01500 == 0) { 01501 /* other confirm */ 01502 if (!ConfirmSignature(cert, signers->publicKey, 01503 signers->pubKeySize, signers->keyOID)) 01504 return ASN_SIG_CONFIRM_E; 01505 else { 01506 confirm = 1; 01507 break; 01508 } 01509 } 01510 signers = signers->next; 01511 } 01512 if (!confirm) 01513 return ASN_SIG_CONFIRM_E; 01514 } 01515 if (badDate != 0) 01516 return badDate; 01517 01518 return 0; 01519 } 01520 01521 01522 Signer* MakeSigner(void* heap) 01523 { 01524 Signer* signer = (Signer*) XMALLOC(sizeof(Signer), heap, 01525 DYNAMIC_TYPE_SIGNER); 01526 if (signer) { 01527 signer->name = 0; 01528 signer->publicKey = 0; 01529 signer->next = 0; 01530 } 01531 01532 return signer; 01533 } 01534 01535 01536 void FreeSigners(Signer* signer, void* heap) 01537 { 01538 Signer* next = signer; 01539 01540 while( (signer = next) ) { 01541 next = signer->next; 01542 XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN); 01543 XFREE(signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); 01544 XFREE(signer, heap, DYNAMIC_TYPE_SIGNER); 01545 } 01546 } 01547 01548 01549 void CTaoCryptErrorString(int error, char* buffer) 01550 { 01551 const int max = MAX_ERROR_SZ; /* shorthand */ 01552 01553 #ifdef NO_ERROR_STRINGS 01554 01555 XSTRNCPY(buffer, "no support for error strings built in", max); 01556 01557 #else 01558 01559 switch (error) { 01560 01561 case OPEN_RAN_E : 01562 XSTRNCPY(buffer, "opening random device error", max); 01563 break; 01564 01565 case READ_RAN_E : 01566 XSTRNCPY(buffer, "reading random device error", max); 01567 break; 01568 01569 case WINCRYPT_E : 01570 XSTRNCPY(buffer, "windows crypt init error", max); 01571 break; 01572 01573 case CRYPTGEN_E : 01574 XSTRNCPY(buffer, "windows crypt generation error", max); 01575 break; 01576 01577 case RAN_BLOCK_E : 01578 XSTRNCPY(buffer, "random device read would block error", max); 01579 break; 01580 01581 case MP_INIT_E : 01582 XSTRNCPY(buffer, "mp_init error state", max); 01583 break; 01584 01585 case MP_READ_E : 01586 XSTRNCPY(buffer, "mp_read error state", max); 01587 break; 01588 01589 case MP_EXPTMOD_E : 01590 XSTRNCPY(buffer, "mp_exptmod error state", max); 01591 break; 01592 01593 case MP_TO_E : 01594 XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max); 01595 break; 01596 01597 case MP_SUB_E : 01598 XSTRNCPY(buffer, "mp_sub error state, can't subtract", max); 01599 break; 01600 01601 case MP_ADD_E : 01602 XSTRNCPY(buffer, "mp_add error state, can't add", max); 01603 break; 01604 01605 case MP_MUL_E : 01606 XSTRNCPY(buffer, "mp_mul error state, can't multiply", max); 01607 break; 01608 01609 case MP_MULMOD_E : 01610 XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max); 01611 break; 01612 01613 case MP_MOD_E : 01614 XSTRNCPY(buffer, "mp_mod error state, can't mod", max); 01615 break; 01616 01617 case MP_INVMOD_E : 01618 XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max); 01619 break; 01620 01621 case MP_CMP_E : 01622 XSTRNCPY(buffer, "mp_cmp error state", max); 01623 break; 01624 01625 case MEMORY_E : 01626 XSTRNCPY(buffer, "out of memory error", max); 01627 break; 01628 01629 case RSA_WRONG_TYPE_E : 01630 XSTRNCPY(buffer, "RSA wrong block type for RSA function", max); 01631 break; 01632 01633 case RSA_BUFFER_E : 01634 XSTRNCPY(buffer, "RSA buffer error, output too small or input too big", 01635 max); 01636 break; 01637 01638 case BUFFER_E : 01639 XSTRNCPY(buffer, "Buffer error, output too small or input too big", max); 01640 break; 01641 01642 case ALGO_ID_E : 01643 XSTRNCPY(buffer, "Setting Cert AlogID error", max); 01644 break; 01645 01646 case PUBLIC_KEY_E : 01647 XSTRNCPY(buffer, "Setting Cert Public Key error", max); 01648 break; 01649 01650 case DATE_E : 01651 XSTRNCPY(buffer, "Setting Cert Date validity error", max); 01652 break; 01653 01654 case SUBJECT_E : 01655 XSTRNCPY(buffer, "Setting Cert Subject name error", max); 01656 break; 01657 01658 case ISSUER_E : 01659 XSTRNCPY(buffer, "Setting Cert Issuer name error", max); 01660 break; 01661 01662 case ASN_PARSE_E : 01663 XSTRNCPY(buffer, "ASN parsing error, invalid input", max); 01664 break; 01665 01666 case ASN_VERSION_E : 01667 XSTRNCPY(buffer, "ASN version error, invalid number", max); 01668 break; 01669 01670 case ASN_GETINT_E : 01671 XSTRNCPY(buffer, "ASN get big int error, invalid data", max); 01672 break; 01673 01674 case ASN_RSA_KEY_E : 01675 XSTRNCPY(buffer, "ASN key init error, invalid input", max); 01676 break; 01677 01678 case ASN_OBJECT_ID_E : 01679 XSTRNCPY(buffer, "ASN object id error, invalid id", max); 01680 break; 01681 01682 case ASN_TAG_NULL_E : 01683 XSTRNCPY(buffer, "ASN tag error, not null", max); 01684 break; 01685 01686 case ASN_EXPECT_0_E : 01687 XSTRNCPY(buffer, "ASN expect error, not zero", max); 01688 break; 01689 01690 case ASN_BITSTR_E : 01691 XSTRNCPY(buffer, "ASN bit string error, wrong id", max); 01692 break; 01693 01694 case ASN_UNKNOWN_OID_E : 01695 XSTRNCPY(buffer, "ASN oid error, unknown sum id", max); 01696 break; 01697 01698 case ASN_DATE_SZ_E : 01699 XSTRNCPY(buffer, "ASN date error, bad size", max); 01700 break; 01701 01702 case ASN_BEFORE_DATE_E : 01703 XSTRNCPY(buffer, "ASN date error, current date before", max); 01704 break; 01705 01706 case ASN_AFTER_DATE_E : 01707 XSTRNCPY(buffer, "ASN date error, current date after", max); 01708 break; 01709 01710 case ASN_SIG_OID_E : 01711 XSTRNCPY(buffer, "ASN signature error, mismatched oid", max); 01712 break; 01713 01714 case ASN_TIME_E : 01715 XSTRNCPY(buffer, "ASN time error, unkown time type", max); 01716 break; 01717 01718 case ASN_INPUT_E : 01719 XSTRNCPY(buffer, "ASN input error, not enough data", max); 01720 break; 01721 01722 case ASN_SIG_CONFIRM_E : 01723 XSTRNCPY(buffer, "ASN sig error, confirm failure", max); 01724 break; 01725 01726 case ASN_SIG_HASH_E : 01727 XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max); 01728 break; 01729 01730 case ASN_SIG_KEY_E : 01731 XSTRNCPY(buffer, "ASN sig error, unsupported key type", max); 01732 break; 01733 01734 case ASN_DH_KEY_E : 01735 XSTRNCPY(buffer, "ASN key init error, invalid input", max); 01736 break; 01737 01738 case ASN_NTRU_KEY_E : 01739 XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max); 01740 break; 01741 01742 default: 01743 XSTRNCPY(buffer, "unknown error number", max); 01744 01745 } 01746 01747 #endif /* NO_ERROR_STRINGS */ 01748 01749 } 01750 01751 01752 #if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) 01753 01754 static int SetMyVersion(word32 version, byte* output, int header) 01755 { 01756 int i = 0; 01757 01758 if (header) { 01759 output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; 01760 output[i++] = ASN_BIT_STRING; 01761 } 01762 output[i++] = ASN_INTEGER; 01763 output[i++] = 0x01; 01764 output[i++] = version; 01765 01766 return i; 01767 } 01768 01769 01770 int DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, 01771 int type) 01772 { 01773 char header[80]; 01774 char footer[80]; 01775 01776 int headerLen; 01777 int footerLen; 01778 int i; 01779 int outLen; /* return length or error */ 01780 01781 if (type == CERT_TYPE) { 01782 XSTRNCPY(header, "-----BEGIN CERTIFICATE-----\n", sizeof(header)); 01783 XSTRNCPY(footer, "-----END CERTIFICATE-----\n", sizeof(footer)); 01784 } else { 01785 XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----\n", sizeof(header)); 01786 XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----\n", sizeof(footer)); 01787 } 01788 01789 headerLen = XSTRLEN(header); 01790 footerLen = XSTRLEN(footer); 01791 01792 if (!der || !output) 01793 return -1; 01794 01795 /* don't even try if outSz too short */ 01796 if (outSz < headerLen + footerLen + derSz) 01797 return -1; 01798 01799 /* header */ 01800 XMEMCPY(output, header, headerLen); 01801 i = headerLen; 01802 01803 /* body */ 01804 outLen = outSz; /* input to Base64Encode */ 01805 if (Base64Encode(der, derSz, output + i, (word32*)&outLen) < 0) 01806 return -1; 01807 i += outLen; 01808 01809 /* footer */ 01810 if ( (i + footerLen) > (int)outSz) 01811 return -1; 01812 XMEMCPY(output + i, footer, footerLen); 01813 01814 return outLen + headerLen + footerLen; 01815 } 01816 01817 01818 #endif /* CYASSL_KEY_GEN || CYASSL_CERT_GEN */ 01819 01820 01821 #ifdef CYASSL_KEY_GEN 01822 01823 01824 static mp_int* GetRsaInt(RsaKey* key, int index) 01825 { 01826 if (index == 0) 01827 return &key->n; 01828 if (index == 1) 01829 return &key->e; 01830 if (index == 2) 01831 return &key->d; 01832 if (index == 3) 01833 return &key->p; 01834 if (index == 4) 01835 return &key->q; 01836 if (index == 5) 01837 return &key->dP; 01838 if (index == 6) 01839 return &key->dQ; 01840 if (index == 7) 01841 return &key->u; 01842 01843 return NULL; 01844 } 01845 01846 01847 /* Convert RsaKey key to DER format, write to output (inLen), return bytes 01848 written */ 01849 int RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) 01850 { 01851 word32 seqSz, verSz, rawLen, intTotalLen = 0; 01852 word32 sizes[RSA_INTS]; 01853 int i, j, outLen; 01854 01855 byte seq[MAX_SEQ_SZ]; 01856 byte ver[MAX_VERSION_SZ]; 01857 byte tmps[RSA_INTS][MAX_RSA_INT_SZ]; 01858 01859 if (!key || !output) 01860 return -1; 01861 01862 if (key->type != RSA_PRIVATE) 01863 return -1; 01864 01865 /* write all big ints from key to DER tmps */ 01866 for (i = 0; i < RSA_INTS; i++) { 01867 mp_int* keyInt = GetRsaInt(key, i); 01868 rawLen = mp_unsigned_bin_size(keyInt); 01869 01870 tmps[i][0] = ASN_INTEGER; 01871 sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1; /* int tag */ 01872 01873 if ( (sizes[i] + rawLen) < sizeof(tmps[i])) { 01874 int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); 01875 if (err == MP_OKAY) { 01876 sizes[i] += rawLen; 01877 intTotalLen += sizes[i]; 01878 } 01879 else 01880 return err; 01881 } 01882 else 01883 return -1; 01884 } 01885 01886 /* make headers */ 01887 verSz = SetMyVersion(0, ver, FALSE); 01888 seqSz = SetSequence(verSz + intTotalLen, seq); 01889 01890 outLen = seqSz + verSz + intTotalLen; 01891 if (outLen > (int)inLen) 01892 return -1; 01893 01894 /* write to output */ 01895 XMEMCPY(output, seq, seqSz); 01896 j = seqSz; 01897 XMEMCPY(output + j, ver, verSz); 01898 j += verSz; 01899 01900 for (i = 0; i < RSA_INTS; i++) { 01901 XMEMCPY(output + j, tmps[i], sizes[i]); 01902 j += sizes[i]; 01903 } 01904 01905 return outLen; 01906 } 01907 01908 #endif /* CYASSL_KEY_GEN */ 01909 01910 01911 #ifdef CYASSL_CERT_GEN 01912 01913 /* Initialize and Set Certficate defaults: 01914 version = 3 (0x2) 01915 serial = 0 01916 sigType = MD5_WITH_RSA 01917 issuer = blank 01918 daysValid = 500 01919 selfSigned = 1 (true) use subject as issuer 01920 subject = blank 01921 */ 01922 void InitCert(Cert* cert) 01923 { 01924 cert->version = 2; /* version 3 is hex 2 */ 01925 cert->sigType = MD5wRSA; 01926 cert->daysValid = 500; 01927 cert->selfSigned = 1; 01928 cert->bodySz = 0; 01929 cert->keyType = RSA_KEY; 01930 XMEMSET(cert->serial, 0, SERIAL_SIZE); 01931 01932 cert->issuer.country[0] = '\0'; 01933 cert->issuer.state[0] = '\0'; 01934 cert->issuer.locality[0] = '\0'; 01935 cert->issuer.sur[0] = '\0'; 01936 cert->issuer.org[0] = '\0'; 01937 cert->issuer.unit[0] = '\0'; 01938 cert->issuer.commonName[0] = '\0'; 01939 cert->issuer.email[0] = '\0'; 01940 01941 cert->subject.country[0] = '\0'; 01942 cert->subject.state[0] = '\0'; 01943 cert->subject.locality[0] = '\0'; 01944 cert->subject.sur[0] = '\0'; 01945 cert->subject.org[0] = '\0'; 01946 cert->subject.unit[0] = '\0'; 01947 cert->subject.commonName[0] = '\0'; 01948 cert->subject.email[0] = '\0'; 01949 } 01950 01951 01952 /* DER encoded x509 Certificate */ 01953 typedef struct DerCert { 01954 byte size[MAX_LENGTH_SZ]; /* length encoded */ 01955 byte version[MAX_VERSION_SZ]; /* version encoded */ 01956 byte serial[SERIAL_SIZE + MAX_LENGTH_SZ]; /* serial number encoded */ 01957 byte sigAlgo[MAX_ALGO_SZ]; /* signature algo encoded */ 01958 byte issuer[ASN_NAME_MAX]; /* issuer encoded */ 01959 byte subject[ASN_NAME_MAX]; /* subject encoded */ 01960 byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */ 01961 byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa / ntru public key encoded */ 01962 int sizeSz; /* encoded size length */ 01963 int versionSz; /* encoded version length */ 01964 int serialSz; /* encoded serial length */ 01965 int sigAlgoSz; /* enocded sig alog length */ 01966 int issuerSz; /* encoded issuer length */ 01967 int subjectSz; /* encoded subject length */ 01968 int validitySz; /* encoded validity length */ 01969 int publicKeySz; /* encoded public key length */ 01970 int total; /* total encoded lengths */ 01971 } DerCert; 01972 01973 01974 /* Write a set header to output */ 01975 static word32 SetSet(word32 len, byte* output) 01976 { 01977 output[0] = ASN_SET | ASN_CONSTRUCTED; 01978 return SetLength(len, output + 1) + 1; 01979 } 01980 01981 01982 /* Write a serial number to output */ 01983 static int SetSerial(const byte* serial, byte* output) 01984 { 01985 int length = 0; 01986 01987 output[length++] = ASN_INTEGER; 01988 length += SetLength(SERIAL_SIZE, &output[length]); 01989 XMEMCPY(&output[length], serial, SERIAL_SIZE); 01990 01991 return length + SERIAL_SIZE; 01992 } 01993 01994 01995 /* Write a public RSA key to output */ 01996 static int SetPublicKey(byte* output, RsaKey* key) 01997 { 01998 byte n[MAX_RSA_INT_SZ]; 01999 byte e[MAX_RSA_E_SZ]; 02000 byte algo[MAX_ALGO_SZ]; 02001 byte seq[MAX_SEQ_SZ]; 02002 byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */ 02003 int nSz; 02004 int eSz; 02005 int algoSz; 02006 int seqSz; 02007 int lenSz; 02008 int idx; 02009 int rawLen; 02010 02011 /* n */ 02012 rawLen = mp_unsigned_bin_size(&key->n); 02013 n[0] = ASN_INTEGER; 02014 nSz = SetLength(rawLen, n + 1) + 1; /* int tag */ 02015 02016 if ( (nSz + rawLen) < sizeof(n)) { 02017 int err = mp_to_unsigned_bin(&key->n, n + nSz); 02018 if (err == MP_OKAY) 02019 nSz += rawLen; 02020 else 02021 return MP_TO_E; 02022 } 02023 else 02024 return BUFFER_E; 02025 02026 /* e */ 02027 rawLen = mp_unsigned_bin_size(&key->e); 02028 e[0] = ASN_INTEGER; 02029 eSz = SetLength(rawLen, e + 1) + 1; /* int tag */ 02030 02031 if ( (eSz + rawLen) < sizeof(e)) { 02032 int err = mp_to_unsigned_bin(&key->e, e + eSz); 02033 if (err == MP_OKAY) 02034 eSz += rawLen; 02035 else 02036 return MP_TO_E; 02037 } 02038 else 02039 return BUFFER_E; 02040 02041 /* headers */ 02042 algoSz = SetAlgoID(RSAk, algo, keyType); 02043 seqSz = SetSequence(nSz + eSz, seq); 02044 lenSz = SetLength(seqSz + nSz + eSz + 1, len); 02045 len[lenSz++] = 0; /* trailing 0 */ 02046 02047 /* write */ 02048 idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output); 02049 /* 1 is for ASN_BIT_STRING */ 02050 /* algo */ 02051 XMEMCPY(output + idx, algo, algoSz); 02052 idx += algoSz; 02053 /* bit string */ 02054 output[idx++] = ASN_BIT_STRING; 02055 /* length */ 02056 XMEMCPY(output + idx, len, lenSz); 02057 idx += lenSz; 02058 /* seq */ 02059 XMEMCPY(output + idx, seq, seqSz); 02060 idx += seqSz; 02061 /* n */ 02062 XMEMCPY(output + idx, n, nSz); 02063 idx += nSz; 02064 /* e */ 02065 XMEMCPY(output + idx, e, eSz); 02066 idx += eSz; 02067 02068 return idx; 02069 } 02070 02071 02072 static INLINE byte itob(int number) 02073 { 02074 return (byte)number + 0x30; 02075 } 02076 02077 02078 /* write time to output, format */ 02079 static void SetTime(struct tm* date, byte* output) 02080 { 02081 int i = 0; 02082 02083 output[i++] = itob((date->tm_year % 10000) / 1000); 02084 output[i++] = itob((date->tm_year % 1000) / 100); 02085 output[i++] = itob((date->tm_year % 100) / 10); 02086 output[i++] = itob( date->tm_year % 10); 02087 02088 output[i++] = itob(date->tm_mon / 10); 02089 output[i++] = itob(date->tm_mon % 10); 02090 02091 output[i++] = itob(date->tm_mday / 10); 02092 output[i++] = itob(date->tm_mday % 10); 02093 02094 output[i++] = itob(date->tm_hour / 10); 02095 output[i++] = itob(date->tm_hour % 10); 02096 02097 output[i++] = itob(date->tm_min / 10); 02098 output[i++] = itob(date->tm_min % 10); 02099 02100 output[i++] = itob(date->tm_sec / 10); 02101 output[i++] = itob(date->tm_sec % 10); 02102 02103 output[i] = 'Z'; /* Zulu profiel */ 02104 } 02105 02106 02107 /* Set Date validity from now until now + daysValid */ 02108 static int SetValidity(byte* output, int daysValid) 02109 { 02110 byte before[MAX_DATE_SIZE]; 02111 byte after[MAX_DATE_SIZE]; 02112 02113 int beforeSz; 02114 int afterSz; 02115 int seqSz; 02116 02117 time_t ticks; 02118 struct tm* now; 02119 struct tm local; 02120 02121 ticks = XTIME(0); 02122 now = XGMTIME(&ticks); 02123 02124 /* before now */ 02125 local = *now; 02126 before[0] = ASN_GENERALIZED_TIME; 02127 beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */ 02128 02129 /* adjust */ 02130 local.tm_year += 1900; 02131 local.tm_mon += 1; 02132 02133 SetTime(&local, before + beforeSz); 02134 beforeSz += ASN_GEN_TIME_SZ; 02135 02136 /* after now + daysValid */ 02137 local = *now; 02138 after[0] = ASN_GENERALIZED_TIME; 02139 afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */ 02140 02141 /* add daysValid */ 02142 local.tm_mday += daysValid; 02143 mktime(&local); 02144 02145 /* adjust */ 02146 local.tm_year += 1900; 02147 local.tm_mon += 1; 02148 02149 SetTime(&local, after + afterSz); 02150 afterSz += ASN_GEN_TIME_SZ; 02151 02152 /* headers and output */ 02153 seqSz = SetSequence(beforeSz + afterSz, output); 02154 XMEMCPY(output + seqSz, before, beforeSz); 02155 XMEMCPY(output + seqSz + beforeSz, after, afterSz); 02156 02157 return seqSz + beforeSz + afterSz; 02158 } 02159 02160 02161 /* ASN Encoded Name field */ 02162 typedef struct EncodedName { 02163 int nameLen; /* actual string value length */ 02164 int totalLen; /* total encodeding length */ 02165 int type; /* type of name */ 02166 int used; /* are we actually using this one */ 02167 byte encoded[NAME_SIZE * 2]; /* encoding */ 02168 } EncodedName; 02169 02170 02171 /* Get Which Name from index */ 02172 static const char* GetOneName(CertName* name, int index) 02173 { 02174 switch (index) { 02175 case 0: 02176 return name->country; 02177 break; 02178 case 1: 02179 return name->state; 02180 break; 02181 case 2: 02182 return name->locality; 02183 break; 02184 case 3: 02185 return name->sur; 02186 break; 02187 case 4: 02188 return name->org; 02189 break; 02190 case 5: 02191 return name->unit; 02192 break; 02193 case 6: 02194 return name->commonName; 02195 break; 02196 case 7: 02197 return name->email; 02198 break; 02199 default: 02200 return 0; 02201 } 02202 02203 return 0; 02204 } 02205 02206 02207 /* Get ASN Name from index */ 02208 static byte GetNameId(int index) 02209 { 02210 switch (index) { 02211 case 0: 02212 return ASN_COUNTRY_NAME; 02213 break; 02214 case 1: 02215 return ASN_STATE_NAME; 02216 break; 02217 case 2: 02218 return ASN_LOCALITY_NAME; 02219 break; 02220 case 3: 02221 return ASN_SUR_NAME; 02222 break; 02223 case 4: 02224 return ASN_ORG_NAME; 02225 break; 02226 case 5: 02227 return ASN_ORGUNIT_NAME; 02228 break; 02229 case 6: 02230 return ASN_COMMON_NAME; 02231 break; 02232 case 7: 02233 /* email uses different id type */ 02234 return 0; 02235 break; 02236 default: 02237 return 0; 02238 } 02239 02240 return 0; 02241 } 02242 02243 02244 /* encode CertName into output, return total bytes written */ 02245 static int SetName(byte* output, CertName* name) 02246 { 02247 int totalBytes = 0, i, idx; 02248 EncodedName names[NAME_ENTRIES]; 02249 02250 for (i = 0; i < NAME_ENTRIES; i++) { 02251 const char* nameStr = GetOneName(name, i); 02252 if (nameStr) { 02253 /* bottom up */ 02254 byte firstLen[MAX_LENGTH_SZ]; 02255 byte secondLen[MAX_LENGTH_SZ]; 02256 byte sequence[MAX_SEQ_SZ]; 02257 byte set[MAX_SET_SZ]; 02258 02259 int email = i == (NAME_ENTRIES - 1) ? 1 : 0; 02260 int strLen = XSTRLEN(nameStr); 02261 int thisLen = strLen; 02262 int firstSz, secondSz, seqSz, setSz; 02263 02264 if (strLen == 0) { /* no user data for this item */ 02265 names[i].used = 0; 02266 continue; 02267 } 02268 02269 secondSz = SetLength(strLen, secondLen); 02270 thisLen += secondSz; 02271 if (email) { 02272 thisLen += EMAIL_JOINT_LEN; 02273 thisLen ++; /* id type */ 02274 firstSz = SetLength(EMAIL_JOINT_LEN, firstLen); 02275 } 02276 else { 02277 thisLen++; /* str type */ 02278 thisLen++; /* id type */ 02279 thisLen += JOINT_LEN; 02280 firstSz = SetLength(JOINT_LEN + 1, firstLen); 02281 } 02282 thisLen += firstSz; 02283 thisLen++; /* object id */ 02284 02285 seqSz = SetSequence(thisLen, sequence); 02286 thisLen += seqSz; 02287 setSz = SetSet(thisLen, set); 02288 thisLen += setSz; 02289 02290 if (thisLen > sizeof(names[i].encoded)) 02291 return BUFFER_E; 02292 02293 /* store it */ 02294 idx = 0; 02295 /* set */ 02296 XMEMCPY(names[i].encoded, set, setSz); 02297 idx += setSz; 02298 /* seq */ 02299 XMEMCPY(names[i].encoded + idx, sequence, seqSz); 02300 idx += seqSz; 02301 /* asn object id */ 02302 names[i].encoded[idx++] = ASN_OBJECT_ID; 02303 /* first length */ 02304 XMEMCPY(names[i].encoded + idx, firstLen, firstSz); 02305 idx += firstSz; 02306 if (email) { 02307 const byte EMAIL_OID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 02308 0x01, 0x09, 0x01, 0x16 }; 02309 /* email joint id */ 02310 XMEMCPY(names[i].encoded + idx, EMAIL_OID, sizeof(EMAIL_OID)); 02311 idx += sizeof(EMAIL_OID); 02312 } 02313 else { 02314 /* joint id */ 02315 names[i].encoded[idx++] = 0x55; 02316 names[i].encoded[idx++] = 0x04; 02317 /* id type */ 02318 names[i].encoded[idx++] = GetNameId(i); 02319 /* str type */ 02320 names[i].encoded[idx++] = 0x13; 02321 } 02322 /* second length */ 02323 XMEMCPY(names[i].encoded + idx, secondLen, secondSz); 02324 idx += secondSz; 02325 /* str value */ 02326 XMEMCPY(names[i].encoded + idx, nameStr, strLen); 02327 idx += strLen; 02328 02329 totalBytes += idx; 02330 names[i].totalLen = idx; 02331 names[i].used = 1; 02332 } 02333 else 02334 names[i].used = 0; 02335 } 02336 02337 /* header */ 02338 idx = SetSequence(totalBytes, output); 02339 totalBytes += idx; 02340 if (totalBytes > ASN_NAME_MAX) 02341 return BUFFER_E; 02342 02343 for (i = 0; i < NAME_ENTRIES; i++) { 02344 if (names[i].used) { 02345 XMEMCPY(output + idx, names[i].encoded, names[i].totalLen); 02346 idx += names[i].totalLen; 02347 } 02348 } 02349 return totalBytes; 02350 } 02351 02352 02353 /* encode info from cert into DER enocder format */ 02354 static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng, 02355 const byte* ntruKey, word16 ntruSz) 02356 { 02357 /* version */ 02358 der->versionSz = SetMyVersion(cert->version, der->version, TRUE); 02359 02360 /* serial number */ 02361 RNG_GenerateBlock(rng, cert->serial, SERIAL_SIZE); 02362 cert->serial[0] = 0x01; /* ensure positive */ 02363 der->serialSz = SetSerial(cert->serial, der->serial); 02364 02365 /* signature algo */ 02366 der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, sigType); 02367 if (der->sigAlgoSz == 0) 02368 return ALGO_ID_E; 02369 02370 /* public key */ 02371 if (cert->keyType == RSA_KEY) { 02372 der->publicKeySz = SetPublicKey(der->publicKey, rsaKey); 02373 if (der->publicKeySz == 0) 02374 return PUBLIC_KEY_E; 02375 } 02376 else { 02377 #ifdef HAVE_NTRU 02378 word32 rc; 02379 word16 encodedSz; 02380 02381 rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, 02382 ntruKey, &encodedSz, NULL); 02383 if (rc != NTRU_OK) 02384 return PUBLIC_KEY_E; 02385 if (encodedSz > MAX_PUBLIC_KEY_SZ) 02386 return PUBLIC_KEY_E; 02387 02388 rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, 02389 ntruKey, &encodedSz, der->publicKey); 02390 if (rc != NTRU_OK) 02391 return PUBLIC_KEY_E; 02392 02393 der->publicKeySz = encodedSz; 02394 #endif 02395 } 02396 02397 /* date validity */ 02398 der->validitySz = SetValidity(der->validity, cert->daysValid); 02399 if (der->validitySz == 0) 02400 return DATE_E; 02401 02402 /* subject name */ 02403 der->subjectSz = SetName(der->subject, &cert->subject); 02404 if (der->subjectSz == 0) 02405 return SUBJECT_E; 02406 02407 /* issuer name */ 02408 der->issuerSz = SetName(der->issuer, cert->selfSigned ? 02409 &cert->subject : &cert->issuer); 02410 if (der->issuerSz == 0) 02411 return ISSUER_E; 02412 02413 der->total = der->versionSz + der->serialSz + der->sigAlgoSz + 02414 der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz; 02415 02416 return 0; 02417 } 02418 02419 02420 /* write DER encoded cert to buffer, size already checked */ 02421 static int WriteCertBody(DerCert* der, byte* buffer) 02422 { 02423 int idx; 02424 02425 /* signed part header */ 02426 idx = SetSequence(der->total, buffer); 02427 /* version */ 02428 XMEMCPY(buffer + idx, der->version, der->versionSz); 02429 idx += der->versionSz; 02430 /* serial */ 02431 XMEMCPY(buffer + idx, der->serial, der->serialSz); 02432 idx += der->serialSz; 02433 /* sig algo */ 02434 XMEMCPY(buffer + idx, der->sigAlgo, der->sigAlgoSz); 02435 idx += der->sigAlgoSz; 02436 /* issuer */ 02437 XMEMCPY(buffer + idx, der->issuer, der->issuerSz); 02438 idx += der->issuerSz; 02439 /* validity */ 02440 XMEMCPY(buffer + idx, der->validity, der->validitySz); 02441 idx += der->validitySz; 02442 /* subject */ 02443 XMEMCPY(buffer + idx, der->subject, der->subjectSz); 02444 idx += der->subjectSz; 02445 /* public key */ 02446 XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz); 02447 idx += der->publicKeySz; 02448 02449 return idx; 02450 } 02451 02452 02453 /* Make MD5wRSA signature from buffer (sz), write to sig (sigSz) */ 02454 static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, 02455 RsaKey* key, RNG* rng) 02456 { 02457 byte digest[SHA_DIGEST_SIZE]; /* max size */ 02458 byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ]; 02459 int encSigSz, digestSz, hashType; 02460 Md5 md5; /* md5 for now */ 02461 02462 InitMd5(&md5); 02463 Md5Update(&md5, buffer, sz); 02464 Md5Final(&md5, digest); 02465 digestSz = MD5_DIGEST_SIZE; 02466 hashType = MD5h; 02467 02468 /* signature */ 02469 encSigSz = EncodeSignature(encSig, digest, digestSz, hashType); 02470 return RsaSSL_Sign(encSig, encSigSz, sig, sigSz, key, rng); 02471 } 02472 02473 02474 /* add signature to end of buffer, size of buffer assumed checked, return 02475 new length */ 02476 static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz) 02477 { 02478 byte seq[MAX_SEQ_SZ]; 02479 int idx = bodySz, seqSz; 02480 02481 /* algo */ 02482 idx += SetAlgoID(MD5wRSA, buffer + idx, sigType); 02483 /* bit string */ 02484 buffer[idx++] = ASN_BIT_STRING; 02485 /* length */ 02486 idx += SetLength(sigSz + 1, buffer + idx); 02487 buffer[idx++] = 0; /* trailing 0 */ 02488 /* signature */ 02489 XMEMCPY(buffer + idx, sig, sigSz); 02490 idx += sigSz; 02491 02492 /* make room for overall header */ 02493 seqSz = SetSequence(idx, seq); 02494 XMEMMOVE(buffer + seqSz, buffer, idx); 02495 XMEMCPY(buffer, seq, seqSz); 02496 02497 return idx + seqSz; 02498 } 02499 02500 02501 /* Make an x509 Certificate v3 any key type from cert input, write to buffer */ 02502 static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, 02503 RsaKey* rsaKey, RNG* rng, const byte* ntruKey, word16 ntruSz) 02504 { 02505 DerCert der; 02506 int ret; 02507 02508 cert->keyType = rsaKey ? RSA_KEY : NTRU_KEY; 02509 ret = EncodeCert(cert, &der, rsaKey, rng, ntruKey, ntruSz); 02510 if (ret != 0) 02511 return ret; 02512 02513 if (der.total + MAX_SEQ_SZ * 2 > (int)derSz) 02514 return BUFFER_E; 02515 02516 return cert->bodySz = WriteCertBody(&der, derBuffer); 02517 } 02518 02519 02520 /* Make an x509 Certificate v3 RSA from cert input, write to buffer */ 02521 int MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,RNG* rng) 02522 { 02523 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, rng, NULL, 0); 02524 } 02525 02526 02527 #ifdef HAVE_NTRU 02528 02529 int MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz, 02530 const byte* ntruKey, word16 keySz, RNG* rng) 02531 { 02532 return MakeAnyCert(cert, derBuffer, derSz, NULL, rng, ntruKey, keySz); 02533 } 02534 02535 #endif /* HAVE_NTRU */ 02536 02537 02538 int SignCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng) 02539 { 02540 byte sig[MAX_ENCODED_SIG_SZ]; 02541 int sigSz; 02542 int bodySz = cert->bodySz; 02543 02544 if (bodySz < 0) 02545 return bodySz; 02546 02547 sigSz = MakeSignature(buffer, bodySz, sig, sizeof(sig), key, rng); 02548 if (sigSz < 0) 02549 return sigSz; 02550 02551 if (bodySz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) 02552 return BUFFER_E; 02553 02554 return AddSignature(buffer, bodySz, sig, sigSz); 02555 } 02556 02557 02558 int MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng) 02559 { 02560 int ret = MakeCert(cert, buffer, buffSz, key, rng); 02561 02562 if (ret < 0) 02563 return ret; 02564 02565 return SignCert(cert, buffer, buffSz, key, rng); 02566 } 02567 02568 02569 /* forward from CyaSSL */ 02570 int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz); 02571 02572 #ifndef NO_FILESYSTEM 02573 02574 int SetIssuer(Cert* cert, const char* issuerCertFile) 02575 { 02576 DecodedCert decoded; 02577 byte der[8192]; 02578 int derSz = CyaSSL_PemCertToDer(issuerCertFile, der, sizeof(der)); 02579 int ret; 02580 int sz; 02581 02582 if (derSz < 0) 02583 return derSz; 02584 02585 cert->selfSigned = 0; 02586 02587 InitDecodedCert(&decoded, der, 0); 02588 ret = ParseCertRelative(&decoded, derSz, CA_TYPE, NO_VERIFY, 0); 02589 02590 if (ret < 0) 02591 return ret; 02592 02593 if (decoded.subjectCN) { 02594 sz = (decoded.subjectCNLen < NAME_SIZE) ? decoded.subjectCNLen : 02595 NAME_SIZE - 1; 02596 strncpy(cert->issuer.commonName, decoded.subjectCN, NAME_SIZE); 02597 cert->issuer.commonName[sz] = 0; 02598 } 02599 if (decoded.subjectC) { 02600 sz = (decoded.subjectCLen < NAME_SIZE) ? decoded.subjectCLen : 02601 NAME_SIZE - 1; 02602 strncpy(cert->issuer.country, decoded.subjectC, NAME_SIZE); 02603 cert->issuer.country[sz] = 0; 02604 } 02605 if (decoded.subjectST) { 02606 sz = (decoded.subjectSTLen < NAME_SIZE) ? decoded.subjectSTLen : 02607 NAME_SIZE - 1; 02608 strncpy(cert->issuer.state, decoded.subjectST, NAME_SIZE); 02609 cert->issuer.state[sz] = 0; 02610 } 02611 if (decoded.subjectL) { 02612 sz = (decoded.subjectLLen < NAME_SIZE) ? decoded.subjectLLen : 02613 NAME_SIZE - 1; 02614 strncpy(cert->issuer.locality, decoded.subjectL, NAME_SIZE); 02615 cert->issuer.locality[sz] = 0; 02616 } 02617 if (decoded.subjectO) { 02618 sz = (decoded.subjectOLen < NAME_SIZE) ? decoded.subjectOLen : 02619 NAME_SIZE - 1; 02620 strncpy(cert->issuer.org, decoded.subjectO, NAME_SIZE); 02621 cert->issuer.org[sz] = 0; 02622 } 02623 if (decoded.subjectOU) { 02624 sz = (decoded.subjectOULen < NAME_SIZE) ? decoded.subjectOULen : 02625 NAME_SIZE - 1; 02626 strncpy(cert->issuer.unit, decoded.subjectOU, NAME_SIZE); 02627 cert->issuer.unit[sz] = 0; 02628 } 02629 if (decoded.subjectSN) { 02630 sz = (decoded.subjectSNLen < NAME_SIZE) ? decoded.subjectSNLen : 02631 NAME_SIZE - 1; 02632 strncpy(cert->issuer.sur, decoded.subjectSN, NAME_SIZE); 02633 cert->issuer.sur[sz] = 0; 02634 } 02635 if (decoded.subjectEmail) { 02636 sz = (decoded.subjectEmailLen < NAME_SIZE) ? decoded.subjectEmailLen : 02637 NAME_SIZE - 1; 02638 strncpy(cert->issuer.email, decoded.subjectEmail, NAME_SIZE); 02639 cert->issuer.email[sz] = 0; 02640 } 02641 02642 FreeDecodedCert(&decoded); 02643 02644 return 0; 02645 } 02646 02647 #endif /* NO_FILESYSTEM */ 02648 #endif /* CYASSL_CERT_GEN */
Generated on Tue Jul 12 2022 18:43:19 by
1.7.2