2 * Copyright (c) 2007, Cameron Rich
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * Some primitive asn methods for extraction ASN.1 data.
41 #include "crypto_misc.h"
44 #define SIG_OID_PREFIX_SIZE 8
45 #define SIG_IIS6_OID_SIZE 5
46 #define SIG_SUBJECT_ALT_NAME_SIZE 3
48 /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
49 static const uint8_t sig_oid_prefix
[SIG_OID_PREFIX_SIZE
] =
51 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
54 static const uint8_t sig_sha1WithRSAEncrypt
[SIG_IIS6_OID_SIZE
] =
56 0x2b, 0x0e, 0x03, 0x02, 0x1d
59 static const uint8_t sig_subject_alt_name
[SIG_SUBJECT_ALT_NAME_SIZE
] =
65 static const uint8_t g_dn_types
[] = { 3, 10, 11 };
67 int get_asn1_length(const uint8_t *buf
, int *offset
)
71 if (!(buf
[*offset
] & 0x80)) /* short form */
73 len
= buf
[(*offset
)++];
77 int length_bytes
= buf
[(*offset
)++]&0x7f;
79 for (i
= 0; i
< length_bytes
; i
++)
82 len
+= buf
[(*offset
)++];
90 * Skip the ASN1.1 object type and its length. Get ready to read the object's
93 int asn1_next_obj(const uint8_t *buf
, int *offset
, int obj_type
)
95 if (buf
[*offset
] != obj_type
)
98 int tmp
= get_asn1_length(buf
, offset
);
103 * Skip over an ASN.1 object type completely. Get ready to read the next
106 int asn1_skip_obj(const uint8_t *buf
, int *offset
, int obj_type
)
109 if (buf
[*offset
] != obj_type
)
112 len
= get_asn1_length(buf
, offset
);
118 * Read an integer value for ASN.1 data
119 * Note: This function allocates memory which must be freed by the user.
121 int asn1_get_int(const uint8_t *buf
, int *offset
, uint8_t **object
)
125 if ((len
= asn1_next_obj(buf
, offset
, ASN1_INTEGER
)) < 0)
128 if (len
> 1 && buf
[*offset
] == 0x00) /* ignore the negative byte */
134 *object
= (uint8_t *)malloc(len
);
135 memcpy(*object
, &buf
[*offset
], len
);
143 * Get all the RSA private key specifics from an ASN.1 encoded file
145 int asn1_get_private_key(const uint8_t *buf
, int len
, RSA_CTX
**rsa_ctx
)
148 uint8_t *modulus
= NULL
, *priv_exp
= NULL
, *pub_exp
= NULL
;
149 int mod_len
, priv_len
, pub_len
;
150 #ifdef CONFIG_BIGINT_CRT
151 uint8_t *p
= NULL
, *q
= NULL
, *dP
= NULL
, *dQ
= NULL
, *qInv
= NULL
;
152 int p_len
, q_len
, dP_len
, dQ_len
, qInv_len
;
155 /* not in der format */
156 if (buf
[0] != ASN1_SEQUENCE
) /* basic sanity check */
158 #ifdef CONFIG_SSL_FULL_MODE
159 printf("Error: This is not a valid ASN.1 file\n");
161 return X509_INVALID_PRIV_KEY
;
164 /* Use the private key to mix up the RNG if possible. */
165 RNG_custom_init(buf
, len
);
167 mod_len
= asn1_get_int(buf
, &offset
, &modulus
);
168 pub_len
= asn1_get_int(buf
, &offset
, &pub_exp
);
169 priv_len
= asn1_get_int(buf
, &offset
, &priv_exp
);
171 if (mod_len
<= 0 || pub_len
<= 0 || priv_len
<= 0)
172 return X509_INVALID_PRIV_KEY
;
174 #ifdef CONFIG_BIGINT_CRT
175 p_len
= asn1_get_int(buf
, &offset
, &p
);
176 q_len
= asn1_get_int(buf
, &offset
, &q
);
177 dP_len
= asn1_get_int(buf
, &offset
, &dP
);
178 dQ_len
= asn1_get_int(buf
, &offset
, &dQ
);
179 qInv_len
= asn1_get_int(buf
, &offset
, &qInv
);
181 if (p_len
<= 0 || q_len
<= 0 || dP_len
<= 0 || dQ_len
<= 0 || qInv_len
<= 0)
182 return X509_INVALID_PRIV_KEY
;
184 RSA_priv_key_new(rsa_ctx
,
185 modulus
, mod_len
, pub_exp
, pub_len
, priv_exp
, priv_len
,
186 p
, p_len
, q
, p_len
, dP
, dP_len
, dQ
, dQ_len
, qInv
, qInv_len
);
194 RSA_priv_key_new(rsa_ctx
,
195 modulus
, mod_len
, pub_exp
, pub_len
, priv_exp
, priv_len
);
205 * Get the time of a certificate. Ignore hours/minutes/seconds.
207 static int asn1_get_utc_time(const uint8_t *buf
, int *offset
, time_t *t
)
209 int ret
= X509_NOT_OK
, len
, t_offset
;
212 if (buf
[(*offset
)++] != ASN1_UTC_TIME
)
215 len
= get_asn1_length(buf
, offset
);
218 memset(&tm
, 0, sizeof(struct tm
));
219 tm
.tm_year
= (buf
[t_offset
] - '0')*10 + (buf
[t_offset
+1] - '0');
221 if (tm
.tm_year
<= 50) /* 1951-2050 thing */
226 tm
.tm_mon
= (buf
[t_offset
+2] - '0')*10 + (buf
[t_offset
+3] - '0') - 1;
227 tm
.tm_mday
= (buf
[t_offset
+4] - '0')*10 + (buf
[t_offset
+5] - '0');
237 * Get the version type of a certificate (which we don't actually care about)
239 int asn1_version(const uint8_t *cert
, int *offset
, X509_CTX
*x509_ctx
)
241 int ret
= X509_NOT_OK
;
243 (*offset
) += 2; /* get past explicit tag */
244 if (asn1_skip_obj(cert
, offset
, ASN1_INTEGER
))
253 * Retrieve the notbefore and notafter certificate times.
255 int asn1_validity(const uint8_t *cert
, int *offset
, X509_CTX
*x509_ctx
)
257 return (asn1_next_obj(cert
, offset
, ASN1_SEQUENCE
) < 0 ||
258 asn1_get_utc_time(cert
, offset
, &x509_ctx
->not_before
) ||
259 asn1_get_utc_time(cert
, offset
, &x509_ctx
->not_after
));
263 * Get the components of a distinguished name
265 static int asn1_get_oid_x520(const uint8_t *buf
, int *offset
)
270 if ((len
= asn1_next_obj(buf
, offset
, ASN1_OID
)) < 0)
273 /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name
274 components we are interested in. */
275 if (len
== 3 && buf
[(*offset
)++] == 0x55 && buf
[(*offset
)++] == 0x04)
276 dn_type
= buf
[(*offset
)++];
279 *offset
+= len
; /* skip over it */
287 * Obtain an ASN.1 printable string type.
289 static int asn1_get_printable_str(const uint8_t *buf
, int *offset
, char **str
)
291 int len
= X509_NOT_OK
;
292 int asn1_type
= buf
[*offset
];
294 /* some certs have this awful crud in them for some reason */
295 if (asn1_type
!= ASN1_PRINTABLE_STR
&&
296 asn1_type
!= ASN1_PRINTABLE_STR2
&&
297 asn1_type
!= ASN1_TELETEX_STR
&&
298 asn1_type
!= ASN1_IA5_STR
&&
299 asn1_type
!= ASN1_UNICODE_STR
)
303 len
= get_asn1_length(buf
, offset
);
305 if (asn1_type
== ASN1_UNICODE_STR
)
308 *str
= (char *)malloc(len
/2+1); /* allow for null */
310 for (i
= 0; i
< len
; i
+= 2)
311 (*str
)[i
/2] = buf
[*offset
+ i
+ 1];
313 (*str
)[len
/2] = 0; /* null terminate */
317 *str
= (char *)malloc(len
+1); /* allow for null */
318 memcpy(*str
, &buf
[*offset
], len
);
319 (*str
)[len
] = 0; /* null terminate */
329 * Get the subject name (or the issuer) of a certificate.
331 int asn1_name(const uint8_t *cert
, int *offset
, char *dn
[])
333 int ret
= X509_NOT_OK
;
337 if (asn1_next_obj(cert
, offset
, ASN1_SEQUENCE
) < 0)
340 while (asn1_next_obj(cert
, offset
, ASN1_SET
) >= 0)
344 if (asn1_next_obj(cert
, offset
, ASN1_SEQUENCE
) < 0 ||
345 (dn_type
= asn1_get_oid_x520(cert
, offset
)) < 0)
350 if (asn1_get_printable_str(cert
, offset
, &tmp
) < 0)
356 /* find the distinguished named type */
357 for (i
= 0; i
< X509_NUM_DN_TYPES
; i
++)
359 if (dn_type
== g_dn_types
[i
])
370 if (found
== 0) /* not found so get rid of it */
382 * Read the modulus and public exponent of a certificate.
384 int asn1_public_key(const uint8_t *cert
, int *offset
, X509_CTX
*x509_ctx
)
386 int ret
= X509_NOT_OK
, mod_len
, pub_len
;
387 uint8_t *modulus
= NULL
, *pub_exp
= NULL
;
389 if (asn1_next_obj(cert
, offset
, ASN1_SEQUENCE
) < 0 ||
390 asn1_skip_obj(cert
, offset
, ASN1_SEQUENCE
) ||
391 asn1_next_obj(cert
, offset
, ASN1_BIT_STRING
) < 0)
394 (*offset
)++; /* ignore the padding bit field */
396 if (asn1_next_obj(cert
, offset
, ASN1_SEQUENCE
) < 0)
399 mod_len
= asn1_get_int(cert
, offset
, &modulus
);
400 pub_len
= asn1_get_int(cert
, offset
, &pub_exp
);
401 RSA_pub_key_new(&x509_ctx
->rsa_ctx
, modulus
, mod_len
, pub_exp
, pub_len
);
410 #ifdef CONFIG_SSL_CERT_VERIFICATION
412 * Read the signature of the certificate.
414 int asn1_signature(const uint8_t *cert
, int *offset
, X509_CTX
*x509_ctx
)
416 int ret
= X509_NOT_OK
;
418 if (cert
[(*offset
)++] != ASN1_BIT_STRING
)
421 x509_ctx
->sig_len
= get_asn1_length(cert
, offset
)-1;
422 (*offset
)++; /* ignore bit string padding bits */
423 x509_ctx
->signature
= (uint8_t *)malloc(x509_ctx
->sig_len
);
424 memcpy(x509_ctx
->signature
, &cert
[*offset
], x509_ctx
->sig_len
);
425 *offset
+= x509_ctx
->sig_len
;
433 * Compare 2 distinguished name components for equality
434 * @return 0 if a match
436 static int asn1_compare_dn_comp(const char *dn1
, const char *dn2
)
440 if (dn1
== NULL
&& dn2
== NULL
)
443 ret
= (dn1
&& dn2
) ? strcmp(dn1
, dn2
) : 1;
449 * Clean up all of the CA certificates.
451 void remove_ca_certs(CA_CERT_CTX
*ca_cert_ctx
)
455 if (ca_cert_ctx
== NULL
)
458 while (i
< CONFIG_X509_MAX_CA_CERTS
&& ca_cert_ctx
->cert
[i
])
460 x509_free(ca_cert_ctx
->cert
[i
]);
461 ca_cert_ctx
->cert
[i
++] = NULL
;
468 * Compare 2 distinguished names for equality
469 * @return 0 if a match
471 int asn1_compare_dn(char * const dn1
[], char * const dn2
[])
475 for (i
= 0; i
< X509_NUM_DN_TYPES
; i
++)
477 if (asn1_compare_dn_comp(dn1
[i
], dn2
[i
]))
481 return 0; /* all good */
484 int asn1_find_oid(const uint8_t* cert
, int* offset
,
485 const uint8_t* oid
, int oid_length
)
488 if ((seqlen
= asn1_next_obj(cert
, offset
, ASN1_SEQUENCE
))> 0)
490 int end
= *offset
+ seqlen
;
492 while (*offset
< end
)
494 int type
= cert
[(*offset
)++];
495 int length
= get_asn1_length(cert
, offset
);
496 int noffset
= *offset
+ length
;
498 if (type
== ASN1_SEQUENCE
)
500 type
= cert
[(*offset
)++];
501 length
= get_asn1_length(cert
, offset
);
503 if (type
== ASN1_OID
&& length
== oid_length
&&
504 memcmp(cert
+ *offset
, oid
, oid_length
) == 0)
506 *offset
+= oid_length
;
518 int asn1_find_subjectaltname(const uint8_t* cert
, int offset
)
520 if (asn1_find_oid(cert
, &offset
, sig_subject_alt_name
,
521 SIG_SUBJECT_ALT_NAME_SIZE
))
529 #endif /* CONFIG_SSL_CERT_VERIFICATION */
532 * Read the signature type of the certificate. We only support RSA-MD5 and
533 * RSA-SHA1 signature types.
535 int asn1_signature_type(const uint8_t *cert
,
536 int *offset
, X509_CTX
*x509_ctx
)
538 int ret
= X509_NOT_OK
, len
;
540 if (cert
[(*offset
)++] != ASN1_OID
)
543 len
= get_asn1_length(cert
, offset
);
545 if (len
== 5 && memcmp(sig_sha1WithRSAEncrypt
, &cert
[*offset
],
546 SIG_IIS6_OID_SIZE
) == 0)
548 x509_ctx
->sig_type
= SIG_TYPE_SHA1
;
552 if (memcmp(sig_oid_prefix
, &cert
[*offset
], SIG_OID_PREFIX_SIZE
))
553 goto end_check_sig
; /* unrecognised cert type */
555 x509_ctx
->sig_type
= cert
[*offset
+ SIG_OID_PREFIX_SIZE
];
559 asn1_skip_obj(cert
, offset
, ASN1_NULL
); /* if it's there */