blob: e3d9ff44bd3c934c12cf28c3f6ed628c278110df [file] [log] [blame]
<
/* asn.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifndef NO_ASN
#ifdef HAVE_RTP_SYS
#include "os.h" /* dc_rtc_api needs */
#include "dc_rtc_api.h" /* to get current time */
#endif
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/coding.h>
#include <wolfssl/wolfcrypt/md2.h>
#include <wolfssl/wolfcrypt/hmac.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/pwdbased.h>
#include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/random.h>
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h>
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#endif
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha256.h>
#endif
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
#ifdef WOLFSSL_DEBUG_ENCODING
#ifdef FREESCALE_MQX
#include <fio.h>
#else
#include <stdio.h>
#endif
#endif
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
#pragma warning(disable: 4996)
#endif
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#ifdef HAVE_RTP_SYS
/* uses parital <time.h> structures */
#define XTIME(tl) (0)
#define XGMTIME(c, t) my_gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#elif defined(MICRIUM)
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
#define XVALIDATE_DATE(d,f,t) NetSecure_ValidateDateHandler((d),(f),(t))
#else
#define XVALIDATE_DATE(d, f, t) (0)
#endif
#define NO_TIME_H
/* since Micrium not defining XTIME or XGMTIME, CERT_GEN not available */
#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
#include <time.h>
#define XTIME(t1) pic32_time((t1))
#define XGMTIME(c, t) gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#elif defined(FREESCALE_MQX)
#define XTIME(t1) mqx_time((t1))
#define XGMTIME(c, t) mqx_gmtime((c), (t))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#elif defined(WOLFSSL_MDK_ARM)
#if defined(WOLFSSL_MDK5)
#include "cmsis_os.h"
#else
#include <rtl.h>
#endif
#undef RNG
#include "wolfssl_MDK_ARM.h"
#undef RNG
#define RNG wolfSSL_RNG /*for avoiding name conflict in "stm32f2xx.h" */
#define XTIME(tl) (0)
#define XGMTIME(c, t) wolfssl_MDK_gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#elif defined(USER_TIME)
/* user time, and gmtime compatible functions, there is a gmtime
implementation here that WINCE uses, so really just need some ticks
since the EPOCH
*/
struct tm {
int tm_sec; /* seconds after the minute [0-60] */
int tm_min; /* minutes after the hour [0-59] */
int tm_hour; /* hours since midnight [0-23] */
int tm_mday; /* day of the month [1-31] */
int tm_mon; /* months since January [0-11] */
int tm_year; /* years since 1900 */
int tm_wday; /* days since Sunday [0-6] */
int tm_yday; /* days since January 1 [0-365] */
int tm_isdst; /* Daylight Savings Time flag */
long tm_gmtoff; /* offset from CUT in seconds */
char *tm_zone; /* timezone abbreviation */
};
typedef long time_t;
/* forward declaration */
struct tm* gmtime(const time_t* timer);
extern time_t XTIME(time_t * timer);
#define XGMTIME(c, t) gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#ifdef STACK_TRAP
/* for stack trap tracking, don't call os gmtime on OS X/linux,
uses a lot of stack spce */
extern time_t time(time_t * timer);
#define XTIME(tl) time((tl))
#endif /* STACK_TRAP */
#elif defined(TIME_OVERRIDES)
/* user would like to override time() and gmtime() functionality */
#ifndef HAVE_TIME_T_TYPE
typedef long time_t;
#endif
extern time_t XTIME(time_t * timer);
#ifndef HAVE_TM_TYPE
struct tm {
int tm_sec; /* seconds after the minute [0-60] */
int tm_min; /* minutes after the hour [0-59] */
int tm_hour; /* hours since midnight [0-23] */
int tm_mday; /* day of the month [1-31] */
int tm_mon; /* months since January [0-11] */
int tm_year; /* years since 1900 */
int tm_wday; /* days since Sunday [0-6] */
int tm_yday; /* days since January 1 [0-365] */
int tm_isdst; /* Daylight Savings Time flag */
long tm_gmtoff; /* offset from CUT in seconds */
char *tm_zone; /* timezone abbreviation */
};
#endif
extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp);
#ifndef HAVE_VALIDATE_DATE
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#endif
#else
/* default */
/* uses complete <time.h> facility */
#include <time.h>
#define XTIME(tl) time((tl))
#define XGMTIME(c, t) gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#endif
#ifdef _WIN32_WCE
/* no time() or gmtime() even though in time.h header?? */
#include <windows.h>
time_t time(time_t* timer)
{
SYSTEMTIME sysTime;
FILETIME fTime;
ULARGE_INTEGER intTime;
time_t localTime;
if (timer == NULL)
timer = &localTime;
GetSystemTime(&sysTime);
SystemTimeToFileTime(&sysTime, &fTime);
XMEMCPY(&intTime, &fTime, sizeof(FILETIME));
/* subtract EPOCH */
intTime.QuadPart -= 0x19db1ded53e8000;
/* to secs */
intTime.QuadPart /= 10000000;
*timer = (time_t)intTime.QuadPart;
return *timer;
}
#endif /* _WIN32_WCE */
#if defined( _WIN32_WCE ) || defined( USER_TIME )
struct tm* gmtime(const time_t* timer)
{
#define YEAR0 1900
#define EPOCH_YEAR 1970
#define SECS_DAY (24L * 60L * 60L)
#define LEAPYEAR(year) (!((year) % 4) && (((year) % 100) || !((year) %400)))
#define YEARSIZE(year) (LEAPYEAR(year) ? 366 : 365)
static const int _ytab[2][12] =
{
{31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
{31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}
};
static struct tm st_time;
struct tm* ret = &st_time;
time_t secs = *timer;
unsigned long dayclock, dayno;
int year = EPOCH_YEAR;
dayclock = (unsigned long)secs % SECS_DAY;
dayno = (unsigned long)secs / SECS_DAY;
ret->tm_sec = (int) dayclock % 60;
ret->tm_min = (int)(dayclock % 3600) / 60;
ret->tm_hour = (int) dayclock / 3600;
ret->tm_wday = (int) (dayno + 4) % 7; /* day 0 a Thursday */
while(dayno >= (unsigned long)YEARSIZE(year)) {
dayno -= YEARSIZE(year);
year++;
}
ret->tm_year = year - YEAR0;
ret->tm_yday = (int)dayno;
ret->tm_mon = 0;
while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) {
dayno -= _ytab[LEAPYEAR(year)][ret->tm_mon];
ret->tm_mon++;
}
ret->tm_mday = (int)++dayno;
ret->tm_isdst = 0;
return ret;
}
#endif /* _WIN32_WCE || USER_TIME */
#ifdef HAVE_RTP_SYS
#define YEAR0 1900
struct tm* my_gmtime(const time_t* timer) /* has a gmtime() but hangs */
{
static struct tm st_time;
struct tm* ret = &st_time;
DC_RTC_CALENDAR cal;
dc_rtc_time_get(&cal, TRUE);
ret->tm_year = cal.year - YEAR0; /* gm starts at 1900 */
ret->tm_mon = cal.month - 1; /* gm starts at 0 */
ret->tm_mday = cal.day;
ret->tm_hour = cal.hour;
ret->tm_min = cal.minute;
ret->tm_sec = cal.second;
return ret;
}
#endif /* HAVE_RTP_SYS */
#if defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
/*
* time() is just a stub in Microchip libraries. We need our own
* implementation. Use SNTP client to get seconds since epoch.
*/
time_t pic32_time(time_t* timer)
{
#ifdef MICROCHIP_TCPIP_V5
DWORD sec = 0;
#else
uint32_t sec = 0;
#endif
time_t localTime;
if (timer == NULL)
timer = &localTime;
#ifdef MICROCHIP_MPLAB_HARMONY
sec = TCPIP_SNTP_UTCSecondsGet();
#else
sec = SNTPGetUTCSeconds();
#endif
*timer = (time_t) sec;
return *timer;
}
#endif /* MICROCHIP_TCPIP */
#ifdef FREESCALE_MQX
time_t mqx_time(time_t* timer)
{
time_t localTime;
TIME_STRUCT time_s;
if (timer == NULL)
timer = &localTime;
_time_get(&time_s);
*timer = (time_t) time_s.SECONDS;
return *timer;
}
/* CodeWarrior GCC toolchain only has gmtime_r(), no gmtime() */
struct tm* mqx_gmtime(const time_t* clock, struct tm* tmpTime)
{
return gmtime_r(clock, tmpTime);
}
#endif /* FREESCALE_MQX */
#ifdef WOLFSSL_TIRTOS
time_t XTIME(time_t * timer)
{
time_t sec = 0;
sec = (time_t) Seconds_get();
if (timer != NULL)
*timer = sec;
return sec;
}
#endif /* WOLFSSL_TIRTOS */
static INLINE word32 btoi(byte b)
{
return b - 0x30;
}
/* two byte date/time, add to value */
static INLINE void GetTime(int* value, const byte* date, int* idx)
{
int i = *idx;
*value += btoi(date[i++]) * 10;
*value += btoi(date[i++]);
*idx = i;
}
#if defined(MICRIUM)
CPU_INT32S NetSecure_ValidateDateHandler(CPU_INT08U *date, CPU_INT08U format,
CPU_INT08U dateType)
{
CPU_BOOLEAN rtn_code;
CPU_INT32S i;
CPU_INT32S val;
CPU_INT16U year;
CPU_INT08U month;
CPU_INT16U day;
CPU_INT08U hour;
CPU_INT08U min;
CPU_INT08U sec;
i = 0;
year = 0u;
if (format == ASN_UTC_TIME) {
if (btoi(date[0]) >= 5)
year = 1900;
else
year = 2000;
}
else { /* format == GENERALIZED_TIME */
year += btoi(date[i++]) * 1000;
year += btoi(date[i++]) * 100;
}
val = year;
GetTime(&val, date, &i);
year = (CPU_INT16U)val;
val = 0;
GetTime(&val, date, &i);
month = (CPU_INT08U)val;
val = 0;
GetTime(&val, date, &i);
day = (CPU_INT16U)val;
val = 0;
GetTime(&val, date, &i);
hour = (CPU_INT08U)val;
val = 0;
GetTime(&val, date, &i);
min = (CPU_INT08U)val;
val = 0;
GetTime(&val, date, &i);
sec = (CPU_INT08U)val;
return NetSecure_ValidateDate(year, month, day, hour, min, sec, dateType);
}
#endif /* MICRIUM */
WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
int length = 0;
word32 i = *inOutIdx;
byte b;
*len = 0; /* default length */
if ( (i+1) > maxIdx) { /* for first read */
WOLFSSL_MSG("GetLength bad index on input");
return BUFFER_E;
}
b = input[i++];
if (b >= ASN_LONG_LENGTH) {
word32 bytes = b & 0x7F;
if ( (i+bytes) > maxIdx) { /* for reading bytes */
WOLFSSL_MSG("GetLength bad long length");
return BUFFER_E;
}
while (bytes--) {
b = input[i++];
length = (length << 8) | b;
}
}
else
length = b;
if ( (i+length) > maxIdx) { /* for user of length */
WOLFSSL_MSG("GetLength value exceeds buffer length");
return BUFFER_E;
}
*inOutIdx = i;
if (length > 0)
*len = length;
return length;
}
WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
int length = -1;
word32 idx = *inOutIdx;
if (input[idx++] != (ASN_SEQUENCE | ASN_CONSTRUCTED) ||
GetLength(input, &idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
*len = length;
*inOutIdx = idx;
return length;
}
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
int length = -1;
word32 idx = *inOutIdx;
if (input[idx++] != (ASN_SET | ASN_CONSTRUCTED) ||
GetLength(input, &idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
*len = length;
*inOutIdx = idx;
return length;
}
/* winodws header clash for WinCE using GetVersion */
WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, int* version)
{
word32 idx = *inOutIdx;
WOLFSSL_ENTER("GetMyVersion");
if (input[idx++] != ASN_INTEGER)
return ASN_PARSE_E;
if (input[idx++] != 0x01)
return ASN_VERSION_E;
*version = input[idx++];
*inOutIdx = idx;
return *version;
}
#ifndef NO_PWDBASED
/* Get small count integer, 32 bits or less */
static int GetShortInt(const byte* input, word32* inOutIdx, int* number)
{
word32 idx = *inOutIdx;
word32 len;
*number = 0;
if (input[idx++] != ASN_INTEGER)
return ASN_PARSE_E;
len = input[idx++];
if (len > 4)
return ASN_PARSE_E;
while (len--) {
*number = *number << 8 | input[idx++];
}
*inOutIdx = idx;
return *number;
}
#endif /* !NO_PWDBASED */
/* May not have one, not an error */
static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
{
word32 idx = *inOutIdx;
WOLFSSL_ENTER("GetExplicitVersion");
if (input[idx++] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) {
*inOutIdx = ++idx; /* eat header */
return GetMyVersion(input, inOutIdx, version);
}
/* go back as is */
*version = 0;
return 0;
}
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx)
{
word32 i = *inOutIdx;
byte b = input[i++];
int length;
if (b != ASN_INTEGER)
return ASN_PARSE_E;
if (GetLength(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E;
if ( (b = input[i++]) == 0x00)
length--;
else
i--;
if (mp_init(mpi) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(mpi, (byte*)input + i, length) != 0) {
mp_clear(mpi);
return ASN_GETINT_E;
}
*inOutIdx = i + length;
return 0;
}
static int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
word32 maxIdx)
{
int length;
word32 i = *inOutIdx;
byte b;
*oid = 0;
b = input[i++];
if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E;
if (GetLength(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E;
while(length--)
*oid += input[i++];
/* just sum it up for now */
*inOutIdx = i;
return 0;
}
WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
word32 maxIdx)
{
int length;
word32 i = *inOutIdx;
byte b;
*oid = 0;
WOLFSSL_ENTER("GetAlgoId");
if (GetSequence(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E;
b = input[i++];
if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E;
if (GetLength(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E;
while(length--) {
/* odd HC08 compiler behavior here when input[i++] */
*oid += input[i];
i++;
}
/* just sum it up for now */
/* could have NULL tag and 0 terminator, but may not */
b = input[i++];
if (b == ASN_TAG_NULL) {
b = input[i++];
if (b != 0)
return ASN_EXPECT_0_E;
}
else
/* go back, didn't have it */
i--;
*inOutIdx = i;
return 0;
}
#ifndef NO_RSA
#ifdef HAVE_CAVIUM
static int GetCaviumInt(byte** buff, word16* buffSz, const byte* input,
word32* inOutIdx, word32 maxIdx, void* heap)
{
word32 i = *inOutIdx;
byte b = input[i++];
int length;
if (b != ASN_INTEGER)
return ASN_PARSE_E;
if (GetLength(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E;
if ( (b = input[i++]) == 0x00)
length--;
else
i--;
*buffSz = (word16)length;
*buff = XMALLOC(*buffSz, heap, DYNAMIC_TYPE_CAVIUM_RSA);
if (*buff == NULL)
return MEMORY_E;
XMEMCPY(*buff, input + i, *buffSz);
*inOutIdx = i + length;
return 0;
}
static int CaviumRsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
RsaKey* key, word32 inSz)
{
int version, length;
void* h = key->heap;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
if (GetMyVersion(input, inOutIdx, &version) < 0)
return ASN_PARSE_E;
key->type = RSA_PRIVATE;
if (GetCaviumInt(&key->c_n, &key->c_nSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_e, &key->c_eSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_d, &key->c_dSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_p, &key->c_pSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_q, &key->c_qSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_dP, &key->c_dP_Sz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_dQ, &key->c_dQ_Sz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_u, &key->c_uSz, input, inOutIdx, inSz, h) < 0 )
return ASN_RSA_KEY_E;
return 0;
}
#endif /* HAVE_CAVIUM */
int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
word32 inSz)
{
int version, length;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return CaviumRsaPrivateKeyDecode(input, inOutIdx, key, inSz);
#endif
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
if (GetMyVersion(input, inOutIdx, &version) < 0)
return ASN_PARSE_E;
key->type = RSA_PRIVATE;
if (GetInt(&key->n, input, inOutIdx, inSz) < 0 ||
GetInt(&key->e, input, inOutIdx, inSz) < 0 ||
GetInt(&key->d, input, inOutIdx, inSz) < 0 ||
GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
GetInt(&key->dP, input, inOutIdx, inSz) < 0 ||
GetInt(&key->dQ, input, inOutIdx, inSz) < 0 ||
GetInt(&key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
return 0;
}
#endif /* NO_RSA */
/* Remove PKCS8 header, move beginning of traditional to beginning of input */
int ToTraditional(byte* input, word32 sz)
{
word32 inOutIdx = 0, oid;
int version, length;
if (GetSequence(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E;
if (GetMyVersion(input, &inOutIdx, &version) < 0)
return ASN_PARSE_E;
if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0)
return ASN_PARSE_E;
if (input[inOutIdx] == ASN_OBJECT_ID) {
/* pkcs8 ecc uses slightly different format */
inOutIdx++; /* past id */
if (GetLength(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E;
inOutIdx += length; /* over sub id, key input will verify */
}
if (input[inOutIdx++] != ASN_OCTET_STRING)
return ASN_PARSE_E;
if (GetLength(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E;
XMEMMOVE(input, input + inOutIdx, length);
return length;
}
#ifndef NO_PWDBASED
/* Check To see if PKCS version algo is supported, set id if it is return 0
< 0 on error */
static int CheckAlgo(int first, int second, int* id, int* version)
{
*id = ALGO_ID_E;
*version = PKCS5; /* default */
if (first == 1) {
switch (second) {
case 1:
*id = PBE_SHA1_RC4_128;
*version = PKCS12;
return 0;
case 3:
*id = PBE_SHA1_DES3;
*version = PKCS12;
return 0;
default:
return ALGO_ID_E;
}
}
if (first != PKCS5)
return ASN_INPUT_E; /* VERSION ERROR */
if (second == PBES2) {
*version = PKCS5v2;
return 0;
}
switch (second) {
case 3: /* see RFC 2898 for ids */
*id = PBE_MD5_DES;
return 0;
case 10:
*id = PBE_SHA1_DES;
return 0;
default:
return ALGO_ID_E;
}
}
/* Check To see if PKCS v2 algo is supported, set id if it is return 0
< 0 on error */
static int CheckAlgoV2(int oid, int* id)
{
switch (oid) {
case 69:
*id = PBE_SHA1_DES;
return 0;
case 652:
*id = PBE_SHA1_DES3;
return 0;
default:
return ALGO_ID_E;
}
}
/* Decrypt intput in place from parameters based on id */
static int DecryptKey(const char* password, int passwordSz, byte* salt,
int saltSz, int iterations, int id, byte* input,
int length, int version, byte* cbcIv)
{
int typeH;
int derivedLen;
int decryptionType;
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* key;
#else
byte key[MAX_KEY_SIZE];
#endif
switch (id) {
case PBE_MD5_DES:
typeH = MD5;
derivedLen = 16; /* may need iv for v1.5 */
decryptionType = DES_TYPE;
break;
case PBE_SHA1_DES:
typeH = SHA;
derivedLen = 16; /* may need iv for v1.5 */
decryptionType = DES_TYPE;
break;
case PBE_SHA1_DES3:
typeH = SHA;
derivedLen = 32; /* may need iv for v1.5 */
decryptionType = DES3_TYPE;
break;
case PBE_SHA1_RC4_128:
typeH = SHA;
derivedLen = 16;
decryptionType = RC4_TYPE;
break;
default:
return ALGO_ID_E;
}
#ifdef WOLFSSL_SMALL_STACK
key = (byte*)XMALLOC(MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
return MEMORY_E;
#endif
if (version == PKCS5v2)
ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations,
derivedLen, typeH);
#ifndef NO_SHA
else if (version == PKCS5)
ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations,
derivedLen, typeH);
#endif
else if (version == PKCS12) {
int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ];
if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return UNICODE_SIZE_E;
}
for (i = 0; i < passwordSz; i++) {
unicodePasswd[idx++] = 0x00;
unicodePasswd[idx++] = (byte)password[i];
}
/* add trailing NULL */
unicodePasswd[idx++] = 0x00;
unicodePasswd[idx++] = 0x00;
ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
iterations, derivedLen, typeH, 1);
if (decryptionType != RC4_TYPE)
ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz,
iterations, 8, typeH, 2);
}
else {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ALGO_ID_E;
}
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
switch (decryptionType) {
#ifndef NO_DES3
case DES_TYPE:
{
Des dec;
byte* desIv = key + 8;
if (version == PKCS5v2 || version == PKCS12)
desIv = cbcIv;
ret = wc_Des_SetKey(&dec, key, desIv, DES_DECRYPTION);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
wc_Des_CbcDecrypt(&dec, input, input, length);
break;
}
case DES3_TYPE:
{
Des3 dec;
byte* desIv = key + 24;
if (version == PKCS5v2 || version == PKCS12)
desIv = cbcIv;
ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Des3_CbcDecrypt(&dec, input, input, length);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
break;
}
#endif
#ifndef NO_RC4
case RC4_TYPE:
{
Arc4 dec;
wc_Arc4SetKey(&dec, key, derivedLen);
wc_Arc4Process(&dec, input, input, length);
break;
}
#endif
default:
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ALGO_ID_E;
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
/* Remove Encrypted PKCS8 header, move beginning of traditional to beginning
of input */
int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
{
word32 inOutIdx = 0, oid;
int first, second, length, version, saltSz, id;
int iterations = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* salt = NULL;
byte* cbcIv = NULL;
#else
byte salt[MAX_SALT_SIZE];
byte cbcIv[MAX_IV_SIZE];
#endif
if (GetSequence(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E;
if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0)
return ASN_PARSE_E;
first = input[inOutIdx - 2]; /* PKCS version alwyas 2nd to last byte */
second = input[inOutIdx - 1]; /* version.algo, algo id last byte */
if (CheckAlgo(first, second, &id, &version) < 0)
return ASN_INPUT_E; /* Algo ID error */
if (version == PKCS5v2) {
if (GetSequence(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E;
if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0)
return ASN_PARSE_E;
if (oid != PBKDF2_OID)
return ASN_PARSE_E;
}
if (GetSequence(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E;
if (input[inOutIdx++] != ASN_OCTET_STRING)
return ASN_PARSE_E;
if (GetLength(input, &inOutIdx, &saltSz, sz) < 0)
return ASN_PARSE_E;
if (saltSz > MAX_SALT_SIZE)
return ASN_PARSE_E;
#ifdef WOLFSSL_SMALL_STACK
salt = (byte*)XMALLOC(MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (salt == NULL)
return MEMORY_E;
#endif
XMEMCPY(salt, &input[inOutIdx], saltSz);
inOutIdx += saltSz;
if (GetShortInt(input, &inOutIdx, &iterations) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_PARSE_E;
}
#ifdef WOLFSSL_SMALL_STACK
cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (cbcIv == NULL) {
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
if (version == PKCS5v2) {
/* get encryption algo */
if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_PARSE_E;
}
if (CheckAlgoV2(oid, &id) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_PARSE_E; /* PKCS v2 algo id error */
}
if (input[inOutIdx++] != ASN_OCTET_STRING) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_PARSE_E;
}
if (GetLength(input, &inOutIdx, &length, sz) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_PARSE_E;
}
XMEMCPY(cbcIv, &input[inOutIdx], length);
inOutIdx += length;
}
if (input[inOutIdx++] != ASN_OCTET_STRING) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_PARSE_E;
}
if (GetLength(input, &inOutIdx, &length, sz) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_PARSE_E;
}
if (DecryptKey(password, passwordSz, salt, saltSz, iterations, id,
input + inOutIdx, length, version, cbcIv) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_INPUT_E; /* decrypt failure */
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XMEMMOVE(input, input + inOutIdx, length);
return ToTraditional(input, length);
}
#endif /* NO_PWDBASED */
#ifndef NO_RSA
int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
word32 inSz)
{
int length;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
key->type = RSA_PUBLIC;
#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
{
byte b = input[*inOutIdx];
if (b != ASN_INTEGER) {
/* not from decoded cert, will have algo id, skip past */
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
b = input[(*inOutIdx)++];
if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E;
if (GetLength(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
*inOutIdx += length; /* skip past */
/* could have NULL tag and 0 terminator, but may not */
b = input[(*inOutIdx)++];
if (b == ASN_TAG_NULL) {
b = input[(*inOutIdx)++];
if (b != 0)
return ASN_EXPECT_0_E;
}
else
/* go back, didn't have it */
(*inOutIdx)--;
/* should have bit tag length and seq next */
b = input[(*inOutIdx)++];
if (b != ASN_BIT_STRING)
return ASN_BITSTR_E;
if (GetLength(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
/* could have 0 */
b = input[(*inOutIdx)++];
if (b != 0)
(*inOutIdx)--;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
} /* end if */
} /* openssl var block */
#endif /* OPENSSL_EXTRA */
if (GetInt(&key->n, input, inOutIdx, inSz) < 0 ||
GetInt(&key->e, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
return 0;
}
/* import RSA public key elements (n, e) into RsaKey structure (key) */
int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
word32 eSz, RsaKey* key)
{
if (n == NULL || e == NULL || key == NULL)
return BAD_FUNC_ARG;
key->type = RSA_PUBLIC;
if (mp_init(&key->n) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) {
mp_clear(&key->n);
return ASN_GETINT_E;
}
if (mp_init(&key->e) != MP_OKAY) {
mp_clear(&key->n);
return MP_INIT_E;
}
if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) {
mp_clear(&key->n);
mp_clear(&key->e);
return ASN_GETINT_E;
}
return 0;
}
#endif
#ifndef NO_DH
int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz)
{
int length;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
GetInt(&key->g, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E;
return 0;
}
int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz,
byte* g, word32* gInOutSz)
{
word32 i = 0;
byte b;
int length;
if (GetSequence(input, &i, &length, inSz) < 0)
return ASN_PARSE_E;
b = input[i++];
if (b != ASN_INTEGER)
return ASN_PARSE_E;
if (GetLength(input, &i, &length, inSz) < 0)
return ASN_PARSE_E;
if ( (b = input[i++]) == 0x00)
length--;
else
i--;
if (length <= (int)*pInOutSz) {
XMEMCPY(p, &input[i], length);
*pInOutSz = length;
}
else
return BUFFER_E;
i += length;
b = input[i++];
if (b != ASN_INTEGER)
return ASN_PARSE_E;
if (GetLength(input, &i, &length, inSz) < 0)
return ASN_PARSE_E;
if (length <= (int)*gInOutSz) {
XMEMCPY(g, &input[i], length);
*gInOutSz = length;
}
else
return BUFFER_E;
return 0;
}
#endif /* NO_DH */
#ifndef NO_DSA
int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
word32 inSz)
{
int length;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
GetInt(&key->g, input, inOutIdx, inSz) < 0 ||
GetInt(&key->y, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E;
key->type = DSA_PUBLIC;
return 0;
}
int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
word32 inSz)
{
int length, version;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
if (GetMyVersion(input, inOutIdx, &version) < 0)
return ASN_PARSE_E;
if (GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
GetInt(&key->g, input, inOutIdx, inSz) < 0 ||
GetInt(&key->y, input, inOutIdx, inSz) < 0 ||
GetInt(&key->x, input, inOutIdx, inSz) < 0 ) return ASN_DH_KEY_E;
key->type = DSA_PRIVATE;
return 0;
}
#endif /* NO_DSA */
void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
{
cert->publicKey = 0;
cert->pubKeySize = 0;
cert->pubKeyStored = 0;
cert->version = 0;
cert->signature = 0;
cert->subjectCN = 0;
cert->subjectCNLen = 0;
cert->subjectCNEnc = CTC_UTF8;
cert->subjectCNStored = 0;
cert->weOwnAltNames = 0;
cert->altNames = NULL;
#ifndef IGNORE_NAME_CONSTRAINTS
cert->altEmailNames = NULL;
cert->permittedNames = NULL;
cert->excludedNames = NULL;
#endif /* IGNORE_NAME_CONSTRAINTS */
cert->issuer[0] = '\0';
cert->subject[0] = '\0';
cert->source = source; /* don't own */
cert->srcIdx = 0;
cert->maxIdx = inSz; /* can't go over this index */
cert->heap = heap;
XMEMSET(cert->serial, 0, EXTERNAL_SERIAL_SIZE);
cert->serialSz = 0;
cert->extensions = 0;
cert->extensionsSz = 0;
cert->extensionsIdx = 0;
cert->extAuthInfo = NULL;
cert->extAuthInfoSz = 0;
cert->extCrlInfo = NULL;
cert->extCrlInfoSz = 0;
XMEMSET(cert->extSubjKeyId, 0, KEYID_SIZE);
cert->extSubjKeyIdSet = 0;
XMEMSET(cert->extAuthKeyId, 0, KEYID_SIZE);
cert->extAuthKeyIdSet = 0;
cert->extKeyUsageSet = 0;
cert->extKeyUsage = 0;
cert->extExtKeyUsageSet = 0;
cert->extExtKeyUsage = 0;
cert->isCA = 0;
#ifdef HAVE_PKCS7
cert->issuerRaw = NULL;
cert->issuerRawLen = 0;
#endif
#ifdef WOLFSSL_CERT_GEN
cert->subjectSN = 0;
cert->subjectSNLen = 0;
cert->subjectSNEnc = CTC_UTF8;
cert->subjectC = 0;
cert->subjectCLen = 0;
cert->subjectCEnc = CTC_PRINTABLE;
cert->subjectL = 0;
cert->subjectLLen = 0;
cert->subjectLEnc = CTC_UTF8;
cert->subjectST = 0;
cert->subjectSTLen = 0;
cert->subjectSTEnc = CTC_UTF8;
cert->subjectO = 0;
cert->subjectOLen = 0;
cert->subjectOEnc = CTC_UTF8;
cert->subjectOU = 0;
cert->subjectOULen = 0;
cert->subjectOUEnc = CTC_UTF8;
cert->subjectEmail = 0;
cert->subjectEmailLen = 0;
#endif /* WOLFSSL_CERT_GEN */
cert->beforeDate = NULL;
cert->beforeDateLen = 0;
cert->afterDate = NULL;
cert->afterDateLen = 0;
#ifdef OPENSSL_EXTRA
XMEMSET(&cert->issuerName, 0, sizeof(DecodedName));
XMEMSET(&cert->subjectName, 0, sizeof(DecodedName));
cert->extBasicConstSet = 0;
cert->extBasicConstCrit = 0;
cert->extBasicConstPlSet = 0;
cert->pathLength = 0;
cert->extSubjAltNameSet = 0;
cert->extSubjAltNameCrit = 0;
cert->extAuthKeyIdCrit = 0;
cert->extSubjKeyIdCrit = 0;
cert->extKeyUsageCrit = 0;
cert->extExtKeyUsageCrit = 0;
cert->extExtKeyUsageSrc = NULL;
cert->extExtKeyUsageSz = 0;
cert->extExtKeyUsageCount = 0;
cert->extAuthKeyIdSrc = NULL;
cert->extAuthKeyIdSz = 0;
cert->extSubjKeyIdSrc = NULL;
cert->extSubjKeyIdSz = 0;
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || !defined(IGNORE_NAME_CONSTRAINTS)
cert->extNameConstraintSet = 0;
#endif /* OPENSSL_EXTRA || !IGNORE_NAME_CONSTRAINTS */
#ifdef HAVE_ECC
cert->pkCurveOID = 0;
#endif /* HAVE_ECC */
#ifdef WOLFSSL_SEP
cert->deviceTypeSz = 0;
cert->deviceType = NULL;
cert->hwTypeSz = 0;
cert->hwType = NULL;
cert->hwSerialNumSz = 0;
cert->hwSerialNum = NULL;
#ifdef OPENSSL_EXTRA
cert->extCertPolicySet = 0;
cert->extCertPolicyCrit = 0;
#endif /* OPENSSL_EXTRA */
#endif /* WOLFSSL_SEP */
}
void FreeAltNames(DNS_entry* altNames, void* heap)
{
(void)heap;
while (altNames) {
DNS_entry* tmp = altNames->next;
XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME);
altNames = tmp;
}
}
#ifndef IGNORE_NAME_CONSTRAINTS
void FreeNameSubtrees(Base_entry* names, void* heap)
{
(void)heap;
while (names) {
Base_entry* tmp = names->next;
XFREE(names->name, heap, DYNAMIC_TYPE_ALTNAME);
XFREE(names, heap, DYNAMIC_TYPE_ALTNAME);
names = tmp;
}
}
#endif /* IGNORE_NAME_CONSTRAINTS */
void FreeDecodedCert(DecodedCert* cert)
{
if (cert->subjectCNStored == 1)
XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
if (cert->pubKeyStored == 1)
XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->weOwnAltNames && cert->altNames)
FreeAltNames(cert->altNames, cert->heap);
#ifndef IGNORE_NAME_CONSTRAINTS
if (cert->altEmailNames)
FreeAltNames(cert->altEmailNames, cert->heap);
if (cert->permittedNames)
FreeNameSubtrees(cert->permittedNames, cert->heap);
if (cert->excludedNames)
FreeNameSubtrees(cert->excludedNames, cert->heap);
#endif /* IGNORE_NAME_CONSTRAINTS */
#ifdef WOLFSSL_SEP
XFREE(cert->deviceType, cert->heap, 0);
XFREE(cert->hwType, cert->heap, 0);
XFREE(cert->hwSerialNum, cert->heap, 0);
#endif /* WOLFSSL_SEP */
#ifdef OPENSSL_EXTRA
if (cert->issuerName.fullName != NULL)
XFREE(cert->issuerName.fullName, NULL, DYNAMIC_TYPE_X509);
if (cert->subjectName.fullName != NULL)
XFREE(cert->subjectName.fullName, NULL, DYNAMIC_TYPE_X509);
#endif /* OPENSSL_EXTRA */
}
static int GetCertHeader(DecodedCert* cert)
{
int ret = 0, len;
byte serialTmp[EXTERNAL_SERIAL_SIZE];
#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH)
mp_int* mpi = NULL;
#else
mp_int stack_mpi;
mp_int* mpi = &stack_mpi;
#endif
if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0)
return ASN_PARSE_E;
cert->certBegin = cert->srcIdx;
if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0)
return ASN_PARSE_E;
cert->sigIndex = len + cert->srcIdx;
if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version) < 0)
return ASN_PARSE_E;
#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH)
mpi = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (mpi == NULL)
return MEMORY_E;
#endif
if (GetInt(mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0) {
#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH)
XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_PARSE_E;
}
len = mp_unsigned_bin_size(mpi);
if (len < (int)sizeof(serialTmp)) {
if ( (ret = mp_to_unsigned_bin(mpi, serialTmp)) == MP_OKAY) {
XMEMCPY(cert->serial, serialTmp, len);
cert->serialSz = len;
}
}
mp_clear(mpi);
#if defined(WOLFSSL_SMALL_STACK) && defined(USE_FAST_MATH)
XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#if !defined(NO_RSA)
/* Store Rsa Key, may save later, Dsa could use in future */
static int StoreRsaKey(DecodedCert* cert)
{
int length;
word32 recvd = cert->srcIdx;
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
recvd = cert->srcIdx - recvd;
length += recvd;
while (recvd--)
cert->srcIdx--;
cert->pubKeySize = length;
cert->publicKey = cert->source + cert->srcIdx;
cert->srcIdx += length;
return 0;
}
#endif
#ifdef HAVE_ECC
/* return 0 on sucess if the ECC curve oid sum is supported */
static int CheckCurve(word32 oid)
{
int ret = 0;
switch (oid) {
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
case ECC_160R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
case ECC_192R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
case ECC_224R1:
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case ECC_256R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
case ECC_384R1:
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
case ECC_521R1:
#endif
break;
default:
ret = ALGO_ID_E;
}
return ret;
}
#endif /* HAVE_ECC */
static int GetKey(DecodedCert* cert)
{
int length;
#ifdef HAVE_NTRU
int tmpIdx = cert->srcIdx;
#endif
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
if (GetAlgoId(cert->source, &cert->srcIdx, &cert->keyOID, cert->maxIdx) < 0)
return ASN_PARSE_E;
switch (cert->keyOID) {
#ifndef NO_RSA
case RSAk:
{
byte b = cert->source[cert->srcIdx++];
if (b != ASN_BIT_STRING)
return ASN_BITSTR_E;
if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0)
return ASN_PARSE_E;
b = cert->source[cert->srcIdx++];
if (b != 0x00)
return ASN_EXPECT_0_E;
return StoreRsaKey(cert);
}
#endif /* NO_RSA */
#ifdef HAVE_NTRU
case NTRUk:
{
const byte* key = &cert->source[tmpIdx];
byte* next = (byte*)key;
word16 keyLen;
word32 rc;
word32 remaining = cert->maxIdx - cert->srcIdx;
#ifdef WOLFSSL_SMALL_STACK
byte* keyBlob = NULL;
#else
byte keyBlob[MAX_NTRU_KEY_SZ];
#endif
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,
&keyLen, NULL, &next, &remaining);
if (rc != NTRU_OK)
return ASN_NTRU_KEY_E;
if (keyLen > MAX_NTRU_KEY_SZ)
return ASN_NTRU_KEY_E;
#ifdef WOLFSSL_SMALL_STACK
keyBlob = (byte*)XMALLOC(MAX_NTRU_KEY_SZ, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (keyBlob == NULL)
return MEMORY_E;
#endif
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,
&keyLen, keyBlob, &next, &remaining);
if (rc != NTRU_OK) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_NTRU_KEY_E;
}
if ( (next - key) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_NTRU_KEY_E;
}
cert->srcIdx = tmpIdx + (int)(next - key);
cert->publicKey = (byte*) XMALLOC(keyLen, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->publicKey == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}
XMEMCPY(cert->publicKey, keyBlob, keyLen);
cert->pubKeyStored = 1;
cert->pubKeySize = keyLen;
#ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
#endif /* HAVE_NTRU */
#ifdef HAVE_ECC
case ECDSAk:
{
int oidSz = 0;
byte b = cert->source[cert->srcIdx++];
if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E;
if (GetLength(cert->source,&cert->srcIdx,&oidSz,cert->maxIdx) < 0)
return ASN_PARSE_E;
while(oidSz--)
cert->pkCurveOID += cert->source[cert->srcIdx++];
if (CheckCurve(cert->pkCurveOID) < 0)
return ECC_CURVE_OID_E;
/* key header */
b = cert->source[cert->srcIdx++];
if (b != ASN_BIT_STRING)
return ASN_BITSTR_E;
if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0)
return ASN_PARSE_E;
b = cert->source[cert->srcIdx++];
if (b != 0x00)
return ASN_EXPECT_0_E;
/* actual key, use length - 1 since ate preceding 0 */
length -= 1;
cert->publicKey = (byte*) XMALLOC(length, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->publicKey == NULL)
return MEMORY_E;
XMEMCPY(cert->publicKey, &cert->source[cert->srcIdx], length);
cert->pubKeyStored = 1;
cert->pubKeySize = length;
cert->srcIdx += length;
return 0;
}
#endif /* HAVE_ECC */
default:
return ASN_UNKNOWN_OID_E;
}
}
/* process NAME, either issuer or subject */
static int GetName(DecodedCert* cert, int nameType)
{
int length; /* length of all distinguished names */
int dummy;
int ret;
char* full;
byte* hash;
word32 idx;
#ifdef OPENSSL_EXTRA
DecodedName* dName =
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
#endif /* OPENSSL_EXTRA */
WOLFSSL_MSG("Getting Cert Name");
if (nameType == ISSUER) {
full = cert->issuer;
hash = cert->issuerHash;
}
else {
full = cert->subject;
hash = cert->subjectHash;
}
if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) {
WOLFSSL_MSG("Trying optional prefix...");
if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
cert->srcIdx += length;
WOLFSSL_MSG("Got optional prefix");
}
/* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be
* calculated over the entire DER encoding of the Name field, including
* the tag and length. */
idx = cert->srcIdx;
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
#ifdef NO_SHA
ret = wc_Sha256Hash(&cert->source[idx], length + cert->srcIdx - idx, hash);
#else
ret = wc_ShaHash(&cert->source[idx], length + cert->srcIdx - idx, hash);
#endif
if (ret != 0)
return ret;
length += cert->srcIdx;
idx = 0;
#ifdef HAVE_PKCS7
/* store pointer to raw issuer */
if (nameType == ISSUER) {
cert->issuerRaw = &cert->source[cert->srcIdx];
cert->issuerRawLen = length - cert->srcIdx;
}
#endif
#ifndef IGNORE_NAME_CONSTRAINTS
if (nameType == SUBJECT) {
cert->subjectRaw = &cert->source[cert->srcIdx];
cert->subjectRawLen = length - cert->srcIdx;
}
#endif
while (cert->srcIdx < (word32)length) {
byte b;
byte joint[2];
byte tooBig = FALSE;
int oidSz;
if (GetSet(cert->source, &cert->srcIdx, &dummy, cert->maxIdx) < 0) {
WOLFSSL_MSG("Cert name lacks set header, trying sequence");
}
if (GetSequence(cert->source, &cert->srcIdx, &dummy, cert->maxIdx) < 0)
return ASN_PARSE_E;
b = cert->source[cert->srcIdx++];
if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E;
if (GetLength(cert->source, &cert->srcIdx, &oidSz, cert->maxIdx) < 0)
return ASN_PARSE_E;
XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint));
/* v1 name types */
if (joint[0] == 0x55 && joint[1] == 0x04) {
byte id;
byte copy = FALSE;
int strLen;
cert->srcIdx += 2;
id = cert->source[cert->srcIdx++];
b = cert->source[cert->srcIdx++]; /* encoding */
if (GetLength(cert->source, &cert->srcIdx, &strLen,
cert->maxIdx) < 0)
return ASN_PARSE_E;
if ( (strLen + 14) > (int)(ASN_NAME_MAX - idx)) {
/* include biggest pre fix header too 4 = "/serialNumber=" */
WOLFSSL_MSG("ASN Name too big, skipping");
tooBig = TRUE;
}
if (id == ASN_COMMON_NAME) {
if (nameType == SUBJECT) {
cert->subjectCN = (char *)&cert->source[cert->srcIdx];
cert->subjectCNLen = strLen;
cert->subjectCNEnc = b;
}
if (!tooBig) {
XMEMCPY(&full[idx], "/CN=", 4);
idx += 4;
copy = TRUE;
}
#ifdef OPENSSL_EXTRA
dName->cnIdx = cert->srcIdx;
dName->cnLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_SUR_NAME) {
if (!tooBig) {
XMEMCPY(&full[idx], "/SN=", 4);
idx += 4;
copy = TRUE;
}
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectSN = (char*)&cert->source[cert->srcIdx];
cert->subjectSNLen = strLen;
cert->subjectSNEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->snIdx = cert->srcIdx;
dName->snLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_COUNTRY_NAME) {
if (!tooBig) {
XMEMCPY(&full[idx], "/C=", 3);
idx += 3;
copy = TRUE;
}
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectC = (char*)&cert->source[cert->srcIdx];
cert->subjectCLen = strLen;
cert->subjectCEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->cIdx = cert->srcIdx;
dName->cLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_LOCALITY_NAME) {
if (!tooBig) {
XMEMCPY(&full[idx], "/L=", 3);
idx += 3;
copy = TRUE;
}
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectL = (char*)&cert->source[cert->srcIdx];
cert->subjectLLen = strLen;
cert->subjectLEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->lIdx = cert->srcIdx;
dName->lLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_STATE_NAME) {
if (!tooBig) {
XMEMCPY(&full[idx], "/ST=", 4);
idx += 4;
copy = TRUE;
}
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectST = (char*)&cert->source[cert->srcIdx];
cert->subjectSTLen = strLen;
cert->subjectSTEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->stIdx = cert->srcIdx;
dName->stLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_ORG_NAME) {
if (!tooBig) {
XMEMCPY(&full[idx], "/O=", 3);
idx += 3;
copy = TRUE;
}
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectO = (char*)&cert->source[cert->srcIdx];
cert->subjectOLen = strLen;
cert->subjectOEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->oIdx = cert->srcIdx;
dName->oLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_ORGUNIT_NAME) {
if (!tooBig) {
XMEMCPY(&full[idx], "/OU=", 4);
idx += 4;
copy = TRUE;
}
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectOU = (char*)&cert->source[cert->srcIdx];
cert->subjectOULen = strLen;
cert->subjectOUEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->ouIdx = cert->srcIdx;
dName->ouLen = strLen;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_SERIAL_NUMBER) {
if (!tooBig) {
XMEMCPY(&full[idx], "/serialNumber=", 14);
idx += 14;
copy = TRUE;
}
#ifdef OPENSSL_EXTRA
dName->snIdx = cert->srcIdx;
dName->snLen = strLen;
#endif /* OPENSSL_EXTRA */
}
if (copy && !tooBig) {
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
idx += strLen;
}
cert->srcIdx += strLen;
}
else {
/* skip */
byte email = FALSE;
byte uid = FALSE;
int adv;
if (joint[0] == 0x2a && joint[1] == 0x86) /* email id hdr */
email = TRUE;
if (joint[0] == 0x9 && joint[1] == 0x92) /* uid id hdr */
uid = TRUE;
cert->srcIdx += oidSz + 1;
if (GetLength(cert->source, &cert->srcIdx, &adv, cert->maxIdx) < 0)
return ASN_PARSE_E;
if (adv > (int)(ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping");
tooBig = TRUE;
}
if (email) {
if ( (14 + adv) > (int)(ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping");
tooBig = TRUE;
}
if (!tooBig) {
XMEMCPY(&full[idx], "/emailAddress=", 14);
idx += 14;
}
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectEmail = (char*)&cert->source[cert->srcIdx];
cert->subjectEmailLen = adv;
}
#endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->emailIdx = cert->srcIdx;
dName->emailLen = adv;
#endif /* OPENSSL_EXTRA */
#ifndef IGNORE_NAME_CONSTRAINTS
{
DNS_entry* emailName = NULL;
emailName = (DNS_entry*)XMALLOC(sizeof(DNS_entry),
cert->heap, DYNAMIC_TYPE_ALTNAME);
if (emailName == NULL) {
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
}
emailName->name = (char*)XMALLOC(adv + 1,
cert->heap, DYNAMIC_TYPE_ALTNAME);
if (emailName->name == NULL) {
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
}
XMEMCPY(emailName->name,
&cert->source[cert->srcIdx], adv);
emailName->name[adv] = 0;
emailName->next = cert->altEmailNames;
cert->altEmailNames = emailName;
}
#endif /* IGNORE_NAME_CONSTRAINTS */
if (!tooBig) {
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
idx += adv;
}
}
if (uid) {
if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping");
tooBig = TRUE;
}
if (!tooBig) {
XMEMCPY(&full[idx], "/UID=", 5);
idx += 5;
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
idx += adv;
}
#ifdef OPENSSL_EXTRA
dName->uidIdx = cert->srcIdx;
dName->uidLen = adv;
#endif /* OPENSSL_EXTRA */
}
cert->srcIdx += adv;
}
}
full[idx++] = 0;
#ifdef OPENSSL_EXTRA
{
int totalLen = 0;
if (dName->cnLen != 0)
totalLen += dName->cnLen + 4;
if (dName->snLen != 0)
totalLen += dName->snLen + 4;
if (dName->cLen != 0)
totalLen += dName->cLen + 3;
if (dName->lLen != 0)
totalLen += dName->lLen + 3;
if (dName->stLen != 0)
totalLen += dName->stLen + 4;
if (dName->oLen != 0)
totalLen += dName->oLen + 3;
if (dName->ouLen != 0)
totalLen += dName->ouLen + 4;
if (dName->emailLen != 0)
totalLen += dName->emailLen + 14;
if (dName->uidLen != 0)
totalLen += dName->uidLen + 5;
if (dName->serialLen != 0)
totalLen += dName->serialLen + 14;
dName->fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509);
if (dName->fullName != NULL) {
idx = 0;
if (dName->cnLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/CN=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cnIdx], dName->cnLen);
dName->cnIdx = idx;
idx += dName->cnLen;
}
if (dName->snLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/SN=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->snIdx], dName->snLen);
dName->snIdx = idx;
idx += dName->snLen;
}
if (dName->cLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/C=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cIdx], dName->cLen);
dName->cIdx = idx;
idx += dName->cLen;
}
if (dName->lLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/L=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->lIdx], dName->lLen);
dName->lIdx = idx;
idx += dName->lLen;
}
if (dName->stLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/ST=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->stIdx], dName->stLen);
dName->stIdx = idx;
idx += dName->stLen;
}
if (dName->oLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/O=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->oIdx], dName->oLen);
dName->oIdx = idx;
idx += dName->oLen;
}
if (dName->ouLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/OU=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->ouIdx], dName->ouLen);
dName->ouIdx = idx;
idx += dName->ouLen;
}
if (dName->emailLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->emailIdx], dName->emailLen);
dName->emailIdx = idx;
idx += dName->emailLen;
}
if (dName->uidLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
idx += 5;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->uidIdx], dName->uidLen);
dName->uidIdx = idx;
idx += dName->uidLen;
}
if (dName->serialLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/serialNumber=", 14);
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->serialIdx], dName->serialLen);
dName->serialIdx = idx;
idx += dName->serialLen;
}
dName->fullName[idx] = '\0';
dName->fullNameLen = totalLen;
}
}
#endif /* OPENSSL_EXTRA */
return 0;
}
#ifndef NO_TIME_H
/* to the second */
static int DateGreaterThan(const struct tm* a, const struct tm* b)
{
if (a->tm_year > b->tm_year)
return 1;
if (a->tm_year == b->tm_year && a->tm_mon > b->tm_mon)
return 1;
if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
a->tm_mday > b->tm_mday)
return 1;
if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
a->tm_mday == b->tm_mday && a->tm_hour > b->tm_hour)
return 1;
if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour &&
a->tm_min > b->tm_min)
return 1;
if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
a->tm_mday == b->tm_mday && a->tm_hour == b->tm_hour &&
a->tm_min == b->tm_min && a->tm_sec > b->tm_sec)
return 1;
return 0; /* false */
}
static INLINE int DateLessThan(const struct tm* a, const struct tm* b)
{
return DateGreaterThan(b,a);
}
/* like atoi but only use first byte */
/* Make sure before and after dates are valid */
int ValidateDate(const byte* date, byte format, int dateType)
{
time_t ltime;
struct tm certTime;
struct tm* localTime;
struct tm* tmpTime = NULL;
int i = 0;
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES)
struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage;
#else
(void)tmpTime;
#endif
ltime = XTIME(0);
XMEMSET(&certTime, 0, sizeof(certTime));
if (format == ASN_UTC_TIME) {
if (btoi(date[0]) >= 5)
certTime.tm_year = 1900;
else
certTime.tm_year = 2000;
}
else { /* format == GENERALIZED_TIME */
certTime.tm_year += btoi(date[i++]) * 1000;
certTime.tm_year += btoi(date[i++]) * 100;
}
/* adjust tm_year, tm_mon */
GetTime((int*)&certTime.tm_year, date, &i); certTime.tm_year -= 1900;
GetTime((int*)&certTime.tm_mon, date, &i); certTime.tm_mon -= 1;
GetTime((int*)&certTime.tm_mday, date, &i);
GetTime((int*)&certTime.tm_hour, date, &i);
GetTime((int*)&certTime.tm_min, date, &i);
GetTime((int*)&certTime.tm_sec, date, &i);
if (date[i] != 'Z') { /* only Zulu supported for this profile */
WOLFSSL_MSG("Only Zulu time supported for this profile");
return 0;
}
localTime = XGMTIME(&ltime, tmpTime);
if (dateType == BEFORE) {
if (DateLessThan(localTime, &certTime))
return 0;
}
else
if (DateGreaterThan(localTime, &certTime))
return 0;
return 1;
}
#endif /* NO_TIME_H */
static int GetDate(DecodedCert* cert, int dateType)
{
int length;
byte date[MAX_DATE_SIZE];
byte b;
word32 startIdx = 0;
if (dateType == BEFORE)
cert->beforeDate = &cert->source[cert->srcIdx];
else
cert->afterDate = &cert->source[cert->srcIdx];
startIdx = cert->srcIdx;
b = cert->source[cert->srcIdx++];
if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME)
return ASN_TIME_E;
if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE)
return ASN_DATE_SZ_E;
XMEMCPY(date, &cert->source[cert->srcIdx], length);
cert->srcIdx += length;
if (dateType == BEFORE)
cert->beforeDateLen = cert->srcIdx - startIdx;
else
cert->afterDateLen = cert->srcIdx - startIdx;
if (!XVALIDATE_DATE(date, b, dateType)) {
if (dateType == BEFORE)
return ASN_BEFORE_DATE_E;
else
return ASN_AFTER_DATE_E;
}
return 0;
}
static int GetValidity(DecodedCert* cert, int verify)
{
int length;
int badDate = 0;
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
if (GetDate(cert, BEFORE) < 0 && verify)
badDate = ASN_BEFORE_DATE_E; /* continue parsing */
if (GetDate(cert, AFTER) < 0 && verify)
return ASN_AFTER_DATE_E;
if (badDate != 0)
return badDate;
return 0;
}
int DecodeToKey(DecodedCert* cert, int verify)
{
int badDate = 0;
int ret;
if ( (ret = GetCertHeader(cert)) < 0)
return ret;
WOLFSSL_MSG("Got Cert Header");
if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID,
cert->maxIdx)) < 0)
return ret;
WOLFSSL_MSG("Got Algo ID");
if ( (ret = GetName(cert, ISSUER)) < 0)
return ret;
if ( (ret = GetValidity(cert, verify)) < 0)
badDate = ret;
if ( (ret = GetName(cert, SUBJECT)) < 0)
return ret;
WOLFSSL_MSG("Got Subject Name");
if ( (ret = GetKey(cert)) < 0)
return ret;
WOLFSSL_MSG("Got Key");
if (badDate != 0)
return badDate;
return ret;
}
static int GetSignature(DecodedCert* cert)
{
int length;
byte b = cert->source[cert->srcIdx++];
if (b != ASN_BIT_STRING)
return ASN_BITSTR_E;
if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
cert->sigLength = length;
b = cert->source[cert->srcIdx++];
if (b != 0x00)
return ASN_EXPECT_0_E;
cert->sigLength--;
cert->signature = &cert->source[cert->srcIdx];
cert->srcIdx += cert->sigLength;
return 0;
}
static word32 SetDigest(const byte* digest, word32 digSz, byte* output)
{
output[0] = ASN_OCTET_STRING;
output[1] = (byte)digSz;
XMEMCPY(&output[2], digest, digSz);
return digSz + 2;
}
static word32 BytePrecision(word32 value)
{
word32 i;
for (i = sizeof(value); i; --i)
if (value >> ((i - 1) * WOLFSSL_BIT_SIZE))
break;
return i;
}
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output)
{
word32 i = 0, j;
if (length < ASN_LONG_LENGTH)
output[i++] = (byte)length;
else {
output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
for (j = BytePrecision(length); j; --j) {
output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
i++;
}
}
return i;
}
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output)
{
output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED;
return SetLength(len, output + 1) + 1;
}
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output)
{
output[0] = ASN_OCTET_STRING;
return SetLength(len, output + 1) + 1;
}
/* Write a set header to output */
WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output)
{
output[0] = ASN_SET | ASN_CONSTRUCTED;
return SetLength(len, output + 1) + 1;
}
WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
{
output[0] = ((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0)
| ASN_CONTEXT_SPECIFIC | number;
return SetLength(len, output + 1) + 1;
}
WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output)
{
output[0] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number;
return SetLength(len, output + 1) + 1;
}
#if defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
static word32 SetCurve(ecc_key* key, byte* output)
{
/* curve types */
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
static const byte ECC_192v1_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
0x03, 0x01, 0x01};
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
static const byte ECC_256v1_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
0x03, 0x01, 0x07};
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
static const byte ECC_160r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
0x02};
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
static const byte ECC_224r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
0x21};
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
static const byte ECC_384r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
0x22};
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
static const byte ECC_521r1_AlgoID[] = { 0x2b, 0x81, 0x04, 0x00,
0x23};
#endif
int oidSz = 0;
int idx = 0;
int lenSz = 0;
const byte* oid = 0;
output[0] = ASN_OBJECT_ID;
idx++;
switch (key->dp->size) {
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
case 20:
oidSz = sizeof(ECC_160r1_AlgoID);
oid = ECC_160r1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
case 24:
oidSz = sizeof(ECC_192v1_AlgoID);
oid = ECC_192v1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
case 28:
oidSz = sizeof(ECC_224r1_AlgoID);
oid = ECC_224r1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case 32:
oidSz = sizeof(ECC_256v1_AlgoID);
oid = ECC_256v1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
case 48:
oidSz = sizeof(ECC_384r1_AlgoID);
oid = ECC_384r1_AlgoID;
break;
#endif
#if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
case 66:
oidSz = sizeof(ECC_521r1_AlgoID);
oid = ECC_521r1_AlgoID;
break;
#endif
default:
return ASN_UNKNOWN_OID_E;
}
lenSz = SetLength(oidSz, output+idx);
idx += lenSz;
XMEMCPY(output+idx, oid, oidSz);
idx += oidSz;
return idx;
}
#endif /* HAVE_ECC && WOLFSSL_CERT_GEN */
WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
{
/* adding TAG_NULL and 0 to end */
/* hashTypes */
static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x05, 0x00 };
static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00 };
static const byte sha384AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x02, 0x05, 0x00 };
static const byte sha512AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x03, 0x05, 0x00 };
static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x02, 0x05, 0x05, 0x00 };
static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x02, 0x02, 0x05, 0x00};
/* blkTypes, no NULL tags because IV is there instead */
static const byte desCbcAlgoID[] = { 0x2B, 0x0E, 0x03, 0x02, 0x07 };
static const byte des3CbcAlgoID[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
0x0D, 0x03, 0x07 };
/* RSA sigTypes */
#ifndef NO_RSA
static const byte md5wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x04, 0x05, 0x00};
static const byte shawRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x05, 0x05, 0x00};
static const byte sha256wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00};
static const byte sha384wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00};
static const byte sha512wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00};
#endif /* NO_RSA */
/* ECDSA sigTypes */
#ifdef HAVE_ECC
static const byte shawECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
0x04, 0x01, 0x05, 0x00};
static const byte sha256wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d,
0x04, 0x03, 0x02, 0x05, 0x00};
static const byte sha384wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d,
0x04, 0x03, 0x03, 0x05, 0x00};
static const byte sha512wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d,
0x04, 0x03, 0x04, 0x05, 0x00};
#endif /* HAVE_ECC */
/* RSA keyType */
#ifndef NO_RSA
static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x01, 0x01, 0x05, 0x00};
#endif /* NO_RSA */
#ifdef HAVE_ECC
/* ECC keyType */
/* no tags, so set tagSz smaller later */
static const byte ECC_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
0x02, 0x01};
#endif /* HAVE_ECC */
int algoSz = 0;
int tagSz = 2; /* tag null and terminator */
word32 idSz, seqSz;
const byte* algoName = 0;
byte ID_Length[MAX_LENGTH_SZ];
byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */
if (type == hashType) {
switch (algoOID) {
case SHAh:
algoSz = sizeof(shaAlgoID);
algoName = shaAlgoID;
break;
case SHA256h:
algoSz = sizeof(sha256AlgoID);
algoName = sha256AlgoID;
break;
case SHA384h:
algoSz = sizeof(sha384AlgoID);
algoName = sha384AlgoID;
break;
case SHA512h:
algoSz = sizeof(sha512AlgoID);
algoName = sha512AlgoID;
break;
case MD2h:
algoSz = sizeof(md2AlgoID);
algoName = md2AlgoID;
break;
case MD5h:
algoSz = sizeof(md5AlgoID);
algoName = md5AlgoID;
break;
default:
WOLFSSL_MSG("Unknown Hash Algo");
return 0; /* UNKOWN_HASH_E; */
}
}
else if (type == blkType) {
switch (algoOID) {
case DESb:
algoSz = sizeof(desCbcAlgoID);
algoName = desCbcAlgoID;
tagSz = 0;
break;
case DES3b:
algoSz = sizeof(des3CbcAlgoID);
algoName = des3CbcAlgoID;
tagSz = 0;
break;
default:
WOLFSSL_MSG("Unknown Block Algo");
return 0;
}
}
else if (type == sigType) { /* sigType */
switch (algoOID) {
#ifndef NO_RSA
case CTC_MD5wRSA:
algoSz = sizeof(md5wRSA_AlgoID);
algoName = md5wRSA_AlgoID;
break;
case CTC_SHAwRSA:
algoSz = sizeof(shawRSA_AlgoID);
algoName = shawRSA_AlgoID;
break;
case CTC_SHA256wRSA:
algoSz = sizeof(sha256wRSA_AlgoID);
algoName = sha256wRSA_AlgoID;
break;
case CTC_SHA384wRSA:
algoSz = sizeof(sha384wRSA_AlgoID);
algoName = sha384wRSA_AlgoID;
break;
case CTC_SHA512wRSA:
algoSz = sizeof(sha512wRSA_AlgoID);
algoName = sha512wRSA_AlgoID;
break;
#endif /* NO_RSA */
#ifdef HAVE_ECC
case CTC_SHAwECDSA:
algoSz = sizeof(shawECDSA_AlgoID);
algoName = shawECDSA_AlgoID;
break;
case CTC_SHA256wECDSA:
algoSz = sizeof(sha256wECDSA_AlgoID);
algoName = sha256wECDSA_AlgoID;
break;
case CTC_SHA384wECDSA:
algoSz = sizeof(sha384wECDSA_AlgoID);
algoName = sha384wECDSA_AlgoID;
break;
case CTC_SHA512wECDSA:
algoSz = sizeof(sha512wECDSA_AlgoID);
algoName = sha512wECDSA_AlgoID;
break;
#endif /* HAVE_ECC */
default:
WOLFSSL_MSG("Unknown Signature Algo");
return 0;
}
}
else if (type == keyType) { /* keyType */
switch (algoOID) {
#ifndef NO_RSA
case RSAk:
algoSz = sizeof(RSA_AlgoID);