static AJ_Status DecodeCertificatePub(DER_Element* der, AJ_KeyInfo* keyinfo)
{
AJ_Status status;
DER_Element seq;
DER_Element bit;
DER_Element oid1;
DER_Element oid2;
uint8_t tags1[] = { ASN_SEQ, ASN_BITS };
uint8_t tags2[] = { ASN_OID, ASN_OID };
status = AJ_ASN1DecodeElements(der, tags1, sizeof (tags1), &seq, &bit);
if (AJ_OK != status) {
return status;
}
/*
* We only accept NISTP256 ECC keys at the moment.
*/
status = AJ_ASN1DecodeElements(&seq, tags2, sizeof (tags2), &oid1, &oid2);
if (AJ_OK != status) {
return status;
}
if (sizeof (OID_KEY_ECC) != oid1.size) {
return AJ_ERR_INVALID;
}
if (0 != memcmp(OID_KEY_ECC, oid1.data, oid1.size)) {
return AJ_ERR_INVALID;
}
if (sizeof (OID_CRV_PRIME256V1) != oid2.size) {
return AJ_ERR_INVALID;
}
if (0 != memcmp(OID_CRV_PRIME256V1, oid2.data, oid2.size)) {
return AJ_ERR_INVALID;
}
/*
* We only accept uncompressed ECC points.
*/
if ((2 + KEY_ECC_PUB_SZ) != bit.size) {
return AJ_ERR_INVALID;
}
if ((0x00 != bit.data[0]) || (0x04 != bit.data[1])) {
return AJ_ERR_INVALID;
}
bit.data += 2;
bit.size -= 2;
memset(keyinfo, 0, sizeof (AJ_KeyInfo));
keyinfo->fmt = KEY_FMT_ALLJOYN;
keyinfo->use = KEY_USE_SIG;
keyinfo->kty = KEY_TYP_ECC;
keyinfo->alg = KEY_ALG_ECDSA_SHA256;
keyinfo->crv = KEY_CRV_NISTP256;
AJ_BigvalDecode(bit.data, &keyinfo->key.publickey.x, KEY_ECC_SZ);
bit.data += KEY_ECC_SZ;
bit.size -= KEY_ECC_SZ;
AJ_BigvalDecode(bit.data, &keyinfo->key.publickey.y, KEY_ECC_SZ);
return status;
}
AJ_Status AJ_X509DecodeCertificateDER(X509Certificate* certificate, DER_Element* der)
{
AJ_Status status;
DER_Element seq;
DER_Element tbs;
DER_Element tmp;
DER_Element oid;
DER_Element sig;
const uint8_t tags1[] = { ASN_SEQ };
const uint8_t tags2[] = { ASN_SEQ, ASN_SEQ, ASN_BITS };
AJ_InfoPrintf(("AJ_X509DecodeCertificateDER(certificate=%p, der=%p)\n", certificate, der));
if ((NULL == certificate) || (NULL == der)) {
return AJ_ERR_INVALID;
}
status = AJ_ASN1DecodeElements(der, tags1, sizeof (tags1), &seq);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElements(&seq, tags2, sizeof (tags2), &tbs, &tmp, &sig);
if (AJ_OK != status) {
return status;
}
/*
* The signed TBS includes the sequence and length fields.
*/
certificate->raw.data = tbs.data - 4;
certificate->raw.size = tbs.size + 4;
status = DecodeCertificateTBS(&certificate->tbs, &tbs);
if (AJ_OK != status) {
return status;
}
/*
* We only accept ECDSA-SHA256 signed certificates at the moment.
*/
status = AJ_ASN1DecodeElement(&tmp, ASN_OID, &oid);
if (AJ_OK != status) {
return status;
}
if (!CompareOID(&oid, OID_SIG_ECDSA_SHA256, sizeof (OID_SIG_ECDSA_SHA256))) {
return AJ_ERR_INVALID;
}
/*
* Remove the byte specifying unused bits, this should always be zero.
*/
if ((0 == sig.size) || (0 != *sig.data)) {
return AJ_ERR_INVALID;
}
sig.data++;
sig.size--;
status = DecodeCertificateSig(&certificate->signature, &sig);
return status;
}
AJ_Status AJ_DecodePrivateKeyDER(ecc_privatekey* key, DER_Element* der)
{
AJ_Status status;
DER_Element seq;
DER_Element ver;
DER_Element prv;
DER_Element alg;
const uint8_t tags1[] = { ASN_SEQ };
const uint8_t tags2[] = { ASN_INTEGER, ASN_OCTETS, ASN_CONTEXT_SPECIFIC };
status = AJ_ASN1DecodeElements(der, tags1, sizeof (tags1), &seq);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElements(&seq, tags2, sizeof (tags2), &ver, &prv, 0, &alg);
if (AJ_OK != status) {
return status;
}
if ((1 != ver.size) || (1 != *ver.data)) {
return AJ_ERR_INVALID;
}
if (KEY_ECC_PRV_SZ != prv.size) {
return AJ_ERR_INVALID;
}
AJ_BigvalDecode(prv.data, key, KEY_ECC_SZ);
return status;
}
static AJ_Status DecodeCertificatePub(ecc_publickey* pub, DER_Element* der)
{
AJ_Status status;
DER_Element seq;
DER_Element bit;
DER_Element oid1;
DER_Element oid2;
const uint8_t tags1[] = { ASN_SEQ, ASN_BITS };
const uint8_t tags2[] = { ASN_OID, ASN_OID };
memset(pub, 0, sizeof (ecc_publickey));
status = AJ_ASN1DecodeElements(der, tags1, sizeof (tags1), &seq, &bit);
if (AJ_OK != status) {
return status;
}
/*
* We only accept NISTP256 ECC keys at the moment.
*/
status = AJ_ASN1DecodeElements(&seq, tags2, sizeof (tags2), &oid1, &oid2);
if (AJ_OK != status) {
return status;
}
if (!CompareOID(&oid1, OID_KEY_ECC, sizeof (OID_KEY_ECC))) {
return AJ_ERR_INVALID;
}
if (!CompareOID(&oid2, OID_CRV_PRIME256V1, sizeof (OID_CRV_PRIME256V1))) {
return AJ_ERR_INVALID;
}
/*
* We only accept uncompressed ECC points.
*/
if ((2 + KEY_ECC_PUB_SZ) != bit.size) {
return AJ_ERR_INVALID;
}
if ((0x00 != bit.data[0]) || (0x04 != bit.data[1])) {
return AJ_ERR_INVALID;
}
bit.data += 2;
bit.size -= 2;
AJ_BigvalDecode(bit.data, &pub->x, KEY_ECC_SZ);
bit.data += KEY_ECC_SZ;
bit.size -= KEY_ECC_SZ;
AJ_BigvalDecode(bit.data, &pub->y, KEY_ECC_SZ);
return status;
}
static AJ_Status DecodeCertificateSig(DER_Element* der, ecc_signature* signature)
{
AJ_Status status;
DER_Element seq;
DER_Element int1;
DER_Element int2;
uint8_t tags[] = { ASN_INTEGER, ASN_INTEGER };
status = AJ_ASN1DecodeElement(der, ASN_SEQ, &seq);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElements(&seq, tags, sizeof (tags), &int1, &int2);
if (AJ_OK != status) {
return status;
}
/*
* Skip over unused bits.
*/
if ((0 < int1.size) && (0 == *int1.data)) {
int1.data++;
int1.size--;
}
if ((0 < int2.size) && (0 == *int2.data)) {
int2.data++;
int2.size--;
}
memset(signature, 0, sizeof (ecc_signature));
AJ_BigvalDecode(int1.data, &signature->r, int1.size);
AJ_BigvalDecode(int2.data, &signature->s, int2.size);
return status;
}
static AJ_Status DecodeCertificateTBS(X509Certificate* certificate, DER_Element* tbs)
{
AJ_Status status;
DER_Element ver;
DER_Element oid;
DER_Element iss;
DER_Element utc;
DER_Element sub;
DER_Element pub;
DER_Element ext;
DER_Element tmp;
DER_Element time1;
DER_Element time2;
uint8_t tags1[] = { ASN_CONTEXT_SPECIFIC, ASN_INTEGER, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_CONTEXT_SPECIFIC };
uint8_t tags2[] = { ASN_UTC_TIME, ASN_UTC_TIME };
status = AJ_ASN1DecodeElements(tbs, tags1, sizeof (tags1), 0, &ver, &certificate->serial, &oid, &iss, &utc, &sub, &pub, 3, &ext);
if (AJ_OK != status) {
return status;
}
/*
* We only accept X.509v3 certificates.
*/
status = AJ_ASN1DecodeElement(&ver, ASN_INTEGER, &tmp);
if (AJ_OK != status) {
return status;
}
if ((0x1 != tmp.size) || (0x2 != *tmp.data)) {
return AJ_ERR_INVALID;
}
/*
* We only accept ECDSA-SHA256 signed certificates at the moment.
*/
status = AJ_ASN1DecodeElement(&oid, ASN_OID, &tmp);
if (AJ_OK != status) {
return status;
}
if (!CompareOID(&tmp, OID_SIG_ECDSA_SHA256, sizeof (OID_SIG_ECDSA_SHA256))) {
return AJ_ERR_INVALID;
}
status = DecodeCertificateName(&iss, 0, NULL, &certificate->issuer);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElements(&utc, tags2, sizeof (tags2), &time1, &time2);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificateName(&sub, 0, &certificate->guild, &certificate->subject);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificatePub(&pub, &certificate->keyinfo);
if (AJ_OK != status) {
return status;
}
memset(certificate->digest, 0, SHA256_DIGEST_LENGTH);
status = DecodeCertificateExt(certificate, &ext);
return status;
}
static AJ_Status DecodeCertificateExt(X509Certificate* certificate, DER_Element* der)
{
AJ_Status status;
DER_Element tmp;
DER_Element seq;
DER_Element oid;
DER_Element oct;
uint8_t tags[] = { ASN_OID, ASN_OCTETS };
certificate->type = UNKNOWN_CERTIFICATE;
status = AJ_ASN1DecodeElement(der, ASN_SEQ, &tmp);
if (AJ_OK != status) {
return status;
}
der->size = tmp.size;
der->data = tmp.data;
while ((AJ_OK == status) && (der->size)) {
status = AJ_ASN1DecodeElement(der, ASN_SEQ, &seq);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElements(&seq, tags, sizeof (tags), &oid, &oct);
if (AJ_OK != status) {
return status;
}
if (CompareOID(&oid, OID_BASIC_CONSTRAINTS, sizeof (OID_BASIC_CONSTRAINTS))) {
status = AJ_ASN1DecodeElement(&oct, ASN_SEQ, &seq);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElement(&seq, ASN_BOOLEAN, &tmp);
if (AJ_OK != status) {
return status;
}
} else if (CompareOID(&oid, OID_CUSTOM_CERT_TYPE, sizeof (OID_CUSTOM_CERT_TYPE))) {
status = AJ_ASN1DecodeElement(&oct, ASN_SEQ, &seq);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElement(&seq, ASN_INTEGER, &tmp);
if (AJ_OK != status) {
return status;
}
if (sizeof (uint32_t) < tmp.size) {
return AJ_ERR_INVALID;
}
certificate->type = 0;
while (tmp.size--) {
certificate->type <<= 8;
certificate->type |= *tmp.data++;
}
} else if (CompareOID(&oid, OID_SUB_ALTNAME, sizeof (OID_SUB_ALTNAME))) {
certificate->alias.size = oct.size;
certificate->alias.data = oct.data;
} else if (CompareOID(&oid, OID_CUSTOM_DIGEST, sizeof (OID_CUSTOM_DIGEST))) {
status = AJ_ASN1DecodeElement(&oct, ASN_SEQ, &seq);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElements(&seq, tags, sizeof (tags), &oid, &oct);
if (AJ_OK != status) {
return status;
}
if (!CompareOID(&oid, OID_DIG_SHA256, sizeof (OID_DIG_SHA256))) {
return AJ_ERR_INVALID;
}
if (SHA256_DIGEST_LENGTH != oct.size) {
return AJ_ERR_INVALID;
}
memcpy(certificate->digest, oct.data, SHA256_DIGEST_LENGTH);
} else {
// Ignore extensions we don't know
AJ_DumpBytes("UNKNOWN", oid.data, oid.size);
AJ_DumpBytes("UNKNOWN", oct.data, oct.size);
}
}
return status;
}
static AJ_Status DecodeCertificateTBS(X509TbsCertificate* tbs, DER_Element* der)
{
AJ_Status status;
DER_Element ver;
DER_Element oid;
DER_Element iss;
DER_Element utc;
DER_Element sub;
DER_Element pub;
DER_Element ext;
DER_Element tmp;
const uint8_t tags[] = { ASN_CONTEXT_SPECIFIC, ASN_INTEGER, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_CONTEXT_SPECIFIC };
memset(tbs, 0, sizeof (X509TbsCertificate));
status = AJ_ASN1DecodeElements(der, tags, sizeof (tags), 0, &ver, &tbs->serial, &oid, &iss, &utc, &sub, &pub, 3, &ext);
if (AJ_OK != status) {
return status;
}
/*
* We only accept X.509v3 certificates.
*/
status = AJ_ASN1DecodeElement(&ver, ASN_INTEGER, &tmp);
if (AJ_OK != status) {
return status;
}
if ((0x1 != tmp.size) || (0x2 != *tmp.data)) {
return AJ_ERR_INVALID;
}
/*
* We only accept ECDSA-SHA256 signed certificates at the moment.
*/
status = AJ_ASN1DecodeElement(&oid, ASN_OID, &tmp);
if (AJ_OK != status) {
return status;
}
if (!CompareOID(&tmp, OID_SIG_ECDSA_SHA256, sizeof (OID_SIG_ECDSA_SHA256))) {
return AJ_ERR_INVALID;
}
status = DecodeCertificateName(&tbs->issuer, &iss);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificateTime(&tbs->validity, &utc);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificateName(&tbs->subject, &sub);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificatePub(&tbs->publickey, &pub);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificateExt(&tbs->extensions, &ext);
if (AJ_OK != status) {
return status;
}
return status;
}
static AJ_Status DecodeCertificateExt(X509Extensions* extensions, DER_Element* der)
{
AJ_Status status;
DER_Element tmp;
DER_Element seq;
DER_Element savedSeq;
DER_Element boolVal;
DER_Element intVal;
DER_Element oid;
DER_Element oct;
const uint8_t tags[] = { ASN_OID, ASN_OCTETS };
const uint8_t tagsWithCritical[] = { ASN_OID, ASN_BOOLEAN, ASN_OCTETS };
const uint8_t tagsCAPathLen[] = { ASN_BOOLEAN, ASN_INTEGER };
memset(extensions, 0, sizeof (X509Extensions));
status = AJ_ASN1DecodeElement(der, ASN_SEQ, &tmp);
if (AJ_OK != status) {
return status;
}
der->size = tmp.size;
der->data = tmp.data;
while ((AJ_OK == status) && (der->size)) {
status = AJ_ASN1DecodeElement(der, ASN_SEQ, &seq);
if (AJ_OK != status) {
return status;
}
savedSeq.size = seq.size;
savedSeq.data = seq.data;
status = AJ_ASN1DecodeElements(&seq, tagsWithCritical, sizeof (tagsWithCritical), &oid, &boolVal, &oct);
if (AJ_OK != status) {
status = AJ_ASN1DecodeElements(&savedSeq, tags, sizeof (tags), &oid, &oct);
if (AJ_OK != status) {
return status;
}
}
if (CompareOID(&oid, OID_BASIC_CONSTRAINTS, sizeof (OID_BASIC_CONSTRAINTS))) {
status = AJ_ASN1DecodeElement(&oct, ASN_SEQ, &seq);
if (AJ_OK != status) {
return status;
}
// Explicit boolean (non-empty sequence)
if (seq.size) {
savedSeq.size = seq.size;
savedSeq.data = seq.data;
status = AJ_ASN1DecodeElements(&seq, tagsCAPathLen, sizeof (tagsCAPathLen), &tmp, &intVal);
if (AJ_OK != status) {
status = AJ_ASN1DecodeElement(&savedSeq, ASN_BOOLEAN, &tmp);
if (AJ_OK != status) {
return status;
}
}
if (tmp.size) {
extensions->ca = *tmp.data;
}
}
}
}
return status;
}
