/**
* Read the modulus and public exponent of a certificate.
*/
int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{
int ret = X509_NOT_OK, mod_len, pub_len;
uint8_t *modulus = NULL, *pub_exp = NULL;
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
goto end_pub_key;
(*offset)++; /* ignore the padding bit field */
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
goto end_pub_key;
mod_len = asn1_get_int(cert, offset, &modulus);
pub_len = asn1_get_int(cert, offset, &pub_exp);
RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
free(modulus);
free(pub_exp);
ret = X509_OK;
end_pub_key:
return ret;
}
/**
* Get RSA key info from the private DER file. The public elements are saved
* into the Key Ring buffer.
* @param buf - pointer to DER file contents
* @return - 0 if successful
*/
int get_key(const uint8_t *buf)
{
KeyRing *pKeyfile = (KeyRing *)keyarray;
uint8_t *pData = (uint8_t *)(pKeyfile + 1);
int i;
int index = 0;
int offset = 7;
uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
int mod_len, priv_len, pub_len;
/* not in der format */
if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
{
printf("Error: This is not a valid ASN.1 file\n");
return X509_INVALID_PRIV_KEY;
}
mod_len = asn1_get_int(buf, &offset, &modulus);
pub_len = asn1_get_int(buf, &offset, &pub_exp);
priv_len = asn1_get_int(buf, &offset, &priv_exp);
if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
return X509_INVALID_PRIV_KEY;
RSA_priv_key_new(&rsa_context,
modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
pKeyfile->rsa_modulus_size = mod_len;
pKeyfile->rsa_exponent_size = pub_len;
printf("mod_len=%ld pub_len=%ld priv_len=%d\n", pKeyfile->rsa_modulus_size,
pKeyfile->rsa_exponent_size, priv_len);
/* Copy modulus to keyfile */
pKeyfile->rsa_modulus_offset = index;
memcpy(&pData[index], modulus, pKeyfile->rsa_modulus_size);
index += pKeyfile->rsa_modulus_size;
pKeyfile->rsa_exponent_offset = index;
/* Copy exponent to keyfile */
memcpy(&pData[index], pub_exp, pKeyfile->rsa_exponent_size);
printf("modulus: ");
for (i = 0; i < pKeyfile->rsa_modulus_size; i++)
{
printf("%02x:", pData[pKeyfile->rsa_modulus_offset + i]);
}
printf("\n");
printf("exponent: ");
for (i = 0; i < pKeyfile->rsa_exponent_size; i++)
{
printf("%02x:", pData[pKeyfile->rsa_exponent_offset + i]);
}
printf("\n");
free(modulus);
free(priv_exp);
free(pub_exp);
return X509_OK;
}
static int x509_get_basic_constraints( unsigned char **p,
const unsigned char *end,
int *ca_istrue,
int *max_pathlen )
{
int ret;
size_t len;
/*
* BasicConstraints ::= SEQUENCE {
* cA BOOLEAN DEFAULT FALSE,
* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
*/
*ca_istrue = 0; /* DEFAULT FALSE */
*max_pathlen = 0; /* endless */
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
if( *p == end )
return 0;
if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
{
if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
ret = asn1_get_int( p, end, ca_istrue );
if( ret != 0 )
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
if( *ca_istrue != 0 )
*ca_istrue = 1;
}
if( *p == end )
return 0;
if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
if( *p != end )
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
(*max_pathlen)++;
return 0;
}
/**
* Get all the RSA private key specifics from an ASN.1 encoded file
*/
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
{
int offset = 7;
uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
int mod_len, priv_len, pub_len;
#ifdef CONFIG_BIGINT_CRT
uint8_t *p = NULL, *q = NULL, *dP = NULL, *dQ = NULL, *qInv = NULL;
int p_len, q_len, dP_len, dQ_len, qInv_len;
#endif
/* not in der format */
if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
{
#ifdef CONFIG_SSL_FULL_MODE
printf("Error: This is not a valid ASN.1 file\n");
#endif
return X509_INVALID_PRIV_KEY;
}
/* initialise the RNG */
RNG_initialize(buf, len);
mod_len = asn1_get_int(buf, &offset, &modulus);
pub_len = asn1_get_int(buf, &offset, &pub_exp);
priv_len = asn1_get_int(buf, &offset, &priv_exp);
if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
return X509_INVALID_PRIV_KEY;
#ifdef CONFIG_BIGINT_CRT
p_len = asn1_get_int(buf, &offset, &p);
q_len = asn1_get_int(buf, &offset, &q);
dP_len = asn1_get_int(buf, &offset, &dP);
dQ_len = asn1_get_int(buf, &offset, &dQ);
qInv_len = asn1_get_int(buf, &offset, &qInv);
if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
return X509_INVALID_PRIV_KEY;
RSA_priv_key_new(rsa_ctx,
modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
free(p);
free(q);
free(dP);
free(dQ);
free(qInv);
#else
RSA_priv_key_new(rsa_ctx,
modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
#endif
free(modulus);
free(priv_exp);
free(pub_exp);
return X509_OK;
}
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
static int x509_get_version( unsigned char **p,
unsigned char *end,
int *ver )
{
int ret, len;
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
{
if( ret == ERR_ASN1_UNEXPECTED_TAG )
return( *ver = 0 );
return( ret );
}
end = *p + len;
if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
return( ERR_X509_CERT_INVALID_VERSION | ret );
if( *p != end )
return( ERR_X509_CERT_INVALID_VERSION |
ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
static int x509_get_version( unsigned char **p,
const unsigned char *end,
int *ver )
{
int ret;
size_t len;
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
{
if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
{
*ver = 0;
return( 0 );
}
return( ret );
}
end = *p + len;
if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
if( *p != end )
return( POLARSSL_ERR_X509_INVALID_VERSION +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
/*
* Retrieve the salt/iteration details from a PBE block.
*/
static int get_pbe_params(uint8_t *buf, int *offset,
const uint8_t **salt, int *iterations)
{
static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4 */
{ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
int i, len;
uint8_t *iter = NULL;
int error_code = SSL_ERROR_NOT_SUPPORTED;
/* Get the PBE type */
if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
goto error;
/* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1)
which is the only algorithm we support */
if (len != sizeof(pbeSH1RC4) ||
memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
{
#ifdef CONFIG_SSL_FULL_MODE
printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
#endif
goto error;
}
*offset += len;
if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, offset, ASN1_OCTET_STRING)) < 0 ||
len != 8)
goto error;
*salt = &buf[*offset];
*offset += len;
if ((len = asn1_get_int(buf, offset, &iter)) < 0)
goto error;
*iterations = 0;
for (i = 0; i < len; i++)
{
(*iterations) <<= 8;
(*iterations) += iter[i];
}
free(iter);
error_code = SSL_OK; /* got here - we are ok */
error:
return error_code;
}
static int read_dsa_privatekey(FILE *fp, gcry_sexp_t *r, ssh_auth_callback cb,
void *userdata, const char *desc) {
ssh_buffer buffer = NULL;
ssh_string p = NULL;
ssh_string q = NULL;
ssh_string g = NULL;
ssh_string y = NULL;
ssh_string x = NULL;
ssh_string v = NULL;
int rc = 1;
buffer = privatekey_file_to_buffer(fp, TYPE_DSS, cb, userdata, desc);
if (buffer == NULL) {
return 0;
}
if (!asn1_check_sequence(buffer)) {
buffer_free(buffer);
return 0;
}
v = asn1_get_int(buffer);
if (ntohl(v->size) != 1 || v->string[0] != 0) {
buffer_free(buffer);
return 0;
}
p = asn1_get_int(buffer);
q = asn1_get_int(buffer);
g = asn1_get_int(buffer);
y = asn1_get_int(buffer);
x = asn1_get_int(buffer);
buffer_free(buffer);
if (p == NULL || q == NULL || g == NULL || y == NULL || x == NULL) {
rc = 0;
goto error;
}
if (gcry_sexp_build(r, NULL,
"(private-key(dsa(p %b)(q %b)(g %b)(y %b)(x %b)))",
ntohl(p->size), p->string,
ntohl(q->size), q->string,
ntohl(g->size), g->string,
ntohl(y->size), y->string,
ntohl(x->size), x->string)) {
rc = 0;
}
error:
string_free(p);
string_free(q);
string_free(g);
string_free(y);
string_free(x);
string_free(v);
return rc;
}
/**
* Basic constraints - see https://tools.ietf.org/html/rfc5280#page-39
*/
static int x509_v3_basic_constraints(const uint8_t *cert, int offset,
X509_CTX *x509_ctx)
{
int ret = X509_OK;
int lenSeq = 0;
if ((offset = asn1_is_basic_constraints(cert, offset)) == 0)
goto end_contraints;
x509_ctx->basic_constraint_present = true;
x509_ctx->basic_constraint_is_critical =
asn1_is_critical_ext(cert, &offset);
/* Assign Defaults in case not specified
basic_constraint_cA will already by zero by virtue of the calloc */
x509_ctx->basic_constraint_cA = 0;
/* basic_constraint_pathLenConstraint is unlimited by default.
10000 is just a large number (limits.h is not already included) */
x509_ctx->basic_constraint_pathLenConstraint = 10000;
if ((asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0) ||
((lenSeq = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) < 0))
{
ret = X509_NOT_OK;
}
/* If the Sequence Length is greater than zero,
continue with the basic_constraint_cA */
if ((lenSeq>0)&&(asn1_get_bool(cert, &offset,
&x509_ctx->basic_constraint_cA) < 0))
{
ret = X509_NOT_OK;
}
/* If the Sequence Length is greater than 3, it has more content than
the basic_constraint_cA bool, so grab the pathLenConstraint */
if ((lenSeq>3) && (asn1_get_int(cert, &offset,
&x509_ctx->basic_constraint_pathLenConstraint) < 0))
{
ret = X509_NOT_OK;
}
end_contraints:
return ret;
}
/*
* Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
*/
int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
{
uint8_t *buf = ssl_obj->buf;
int len, offset = 0;
int iterations;
int ret = SSL_NOT_OK;
uint8_t *version = NULL;
const uint8_t *salt;
uint8_t *priv_key;
int uni_pass_len;
char *uni_pass = make_uni_pass(password, &uni_pass_len);
if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
{
#ifdef CONFIG_SSL_FULL_MODE
printf("Error: Invalid p8 ASN.1 file\n");
#endif
goto error;
}
/* unencrypted key? */
if (asn1_get_int(buf, &offset, &version) > 0 && *version == 0)
{
ret = p8_add_key(ssl_ctx, buf);
goto error;
}
if (get_pbe_params(buf, &offset, &salt, &iterations) < 0)
goto error;
if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
goto error;
priv_key = &buf[offset];
p8_decrypt(uni_pass, uni_pass_len, salt,
iterations, priv_key, len, PKCS12_KEY_ID);
ret = p8_add_key(ssl_ctx, priv_key);
error:
free(version);
free(uni_pass);
return ret;
}
/*
* Version ::= INTEGER { v1(0), v2(1) }
*/
static int x509_crl_get_version( unsigned char **p,
const unsigned char *end,
int *ver )
{
int ret;
if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
{
if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
{
*ver = 0;
return( 0 );
}
return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
}
return( 0 );
}
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
static svn_error_t *
x509_get_version(const unsigned char **p, const unsigned char *end, int *ver)
{
svn_error_t *err;
ptrdiff_t len;
/*
* As defined in the Basic Certificate fields:
* version [0] EXPLICIT Version DEFAULT v1,
* the version is the context specific tag 0.
*/
err = asn1_get_tag(p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0);
if (err)
{
if (err->apr_err == SVN_ERR_ASN1_UNEXPECTED_TAG)
{
svn_error_clear(err);
*ver = 0;
return SVN_NO_ERROR;
}
return svn_error_trace(err);
}
end = *p + len;
err = asn1_get_int(p, end, ver);
if (err)
return svn_error_create(SVN_ERR_X509_CERT_INVALID_VERSION, err, NULL);
if (*p != end)
{
err = svn_error_create(SVN_ERR_ASN1_LENGTH_MISMATCH, NULL, NULL);
return svn_error_create(SVN_ERR_X509_CERT_INVALID_VERSION, err, NULL);
}
return SVN_NO_ERROR;
}
/*
* Parse a PKCS#1 encoded private RSA key
*/
static int pk_parse_key_pkcs1_der( shrsa_t *shrsa,
const unsigned char *key,
size_t keylen )
{
int ret;
size_t len;
unsigned char *p, *end;
p = (unsigned char *) key;
end = p + keylen;
/*
* This function parses the RSAPrivateKey (PKCS#1)
*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
end = p + len;
if( ( ret = asn1_get_int( &p, end, &shrsa->ver ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
if( shrsa->ver != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
}
if( ( ret = asn1_get_shmpi( &p, end, &shrsa->N ) ) != 0 ||
( ret = asn1_get_shmpi( &p, end, &shrsa->E ) ) != 0 ||
( ret = asn1_get_shmpi( &p, end, &shrsa->D ) ) != 0 ||
( ret = asn1_get_shmpi( &p, end, &shrsa->P ) ) != 0 ||
( ret = asn1_get_shmpi( &p, end, &shrsa->Q ) ) != 0 ||
( ret = asn1_get_shmpi( &p, end, &shrsa->DP ) ) != 0 ||
( ret = asn1_get_shmpi( &p, end, &shrsa->DQ ) ) != 0 ||
( ret = asn1_get_shmpi( &p, end, &shrsa->QP ) ) != 0 )
{
shrsa_free( shrsa );
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
shrsa->len = shmpi_size( &shrsa->N );
if( p != end )
{
shrsa_free( shrsa );
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
if( ( ret = shrsa_check_privkey( shrsa ) ) != 0 )
{
shrsa_free( shrsa );
return( ret );
}
return( 0 );
}
static int b64decode_dsa_privatekey(const char *pkey, gcry_sexp_t *r, ssh_auth_callback cb,
void *userdata, const char *desc) {
const unsigned char *data;
ssh_buffer buffer = NULL;
ssh_string p = NULL;
ssh_string q = NULL;
ssh_string g = NULL;
ssh_string y = NULL;
ssh_string x = NULL;
ssh_string v = NULL;
int rc = 1;
buffer = privatekey_string_to_buffer(pkey, SSH_KEYTYPE_DSS, cb, userdata, desc);
if (buffer == NULL) {
return 0;
}
if (!asn1_check_sequence(buffer)) {
ssh_buffer_free(buffer);
return 0;
}
v = asn1_get_int(buffer);
if (v == NULL) {
ssh_buffer_free(buffer);
return 0;
}
data = ssh_string_data(v);
if (ssh_string_len(v) != 1 || data[0] != 0) {
ssh_buffer_free(buffer);
return 0;
}
p = asn1_get_int(buffer);
q = asn1_get_int(buffer);
g = asn1_get_int(buffer);
y = asn1_get_int(buffer);
x = asn1_get_int(buffer);
ssh_buffer_free(buffer);
if (p == NULL || q == NULL || g == NULL || y == NULL || x == NULL) {
rc = 0;
goto error;
}
if (gcry_sexp_build(r, NULL,
"(private-key(dsa(p %b)(q %b)(g %b)(y %b)(x %b)))",
ssh_string_len(p), ssh_string_data(p),
ssh_string_len(q), ssh_string_data(q),
ssh_string_len(g), ssh_string_data(g),
ssh_string_len(y), ssh_string_data(y),
ssh_string_len(x), ssh_string_data(x))) {
rc = 0;
}
error:
ssh_string_free(p);
ssh_string_free(q);
ssh_string_free(g);
ssh_string_free(y);
ssh_string_free(x);
ssh_string_free(v);
return rc;
}
static int b64decode_rsa_privatekey(const char *pkey, gcry_sexp_t *r,
ssh_auth_callback cb, void *userdata, const char *desc) {
const unsigned char *data;
ssh_string n = NULL;
ssh_string e = NULL;
ssh_string d = NULL;
ssh_string p = NULL;
ssh_string q = NULL;
ssh_string unused1 = NULL;
ssh_string unused2 = NULL;
ssh_string u = NULL;
ssh_string v = NULL;
ssh_buffer buffer = NULL;
int rc = 1;
buffer = privatekey_string_to_buffer(pkey, SSH_KEYTYPE_RSA, cb, userdata, desc);
if (buffer == NULL) {
return 0;
}
if (!asn1_check_sequence(buffer)) {
ssh_buffer_free(buffer);
return 0;
}
v = asn1_get_int(buffer);
if (v == NULL) {
ssh_buffer_free(buffer);
return 0;
}
data = ssh_string_data(v);
if (ssh_string_len(v) != 1 || data[0] != 0) {
ssh_buffer_free(buffer);
return 0;
}
n = asn1_get_int(buffer);
e = asn1_get_int(buffer);
d = asn1_get_int(buffer);
q = asn1_get_int(buffer);
p = asn1_get_int(buffer);
unused1 = asn1_get_int(buffer);
unused2 = asn1_get_int(buffer);
u = asn1_get_int(buffer);
ssh_buffer_free(buffer);
if (n == NULL || e == NULL || d == NULL || p == NULL || q == NULL ||
unused1 == NULL || unused2 == NULL|| u == NULL) {
rc = 0;
goto error;
}
if (gcry_sexp_build(r, NULL,
"(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
ssh_string_len(n), ssh_string_data(n),
ssh_string_len(e), ssh_string_data(e),
ssh_string_len(d), ssh_string_data(d),
ssh_string_len(p), ssh_string_data(p),
ssh_string_len(q), ssh_string_data(q),
ssh_string_len(u), ssh_string_data(u))) {
rc = 0;
}
error:
ssh_string_free(n);
ssh_string_free(e);
ssh_string_free(d);
ssh_string_free(p);
ssh_string_free(q);
ssh_string_free(unused1);
ssh_string_free(unused2);
ssh_string_free(u);
ssh_string_free(v);
return rc;
}
/*
* Parse a private RSA key
*/
int rsa_parse_key( rsa_context *rsa, unsigned char *buf, int buflen,
unsigned char *pwd, int pwdlen )
{
int ret, len, enc;
unsigned char *s1, *s2;
unsigned char *p, *end;
s1 = (unsigned char *) strstr( (char *) buf,
"-----BEGIN RSA PRIVATE KEY-----" );
if( s1 != NULL )
{
s2 = (unsigned char *) strstr( (char *) buf,
"-----END RSA PRIVATE KEY-----" );
if( s2 == NULL || s2 <= s1 )
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
s1 += 31;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
enc = 0;
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
len = 0;
ret = base64_decode( NULL, &len, s1, s2 - s1 );
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
return( 1 );
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
{
free( buf );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
}
buflen = len;
if( enc != 0 )
{
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
}
memset( rsa, 0, sizeof( rsa_context ) );
p = buf;
end = buf + buflen;
/*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
}
end = p + len;
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
}
if( rsa->ver != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION );
}
if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
}
rsa->len = mpi_size( &rsa->N );
if( p != end )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( ret );
}
if( s1 != NULL )
free( buf );
return( 0 );
}
/*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
* saltLength [2] INTEGER DEFAULT 20,
* trailerField [3] INTEGER DEFAULT 1 }
* -- Note that the tags in this Sequence are explicit.
*
* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
* option. Enfore this at parsing time.
*/
int x509_get_rsassa_pss_params( const x509_buf *params,
md_type_t *md_alg, md_type_t *mgf_md,
int *salt_len )
{
int ret;
unsigned char *p;
const unsigned char *end, *end2;
size_t len;
x509_buf alg_id, alg_params;
/* First set everything to defaults */
*md_alg = POLARSSL_MD_SHA1;
*mgf_md = POLARSSL_MD_SHA1;
*salt_len = 20;
/* Make sure params is a SEQUENCE and setup bounds */
if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
p = (unsigned char *) params->p;
end = p + params->len;
if( p == end )
return( 0 );
/*
* HashAlgorithm
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
{
end2 = p + len;
/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
return( ret );
if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* MaskGenAlgorithm
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
{
end2 = p + len;
/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
return( ret );
/* Only MFG1 is recognised for now */
if( ! OID_CMP( OID_MGF1, &alg_id ) )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
POLARSSL_ERR_OID_NOT_FOUND );
/* Parse HashAlgorithm */
if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
return( ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* salt_len
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2 ) ) == 0 )
{
end2 = p + len;
if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* trailer_field (if present, must be 1)
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
{
int trailer_field;
end2 = p + len;
if( ( ret = asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
if( trailer_field != 1 )
return( POLARSSL_ERR_X509_INVALID_ALG );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
/*
* Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
* and keys.
*/
int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
{
uint8_t *buf = ssl_obj->buf;
int len, iterations, auth_safes_start,
auth_safes_end, auth_safes_len, key_offset, offset = 0;
int all_certs = 0;
uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
uint8_t key[SHA1_SIZE];
uint8_t mac[SHA1_SIZE];
const uint8_t *salt;
int uni_pass_len, ret = SSL_OK;
char *uni_pass = make_uni_pass(password, &uni_pass_len);
static const uint8_t pkcs_data[] = /* pkc7 data */
{ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
{ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06 };
static const uint8_t pkcs8_key_bag[] = /* 1.2.840.113549.1.12.10.1.2 */
{ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02 };
if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0) {
#ifdef CONFIG_SSL_FULL_MODE
printf("Error: Invalid p12 ASN.1 file\n");
#endif
goto error;
}
if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3) {
ret = SSL_ERROR_INVALID_VERSION;
goto error;
}
/* remove all the boring pcks7 bits */
if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
len != sizeof(pkcs_data) ||
memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
goto error;
offset += len;
if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0)
goto error;
/* work out the MAC start/end points (done on AuthSafes) */
auth_safes_start = offset;
auth_safes_end = offset;
if (asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE) < 0)
goto error;
auth_safes_len = auth_safes_end - auth_safes_start;
auth_safes = malloc(auth_safes_len);
memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
(len != sizeof(pkcs_encrypted) ||
memcmp(&buf[offset], pkcs_encrypted, sizeof(pkcs_encrypted))))
goto error;
offset += len;
if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
len != sizeof(pkcs_data) ||
memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
goto error;
offset += len;
/* work out the salt for the certificate */
if (get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_IMPLICIT_TAG)) < 0)
goto error;
/* decrypt the certificate */
cert = &buf[offset];
if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert,
len, PKCS12_KEY_ID)) < 0)
goto error;
offset += len;
/* load the certificate */
key_offset = 0;
all_certs = asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE);
/* keep going until all certs are loaded */
while (key_offset < all_certs) {
int cert_offset = key_offset;
if (asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE) < 0 ||
asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
(len = asn1_next_obj(cert, &key_offset, ASN1_OCTET_STRING)) < 0)
goto error;
if ((ret = add_cert(ssl_ctx, &cert[key_offset], len)) < 0)
goto error;
key_offset = cert_offset;
}
if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
len != sizeof(pkcs_data) ||
memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
goto error;
offset += len;
if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
(len != sizeof(pkcs8_key_bag)) ||
memcmp(&buf[offset], pkcs8_key_bag, sizeof(pkcs8_key_bag)))
goto error;
offset += len;
/* work out the salt for the private key */
if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
goto error;
/* decrypt the private key */
cert = &buf[offset];
if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert,
len, PKCS12_KEY_ID)) < 0)
goto error;
offset += len;
/* load the private key */
if ((ret = p8_add_key(ssl_ctx, cert)) < 0)
goto error;
/* miss out on friendly name, local key id etc */
if (asn1_skip_obj(buf, &offset, ASN1_SET) < 0)
goto error;
/* work out the MAC */
if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
len != SHA1_SIZE)
goto error;
orig_mac = &buf[offset];
offset += len;
/* get the salt */
if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
goto error;
salt = &buf[offset];
/* work out what the mac should be */
if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations,
key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
goto error;
hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
if (memcmp(mac, orig_mac, SHA1_SIZE)) {
ret = SSL_ERROR_INVALID_HMAC;
goto error;
}
error:
free(version);
free(uni_pass);
free(auth_safes);
return ret;
}
/*
* Parse an unencrypted PKCS#8 encoded private key
*/
static int pk_parse_key_pkcs8_unencrypted_der(
pk_context *pk,
const unsigned char* key,
size_t keylen )
{
int ret, version;
size_t len;
asn1_buf params;
unsigned char *p = (unsigned char *) key;
unsigned char *end = p + keylen;
pk_type_t pk_alg = POLARSSL_PK_NONE;
const pk_info_t *pk_info;
/*
* This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
*
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
* privateKey PrivateKey,
* attributes [0] IMPLICIT Attributes OPTIONAL }
*
* Version ::= INTEGER
* PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
* PrivateKey ::= OCTET STRING
*
* The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
end = p + len;
if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( version != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_VERSION + ret );
if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( len < 1 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_OUT_OF_DATA );
if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
return( ret );
#if defined(POLARSSL_RSA_C)
if( pk_alg == POLARSSL_PK_RSA )
{
if( ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 )
{
pk_free( pk );
return( ret );
}
} else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH )
{
if( ( ret = pk_use_ecparams( ¶ms, &pk_ec( *pk )->grp ) ) != 0 ||
( ret = pk_parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 )
{
pk_free( pk );
return( ret );
}
} else
#endif /* POLARSSL_ECP_C */
return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
return( 0 );
}
/*
* Parse a SEC1 encoded private EC key
*/
static int pk_parse_key_sec1_der( ecp_keypair *eck,
const unsigned char *key,
size_t keylen )
{
int ret;
int version, pubkey_done;
size_t len;
asn1_buf params;
unsigned char *p = (unsigned char *) key;
unsigned char *end = p + keylen;
unsigned char *end2;
/*
* RFC 5915, or SEC1 Appendix C.4
*
* ECPrivateKey ::= SEQUENCE {
* version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
* privateKey OCTET STRING,
* parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
* publicKey [1] BIT STRING OPTIONAL
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
end = p + len;
if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( version != 1 )
return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( ( ret = shmpi_read_binary( &eck->d, p, len ) ) != 0 )
{
ecp_keypair_free( eck );
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
p += len;
pubkey_done = 0;
if( p != end )
{
/*
* Is 'parameters' present?
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
{
if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
{
ecp_keypair_free( eck );
return( ret );
}
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
{
ecp_keypair_free( eck );
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
/*
* Is 'publickey' present? If not, or if we can't read it (eg because it
* is compressed), create it from the private key.
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
{
end2 = p + len;
if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( p + len != end2 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
pubkey_done = 1;
else
{
/*
* The only acceptable failure mode of pk_get_ecpubkey() above
* is if the point format is not recognized.
*/
if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
}
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
{
ecp_keypair_free( eck );
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
}
if( ! pubkey_done &&
( ret = ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
NULL, NULL ) ) != 0 )
{
ecp_keypair_free( eck );
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
{
ecp_keypair_free( eck );
return( ret );
}
return( 0 );
}
/*
* X.509 v3 extensions (only BasicConstraints are parsed)
*/
static int x509_get_ext( unsigned char **p,
unsigned char *end,
x509_buf *ext,
int *ca_istrue,
int *max_pathlen )
{
int ret, len;
int is_critical = 1;
int is_cacert = 0;
unsigned char *end2;
if( *p == end )
return( 0 );
ext->tag = **p;
if( ( ret = asn1_get_tag( p, end, &ext->len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) != 0 )
{
if( ret == ERR_ASN1_UNEXPECTED_TAG )
return( 0 );
return( ret );
}
ext->p = *p;
end = *p + ext->len;
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*
* Extension ::= SEQUENCE {
* extnID OBJECT IDENTIFIER,
* critical BOOLEAN DEFAULT FALSE,
* extnValue OCTET STRING }
*/
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ERR_X509_CERT_INVALID_EXTENSIONS | ret );
if( end != *p + len )
return( ERR_X509_CERT_INVALID_EXTENSIONS |
ERR_ASN1_LENGTH_MISMATCH );
while( *p < end )
{
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ERR_X509_CERT_INVALID_EXTENSIONS | ret );
if( memcmp( *p, "\x06\x03\x55\x1D\x13", 5 ) != 0 )
{
*p += len;
continue;
}
*p += 5;
if( ( ret = asn1_get_bool( p, end, &is_critical ) ) != 0 &&
( ret != ERR_ASN1_UNEXPECTED_TAG ) )
return( ERR_X509_CERT_INVALID_EXTENSIONS | ret );
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_OCTET_STRING ) ) != 0 )
return( ERR_X509_CERT_INVALID_EXTENSIONS | ret );
/*
* BasicConstraints ::= SEQUENCE {
* cA BOOLEAN DEFAULT FALSE,
* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
*/
end2 = *p + len;
if( ( ret = asn1_get_tag( p, end2, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ERR_X509_CERT_INVALID_EXTENSIONS | ret );
if( *p == end2 )
continue;
if( ( ret = asn1_get_bool( p, end2, &is_cacert ) ) != 0 )
return( ERR_X509_CERT_INVALID_EXTENSIONS | ret );
if( *p == end2 )
continue;
if( ( ret = asn1_get_int( p, end2, max_pathlen ) ) != 0 )
return( ERR_X509_CERT_INVALID_EXTENSIONS | ret );
if( *p != end2 )
return( ERR_X509_CERT_INVALID_EXTENSIONS |
ERR_ASN1_LENGTH_MISMATCH );
max_pathlen++;
}
if( *p != end )
return( ERR_X509_CERT_INVALID_EXTENSIONS |
ERR_ASN1_LENGTH_MISMATCH );
*ca_istrue = is_critical & is_cacert;
return( 0 );
}
/*
* Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
* WARNING: the resulting group should only be used with
* pk_group_id_from_specified(), since its base point may not be set correctly
* if it was encoded compressed.
*
* SpecifiedECDomain ::= SEQUENCE {
* version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
* fieldID FieldID {{FieldTypes}},
* curve Curve,
* base ECPoint,
* order INTEGER,
* cofactor INTEGER OPTIONAL,
* hash HashAlgorithm OPTIONAL,
* ...
* }
*
* We only support prime-field as field type, and ignore hash and cofactor.
*/
static int pk_group_from_specified( const asn1_buf *params, ecp_group *grp )
{
int ret;
unsigned char *p = params->p;
const unsigned char * const end = params->p + params->len;
const unsigned char *end_field, *end_curve;
size_t len;
int ver;
/* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
if( ( ret = asn1_get_int( &p, end, &ver ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( ver < 1 || ver > 3 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
/*
* FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
* fieldType FIELD-ID.&id({IOSet}),
* parameters FIELD-ID.&Type({IOSet}{@fieldType})
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ret );
end_field = p + len;
/*
* FIELD-ID ::= TYPE-IDENTIFIER
* FieldTypes FIELD-ID ::= {
* { Prime-p IDENTIFIED BY prime-field } |
* { Characteristic-two IDENTIFIED BY characteristic-two-field }
* }
* prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
*/
if( ( ret = asn1_get_tag( &p, end_field, &len, ASN1_OID ) ) != 0 )
return( ret );
if( len != OID_SIZE( OID_ANSI_X9_62_PRIME_FIELD ) ||
memcmp( p, OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
{
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
}
p += len;
/* Prime-p ::= INTEGER -- Field of size p. */
if( ( ret = asn1_get_shmpi( &p, end_field, &grp->P ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
grp->pbits = shmpi_msb( &grp->P );
if( p != end_field )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
/*
* Curve ::= SEQUENCE {
* a FieldElement,
* b FieldElement,
* seed BIT STRING OPTIONAL
* -- Shall be present if used in SpecifiedECDomain
* -- with version equal to ecdpVer2 or ecdpVer3
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ret );
end_curve = p + len;
/*
* FieldElement ::= OCTET STRING
* containing an integer in the case of a prime field
*/
if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
( ret = shmpi_read_binary( &grp->A, p, len ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
p += len;
if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
( ret = shmpi_read_binary( &grp->B, p, len ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
p += len;
/* Ignore seed BIT STRING OPTIONAL */
if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_BIT_STRING ) ) == 0 )
p += len;
if( p != end_curve )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
/*
* ECPoint ::= OCTET STRING
*/
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( ( ret = ecp_point_read_binary( grp, &grp->G,
( const unsigned char *) p, len ) ) != 0 )
{
/*
* If we can't read the point because it's compressed, cheat by
* reading only the X coordinate and the parity bit of Y.
*/
if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE ||
( p[0] != 0x02 && p[0] != 0x03 ) ||
len != shmpi_size( &grp->P ) + 1 ||
shmpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
shmpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
shmpi_lset( &grp->G.Z, 1 ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
}
}
p += len;
/*
* order INTEGER
*/
if( ( ret = asn1_get_shmpi( &p, end, &grp->N ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
grp->nbits = shmpi_msb( &grp->N );
/*
* Allow optional elements by purposefully not enforcing p == end here.
*/
return( 0 );
}
static int pkcs5_parse_pbkdf2_params( unsigned char **p,
const unsigned char *end,
asn1_buf *salt, int *iterations,
int *keylen, md_type_t *md_type )
{
int ret;
size_t len = 0;
asn1_buf prf_alg_oid;
/*
* PBKDF2-params ::= SEQUENCE {
* salt OCTET STRING,
* iterationCount INTEGER,
* keyLength INTEGER OPTIONAL
* prf AlgorithmIdentifier DEFAULT algid-hmacWithSHA1
* }
*
*/
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
}
end = *p + len;
if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
salt->p = *p;
*p += salt->len;
if( ( ret = asn1_get_int( p, end, iterations ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
if( *p == end )
return( 0 );
if( ( ret = asn1_get_int( p, end, keylen ) ) != 0 )
{
if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
}
if( *p == end )
return( 0 );
if( ( ret = asn1_get_tag( p, end, &prf_alg_oid.len, ASN1_OID ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
if( !OID_CMP( OID_HMAC_SHA1, &prf_alg_oid ) )
return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
*md_type = POLARSSL_MD_SHA1;
if( *p != end )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
static int read_rsa_privatekey(FILE *fp, gcry_sexp_t *r,
ssh_auth_callback cb, void *userdata, const char *desc) {
ssh_string n = NULL;
ssh_string e = NULL;
ssh_string d = NULL;
ssh_string p = NULL;
ssh_string q = NULL;
ssh_string unused1 = NULL;
ssh_string unused2 = NULL;
ssh_string u = NULL;
ssh_string v = NULL;
ssh_buffer buffer = NULL;
int rc = 1;
buffer = privatekey_file_to_buffer(fp, TYPE_RSA, cb, userdata, desc);
if (buffer == NULL) {
return 0;
}
if (!asn1_check_sequence(buffer)) {
buffer_free(buffer);
return 0;
}
v = asn1_get_int(buffer);
if (ntohl(v->size) != 1 || v->string[0] != 0) {
buffer_free(buffer);
return 0;
}
n = asn1_get_int(buffer);
e = asn1_get_int(buffer);
d = asn1_get_int(buffer);
q = asn1_get_int(buffer);
p = asn1_get_int(buffer);
unused1 = asn1_get_int(buffer);
unused2 = asn1_get_int(buffer);
u = asn1_get_int(buffer);
buffer_free(buffer);
if (n == NULL || e == NULL || d == NULL || p == NULL || q == NULL ||
unused1 == NULL || unused2 == NULL|| u == NULL) {
rc = 0;
goto error;
}
if (gcry_sexp_build(r, NULL,
"(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
ntohl(n->size), n->string,
ntohl(e->size), e->string,
ntohl(d->size), d->string,
ntohl(p->size), p->string,
ntohl(q->size), q->string,
ntohl(u->size), u->string)) {
rc = 0;
}
error:
string_free(n);
string_free(e);
string_free(d);
string_free(p);
string_free(q);
string_free(unused1);
string_free(unused2);
string_free(u);
string_free(v);
return rc;
}
