static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, int depth, int indent, int dump) { const unsigned char *p, *ep, *tot, *op, *opp; long len; int tag, xclass, ret = 0; int nl, hl, j, r; ASN1_OBJECT *o = NULL; ASN1_OCTET_STRING *os = NULL; /* ASN1_BMPSTRING *bmp=NULL; */ int dump_indent, dump_cont = 0; if (depth > ASN1_PARSE_MAXDEPTH) { BIO_puts(bp, "BAD RECURSION DEPTH\n"); return 0; } dump_indent = 6; /* Because we know BIO_dump_indent() */ p = *pp; tot = p + length; while (length > 0) { op = p; j = ASN1_get_object(&p, &len, &tag, &xclass, length); if (j & 0x80) { if (BIO_write(bp, "Error in encoding\n", 18) <= 0) goto end; ret = 0; goto end; } hl = (p - op); length -= hl; /* * if j == 0x21 it is a constructed indefinite length object */ if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp)) <= 0) goto end; if (j != (V_ASN1_CONSTRUCTED | 1)) { if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ", depth, (long)hl, len) <= 0) goto end; } else { if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", depth, (long)hl) <= 0) goto end; } if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) goto end; if (j & V_ASN1_CONSTRUCTED) { const unsigned char *sp = p; ep = p + len; if (BIO_write(bp, "\n", 1) <= 0) goto end; if (len > length) { BIO_printf(bp, "length is greater than %ld\n", length); ret = 0; goto end; } if ((j == 0x21) && (len == 0)) { for (;;) { r = asn1_parse2(bp, &p, (long)(tot - p), offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } if ((r == 2) || (p >= tot)) { len = p - sp; break; } } } else { long tmp = len; while (p < ep) { sp = p; r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } tmp -= p - sp; } } } else if (xclass != 0) { p += len; if (BIO_write(bp, "\n", 1) <= 0) goto end; } else { nl = 0; if ((tag == V_ASN1_PRINTABLESTRING) || (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || (tag == V_ASN1_NUMERICSTRING) || (tag == V_ASN1_UTF8STRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { if (BIO_write(bp, ":", 1) <= 0) goto end; if ((len > 0) && BIO_write(bp, (const char *)p, (int)len) != (int)len) goto end; } else if (tag == V_ASN1_OBJECT) { opp = op; if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; i2a_ASN1_OBJECT(bp, o); } else { if (BIO_puts(bp, ":BAD OBJECT") <= 0) goto end; dump_cont = 1; } } else if (tag == V_ASN1_BOOLEAN) { if (len != 1) { if (BIO_puts(bp, ":BAD BOOLEAN") <= 0) goto end; dump_cont = 1; } if (len > 0) BIO_printf(bp, ":%u", p[0]); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { int i, printable = 1; opp = op; os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl); if (os != NULL && os->length > 0) { opp = os->data; /* * testing whether the octet string is printable */ for (i = 0; i < os->length; i++) { if (((opp[i] < ' ') && (opp[i] != '\n') && (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) { printable = 0; break; } } if (printable) /* printable string */ { if (BIO_write(bp, ":", 1) <= 0) goto end; if (BIO_write(bp, (const char *)opp, os->length) <= 0) goto end; } else if (!dump) /* * not printable => print octet string as hex dump */ { if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0) goto end; for (i = 0; i < os->length; i++) { if (BIO_printf(bp, "%02X", opp[i]) <= 0) goto end; } } else /* print the normal dump */ { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } if (BIO_dump_indent(bp, (const char *)opp, ((dump == -1 || dump > os-> length) ? os->length : dump), dump_indent) <= 0) goto end; nl = 1; } } ASN1_OCTET_STRING_free(os); os = NULL; } else if (tag == V_ASN1_INTEGER) { ASN1_INTEGER *bs; int i; opp = op; bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); if (bs != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; if (bs->type == V_ASN1_NEG_INTEGER) if (BIO_write(bp, "-", 1) <= 0) goto end; for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } } else { if (BIO_puts(bp, ":BAD INTEGER") <= 0) goto end; dump_cont = 1; } ASN1_INTEGER_free(bs); } else if (tag == V_ASN1_ENUMERATED) { ASN1_ENUMERATED *bs; int i; opp = op; bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); if (bs != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) if (BIO_write(bp, "-", 1) <= 0) goto end; for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } } else { if (BIO_puts(bp, ":BAD ENUMERATED") <= 0) goto end; dump_cont = 1; } ASN1_ENUMERATED_free(bs); } else if (len > 0 && dump) { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } if (BIO_dump_indent(bp, (const char *)p, ((dump == -1 || dump > len) ? len : dump), dump_indent) <= 0) goto end; nl = 1; } if (dump_cont) { int i; const unsigned char *tmp = op + hl; if (BIO_puts(bp, ":[") <= 0) goto end; for (i = 0; i < len; i++) { if (BIO_printf(bp, "%02X", tmp[i]) <= 0) goto end; } if (BIO_puts(bp, "]") <= 0) goto end; } if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } p += len; if ((tag == V_ASN1_EOC) && (xclass == 0)) { ret = 2; /* End of sequence */ goto end; } } length -= len; } ret = 1; end: ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); *pp = p; return (ret); }
int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump) { return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump)); }
int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) { return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0)); }
static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, int depth, int indent, int dump) { unsigned char *p,*ep,*tot,*op,*opp; long len; int tag,xclass,ret=0; int nl,hl,j,r; ASN1_OBJECT *o=NULL; ASN1_OCTET_STRING *os=NULL; /* ASN1_BMPSTRING *bmp=NULL;*/ int dump_indent; #if 0 dump_indent = indent; #else dump_indent = 6; /* Because we know BIO_dump_indent() */ #endif p= *pp; tot=p+length; op=p-1; while ((p < tot) && (op < p)) { op=p; j=ASN1_get_object(&p,&len,&tag,&xclass,length); #ifdef LINT j=j; #endif if (j & 0x80) { if (BIO_write(bp,"Error in encoding\n",18) <= 0) goto end; ret=0; goto end; } hl=(p-op); length-=hl; /* if j == 0x21 it is a constructed indefinite length object */ if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp)) <= 0) goto end; if (j != (V_ASN1_CONSTRUCTED | 1)) { if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ", depth,(long)hl,len) <= 0) goto end; } else { if (BIO_printf(bp,"d=%-2d hl=%ld l=inf ", depth,(long)hl) <= 0) goto end; } if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0)) goto end; if (j & V_ASN1_CONSTRUCTED) { ep=p+len; if (BIO_write(bp,"\n",1) <= 0) goto end; if (len > length) { BIO_printf(bp, "length is greater than %ld\n",length); ret=0; goto end; } if ((j == 0x21) && (len == 0)) { for (;;) { r=asn1_parse2(bp,&p,(long)(tot-p), offset+(p - *pp),depth+1, indent,dump); if (r == 0) { ret=0; goto end; } if ((r == 2) || (p >= tot)) break; } } else while (p < ep) { r=asn1_parse2(bp,&p,(long)len, offset+(p - *pp),depth+1, indent,dump); if (r == 0) { ret=0; goto end; } } } else if (xclass != 0) { p+=len; if (BIO_write(bp,"\n",1) <= 0) goto end; } else { nl=0; if ( (tag == V_ASN1_PRINTABLESTRING) || (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { if (BIO_write(bp,":",1) <= 0) goto end; if ((len > 0) && BIO_write(bp,(char *)p,(int)len) != (int)len) goto end; } else if (tag == V_ASN1_OBJECT) { opp=op; if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) { if (BIO_write(bp,":",1) <= 0) goto end; i2a_ASN1_OBJECT(bp,o); } else { if (BIO_write(bp,":BAD OBJECT",11) <= 0) goto end; } } else if (tag == V_ASN1_BOOLEAN) { int ii; opp=op; ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); if (ii < 0) { if (BIO_write(bp,"Bad boolean\n",12)) goto end; } BIO_printf(bp,":%d",ii); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { int i,printable=1; opp=op; os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); if (os != NULL) { opp=os->data; for (i=0; i<os->length; i++) { if (( (opp[i] < ' ') && (opp[i] != '\n') && (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) { printable=0; break; } } if (printable && (os->length > 0)) { if (BIO_write(bp,":",1) <= 0) goto end; if (BIO_write(bp,(char *)opp, os->length) <= 0) goto end; } if (!printable && (os->length > 0) && dump) { if (!nl) { if (BIO_write(bp,"\n",1) <= 0) goto end; } if (BIO_dump_indent(bp,(char *)opp, ((dump == -1 || dump > os->length)?os->length:dump), dump_indent) <= 0) goto end; nl=1; } M_ASN1_OCTET_STRING_free(os); os=NULL; } } else if (tag == V_ASN1_INTEGER) { ASN1_INTEGER *bs; int i; opp=op; bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); if (bs != NULL) { if (BIO_write(bp,":",1) <= 0) goto end; if (bs->type == V_ASN1_NEG_INTEGER) if (BIO_write(bp,"-",1) <= 0) goto end; for (i=0; i<bs->length; i++) { if (BIO_printf(bp,"%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp,"00",2) <= 0) goto end; } } else { if (BIO_write(bp,"BAD INTEGER",11) <= 0) goto end; } M_ASN1_INTEGER_free(bs); } else if (tag == V_ASN1_ENUMERATED) { ASN1_ENUMERATED *bs; int i; opp=op; bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); if (bs != NULL) { if (BIO_write(bp,":",1) <= 0) goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) if (BIO_write(bp,"-",1) <= 0) goto end; for (i=0; i<bs->length; i++) { if (BIO_printf(bp,"%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp,"00",2) <= 0) goto end; } } else { if (BIO_write(bp,"BAD ENUMERATED",11) <= 0) goto end; } M_ASN1_ENUMERATED_free(bs); } else if (len > 0 && dump) { if (!nl) { if (BIO_write(bp,"\n",1) <= 0) goto end; } if (BIO_dump_indent(bp,(char *)p, ((dump == -1 || dump > len)?len:dump), dump_indent) <= 0) goto end; nl=1; } if (!nl) { if (BIO_write(bp,"\n",1) <= 0) goto end; } p+=len; if ((tag == V_ASN1_EOC) && (xclass == 0)) { ret=2; /* End of sequence */ goto end; } } length-=len; } ret=1; end: if (o != NULL) ASN1_OBJECT_free(o); if (os != NULL) M_ASN1_OCTET_STRING_free(os); *pp=p; return(ret); }
static int asn1_parse2(const unsigned char **pp, long length, long offset, int depth) { const unsigned char *p, *ep, *tot, *op; long len, hl; int j, tag, xclass, r, ret = 0; p = *pp; tot = p + length; op = p - 1; while (p < tot && op < p) { op = p; j = ASN1_get_object(&p, &len, &tag, &xclass, length); if (j & 0x80) { XLOG(0, "Error in encoding\n"); goto end; } hl = p - op; length -= hl; /* if j == 0x21 it is a constructed indefinite length object */ if (j & V_ASN1_CONSTRUCTED) { ep = p + len; if (len > length) { XLOG(0, "length is greater than %ld\n", length); goto end; } if (j == 0x21 && len == 0) { for (;;) { r = asn1_parse2(&p, tot - p, offset + (p - *pp), depth + 1); if (r == 0) { goto end; } if (r == 2 || p >= tot) { break; } } } else { if (depth == 1 && !xclass && tag == V_ASN1_SET) save_tuple(&theset, op, hl + len); if (depth == 1 && (xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) save_tuple(&apcert, p, len); while (p < ep) { r = asn1_parse2(&p, len, offset + (p - *pp), depth + 1); if (r == 0) { goto end; } } } } else if (xclass != 0) { if (show_cont(xclass, op + hl, len)) goto end; p += len; } else { /* DECODE HERE */ if (depth == 1 && tag == V_ASN1_OCTET_STRING) save_tuple(&rsasig, p, len); /* DECODE HERE */ p += len; if (tag == V_ASN1_EOC && xclass == 0) { ret = 2; /* End of sequence */ goto end; } } length -= len; } ret = 1; end: if (!ret) { free(contarray); contarray = NULL; } *pp = p; return ret; }
int main(int argc, char* argv[]) { init_libxpwn(&argc, argv); OutputState *outputState; size_t fileLength; AbstractFile *signFile; Dictionary *signDict = NULL; DataValue *ticket; Dictionary *dict; AbstractFile *manifestFile; Dictionary* manifest; struct component_t *array; char *plist; int i, j, n; int rv, error = 0; X509 *x0, *y1, *y2; uint64_t savecid = 0; const unsigned char *p; int verbose = FALSE; int fromzip = FALSE; if (argc < 3) { XLOG(0, "usage %s file.shsh BuildManifest.plist [-v] [-z]\n", argv[0]); return 0; } for (i = 3; i < argc; i++) { if (!strcmp(argv[i], "-v")) { verbose = TRUE; continue; } if (!strcmp(argv[i], "-z")) { fromzip = TRUE; continue; } } // XXX handle gzip/bplist files signFile = createAbstractFileFromFile(fopen(argv[1], "rb")); if (!signFile) { XLOG(0, "FATAL: cannot open %s\n", argv[1]); exit(1); } fileLength = signFile->getLength(signFile); plist = malloc(fileLength); signFile->read(signFile, plist, fileLength); signFile->close(signFile); signDict = createRoot(plist); free(plist); if (!signDict) { XLOG(0, "FATAL: cannot parse %s\n", argv[1]); exit(1); } MaxLoadZipSize = 128 * 1024; if (fromzip) { outputState = loadZip2(argv[2], TRUE); // XXX ASSERT manifestFile = getFileFromOutputState(&outputState, "BuildManifest.plist"); } else { outputState = NULL; manifestFile = createAbstractFileFromFile(fopen(argv[2], "rb")); } if (!manifestFile) { XLOG(0, "FATAL: cannot open %s\n", argv[2]); exit(1); } fileLength = manifestFile->getLength(manifestFile); plist = malloc(fileLength); manifestFile->read(manifestFile, plist, fileLength); manifestFile->close(manifestFile); manifest = createRoot(plist); free(plist); if (!manifest) { XLOG(0, "FATAL: cannot parse %s\n", argv[2]); exit(1); } releaseOutput(&outputState); array = parseManifest(manifest, &n); if (!array) { XLOG(0, "FATAL: cannot parse manifest\n"); exit(1); } OPENSSL_add_all_algorithms_noconf(); p = cerb; x0 = d2i_X509(NULL, &p, cerb_len); if (!x0) { XLOG(0, "FATAL: cannot load root CA\n"); exit(1); } ticket = (DataValue *)getValueByKey(signDict, "APTicket"); if (ticket) { p = ticket->value; rv = asn1_parse2(&p, ticket->len, 0, 0); if (!rv || !apcert.value || !rsasig.value || !theset.value) { XLOG(0, "FATAL: cannot parse ticket\n"); exit(1); } if (clen > 0 && contarray->len == 8) { savecid = getECID(contarray->value); } if (!savecid) { printf("ERROR: bad, bad ECID\n"); error = 1; } rv = extract2Certs(apcert.value, apcert.len, &y1, &y2); if (rv == 0) { rv = cryptoMagic(x0, y1, y2, theset.value, theset.len, (unsigned char *)rsasig.value, rsasig.len, NULL); X509_free(y1); X509_free(y2); } if (rv) { printf("ERROR: APTicket failed crypto\n"); error = 1; } } else { VERBOSE("WARNING: cannot find ticket in %s\n", argv[1]); } dict = (Dictionary *)signDict->values; while (dict) { DataValue *blob = NULL; DataValue *partialDigest = NULL; if (dict->dValue.type == DictionaryType) { blob = (DataValue *)getValueByKey(dict, "Blob"); partialDigest = (DataValue *)getValueByKey(dict, "PartialDigest"); } if (blob && partialDigest) { const char *diag = checkBlob(x0, blob, partialDigest, &savecid); if (diag) { printf("ERROR: Blob for %s is invalid (%s)\n", dict->dValue.key, diag); error = 1; } else { for (i = 0; i < n; i++) { struct component_t *centry = array + i; if (centry->partial && partialDigest->len == centry->partial->len && !memcmp(partialDigest->value, centry->partial->value, partialDigest->len)) { array[i].blob = blob; } } } } dict = (Dictionary *)dict->dValue.next; } if (!ticket && !savecid) { printf("ERROR: bad, bad ECID\n"); error = 1; } for (i = 0; i < n; i++) { struct component_t *centry = array + i; int found = FALSE; for (j = 0; j < clen; j++) { struct tuple_t *tentry = contarray + j; if (tentry->len == centry->digest->len && !memcmp(tentry->value, centry->digest->value, tentry->len)) { found = TRUE; } } if (!found) { if (centry->blob) { VERBOSE("WARNING: no digest for %s (%s), but it has blob\n", centry->key, centry->path); } else if (!centry->required) { VERBOSE("WARNING: no digest for %s (%s), but it is not critical\n", centry->key, centry->path); } else { printf("ERROR: no digest for %s (%s) and no blob found\n", centry->key, centry->path); error = 1; } } else { VERBOSE("INFO: %s (%s) is signed by APTicket%s\n", centry->key, centry->path, centry->blob ? " and blob" : ""); } } free(array); free(contarray); releaseDictionary(manifest); releaseDictionary(signDict); if (error) { printf("%s is BROKEN\n", argv[1]); } else { printf("%s seems usable for ECID 0x%016llX\n", argv[1], savecid); } X509_free(x0); EVP_cleanup(); ERR_remove_state(0); CRYPTO_cleanup_all_ex_data(); return error; }