mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len ) { mbedtls_asn1_named_data *cur; if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) { // Add new entry if not present yet based on OID // cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ); if( cur == NULL ) return( NULL ); cur->oid.len = oid_len; cur->oid.p = mbedtls_calloc( 1, oid_len ); if( cur->oid.p == NULL ) { mbedtls_free( cur ); return( NULL ); } memcpy( cur->oid.p, oid, oid_len ); cur->val.len = val_len; cur->val.p = mbedtls_calloc( 1, val_len ); if( cur->val.p == NULL ) { mbedtls_free( cur->oid.p ); mbedtls_free( cur ); return( NULL ); } cur->next = *head; *head = cur; } else if( cur->val.len < val_len ) { /* * Enlarge existing value buffer if needed * Preserve old data until the allocation succeeded, to leave list in * a consistent state in case allocation fails. */ void *p = mbedtls_calloc( 1, val_len ); if( p == NULL ) return( NULL ); mbedtls_free( cur->val.p ); cur->val.p = p; cur->val.len = val_len; } if( val != NULL ) memcpy( cur->val.p, val, val_len ); return( cur ); }
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len ) { mbedtls_asn1_named_data *cur; if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) { // Add new entry if not present yet based on OID // if ((cur = (mbedtls_asn1_named_data *)mbedtls_calloc(1, sizeof(mbedtls_asn1_named_data))) == NULL) return( NULL ); cur->oid.len = oid_len; cur->oid.p = (unsigned char*)mbedtls_calloc( 1, oid_len ); if( cur->oid.p == NULL ) { mbedtls_free( cur ); return( NULL ); } memcpy( cur->oid.p, oid, oid_len ); cur->val.len = val_len; cur->val.p = (unsigned char*)mbedtls_calloc(1, val_len); if( cur->val.p == NULL ) { mbedtls_free( cur->oid.p ); mbedtls_free( cur ); return( NULL ); } cur->next = *head; *head = cur; } else if( cur->val.len < val_len ) { // Enlarge existing value buffer if needed // mbedtls_free( cur->val.p ); cur->val.p = NULL; cur->val.len = val_len; cur->val.p = (unsigned char*)mbedtls_calloc(1, val_len); if( cur->val.p == NULL ) { mbedtls_free( cur->oid.p ); mbedtls_free( cur ); return( NULL ); } } if( val != NULL ) memcpy( cur->val.p, val, val_len ); return( cur ); }
/* * Name ::= CHOICE { -- only one possibility for now -- * rdnSequence RDNSequence } * * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName * * RelativeDistinguishedName ::= * SET OF AttributeTypeAndValue * * AttributeTypeAndValue ::= SEQUENCE { * type AttributeType, * value AttributeValue } * * AttributeType ::= OBJECT IDENTIFIER * * AttributeValue ::= ANY DEFINED BY AttributeType * * The data structure is optimized for the common case where each RDN has only * one element, which is represented as a list of AttributeTypeAndValue. * For the general case we still use a flat list, but we mark elements of the * same set so that they are "merged" together in the functions that consume * this list, eg mbedtls_x509_dn_gets(). */ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur ) { int ret; size_t set_len; const unsigned char *end_set; /* don't use recursion, we'd risk stack overflow if not optimized */ while( 1 ) { /* * parse SET */ if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); end_set = *p + set_len; while( 1 ) { if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 ) return( ret ); if( *p == end_set ) break; /* Mark this item as being no the only one in a set */ cur->next_merged = 1; cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); if( cur->next == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); cur = cur->next; } /* * continue until end of SEQUENCE is reached */ if( *p == end ) return( 0 ); cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); if( cur->next == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); cur = cur->next; } }
static void *pk_opaque_alloc_wrap( void ) { void *ctx = mbedtls_calloc( 1, sizeof( psa_key_slot_t ) ); /* no _init() function to call, an calloc() already zeroized */ return( ctx ); }
static void *md2_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) ); if( ctx != NULL ) mbedtls_md2_init( (mbedtls_md2_context *) ctx ); return( ctx ); }
static void *sha384_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1 * sizeof( mbedtls_sha512_context ) ); if( ctx != NULL ) mbedtls_sha512_init( (mbedtls_sha512_context *) ctx ); return( ctx ); }
static void *ripemd160_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1 * sizeof( mbedtls_ripemd160_context ) ); if( ctx != NULL ) mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx ); return( ctx ); }
static void *ecdsa_rs_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) ); if( ctx != NULL ) mbedtls_ecdsa_restart_init( ctx ); return( ctx ); }
/* * X.509 CRL Entries */ static int x509_get_entries(unsigned char **p, const unsigned char *end, mbedtls_x509_crl_entry *entry) { int ret; size_t entry_len; mbedtls_x509_crl_entry *cur_entry = entry; if (*p == end) return (0); if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) return (0); return (ret); } end = *p + entry_len; while (*p < end) { size_t len2; const unsigned char *end2; if ((ret = mbedtls_asn1_get_tag(p, end, &len2, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { return (ret); } cur_entry->raw.tag = **p; cur_entry->raw.p = *p; cur_entry->raw.len = len2; end2 = *p + len2; if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) return (ret); if ((ret = mbedtls_x509_get_time(p, end2, &cur_entry->revocation_date)) != 0) return (ret); if ((ret = x509_get_crl_entry_ext(p, end2, &cur_entry->entry_ext)) != 0) return (ret); if (*p < end) { cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry)); if (cur_entry->next == NULL) return (MBEDTLS_ERR_X509_ALLOC_FAILED); cur_entry = cur_entry->next; } } return (0); }
static void *rsa_alt_alloc_wrap( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); if( ctx != NULL ) memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); return( ctx ); }
static void *ecdsa_alloc_wrap( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); if( ctx != NULL ) mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx ); return( ctx ); }
static void *eckey_alloc_wrap( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); if( ctx != NULL ) mbedtls_ecp_keypair_init( ctx ); return( ctx ); }
static void * aes_ctx_alloc( void ) { mbedtls_aes_context *aes = mbedtls_calloc( 1 * sizeof( mbedtls_aes_context ) ); if( aes == NULL ) return( NULL ); mbedtls_aes_init( aes ); return( aes ); }
static void * des_ctx_alloc( void ) { mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) ); if( des == NULL ) return( NULL ); mbedtls_des_init( des ); return( des ); }
static void * camellia_ctx_alloc( void ) { mbedtls_camellia_context *ctx; ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) ); if( ctx == NULL ) return( NULL ); mbedtls_camellia_init( ctx ); return( ctx ); }
static void * arc4_ctx_alloc( void ) { mbedtls_arc4_context *ctx; ctx = mbedtls_calloc( 1 * sizeof( mbedtls_arc4_context ) ); if( ctx == NULL ) return( NULL ); mbedtls_arc4_init( ctx ); return( ctx ); }
static void * des3_ctx_alloc( void ) { mbedtls_des3_context *des3; des3 = mbedtls_calloc( 1 * sizeof( mbedtls_des3_context ) ); if( des3 == NULL ) return( NULL ); mbedtls_des3_init( des3 ); return( des3 ); }
/* * Parses and splits an ASN.1 "SEQUENCE OF <tag>" */ int mbedtls_asn1_get_sequence_of( unsigned char **p, const unsigned char *end, mbedtls_asn1_sequence *cur, int tag) { int ret; size_t len; mbedtls_asn1_buf *buf; /* Get main sequence tag */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) return( ret ); if( *p + len != end ) return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); while( *p < end ) { buf = &(cur->buf); buf->tag = **p; if( ( ret = mbedtls_asn1_get_tag( p, end, &buf->len, tag ) ) != 0 ) return( ret ); buf->p = *p; *p += buf->len; /* Allocate and assign next pointer */ if( *p < end ) { cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); if( cur->next == NULL ) return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); cur = cur->next; } } /* Set final sequence entry's next pointer to NULL */ cur->next = NULL; if( *p != end ) return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); return( 0 ); }
static void *eckey_rs_alloc( void ) { eckey_restart_ctx *rs_ctx; void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) ); if( ctx != NULL ) { rs_ctx = ctx; mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs ); mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx ); } return( ctx ); }
/* * Get signature algorithm from alg OID and optional parameters */ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts ) { int ret; if( *sig_opts != NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret ); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( *pk_alg == MBEDTLS_PK_RSASSA_PSS ) { mbedtls_pk_rsassa_pss_options *pss_opts; pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) ); if( pss_opts == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); ret = mbedtls_x509_get_rsassa_pss_params( sig_params, md_alg, &pss_opts->mgf1_hash_id, &pss_opts->expected_salt_len ); if( ret != 0 ) { mbedtls_free( pss_opts ); return( ret ); } *sig_opts = (void *) pss_opts; } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ { /* Make sure parameters are absent or NULL */ if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) || sig_params->len != 0 ) return( MBEDTLS_ERR_X509_INVALID_ALG ); } return( 0 ); }
/* * Load all data from a file into a given buffer. * * The file is expected to contain either PEM or DER encoded data. * A terminating null byte is always appended. It is included in the announced * length only if the data looks like it is PEM encoded. */ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) { FILE *f; long size; if( ( f = fopen( path, "rb" ) ) == NULL ) return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); fseek( f, 0, SEEK_END ); if( ( size = ftell( f ) ) == -1 ) { fclose( f ); return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); } fseek( f, 0, SEEK_SET ); *n = (size_t) size; if( *n + 1 == 0 || ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) { fclose( f ); return( MBEDTLS_ERR_PK_ALLOC_FAILED ); } if( fread( *buf, 1, *n, f ) != *n ) { fclose( f ); mbedtls_free( *buf ); return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); } fclose( f ); (*buf)[*n] = '\0'; if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) ++*n; return( 0 ); }
/* * Load all data from a file into a given buffer. */ static int load_file( const char *path, unsigned char **buf, size_t *n ) { FILE *f; long size; if( ( f = fopen( path, "rb" ) ) == NULL ) return( -1 ); fseek( f, 0, SEEK_END ); if( ( size = ftell( f ) ) == -1 ) { fclose( f ); return( -1 ); } fseek( f, 0, SEEK_SET ); *n = (size_t) size; if( *n + 1 == 0 || ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) { fclose( f ); return( -1 ); } if( fread( *buf, 1, *n, f ) != *n ) { fclose( f ); free( *buf ); *buf = NULL; return( -1 ); } fclose( f ); (*buf)[*n] = '\0'; return( 0 ); }
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ) { if( md_info == NULL || ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL ) return( MBEDTLS_ERR_MD_ALLOC_FAILED ); if( hmac != 0 ) { ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size ); if( ctx->hmac_ctx == NULL ) { md_info->ctx_free_func( ctx->md_ctx ); return( MBEDTLS_ERR_MD_ALLOC_FAILED ); } } ctx->md_info = md_info; return( 0 ); }
mbedtls_x509_crt *load_cert_file( const char *ca_file, const char *certfile ) { int ret = 0; unsigned char buf[1024]; mbedtls_net_context server_fd; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; mbedtls_x509_crt *cur; mbedtls_x509_crt *cert; mbedtls_pk_context pkey; int i; uint32_t flags; int verify = 0; char *p, *q; /* * Set to sane values */ cert = (mbedtls_x509_crt *)mbedtls_calloc(1, sizeof(*cert)); cur = cert; mbedtls_x509_crt_init( cert ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_x509_crt_init( &cacert ); /* Zeroize structure as CRL parsing is not supported and we have to pass it to the verify function */ mbedtls_pk_init( &pkey ); /* * 1.1. Load the trusted CA */ mbedtls_printf( " . Loading the CA root certificate ..." ); fflush( stdout ); ret = mbedtls_x509_crt_parse_file( &cacert, ca_file ); if( ret < 0 ) { fprintf(stderr, " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); return NULL; } mbedtls_printf( " ok (%d skipped)\n", ret ); /* * 1.1. Load the certificate(s) */ printf( "\n . Loading the certificate at: %s ...", certfile); ret = mbedtls_x509_crt_parse_file( cert, certfile ); if( ret < 0 ) { char errorbuf[256]; mbedtls_strerror( ret, errorbuf, sizeof(errorbuf)); printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d: %s\n\n", ret, errorbuf ); mbedtls_x509_crt_free( cert ); goto exit; } printf( " ok\n" ); /* * 1.2 Print the certificate(s) */ while( cur != NULL ) { printf( " . Peer certificate information ...\n" ); ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", cur ); if( ret == -1 ) { printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret ); goto exit; } printf( "%s\n", buf ); cur = cur->next; } ret = 0; /* * 1.3 Verify the certificate */ printf( " . Verifying X.509 certificate..." ); if( ( ret = mbedtls_x509_crt_verify( cert, &cacert, NULL, NULL, &flags, my_verify, NULL ) ) != 0 ) { char vrfy_buf[512]; printf( " failed\n" ); mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); printf( "%s\n", vrfy_buf ); goto exit; } else printf( " ok\n" ); exit: //mbedtls_net_free( &server_fd ); mbedtls_x509_crt_free( &cacert ); mbedtls_pk_free( &pkey ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); if( ret < 0 ) { mbedtls_x509_crt_free( cert ); mbedtls_free(cert); return NULL; } return cert; }
/* * Parse a CSR in DER format */ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { int ret; size_t len; unsigned char *p, *end; mbedtls_x509_buf sig_params; memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) ); /* * Check for valid input */ if( csr == NULL || buf == NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); mbedtls_x509_csr_init( csr ); /* * first copy the raw DER data */ p = mbedtls_calloc( 1, len = buflen ); if( p == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); csr->raw.p = p; csr->raw.len = len; end = p + len; /* * CertificationRequest ::= SEQUENCE { * certificationRequestInfo CertificationRequestInfo, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING * } */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT ); } if( len != (size_t) ( end - p ) ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } /* * CertificationRequestInfo ::= SEQUENCE { */ csr->cri.p = p; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } end = p + len; csr->cri.len = end - csr->cri.p; /* * Version ::= INTEGER { v1(0) } */ if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } csr->version++; if( csr->version != 1 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } /* * subject Name */ csr->subject_raw.p = p; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } csr->subject_raw.len = p - csr->subject_raw.p; /* * subjectPKInfo SubjectPublicKeyInfo */ if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } /* * attributes [0] Attributes * * The list of possible attributes is open-ended, though RFC 2985 * (PKCS#9) defines a few in section 5.4. We currently don't support any, * so we just ignore them. This is a safe thing to do as the worst thing * that could happen is that we issue a certificate that does not match * the requester's expectations - this cannot cause a violation of our * signature policies. */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } p += len; end = csr->raw.p + csr->raw.len; /* * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING */ if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params, &csr->sig_md, &csr->sig_pk, &csr->sig_opts ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); } if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } if( p != end ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } return( 0 ); }
/* * Parse a CSR in DER format */ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { int ret; size_t len; unsigned char *p, *end; mbedtls_x509_buf sig_params; memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) ); /* * Check for valid input */ if( csr == NULL || buf == NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); mbedtls_x509_csr_init( csr ); /* * first copy the raw DER data */ p = mbedtls_calloc( 1, len = buflen ); if( p == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); csr->raw.p = p; csr->raw.len = len; end = p + len; /* * CertificationRequest ::= SEQUENCE { * certificationRequestInfo CertificationRequestInfo, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING * } */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT ); } if( len != (size_t) ( end - p ) ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } /* * CertificationRequestInfo ::= SEQUENCE { */ csr->cri.p = p; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } end = p + len; csr->cri.len = end - csr->cri.p; /* * Version ::= INTEGER { v1(0) } */ if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } csr->version++; if( csr->version != 1 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } /* * subject Name */ csr->subject_raw.p = p; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } csr->subject_raw.len = p - csr->subject_raw.p; /* * subjectPKInfo SubjectPublicKeyInfo */ if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } /* * attributes [0] Attributes */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } // TODO Parse Attributes / extension requests p += len; end = csr->raw.p + csr->raw.len; /* * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING */ if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params, &csr->sig_md, &csr->sig_pk, &csr->sig_opts ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); } if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } if( p != end ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } return( 0 ); }
//need to normalize the coordinates int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, const unsigned char *buf, size_t blen, const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s) { int ret = 0; CRYSError_t CrysRet = CRYS_OK; void* pHeap = NULL; size_t heapSize = 0; uint8_t * pSignature = NULL; CRYS_ECPKI_HASH_OpMode_t hash_mode = message_size_to_hash_mode( blen ); size_t temp_size = 0; uint32_t signature_size = ( ( grp->nbits + 7 ) / 8 ) * 2; const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); #if SIZE_MAX > UINT_MAX if( blen > 0xFFFFFFFF ) { return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } #endif if ( pDomain ) { uint8_t temp_buf[ 2*MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; cc_ecc_ws_verify_params_t* verifyParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_verify_params_t) ); if ( verifyParams == NULL) return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); pHeap = verifyParams; heapSize = sizeof(cc_ecc_ws_verify_params_t); pSignature = mbedtls_calloc( 1, signature_size ); if ( pSignature == NULL) { ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; goto cleanup; } MBEDTLS_MPI_CHK( mbedtls_ecp_point_write_binary( grp, Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &temp_size, temp_buf, sizeof(temp_buf) ) ); CrysRet = CRYS_ECPKI_BuildPublKey(pDomain, temp_buf, temp_size, &verifyParams->pubKey); if( CrysRet != CRYS_OK ) { ret = convert_CrysError_to_mbedtls_err( CrysRet ); goto cleanup; } MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( r, pSignature, ( ( grp->nbits + 7 ) / 8 ) ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( s, pSignature + ( ( grp->nbits + 7 ) / 8 ), ( ( grp->nbits + 7 ) / 8 ) ) ); CrysRet = CRYS_ECDSA_Verify ( &verifyParams->verifyContext, &verifyParams->pubKey, hash_mode, pSignature, signature_size, (uint8_t*)buf, blen ); if( CrysRet != CRYS_OK ) { ret = convert_CrysError_to_mbedtls_err( CrysRet ); goto cleanup; } } else ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; cleanup: if( pHeap ) { mbedtls_zeroize( pHeap, heapSize ); mbedtls_free( pHeap ); } if( pSignature ) { mbedtls_zeroize( pSignature, signature_size ); mbedtls_free( pSignature ); } return ret; }
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret = 0; CRYSError_t CrysRet = CRYS_OK; void* pHeap = NULL; size_t heapSize = 0; uint32_t key_size = 2*MAX_KEY_SIZE_IN_BYTES + 1; const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( gid ) ); mbedtls_rand_func_container cc_rand = { f_rng, p_rng }; if ( pDomain ) { uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; cc_ecc_ws_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_keygen_params_t) ); if ( kgParams == NULL ) return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); pHeap = kgParams; heapSize = sizeof(cc_ecc_ws_keygen_params_t); CrysRet = CRYS_ECPKI_GenKeyPair( &cc_rand, convert_mbedtls_to_cc_rand, pDomain, &kgParams->privKey, &kgParams->pubKey, &kgParams->kgTempData, NULL ); if ( CrysRet != CRYS_OK ) { ret = convert_CrysError_to_mbedtls_err( CrysRet ); goto cleanup; } MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, gid ) ); CrysRet = CRYS_ECPKI_ExportPublKey( &kgParams->pubKey, CRYS_EC_PointUncompressed, temp_buf, &key_size ); if ( CrysRet != CRYS_OK ) { ret = convert_CrysError_to_mbedtls_err( CrysRet ); goto cleanup; } ret = mbedtls_ecp_point_read_binary( &ctx->grp, &ctx->Q, temp_buf, key_size ); if ( ret != 0 ) goto cleanup; memset ( temp_buf, 0 , sizeof(temp_buf) ); CrysRet = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( temp_buf, (ctx->grp.nbits+7)/8, kgParams->privKey.PrivKeyDbBuff, 4*((((ctx->grp.nbits+7)/8)+3)/4) ); if ( CrysRet != CRYS_OK ) { ret = convert_CrysError_to_mbedtls_err( CrysRet ); mbedtls_zeroize( temp_buf, sizeof(temp_buf) ); goto cleanup; } ret = mbedtls_mpi_read_binary( &ctx->d, temp_buf, (ctx->grp.nbits+7)/8 ); mbedtls_zeroize( temp_buf, sizeof(temp_buf) ); if ( ret != 0 ) { goto cleanup; } } else ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; cleanup: if ( pHeap ) { mbedtls_zeroize( pHeap, heapSize ); mbedtls_free ( pHeap ); } return ( ret ); }
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret = 0; CRYSError_t CrysRet = CRYS_OK; void* pHeap = NULL; size_t heapSize = 0; uint8_t* pSignature = NULL; CRYS_ECPKI_HASH_OpMode_t hash_mode = message_size_to_hash_mode( blen ); uint32_t signature_size = ( ( grp->nbits + 7 ) / 8 ) *2; const uint32_t signature_size_for_heap = signature_size; mbedtls_rand_func_container cc_rand = { f_rng, p_rng }; const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); #if SIZE_MAX > UINT_MAX if( blen > 0xFFFFFFFF ) { return ( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } #endif if ( pDomain != NULL ) { uint8_t temp_buf[ MAX_KEY_SIZE_IN_BYTES ] = {0}; cc_ecc_ws_sign_params_t* signParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_sign_params_t) ); if ( signParams == NULL) return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); pHeap = signParams; heapSize = sizeof(cc_ecc_ws_sign_params_t); pSignature = mbedtls_calloc( 1, signature_size_for_heap ); if ( pSignature == NULL) { ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; goto cleanup; } MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, temp_buf, mbedtls_mpi_size( d ) ) ); CrysRet = CRYS_ECPKI_BuildPrivKey( pDomain, temp_buf, mbedtls_mpi_size( d ), &signParams->privKey); if( CrysRet != CRYS_OK ) { ret = convert_CrysError_to_mbedtls_err( CrysRet ); mbedtls_zeroize( temp_buf, sizeof(temp_buf) ); goto cleanup; } CrysRet = CRYS_ECDSA_Sign( &cc_rand, convert_mbedtls_to_cc_rand, &signParams->signContext, &signParams->privKey, hash_mode, (uint8_t*)buf, blen, pSignature, &signature_size ); mbedtls_zeroize( temp_buf, sizeof(temp_buf) ); if( CrysRet != CRYS_OK ) { ret = convert_CrysError_to_mbedtls_err( CrysRet ); goto cleanup; } } else { ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; goto cleanup; } MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( r, pSignature, ( ( grp->nbits + 7 ) / 8 ) ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( s, pSignature + ( ( grp->nbits + 7 ) / 8 ), ( ( grp->nbits + 7 ) / 8 ) ) ); cleanup: if ( pHeap ) { mbedtls_zeroize( pHeap, heapSize ); mbedtls_free( pHeap ); } if( pSignature ) { mbedtls_zeroize( pSignature, signature_size_for_heap ); mbedtls_free( pSignature ); } return ( ret ) ; }
/* * Parse one CRLs in DER format and append it to the chained list */ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) { int ret; size_t len; unsigned char *p, *end; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; mbedtls_x509_crl *crl = chain; /* * Check for valid input */ if( crl == NULL || buf == NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); /* * Add new CRL on the end of the chain if needed. */ while( crl->version != 0 && crl->next != NULL ) crl = crl->next; if( crl->version != 0 && crl->next == NULL ) { crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ); if( crl->next == NULL ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_ALLOC_FAILED ); } mbedtls_x509_crl_init( crl->next ); crl = crl->next; } /* * Copy raw DER-encoded CRL */ if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memmove( p, buf, buflen ); crl->raw.p = p; crl->raw.len = buflen; end = p + buflen; /* * CertificateList ::= SEQUENCE { * tbsCertList TBSCertList, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING } */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_INVALID_FORMAT ); } if( len != (size_t) ( end - p ) ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } /* * TBSCertList ::= SEQUENCE { */ crl->tbs.p = p; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } end = p + len; crl->tbs.len = end - crl->tbs.p; /* * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } * -- if present, MUST be v2 * * signature AlgorithmIdentifier */ if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( ret ); } crl->version++; if( crl->version > 2 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); } /* * issuer Name */ crl->issuer_raw.p = p; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( ret ); } crl->issuer_raw.len = p - crl->issuer_raw.p; /* * thisUpdate Time * nextUpdate Time OPTIONAL */ if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( ret ); } if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 ) { if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) && ret != ( MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) { mbedtls_x509_crl_free( crl ); return( ret ); } } /* * revokedCertificates SEQUENCE OF SEQUENCE { * userCertificate CertificateSerialNumber, * revocationDate Time, * crlEntryExtensions Extensions OPTIONAL * -- if present, MUST be v2 * } OPTIONAL */ if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( ret ); } /* * crlExtensions EXPLICIT Extensions OPTIONAL * -- if present, MUST be v2 */ if( crl->version == 2 ) { ret = x509_get_crl_ext( &p, end, &crl->crl_ext ); if( ret != 0 ) { mbedtls_x509_crl_free( crl ); return( ret ); } } if( p != end ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } end = crl->raw.p + crl->raw.len; /* * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING */ if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( ret ); } if( crl->sig_oid.len != sig_oid2.len || memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 || sig_params1.len != sig_params2.len || ( sig_params1.len != 0 && memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_SIG_MISMATCH ); } if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( ret ); } if( p != end ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } return( 0 ); }