cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Made asn1_get_alg() and asn1_get_alg_null() as generic functions

Browse Source 
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
This commit is contained in:
Paul Bakker 2013-06-29 12:16:17 +02:00
parent ce6ae233cb
commit f8d018a274
6 changed files with 127 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
include/polarssl/asn1.h
View File

@ -244,6 +244,35 @@ int asn1_get_mpi( unsigned char **p,
mpi *X );
#endif
/**
* Retrieve an AlgorithmIdentifier ASN.1 sequence.
* Updates the pointer to immediately behind the full AlgorithmIdentifier.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param alg The buffer to receive the OID
* \param params The buffer to receive the params (if any)
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int asn1_get_alg( unsigned char **p,
const unsigned char *end,
asn1_buf *alg, asn1_buf *params );
/**
* Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params.
* Updates the pointer to immediately behind the full AlgorithmIdentifier.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param alg The buffer to receive the OID
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int asn1_get_alg_null( unsigned char **p,
const unsigned char *end,
asn1_buf *alg );
#ifdef __cplusplus
}
#endif

61
library/asn1parse.c
View File

@ -1,7 +1,7 @@
/*
* Generic ASN.1 parsing
*
* Copyright (C) 2006-2011, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -257,4 +257,63 @@ int asn1_get_sequence_of( unsigned char **p,
return( 0 );
}
int asn1_get_alg( unsigned char **p,
const unsigned char *end,
asn1_buf *alg, asn1_buf *params )
{
int ret;
size_t len;
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ret );
end = *p + len;
alg->tag = **p;
if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
return( ret );
alg->p = *p;
*p += alg->len;
if( *p == end )
{
memset( params, 0, sizeof(asn1_buf) );
return( 0 );
}
params->tag = **p;
(*p)++;
if( ( ret = asn1_get_len( p, end, &params->len ) ) != 0 )
return( ret );
params->p = *p;
*p += params->len;
if( *p != end )
return( POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
int asn1_get_alg_null( unsigned char **p,
const unsigned char *end,
asn1_buf *alg )
{
int ret;
asn1_buf params;
memset( &params, 0, sizeof(asn1_buf) );
if( ( ret = asn1_get_alg( p, end, alg, &params ) ) != 0 )
return( ret );
if( ( params.tag != ASN1_NULL && params.tag != 0 ) || params.len != 0 )
return( POLARSSL_ERR_ASN1_INVALID_DATA );
return( 0 );
}
#endif

22
library/pkcs12.c
View File

@ -45,12 +45,12 @@
#include "polarssl/des.h"
#endif
static int pkcs12_parse_pbe_params( unsigned char **p,
const unsigned char *end,
static int pkcs12_parse_pbe_params( asn1_buf *params,
asn1_buf *salt, int *iterations )
{
int ret;
size_t len = 0;
unsigned char **p = &params->p;
const unsigned char *end = params->p + params->len;
/*
* pkcs-12PbeParams ::= SEQUENCE {
@ -59,13 +59,9 @@ static int pkcs12_parse_pbe_params( unsigned char **p,
* }
*
*/
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
}
end = *p + len;
if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
@ -91,16 +87,12 @@ static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, md_type_t md_type,
int ret, iterations;
asn1_buf salt;
size_t i;
unsigned char *p, *end;
unsigned char unipwd[258];
memset(&salt, 0, sizeof(asn1_buf));
memset(&unipwd, 0, sizeof(unipwd));
p = pbe_params->p;
end = p + pbe_params->len;
if( ( ret = pkcs12_parse_pbe_params( &p, end, &salt, &iterations ) ) != 0 )
if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt, &iterations ) ) != 0 )
return( ret );
for(i = 0; i < pwdlen; i++)

74
library/pkcs5.c
View File

@ -42,15 +42,18 @@
#include "polarssl/cipher.h"
#include "polarssl/oid.h"
static int pkcs5_parse_pbkdf2_params( unsigned char **p,
const unsigned char *end,
static int pkcs5_parse_pbkdf2_params( asn1_buf *params,
asn1_buf *salt, int *iterations,
int *keylen, md_type_t *md_type )
{
int ret;
size_t len = 0;
asn1_buf prf_alg_oid;
unsigned char **p = &params->p;
const unsigned char *end = params->p + params->len;
if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
/*
* PBKDF2-params ::= SEQUENCE {
* salt OCTET STRING,
@ -60,14 +63,6 @@ static int pkcs5_parse_pbkdf2_params( unsigned char **p,
* }
*
*/
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
}
end = *p + len;
if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
@ -89,7 +84,7 @@ static int pkcs5_parse_pbkdf2_params( unsigned char **p,
if( *p == end )
return( 0 );
if( ( ret = asn1_get_tag( p, end, &prf_alg_oid.len, ASN1_OID ) ) != 0 )
if( ( ret = asn1_get_alg_null( p, end, &prf_alg_oid ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
if( !OID_CMP( OID_HMAC_SHA1, &prf_alg_oid ) )
@ -110,11 +105,12 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
unsigned char *output )
{
int ret, iterations = 0, keylen = 0;
unsigned char *p, *end, *end2;
asn1_buf kdf_alg_oid, enc_scheme_oid, salt;
unsigned char *p, *end;
asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
asn1_buf salt;
md_type_t md_type = POLARSSL_MD_SHA1;
unsigned char key[32], iv[32];
size_t len = 0, olen = 0;
size_t olen = 0;
const md_info_t *md_info;
const cipher_info_t *cipher_info;
md_context_t md_ctx;
@ -130,32 +126,19 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
* encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
if( pbe_params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
if( ( ret = asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
}
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
}
end2 = p + len;
if( ( ret = asn1_get_tag( &p, end2, &kdf_alg_oid.len, ASN1_OID ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
kdf_alg_oid.p = p;
p += kdf_alg_oid.len;
// Only PBKDF2 supported at the moment
//
if( !OID_CMP( OID_PKCS5_PBKDF2, &kdf_alg_oid ) )
return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( ( ret = pkcs5_parse_pbkdf2_params( &p, end2,
if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
&salt, &iterations, &keylen,
&md_type ) ) != 0 )
{
@ -166,19 +149,8 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
if( md_info == NULL )
return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
if( ( ret = asn1_get_alg( &p, end, &enc_scheme_oid, &enc_scheme_params ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
}
end2 = p + len;
if( ( ret = asn1_get_tag( &p, end2, &enc_scheme_oid.len, ASN1_OID ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
enc_scheme_oid.p = p;
p += enc_scheme_oid.len;
if ( oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );
@ -189,13 +161,13 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
keylen = cipher_info->key_length / 8;
if( ( ret = asn1_get_tag( &p, end2, &len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
if( len != cipher_info->iv_size )
if( enc_scheme_params.tag != ASN1_OCTET_STRING ||
enc_scheme_params.len != cipher_info->iv_size )
{
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT );
}
memcpy( iv, p, len );
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
return( ret );

54
library/x509parse.c
View File

@ -182,34 +182,10 @@ static int x509_get_alg( unsigned char **p,
x509_buf *alg )
{
int ret;
size_t len;
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
end = *p + len;
alg->tag = **p;
if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
alg->p = *p;
*p += alg->len;
if( *p == end )
return( 0 );
/*
* assume the algorithm parameters must be NULL
*/
if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
if( *p != end )
return( POLARSSL_ERR_X509_CERT_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
@ -451,8 +427,8 @@ static int x509_get_pubkey( unsigned char **p,
unsigned char *end2;
pk_type_t pk_alg = POLARSSL_PK_NONE;
if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
return( ret );
if( ( ret = asn1_get_alg_null( p, end, pk_alg_oid ) ) != 0 )
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
/*
* only RSA public keys handled at this time
@ -2149,7 +2125,7 @@ static int x509parse_key_pkcs8_unencrypted_der(
if( rsa->ver != 0 )
return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
if( ( ret = x509_get_alg( &p, end, &pk_alg_oid ) ) != 0 )
if( ( ret = asn1_get_alg_null( &p, end, &pk_alg_oid ) ) != 0 )
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
/*
@ -2190,7 +2166,7 @@ static int x509parse_key_pkcs8_encrypted_der(
{
int ret;
size_t len;
unsigned char *p, *end, *end2;
unsigned char *p, *end;
x509_buf pbe_alg_oid, pbe_params;
unsigned char buf[2048];
#if defined(POLARSSL_PKCS12_C)
@ -2228,26 +2204,8 @@ static int x509parse_key_pkcs8_encrypted_der(
end = p + len;
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
}
end2 = p + len;
if( ( ret = asn1_get_tag( &p, end, &pbe_alg_oid.len, ASN1_OID ) ) != 0 )
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
pbe_alg_oid.p = p;
p += pbe_alg_oid.len;
/*
* Store the algorithm parameters
*/
pbe_params.p = p;
pbe_params.len = end2 - p;
p += pbe_params.len;
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );

4
tests/suites/test_suite_x509parse.data
View File

@ -412,7 +412,7 @@ X509 Certificate ASN1 (TBSCertificate, alg oid no data in sequence)
x509parse_crt:"300f300da0030201048204deadbeef3000":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, alg with params)
x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, correct alg data, no params unknown version)
x509parse_crt:"30153013a0030201048204deadbeef30060604cafed00d":"":POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
@ -475,7 +475,7 @@ X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_UNKNOWN_PK_ALG