|
|
@@ -54,10 +54,6 @@ FILE_LICENCE ( GPL2_OR_LATER );
|
|
54
|
54
|
__einfo_error ( EINFO_EINVAL_ALGORITHM )
|
|
55
|
55
|
#define EINFO_EINVAL_ALGORITHM \
|
|
56
|
56
|
__einfo_uniqify ( EINFO_EINVAL, 0x01, "Invalid algorithm type" )
|
|
57
|
|
-#define EINVAL_BIT_STRING \
|
|
58
|
|
- __einfo_error ( EINFO_EINVAL_BIT_STRING )
|
|
59
|
|
-#define EINFO_EINVAL_BIT_STRING \
|
|
60
|
|
- __einfo_uniqify ( EINFO_EINVAL, 0x02, "Invalid bit string" )
|
|
61
|
57
|
#define EINVAL_ALGORITHM_MISMATCH \
|
|
62
|
58
|
__einfo_error ( EINFO_EINVAL_ALGORITHM_MISMATCH )
|
|
63
|
59
|
#define EINFO_EINVAL_ALGORITHM_MISMATCH \
|
|
|
@@ -154,88 +150,6 @@ static uint8_t oid_common_name[] = { ASN1_OID_COMMON_NAME };
|
|
154
|
150
|
static struct asn1_cursor oid_common_name_cursor =
|
|
155
|
151
|
ASN1_OID_CURSOR ( oid_common_name );
|
|
156
|
152
|
|
|
157
|
|
-/**
|
|
158
|
|
- * Parse X.509 certificate bit string
|
|
159
|
|
- *
|
|
160
|
|
- * @v cert X.509 certificate
|
|
161
|
|
- * @v bits Bit string to fill in
|
|
162
|
|
- * @v raw ASN.1 cursor
|
|
163
|
|
- * @ret rc Return status code
|
|
164
|
|
- */
|
|
165
|
|
-static int x509_parse_bit_string ( struct x509_certificate *cert,
|
|
166
|
|
- struct x509_bit_string *bits,
|
|
167
|
|
- const struct asn1_cursor *raw ) {
|
|
168
|
|
- struct asn1_cursor cursor;
|
|
169
|
|
- const struct asn1_bit_string *bit_string;
|
|
170
|
|
- size_t len;
|
|
171
|
|
- unsigned int unused;
|
|
172
|
|
- uint8_t unused_mask;
|
|
173
|
|
- const uint8_t *last;
|
|
174
|
|
- int rc;
|
|
175
|
|
-
|
|
176
|
|
- /* Enter bit string */
|
|
177
|
|
- memcpy ( &cursor, raw, sizeof ( cursor ) );
|
|
178
|
|
- if ( ( rc = asn1_enter ( &cursor, ASN1_BIT_STRING ) ) != 0 ) {
|
|
179
|
|
- DBGC ( cert, "X509 %p cannot locate bit string:\n", cert );
|
|
180
|
|
- DBGC_HDA ( cert, 0, raw->data, raw->len );
|
|
181
|
|
- return rc;
|
|
182
|
|
- }
|
|
183
|
|
-
|
|
184
|
|
- /* Validity checks */
|
|
185
|
|
- if ( cursor.len < sizeof ( *bit_string ) ) {
|
|
186
|
|
- DBGC ( cert, "X509 %p invalid bit string:\n", cert );
|
|
187
|
|
- DBGC_HDA ( cert, 0, raw->data, raw->len );
|
|
188
|
|
- return -EINVAL_BIT_STRING;
|
|
189
|
|
- }
|
|
190
|
|
- bit_string = cursor.data;
|
|
191
|
|
- len = ( cursor.len - offsetof ( typeof ( *bit_string ), data ) );
|
|
192
|
|
- unused = bit_string->unused;
|
|
193
|
|
- unused_mask = ( 0xff >> ( 8 - unused ) );
|
|
194
|
|
- last = ( bit_string->data + len - 1 );
|
|
195
|
|
- if ( ( unused >= 8 ) ||
|
|
196
|
|
- ( ( unused > 0 ) && ( len == 0 ) ) ||
|
|
197
|
|
- ( ( *last & unused_mask ) != 0 ) ) {
|
|
198
|
|
- DBGC ( cert, "X509 %p invalid bit string:\n", cert );
|
|
199
|
|
- DBGC_HDA ( cert, 0, raw->data, raw->len );
|
|
200
|
|
- return -EINVAL_BIT_STRING;
|
|
201
|
|
- }
|
|
202
|
|
-
|
|
203
|
|
- /* Populate bit string */
|
|
204
|
|
- bits->data = &bit_string->data;
|
|
205
|
|
- bits->len = len;
|
|
206
|
|
- bits->unused = unused;
|
|
207
|
|
-
|
|
208
|
|
- return 0;
|
|
209
|
|
-}
|
|
210
|
|
-
|
|
211
|
|
-/**
|
|
212
|
|
- * Parse X.509 certificate bit string that must be an integral number of bytes
|
|
213
|
|
- *
|
|
214
|
|
- * @v cert X.509 certificate
|
|
215
|
|
- * @v bits Bit string to fill in
|
|
216
|
|
- * @v raw ASN.1 cursor
|
|
217
|
|
- * @ret rc Return status code
|
|
218
|
|
- */
|
|
219
|
|
-static int x509_parse_integral_bit_string ( struct x509_certificate *cert,
|
|
220
|
|
- struct x509_bit_string *bits,
|
|
221
|
|
- const struct asn1_cursor *raw ) {
|
|
222
|
|
- int rc;
|
|
223
|
|
-
|
|
224
|
|
- /* Parse bit string */
|
|
225
|
|
- if ( ( rc = x509_parse_bit_string ( cert, bits, raw ) ) != 0 )
|
|
226
|
|
- return rc;
|
|
227
|
|
-
|
|
228
|
|
- /* Check that there are no unused bits at end of string */
|
|
229
|
|
- if ( bits->unused ) {
|
|
230
|
|
- DBGC ( cert, "X509 %p invalid integral bit string:\n", cert );
|
|
231
|
|
- DBGC_HDA ( cert, 0, raw->data, raw->len );
|
|
232
|
|
- return -EINVAL_BIT_STRING;
|
|
233
|
|
- }
|
|
234
|
|
-
|
|
235
|
|
- return 0;
|
|
236
|
|
-}
|
|
237
|
|
-
|
|
238
|
|
-
|
|
239
|
153
|
/**
|
|
240
|
154
|
* Parse X.509 certificate version
|
|
241
|
155
|
*
|
|
|
@@ -466,7 +380,7 @@ static int x509_parse_public_key ( struct x509_certificate *cert,
|
|
466
|
380
|
const struct asn1_cursor *raw ) {
|
|
467
|
381
|
struct x509_public_key *public_key = &cert->subject.public_key;
|
|
468
|
382
|
struct asn1_algorithm **algorithm = &public_key->algorithm;
|
|
469
|
|
- struct x509_bit_string *raw_bits = &public_key->raw_bits;
|
|
|
383
|
+ struct asn1_bit_string *raw_bits = &public_key->raw_bits;
|
|
470
|
384
|
struct asn1_cursor cursor;
|
|
471
|
385
|
int rc;
|
|
472
|
386
|
|
|
|
@@ -491,8 +405,11 @@ static int x509_parse_public_key ( struct x509_certificate *cert,
|
|
491
|
405
|
asn1_skip_any ( &cursor );
|
|
492
|
406
|
|
|
493
|
407
|
/* Parse bit string */
|
|
494
|
|
- if ( ( rc = x509_parse_bit_string ( cert, raw_bits, &cursor ) ) != 0 )
|
|
|
408
|
+ if ( ( rc = asn1_bit_string ( &cursor, raw_bits ) ) != 0 ) {
|
|
|
409
|
+ DBGC ( cert, "X509 %p could not parse public key bits: %s\n",
|
|
|
410
|
+ cert, strerror ( rc ) );
|
|
495
|
411
|
return rc;
|
|
|
412
|
+ }
|
|
496
|
413
|
|
|
497
|
414
|
return 0;
|
|
498
|
415
|
}
|
|
|
@@ -569,7 +486,7 @@ static int x509_parse_basic_constraints ( struct x509_certificate *cert,
|
|
569
|
486
|
static int x509_parse_key_usage ( struct x509_certificate *cert,
|
|
570
|
487
|
const struct asn1_cursor *raw ) {
|
|
571
|
488
|
struct x509_key_usage *usage = &cert->extensions.usage;
|
|
572
|
|
- struct x509_bit_string bit_string;
|
|
|
489
|
+ struct asn1_bit_string bit_string;
|
|
573
|
490
|
const uint8_t *bytes;
|
|
574
|
491
|
size_t len;
|
|
575
|
492
|
unsigned int i;
|
|
|
@@ -579,8 +496,11 @@ static int x509_parse_key_usage ( struct x509_certificate *cert,
|
|
579
|
496
|
usage->present = 1;
|
|
580
|
497
|
|
|
581
|
498
|
/* Parse bit string */
|
|
582
|
|
- if ( ( rc = x509_parse_bit_string ( cert, &bit_string, raw ) ) != 0 )
|
|
|
499
|
+ if ( ( rc = asn1_bit_string ( raw, &bit_string ) ) != 0 ) {
|
|
|
500
|
+ DBGC ( cert, "X509 %p could not parse key usage: %s\n",
|
|
|
501
|
+ cert, strerror ( rc ) );
|
|
583
|
502
|
return rc;
|
|
|
503
|
+ }
|
|
584
|
504
|
|
|
585
|
505
|
/* Parse key usage bits */
|
|
586
|
506
|
bytes = bit_string.data;
|
|
|
@@ -1034,7 +954,7 @@ static int x509_parse ( struct x509_certificate *cert,
|
|
1034
|
954
|
const struct asn1_cursor *raw ) {
|
|
1035
|
955
|
struct x509_signature *signature = &cert->signature;
|
|
1036
|
956
|
struct asn1_algorithm **signature_algorithm = &signature->algorithm;
|
|
1037
|
|
- struct x509_bit_string *signature_value = &signature->value;
|
|
|
957
|
+ struct asn1_bit_string *signature_value = &signature->value;
|
|
1038
|
958
|
struct asn1_cursor cursor;
|
|
1039
|
959
|
int rc;
|
|
1040
|
960
|
|
|
|
@@ -1062,9 +982,12 @@ static int x509_parse ( struct x509_certificate *cert,
|
|
1062
|
982
|
asn1_skip_any ( &cursor );
|
|
1063
|
983
|
|
|
1064
|
984
|
/* Parse signatureValue */
|
|
1065
|
|
- if ( ( rc = x509_parse_integral_bit_string ( cert, signature_value,
|
|
1066
|
|
- &cursor ) ) != 0 )
|
|
|
985
|
+ if ( ( rc = asn1_integral_bit_string ( &cursor,
|
|
|
986
|
+ signature_value ) ) != 0 ) {
|
|
|
987
|
+ DBGC ( cert, "X509 %p could not parse signature value: %s\n",
|
|
|
988
|
+ cert, strerror ( rc ) );
|
|
1067
|
989
|
return rc;
|
|
|
990
|
+ }
|
|
1068
|
991
|
DBGC2 ( cert, "X509 %p signatureValue is:\n", cert );
|
|
1069
|
992
|
DBGC2_HDA ( cert, 0, signature_value->data, signature_value->len );
|
|
1070
|
993
|
|
Michael Brown
12 years ago