Browse Source

[tls] Use our own ASN.1 routines for certificate parsing

Use our own, more robust, ASN.1 parsing routines to extract the RSA
public key from a server certificate.  Remove the now-unused AXTLS
ASN.1 parser.
tags/v0.9.7
Michael Brown 15 years ago
parent
commit
8e960eb67c
8 changed files with 354 additions and 954 deletions
  1. 18
    13
      src/crypto/asn1.c
  2. 0
    867
      src/crypto/axtls/axtls_asn1.c
  3. 181
    0
      src/crypto/x509.c
  4. 3
    3
      src/include/gpxe/asn1.h
  5. 1
    0
      src/include/gpxe/errfile.h
  6. 2
    4
      src/include/gpxe/tls.h
  7. 39
    0
      src/include/gpxe/x509.h
  8. 110
    67
      src/net/tls.c

+ 18
- 13
src/crypto/asn1.c View File

@@ -32,7 +32,7 @@
32 32
  *
33 33
  * @v cursor		ASN.1 object cursor
34 34
  * @v type		Expected type
35
- * @ret len		Length of object body, or -1 on error
35
+ * @ret len		Length of object body, or negative error
36 36
  *
37 37
  * The object cursor will be updated to point to the start of the
38 38
  * object body (i.e. the first byte following the length byte(s)), and
@@ -44,29 +44,32 @@
44 44
  * the cursor will be invalidated and a negative value will be
45 45
  * returned.
46 46
  */
47
-static int asn1_start_object ( struct asn1_cursor *cursor,
47
+static int asn1_start ( struct asn1_cursor *cursor,
48 48
 			       unsigned int type ) {
49 49
 	unsigned int len_len;
50 50
 	unsigned int len;
51
+	int rc;
51 52
 
52 53
 	/* Sanity check */
53 54
 	if ( cursor->len < 2 /* Tag byte and first length byte */ ) {
54 55
 		if ( cursor->len )
55 56
 			DBGC ( cursor, "ASN1 %p too short\n", cursor );
57
+		rc = -EINVAL;
56 58
 		goto notfound;
57 59
 	}
58 60
 
59 61
 	/* Check the tag byte */
60
-	if ( cursor->data[0] != type ) {
62
+	if ( *( ( uint8_t * ) cursor->data ) != type ) {
61 63
 		DBGC ( cursor, "ASN1 %p type mismatch (expected %d, got %d)\n",
62
-		       cursor, type, cursor->data[0] );
64
+		       cursor, type, *( ( uint8_t * ) cursor->data ) );
65
+		rc = -ENXIO;
63 66
 		goto notfound;
64 67
 	}
65 68
 	cursor->data++;
66 69
 	cursor->len--;
67 70
 
68 71
 	/* Extract length of the length field and sanity check */
69
-	len_len = cursor->data[0];
72
+	len_len = *( ( uint8_t * ) cursor->data );
70 73
 	if ( len_len & 0x80 ) {
71 74
 		len_len = ( len_len & 0x7f );
72 75
 		cursor->data++;
@@ -77,19 +80,21 @@ static int asn1_start_object ( struct asn1_cursor *cursor,
77 80
 	if ( cursor->len < len_len ) {
78 81
 		DBGC ( cursor, "ASN1 %p bad length field length %d (max "
79 82
 		       "%zd)\n", cursor, len_len, cursor->len );
83
+		rc = -EINVAL;
80 84
 		goto notfound;
81 85
 	}
82 86
 
83 87
 	/* Extract the length and sanity check */
84 88
 	for ( len = 0 ; len_len ; len_len-- ) {
85 89
 		len <<= 8;
86
-		len |= cursor->data[0];
90
+		len |= *( ( uint8_t * ) cursor->data );
87 91
 		cursor->data++;
88 92
 		cursor->len--;
89 93
 	}
90 94
 	if ( cursor->len < len ) {
91 95
 		DBGC ( cursor, "ASN1 %p bad length %d (max %zd)\n",
92 96
 		       cursor, len, cursor->len );
97
+		rc = -EINVAL;
93 98
 		goto notfound;
94 99
 	}
95 100
 
@@ -98,7 +103,7 @@ static int asn1_start_object ( struct asn1_cursor *cursor,
98 103
  notfound:
99 104
 	cursor->data = NULL;
100 105
 	cursor->len = 0;
101
-	return -1;
106
+	return rc;
102 107
 }
103 108
 
104 109
 /**
@@ -112,12 +117,12 @@ static int asn1_start_object ( struct asn1_cursor *cursor,
112 117
  * current ASN.1 object.  If any error occurs, the object cursor will
113 118
  * be invalidated.
114 119
  */
115
-int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ) {
120
+int asn1_enter ( struct asn1_cursor *cursor, unsigned int type ) {
116 121
 	int len;
117 122
 
118
-	len = asn1_start_object ( cursor, type );
123
+	len = asn1_start ( cursor, type );
119 124
 	if ( len < 0 )
120
-		return -ENOENT;
125
+		return len;
121 126
 
122 127
 	cursor->len = len;
123 128
 	DBGC ( cursor, "ASN1 %p entered object type %02x (len %x)\n",
@@ -137,12 +142,12 @@ int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ) {
137 142
  * object.  If any error occurs, the object cursor will be
138 143
  * invalidated.
139 144
  */
140
-int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type ) {
145
+int asn1_skip ( struct asn1_cursor *cursor, unsigned int type ) {
141 146
 	int len;
142 147
 
143
-	len = asn1_start_object ( cursor, type );
148
+	len = asn1_start ( cursor, type );
144 149
 	if ( len < 0 )
145
-		return -ENOENT;
150
+		return len;
146 151
 
147 152
 	cursor->data += len;
148 153
 	cursor->len -= len;

+ 0
- 867
src/crypto/axtls/axtls_asn1.c View File

@@ -1,867 +0,0 @@
1
-/*
2
- *  Copyright(C) 2006 Cameron Rich
3
- *
4
- *  This library is free software; you can redistribute it and/or modify
5
- *  it under the terms of the GNU Lesser General Public License as published by
6
- *  the Free Software Foundation; either version 2.1 of the License, or
7
- *  (at your option) any later version.
8
- *
9
- *  This library is distributed in the hope that it will be useful,
10
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
11
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
- *  GNU Lesser General Public License for more details.
13
- *
14
- *  You should have received a copy of the GNU Lesser General Public License
15
- *  along with this library; if not, write to the Free Software
16
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
17
- */
18
-
19
-/**
20
- * @file asn1.c
21
- * 
22
- * Some primitive asn methods for extraction rsa modulus information. It also
23
- * is used for retrieving information from X.509 certificates.
24
- */
25
-
26
-#include <stdio.h>
27
-#include <stdlib.h>
28
-#include <string.h>
29
-#include <time.h>
30
-#include "crypto.h"
31
-
32
-#define SIG_OID_PREFIX_SIZE     8
33
-
34
-#define SIG_TYPE_MD2            0x02
35
-#define SIG_TYPE_MD5            0x04
36
-#define SIG_TYPE_SHA1           0x05
37
-
38
-/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
39
-static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
40
-{
41
-    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
42
-};
43
-
44
-/* CN, O, OU */
45
-static const uint8_t g_dn_types[] = { 3, 10, 11 };
46
-
47
-static int get_asn1_length(const uint8_t *buf, int *offset)
48
-{
49
-    int len, i;
50
-
51
-    if (!(buf[*offset] & 0x80)) /* short form */
52
-    {
53
-        len = buf[(*offset)++];
54
-    }
55
-    else    /* long form */
56
-    {
57
-        int length_bytes = buf[(*offset)++]&0x7f;
58
-        len = 0;
59
-        for (i = 0; i < length_bytes; i++)
60
-        {
61
-            len <<= 8;
62
-            len += buf[(*offset)++];
63
-        }
64
-    }
65
-
66
-    return len;
67
-}
68
-
69
-/**
70
- * Skip the ASN1.1 object type and its length. Get ready to read the object's
71
- * data.
72
- */
73
-int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
74
-{
75
-    if (buf[*offset] != obj_type)
76
-        return X509_NOT_OK;
77
-    (*offset)++;
78
-    return get_asn1_length(buf, offset);
79
-}
80
-
81
-/**
82
- * Skip over an ASN.1 object type completely. Get ready to read the next
83
- * object.
84
- */
85
-int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
86
-{
87
-    int len;
88
-
89
-    if (buf[*offset] != obj_type)
90
-        return X509_NOT_OK;
91
-    (*offset)++;
92
-    len = get_asn1_length(buf, offset);
93
-    *offset += len;
94
-    return 0;
95
-}
96
-
97
-/**
98
- * Read an integer value for ASN.1 data
99
- * Note: This function allocates memory which must be freed by the user.
100
- */
101
-int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
102
-{
103
-    int len;
104
-
105
-    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
106
-        goto end_int_array;
107
-
108
-    *object = (uint8_t *)malloc(len);
109
-    memcpy(*object, &buf[*offset], len);
110
-    *offset += len;
111
-
112
-end_int_array:
113
-    return len;
114
-}
115
-
116
-#if 0
117
-
118
-/**
119
- * Get all the RSA private key specifics from an ASN.1 encoded file 
120
- */
121
-int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
122
-{
123
-    int offset = 7;
124
-    uint8_t *modulus, *priv_exp, *pub_exp;
125
-    int mod_len, priv_len, pub_len;
126
-#ifdef CONFIG_BIGINT_CRT
127
-    uint8_t *p, *q, *dP, *dQ, *qInv;
128
-    int p_len, q_len, dP_len, dQ_len, qInv_len;
129
-#endif
130
-
131
-    /* not in der format */
132
-    if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
133
-    {
134
-#ifdef CONFIG_SSL_FULL_MODE
135
-        printf("Error: This is not a valid ASN.1 file\n");
136
-#endif
137
-        return X509_INVALID_PRIV_KEY;
138
-    }
139
-
140
-    /* initialise the RNG */
141
-    RNG_initialize(buf, len);
142
-
143
-    mod_len = asn1_get_int(buf, &offset, &modulus);
144
-    pub_len = asn1_get_int(buf, &offset, &pub_exp);
145
-    priv_len = asn1_get_int(buf, &offset, &priv_exp);
146
-
147
-    if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
148
-        return X509_INVALID_PRIV_KEY;
149
-
150
-#ifdef CONFIG_BIGINT_CRT
151
-    p_len = asn1_get_int(buf, &offset, &p);
152
-    q_len = asn1_get_int(buf, &offset, &q);
153
-    dP_len = asn1_get_int(buf, &offset, &dP);
154
-    dQ_len = asn1_get_int(buf, &offset, &dQ);
155
-    qInv_len = asn1_get_int(buf, &offset, &qInv);
156
-
157
-    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
158
-        return X509_INVALID_PRIV_KEY;
159
-
160
-    RSA_priv_key_new(rsa_ctx, 
161
-            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
162
-            p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
163
-
164
-    free(p);
165
-    free(q);
166
-    free(dP);
167
-    free(dQ);
168
-    free(qInv);
169
-#else
170
-    RSA_priv_key_new(rsa_ctx, 
171
-            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
172
-#endif
173
-
174
-    free(modulus);
175
-    free(priv_exp);
176
-    free(pub_exp);
177
-    return X509_OK;
178
-}
179
-
180
-/**
181
- * Get the time of a certificate. Ignore hours/minutes/seconds.
182
- */
183
-static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
184
-{
185
-    int ret = X509_NOT_OK, len, t_offset;
186
-    struct tm tm;
187
-
188
-    if (buf[(*offset)++] != ASN1_UTC_TIME)
189
-        goto end_utc_time;
190
-    len = get_asn1_length(buf, offset);
191
-    t_offset = *offset;
192
-
193
-    memset(&tm, 0, sizeof(struct tm));
194
-    tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
195
-
196
-    if (tm.tm_year <= 50)    /* 1951-2050 thing */
197
-    {
198
-        tm.tm_year += 100;
199
-    }
200
-
201
-    tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
202
-    tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
203
-    *t = mktime(&tm);
204
-    *offset += len;
205
-    ret = X509_OK;
206
-
207
-end_utc_time:
208
-    return ret;
209
-}
210
-
211
-/**
212
- * Get the version type of a certificate (which we don't actually care about)
213
- */
214
-static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
215
-{
216
-    int ret = X509_NOT_OK;
217
-
218
-    (*offset) += 2;        /* get past explicit tag */
219
-    if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
220
-        goto end_version;
221
-
222
-    ret = X509_OK;
223
-end_version:
224
-    return ret;
225
-}
226
-
227
-/**
228
- * Retrieve the notbefore and notafter certificate times.
229
- */
230
-static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
231
-{
232
-    return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
233
-              asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
234
-              asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
235
-}
236
-
237
-/**
238
- * Get the components of a distinguished name 
239
- */
240
-static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
241
-{
242
-    int dn_type = 0;
243
-    int len;
244
-
245
-    if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
246
-        goto end_oid;
247
-
248
-    /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name 
249
-       components we are interested in. */
250
-    if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
251
-        dn_type = buf[(*offset)++];
252
-    else
253
-    {
254
-        *offset += len;     /* skip over it */
255
-    }
256
-
257
-end_oid:
258
-    return dn_type;
259
-}
260
-
261
-/**
262
- * Obtain an ASN.1 printable string type.
263
- */
264
-static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
265
-{
266
-    int len = X509_NOT_OK;
267
-
268
-    /* some certs have this awful crud in them for some reason */
269
-    if (buf[*offset] != ASN1_PRINTABLE_STR && 
270
-            buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR)
271
-        goto end_pnt_str;
272
-
273
-    (*offset)++;
274
-    len = get_asn1_length(buf, offset);
275
-    *str = (char *)malloc(len+1);       /* allow for null */
276
-    memcpy(*str, &buf[*offset], len);
277
-    (*str)[len] = 0;                    /* null terminate */
278
-    *offset += len;
279
-end_pnt_str:
280
-    return len;
281
-}
282
-
283
-/**
284
- * Get the subject name (or the issuer) of a certificate.
285
- */
286
-static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
287
-{
288
-    int ret = X509_NOT_OK;
289
-    int dn_type;
290
-    char *tmp = NULL;
291
-
292
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
293
-        goto end_name;
294
-
295
-    while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
296
-    {
297
-        int i, found = 0;
298
-
299
-        if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
300
-               (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
301
-            goto end_name;
302
-
303
-        if (asn1_get_printable_str(cert, offset, &tmp) < 0)
304
-        {
305
-            free(tmp);
306
-            goto end_name;
307
-        }
308
-
309
-        /* find the distinguished named type */
310
-        for (i = 0; i < X509_NUM_DN_TYPES; i++)
311
-        {
312
-            if (dn_type == g_dn_types[i])
313
-            {
314
-                if (dn[i] == NULL)
315
-                {
316
-                    dn[i] = tmp;
317
-                    found = 1;
318
-                    break;
319
-                }
320
-            }
321
-        }
322
-
323
-        if (found == 0) /* not found so get rid of it */
324
-        {
325
-            free(tmp);
326
-        }
327
-    }
328
-
329
-    ret = X509_OK;
330
-end_name:
331
-    return ret;
332
-}
333
-
334
-/**
335
- * Read the modulus and public exponent of a certificate.
336
- */
337
-static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
338
-{
339
-    int ret = X509_NOT_OK, mod_len, pub_len;
340
-    uint8_t *modulus, *pub_exp;
341
-
342
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
343
-            asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
344
-            asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
345
-        goto end_pub_key;
346
-
347
-    (*offset)++;
348
-
349
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
350
-        goto end_pub_key;
351
-
352
-    mod_len = asn1_get_int(cert, offset, &modulus);
353
-    pub_len = asn1_get_int(cert, offset, &pub_exp);
354
-
355
-    RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
356
-
357
-    free(modulus);
358
-    free(pub_exp);
359
-    ret = X509_OK;
360
-
361
-end_pub_key:
362
-    return ret;
363
-}
364
-
365
-#ifdef CONFIG_SSL_CERT_VERIFICATION
366
-/**
367
- * Read the signature of the certificate.
368
- */
369
-static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
370
-{
371
-    int ret = X509_NOT_OK;
372
-
373
-    if (cert[(*offset)++] != ASN1_BIT_STRING)
374
-        goto end_sig;
375
-
376
-    x509_ctx->sig_len = get_asn1_length(cert, offset);
377
-    x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
378
-    memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
379
-    *offset += x509_ctx->sig_len;
380
-    ret = X509_OK;
381
-
382
-end_sig:
383
-    return ret;
384
-}
385
-
386
-/*
387
- * Compare 2 distinguished name components for equality 
388
- * @return 0 if a match
389
- */
390
-static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
391
-{
392
-    int ret = 1;
393
-
394
-    if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
395
-
396
-    ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
397
-
398
-err_no_match:
399
-    return ret;
400
-}
401
-
402
-/**
403
- * Clean up all of the CA certificates.
404
- */
405
-void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
406
-{
407
-    int i = 0;
408
-
409
-    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
410
-    {
411
-        x509_free(ca_cert_ctx->cert[i]);
412
-        ca_cert_ctx->cert[i++] = NULL;
413
-    }
414
-
415
-    free(ca_cert_ctx);
416
-}
417
-
418
-/*
419
- * Compare 2 distinguished names for equality 
420
- * @return 0 if a match
421
- */
422
-static int asn1_compare_dn(char * const dn1[], char * const dn2[])
423
-{
424
-    int i;
425
-
426
-    for (i = 0; i < X509_NUM_DN_TYPES; i++)
427
-    {
428
-        if (asn1_compare_dn_comp(dn1[i], dn2[i]))
429
-        {
430
-            return 1;
431
-        }
432
-    }
433
-
434
-    return 0;       /* all good */
435
-}
436
-
437
-/**
438
- * Retrieve the signature from a certificate.
439
- */
440
-const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
441
-{
442
-    int offset = 0;
443
-    const uint8_t *ptr = NULL;
444
-
445
-    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
446
-            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
447
-        goto end_get_sig;
448
-
449
-    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
450
-        goto end_get_sig;
451
-    *len = get_asn1_length(asn1_sig, &offset);
452
-    ptr = &asn1_sig[offset];          /* all ok */
453
-
454
-end_get_sig:
455
-    return ptr;
456
-}
457
-
458
-#endif
459
-
460
-/**
461
- * Read the signature type of the certificate. We only support RSA-MD5 and
462
- * RSA-SHA1 signature types.
463
- */
464
-static int asn1_signature_type(const uint8_t *cert, 
465
-                                int *offset, X509_CTX *x509_ctx)
466
-{
467
-    int ret = X509_NOT_OK, len;
468
-
469
-    if (cert[(*offset)++] != ASN1_OID)
470
-        goto end_check_sig;
471
-
472
-    len = get_asn1_length(cert, offset);
473
-
474
-    if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
475
-        goto end_check_sig;     /* unrecognised cert type */
476
-
477
-    x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
478
-
479
-    *offset += len;
480
-    if (asn1_skip_obj(cert, offset, ASN1_NULL))
481
-        goto end_check_sig;
482
-    ret = X509_OK;
483
-
484
-end_check_sig:
485
-    return ret;
486
-}
487
-
488
-/**
489
- * Construct a new x509 object.
490
- * @return 0 if ok. < 0 if there was a problem.
491
- */
492
-int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
493
-{
494
-    int begin_tbs, end_tbs;
495
-    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
496
-    X509_CTX *x509_ctx;
497
-    BI_CTX *bi_ctx;
498
-
499
-    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
500
-    x509_ctx = *ctx;
501
-
502
-    /* get the certificate size */
503
-    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
504
-
505
-    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
506
-        goto end_cert;
507
-
508
-    begin_tbs = offset;         /* start of the tbs */
509
-    end_tbs = begin_tbs;        /* work out the end of the tbs */
510
-    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
511
-
512
-    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
513
-        goto end_cert;
514
-
515
-    if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
516
-    {
517
-        if (asn1_version(cert, &offset, x509_ctx))
518
-            goto end_cert;
519
-    }
520
-
521
-    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
522
-            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
523
-        goto end_cert;
524
-
525
-    /* make sure the signature is ok */
526
-    if (asn1_signature_type(cert, &offset, x509_ctx))
527
-    {
528
-        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
529
-        goto end_cert;
530
-    }
531
-
532
-    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
533
-            asn1_validity(cert, &offset, x509_ctx) ||
534
-            asn1_name(cert, &offset, x509_ctx->cert_dn) ||
535
-            asn1_public_key(cert, &offset, x509_ctx))
536
-        goto end_cert;
537
-
538
-    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
539
-
540
-#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
541
-    /* use the appropriate signature algorithm (either SHA1 or MD5) */
542
-    if (x509_ctx->sig_type == SIG_TYPE_MD5)
543
-    {
544
-        MD5_CTX md5_ctx;
545
-        uint8_t md5_dgst[MD5_SIZE];
546
-        MD5Init(&md5_ctx);
547
-        MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
548
-        MD5Final(&md5_ctx, md5_dgst);
549
-        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
550
-    }
551
-    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
552
-    {
553
-        SHA1_CTX sha_ctx;
554
-        uint8_t sha_dgst[SHA1_SIZE];
555
-        SHA1Init(&sha_ctx);
556
-        SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
557
-        SHA1Final(&sha_ctx, sha_dgst);
558
-        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
559
-    }
560
-
561
-    offset = end_tbs;   /* skip the v3 data */
562
-    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
563
-            asn1_signature(cert, &offset, x509_ctx))
564
-        goto end_cert;
565
-#endif
566
-
567
-    if (len)
568
-    {
569
-        *len = cert_size;
570
-    }
571
-
572
-    ret = X509_OK;
573
-end_cert:
574
-
575
-#ifdef CONFIG_SSL_FULL_MODE
576
-    if (ret)
577
-    {
578
-        printf("Error: Invalid X509 ASN.1 file\n");
579
-    }
580
-#endif
581
-
582
-    return ret;
583
-}
584
-
585
-/**
586
- * Free an X.509 object's resources.
587
- */
588
-void x509_free(X509_CTX *x509_ctx)
589
-{
590
-    X509_CTX *next;
591
-    int i;
592
-
593
-    if (x509_ctx == NULL)       /* if already null, then don't bother */
594
-        return;
595
-
596
-    for (i = 0; i < X509_NUM_DN_TYPES; i++)
597
-    {
598
-        free(x509_ctx->ca_cert_dn[i]);
599
-        free(x509_ctx->cert_dn[i]);
600
-    }
601
-
602
-    free(x509_ctx->signature);
603
-
604
-#ifdef CONFIG_SSL_CERT_VERIFICATION 
605
-    if (x509_ctx->digest)
606
-    {
607
-        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
608
-    }
609
-#endif
610
-
611
-    RSA_free(x509_ctx->rsa_ctx);
612
-
613
-    next = x509_ctx->next;
614
-    free(x509_ctx);
615
-    x509_free(next);        /* clear the chain */
616
-}
617
-
618
-#ifdef CONFIG_SSL_CERT_VERIFICATION
619
-/**
620
- * Do some basic checks on the certificate chain.
621
- *
622
- * Certificate verification consists of a number of checks:
623
- * - A root certificate exists in the certificate store.
624
- * - The date of the certificate is after the start date.
625
- * - The date of the certificate is before the finish date.
626
- * - The certificate chain is valid.
627
- * - That the certificate(s) are not self-signed.
628
- * - The signature of the certificate is valid.
629
- */
630
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
631
-{
632
-    int ret = X509_OK, i = 0;
633
-    bigint *cert_sig;
634
-    X509_CTX *next_cert = NULL;
635
-    BI_CTX *ctx;
636
-    bigint *mod, *expn;
637
-    struct timeval tv;
638
-    int match_ca_cert = 0;
639
-
640
-    if (cert == NULL || ca_cert_ctx == NULL)
641
-    {
642
-        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
643
-        goto end_verify;
644
-    }
645
-
646
-    /* last cert in the chain - look for a trusted cert */
647
-    if (cert->next == NULL)
648
-    {
649
-        while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
650
-        {
651
-            if (asn1_compare_dn(cert->ca_cert_dn,
652
-                                        ca_cert_ctx->cert[i]->cert_dn) == 0)
653
-            {
654
-                match_ca_cert = 1;
655
-                break;
656
-            }
657
-
658
-            i++;
659
-        }
660
-
661
-        if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
662
-        {
663
-            next_cert = ca_cert_ctx->cert[i];
664
-        }
665
-        else    /* trusted cert not found */
666
-        {
667
-            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
668
-            goto end_verify;
669
-        }
670
-    }
671
-    else
672
-    {
673
-        next_cert = cert->next;
674
-    }
675
-
676
-    gettimeofday(&tv, NULL);
677
-
678
-    /* check the not before date */
679
-    if (tv.tv_sec < cert->not_before)
680
-    {
681
-        ret = X509_VFY_ERROR_NOT_YET_VALID;
682
-        goto end_verify;
683
-    }
684
-
685
-    /* check the not after date */
686
-    if (tv.tv_sec > cert->not_after)
687
-    {
688
-        ret = X509_VFY_ERROR_EXPIRED;
689
-        goto end_verify;
690
-    }
691
-
692
-    /* check the chain integrity */
693
-    if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
694
-    {
695
-        ret = X509_VFY_ERROR_INVALID_CHAIN;
696
-        goto end_verify;
697
-    }
698
-
699
-    /* check for self-signing */
700
-    if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
701
-    {
702
-        ret = X509_VFY_ERROR_SELF_SIGNED;
703
-        goto end_verify;
704
-    }
705
-
706
-    /* check the signature */
707
-    ctx = cert->rsa_ctx->bi_ctx;
708
-    mod = next_cert->rsa_ctx->m;
709
-    expn = next_cert->rsa_ctx->e;
710
-    cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len, 
711
-            bi_clone(ctx, mod), bi_clone(ctx, expn));
712
-
713
-    if (cert_sig)
714
-    {
715
-        ret = cert->digest ?    /* check the signature */
716
-            bi_compare(cert_sig, cert->digest) :
717
-            X509_VFY_ERROR_UNSUPPORTED_DIGEST;
718
-        bi_free(ctx, cert_sig);
719
-
720
-        if (ret)
721
-            goto end_verify;
722
-    }
723
-    else
724
-    {
725
-        ret = X509_VFY_ERROR_BAD_SIGNATURE;
726
-        goto end_verify;
727
-    }
728
-
729
-    /* go down the certificate chain using recursion. */
730
-    if (ret == 0 && cert->next)
731
-    {
732
-        ret = x509_verify(ca_cert_ctx, next_cert);
733
-    }
734
-
735
-end_verify:
736
-    return ret;
737
-}
738
-#endif
739
-
740
-#if defined (CONFIG_SSL_FULL_MODE)
741
-/**
742
- * Used for diagnostics.
743
- */
744
-void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
745
-{
746
-    if (cert == NULL)
747
-        return;
748
-
749
-    printf("----------------   CERT DEBUG   ----------------\n");
750
-    printf("* CA Cert Distinguished Name\n");
751
-    if (cert->ca_cert_dn[X509_COMMON_NAME])
752
-    {
753
-        printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
754
-    }
755
-
756
-    if (cert->ca_cert_dn[X509_ORGANIZATION])
757
-    {
758
-        printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
759
-    }
760
-
761
-    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
762
-    {
763
-        printf("Organizational Unit (OU): %s\n", 
764
-                cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
765
-    }
766
-
767
-    printf("* Cert Distinguished Name\n");
768
-    if (cert->cert_dn[X509_COMMON_NAME])
769
-    {
770
-        printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
771
-    }
772
-
773
-    if (cert->cert_dn[X509_ORGANIZATION])
774
-    {
775
-        printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
776
-    }
777
-
778
-    if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
779
-    {
780
-        printf("Organizational Unit (OU): %s\n", 
781
-                cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
782
-    }
783
-
784
-    printf("Not Before:\t\t%s", ctime(&cert->not_before));
785
-    printf("Not After:\t\t%s", ctime(&cert->not_after));
786
-    printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
787
-    printf("Sig Type:\t\t");
788
-    switch (cert->sig_type)
789
-    {
790
-        case SIG_TYPE_MD5:
791
-            printf("MD5\n");
792
-            break;
793
-        case SIG_TYPE_SHA1:
794
-            printf("SHA1\n");
795
-            break;
796
-        case SIG_TYPE_MD2:
797
-            printf("MD2\n");
798
-            break;
799
-        default:
800
-            printf("Unrecognized: %d\n", cert->sig_type);
801
-            break;
802
-    }
803
-
804
-    printf("Verify:\t\t\t");
805
-
806
-    if (ca_cert_ctx)
807
-    {
808
-        x509_display_error(x509_verify(ca_cert_ctx, cert));
809
-    }
810
-
811
-    printf("\n");
812
-#if 0
813
-    print_blob("Signature", cert->signature, cert->sig_len);
814
-    bi_print("Modulus", cert->rsa_ctx->m);
815
-    bi_print("Pub Exp", cert->rsa_ctx->e);
816
-#endif
817
-
818
-    if (ca_cert_ctx)
819
-    {
820
-        x509_print(ca_cert_ctx, cert->next);
821
-    }
822
-}
823
-
824
-void x509_display_error(int error)
825
-{
826
-    switch (error)
827
-    {
828
-        case X509_NOT_OK:
829
-            printf("X509 not ok");
830
-            break;
831
-
832
-        case X509_VFY_ERROR_NO_TRUSTED_CERT:
833
-            printf("No trusted cert is available");
834
-            break;
835
-
836
-        case X509_VFY_ERROR_BAD_SIGNATURE:
837
-            printf("Bad signature");
838
-            break;
839
-
840
-        case X509_VFY_ERROR_NOT_YET_VALID:
841
-            printf("Cert is not yet valid");
842
-            break;
843
-
844
-        case X509_VFY_ERROR_EXPIRED:
845
-            printf("Cert has expired");
846
-            break;
847
-
848
-        case X509_VFY_ERROR_SELF_SIGNED:
849
-            printf("Cert is self-signed");
850
-            break;
851
-
852
-        case X509_VFY_ERROR_INVALID_CHAIN:
853
-            printf("Chain is invalid (check order of certs)");
854
-            break;
855
-
856
-        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
857
-            printf("Unsupported digest");
858
-            break;
859
-
860
-        case X509_INVALID_PRIV_KEY:
861
-            printf("Invalid private key");
862
-            break;
863
-    }
864
-}
865
-#endif      /* CONFIG_SSL_FULL_MODE */
866
-
867
-#endif

+ 181
- 0
src/crypto/x509.c View File

@@ -0,0 +1,181 @@
1
+/*
2
+ * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
3
+ *
4
+ * This program is free software; you can redistribute it and/or
5
+ * modify it under the terms of the GNU General Public License as
6
+ * published by the Free Software Foundation; either version 2 of the
7
+ * License, or any later version.
8
+ *
9
+ * This program is distributed in the hope that it will be useful, but
10
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12
+ * General Public License for more details.
13
+ *
14
+ * You should have received a copy of the GNU General Public License
15
+ * along with this program; if not, write to the Free Software
16
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17
+ */
18
+
19
+#include <stdlib.h>
20
+#include <string.h>
21
+#include <errno.h>
22
+#include <gpxe/asn1.h>
23
+#include <gpxe/x509.h>
24
+
25
+/** @file
26
+ *
27
+ * X.509 certificates
28
+ *
29
+ * The structure of X.509v3 certificates is concisely documented in
30
+ * RFC5280 section 4.1.  The structure of RSA public keys is
31
+ * documented in RFC2313.
32
+ */
33
+
34
+/** Object Identifier for "rsaEncryption" (1.2.840.113549.1.1.1) */
35
+static const uint8_t oid_rsa_encryption[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
36
+					      0x0d, 0x01, 0x01, 0x01 };
37
+
38
+/**
39
+ * Identify X.509 certificate public key
40
+ *
41
+ * @v certificate	Certificate
42
+ * @v algorithm		Public key algorithm to fill in
43
+ * @v pubkey		Public key value to fill in
44
+ * @ret rc		Return status code
45
+ */
46
+static int x509_public_key ( const struct asn1_cursor *certificate,
47
+			     struct asn1_cursor *algorithm,
48
+			     struct asn1_cursor *pubkey ) {
49
+	struct asn1_cursor cursor;
50
+	int rc;
51
+
52
+	/* Locate subjectPublicKeyInfo */
53
+	memcpy ( &cursor, certificate, sizeof ( cursor ) );
54
+	rc = ( asn1_enter ( &cursor, ASN1_SEQUENCE ), /* Certificate */
55
+	       asn1_enter ( &cursor, ASN1_SEQUENCE ), /* tbsCertificate */
56
+	       asn1_skip ( &cursor, ASN1_EXPLICIT_TAG ), /* version */
57
+	       asn1_skip ( &cursor, ASN1_INTEGER ), /* serialNumber */
58
+	       asn1_skip ( &cursor, ASN1_SEQUENCE ), /* signature */
59
+	       asn1_skip ( &cursor, ASN1_SEQUENCE ), /* issuer */
60
+	       asn1_skip ( &cursor, ASN1_SEQUENCE ), /* validity */
61
+	       asn1_skip ( &cursor, ASN1_SEQUENCE ), /* name */
62
+	       asn1_enter ( &cursor, ASN1_SEQUENCE )/* subjectPublicKeyInfo*/);
63
+	if ( rc != 0 ) {
64
+		DBG ( "Cannot locate subjectPublicKeyInfo in:\n" );
65
+		DBG_HDA ( 0, certificate->data, certificate->len );
66
+		return rc;
67
+	}
68
+
69
+	/* Locate algorithm */
70
+	memcpy ( algorithm, &cursor, sizeof ( *algorithm ) );
71
+	rc = ( asn1_enter ( algorithm, ASN1_SEQUENCE ) /* algorithm */ );
72
+	if ( rc != 0 ) {
73
+		DBG ( "Cannot locate algorithm in:\n" );
74
+		DBG_HDA ( 0, certificate->data, certificate->len );
75
+		return rc;
76
+	}
77
+
78
+	/* Locate subjectPublicKey */
79
+	memcpy ( pubkey, &cursor, sizeof ( *pubkey ) );
80
+	rc = ( asn1_skip ( pubkey, ASN1_SEQUENCE ), /* algorithm */
81
+	       asn1_enter ( pubkey, ASN1_BIT_STRING ) /* subjectPublicKey*/ );
82
+	if ( rc != 0 ) {
83
+		DBG ( "Cannot locate subjectPublicKey in:\n" );
84
+		DBG_HDA ( 0, certificate->data, certificate->len );
85
+		return rc;
86
+	}
87
+
88
+	return 0;
89
+}
90
+
91
+/**
92
+ * Identify X.509 certificate RSA modulus and public exponent
93
+ *
94
+ * @v certificate	Certificate
95
+ * @v rsa		RSA public key to fill in
96
+ * @ret rc		Return status code
97
+ *
98
+ * The caller is responsible for eventually calling
99
+ * x509_free_rsa_public_key() to free the storage allocated to hold
100
+ * the RSA modulus and exponent.
101
+ */
102
+int x509_rsa_public_key ( const struct asn1_cursor *certificate,
103
+			  struct x509_rsa_public_key *rsa_pubkey ) {
104
+	struct asn1_cursor algorithm;
105
+	struct asn1_cursor pubkey;
106
+	struct asn1_cursor modulus;
107
+	struct asn1_cursor exponent;
108
+	int rc;
109
+
110
+	/* First, extract the public key algorithm and key data */
111
+	if ( ( rc = x509_public_key ( certificate, &algorithm,
112
+				      &pubkey ) ) != 0 )
113
+		return rc;
114
+
115
+	/* Check that algorithm is RSA */
116
+	rc = ( asn1_enter ( &algorithm, ASN1_OID ) /* algorithm */ );
117
+	if ( rc != 0 ) {
118
+		DBG ( "Cannot locate algorithm:\n" );
119
+		DBG_HDA ( 0, certificate->data, certificate->len );
120
+	return rc;
121
+	}
122
+	if ( ( algorithm.len != sizeof ( oid_rsa_encryption ) ) ||
123
+	     ( memcmp ( algorithm.data, &oid_rsa_encryption,
124
+			sizeof ( oid_rsa_encryption ) ) != 0 ) ) {
125
+		DBG ( "algorithm is not rsaEncryption in:\n" );
126
+		DBG_HDA ( 0, certificate->data, certificate->len );
127
+		return -ENOTSUP;
128
+	}
129
+
130
+	/* Check that public key is a byte string, i.e. that the
131
+	 * "unused bits" byte contains zero.
132
+	 */
133
+	if ( ( pubkey.len < 1 ) ||
134
+	     ( ( *( uint8_t * ) pubkey.data ) != 0 ) ) {
135
+		DBG ( "subjectPublicKey is not a byte string in:\n" );
136
+		DBG_HDA ( 0, certificate->data, certificate->len );
137
+		return -ENOTSUP;
138
+	}
139
+	pubkey.data++;
140
+	pubkey.len--;
141
+
142
+	/* Pick out the modulus and exponent */
143
+	rc = ( asn1_enter ( &pubkey, ASN1_SEQUENCE ) /* RSAPublicKey */ );
144
+	if ( rc != 0 ) {
145
+		DBG ( "Cannot locate RSAPublicKey in:\n" );
146
+		DBG_HDA ( 0, certificate->data, certificate->len );
147
+		return -ENOTSUP;
148
+	}
149
+	memcpy ( &modulus, &pubkey, sizeof ( modulus ) );
150
+	rc = ( asn1_enter ( &modulus, ASN1_INTEGER ) /* modulus */ );
151
+	if ( rc != 0 ) {
152
+		DBG ( "Cannot locate modulus in:\n" );
153
+		DBG_HDA ( 0, certificate->data, certificate->len );
154
+		return -ENOTSUP;
155
+	}
156
+	memcpy ( &exponent, &pubkey, sizeof ( exponent ) );
157
+	rc = ( asn1_skip ( &exponent, ASN1_INTEGER ), /* modulus */
158
+	       asn1_enter ( &exponent, ASN1_INTEGER ) /* publicExponent */ );
159
+	if ( rc != 0 ) {
160
+		DBG ( "Cannot locate publicExponent in:\n" );
161
+		DBG_HDA ( 0, certificate->data, certificate->len );
162
+		return -ENOTSUP;
163
+	}
164
+
165
+	/* Allocate space and copy out modulus and exponent */
166
+	rsa_pubkey->modulus = malloc ( modulus.len + exponent.len );
167
+	if ( ! rsa_pubkey->modulus )
168
+		return -ENOMEM;
169
+	rsa_pubkey->exponent = ( rsa_pubkey->modulus + modulus.len );
170
+	memcpy ( rsa_pubkey->modulus, modulus.data, modulus.len );
171
+	rsa_pubkey->modulus_len = modulus.len;
172
+	memcpy ( rsa_pubkey->exponent, exponent.data, exponent.len );
173
+	rsa_pubkey->exponent_len = exponent.len;
174
+
175
+	DBG2 ( "RSA modulus:\n" );
176
+	DBG2_HDA ( 0, rsa_pubkey->modulus, rsa_pubkey->modulus_len );
177
+	DBG2 ( "RSA exponent:\n" );
178
+	DBG2_HDA ( 0, rsa_pubkey->exponent, rsa_pubkey->exponent_len );
179
+
180
+	return 0;
181
+}

+ 3
- 3
src/include/gpxe/asn1.h View File

@@ -21,12 +21,12 @@
21 21
  */
22 22
 struct asn1_cursor {
23 23
 	/** Start of data */
24
-	uint8_t *data;
24
+	void *data;
25 25
 	/** Length of data */
26 26
 	size_t len;
27 27
 };
28 28
 
29
-extern int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type );
30
-extern int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type );
29
+extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type );
30
+extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type );
31 31
 
32 32
 #endif /* _GPXE_ASN1_H */

+ 1
- 0
src/include/gpxe/errfile.h View File

@@ -168,6 +168,7 @@
168 168
 #define ERRFILE_smbios_settings	      ( ERRFILE_OTHER | 0x00130000 )
169 169
 #define ERRFILE_efi_smbios	      ( ERRFILE_OTHER | 0x00140000 )
170 170
 #define ERRFILE_pxemenu		      ( ERRFILE_OTHER | 0x00150000 )
171
+#define ERRFILE_x509		      ( ERRFILE_OTHER | 0x00160000 )
171 172
 
172 173
 /** @} */
173 174
 

+ 2
- 4
src/include/gpxe/tls.h View File

@@ -14,6 +14,7 @@
14 14
 #include <gpxe/crypto.h>
15 15
 #include <gpxe/md5.h>
16 16
 #include <gpxe/sha1.h>
17
+#include <gpxe/x509.h>
17 18
 
18 19
 /** A TLS header */
19 20
 struct tls_header {
@@ -157,10 +158,7 @@ struct tls_session {
157 158
 	uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
158 159
 
159 160
 	/** Hack: server RSA public key */
160
-	uint8_t *rsa_mod;
161
-	size_t rsa_mod_len;
162
-	uint8_t *rsa_pub_exp;
163
-	size_t rsa_pub_exp_len;
161
+	struct x509_rsa_public_key rsa;
164 162
 
165 163
 	/** TX sequence number */
166 164
 	uint64_t tx_seq;

+ 39
- 0
src/include/gpxe/x509.h View File

@@ -0,0 +1,39 @@
1
+#ifndef _GPXE_X509_H
2
+#define _GPXE_X509_H
3
+
4
+/** @file
5
+ *
6
+ * X.509 certificates
7
+ *
8
+ */
9
+
10
+#include <stdint.h>
11
+
12
+struct asn1_cursor;
13
+
14
+/** An X.509 RSA public key */
15
+struct x509_rsa_public_key {
16
+	/** Modulus */
17
+	uint8_t *modulus;
18
+	/** Modulus length */
19
+	size_t modulus_len;
20
+	/** Exponent */
21
+	uint8_t *exponent;
22
+	/** Exponent length */
23
+	size_t exponent_len;
24
+};
25
+
26
+/**
27
+ * Free X.509 RSA public key
28
+ *
29
+ * @v rsa_pubkey	RSA public key
30
+ */
31
+static inline void
32
+x509_free_rsa_public_key ( struct x509_rsa_public_key *rsa_pubkey ) {
33
+	free ( rsa_pubkey->modulus );
34
+}
35
+
36
+extern int x509_rsa_public_key ( const struct asn1_cursor *certificate,
37
+				 struct x509_rsa_public_key *rsa_pubkey );
38
+
39
+#endif /* _GPXE_X509_H */

+ 110
- 67
src/net/tls.c View File

@@ -36,6 +36,8 @@
36 36
 #include <gpxe/xfer.h>
37 37
 #include <gpxe/open.h>
38 38
 #include <gpxe/filter.h>
39
+#include <gpxe/asn1.h>
40
+#include <gpxe/x509.h>
39 41
 #include <gpxe/tls.h>
40 42
 
41 43
 static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
@@ -43,6 +45,33 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
43 45
 static void tls_clear_cipher ( struct tls_session *tls,
44 46
 			       struct tls_cipherspec *cipherspec );
45 47
 
48
+/******************************************************************************
49
+ *
50
+ * Utility functions
51
+ *
52
+ ******************************************************************************
53
+ */
54
+
55
+/**
56
+ * Extract 24-bit field value
57
+ *
58
+ * @v field24		24-bit field
59
+ * @ret value		Field value
60
+ *
61
+ * TLS uses 24-bit integers in several places, which are awkward to
62
+ * parse in C.
63
+ */
64
+static unsigned long tls_uint24 ( uint8_t field24[3] ) {
65
+	return ( ( field24[0] << 16 ) + ( field24[1] << 8 ) + field24[2] );
66
+}
67
+
68
+/******************************************************************************
69
+ *
70
+ * Cleanup functions
71
+ *
72
+ ******************************************************************************
73
+ */
74
+
46 75
 /**
47 76
  * Free TLS session
48 77
  *
@@ -57,8 +86,7 @@ static void free_tls ( struct refcnt *refcnt ) {
57 86
 	tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
58 87
 	tls_clear_cipher ( tls, &tls->rx_cipherspec );
59 88
 	tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
60
-	free ( tls->rsa_mod );
61
-	free ( tls->rsa_pub_exp );
89
+	x509_free_rsa_public_key ( &tls->rsa );
62 90
 	free ( tls->rx_data );
63 91
 
64 92
 	/* Free TLS structure itself */
@@ -622,8 +650,8 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
622 650
 static int tls_send_client_key_exchange ( struct tls_session *tls ) {
623 651
 	/* FIXME: Hack alert */
624 652
 	RSA_CTX *rsa_ctx;
625
-	RSA_pub_key_new ( &rsa_ctx, tls->rsa_mod, tls->rsa_mod_len,
626
-			  tls->rsa_pub_exp, tls->rsa_pub_exp_len );
653
+	RSA_pub_key_new ( &rsa_ctx, tls->rsa.modulus, tls->rsa.modulus_len,
654
+			  tls->rsa.exponent, tls->rsa.exponent_len );
627 655
 	struct {
628 656
 		uint32_t type_length;
629 657
 		uint16_t encrypted_pre_master_secret_len;
@@ -641,8 +669,8 @@ static int tls_send_client_key_exchange ( struct tls_session *tls ) {
641 669
 	DBGC ( tls, "RSA encrypting plaintext, modulus, exponent:\n" );
642 670
 	DBGC_HD ( tls, &tls->pre_master_secret,
643 671
 		  sizeof ( tls->pre_master_secret ) );
644
-	DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len );
645
-	DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len );
672
+	DBGC_HD ( tls, tls->rsa.modulus, tls->rsa.modulus_len );
673
+	DBGC_HD ( tls, tls->rsa.exponent, tls->rsa.exponent_len );
646 674
 	RSA_encrypt ( rsa_ctx, ( const uint8_t * ) &tls->pre_master_secret,
647 675
 		      sizeof ( tls->pre_master_secret ),
648 676
 		      key_xchg.encrypted_pre_master_secret, 0 );
@@ -761,17 +789,16 @@ static int tls_new_alert ( struct tls_session *tls, void *data, size_t len ) {
761 789
 }
762 790
 
763 791
 /**
764
- * Receive new Server Hello record
792
+ * Receive new Server Hello handshake record
765 793
  *
766 794
  * @v tls		TLS session
767
- * @v data		Plaintext record
768
- * @v len		Length of plaintext record
795
+ * @v data		Plaintext handshake record
796
+ * @v len		Length of plaintext handshake record
769 797
  * @ret rc		Return status code
770 798
  */
771 799
 static int tls_new_server_hello ( struct tls_session *tls,
772 800
 				  void *data, size_t len ) {
773 801
 	struct {
774
-		uint32_t type_length;
775 802
 		uint16_t version;
776 803
 		uint8_t random[32];
777 804
 		uint8_t session_id_len;
@@ -818,72 +845,74 @@ static int tls_new_server_hello ( struct tls_session *tls,
818 845
 }
819 846
 
820 847
 /**
821
- * Receive new Certificate record
848
+ * Receive new Certificate handshake record
822 849
  *
823 850
  * @v tls		TLS session
824
- * @v data		Plaintext record
825
- * @v len		Length of plaintext record
851
+ * @v data		Plaintext handshake record
852
+ * @v len		Length of plaintext handshake record
826 853
  * @ret rc		Return status code
827 854
  */
828 855
 static int tls_new_certificate ( struct tls_session *tls,
829 856
 				 void *data, size_t len ) {
830 857
 	struct {
831
-		uint32_t type_length;
832 858
 		uint8_t length[3];
833
-		uint8_t first_cert_length[3];
834
-		uint8_t asn1_start[0];
859
+		uint8_t certificates[0];
835 860
 	} __attribute__ (( packed )) *certificate = data;
836
-	uint8_t *cert = certificate->asn1_start;
837
-	int offset = 0;
838
-
839
-	/* FIXME */
840
-	(void) len;
841
-
842
-	if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
843
-	    asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
844
-            asn1_skip_obj(cert, &offset, ASN1_EXPLICIT_TAG) ||
845
-            asn1_skip_obj(cert, &offset, ASN1_INTEGER) ||
846
-            asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
847
-            asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
848
-            asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
849
-            asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
850
-	    asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
851
-            asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
852
-            asn1_next_obj(cert, &offset, ASN1_BIT_STRING) < 0) {
853
-		DBGC ( tls, "TLS %p invalid certificate\n", tls );
854
-		DBGC_HD ( tls, cert + offset, 64 );
855
-		return -EPERM;
856
-	}
857
-	
858
-	offset++;
859
-	
860
-	if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) {
861
-		DBGC ( tls, "TLS %p invalid certificate\n", tls );
862
-		DBGC_HD ( tls, cert + offset, 64 );
863
-		return -EPERM;
861
+	struct {
862
+		uint8_t length[3];
863
+		uint8_t certificate[0];
864
+	} __attribute__ (( packed )) *element =
865
+		  ( ( void * ) certificate->certificates );
866
+	size_t elements_len = tls_uint24 ( certificate->length );
867
+	void *end = ( certificate->certificates + elements_len );
868
+	struct asn1_cursor cursor;
869
+	int rc;
870
+
871
+	/* Sanity check */
872
+	if ( end != ( data + len ) ) {
873
+		DBGC ( tls, "TLS %p received overlength Server Certificate\n",
874
+		       tls );
875
+		DBGC_HD ( tls, data, len );
876
+		return -EINVAL;
864 877
 	}
865
-	
866
-	tls->rsa_mod_len = asn1_get_int(cert, &offset, &tls->rsa_mod);
867
-	tls->rsa_pub_exp_len = asn1_get_int(cert, &offset, &tls->rsa_pub_exp);
868
-	
869
-	DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len );
870
-	DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len );
871 878
 
872
-	return 0;
879
+	/* Traverse certificate chain */
880
+	do {
881
+		cursor.data = element->certificate;
882
+		cursor.len = tls_uint24 ( element->length );
883
+		if ( ( cursor.data + cursor.len ) > end ) {
884
+			DBGC ( tls, "TLS %p received corrupt Server "
885
+			       "Certificate\n", tls );
886
+			DBGC_HD ( tls, data, len );
887
+			return -EINVAL;
888
+		}
889
+
890
+		// HACK
891
+		if ( ( rc = x509_rsa_public_key ( &cursor,
892
+						  &tls->rsa ) ) != 0 ) {
893
+			DBGC ( tls, "TLS %p cannot determine RSA public key: "
894
+			       "%s\n", tls, strerror ( rc ) );
895
+			return rc;
896
+		}
897
+		return 0;
898
+
899
+		element = ( cursor.data + cursor.len );
900
+	} while ( element != end );
901
+
902
+	return -EINVAL;
873 903
 }
874 904
 
875 905
 /**
876
- * Receive new Server Hello Done record
906
+ * Receive new Server Hello Done handshake record
877 907
  *
878 908
  * @v tls		TLS session
879
- * @v data		Plaintext record
880
- * @v len		Length of plaintext record
909
+ * @v data		Plaintext handshake record
910
+ * @v len		Length of plaintext handshake record
881 911
  * @ret rc		Return status code
882 912
  */
883 913
 static int tls_new_server_hello_done ( struct tls_session *tls,
884 914
 				       void *data, size_t len ) {
885 915
 	struct {
886
-		uint32_t type_length;
887 916
 		char next[0];
888 917
 	} __attribute__ (( packed )) *hello_done = data;
889 918
 	void *end = hello_done->next;
@@ -910,11 +939,11 @@ static int tls_new_server_hello_done ( struct tls_session *tls,
910 939
 }
911 940
 
912 941
 /**
913
- * Receive new Finished record
942
+ * Receive new Finished handshake record
914 943
  *
915 944
  * @v tls		TLS session
916
- * @v data		Plaintext record
917
- * @v len		Length of plaintext record
945
+ * @v data		Plaintext handshake record
946
+ * @v len		Length of plaintext handshake record
918 947
  * @ret rc		Return status code
919 948
  */
920 949
 static int tls_new_finished ( struct tls_session *tls,
@@ -937,33 +966,47 @@ static int tls_new_finished ( struct tls_session *tls,
937 966
  */
938 967
 static int tls_new_handshake ( struct tls_session *tls,
939 968
 			       void *data, size_t len ) {
940
-	uint8_t *type = data;
969
+	struct {
970
+		uint8_t type;
971
+		uint8_t length[3];
972
+		uint8_t payload[0];
973
+	} __attribute__ (( packed )) *handshake = data;
974
+	void *payload = &handshake->payload;
975
+	size_t payload_len = tls_uint24 ( handshake->length );
976
+	void *end = ( payload + payload_len );
941 977
 	int rc;
942 978
 
943
-	switch ( *type ) {
979
+	/* Sanity check */
980
+	if ( end != ( data + len ) ) {
981
+		DBGC ( tls, "TLS %p received overlength Handshake\n", tls );
982
+		DBGC_HD ( tls, data, len );
983
+		return -EINVAL;
984
+	}
985
+
986
+	switch ( handshake->type ) {
944 987
 	case TLS_SERVER_HELLO:
945
-		rc = tls_new_server_hello ( tls, data, len );
988
+		rc = tls_new_server_hello ( tls, payload, payload_len );
946 989
 		break;
947 990
 	case TLS_CERTIFICATE:
948
-		rc = tls_new_certificate ( tls, data, len );
991
+		rc = tls_new_certificate ( tls, payload, payload_len );
949 992
 		break;
950 993
 	case TLS_SERVER_HELLO_DONE:
951
-		rc = tls_new_server_hello_done ( tls, data, len );
994
+		rc = tls_new_server_hello_done ( tls, payload, payload_len );
952 995
 		break;
953 996
 	case TLS_FINISHED:
954
-		rc = tls_new_finished ( tls, data, len );
997
+		rc = tls_new_finished ( tls, payload, payload_len );
955 998
 		break;
956 999
 	default:
957 1000
 		DBGC ( tls, "TLS %p ignoring handshake type %d\n",
958
-		       tls, *type );
1001
+		       tls, handshake->type );
959 1002
 		rc = 0;
960 1003
 		break;
961 1004
 	}
962 1005
 
963 1006
 	/* Add to handshake digest (except for Hello Requests, which
964
-	 * are explicitly excludede).
1007
+	 * are explicitly excluded).
965 1008
 	 */
966
-	if ( *type != TLS_HELLO_REQUEST )
1009
+	if ( handshake->type != TLS_HELLO_REQUEST )
967 1010
 		tls_add_handshake ( tls, data, len );
968 1011
 
969 1012
 	return rc;

Loading…
Cancel
Save