diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 0ef6ceaa9..1874e36c8 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -398,8 +398,8 @@ CPU_INT32S NetSecure_ValidateDateHandler(CPU_INT08U *date, CPU_INT08U format, #endif /* MICRIUM */ -static int GetLength(const byte* input, word32* inOutIdx, int* len, - word32 maxIdx) +CYASSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx) { int length = 0; word32 i = *inOutIdx; @@ -1280,6 +1280,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) XMEMSET(cert->extAuthKeyId, 0, SHA_SIZE); cert->extAuthKeyIdSet = 0; cert->isCA = 0; +#ifdef HAVE_PKCS7 + cert->issuerRaw = NULL; + cert->issuerRawLen = 0; +#endif #ifdef CYASSL_CERT_GEN cert->subjectSN = 0; cert->subjectSNLen = 0; @@ -1611,6 +1615,12 @@ static int GetName(DecodedCert* cert, int nameType) length += cert->srcIdx; idx = 0; +#ifdef HAVE_PKCS7 + /* store pointer to raw issuer */ + cert->issuerRaw = &cert->source[cert->srcIdx]; + cert->issuerRawLen = length - cert->srcIdx; +#endif + while (cert->srcIdx < (word32)length) { byte b; byte joint[2]; @@ -2230,7 +2240,7 @@ static word32 BytePrecision(word32 value) } -static word32 SetLength(word32 length, byte* output) +CYASSL_LOCAL word32 SetLength(word32 length, byte* output) { word32 i = 0, j; @@ -2249,12 +2259,25 @@ static word32 SetLength(word32 length, byte* output) } -static word32 SetSequence(word32 len, byte* output) +CYASSL_LOCAL word32 SetSequence(word32 len, byte* output) { output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; return SetLength(len, output + 1) + 1; } +CYASSL_LOCAL word32 SetOctetString(word32 len, byte* output) +{ + output[0] = ASN_OCTET_STRING; + return SetLength(len, output + 1) + 1; +} + +/* Write a set header to output */ +CYASSL_LOCAL word32 SetSet(word32 len, byte* output) +{ + output[0] = ASN_SET | ASN_CONSTRUCTED; + return SetLength(len, output + 1) + 1; +} + #if defined(HAVE_ECC) && defined(CYASSL_CERT_GEN) @@ -2329,7 +2352,7 @@ static word32 SetCurve(ecc_key* key, byte* output) #endif /* HAVE_ECC && CYASSL_CERT_GEN */ -static word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) +CYASSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) { /* adding TAG_NULL and 0 to end */ @@ -2347,6 +2370,12 @@ static word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02, 0x05, 0x00}; + /* blkTypes */ + static const byte desCbcAlgoID[] = { 0x2B, 0x0E, 0x03, 0x02, 0x07, + 0x05, 0x00 }; + static const byte des3CbcAlgoID[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x03, 0x07, 0x05, 0x00}; + /* RSA sigTypes */ #ifndef NO_RSA static const byte md5wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, @@ -2430,6 +2459,21 @@ static word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) return 0; /* UNKOWN_HASH_E; */ } } + else if (type == blkType) { + switch (algoOID) { + case DESb: + algoSz = sizeof(desCbcAlgoID); + algoName = desCbcAlgoID; + break; + case DES3b: + algoSz = sizeof(des3CbcAlgoID); + algoName = des3CbcAlgoID; + break; + default: + CYASSL_MSG("Unknown Block Algo"); + return 0; + } + } else if (type == sigType) { /* sigType */ switch (algoOID) { #ifndef NO_RSA @@ -3534,9 +3578,7 @@ void FreeSignerTable(Signer** table, int rows, void* heap) } -#if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) - -static int SetMyVersion(word32 version, byte* output, int header) +CYASSL_LOCAL int SetMyVersion(word32 version, byte* output, int header) { int i = 0; @@ -3552,6 +3594,37 @@ static int SetMyVersion(word32 version, byte* output, int header) } +CYASSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output) +{ + int result = 0; + + CYASSL_ENTER("SetSerialNumber"); + + if (snSz <= EXTERNAL_SERIAL_SIZE) { + output[0] = ASN_INTEGER; + /* The serial number is always positive. When encoding the + * INTEGER, if the MSB is 1, add a padding zero to keep the + * number positive. */ + if (sn[0] & 0x80) { + output[1] = (byte)snSz + 1; + output[2] = 0; + XMEMCPY(&output[3], sn, snSz); + result = snSz + 3; + } + else { + output[1] = (byte)snSz; + XMEMCPY(&output[2], sn, snSz); + result = snSz + 2; + } + } + return result; +} + + + + +#if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) + /* convert der buffer to pem into output, can't do inplace, der and output need to be different */ int DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, @@ -3837,14 +3910,6 @@ typedef struct DerCert { } DerCert; -/* Write a set header to output */ -static word32 SetSet(word32 len, byte* output) -{ - output[0] = ASN_SET | ASN_CONSTRUCTED; - return SetLength(len, output + 1) + 1; -} - - #ifdef CYASSL_CERT_REQ /* Write a set header to output */ @@ -5785,33 +5850,6 @@ int OcspResponseDecode(OcspResponse* resp) } -static int SetSerialNumber(const byte* sn, word32 snSz, byte* output) -{ - int result = 0; - - CYASSL_ENTER("SetSerialNumber"); - - if (snSz <= EXTERNAL_SERIAL_SIZE) { - output[0] = ASN_INTEGER; - /* The serial number is always positive. When encoding the - * INTEGER, if the MSB is 1, add a padding zero to keep the - * number positive. */ - if (sn[0] & 0x80) { - output[1] = (byte)snSz + 1; - output[2] = 0; - XMEMCPY(&output[3], sn, snSz); - result = snSz + 3; - } - else { - output[1] = (byte)snSz; - XMEMCPY(&output[2], sn, snSz); - result = snSz + 2; - } - } - return result; -} - - static word32 SetOcspReqExtensions(word32 extSz, byte* output, const byte* nonce, word32 nonceSz) { diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index febef2432..121af0aef 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -126,6 +126,7 @@ enum Misc_ASN { MAX_ALGO_SZ = 20, MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ + MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */ @@ -161,7 +162,8 @@ enum Oid_Types { hashType = 0, sigType = 1, keyType = 2, - curveType = 3 + curveType = 3, + blkType = 4 }; @@ -175,6 +177,12 @@ enum Hash_Sum { }; +enum Block_Sum { + DESb = 69, + DES3b = 652 +}; + + enum Key_Sum { DSAk = 515, RSAk = 645, @@ -342,6 +350,10 @@ struct DecodedCert { int beforeDateLen; byte* afterDate; int afterDateLen; +#ifdef HAVE_PKCS7 + byte* issuerRaw; /* pointer to issuer inside source */ + int issuerRawLen; +#endif #if defined(CYASSL_CERT_GEN) /* easy access to subject info for other sign */ char* subjectSN; @@ -430,6 +442,17 @@ CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int); CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); +/* ASN.1 helper functions */ +CYASSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); +CYASSL_LOCAL word32 SetLength(word32 length, byte* output); +CYASSL_LOCAL word32 SetSequence(word32 len, byte* output); +CYASSL_LOCAL word32 SetOctetString(word32 len, byte* output); +CYASSL_LOCAL word32 SetSet(word32 len, byte* output); +CYASSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); +CYASSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); +CYASSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); + #ifdef HAVE_ECC /* ASN sig helpers */ CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,