mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ASN1 Template: stricter and simpler DER/BER parsing/construction 

Reduce debug output noise
This commit is contained in:
Sean Parkinson 2020-12-17 13:41:56 +10:00
parent 6ac03d41ef
commit d486b89c61
11 changed files with 13301 additions and 1349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
certs/renewcerts.sh
View File

@ -544,6 +544,16 @@ run_renewcerts(){
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## generate Ed25519 certificates ###################
############################################################
echo "Renewing Ed448 certificates"
cd ed25519
./gen-ed25519-certs.sh
cd ..
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## generate Ed448 certificates #####################
############################################################
@ -749,21 +759,6 @@ then
echo "changed directory to wolfssl root directory."
echo ""
echo ""
echo "Enter directory to ed25519 certificate generation example."
echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
read -r ED25519_DIR
if [ -d "${ED25519_DIR}" ]; then
pushd ./certs/ed25519 || { echo "Failed to push certs/ed25519";
exit 1; }
./gen-ed25519.sh "${ED25519_DIR}"
check_result $? "./gen-ed25519.sh"
popd || exit 1
else
echo "Unable to find directory ${ED25519_DIR}"
exit 1
fi
############################################################
########## update ntru if already installed ################
############################################################
@ -786,23 +781,11 @@ elif [ ! -z "$1" ]; then
if [ "$1" == "--override-ntru" ]; then
echo "overriding ntru, update all certs except ntru."
run_renewcerts
#valid argument create ed25519 certificates
elif [ "$1" == "--ed25519" ] || [ "$2" == "--ed25519" ]; then
echo ""
echo "Enter directory to ed25519 certificate generation example."
echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
read -r ED25519_DIR
pushd ./certs/ed25519 || { echo "failed to push ./certs/ed25519";
exit 1; }
./gen-ed25519.sh "${ED25519_DIR}"
check_result $? "./gen-ed25519.sh"
popd || exit 1
#valid argument print out other valid arguments
elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
echo ""
echo "\"no argument\" will attempt to update all certificates"
echo "--override-ntru updates all certificates except ntru"
echo "--ed25519 updates all ed25519 certificates"
echo "-h or -help display this menu"
echo ""
echo ""

6
configure.ac
View File

@ -2909,6 +2909,12 @@ AC_ARG_ENABLE([asn],
[ ENABLED_ASN=yes ]
)
if test "$ENABLED_ASN" = "template"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
ENABLED_ASN=yes
fi
if test "$ENABLED_ASN" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN"

69
src/ssl.c
View File

@ -21282,7 +21282,9 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
return;
}
if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("Freeing ASN1 data");
#endif
XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
obj->obj = NULL;
}
@ -21293,7 +21295,9 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
}
#endif
if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) {
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("Freeing ASN1 OBJECT");
#endif
XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
}
}
@ -22758,7 +22762,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
{
WOLFSSL_ASN1_STRING* asn1;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new");
#endif
asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
DYNAMIC_TYPE_OPENSSL);
@ -22807,7 +22813,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
/* used to free a WOLFSSL_ASN1_STRING structure */
void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
#endif
if (asn1 != NULL) {
if (asn1->length > 0 && asn1->data != NULL && asn1->isDynamic) {
@ -22866,7 +22874,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
{
WOLFSSL_ASN1_STRING* asn1;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new");
#endif
asn1 = wolfSSL_ASN1_STRING_new();
if (asn1 == NULL) {
@ -22887,7 +22897,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type");
#endif
if (asn1 == NULL) {
return WOLFSSL_FAILURE;
@ -22908,7 +22920,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
{
int sz;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set");
#endif
if (asn1 == NULL || (data == NULL && dataSz < 0)) {
return WOLFSSL_FAILURE;
@ -22970,7 +22984,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
#endif
if (asn) {
return (unsigned char*)asn->data;
@ -22983,7 +22999,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
#endif
if (asn) {
return asn->length;
@ -26130,6 +26148,7 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
int j;
unsigned int i = 0;
unsigned char tmp[sizeof(long)+1] = {0};
int pad = 0;
if (a != NULL) {
/* dynamically create data buffer, +2 for type and length */
@ -26169,11 +26188,19 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
v >>= 8;
}
/* 0 pad to indicate positive number when top bit set. */
if ((!a->negative) && (j > 0) && (tmp[j-1] & 0x80)) {
pad = 1;
}
/* Set length */
a->data[i++] = (unsigned char)((j == 0) ? ++j : j);
a->data[i++] = (unsigned char)(((j == 0) ? ++j : j) + pad);
/* +2 for type and length */
a->length = j + 2;
a->length = j + pad + 2;
/* Add padding if required. */
if (pad) {
a->data[i++] = 0;
}
/* Copy to data */
for (; j > 0; j--) {
a->data[i++] = tmp[j-1];
@ -40881,7 +40908,12 @@ cleanup:
defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
defined(OPENSSL_EXTRA))
/* Converts from NID_* value to wolfSSL value if needed */
/* Converts from NID_* value to wolfSSL value if needed.
*
* @param [in] nid Numeric Id of a domain name component.
* @return Domain name tag values - wolfSSL internal values.
* @return -1 when nid isn't known.
*/
static int ConvertNIDToWolfSSL(int nid)
{
switch (nid) {
@ -40937,8 +40969,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
/* type is set as UTF8 */
asn_out->type = MBSTRING_UTF8;
asn_out->length = wolfSSL_ASN1_STRING_to_UTF8(
(unsigned char**)&asn_out->data
, (WOLFSSL_ASN1_STRING*)asn_in);
(unsigned char**)&asn_out->data, (WOLFSSL_ASN1_STRING*)asn_in);
if (asn_out->length < 0) {
return WOLFSSL_FAILURE;
@ -41087,7 +41118,7 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
}
return totalBytes;
}
#endif
#endif /* OPENSSL_ALL */
/* Converts the x509 name structure into DER format.
*
@ -41197,7 +41228,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
/* check if using buffer passed in */
if (*out == NULL) {
*out = local = (unsigned char*)XMALLOC(totalBytes + idx, NULL,
*out = local = (unsigned char*)XMALLOC(totalBytes + idx, name->heap,
DYNAMIC_TYPE_OPENSSL);
if (*out == NULL) {
return MEMORY_E;
@ -42425,7 +42456,9 @@ err:
{
WOLFSSL_X509_NAME_ENTRY* ne;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()");
#endif
if (!data) {
WOLFSSL_MSG("Bad parameter");
@ -42560,7 +42593,9 @@ err:
WOLFSSL_X509_NAME_ENTRY* current = NULL;
int i;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()");
#endif
if (name == NULL || entry == NULL || entry->value == NULL) {
WOLFSSL_MSG("NULL argument passed in");
@ -42706,7 +42741,9 @@ err:
const char* sName = NULL;
int i;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj()");
#endif
for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) {
if (wolfssl_object_info[i].nid == id) {
@ -43197,7 +43234,9 @@ err:
word32 idx = 0;
int ret;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid");
#endif
if (o == NULL) {
return -1;
@ -43498,7 +43537,9 @@ err:
{
WOLFSSL_ASN1_OBJECT* obj = NULL;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
#endif
if (ne == NULL) return NULL;
obj = wolfSSL_OBJ_nid2obj_ex(ne->nid, ne->object);
if (obj != NULL) {
@ -43520,7 +43561,9 @@ err:
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
WOLFSSL_X509_NAME *name, int loc)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
#endif
if (name == NULL) {
return NULL;
@ -52133,7 +52176,9 @@ int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
{
byte dynamic = 0;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("Entering SetIndividualExternal");
#endif
if (mpi == NULL || bn == NULL) {
WOLFSSL_MSG("mpi NULL error");
@ -52173,7 +52218,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
WOLFSSL_BIGNUM* external;
mp_int* mpi;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_new");
#endif
#if !defined(USE_FAST_MATH) || defined(HAVE_WOLF_BIGINT)
mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
@ -52213,7 +52260,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn)
{
if(bn == NULL)return;
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_init");
#endif
InitwolfSSL_BigNum(bn);
if (mp_init(&bn->fp) != MP_OKAY)
return;
@ -52223,7 +52272,9 @@ void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn)
void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_free");
#endif
if (bn) {
if (bn->internal) {
mp_int* bni = (mp_int*)bn->internal;
@ -52241,7 +52292,9 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_clear_free");
#endif
if (bn) {
if (bn->internal) {
mp_int* bni = (mp_int*)bn->internal;
@ -52253,7 +52306,9 @@ void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
void wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
WOLFSSL_MSG("wolfSSL_BN_clear");
#endif
if (bn && bn->internal) {
mp_forcezero((mp_int*)bn->internal);
}

10
tests/api.c
View File

@ -18292,6 +18292,7 @@ static int test_wc_DsaKeyToPublicDer(void)
DsaKey genKey;
WC_RNG rng;
byte* der;
word32 sz;
printf(testingFmt, "wc_DsaKeyToPublicDer()");
@ -18315,11 +18316,16 @@ static int test_wc_DsaKeyToPublicDer(void)
if (ret == 0) {
ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
if (ret >= 0) {
sz = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
word32 idx = 0;
ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
}
/* Test bad args. */
if (ret == 0) {
@ -24023,7 +24029,7 @@ static int test_ToTraditional (void)
}
if (ret == 0) {
ret = ToTraditional(input, 0);
if (ret == ASN_PARSE_E) {
if (ret == ASN_PARSE_E || ret == BUFFER_E) {
ret = 0;
}
}
@ -28532,7 +28538,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif /* !HAVE_ECC && !NO_FILESYSTEM */
#endif
#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
{

13393
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

4
wolfcrypt/src/pkcs7.c
View File

@ -4277,8 +4277,8 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
idx += length;
}
/* Get digestEncryptionAlgorithm */
if (ret == 0 && GetAlgoId(in, &idx, &sigOID, oidSigType, inSz) < 0) {
/* Get digestEncryptionAlgorithm - key type or signature type */
if (ret == 0 && GetAlgoId(in, &idx, &sigOID, oidIgnoreType, inSz) < 0) {
ret = ASN_PARSE_E;
}

181
wolfcrypt/test/test.c
View File

@ -12229,7 +12229,7 @@ static byte minDates[] = {
0x32, 0x33, 0x31, 0x30, 0x5a
};
static byte minPubKey[] = {
0x30, 0x1b,
0x30, 0x1c,
0x30, 0x0d,
0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
@ -12619,7 +12619,7 @@ WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void)
}
if (ret == 0) {
if (wc_InitCert(&cert)) {
if (wc_InitCert_ex(&cert, HEAP_HINT, devId)) {
ret = -7602;
}
}
@ -13168,30 +13168,44 @@ static int rsa_decode_test(RsaKey* keyPub)
WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00,
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
0x30, 0x1a, 0x30, 0x18,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00,
WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
0x30, 0x1b, 0x30, 0x19,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03,
WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
0x30, 0x16, 0x30, 0x14,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1,
0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1,
0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1,
0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00,
WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
0x30, 0x17, 0x30, 0x15,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
ret = wc_InitRsaKey(keyPub, NULL);
@ -13329,21 +13343,21 @@ static int rsa_decode_test(RsaKey* keyPub)
inSz = sizeof(badNoObj);
inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
if (ret != ASN_PARSE_E) {
if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
ret = -7710;
goto done;
}
inSz = sizeof(badIntN);
inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
if (ret != ASN_RSA_KEY_E) {
if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
ret = -7711;
goto done;
}
inSz = sizeof(badNotIntE);
inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
if (ret != ASN_RSA_KEY_E) {
if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
ret = -7712;
goto done;
}
@ -13351,7 +13365,12 @@ static int rsa_decode_test(RsaKey* keyPub)
inSz = sizeof(badLength);
inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
if (ret != 0) {
#ifndef WOLFSSL_ASN_TEMPLATE
if (ret != 0)
#else
if (ret != ASN_PARSE_E)
#endif
{
ret = -7713;
goto done;
}
@ -13364,7 +13383,7 @@ static int rsa_decode_test(RsaKey* keyPub)
inSz = sizeof(badBitStrNoZero);
inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
if (ret != ASN_EXPECT_0_E) {
if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
ret = -7715;
goto done;
}
@ -14184,7 +14203,7 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
}
/* self signed */
if (wc_InitCert(myCert)) {
if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7822, exit_rsa);
}
@ -14198,7 +14217,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
myCert->sigType = CTC_SHAwRSA;
#endif
#ifdef WOLFSSL_CERT_EXT
/* add Policies */
XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
@ -14263,7 +14281,7 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
}
/* Setup Certificate */
if (wc_InitCert(myCert)) {
if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7829, exit_rsa);
}
@ -14551,7 +14569,7 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
}
/* Setup Certificate */
if (wc_InitCert(myCert)) {
if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7858, exit_rsa);
}
@ -14860,7 +14878,7 @@ static int rsa_ntru_test(RsaKey* caKey, WC_RNG* rng, byte* tmp)
ERROR_OUT(-7952, exit_rsa);
}
if (wc_InitCert(&myCert)) {
if (wc_InitCert_ex(&myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7953, exit_rsa);
}
@ -15855,7 +15873,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
ERROR_OUT(-7964, exit_rsa);
}
if (wc_InitCert(req)) {
if (wc_InitCert_ex(req, HEAP_HINT, devId)) {
ERROR_OUT(-7965, exit_rsa);
}
@ -22843,14 +22861,14 @@ static int ecc_decode_test(void)
inSz = sizeof(badNoObjId);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
if (ret != ASN_OBJECT_ID_E) {
if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
ret = -10106;
goto done;
}
inSz = sizeof(badOneObjId);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
if (ret != ASN_OBJECT_ID_E) {
if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
ret = -10107;
goto done;
}
@ -22871,7 +22889,7 @@ static int ecc_decode_test(void)
inSz = sizeof(badNotBitStr);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
if (ret != ASN_BITSTR_E) {
if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
ret = -10110;
goto done;
}
@ -22885,14 +22903,14 @@ static int ecc_decode_test(void)
inSz = sizeof(badNoBitStrZero);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
if (ret != ASN_EXPECT_0_E) {
if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
ret = -10112;
goto done;
}
inSz = sizeof(badPoint);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
if (ret != ASN_ECC_KEY_E) {
if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
ret = -10113;
goto done;
}
@ -23167,7 +23185,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
TEST_SLEEP();
/* Setup Certificate */
if (wc_InitCert(myCert)) {
if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
ERROR_OUT(-10137, exit);
}
@ -25142,7 +25160,7 @@ static int ed25519_test_make_cert(void)
int ret = 0;
byte* tmp = NULL;
wc_InitCert(&cert);
wc_InitCert_ex(&cert, HEAP_HINT, devId);
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@ -25941,28 +25959,28 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
idx = 0;
if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
sizeof(privateEd25519)) != 0)
return -11121 - i;
return -11121;
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3)
!= BAD_FUNC_ARG)
return -11131 - i;
return -11131;
idx = 0;
if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
sizeof(publicEd25519)) != 0)
return -11141 - i;
return -11141;
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
return -11151 - i;
return -11151;
if (XMEMCMP(out, sigs[0], 64))
return -11161 - i;
return -11161;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3)
!= 0 || verify != 1)
return -11171 - i;
return -11171;
#endif /* HAVE_ED25519_VERIFY */
wc_ed25519_free(&key3);
@ -25971,13 +25989,13 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
idx = 0;
if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
sizeof(privPubEd25519)) != 0)
return -11181 - i;
return -11181;
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
return -11191 - i;
return -11191;
if (XMEMCMP(out, sigs[0], 64))
return -11201 - i;
return -11201;
wc_ed25519_free(&key3);
#endif /* NO_ASN */
@ -26446,7 +26464,7 @@ static int ed448_test_make_cert(void)
int ret = 0;
byte* tmp = NULL;
wc_InitCert(&cert);
wc_InitCert_ex(&cert, HEAP_HINT, devId);
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@ -27363,28 +27381,28 @@ WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
idx = 0;
if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3,
sizeof(privateEd448)) != 0)
return -11821 - i;
return -11821;
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0)
!= BAD_FUNC_ARG)
return -11831 - i;
return -11831;
idx = 0;
if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3,
sizeof(publicEd448)) != 0)
return -11841 - i;
return -11841;
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
return -11851 - i;
return -11851;
if (XMEMCMP(out, sigs[0], SIGSZ))
return -11861 - i;
return -11861;
#if defined(HAVE_ED448_VERIFY)
/* test verify on good msg */
if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3,
NULL, 0) != 0 || verify != 1)
return -11871 - i;
return -11871;
#endif /* HAVE_ED448_VERIFY */
wc_ed448_free(&key3);
@ -27393,13 +27411,13 @@ WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
idx = 0;
if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3,
sizeof(privPubEd448)) != 0)
return -11881 - i;
return -11881;
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
return -11891 - i;
return -11891;
if (XMEMCMP(out, sigs[0], SIGSZ))
return -11901 - i;
return -11901;
wc_ed448_free(&key3);
#endif /* NO_ASN */
@ -37817,29 +37835,72 @@ WOLFSSL_TEST_SUBROUTINE int certpiv_test(void)
/* Template for Identiv PIV cert, nonce and signature */
WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
0x0A, 0x0D,
0x53, 0x04, /* NIST PIV Cert */
0x0A, 0x0B,
0x53, 0x09, /* NIST PIV Cert */
0x70, 0x02, /* Certificate */
0x30, 0x00,
0x71, 0x01, 0x00, /* Cert Info */
0x71, 0x01, 0x05, /* Cert Info */
0xFE, 0x00, /* Error Detection */
0x0B, 0x01, 0x00, /* Nonce */
0x0C, 0x01, 0x00, /* Signed Nonce */
};
/* PIV certificate data including certificate, info and error dectection. */
WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
0x53, 0x04, /* NIST PIV Cert */
0x53, 0x09, /* NIST PIV Cert */
0x70, 0x02, /* Certificate */
0x30, 0x00,
0x71, 0x01, 0x00, /* Cert Info */
0x71, 0x01, 0x04, /* Cert Info */
0xFE, 0x00, /* Error Detection */
};
/* Test with identiv 0x0A, 0x0B and 0x0C markers */
XMEMSET(&piv, 0, sizeof(piv));
/* Test with Identiv 0x0A, 0x0B and 0x0C markers */
ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
if (ret == 0) {
if (ret != 0) {
return -14000;
}
if (!piv.isIdentiv) {
return -14001;
}
if ((piv.cert == NULL) || (piv.certSz != 2)) {
return -14002;
}
if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
return -14003;
}
if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
return -14004;
}
if (!piv.isX509) {
return -14005;
}
if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
return -14006;
}
if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
return -14007;
}
XMEMSET(&piv, 0, sizeof(piv));
/* Test with NIST PIV format */
ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
if (ret != 0) {
return -14010;
}
if (piv.isIdentiv) {
return -14011;
}
if ((piv.cert == NULL) || (piv.certSz != 2)) {
return -14012;
}
if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
return -14013;
}
if ((piv.compression != 0)) {
return -14014;
}
if (!piv.isX509) {
return -14015;
}
return ret;

1
wolfssl/internal.h
View File

@ -3823,6 +3823,7 @@ struct WOLFSSL_X509_NAME {
char staticName[ASN_NAME_MAX];
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_ASN)
DecodedName fullName;
int entrySz; /* number of entries */
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
WOLFSSL_X509* x509; /* x509 that struct belongs to */

593
wolfssl/wolfcrypt/asn.h
View File

@ -100,17 +100,14 @@ enum ASN_Tags {
ASN_SEQUENCE = 0x10,
ASN_SET = 0x11,
ASN_PRINTABLE_STRING = 0x13,
ASN_T61STRING = 0x14,
ASN_IA5_STRING = 0x16,
ASN_UTC_TIME = 0x17,
ASN_OTHER_TYPE = 0x00,
ASN_RFC822_TYPE = 0x01,
ASN_DNS_TYPE = 0x02,
ASN_DIR_TYPE = 0x04,
ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
ASN_GENERALIZED_TIME = 0x18,
CRL_EXTENSIONS = 0xa0,
ASN_EXTENSIONS = 0xa3,
ASN_UNIVERSALSTRING = 0x1c,
ASN_BMPSTRING = 0x1e,
ASN_TYPE_MASK = 0x1f,
ASN_LONG_LENGTH = 0x80,
ASN_INDEF_LENGTH = 0x80,
@ -118,12 +115,481 @@ enum ASN_Tags {
ASN_CONSTRUCTED = 0x20,
ASN_APPLICATION = 0x40,
ASN_CONTEXT_SPECIFIC = 0x80,
ASN_PRIVATE = 0xC0,
CRL_EXTENSIONS = 0xa0,
ASN_EXTENSIONS = 0xa3,
/* GeneralName types */
ASN_OTHER_TYPE = 0x00,
ASN_RFC822_TYPE = 0x01,
ASN_DNS_TYPE = 0x02,
ASN_DIR_TYPE = 0x04,
ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
};
#define ASN_UTC_TIME_SIZE 14
#define ASN_GENERALIZED_TIME_SIZE 16
#define ASN_GENERALIZED_TIME_MAX 68
#ifdef WOLFSSL_ASN_TEMPLATE
/* Different data types that can be stored in ASNGetData/ASNSetData. */
enum ASNItem_DataType {
/* Default for tag type. */
ASN_DATA_TYPE_NONE = 0,
/* 8-bit integer value. */
ASN_DATA_TYPE_WORD8 = 1,
/* 16-bit integer value. */
ASN_DATA_TYPE_WORD16 = 2,
/* 32-bit integer value. */
ASN_DATA_TYPE_WORD32 = 4,
/* Buffer with data and length. */
ASN_DATA_TYPE_BUFFER = 5,
/* An expected/required buffer with data and length. */
ASN_DATA_TYPE_EXP_BUFFER = 6,
/* Replace the item with buffer (data and length). */
ASN_DATA_TYPE_REPLACE_BUFFER = 7,
/* Big number as an mp_int. */
ASN_DATA_TYPE_MP = 8,
/* Big number as a positive or negative mp_int. */
ASN_DATA_TYPE_MP_POS_NEG = 9,
/* ASN.1 CHOICE. A 0 terminated list of tags that are valid. */
ASN_DATA_TYPE_CHOICE = 10,
};
/* A template entry describing an ASN.1 item. */
typedef struct ASNItem {
/* Depth of ASN.1 item - how many consturcted ASN.1 items above. */
byte depth;
/* BER/DER tag to expect. */
byte tag;
/* Whether the ASN.1 item is constructed. */
byte constructed:1;
/* Whether to parse the header only or skip data. */
byte headerOnly:1;
/* Whether ASN.1 item is optional.
* - 0 means not optional
* - 1 means is optional
* - 2+ means one of these at the same level with same value must appear.
*/
byte optional;
} ASNItem;
/* Dynamic data for setting (encoding) an ASN.1 item. */
typedef struct ASNSetData {
/* Reverse offset into buffer of ASN.1 item - calculated in SizeASN_Items().
* SetASN_Items() subtracts from total length to get usable value.
*/
word32 offset;
/* Length of data in ASN.1 item - calculated in SizeASN_Items(). */
word32 length;
/* Different data type representation. */
union {
/* 8-bit integer value. */
byte u8;
/* 16-bit integer value. */
word16 u16;
/* 32-bit integer value. */
word32 u32;
/* Big number as an mp_int. */
mp_int* mp;
/* Buffer as data pointer and length. */
struct {
/* Data to write out. */
const byte* data;
/* Length of data to write out. */
word32 length;
} buffer;
} data;
/* Type of data stored in data field - enum ASNItem_DataType. */
byte dataType;
/* Don't write this ASN.1 item out.
* Optional items are dependent on the data being encoded.
*/
byte noOut;
} ASNSetData;
/* Dynamic data for getting (decoding) an ASN.1 item. */
typedef struct ASNGetData {
/* Offset into buffer where encoding starts. */
word32 offset;
/* Total length of data in ASN.1 item.
* BIT_STRING and INTEGER lengths include leading byte. */
word32 length;
union {
/* Pointer to 8-bit integer. */
byte* u8;
/* Pointer to 16-bit integer. */
word16* u16;
/* Pointer to 32-bit integer. */
word32* u32;
/* Pointer to mp_int for big number. */
mp_int* mp;
/* List of possible tags. Useful for CHOICE ASN.1 items. */
const byte* choice;
/* Buffer to copy into. */
struct {
/* Buffer to hold ASN.1 data. */
byte* data;
/* Maxumum length of buffer. */
word32* length;
} buffer;
/* Refernce to ASN.1 item's data. */
struct {
/* Pointer reference into input buffer. */
const byte* data;
/* Length of data. */
word32 length;
} ref;
/* Data of an OBJECT_ID. */
struct {
/* OID data reference into input buffer. */
const byte* data;
/* Length of OID data. */
word32 length;
/* Type of OID expected. */
word32 type;
/* OID sum - 32-bit id. */
word32 sum;
} oid;
} data;
/* Type of data stored in data field - enum ASNItem_DataType. */
byte dataType;
/* Tag found in BER/DER item. */
byte tag;
} ASNGetData;
WOLFSSL_LOCAL int SizeASN_Items(const ASNItem* asn, ASNSetData *data,
int count, int* encSz);
WOLFSSL_LOCAL int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count,
byte* output);
WOLFSSL_LOCAL int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count,
int complete, const byte* input, word32* inOutIdx, word32 maxIdx);
#ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
WOLFSSL_LOCAL void GetASN_Int8Bit(ASNGetData *dataASN, byte* num);
WOLFSSL_LOCAL void GetASN_Int16Bit(ASNGetData *dataASN, word16* num);
WOLFSSL_LOCAL void GetASN_Int32Bit(ASNGetData *dataASN, word32* num);
WOLFSSL_LOCAL void GetASN_Buffer(ASNGetData *dataASN, byte* data,
word32* length);
WOLFSSL_LOCAL void GetASN_ExpBuffer(ASNGetData *dataASN, const byte* data,
word32 length);
WOLFSSL_LOCAL void GetASN_MP(ASNGetData *dataASN, mp_int* num);
WOLFSSL_LOCAL void GetASN_MP_PosNeg(ASNGetData *dataASN, mp_int* num);
WOLFSSL_LOCAL void GetASN_Choice(ASNGetData *dataASN, const byte* options);
WOLFSSL_LOCAL void GetASN_Boolean(ASNGetData *dataASN, byte* num);
WOLFSSL_LOCAL void GetASN_OID(ASNGetData *dataASN, int oidType);
WOLFSSL_LOCAL void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data,
word32* length);
WOLFSSL_LOCAL void GetASN_GetRef(ASNGetData * dataASN, byte** data,
word32* length);
WOLFSSL_LOCAL void GetASN_OIDData(ASNGetData * dataASN, byte** data,
word32* length);
WOLFSSL_LOCAL void SetASN_Boolean(ASNSetData *dataASN, byte val);
WOLFSSL_LOCAL void SetASN_Int8Bit(ASNSetData *dataASN, byte num);
WOLFSSL_LOCAL void SetASN_Int16Bit(ASNSetData *dataASN, word16 num);
WOLFSSL_LOCAL void SetASN_Buffer(ASNSetData *dataASN, const byte* data,
word32 length);
WOLFSSL_LOCAL void SetASN_ReplaceBuffer(ASNSetData *dataASN, const byte* data,
word32 length);
WOLFSSL_LOCAL void SetASN_MP(ASNSetData *dataASN, mp_int* num);
WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
#else
/* Setup ASN data item to get an 8-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Pointer to an 8-bit variable.
*/
#define GetASN_Int8Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD8; \
(dataASN)->data.u8 = num; \
} while (0)
/* Setup ASN data item to get a 16-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Pointer to a 16-bit variable.
*/
#define GetASN_Int16Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD16; \
(dataASN)->data.u16 = num; \
} while (0)
/* Setup ASN data item to get a 32-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Pointer to a 32-bit variable.
*/
#define GetASN_Int32Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD32; \
(dataASN)->data.u32 = num; \
} while (0)
/* Setup ASN data item to get data into a buffer of a specific length.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] d Buffer to hold data.
* @param [in] l Length of buffer in bytes.
*/
#define GetASN_Buffer(dataASN, d, l) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_BUFFER; \
(dataASN)->data.buffer.data = d; \
(dataASN)->data.buffer.length = l; \
} while (0)
/* Setup ASN data item to check parsed data against expected buffer.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] d Buffer containing expected data.
* @param [in] l Length of buffer in bytes.
*/
#define GetASN_ExpBuffer(dataASN, d, l) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_EXP_BUFFER; \
(dataASN)->data.ref.data = d; \
(dataASN)->data.ref.length = l; \
} while (0)
/* Setup ASN data item to get a number into an mp_int.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Multi-precision number object.
*/
#define GetASN_MP(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_MP; \
(dataASN)->data.mp = num; \
} while (0)
/* Setup ASN data item to get a positve or negative number into an mp_int.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Multi-precision number object.
*/
#define GetASN_MP_PosNeg(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG; \
(dataASN)->data.mp = num; \
} while (0)
/* Setup ASN data item to be a choice of tags.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] choice 0 terminated list of tags that are valid.
*/
#define GetASN_Choice(dataASN, options) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_CHOICE; \
(dataASN)->data.choice = options; \
} while (0)
/* Setup ASN data item to get a boolean value.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Pointer to an 8-bit variable.
*/
#define GetASN_Boolean(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_NONE; \
(dataASN)->data.u8 = num; \
} while (0)
/* Setup ASN data item to be a an OID of a specific type.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] oidType Type of OID to expect.
*/
#define GetASN_OID(dataASN, oidType) \
(dataASN)->data.oid.type = oidType
/* Get the data and length from an ASN data item.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [out] d Pointer to data of item.
* @param [out] l Length of buffer in bytes.
*/
#define GetASN_GetConstRef(dataASN, d, l) \
do { \
*(d) = (dataASN)->data.ref.data; \
*(l) = (dataASN)->data.ref.length; \
} while (0)
/* Get the data and length from an ASN data item.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [out] d Pointer to data of item.
* @param [out] l Length of buffer in bytes.
*/
#define GetASN_GetRef(dataASN, d, l) \
do { \
*(d) = (byte*)(dataASN)->data.ref.data; \
*(l) = (dataASN)->data.ref.length; \
} while (0)
/* Get the data and length from an ASN data item that is an OID.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [out] d Pointer to .
* @param [out] l Length of buffer in bytes.
*/
#define GetASN_OIDData(dataASN, d, l) \
do { \
*(d) = (byte*)(dataASN)->data.oid.data; \
*(l) = (dataASN)->data.oid.length; \
} while (0)
/* Setup an ASN data item to set a boolean.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] val Boolean value.
*/
#define SetASN_Boolean(dataASN, val) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_NONE; \
(dataASN)->data.u8 = val; \
} while (0)
/* Setup an ASN data item to set an 8-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num 8-bit number to set.
*/
#define SetASN_Int8Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD8; \
(dataASN)->data.u8 = num; \
} while (0)
/* Setup an ASN data item to set a 16-bit number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num 16-bit number to set.
*/
#define SetASN_Int16Bit(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_WORD16; \
(dataASN)->data.u16 = num; \
} while (0)
/* Setup an ASN data item to set the data in a buffer.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] d Buffer containing data to set.
* @param [in] l Length of data in buffer in bytes.
*/
#define SetASN_Buffer(dataASN, d, l) \
do { \
(dataASN)->data.buffer.data = d; \
(dataASN)->data.buffer.length = l; \
} while (0)
/* Setup an ASN data item to set the DER encode data in a buffer.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] d Buffer containing BER encoded data to set.
* @param [in] l Length of data in buffer in bytes.
*/
#define SetASN_ReplaceBuffer(dataASN, d, l) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_REPLACE_BUFFER; \
(dataASN)->data.buffer.data = d; \
(dataASN)->data.buffer.length = l; \
} while (0)
/* Setup an ASN data item to set an muli-precision number.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] num Multi-precision number.
*/
#define SetASN_MP(dataASN, num) \
do { \
(dataASN)->dataType = ASN_DATA_TYPE_MP; \
(dataASN)->data.mp = num; \
} while (0)
/* Setup an ASN data item to set an OID based on id and type.
*
* oid and oidType pair are unique.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] oid OID identifier.
* @param [in] oidType Type of OID.
*/
#define SetASN_OID(dataASN, oid, oidType) \
(dataASN)->data.buffer.data = OidFromId(oid, oidType, \
&(dataASN)->data.buffer.length)
#endif /* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK */
/* Get address at the start of the BER item.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] in Input buffer.
* @return Address at start of BER item.
*/
#define GetASNItem_Addr(dataASN, in) \
((in) + (dataASN).offset)
/* Get length of a BER item - including tag and length.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] in Input buffer.
* @return Length of a BER item.
*/
#define GetASNItem_Length(dataASN, in) \
((dataASN).length + (word32)((dataASN).data.buffer.data - (in)) - \
(dataASN).offset)
/* Get the index of a BER item's data.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] in Input buffer.
* @return Index of a BER item's data.
*/
#define GetASNItem_DataIdx(dataASN, in) \
(word32)((dataASN).data.ref.data - (in))
/* Get the end index of a BER item - index of the start of the next item.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] in Input buffer.
* @return End index of a BER item.
*/
#define GetASNItem_EndIdx(dataASN, in) \
((word32)((dataASN).data.ref.data - (in)) + \
(dataASN).data.ref.length)
/* For a BIT_STRING, get the unused bits byte.
*
* @param [in] dataASN Dynamic ASN data item.
* @return Unused bits byte in BIT_STRING.
*/
#define GetASNItem_UnusedBits(dataASN) \
(*(dataASN.data.ref.data - 1))
/* Set the data items at indeces start to end inclusive to not be encoded.
*
* @param [in] dataASN Dynamic ASN data item.
* @param [in] start First item not to be encoded.
* @param [in] end Last item not to be encoded.
*/
#define SetASNItem_NoOut(dataASN, start, end) \
do { \
int ii; \
for (ii = start; ii <= end; ii++) { \
dataASN[ii].noOut = 1; \
} \
} \
while (0)
#endif /* WOLFSSL_ASN_TEMPLATE */
enum DN_Tags {
ASN_DN_NULL = 0x00,
ASN_COMMON_NAME = 0x03, /* CN */
@ -280,6 +746,8 @@ enum ECC_TYPES
/* certificate info masks */
ASN_PIV_CERT_INFO_COMPRESSED = 0x03,
ASN_PIV_CERT_INFO_ISX509 = 0x04,
/* GZIP is 0x01 */
ASN_PIV_CERT_INFO_GZIP = 0x01,
};
#endif /* WOLFSSL_CERT_PIV */
@ -311,6 +779,7 @@ enum Misc_ASN {
#endif
RSA_INTS = 8, /* RSA ints in private key */
DSA_PARAM_INTS = 3, /* DSA paramater ints */
RSA_PUB_INTS = 2, /* RSA ints in public key */
DSA_INTS = 5, /* DSA ints in private key */
MIN_DATE_SIZE = 12,
MAX_DATE_SIZE = 32,
@ -550,6 +1019,7 @@ enum Extensions_Sum {
AUTH_KEY_OID = 149, /* 2.5.29.35 */
SUBJ_KEY_OID = 128, /* 2.5.29.14 */
CERT_POLICY_OID = 146, /* 2.5.29.32 */
CRL_NUMBER_OID = 134, /* 2.5.29.20 */
KEY_USAGE_OID = 129, /* 2.5.29.15 */
INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
@ -766,6 +1236,65 @@ struct CertSignCtx {
int state; /* enum CertSignState */
};
#define DOMAIN_COMPONENT_MAX 10
struct DecodedName {
char* fullName;
int fullNameLen;
int entryCount;
int cnIdx;
int cnLen;
int cnNid;
int snIdx;
int snLen;
int snNid;
int cIdx;
int cLen;
int cNid;
int lIdx;
int lLen;
int lNid;
int stIdx;
int stLen;
int stNid;
int oIdx;
int oLen;
int oNid;
int ouIdx;
int ouLen;
#ifdef WOLFSSL_CERT_EXT
int bcIdx;
int bcLen;
int jcIdx;
int jcLen;
int jsIdx;
int jsLen;
#endif
int ouNid;
int emailIdx;
int emailLen;
int emailNid;
int uidIdx;
int uidLen;
int uidNid;
int serialIdx;
int serialLen;
int serialNid;
int dcIdx[DOMAIN_COMPONENT_MAX];
int dcLen[DOMAIN_COMPONENT_MAX];
int dcNum;
int dcMode;
};
/* ASN Encoded Name field */
typedef struct EncodedName {
int nameLen; /* actual string value length */
int totalLen; /* total encoded length */
int type; /* type of name */
int used; /* are we actually using this one */
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
} EncodedName;
#ifndef WOLFSSL_MAX_PATH_LEN
/* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines
* (k) max_path_length: this integer is initialized to "n", is
@ -781,6 +1310,7 @@ struct CertSignCtx {
#define WOLFSSL_MAX_PATH_LEN 127
#endif
typedef struct DecodedName DecodedName;
typedef struct DecodedCert DecodedCert;
typedef struct Signer Signer;
#ifdef WOLFSSL_TRUST_PEER_CERT
@ -999,15 +1529,6 @@ struct DecodedCert {
#endif
};
/* ASN Encoded Name field */
typedef struct EncodedName {
int nameLen; /* actual string value length */
int totalLen; /* total encoded length */
int type; /* type of name */
int used; /* are we actually using this one */
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
} EncodedName;
#ifdef NO_SHA
#define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#else
@ -1145,6 +1666,9 @@ WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz
int sigAlgoType);
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
#ifdef WOLFSSL_ASN_TEMPLATE
WOLFSSL_LOCAL int DecodeCert(DecodedCert*, int verify, int* criticalExt);
#endif
WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
@ -1193,12 +1717,9 @@ WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type);
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
char nameType, byte type);
/* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN
WOLFSSL_LOCAL int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap);
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
WOLFSSL_LOCAL byte GetCertNameId(int idx);
@ -1229,6 +1750,7 @@ WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
int* version, word32 maxIdx);
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx);
#ifdef HAVE_OID_ENCODING
WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz,
byte* out, word32* outSz);
@ -1246,6 +1768,15 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
word32 oidType, word32 maxIdx);
WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
word32 inputSz);
WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output);
WOLFSSL_LOCAL word32 SetASNSequence(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetASNOctetString(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetASNImplicit(byte tag,byte number, word32 len,
byte* output);
WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output);
WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
@ -1258,8 +1789,10 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
word32 outputSz, int maxSnSz);
#ifndef WOLFSSL_ASN_TEMPLATE
WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
byte* serial, int* serialSz, word32 maxIdx);
#endif
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx);
WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
@ -1268,6 +1801,11 @@ WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type);
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
char nameType, byte type);
#if defined(HAVE_ECC) || !defined(NO_DSA)
/* ASN sig helpers */
WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
@ -1424,7 +1962,7 @@ struct OcspEntry
word32 ownStatus:1; /* do we need to free the status
* response list */
word32 isDynamic:1; /* was dynamically allocated */
word32 used:1; /* entry used */
};
/* TODO: Long-term, it would be helpful if we made this struct and other OCSP
@ -1571,7 +2109,13 @@ enum PBESTypes {
PBE_SHA1_RC4_128_SUM = 657,
PBE_SHA1_DES3_SUM = 659,
PBES2 = 13 /* algo ID */
PBE_MD5_DES_SUM = 651,
PBE_SHA1_DES_SUM = 658,
PBES2_SUM = 661,
PBES2 = 13, /* algo ID */
PBES1_MD5_DES = 3,
PBES1_SHA1_DES = 10,
};
enum PKCSTypes {
@ -1579,6 +2123,9 @@ enum PKCSTypes {
PKCS12v1 = 12, /* PKCS #12 */
PKCS5 = 5, /* PKCS oid tag */
PKCS8v0 = 0, /* default PKCS#8 version */
PKCS8v1 = 1, /* PKCS#8 version including public key */
PKCS1v0 = 0, /* default PKCS#1 version */
PKCS1v1 = 1, /* Multi-prime version */
};
#endif /* !NO_ASN || !NO_PWDBASED */

1
wolfssl/wolfcrypt/asn_public.h
View File

@ -375,6 +375,7 @@ typedef struct Cert {
keyType = RSA_KEY (default)
*/
WOLFSSL_API int wc_InitCert(Cert*);
WOLFSSL_API int wc_InitCert_ex(Cert*, void*, int);
WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
int keyType, void* key, WC_RNG* rng);
WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,

9
wolfssl/wolfcrypt/types.h
View File

@ -579,8 +579,9 @@ decouple library dependencies with standard string, memory and so on.
debugging is turned on */
#ifndef USE_WINDOWS_API
#ifndef XSNPRINTF
#if defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_PKCS7)) && !defined(NO_STDIO_FILESYSTEM)
#if defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_CERT_EXT) || defined(HAVE_PKCS7))
/* case where stdio is not included else where but is needed
for snprintf */
#include <stdio.h>
@ -709,6 +710,10 @@ decouple library dependencies with standard string, memory and so on.
#define XTOLOWER(c) tolower((c))
#endif
#ifndef OFFSETOF
#define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
#endif
/* memory allocation types for user hints */
enum {