diff options
| author | Michael Brown | 2009-02-10 18:37:24 +0100 |
|---|---|---|
| committer | Michael Brown | 2009-02-10 19:30:17 +0100 |
| commit | 8e960eb67c3c3974f4eca34e1fe733791f70ca09 (patch) | |
| tree | f068d9b2dec5d41a6f20942b40fd778e4a1ce952 | |
| parent | [crypto] Remove unused files (diff) | |
| download | ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.tar.gz ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.tar.xz ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.zip | |
[tls] Use our own ASN.1 routines for certificate parsing
Use our own, more robust, ASN.1 parsing routines to extract the RSA
public key from a server certificate. Remove the now-unused AXTLS
ASN.1 parser.
| -rw-r--r-- | src/crypto/asn1.c | 31 | ||||
| -rw-r--r-- | src/crypto/axtls/axtls_asn1.c | 867 | ||||
| -rw-r--r-- | src/crypto/x509.c | 181 | ||||
| -rw-r--r-- | src/include/gpxe/asn1.h | 6 | ||||
| -rw-r--r-- | src/include/gpxe/errfile.h | 1 | ||||
| -rw-r--r-- | src/include/gpxe/tls.h | 6 | ||||
| -rw-r--r-- | src/include/gpxe/x509.h | 39 | ||||
| -rw-r--r-- | src/net/tls.c | 177 |
8 files changed, 354 insertions, 954 deletions
diff --git a/src/crypto/asn1.c b/src/crypto/asn1.c index 0a69162a..25e7495b 100644 --- a/src/crypto/asn1.c +++ b/src/crypto/asn1.c @@ -32,7 +32,7 @@ * * @v cursor ASN.1 object cursor * @v type Expected type - * @ret len Length of object body, or -1 on error + * @ret len Length of object body, or negative error * * The object cursor will be updated to point to the start of the * object body (i.e. the first byte following the length byte(s)), and @@ -44,29 +44,32 @@ * the cursor will be invalidated and a negative value will be * returned. */ -static int asn1_start_object ( struct asn1_cursor *cursor, +static int asn1_start ( struct asn1_cursor *cursor, unsigned int type ) { unsigned int len_len; unsigned int len; + int rc; /* Sanity check */ if ( cursor->len < 2 /* Tag byte and first length byte */ ) { if ( cursor->len ) DBGC ( cursor, "ASN1 %p too short\n", cursor ); + rc = -EINVAL; goto notfound; } /* Check the tag byte */ - if ( cursor->data[0] != type ) { + if ( *( ( uint8_t * ) cursor->data ) != type ) { DBGC ( cursor, "ASN1 %p type mismatch (expected %d, got %d)\n", - cursor, type, cursor->data[0] ); + cursor, type, *( ( uint8_t * ) cursor->data ) ); + rc = -ENXIO; goto notfound; } cursor->data++; cursor->len--; /* Extract length of the length field and sanity check */ - len_len = cursor->data[0]; + len_len = *( ( uint8_t * ) cursor->data ); if ( len_len & 0x80 ) { len_len = ( len_len & 0x7f ); cursor->data++; @@ -77,19 +80,21 @@ static int asn1_start_object ( struct asn1_cursor *cursor, if ( cursor->len < len_len ) { DBGC ( cursor, "ASN1 %p bad length field length %d (max " "%zd)\n", cursor, len_len, cursor->len ); + rc = -EINVAL; goto notfound; } /* Extract the length and sanity check */ for ( len = 0 ; len_len ; len_len-- ) { len <<= 8; - len |= cursor->data[0]; + len |= *( ( uint8_t * ) cursor->data ); cursor->data++; cursor->len--; } if ( cursor->len < len ) { DBGC ( cursor, "ASN1 %p bad length %d (max %zd)\n", cursor, len, cursor->len ); + rc = -EINVAL; goto notfound; } @@ -98,7 +103,7 @@ static int asn1_start_object ( struct asn1_cursor *cursor, notfound: cursor->data = NULL; cursor->len = 0; - return -1; + return rc; } /** @@ -112,12 +117,12 @@ static int asn1_start_object ( struct asn1_cursor *cursor, * current ASN.1 object. If any error occurs, the object cursor will * be invalidated. */ -int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ) { +int asn1_enter ( struct asn1_cursor *cursor, unsigned int type ) { int len; - len = asn1_start_object ( cursor, type ); + len = asn1_start ( cursor, type ); if ( len < 0 ) - return -ENOENT; + return len; cursor->len = len; DBGC ( cursor, "ASN1 %p entered object type %02x (len %x)\n", @@ -137,12 +142,12 @@ int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ) { * object. If any error occurs, the object cursor will be * invalidated. */ -int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type ) { +int asn1_skip ( struct asn1_cursor *cursor, unsigned int type ) { int len; - len = asn1_start_object ( cursor, type ); + len = asn1_start ( cursor, type ); if ( len < 0 ) - return -ENOENT; + return len; cursor->data += len; cursor->len -= len; diff --git a/src/crypto/axtls/axtls_asn1.c b/src/crypto/axtls/axtls_asn1.c deleted file mode 100644 index 74411c70..00000000 --- a/src/crypto/axtls/axtls_asn1.c +++ /dev/null @@ -1,867 +0,0 @@ -/* - * Copyright(C) 2006 Cameron Rich - * - * This library is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation; either version 2.1 of the License, or - * (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/** - * @file asn1.c - * - * Some primitive asn methods for extraction rsa modulus information. It also - * is used for retrieving information from X.509 certificates. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include "crypto.h" - -#define SIG_OID_PREFIX_SIZE 8 - -#define SIG_TYPE_MD2 0x02 -#define SIG_TYPE_MD5 0x04 -#define SIG_TYPE_SHA1 0x05 - -/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */ -static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = -{ - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01 -}; - -/* CN, O, OU */ -static const uint8_t g_dn_types[] = { 3, 10, 11 }; - -static int get_asn1_length(const uint8_t *buf, int *offset) -{ - int len, i; - - if (!(buf[*offset] & 0x80)) /* short form */ - { - len = buf[(*offset)++]; - } - else /* long form */ - { - int length_bytes = buf[(*offset)++]&0x7f; - len = 0; - for (i = 0; i < length_bytes; i++) - { - len <<= 8; - len += buf[(*offset)++]; - } - } - - return len; -} - -/** - * Skip the ASN1.1 object type and its length. Get ready to read the object's - * data. - */ -int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type) -{ - if (buf[*offset] != obj_type) - return X509_NOT_OK; - (*offset)++; - return get_asn1_length(buf, offset); -} - -/** - * Skip over an ASN.1 object type completely. Get ready to read the next - * object. - */ -int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type) -{ - int len; - - if (buf[*offset] != obj_type) - return X509_NOT_OK; - (*offset)++; - len = get_asn1_length(buf, offset); - *offset += len; - return 0; -} - -/** - * Read an integer value for ASN.1 data - * Note: This function allocates memory which must be freed by the user. - */ -int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object) -{ - int len; - - if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0) - goto end_int_array; - - *object = (uint8_t *)malloc(len); - memcpy(*object, &buf[*offset], len); - *offset += len; - -end_int_array: - return len; -} - -#if 0 - -/** - * Get all the RSA private key specifics from an ASN.1 encoded file - */ -int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx) -{ - int offset = 7; - uint8_t *modulus, *priv_exp, *pub_exp; - int mod_len, priv_len, pub_len; -#ifdef CONFIG_BIGINT_CRT - uint8_t *p, *q, *dP, *dQ, *qInv; - int p_len, q_len, dP_len, dQ_len, qInv_len; -#endif - - /* not in der format */ - if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */ - { -#ifdef CONFIG_SSL_FULL_MODE - printf("Error: This is not a valid ASN.1 file\n"); -#endif - return X509_INVALID_PRIV_KEY; - } - - /* initialise the RNG */ - RNG_initialize(buf, len); - - mod_len = asn1_get_int(buf, &offset, &modulus); - pub_len = asn1_get_int(buf, &offset, &pub_exp); - priv_len = asn1_get_int(buf, &offset, &priv_exp); - - if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0) - return X509_INVALID_PRIV_KEY; - -#ifdef CONFIG_BIGINT_CRT - p_len = asn1_get_int(buf, &offset, &p); - q_len = asn1_get_int(buf, &offset, &q); - dP_len = asn1_get_int(buf, &offset, &dP); - dQ_len = asn1_get_int(buf, &offset, &dQ); - qInv_len = asn1_get_int(buf, &offset, &qInv); - - if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0) - return X509_INVALID_PRIV_KEY; - - RSA_priv_key_new(rsa_ctx, - modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len, - p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len); - - free(p); - free(q); - free(dP); - free(dQ); - free(qInv); -#else - RSA_priv_key_new(rsa_ctx, - modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len); -#endif - - free(modulus); - free(priv_exp); - free(pub_exp); - return X509_OK; -} - -/** - * Get the time of a certificate. Ignore hours/minutes/seconds. - */ -static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t) -{ - int ret = X509_NOT_OK, len, t_offset; - struct tm tm; - - if (buf[(*offset)++] != ASN1_UTC_TIME) - goto end_utc_time; - len = get_asn1_length(buf, offset); - t_offset = *offset; - - memset(&tm, 0, sizeof(struct tm)); - tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0'); - - if (tm.tm_year <= 50) /* 1951-2050 thing */ - { - tm.tm_year += 100; - } - - tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1; - tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0'); - *t = mktime(&tm); - *offset += len; - ret = X509_OK; - -end_utc_time: - return ret; -} - -/** - * Get the version type of a certificate (which we don't actually care about) - */ -static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) -{ - int ret = X509_NOT_OK; - - (*offset) += 2; /* get past explicit tag */ - if (asn1_skip_obj(cert, offset, ASN1_INTEGER)) - goto end_version; - - ret = X509_OK; -end_version: - return ret; -} - -/** - * Retrieve the notbefore and notafter certificate times. - */ -static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) -{ - return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 || - asn1_get_utc_time(cert, offset, &x509_ctx->not_before) || - asn1_get_utc_time(cert, offset, &x509_ctx->not_after)); -} - -/** - * Get the components of a distinguished name - */ -static int asn1_get_oid_x520(const uint8_t *buf, int *offset) -{ - int dn_type = 0; - int len; - - if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0) - goto end_oid; - - /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name - components we are interested in. */ - if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04) - dn_type = buf[(*offset)++]; - else - { - *offset += len; /* skip over it */ - } - -end_oid: - return dn_type; -} - -/** - * Obtain an ASN.1 printable string type. - */ -static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str) -{ - int len = X509_NOT_OK; - - /* some certs have this awful crud in them for some reason */ - if (buf[*offset] != ASN1_PRINTABLE_STR && - buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR) - goto end_pnt_str; - - (*offset)++; - len = get_asn1_length(buf, offset); - *str = (char *)malloc(len+1); /* allow for null */ - memcpy(*str, &buf[*offset], len); - (*str)[len] = 0; /* null terminate */ - *offset += len; -end_pnt_str: - return len; -} - -/** - * Get the subject name (or the issuer) of a certificate. - */ -static int asn1_name(const uint8_t *cert, int *offset, char *dn[]) -{ - int ret = X509_NOT_OK; - int dn_type; - char *tmp = NULL; - - if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0) - goto end_name; - - while (asn1_next_obj(cert, offset, ASN1_SET) >= 0) - { - int i, found = 0; - - if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 || - (dn_type = asn1_get_oid_x520(cert, offset)) < 0) - goto end_name; - - if (asn1_get_printable_str(cert, offset, &tmp) < 0) - { - free(tmp); - goto end_name; - } - - /* find the distinguished named type */ - for (i = 0; i < X509_NUM_DN_TYPES; i++) - { - if (dn_type == g_dn_types[i]) - { - if (dn[i] == NULL) - { - dn[i] = tmp; - found = 1; - break; - } - } - } - - if (found == 0) /* not found so get rid of it */ - { - free(tmp); - } - } - - ret = X509_OK; -end_name: - return ret; -} - -/** - * Read the modulus and public exponent of a certificate. - */ -static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) -{ - int ret = X509_NOT_OK, mod_len, pub_len; - uint8_t *modulus, *pub_exp; - - if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 || - asn1_skip_obj(cert, offset, ASN1_SEQUENCE) || - asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0) - goto end_pub_key; - - (*offset)++; - - if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0) - goto end_pub_key; - - mod_len = asn1_get_int(cert, offset, &modulus); - pub_len = asn1_get_int(cert, offset, &pub_exp); - - RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len); - - free(modulus); - free(pub_exp); - ret = X509_OK; - -end_pub_key: - return ret; -} - -#ifdef CONFIG_SSL_CERT_VERIFICATION -/** - * Read the signature of the certificate. - */ -static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) -{ - int ret = X509_NOT_OK; - - if (cert[(*offset)++] != ASN1_BIT_STRING) - goto end_sig; - - x509_ctx->sig_len = get_asn1_length(cert, offset); - x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len); - memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len); - *offset += x509_ctx->sig_len; - ret = X509_OK; - -end_sig: - return ret; -} - -/* - * Compare 2 distinguished name components for equality - * @return 0 if a match - */ -static int asn1_compare_dn_comp(const char *dn1, const char *dn2) -{ - int ret = 1; - - if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match; - - ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0; - -err_no_match: - return ret; -} - -/** - * Clean up all of the CA certificates. - */ -void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx) -{ - int i = 0; - - while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) - { - x509_free(ca_cert_ctx->cert[i]); - ca_cert_ctx->cert[i++] = NULL; - } - - free(ca_cert_ctx); -} - -/* - * Compare 2 distinguished names for equality - * @return 0 if a match - */ -static int asn1_compare_dn(char * const dn1[], char * const dn2[]) -{ - int i; - - for (i = 0; i < X509_NUM_DN_TYPES; i++) - { - if (asn1_compare_dn_comp(dn1[i], dn2[i])) - { - return 1; - } - } - - return 0; /* all good */ -} - -/** - * Retrieve the signature from a certificate. - */ -const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len) -{ - int offset = 0; - const uint8_t *ptr = NULL; - - if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || - asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE)) - goto end_get_sig; - - if (asn1_sig[offset++] != ASN1_OCTET_STRING) - goto end_get_sig; - *len = get_asn1_length(asn1_sig, &offset); - ptr = &asn1_sig[offset]; /* all ok */ - -end_get_sig: - return ptr; -} - -#endif - -/** - * Read the signature type of the certificate. We only support RSA-MD5 and - * RSA-SHA1 signature types. - */ -static int asn1_signature_type(const uint8_t *cert, - int *offset, X509_CTX *x509_ctx) -{ - int ret = X509_NOT_OK, len; - - if (cert[(*offset)++] != ASN1_OID) - goto end_check_sig; - - len = get_asn1_length(cert, offset); - - if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE)) - goto end_check_sig; /* unrecognised cert type */ - - x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE]; - - *offset += len; - if (asn1_skip_obj(cert, offset, ASN1_NULL)) - goto end_check_sig; - ret = X509_OK; - -end_check_sig: - return ret; -} - -/** - * Construct a new x509 object. - * @return 0 if ok. < 0 if there was a problem. - */ -int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx) -{ - int begin_tbs, end_tbs; - int ret = X509_NOT_OK, offset = 0, cert_size = 0; - X509_CTX *x509_ctx; - BI_CTX *bi_ctx; - - *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX)); - x509_ctx = *ctx; - - /* get the certificate size */ - asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); - - if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) - goto end_cert; - - begin_tbs = offset; /* start of the tbs */ - end_tbs = begin_tbs; /* work out the end of the tbs */ - asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE); - - if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) - goto end_cert; - - if (cert[offset] == ASN1_EXPLICIT_TAG) /* optional version */ - { - if (asn1_version(cert, &offset, x509_ctx)) - goto end_cert; - } - - if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ - asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) - goto end_cert; - - /* make sure the signature is ok */ - if (asn1_signature_type(cert, &offset, x509_ctx)) - { - ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST; - goto end_cert; - } - - if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || - asn1_validity(cert, &offset, x509_ctx) || - asn1_name(cert, &offset, x509_ctx->cert_dn) || - asn1_public_key(cert, &offset, x509_ctx)) - goto end_cert; - - bi_ctx = x509_ctx->rsa_ctx->bi_ctx; - -#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */ - /* use the appropriate signature algorithm (either SHA1 or MD5) */ - if (x509_ctx->sig_type == SIG_TYPE_MD5) - { - MD5_CTX md5_ctx; - uint8_t md5_dgst[MD5_SIZE]; - MD5Init(&md5_ctx); - MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs); - MD5Final(&md5_ctx, md5_dgst); - x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE); - } - else if (x509_ctx->sig_type == SIG_TYPE_SHA1) - { - SHA1_CTX sha_ctx; - uint8_t sha_dgst[SHA1_SIZE]; - SHA1Init(&sha_ctx); - SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs); - SHA1Final(&sha_ctx, sha_dgst); - x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE); - } - - offset = end_tbs; /* skip the v3 data */ - if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || - asn1_signature(cert, &offset, x509_ctx)) - goto end_cert; -#endif - - if (len) - { - *len = cert_size; - } - - ret = X509_OK; -end_cert: - -#ifdef CONFIG_SSL_FULL_MODE - if (ret) - { - printf("Error: Invalid X509 ASN.1 file\n"); - } -#endif - - return ret; -} - -/** - * Free an X.509 object's resources. - */ -void x509_free(X509_CTX *x509_ctx) -{ - X509_CTX *next; - int i; - - if (x509_ctx == NULL) /* if already null, then don't bother */ - return; - - for (i = 0; i < X509_NUM_DN_TYPES; i++) - { - free(x509_ctx->ca_cert_dn[i]); - free(x509_ctx->cert_dn[i]); - } - - free(x509_ctx->signature); - -#ifdef CONFIG_SSL_CERT_VERIFICATION - if (x509_ctx->digest) - { - bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest); - } -#endif - - RSA_free(x509_ctx->rsa_ctx); - - next = x509_ctx->next; - free(x509_ctx); - x509_free(next); /* clear the chain */ -} - -#ifdef CONFIG_SSL_CERT_VERIFICATION -/** - * Do some basic checks on the certificate chain. - * - * Certificate verification consists of a number of checks: - * - A root certificate exists in the certificate store. - * - The date of the certificate is after the start date. - * - The date of the certificate is before the finish date. - * - The certificate chain is valid. - * - That the certificate(s) are not self-signed. - * - The signature of the certificate is valid. - */ -int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) -{ - int ret = X509_OK, i = 0; - bigint *cert_sig; - X509_CTX *next_cert = NULL; - BI_CTX *ctx; - bigint *mod, *expn; - struct timeval tv; - int match_ca_cert = 0; - - if (cert == NULL || ca_cert_ctx == NULL) - { - ret = X509_VFY_ERROR_NO_TRUSTED_CERT; - goto end_verify; - } - - /* last cert in the chain - look for a trusted cert */ - if (cert->next == NULL) - { - while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) - { - if (asn1_compare_dn(cert->ca_cert_dn, - ca_cert_ctx->cert[i]->cert_dn) == 0) - { - match_ca_cert = 1; - break; - } - - i++; - } - - if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) - { - next_cert = ca_cert_ctx->cert[i]; - } - else /* trusted cert not found */ - { - ret = X509_VFY_ERROR_NO_TRUSTED_CERT; - goto end_verify; - } - } - else - { - next_cert = cert->next; - } - - gettimeofday(&tv, NULL); - - /* check the not before date */ - if (tv.tv_sec < cert->not_before) - { - ret = X509_VFY_ERROR_NOT_YET_VALID; - goto end_verify; - } - - /* check the not after date */ - if (tv.tv_sec > cert->not_after) - { - ret = X509_VFY_ERROR_EXPIRED; - goto end_verify; - } - - /* check the chain integrity */ - if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn)) - { - ret = X509_VFY_ERROR_INVALID_CHAIN; - goto end_verify; - } - - /* check for self-signing */ - if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0) - { - ret = X509_VFY_ERROR_SELF_SIGNED; - goto end_verify; - } - - /* check the signature */ - ctx = cert->rsa_ctx->bi_ctx; - mod = next_cert->rsa_ctx->m; - expn = next_cert->rsa_ctx->e; - cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len, - bi_clone(ctx, mod), bi_clone(ctx, expn)); - - if (cert_sig) - { - ret = cert->digest ? /* check the signature */ - bi_compare(cert_sig, cert->digest) : - X509_VFY_ERROR_UNSUPPORTED_DIGEST; - bi_free(ctx, cert_sig); - - if (ret) - goto end_verify; - } - else - { - ret = X509_VFY_ERROR_BAD_SIGNATURE; - goto end_verify; - } - - /* go down the certificate chain using recursion. */ - if (ret == 0 && cert->next) - { - ret = x509_verify(ca_cert_ctx, next_cert); - } - -end_verify: - return ret; -} -#endif - -#if defined (CONFIG_SSL_FULL_MODE) -/** - * Used for diagnostics. - */ -void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) -{ - if (cert == NULL) - return; - - printf("---------------- CERT DEBUG ----------------\n"); - printf("* CA Cert Distinguished Name\n"); - if (cert->ca_cert_dn[X509_COMMON_NAME]) - { - printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]); - } - - if (cert->ca_cert_dn[X509_ORGANIZATION]) - { - printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]); - } - - if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]) - { - printf("Organizational Unit (OU): %s\n", - cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]); - } - - printf("* Cert Distinguished Name\n"); - if (cert->cert_dn[X509_COMMON_NAME]) - { - printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]); - } - - if (cert->cert_dn[X509_ORGANIZATION]) - { - printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]); - } - - if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE]) - { - printf("Organizational Unit (OU): %s\n", - cert->cert_dn[X509_ORGANIZATIONAL_TYPE]); - } - - printf("Not Before:\t\t%s", ctime(&cert->not_before)); - printf("Not After:\t\t%s", ctime(&cert->not_after)); - printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8); - printf("Sig Type:\t\t"); - switch (cert->sig_type) - { - case SIG_TYPE_MD5: - printf("MD5\n"); - break; - case SIG_TYPE_SHA1: - printf("SHA1\n"); - break; - case SIG_TYPE_MD2: - printf("MD2\n"); - break; - default: - printf("Unrecognized: %d\n", cert->sig_type); - break; - } - - printf("Verify:\t\t\t"); - - if (ca_cert_ctx) - { - x509_display_error(x509_verify(ca_cert_ctx, cert)); - } - - printf("\n"); -#if 0 - print_blob("Signature", cert->signature, cert->sig_len); - bi_print("Modulus", cert->rsa_ctx->m); - bi_print("Pub Exp", cert->rsa_ctx->e); -#endif - - if (ca_cert_ctx) - { - x509_print(ca_cert_ctx, cert->next); - } -} - -void x509_display_error(int error) -{ - switch (error) - { - case X509_NOT_OK: - printf("X509 not ok"); - break; - - case X509_VFY_ERROR_NO_TRUSTED_CERT: - printf("No trusted cert is available"); - break; - - case X509_VFY_ERROR_BAD_SIGNATURE: - printf("Bad signature"); - break; - - case X509_VFY_ERROR_NOT_YET_VALID: - printf("Cert is not yet valid"); - break; - - case X509_VFY_ERROR_EXPIRED: - printf("Cert has expired"); - break; - - case X509_VFY_ERROR_SELF_SIGNED: - printf("Cert is self-signed"); - break; - - case X509_VFY_ERROR_INVALID_CHAIN: - printf("Chain is invalid (check order of certs)"); - break; - - case X509_VFY_ERROR_UNSUPPORTED_DIGEST: - printf("Unsupported digest"); - break; - - case X509_INVALID_PRIV_KEY: - printf("Invalid private key"); - break; - } -} -#endif /* CONFIG_SSL_FULL_MODE */ - -#endif diff --git a/src/crypto/x509.c b/src/crypto/x509.c new file mode 100644 index 00000000..35adfa38 --- /dev/null +++ b/src/crypto/x509.c @@ -0,0 +1,181 @@ +/* + * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <gpxe/asn1.h> +#include <gpxe/x509.h> + +/** @file + * + * X.509 certificates + * + * The structure of X.509v3 certificates is concisely documented in + * RFC5280 section 4.1. The structure of RSA public keys is + * documented in RFC2313. + */ + +/** Object Identifier for "rsaEncryption" (1.2.840.113549.1.1.1) */ +static const uint8_t oid_rsa_encryption[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01 }; + +/** + * Identify X.509 certificate public key + * + * @v certificate Certificate + * @v algorithm Public key algorithm to fill in + * @v pubkey Public key value to fill in + * @ret rc Return status code + */ +static int x509_public_key ( const struct asn1_cursor *certificate, + struct asn1_cursor *algorithm, + struct asn1_cursor *pubkey ) { + struct asn1_cursor cursor; + int rc; + + /* Locate subjectPublicKeyInfo */ + memcpy ( &cursor, certificate, sizeof ( cursor ) ); + rc = ( asn1_enter ( &cursor, ASN1_SEQUENCE ), /* Certificate */ + asn1_enter ( &cursor, ASN1_SEQUENCE ), /* tbsCertificate */ + asn1_skip ( &cursor, ASN1_EXPLICIT_TAG ), /* version */ + asn1_skip ( &cursor, ASN1_INTEGER ), /* serialNumber */ + asn1_skip ( &cursor, ASN1_SEQUENCE ), /* signature */ + asn1_skip ( &cursor, ASN1_SEQUENCE ), /* issuer */ + asn1_skip ( &cursor, ASN1_SEQUENCE ), /* validity */ + asn1_skip ( &cursor, ASN1_SEQUENCE ), /* name */ + asn1_enter ( &cursor, ASN1_SEQUENCE )/* subjectPublicKeyInfo*/); + if ( rc != 0 ) { + DBG ( "Cannot locate subjectPublicKeyInfo in:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return rc; + } + + /* Locate algorithm */ + memcpy ( algorithm, &cursor, sizeof ( *algorithm ) ); + rc = ( asn1_enter ( algorithm, ASN1_SEQUENCE ) /* algorithm */ ); + if ( rc != 0 ) { + DBG ( "Cannot locate algorithm in:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return rc; + } + + /* Locate subjectPublicKey */ + memcpy ( pubkey, &cursor, sizeof ( *pubkey ) ); + rc = ( asn1_skip ( pubkey, ASN1_SEQUENCE ), /* algorithm */ + asn1_enter ( pubkey, ASN1_BIT_STRING ) /* subjectPublicKey*/ ); + if ( rc != 0 ) { + DBG ( "Cannot locate subjectPublicKey in:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return rc; + } + + return 0; +} + +/** + * Identify X.509 certificate RSA modulus and public exponent + * + * @v certificate Certificate + * @v rsa RSA public key to fill in + * @ret rc Return status code + * + * The caller is responsible for eventually calling + * x509_free_rsa_public_key() to free the storage allocated to hold + * the RSA modulus and exponent. + */ +int x509_rsa_public_key ( const struct asn1_cursor *certificate, + struct x509_rsa_public_key *rsa_pubkey ) { + struct asn1_cursor algorithm; + struct asn1_cursor pubkey; + struct asn1_cursor modulus; + struct asn1_cursor exponent; + int rc; + + /* First, extract the public key algorithm and key data */ + if ( ( rc = x509_public_key ( certificate, &algorithm, + &pubkey ) ) != 0 ) + return rc; + + /* Check that algorithm is RSA */ + rc = ( asn1_enter ( &algorithm, ASN1_OID ) /* algorithm */ ); + if ( rc != 0 ) { + DBG ( "Cannot locate algorithm:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return rc; + } + if ( ( algorithm.len != sizeof ( oid_rsa_encryption ) ) || + ( memcmp ( algorithm.data, &oid_rsa_encryption, + sizeof ( oid_rsa_encryption ) ) != 0 ) ) { + DBG ( "algorithm is not rsaEncryption in:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return -ENOTSUP; + } + + /* Check that public key is a byte string, i.e. that the + * "unused bits" byte contains zero. + */ + if ( ( pubkey.len < 1 ) || + ( ( *( uint8_t * ) pubkey.data ) != 0 ) ) { + DBG ( "subjectPublicKey is not a byte string in:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return -ENOTSUP; + } + pubkey.data++; + pubkey.len--; + + /* Pick out the modulus and exponent */ + rc = ( asn1_enter ( &pubkey, ASN1_SEQUENCE ) /* RSAPublicKey */ ); + if ( rc != 0 ) { + DBG ( "Cannot locate RSAPublicKey in:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return -ENOTSUP; + } + memcpy ( &modulus, &pubkey, sizeof ( modulus ) ); + rc = ( asn1_enter ( &modulus, ASN1_INTEGER ) /* modulus */ ); + if ( rc != 0 ) { + DBG ( "Cannot locate modulus in:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return -ENOTSUP; + } + memcpy ( &exponent, &pubkey, sizeof ( exponent ) ); + rc = ( asn1_skip ( &exponent, ASN1_INTEGER ), /* modulus */ + asn1_enter ( &exponent, ASN1_INTEGER ) /* publicExponent */ ); + if ( rc != 0 ) { + DBG ( "Cannot locate publicExponent in:\n" ); + DBG_HDA ( 0, certificate->data, certificate->len ); + return -ENOTSUP; + } + + /* Allocate space and copy out modulus and exponent */ + rsa_pubkey->modulus = malloc ( modulus.len + exponent.len ); + if ( ! rsa_pubkey->modulus ) + return -ENOMEM; + rsa_pubkey->exponent = ( rsa_pubkey->modulus + modulus.len ); + memcpy ( rsa_pubkey->modulus, modulus.data, modulus.len ); + rsa_pubkey->modulus_len = modulus.len; + memcpy ( rsa_pubkey->exponent, exponent.data, exponent.len ); + rsa_pubkey->exponent_len = exponent.len; + + DBG2 ( "RSA modulus:\n" ); + DBG2_HDA ( 0, rsa_pubkey->modulus, rsa_pubkey->modulus_len ); + DBG2 ( "RSA exponent:\n" ); + DBG2_HDA ( 0, rsa_pubkey->exponent, rsa_pubkey->exponent_len ); + + return 0; +} diff --git a/src/include/gpxe/asn1.h b/src/include/gpxe/asn1.h index 1ad90050..5440c48c 100644 --- a/src/include/gpxe/asn1.h +++ b/src/include/gpxe/asn1.h @@ -21,12 +21,12 @@ */ struct asn1_cursor { /** Start of data */ - uint8_t *data; + void *data; /** Length of data */ size_t len; }; -extern int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type ); -extern int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type ); +extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type ); +extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type ); #endif /* _GPXE_ASN1_H */ diff --git a/src/include/gpxe/errfile.h b/src/include/gpxe/errfile.h index df3717f1..4809e50c 100644 --- a/src/include/gpxe/errfile.h +++ b/src/include/gpxe/errfile.h @@ -168,6 +168,7 @@ #define ERRFILE_smbios_settings ( ERRFILE_OTHER | 0x00130000 ) #define ERRFILE_efi_smbios ( ERRFILE_OTHER | 0x00140000 ) #define ERRFILE_pxemenu ( ERRFILE_OTHER | 0x00150000 ) +#define ERRFILE_x509 ( ERRFILE_OTHER | 0x00160000 ) /** @} */ diff --git a/src/include/gpxe/tls.h b/src/include/gpxe/tls.h index 39109452..182bc49d 100644 --- a/src/include/gpxe/tls.h +++ b/src/include/gpxe/tls.h @@ -14,6 +14,7 @@ #include <gpxe/crypto.h> #include <gpxe/md5.h> #include <gpxe/sha1.h> +#include <gpxe/x509.h> /** A TLS header */ struct tls_header { @@ -157,10 +158,7 @@ struct tls_session { uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE]; /** Hack: server RSA public key */ - uint8_t *rsa_mod; - size_t rsa_mod_len; - uint8_t *rsa_pub_exp; - size_t rsa_pub_exp_len; + struct x509_rsa_public_key rsa; /** TX sequence number */ uint64_t tx_seq; diff --git a/src/include/gpxe/x509.h b/src/include/gpxe/x509.h new file mode 100644 index 00000000..071e1de5 --- /dev/null +++ b/src/include/gpxe/x509.h @@ -0,0 +1,39 @@ +#ifndef _GPXE_X509_H +#define _GPXE_X509_H + +/** @file + * + * X.509 certificates + * + */ + +#include <stdint.h> + +struct asn1_cursor; + +/** An X.509 RSA public key */ +struct x509_rsa_public_key { + /** Modulus */ + uint8_t *modulus; + /** Modulus length */ + size_t modulus_len; + /** Exponent */ + uint8_t *exponent; + /** Exponent length */ + size_t exponent_len; +}; + +/** + * Free X.509 RSA public key + * + * @v rsa_pubkey RSA public key + */ +static inline void +x509_free_rsa_public_key ( struct x509_rsa_public_key *rsa_pubkey ) { + free ( rsa_pubkey->modulus ); +} + +extern int x509_rsa_public_key ( const struct asn1_cursor *certificate, + struct x509_rsa_public_key *rsa_pubkey ); + +#endif /* _GPXE_X509_H */ diff --git a/src/net/tls.c b/src/net/tls.c index fa4b58d4..f5bff7a4 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -36,6 +36,8 @@ #include <gpxe/xfer.h> #include <gpxe/open.h> #include <gpxe/filter.h> +#include <gpxe/asn1.h> +#include <gpxe/x509.h> #include <gpxe/tls.h> static int tls_send_plaintext ( struct tls_session *tls, unsigned int type, @@ -43,6 +45,33 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type, static void tls_clear_cipher ( struct tls_session *tls, struct tls_cipherspec *cipherspec ); +/****************************************************************************** + * + * Utility functions + * + ****************************************************************************** + */ + +/** + * Extract 24-bit field value + * + * @v field24 24-bit field + * @ret value Field value + * + * TLS uses 24-bit integers in several places, which are awkward to + * parse in C. + */ +static unsigned long tls_uint24 ( uint8_t field24[3] ) { + return ( ( field24[0] << 16 ) + ( field24[1] << 8 ) + field24[2] ); +} + +/****************************************************************************** + * + * Cleanup functions + * + ****************************************************************************** + */ + /** * Free TLS session * @@ -57,8 +86,7 @@ static void free_tls ( struct refcnt *refcnt ) { tls_clear_cipher ( tls, &tls->tx_cipherspec_pending ); tls_clear_cipher ( tls, &tls->rx_cipherspec ); tls_clear_cipher ( tls, &tls->rx_cipherspec_pending ); - free ( tls->rsa_mod ); - free ( tls->rsa_pub_exp ); + x509_free_rsa_public_key ( &tls->rsa ); free ( tls->rx_data ); /* Free TLS structure itself */ @@ -622,8 +650,8 @@ static int tls_send_client_hello ( struct tls_session *tls ) { static int tls_send_client_key_exchange ( struct tls_session *tls ) { /* FIXME: Hack alert */ RSA_CTX *rsa_ctx; - RSA_pub_key_new ( &rsa_ctx, tls->rsa_mod, tls->rsa_mod_len, - tls->rsa_pub_exp, tls->rsa_pub_exp_len ); + RSA_pub_key_new ( &rsa_ctx, tls->rsa.modulus, tls->rsa.modulus_len, + tls->rsa.exponent, tls->rsa.exponent_len ); struct { uint32_t type_length; uint16_t encrypted_pre_master_secret_len; @@ -641,8 +669,8 @@ static int tls_send_client_key_exchange ( struct tls_session *tls ) { DBGC ( tls, "RSA encrypting plaintext, modulus, exponent:\n" ); DBGC_HD ( tls, &tls->pre_master_secret, sizeof ( tls->pre_master_secret ) ); - DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len ); - DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len ); + DBGC_HD ( tls, tls->rsa.modulus, tls->rsa.modulus_len ); + DBGC_HD ( tls, tls->rsa.exponent, tls->rsa.exponent_len ); RSA_encrypt ( rsa_ctx, ( const uint8_t * ) &tls->pre_master_secret, sizeof ( tls->pre_master_secret ), key_xchg.encrypted_pre_master_secret, 0 ); @@ -761,17 +789,16 @@ static int tls_new_alert ( struct tls_session *tls, void *data, size_t len ) { } /** - * Receive new Server Hello record + * Receive new Server Hello handshake record * * @v tls TLS session - * @v data Plaintext record - * @v len Length of plaintext record + * @v data Plaintext handshake record + * @v len Length of plaintext handshake record * @ret rc Return status code */ static int tls_new_server_hello ( struct tls_session *tls, void *data, size_t len ) { struct { - uint32_t type_length; uint16_t version; uint8_t random[32]; uint8_t session_id_len; @@ -818,72 +845,74 @@ static int tls_new_server_hello ( struct tls_session *tls, } /** - * Receive new Certificate record + * Receive new Certificate handshake record * * @v tls TLS session - * @v data Plaintext record - * @v len Length of plaintext record + * @v data Plaintext handshake record + * @v len Length of plaintext handshake record * @ret rc Return status code */ static int tls_new_certificate ( struct tls_session *tls, void *data, size_t len ) { struct { - uint32_t type_length; uint8_t length[3]; - uint8_t first_cert_length[3]; - uint8_t asn1_start[0]; + uint8_t certificates[0]; } __attribute__ (( packed )) *certificate = data; - uint8_t *cert = certificate->asn1_start; - int offset = 0; - - /* FIXME */ - (void) len; - - if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 || - asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 || - asn1_skip_obj(cert, &offset, ASN1_EXPLICIT_TAG) || - asn1_skip_obj(cert, &offset, ASN1_INTEGER) || - asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || - asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || - asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || - asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || - asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 || - asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || - asn1_next_obj(cert, &offset, ASN1_BIT_STRING) < 0) { - DBGC ( tls, "TLS %p invalid certificate\n", tls ); - DBGC_HD ( tls, cert + offset, 64 ); - return -EPERM; - } - - offset++; - - if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) { - DBGC ( tls, "TLS %p invalid certificate\n", tls ); - DBGC_HD ( tls, cert + offset, 64 ); - return -EPERM; + struct { + uint8_t length[3]; + uint8_t certificate[0]; + } __attribute__ (( packed )) *element = + ( ( void * ) certificate->certificates ); + size_t elements_len = tls_uint24 ( certificate->length ); + void *end = ( certificate->certificates + elements_len ); + struct asn1_cursor cursor; + int rc; + + /* Sanity check */ + if ( end != ( data + len ) ) { + DBGC ( tls, "TLS %p received overlength Server Certificate\n", + tls ); + DBGC_HD ( tls, data, len ); + return -EINVAL; } - - tls->rsa_mod_len = asn1_get_int(cert, &offset, &tls->rsa_mod); - tls->rsa_pub_exp_len = asn1_get_int(cert, &offset, &tls->rsa_pub_exp); - - DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len ); - DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len ); - return 0; + /* Traverse certificate chain */ + do { + cursor.data = element->certificate; + cursor.len = tls_uint24 ( element->length ); + if ( ( cursor.data + cursor.len ) > end ) { + DBGC ( tls, "TLS %p received corrupt Server " + "Certificate\n", tls ); + DBGC_HD ( tls, data, len ); + return -EINVAL; + } + + // HACK + if ( ( rc = x509_rsa_public_key ( &cursor, + &tls->rsa ) ) != 0 ) { + DBGC ( tls, "TLS %p cannot determine RSA public key: " + "%s\n", tls, strerror ( rc ) ); + return rc; + } + return 0; + + element = ( cursor.data + cursor.len ); + } while ( element != end ); + + return -EINVAL; } /** - * Receive new Server Hello Done record + * Receive new Server Hello Done handshake record * * @v tls TLS session - * @v data Plaintext record - * @v len Length of plaintext record + * @v data Plaintext handshake record + * @v len Length of plaintext handshake record * @ret rc Return status code */ static int tls_new_server_hello_done ( struct tls_session *tls, void *data, size_t len ) { struct { - uint32_t type_length; char next[0]; } __attribute__ (( packed )) *hello_done = data; void *end = hello_done->next; @@ -910,11 +939,11 @@ static int tls_new_server_hello_done ( struct tls_session *tls, } /** - * Receive new Finished record + * Receive new Finished handshake record * * @v tls TLS session - * @v data Plaintext record - * @v len Length of plaintext record + * @v data Plaintext handshake record + * @v len Length of plaintext handshake record * @ret rc Return status code */ static int tls_new_finished ( struct tls_session *tls, @@ -937,33 +966,47 @@ static int tls_new_finished ( struct tls_session *tls, */ static int tls_new_handshake ( struct tls_session *tls, void *data, size_t len ) { - uint8_t *type = data; + struct { + uint8_t type; + uint8_t length[3]; + uint8_t payload[0]; + } __attribute__ (( packed )) *handshake = data; + void *payload = &handshake->payload; + size_t payload_len = tls_uint24 ( handshake->length ); + void *end = ( payload + payload_len ); int rc; - switch ( *type ) { + /* Sanity check */ + if ( end != ( data + len ) ) { + DBGC ( tls, "TLS %p received overlength Handshake\n", tls ); + DBGC_HD ( tls, data, len ); + return -EINVAL; + } + + switch ( handshake->type ) { case TLS_SERVER_HELLO: - rc = tls_new_server_hello ( tls, data, len ); + rc = tls_new_server_hello ( tls, payload, payload_len ); break; case TLS_CERTIFICATE: - rc = tls_new_certificate ( tls, data, len ); + rc = tls_new_certificate ( tls, payload, payload_len ); break; case TLS_SERVER_HELLO_DONE: - rc = tls_new_server_hello_done ( tls, data, len ); + rc = tls_new_server_hello_done ( tls, payload, payload_len ); break; case TLS_FINISHED: - rc = tls_new_finished ( tls, data, len ); + rc = tls_new_finished ( tls, payload, payload_len ); break; default: DBGC ( tls, "TLS %p ignoring handshake type %d\n", - tls, *type ); + tls, handshake->type ); rc = 0; break; } /* Add to handshake digest (except for Hello Requests, which - * are explicitly excludede). + * are explicitly excluded). */ - if ( *type != TLS_HELLO_REQUEST ) + if ( handshake->type != TLS_HELLO_REQUEST ) tls_add_handshake ( tls, data, len ); return rc; |