1 /* 2 * Copyright (c) 2007-2017, Cameron Rich 3 * 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * * Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * * Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * * Neither the name of the axTLS project nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /** 32 * @file crypto_misc.h 33 */ 34 35 #ifndef HEADER_CRYPTO_MISC_H 36 #define HEADER_CRYPTO_MISC_H 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 #include <stdbool.h> 43 #include "crypto.h" 44 #include "bigint.h" 45 46 /************************************************************************** 47 * X509 declarations 48 **************************************************************************/ 49 #define X509_OK 0 50 #define X509_NOT_OK -1 51 #define X509_VFY_ERROR_NO_TRUSTED_CERT -2 52 #define X509_VFY_ERROR_BAD_SIGNATURE -3 53 #define X509_VFY_ERROR_NOT_YET_VALID -4 54 #define X509_VFY_ERROR_EXPIRED -5 55 #define X509_VFY_ERROR_SELF_SIGNED -6 56 #define X509_VFY_ERROR_INVALID_CHAIN -7 57 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8 58 #define X509_INVALID_PRIV_KEY -9 59 #define X509_MAX_CERTS -10 60 #define X509_VFY_ERROR_BASIC_CONSTRAINT -11 61 62 /* 63 * The Distinguished Name 64 */ 65 #define X509_NUM_DN_TYPES 6 66 #define X509_COMMON_NAME 0 67 #define X509_ORGANIZATION 1 68 #define X509_ORGANIZATIONAL_UNIT 2 69 #define X509_LOCATION 3 70 #define X509_COUNTRY 4 71 #define X509_STATE 5 72 73 /* 74 * Key Usage bits 75 */ 76 #define IS_SET_KEY_USAGE_FLAG(A, B) (A->key_usage & B) 77 78 #define KEY_USAGE_DIGITAL_SIGNATURE 0x0080 79 #define KEY_USAGE_NON_REPUDIATION 0x0040 80 #define KEY_USAGE_KEY_ENCIPHERMENT 0x0020 81 #define KEY_USAGE_DATA_ENCIPHERMENT 0x0010 82 #define KEY_USAGE_KEY_AGREEMENT 0x0008 83 #define KEY_USAGE_KEY_CERT_SIGN 0x0004 84 #define KEY_USAGE_CRL_SIGN 0x0002 85 #define KEY_USAGE_ENCIPHER_ONLY 0x0001 86 #define KEY_USAGE_DECIPHER_ONLY 0x8000 87 88 struct _x509_ctx 89 { 90 char *ca_cert_dn[X509_NUM_DN_TYPES]; 91 char *cert_dn[X509_NUM_DN_TYPES]; 92 char **subject_alt_dnsnames; 93 time_t not_before; 94 time_t not_after; 95 uint8_t *signature; 96 RSA_CTX *rsa_ctx; 97 bigint *digest; 98 uint16_t sig_len; 99 uint8_t sig_type; 100 bool basic_constraint_present; 101 bool basic_constraint_is_critical; 102 bool key_usage_present; 103 bool key_usage_is_critical; 104 bool subject_alt_name_present; 105 bool subject_alt_name_is_critical; 106 bool basic_constraint_cA; 107 int basic_constraint_pathLenConstraint; 108 uint32_t key_usage; 109 struct _x509_ctx *next; 110 }; 111 112 typedef struct _x509_ctx X509_CTX; 113 114 #ifdef CONFIG_SSL_CERT_VERIFICATION 115 typedef struct 116 { 117 X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS]; 118 } CA_CERT_CTX; 119 #endif 120 121 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx); 122 void x509_free(X509_CTX *x509_ctx); 123 #ifdef CONFIG_SSL_CERT_VERIFICATION 124 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 125 int *pathLenConstraint); 126 #endif 127 #ifdef CONFIG_SSL_FULL_MODE 128 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx); 129 const char * x509_display_error(int error); 130 #endif 131 132 /************************************************************************** 133 * ASN1 declarations 134 **************************************************************************/ 135 #define ASN1_BOOLEAN 0x01 136 #define ASN1_INTEGER 0x02 137 #define ASN1_BIT_STRING 0x03 138 #define ASN1_OCTET_STRING 0x04 139 #define ASN1_NULL 0x05 140 #define ASN1_PRINTABLE_STR2 0x0C 141 #define ASN1_OID 0x06 142 #define ASN1_PRINTABLE_STR2 0x0C 143 #define ASN1_PRINTABLE_STR 0x13 144 #define ASN1_TELETEX_STR 0x14 145 #define ASN1_IA5_STR 0x16 146 #define ASN1_UTC_TIME 0x17 147 #define ASN1_GENERALIZED_TIME 0x18 148 #define ASN1_UNICODE_STR 0x1e 149 #define ASN1_SEQUENCE 0x30 150 #define ASN1_CONTEXT_DNSNAME 0x82 151 #define ASN1_SET 0x31 152 #define ASN1_V3_DATA 0xa3 153 #define ASN1_IMPLICIT_TAG 0x80 154 #define ASN1_CONTEXT_DNSNAME 0x82 155 #define ASN1_EXPLICIT_TAG 0xa0 156 #define ASN1_V3_DATA 0xa3 157 158 #define SIG_TYPE_MD5 0x04 159 #define SIG_TYPE_SHA1 0x05 160 #define SIG_TYPE_SHA256 0x0b 161 #define SIG_TYPE_SHA384 0x0c 162 #define SIG_TYPE_SHA512 0x0d 163 164 uint32_t get_asn1_length(const uint8_t *buf, int *offset); 165 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); 166 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type); 167 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type); 168 int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object); 169 int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val); 170 int asn1_get_bool(const uint8_t *buf, int *offset, bool *val); 171 int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val); 172 int asn1_version(const uint8_t *cert, int *offset, int *val); 173 int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 174 int asn1_name(const uint8_t *cert, int *offset, char *dn[]); 175 int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 176 #ifdef CONFIG_SSL_CERT_VERIFICATION 177 int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 178 int asn1_compare_dn(char * const dn1[], char * const dn2[]); 179 int asn1_is_subject_alt_name(const uint8_t *cert, int offset); 180 int asn1_is_basic_constraints(const uint8_t *cert, int offset); 181 int asn1_is_key_usage(const uint8_t *cert, int offset); 182 bool asn1_is_critical_ext(const uint8_t *buf, int *offset); 183 #endif /* CONFIG_SSL_CERT_VERIFICATION */ 184 int asn1_signature_type(const uint8_t *cert, 185 int *offset, X509_CTX *x509_ctx); 186 187 /************************************************************************** 188 * MISC declarations 189 **************************************************************************/ 190 #define SALT_SIZE 8 191 192 extern const char * const unsupported_str; 193 194 typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int); 195 typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 196 int key_len, uint8_t *digest); 197 198 int get_file(const char *filename, uint8_t **buf); 199 200 #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG) 201 EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...); 202 #else 203 #define print_blob(...) 204 #endif 205 206 EXP_FUNC int STDCALL base64_decode(const char *in, int len, 207 uint8_t *out, int *outlen); 208 209 #ifdef __cplusplus 210 } 211 #endif 212 213 #endif 214