![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to x509.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / crypto|
Return to x509.c CVS log | Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / crypto |
1.1 ! root 1: /* ! 2: * Copyright (C) 2007 Michael Brown <[email protected]>. ! 3: * ! 4: * This program is free software; you can redistribute it and/or ! 5: * modify it under the terms of the GNU General Public License as ! 6: * published by the Free Software Foundation; either version 2 of the ! 7: * License, or any later version. ! 8: * ! 9: * This program is distributed in the hope that it will be useful, but ! 10: * WITHOUT ANY WARRANTY; without even the implied warranty of ! 11: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ! 12: * General Public License for more details. ! 13: * ! 14: * You should have received a copy of the GNU General Public License ! 15: * along with this program; if not, write to the Free Software ! 16: * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ! 17: */ ! 18: ! 19: FILE_LICENCE ( GPL2_OR_LATER ); ! 20: ! 21: #include <stdlib.h> ! 22: #include <string.h> ! 23: #include <errno.h> ! 24: #include <ipxe/asn1.h> ! 25: #include <ipxe/x509.h> ! 26: ! 27: /** @file ! 28: * ! 29: * X.509 certificates ! 30: * ! 31: * The structure of X.509v3 certificates is concisely documented in ! 32: * RFC5280 section 4.1. The structure of RSA public keys is ! 33: * documented in RFC2313. ! 34: */ ! 35: ! 36: /** Object Identifier for "rsaEncryption" (1.2.840.113549.1.1.1) */ ! 37: static const uint8_t oid_rsa_encryption[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, ! 38: 0x0d, 0x01, 0x01, 0x01 }; ! 39: ! 40: /** ! 41: * Identify X.509 certificate public key ! 42: * ! 43: * @v certificate Certificate ! 44: * @v algorithm Public key algorithm to fill in ! 45: * @v pubkey Public key value to fill in ! 46: * @ret rc Return status code ! 47: */ ! 48: static int x509_public_key ( const struct asn1_cursor *certificate, ! 49: struct asn1_cursor *algorithm, ! 50: struct asn1_cursor *pubkey ) { ! 51: struct asn1_cursor cursor; ! 52: int rc; ! 53: ! 54: /* Locate subjectPublicKeyInfo */ ! 55: memcpy ( &cursor, certificate, sizeof ( cursor ) ); ! 56: rc = ( asn1_enter ( &cursor, ASN1_SEQUENCE ), /* Certificate */ ! 57: asn1_enter ( &cursor, ASN1_SEQUENCE ), /* tbsCertificate */ ! 58: asn1_skip ( &cursor, ASN1_EXPLICIT_TAG ), /* version */ ! 59: asn1_skip ( &cursor, ASN1_INTEGER ), /* serialNumber */ ! 60: asn1_skip ( &cursor, ASN1_SEQUENCE ), /* signature */ ! 61: asn1_skip ( &cursor, ASN1_SEQUENCE ), /* issuer */ ! 62: asn1_skip ( &cursor, ASN1_SEQUENCE ), /* validity */ ! 63: asn1_skip ( &cursor, ASN1_SEQUENCE ), /* name */ ! 64: asn1_enter ( &cursor, ASN1_SEQUENCE )/* subjectPublicKeyInfo*/); ! 65: if ( rc != 0 ) { ! 66: DBG ( "Cannot locate subjectPublicKeyInfo in:\n" ); ! 67: DBG_HDA ( 0, certificate->data, certificate->len ); ! 68: return rc; ! 69: } ! 70: ! 71: /* Locate algorithm */ ! 72: memcpy ( algorithm, &cursor, sizeof ( *algorithm ) ); ! 73: rc = ( asn1_enter ( algorithm, ASN1_SEQUENCE ) /* algorithm */ ); ! 74: if ( rc != 0 ) { ! 75: DBG ( "Cannot locate algorithm in:\n" ); ! 76: DBG_HDA ( 0, certificate->data, certificate->len ); ! 77: return rc; ! 78: } ! 79: ! 80: /* Locate subjectPublicKey */ ! 81: memcpy ( pubkey, &cursor, sizeof ( *pubkey ) ); ! 82: rc = ( asn1_skip ( pubkey, ASN1_SEQUENCE ), /* algorithm */ ! 83: asn1_enter ( pubkey, ASN1_BIT_STRING ) /* subjectPublicKey*/ ); ! 84: if ( rc != 0 ) { ! 85: DBG ( "Cannot locate subjectPublicKey in:\n" ); ! 86: DBG_HDA ( 0, certificate->data, certificate->len ); ! 87: return rc; ! 88: } ! 89: ! 90: return 0; ! 91: } ! 92: ! 93: /** ! 94: * Identify X.509 certificate RSA modulus and public exponent ! 95: * ! 96: * @v certificate Certificate ! 97: * @v rsa RSA public key to fill in ! 98: * @ret rc Return status code ! 99: * ! 100: * The caller is responsible for eventually calling ! 101: * x509_free_rsa_public_key() to free the storage allocated to hold ! 102: * the RSA modulus and exponent. ! 103: */ ! 104: int x509_rsa_public_key ( const struct asn1_cursor *certificate, ! 105: struct x509_rsa_public_key *rsa_pubkey ) { ! 106: struct asn1_cursor algorithm; ! 107: struct asn1_cursor pubkey; ! 108: struct asn1_cursor modulus; ! 109: struct asn1_cursor exponent; ! 110: int rc; ! 111: ! 112: /* First, extract the public key algorithm and key data */ ! 113: if ( ( rc = x509_public_key ( certificate, &algorithm, ! 114: &pubkey ) ) != 0 ) ! 115: return rc; ! 116: ! 117: /* Check that algorithm is RSA */ ! 118: rc = ( asn1_enter ( &algorithm, ASN1_OID ) /* algorithm */ ); ! 119: if ( rc != 0 ) { ! 120: DBG ( "Cannot locate algorithm:\n" ); ! 121: DBG_HDA ( 0, certificate->data, certificate->len ); ! 122: return rc; ! 123: } ! 124: if ( ( algorithm.len != sizeof ( oid_rsa_encryption ) ) || ! 125: ( memcmp ( algorithm.data, &oid_rsa_encryption, ! 126: sizeof ( oid_rsa_encryption ) ) != 0 ) ) { ! 127: DBG ( "algorithm is not rsaEncryption in:\n" ); ! 128: DBG_HDA ( 0, certificate->data, certificate->len ); ! 129: return -ENOTSUP; ! 130: } ! 131: ! 132: /* Check that public key is a byte string, i.e. that the ! 133: * "unused bits" byte contains zero. ! 134: */ ! 135: if ( ( pubkey.len < 1 ) || ! 136: ( ( *( uint8_t * ) pubkey.data ) != 0 ) ) { ! 137: DBG ( "subjectPublicKey is not a byte string in:\n" ); ! 138: DBG_HDA ( 0, certificate->data, certificate->len ); ! 139: return -ENOTSUP; ! 140: } ! 141: pubkey.data++; ! 142: pubkey.len--; ! 143: ! 144: /* Pick out the modulus and exponent */ ! 145: rc = ( asn1_enter ( &pubkey, ASN1_SEQUENCE ) /* RSAPublicKey */ ); ! 146: if ( rc != 0 ) { ! 147: DBG ( "Cannot locate RSAPublicKey in:\n" ); ! 148: DBG_HDA ( 0, certificate->data, certificate->len ); ! 149: return -ENOTSUP; ! 150: } ! 151: memcpy ( &modulus, &pubkey, sizeof ( modulus ) ); ! 152: rc = ( asn1_enter ( &modulus, ASN1_INTEGER ) /* modulus */ ); ! 153: if ( rc != 0 ) { ! 154: DBG ( "Cannot locate modulus in:\n" ); ! 155: DBG_HDA ( 0, certificate->data, certificate->len ); ! 156: return -ENOTSUP; ! 157: } ! 158: memcpy ( &exponent, &pubkey, sizeof ( exponent ) ); ! 159: rc = ( asn1_skip ( &exponent, ASN1_INTEGER ), /* modulus */ ! 160: asn1_enter ( &exponent, ASN1_INTEGER ) /* publicExponent */ ); ! 161: if ( rc != 0 ) { ! 162: DBG ( "Cannot locate publicExponent in:\n" ); ! 163: DBG_HDA ( 0, certificate->data, certificate->len ); ! 164: return -ENOTSUP; ! 165: } ! 166: ! 167: /* Allocate space and copy out modulus and exponent */ ! 168: rsa_pubkey->modulus = malloc ( modulus.len + exponent.len ); ! 169: if ( ! rsa_pubkey->modulus ) ! 170: return -ENOMEM; ! 171: rsa_pubkey->exponent = ( rsa_pubkey->modulus + modulus.len ); ! 172: memcpy ( rsa_pubkey->modulus, modulus.data, modulus.len ); ! 173: rsa_pubkey->modulus_len = modulus.len; ! 174: memcpy ( rsa_pubkey->exponent, exponent.data, exponent.len ); ! 175: rsa_pubkey->exponent_len = exponent.len; ! 176: ! 177: DBG2 ( "RSA modulus:\n" ); ! 178: DBG2_HDA ( 0, rsa_pubkey->modulus, rsa_pubkey->modulus_len ); ! 179: DBG2 ( "RSA exponent:\n" ); ! 180: DBG2_HDA ( 0, rsa_pubkey->exponent, rsa_pubkey->exponent_len ); ! 181: ! 182: return 0; ! 183: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.