arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@142 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

Browse Source
This commit is contained in:
cameronrich 2007-11-18 09:00:42 +00:00
parent 4a82037346
commit 7cac88ca9c
4 changed files with 145 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ssl/asn1.c
View File

@ -113,6 +113,15 @@ int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
goto end_int_array; goto end_int_array;
*object = (uint8_t *)malloc(len); *object = (uint8_t *)malloc(len);
/* TODO */
#if 0
if (*object == 0x00) /* ignore the negative byte */
{
len--;
(*object)++;
}
#endif
memcpy(*object, &buf[*offset], len); memcpy(*object, &buf[*offset], len);
*offset += len; *offset += len;
@ -349,7 +358,7 @@ int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0) asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
goto end_pub_key; goto end_pub_key;
(*offset)++; (*offset)++; /* ignore the padding bit field */
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0) if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
goto end_pub_key; goto end_pub_key;
@ -378,7 +387,8 @@ int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
if (cert[(*offset)++] != ASN1_BIT_STRING) if (cert[(*offset)++] != ASN1_BIT_STRING)
goto end_sig; goto end_sig;
x509_ctx->sig_len = get_asn1_length(cert, offset); x509_ctx->sig_len = get_asn1_length(cert, offset)-1;
(*offset)++; /* ignore bit string padding bits */
x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len); x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len); memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
*offset += x509_ctx->sig_len; *offset += x509_ctx->sig_len;

1
ssl/crypto_misc.h
View File

@ -96,7 +96,6 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
void x509_free(X509_CTX *x509_ctx); void x509_free(X509_CTX *x509_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert); int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
#endif #endif
#ifdef CONFIG_SSL_FULL_MODE #ifdef CONFIG_SSL_FULL_MODE
void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert); void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);

171
ssl/gen_cert.c
View File

@ -51,11 +51,24 @@ static const uint8_t rsa_enc_oid[] =
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01
}; };
/* INTEGER 65537 */
static const uint8_t pub_key_seq[] = static const uint8_t pub_key_seq[] =
{ {
0x02, 0x03, 0x01, 0x00, 0x01 0x02, 0x03, 0x01, 0x00, 0x01
}; };
/* 0x00 + SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
NULL
}
OCTET STRING */
static const uint8_t asn1_sig[] =
{
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
0x1a, 0x05, 0x00, 0x04, 0x14
};
static uint8_t set_gen_length(int len, uint8_t *buf, int *offset) static uint8_t set_gen_length(int len, uint8_t *buf, int *offset)
{ {
if (len < 0x80) /* short form */ if (len < 0x80) /* short form */
@ -133,15 +146,16 @@ static void gen_signature_alg(uint8_t *buf, int *offset)
buf[(*offset)++] = 0; buf[(*offset)++] = 0;
} }
static void gen_dn(const char *name, uint8_t dn_type, static int gen_dn(const char *name, uint8_t dn_type,
uint8_t *buf, int *offset) uint8_t *buf, int *offset)
{ {
int ret = X509_OK;
int name_size = strlen(name); int name_size = strlen(name);
if (name_size > 0x70) /* just too big */ if (name_size > 0x70) /* just too big */
{ {
printf(unsupported_str); ret = X509_NOT_OK;
return; goto error;
} }
buf[(*offset)++] = ASN1_SET; buf[(*offset)++] = ASN1_SET;
@ -157,25 +171,45 @@ static void gen_dn(const char *name, uint8_t dn_type,
buf[(*offset)++] = name_size; buf[(*offset)++] = name_size;
strcpy(&buf[*offset], name); strcpy(&buf[*offset], name);
*offset += name_size; *offset += name_size;
error:
return ret;
} }
static void gen_issuer(const char *cn, const char *o, const char *ou, static int gen_issuer(const char *cn, const char *o, const char *ou,
uint8_t *buf, int *offset) uint8_t *buf, int *offset)
{ {
int ret = X509_OK;
int seq_offset; int seq_offset;
int seq_size = pre_adjust_with_size( int seq_size = pre_adjust_with_size(
ASN1_SEQUENCE, &seq_offset, buf, offset); ASN1_SEQUENCE, &seq_offset, buf, offset);
if (cn != NULL) /* we need the common name at a minimum */
gen_dn(cn, 3, buf, offset); if (cn == NULL)
{
ret = X509_NOT_OK;
goto error;
}
if ((ret = gen_dn(cn, 3, buf, offset)))
goto error;
if (o != NULL) if (o != NULL)
gen_dn(o, 10, buf, offset); {
if ((ret = gen_dn(o, 10, buf, offset)))
goto error;
}
if (ou != NULL) if (ou != NULL)
gen_dn(o, 11, buf, offset); {
if ((ret = gen_dn(o, 11, buf, offset)))
goto error;
}
adjust_with_size(seq_size, seq_offset, buf, offset); adjust_with_size(seq_size, seq_offset, buf, offset);
error:
return ret;
} }
static void gen_utc_time(uint8_t *buf, int *offset) static void gen_utc_time(uint8_t *buf, int *offset)
@ -206,32 +240,39 @@ static void gen_utc_time(uint8_t *buf, int *offset)
*offset += 15; *offset += 15;
} }
static void gen_pub_key2(const uint8_t *key, int key_size, static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
uint8_t *buf, int *offset)
{ {
int seq_offset; int seq_offset;
int pub_key_size = rsa_ctx->num_octets;
uint8_t *block = (uint8_t *)alloca(pub_key_size);
int seq_size = pre_adjust_with_size( int seq_size = pre_adjust_with_size(
ASN1_SEQUENCE, &seq_offset, buf, offset); ASN1_SEQUENCE, &seq_offset, buf, offset);
buf[(*offset)++] = ASN1_INTEGER; buf[(*offset)++] = ASN1_INTEGER;
buf[(*offset)++] = key_size; bi_export(rsa_ctx->bi_ctx, rsa_ctx->m, block, pub_key_size);
memcpy(&buf[*offset], key, key_size); if (*block & 0x80) /* make integer positive */
*offset += key_size; {
set_gen_length(pub_key_size+1, buf, offset);
buf[(*offset)++] = 0;
}
else
set_gen_length(pub_key_size, buf, offset);
memcpy(&buf[*offset], block, pub_key_size);
*offset += pub_key_size;
adjust_with_size(seq_size, seq_offset, buf, offset); adjust_with_size(seq_size, seq_offset, buf, offset);
} }
static void gen_pub_key1(const uint8_t *key, int key_size, static void gen_pub_key1(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
uint8_t *buf, int *offset)
{ {
int seq_offset; int seq_offset;
int seq_size = pre_adjust_with_size( int seq_size = pre_adjust_with_size(
ASN1_BIT_STRING, &seq_offset, buf, offset); ASN1_BIT_STRING, &seq_offset, buf, offset);
buf[(*offset)++] = 0; /* bit string is multiple of 8 */ buf[(*offset)++] = 0; /* bit string is multiple of 8 */
gen_pub_key2(key, key_size, buf, offset); gen_pub_key2(rsa_ctx, buf, offset);
adjust_with_size(seq_size, seq_offset, buf, offset); adjust_with_size(seq_size, seq_offset, buf, offset);
} }
static void gen_pub_key(const uint8_t *key, int key_size, static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
uint8_t *buf, int *offset)
{ {
int seq_offset; int seq_offset;
int seq_size = pre_adjust_with_size( int seq_size = pre_adjust_with_size(
@ -245,71 +286,113 @@ static void gen_pub_key(const uint8_t *key, int key_size,
*offset += sizeof(rsa_enc_oid); *offset += sizeof(rsa_enc_oid);
buf[(*offset)++] = ASN1_NULL; buf[(*offset)++] = ASN1_NULL;
buf[(*offset)++] = 0; buf[(*offset)++] = 0;
gen_pub_key1(key, key_size, buf, offset); gen_pub_key1(rsa_ctx, buf, offset);
memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq)); memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
*offset += sizeof(pub_key_seq); *offset += sizeof(pub_key_seq);
adjust_with_size(seq_size, seq_offset, buf, offset); adjust_with_size(seq_size, seq_offset, buf, offset);
} }
static void gen_signature(const uint8_t *sig, int sig_size, static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst,
uint8_t *buf, int *offset) uint8_t *buf, int *offset)
{ {
uint8_t *enc_block = (uint8_t *)alloca(rsa_ctx->num_octets);
uint8_t *block = (uint8_t *)alloca(sizeof(asn1_sig) + SHA1_SIZE);
int sig_size;
/* add the digest as an embedded asn.1 sequence */
memcpy(block, asn1_sig, sizeof(asn1_sig));
memcpy(&block[sizeof(asn1_sig)], sha_dgst, SHA1_SIZE);
sig_size = RSA_encrypt(rsa_ctx, block,
sizeof(asn1_sig) + SHA1_SIZE, enc_block, 1);
buf[(*offset)++] = ASN1_BIT_STRING; buf[(*offset)++] = ASN1_BIT_STRING;
set_gen_length(sig_size+1, buf, offset); set_gen_length(sig_size+1, buf, offset);
buf[(*offset)++] = 0; /* bit string is multiple of 8 */ buf[(*offset)++] = 0; /* bit string is multiple of 8 */
memcpy(&buf[*offset], sig, sig_size); memcpy(&buf[*offset], enc_block, sig_size);
*offset += sig_size; *offset += sig_size;
} }
static void gen_tbs_cert(const char *cn, const char *o, const char *ou, static int gen_tbs_cert(const char *cn, const char *o, const char *ou,
const uint8_t *key, int key_size, uint8_t *buf, int *offset) const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset,
uint8_t *sha_dgst)
{ {
int ret = X509_OK;
SHA1_CTX sha_ctx;
int seq_offset; int seq_offset;
int seq_size = pre_adjust_with_size( int seq_size = pre_adjust_with_size(
ASN1_SEQUENCE, &seq_offset, buf, offset); ASN1_SEQUENCE, &seq_offset, buf, offset);
int begin_tbs = *offset;
gen_serial_number(buf, offset); gen_serial_number(buf, offset);
gen_signature_alg(buf, offset); gen_signature_alg(buf, offset);
gen_issuer(cn, o, ou, buf, offset); if ((ret = gen_issuer(cn, o, ou, buf, offset)))
goto error;
gen_utc_time(buf, offset); gen_utc_time(buf, offset);
gen_issuer(cn, o, ou, buf, offset); if ((ret = gen_issuer(cn, o, ou, buf, offset)))
gen_pub_key(key, key_size, buf, offset); goto error;
gen_pub_key(rsa_ctx, buf, offset);
SHA1_Init(&sha_ctx);
SHA1_Update(&sha_ctx, &buf[begin_tbs], *offset-begin_tbs);
SHA1_Final(sha_dgst, &sha_ctx);
adjust_with_size(seq_size, seq_offset, buf, offset); adjust_with_size(seq_size, seq_offset, buf, offset);
error:
return ret;
} }
int gen_cert(const char *cn, const char *o, const char *ou, int gen_cert(const char *cn, const char *o, const char *ou,
const uint8_t *key, int key_size, uint8_t *buf) const RSA_CTX *rsa_ctx, uint8_t *buf, int *cert_size)
{ {
int ret = X509_OK;
int offset = 0; int offset = 0;
int seq_offset; int seq_offset;
uint8_t sha_dgst[SHA1_SIZE];
int seq_size = pre_adjust_with_size( int seq_size = pre_adjust_with_size(
ASN1_SEQUENCE, &seq_offset, buf, &offset); ASN1_SEQUENCE, &seq_offset, buf, &offset);
uint8_t sig[128];
memset(sig, 0, sizeof(sig));
gen_tbs_cert(cn, o, ou, key, key_size, buf, &offset); if ((ret = gen_tbs_cert(cn, o, ou, rsa_ctx, buf, &offset, sha_dgst)))
goto error;
gen_signature_alg(buf, &offset); gen_signature_alg(buf, &offset);
gen_signature(sig, sizeof(sig), buf, &offset); gen_signature(rsa_ctx, sha_dgst, buf, &offset);
adjust_with_size(seq_size, seq_offset, buf, &offset); adjust_with_size(seq_size, seq_offset, buf, &offset);
print_blob("GA", buf, offset); *cert_size = offset;
return offset; /* the size of the certificate */ error:
return ret;
} }
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
uint8_t key[16]; int ret = X509_OK;
uint8_t *key_buf = NULL;
RSA_CTX *rsa_ctx = NULL;
uint8_t buf[2048]; uint8_t buf[2048];
int offset = 0; int cert_size;
memset(key, 0, sizeof(key)); FILE *f;
memset(buf, 0, sizeof(buf));
//gen_tbs_cert("abc", "def", "ghi", key, sizeof(key), buf, &offset); int len = get_file("../ssl/test/axTLS.key_512", &key_buf);
offset = gen_cert("abc", "def", "ghi", "blah", 5, buf); if ((ret = asn1_get_private_key(key_buf, len, &rsa_ctx)))
FILE *f = fopen("blah.dat", "w"); goto error;
fwrite(buf, offset, 1, f);
if ((ret = gen_cert("abc", "def", "ghi", rsa_ctx, buf, &cert_size)))
goto error;
f = fopen("blah.dat", "w");
fwrite(buf, cert_size, 1, f);
fclose(f); fclose(f);
error:
free(key_buf);
RSA_free(rsa_ctx);
return 0; if (ret)
printf("Some cert generation issue\n");
return ret;
} }
#endif #endif

8
ssl/x509.c
View File

@ -45,7 +45,7 @@
/** /**
* Retrieve the signature from a certificate. * Retrieve the signature from a certificate.
*/ */
const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len) static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len)
{ {
int offset = 0; int offset = 0;
const uint8_t *ptr = NULL; const uint8_t *ptr = NULL;
@ -224,6 +224,7 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp); decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
bi_export(ctx, decrypted_bi, block, sig_len); bi_export(ctx, decrypted_bi, block, sig_len);
print_blob("SIGNATURE", block, sig_len);
ctx->mod_offset = BIGINT_M_OFFSET; ctx->mod_offset = BIGINT_M_OFFSET;
i = 10; /* start at the first possible non-padded byte */ i = 10; /* start at the first possible non-padded byte */
@ -233,8 +234,11 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
/* get only the bit we want */ /* get only the bit we want */
if (size > 0) if (size > 0)
{ {
FILE *f = fopen("blah.dat", "w");
fwrite(&block[i], sig_len-i, 1, f);
fclose(f);
int len; int len;
const uint8_t *sig_ptr = x509_get_signature(&block[i], &len); const uint8_t *sig_ptr = get_signature(&block[i], &len);
if (sig_ptr) if (sig_ptr)
{ {