feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix asn public interface, some potential collisions

Browse Source
This commit is contained in:
Todd A Ouska
2011-06-03 13:01:45 -07:00
parent 3eba68df6d
commit 004da8ff52
8 changed files with 174 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -6,7 +6,9 @@
*sh
*.cache
.dirstamp
*.user
config*
*Debug/
ctc_config*
stamp*
libtool.m4

15
configure.in
View File

@ -7,7 +7,7 @@ AC_CANONICAL_SYSTEM
AM_INIT_AUTOMAKE(subdir-objects)
#shared library versioning
CYASSL_LIBRARY_VERSION=2:0:0
CYASSL_LIBRARY_VERSION=2:1:0
# | | |
# +------+ | +---+
# | | |
@ -367,6 +367,19 @@ fi
AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
# Test certs, use internal cert functions for extra testing
AC_ARG_ENABLE(testcert,
[ --enable-testcert Enable Test Cert (default: disabled)],
[ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ]
)
if test "$ENABLED_TESTCERT" = "yes"
then
CFLAGS="$CFLAGS -DCYASSL_TEST_CERT"
fi
# LIBZ
trylibzdir=""
AC_ARG_WITH(libz,

55
ctaocrypt/include/ctc_asn.h
View File

@ -42,7 +42,6 @@ enum {
ISSUER = 0,
SUBJECT = 1,
SERIAL_SIZE = 8,
EXTERNAL_SERIAL_SIZE = 32,
BEFORE = 0,
@ -170,20 +169,16 @@ enum KDF_Sum {
};
/* Certificate file Type */
enum CertType {
CERT_TYPE = 0,
PRIVATEKEY_TYPE,
CA_TYPE
};
enum VerifyType {
NO_VERIFY = 0,
VERIFY = 1
};
typedef struct DecodedCert DecodedCert;
typedef struct Signer Signer;
struct DecodedCert {
byte* publicKey;
word32 pubKeySize;
@ -237,6 +232,18 @@ struct Signer {
};
/* not for public consumption but may use for testing sometimes */
#ifdef CYASSL_TEST_CERT
#define CYASSL_TEST_API CYASSL_API
#else
#define CYASSL_TEST_API CYASSL_LOCAL
#endif
CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, void*);
CYASSL_TEST_API void FreeDecodedCert(DecodedCert*);
CYASSL_TEST_API int ParseCert(DecodedCert*, word32, int type, int verify,
Signer* signer);
CYASSL_LOCAL int ParseCertRelative(DecodedCert*, word32, int type, int verify,
Signer* signer);
@ -265,7 +272,6 @@ CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
#ifdef CYASSL_CERT_GEN
enum cert_enums {
NAME_SIZE = 64,
NAME_ENTRIES = 8,
JOINT_LEN = 2,
EMAIL_JOINT_LEN = 9,
@ -274,35 +280,6 @@ enum cert_enums {
};
typedef struct CertName {
char country[NAME_SIZE];
char state[NAME_SIZE];
char locality[NAME_SIZE];
char sur[NAME_SIZE];
char org[NAME_SIZE];
char unit[NAME_SIZE];
char commonName[NAME_SIZE];
char email[NAME_SIZE]; /* !!!! email has to be last !!!! */
} CertName;
/* for user to fill for certificate generation */
struct Cert {
int version; /* x509 version */
byte serial[SERIAL_SIZE]; /* serial number */
int sigType; /* signature algo type */
CertName issuer; /* issuer info */
int daysValid; /* validity days */
int selfSigned; /* self signed flag */
CertName subject; /* subject info */
/* internal use only */
int bodySz; /* pre sign total size */
int keyType; /* public key type of subject */
};
#endif /* CYASSL_CERT_GEN */

78
ctaocrypt/include/ctc_asn_public.h
View File

@ -24,31 +24,58 @@
#define CTAO_CRYPT_ASN_PUBLIC_H
#include "ctc_types.h"
#ifdef CYASSL_CERT_GEN
#include "ctc_rsa.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* forward declarations */
typedef struct DecodedCert DecodedCert;
typedef struct Cert Cert;
typedef struct Signer Signer;
#ifndef CTC_RSA_KEY_DEFINED
typedef struct RsaKey RsaKey;
#endif
#ifndef CTC_RNG_DEFINED
typedef struct RNG RNG;
#endif
CYASSL_API void InitDecodedCert(DecodedCert*, byte*, void*);
CYASSL_API void FreeDecodedCert(DecodedCert*);
CYASSL_API int ParseCert(DecodedCert*, word32, int type, int verify,
Signer* signer);
/* Certificate file Type */
enum CertType {
CERT_TYPE = 0,
PRIVATEKEY_TYPE,
CA_TYPE
};
#ifdef CYASSL_CERT_GEN
enum Ctc_Misc {
CTC_NAME_SIZE = 64,
CTC_SERIAL_SIZE = 8
};
typedef struct CertName {
char country[CTC_NAME_SIZE];
char state[CTC_NAME_SIZE];
char locality[CTC_NAME_SIZE];
char sur[CTC_NAME_SIZE];
char org[CTC_NAME_SIZE];
char unit[CTC_NAME_SIZE];
char commonName[CTC_NAME_SIZE];
char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */
} CertName;
/* for user to fill for certificate generation */
typedef struct Cert {
int version; /* x509 version */
byte serial[CTC_SERIAL_SIZE]; /* serial number */
int sigType; /* signature algo type */
CertName issuer; /* issuer info */
int daysValid; /* validity days */
int selfSigned; /* self signed flag */
CertName subject; /* subject info */
/* internal use only */
int bodySz; /* pre sign total size */
int keyType; /* public key type of subject */
} Cert;
#if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
CYASSL_API int DerToPem(const byte* der, word32 derSz, byte* output,
word32 outputSz, int type);
#endif
/* Initialize and Set Certficate defaults:
version = 3 (0x2)
@ -66,9 +93,18 @@ CYASSL_API int SignCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
CYASSL_API int MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
RNG*);
CYASSL_API int SetIssuer(Cert*, const char*);
#ifdef HAVE_NTRU
CYASSL_API int MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz, RNG*);
#ifdef HAVE_NTRU
CYASSL_API int MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz, RNG*);
#endif
#endif /* CYASSL_CERT_GEN */
#if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
CYASSL_API int DerToPem(const byte* der, word32 derSz, byte* output,
word32 outputSz, int type);
#endif

1
ctaocrypt/include/ctc_random.h
View File

@ -59,7 +59,6 @@ typedef struct RNG {
Arc4 cipher;
} RNG;
#define CTC_RNG_DEFINED /* redeclare guard */
CYASSL_API int InitRng(RNG*);
CYASSL_API void RNG_GenerateBlock(RNG*, byte*, word32 sz);

11
ctaocrypt/include/ctc_rsa.h
View File

@ -44,8 +44,6 @@ typedef struct RsaKey {
void* heap; /* for user memory overrides */
} RsaKey;
#define CTC_RSA_KEY_DEFINED /* redeclare guard */
CYASSL_API void InitRsaKey(RsaKey* key, void*);
CYASSL_API void FreeRsaKey(RsaKey* key);
@ -64,15 +62,16 @@ CYASSL_API int RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
CYASSL_API int RsaEncryptSize(RsaKey* key);
CYASSL_API int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,
word32);
CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,
word32);
#ifdef CYASSL_KEY_GEN
CYASSL_API int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
CYASSL_API int RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
#endif
CYASSL_API int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,
word32);
CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,
word32);
#ifdef __cplusplus
} /* extern "C" */

62
ctaocrypt/src/asn.c
View File

@ -2420,7 +2420,7 @@ void InitCert(Cert* cert)
cert->selfSigned = 1;
cert->bodySz = 0;
cert->keyType = RSA_KEY;
XMEMSET(cert->serial, 0, SERIAL_SIZE);
XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
cert->issuer.country[0] = '\0';
cert->issuer.state[0] = '\0';
@ -2446,7 +2446,7 @@ void InitCert(Cert* cert)
typedef struct DerCert {
byte size[MAX_LENGTH_SZ]; /* length encoded */
byte version[MAX_VERSION_SZ]; /* version encoded */
byte serial[SERIAL_SIZE + MAX_LENGTH_SZ]; /* serial number encoded */
byte serial[CTC_SERIAL_SIZE + MAX_LENGTH_SZ]; /* serial number encoded */
byte sigAlgo[MAX_ALGO_SZ]; /* signature algo encoded */
byte issuer[ASN_NAME_MAX]; /* issuer encoded */
byte subject[ASN_NAME_MAX]; /* subject encoded */
@ -2478,10 +2478,10 @@ static int SetSerial(const byte* serial, byte* output)
int length = 0;
output[length++] = ASN_INTEGER;
length += SetLength(SERIAL_SIZE, &output[length]);
XMEMCPY(&output[length], serial, SERIAL_SIZE);
length += SetLength(CTC_SERIAL_SIZE, &output[length]);
XMEMCPY(&output[length], serial, CTC_SERIAL_SIZE);
return length + SERIAL_SIZE;
return length + CTC_SERIAL_SIZE;
}
@ -2657,7 +2657,7 @@ typedef struct EncodedName {
int totalLen; /* total encodeding length */
int type; /* type of name */
int used; /* are we actually using this one */
byte encoded[NAME_SIZE * 2]; /* encoding */
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
} EncodedName;
@ -2853,7 +2853,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng,
der->versionSz = SetMyVersion(cert->version, der->version, TRUE);
/* serial number */
RNG_GenerateBlock(rng, cert->serial, SERIAL_SIZE);
RNG_GenerateBlock(rng, cert->serial, CTC_SERIAL_SIZE);
cert->serial[0] = 0x01; /* ensure positive */
der->serialSz = SetSerial(cert->serial, der->serial);
@ -3086,51 +3086,51 @@ int SetIssuer(Cert* cert, const char* issuerCertFile)
return ret;
if (decoded.subjectCN) {
sz = (decoded.subjectCNLen < NAME_SIZE) ? decoded.subjectCNLen :
NAME_SIZE - 1;
strncpy(cert->issuer.commonName, decoded.subjectCN, NAME_SIZE);
sz = (decoded.subjectCNLen < CTC_NAME_SIZE) ? decoded.subjectCNLen :
CTC_NAME_SIZE - 1;
strncpy(cert->issuer.commonName, decoded.subjectCN, CTC_NAME_SIZE);
cert->issuer.commonName[sz] = 0;
}
if (decoded.subjectC) {
sz = (decoded.subjectCLen < NAME_SIZE) ? decoded.subjectCLen :
NAME_SIZE - 1;
strncpy(cert->issuer.country, decoded.subjectC, NAME_SIZE);
sz = (decoded.subjectCLen < CTC_NAME_SIZE) ? decoded.subjectCLen :
CTC_NAME_SIZE - 1;
strncpy(cert->issuer.country, decoded.subjectC, CTC_NAME_SIZE);
cert->issuer.country[sz] = 0;
}
if (decoded.subjectST) {
sz = (decoded.subjectSTLen < NAME_SIZE) ? decoded.subjectSTLen :
NAME_SIZE - 1;
strncpy(cert->issuer.state, decoded.subjectST, NAME_SIZE);
sz = (decoded.subjectSTLen < CTC_NAME_SIZE) ? decoded.subjectSTLen :
CTC_NAME_SIZE - 1;
strncpy(cert->issuer.state, decoded.subjectST, CTC_NAME_SIZE);
cert->issuer.state[sz] = 0;
}
if (decoded.subjectL) {
sz = (decoded.subjectLLen < NAME_SIZE) ? decoded.subjectLLen :
NAME_SIZE - 1;
strncpy(cert->issuer.locality, decoded.subjectL, NAME_SIZE);
sz = (decoded.subjectLLen < CTC_NAME_SIZE) ? decoded.subjectLLen :
CTC_NAME_SIZE - 1;
strncpy(cert->issuer.locality, decoded.subjectL, CTC_NAME_SIZE);
cert->issuer.locality[sz] = 0;
}
if (decoded.subjectO) {
sz = (decoded.subjectOLen < NAME_SIZE) ? decoded.subjectOLen :
NAME_SIZE - 1;
strncpy(cert->issuer.org, decoded.subjectO, NAME_SIZE);
sz = (decoded.subjectOLen < CTC_NAME_SIZE) ? decoded.subjectOLen :
CTC_NAME_SIZE - 1;
strncpy(cert->issuer.org, decoded.subjectO, CTC_NAME_SIZE);
cert->issuer.org[sz] = 0;
}
if (decoded.subjectOU) {
sz = (decoded.subjectOULen < NAME_SIZE) ? decoded.subjectOULen :
NAME_SIZE - 1;
strncpy(cert->issuer.unit, decoded.subjectOU, NAME_SIZE);
sz = (decoded.subjectOULen < CTC_NAME_SIZE) ? decoded.subjectOULen :
CTC_NAME_SIZE - 1;
strncpy(cert->issuer.unit, decoded.subjectOU, CTC_NAME_SIZE);
cert->issuer.unit[sz] = 0;
}
if (decoded.subjectSN) {
sz = (decoded.subjectSNLen < NAME_SIZE) ? decoded.subjectSNLen :
NAME_SIZE - 1;
strncpy(cert->issuer.sur, decoded.subjectSN, NAME_SIZE);
sz = (decoded.subjectSNLen < CTC_NAME_SIZE) ? decoded.subjectSNLen :
CTC_NAME_SIZE - 1;
strncpy(cert->issuer.sur, decoded.subjectSN, CTC_NAME_SIZE);
cert->issuer.sur[sz] = 0;
}
if (decoded.subjectEmail) {
sz = (decoded.subjectEmailLen < NAME_SIZE) ? decoded.subjectEmailLen :
NAME_SIZE - 1;
strncpy(cert->issuer.email, decoded.subjectEmail, NAME_SIZE);
sz = (decoded.subjectEmailLen < CTC_NAME_SIZE) ?
decoded.subjectEmailLen : CTC_NAME_SIZE - 1;
strncpy(cert->issuer.email, decoded.subjectEmail, CTC_NAME_SIZE);
cert->issuer.email[sz] = 0;
}

84
ctaocrypt/test/test.c
View File

@ -5,6 +5,11 @@
#include <stdio.h>
#include <stdlib.h>
#ifdef CYASSL_TEST_CERT
#include "ctc_asn.h"
#else
#include "ctc_asn_public.h"
#endif
#include "ctc_md5.h"
#include "ctc_md4.h"
#include "ctc_sha.h"
@ -13,7 +18,7 @@
#include "ctc_arc4.h"
#include "ctc_random.h"
#include "ctc_coding.h"
#include "ctc_asn.h"
#include "ctc_rsa.h"
#include "ctc_des3.h"
#include "ctc_aes.h"
#include "ctc_hmac.h"
@ -1081,7 +1086,9 @@ int rsa_test()
word32 inLen = (word32)strlen((char*)in);
byte out[256];
byte plain[256];
#ifdef CYASSL_TEST_CERT
DecodedCert cert;
#endif
FILE* file = fopen(clientKey, "rb"), * file2;
@ -1115,12 +1122,14 @@ int rsa_test()
bytes2 = fread(tmp2, 1, sizeof(tmp2), file2);
#ifdef CYASSL_TEST_CERT
InitDecodedCert(&cert, (byte*)&tmp2, 0);
ret = ParseCert(&cert, (word32)bytes2, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) return -48;
FreeDecodedCert(&cert);
#endif
fclose(file2);
fclose(file);
@ -1179,31 +1188,35 @@ int rsa_test()
Cert myCert;
byte derCert[4096];
byte pem[4096];
DecodedCert decode;
FILE* derFile;
FILE* pemFile;
int certSz;
int pemSz;
#ifdef CYASSL_TEST_CERT
DecodedCert decode;
#endif
InitCert(&myCert);
strncpy(myCert.subject.country, "US", NAME_SIZE);
strncpy(myCert.subject.state, "OR", NAME_SIZE);
strncpy(myCert.subject.locality, "Portland", NAME_SIZE);
strncpy(myCert.subject.org, "yaSSL", NAME_SIZE);
strncpy(myCert.subject.unit, "Development", NAME_SIZE);
strncpy(myCert.subject.commonName, "www.yassl.com", NAME_SIZE);
strncpy(myCert.subject.email, "info@yassl.com", NAME_SIZE);
strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
certSz = MakeSelfCert(&myCert, derCert, sizeof(derCert), &key, &rng);
if (certSz < 0)
return -401;
#ifdef CYASSL_TEST_CERT
InitDecodedCert(&decode, derCert, 0);
ret = ParseCert(&decode, certSz, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
return -402;
FreeDecodedCert(&decode);
#endif
derFile = fopen("./cert.der", "wb");
if (!derFile)
return -403;
@ -1220,7 +1233,6 @@ int rsa_test()
ret = fwrite(pem, pemSz, 1, pemFile);
fclose(pemFile);
FreeDecodedCert(&decode);
}
/* CA style */
@ -1229,7 +1241,6 @@ int rsa_test()
Cert myCert;
byte derCert[4096];
byte pem[4096];
DecodedCert decode;
FILE* derFile;
FILE* pemFile;
int certSz;
@ -1237,6 +1248,9 @@ int rsa_test()
byte tmp[2048];
size_t bytes;
word32 idx = 0;
#ifdef CYASSL_TEST_CERT
DecodedCert decode;
#endif
FILE* file = fopen(caKeyFile, "rb");
@ -1251,13 +1265,13 @@ int rsa_test()
InitCert(&myCert);
strncpy(myCert.subject.country, "US", NAME_SIZE);
strncpy(myCert.subject.state, "OR", NAME_SIZE);
strncpy(myCert.subject.locality, "Portland", NAME_SIZE);
strncpy(myCert.subject.org, "yaSSL", NAME_SIZE);
strncpy(myCert.subject.unit, "Development", NAME_SIZE);
strncpy(myCert.subject.commonName, "www.yassl.com", NAME_SIZE);
strncpy(myCert.subject.email, "info@yassl.com", NAME_SIZE);
strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
ret = SetIssuer(&myCert, caCertFile);
if (ret < 0)
@ -1272,10 +1286,13 @@ int rsa_test()
return -408;
#ifdef CYASSL_TEST_CERT
InitDecodedCert(&decode, derCert, 0);
ret = ParseCert(&decode, certSz, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
return -409;
FreeDecodedCert(&decode);
#endif
derFile = fopen("./othercert.der", "wb");
if (!derFile)
@ -1292,9 +1309,6 @@ int rsa_test()
return -412;
ret = fwrite(pem, pemSz, 1, pemFile);
fclose(pemFile);
FreeDecodedCert(&decode);
}
#ifdef HAVE_NTRU
{
@ -1302,7 +1316,6 @@ int rsa_test()
Cert myCert;
byte derCert[4096];
byte pem[4096];
DecodedCert decode;
FILE* derFile;
FILE* pemFile;
FILE* caFile;
@ -1312,6 +1325,9 @@ int rsa_test()
byte tmp[2048];
size_t bytes;
word32 idx = 0;
#ifdef CYASSL_TEST_CERT
DecodedCert decode;
#endif
byte public_key[557]; /* sized for EES401EP2 */
word16 public_key_len; /* no. of octets in public key */
@ -1352,13 +1368,13 @@ int rsa_test()
InitCert(&myCert);
strncpy(myCert.subject.country, "US", NAME_SIZE);
strncpy(myCert.subject.state, "OR", NAME_SIZE);
strncpy(myCert.subject.locality, "Portland", NAME_SIZE);
strncpy(myCert.subject.org, "yaSSL", NAME_SIZE);
strncpy(myCert.subject.unit, "Development", NAME_SIZE);
strncpy(myCert.subject.commonName, "www.yassl.com", NAME_SIZE);
strncpy(myCert.subject.email, "info@yassl.com", NAME_SIZE);
strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
ret = SetIssuer(&myCert, caCertFile);
if (ret < 0)
@ -1374,11 +1390,13 @@ int rsa_test()
return -457;
#ifdef CYASSL_TEST_CERT
InitDecodedCert(&decode, derCert, 0);
ret = ParseCert(&decode, certSz, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
return -458;
FreeDecodedCert(&decode);
#endif
derFile = fopen("./ntru-cert.der", "wb");
if (!derFile)
return -459;
@ -1400,10 +1418,6 @@ int rsa_test()
return -462;
ret = fwrite(private_key, private_key_len, 1, ntruPrivFile);
fclose(ntruPrivFile);
FreeDecodedCert(&decode);
}
#endif /* HAVE_NTRU */
#endif /* CYASSL_CERT_GEN */