X509Parser.cpp 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "X509Parser.h"
  32. #include <cstddef>
  33. #include "X509_Parser/X509_Interface.h"
  34. #include "sgx_lfence.h"
  35. #include <string.h>
  36. #include <stdlib.h>
  37. #include "byte_order.h"
  38. #include "le2be_macros.h"
  39. #ifdef DUMP_OCTETS
  40. void OutputOctets(const char* pMsg, const void* pData, size_t nData);
  41. #endif
  42. const int certWorkBufferLength = 8196;
  43. X509Parser::~X509Parser(void)
  44. {
  45. }
  46. UINT32 X509Parser::ParseGroupCertificate
  47. (
  48. /*in */ const EcDsaPubKey* pSerializedPublicKey,
  49. /*in */ const X509_GROUP_CERTIFICATE_VLR* pGroupCertVlr,
  50. /*out*/ UINT32* pGID,
  51. /*out*/ Epid11GroupPubKey* pGroupPubKey
  52. )
  53. {
  54. STATUS status = X509_GENERAL_ERROR;
  55. SessMgrCertificateFields* certificateFields = NULL;
  56. UINT8* certWorkBuffer = NULL;
  57. CertificateType certType = EpidGroupCertificate;
  58. do
  59. {
  60. if (NULL == pSerializedPublicKey ||
  61. NULL == pGroupCertVlr ||
  62. NULL == pGID || NULL == pGroupPubKey)
  63. break;
  64. certificateFields = (SessMgrCertificateFields*)calloc(1, sizeof(*certificateFields));
  65. certWorkBuffer = (UINT8*)calloc(1, certWorkBufferLength);
  66. if (NULL == certificateFields ||
  67. NULL == certWorkBuffer)
  68. break;
  69. // Inject the Public Key to X509_Parser through the global variable SerializedPublicKey
  70. SetPublicEcDsaKey(pSerializedPublicKey);
  71. UINT8* X509GroupCertificate = const_cast<UINT8*>(pGroupCertVlr->X509GroupCertData);
  72. if (
  73. //
  74. // this is "functional", not buffer overflow check
  75. //
  76. (pGroupCertVlr->VlrHeader.PaddedBytes > 3) ||
  77. //
  78. // buffer overflow check: Length can be anything, sizeof is a constant...
  79. //
  80. (pGroupCertVlr->VlrHeader.Length <= (sizeof(pGroupCertVlr->VlrHeader) + pGroupCertVlr->VlrHeader.PaddedBytes))
  81. ) {
  82. break;
  83. }
  84. //
  85. // attacker can control pGroupCertVlr->VlrHeader.Length
  86. //
  87. sgx_lfence();
  88. UINT32 X509GroupCertificateSize = static_cast<UINT32>(pGroupCertVlr->VlrHeader.Length -
  89. sizeof(pGroupCertVlr->VlrHeader) - pGroupCertVlr->VlrHeader.PaddedBytes);
  90. #ifdef DUMP_OCTETS
  91. OutputOctets("X509GroupCertificate", X509GroupCertificate, X509GroupCertificateSize);
  92. #endif
  93. //typedef enum{
  94. // EpidGroupCertificate = 0,
  95. // VerifierCertificate,
  96. // OcspResponderCertificate,
  97. // Others, // OMA DRM
  98. //}CertificateType;
  99. ISSUER_INFO* pRootPublicKey = NULL;
  100. status = ParseCertificateChain(
  101. X509GroupCertificate, X509GroupCertificateSize,
  102. certificateFields, certWorkBuffer, certWorkBufferLength, pRootPublicKey, 0,
  103. NULL, certType, FALSE);
  104. if (X509_STATUS_SUCCESS != status)
  105. break;
  106. uint8_t gidArray[sizeof(GroupId)] = {0};
  107. if (certificateFields->serialNumber.length > sizeof(gidArray))
  108. break;
  109. int index = static_cast<int>(sizeof(gidArray)-certificateFields->serialNumber.length);
  110. memcpy(&gidArray[index], certificateFields->serialNumber.buffer, certificateFields->serialNumber.length);
  111. if(certificateFields->algorithmIdentifierForSubjectPublicKey != X509_intel_sigma_epidGroupPublicKey_epid11)//Only Epid Group Public Key Epid1.1 are permitted to be subject key
  112. break;
  113. SessMgrEpidGroupPublicKey* EpidKey = (SessMgrEpidGroupPublicKey*)certificateFields->subjectPublicKey.buffer;
  114. memset(pGroupPubKey, 0, sizeof(Epid11GroupPubKey));
  115. memcpy(&pGroupPubKey->gid, gidArray, sizeof(pGroupPubKey->gid));
  116. memcpy(&pGroupPubKey->h1.x, EpidKey->h1x, sizeof(pGroupPubKey->h1.x));
  117. memcpy(&pGroupPubKey->h1.y, EpidKey->h1y, sizeof(pGroupPubKey->h1.y));
  118. memcpy(&pGroupPubKey->h2.x, EpidKey->h2x, sizeof(pGroupPubKey->h2.x));
  119. memcpy(&pGroupPubKey->h2.y, EpidKey->h2y, sizeof(pGroupPubKey->h2.y));
  120. memcpy(&pGroupPubKey->w.x[0], EpidKey->wx0, sizeof(pGroupPubKey->w.x[0]));
  121. memcpy(&pGroupPubKey->w.x[1], EpidKey->wx1, sizeof(pGroupPubKey->w.x[1]));
  122. memcpy(&pGroupPubKey->w.x[2], EpidKey->wx2, sizeof(pGroupPubKey->w.x[2]));
  123. memcpy(&pGroupPubKey->w.y[0], EpidKey->wy0, sizeof(pGroupPubKey->w.y[0]));
  124. memcpy(&pGroupPubKey->w.y[1], EpidKey->wy1, sizeof(pGroupPubKey->w.y[1]));
  125. memcpy(&pGroupPubKey->w.y[2], EpidKey->wy2, sizeof(pGroupPubKey->w.y[2]));
  126. *pGID = lv_htonl(gidArray);
  127. status = X509_STATUS_SUCCESS;
  128. } while (false);
  129. if (NULL != certificateFields)
  130. free(certificateFields);
  131. if (NULL != certWorkBuffer)
  132. free(certWorkBuffer);
  133. return status;
  134. }