X509_Parser.cpp 139 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "X509Cert.h"
  32. #include <cstddef>
  33. #include <assert.h>
  34. #define X509_FOR_PSE_PR 1
  35. #ifdef X509_FOR_PSE_PR
  36. #include "pse_pr_support.h"
  37. // used to eliminate `unused variable' warning
  38. #define UNUSED(val) (void)(val)
  39. #endif
  40. #ifndef X509_FOR_PSE_PR
  41. #ifdef WIN_TEST
  42. #include <crypt_data_gen.h>
  43. #include "special_defs.h"
  44. #include <openssl/rsa.h>
  45. #include <openssl/sha.h>
  46. #include <openssl/hmac.h>
  47. #include <openssl/aes.h>
  48. #include <openssl/pem.h>
  49. #include <openssl/x509.h>
  50. #include <openssl/objects.h>
  51. extern HANDLE hConsole;
  52. #endif
  53. #ifndef WIN_TEST
  54. #include "MeTypes.h"
  55. #include "SessMgrCommonDefs.h"
  56. #include "le2be_macros.h"
  57. #include "CryptoDefs.h"
  58. #include "romapi/romapi_rsa.h"
  59. #include "TimeSrv.h"
  60. #endif
  61. #endif // #ifndef X509_FOR_PSE_PR
  62. #ifdef X509_FOR_PSE_PR
  63. STATUS CreateSha1Hash
  64. (
  65. /*in */ SessMgrDataBuffer *pSrcBuffer,
  66. /*out*/ SessMgrDataBuffer *pDigest
  67. )
  68. {
  69. PrepareHashSHA1 hash;
  70. hash.Update(pSrcBuffer->buffer, pSrcBuffer->length);
  71. if (!hash.Finalize((SHA1_HASH*)pDigest->buffer))
  72. return X509_GENERAL_ERROR;
  73. return STATUS_SUCCESS;
  74. };
  75. crypto_status_t EcDsa_VerifySignature
  76. (
  77. /*in */ const UINT8* pMsg,
  78. /*in */ uint32_t nMsg,
  79. /*in */ const EcDsaPubKey* pPublicKey,
  80. /*in */ const EcDsaSig* pSignature,
  81. /*out*/ bool* fValid
  82. )
  83. {
  84. crypto_status_t status = CRYPTO_STATUS_INTERNAL_ERROR;
  85. sgx_ecc_state_handle_t ecc_handle = NULL;
  86. *fValid = false;
  87. do
  88. {
  89. if (SGX_SUCCESS != sgx_ecc256_open_context(&ecc_handle)) break;
  90. uint8_t result;
  91. if ((SGX_SUCCESS == sgx_ecdsa_verify(pMsg, nMsg,
  92. (sgx_ec256_public_t *)pPublicKey,
  93. (sgx_ec256_signature_t *)pSignature,
  94. &result,
  95. ecc_handle)) && (result == SGX_EC_VALID ))
  96. *fValid = true;
  97. status = CRYPTO_STATUS_SUCCESS;
  98. } while (0);
  99. if (ecc_handle != NULL) sgx_ecc256_close_context(ecc_handle);
  100. return status;
  101. }
  102. #endif
  103. //*******************************************************************************************************************************************
  104. //*******************************************************************************************************************************************
  105. //*******************************************************************************************************************************************
  106. static STATUS VerifyBasicCertificateAttributes(const Uint8* certificateDerEncoded, const Uint8* workBuffer, const SessMgrCertificateFields* certificateFields,
  107. const ISSUER_INFO *IssuerInfo, CertificateType CertType, CertificateLevel CertLevel , BOOL UseFacsimileEpid);
  108. #ifndef X509_FOR_PSE_PR
  109. static STATUS VerifyOcspRevocationStatus(SessMgrCertificateFields* certificateFields,
  110. UINT8 NumberofSingleResponses, OCSP_CERT_STATUS_TABLE * OcspCertStatusTable, ISSUER_INFO *IssuerInfo);
  111. #endif
  112. static STATUS VerifySignature(const ISSUER_INFO *IssuerInfo, const SessMgrDataBuffer *MsgBuffer, const SessMgrDataBuffer *SignBuffer, BOOL UseFacsimileEpid);
  113. #ifndef X509_FOR_PSE_PR
  114. static void GetPublicKeyDataBuf(SessMgrDataBuffer *PubKeyBuffer, ISSUER_INFO *IssuerInfo);
  115. static STATUS VerifyOcspCachedResponseValidity(SessMgrOcspResponseFields *OcspResponseFields);
  116. static STATUS VerifyValidity(SessMgrDateTime notValidBeforeTime, SessMgrDateTime NotValidAfter);
  117. static STATUS ConvertTimeToNtp(SessMgrDateTime Time, NTP_TIMESTAMP *NtpTime);
  118. static STATUS StoreTrustedTime(SessMgrDateTime TrustedTime);
  119. #endif
  120. #ifndef X509_FOR_PSE_PR
  121. static STATUS VerifyOcspResponseAttributes(Uint8* OcspRespBuffer, SessMgrOcspResponseFields *ocspResponseFields, ISSUER_INFO* OcspCertRootPublicKey,
  122. SessMgrDataBuffer Nonce, OCSP_REQ_TYPE OcspReqType, BOOL UseFacsimileEpid);
  123. static BOOL VerifySha1Hash(SessMgrDataBuffer *HashData, UINT8 *Expectedhash, UINT32 ExpectedHashLength);
  124. #endif
  125. static STATUS sessMgrParseDerCert(IN X509_PROTOCOL* X509Protocol, IN Uint8* certificateDerEncoded,
  126. IN Uint8* pCertEnd, IN Uint8* workBuffer, IN UINT32 workBufferSize,
  127. OUT SessMgrCertificateFields* certificateFields, IN ISSUER_INFO *IssuerInfo,
  128. IN BOOL UseFacsimileEpid);
  129. #ifndef X509_FOR_PSE_PR
  130. static STATUS sessMgrParseOcspResponse(IN X509_PROTOCOL* X509Protocol, IN Uint8* OcspResponse,
  131. IN Uint8* OcspResponseEnd, IN Uint8* workBuffer, IN UINT32 workBufferSize,
  132. OUT SessMgrOcspResponseFields* OcspResponseFields);
  133. static STATUS ParseBoolean(UINT8 **ppCurrent, UINT8 *pEnd, BOOL* Value, BOOL optional);
  134. #endif
  135. static STATUS ParseInteger(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrDataBuffer* DataBuf, BOOL isOptional, BOOL MustBePositive, UINT32 *PaddingLen);
  136. #ifndef X509_FOR_PSE_PR
  137. static STATUS ParseOcspExtensions(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrOcspResponseFields* OcspResponseFields);
  138. static STATUS ParseCertExtensions(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrCertificateFields* certificateFields);
  139. static STATUS ParseCertificatePolicy(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrDataBuffer *CertificatePolicy);
  140. #endif
  141. static STATUS ParseSubjectPublicKeyInfo(UINT8 **ppCurrent, UINT8 *pEnd, UINT8 **pworkbuffer, SessMgrCertificateFields* certificateFields);
  142. static STATUS ParseRsaPublicKey(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrRsaKey * RsaKey);
  143. static STATUS ParseEpidPublicKey(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrEpidGroupPublicKey * EpidKey);
  144. static STATUS ParseEcdsaPublicKey(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrEcdsaPublicKey * EcDsaKey, SessMgrEllipticCurveParameter params);
  145. static STATUS ParseOID(UINT8 **ppCurrent, UINT8 *pEnd, UINT32 *EnumVal, const UINT8 *OidList, UINT32 Max_Entries, UINT32 EntrySize );
  146. static STATUS ParseSignatureValue(UINT8 **ppCurrent, UINT8 *pEnd, UINT8 **pworkbuffer, UINT32 WorkBufferSize, SessMgrDataBuffer *SignatureValueBuf, UINT8 SignatureAlgoId);
  147. static STATUS ParseAlgoIdentifier(UINT8 **ppCurrent, UINT8 *pEnd, UINT32* algoId, AlgorithmTypes Type, SessMgrEllipticCurveParameter *params);
  148. static STATUS ParseAlgoParameters(UINT8 **ppCurrent, UINT8 *pEnd, UINT32* param);
  149. static STATUS ParseName(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrX509Name* Name);
  150. static STATUS ParseTime(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrDateTime* DateTime);
  151. static STATUS DecodeLength(UINT8* Buffer, UINT8* BufferEnd, UINT32* Length, UINT8* EncodingBytes);
  152. static void SwapEndian(UINT8* ptr, int length);
  153. static STATUS swapendian_memcpy(UINT8 *DestPtr, UINT32 DestLen, UINT8 *SrcPtr, UINT32 SrcLen);
  154. static STATUS ParseIdAndLength(UINT8 **ppCurrent, UINT8 *pEnd, UINT8 ExpectedId, UINT32* Length, UINT8* EncodingBytes, BOOL Optional);
  155. #ifndef X509_FOR_PSE_PR
  156. static int Pow(int num, int exp);
  157. #endif
  158. /* This list should always be synced up with the SessMgrAlgorithmOid enum */
  159. const UINT8 HardCodedSignatureAlgorithmOid[][9] =
  160. {
  161. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02},
  162. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x03},
  163. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04},
  164. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05},
  165. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x07},
  166. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08},
  167. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x09},
  168. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0a},
  169. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0b},
  170. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0c},
  171. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0d},
  172. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0e},
  173. {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01},
  174. {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02},
  175. };
  176. const UINT8 HardCodedPublicKeyAlgorithmOid[][10] =
  177. {
  178. {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01},
  179. {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01},
  180. {0x2A, 0x86, 0x48, 0x86, 0xf8, 0x4d, 0x01, 0x09, 0x04, 0x01},
  181. {0x2A, 0x86, 0x48, 0x86, 0xf8, 0x4d, 0x01, 0x09, 0x04, 0x02},
  182. {0x2A, 0x86, 0x48, 0x86, 0xf8, 0x4d, 0x01, 0x09, 0x04, 0x03},
  183. };
  184. const UINT8 HashAlgorithmOid[][9] =
  185. {
  186. {0x2B, 0x0E, 0x03, 0x02, 0x1A},
  187. {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01},
  188. };
  189. /* This list should always be synced up with the NameStruct enum */
  190. const UINT8 HardCodedNameOid[][10] =
  191. {
  192. {0x55, 0x04, 0x03},
  193. {0x55, 0x04, 0x0a},
  194. {0x55, 0x04, 0x06},
  195. {0x55, 0x04, 0x07},
  196. {0x55, 0x04, 0x08},
  197. {0x55, 0x04, 0x0b},
  198. {0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01},
  199. };
  200. #ifndef X509_FOR_PSE_PR
  201. const UINT8 CertExtensionOid[][9] =
  202. {
  203. {0x55, 0x1d, 0x23},
  204. {0x55, 0x1d, 0x0E},
  205. {0x55, 0x1d, 0x0F},
  206. {0x55, 0x1d, 0x13},
  207. {0x55, 0x1d, 0x20},
  208. {0x55, 0x1d, 0x25},
  209. {0x2A, 0x86, 0x48, 0x86, 0xF8, 0x4D, 0x01, 0x09, 0x02},
  210. };
  211. const UINT8 OcspExtensionOid[][9] =
  212. {
  213. {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02}, // 1.3.6.1.5.5.7.48.1.2
  214. };
  215. #endif
  216. const UINT8 EllipticCurveOid[][8] =
  217. {
  218. {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07}
  219. };
  220. #ifndef X509_FOR_PSE_PR
  221. const UINT8 CertificatePolicyOid[][9] =
  222. {
  223. {0x2A, 0x86, 0x48, 0x86, 0xF8, 0x4d, 0x01, 0x09, 0x01}
  224. };
  225. const UINT8 CertificatePolicyQualifierIdOid[][8] =
  226. {
  227. {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01}
  228. };
  229. const UINT8 OcspResponseTypeOid[][9] =
  230. {
  231. {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01}
  232. };
  233. const UINT8 ExtendedKeyUsageOcspSignOid[][8] =
  234. {
  235. 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09
  236. };
  237. #endif
  238. #ifndef X509_FOR_PSE_PR
  239. /*
  240. ParseOcspResponseChain - Decodes a DER encoded X.509 OCSP response and makes a list of the serial numbers and hashes from the OCSP response.
  241. @param OcspRespBuffer - If not NULL, contains the OCSP response. OCSP response contains a list of certificates with their current status (good/revoked)
  242. @param OcspRespBufferLength - Total Length of the OCSP response
  243. @param OcspCertRootPublicKey - Public key used to sign the first certificate in the chain. This is the root of trust. If NULL, Intel public key is used.
  244. @param OcspCertStatusTable - Table containing interesting fields in the OCSP response which will be used to compare against the verifier certificate.
  245. @param NumberOfSingleResponses - Number of single responses that the OCSP response has returned to us.
  246. @param Nonce - Contains the Nonce that was sent. If nonce Exists, the OCSP response should have a nonce extension that contains the same values.
  247. @retval X509_STATUS_SUCCESS - The operation completed successfully.
  248. @retval STATUS_INVALID_VERSION
  249. @retval STATUS_UNSUPPORTED_ALGORITHM
  250. @retval STATUS_ENCODING_ERROR
  251. @retval STATUS_INVALID_ARGS
  252. @retval STATUS_UNSUPPORTED_CRITICAL_EXTENSION
  253. @retval STATUS_UNSUPPORTED_TYPE
  254. */
  255. STATUS ParseOcspResponseChain( UINT8* OcspRespBuffer,
  256. UINT32 OcspRespBufferLength,
  257. UINT8* workBuffer,
  258. UINT32 workBufferSize,
  259. ISSUER_INFO* OcspCertRootPublicKey,
  260. OCSP_CERT_STATUS_TABLE *OcspCertStatusTable,
  261. UINT8* NumberOfSingleResponses,
  262. SessMgrDataBuffer Nonce,
  263. OCSP_REQ_TYPE OcspReqType,
  264. BOOL UseFacsimileEpid)
  265. {
  266. STATUS Status;
  267. UINT32 Length = 0;
  268. UINT32 OcspResponseLength = 0;
  269. UINT8 TableIndex = 0;
  270. SessMgrOcspSingleResponse *SingleResponse;
  271. int i;
  272. SessMgrOcspResponseFields OcspResponseFields;
  273. UINT8 EncodingBytes; // number of bytes used for encoding into ASN DER format
  274. UINT8 *current_ptr = OcspRespBuffer;
  275. UINT8 *end_of_ocsp_response_chain = OcspRespBuffer + OcspRespBufferLength;
  276. // Workaround for Windows OCSP responder shortcoming. Loop through OCSP response
  277. // We will loop through each of the OCSP responses, verify the OCSP responder certificate and
  278. while(current_ptr < end_of_ocsp_response_chain){
  279. Status = DecodeLength(current_ptr + 1, end_of_ocsp_response_chain, &Length, &EncodingBytes);
  280. if(Status != X509_STATUS_SUCCESS){
  281. DBG_ASSERT(0);
  282. return X509_STATUS_ENCODING_ERROR;
  283. }
  284. OcspResponseLength = Length + EncodingBytes + 1;
  285. memset(workBuffer, 0, workBufferSize);
  286. memset(&OcspResponseFields, 0, sizeof(OcspResponseFields));
  287. Status = sessMgrParseOcspResponse( NULL, current_ptr, current_ptr + OcspResponseLength, workBuffer, workBufferSize, &OcspResponseFields);
  288. if(Status != X509_STATUS_SUCCESS){
  289. DBG_ASSERT(0);
  290. return X509_STATUS_ENCODING_ERROR;
  291. }
  292. Status = VerifyOcspResponseAttributes(NULL, &OcspResponseFields, NULL, Nonce, OcspReqType, UseFacsimileEpid);
  293. if(Status != X509_STATUS_SUCCESS){
  294. DBG_ASSERT(0);
  295. return X509_STATUS_OCSP_VERIFICATION_FAILED;
  296. }
  297. // copy the interesting data
  298. for(i=0;i<OcspResponseFields.numberOfSingleReponses;i++){
  299. SingleResponse = (SessMgrOcspSingleResponse *)(OcspResponseFields.allResponses) + i;
  300. Status = VerifyValidity(SingleResponse->thisUpdate, SingleResponse->nextUpdate);
  301. if(Status != X509_STATUS_SUCCESS){
  302. DBG_ASSERT(0);
  303. return X509_STATUS_OCSP_VERIFICATION_FAILED;
  304. }
  305. if(SingleResponse->ocspCertificateStatus == good){
  306. if(TableIndex == MAX_CERT_CHAIN_LENGTH){
  307. DBG_ASSERT(0);
  308. return X509_STATUS_OCSP_VERIFICATION_FAILED;
  309. }
  310. SESSMGR_MEMCPY_S(OcspCertStatusTable[TableIndex].serialNumber, sizeof(OcspCertStatusTable[TableIndex].serialNumber),
  311. SingleResponse->serialNumber.buffer, SingleResponse->serialNumber.length);
  312. DBG_ASSERT(SingleResponse->serialNumber.length <= 255);
  313. OcspCertStatusTable[TableIndex].SerialNumberSize = (UINT8)SingleResponse->serialNumber.length;
  314. SESSMGR_MEMCPY_S(OcspCertStatusTable[TableIndex].issuerKeyHash, sizeof(OcspCertStatusTable[TableIndex].issuerKeyHash),
  315. SingleResponse->issuerKeyHash.buffer, SingleResponse->issuerKeyHash.length);
  316. DBG_ASSERT(SingleResponse->issuerKeyHash.length <= 255);
  317. OcspCertStatusTable[TableIndex].issuerKeyHashSize = (UINT8)SingleResponse->issuerKeyHash.length;
  318. SESSMGR_MEMCPY_S(OcspCertStatusTable[TableIndex].issuerNameHash, sizeof(OcspCertStatusTable[TableIndex].issuerNameHash),
  319. SingleResponse->issuerNameHash.buffer, SingleResponse->issuerNameHash.length);
  320. DBG_ASSERT(SingleResponse->issuerNameHash.length <= 255);
  321. OcspCertStatusTable[TableIndex].issuerNameHashSize = (UINT8)SingleResponse->issuerNameHash.length;
  322. OcspCertStatusTable[TableIndex].HashAlgo = SingleResponse->issuerIdentifierHashType;
  323. TableIndex++;
  324. }
  325. }
  326. current_ptr += OcspResponseLength;
  327. }
  328. if (current_ptr != end_of_ocsp_response_chain){
  329. DBG_ASSERT(0);
  330. return X509_STATUS_INVALID_ARGS;
  331. }
  332. *NumberOfSingleResponses = TableIndex;
  333. return STATUS_SUCCESS;
  334. }
  335. #endif
  336. /*
  337. ParseCertificateChain - This function can
  338. - parse a certificate chain and return the CertificateFields of all the last certificate (usually the certificate of interest)
  339. - optionally take in root public key that was used to sign first certificate in the chain. If NULL, Intel public Key is used.
  340. - optionally take in ocspRespBuffer. If ocspRespBuffer is not NULL, this function will parse the ocsp response cert, make a list of
  341. certificates authenticated by OCSP responder, and use this list to verify if each certificate in the chain has been authenticated.
  342. - optionally takes in the root public key used to sign the first certifcate in the OCSP responders certificate.
  343. @param pCertChain - Pointer to the certificate chain. The first certificate in the chain is assumed to be Intel signed if root public key (arg 4) is NULL
  344. @param CertChainLength - Length of the certificate chain
  345. @param certificateFields - Data structure containing parsed output of the last certificate in the chain (usually the certificate of interest))
  346. @param RootPublicKey - Public key used to sign the first certificate in the chain. This is the root of trust. If NULL, Intel public key is used.
  347. @param NumberOfSingleResponses - Number of single responses that the OCSP response has returned to us.
  348. @param OcspCertStatusTable - Table containing interesting fields in the OCSP response which will be used to compare against the verifier certificate.
  349. @param VerifierCert - Contains pointer and length of the VerifierCertificate. If non NULL, the final certificate in the chain is populated with this Data.
  350. @param CertType - Indicates what type of certificate we are processing.Some checks are specific to certain types of certs.
  351. @retval X509_STATUS_SUCCESS - The operation completed successfully.
  352. */
  353. /* Input:
  354. pointer to buffer containing a chain of certificates
  355. Total Length
  356. Assumes the first certificate in the chain is signed by Intel
  357. */
  358. STATUS ParseCertificateChain(UINT8 *pCertChain,
  359. UINT32 CertChainLength,
  360. SessMgrCertificateFields *certificateFields,
  361. UINT8 *CertWorkBuffer,
  362. UINT32 CertWorkBufferLength,
  363. ISSUER_INFO *RootPublicKey,
  364. UINT8 NumberOfSingleResponses,
  365. OCSP_CERT_STATUS_TABLE *OcspCertStatusTable,
  366. CertificateType CertType,
  367. BOOL UseFacsimileEpid
  368. )
  369. {
  370. STATUS Status;
  371. UINT8 CertCount = 0;
  372. SessMgrEcdsaPublicKey ecdsa_pub_key;
  373. // This is the temp buffer used to store the issuer signing key to verify the next certificate in the chain.
  374. // This size of this buffer should be equal to the Max possible key size
  375. UINT8 TempSignKeyBuffer[200];
  376. SessMgrDataBuffer TempDataBuffer;
  377. UINT8 *pCert;
  378. UINT8 *pCertChainEnd;
  379. UINT32 CertLength = 0;
  380. UINT8 EncodingBytes; // number of bytes used for encoding into ASN DER format
  381. int MaxChainLengthAllowed = 0xFF; // This is to enforce the PathLen Basic Constraints.
  382. UINT8 HashOut[SHA1_HASH_LEN] = {0};
  383. UINT8 *KeyBufPtr;
  384. CertificateLevel CertLevel;
  385. ISSUER_INFO IssuerInfo;
  386. #ifdef X509_FOR_PSE_PR
  387. UNUSED(NumberOfSingleResponses);
  388. #endif
  389. if (pCertChain == NULL ||
  390. pCertChain + CertChainLength <= pCertChain ||
  391. CertWorkBuffer == NULL ||
  392. CertWorkBuffer + CertWorkBufferLength <= CertWorkBuffer)
  393. {
  394. return X509_STATUS_INVALID_ARGS;
  395. }
  396. memset(&IssuerInfo, 0 , sizeof(ISSUER_INFO));
  397. pCert = pCertChain;
  398. pCertChainEnd = pCertChain + CertChainLength;
  399. CertLevel = root;
  400. if(!RootPublicKey){
  401. // always use debug keys except for EPID group certs
  402. #ifdef X509_FOR_PSE_PR
  403. ecdsa_pub_key.px = SerializedPublicKey;
  404. ecdsa_pub_key.py = SerializedPublicKey + 32;
  405. #else
  406. if(gSessmgrCtx.FuseGidZero == FALSE){
  407. ecdsa_pub_key.px = INTEL_ECDSA_PUBKEY_PROD_BE;
  408. ecdsa_pub_key.py = INTEL_ECDSA_PUBKEY_PROD_BE + 32;
  409. }else{
  410. ecdsa_pub_key.px = INTEL_ECDSA_PUBKEY_DBG_BE;
  411. ecdsa_pub_key.py = INTEL_ECDSA_PUBKEY_DBG_BE + 32;
  412. }
  413. #endif
  414. ecdsa_pub_key.eccParameter = curvePrime256v1;
  415. IssuerInfo.buffer = (UINT8 *)&ecdsa_pub_key;
  416. IssuerInfo.length = sizeof(ecdsa_pub_key);
  417. IssuerInfo.AlgoType = X509_ecdsa_with_SHA256;
  418. }else{
  419. // Not allowing user to pass their own root key.
  420. DBG_ASSERT(0);
  421. return X509_STATUS_INVALID_ARGS;
  422. // memcpy(&IssuerInfo, RootPublicKey, sizeof(IssuerInfo));
  423. }
  424. // Set this up for the hash.
  425. IssuerInfo.EncodedPublicKeyHashBuffer.buffer = HashOut;
  426. IssuerInfo.EncodedPublicKeyHashBuffer.length = SHA1_HASH_LEN;
  427. // For root key, populate the ISSUER_INFO data structure. Refer to data strucutre definition for more details.
  428. // use the temp sign key buffer for this purpose.
  429. memset(TempSignKeyBuffer, 0 , sizeof(TempSignKeyBuffer));
  430. TempDataBuffer.buffer = TempSignKeyBuffer;
  431. KeyBufPtr = TempSignKeyBuffer;
  432. *KeyBufPtr = 0x04;
  433. KeyBufPtr++;
  434. SESSMGR_MEMCPY_S(KeyBufPtr, sizeof(TempSignKeyBuffer) - 1, ecdsa_pub_key.px, ECDSA_KEY_ELEMENT_SIZE);
  435. KeyBufPtr += ECDSA_KEY_ELEMENT_SIZE;
  436. SESSMGR_MEMCPY_S(KeyBufPtr, sizeof(TempSignKeyBuffer) - 1 - ECDSA_KEY_ELEMENT_SIZE, ecdsa_pub_key.py, ECDSA_KEY_ELEMENT_SIZE);
  437. TempDataBuffer.length = ECDSA_KEY_SIZE + 1; // +1 to reflect the addition of 0x04 in the beginning of the buffer.
  438. Status = CryptoCreateHash(CRYPTO_HASH_TYPE_SHA1,
  439. &TempDataBuffer,
  440. &IssuerInfo.EncodedPublicKeyHashBuffer,
  441. NULL,
  442. NULL,
  443. SINGLE_BLOCK);
  444. if(Status != STATUS_SUCCESS){
  445. DBG_ASSERT(0);
  446. return X509_STATUS_INTERNAL_ERROR;
  447. }
  448. while(pCert < pCertChainEnd)
  449. {
  450. /* certificate always starts with a sequence followed by length at offset 1. */
  451. CHECK_ID(*pCert, DER_ENCODING_SEQUENCE_ID);
  452. if ((pCert + 1) == pCertChainEnd) {
  453. break;
  454. }
  455. Status = DecodeLength(pCert + 1, pCertChainEnd, &CertLength, &EncodingBytes);
  456. if(Status != X509_STATUS_SUCCESS){
  457. DBG_ASSERT(0);
  458. return Status;
  459. }
  460. CertLength = CertLength + EncodingBytes + 1;
  461. if( (pCert + CertLength) >= pCertChainEnd){
  462. // if this is the last certificate in the chain, it is the leaf
  463. CertLevel = leaf;
  464. }
  465. #ifdef WIN_TEST
  466. printf(" \n Max Chain Length %d \n",MaxChainLengthAllowed);
  467. #endif
  468. // Check Basic Constraints Compliance
  469. if(MaxChainLengthAllowed <= 0 && CertLevel != leaf){
  470. // We have one more CA which is violating the basic constraints set by somebody. return error
  471. DBG_ASSERT(0);
  472. return X509_STATUS_BASIC_CONSTRAINTS_VIOLATION;
  473. }
  474. memset(certificateFields, 0, sizeof(SessMgrCertificateFields));
  475. memset(CertWorkBuffer, 0, CertWorkBufferLength);
  476. certificateFields->productType = invalidProductType;
  477. Status = sessMgrParseDerCert(NULL, pCert, pCert + CertLength, CertWorkBuffer, CertWorkBufferLength, certificateFields, &IssuerInfo, UseFacsimileEpid);
  478. if(Status != X509_STATUS_SUCCESS){
  479. DBG_ASSERT(0);
  480. return Status;
  481. }
  482. // First Certificate is always intel signed
  483. Status = VerifyBasicCertificateAttributes(pCert, CertWorkBuffer, certificateFields, &IssuerInfo, CertType, CertLevel, UseFacsimileEpid);
  484. if(Status != X509_STATUS_SUCCESS){
  485. DBG_ASSERT(0);
  486. return Status;
  487. }
  488. // Verifiation is required if OCSP table exists (even if empty), make sure the certificate has not been revoked
  489. if(OcspCertStatusTable){
  490. BOOL IntelSelfSignedRoot = false;
  491. #ifdef X509_FOR_PSE_PR
  492. if(CertLevel == root && memcmp(certificateFields->EncodedSubjectPublicKey.buffer+1, SerializedPublicKey, sizeof(SerializedPublicKey)) == 0)
  493. IntelSelfSignedRoot = true;
  494. #else
  495. if(CertLevel == root && memcmp(certificateFields->EncodedSubjectPublicKey.buffer+1, INTEL_ECDSA_PUBKEY_PROD_BE, sizeof(INTEL_ECDSA_PUBKEY_PROD_BE)) == 0)
  496. IntelSelfSignedRoot = true;
  497. else if(gSessmgrCtx.FuseGidZero && CertLevel == root && memcmp(certificateFields->EncodedSubjectPublicKey.buffer+1, INTEL_ECDSA_PUBKEY_DBG_BE, sizeof(INTEL_ECDSA_PUBKEY_DBG_BE)) == 0)
  498. IntelSelfSignedRoot = true;
  499. #endif
  500. // Skip revocation status check for Intel self-signed root certificate
  501. if(!IntelSelfSignedRoot) {
  502. #ifndef X509_FOR_PSE_PR
  503. Status = VerifyOcspRevocationStatus(certificateFields, NumberOfSingleResponses, OcspCertStatusTable, &IssuerInfo);
  504. if(Status != X509_STATUS_SUCCESS){
  505. DBG_ASSERT(0);
  506. return X509_STATUS_OCSP_FAILURE;
  507. }
  508. #endif
  509. }
  510. }
  511. // Certificate has been verified. Everything is good.
  512. // if this is not the leaf, store the public key and algorithm type to use in next certificate signature verification
  513. if(CertLevel != leaf){
  514. memset(TempSignKeyBuffer, 0, sizeof(TempSignKeyBuffer));
  515. SESSMGR_MEMCPY_S(TempSignKeyBuffer, sizeof(TempSignKeyBuffer), certificateFields->subjectPublicKey.buffer, certificateFields->subjectPublicKey.length);
  516. // Clear the issuer info structure.
  517. memset(&IssuerInfo, 0 , sizeof(ISSUER_INFO));
  518. // This key is the issuer key for the next certificate. Populate the IssuerInfo
  519. IssuerInfo.buffer = TempSignKeyBuffer;
  520. IssuerInfo.length = certificateFields->subjectPublicKey.length;
  521. IssuerInfo.AlgoType = certificateFields->algorithmIdentifierForSignature;
  522. // Set this up for the hash.
  523. IssuerInfo.EncodedPublicKeyHashBuffer.buffer = HashOut;
  524. IssuerInfo.EncodedPublicKeyHashBuffer.length = SHA1_HASH_LEN;
  525. Status = CryptoCreateHash(CRYPTO_HASH_TYPE_SHA1,
  526. &certificateFields->EncodedSubjectPublicKey,
  527. &IssuerInfo.EncodedPublicKeyHashBuffer,
  528. NULL,
  529. NULL,
  530. SINGLE_BLOCK);
  531. if(Status != STATUS_SUCCESS){
  532. DBG_ASSERT(0);
  533. return X509_STATUS_INTERNAL_ERROR;
  534. }
  535. // We might have zero or more intermediate certificates
  536. CertLevel = intermediate;
  537. // Record and Verify Basic Path Len Constraints. Refer to RFC for details on Basic constrains path len extensions.
  538. // If PathLen constraint set by this CA is more constrained than the one enforced by the previous CA, update MaxChainLength
  539. if(certificateFields->basicConstraint.isBasicConstraintPresent && certificateFields->basicConstraint.pathLenConstraint < (UINT32)MaxChainLengthAllowed)
  540. MaxChainLengthAllowed = certificateFields->basicConstraint.pathLenConstraint;
  541. else
  542. MaxChainLengthAllowed--;
  543. IssuerInfo.CommonNameBuf.buffer = (UINT8 *)certificateFields->subject.commonName;
  544. IssuerInfo.CommonNameBuf.length = certificateFields->subject.commonNameSize;
  545. IssuerInfo.productType = certificateFields->productType;
  546. }
  547. pCert += CertLength;
  548. CertCount++;
  549. }
  550. if (pCert != pCertChainEnd) {
  551. DBG_ASSERT(0);
  552. return X509_STATUS_INVALID_ARGS;
  553. }
  554. return X509_STATUS_SUCCESS;
  555. }
  556. #ifndef X509_FOR_PSE_PR
  557. /*
  558. This function compares the serial number of the certificate with the list of certificates that the OCSP responder sent us.
  559. If found, Make sure the status of the certificate is not revoked.
  560. */
  561. STATUS VerifyOcspRevocationStatus(SessMgrCertificateFields* certificateFields,
  562. UINT8 NumberofSingleResponses,
  563. OCSP_CERT_STATUS_TABLE* OcspCertStatusTable,
  564. ISSUER_INFO *IssuerInfo)
  565. {
  566. UINT32 i;
  567. STATUS Status;
  568. STATUS VerificationStatus = X509_STATUS_OCSP_VERIFICATION_FAILED;
  569. SessMgrDataBuffer HashBuf;
  570. SessMgrDataBuffer IssuerNameBuf;
  571. UINT8 HashOut[SHA1_HASH_LEN] = {0};
  572. HashBuf.buffer = HashOut;
  573. HashBuf.length = SHA1_HASH_LEN;
  574. IssuerNameBuf.buffer = (UINT8 *)certificateFields->issuer.DistinguishedName;
  575. IssuerNameBuf.length = certificateFields->issuer.DistinguishedNameSize;
  576. for (i=0;i<NumberofSingleResponses;i++){
  577. // Check serial number
  578. if(certificateFields->serialNumber.length != OcspCertStatusTable[i].SerialNumberSize ||
  579. memcmp(certificateFields->serialNumber.buffer, OcspCertStatusTable[i].serialNumber, OcspCertStatusTable[i].SerialNumberSize) != 0) {
  580. continue;
  581. }
  582. // Check hash key
  583. if(IssuerInfo->EncodedPublicKeyHashBuffer.length != OcspCertStatusTable[i].issuerKeyHashSize ||
  584. memcmp(IssuerInfo->EncodedPublicKeyHashBuffer.buffer, OcspCertStatusTable[i].issuerKeyHash, OcspCertStatusTable[i].issuerKeyHashSize) != 0){
  585. continue;
  586. }
  587. memset(HashBuf.buffer, 0, SHA1_HASH_LEN);
  588. Status = CryptoCreateHash(CRYPTO_HASH_TYPE_SHA1,
  589. &IssuerNameBuf,
  590. &HashBuf,
  591. NULL,
  592. NULL,
  593. SINGLE_BLOCK);
  594. if(Status != STATUS_SUCCESS){
  595. DBG_ASSERT(0);
  596. return X509_STATUS_INTERNAL_ERROR;
  597. }
  598. // Check issuer name
  599. if(SHA1_HASH_LEN != OcspCertStatusTable[i].issuerNameHashSize ||
  600. memcmp(HashBuf.buffer, OcspCertStatusTable[i].issuerNameHash, OcspCertStatusTable[i].issuerNameHashSize) != 0){
  601. continue;
  602. }
  603. // The certificate has been found in the OCSP response, break and return success
  604. VerificationStatus = X509_STATUS_SUCCESS;
  605. break;
  606. }
  607. #ifdef WIN_TEST
  608. if(VerificationStatus == X509_STATUS_SUCCESS)
  609. printf("Ocsp revocation check passed ");
  610. else
  611. printf("\n OCSP revocation check failed ");
  612. #endif
  613. DBG_ASSERT(VerificationStatus == X509_STATUS_SUCCESS);
  614. return VerificationStatus;
  615. }
  616. #endif
  617. #ifndef X509_FOR_PSE_PR
  618. /*
  619. This function will accept the algorithm and the keys as a void pointer and will verify the keys accordingly.
  620. */
  621. #ifndef WIN_TEST
  622. #define SESSMGR_RSA_WORK_BUFFER_SIZE (ROM_RSA_WIN_EXP_1_BUFFER_SIZE + 2*(RSA_KEY_SIZE_2048_BYTES))
  623. UINT8 RsaWorkBuffer[SESSMGR_RSA_WORK_BUFFER_SIZE];
  624. #endif
  625. #endif // #ifndef X509_FOR_PSE_PR
  626. STATUS VerifySignature(const ISSUER_INFO *IssuerInfo, const SessMgrDataBuffer *MsgBuffer, const SessMgrDataBuffer *SignBuffer, BOOL UseFacsimileEpid)
  627. {
  628. #ifdef X509_FOR_PSE_PR
  629. BOOL VerifRes = FALSE;
  630. #else
  631. #ifdef WIN_TEST
  632. CdgStatus Cstatus;
  633. CdgResult CResult;
  634. RSA *RsaKey;
  635. UINT8 Hash[32];
  636. int HashType;
  637. #else
  638. BOOL VerifRes = FALSE;
  639. SessMgrDataBuffer LocalSignBuffer;
  640. SessMgrDataBuffer LocalMsgBuffer;
  641. ROM_RSA_DATA_BUFFER workBuffer;
  642. ROM_RSA_VERIFY_PARAMS RsaVerifyParams;
  643. #endif
  644. UINT8 RsaEBuffer[RSA_E_SIZE] = {0, 0 ,0 ,0};
  645. UINT8 RsaNBuffer[RSA_KEY_SIZE_2048_BYTES] = {0};
  646. #endif
  647. SessMgrEcdsaPublicKey *PublicKeyFromCert;
  648. PseEcdsaPublicKey EcdsaKey;
  649. G3Point* g3point;
  650. #ifndef X509_FOR_PSE_PR
  651. UINT32 hashSize = 0;
  652. BOOL IsSignatureValid = FALSE;
  653. SessMgrRsaKey *RsaKeyFromCert;
  654. #endif
  655. STATUS Status = X509_INVALID_SIGNATURE;
  656. #ifdef X509_FOR_PSE_PR
  657. UNUSED(UseFacsimileEpid);
  658. #endif
  659. do{
  660. switch(IssuerInfo->AlgoType){
  661. case X509_ecdsa_with_SHA1:
  662. Status = X509_STATUS_UNSUPPORTED_ALGORITHM;
  663. break;
  664. case X509_ecdsa_with_SHA256:
  665. PublicKeyFromCert = (SessMgrEcdsaPublicKey *)(IssuerInfo->buffer);
  666. SESSMGR_MEMCPY_S(EcdsaKey.px, sizeof(EcdsaKey.px), PublicKeyFromCert->px, 32);
  667. SESSMGR_MEMCPY_S(EcdsaKey.py, sizeof(EcdsaKey.py), PublicKeyFromCert->py, 32);
  668. #ifndef WIN_TEST
  669. // Allocate DWORD aligned local buffers for Signature and Msg.
  670. // Swap Key and signature Convert Intel signature of the parameters certificate prior verifying it
  671. g3point = reinterpret_cast<G3Point*>(EcdsaKey.px);
  672. SwapEndian_32B(g3point->x);
  673. SwapEndian_32B(g3point->y);
  674. SwapEndian_32B(reinterpret_cast<G3Point*>(SignBuffer->buffer)->x);
  675. SwapEndian_32B(reinterpret_cast<G3Point*>(SignBuffer->buffer)->y);
  676. #ifndef X509_FOR_PSE_PR
  677. void* pCtx = NULL;
  678. pCtx = UseFacsimileEpid ? gSessmgrCtx.KeysCtxFacsimile : gSessmgrCtx.KeysCtx;
  679. #endif
  680. Status = SafeIdSigmaEcDsaVerifyPriv( pCtx,
  681. MsgBuffer->buffer,
  682. MsgBuffer->length,
  683. (unsigned char *)&EcdsaKey,
  684. (unsigned char *)SignBuffer->buffer,
  685. CRYPTO_HASH_TYPE_SHA256,
  686. 0,
  687. 32,
  688. &VerifRes);
  689. if(Status != STATUS_SUCCESS){
  690. DBG_ASSERT(0);
  691. Status = SESSMGR_STATUS_INTERNAL_ERROR;
  692. break;
  693. }
  694. #ifndef X509_FOR_PSE_PR
  695. // Testing workaround: always allow production signed on SSKU part
  696. if(VerifRes == FALSE) {
  697. if(gSessmgrCtx.FuseGidZero)
  698. {
  699. Status = SafeIdSigmaEcDsaVerifyPriv(UseFacsimileEpid ? gSessmgrCtx.KeysCtxFacsimile : gSessmgrCtx.KeysCtx,
  700. MsgBuffer->buffer,
  701. MsgBuffer->length,
  702. INTEL_ECDSA_PUBKEY_PROD_LE,
  703. (unsigned char *)SignBuffer->buffer,
  704. CRYPTO_HASH_TYPE_SHA256,
  705. 0,
  706. 32,
  707. &VerifRes);
  708. DBG_ASSERT(Status == STATUS_SUCCESS);
  709. }
  710. if(VerifRes == FALSE) {
  711. DBG_ASSERT(0);
  712. return X509_INVALID_SIGNATURE;
  713. }
  714. }
  715. #else
  716. if(VerifRes == FALSE) {
  717. return X509_INVALID_SIGNATURE;
  718. }
  719. #endif
  720. // convert back
  721. g3point = reinterpret_cast<G3Point*>(EcdsaKey.px);
  722. SwapEndian_32B(g3point->x);
  723. SwapEndian_32B(g3point->y);
  724. SwapEndian_32B((reinterpret_cast<G3Point*>(SignBuffer->buffer))->x);
  725. SwapEndian_32B((reinterpret_cast<G3Point*>(SignBuffer->buffer))->y);
  726. #else
  727. Cstatus = MessageVerify( (unsigned char *)&EcdsaKey,
  728. sizeof(EcdsaKey),
  729. MsgBuffer->buffer,
  730. MsgBuffer->length,
  731. SignBuffer->buffer,
  732. SignBuffer->length,
  733. &CResult);
  734. #ifdef TEMP_DISABLE_ECDSA_CHECK
  735. Status = X509_STATUS_SUCCESS;
  736. #else
  737. if(CResult != CdgValid) {
  738. DBG_ASSERT(0);
  739. return X509_INVALID_SIGNATURE;
  740. }
  741. Status = X509_STATUS_SUCCESS;
  742. #endif
  743. SetConsoleTextAttribute(hConsole, 11);
  744. printf("\n Signature Verified ");
  745. SetConsoleTextAttribute(hConsole, 8);
  746. #endif
  747. break;
  748. case X509_sha1withRSAEncryption:
  749. case X509_sha256WithRSAEncryption:
  750. #ifdef X509_FOR_PSE_PR
  751. Status = X509_STATUS_UNSUPPORTED_ALGORITHM;
  752. #else
  753. RsaKeyFromCert = (SessMgrRsaKey *)(IssuerInfo->buffer);
  754. DBG_ASSERT(RsaKeyFromCert->n.length == RSA_KEY_SIZE_2048_BYTES);
  755. SESSMGR_MEMCPY_S(RsaEBuffer + sizeof(RsaEBuffer) - RsaKeyFromCert->e.length, RsaKeyFromCert->e.length, RsaKeyFromCert->e.buffer, RsaKeyFromCert->e.length);
  756. RsaKeyFromCert->e.buffer = RsaEBuffer;
  757. RsaKeyFromCert->e.length = RSA_E_SIZE;
  758. SESSMGR_MEMCPY_S(RsaNBuffer + RSA_KEY_SIZE_2048_BYTES - RsaKeyFromCert->n.length, RsaKeyFromCert->n.length, RsaKeyFromCert->n.buffer, RsaKeyFromCert->n.length);
  759. RsaKeyFromCert->n.buffer = RsaNBuffer;
  760. RsaKeyFromCert->n.length = RSA_KEY_SIZE_2048_BYTES;
  761. #ifndef WIN_TEST
  762. workBuffer.length = SESSMGR_RSA_WORK_BUFFER_SIZE;
  763. workBuffer.buffer = RsaWorkBuffer;
  764. SESSMGR_MEM_ALLOC_BUFFER(LocalSignBuffer.buffer, TRUSTED_MEM, sizeof(UINT32), SignBuffer->length, TX_WAIT_FOREVER);
  765. SESSMGR_MEM_ALLOC_BUFFER(LocalMsgBuffer.buffer, TRUSTED_MEM, sizeof(UINT32), MsgBuffer->length, TX_WAIT_FOREVER);
  766. SESSMGR_MEMCPY_S(LocalSignBuffer.buffer, SignBuffer->length, SignBuffer->buffer, SignBuffer->length);
  767. LocalSignBuffer.length = SignBuffer->length;
  768. SESSMGR_MEMCPY_S(LocalMsgBuffer.buffer, MsgBuffer->length, MsgBuffer->buffer, MsgBuffer->length);
  769. LocalMsgBuffer.length = MsgBuffer->length;
  770. // Swap the Key and signature buffers. These are local buffers so no swapping back is necessary.
  771. SwapEndian(RsaKeyFromCert->e.buffer, RsaKeyFromCert->e.length);
  772. SwapEndian(RsaKeyFromCert->n.buffer, RsaKeyFromCert->n.length);
  773. SwapEndian(LocalSignBuffer.buffer, LocalSignBuffer.length);
  774. RsaVerifyParams.pMsgBuffer = (ROM_RSA_DATA_BUFFER*)&LocalMsgBuffer;
  775. RsaVerifyParams.pSignatureBuffer = (ROM_RSA_DATA_BUFFER*)&LocalSignBuffer;
  776. RsaVerifyParams.pbIsValid = &IsSignatureValid;
  777. RsaVerifyParams.CallbackAbortNow = NULL;
  778. RsaVerifyParams.pWorkBuffer = &workBuffer;
  779. RsaVerifyParams.HashFunc = (X509_sha1withRSAEncryption == IssuerInfo->AlgoType ? ROM_RSA_SCHEME_HASH_SHA1 : ROM_RSA_SCHEME_HASH_SHA256);
  780. Status = CryptoRsaPkcsVerify((RSA_IPP_KEY*)RsaKeyFromCert,
  781. FALSE,
  782. (RSA_VERIFY_PARAMS*)&RsaVerifyParams);
  783. if(LocalSignBuffer.buffer){
  784. SESSMGR_MEM_FREE(LocalSignBuffer.buffer)
  785. LocalSignBuffer.length = 0;
  786. }
  787. if(LocalMsgBuffer.buffer){
  788. SESSMGR_MEM_FREE(LocalMsgBuffer.buffer)
  789. LocalMsgBuffer.length = 0;
  790. }
  791. if ((Status != STATUS_SUCCESS) || (IsSignatureValid != TRUE)){
  792. DBG_ASSERT(0);
  793. return X509_INVALID_SIGNATURE;
  794. }
  795. #else
  796. if(IssuerInfo->AlgoType == sha1withRSAEncryption){
  797. HashType = NID_sha1;
  798. hashSize = 20;
  799. }
  800. else if(IssuerInfo->AlgoType == sha256WithRSAEncryption){
  801. HashType = NID_sha256;
  802. hashSize = 32;
  803. }
  804. else{
  805. DBG_ASSERT(0);
  806. return X509_STATUS_UNSUPPORTED_ALGORITHM;
  807. }
  808. if(HashType == NID_sha1){
  809. SHA1(MsgBuffer->buffer, MsgBuffer->length, Hash);
  810. }else if(HashType == NID_sha256){
  811. SHA256(MsgBuffer->buffer, MsgBuffer->length, Hash);
  812. }else{
  813. DBG_ASSERT(0);
  814. return X509_STATUS_UNSUPPORTED_ALGORITHM;
  815. }
  816. /* copy key from cert to a local buffer */
  817. // memcpy(RsaKey.Ebuffer, RsaKeyFromCert->e.buffer, RsaKeyFromCert->e.length);
  818. // memcpy(RsaKey.Nbuffer, RsaKeyFromCert->n.buffer, RsaKeyFromCert->n.length);
  819. // RsaKeyBuffers.e.buffer = RsaKey.Ebuffer;
  820. // RsaKeyBuffers.e.length = RSA_E_SIZE;
  821. // RsaKeyBuffers.n.buffer = RsaKey.Nbuffer;
  822. // RsaKeyBuffers.n.length = RSA_KEY_SIZE_2048_BYTES;
  823. RsaKey = RSA_new();
  824. RsaKey->e= BN_bin2bn((UINT8*)RsaKeyFromCert->e.buffer,RsaKeyFromCert->e.length,RsaKey->e);
  825. RsaKey->n= BN_bin2bn((UINT8*)RsaKeyFromCert->n.buffer,RsaKeyFromCert->n.length, RsaKey->n);
  826. Status = RSA_verify(HashType,
  827. Hash, hashSize,
  828. SignBuffer->buffer, SignBuffer->length,
  829. RsaKey);
  830. if(Status != 1){
  831. DBG_ASSERT(0);
  832. return X509_INVALID_SIGNATURE;
  833. }
  834. Status = X509_STATUS_SUCCESS;
  835. #endif
  836. #endif // #ifdef X509_FOR_PSE_PR
  837. break;
  838. default:
  839. assert(0);
  840. }
  841. }while(0);
  842. return Status;
  843. }
  844. #define CRYPTO_SIZE_SHA256 32
  845. #ifndef X509_FOR_PSE_PR
  846. STATUS VerifyOcspResponseAttributes(Uint8* OcspRespBuffer, SessMgrOcspResponseFields *ocspResponseFields, ISSUER_INFO* OcspCertRootPublicKey,
  847. SessMgrDataBuffer Nonce, OCSP_REQ_TYPE OcspReqType, BOOL UseFacsimileEpid)
  848. {
  849. SessMgrCertificateFields certificateFields;
  850. STATUS Status;
  851. UINT32 workBufferSize = 1000;
  852. UINT8 *workBuffer = NULL;
  853. ISSUER_INFO IssuerInfo;
  854. SessMgrDataBuffer PubKeyHashBuf;
  855. UINT8 HashOut[SHA1_HASH_LEN] = {0};
  856. PubKeyHashBuf.buffer = HashOut;
  857. PubKeyHashBuf.length = SHA1_HASH_LEN;
  858. if(ocspResponseFields->ocspResponseStatus != successful){
  859. return X509_STATUS_OCSP_FAILURE;
  860. }
  861. // parse the ocsp certificate
  862. SESSMGR_MEM_ALLOC_BUFFER(workBuffer, MM_DATA_HEAP_SHARED_RW, sizeof(UINT32), workBufferSize, TX_WAIT_FOREVER);
  863. do {
  864. Status = ParseCertificateChain(ocspResponseFields->responderCertificate.buffer,
  865. ocspResponseFields->responderCertificate.length,
  866. &certificateFields,
  867. workBuffer,
  868. workBufferSize,
  869. NULL,
  870. 0,
  871. NULL,
  872. OcspResponderCertificate,
  873. UseFacsimileEpid);
  874. if(Status != X509_STATUS_SUCCESS){
  875. DBG_ASSERT(0);
  876. break;
  877. }
  878. // verify OCSP response signature.
  879. IssuerInfo.AlgoType = ocspResponseFields->algorithmIdentifierForSignature;
  880. IssuerInfo.buffer = certificateFields.subjectPublicKey.buffer;
  881. IssuerInfo.length = certificateFields.subjectPublicKey.length;
  882. Status = VerifySignature(&IssuerInfo, &ocspResponseFields->tbsResponseData, &ocspResponseFields->signature, UseFacsimileEpid);
  883. if(Status != X509_STATUS_SUCCESS){
  884. DBG_ASSERT(0);
  885. Status = X509_INVALID_SIGNATURE;
  886. break;
  887. }
  888. // Verify Nonce only on Signed FW.
  889. #ifndef _WIN32_DEVPLATFORM
  890. #ifndef WIN_TEST
  891. #ifndef X509_FOR_PSE_PR
  892. if(!(gManifestDataPtr->ManifestHeader.manifestFlags.r.debugManifest)){
  893. #endif
  894. // Verify Nonce only for Non-cached Response.
  895. if(OcspReqType == NON_CACHED){
  896. // Make sure we have a nonce in the OCSP response
  897. if(!ocspResponseFields->nonce.buffer || Nonce.length <= 0){
  898. DBG_ASSERT(0);
  899. Status = X509_STATUS_OCSP_FAILURE;
  900. break;
  901. }
  902. if( memcmp(ocspResponseFields->nonce.buffer, Nonce.buffer, Nonce.length) != 0 || (ocspResponseFields->nonce.length != Nonce.length) )
  903. {
  904. DBG_ASSERT(0);
  905. Status = X509_STATUS_OCSP_FAILURE;
  906. break;
  907. }
  908. }
  909. #ifndef X509_FOR_PSE_PR
  910. }
  911. #endif
  912. #endif
  913. #endif
  914. // If ResponderId is a KeyHash, then verify its a Hash of the responders public key.
  915. if(ocspResponseFields->ocspResponderIdKeyHash.buffer){
  916. Status = CryptoCreateHash(CRYPTO_HASH_TYPE_SHA1,
  917. &certificateFields.EncodedSubjectPublicKey,
  918. &PubKeyHashBuf,
  919. NULL,
  920. NULL,
  921. SINGLE_BLOCK);
  922. if(Status != STATUS_SUCCESS){
  923. DBG_ASSERT(0);
  924. Status = X509_STATUS_INTERNAL_ERROR;
  925. break;
  926. }
  927. if(SHA1_HASH_LEN != ocspResponseFields->ocspResponderIdKeyHash.length ||
  928. memcmp(HashOut,ocspResponseFields->ocspResponderIdKeyHash.buffer, ocspResponseFields->ocspResponderIdKeyHash.length) != 0){
  929. DBG_ASSERT(0);
  930. Status = X509_STATUS_OCSP_FAILURE;
  931. break;
  932. }
  933. }else{
  934. // If there is no Hash, There has to be a name. In the name structure, Common Name has to exist.
  935. if(!ocspResponseFields->ocspResponderIdName.commonName){
  936. DBG_ASSERT(0);
  937. Status = X509_STATUS_OCSP_FAILURE;
  938. break;
  939. }
  940. // if Responder Id is a Name, make sure the value matches the value in the certificate.
  941. if(ocspResponseFields->ocspResponderIdName.commonNameSize != certificateFields.subject.commonNameSize ||
  942. memcmp(ocspResponseFields->ocspResponderIdName.commonName, certificateFields.subject.commonName, certificateFields.subject.commonNameSize) != 0){
  943. DBG_ASSERT(0);
  944. Status = X509_STATUS_OCSP_FAILURE;
  945. break;
  946. }
  947. }
  948. #ifndef WIN_TEST
  949. // We have verified the OCSP response. See if we have trusted time. Else provision it.
  950. if(OcspReqType == NON_CACHED){
  951. Status = StoreTrustedTime(ocspResponseFields->producedAt);
  952. if(Status == STATUS_SUCCESS)
  953. gSessmgrCtx.TrustedTimeProvisioned = TRUE;
  954. }
  955. // If we have cached response, Make sure produced at was not more than a day
  956. if(OcspReqType == CACHED){
  957. Status = VerifyOcspCachedResponseValidity(ocspResponseFields);
  958. if(Status != X509_STATUS_SUCCESS){
  959. DBG_ASSERT(0);
  960. Status = X509_STATUS_OCSP_FAILURE;
  961. break;
  962. }
  963. }
  964. #endif
  965. #ifdef PRINT
  966. printf("\nOcsp response signature verified ");
  967. SetConsoleTextAttribute(hConsole, 2);
  968. printf("\n \n *************** VerifyOcspResponseAttributes complete ***************** \n \n");
  969. SetConsoleTextAttribute(hConsole, 8);
  970. #endif
  971. Status = X509_STATUS_SUCCESS;
  972. } while(0);
  973. SESSMGR_MEM_FREE(workBuffer);
  974. return Status;
  975. }
  976. #endif // #ifndef X509_FOR_PSE_PR
  977. STATUS VerifyBasicCertificateAttributes(const Uint8* certificateDerEncoded, const Uint8* workBuffer, const SessMgrCertificateFields* certificateFields,
  978. const ISSUER_INFO *IssuerInfo, const CertificateType CertType, CertificateLevel CertLevel, BOOL UseFacsimileEpid)
  979. {
  980. SessMgrEcdsaPublicKey *EcdsaKey;
  981. #ifdef X509_FOR_PSE_PR
  982. UNUSED(certificateDerEncoded);
  983. UNUSED(workBuffer);
  984. UNUSED(EcdsaKey);
  985. UNUSED(CertType);
  986. UNUSED(CertLevel);
  987. #endif
  988. // Make sure the signature Algorithms for issuer is the same as the one used in the TbsCertificate
  989. if(certificateFields->TbsCertSignAlgoId != certificateFields->algorithmIdentifierForSignature){
  990. DBG_ASSERT(0);
  991. return X509_STATUS_ENCODING_ERROR;
  992. }
  993. #ifndef X509_FOR_PSE_PR //PSE Usage doesn't need to check Cert expiration
  994. STATUS Status = X509_GENERAL_ERROR;
  995. // Verify if the certificate time is valid. At this point we expect trusted time to be set.
  996. /* Chicken and Egg problem: we get trusted time from OCSP. How do we check validity of OCSP responder certificate?
  997. Solution : Intel signs the OCSP responder cert and EPID group certs. its valid for a really long time. So for these
  998. certs, dont check validity.*/
  999. #ifndef WIN_TEST
  1000. if((CertType != EpidGroupCertificate) && (CertType != OcspResponderCertificate)){
  1001. Status = VerifyValidity(certificateFields->notValidBeforeTime, certificateFields->notValidAfterTime);
  1002. if(Status != X509_STATUS_SUCCESS){
  1003. DBG_ASSERT(0);
  1004. return X509_STATUS_EXPIRED_CERTIFICATE;
  1005. }
  1006. }
  1007. #endif
  1008. Status = VerifySignature(IssuerInfo, &certificateFields->messageBuffer, &certificateFields->signatureBuffer, UseFacsimileEpid);
  1009. if(Status != X509_STATUS_SUCCESS){
  1010. DBG_ASSERT(0);
  1011. return X509_INVALID_SIGNATURE;
  1012. }
  1013. #endif
  1014. // Common name and OrgName should be present.
  1015. if(!certificateFields->issuer.commonName || !certificateFields->subject.commonName || !certificateFields->subject.organization){
  1016. DBG_ASSERT(0);
  1017. return X509_STATUS_ENCODING_ERROR;
  1018. }
  1019. #if 0
  1020. // The issuer of the root certificate has to be intel irrespective of the certificate type.
  1021. if(CertLevel == root){
  1022. if(certificateFields->issuer.commonNameSize != strlen("www.intel.com") ||
  1023. memcmp(certificateFields->issuer.commonName, "www.intel.com", strlen("www.intel.com")) !=0){
  1024. DBG_ASSERT(0);
  1025. return X509_STATUS_ENCODING_ERROR;
  1026. }
  1027. }
  1028. #endif
  1029. // Make sure the subject of the prev certificate is the issuer of the current certificate
  1030. if(IssuerInfo->CommonNameBuf.buffer && IssuerInfo->CommonNameBuf.length > 0){
  1031. if(certificateFields->issuer.commonNameSize != IssuerInfo->CommonNameBuf.length ||
  1032. memcmp(certificateFields->issuer.commonName, IssuerInfo->CommonNameBuf.buffer, IssuerInfo->CommonNameBuf.length) != 0){
  1033. DBG_ASSERT(0);
  1034. return X509_STATUS_ENCODING_ERROR;
  1035. }
  1036. }
  1037. #ifndef X509_FOR_PSE_PR
  1038. switch(CertType){
  1039. case OcspResponderCertificate:
  1040. if(certificateFields->keyUsage.value == 0){
  1041. DBG_ASSERT(0);
  1042. return X509_STATUS_ENCODING_ERROR;
  1043. }
  1044. // Make sure only the non-repudiation and digitalSignature are set.
  1045. if(certificateFields->keyUsage.value != (X509_BIT0 | X509_BIT1)){
  1046. DBG_ASSERT(0);
  1047. return X509_STATUS_ENCODING_ERROR;
  1048. }
  1049. // ExtendedKeyUsage must be specified.
  1050. if(certificateFields->ExtendedKeyUsage.value == 0){
  1051. DBG_ASSERT(0);
  1052. return X509_STATUS_ENCODING_ERROR;
  1053. }
  1054. // Basic constraints extension should be present.
  1055. if(!certificateFields->basicConstraint.isBasicConstraintPresent){
  1056. DBG_ASSERT(0);
  1057. return X509_STATUS_ENCODING_ERROR;
  1058. }
  1059. // isCa should be deasserted. We will not delegate OCSP signing authority to anybody else.
  1060. if(certificateFields->basicConstraint.isCa == DER_ENCODING_TRUE){
  1061. DBG_ASSERT(0);
  1062. return X509_STATUS_ENCODING_ERROR;
  1063. }
  1064. break;
  1065. case VerifierCertificate:
  1066. // Basic Constraint should be present.
  1067. if(!certificateFields->basicConstraint.isBasicConstraintPresent){
  1068. DBG_ASSERT(0);
  1069. return X509_STATUS_ENCODING_ERROR;
  1070. }
  1071. // Make sure leaf certs dont have isCA set and intermediate Certs have isCa deasserted.
  1072. if( (CertLevel == leaf && certificateFields->basicConstraint.isCa == DER_ENCODING_TRUE) ||
  1073. (CertLevel != leaf && certificateFields->basicConstraint.isCa == DER_ENCODING_FALSE)){
  1074. DBG_ASSERT(0);
  1075. return X509_STATUS_ENCODING_ERROR;
  1076. }
  1077. if(certificateFields->algorithmIdentifierForSubjectPublicKey == X509_ecdsaPublicKey){
  1078. // For ECDSA public key, we expect curvve to be prime256v1
  1079. EcdsaKey = (SessMgrEcdsaPublicKey *)certificateFields->subjectPublicKey.buffer;
  1080. if(EcdsaKey->eccParameter != curvePrime256v1){
  1081. DBG_ASSERT(0);
  1082. return X509_STATUS_ENCODING_ERROR;
  1083. }
  1084. }
  1085. // For root and intermediate certificates, BIT5 (KeyCertSign) must be asserted
  1086. if(CertLevel != leaf){
  1087. if(certificateFields->keyUsage.value != X509_BIT5){
  1088. DBG_ASSERT(0);
  1089. return X509_STATUS_ENCODING_ERROR;
  1090. }
  1091. }else{
  1092. if(certificateFields->keyUsage.value != (X509_BIT0 | X509_BIT1)){
  1093. DBG_ASSERT(0);
  1094. return X509_STATUS_ENCODING_ERROR;
  1095. }
  1096. }
  1097. // Check for Subject Key Identifier. Per spec, all certificate except leaf should have this and should be equal to SHA1 of the public key.
  1098. if(CertLevel != leaf){
  1099. if(!certificateFields->SubjectKeyId.buffer || certificateFields->SubjectKeyId.length != SHA1_HASH_LEN ){
  1100. DBG_ASSERT(0);
  1101. return X509_STATUS_ENCODING_ERROR;
  1102. }
  1103. if(VerifySha1Hash(&certificateFields->EncodedSubjectPublicKey, certificateFields->SubjectKeyId.buffer , certificateFields->SubjectKeyId.length) == FALSE){
  1104. DBG_ASSERT(0);
  1105. return X509_STATUS_ENCODING_ERROR;
  1106. }
  1107. }
  1108. // Every verifier cert should have an authority key id
  1109. if(!certificateFields->AuthorityKeyId.buffer || (certificateFields->AuthorityKeyId.length != IssuerInfo->EncodedPublicKeyHashBuffer.length) ){
  1110. DBG_ASSERT(0);
  1111. return X509_STATUS_ENCODING_ERROR;
  1112. }
  1113. // Verify Authority Key Id. Spec says Authority Key ID of current cert should be equal to the SubjectKeyId of the upper cert. SubjectKeyId is nothing but the hash of the upper certs public key.
  1114. // we have that available in this function. So compare Authority Key with that.
  1115. if(certificateFields->AuthorityKeyId.length != IssuerInfo->EncodedPublicKeyHashBuffer.length ||
  1116. memcmp(certificateFields->AuthorityKeyId.buffer, IssuerInfo->EncodedPublicKeyHashBuffer.buffer, IssuerInfo->EncodedPublicKeyHashBuffer.length) != 0){
  1117. // if the first cert is signed by the prod Intel IVK & GID is 0, try again with hash of the prod Intel IVK
  1118. #ifndef X509_FOR_PSE_PR
  1119. if (gSessmgrCtx.FuseGidZero){
  1120. #endif
  1121. UINT8 TempSignKeyBuffer[ECDSA_KEY_SIZE + 1] = {0};
  1122. SessMgrDataBuffer TempDataBuffer = {sizeof(TempSignKeyBuffer), TempSignKeyBuffer};
  1123. TempSignKeyBuffer[0] = 0x04;
  1124. SESSMGR_MEMCPY_S(TempSignKeyBuffer + 1, ECDSA_KEY_SIZE, INTEL_ECDSA_PUBKEY_PROD_BE, sizeof(INTEL_ECDSA_PUBKEY_PROD_BE));
  1125. Status = CryptoCreateHash(CRYPTO_HASH_TYPE_SHA1,
  1126. &TempDataBuffer,
  1127. &IssuerInfo->EncodedPublicKeyHashBuffer,
  1128. NULL,
  1129. NULL,
  1130. SINGLE_BLOCK);
  1131. if (Status != STATUS_SUCCESS) {
  1132. DBG_ASSERT(0);
  1133. return X509_STATUS_INTERNAL_ERROR;
  1134. }
  1135. if (certificateFields->AuthorityKeyId.length != IssuerInfo->EncodedPublicKeyHashBuffer.length ||
  1136. memcmp(certificateFields->AuthorityKeyId.buffer, IssuerInfo->EncodedPublicKeyHashBuffer.buffer, IssuerInfo->EncodedPublicKeyHashBuffer.length) != 0){
  1137. DBG_ASSERT(0);
  1138. return X509_STATUS_ENCODING_ERROR;
  1139. }
  1140. #ifndef X509_FOR_PSE_PR
  1141. }
  1142. else{
  1143. DBG_ASSERT(0);
  1144. return X509_STATUS_ENCODING_ERROR;
  1145. }
  1146. #endif // #ifdef X509_FOR_PSE_PR
  1147. }
  1148. // Product type must be present
  1149. if(certificateFields->productType == invalidProductType || certificateFields->productType >= Max_ProductType){
  1150. DBG_ASSERT(0);
  1151. return X509_STATUS_ENCODING_ERROR;
  1152. }
  1153. // If issuer certificate product type exists, ensure it matches current cert
  1154. if ((IssuerInfo->productType != invalidProductType) && (IssuerInfo->productType != certificateFields->productType)) {
  1155. DBG_ASSERT(0);
  1156. return X509_STATUS_ENCODING_ERROR;
  1157. }
  1158. break;
  1159. }
  1160. #endif
  1161. #ifdef PRINT
  1162. SetConsoleTextAttribute(hConsole, 4);
  1163. printf("\n \n *************** VerifyBasicCertificateAttributes complete ***************** \n \n");
  1164. SetConsoleTextAttribute(hConsole, 8);
  1165. #endif
  1166. return X509_STATUS_SUCCESS;
  1167. }
  1168. #ifndef X509_FOR_PSE_PR
  1169. static BOOL VerifySha1Hash(SessMgrDataBuffer *HashData, UINT8 *Expectedhash, UINT32 ExpectedHashLength)
  1170. {
  1171. UINT8 HashOut[SHA1_HASH_LEN] = {0};
  1172. SessMgrDataBuffer HashBuf;
  1173. STATUS Status;
  1174. if(!HashData->buffer || HashData->length == 0)
  1175. return FALSE;
  1176. HashBuf.buffer = HashOut;
  1177. HashBuf.length = SHA1_HASH_LEN;
  1178. memset(HashBuf.buffer, 0 , HashBuf.length);
  1179. Status = CryptoCreateHash(CRYPTO_HASH_TYPE_SHA1,
  1180. HashData,
  1181. &HashBuf,
  1182. NULL,
  1183. NULL,
  1184. SINGLE_BLOCK);
  1185. if(Status != STATUS_SUCCESS){
  1186. DBG_ASSERT(0);
  1187. return FALSE;
  1188. }
  1189. if(HashBuf.length != ExpectedHashLength ||
  1190. memcmp(HashBuf.buffer, Expectedhash, ExpectedHashLength) != 0){
  1191. return FALSE;
  1192. }
  1193. return TRUE;
  1194. }
  1195. #endif
  1196. #ifndef X509_FOR_PSE_PR //NRG: not validating time in enclave
  1197. #ifndef WIN_TEST
  1198. STATUS VerifyValidity(SessMgrDateTime notValidBeforeTime, SessMgrDateTime NotValidAfterTime)
  1199. {
  1200. STATUS Status;
  1201. NTP_TIMESTAMP CurrentTime, NotValidBefore, NotValidAfter;
  1202. // At this point, we expect trusted time to be provisioned. Else Error
  1203. if(!gSessmgrCtx.TrustedTimeProvisioned){
  1204. DBG_ASSERT(0);
  1205. return X509_STATUS_INTERNAL_ERROR;
  1206. }
  1207. Status = PrtcGetTime(&CurrentTime, gSessmgrCtx.TrustedTime.RtcOffset);
  1208. if(Status != STATUS_SUCCESS){
  1209. DBG_ASSERT(0);
  1210. return X509_STATUS_INTERNAL_ERROR;
  1211. }
  1212. // extract time from the certs and convert it into NTP. Get NotValidBefore and NotValidAfter.
  1213. // There is no day 0. We use that to find if the field has been populated. If not, ignore this check.
  1214. if(notValidBeforeTime.date.yearMonthDay.day != 0){
  1215. Status = ConvertTimeToNtp(notValidBeforeTime, &NotValidBefore);
  1216. if(Status != STATUS_SUCCESS){
  1217. DBG_ASSERT(0);
  1218. return X509_STATUS_INTERNAL_ERROR;
  1219. }
  1220. if( CurrentTime.Seconds < NotValidBefore.Seconds - 120){
  1221. DBG_ASSERT(0);
  1222. return X509_STATUS_EXPIRED_CERTIFICATE;
  1223. }
  1224. }
  1225. if(NotValidAfterTime.date.yearMonthDay.day != 0){
  1226. Status = ConvertTimeToNtp(NotValidAfterTime, &NotValidAfter);
  1227. if(Status != STATUS_SUCCESS){
  1228. DBG_ASSERT(0);
  1229. return X509_STATUS_INTERNAL_ERROR;
  1230. }
  1231. if(CurrentTime.Seconds > NotValidAfter.Seconds){
  1232. DBG_ASSERT(0);
  1233. return X509_STATUS_EXPIRED_CERTIFICATE;
  1234. }
  1235. }
  1236. return X509_STATUS_SUCCESS;
  1237. }
  1238. STATUS VerifyOcspCachedResponseValidity(SessMgrOcspResponseFields *OcspResponseFields)
  1239. {
  1240. STATUS Status;
  1241. NTP_TIMESTAMP CurrentTime = {0, 0};
  1242. NTP_TIMESTAMP ProducedAt = {0, 0};
  1243. // At this point, we expect trusted time to be provisioned. Else Error
  1244. if(!gSessmgrCtx.TrustedTimeProvisioned){
  1245. DBG_ASSERT(0);
  1246. return X509_STATUS_INTERNAL_ERROR;
  1247. }
  1248. Status = PrtcGetTime(&CurrentTime, gSessmgrCtx.TrustedTime.RtcOffset);
  1249. if(Status != STATUS_SUCCESS){
  1250. DBG_ASSERT(0);
  1251. return X509_STATUS_INTERNAL_ERROR;
  1252. }
  1253. // extract time from the certs and convert it into NTP. Get NotValidBefore and NotValidAfter
  1254. Status = ConvertTimeToNtp(OcspResponseFields->producedAt, &ProducedAt);
  1255. if(Status != STATUS_SUCCESS){
  1256. DBG_ASSERT(0);
  1257. return X509_STATUS_INTERNAL_ERROR;
  1258. }
  1259. #ifndef _WIN32_DEVPLATFORM // don't validate certificate time on DevPlatform
  1260. // assuming no rollover
  1261. if ((ProducedAt.Seconds > CurrentTime.Seconds) &&
  1262. ((ProducedAt.Seconds - CurrentTime.Seconds) > OCSP_DELAY_TOLERANCE_SECONDS )){
  1263. DBG_ASSERT(0);
  1264. return X509_STATUS_INTERNAL_ERROR;
  1265. }
  1266. if ((CurrentTime.Seconds > ProducedAt.Seconds) &&
  1267. ((CurrentTime.Seconds - ProducedAt.Seconds) > SECONDS_IN_DAY )){
  1268. DBG_ASSERT(0);
  1269. return X509_STATUS_EXPIRED_CERTIFICATE;
  1270. }
  1271. #endif // _WIN32_DEVPLATFORM
  1272. return X509_STATUS_SUCCESS;
  1273. }
  1274. #endif
  1275. #endif // #ifndef X509_FOR_PSE_PR
  1276. /*
  1277. This function will parse the certificate, will extract out interesting data (defined in the "Fields" structure) and return them to the caller.
  1278. */
  1279. static STATUS sessMgrParseDerCert
  1280. (
  1281. IN X509_PROTOCOL* X509Protocol,
  1282. IN Uint8* certificateDerEncoded,
  1283. IN Uint8* pCertEnd,
  1284. IN Uint8* workBuffer,
  1285. IN UINT32 workBufferSize,
  1286. OUT SessMgrCertificateFields* certificateFields,
  1287. IN ISSUER_INFO *IssuerInfo,
  1288. IN BOOL UseFacsimileEpid
  1289. )
  1290. {
  1291. UINT32 Status;
  1292. /* Refer to certificate structure for definition */
  1293. Uint8* workBufferStart = workBuffer;
  1294. UINT8* current_ptr = certificateDerEncoded;
  1295. UINT8* pTemp;
  1296. UINT32 length;
  1297. UINT32 i = 0;
  1298. SessMgrEllipticCurveParameter params = unknownParameter;
  1299. UINT8 EncodingBytes;
  1300. UINT32 padding;
  1301. #ifdef PRINT
  1302. printf("\n **************** Parsing a Certificate ******************** ");
  1303. for(i=0;i<certificateFields->serialNumber.length;i++)
  1304. printf("%hhx ",*(certificateFields->serialNumber.buffer + i));
  1305. #endif
  1306. #ifdef X509_FOR_PSE_PR
  1307. UNUSED(X509Protocol);
  1308. UNUSED(i);
  1309. #endif
  1310. do{
  1311. Status = ParseIdAndLength(&current_ptr, pCertEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1312. if(Status != X509_STATUS_SUCCESS)
  1313. break;
  1314. certificateFields->messageBuffer.buffer = current_ptr;
  1315. /* Start of TBS Certificate : Starts with a sequence */
  1316. Status = ParseIdAndLength(&current_ptr, pCertEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1317. if(Status != X509_STATUS_SUCCESS)
  1318. break;
  1319. // Total signed buffer length = certificate Length + Encoding Bytes ( +1 is for the Type identifier)
  1320. certificateFields->messageBuffer.length = length + EncodingBytes + 1;
  1321. /*** Early Signature Verification ****/
  1322. // Try to verify signature first. That way we resolve all corruption problems.
  1323. pTemp = certificateFields->messageBuffer.buffer + certificateFields->messageBuffer.length;
  1324. // Current pointer is at SignatureAlgorithm which is a algorithm identifier
  1325. Status = ParseAlgoIdentifier(&pTemp, pCertEnd, (UINT32*)&certificateFields->TbsCertSignAlgoId, signature_algo, &params);
  1326. if(Status != X509_STATUS_SUCCESS){
  1327. DBG_ASSERT(0);
  1328. break;
  1329. }
  1330. // Next field : SignatureValue
  1331. Status = ParseSignatureValue(&pTemp, pCertEnd, &workBuffer, workBufferSize - (int)(workBuffer-workBufferStart), &certificateFields->signatureBuffer, certificateFields->TbsCertSignAlgoId);
  1332. if(Status != X509_STATUS_SUCCESS){
  1333. DBG_ASSERT(0);
  1334. break;
  1335. }
  1336. Status = VerifySignature(IssuerInfo, &certificateFields->messageBuffer, &certificateFields->signatureBuffer, UseFacsimileEpid);
  1337. if(Status != X509_STATUS_SUCCESS){
  1338. DBG_ASSERT(0);
  1339. return X509_INVALID_SIGNATURE;
  1340. }
  1341. /**** End Early Signature Verification *****/
  1342. // Next Field : Version (Optional field with explicit tagging)
  1343. Status = ParseIdAndLength(&current_ptr, pCertEnd, EXPLICIT_TAG_0_ID_VALUE, &length, &EncodingBytes, TRUE);
  1344. if( (Status != X509_STATUS_SUCCESS) && Status != X509_STATUS_NOT_FOUND)
  1345. break;
  1346. if(Status != X509_STATUS_NOT_FOUND){
  1347. // We have a version number. Note: Not using ParseInteger function because certificateVersion is defined as a UINT32 and not a DataBuffer
  1348. Status = ParseIdAndLength(&current_ptr, pCertEnd, DER_ENCODING_INTEGER_ID, &length, &EncodingBytes, FALSE);
  1349. if(Status != X509_STATUS_SUCCESS || length > MAX_VERSION_LENGTH_SIZE_BYTES){
  1350. Status = X509_STATUS_ENCODING_ERROR;
  1351. break;
  1352. }
  1353. SESSMGR_MEMCPY_S((UINT8*)&certificateFields->certificateVersion + sizeof(UINT32) - length, length, current_ptr, length);
  1354. // The certificates are big endian.
  1355. SwapEndian((UINT8 *)&certificateFields->certificateVersion, sizeof(UINT32));
  1356. if(certificateFields->certificateVersion != v3){
  1357. Status = X509_STATUS_INVALID_VERSION;
  1358. break;
  1359. }
  1360. current_ptr+= length;
  1361. }else{
  1362. /* Default is v1 according to spec . But we dont support onyl v3. Return error. */
  1363. Status = X509_STATUS_INVALID_VERSION;
  1364. break;
  1365. }
  1366. // Next Field : Certificate Serial Number Format : Integer Identifier + Length + Value (Max 20 bytes)
  1367. Status = ParseInteger(&current_ptr, pCertEnd, &certificateFields->serialNumber, FALSE, TRUE, &padding);
  1368. if ((Status != X509_STATUS_SUCCESS) || (certificateFields->serialNumber.length + padding > MAX_HASH_LEN)) {
  1369. DBG_ASSERT(0);
  1370. Status = X509_STATUS_ENCODING_ERROR;
  1371. break;
  1372. }
  1373. #ifdef PRINT
  1374. printf("\n Serial Number ");
  1375. for(i=0;i<certificateFields->serialNumber.length;i++)
  1376. printf("%hhx ",*(certificateFields->serialNumber.buffer + i));
  1377. #endif
  1378. // Next Field : Algorithm Identifier (signature) The OID is expected to be one of the HardCodedSignatureAlgorithmOid array values.
  1379. Status = ParseAlgoIdentifier(&current_ptr, pCertEnd, (UINT32*)&certificateFields->algorithmIdentifierForSignature,signature_algo, &params);
  1380. if(Status != X509_STATUS_SUCCESS){
  1381. Status = X509_STATUS_ENCODING_ERROR;
  1382. break;
  1383. }
  1384. // Next Field : issuer
  1385. Status = ParseName(&current_ptr, pCertEnd, &certificateFields->issuer);
  1386. if(Status != X509_STATUS_SUCCESS){
  1387. DBG_ASSERT(0);
  1388. break;
  1389. }
  1390. // Next Field : Validity Format : sequence notBefore notAfter
  1391. Status = ParseIdAndLength(&current_ptr, pCertEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1392. if(Status != X509_STATUS_SUCCESS)
  1393. break;
  1394. // Parse notBefore, notAfter, Subject, SubjectPublic key info
  1395. Status = ParseTime(&current_ptr, pCertEnd, &certificateFields->notValidBeforeTime);
  1396. if(Status != X509_STATUS_SUCCESS)
  1397. break;
  1398. Status = ParseTime(&current_ptr, pCertEnd, &certificateFields->notValidAfterTime);
  1399. if(Status != X509_STATUS_SUCCESS)
  1400. break;
  1401. Status = ParseName(&current_ptr, pCertEnd, &certificateFields->subject);
  1402. if(Status != X509_STATUS_SUCCESS)
  1403. break;
  1404. Status = ParseSubjectPublicKeyInfo(&current_ptr, pCertEnd, &workBuffer, certificateFields);
  1405. if(Status != X509_STATUS_SUCCESS)
  1406. break;
  1407. // Next Field: IssuerUniqueId [optional] Implicit TAG Number is 1 Type : UniqueIdentifier (BIT STRING)
  1408. Status = ParseIdAndLength(&current_ptr, pCertEnd, IMPLICIT_TAG_ID + TAG_NUMBER_ISSUER_UNIQUE_ID, &length, &EncodingBytes, TRUE);
  1409. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1410. break;
  1411. if(Status != X509_STATUS_NOT_FOUND){
  1412. certificateFields->IssuerUniqueId.buffer = current_ptr;
  1413. certificateFields->IssuerUniqueId.length = length;
  1414. current_ptr += length;
  1415. }
  1416. // Next Field: SubjectUniqueId [optional] Implicit TAG Number is 2 Type : UniqueIdentifier (BIT STRING)
  1417. Status = ParseIdAndLength(&current_ptr, pCertEnd, IMPLICIT_TAG_ID + TAG_NUMBER_SUBJECT_UNIQUE_ID, &length, &EncodingBytes, TRUE);
  1418. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1419. break;
  1420. if(Status != X509_STATUS_NOT_FOUND){
  1421. certificateFields->SubjectUniqueId.buffer = current_ptr;
  1422. certificateFields->SubjectUniqueId.length = length;
  1423. current_ptr += length;
  1424. }
  1425. // Next Field: Extensions [optional]
  1426. Status = ParseIdAndLength(&current_ptr, pCertEnd, EXPLICIT_TAG_ID + TAG_NUMBER_EXTENSIONS, &length, &EncodingBytes, TRUE);
  1427. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1428. break;
  1429. if(Status != X509_STATUS_NOT_FOUND){
  1430. #ifndef X509_FOR_PSE_PR
  1431. Status = ParseCertExtensions(&current_ptr, current_ptr + length, certificateFields);
  1432. if(Status != X509_STATUS_SUCCESS){
  1433. DBG_ASSERT(0);
  1434. break;
  1435. }
  1436. #else
  1437. current_ptr += length;
  1438. #endif
  1439. }
  1440. /* End of TbsCErtificate */
  1441. // Current pointer is at SignatureAlgorithm which is a algorithm identifier
  1442. Status = ParseAlgoIdentifier(&current_ptr, pCertEnd, (UINT32*)&certificateFields->TbsCertSignAlgoId, signature_algo, &params);
  1443. if(Status != X509_STATUS_SUCCESS){
  1444. DBG_ASSERT(0);
  1445. break;
  1446. }
  1447. // Next field : SignatureValue
  1448. Status = ParseSignatureValue(&current_ptr, pCertEnd, &workBuffer, workBufferSize - (int)(workBuffer - workBufferStart), &certificateFields->signatureBuffer, certificateFields->algorithmIdentifierForSignature);
  1449. if(Status != X509_STATUS_SUCCESS){
  1450. DBG_ASSERT(0);
  1451. break;
  1452. }
  1453. }while(0);
  1454. DBG_ASSERT((int)(workBuffer - workBufferStart) < workBufferSize)
  1455. DBG_ASSERT(Status == X509_STATUS_SUCCESS);
  1456. if (current_ptr != pCertEnd) {
  1457. DBG_ASSERT(0);
  1458. return X509_STATUS_ENCODING_ERROR;
  1459. }
  1460. return Status;
  1461. }
  1462. #ifndef X509_FOR_PSE_PR
  1463. STATUS sessMgrParseOcspResponse
  1464. (
  1465. IN X509_PROTOCOL* X509Protocol,
  1466. IN Uint8* OcspResponse,
  1467. IN Uint8* OcspResponseEnd,
  1468. IN Uint8* workBuffer,
  1469. IN UINT32 workBufferSize,
  1470. OUT SessMgrOcspResponseFields* OcspResponseFields
  1471. )
  1472. {
  1473. STATUS Status;
  1474. Uint8* workBufferStart = workBuffer;
  1475. UINT8* current_ptr = OcspResponse;
  1476. UINT32 length;
  1477. UINT32 temp;
  1478. SessMgrOcspSingleResponse *SingleResponse;
  1479. UINT8 *end_of_single_responses;
  1480. SessMgrEllipticCurveParameter params;
  1481. UINT8 EncodingBytes;
  1482. UINT32 padding;
  1483. #ifdef WIN_TEST
  1484. SetConsoleTextAttribute(hConsole, 4);
  1485. printf("\n \n *************** Parsing OCSP response ***************** \n \n");
  1486. SetConsoleTextAttribute(hConsole, 8);
  1487. #endif
  1488. /* Ocsp response is a SEQ { responseStatus, response bytes }*/
  1489. do{
  1490. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1491. if(Status != X509_STATUS_SUCCESS)
  1492. break;
  1493. // Next Field: response status response status is a enumerated type
  1494. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_ENUMERATED_ID, &length, &EncodingBytes, FALSE);
  1495. if(Status != X509_STATUS_SUCCESS || length != 1){
  1496. // Note: currently we support only 7 bits. So error out if length is more than 1 byte
  1497. Status = X509_STATUS_ENCODING_ERROR;
  1498. break;
  1499. }
  1500. OcspResponseFields->ocspResponseStatus = (ResponseStatus)*current_ptr;
  1501. current_ptr += length;
  1502. // Next Field: response bytes Reponsne Bytes is a SEQ { response type , response }. response bytes is optional
  1503. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, EXPLICIT_TAG_ID + TAG_NUMBER_RESPONSE_BYTES, &length, &EncodingBytes, TRUE);
  1504. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1505. break;
  1506. if(Status == X509_STATUS_NOT_FOUND){
  1507. // No response bytes. Nothing more to parse.
  1508. Status = X509_STATUS_SUCCESS;
  1509. break;
  1510. }
  1511. /* WE HAVE A RESPONSE !!!! */
  1512. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1513. if(Status != X509_STATUS_SUCCESS)
  1514. break;
  1515. // Next Field: responseType Type : Object ID
  1516. Status = ParseOID(&current_ptr, OcspResponseEnd, &temp, &OcspResponseTypeOid[0][0],
  1517. sizeof(OcspResponseTypeOid)/sizeof(OcspResponseTypeOid[0]),
  1518. sizeof(OcspResponseTypeOid[0]));
  1519. if(Status != X509_STATUS_SUCCESS || temp != 0){
  1520. DBG_ASSERT(0);
  1521. Status = X509_STATUS_ENCODING_ERROR;
  1522. break;
  1523. }
  1524. // Next Field: response Type : OCTET STRING
  1525. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1526. if(Status != X509_STATUS_SUCCESS)
  1527. break;
  1528. // The only response type we support is basicOcspResponse. BasicOcspResponse is SEQ {tbsResponseData, SignatureAlgo, Signature, Certs [optional] }
  1529. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1530. if(Status != X509_STATUS_SUCCESS)
  1531. break;
  1532. // Next Field : tbsResponseData Format : Seq { version [optional], ResponderId, ProducesdAt, responses, responseExtensions [optional]
  1533. OcspResponseFields->tbsResponseData.buffer = current_ptr;
  1534. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1535. if(Status != X509_STATUS_SUCCESS)
  1536. break;
  1537. OcspResponseFields->tbsResponseData.length = length + EncodingBytes + 1;
  1538. // We dont store the version anywhere. Just parse if present and move pointer to next type
  1539. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, EXPLICIT_TAG_ID + TAG_NUMBER_VERSION, &length, &EncodingBytes, TRUE);
  1540. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1541. break;
  1542. if(Status != X509_STATUS_NOT_FOUND){
  1543. // we have version. Just parse over it
  1544. current_ptr += length;
  1545. }
  1546. // Next Field : ResponderId ResponderId can be a choice of either Name or KeyHash. We distinguish them using the tags
  1547. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, EXPLICIT_TAG_ID + TAG_NUMBER_RESPONDER_NAME, &length, &EncodingBytes, TRUE);
  1548. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1549. break;
  1550. if(Status != X509_STATUS_NOT_FOUND){
  1551. Status = ParseName(&current_ptr, OcspResponseEnd, &OcspResponseFields->ocspResponderIdName);
  1552. if(Status != X509_STATUS_SUCCESS)
  1553. break;
  1554. }else{
  1555. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, EXPLICIT_TAG_ID + TAG_NUMBER_RESPONDER_KEYHASH, &length, &EncodingBytes, FALSE);
  1556. if(Status != X509_STATUS_SUCCESS){
  1557. /* We either need to have a Id or a Keyhash */
  1558. Status = X509_STATUS_ENCODING_ERROR;
  1559. break;
  1560. }
  1561. // KeyHash is a octet String
  1562. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1563. if(Status != X509_STATUS_SUCCESS)
  1564. break;
  1565. OcspResponseFields->ocspResponderIdKeyHash.buffer = current_ptr;
  1566. OcspResponseFields->ocspResponderIdKeyHash.length = length;
  1567. current_ptr +=length;
  1568. }
  1569. /* Next Field : ProducedAt */
  1570. Status = ParseTime(&current_ptr, OcspResponseEnd, &OcspResponseFields->producedAt);
  1571. if(Status != X509_STATUS_SUCCESS)
  1572. break;
  1573. #ifdef TIME_PRINT
  1574. printf("\n Produced At ");
  1575. PrintValidity(&OcspResponseFields->producedAt);
  1576. #endif
  1577. // Next Field : response Format : responses is a SEQ { single Responses }
  1578. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1579. if(Status != X509_STATUS_SUCCESS)
  1580. break;
  1581. end_of_single_responses = current_ptr + length;
  1582. // Each single response is parsed and put into the SessMgrOcspSingleResponse structure. This structure is declared out of the work buffer
  1583. SingleResponse = (SessMgrOcspSingleResponse *)workBuffer;
  1584. OcspResponseFields->allResponses = (SessMgrOcspSingleResponse*) workBuffer;
  1585. OcspResponseFields->numberOfSingleReponses = 0;
  1586. while(current_ptr < end_of_single_responses){
  1587. // update workbuffer pointer for future use
  1588. workBuffer += sizeof(SessMgrOcspSingleResponse);
  1589. // Each single response is a SEQ { CertID, CertStatus, Thisupdate, nextUpdate [optional], SingleExtensions [optional] */
  1590. Status = ParseIdAndLength(&current_ptr, end_of_single_responses, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1591. if(Status != X509_STATUS_SUCCESS)
  1592. break;
  1593. // current pointer is over CertId CertId is a Seq {hash algorithm, issuername hash, issuerKeyHash, serialNumber}
  1594. Status = ParseIdAndLength(&current_ptr, end_of_single_responses, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1595. if(Status != X509_STATUS_SUCCESS)
  1596. break;
  1597. // current pointer over Hash algo Hash algorithm is a Algorithm identifier
  1598. Status = ParseAlgoIdentifier(&current_ptr, end_of_single_responses, (UINT32*)&SingleResponse->issuerIdentifierHashType,Hash_algo, &params);
  1599. if(Status != X509_STATUS_SUCCESS)
  1600. break;
  1601. // Next Field: IssueNameHash Type : octet string */
  1602. Status = ParseIdAndLength(&current_ptr, end_of_single_responses, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1603. if(Status != X509_STATUS_SUCCESS)
  1604. break;
  1605. SingleResponse->issuerNameHash.buffer = current_ptr;
  1606. SingleResponse->issuerNameHash.length = length;
  1607. current_ptr+=length;
  1608. // Next Field: IssueKeyHash Type : octet string
  1609. Status = ParseIdAndLength(&current_ptr, end_of_single_responses, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1610. if(Status != X509_STATUS_SUCCESS)
  1611. break;
  1612. SingleResponse->issuerKeyHash.buffer = current_ptr;
  1613. SingleResponse->issuerKeyHash.length = length;
  1614. current_ptr+=length;
  1615. // Next Field: SerialNumber Type : Integer */
  1616. Status = ParseInteger(&current_ptr, end_of_single_responses, &SingleResponse->serialNumber, FALSE, TRUE, &padding);
  1617. if(Status != X509_STATUS_SUCCESS || (SingleResponse->serialNumber.length + padding > MAX_HASH_LEN)){
  1618. DBG_ASSERT(0);
  1619. Status = X509_STATUS_ENCODING_ERROR;
  1620. break;
  1621. }
  1622. // Next field: CertStatus certStatus can be a choice of { good [type : NULL], revoked [type : revoked info], unknown [type : NULL]
  1623. switch(*current_ptr)
  1624. {
  1625. case IMPLICIT_TAG_ID + TAG_NUMBER_GOOD:
  1626. SingleResponse->ocspCertificateStatus = good;
  1627. current_ptr++;
  1628. /* NULL id is always followed by length 0x00 */
  1629. if(*current_ptr != 0)
  1630. {
  1631. DBG_ASSERT(0);
  1632. return X509_STATUS_ENCODING_ERROR;
  1633. }
  1634. current_ptr++;
  1635. break;
  1636. case IMPLICIT_TAG_ID + TAG_NUMBER_UNKNOWN:
  1637. SingleResponse->ocspCertificateStatus = unknown;
  1638. current_ptr++;
  1639. /* NULL id is always followed by length 0x00 */
  1640. if(*current_ptr != 0)
  1641. {
  1642. DBG_ASSERT(0);
  1643. return X509_STATUS_ENCODING_ERROR;
  1644. }
  1645. current_ptr++;
  1646. break;
  1647. case IMPLICIT_TAG_STRUCTURED_TYPE_ID + TAG_NUMBER_REVOKED:
  1648. SingleResponse->ocspCertificateStatus = revoked;
  1649. /* This will be followed by a revoked time and reason.
  1650. We parse but ignore those fields
  1651. */
  1652. current_ptr++;
  1653. /* Get length */
  1654. Status = DecodeLength(current_ptr, end_of_single_responses, &length, &EncodingBytes);
  1655. if(Status != X509_STATUS_SUCCESS)
  1656. break;
  1657. current_ptr += EncodingBytes;
  1658. /* Move current_ptr beyond the revoked data */
  1659. current_ptr +=length;
  1660. break;
  1661. default:
  1662. DBG_ASSERT(0);
  1663. return X509_STATUS_ENCODING_ERROR;
  1664. }
  1665. if(Status != X509_STATUS_SUCCESS)
  1666. break;
  1667. // Next Field : ThisUpdate type: GeneralizedTime
  1668. Status = ParseTime(&current_ptr, end_of_single_responses, &SingleResponse->thisUpdate);
  1669. if(Status != X509_STATUS_SUCCESS)
  1670. break;
  1671. /* Next Field : NextUpdate [optional] */
  1672. Status = ParseIdAndLength(&current_ptr, end_of_single_responses, EXPLICIT_TAG_ID + TAG_NUMBER_NEXT_UPDATE, &length, &EncodingBytes, TRUE);
  1673. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1674. break;
  1675. if(Status != X509_STATUS_NOT_FOUND){
  1676. Status = ParseTime(&current_ptr, end_of_single_responses, &SingleResponse->nextUpdate);
  1677. if(Status != X509_STATUS_SUCCESS)
  1678. break;
  1679. }
  1680. /* INTERESTING CASE: Both singleExtensions and responseExtensions use the tag [1]. So at this point, there is no way of finding out if "A1" means Single or response Extentions.
  1681. We check the end of sequence pointer to resolve this.
  1682. */
  1683. if(current_ptr < end_of_single_responses){
  1684. // Next Field : Single Extensions [optional] we parse this but ignore the contents
  1685. Status = ParseIdAndLength(&current_ptr, end_of_single_responses, EXPLICIT_TAG_ID + TAG_NUMBER_SINGLE_EXTENSIONS, &length, &EncodingBytes, TRUE);
  1686. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1687. break;
  1688. if(Status != X509_STATUS_NOT_FOUND){
  1689. /* Move pointer past the extensions */
  1690. current_ptr +=length;
  1691. }
  1692. }
  1693. SingleResponse = (SessMgrOcspSingleResponse *)((UINT8 *)SingleResponse + sizeof(SessMgrOcspSingleResponse));
  1694. OcspResponseFields->numberOfSingleReponses++;
  1695. Status = X509_STATUS_SUCCESS;
  1696. }
  1697. if(Status != X509_STATUS_SUCCESS){
  1698. DBG_ASSERT(0);
  1699. Status = X509_STATUS_ENCODING_ERROR;
  1700. break;
  1701. }
  1702. #ifdef PRINT
  1703. int i;
  1704. printf("\n Number of single responses %d", OcspResponseFields->numberOfSingleReponses);
  1705. for (i=0;i<OcspResponseFields->numberOfSingleReponses;i++){
  1706. printf("\n\n Response Number %d", i);
  1707. SingleResponse = (SessMgrOcspSingleResponse *)(OcspResponseFields->allResponses) + i;
  1708. printf("\n serial number ");
  1709. PrintDataBuffer(&SingleResponse->serialNumber);
  1710. #ifdef TIME_PRINT
  1711. printf("\n This Update ");
  1712. PrintValidity(&SingleResponse->thisUpdate);
  1713. #endif
  1714. }
  1715. #endif
  1716. // Next Field : Response Extensions [optional]
  1717. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, EXPLICIT_TAG_ID + TAG_NUMBER_RESPONSE_EXTENSIONS, &length, &EncodingBytes, TRUE);
  1718. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1719. break;
  1720. if(Status != X509_STATUS_NOT_FOUND){
  1721. // Move pointer past the extensions
  1722. Status = ParseOcspExtensions(&current_ptr, current_ptr + length, OcspResponseFields);
  1723. if(Status != X509_STATUS_SUCCESS){
  1724. break;
  1725. }
  1726. }
  1727. // Next field : Signature Algorithm Id*/
  1728. Status = ParseAlgoIdentifier(&current_ptr, OcspResponseEnd, (UINT32 *)&OcspResponseFields->algorithmIdentifierForSignature ,signature_algo, &params);
  1729. if(Status != X509_STATUS_SUCCESS)
  1730. break;
  1731. Status = ParseSignatureValue(&current_ptr, OcspResponseEnd, &workBuffer, workBufferSize - (int)(workBuffer - workBufferStart), &OcspResponseFields->signature, OcspResponseFields->algorithmIdentifierForSignature);
  1732. if(Status != X509_STATUS_SUCCESS)
  1733. break;
  1734. // Next field : Certificate of the OCSP responder. This can be a chain */
  1735. // ??? why is this optional
  1736. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, EXPLICIT_TAG_ID + TAG_NUMBER_CERTS, &length, &EncodingBytes, TRUE);
  1737. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1738. break;
  1739. if(Status != X509_STATUS_NOT_FOUND){
  1740. /* This is a sequence of certificates. */
  1741. Status = ParseIdAndLength(&current_ptr, OcspResponseEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1742. if(Status != X509_STATUS_SUCCESS)
  1743. break;
  1744. OcspResponseFields->responderCertificate.buffer = current_ptr;
  1745. OcspResponseFields->responderCertificate.length = length;
  1746. current_ptr += length;
  1747. }
  1748. }while(0);
  1749. DBG_ASSERT(Status == X509_STATUS_SUCCESS);
  1750. if (current_ptr != OcspResponseEnd) {
  1751. DBG_ASSERT(0)
  1752. return X509_STATUS_ENCODING_ERROR;
  1753. }
  1754. return Status;
  1755. }
  1756. #endif
  1757. /* Common functions */
  1758. #ifndef X509_FOR_PSE_PR
  1759. static STATUS ParseBoolean(UINT8 **ppCurrent, UINT8 *pEnd, BOOL* Value, BOOL optional)
  1760. {
  1761. STATUS Status;
  1762. UINT8 *current_ptr = *ppCurrent;
  1763. UINT8 EncodingBytes;
  1764. UINT32 length;
  1765. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_BOOLEAN_ID, &length, &EncodingBytes, optional);
  1766. if(Status == X509_STATUS_NOT_FOUND && optional == TRUE)
  1767. return X509_STATUS_NOT_FOUND;
  1768. if(Status != X509_STATUS_SUCCESS || length != 1){
  1769. Status = X509_STATUS_ENCODING_ERROR;
  1770. return Status;
  1771. }
  1772. *Value = *current_ptr;
  1773. current_ptr++;
  1774. /* we expect Status to be 0xFF or 0x00 */
  1775. if( (*Value != DER_ENCODING_TRUE) && (*Value != DER_ENCODING_FALSE))
  1776. return X509_STATUS_ENCODING_ERROR;
  1777. *ppCurrent = current_ptr;
  1778. return X509_STATUS_SUCCESS;
  1779. }
  1780. #endif
  1781. /* ParseInteger will strip out the integer encoding part. If parsing is successful, ParseInteger
  1782. will update the current pointer and length
  1783. Returns X509_ENCODING_ERROR on failure
  1784. */
  1785. static STATUS ParseInteger(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrDataBuffer* DataBuf, BOOL isOptional, BOOL MustBePositive, UINT32 *PaddingLen)
  1786. {
  1787. STATUS Status;
  1788. UINT8 *current_ptr = *ppCurrent;
  1789. UINT32 Integer_Length;
  1790. UINT8 EncodingBytes;
  1791. UINT32 PaddingCounter = 0;
  1792. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_INTEGER_ID, &Integer_Length, &EncodingBytes, isOptional);
  1793. if(isOptional == TRUE && Status == X509_STATUS_NOT_FOUND)
  1794. return X509_STATUS_NOT_FOUND;
  1795. if(Status != X509_STATUS_SUCCESS)
  1796. return X509_STATUS_ENCODING_ERROR;
  1797. // MSB must be zero for positive integer. Error if MSB is not zero and we expect positive
  1798. if(MustBePositive && (*current_ptr & 0x80))
  1799. return X509_STATUS_ENCODING_ERROR;
  1800. // Note : DER Integer Encoding adds 0x00 if MSB of the actual integer is one. Ignore the first byte if it is 0x00
  1801. if ((*current_ptr == 0) && (Integer_Length > 1)){
  1802. current_ptr++; // skip padding
  1803. Integer_Length--; // remove padding from length
  1804. PaddingCounter++;
  1805. }
  1806. DataBuf->buffer = current_ptr;
  1807. DataBuf->length = Integer_Length;
  1808. *ppCurrent = current_ptr + Integer_Length;
  1809. if (PaddingLen)
  1810. *PaddingLen = PaddingCounter;
  1811. return X509_STATUS_SUCCESS;
  1812. }
  1813. #ifndef X509_FOR_PSE_PR
  1814. STATUS ParseOcspExtensions(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrOcspResponseFields* OcspResponseFields)
  1815. {
  1816. UINT8 *current_ptr = *ppCurrent;
  1817. UINT32 ExtensionType;
  1818. BOOL critical;
  1819. UINT32 length;
  1820. STATUS Status;
  1821. UINT8 EncodingBytes;
  1822. do{
  1823. // Extensions = SEQ { extension } Each extension is associated with a Object ID. We support the extensions listed in ExtensionOID array.
  1824. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1825. if(Status != X509_STATUS_SUCCESS)
  1826. break;
  1827. while(current_ptr < pEnd){
  1828. // Each extension is a SEQ { extid (OID) , critical (BOOLEAN), extnValue (OCTET STRING) }
  1829. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1830. if(Status != X509_STATUS_SUCCESS)
  1831. break;
  1832. /* Next Field : Extension OID */
  1833. Status = ParseOID(&current_ptr, pEnd, &ExtensionType, &OcspExtensionOid[0][0],
  1834. sizeof(OcspExtensionOid)/sizeof(OcspExtensionOid[0]),
  1835. sizeof(OcspExtensionOid[0]));
  1836. // Note : We might have unsupported extensions.
  1837. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_UNKNOWN_OID){
  1838. DBG_ASSERT(0);
  1839. break;
  1840. }
  1841. // Next field is "Critical". This indicates whether it is mandatory for the parser to understand the extension. This is an optinal field. default is false
  1842. Status = ParseBoolean(&current_ptr, pEnd, &critical, TRUE);
  1843. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1844. break;
  1845. if(Status == X509_STATUS_NOT_FOUND)
  1846. critical = DER_ENCODING_FALSE;
  1847. // Next Field: Extn Value This is a OCTET STRING
  1848. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1849. if(Status != X509_STATUS_SUCCESS)
  1850. break;
  1851. switch(ExtensionType)
  1852. {
  1853. case Nonce:
  1854. // Some OCSP responders have an additional encoding of OCTET string for the nonce.
  1855. // We know the Nonce is 32 bytes (Per Sigma Spec. If given length is more than that, then check if this extra encoding was included.
  1856. if(length > SIGMA_NONCE_LENGTH){
  1857. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1858. if(Status != X509_STATUS_SUCCESS)
  1859. break;
  1860. }
  1861. DBG_ASSERT(length == SIGMA_NONCE_LENGTH);
  1862. OcspResponseFields->nonce.buffer = current_ptr;
  1863. OcspResponseFields->nonce.length = length;
  1864. current_ptr+=length;
  1865. break;
  1866. default:
  1867. /* unsupported extension.
  1868. Check if it marked as critical. If so, return error else ignore this extension
  1869. */
  1870. if(critical == DER_ENCODING_TRUE){
  1871. DBG_ASSERT(0);
  1872. Status = X509_STATUS_UNSUPPORTED_CRITICAL_EXTENSION;
  1873. break;
  1874. }
  1875. else{
  1876. /* Extension is non-criticial. So it is ok if we dont support it .
  1877. Move current pointer to the next extension */
  1878. current_ptr += length;
  1879. continue;
  1880. }
  1881. } // switch
  1882. if(Status != X509_STATUS_SUCCESS){
  1883. DBG_ASSERT(0);
  1884. break;
  1885. }
  1886. Status = X509_STATUS_SUCCESS;
  1887. } // WHILE end of extensions
  1888. }while(0); // do_while
  1889. *ppCurrent = current_ptr;
  1890. return Status;
  1891. }
  1892. #endif
  1893. #ifndef X509_FOR_PSE_PR
  1894. STATUS ParseCertExtensions(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrCertificateFields* certificateFields)
  1895. {
  1896. UINT8 *current_ptr = *ppCurrent;
  1897. UINT32 ExtensionType;
  1898. BOOL critical;
  1899. UINT32 length;
  1900. STATUS Status;
  1901. TAG_TYPE TagType;
  1902. UINT8 EncodingBytes;
  1903. UINT8 PaddedBits;
  1904. SessMgrDataBuffer DataBuf;
  1905. UINT32 ExtendedKeyUsageOcspType;
  1906. do{
  1907. // Extensions = SEQ { extension } Each extension is associated with a Object ID. We support the extensions listed in ExtensionOID array.
  1908. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1909. if(Status != X509_STATUS_SUCCESS)
  1910. break;
  1911. while(current_ptr < pEnd){
  1912. // Each extension is a SEQ { extid (OID) , critical (BOOLEAN), extnValue (OCTET STRING) }
  1913. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1914. if(Status != X509_STATUS_SUCCESS)
  1915. break;
  1916. /* Next Field : Extension OID */
  1917. Status = ParseOID(&current_ptr, pEnd, &ExtensionType, &CertExtensionOid[0][0],
  1918. sizeof(CertExtensionOid)/sizeof(CertExtensionOid[0]),
  1919. sizeof(CertExtensionOid[0]));
  1920. // Note : We might have unsupported extensions.
  1921. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_UNKNOWN_OID){
  1922. DBG_ASSERT(0);
  1923. break;
  1924. }
  1925. // Next field is "Critical". This indicates whether it is mandatory for the parser to understand the extension. This is an optinal field. default is false
  1926. Status = ParseBoolean(&current_ptr, pEnd, &critical, TRUE);
  1927. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  1928. break;
  1929. if(Status == X509_STATUS_NOT_FOUND)
  1930. critical = DER_ENCODING_FALSE;
  1931. // Next Field: Extn Value This is a OCTET STRING
  1932. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1933. if(Status != X509_STATUS_SUCCESS)
  1934. break;
  1935. switch(ExtensionType)
  1936. {
  1937. case AuthorityKeyId:
  1938. /* Authority ID is a SEQ of {KeyIdentifier [optional TAG 0] , General Names [optional Tag 1], Certificate Serial number [optional Tag 2] */
  1939. /* Currently supported Intel and CA certs have general names and Certificate serial numbers as NULL */
  1940. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  1941. if(Status != X509_STATUS_SUCCESS)
  1942. break;
  1943. /* See if optional arguments are present */
  1944. // Note: InvalidTag means either the tag was not found (not an error if the field is optional) or the tag was not recognized.
  1945. FIND_TAG_TYPE(current_ptr, TAG_NUMBER_AUTHORITY_KEY_ID, TagType);
  1946. if(TagType != invalid_tag){
  1947. /* We have an implicit or explicit tag */
  1948. current_ptr++;
  1949. /* Get Length of sequence */
  1950. Status = DecodeLength(current_ptr, pEnd, &length, &EncodingBytes);
  1951. if(Status != X509_STATUS_SUCCESS)
  1952. break;
  1953. current_ptr += EncodingBytes;
  1954. if(TagType == explicit_tag){
  1955. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1956. if(Status != X509_STATUS_SUCCESS)
  1957. break;
  1958. }
  1959. /* Store the Authority Key ID into the data buffer */
  1960. certificateFields->AuthorityKeyId.buffer = current_ptr;
  1961. certificateFields->AuthorityKeyId.length = length;
  1962. current_ptr+=length;
  1963. }
  1964. FIND_TAG_TYPE(current_ptr, TAG_NUMBER_AUTHORITY_CERT_ISSUER_ID, TagType);
  1965. if(TagType != invalid_tag){
  1966. current_ptr++;
  1967. Status = DecodeLength(current_ptr, pEnd, &length, &EncodingBytes);
  1968. if(Status != X509_STATUS_SUCCESS)
  1969. break;
  1970. current_ptr += EncodingBytes;
  1971. if(TagType == explicit_tag){
  1972. /* Expecting a NULL. Encoding for NULL is 0x05 0x00 */
  1973. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_NULL_ID, &length, &EncodingBytes, FALSE);
  1974. if(Status != X509_STATUS_SUCCESS || length !=0)
  1975. break;
  1976. }
  1977. }
  1978. FIND_TAG_TYPE(current_ptr, TAG_NUMBER_AUTHORITY_CERT_SERIAL_NUMBER_ID, TagType);
  1979. if(TagType != invalid_tag){
  1980. current_ptr++;
  1981. Status = DecodeLength(current_ptr, pEnd, &length, &EncodingBytes);
  1982. if(Status != X509_STATUS_SUCCESS)
  1983. break;
  1984. current_ptr += EncodingBytes;
  1985. if(TagType == explicit_tag){
  1986. /* Expecting a NULL. Encoding for NULL is 0x05 0x00 */
  1987. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_NULL_ID, &length, &EncodingBytes, FALSE);
  1988. if(Status != X509_STATUS_SUCCESS || length !=0)
  1989. break;
  1990. }
  1991. }
  1992. break;
  1993. case SubjectKeyId:
  1994. // Next Field: Extn Value This is a OCTET STRING
  1995. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  1996. if(Status != X509_STATUS_SUCCESS)
  1997. break;
  1998. /* Store the Subject Key ID into the data buffer */
  1999. certificateFields->SubjectKeyId.buffer = current_ptr;
  2000. certificateFields->SubjectKeyId.length = length;
  2001. current_ptr+=length;
  2002. break;
  2003. case KeyUsage:
  2004. /* KeyUsage is a bit string */
  2005. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_BIT_STRING_ID, &length, &EncodingBytes, FALSE);
  2006. if(Status != X509_STATUS_SUCCESS)
  2007. break;
  2008. /* KeyUsage is defined as a 16 bit value.So we expect the length to be 1 or 2. Add 1 to the check to account for the byte containing the number of bits paddd */
  2009. if(length != 2 && length != 3){
  2010. DBG_ASSERT(0);
  2011. Status = X509_STATUS_ENCODING_ERROR;
  2012. break;
  2013. }
  2014. /* current_ptr is pointing to the padded bits */
  2015. PaddedBits = *current_ptr;
  2016. current_ptr++;
  2017. /* decrementing length by one because length included the padded bits octet that we have already parsed*/
  2018. length--;
  2019. if(length == 2){
  2020. certificateFields->keyUsage.value = *current_ptr;
  2021. /* Shift by 8 */
  2022. certificateFields->keyUsage.value = certificateFields->keyUsage.value << 8;
  2023. current_ptr++;
  2024. }
  2025. certificateFields->keyUsage.value = *current_ptr;
  2026. current_ptr++;
  2027. break;
  2028. case ExtendedKeyUsage:
  2029. /* ExtendedKeyUsage is a sequence of KeyPurposeId's */
  2030. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2031. if(Status != X509_STATUS_SUCCESS)
  2032. break;
  2033. // KeyPurposeId is a object identifier
  2034. Status = ParseOID(&current_ptr, pEnd, &ExtendedKeyUsageOcspType, &ExtendedKeyUsageOcspSignOid[0][0],
  2035. sizeof(ExtendedKeyUsageOcspSignOid)/sizeof(ExtendedKeyUsageOcspSignOid[0]),
  2036. sizeof(ExtendedKeyUsageOcspSignOid[0]));
  2037. if(Status != X509_STATUS_SUCCESS)
  2038. break;
  2039. /* we only support OcspSign in Extended key usage */
  2040. if(ExtendedKeyUsageOcspType != 0){
  2041. DBG_ASSERT(0);
  2042. Status = X509_STATUS_UNSUPPORTED_TYPE;
  2043. break;
  2044. }else{
  2045. certificateFields->ExtendedKeyUsage.usage.OCSPSign = 1;
  2046. }
  2047. break;
  2048. case BasicConstraint:
  2049. /* Basic constraint is a SEQ { BOOLEAN (default false) , Integer [optional] */
  2050. certificateFields->basicConstraint.isBasicConstraintPresent = TRUE;
  2051. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2052. if(Status != X509_STATUS_SUCCESS)
  2053. break;
  2054. /* Next is a optional field for boolean */
  2055. Status = ParseBoolean(&current_ptr, pEnd, &certificateFields->basicConstraint.isCa, TRUE);
  2056. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  2057. break;
  2058. if(Status == X509_STATUS_NOT_FOUND)
  2059. certificateFields->basicConstraint.isCa = DER_ENCODING_FALSE;
  2060. // Next field is PathLenConstraint [Integer optional]
  2061. Status = ParseInteger(&current_ptr, pEnd, &DataBuf, TRUE, FALSE, NULL);
  2062. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND )
  2063. break;
  2064. if(Status == X509_STATUS_NOT_FOUND)
  2065. certificateFields->basicConstraint.pathLenConstraint = 0xFF;
  2066. else{
  2067. Status = swapendian_memcpy((UINT8 *)&certificateFields->basicConstraint.pathLenConstraint,
  2068. sizeof(UINT32),
  2069. DataBuf.buffer, DataBuf.length);
  2070. if(Status != X509_STATUS_SUCCESS)
  2071. break;
  2072. }
  2073. Status = X509_STATUS_SUCCESS;
  2074. break;
  2075. case CertificatePolicy:
  2076. Status = ParseCertificatePolicy(&current_ptr, pEnd, &certificateFields->CertificatePolicy);
  2077. break;
  2078. case ProductType:
  2079. /* Product type is a enumerated type */
  2080. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_ENUMERATED_ID, &length, &EncodingBytes, FALSE);
  2081. if(Status != X509_STATUS_SUCCESS || length != 1)
  2082. {
  2083. Status = X509_STATUS_ENCODING_ERROR;
  2084. break;
  2085. }
  2086. certificateFields->productType = (SessMgrProductType)*current_ptr;
  2087. current_ptr++;
  2088. break;
  2089. default:
  2090. /* unsupported extension.
  2091. Check if it marked as critical. If so, return error else ignore this extension
  2092. */
  2093. if(critical == DER_ENCODING_TRUE){
  2094. DBG_ASSERT(0);
  2095. Status = X509_STATUS_UNSUPPORTED_CRITICAL_EXTENSION;
  2096. break;
  2097. }
  2098. else{
  2099. /* Extension is non-criticial. So it is ok if we dont support it .
  2100. Move current pointer to the next extension */
  2101. current_ptr += length;
  2102. continue;
  2103. }
  2104. } // switch
  2105. if(Status != X509_STATUS_SUCCESS){
  2106. DBG_ASSERT(0);
  2107. break;
  2108. }
  2109. Status = X509_STATUS_SUCCESS;
  2110. } // WHILE end of extensions
  2111. }while(0);
  2112. DBG_ASSERT(Status == X509_STATUS_SUCCESS);
  2113. *ppCurrent = current_ptr;
  2114. return Status;
  2115. }
  2116. /* Certificate Policy is a SEQ of Policy Information.
  2117. Policy information is Seq of {Policy Identifier, Policy Qualifier [optional] }
  2118. Policy Identifier is a Object ID
  2119. Policy Qualifier Info is Seq {PolicyqualifierId, qualifier }
  2120. PolicyqualifierId is a known Object id
  2121. Qualifier is a CHOICE{cPSuri, UserNotice}
  2122. we only support cpSuri which is a IA5string
  2123. */
  2124. static STATUS ParseCertificatePolicy(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrDataBuffer *CertificatePolicy)
  2125. {
  2126. UINT8 *current_ptr = *ppCurrent;
  2127. UINT32 length;
  2128. UINT8* end_of_PolicyInformation = NULL;
  2129. UINT32 temp;
  2130. STATUS Status;
  2131. UINT8 EncodingBytes;
  2132. do{
  2133. /* Certificate Policy is a SEQ of Policy Information */
  2134. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2135. if(Status != X509_STATUS_SUCCESS)
  2136. break;
  2137. end_of_PolicyInformation = current_ptr + length;
  2138. while(current_ptr < end_of_PolicyInformation){
  2139. /* Policy information is Seq of {Policy Identifier, Policy Qualifier [optional] */
  2140. Status = ParseIdAndLength(&current_ptr, end_of_PolicyInformation, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2141. if(Status != X509_STATUS_SUCCESS)
  2142. break;
  2143. // Policy Identifier is a Object ID
  2144. Status = ParseOID(&current_ptr, end_of_PolicyInformation, &temp, &CertificatePolicyOid[0][0],
  2145. sizeof(CertificatePolicyOid)/sizeof(CertificatePolicyOid[0]),
  2146. sizeof(CertificatePolicyOid[0]));
  2147. if(Status != X509_STATUS_SUCCESS)
  2148. break;
  2149. if(temp >= Max_Certificatepolicy){
  2150. /* this is a unsupported policy. Ignore */
  2151. current_ptr+= length;
  2152. continue;
  2153. }
  2154. /* We have a supported policy !!!! */
  2155. // Next Field: PolicyQualifiers PolicyQualifiers is a SEQ of Policy Qualifier Info. However, we only support one Policy Qualifier Info
  2156. Status = ParseIdAndLength(&current_ptr, end_of_PolicyInformation, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2157. if(Status != X509_STATUS_SUCCESS)
  2158. break;
  2159. Status = ParseIdAndLength(&current_ptr, end_of_PolicyInformation, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2160. if(Status != X509_STATUS_SUCCESS)
  2161. break;
  2162. Status = ParseOID(&current_ptr, end_of_PolicyInformation, &temp, &CertificatePolicyQualifierIdOid[0][0],
  2163. sizeof(CertificatePolicyQualifierIdOid)/sizeof(CertificatePolicyQualifierIdOid[0]),
  2164. sizeof(CertificatePolicyQualifierIdOid[0]));
  2165. if(Status != X509_STATUS_SUCCESS)
  2166. break;
  2167. if(temp >= Max_Certificatepolicy){
  2168. Status = X509_STATUS_ENCODING_ERROR;
  2169. break;
  2170. }
  2171. // we have a supported policy qualifier id. Qualifier can be a CHOICE{cPSuri, UserNotice}. Note : Parser only supports cPSuri
  2172. Status = ParseIdAndLength(&current_ptr, end_of_PolicyInformation, DER_ENCODING_IA5_STRING_ID, &length, &EncodingBytes, FALSE);
  2173. if(Status != X509_STATUS_SUCCESS)
  2174. break;
  2175. CertificatePolicy->buffer = current_ptr;
  2176. CertificatePolicy->length = length;
  2177. current_ptr +=length;
  2178. }
  2179. }while(0);
  2180. DBG_ASSERT(Status == X509_STATUS_SUCCESS);
  2181. *ppCurrent = current_ptr;
  2182. return Status;
  2183. }
  2184. #endif
  2185. static STATUS ParseSubjectPublicKeyInfo(UINT8 **ppCurrent, UINT8 *pEnd, UINT8 **pworkbuffer, SessMgrCertificateFields* certificateFields)
  2186. {
  2187. UINT8 *current_ptr = *ppCurrent;
  2188. UINT8 *workbuffer_ptr = *pworkbuffer;
  2189. UINT32 length;
  2190. SessMgrEllipticCurveParameter params = unknownParameter;
  2191. STATUS Status;
  2192. UINT8 EncodingBytes;
  2193. SessMgrDataBuffer* Key;
  2194. SessMgrPublicKeyAlgoType* KeyType;
  2195. /* Subject public key consist of a Algo Identifier and a BIT String containing the actual key */
  2196. Key = &certificateFields->subjectPublicKey;
  2197. KeyType = &certificateFields->algorithmIdentifierForSubjectPublicKey;
  2198. do{
  2199. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2200. if(Status != X509_STATUS_SUCCESS)
  2201. break;
  2202. /* We first get the algo identifier */
  2203. Status = ParseAlgoIdentifier(&current_ptr, pEnd, (UINT32*)KeyType, PublicKey_algo, &params);
  2204. if(Status != X509_STATUS_SUCCESS)
  2205. break;
  2206. /* Next is the Subject Public Key. It is a BIT string. */
  2207. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_BIT_STRING_ID, &length, &EncodingBytes, FALSE);
  2208. if(Status != X509_STATUS_SUCCESS)
  2209. break;
  2210. /* current_ptr is over the number of padding bits for the BIT string . We expect this to always be zero since we are not dealing with bit level data */
  2211. if(*current_ptr != 0x00){
  2212. DBG_ASSERT(0);
  2213. return X509_STATUS_ENCODING_ERROR;
  2214. }
  2215. current_ptr++;
  2216. certificateFields->EncodedSubjectPublicKey.buffer = current_ptr;
  2217. certificateFields->EncodedSubjectPublicKey.length = length - 1;
  2218. switch(*KeyType)
  2219. {
  2220. case X509_ecdsaPublicKey:
  2221. // for ecdsa we know the length should be 66 bytes.
  2222. if(length != 66){
  2223. Status = X509_STATUS_ENCODING_ERROR;
  2224. break;
  2225. }
  2226. Key->buffer = workbuffer_ptr;
  2227. Key->length = sizeof(SessMgrEcdsaPublicKey);
  2228. workbuffer_ptr += sizeof(SessMgrEcdsaPublicKey);
  2229. Status = ParseEcdsaPublicKey(&current_ptr, pEnd, (SessMgrEcdsaPublicKey * )(Key->buffer), (SessMgrEllipticCurveParameter)params);
  2230. break;
  2231. case X509_intel_sigma_epidGroupPublicKey_epid11:
  2232. Key->buffer = workbuffer_ptr;
  2233. Key->length = sizeof(SessMgrEpidGroupPublicKey);
  2234. workbuffer_ptr += sizeof(SessMgrEpidGroupPublicKey);
  2235. Status = ParseEpidPublicKey(&current_ptr, pEnd, (SessMgrEpidGroupPublicKey * )(Key->buffer));
  2236. #ifdef PRINT
  2237. PrintEpidKey((void *)Key->buffer);
  2238. #endif
  2239. break;
  2240. case X509_rsaPublicKey:
  2241. Key->buffer = workbuffer_ptr;
  2242. Key->length = sizeof(SessMgrRsaKey);
  2243. workbuffer_ptr += sizeof(SessMgrRsaKey);
  2244. Status = ParseRsaPublicKey(&current_ptr, pEnd, (SessMgrRsaKey * )(Key->buffer));
  2245. break;
  2246. default:
  2247. DBG_ASSERT(0);
  2248. }
  2249. }while(0);
  2250. if(Status == X509_STATUS_SUCCESS){
  2251. *pworkbuffer = workbuffer_ptr;
  2252. *ppCurrent = current_ptr;
  2253. }
  2254. DBG_ASSERT(Status == X509_STATUS_SUCCESS);
  2255. return Status;
  2256. }
  2257. static STATUS ParseRsaPublicKey(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrRsaKey * RsaKey)
  2258. {
  2259. UINT8 *current_ptr = *ppCurrent;
  2260. UINT32 length;
  2261. STATUS Status;
  2262. UINT8 EncodingBytes;
  2263. /* The data portion of the BIT string contains a sequence of Seq { n , e} where n and e are integers */
  2264. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2265. if(Status != X509_STATUS_SUCCESS){
  2266. DBG_ASSERT(0);
  2267. return X509_STATUS_ENCODING_ERROR;
  2268. }
  2269. Status = ParseInteger(&current_ptr, pEnd, &RsaKey->n, FALSE, FALSE, NULL);
  2270. if(Status != X509_STATUS_SUCCESS)
  2271. return X509_STATUS_ENCODING_ERROR;
  2272. Status = ParseInteger(&current_ptr, pEnd, &RsaKey->e, FALSE, FALSE, NULL);
  2273. if(Status != X509_STATUS_SUCCESS)
  2274. return X509_STATUS_ENCODING_ERROR;
  2275. *ppCurrent = current_ptr;
  2276. return X509_STATUS_SUCCESS;
  2277. }
  2278. static STATUS ParseEpidPublicKey(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrEpidGroupPublicKey * EpidKey)
  2279. {
  2280. UINT8 *current_ptr = *ppCurrent;
  2281. UINT32 length;
  2282. SessMgrDataBuffer DataBuf;
  2283. STATUS Status;
  2284. UINT8 EncodingBytes;
  2285. do{
  2286. /* We are expecting a sequence of {groupId [Integer], h1 [ECPoint], h2 [ECPoint], w [G2ECPoint] */
  2287. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2288. if(Status != X509_STATUS_SUCCESS)
  2289. break;
  2290. /* Parse Integer */
  2291. Status = ParseInteger(&current_ptr, pEnd, &DataBuf, FALSE, FALSE, NULL);
  2292. if(Status != X509_STATUS_SUCCESS)
  2293. break;
  2294. Status = swapendian_memcpy((UINT8 *)&EpidKey->groupId, sizeof(UINT32), DataBuf.buffer, DataBuf.length);
  2295. if(Status != X509_STATUS_SUCCESS)
  2296. break;
  2297. // Next Field : h1 [octet string] This is a ECPoint which is a octet string
  2298. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  2299. if(Status != X509_STATUS_SUCCESS)
  2300. break;
  2301. /* Make sure it has the first bype as 0x04 indicating key is uncompressed */
  2302. if(*current_ptr != 0x04){
  2303. Status = X509_STATUS_ENCODING_ERROR;
  2304. break;
  2305. }
  2306. current_ptr++;
  2307. EpidKey->h1x = current_ptr;
  2308. EpidKey->h1y = current_ptr + 32;
  2309. current_ptr += 64;
  2310. // Next Field : h2 [octet string] This is a ECPoint which is a octet string
  2311. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  2312. if(Status != X509_STATUS_SUCCESS)
  2313. break;
  2314. /* Make sure it has the first bype as 0x04 indicating key is uncompressed */
  2315. if(*current_ptr != 0x04){
  2316. Status = X509_STATUS_ENCODING_ERROR;
  2317. break;
  2318. }
  2319. current_ptr++;
  2320. EpidKey->h2x = current_ptr;
  2321. EpidKey->h2y = current_ptr + 32;
  2322. current_ptr += 64;
  2323. // Next Field : w [octet string] This is a ECPoint which is a octet string
  2324. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OCTET_STRING_ID, &length, &EncodingBytes, FALSE);
  2325. if(Status != X509_STATUS_SUCCESS)
  2326. break;
  2327. /* Make sure it has the first bype as 0x04 indicating key is uncompressed */
  2328. if(*current_ptr != 0x04){
  2329. Status = X509_STATUS_ENCODING_ERROR;
  2330. break;
  2331. }
  2332. current_ptr++;
  2333. EpidKey->wx0 = current_ptr;
  2334. EpidKey->wx1 = current_ptr + 32;
  2335. EpidKey->wx2 = current_ptr + 64;
  2336. EpidKey->wy0 = current_ptr + 96;
  2337. EpidKey->wy1 = current_ptr + 128;
  2338. EpidKey->wy2 = current_ptr + 160;
  2339. current_ptr += 192;
  2340. }while(0);
  2341. *ppCurrent = current_ptr;
  2342. return Status;
  2343. }
  2344. static STATUS ParseEcdsaPublicKey(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrEcdsaPublicKey * EcDsaKey, SessMgrEllipticCurveParameter params)
  2345. {
  2346. UINT8 *current_ptr = *ppCurrent;
  2347. STATUS Status = X509_STATUS_SUCCESS;
  2348. #ifdef X509_FOR_PSE_PR
  2349. UNUSED(pEnd);
  2350. #endif
  2351. do{
  2352. /* Ecdsa Public Key is a Octet string. The SubjectPublicKey in the X509 definitiion is a bit string.
  2353. We use the following logic to convert the Octet String as a bit string as per the Verifier Cert Spec defined by Xiaoyu. */
  2354. /* First octet of bit string is 0x04 indicating key is uncompressed.
  2355. Note: The Key is in OCTET String form and we convert it to BIT STRING. Format : 0x04 | 64-bytes of keys */
  2356. if(*current_ptr != 0x04){
  2357. Status = X509_STATUS_ENCODING_ERROR;
  2358. break;
  2359. }
  2360. current_ptr++;
  2361. EcDsaKey->px = current_ptr;
  2362. EcDsaKey->py = current_ptr + ECDSA_KEY_ELEMENT_SIZE;
  2363. current_ptr += ECDSA_KEY_SIZE;
  2364. EcDsaKey->eccParameter = params;
  2365. }while(0);
  2366. DBG_ASSERT(Status == X509_STATUS_SUCCESS);
  2367. *ppCurrent = current_ptr;
  2368. return Status;
  2369. }
  2370. /* We will never send an OID to the caller. All the OID are matched to a corresponding enumerated type and sent to the caller. */
  2371. static STATUS ParseOID(UINT8 **ppCurrent, UINT8 *pEnd, UINT32 *EnumVal, const UINT8 *OidList, UINT32 Max_Entries, UINT32 EntrySize )
  2372. {
  2373. UINT8 *current_ptr = *ppCurrent;
  2374. UINT32 length;
  2375. UINT32 i;
  2376. STATUS Status;
  2377. UINT8 EncodingBytes;
  2378. do{
  2379. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_OBJECT_ID, &length, &EncodingBytes, FALSE);
  2380. if(Status != X509_STATUS_SUCCESS)
  2381. break;
  2382. /* We have a encoded list of hard coded OIDs that we support in an array. Just compare the OID with that array. */
  2383. for(i = 0;i< Max_Entries; i++)
  2384. {
  2385. if(memcmp(current_ptr, OidList, length) == 0){
  2386. /* We found a match. i is the algorithm number that the caller is looking for */
  2387. *EnumVal= i;
  2388. Status = X509_STATUS_SUCCESS;
  2389. break;
  2390. }
  2391. OidList+=EntrySize;
  2392. }
  2393. if(i >= Max_Entries) {
  2394. /* Never found a match */
  2395. *EnumVal= i;
  2396. Status = X509_STATUS_UNKNOWN_OID;
  2397. }
  2398. current_ptr += length;
  2399. }while(0);
  2400. DBG_ASSERT(Status == X509_STATUS_SUCCESS || Status == X509_STATUS_UNKNOWN_OID);
  2401. *ppCurrent = current_ptr;
  2402. return Status;
  2403. }
  2404. static STATUS ParseSignatureValue(UINT8 **ppCurrent, UINT8 *pEnd, UINT8 **pworkbuffer, UINT32 WorkBufferSize, SessMgrDataBuffer *SignatureValueBuf, UINT8 SignatureAlgoId)
  2405. {
  2406. UINT8 *current_ptr = *ppCurrent;
  2407. UINT32 length;
  2408. UINT8 *workbuffer_ptr;
  2409. STATUS Status;
  2410. SessMgrDataBuffer DataBuf;
  2411. UINT8 EncodingBytes;
  2412. #ifdef X509_FOR_PSE_PR
  2413. UNUSED(WorkBufferSize);
  2414. #endif
  2415. workbuffer_ptr = *pworkbuffer;
  2416. do{
  2417. /* SignatureValue is a BIT string. The content within the BIT string is based on the signature algorithm */
  2418. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_BIT_STRING_ID, &length, &EncodingBytes, FALSE);
  2419. if(Status != X509_STATUS_SUCCESS )
  2420. break;
  2421. /* Next Byte is the number of padded. Because this is a signature, we expect the resulting value to be a multiple of 8 bits meaning no padding will be necessery */
  2422. if(*current_ptr != 0){
  2423. Status = X509_STATUS_ENCODING_ERROR;
  2424. break;
  2425. }
  2426. //
  2427. // the inc below requires this (i'm choosing to care about **read** buffer overflows)
  2428. //
  2429. if ((current_ptr + 1) >= pEnd) {
  2430. Status = X509_STATUS_ENCODING_ERROR;
  2431. break;
  2432. }
  2433. /* increment current pointer. decrement length to reflect size of actual bit string excluding the padding data*/
  2434. current_ptr++;
  2435. length--;
  2436. /* Rest of the buffer is parsed based on the algo */
  2437. switch(SignatureAlgoId)
  2438. {
  2439. /* ECDSA based sign algorithm */
  2440. case X509_ecdsa_with_SHA1:
  2441. case X509_ecdsa_with_SHA256:
  2442. /* For ECDSA, Signature value is represented as a SEQ {r, s} where r and s are integers. We use the workbuffer to store this */
  2443. /* First memset the buffers where keys will be copied to */
  2444. memset(workbuffer_ptr, 0, ECDSA_SIGNATURE_SIZE);
  2445. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2446. if(Status != X509_STATUS_SUCCESS)
  2447. break;
  2448. /* Parse R and S */
  2449. Status = ParseInteger(&current_ptr, pEnd, &DataBuf, FALSE, FALSE, NULL);
  2450. if(Status != X509_STATUS_SUCCESS || DataBuf.length > ECDSA_SIGNATURE_MAX_SIZE_R ){
  2451. Status = X509_STATUS_ENCODING_ERROR;
  2452. break;
  2453. }
  2454. SESSMGR_MEMCPY_S(workbuffer_ptr + (ECDSA_SIGNATURE_MAX_SIZE_R - DataBuf.length), WorkBufferSize - (workbuffer_ptr - *pworkbuffer), DataBuf.buffer, DataBuf.length);
  2455. workbuffer_ptr += ECDSA_SIGNATURE_MAX_SIZE_R;
  2456. Status = ParseInteger(&current_ptr, pEnd, &DataBuf, FALSE, FALSE, NULL);
  2457. if(Status != X509_STATUS_SUCCESS || DataBuf.length > ECDSA_SIGNATURE_MAX_SIZE_S){
  2458. Status = X509_STATUS_ENCODING_ERROR;
  2459. break;
  2460. }
  2461. SESSMGR_MEMCPY_S(workbuffer_ptr + (ECDSA_SIGNATURE_MAX_SIZE_S - DataBuf.length), WorkBufferSize - (workbuffer_ptr - *pworkbuffer), DataBuf.buffer, DataBuf.length);
  2462. workbuffer_ptr += ECDSA_SIGNATURE_MAX_SIZE_S;
  2463. break;
  2464. /* All the RSA algorithms */
  2465. case X509_sha1withRSAEncryption:
  2466. case X509_sha256WithRSAEncryption:
  2467. /* Assuming here that all RSA algorithms just have a bit string signaure */
  2468. if(length > RSA_SIGNATURE_SIZE){
  2469. Status = X509_STATUS_ENCODING_ERROR;
  2470. break;
  2471. }
  2472. memset(workbuffer_ptr, 0 , length);
  2473. SESSMGR_MEMCPY_S(workbuffer_ptr, WorkBufferSize - (workbuffer_ptr - *pworkbuffer), current_ptr, length);
  2474. workbuffer_ptr += length;
  2475. current_ptr +=length;
  2476. break;
  2477. default:
  2478. DBG_ASSERT(0);
  2479. Status = X509_STATUS_INVALID_ARGS;
  2480. }
  2481. }while(0);
  2482. if(Status == X509_STATUS_SUCCESS){
  2483. // Signature value has been parsed successfully. Store the offset in the workbuffer in the DataBuffer that will be passed back to the caller
  2484. SignatureValueBuf->buffer = *pworkbuffer;
  2485. // length is the amount of work buffer we have used up
  2486. SignatureValueBuf->length = workbuffer_ptr - *pworkbuffer;
  2487. }else{
  2488. DBG_ASSERT(0);
  2489. }
  2490. *pworkbuffer = workbuffer_ptr;
  2491. *ppCurrent = current_ptr;
  2492. return Status;
  2493. }
  2494. static STATUS ParseAlgoIdentifier(UINT8 **ppCurrent, UINT8 *pEnd, UINT32* algoId, AlgorithmTypes Type, SessMgrEllipticCurveParameter *params)
  2495. {
  2496. /*****
  2497. Format : Sequence Id + length + Object Id + length + OID value + parameters (optional)
  2498. *****/
  2499. UINT8 *current_ptr = *ppCurrent;
  2500. UINT32 length;
  2501. UINT8 *end_of_sequence;
  2502. STATUS Status;
  2503. UINT8 EncodingBytes;
  2504. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2505. if(Status != X509_STATUS_SUCCESS){
  2506. DBG_ASSERT(0);
  2507. return X509_STATUS_ENCODING_ERROR;
  2508. }
  2509. end_of_sequence = current_ptr + length;
  2510. switch(Type){
  2511. case signature_algo:
  2512. Status = ParseOID(&current_ptr, pEnd, algoId, &HardCodedSignatureAlgorithmOid[0][0],
  2513. sizeof(HardCodedSignatureAlgorithmOid)/sizeof(HardCodedSignatureAlgorithmOid[0]),
  2514. sizeof(HardCodedSignatureAlgorithmOid[0]));
  2515. break;
  2516. case PublicKey_algo:
  2517. Status = ParseOID(&current_ptr, pEnd, algoId, &HardCodedPublicKeyAlgorithmOid[0][0],
  2518. sizeof(HardCodedPublicKeyAlgorithmOid)/sizeof(HardCodedPublicKeyAlgorithmOid[0]),
  2519. sizeof(HardCodedPublicKeyAlgorithmOid[0]));
  2520. break;
  2521. case Hash_algo:
  2522. Status = ParseOID(&current_ptr, pEnd, algoId, &HashAlgorithmOid[0][0],
  2523. sizeof(HashAlgorithmOid)/sizeof(HashAlgorithmOid[0]),
  2524. sizeof(HashAlgorithmOid[0]));
  2525. break;
  2526. default:
  2527. DBG_ASSERT(0);
  2528. }
  2529. if(Status != X509_STATUS_SUCCESS){
  2530. DBG_ASSERT(0);
  2531. return X509_STATUS_ENCODING_ERROR;
  2532. }
  2533. if(current_ptr < end_of_sequence){
  2534. /* We have some parameters */
  2535. Status = ParseAlgoParameters(&current_ptr, end_of_sequence, (UINT32 *)params);
  2536. if(Status == X509_STATUS_UNSUPPORTED_PARAMETER){
  2537. // As per spec, we just move on.
  2538. current_ptr = end_of_sequence;
  2539. *params = unknownParameter;
  2540. Status = X509_STATUS_SUCCESS;
  2541. }
  2542. if(Status != X509_STATUS_SUCCESS)
  2543. Status = X509_STATUS_ENCODING_ERROR;
  2544. }else{
  2545. *params=unknownParameter;
  2546. }
  2547. *ppCurrent = current_ptr;
  2548. return Status;
  2549. }
  2550. static STATUS ParseAlgoParameters(UINT8 **ppCurrent, UINT8 *pEnd, UINT32* param)
  2551. {
  2552. UINT8 *current_ptr = *ppCurrent;
  2553. UINT32 length;
  2554. UINT32 i;
  2555. STATUS Status = X509_STATUS_SUCCESS;
  2556. UINT8 EncodingBytes;
  2557. if ((!param) || ((current_ptr + 1) >= pEnd))
  2558. {
  2559. DBG_ASSERT(0);
  2560. return X509_STATUS_INVALID_ARGS;
  2561. }
  2562. /* current_ptr is over the parameters. We currently support a NULL parameter or an object ID specifiying some algo specific data */
  2563. switch(*current_ptr)
  2564. {
  2565. case DER_ENCODING_NULL_ID:
  2566. current_ptr++;
  2567. /* NULL id is always followed by length 0x00 */
  2568. if(*current_ptr != 0)
  2569. {
  2570. DBG_ASSERT(0);
  2571. return X509_STATUS_ENCODING_ERROR;
  2572. }
  2573. current_ptr++;
  2574. *param = unknownParameter;
  2575. break;
  2576. case DER_ENCODING_OBJECT_ID:
  2577. current_ptr++;
  2578. /* Get Length of object identifier */
  2579. Status = DecodeLength(current_ptr, pEnd, &length, &EncodingBytes);
  2580. if(Status != X509_STATUS_SUCCESS)
  2581. break;
  2582. current_ptr += EncodingBytes;
  2583. /* This can describe the curve */
  2584. for(i = 0;i< MaxElipticCurveOidSupported; i++)
  2585. {
  2586. if(memcmp(current_ptr, EllipticCurveOid[i], length) == 0){
  2587. /* We found a match. "i+1" is the algorithm number that the caller is looking for */
  2588. *param = i;
  2589. break;
  2590. }
  2591. }
  2592. if(i >= MaxElipticCurveOidSupported) {
  2593. /* Never found a match */
  2594. DBG_ASSERT(0);
  2595. *param = unknownParameter;
  2596. Status = X509_STATUS_ENCODING_ERROR;
  2597. }
  2598. current_ptr+=length;
  2599. break;
  2600. default:
  2601. Status = X509_STATUS_UNSUPPORTED_PARAMETER;
  2602. break;
  2603. // unknown parameter. We ignore this.
  2604. }
  2605. *ppCurrent = current_ptr;
  2606. return Status;
  2607. }
  2608. static STATUS ParseName(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrX509Name* Name)
  2609. {
  2610. UINT8* end_of_sequence = NULL;
  2611. UINT8 *current_ptr = *ppCurrent;
  2612. UINT32 length;
  2613. STATUS Status;
  2614. UINT8 EncodingBytes;
  2615. UINT32 NameType;
  2616. memset(Name, 0, sizeof(SessMgrX509Name));
  2617. do{
  2618. Name->DistinguishedName = (char *)current_ptr;
  2619. /* Format : Sequence [ Set [ Sequence [ OID Value] ] ] */
  2620. Status = ParseIdAndLength(&current_ptr, pEnd, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2621. if(Status != X509_STATUS_SUCCESS)
  2622. break;
  2623. Name->DistinguishedNameSize = length + EncodingBytes + 1;
  2624. end_of_sequence = current_ptr + length;
  2625. /* Because Set can have variable number of data underneath it, we need to cap it using the length of the sequence
  2626. We will use variable End_of_set and loop through until end is reached. */
  2627. while(current_ptr < end_of_sequence){
  2628. Status = ParseIdAndLength(&current_ptr, end_of_sequence, DER_ENCODING_SET_ID, &length, &EncodingBytes, FALSE);
  2629. if(Status != X509_STATUS_SUCCESS)
  2630. break;
  2631. Status = ParseIdAndLength(&current_ptr, end_of_sequence, DER_ENCODING_SEQUENCE_ID, &length, &EncodingBytes, FALSE);
  2632. if(Status != X509_STATUS_SUCCESS)
  2633. break;
  2634. /* Expected value : Attribute type (OID) and value (Can be anything) */
  2635. Status = ParseOID(&current_ptr, end_of_sequence, &NameType, &HardCodedNameOid[0][0],
  2636. sizeof(HardCodedNameOid)/sizeof(HardCodedNameOid[0]),
  2637. sizeof(HardCodedNameOid[0]));
  2638. // We might have some cases where we are getting an Unknown OID which we just ignore.
  2639. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_UNKNOWN_OID){
  2640. DBG_ASSERT(0);
  2641. break;
  2642. }
  2643. /* Value can be any type. Mostly some form of ascii string */
  2644. Status = ParseIdAndLength(&current_ptr, end_of_sequence, DER_ENCODING_UTF8_ID, &length, &EncodingBytes, TRUE);
  2645. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  2646. break;
  2647. if(Status == X509_STATUS_NOT_FOUND){
  2648. // Has to be one of UTF8 or PRINTABLE_STRING or IA5
  2649. Status = ParseIdAndLength(&current_ptr, end_of_sequence, DER_ENCODING_PRINTABLE_STRING_ID, &length, &EncodingBytes, TRUE);
  2650. if(Status != X509_STATUS_SUCCESS && Status != X509_STATUS_NOT_FOUND)
  2651. break;
  2652. if(Status == X509_STATUS_NOT_FOUND){
  2653. Status = ParseIdAndLength(&current_ptr, end_of_sequence, DER_ENCODING_IA5_STRING_ID, &length, &EncodingBytes, FALSE);
  2654. if(Status != X509_STATUS_SUCCESS){
  2655. DBG_ASSERT(0);
  2656. break;
  2657. }
  2658. }
  2659. }
  2660. switch(NameType)
  2661. {
  2662. case commonName:
  2663. Name->commonName = (char *)current_ptr;
  2664. Name->commonNameSize = length;
  2665. break;
  2666. case organization:
  2667. Name->organization = (char *)current_ptr;
  2668. Name->organizationSize = length;
  2669. break;
  2670. case country:
  2671. Name->country = (char *)current_ptr;
  2672. Name->countrySize = length;
  2673. break;
  2674. case locality:
  2675. Name->locality = (char *)current_ptr;
  2676. Name->localitySize = length;
  2677. break;
  2678. case state:
  2679. Name->state = (char *)current_ptr;
  2680. Name->stateSize = length;
  2681. break;
  2682. case organizationUnit:
  2683. Name->organizationUnit = (char *)current_ptr;
  2684. Name->organizationUnitSize = length;
  2685. break;
  2686. case UserId:
  2687. Name->UserId = (char *)current_ptr;
  2688. Name->UserIdSize = length;
  2689. break;
  2690. default:
  2691. // Dont support this NameType. Just continue.
  2692. break;
  2693. }
  2694. current_ptr += length;
  2695. }
  2696. }while(0);
  2697. *ppCurrent = current_ptr;
  2698. return Status;
  2699. }
  2700. #define DecodeTime_FourBytes(current_ptr) (1000*( (*current_ptr) - 0x30)) + \
  2701. (100*( *(current_ptr+1) - 0x30)) + \
  2702. (10*( *(current_ptr+2) - 0x30)) + \
  2703. (*(current_ptr + 3) - 0x30); \
  2704. current_ptr+=4;
  2705. #define DecodeTime_TwoBytes(current_ptr) (10*( (*current_ptr) - 0x30)) + \
  2706. (*(current_ptr + 1) - 0x30); \
  2707. current_ptr+=2;
  2708. #if 0
  2709. UINT32 DecodeTime(UINT8 *current_ptr, UINT8 length)
  2710. {
  2711. UINT32 value = 0;
  2712. UINT32 digit;
  2713. int i;
  2714. for(i=0; i<length - 1;i++)
  2715. {
  2716. digit = *current_ptr - 0x30;
  2717. digit = digit * Pow(10, length - i - 1);
  2718. value += digit;
  2719. current_ptr++;
  2720. }
  2721. return value;
  2722. }
  2723. #endif
  2724. static STATUS ParseTime(UINT8 **ppCurrent, UINT8 *pEnd, SessMgrDateTime* DateTime)
  2725. {
  2726. /* Id : Either UTC Time or Generalized Time */
  2727. /*****
  2728. Supported UTC formats : YYMMDDhhmmZ
  2729. YYMMDDhhmm+hhmm
  2730. YYMMDDhhmm-hhmm
  2731. YYMMDDhhmmssZ
  2732. YYMMDDhhmmss+hhmm
  2733. YYMMDDhhmmss-hhmm
  2734. *****/
  2735. UINT8 *current_ptr = *ppCurrent;
  2736. UINT32 length;
  2737. BOOL isUTC;
  2738. STATUS Status;
  2739. UINT8 EncodingBytes;
  2740. UINT8 *date_start_ptr;
  2741. DateTime->date.data = 0;
  2742. DateTime->time.data = 0;
  2743. /* Check whether current_ptr is pointing to UTC time or Generalized time*/
  2744. if(*current_ptr == DER_ENCODING_UTC_TIME_ID){
  2745. /* Year format is YY */
  2746. isUTC = TRUE;
  2747. }
  2748. else if(*current_ptr == DER_ENCODING_GENERALIZED_TIME_ID){
  2749. /* Year format is YYYY */
  2750. isUTC = FALSE;
  2751. }else{
  2752. DBG_ASSERT(0);
  2753. return X509_STATUS_ENCODING_ERROR;
  2754. }
  2755. current_ptr++;
  2756. /* get Length of the time */
  2757. Status = DecodeLength(current_ptr, pEnd, &length, &EncodingBytes);
  2758. if(Status != X509_STATUS_SUCCESS){
  2759. DBG_ASSERT(0);
  2760. return X509_STATUS_ENCODING_ERROR;
  2761. }
  2762. current_ptr += EncodingBytes;
  2763. date_start_ptr = current_ptr;
  2764. /* Only difference between generalized and UTC is number of digits for the years.
  2765. UTC has 2 digits and Generalized has 4 digits */
  2766. if(!isUTC){
  2767. DateTime->date.yearMonthDay.year = DecodeTime_FourBytes(current_ptr);
  2768. }else{
  2769. // per rfc3280, if XX >= 50 then 19XX, otherwise 20XX. However, here we always use 20XX.
  2770. DateTime->date.yearMonthDay.year = DecodeTime_TwoBytes(current_ptr);
  2771. DateTime->date.yearMonthDay.year += 2000;
  2772. }
  2773. /* The next 8 bytes are common for both UTC and Generalized time */
  2774. DateTime->date.yearMonthDay.month = DecodeTime_TwoBytes(current_ptr);
  2775. DateTime->date.yearMonthDay.day = DecodeTime_TwoBytes(current_ptr);
  2776. DateTime->time.hourMinuteSecond.hour = DecodeTime_TwoBytes(current_ptr);
  2777. DateTime->time.hourMinuteSecond.minute = DecodeTime_TwoBytes(current_ptr);
  2778. /* Next character can be a numeral(incase we have seconds), +, - or Z */
  2779. if(isdigit(*current_ptr)){
  2780. /* we have second. Get the next two bytes as seconds. */
  2781. DateTime->time.hourMinuteSecond.second = DecodeTime_TwoBytes(current_ptr);
  2782. }
  2783. /* Next character has to be +, - or Z */
  2784. switch(*current_ptr)
  2785. {
  2786. case '-':
  2787. DateTime->time.hourMinuteSecond.timezone_is_neg = true;
  2788. case '+':
  2789. current_ptr++;
  2790. DateTime->time.hourMinuteSecond.timezone_hour = DecodeTime_TwoBytes(current_ptr);
  2791. DateTime->time.hourMinuteSecond.timezone_minute = DecodeTime_TwoBytes(current_ptr);
  2792. break;
  2793. case 'Z':
  2794. /* End of time */
  2795. current_ptr++;
  2796. break;
  2797. default:
  2798. DBG_ASSERT(0);
  2799. return X509_STATUS_ENCODING_ERROR;
  2800. }
  2801. // ensure the length parsed is equal to the specified length
  2802. if ((current_ptr - date_start_ptr) != length)
  2803. {
  2804. DBG_ASSERT(0);
  2805. return X509_STATUS_ENCODING_ERROR;
  2806. }
  2807. // date sanity check
  2808. if (DateTime->date.yearMonthDay.year < 2000 || DateTime->date.yearMonthDay.year >= 2137 ||
  2809. DateTime->date.yearMonthDay.month < 1 || DateTime->date.yearMonthDay.month > 12 ||
  2810. DateTime->date.yearMonthDay.day < 1 || DateTime->date.yearMonthDay.day > 31 ||
  2811. DateTime->time.hourMinuteSecond.hour > 24 ||
  2812. DateTime->time.hourMinuteSecond.minute > 60 ||
  2813. DateTime->time.hourMinuteSecond.second > 60 ||
  2814. DateTime->time.hourMinuteSecond.timezone_hour > 24 ||
  2815. DateTime->time.hourMinuteSecond.timezone_minute > 60)
  2816. {
  2817. DBG_ASSERT(0);
  2818. return X509_STATUS_ENCODING_ERROR;
  2819. }
  2820. *ppCurrent = current_ptr;
  2821. return X509_STATUS_SUCCESS;
  2822. }
  2823. /**
  2824. \param[in] Buffer Buffer which is pointing to a length field in Asn DER encoded form
  2825. \param[out] Length Length of the Asn DER encoded type in bytes
  2826. \param[out] EncodingBytes Number of bytes used for the encoding of the length
  2827. \retval X509_STATUS_SUCCESS
  2828. \retval STATUS_INVALID_PARAMS THere was some error in parsing the ASN Der encoded buffer.
  2829. @brief Return length of the ASN DER encoded type
  2830. */
  2831. static STATUS DecodeLength(UINT8* Buffer, UINT8* BufferEnd, UINT32* Length, UINT8* EncodingBytes)
  2832. {
  2833. if(Buffer[0] < 0x81){
  2834. /* length is only one byte */
  2835. *Length = Buffer[0];
  2836. *EncodingBytes = 1;
  2837. } else if ((Buffer[0] == 0x81) && (&Buffer[1] < BufferEnd)) {
  2838. /* length is two bytes */
  2839. *Length = Buffer[1];
  2840. *EncodingBytes = 2;
  2841. } else if ((Buffer[0] == 0x82) && (&Buffer[2] < BufferEnd)) {
  2842. /* length is 3 bytes */
  2843. *Length = (Buffer[1] << 8) + Buffer[2];
  2844. *EncodingBytes = 3;
  2845. }else{
  2846. return X509_STATUS_ENCODING_ERROR;
  2847. }
  2848. //
  2849. // check for unsigned integer overflow
  2850. //
  2851. UINT32 tempLength = *EncodingBytes + *Length;
  2852. if (((size_t) Buffer + tempLength) >= tempLength) {
  2853. if ((Buffer + tempLength) > BufferEnd) {
  2854. return X509_STATUS_ENCODING_ERROR;
  2855. }
  2856. }
  2857. else {
  2858. return X509_STATUS_ENCODING_ERROR;
  2859. }
  2860. return X509_STATUS_SUCCESS;
  2861. }
  2862. static void SwapEndian(UINT8* ptr, int length)
  2863. {
  2864. UINT8 temp;
  2865. int i;
  2866. for(i=0;i<length/2;i++)
  2867. {
  2868. temp = *(ptr + i);
  2869. *(ptr + i) = *(ptr + length - i - 1);
  2870. *(ptr + length - i - 1) = temp;
  2871. }
  2872. }
  2873. #ifndef X509_FOR_PSE_PR
  2874. static int Pow(int num, int exp)
  2875. {
  2876. int i;
  2877. for(i=0;i<(exp -1);i++)
  2878. num *=num;
  2879. return num;
  2880. }
  2881. #endif
  2882. /*
  2883. This function is used to copy a variable length Big-Endian buffer to a little-endian static length buffer. the buffer is copied over and endianness changed.
  2884. Does not affect Source Buffer. Copies dest buffer uses some ptr arithmatic and converts endianness.
  2885. */
  2886. static STATUS swapendian_memcpy(UINT8 *DestPtr, UINT32 DestLen, UINT8 *SrcPtr, UINT32 SrcLen)
  2887. {
  2888. if( (!DestPtr) || (!SrcPtr) || (DestLen < SrcLen))
  2889. return STATUS_INVALID_PARAMS;
  2890. memset(DestPtr, 0, DestLen);
  2891. SESSMGR_MEMCPY_S(DestPtr + DestLen - SrcLen, DestLen, SrcPtr, SrcLen);
  2892. SwapEndian(DestPtr, DestLen);
  2893. return STATUS_SUCCESS;
  2894. }
  2895. /**
  2896. @brief ASN DER encoding follows the TLV format : Type Identifier || Length || Value
  2897. 1. This function will parse the Type ID and Length, validate it with Expected Id and some encoding rules.
  2898. 2. If no errors, function will move the current ptr to the value.
  2899. \param[in] pCurrentPtr This is a pointer to the current pointer. The function will move the current pointer after parsing the ID and length
  2900. \param[in] ExpectedId Expected Type identifier
  2901. \param[out] Length Length in Bytes of the "Value"
  2902. \param[out] EncodingBytes Number of Bytes used to encode the length field.
  2903. \param[in] Optional Is the ExpectedIdOptional
  2904. @retval X509_STATUS_SUCCESS ID and length were parsed and verified successfully.
  2905. @retval X509_STATUS_NOT_FOUND This value is only returned
  2906. @retval STATUS_ENCODING_ERROR Some error in the encoding of the certificate.
  2907. */
  2908. static STATUS ParseIdAndLength(UINT8 **ppCurrent, UINT8 *pEnd, UINT8 ExpectedId, UINT32* Length, UINT8* EncodingBytes, BOOL Optional)
  2909. {
  2910. UINT8* current_ptr = *ppCurrent;
  2911. STATUS Status;
  2912. if(*current_ptr != ExpectedId){
  2913. if(Optional)
  2914. return X509_STATUS_NOT_FOUND;
  2915. else{
  2916. DBG_ASSERT(0);
  2917. return X509_STATUS_ENCODING_ERROR;
  2918. }
  2919. }
  2920. current_ptr++;
  2921. if (current_ptr != pEnd) {
  2922. Status = DecodeLength(current_ptr, pEnd, Length, EncodingBytes);
  2923. if(Status != X509_STATUS_SUCCESS){
  2924. DBG_ASSERT(0);
  2925. return X509_STATUS_ENCODING_ERROR;
  2926. }
  2927. current_ptr += *EncodingBytes;
  2928. *ppCurrent = current_ptr;
  2929. return X509_STATUS_SUCCESS;
  2930. }
  2931. else {
  2932. return X509_STATUS_ENCODING_ERROR;
  2933. }
  2934. }
  2935. #ifndef X509_FOR_PSE_PR
  2936. #ifndef WIN_TEST
  2937. /*
  2938. * This function expects the trusted time to be available from the OCSP parsing and stored in the SessMgrCtx.
  2939. * This call is protected by the Mutex we acquire when we get the ProcessS2GetS3 call.
  2940. */
  2941. STATUS StoreTrustedTime(SessMgrDateTime TrustedTime)
  2942. {
  2943. STATUS Status;
  2944. STORAGE_FILE_ATTRIB Blob;
  2945. STORAGE_OPERATION_FLAGS StorageFlags = {0};
  2946. NTP_TIMESTAMP NtpTime = {0,0};
  2947. Status = ConvertTimeToNtp(TrustedTime, &NtpTime );
  2948. if(Status != STATUS_SUCCESS){
  2949. DBG_ASSERT(0);
  2950. return Status;
  2951. }
  2952. // We have the time in NTP. Call PrtcSetTime. This will give us an offset which we can use to find out current time.
  2953. Status = PrtcSetTime(&NtpTime, &gSessmgrCtx.TrustedTime.RtcOffset);
  2954. if(Status != STATUS_SUCCESS){
  2955. DBG_ASSERT(0);
  2956. return Status;
  2957. }
  2958. gSessmgrCtx.TrustedTime.Seconds = NtpTime.Seconds;
  2959. // Store RTC offset in the Blob
  2960. SESSMGR_INIT_BLOB_ATTRIB(Blob);
  2961. Blob.Attributes.BlobType = AR_BLOB;
  2962. StorageFlags.Data = 0;
  2963. Status = gSessmgrCtx.StorageProtocol->Write(gSessmgrCtx.StorageProtocol,
  2964. SESS_MGR_TRUSTED_TIME_NVAR_NAME,
  2965. &Blob, &StorageFlags,
  2966. sizeof(gSessmgrCtx.TrustedTime),
  2967. &gSessmgrCtx.TrustedTime, 0);
  2968. if(Status != STATUS_SUCCESS){
  2969. DBG_ASSERT(0);
  2970. return Status;
  2971. }
  2972. return STATUS_SUCCESS;
  2973. }
  2974. STATUS ConvertTimeToNtp(SessMgrDateTime Time, NTP_TIMESTAMP *NtpTime)
  2975. {
  2976. STATUS Status;
  2977. RTC_TIME RtcTime;
  2978. TZ_DST TimeZoneAndDST;
  2979. memset(&RtcTime, 0, sizeof(RTC_TIME));
  2980. memset(NtpTime, 0, sizeof(NTP_TIMESTAMP));
  2981. if (Time.date.yearMonthDay.year < 2000 || Time.date.yearMonthDay.year >= 2137)
  2982. return STATUS_FAILURE;
  2983. RtcTime.Year = (UINT8)(Time.date.yearMonthDay.year - 2000);
  2984. RtcTime.Month = (UINT8)Time.date.yearMonthDay.month;
  2985. RtcTime.Day = (UINT8)Time.date.yearMonthDay.day;
  2986. RtcTime.Hour = (UINT8)Time.time.hourMinuteSecond.hour;
  2987. RtcTime.Min = (UINT8)Time.time.hourMinuteSecond.minute;
  2988. RtcTime.Sec = (UINT8)Time.time.hourMinuteSecond.second;
  2989. RtcTime.Status.DM = 1; // DM = 1 => Binary data representation.
  2990. RtcTime.Status.HOURFORM = 1; // HOURFORM = 1 => 24 hour
  2991. TimeZoneAndDST.DST = 0;
  2992. TimeZoneAndDST.HalfHourAdjust = Time.time.hourMinuteSecond.timezone_minute ? 1 : 0;
  2993. TimeZoneAndDST.RSVD = 0;
  2994. TimeZoneAndDST.TimeZone = (Time.time.hourMinuteSecond.timezone_is_neg ? TIME_ZONE_OFFSET_SIGN_MASK : 0) |
  2995. Time.time.hourMinuteSecond.timezone_hour;
  2996. Status = PrtcLocalToNtp(&RtcTime, TimeZoneAndDST, NtpTime);
  2997. if(Status != STATUS_SUCCESS){
  2998. DBG_ASSERT(0);
  2999. return Status;
  3000. }
  3001. // PrtcLocalToNtp has a starting offset of year 1900 and will overflow in year 2037
  3002. // Shift the offset to start at year 2000, so that we can operate in years 2000-2137
  3003. NtpTime->Seconds -= SECONDS_FROM_1900_TO_2000;
  3004. return STATUS_SUCCESS;
  3005. }
  3006. #endif
  3007. #endif // #ifndef X509_FOR_PSE_PR