mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-23 00:00:06 +01:00
4b089788bc
Adapt mbedtls support for compatibility with v3, while maintaining compatibility with v2. Notice v3 has removed the ability to encrypt with pubkey and decrypt with privkey. Openssl still has it, atm with v3 these fall back to encrypt with privkey and decrypt with pubkey. > The RSA module no longer supports private-key operations with the > public key or vice versa. As a consequence, RSA operation functions > no longer have a mode parameter. If you were calling RSA operations > with the normal mode (public key for verification or encryption, > private key for signature or decryption), remove the > MBEDTLS_MODE_PUBLIC or MBEDTLS_MODE_PRIVATE argument. If you were > calling RSA operations with the wrong mode, which rarely makes sense >from a security perspective, this is no longer supported.
481 lines
15 KiB
C
481 lines
15 KiB
C
/*
|
|
* libwebsockets - small server side websockets and web server implementation
|
|
*
|
|
* Copyright (C) 2010 - 2021 Andy Green <andy@warmcat.com>
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to
|
|
* deal in the Software without restriction, including without limitation the
|
|
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
|
* sell copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
* IN THE SOFTWARE.
|
|
*
|
|
* These are additional apis that belong in mbedtls but do not yet exist there.
|
|
* Alternaives are provided for lws to use that understand additional standard
|
|
* v3 tls extensions. Error results are simplified to lws style.
|
|
*
|
|
* This file includes code taken from mbedtls and modified, and from an as of
|
|
* 2021-06-11 unaccepted-upstream patch for mbedtls contributed by Gábor Tóth
|
|
* <toth92g@gmail.com>. Gabor has graciously allowed use of his patch with more
|
|
* liberal terms but to not complicate matters I provide it here under the same
|
|
* Apache 2.0 terms as the mbedtls pieces.
|
|
*
|
|
* Those original pieces are licensed Apache-2.0 as follows
|
|
*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include "private-lib-core.h"
|
|
#include "private-lib-tls-mbedtls.h"
|
|
#include <mbedtls/oid.h>
|
|
#include <mbedtls/x509.h>
|
|
|
|
/*
|
|
* This section from mbedtls oid.c
|
|
*/
|
|
|
|
typedef struct {
|
|
mbedtls_oid_descriptor_t descriptor;
|
|
int ext_type;
|
|
} oid_x509_ext_t;
|
|
|
|
#define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s)
|
|
|
|
#define LWS_MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
|
|
#define LWS_MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
|
|
|
|
#define LWS_MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
|
|
#define LWS_MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
|
|
|
|
#define LWS_MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER LWS_MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
|
|
#define LWS_MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER LWS_MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
|
|
|
|
#define LWS_MBEDTLS_X509_SAN_OTHER_NAME 0
|
|
#define LWS_MBEDTLS_X509_SAN_RFC822_NAME 1
|
|
#define LWS_MBEDTLS_X509_SAN_DNS_NAME 2
|
|
|
|
#define LWS_MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
|
|
#define LWS_MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
|
|
|
|
static const oid_x509_ext_t oid_x509_ext[] = {
|
|
{ {ADD_LEN( LWS_MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
|
|
"id-ce-subjectKeyIdentifier",
|
|
"Subject Key Identifier" },
|
|
LWS_MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER,
|
|
},
|
|
{ {ADD_LEN( LWS_MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
|
|
"id-ce-authorityKeyIdentifier",
|
|
"Authority Key Identifier" },
|
|
LWS_MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
|
|
},
|
|
{ { NULL, 0, NULL, NULL }, 0 },
|
|
};
|
|
|
|
#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
|
|
static const TYPE_T * oid_ ## NAME ## _from_asn1( \
|
|
const mbedtls_asn1_buf *oid ) \
|
|
{ \
|
|
const TYPE_T *p = (LIST); \
|
|
const mbedtls_oid_descriptor_t *cur = \
|
|
(const mbedtls_oid_descriptor_t *) p; \
|
|
if( p == NULL || oid == NULL ) return( NULL ); \
|
|
while( cur->MBEDTLS_PRIVATE(asn1) != NULL ) { \
|
|
if( cur->MBEDTLS_PRIVATE(asn1_len) == oid->MBEDTLS_PRIVATE(len) && \
|
|
memcmp( cur->MBEDTLS_PRIVATE(asn1), oid->MBEDTLS_PRIVATE(p), oid->MBEDTLS_PRIVATE(len) ) == 0 ) { \
|
|
return( p ); \
|
|
} \
|
|
p++; \
|
|
cur = (const mbedtls_oid_descriptor_t *) p; \
|
|
} \
|
|
return( NULL ); \
|
|
}
|
|
|
|
|
|
#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
|
|
int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
|
|
{ \
|
|
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
|
|
if (!data) return 1; \
|
|
*ATTR1 = data->ATTR1; \
|
|
return 0; \
|
|
}
|
|
|
|
FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
|
|
FN_OID_GET_ATTR1(lws_mbedtls_oid_get_x509_ext_type,
|
|
oid_x509_ext_t, x509_ext, int, ext_type)
|
|
|
|
typedef struct lws_mbedtls_x509_san_other_name
|
|
{
|
|
/**
|
|
* The type_id is an OID as deifned in RFC 5280.
|
|
* To check the value of the type id, you should use
|
|
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
|
|
*/
|
|
mbedtls_x509_buf type_id; /**< The type id. */
|
|
union
|
|
{
|
|
/**
|
|
* From RFC 4108 section 5:
|
|
* HardwareModuleName ::= SEQUENCE {
|
|
* hwType OBJECT IDENTIFIER,
|
|
* hwSerialNum OCTET STRING }
|
|
*/
|
|
struct
|
|
{
|
|
mbedtls_x509_buf oid; /**< The object identifier. */
|
|
mbedtls_x509_buf val; /**< The named value. */
|
|
}
|
|
hardware_module_name;
|
|
}
|
|
value;
|
|
}
|
|
lws_mbedtls_x509_san_other_name;
|
|
|
|
|
|
typedef struct lws_mbedtls_x509_subject_alternative_name
|
|
{
|
|
int type; /**< The SAN type, value of LWS_MBEDTLS_X509_SAN_XXX. */
|
|
union {
|
|
lws_mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
|
|
mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
|
|
}
|
|
san; /**< A union of the supported SAN types */
|
|
}
|
|
lws_mbedtls_x509_subject_alternative_name;
|
|
|
|
static int
|
|
x509_get_skid(uint8_t **p, const uint8_t *end, mbedtls_x509_buf *skid)
|
|
{
|
|
int ret = 1;
|
|
size_t len = 0u;
|
|
|
|
ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
|
|
if (ret)
|
|
return ret;
|
|
|
|
skid->MBEDTLS_PRIVATE(len) = len;
|
|
skid->MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
|
skid->MBEDTLS_PRIVATE(p) = *p;
|
|
*p += len;
|
|
|
|
return *p != end;
|
|
}
|
|
|
|
static int
|
|
lws_mbedtls_x509_parse_general_name(const mbedtls_x509_buf *name_buf,
|
|
lws_mbedtls_x509_subject_alternative_name *name)
|
|
{
|
|
// mbedtls_x509_name_other_name other_name;
|
|
uint8_t *bufferPointer, **p, *end;
|
|
mbedtls_x509_name rfc822Name;
|
|
int ret;
|
|
|
|
switch (name_buf->MBEDTLS_PRIVATE(tag) &
|
|
(LWS_MBEDTLS_ASN1_TAG_CLASS_MASK |
|
|
LWS_MBEDTLS_ASN1_TAG_VALUE_MASK)) {
|
|
|
|
#if 0
|
|
case MBEDTLS_ASN1_CONTEXT_SPECIFIC | LWS_MBEDTLS_X509_SAN_OTHER_NAME:
|
|
ret = x509_get_other_name( name_buf, &other_name );
|
|
if (ret)
|
|
return ret;
|
|
|
|
memset(name, 0, sizeof(*name));
|
|
name->type = LWS_MBEDTLS_X509_SAN_OTHER_NAME;
|
|
memcpy(&name->name.other_name, &other_name, sizeof(other_name));
|
|
return 0;
|
|
#endif
|
|
case MBEDTLS_ASN1_SEQUENCE | LWS_MBEDTLS_X509_SAN_RFC822_NAME:
|
|
|
|
bufferPointer = name_buf->MBEDTLS_PRIVATE(p);
|
|
p = &bufferPointer;
|
|
end = name_buf->MBEDTLS_PRIVATE(p) +
|
|
name_buf->MBEDTLS_PRIVATE(len);
|
|
|
|
/* The leading ASN1 tag and length has been processed.
|
|
* Stepping back with 2 bytes, because mbedtls_x509_get_name
|
|
* expects the beginning of the SET tag */
|
|
*p = *p - 2;
|
|
|
|
ret = mbedtls_x509_get_name( p, end, &rfc822Name );
|
|
if (ret)
|
|
return ret;
|
|
|
|
memset(name, 0, sizeof(*name));
|
|
name->type = LWS_MBEDTLS_X509_SAN_OTHER_NAME;
|
|
memcpy(&name->san.unstructured_name,
|
|
&rfc822Name, sizeof(rfc822Name));
|
|
return 0;
|
|
|
|
case MBEDTLS_ASN1_CONTEXT_SPECIFIC | LWS_MBEDTLS_X509_SAN_DNS_NAME:
|
|
memset(name, 0, sizeof(*name));
|
|
name->type = LWS_MBEDTLS_X509_SAN_DNS_NAME;
|
|
|
|
memcpy(&name->san.unstructured_name,
|
|
name_buf, sizeof(*name_buf) );
|
|
return 0;
|
|
|
|
default:
|
|
return 1;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int
|
|
lws_x509_get_general_names(uint8_t **p, const uint8_t *end,
|
|
mbedtls_x509_sequence *name )
|
|
{
|
|
mbedtls_asn1_sequence *cur = name;
|
|
mbedtls_asn1_buf *buf;
|
|
size_t len, tag_len;
|
|
unsigned char tag;
|
|
int r;
|
|
|
|
/* Get main sequence tag */
|
|
r = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
|
|
MBEDTLS_ASN1_SEQUENCE);
|
|
if (r)
|
|
return r;
|
|
|
|
if (*p + len != end)
|
|
return 1;
|
|
|
|
while (*p < end) {
|
|
lws_mbedtls_x509_subject_alternative_name dnb;
|
|
memset(&dnb, 0, sizeof(dnb));
|
|
|
|
tag = **p;
|
|
(*p)++;
|
|
|
|
r = mbedtls_asn1_get_len(p, end, &tag_len);
|
|
if (r)
|
|
return r;
|
|
|
|
/* Tag shall be CONTEXT_SPECIFIC or SET */
|
|
if ((tag & LWS_MBEDTLS_ASN1_TAG_CLASS_MASK) !=
|
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC &&
|
|
(tag & (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
|
|
(MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE))
|
|
return 1;
|
|
|
|
/*
|
|
* Check that the name is structured correctly.
|
|
*/
|
|
r = lws_mbedtls_x509_parse_general_name(
|
|
&cur->MBEDTLS_PRIVATE(buf), &dnb);
|
|
/*
|
|
* In case the extension is malformed, return an error,
|
|
* and clear the allocated sequences.
|
|
*/
|
|
if (r && r != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
|
|
mbedtls_x509_sequence *seq_cur = name->MBEDTLS_PRIVATE(next);
|
|
mbedtls_x509_sequence *seq_prv;
|
|
|
|
while( seq_cur != NULL ) {
|
|
seq_prv = seq_cur;
|
|
seq_cur = seq_cur->MBEDTLS_PRIVATE(next);
|
|
lws_explicit_bzero(seq_prv, sizeof(*seq_cur));
|
|
lws_free(seq_prv);
|
|
}
|
|
|
|
name->MBEDTLS_PRIVATE(next) = NULL;
|
|
|
|
return r;
|
|
}
|
|
|
|
/* Allocate and assign next pointer */
|
|
if (cur->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p)) {
|
|
if (cur->MBEDTLS_PRIVATE(next))
|
|
return 1;
|
|
|
|
cur->MBEDTLS_PRIVATE(next) =
|
|
lws_zalloc(sizeof(*cur), __func__);
|
|
|
|
if (!cur->MBEDTLS_PRIVATE(next))
|
|
return 1;
|
|
|
|
cur = cur->MBEDTLS_PRIVATE(next);
|
|
}
|
|
|
|
buf = &(cur->MBEDTLS_PRIVATE(buf));
|
|
buf->MBEDTLS_PRIVATE(tag) = tag;
|
|
buf->MBEDTLS_PRIVATE(p) = *p;
|
|
buf->MBEDTLS_PRIVATE(len) = tag_len;
|
|
|
|
*p += buf->MBEDTLS_PRIVATE(len);
|
|
}
|
|
|
|
/* Set final sequence entry's next pointer to NULL */
|
|
cur->MBEDTLS_PRIVATE(next) = NULL;
|
|
|
|
return *p != end;
|
|
}
|
|
|
|
static int
|
|
x509_get_akid(uint8_t **p, uint8_t *end, lws_mbedtls_x509_authority *akid)
|
|
{
|
|
size_t len = 0u;
|
|
int r;
|
|
|
|
r = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
|
|
MBEDTLS_ASN1_SEQUENCE);
|
|
if (r)
|
|
return r;
|
|
|
|
r = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC);
|
|
if (!r) {
|
|
akid->keyIdentifier.MBEDTLS_PRIVATE(len) = len;
|
|
akid->keyIdentifier.MBEDTLS_PRIVATE(p) = *p;
|
|
akid->keyIdentifier.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
|
|
|
*p += len;
|
|
}
|
|
|
|
if (*p < end) {
|
|
/* Getting authorityCertIssuer using the required specific
|
|
* class tag [1] */
|
|
r = mbedtls_asn1_get_tag(p, end, &len,
|
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
|
MBEDTLS_ASN1_CONSTRUCTED | 1 );
|
|
if (!r) {
|
|
/* Getting directoryName using the required specific
|
|
* class tag [4] */
|
|
r = mbedtls_asn1_get_tag(p, end, &len,
|
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
|
MBEDTLS_ASN1_CONSTRUCTED | 4);
|
|
if (r)
|
|
return(r);
|
|
|
|
/* "end" also includes the CertSerialNumber field
|
|
* so "len" shall be used */
|
|
r = lws_x509_get_general_names(p, (*p + len),
|
|
&akid->authorityCertIssuer);
|
|
}
|
|
}
|
|
|
|
if (*p < end) {
|
|
r = mbedtls_asn1_get_tag(p, end, &len,
|
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
|
MBEDTLS_ASN1_INTEGER );
|
|
if (r)
|
|
return r;
|
|
|
|
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(len) = len;
|
|
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(p) = *p;
|
|
akid->authorityCertSerialNumber.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OCTET_STRING;
|
|
*p += len;
|
|
}
|
|
|
|
return *p != end;
|
|
}
|
|
|
|
/*
|
|
* Work around lack of this in mbedtls... we don't need to do sanity checks
|
|
* sanity checks because they will be done at x509 validation time
|
|
*/
|
|
|
|
int
|
|
lws_x509_get_crt_ext(mbedtls_x509_crt *crt, mbedtls_x509_buf *skid,
|
|
lws_mbedtls_x509_authority *akid)
|
|
{
|
|
uint8_t *p = crt->MBEDTLS_PRIVATE(v3_ext).MBEDTLS_PRIVATE(p),
|
|
*end_ext_data, *end_ext_octet;
|
|
const uint8_t *end = p + crt->MBEDTLS_PRIVATE(v3_ext).MBEDTLS_PRIVATE(len);
|
|
size_t len;
|
|
int r = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
|
|
MBEDTLS_ASN1_SEQUENCE);
|
|
if (r)
|
|
return r;
|
|
|
|
while (p < end) {
|
|
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
|
|
int is_critical = 0; /* DEFAULT FALSE */
|
|
int ext_type = 0;
|
|
|
|
r = mbedtls_asn1_get_tag(&p, end, &len,
|
|
MBEDTLS_ASN1_CONSTRUCTED |
|
|
MBEDTLS_ASN1_SEQUENCE);
|
|
if (r)
|
|
return r;
|
|
|
|
end_ext_data = p + len;
|
|
|
|
/* Get extension ID */
|
|
r = mbedtls_asn1_get_tag(&p, end_ext_data, &extn_oid.MBEDTLS_PRIVATE(len),
|
|
MBEDTLS_ASN1_OID);
|
|
if (r)
|
|
return r;
|
|
|
|
extn_oid.MBEDTLS_PRIVATE(tag) = MBEDTLS_ASN1_OID;
|
|
extn_oid.MBEDTLS_PRIVATE(p) = p;
|
|
p += extn_oid.MBEDTLS_PRIVATE(len);
|
|
|
|
/* Get optional critical */
|
|
r = mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);
|
|
if (r && r != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
|
|
return r;
|
|
|
|
/* Data should be octet string type */
|
|
r = mbedtls_asn1_get_tag(&p, end_ext_data, &len,
|
|
MBEDTLS_ASN1_OCTET_STRING);
|
|
if (r)
|
|
return r;
|
|
|
|
end_ext_octet = p + len;
|
|
|
|
if (end_ext_octet != end_ext_data)
|
|
return 1;
|
|
|
|
r = lws_mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
|
|
if (r) {
|
|
p = end_ext_octet;
|
|
continue;
|
|
}
|
|
|
|
switch (ext_type) {
|
|
case LWS_MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER:
|
|
/* Parse subject key identifier */
|
|
r = x509_get_skid(&p, end_ext_data, skid);
|
|
if (r)
|
|
return r;
|
|
break;
|
|
|
|
case LWS_MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER:
|
|
/* Parse authority key identifier */
|
|
r = x509_get_akid(&p, end_ext_octet, akid);
|
|
if (r)
|
|
return r;
|
|
break;
|
|
|
|
default:
|
|
p = end_ext_octet;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|