| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2007-2014, Cameron Rich |
| 3 | * |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions are met: |
| 8 | * |
| 9 | * * Redistributions of source code must retain the above copyright notice, |
| 10 | * this list of conditions and the following disclaimer. |
| 11 | * * Redistributions in binary form must reproduce the above copyright notice, |
| 12 | * this list of conditions and the following disclaimer in the documentation |
| 13 | * and/or other materials provided with the distribution. |
| 14 | * * Neither the name of the axTLS project nor the names of its contributors |
| 15 | * may be used to endorse or promote products derived from this software |
| 16 | * without specific prior written permission. |
| 17 | * |
| 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
| 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
| 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
| 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
| 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ |
| 30 | |
| 31 | /** |
| 32 | * Load certificates/keys into memory. These can be in many different formats. |
| 33 | * PEM support and other formats can be processed here. |
| 34 | * |
| 35 | * The PEM private keys may be optionally encrypted with AES128 or AES256. |
| 36 | * The encrypted PEM keys were generated with something like: |
| 37 | * |
| 38 | * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512 |
| 39 | */ |
| 40 | |
| 41 | #include <stdlib.h> |
| 42 | #include <string.h> |
| 43 | #include <stdio.h> |
| 44 | #include "os_port.h" |
| 45 | #include "ssl.h" |
| 46 | |
| 47 | #if CONFIG_SSL_ENABLE_SERVER |
| 48 | |
| 49 | static int do_obj(SSL_CTX *ssl_ctx, int obj_type, |
| 50 | SSLObjLoader *ssl_obj, const char *password); |
| 51 | #ifdef CONFIG_SSL_HAS_PEM |
| 52 | static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, |
| 53 | SSLObjLoader *ssl_obj, const char *password); |
| 54 | #endif |
| 55 | |
| 56 | /* |
| 57 | * Load a file into memory that is in binary DER (or ascii PEM) format. |
| 58 | */ |
| 59 | EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, |
| 60 | const char *filename, const char *password) |
| 61 | { |
| 62 | #ifndef CONFIG_SSL_SKELETON_MODE |
| 63 | static const char * const begin = "-----BEGIN"; |
| 64 | int ret = SSL_OK; |
| 65 | SSLObjLoader *ssl_obj = NULL; |
| 66 | |
| 67 | if (filename == NULL) |
| 68 | { |
| 69 | ret = SSL_ERROR_INVALID_KEY; |
| 70 | goto error; |
| 71 | } |
| 72 | |
| 73 | ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader)); |
| 74 | ssl_obj->len = get_file(filename, &ssl_obj->buf); |
| 75 | if (ssl_obj->len <= 0) |
| 76 | { |
| 77 | ret = SSL_ERROR_INVALID_KEY; |
| 78 | goto error; |
| 79 | } |
| 80 | |
| 81 | /* is the file a PEM file? */ |
| 82 | if (strstr((char *)ssl_obj->buf, begin) != NULL) |
| 83 | { |
| 84 | #ifdef CONFIG_SSL_HAS_PEM |
| 85 | ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password); |
| 86 | #else |
| 87 | #ifdef CONFIG_SSL_FULL_MODE |
| 88 | printf("%s", unsupported_str); |
| 89 | #endif |
| 90 | ret = SSL_ERROR_NOT_SUPPORTED; |
| 91 | #endif |
| 92 | } |
| 93 | else |
| 94 | ret = do_obj(ssl_ctx, obj_type, ssl_obj, password); |
| 95 | |
| 96 | error: |
| 97 | ssl_obj_free(ssl_obj); |
| 98 | return ret; |
| 99 | #else |
| 100 | #ifdef CONFIG_SSL_FULL_MODE |
| 101 | printf("%s", unsupported_str); |
| 102 | #endif |
| 103 | return SSL_ERROR_NOT_SUPPORTED; |
| 104 | #endif /* CONFIG_SSL_SKELETON_MODE */ |
| 105 | } |
| 106 | |
| 107 | /* |
| 108 | * Transfer binary data into the object loader. |
| 109 | */ |
| 110 | EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, |
| 111 | const uint8_t *data, int len, const char *password) |
| 112 | { |
| 113 | int ret; |
| 114 | SSLObjLoader *ssl_obj; |
| 115 | |
| 116 | ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader)); |
| 117 | ssl_obj->buf = (uint8_t *)malloc(len); |
| 118 | memcpy(ssl_obj->buf, data, len); |
| 119 | ssl_obj->len = len; |
| 120 | ret = do_obj(ssl_ctx, mem_type, ssl_obj, password); |
| 121 | ssl_obj_free(ssl_obj); |
| 122 | return ret; |
| 123 | } |
| 124 | |
| 125 | /* |
| 126 | * Actually work out what we are doing |
| 127 | */ |
| 128 | static int do_obj(SSL_CTX *ssl_ctx, int obj_type, |
| 129 | SSLObjLoader *ssl_obj, const char *password) |
| 130 | { |
| 131 | int ret = SSL_OK; |
| 132 | |
| 133 | switch (obj_type) |
| 134 | { |
| 135 | case SSL_OBJ_RSA_KEY: |
| 136 | ret = add_private_key(ssl_ctx, ssl_obj); |
| 137 | break; |
| 138 | |
| 139 | case SSL_OBJ_X509_CERT: |
| 140 | ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len); |
| 141 | break; |
| 142 | |
| 143 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
| 144 | case SSL_OBJ_X509_CACERT: |
| 145 | add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len); |
| 146 | break; |
| 147 | #endif |
| 148 | |
| 149 | #ifdef CONFIG_SSL_USE_PKCS12 |
| 150 | case SSL_OBJ_PKCS8: |
| 151 | ret = pkcs8_decode(ssl_ctx, ssl_obj, password); |
| 152 | break; |
| 153 | |
| 154 | case SSL_OBJ_PKCS12: |
| 155 | ret = pkcs12_decode(ssl_ctx, ssl_obj, password); |
| 156 | break; |
| 157 | #endif |
| 158 | default: |
| 159 | #ifdef CONFIG_SSL_FULL_MODE |
| 160 | printf("%s", unsupported_str); |
| 161 | #endif |
| 162 | ret = SSL_ERROR_NOT_SUPPORTED; |
| 163 | break; |
| 164 | } |
| 165 | |
| 166 | return ret; |
| 167 | } |
| 168 | |
| 169 | /* |
| 170 | * Clean up our mess. |
| 171 | */ |
| 172 | void ssl_obj_free(SSLObjLoader *ssl_obj) |
| 173 | { |
| 174 | if (ssl_obj) |
| 175 | { |
| 176 | free(ssl_obj->buf); |
| 177 | free(ssl_obj); |
| 178 | } |
| 179 | } |
| 180 | |
| 181 | /* |
| 182 | * Support for PEM encoded keys/certificates. |
| 183 | */ |
| 184 | #ifdef CONFIG_SSL_HAS_PEM |
| 185 | |
| 186 | #define NUM_PEM_TYPES 4 |
| 187 | #define IV_SIZE 16 |
| 188 | #define IS_RSA_PRIVATE_KEY 0 |
| 189 | #define IS_ENCRYPTED_PRIVATE_KEY 1 |
| 190 | #define IS_PRIVATE_KEY 2 |
| 191 | #define IS_CERTIFICATE 3 |
| 192 | |
| 193 | static const char * const begins[NUM_PEM_TYPES] = |
| 194 | { |
| 195 | "-----BEGIN RSA PRIVATE KEY-----", |
| 196 | "-----BEGIN ENCRYPTED PRIVATE KEY-----", |
| 197 | "-----BEGIN PRIVATE KEY-----", |
| 198 | "-----BEGIN CERTIFICATE-----", |
| 199 | }; |
| 200 | |
| 201 | static const char * const ends[NUM_PEM_TYPES] = |
| 202 | { |
| 203 | "-----END RSA PRIVATE KEY-----", |
| 204 | "-----END ENCRYPTED PRIVATE KEY-----", |
| 205 | "-----END PRIVATE KEY-----", |
| 206 | "-----END CERTIFICATE-----", |
| 207 | }; |
| 208 | |
| 209 | static const char * const aes_str[2] = |
| 210 | { |
| 211 | "DEK-Info: AES-128-CBC,", |
| 212 | "DEK-Info: AES-256-CBC," |
| 213 | }; |
| 214 | |
| 215 | /** |
| 216 | * Take a base64 blob of data and decrypt it (using AES) into its |
| 217 | * proper ASN.1 form. |
| 218 | */ |
| 219 | static int pem_decrypt(const char *where, const char *end, |
| 220 | const char *password, SSLObjLoader *ssl_obj) |
| 221 | { |
| 222 | int ret = -1; |
| 223 | int is_aes_256 = 0; |
| 224 | char *start = NULL; |
| 225 | uint8_t iv[IV_SIZE]; |
| 226 | int i, pem_size; |
| 227 | MD5_CTX md5_ctx; |
| 228 | AES_CTX aes_ctx; |
| 229 | uint8_t key[32]; /* AES256 size */ |
| 230 | |
| 231 | if (password == NULL || strlen(password) == 0) |
| 232 | { |
| 233 | #ifdef CONFIG_SSL_FULL_MODE |
| 234 | printf("Error: Need a password for this PEM file\n"); |
| 235 | #endif |
| 236 | goto error; |
| 237 | } |
| 238 | |
| 239 | if ((start = strstr((const char *)where, aes_str[0]))) /* AES128? */ |
| 240 | { |
| 241 | start += strlen(aes_str[0]); |
| 242 | } |
| 243 | else if ((start = strstr((const char *)where, aes_str[1]))) /* AES256? */ |
| 244 | { |
| 245 | is_aes_256 = 1; |
| 246 | start += strlen(aes_str[1]); |
| 247 | } |
| 248 | else |
| 249 | { |
| 250 | #ifdef CONFIG_SSL_FULL_MODE |
| 251 | printf("Error: Unsupported password cipher\n"); |
| 252 | #endif |
| 253 | goto error; |
| 254 | } |
| 255 | |
| 256 | /* convert from hex to binary - assumes uppercase hex */ |
| 257 | for (i = 0; i < IV_SIZE; i++) |
| 258 | { |
| 259 | char c = *start++ - '0'; |
| 260 | iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4; |
| 261 | c = *start++ - '0'; |
| 262 | iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c); |
| 263 | } |
| 264 | |
| 265 | while (*start == '\r' || *start == '\n') |
| 266 | start++; |
| 267 | |
| 268 | /* turn base64 into binary */ |
| 269 | pem_size = (int)(end-start); |
| 270 | if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0) |
| 271 | goto error; |
| 272 | |
| 273 | /* work out the key */ |
| 274 | MD5_Init(&md5_ctx); |
| 275 | MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password)); |
| 276 | MD5_Update(&md5_ctx, iv, SALT_SIZE); |
| 277 | MD5_Final(key, &md5_ctx); |
| 278 | |
| 279 | if (is_aes_256) |
| 280 | { |
| 281 | MD5_Init(&md5_ctx); |
| 282 | MD5_Update(&md5_ctx, key, MD5_SIZE); |
| 283 | MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password)); |
| 284 | MD5_Update(&md5_ctx, iv, SALT_SIZE); |
| 285 | MD5_Final(&key[MD5_SIZE], &md5_ctx); |
| 286 | } |
| 287 | |
| 288 | /* decrypt using the key/iv */ |
| 289 | AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128); |
| 290 | AES_convert_key(&aes_ctx); |
| 291 | AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len); |
| 292 | ret = 0; |
| 293 | |
| 294 | error: |
| 295 | return ret; |
| 296 | } |
| 297 | |
| 298 | /** |
| 299 | * Take a base64 blob of data and turn it into its proper ASN.1 form. |
| 300 | */ |
| 301 | static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where, |
| 302 | int remain, const char *password) |
| 303 | { |
| 304 | int ret = SSL_ERROR_BAD_CERTIFICATE; |
| 305 | SSLObjLoader *ssl_obj = NULL; |
| 306 | |
| 307 | while (remain > 0) |
| 308 | { |
| 309 | int i, pem_size, obj_type; |
| 310 | char *start = NULL, *end = NULL; |
| 311 | |
| 312 | for (i = 0; i < NUM_PEM_TYPES; i++) |
| 313 | { |
| 314 | if ((start = strstr(where, begins[i])) && |
| 315 | (end = strstr(where, ends[i]))) |
| 316 | { |
| 317 | remain -= (int)(end-where); |
| 318 | start += strlen(begins[i]); |
| 319 | pem_size = (int)(end-start); |
| 320 | |
| 321 | ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader)); |
| 322 | |
| 323 | /* 4/3 bigger than what we need but so what */ |
| 324 | ssl_obj->buf = (uint8_t *)calloc(1, pem_size); |
| 325 | ssl_obj->len = pem_size; |
| 326 | |
| 327 | if (i == IS_RSA_PRIVATE_KEY && |
| 328 | strstr(start, "Proc-Type:") && |
| 329 | strstr(start, "4,ENCRYPTED")) |
| 330 | { |
| 331 | /* check for encrypted PEM file */ |
| 332 | if (pem_decrypt(start, end, password, ssl_obj) < 0) |
| 333 | { |
| 334 | ret = SSL_ERROR_BAD_CERTIFICATE; |
| 335 | goto error; |
| 336 | } |
| 337 | } |
| 338 | else |
| 339 | { |
| 340 | ssl_obj->len = pem_size; |
| 341 | if (base64_decode(start, pem_size, |
| 342 | ssl_obj->buf, &ssl_obj->len) != 0) |
| 343 | { |
| 344 | ret = SSL_ERROR_BAD_CERTIFICATE; |
| 345 | goto error; |
| 346 | } |
| 347 | } |
| 348 | |
| 349 | switch (i) |
| 350 | { |
| 351 | case IS_RSA_PRIVATE_KEY: |
| 352 | obj_type = SSL_OBJ_RSA_KEY; |
| 353 | break; |
| 354 | |
| 355 | case IS_ENCRYPTED_PRIVATE_KEY: |
| 356 | case IS_PRIVATE_KEY: |
| 357 | obj_type = SSL_OBJ_PKCS8; |
| 358 | break; |
| 359 | |
| 360 | case IS_CERTIFICATE: |
| 361 | obj_type = is_cacert ? |
| 362 | SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT; |
| 363 | break; |
| 364 | |
| 365 | default: |
| 366 | ret = SSL_ERROR_BAD_CERTIFICATE; |
| 367 | goto error; |
| 368 | } |
| 369 | |
| 370 | /* In a format we can now understand - so process it */ |
| 371 | if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password))) |
| 372 | goto error; |
| 373 | |
| 374 | end += strlen(ends[i]); |
| 375 | remain -= strlen(ends[i]); |
| 376 | while (remain > 0 && (*end == '\r' || *end == '\n')) |
| 377 | { |
| 378 | end++; |
| 379 | remain--; |
| 380 | } |
| 381 | |
| 382 | where = end; |
| 383 | break; |
| 384 | } |
| 385 | } |
| 386 | |
| 387 | ssl_obj_free(ssl_obj); |
| 388 | ssl_obj = NULL; |
| 389 | if (start == NULL) |
| 390 | break; |
| 391 | } |
| 392 | error: |
| 393 | ssl_obj_free(ssl_obj); |
| 394 | return ret; |
| 395 | } |
| 396 | |
| 397 | /* |
| 398 | * Load a file into memory that is in ASCII PEM format. |
| 399 | */ |
| 400 | static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, |
| 401 | SSLObjLoader *ssl_obj, const char *password) |
| 402 | { |
| 403 | char *start; |
| 404 | |
| 405 | /* add a null terminator */ |
| 406 | ssl_obj->len++; |
| 407 | ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len); |
| 408 | ssl_obj->buf[ssl_obj->len-1] = 0; |
| 409 | start = (char *)ssl_obj->buf; |
| 410 | return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT, |
| 411 | start, ssl_obj->len, password); |
| 412 | } |
| 413 | #endif /* CONFIG_SSL_HAS_PEM */ |
| 414 | |
| 415 | /** |
| 416 | * Load the key/certificates in memory depending on compile-time and user |
| 417 | * options. |
| 418 | */ |
| 419 | int load_key_certs(SSL_CTX *ssl_ctx) |
| 420 | { |
| 421 | int ret = SSL_OK; |
| 422 | uint32_t options = ssl_ctx->options; |
| 423 | #ifdef CONFIG_SSL_GENERATE_X509_CERT |
| 424 | uint8_t *cert_data = NULL; |
| 425 | int cert_size; |
| 426 | static const char *dn[] = |
| 427 | { |
| 428 | CONFIG_SSL_X509_COMMON_NAME, |
| 429 | CONFIG_SSL_X509_ORGANIZATION_NAME, |
| 430 | CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME |
| 431 | }; |
| 432 | #endif |
| 433 | |
| 434 | /* do the private key first */ |
| 435 | if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0) |
| 436 | { |
| 437 | if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, |
| 438 | CONFIG_SSL_PRIVATE_KEY_LOCATION, |
| 439 | CONFIG_SSL_PRIVATE_KEY_PASSWORD)) < 0) |
| 440 | goto error; |
| 441 | } |
| 442 | else if (!(options & SSL_NO_DEFAULT_KEY)) |
| 443 | { |
| 444 | #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE) |
| 445 | static const /* saves a few more bytes */ |
| 446 | #include "private_key.h" |
| 447 | |
| 448 | ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key, |
| 449 | default_private_key_len, NULL); |
| 450 | #endif |
| 451 | } |
| 452 | |
| 453 | /* now load the certificate */ |
| 454 | #ifdef CONFIG_SSL_GENERATE_X509_CERT |
| 455 | if ((cert_size = ssl_x509_create(ssl_ctx, 0, dn, &cert_data)) < 0) |
| 456 | { |
| 457 | ret = cert_size; |
| 458 | goto error; |
| 459 | } |
| 460 | |
| 461 | ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, cert_data, cert_size, NULL); |
| 462 | free(cert_data); |
| 463 | #else |
| 464 | if (strlen(CONFIG_SSL_X509_CERT_LOCATION)) |
| 465 | { |
| 466 | if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, |
| 467 | CONFIG_SSL_X509_CERT_LOCATION, NULL)) < 0) |
| 468 | goto error; |
| 469 | } |
| 470 | else if (!(options & SSL_NO_DEFAULT_KEY)) |
| 471 | { |
| 472 | #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE) |
| 473 | #include "cert.h" |
| 474 | ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, |
| 475 | default_certificate, default_certificate_len, NULL); |
| 476 | #endif |
| 477 | } |
| 478 | #endif |
| 479 | |
| 480 | error: |
| 481 | #ifdef CONFIG_SSL_FULL_MODE |
| 482 | if (ret) |
| 483 | { |
| 484 | printf("Error: Certificate or key not loaded\n"); |
| 485 | } |
| 486 | #endif |
| 487 | |
| 488 | return ret; |
| 489 | |
| 490 | } |
| 491 | |
| 492 | #endif |
| 493 |
Generated on 2021-Apr-16 from project MicroPython revision 1.15a
Powered by 
Code Browser 2.1
Generator usage only permitted with license.