From 58daab21cd043e1dc37024a7f99b396788372918 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 9 Mar 2024 14:19:48 +0100 Subject: Merging upstream version 1.44.3. Signed-off-by: Daniel Baumann --- .../h2o/libh2o/deps/picotls/lib/minicrypto-pem.c | 339 +++++++++++++++++++++ 1 file changed, 339 insertions(+) create mode 100644 web/server/h2o/libh2o/deps/picotls/lib/minicrypto-pem.c (limited to 'web/server/h2o/libh2o/deps/picotls/lib/minicrypto-pem.c') diff --git a/web/server/h2o/libh2o/deps/picotls/lib/minicrypto-pem.c b/web/server/h2o/libh2o/deps/picotls/lib/minicrypto-pem.c new file mode 100644 index 000000000..2b82a91ec --- /dev/null +++ b/web/server/h2o/libh2o/deps/picotls/lib/minicrypto-pem.c @@ -0,0 +1,339 @@ +/* + * Copyright (c) 2017,2018 Christian Huitema + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ +#include +#include +#include +#include +#ifdef _WINDOWS +#include "wincompat.h" +#else +#include +#endif +#include "picotls.h" +#include "picotls/minicrypto.h" +#include "picotls/asn1.h" +#include "picotls/pembase64.h" + + +/* + * This function could be declared as static, but we want to access it + * in the unit tests. + */ +size_t ptls_minicrypto_asn1_decode_private_key(ptls_asn1_pkcs8_private_key_t *pkey, int *decode_error, + ptls_minicrypto_log_ctx_t *log_ctx) +{ + uint8_t *bytes = pkey->vec.base; + size_t bytes_max = pkey->vec.len; + + /* read the ASN1 messages */ + size_t byte_index = 0; + uint32_t seq0_length = 0; + size_t last_byte0; + uint32_t seq1_length = 0; + size_t last_byte1 = 0; + uint32_t oid_length; + size_t last_oid_byte; + uint32_t key_data_length; + size_t key_data_last; + + /* start with sequence */ + byte_index = ptls_asn1_get_expected_type_and_length(bytes, bytes_max, byte_index, 0x30, &seq0_length, NULL, &last_byte0, + decode_error, log_ctx); + + if (*decode_error == 0 && bytes_max != last_byte0) { + byte_index = ptls_asn1_error_message("Length larger than message", bytes_max, byte_index, 0, log_ctx); + *decode_error = PTLS_ERROR_BER_EXCESSIVE_LENGTH; + } + + if (*decode_error == 0) { + /* get first component: version, INTEGER, expect value 0 */ + if (byte_index + 3 > bytes_max) { + byte_index = ptls_asn1_error_message("Cannot find key version", bytes_max, byte_index, 0, log_ctx); + *decode_error = PTLS_ERROR_INCORRECT_PEM_KEY_VERSION; + } else if (bytes[byte_index] != 0x02 || bytes[byte_index + 1] != 0x01 || bytes[byte_index + 2] != 0x00) { + *decode_error = PTLS_ERROR_INCORRECT_PEM_KEY_VERSION; + byte_index = ptls_asn1_error_message("Incorrect PEM Version", bytes_max, byte_index, 0, log_ctx); + } else { + byte_index += 3; + if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, " Version = 1,\n"); + } + } + } + + if (*decode_error == 0) { + /* open embedded sequence */ + byte_index = ptls_asn1_get_expected_type_and_length(bytes, bytes_max, byte_index, 0x30, &seq1_length, NULL, &last_byte1, + decode_error, log_ctx); + } + + if (*decode_error == 0) { + if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, " Algorithm Identifier:\n"); + } + /* get length of OID */ + byte_index = ptls_asn1_get_expected_type_and_length(bytes, last_byte1, byte_index, 0x06, &oid_length, NULL, &last_oid_byte, + decode_error, log_ctx); + + if (*decode_error == 0) { + if (log_ctx != NULL) { + /* print the OID value */ + log_ctx->fn(log_ctx->ctx, " Algorithm:"); + ptls_asn1_dump_content(bytes + byte_index, oid_length, 0, log_ctx); + log_ctx->fn(log_ctx->ctx, ",\n"); + } + pkey->algorithm_index = byte_index; + pkey->algorithm_length = oid_length; + byte_index += oid_length; + } + } + + if (*decode_error == 0) { + /* get parameters, ANY */ + if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, " Parameters:\n"); + } + + pkey->parameters_index = byte_index; + + pkey->parameters_length = + ptls_asn1_validation_recursive(bytes + byte_index, last_byte1 - byte_index, decode_error, 2, log_ctx); + + byte_index += pkey->parameters_length; + + if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, "\n"); + } + /* close sequence */ + if (byte_index != last_byte1) { + byte_index = ptls_asn1_error_message("Length larger than element", bytes_max, byte_index, 2, log_ctx); + *decode_error = PTLS_ERROR_BER_ELEMENT_TOO_SHORT; + } + } + + /* get octet string, key */ + if (*decode_error == 0) { + byte_index = ptls_asn1_get_expected_type_and_length(bytes, last_byte0, byte_index, 0x04, &key_data_length, NULL, + &key_data_last, decode_error, log_ctx); + + if (*decode_error == 0) { + pkey->key_data_index = byte_index; + pkey->key_data_length = key_data_length; + byte_index += key_data_length; + + if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, " Key data (%d bytes):\n", key_data_length); + + (void)ptls_asn1_validation_recursive(bytes + pkey->key_data_index, key_data_length, decode_error, 1, log_ctx); + log_ctx->fn(log_ctx->ctx, "\n"); + } + } + } + + if (*decode_error == 0 && byte_index != last_byte0) { + byte_index = ptls_asn1_error_message("Length larger than element", bytes_max, byte_index, 0, log_ctx); + *decode_error = PTLS_ERROR_BER_ELEMENT_TOO_SHORT; + } + + if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, "\n"); + } + + return byte_index; +} + +static int ptls_pem_parse_private_key(char const *pem_fname, ptls_asn1_pkcs8_private_key_t *pkey, + ptls_minicrypto_log_ctx_t *log_ctx) +{ + size_t nb_keys = 0; + int ret = ptls_load_pem_objects(pem_fname, "PRIVATE KEY", &pkey->vec, 1, &nb_keys); + + if (ret == 0) { + if (nb_keys != 1) { + ret = PTLS_ERROR_PEM_LABEL_NOT_FOUND; + } + } + + if (ret == 0 && nb_keys == 1) { + int decode_error = 0; + + if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, "\nFound PRIVATE KEY, length = %d bytes\n", (int)pkey->vec.len); + } + + (void)ptls_minicrypto_asn1_decode_private_key(pkey, &decode_error, log_ctx); + + if (decode_error != 0) { + ret = decode_error; + } + } + + return ret; +} + +static const uint8_t ptls_asn1_algorithm_ecdsa[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01}; + +static const uint8_t ptls_asn1_curve_secp256r1[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07}; + +static int ptls_set_ecdsa_private_key(ptls_context_t *ctx, ptls_asn1_pkcs8_private_key_t *pkey, ptls_minicrypto_log_ctx_t *log_ctx) +{ + uint8_t *bytes = pkey->vec.base + pkey->parameters_index; + size_t bytes_max = pkey->parameters_length; + size_t byte_index = 0; + uint8_t *curve_id = NULL; + uint32_t curve_id_length = 0; + int decode_error = 0; + uint32_t seq_length; + size_t last_byte = 0; + uint8_t *ecdsa_key_data = NULL; + uint32_t ecdsa_key_data_length = 0; + size_t ecdsa_key_data_last = 0; + + /* We expect the parameters to include just the curve ID */ + + byte_index = ptls_asn1_get_expected_type_and_length(bytes, bytes_max, byte_index, 0x06, &curve_id_length, NULL, &last_byte, + &decode_error, log_ctx); + + if (decode_error == 0 && bytes_max != last_byte) { + byte_index = ptls_asn1_error_message("Length larger than parameters", bytes_max, byte_index, 0, log_ctx); + decode_error = PTLS_ERROR_BER_EXCESSIVE_LENGTH; + } + + if (decode_error == 0) { + curve_id = bytes + byte_index; + + if (log_ctx != NULL) { + /* print the OID value */ + log_ctx->fn(log_ctx->ctx, "Curve: "); + ptls_asn1_dump_content(curve_id, curve_id_length, 0, log_ctx); + log_ctx->fn(log_ctx->ctx, "\n"); + } + } + + /* We expect the key data to follow the ECDSA structure per RFC 5915 */ + bytes = pkey->vec.base + pkey->key_data_index; + bytes_max = pkey->key_data_length; + byte_index = 0; + + /* decode the wrapping sequence */ + if (decode_error == 0) { + byte_index = ptls_asn1_get_expected_type_and_length(bytes, bytes_max, byte_index, 0x30, &seq_length, NULL, &last_byte, + &decode_error, log_ctx); + } + + if (decode_error == 0 && bytes_max != last_byte) { + byte_index = ptls_asn1_error_message("Length larger than key data", bytes_max, byte_index, 0, log_ctx); + decode_error = PTLS_ERROR_BER_ELEMENT_TOO_SHORT; + } + + /* verify and skip the version number 1 */ + if (decode_error == 0) { + /* get first component: version, INTEGER, expect value 0 */ + if (byte_index + 3 > bytes_max) { + byte_index = ptls_asn1_error_message("Cannot find ECDSA Key Data Version", bytes_max, byte_index, 0, log_ctx); + decode_error = PTLS_ERROR_INCORRECT_ASN1_ECDSA_KEY_SYNTAX; + } else if (bytes[byte_index] != 0x02 || bytes[byte_index + 1] != 0x01 || bytes[byte_index + 2] != 0x01) { + decode_error = PTLS_ERROR_INCORRECT_PEM_ECDSA_KEY_VERSION; + byte_index = ptls_asn1_error_message("Incorrect ECDSA Key Data Version", bytes_max, byte_index, 0, log_ctx); + } else { + byte_index += 3; + if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, "ECDSA Version = 1,\n"); + } + } + } + + /* obtain the octet string that contains the ECDSA private key */ + if (decode_error == 0) { + byte_index = ptls_asn1_get_expected_type_and_length(bytes, last_byte, byte_index, 0x04, &ecdsa_key_data_length, NULL, + &ecdsa_key_data_last, &decode_error, log_ctx); + + if (decode_error == 0) { + ecdsa_key_data = bytes + byte_index; + } + } + + /* If everything is fine, associate the ECDSA key with the context */ + if (curve_id_length == sizeof(ptls_asn1_curve_secp256r1) && curve_id != NULL && + memcmp(curve_id, ptls_asn1_curve_secp256r1, sizeof(ptls_asn1_curve_secp256r1)) == 0) { + if (SECP256R1_PRIVATE_KEY_SIZE != ecdsa_key_data_length) { + decode_error = PTLS_ERROR_INCORRECT_PEM_ECDSA_KEYSIZE; + if (log_ctx != NULL) { + /* print the OID value */ + log_ctx->fn(log_ctx->ctx, "Wrong SECP256R1 key length, %d instead of %d.\n", ecdsa_key_data_length, + SECP256R1_PRIVATE_KEY_SIZE); + } + } else { + ptls_minicrypto_secp256r1sha256_sign_certificate_t *minicrypto_sign_certificate; + + minicrypto_sign_certificate = (ptls_minicrypto_secp256r1sha256_sign_certificate_t *)malloc( + sizeof(ptls_minicrypto_secp256r1sha256_sign_certificate_t)); + + if (minicrypto_sign_certificate == NULL) { + decode_error = PTLS_ERROR_NO_MEMORY; + } else { + memset(minicrypto_sign_certificate, 0, sizeof(ptls_minicrypto_secp256r1sha256_sign_certificate_t)); + decode_error = ptls_minicrypto_init_secp256r1sha256_sign_certificate( + minicrypto_sign_certificate, ptls_iovec_init(ecdsa_key_data, ecdsa_key_data_length)); + } + if (decode_error == 0) { + ctx->sign_certificate = &minicrypto_sign_certificate->super; + + if (log_ctx != NULL) { + /* print the OID value */ + log_ctx->fn(log_ctx->ctx, "Initialized SECP512R1 signing key with %d bytes.\n", ecdsa_key_data_length); + } + } else if (log_ctx != NULL) { + log_ctx->fn(log_ctx->ctx, "SECP512R1 init with %d bytes returns %d.\n", ecdsa_key_data_length, decode_error); + } + } + } else { + decode_error = PTLS_ERROR_INCORRECT_PEM_ECDSA_CURVE; + if (log_ctx != NULL) { + /* print the OID value */ + log_ctx->fn(log_ctx->ctx, "Curve is not supported for signatures.\n"); + } + } + + return decode_error; +} + +int ptls_minicrypto_load_private_key(ptls_context_t *ctx, char const *pem_fname) +{ + ptls_asn1_pkcs8_private_key_t pkey = {{0}}; + int ret = ptls_pem_parse_private_key(pem_fname, &pkey, NULL); + + /* Check that this is the expected key type. + * At this point, the minicrypto library only supports ECDSA keys. + * In theory, we could add support for RSA keys at some point. + */ + if (ret == 0) { + if (pkey.algorithm_length == sizeof(ptls_asn1_algorithm_ecdsa) && + memcmp(pkey.vec.base + pkey.algorithm_index, ptls_asn1_algorithm_ecdsa, sizeof(ptls_asn1_algorithm_ecdsa)) == 0) { + ret = ptls_set_ecdsa_private_key(ctx, &pkey, NULL); + } else { + ret = -1; + } + } + + return ret; +} -- cgit v1.2.3