yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-23 20:31:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add structure holding X.509 CRT signature information

Browse source 
This commit introduces an internal structure `mbedtls_x509_crt_sig_info`
containing all information that has to be kept from a child CRT when searching
for a potential parent:
- The issuer name
- The signature type
- The signature
- The hash of the CRT

The structure can be obtained from a CRT frame via `x509_crt_get_sig_info()`
and freed via `x509_crt_free_sig_info()`.

The purpose of this is to reduce the amount of RAM used during CRT
chain verification; once we've extracted the signature info structure
from the current child CRT, we can free all cached data for that CRT
(frame and PK) before searching for a suitable parent. This way, there
will ultimately not be more than one frame needed at a single point
during the verification.
This commit is contained in:
Hanno Becker 2019-02-25 13:50:41 +00:00
parent a788cab46d
commit 5299cf87d4
1 changed files with 165 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

275
library/x509_crt.c
View file

@ -93,6 +93,15 @@ static int x509_crt_ext_key_usage_from_frame( mbedtls_x509_crt_frame *frame,
static void x509_free_sequence( mbedtls_x509_sequence *seq );
static void x509_free_name( mbedtls_x509_name *name );
static int x509_crt_pk_acquire( mbedtls_x509_crt *crt,
mbedtls_pk_context **pk );
static int x509_crt_frame_acquire( mbedtls_x509_crt const *crt,
mbedtls_x509_crt_frame **frame );
static void x509_crt_pk_release( mbedtls_x509_crt *crt,
mbedtls_pk_context *pk );
static void x509_crt_frame_release( mbedtls_x509_crt *crt,
mbedtls_pk_context *pk );
static int x509_crt_frame_acquire( mbedtls_x509_crt const *crt,
mbedtls_x509_crt_frame **frame_ptr )
{
@ -2162,66 +2171,33 @@ static int x509_crt_verifycrl( unsigned char *crt_serial,
/*
* Check the signature of a certificate by its parent
*/
static int x509_crt_check_signature( const mbedtls_x509_crt_frame *child,
static int x509_crt_check_signature( const mbedtls_x509_crt_sig_info *sig_info,
mbedtls_x509_crt *parent,
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
int ret;
size_t hash_len;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
mbedtls_md_type_t sig_md;
mbedtls_pk_type_t sig_pk;
void *sig_opts;
const mbedtls_md_info_t *md_info;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
{
/* Get signature options -- currently only
* necessary for RSASSA-PSS. */
unsigned char *p = child->sig_alg.p;
unsigned char *end = p + child->sig_alg.len;
ret = mbedtls_x509_get_sig_alg_raw( &p, end, &sig_md,
&sig_pk, &sig_opts );
if( ret != 0 )
{
/* Note: this can't happen except after an internal error */
return( -1 );
}
}
#else /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
sig_md = child->sig_md;
sig_pk = child->sig_pk;
sig_opts = NULL;
#endif /* !MBEDTLS_X509_RSASSA_PSS_SUPPORT */
md_info = mbedtls_md_info_from_type( sig_md );
if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
return( -1 );
hash_len = mbedtls_md_get_size( md_info );
/* Skip expensive computation on obvious mismatch */
if( ! mbedtls_pk_can_do( &parent->pk, sig_pk ) )
if( ! mbedtls_pk_can_do( &parent->pk, sig_info->sig_pk ) )
return( -1 );
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
{
return( mbedtls_pk_verify_restartable( &parent->pk,
sig_md, hash, mbedtls_md_get_size( md_info ),
child->sig.p, child->sig.len, &rs_ctx->pk ) );
sig_info->sig_md,
sig_info->crt_hash, sig_info->crt_hash_len,
sig_info->sig.p, sig_info->sig.len,
&rs_ctx->pk ) );
}
#else
(void) rs_ctx;
#endif
ret = mbedtls_pk_verify_ext( sig_pk, sig_opts, &parent->pk,
sig_md, hash, hash_len,
child->sig.p, child->sig.len );
mbedtls_free( sig_opts );
return( ret );
return( mbedtls_pk_verify_ext( sig_info->sig_pk,
sig_info->sig_opts,
&parent->pk,
sig_info->sig_md,
sig_info->crt_hash, sig_info->crt_hash_len,
sig_info->sig.p, sig_info->sig.len ) );
}
/*
@ -2230,14 +2206,14 @@ static int x509_crt_check_signature( const mbedtls_x509_crt_frame *child,
*
* top means parent is a locally-trusted certificate
*/
static int x509_crt_check_parent( const mbedtls_x509_crt_frame *child,
static int x509_crt_check_parent( const mbedtls_x509_crt_sig_info *child_sig,
const mbedtls_x509_crt *parent,
int top )
{
int need_ca_bit;
/* Parent must be the issuer */
if( mbedtls_x509_name_cmp_raw( &child->issuer_raw,
if( mbedtls_x509_name_cmp_raw( &child_sig->issuer_raw,
&parent->subject_raw_no_hdr,
NULL, NULL ) != 0 )
{
@ -2265,6 +2241,71 @@ static int x509_crt_check_parent( const mbedtls_x509_crt_frame *child,
return( 0 );
}
typedef struct mbedtls_x509_crt_sig_info
{
mbedtls_md_type_t sig_md;
mbedtls_pk_type_t sig_pk;
void *sig_opts;
uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE];
size_t crt_hash_len;
mbedtls_x509_buf_raw sig;
mbedtls_x509_buf_raw issuer_raw;
} mbedtls_x509_crt_sig_info;
static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info )
{
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
mbedtls_free( info->sig_opts );
#else
((void) info);
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
}
static int x509_crt_get_sig_info( mbedtls_x509_crt_frame const *frame,
mbedtls_x509_crt_sig_info *info )
{
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( frame->sig_md );
if( mbedtls_md( md_info, frame->tbs.p, frame->tbs.len,
info->crt_hash ) != 0 )
{
/* Note: this can't happen except after an internal error */
return( -1 );
}
info->crt_hash_len = mbedtls_md_get_size( md_info );
/* Make sure that this function leaves the target structure
* ready to be freed, regardless of success of failure. */
info->sig_opts = NULL;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
{
int ret;
unsigned char *alg_start = frame->sig_alg.p;
unsigned char *alg_end = alg_start + frame->sig_alg.len;
/* Get signature options -- currently only
* necessary for RSASSA-PSS. */
ret = mbedtls_x509_get_sig_alg_raw( &alg_start, alg_end, &info->sig_md,
&info->sig_pk, &info->sig_opts );
if( ret != 0 )
{
/* Note: this can't happen except after an internal error */
return( -1 );
}
}
#else /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
info->sig_md = frame->sig_md;
info->sig_pk = frame->sig_pk;
#endif /* !MBEDTLS_X509_RSASSA_PSS_SUPPORT */
info->issuer_raw = frame->issuer_raw;
info->sig = frame->sig;
return( 0 );
}
/*
* Find a suitable parent for child in candidates, or return NULL.
*
@ -2309,7 +2350,7 @@ static int x509_crt_check_parent( const mbedtls_x509_crt_frame *child,
* - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
*/
static int x509_crt_find_parent_in(
mbedtls_x509_crt_frame const *child,
mbedtls_x509_crt_sig_info const *child_sig,
mbedtls_x509_crt *candidates,
mbedtls_x509_crt **r_parent,
int *r_signature_is_good,
@ -2361,7 +2402,7 @@ check_signature:
}
/* basic parenting skills (name, CA bit, key usage) */
if( x509_crt_check_parent( child, parent, top ) == 0 )
if( x509_crt_check_parent( child_sig, parent, top ) == 0 )
parent_match = 1;
/* +1 because stored max_pathlen is 1 higher that the actual value */
@ -2375,7 +2416,7 @@ check_signature:
continue;
/* Signature */
ret = x509_crt_check_signature( child, parent, rs_ctx );
ret = x509_crt_check_signature( child_sig, parent, rs_ctx );
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
@ -2447,7 +2488,7 @@ check_signature:
* - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
*/
static int x509_crt_find_parent(
mbedtls_x509_crt_frame const *child,
mbedtls_x509_crt_sig_info const *child_sig,
mbedtls_x509_crt *rest,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crt **parent,
@ -2474,7 +2515,7 @@ static int x509_crt_find_parent(
while( 1 ) {
search_list = *parent_is_trusted ? trust_ca : rest;
ret = x509_crt_find_parent_in( child, search_list,
ret = x509_crt_find_parent_in( child_sig, search_list,
parent, signature_is_good,
*parent_is_trusted,
path_cnt, self_cnt, rs_ctx );
@ -2520,14 +2561,6 @@ static int x509_crt_check_ee_locally_trusted(
{
mbedtls_x509_crt const *cur;
/* must be self-issued */
if( mbedtls_x509_name_cmp_raw( &crt->issuer_raw,
&crt->subject_raw,
NULL, NULL ) != 0 )
{
return( -1 );
}
/* look for an exact match with trusted cert */
for( cur = trust_ca; cur != NULL; cur = cur->next )
{
@ -2625,7 +2658,10 @@ static int x509_crt_verify_chain(
child_is_trusted = 0;
while( 1 ) {
mbedtls_x509_crt_frame *child;
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_buf_raw child_serial;
#endif /* MBEDTLS_X509_CRL_PARSE_C */
int self_issued;
/* Add certificate to the verification chain */
cur = &ver_chain->items[ver_chain->len];
@ -2637,41 +2673,72 @@ static int x509_crt_verify_chain(
find_parent:
#endif
ret = x509_crt_frame_acquire( child_crt, &child );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
flags = &cur->flags;
/* Check time-validity (all certificates) */
if( mbedtls_x509_time_is_past( &child->valid_to ) )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
/* Stop here for trusted roots (but not for trusted EE certs) */
if( child_is_trusted )
goto release;
/* Check signature algorithm: MD & PK algs */
if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
/* Special case: EE certs that are locally trusted */
if( ver_chain->len == 1 &&
x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
{
goto release;
}
mbedtls_x509_crt_sig_info child_sig;
{
mbedtls_x509_crt_frame *child;
/* Look for a parent in trusted CAs or up the chain */
ret = x509_crt_find_parent( child, trust_ca, &parent,
&parent_is_trusted, &signature_is_good,
ver_chain->len - 1, self_cnt, rs_ctx );
ret = x509_crt_frame_acquire( child_crt, &child );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
/* Check time-validity (all certificates) */
if( mbedtls_x509_time_is_past( &child->valid_to ) )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
/* Stop here for trusted roots (but not for trusted EE certs) */
if( child_is_trusted )
{
x509_crt_frame_release( child_crt, child );
return( 0 );
}
self_issued = 0;
if( mbedtls_x509_name_cmp_raw( &child->issuer_raw,
&child->subject_raw,
NULL, NULL ) == 0 )
{
self_issued = 1;
}
/* Check signature algorithm: MD & PK algs */
if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
/* Special case: EE certs that are locally trusted */
if( ver_chain->len == 1 && self_issued &&
x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
{
x509_crt_frame_release( child_crt, child );
return( 0 );
}
#if defined(MBEDTLS_X509_CRL_PARSE_C)
child_serial = child->serial;
#endif /* MBEDTLS_X509_CRL_PARSE_C */
ret = x509_crt_get_sig_info( child, &child_sig );
x509_crt_frame_release( child_crt, child );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
}
/* Look for a parent in trusted CAs or up the chain */
ret = x509_crt_find_parent( &child_sig, child_crt->next,
trust_ca, &parent,
&parent_is_trusted, &signature_is_good,
ver_chain->len - 1, self_cnt, rs_ctx );
x509_crt_free_sig_info( &child_sig );
}
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
@ -2680,8 +2747,7 @@ find_parent:
rs_ctx->in_progress = x509_crt_rs_find_parent;
rs_ctx->self_cnt = self_cnt;
rs_ctx->ver_chain = *ver_chain; /* struct copy */
goto release;
return( ret );
}
#else
(void) ret;
@ -2691,19 +2757,14 @@ find_parent:
if( parent == NULL )
{
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
goto release;
return( 0 );
}
/* Count intermediate self-issued (not necessarily self-signed) certs.
* These can occur with some strategies for key rollover, see [SIRO],
* and should be excluded from max_pathlen checks. */
if( ver_chain->len != 1 &&
mbedtls_x509_name_cmp_raw( &child->issuer_raw,
&child->subject_raw,
NULL, NULL ) == 0 )
{
if( ver_chain->len != 1 && self_issued )
self_cnt++;
}
/* path_cnt is 0 for the first intermediate CA,
* and if parent is trusted it's not an intermediate CA */
@ -2711,8 +2772,7 @@ find_parent:
ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
{
/* return immediately to avoid overflow the chain array */
ret = MBEDTLS_ERR_X509_FATAL_ERROR;
goto release;
return( MBEDTLS_ERR_X509_FATAL_ERROR );
}
/* signature was checked while searching parent */
@ -2725,24 +2785,19 @@ find_parent:
#if defined(MBEDTLS_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the given crt */
*flags |= x509_crt_verifycrl( child->serial.p,
child->serial.len,
*flags |= x509_crt_verifycrl( child_serial.p,
child_serial.len,
parent, ca_crl, profile );
#else
(void) ca_crl;
#endif
/* prepare for next iteration */
x509_crt_frame_release( child_crt, child );
child_crt = parent;
parent = NULL;
child_is_trusted = parent_is_trusted;
signature_is_good = 0;
}
release:
x509_crt_frame_release( child_crt, child );
return( ret );
}
/*