Browse code
Add more debug messages in fail cases, more comments, minor changes
Andrew authored on 2018/08/23 14:05:51Showing 2 changed files
| ... | ... |
@@ -523,7 +523,7 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size, |
| 523 | 523 |
if(map_sha1(map, obj.content, obj.size, x509.serial)) |
| 524 | 524 |
break; |
| 525 | 525 |
|
| 526 |
- if(asn1_expect_rsa(map, &obj.next, &tbs.size, &hashtype1)) /* algo = sha1WithRSAEncryption | md5WithRSAEncryption */ |
|
| 526 |
+ if(asn1_expect_rsa(map, &obj.next, &tbs.size, &hashtype1)) /* algo - Ex: sha1WithRSAEncryption */ |
|
| 527 | 527 |
break; |
| 528 | 528 |
|
| 529 | 529 |
if(asn1_expect_objtype(map, obj.next, &tbs.size, &obj, ASN1_TYPE_SEQUENCE)) /* issuer */ |
| ... | ... |
@@ -731,7 +731,7 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size, |
| 731 | 731 |
if(map_sha1(map, issuer, issuersize, x509.issuer)) |
| 732 | 732 |
break; |
| 733 | 733 |
|
| 734 |
- if(asn1_expect_rsa(map, &tbs.next, &crt.size, &hashtype2)) /* signature algo = sha1WithRSAEncryption | md5WithRSAEncryption */ |
|
| 734 |
+ if(asn1_expect_rsa(map, &tbs.next, &crt.size, &hashtype2)) /* signature algo - Ex: sha1WithRSAEncryption */ |
|
| 735 | 735 |
break; |
| 736 | 736 |
|
| 737 | 737 |
if(hashtype1 != hashtype2) {
|
| ... | ... |
@@ -777,6 +777,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 777 | 777 |
const uint8_t *message, *attrs; |
| 778 | 778 |
unsigned int dsize, message_size, attrs_size; |
| 779 | 779 |
cli_crt_hashtype hashtype; |
| 780 |
+ unsigned int hashsize; |
|
| 780 | 781 |
cli_crt *x509; |
| 781 | 782 |
void *ctx; |
| 782 | 783 |
int result; |
| ... | ... |
@@ -790,70 +791,114 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 790 | 790 |
break; |
| 791 | 791 |
} |
| 792 | 792 |
|
| 793 |
- if(asn1_expect_objtype(map, message, &size, &asn1, ASN1_TYPE_SEQUENCE)) /* SEQUENCE */ |
|
| 793 |
+ if(asn1_expect_objtype(map, message, &size, &asn1, ASN1_TYPE_SEQUENCE)){ /* SEQUENCE */
|
|
| 794 |
+ cli_dbgmsg("asn1_parse_mscat: expected SEQUENCE at top level\n");
|
|
| 794 | 795 |
break; |
| 796 |
+ } |
|
| 797 |
+ |
|
| 798 |
+ // TODO Example where this is the case? |
|
| 795 | 799 |
/* if(size) { */
|
| 796 | 800 |
/* cli_dbgmsg("asn1_parse_mscat: found extra data after pkcs#7 %u\n", size); */
|
| 797 | 801 |
/* break; */ |
| 798 | 802 |
/* } */ |
| 799 | 803 |
size = asn1.size; |
| 800 |
- if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_OBJECT_ID, lenof(OID_signedData), OID_signedData)) /* OBJECT 1.2.840.113549.1.7.2 - contentType = signedData */ |
|
| 804 |
+ if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_OBJECT_ID, lenof(OID_signedData), OID_signedData)){ /* OBJECT 1.2.840.113549.1.7.2 - contentType = signedData */
|
|
| 805 |
+ cli_dbgmsg("asn1_parse_mscat: expected contentType == signedData\n");
|
|
| 801 | 806 |
break; |
| 802 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0xa0)) /* [0] - content */ |
|
| 807 |
+ } |
|
| 808 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0xa0)){ /* [0] - content */
|
|
| 809 |
+ cli_dbgmsg("asn1_parse_mscat: expected '[0] - content' following signedData contentType\n");
|
|
| 803 | 810 |
break; |
| 811 |
+ } |
|
| 804 | 812 |
if(size) {
|
| 805 | 813 |
cli_dbgmsg("asn1_parse_mscat: found extra data in pkcs#7\n");
|
| 806 | 814 |
break; |
| 807 | 815 |
} |
| 808 | 816 |
size = asn1.size; |
| 809 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) /* SEQUENCE */ |
|
| 817 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)){ /* SEQUENCE */
|
|
| 818 |
+ cli_dbgmsg("asn1_parse_mscat: expected SEQUENCE inside signedData '[0] - content'\n");
|
|
| 810 | 819 |
break; |
| 820 |
+ } |
|
| 811 | 821 |
if(size) {
|
| 812 | 822 |
cli_dbgmsg("asn1_parse_mscat: found extra data in signedData\n");
|
| 813 | 823 |
break; |
| 814 | 824 |
} |
| 815 | 825 |
size = asn1.size; |
| 816 |
- if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_INTEGER, 1, "\x01")) /* INTEGER - VERSION 1 */ |
|
| 826 |
+ if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_INTEGER, 1, "\x01")){ /* INTEGER - VERSION 1 */
|
|
| 827 |
+ cli_dbgmsg("asn1_parse_mscat: expected 'INTEGER - VERSION 1' for signedData version\n");
|
|
| 817 | 828 |
break; |
| 829 |
+ } |
|
| 818 | 830 |
|
| 819 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SET)) /* SET OF DigestAlgorithmIdentifier */ |
|
| 831 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SET)){ /* SET OF DigestAlgorithmIdentifier */
|
|
| 832 |
+ cli_dbgmsg("asn1_parse_mscat: expected SET OF DigestAlgorithmIdentifier inside signedData\n");
|
|
| 820 | 833 |
break; |
| 834 |
+ } |
|
| 821 | 835 |
|
| 822 |
- if(asn1_expect_algo(map, &asn1.content, &asn1.size, lenof(OID_sha1), OID_sha1)) /* DigestAlgorithmIdentifier[0] == sha1 */ |
|
| 836 |
+ if(asn1_expect_algo(map, &asn1.content, &asn1.size, lenof(OID_sha1), OID_sha1)){ /* DigestAlgorithmIdentifier[0] == sha1 */
|
|
| 837 |
+ cli_dbgmsg("asn1_parse_mscat: DigestAlgorithmIdentifier[0] does not indicate SHA1\n");
|
|
| 823 | 838 |
break; |
| 839 |
+ } |
|
| 824 | 840 |
if(asn1.size) {
|
| 825 | 841 |
cli_dbgmsg("asn1_parse_mscat: only one digestAlgorithmIdentifier is allowed\n");
|
| 826 | 842 |
break; |
| 827 | 843 |
} |
| 828 | 844 |
|
| 829 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_SEQUENCE)) /* SEQUENCE - contentInfo */ |
|
| 845 |
+ if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_SEQUENCE)){ /* SEQUENCE - contentInfo */
|
|
| 846 |
+ cli_dbgmsg("asn1_parse_mscat: expected 'SEQUENCE - contentInfo' inside DigestAlgorithmIdentifier SET\n");
|
|
| 830 | 847 |
break; |
| 848 |
+ } |
|
| 831 | 849 |
/* Here there is either a PKCS #7 ContentType Object Identifier for Certificate Trust List (szOID_CTL) |
| 832 | 850 |
* or a single SPC_INDIRECT_DATA_OBJID */ |
| 833 | 851 |
if( |
| 834 | 852 |
(!embedded && asn1_expect_obj(map, &asn1.content, &asn1.size, ASN1_TYPE_OBJECT_ID, lenof(OID_szOID_CTL), OID_szOID_CTL)) || |
| 835 | 853 |
(embedded && asn1_expect_obj(map, &asn1.content, &asn1.size, ASN1_TYPE_OBJECT_ID, lenof(OID_SPC_INDIRECT_DATA_OBJID), OID_SPC_INDIRECT_DATA_OBJID)) |
| 836 |
- ) |
|
| 854 |
+ ){
|
|
| 855 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected ContentType for embedded mode %d\n", embedded);
|
|
| 837 | 856 |
break; |
| 857 |
+ } |
|
| 838 | 858 |
|
| 839 |
- if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, 0xa0)) |
|
| 859 |
+ if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, 0xa0)){
|
|
| 860 |
+ cli_dbgmsg("asn1_parse_mscat: expected '[0] - content' following DigestAlgorithmIdentifier contentType\n");
|
|
| 840 | 861 |
break; |
| 862 |
+ } |
|
| 841 | 863 |
if(asn1.size) {
|
| 842 | 864 |
cli_dbgmsg("asn1_parse_mscat: found extra data in contentInfo\n");
|
| 843 | 865 |
break; |
| 844 | 866 |
} |
| 845 | 867 |
dsize = deep.size; |
| 846 | 868 |
if(asn1_expect_objtype(map, deep.content, &dsize, &deep, ASN1_TYPE_SEQUENCE)) |
| 869 |
+ {
|
|
| 870 |
+ cli_dbgmsg("asn1_parse_mscat: expected SEQUENCE in DigestAlgorithmIdentifier '[0] - contentInfo'\n");
|
|
| 847 | 871 |
break; |
| 872 |
+ } |
|
| 848 | 873 |
if(dsize) {
|
| 849 | 874 |
cli_dbgmsg("asn1_parse_mscat: found extra data in content\n");
|
| 850 | 875 |
break; |
| 851 | 876 |
} |
| 877 |
+ |
|
| 878 |
+ /* |
|
| 879 |
+ * Hashes should look like: TODO Verify |
|
| 880 |
+ * SEQUENCE(2 elem) |
|
| 881 |
+ * OBJECT IDENTIFIER 1.3.6.1.4.1.311.2.1.15 spcPEImageData |
|
| 882 |
+ * SEQUENCE(2 elem) |
|
| 883 |
+ * BIT STRING(0 elem) |
|
| 884 |
+ * [0](1 elem) |
|
| 885 |
+ * [2](1 elem) |
|
| 886 |
+ * [0] |
|
| 887 |
+ * SEQUENCE(2 elem) |
|
| 888 |
+ * SEQUENCE(2 elem) |
|
| 889 |
+ * OBJECT IDENTIFIER 1.3.14.3.2.26 sha1 (OIW) |
|
| 890 |
+ * NULL |
|
| 891 |
+ * OCTET STRING(20 byte) |
|
| 892 |
+ */ |
|
| 893 |
+ |
|
| 852 | 894 |
*hashes = deep.content; |
| 853 | 895 |
*hashes_size = deep.size; |
| 854 | 896 |
|
| 855 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa0)) /* certificates */ |
|
| 897 |
+ if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa0)){ /* certificates */
|
|
| 898 |
+ cli_dbgmsg("asn1_parse_mscat: expected 0xa0 certificates entry\n");
|
|
| 856 | 899 |
break; |
| 900 |
+ } |
|
| 857 | 901 |
|
| 858 | 902 |
dsize = asn1.size; |
| 859 | 903 |
if(dsize) {
|
| ... | ... |
@@ -867,6 +912,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 867 | 867 |
} |
| 868 | 868 |
if(dsize) {
|
| 869 | 869 |
crtmgr_free(&newcerts); |
| 870 |
+ cli_dbgmsg("asn1_parse_mscat: an error occurred while extracting x509 certificates\n");
|
|
| 870 | 871 |
break; |
| 871 | 872 |
} |
| 872 | 873 |
if(newcerts.crts) {
|
| ... | ... |
@@ -918,8 +964,10 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 918 | 918 |
|
| 919 | 919 |
x509->codeSign &= parent->codeSign; |
| 920 | 920 |
x509->timeSign &= parent->timeSign; |
| 921 |
- if(crtmgr_add(cmgr, x509)) |
|
| 921 |
+ if(crtmgr_add(cmgr, x509)) {
|
|
| 922 |
+ cli_dbgmsg("asn1_parse_mscat: adding x509 cert to crtmgr failed\n");
|
|
| 922 | 923 |
break; |
| 924 |
+ } |
|
| 923 | 925 |
crtmgr_del(&newcerts, x509); |
| 924 | 926 |
x509 = newcerts.crts; |
| 925 | 927 |
continue; |
| ... | ... |
@@ -936,10 +984,14 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 936 | 936 |
} |
| 937 | 937 |
} |
| 938 | 938 |
|
| 939 |
- if(asn1_get_obj(map, asn1.next, &size, &asn1)) |
|
| 939 |
+ if(asn1_get_obj(map, asn1.next, &size, &asn1)) {
|
|
| 940 |
+ cli_dbgmsg("asn1_parse_mscat: failed to get next ASN1 section\n");
|
|
| 940 | 941 |
break; |
| 941 |
- if(asn1.type == 0xa1 && asn1_get_obj(map, asn1.next, &size, &asn1)) /* crls - unused shouldn't be present */ |
|
| 942 |
+ } |
|
| 943 |
+ if(asn1.type == 0xa1 && asn1_get_obj(map, asn1.next, &size, &asn1)){ /* crls - unused shouldn't be present */
|
|
| 944 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected CRL entries were found\n");
|
|
| 942 | 945 |
break; |
| 946 |
+ } |
|
| 943 | 947 |
if(asn1.type != ASN1_TYPE_SET) { /* signerInfos */
|
| 944 | 948 |
cli_dbgmsg("asn1_parse_mscat: unexpected type %02x for signerInfos\n", asn1.type);
|
| 945 | 949 |
break; |
| ... | ... |
@@ -949,37 +1001,85 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 949 | 949 |
break; |
| 950 | 950 |
} |
| 951 | 951 |
size = asn1.size; |
| 952 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) |
|
| 952 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) {
|
|
| 953 |
+ cli_dbgmsg("asn1_parse_mscat: expected SEQUENCE in signerInfos");
|
|
| 953 | 954 |
break; |
| 955 |
+ } |
|
| 954 | 956 |
if(size) {
|
| 955 | 957 |
cli_dbgmsg("asn1_parse_mscat: only one signerInfo shall be present\n");
|
| 956 | 958 |
break; |
| 957 | 959 |
} |
| 958 | 960 |
size = asn1.size; |
| 959 |
- if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_INTEGER, 1, "\x01")) /* Version = 1 */ |
|
| 961 |
+ if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_INTEGER, 1, "\x01")){ /* Version = 1 */
|
|
| 962 |
+ cli_dbgmsg("asn1_parse_mscat: expected Version == 1 for signerInfo\n");
|
|
| 960 | 963 |
break; |
| 961 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) /* issuerAndSerialNumber */ |
|
| 964 |
+ } |
|
| 965 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)){ /* issuerAndSerialNumber */
|
|
| 966 |
+ cli_dbgmsg("asn1_parse_mscat: expected issuerAndSerialNumber SEQUENCE\n");
|
|
| 962 | 967 |
break; |
| 968 |
+ } |
|
| 963 | 969 |
dsize = asn1.size; |
| 964 |
- if(asn1_expect_objtype(map, asn1.content, &dsize, &deep, ASN1_TYPE_SEQUENCE)) /* issuer */ |
|
| 970 |
+ if(asn1_expect_objtype(map, asn1.content, &dsize, &deep, ASN1_TYPE_SEQUENCE)){ /* issuer */
|
|
| 971 |
+ cli_dbgmsg("asn1_parse_mscat: expected issuer SEQUENCE\n");
|
|
| 965 | 972 |
break; |
| 966 |
- if(map_sha1(map, deep.content, deep.size, issuer)) |
|
| 973 |
+ } |
|
| 974 |
+ |
|
| 975 |
+ /* Make sure the issuer ID is mapped into memory and then compute the |
|
| 976 |
+ * SHA1 of it so we can use this value in verification later on. This |
|
| 977 |
+ * will be a hash over all the values in the issuer SEQUENCE, which |
|
| 978 |
+ * looks something like: |
|
| 979 |
+ * SET(1 elem) |
|
| 980 |
+ * SEQUENCE(2 elem) |
|
| 981 |
+ * OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component) |
|
| 982 |
+ * PrintableString |
|
| 983 |
+ * SET(1 elem) |
|
| 984 |
+ * SEQUENCE(2 elem) |
|
| 985 |
+ * OBJECT IDENTIFIER2.5.4.8 stateOrProvinceName (X.520 DN component) |
|
| 986 |
+ * PrintableString |
|
| 987 |
+ * SET(1 elem) |
|
| 988 |
+ * SEQUENCE(2 elem) |
|
| 989 |
+ * OBJECT IDENTIFIER2.5.4.7 localityName (X.520 DN component) |
|
| 990 |
+ * PrintableString |
|
| 991 |
+ * SET(1 elem) |
|
| 992 |
+ * SEQUENCE(2 elem) |
|
| 993 |
+ * OBJECT IDENTIFIER2.5.4.10 organizationName (X.520 DN component) |
|
| 994 |
+ * PrintableString |
|
| 995 |
+ * SET(1 elem) |
|
| 996 |
+ * SEQUENCE(2 elem) |
|
| 997 |
+ * OBJECT IDENTIFIER2.5.4.3commonName(X.520 DN component) |
|
| 998 |
+ * PrintableString |
|
| 999 |
+ */ |
|
| 1000 |
+ if(map_sha1(map, deep.content, deep.size, issuer)){
|
|
| 1001 |
+ cli_dbgmsg("asn1_parse_mscat: error in call to map_sha1 for issuer\n");
|
|
| 967 | 1002 |
break; |
| 1003 |
+ } |
|
| 968 | 1004 |
|
| 969 |
- if(asn1_expect_objtype(map, deep.next, &dsize, &deep, ASN1_TYPE_INTEGER)) /* serial */ |
|
| 1005 |
+ // TODO Isn't dsize too big here? Should we use dsize - deep.size |
|
| 1006 |
+ if(asn1_expect_objtype(map, deep.next, &dsize, &deep, ASN1_TYPE_INTEGER)){ /* serial */
|
|
| 1007 |
+ cli_dbgmsg("asn1_parse_mscat: expected ASN1_TYPE_INTEGER serial\n");
|
|
| 970 | 1008 |
break; |
| 971 |
- if(map_sha1(map, deep.content, deep.size, serial)) |
|
| 1009 |
+ } |
|
| 1010 |
+ |
|
| 1011 |
+ /* Make sure the serial INTEGER is mapped into memory and compute the |
|
| 1012 |
+ * SHA1 of it so we can use this value in verification later on. */ |
|
| 1013 |
+ if(map_sha1(map, deep.content, deep.size, serial)){
|
|
| 1014 |
+ cli_dbgmsg("asn1_parse_mscat: error in call to map_sha1 for serial\n");
|
|
| 972 | 1015 |
break; |
| 1016 |
+ } |
|
| 973 | 1017 |
if(dsize) {
|
| 974 | 1018 |
cli_dbgmsg("asn1_parse_mscat: extra data inside issuerAndSerialNumber\n");
|
| 975 | 1019 |
break; |
| 976 | 1020 |
} |
| 977 |
- if(asn1_expect_algo(map, &asn1.next, &size, lenof(OID_sha1), OID_sha1)) /* digestAlgorithm == sha1 */ |
|
| 1021 |
+ if(asn1_expect_algo(map, &asn1.next, &size, lenof(OID_sha1), OID_sha1)){ /* digestAlgorithm == sha1 */
|
|
| 1022 |
+ cli_dbgmsg("asn1_parse_mscat: expected digestAlgorithm == sha1\n");
|
|
| 978 | 1023 |
break; |
| 1024 |
+ } |
|
| 979 | 1025 |
|
| 980 | 1026 |
attrs = asn1.next; |
| 981 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa0)) /* authenticatedAttributes */ |
|
| 1027 |
+ if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa0)){ /* authenticatedAttributes */
|
|
| 1028 |
+ cli_dbgmsg("asn1_parse_mscat: unable to parse authenticatedAttributes section\n");
|
|
| 982 | 1029 |
break; |
| 1030 |
+ } |
|
| 983 | 1031 |
attrs_size = (uint8_t *)(asn1.next) - attrs; |
| 984 | 1032 |
if(attrs_size < 2) {
|
| 985 | 1033 |
cli_dbgmsg("asn1_parse_mscat: authenticatedAttributes size is too small\n");
|
| ... | ... |
@@ -993,10 +1093,12 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 993 | 993 |
struct cli_asn1 cobj; |
| 994 | 994 |
int content; |
| 995 | 995 |
if(asn1_expect_objtype(map, deep.next, &dsize, &deep, ASN1_TYPE_SEQUENCE)) { /* attribute */
|
| 996 |
+ cli_dbgmsg("asn1_parse_mscat: expected attribute SEQUENCE\n");
|
|
| 996 | 997 |
dsize = 1; |
| 997 | 998 |
break; |
| 998 | 999 |
} |
| 999 | 1000 |
if(asn1_expect_objtype(map, deep.content, &deep.size, &deeper, ASN1_TYPE_OBJECT_ID)) { /* attribute type */
|
| 1001 |
+ cli_dbgmsg("asn1_parse_mscat: expected attribute type inside attribute SEQUENCE\n");
|
|
| 1000 | 1002 |
dsize = 1; |
| 1001 | 1003 |
break; |
| 1002 | 1004 |
} |
| ... | ... |
@@ -1014,6 +1116,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1014 | 1014 |
else |
| 1015 | 1015 |
continue; |
| 1016 | 1016 |
if(asn1_expect_objtype(map, deeper.next, &deep.size, &deeper, ASN1_TYPE_SET)) { /* set - contents */
|
| 1017 |
+ cli_dbgmsg("asn1_parse_mscat: expected 'set - contents' for authenticated attribute\n");
|
|
| 1017 | 1018 |
dsize = 1; |
| 1018 | 1019 |
break; |
| 1019 | 1020 |
} |
| ... | ... |
@@ -1034,12 +1137,14 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1034 | 1034 |
(!embedded && asn1_expect_obj(map, &deeper.content, &deeper.size, ASN1_TYPE_OBJECT_ID, lenof(OID_szOID_CTL), OID_szOID_CTL)) || /* cat file */ |
| 1035 | 1035 |
(embedded && asn1_expect_obj(map, &deeper.content, &deeper.size, ASN1_TYPE_OBJECT_ID, lenof(OID_SPC_INDIRECT_DATA_OBJID), OID_SPC_INDIRECT_DATA_OBJID)) /* embedded cat */ |
| 1036 | 1036 |
) {
|
| 1037 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected ContentType for embedded mode %d (for authenticated attribute)\n", embedded);
|
|
| 1037 | 1038 |
dsize = 1; |
| 1038 | 1039 |
break; |
| 1039 | 1040 |
} |
| 1040 | 1041 |
result |= 1; |
| 1041 | 1042 |
} else { /* messageDigest */
|
| 1042 | 1043 |
if(asn1_expect_objtype(map, deeper.content, &deeper.size, &cobj, ASN1_TYPE_OCTET_STRING)) {
|
| 1044 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected messageDigest value\n");
|
|
| 1043 | 1045 |
dsize = 1; |
| 1044 | 1046 |
break; |
| 1045 | 1047 |
} |
| ... | ... |
@@ -1069,17 +1174,26 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1069 | 1069 |
break; |
| 1070 | 1070 |
} |
| 1071 | 1071 |
|
| 1072 |
- if(asn1_expect_algo(map, &asn1.next, &size, lenof(OID_rsaEncryption), OID_rsaEncryption)) /* digestEncryptionAlgorithm == sha1 */ |
|
| 1072 |
+ if(asn1_expect_algo(map, &asn1.next, &size, lenof(OID_rsaEncryption), OID_rsaEncryption)) { /* digestEncryptionAlgorithm == rsa */
|
|
| 1073 |
+ cli_dbgmsg("asn1_parse_mscat: digestEncryptionAlgorithms other than RSA are not yet supported\n");
|
|
| 1073 | 1074 |
break; |
| 1075 |
+ } |
|
| 1074 | 1076 |
|
| 1075 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_OCTET_STRING)) /* encryptedDigest */ |
|
| 1077 |
+ if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_OCTET_STRING)) { /* encryptedDigest */
|
|
| 1078 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected encryptedDigest value\n");
|
|
| 1076 | 1079 |
break; |
| 1080 |
+ } |
|
| 1081 |
+ |
|
| 1082 |
+ // TODO Is this much space needed? why not just 256 |
|
| 1077 | 1083 |
if(asn1.size > 513) {
|
| 1078 | 1084 |
cli_dbgmsg("asn1_parse_mscat: encryptedDigest too long\n");
|
| 1079 | 1085 |
break; |
| 1080 | 1086 |
} |
| 1081 |
- if(map_sha1(map, *hashes, *hashes_size, sha1)) |
|
| 1087 |
+ |
|
| 1088 |
+ if(map_sha1(map, *hashes, *hashes_size, sha1)) {
|
|
| 1089 |
+ cli_dbgmsg("asn1_parse_mscat: error in call to map_sha1 for extracting the message digest\n");
|
|
| 1082 | 1090 |
break; |
| 1091 |
+ } |
|
| 1083 | 1092 |
if(memcmp(sha1, md, sizeof(sha1))) {
|
| 1084 | 1093 |
cli_dbgmsg("asn1_parse_mscat: messageDigest mismatch\n");
|
| 1085 | 1094 |
break; |
| ... | ... |
@@ -1102,6 +1216,8 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1102 | 1102 |
cli_dbgmsg("asn1_parse_mscat: failed to read encryptedDigest\n");
|
| 1103 | 1103 |
break; |
| 1104 | 1104 |
} |
| 1105 |
+ |
|
| 1106 |
+ // Verify the authenticatedAttributes |
|
| 1105 | 1107 |
if(!(x509 = crtmgr_verify_pkcs7(cmgr, issuer, serial, asn1.content, asn1.size, CLI_SHA1RSA, sha1, VRFY_CODE))) {
|
| 1106 | 1108 |
cli_dbgmsg("asn1_parse_mscat: pkcs7 signature verification failed\n");
|
| 1107 | 1109 |
break; |
| ... | ... |
@@ -1114,8 +1230,10 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1114 | 1114 |
break; |
| 1115 | 1115 |
} |
| 1116 | 1116 |
|
| 1117 |
- if(size && asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa1)) /* unauthenticatedAttributes */ |
|
| 1117 |
+ if(size && asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa1)) { /* unauthenticatedAttributes */
|
|
| 1118 |
+ cli_dbgmsg("asn1_parse_mscat: unable to find unauthenticatedAttributes section\n");
|
|
| 1118 | 1119 |
break; |
| 1120 |
+ } |
|
| 1119 | 1121 |
|
| 1120 | 1122 |
if(size) {
|
| 1121 | 1123 |
cli_dbgmsg("asn1_parse_mscat: extra data inside signerInfo\n");
|
| ... | ... |
@@ -1123,8 +1241,10 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1123 | 1123 |
} |
| 1124 | 1124 |
|
| 1125 | 1125 |
size = asn1.size; |
| 1126 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) |
|
| 1126 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) {
|
|
| 1127 |
+ cli_dbgmsg("asn1_parse_mscat: expected SEQUENCE in unauthenticated data section\n");
|
|
| 1127 | 1128 |
break; |
| 1129 |
+ } |
|
| 1128 | 1130 |
if(size) {
|
| 1129 | 1131 |
cli_dbgmsg("asn1_parse_mscat: extra data inside unauthenticatedAttributes\n");
|
| 1130 | 1132 |
break; |
| ... | ... |
@@ -1132,51 +1252,80 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1132 | 1132 |
|
| 1133 | 1133 |
size = asn1.size; |
| 1134 | 1134 |
/* 1.2.840.113549.1.9.6 - counterSignature */ |
| 1135 |
- if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_OBJECT_ID, lenof(OID_countersignature), OID_countersignature)) |
|
| 1135 |
+ if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_OBJECT_ID, lenof(OID_countersignature), OID_countersignature)) {
|
|
| 1136 |
+ cli_dbgmsg("asn1_parse_mscat: expected countersignature OID in the first unauthenticatedAttributes SEQUENCE\n");
|
|
| 1136 | 1137 |
break; |
| 1137 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SET)) |
|
| 1138 |
+ } |
|
| 1139 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SET)) {
|
|
| 1140 |
+ cli_dbgmsg("asn1_parse_mscat: expected SET following counterSignature OID\n");
|
|
| 1138 | 1141 |
break; |
| 1142 |
+ } |
|
| 1139 | 1143 |
if(size) {
|
| 1140 |
- cli_dbgmsg("asn1_parse_mscat: extra data inside counterSignature\n");
|
|
| 1144 |
+ cli_dbgmsg("asn1_parse_mscat: extra data inside counterSignature SEQUENCE\n");
|
|
| 1141 | 1145 |
break; |
| 1142 | 1146 |
} |
| 1143 | 1147 |
|
| 1144 | 1148 |
size = asn1.size; |
| 1145 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) |
|
| 1149 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) {
|
|
| 1150 |
+ cli_dbgmsg("asn1_parse_mscat: expected SEQUENCE inside counterSignature SET\n");
|
|
| 1146 | 1151 |
break; |
| 1152 |
+ } |
|
| 1147 | 1153 |
if(size) {
|
| 1148 |
- cli_dbgmsg("asn1_parse_mscat: extra data inside unauthenticatedAttributes\n");
|
|
| 1154 |
+ cli_dbgmsg("asn1_parse_mscat: extra data inside counterSignature SET\n");
|
|
| 1149 | 1155 |
break; |
| 1150 | 1156 |
} |
| 1151 | 1157 |
|
| 1152 | 1158 |
size = asn1.size; |
| 1153 |
- if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_INTEGER, 1, "\x01")) /* Version = 1*/ |
|
| 1159 |
+ if(asn1_expect_obj(map, &asn1.content, &size, ASN1_TYPE_INTEGER, 1, "\x01")) { /* Version = 1*/
|
|
| 1160 |
+ cli_dbgmsg("asn1_parse_mscat: expected counterSignature version to be 1\n");
|
|
| 1154 | 1161 |
break; |
| 1162 |
+ } |
|
| 1155 | 1163 |
|
| 1156 |
- if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) /* issuerAndSerialNumber */ |
|
| 1164 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, ASN1_TYPE_SEQUENCE)) { /* issuerAndSerialNumber */
|
|
| 1165 |
+ cli_dbgmsg("asn1_parse_mscat: unable to parse issuerAndSerialNumber SEQUENCE in counterSignature\n");
|
|
| 1157 | 1166 |
break; |
| 1167 |
+ } |
|
| 1158 | 1168 |
|
| 1159 |
- if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, ASN1_TYPE_SEQUENCE)) /* issuer */ |
|
| 1169 |
+ if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, ASN1_TYPE_SEQUENCE)) { /* issuer */
|
|
| 1170 |
+ cli_dbgmsg("asn1_parse_mscat: unable to parse issuer SEQUENCE in counterSignature\n");
|
|
| 1160 | 1171 |
break; |
| 1161 |
- if(map_sha1(map, deep.content, deep.size, issuer)) |
|
| 1172 |
+ } |
|
| 1173 |
+ // Compute the hash of the issuer section |
|
| 1174 |
+ if(map_sha1(map, deep.content, deep.size, issuer)) {
|
|
| 1175 |
+ cli_dbgmsg("asn1_parse_mscat: error in call to map_sha1 for counterSignature issuer\n");
|
|
| 1162 | 1176 |
break; |
| 1177 |
+ } |
|
| 1163 | 1178 |
|
| 1164 |
- if(asn1_expect_objtype(map, deep.next, &asn1.size, &deep, ASN1_TYPE_INTEGER)) /* serial */ |
|
| 1179 |
+ // TODO This seems like a bug, but it might have no effect. asn1.size |
|
| 1180 |
+ // is too big, asn1.content points to the issuer sequence and not the |
|
| 1181 |
+ // integer object. Should we use asn1.size - deep.size |
|
| 1182 |
+ if(asn1_expect_objtype(map, deep.next, &asn1.size, &deep, ASN1_TYPE_INTEGER)) { /* serial */
|
|
| 1183 |
+ cli_dbgmsg("asn1_parse_mscat: expected ASN1_TYPE_INTEGER serial for counterSignature\n");
|
|
| 1165 | 1184 |
break; |
| 1166 |
- if(map_sha1(map, deep.content, deep.size, serial)) |
|
| 1185 |
+ } |
|
| 1186 |
+ |
|
| 1187 |
+ // Compute the hash of the serial INTEGER |
|
| 1188 |
+ if(map_sha1(map, deep.content, deep.size, serial)) {
|
|
| 1189 |
+ cli_dbgmsg("asn1_parse_mscat: error in call to map_sha1 for counterSignature serial\n");
|
|
| 1167 | 1190 |
break; |
| 1191 |
+ } |
|
| 1168 | 1192 |
|
| 1169 | 1193 |
if(asn1.size) {
|
| 1170 |
- cli_dbgmsg("asn1_parse_mscat: extra data inside countersignature issuer\n");
|
|
| 1194 |
+ cli_dbgmsg("asn1_parse_mscat: extra data inside counterSignature issuer\n");
|
|
| 1171 | 1195 |
break; |
| 1172 | 1196 |
} |
| 1173 | 1197 |
|
| 1174 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_SEQUENCE)) /* digestAlgorithm */ |
|
| 1198 |
+ // TODO This is the way to replace asn1_expect_algo above |
|
| 1199 |
+ if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_SEQUENCE)) { /* digestAlgorithm */
|
|
| 1200 |
+ cli_dbgmsg("asn1_parse_mscat: expected SEQUENCE to start digestAlgorithm counterSignature section\n");
|
|
| 1175 | 1201 |
break; |
| 1176 |
- if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, ASN1_TYPE_OBJECT_ID)) |
|
| 1202 |
+ } |
|
| 1203 |
+ if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, ASN1_TYPE_OBJECT_ID)) {
|
|
| 1204 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected value when parsing counterSignature\n");
|
|
| 1177 | 1205 |
break; |
| 1206 |
+ } |
|
| 1178 | 1207 |
if(deep.size != lenof(OID_sha1) && deep.size != lenof(OID_md5)) {
|
| 1179 |
- cli_dbgmsg("asn1_parse_mscat: wrong digestAlgorithm size\n");
|
|
| 1208 |
+ cli_dbgmsg("asn1_parse_mscat: wrong digestAlgorithm size in counterSignature\n");
|
|
| 1180 | 1209 |
break; |
| 1181 | 1210 |
} |
| 1182 | 1211 |
if(!fmap_need_ptr_once(map, deep.content, deep.size)) {
|
| ... | ... |
@@ -1185,29 +1334,39 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1185 | 1185 |
} |
| 1186 | 1186 |
if(deep.size == lenof(OID_sha1) && !memcmp(deep.content, OID_sha1, lenof(OID_sha1))) {
|
| 1187 | 1187 |
hashtype = CLI_SHA1RSA; |
| 1188 |
- if(map_sha1(map, message, message_size, md)) |
|
| 1188 |
+ hashsize = SHA1_HASH_SIZE; |
|
| 1189 |
+ if(map_sha1(map, message, message_size, md)) {
|
|
| 1190 |
+ cli_dbgmsg("asn1_parse_mscat: map_sha1 for counterSignature verification failed\n");
|
|
| 1189 | 1191 |
break; |
| 1192 |
+ } |
|
| 1190 | 1193 |
} else if(deep.size == lenof(OID_md5) && !memcmp(deep.content, OID_md5, lenof(OID_md5))) {
|
| 1191 | 1194 |
hashtype = CLI_MD5RSA; |
| 1192 |
- if(map_md5(map, message, message_size, md)) |
|
| 1195 |
+ hashsize = MD5_HASH_SIZE; |
|
| 1196 |
+ if(map_md5(map, message, message_size, md)) {
|
|
| 1197 |
+ cli_dbgmsg("asn1_parse_mscat: map_md5 for counterSignature verification failed\n");
|
|
| 1193 | 1198 |
break; |
| 1199 |
+ } |
|
| 1194 | 1200 |
} else {
|
| 1195 |
- cli_dbgmsg("asn1_parse_mscat: unknown digest oid in countersignature\n");
|
|
| 1201 |
+ cli_dbgmsg("asn1_parse_mscat: unknown digest OID in counterSignature\n");
|
|
| 1196 | 1202 |
break; |
| 1197 | 1203 |
} |
| 1198 |
- if(asn1.size && asn1_expect_obj(map, &deep.next, &asn1.size, ASN1_TYPE_NULL, 0, NULL)) |
|
| 1204 |
+ if(asn1.size && asn1_expect_obj(map, &deep.next, &asn1.size, ASN1_TYPE_NULL, 0, NULL)) {
|
|
| 1205 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected value after counterSignature digestAlgorithm\n");
|
|
| 1199 | 1206 |
break; |
| 1207 |
+ } |
|
| 1200 | 1208 |
if(asn1.size) {
|
| 1201 |
- cli_dbgmsg("asn1_parse_mscat: extra data in countersignature oid\n");
|
|
| 1209 |
+ cli_dbgmsg("asn1_parse_mscat: extra data in counterSignature OID\n");
|
|
| 1202 | 1210 |
break; |
| 1203 | 1211 |
} |
| 1204 | 1212 |
|
| 1205 | 1213 |
attrs = asn1.next; |
| 1206 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa0)) /* authenticatedAttributes */ |
|
| 1214 |
+ if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa0)) { /* authenticatedAttributes */
|
|
| 1215 |
+ cli_dbgmsg("asn1_parse_mscat: unable to parse counterSignature authenticatedAttributes section\n");
|
|
| 1207 | 1216 |
break; |
| 1217 |
+ } |
|
| 1208 | 1218 |
attrs_size = (uint8_t *)(asn1.next) - attrs; |
| 1209 | 1219 |
if(attrs_size < 2) {
|
| 1210 |
- cli_dbgmsg("asn1_parse_mscat: countersignature authenticatedAttributes are too small\n");
|
|
| 1220 |
+ cli_dbgmsg("asn1_parse_mscat: counterSignature authenticatedAttributes are too small\n");
|
|
| 1211 | 1221 |
break; |
| 1212 | 1222 |
} |
| 1213 | 1223 |
result = 0; |
| ... | ... |
@@ -1216,10 +1375,12 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1216 | 1216 |
while(dsize) {
|
| 1217 | 1217 |
int content; |
| 1218 | 1218 |
if(asn1_expect_objtype(map, deep.next, &dsize, &deep, ASN1_TYPE_SEQUENCE)) { /* attribute */
|
| 1219 |
+ cli_dbgmsg("asn1_parse_mscat: expected counterSignature attribute SEQUENCE\n");
|
|
| 1219 | 1220 |
dsize = 1; |
| 1220 | 1221 |
break; |
| 1221 | 1222 |
} |
| 1222 | 1223 |
if(asn1_expect_objtype(map, deep.content, &deep.size, &deeper, ASN1_TYPE_OBJECT_ID)) { /* attribute type */
|
| 1224 |
+ cli_dbgmsg("asn1_parse_mscat: expected attribute type inside counterSignature attribute SEQUENCE\n");
|
|
| 1223 | 1225 |
dsize = 1; |
| 1224 | 1226 |
break; |
| 1225 | 1227 |
} |
| ... | ... |
@@ -1227,6 +1388,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1227 | 1227 |
continue; |
| 1228 | 1228 |
|
| 1229 | 1229 |
if(!fmap_need_ptr_once(map, deeper.content, lenof(OID_contentType))) {
|
| 1230 |
+ cli_dbgmsg("asn1_parse_mscat: failed to read counterSignature authenticated attribute\n");
|
|
| 1230 | 1231 |
dsize = 1; |
| 1231 | 1232 |
break; |
| 1232 | 1233 |
} |
| ... | ... |
@@ -1244,7 +1406,8 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1244 | 1244 |
break; |
| 1245 | 1245 |
} |
| 1246 | 1246 |
result |= (1<<content); |
| 1247 |
- if(asn1_expect_objtype(map, deeper.next, &deep.size, &deeper, ASN1_TYPE_SET)) { /* attribute type */
|
|
| 1247 |
+ if(asn1_expect_objtype(map, deeper.next, &deep.size, &deeper, ASN1_TYPE_SET)) { /* set - contents */
|
|
| 1248 |
+ cli_dbgmsg("asn1_parse_mscat: failed to read counterSignature authenticated attribute\n");
|
|
| 1248 | 1249 |
dsize = 1; |
| 1249 | 1250 |
break; |
| 1250 | 1251 |
} |
| ... | ... |
@@ -1262,7 +1425,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1262 | 1262 |
cli_dbgmsg("asn1_parse_mscat: extra data in countersignature content-type\n");
|
| 1263 | 1263 |
break; |
| 1264 | 1264 |
case 1: /* messageDigest */ |
| 1265 |
- if(asn1_expect_obj(map, &deeper.content, &deep.size, ASN1_TYPE_OCTET_STRING, (hashtype == CLI_SHA1RSA) ? SHA1_HASH_SIZE : 16, md)) {
|
|
| 1265 |
+ if(asn1_expect_obj(map, &deeper.content, &deep.size, ASN1_TYPE_OCTET_STRING, hashsize, md)) {
|
|
| 1266 | 1266 |
deep.size = 1; |
| 1267 | 1267 |
cli_dbgmsg("asn1_parse_mscat: countersignature hash mismatch\n");
|
| 1268 | 1268 |
} else if(deep.size) |
| ... | ... |
@@ -1294,10 +1457,14 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1294 | 1294 |
break; |
| 1295 | 1295 |
} |
| 1296 | 1296 |
|
| 1297 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_SEQUENCE)) /* digestEncryptionAlgorithm == sha1 */ |
|
| 1297 |
+ if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_SEQUENCE)) { /* digestEncryptionAlgorithm == sha1 */
|
|
| 1298 |
+ cli_dbgmsg("asn1_parse_mscat: expected to parse SEQUENCE after counterSignature attributes\n");
|
|
| 1298 | 1299 |
break; |
| 1299 |
- if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, ASN1_TYPE_OBJECT_ID)) /* digestEncryptionAlgorithm == sha1 */ |
|
| 1300 |
+ } |
|
| 1301 |
+ if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, ASN1_TYPE_OBJECT_ID)) {/* digestEncryptionAlgorithm == sha1 */
|
|
| 1302 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected value when parsing counterSignature digestEncryptionAlgorithm\n");
|
|
| 1300 | 1303 |
break; |
| 1304 |
+ } |
|
| 1301 | 1305 |
if(deep.size != lenof(OID_rsaEncryption)) { /* lenof(OID_rsaEncryption) = lenof(OID_sha1WithRSAEncryption) = 9 */
|
| 1302 | 1306 |
cli_dbgmsg("asn1_parse_mscat: wrong digestEncryptionAlgorithm size in countersignature\n");
|
| 1303 | 1307 |
break; |
| ... | ... |
@@ -1311,15 +1478,19 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1311 | 1311 |
cli_dbgmsg("asn1_parse_mscat: digestEncryptionAlgorithm in countersignature is not sha1\n");
|
| 1312 | 1312 |
break; |
| 1313 | 1313 |
} |
| 1314 |
- if(asn1.size && asn1_expect_obj(map, &deep.next, &asn1.size, ASN1_TYPE_NULL, 0, NULL)) |
|
| 1314 |
+ if(asn1.size && asn1_expect_obj(map, &deep.next, &asn1.size, ASN1_TYPE_NULL, 0, NULL)) {
|
|
| 1315 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected value after counterSignature digestEncryptionAlgorithm\n");
|
|
| 1315 | 1316 |
break; |
| 1317 |
+ } |
|
| 1316 | 1318 |
if(asn1.size) {
|
| 1317 | 1319 |
cli_dbgmsg("asn1_parse_mscat: extra data in digestEncryptionAlgorithm in countersignature\n");
|
| 1318 | 1320 |
break; |
| 1319 | 1321 |
} |
| 1320 | 1322 |
|
| 1321 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_OCTET_STRING)) /* encryptedDigest */ |
|
| 1323 |
+ if(asn1_expect_objtype(map, asn1.next, &size, &asn1, ASN1_TYPE_OCTET_STRING)) { /* encryptedDigest */
|
|
| 1324 |
+ cli_dbgmsg("asn1_parse_mscat: unexpected encryptedDigest value in counterSignature\n");
|
|
| 1322 | 1325 |
break; |
| 1326 |
+ } |
|
| 1323 | 1327 |
if(asn1.size > 513) {
|
| 1324 | 1328 |
cli_dbgmsg("asn1_parse_mscat: countersignature encryptedDigest too long\n");
|
| 1325 | 1329 |
break; |
| ... | ... |
@@ -1335,22 +1506,17 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1335 | 1335 |
|
| 1336 | 1336 |
if(hashtype == CLI_SHA1RSA) {
|
| 1337 | 1337 |
ctx = cl_hash_init("sha1");
|
| 1338 |
- if (!(ctx)) |
|
| 1339 |
- break; |
|
| 1340 |
- |
|
| 1341 |
- cl_update_hash(ctx, "\x31", 1); |
|
| 1342 |
- cl_update_hash(ctx, (void *)(attrs + 1), attrs_size - 1); |
|
| 1343 |
- cl_finish_hash(ctx, sha1); |
|
| 1344 |
- } else {
|
|
| 1338 |
+ } else if (hashtype == CLI_MD5RSA) {
|
|
| 1345 | 1339 |
ctx = cl_hash_init("md5");
|
| 1346 |
- if (!(ctx)) |
|
| 1347 |
- break; |
|
| 1348 |
- |
|
| 1349 |
- cl_update_hash(ctx, "\x31", 1); |
|
| 1350 |
- cl_update_hash(ctx, (void *)(attrs + 1), attrs_size - 1); |
|
| 1351 |
- cl_finish_hash(ctx, sha1); |
|
| 1352 | 1340 |
} |
| 1353 | 1341 |
|
| 1342 |
+ if (!(ctx)) |
|
| 1343 |
+ break; |
|
| 1344 |
+ |
|
| 1345 |
+ cl_update_hash(ctx, "\x31", 1); |
|
| 1346 |
+ cl_update_hash(ctx, (void *)(attrs + 1), attrs_size - 1); |
|
| 1347 |
+ cl_finish_hash(ctx, sha1); |
|
| 1348 |
+ |
|
| 1354 | 1349 |
if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) {
|
| 1355 | 1350 |
cli_dbgmsg("asn1_parse_mscat: failed to read countersignature encryptedDigest\n");
|
| 1356 | 1351 |
break; |
| ... | ... |
@@ -1361,6 +1527,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
| 1361 | 1361 |
} |
| 1362 | 1362 |
|
| 1363 | 1363 |
cli_dbgmsg("asn1_parse_mscat: catalog successfully parsed\n");
|
| 1364 |
+ |
|
| 1364 | 1365 |
if (isBlacklisted) {
|
| 1365 | 1366 |
return 1; |
| 1366 | 1367 |
} |
| ... | ... |
@@ -575,6 +575,7 @@ extern void cl_fmap_close(cl_fmap_t*); |
| 575 | 575 |
extern int cl_scanmap_callback(cl_fmap_t *map, const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, struct cl_scan_options *scanoptions, void *context); |
| 576 | 576 |
|
| 577 | 577 |
/* Crypto/hashing functions */ |
| 578 |
+#define MD5_HASH_SIZE 16 |
|
| 578 | 579 |
#define SHA1_HASH_SIZE 20 |
| 579 | 580 |
#define SHA256_HASH_SIZE 32 |
| 580 | 581 |
|