#include <freerdp/config.h>#include <errno.h>#include <stdio.h>#include <string.h>#include <winpr/assert.h>#include <winpr/wtypes.h>#include <winpr/crt.h>#include <winpr/file.h>#include <winpr/crypto.h>#include <openssl/pem.h>#include <openssl/rsa.h>#include "certificate.h"#include "../crypto/crypto.h"#include "../crypto/opensslcompat.h"Macros | |
| #define | TAG "com.freerdp.core" |
| #define | TSSK_KEY_LENGTH 64 |
Functions | |
| static void | certificate_free_int (rdpCertificate *certificate) |
| static BOOL | cert_clone_int (rdpCertificate *dst, const rdpCertificate *src) |
| static BOOL | cert_info_create (rdpCertInfo *dst, const BIGNUM *rsa, const BIGNUM *rsa_e) |
| static BOOL | cert_info_allocate (rdpCertInfo *info, size_t size) |
| static void | cert_info_free (rdpCertInfo *info) |
| static BOOL | cert_info_read_modulus (rdpCertInfo *info, size_t size, wStream *s) |
| static BOOL | cert_info_read_exponent (rdpCertInfo *info, size_t size, wStream *s) |
| static BOOL | cert_blob_copy (rdpCertBlob *dst, const rdpCertBlob *src) |
| static void | cert_blob_free (rdpCertBlob *blob) |
| static BOOL | cert_blob_write (const rdpCertBlob *blob, wStream *s) |
| static BOOL | cert_blob_read (rdpCertBlob *blob, wStream *s) |
| static BOOL | certificate_read_x509_certificate (rdpCertBlob *cert, rdpCertInfo *info) |
| static rdpX509CertChain | certificate_new_x509_certificate_chain (UINT32 count) |
| static void | certificate_free_x509_certificate_chain (rdpX509CertChain *x509_cert_chain) |
| static BOOL | certificate_process_server_public_key (rdpCertificate *certificate, wStream *s, UINT32 length) |
| static BOOL | certificate_process_server_public_signature (rdpCertificate *certificate, const BYTE *sigdata, size_t sigdatalen, wStream *s, UINT32 siglen) |
| static BOOL | certificate_read_server_proprietary_certificate (rdpCertificate *certificate, wStream *s) |
| static BOOL | cert_write_rsa_public_key (wStream *s, const rdpCertificate *cert) |
| static BOOL | cert_write_rsa_signature (wStream *s, const void *sigData, size_t sigDataLen) |
| static BOOL | cert_write_server_certificate_v1 (wStream *s, const rdpCertificate *certificate) |
| static BOOL | cert_write_server_certificate_v2 (wStream *s, const rdpCertificate *certificate) |
| SSIZE_T | certificate_write_server_certificate (const rdpCertificate *certificate, UINT32 dwVersion, wStream *s) |
| static BOOL | certificate_read_server_x509_certificate_chain (rdpCertificate *certificate, wStream *s) |
| static BOOL | certificate_write_server_x509_certificate_chain (const rdpCertificate *certificate, wStream *s) |
| BOOL | certificate_read_server_certificate (rdpCertificate *certificate, const BYTE *server_cert, size_t length) |
| static BOOL | read_bignum (BYTE **dst, UINT32 *length, const BIGNUM *num, BOOL alloc) |
| static BIO * | bio_from_pem (const char *pem) |
| static RSA * | rsa_from_private_pem (const char *pem) |
| static RSA * | rsa_from_public_pem (const char *pem) |
| static BOOL | key_read_private (rdpRsaKey *key, const char *pem, const char *keyfile) |
| static X509 * | x509_from_pem (const char *pem) |
| static BOOL | cert_read_public (rdpCertificate *cert, const char *pem, const char *keyfile) |
| rdpRsaKey * | key_new_from_content (const char *keycontent, const char *keyfile) |
| rdpRsaKey * | key_new (const char *keyfile) |
| rdpRsaKey * | key_clone (const rdpRsaKey *key) |
| void | key_free (rdpRsaKey *key) |
| static BOOL | cert_info_clone (rdpCertInfo *dst, const rdpCertInfo *src) |
| static BOOL | cert_x509_chain_copy (rdpX509CertChain *cert, const rdpX509CertChain *src) |
| rdpCertificate * | certificate_clone (const rdpCertificate *certificate) |
| rdpCertificate * | certificate_new (void) |
| void | certificate_free (rdpCertificate *certificate) |
| rdpCertificate * | certificate_new_from_file (const char *file) |
| rdpCertificate * | certificate_new_from_pem (const char *pem) |
Variables | |
| static const char | rsa_magic [4] = "RSA1" |
| static const char * | certificate_read_errors [] |
| static const BYTE | initial_signature [] |
| static BYTE | tssk_modulus [] |
| static BYTE | tssk_privateExponent [] |
| static const rdpRsaKey | tssk |
Macro Definition Documentation
◆ TAG
| #define TAG "com.freerdp.core" |
FreeRDP: A Remote Desktop Protocol Implementation Certificate Handling
Copyright 2011 Jiten Pathy Copyright 2011 Marc-Andre Moreau marcandre.moreau@gmail.com Copyright 2015 Thincast Technologies GmbH Copyright 2015 DI (FH) Martin Haimberger martin.haimberger@thincast.com
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
◆ TSSK_KEY_LENGTH
| #define TSSK_KEY_LENGTH 64 |
Function Documentation
◆ bio_from_pem()
|
static |
Here is the caller graph for this function:
◆ cert_blob_copy()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_blob_free()
|
static |
Here is the caller graph for this function:
◆ cert_blob_read()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_blob_write()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_clone_int()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_info_allocate()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_info_clone()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_info_create()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_info_free()
|
static |
Here is the caller graph for this function:
◆ cert_info_read_exponent()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_info_read_modulus()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_read_public()
|
static |
Here is the call graph for this function:
◆ cert_write_rsa_public_key()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_write_rsa_signature()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_write_server_certificate_v1()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_write_server_certificate_v2()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cert_x509_chain_copy()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_clone()
| rdpCertificate* certificate_clone | ( | const rdpCertificate * | certificate | ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_free()
| void certificate_free | ( | rdpCertificate * | certificate | ) |
Free certificate module.
- Parameters
-
certificate certificate module to be freed
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_free_int()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_free_x509_certificate_chain()
|
static |
Free X.509 Certificate Chain.
- Parameters
-
x509_cert_chain X.509 certificate chain to be freed
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_new()
| rdpCertificate* certificate_new | ( | void | ) |
Instantiate new certificate module.
- Returns
- new certificate module
Here is the caller graph for this function:
◆ certificate_new_from_file()
| rdpCertificate* certificate_new_from_file | ( | const char * | file | ) |
Here is the call graph for this function:
◆ certificate_new_from_pem()
| rdpCertificate* certificate_new_from_pem | ( | const char * | pem | ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_new_x509_certificate_chain()
|
static |
Instantiate new X.509 Certificate Chain.
- Parameters
-
count certificate chain count
- Returns
- new X.509 certificate chain
Here is the caller graph for this function:
◆ certificate_process_server_public_key()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_process_server_public_signature()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_read_server_certificate()
| BOOL certificate_read_server_certificate | ( | rdpCertificate * | certificate, |
| const BYTE * | server_cert, | ||
| size_t | length | ||
| ) |
Read a Server Certificate.
- Parameters
-
certificate certificate module server_cert server certificate length certificate length
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_read_server_proprietary_certificate()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_read_server_x509_certificate_chain()
|
static |
Read an X.509 Certificate Chain.
- Parameters
-
certificate certificate module s stream
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_read_x509_certificate()
|
static |
Read X.509 Certificate
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_write_server_certificate()
| SSIZE_T certificate_write_server_certificate | ( | const rdpCertificate * | certificate, |
| UINT32 | dwVersion, | ||
| wStream * | s | ||
| ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ certificate_write_server_x509_certificate_chain()
|
static |
Here is the call graph for this function:
◆ key_clone()
Here is the call graph for this function:
Here is the caller graph for this function:
◆ key_free()
| void key_free | ( | rdpRsaKey * | key | ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ key_new()
| rdpRsaKey* key_new | ( | const char * | keyfile | ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ key_new_from_content()
| rdpRsaKey* key_new_from_content | ( | const char * | keycontent, |
| const char * | keyfile | ||
| ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ key_read_private()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ read_bignum()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ rsa_from_private_pem()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ rsa_from_public_pem()
|
static |
Here is the call graph for this function:
◆ x509_from_pem()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
Variable Documentation
◆ certificate_read_errors
|
static |
Initial value:
= { "Certificate tag",
"TBSCertificate",
"Explicit Contextual Tag [0]",
"version",
"CertificateSerialNumber",
"AlgorithmIdentifier",
"Issuer Name",
"Validity",
"Subject Name",
"SubjectPublicKeyInfo Tag",
"subjectPublicKeyInfo::AlgorithmIdentifier",
"subjectPublicKeyInfo::subjectPublicKey",
"RSAPublicKey Tag",
"modulusLength",
"zero padding",
"modulusLength",
"modulus",
"publicExponent length",
"publicExponent" }
◆ initial_signature
|
static |
Initial value:
= {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01
}
◆ rsa_magic
|
static |
X.509 Certificate Structure
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT_STRING }
TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueId [2] IMPLICIT UniqueIdentifier OPTIONAL, extensions [3] EXPLICIT Extensions OPTIONAL }
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT_IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }
Name ::= CHOICE { RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue }
AttributeType ::= OBJECT_IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
Validity ::= SEQUENCE { notBefore Time, notAfter Time }
Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
UniqueIdentifier ::= BIT_STRING
SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT_STRING }
RSAPublicKey ::= SEQUENCE { modulus INTEGER publicExponent INTEGER }
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE { extnID OBJECT_IDENTIFIER critical BOOLEAN DEFAULT FALSE, extnValue OCTET_STRING }
◆ tssk
|
static |
Initial value:
= { .PrivateExponent = tssk_privateExponent,
.PrivateExponentLength = sizeof(tssk_privateExponent),
.cert = { .Modulus = tssk_modulus,
.ModulusLength = sizeof(tssk_modulus) } }
◆ tssk_modulus
|
static |
Initial value:
= { 0x3d, 0x3a, 0x5e, 0xbd, 0x72, 0x43, 0x3e, 0xc9, 0x4d, 0xbb, 0xc1,
0x1e, 0x4a, 0xba, 0x5f, 0xcb, 0x3e, 0x88, 0x20, 0x87, 0xef, 0xf5,
0xc1, 0xe2, 0xd7, 0xb7, 0x6b, 0x9a, 0xf2, 0x52, 0x45, 0x95, 0xce,
0x63, 0x65, 0x6b, 0x58, 0x3a, 0xfe, 0xef, 0x7c, 0xe7, 0xbf, 0xfe,
0x3d, 0xf6, 0x5c, 0x7d, 0x6c, 0x5e, 0x06, 0x09, 0x1a, 0xf5, 0x61,
0xbb, 0x20, 0x93, 0x09, 0x5f, 0x05, 0x6d, 0xea, 0x87 }
◆ tssk_privateExponent
|
static |
Initial value:
= {
0x87, 0xa7, 0x19, 0x32, 0xda, 0x11, 0x87, 0x55, 0x58, 0x00, 0x16, 0x16, 0x25, 0x65, 0x68, 0xf8,
0x24, 0x3e, 0xe6, 0xfa, 0xe9, 0x67, 0x49, 0x94, 0xcf, 0x92, 0xcc, 0x33, 0x99, 0xe8, 0x08, 0x60,
0x17, 0x9a, 0x12, 0x9f, 0x24, 0xdd, 0xb1, 0x24, 0x99, 0xc7, 0x3a, 0xb8, 0x0a, 0x7b, 0x0d, 0xdd,
0x35, 0x07, 0x79, 0x17, 0x0b, 0x51, 0x9b, 0xb3, 0xc7, 0x10, 0x01, 0x13, 0xe7, 0x3f, 0xf3, 0x5f
}
