1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include"x509_crl_entry_openssl.h"
17
18 #include "securec.h"
19
20 #include <openssl/x509.h>
21 #include <openssl/bio.h>
22
23 #include "config.h"
24 #include "hcf_string.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "openssl_common.h"
28 #include "utils.h"
29 #include "x509_crl.h"
30 #include "x509_crl_entry.h"
31 #include "x509_crl_openssl.h"
32
33 #define OPENSSL_ERROR_SERIAL_NUMBER (-1)
34
35 typedef struct {
36 HcfX509CrlEntry base;
37 X509_REVOKED *rev;
38 HcfBlob *certIssuer;
39 } HcfX509CRLEntryOpensslImpl;
40
GetClass(void)41 static const char *GetClass(void)
42 {
43 return "HcfX509CRLEntryOpensslImpl.HcfX509CrlEntry";
44 }
45
GetSelfRev(const HcfX509CrlEntry * self)46 static X509_REVOKED *GetSelfRev(const HcfX509CrlEntry *self)
47 {
48 if (!IsClassMatch((HcfObjectBase *)self, GetClass())) {
49 LOGE("Input wrong class type!");
50 return NULL;
51 }
52 return ((HcfX509CRLEntryOpensslImpl *)self)->rev;
53 }
54
GetEncoded(HcfX509CrlEntry * self,HcfEncodingBlob * encodedOut)55 static HcfResult GetEncoded(HcfX509CrlEntry *self, HcfEncodingBlob *encodedOut)
56 {
57 if ((self == NULL) || (encodedOut == NULL)) {
58 LOGE("Invalid Paramas for calling GetEncoded!");
59 return HCF_INVALID_PARAMS;
60 }
61 X509_REVOKED *rev = GetSelfRev(self);
62 if (rev == NULL) {
63 LOGE("Rev is null!");
64 return HCF_INVALID_PARAMS;
65 }
66 unsigned char *out = NULL;
67 int32_t length = i2d_X509_REVOKED(rev, &out);
68 if (length <= 0) {
69 LOGE("Do i2d_X509_REVOKED fail!");
70 HcfPrintOpensslError();
71 return HCF_ERR_CRYPTO_OPERATION;
72 }
73 encodedOut->data = (uint8_t *)HcfMalloc(length, 0);
74 if (encodedOut->data == NULL) {
75 LOGE("Failed to malloc for encodedOut!");
76 OPENSSL_free(out);
77 return HCF_ERR_MALLOC;
78 }
79 (void)memcpy_s(encodedOut->data, length, out, length);
80 encodedOut->len = length;
81 encodedOut->encodingFormat = HCF_FORMAT_DER;
82 OPENSSL_free(out);
83 return HCF_SUCCESS;
84 }
85
GetSerialNumber(HcfX509CrlEntry * self)86 static long GetSerialNumber(HcfX509CrlEntry *self)
87 {
88 if (self == NULL) {
89 LOGE("Invalid Paramas for calling GetSerialNumber!");
90 return OPENSSL_ERROR_SERIAL_NUMBER;
91 }
92 X509_REVOKED *rev = GetSelfRev(self);
93 if (rev == NULL) {
94 LOGE("Rev is null!");
95 return OPENSSL_ERROR_SERIAL_NUMBER;
96 }
97 const ASN1_INTEGER *serialNumber = X509_REVOKED_get0_serialNumber(rev);
98 if (serialNumber == NULL) {
99 LOGE("Get serial number fail!");
100 HcfPrintOpensslError();
101 return OPENSSL_ERROR_SERIAL_NUMBER;
102 }
103 return ASN1_INTEGER_get(serialNumber);
104 }
105
GetCertIssuer(HcfX509CrlEntry * self,HcfBlob * encodedOut)106 static HcfResult GetCertIssuer(HcfX509CrlEntry *self, HcfBlob *encodedOut)
107 {
108 if ((self == NULL) || (encodedOut == NULL)) {
109 LOGE("Invalid Paramas for calling GetCertIssuer!");
110 return HCF_INVALID_PARAMS;
111 }
112 if (!IsClassMatch((HcfObjectBase *)self, GetClass())) {
113 LOGE("Input wrong class type!");
114 return HCF_INVALID_PARAMS;
115 }
116 HcfBlob *certIssuer = ((HcfX509CRLEntryOpensslImpl *)self)->certIssuer;
117 if (!IsBlobValid(certIssuer)) {
118 LOGE("Get certIssuer fail! No certIssuer in CRL entry.");
119 return HCF_NOT_SUPPORT;
120 }
121 uint32_t length = certIssuer->len;
122 encodedOut->data = (uint8_t *)HcfMalloc(length, 0);
123 if (encodedOut->data == NULL) {
124 LOGE("Failed to malloc for encodedOut!");
125 return HCF_ERR_MALLOC;
126 }
127 (void)memcpy_s(encodedOut->data, length, certIssuer->data, length);
128 encodedOut->len = length;
129 return HCF_SUCCESS;
130 }
131
GetRevocationDate(HcfX509CrlEntry * self,HcfBlob * out)132 static HcfResult GetRevocationDate(HcfX509CrlEntry *self, HcfBlob *out)
133 {
134 if ((self == NULL) || (out == NULL)) {
135 LOGE("invalid Paramas for calling GetRevocationDate!");
136 return HCF_INVALID_PARAMS;
137 }
138 X509_REVOKED *rev = GetSelfRev(self);
139 if (rev == NULL) {
140 LOGE("Rev is null!");
141 return HCF_INVALID_PARAMS;
142 }
143 const ASN1_TIME *time = X509_REVOKED_get0_revocationDate(rev);
144 if (time == NULL) {
145 LOGE("Get revocation date fail!");
146 HcfPrintOpensslError();
147 return HCF_ERR_CRYPTO_OPERATION;
148 }
149 const char *revTime = (const char *)(time->data);
150 if ((revTime == NULL) || (strlen(revTime) > HCF_MAX_STR_LEN)) {
151 LOGE("Get revocation date from ASN1_TIME fail!");
152 return HCF_ERR_CRYPTO_OPERATION;
153 }
154 uint32_t length = strlen(revTime) + 1;
155 out->data = (uint8_t *)HcfMalloc(length, 0);
156 if (out->data == NULL) {
157 LOGE("Failed to malloc for revTime!");
158 return HCF_ERR_MALLOC;
159 }
160 (void)memcpy_s(out->data, length, revTime, length);
161 out->len = length;
162 return HCF_SUCCESS;
163 }
164
DeepCopyCertIssuer(HcfX509CRLEntryOpensslImpl * returnCRLEntry,HcfBlob * certIssuer)165 static HcfResult DeepCopyCertIssuer(HcfX509CRLEntryOpensslImpl *returnCRLEntry, HcfBlob *certIssuer)
166 {
167 returnCRLEntry->certIssuer = (HcfBlob *)HcfMalloc(sizeof(HcfBlob), 0);
168 if (returnCRLEntry->certIssuer == NULL) {
169 LOGE("Failed to malloc certIssuer!");
170 return HCF_ERR_MALLOC;
171 }
172 size_t len = certIssuer->len;
173 returnCRLEntry->certIssuer->len = len;
174 returnCRLEntry->certIssuer->data = (uint8_t *)HcfMalloc(len, 0);
175 if (returnCRLEntry->certIssuer->data == NULL) {
176 LOGE("Failed to malloc certIssuer data!");
177 return HCF_ERR_MALLOC;
178 }
179 (void)memcpy_s(returnCRLEntry->certIssuer->data, len, certIssuer->data, len);
180 return HCF_SUCCESS;
181 }
182
Destroy(HcfObjectBase * self)183 static void Destroy(HcfObjectBase *self)
184 {
185 if (self == NULL) {
186 LOGE("Invalid Paramas!");
187 return;
188 }
189 if (!IsClassMatch((HcfObjectBase *)self, GetClass())) {
190 LOGE("Input wrong class type!");
191 return;
192 }
193 HcfX509CRLEntryOpensslImpl *realCrlEntry = (HcfX509CRLEntryOpensslImpl *)self;
194 if (realCrlEntry->rev != NULL) {
195 X509_REVOKED_free(realCrlEntry->rev);
196 realCrlEntry->rev = NULL;
197 }
198 if (realCrlEntry->certIssuer != NULL) {
199 HcfFree(realCrlEntry->certIssuer->data);
200 realCrlEntry->certIssuer->data = NULL;
201 HcfFree(realCrlEntry->certIssuer);
202 realCrlEntry->certIssuer = NULL;
203 }
204 HcfFree(realCrlEntry);
205 }
206
HcfCX509CRLEntryCreate(X509_REVOKED * rev,HcfX509CrlEntry ** crlEntryOut,HcfBlob * certIssuer)207 HcfResult HcfCX509CRLEntryCreate(X509_REVOKED *rev, HcfX509CrlEntry **crlEntryOut, HcfBlob *certIssuer)
208 {
209 if ((rev == NULL) || (crlEntryOut == NULL) || certIssuer == NULL) {
210 LOGE("Invalid Paramas!");
211 return HCF_INVALID_PARAMS;
212 }
213 HcfX509CRLEntryOpensslImpl *returnCRLEntry = (HcfX509CRLEntryOpensslImpl *)HcfMalloc(
214 sizeof(HcfX509CRLEntryOpensslImpl), 0);
215 if (returnCRLEntry == NULL) {
216 LOGE("Failed to malloc for x509 entry instance!");
217 return HCF_ERR_MALLOC;
218 }
219
220 X509_REVOKED *tmp = X509_REVOKED_dup(rev);
221 if (tmp == NULL) {
222 HcfFree(returnCRLEntry);
223 LOGE("Failed to dup x509 revoked");
224 return HCF_ERR_MALLOC;
225 }
226 returnCRLEntry->rev = tmp;
227 returnCRLEntry->certIssuer = NULL;
228 returnCRLEntry->base.base.getClass = GetClass;
229 returnCRLEntry->base.base.destroy = Destroy;
230 returnCRLEntry->base.getEncoded = GetEncoded;
231 returnCRLEntry->base.getSerialNumber = GetSerialNumber;
232 returnCRLEntry->base.getCertIssuer = GetCertIssuer;
233 returnCRLEntry->base.getRevocationDate = GetRevocationDate;
234 if (DeepCopyCertIssuer(returnCRLEntry, certIssuer) != HCF_SUCCESS) {
235 LOGI("No cert issuer find or deep copy cert issuer fail!");
236 }
237 *crlEntryOut = (HcfX509CrlEntry *)returnCRLEntry;
238 return HCF_SUCCESS;
239 }
240