Commit | Line | Data |
---|---|---|
700d8687 OM |
1 | /* |
2 | * X.509 certificate parsing and verification | |
3 | * | |
4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved | |
5 | * SPDX-License-Identifier: GPL-2.0 | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation; either version 2 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | * GNU General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License along | |
18 | * with this program; if not, write to the Free Software Foundation, Inc., | |
19 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
20 | * | |
21 | * This file is part of mbed TLS (https://tls.mbed.org) | |
22 | */ | |
23 | /* | |
24 | * The ITU-T X.509 standard defines a certificate format for PKI. | |
25 | * | |
26 | * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) | |
27 | * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) | |
28 | * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) | |
29 | * | |
30 | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf | |
31 | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf | |
32 | * | |
33 | * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf | |
34 | */ | |
35 | ||
36 | #if !defined(MBEDTLS_CONFIG_FILE) | |
37 | #include "mbedtls/config.h" | |
38 | #else | |
39 | #include MBEDTLS_CONFIG_FILE | |
40 | #endif | |
41 | ||
42 | #if defined(MBEDTLS_X509_CRT_PARSE_C) | |
43 | ||
44 | #include "mbedtls/x509_crt.h" | |
45 | #include "mbedtls/oid.h" | |
46 | #include "mbedtls/platform_util.h" | |
47 | ||
48 | #include <stdio.h> | |
49 | #include <string.h> | |
50 | ||
51 | #if defined(MBEDTLS_PEM_PARSE_C) | |
52 | #include "mbedtls/pem.h" | |
53 | #endif | |
54 | ||
55 | #if defined(MBEDTLS_PLATFORM_C) | |
56 | #include "mbedtls/platform.h" | |
57 | #else | |
58 | #include <stdlib.h> | |
59 | #define mbedtls_free free | |
60 | #define mbedtls_calloc calloc | |
61 | #define mbedtls_snprintf snprintf | |
62 | #endif | |
63 | ||
64 | #if defined(MBEDTLS_THREADING_C) | |
65 | #include "mbedtls/threading.h" | |
66 | #endif | |
67 | ||
68 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) | |
69 | #include <windows.h> | |
70 | #else | |
71 | #include <time.h> | |
72 | #endif | |
73 | ||
74 | #if defined(MBEDTLS_FS_IO) | |
75 | #include <stdio.h> | |
76 | #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) | |
77 | #include <sys/types.h> | |
78 | #include <sys/stat.h> | |
79 | #include <dirent.h> | |
80 | #endif /* !_WIN32 || EFIX64 || EFI32 */ | |
81 | #endif | |
82 | ||
83 | /* | |
84 | * Item in a verification chain: cert and flags for it | |
85 | */ | |
86 | typedef struct { | |
87 | mbedtls_x509_crt *crt; | |
88 | uint32_t flags; | |
89 | } x509_crt_verify_chain_item; | |
90 | ||
91 | /* | |
92 | * Max size of verification chain: end-entity + intermediates + trusted root | |
93 | */ | |
94 | #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) | |
95 | ||
96 | /* | |
97 | * Default profile | |
98 | */ | |
99 | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = | |
100 | { | |
101 | #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) | |
102 | /* Allow SHA-1 (weak, but still safe in controlled environments) */ | |
103 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | | |
104 | #endif | |
105 | /* Only SHA-2 hashes */ | |
106 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | | |
107 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | | |
108 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | | |
109 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), | |
110 | 0xFFFFFFF, /* Any PK alg */ | |
111 | 0xFFFFFFF, /* Any curve */ | |
112 | 2048, | |
113 | }; | |
114 | ||
115 | /* | |
116 | * Next-default profile | |
117 | */ | |
118 | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = | |
119 | { | |
120 | /* Hashes from SHA-256 and above */ | |
121 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | | |
122 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | | |
123 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), | |
124 | 0xFFFFFFF, /* Any PK alg */ | |
125 | #if defined(MBEDTLS_ECP_C) | |
126 | /* Curves at or above 128-bit security level */ | |
127 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | | |
128 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) | | |
129 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) | | |
130 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) | | |
131 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) | | |
132 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) | | |
133 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ), | |
134 | #else | |
135 | 0, | |
136 | #endif | |
137 | 2048, | |
138 | }; | |
139 | ||
140 | /* | |
141 | * NSA Suite B Profile | |
142 | */ | |
143 | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = | |
144 | { | |
145 | /* Only SHA-256 and 384 */ | |
146 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | | |
147 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), | |
148 | /* Only ECDSA */ | |
149 | MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | | |
150 | MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), | |
151 | #if defined(MBEDTLS_ECP_C) | |
152 | /* Only NIST P-256 and P-384 */ | |
153 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | | |
154 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ), | |
155 | #else | |
156 | 0, | |
157 | #endif | |
158 | 0, | |
159 | }; | |
160 | ||
161 | /* | |
162 | * Check md_alg against profile | |
163 | * Return 0 if md_alg is acceptable for this profile, -1 otherwise | |
164 | */ | |
165 | static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, | |
166 | mbedtls_md_type_t md_alg ) | |
167 | { | |
168 | if( md_alg == MBEDTLS_MD_NONE ) | |
169 | return( -1 ); | |
170 | ||
171 | if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) | |
172 | return( 0 ); | |
173 | ||
174 | return( -1 ); | |
175 | } | |
176 | ||
177 | /* | |
178 | * Check pk_alg against profile | |
179 | * Return 0 if pk_alg is acceptable for this profile, -1 otherwise | |
180 | */ | |
181 | static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, | |
182 | mbedtls_pk_type_t pk_alg ) | |
183 | { | |
184 | if( pk_alg == MBEDTLS_PK_NONE ) | |
185 | return( -1 ); | |
186 | ||
187 | if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) | |
188 | return( 0 ); | |
189 | ||
190 | return( -1 ); | |
191 | } | |
192 | ||
193 | /* | |
194 | * Check key against profile | |
195 | * Return 0 if pk is acceptable for this profile, -1 otherwise | |
196 | */ | |
197 | static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, | |
198 | const mbedtls_pk_context *pk ) | |
199 | { | |
200 | const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk ); | |
201 | ||
202 | #if defined(MBEDTLS_RSA_C) | |
203 | if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) | |
204 | { | |
205 | if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) | |
206 | return( 0 ); | |
207 | ||
208 | return( -1 ); | |
209 | } | |
210 | #endif | |
211 | ||
212 | #if defined(MBEDTLS_ECP_C) | |
213 | if( pk_alg == MBEDTLS_PK_ECDSA || | |
214 | pk_alg == MBEDTLS_PK_ECKEY || | |
215 | pk_alg == MBEDTLS_PK_ECKEY_DH ) | |
216 | { | |
217 | const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; | |
218 | ||
219 | if( gid == MBEDTLS_ECP_DP_NONE ) | |
220 | return( -1 ); | |
221 | ||
222 | if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) | |
223 | return( 0 ); | |
224 | ||
225 | return( -1 ); | |
226 | } | |
227 | #endif | |
228 | ||
229 | return( -1 ); | |
230 | } | |
231 | ||
232 | /* | |
233 | * Version ::= INTEGER { v1(0), v2(1), v3(2) } | |
234 | */ | |
235 | static int x509_get_version( unsigned char **p, | |
236 | const unsigned char *end, | |
237 | int *ver ) | |
238 | { | |
239 | int ret; | |
240 | size_t len; | |
241 | ||
242 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, | |
243 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 ) | |
244 | { | |
245 | if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) | |
246 | { | |
247 | *ver = 0; | |
248 | return( 0 ); | |
249 | } | |
250 | ||
251 | return( ret ); | |
252 | } | |
253 | ||
254 | end = *p + len; | |
255 | ||
256 | if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) | |
257 | return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); | |
258 | ||
259 | if( *p != end ) | |
260 | return( MBEDTLS_ERR_X509_INVALID_VERSION + | |
261 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
262 | ||
263 | return( 0 ); | |
264 | } | |
265 | ||
266 | /* | |
267 | * Validity ::= SEQUENCE { | |
268 | * notBefore Time, | |
269 | * notAfter Time } | |
270 | */ | |
271 | static int x509_get_dates( unsigned char **p, | |
272 | const unsigned char *end, | |
273 | mbedtls_x509_time *from, | |
274 | mbedtls_x509_time *to ) | |
275 | { | |
276 | int ret; | |
277 | size_t len; | |
278 | ||
279 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, | |
280 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) | |
281 | return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); | |
282 | ||
283 | end = *p + len; | |
284 | ||
285 | if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 ) | |
286 | return( ret ); | |
287 | ||
288 | if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 ) | |
289 | return( ret ); | |
290 | ||
291 | if( *p != end ) | |
292 | return( MBEDTLS_ERR_X509_INVALID_DATE + | |
293 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
294 | ||
295 | return( 0 ); | |
296 | } | |
297 | ||
298 | /* | |
299 | * X.509 v2/v3 unique identifier (not parsed) | |
300 | */ | |
301 | static int x509_get_uid( unsigned char **p, | |
302 | const unsigned char *end, | |
303 | mbedtls_x509_buf *uid, int n ) | |
304 | { | |
305 | int ret; | |
306 | ||
307 | if( *p == end ) | |
308 | return( 0 ); | |
309 | ||
310 | uid->tag = **p; | |
311 | ||
312 | if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len, | |
313 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 ) | |
314 | { | |
315 | if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) | |
316 | return( 0 ); | |
317 | ||
318 | return( ret ); | |
319 | } | |
320 | ||
321 | uid->p = *p; | |
322 | *p += uid->len; | |
323 | ||
324 | return( 0 ); | |
325 | } | |
326 | ||
327 | static int x509_get_basic_constraints( unsigned char **p, | |
328 | const unsigned char *end, | |
329 | int *ca_istrue, | |
330 | int *max_pathlen ) | |
331 | { | |
332 | int ret; | |
333 | size_t len; | |
334 | ||
335 | /* | |
336 | * BasicConstraints ::= SEQUENCE { | |
337 | * cA BOOLEAN DEFAULT FALSE, | |
338 | * pathLenConstraint INTEGER (0..MAX) OPTIONAL } | |
339 | */ | |
340 | *ca_istrue = 0; /* DEFAULT FALSE */ | |
341 | *max_pathlen = 0; /* endless */ | |
342 | ||
343 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, | |
344 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) | |
345 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
346 | ||
347 | if( *p == end ) | |
348 | return( 0 ); | |
349 | ||
350 | if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 ) | |
351 | { | |
352 | if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) | |
353 | ret = mbedtls_asn1_get_int( p, end, ca_istrue ); | |
354 | ||
355 | if( ret != 0 ) | |
356 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
357 | ||
358 | if( *ca_istrue != 0 ) | |
359 | *ca_istrue = 1; | |
360 | } | |
361 | ||
362 | if( *p == end ) | |
363 | return( 0 ); | |
364 | ||
365 | if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) | |
366 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
367 | ||
368 | if( *p != end ) | |
369 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
370 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
371 | ||
372 | (*max_pathlen)++; | |
373 | ||
374 | return( 0 ); | |
375 | } | |
376 | ||
377 | static int x509_get_ns_cert_type( unsigned char **p, | |
378 | const unsigned char *end, | |
379 | unsigned char *ns_cert_type) | |
380 | { | |
381 | int ret; | |
382 | mbedtls_x509_bitstring bs = { 0, 0, NULL }; | |
383 | ||
384 | if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) | |
385 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
386 | ||
387 | if( bs.len != 1 ) | |
388 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
389 | MBEDTLS_ERR_ASN1_INVALID_LENGTH ); | |
390 | ||
391 | /* Get actual bitstring */ | |
392 | *ns_cert_type = *bs.p; | |
393 | return( 0 ); | |
394 | } | |
395 | ||
396 | static int x509_get_key_usage( unsigned char **p, | |
397 | const unsigned char *end, | |
398 | unsigned int *key_usage) | |
399 | { | |
400 | int ret; | |
401 | size_t i; | |
402 | mbedtls_x509_bitstring bs = { 0, 0, NULL }; | |
403 | ||
404 | if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) | |
405 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
406 | ||
407 | if( bs.len < 1 ) | |
408 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
409 | MBEDTLS_ERR_ASN1_INVALID_LENGTH ); | |
410 | ||
411 | /* Get actual bitstring */ | |
412 | *key_usage = 0; | |
413 | for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) | |
414 | { | |
415 | *key_usage |= (unsigned int) bs.p[i] << (8*i); | |
416 | } | |
417 | ||
418 | return( 0 ); | |
419 | } | |
420 | ||
421 | /* | |
422 | * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId | |
423 | * | |
424 | * KeyPurposeId ::= OBJECT IDENTIFIER | |
425 | */ | |
426 | static int x509_get_ext_key_usage( unsigned char **p, | |
427 | const unsigned char *end, | |
428 | mbedtls_x509_sequence *ext_key_usage) | |
429 | { | |
430 | int ret; | |
431 | ||
432 | if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) | |
433 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
434 | ||
435 | /* Sequence length must be >= 1 */ | |
436 | if( ext_key_usage->buf.p == NULL ) | |
437 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
438 | MBEDTLS_ERR_ASN1_INVALID_LENGTH ); | |
439 | ||
440 | return( 0 ); | |
441 | } | |
442 | ||
443 | /* | |
444 | * SubjectAltName ::= GeneralNames | |
445 | * | |
446 | * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName | |
447 | * | |
448 | * GeneralName ::= CHOICE { | |
449 | * otherName [0] OtherName, | |
450 | * rfc822Name [1] IA5String, | |
451 | * dNSName [2] IA5String, | |
452 | * x400Address [3] ORAddress, | |
453 | * directoryName [4] Name, | |
454 | * ediPartyName [5] EDIPartyName, | |
455 | * uniformResourceIdentifier [6] IA5String, | |
456 | * iPAddress [7] OCTET STRING, | |
457 | * registeredID [8] OBJECT IDENTIFIER } | |
458 | * | |
459 | * OtherName ::= SEQUENCE { | |
460 | * type-id OBJECT IDENTIFIER, | |
461 | * value [0] EXPLICIT ANY DEFINED BY type-id } | |
462 | * | |
463 | * EDIPartyName ::= SEQUENCE { | |
464 | * nameAssigner [0] DirectoryString OPTIONAL, | |
465 | * partyName [1] DirectoryString } | |
466 | * | |
467 | * NOTE: we only parse and use dNSName at this point. | |
468 | */ | |
469 | static int x509_get_subject_alt_name( unsigned char **p, | |
470 | const unsigned char *end, | |
471 | mbedtls_x509_sequence *subject_alt_name ) | |
472 | { | |
473 | int ret; | |
474 | size_t len, tag_len; | |
475 | mbedtls_asn1_buf *buf; | |
476 | unsigned char tag; | |
477 | mbedtls_asn1_sequence *cur = subject_alt_name; | |
478 | ||
479 | /* Get main sequence tag */ | |
480 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, | |
481 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) | |
482 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
483 | ||
484 | if( *p + len != end ) | |
485 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
486 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
487 | ||
488 | while( *p < end ) | |
489 | { | |
490 | if( ( end - *p ) < 1 ) | |
491 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
492 | MBEDTLS_ERR_ASN1_OUT_OF_DATA ); | |
493 | ||
494 | tag = **p; | |
495 | (*p)++; | |
496 | if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) | |
497 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
498 | ||
499 | if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != | |
500 | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) | |
501 | { | |
502 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
503 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); | |
504 | } | |
505 | ||
506 | /* Skip everything but DNS name */ | |
507 | if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) ) | |
508 | { | |
509 | *p += tag_len; | |
510 | continue; | |
511 | } | |
512 | ||
513 | /* Allocate and assign next pointer */ | |
514 | if( cur->buf.p != NULL ) | |
515 | { | |
516 | if( cur->next != NULL ) | |
517 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); | |
518 | ||
519 | cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); | |
520 | ||
521 | if( cur->next == NULL ) | |
522 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
523 | MBEDTLS_ERR_ASN1_ALLOC_FAILED ); | |
524 | ||
525 | cur = cur->next; | |
526 | } | |
527 | ||
528 | buf = &(cur->buf); | |
529 | buf->tag = tag; | |
530 | buf->p = *p; | |
531 | buf->len = tag_len; | |
532 | *p += buf->len; | |
533 | } | |
534 | ||
535 | /* Set final sequence entry's next pointer to NULL */ | |
536 | cur->next = NULL; | |
537 | ||
538 | if( *p != end ) | |
539 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
540 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
541 | ||
542 | return( 0 ); | |
543 | } | |
544 | ||
545 | /* | |
546 | * X.509 v3 extensions | |
547 | * | |
548 | */ | |
549 | static int x509_get_crt_ext( unsigned char **p, | |
550 | const unsigned char *end, | |
551 | mbedtls_x509_crt *crt ) | |
552 | { | |
553 | int ret; | |
554 | size_t len; | |
555 | unsigned char *end_ext_data, *end_ext_octet; | |
556 | ||
557 | if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 ) | |
558 | { | |
559 | if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) | |
560 | return( 0 ); | |
561 | ||
562 | return( ret ); | |
563 | } | |
564 | ||
565 | while( *p < end ) | |
566 | { | |
567 | /* | |
568 | * Extension ::= SEQUENCE { | |
569 | * extnID OBJECT IDENTIFIER, | |
570 | * critical BOOLEAN DEFAULT FALSE, | |
571 | * extnValue OCTET STRING } | |
572 | */ | |
573 | mbedtls_x509_buf extn_oid = {0, 0, NULL}; | |
574 | int is_critical = 0; /* DEFAULT FALSE */ | |
575 | int ext_type = 0; | |
576 | ||
577 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, | |
578 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) | |
579 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
580 | ||
581 | end_ext_data = *p + len; | |
582 | ||
583 | /* Get extension ID */ | |
584 | if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, | |
585 | MBEDTLS_ASN1_OID ) ) != 0 ) | |
586 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
587 | ||
588 | extn_oid.tag = MBEDTLS_ASN1_OID; | |
589 | extn_oid.p = *p; | |
590 | *p += extn_oid.len; | |
591 | ||
592 | /* Get optional critical */ | |
593 | if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && | |
594 | ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) | |
595 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
596 | ||
597 | /* Data should be octet string type */ | |
598 | if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, | |
599 | MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) | |
600 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); | |
601 | ||
602 | end_ext_octet = *p + len; | |
603 | ||
604 | if( end_ext_octet != end_ext_data ) | |
605 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
606 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
607 | ||
608 | /* | |
609 | * Detect supported extensions | |
610 | */ | |
611 | ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type ); | |
612 | ||
613 | if( ret != 0 ) | |
614 | { | |
615 | /* No parser found, skip extension */ | |
616 | *p = end_ext_octet; | |
617 | ||
618 | #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) | |
619 | if( is_critical ) | |
620 | { | |
621 | /* Data is marked as critical: fail */ | |
622 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
623 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); | |
624 | } | |
625 | #endif | |
626 | continue; | |
627 | } | |
628 | ||
629 | /* Forbid repeated extensions */ | |
630 | if( ( crt->ext_types & ext_type ) != 0 ) | |
631 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); | |
632 | ||
633 | crt->ext_types |= ext_type; | |
634 | ||
635 | switch( ext_type ) | |
636 | { | |
637 | case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: | |
638 | /* Parse basic constraints */ | |
639 | if( ( ret = x509_get_basic_constraints( p, end_ext_octet, | |
640 | &crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) | |
641 | return( ret ); | |
642 | break; | |
643 | ||
644 | case MBEDTLS_X509_EXT_KEY_USAGE: | |
645 | /* Parse key usage */ | |
646 | if( ( ret = x509_get_key_usage( p, end_ext_octet, | |
647 | &crt->key_usage ) ) != 0 ) | |
648 | return( ret ); | |
649 | break; | |
650 | ||
651 | case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: | |
652 | /* Parse extended key usage */ | |
653 | if( ( ret = x509_get_ext_key_usage( p, end_ext_octet, | |
654 | &crt->ext_key_usage ) ) != 0 ) | |
655 | return( ret ); | |
656 | break; | |
657 | ||
658 | case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: | |
659 | /* Parse subject alt name */ | |
660 | if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, | |
661 | &crt->subject_alt_names ) ) != 0 ) | |
662 | return( ret ); | |
663 | break; | |
664 | ||
665 | case MBEDTLS_X509_EXT_NS_CERT_TYPE: | |
666 | /* Parse netscape certificate type */ | |
667 | if( ( ret = x509_get_ns_cert_type( p, end_ext_octet, | |
668 | &crt->ns_cert_type ) ) != 0 ) | |
669 | return( ret ); | |
670 | break; | |
671 | ||
672 | default: | |
673 | return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); | |
674 | } | |
675 | } | |
676 | ||
677 | if( *p != end ) | |
678 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + | |
679 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
680 | ||
681 | return( 0 ); | |
682 | } | |
683 | ||
684 | /* | |
685 | * Parse and fill a single X.509 certificate in DER format | |
686 | */ | |
687 | static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf, | |
688 | size_t buflen ) | |
689 | { | |
690 | int ret; | |
691 | size_t len; | |
692 | unsigned char *p, *end, *crt_end; | |
693 | mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; | |
694 | ||
695 | memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); | |
696 | memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); | |
697 | memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); | |
698 | ||
699 | /* | |
700 | * Check for valid input | |
701 | */ | |
702 | if( crt == NULL || buf == NULL ) | |
703 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); | |
704 | ||
705 | // Use the original buffer until we figure out actual length | |
706 | p = (unsigned char*) buf; | |
707 | len = buflen; | |
708 | end = p + len; | |
709 | ||
710 | /* | |
711 | * Certificate ::= SEQUENCE { | |
712 | * tbsCertificate TBSCertificate, | |
713 | * signatureAlgorithm AlgorithmIdentifier, | |
714 | * signatureValue BIT STRING } | |
715 | */ | |
716 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, | |
717 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) | |
718 | { | |
719 | mbedtls_x509_crt_free( crt ); | |
720 | return( MBEDTLS_ERR_X509_INVALID_FORMAT ); | |
721 | } | |
722 | ||
723 | if( len > (size_t) ( end - p ) ) | |
724 | { | |
725 | mbedtls_x509_crt_free( crt ); | |
726 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + | |
727 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
728 | } | |
729 | crt_end = p + len; | |
730 | ||
731 | // Create and populate a new buffer for the raw field | |
732 | crt->raw.len = crt_end - buf; | |
733 | crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len ); | |
734 | if( p == NULL ) | |
735 | return( MBEDTLS_ERR_X509_ALLOC_FAILED ); | |
736 | ||
737 | memcpy( p, buf, crt->raw.len ); | |
738 | ||
739 | // Direct pointers to the new buffer | |
740 | p += crt->raw.len - len; | |
741 | end = crt_end = p + len; | |
742 | ||
743 | /* | |
744 | * TBSCertificate ::= SEQUENCE { | |
745 | */ | |
746 | crt->tbs.p = p; | |
747 | ||
748 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, | |
749 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) | |
750 | { | |
751 | mbedtls_x509_crt_free( crt ); | |
752 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); | |
753 | } | |
754 | ||
755 | end = p + len; | |
756 | crt->tbs.len = end - crt->tbs.p; | |
757 | ||
758 | /* | |
759 | * Version ::= INTEGER { v1(0), v2(1), v3(2) } | |
760 | * | |
761 | * CertificateSerialNumber ::= INTEGER | |
762 | * | |
763 | * signature AlgorithmIdentifier | |
764 | */ | |
765 | if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || | |
766 | ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 || | |
767 | ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid, | |
768 | &sig_params1 ) ) != 0 ) | |
769 | { | |
770 | mbedtls_x509_crt_free( crt ); | |
771 | return( ret ); | |
772 | } | |
773 | ||
774 | if( crt->version < 0 || crt->version > 2 ) | |
775 | { | |
776 | mbedtls_x509_crt_free( crt ); | |
777 | return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); | |
778 | } | |
779 | ||
780 | crt->version++; | |
781 | ||
782 | if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, | |
783 | &crt->sig_md, &crt->sig_pk, | |
784 | &crt->sig_opts ) ) != 0 ) | |
785 | { | |
786 | mbedtls_x509_crt_free( crt ); | |
787 | return( ret ); | |
788 | } | |
789 | ||
790 | /* | |
791 | * issuer Name | |
792 | */ | |
793 | crt->issuer_raw.p = p; | |
794 | ||
795 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, | |
796 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) | |
797 | { | |
798 | mbedtls_x509_crt_free( crt ); | |
799 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); | |
800 | } | |
801 | ||
802 | if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) | |
803 | { | |
804 | mbedtls_x509_crt_free( crt ); | |
805 | return( ret ); | |
806 | } | |
807 | ||
808 | crt->issuer_raw.len = p - crt->issuer_raw.p; | |
809 | ||
810 | /* | |
811 | * Validity ::= SEQUENCE { | |
812 | * notBefore Time, | |
813 | * notAfter Time } | |
814 | * | |
815 | */ | |
816 | if( ( ret = x509_get_dates( &p, end, &crt->valid_from, | |
817 | &crt->valid_to ) ) != 0 ) | |
818 | { | |
819 | mbedtls_x509_crt_free( crt ); | |
820 | return( ret ); | |
821 | } | |
822 | ||
823 | /* | |
824 | * subject Name | |
825 | */ | |
826 | crt->subject_raw.p = p; | |
827 | ||
828 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, | |
829 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) | |
830 | { | |
831 | mbedtls_x509_crt_free( crt ); | |
832 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); | |
833 | } | |
834 | ||
835 | if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) | |
836 | { | |
837 | mbedtls_x509_crt_free( crt ); | |
838 | return( ret ); | |
839 | } | |
840 | ||
841 | crt->subject_raw.len = p - crt->subject_raw.p; | |
842 | ||
843 | /* | |
844 | * SubjectPublicKeyInfo | |
845 | */ | |
846 | if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 ) | |
847 | { | |
848 | mbedtls_x509_crt_free( crt ); | |
849 | return( ret ); | |
850 | } | |
851 | ||
852 | /* | |
853 | * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, | |
854 | * -- If present, version shall be v2 or v3 | |
855 | * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, | |
856 | * -- If present, version shall be v2 or v3 | |
857 | * extensions [3] EXPLICIT Extensions OPTIONAL | |
858 | * -- If present, version shall be v3 | |
859 | */ | |
860 | if( crt->version == 2 || crt->version == 3 ) | |
861 | { | |
862 | ret = x509_get_uid( &p, end, &crt->issuer_id, 1 ); | |
863 | if( ret != 0 ) | |
864 | { | |
865 | mbedtls_x509_crt_free( crt ); | |
866 | return( ret ); | |
867 | } | |
868 | } | |
869 | ||
870 | if( crt->version == 2 || crt->version == 3 ) | |
871 | { | |
872 | ret = x509_get_uid( &p, end, &crt->subject_id, 2 ); | |
873 | if( ret != 0 ) | |
874 | { | |
875 | mbedtls_x509_crt_free( crt ); | |
876 | return( ret ); | |
877 | } | |
878 | } | |
879 | ||
880 | #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) | |
881 | if( crt->version == 3 ) | |
882 | #endif | |
883 | { | |
884 | ret = x509_get_crt_ext( &p, end, crt ); | |
885 | if( ret != 0 ) | |
886 | { | |
887 | mbedtls_x509_crt_free( crt ); | |
888 | return( ret ); | |
889 | } | |
890 | } | |
891 | ||
892 | if( p != end ) | |
893 | { | |
894 | mbedtls_x509_crt_free( crt ); | |
895 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + | |
896 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
897 | } | |
898 | ||
899 | end = crt_end; | |
900 | ||
901 | /* | |
902 | * } | |
903 | * -- end of TBSCertificate | |
904 | * | |
905 | * signatureAlgorithm AlgorithmIdentifier, | |
906 | * signatureValue BIT STRING | |
907 | */ | |
908 | if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) | |
909 | { | |
910 | mbedtls_x509_crt_free( crt ); | |
911 | return( ret ); | |
912 | } | |
913 | ||
914 | if( crt->sig_oid.len != sig_oid2.len || | |
915 | memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || | |
916 | sig_params1.len != sig_params2.len || | |
917 | ( sig_params1.len != 0 && | |
918 | memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) | |
919 | { | |
920 | mbedtls_x509_crt_free( crt ); | |
921 | return( MBEDTLS_ERR_X509_SIG_MISMATCH ); | |
922 | } | |
923 | ||
924 | if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 ) | |
925 | { | |
926 | mbedtls_x509_crt_free( crt ); | |
927 | return( ret ); | |
928 | } | |
929 | ||
930 | if( p != end ) | |
931 | { | |
932 | mbedtls_x509_crt_free( crt ); | |
933 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + | |
934 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); | |
935 | } | |
936 | ||
937 | return( 0 ); | |
938 | } | |
939 | ||
940 | /* | |
941 | * Parse one X.509 certificate in DER format from a buffer and add them to a | |
942 | * chained list | |
943 | */ | |
944 | int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, | |
945 | size_t buflen ) | |
946 | { | |
947 | int ret; | |
948 | mbedtls_x509_crt *crt = chain, *prev = NULL; | |
949 | ||
950 | /* | |
951 | * Check for valid input | |
952 | */ | |
953 | if( crt == NULL || buf == NULL ) | |
954 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); | |
955 | ||
956 | while( crt->version != 0 && crt->next != NULL ) | |
957 | { | |
958 | prev = crt; | |
959 | crt = crt->next; | |
960 | } | |
961 | ||
962 | /* | |
963 | * Add new certificate on the end of the chain if needed. | |
964 | */ | |
965 | if( crt->version != 0 && crt->next == NULL ) | |
966 | { | |
967 | crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); | |
968 | ||
969 | if( crt->next == NULL ) | |
970 | return( MBEDTLS_ERR_X509_ALLOC_FAILED ); | |
971 | ||
972 | prev = crt; | |
973 | mbedtls_x509_crt_init( crt->next ); | |
974 | crt = crt->next; | |
975 | } | |
976 | ||
977 | if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 ) | |
978 | { | |
979 | if( prev ) | |
980 | prev->next = NULL; | |
981 | ||
982 | if( crt != chain ) | |
983 | mbedtls_free( crt ); | |
984 | ||
985 | return( ret ); | |
986 | } | |
987 | ||
988 | return( 0 ); | |
989 | } | |
990 | ||
991 | /* | |
992 | * Parse one or more PEM certificates from a buffer and add them to the chained | |
993 | * list | |
994 | */ | |
995 | int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) | |
996 | { | |
997 | #if defined(MBEDTLS_PEM_PARSE_C) | |
998 | int success = 0, first_error = 0, total_failed = 0; | |
999 | int buf_format = MBEDTLS_X509_FORMAT_DER; | |
1000 | #endif | |
1001 | ||
1002 | /* | |
1003 | * Check for valid input | |
1004 | */ | |
1005 | if( chain == NULL || buf == NULL ) | |
1006 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); | |
1007 | ||
1008 | /* | |
1009 | * Determine buffer content. Buffer contains either one DER certificate or | |
1010 | * one or more PEM certificates. | |
1011 | */ | |
1012 | #if defined(MBEDTLS_PEM_PARSE_C) | |
1013 | if( buflen != 0 && buf[buflen - 1] == '\0' && | |
1014 | strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) | |
1015 | { | |
1016 | buf_format = MBEDTLS_X509_FORMAT_PEM; | |
1017 | } | |
1018 | ||
1019 | if( buf_format == MBEDTLS_X509_FORMAT_DER ) | |
1020 | return mbedtls_x509_crt_parse_der( chain, buf, buflen ); | |
1021 | #else | |
1022 | return mbedtls_x509_crt_parse_der( chain, buf, buflen ); | |
1023 | #endif | |
1024 | ||
1025 | #if defined(MBEDTLS_PEM_PARSE_C) | |
1026 | if( buf_format == MBEDTLS_X509_FORMAT_PEM ) | |
1027 | { | |
1028 | int ret; | |
1029 | mbedtls_pem_context pem; | |
1030 | ||
1031 | /* 1 rather than 0 since the terminating NULL byte is counted in */ | |
1032 | while( buflen > 1 ) | |
1033 | { | |
1034 | size_t use_len; | |
1035 | mbedtls_pem_init( &pem ); | |
1036 | ||
1037 | /* If we get there, we know the string is null-terminated */ | |
1038 | ret = mbedtls_pem_read_buffer( &pem, | |
1039 | "-----BEGIN CERTIFICATE-----", | |
1040 | "-----END CERTIFICATE-----", | |
1041 | buf, NULL, 0, &use_len ); | |
1042 | ||
1043 | if( ret == 0 ) | |
1044 | { | |
1045 | /* | |
1046 | * Was PEM encoded | |
1047 | */ | |
1048 | buflen -= use_len; | |
1049 | buf += use_len; | |
1050 | } | |
1051 | else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA ) | |
1052 | { | |
1053 | return( ret ); | |
1054 | } | |
1055 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) | |
1056 | { | |
1057 | mbedtls_pem_free( &pem ); | |
1058 | ||
1059 | /* | |
1060 | * PEM header and footer were found | |
1061 | */ | |
1062 | buflen -= use_len; | |
1063 | buf += use_len; | |
1064 | ||
1065 | if( first_error == 0 ) | |
1066 | first_error = ret; | |
1067 | ||
1068 | total_failed++; | |
1069 | continue; | |
1070 | } | |
1071 | else | |
1072 | break; | |
1073 | ||
1074 | ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen ); | |
1075 | ||
1076 | mbedtls_pem_free( &pem ); | |
1077 | ||
1078 | if( ret != 0 ) | |
1079 | { | |
1080 | /* | |
1081 | * Quit parsing on a memory error | |
1082 | */ | |
1083 | if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED ) | |
1084 | return( ret ); | |
1085 | ||
1086 | if( first_error == 0 ) | |
1087 | first_error = ret; | |
1088 | ||
1089 | total_failed++; | |
1090 | continue; | |
1091 | } | |
1092 | ||
1093 | success = 1; | |
1094 | } | |
1095 | } | |
1096 | ||
1097 | if( success ) | |
1098 | return( total_failed ); | |
1099 | else if( first_error ) | |
1100 | return( first_error ); | |
1101 | else | |
1102 | return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); | |
1103 | #endif /* MBEDTLS_PEM_PARSE_C */ | |
1104 | } | |
1105 | ||
1106 | #if defined(MBEDTLS_FS_IO) | |
1107 | /* | |
1108 | * Load one or more certificates and add them to the chained list | |
1109 | */ | |
1110 | int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) | |
1111 | { | |
1112 | int ret; | |
1113 | size_t n; | |
1114 | unsigned char *buf; | |
1115 | ||
1116 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) | |
1117 | return( ret ); | |
1118 | ||
1119 | ret = mbedtls_x509_crt_parse( chain, buf, n ); | |
1120 | ||
1121 | mbedtls_platform_zeroize( buf, n ); | |
1122 | mbedtls_free( buf ); | |
1123 | ||
1124 | return( ret ); | |
1125 | } | |
1126 | ||
1127 | int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) | |
1128 | { | |
1129 | int ret = 0; | |
1130 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) | |
1131 | int w_ret; | |
1132 | WCHAR szDir[MAX_PATH]; | |
1133 | char filename[MAX_PATH]; | |
1134 | char *p; | |
1135 | size_t len = strlen( path ); | |
1136 | ||
1137 | WIN32_FIND_DATAW file_data; | |
1138 | HANDLE hFind; | |
1139 | ||
1140 | if( len > MAX_PATH - 3 ) | |
1141 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); | |
1142 | ||
1143 | memset( szDir, 0, sizeof(szDir) ); | |
1144 | memset( filename, 0, MAX_PATH ); | |
1145 | memcpy( filename, path, len ); | |
1146 | filename[len++] = '\\'; | |
1147 | p = filename + len; | |
1148 | filename[len++] = '*'; | |
1149 | ||
1150 | w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, | |
1151 | MAX_PATH - 3 ); | |
1152 | if( w_ret == 0 ) | |
1153 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); | |
1154 | ||
1155 | hFind = FindFirstFileW( szDir, &file_data ); | |
1156 | if( hFind == INVALID_HANDLE_VALUE ) | |
1157 | return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); | |
1158 | ||
1159 | len = MAX_PATH - len; | |
1160 | do | |
1161 | { | |
1162 | memset( p, 0, len ); | |
1163 | ||
1164 | if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) | |
1165 | continue; | |
1166 | ||
1167 | w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, | |
1168 | lstrlenW( file_data.cFileName ), | |
1169 | p, (int) len - 1, | |
1170 | NULL, NULL ); | |
1171 | if( w_ret == 0 ) | |
1172 | { | |
1173 | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; | |
1174 | goto cleanup; | |
1175 | } | |
1176 | ||
1177 | w_ret = mbedtls_x509_crt_parse_file( chain, filename ); | |
1178 | if( w_ret < 0 ) | |
1179 | ret++; | |
1180 | else | |
1181 | ret += w_ret; | |
1182 | } | |
1183 | while( FindNextFileW( hFind, &file_data ) != 0 ); | |
1184 | ||
1185 | if( GetLastError() != ERROR_NO_MORE_FILES ) | |
1186 | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; | |
1187 | ||
1188 | cleanup: | |
1189 | FindClose( hFind ); | |
1190 | #else /* _WIN32 */ | |
1191 | int t_ret; | |
1192 | int snp_ret; | |
1193 | struct stat sb; | |
1194 | struct dirent *entry; | |
1195 | char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; | |
1196 | DIR *dir = opendir( path ); | |
1197 | ||
1198 | if( dir == NULL ) | |
1199 | return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); | |
1200 | ||
1201 | #if defined(MBEDTLS_THREADING_C) | |
1202 | if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) | |
1203 | { | |
1204 | closedir( dir ); | |
1205 | return( ret ); | |
1206 | } | |
1207 | #endif /* MBEDTLS_THREADING_C */ | |
1208 | ||
1209 | while( ( entry = readdir( dir ) ) != NULL ) | |
1210 | { | |
1211 | snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, | |
1212 | "%s/%s", path, entry->d_name ); | |
1213 | ||
1214 | if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name ) | |
1215 | { | |
1216 | ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; | |
1217 | goto cleanup; | |
1218 | } | |
1219 | else if( stat( entry_name, &sb ) == -1 ) | |
1220 | { | |
1221 | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; | |
1222 | goto cleanup; | |
1223 | } | |
1224 | ||
1225 | if( !S_ISREG( sb.st_mode ) ) | |
1226 | continue; | |
1227 | ||
1228 | // Ignore parse errors | |
1229 | // | |
1230 | t_ret = mbedtls_x509_crt_parse_file( chain, entry_name ); | |
1231 | if( t_ret < 0 ) | |
1232 | ret++; | |
1233 | else | |
1234 | ret += t_ret; | |
1235 | } | |
1236 | ||
1237 | cleanup: | |
1238 | closedir( dir ); | |
1239 | ||
1240 | #if defined(MBEDTLS_THREADING_C) | |
1241 | if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) | |
1242 | ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; | |
1243 | #endif /* MBEDTLS_THREADING_C */ | |
1244 | ||
1245 | #endif /* _WIN32 */ | |
1246 | ||
1247 | return( ret ); | |
1248 | } | |
1249 | #endif /* MBEDTLS_FS_IO */ | |
1250 | ||
1251 | static int x509_info_subject_alt_name( char **buf, size_t *size, | |
1252 | const mbedtls_x509_sequence *subject_alt_name ) | |
1253 | { | |
1254 | size_t i; | |
1255 | size_t n = *size; | |
1256 | char *p = *buf; | |
1257 | const mbedtls_x509_sequence *cur = subject_alt_name; | |
1258 | const char *sep = ""; | |
1259 | size_t sep_len = 0; | |
1260 | ||
1261 | while( cur != NULL ) | |
1262 | { | |
1263 | if( cur->buf.len + sep_len >= n ) | |
1264 | { | |
1265 | *p = '\0'; | |
1266 | return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); | |
1267 | } | |
1268 | ||
1269 | n -= cur->buf.len + sep_len; | |
1270 | for( i = 0; i < sep_len; i++ ) | |
1271 | *p++ = sep[i]; | |
1272 | for( i = 0; i < cur->buf.len; i++ ) | |
1273 | *p++ = cur->buf.p[i]; | |
1274 | ||
1275 | sep = ", "; | |
1276 | sep_len = 2; | |
1277 | ||
1278 | cur = cur->next; | |
1279 | } | |
1280 | ||
1281 | *p = '\0'; | |
1282 | ||
1283 | *size = n; | |
1284 | *buf = p; | |
1285 | ||
1286 | return( 0 ); | |
1287 | } | |
1288 | ||
1289 | #define PRINT_ITEM(i) \ | |
1290 | { \ | |
1291 | ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ | |
1292 | MBEDTLS_X509_SAFE_SNPRINTF; \ | |
1293 | sep = ", "; \ | |
1294 | } | |
1295 | ||
1296 | #define CERT_TYPE(type,name) \ | |
1297 | if( ns_cert_type & type ) \ | |
1298 | PRINT_ITEM( name ); | |
1299 | ||
1300 | static int x509_info_cert_type( char **buf, size_t *size, | |
1301 | unsigned char ns_cert_type ) | |
1302 | { | |
1303 | int ret; | |
1304 | size_t n = *size; | |
1305 | char *p = *buf; | |
1306 | const char *sep = ""; | |
1307 | ||
1308 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); | |
1309 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); | |
1310 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); | |
1311 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); | |
1312 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); | |
1313 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" ); | |
1314 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); | |
1315 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); | |
1316 | ||
1317 | *size = n; | |
1318 | *buf = p; | |
1319 | ||
1320 | return( 0 ); | |
1321 | } | |
1322 | ||
1323 | #define KEY_USAGE(code,name) \ | |
1324 | if( key_usage & code ) \ | |
1325 | PRINT_ITEM( name ); | |
1326 | ||
1327 | static int x509_info_key_usage( char **buf, size_t *size, | |
1328 | unsigned int key_usage ) | |
1329 | { | |
1330 | int ret; | |
1331 | size_t n = *size; | |
1332 | char *p = *buf; | |
1333 | const char *sep = ""; | |
1334 | ||
1335 | KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); | |
1336 | KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); | |
1337 | KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); | |
1338 | KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); | |
1339 | KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" ); | |
1340 | KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); | |
1341 | KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); | |
1342 | KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" ); | |
1343 | KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" ); | |
1344 | ||
1345 | *size = n; | |
1346 | *buf = p; | |
1347 | ||
1348 | return( 0 ); | |
1349 | } | |
1350 | ||
1351 | static int x509_info_ext_key_usage( char **buf, size_t *size, | |
1352 | const mbedtls_x509_sequence *extended_key_usage ) | |
1353 | { | |
1354 | int ret; | |
1355 | const char *desc; | |
1356 | size_t n = *size; | |
1357 | char *p = *buf; | |
1358 | const mbedtls_x509_sequence *cur = extended_key_usage; | |
1359 | const char *sep = ""; | |
1360 | ||
1361 | while( cur != NULL ) | |
1362 | { | |
1363 | if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) | |
1364 | desc = "???"; | |
1365 | ||
1366 | ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); | |
1367 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1368 | ||
1369 | sep = ", "; | |
1370 | ||
1371 | cur = cur->next; | |
1372 | } | |
1373 | ||
1374 | *size = n; | |
1375 | *buf = p; | |
1376 | ||
1377 | return( 0 ); | |
1378 | } | |
1379 | ||
1380 | /* | |
1381 | * Return an informational string about the certificate. | |
1382 | */ | |
1383 | #define BEFORE_COLON 18 | |
1384 | #define BC "18" | |
1385 | int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, | |
1386 | const mbedtls_x509_crt *crt ) | |
1387 | { | |
1388 | int ret; | |
1389 | size_t n; | |
1390 | char *p; | |
1391 | char key_size_str[BEFORE_COLON]; | |
1392 | ||
1393 | p = buf; | |
1394 | n = size; | |
1395 | ||
1396 | if( NULL == crt ) | |
1397 | { | |
1398 | ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); | |
1399 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1400 | ||
1401 | return( (int) ( size - n ) ); | |
1402 | } | |
1403 | ||
1404 | ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", | |
1405 | prefix, crt->version ); | |
1406 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1407 | ret = mbedtls_snprintf( p, n, "%sserial number : ", | |
1408 | prefix ); | |
1409 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1410 | ||
1411 | ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); | |
1412 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1413 | ||
1414 | ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); | |
1415 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1416 | ret = mbedtls_x509_dn_gets( p, n, &crt->issuer ); | |
1417 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1418 | ||
1419 | ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); | |
1420 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1421 | ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); | |
1422 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1423 | ||
1424 | ret = mbedtls_snprintf( p, n, "\n%sissued on : " \ | |
1425 | "%04d-%02d-%02d %02d:%02d:%02d", prefix, | |
1426 | crt->valid_from.year, crt->valid_from.mon, | |
1427 | crt->valid_from.day, crt->valid_from.hour, | |
1428 | crt->valid_from.min, crt->valid_from.sec ); | |
1429 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1430 | ||
1431 | ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \ | |
1432 | "%04d-%02d-%02d %02d:%02d:%02d", prefix, | |
1433 | crt->valid_to.year, crt->valid_to.mon, | |
1434 | crt->valid_to.day, crt->valid_to.hour, | |
1435 | crt->valid_to.min, crt->valid_to.sec ); | |
1436 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1437 | ||
1438 | ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); | |
1439 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1440 | ||
1441 | ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk, | |
1442 | crt->sig_md, crt->sig_opts ); | |
1443 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1444 | ||
1445 | /* Key size */ | |
1446 | if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, | |
1447 | mbedtls_pk_get_name( &crt->pk ) ) ) != 0 ) | |
1448 | { | |
1449 | return( ret ); | |
1450 | } | |
1451 | ||
1452 | ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, | |
1453 | (int) mbedtls_pk_get_bitlen( &crt->pk ) ); | |
1454 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1455 | ||
1456 | /* | |
1457 | * Optional extensions | |
1458 | */ | |
1459 | ||
1460 | if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS ) | |
1461 | { | |
1462 | ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, | |
1463 | crt->ca_istrue ? "true" : "false" ); | |
1464 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1465 | ||
1466 | if( crt->max_pathlen > 0 ) | |
1467 | { | |
1468 | ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); | |
1469 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1470 | } | |
1471 | } | |
1472 | ||
1473 | if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) | |
1474 | { | |
1475 | ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix ); | |
1476 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1477 | ||
1478 | if( ( ret = x509_info_subject_alt_name( &p, &n, | |
1479 | &crt->subject_alt_names ) ) != 0 ) | |
1480 | return( ret ); | |
1481 | } | |
1482 | ||
1483 | if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE ) | |
1484 | { | |
1485 | ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix ); | |
1486 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1487 | ||
1488 | if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) | |
1489 | return( ret ); | |
1490 | } | |
1491 | ||
1492 | if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) | |
1493 | { | |
1494 | ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix ); | |
1495 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1496 | ||
1497 | if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) | |
1498 | return( ret ); | |
1499 | } | |
1500 | ||
1501 | if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) | |
1502 | { | |
1503 | ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix ); | |
1504 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1505 | ||
1506 | if( ( ret = x509_info_ext_key_usage( &p, &n, | |
1507 | &crt->ext_key_usage ) ) != 0 ) | |
1508 | return( ret ); | |
1509 | } | |
1510 | ||
1511 | ret = mbedtls_snprintf( p, n, "\n" ); | |
1512 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1513 | ||
1514 | return( (int) ( size - n ) ); | |
1515 | } | |
1516 | ||
1517 | struct x509_crt_verify_string { | |
1518 | int code; | |
1519 | const char *string; | |
1520 | }; | |
1521 | ||
1522 | static const struct x509_crt_verify_string x509_crt_verify_strings[] = { | |
1523 | { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" }, | |
1524 | { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, | |
1525 | { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, | |
1526 | { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, | |
1527 | { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, | |
1528 | { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, | |
1529 | { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" }, | |
1530 | { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, | |
1531 | { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, | |
1532 | { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" }, | |
1533 | { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" }, | |
1534 | { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, | |
1535 | { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, | |
1536 | { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, | |
1537 | { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." }, | |
1538 | { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, | |
1539 | { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." }, | |
1540 | { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." }, | |
1541 | { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, | |
1542 | { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." }, | |
1543 | { 0, NULL } | |
1544 | }; | |
1545 | ||
1546 | int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, | |
1547 | uint32_t flags ) | |
1548 | { | |
1549 | int ret; | |
1550 | const struct x509_crt_verify_string *cur; | |
1551 | char *p = buf; | |
1552 | size_t n = size; | |
1553 | ||
1554 | for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ ) | |
1555 | { | |
1556 | if( ( flags & cur->code ) == 0 ) | |
1557 | continue; | |
1558 | ||
1559 | ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string ); | |
1560 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1561 | flags ^= cur->code; | |
1562 | } | |
1563 | ||
1564 | if( flags != 0 ) | |
1565 | { | |
1566 | ret = mbedtls_snprintf( p, n, "%sUnknown reason " | |
1567 | "(this should not happen)\n", prefix ); | |
1568 | MBEDTLS_X509_SAFE_SNPRINTF; | |
1569 | } | |
1570 | ||
1571 | return( (int) ( size - n ) ); | |
1572 | } | |
1573 | ||
1574 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) | |
1575 | int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, | |
1576 | unsigned int usage ) | |
1577 | { | |
1578 | unsigned int usage_must, usage_may; | |
1579 | unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY | |
1580 | | MBEDTLS_X509_KU_DECIPHER_ONLY; | |
1581 | ||
1582 | if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 ) | |
1583 | return( 0 ); | |
1584 | ||
1585 | usage_must = usage & ~may_mask; | |
1586 | ||
1587 | if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must ) | |
1588 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); | |
1589 | ||
1590 | usage_may = usage & may_mask; | |
1591 | ||
1592 | if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may ) | |
1593 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); | |
1594 | ||
1595 | return( 0 ); | |
1596 | } | |
1597 | #endif | |
1598 | ||
1599 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) | |
1600 | int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, | |
1601 | const char *usage_oid, | |
1602 | size_t usage_len ) | |
1603 | { | |
1604 | const mbedtls_x509_sequence *cur; | |
1605 | ||
1606 | /* Extension is not mandatory, absent means no restriction */ | |
1607 | if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 ) | |
1608 | return( 0 ); | |
1609 | ||
1610 | /* | |
1611 | * Look for the requested usage (or wildcard ANY) in our list | |
1612 | */ | |
1613 | for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next ) | |
1614 | { | |
1615 | const mbedtls_x509_buf *cur_oid = &cur->buf; | |
1616 | ||
1617 | if( cur_oid->len == usage_len && | |
1618 | memcmp( cur_oid->p, usage_oid, usage_len ) == 0 ) | |
1619 | { | |
1620 | return( 0 ); | |
1621 | } | |
1622 | ||
1623 | if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 ) | |
1624 | return( 0 ); | |
1625 | } | |
1626 | ||
1627 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); | |
1628 | } | |
1629 | #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ | |
1630 | ||
1631 | #if defined(MBEDTLS_X509_CRL_PARSE_C) | |
1632 | /* | |
1633 | * Return 1 if the certificate is revoked, or 0 otherwise. | |
1634 | */ | |
1635 | int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ) | |
1636 | { | |
1637 | const mbedtls_x509_crl_entry *cur = &crl->entry; | |
1638 | ||
1639 | while( cur != NULL && cur->serial.len != 0 ) | |
1640 | { | |
1641 | if( crt->serial.len == cur->serial.len && | |
1642 | memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) | |
1643 | { | |
1644 | if( mbedtls_x509_time_is_past( &cur->revocation_date ) ) | |
1645 | return( 1 ); | |
1646 | } | |
1647 | ||
1648 | cur = cur->next; | |
1649 | } | |
1650 | ||
1651 | return( 0 ); | |
1652 | } | |
1653 | ||
1654 | /* | |
1655 | * Check that the given certificate is not revoked according to the CRL. | |
1656 | * Skip validation if no CRL for the given CA is present. | |
1657 | */ | |
1658 | static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, | |
1659 | mbedtls_x509_crl *crl_list, | |
1660 | const mbedtls_x509_crt_profile *profile ) | |
1661 | { | |
1662 | int flags = 0; | |
1663 | unsigned char hash[MBEDTLS_MD_MAX_SIZE]; | |
1664 | const mbedtls_md_info_t *md_info; | |
1665 | ||
1666 | if( ca == NULL ) | |
1667 | return( flags ); | |
1668 | ||
1669 | while( crl_list != NULL ) | |
1670 | { | |
1671 | if( crl_list->version == 0 || | |
1672 | crl_list->issuer_raw.len != ca->subject_raw.len || | |
1673 | memcmp( crl_list->issuer_raw.p, ca->subject_raw.p, | |
1674 | crl_list->issuer_raw.len ) != 0 ) | |
1675 | { | |
1676 | crl_list = crl_list->next; | |
1677 | continue; | |
1678 | } | |
1679 | ||
1680 | /* | |
1681 | * Check if the CA is configured to sign CRLs | |
1682 | */ | |
1683 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) | |
1684 | if( mbedtls_x509_crt_check_key_usage( ca, MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) | |
1685 | { | |
1686 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; | |
1687 | break; | |
1688 | } | |
1689 | #endif | |
1690 | ||
1691 | /* | |
1692 | * Check if CRL is correctly signed by the trusted CA | |
1693 | */ | |
1694 | if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 ) | |
1695 | flags |= MBEDTLS_X509_BADCRL_BAD_MD; | |
1696 | ||
1697 | if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 ) | |
1698 | flags |= MBEDTLS_X509_BADCRL_BAD_PK; | |
1699 | ||
1700 | md_info = mbedtls_md_info_from_type( crl_list->sig_md ); | |
1701 | if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 ) | |
1702 | { | |
1703 | /* Note: this can't happen except after an internal error */ | |
1704 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; | |
1705 | break; | |
1706 | } | |
1707 | ||
1708 | if( x509_profile_check_key( profile, &ca->pk ) != 0 ) | |
1709 | flags |= MBEDTLS_X509_BADCERT_BAD_KEY; | |
1710 | ||
1711 | if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, | |
1712 | crl_list->sig_md, hash, mbedtls_md_get_size( md_info ), | |
1713 | crl_list->sig.p, crl_list->sig.len ) != 0 ) | |
1714 | { | |
1715 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; | |
1716 | break; | |
1717 | } | |
1718 | ||
1719 | /* | |
1720 | * Check for validity of CRL (Do not drop out) | |
1721 | */ | |
1722 | if( mbedtls_x509_time_is_past( &crl_list->next_update ) ) | |
1723 | flags |= MBEDTLS_X509_BADCRL_EXPIRED; | |
1724 | ||
1725 | if( mbedtls_x509_time_is_future( &crl_list->this_update ) ) | |
1726 | flags |= MBEDTLS_X509_BADCRL_FUTURE; | |
1727 | ||
1728 | /* | |
1729 | * Check if certificate is revoked | |
1730 | */ | |
1731 | if( mbedtls_x509_crt_is_revoked( crt, crl_list ) ) | |
1732 | { | |
1733 | flags |= MBEDTLS_X509_BADCERT_REVOKED; | |
1734 | break; | |
1735 | } | |
1736 | ||
1737 | crl_list = crl_list->next; | |
1738 | } | |
1739 | ||
1740 | return( flags ); | |
1741 | } | |
1742 | #endif /* MBEDTLS_X509_CRL_PARSE_C */ | |
1743 | ||
1744 | /* | |
1745 | * Like memcmp, but case-insensitive and always returns -1 if different | |
1746 | */ | |
1747 | static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) | |
1748 | { | |
1749 | size_t i; | |
1750 | unsigned char diff; | |
1751 | const unsigned char *n1 = s1, *n2 = s2; | |
1752 | ||
1753 | for( i = 0; i < len; i++ ) | |
1754 | { | |
1755 | diff = n1[i] ^ n2[i]; | |
1756 | ||
1757 | if( diff == 0 ) | |
1758 | continue; | |
1759 | ||
1760 | if( diff == 32 && | |
1761 | ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || | |
1762 | ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) | |
1763 | { | |
1764 | continue; | |
1765 | } | |
1766 | ||
1767 | return( -1 ); | |
1768 | } | |
1769 | ||
1770 | return( 0 ); | |
1771 | } | |
1772 | ||
1773 | /* | |
1774 | * Return 0 if name matches wildcard, -1 otherwise | |
1775 | */ | |
1776 | static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) | |
1777 | { | |
1778 | size_t i; | |
1779 | size_t cn_idx = 0, cn_len = strlen( cn ); | |
1780 | ||
1781 | /* We can't have a match if there is no wildcard to match */ | |
1782 | if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) | |
1783 | return( -1 ); | |
1784 | ||
1785 | for( i = 0; i < cn_len; ++i ) | |
1786 | { | |
1787 | if( cn[i] == '.' ) | |
1788 | { | |
1789 | cn_idx = i; | |
1790 | break; | |
1791 | } | |
1792 | } | |
1793 | ||
1794 | if( cn_idx == 0 ) | |
1795 | return( -1 ); | |
1796 | ||
1797 | if( cn_len - cn_idx == name->len - 1 && | |
1798 | x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) | |
1799 | { | |
1800 | return( 0 ); | |
1801 | } | |
1802 | ||
1803 | return( -1 ); | |
1804 | } | |
1805 | ||
1806 | /* | |
1807 | * Compare two X.509 strings, case-insensitive, and allowing for some encoding | |
1808 | * variations (but not all). | |
1809 | * | |
1810 | * Return 0 if equal, -1 otherwise. | |
1811 | */ | |
1812 | static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) | |
1813 | { | |
1814 | if( a->tag == b->tag && | |
1815 | a->len == b->len && | |
1816 | memcmp( a->p, b->p, b->len ) == 0 ) | |
1817 | { | |
1818 | return( 0 ); | |
1819 | } | |
1820 | ||
1821 | if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && | |
1822 | ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && | |
1823 | a->len == b->len && | |
1824 | x509_memcasecmp( a->p, b->p, b->len ) == 0 ) | |
1825 | { | |
1826 | return( 0 ); | |
1827 | } | |
1828 | ||
1829 | return( -1 ); | |
1830 | } | |
1831 | ||
1832 | /* | |
1833 | * Compare two X.509 Names (aka rdnSequence). | |
1834 | * | |
1835 | * See RFC 5280 section 7.1, though we don't implement the whole algorithm: | |
1836 | * we sometimes return unequal when the full algorithm would return equal, | |
1837 | * but never the other way. (In particular, we don't do Unicode normalisation | |
1838 | * or space folding.) | |
1839 | * | |
1840 | * Return 0 if equal, -1 otherwise. | |
1841 | */ | |
1842 | static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) | |
1843 | { | |
1844 | /* Avoid recursion, it might not be optimised by the compiler */ | |
1845 | while( a != NULL || b != NULL ) | |
1846 | { | |
1847 | if( a == NULL || b == NULL ) | |
1848 | return( -1 ); | |
1849 | ||
1850 | /* type */ | |
1851 | if( a->oid.tag != b->oid.tag || | |
1852 | a->oid.len != b->oid.len || | |
1853 | memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) | |
1854 | { | |
1855 | return( -1 ); | |
1856 | } | |
1857 | ||
1858 | /* value */ | |
1859 | if( x509_string_cmp( &a->val, &b->val ) != 0 ) | |
1860 | return( -1 ); | |
1861 | ||
1862 | /* structure of the list of sets */ | |
1863 | if( a->next_merged != b->next_merged ) | |
1864 | return( -1 ); | |
1865 | ||
1866 | a = a->next; | |
1867 | b = b->next; | |
1868 | } | |
1869 | ||
1870 | /* a == NULL == b */ | |
1871 | return( 0 ); | |
1872 | } | |
1873 | ||
1874 | /* | |
1875 | * Check the signature of a certificate by its parent | |
1876 | */ | |
1877 | static int x509_crt_check_signature( const mbedtls_x509_crt *child, | |
1878 | mbedtls_x509_crt *parent ) | |
1879 | { | |
1880 | const mbedtls_md_info_t *md_info; | |
1881 | unsigned char hash[MBEDTLS_MD_MAX_SIZE]; | |
1882 | ||
1883 | md_info = mbedtls_md_info_from_type( child->sig_md ); | |
1884 | if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) | |
1885 | { | |
1886 | /* Note: this can't happen except after an internal error */ | |
1887 | return( -1 ); | |
1888 | } | |
1889 | ||
1890 | if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, | |
1891 | child->sig_md, hash, mbedtls_md_get_size( md_info ), | |
1892 | child->sig.p, child->sig.len ) != 0 ) | |
1893 | { | |
1894 | return( -1 ); | |
1895 | } | |
1896 | ||
1897 | return( 0 ); | |
1898 | } | |
1899 | ||
1900 | /* | |
1901 | * Check if 'parent' is a suitable parent (signing CA) for 'child'. | |
1902 | * Return 0 if yes, -1 if not. | |
1903 | * | |
1904 | * top means parent is a locally-trusted certificate | |
1905 | */ | |
1906 | static int x509_crt_check_parent( const mbedtls_x509_crt *child, | |
1907 | const mbedtls_x509_crt *parent, | |
1908 | int top ) | |
1909 | { | |
1910 | int need_ca_bit; | |
1911 | ||
1912 | /* Parent must be the issuer */ | |
1913 | if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 ) | |
1914 | return( -1 ); | |
1915 | ||
1916 | /* Parent must have the basicConstraints CA bit set as a general rule */ | |
1917 | need_ca_bit = 1; | |
1918 | ||
1919 | /* Exception: v1/v2 certificates that are locally trusted. */ | |
1920 | if( top && parent->version < 3 ) | |
1921 | need_ca_bit = 0; | |
1922 | ||
1923 | if( need_ca_bit && ! parent->ca_istrue ) | |
1924 | return( -1 ); | |
1925 | ||
1926 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) | |
1927 | if( need_ca_bit && | |
1928 | mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 ) | |
1929 | { | |
1930 | return( -1 ); | |
1931 | } | |
1932 | #endif | |
1933 | ||
1934 | return( 0 ); | |
1935 | } | |
1936 | ||
1937 | /* | |
1938 | * Find a suitable parent for child in candidates, or return NULL. | |
1939 | * | |
1940 | * Here suitable is defined as: | |
1941 | * 1. subject name matches child's issuer | |
1942 | * 2. if necessary, the CA bit is set and key usage allows signing certs | |
1943 | * 3. for trusted roots, the signature is correct | |
1944 | * 4. pathlen constraints are satisfied | |
1945 | * | |
1946 | * If there's a suitable candidate which is also time-valid, return the first | |
1947 | * such. Otherwise, return the first suitable candidate (or NULL if there is | |
1948 | * none). | |
1949 | * | |
1950 | * The rationale for this rule is that someone could have a list of trusted | |
1951 | * roots with two versions on the same root with different validity periods. | |
1952 | * (At least one user reported having such a list and wanted it to just work.) | |
1953 | * The reason we don't just require time-validity is that generally there is | |
1954 | * only one version, and if it's expired we want the flags to state that | |
1955 | * rather than NOT_TRUSTED, as would be the case if we required it here. | |
1956 | * | |
1957 | * The rationale for rule 3 (signature for trusted roots) is that users might | |
1958 | * have two versions of the same CA with different keys in their list, and the | |
1959 | * way we select the correct one is by checking the signature (as we don't | |
1960 | * rely on key identifier extensions). (This is one way users might choose to | |
1961 | * handle key rollover, another relies on self-issued certs, see [SIRO].) | |
1962 | * | |
1963 | * Arguments: | |
1964 | * - [in] child: certificate for which we're looking for a parent | |
1965 | * - [in] candidates: chained list of potential parents | |
1966 | * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top | |
1967 | * of the chain, 0 otherwise | |
1968 | * - [in] path_cnt: number of intermediates seen so far | |
1969 | * - [in] self_cnt: number of self-signed intermediates seen so far | |
1970 | * (will never be greater than path_cnt) | |
1971 | * | |
1972 | * Return value: | |
1973 | * - the first suitable parent found (see above regarding time-validity) | |
1974 | * - NULL if no suitable parent was found | |
1975 | */ | |
1976 | static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, | |
1977 | mbedtls_x509_crt *candidates, | |
1978 | int top, | |
1979 | size_t path_cnt, | |
1980 | size_t self_cnt ) | |
1981 | { | |
1982 | mbedtls_x509_crt *parent, *badtime_parent = NULL; | |
1983 | ||
1984 | for( parent = candidates; parent != NULL; parent = parent->next ) | |
1985 | { | |
1986 | /* basic parenting skills (name, CA bit, key usage) */ | |
1987 | if( x509_crt_check_parent( child, parent, top ) != 0 ) | |
1988 | continue; | |
1989 | ||
1990 | /* +1 because stored max_pathlen is 1 higher that the actual value */ | |
1991 | if( parent->max_pathlen > 0 && | |
1992 | (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) | |
1993 | { | |
1994 | continue; | |
1995 | } | |
1996 | ||
1997 | /* Signature */ | |
1998 | if( top && x509_crt_check_signature( child, parent ) != 0 ) | |
1999 | { | |
2000 | continue; | |
2001 | } | |
2002 | ||
2003 | /* optional time check */ | |
2004 | if( mbedtls_x509_time_is_past( &parent->valid_to ) || | |
2005 | mbedtls_x509_time_is_future( &parent->valid_from ) ) | |
2006 | { | |
2007 | if( badtime_parent == NULL ) | |
2008 | badtime_parent = parent; | |
2009 | ||
2010 | continue; | |
2011 | } | |
2012 | ||
2013 | break; | |
2014 | } | |
2015 | ||
2016 | if( parent == NULL ) | |
2017 | parent = badtime_parent; | |
2018 | ||
2019 | return( parent ); | |
2020 | } | |
2021 | ||
2022 | /* | |
2023 | * Find a parent in trusted CAs or the provided chain, or return NULL. | |
2024 | * | |
2025 | * Searches in trusted CAs first, and return the first suitable parent found | |
2026 | * (see find_parent_in() for definition of suitable). | |
2027 | * | |
2028 | * Arguments: | |
2029 | * - [in] child: certificate for which we're looking for a parent, followed | |
2030 | * by a chain of possible intermediates | |
2031 | * - [in] trust_ca: locally trusted CAs | |
2032 | * - [out] 1 if parent was found in trust_ca, 0 if found in provided chain | |
2033 | * - [in] path_cnt: number of intermediates seen so far | |
2034 | * - [in] self_cnt: number of self-signed intermediates seen so far | |
2035 | * (will always be no greater than path_cnt) | |
2036 | * | |
2037 | * Return value: | |
2038 | * - the first suitable parent found (see find_parent_in() for "suitable") | |
2039 | * - NULL if no suitable parent was found | |
2040 | */ | |
2041 | static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, | |
2042 | mbedtls_x509_crt *trust_ca, | |
2043 | int *parent_is_trusted, | |
2044 | size_t path_cnt, | |
2045 | size_t self_cnt ) | |
2046 | { | |
2047 | mbedtls_x509_crt *parent; | |
2048 | ||
2049 | /* Look for a parent in trusted CAs */ | |
2050 | *parent_is_trusted = 1; | |
2051 | parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt ); | |
2052 | ||
2053 | if( parent != NULL ) | |
2054 | return( parent ); | |
2055 | ||
2056 | /* Look for a parent upwards the chain */ | |
2057 | *parent_is_trusted = 0; | |
2058 | return( x509_crt_find_parent_in( child, child->next, 0, path_cnt, self_cnt ) ); | |
2059 | } | |
2060 | ||
2061 | /* | |
2062 | * Check if an end-entity certificate is locally trusted | |
2063 | * | |
2064 | * Currently we require such certificates to be self-signed (actually only | |
2065 | * check for self-issued as self-signatures are not checked) | |
2066 | */ | |
2067 | static int x509_crt_check_ee_locally_trusted( | |
2068 | mbedtls_x509_crt *crt, | |
2069 | mbedtls_x509_crt *trust_ca ) | |
2070 | { | |
2071 | mbedtls_x509_crt *cur; | |
2072 | ||
2073 | /* must be self-issued */ | |
2074 | if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 ) | |
2075 | return( -1 ); | |
2076 | ||
2077 | /* look for an exact match with trusted cert */ | |
2078 | for( cur = trust_ca; cur != NULL; cur = cur->next ) | |
2079 | { | |
2080 | if( crt->raw.len == cur->raw.len && | |
2081 | memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 ) | |
2082 | { | |
2083 | return( 0 ); | |
2084 | } | |
2085 | } | |
2086 | ||
2087 | /* too bad */ | |
2088 | return( -1 ); | |
2089 | } | |
2090 | ||
2091 | /* | |
2092 | * Build and verify a certificate chain | |
2093 | * | |
2094 | * Given a peer-provided list of certificates EE, C1, ..., Cn and | |
2095 | * a list of trusted certs R1, ... Rp, try to build and verify a chain | |
2096 | * EE, Ci1, ... Ciq [, Rj] | |
2097 | * such that every cert in the chain is a child of the next one, | |
2098 | * jumping to a trusted root as early as possible. | |
2099 | * | |
2100 | * Verify that chain and return it with flags for all issues found. | |
2101 | * | |
2102 | * Special cases: | |
2103 | * - EE == Rj -> return a one-element list containing it | |
2104 | * - EE, Ci1, ..., Ciq cannot be continued with a trusted root | |
2105 | * -> return that chain with NOT_TRUSTED set on Ciq | |
2106 | * | |
2107 | * Arguments: | |
2108 | * - [in] crt: the cert list EE, C1, ..., Cn | |
2109 | * - [in] trust_ca: the trusted list R1, ..., Rp | |
2110 | * - [in] ca_crl, profile: as in verify_with_profile() | |
2111 | * - [out] ver_chain, chain_len: the built and verified chain | |
2112 | * | |
2113 | * Return value: | |
2114 | * - non-zero if the chain could not be fully built and examined | |
2115 | * - 0 is the chain was successfully built and examined, | |
2116 | * even if it was found to be invalid | |
2117 | */ | |
2118 | static int x509_crt_verify_chain( | |
2119 | mbedtls_x509_crt *crt, | |
2120 | mbedtls_x509_crt *trust_ca, | |
2121 | mbedtls_x509_crl *ca_crl, | |
2122 | const mbedtls_x509_crt_profile *profile, | |
2123 | x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE], | |
2124 | size_t *chain_len ) | |
2125 | { | |
2126 | uint32_t *flags; | |
2127 | mbedtls_x509_crt *child; | |
2128 | mbedtls_x509_crt *parent; | |
2129 | int parent_is_trusted = 0; | |
2130 | int child_is_trusted = 0; | |
2131 | size_t self_cnt = 0; | |
2132 | ||
2133 | child = crt; | |
2134 | *chain_len = 0; | |
2135 | ||
2136 | while( 1 ) { | |
2137 | /* Add certificate to the verification chain */ | |
2138 | ver_chain[*chain_len].crt = child; | |
2139 | flags = &ver_chain[*chain_len].flags; | |
2140 | ++*chain_len; | |
2141 | ||
2142 | /* Check time-validity (all certificates) */ | |
2143 | if( mbedtls_x509_time_is_past( &child->valid_to ) ) | |
2144 | *flags |= MBEDTLS_X509_BADCERT_EXPIRED; | |
2145 | ||
2146 | if( mbedtls_x509_time_is_future( &child->valid_from ) ) | |
2147 | *flags |= MBEDTLS_X509_BADCERT_FUTURE; | |
2148 | ||
2149 | /* Stop here for trusted roots (but not for trusted EE certs) */ | |
2150 | if( child_is_trusted ) | |
2151 | return( 0 ); | |
2152 | ||
2153 | /* Check signature algorithm: MD & PK algs */ | |
2154 | if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) | |
2155 | *flags |= MBEDTLS_X509_BADCERT_BAD_MD; | |
2156 | ||
2157 | if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) | |
2158 | *flags |= MBEDTLS_X509_BADCERT_BAD_PK; | |
2159 | ||
2160 | /* Special case: EE certs that are locally trusted */ | |
2161 | if( *chain_len == 1 && | |
2162 | x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) | |
2163 | { | |
2164 | return( 0 ); | |
2165 | } | |
2166 | ||
2167 | /* Look for a parent in trusted CAs or up the chain */ | |
2168 | parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted, | |
2169 | *chain_len - 1, self_cnt ); | |
2170 | ||
2171 | /* No parent? We're done here */ | |
2172 | if( parent == NULL ) | |
2173 | { | |
2174 | *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; | |
2175 | return( 0 ); | |
2176 | } | |
2177 | ||
2178 | /* Count intermediate self-issued (not necessarily self-signed) certs. | |
2179 | * These can occur with some strategies for key rollover, see [SIRO], | |
2180 | * and should be excluded from max_pathlen checks. */ | |
2181 | if( *chain_len != 1 && | |
2182 | x509_name_cmp( &child->issuer, &child->subject ) == 0 ) | |
2183 | { | |
2184 | self_cnt++; | |
2185 | } | |
2186 | ||
2187 | /* path_cnt is 0 for the first intermediate CA, | |
2188 | * and if parent is trusted it's not an intermediate CA */ | |
2189 | if( ! parent_is_trusted && | |
2190 | *chain_len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) | |
2191 | { | |
2192 | /* return immediately to avoid overflow the chain array */ | |
2193 | return( MBEDTLS_ERR_X509_FATAL_ERROR ); | |
2194 | } | |
2195 | ||
2196 | /* if parent is trusted, the signature was checked by find_parent() */ | |
2197 | if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 ) | |
2198 | *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; | |
2199 | ||
2200 | /* check size of signing key */ | |
2201 | if( x509_profile_check_key( profile, &parent->pk ) != 0 ) | |
2202 | *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; | |
2203 | ||
2204 | #if defined(MBEDTLS_X509_CRL_PARSE_C) | |
2205 | /* Check trusted CA's CRL for the given crt */ | |
2206 | *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile ); | |
2207 | #else | |
2208 | (void) ca_crl; | |
2209 | #endif | |
2210 | ||
2211 | /* prepare for next iteration */ | |
2212 | child = parent; | |
2213 | parent = NULL; | |
2214 | child_is_trusted = parent_is_trusted; | |
2215 | } | |
2216 | } | |
2217 | ||
2218 | /* | |
2219 | * Check for CN match | |
2220 | */ | |
2221 | static int x509_crt_check_cn( const mbedtls_x509_buf *name, | |
2222 | const char *cn, size_t cn_len ) | |
2223 | { | |
2224 | /* try exact match */ | |
2225 | if( name->len == cn_len && | |
2226 | x509_memcasecmp( cn, name->p, cn_len ) == 0 ) | |
2227 | { | |
2228 | return( 0 ); | |
2229 | } | |
2230 | ||
2231 | /* try wildcard match */ | |
2232 | if( x509_check_wildcard( cn, name ) == 0 ) | |
2233 | { | |
2234 | return( 0 ); | |
2235 | } | |
2236 | ||
2237 | return( -1 ); | |
2238 | } | |
2239 | ||
2240 | /* | |
2241 | * Verify the requested CN - only call this if cn is not NULL! | |
2242 | */ | |
2243 | static void x509_crt_verify_name( const mbedtls_x509_crt *crt, | |
2244 | const char *cn, | |
2245 | uint32_t *flags ) | |
2246 | { | |
2247 | const mbedtls_x509_name *name; | |
2248 | const mbedtls_x509_sequence *cur; | |
2249 | size_t cn_len = strlen( cn ); | |
2250 | ||
2251 | if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) | |
2252 | { | |
2253 | for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) | |
2254 | { | |
2255 | if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 ) | |
2256 | break; | |
2257 | } | |
2258 | ||
2259 | if( cur == NULL ) | |
2260 | *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; | |
2261 | } | |
2262 | else | |
2263 | { | |
2264 | for( name = &crt->subject; name != NULL; name = name->next ) | |
2265 | { | |
2266 | if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && | |
2267 | x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) | |
2268 | { | |
2269 | break; | |
2270 | } | |
2271 | } | |
2272 | ||
2273 | if( name == NULL ) | |
2274 | *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; | |
2275 | } | |
2276 | } | |
2277 | ||
2278 | /* | |
2279 | * Merge the flags for all certs in the chain, after calling callback | |
2280 | */ | |
2281 | static int x509_crt_merge_flags_with_cb( | |
2282 | uint32_t *flags, | |
2283 | x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE], | |
2284 | size_t chain_len, | |
2285 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), | |
2286 | void *p_vrfy ) | |
2287 | { | |
2288 | int ret; | |
2289 | size_t i; | |
2290 | uint32_t cur_flags; | |
2291 | ||
2292 | for( i = chain_len; i != 0; --i ) | |
2293 | { | |
2294 | cur_flags = ver_chain[i-1].flags; | |
2295 | ||
2296 | if( NULL != f_vrfy ) | |
2297 | if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, (int) i-1, &cur_flags ) ) != 0 ) | |
2298 | return( ret ); | |
2299 | ||
2300 | *flags |= cur_flags; | |
2301 | } | |
2302 | ||
2303 | return( 0 ); | |
2304 | } | |
2305 | ||
2306 | /* | |
2307 | * Verify the certificate validity | |
2308 | */ | |
2309 | int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, | |
2310 | mbedtls_x509_crt *trust_ca, | |
2311 | mbedtls_x509_crl *ca_crl, | |
2312 | const char *cn, uint32_t *flags, | |
2313 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), | |
2314 | void *p_vrfy ) | |
2315 | { | |
2316 | return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl, | |
2317 | &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) ); | |
2318 | } | |
2319 | ||
2320 | /* | |
2321 | * Verify the certificate validity, with profile | |
2322 | * | |
2323 | * This function: | |
2324 | * - checks the requested CN (if any) | |
2325 | * - checks the type and size of the EE cert's key, | |
2326 | * as that isn't done as part of chain building/verification currently | |
2327 | * - builds and verifies the chain | |
2328 | * - then calls the callback and merges the flags | |
2329 | */ | |
2330 | int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, | |
2331 | mbedtls_x509_crt *trust_ca, | |
2332 | mbedtls_x509_crl *ca_crl, | |
2333 | const mbedtls_x509_crt_profile *profile, | |
2334 | const char *cn, uint32_t *flags, | |
2335 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), | |
2336 | void *p_vrfy ) | |
2337 | { | |
2338 | int ret; | |
2339 | mbedtls_pk_type_t pk_type; | |
2340 | x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE]; | |
2341 | size_t chain_len; | |
2342 | uint32_t *ee_flags = &ver_chain[0].flags; | |
2343 | ||
2344 | *flags = 0; | |
2345 | memset( ver_chain, 0, sizeof( ver_chain ) ); | |
2346 | chain_len = 0; | |
2347 | ||
2348 | if( profile == NULL ) | |
2349 | { | |
2350 | ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; | |
2351 | goto exit; | |
2352 | } | |
2353 | ||
2354 | /* check name if requested */ | |
2355 | if( cn != NULL ) | |
2356 | x509_crt_verify_name( crt, cn, ee_flags ); | |
2357 | ||
2358 | /* Check the type and size of the key */ | |
2359 | pk_type = mbedtls_pk_get_type( &crt->pk ); | |
2360 | ||
2361 | if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) | |
2362 | *ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; | |
2363 | ||
2364 | if( x509_profile_check_key( profile, &crt->pk ) != 0 ) | |
2365 | *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; | |
2366 | ||
2367 | /* Check the chain */ | |
2368 | ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, | |
2369 | ver_chain, &chain_len ); | |
2370 | if( ret != 0 ) | |
2371 | goto exit; | |
2372 | ||
2373 | /* Build final flags, calling callback on the way if any */ | |
2374 | ret = x509_crt_merge_flags_with_cb( flags, | |
2375 | ver_chain, chain_len, f_vrfy, p_vrfy ); | |
2376 | ||
2377 | exit: | |
2378 | /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by | |
2379 | * the SSL module for authmode optional, but non-zero return from the | |
2380 | * callback means a fatal error so it shouldn't be ignored */ | |
2381 | if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) | |
2382 | ret = MBEDTLS_ERR_X509_FATAL_ERROR; | |
2383 | ||
2384 | if( ret != 0 ) | |
2385 | { | |
2386 | *flags = (uint32_t) -1; | |
2387 | return( ret ); | |
2388 | } | |
2389 | ||
2390 | if( *flags != 0 ) | |
2391 | return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); | |
2392 | ||
2393 | return( 0 ); | |
2394 | } | |
2395 | ||
2396 | /* | |
2397 | * Initialize a certificate chain | |
2398 | */ | |
2399 | void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ) | |
2400 | { | |
2401 | memset( crt, 0, sizeof(mbedtls_x509_crt) ); | |
2402 | } | |
2403 | ||
2404 | /* | |
2405 | * Unallocate all certificate data | |
2406 | */ | |
2407 | void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) | |
2408 | { | |
2409 | mbedtls_x509_crt *cert_cur = crt; | |
2410 | mbedtls_x509_crt *cert_prv; | |
2411 | mbedtls_x509_name *name_cur; | |
2412 | mbedtls_x509_name *name_prv; | |
2413 | mbedtls_x509_sequence *seq_cur; | |
2414 | mbedtls_x509_sequence *seq_prv; | |
2415 | ||
2416 | if( crt == NULL ) | |
2417 | return; | |
2418 | ||
2419 | do | |
2420 | { | |
2421 | mbedtls_pk_free( &cert_cur->pk ); | |
2422 | ||
2423 | #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) | |
2424 | mbedtls_free( cert_cur->sig_opts ); | |
2425 | #endif | |
2426 | ||
2427 | name_cur = cert_cur->issuer.next; | |
2428 | while( name_cur != NULL ) | |
2429 | { | |
2430 | name_prv = name_cur; | |
2431 | name_cur = name_cur->next; | |
2432 | mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); | |
2433 | mbedtls_free( name_prv ); | |
2434 | } | |
2435 | ||
2436 | name_cur = cert_cur->subject.next; | |
2437 | while( name_cur != NULL ) | |
2438 | { | |
2439 | name_prv = name_cur; | |
2440 | name_cur = name_cur->next; | |
2441 | mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); | |
2442 | mbedtls_free( name_prv ); | |
2443 | } | |
2444 | ||
2445 | seq_cur = cert_cur->ext_key_usage.next; | |
2446 | while( seq_cur != NULL ) | |
2447 | { | |
2448 | seq_prv = seq_cur; | |
2449 | seq_cur = seq_cur->next; | |
2450 | mbedtls_platform_zeroize( seq_prv, | |
2451 | sizeof( mbedtls_x509_sequence ) ); | |
2452 | mbedtls_free( seq_prv ); | |
2453 | } | |
2454 | ||
2455 | seq_cur = cert_cur->subject_alt_names.next; | |
2456 | while( seq_cur != NULL ) | |
2457 | { | |
2458 | seq_prv = seq_cur; | |
2459 | seq_cur = seq_cur->next; | |
2460 | mbedtls_platform_zeroize( seq_prv, | |
2461 | sizeof( mbedtls_x509_sequence ) ); | |
2462 | mbedtls_free( seq_prv ); | |
2463 | } | |
2464 | ||
2465 | if( cert_cur->raw.p != NULL ) | |
2466 | { | |
2467 | mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); | |
2468 | mbedtls_free( cert_cur->raw.p ); | |
2469 | } | |
2470 | ||
2471 | cert_cur = cert_cur->next; | |
2472 | } | |
2473 | while( cert_cur != NULL ); | |
2474 | ||
2475 | cert_cur = crt; | |
2476 | do | |
2477 | { | |
2478 | cert_prv = cert_cur; | |
2479 | cert_cur = cert_cur->next; | |
2480 | ||
2481 | mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); | |
2482 | if( cert_prv != crt ) | |
2483 | mbedtls_free( cert_prv ); | |
2484 | } | |
2485 | while( cert_cur != NULL ); | |
2486 | } | |
2487 | ||
2488 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |