git.zerfleddert.de Git - proxmark3-svn/blob - common/mbedtls/x509.c

   1 /*
   2  *  X.509 common functions for parsing and verification
   3  *
   4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
   5  *  SPDX-License-Identifier: GPL-2.0
   6  *
   7  *  This program is free software; you can redistribute it and/or modify
   8  *  it under the terms of the GNU General Public License as published by
   9  *  the Free Software Foundation; either version 2 of the License, or
  10  *  (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License along
  18  *  with this program; if not, write to the Free Software Foundation, Inc.,
  19  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  *  This file is part of mbed TLS (https://tls.mbed.org)
  22  */
  23 /*
  24  *  The ITU-T X.509 standard defines a certificate format for PKI.
  25  *
  26  *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
  27  *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
  28  *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
  29  *
  30  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
  31  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
  32  */
  33
  34 /* Ensure gmtime_r is available even with -std=c99; must be included before
  35  * config.h, which pulls in glibc's features.h. Harmless on other platforms. */
  36 #define _POSIX_C_SOURCE 200112L
  37
  38 #if !defined(MBEDTLS_CONFIG_FILE)
  39 #include "mbedtls/config.h"
  40 #else
  41 #include MBEDTLS_CONFIG_FILE
  42 #endif
  43
  44 #if defined(MBEDTLS_X509_USE_C)
  45
  46 #include "mbedtls/x509.h"
  47 #include "mbedtls/asn1.h"
  48 #include "mbedtls/oid.h"
  49
  50 #include <stdio.h>
  51 #include <string.h>
  52
  53 #if defined(MBEDTLS_PEM_PARSE_C)
  54 #include "mbedtls/pem.h"
  55 #endif
  56
  57 #if defined(MBEDTLS_PLATFORM_C)
  58 #include "mbedtls/platform.h"
  59 #else
  60 #include <stdio.h>
  61 #include <stdlib.h>
  62 #define mbedtls_free      free
  63 #define mbedtls_calloc    calloc
  64 #define mbedtls_printf    printf
  65 #define mbedtls_snprintf  snprintf
  66 #endif
  67
  68 #if defined(MBEDTLS_HAVE_TIME)
  69 #include "mbedtls/platform_time.h"
  70 #endif
  71 #if defined(MBEDTLS_HAVE_TIME_DATE)
  72 #include <time.h>
  73 #endif
  74
  75 #define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
  76 #define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
  77
  78 /*
  79  *  CertificateSerialNumber  ::=  INTEGER
  80  */
  81 int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
  82                      mbedtls_x509_buf *serial )
  83 {
  84     int ret;
  85
  86     if( ( end - *p ) < 1 )
  87         return( MBEDTLS_ERR_X509_INVALID_SERIAL +
  88                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
  89
  90     if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
  91         **p !=   MBEDTLS_ASN1_INTEGER )
  92         return( MBEDTLS_ERR_X509_INVALID_SERIAL +
  93                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
  94
  95     serial->tag = *(*p)++;
  96
  97     if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
  98         return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret );
  99
 100     serial->p = *p;
 101     *p += serial->len;
 102
 103     return( 0 );
 104 }
 105
 106 /* Get an algorithm identifier without parameters (eg for signatures)
 107  *
 108  *  AlgorithmIdentifier  ::=  SEQUENCE  {
 109  *       algorithm               OBJECT IDENTIFIER,
 110  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
 111  */
 112 int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
 113                        mbedtls_x509_buf *alg )
 114 {
 115     int ret;
 116
 117     if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
 118         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 119
 120     return( 0 );
 121 }
 122
 123 /*
 124  * Parse an algorithm identifier with (optional) paramaters
 125  */
 126 int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
 127                   mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
 128 {
 129     int ret;
 130
 131     if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
 132         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 133
 134     return( 0 );
 135 }
 136
 137 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
 138 /*
 139  * HashAlgorithm ::= AlgorithmIdentifier
 140  *
 141  * AlgorithmIdentifier  ::=  SEQUENCE  {
 142  *      algorithm               OBJECT IDENTIFIER,
 143  *      parameters              ANY DEFINED BY algorithm OPTIONAL  }
 144  *
 145  * For HashAlgorithm, parameters MUST be NULL or absent.
 146  */
 147 static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
 148 {
 149     int ret;
 150     unsigned char *p;
 151     const unsigned char *end;
 152     mbedtls_x509_buf md_oid;
 153     size_t len;
 154
 155     /* Make sure we got a SEQUENCE and setup bounds */
 156     if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
 157         return( MBEDTLS_ERR_X509_INVALID_ALG +
 158                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 159
 160     p = (unsigned char *) alg->p;
 161     end = p + alg->len;
 162
 163     if( p >= end )
 164         return( MBEDTLS_ERR_X509_INVALID_ALG +
 165                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 166
 167     /* Parse md_oid */
 168     md_oid.tag = *p;
 169
 170     if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
 171         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 172
 173     md_oid.p = p;
 174     p += md_oid.len;
 175
 176     /* Get md_alg from md_oid */
 177     if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
 178         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 179
 180     /* Make sure params is absent of NULL */
 181     if( p == end )
 182         return( 0 );
 183
 184     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
 185         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 186
 187     if( p != end )
 188         return( MBEDTLS_ERR_X509_INVALID_ALG +
 189                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 190
 191     return( 0 );
 192 }
 193
 194 /*
 195  *    RSASSA-PSS-params  ::=  SEQUENCE  {
 196  *       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
 197  *       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
 198  *       saltLength        [2] INTEGER DEFAULT 20,
 199  *       trailerField      [3] INTEGER DEFAULT 1  }
 200  *    -- Note that the tags in this Sequence are explicit.
 201  *
 202  * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
 203  * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
 204  * option. Enfore this at parsing time.
 205  */
 206 int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
 207                                 mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
 208                                 int *salt_len )
 209 {
 210     int ret;
 211     unsigned char *p;
 212     const unsigned char *end, *end2;
 213     size_t len;
 214     mbedtls_x509_buf alg_id, alg_params;
 215
 216     /* First set everything to defaults */
 217     *md_alg = MBEDTLS_MD_SHA1;
 218     *mgf_md = MBEDTLS_MD_SHA1;
 219     *salt_len = 20;
 220
 221     /* Make sure params is a SEQUENCE and setup bounds */
 222     if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
 223         return( MBEDTLS_ERR_X509_INVALID_ALG +
 224                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 225
 226     p = (unsigned char *) params->p;
 227     end = p + params->len;
 228
 229     if( p == end )
 230         return( 0 );
 231
 232     /*
 233      * HashAlgorithm
 234      */
 235     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 236                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
 237     {
 238         end2 = p + len;
 239
 240         /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
 241         if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
 242             return( ret );
 243
 244         if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
 245             return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 246
 247         if( p != end2 )
 248             return( MBEDTLS_ERR_X509_INVALID_ALG +
 249                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 250     }
 251     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
 252         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 253
 254     if( p == end )
 255         return( 0 );
 256
 257     /*
 258      * MaskGenAlgorithm
 259      */
 260     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 261                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
 262     {
 263         end2 = p + len;
 264
 265         /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
 266         if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
 267             return( ret );
 268
 269         /* Only MFG1 is recognised for now */
 270         if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
 271             return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +
 272                     MBEDTLS_ERR_OID_NOT_FOUND );
 273
 274         /* Parse HashAlgorithm */
 275         if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
 276             return( ret );
 277
 278         if( p != end2 )
 279             return( MBEDTLS_ERR_X509_INVALID_ALG +
 280                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 281     }
 282     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
 283         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 284
 285     if( p == end )
 286         return( 0 );
 287
 288     /*
 289      * salt_len
 290      */
 291     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 292                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
 293     {
 294         end2 = p + len;
 295
 296         if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
 297             return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 298
 299         if( p != end2 )
 300             return( MBEDTLS_ERR_X509_INVALID_ALG +
 301                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 302     }
 303     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
 304         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 305
 306     if( p == end )
 307         return( 0 );
 308
 309     /*
 310      * trailer_field (if present, must be 1)
 311      */
 312     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
 313                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
 314     {
 315         int trailer_field;
 316
 317         end2 = p + len;
 318
 319         if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
 320             return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 321
 322         if( p != end2 )
 323             return( MBEDTLS_ERR_X509_INVALID_ALG +
 324                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 325
 326         if( trailer_field != 1 )
 327             return( MBEDTLS_ERR_X509_INVALID_ALG );
 328     }
 329     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
 330         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 331
 332     if( p != end )
 333         return( MBEDTLS_ERR_X509_INVALID_ALG +
 334                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 335
 336     return( 0 );
 337 }
 338 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 339
 340 /*
 341  *  AttributeTypeAndValue ::= SEQUENCE {
 342  *    type     AttributeType,
 343  *    value    AttributeValue }
 344  *
 345  *  AttributeType ::= OBJECT IDENTIFIER
 346  *
 347  *  AttributeValue ::= ANY DEFINED BY AttributeType
 348  */
 349 static int x509_get_attr_type_value( unsigned char **p,
 350                                      const unsigned char *end,
 351                                      mbedtls_x509_name *cur )
 352 {
 353     int ret;
 354     size_t len;
 355     mbedtls_x509_buf *oid;
 356     mbedtls_x509_buf *val;
 357
 358     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
 359             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 360         return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
 361
 362     if( ( end - *p ) < 1 )
 363         return( MBEDTLS_ERR_X509_INVALID_NAME +
 364                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 365
 366     oid = &cur->oid;
 367     oid->tag = **p;
 368
 369     if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
 370         return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
 371
 372     oid->p = *p;
 373     *p += oid->len;
 374
 375     if( ( end - *p ) < 1 )
 376         return( MBEDTLS_ERR_X509_INVALID_NAME +
 377                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 378
 379     if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING      &&
 380         **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
 381         **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
 382         **p != MBEDTLS_ASN1_BIT_STRING )
 383         return( MBEDTLS_ERR_X509_INVALID_NAME +
 384                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 385
 386     val = &cur->val;
 387     val->tag = *(*p)++;
 388
 389     if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
 390         return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
 391
 392     val->p = *p;
 393     *p += val->len;
 394
 395     cur->next = NULL;
 396
 397     return( 0 );
 398 }
 399
 400 /*
 401  *  Name ::= CHOICE { -- only one possibility for now --
 402  *       rdnSequence  RDNSequence }
 403  *
 404  *  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
 405  *
 406  *  RelativeDistinguishedName ::=
 407  *    SET OF AttributeTypeAndValue
 408  *
 409  *  AttributeTypeAndValue ::= SEQUENCE {
 410  *    type     AttributeType,
 411  *    value    AttributeValue }
 412  *
 413  *  AttributeType ::= OBJECT IDENTIFIER
 414  *
 415  *  AttributeValue ::= ANY DEFINED BY AttributeType
 416  *
 417  * The data structure is optimized for the common case where each RDN has only
 418  * one element, which is represented as a list of AttributeTypeAndValue.
 419  * For the general case we still use a flat list, but we mark elements of the
 420  * same set so that they are "merged" together in the functions that consume
 421  * this list, eg mbedtls_x509_dn_gets().
 422  */
 423 int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
 424                    mbedtls_x509_name *cur )
 425 {
 426     int ret;
 427     size_t set_len;
 428     const unsigned char *end_set;
 429
 430     /* don't use recursion, we'd risk stack overflow if not optimized */
 431     while( 1 )
 432     {
 433         /*
 434          * parse SET
 435          */
 436         if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
 437                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
 438             return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
 439
 440         end_set  = *p + set_len;
 441
 442         while( 1 )
 443         {
 444             if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
 445                 return( ret );
 446
 447             if( *p == end_set )
 448                 break;
 449
 450             /* Mark this item as being no the only one in a set */
 451             cur->next_merged = 1;
 452
 453             cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
 454
 455             if( cur->next == NULL )
 456                 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
 457
 458             cur = cur->next;
 459         }
 460
 461         /*
 462          * continue until end of SEQUENCE is reached
 463          */
 464         if( *p == end )
 465             return( 0 );
 466
 467         cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
 468
 469         if( cur->next == NULL )
 470             return( MBEDTLS_ERR_X509_ALLOC_FAILED );
 471
 472         cur = cur->next;
 473     }
 474 }
 475
 476 static int x509_parse_int( unsigned char **p, size_t n, int *res )
 477 {
 478     *res = 0;
 479
 480     for( ; n > 0; --n )
 481     {
 482         if( ( **p < '0') || ( **p > '9' ) )
 483             return ( MBEDTLS_ERR_X509_INVALID_DATE );
 484
 485         *res *= 10;
 486         *res += ( *(*p)++ - '0' );
 487     }
 488
 489     return( 0 );
 490 }
 491
 492 static int x509_date_is_valid(const mbedtls_x509_time *t )
 493 {
 494     int ret = MBEDTLS_ERR_X509_INVALID_DATE;
 495     int month_len;
 496
 497     CHECK_RANGE( 0, 9999, t->year );
 498     CHECK_RANGE( 0, 23,   t->hour );
 499     CHECK_RANGE( 0, 59,   t->min  );
 500     CHECK_RANGE( 0, 59,   t->sec  );
 501
 502     switch( t->mon )
 503     {
 504         case 1: case 3: case 5: case 7: case 8: case 10: case 12:
 505             month_len = 31;
 506             break;
 507         case 4: case 6: case 9: case 11:
 508             month_len = 30;
 509             break;
 510         case 2:
 511             if( ( !( t->year % 4 ) && t->year % 100 ) ||
 512                 !( t->year % 400 ) )
 513                 month_len = 29;
 514             else
 515                 month_len = 28;
 516             break;
 517         default:
 518             return( ret );
 519     }
 520     CHECK_RANGE( 1, month_len, t->day );
 521
 522     return( 0 );
 523 }
 524
 525 /*
 526  * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
 527  * field.
 528  */
 529 static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
 530                             mbedtls_x509_time *tm )
 531 {
 532     int ret;
 533
 534     /*
 535      * Minimum length is 10 or 12 depending on yearlen
 536      */
 537     if ( len < yearlen + 8 )
 538         return ( MBEDTLS_ERR_X509_INVALID_DATE );
 539     len -= yearlen + 8;
 540
 541     /*
 542      * Parse year, month, day, hour, minute
 543      */
 544     CHECK( x509_parse_int( p, yearlen, &tm->year ) );
 545     if ( 2 == yearlen )
 546     {
 547         if ( tm->year < 50 )
 548             tm->year += 100;
 549
 550         tm->year += 1900;
 551     }
 552
 553     CHECK( x509_parse_int( p, 2, &tm->mon ) );
 554     CHECK( x509_parse_int( p, 2, &tm->day ) );
 555     CHECK( x509_parse_int( p, 2, &tm->hour ) );
 556     CHECK( x509_parse_int( p, 2, &tm->min ) );
 557
 558     /*
 559      * Parse seconds if present
 560      */
 561     if ( len >= 2 )
 562     {
 563         CHECK( x509_parse_int( p, 2, &tm->sec ) );
 564         len -= 2;
 565     }
 566     else
 567         return ( MBEDTLS_ERR_X509_INVALID_DATE );
 568
 569     /*
 570      * Parse trailing 'Z' if present
 571      */
 572     if ( 1 == len && 'Z' == **p )
 573     {
 574         (*p)++;
 575         len--;
 576     }
 577
 578     /*
 579      * We should have parsed all characters at this point
 580      */
 581     if ( 0 != len )
 582         return ( MBEDTLS_ERR_X509_INVALID_DATE );
 583
 584     CHECK( x509_date_is_valid( tm ) );
 585
 586     return ( 0 );
 587 }
 588
 589 /*
 590  *  Time ::= CHOICE {
 591  *       utcTime        UTCTime,
 592  *       generalTime    GeneralizedTime }
 593  */
 594 int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
 595                            mbedtls_x509_time *tm )
 596 {
 597     int ret;
 598     size_t len, year_len;
 599     unsigned char tag;
 600
 601     if( ( end - *p ) < 1 )
 602         return( MBEDTLS_ERR_X509_INVALID_DATE +
 603                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 604
 605     tag = **p;
 606
 607     if( tag == MBEDTLS_ASN1_UTC_TIME )
 608         year_len = 2;
 609     else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
 610         year_len = 4;
 611     else
 612         return( MBEDTLS_ERR_X509_INVALID_DATE +
 613                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 614
 615     (*p)++;
 616     ret = mbedtls_asn1_get_len( p, end, &len );
 617
 618     if( ret != 0 )
 619         return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
 620
 621     return x509_parse_time( p, len, year_len, tm );
 622 }
 623
 624 int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
 625 {
 626     int ret;
 627     size_t len;
 628     int tag_type;
 629
 630     if( ( end - *p ) < 1 )
 631         return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
 632                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 633
 634     tag_type = **p;
 635
 636     if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
 637         return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
 638
 639     sig->tag = tag_type;
 640     sig->len = len;
 641     sig->p = *p;
 642
 643     *p += len;
 644
 645     return( 0 );
 646 }
 647
 648 /*
 649  * Get signature algorithm from alg OID and optional parameters
 650  */
 651 int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
 652                       mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
 653                       void **sig_opts )
 654 {
 655     int ret;
 656
 657     if( *sig_opts != NULL )
 658         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
 659
 660     if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
 661         return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );
 662
 663 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
 664     if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
 665     {
 666         mbedtls_pk_rsassa_pss_options *pss_opts;
 667
 668         pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
 669         if( pss_opts == NULL )
 670             return( MBEDTLS_ERR_X509_ALLOC_FAILED );
 671
 672         ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
 673                                           md_alg,
 674                                           &pss_opts->mgf1_hash_id,
 675                                           &pss_opts->expected_salt_len );
 676         if( ret != 0 )
 677         {
 678             mbedtls_free( pss_opts );
 679             return( ret );
 680         }
 681
 682         *sig_opts = (void *) pss_opts;
 683     }
 684     else
 685 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 686     {
 687         /* Make sure parameters are absent or NULL */
 688         if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
 689               sig_params->len != 0 )
 690         return( MBEDTLS_ERR_X509_INVALID_ALG );
 691     }
 692
 693     return( 0 );
 694 }
 695
 696 /*
 697  * X.509 Extensions (No parsing of extensions, pointer should
 698  * be either manually updated or extensions should be parsed!)
 699  */
 700 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
 701                   mbedtls_x509_buf *ext, int tag )
 702 {
 703     int ret;
 704     size_t len;
 705
 706     if( *p == end )
 707         return( 0 );
 708
 709     ext->tag = **p;
 710
 711     if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
 712             MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ) ) != 0 )
 713         return( ret );
 714
 715     ext->p = *p;
 716     end = *p + ext->len;
 717
 718     /*
 719      * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
 720      *
 721      * Extension  ::=  SEQUENCE  {
 722      *      extnID      OBJECT IDENTIFIER,
 723      *      critical    BOOLEAN DEFAULT FALSE,
 724      *      extnValue   OCTET STRING  }
 725      */
 726     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
 727             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
 728         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 729
 730     if( end != *p + len )
 731         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
 732                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 733
 734     return( 0 );
 735 }
 736
 737 /*
 738  * Store the name in printable form into buf; no more
 739  * than size characters will be written
 740  */
 741 int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
 742 {
 743     int ret;
 744     size_t i, n;
 745     unsigned char c, merge = 0;
 746     const mbedtls_x509_name *name;
 747     const char *short_name = NULL;
 748     char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
 749
 750     memset( s, 0, sizeof( s ) );
 751
 752     name = dn;
 753     p = buf;
 754     n = size;
 755
 756     while( name != NULL )
 757     {
 758         if( !name->oid.p )
 759         {
 760             name = name->next;
 761             continue;
 762         }
 763
 764         if( name != dn )
 765         {
 766             ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
 767             MBEDTLS_X509_SAFE_SNPRINTF;
 768         }
 769
 770         ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
 771
 772         if( ret == 0 )
 773             ret = mbedtls_snprintf( p, n, "%s=", short_name );
 774         else
 775             ret = mbedtls_snprintf( p, n, "\?\?=" );
 776         MBEDTLS_X509_SAFE_SNPRINTF;
 777
 778         for( i = 0; i < name->val.len; i++ )
 779         {
 780             if( i >= sizeof( s ) - 1 )
 781                 break;
 782
 783             c = name->val.p[i];
 784             if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
 785                  s[i] = '?';
 786             else s[i] = c;
 787         }
 788         s[i] = '\0';
 789         ret = mbedtls_snprintf( p, n, "%s", s );
 790         MBEDTLS_X509_SAFE_SNPRINTF;
 791
 792         merge = name->next_merged;
 793         name = name->next;
 794     }
 795
 796     return( (int) ( size - n ) );
 797 }
 798
 799 /*
 800  * Store the serial in printable form into buf; no more
 801  * than size characters will be written
 802  */
 803 int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
 804 {
 805     int ret;
 806     size_t i, n, nr;
 807     char *p;
 808
 809     p = buf;
 810     n = size;
 811
 812     nr = ( serial->len <= 32 )
 813         ? serial->len  : 28;
 814
 815     for( i = 0; i < nr; i++ )
 816     {
 817         if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
 818             continue;
 819
 820         ret = mbedtls_snprintf( p, n, "%02X%s",
 821                 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
 822         MBEDTLS_X509_SAFE_SNPRINTF;
 823     }
 824
 825     if( nr != serial->len )
 826     {
 827         ret = mbedtls_snprintf( p, n, "...." );
 828         MBEDTLS_X509_SAFE_SNPRINTF;
 829     }
 830
 831     return( (int) ( size - n ) );
 832 }
 833
 834 /*
 835  * Helper for writing signature algorithms
 836  */
 837 int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
 838                        mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
 839                        const void *sig_opts )
 840 {
 841     int ret;
 842     char *p = buf;
 843     size_t n = size;
 844     const char *desc = NULL;
 845
 846     ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
 847     if( ret != 0 )
 848         ret = mbedtls_snprintf( p, n, "???"  );
 849     else
 850         ret = mbedtls_snprintf( p, n, "%s", desc );
 851     MBEDTLS_X509_SAFE_SNPRINTF;
 852
 853 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
 854     if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
 855     {
 856         const mbedtls_pk_rsassa_pss_options *pss_opts;
 857         const mbedtls_md_info_t *md_info, *mgf_md_info;
 858
 859         pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
 860
 861         md_info = mbedtls_md_info_from_type( md_alg );
 862         mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
 863
 864         ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
 865                               md_info ? mbedtls_md_get_name( md_info ) : "???",
 866                               mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
 867                               pss_opts->expected_salt_len );
 868         MBEDTLS_X509_SAFE_SNPRINTF;
 869     }
 870 #else
 871     ((void) pk_alg);
 872     ((void) md_alg);
 873     ((void) sig_opts);
 874 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 875
 876     return( (int)( size - n ) );
 877 }
 878
 879 /*
 880  * Helper for writing "RSA key size", "EC key size", etc
 881  */
 882 int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
 883 {
 884     char *p = buf;
 885     size_t n = buf_size;
 886     int ret;
 887
 888     ret = mbedtls_snprintf( p, n, "%s key size", name );
 889     MBEDTLS_X509_SAFE_SNPRINTF;
 890
 891     return( 0 );
 892 }
 893
 894 #if defined(MBEDTLS_HAVE_TIME_DATE)
 895 /*
 896  * Set the time structure to the current time.
 897  * Return 0 on success, non-zero on failure.
 898  */
 899 static int x509_get_current_time( mbedtls_x509_time *now )
 900 {
 901     struct tm *lt, tm_buf;
 902     mbedtls_time_t tt;
 903     int ret = 0;
 904
 905     tt = mbedtls_time( NULL );
 906 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
 907     lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL;
 908 #else
 909     lt = gmtime_r( &tt, &tm_buf );
 910 #endif
 911
 912     if( lt == NULL )
 913         ret = -1;
 914     else
 915     {
 916         now->year = lt->tm_year + 1900;
 917         now->mon  = lt->tm_mon  + 1;
 918         now->day  = lt->tm_mday;
 919         now->hour = lt->tm_hour;
 920         now->min  = lt->tm_min;
 921         now->sec  = lt->tm_sec;
 922     }
 923
 924     return( ret );
 925 }
 926
 927 /*
 928  * Return 0 if before <= after, 1 otherwise
 929  */
 930 static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
 931 {
 932     if( before->year  > after->year )
 933         return( 1 );
 934
 935     if( before->year == after->year &&
 936         before->mon   > after->mon )
 937         return( 1 );
 938
 939     if( before->year == after->year &&
 940         before->mon  == after->mon  &&
 941         before->day   > after->day )
 942         return( 1 );
 943
 944     if( before->year == after->year &&
 945         before->mon  == after->mon  &&
 946         before->day  == after->day  &&
 947         before->hour  > after->hour )
 948         return( 1 );
 949
 950     if( before->year == after->year &&
 951         before->mon  == after->mon  &&
 952         before->day  == after->day  &&
 953         before->hour == after->hour &&
 954         before->min   > after->min  )
 955         return( 1 );
 956
 957     if( before->year == after->year &&
 958         before->mon  == after->mon  &&
 959         before->day  == after->day  &&
 960         before->hour == after->hour &&
 961         before->min  == after->min  &&
 962         before->sec   > after->sec  )
 963         return( 1 );
 964
 965     return( 0 );
 966 }
 967
 968 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
 969 {
 970     mbedtls_x509_time now;
 971
 972     if( x509_get_current_time( &now ) != 0 )
 973         return( 1 );
 974
 975     return( x509_check_time( &now, to ) );
 976 }
 977
 978 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
 979 {
 980     mbedtls_x509_time now;
 981
 982     if( x509_get_current_time( &now ) != 0 )
 983         return( 1 );
 984
 985     return( x509_check_time( from, &now ) );
 986 }
 987
 988 #else  /* MBEDTLS_HAVE_TIME_DATE */
 989
 990 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
 991 {
 992     ((void) to);
 993     return( 0 );
 994 }
 995
 996 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
 997 {
 998     ((void) from);
 999     return( 0 );
1000 }
1001 #endif /* MBEDTLS_HAVE_TIME_DATE */
1002
1003 #if defined(MBEDTLS_SELF_TEST)
1004
1005 #include "mbedtls/x509_crt.h"
1006 #include "mbedtls/certs.h"
1007
1008 /*
1009  * Checkup routine
1010  */
1011 int mbedtls_x509_self_test( int verbose )
1012 {
1013 #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
1014     int ret;
1015     uint32_t flags;
1016     mbedtls_x509_crt cacert;
1017     mbedtls_x509_crt clicert;
1018
1019     if( verbose != 0 )
1020         mbedtls_printf( "  X.509 certificate load: " );
1021
1022     mbedtls_x509_crt_init( &clicert );
1023
1024     ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
1025                            mbedtls_test_cli_crt_len );
1026     if( ret != 0 )
1027     {
1028         if( verbose != 0 )
1029             mbedtls_printf( "failed\n" );
1030
1031         return( ret );
1032     }
1033
1034     mbedtls_x509_crt_init( &cacert );
1035
1036     ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
1037                           mbedtls_test_ca_crt_len );
1038     if( ret != 0 )
1039     {
1040         if( verbose != 0 )
1041             mbedtls_printf( "failed\n" );
1042
1043         return( ret );
1044     }
1045
1046     if( verbose != 0 )
1047         mbedtls_printf( "passed\n  X.509 signature verify: ");
1048
1049     ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
1050     if( ret != 0 )
1051     {
1052         if( verbose != 0 )
1053             mbedtls_printf( "failed\n" );
1054
1055         return( ret );
1056     }
1057
1058     if( verbose != 0 )
1059         mbedtls_printf( "passed\n\n");
1060
1061     mbedtls_x509_crt_free( &cacert  );
1062     mbedtls_x509_crt_free( &clicert );
1063
1064     return( 0 );
1065 #else
1066     ((void) verbose);
1067     return( 0 );
1068 #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
1069 }
1070
1071 #endif /* MBEDTLS_SELF_TEST */
1072
1073 #endif /* MBEDTLS_X509_USE_C */