projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[LOCALSPL_WINETEST] Sync with Wine Staging 4.18. CORE-16441
[reactos.git] / dll / 3rdparty / mbedtls / x509_crt.c
1 /*
2 * X.509 certificate parsing and verification
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23 /*
24 * The ITU-T X.509 standard defines a certificate format for PKI.
25 *
26 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
27 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
28 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
29 *
30 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
31 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
32 */
33
34 #if !defined(MBEDTLS_CONFIG_FILE)
35 #include "mbedtls/config.h"
36 #else
37 #include MBEDTLS_CONFIG_FILE
38 #endif
39
40 #if defined(MBEDTLS_X509_CRT_PARSE_C)
41
42 #include "mbedtls/x509_crt.h"
43 #include "mbedtls/oid.h"
44
45 #include <string.h>
46
47 #if defined(MBEDTLS_PEM_PARSE_C)
48 #include "mbedtls/pem.h"
49 #endif
50
51 #if defined(MBEDTLS_PLATFORM_C)
52 #include "mbedtls/platform.h"
53 #else
54 #include <stdio.h>
55 #include <stdlib.h>
56 #define mbedtls_free free
57 #define mbedtls_calloc calloc
58 #define mbedtls_snprintf snprintf
59 #endif
60
61 #if defined(MBEDTLS_THREADING_C)
62 #include "mbedtls/threading.h"
63 #endif
64
65 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
66 #include <windows.h>
67 #else
68 #include <time.h>
69 #endif
70
71 #if defined(MBEDTLS_FS_IO)
72 #include <stdio.h>
73 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
74 #include <sys/types.h>
75 #include <sys/stat.h>
76 #include <dirent.h>
77 #endif /* !_WIN32 || EFIX64 || EFI32 */
78 #endif
79
80 /* Implementation that should never be optimized out by the compiler */
81 static void mbedtls_zeroize( void *v, size_t n ) {
82 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
83 }
84
85 /*
86 * Default profile
87 */
88 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
89 {
90 #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
91 /* Allow SHA-1 (weak, but still safe in controlled environments) */
92 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
93 #endif
94 /* Only SHA-2 hashes */
95 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
96 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
97 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
98 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
99 0xFFFFFFF, /* Any PK alg */
100 0xFFFFFFF, /* Any curve */
101 2048,
102 };
103
104 /*
105 * Next-default profile
106 */
107 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
108 {
109 /* Hashes from SHA-256 and above */
110 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
111 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
112 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
113 0xFFFFFFF, /* Any PK alg */
114 #if defined(MBEDTLS_ECP_C)
115 /* Curves at or above 128-bit security level */
116 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
117 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
118 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
119 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
120 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
121 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
122 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
123 #else
124 0,
125 #endif
126 2048,
127 };
128
129 /*
130 * NSA Suite B Profile
131 */
132 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
133 {
134 /* Only SHA-256 and 384 */
135 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
136 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
137 /* Only ECDSA */
138 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
139 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
140 #if defined(MBEDTLS_ECP_C)
141 /* Only NIST P-256 and P-384 */
142 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
143 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
144 #else
145 0,
146 #endif
147 0,
148 };
149
150 /*
151 * Check md_alg against profile
152 * Return 0 if md_alg acceptable for this profile, -1 otherwise
153 */
154 static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
155 mbedtls_md_type_t md_alg )
156 {
157 if( md_alg == MBEDTLS_MD_NONE )
158 return( -1 );
159
160 if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
161 return( 0 );
162
163 return( -1 );
164 }
165
166 /*
167 * Check pk_alg against profile
168 * Return 0 if pk_alg acceptable for this profile, -1 otherwise
169 */
170 static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
171 mbedtls_pk_type_t pk_alg )
172 {
173 if( pk_alg == MBEDTLS_PK_NONE )
174 return( -1 );
175
176 if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
177 return( 0 );
178
179 return( -1 );
180 }
181
182 /*
183 * Check key against profile
184 * Return 0 if pk_alg acceptable for this profile, -1 otherwise
185 */
186 static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
187 mbedtls_pk_type_t pk_alg,
188 const mbedtls_pk_context *pk )
189 {
190 #if defined(MBEDTLS_RSA_C)
191 if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
192 {
193 if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
194 return( 0 );
195
196 return( -1 );
197 }
198 #endif
199
200 #if defined(MBEDTLS_ECP_C)
201 if( pk_alg == MBEDTLS_PK_ECDSA ||
202 pk_alg == MBEDTLS_PK_ECKEY ||
203 pk_alg == MBEDTLS_PK_ECKEY_DH )
204 {
205 mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
206
207 if( gid == MBEDTLS_ECP_DP_NONE )
208 return( -1 );
209
210 if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
211 return( 0 );
212
213 return( -1 );
214 }
215 #endif
216
217 return( -1 );
218 }
219
220 /*
221 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
222 */
223 static int x509_get_version( unsigned char **p,
224 const unsigned char *end,
225 int *ver )
226 {
227 int ret;
228 size_t len;
229
230 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
231 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 )
232 {
233 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
234 {
235 *ver = 0;
236 return( 0 );
237 }
238
239 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
240 }
241
242 end = *p + len;
243
244 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
245 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
246
247 if( *p != end )
248 return( MBEDTLS_ERR_X509_INVALID_VERSION +
249 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
250
251 return( 0 );
252 }
253
254 /*
255 * Validity ::= SEQUENCE {
256 * notBefore Time,
257 * notAfter Time }
258 */
259 static int x509_get_dates( unsigned char **p,
260 const unsigned char *end,
261 mbedtls_x509_time *from,
262 mbedtls_x509_time *to )
263 {
264 int ret;
265 size_t len;
266
267 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
268 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
269 return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
270
271 end = *p + len;
272
273 if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
274 return( ret );
275
276 if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
277 return( ret );
278
279 if( *p != end )
280 return( MBEDTLS_ERR_X509_INVALID_DATE +
281 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
282
283 return( 0 );
284 }
285
286 /*
287 * X.509 v2/v3 unique identifier (not parsed)
288 */
289 static int x509_get_uid( unsigned char **p,
290 const unsigned char *end,
291 mbedtls_x509_buf *uid, int n )
292 {
293 int ret;
294
295 if( *p == end )
296 return( 0 );
297
298 uid->tag = **p;
299
300 if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
301 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
302 {
303 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
304 return( 0 );
305
306 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
307 }
308
309 uid->p = *p;
310 *p += uid->len;
311
312 return( 0 );
313 }
314
315 static int x509_get_basic_constraints( unsigned char **p,
316 const unsigned char *end,
317 int *ca_istrue,
318 int *max_pathlen )
319 {
320 int ret;
321 size_t len;
322
323 /*
324 * BasicConstraints ::= SEQUENCE {
325 * cA BOOLEAN DEFAULT FALSE,
326 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
327 */
328 *ca_istrue = 0; /* DEFAULT FALSE */
329 *max_pathlen = 0; /* endless */
330
331 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
332 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
333 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
334
335 if( *p == end )
336 return( 0 );
337
338 if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
339 {
340 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
341 ret = mbedtls_asn1_get_int( p, end, ca_istrue );
342
343 if( ret != 0 )
344 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
345
346 if( *ca_istrue != 0 )
347 *ca_istrue = 1;
348 }
349
350 if( *p == end )
351 return( 0 );
352
353 if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
354 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
355
356 if( *p != end )
357 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
358 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
359
360 (*max_pathlen)++;
361
362 return( 0 );
363 }
364
365 static int x509_get_ns_cert_type( unsigned char **p,
366 const unsigned char *end,
367 unsigned char *ns_cert_type)
368 {
369 int ret;
370 mbedtls_x509_bitstring bs = { 0, 0, NULL };
371
372 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
373 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
374
375 if( bs.len != 1 )
376 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
377 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
378
379 /* Get actual bitstring */
380 *ns_cert_type = *bs.p;
381 return( 0 );
382 }
383
384 static int x509_get_key_usage( unsigned char **p,
385 const unsigned char *end,
386 unsigned int *key_usage)
387 {
388 int ret;
389 size_t i;
390 mbedtls_x509_bitstring bs = { 0, 0, NULL };
391
392 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
393 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
394
395 if( bs.len < 1 )
396 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
397 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
398
399 /* Get actual bitstring */
400 *key_usage = 0;
401 for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
402 {
403 *key_usage |= (unsigned int) bs.p[i] << (8*i);
404 }
405
406 return( 0 );
407 }
408
409 /*
410 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
411 *
412 * KeyPurposeId ::= OBJECT IDENTIFIER
413 */
414 static int x509_get_ext_key_usage( unsigned char **p,
415 const unsigned char *end,
416 mbedtls_x509_sequence *ext_key_usage)
417 {
418 int ret;
419
420 if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
421 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
422
423 /* Sequence length must be >= 1 */
424 if( ext_key_usage->buf.p == NULL )
425 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
426 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
427
428 return( 0 );
429 }
430
431 /*
432 * SubjectAltName ::= GeneralNames
433 *
434 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
435 *
436 * GeneralName ::= CHOICE {
437 * otherName [0] OtherName,
438 * rfc822Name [1] IA5String,
439 * dNSName [2] IA5String,
440 * x400Address [3] ORAddress,
441 * directoryName [4] Name,
442 * ediPartyName [5] EDIPartyName,
443 * uniformResourceIdentifier [6] IA5String,
444 * iPAddress [7] OCTET STRING,
445 * registeredID [8] OBJECT IDENTIFIER }
446 *
447 * OtherName ::= SEQUENCE {
448 * type-id OBJECT IDENTIFIER,
449 * value [0] EXPLICIT ANY DEFINED BY type-id }
450 *
451 * EDIPartyName ::= SEQUENCE {
452 * nameAssigner [0] DirectoryString OPTIONAL,
453 * partyName [1] DirectoryString }
454 *
455 * NOTE: we only parse and use dNSName at this point.
456 */
457 static int x509_get_subject_alt_name( unsigned char **p,
458 const unsigned char *end,
459 mbedtls_x509_sequence *subject_alt_name )
460 {
461 int ret;
462 size_t len, tag_len;
463 mbedtls_asn1_buf *buf;
464 unsigned char tag;
465 mbedtls_asn1_sequence *cur = subject_alt_name;
466
467 /* Get main sequence tag */
468 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
469 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
470 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
471
472 if( *p + len != end )
473 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
474 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
475
476 while( *p < end )
477 {
478 if( ( end - *p ) < 1 )
479 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
480 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
481
482 tag = **p;
483 (*p)++;
484 if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
485 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
486
487 if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
488 MBEDTLS_ASN1_CONTEXT_SPECIFIC )
489 {
490 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
491 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
492 }
493
494 /* Skip everything but DNS name */
495 if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
496 {
497 *p += tag_len;
498 continue;
499 }
500
501 /* Allocate and assign next pointer */
502 if( cur->buf.p != NULL )
503 {
504 if( cur->next != NULL )
505 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
506
507 cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
508
509 if( cur->next == NULL )
510 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
511 MBEDTLS_ERR_ASN1_ALLOC_FAILED );
512
513 cur = cur->next;
514 }
515
516 buf = &(cur->buf);
517 buf->tag = tag;
518 buf->p = *p;
519 buf->len = tag_len;
520 *p += buf->len;
521 }
522
523 /* Set final sequence entry's next pointer to NULL */
524 cur->next = NULL;
525
526 if( *p != end )
527 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
528 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
529
530 return( 0 );
531 }
532
533 /*
534 * X.509 v3 extensions
535 *
536 */
537 static int x509_get_crt_ext( unsigned char **p,
538 const unsigned char *end,
539 mbedtls_x509_crt *crt )
540 {
541 int ret;
542 size_t len;
543 unsigned char *end_ext_data, *end_ext_octet;
544
545 if( *p == end )
546 return( 0 );
547
548 if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
549 return( ret );
550
551 end = crt->v3_ext.p + crt->v3_ext.len;
552 while( *p < end )
553 {
554 /*
555 * Extension ::= SEQUENCE {
556 * extnID OBJECT IDENTIFIER,
557 * critical BOOLEAN DEFAULT FALSE,
558 * extnValue OCTET STRING }
559 */
560 mbedtls_x509_buf extn_oid = {0, 0, NULL};
561 int is_critical = 0; /* DEFAULT FALSE */
562 int ext_type = 0;
563
564 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
565 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
566 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
567
568 end_ext_data = *p + len;
569
570 /* Get extension ID */
571 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
572 MBEDTLS_ASN1_OID ) ) != 0 )
573 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
574
575 extn_oid.tag = MBEDTLS_ASN1_OID;
576 extn_oid.p = *p;
577 *p += extn_oid.len;
578
579 /* Get optional critical */
580 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
581 ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
582 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
583
584 /* Data should be octet string type */
585 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
586 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
587 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
588
589 end_ext_octet = *p + len;
590
591 if( end_ext_octet != end_ext_data )
592 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
593 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
594
595 /*
596 * Detect supported extensions
597 */
598 ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
599
600 if( ret != 0 )
601 {
602 /* No parser found, skip extension */
603 *p = end_ext_octet;
604
605 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
606 if( is_critical )
607 {
608 /* Data is marked as critical: fail */
609 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
610 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
611 }
612 #endif
613 continue;
614 }
615
616 /* Forbid repeated extensions */
617 if( ( crt->ext_types & ext_type ) != 0 )
618 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
619
620 crt->ext_types |= ext_type;
621
622 switch( ext_type )
623 {
624 case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
625 /* Parse basic constraints */
626 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
627 &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
628 return( ret );
629 break;
630
631 case MBEDTLS_X509_EXT_KEY_USAGE:
632 /* Parse key usage */
633 if( ( ret = x509_get_key_usage( p, end_ext_octet,
634 &crt->key_usage ) ) != 0 )
635 return( ret );
636 break;
637
638 case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
639 /* Parse extended key usage */
640 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
641 &crt->ext_key_usage ) ) != 0 )
642 return( ret );
643 break;
644
645 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
646 /* Parse subject alt name */
647 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
648 &crt->subject_alt_names ) ) != 0 )
649 return( ret );
650 break;
651
652 case MBEDTLS_X509_EXT_NS_CERT_TYPE:
653 /* Parse netscape certificate type */
654 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
655 &crt->ns_cert_type ) ) != 0 )
656 return( ret );
657 break;
658
659 default:
660 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
661 }
662 }
663
664 if( *p != end )
665 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
666 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
667
668 return( 0 );
669 }
670
671 /*
672 * Parse and fill a single X.509 certificate in DER format
673 */
674 static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
675 size_t buflen )
676 {
677 int ret;
678 size_t len;
679 unsigned char *p, *end, *crt_end;
680 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
681
682 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
683 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
684 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
685
686 /*
687 * Check for valid input
688 */
689 if( crt == NULL || buf == NULL )
690 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
691
692 // Use the original buffer until we figure out actual length
693 p = (unsigned char*) buf;
694 len = buflen;
695 end = p + len;
696
697 /*
698 * Certificate ::= SEQUENCE {
699 * tbsCertificate TBSCertificate,
700 * signatureAlgorithm AlgorithmIdentifier,
701 * signatureValue BIT STRING }
702 */
703 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
704 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
705 {
706 mbedtls_x509_crt_free( crt );
707 return( MBEDTLS_ERR_X509_INVALID_FORMAT );
708 }
709
710 if( len > (size_t) ( end - p ) )
711 {
712 mbedtls_x509_crt_free( crt );
713 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
714 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
715 }
716 crt_end = p + len;
717
718 // Create and populate a new buffer for the raw field
719 crt->raw.len = crt_end - buf;
720 crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
721 if( p == NULL )
722 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
723
724 memcpy( p, buf, crt->raw.len );
725
726 // Direct pointers to the new buffer
727 p += crt->raw.len - len;
728 end = crt_end = p + len;
729
730 /*
731 * TBSCertificate ::= SEQUENCE {
732 */
733 crt->tbs.p = p;
734
735 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
736 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
737 {
738 mbedtls_x509_crt_free( crt );
739 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
740 }
741
742 end = p + len;
743 crt->tbs.len = end - crt->tbs.p;
744
745 /*
746 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
747 *
748 * CertificateSerialNumber ::= INTEGER
749 *
750 * signature AlgorithmIdentifier
751 */
752 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
753 ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
754 ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid,
755 &sig_params1 ) ) != 0 )
756 {
757 mbedtls_x509_crt_free( crt );
758 return( ret );
759 }
760
761 if( crt->version < 0 || crt->version > 2 )
762 {
763 mbedtls_x509_crt_free( crt );
764 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
765 }
766
767 crt->version++;
768
769 if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
770 &crt->sig_md, &crt->sig_pk,
771 &crt->sig_opts ) ) != 0 )
772 {
773 mbedtls_x509_crt_free( crt );
774 return( ret );
775 }
776
777 /*
778 * issuer Name
779 */
780 crt->issuer_raw.p = p;
781
782 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
783 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
784 {
785 mbedtls_x509_crt_free( crt );
786 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
787 }
788
789 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
790 {
791 mbedtls_x509_crt_free( crt );
792 return( ret );
793 }
794
795 crt->issuer_raw.len = p - crt->issuer_raw.p;
796
797 /*
798 * Validity ::= SEQUENCE {
799 * notBefore Time,
800 * notAfter Time }
801 *
802 */
803 if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
804 &crt->valid_to ) ) != 0 )
805 {
806 mbedtls_x509_crt_free( crt );
807 return( ret );
808 }
809
810 /*
811 * subject Name
812 */
813 crt->subject_raw.p = p;
814
815 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
816 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
817 {
818 mbedtls_x509_crt_free( crt );
819 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
820 }
821
822 if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
823 {
824 mbedtls_x509_crt_free( crt );
825 return( ret );
826 }
827
828 crt->subject_raw.len = p - crt->subject_raw.p;
829
830 /*
831 * SubjectPublicKeyInfo
832 */
833 if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
834 {
835 mbedtls_x509_crt_free( crt );
836 return( ret );
837 }
838
839 /*
840 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
841 * -- If present, version shall be v2 or v3
842 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
843 * -- If present, version shall be v2 or v3
844 * extensions [3] EXPLICIT Extensions OPTIONAL
845 * -- If present, version shall be v3
846 */
847 if( crt->version == 2 || crt->version == 3 )
848 {
849 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
850 if( ret != 0 )
851 {
852 mbedtls_x509_crt_free( crt );
853 return( ret );
854 }
855 }
856
857 if( crt->version == 2 || crt->version == 3 )
858 {
859 ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
860 if( ret != 0 )
861 {
862 mbedtls_x509_crt_free( crt );
863 return( ret );
864 }
865 }
866
867 #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
868 if( crt->version == 3 )
869 #endif
870 {
871 ret = x509_get_crt_ext( &p, end, crt );
872 if( ret != 0 )
873 {
874 mbedtls_x509_crt_free( crt );
875 return( ret );
876 }
877 }
878
879 if( p != end )
880 {
881 mbedtls_x509_crt_free( crt );
882 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
883 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
884 }
885
886 end = crt_end;
887
888 /*
889 * }
890 * -- end of TBSCertificate
891 *
892 * signatureAlgorithm AlgorithmIdentifier,
893 * signatureValue BIT STRING
894 */
895 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
896 {
897 mbedtls_x509_crt_free( crt );
898 return( ret );
899 }
900
901 if( crt->sig_oid.len != sig_oid2.len ||
902 memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
903 sig_params1.len != sig_params2.len ||
904 ( sig_params1.len != 0 &&
905 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
906 {
907 mbedtls_x509_crt_free( crt );
908 return( MBEDTLS_ERR_X509_SIG_MISMATCH );
909 }
910
911 if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
912 {
913 mbedtls_x509_crt_free( crt );
914 return( ret );
915 }
916
917 if( p != end )
918 {
919 mbedtls_x509_crt_free( crt );
920 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
921 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
922 }
923
924 return( 0 );
925 }
926
927 /*
928 * Parse one X.509 certificate in DER format from a buffer and add them to a
929 * chained list
930 */
931 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
932 size_t buflen )
933 {
934 int ret;
935 mbedtls_x509_crt *crt = chain, *prev = NULL;
936
937 /*
938 * Check for valid input
939 */
940 if( crt == NULL || buf == NULL )
941 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
942
943 while( crt->version != 0 && crt->next != NULL )
944 {
945 prev = crt;
946 crt = crt->next;
947 }
948
949 /*
950 * Add new certificate on the end of the chain if needed.
951 */
952 if( crt->version != 0 && crt->next == NULL )
953 {
954 crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
955
956 if( crt->next == NULL )
957 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
958
959 prev = crt;
960 mbedtls_x509_crt_init( crt->next );
961 crt = crt->next;
962 }
963
964 if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
965 {
966 if( prev )
967 prev->next = NULL;
968
969 if( crt != chain )
970 mbedtls_free( crt );
971
972 return( ret );
973 }
974
975 return( 0 );
976 }
977
978 /*
979 * Parse one or more PEM certificates from a buffer and add them to the chained
980 * list
981 */
982 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
983 {
984 #if defined(MBEDTLS_PEM_PARSE_C)
985 int success = 0, first_error = 0, total_failed = 0;
986 int buf_format = MBEDTLS_X509_FORMAT_DER;
987 #endif
988
989 /*
990 * Check for valid input
991 */
992 if( chain == NULL || buf == NULL )
993 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
994
995 /*
996 * Determine buffer content. Buffer contains either one DER certificate or
997 * one or more PEM certificates.
998 */
999 #if defined(MBEDTLS_PEM_PARSE_C)
1000 if( buflen != 0 && buf[buflen - 1] == '\0' &&
1001 strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1002 {
1003 buf_format = MBEDTLS_X509_FORMAT_PEM;
1004 }
1005
1006 if( buf_format == MBEDTLS_X509_FORMAT_DER )
1007 return mbedtls_x509_crt_parse_der( chain, buf, buflen );
1008 #else
1009 return mbedtls_x509_crt_parse_der( chain, buf, buflen );
1010 #endif
1011
1012 #if defined(MBEDTLS_PEM_PARSE_C)
1013 if( buf_format == MBEDTLS_X509_FORMAT_PEM )
1014 {
1015 int ret;
1016 mbedtls_pem_context pem;
1017
1018 /* 1 rather than 0 since the terminating NULL byte is counted in */
1019 while( buflen > 1 )
1020 {
1021 size_t use_len;
1022 mbedtls_pem_init( &pem );
1023
1024 /* If we get there, we know the string is null-terminated */
1025 ret = mbedtls_pem_read_buffer( &pem,
1026 "-----BEGIN CERTIFICATE-----",
1027 "-----END CERTIFICATE-----",
1028 buf, NULL, 0, &use_len );
1029
1030 if( ret == 0 )
1031 {
1032 /*
1033 * Was PEM encoded
1034 */
1035 buflen -= use_len;
1036 buf += use_len;
1037 }
1038 else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
1039 {
1040 return( ret );
1041 }
1042 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1043 {
1044 mbedtls_pem_free( &pem );
1045
1046 /*
1047 * PEM header and footer were found
1048 */
1049 buflen -= use_len;
1050 buf += use_len;
1051
1052 if( first_error == 0 )
1053 first_error = ret;
1054
1055 total_failed++;
1056 continue;
1057 }
1058 else
1059 break;
1060
1061 ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
1062
1063 mbedtls_pem_free( &pem );
1064
1065 if( ret != 0 )
1066 {
1067 /*
1068 * Quit parsing on a memory error
1069 */
1070 if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
1071 return( ret );
1072
1073 if( first_error == 0 )
1074 first_error = ret;
1075
1076 total_failed++;
1077 continue;
1078 }
1079
1080 success = 1;
1081 }
1082 }
1083
1084 if( success )
1085 return( total_failed );
1086 else if( first_error )
1087 return( first_error );
1088 else
1089 return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
1090 #endif /* MBEDTLS_PEM_PARSE_C */
1091 }
1092
1093 #if defined(MBEDTLS_FS_IO)
1094 /*
1095 * Load one or more certificates and add them to the chained list
1096 */
1097 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
1098 {
1099 int ret;
1100 size_t n;
1101 unsigned char *buf;
1102
1103 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
1104 return( ret );
1105
1106 ret = mbedtls_x509_crt_parse( chain, buf, n );
1107
1108 mbedtls_zeroize( buf, n );
1109 mbedtls_free( buf );
1110
1111 return( ret );
1112 }
1113
1114 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
1115 {
1116 int ret = 0;
1117 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1118 int w_ret;
1119 WCHAR szDir[MAX_PATH];
1120 char filename[MAX_PATH];
1121 char *p;
1122 size_t len = strlen( path );
1123
1124 WIN32_FIND_DATAW file_data;
1125 HANDLE hFind;
1126
1127 if( len > MAX_PATH - 3 )
1128 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1129
1130 memset( szDir, 0, sizeof(szDir) );
1131 memset( filename, 0, MAX_PATH );
1132 memcpy( filename, path, len );
1133 filename[len++] = '\\';
1134 p = filename + len;
1135 filename[len++] = '*';
1136
1137 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
1138 MAX_PATH - 3 );
1139 if( w_ret == 0 )
1140 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1141
1142 hFind = FindFirstFileW( szDir, &file_data );
1143 if( hFind == INVALID_HANDLE_VALUE )
1144 return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
1145
1146 len = MAX_PATH - len;
1147 do
1148 {
1149 memset( p, 0, len );
1150
1151 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1152 continue;
1153
1154 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1155 lstrlenW( file_data.cFileName ),
1156 p, (int) len - 1,
1157 NULL, NULL );
1158 if( w_ret == 0 )
1159 {
1160 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1161 goto cleanup;
1162 }
1163
1164 w_ret = mbedtls_x509_crt_parse_file( chain, filename );
1165 if( w_ret < 0 )
1166 ret++;
1167 else
1168 ret += w_ret;
1169 }
1170 while( FindNextFileW( hFind, &file_data ) != 0 );
1171
1172 if( GetLastError() != ERROR_NO_MORE_FILES )
1173 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1174
1175 cleanup:
1176 FindClose( hFind );
1177 #else /* _WIN32 */
1178 int t_ret;
1179 int snp_ret;
1180 struct stat sb;
1181 struct dirent *entry;
1182 char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
1183 DIR *dir = opendir( path );
1184
1185 if( dir == NULL )
1186 return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
1187
1188 #if defined(MBEDTLS_THREADING_C)
1189 if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
1190 {
1191 closedir( dir );
1192 return( ret );
1193 }
1194 #endif /* MBEDTLS_THREADING_C */
1195
1196 while( ( entry = readdir( dir ) ) != NULL )
1197 {
1198 snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
1199 "%s/%s", path, entry->d_name );
1200
1201 if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
1202 {
1203 ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
1204 goto cleanup;
1205 }
1206 else if( stat( entry_name, &sb ) == -1 )
1207 {
1208 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1209 goto cleanup;
1210 }
1211
1212 if( !S_ISREG( sb.st_mode ) )
1213 continue;
1214
1215 // Ignore parse errors
1216 //
1217 t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
1218 if( t_ret < 0 )
1219 ret++;
1220 else
1221 ret += t_ret;
1222 }
1223
1224 cleanup:
1225 closedir( dir );
1226
1227 #if defined(MBEDTLS_THREADING_C)
1228 if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
1229 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
1230 #endif /* MBEDTLS_THREADING_C */
1231
1232 #endif /* _WIN32 */
1233
1234 return( ret );
1235 }
1236 #endif /* MBEDTLS_FS_IO */
1237
1238 static int x509_info_subject_alt_name( char **buf, size_t *size,
1239 const mbedtls_x509_sequence *subject_alt_name )
1240 {
1241 size_t i;
1242 size_t n = *size;
1243 char *p = *buf;
1244 const mbedtls_x509_sequence *cur = subject_alt_name;
1245 const char *sep = "";
1246 size_t sep_len = 0;
1247
1248 while( cur != NULL )
1249 {
1250 if( cur->buf.len + sep_len >= n )
1251 {
1252 *p = '\0';
1253 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
1254 }
1255
1256 n -= cur->buf.len + sep_len;
1257 for( i = 0; i < sep_len; i++ )
1258 *p++ = sep[i];
1259 for( i = 0; i < cur->buf.len; i++ )
1260 *p++ = cur->buf.p[i];
1261
1262 sep = ", ";
1263 sep_len = 2;
1264
1265 cur = cur->next;
1266 }
1267
1268 *p = '\0';
1269
1270 *size = n;
1271 *buf = p;
1272
1273 return( 0 );
1274 }
1275
1276 #define PRINT_ITEM(i) \
1277 { \
1278 ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
1279 MBEDTLS_X509_SAFE_SNPRINTF; \
1280 sep = ", "; \
1281 }
1282
1283 #define CERT_TYPE(type,name) \
1284 if( ns_cert_type & type ) \
1285 PRINT_ITEM( name );
1286
1287 static int x509_info_cert_type( char **buf, size_t *size,
1288 unsigned char ns_cert_type )
1289 {
1290 int ret;
1291 size_t n = *size;
1292 char *p = *buf;
1293 const char *sep = "";
1294
1295 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
1296 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
1297 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
1298 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
1299 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
1300 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
1301 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
1302 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
1303
1304 *size = n;
1305 *buf = p;
1306
1307 return( 0 );
1308 }
1309
1310 #define KEY_USAGE(code,name) \
1311 if( key_usage & code ) \
1312 PRINT_ITEM( name );
1313
1314 static int x509_info_key_usage( char **buf, size_t *size,
1315 unsigned int key_usage )
1316 {
1317 int ret;
1318 size_t n = *size;
1319 char *p = *buf;
1320 const char *sep = "";
1321
1322 KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
1323 KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
1324 KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
1325 KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
1326 KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
1327 KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
1328 KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
1329 KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" );
1330 KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" );
1331
1332 *size = n;
1333 *buf = p;
1334
1335 return( 0 );
1336 }
1337
1338 static int x509_info_ext_key_usage( char **buf, size_t *size,
1339 const mbedtls_x509_sequence *extended_key_usage )
1340 {
1341 int ret;
1342 const char *desc;
1343 size_t n = *size;
1344 char *p = *buf;
1345 const mbedtls_x509_sequence *cur = extended_key_usage;
1346 const char *sep = "";
1347
1348 while( cur != NULL )
1349 {
1350 if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
1351 desc = "???";
1352
1353 ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
1354 MBEDTLS_X509_SAFE_SNPRINTF;
1355
1356 sep = ", ";
1357
1358 cur = cur->next;
1359 }
1360
1361 *size = n;
1362 *buf = p;
1363
1364 return( 0 );
1365 }
1366
1367 /*
1368 * Like memcmp, but case-insensitive and always returns -1 if different
1369 */
1370 static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
1371 {
1372 size_t i;
1373 unsigned char diff;
1374 const unsigned char *n1 = s1, *n2 = s2;
1375
1376 for( i = 0; i < len; i++ )
1377 {
1378 diff = n1[i] ^ n2[i];
1379
1380 if( diff == 0 )
1381 continue;
1382
1383 if( diff == 32 &&
1384 ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
1385 ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
1386 {
1387 continue;
1388 }
1389
1390 return( -1 );
1391 }
1392
1393 return( 0 );
1394 }
1395
1396 /*
1397 * Return 0 if name matches wildcard, -1 otherwise
1398 */
1399 static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name )
1400 {
1401 size_t i;
1402 size_t cn_idx = 0, cn_len = strlen( cn );
1403
1404 if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
1405 return( 0 );
1406
1407 for( i = 0; i < cn_len; ++i )
1408 {
1409 if( cn[i] == '.' )
1410 {
1411 cn_idx = i;
1412 break;
1413 }
1414 }
1415
1416 if( cn_idx == 0 )
1417 return( -1 );
1418
1419 if( cn_len - cn_idx == name->len - 1 &&
1420 x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
1421 {
1422 return( 0 );
1423 }
1424
1425 return( -1 );
1426 }
1427
1428 /*
1429 * Compare two X.509 strings, case-insensitive, and allowing for some encoding
1430 * variations (but not all).
1431 *
1432 * Return 0 if equal, -1 otherwise.
1433 */
1434 static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
1435 {
1436 if( a->tag == b->tag &&
1437 a->len == b->len &&
1438 memcmp( a->p, b->p, b->len ) == 0 )
1439 {
1440 return( 0 );
1441 }
1442
1443 if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
1444 ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
1445 a->len == b->len &&
1446 x509_memcasecmp( a->p, b->p, b->len ) == 0 )
1447 {
1448 return( 0 );
1449 }
1450
1451 return( -1 );
1452 }
1453
1454 /*
1455 * Compare two X.509 Names (aka rdnSequence).
1456 *
1457 * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
1458 * we sometimes return unequal when the full algorithm would return equal,
1459 * but never the other way. (In particular, we don't do Unicode normalisation
1460 * or space folding.)
1461 *
1462 * Return 0 if equal, -1 otherwise.
1463 */
1464 static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
1465 {
1466 /* Avoid recursion, it might not be optimised by the compiler */
1467 while( a != NULL || b != NULL )
1468 {
1469 if( a == NULL || b == NULL )
1470 return( -1 );
1471
1472 /* type */
1473 if( a->oid.tag != b->oid.tag ||
1474 a->oid.len != b->oid.len ||
1475 memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
1476 {
1477 return( -1 );
1478 }
1479
1480 /* value */
1481 if( x509_string_cmp( &a->val, &b->val ) != 0 )
1482 return( -1 );
1483
1484 /* structure of the list of sets */
1485 if( a->next_merged != b->next_merged )
1486 return( -1 );
1487
1488 a = a->next;
1489 b = b->next;
1490 }
1491
1492 /* a == NULL == b */
1493 return( 0 );
1494 }
1495
1496 /*
1497 * Return an informational string about the certificate.
1498 */
1499 #define BEFORE_COLON 18
1500 #define BC "18"
1501 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
1502 const mbedtls_x509_crt *crt )
1503 {
1504 int ret;
1505 size_t n;
1506 char *p;
1507 char key_size_str[BEFORE_COLON];
1508
1509 p = buf;
1510 n = size;
1511
1512 if( NULL == crt )
1513 {
1514 ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
1515 MBEDTLS_X509_SAFE_SNPRINTF;
1516
1517 return( (int) ( size - n ) );
1518 }
1519
1520 ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
1521 prefix, crt->version );
1522 MBEDTLS_X509_SAFE_SNPRINTF;
1523 ret = mbedtls_snprintf( p, n, "%sserial number : ",
1524 prefix );
1525 MBEDTLS_X509_SAFE_SNPRINTF;
1526
1527 ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
1528 MBEDTLS_X509_SAFE_SNPRINTF;
1529
1530 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
1531 MBEDTLS_X509_SAFE_SNPRINTF;
1532 ret = mbedtls_x509_dn_gets( p, n, &crt->issuer );
1533 MBEDTLS_X509_SAFE_SNPRINTF;
1534
1535 ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
1536 MBEDTLS_X509_SAFE_SNPRINTF;
1537 ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
1538 MBEDTLS_X509_SAFE_SNPRINTF;
1539
1540 ret = mbedtls_snprintf( p, n, "\n%sissued on : " \
1541 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1542 crt->valid_from.year, crt->valid_from.mon,
1543 crt->valid_from.day, crt->valid_from.hour,
1544 crt->valid_from.min, crt->valid_from.sec );
1545 MBEDTLS_X509_SAFE_SNPRINTF;
1546
1547 ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \
1548 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1549 crt->valid_to.year, crt->valid_to.mon,
1550 crt->valid_to.day, crt->valid_to.hour,
1551 crt->valid_to.min, crt->valid_to.sec );
1552 MBEDTLS_X509_SAFE_SNPRINTF;
1553
1554 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
1555 MBEDTLS_X509_SAFE_SNPRINTF;
1556
1557 ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
1558 crt->sig_md, crt->sig_opts );
1559 MBEDTLS_X509_SAFE_SNPRINTF;
1560
1561 /* Key size */
1562 if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
1563 mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
1564 {
1565 return( ret );
1566 }
1567
1568 ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
1569 (int) mbedtls_pk_get_bitlen( &crt->pk ) );
1570 MBEDTLS_X509_SAFE_SNPRINTF;
1571
1572 /*
1573 * Optional extensions
1574 */
1575
1576 if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
1577 {
1578 ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
1579 crt->ca_istrue ? "true" : "false" );
1580 MBEDTLS_X509_SAFE_SNPRINTF;
1581
1582 if( crt->max_pathlen > 0 )
1583 {
1584 ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
1585 MBEDTLS_X509_SAFE_SNPRINTF;
1586 }
1587 }
1588
1589 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
1590 {
1591 ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
1592 MBEDTLS_X509_SAFE_SNPRINTF;
1593
1594 if( ( ret = x509_info_subject_alt_name( &p, &n,
1595 &crt->subject_alt_names ) ) != 0 )
1596 return( ret );
1597 }
1598
1599 if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
1600 {
1601 ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix );
1602 MBEDTLS_X509_SAFE_SNPRINTF;
1603
1604 if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
1605 return( ret );
1606 }
1607
1608 if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
1609 {
1610 ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix );
1611 MBEDTLS_X509_SAFE_SNPRINTF;
1612
1613 if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
1614 return( ret );
1615 }
1616
1617 if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
1618 {
1619 ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix );
1620 MBEDTLS_X509_SAFE_SNPRINTF;
1621
1622 if( ( ret = x509_info_ext_key_usage( &p, &n,
1623 &crt->ext_key_usage ) ) != 0 )
1624 return( ret );
1625 }
1626
1627 ret = mbedtls_snprintf( p, n, "\n" );
1628 MBEDTLS_X509_SAFE_SNPRINTF;
1629
1630 return( (int) ( size - n ) );
1631 }
1632
1633 struct x509_crt_verify_string {
1634 int code;
1635 const char *string;
1636 };
1637
1638 static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
1639 { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
1640 { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
1641 { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
1642 { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
1643 { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
1644 { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
1645 { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
1646 { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
1647 { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
1648 { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
1649 { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
1650 { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
1651 { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
1652 { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
1653 { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." },
1654 { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1655 { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
1656 { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." },
1657 { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1658 { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
1659 { 0, NULL }
1660 };
1661
1662 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
1663 uint32_t flags )
1664 {
1665 int ret;
1666 const struct x509_crt_verify_string *cur;
1667 char *p = buf;
1668 size_t n = size;
1669
1670 for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
1671 {
1672 if( ( flags & cur->code ) == 0 )
1673 continue;
1674
1675 ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
1676 MBEDTLS_X509_SAFE_SNPRINTF;
1677 flags ^= cur->code;
1678 }
1679
1680 if( flags != 0 )
1681 {
1682 ret = mbedtls_snprintf( p, n, "%sUnknown reason "
1683 "(this should not happen)\n", prefix );
1684 MBEDTLS_X509_SAFE_SNPRINTF;
1685 }
1686
1687 return( (int) ( size - n ) );
1688 }
1689
1690 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1691 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
1692 unsigned int usage )
1693 {
1694 unsigned int usage_must, usage_may;
1695 unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
1696 | MBEDTLS_X509_KU_DECIPHER_ONLY;
1697
1698 if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
1699 return( 0 );
1700
1701 usage_must = usage & ~may_mask;
1702
1703 if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
1704 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1705
1706 usage_may = usage & may_mask;
1707
1708 if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
1709 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1710
1711 return( 0 );
1712 }
1713 #endif
1714
1715 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
1716 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
1717 const char *usage_oid,
1718 size_t usage_len )
1719 {
1720 const mbedtls_x509_sequence *cur;
1721
1722 /* Extension is not mandatory, absent means no restriction */
1723 if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
1724 return( 0 );
1725
1726 /*
1727 * Look for the requested usage (or wildcard ANY) in our list
1728 */
1729 for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
1730 {
1731 const mbedtls_x509_buf *cur_oid = &cur->buf;
1732
1733 if( cur_oid->len == usage_len &&
1734 memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
1735 {
1736 return( 0 );
1737 }
1738
1739 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
1740 return( 0 );
1741 }
1742
1743 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1744 }
1745 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
1746
1747 #if defined(MBEDTLS_X509_CRL_PARSE_C)
1748 /*
1749 * Return 1 if the certificate is revoked, or 0 otherwise.
1750 */
1751 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl )
1752 {
1753 const mbedtls_x509_crl_entry *cur = &crl->entry;
1754
1755 while( cur != NULL && cur->serial.len != 0 )
1756 {
1757 if( crt->serial.len == cur->serial.len &&
1758 memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
1759 {
1760 if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
1761 return( 1 );
1762 }
1763
1764 cur = cur->next;
1765 }
1766
1767 return( 0 );
1768 }
1769
1770 /*
1771 * Check that the given certificate is not revoked according to the CRL.
1772 * Skip validation if no CRL for the given CA is present.
1773 */
1774 static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
1775 mbedtls_x509_crl *crl_list,
1776 const mbedtls_x509_crt_profile *profile )
1777 {
1778 int flags = 0;
1779 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
1780 const mbedtls_md_info_t *md_info;
1781
1782 if( ca == NULL )
1783 return( flags );
1784
1785 while( crl_list != NULL )
1786 {
1787 if( crl_list->version == 0 ||
1788 x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 )
1789 {
1790 crl_list = crl_list->next;
1791 continue;
1792 }
1793
1794 /*
1795 * Check if the CA is configured to sign CRLs
1796 */
1797 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1798 if( mbedtls_x509_crt_check_key_usage( ca,
1799 MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
1800 {
1801 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1802 break;
1803 }
1804 #endif
1805
1806 /*
1807 * Check if CRL is correctly signed by the trusted CA
1808 */
1809 if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
1810 flags |= MBEDTLS_X509_BADCRL_BAD_MD;
1811
1812 if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
1813 flags |= MBEDTLS_X509_BADCRL_BAD_PK;
1814
1815 md_info = mbedtls_md_info_from_type( crl_list->sig_md );
1816 if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
1817 {
1818 /* Note: this can't happen except after an internal error */
1819 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1820 break;
1821 }
1822
1823 if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 )
1824 flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
1825
1826 if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
1827 crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
1828 crl_list->sig.p, crl_list->sig.len ) != 0 )
1829 {
1830 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1831 break;
1832 }
1833
1834 /*
1835 * Check for validity of CRL (Do not drop out)
1836 */
1837 if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
1838 flags |= MBEDTLS_X509_BADCRL_EXPIRED;
1839
1840 if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
1841 flags |= MBEDTLS_X509_BADCRL_FUTURE;
1842
1843 /*
1844 * Check if certificate is revoked
1845 */
1846 if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
1847 {
1848 flags |= MBEDTLS_X509_BADCERT_REVOKED;
1849 break;
1850 }
1851
1852 crl_list = crl_list->next;
1853 }
1854
1855 return( flags );
1856 }
1857 #endif /* MBEDTLS_X509_CRL_PARSE_C */
1858
1859 /*
1860 * Check if 'parent' is a suitable parent (signing CA) for 'child'.
1861 * Return 0 if yes, -1 if not.
1862 *
1863 * top means parent is a locally-trusted certificate
1864 * bottom means child is the end entity cert
1865 */
1866 static int x509_crt_check_parent( const mbedtls_x509_crt *child,
1867 const mbedtls_x509_crt *parent,
1868 int top, int bottom )
1869 {
1870 int need_ca_bit;
1871
1872 /* Parent must be the issuer */
1873 if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
1874 return( -1 );
1875
1876 /* Parent must have the basicConstraints CA bit set as a general rule */
1877 need_ca_bit = 1;
1878
1879 /* Exception: v1/v2 certificates that are locally trusted. */
1880 if( top && parent->version < 3 )
1881 need_ca_bit = 0;
1882
1883 /* Exception: self-signed end-entity certs that are locally trusted. */
1884 if( top && bottom &&
1885 child->raw.len == parent->raw.len &&
1886 memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 )
1887 {
1888 need_ca_bit = 0;
1889 }
1890
1891 if( need_ca_bit && ! parent->ca_istrue )
1892 return( -1 );
1893
1894 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1895 if( need_ca_bit &&
1896 mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
1897 {
1898 return( -1 );
1899 }
1900 #endif
1901
1902 return( 0 );
1903 }
1904
1905 /*
1906 * Verify a certificate with no parent inside the chain
1907 * (either the parent is a trusted root, or there is no parent)
1908 *
1909 * See comments for mbedtls_x509_crt_verify_with_profile()
1910 * (also for notation used below)
1911 *
1912 * This function is called in two cases:
1913 * - child was found to have a parent in trusted roots, in which case we're
1914 * called with trust_ca pointing directly to that parent (not the full list)
1915 * - this is cases 1, 2 and 3 of the comment on verify_with_profile()
1916 * - case 1 is special as child and trust_ca point to copies of the same
1917 * certificate then
1918 * - child was found to have no parent either in the chain or in trusted CAs
1919 * - this is cases 4 and 5 of the comment on verify_with_profile()
1920 *
1921 * For historical reasons, the function currently does not assume that
1922 * trust_ca points directly to the right root in the first case, and it
1923 * doesn't know in which case it starts, so it always starts by searching for
1924 * a parent in trust_ca.
1925 */
1926 static int x509_crt_verify_top(
1927 mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca,
1928 mbedtls_x509_crl *ca_crl,
1929 const mbedtls_x509_crt_profile *profile,
1930 int path_cnt, int self_cnt, uint32_t *flags,
1931 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
1932 void *p_vrfy )
1933 {
1934 int ret;
1935 uint32_t ca_flags = 0;
1936 int check_path_cnt;
1937 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
1938 const mbedtls_md_info_t *md_info;
1939 mbedtls_x509_crt *future_past_ca = NULL;
1940
1941 if( mbedtls_x509_time_is_past( &child->valid_to ) )
1942 *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
1943
1944 if( mbedtls_x509_time_is_future( &child->valid_from ) )
1945 *flags |= MBEDTLS_X509_BADCERT_FUTURE;
1946
1947 if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
1948 *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
1949
1950 if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
1951 *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
1952
1953 /*
1954 * Child is the top of the chain. Check against the trust_ca list.
1955 */
1956 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
1957
1958 md_info = mbedtls_md_info_from_type( child->sig_md );
1959 if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
1960 {
1961 /* Note: this can't happen except after an internal error */
1962 /* Cannot check signature, no need to try any CA */
1963 trust_ca = NULL;
1964 }
1965
1966 for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next )
1967 {
1968 if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
1969 continue;
1970
1971 check_path_cnt = path_cnt + 1;
1972
1973 /*
1974 * Reduce check_path_cnt to check against if top of the chain is
1975 * the same as the trusted CA
1976 */
1977 if( child->subject_raw.len == trust_ca->subject_raw.len &&
1978 memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
1979 child->subject_raw.len ) == 0 )
1980 {
1981 check_path_cnt--;
1982 }
1983
1984 /* Self signed certificates do not count towards the limit */
1985 if( trust_ca->max_pathlen > 0 &&
1986 trust_ca->max_pathlen < check_path_cnt - self_cnt )
1987 {
1988 continue;
1989 }
1990
1991 if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
1992 child->sig_md, hash, mbedtls_md_get_size( md_info ),
1993 child->sig.p, child->sig.len ) != 0 )
1994 {
1995 continue;
1996 }
1997
1998 if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ||
1999 mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
2000 {
2001 if ( future_past_ca == NULL )
2002 future_past_ca = trust_ca;
2003
2004 continue;
2005 }
2006
2007 break;
2008 }
2009
2010 if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL )
2011 {
2012 /*
2013 * Top of chain is signed by a trusted CA
2014 */
2015 *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2016
2017 if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
2018 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2019 }
2020
2021 /*
2022 * If top of chain is not the same as the trusted CA send a verify request
2023 * to the callback for any issues with validity and CRL presence for the
2024 * trusted CA certificate.
2025 */
2026 if( trust_ca != NULL &&
2027 ( child->subject_raw.len != trust_ca->subject_raw.len ||
2028 memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
2029 child->subject_raw.len ) != 0 ) )
2030 {
2031 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2032 /* Check trusted CA's CRL for the chain's top crt */
2033 *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile );
2034 #else
2035 ((void) ca_crl);
2036 #endif
2037
2038 if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
2039 ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
2040
2041 if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
2042 ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
2043
2044 if( NULL != f_vrfy )
2045 {
2046 if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
2047 &ca_flags ) ) != 0 )
2048 {
2049 return( ret );
2050 }
2051 }
2052 }
2053
2054 /* Call callback on top cert */
2055 if( NULL != f_vrfy )
2056 {
2057 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
2058 return( ret );
2059 }
2060
2061 *flags |= ca_flags;
2062
2063 return( 0 );
2064 }
2065
2066 /*
2067 * Verify a certificate with a parent inside the chain
2068 *
2069 * See comments for mbedtls_x509_crt_verify_with_profile()
2070 */
2071 static int x509_crt_verify_child(
2072 mbedtls_x509_crt *child, mbedtls_x509_crt *parent,
2073 mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl,
2074 const mbedtls_x509_crt_profile *profile,
2075 int path_cnt, int self_cnt, uint32_t *flags,
2076 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2077 void *p_vrfy )
2078 {
2079 int ret;
2080 uint32_t parent_flags = 0;
2081 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2082 mbedtls_x509_crt *grandparent;
2083 const mbedtls_md_info_t *md_info;
2084
2085 /* Counting intermediate self signed certificates */
2086 if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 )
2087 self_cnt++;
2088
2089 /* path_cnt is 0 for the first intermediate CA */
2090 if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
2091 {
2092 /* return immediately as the goal is to avoid unbounded recursion */
2093 return( MBEDTLS_ERR_X509_FATAL_ERROR );
2094 }
2095
2096 if( mbedtls_x509_time_is_past( &child->valid_to ) )
2097 *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
2098
2099 if( mbedtls_x509_time_is_future( &child->valid_from ) )
2100 *flags |= MBEDTLS_X509_BADCERT_FUTURE;
2101
2102 if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
2103 *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
2104
2105 if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
2106 *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
2107
2108 md_info = mbedtls_md_info_from_type( child->sig_md );
2109 if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
2110 {
2111 /* Note: this can't happen except after an internal error */
2112 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2113 }
2114 else
2115 {
2116 if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 )
2117 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2118
2119 if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
2120 child->sig_md, hash, mbedtls_md_get_size( md_info ),
2121 child->sig.p, child->sig.len ) != 0 )
2122 {
2123 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2124 }
2125 }
2126
2127 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2128 /* Check trusted CA's CRL for the given crt */
2129 *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile );
2130 #endif
2131
2132 /* Look for a grandparent in trusted CAs */
2133 for( grandparent = trust_ca;
2134 grandparent != NULL;
2135 grandparent = grandparent->next )
2136 {
2137 if( x509_crt_check_parent( parent, grandparent,
2138 0, path_cnt == 0 ) == 0 )
2139 break;
2140 }
2141
2142 if( grandparent != NULL )
2143 {
2144 ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile,
2145 path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy );
2146 if( ret != 0 )
2147 return( ret );
2148 }
2149 else
2150 {
2151 /* Look for a grandparent upwards the chain */
2152 for( grandparent = parent->next;
2153 grandparent != NULL;
2154 grandparent = grandparent->next )
2155 {
2156 /* +2 because the current step is not yet accounted for
2157 * and because max_pathlen is one higher than it should be.
2158 * Also self signed certificates do not count to the limit. */
2159 if( grandparent->max_pathlen > 0 &&
2160 grandparent->max_pathlen < 2 + path_cnt - self_cnt )
2161 {
2162 continue;
2163 }
2164
2165 if( x509_crt_check_parent( parent, grandparent,
2166 0, path_cnt == 0 ) == 0 )
2167 break;
2168 }
2169
2170 /* Is our parent part of the chain or at the top? */
2171 if( grandparent != NULL )
2172 {
2173 ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
2174 profile, path_cnt + 1, self_cnt, &parent_flags,
2175 f_vrfy, p_vrfy );
2176 if( ret != 0 )
2177 return( ret );
2178 }
2179 else
2180 {
2181 ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
2182 path_cnt + 1, self_cnt, &parent_flags,
2183 f_vrfy, p_vrfy );
2184 if( ret != 0 )
2185 return( ret );
2186 }
2187 }
2188
2189 /* child is verified to be a child of the parent, call verify callback */
2190 if( NULL != f_vrfy )
2191 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
2192 return( ret );
2193
2194 *flags |= parent_flags;
2195
2196 return( 0 );
2197 }
2198
2199 /*
2200 * Verify the certificate validity
2201 */
2202 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
2203 mbedtls_x509_crt *trust_ca,
2204 mbedtls_x509_crl *ca_crl,
2205 const char *cn, uint32_t *flags,
2206 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2207 void *p_vrfy )
2208 {
2209 return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
2210 &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
2211 }
2212
2213
2214 /*
2215 * Verify the certificate validity, with profile
2216 *
2217 * The chain building/verification is spread accross 4 functions:
2218 * - this one
2219 * - x509_crt_verify_child()
2220 * - x509_crt_verify_top()
2221 * - x509_crt_check_parent()
2222 *
2223 * There are five main cases to consider. Let's introduce some notation:
2224 * - E means the end-entity certificate
2225 * - I an intermediate CA
2226 * - R the trusted root CA this chain anchors to
2227 * - T the list of trusted roots (R and possible some others)
2228 *
2229 * The main cases with the calling sequence of the crt_verify_xxx() are:
2230 * 1. E = R (explicitly trusted EE cert)
2231 * verify(E, T) -> verify_top(E, R)
2232 * 2. E -> R (EE signed by trusted root)
2233 * verify(E, T) -> verify_top(E, R)
2234 * 3. E -> I -> R (EE signed by intermediate signed by trusted root)
2235 * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, R)
2236 * (plus variant with multiple intermediates)
2237 * 4. E -> I (EE signed by intermediate that's not trusted)
2238 * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, T)
2239 * (plus variant with multiple intermediates)
2240 * 5. E (EE not trusted)
2241 * verify(E, T) -> verify_top(E, T)
2242 *
2243 * Note: this notation and case numbering is also used in x509_crt_verify_top()
2244 */
2245 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
2246 mbedtls_x509_crt *trust_ca,
2247 mbedtls_x509_crl *ca_crl,
2248 const mbedtls_x509_crt_profile *profile,
2249 const char *cn, uint32_t *flags,
2250 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2251 void *p_vrfy )
2252 {
2253 size_t cn_len;
2254 int ret;
2255 int pathlen = 0, selfsigned = 0;
2256 mbedtls_x509_crt *parent;
2257 mbedtls_x509_name *name;
2258 mbedtls_x509_sequence *cur = NULL;
2259 mbedtls_pk_type_t pk_type;
2260
2261 *flags = 0;
2262
2263 if( profile == NULL )
2264 {
2265 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
2266 goto exit;
2267 }
2268
2269 if( cn != NULL )
2270 {
2271 name = &crt->subject;
2272 cn_len = strlen( cn );
2273
2274 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
2275 {
2276 cur = &crt->subject_alt_names;
2277
2278 while( cur != NULL )
2279 {
2280 if( cur->buf.len == cn_len &&
2281 x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
2282 break;
2283
2284 if( cur->buf.len > 2 &&
2285 memcmp( cur->buf.p, "*.", 2 ) == 0 &&
2286 x509_check_wildcard( cn, &cur->buf ) == 0 )
2287 {
2288 break;
2289 }
2290
2291 cur = cur->next;
2292 }
2293
2294 if( cur == NULL )
2295 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
2296 }
2297 else
2298 {
2299 while( name != NULL )
2300 {
2301 if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
2302 {
2303 if( name->val.len == cn_len &&
2304 x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
2305 break;
2306
2307 if( name->val.len > 2 &&
2308 memcmp( name->val.p, "*.", 2 ) == 0 &&
2309 x509_check_wildcard( cn, &name->val ) == 0 )
2310 break;
2311 }
2312
2313 name = name->next;
2314 }
2315
2316 if( name == NULL )
2317 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
2318 }
2319 }
2320
2321 /* Check the type and size of the key */
2322 pk_type = mbedtls_pk_get_type( &crt->pk );
2323
2324 if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
2325 *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
2326
2327 if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 )
2328 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2329
2330 /* Look for a parent in trusted CAs */
2331 for( parent = trust_ca; parent != NULL; parent = parent->next )
2332 {
2333 if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
2334 break;
2335 }
2336
2337 if( parent != NULL )
2338 {
2339 ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
2340 pathlen, selfsigned, flags, f_vrfy, p_vrfy );
2341 if( ret != 0 )
2342 goto exit;
2343 }
2344 else
2345 {
2346 /* Look for a parent upwards the chain */
2347 for( parent = crt->next; parent != NULL; parent = parent->next )
2348 if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
2349 break;
2350
2351 /* Are we part of the chain or at the top? */
2352 if( parent != NULL )
2353 {
2354 ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
2355 pathlen, selfsigned, flags, f_vrfy, p_vrfy );
2356 if( ret != 0 )
2357 goto exit;
2358 }
2359 else
2360 {
2361 ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
2362 pathlen, selfsigned, flags, f_vrfy, p_vrfy );
2363 if( ret != 0 )
2364 goto exit;
2365 }
2366 }
2367
2368 exit:
2369 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
2370 * the SSL module for authmode optional, but non-zero return from the
2371 * callback means a fatal error so it shouldn't be ignored */
2372 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
2373 ret = MBEDTLS_ERR_X509_FATAL_ERROR;
2374
2375 if( ret != 0 )
2376 {
2377 *flags = (uint32_t) -1;
2378 return( ret );
2379 }
2380
2381 if( *flags != 0 )
2382 return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
2383
2384 return( 0 );
2385 }
2386
2387 /*
2388 * Initialize a certificate chain
2389 */
2390 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
2391 {
2392 memset( crt, 0, sizeof(mbedtls_x509_crt) );
2393 }
2394
2395 /*
2396 * Unallocate all certificate data
2397 */
2398 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
2399 {
2400 mbedtls_x509_crt *cert_cur = crt;
2401 mbedtls_x509_crt *cert_prv;
2402 mbedtls_x509_name *name_cur;
2403 mbedtls_x509_name *name_prv;
2404 mbedtls_x509_sequence *seq_cur;
2405 mbedtls_x509_sequence *seq_prv;
2406
2407 if( crt == NULL )
2408 return;
2409
2410 do
2411 {
2412 mbedtls_pk_free( &cert_cur->pk );
2413
2414 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
2415 mbedtls_free( cert_cur->sig_opts );
2416 #endif
2417
2418 name_cur = cert_cur->issuer.next;
2419 while( name_cur != NULL )
2420 {
2421 name_prv = name_cur;
2422 name_cur = name_cur->next;
2423 mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
2424 mbedtls_free( name_prv );
2425 }
2426
2427 name_cur = cert_cur->subject.next;
2428 while( name_cur != NULL )
2429 {
2430 name_prv = name_cur;
2431 name_cur = name_cur->next;
2432 mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
2433 mbedtls_free( name_prv );
2434 }
2435
2436 seq_cur = cert_cur->ext_key_usage.next;
2437 while( seq_cur != NULL )
2438 {
2439 seq_prv = seq_cur;
2440 seq_cur = seq_cur->next;
2441 mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
2442 mbedtls_free( seq_prv );
2443 }
2444
2445 seq_cur = cert_cur->subject_alt_names.next;
2446 while( seq_cur != NULL )
2447 {
2448 seq_prv = seq_cur;
2449 seq_cur = seq_cur->next;
2450 mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
2451 mbedtls_free( seq_prv );
2452 }
2453
2454 if( cert_cur->raw.p != NULL )
2455 {
2456 mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len );
2457 mbedtls_free( cert_cur->raw.p );
2458 }
2459
2460 cert_cur = cert_cur->next;
2461 }
2462 while( cert_cur != NULL );
2463
2464 cert_cur = crt;
2465 do
2466 {
2467 cert_prv = cert_cur;
2468 cert_cur = cert_cur->next;
2469
2470 mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
2471 if( cert_prv != crt )
2472 mbedtls_free( cert_prv );
2473 }
2474 while( cert_cur != NULL );
2475 }
2476
2477 #endif /* MBEDTLS_X509_CRT_PARSE_C */
A free Windows-compatible Operating System