Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
x509_crt.c
00001 /* 00002 * X.509 certificate parsing and verification 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * The ITU-T X.509 standard defines a certificate format for PKI. 00023 * 00024 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) 00025 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) 00026 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) 00027 * 00028 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 00029 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 00030 * 00031 * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf 00032 */ 00033 00034 #if !defined(MBEDTLS_CONFIG_FILE) 00035 #include "mbedtls/config.h" 00036 #else 00037 #include MBEDTLS_CONFIG_FILE 00038 #endif 00039 00040 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00041 00042 #include "mbedtls/x509_crt.h" 00043 #include "mbedtls/oid.h" 00044 #include "mbedtls/platform_util.h" 00045 00046 #include <string.h> 00047 00048 #if defined(MBEDTLS_PEM_PARSE_C) 00049 #include "mbedtls/pem.h" 00050 #endif 00051 00052 #if defined(MBEDTLS_USE_PSA_CRYPTO) 00053 #include "psa/crypto.h" 00054 #include "mbedtls/psa_util.h" 00055 #endif 00056 00057 #if defined(MBEDTLS_PLATFORM_C) 00058 #include "mbedtls/platform.h" 00059 #else 00060 #include <stdio.h> 00061 #include <stdlib.h> 00062 #define mbedtls_free free 00063 #define mbedtls_calloc calloc 00064 #define mbedtls_snprintf snprintf 00065 #endif 00066 00067 #if defined(MBEDTLS_THREADING_C) 00068 #include "mbedtls/threading.h" 00069 #endif 00070 00071 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 00072 #include <windows.h> 00073 #else 00074 #include <time.h> 00075 #endif 00076 00077 #if defined(MBEDTLS_FS_IO) 00078 #include <stdio.h> 00079 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) 00080 #include <sys/types.h> 00081 #include <sys/stat.h> 00082 #include <dirent.h> 00083 #endif /* !_WIN32 || EFIX64 || EFI32 */ 00084 #endif 00085 00086 /* 00087 * Item in a verification chain: cert and flags for it 00088 */ 00089 typedef struct { 00090 mbedtls_x509_crt *crt; 00091 uint32_t flags; 00092 } x509_crt_verify_chain_item; 00093 00094 /* 00095 * Max size of verification chain: end-entity + intermediates + trusted root 00096 */ 00097 #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) 00098 00099 /* 00100 * Default profile 00101 */ 00102 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = 00103 { 00104 #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) 00105 /* Allow SHA-1 (weak, but still safe in controlled environments) */ 00106 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | 00107 #endif 00108 /* Only SHA-2 hashes */ 00109 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | 00110 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 00111 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 00112 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 00113 0xFFFFFFF, /* Any PK alg */ 00114 0xFFFFFFF, /* Any curve */ 00115 2048, 00116 }; 00117 00118 /* 00119 * Next-default profile 00120 */ 00121 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = 00122 { 00123 /* Hashes from SHA-256 and above */ 00124 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 00125 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 00126 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 00127 0xFFFFFFF, /* Any PK alg */ 00128 #if defined(MBEDTLS_ECP_C) 00129 /* Curves at or above 128-bit security level */ 00130 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | 00131 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) | 00132 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) | 00133 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) | 00134 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) | 00135 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) | 00136 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ), 00137 #else 00138 0, 00139 #endif 00140 2048, 00141 }; 00142 00143 /* 00144 * NSA Suite B Profile 00145 */ 00146 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = 00147 { 00148 /* Only SHA-256 and 384 */ 00149 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 00150 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), 00151 /* Only ECDSA */ 00152 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | 00153 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), 00154 #if defined(MBEDTLS_ECP_C) 00155 /* Only NIST P-256 and P-384 */ 00156 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | 00157 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ), 00158 #else 00159 0, 00160 #endif 00161 0, 00162 }; 00163 00164 /* 00165 * Check md_alg against profile 00166 * Return 0 if md_alg is acceptable for this profile, -1 otherwise 00167 */ 00168 static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, 00169 mbedtls_md_type_t md_alg ) 00170 { 00171 if( md_alg == MBEDTLS_MD_NONE ) 00172 return( -1 ); 00173 00174 if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) 00175 return( 0 ); 00176 00177 return( -1 ); 00178 } 00179 00180 /* 00181 * Check pk_alg against profile 00182 * Return 0 if pk_alg is acceptable for this profile, -1 otherwise 00183 */ 00184 static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, 00185 mbedtls_pk_type_t pk_alg ) 00186 { 00187 if( pk_alg == MBEDTLS_PK_NONE ) 00188 return( -1 ); 00189 00190 if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) 00191 return( 0 ); 00192 00193 return( -1 ); 00194 } 00195 00196 /* 00197 * Check key against profile 00198 * Return 0 if pk is acceptable for this profile, -1 otherwise 00199 */ 00200 static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, 00201 const mbedtls_pk_context *pk ) 00202 { 00203 const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk ); 00204 00205 #if defined(MBEDTLS_RSA_C) 00206 if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) 00207 { 00208 if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) 00209 return( 0 ); 00210 00211 return( -1 ); 00212 } 00213 #endif 00214 00215 #if defined(MBEDTLS_ECP_C) 00216 if( pk_alg == MBEDTLS_PK_ECDSA || 00217 pk_alg == MBEDTLS_PK_ECKEY || 00218 pk_alg == MBEDTLS_PK_ECKEY_DH ) 00219 { 00220 const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp .id ; 00221 00222 if( gid == MBEDTLS_ECP_DP_NONE ) 00223 return( -1 ); 00224 00225 if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) 00226 return( 0 ); 00227 00228 return( -1 ); 00229 } 00230 #endif 00231 00232 return( -1 ); 00233 } 00234 00235 /* 00236 * Like memcmp, but case-insensitive and always returns -1 if different 00237 */ 00238 static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) 00239 { 00240 size_t i; 00241 unsigned char diff; 00242 const unsigned char *n1 = s1, *n2 = s2; 00243 00244 for( i = 0; i < len; i++ ) 00245 { 00246 diff = n1[i] ^ n2[i]; 00247 00248 if( diff == 0 ) 00249 continue; 00250 00251 if( diff == 32 && 00252 ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || 00253 ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) 00254 { 00255 continue; 00256 } 00257 00258 return( -1 ); 00259 } 00260 00261 return( 0 ); 00262 } 00263 00264 /* 00265 * Return 0 if name matches wildcard, -1 otherwise 00266 */ 00267 static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) 00268 { 00269 size_t i; 00270 size_t cn_idx = 0, cn_len = strlen( cn ); 00271 00272 /* We can't have a match if there is no wildcard to match */ 00273 if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) 00274 return( -1 ); 00275 00276 for( i = 0; i < cn_len; ++i ) 00277 { 00278 if( cn[i] == '.' ) 00279 { 00280 cn_idx = i; 00281 break; 00282 } 00283 } 00284 00285 if( cn_idx == 0 ) 00286 return( -1 ); 00287 00288 if( cn_len - cn_idx == name->len - 1 && 00289 x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) 00290 { 00291 return( 0 ); 00292 } 00293 00294 return( -1 ); 00295 } 00296 00297 /* 00298 * Compare two X.509 strings, case-insensitive, and allowing for some encoding 00299 * variations (but not all). 00300 * 00301 * Return 0 if equal, -1 otherwise. 00302 */ 00303 static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) 00304 { 00305 if( a->tag == b->tag && 00306 a->len == b->len && 00307 memcmp( a->p, b->p, b->len ) == 0 ) 00308 { 00309 return( 0 ); 00310 } 00311 00312 if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && 00313 ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && 00314 a->len == b->len && 00315 x509_memcasecmp( a->p, b->p, b->len ) == 0 ) 00316 { 00317 return( 0 ); 00318 } 00319 00320 return( -1 ); 00321 } 00322 00323 /* 00324 * Compare two X.509 Names (aka rdnSequence). 00325 * 00326 * See RFC 5280 section 7.1, though we don't implement the whole algorithm: 00327 * we sometimes return unequal when the full algorithm would return equal, 00328 * but never the other way. (In particular, we don't do Unicode normalisation 00329 * or space folding.) 00330 * 00331 * Return 0 if equal, -1 otherwise. 00332 */ 00333 static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) 00334 { 00335 /* Avoid recursion, it might not be optimised by the compiler */ 00336 while( a != NULL || b != NULL ) 00337 { 00338 if( a == NULL || b == NULL ) 00339 return( -1 ); 00340 00341 /* type */ 00342 if( a->oid.tag != b->oid.tag || 00343 a->oid.len != b->oid.len || 00344 memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) 00345 { 00346 return( -1 ); 00347 } 00348 00349 /* value */ 00350 if( x509_string_cmp( &a->val, &b->val ) != 0 ) 00351 return( -1 ); 00352 00353 /* structure of the list of sets */ 00354 if( a->next_merged != b->next_merged ) 00355 return( -1 ); 00356 00357 a = a->next; 00358 b = b->next; 00359 } 00360 00361 /* a == NULL == b */ 00362 return( 0 ); 00363 } 00364 00365 /* 00366 * Reset (init or clear) a verify_chain 00367 */ 00368 static void x509_crt_verify_chain_reset( 00369 mbedtls_x509_crt_verify_chain *ver_chain ) 00370 { 00371 size_t i; 00372 00373 for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) 00374 { 00375 ver_chain->items[i].crt = NULL; 00376 ver_chain->items[i].flags = (uint32_t) -1; 00377 } 00378 00379 ver_chain->len = 0; 00380 00381 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 00382 ver_chain->trust_ca_cb_result = NULL; 00383 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 00384 } 00385 00386 /* 00387 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 00388 */ 00389 static int x509_get_version( unsigned char **p, 00390 const unsigned char *end, 00391 int *ver ) 00392 { 00393 int ret; 00394 size_t len; 00395 00396 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00397 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 ) 00398 { 00399 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00400 { 00401 *ver = 0; 00402 return( 0 ); 00403 } 00404 00405 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 00406 } 00407 00408 end = *p + len; 00409 00410 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) 00411 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); 00412 00413 if( *p != end ) 00414 return( MBEDTLS_ERR_X509_INVALID_VERSION + 00415 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00416 00417 return( 0 ); 00418 } 00419 00420 /* 00421 * Validity ::= SEQUENCE { 00422 * notBefore Time, 00423 * notAfter Time } 00424 */ 00425 static int x509_get_dates( unsigned char **p, 00426 const unsigned char *end, 00427 mbedtls_x509_time *from, 00428 mbedtls_x509_time *to ) 00429 { 00430 int ret; 00431 size_t len; 00432 00433 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00434 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00435 return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); 00436 00437 end = *p + len; 00438 00439 if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 ) 00440 return( ret ); 00441 00442 if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 ) 00443 return( ret ); 00444 00445 if( *p != end ) 00446 return( MBEDTLS_ERR_X509_INVALID_DATE + 00447 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00448 00449 return( 0 ); 00450 } 00451 00452 /* 00453 * X.509 v2/v3 unique identifier (not parsed) 00454 */ 00455 static int x509_get_uid( unsigned char **p, 00456 const unsigned char *end, 00457 mbedtls_x509_buf *uid, int n ) 00458 { 00459 int ret; 00460 00461 if( *p == end ) 00462 return( 0 ); 00463 00464 uid->tag = **p; 00465 00466 if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len, 00467 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 ) 00468 { 00469 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00470 return( 0 ); 00471 00472 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 00473 } 00474 00475 uid->p = *p; 00476 *p += uid->len; 00477 00478 return( 0 ); 00479 } 00480 00481 static int x509_get_basic_constraints( unsigned char **p, 00482 const unsigned char *end, 00483 int *ca_istrue, 00484 int *max_pathlen ) 00485 { 00486 int ret; 00487 size_t len; 00488 00489 /* 00490 * BasicConstraints ::= SEQUENCE { 00491 * cA BOOLEAN DEFAULT FALSE, 00492 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 00493 */ 00494 *ca_istrue = 0; /* DEFAULT FALSE */ 00495 *max_pathlen = 0; /* endless */ 00496 00497 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00498 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00499 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00500 00501 if( *p == end ) 00502 return( 0 ); 00503 00504 if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 ) 00505 { 00506 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00507 ret = mbedtls_asn1_get_int( p, end, ca_istrue ); 00508 00509 if( ret != 0 ) 00510 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00511 00512 if( *ca_istrue != 0 ) 00513 *ca_istrue = 1; 00514 } 00515 00516 if( *p == end ) 00517 return( 0 ); 00518 00519 if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) 00520 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00521 00522 if( *p != end ) 00523 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00524 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00525 00526 (*max_pathlen)++; 00527 00528 return( 0 ); 00529 } 00530 00531 static int x509_get_ns_cert_type( unsigned char **p, 00532 const unsigned char *end, 00533 unsigned char *ns_cert_type) 00534 { 00535 int ret; 00536 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 00537 00538 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) 00539 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00540 00541 if( bs.len != 1 ) 00542 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00543 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 00544 00545 /* Get actual bitstring */ 00546 *ns_cert_type = *bs.p; 00547 return( 0 ); 00548 } 00549 00550 static int x509_get_key_usage( unsigned char **p, 00551 const unsigned char *end, 00552 unsigned int *key_usage) 00553 { 00554 int ret; 00555 size_t i; 00556 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 00557 00558 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) 00559 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00560 00561 if( bs.len < 1 ) 00562 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00563 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 00564 00565 /* Get actual bitstring */ 00566 *key_usage = 0; 00567 for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) 00568 { 00569 *key_usage |= (unsigned int) bs.p[i] << (8*i); 00570 } 00571 00572 return( 0 ); 00573 } 00574 00575 /* 00576 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 00577 * 00578 * KeyPurposeId ::= OBJECT IDENTIFIER 00579 */ 00580 static int x509_get_ext_key_usage( unsigned char **p, 00581 const unsigned char *end, 00582 mbedtls_x509_sequence *ext_key_usage) 00583 { 00584 int ret; 00585 00586 if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) 00587 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00588 00589 /* Sequence length must be >= 1 */ 00590 if( ext_key_usage->buf.p == NULL ) 00591 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00592 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 00593 00594 return( 0 ); 00595 } 00596 00597 /* 00598 * SubjectAltName ::= GeneralNames 00599 * 00600 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 00601 * 00602 * GeneralName ::= CHOICE { 00603 * otherName [0] OtherName, 00604 * rfc822Name [1] IA5String, 00605 * dNSName [2] IA5String, 00606 * x400Address [3] ORAddress, 00607 * directoryName [4] Name, 00608 * ediPartyName [5] EDIPartyName, 00609 * uniformResourceIdentifier [6] IA5String, 00610 * iPAddress [7] OCTET STRING, 00611 * registeredID [8] OBJECT IDENTIFIER } 00612 * 00613 * OtherName ::= SEQUENCE { 00614 * type-id OBJECT IDENTIFIER, 00615 * value [0] EXPLICIT ANY DEFINED BY type-id } 00616 * 00617 * EDIPartyName ::= SEQUENCE { 00618 * nameAssigner [0] DirectoryString OPTIONAL, 00619 * partyName [1] DirectoryString } 00620 * 00621 * NOTE: we list all types, but only use dNSName and otherName 00622 * of type HwModuleName, as defined in RFC 4108, at this point. 00623 */ 00624 static int x509_get_subject_alt_name( unsigned char **p, 00625 const unsigned char *end, 00626 mbedtls_x509_sequence *subject_alt_name ) 00627 { 00628 int ret; 00629 size_t len, tag_len; 00630 mbedtls_asn1_buf *buf; 00631 unsigned char tag; 00632 mbedtls_asn1_sequence *cur = subject_alt_name; 00633 00634 /* Get main sequence tag */ 00635 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00636 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00637 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00638 00639 if( *p + len != end ) 00640 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00641 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00642 00643 while( *p < end ) 00644 { 00645 mbedtls_x509_subject_alternative_name dummy_san_buf; 00646 memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) ); 00647 00648 if( ( end - *p ) < 1 ) 00649 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00650 MBEDTLS_ERR_ASN1_OUT_OF_DATA ); 00651 00652 tag = **p; 00653 (*p)++; 00654 if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) 00655 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00656 00657 if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != 00658 MBEDTLS_ASN1_CONTEXT_SPECIFIC ) 00659 { 00660 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00661 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 00662 } 00663 00664 /* 00665 * Check that the SAN are structured correct. 00666 */ 00667 ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf ); 00668 /* 00669 * In case the extension is malformed, return an error, 00670 * and clear the allocated sequences. 00671 */ 00672 if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) 00673 { 00674 mbedtls_x509_sequence *seq_cur = subject_alt_name->next; 00675 mbedtls_x509_sequence *seq_prv; 00676 while( seq_cur != NULL ) 00677 { 00678 seq_prv = seq_cur; 00679 seq_cur = seq_cur->next; 00680 mbedtls_platform_zeroize( seq_prv, 00681 sizeof( mbedtls_x509_sequence ) ); 00682 mbedtls_free( seq_prv ); 00683 } 00684 subject_alt_name->next = NULL; 00685 return( ret ); 00686 } 00687 00688 /* Allocate and assign next pointer */ 00689 if( cur->buf.p != NULL ) 00690 { 00691 if( cur->next != NULL ) 00692 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 00693 00694 cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); 00695 00696 if( cur->next == NULL ) 00697 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00698 MBEDTLS_ERR_ASN1_ALLOC_FAILED ); 00699 00700 cur = cur->next; 00701 } 00702 00703 buf = &(cur->buf); 00704 buf->tag = tag; 00705 buf->p = *p; 00706 buf->len = tag_len; 00707 *p += buf->len; 00708 } 00709 00710 /* Set final sequence entry's next pointer to NULL */ 00711 cur->next = NULL; 00712 00713 if( *p != end ) 00714 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00715 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00716 00717 return( 0 ); 00718 } 00719 00720 /* 00721 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 00722 * 00723 * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } 00724 * 00725 * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 00726 * 00727 * PolicyInformation ::= SEQUENCE { 00728 * policyIdentifier CertPolicyId, 00729 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 00730 * PolicyQualifierInfo OPTIONAL } 00731 * 00732 * CertPolicyId ::= OBJECT IDENTIFIER 00733 * 00734 * PolicyQualifierInfo ::= SEQUENCE { 00735 * policyQualifierId PolicyQualifierId, 00736 * qualifier ANY DEFINED BY policyQualifierId } 00737 * 00738 * -- policyQualifierIds for Internet policy qualifiers 00739 * 00740 * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 00741 * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } 00742 * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } 00743 * 00744 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 00745 * 00746 * Qualifier ::= CHOICE { 00747 * cPSuri CPSuri, 00748 * userNotice UserNotice } 00749 * 00750 * CPSuri ::= IA5String 00751 * 00752 * UserNotice ::= SEQUENCE { 00753 * noticeRef NoticeReference OPTIONAL, 00754 * explicitText DisplayText OPTIONAL } 00755 * 00756 * NoticeReference ::= SEQUENCE { 00757 * organization DisplayText, 00758 * noticeNumbers SEQUENCE OF INTEGER } 00759 * 00760 * DisplayText ::= CHOICE { 00761 * ia5String IA5String (SIZE (1..200)), 00762 * visibleString VisibleString (SIZE (1..200)), 00763 * bmpString BMPString (SIZE (1..200)), 00764 * utf8String UTF8String (SIZE (1..200)) } 00765 * 00766 * NOTE: we only parse and use anyPolicy without qualifiers at this point 00767 * as defined in RFC 5280. 00768 */ 00769 static int x509_get_certificate_policies( unsigned char **p, 00770 const unsigned char *end, 00771 mbedtls_x509_sequence *certificate_policies ) 00772 { 00773 int ret, parse_ret = 0; 00774 size_t len; 00775 mbedtls_asn1_buf *buf; 00776 mbedtls_asn1_sequence *cur = certificate_policies; 00777 00778 /* Get main sequence tag */ 00779 ret = mbedtls_asn1_get_tag( p, end, &len, 00780 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); 00781 if( ret != 0 ) 00782 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00783 00784 if( *p + len != end ) 00785 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00786 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00787 00788 /* 00789 * Cannot be an empty sequence. 00790 */ 00791 if( len == 0 ) 00792 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00793 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00794 00795 while( *p < end ) 00796 { 00797 mbedtls_x509_buf policy_oid; 00798 const unsigned char *policy_end; 00799 00800 /* 00801 * Get the policy sequence 00802 */ 00803 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00804 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00805 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00806 00807 policy_end = *p + len; 00808 00809 if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, 00810 MBEDTLS_ASN1_OID ) ) != 0 ) 00811 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00812 00813 policy_oid.tag = MBEDTLS_ASN1_OID; 00814 policy_oid.len = len; 00815 policy_oid.p = *p; 00816 00817 /* 00818 * Only AnyPolicy is currently supported when enforcing policy. 00819 */ 00820 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_POLICY, &policy_oid ) != 0 ) 00821 { 00822 /* 00823 * Set the parsing return code but continue parsing, in case this 00824 * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 00825 * is configured. 00826 */ 00827 parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 00828 } 00829 00830 /* Allocate and assign next pointer */ 00831 if( cur->buf.p != NULL ) 00832 { 00833 if( cur->next != NULL ) 00834 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 00835 00836 cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); 00837 00838 if( cur->next == NULL ) 00839 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00840 MBEDTLS_ERR_ASN1_ALLOC_FAILED ); 00841 00842 cur = cur->next; 00843 } 00844 00845 buf = &( cur->buf ); 00846 buf->tag = policy_oid.tag; 00847 buf->p = policy_oid.p; 00848 buf->len = policy_oid.len; 00849 00850 *p += len; 00851 00852 /* 00853 * If there is an optional qualifier, then *p < policy_end 00854 * Check the Qualifier len to verify it doesn't exceed policy_end. 00855 */ 00856 if( *p < policy_end ) 00857 { 00858 if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, 00859 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00860 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00861 /* 00862 * Skip the optional policy qualifiers. 00863 */ 00864 *p += len; 00865 } 00866 00867 if( *p != policy_end ) 00868 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00869 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00870 } 00871 00872 /* Set final sequence entry's next pointer to NULL */ 00873 cur->next = NULL; 00874 00875 if( *p != end ) 00876 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00877 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00878 00879 return( parse_ret ); 00880 } 00881 00882 /* 00883 * X.509 v3 extensions 00884 * 00885 */ 00886 static int x509_get_crt_ext( unsigned char **p, 00887 const unsigned char *end, 00888 mbedtls_x509_crt *crt ) 00889 { 00890 int ret; 00891 size_t len; 00892 unsigned char *end_ext_data, *end_ext_octet; 00893 00894 if( *p == end ) 00895 return( 0 ); 00896 00897 if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 ) 00898 return( ret ); 00899 00900 end = crt->v3_ext.p + crt->v3_ext.len; 00901 while( *p < end ) 00902 { 00903 /* 00904 * Extension ::= SEQUENCE { 00905 * extnID OBJECT IDENTIFIER, 00906 * critical BOOLEAN DEFAULT FALSE, 00907 * extnValue OCTET STRING } 00908 */ 00909 mbedtls_x509_buf extn_oid = {0, 0, NULL}; 00910 int is_critical = 0; /* DEFAULT FALSE */ 00911 int ext_type = 0; 00912 00913 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00914 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00915 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00916 00917 end_ext_data = *p + len; 00918 00919 /* Get extension ID */ 00920 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, 00921 MBEDTLS_ASN1_OID ) ) != 0 ) 00922 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00923 00924 extn_oid.tag = MBEDTLS_ASN1_OID; 00925 extn_oid.p = *p; 00926 *p += extn_oid.len; 00927 00928 /* Get optional critical */ 00929 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && 00930 ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) 00931 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00932 00933 /* Data should be octet string type */ 00934 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, 00935 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 00936 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00937 00938 end_ext_octet = *p + len; 00939 00940 if( end_ext_octet != end_ext_data ) 00941 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00942 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00943 00944 /* 00945 * Detect supported extensions 00946 */ 00947 ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type ); 00948 00949 if( ret != 0 ) 00950 { 00951 /* No parser found, skip extension */ 00952 *p = end_ext_octet; 00953 00954 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) 00955 if( is_critical ) 00956 { 00957 /* Data is marked as critical: fail */ 00958 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00959 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 00960 } 00961 #endif 00962 continue; 00963 } 00964 00965 /* Forbid repeated extensions */ 00966 if( ( crt->ext_types & ext_type ) != 0 ) 00967 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 00968 00969 crt->ext_types |= ext_type; 00970 00971 switch( ext_type ) 00972 { 00973 case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: 00974 /* Parse basic constraints */ 00975 if( ( ret = x509_get_basic_constraints( p, end_ext_octet, 00976 &crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) 00977 return( ret ); 00978 break; 00979 00980 case MBEDTLS_X509_EXT_KEY_USAGE: 00981 /* Parse key usage */ 00982 if( ( ret = x509_get_key_usage( p, end_ext_octet, 00983 &crt->key_usage ) ) != 0 ) 00984 return( ret ); 00985 break; 00986 00987 case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: 00988 /* Parse extended key usage */ 00989 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet, 00990 &crt->ext_key_usage ) ) != 0 ) 00991 return( ret ); 00992 break; 00993 00994 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: 00995 /* Parse subject alt name */ 00996 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, 00997 &crt->subject_alt_names ) ) != 0 ) 00998 return( ret ); 00999 break; 01000 01001 case MBEDTLS_X509_EXT_NS_CERT_TYPE: 01002 /* Parse netscape certificate type */ 01003 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet, 01004 &crt->ns_cert_type ) ) != 0 ) 01005 return( ret ); 01006 break; 01007 01008 case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: 01009 /* Parse certificate policies type */ 01010 if( ( ret = x509_get_certificate_policies( p, end_ext_octet, 01011 &crt->certificate_policies ) ) != 0 ) 01012 { 01013 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) 01014 if( is_critical ) 01015 return( ret ); 01016 else 01017 #endif 01018 /* 01019 * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we 01020 * cannot interpret or enforce the policy. However, it is up to 01021 * the user to choose how to enforce the policies, 01022 * unless the extension is critical. 01023 */ 01024 if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) 01025 return( ret ); 01026 } 01027 break; 01028 01029 default: 01030 /* 01031 * If this is a non-critical extension, which the oid layer 01032 * supports, but there isn't an x509 parser for it, 01033 * skip the extension. 01034 */ 01035 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) 01036 if( is_critical ) 01037 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 01038 else 01039 #endif 01040 *p = end_ext_octet; 01041 } 01042 } 01043 01044 if( *p != end ) 01045 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 01046 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 01047 01048 return( 0 ); 01049 } 01050 01051 /* 01052 * Parse and fill a single X.509 certificate in DER format 01053 */ 01054 static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, 01055 const unsigned char *buf, 01056 size_t buflen, 01057 int make_copy ) 01058 { 01059 int ret; 01060 size_t len; 01061 unsigned char *p, *end, *crt_end; 01062 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 01063 01064 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); 01065 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); 01066 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); 01067 01068 /* 01069 * Check for valid input 01070 */ 01071 if( crt == NULL || buf == NULL ) 01072 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 01073 01074 /* Use the original buffer until we figure out actual length. */ 01075 p = (unsigned char*) buf; 01076 len = buflen; 01077 end = p + len; 01078 01079 /* 01080 * Certificate ::= SEQUENCE { 01081 * tbsCertificate TBSCertificate, 01082 * signatureAlgorithm AlgorithmIdentifier, 01083 * signatureValue BIT STRING } 01084 */ 01085 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01086 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 01087 { 01088 mbedtls_x509_crt_free( crt ); 01089 return( MBEDTLS_ERR_X509_INVALID_FORMAT ); 01090 } 01091 01092 end = crt_end = p + len; 01093 crt->raw.len = crt_end - buf; 01094 if( make_copy != 0 ) 01095 { 01096 /* Create and populate a new buffer for the raw field. */ 01097 crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len ); 01098 if( crt->raw.p == NULL ) 01099 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 01100 01101 memcpy( crt->raw.p, buf, crt->raw.len ); 01102 crt->own_buffer = 1; 01103 01104 p += crt->raw.len - len; 01105 end = crt_end = p + len; 01106 } 01107 else 01108 { 01109 crt->raw.p = (unsigned char*) buf; 01110 crt->own_buffer = 0; 01111 } 01112 01113 /* 01114 * TBSCertificate ::= SEQUENCE { 01115 */ 01116 crt->tbs.p = p; 01117 01118 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01119 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 01120 { 01121 mbedtls_x509_crt_free( crt ); 01122 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 01123 } 01124 01125 end = p + len; 01126 crt->tbs.len = end - crt->tbs.p; 01127 01128 /* 01129 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 01130 * 01131 * CertificateSerialNumber ::= INTEGER 01132 * 01133 * signature AlgorithmIdentifier 01134 */ 01135 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || 01136 ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 || 01137 ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid, 01138 &sig_params1 ) ) != 0 ) 01139 { 01140 mbedtls_x509_crt_free( crt ); 01141 return( ret ); 01142 } 01143 01144 if( crt->version < 0 || crt->version > 2 ) 01145 { 01146 mbedtls_x509_crt_free( crt ); 01147 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); 01148 } 01149 01150 crt->version++; 01151 01152 if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, 01153 &crt->sig_md, &crt->sig_pk, 01154 &crt->sig_opts ) ) != 0 ) 01155 { 01156 mbedtls_x509_crt_free( crt ); 01157 return( ret ); 01158 } 01159 01160 /* 01161 * issuer Name 01162 */ 01163 crt->issuer_raw.p = p; 01164 01165 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01166 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 01167 { 01168 mbedtls_x509_crt_free( crt ); 01169 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 01170 } 01171 01172 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) 01173 { 01174 mbedtls_x509_crt_free( crt ); 01175 return( ret ); 01176 } 01177 01178 crt->issuer_raw.len = p - crt->issuer_raw.p; 01179 01180 /* 01181 * Validity ::= SEQUENCE { 01182 * notBefore Time, 01183 * notAfter Time } 01184 * 01185 */ 01186 if( ( ret = x509_get_dates( &p, end, &crt->valid_from, 01187 &crt->valid_to ) ) != 0 ) 01188 { 01189 mbedtls_x509_crt_free( crt ); 01190 return( ret ); 01191 } 01192 01193 /* 01194 * subject Name 01195 */ 01196 crt->subject_raw.p = p; 01197 01198 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01199 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 01200 { 01201 mbedtls_x509_crt_free( crt ); 01202 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 01203 } 01204 01205 if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) 01206 { 01207 mbedtls_x509_crt_free( crt ); 01208 return( ret ); 01209 } 01210 01211 crt->subject_raw.len = p - crt->subject_raw.p; 01212 01213 /* 01214 * SubjectPublicKeyInfo 01215 */ 01216 crt->pk_raw.p = p; 01217 if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 ) 01218 { 01219 mbedtls_x509_crt_free( crt ); 01220 return( ret ); 01221 } 01222 crt->pk_raw.len = p - crt->pk_raw.p; 01223 01224 /* 01225 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 01226 * -- If present, version shall be v2 or v3 01227 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 01228 * -- If present, version shall be v2 or v3 01229 * extensions [3] EXPLICIT Extensions OPTIONAL 01230 * -- If present, version shall be v3 01231 */ 01232 if( crt->version == 2 || crt->version == 3 ) 01233 { 01234 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 ); 01235 if( ret != 0 ) 01236 { 01237 mbedtls_x509_crt_free( crt ); 01238 return( ret ); 01239 } 01240 } 01241 01242 if( crt->version == 2 || crt->version == 3 ) 01243 { 01244 ret = x509_get_uid( &p, end, &crt->subject_id, 2 ); 01245 if( ret != 0 ) 01246 { 01247 mbedtls_x509_crt_free( crt ); 01248 return( ret ); 01249 } 01250 } 01251 01252 #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) 01253 if( crt->version == 3 ) 01254 #endif 01255 { 01256 ret = x509_get_crt_ext( &p, end, crt ); 01257 if( ret != 0 ) 01258 { 01259 mbedtls_x509_crt_free( crt ); 01260 return( ret ); 01261 } 01262 } 01263 01264 if( p != end ) 01265 { 01266 mbedtls_x509_crt_free( crt ); 01267 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 01268 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 01269 } 01270 01271 end = crt_end; 01272 01273 /* 01274 * } 01275 * -- end of TBSCertificate 01276 * 01277 * signatureAlgorithm AlgorithmIdentifier, 01278 * signatureValue BIT STRING 01279 */ 01280 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) 01281 { 01282 mbedtls_x509_crt_free( crt ); 01283 return( ret ); 01284 } 01285 01286 if( crt->sig_oid.len != sig_oid2.len || 01287 memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || 01288 sig_params1.len != sig_params2.len || 01289 ( sig_params1.len != 0 && 01290 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) 01291 { 01292 mbedtls_x509_crt_free( crt ); 01293 return( MBEDTLS_ERR_X509_SIG_MISMATCH ); 01294 } 01295 01296 if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 ) 01297 { 01298 mbedtls_x509_crt_free( crt ); 01299 return( ret ); 01300 } 01301 01302 if( p != end ) 01303 { 01304 mbedtls_x509_crt_free( crt ); 01305 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 01306 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 01307 } 01308 01309 return( 0 ); 01310 } 01311 01312 /* 01313 * Parse one X.509 certificate in DER format from a buffer and add them to a 01314 * chained list 01315 */ 01316 static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, 01317 const unsigned char *buf, 01318 size_t buflen, 01319 int make_copy ) 01320 { 01321 int ret; 01322 mbedtls_x509_crt *crt = chain, *prev = NULL; 01323 01324 /* 01325 * Check for valid input 01326 */ 01327 if( crt == NULL || buf == NULL ) 01328 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 01329 01330 while( crt->version != 0 && crt->next != NULL ) 01331 { 01332 prev = crt; 01333 crt = crt->next; 01334 } 01335 01336 /* 01337 * Add new certificate on the end of the chain if needed. 01338 */ 01339 if( crt->version != 0 && crt->next == NULL ) 01340 { 01341 crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); 01342 01343 if( crt->next == NULL ) 01344 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 01345 01346 prev = crt; 01347 mbedtls_x509_crt_init( crt->next ); 01348 crt = crt->next; 01349 } 01350 01351 if( ( ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy ) ) != 0 ) 01352 { 01353 if( prev ) 01354 prev->next = NULL; 01355 01356 if( crt != chain ) 01357 mbedtls_free( crt ); 01358 01359 return( ret ); 01360 } 01361 01362 return( 0 ); 01363 } 01364 01365 int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, 01366 const unsigned char *buf, 01367 size_t buflen ) 01368 { 01369 return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0 ) ); 01370 } 01371 01372 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, 01373 const unsigned char *buf, 01374 size_t buflen ) 01375 { 01376 return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1 ) ); 01377 } 01378 01379 /* 01380 * Parse one or more PEM certificates from a buffer and add them to the chained 01381 * list 01382 */ 01383 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, 01384 const unsigned char *buf, 01385 size_t buflen ) 01386 { 01387 #if defined(MBEDTLS_PEM_PARSE_C) 01388 int success = 0, first_error = 0, total_failed = 0; 01389 int buf_format = MBEDTLS_X509_FORMAT_DER; 01390 #endif 01391 01392 /* 01393 * Check for valid input 01394 */ 01395 if( chain == NULL || buf == NULL ) 01396 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 01397 01398 /* 01399 * Determine buffer content. Buffer contains either one DER certificate or 01400 * one or more PEM certificates. 01401 */ 01402 #if defined(MBEDTLS_PEM_PARSE_C) 01403 if( buflen != 0 && buf[buflen - 1] == '\0' && 01404 strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) 01405 { 01406 buf_format = MBEDTLS_X509_FORMAT_PEM; 01407 } 01408 01409 if( buf_format == MBEDTLS_X509_FORMAT_DER ) 01410 return mbedtls_x509_crt_parse_der( chain, buf, buflen ); 01411 #else 01412 return mbedtls_x509_crt_parse_der( chain, buf, buflen ); 01413 #endif 01414 01415 #if defined(MBEDTLS_PEM_PARSE_C) 01416 if( buf_format == MBEDTLS_X509_FORMAT_PEM ) 01417 { 01418 int ret; 01419 mbedtls_pem_context pem; 01420 01421 /* 1 rather than 0 since the terminating NULL byte is counted in */ 01422 while( buflen > 1 ) 01423 { 01424 size_t use_len; 01425 mbedtls_pem_init( &pem ); 01426 01427 /* If we get there, we know the string is null-terminated */ 01428 ret = mbedtls_pem_read_buffer( &pem, 01429 "-----BEGIN CERTIFICATE-----", 01430 "-----END CERTIFICATE-----", 01431 buf, NULL, 0, &use_len ); 01432 01433 if( ret == 0 ) 01434 { 01435 /* 01436 * Was PEM encoded 01437 */ 01438 buflen -= use_len; 01439 buf += use_len; 01440 } 01441 else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA ) 01442 { 01443 return( ret ); 01444 } 01445 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01446 { 01447 mbedtls_pem_free( &pem ); 01448 01449 /* 01450 * PEM header and footer were found 01451 */ 01452 buflen -= use_len; 01453 buf += use_len; 01454 01455 if( first_error == 0 ) 01456 first_error = ret; 01457 01458 total_failed++; 01459 continue; 01460 } 01461 else 01462 break; 01463 01464 ret = mbedtls_x509_crt_parse_der( chain, pem.buf , pem.buflen ); 01465 01466 mbedtls_pem_free( &pem ); 01467 01468 if( ret != 0 ) 01469 { 01470 /* 01471 * Quit parsing on a memory error 01472 */ 01473 if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED ) 01474 return( ret ); 01475 01476 if( first_error == 0 ) 01477 first_error = ret; 01478 01479 total_failed++; 01480 continue; 01481 } 01482 01483 success = 1; 01484 } 01485 } 01486 01487 if( success ) 01488 return( total_failed ); 01489 else if( first_error ) 01490 return( first_error ); 01491 else 01492 return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); 01493 #endif /* MBEDTLS_PEM_PARSE_C */ 01494 } 01495 01496 #if defined(MBEDTLS_FS_IO) 01497 /* 01498 * Load one or more certificates and add them to the chained list 01499 */ 01500 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) 01501 { 01502 int ret; 01503 size_t n; 01504 unsigned char *buf; 01505 01506 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 01507 return( ret ); 01508 01509 ret = mbedtls_x509_crt_parse( chain, buf, n ); 01510 01511 mbedtls_platform_zeroize( buf, n ); 01512 mbedtls_free( buf ); 01513 01514 return( ret ); 01515 } 01516 01517 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) 01518 { 01519 int ret = 0; 01520 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 01521 int w_ret; 01522 WCHAR szDir[MAX_PATH]; 01523 char filename[MAX_PATH]; 01524 char *p; 01525 size_t len = strlen( path ); 01526 01527 WIN32_FIND_DATAW file_data; 01528 HANDLE hFind; 01529 01530 if( len > MAX_PATH - 3 ) 01531 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 01532 01533 memset( szDir, 0, sizeof(szDir) ); 01534 memset( filename, 0, MAX_PATH ); 01535 memcpy( filename, path, len ); 01536 filename[len++] = '\\'; 01537 p = filename + len; 01538 filename[len++] = '*'; 01539 01540 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, 01541 MAX_PATH - 3 ); 01542 if( w_ret == 0 ) 01543 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 01544 01545 hFind = FindFirstFileW( szDir, &file_data ); 01546 if( hFind == INVALID_HANDLE_VALUE ) 01547 return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); 01548 01549 len = MAX_PATH - len; 01550 do 01551 { 01552 memset( p, 0, len ); 01553 01554 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) 01555 continue; 01556 01557 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, 01558 lstrlenW( file_data.cFileName ), 01559 p, (int) len - 1, 01560 NULL, NULL ); 01561 if( w_ret == 0 ) 01562 { 01563 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 01564 goto cleanup; 01565 } 01566 01567 w_ret = mbedtls_x509_crt_parse_file( chain, filename ); 01568 if( w_ret < 0 ) 01569 ret++; 01570 else 01571 ret += w_ret; 01572 } 01573 while( FindNextFileW( hFind, &file_data ) != 0 ); 01574 01575 if( GetLastError() != ERROR_NO_MORE_FILES ) 01576 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 01577 01578 cleanup: 01579 FindClose( hFind ); 01580 #else /* _WIN32 */ 01581 int t_ret; 01582 int snp_ret; 01583 struct stat sb; 01584 struct dirent *entry; 01585 char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; 01586 DIR *dir = opendir( path ); 01587 01588 if( dir == NULL ) 01589 return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); 01590 01591 #if defined(MBEDTLS_THREADING_C) 01592 if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) 01593 { 01594 closedir( dir ); 01595 return( ret ); 01596 } 01597 #endif /* MBEDTLS_THREADING_C */ 01598 01599 while( ( entry = readdir( dir ) ) != NULL ) 01600 { 01601 snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, 01602 "%s/%s", path, entry->d_name ); 01603 01604 if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name ) 01605 { 01606 ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 01607 goto cleanup; 01608 } 01609 else if( stat( entry_name, &sb ) == -1 ) 01610 { 01611 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 01612 goto cleanup; 01613 } 01614 01615 if( !S_ISREG( sb.st_mode ) ) 01616 continue; 01617 01618 // Ignore parse errors 01619 // 01620 t_ret = mbedtls_x509_crt_parse_file( chain, entry_name ); 01621 if( t_ret < 0 ) 01622 ret++; 01623 else 01624 ret += t_ret; 01625 } 01626 01627 cleanup: 01628 closedir( dir ); 01629 01630 #if defined(MBEDTLS_THREADING_C) 01631 if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) 01632 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; 01633 #endif /* MBEDTLS_THREADING_C */ 01634 01635 #endif /* _WIN32 */ 01636 01637 return( ret ); 01638 } 01639 #endif /* MBEDTLS_FS_IO */ 01640 01641 /* 01642 * OtherName ::= SEQUENCE { 01643 * type-id OBJECT IDENTIFIER, 01644 * value [0] EXPLICIT ANY DEFINED BY type-id } 01645 * 01646 * HardwareModuleName ::= SEQUENCE { 01647 * hwType OBJECT IDENTIFIER, 01648 * hwSerialNum OCTET STRING } 01649 * 01650 * NOTE: we currently only parse and use otherName of type HwModuleName, 01651 * as defined in RFC 4108. 01652 */ 01653 static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, 01654 mbedtls_x509_san_other_name *other_name ) 01655 { 01656 int ret = 0; 01657 size_t len; 01658 unsigned char *p = subject_alt_name->p; 01659 const unsigned char *end = p + subject_alt_name->len; 01660 mbedtls_x509_buf cur_oid; 01661 01662 if( ( subject_alt_name->tag & 01663 ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) != 01664 ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) ) 01665 { 01666 /* 01667 * The given subject alternative name is not of type "othername". 01668 */ 01669 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 01670 } 01671 01672 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01673 MBEDTLS_ASN1_OID ) ) != 0 ) 01674 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 01675 01676 cur_oid.tag = MBEDTLS_ASN1_OID; 01677 cur_oid.p = p; 01678 cur_oid.len = len; 01679 01680 /* 01681 * Only HwModuleName is currently supported. 01682 */ 01683 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 ) 01684 { 01685 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 01686 } 01687 01688 if( p + len >= end ) 01689 { 01690 mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); 01691 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 01692 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 01693 } 01694 p += len; 01695 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01696 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) 01697 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 01698 01699 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01700 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 01701 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 01702 01703 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) 01704 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 01705 01706 other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; 01707 other_name->value.hardware_module_name.oid.p = p; 01708 other_name->value.hardware_module_name.oid.len = len; 01709 01710 if( p + len >= end ) 01711 { 01712 mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); 01713 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 01714 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 01715 } 01716 p += len; 01717 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01718 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 01719 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 01720 01721 other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; 01722 other_name->value.hardware_module_name.val.p = p; 01723 other_name->value.hardware_module_name.val.len = len; 01724 p += len; 01725 if( p != end ) 01726 { 01727 mbedtls_platform_zeroize( other_name, 01728 sizeof( *other_name ) ); 01729 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 01730 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 01731 } 01732 return( 0 ); 01733 } 01734 01735 static int x509_info_subject_alt_name( char **buf, size_t *size, 01736 const mbedtls_x509_sequence 01737 *subject_alt_name, 01738 const char *prefix ) 01739 { 01740 int ret; 01741 size_t n = *size; 01742 char *p = *buf; 01743 const mbedtls_x509_sequence *cur = subject_alt_name; 01744 mbedtls_x509_subject_alternative_name san; 01745 int parse_ret; 01746 01747 while( cur != NULL ) 01748 { 01749 memset( &san, 0, sizeof( san ) ); 01750 parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); 01751 if( parse_ret != 0 ) 01752 { 01753 if( parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) 01754 { 01755 ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix ); 01756 MBEDTLS_X509_SAFE_SNPRINTF; 01757 } 01758 else 01759 { 01760 ret = mbedtls_snprintf( p, n, "\n%s <malformed>", prefix ); 01761 MBEDTLS_X509_SAFE_SNPRINTF; 01762 } 01763 cur = cur->next; 01764 continue; 01765 } 01766 01767 switch( san.type ) 01768 { 01769 /* 01770 * otherName 01771 */ 01772 case MBEDTLS_X509_SAN_OTHER_NAME: 01773 { 01774 mbedtls_x509_san_other_name *other_name = &san.san.other_name; 01775 01776 ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix ); 01777 MBEDTLS_X509_SAFE_SNPRINTF; 01778 01779 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, 01780 &other_name->value.hardware_module_name.oid ) != 0 ) 01781 { 01782 ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix ); 01783 MBEDTLS_X509_SAFE_SNPRINTF; 01784 ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix ); 01785 MBEDTLS_X509_SAFE_SNPRINTF; 01786 01787 ret = mbedtls_oid_get_numeric_string( p, n, &other_name->value.hardware_module_name.oid ); 01788 MBEDTLS_X509_SAFE_SNPRINTF; 01789 01790 ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); 01791 MBEDTLS_X509_SAFE_SNPRINTF; 01792 01793 if( other_name->value.hardware_module_name.val.len >= n ) 01794 { 01795 *p = '\0'; 01796 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 01797 } 01798 01799 memcpy( p, other_name->value.hardware_module_name.val.p, 01800 other_name->value.hardware_module_name.val.len ); 01801 p += other_name->value.hardware_module_name.val.len; 01802 01803 n -= other_name->value.hardware_module_name.val.len; 01804 01805 }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ 01806 } 01807 break; 01808 01809 /* 01810 * dNSName 01811 */ 01812 case MBEDTLS_X509_SAN_DNS_NAME: 01813 { 01814 ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); 01815 MBEDTLS_X509_SAFE_SNPRINTF; 01816 if( san.san.unstructured_name.len >= n ) 01817 { 01818 *p = '\0'; 01819 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 01820 } 01821 01822 memcpy( p, san.san.unstructured_name.p, san.san.unstructured_name.len ); 01823 p += san.san.unstructured_name.len; 01824 n -= san.san.unstructured_name.len; 01825 } 01826 break; 01827 01828 /* 01829 * Type not supported, skip item. 01830 */ 01831 default: 01832 ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix ); 01833 MBEDTLS_X509_SAFE_SNPRINTF; 01834 break; 01835 } 01836 01837 cur = cur->next; 01838 } 01839 01840 *p = '\0'; 01841 01842 *size = n; 01843 *buf = p; 01844 01845 return( 0 ); 01846 } 01847 01848 int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, 01849 mbedtls_x509_subject_alternative_name *san ) 01850 { 01851 int ret; 01852 switch( san_buf->tag & 01853 ( MBEDTLS_ASN1_TAG_CLASS_MASK | 01854 MBEDTLS_ASN1_TAG_VALUE_MASK ) ) 01855 { 01856 /* 01857 * otherName 01858 */ 01859 case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): 01860 { 01861 mbedtls_x509_san_other_name other_name; 01862 01863 ret = x509_get_other_name( san_buf, &other_name ); 01864 if( ret != 0 ) 01865 return( ret ); 01866 01867 memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); 01868 san->type = MBEDTLS_X509_SAN_OTHER_NAME; 01869 memcpy( &san->san.other_name, 01870 &other_name, sizeof( other_name ) ); 01871 01872 } 01873 break; 01874 01875 /* 01876 * dNSName 01877 */ 01878 case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): 01879 { 01880 memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); 01881 san->type = MBEDTLS_X509_SAN_DNS_NAME; 01882 01883 memcpy( &san->san.unstructured_name, 01884 san_buf, sizeof( *san_buf ) ); 01885 01886 } 01887 break; 01888 01889 /* 01890 * Type not supported 01891 */ 01892 default: 01893 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 01894 } 01895 return( 0 ); 01896 } 01897 01898 #define PRINT_ITEM(i) \ 01899 { \ 01900 ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ 01901 MBEDTLS_X509_SAFE_SNPRINTF; \ 01902 sep = ", "; \ 01903 } 01904 01905 #define CERT_TYPE(type,name) \ 01906 if( ns_cert_type & (type) ) \ 01907 PRINT_ITEM( name ); 01908 01909 static int x509_info_cert_type( char **buf, size_t *size, 01910 unsigned char ns_cert_type ) 01911 { 01912 int ret; 01913 size_t n = *size; 01914 char *p = *buf; 01915 const char *sep = ""; 01916 01917 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); 01918 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); 01919 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); 01920 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); 01921 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); 01922 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" ); 01923 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); 01924 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); 01925 01926 *size = n; 01927 *buf = p; 01928 01929 return( 0 ); 01930 } 01931 01932 #define KEY_USAGE(code,name) \ 01933 if( key_usage & (code) ) \ 01934 PRINT_ITEM( name ); 01935 01936 static int x509_info_key_usage( char **buf, size_t *size, 01937 unsigned int key_usage ) 01938 { 01939 int ret; 01940 size_t n = *size; 01941 char *p = *buf; 01942 const char *sep = ""; 01943 01944 KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); 01945 KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); 01946 KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); 01947 KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); 01948 KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" ); 01949 KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); 01950 KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); 01951 KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" ); 01952 KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" ); 01953 01954 *size = n; 01955 *buf = p; 01956 01957 return( 0 ); 01958 } 01959 01960 static int x509_info_ext_key_usage( char **buf, size_t *size, 01961 const mbedtls_x509_sequence *extended_key_usage ) 01962 { 01963 int ret; 01964 const char *desc; 01965 size_t n = *size; 01966 char *p = *buf; 01967 const mbedtls_x509_sequence *cur = extended_key_usage; 01968 const char *sep = ""; 01969 01970 while( cur != NULL ) 01971 { 01972 if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) 01973 desc = "???"; 01974 01975 ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); 01976 MBEDTLS_X509_SAFE_SNPRINTF; 01977 01978 sep = ", "; 01979 01980 cur = cur->next; 01981 } 01982 01983 *size = n; 01984 *buf = p; 01985 01986 return( 0 ); 01987 } 01988 01989 static int x509_info_cert_policies( char **buf, size_t *size, 01990 const mbedtls_x509_sequence *certificate_policies ) 01991 { 01992 int ret; 01993 const char *desc; 01994 size_t n = *size; 01995 char *p = *buf; 01996 const mbedtls_x509_sequence *cur = certificate_policies; 01997 const char *sep = ""; 01998 01999 while( cur != NULL ) 02000 { 02001 if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) != 0 ) 02002 desc = "???"; 02003 02004 ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); 02005 MBEDTLS_X509_SAFE_SNPRINTF; 02006 02007 sep = ", "; 02008 02009 cur = cur->next; 02010 } 02011 02012 *size = n; 02013 *buf = p; 02014 02015 return( 0 ); 02016 } 02017 02018 /* 02019 * Return an informational string about the certificate. 02020 */ 02021 #define BEFORE_COLON 18 02022 #define BC "18" 02023 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, 02024 const mbedtls_x509_crt *crt ) 02025 { 02026 int ret; 02027 size_t n; 02028 char *p; 02029 char key_size_str[BEFORE_COLON]; 02030 02031 p = buf; 02032 n = size; 02033 02034 if( NULL == crt ) 02035 { 02036 ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); 02037 MBEDTLS_X509_SAFE_SNPRINTF; 02038 02039 return( (int) ( size - n ) ); 02040 } 02041 02042 ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", 02043 prefix, crt->version ); 02044 MBEDTLS_X509_SAFE_SNPRINTF; 02045 ret = mbedtls_snprintf( p, n, "%sserial number : ", 02046 prefix ); 02047 MBEDTLS_X509_SAFE_SNPRINTF; 02048 02049 ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); 02050 MBEDTLS_X509_SAFE_SNPRINTF; 02051 02052 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); 02053 MBEDTLS_X509_SAFE_SNPRINTF; 02054 ret = mbedtls_x509_dn_gets( p, n, &crt->issuer ); 02055 MBEDTLS_X509_SAFE_SNPRINTF; 02056 02057 ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); 02058 MBEDTLS_X509_SAFE_SNPRINTF; 02059 ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); 02060 MBEDTLS_X509_SAFE_SNPRINTF; 02061 02062 ret = mbedtls_snprintf( p, n, "\n%sissued on : " \ 02063 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 02064 crt->valid_from.year, crt->valid_from.mon, 02065 crt->valid_from.day, crt->valid_from.hour, 02066 crt->valid_from.min, crt->valid_from.sec ); 02067 MBEDTLS_X509_SAFE_SNPRINTF; 02068 02069 ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \ 02070 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 02071 crt->valid_to.year, crt->valid_to.mon, 02072 crt->valid_to.day, crt->valid_to.hour, 02073 crt->valid_to.min, crt->valid_to.sec ); 02074 MBEDTLS_X509_SAFE_SNPRINTF; 02075 02076 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); 02077 MBEDTLS_X509_SAFE_SNPRINTF; 02078 02079 ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk, 02080 crt->sig_md, crt->sig_opts ); 02081 MBEDTLS_X509_SAFE_SNPRINTF; 02082 02083 /* Key size */ 02084 if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, 02085 mbedtls_pk_get_name( &crt->pk ) ) ) != 0 ) 02086 { 02087 return( ret ); 02088 } 02089 02090 ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, 02091 (int) mbedtls_pk_get_bitlen( &crt->pk ) ); 02092 MBEDTLS_X509_SAFE_SNPRINTF; 02093 02094 /* 02095 * Optional extensions 02096 */ 02097 02098 if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS ) 02099 { 02100 ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, 02101 crt->ca_istrue ? "true" : "false" ); 02102 MBEDTLS_X509_SAFE_SNPRINTF; 02103 02104 if( crt->max_pathlen > 0 ) 02105 { 02106 ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); 02107 MBEDTLS_X509_SAFE_SNPRINTF; 02108 } 02109 } 02110 02111 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 02112 { 02113 ret = mbedtls_snprintf( p, n, "\n%ssubject alt name :", prefix ); 02114 MBEDTLS_X509_SAFE_SNPRINTF; 02115 02116 if( ( ret = x509_info_subject_alt_name( &p, &n, 02117 &crt->subject_alt_names, 02118 prefix ) ) != 0 ) 02119 return( ret ); 02120 } 02121 02122 if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE ) 02123 { 02124 ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix ); 02125 MBEDTLS_X509_SAFE_SNPRINTF; 02126 02127 if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) 02128 return( ret ); 02129 } 02130 02131 if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) 02132 { 02133 ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix ); 02134 MBEDTLS_X509_SAFE_SNPRINTF; 02135 02136 if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) 02137 return( ret ); 02138 } 02139 02140 if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) 02141 { 02142 ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix ); 02143 MBEDTLS_X509_SAFE_SNPRINTF; 02144 02145 if( ( ret = x509_info_ext_key_usage( &p, &n, 02146 &crt->ext_key_usage ) ) != 0 ) 02147 return( ret ); 02148 } 02149 02150 if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES ) 02151 { 02152 ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix ); 02153 MBEDTLS_X509_SAFE_SNPRINTF; 02154 02155 if( ( ret = x509_info_cert_policies( &p, &n, 02156 &crt->certificate_policies ) ) != 0 ) 02157 return( ret ); 02158 } 02159 02160 ret = mbedtls_snprintf( p, n, "\n" ); 02161 MBEDTLS_X509_SAFE_SNPRINTF; 02162 02163 return( (int) ( size - n ) ); 02164 } 02165 02166 struct x509_crt_verify_string { 02167 int code; 02168 const char *string; 02169 }; 02170 02171 static const struct x509_crt_verify_string x509_crt_verify_strings[] = { 02172 { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" }, 02173 { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, 02174 { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, 02175 { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, 02176 { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, 02177 { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, 02178 { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" }, 02179 { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, 02180 { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, 02181 { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" }, 02182 { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" }, 02183 { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, 02184 { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, 02185 { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, 02186 { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." }, 02187 { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, 02188 { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." }, 02189 { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." }, 02190 { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, 02191 { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." }, 02192 { 0, NULL } 02193 }; 02194 02195 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, 02196 uint32_t flags ) 02197 { 02198 int ret; 02199 const struct x509_crt_verify_string *cur; 02200 char *p = buf; 02201 size_t n = size; 02202 02203 for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ ) 02204 { 02205 if( ( flags & cur->code ) == 0 ) 02206 continue; 02207 02208 ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string ); 02209 MBEDTLS_X509_SAFE_SNPRINTF; 02210 flags ^= cur->code; 02211 } 02212 02213 if( flags != 0 ) 02214 { 02215 ret = mbedtls_snprintf( p, n, "%sUnknown reason " 02216 "(this should not happen)\n", prefix ); 02217 MBEDTLS_X509_SAFE_SNPRINTF; 02218 } 02219 02220 return( (int) ( size - n ) ); 02221 } 02222 02223 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 02224 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, 02225 unsigned int usage ) 02226 { 02227 unsigned int usage_must, usage_may; 02228 unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY 02229 | MBEDTLS_X509_KU_DECIPHER_ONLY; 02230 02231 if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 ) 02232 return( 0 ); 02233 02234 usage_must = usage & ~may_mask; 02235 02236 if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must ) 02237 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 02238 02239 usage_may = usage & may_mask; 02240 02241 if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may ) 02242 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 02243 02244 return( 0 ); 02245 } 02246 #endif 02247 02248 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) 02249 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, 02250 const char *usage_oid, 02251 size_t usage_len ) 02252 { 02253 const mbedtls_x509_sequence *cur; 02254 02255 /* Extension is not mandatory, absent means no restriction */ 02256 if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 ) 02257 return( 0 ); 02258 02259 /* 02260 * Look for the requested usage (or wildcard ANY) in our list 02261 */ 02262 for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next ) 02263 { 02264 const mbedtls_x509_buf *cur_oid = &cur->buf; 02265 02266 if( cur_oid->len == usage_len && 02267 memcmp( cur_oid->p, usage_oid, usage_len ) == 0 ) 02268 { 02269 return( 0 ); 02270 } 02271 02272 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 ) 02273 return( 0 ); 02274 } 02275 02276 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 02277 } 02278 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 02279 02280 #if defined(MBEDTLS_X509_CRL_PARSE_C) 02281 /* 02282 * Return 1 if the certificate is revoked, or 0 otherwise. 02283 */ 02284 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ) 02285 { 02286 const mbedtls_x509_crl_entry *cur = &crl->entry; 02287 02288 while( cur != NULL && cur->serial.len != 0 ) 02289 { 02290 if( crt->serial.len == cur->serial.len && 02291 memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) 02292 { 02293 if( mbedtls_x509_time_is_past( &cur->revocation_date ) ) 02294 return( 1 ); 02295 } 02296 02297 cur = cur->next; 02298 } 02299 02300 return( 0 ); 02301 } 02302 02303 /* 02304 * Check that the given certificate is not revoked according to the CRL. 02305 * Skip validation if no CRL for the given CA is present. 02306 */ 02307 static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, 02308 mbedtls_x509_crl *crl_list, 02309 const mbedtls_x509_crt_profile *profile ) 02310 { 02311 int flags = 0; 02312 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 02313 const mbedtls_md_info_t *md_info; 02314 02315 if( ca == NULL ) 02316 return( flags ); 02317 02318 while( crl_list != NULL ) 02319 { 02320 if( crl_list->version == 0 || 02321 x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 ) 02322 { 02323 crl_list = crl_list->next; 02324 continue; 02325 } 02326 02327 /* 02328 * Check if the CA is configured to sign CRLs 02329 */ 02330 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 02331 if( mbedtls_x509_crt_check_key_usage( ca, 02332 MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) 02333 { 02334 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 02335 break; 02336 } 02337 #endif 02338 02339 /* 02340 * Check if CRL is correctly signed by the trusted CA 02341 */ 02342 if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 ) 02343 flags |= MBEDTLS_X509_BADCRL_BAD_MD; 02344 02345 if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 ) 02346 flags |= MBEDTLS_X509_BADCRL_BAD_PK; 02347 02348 md_info = mbedtls_md_info_from_type( crl_list->sig_md ); 02349 if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 ) 02350 { 02351 /* Note: this can't happen except after an internal error */ 02352 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 02353 break; 02354 } 02355 02356 if( x509_profile_check_key( profile, &ca->pk ) != 0 ) 02357 flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 02358 02359 if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, 02360 crl_list->sig_md, hash, mbedtls_md_get_size( md_info ), 02361 crl_list->sig.p, crl_list->sig.len ) != 0 ) 02362 { 02363 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 02364 break; 02365 } 02366 02367 /* 02368 * Check for validity of CRL (Do not drop out) 02369 */ 02370 if( mbedtls_x509_time_is_past( &crl_list->next_update ) ) 02371 flags |= MBEDTLS_X509_BADCRL_EXPIRED; 02372 02373 if( mbedtls_x509_time_is_future( &crl_list->this_update ) ) 02374 flags |= MBEDTLS_X509_BADCRL_FUTURE; 02375 02376 /* 02377 * Check if certificate is revoked 02378 */ 02379 if( mbedtls_x509_crt_is_revoked( crt, crl_list ) ) 02380 { 02381 flags |= MBEDTLS_X509_BADCERT_REVOKED; 02382 break; 02383 } 02384 02385 crl_list = crl_list->next; 02386 } 02387 02388 return( flags ); 02389 } 02390 #endif /* MBEDTLS_X509_CRL_PARSE_C */ 02391 02392 /* 02393 * Check the signature of a certificate by its parent 02394 */ 02395 static int x509_crt_check_signature( const mbedtls_x509_crt *child, 02396 mbedtls_x509_crt *parent, 02397 mbedtls_x509_crt_restart_ctx *rs_ctx ) 02398 { 02399 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 02400 size_t hash_len; 02401 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 02402 const mbedtls_md_info_t *md_info; 02403 md_info = mbedtls_md_info_from_type( child->sig_md ); 02404 hash_len = mbedtls_md_get_size( md_info ); 02405 02406 /* Note: hash errors can happen only after an internal error */ 02407 if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) 02408 return( -1 ); 02409 #else 02410 psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; 02411 psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md ); 02412 02413 if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS ) 02414 return( -1 ); 02415 02416 if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len ) 02417 != PSA_SUCCESS ) 02418 { 02419 return( -1 ); 02420 } 02421 02422 if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len ) 02423 != PSA_SUCCESS ) 02424 { 02425 return( -1 ); 02426 } 02427 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 02428 /* Skip expensive computation on obvious mismatch */ 02429 if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) ) 02430 return( -1 ); 02431 02432 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02433 if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA ) 02434 { 02435 return( mbedtls_pk_verify_restartable( &parent->pk, 02436 child->sig_md, hash, hash_len, 02437 child->sig.p, child->sig.len, &rs_ctx->pk ) ); 02438 } 02439 #else 02440 (void) rs_ctx; 02441 #endif 02442 02443 return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, 02444 child->sig_md, hash, hash_len, 02445 child->sig.p, child->sig.len ) ); 02446 } 02447 02448 /* 02449 * Check if 'parent' is a suitable parent (signing CA) for 'child'. 02450 * Return 0 if yes, -1 if not. 02451 * 02452 * top means parent is a locally-trusted certificate 02453 */ 02454 static int x509_crt_check_parent( const mbedtls_x509_crt *child, 02455 const mbedtls_x509_crt *parent, 02456 int top ) 02457 { 02458 int need_ca_bit; 02459 02460 /* Parent must be the issuer */ 02461 if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 ) 02462 return( -1 ); 02463 02464 /* Parent must have the basicConstraints CA bit set as a general rule */ 02465 need_ca_bit = 1; 02466 02467 /* Exception: v1/v2 certificates that are locally trusted. */ 02468 if( top && parent->version < 3 ) 02469 need_ca_bit = 0; 02470 02471 if( need_ca_bit && ! parent->ca_istrue ) 02472 return( -1 ); 02473 02474 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 02475 if( need_ca_bit && 02476 mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 ) 02477 { 02478 return( -1 ); 02479 } 02480 #endif 02481 02482 return( 0 ); 02483 } 02484 02485 /* 02486 * Find a suitable parent for child in candidates, or return NULL. 02487 * 02488 * Here suitable is defined as: 02489 * 1. subject name matches child's issuer 02490 * 2. if necessary, the CA bit is set and key usage allows signing certs 02491 * 3. for trusted roots, the signature is correct 02492 * (for intermediates, the signature is checked and the result reported) 02493 * 4. pathlen constraints are satisfied 02494 * 02495 * If there's a suitable candidate which is also time-valid, return the first 02496 * such. Otherwise, return the first suitable candidate (or NULL if there is 02497 * none). 02498 * 02499 * The rationale for this rule is that someone could have a list of trusted 02500 * roots with two versions on the same root with different validity periods. 02501 * (At least one user reported having such a list and wanted it to just work.) 02502 * The reason we don't just require time-validity is that generally there is 02503 * only one version, and if it's expired we want the flags to state that 02504 * rather than NOT_TRUSTED, as would be the case if we required it here. 02505 * 02506 * The rationale for rule 3 (signature for trusted roots) is that users might 02507 * have two versions of the same CA with different keys in their list, and the 02508 * way we select the correct one is by checking the signature (as we don't 02509 * rely on key identifier extensions). (This is one way users might choose to 02510 * handle key rollover, another relies on self-issued certs, see [SIRO].) 02511 * 02512 * Arguments: 02513 * - [in] child: certificate for which we're looking for a parent 02514 * - [in] candidates: chained list of potential parents 02515 * - [out] r_parent: parent found (or NULL) 02516 * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 02517 * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top 02518 * of the chain, 0 otherwise 02519 * - [in] path_cnt: number of intermediates seen so far 02520 * - [in] self_cnt: number of self-signed intermediates seen so far 02521 * (will never be greater than path_cnt) 02522 * - [in-out] rs_ctx: context for restarting operations 02523 * 02524 * Return value: 02525 * - 0 on success 02526 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise 02527 */ 02528 static int x509_crt_find_parent_in( 02529 mbedtls_x509_crt *child, 02530 mbedtls_x509_crt *candidates, 02531 mbedtls_x509_crt **r_parent, 02532 int *r_signature_is_good, 02533 int top, 02534 unsigned path_cnt, 02535 unsigned self_cnt, 02536 mbedtls_x509_crt_restart_ctx *rs_ctx ) 02537 { 02538 int ret; 02539 mbedtls_x509_crt *parent, *fallback_parent; 02540 int signature_is_good, fallback_signature_is_good; 02541 02542 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02543 /* did we have something in progress? */ 02544 if( rs_ctx != NULL && rs_ctx->parent != NULL ) 02545 { 02546 /* restore saved state */ 02547 parent = rs_ctx->parent; 02548 fallback_parent = rs_ctx->fallback_parent; 02549 fallback_signature_is_good = rs_ctx->fallback_signature_is_good; 02550 02551 /* clear saved state */ 02552 rs_ctx->parent = NULL; 02553 rs_ctx->fallback_parent = NULL; 02554 rs_ctx->fallback_signature_is_good = 0; 02555 02556 /* resume where we left */ 02557 goto check_signature; 02558 } 02559 #endif 02560 02561 fallback_parent = NULL; 02562 fallback_signature_is_good = 0; 02563 02564 for( parent = candidates; parent != NULL; parent = parent->next ) 02565 { 02566 /* basic parenting skills (name, CA bit, key usage) */ 02567 if( x509_crt_check_parent( child, parent, top ) != 0 ) 02568 continue; 02569 02570 /* +1 because stored max_pathlen is 1 higher that the actual value */ 02571 if( parent->max_pathlen > 0 && 02572 (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) 02573 { 02574 continue; 02575 } 02576 02577 /* Signature */ 02578 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02579 check_signature: 02580 #endif 02581 ret = x509_crt_check_signature( child, parent, rs_ctx ); 02582 02583 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02584 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 02585 { 02586 /* save state */ 02587 rs_ctx->parent = parent; 02588 rs_ctx->fallback_parent = fallback_parent; 02589 rs_ctx->fallback_signature_is_good = fallback_signature_is_good; 02590 02591 return( ret ); 02592 } 02593 #else 02594 (void) ret; 02595 #endif 02596 02597 signature_is_good = ret == 0; 02598 if( top && ! signature_is_good ) 02599 continue; 02600 02601 /* optional time check */ 02602 if( mbedtls_x509_time_is_past( &parent->valid_to ) || 02603 mbedtls_x509_time_is_future( &parent->valid_from ) ) 02604 { 02605 if( fallback_parent == NULL ) 02606 { 02607 fallback_parent = parent; 02608 fallback_signature_is_good = signature_is_good; 02609 } 02610 02611 continue; 02612 } 02613 02614 *r_parent = parent; 02615 *r_signature_is_good = signature_is_good; 02616 02617 break; 02618 } 02619 02620 if( parent == NULL ) 02621 { 02622 *r_parent = fallback_parent; 02623 *r_signature_is_good = fallback_signature_is_good; 02624 } 02625 02626 return( 0 ); 02627 } 02628 02629 /* 02630 * Find a parent in trusted CAs or the provided chain, or return NULL. 02631 * 02632 * Searches in trusted CAs first, and return the first suitable parent found 02633 * (see find_parent_in() for definition of suitable). 02634 * 02635 * Arguments: 02636 * - [in] child: certificate for which we're looking for a parent, followed 02637 * by a chain of possible intermediates 02638 * - [in] trust_ca: list of locally trusted certificates 02639 * - [out] parent: parent found (or NULL) 02640 * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 02641 * - [out] signature_is_good: 1 if child signature by parent is valid, or 0 02642 * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child) 02643 * - [in] self_cnt: number of self-signed certs in the chain so far 02644 * (will always be no greater than path_cnt) 02645 * - [in-out] rs_ctx: context for restarting operations 02646 * 02647 * Return value: 02648 * - 0 on success 02649 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise 02650 */ 02651 static int x509_crt_find_parent( 02652 mbedtls_x509_crt *child, 02653 mbedtls_x509_crt *trust_ca, 02654 mbedtls_x509_crt **parent, 02655 int *parent_is_trusted, 02656 int *signature_is_good, 02657 unsigned path_cnt, 02658 unsigned self_cnt, 02659 mbedtls_x509_crt_restart_ctx *rs_ctx ) 02660 { 02661 int ret; 02662 mbedtls_x509_crt *search_list; 02663 02664 *parent_is_trusted = 1; 02665 02666 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02667 /* restore then clear saved state if we have some stored */ 02668 if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 ) 02669 { 02670 *parent_is_trusted = rs_ctx->parent_is_trusted; 02671 rs_ctx->parent_is_trusted = -1; 02672 } 02673 #endif 02674 02675 while( 1 ) { 02676 search_list = *parent_is_trusted ? trust_ca : child->next; 02677 02678 ret = x509_crt_find_parent_in( child, search_list, 02679 parent, signature_is_good, 02680 *parent_is_trusted, 02681 path_cnt, self_cnt, rs_ctx ); 02682 02683 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02684 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 02685 { 02686 /* save state */ 02687 rs_ctx->parent_is_trusted = *parent_is_trusted; 02688 return( ret ); 02689 } 02690 #else 02691 (void) ret; 02692 #endif 02693 02694 /* stop here if found or already in second iteration */ 02695 if( *parent != NULL || *parent_is_trusted == 0 ) 02696 break; 02697 02698 /* prepare second iteration */ 02699 *parent_is_trusted = 0; 02700 } 02701 02702 /* extra precaution against mistakes in the caller */ 02703 if( *parent == NULL ) 02704 { 02705 *parent_is_trusted = 0; 02706 *signature_is_good = 0; 02707 } 02708 02709 return( 0 ); 02710 } 02711 02712 /* 02713 * Check if an end-entity certificate is locally trusted 02714 * 02715 * Currently we require such certificates to be self-signed (actually only 02716 * check for self-issued as self-signatures are not checked) 02717 */ 02718 static int x509_crt_check_ee_locally_trusted( 02719 mbedtls_x509_crt *crt, 02720 mbedtls_x509_crt *trust_ca ) 02721 { 02722 mbedtls_x509_crt *cur; 02723 02724 /* must be self-issued */ 02725 if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 ) 02726 return( -1 ); 02727 02728 /* look for an exact match with trusted cert */ 02729 for( cur = trust_ca; cur != NULL; cur = cur->next ) 02730 { 02731 if( crt->raw.len == cur->raw.len && 02732 memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 ) 02733 { 02734 return( 0 ); 02735 } 02736 } 02737 02738 /* too bad */ 02739 return( -1 ); 02740 } 02741 02742 /* 02743 * Build and verify a certificate chain 02744 * 02745 * Given a peer-provided list of certificates EE, C1, ..., Cn and 02746 * a list of trusted certs R1, ... Rp, try to build and verify a chain 02747 * EE, Ci1, ... Ciq [, Rj] 02748 * such that every cert in the chain is a child of the next one, 02749 * jumping to a trusted root as early as possible. 02750 * 02751 * Verify that chain and return it with flags for all issues found. 02752 * 02753 * Special cases: 02754 * - EE == Rj -> return a one-element list containing it 02755 * - EE, Ci1, ..., Ciq cannot be continued with a trusted root 02756 * -> return that chain with NOT_TRUSTED set on Ciq 02757 * 02758 * Tests for (aspects of) this function should include at least: 02759 * - trusted EE 02760 * - EE -> trusted root 02761 * - EE -> intermediate CA -> trusted root 02762 * - if relevant: EE untrusted 02763 * - if relevant: EE -> intermediate, untrusted 02764 * with the aspect under test checked at each relevant level (EE, int, root). 02765 * For some aspects longer chains are required, but usually length 2 is 02766 * enough (but length 1 is not in general). 02767 * 02768 * Arguments: 02769 * - [in] crt: the cert list EE, C1, ..., Cn 02770 * - [in] trust_ca: the trusted list R1, ..., Rp 02771 * - [in] ca_crl, profile: as in verify_with_profile() 02772 * - [out] ver_chain: the built and verified chain 02773 * Only valid when return value is 0, may contain garbage otherwise! 02774 * Restart note: need not be the same when calling again to resume. 02775 * - [in-out] rs_ctx: context for restarting operations 02776 * 02777 * Return value: 02778 * - non-zero if the chain could not be fully built and examined 02779 * - 0 is the chain was successfully built and examined, 02780 * even if it was found to be invalid 02781 */ 02782 static int x509_crt_verify_chain( 02783 mbedtls_x509_crt *crt, 02784 mbedtls_x509_crt *trust_ca, 02785 mbedtls_x509_crl *ca_crl, 02786 mbedtls_x509_crt_ca_cb_t f_ca_cb, 02787 void *p_ca_cb, 02788 const mbedtls_x509_crt_profile *profile, 02789 mbedtls_x509_crt_verify_chain *ver_chain, 02790 mbedtls_x509_crt_restart_ctx *rs_ctx ) 02791 { 02792 /* Don't initialize any of those variables here, so that the compiler can 02793 * catch potential issues with jumping ahead when restarting */ 02794 int ret; 02795 uint32_t *flags; 02796 mbedtls_x509_crt_verify_chain_item *cur; 02797 mbedtls_x509_crt *child; 02798 mbedtls_x509_crt *parent; 02799 int parent_is_trusted; 02800 int child_is_trusted; 02801 int signature_is_good; 02802 unsigned self_cnt; 02803 mbedtls_x509_crt *cur_trust_ca = NULL; 02804 02805 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02806 /* resume if we had an operation in progress */ 02807 if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent ) 02808 { 02809 /* restore saved state */ 02810 *ver_chain = rs_ctx->ver_chain; /* struct copy */ 02811 self_cnt = rs_ctx->self_cnt; 02812 02813 /* restore derived state */ 02814 cur = &ver_chain->items[ver_chain->len - 1]; 02815 child = cur->crt; 02816 flags = &cur->flags; 02817 02818 goto find_parent; 02819 } 02820 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 02821 02822 child = crt; 02823 self_cnt = 0; 02824 parent_is_trusted = 0; 02825 child_is_trusted = 0; 02826 02827 while( 1 ) { 02828 /* Add certificate to the verification chain */ 02829 cur = &ver_chain->items[ver_chain->len]; 02830 cur->crt = child; 02831 cur->flags = 0; 02832 ver_chain->len++; 02833 flags = &cur->flags; 02834 02835 /* Check time-validity (all certificates) */ 02836 if( mbedtls_x509_time_is_past( &child->valid_to ) ) 02837 *flags |= MBEDTLS_X509_BADCERT_EXPIRED; 02838 02839 if( mbedtls_x509_time_is_future( &child->valid_from ) ) 02840 *flags |= MBEDTLS_X509_BADCERT_FUTURE; 02841 02842 /* Stop here for trusted roots (but not for trusted EE certs) */ 02843 if( child_is_trusted ) 02844 return( 0 ); 02845 02846 /* Check signature algorithm: MD & PK algs */ 02847 if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) 02848 *flags |= MBEDTLS_X509_BADCERT_BAD_MD; 02849 02850 if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) 02851 *flags |= MBEDTLS_X509_BADCERT_BAD_PK; 02852 02853 /* Special case: EE certs that are locally trusted */ 02854 if( ver_chain->len == 1 && 02855 x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) 02856 { 02857 return( 0 ); 02858 } 02859 02860 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02861 find_parent: 02862 #endif 02863 02864 /* Obtain list of potential trusted signers from CA callback, 02865 * or use statically provided list. */ 02866 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 02867 if( f_ca_cb != NULL ) 02868 { 02869 mbedtls_x509_crt_free( ver_chain->trust_ca_cb_result ); 02870 mbedtls_free( ver_chain->trust_ca_cb_result ); 02871 ver_chain->trust_ca_cb_result = NULL; 02872 02873 ret = f_ca_cb( p_ca_cb, child, &ver_chain->trust_ca_cb_result ); 02874 if( ret != 0 ) 02875 return( MBEDTLS_ERR_X509_FATAL_ERROR ); 02876 02877 cur_trust_ca = ver_chain->trust_ca_cb_result; 02878 } 02879 else 02880 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 02881 { 02882 ((void) f_ca_cb); 02883 ((void) p_ca_cb); 02884 cur_trust_ca = trust_ca; 02885 } 02886 02887 /* Look for a parent in trusted CAs or up the chain */ 02888 ret = x509_crt_find_parent( child, cur_trust_ca, &parent, 02889 &parent_is_trusted, &signature_is_good, 02890 ver_chain->len - 1, self_cnt, rs_ctx ); 02891 02892 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 02893 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 02894 { 02895 /* save state */ 02896 rs_ctx->in_progress = x509_crt_rs_find_parent; 02897 rs_ctx->self_cnt = self_cnt; 02898 rs_ctx->ver_chain = *ver_chain; /* struct copy */ 02899 02900 return( ret ); 02901 } 02902 #else 02903 (void) ret; 02904 #endif 02905 02906 /* No parent? We're done here */ 02907 if( parent == NULL ) 02908 { 02909 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 02910 return( 0 ); 02911 } 02912 02913 /* Count intermediate self-issued (not necessarily self-signed) certs. 02914 * These can occur with some strategies for key rollover, see [SIRO], 02915 * and should be excluded from max_pathlen checks. */ 02916 if( ver_chain->len != 1 && 02917 x509_name_cmp( &child->issuer, &child->subject ) == 0 ) 02918 { 02919 self_cnt++; 02920 } 02921 02922 /* path_cnt is 0 for the first intermediate CA, 02923 * and if parent is trusted it's not an intermediate CA */ 02924 if( ! parent_is_trusted && 02925 ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) 02926 { 02927 /* return immediately to avoid overflow the chain array */ 02928 return( MBEDTLS_ERR_X509_FATAL_ERROR ); 02929 } 02930 02931 /* signature was checked while searching parent */ 02932 if( ! signature_is_good ) 02933 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 02934 02935 /* check size of signing key */ 02936 if( x509_profile_check_key( profile, &parent->pk ) != 0 ) 02937 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 02938 02939 #if defined(MBEDTLS_X509_CRL_PARSE_C) 02940 /* Check trusted CA's CRL for the given crt */ 02941 *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile ); 02942 #else 02943 (void) ca_crl; 02944 #endif 02945 02946 /* prepare for next iteration */ 02947 child = parent; 02948 parent = NULL; 02949 child_is_trusted = parent_is_trusted; 02950 signature_is_good = 0; 02951 } 02952 } 02953 02954 /* 02955 * Check for CN match 02956 */ 02957 static int x509_crt_check_cn( const mbedtls_x509_buf *name, 02958 const char *cn, size_t cn_len ) 02959 { 02960 /* try exact match */ 02961 if( name->len == cn_len && 02962 x509_memcasecmp( cn, name->p, cn_len ) == 0 ) 02963 { 02964 return( 0 ); 02965 } 02966 02967 /* try wildcard match */ 02968 if( x509_check_wildcard( cn, name ) == 0 ) 02969 { 02970 return( 0 ); 02971 } 02972 02973 return( -1 ); 02974 } 02975 02976 /* 02977 * Verify the requested CN - only call this if cn is not NULL! 02978 */ 02979 static void x509_crt_verify_name( const mbedtls_x509_crt *crt, 02980 const char *cn, 02981 uint32_t *flags ) 02982 { 02983 const mbedtls_x509_name *name; 02984 const mbedtls_x509_sequence *cur; 02985 size_t cn_len = strlen( cn ); 02986 02987 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 02988 { 02989 for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) 02990 { 02991 if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 ) 02992 break; 02993 } 02994 02995 if( cur == NULL ) 02996 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 02997 } 02998 else 02999 { 03000 for( name = &crt->subject; name != NULL; name = name->next ) 03001 { 03002 if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && 03003 x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) 03004 { 03005 break; 03006 } 03007 } 03008 03009 if( name == NULL ) 03010 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 03011 } 03012 } 03013 03014 /* 03015 * Merge the flags for all certs in the chain, after calling callback 03016 */ 03017 static int x509_crt_merge_flags_with_cb( 03018 uint32_t *flags, 03019 const mbedtls_x509_crt_verify_chain *ver_chain, 03020 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 03021 void *p_vrfy ) 03022 { 03023 int ret; 03024 unsigned i; 03025 uint32_t cur_flags; 03026 const mbedtls_x509_crt_verify_chain_item *cur; 03027 03028 for( i = ver_chain->len; i != 0; --i ) 03029 { 03030 cur = &ver_chain->items[i-1]; 03031 cur_flags = cur->flags; 03032 03033 if( NULL != f_vrfy ) 03034 if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) 03035 return( ret ); 03036 03037 *flags |= cur_flags; 03038 } 03039 03040 return( 0 ); 03041 } 03042 03043 /* 03044 * Verify the certificate validity, with profile, restartable version 03045 * 03046 * This function: 03047 * - checks the requested CN (if any) 03048 * - checks the type and size of the EE cert's key, 03049 * as that isn't done as part of chain building/verification currently 03050 * - builds and verifies the chain 03051 * - then calls the callback and merges the flags 03052 * 03053 * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb` 03054 * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the 03055 * verification routine to search for trusted signers, and CRLs will 03056 * be disabled. Otherwise, `trust_ca` will be used as the static list 03057 * of trusted signers, and `ca_crl` will be use as the static list 03058 * of CRLs. 03059 */ 03060 static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, 03061 mbedtls_x509_crt *trust_ca, 03062 mbedtls_x509_crl *ca_crl, 03063 mbedtls_x509_crt_ca_cb_t f_ca_cb, 03064 void *p_ca_cb, 03065 const mbedtls_x509_crt_profile *profile, 03066 const char *cn, uint32_t *flags, 03067 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 03068 void *p_vrfy, 03069 mbedtls_x509_crt_restart_ctx *rs_ctx ) 03070 { 03071 int ret; 03072 mbedtls_pk_type_t pk_type; 03073 mbedtls_x509_crt_verify_chain ver_chain; 03074 uint32_t ee_flags; 03075 03076 *flags = 0; 03077 ee_flags = 0; 03078 x509_crt_verify_chain_reset( &ver_chain ); 03079 03080 if( profile == NULL ) 03081 { 03082 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; 03083 goto exit; 03084 } 03085 03086 /* check name if requested */ 03087 if( cn != NULL ) 03088 x509_crt_verify_name( crt, cn, &ee_flags ); 03089 03090 /* Check the type and size of the key */ 03091 pk_type = mbedtls_pk_get_type( &crt->pk ); 03092 03093 if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) 03094 ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; 03095 03096 if( x509_profile_check_key( profile, &crt->pk ) != 0 ) 03097 ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 03098 03099 /* Check the chain */ 03100 ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, 03101 f_ca_cb, p_ca_cb, profile, 03102 &ver_chain, rs_ctx ); 03103 03104 if( ret != 0 ) 03105 goto exit; 03106 03107 /* Merge end-entity flags */ 03108 ver_chain.items[0].flags |= ee_flags; 03109 03110 /* Build final flags, calling callback on the way if any */ 03111 ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); 03112 03113 exit: 03114 03115 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 03116 mbedtls_x509_crt_free( ver_chain.trust_ca_cb_result ); 03117 mbedtls_free( ver_chain.trust_ca_cb_result ); 03118 ver_chain.trust_ca_cb_result = NULL; 03119 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 03120 03121 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 03122 if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 03123 mbedtls_x509_crt_restart_free( rs_ctx ); 03124 #endif 03125 03126 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by 03127 * the SSL module for authmode optional, but non-zero return from the 03128 * callback means a fatal error so it shouldn't be ignored */ 03129 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) 03130 ret = MBEDTLS_ERR_X509_FATAL_ERROR; 03131 03132 if( ret != 0 ) 03133 { 03134 *flags = (uint32_t) -1; 03135 return( ret ); 03136 } 03137 03138 if( *flags != 0 ) 03139 return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); 03140 03141 return( 0 ); 03142 } 03143 03144 03145 /* 03146 * Verify the certificate validity (default profile, not restartable) 03147 */ 03148 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, 03149 mbedtls_x509_crt *trust_ca, 03150 mbedtls_x509_crl *ca_crl, 03151 const char *cn, uint32_t *flags, 03152 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 03153 void *p_vrfy ) 03154 { 03155 return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, 03156 NULL, NULL, 03157 &mbedtls_x509_crt_profile_default, 03158 cn, flags, 03159 f_vrfy, p_vrfy, NULL ) ); 03160 } 03161 03162 /* 03163 * Verify the certificate validity (user-chosen profile, not restartable) 03164 */ 03165 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, 03166 mbedtls_x509_crt *trust_ca, 03167 mbedtls_x509_crl *ca_crl, 03168 const mbedtls_x509_crt_profile *profile, 03169 const char *cn, uint32_t *flags, 03170 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 03171 void *p_vrfy ) 03172 { 03173 return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, 03174 NULL, NULL, 03175 profile, cn, flags, 03176 f_vrfy, p_vrfy, NULL ) ); 03177 } 03178 03179 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 03180 /* 03181 * Verify the certificate validity (user-chosen profile, CA callback, 03182 * not restartable). 03183 */ 03184 int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, 03185 mbedtls_x509_crt_ca_cb_t f_ca_cb, 03186 void *p_ca_cb, 03187 const mbedtls_x509_crt_profile *profile, 03188 const char *cn, uint32_t *flags, 03189 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 03190 void *p_vrfy ) 03191 { 03192 return( x509_crt_verify_restartable_ca_cb( crt, NULL, NULL, 03193 f_ca_cb, p_ca_cb, 03194 profile, cn, flags, 03195 f_vrfy, p_vrfy, NULL ) ); 03196 } 03197 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 03198 03199 int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, 03200 mbedtls_x509_crt *trust_ca, 03201 mbedtls_x509_crl *ca_crl, 03202 const mbedtls_x509_crt_profile *profile, 03203 const char *cn, uint32_t *flags, 03204 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 03205 void *p_vrfy, 03206 mbedtls_x509_crt_restart_ctx *rs_ctx ) 03207 { 03208 return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, 03209 NULL, NULL, 03210 profile, cn, flags, 03211 f_vrfy, p_vrfy, rs_ctx ) ); 03212 } 03213 03214 03215 /* 03216 * Initialize a certificate chain 03217 */ 03218 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ) 03219 { 03220 memset( crt, 0, sizeof(mbedtls_x509_crt) ); 03221 } 03222 03223 /* 03224 * Unallocate all certificate data 03225 */ 03226 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) 03227 { 03228 mbedtls_x509_crt *cert_cur = crt; 03229 mbedtls_x509_crt *cert_prv; 03230 mbedtls_x509_name *name_cur; 03231 mbedtls_x509_name *name_prv; 03232 mbedtls_x509_sequence *seq_cur; 03233 mbedtls_x509_sequence *seq_prv; 03234 03235 if( crt == NULL ) 03236 return; 03237 03238 do 03239 { 03240 mbedtls_pk_free( &cert_cur->pk ); 03241 03242 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 03243 mbedtls_free( cert_cur->sig_opts ); 03244 #endif 03245 03246 name_cur = cert_cur->issuer.next; 03247 while( name_cur != NULL ) 03248 { 03249 name_prv = name_cur; 03250 name_cur = name_cur->next; 03251 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 03252 mbedtls_free( name_prv ); 03253 } 03254 03255 name_cur = cert_cur->subject.next; 03256 while( name_cur != NULL ) 03257 { 03258 name_prv = name_cur; 03259 name_cur = name_cur->next; 03260 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 03261 mbedtls_free( name_prv ); 03262 } 03263 03264 seq_cur = cert_cur->ext_key_usage.next; 03265 while( seq_cur != NULL ) 03266 { 03267 seq_prv = seq_cur; 03268 seq_cur = seq_cur->next; 03269 mbedtls_platform_zeroize( seq_prv, 03270 sizeof( mbedtls_x509_sequence ) ); 03271 mbedtls_free( seq_prv ); 03272 } 03273 03274 seq_cur = cert_cur->subject_alt_names.next; 03275 while( seq_cur != NULL ) 03276 { 03277 seq_prv = seq_cur; 03278 seq_cur = seq_cur->next; 03279 mbedtls_platform_zeroize( seq_prv, 03280 sizeof( mbedtls_x509_sequence ) ); 03281 mbedtls_free( seq_prv ); 03282 } 03283 03284 seq_cur = cert_cur->certificate_policies.next; 03285 while( seq_cur != NULL ) 03286 { 03287 seq_prv = seq_cur; 03288 seq_cur = seq_cur->next; 03289 mbedtls_platform_zeroize( seq_prv, 03290 sizeof( mbedtls_x509_sequence ) ); 03291 mbedtls_free( seq_prv ); 03292 } 03293 03294 if( cert_cur->raw.p != NULL && cert_cur->own_buffer ) 03295 { 03296 mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); 03297 mbedtls_free( cert_cur->raw.p ); 03298 } 03299 03300 cert_cur = cert_cur->next; 03301 } 03302 while( cert_cur != NULL ); 03303 03304 cert_cur = crt; 03305 do 03306 { 03307 cert_prv = cert_cur; 03308 cert_cur = cert_cur->next; 03309 03310 mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); 03311 if( cert_prv != crt ) 03312 mbedtls_free( cert_prv ); 03313 } 03314 while( cert_cur != NULL ); 03315 } 03316 03317 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 03318 /* 03319 * Initialize a restart context 03320 */ 03321 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) 03322 { 03323 mbedtls_pk_restart_init( &ctx->pk ); 03324 03325 ctx->parent = NULL; 03326 ctx->fallback_parent = NULL; 03327 ctx->fallback_signature_is_good = 0; 03328 03329 ctx->parent_is_trusted = -1; 03330 03331 ctx->in_progress = x509_crt_rs_none; 03332 ctx->self_cnt = 0; 03333 x509_crt_verify_chain_reset( &ctx->ver_chain ); 03334 } 03335 03336 /* 03337 * Free the components of a restart context 03338 */ 03339 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) 03340 { 03341 if( ctx == NULL ) 03342 return; 03343 03344 mbedtls_pk_restart_free( &ctx->pk ); 03345 mbedtls_x509_crt_restart_init( ctx ); 03346 } 03347 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 03348 03349 #endif /* MBEDTLS_X509_CRT_PARSE_C */
Generated on Tue Jul 12 2022 13:55:05 by
1.7.2