x509.c 30 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067
  1. /*
  2. * X.509 common functions for parsing and verification
  3. *
  4. * Copyright The Mbed TLS Contributors
  5. * SPDX-License-Identifier: Apache-2.0
  6. *
  7. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  8. * not use this file except in compliance with the License.
  9. * You may obtain a copy of the License at
  10. *
  11. * http://www.apache.org/licenses/LICENSE-2.0
  12. *
  13. * Unless required by applicable law or agreed to in writing, software
  14. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  15. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16. * See the License for the specific language governing permissions and
  17. * limitations under the License.
  18. */
  19. /*
  20. * The ITU-T X.509 standard defines a certificate format for PKI.
  21. *
  22. * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
  23. * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
  24. * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
  25. *
  26. * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
  27. * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
  28. */
  29. #include "common.h"
  30. #if defined(MBEDTLS_X509_USE_C)
  31. #include "mbedtls/x509.h"
  32. #include "mbedtls/asn1.h"
  33. #include "mbedtls/error.h"
  34. #include "mbedtls/oid.h"
  35. #include <stdio.h>
  36. #include <string.h>
  37. #if defined(MBEDTLS_PEM_PARSE_C)
  38. #include "mbedtls/pem.h"
  39. #endif
  40. #if defined(MBEDTLS_PLATFORM_C)
  41. #include "mbedtls/platform.h"
  42. #else
  43. #include <stdio.h>
  44. #include <stdlib.h>
  45. #define mbedtls_free free
  46. #define mbedtls_calloc calloc
  47. #define mbedtls_printf printf
  48. #define mbedtls_snprintf snprintf
  49. #endif
  50. #if defined(MBEDTLS_HAVE_TIME)
  51. #include "mbedtls/platform_time.h"
  52. #endif
  53. #if defined(MBEDTLS_HAVE_TIME_DATE)
  54. #include "mbedtls/platform_util.h"
  55. #include <time.h>
  56. #endif
  57. #define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
  58. #define CHECK_RANGE(min, max, val) \
  59. do \
  60. { \
  61. if( ( val ) < ( min ) || ( val ) > ( max ) ) \
  62. { \
  63. return( ret ); \
  64. } \
  65. } while( 0 )
  66. /*
  67. * CertificateSerialNumber ::= INTEGER
  68. */
  69. int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
  70. mbedtls_x509_buf *serial )
  71. {
  72. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  73. if( ( end - *p ) < 1 )
  74. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
  75. MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
  76. if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
  77. **p != MBEDTLS_ASN1_INTEGER )
  78. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
  79. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
  80. serial->tag = *(*p)++;
  81. if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
  82. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, ret ) );
  83. serial->p = *p;
  84. *p += serial->len;
  85. return( 0 );
  86. }
  87. /* Get an algorithm identifier without parameters (eg for signatures)
  88. *
  89. * AlgorithmIdentifier ::= SEQUENCE {
  90. * algorithm OBJECT IDENTIFIER,
  91. * parameters ANY DEFINED BY algorithm OPTIONAL }
  92. */
  93. int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
  94. mbedtls_x509_buf *alg )
  95. {
  96. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  97. if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
  98. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  99. return( 0 );
  100. }
  101. /*
  102. * Parse an algorithm identifier with (optional) parameters
  103. */
  104. int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
  105. mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
  106. {
  107. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  108. if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
  109. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  110. return( 0 );
  111. }
  112. #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
  113. /*
  114. * HashAlgorithm ::= AlgorithmIdentifier
  115. *
  116. * AlgorithmIdentifier ::= SEQUENCE {
  117. * algorithm OBJECT IDENTIFIER,
  118. * parameters ANY DEFINED BY algorithm OPTIONAL }
  119. *
  120. * For HashAlgorithm, parameters MUST be NULL or absent.
  121. */
  122. static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
  123. {
  124. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  125. unsigned char *p;
  126. const unsigned char *end;
  127. mbedtls_x509_buf md_oid;
  128. size_t len;
  129. /* Make sure we got a SEQUENCE and setup bounds */
  130. if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
  131. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  132. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
  133. p = alg->p;
  134. end = p + alg->len;
  135. if( p >= end )
  136. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  137. MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
  138. /* Parse md_oid */
  139. md_oid.tag = *p;
  140. if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
  141. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  142. md_oid.p = p;
  143. p += md_oid.len;
  144. /* Get md_alg from md_oid */
  145. if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
  146. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  147. /* Make sure params is absent of NULL */
  148. if( p == end )
  149. return( 0 );
  150. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
  151. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  152. if( p != end )
  153. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  154. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
  155. return( 0 );
  156. }
  157. /*
  158. * RSASSA-PSS-params ::= SEQUENCE {
  159. * hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
  160. * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
  161. * saltLength [2] INTEGER DEFAULT 20,
  162. * trailerField [3] INTEGER DEFAULT 1 }
  163. * -- Note that the tags in this Sequence are explicit.
  164. *
  165. * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
  166. * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
  167. * option. Enfore this at parsing time.
  168. */
  169. int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
  170. mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
  171. int *salt_len )
  172. {
  173. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  174. unsigned char *p;
  175. const unsigned char *end, *end2;
  176. size_t len;
  177. mbedtls_x509_buf alg_id, alg_params;
  178. /* First set everything to defaults */
  179. *md_alg = MBEDTLS_MD_SHA1;
  180. *mgf_md = MBEDTLS_MD_SHA1;
  181. *salt_len = 20;
  182. /* Make sure params is a SEQUENCE and setup bounds */
  183. if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
  184. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  185. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
  186. p = (unsigned char *) params->p;
  187. end = p + params->len;
  188. if( p == end )
  189. return( 0 );
  190. /*
  191. * HashAlgorithm
  192. */
  193. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
  194. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
  195. {
  196. end2 = p + len;
  197. /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
  198. if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
  199. return( ret );
  200. if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
  201. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  202. if( p != end2 )
  203. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  204. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
  205. }
  206. else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
  207. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  208. if( p == end )
  209. return( 0 );
  210. /*
  211. * MaskGenAlgorithm
  212. */
  213. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
  214. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
  215. {
  216. end2 = p + len;
  217. /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
  218. if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
  219. return( ret );
  220. /* Only MFG1 is recognised for now */
  221. if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
  222. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
  223. MBEDTLS_ERR_OID_NOT_FOUND ) );
  224. /* Parse HashAlgorithm */
  225. if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
  226. return( ret );
  227. if( p != end2 )
  228. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  229. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
  230. }
  231. else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
  232. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  233. if( p == end )
  234. return( 0 );
  235. /*
  236. * salt_len
  237. */
  238. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
  239. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
  240. {
  241. end2 = p + len;
  242. if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
  243. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  244. if( p != end2 )
  245. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  246. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
  247. }
  248. else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
  249. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  250. if( p == end )
  251. return( 0 );
  252. /*
  253. * trailer_field (if present, must be 1)
  254. */
  255. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
  256. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
  257. {
  258. int trailer_field;
  259. end2 = p + len;
  260. if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
  261. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  262. if( p != end2 )
  263. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  264. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
  265. if( trailer_field != 1 )
  266. return( MBEDTLS_ERR_X509_INVALID_ALG );
  267. }
  268. else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
  269. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
  270. if( p != end )
  271. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
  272. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
  273. return( 0 );
  274. }
  275. #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
  276. /*
  277. * AttributeTypeAndValue ::= SEQUENCE {
  278. * type AttributeType,
  279. * value AttributeValue }
  280. *
  281. * AttributeType ::= OBJECT IDENTIFIER
  282. *
  283. * AttributeValue ::= ANY DEFINED BY AttributeType
  284. */
  285. static int x509_get_attr_type_value( unsigned char **p,
  286. const unsigned char *end,
  287. mbedtls_x509_name *cur )
  288. {
  289. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  290. size_t len;
  291. mbedtls_x509_buf *oid;
  292. mbedtls_x509_buf *val;
  293. if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
  294. MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
  295. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
  296. end = *p + len;
  297. if( ( end - *p ) < 1 )
  298. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
  299. MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
  300. oid = &cur->oid;
  301. oid->tag = **p;
  302. if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
  303. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
  304. oid->p = *p;
  305. *p += oid->len;
  306. if( ( end - *p ) < 1 )
  307. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
  308. MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
  309. if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING &&
  310. **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
  311. **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
  312. **p != MBEDTLS_ASN1_BIT_STRING )
  313. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
  314. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
  315. val = &cur->val;
  316. val->tag = *(*p)++;
  317. if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
  318. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
  319. val->p = *p;
  320. *p += val->len;
  321. if( *p != end )
  322. {
  323. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
  324. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
  325. }
  326. cur->next = NULL;
  327. return( 0 );
  328. }
  329. /*
  330. * Name ::= CHOICE { -- only one possibility for now --
  331. * rdnSequence RDNSequence }
  332. *
  333. * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
  334. *
  335. * RelativeDistinguishedName ::=
  336. * SET OF AttributeTypeAndValue
  337. *
  338. * AttributeTypeAndValue ::= SEQUENCE {
  339. * type AttributeType,
  340. * value AttributeValue }
  341. *
  342. * AttributeType ::= OBJECT IDENTIFIER
  343. *
  344. * AttributeValue ::= ANY DEFINED BY AttributeType
  345. *
  346. * The data structure is optimized for the common case where each RDN has only
  347. * one element, which is represented as a list of AttributeTypeAndValue.
  348. * For the general case we still use a flat list, but we mark elements of the
  349. * same set so that they are "merged" together in the functions that consume
  350. * this list, eg mbedtls_x509_dn_gets().
  351. */
  352. int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
  353. mbedtls_x509_name *cur )
  354. {
  355. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  356. size_t set_len;
  357. const unsigned char *end_set;
  358. /* don't use recursion, we'd risk stack overflow if not optimized */
  359. while( 1 )
  360. {
  361. /*
  362. * parse SET
  363. */
  364. if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
  365. MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
  366. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
  367. end_set = *p + set_len;
  368. while( 1 )
  369. {
  370. if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
  371. return( ret );
  372. if( *p == end_set )
  373. break;
  374. /* Mark this item as being no the only one in a set */
  375. cur->next_merged = 1;
  376. cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
  377. if( cur->next == NULL )
  378. return( MBEDTLS_ERR_X509_ALLOC_FAILED );
  379. cur = cur->next;
  380. }
  381. /*
  382. * continue until end of SEQUENCE is reached
  383. */
  384. if( *p == end )
  385. return( 0 );
  386. cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
  387. if( cur->next == NULL )
  388. return( MBEDTLS_ERR_X509_ALLOC_FAILED );
  389. cur = cur->next;
  390. }
  391. }
  392. static int x509_parse_int( unsigned char **p, size_t n, int *res )
  393. {
  394. *res = 0;
  395. for( ; n > 0; --n )
  396. {
  397. if( ( **p < '0') || ( **p > '9' ) )
  398. return ( MBEDTLS_ERR_X509_INVALID_DATE );
  399. *res *= 10;
  400. *res += ( *(*p)++ - '0' );
  401. }
  402. return( 0 );
  403. }
  404. static int x509_date_is_valid(const mbedtls_x509_time *t )
  405. {
  406. int ret = MBEDTLS_ERR_X509_INVALID_DATE;
  407. int month_len;
  408. CHECK_RANGE( 0, 9999, t->year );
  409. CHECK_RANGE( 0, 23, t->hour );
  410. CHECK_RANGE( 0, 59, t->min );
  411. CHECK_RANGE( 0, 59, t->sec );
  412. switch( t->mon )
  413. {
  414. case 1: case 3: case 5: case 7: case 8: case 10: case 12:
  415. month_len = 31;
  416. break;
  417. case 4: case 6: case 9: case 11:
  418. month_len = 30;
  419. break;
  420. case 2:
  421. if( ( !( t->year % 4 ) && t->year % 100 ) ||
  422. !( t->year % 400 ) )
  423. month_len = 29;
  424. else
  425. month_len = 28;
  426. break;
  427. default:
  428. return( ret );
  429. }
  430. CHECK_RANGE( 1, month_len, t->day );
  431. return( 0 );
  432. }
  433. /*
  434. * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
  435. * field.
  436. */
  437. static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
  438. mbedtls_x509_time *tm )
  439. {
  440. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  441. /*
  442. * Minimum length is 10 or 12 depending on yearlen
  443. */
  444. if ( len < yearlen + 8 )
  445. return ( MBEDTLS_ERR_X509_INVALID_DATE );
  446. len -= yearlen + 8;
  447. /*
  448. * Parse year, month, day, hour, minute
  449. */
  450. CHECK( x509_parse_int( p, yearlen, &tm->year ) );
  451. if ( 2 == yearlen )
  452. {
  453. if ( tm->year < 50 )
  454. tm->year += 100;
  455. tm->year += 1900;
  456. }
  457. CHECK( x509_parse_int( p, 2, &tm->mon ) );
  458. CHECK( x509_parse_int( p, 2, &tm->day ) );
  459. CHECK( x509_parse_int( p, 2, &tm->hour ) );
  460. CHECK( x509_parse_int( p, 2, &tm->min ) );
  461. /*
  462. * Parse seconds if present
  463. */
  464. if ( len >= 2 )
  465. {
  466. CHECK( x509_parse_int( p, 2, &tm->sec ) );
  467. len -= 2;
  468. }
  469. else
  470. return ( MBEDTLS_ERR_X509_INVALID_DATE );
  471. /*
  472. * Parse trailing 'Z' if present
  473. */
  474. if ( 1 == len && 'Z' == **p )
  475. {
  476. (*p)++;
  477. len--;
  478. }
  479. /*
  480. * We should have parsed all characters at this point
  481. */
  482. if ( 0 != len )
  483. return ( MBEDTLS_ERR_X509_INVALID_DATE );
  484. CHECK( x509_date_is_valid( tm ) );
  485. return ( 0 );
  486. }
  487. /*
  488. * Time ::= CHOICE {
  489. * utcTime UTCTime,
  490. * generalTime GeneralizedTime }
  491. */
  492. int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
  493. mbedtls_x509_time *tm )
  494. {
  495. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  496. size_t len, year_len;
  497. unsigned char tag;
  498. if( ( end - *p ) < 1 )
  499. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
  500. MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
  501. tag = **p;
  502. if( tag == MBEDTLS_ASN1_UTC_TIME )
  503. year_len = 2;
  504. else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
  505. year_len = 4;
  506. else
  507. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
  508. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
  509. (*p)++;
  510. ret = mbedtls_asn1_get_len( p, end, &len );
  511. if( ret != 0 )
  512. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) );
  513. return x509_parse_time( p, len, year_len, tm );
  514. }
  515. int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
  516. {
  517. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  518. size_t len;
  519. int tag_type;
  520. if( ( end - *p ) < 1 )
  521. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE,
  522. MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
  523. tag_type = **p;
  524. if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
  525. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret ) );
  526. sig->tag = tag_type;
  527. sig->len = len;
  528. sig->p = *p;
  529. *p += len;
  530. return( 0 );
  531. }
  532. /*
  533. * Get signature algorithm from alg OID and optional parameters
  534. */
  535. int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
  536. mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
  537. void **sig_opts )
  538. {
  539. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  540. if( *sig_opts != NULL )
  541. return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
  542. if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
  543. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret ) );
  544. #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
  545. if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
  546. {
  547. mbedtls_pk_rsassa_pss_options *pss_opts;
  548. pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
  549. if( pss_opts == NULL )
  550. return( MBEDTLS_ERR_X509_ALLOC_FAILED );
  551. ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
  552. md_alg,
  553. &pss_opts->mgf1_hash_id,
  554. &pss_opts->expected_salt_len );
  555. if( ret != 0 )
  556. {
  557. mbedtls_free( pss_opts );
  558. return( ret );
  559. }
  560. *sig_opts = (void *) pss_opts;
  561. }
  562. else
  563. #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
  564. {
  565. /* Make sure parameters are absent or NULL */
  566. if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
  567. sig_params->len != 0 )
  568. return( MBEDTLS_ERR_X509_INVALID_ALG );
  569. }
  570. return( 0 );
  571. }
  572. /*
  573. * X.509 Extensions (No parsing of extensions, pointer should
  574. * be either manually updated or extensions should be parsed!)
  575. */
  576. int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
  577. mbedtls_x509_buf *ext, int tag )
  578. {
  579. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  580. size_t len;
  581. /* Extension structure use EXPLICIT tagging. That is, the actual
  582. * `Extensions` structure is wrapped by a tag-length pair using
  583. * the respective context-specific tag. */
  584. ret = mbedtls_asn1_get_tag( p, end, &ext->len,
  585. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
  586. if( ret != 0 )
  587. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
  588. ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag;
  589. ext->p = *p;
  590. end = *p + ext->len;
  591. /*
  592. * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
  593. */
  594. if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
  595. MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
  596. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
  597. if( end != *p + len )
  598. return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
  599. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
  600. return( 0 );
  601. }
  602. /*
  603. * Store the name in printable form into buf; no more
  604. * than size characters will be written
  605. */
  606. int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
  607. {
  608. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  609. size_t i, n;
  610. unsigned char c, merge = 0;
  611. const mbedtls_x509_name *name;
  612. const char *short_name = NULL;
  613. char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
  614. memset( s, 0, sizeof( s ) );
  615. name = dn;
  616. p = buf;
  617. n = size;
  618. while( name != NULL )
  619. {
  620. if( !name->oid.p )
  621. {
  622. name = name->next;
  623. continue;
  624. }
  625. if( name != dn )
  626. {
  627. ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
  628. MBEDTLS_X509_SAFE_SNPRINTF;
  629. }
  630. ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
  631. if( ret == 0 )
  632. ret = mbedtls_snprintf( p, n, "%s=", short_name );
  633. else
  634. ret = mbedtls_snprintf( p, n, "\?\?=" );
  635. MBEDTLS_X509_SAFE_SNPRINTF;
  636. for( i = 0; i < name->val.len; i++ )
  637. {
  638. if( i >= sizeof( s ) - 1 )
  639. break;
  640. c = name->val.p[i];
  641. if( c < 32 || c >= 127 )
  642. s[i] = '?';
  643. else s[i] = c;
  644. }
  645. s[i] = '\0';
  646. ret = mbedtls_snprintf( p, n, "%s", s );
  647. MBEDTLS_X509_SAFE_SNPRINTF;
  648. merge = name->next_merged;
  649. name = name->next;
  650. }
  651. return( (int) ( size - n ) );
  652. }
  653. /*
  654. * Store the serial in printable form into buf; no more
  655. * than size characters will be written
  656. */
  657. int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
  658. {
  659. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  660. size_t i, n, nr;
  661. char *p;
  662. p = buf;
  663. n = size;
  664. nr = ( serial->len <= 32 )
  665. ? serial->len : 28;
  666. for( i = 0; i < nr; i++ )
  667. {
  668. if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
  669. continue;
  670. ret = mbedtls_snprintf( p, n, "%02X%s",
  671. serial->p[i], ( i < nr - 1 ) ? ":" : "" );
  672. MBEDTLS_X509_SAFE_SNPRINTF;
  673. }
  674. if( nr != serial->len )
  675. {
  676. ret = mbedtls_snprintf( p, n, "...." );
  677. MBEDTLS_X509_SAFE_SNPRINTF;
  678. }
  679. return( (int) ( size - n ) );
  680. }
  681. /*
  682. * Helper for writing signature algorithms
  683. */
  684. int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
  685. mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
  686. const void *sig_opts )
  687. {
  688. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  689. char *p = buf;
  690. size_t n = size;
  691. const char *desc = NULL;
  692. ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
  693. if( ret != 0 )
  694. ret = mbedtls_snprintf( p, n, "???" );
  695. else
  696. ret = mbedtls_snprintf( p, n, "%s", desc );
  697. MBEDTLS_X509_SAFE_SNPRINTF;
  698. #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
  699. if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
  700. {
  701. const mbedtls_pk_rsassa_pss_options *pss_opts;
  702. const mbedtls_md_info_t *md_info, *mgf_md_info;
  703. pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
  704. md_info = mbedtls_md_info_from_type( md_alg );
  705. mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
  706. ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
  707. md_info ? mbedtls_md_get_name( md_info ) : "???",
  708. mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
  709. (unsigned int) pss_opts->expected_salt_len );
  710. MBEDTLS_X509_SAFE_SNPRINTF;
  711. }
  712. #else
  713. ((void) pk_alg);
  714. ((void) md_alg);
  715. ((void) sig_opts);
  716. #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
  717. return( (int)( size - n ) );
  718. }
  719. /*
  720. * Helper for writing "RSA key size", "EC key size", etc
  721. */
  722. int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
  723. {
  724. char *p = buf;
  725. size_t n = buf_size;
  726. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  727. ret = mbedtls_snprintf( p, n, "%s key size", name );
  728. MBEDTLS_X509_SAFE_SNPRINTF;
  729. return( 0 );
  730. }
  731. #if defined(MBEDTLS_HAVE_TIME_DATE)
  732. /*
  733. * Set the time structure to the current time.
  734. * Return 0 on success, non-zero on failure.
  735. */
  736. static int x509_get_current_time( mbedtls_x509_time *now )
  737. {
  738. struct tm *lt, tm_buf;
  739. mbedtls_time_t tt;
  740. int ret = 0;
  741. tt = mbedtls_time( NULL );
  742. lt = mbedtls_platform_gmtime_r( &tt, &tm_buf );
  743. if( lt == NULL )
  744. ret = -1;
  745. else
  746. {
  747. now->year = lt->tm_year + 1900;
  748. now->mon = lt->tm_mon + 1;
  749. now->day = lt->tm_mday;
  750. now->hour = lt->tm_hour;
  751. now->min = lt->tm_min;
  752. now->sec = lt->tm_sec;
  753. }
  754. return( ret );
  755. }
  756. /*
  757. * Return 0 if before <= after, 1 otherwise
  758. */
  759. static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
  760. {
  761. if( before->year > after->year )
  762. return( 1 );
  763. if( before->year == after->year &&
  764. before->mon > after->mon )
  765. return( 1 );
  766. if( before->year == after->year &&
  767. before->mon == after->mon &&
  768. before->day > after->day )
  769. return( 1 );
  770. if( before->year == after->year &&
  771. before->mon == after->mon &&
  772. before->day == after->day &&
  773. before->hour > after->hour )
  774. return( 1 );
  775. if( before->year == after->year &&
  776. before->mon == after->mon &&
  777. before->day == after->day &&
  778. before->hour == after->hour &&
  779. before->min > after->min )
  780. return( 1 );
  781. if( before->year == after->year &&
  782. before->mon == after->mon &&
  783. before->day == after->day &&
  784. before->hour == after->hour &&
  785. before->min == after->min &&
  786. before->sec > after->sec )
  787. return( 1 );
  788. return( 0 );
  789. }
  790. int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
  791. {
  792. mbedtls_x509_time now;
  793. if( x509_get_current_time( &now ) != 0 )
  794. return( 1 );
  795. return( x509_check_time( &now, to ) );
  796. }
  797. int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
  798. {
  799. mbedtls_x509_time now;
  800. if( x509_get_current_time( &now ) != 0 )
  801. return( 1 );
  802. return( x509_check_time( from, &now ) );
  803. }
  804. #else /* MBEDTLS_HAVE_TIME_DATE */
  805. int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
  806. {
  807. ((void) to);
  808. return( 0 );
  809. }
  810. int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
  811. {
  812. ((void) from);
  813. return( 0 );
  814. }
  815. #endif /* MBEDTLS_HAVE_TIME_DATE */
  816. #if defined(MBEDTLS_SELF_TEST)
  817. #include "mbedtls/x509_crt.h"
  818. #include "mbedtls/certs.h"
  819. /*
  820. * Checkup routine
  821. */
  822. int mbedtls_x509_self_test( int verbose )
  823. {
  824. int ret = 0;
  825. #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
  826. uint32_t flags;
  827. mbedtls_x509_crt cacert;
  828. mbedtls_x509_crt clicert;
  829. if( verbose != 0 )
  830. mbedtls_printf( " X.509 certificate load: " );
  831. mbedtls_x509_crt_init( &cacert );
  832. mbedtls_x509_crt_init( &clicert );
  833. ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
  834. mbedtls_test_cli_crt_len );
  835. if( ret != 0 )
  836. {
  837. if( verbose != 0 )
  838. mbedtls_printf( "failed\n" );
  839. goto cleanup;
  840. }
  841. ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
  842. mbedtls_test_ca_crt_len );
  843. if( ret != 0 )
  844. {
  845. if( verbose != 0 )
  846. mbedtls_printf( "failed\n" );
  847. goto cleanup;
  848. }
  849. if( verbose != 0 )
  850. mbedtls_printf( "passed\n X.509 signature verify: ");
  851. ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
  852. if( ret != 0 )
  853. {
  854. if( verbose != 0 )
  855. mbedtls_printf( "failed\n" );
  856. goto cleanup;
  857. }
  858. if( verbose != 0 )
  859. mbedtls_printf( "passed\n\n");
  860. cleanup:
  861. mbedtls_x509_crt_free( &cacert );
  862. mbedtls_x509_crt_free( &clicert );
  863. #else
  864. ((void) verbose);
  865. #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
  866. return( ret );
  867. }
  868. #endif /* MBEDTLS_SELF_TEST */
  869. #endif /* MBEDTLS_X509_USE_C */