1 /* 2 * X.509 common functions for parsing and verification 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 * not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 */ 19 /* 20 * The ITU-T X.509 standard defines a certificate format for PKI. 21 * 22 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) 23 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) 24 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) 25 * 26 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 27 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 28 */ 29 30 #include "common.h" 31 32 #if defined(MBEDTLS_X509_USE_C) 33 34 #include "mbedtls/x509.h" 35 #include "mbedtls/asn1.h" 36 #include "mbedtls/error.h" 37 #include "mbedtls/oid.h" 38 39 #include <stdio.h> 40 #include <string.h> 41 42 #if defined(MBEDTLS_PEM_PARSE_C) 43 #include "mbedtls/pem.h" 44 #endif 45 46 #include "mbedtls/platform.h" 47 48 #if defined(MBEDTLS_HAVE_TIME) 49 #include "mbedtls/platform_time.h" 50 #endif 51 #if defined(MBEDTLS_HAVE_TIME_DATE) 52 #include "mbedtls/platform_util.h" 53 #include <time.h> 54 #endif 55 56 #include "mbedtls/legacy_or_psa.h" 57 58 #define CHECK(code) if ((ret = (code)) != 0) { return ret; } 59 #define CHECK_RANGE(min, max, val) \ 60 do \ 61 { \ 62 if ((val) < (min) || (val) > (max)) \ 63 { \ 64 return ret; \ 65 } \ 66 } while (0) 67 68 /* 69 * CertificateSerialNumber ::= INTEGER 70 */ 71 int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, 72 mbedtls_x509_buf *serial) 73 { 74 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 75 76 if ((end - *p) < 1) { 77 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, 78 MBEDTLS_ERR_ASN1_OUT_OF_DATA); 79 } 80 81 if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && 82 **p != MBEDTLS_ASN1_INTEGER) { 83 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, 84 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 85 } 86 87 serial->tag = *(*p)++; 88 89 if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) { 90 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ret); 91 } 92 93 serial->p = *p; 94 *p += serial->len; 95 96 return 0; 97 } 98 99 /* Get an algorithm identifier without parameters (eg for signatures) 100 * 101 * AlgorithmIdentifier ::= SEQUENCE { 102 * algorithm OBJECT IDENTIFIER, 103 * parameters ANY DEFINED BY algorithm OPTIONAL } 104 */ 105 int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, 106 mbedtls_x509_buf *alg) 107 { 108 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 109 110 if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) { 111 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 112 } 113 114 return 0; 115 } 116 117 /* 118 * Parse an algorithm identifier with (optional) parameters 119 */ 120 int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, 121 mbedtls_x509_buf *alg, mbedtls_x509_buf *params) 122 { 123 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 124 125 if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) { 126 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 127 } 128 129 return 0; 130 } 131 132 /* 133 * Convert md type to string 134 */ 135 static inline const char *md_type_to_string(mbedtls_md_type_t md_alg) 136 { 137 switch (md_alg) { 138 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA) 139 case MBEDTLS_MD_MD5: 140 return "MD5"; 141 #endif 142 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA) 143 case MBEDTLS_MD_SHA1: 144 return "SHA1"; 145 #endif 146 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA) 147 case MBEDTLS_MD_SHA224: 148 return "SHA224"; 149 #endif 150 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA) 151 case MBEDTLS_MD_SHA256: 152 return "SHA256"; 153 #endif 154 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA) 155 case MBEDTLS_MD_SHA384: 156 return "SHA384"; 157 #endif 158 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA) 159 case MBEDTLS_MD_SHA512: 160 return "SHA512"; 161 #endif 162 #if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA) 163 case MBEDTLS_MD_RIPEMD160: 164 return "RIPEMD160"; 165 #endif 166 case MBEDTLS_MD_NONE: 167 return NULL; 168 default: 169 return NULL; 170 } 171 } 172 173 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 174 /* 175 * HashAlgorithm ::= AlgorithmIdentifier 176 * 177 * AlgorithmIdentifier ::= SEQUENCE { 178 * algorithm OBJECT IDENTIFIER, 179 * parameters ANY DEFINED BY algorithm OPTIONAL } 180 * 181 * For HashAlgorithm, parameters MUST be NULL or absent. 182 */ 183 static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg) 184 { 185 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 186 unsigned char *p; 187 const unsigned char *end; 188 mbedtls_x509_buf md_oid; 189 size_t len; 190 191 /* Make sure we got a SEQUENCE and setup bounds */ 192 if (alg->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { 193 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 194 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 195 } 196 197 p = alg->p; 198 end = p + alg->len; 199 200 if (p >= end) { 201 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 202 MBEDTLS_ERR_ASN1_OUT_OF_DATA); 203 } 204 205 /* Parse md_oid */ 206 md_oid.tag = *p; 207 208 if ((ret = mbedtls_asn1_get_tag(&p, end, &md_oid.len, MBEDTLS_ASN1_OID)) != 0) { 209 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 210 } 211 212 md_oid.p = p; 213 p += md_oid.len; 214 215 /* Get md_alg from md_oid */ 216 if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) { 217 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 218 } 219 220 /* Make sure params is absent of NULL */ 221 if (p == end) { 222 return 0; 223 } 224 225 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_NULL)) != 0 || len != 0) { 226 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 227 } 228 229 if (p != end) { 230 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 231 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 232 } 233 234 return 0; 235 } 236 237 /* 238 * RSASSA-PSS-params ::= SEQUENCE { 239 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier, 240 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier, 241 * saltLength [2] INTEGER DEFAULT 20, 242 * trailerField [3] INTEGER DEFAULT 1 } 243 * -- Note that the tags in this Sequence are explicit. 244 * 245 * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value 246 * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other 247 * option. Enforce this at parsing time. 248 */ 249 int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, 250 mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, 251 int *salt_len) 252 { 253 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 254 unsigned char *p; 255 const unsigned char *end, *end2; 256 size_t len; 257 mbedtls_x509_buf alg_id, alg_params; 258 259 /* First set everything to defaults */ 260 *md_alg = MBEDTLS_MD_SHA1; 261 *mgf_md = MBEDTLS_MD_SHA1; 262 *salt_len = 20; 263 264 /* Make sure params is a SEQUENCE and setup bounds */ 265 if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { 266 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 267 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 268 } 269 270 p = (unsigned char *) params->p; 271 end = p + params->len; 272 273 if (p == end) { 274 return 0; 275 } 276 277 /* 278 * HashAlgorithm 279 */ 280 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 281 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 282 0)) == 0) { 283 end2 = p + len; 284 285 /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */ 286 if ((ret = mbedtls_x509_get_alg_null(&p, end2, &alg_id)) != 0) { 287 return ret; 288 } 289 290 if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) { 291 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 292 } 293 294 if (p != end2) { 295 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 296 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 297 } 298 } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 299 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 300 } 301 302 if (p == end) { 303 return 0; 304 } 305 306 /* 307 * MaskGenAlgorithm 308 */ 309 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 310 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 311 1)) == 0) { 312 end2 = p + len; 313 314 /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */ 315 if ((ret = mbedtls_x509_get_alg(&p, end2, &alg_id, &alg_params)) != 0) { 316 return ret; 317 } 318 319 /* Only MFG1 is recognised for now */ 320 if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) { 321 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, 322 MBEDTLS_ERR_OID_NOT_FOUND); 323 } 324 325 /* Parse HashAlgorithm */ 326 if ((ret = x509_get_hash_alg(&alg_params, mgf_md)) != 0) { 327 return ret; 328 } 329 330 if (p != end2) { 331 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 332 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 333 } 334 } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 335 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 336 } 337 338 if (p == end) { 339 return 0; 340 } 341 342 /* 343 * salt_len 344 */ 345 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 346 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 347 2)) == 0) { 348 end2 = p + len; 349 350 if ((ret = mbedtls_asn1_get_int(&p, end2, salt_len)) != 0) { 351 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 352 } 353 354 if (p != end2) { 355 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 356 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 357 } 358 } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 359 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 360 } 361 362 if (p == end) { 363 return 0; 364 } 365 366 /* 367 * trailer_field (if present, must be 1) 368 */ 369 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 370 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 371 3)) == 0) { 372 int trailer_field; 373 374 end2 = p + len; 375 376 if ((ret = mbedtls_asn1_get_int(&p, end2, &trailer_field)) != 0) { 377 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 378 } 379 380 if (p != end2) { 381 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 382 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 383 } 384 385 if (trailer_field != 1) { 386 return MBEDTLS_ERR_X509_INVALID_ALG; 387 } 388 } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 389 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); 390 } 391 392 if (p != end) { 393 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, 394 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 395 } 396 397 return 0; 398 } 399 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 400 401 /* 402 * AttributeTypeAndValue ::= SEQUENCE { 403 * type AttributeType, 404 * value AttributeValue } 405 * 406 * AttributeType ::= OBJECT IDENTIFIER 407 * 408 * AttributeValue ::= ANY DEFINED BY AttributeType 409 */ 410 static int x509_get_attr_type_value(unsigned char **p, 411 const unsigned char *end, 412 mbedtls_x509_name *cur) 413 { 414 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 415 size_t len; 416 mbedtls_x509_buf *oid; 417 mbedtls_x509_buf *val; 418 419 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 420 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 421 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); 422 } 423 424 end = *p + len; 425 426 if ((end - *p) < 1) { 427 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, 428 MBEDTLS_ERR_ASN1_OUT_OF_DATA); 429 } 430 431 oid = &cur->oid; 432 oid->tag = **p; 433 434 if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) { 435 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); 436 } 437 438 oid->p = *p; 439 *p += oid->len; 440 441 if ((end - *p) < 1) { 442 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, 443 MBEDTLS_ERR_ASN1_OUT_OF_DATA); 444 } 445 446 if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && 447 **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && 448 **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && 449 **p != MBEDTLS_ASN1_BIT_STRING) { 450 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, 451 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 452 } 453 454 val = &cur->val; 455 val->tag = *(*p)++; 456 457 if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) { 458 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); 459 } 460 461 val->p = *p; 462 *p += val->len; 463 464 if (*p != end) { 465 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, 466 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 467 } 468 469 cur->next = NULL; 470 471 return 0; 472 } 473 474 /* 475 * Name ::= CHOICE { -- only one possibility for now -- 476 * rdnSequence RDNSequence } 477 * 478 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 479 * 480 * RelativeDistinguishedName ::= 481 * SET OF AttributeTypeAndValue 482 * 483 * AttributeTypeAndValue ::= SEQUENCE { 484 * type AttributeType, 485 * value AttributeValue } 486 * 487 * AttributeType ::= OBJECT IDENTIFIER 488 * 489 * AttributeValue ::= ANY DEFINED BY AttributeType 490 * 491 * The data structure is optimized for the common case where each RDN has only 492 * one element, which is represented as a list of AttributeTypeAndValue. 493 * For the general case we still use a flat list, but we mark elements of the 494 * same set so that they are "merged" together in the functions that consume 495 * this list, eg mbedtls_x509_dn_gets(). 496 * 497 * On success, this function may allocate a linked list starting at cur->next 498 * that must later be free'd by the caller using mbedtls_free(). In error 499 * cases, this function frees all allocated memory internally and the caller 500 * has no freeing responsibilities. 501 */ 502 int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, 503 mbedtls_x509_name *cur) 504 { 505 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 506 size_t set_len; 507 const unsigned char *end_set; 508 mbedtls_x509_name *head = cur; 509 510 /* don't use recursion, we'd risk stack overflow if not optimized */ 511 while (1) { 512 /* 513 * parse SET 514 */ 515 if ((ret = mbedtls_asn1_get_tag(p, end, &set_len, 516 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { 517 ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); 518 goto error; 519 } 520 521 end_set = *p + set_len; 522 523 while (1) { 524 if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) { 525 goto error; 526 } 527 528 if (*p == end_set) { 529 break; 530 } 531 532 /* Mark this item as being no the only one in a set */ 533 cur->next_merged = 1; 534 535 cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); 536 537 if (cur->next == NULL) { 538 ret = MBEDTLS_ERR_X509_ALLOC_FAILED; 539 goto error; 540 } 541 542 cur = cur->next; 543 } 544 545 /* 546 * continue until end of SEQUENCE is reached 547 */ 548 if (*p == end) { 549 return 0; 550 } 551 552 cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); 553 554 if (cur->next == NULL) { 555 ret = MBEDTLS_ERR_X509_ALLOC_FAILED; 556 goto error; 557 } 558 559 cur = cur->next; 560 } 561 562 error: 563 /* Skip the first element as we did not allocate it */ 564 mbedtls_asn1_free_named_data_list_shallow(head->next); 565 head->next = NULL; 566 567 return ret; 568 } 569 570 static int x509_parse_int(unsigned char **p, size_t n, int *res) 571 { 572 *res = 0; 573 574 for (; n > 0; --n) { 575 if ((**p < '0') || (**p > '9')) { 576 return MBEDTLS_ERR_X509_INVALID_DATE; 577 } 578 579 *res *= 10; 580 *res += (*(*p)++ - '0'); 581 } 582 583 return 0; 584 } 585 586 static int x509_date_is_valid(const mbedtls_x509_time *t) 587 { 588 int ret = MBEDTLS_ERR_X509_INVALID_DATE; 589 int month_len; 590 591 CHECK_RANGE(0, 9999, t->year); 592 CHECK_RANGE(0, 23, t->hour); 593 CHECK_RANGE(0, 59, t->min); 594 CHECK_RANGE(0, 59, t->sec); 595 596 switch (t->mon) { 597 case 1: case 3: case 5: case 7: case 8: case 10: case 12: 598 month_len = 31; 599 break; 600 case 4: case 6: case 9: case 11: 601 month_len = 30; 602 break; 603 case 2: 604 if ((!(t->year % 4) && t->year % 100) || 605 !(t->year % 400)) { 606 month_len = 29; 607 } else { 608 month_len = 28; 609 } 610 break; 611 default: 612 return ret; 613 } 614 CHECK_RANGE(1, month_len, t->day); 615 616 return 0; 617 } 618 619 /* 620 * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) 621 * field. 622 */ 623 static int x509_parse_time(unsigned char **p, size_t len, size_t yearlen, 624 mbedtls_x509_time *tm) 625 { 626 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 627 628 /* 629 * Minimum length is 10 or 12 depending on yearlen 630 */ 631 if (len < yearlen + 8) { 632 return MBEDTLS_ERR_X509_INVALID_DATE; 633 } 634 len -= yearlen + 8; 635 636 /* 637 * Parse year, month, day, hour, minute 638 */ 639 CHECK(x509_parse_int(p, yearlen, &tm->year)); 640 if (2 == yearlen) { 641 if (tm->year < 50) { 642 tm->year += 100; 643 } 644 645 tm->year += 1900; 646 } 647 648 CHECK(x509_parse_int(p, 2, &tm->mon)); 649 CHECK(x509_parse_int(p, 2, &tm->day)); 650 CHECK(x509_parse_int(p, 2, &tm->hour)); 651 CHECK(x509_parse_int(p, 2, &tm->min)); 652 653 /* 654 * Parse seconds if present 655 */ 656 if (len >= 2) { 657 CHECK(x509_parse_int(p, 2, &tm->sec)); 658 len -= 2; 659 } else { 660 return MBEDTLS_ERR_X509_INVALID_DATE; 661 } 662 663 /* 664 * Parse trailing 'Z' if present 665 */ 666 if (1 == len && 'Z' == **p) { 667 (*p)++; 668 len--; 669 } 670 671 /* 672 * We should have parsed all characters at this point 673 */ 674 if (0 != len) { 675 return MBEDTLS_ERR_X509_INVALID_DATE; 676 } 677 678 CHECK(x509_date_is_valid(tm)); 679 680 return 0; 681 } 682 683 /* 684 * Time ::= CHOICE { 685 * utcTime UTCTime, 686 * generalTime GeneralizedTime } 687 */ 688 int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, 689 mbedtls_x509_time *tm) 690 { 691 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 692 size_t len, year_len; 693 unsigned char tag; 694 695 if ((end - *p) < 1) { 696 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, 697 MBEDTLS_ERR_ASN1_OUT_OF_DATA); 698 } 699 700 tag = **p; 701 702 if (tag == MBEDTLS_ASN1_UTC_TIME) { 703 year_len = 2; 704 } else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) { 705 year_len = 4; 706 } else { 707 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, 708 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 709 } 710 711 (*p)++; 712 ret = mbedtls_asn1_get_len(p, end, &len); 713 714 if (ret != 0) { 715 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); 716 } 717 718 return x509_parse_time(p, len, year_len, tm); 719 } 720 721 int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig) 722 { 723 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 724 size_t len; 725 int tag_type; 726 727 if ((end - *p) < 1) { 728 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, 729 MBEDTLS_ERR_ASN1_OUT_OF_DATA); 730 } 731 732 tag_type = **p; 733 734 if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { 735 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret); 736 } 737 738 sig->tag = tag_type; 739 sig->len = len; 740 sig->p = *p; 741 742 *p += len; 743 744 return 0; 745 } 746 747 /* 748 * Get signature algorithm from alg OID and optional parameters 749 */ 750 int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, 751 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, 752 void **sig_opts) 753 { 754 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 755 756 if (*sig_opts != NULL) { 757 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 758 } 759 760 if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { 761 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); 762 } 763 764 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 765 if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { 766 mbedtls_pk_rsassa_pss_options *pss_opts; 767 768 pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options)); 769 if (pss_opts == NULL) { 770 return MBEDTLS_ERR_X509_ALLOC_FAILED; 771 } 772 773 ret = mbedtls_x509_get_rsassa_pss_params(sig_params, 774 md_alg, 775 &pss_opts->mgf1_hash_id, 776 &pss_opts->expected_salt_len); 777 if (ret != 0) { 778 mbedtls_free(pss_opts); 779 return ret; 780 } 781 782 *sig_opts = (void *) pss_opts; 783 } else 784 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 785 { 786 /* Make sure parameters are absent or NULL */ 787 if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) || 788 sig_params->len != 0) { 789 return MBEDTLS_ERR_X509_INVALID_ALG; 790 } 791 } 792 793 return 0; 794 } 795 796 /* 797 * X.509 Extensions (No parsing of extensions, pointer should 798 * be either manually updated or extensions should be parsed!) 799 */ 800 int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, 801 mbedtls_x509_buf *ext, int tag) 802 { 803 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 804 size_t len; 805 806 /* Extension structure use EXPLICIT tagging. That is, the actual 807 * `Extensions` structure is wrapped by a tag-length pair using 808 * the respective context-specific tag. */ 809 ret = mbedtls_asn1_get_tag(p, end, &ext->len, 810 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); 811 if (ret != 0) { 812 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 813 } 814 815 ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; 816 ext->p = *p; 817 end = *p + ext->len; 818 819 /* 820 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 821 */ 822 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 823 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 824 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 825 } 826 827 if (end != *p + len) { 828 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 829 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 830 } 831 832 return 0; 833 } 834 835 /* 836 * Store the name in printable form into buf; no more 837 * than size characters will be written 838 */ 839 int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) 840 { 841 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 842 size_t i, j, n; 843 unsigned char c, merge = 0; 844 const mbedtls_x509_name *name; 845 const char *short_name = NULL; 846 char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; 847 848 memset(s, 0, sizeof(s)); 849 850 name = dn; 851 p = buf; 852 n = size; 853 854 while (name != NULL) { 855 if (!name->oid.p) { 856 name = name->next; 857 continue; 858 } 859 860 if (name != dn) { 861 ret = mbedtls_snprintf(p, n, merge ? " + " : ", "); 862 MBEDTLS_X509_SAFE_SNPRINTF; 863 } 864 865 ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name); 866 867 if (ret == 0) { 868 ret = mbedtls_snprintf(p, n, "%s=", short_name); 869 } else { 870 ret = mbedtls_snprintf(p, n, "\?\?="); 871 } 872 MBEDTLS_X509_SAFE_SNPRINTF; 873 874 for (i = 0, j = 0; i < name->val.len; i++, j++) { 875 if (j >= sizeof(s) - 1) { 876 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 877 } 878 879 c = name->val.p[i]; 880 // Special characters requiring escaping, RFC 1779 881 if (c && strchr(",=+<>#;\"\\", c)) { 882 if (j + 1 >= sizeof(s) - 1) { 883 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 884 } 885 s[j++] = '\\'; 886 } 887 if (c < 32 || c >= 127) { 888 s[j] = '?'; 889 } else { 890 s[j] = c; 891 } 892 } 893 s[j] = '\0'; 894 ret = mbedtls_snprintf(p, n, "%s", s); 895 MBEDTLS_X509_SAFE_SNPRINTF; 896 897 merge = name->next_merged; 898 name = name->next; 899 } 900 901 return (int) (size - n); 902 } 903 904 /* 905 * Store the serial in printable form into buf; no more 906 * than size characters will be written 907 */ 908 int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial) 909 { 910 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 911 size_t i, n, nr; 912 char *p; 913 914 p = buf; 915 n = size; 916 917 nr = (serial->len <= 32) 918 ? serial->len : 28; 919 920 for (i = 0; i < nr; i++) { 921 if (i == 0 && nr > 1 && serial->p[i] == 0x0) { 922 continue; 923 } 924 925 ret = mbedtls_snprintf(p, n, "%02X%s", 926 serial->p[i], (i < nr - 1) ? ":" : ""); 927 MBEDTLS_X509_SAFE_SNPRINTF; 928 } 929 930 if (nr != serial->len) { 931 ret = mbedtls_snprintf(p, n, "...."); 932 MBEDTLS_X509_SAFE_SNPRINTF; 933 } 934 935 return (int) (size - n); 936 } 937 938 #if !defined(MBEDTLS_X509_REMOVE_INFO) 939 /* 940 * Helper for writing signature algorithms 941 */ 942 int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, 943 mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, 944 const void *sig_opts) 945 { 946 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 947 char *p = buf; 948 size_t n = size; 949 const char *desc = NULL; 950 951 ret = mbedtls_oid_get_sig_alg_desc(sig_oid, &desc); 952 if (ret != 0) { 953 ret = mbedtls_snprintf(p, n, "???"); 954 } else { 955 ret = mbedtls_snprintf(p, n, "%s", desc); 956 } 957 MBEDTLS_X509_SAFE_SNPRINTF; 958 959 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 960 if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { 961 const mbedtls_pk_rsassa_pss_options *pss_opts; 962 963 pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts; 964 965 const char *name = md_type_to_string(md_alg); 966 const char *mgf_name = md_type_to_string(pss_opts->mgf1_hash_id); 967 968 ret = mbedtls_snprintf(p, n, " (%s, MGF1-%s, 0x%02X)", 969 name ? name : "???", 970 mgf_name ? mgf_name : "???", 971 (unsigned int) pss_opts->expected_salt_len); 972 MBEDTLS_X509_SAFE_SNPRINTF; 973 } 974 #else 975 ((void) pk_alg); 976 ((void) md_alg); 977 ((void) sig_opts); 978 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 979 980 return (int) (size - n); 981 } 982 #endif /* MBEDTLS_X509_REMOVE_INFO */ 983 984 /* 985 * Helper for writing "RSA key size", "EC key size", etc 986 */ 987 int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name) 988 { 989 char *p = buf; 990 size_t n = buf_size; 991 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 992 993 ret = mbedtls_snprintf(p, n, "%s key size", name); 994 MBEDTLS_X509_SAFE_SNPRINTF; 995 996 return 0; 997 } 998 999 #if defined(MBEDTLS_HAVE_TIME_DATE) 1000 /* 1001 * Set the time structure to the current time. 1002 * Return 0 on success, non-zero on failure. 1003 */ 1004 static int x509_get_current_time(mbedtls_x509_time *now) 1005 { 1006 struct tm *lt, tm_buf; 1007 mbedtls_time_t tt; 1008 int ret = 0; 1009 1010 tt = mbedtls_time(NULL); 1011 lt = mbedtls_platform_gmtime_r(&tt, &tm_buf); 1012 1013 if (lt == NULL) { 1014 ret = -1; 1015 } else { 1016 now->year = lt->tm_year + 1900; 1017 now->mon = lt->tm_mon + 1; 1018 now->day = lt->tm_mday; 1019 now->hour = lt->tm_hour; 1020 now->min = lt->tm_min; 1021 now->sec = lt->tm_sec; 1022 } 1023 1024 return ret; 1025 } 1026 1027 /* 1028 * Return 0 if before <= after, 1 otherwise 1029 */ 1030 static int x509_check_time(const mbedtls_x509_time *before, const mbedtls_x509_time *after) 1031 { 1032 if (before->year > after->year) { 1033 return 1; 1034 } 1035 1036 if (before->year == after->year && 1037 before->mon > after->mon) { 1038 return 1; 1039 } 1040 1041 if (before->year == after->year && 1042 before->mon == after->mon && 1043 before->day > after->day) { 1044 return 1; 1045 } 1046 1047 if (before->year == after->year && 1048 before->mon == after->mon && 1049 before->day == after->day && 1050 before->hour > after->hour) { 1051 return 1; 1052 } 1053 1054 if (before->year == after->year && 1055 before->mon == after->mon && 1056 before->day == after->day && 1057 before->hour == after->hour && 1058 before->min > after->min) { 1059 return 1; 1060 } 1061 1062 if (before->year == after->year && 1063 before->mon == after->mon && 1064 before->day == after->day && 1065 before->hour == after->hour && 1066 before->min == after->min && 1067 before->sec > after->sec) { 1068 return 1; 1069 } 1070 1071 return 0; 1072 } 1073 1074 int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) 1075 { 1076 mbedtls_x509_time now; 1077 1078 if (x509_get_current_time(&now) != 0) { 1079 return 1; 1080 } 1081 1082 return x509_check_time(&now, to); 1083 } 1084 1085 int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) 1086 { 1087 mbedtls_x509_time now; 1088 1089 if (x509_get_current_time(&now) != 0) { 1090 return 1; 1091 } 1092 1093 return x509_check_time(from, &now); 1094 } 1095 1096 #else /* MBEDTLS_HAVE_TIME_DATE */ 1097 1098 int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) 1099 { 1100 ((void) to); 1101 return 0; 1102 } 1103 1104 int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) 1105 { 1106 ((void) from); 1107 return 0; 1108 } 1109 #endif /* MBEDTLS_HAVE_TIME_DATE */ 1110 1111 /* Common functions for parsing CRT and CSR. */ 1112 #if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_X509_CSR_PARSE_C) 1113 /* 1114 * OtherName ::= SEQUENCE { 1115 * type-id OBJECT IDENTIFIER, 1116 * value [0] EXPLICIT ANY DEFINED BY type-id } 1117 * 1118 * HardwareModuleName ::= SEQUENCE { 1119 * hwType OBJECT IDENTIFIER, 1120 * hwSerialNum OCTET STRING } 1121 * 1122 * NOTE: we currently only parse and use otherName of type HwModuleName, 1123 * as defined in RFC 4108. 1124 */ 1125 static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, 1126 mbedtls_x509_san_other_name *other_name) 1127 { 1128 int ret = 0; 1129 size_t len; 1130 unsigned char *p = subject_alt_name->p; 1131 const unsigned char *end = p + subject_alt_name->len; 1132 mbedtls_x509_buf cur_oid; 1133 1134 if ((subject_alt_name->tag & 1135 (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != 1136 (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { 1137 /* 1138 * The given subject alternative name is not of type "othername". 1139 */ 1140 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1141 } 1142 1143 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 1144 MBEDTLS_ASN1_OID)) != 0) { 1145 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1146 } 1147 1148 cur_oid.tag = MBEDTLS_ASN1_OID; 1149 cur_oid.p = p; 1150 cur_oid.len = len; 1151 1152 /* 1153 * Only HwModuleName is currently supported. 1154 */ 1155 if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { 1156 return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 1157 } 1158 1159 p += len; 1160 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 1161 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 1162 0) { 1163 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1164 } 1165 1166 if (end != p + len) { 1167 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1168 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1169 } 1170 1171 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 1172 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 1173 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1174 } 1175 1176 if (end != p + len) { 1177 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1178 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1179 } 1180 1181 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { 1182 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1183 } 1184 1185 other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; 1186 other_name->value.hardware_module_name.oid.p = p; 1187 other_name->value.hardware_module_name.oid.len = len; 1188 1189 p += len; 1190 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 1191 MBEDTLS_ASN1_OCTET_STRING)) != 0) { 1192 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1193 } 1194 1195 other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; 1196 other_name->value.hardware_module_name.val.p = p; 1197 other_name->value.hardware_module_name.val.len = len; 1198 p += len; 1199 if (p != end) { 1200 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1201 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1202 } 1203 return 0; 1204 } 1205 1206 /* 1207 * SubjectAltName ::= GeneralNames 1208 * 1209 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 1210 * 1211 * GeneralName ::= CHOICE { 1212 * otherName [0] OtherName, 1213 * rfc822Name [1] IA5String, 1214 * dNSName [2] IA5String, 1215 * x400Address [3] ORAddress, 1216 * directoryName [4] Name, 1217 * ediPartyName [5] EDIPartyName, 1218 * uniformResourceIdentifier [6] IA5String, 1219 * iPAddress [7] OCTET STRING, 1220 * registeredID [8] OBJECT IDENTIFIER } 1221 * 1222 * OtherName ::= SEQUENCE { 1223 * type-id OBJECT IDENTIFIER, 1224 * value [0] EXPLICIT ANY DEFINED BY type-id } 1225 * 1226 * EDIPartyName ::= SEQUENCE { 1227 * nameAssigner [0] DirectoryString OPTIONAL, 1228 * partyName [1] DirectoryString } 1229 * 1230 * We list all types, but use the following GeneralName types from RFC 5280: 1231 * "dnsName", "uniformResourceIdentifier" and "hardware_module_name" 1232 * of type "otherName", as defined in RFC 4108. 1233 */ 1234 int mbedtls_x509_get_subject_alt_name(unsigned char **p, 1235 const unsigned char *end, 1236 mbedtls_x509_sequence *subject_alt_name) 1237 { 1238 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1239 size_t len, tag_len; 1240 mbedtls_asn1_sequence *cur = subject_alt_name; 1241 1242 /* Get main sequence tag */ 1243 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 1244 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 1245 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1246 } 1247 1248 if (*p + len != end) { 1249 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1250 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1251 } 1252 1253 while (*p < end) { 1254 mbedtls_x509_subject_alternative_name dummy_san_buf; 1255 mbedtls_x509_buf tmp_san_buf; 1256 memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); 1257 1258 tmp_san_buf.tag = **p; 1259 (*p)++; 1260 1261 if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) { 1262 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1263 } 1264 1265 tmp_san_buf.p = *p; 1266 tmp_san_buf.len = tag_len; 1267 1268 if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != 1269 MBEDTLS_ASN1_CONTEXT_SPECIFIC) { 1270 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1271 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 1272 } 1273 1274 /* 1275 * Check that the SAN is structured correctly. 1276 */ 1277 ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf); 1278 /* 1279 * In case the extension is malformed, return an error, 1280 * and clear the allocated sequences. 1281 */ 1282 if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { 1283 mbedtls_asn1_sequence_free(subject_alt_name->next); 1284 subject_alt_name->next = NULL; 1285 return ret; 1286 } 1287 1288 /* Allocate and assign next pointer */ 1289 if (cur->buf.p != NULL) { 1290 if (cur->next != NULL) { 1291 return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; 1292 } 1293 1294 cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); 1295 1296 if (cur->next == NULL) { 1297 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1298 MBEDTLS_ERR_ASN1_ALLOC_FAILED); 1299 } 1300 1301 cur = cur->next; 1302 } 1303 1304 cur->buf = tmp_san_buf; 1305 *p += tmp_san_buf.len; 1306 } 1307 1308 /* Set final sequence entry's next pointer to NULL */ 1309 cur->next = NULL; 1310 1311 if (*p != end) { 1312 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1313 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1314 } 1315 1316 return 0; 1317 } 1318 1319 int mbedtls_x509_get_ns_cert_type(unsigned char **p, 1320 const unsigned char *end, 1321 unsigned char *ns_cert_type) 1322 { 1323 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1324 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 1325 1326 if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { 1327 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1328 } 1329 1330 /* A bitstring with no flags set is still technically valid, as it will mean 1331 that the certificate has no designated purpose at the time of creation. */ 1332 if (bs.len == 0) { 1333 *ns_cert_type = 0; 1334 return 0; 1335 } 1336 1337 if (bs.len != 1) { 1338 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1339 MBEDTLS_ERR_ASN1_INVALID_LENGTH); 1340 } 1341 1342 /* Get actual bitstring */ 1343 *ns_cert_type = *bs.p; 1344 return 0; 1345 } 1346 1347 int mbedtls_x509_get_key_usage(unsigned char **p, 1348 const unsigned char *end, 1349 unsigned int *key_usage) 1350 { 1351 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1352 size_t i; 1353 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 1354 1355 if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { 1356 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 1357 } 1358 1359 /* A bitstring with no flags set is still technically valid, as it will mean 1360 that the certificate has no designated purpose at the time of creation. */ 1361 if (bs.len == 0) { 1362 *key_usage = 0; 1363 return 0; 1364 } 1365 1366 /* Get actual bitstring */ 1367 *key_usage = 0; 1368 for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) { 1369 *key_usage |= (unsigned int) bs.p[i] << (8*i); 1370 } 1371 1372 return 0; 1373 } 1374 1375 int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, 1376 mbedtls_x509_subject_alternative_name *san) 1377 { 1378 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1379 switch (san_buf->tag & 1380 (MBEDTLS_ASN1_TAG_CLASS_MASK | 1381 MBEDTLS_ASN1_TAG_VALUE_MASK)) { 1382 /* 1383 * otherName 1384 */ 1385 case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): 1386 { 1387 mbedtls_x509_san_other_name other_name; 1388 1389 ret = x509_get_other_name(san_buf, &other_name); 1390 if (ret != 0) { 1391 return ret; 1392 } 1393 1394 memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1395 san->type = MBEDTLS_X509_SAN_OTHER_NAME; 1396 memcpy(&san->san.other_name, 1397 &other_name, sizeof(other_name)); 1398 1399 } 1400 break; 1401 /* 1402 * uniformResourceIdentifier 1403 */ 1404 case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER): 1405 { 1406 memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1407 san->type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; 1408 1409 memcpy(&san->san.unstructured_name, 1410 san_buf, sizeof(*san_buf)); 1411 1412 } 1413 break; 1414 /* 1415 * dNSName 1416 */ 1417 case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): 1418 { 1419 memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1420 san->type = MBEDTLS_X509_SAN_DNS_NAME; 1421 1422 memcpy(&san->san.unstructured_name, 1423 san_buf, sizeof(*san_buf)); 1424 } 1425 break; 1426 1427 /* 1428 * RFC822 Name 1429 */ 1430 case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME): 1431 { 1432 memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1433 san->type = MBEDTLS_X509_SAN_RFC822_NAME; 1434 memcpy(&san->san.unstructured_name, san_buf, sizeof(*san_buf)); 1435 } 1436 break; 1437 1438 /* 1439 * Type not supported 1440 */ 1441 default: 1442 return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 1443 } 1444 return 0; 1445 } 1446 1447 #if !defined(MBEDTLS_X509_REMOVE_INFO) 1448 int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, 1449 const mbedtls_x509_sequence 1450 *subject_alt_name, 1451 const char *prefix) 1452 { 1453 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1454 size_t i; 1455 size_t n = *size; 1456 char *p = *buf; 1457 const mbedtls_x509_sequence *cur = subject_alt_name; 1458 mbedtls_x509_subject_alternative_name san; 1459 int parse_ret; 1460 1461 while (cur != NULL) { 1462 memset(&san, 0, sizeof(san)); 1463 parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); 1464 if (parse_ret != 0) { 1465 if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { 1466 ret = mbedtls_snprintf(p, n, "\n%s <unsupported>", prefix); 1467 MBEDTLS_X509_SAFE_SNPRINTF; 1468 } else { 1469 ret = mbedtls_snprintf(p, n, "\n%s <malformed>", prefix); 1470 MBEDTLS_X509_SAFE_SNPRINTF; 1471 } 1472 cur = cur->next; 1473 continue; 1474 } 1475 1476 switch (san.type) { 1477 /* 1478 * otherName 1479 */ 1480 case MBEDTLS_X509_SAN_OTHER_NAME: 1481 { 1482 mbedtls_x509_san_other_name *other_name = &san.san.other_name; 1483 1484 ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix); 1485 MBEDTLS_X509_SAFE_SNPRINTF; 1486 1487 if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, 1488 &other_name->value.hardware_module_name.oid) != 0) { 1489 ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); 1490 MBEDTLS_X509_SAFE_SNPRINTF; 1491 ret = 1492 mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix); 1493 MBEDTLS_X509_SAFE_SNPRINTF; 1494 1495 ret = mbedtls_oid_get_numeric_string(p, 1496 n, 1497 &other_name->value.hardware_module_name.oid); 1498 MBEDTLS_X509_SAFE_SNPRINTF; 1499 1500 ret = 1501 mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix); 1502 MBEDTLS_X509_SAFE_SNPRINTF; 1503 1504 for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) { 1505 ret = mbedtls_snprintf(p, 1506 n, 1507 "%02X", 1508 other_name->value.hardware_module_name.val.p[i]); 1509 MBEDTLS_X509_SAFE_SNPRINTF; 1510 } 1511 }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ 1512 } 1513 break; 1514 /* 1515 * uniformResourceIdentifier 1516 */ 1517 case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: 1518 { 1519 ret = mbedtls_snprintf(p, n, "\n%s uniformResourceIdentifier : ", prefix); 1520 MBEDTLS_X509_SAFE_SNPRINTF; 1521 if (san.san.unstructured_name.len >= n) { 1522 *p = '\0'; 1523 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 1524 } 1525 1526 memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); 1527 p += san.san.unstructured_name.len; 1528 n -= san.san.unstructured_name.len; 1529 } 1530 break; 1531 /* 1532 * dNSName 1533 * RFC822 Name 1534 */ 1535 case MBEDTLS_X509_SAN_DNS_NAME: 1536 case MBEDTLS_X509_SAN_RFC822_NAME: 1537 { 1538 const char *dns_name = "dNSName"; 1539 const char *rfc822_name = "rfc822Name"; 1540 1541 ret = mbedtls_snprintf(p, n, 1542 "\n%s %s : ", 1543 prefix, 1544 san.type == 1545 MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); 1546 MBEDTLS_X509_SAFE_SNPRINTF; 1547 if (san.san.unstructured_name.len >= n) { 1548 *p = '\0'; 1549 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 1550 } 1551 1552 memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); 1553 p += san.san.unstructured_name.len; 1554 n -= san.san.unstructured_name.len; 1555 } 1556 break; 1557 1558 /* 1559 * Type not supported, skip item. 1560 */ 1561 default: 1562 ret = mbedtls_snprintf(p, n, "\n%s <unsupported>", prefix); 1563 MBEDTLS_X509_SAFE_SNPRINTF; 1564 break; 1565 } 1566 1567 cur = cur->next; 1568 } 1569 1570 *p = '\0'; 1571 1572 *size = n; 1573 *buf = p; 1574 1575 return 0; 1576 } 1577 1578 #define PRINT_ITEM(i) \ 1579 { \ 1580 ret = mbedtls_snprintf(p, n, "%s" i, sep); \ 1581 MBEDTLS_X509_SAFE_SNPRINTF; \ 1582 sep = ", "; \ 1583 } 1584 1585 #define CERT_TYPE(type, name) \ 1586 if (ns_cert_type & (type)) \ 1587 PRINT_ITEM(name); 1588 1589 int mbedtls_x509_info_cert_type(char **buf, size_t *size, 1590 unsigned char ns_cert_type) 1591 { 1592 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1593 size_t n = *size; 1594 char *p = *buf; 1595 const char *sep = ""; 1596 1597 CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client"); 1598 CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server"); 1599 CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email"); 1600 CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing"); 1601 CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved"); 1602 CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA"); 1603 CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA"); 1604 CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA"); 1605 1606 *size = n; 1607 *buf = p; 1608 1609 return 0; 1610 } 1611 1612 #define KEY_USAGE(code, name) \ 1613 if (key_usage & (code)) \ 1614 PRINT_ITEM(name); 1615 1616 int mbedtls_x509_info_key_usage(char **buf, size_t *size, 1617 unsigned int key_usage) 1618 { 1619 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1620 size_t n = *size; 1621 char *p = *buf; 1622 const char *sep = ""; 1623 1624 KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature"); 1625 KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation"); 1626 KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment"); 1627 KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment"); 1628 KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement"); 1629 KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign"); 1630 KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign"); 1631 KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only"); 1632 KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only"); 1633 1634 *size = n; 1635 *buf = p; 1636 1637 return 0; 1638 } 1639 #endif /* MBEDTLS_X509_REMOVE_INFO */ 1640 #endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_X509_CSR_PARSE_C */ 1641 #endif /* MBEDTLS_X509_USE_C */ 1642