1 /* 2 * X.509 certificate parsing and verification 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 * not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 */ 19 /* 20 * The ITU-T X.509 standard defines a certificate format for PKI. 21 * 22 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) 23 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) 24 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) 25 * 26 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 27 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 28 * 29 * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf 30 */ 31 32 #include "common.h" 33 34 #if defined(MBEDTLS_X509_CRT_PARSE_C) 35 36 #include "mbedtls/x509_crt.h" 37 #include "mbedtls/error.h" 38 #include "mbedtls/oid.h" 39 #include "mbedtls/platform_util.h" 40 41 #include <string.h> 42 43 #if defined(MBEDTLS_PEM_PARSE_C) 44 #include "mbedtls/pem.h" 45 #endif 46 47 #if defined(MBEDTLS_USE_PSA_CRYPTO) 48 #include "psa/crypto.h" 49 #include "mbedtls/psa_util.h" 50 #endif 51 52 #if defined(MBEDTLS_PLATFORM_C) 53 #include "mbedtls/platform.h" 54 #else 55 #include <stdio.h> 56 #include <stdlib.h> 57 #define mbedtls_free free 58 #define mbedtls_calloc calloc 59 #define mbedtls_snprintf snprintf 60 #endif 61 62 #if defined(MBEDTLS_THREADING_C) 63 #include "mbedtls/threading.h" 64 #endif 65 66 #if defined(MBEDTLS_HAVE_TIME) 67 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 68 #include <windows.h> 69 #else 70 #include <time.h> 71 #endif 72 #endif 73 74 #if defined(MBEDTLS_FS_IO) 75 #include <stdio.h> 76 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) 77 #include <sys/types.h> 78 #include <sys/stat.h> 79 #include <dirent.h> 80 #endif /* !_WIN32 || EFIX64 || EFI32 */ 81 #endif 82 83 /* 84 * Item in a verification chain: cert and flags for it 85 */ 86 typedef struct { 87 mbedtls_x509_crt *crt; 88 uint32_t flags; 89 } x509_crt_verify_chain_item; 90 91 /* 92 * Max size of verification chain: end-entity + intermediates + trusted root 93 */ 94 #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) 95 96 /* Default profile. Do not remove items unless there are serious security 97 * concerns. */ 98 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = 99 { 100 /* Only SHA-2 hashes */ 101 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | 102 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 103 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 104 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 105 0xFFFFFFF, /* Any PK alg */ 106 0xFFFFFFF, /* Any curve */ 107 2048, 108 }; 109 110 /* 111 * Next-default profile 112 */ 113 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = 114 { 115 /* Hashes from SHA-256 and above */ 116 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 117 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 118 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 119 0xFFFFFFF, /* Any PK alg */ 120 #if defined(MBEDTLS_ECP_C) 121 /* Curves at or above 128-bit security level */ 122 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | 123 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) | 124 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) | 125 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) | 126 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) | 127 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) | 128 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ), 129 #else 130 0, 131 #endif 132 2048, 133 }; 134 135 /* 136 * NSA Suite B Profile 137 */ 138 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = 139 { 140 /* Only SHA-256 and 384 */ 141 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 142 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), 143 /* Only ECDSA */ 144 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | 145 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), 146 #if defined(MBEDTLS_ECP_C) 147 /* Only NIST P-256 and P-384 */ 148 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | 149 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ), 150 #else 151 0, 152 #endif 153 0, 154 }; 155 156 /* 157 * Check md_alg against profile 158 * Return 0 if md_alg is acceptable for this profile, -1 otherwise 159 */ 160 static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, 161 mbedtls_md_type_t md_alg ) 162 { 163 if( md_alg == MBEDTLS_MD_NONE ) 164 return( -1 ); 165 166 if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) 167 return( 0 ); 168 169 return( -1 ); 170 } 171 172 /* 173 * Check pk_alg against profile 174 * Return 0 if pk_alg is acceptable for this profile, -1 otherwise 175 */ 176 static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, 177 mbedtls_pk_type_t pk_alg ) 178 { 179 if( pk_alg == MBEDTLS_PK_NONE ) 180 return( -1 ); 181 182 if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) 183 return( 0 ); 184 185 return( -1 ); 186 } 187 188 /* 189 * Check key against profile 190 * Return 0 if pk is acceptable for this profile, -1 otherwise 191 */ 192 static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, 193 const mbedtls_pk_context *pk ) 194 { 195 const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk ); 196 197 #if defined(MBEDTLS_RSA_C) 198 if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) 199 { 200 if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) 201 return( 0 ); 202 203 return( -1 ); 204 } 205 #endif 206 207 #if defined(MBEDTLS_ECP_C) 208 if( pk_alg == MBEDTLS_PK_ECDSA || 209 pk_alg == MBEDTLS_PK_ECKEY || 210 pk_alg == MBEDTLS_PK_ECKEY_DH ) 211 { 212 const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; 213 214 if( gid == MBEDTLS_ECP_DP_NONE ) 215 return( -1 ); 216 217 if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) 218 return( 0 ); 219 220 return( -1 ); 221 } 222 #endif 223 224 return( -1 ); 225 } 226 227 /* 228 * Like memcmp, but case-insensitive and always returns -1 if different 229 */ 230 static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) 231 { 232 size_t i; 233 unsigned char diff; 234 const unsigned char *n1 = s1, *n2 = s2; 235 236 for( i = 0; i < len; i++ ) 237 { 238 diff = n1[i] ^ n2[i]; 239 240 if( diff == 0 ) 241 continue; 242 243 if( diff == 32 && 244 ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || 245 ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) 246 { 247 continue; 248 } 249 250 return( -1 ); 251 } 252 253 return( 0 ); 254 } 255 256 /* 257 * Return 0 if name matches wildcard, -1 otherwise 258 */ 259 static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) 260 { 261 size_t i; 262 size_t cn_idx = 0, cn_len = strlen( cn ); 263 264 /* We can't have a match if there is no wildcard to match */ 265 if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) 266 return( -1 ); 267 268 for( i = 0; i < cn_len; ++i ) 269 { 270 if( cn[i] == '.' ) 271 { 272 cn_idx = i; 273 break; 274 } 275 } 276 277 if( cn_idx == 0 ) 278 return( -1 ); 279 280 if( cn_len - cn_idx == name->len - 1 && 281 x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) 282 { 283 return( 0 ); 284 } 285 286 return( -1 ); 287 } 288 289 /* 290 * Compare two X.509 strings, case-insensitive, and allowing for some encoding 291 * variations (but not all). 292 * 293 * Return 0 if equal, -1 otherwise. 294 */ 295 static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) 296 { 297 if( a->tag == b->tag && 298 a->len == b->len && 299 memcmp( a->p, b->p, b->len ) == 0 ) 300 { 301 return( 0 ); 302 } 303 304 if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && 305 ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && 306 a->len == b->len && 307 x509_memcasecmp( a->p, b->p, b->len ) == 0 ) 308 { 309 return( 0 ); 310 } 311 312 return( -1 ); 313 } 314 315 /* 316 * Compare two X.509 Names (aka rdnSequence). 317 * 318 * See RFC 5280 section 7.1, though we don't implement the whole algorithm: 319 * we sometimes return unequal when the full algorithm would return equal, 320 * but never the other way. (In particular, we don't do Unicode normalisation 321 * or space folding.) 322 * 323 * Return 0 if equal, -1 otherwise. 324 */ 325 static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) 326 { 327 /* Avoid recursion, it might not be optimised by the compiler */ 328 while( a != NULL || b != NULL ) 329 { 330 if( a == NULL || b == NULL ) 331 return( -1 ); 332 333 /* type */ 334 if( a->oid.tag != b->oid.tag || 335 a->oid.len != b->oid.len || 336 memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) 337 { 338 return( -1 ); 339 } 340 341 /* value */ 342 if( x509_string_cmp( &a->val, &b->val ) != 0 ) 343 return( -1 ); 344 345 /* structure of the list of sets */ 346 if( a->next_merged != b->next_merged ) 347 return( -1 ); 348 349 a = a->next; 350 b = b->next; 351 } 352 353 /* a == NULL == b */ 354 return( 0 ); 355 } 356 357 /* 358 * Reset (init or clear) a verify_chain 359 */ 360 static void x509_crt_verify_chain_reset( 361 mbedtls_x509_crt_verify_chain *ver_chain ) 362 { 363 size_t i; 364 365 for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) 366 { 367 ver_chain->items[i].crt = NULL; 368 ver_chain->items[i].flags = (uint32_t) -1; 369 } 370 371 ver_chain->len = 0; 372 373 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 374 ver_chain->trust_ca_cb_result = NULL; 375 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 376 } 377 378 /* 379 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 380 */ 381 static int x509_get_version( unsigned char **p, 382 const unsigned char *end, 383 int *ver ) 384 { 385 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 386 size_t len; 387 388 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 389 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 ) 390 { 391 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 392 { 393 *ver = 0; 394 return( 0 ); 395 } 396 397 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); 398 } 399 400 end = *p + len; 401 402 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) 403 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) ); 404 405 if( *p != end ) 406 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, 407 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 408 409 return( 0 ); 410 } 411 412 /* 413 * Validity ::= SEQUENCE { 414 * notBefore Time, 415 * notAfter Time } 416 */ 417 static int x509_get_dates( unsigned char **p, 418 const unsigned char *end, 419 mbedtls_x509_time *from, 420 mbedtls_x509_time *to ) 421 { 422 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 423 size_t len; 424 425 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 426 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 427 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) ); 428 429 end = *p + len; 430 431 if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 ) 432 return( ret ); 433 434 if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 ) 435 return( ret ); 436 437 if( *p != end ) 438 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, 439 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 440 441 return( 0 ); 442 } 443 444 /* 445 * X.509 v2/v3 unique identifier (not parsed) 446 */ 447 static int x509_get_uid( unsigned char **p, 448 const unsigned char *end, 449 mbedtls_x509_buf *uid, int n ) 450 { 451 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 452 453 if( *p == end ) 454 return( 0 ); 455 456 uid->tag = **p; 457 458 if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len, 459 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 ) 460 { 461 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 462 return( 0 ); 463 464 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); 465 } 466 467 uid->p = *p; 468 *p += uid->len; 469 470 return( 0 ); 471 } 472 473 static int x509_get_basic_constraints( unsigned char **p, 474 const unsigned char *end, 475 int *ca_istrue, 476 int *max_pathlen ) 477 { 478 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 479 size_t len; 480 481 /* 482 * BasicConstraints ::= SEQUENCE { 483 * cA BOOLEAN DEFAULT FALSE, 484 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 485 */ 486 *ca_istrue = 0; /* DEFAULT FALSE */ 487 *max_pathlen = 0; /* endless */ 488 489 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 490 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 491 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 492 493 if( *p == end ) 494 return( 0 ); 495 496 if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 ) 497 { 498 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 499 ret = mbedtls_asn1_get_int( p, end, ca_istrue ); 500 501 if( ret != 0 ) 502 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 503 504 if( *ca_istrue != 0 ) 505 *ca_istrue = 1; 506 } 507 508 if( *p == end ) 509 return( 0 ); 510 511 if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) 512 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 513 514 if( *p != end ) 515 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 516 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 517 518 /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer 519 * overflow, which is an undefined behavior. */ 520 if( *max_pathlen == INT_MAX ) 521 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 522 MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); 523 524 (*max_pathlen)++; 525 526 return( 0 ); 527 } 528 529 static int x509_get_ns_cert_type( unsigned char **p, 530 const unsigned char *end, 531 unsigned char *ns_cert_type) 532 { 533 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 534 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 535 536 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) 537 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 538 539 if( bs.len != 1 ) 540 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 541 MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); 542 543 /* Get actual bitstring */ 544 *ns_cert_type = *bs.p; 545 return( 0 ); 546 } 547 548 static int x509_get_key_usage( unsigned char **p, 549 const unsigned char *end, 550 unsigned int *key_usage) 551 { 552 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 553 size_t i; 554 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 555 556 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) 557 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 558 559 if( bs.len < 1 ) 560 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 561 MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); 562 563 /* Get actual bitstring */ 564 *key_usage = 0; 565 for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) 566 { 567 *key_usage |= (unsigned int) bs.p[i] << (8*i); 568 } 569 570 return( 0 ); 571 } 572 573 /* 574 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 575 * 576 * KeyPurposeId ::= OBJECT IDENTIFIER 577 */ 578 static int x509_get_ext_key_usage( unsigned char **p, 579 const unsigned char *end, 580 mbedtls_x509_sequence *ext_key_usage) 581 { 582 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 583 584 if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) 585 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 586 587 /* Sequence length must be >= 1 */ 588 if( ext_key_usage->buf.p == NULL ) 589 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 590 MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); 591 592 return( 0 ); 593 } 594 595 /* 596 * SubjectAltName ::= GeneralNames 597 * 598 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 599 * 600 * GeneralName ::= CHOICE { 601 * otherName [0] OtherName, 602 * rfc822Name [1] IA5String, 603 * dNSName [2] IA5String, 604 * x400Address [3] ORAddress, 605 * directoryName [4] Name, 606 * ediPartyName [5] EDIPartyName, 607 * uniformResourceIdentifier [6] IA5String, 608 * iPAddress [7] OCTET STRING, 609 * registeredID [8] OBJECT IDENTIFIER } 610 * 611 * OtherName ::= SEQUENCE { 612 * type-id OBJECT IDENTIFIER, 613 * value [0] EXPLICIT ANY DEFINED BY type-id } 614 * 615 * EDIPartyName ::= SEQUENCE { 616 * nameAssigner [0] DirectoryString OPTIONAL, 617 * partyName [1] DirectoryString } 618 * 619 * NOTE: we list all types, but only use dNSName and otherName 620 * of type HwModuleName, as defined in RFC 4108, at this point. 621 */ 622 static int x509_get_subject_alt_name( unsigned char **p, 623 const unsigned char *end, 624 mbedtls_x509_sequence *subject_alt_name ) 625 { 626 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 627 size_t len, tag_len; 628 mbedtls_asn1_buf *buf; 629 unsigned char tag; 630 mbedtls_asn1_sequence *cur = subject_alt_name; 631 632 /* Get main sequence tag */ 633 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 634 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 635 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 636 637 if( *p + len != end ) 638 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 639 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 640 641 while( *p < end ) 642 { 643 mbedtls_x509_subject_alternative_name dummy_san_buf; 644 memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) ); 645 646 tag = **p; 647 (*p)++; 648 if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) 649 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 650 651 if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != 652 MBEDTLS_ASN1_CONTEXT_SPECIFIC ) 653 { 654 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 655 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); 656 } 657 658 /* 659 * Check that the SAN is structured correctly. 660 */ 661 ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf ); 662 /* 663 * In case the extension is malformed, return an error, 664 * and clear the allocated sequences. 665 */ 666 if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) 667 { 668 mbedtls_x509_sequence *seq_cur = subject_alt_name->next; 669 mbedtls_x509_sequence *seq_prv; 670 while( seq_cur != NULL ) 671 { 672 seq_prv = seq_cur; 673 seq_cur = seq_cur->next; 674 mbedtls_platform_zeroize( seq_prv, 675 sizeof( mbedtls_x509_sequence ) ); 676 mbedtls_free( seq_prv ); 677 } 678 subject_alt_name->next = NULL; 679 return( ret ); 680 } 681 682 /* Allocate and assign next pointer */ 683 if( cur->buf.p != NULL ) 684 { 685 if( cur->next != NULL ) 686 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 687 688 cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); 689 690 if( cur->next == NULL ) 691 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 692 MBEDTLS_ERR_ASN1_ALLOC_FAILED ) ); 693 694 cur = cur->next; 695 } 696 697 buf = &(cur->buf); 698 buf->tag = tag; 699 buf->p = *p; 700 buf->len = tag_len; 701 *p += buf->len; 702 } 703 704 /* Set final sequence entry's next pointer to NULL */ 705 cur->next = NULL; 706 707 if( *p != end ) 708 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 709 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 710 711 return( 0 ); 712 } 713 714 /* 715 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 716 * 717 * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } 718 * 719 * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 720 * 721 * PolicyInformation ::= SEQUENCE { 722 * policyIdentifier CertPolicyId, 723 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 724 * PolicyQualifierInfo OPTIONAL } 725 * 726 * CertPolicyId ::= OBJECT IDENTIFIER 727 * 728 * PolicyQualifierInfo ::= SEQUENCE { 729 * policyQualifierId PolicyQualifierId, 730 * qualifier ANY DEFINED BY policyQualifierId } 731 * 732 * -- policyQualifierIds for Internet policy qualifiers 733 * 734 * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 735 * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } 736 * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } 737 * 738 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 739 * 740 * Qualifier ::= CHOICE { 741 * cPSuri CPSuri, 742 * userNotice UserNotice } 743 * 744 * CPSuri ::= IA5String 745 * 746 * UserNotice ::= SEQUENCE { 747 * noticeRef NoticeReference OPTIONAL, 748 * explicitText DisplayText OPTIONAL } 749 * 750 * NoticeReference ::= SEQUENCE { 751 * organization DisplayText, 752 * noticeNumbers SEQUENCE OF INTEGER } 753 * 754 * DisplayText ::= CHOICE { 755 * ia5String IA5String (SIZE (1..200)), 756 * visibleString VisibleString (SIZE (1..200)), 757 * bmpString BMPString (SIZE (1..200)), 758 * utf8String UTF8String (SIZE (1..200)) } 759 * 760 * NOTE: we only parse and use anyPolicy without qualifiers at this point 761 * as defined in RFC 5280. 762 */ 763 static int x509_get_certificate_policies( unsigned char **p, 764 const unsigned char *end, 765 mbedtls_x509_sequence *certificate_policies ) 766 { 767 int ret, parse_ret = 0; 768 size_t len; 769 mbedtls_asn1_buf *buf; 770 mbedtls_asn1_sequence *cur = certificate_policies; 771 772 /* Get main sequence tag */ 773 ret = mbedtls_asn1_get_tag( p, end, &len, 774 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); 775 if( ret != 0 ) 776 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 777 778 if( *p + len != end ) 779 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 780 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 781 782 /* 783 * Cannot be an empty sequence. 784 */ 785 if( len == 0 ) 786 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 787 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 788 789 while( *p < end ) 790 { 791 mbedtls_x509_buf policy_oid; 792 const unsigned char *policy_end; 793 794 /* 795 * Get the policy sequence 796 */ 797 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 798 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 799 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 800 801 policy_end = *p + len; 802 803 if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, 804 MBEDTLS_ASN1_OID ) ) != 0 ) 805 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 806 807 policy_oid.tag = MBEDTLS_ASN1_OID; 808 policy_oid.len = len; 809 policy_oid.p = *p; 810 811 /* 812 * Only AnyPolicy is currently supported when enforcing policy. 813 */ 814 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_POLICY, &policy_oid ) != 0 ) 815 { 816 /* 817 * Set the parsing return code but continue parsing, in case this 818 * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 819 * is configured. 820 */ 821 parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 822 } 823 824 /* Allocate and assign next pointer */ 825 if( cur->buf.p != NULL ) 826 { 827 if( cur->next != NULL ) 828 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 829 830 cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); 831 832 if( cur->next == NULL ) 833 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 834 MBEDTLS_ERR_ASN1_ALLOC_FAILED ) ); 835 836 cur = cur->next; 837 } 838 839 buf = &( cur->buf ); 840 buf->tag = policy_oid.tag; 841 buf->p = policy_oid.p; 842 buf->len = policy_oid.len; 843 844 *p += len; 845 846 /* 847 * If there is an optional qualifier, then *p < policy_end 848 * Check the Qualifier len to verify it doesn't exceed policy_end. 849 */ 850 if( *p < policy_end ) 851 { 852 if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, 853 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 854 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 855 /* 856 * Skip the optional policy qualifiers. 857 */ 858 *p += len; 859 } 860 861 if( *p != policy_end ) 862 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 863 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 864 } 865 866 /* Set final sequence entry's next pointer to NULL */ 867 cur->next = NULL; 868 869 if( *p != end ) 870 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 871 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 872 873 return( parse_ret ); 874 } 875 876 /* 877 * X.509 v3 extensions 878 * 879 */ 880 static int x509_get_crt_ext( unsigned char **p, 881 const unsigned char *end, 882 mbedtls_x509_crt *crt, 883 mbedtls_x509_crt_ext_cb_t cb, 884 void *p_ctx ) 885 { 886 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 887 size_t len; 888 unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; 889 890 if( *p == end ) 891 return( 0 ); 892 893 if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 ) 894 return( ret ); 895 896 end = crt->v3_ext.p + crt->v3_ext.len; 897 while( *p < end ) 898 { 899 /* 900 * Extension ::= SEQUENCE { 901 * extnID OBJECT IDENTIFIER, 902 * critical BOOLEAN DEFAULT FALSE, 903 * extnValue OCTET STRING } 904 */ 905 mbedtls_x509_buf extn_oid = {0, 0, NULL}; 906 int is_critical = 0; /* DEFAULT FALSE */ 907 int ext_type = 0; 908 909 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 910 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 911 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 912 913 end_ext_data = *p + len; 914 915 /* Get extension ID */ 916 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, 917 MBEDTLS_ASN1_OID ) ) != 0 ) 918 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 919 920 extn_oid.tag = MBEDTLS_ASN1_OID; 921 extn_oid.p = *p; 922 *p += extn_oid.len; 923 924 /* Get optional critical */ 925 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && 926 ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) 927 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 928 929 /* Data should be octet string type */ 930 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, 931 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 932 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 933 934 start_ext_octet = *p; 935 end_ext_octet = *p + len; 936 937 if( end_ext_octet != end_ext_data ) 938 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 939 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 940 941 /* 942 * Detect supported extensions 943 */ 944 ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type ); 945 946 if( ret != 0 ) 947 { 948 /* Give the callback (if any) a chance to handle the extension */ 949 if( cb != NULL ) 950 { 951 ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet ); 952 if( ret != 0 && is_critical ) 953 return( ret ); 954 *p = end_ext_octet; 955 continue; 956 } 957 958 /* No parser found, skip extension */ 959 *p = end_ext_octet; 960 961 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) 962 if( is_critical ) 963 { 964 /* Data is marked as critical: fail */ 965 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 966 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); 967 } 968 #endif 969 continue; 970 } 971 972 /* Forbid repeated extensions */ 973 if( ( crt->ext_types & ext_type ) != 0 ) 974 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 975 976 crt->ext_types |= ext_type; 977 978 switch( ext_type ) 979 { 980 case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: 981 /* Parse basic constraints */ 982 if( ( ret = x509_get_basic_constraints( p, end_ext_octet, 983 &crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) 984 return( ret ); 985 break; 986 987 case MBEDTLS_X509_EXT_KEY_USAGE: 988 /* Parse key usage */ 989 if( ( ret = x509_get_key_usage( p, end_ext_octet, 990 &crt->key_usage ) ) != 0 ) 991 return( ret ); 992 break; 993 994 case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: 995 /* Parse extended key usage */ 996 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet, 997 &crt->ext_key_usage ) ) != 0 ) 998 return( ret ); 999 break; 1000 1001 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: 1002 /* Parse subject alt name */ 1003 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, 1004 &crt->subject_alt_names ) ) != 0 ) 1005 return( ret ); 1006 break; 1007 1008 case MBEDTLS_X509_EXT_NS_CERT_TYPE: 1009 /* Parse netscape certificate type */ 1010 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet, 1011 &crt->ns_cert_type ) ) != 0 ) 1012 return( ret ); 1013 break; 1014 1015 case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: 1016 /* Parse certificate policies type */ 1017 if( ( ret = x509_get_certificate_policies( p, end_ext_octet, 1018 &crt->certificate_policies ) ) != 0 ) 1019 { 1020 /* Give the callback (if any) a chance to handle the extension 1021 * if it contains unsupported policies */ 1022 if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && 1023 cb( p_ctx, crt, &extn_oid, is_critical, 1024 start_ext_octet, end_ext_octet ) == 0 ) 1025 break; 1026 1027 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) 1028 if( is_critical ) 1029 return( ret ); 1030 else 1031 #endif 1032 /* 1033 * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we 1034 * cannot interpret or enforce the policy. However, it is up to 1035 * the user to choose how to enforce the policies, 1036 * unless the extension is critical. 1037 */ 1038 if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) 1039 return( ret ); 1040 } 1041 break; 1042 1043 default: 1044 /* 1045 * If this is a non-critical extension, which the oid layer 1046 * supports, but there isn't an x509 parser for it, 1047 * skip the extension. 1048 */ 1049 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) 1050 if( is_critical ) 1051 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 1052 else 1053 #endif 1054 *p = end_ext_octet; 1055 } 1056 } 1057 1058 if( *p != end ) 1059 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1060 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 1061 1062 return( 0 ); 1063 } 1064 1065 /* 1066 * Parse and fill a single X.509 certificate in DER format 1067 */ 1068 static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, 1069 const unsigned char *buf, 1070 size_t buflen, 1071 int make_copy, 1072 mbedtls_x509_crt_ext_cb_t cb, 1073 void *p_ctx ) 1074 { 1075 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1076 size_t len; 1077 unsigned char *p, *end, *crt_end; 1078 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 1079 1080 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); 1081 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); 1082 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); 1083 1084 /* 1085 * Check for valid input 1086 */ 1087 if( crt == NULL || buf == NULL ) 1088 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1089 1090 /* Use the original buffer until we figure out actual length. */ 1091 p = (unsigned char*) buf; 1092 len = buflen; 1093 end = p + len; 1094 1095 /* 1096 * Certificate ::= SEQUENCE { 1097 * tbsCertificate TBSCertificate, 1098 * signatureAlgorithm AlgorithmIdentifier, 1099 * signatureValue BIT STRING } 1100 */ 1101 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1102 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 1103 { 1104 mbedtls_x509_crt_free( crt ); 1105 return( MBEDTLS_ERR_X509_INVALID_FORMAT ); 1106 } 1107 1108 end = crt_end = p + len; 1109 crt->raw.len = crt_end - buf; 1110 if( make_copy != 0 ) 1111 { 1112 /* Create and populate a new buffer for the raw field. */ 1113 crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len ); 1114 if( crt->raw.p == NULL ) 1115 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 1116 1117 memcpy( crt->raw.p, buf, crt->raw.len ); 1118 crt->own_buffer = 1; 1119 1120 p += crt->raw.len - len; 1121 end = crt_end = p + len; 1122 } 1123 else 1124 { 1125 crt->raw.p = (unsigned char*) buf; 1126 crt->own_buffer = 0; 1127 } 1128 1129 /* 1130 * TBSCertificate ::= SEQUENCE { 1131 */ 1132 crt->tbs.p = p; 1133 1134 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1135 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 1136 { 1137 mbedtls_x509_crt_free( crt ); 1138 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); 1139 } 1140 1141 end = p + len; 1142 crt->tbs.len = end - crt->tbs.p; 1143 1144 /* 1145 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 1146 * 1147 * CertificateSerialNumber ::= INTEGER 1148 * 1149 * signature AlgorithmIdentifier 1150 */ 1151 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || 1152 ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 || 1153 ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid, 1154 &sig_params1 ) ) != 0 ) 1155 { 1156 mbedtls_x509_crt_free( crt ); 1157 return( ret ); 1158 } 1159 1160 if( crt->version < 0 || crt->version > 2 ) 1161 { 1162 mbedtls_x509_crt_free( crt ); 1163 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); 1164 } 1165 1166 crt->version++; 1167 1168 if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, 1169 &crt->sig_md, &crt->sig_pk, 1170 &crt->sig_opts ) ) != 0 ) 1171 { 1172 mbedtls_x509_crt_free( crt ); 1173 return( ret ); 1174 } 1175 1176 /* 1177 * issuer Name 1178 */ 1179 crt->issuer_raw.p = p; 1180 1181 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1182 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 1183 { 1184 mbedtls_x509_crt_free( crt ); 1185 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); 1186 } 1187 1188 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) 1189 { 1190 mbedtls_x509_crt_free( crt ); 1191 return( ret ); 1192 } 1193 1194 crt->issuer_raw.len = p - crt->issuer_raw.p; 1195 1196 /* 1197 * Validity ::= SEQUENCE { 1198 * notBefore Time, 1199 * notAfter Time } 1200 * 1201 */ 1202 if( ( ret = x509_get_dates( &p, end, &crt->valid_from, 1203 &crt->valid_to ) ) != 0 ) 1204 { 1205 mbedtls_x509_crt_free( crt ); 1206 return( ret ); 1207 } 1208 1209 /* 1210 * subject Name 1211 */ 1212 crt->subject_raw.p = p; 1213 1214 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1215 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 1216 { 1217 mbedtls_x509_crt_free( crt ); 1218 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); 1219 } 1220 1221 if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) 1222 { 1223 mbedtls_x509_crt_free( crt ); 1224 return( ret ); 1225 } 1226 1227 crt->subject_raw.len = p - crt->subject_raw.p; 1228 1229 /* 1230 * SubjectPublicKeyInfo 1231 */ 1232 crt->pk_raw.p = p; 1233 if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 ) 1234 { 1235 mbedtls_x509_crt_free( crt ); 1236 return( ret ); 1237 } 1238 crt->pk_raw.len = p - crt->pk_raw.p; 1239 1240 /* 1241 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 1242 * -- If present, version shall be v2 or v3 1243 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 1244 * -- If present, version shall be v2 or v3 1245 * extensions [3] EXPLICIT Extensions OPTIONAL 1246 * -- If present, version shall be v3 1247 */ 1248 if( crt->version == 2 || crt->version == 3 ) 1249 { 1250 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 ); 1251 if( ret != 0 ) 1252 { 1253 mbedtls_x509_crt_free( crt ); 1254 return( ret ); 1255 } 1256 } 1257 1258 if( crt->version == 2 || crt->version == 3 ) 1259 { 1260 ret = x509_get_uid( &p, end, &crt->subject_id, 2 ); 1261 if( ret != 0 ) 1262 { 1263 mbedtls_x509_crt_free( crt ); 1264 return( ret ); 1265 } 1266 } 1267 1268 #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) 1269 if( crt->version == 3 ) 1270 #endif 1271 { 1272 ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx ); 1273 if( ret != 0 ) 1274 { 1275 mbedtls_x509_crt_free( crt ); 1276 return( ret ); 1277 } 1278 } 1279 1280 if( p != end ) 1281 { 1282 mbedtls_x509_crt_free( crt ); 1283 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, 1284 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 1285 } 1286 1287 end = crt_end; 1288 1289 /* 1290 * } 1291 * -- end of TBSCertificate 1292 * 1293 * signatureAlgorithm AlgorithmIdentifier, 1294 * signatureValue BIT STRING 1295 */ 1296 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) 1297 { 1298 mbedtls_x509_crt_free( crt ); 1299 return( ret ); 1300 } 1301 1302 if( crt->sig_oid.len != sig_oid2.len || 1303 memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || 1304 sig_params1.tag != sig_params2.tag || 1305 sig_params1.len != sig_params2.len || 1306 ( sig_params1.len != 0 && 1307 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) 1308 { 1309 mbedtls_x509_crt_free( crt ); 1310 return( MBEDTLS_ERR_X509_SIG_MISMATCH ); 1311 } 1312 1313 if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 ) 1314 { 1315 mbedtls_x509_crt_free( crt ); 1316 return( ret ); 1317 } 1318 1319 if( p != end ) 1320 { 1321 mbedtls_x509_crt_free( crt ); 1322 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, 1323 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 1324 } 1325 1326 return( 0 ); 1327 } 1328 1329 /* 1330 * Parse one X.509 certificate in DER format from a buffer and add them to a 1331 * chained list 1332 */ 1333 static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, 1334 const unsigned char *buf, 1335 size_t buflen, 1336 int make_copy, 1337 mbedtls_x509_crt_ext_cb_t cb, 1338 void *p_ctx ) 1339 { 1340 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1341 mbedtls_x509_crt *crt = chain, *prev = NULL; 1342 1343 /* 1344 * Check for valid input 1345 */ 1346 if( crt == NULL || buf == NULL ) 1347 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1348 1349 while( crt->version != 0 && crt->next != NULL ) 1350 { 1351 prev = crt; 1352 crt = crt->next; 1353 } 1354 1355 /* 1356 * Add new certificate on the end of the chain if needed. 1357 */ 1358 if( crt->version != 0 && crt->next == NULL ) 1359 { 1360 crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); 1361 1362 if( crt->next == NULL ) 1363 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 1364 1365 prev = crt; 1366 mbedtls_x509_crt_init( crt->next ); 1367 crt = crt->next; 1368 } 1369 1370 ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb, p_ctx ); 1371 if( ret != 0 ) 1372 { 1373 if( prev ) 1374 prev->next = NULL; 1375 1376 if( crt != chain ) 1377 mbedtls_free( crt ); 1378 1379 return( ret ); 1380 } 1381 1382 return( 0 ); 1383 } 1384 1385 int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, 1386 const unsigned char *buf, 1387 size_t buflen ) 1388 { 1389 return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL, NULL ) ); 1390 } 1391 1392 int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, 1393 const unsigned char *buf, 1394 size_t buflen, 1395 int make_copy, 1396 mbedtls_x509_crt_ext_cb_t cb, 1397 void *p_ctx ) 1398 { 1399 return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb, p_ctx ) ); 1400 } 1401 1402 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, 1403 const unsigned char *buf, 1404 size_t buflen ) 1405 { 1406 return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL, NULL ) ); 1407 } 1408 1409 /* 1410 * Parse one or more PEM certificates from a buffer and add them to the chained 1411 * list 1412 */ 1413 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, 1414 const unsigned char *buf, 1415 size_t buflen ) 1416 { 1417 #if defined(MBEDTLS_PEM_PARSE_C) 1418 int success = 0, first_error = 0, total_failed = 0; 1419 int buf_format = MBEDTLS_X509_FORMAT_DER; 1420 #endif 1421 1422 /* 1423 * Check for valid input 1424 */ 1425 if( chain == NULL || buf == NULL ) 1426 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1427 1428 /* 1429 * Determine buffer content. Buffer contains either one DER certificate or 1430 * one or more PEM certificates. 1431 */ 1432 #if defined(MBEDTLS_PEM_PARSE_C) 1433 if( buflen != 0 && buf[buflen - 1] == '\0' && 1434 strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) 1435 { 1436 buf_format = MBEDTLS_X509_FORMAT_PEM; 1437 } 1438 1439 if( buf_format == MBEDTLS_X509_FORMAT_DER ) 1440 return mbedtls_x509_crt_parse_der( chain, buf, buflen ); 1441 #else 1442 return mbedtls_x509_crt_parse_der( chain, buf, buflen ); 1443 #endif 1444 1445 #if defined(MBEDTLS_PEM_PARSE_C) 1446 if( buf_format == MBEDTLS_X509_FORMAT_PEM ) 1447 { 1448 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1449 mbedtls_pem_context pem; 1450 1451 /* 1 rather than 0 since the terminating NULL byte is counted in */ 1452 while( buflen > 1 ) 1453 { 1454 size_t use_len; 1455 mbedtls_pem_init( &pem ); 1456 1457 /* If we get there, we know the string is null-terminated */ 1458 ret = mbedtls_pem_read_buffer( &pem, 1459 "-----BEGIN CERTIFICATE-----", 1460 "-----END CERTIFICATE-----", 1461 buf, NULL, 0, &use_len ); 1462 1463 if( ret == 0 ) 1464 { 1465 /* 1466 * Was PEM encoded 1467 */ 1468 buflen -= use_len; 1469 buf += use_len; 1470 } 1471 else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA ) 1472 { 1473 return( ret ); 1474 } 1475 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 1476 { 1477 mbedtls_pem_free( &pem ); 1478 1479 /* 1480 * PEM header and footer were found 1481 */ 1482 buflen -= use_len; 1483 buf += use_len; 1484 1485 if( first_error == 0 ) 1486 first_error = ret; 1487 1488 total_failed++; 1489 continue; 1490 } 1491 else 1492 break; 1493 1494 ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen ); 1495 1496 mbedtls_pem_free( &pem ); 1497 1498 if( ret != 0 ) 1499 { 1500 /* 1501 * Quit parsing on a memory error 1502 */ 1503 if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED ) 1504 return( ret ); 1505 1506 if( first_error == 0 ) 1507 first_error = ret; 1508 1509 total_failed++; 1510 continue; 1511 } 1512 1513 success = 1; 1514 } 1515 } 1516 1517 if( success ) 1518 return( total_failed ); 1519 else if( first_error ) 1520 return( first_error ); 1521 else 1522 return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); 1523 #endif /* MBEDTLS_PEM_PARSE_C */ 1524 } 1525 1526 #if defined(MBEDTLS_FS_IO) 1527 /* 1528 * Load one or more certificates and add them to the chained list 1529 */ 1530 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) 1531 { 1532 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1533 size_t n; 1534 unsigned char *buf; 1535 1536 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 1537 return( ret ); 1538 1539 ret = mbedtls_x509_crt_parse( chain, buf, n ); 1540 1541 mbedtls_platform_zeroize( buf, n ); 1542 mbedtls_free( buf ); 1543 1544 return( ret ); 1545 } 1546 1547 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) 1548 { 1549 int ret = 0; 1550 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 1551 int w_ret; 1552 WCHAR szDir[MAX_PATH]; 1553 char filename[MAX_PATH]; 1554 char *p; 1555 size_t len = strlen( path ); 1556 1557 WIN32_FIND_DATAW file_data; 1558 HANDLE hFind; 1559 1560 if( len > MAX_PATH - 3 ) 1561 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1562 1563 memset( szDir, 0, sizeof(szDir) ); 1564 memset( filename, 0, MAX_PATH ); 1565 memcpy( filename, path, len ); 1566 filename[len++] = '\\'; 1567 p = filename + len; 1568 filename[len++] = '*'; 1569 1570 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, 1571 MAX_PATH - 3 ); 1572 if( w_ret == 0 ) 1573 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1574 1575 hFind = FindFirstFileW( szDir, &file_data ); 1576 if( hFind == INVALID_HANDLE_VALUE ) 1577 return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); 1578 1579 len = MAX_PATH - len; 1580 do 1581 { 1582 memset( p, 0, len ); 1583 1584 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) 1585 continue; 1586 1587 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, 1588 lstrlenW( file_data.cFileName ), 1589 p, (int) len - 1, 1590 NULL, NULL ); 1591 if( w_ret == 0 ) 1592 { 1593 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1594 goto cleanup; 1595 } 1596 1597 w_ret = mbedtls_x509_crt_parse_file( chain, filename ); 1598 if( w_ret < 0 ) 1599 ret++; 1600 else 1601 ret += w_ret; 1602 } 1603 while( FindNextFileW( hFind, &file_data ) != 0 ); 1604 1605 if( GetLastError() != ERROR_NO_MORE_FILES ) 1606 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1607 1608 cleanup: 1609 FindClose( hFind ); 1610 #else /* _WIN32 */ 1611 int t_ret; 1612 int snp_ret; 1613 struct stat sb; 1614 struct dirent *entry; 1615 char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; 1616 DIR *dir = opendir( path ); 1617 1618 if( dir == NULL ) 1619 return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); 1620 1621 #if defined(MBEDTLS_THREADING_C) 1622 if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) 1623 { 1624 closedir( dir ); 1625 return( ret ); 1626 } 1627 #endif /* MBEDTLS_THREADING_C */ 1628 1629 memset( &sb, 0, sizeof( sb ) ); 1630 1631 while( ( entry = readdir( dir ) ) != NULL ) 1632 { 1633 snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, 1634 "%s/%s", path, entry->d_name ); 1635 1636 if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name ) 1637 { 1638 ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 1639 goto cleanup; 1640 } 1641 else if( stat( entry_name, &sb ) == -1 ) 1642 { 1643 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1644 goto cleanup; 1645 } 1646 1647 if( !S_ISREG( sb.st_mode ) ) 1648 continue; 1649 1650 // Ignore parse errors 1651 // 1652 t_ret = mbedtls_x509_crt_parse_file( chain, entry_name ); 1653 if( t_ret < 0 ) 1654 ret++; 1655 else 1656 ret += t_ret; 1657 } 1658 1659 cleanup: 1660 closedir( dir ); 1661 1662 #if defined(MBEDTLS_THREADING_C) 1663 if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) 1664 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; 1665 #endif /* MBEDTLS_THREADING_C */ 1666 1667 #endif /* _WIN32 */ 1668 1669 return( ret ); 1670 } 1671 #endif /* MBEDTLS_FS_IO */ 1672 1673 /* 1674 * OtherName ::= SEQUENCE { 1675 * type-id OBJECT IDENTIFIER, 1676 * value [0] EXPLICIT ANY DEFINED BY type-id } 1677 * 1678 * HardwareModuleName ::= SEQUENCE { 1679 * hwType OBJECT IDENTIFIER, 1680 * hwSerialNum OCTET STRING } 1681 * 1682 * NOTE: we currently only parse and use otherName of type HwModuleName, 1683 * as defined in RFC 4108. 1684 */ 1685 static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, 1686 mbedtls_x509_san_other_name *other_name ) 1687 { 1688 int ret = 0; 1689 size_t len; 1690 unsigned char *p = subject_alt_name->p; 1691 const unsigned char *end = p + subject_alt_name->len; 1692 mbedtls_x509_buf cur_oid; 1693 1694 if( ( subject_alt_name->tag & 1695 ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) != 1696 ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) ) 1697 { 1698 /* 1699 * The given subject alternative name is not of type "othername". 1700 */ 1701 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1702 } 1703 1704 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1705 MBEDTLS_ASN1_OID ) ) != 0 ) 1706 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 1707 1708 cur_oid.tag = MBEDTLS_ASN1_OID; 1709 cur_oid.p = p; 1710 cur_oid.len = len; 1711 1712 /* 1713 * Only HwModuleName is currently supported. 1714 */ 1715 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 ) 1716 { 1717 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 1718 } 1719 1720 if( p + len >= end ) 1721 { 1722 mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); 1723 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1724 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 1725 } 1726 p += len; 1727 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1728 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) 1729 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 1730 1731 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1732 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 1733 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 1734 1735 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) 1736 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 1737 1738 other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; 1739 other_name->value.hardware_module_name.oid.p = p; 1740 other_name->value.hardware_module_name.oid.len = len; 1741 1742 if( p + len >= end ) 1743 { 1744 mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); 1745 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1746 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 1747 } 1748 p += len; 1749 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1750 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 1751 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); 1752 1753 other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; 1754 other_name->value.hardware_module_name.val.p = p; 1755 other_name->value.hardware_module_name.val.len = len; 1756 p += len; 1757 if( p != end ) 1758 { 1759 mbedtls_platform_zeroize( other_name, 1760 sizeof( *other_name ) ); 1761 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1762 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); 1763 } 1764 return( 0 ); 1765 } 1766 1767 static int x509_info_subject_alt_name( char **buf, size_t *size, 1768 const mbedtls_x509_sequence 1769 *subject_alt_name, 1770 const char *prefix ) 1771 { 1772 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1773 size_t n = *size; 1774 char *p = *buf; 1775 const mbedtls_x509_sequence *cur = subject_alt_name; 1776 mbedtls_x509_subject_alternative_name san; 1777 int parse_ret; 1778 1779 while( cur != NULL ) 1780 { 1781 memset( &san, 0, sizeof( san ) ); 1782 parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); 1783 if( parse_ret != 0 ) 1784 { 1785 if( parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) 1786 { 1787 ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix ); 1788 MBEDTLS_X509_SAFE_SNPRINTF; 1789 } 1790 else 1791 { 1792 ret = mbedtls_snprintf( p, n, "\n%s <malformed>", prefix ); 1793 MBEDTLS_X509_SAFE_SNPRINTF; 1794 } 1795 cur = cur->next; 1796 continue; 1797 } 1798 1799 switch( san.type ) 1800 { 1801 /* 1802 * otherName 1803 */ 1804 case MBEDTLS_X509_SAN_OTHER_NAME: 1805 { 1806 mbedtls_x509_san_other_name *other_name = &san.san.other_name; 1807 1808 ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix ); 1809 MBEDTLS_X509_SAFE_SNPRINTF; 1810 1811 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, 1812 &other_name->value.hardware_module_name.oid ) != 0 ) 1813 { 1814 ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix ); 1815 MBEDTLS_X509_SAFE_SNPRINTF; 1816 ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix ); 1817 MBEDTLS_X509_SAFE_SNPRINTF; 1818 1819 ret = mbedtls_oid_get_numeric_string( p, n, &other_name->value.hardware_module_name.oid ); 1820 MBEDTLS_X509_SAFE_SNPRINTF; 1821 1822 ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); 1823 MBEDTLS_X509_SAFE_SNPRINTF; 1824 1825 if( other_name->value.hardware_module_name.val.len >= n ) 1826 { 1827 *p = '\0'; 1828 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 1829 } 1830 1831 memcpy( p, other_name->value.hardware_module_name.val.p, 1832 other_name->value.hardware_module_name.val.len ); 1833 p += other_name->value.hardware_module_name.val.len; 1834 1835 n -= other_name->value.hardware_module_name.val.len; 1836 1837 }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ 1838 } 1839 break; 1840 1841 /* 1842 * dNSName 1843 */ 1844 case MBEDTLS_X509_SAN_DNS_NAME: 1845 { 1846 ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); 1847 MBEDTLS_X509_SAFE_SNPRINTF; 1848 if( san.san.unstructured_name.len >= n ) 1849 { 1850 *p = '\0'; 1851 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 1852 } 1853 1854 memcpy( p, san.san.unstructured_name.p, san.san.unstructured_name.len ); 1855 p += san.san.unstructured_name.len; 1856 n -= san.san.unstructured_name.len; 1857 } 1858 break; 1859 1860 /* 1861 * Type not supported, skip item. 1862 */ 1863 default: 1864 ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix ); 1865 MBEDTLS_X509_SAFE_SNPRINTF; 1866 break; 1867 } 1868 1869 cur = cur->next; 1870 } 1871 1872 *p = '\0'; 1873 1874 *size = n; 1875 *buf = p; 1876 1877 return( 0 ); 1878 } 1879 1880 int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, 1881 mbedtls_x509_subject_alternative_name *san ) 1882 { 1883 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1884 switch( san_buf->tag & 1885 ( MBEDTLS_ASN1_TAG_CLASS_MASK | 1886 MBEDTLS_ASN1_TAG_VALUE_MASK ) ) 1887 { 1888 /* 1889 * otherName 1890 */ 1891 case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): 1892 { 1893 mbedtls_x509_san_other_name other_name; 1894 1895 ret = x509_get_other_name( san_buf, &other_name ); 1896 if( ret != 0 ) 1897 return( ret ); 1898 1899 memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); 1900 san->type = MBEDTLS_X509_SAN_OTHER_NAME; 1901 memcpy( &san->san.other_name, 1902 &other_name, sizeof( other_name ) ); 1903 1904 } 1905 break; 1906 1907 /* 1908 * dNSName 1909 */ 1910 case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): 1911 { 1912 memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); 1913 san->type = MBEDTLS_X509_SAN_DNS_NAME; 1914 1915 memcpy( &san->san.unstructured_name, 1916 san_buf, sizeof( *san_buf ) ); 1917 1918 } 1919 break; 1920 1921 /* 1922 * Type not supported 1923 */ 1924 default: 1925 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 1926 } 1927 return( 0 ); 1928 } 1929 1930 #define PRINT_ITEM(i) \ 1931 { \ 1932 ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ 1933 MBEDTLS_X509_SAFE_SNPRINTF; \ 1934 sep = ", "; \ 1935 } 1936 1937 #define CERT_TYPE(type,name) \ 1938 if( ns_cert_type & (type) ) \ 1939 PRINT_ITEM( name ); 1940 1941 static int x509_info_cert_type( char **buf, size_t *size, 1942 unsigned char ns_cert_type ) 1943 { 1944 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1945 size_t n = *size; 1946 char *p = *buf; 1947 const char *sep = ""; 1948 1949 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); 1950 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); 1951 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); 1952 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); 1953 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); 1954 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" ); 1955 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); 1956 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); 1957 1958 *size = n; 1959 *buf = p; 1960 1961 return( 0 ); 1962 } 1963 1964 #define KEY_USAGE(code,name) \ 1965 if( key_usage & (code) ) \ 1966 PRINT_ITEM( name ); 1967 1968 static int x509_info_key_usage( char **buf, size_t *size, 1969 unsigned int key_usage ) 1970 { 1971 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1972 size_t n = *size; 1973 char *p = *buf; 1974 const char *sep = ""; 1975 1976 KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); 1977 KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); 1978 KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); 1979 KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); 1980 KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" ); 1981 KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); 1982 KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); 1983 KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" ); 1984 KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" ); 1985 1986 *size = n; 1987 *buf = p; 1988 1989 return( 0 ); 1990 } 1991 1992 static int x509_info_ext_key_usage( char **buf, size_t *size, 1993 const mbedtls_x509_sequence *extended_key_usage ) 1994 { 1995 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1996 const char *desc; 1997 size_t n = *size; 1998 char *p = *buf; 1999 const mbedtls_x509_sequence *cur = extended_key_usage; 2000 const char *sep = ""; 2001 2002 while( cur != NULL ) 2003 { 2004 if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) 2005 desc = "???"; 2006 2007 ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); 2008 MBEDTLS_X509_SAFE_SNPRINTF; 2009 2010 sep = ", "; 2011 2012 cur = cur->next; 2013 } 2014 2015 *size = n; 2016 *buf = p; 2017 2018 return( 0 ); 2019 } 2020 2021 static int x509_info_cert_policies( char **buf, size_t *size, 2022 const mbedtls_x509_sequence *certificate_policies ) 2023 { 2024 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2025 const char *desc; 2026 size_t n = *size; 2027 char *p = *buf; 2028 const mbedtls_x509_sequence *cur = certificate_policies; 2029 const char *sep = ""; 2030 2031 while( cur != NULL ) 2032 { 2033 if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) != 0 ) 2034 desc = "???"; 2035 2036 ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); 2037 MBEDTLS_X509_SAFE_SNPRINTF; 2038 2039 sep = ", "; 2040 2041 cur = cur->next; 2042 } 2043 2044 *size = n; 2045 *buf = p; 2046 2047 return( 0 ); 2048 } 2049 2050 /* 2051 * Return an informational string about the certificate. 2052 */ 2053 #define BEFORE_COLON 18 2054 #define BC "18" 2055 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, 2056 const mbedtls_x509_crt *crt ) 2057 { 2058 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2059 size_t n; 2060 char *p; 2061 char key_size_str[BEFORE_COLON]; 2062 2063 p = buf; 2064 n = size; 2065 2066 if( NULL == crt ) 2067 { 2068 ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); 2069 MBEDTLS_X509_SAFE_SNPRINTF; 2070 2071 return( (int) ( size - n ) ); 2072 } 2073 2074 ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", 2075 prefix, crt->version ); 2076 MBEDTLS_X509_SAFE_SNPRINTF; 2077 ret = mbedtls_snprintf( p, n, "%sserial number : ", 2078 prefix ); 2079 MBEDTLS_X509_SAFE_SNPRINTF; 2080 2081 ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); 2082 MBEDTLS_X509_SAFE_SNPRINTF; 2083 2084 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); 2085 MBEDTLS_X509_SAFE_SNPRINTF; 2086 ret = mbedtls_x509_dn_gets( p, n, &crt->issuer ); 2087 MBEDTLS_X509_SAFE_SNPRINTF; 2088 2089 ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); 2090 MBEDTLS_X509_SAFE_SNPRINTF; 2091 ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); 2092 MBEDTLS_X509_SAFE_SNPRINTF; 2093 2094 ret = mbedtls_snprintf( p, n, "\n%sissued on : " \ 2095 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 2096 crt->valid_from.year, crt->valid_from.mon, 2097 crt->valid_from.day, crt->valid_from.hour, 2098 crt->valid_from.min, crt->valid_from.sec ); 2099 MBEDTLS_X509_SAFE_SNPRINTF; 2100 2101 ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \ 2102 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 2103 crt->valid_to.year, crt->valid_to.mon, 2104 crt->valid_to.day, crt->valid_to.hour, 2105 crt->valid_to.min, crt->valid_to.sec ); 2106 MBEDTLS_X509_SAFE_SNPRINTF; 2107 2108 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); 2109 MBEDTLS_X509_SAFE_SNPRINTF; 2110 2111 ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk, 2112 crt->sig_md, crt->sig_opts ); 2113 MBEDTLS_X509_SAFE_SNPRINTF; 2114 2115 /* Key size */ 2116 if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, 2117 mbedtls_pk_get_name( &crt->pk ) ) ) != 0 ) 2118 { 2119 return( ret ); 2120 } 2121 2122 ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, 2123 (int) mbedtls_pk_get_bitlen( &crt->pk ) ); 2124 MBEDTLS_X509_SAFE_SNPRINTF; 2125 2126 /* 2127 * Optional extensions 2128 */ 2129 2130 if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS ) 2131 { 2132 ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, 2133 crt->ca_istrue ? "true" : "false" ); 2134 MBEDTLS_X509_SAFE_SNPRINTF; 2135 2136 if( crt->max_pathlen > 0 ) 2137 { 2138 ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); 2139 MBEDTLS_X509_SAFE_SNPRINTF; 2140 } 2141 } 2142 2143 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 2144 { 2145 ret = mbedtls_snprintf( p, n, "\n%ssubject alt name :", prefix ); 2146 MBEDTLS_X509_SAFE_SNPRINTF; 2147 2148 if( ( ret = x509_info_subject_alt_name( &p, &n, 2149 &crt->subject_alt_names, 2150 prefix ) ) != 0 ) 2151 return( ret ); 2152 } 2153 2154 if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE ) 2155 { 2156 ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix ); 2157 MBEDTLS_X509_SAFE_SNPRINTF; 2158 2159 if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) 2160 return( ret ); 2161 } 2162 2163 if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) 2164 { 2165 ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix ); 2166 MBEDTLS_X509_SAFE_SNPRINTF; 2167 2168 if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) 2169 return( ret ); 2170 } 2171 2172 if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) 2173 { 2174 ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix ); 2175 MBEDTLS_X509_SAFE_SNPRINTF; 2176 2177 if( ( ret = x509_info_ext_key_usage( &p, &n, 2178 &crt->ext_key_usage ) ) != 0 ) 2179 return( ret ); 2180 } 2181 2182 if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES ) 2183 { 2184 ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix ); 2185 MBEDTLS_X509_SAFE_SNPRINTF; 2186 2187 if( ( ret = x509_info_cert_policies( &p, &n, 2188 &crt->certificate_policies ) ) != 0 ) 2189 return( ret ); 2190 } 2191 2192 ret = mbedtls_snprintf( p, n, "\n" ); 2193 MBEDTLS_X509_SAFE_SNPRINTF; 2194 2195 return( (int) ( size - n ) ); 2196 } 2197 2198 struct x509_crt_verify_string { 2199 int code; 2200 const char *string; 2201 }; 2202 2203 static const struct x509_crt_verify_string x509_crt_verify_strings[] = { 2204 { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" }, 2205 { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, 2206 { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, 2207 { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, 2208 { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, 2209 { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, 2210 { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" }, 2211 { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, 2212 { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, 2213 { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" }, 2214 { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" }, 2215 { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, 2216 { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, 2217 { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, 2218 { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." }, 2219 { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, 2220 { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." }, 2221 { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." }, 2222 { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, 2223 { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." }, 2224 { 0, NULL } 2225 }; 2226 2227 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, 2228 uint32_t flags ) 2229 { 2230 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2231 const struct x509_crt_verify_string *cur; 2232 char *p = buf; 2233 size_t n = size; 2234 2235 for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ ) 2236 { 2237 if( ( flags & cur->code ) == 0 ) 2238 continue; 2239 2240 ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string ); 2241 MBEDTLS_X509_SAFE_SNPRINTF; 2242 flags ^= cur->code; 2243 } 2244 2245 if( flags != 0 ) 2246 { 2247 ret = mbedtls_snprintf( p, n, "%sUnknown reason " 2248 "(this should not happen)\n", prefix ); 2249 MBEDTLS_X509_SAFE_SNPRINTF; 2250 } 2251 2252 return( (int) ( size - n ) ); 2253 } 2254 2255 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 2256 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, 2257 unsigned int usage ) 2258 { 2259 unsigned int usage_must, usage_may; 2260 unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY 2261 | MBEDTLS_X509_KU_DECIPHER_ONLY; 2262 2263 if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 ) 2264 return( 0 ); 2265 2266 usage_must = usage & ~may_mask; 2267 2268 if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must ) 2269 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 2270 2271 usage_may = usage & may_mask; 2272 2273 if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may ) 2274 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 2275 2276 return( 0 ); 2277 } 2278 #endif 2279 2280 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) 2281 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, 2282 const char *usage_oid, 2283 size_t usage_len ) 2284 { 2285 const mbedtls_x509_sequence *cur; 2286 2287 /* Extension is not mandatory, absent means no restriction */ 2288 if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 ) 2289 return( 0 ); 2290 2291 /* 2292 * Look for the requested usage (or wildcard ANY) in our list 2293 */ 2294 for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next ) 2295 { 2296 const mbedtls_x509_buf *cur_oid = &cur->buf; 2297 2298 if( cur_oid->len == usage_len && 2299 memcmp( cur_oid->p, usage_oid, usage_len ) == 0 ) 2300 { 2301 return( 0 ); 2302 } 2303 2304 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 ) 2305 return( 0 ); 2306 } 2307 2308 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 2309 } 2310 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 2311 2312 #if defined(MBEDTLS_X509_CRL_PARSE_C) 2313 /* 2314 * Return 1 if the certificate is revoked, or 0 otherwise. 2315 */ 2316 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ) 2317 { 2318 const mbedtls_x509_crl_entry *cur = &crl->entry; 2319 2320 while( cur != NULL && cur->serial.len != 0 ) 2321 { 2322 if( crt->serial.len == cur->serial.len && 2323 memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) 2324 { 2325 return( 1 ); 2326 } 2327 2328 cur = cur->next; 2329 } 2330 2331 return( 0 ); 2332 } 2333 2334 /* 2335 * Check that the given certificate is not revoked according to the CRL. 2336 * Skip validation if no CRL for the given CA is present. 2337 */ 2338 static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, 2339 mbedtls_x509_crl *crl_list, 2340 const mbedtls_x509_crt_profile *profile ) 2341 { 2342 int flags = 0; 2343 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 2344 const mbedtls_md_info_t *md_info; 2345 2346 if( ca == NULL ) 2347 return( flags ); 2348 2349 while( crl_list != NULL ) 2350 { 2351 if( crl_list->version == 0 || 2352 x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 ) 2353 { 2354 crl_list = crl_list->next; 2355 continue; 2356 } 2357 2358 /* 2359 * Check if the CA is configured to sign CRLs 2360 */ 2361 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 2362 if( mbedtls_x509_crt_check_key_usage( ca, 2363 MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) 2364 { 2365 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 2366 break; 2367 } 2368 #endif 2369 2370 /* 2371 * Check if CRL is correctly signed by the trusted CA 2372 */ 2373 if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 ) 2374 flags |= MBEDTLS_X509_BADCRL_BAD_MD; 2375 2376 if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 ) 2377 flags |= MBEDTLS_X509_BADCRL_BAD_PK; 2378 2379 md_info = mbedtls_md_info_from_type( crl_list->sig_md ); 2380 if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 ) 2381 { 2382 /* Note: this can't happen except after an internal error */ 2383 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 2384 break; 2385 } 2386 2387 if( x509_profile_check_key( profile, &ca->pk ) != 0 ) 2388 flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2389 2390 if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, 2391 crl_list->sig_md, hash, mbedtls_md_get_size( md_info ), 2392 crl_list->sig.p, crl_list->sig.len ) != 0 ) 2393 { 2394 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 2395 break; 2396 } 2397 2398 /* 2399 * Check for validity of CRL (Do not drop out) 2400 */ 2401 if( mbedtls_x509_time_is_past( &crl_list->next_update ) ) 2402 flags |= MBEDTLS_X509_BADCRL_EXPIRED; 2403 2404 if( mbedtls_x509_time_is_future( &crl_list->this_update ) ) 2405 flags |= MBEDTLS_X509_BADCRL_FUTURE; 2406 2407 /* 2408 * Check if certificate is revoked 2409 */ 2410 if( mbedtls_x509_crt_is_revoked( crt, crl_list ) ) 2411 { 2412 flags |= MBEDTLS_X509_BADCERT_REVOKED; 2413 break; 2414 } 2415 2416 crl_list = crl_list->next; 2417 } 2418 2419 return( flags ); 2420 } 2421 #endif /* MBEDTLS_X509_CRL_PARSE_C */ 2422 2423 /* 2424 * Check the signature of a certificate by its parent 2425 */ 2426 static int x509_crt_check_signature( const mbedtls_x509_crt *child, 2427 mbedtls_x509_crt *parent, 2428 mbedtls_x509_crt_restart_ctx *rs_ctx ) 2429 { 2430 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 2431 size_t hash_len; 2432 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 2433 const mbedtls_md_info_t *md_info; 2434 md_info = mbedtls_md_info_from_type( child->sig_md ); 2435 hash_len = mbedtls_md_get_size( md_info ); 2436 2437 /* Note: hash errors can happen only after an internal error */ 2438 if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) 2439 return( -1 ); 2440 #else 2441 psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; 2442 psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md ); 2443 2444 if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS ) 2445 return( -1 ); 2446 2447 if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len ) 2448 != PSA_SUCCESS ) 2449 { 2450 return( -1 ); 2451 } 2452 2453 if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len ) 2454 != PSA_SUCCESS ) 2455 { 2456 return( -1 ); 2457 } 2458 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 2459 /* Skip expensive computation on obvious mismatch */ 2460 if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) ) 2461 return( -1 ); 2462 2463 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2464 if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA ) 2465 { 2466 return( mbedtls_pk_verify_restartable( &parent->pk, 2467 child->sig_md, hash, hash_len, 2468 child->sig.p, child->sig.len, &rs_ctx->pk ) ); 2469 } 2470 #else 2471 (void) rs_ctx; 2472 #endif 2473 2474 return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, 2475 child->sig_md, hash, hash_len, 2476 child->sig.p, child->sig.len ) ); 2477 } 2478 2479 /* 2480 * Check if 'parent' is a suitable parent (signing CA) for 'child'. 2481 * Return 0 if yes, -1 if not. 2482 * 2483 * top means parent is a locally-trusted certificate 2484 */ 2485 static int x509_crt_check_parent( const mbedtls_x509_crt *child, 2486 const mbedtls_x509_crt *parent, 2487 int top ) 2488 { 2489 int need_ca_bit; 2490 2491 /* Parent must be the issuer */ 2492 if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 ) 2493 return( -1 ); 2494 2495 /* Parent must have the basicConstraints CA bit set as a general rule */ 2496 need_ca_bit = 1; 2497 2498 /* Exception: v1/v2 certificates that are locally trusted. */ 2499 if( top && parent->version < 3 ) 2500 need_ca_bit = 0; 2501 2502 if( need_ca_bit && ! parent->ca_istrue ) 2503 return( -1 ); 2504 2505 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 2506 if( need_ca_bit && 2507 mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 ) 2508 { 2509 return( -1 ); 2510 } 2511 #endif 2512 2513 return( 0 ); 2514 } 2515 2516 /* 2517 * Find a suitable parent for child in candidates, or return NULL. 2518 * 2519 * Here suitable is defined as: 2520 * 1. subject name matches child's issuer 2521 * 2. if necessary, the CA bit is set and key usage allows signing certs 2522 * 3. for trusted roots, the signature is correct 2523 * (for intermediates, the signature is checked and the result reported) 2524 * 4. pathlen constraints are satisfied 2525 * 2526 * If there's a suitable candidate which is also time-valid, return the first 2527 * such. Otherwise, return the first suitable candidate (or NULL if there is 2528 * none). 2529 * 2530 * The rationale for this rule is that someone could have a list of trusted 2531 * roots with two versions on the same root with different validity periods. 2532 * (At least one user reported having such a list and wanted it to just work.) 2533 * The reason we don't just require time-validity is that generally there is 2534 * only one version, and if it's expired we want the flags to state that 2535 * rather than NOT_TRUSTED, as would be the case if we required it here. 2536 * 2537 * The rationale for rule 3 (signature for trusted roots) is that users might 2538 * have two versions of the same CA with different keys in their list, and the 2539 * way we select the correct one is by checking the signature (as we don't 2540 * rely on key identifier extensions). (This is one way users might choose to 2541 * handle key rollover, another relies on self-issued certs, see [SIRO].) 2542 * 2543 * Arguments: 2544 * - [in] child: certificate for which we're looking for a parent 2545 * - [in] candidates: chained list of potential parents 2546 * - [out] r_parent: parent found (or NULL) 2547 * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 2548 * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top 2549 * of the chain, 0 otherwise 2550 * - [in] path_cnt: number of intermediates seen so far 2551 * - [in] self_cnt: number of self-signed intermediates seen so far 2552 * (will never be greater than path_cnt) 2553 * - [in-out] rs_ctx: context for restarting operations 2554 * 2555 * Return value: 2556 * - 0 on success 2557 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise 2558 */ 2559 static int x509_crt_find_parent_in( 2560 mbedtls_x509_crt *child, 2561 mbedtls_x509_crt *candidates, 2562 mbedtls_x509_crt **r_parent, 2563 int *r_signature_is_good, 2564 int top, 2565 unsigned path_cnt, 2566 unsigned self_cnt, 2567 mbedtls_x509_crt_restart_ctx *rs_ctx ) 2568 { 2569 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2570 mbedtls_x509_crt *parent, *fallback_parent; 2571 int signature_is_good = 0, fallback_signature_is_good; 2572 2573 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2574 /* did we have something in progress? */ 2575 if( rs_ctx != NULL && rs_ctx->parent != NULL ) 2576 { 2577 /* restore saved state */ 2578 parent = rs_ctx->parent; 2579 fallback_parent = rs_ctx->fallback_parent; 2580 fallback_signature_is_good = rs_ctx->fallback_signature_is_good; 2581 2582 /* clear saved state */ 2583 rs_ctx->parent = NULL; 2584 rs_ctx->fallback_parent = NULL; 2585 rs_ctx->fallback_signature_is_good = 0; 2586 2587 /* resume where we left */ 2588 goto check_signature; 2589 } 2590 #endif 2591 2592 fallback_parent = NULL; 2593 fallback_signature_is_good = 0; 2594 2595 for( parent = candidates; parent != NULL; parent = parent->next ) 2596 { 2597 /* basic parenting skills (name, CA bit, key usage) */ 2598 if( x509_crt_check_parent( child, parent, top ) != 0 ) 2599 continue; 2600 2601 /* +1 because stored max_pathlen is 1 higher that the actual value */ 2602 if( parent->max_pathlen > 0 && 2603 (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) 2604 { 2605 continue; 2606 } 2607 2608 /* Signature */ 2609 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2610 check_signature: 2611 #endif 2612 ret = x509_crt_check_signature( child, parent, rs_ctx ); 2613 2614 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2615 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 2616 { 2617 /* save state */ 2618 rs_ctx->parent = parent; 2619 rs_ctx->fallback_parent = fallback_parent; 2620 rs_ctx->fallback_signature_is_good = fallback_signature_is_good; 2621 2622 return( ret ); 2623 } 2624 #else 2625 (void) ret; 2626 #endif 2627 2628 signature_is_good = ret == 0; 2629 if( top && ! signature_is_good ) 2630 continue; 2631 2632 /* optional time check */ 2633 if( mbedtls_x509_time_is_past( &parent->valid_to ) || 2634 mbedtls_x509_time_is_future( &parent->valid_from ) ) 2635 { 2636 if( fallback_parent == NULL ) 2637 { 2638 fallback_parent = parent; 2639 fallback_signature_is_good = signature_is_good; 2640 } 2641 2642 continue; 2643 } 2644 2645 *r_parent = parent; 2646 *r_signature_is_good = signature_is_good; 2647 2648 break; 2649 } 2650 2651 if( parent == NULL ) 2652 { 2653 *r_parent = fallback_parent; 2654 *r_signature_is_good = fallback_signature_is_good; 2655 } 2656 2657 return( 0 ); 2658 } 2659 2660 /* 2661 * Find a parent in trusted CAs or the provided chain, or return NULL. 2662 * 2663 * Searches in trusted CAs first, and return the first suitable parent found 2664 * (see find_parent_in() for definition of suitable). 2665 * 2666 * Arguments: 2667 * - [in] child: certificate for which we're looking for a parent, followed 2668 * by a chain of possible intermediates 2669 * - [in] trust_ca: list of locally trusted certificates 2670 * - [out] parent: parent found (or NULL) 2671 * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 2672 * - [out] signature_is_good: 1 if child signature by parent is valid, or 0 2673 * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child) 2674 * - [in] self_cnt: number of self-signed certs in the chain so far 2675 * (will always be no greater than path_cnt) 2676 * - [in-out] rs_ctx: context for restarting operations 2677 * 2678 * Return value: 2679 * - 0 on success 2680 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise 2681 */ 2682 static int x509_crt_find_parent( 2683 mbedtls_x509_crt *child, 2684 mbedtls_x509_crt *trust_ca, 2685 mbedtls_x509_crt **parent, 2686 int *parent_is_trusted, 2687 int *signature_is_good, 2688 unsigned path_cnt, 2689 unsigned self_cnt, 2690 mbedtls_x509_crt_restart_ctx *rs_ctx ) 2691 { 2692 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2693 mbedtls_x509_crt *search_list; 2694 2695 *parent_is_trusted = 1; 2696 2697 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2698 /* restore then clear saved state if we have some stored */ 2699 if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 ) 2700 { 2701 *parent_is_trusted = rs_ctx->parent_is_trusted; 2702 rs_ctx->parent_is_trusted = -1; 2703 } 2704 #endif 2705 2706 while( 1 ) { 2707 search_list = *parent_is_trusted ? trust_ca : child->next; 2708 2709 ret = x509_crt_find_parent_in( child, search_list, 2710 parent, signature_is_good, 2711 *parent_is_trusted, 2712 path_cnt, self_cnt, rs_ctx ); 2713 2714 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2715 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 2716 { 2717 /* save state */ 2718 rs_ctx->parent_is_trusted = *parent_is_trusted; 2719 return( ret ); 2720 } 2721 #else 2722 (void) ret; 2723 #endif 2724 2725 /* stop here if found or already in second iteration */ 2726 if( *parent != NULL || *parent_is_trusted == 0 ) 2727 break; 2728 2729 /* prepare second iteration */ 2730 *parent_is_trusted = 0; 2731 } 2732 2733 /* extra precaution against mistakes in the caller */ 2734 if( *parent == NULL ) 2735 { 2736 *parent_is_trusted = 0; 2737 *signature_is_good = 0; 2738 } 2739 2740 return( 0 ); 2741 } 2742 2743 /* 2744 * Check if an end-entity certificate is locally trusted 2745 * 2746 * Currently we require such certificates to be self-signed (actually only 2747 * check for self-issued as self-signatures are not checked) 2748 */ 2749 static int x509_crt_check_ee_locally_trusted( 2750 mbedtls_x509_crt *crt, 2751 mbedtls_x509_crt *trust_ca ) 2752 { 2753 mbedtls_x509_crt *cur; 2754 2755 /* must be self-issued */ 2756 if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 ) 2757 return( -1 ); 2758 2759 /* look for an exact match with trusted cert */ 2760 for( cur = trust_ca; cur != NULL; cur = cur->next ) 2761 { 2762 if( crt->raw.len == cur->raw.len && 2763 memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 ) 2764 { 2765 return( 0 ); 2766 } 2767 } 2768 2769 /* too bad */ 2770 return( -1 ); 2771 } 2772 2773 /* 2774 * Build and verify a certificate chain 2775 * 2776 * Given a peer-provided list of certificates EE, C1, ..., Cn and 2777 * a list of trusted certs R1, ... Rp, try to build and verify a chain 2778 * EE, Ci1, ... Ciq [, Rj] 2779 * such that every cert in the chain is a child of the next one, 2780 * jumping to a trusted root as early as possible. 2781 * 2782 * Verify that chain and return it with flags for all issues found. 2783 * 2784 * Special cases: 2785 * - EE == Rj -> return a one-element list containing it 2786 * - EE, Ci1, ..., Ciq cannot be continued with a trusted root 2787 * -> return that chain with NOT_TRUSTED set on Ciq 2788 * 2789 * Tests for (aspects of) this function should include at least: 2790 * - trusted EE 2791 * - EE -> trusted root 2792 * - EE -> intermediate CA -> trusted root 2793 * - if relevant: EE untrusted 2794 * - if relevant: EE -> intermediate, untrusted 2795 * with the aspect under test checked at each relevant level (EE, int, root). 2796 * For some aspects longer chains are required, but usually length 2 is 2797 * enough (but length 1 is not in general). 2798 * 2799 * Arguments: 2800 * - [in] crt: the cert list EE, C1, ..., Cn 2801 * - [in] trust_ca: the trusted list R1, ..., Rp 2802 * - [in] ca_crl, profile: as in verify_with_profile() 2803 * - [out] ver_chain: the built and verified chain 2804 * Only valid when return value is 0, may contain garbage otherwise! 2805 * Restart note: need not be the same when calling again to resume. 2806 * - [in-out] rs_ctx: context for restarting operations 2807 * 2808 * Return value: 2809 * - non-zero if the chain could not be fully built and examined 2810 * - 0 is the chain was successfully built and examined, 2811 * even if it was found to be invalid 2812 */ 2813 static int x509_crt_verify_chain( 2814 mbedtls_x509_crt *crt, 2815 mbedtls_x509_crt *trust_ca, 2816 mbedtls_x509_crl *ca_crl, 2817 mbedtls_x509_crt_ca_cb_t f_ca_cb, 2818 void *p_ca_cb, 2819 const mbedtls_x509_crt_profile *profile, 2820 mbedtls_x509_crt_verify_chain *ver_chain, 2821 mbedtls_x509_crt_restart_ctx *rs_ctx ) 2822 { 2823 /* Don't initialize any of those variables here, so that the compiler can 2824 * catch potential issues with jumping ahead when restarting */ 2825 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2826 uint32_t *flags; 2827 mbedtls_x509_crt_verify_chain_item *cur; 2828 mbedtls_x509_crt *child; 2829 mbedtls_x509_crt *parent; 2830 int parent_is_trusted; 2831 int child_is_trusted; 2832 int signature_is_good; 2833 unsigned self_cnt; 2834 mbedtls_x509_crt *cur_trust_ca = NULL; 2835 2836 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2837 /* resume if we had an operation in progress */ 2838 if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent ) 2839 { 2840 /* restore saved state */ 2841 *ver_chain = rs_ctx->ver_chain; /* struct copy */ 2842 self_cnt = rs_ctx->self_cnt; 2843 2844 /* restore derived state */ 2845 cur = &ver_chain->items[ver_chain->len - 1]; 2846 child = cur->crt; 2847 flags = &cur->flags; 2848 2849 goto find_parent; 2850 } 2851 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 2852 2853 child = crt; 2854 self_cnt = 0; 2855 parent_is_trusted = 0; 2856 child_is_trusted = 0; 2857 2858 while( 1 ) { 2859 /* Add certificate to the verification chain */ 2860 cur = &ver_chain->items[ver_chain->len]; 2861 cur->crt = child; 2862 cur->flags = 0; 2863 ver_chain->len++; 2864 flags = &cur->flags; 2865 2866 /* Check time-validity (all certificates) */ 2867 if( mbedtls_x509_time_is_past( &child->valid_to ) ) 2868 *flags |= MBEDTLS_X509_BADCERT_EXPIRED; 2869 2870 if( mbedtls_x509_time_is_future( &child->valid_from ) ) 2871 *flags |= MBEDTLS_X509_BADCERT_FUTURE; 2872 2873 /* Stop here for trusted roots (but not for trusted EE certs) */ 2874 if( child_is_trusted ) 2875 return( 0 ); 2876 2877 /* Check signature algorithm: MD & PK algs */ 2878 if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) 2879 *flags |= MBEDTLS_X509_BADCERT_BAD_MD; 2880 2881 if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) 2882 *flags |= MBEDTLS_X509_BADCERT_BAD_PK; 2883 2884 /* Special case: EE certs that are locally trusted */ 2885 if( ver_chain->len == 1 && 2886 x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) 2887 { 2888 return( 0 ); 2889 } 2890 2891 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2892 find_parent: 2893 #endif 2894 2895 /* Obtain list of potential trusted signers from CA callback, 2896 * or use statically provided list. */ 2897 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 2898 if( f_ca_cb != NULL ) 2899 { 2900 mbedtls_x509_crt_free( ver_chain->trust_ca_cb_result ); 2901 mbedtls_free( ver_chain->trust_ca_cb_result ); 2902 ver_chain->trust_ca_cb_result = NULL; 2903 2904 ret = f_ca_cb( p_ca_cb, child, &ver_chain->trust_ca_cb_result ); 2905 if( ret != 0 ) 2906 return( MBEDTLS_ERR_X509_FATAL_ERROR ); 2907 2908 cur_trust_ca = ver_chain->trust_ca_cb_result; 2909 } 2910 else 2911 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 2912 { 2913 ((void) f_ca_cb); 2914 ((void) p_ca_cb); 2915 cur_trust_ca = trust_ca; 2916 } 2917 2918 /* Look for a parent in trusted CAs or up the chain */ 2919 ret = x509_crt_find_parent( child, cur_trust_ca, &parent, 2920 &parent_is_trusted, &signature_is_good, 2921 ver_chain->len - 1, self_cnt, rs_ctx ); 2922 2923 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2924 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 2925 { 2926 /* save state */ 2927 rs_ctx->in_progress = x509_crt_rs_find_parent; 2928 rs_ctx->self_cnt = self_cnt; 2929 rs_ctx->ver_chain = *ver_chain; /* struct copy */ 2930 2931 return( ret ); 2932 } 2933 #else 2934 (void) ret; 2935 #endif 2936 2937 /* No parent? We're done here */ 2938 if( parent == NULL ) 2939 { 2940 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2941 return( 0 ); 2942 } 2943 2944 /* Count intermediate self-issued (not necessarily self-signed) certs. 2945 * These can occur with some strategies for key rollover, see [SIRO], 2946 * and should be excluded from max_pathlen checks. */ 2947 if( ver_chain->len != 1 && 2948 x509_name_cmp( &child->issuer, &child->subject ) == 0 ) 2949 { 2950 self_cnt++; 2951 } 2952 2953 /* path_cnt is 0 for the first intermediate CA, 2954 * and if parent is trusted it's not an intermediate CA */ 2955 if( ! parent_is_trusted && 2956 ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) 2957 { 2958 /* return immediately to avoid overflow the chain array */ 2959 return( MBEDTLS_ERR_X509_FATAL_ERROR ); 2960 } 2961 2962 /* signature was checked while searching parent */ 2963 if( ! signature_is_good ) 2964 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2965 2966 /* check size of signing key */ 2967 if( x509_profile_check_key( profile, &parent->pk ) != 0 ) 2968 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2969 2970 #if defined(MBEDTLS_X509_CRL_PARSE_C) 2971 /* Check trusted CA's CRL for the given crt */ 2972 *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile ); 2973 #else 2974 (void) ca_crl; 2975 #endif 2976 2977 /* prepare for next iteration */ 2978 child = parent; 2979 parent = NULL; 2980 child_is_trusted = parent_is_trusted; 2981 signature_is_good = 0; 2982 } 2983 } 2984 2985 /* 2986 * Check for CN match 2987 */ 2988 static int x509_crt_check_cn( const mbedtls_x509_buf *name, 2989 const char *cn, size_t cn_len ) 2990 { 2991 /* try exact match */ 2992 if( name->len == cn_len && 2993 x509_memcasecmp( cn, name->p, cn_len ) == 0 ) 2994 { 2995 return( 0 ); 2996 } 2997 2998 /* try wildcard match */ 2999 if( x509_check_wildcard( cn, name ) == 0 ) 3000 { 3001 return( 0 ); 3002 } 3003 3004 return( -1 ); 3005 } 3006 3007 /* 3008 * Check for SAN match, see RFC 5280 Section 4.2.1.6 3009 */ 3010 static int x509_crt_check_san( const mbedtls_x509_buf *name, 3011 const char *cn, size_t cn_len ) 3012 { 3013 const unsigned char san_type = (unsigned char) name->tag & 3014 MBEDTLS_ASN1_TAG_VALUE_MASK; 3015 3016 /* dNSName */ 3017 if( san_type == MBEDTLS_X509_SAN_DNS_NAME ) 3018 return( x509_crt_check_cn( name, cn, cn_len ) ); 3019 3020 /* (We may handle other types here later.) */ 3021 3022 /* Unrecognized type */ 3023 return( -1 ); 3024 } 3025 3026 /* 3027 * Verify the requested CN - only call this if cn is not NULL! 3028 */ 3029 static void x509_crt_verify_name( const mbedtls_x509_crt *crt, 3030 const char *cn, 3031 uint32_t *flags ) 3032 { 3033 const mbedtls_x509_name *name; 3034 const mbedtls_x509_sequence *cur; 3035 size_t cn_len = strlen( cn ); 3036 3037 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 3038 { 3039 for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) 3040 { 3041 if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 ) 3042 break; 3043 } 3044 3045 if( cur == NULL ) 3046 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 3047 } 3048 else 3049 { 3050 for( name = &crt->subject; name != NULL; name = name->next ) 3051 { 3052 if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && 3053 x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) 3054 { 3055 break; 3056 } 3057 } 3058 3059 if( name == NULL ) 3060 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 3061 } 3062 } 3063 3064 /* 3065 * Merge the flags for all certs in the chain, after calling callback 3066 */ 3067 static int x509_crt_merge_flags_with_cb( 3068 uint32_t *flags, 3069 const mbedtls_x509_crt_verify_chain *ver_chain, 3070 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3071 void *p_vrfy ) 3072 { 3073 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 3074 unsigned i; 3075 uint32_t cur_flags; 3076 const mbedtls_x509_crt_verify_chain_item *cur; 3077 3078 for( i = ver_chain->len; i != 0; --i ) 3079 { 3080 cur = &ver_chain->items[i-1]; 3081 cur_flags = cur->flags; 3082 3083 if( NULL != f_vrfy ) 3084 if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) 3085 return( ret ); 3086 3087 *flags |= cur_flags; 3088 } 3089 3090 return( 0 ); 3091 } 3092 3093 /* 3094 * Verify the certificate validity, with profile, restartable version 3095 * 3096 * This function: 3097 * - checks the requested CN (if any) 3098 * - checks the type and size of the EE cert's key, 3099 * as that isn't done as part of chain building/verification currently 3100 * - builds and verifies the chain 3101 * - then calls the callback and merges the flags 3102 * 3103 * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb` 3104 * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the 3105 * verification routine to search for trusted signers, and CRLs will 3106 * be disabled. Otherwise, `trust_ca` will be used as the static list 3107 * of trusted signers, and `ca_crl` will be use as the static list 3108 * of CRLs. 3109 */ 3110 static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, 3111 mbedtls_x509_crt *trust_ca, 3112 mbedtls_x509_crl *ca_crl, 3113 mbedtls_x509_crt_ca_cb_t f_ca_cb, 3114 void *p_ca_cb, 3115 const mbedtls_x509_crt_profile *profile, 3116 const char *cn, uint32_t *flags, 3117 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3118 void *p_vrfy, 3119 mbedtls_x509_crt_restart_ctx *rs_ctx ) 3120 { 3121 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 3122 mbedtls_pk_type_t pk_type; 3123 mbedtls_x509_crt_verify_chain ver_chain; 3124 uint32_t ee_flags; 3125 3126 *flags = 0; 3127 ee_flags = 0; 3128 x509_crt_verify_chain_reset( &ver_chain ); 3129 3130 if( profile == NULL ) 3131 { 3132 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; 3133 goto exit; 3134 } 3135 3136 /* check name if requested */ 3137 if( cn != NULL ) 3138 x509_crt_verify_name( crt, cn, &ee_flags ); 3139 3140 /* Check the type and size of the key */ 3141 pk_type = mbedtls_pk_get_type( &crt->pk ); 3142 3143 if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) 3144 ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; 3145 3146 if( x509_profile_check_key( profile, &crt->pk ) != 0 ) 3147 ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 3148 3149 /* Check the chain */ 3150 ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, 3151 f_ca_cb, p_ca_cb, profile, 3152 &ver_chain, rs_ctx ); 3153 3154 if( ret != 0 ) 3155 goto exit; 3156 3157 /* Merge end-entity flags */ 3158 ver_chain.items[0].flags |= ee_flags; 3159 3160 /* Build final flags, calling callback on the way if any */ 3161 ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); 3162 3163 exit: 3164 3165 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 3166 mbedtls_x509_crt_free( ver_chain.trust_ca_cb_result ); 3167 mbedtls_free( ver_chain.trust_ca_cb_result ); 3168 ver_chain.trust_ca_cb_result = NULL; 3169 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 3170 3171 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 3172 if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 3173 mbedtls_x509_crt_restart_free( rs_ctx ); 3174 #endif 3175 3176 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by 3177 * the SSL module for authmode optional, but non-zero return from the 3178 * callback means a fatal error so it shouldn't be ignored */ 3179 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) 3180 ret = MBEDTLS_ERR_X509_FATAL_ERROR; 3181 3182 if( ret != 0 ) 3183 { 3184 *flags = (uint32_t) -1; 3185 return( ret ); 3186 } 3187 3188 if( *flags != 0 ) 3189 return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); 3190 3191 return( 0 ); 3192 } 3193 3194 3195 /* 3196 * Verify the certificate validity (default profile, not restartable) 3197 */ 3198 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, 3199 mbedtls_x509_crt *trust_ca, 3200 mbedtls_x509_crl *ca_crl, 3201 const char *cn, uint32_t *flags, 3202 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3203 void *p_vrfy ) 3204 { 3205 return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, 3206 NULL, NULL, 3207 &mbedtls_x509_crt_profile_default, 3208 cn, flags, 3209 f_vrfy, p_vrfy, NULL ) ); 3210 } 3211 3212 /* 3213 * Verify the certificate validity (user-chosen profile, not restartable) 3214 */ 3215 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, 3216 mbedtls_x509_crt *trust_ca, 3217 mbedtls_x509_crl *ca_crl, 3218 const mbedtls_x509_crt_profile *profile, 3219 const char *cn, uint32_t *flags, 3220 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3221 void *p_vrfy ) 3222 { 3223 return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, 3224 NULL, NULL, 3225 profile, cn, flags, 3226 f_vrfy, p_vrfy, NULL ) ); 3227 } 3228 3229 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 3230 /* 3231 * Verify the certificate validity (user-chosen profile, CA callback, 3232 * not restartable). 3233 */ 3234 int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, 3235 mbedtls_x509_crt_ca_cb_t f_ca_cb, 3236 void *p_ca_cb, 3237 const mbedtls_x509_crt_profile *profile, 3238 const char *cn, uint32_t *flags, 3239 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3240 void *p_vrfy ) 3241 { 3242 return( x509_crt_verify_restartable_ca_cb( crt, NULL, NULL, 3243 f_ca_cb, p_ca_cb, 3244 profile, cn, flags, 3245 f_vrfy, p_vrfy, NULL ) ); 3246 } 3247 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 3248 3249 int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, 3250 mbedtls_x509_crt *trust_ca, 3251 mbedtls_x509_crl *ca_crl, 3252 const mbedtls_x509_crt_profile *profile, 3253 const char *cn, uint32_t *flags, 3254 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3255 void *p_vrfy, 3256 mbedtls_x509_crt_restart_ctx *rs_ctx ) 3257 { 3258 return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, 3259 NULL, NULL, 3260 profile, cn, flags, 3261 f_vrfy, p_vrfy, rs_ctx ) ); 3262 } 3263 3264 3265 /* 3266 * Initialize a certificate chain 3267 */ 3268 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ) 3269 { 3270 memset( crt, 0, sizeof(mbedtls_x509_crt) ); 3271 } 3272 3273 /* 3274 * Unallocate all certificate data 3275 */ 3276 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) 3277 { 3278 mbedtls_x509_crt *cert_cur = crt; 3279 mbedtls_x509_crt *cert_prv; 3280 mbedtls_x509_name *name_cur; 3281 mbedtls_x509_name *name_prv; 3282 mbedtls_x509_sequence *seq_cur; 3283 mbedtls_x509_sequence *seq_prv; 3284 3285 if( crt == NULL ) 3286 return; 3287 3288 do 3289 { 3290 mbedtls_pk_free( &cert_cur->pk ); 3291 3292 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 3293 mbedtls_free( cert_cur->sig_opts ); 3294 #endif 3295 3296 name_cur = cert_cur->issuer.next; 3297 while( name_cur != NULL ) 3298 { 3299 name_prv = name_cur; 3300 name_cur = name_cur->next; 3301 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 3302 mbedtls_free( name_prv ); 3303 } 3304 3305 name_cur = cert_cur->subject.next; 3306 while( name_cur != NULL ) 3307 { 3308 name_prv = name_cur; 3309 name_cur = name_cur->next; 3310 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 3311 mbedtls_free( name_prv ); 3312 } 3313 3314 seq_cur = cert_cur->ext_key_usage.next; 3315 while( seq_cur != NULL ) 3316 { 3317 seq_prv = seq_cur; 3318 seq_cur = seq_cur->next; 3319 mbedtls_platform_zeroize( seq_prv, 3320 sizeof( mbedtls_x509_sequence ) ); 3321 mbedtls_free( seq_prv ); 3322 } 3323 3324 seq_cur = cert_cur->subject_alt_names.next; 3325 while( seq_cur != NULL ) 3326 { 3327 seq_prv = seq_cur; 3328 seq_cur = seq_cur->next; 3329 mbedtls_platform_zeroize( seq_prv, 3330 sizeof( mbedtls_x509_sequence ) ); 3331 mbedtls_free( seq_prv ); 3332 } 3333 3334 seq_cur = cert_cur->certificate_policies.next; 3335 while( seq_cur != NULL ) 3336 { 3337 seq_prv = seq_cur; 3338 seq_cur = seq_cur->next; 3339 mbedtls_platform_zeroize( seq_prv, 3340 sizeof( mbedtls_x509_sequence ) ); 3341 mbedtls_free( seq_prv ); 3342 } 3343 3344 if( cert_cur->raw.p != NULL && cert_cur->own_buffer ) 3345 { 3346 mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); 3347 mbedtls_free( cert_cur->raw.p ); 3348 } 3349 3350 cert_cur = cert_cur->next; 3351 } 3352 while( cert_cur != NULL ); 3353 3354 cert_cur = crt; 3355 do 3356 { 3357 cert_prv = cert_cur; 3358 cert_cur = cert_cur->next; 3359 3360 mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); 3361 if( cert_prv != crt ) 3362 mbedtls_free( cert_prv ); 3363 } 3364 while( cert_cur != NULL ); 3365 } 3366 3367 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 3368 /* 3369 * Initialize a restart context 3370 */ 3371 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) 3372 { 3373 mbedtls_pk_restart_init( &ctx->pk ); 3374 3375 ctx->parent = NULL; 3376 ctx->fallback_parent = NULL; 3377 ctx->fallback_signature_is_good = 0; 3378 3379 ctx->parent_is_trusted = -1; 3380 3381 ctx->in_progress = x509_crt_rs_none; 3382 ctx->self_cnt = 0; 3383 x509_crt_verify_chain_reset( &ctx->ver_chain ); 3384 } 3385 3386 /* 3387 * Free the components of a restart context 3388 */ 3389 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) 3390 { 3391 if( ctx == NULL ) 3392 return; 3393 3394 mbedtls_pk_restart_free( &ctx->pk ); 3395 mbedtls_x509_crt_restart_init( ctx ); 3396 } 3397 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 3398 3399 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 3400