[398] | 1 | /*
|
---|
| 2 | * X.509 certificate parsing and verification
|
---|
| 3 | *
|
---|
| 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
| 5 | * SPDX-License-Identifier: Apache-2.0
|
---|
| 6 | *
|
---|
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
| 8 | * not use this file except in compliance with the License.
|
---|
| 9 | * You may obtain a copy of the License at
|
---|
| 10 | *
|
---|
| 11 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
| 12 | *
|
---|
| 13 | * Unless required by applicable law or agreed to in writing, software
|
---|
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
| 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
| 16 | * See the License for the specific language governing permissions and
|
---|
| 17 | * limitations under the License.
|
---|
| 18 | *
|
---|
| 19 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
| 20 | */
|
---|
| 21 | /*
|
---|
| 22 | * The ITU-T X.509 standard defines a certificate format for PKI.
|
---|
| 23 | *
|
---|
| 24 | * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
|
---|
| 25 | * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
|
---|
| 26 | * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
|
---|
| 27 | *
|
---|
| 28 | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
|
---|
| 29 | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
|
---|
| 30 | *
|
---|
| 31 | * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
|
---|
| 32 | */
|
---|
| 33 |
|
---|
| 34 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
| 35 | #include "mbedtls/config.h"
|
---|
| 36 | #else
|
---|
| 37 | #include MBEDTLS_CONFIG_FILE
|
---|
| 38 | #endif
|
---|
| 39 |
|
---|
| 40 | #if defined(MBEDTLS_X509_CRT_PARSE_C)
|
---|
| 41 |
|
---|
| 42 | #include "mbedtls/x509_crt.h"
|
---|
| 43 | #include "mbedtls/oid.h"
|
---|
| 44 | #include "mbedtls/platform_util.h"
|
---|
| 45 |
|
---|
| 46 | #include <string.h>
|
---|
| 47 |
|
---|
| 48 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 49 | #include "mbedtls/pem.h"
|
---|
| 50 | #endif
|
---|
| 51 |
|
---|
| 52 | #if defined(MBEDTLS_PLATFORM_C)
|
---|
| 53 | #include "mbedtls/platform.h"
|
---|
| 54 | #else
|
---|
| 55 | #include <stdio.h>
|
---|
| 56 | #include <stdlib.h>
|
---|
| 57 | #define mbedtls_free free
|
---|
| 58 | #define mbedtls_calloc calloc
|
---|
| 59 | #define mbedtls_snprintf snprintf
|
---|
| 60 | #endif
|
---|
| 61 |
|
---|
| 62 | #if defined(MBEDTLS_THREADING_C)
|
---|
| 63 | #include "mbedtls/threading.h"
|
---|
| 64 | #endif
|
---|
| 65 |
|
---|
| 66 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
---|
| 67 | #include <windows.h>
|
---|
| 68 | #else
|
---|
| 69 | #include <time.h>
|
---|
| 70 | #endif
|
---|
| 71 |
|
---|
| 72 | #if defined(MBEDTLS_FS_IO)
|
---|
| 73 | #include <stdio.h>
|
---|
| 74 | #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
|
---|
| 75 | #include <sys/types.h>
|
---|
| 76 | #include <sys/stat.h>
|
---|
| 77 | #include <dirent.h>
|
---|
| 78 | #endif /* !_WIN32 || EFIX64 || EFI32 */
|
---|
| 79 | #endif
|
---|
| 80 |
|
---|
| 81 | /*
|
---|
| 82 | * Item in a verification chain: cert and flags for it
|
---|
| 83 | */
|
---|
| 84 | typedef struct {
|
---|
| 85 | mbedtls_x509_crt *crt;
|
---|
| 86 | uint32_t flags;
|
---|
| 87 | } x509_crt_verify_chain_item;
|
---|
| 88 |
|
---|
| 89 | /*
|
---|
| 90 | * Max size of verification chain: end-entity + intermediates + trusted root
|
---|
| 91 | */
|
---|
| 92 | #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
|
---|
| 93 |
|
---|
| 94 | /*
|
---|
| 95 | * Default profile
|
---|
| 96 | */
|
---|
| 97 | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
|
---|
| 98 | {
|
---|
| 99 | #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
|
---|
| 100 | /* Allow SHA-1 (weak, but still safe in controlled environments) */
|
---|
| 101 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
---|
| 102 | #endif
|
---|
| 103 | /* Only SHA-2 hashes */
|
---|
| 104 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
|
---|
| 105 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
---|
| 106 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
---|
| 107 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
|
---|
| 108 | 0xFFFFFFF, /* Any PK alg */
|
---|
| 109 | 0xFFFFFFF, /* Any curve */
|
---|
| 110 | 2048,
|
---|
| 111 | };
|
---|
| 112 |
|
---|
| 113 | /*
|
---|
| 114 | * Next-default profile
|
---|
| 115 | */
|
---|
| 116 | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
|
---|
| 117 | {
|
---|
| 118 | /* Hashes from SHA-256 and above */
|
---|
| 119 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
---|
| 120 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
|
---|
| 121 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
|
---|
| 122 | 0xFFFFFFF, /* Any PK alg */
|
---|
| 123 | #if defined(MBEDTLS_ECP_C)
|
---|
| 124 | /* Curves at or above 128-bit security level */
|
---|
| 125 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
|
---|
| 126 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
|
---|
| 127 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
|
---|
| 128 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
|
---|
| 129 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
|
---|
| 130 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
|
---|
| 131 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
|
---|
| 132 | #else
|
---|
| 133 | 0,
|
---|
| 134 | #endif
|
---|
| 135 | 2048,
|
---|
| 136 | };
|
---|
| 137 |
|
---|
| 138 | /*
|
---|
| 139 | * NSA Suite B Profile
|
---|
| 140 | */
|
---|
| 141 | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
|
---|
| 142 | {
|
---|
| 143 | /* Only SHA-256 and 384 */
|
---|
| 144 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
---|
| 145 | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
|
---|
| 146 | /* Only ECDSA */
|
---|
| 147 | MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
|
---|
| 148 | MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
|
---|
| 149 | #if defined(MBEDTLS_ECP_C)
|
---|
| 150 | /* Only NIST P-256 and P-384 */
|
---|
| 151 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
|
---|
| 152 | MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
|
---|
| 153 | #else
|
---|
| 154 | 0,
|
---|
| 155 | #endif
|
---|
| 156 | 0,
|
---|
| 157 | };
|
---|
| 158 |
|
---|
| 159 | /*
|
---|
| 160 | * Check md_alg against profile
|
---|
| 161 | * Return 0 if md_alg is acceptable for this profile, -1 otherwise
|
---|
| 162 | */
|
---|
| 163 | static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
|
---|
| 164 | mbedtls_md_type_t md_alg )
|
---|
| 165 | {
|
---|
| 166 | if( md_alg == MBEDTLS_MD_NONE )
|
---|
| 167 | return( -1 );
|
---|
| 168 |
|
---|
| 169 | if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
|
---|
| 170 | return( 0 );
|
---|
| 171 |
|
---|
| 172 | return( -1 );
|
---|
| 173 | }
|
---|
| 174 |
|
---|
| 175 | /*
|
---|
| 176 | * Check pk_alg against profile
|
---|
| 177 | * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
|
---|
| 178 | */
|
---|
| 179 | static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
|
---|
| 180 | mbedtls_pk_type_t pk_alg )
|
---|
| 181 | {
|
---|
| 182 | if( pk_alg == MBEDTLS_PK_NONE )
|
---|
| 183 | return( -1 );
|
---|
| 184 |
|
---|
| 185 | if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
|
---|
| 186 | return( 0 );
|
---|
| 187 |
|
---|
| 188 | return( -1 );
|
---|
| 189 | }
|
---|
| 190 |
|
---|
| 191 | /*
|
---|
| 192 | * Check key against profile
|
---|
| 193 | * Return 0 if pk is acceptable for this profile, -1 otherwise
|
---|
| 194 | */
|
---|
| 195 | static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
|
---|
| 196 | const mbedtls_pk_context *pk )
|
---|
| 197 | {
|
---|
| 198 | const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk );
|
---|
| 199 |
|
---|
| 200 | #if defined(MBEDTLS_RSA_C)
|
---|
| 201 | if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
|
---|
| 202 | {
|
---|
| 203 | if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
|
---|
| 204 | return( 0 );
|
---|
| 205 |
|
---|
| 206 | return( -1 );
|
---|
| 207 | }
|
---|
| 208 | #endif
|
---|
| 209 |
|
---|
| 210 | #if defined(MBEDTLS_ECP_C)
|
---|
| 211 | if( pk_alg == MBEDTLS_PK_ECDSA ||
|
---|
| 212 | pk_alg == MBEDTLS_PK_ECKEY ||
|
---|
| 213 | pk_alg == MBEDTLS_PK_ECKEY_DH )
|
---|
| 214 | {
|
---|
| 215 | const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
|
---|
| 216 |
|
---|
| 217 | if( gid == MBEDTLS_ECP_DP_NONE )
|
---|
| 218 | return( -1 );
|
---|
| 219 |
|
---|
| 220 | if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
|
---|
| 221 | return( 0 );
|
---|
| 222 |
|
---|
| 223 | return( -1 );
|
---|
| 224 | }
|
---|
| 225 | #endif
|
---|
| 226 |
|
---|
| 227 | return( -1 );
|
---|
| 228 | }
|
---|
| 229 |
|
---|
| 230 | /*
|
---|
| 231 | * Like memcmp, but case-insensitive and always returns -1 if different
|
---|
| 232 | */
|
---|
| 233 | static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
|
---|
| 234 | {
|
---|
| 235 | size_t i;
|
---|
| 236 | unsigned char diff;
|
---|
| 237 | const unsigned char *n1 = s1, *n2 = s2;
|
---|
| 238 |
|
---|
| 239 | for( i = 0; i < len; i++ )
|
---|
| 240 | {
|
---|
| 241 | diff = n1[i] ^ n2[i];
|
---|
| 242 |
|
---|
| 243 | if( diff == 0 )
|
---|
| 244 | continue;
|
---|
| 245 |
|
---|
| 246 | if( diff == 32 &&
|
---|
| 247 | ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
|
---|
| 248 | ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
|
---|
| 249 | {
|
---|
| 250 | continue;
|
---|
| 251 | }
|
---|
| 252 |
|
---|
| 253 | return( -1 );
|
---|
| 254 | }
|
---|
| 255 |
|
---|
| 256 | return( 0 );
|
---|
| 257 | }
|
---|
| 258 |
|
---|
| 259 | /*
|
---|
| 260 | * Return 0 if name matches wildcard, -1 otherwise
|
---|
| 261 | */
|
---|
| 262 | static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
|
---|
| 263 | {
|
---|
| 264 | size_t i;
|
---|
| 265 | size_t cn_idx = 0, cn_len = strlen( cn );
|
---|
| 266 |
|
---|
| 267 | /* We can't have a match if there is no wildcard to match */
|
---|
| 268 | if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
|
---|
| 269 | return( -1 );
|
---|
| 270 |
|
---|
| 271 | for( i = 0; i < cn_len; ++i )
|
---|
| 272 | {
|
---|
| 273 | if( cn[i] == '.' )
|
---|
| 274 | {
|
---|
| 275 | cn_idx = i;
|
---|
| 276 | break;
|
---|
| 277 | }
|
---|
| 278 | }
|
---|
| 279 |
|
---|
| 280 | if( cn_idx == 0 )
|
---|
| 281 | return( -1 );
|
---|
| 282 |
|
---|
| 283 | if( cn_len - cn_idx == name->len - 1 &&
|
---|
| 284 | x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
|
---|
| 285 | {
|
---|
| 286 | return( 0 );
|
---|
| 287 | }
|
---|
| 288 |
|
---|
| 289 | return( -1 );
|
---|
| 290 | }
|
---|
| 291 |
|
---|
| 292 | /*
|
---|
| 293 | * Compare two X.509 strings, case-insensitive, and allowing for some encoding
|
---|
| 294 | * variations (but not all).
|
---|
| 295 | *
|
---|
| 296 | * Return 0 if equal, -1 otherwise.
|
---|
| 297 | */
|
---|
| 298 | static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
|
---|
| 299 | {
|
---|
| 300 | if( a->tag == b->tag &&
|
---|
| 301 | a->len == b->len &&
|
---|
| 302 | memcmp( a->p, b->p, b->len ) == 0 )
|
---|
| 303 | {
|
---|
| 304 | return( 0 );
|
---|
| 305 | }
|
---|
| 306 |
|
---|
| 307 | if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
|
---|
| 308 | ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
|
---|
| 309 | a->len == b->len &&
|
---|
| 310 | x509_memcasecmp( a->p, b->p, b->len ) == 0 )
|
---|
| 311 | {
|
---|
| 312 | return( 0 );
|
---|
| 313 | }
|
---|
| 314 |
|
---|
| 315 | return( -1 );
|
---|
| 316 | }
|
---|
| 317 |
|
---|
| 318 | /*
|
---|
| 319 | * Compare two X.509 Names (aka rdnSequence).
|
---|
| 320 | *
|
---|
| 321 | * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
|
---|
| 322 | * we sometimes return unequal when the full algorithm would return equal,
|
---|
| 323 | * but never the other way. (In particular, we don't do Unicode normalisation
|
---|
| 324 | * or space folding.)
|
---|
| 325 | *
|
---|
| 326 | * Return 0 if equal, -1 otherwise.
|
---|
| 327 | */
|
---|
| 328 | static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
|
---|
| 329 | {
|
---|
| 330 | /* Avoid recursion, it might not be optimised by the compiler */
|
---|
| 331 | while( a != NULL || b != NULL )
|
---|
| 332 | {
|
---|
| 333 | if( a == NULL || b == NULL )
|
---|
| 334 | return( -1 );
|
---|
| 335 |
|
---|
| 336 | /* type */
|
---|
| 337 | if( a->oid.tag != b->oid.tag ||
|
---|
| 338 | a->oid.len != b->oid.len ||
|
---|
| 339 | memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
|
---|
| 340 | {
|
---|
| 341 | return( -1 );
|
---|
| 342 | }
|
---|
| 343 |
|
---|
| 344 | /* value */
|
---|
| 345 | if( x509_string_cmp( &a->val, &b->val ) != 0 )
|
---|
| 346 | return( -1 );
|
---|
| 347 |
|
---|
| 348 | /* structure of the list of sets */
|
---|
| 349 | if( a->next_merged != b->next_merged )
|
---|
| 350 | return( -1 );
|
---|
| 351 |
|
---|
| 352 | a = a->next;
|
---|
| 353 | b = b->next;
|
---|
| 354 | }
|
---|
| 355 |
|
---|
| 356 | /* a == NULL == b */
|
---|
| 357 | return( 0 );
|
---|
| 358 | }
|
---|
| 359 |
|
---|
| 360 | /*
|
---|
| 361 | * Reset (init or clear) a verify_chain
|
---|
| 362 | */
|
---|
| 363 | static void x509_crt_verify_chain_reset(
|
---|
| 364 | mbedtls_x509_crt_verify_chain *ver_chain )
|
---|
| 365 | {
|
---|
| 366 | size_t i;
|
---|
| 367 |
|
---|
| 368 | for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ )
|
---|
| 369 | {
|
---|
| 370 | ver_chain->items[i].crt = NULL;
|
---|
| 371 | ver_chain->items[i].flags = (uint32_t) -1;
|
---|
| 372 | }
|
---|
| 373 |
|
---|
| 374 | ver_chain->len = 0;
|
---|
| 375 | }
|
---|
| 376 |
|
---|
| 377 | /*
|
---|
| 378 | * Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
---|
| 379 | */
|
---|
| 380 | static int x509_get_version( unsigned char **p,
|
---|
| 381 | const unsigned char *end,
|
---|
| 382 | int *ver )
|
---|
| 383 | {
|
---|
| 384 | int ret;
|
---|
| 385 | size_t len;
|
---|
| 386 |
|
---|
| 387 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
| 388 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 )
|
---|
| 389 | {
|
---|
| 390 | if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
---|
| 391 | {
|
---|
| 392 | *ver = 0;
|
---|
| 393 | return( 0 );
|
---|
| 394 | }
|
---|
| 395 |
|
---|
| 396 | return( ret );
|
---|
| 397 | }
|
---|
| 398 |
|
---|
| 399 | end = *p + len;
|
---|
| 400 |
|
---|
| 401 | if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
|
---|
| 402 | return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
|
---|
| 403 |
|
---|
| 404 | if( *p != end )
|
---|
| 405 | return( MBEDTLS_ERR_X509_INVALID_VERSION +
|
---|
| 406 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 407 |
|
---|
| 408 | return( 0 );
|
---|
| 409 | }
|
---|
| 410 |
|
---|
| 411 | /*
|
---|
| 412 | * Validity ::= SEQUENCE {
|
---|
| 413 | * notBefore Time,
|
---|
| 414 | * notAfter Time }
|
---|
| 415 | */
|
---|
| 416 | static int x509_get_dates( unsigned char **p,
|
---|
| 417 | const unsigned char *end,
|
---|
| 418 | mbedtls_x509_time *from,
|
---|
| 419 | mbedtls_x509_time *to )
|
---|
| 420 | {
|
---|
| 421 | int ret;
|
---|
| 422 | size_t len;
|
---|
| 423 |
|
---|
| 424 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
| 425 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 426 | return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
|
---|
| 427 |
|
---|
| 428 | end = *p + len;
|
---|
| 429 |
|
---|
| 430 | if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
|
---|
| 431 | return( ret );
|
---|
| 432 |
|
---|
| 433 | if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
|
---|
| 434 | return( ret );
|
---|
| 435 |
|
---|
| 436 | if( *p != end )
|
---|
| 437 | return( MBEDTLS_ERR_X509_INVALID_DATE +
|
---|
| 438 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 439 |
|
---|
| 440 | return( 0 );
|
---|
| 441 | }
|
---|
| 442 |
|
---|
| 443 | /*
|
---|
| 444 | * X.509 v2/v3 unique identifier (not parsed)
|
---|
| 445 | */
|
---|
| 446 | static int x509_get_uid( unsigned char **p,
|
---|
| 447 | const unsigned char *end,
|
---|
| 448 | mbedtls_x509_buf *uid, int n )
|
---|
| 449 | {
|
---|
| 450 | int ret;
|
---|
| 451 |
|
---|
| 452 | if( *p == end )
|
---|
| 453 | return( 0 );
|
---|
| 454 |
|
---|
| 455 | uid->tag = **p;
|
---|
| 456 |
|
---|
| 457 | if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
|
---|
| 458 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
|
---|
| 459 | {
|
---|
| 460 | if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
---|
| 461 | return( 0 );
|
---|
| 462 |
|
---|
| 463 | return( ret );
|
---|
| 464 | }
|
---|
| 465 |
|
---|
| 466 | uid->p = *p;
|
---|
| 467 | *p += uid->len;
|
---|
| 468 |
|
---|
| 469 | return( 0 );
|
---|
| 470 | }
|
---|
| 471 |
|
---|
| 472 | static int x509_get_basic_constraints( unsigned char **p,
|
---|
| 473 | const unsigned char *end,
|
---|
| 474 | int *ca_istrue,
|
---|
| 475 | int *max_pathlen )
|
---|
| 476 | {
|
---|
| 477 | int ret;
|
---|
| 478 | size_t len;
|
---|
| 479 |
|
---|
| 480 | /*
|
---|
| 481 | * BasicConstraints ::= SEQUENCE {
|
---|
| 482 | * cA BOOLEAN DEFAULT FALSE,
|
---|
| 483 | * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
|
---|
| 484 | */
|
---|
| 485 | *ca_istrue = 0; /* DEFAULT FALSE */
|
---|
| 486 | *max_pathlen = 0; /* endless */
|
---|
| 487 |
|
---|
| 488 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
| 489 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 490 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 491 |
|
---|
| 492 | if( *p == end )
|
---|
| 493 | return( 0 );
|
---|
| 494 |
|
---|
| 495 | if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
|
---|
| 496 | {
|
---|
| 497 | if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
---|
| 498 | ret = mbedtls_asn1_get_int( p, end, ca_istrue );
|
---|
| 499 |
|
---|
| 500 | if( ret != 0 )
|
---|
| 501 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 502 |
|
---|
| 503 | if( *ca_istrue != 0 )
|
---|
| 504 | *ca_istrue = 1;
|
---|
| 505 | }
|
---|
| 506 |
|
---|
| 507 | if( *p == end )
|
---|
| 508 | return( 0 );
|
---|
| 509 |
|
---|
| 510 | if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
|
---|
| 511 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 512 |
|
---|
| 513 | if( *p != end )
|
---|
| 514 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 515 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 516 |
|
---|
| 517 | (*max_pathlen)++;
|
---|
| 518 |
|
---|
| 519 | return( 0 );
|
---|
| 520 | }
|
---|
| 521 |
|
---|
| 522 | static int x509_get_ns_cert_type( unsigned char **p,
|
---|
| 523 | const unsigned char *end,
|
---|
| 524 | unsigned char *ns_cert_type)
|
---|
| 525 | {
|
---|
| 526 | int ret;
|
---|
| 527 | mbedtls_x509_bitstring bs = { 0, 0, NULL };
|
---|
| 528 |
|
---|
| 529 | if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
|
---|
| 530 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 531 |
|
---|
| 532 | if( bs.len != 1 )
|
---|
| 533 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 534 | MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
---|
| 535 |
|
---|
| 536 | /* Get actual bitstring */
|
---|
| 537 | *ns_cert_type = *bs.p;
|
---|
| 538 | return( 0 );
|
---|
| 539 | }
|
---|
| 540 |
|
---|
| 541 | static int x509_get_key_usage( unsigned char **p,
|
---|
| 542 | const unsigned char *end,
|
---|
| 543 | unsigned int *key_usage)
|
---|
| 544 | {
|
---|
| 545 | int ret;
|
---|
| 546 | size_t i;
|
---|
| 547 | mbedtls_x509_bitstring bs = { 0, 0, NULL };
|
---|
| 548 |
|
---|
| 549 | if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
|
---|
| 550 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 551 |
|
---|
| 552 | if( bs.len < 1 )
|
---|
| 553 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 554 | MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
---|
| 555 |
|
---|
| 556 | /* Get actual bitstring */
|
---|
| 557 | *key_usage = 0;
|
---|
| 558 | for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
|
---|
| 559 | {
|
---|
| 560 | *key_usage |= (unsigned int) bs.p[i] << (8*i);
|
---|
| 561 | }
|
---|
| 562 |
|
---|
| 563 | return( 0 );
|
---|
| 564 | }
|
---|
| 565 |
|
---|
| 566 | /*
|
---|
| 567 | * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
|
---|
| 568 | *
|
---|
| 569 | * KeyPurposeId ::= OBJECT IDENTIFIER
|
---|
| 570 | */
|
---|
| 571 | static int x509_get_ext_key_usage( unsigned char **p,
|
---|
| 572 | const unsigned char *end,
|
---|
| 573 | mbedtls_x509_sequence *ext_key_usage)
|
---|
| 574 | {
|
---|
| 575 | int ret;
|
---|
| 576 |
|
---|
| 577 | if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
|
---|
| 578 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 579 |
|
---|
| 580 | /* Sequence length must be >= 1 */
|
---|
| 581 | if( ext_key_usage->buf.p == NULL )
|
---|
| 582 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 583 | MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
---|
| 584 |
|
---|
| 585 | return( 0 );
|
---|
| 586 | }
|
---|
| 587 |
|
---|
| 588 | /*
|
---|
| 589 | * SubjectAltName ::= GeneralNames
|
---|
| 590 | *
|
---|
| 591 | * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
|
---|
| 592 | *
|
---|
| 593 | * GeneralName ::= CHOICE {
|
---|
| 594 | * otherName [0] OtherName,
|
---|
| 595 | * rfc822Name [1] IA5String,
|
---|
| 596 | * dNSName [2] IA5String,
|
---|
| 597 | * x400Address [3] ORAddress,
|
---|
| 598 | * directoryName [4] Name,
|
---|
| 599 | * ediPartyName [5] EDIPartyName,
|
---|
| 600 | * uniformResourceIdentifier [6] IA5String,
|
---|
| 601 | * iPAddress [7] OCTET STRING,
|
---|
| 602 | * registeredID [8] OBJECT IDENTIFIER }
|
---|
| 603 | *
|
---|
| 604 | * OtherName ::= SEQUENCE {
|
---|
| 605 | * type-id OBJECT IDENTIFIER,
|
---|
| 606 | * value [0] EXPLICIT ANY DEFINED BY type-id }
|
---|
| 607 | *
|
---|
| 608 | * EDIPartyName ::= SEQUENCE {
|
---|
| 609 | * nameAssigner [0] DirectoryString OPTIONAL,
|
---|
| 610 | * partyName [1] DirectoryString }
|
---|
| 611 | *
|
---|
| 612 | * NOTE: we only parse and use dNSName at this point.
|
---|
| 613 | */
|
---|
| 614 | static int x509_get_subject_alt_name( unsigned char **p,
|
---|
| 615 | const unsigned char *end,
|
---|
| 616 | mbedtls_x509_sequence *subject_alt_name )
|
---|
| 617 | {
|
---|
| 618 | int ret;
|
---|
| 619 | size_t len, tag_len;
|
---|
| 620 | mbedtls_asn1_buf *buf;
|
---|
| 621 | unsigned char tag;
|
---|
| 622 | mbedtls_asn1_sequence *cur = subject_alt_name;
|
---|
| 623 |
|
---|
| 624 | /* Get main sequence tag */
|
---|
| 625 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
| 626 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 627 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 628 |
|
---|
| 629 | if( *p + len != end )
|
---|
| 630 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 631 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 632 |
|
---|
| 633 | while( *p < end )
|
---|
| 634 | {
|
---|
| 635 | if( ( end - *p ) < 1 )
|
---|
| 636 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 637 | MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
---|
| 638 |
|
---|
| 639 | tag = **p;
|
---|
| 640 | (*p)++;
|
---|
| 641 | if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
|
---|
| 642 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 643 |
|
---|
| 644 | if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
|
---|
| 645 | MBEDTLS_ASN1_CONTEXT_SPECIFIC )
|
---|
| 646 | {
|
---|
| 647 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 648 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
---|
| 649 | }
|
---|
| 650 |
|
---|
| 651 | /* Skip everything but DNS name */
|
---|
| 652 | if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
|
---|
| 653 | {
|
---|
| 654 | *p += tag_len;
|
---|
| 655 | continue;
|
---|
| 656 | }
|
---|
| 657 |
|
---|
| 658 | /* Allocate and assign next pointer */
|
---|
| 659 | if( cur->buf.p != NULL )
|
---|
| 660 | {
|
---|
| 661 | if( cur->next != NULL )
|
---|
| 662 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
|
---|
| 663 |
|
---|
| 664 | cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
|
---|
| 665 |
|
---|
| 666 | if( cur->next == NULL )
|
---|
| 667 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 668 | MBEDTLS_ERR_ASN1_ALLOC_FAILED );
|
---|
| 669 |
|
---|
| 670 | cur = cur->next;
|
---|
| 671 | }
|
---|
| 672 |
|
---|
| 673 | buf = &(cur->buf);
|
---|
| 674 | buf->tag = tag;
|
---|
| 675 | buf->p = *p;
|
---|
| 676 | buf->len = tag_len;
|
---|
| 677 | *p += buf->len;
|
---|
| 678 | }
|
---|
| 679 |
|
---|
| 680 | /* Set final sequence entry's next pointer to NULL */
|
---|
| 681 | cur->next = NULL;
|
---|
| 682 |
|
---|
| 683 | if( *p != end )
|
---|
| 684 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 685 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 686 |
|
---|
| 687 | return( 0 );
|
---|
| 688 | }
|
---|
| 689 |
|
---|
| 690 | /*
|
---|
| 691 | * X.509 v3 extensions
|
---|
| 692 | *
|
---|
| 693 | */
|
---|
| 694 | static int x509_get_crt_ext( unsigned char **p,
|
---|
| 695 | const unsigned char *end,
|
---|
| 696 | mbedtls_x509_crt *crt )
|
---|
| 697 | {
|
---|
| 698 | int ret;
|
---|
| 699 | size_t len;
|
---|
| 700 | unsigned char *end_ext_data, *end_ext_octet;
|
---|
| 701 |
|
---|
| 702 | if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
|
---|
| 703 | {
|
---|
| 704 | if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
---|
| 705 | return( 0 );
|
---|
| 706 |
|
---|
| 707 | return( ret );
|
---|
| 708 | }
|
---|
| 709 |
|
---|
| 710 | while( *p < end )
|
---|
| 711 | {
|
---|
| 712 | /*
|
---|
| 713 | * Extension ::= SEQUENCE {
|
---|
| 714 | * extnID OBJECT IDENTIFIER,
|
---|
| 715 | * critical BOOLEAN DEFAULT FALSE,
|
---|
| 716 | * extnValue OCTET STRING }
|
---|
| 717 | */
|
---|
| 718 | mbedtls_x509_buf extn_oid = {0, 0, NULL};
|
---|
| 719 | int is_critical = 0; /* DEFAULT FALSE */
|
---|
| 720 | int ext_type = 0;
|
---|
| 721 |
|
---|
| 722 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
| 723 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 724 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 725 |
|
---|
| 726 | end_ext_data = *p + len;
|
---|
| 727 |
|
---|
| 728 | /* Get extension ID */
|
---|
| 729 | if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
|
---|
| 730 | MBEDTLS_ASN1_OID ) ) != 0 )
|
---|
| 731 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 732 |
|
---|
| 733 | extn_oid.tag = MBEDTLS_ASN1_OID;
|
---|
| 734 | extn_oid.p = *p;
|
---|
| 735 | *p += extn_oid.len;
|
---|
| 736 |
|
---|
| 737 | /* Get optional critical */
|
---|
| 738 | if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
|
---|
| 739 | ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
---|
| 740 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 741 |
|
---|
| 742 | /* Data should be octet string type */
|
---|
| 743 | if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
|
---|
| 744 | MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
| 745 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
---|
| 746 |
|
---|
| 747 | end_ext_octet = *p + len;
|
---|
| 748 |
|
---|
| 749 | if( end_ext_octet != end_ext_data )
|
---|
| 750 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 751 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 752 |
|
---|
| 753 | /*
|
---|
| 754 | * Detect supported extensions
|
---|
| 755 | */
|
---|
| 756 | ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
|
---|
| 757 |
|
---|
| 758 | if( ret != 0 )
|
---|
| 759 | {
|
---|
| 760 | /* No parser found, skip extension */
|
---|
| 761 | *p = end_ext_octet;
|
---|
| 762 |
|
---|
| 763 | #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
|
---|
| 764 | if( is_critical )
|
---|
| 765 | {
|
---|
| 766 | /* Data is marked as critical: fail */
|
---|
| 767 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 768 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
---|
| 769 | }
|
---|
| 770 | #endif
|
---|
| 771 | continue;
|
---|
| 772 | }
|
---|
| 773 |
|
---|
| 774 | /* Forbid repeated extensions */
|
---|
| 775 | if( ( crt->ext_types & ext_type ) != 0 )
|
---|
| 776 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
|
---|
| 777 |
|
---|
| 778 | crt->ext_types |= ext_type;
|
---|
| 779 |
|
---|
| 780 | switch( ext_type )
|
---|
| 781 | {
|
---|
| 782 | case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
|
---|
| 783 | /* Parse basic constraints */
|
---|
| 784 | if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
|
---|
| 785 | &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
|
---|
| 786 | return( ret );
|
---|
| 787 | break;
|
---|
| 788 |
|
---|
| 789 | case MBEDTLS_X509_EXT_KEY_USAGE:
|
---|
| 790 | /* Parse key usage */
|
---|
| 791 | if( ( ret = x509_get_key_usage( p, end_ext_octet,
|
---|
| 792 | &crt->key_usage ) ) != 0 )
|
---|
| 793 | return( ret );
|
---|
| 794 | break;
|
---|
| 795 |
|
---|
| 796 | case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
|
---|
| 797 | /* Parse extended key usage */
|
---|
| 798 | if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
|
---|
| 799 | &crt->ext_key_usage ) ) != 0 )
|
---|
| 800 | return( ret );
|
---|
| 801 | break;
|
---|
| 802 |
|
---|
| 803 | case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
|
---|
| 804 | /* Parse subject alt name */
|
---|
| 805 | if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
|
---|
| 806 | &crt->subject_alt_names ) ) != 0 )
|
---|
| 807 | return( ret );
|
---|
| 808 | break;
|
---|
| 809 |
|
---|
| 810 | case MBEDTLS_X509_EXT_NS_CERT_TYPE:
|
---|
| 811 | /* Parse netscape certificate type */
|
---|
| 812 | if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
|
---|
| 813 | &crt->ns_cert_type ) ) != 0 )
|
---|
| 814 | return( ret );
|
---|
| 815 | break;
|
---|
| 816 |
|
---|
| 817 | default:
|
---|
| 818 | return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
|
---|
| 819 | }
|
---|
| 820 | }
|
---|
| 821 |
|
---|
| 822 | if( *p != end )
|
---|
| 823 | return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
---|
| 824 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 825 |
|
---|
| 826 | return( 0 );
|
---|
| 827 | }
|
---|
| 828 |
|
---|
| 829 | /*
|
---|
| 830 | * Parse and fill a single X.509 certificate in DER format
|
---|
| 831 | */
|
---|
| 832 | static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
|
---|
| 833 | size_t buflen )
|
---|
| 834 | {
|
---|
| 835 | int ret;
|
---|
| 836 | size_t len;
|
---|
| 837 | unsigned char *p, *end, *crt_end;
|
---|
| 838 | mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
|
---|
| 839 |
|
---|
| 840 | memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
|
---|
| 841 | memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
|
---|
| 842 | memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
|
---|
| 843 |
|
---|
| 844 | /*
|
---|
| 845 | * Check for valid input
|
---|
| 846 | */
|
---|
| 847 | if( crt == NULL || buf == NULL )
|
---|
| 848 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
---|
| 849 |
|
---|
| 850 | // Use the original buffer until we figure out actual length
|
---|
| 851 | p = (unsigned char*) buf;
|
---|
| 852 | len = buflen;
|
---|
| 853 | end = p + len;
|
---|
| 854 |
|
---|
| 855 | /*
|
---|
| 856 | * Certificate ::= SEQUENCE {
|
---|
| 857 | * tbsCertificate TBSCertificate,
|
---|
| 858 | * signatureAlgorithm AlgorithmIdentifier,
|
---|
| 859 | * signatureValue BIT STRING }
|
---|
| 860 | */
|
---|
| 861 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 862 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 863 | {
|
---|
| 864 | mbedtls_x509_crt_free( crt );
|
---|
| 865 | return( MBEDTLS_ERR_X509_INVALID_FORMAT );
|
---|
| 866 | }
|
---|
| 867 |
|
---|
| 868 | if( len > (size_t) ( end - p ) )
|
---|
| 869 | {
|
---|
| 870 | mbedtls_x509_crt_free( crt );
|
---|
| 871 | return( MBEDTLS_ERR_X509_INVALID_FORMAT +
|
---|
| 872 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 873 | }
|
---|
| 874 | crt_end = p + len;
|
---|
| 875 |
|
---|
| 876 | // Create and populate a new buffer for the raw field
|
---|
| 877 | crt->raw.len = crt_end - buf;
|
---|
| 878 | crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
|
---|
| 879 | if( p == NULL )
|
---|
| 880 | return( MBEDTLS_ERR_X509_ALLOC_FAILED );
|
---|
| 881 |
|
---|
| 882 | memcpy( p, buf, crt->raw.len );
|
---|
| 883 |
|
---|
| 884 | // Direct pointers to the new buffer
|
---|
| 885 | p += crt->raw.len - len;
|
---|
| 886 | end = crt_end = p + len;
|
---|
| 887 |
|
---|
| 888 | /*
|
---|
| 889 | * TBSCertificate ::= SEQUENCE {
|
---|
| 890 | */
|
---|
| 891 | crt->tbs.p = p;
|
---|
| 892 |
|
---|
| 893 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 894 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 895 | {
|
---|
| 896 | mbedtls_x509_crt_free( crt );
|
---|
| 897 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
|
---|
| 898 | }
|
---|
| 899 |
|
---|
| 900 | end = p + len;
|
---|
| 901 | crt->tbs.len = end - crt->tbs.p;
|
---|
| 902 |
|
---|
| 903 | /*
|
---|
| 904 | * Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
---|
| 905 | *
|
---|
| 906 | * CertificateSerialNumber ::= INTEGER
|
---|
| 907 | *
|
---|
| 908 | * signature AlgorithmIdentifier
|
---|
| 909 | */
|
---|
| 910 | if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
|
---|
| 911 | ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
|
---|
| 912 | ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid,
|
---|
| 913 | &sig_params1 ) ) != 0 )
|
---|
| 914 | {
|
---|
| 915 | mbedtls_x509_crt_free( crt );
|
---|
| 916 | return( ret );
|
---|
| 917 | }
|
---|
| 918 |
|
---|
| 919 | if( crt->version < 0 || crt->version > 2 )
|
---|
| 920 | {
|
---|
| 921 | mbedtls_x509_crt_free( crt );
|
---|
| 922 | return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
|
---|
| 923 | }
|
---|
| 924 |
|
---|
| 925 | crt->version++;
|
---|
| 926 |
|
---|
| 927 | if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
|
---|
| 928 | &crt->sig_md, &crt->sig_pk,
|
---|
| 929 | &crt->sig_opts ) ) != 0 )
|
---|
| 930 | {
|
---|
| 931 | mbedtls_x509_crt_free( crt );
|
---|
| 932 | return( ret );
|
---|
| 933 | }
|
---|
| 934 |
|
---|
| 935 | /*
|
---|
| 936 | * issuer Name
|
---|
| 937 | */
|
---|
| 938 | crt->issuer_raw.p = p;
|
---|
| 939 |
|
---|
| 940 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 941 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 942 | {
|
---|
| 943 | mbedtls_x509_crt_free( crt );
|
---|
| 944 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
|
---|
| 945 | }
|
---|
| 946 |
|
---|
| 947 | if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
|
---|
| 948 | {
|
---|
| 949 | mbedtls_x509_crt_free( crt );
|
---|
| 950 | return( ret );
|
---|
| 951 | }
|
---|
| 952 |
|
---|
| 953 | crt->issuer_raw.len = p - crt->issuer_raw.p;
|
---|
| 954 |
|
---|
| 955 | /*
|
---|
| 956 | * Validity ::= SEQUENCE {
|
---|
| 957 | * notBefore Time,
|
---|
| 958 | * notAfter Time }
|
---|
| 959 | *
|
---|
| 960 | */
|
---|
| 961 | if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
|
---|
| 962 | &crt->valid_to ) ) != 0 )
|
---|
| 963 | {
|
---|
| 964 | mbedtls_x509_crt_free( crt );
|
---|
| 965 | return( ret );
|
---|
| 966 | }
|
---|
| 967 |
|
---|
| 968 | /*
|
---|
| 969 | * subject Name
|
---|
| 970 | */
|
---|
| 971 | crt->subject_raw.p = p;
|
---|
| 972 |
|
---|
| 973 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 974 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 975 | {
|
---|
| 976 | mbedtls_x509_crt_free( crt );
|
---|
| 977 | return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
|
---|
| 978 | }
|
---|
| 979 |
|
---|
| 980 | if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
|
---|
| 981 | {
|
---|
| 982 | mbedtls_x509_crt_free( crt );
|
---|
| 983 | return( ret );
|
---|
| 984 | }
|
---|
| 985 |
|
---|
| 986 | crt->subject_raw.len = p - crt->subject_raw.p;
|
---|
| 987 |
|
---|
| 988 | /*
|
---|
| 989 | * SubjectPublicKeyInfo
|
---|
| 990 | */
|
---|
| 991 | if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
|
---|
| 992 | {
|
---|
| 993 | mbedtls_x509_crt_free( crt );
|
---|
| 994 | return( ret );
|
---|
| 995 | }
|
---|
| 996 |
|
---|
| 997 | /*
|
---|
| 998 | * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
|
---|
| 999 | * -- If present, version shall be v2 or v3
|
---|
| 1000 | * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
|
---|
| 1001 | * -- If present, version shall be v2 or v3
|
---|
| 1002 | * extensions [3] EXPLICIT Extensions OPTIONAL
|
---|
| 1003 | * -- If present, version shall be v3
|
---|
| 1004 | */
|
---|
| 1005 | if( crt->version == 2 || crt->version == 3 )
|
---|
| 1006 | {
|
---|
| 1007 | ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
|
---|
| 1008 | if( ret != 0 )
|
---|
| 1009 | {
|
---|
| 1010 | mbedtls_x509_crt_free( crt );
|
---|
| 1011 | return( ret );
|
---|
| 1012 | }
|
---|
| 1013 | }
|
---|
| 1014 |
|
---|
| 1015 | if( crt->version == 2 || crt->version == 3 )
|
---|
| 1016 | {
|
---|
| 1017 | ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
|
---|
| 1018 | if( ret != 0 )
|
---|
| 1019 | {
|
---|
| 1020 | mbedtls_x509_crt_free( crt );
|
---|
| 1021 | return( ret );
|
---|
| 1022 | }
|
---|
| 1023 | }
|
---|
| 1024 |
|
---|
| 1025 | #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
|
---|
| 1026 | if( crt->version == 3 )
|
---|
| 1027 | #endif
|
---|
| 1028 | {
|
---|
| 1029 | ret = x509_get_crt_ext( &p, end, crt );
|
---|
| 1030 | if( ret != 0 )
|
---|
| 1031 | {
|
---|
| 1032 | mbedtls_x509_crt_free( crt );
|
---|
| 1033 | return( ret );
|
---|
| 1034 | }
|
---|
| 1035 | }
|
---|
| 1036 |
|
---|
| 1037 | if( p != end )
|
---|
| 1038 | {
|
---|
| 1039 | mbedtls_x509_crt_free( crt );
|
---|
| 1040 | return( MBEDTLS_ERR_X509_INVALID_FORMAT +
|
---|
| 1041 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 1042 | }
|
---|
| 1043 |
|
---|
| 1044 | end = crt_end;
|
---|
| 1045 |
|
---|
| 1046 | /*
|
---|
| 1047 | * }
|
---|
| 1048 | * -- end of TBSCertificate
|
---|
| 1049 | *
|
---|
| 1050 | * signatureAlgorithm AlgorithmIdentifier,
|
---|
| 1051 | * signatureValue BIT STRING
|
---|
| 1052 | */
|
---|
| 1053 | if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
|
---|
| 1054 | {
|
---|
| 1055 | mbedtls_x509_crt_free( crt );
|
---|
| 1056 | return( ret );
|
---|
| 1057 | }
|
---|
| 1058 |
|
---|
| 1059 | if( crt->sig_oid.len != sig_oid2.len ||
|
---|
| 1060 | memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
|
---|
| 1061 | sig_params1.len != sig_params2.len ||
|
---|
| 1062 | ( sig_params1.len != 0 &&
|
---|
| 1063 | memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
|
---|
| 1064 | {
|
---|
| 1065 | mbedtls_x509_crt_free( crt );
|
---|
| 1066 | return( MBEDTLS_ERR_X509_SIG_MISMATCH );
|
---|
| 1067 | }
|
---|
| 1068 |
|
---|
| 1069 | if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
|
---|
| 1070 | {
|
---|
| 1071 | mbedtls_x509_crt_free( crt );
|
---|
| 1072 | return( ret );
|
---|
| 1073 | }
|
---|
| 1074 |
|
---|
| 1075 | if( p != end )
|
---|
| 1076 | {
|
---|
| 1077 | mbedtls_x509_crt_free( crt );
|
---|
| 1078 | return( MBEDTLS_ERR_X509_INVALID_FORMAT +
|
---|
| 1079 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 1080 | }
|
---|
| 1081 |
|
---|
| 1082 | return( 0 );
|
---|
| 1083 | }
|
---|
| 1084 |
|
---|
| 1085 | /*
|
---|
| 1086 | * Parse one X.509 certificate in DER format from a buffer and add them to a
|
---|
| 1087 | * chained list
|
---|
| 1088 | */
|
---|
| 1089 | int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
|
---|
| 1090 | size_t buflen )
|
---|
| 1091 | {
|
---|
| 1092 | int ret;
|
---|
| 1093 | mbedtls_x509_crt *crt = chain, *prev = NULL;
|
---|
| 1094 |
|
---|
| 1095 | /*
|
---|
| 1096 | * Check for valid input
|
---|
| 1097 | */
|
---|
| 1098 | if( crt == NULL || buf == NULL )
|
---|
| 1099 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
---|
| 1100 |
|
---|
| 1101 | while( crt->version != 0 && crt->next != NULL )
|
---|
| 1102 | {
|
---|
| 1103 | prev = crt;
|
---|
| 1104 | crt = crt->next;
|
---|
| 1105 | }
|
---|
| 1106 |
|
---|
| 1107 | /*
|
---|
| 1108 | * Add new certificate on the end of the chain if needed.
|
---|
| 1109 | */
|
---|
| 1110 | if( crt->version != 0 && crt->next == NULL )
|
---|
| 1111 | {
|
---|
| 1112 | crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
---|
| 1113 |
|
---|
| 1114 | if( crt->next == NULL )
|
---|
| 1115 | return( MBEDTLS_ERR_X509_ALLOC_FAILED );
|
---|
| 1116 |
|
---|
| 1117 | prev = crt;
|
---|
| 1118 | mbedtls_x509_crt_init( crt->next );
|
---|
| 1119 | crt = crt->next;
|
---|
| 1120 | }
|
---|
| 1121 |
|
---|
| 1122 | if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
|
---|
| 1123 | {
|
---|
| 1124 | if( prev )
|
---|
| 1125 | prev->next = NULL;
|
---|
| 1126 |
|
---|
| 1127 | if( crt != chain )
|
---|
| 1128 | mbedtls_free( crt );
|
---|
| 1129 |
|
---|
| 1130 | return( ret );
|
---|
| 1131 | }
|
---|
| 1132 |
|
---|
| 1133 | return( 0 );
|
---|
| 1134 | }
|
---|
| 1135 |
|
---|
| 1136 | /*
|
---|
| 1137 | * Parse one or more PEM certificates from a buffer and add them to the chained
|
---|
| 1138 | * list
|
---|
| 1139 | */
|
---|
| 1140 | int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
|
---|
| 1141 | {
|
---|
| 1142 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 1143 | int success = 0, first_error = 0, total_failed = 0;
|
---|
| 1144 | int buf_format = MBEDTLS_X509_FORMAT_DER;
|
---|
| 1145 | #endif
|
---|
| 1146 |
|
---|
| 1147 | /*
|
---|
| 1148 | * Check for valid input
|
---|
| 1149 | */
|
---|
| 1150 | if( chain == NULL || buf == NULL )
|
---|
| 1151 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
---|
| 1152 |
|
---|
| 1153 | /*
|
---|
| 1154 | * Determine buffer content. Buffer contains either one DER certificate or
|
---|
| 1155 | * one or more PEM certificates.
|
---|
| 1156 | */
|
---|
| 1157 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 1158 | if( buflen != 0 && buf[buflen - 1] == '\0' &&
|
---|
| 1159 | strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
|
---|
| 1160 | {
|
---|
| 1161 | buf_format = MBEDTLS_X509_FORMAT_PEM;
|
---|
| 1162 | }
|
---|
| 1163 |
|
---|
| 1164 | if( buf_format == MBEDTLS_X509_FORMAT_DER )
|
---|
| 1165 | return mbedtls_x509_crt_parse_der( chain, buf, buflen );
|
---|
| 1166 | #else
|
---|
| 1167 | return mbedtls_x509_crt_parse_der( chain, buf, buflen );
|
---|
| 1168 | #endif
|
---|
| 1169 |
|
---|
| 1170 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 1171 | if( buf_format == MBEDTLS_X509_FORMAT_PEM )
|
---|
| 1172 | {
|
---|
| 1173 | int ret;
|
---|
| 1174 | mbedtls_pem_context pem;
|
---|
| 1175 |
|
---|
| 1176 | /* 1 rather than 0 since the terminating NULL byte is counted in */
|
---|
| 1177 | while( buflen > 1 )
|
---|
| 1178 | {
|
---|
| 1179 | size_t use_len;
|
---|
| 1180 | mbedtls_pem_init( &pem );
|
---|
| 1181 |
|
---|
| 1182 | /* If we get there, we know the string is null-terminated */
|
---|
| 1183 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
| 1184 | "-----BEGIN CERTIFICATE-----",
|
---|
| 1185 | "-----END CERTIFICATE-----",
|
---|
| 1186 | buf, NULL, 0, &use_len );
|
---|
| 1187 |
|
---|
| 1188 | if( ret == 0 )
|
---|
| 1189 | {
|
---|
| 1190 | /*
|
---|
| 1191 | * Was PEM encoded
|
---|
| 1192 | */
|
---|
| 1193 | buflen -= use_len;
|
---|
| 1194 | buf += use_len;
|
---|
| 1195 | }
|
---|
| 1196 | else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
|
---|
| 1197 | {
|
---|
| 1198 | return( ret );
|
---|
| 1199 | }
|
---|
| 1200 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
| 1201 | {
|
---|
| 1202 | mbedtls_pem_free( &pem );
|
---|
| 1203 |
|
---|
| 1204 | /*
|
---|
| 1205 | * PEM header and footer were found
|
---|
| 1206 | */
|
---|
| 1207 | buflen -= use_len;
|
---|
| 1208 | buf += use_len;
|
---|
| 1209 |
|
---|
| 1210 | if( first_error == 0 )
|
---|
| 1211 | first_error = ret;
|
---|
| 1212 |
|
---|
| 1213 | total_failed++;
|
---|
| 1214 | continue;
|
---|
| 1215 | }
|
---|
| 1216 | else
|
---|
| 1217 | break;
|
---|
| 1218 |
|
---|
| 1219 | ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
|
---|
| 1220 |
|
---|
| 1221 | mbedtls_pem_free( &pem );
|
---|
| 1222 |
|
---|
| 1223 | if( ret != 0 )
|
---|
| 1224 | {
|
---|
| 1225 | /*
|
---|
| 1226 | * Quit parsing on a memory error
|
---|
| 1227 | */
|
---|
| 1228 | if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
|
---|
| 1229 | return( ret );
|
---|
| 1230 |
|
---|
| 1231 | if( first_error == 0 )
|
---|
| 1232 | first_error = ret;
|
---|
| 1233 |
|
---|
| 1234 | total_failed++;
|
---|
| 1235 | continue;
|
---|
| 1236 | }
|
---|
| 1237 |
|
---|
| 1238 | success = 1;
|
---|
| 1239 | }
|
---|
| 1240 | }
|
---|
| 1241 |
|
---|
| 1242 | if( success )
|
---|
| 1243 | return( total_failed );
|
---|
| 1244 | else if( first_error )
|
---|
| 1245 | return( first_error );
|
---|
| 1246 | else
|
---|
| 1247 | return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
|
---|
| 1248 | #endif /* MBEDTLS_PEM_PARSE_C */
|
---|
| 1249 | }
|
---|
| 1250 |
|
---|
| 1251 | #if defined(MBEDTLS_FS_IO)
|
---|
| 1252 | /*
|
---|
| 1253 | * Load one or more certificates and add them to the chained list
|
---|
| 1254 | */
|
---|
| 1255 | int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
|
---|
| 1256 | {
|
---|
| 1257 | int ret;
|
---|
| 1258 | size_t n;
|
---|
| 1259 | unsigned char *buf;
|
---|
| 1260 |
|
---|
| 1261 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
|
---|
| 1262 | return( ret );
|
---|
| 1263 |
|
---|
| 1264 | ret = mbedtls_x509_crt_parse( chain, buf, n );
|
---|
| 1265 |
|
---|
| 1266 | mbedtls_platform_zeroize( buf, n );
|
---|
| 1267 | mbedtls_free( buf );
|
---|
| 1268 |
|
---|
| 1269 | return( ret );
|
---|
| 1270 | }
|
---|
| 1271 |
|
---|
| 1272 | int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
---|
| 1273 | {
|
---|
| 1274 | int ret = 0;
|
---|
| 1275 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
---|
| 1276 | int w_ret;
|
---|
| 1277 | WCHAR szDir[MAX_PATH];
|
---|
| 1278 | char filename[MAX_PATH];
|
---|
| 1279 | char *p;
|
---|
| 1280 | size_t len = strlen( path );
|
---|
| 1281 |
|
---|
| 1282 | WIN32_FIND_DATAW file_data;
|
---|
| 1283 | HANDLE hFind;
|
---|
| 1284 |
|
---|
| 1285 | if( len > MAX_PATH - 3 )
|
---|
| 1286 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
---|
| 1287 |
|
---|
| 1288 | memset( szDir, 0, sizeof(szDir) );
|
---|
| 1289 | memset( filename, 0, MAX_PATH );
|
---|
| 1290 | memcpy( filename, path, len );
|
---|
| 1291 | filename[len++] = '\\';
|
---|
| 1292 | p = filename + len;
|
---|
| 1293 | filename[len++] = '*';
|
---|
| 1294 |
|
---|
| 1295 | w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
|
---|
| 1296 | MAX_PATH - 3 );
|
---|
| 1297 | if( w_ret == 0 )
|
---|
| 1298 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
---|
| 1299 |
|
---|
| 1300 | hFind = FindFirstFileW( szDir, &file_data );
|
---|
| 1301 | if( hFind == INVALID_HANDLE_VALUE )
|
---|
| 1302 | return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
---|
| 1303 |
|
---|
| 1304 | len = MAX_PATH - len;
|
---|
| 1305 | do
|
---|
| 1306 | {
|
---|
| 1307 | memset( p, 0, len );
|
---|
| 1308 |
|
---|
| 1309 | if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
|
---|
| 1310 | continue;
|
---|
| 1311 |
|
---|
| 1312 | w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
|
---|
| 1313 | lstrlenW( file_data.cFileName ),
|
---|
| 1314 | p, (int) len - 1,
|
---|
| 1315 | NULL, NULL );
|
---|
| 1316 | if( w_ret == 0 )
|
---|
| 1317 | {
|
---|
| 1318 | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
|
---|
| 1319 | goto cleanup;
|
---|
| 1320 | }
|
---|
| 1321 |
|
---|
| 1322 | w_ret = mbedtls_x509_crt_parse_file( chain, filename );
|
---|
| 1323 | if( w_ret < 0 )
|
---|
| 1324 | ret++;
|
---|
| 1325 | else
|
---|
| 1326 | ret += w_ret;
|
---|
| 1327 | }
|
---|
| 1328 | while( FindNextFileW( hFind, &file_data ) != 0 );
|
---|
| 1329 |
|
---|
| 1330 | if( GetLastError() != ERROR_NO_MORE_FILES )
|
---|
| 1331 | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
|
---|
| 1332 |
|
---|
| 1333 | cleanup:
|
---|
| 1334 | FindClose( hFind );
|
---|
| 1335 | #else /* _WIN32 */
|
---|
| 1336 | int t_ret;
|
---|
| 1337 | int snp_ret;
|
---|
| 1338 | struct stat sb;
|
---|
| 1339 | struct dirent *entry;
|
---|
| 1340 | char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
|
---|
| 1341 | DIR *dir = opendir( path );
|
---|
| 1342 |
|
---|
| 1343 | if( dir == NULL )
|
---|
| 1344 | return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
---|
| 1345 |
|
---|
| 1346 | #if defined(MBEDTLS_THREADING_C)
|
---|
| 1347 | if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
|
---|
| 1348 | {
|
---|
| 1349 | closedir( dir );
|
---|
| 1350 | return( ret );
|
---|
| 1351 | }
|
---|
| 1352 | #endif /* MBEDTLS_THREADING_C */
|
---|
| 1353 |
|
---|
| 1354 | while( ( entry = readdir( dir ) ) != NULL )
|
---|
| 1355 | {
|
---|
| 1356 | snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
|
---|
| 1357 | "%s/%s", path, entry->d_name );
|
---|
| 1358 |
|
---|
| 1359 | if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
|
---|
| 1360 | {
|
---|
| 1361 | ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
|
---|
| 1362 | goto cleanup;
|
---|
| 1363 | }
|
---|
| 1364 | else if( stat( entry_name, &sb ) == -1 )
|
---|
| 1365 | {
|
---|
| 1366 | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
|
---|
| 1367 | goto cleanup;
|
---|
| 1368 | }
|
---|
| 1369 |
|
---|
| 1370 | if( !S_ISREG( sb.st_mode ) )
|
---|
| 1371 | continue;
|
---|
| 1372 |
|
---|
| 1373 | // Ignore parse errors
|
---|
| 1374 | //
|
---|
| 1375 | t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
|
---|
| 1376 | if( t_ret < 0 )
|
---|
| 1377 | ret++;
|
---|
| 1378 | else
|
---|
| 1379 | ret += t_ret;
|
---|
| 1380 | }
|
---|
| 1381 |
|
---|
| 1382 | cleanup:
|
---|
| 1383 | closedir( dir );
|
---|
| 1384 |
|
---|
| 1385 | #if defined(MBEDTLS_THREADING_C)
|
---|
| 1386 | if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
|
---|
| 1387 | ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
|
---|
| 1388 | #endif /* MBEDTLS_THREADING_C */
|
---|
| 1389 |
|
---|
| 1390 | #endif /* _WIN32 */
|
---|
| 1391 |
|
---|
| 1392 | return( ret );
|
---|
| 1393 | }
|
---|
| 1394 | #endif /* MBEDTLS_FS_IO */
|
---|
| 1395 |
|
---|
| 1396 | static int x509_info_subject_alt_name( char **buf, size_t *size,
|
---|
| 1397 | const mbedtls_x509_sequence *subject_alt_name )
|
---|
| 1398 | {
|
---|
| 1399 | size_t i;
|
---|
| 1400 | size_t n = *size;
|
---|
| 1401 | char *p = *buf;
|
---|
| 1402 | const mbedtls_x509_sequence *cur = subject_alt_name;
|
---|
| 1403 | const char *sep = "";
|
---|
| 1404 | size_t sep_len = 0;
|
---|
| 1405 |
|
---|
| 1406 | while( cur != NULL )
|
---|
| 1407 | {
|
---|
| 1408 | if( cur->buf.len + sep_len >= n )
|
---|
| 1409 | {
|
---|
| 1410 | *p = '\0';
|
---|
| 1411 | return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
---|
| 1412 | }
|
---|
| 1413 |
|
---|
| 1414 | n -= cur->buf.len + sep_len;
|
---|
| 1415 | for( i = 0; i < sep_len; i++ )
|
---|
| 1416 | *p++ = sep[i];
|
---|
| 1417 | for( i = 0; i < cur->buf.len; i++ )
|
---|
| 1418 | *p++ = cur->buf.p[i];
|
---|
| 1419 |
|
---|
| 1420 | sep = ", ";
|
---|
| 1421 | sep_len = 2;
|
---|
| 1422 |
|
---|
| 1423 | cur = cur->next;
|
---|
| 1424 | }
|
---|
| 1425 |
|
---|
| 1426 | *p = '\0';
|
---|
| 1427 |
|
---|
| 1428 | *size = n;
|
---|
| 1429 | *buf = p;
|
---|
| 1430 |
|
---|
| 1431 | return( 0 );
|
---|
| 1432 | }
|
---|
| 1433 |
|
---|
| 1434 | #define PRINT_ITEM(i) \
|
---|
| 1435 | { \
|
---|
| 1436 | ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
|
---|
| 1437 | MBEDTLS_X509_SAFE_SNPRINTF; \
|
---|
| 1438 | sep = ", "; \
|
---|
| 1439 | }
|
---|
| 1440 |
|
---|
| 1441 | #define CERT_TYPE(type,name) \
|
---|
| 1442 | if( ns_cert_type & type ) \
|
---|
| 1443 | PRINT_ITEM( name );
|
---|
| 1444 |
|
---|
| 1445 | static int x509_info_cert_type( char **buf, size_t *size,
|
---|
| 1446 | unsigned char ns_cert_type )
|
---|
| 1447 | {
|
---|
| 1448 | int ret;
|
---|
| 1449 | size_t n = *size;
|
---|
| 1450 | char *p = *buf;
|
---|
| 1451 | const char *sep = "";
|
---|
| 1452 |
|
---|
| 1453 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
|
---|
| 1454 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
|
---|
| 1455 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
|
---|
| 1456 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
|
---|
| 1457 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
|
---|
| 1458 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
|
---|
| 1459 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
|
---|
| 1460 | CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
|
---|
| 1461 |
|
---|
| 1462 | *size = n;
|
---|
| 1463 | *buf = p;
|
---|
| 1464 |
|
---|
| 1465 | return( 0 );
|
---|
| 1466 | }
|
---|
| 1467 |
|
---|
| 1468 | #define KEY_USAGE(code,name) \
|
---|
| 1469 | if( key_usage & code ) \
|
---|
| 1470 | PRINT_ITEM( name );
|
---|
| 1471 |
|
---|
| 1472 | static int x509_info_key_usage( char **buf, size_t *size,
|
---|
| 1473 | unsigned int key_usage )
|
---|
| 1474 | {
|
---|
| 1475 | int ret;
|
---|
| 1476 | size_t n = *size;
|
---|
| 1477 | char *p = *buf;
|
---|
| 1478 | const char *sep = "";
|
---|
| 1479 |
|
---|
| 1480 | KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
|
---|
| 1481 | KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
|
---|
| 1482 | KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
|
---|
| 1483 | KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
|
---|
| 1484 | KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
|
---|
| 1485 | KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
|
---|
| 1486 | KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
|
---|
| 1487 | KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" );
|
---|
| 1488 | KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" );
|
---|
| 1489 |
|
---|
| 1490 | *size = n;
|
---|
| 1491 | *buf = p;
|
---|
| 1492 |
|
---|
| 1493 | return( 0 );
|
---|
| 1494 | }
|
---|
| 1495 |
|
---|
| 1496 | static int x509_info_ext_key_usage( char **buf, size_t *size,
|
---|
| 1497 | const mbedtls_x509_sequence *extended_key_usage )
|
---|
| 1498 | {
|
---|
| 1499 | int ret;
|
---|
| 1500 | const char *desc;
|
---|
| 1501 | size_t n = *size;
|
---|
| 1502 | char *p = *buf;
|
---|
| 1503 | const mbedtls_x509_sequence *cur = extended_key_usage;
|
---|
| 1504 | const char *sep = "";
|
---|
| 1505 |
|
---|
| 1506 | while( cur != NULL )
|
---|
| 1507 | {
|
---|
| 1508 | if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
|
---|
| 1509 | desc = "???";
|
---|
| 1510 |
|
---|
| 1511 | ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
|
---|
| 1512 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1513 |
|
---|
| 1514 | sep = ", ";
|
---|
| 1515 |
|
---|
| 1516 | cur = cur->next;
|
---|
| 1517 | }
|
---|
| 1518 |
|
---|
| 1519 | *size = n;
|
---|
| 1520 | *buf = p;
|
---|
| 1521 |
|
---|
| 1522 | return( 0 );
|
---|
| 1523 | }
|
---|
| 1524 |
|
---|
| 1525 | /*
|
---|
| 1526 | * Return an informational string about the certificate.
|
---|
| 1527 | */
|
---|
| 1528 | #define BEFORE_COLON 18
|
---|
| 1529 | #define BC "18"
|
---|
| 1530 | int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
|
---|
| 1531 | const mbedtls_x509_crt *crt )
|
---|
| 1532 | {
|
---|
| 1533 | int ret;
|
---|
| 1534 | size_t n;
|
---|
| 1535 | char *p;
|
---|
| 1536 | char key_size_str[BEFORE_COLON];
|
---|
| 1537 |
|
---|
| 1538 | p = buf;
|
---|
| 1539 | n = size;
|
---|
| 1540 |
|
---|
| 1541 | if( NULL == crt )
|
---|
| 1542 | {
|
---|
| 1543 | ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
|
---|
| 1544 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1545 |
|
---|
| 1546 | return( (int) ( size - n ) );
|
---|
| 1547 | }
|
---|
| 1548 |
|
---|
| 1549 | ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
|
---|
| 1550 | prefix, crt->version );
|
---|
| 1551 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1552 | ret = mbedtls_snprintf( p, n, "%sserial number : ",
|
---|
| 1553 | prefix );
|
---|
| 1554 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1555 |
|
---|
| 1556 | ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
|
---|
| 1557 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1558 |
|
---|
| 1559 | ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
|
---|
| 1560 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1561 | ret = mbedtls_x509_dn_gets( p, n, &crt->issuer );
|
---|
| 1562 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1563 |
|
---|
| 1564 | ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
|
---|
| 1565 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1566 | ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
|
---|
| 1567 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1568 |
|
---|
| 1569 | ret = mbedtls_snprintf( p, n, "\n%sissued on : " \
|
---|
| 1570 | "%04d-%02d-%02d %02d:%02d:%02d", prefix,
|
---|
| 1571 | crt->valid_from.year, crt->valid_from.mon,
|
---|
| 1572 | crt->valid_from.day, crt->valid_from.hour,
|
---|
| 1573 | crt->valid_from.min, crt->valid_from.sec );
|
---|
| 1574 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1575 |
|
---|
| 1576 | ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \
|
---|
| 1577 | "%04d-%02d-%02d %02d:%02d:%02d", prefix,
|
---|
| 1578 | crt->valid_to.year, crt->valid_to.mon,
|
---|
| 1579 | crt->valid_to.day, crt->valid_to.hour,
|
---|
| 1580 | crt->valid_to.min, crt->valid_to.sec );
|
---|
| 1581 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1582 |
|
---|
| 1583 | ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
|
---|
| 1584 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1585 |
|
---|
| 1586 | ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
|
---|
| 1587 | crt->sig_md, crt->sig_opts );
|
---|
| 1588 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1589 |
|
---|
| 1590 | /* Key size */
|
---|
| 1591 | if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
|
---|
| 1592 | mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
|
---|
| 1593 | {
|
---|
| 1594 | return( ret );
|
---|
| 1595 | }
|
---|
| 1596 |
|
---|
| 1597 | ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
|
---|
| 1598 | (int) mbedtls_pk_get_bitlen( &crt->pk ) );
|
---|
| 1599 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1600 |
|
---|
| 1601 | /*
|
---|
| 1602 | * Optional extensions
|
---|
| 1603 | */
|
---|
| 1604 |
|
---|
| 1605 | if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
|
---|
| 1606 | {
|
---|
| 1607 | ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
|
---|
| 1608 | crt->ca_istrue ? "true" : "false" );
|
---|
| 1609 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1610 |
|
---|
| 1611 | if( crt->max_pathlen > 0 )
|
---|
| 1612 | {
|
---|
| 1613 | ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
|
---|
| 1614 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1615 | }
|
---|
| 1616 | }
|
---|
| 1617 |
|
---|
| 1618 | if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
|
---|
| 1619 | {
|
---|
| 1620 | ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
|
---|
| 1621 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1622 |
|
---|
| 1623 | if( ( ret = x509_info_subject_alt_name( &p, &n,
|
---|
| 1624 | &crt->subject_alt_names ) ) != 0 )
|
---|
| 1625 | return( ret );
|
---|
| 1626 | }
|
---|
| 1627 |
|
---|
| 1628 | if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
|
---|
| 1629 | {
|
---|
| 1630 | ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix );
|
---|
| 1631 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1632 |
|
---|
| 1633 | if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
|
---|
| 1634 | return( ret );
|
---|
| 1635 | }
|
---|
| 1636 |
|
---|
| 1637 | if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
|
---|
| 1638 | {
|
---|
| 1639 | ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix );
|
---|
| 1640 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1641 |
|
---|
| 1642 | if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
|
---|
| 1643 | return( ret );
|
---|
| 1644 | }
|
---|
| 1645 |
|
---|
| 1646 | if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
|
---|
| 1647 | {
|
---|
| 1648 | ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix );
|
---|
| 1649 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1650 |
|
---|
| 1651 | if( ( ret = x509_info_ext_key_usage( &p, &n,
|
---|
| 1652 | &crt->ext_key_usage ) ) != 0 )
|
---|
| 1653 | return( ret );
|
---|
| 1654 | }
|
---|
| 1655 |
|
---|
| 1656 | ret = mbedtls_snprintf( p, n, "\n" );
|
---|
| 1657 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1658 |
|
---|
| 1659 | return( (int) ( size - n ) );
|
---|
| 1660 | }
|
---|
| 1661 |
|
---|
| 1662 | struct x509_crt_verify_string {
|
---|
| 1663 | int code;
|
---|
| 1664 | const char *string;
|
---|
| 1665 | };
|
---|
| 1666 |
|
---|
| 1667 | static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
|
---|
| 1668 | { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
|
---|
| 1669 | { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
|
---|
| 1670 | { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
|
---|
| 1671 | { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
|
---|
| 1672 | { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
|
---|
| 1673 | { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
|
---|
| 1674 | { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
|
---|
| 1675 | { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
|
---|
| 1676 | { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
|
---|
| 1677 | { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
|
---|
| 1678 | { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
|
---|
| 1679 | { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
|
---|
| 1680 | { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
|
---|
| 1681 | { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
|
---|
| 1682 | { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." },
|
---|
| 1683 | { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
|
---|
| 1684 | { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
|
---|
| 1685 | { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." },
|
---|
| 1686 | { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
|
---|
| 1687 | { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
|
---|
| 1688 | { 0, NULL }
|
---|
| 1689 | };
|
---|
| 1690 |
|
---|
| 1691 | int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
|
---|
| 1692 | uint32_t flags )
|
---|
| 1693 | {
|
---|
| 1694 | int ret;
|
---|
| 1695 | const struct x509_crt_verify_string *cur;
|
---|
| 1696 | char *p = buf;
|
---|
| 1697 | size_t n = size;
|
---|
| 1698 |
|
---|
| 1699 | for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
|
---|
| 1700 | {
|
---|
| 1701 | if( ( flags & cur->code ) == 0 )
|
---|
| 1702 | continue;
|
---|
| 1703 |
|
---|
| 1704 | ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
|
---|
| 1705 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1706 | flags ^= cur->code;
|
---|
| 1707 | }
|
---|
| 1708 |
|
---|
| 1709 | if( flags != 0 )
|
---|
| 1710 | {
|
---|
| 1711 | ret = mbedtls_snprintf( p, n, "%sUnknown reason "
|
---|
| 1712 | "(this should not happen)\n", prefix );
|
---|
| 1713 | MBEDTLS_X509_SAFE_SNPRINTF;
|
---|
| 1714 | }
|
---|
| 1715 |
|
---|
| 1716 | return( (int) ( size - n ) );
|
---|
| 1717 | }
|
---|
| 1718 |
|
---|
| 1719 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
|
---|
| 1720 | int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
|
---|
| 1721 | unsigned int usage )
|
---|
| 1722 | {
|
---|
| 1723 | unsigned int usage_must, usage_may;
|
---|
| 1724 | unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
|
---|
| 1725 | | MBEDTLS_X509_KU_DECIPHER_ONLY;
|
---|
| 1726 |
|
---|
| 1727 | if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
|
---|
| 1728 | return( 0 );
|
---|
| 1729 |
|
---|
| 1730 | usage_must = usage & ~may_mask;
|
---|
| 1731 |
|
---|
| 1732 | if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
|
---|
| 1733 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
---|
| 1734 |
|
---|
| 1735 | usage_may = usage & may_mask;
|
---|
| 1736 |
|
---|
| 1737 | if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
|
---|
| 1738 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
---|
| 1739 |
|
---|
| 1740 | return( 0 );
|
---|
| 1741 | }
|
---|
| 1742 | #endif
|
---|
| 1743 |
|
---|
| 1744 | #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
---|
| 1745 | int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
|
---|
| 1746 | const char *usage_oid,
|
---|
| 1747 | size_t usage_len )
|
---|
| 1748 | {
|
---|
| 1749 | const mbedtls_x509_sequence *cur;
|
---|
| 1750 |
|
---|
| 1751 | /* Extension is not mandatory, absent means no restriction */
|
---|
| 1752 | if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
|
---|
| 1753 | return( 0 );
|
---|
| 1754 |
|
---|
| 1755 | /*
|
---|
| 1756 | * Look for the requested usage (or wildcard ANY) in our list
|
---|
| 1757 | */
|
---|
| 1758 | for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
|
---|
| 1759 | {
|
---|
| 1760 | const mbedtls_x509_buf *cur_oid = &cur->buf;
|
---|
| 1761 |
|
---|
| 1762 | if( cur_oid->len == usage_len &&
|
---|
| 1763 | memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
|
---|
| 1764 | {
|
---|
| 1765 | return( 0 );
|
---|
| 1766 | }
|
---|
| 1767 |
|
---|
| 1768 | if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
|
---|
| 1769 | return( 0 );
|
---|
| 1770 | }
|
---|
| 1771 |
|
---|
| 1772 | return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
---|
| 1773 | }
|
---|
| 1774 | #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
---|
| 1775 |
|
---|
| 1776 | #if defined(MBEDTLS_X509_CRL_PARSE_C)
|
---|
| 1777 | /*
|
---|
| 1778 | * Return 1 if the certificate is revoked, or 0 otherwise.
|
---|
| 1779 | */
|
---|
| 1780 | int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl )
|
---|
| 1781 | {
|
---|
| 1782 | const mbedtls_x509_crl_entry *cur = &crl->entry;
|
---|
| 1783 |
|
---|
| 1784 | while( cur != NULL && cur->serial.len != 0 )
|
---|
| 1785 | {
|
---|
| 1786 | if( crt->serial.len == cur->serial.len &&
|
---|
| 1787 | memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
|
---|
| 1788 | {
|
---|
| 1789 | if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
|
---|
| 1790 | return( 1 );
|
---|
| 1791 | }
|
---|
| 1792 |
|
---|
| 1793 | cur = cur->next;
|
---|
| 1794 | }
|
---|
| 1795 |
|
---|
| 1796 | return( 0 );
|
---|
| 1797 | }
|
---|
| 1798 |
|
---|
| 1799 | /*
|
---|
| 1800 | * Check that the given certificate is not revoked according to the CRL.
|
---|
| 1801 | * Skip validation if no CRL for the given CA is present.
|
---|
| 1802 | */
|
---|
| 1803 | static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
|
---|
| 1804 | mbedtls_x509_crl *crl_list,
|
---|
| 1805 | const mbedtls_x509_crt_profile *profile )
|
---|
| 1806 | {
|
---|
| 1807 | int flags = 0;
|
---|
| 1808 | unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
---|
| 1809 | const mbedtls_md_info_t *md_info;
|
---|
| 1810 |
|
---|
| 1811 | if( ca == NULL )
|
---|
| 1812 | return( flags );
|
---|
| 1813 |
|
---|
| 1814 | while( crl_list != NULL )
|
---|
| 1815 | {
|
---|
| 1816 | if( crl_list->version == 0 ||
|
---|
| 1817 | x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 )
|
---|
| 1818 | {
|
---|
| 1819 | crl_list = crl_list->next;
|
---|
| 1820 | continue;
|
---|
| 1821 | }
|
---|
| 1822 |
|
---|
| 1823 | /*
|
---|
| 1824 | * Check if the CA is configured to sign CRLs
|
---|
| 1825 | */
|
---|
| 1826 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
|
---|
| 1827 | if( mbedtls_x509_crt_check_key_usage( ca,
|
---|
| 1828 | MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
|
---|
| 1829 | {
|
---|
| 1830 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
|
---|
| 1831 | break;
|
---|
| 1832 | }
|
---|
| 1833 | #endif
|
---|
| 1834 |
|
---|
| 1835 | /*
|
---|
| 1836 | * Check if CRL is correctly signed by the trusted CA
|
---|
| 1837 | */
|
---|
| 1838 | if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
|
---|
| 1839 | flags |= MBEDTLS_X509_BADCRL_BAD_MD;
|
---|
| 1840 |
|
---|
| 1841 | if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
|
---|
| 1842 | flags |= MBEDTLS_X509_BADCRL_BAD_PK;
|
---|
| 1843 |
|
---|
| 1844 | md_info = mbedtls_md_info_from_type( crl_list->sig_md );
|
---|
| 1845 | if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
|
---|
| 1846 | {
|
---|
| 1847 | /* Note: this can't happen except after an internal error */
|
---|
| 1848 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
|
---|
| 1849 | break;
|
---|
| 1850 | }
|
---|
| 1851 |
|
---|
| 1852 | if( x509_profile_check_key( profile, &ca->pk ) != 0 )
|
---|
| 1853 | flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
---|
| 1854 |
|
---|
| 1855 | if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
|
---|
| 1856 | crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
|
---|
| 1857 | crl_list->sig.p, crl_list->sig.len ) != 0 )
|
---|
| 1858 | {
|
---|
| 1859 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
|
---|
| 1860 | break;
|
---|
| 1861 | }
|
---|
| 1862 |
|
---|
| 1863 | /*
|
---|
| 1864 | * Check for validity of CRL (Do not drop out)
|
---|
| 1865 | */
|
---|
| 1866 | if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
|
---|
| 1867 | flags |= MBEDTLS_X509_BADCRL_EXPIRED;
|
---|
| 1868 |
|
---|
| 1869 | if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
|
---|
| 1870 | flags |= MBEDTLS_X509_BADCRL_FUTURE;
|
---|
| 1871 |
|
---|
| 1872 | /*
|
---|
| 1873 | * Check if certificate is revoked
|
---|
| 1874 | */
|
---|
| 1875 | if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
|
---|
| 1876 | {
|
---|
| 1877 | flags |= MBEDTLS_X509_BADCERT_REVOKED;
|
---|
| 1878 | break;
|
---|
| 1879 | }
|
---|
| 1880 |
|
---|
| 1881 | crl_list = crl_list->next;
|
---|
| 1882 | }
|
---|
| 1883 |
|
---|
| 1884 | return( flags );
|
---|
| 1885 | }
|
---|
| 1886 | #endif /* MBEDTLS_X509_CRL_PARSE_C */
|
---|
| 1887 |
|
---|
| 1888 | /*
|
---|
| 1889 | * Check the signature of a certificate by its parent
|
---|
| 1890 | */
|
---|
| 1891 | static int x509_crt_check_signature( const mbedtls_x509_crt *child,
|
---|
| 1892 | mbedtls_x509_crt *parent,
|
---|
| 1893 | mbedtls_x509_crt_restart_ctx *rs_ctx )
|
---|
| 1894 | {
|
---|
| 1895 | const mbedtls_md_info_t *md_info;
|
---|
| 1896 | unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
---|
| 1897 |
|
---|
| 1898 | md_info = mbedtls_md_info_from_type( child->sig_md );
|
---|
| 1899 | if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
|
---|
| 1900 | {
|
---|
| 1901 | /* Note: this can't happen except after an internal error */
|
---|
| 1902 | return( -1 );
|
---|
| 1903 | }
|
---|
| 1904 |
|
---|
| 1905 | /* Skip expensive computation on obvious mismatch */
|
---|
| 1906 | if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
|
---|
| 1907 | return( -1 );
|
---|
| 1908 |
|
---|
| 1909 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 1910 | if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
|
---|
| 1911 | {
|
---|
| 1912 | return( mbedtls_pk_verify_restartable( &parent->pk,
|
---|
| 1913 | child->sig_md, hash, mbedtls_md_get_size( md_info ),
|
---|
| 1914 | child->sig.p, child->sig.len, &rs_ctx->pk ) );
|
---|
| 1915 | }
|
---|
| 1916 | #else
|
---|
| 1917 | (void) rs_ctx;
|
---|
| 1918 | #endif
|
---|
| 1919 |
|
---|
| 1920 | return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
|
---|
| 1921 | child->sig_md, hash, mbedtls_md_get_size( md_info ),
|
---|
| 1922 | child->sig.p, child->sig.len ) );
|
---|
| 1923 | }
|
---|
| 1924 |
|
---|
| 1925 | /*
|
---|
| 1926 | * Check if 'parent' is a suitable parent (signing CA) for 'child'.
|
---|
| 1927 | * Return 0 if yes, -1 if not.
|
---|
| 1928 | *
|
---|
| 1929 | * top means parent is a locally-trusted certificate
|
---|
| 1930 | */
|
---|
| 1931 | static int x509_crt_check_parent( const mbedtls_x509_crt *child,
|
---|
| 1932 | const mbedtls_x509_crt *parent,
|
---|
| 1933 | int top )
|
---|
| 1934 | {
|
---|
| 1935 | int need_ca_bit;
|
---|
| 1936 |
|
---|
| 1937 | /* Parent must be the issuer */
|
---|
| 1938 | if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
|
---|
| 1939 | return( -1 );
|
---|
| 1940 |
|
---|
| 1941 | /* Parent must have the basicConstraints CA bit set as a general rule */
|
---|
| 1942 | need_ca_bit = 1;
|
---|
| 1943 |
|
---|
| 1944 | /* Exception: v1/v2 certificates that are locally trusted. */
|
---|
| 1945 | if( top && parent->version < 3 )
|
---|
| 1946 | need_ca_bit = 0;
|
---|
| 1947 |
|
---|
| 1948 | if( need_ca_bit && ! parent->ca_istrue )
|
---|
| 1949 | return( -1 );
|
---|
| 1950 |
|
---|
| 1951 | #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
|
---|
| 1952 | if( need_ca_bit &&
|
---|
| 1953 | mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
|
---|
| 1954 | {
|
---|
| 1955 | return( -1 );
|
---|
| 1956 | }
|
---|
| 1957 | #endif
|
---|
| 1958 |
|
---|
| 1959 | return( 0 );
|
---|
| 1960 | }
|
---|
| 1961 |
|
---|
| 1962 | /*
|
---|
| 1963 | * Find a suitable parent for child in candidates, or return NULL.
|
---|
| 1964 | *
|
---|
| 1965 | * Here suitable is defined as:
|
---|
| 1966 | * 1. subject name matches child's issuer
|
---|
| 1967 | * 2. if necessary, the CA bit is set and key usage allows signing certs
|
---|
| 1968 | * 3. for trusted roots, the signature is correct
|
---|
| 1969 | * (for intermediates, the signature is checked and the result reported)
|
---|
| 1970 | * 4. pathlen constraints are satisfied
|
---|
| 1971 | *
|
---|
| 1972 | * If there's a suitable candidate which is also time-valid, return the first
|
---|
| 1973 | * such. Otherwise, return the first suitable candidate (or NULL if there is
|
---|
| 1974 | * none).
|
---|
| 1975 | *
|
---|
| 1976 | * The rationale for this rule is that someone could have a list of trusted
|
---|
| 1977 | * roots with two versions on the same root with different validity periods.
|
---|
| 1978 | * (At least one user reported having such a list and wanted it to just work.)
|
---|
| 1979 | * The reason we don't just require time-validity is that generally there is
|
---|
| 1980 | * only one version, and if it's expired we want the flags to state that
|
---|
| 1981 | * rather than NOT_TRUSTED, as would be the case if we required it here.
|
---|
| 1982 | *
|
---|
| 1983 | * The rationale for rule 3 (signature for trusted roots) is that users might
|
---|
| 1984 | * have two versions of the same CA with different keys in their list, and the
|
---|
| 1985 | * way we select the correct one is by checking the signature (as we don't
|
---|
| 1986 | * rely on key identifier extensions). (This is one way users might choose to
|
---|
| 1987 | * handle key rollover, another relies on self-issued certs, see [SIRO].)
|
---|
| 1988 | *
|
---|
| 1989 | * Arguments:
|
---|
| 1990 | * - [in] child: certificate for which we're looking for a parent
|
---|
| 1991 | * - [in] candidates: chained list of potential parents
|
---|
| 1992 | * - [out] r_parent: parent found (or NULL)
|
---|
| 1993 | * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
|
---|
| 1994 | * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
|
---|
| 1995 | * of the chain, 0 otherwise
|
---|
| 1996 | * - [in] path_cnt: number of intermediates seen so far
|
---|
| 1997 | * - [in] self_cnt: number of self-signed intermediates seen so far
|
---|
| 1998 | * (will never be greater than path_cnt)
|
---|
| 1999 | * - [in-out] rs_ctx: context for restarting operations
|
---|
| 2000 | *
|
---|
| 2001 | * Return value:
|
---|
| 2002 | * - 0 on success
|
---|
| 2003 | * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
|
---|
| 2004 | */
|
---|
| 2005 | static int x509_crt_find_parent_in(
|
---|
| 2006 | mbedtls_x509_crt *child,
|
---|
| 2007 | mbedtls_x509_crt *candidates,
|
---|
| 2008 | mbedtls_x509_crt **r_parent,
|
---|
| 2009 | int *r_signature_is_good,
|
---|
| 2010 | int top,
|
---|
| 2011 | unsigned path_cnt,
|
---|
| 2012 | unsigned self_cnt,
|
---|
| 2013 | mbedtls_x509_crt_restart_ctx *rs_ctx )
|
---|
| 2014 | {
|
---|
| 2015 | int ret;
|
---|
| 2016 | mbedtls_x509_crt *parent, *fallback_parent;
|
---|
| 2017 | int signature_is_good, fallback_signature_is_good;
|
---|
| 2018 |
|
---|
| 2019 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2020 | /* did we have something in progress? */
|
---|
| 2021 | if( rs_ctx != NULL && rs_ctx->parent != NULL )
|
---|
| 2022 | {
|
---|
| 2023 | /* restore saved state */
|
---|
| 2024 | parent = rs_ctx->parent;
|
---|
| 2025 | fallback_parent = rs_ctx->fallback_parent;
|
---|
| 2026 | fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
|
---|
| 2027 |
|
---|
| 2028 | /* clear saved state */
|
---|
| 2029 | rs_ctx->parent = NULL;
|
---|
| 2030 | rs_ctx->fallback_parent = NULL;
|
---|
| 2031 | rs_ctx->fallback_signature_is_good = 0;
|
---|
| 2032 |
|
---|
| 2033 | /* resume where we left */
|
---|
| 2034 | goto check_signature;
|
---|
| 2035 | }
|
---|
| 2036 | #endif
|
---|
| 2037 |
|
---|
| 2038 | fallback_parent = NULL;
|
---|
| 2039 | fallback_signature_is_good = 0;
|
---|
| 2040 |
|
---|
| 2041 | for( parent = candidates; parent != NULL; parent = parent->next )
|
---|
| 2042 | {
|
---|
| 2043 | /* basic parenting skills (name, CA bit, key usage) */
|
---|
| 2044 | if( x509_crt_check_parent( child, parent, top ) != 0 )
|
---|
| 2045 | continue;
|
---|
| 2046 |
|
---|
| 2047 | /* +1 because stored max_pathlen is 1 higher that the actual value */
|
---|
| 2048 | if( parent->max_pathlen > 0 &&
|
---|
| 2049 | (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt )
|
---|
| 2050 | {
|
---|
| 2051 | continue;
|
---|
| 2052 | }
|
---|
| 2053 |
|
---|
| 2054 | /* Signature */
|
---|
| 2055 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2056 | check_signature:
|
---|
| 2057 | #endif
|
---|
| 2058 | ret = x509_crt_check_signature( child, parent, rs_ctx );
|
---|
| 2059 |
|
---|
| 2060 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2061 | if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
---|
| 2062 | {
|
---|
| 2063 | /* save state */
|
---|
| 2064 | rs_ctx->parent = parent;
|
---|
| 2065 | rs_ctx->fallback_parent = fallback_parent;
|
---|
| 2066 | rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
|
---|
| 2067 |
|
---|
| 2068 | return( ret );
|
---|
| 2069 | }
|
---|
| 2070 | #else
|
---|
| 2071 | (void) ret;
|
---|
| 2072 | #endif
|
---|
| 2073 |
|
---|
| 2074 | signature_is_good = ret == 0;
|
---|
| 2075 | if( top && ! signature_is_good )
|
---|
| 2076 | continue;
|
---|
| 2077 |
|
---|
| 2078 | /* optional time check */
|
---|
| 2079 | if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
|
---|
| 2080 | mbedtls_x509_time_is_future( &parent->valid_from ) )
|
---|
| 2081 | {
|
---|
| 2082 | if( fallback_parent == NULL )
|
---|
| 2083 | {
|
---|
| 2084 | fallback_parent = parent;
|
---|
| 2085 | fallback_signature_is_good = signature_is_good;
|
---|
| 2086 | }
|
---|
| 2087 |
|
---|
| 2088 | continue;
|
---|
| 2089 | }
|
---|
| 2090 |
|
---|
| 2091 | break;
|
---|
| 2092 | }
|
---|
| 2093 |
|
---|
| 2094 | if( parent != NULL )
|
---|
| 2095 | {
|
---|
| 2096 | *r_parent = parent;
|
---|
| 2097 | *r_signature_is_good = signature_is_good;
|
---|
| 2098 | }
|
---|
| 2099 | else
|
---|
| 2100 | {
|
---|
| 2101 | *r_parent = fallback_parent;
|
---|
| 2102 | *r_signature_is_good = fallback_signature_is_good;
|
---|
| 2103 | }
|
---|
| 2104 |
|
---|
| 2105 | return( 0 );
|
---|
| 2106 | }
|
---|
| 2107 |
|
---|
| 2108 | /*
|
---|
| 2109 | * Find a parent in trusted CAs or the provided chain, or return NULL.
|
---|
| 2110 | *
|
---|
| 2111 | * Searches in trusted CAs first, and return the first suitable parent found
|
---|
| 2112 | * (see find_parent_in() for definition of suitable).
|
---|
| 2113 | *
|
---|
| 2114 | * Arguments:
|
---|
| 2115 | * - [in] child: certificate for which we're looking for a parent, followed
|
---|
| 2116 | * by a chain of possible intermediates
|
---|
| 2117 | * - [in] trust_ca: list of locally trusted certificates
|
---|
| 2118 | * - [out] parent: parent found (or NULL)
|
---|
| 2119 | * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
|
---|
| 2120 | * - [out] signature_is_good: 1 if child signature by parent is valid, or 0
|
---|
| 2121 | * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child)
|
---|
| 2122 | * - [in] self_cnt: number of self-signed certs in the chain so far
|
---|
| 2123 | * (will always be no greater than path_cnt)
|
---|
| 2124 | * - [in-out] rs_ctx: context for restarting operations
|
---|
| 2125 | *
|
---|
| 2126 | * Return value:
|
---|
| 2127 | * - 0 on success
|
---|
| 2128 | * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
|
---|
| 2129 | */
|
---|
| 2130 | static int x509_crt_find_parent(
|
---|
| 2131 | mbedtls_x509_crt *child,
|
---|
| 2132 | mbedtls_x509_crt *trust_ca,
|
---|
| 2133 | mbedtls_x509_crt **parent,
|
---|
| 2134 | int *parent_is_trusted,
|
---|
| 2135 | int *signature_is_good,
|
---|
| 2136 | unsigned path_cnt,
|
---|
| 2137 | unsigned self_cnt,
|
---|
| 2138 | mbedtls_x509_crt_restart_ctx *rs_ctx )
|
---|
| 2139 | {
|
---|
| 2140 | int ret;
|
---|
| 2141 | mbedtls_x509_crt *search_list;
|
---|
| 2142 |
|
---|
| 2143 | *parent_is_trusted = 1;
|
---|
| 2144 |
|
---|
| 2145 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2146 | /* restore then clear saved state if we have some stored */
|
---|
| 2147 | if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 )
|
---|
| 2148 | {
|
---|
| 2149 | *parent_is_trusted = rs_ctx->parent_is_trusted;
|
---|
| 2150 | rs_ctx->parent_is_trusted = -1;
|
---|
| 2151 | }
|
---|
| 2152 | #endif
|
---|
| 2153 |
|
---|
| 2154 | while( 1 ) {
|
---|
| 2155 | search_list = *parent_is_trusted ? trust_ca : child->next;
|
---|
| 2156 |
|
---|
| 2157 | ret = x509_crt_find_parent_in( child, search_list,
|
---|
| 2158 | parent, signature_is_good,
|
---|
| 2159 | *parent_is_trusted,
|
---|
| 2160 | path_cnt, self_cnt, rs_ctx );
|
---|
| 2161 |
|
---|
| 2162 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2163 | if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
---|
| 2164 | {
|
---|
| 2165 | /* save state */
|
---|
| 2166 | rs_ctx->parent_is_trusted = *parent_is_trusted;
|
---|
| 2167 | return( ret );
|
---|
| 2168 | }
|
---|
| 2169 | #else
|
---|
| 2170 | (void) ret;
|
---|
| 2171 | #endif
|
---|
| 2172 |
|
---|
| 2173 | /* stop here if found or already in second iteration */
|
---|
| 2174 | if( *parent != NULL || *parent_is_trusted == 0 )
|
---|
| 2175 | break;
|
---|
| 2176 |
|
---|
| 2177 | /* prepare second iteration */
|
---|
| 2178 | *parent_is_trusted = 0;
|
---|
| 2179 | }
|
---|
| 2180 |
|
---|
| 2181 | /* extra precaution against mistakes in the caller */
|
---|
| 2182 | if( *parent == NULL )
|
---|
| 2183 | {
|
---|
| 2184 | *parent_is_trusted = 0;
|
---|
| 2185 | *signature_is_good = 0;
|
---|
| 2186 | }
|
---|
| 2187 |
|
---|
| 2188 | return( 0 );
|
---|
| 2189 | }
|
---|
| 2190 |
|
---|
| 2191 | /*
|
---|
| 2192 | * Check if an end-entity certificate is locally trusted
|
---|
| 2193 | *
|
---|
| 2194 | * Currently we require such certificates to be self-signed (actually only
|
---|
| 2195 | * check for self-issued as self-signatures are not checked)
|
---|
| 2196 | */
|
---|
| 2197 | static int x509_crt_check_ee_locally_trusted(
|
---|
| 2198 | mbedtls_x509_crt *crt,
|
---|
| 2199 | mbedtls_x509_crt *trust_ca )
|
---|
| 2200 | {
|
---|
| 2201 | mbedtls_x509_crt *cur;
|
---|
| 2202 |
|
---|
| 2203 | /* must be self-issued */
|
---|
| 2204 | if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 )
|
---|
| 2205 | return( -1 );
|
---|
| 2206 |
|
---|
| 2207 | /* look for an exact match with trusted cert */
|
---|
| 2208 | for( cur = trust_ca; cur != NULL; cur = cur->next )
|
---|
| 2209 | {
|
---|
| 2210 | if( crt->raw.len == cur->raw.len &&
|
---|
| 2211 | memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
|
---|
| 2212 | {
|
---|
| 2213 | return( 0 );
|
---|
| 2214 | }
|
---|
| 2215 | }
|
---|
| 2216 |
|
---|
| 2217 | /* too bad */
|
---|
| 2218 | return( -1 );
|
---|
| 2219 | }
|
---|
| 2220 |
|
---|
| 2221 | /*
|
---|
| 2222 | * Build and verify a certificate chain
|
---|
| 2223 | *
|
---|
| 2224 | * Given a peer-provided list of certificates EE, C1, ..., Cn and
|
---|
| 2225 | * a list of trusted certs R1, ... Rp, try to build and verify a chain
|
---|
| 2226 | * EE, Ci1, ... Ciq [, Rj]
|
---|
| 2227 | * such that every cert in the chain is a child of the next one,
|
---|
| 2228 | * jumping to a trusted root as early as possible.
|
---|
| 2229 | *
|
---|
| 2230 | * Verify that chain and return it with flags for all issues found.
|
---|
| 2231 | *
|
---|
| 2232 | * Special cases:
|
---|
| 2233 | * - EE == Rj -> return a one-element list containing it
|
---|
| 2234 | * - EE, Ci1, ..., Ciq cannot be continued with a trusted root
|
---|
| 2235 | * -> return that chain with NOT_TRUSTED set on Ciq
|
---|
| 2236 | *
|
---|
| 2237 | * Tests for (aspects of) this function should include at least:
|
---|
| 2238 | * - trusted EE
|
---|
| 2239 | * - EE -> trusted root
|
---|
| 2240 | * - EE -> intermedate CA -> trusted root
|
---|
| 2241 | * - if relevant: EE untrusted
|
---|
| 2242 | * - if relevant: EE -> intermediate, untrusted
|
---|
| 2243 | * with the aspect under test checked at each relevant level (EE, int, root).
|
---|
| 2244 | * For some aspects longer chains are required, but usually length 2 is
|
---|
| 2245 | * enough (but length 1 is not in general).
|
---|
| 2246 | *
|
---|
| 2247 | * Arguments:
|
---|
| 2248 | * - [in] crt: the cert list EE, C1, ..., Cn
|
---|
| 2249 | * - [in] trust_ca: the trusted list R1, ..., Rp
|
---|
| 2250 | * - [in] ca_crl, profile: as in verify_with_profile()
|
---|
| 2251 | * - [out] ver_chain: the built and verified chain
|
---|
| 2252 | * Only valid when return value is 0, may contain garbage otherwise!
|
---|
| 2253 | * Restart note: need not be the same when calling again to resume.
|
---|
| 2254 | * - [in-out] rs_ctx: context for restarting operations
|
---|
| 2255 | *
|
---|
| 2256 | * Return value:
|
---|
| 2257 | * - non-zero if the chain could not be fully built and examined
|
---|
| 2258 | * - 0 is the chain was successfully built and examined,
|
---|
| 2259 | * even if it was found to be invalid
|
---|
| 2260 | */
|
---|
| 2261 | static int x509_crt_verify_chain(
|
---|
| 2262 | mbedtls_x509_crt *crt,
|
---|
| 2263 | mbedtls_x509_crt *trust_ca,
|
---|
| 2264 | mbedtls_x509_crl *ca_crl,
|
---|
| 2265 | const mbedtls_x509_crt_profile *profile,
|
---|
| 2266 | mbedtls_x509_crt_verify_chain *ver_chain,
|
---|
| 2267 | mbedtls_x509_crt_restart_ctx *rs_ctx )
|
---|
| 2268 | {
|
---|
| 2269 | /* Don't initialize any of those variables here, so that the compiler can
|
---|
| 2270 | * catch potential issues with jumping ahead when restarting */
|
---|
| 2271 | int ret;
|
---|
| 2272 | uint32_t *flags;
|
---|
| 2273 | mbedtls_x509_crt_verify_chain_item *cur;
|
---|
| 2274 | mbedtls_x509_crt *child;
|
---|
| 2275 | mbedtls_x509_crt *parent;
|
---|
| 2276 | int parent_is_trusted;
|
---|
| 2277 | int child_is_trusted;
|
---|
| 2278 | int signature_is_good;
|
---|
| 2279 | unsigned self_cnt;
|
---|
| 2280 |
|
---|
| 2281 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2282 | /* resume if we had an operation in progress */
|
---|
| 2283 | if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent )
|
---|
| 2284 | {
|
---|
| 2285 | /* restore saved state */
|
---|
| 2286 | *ver_chain = rs_ctx->ver_chain; /* struct copy */
|
---|
| 2287 | self_cnt = rs_ctx->self_cnt;
|
---|
| 2288 |
|
---|
| 2289 | /* restore derived state */
|
---|
| 2290 | cur = &ver_chain->items[ver_chain->len - 1];
|
---|
| 2291 | child = cur->crt;
|
---|
| 2292 | flags = &cur->flags;
|
---|
| 2293 |
|
---|
| 2294 | goto find_parent;
|
---|
| 2295 | }
|
---|
| 2296 | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
---|
| 2297 |
|
---|
| 2298 | child = crt;
|
---|
| 2299 | self_cnt = 0;
|
---|
| 2300 | parent_is_trusted = 0;
|
---|
| 2301 | child_is_trusted = 0;
|
---|
| 2302 |
|
---|
| 2303 | while( 1 ) {
|
---|
| 2304 | /* Add certificate to the verification chain */
|
---|
| 2305 | cur = &ver_chain->items[ver_chain->len];
|
---|
| 2306 | cur->crt = child;
|
---|
| 2307 | cur->flags = 0;
|
---|
| 2308 | ver_chain->len++;
|
---|
| 2309 | flags = &cur->flags;
|
---|
| 2310 |
|
---|
| 2311 | /* Check time-validity (all certificates) */
|
---|
| 2312 | if( mbedtls_x509_time_is_past( &child->valid_to ) )
|
---|
| 2313 | *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
|
---|
| 2314 |
|
---|
| 2315 | if( mbedtls_x509_time_is_future( &child->valid_from ) )
|
---|
| 2316 | *flags |= MBEDTLS_X509_BADCERT_FUTURE;
|
---|
| 2317 |
|
---|
| 2318 | /* Stop here for trusted roots (but not for trusted EE certs) */
|
---|
| 2319 | if( child_is_trusted )
|
---|
| 2320 | return( 0 );
|
---|
| 2321 |
|
---|
| 2322 | /* Check signature algorithm: MD & PK algs */
|
---|
| 2323 | if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
|
---|
| 2324 | *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
|
---|
| 2325 |
|
---|
| 2326 | if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
|
---|
| 2327 | *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
|
---|
| 2328 |
|
---|
| 2329 | /* Special case: EE certs that are locally trusted */
|
---|
| 2330 | if( ver_chain->len == 1 &&
|
---|
| 2331 | x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
|
---|
| 2332 | {
|
---|
| 2333 | return( 0 );
|
---|
| 2334 | }
|
---|
| 2335 |
|
---|
| 2336 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2337 | find_parent:
|
---|
| 2338 | #endif
|
---|
| 2339 | /* Look for a parent in trusted CAs or up the chain */
|
---|
| 2340 | ret = x509_crt_find_parent( child, trust_ca, &parent,
|
---|
| 2341 | &parent_is_trusted, &signature_is_good,
|
---|
| 2342 | ver_chain->len - 1, self_cnt, rs_ctx );
|
---|
| 2343 |
|
---|
| 2344 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2345 | if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
---|
| 2346 | {
|
---|
| 2347 | /* save state */
|
---|
| 2348 | rs_ctx->in_progress = x509_crt_rs_find_parent;
|
---|
| 2349 | rs_ctx->self_cnt = self_cnt;
|
---|
| 2350 | rs_ctx->ver_chain = *ver_chain; /* struct copy */
|
---|
| 2351 |
|
---|
| 2352 | return( ret );
|
---|
| 2353 | }
|
---|
| 2354 | #else
|
---|
| 2355 | (void) ret;
|
---|
| 2356 | #endif
|
---|
| 2357 |
|
---|
| 2358 | /* No parent? We're done here */
|
---|
| 2359 | if( parent == NULL )
|
---|
| 2360 | {
|
---|
| 2361 | *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
|
---|
| 2362 | return( 0 );
|
---|
| 2363 | }
|
---|
| 2364 |
|
---|
| 2365 | /* Count intermediate self-issued (not necessarily self-signed) certs.
|
---|
| 2366 | * These can occur with some strategies for key rollover, see [SIRO],
|
---|
| 2367 | * and should be excluded from max_pathlen checks. */
|
---|
| 2368 | if( ver_chain->len != 1 &&
|
---|
| 2369 | x509_name_cmp( &child->issuer, &child->subject ) == 0 )
|
---|
| 2370 | {
|
---|
| 2371 | self_cnt++;
|
---|
| 2372 | }
|
---|
| 2373 |
|
---|
| 2374 | /* path_cnt is 0 for the first intermediate CA,
|
---|
| 2375 | * and if parent is trusted it's not an intermediate CA */
|
---|
| 2376 | if( ! parent_is_trusted &&
|
---|
| 2377 | ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
|
---|
| 2378 | {
|
---|
| 2379 | /* return immediately to avoid overflow the chain array */
|
---|
| 2380 | return( MBEDTLS_ERR_X509_FATAL_ERROR );
|
---|
| 2381 | }
|
---|
| 2382 |
|
---|
| 2383 | /* signature was checked while searching parent */
|
---|
| 2384 | if( ! signature_is_good )
|
---|
| 2385 | *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
|
---|
| 2386 |
|
---|
| 2387 | /* check size of signing key */
|
---|
| 2388 | if( x509_profile_check_key( profile, &parent->pk ) != 0 )
|
---|
| 2389 | *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
---|
| 2390 |
|
---|
| 2391 | #if defined(MBEDTLS_X509_CRL_PARSE_C)
|
---|
| 2392 | /* Check trusted CA's CRL for the given crt */
|
---|
| 2393 | *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile );
|
---|
| 2394 | #else
|
---|
| 2395 | (void) ca_crl;
|
---|
| 2396 | #endif
|
---|
| 2397 |
|
---|
| 2398 | /* prepare for next iteration */
|
---|
| 2399 | child = parent;
|
---|
| 2400 | parent = NULL;
|
---|
| 2401 | child_is_trusted = parent_is_trusted;
|
---|
| 2402 | signature_is_good = 0;
|
---|
| 2403 | }
|
---|
| 2404 | }
|
---|
| 2405 |
|
---|
| 2406 | /*
|
---|
| 2407 | * Check for CN match
|
---|
| 2408 | */
|
---|
| 2409 | static int x509_crt_check_cn( const mbedtls_x509_buf *name,
|
---|
| 2410 | const char *cn, size_t cn_len )
|
---|
| 2411 | {
|
---|
| 2412 | /* try exact match */
|
---|
| 2413 | if( name->len == cn_len &&
|
---|
| 2414 | x509_memcasecmp( cn, name->p, cn_len ) == 0 )
|
---|
| 2415 | {
|
---|
| 2416 | return( 0 );
|
---|
| 2417 | }
|
---|
| 2418 |
|
---|
| 2419 | /* try wildcard match */
|
---|
| 2420 | if( x509_check_wildcard( cn, name ) == 0 )
|
---|
| 2421 | {
|
---|
| 2422 | return( 0 );
|
---|
| 2423 | }
|
---|
| 2424 |
|
---|
| 2425 | return( -1 );
|
---|
| 2426 | }
|
---|
| 2427 |
|
---|
| 2428 | /*
|
---|
| 2429 | * Verify the requested CN - only call this if cn is not NULL!
|
---|
| 2430 | */
|
---|
| 2431 | static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
|
---|
| 2432 | const char *cn,
|
---|
| 2433 | uint32_t *flags )
|
---|
| 2434 | {
|
---|
| 2435 | const mbedtls_x509_name *name;
|
---|
| 2436 | const mbedtls_x509_sequence *cur;
|
---|
| 2437 | size_t cn_len = strlen( cn );
|
---|
| 2438 |
|
---|
| 2439 | if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
|
---|
| 2440 | {
|
---|
| 2441 | for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
|
---|
| 2442 | {
|
---|
| 2443 | if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
|
---|
| 2444 | break;
|
---|
| 2445 | }
|
---|
| 2446 |
|
---|
| 2447 | if( cur == NULL )
|
---|
| 2448 | *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
|
---|
| 2449 | }
|
---|
| 2450 | else
|
---|
| 2451 | {
|
---|
| 2452 | for( name = &crt->subject; name != NULL; name = name->next )
|
---|
| 2453 | {
|
---|
| 2454 | if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
|
---|
| 2455 | x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
|
---|
| 2456 | {
|
---|
| 2457 | break;
|
---|
| 2458 | }
|
---|
| 2459 | }
|
---|
| 2460 |
|
---|
| 2461 | if( name == NULL )
|
---|
| 2462 | *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
|
---|
| 2463 | }
|
---|
| 2464 | }
|
---|
| 2465 |
|
---|
| 2466 | /*
|
---|
| 2467 | * Merge the flags for all certs in the chain, after calling callback
|
---|
| 2468 | */
|
---|
| 2469 | static int x509_crt_merge_flags_with_cb(
|
---|
| 2470 | uint32_t *flags,
|
---|
| 2471 | const mbedtls_x509_crt_verify_chain *ver_chain,
|
---|
| 2472 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
---|
| 2473 | void *p_vrfy )
|
---|
| 2474 | {
|
---|
| 2475 | int ret;
|
---|
| 2476 | unsigned i;
|
---|
| 2477 | uint32_t cur_flags;
|
---|
| 2478 | const mbedtls_x509_crt_verify_chain_item *cur;
|
---|
| 2479 |
|
---|
| 2480 | for( i = ver_chain->len; i != 0; --i )
|
---|
| 2481 | {
|
---|
| 2482 | cur = &ver_chain->items[i-1];
|
---|
| 2483 | cur_flags = cur->flags;
|
---|
| 2484 |
|
---|
| 2485 | if( NULL != f_vrfy )
|
---|
| 2486 | if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 )
|
---|
| 2487 | return( ret );
|
---|
| 2488 |
|
---|
| 2489 | *flags |= cur_flags;
|
---|
| 2490 | }
|
---|
| 2491 |
|
---|
| 2492 | return( 0 );
|
---|
| 2493 | }
|
---|
| 2494 |
|
---|
| 2495 | /*
|
---|
| 2496 | * Verify the certificate validity (default profile, not restartable)
|
---|
| 2497 | */
|
---|
| 2498 | int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
---|
| 2499 | mbedtls_x509_crt *trust_ca,
|
---|
| 2500 | mbedtls_x509_crl *ca_crl,
|
---|
| 2501 | const char *cn, uint32_t *flags,
|
---|
| 2502 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
---|
| 2503 | void *p_vrfy )
|
---|
| 2504 | {
|
---|
| 2505 | return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl,
|
---|
| 2506 | &mbedtls_x509_crt_profile_default, cn, flags,
|
---|
| 2507 | f_vrfy, p_vrfy, NULL ) );
|
---|
| 2508 | }
|
---|
| 2509 |
|
---|
| 2510 | /*
|
---|
| 2511 | * Verify the certificate validity (user-chosen profile, not restartable)
|
---|
| 2512 | */
|
---|
| 2513 | int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
---|
| 2514 | mbedtls_x509_crt *trust_ca,
|
---|
| 2515 | mbedtls_x509_crl *ca_crl,
|
---|
| 2516 | const mbedtls_x509_crt_profile *profile,
|
---|
| 2517 | const char *cn, uint32_t *flags,
|
---|
| 2518 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
---|
| 2519 | void *p_vrfy )
|
---|
| 2520 | {
|
---|
| 2521 | return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl,
|
---|
| 2522 | profile, cn, flags, f_vrfy, p_vrfy, NULL ) );
|
---|
| 2523 | }
|
---|
| 2524 |
|
---|
| 2525 | /*
|
---|
| 2526 | * Verify the certificate validity, with profile, restartable version
|
---|
| 2527 | *
|
---|
| 2528 | * This function:
|
---|
| 2529 | * - checks the requested CN (if any)
|
---|
| 2530 | * - checks the type and size of the EE cert's key,
|
---|
| 2531 | * as that isn't done as part of chain building/verification currently
|
---|
| 2532 | * - builds and verifies the chain
|
---|
| 2533 | * - then calls the callback and merges the flags
|
---|
| 2534 | */
|
---|
| 2535 | int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
|
---|
| 2536 | mbedtls_x509_crt *trust_ca,
|
---|
| 2537 | mbedtls_x509_crl *ca_crl,
|
---|
| 2538 | const mbedtls_x509_crt_profile *profile,
|
---|
| 2539 | const char *cn, uint32_t *flags,
|
---|
| 2540 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
---|
| 2541 | void *p_vrfy,
|
---|
| 2542 | mbedtls_x509_crt_restart_ctx *rs_ctx )
|
---|
| 2543 | {
|
---|
| 2544 | int ret;
|
---|
| 2545 | mbedtls_pk_type_t pk_type;
|
---|
| 2546 | mbedtls_x509_crt_verify_chain ver_chain;
|
---|
| 2547 | uint32_t ee_flags;
|
---|
| 2548 |
|
---|
| 2549 | *flags = 0;
|
---|
| 2550 | ee_flags = 0;
|
---|
| 2551 | x509_crt_verify_chain_reset( &ver_chain );
|
---|
| 2552 |
|
---|
| 2553 | if( profile == NULL )
|
---|
| 2554 | {
|
---|
| 2555 | ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
|
---|
| 2556 | goto exit;
|
---|
| 2557 | }
|
---|
| 2558 |
|
---|
| 2559 | /* check name if requested */
|
---|
| 2560 | if( cn != NULL )
|
---|
| 2561 | x509_crt_verify_name( crt, cn, &ee_flags );
|
---|
| 2562 |
|
---|
| 2563 | /* Check the type and size of the key */
|
---|
| 2564 | pk_type = mbedtls_pk_get_type( &crt->pk );
|
---|
| 2565 |
|
---|
| 2566 | if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
|
---|
| 2567 | ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
|
---|
| 2568 |
|
---|
| 2569 | if( x509_profile_check_key( profile, &crt->pk ) != 0 )
|
---|
| 2570 | ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
---|
| 2571 |
|
---|
| 2572 | /* Check the chain */
|
---|
| 2573 | ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
|
---|
| 2574 | &ver_chain, rs_ctx );
|
---|
| 2575 |
|
---|
| 2576 | if( ret != 0 )
|
---|
| 2577 | goto exit;
|
---|
| 2578 |
|
---|
| 2579 | /* Merge end-entity flags */
|
---|
| 2580 | ver_chain.items[0].flags |= ee_flags;
|
---|
| 2581 |
|
---|
| 2582 | /* Build final flags, calling callback on the way if any */
|
---|
| 2583 | ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
|
---|
| 2584 |
|
---|
| 2585 | exit:
|
---|
| 2586 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2587 | if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
|
---|
| 2588 | mbedtls_x509_crt_restart_free( rs_ctx );
|
---|
| 2589 | #endif
|
---|
| 2590 |
|
---|
| 2591 | /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
|
---|
| 2592 | * the SSL module for authmode optional, but non-zero return from the
|
---|
| 2593 | * callback means a fatal error so it shouldn't be ignored */
|
---|
| 2594 | if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
---|
| 2595 | ret = MBEDTLS_ERR_X509_FATAL_ERROR;
|
---|
| 2596 |
|
---|
| 2597 | if( ret != 0 )
|
---|
| 2598 | {
|
---|
| 2599 | *flags = (uint32_t) -1;
|
---|
| 2600 | return( ret );
|
---|
| 2601 | }
|
---|
| 2602 |
|
---|
| 2603 | if( *flags != 0 )
|
---|
| 2604 | return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
|
---|
| 2605 |
|
---|
| 2606 | return( 0 );
|
---|
| 2607 | }
|
---|
| 2608 |
|
---|
| 2609 | /*
|
---|
| 2610 | * Initialize a certificate chain
|
---|
| 2611 | */
|
---|
| 2612 | void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
|
---|
| 2613 | {
|
---|
| 2614 | memset( crt, 0, sizeof(mbedtls_x509_crt) );
|
---|
| 2615 | }
|
---|
| 2616 |
|
---|
| 2617 | /*
|
---|
| 2618 | * Unallocate all certificate data
|
---|
| 2619 | */
|
---|
| 2620 | void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
|
---|
| 2621 | {
|
---|
| 2622 | mbedtls_x509_crt *cert_cur = crt;
|
---|
| 2623 | mbedtls_x509_crt *cert_prv;
|
---|
| 2624 | mbedtls_x509_name *name_cur;
|
---|
| 2625 | mbedtls_x509_name *name_prv;
|
---|
| 2626 | mbedtls_x509_sequence *seq_cur;
|
---|
| 2627 | mbedtls_x509_sequence *seq_prv;
|
---|
| 2628 |
|
---|
| 2629 | if( crt == NULL )
|
---|
| 2630 | return;
|
---|
| 2631 |
|
---|
| 2632 | do
|
---|
| 2633 | {
|
---|
| 2634 | mbedtls_pk_free( &cert_cur->pk );
|
---|
| 2635 |
|
---|
| 2636 | #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
---|
| 2637 | mbedtls_free( cert_cur->sig_opts );
|
---|
| 2638 | #endif
|
---|
| 2639 |
|
---|
| 2640 | name_cur = cert_cur->issuer.next;
|
---|
| 2641 | while( name_cur != NULL )
|
---|
| 2642 | {
|
---|
| 2643 | name_prv = name_cur;
|
---|
| 2644 | name_cur = name_cur->next;
|
---|
| 2645 | mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
---|
| 2646 | mbedtls_free( name_prv );
|
---|
| 2647 | }
|
---|
| 2648 |
|
---|
| 2649 | name_cur = cert_cur->subject.next;
|
---|
| 2650 | while( name_cur != NULL )
|
---|
| 2651 | {
|
---|
| 2652 | name_prv = name_cur;
|
---|
| 2653 | name_cur = name_cur->next;
|
---|
| 2654 | mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
---|
| 2655 | mbedtls_free( name_prv );
|
---|
| 2656 | }
|
---|
| 2657 |
|
---|
| 2658 | seq_cur = cert_cur->ext_key_usage.next;
|
---|
| 2659 | while( seq_cur != NULL )
|
---|
| 2660 | {
|
---|
| 2661 | seq_prv = seq_cur;
|
---|
| 2662 | seq_cur = seq_cur->next;
|
---|
| 2663 | mbedtls_platform_zeroize( seq_prv,
|
---|
| 2664 | sizeof( mbedtls_x509_sequence ) );
|
---|
| 2665 | mbedtls_free( seq_prv );
|
---|
| 2666 | }
|
---|
| 2667 |
|
---|
| 2668 | seq_cur = cert_cur->subject_alt_names.next;
|
---|
| 2669 | while( seq_cur != NULL )
|
---|
| 2670 | {
|
---|
| 2671 | seq_prv = seq_cur;
|
---|
| 2672 | seq_cur = seq_cur->next;
|
---|
| 2673 | mbedtls_platform_zeroize( seq_prv,
|
---|
| 2674 | sizeof( mbedtls_x509_sequence ) );
|
---|
| 2675 | mbedtls_free( seq_prv );
|
---|
| 2676 | }
|
---|
| 2677 |
|
---|
| 2678 | if( cert_cur->raw.p != NULL )
|
---|
| 2679 | {
|
---|
| 2680 | mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
|
---|
| 2681 | mbedtls_free( cert_cur->raw.p );
|
---|
| 2682 | }
|
---|
| 2683 |
|
---|
| 2684 | cert_cur = cert_cur->next;
|
---|
| 2685 | }
|
---|
| 2686 | while( cert_cur != NULL );
|
---|
| 2687 |
|
---|
| 2688 | cert_cur = crt;
|
---|
| 2689 | do
|
---|
| 2690 | {
|
---|
| 2691 | cert_prv = cert_cur;
|
---|
| 2692 | cert_cur = cert_cur->next;
|
---|
| 2693 |
|
---|
| 2694 | mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
|
---|
| 2695 | if( cert_prv != crt )
|
---|
| 2696 | mbedtls_free( cert_prv );
|
---|
| 2697 | }
|
---|
| 2698 | while( cert_cur != NULL );
|
---|
| 2699 | }
|
---|
| 2700 |
|
---|
| 2701 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 2702 | /*
|
---|
| 2703 | * Initialize a restart context
|
---|
| 2704 | */
|
---|
| 2705 | void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
|
---|
| 2706 | {
|
---|
| 2707 | mbedtls_pk_restart_init( &ctx->pk );
|
---|
| 2708 |
|
---|
| 2709 | ctx->parent = NULL;
|
---|
| 2710 | ctx->fallback_parent = NULL;
|
---|
| 2711 | ctx->fallback_signature_is_good = 0;
|
---|
| 2712 |
|
---|
| 2713 | ctx->parent_is_trusted = -1;
|
---|
| 2714 |
|
---|
| 2715 | ctx->in_progress = x509_crt_rs_none;
|
---|
| 2716 | ctx->self_cnt = 0;
|
---|
| 2717 | x509_crt_verify_chain_reset( &ctx->ver_chain );
|
---|
| 2718 | }
|
---|
| 2719 |
|
---|
| 2720 | /*
|
---|
| 2721 | * Free the components of a restart context
|
---|
| 2722 | */
|
---|
| 2723 | void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx )
|
---|
| 2724 | {
|
---|
| 2725 | if( ctx == NULL )
|
---|
| 2726 | return;
|
---|
| 2727 |
|
---|
| 2728 | mbedtls_pk_restart_free( &ctx->pk );
|
---|
| 2729 | mbedtls_x509_crt_restart_init( ctx );
|
---|
| 2730 | }
|
---|
| 2731 | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
---|
| 2732 |
|
---|
| 2733 | #endif /* MBEDTLS_X509_CRT_PARSE_C */
|
---|