1 /*
2 * Copyright (c) 2007-2017, Cameron Rich
3 *
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 /**
32 * @file x509.c
33 *
34 * Certificate processing.
35 */
36
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 #include <time.h>
41 #include "os_port.h"
42 #include "crypto_misc.h"
43
44 #ifdef CONFIG_SSL_CERT_VERIFICATION
45 static int x509_v3_subject_alt_name(const uint8_t *cert, int offset,
46 X509_CTX *x509_ctx);
47 static int x509_v3_basic_constraints(const uint8_t *cert, int offset,
48 X509_CTX *x509_ctx);
49 static int x509_v3_key_usage(const uint8_t *cert, int offset,
50 X509_CTX *x509_ctx);
51 #endif
52
53 /**
54 * Construct a new x509 object.
55 * @return 0 if ok. < 0 if there was a problem.
56 */
x509_new(const uint8_t * cert,int * len,X509_CTX ** ctx)57 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
58 {
59 int begin_tbs, end_tbs;
60 int ret = X509_NOT_OK, offset = 0, cert_size = 0;
61 int version = 0;
62 X509_CTX *x509_ctx;
63 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
64 BI_CTX *bi_ctx;
65 #endif
66
67 *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
68 x509_ctx = *ctx;
69
70 /* get the certificate size */
71 asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE);
72
73 if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
74 goto end_cert;
75
76 begin_tbs = offset; /* start of the tbs */
77 end_tbs = begin_tbs; /* work out the end of the tbs */
78 asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
79
80 if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
81 goto end_cert;
82
83 /* optional version */
84 if (cert[offset] == ASN1_EXPLICIT_TAG &&
85 asn1_version(cert, &offset, &version) == X509_NOT_OK)
86 goto end_cert;
87
88 if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */
89 asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
90 goto end_cert;
91
92 /* make sure the signature is ok */
93 if (asn1_signature_type(cert, &offset, x509_ctx))
94 {
95 ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
96 goto end_cert;
97 }
98
99 if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) ||
100 asn1_validity(cert, &offset, x509_ctx) ||
101 asn1_name(cert, &offset, x509_ctx->cert_dn) ||
102 asn1_public_key(cert, &offset, x509_ctx))
103 {
104 goto end_cert;
105 }
106
107 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
108 bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
109
110 /* use the appropriate signature algorithm */
111 switch (x509_ctx->sig_type)
112 {
113 case SIG_TYPE_MD5:
114 {
115 MD5_CTX md5_ctx;
116 uint8_t md5_dgst[MD5_SIZE];
117 MD5_Init(&md5_ctx);
118 MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
119 MD5_Final(md5_dgst, &md5_ctx);
120 x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
121 }
122 break;
123
124 case SIG_TYPE_SHA1:
125 {
126 SHA1_CTX sha_ctx;
127 uint8_t sha_dgst[SHA1_SIZE];
128 SHA1_Init(&sha_ctx);
129 SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
130 SHA1_Final(sha_dgst, &sha_ctx);
131 x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
132 }
133 break;
134
135 case SIG_TYPE_SHA256:
136 {
137 SHA256_CTX sha256_ctx;
138 uint8_t sha256_dgst[SHA256_SIZE];
139 SHA256_Init(&sha256_ctx);
140 SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
141 SHA256_Final(sha256_dgst, &sha256_ctx);
142 x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
143 }
144 break;
145
146 case SIG_TYPE_SHA384:
147 {
148 SHA384_CTX sha384_ctx;
149 uint8_t sha384_dgst[SHA384_SIZE];
150 SHA384_Init(&sha384_ctx);
151 SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
152 SHA384_Final(sha384_dgst, &sha384_ctx);
153 x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE);
154 }
155 break;
156
157 case SIG_TYPE_SHA512:
158 {
159 SHA512_CTX sha512_ctx;
160 uint8_t sha512_dgst[SHA512_SIZE];
161 SHA512_Init(&sha512_ctx);
162 SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
163 SHA512_Final(sha512_dgst, &sha512_ctx);
164 x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE);
165 }
166 break;
167 }
168
169 if (version == 2 && asn1_next_obj(cert, &offset, ASN1_V3_DATA) > 0)
170 {
171 x509_v3_subject_alt_name(cert, offset, x509_ctx);
172 x509_v3_basic_constraints(cert, offset, x509_ctx);
173 x509_v3_key_usage(cert, offset, x509_ctx);
174 }
175
176 offset = end_tbs; /* skip the rest of v3 data */
177 if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
178 asn1_signature(cert, &offset, x509_ctx))
179 goto end_cert;
180 #endif
181 ret = X509_OK;
182 end_cert:
183 if (len)
184 {
185 *len = cert_size;
186 }
187
188 if (ret)
189 {
190 #ifdef CONFIG_SSL_FULL_MODE
191 printf("Error: Invalid X509 ASN.1 file (%s)\n",
192 x509_display_error(ret));
193 #endif
194 x509_free(x509_ctx);
195 *ctx = NULL;
196 }
197
198 return ret;
199 }
200
201 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
x509_v3_subject_alt_name(const uint8_t * cert,int offset,X509_CTX * x509_ctx)202 static int x509_v3_subject_alt_name(const uint8_t *cert, int offset,
203 X509_CTX *x509_ctx)
204 {
205 if ((offset = asn1_is_subject_alt_name(cert, offset)) > 0)
206 {
207 x509_ctx->subject_alt_name_present = true;
208 x509_ctx->subject_alt_name_is_critical =
209 asn1_is_critical_ext(cert, &offset);
210
211 if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) > 0)
212 {
213 int altlen;
214
215 if ((altlen = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) > 0)
216 {
217 int endalt = offset + altlen;
218 int totalnames = 0;
219
220 while (offset < endalt)
221 {
222 int type = cert[offset++];
223 int dnslen = get_asn1_length(cert, &offset);
224
225 if (type == ASN1_CONTEXT_DNSNAME)
226 {
227 /* sanity check the hostname due to
228 https://tools.cisco.com/security/center/viewAlert.x?alertId=18852
229 */
230 if (strnlen((const char *)&cert[offset], dnslen) !=
231 dnslen)
232 {
233 return X509_VFY_ERROR_NO_TRUSTED_CERT;
234 }
235
236 x509_ctx->subject_alt_dnsnames = (char**)
237 realloc(x509_ctx->subject_alt_dnsnames,
238 (totalnames + 2) * sizeof(char*));
239 x509_ctx->subject_alt_dnsnames[totalnames] =
240 (char*)malloc(dnslen + 1);
241 x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
242 memcpy(x509_ctx->subject_alt_dnsnames[totalnames],
243 cert + offset, dnslen);
244 x509_ctx->subject_alt_dnsnames[totalnames][dnslen] = 0;
245 totalnames++;
246 }
247
248 offset += dnslen;
249 }
250 }
251 }
252 }
253
254 return X509_OK;
255 }
256
257 /**
258 * Basic constraints - see https://tools.ietf.org/html/rfc5280#page-39
259 */
x509_v3_basic_constraints(const uint8_t * cert,int offset,X509_CTX * x509_ctx)260 static int x509_v3_basic_constraints(const uint8_t *cert, int offset,
261 X509_CTX *x509_ctx)
262 {
263 int ret = X509_OK;
264 int lenSeq = 0;
265
266 if ((offset = asn1_is_basic_constraints(cert, offset)) == 0)
267 goto end_contraints;
268
269 x509_ctx->basic_constraint_present = true;
270 x509_ctx->basic_constraint_is_critical =
271 asn1_is_critical_ext(cert, &offset);
272
273 /* Assign Defaults in case not specified
274 basic_constraint_cA will already by zero by virtue of the calloc */
275 x509_ctx->basic_constraint_cA = 0;
276 /* basic_constraint_pathLenConstraint is unlimited by default.
277 10000 is just a large number (limits.h is not already included) */
278 x509_ctx->basic_constraint_pathLenConstraint = 10000;
279
280 if ((asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0) ||
281 ((lenSeq = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) < 0))
282 {
283 ret = X509_NOT_OK;
284 }
285
286 /* If the Sequence Length is greater than zero,
287 continue with the basic_constraint_cA */
288 if ((lenSeq>0)&&(asn1_get_bool(cert, &offset,
289 &x509_ctx->basic_constraint_cA) < 0))
290 {
291 ret = X509_NOT_OK;
292 }
293
294 /* If the Sequence Length is greater than 3, it has more content than
295 the basic_constraint_cA bool, so grab the pathLenConstraint */
296 if ((lenSeq>3) && (asn1_get_int(cert, &offset,
297 &x509_ctx->basic_constraint_pathLenConstraint) < 0))
298 {
299 ret = X509_NOT_OK;
300 }
301
302 end_contraints:
303 return ret;
304 }
305
306 /*
307 * Key usage - see https://tools.ietf.org/html/rfc5280#section-4.2.1.3
308 */
x509_v3_key_usage(const uint8_t * cert,int offset,X509_CTX * x509_ctx)309 static int x509_v3_key_usage(const uint8_t *cert, int offset,
310 X509_CTX *x509_ctx)
311 {
312 int ret = X509_OK;
313
314 if ((offset = asn1_is_key_usage(cert, offset)) == 0)
315 goto end_key_usage;
316
317 x509_ctx->key_usage_present = true;
318 x509_ctx->key_usage_is_critical = asn1_is_critical_ext(cert, &offset);
319
320 if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
321 asn1_get_bit_string_as_int(cert, &offset, &x509_ctx->key_usage))
322 {
323 ret = X509_NOT_OK;
324 }
325
326 end_key_usage:
327 return ret;
328 }
329 #endif
330
331 /**
332 * Free an X.509 object's resources.
333 */
x509_free(X509_CTX * x509_ctx)334 void x509_free(X509_CTX *x509_ctx)
335 {
336 X509_CTX *next;
337 int i;
338
339 if (x509_ctx == NULL) /* if already null, then don't bother */
340 return;
341
342 for (i = 0; i < X509_NUM_DN_TYPES; i++)
343 {
344 free(x509_ctx->ca_cert_dn[i]);
345 free(x509_ctx->cert_dn[i]);
346 }
347
348 free(x509_ctx->signature);
349
350 #ifdef CONFIG_SSL_CERT_VERIFICATION
351 if (x509_ctx->digest)
352 {
353 bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
354 }
355
356 if (x509_ctx->subject_alt_dnsnames)
357 {
358 for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)
359 free(x509_ctx->subject_alt_dnsnames[i]);
360
361 free(x509_ctx->subject_alt_dnsnames);
362 }
363 #endif
364
365 RSA_free(x509_ctx->rsa_ctx);
366 next = x509_ctx->next;
367 free(x509_ctx);
368 x509_free(next); /* clear the chain */
369 }
370
371 #ifdef CONFIG_SSL_CERT_VERIFICATION
372
373 static const uint8_t sig_prefix_md5[] = {0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10};
374 static const uint8_t sig_prefix_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14};
375 static const uint8_t sig_prefix_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
376 static const uint8_t sig_prefix_sha384[] = {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30};
377 static const uint8_t sig_prefix_sha512[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40};
378
379 /**
380 * Take a signature and decrypt it.
381 */
sig_verify(BI_CTX * ctx,const uint8_t * sig,int sig_len,uint8_t sig_type,bigint * modulus,bigint * pub_exp)382 static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
383 uint8_t sig_type, bigint *modulus, bigint *pub_exp)
384 {
385 int i;
386 bigint *decrypted_bi, *dat_bi;
387 bigint *bir = NULL;
388 uint8_t *block = (uint8_t *)alloca(sig_len);
389
390 const uint8_t *sig_prefix = NULL;
391 uint8_t sig_prefix_size = 0, hash_len = 0;
392 /* adjust our expections */
393 switch (sig_type)
394 {
395 case SIG_TYPE_MD5:
396 sig_prefix = sig_prefix_md5;
397 sig_prefix_size = sizeof(sig_prefix_md5);
398 break;
399 case SIG_TYPE_SHA1:
400 sig_prefix = sig_prefix_sha1;
401 sig_prefix_size = sizeof(sig_prefix_sha1);
402 break;
403 case SIG_TYPE_SHA256:
404 sig_prefix = sig_prefix_sha256;
405 sig_prefix_size = sizeof(sig_prefix_sha256);
406 break;
407 case SIG_TYPE_SHA384:
408 sig_prefix = sig_prefix_sha384;
409 sig_prefix_size = sizeof(sig_prefix_sha384);
410 break;
411 case SIG_TYPE_SHA512:
412 sig_prefix = sig_prefix_sha512;
413 sig_prefix_size = sizeof(sig_prefix_sha512);
414 break;
415 }
416
417 if (sig_prefix)
418 hash_len = sig_prefix[sig_prefix_size - 1];
419
420 /* check length (#A) */
421 if (sig_len < 2 + 8 + 1 + sig_prefix_size + hash_len)
422 goto err;
423
424 /* decrypt */
425 dat_bi = bi_import(ctx, sig, sig_len);
426 ctx->mod_offset = BIGINT_M_OFFSET;
427
428 /* convert to a normal block */
429 decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
430
431 bi_export(ctx, decrypted_bi, block, sig_len);
432 ctx->mod_offset = BIGINT_M_OFFSET;
433
434 /* check the first 2 bytes */
435 if (block[0] != 0 || block[1] != 1)
436 goto err;
437
438 /* check the padding */
439 i = 2; /* start at the first padding byte */
440 while (i < sig_len - 1 - sig_prefix_size - hash_len)
441 { /* together with (#A), we require at least 8 bytes of padding */
442 if (block[i++] != 0xFF)
443 goto err;
444 }
445
446 /* check end of padding */
447 if (block[i++] != 0)
448 goto err;
449
450 /* check the ASN.1 metadata */
451 if (memcmp(block+i, sig_prefix, sig_prefix_size))
452 goto err;
453
454 /* now we can get the hash we need */
455 bir = bi_import(ctx, block + i + sig_prefix_size, hash_len);
456
457 err:
458 /* save a few bytes of memory */
459 bi_clear_cache(ctx);
460 return bir;
461 }
462
463 /**
464 * Do some basic checks on the certificate chain.
465 *
466 * Certificate verification consists of a number of checks:
467 * - The date of the certificate is after the start date.
468 * - The date of the certificate is before the finish date.
469 * - A root certificate exists in the certificate store.
470 * - That the certificate(s) are not self-signed.
471 * - The certificate chain is valid.
472 * - The signature of the certificate is valid.
473 * - Basic constraints
474 */
x509_verify(const CA_CERT_CTX * ca_cert_ctx,const X509_CTX * cert,int * pathLenConstraint)475 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
476 int *pathLenConstraint)
477 {
478 int ret = X509_OK, i = 0;
479 bigint *cert_sig;
480 X509_CTX *next_cert = NULL;
481 BI_CTX *ctx = NULL;
482 bigint *mod = NULL, *expn = NULL;
483 int match_ca_cert = 0;
484 struct timeval tv;
485 uint8_t is_self_signed = 0;
486
487 if (cert == NULL)
488 {
489 ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
490 goto end_verify;
491 }
492
493 /* a self-signed certificate that is not in the CA store - use this
494 to check the signature */
495 if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
496 {
497 is_self_signed = 1;
498 ctx = cert->rsa_ctx->bi_ctx;
499 mod = cert->rsa_ctx->m;
500 expn = cert->rsa_ctx->e;
501 }
502
503 gettimeofday(&tv, NULL);
504
505 /* check the not before date */
506 if (tv.tv_sec < cert->not_before)
507 {
508 ret = X509_VFY_ERROR_NOT_YET_VALID;
509 goto end_verify;
510 }
511
512 /* check the not after date */
513 if (tv.tv_sec > cert->not_after)
514 {
515 ret = X509_VFY_ERROR_EXPIRED;
516 goto end_verify;
517 }
518
519 if (cert->basic_constraint_present)
520 {
521 /* If the cA boolean is not asserted,
522 then the keyCertSign bit in the key usage extension MUST NOT be
523 asserted. */
524 if (!cert->basic_constraint_cA &&
525 IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
526 {
527 ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
528 goto end_verify;
529 }
530
531 /* The pathLenConstraint field is meaningful only if the cA boolean is
532 asserted and the key usage extension, if present, asserts the
533 keyCertSign bit. In this case, it gives the maximum number of
534 non-self-issued intermediate certificates that may follow this
535 certificate in a valid certification path. */
536 if (cert->basic_constraint_cA &&
537 (!cert->key_usage_present ||
538 IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) &&
539 (cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint)
540 {
541 ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
542 goto end_verify;
543 }
544 }
545
546 next_cert = cert->next;
547
548 /* last cert in the chain - look for a trusted cert */
549 if (next_cert == NULL)
550 {
551 if (ca_cert_ctx != NULL)
552 {
553 /* go thru the CA store */
554 while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
555 {
556 /* the extension is present but the cA boolean is not
557 asserted, then the certified public key MUST NOT be used
558 to verify certificate signatures. */
559 if (cert->basic_constraint_present &&
560 !ca_cert_ctx->cert[i]->basic_constraint_cA)
561 {
562 i++;
563 continue;
564 }
565
566 if (asn1_compare_dn(cert->ca_cert_dn,
567 ca_cert_ctx->cert[i]->cert_dn) == 0)
568 {
569 /* use this CA certificate for signature verification */
570 match_ca_cert = true;
571 ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
572 mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
573 expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
574
575
576 break;
577 }
578
579 i++;
580 }
581 }
582
583 /* couldn't find a trusted cert (& let self-signed errors
584 be returned) */
585 if (!match_ca_cert && !is_self_signed)
586 {
587 ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
588 goto end_verify;
589 }
590 }
591 else if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
592 {
593 /* check the chain */
594 ret = X509_VFY_ERROR_INVALID_CHAIN;
595 goto end_verify;
596 }
597 else /* use the next certificate in the chain for signature verify */
598 {
599 ctx = next_cert->rsa_ctx->bi_ctx;
600 mod = next_cert->rsa_ctx->m;
601 expn = next_cert->rsa_ctx->e;
602 }
603
604 /* cert is self signed */
605 if (!match_ca_cert && is_self_signed)
606 {
607 ret = X509_VFY_ERROR_SELF_SIGNED;
608 goto end_verify;
609 }
610
611 /* check the signature */
612 cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, cert->sig_type,
613 bi_clone(ctx, mod), bi_clone(ctx, expn));
614
615 if (cert_sig && cert->digest)
616 {
617 if (bi_compare(cert_sig, cert->digest) != 0)
618 ret = X509_VFY_ERROR_BAD_SIGNATURE;
619
620
621 bi_free(ctx, cert_sig);
622 }
623 else
624 {
625 ret = X509_VFY_ERROR_BAD_SIGNATURE;
626 }
627
628 if (ret)
629 goto end_verify;
630
631 /* go down the certificate chain using recursion. */
632 if (next_cert != NULL)
633 {
634 (*pathLenConstraint)++; /* don't include last certificate */
635 ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint);
636 }
637
638 end_verify:
639 return ret;
640 }
641 #endif
642
643 #if defined (CONFIG_SSL_FULL_MODE)
644 /**
645 * Used for diagnostics.
646 */
647 static const char *not_part_of_cert = "<Not Part Of Certificate>";
x509_print(const X509_CTX * cert,CA_CERT_CTX * ca_cert_ctx)648 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
649 {
650 if (cert == NULL)
651 return;
652
653 printf("=== CERTIFICATE ISSUED TO ===\n");
654 printf("Common Name (CN):\t\t");
655 printf("%s\n", cert->cert_dn[X509_COMMON_NAME] ?
656 cert->cert_dn[X509_COMMON_NAME] : not_part_of_cert);
657
658 printf("Organization (O):\t\t");
659 printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
660 cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
661
662 if (cert->cert_dn[X509_ORGANIZATIONAL_UNIT])
663 {
664 printf("Organizational Unit (OU):\t");
665 printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT]);
666 }
667
668 if (cert->cert_dn[X509_LOCATION])
669 {
670 printf("Location (L):\t\t\t");
671 printf("%s\n", cert->cert_dn[X509_LOCATION]);
672 }
673
674 if (cert->cert_dn[X509_COUNTRY])
675 {
676 printf("Country (C):\t\t\t");
677 printf("%s\n", cert->cert_dn[X509_COUNTRY]);
678 }
679
680 if (cert->cert_dn[X509_STATE])
681 {
682 printf("State (ST):\t\t\t");
683 printf("%s\n", cert->cert_dn[X509_STATE]);
684 }
685
686 if (cert->basic_constraint_present)
687 {
688 printf("Basic Constraints:\t\t%sCA:%s, pathlen:%d\n",
689 cert->basic_constraint_is_critical ?
690 "critical, " : "",
691 cert->basic_constraint_cA? "TRUE" : "FALSE",
692 cert->basic_constraint_pathLenConstraint);
693 }
694
695 if (cert->key_usage_present)
696 {
697 printf("Key Usage:\t\t\t%s", cert->key_usage_is_critical ?
698 "critical, " : "");
699 bool has_started = false;
700
701 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DIGITAL_SIGNATURE))
702 {
703 printf("Digital Signature");
704 has_started = true;
705 }
706
707 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_NON_REPUDIATION))
708 {
709 if (has_started)
710 printf(", ");
711
712 printf("Non Repudiation");
713 has_started = true;
714 }
715
716 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_ENCIPHERMENT))
717 {
718 if (has_started)
719 printf(", ");
720
721 printf("Key Encipherment");
722 has_started = true;
723 }
724
725 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DATA_ENCIPHERMENT))
726 {
727 if (has_started)
728 printf(", ");
729
730 printf("Data Encipherment");
731 has_started = true;
732 }
733
734 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_AGREEMENT))
735 {
736 if (has_started)
737 printf(", ");
738
739 printf("Key Agreement");
740 has_started = true;
741 }
742
743 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
744 {
745 if (has_started)
746 printf(", ");
747
748 printf("Key Cert Sign");
749 has_started = true;
750 }
751
752 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_CRL_SIGN))
753 {
754 if (has_started)
755 printf(", ");
756
757 printf("CRL Sign");
758 has_started = true;
759 }
760
761 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_ENCIPHER_ONLY))
762 {
763 if (has_started)
764 printf(", ");
765
766 printf("Encipher Only");
767 has_started = true;
768 }
769
770 if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DECIPHER_ONLY))
771 {
772 if (has_started)
773 printf(", ");
774
775 printf("Decipher Only");
776 has_started = true;
777 }
778
779 printf("\n");
780 }
781
782 if (cert->subject_alt_name_present)
783 {
784 printf("Subject Alt Name:\t\t%s", cert->subject_alt_name_is_critical
785 ? "critical, " : "");
786 if (cert->subject_alt_dnsnames)
787 {
788 int i = 0;
789
790 while (cert->subject_alt_dnsnames[i])
791 printf("%s ", cert->subject_alt_dnsnames[i++]);
792 }
793 printf("\n");
794
795 }
796
797 printf("=== CERTIFICATE ISSUED BY ===\n");
798 printf("Common Name (CN):\t\t");
799 printf("%s\n", cert->ca_cert_dn[X509_COMMON_NAME] ?
800 cert->ca_cert_dn[X509_COMMON_NAME] : not_part_of_cert);
801
802 printf("Organization (O):\t\t");
803 printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
804 cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
805
806 if (cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT])
807 {
808 printf("Organizational Unit (OU):\t");
809 printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]);
810 }
811
812 if (cert->ca_cert_dn[X509_LOCATION])
813 {
814 printf("Location (L):\t\t\t");
815 printf("%s\n", cert->ca_cert_dn[X509_LOCATION]);
816 }
817
818 if (cert->ca_cert_dn[X509_COUNTRY])
819 {
820 printf("Country (C):\t\t\t");
821 printf("%s\n", cert->ca_cert_dn[X509_COUNTRY]);
822 }
823
824 if (cert->ca_cert_dn[X509_STATE])
825 {
826 printf("State (ST):\t\t\t");
827 printf("%s\n", cert->ca_cert_dn[X509_STATE]);
828 }
829
830 printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
831 printf("Not After:\t\t\t%s", ctime(&cert->not_after));
832 printf("RSA bitsize:\t\t\t%d\n", cert->rsa_ctx->num_octets*8);
833 printf("Sig Type:\t\t\t");
834 switch (cert->sig_type)
835 {
836 case SIG_TYPE_MD5:
837 printf("MD5\n");
838 break;
839 case SIG_TYPE_SHA1:
840 printf("SHA1\n");
841 break;
842 case SIG_TYPE_SHA256:
843 printf("SHA256\n");
844 break;
845 case SIG_TYPE_SHA384:
846 printf("SHA384\n");
847 break;
848 case SIG_TYPE_SHA512:
849 printf("SHA512\n");
850 break;
851 default:
852 printf("Unrecognized: %d\n", cert->sig_type);
853 break;
854 }
855
856 if (ca_cert_ctx)
857 {
858 int pathLenConstraint = 0;
859 printf("Verify:\t\t\t\t%s\n",
860 x509_display_error(x509_verify(ca_cert_ctx, cert,
861 &pathLenConstraint)));
862 }
863
864 #if 0
865 print_blob("Signature", cert->signature, cert->sig_len);
866 bi_print("Modulus", cert->rsa_ctx->m);
867 bi_print("Pub Exp", cert->rsa_ctx->e);
868 #endif
869
870 if (ca_cert_ctx)
871 {
872 x509_print(cert->next, ca_cert_ctx);
873 }
874
875 TTY_FLUSH();
876 }
877 #endif
878
x509_display_error(int error)879 const char * x509_display_error(int error)
880 {
881 switch (error)
882 {
883 case X509_OK:
884 return "Certificate verify successful";
885
886 case X509_NOT_OK:
887 return "X509 not ok";
888
889 case X509_VFY_ERROR_NO_TRUSTED_CERT:
890 return "No trusted cert is available";
891
892 case X509_VFY_ERROR_BAD_SIGNATURE:
893 return "Bad signature";
894
895 case X509_VFY_ERROR_NOT_YET_VALID:
896 return "Cert is not yet valid";
897
898 case X509_VFY_ERROR_EXPIRED:
899 return "Cert has expired";
900
901 case X509_VFY_ERROR_SELF_SIGNED:
902 return "Cert is self-signed";
903
904 case X509_VFY_ERROR_INVALID_CHAIN:
905 return "Chain is invalid (check order of certs)";
906
907 case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
908 return "Unsupported digest";
909
910 case X509_INVALID_PRIV_KEY:
911 return "Invalid private key";
912
913 case X509_VFY_ERROR_BASIC_CONSTRAINT:
914 return "Basic constraint invalid";
915
916 default:
917 return "Unknown";
918 }
919 }
920 //#endif /* CONFIG_SSL_FULL_MODE */
921
922