1 /* 2 * X.509 certificate parsing and verification 3 * 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 5 * SPDX-License-Identifier: GPL-2.0 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, write to the Free Software Foundation, Inc., 19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * This file is part of mbed TLS (https://tls.mbed.org) 22 */ 23 /* 24 * The ITU-T X.509 standard defines a certificate format for PKI. 25 * 26 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) 27 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) 28 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) 29 * 30 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 31 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 32 */ 33 34 #if !defined(MBEDTLS_CONFIG_FILE) 35 #include "mbedtls/config.h" 36 #else 37 #include MBEDTLS_CONFIG_FILE 38 #endif 39 40 #if defined(MBEDTLS_X509_CRT_PARSE_C) 41 42 #include "mbedtls/x509_crt.h" 43 #include "mbedtls/oid.h" 44 45 #include <string.h> 46 47 #if defined(MBEDTLS_PEM_PARSE_C) 48 #include "mbedtls/pem.h" 49 #endif 50 51 #if defined(MBEDTLS_PLATFORM_C) 52 #include "mbedtls/platform.h" 53 #else 54 #include <stdio.h> 55 #include <stdlib.h> 56 #define mbedtls_free free 57 #define mbedtls_calloc calloc 58 #define mbedtls_snprintf snprintf 59 #endif 60 61 #if defined(MBEDTLS_THREADING_C) 62 #include "mbedtls/threading.h" 63 #endif 64 65 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 66 #include <windows.h> 67 #else 68 #include <time.h> 69 #endif 70 71 #if defined(MBEDTLS_FS_IO) 72 #include <stdio.h> 73 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) 74 #include <sys/types.h> 75 #include <sys/stat.h> 76 #include <dirent.h> 77 #endif /* !_WIN32 || EFIX64 || EFI32 */ 78 #endif 79 80 /* Implementation that should never be optimized out by the compiler */ 81 static void mbedtls_zeroize( void *v, size_t n ) { 82 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 83 } 84 85 /* 86 * Default profile 87 */ 88 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = 89 { 90 #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) 91 /* Allow SHA-1 (weak, but still safe in controlled environments) */ 92 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | 93 #endif 94 /* Only SHA-2 hashes */ 95 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | 96 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 97 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 98 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 99 0xFFFFFFF, /* Any PK alg */ 100 0xFFFFFFF, /* Any curve */ 101 2048, 102 }; 103 104 /* 105 * Next-default profile 106 */ 107 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = 108 { 109 /* Hashes from SHA-256 and above */ 110 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 111 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 112 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 113 0xFFFFFFF, /* Any PK alg */ 114 #if defined(MBEDTLS_ECP_C) 115 /* Curves at or above 128-bit security level */ 116 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | 117 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) | 118 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) | 119 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) | 120 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) | 121 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) | 122 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ), 123 #else 124 0, 125 #endif 126 2048, 127 }; 128 129 /* 130 * NSA Suite B Profile 131 */ 132 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = 133 { 134 /* Only SHA-256 and 384 */ 135 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 136 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), 137 /* Only ECDSA */ 138 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | 139 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), 140 #if defined(MBEDTLS_ECP_C) 141 /* Only NIST P-256 and P-384 */ 142 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | 143 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ), 144 #else 145 0, 146 #endif 147 0, 148 }; 149 150 /* 151 * Check md_alg against profile 152 * Return 0 if md_alg acceptable for this profile, -1 otherwise 153 */ 154 static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, 155 mbedtls_md_type_t md_alg ) 156 { 157 if( md_alg == MBEDTLS_MD_NONE ) 158 return( -1 ); 159 160 if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) 161 return( 0 ); 162 163 return( -1 ); 164 } 165 166 /* 167 * Check pk_alg against profile 168 * Return 0 if pk_alg acceptable for this profile, -1 otherwise 169 */ 170 static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, 171 mbedtls_pk_type_t pk_alg ) 172 { 173 if( pk_alg == MBEDTLS_PK_NONE ) 174 return( -1 ); 175 176 if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) 177 return( 0 ); 178 179 return( -1 ); 180 } 181 182 /* 183 * Check key against profile 184 * Return 0 if pk_alg acceptable for this profile, -1 otherwise 185 */ 186 static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, 187 mbedtls_pk_type_t pk_alg, 188 const mbedtls_pk_context *pk ) 189 { 190 #if defined(MBEDTLS_RSA_C) 191 if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) 192 { 193 if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) 194 return( 0 ); 195 196 return( -1 ); 197 } 198 #endif 199 200 #if defined(MBEDTLS_ECP_C) 201 if( pk_alg == MBEDTLS_PK_ECDSA || 202 pk_alg == MBEDTLS_PK_ECKEY || 203 pk_alg == MBEDTLS_PK_ECKEY_DH ) 204 { 205 mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; 206 207 if( gid == MBEDTLS_ECP_DP_NONE ) 208 return( -1 ); 209 210 if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) 211 return( 0 ); 212 213 return( -1 ); 214 } 215 #endif 216 217 return( -1 ); 218 } 219 220 /* 221 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 222 */ 223 static int x509_get_version( unsigned char **p, 224 const unsigned char *end, 225 int *ver ) 226 { 227 int ret; 228 size_t len; 229 230 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 231 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 ) 232 { 233 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 234 { 235 *ver = 0; 236 return( 0 ); 237 } 238 239 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 240 } 241 242 end = *p + len; 243 244 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) 245 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); 246 247 if( *p != end ) 248 return( MBEDTLS_ERR_X509_INVALID_VERSION + 249 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 250 251 return( 0 ); 252 } 253 254 /* 255 * Validity ::= SEQUENCE { 256 * notBefore Time, 257 * notAfter Time } 258 */ 259 static int x509_get_dates( unsigned char **p, 260 const unsigned char *end, 261 mbedtls_x509_time *from, 262 mbedtls_x509_time *to ) 263 { 264 int ret; 265 size_t len; 266 267 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 268 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 269 return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); 270 271 end = *p + len; 272 273 if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 ) 274 return( ret ); 275 276 if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 ) 277 return( ret ); 278 279 if( *p != end ) 280 return( MBEDTLS_ERR_X509_INVALID_DATE + 281 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 282 283 return( 0 ); 284 } 285 286 /* 287 * X.509 v2/v3 unique identifier (not parsed) 288 */ 289 static int x509_get_uid( unsigned char **p, 290 const unsigned char *end, 291 mbedtls_x509_buf *uid, int n ) 292 { 293 int ret; 294 295 if( *p == end ) 296 return( 0 ); 297 298 uid->tag = **p; 299 300 if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len, 301 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 ) 302 { 303 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 304 return( 0 ); 305 306 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 307 } 308 309 uid->p = *p; 310 *p += uid->len; 311 312 return( 0 ); 313 } 314 315 static int x509_get_basic_constraints( unsigned char **p, 316 const unsigned char *end, 317 int *ca_istrue, 318 int *max_pathlen ) 319 { 320 int ret; 321 size_t len; 322 323 /* 324 * BasicConstraints ::= SEQUENCE { 325 * cA BOOLEAN DEFAULT FALSE, 326 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 327 */ 328 *ca_istrue = 0; /* DEFAULT FALSE */ 329 *max_pathlen = 0; /* endless */ 330 331 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 332 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 333 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 334 335 if( *p == end ) 336 return( 0 ); 337 338 if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 ) 339 { 340 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 341 ret = mbedtls_asn1_get_int( p, end, ca_istrue ); 342 343 if( ret != 0 ) 344 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 345 346 if( *ca_istrue != 0 ) 347 *ca_istrue = 1; 348 } 349 350 if( *p == end ) 351 return( 0 ); 352 353 if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) 354 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 355 356 if( *p != end ) 357 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 358 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 359 360 (*max_pathlen)++; 361 362 return( 0 ); 363 } 364 365 static int x509_get_ns_cert_type( unsigned char **p, 366 const unsigned char *end, 367 unsigned char *ns_cert_type) 368 { 369 int ret; 370 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 371 372 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) 373 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 374 375 if( bs.len != 1 ) 376 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 377 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 378 379 /* Get actual bitstring */ 380 *ns_cert_type = *bs.p; 381 return( 0 ); 382 } 383 384 static int x509_get_key_usage( unsigned char **p, 385 const unsigned char *end, 386 unsigned int *key_usage) 387 { 388 int ret; 389 size_t i; 390 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 391 392 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) 393 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 394 395 if( bs.len < 1 ) 396 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 397 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 398 399 /* Get actual bitstring */ 400 *key_usage = 0; 401 for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) 402 { 403 *key_usage |= (unsigned int) bs.p[i] << (8*i); 404 } 405 406 return( 0 ); 407 } 408 409 /* 410 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 411 * 412 * KeyPurposeId ::= OBJECT IDENTIFIER 413 */ 414 static int x509_get_ext_key_usage( unsigned char **p, 415 const unsigned char *end, 416 mbedtls_x509_sequence *ext_key_usage) 417 { 418 int ret; 419 420 if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) 421 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 422 423 /* Sequence length must be >= 1 */ 424 if( ext_key_usage->buf.p == NULL ) 425 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 426 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 427 428 return( 0 ); 429 } 430 431 /* 432 * SubjectAltName ::= GeneralNames 433 * 434 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 435 * 436 * GeneralName ::= CHOICE { 437 * otherName [0] OtherName, 438 * rfc822Name [1] IA5String, 439 * dNSName [2] IA5String, 440 * x400Address [3] ORAddress, 441 * directoryName [4] Name, 442 * ediPartyName [5] EDIPartyName, 443 * uniformResourceIdentifier [6] IA5String, 444 * iPAddress [7] OCTET STRING, 445 * registeredID [8] OBJECT IDENTIFIER } 446 * 447 * OtherName ::= SEQUENCE { 448 * type-id OBJECT IDENTIFIER, 449 * value [0] EXPLICIT ANY DEFINED BY type-id } 450 * 451 * EDIPartyName ::= SEQUENCE { 452 * nameAssigner [0] DirectoryString OPTIONAL, 453 * partyName [1] DirectoryString } 454 * 455 * NOTE: we only parse and use dNSName at this point. 456 */ 457 static int x509_get_subject_alt_name( unsigned char **p, 458 const unsigned char *end, 459 mbedtls_x509_sequence *subject_alt_name ) 460 { 461 int ret; 462 size_t len, tag_len; 463 mbedtls_asn1_buf *buf; 464 unsigned char tag; 465 mbedtls_asn1_sequence *cur = subject_alt_name; 466 467 /* Get main sequence tag */ 468 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 469 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 470 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 471 472 if( *p + len != end ) 473 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 474 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 475 476 while( *p < end ) 477 { 478 if( ( end - *p ) < 1 ) 479 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 480 MBEDTLS_ERR_ASN1_OUT_OF_DATA ); 481 482 tag = **p; 483 (*p)++; 484 if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) 485 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 486 487 if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != 488 MBEDTLS_ASN1_CONTEXT_SPECIFIC ) 489 { 490 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 491 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 492 } 493 494 /* Skip everything but DNS name */ 495 if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) ) 496 { 497 *p += tag_len; 498 continue; 499 } 500 501 /* Allocate and assign next pointer */ 502 if( cur->buf.p != NULL ) 503 { 504 if( cur->next != NULL ) 505 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 506 507 cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); 508 509 if( cur->next == NULL ) 510 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 511 MBEDTLS_ERR_ASN1_ALLOC_FAILED ); 512 513 cur = cur->next; 514 } 515 516 buf = &(cur->buf); 517 buf->tag = tag; 518 buf->p = *p; 519 buf->len = tag_len; 520 *p += buf->len; 521 } 522 523 /* Set final sequence entry's next pointer to NULL */ 524 cur->next = NULL; 525 526 if( *p != end ) 527 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 528 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 529 530 return( 0 ); 531 } 532 533 /* 534 * X.509 v3 extensions 535 * 536 */ 537 static int x509_get_crt_ext( unsigned char **p, 538 const unsigned char *end, 539 mbedtls_x509_crt *crt ) 540 { 541 int ret; 542 size_t len; 543 unsigned char *end_ext_data, *end_ext_octet; 544 545 if( *p == end ) 546 return( 0 ); 547 548 if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 ) 549 return( ret ); 550 551 end = crt->v3_ext.p + crt->v3_ext.len; 552 while( *p < end ) 553 { 554 /* 555 * Extension ::= SEQUENCE { 556 * extnID OBJECT IDENTIFIER, 557 * critical BOOLEAN DEFAULT FALSE, 558 * extnValue OCTET STRING } 559 */ 560 mbedtls_x509_buf extn_oid = {0, 0, NULL}; 561 int is_critical = 0; /* DEFAULT FALSE */ 562 int ext_type = 0; 563 564 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 565 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 566 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 567 568 end_ext_data = *p + len; 569 570 /* Get extension ID */ 571 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, 572 MBEDTLS_ASN1_OID ) ) != 0 ) 573 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 574 575 extn_oid.tag = MBEDTLS_ASN1_OID; 576 extn_oid.p = *p; 577 *p += extn_oid.len; 578 579 /* Get optional critical */ 580 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && 581 ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) 582 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 583 584 /* Data should be octet string type */ 585 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, 586 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 587 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 588 589 end_ext_octet = *p + len; 590 591 if( end_ext_octet != end_ext_data ) 592 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 593 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 594 595 /* 596 * Detect supported extensions 597 */ 598 ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type ); 599 600 if( ret != 0 ) 601 { 602 /* No parser found, skip extension */ 603 *p = end_ext_octet; 604 605 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) 606 if( is_critical ) 607 { 608 /* Data is marked as critical: fail */ 609 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 610 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 611 } 612 #endif 613 continue; 614 } 615 616 /* Forbid repeated extensions */ 617 if( ( crt->ext_types & ext_type ) != 0 ) 618 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 619 620 crt->ext_types |= ext_type; 621 622 switch( ext_type ) 623 { 624 case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: 625 /* Parse basic constraints */ 626 if( ( ret = x509_get_basic_constraints( p, end_ext_octet, 627 &crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) 628 return( ret ); 629 break; 630 631 case MBEDTLS_X509_EXT_KEY_USAGE: 632 /* Parse key usage */ 633 if( ( ret = x509_get_key_usage( p, end_ext_octet, 634 &crt->key_usage ) ) != 0 ) 635 return( ret ); 636 break; 637 638 case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: 639 /* Parse extended key usage */ 640 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet, 641 &crt->ext_key_usage ) ) != 0 ) 642 return( ret ); 643 break; 644 645 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: 646 /* Parse subject alt name */ 647 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, 648 &crt->subject_alt_names ) ) != 0 ) 649 return( ret ); 650 break; 651 652 case MBEDTLS_X509_EXT_NS_CERT_TYPE: 653 /* Parse netscape certificate type */ 654 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet, 655 &crt->ns_cert_type ) ) != 0 ) 656 return( ret ); 657 break; 658 659 default: 660 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 661 } 662 } 663 664 if( *p != end ) 665 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 666 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 667 668 return( 0 ); 669 } 670 671 /* 672 * Parse and fill a single X.509 certificate in DER format 673 */ 674 static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf, 675 size_t buflen ) 676 { 677 int ret; 678 size_t len; 679 unsigned char *p, *end, *crt_end; 680 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 681 682 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); 683 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); 684 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); 685 686 /* 687 * Check for valid input 688 */ 689 if( crt == NULL || buf == NULL ) 690 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 691 692 // Use the original buffer until we figure out actual length 693 p = (unsigned char*) buf; 694 len = buflen; 695 end = p + len; 696 697 /* 698 * Certificate ::= SEQUENCE { 699 * tbsCertificate TBSCertificate, 700 * signatureAlgorithm AlgorithmIdentifier, 701 * signatureValue BIT STRING } 702 */ 703 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 704 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 705 { 706 mbedtls_x509_crt_free( crt ); 707 return( MBEDTLS_ERR_X509_INVALID_FORMAT ); 708 } 709 710 if( len > (size_t) ( end - p ) ) 711 { 712 mbedtls_x509_crt_free( crt ); 713 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 714 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 715 } 716 crt_end = p + len; 717 718 // Create and populate a new buffer for the raw field 719 crt->raw.len = crt_end - buf; 720 crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len ); 721 if( p == NULL ) 722 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 723 724 memcpy( p, buf, crt->raw.len ); 725 726 // Direct pointers to the new buffer 727 p += crt->raw.len - len; 728 end = crt_end = p + len; 729 730 /* 731 * TBSCertificate ::= SEQUENCE { 732 */ 733 crt->tbs.p = p; 734 735 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 736 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 737 { 738 mbedtls_x509_crt_free( crt ); 739 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 740 } 741 742 end = p + len; 743 crt->tbs.len = end - crt->tbs.p; 744 745 /* 746 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 747 * 748 * CertificateSerialNumber ::= INTEGER 749 * 750 * signature AlgorithmIdentifier 751 */ 752 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || 753 ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 || 754 ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid, 755 &sig_params1 ) ) != 0 ) 756 { 757 mbedtls_x509_crt_free( crt ); 758 return( ret ); 759 } 760 761 if( crt->version < 0 || crt->version > 2 ) 762 { 763 mbedtls_x509_crt_free( crt ); 764 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); 765 } 766 767 crt->version++; 768 769 if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, 770 &crt->sig_md, &crt->sig_pk, 771 &crt->sig_opts ) ) != 0 ) 772 { 773 mbedtls_x509_crt_free( crt ); 774 return( ret ); 775 } 776 777 /* 778 * issuer Name 779 */ 780 crt->issuer_raw.p = p; 781 782 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 783 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 784 { 785 mbedtls_x509_crt_free( crt ); 786 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 787 } 788 789 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) 790 { 791 mbedtls_x509_crt_free( crt ); 792 return( ret ); 793 } 794 795 crt->issuer_raw.len = p - crt->issuer_raw.p; 796 797 /* 798 * Validity ::= SEQUENCE { 799 * notBefore Time, 800 * notAfter Time } 801 * 802 */ 803 if( ( ret = x509_get_dates( &p, end, &crt->valid_from, 804 &crt->valid_to ) ) != 0 ) 805 { 806 mbedtls_x509_crt_free( crt ); 807 return( ret ); 808 } 809 810 /* 811 * subject Name 812 */ 813 crt->subject_raw.p = p; 814 815 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 816 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 817 { 818 mbedtls_x509_crt_free( crt ); 819 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 820 } 821 822 if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) 823 { 824 mbedtls_x509_crt_free( crt ); 825 return( ret ); 826 } 827 828 crt->subject_raw.len = p - crt->subject_raw.p; 829 830 /* 831 * SubjectPublicKeyInfo 832 */ 833 if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 ) 834 { 835 mbedtls_x509_crt_free( crt ); 836 return( ret ); 837 } 838 839 /* 840 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 841 * -- If present, version shall be v2 or v3 842 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 843 * -- If present, version shall be v2 or v3 844 * extensions [3] EXPLICIT Extensions OPTIONAL 845 * -- If present, version shall be v3 846 */ 847 if( crt->version == 2 || crt->version == 3 ) 848 { 849 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 ); 850 if( ret != 0 ) 851 { 852 mbedtls_x509_crt_free( crt ); 853 return( ret ); 854 } 855 } 856 857 if( crt->version == 2 || crt->version == 3 ) 858 { 859 ret = x509_get_uid( &p, end, &crt->subject_id, 2 ); 860 if( ret != 0 ) 861 { 862 mbedtls_x509_crt_free( crt ); 863 return( ret ); 864 } 865 } 866 867 #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) 868 if( crt->version == 3 ) 869 #endif 870 { 871 ret = x509_get_crt_ext( &p, end, crt ); 872 if( ret != 0 ) 873 { 874 mbedtls_x509_crt_free( crt ); 875 return( ret ); 876 } 877 } 878 879 if( p != end ) 880 { 881 mbedtls_x509_crt_free( crt ); 882 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 883 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 884 } 885 886 end = crt_end; 887 888 /* 889 * } 890 * -- end of TBSCertificate 891 * 892 * signatureAlgorithm AlgorithmIdentifier, 893 * signatureValue BIT STRING 894 */ 895 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) 896 { 897 mbedtls_x509_crt_free( crt ); 898 return( ret ); 899 } 900 901 if( crt->sig_oid.len != sig_oid2.len || 902 memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || 903 sig_params1.len != sig_params2.len || 904 ( sig_params1.len != 0 && 905 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) 906 { 907 mbedtls_x509_crt_free( crt ); 908 return( MBEDTLS_ERR_X509_SIG_MISMATCH ); 909 } 910 911 if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 ) 912 { 913 mbedtls_x509_crt_free( crt ); 914 return( ret ); 915 } 916 917 if( p != end ) 918 { 919 mbedtls_x509_crt_free( crt ); 920 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 921 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 922 } 923 924 return( 0 ); 925 } 926 927 /* 928 * Parse one X.509 certificate in DER format from a buffer and add them to a 929 * chained list 930 */ 931 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, 932 size_t buflen ) 933 { 934 int ret; 935 mbedtls_x509_crt *crt = chain, *prev = NULL; 936 937 /* 938 * Check for valid input 939 */ 940 if( crt == NULL || buf == NULL ) 941 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 942 943 while( crt->version != 0 && crt->next != NULL ) 944 { 945 prev = crt; 946 crt = crt->next; 947 } 948 949 /* 950 * Add new certificate on the end of the chain if needed. 951 */ 952 if( crt->version != 0 && crt->next == NULL ) 953 { 954 crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); 955 956 if( crt->next == NULL ) 957 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 958 959 prev = crt; 960 mbedtls_x509_crt_init( crt->next ); 961 crt = crt->next; 962 } 963 964 if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 ) 965 { 966 if( prev ) 967 prev->next = NULL; 968 969 if( crt != chain ) 970 mbedtls_free( crt ); 971 972 return( ret ); 973 } 974 975 return( 0 ); 976 } 977 978 /* 979 * Parse one or more PEM certificates from a buffer and add them to the chained 980 * list 981 */ 982 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) 983 { 984 #if defined(MBEDTLS_PEM_PARSE_C) 985 int success = 0, first_error = 0, total_failed = 0; 986 int buf_format = MBEDTLS_X509_FORMAT_DER; 987 #endif 988 989 /* 990 * Check for valid input 991 */ 992 if( chain == NULL || buf == NULL ) 993 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 994 995 /* 996 * Determine buffer content. Buffer contains either one DER certificate or 997 * one or more PEM certificates. 998 */ 999 #if defined(MBEDTLS_PEM_PARSE_C) 1000 if( buflen != 0 && buf[buflen - 1] == '\0' && 1001 strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) 1002 { 1003 buf_format = MBEDTLS_X509_FORMAT_PEM; 1004 } 1005 1006 if( buf_format == MBEDTLS_X509_FORMAT_DER ) 1007 return mbedtls_x509_crt_parse_der( chain, buf, buflen ); 1008 #else 1009 return mbedtls_x509_crt_parse_der( chain, buf, buflen ); 1010 #endif 1011 1012 #if defined(MBEDTLS_PEM_PARSE_C) 1013 if( buf_format == MBEDTLS_X509_FORMAT_PEM ) 1014 { 1015 int ret; 1016 mbedtls_pem_context pem; 1017 1018 /* 1 rather than 0 since the terminating NULL byte is counted in */ 1019 while( buflen > 1 ) 1020 { 1021 size_t use_len; 1022 mbedtls_pem_init( &pem ); 1023 1024 /* If we get there, we know the string is null-terminated */ 1025 ret = mbedtls_pem_read_buffer( &pem, 1026 "-----BEGIN CERTIFICATE-----", 1027 "-----END CERTIFICATE-----", 1028 buf, NULL, 0, &use_len ); 1029 1030 if( ret == 0 ) 1031 { 1032 /* 1033 * Was PEM encoded 1034 */ 1035 buflen -= use_len; 1036 buf += use_len; 1037 } 1038 else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA ) 1039 { 1040 return( ret ); 1041 } 1042 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 1043 { 1044 mbedtls_pem_free( &pem ); 1045 1046 /* 1047 * PEM header and footer were found 1048 */ 1049 buflen -= use_len; 1050 buf += use_len; 1051 1052 if( first_error == 0 ) 1053 first_error = ret; 1054 1055 total_failed++; 1056 continue; 1057 } 1058 else 1059 break; 1060 1061 ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen ); 1062 1063 mbedtls_pem_free( &pem ); 1064 1065 if( ret != 0 ) 1066 { 1067 /* 1068 * Quit parsing on a memory error 1069 */ 1070 if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED ) 1071 return( ret ); 1072 1073 if( first_error == 0 ) 1074 first_error = ret; 1075 1076 total_failed++; 1077 continue; 1078 } 1079 1080 success = 1; 1081 } 1082 } 1083 1084 if( success ) 1085 return( total_failed ); 1086 else if( first_error ) 1087 return( first_error ); 1088 else 1089 return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); 1090 #endif /* MBEDTLS_PEM_PARSE_C */ 1091 } 1092 1093 #if defined(MBEDTLS_FS_IO) 1094 /* 1095 * Load one or more certificates and add them to the chained list 1096 */ 1097 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) 1098 { 1099 int ret; 1100 size_t n; 1101 unsigned char *buf; 1102 1103 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 1104 return( ret ); 1105 1106 ret = mbedtls_x509_crt_parse( chain, buf, n ); 1107 1108 mbedtls_zeroize( buf, n ); 1109 mbedtls_free( buf ); 1110 1111 return( ret ); 1112 } 1113 1114 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) 1115 { 1116 int ret = 0; 1117 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 1118 int w_ret; 1119 WCHAR szDir[MAX_PATH]; 1120 char filename[MAX_PATH]; 1121 char *p; 1122 size_t len = strlen( path ); 1123 1124 WIN32_FIND_DATAW file_data; 1125 HANDLE hFind; 1126 1127 if( len > MAX_PATH - 3 ) 1128 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1129 1130 memset( szDir, 0, sizeof(szDir) ); 1131 memset( filename, 0, MAX_PATH ); 1132 memcpy( filename, path, len ); 1133 filename[len++] = '\\'; 1134 p = filename + len; 1135 filename[len++] = '*'; 1136 1137 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, 1138 MAX_PATH - 3 ); 1139 if( w_ret == 0 ) 1140 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1141 1142 hFind = FindFirstFileW( szDir, &file_data ); 1143 if( hFind == INVALID_HANDLE_VALUE ) 1144 return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); 1145 1146 len = MAX_PATH - len; 1147 do 1148 { 1149 memset( p, 0, len ); 1150 1151 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) 1152 continue; 1153 1154 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, 1155 lstrlenW( file_data.cFileName ), 1156 p, (int) len - 1, 1157 NULL, NULL ); 1158 if( w_ret == 0 ) 1159 { 1160 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1161 goto cleanup; 1162 } 1163 1164 w_ret = mbedtls_x509_crt_parse_file( chain, filename ); 1165 if( w_ret < 0 ) 1166 ret++; 1167 else 1168 ret += w_ret; 1169 } 1170 while( FindNextFileW( hFind, &file_data ) != 0 ); 1171 1172 if( GetLastError() != ERROR_NO_MORE_FILES ) 1173 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1174 1175 cleanup: 1176 FindClose( hFind ); 1177 #else /* _WIN32 */ 1178 int t_ret; 1179 int snp_ret; 1180 struct stat sb; 1181 struct dirent *entry; 1182 char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; 1183 DIR *dir = opendir( path ); 1184 1185 if( dir == NULL ) 1186 return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); 1187 1188 #if defined(MBEDTLS_THREADING_C) 1189 if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) 1190 { 1191 closedir( dir ); 1192 return( ret ); 1193 } 1194 #endif /* MBEDTLS_THREADING_C */ 1195 1196 while( ( entry = readdir( dir ) ) != NULL ) 1197 { 1198 snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, 1199 "%s/%s", path, entry->d_name ); 1200 1201 if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name ) 1202 { 1203 ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 1204 goto cleanup; 1205 } 1206 else if( stat( entry_name, &sb ) == -1 ) 1207 { 1208 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1209 goto cleanup; 1210 } 1211 1212 if( !S_ISREG( sb.st_mode ) ) 1213 continue; 1214 1215 // Ignore parse errors 1216 // 1217 t_ret = mbedtls_x509_crt_parse_file( chain, entry_name ); 1218 if( t_ret < 0 ) 1219 ret++; 1220 else 1221 ret += t_ret; 1222 } 1223 1224 cleanup: 1225 closedir( dir ); 1226 1227 #if defined(MBEDTLS_THREADING_C) 1228 if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) 1229 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; 1230 #endif /* MBEDTLS_THREADING_C */ 1231 1232 #endif /* _WIN32 */ 1233 1234 return( ret ); 1235 } 1236 #endif /* MBEDTLS_FS_IO */ 1237 1238 static int x509_info_subject_alt_name( char **buf, size_t *size, 1239 const mbedtls_x509_sequence *subject_alt_name ) 1240 { 1241 size_t i; 1242 size_t n = *size; 1243 char *p = *buf; 1244 const mbedtls_x509_sequence *cur = subject_alt_name; 1245 const char *sep = ""; 1246 size_t sep_len = 0; 1247 1248 while( cur != NULL ) 1249 { 1250 if( cur->buf.len + sep_len >= n ) 1251 { 1252 *p = '\0'; 1253 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 1254 } 1255 1256 n -= cur->buf.len + sep_len; 1257 for( i = 0; i < sep_len; i++ ) 1258 *p++ = sep[i]; 1259 for( i = 0; i < cur->buf.len; i++ ) 1260 *p++ = cur->buf.p[i]; 1261 1262 sep = ", "; 1263 sep_len = 2; 1264 1265 cur = cur->next; 1266 } 1267 1268 *p = '\0'; 1269 1270 *size = n; 1271 *buf = p; 1272 1273 return( 0 ); 1274 } 1275 1276 #define PRINT_ITEM(i) \ 1277 { \ 1278 ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ 1279 MBEDTLS_X509_SAFE_SNPRINTF; \ 1280 sep = ", "; \ 1281 } 1282 1283 #define CERT_TYPE(type,name) \ 1284 if( ns_cert_type & type ) \ 1285 PRINT_ITEM( name ); 1286 1287 static int x509_info_cert_type( char **buf, size_t *size, 1288 unsigned char ns_cert_type ) 1289 { 1290 int ret; 1291 size_t n = *size; 1292 char *p = *buf; 1293 const char *sep = ""; 1294 1295 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); 1296 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); 1297 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); 1298 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); 1299 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); 1300 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" ); 1301 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); 1302 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); 1303 1304 *size = n; 1305 *buf = p; 1306 1307 return( 0 ); 1308 } 1309 1310 #define KEY_USAGE(code,name) \ 1311 if( key_usage & code ) \ 1312 PRINT_ITEM( name ); 1313 1314 static int x509_info_key_usage( char **buf, size_t *size, 1315 unsigned int key_usage ) 1316 { 1317 int ret; 1318 size_t n = *size; 1319 char *p = *buf; 1320 const char *sep = ""; 1321 1322 KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); 1323 KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); 1324 KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); 1325 KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); 1326 KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" ); 1327 KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); 1328 KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); 1329 KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" ); 1330 KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" ); 1331 1332 *size = n; 1333 *buf = p; 1334 1335 return( 0 ); 1336 } 1337 1338 static int x509_info_ext_key_usage( char **buf, size_t *size, 1339 const mbedtls_x509_sequence *extended_key_usage ) 1340 { 1341 int ret; 1342 const char *desc; 1343 size_t n = *size; 1344 char *p = *buf; 1345 const mbedtls_x509_sequence *cur = extended_key_usage; 1346 const char *sep = ""; 1347 1348 while( cur != NULL ) 1349 { 1350 if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) 1351 desc = "???"; 1352 1353 ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); 1354 MBEDTLS_X509_SAFE_SNPRINTF; 1355 1356 sep = ", "; 1357 1358 cur = cur->next; 1359 } 1360 1361 *size = n; 1362 *buf = p; 1363 1364 return( 0 ); 1365 } 1366 1367 /* 1368 * Like memcmp, but case-insensitive and always returns -1 if different 1369 */ 1370 static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) 1371 { 1372 size_t i; 1373 unsigned char diff; 1374 const unsigned char *n1 = s1, *n2 = s2; 1375 1376 for( i = 0; i < len; i++ ) 1377 { 1378 diff = n1[i] ^ n2[i]; 1379 1380 if( diff == 0 ) 1381 continue; 1382 1383 if( diff == 32 && 1384 ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || 1385 ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) 1386 { 1387 continue; 1388 } 1389 1390 return( -1 ); 1391 } 1392 1393 return( 0 ); 1394 } 1395 1396 /* 1397 * Return 0 if name matches wildcard, -1 otherwise 1398 */ 1399 static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name ) 1400 { 1401 size_t i; 1402 size_t cn_idx = 0, cn_len = strlen( cn ); 1403 1404 if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) 1405 return( 0 ); 1406 1407 for( i = 0; i < cn_len; ++i ) 1408 { 1409 if( cn[i] == '.' ) 1410 { 1411 cn_idx = i; 1412 break; 1413 } 1414 } 1415 1416 if( cn_idx == 0 ) 1417 return( -1 ); 1418 1419 if( cn_len - cn_idx == name->len - 1 && 1420 x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) 1421 { 1422 return( 0 ); 1423 } 1424 1425 return( -1 ); 1426 } 1427 1428 /* 1429 * Compare two X.509 strings, case-insensitive, and allowing for some encoding 1430 * variations (but not all). 1431 * 1432 * Return 0 if equal, -1 otherwise. 1433 */ 1434 static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) 1435 { 1436 if( a->tag == b->tag && 1437 a->len == b->len && 1438 memcmp( a->p, b->p, b->len ) == 0 ) 1439 { 1440 return( 0 ); 1441 } 1442 1443 if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && 1444 ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && 1445 a->len == b->len && 1446 x509_memcasecmp( a->p, b->p, b->len ) == 0 ) 1447 { 1448 return( 0 ); 1449 } 1450 1451 return( -1 ); 1452 } 1453 1454 /* 1455 * Compare two X.509 Names (aka rdnSequence). 1456 * 1457 * See RFC 5280 section 7.1, though we don't implement the whole algorithm: 1458 * we sometimes return unequal when the full algorithm would return equal, 1459 * but never the other way. (In particular, we don't do Unicode normalisation 1460 * or space folding.) 1461 * 1462 * Return 0 if equal, -1 otherwise. 1463 */ 1464 static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) 1465 { 1466 /* Avoid recursion, it might not be optimised by the compiler */ 1467 while( a != NULL || b != NULL ) 1468 { 1469 if( a == NULL || b == NULL ) 1470 return( -1 ); 1471 1472 /* type */ 1473 if( a->oid.tag != b->oid.tag || 1474 a->oid.len != b->oid.len || 1475 memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) 1476 { 1477 return( -1 ); 1478 } 1479 1480 /* value */ 1481 if( x509_string_cmp( &a->val, &b->val ) != 0 ) 1482 return( -1 ); 1483 1484 /* structure of the list of sets */ 1485 if( a->next_merged != b->next_merged ) 1486 return( -1 ); 1487 1488 a = a->next; 1489 b = b->next; 1490 } 1491 1492 /* a == NULL == b */ 1493 return( 0 ); 1494 } 1495 1496 /* 1497 * Return an informational string about the certificate. 1498 */ 1499 #define BEFORE_COLON 18 1500 #define BC "18" 1501 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, 1502 const mbedtls_x509_crt *crt ) 1503 { 1504 int ret; 1505 size_t n; 1506 char *p; 1507 char key_size_str[BEFORE_COLON]; 1508 1509 p = buf; 1510 n = size; 1511 1512 if( NULL == crt ) 1513 { 1514 ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); 1515 MBEDTLS_X509_SAFE_SNPRINTF; 1516 1517 return( (int) ( size - n ) ); 1518 } 1519 1520 ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", 1521 prefix, crt->version ); 1522 MBEDTLS_X509_SAFE_SNPRINTF; 1523 ret = mbedtls_snprintf( p, n, "%sserial number : ", 1524 prefix ); 1525 MBEDTLS_X509_SAFE_SNPRINTF; 1526 1527 ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); 1528 MBEDTLS_X509_SAFE_SNPRINTF; 1529 1530 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); 1531 MBEDTLS_X509_SAFE_SNPRINTF; 1532 ret = mbedtls_x509_dn_gets( p, n, &crt->issuer ); 1533 MBEDTLS_X509_SAFE_SNPRINTF; 1534 1535 ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); 1536 MBEDTLS_X509_SAFE_SNPRINTF; 1537 ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); 1538 MBEDTLS_X509_SAFE_SNPRINTF; 1539 1540 ret = mbedtls_snprintf( p, n, "\n%sissued on : " \ 1541 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 1542 crt->valid_from.year, crt->valid_from.mon, 1543 crt->valid_from.day, crt->valid_from.hour, 1544 crt->valid_from.min, crt->valid_from.sec ); 1545 MBEDTLS_X509_SAFE_SNPRINTF; 1546 1547 ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \ 1548 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 1549 crt->valid_to.year, crt->valid_to.mon, 1550 crt->valid_to.day, crt->valid_to.hour, 1551 crt->valid_to.min, crt->valid_to.sec ); 1552 MBEDTLS_X509_SAFE_SNPRINTF; 1553 1554 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); 1555 MBEDTLS_X509_SAFE_SNPRINTF; 1556 1557 ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk, 1558 crt->sig_md, crt->sig_opts ); 1559 MBEDTLS_X509_SAFE_SNPRINTF; 1560 1561 /* Key size */ 1562 if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, 1563 mbedtls_pk_get_name( &crt->pk ) ) ) != 0 ) 1564 { 1565 return( ret ); 1566 } 1567 1568 ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, 1569 (int) mbedtls_pk_get_bitlen( &crt->pk ) ); 1570 MBEDTLS_X509_SAFE_SNPRINTF; 1571 1572 /* 1573 * Optional extensions 1574 */ 1575 1576 if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS ) 1577 { 1578 ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, 1579 crt->ca_istrue ? "true" : "false" ); 1580 MBEDTLS_X509_SAFE_SNPRINTF; 1581 1582 if( crt->max_pathlen > 0 ) 1583 { 1584 ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); 1585 MBEDTLS_X509_SAFE_SNPRINTF; 1586 } 1587 } 1588 1589 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 1590 { 1591 ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix ); 1592 MBEDTLS_X509_SAFE_SNPRINTF; 1593 1594 if( ( ret = x509_info_subject_alt_name( &p, &n, 1595 &crt->subject_alt_names ) ) != 0 ) 1596 return( ret ); 1597 } 1598 1599 if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE ) 1600 { 1601 ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix ); 1602 MBEDTLS_X509_SAFE_SNPRINTF; 1603 1604 if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) 1605 return( ret ); 1606 } 1607 1608 if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) 1609 { 1610 ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix ); 1611 MBEDTLS_X509_SAFE_SNPRINTF; 1612 1613 if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) 1614 return( ret ); 1615 } 1616 1617 if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) 1618 { 1619 ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix ); 1620 MBEDTLS_X509_SAFE_SNPRINTF; 1621 1622 if( ( ret = x509_info_ext_key_usage( &p, &n, 1623 &crt->ext_key_usage ) ) != 0 ) 1624 return( ret ); 1625 } 1626 1627 ret = mbedtls_snprintf( p, n, "\n" ); 1628 MBEDTLS_X509_SAFE_SNPRINTF; 1629 1630 return( (int) ( size - n ) ); 1631 } 1632 1633 struct x509_crt_verify_string { 1634 int code; 1635 const char *string; 1636 }; 1637 1638 static const struct x509_crt_verify_string x509_crt_verify_strings[] = { 1639 { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" }, 1640 { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, 1641 { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, 1642 { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, 1643 { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, 1644 { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, 1645 { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" }, 1646 { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, 1647 { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, 1648 { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" }, 1649 { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" }, 1650 { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, 1651 { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, 1652 { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, 1653 { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." }, 1654 { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, 1655 { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." }, 1656 { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." }, 1657 { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, 1658 { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." }, 1659 { 0, NULL } 1660 }; 1661 1662 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, 1663 uint32_t flags ) 1664 { 1665 int ret; 1666 const struct x509_crt_verify_string *cur; 1667 char *p = buf; 1668 size_t n = size; 1669 1670 for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ ) 1671 { 1672 if( ( flags & cur->code ) == 0 ) 1673 continue; 1674 1675 ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string ); 1676 MBEDTLS_X509_SAFE_SNPRINTF; 1677 flags ^= cur->code; 1678 } 1679 1680 if( flags != 0 ) 1681 { 1682 ret = mbedtls_snprintf( p, n, "%sUnknown reason " 1683 "(this should not happen)\n", prefix ); 1684 MBEDTLS_X509_SAFE_SNPRINTF; 1685 } 1686 1687 return( (int) ( size - n ) ); 1688 } 1689 1690 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 1691 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, 1692 unsigned int usage ) 1693 { 1694 unsigned int usage_must, usage_may; 1695 unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY 1696 | MBEDTLS_X509_KU_DECIPHER_ONLY; 1697 1698 if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 ) 1699 return( 0 ); 1700 1701 usage_must = usage & ~may_mask; 1702 1703 if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must ) 1704 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1705 1706 usage_may = usage & may_mask; 1707 1708 if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may ) 1709 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1710 1711 return( 0 ); 1712 } 1713 #endif 1714 1715 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) 1716 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, 1717 const char *usage_oid, 1718 size_t usage_len ) 1719 { 1720 const mbedtls_x509_sequence *cur; 1721 1722 /* Extension is not mandatory, absent means no restriction */ 1723 if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 ) 1724 return( 0 ); 1725 1726 /* 1727 * Look for the requested usage (or wildcard ANY) in our list 1728 */ 1729 for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next ) 1730 { 1731 const mbedtls_x509_buf *cur_oid = &cur->buf; 1732 1733 if( cur_oid->len == usage_len && 1734 memcmp( cur_oid->p, usage_oid, usage_len ) == 0 ) 1735 { 1736 return( 0 ); 1737 } 1738 1739 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 ) 1740 return( 0 ); 1741 } 1742 1743 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1744 } 1745 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 1746 1747 #if defined(MBEDTLS_X509_CRL_PARSE_C) 1748 /* 1749 * Return 1 if the certificate is revoked, or 0 otherwise. 1750 */ 1751 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ) 1752 { 1753 const mbedtls_x509_crl_entry *cur = &crl->entry; 1754 1755 while( cur != NULL && cur->serial.len != 0 ) 1756 { 1757 if( crt->serial.len == cur->serial.len && 1758 memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) 1759 { 1760 if( mbedtls_x509_time_is_past( &cur->revocation_date ) ) 1761 return( 1 ); 1762 } 1763 1764 cur = cur->next; 1765 } 1766 1767 return( 0 ); 1768 } 1769 1770 /* 1771 * Check that the given certificate is not revoked according to the CRL. 1772 * Skip validation if no CRL for the given CA is present. 1773 */ 1774 static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, 1775 mbedtls_x509_crl *crl_list, 1776 const mbedtls_x509_crt_profile *profile ) 1777 { 1778 int flags = 0; 1779 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 1780 const mbedtls_md_info_t *md_info; 1781 1782 if( ca == NULL ) 1783 return( flags ); 1784 1785 while( crl_list != NULL ) 1786 { 1787 if( crl_list->version == 0 || 1788 x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 ) 1789 { 1790 crl_list = crl_list->next; 1791 continue; 1792 } 1793 1794 /* 1795 * Check if the CA is configured to sign CRLs 1796 */ 1797 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 1798 if( mbedtls_x509_crt_check_key_usage( ca, 1799 MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) 1800 { 1801 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 1802 break; 1803 } 1804 #endif 1805 1806 /* 1807 * Check if CRL is correctly signed by the trusted CA 1808 */ 1809 if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 ) 1810 flags |= MBEDTLS_X509_BADCRL_BAD_MD; 1811 1812 if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 ) 1813 flags |= MBEDTLS_X509_BADCRL_BAD_PK; 1814 1815 md_info = mbedtls_md_info_from_type( crl_list->sig_md ); 1816 if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 ) 1817 { 1818 /* Note: this can't happen except after an internal error */ 1819 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 1820 break; 1821 } 1822 1823 if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 ) 1824 flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 1825 1826 if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, 1827 crl_list->sig_md, hash, mbedtls_md_get_size( md_info ), 1828 crl_list->sig.p, crl_list->sig.len ) != 0 ) 1829 { 1830 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 1831 break; 1832 } 1833 1834 /* 1835 * Check for validity of CRL (Do not drop out) 1836 */ 1837 if( mbedtls_x509_time_is_past( &crl_list->next_update ) ) 1838 flags |= MBEDTLS_X509_BADCRL_EXPIRED; 1839 1840 if( mbedtls_x509_time_is_future( &crl_list->this_update ) ) 1841 flags |= MBEDTLS_X509_BADCRL_FUTURE; 1842 1843 /* 1844 * Check if certificate is revoked 1845 */ 1846 if( mbedtls_x509_crt_is_revoked( crt, crl_list ) ) 1847 { 1848 flags |= MBEDTLS_X509_BADCERT_REVOKED; 1849 break; 1850 } 1851 1852 crl_list = crl_list->next; 1853 } 1854 1855 return( flags ); 1856 } 1857 #endif /* MBEDTLS_X509_CRL_PARSE_C */ 1858 1859 /* 1860 * Check if 'parent' is a suitable parent (signing CA) for 'child'. 1861 * Return 0 if yes, -1 if not. 1862 * 1863 * top means parent is a locally-trusted certificate 1864 * bottom means child is the end entity cert 1865 */ 1866 static int x509_crt_check_parent( const mbedtls_x509_crt *child, 1867 const mbedtls_x509_crt *parent, 1868 int top, int bottom ) 1869 { 1870 int need_ca_bit; 1871 1872 /* Parent must be the issuer */ 1873 if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 ) 1874 return( -1 ); 1875 1876 /* Parent must have the basicConstraints CA bit set as a general rule */ 1877 need_ca_bit = 1; 1878 1879 /* Exception: v1/v2 certificates that are locally trusted. */ 1880 if( top && parent->version < 3 ) 1881 need_ca_bit = 0; 1882 1883 /* Exception: self-signed end-entity certs that are locally trusted. */ 1884 if( top && bottom && 1885 child->raw.len == parent->raw.len && 1886 memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 ) 1887 { 1888 need_ca_bit = 0; 1889 } 1890 1891 if( need_ca_bit && ! parent->ca_istrue ) 1892 return( -1 ); 1893 1894 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 1895 if( need_ca_bit && 1896 mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 ) 1897 { 1898 return( -1 ); 1899 } 1900 #endif 1901 1902 return( 0 ); 1903 } 1904 1905 /* 1906 * Verify a certificate with no parent inside the chain 1907 * (either the parent is a trusted root, or there is no parent) 1908 * 1909 * See comments for mbedtls_x509_crt_verify_with_profile() 1910 * (also for notation used below) 1911 * 1912 * This function is called in two cases: 1913 * - child was found to have a parent in trusted roots, in which case we're 1914 * called with trust_ca pointing directly to that parent (not the full list) 1915 * - this is cases 1, 2 and 3 of the comment on verify_with_profile() 1916 * - case 1 is special as child and trust_ca point to copies of the same 1917 * certificate then 1918 * - child was found to have no parent either in the chain or in trusted CAs 1919 * - this is cases 4 and 5 of the comment on verify_with_profile() 1920 * 1921 * For historical reasons, the function currently does not assume that 1922 * trust_ca points directly to the right root in the first case, and it 1923 * doesn't know in which case it starts, so it always starts by searching for 1924 * a parent in trust_ca. 1925 */ 1926 static int x509_crt_verify_top( 1927 mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, 1928 mbedtls_x509_crl *ca_crl, 1929 const mbedtls_x509_crt_profile *profile, 1930 int path_cnt, int self_cnt, uint32_t *flags, 1931 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 1932 void *p_vrfy ) 1933 { 1934 int ret; 1935 uint32_t ca_flags = 0; 1936 int check_path_cnt; 1937 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 1938 const mbedtls_md_info_t *md_info; 1939 mbedtls_x509_crt *future_past_ca = NULL; 1940 1941 if( mbedtls_x509_time_is_past( &child->valid_to ) ) 1942 *flags |= MBEDTLS_X509_BADCERT_EXPIRED; 1943 1944 if( mbedtls_x509_time_is_future( &child->valid_from ) ) 1945 *flags |= MBEDTLS_X509_BADCERT_FUTURE; 1946 1947 if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) 1948 *flags |= MBEDTLS_X509_BADCERT_BAD_MD; 1949 1950 if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) 1951 *flags |= MBEDTLS_X509_BADCERT_BAD_PK; 1952 1953 /* 1954 * Child is the top of the chain. Check against the trust_ca list. 1955 */ 1956 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 1957 1958 md_info = mbedtls_md_info_from_type( child->sig_md ); 1959 if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) 1960 { 1961 /* Note: this can't happen except after an internal error */ 1962 /* Cannot check signature, no need to try any CA */ 1963 trust_ca = NULL; 1964 } 1965 1966 for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next ) 1967 { 1968 if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 ) 1969 continue; 1970 1971 check_path_cnt = path_cnt + 1; 1972 1973 /* 1974 * Reduce check_path_cnt to check against if top of the chain is 1975 * the same as the trusted CA 1976 */ 1977 if( child->subject_raw.len == trust_ca->subject_raw.len && 1978 memcmp( child->subject_raw.p, trust_ca->subject_raw.p, 1979 child->subject_raw.len ) == 0 ) 1980 { 1981 check_path_cnt--; 1982 } 1983 1984 /* Self signed certificates do not count towards the limit */ 1985 if( trust_ca->max_pathlen > 0 && 1986 trust_ca->max_pathlen < check_path_cnt - self_cnt ) 1987 { 1988 continue; 1989 } 1990 1991 if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, 1992 child->sig_md, hash, mbedtls_md_get_size( md_info ), 1993 child->sig.p, child->sig.len ) != 0 ) 1994 { 1995 continue; 1996 } 1997 1998 if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) || 1999 mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) 2000 { 2001 if ( future_past_ca == NULL ) 2002 future_past_ca = trust_ca; 2003 2004 continue; 2005 } 2006 2007 break; 2008 } 2009 2010 if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) 2011 { 2012 /* 2013 * Top of chain is signed by a trusted CA 2014 */ 2015 *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2016 2017 if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) 2018 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2019 } 2020 2021 /* 2022 * If top of chain is not the same as the trusted CA send a verify request 2023 * to the callback for any issues with validity and CRL presence for the 2024 * trusted CA certificate. 2025 */ 2026 if( trust_ca != NULL && 2027 ( child->subject_raw.len != trust_ca->subject_raw.len || 2028 memcmp( child->subject_raw.p, trust_ca->subject_raw.p, 2029 child->subject_raw.len ) != 0 ) ) 2030 { 2031 #if defined(MBEDTLS_X509_CRL_PARSE_C) 2032 /* Check trusted CA's CRL for the chain's top crt */ 2033 *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile ); 2034 #else 2035 ((void) ca_crl); 2036 #endif 2037 2038 if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) 2039 ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; 2040 2041 if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) 2042 ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; 2043 2044 if( NULL != f_vrfy ) 2045 { 2046 if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, 2047 &ca_flags ) ) != 0 ) 2048 { 2049 return( ret ); 2050 } 2051 } 2052 } 2053 2054 /* Call callback on top cert */ 2055 if( NULL != f_vrfy ) 2056 { 2057 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 ) 2058 return( ret ); 2059 } 2060 2061 *flags |= ca_flags; 2062 2063 return( 0 ); 2064 } 2065 2066 /* 2067 * Verify a certificate with a parent inside the chain 2068 * 2069 * See comments for mbedtls_x509_crt_verify_with_profile() 2070 */ 2071 static int x509_crt_verify_child( 2072 mbedtls_x509_crt *child, mbedtls_x509_crt *parent, 2073 mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, 2074 const mbedtls_x509_crt_profile *profile, 2075 int path_cnt, int self_cnt, uint32_t *flags, 2076 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 2077 void *p_vrfy ) 2078 { 2079 int ret; 2080 uint32_t parent_flags = 0; 2081 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 2082 mbedtls_x509_crt *grandparent; 2083 const mbedtls_md_info_t *md_info; 2084 2085 /* Counting intermediate self signed certificates */ 2086 if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) 2087 self_cnt++; 2088 2089 /* path_cnt is 0 for the first intermediate CA */ 2090 if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) 2091 { 2092 /* return immediately as the goal is to avoid unbounded recursion */ 2093 return( MBEDTLS_ERR_X509_FATAL_ERROR ); 2094 } 2095 2096 if( mbedtls_x509_time_is_past( &child->valid_to ) ) 2097 *flags |= MBEDTLS_X509_BADCERT_EXPIRED; 2098 2099 if( mbedtls_x509_time_is_future( &child->valid_from ) ) 2100 *flags |= MBEDTLS_X509_BADCERT_FUTURE; 2101 2102 if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) 2103 *flags |= MBEDTLS_X509_BADCERT_BAD_MD; 2104 2105 if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) 2106 *flags |= MBEDTLS_X509_BADCERT_BAD_PK; 2107 2108 md_info = mbedtls_md_info_from_type( child->sig_md ); 2109 if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) 2110 { 2111 /* Note: this can't happen except after an internal error */ 2112 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2113 } 2114 else 2115 { 2116 if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) 2117 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2118 2119 if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, 2120 child->sig_md, hash, mbedtls_md_get_size( md_info ), 2121 child->sig.p, child->sig.len ) != 0 ) 2122 { 2123 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2124 } 2125 } 2126 2127 #if defined(MBEDTLS_X509_CRL_PARSE_C) 2128 /* Check trusted CA's CRL for the given crt */ 2129 *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); 2130 #endif 2131 2132 /* Look for a grandparent in trusted CAs */ 2133 for( grandparent = trust_ca; 2134 grandparent != NULL; 2135 grandparent = grandparent->next ) 2136 { 2137 if( x509_crt_check_parent( parent, grandparent, 2138 0, path_cnt == 0 ) == 0 ) 2139 break; 2140 } 2141 2142 if( grandparent != NULL ) 2143 { 2144 ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile, 2145 path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); 2146 if( ret != 0 ) 2147 return( ret ); 2148 } 2149 else 2150 { 2151 /* Look for a grandparent upwards the chain */ 2152 for( grandparent = parent->next; 2153 grandparent != NULL; 2154 grandparent = grandparent->next ) 2155 { 2156 /* +2 because the current step is not yet accounted for 2157 * and because max_pathlen is one higher than it should be. 2158 * Also self signed certificates do not count to the limit. */ 2159 if( grandparent->max_pathlen > 0 && 2160 grandparent->max_pathlen < 2 + path_cnt - self_cnt ) 2161 { 2162 continue; 2163 } 2164 2165 if( x509_crt_check_parent( parent, grandparent, 2166 0, path_cnt == 0 ) == 0 ) 2167 break; 2168 } 2169 2170 /* Is our parent part of the chain or at the top? */ 2171 if( grandparent != NULL ) 2172 { 2173 ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, 2174 profile, path_cnt + 1, self_cnt, &parent_flags, 2175 f_vrfy, p_vrfy ); 2176 if( ret != 0 ) 2177 return( ret ); 2178 } 2179 else 2180 { 2181 ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile, 2182 path_cnt + 1, self_cnt, &parent_flags, 2183 f_vrfy, p_vrfy ); 2184 if( ret != 0 ) 2185 return( ret ); 2186 } 2187 } 2188 2189 /* child is verified to be a child of the parent, call verify callback */ 2190 if( NULL != f_vrfy ) 2191 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 ) 2192 return( ret ); 2193 2194 *flags |= parent_flags; 2195 2196 return( 0 ); 2197 } 2198 2199 /* 2200 * Verify the certificate validity 2201 */ 2202 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, 2203 mbedtls_x509_crt *trust_ca, 2204 mbedtls_x509_crl *ca_crl, 2205 const char *cn, uint32_t *flags, 2206 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 2207 void *p_vrfy ) 2208 { 2209 return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl, 2210 &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) ); 2211 } 2212 2213 2214 /* 2215 * Verify the certificate validity, with profile 2216 * 2217 * The chain building/verification is spread accross 4 functions: 2218 * - this one 2219 * - x509_crt_verify_child() 2220 * - x509_crt_verify_top() 2221 * - x509_crt_check_parent() 2222 * 2223 * There are five main cases to consider. Let's introduce some notation: 2224 * - E means the end-entity certificate 2225 * - I an intermediate CA 2226 * - R the trusted root CA this chain anchors to 2227 * - T the list of trusted roots (R and possible some others) 2228 * 2229 * The main cases with the calling sequence of the crt_verify_xxx() are: 2230 * 1. E = R (explicitly trusted EE cert) 2231 * verify(E, T) -> verify_top(E, R) 2232 * 2. E -> R (EE signed by trusted root) 2233 * verify(E, T) -> verify_top(E, R) 2234 * 3. E -> I -> R (EE signed by intermediate signed by trusted root) 2235 * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, R) 2236 * (plus variant with multiple intermediates) 2237 * 4. E -> I (EE signed by intermediate that's not trusted) 2238 * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, T) 2239 * (plus variant with multiple intermediates) 2240 * 5. E (EE not trusted) 2241 * verify(E, T) -> verify_top(E, T) 2242 * 2243 * Note: this notation and case numbering is also used in x509_crt_verify_top() 2244 */ 2245 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, 2246 mbedtls_x509_crt *trust_ca, 2247 mbedtls_x509_crl *ca_crl, 2248 const mbedtls_x509_crt_profile *profile, 2249 const char *cn, uint32_t *flags, 2250 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 2251 void *p_vrfy ) 2252 { 2253 size_t cn_len; 2254 int ret; 2255 int pathlen = 0, selfsigned = 0; 2256 mbedtls_x509_crt *parent; 2257 mbedtls_x509_name *name; 2258 mbedtls_x509_sequence *cur = NULL; 2259 mbedtls_pk_type_t pk_type; 2260 2261 *flags = 0; 2262 2263 if( profile == NULL ) 2264 { 2265 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; 2266 goto exit; 2267 } 2268 2269 if( cn != NULL ) 2270 { 2271 name = &crt->subject; 2272 cn_len = strlen( cn ); 2273 2274 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 2275 { 2276 cur = &crt->subject_alt_names; 2277 2278 while( cur != NULL ) 2279 { 2280 if( cur->buf.len == cn_len && 2281 x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 ) 2282 break; 2283 2284 if( cur->buf.len > 2 && 2285 memcmp( cur->buf.p, "*.", 2 ) == 0 && 2286 x509_check_wildcard( cn, &cur->buf ) == 0 ) 2287 { 2288 break; 2289 } 2290 2291 cur = cur->next; 2292 } 2293 2294 if( cur == NULL ) 2295 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 2296 } 2297 else 2298 { 2299 while( name != NULL ) 2300 { 2301 if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 ) 2302 { 2303 if( name->val.len == cn_len && 2304 x509_memcasecmp( name->val.p, cn, cn_len ) == 0 ) 2305 break; 2306 2307 if( name->val.len > 2 && 2308 memcmp( name->val.p, "*.", 2 ) == 0 && 2309 x509_check_wildcard( cn, &name->val ) == 0 ) 2310 break; 2311 } 2312 2313 name = name->next; 2314 } 2315 2316 if( name == NULL ) 2317 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 2318 } 2319 } 2320 2321 /* Check the type and size of the key */ 2322 pk_type = mbedtls_pk_get_type( &crt->pk ); 2323 2324 if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) 2325 *flags |= MBEDTLS_X509_BADCERT_BAD_PK; 2326 2327 if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) 2328 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2329 2330 /* Look for a parent in trusted CAs */ 2331 for( parent = trust_ca; parent != NULL; parent = parent->next ) 2332 { 2333 if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) 2334 break; 2335 } 2336 2337 if( parent != NULL ) 2338 { 2339 ret = x509_crt_verify_top( crt, parent, ca_crl, profile, 2340 pathlen, selfsigned, flags, f_vrfy, p_vrfy ); 2341 if( ret != 0 ) 2342 goto exit; 2343 } 2344 else 2345 { 2346 /* Look for a parent upwards the chain */ 2347 for( parent = crt->next; parent != NULL; parent = parent->next ) 2348 if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) 2349 break; 2350 2351 /* Are we part of the chain or at the top? */ 2352 if( parent != NULL ) 2353 { 2354 ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile, 2355 pathlen, selfsigned, flags, f_vrfy, p_vrfy ); 2356 if( ret != 0 ) 2357 goto exit; 2358 } 2359 else 2360 { 2361 ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile, 2362 pathlen, selfsigned, flags, f_vrfy, p_vrfy ); 2363 if( ret != 0 ) 2364 goto exit; 2365 } 2366 } 2367 2368 exit: 2369 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by 2370 * the SSL module for authmode optional, but non-zero return from the 2371 * callback means a fatal error so it shouldn't be ignored */ 2372 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) 2373 ret = MBEDTLS_ERR_X509_FATAL_ERROR; 2374 2375 if( ret != 0 ) 2376 { 2377 *flags = (uint32_t) -1; 2378 return( ret ); 2379 } 2380 2381 if( *flags != 0 ) 2382 return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); 2383 2384 return( 0 ); 2385 } 2386 2387 /* 2388 * Initialize a certificate chain 2389 */ 2390 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ) 2391 { 2392 memset( crt, 0, sizeof(mbedtls_x509_crt) ); 2393 } 2394 2395 /* 2396 * Unallocate all certificate data 2397 */ 2398 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) 2399 { 2400 mbedtls_x509_crt *cert_cur = crt; 2401 mbedtls_x509_crt *cert_prv; 2402 mbedtls_x509_name *name_cur; 2403 mbedtls_x509_name *name_prv; 2404 mbedtls_x509_sequence *seq_cur; 2405 mbedtls_x509_sequence *seq_prv; 2406 2407 if( crt == NULL ) 2408 return; 2409 2410 do 2411 { 2412 mbedtls_pk_free( &cert_cur->pk ); 2413 2414 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 2415 mbedtls_free( cert_cur->sig_opts ); 2416 #endif 2417 2418 name_cur = cert_cur->issuer.next; 2419 while( name_cur != NULL ) 2420 { 2421 name_prv = name_cur; 2422 name_cur = name_cur->next; 2423 mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 2424 mbedtls_free( name_prv ); 2425 } 2426 2427 name_cur = cert_cur->subject.next; 2428 while( name_cur != NULL ) 2429 { 2430 name_prv = name_cur; 2431 name_cur = name_cur->next; 2432 mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 2433 mbedtls_free( name_prv ); 2434 } 2435 2436 seq_cur = cert_cur->ext_key_usage.next; 2437 while( seq_cur != NULL ) 2438 { 2439 seq_prv = seq_cur; 2440 seq_cur = seq_cur->next; 2441 mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); 2442 mbedtls_free( seq_prv ); 2443 } 2444 2445 seq_cur = cert_cur->subject_alt_names.next; 2446 while( seq_cur != NULL ) 2447 { 2448 seq_prv = seq_cur; 2449 seq_cur = seq_cur->next; 2450 mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); 2451 mbedtls_free( seq_prv ); 2452 } 2453 2454 if( cert_cur->raw.p != NULL ) 2455 { 2456 mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len ); 2457 mbedtls_free( cert_cur->raw.p ); 2458 } 2459 2460 cert_cur = cert_cur->next; 2461 } 2462 while( cert_cur != NULL ); 2463 2464 cert_cur = crt; 2465 do 2466 { 2467 cert_prv = cert_cur; 2468 cert_cur = cert_cur->next; 2469 2470 mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); 2471 if( cert_prv != crt ) 2472 mbedtls_free( cert_prv ); 2473 } 2474 while( cert_cur != NULL ); 2475 } 2476 2477 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 2478