x509.c 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098
  1. /*
  2. * X.509 common functions for parsing and verification
  3. *
  4. * Copyright The Mbed TLS Contributors
  5. * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  6. *
  7. * This file is provided under the Apache License 2.0, or the
  8. * GNU General Public License v2.0 or later.
  9. *
  10. * **********
  11. * Apache License 2.0:
  12. *
  13. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  14. * not use this file except in compliance with the License.
  15. * You may obtain a copy of the License at
  16. *
  17. * http://www.apache.org/licenses/LICENSE-2.0
  18. *
  19. * Unless required by applicable law or agreed to in writing, software
  20. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  21. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  22. * See the License for the specific language governing permissions and
  23. * limitations under the License.
  24. *
  25. * **********
  26. *
  27. * **********
  28. * GNU General Public License v2.0 or later:
  29. *
  30. * This program is free software; you can redistribute it and/or modify
  31. * it under the terms of the GNU General Public License as published by
  32. * the Free Software Foundation; either version 2 of the License, or
  33. * (at your option) any later version.
  34. *
  35. * This program is distributed in the hope that it will be useful,
  36. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  37. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  38. * GNU General Public License for more details.
  39. *
  40. * You should have received a copy of the GNU General Public License along
  41. * with this program; if not, write to the Free Software Foundation, Inc.,
  42. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  43. *
  44. * **********
  45. */
  46. /*
  47. * The ITU-T X.509 standard defines a certificate format for PKI.
  48. *
  49. * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
  50. * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
  51. * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
  52. *
  53. * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
  54. * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
  55. */
  56. #if !defined(MBEDTLS_CONFIG_FILE)
  57. #include "mbedtls/config.h"
  58. #else
  59. #include MBEDTLS_CONFIG_FILE
  60. #endif
  61. #if defined(MBEDTLS_X509_USE_C)
  62. #include "mbedtls/x509.h"
  63. #include "mbedtls/asn1.h"
  64. #include "mbedtls/oid.h"
  65. #include <stdio.h>
  66. #include <string.h>
  67. #if defined(MBEDTLS_PEM_PARSE_C)
  68. #include "mbedtls/pem.h"
  69. #endif
  70. #if defined(MBEDTLS_PLATFORM_C)
  71. #include "mbedtls/platform.h"
  72. #else
  73. #include <stdio.h>
  74. #include <stdlib.h>
  75. #define mbedtls_free free
  76. #define mbedtls_calloc calloc
  77. #define mbedtls_printf printf
  78. #define mbedtls_snprintf snprintf
  79. #endif
  80. #if defined(MBEDTLS_HAVE_TIME)
  81. #include "mbedtls/platform_time.h"
  82. #endif
  83. #if defined(MBEDTLS_HAVE_TIME_DATE)
  84. #include "mbedtls/platform_util.h"
  85. #include <time.h>
  86. #endif
  87. #define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
  88. #define CHECK_RANGE(min, max, val) \
  89. do \
  90. { \
  91. if( ( val ) < ( min ) || ( val ) > ( max ) ) \
  92. { \
  93. return( ret ); \
  94. } \
  95. } while( 0 )
  96. /*
  97. * CertificateSerialNumber ::= INTEGER
  98. */
  99. int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
  100. mbedtls_x509_buf *serial )
  101. {
  102. int ret;
  103. if( ( end - *p ) < 1 )
  104. return( MBEDTLS_ERR_X509_INVALID_SERIAL +
  105. MBEDTLS_ERR_ASN1_OUT_OF_DATA );
  106. if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
  107. **p != MBEDTLS_ASN1_INTEGER )
  108. return( MBEDTLS_ERR_X509_INVALID_SERIAL +
  109. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
  110. serial->tag = *(*p)++;
  111. if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
  112. return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret );
  113. serial->p = *p;
  114. *p += serial->len;
  115. return( 0 );
  116. }
  117. /* Get an algorithm identifier without parameters (eg for signatures)
  118. *
  119. * AlgorithmIdentifier ::= SEQUENCE {
  120. * algorithm OBJECT IDENTIFIER,
  121. * parameters ANY DEFINED BY algorithm OPTIONAL }
  122. */
  123. int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
  124. mbedtls_x509_buf *alg )
  125. {
  126. int ret;
  127. if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
  128. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  129. return( 0 );
  130. }
  131. /*
  132. * Parse an algorithm identifier with (optional) parameters
  133. */
  134. int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
  135. mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
  136. {
  137. int ret;
  138. if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
  139. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  140. return( 0 );
  141. }
  142. #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
  143. /*
  144. * HashAlgorithm ::= AlgorithmIdentifier
  145. *
  146. * AlgorithmIdentifier ::= SEQUENCE {
  147. * algorithm OBJECT IDENTIFIER,
  148. * parameters ANY DEFINED BY algorithm OPTIONAL }
  149. *
  150. * For HashAlgorithm, parameters MUST be NULL or absent.
  151. */
  152. static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
  153. {
  154. int ret;
  155. unsigned char *p;
  156. const unsigned char *end;
  157. mbedtls_x509_buf md_oid;
  158. size_t len;
  159. /* Make sure we got a SEQUENCE and setup bounds */
  160. if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
  161. return( MBEDTLS_ERR_X509_INVALID_ALG +
  162. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
  163. p = (unsigned char *) alg->p;
  164. end = p + alg->len;
  165. if( p >= end )
  166. return( MBEDTLS_ERR_X509_INVALID_ALG +
  167. MBEDTLS_ERR_ASN1_OUT_OF_DATA );
  168. /* Parse md_oid */
  169. md_oid.tag = *p;
  170. if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
  171. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  172. md_oid.p = p;
  173. p += md_oid.len;
  174. /* Get md_alg from md_oid */
  175. if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
  176. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  177. /* Make sure params is absent of NULL */
  178. if( p == end )
  179. return( 0 );
  180. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
  181. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  182. if( p != end )
  183. return( MBEDTLS_ERR_X509_INVALID_ALG +
  184. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  185. return( 0 );
  186. }
  187. /*
  188. * RSASSA-PSS-params ::= SEQUENCE {
  189. * hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
  190. * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
  191. * saltLength [2] INTEGER DEFAULT 20,
  192. * trailerField [3] INTEGER DEFAULT 1 }
  193. * -- Note that the tags in this Sequence are explicit.
  194. *
  195. * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
  196. * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
  197. * option. Enfore this at parsing time.
  198. */
  199. int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
  200. mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
  201. int *salt_len )
  202. {
  203. int ret;
  204. unsigned char *p;
  205. const unsigned char *end, *end2;
  206. size_t len;
  207. mbedtls_x509_buf alg_id, alg_params;
  208. /* First set everything to defaults */
  209. *md_alg = MBEDTLS_MD_SHA1;
  210. *mgf_md = MBEDTLS_MD_SHA1;
  211. *salt_len = 20;
  212. /* Make sure params is a SEQUENCE and setup bounds */
  213. if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
  214. return( MBEDTLS_ERR_X509_INVALID_ALG +
  215. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
  216. p = (unsigned char *) params->p;
  217. end = p + params->len;
  218. if( p == end )
  219. return( 0 );
  220. /*
  221. * HashAlgorithm
  222. */
  223. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
  224. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
  225. {
  226. end2 = p + len;
  227. /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
  228. if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
  229. return( ret );
  230. if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
  231. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  232. if( p != end2 )
  233. return( MBEDTLS_ERR_X509_INVALID_ALG +
  234. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  235. }
  236. else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
  237. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  238. if( p == end )
  239. return( 0 );
  240. /*
  241. * MaskGenAlgorithm
  242. */
  243. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
  244. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
  245. {
  246. end2 = p + len;
  247. /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
  248. if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
  249. return( ret );
  250. /* Only MFG1 is recognised for now */
  251. if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
  252. return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +
  253. MBEDTLS_ERR_OID_NOT_FOUND );
  254. /* Parse HashAlgorithm */
  255. if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
  256. return( ret );
  257. if( p != end2 )
  258. return( MBEDTLS_ERR_X509_INVALID_ALG +
  259. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  260. }
  261. else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
  262. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  263. if( p == end )
  264. return( 0 );
  265. /*
  266. * salt_len
  267. */
  268. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
  269. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
  270. {
  271. end2 = p + len;
  272. if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
  273. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  274. if( p != end2 )
  275. return( MBEDTLS_ERR_X509_INVALID_ALG +
  276. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  277. }
  278. else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
  279. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  280. if( p == end )
  281. return( 0 );
  282. /*
  283. * trailer_field (if present, must be 1)
  284. */
  285. if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
  286. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
  287. {
  288. int trailer_field;
  289. end2 = p + len;
  290. if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
  291. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  292. if( p != end2 )
  293. return( MBEDTLS_ERR_X509_INVALID_ALG +
  294. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  295. if( trailer_field != 1 )
  296. return( MBEDTLS_ERR_X509_INVALID_ALG );
  297. }
  298. else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
  299. return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
  300. if( p != end )
  301. return( MBEDTLS_ERR_X509_INVALID_ALG +
  302. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  303. return( 0 );
  304. }
  305. #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
  306. /*
  307. * AttributeTypeAndValue ::= SEQUENCE {
  308. * type AttributeType,
  309. * value AttributeValue }
  310. *
  311. * AttributeType ::= OBJECT IDENTIFIER
  312. *
  313. * AttributeValue ::= ANY DEFINED BY AttributeType
  314. */
  315. static int x509_get_attr_type_value( unsigned char **p,
  316. const unsigned char *end,
  317. mbedtls_x509_name *cur )
  318. {
  319. int ret;
  320. size_t len;
  321. mbedtls_x509_buf *oid;
  322. mbedtls_x509_buf *val;
  323. if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
  324. MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
  325. return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
  326. end = *p + len;
  327. if( ( end - *p ) < 1 )
  328. return( MBEDTLS_ERR_X509_INVALID_NAME +
  329. MBEDTLS_ERR_ASN1_OUT_OF_DATA );
  330. oid = &cur->oid;
  331. oid->tag = **p;
  332. if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
  333. return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
  334. oid->p = *p;
  335. *p += oid->len;
  336. if( ( end - *p ) < 1 )
  337. return( MBEDTLS_ERR_X509_INVALID_NAME +
  338. MBEDTLS_ERR_ASN1_OUT_OF_DATA );
  339. if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING &&
  340. **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
  341. **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
  342. **p != MBEDTLS_ASN1_BIT_STRING )
  343. return( MBEDTLS_ERR_X509_INVALID_NAME +
  344. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
  345. val = &cur->val;
  346. val->tag = *(*p)++;
  347. if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
  348. return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
  349. val->p = *p;
  350. *p += val->len;
  351. if( *p != end )
  352. {
  353. return( MBEDTLS_ERR_X509_INVALID_NAME +
  354. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  355. }
  356. cur->next = NULL;
  357. return( 0 );
  358. }
  359. /*
  360. * Name ::= CHOICE { -- only one possibility for now --
  361. * rdnSequence RDNSequence }
  362. *
  363. * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
  364. *
  365. * RelativeDistinguishedName ::=
  366. * SET OF AttributeTypeAndValue
  367. *
  368. * AttributeTypeAndValue ::= SEQUENCE {
  369. * type AttributeType,
  370. * value AttributeValue }
  371. *
  372. * AttributeType ::= OBJECT IDENTIFIER
  373. *
  374. * AttributeValue ::= ANY DEFINED BY AttributeType
  375. *
  376. * The data structure is optimized for the common case where each RDN has only
  377. * one element, which is represented as a list of AttributeTypeAndValue.
  378. * For the general case we still use a flat list, but we mark elements of the
  379. * same set so that they are "merged" together in the functions that consume
  380. * this list, eg mbedtls_x509_dn_gets().
  381. */
  382. int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
  383. mbedtls_x509_name *cur )
  384. {
  385. int ret;
  386. size_t set_len;
  387. const unsigned char *end_set;
  388. /* don't use recursion, we'd risk stack overflow if not optimized */
  389. while( 1 )
  390. {
  391. /*
  392. * parse SET
  393. */
  394. if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
  395. MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
  396. return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
  397. end_set = *p + set_len;
  398. while( 1 )
  399. {
  400. if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
  401. return( ret );
  402. if( *p == end_set )
  403. break;
  404. /* Mark this item as being no the only one in a set */
  405. cur->next_merged = 1;
  406. cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
  407. if( cur->next == NULL )
  408. return( MBEDTLS_ERR_X509_ALLOC_FAILED );
  409. cur = cur->next;
  410. }
  411. /*
  412. * continue until end of SEQUENCE is reached
  413. */
  414. if( *p == end )
  415. return( 0 );
  416. cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
  417. if( cur->next == NULL )
  418. return( MBEDTLS_ERR_X509_ALLOC_FAILED );
  419. cur = cur->next;
  420. }
  421. }
  422. static int x509_parse_int( unsigned char **p, size_t n, int *res )
  423. {
  424. *res = 0;
  425. for( ; n > 0; --n )
  426. {
  427. if( ( **p < '0') || ( **p > '9' ) )
  428. return ( MBEDTLS_ERR_X509_INVALID_DATE );
  429. *res *= 10;
  430. *res += ( *(*p)++ - '0' );
  431. }
  432. return( 0 );
  433. }
  434. static int x509_date_is_valid(const mbedtls_x509_time *t )
  435. {
  436. int ret = MBEDTLS_ERR_X509_INVALID_DATE;
  437. int month_len;
  438. CHECK_RANGE( 0, 9999, t->year );
  439. CHECK_RANGE( 0, 23, t->hour );
  440. CHECK_RANGE( 0, 59, t->min );
  441. CHECK_RANGE( 0, 59, t->sec );
  442. switch( t->mon )
  443. {
  444. case 1: case 3: case 5: case 7: case 8: case 10: case 12:
  445. month_len = 31;
  446. break;
  447. case 4: case 6: case 9: case 11:
  448. month_len = 30;
  449. break;
  450. case 2:
  451. if( ( !( t->year % 4 ) && t->year % 100 ) ||
  452. !( t->year % 400 ) )
  453. month_len = 29;
  454. else
  455. month_len = 28;
  456. break;
  457. default:
  458. return( ret );
  459. }
  460. CHECK_RANGE( 1, month_len, t->day );
  461. return( 0 );
  462. }
  463. /*
  464. * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
  465. * field.
  466. */
  467. static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
  468. mbedtls_x509_time *tm )
  469. {
  470. int ret;
  471. /*
  472. * Minimum length is 10 or 12 depending on yearlen
  473. */
  474. if ( len < yearlen + 8 )
  475. return ( MBEDTLS_ERR_X509_INVALID_DATE );
  476. len -= yearlen + 8;
  477. /*
  478. * Parse year, month, day, hour, minute
  479. */
  480. CHECK( x509_parse_int( p, yearlen, &tm->year ) );
  481. if ( 2 == yearlen )
  482. {
  483. if ( tm->year < 50 )
  484. tm->year += 100;
  485. tm->year += 1900;
  486. }
  487. CHECK( x509_parse_int( p, 2, &tm->mon ) );
  488. CHECK( x509_parse_int( p, 2, &tm->day ) );
  489. CHECK( x509_parse_int( p, 2, &tm->hour ) );
  490. CHECK( x509_parse_int( p, 2, &tm->min ) );
  491. /*
  492. * Parse seconds if present
  493. */
  494. if ( len >= 2 )
  495. {
  496. CHECK( x509_parse_int( p, 2, &tm->sec ) );
  497. len -= 2;
  498. }
  499. else
  500. return ( MBEDTLS_ERR_X509_INVALID_DATE );
  501. /*
  502. * Parse trailing 'Z' if present
  503. */
  504. if ( 1 == len && 'Z' == **p )
  505. {
  506. (*p)++;
  507. len--;
  508. }
  509. /*
  510. * We should have parsed all characters at this point
  511. */
  512. if ( 0 != len )
  513. return ( MBEDTLS_ERR_X509_INVALID_DATE );
  514. CHECK( x509_date_is_valid( tm ) );
  515. return ( 0 );
  516. }
  517. /*
  518. * Time ::= CHOICE {
  519. * utcTime UTCTime,
  520. * generalTime GeneralizedTime }
  521. */
  522. int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
  523. mbedtls_x509_time *tm )
  524. {
  525. int ret;
  526. size_t len, year_len;
  527. unsigned char tag;
  528. if( ( end - *p ) < 1 )
  529. return( MBEDTLS_ERR_X509_INVALID_DATE +
  530. MBEDTLS_ERR_ASN1_OUT_OF_DATA );
  531. tag = **p;
  532. if( tag == MBEDTLS_ASN1_UTC_TIME )
  533. year_len = 2;
  534. else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
  535. year_len = 4;
  536. else
  537. return( MBEDTLS_ERR_X509_INVALID_DATE +
  538. MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
  539. (*p)++;
  540. ret = mbedtls_asn1_get_len( p, end, &len );
  541. if( ret != 0 )
  542. return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
  543. return x509_parse_time( p, len, year_len, tm );
  544. }
  545. int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
  546. {
  547. int ret;
  548. size_t len;
  549. int tag_type;
  550. if( ( end - *p ) < 1 )
  551. return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
  552. MBEDTLS_ERR_ASN1_OUT_OF_DATA );
  553. tag_type = **p;
  554. if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
  555. return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
  556. sig->tag = tag_type;
  557. sig->len = len;
  558. sig->p = *p;
  559. *p += len;
  560. return( 0 );
  561. }
  562. /*
  563. * Get signature algorithm from alg OID and optional parameters
  564. */
  565. int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
  566. mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
  567. void **sig_opts )
  568. {
  569. int ret;
  570. if( *sig_opts != NULL )
  571. return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
  572. if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
  573. return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );
  574. #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
  575. if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
  576. {
  577. mbedtls_pk_rsassa_pss_options *pss_opts;
  578. pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
  579. if( pss_opts == NULL )
  580. return( MBEDTLS_ERR_X509_ALLOC_FAILED );
  581. ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
  582. md_alg,
  583. &pss_opts->mgf1_hash_id,
  584. &pss_opts->expected_salt_len );
  585. if( ret != 0 )
  586. {
  587. mbedtls_free( pss_opts );
  588. return( ret );
  589. }
  590. *sig_opts = (void *) pss_opts;
  591. }
  592. else
  593. #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
  594. {
  595. /* Make sure parameters are absent or NULL */
  596. if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
  597. sig_params->len != 0 )
  598. return( MBEDTLS_ERR_X509_INVALID_ALG );
  599. }
  600. return( 0 );
  601. }
  602. /*
  603. * X.509 Extensions (No parsing of extensions, pointer should
  604. * be either manually updated or extensions should be parsed!)
  605. */
  606. int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
  607. mbedtls_x509_buf *ext, int tag )
  608. {
  609. int ret;
  610. size_t len;
  611. /* Extension structure use EXPLICIT tagging. That is, the actual
  612. * `Extensions` structure is wrapped by a tag-length pair using
  613. * the respective context-specific tag. */
  614. ret = mbedtls_asn1_get_tag( p, end, &ext->len,
  615. MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
  616. if( ret != 0 )
  617. return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
  618. ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag;
  619. ext->p = *p;
  620. end = *p + ext->len;
  621. /*
  622. * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
  623. */
  624. if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
  625. MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
  626. return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
  627. if( end != *p + len )
  628. return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
  629. MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
  630. return( 0 );
  631. }
  632. /*
  633. * Store the name in printable form into buf; no more
  634. * than size characters will be written
  635. */
  636. int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
  637. {
  638. int ret;
  639. size_t i, n;
  640. unsigned char c, merge = 0;
  641. const mbedtls_x509_name *name;
  642. const char *short_name = NULL;
  643. char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
  644. memset( s, 0, sizeof( s ) );
  645. name = dn;
  646. p = buf;
  647. n = size;
  648. while( name != NULL )
  649. {
  650. if( !name->oid.p )
  651. {
  652. name = name->next;
  653. continue;
  654. }
  655. if( name != dn )
  656. {
  657. ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
  658. MBEDTLS_X509_SAFE_SNPRINTF;
  659. }
  660. ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
  661. if( ret == 0 )
  662. ret = mbedtls_snprintf( p, n, "%s=", short_name );
  663. else
  664. ret = mbedtls_snprintf( p, n, "\?\?=" );
  665. MBEDTLS_X509_SAFE_SNPRINTF;
  666. for( i = 0; i < name->val.len; i++ )
  667. {
  668. if( i >= sizeof( s ) - 1 )
  669. break;
  670. c = name->val.p[i];
  671. if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
  672. s[i] = '?';
  673. else s[i] = c;
  674. }
  675. s[i] = '\0';
  676. ret = mbedtls_snprintf( p, n, "%s", s );
  677. MBEDTLS_X509_SAFE_SNPRINTF;
  678. merge = name->next_merged;
  679. name = name->next;
  680. }
  681. return( (int) ( size - n ) );
  682. }
  683. /*
  684. * Store the serial in printable form into buf; no more
  685. * than size characters will be written
  686. */
  687. int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
  688. {
  689. int ret;
  690. size_t i, n, nr;
  691. char *p;
  692. p = buf;
  693. n = size;
  694. nr = ( serial->len <= 32 )
  695. ? serial->len : 28;
  696. for( i = 0; i < nr; i++ )
  697. {
  698. if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
  699. continue;
  700. ret = mbedtls_snprintf( p, n, "%02X%s",
  701. serial->p[i], ( i < nr - 1 ) ? ":" : "" );
  702. MBEDTLS_X509_SAFE_SNPRINTF;
  703. }
  704. if( nr != serial->len )
  705. {
  706. ret = mbedtls_snprintf( p, n, "...." );
  707. MBEDTLS_X509_SAFE_SNPRINTF;
  708. }
  709. return( (int) ( size - n ) );
  710. }
  711. /*
  712. * Helper for writing signature algorithms
  713. */
  714. int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
  715. mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
  716. const void *sig_opts )
  717. {
  718. int ret;
  719. char *p = buf;
  720. size_t n = size;
  721. const char *desc = NULL;
  722. ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
  723. if( ret != 0 )
  724. ret = mbedtls_snprintf( p, n, "???" );
  725. else
  726. ret = mbedtls_snprintf( p, n, "%s", desc );
  727. MBEDTLS_X509_SAFE_SNPRINTF;
  728. #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
  729. if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
  730. {
  731. const mbedtls_pk_rsassa_pss_options *pss_opts;
  732. const mbedtls_md_info_t *md_info, *mgf_md_info;
  733. pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
  734. md_info = mbedtls_md_info_from_type( md_alg );
  735. mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
  736. ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
  737. md_info ? mbedtls_md_get_name( md_info ) : "???",
  738. mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
  739. pss_opts->expected_salt_len );
  740. MBEDTLS_X509_SAFE_SNPRINTF;
  741. }
  742. #else
  743. ((void) pk_alg);
  744. ((void) md_alg);
  745. ((void) sig_opts);
  746. #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
  747. return( (int)( size - n ) );
  748. }
  749. /*
  750. * Helper for writing "RSA key size", "EC key size", etc
  751. */
  752. int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
  753. {
  754. char *p = buf;
  755. size_t n = buf_size;
  756. int ret;
  757. ret = mbedtls_snprintf( p, n, "%s key size", name );
  758. MBEDTLS_X509_SAFE_SNPRINTF;
  759. return( 0 );
  760. }
  761. #if defined(MBEDTLS_HAVE_TIME_DATE)
  762. /*
  763. * Set the time structure to the current time.
  764. * Return 0 on success, non-zero on failure.
  765. */
  766. static int x509_get_current_time( mbedtls_x509_time *now )
  767. {
  768. struct tm *lt, tm_buf;
  769. mbedtls_time_t tt;
  770. int ret = 0;
  771. tt = mbedtls_time( NULL );
  772. lt = mbedtls_platform_gmtime_r( &tt, &tm_buf );
  773. if( lt == NULL )
  774. ret = -1;
  775. else
  776. {
  777. now->year = lt->tm_year + 1900;
  778. now->mon = lt->tm_mon + 1;
  779. now->day = lt->tm_mday;
  780. now->hour = lt->tm_hour;
  781. now->min = lt->tm_min;
  782. now->sec = lt->tm_sec;
  783. }
  784. return( ret );
  785. }
  786. /*
  787. * Return 0 if before <= after, 1 otherwise
  788. */
  789. static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
  790. {
  791. if( before->year > after->year )
  792. return( 1 );
  793. if( before->year == after->year &&
  794. before->mon > after->mon )
  795. return( 1 );
  796. if( before->year == after->year &&
  797. before->mon == after->mon &&
  798. before->day > after->day )
  799. return( 1 );
  800. if( before->year == after->year &&
  801. before->mon == after->mon &&
  802. before->day == after->day &&
  803. before->hour > after->hour )
  804. return( 1 );
  805. if( before->year == after->year &&
  806. before->mon == after->mon &&
  807. before->day == after->day &&
  808. before->hour == after->hour &&
  809. before->min > after->min )
  810. return( 1 );
  811. if( before->year == after->year &&
  812. before->mon == after->mon &&
  813. before->day == after->day &&
  814. before->hour == after->hour &&
  815. before->min == after->min &&
  816. before->sec > after->sec )
  817. return( 1 );
  818. return( 0 );
  819. }
  820. int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
  821. {
  822. mbedtls_x509_time now;
  823. if( x509_get_current_time( &now ) != 0 )
  824. return( 1 );
  825. return( x509_check_time( &now, to ) );
  826. }
  827. int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
  828. {
  829. mbedtls_x509_time now;
  830. if( x509_get_current_time( &now ) != 0 )
  831. return( 1 );
  832. return( x509_check_time( from, &now ) );
  833. }
  834. #else /* MBEDTLS_HAVE_TIME_DATE */
  835. int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
  836. {
  837. ((void) to);
  838. return( 0 );
  839. }
  840. int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
  841. {
  842. ((void) from);
  843. return( 0 );
  844. }
  845. #endif /* MBEDTLS_HAVE_TIME_DATE */
  846. #if defined(MBEDTLS_SELF_TEST)
  847. #include "mbedtls/x509_crt.h"
  848. #include "mbedtls/certs.h"
  849. /*
  850. * Checkup routine
  851. */
  852. int mbedtls_x509_self_test( int verbose )
  853. {
  854. int ret = 0;
  855. #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
  856. uint32_t flags;
  857. mbedtls_x509_crt cacert;
  858. mbedtls_x509_crt clicert;
  859. if( verbose != 0 )
  860. mbedtls_printf( " X.509 certificate load: " );
  861. mbedtls_x509_crt_init( &cacert );
  862. mbedtls_x509_crt_init( &clicert );
  863. ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
  864. mbedtls_test_cli_crt_len );
  865. if( ret != 0 )
  866. {
  867. if( verbose != 0 )
  868. mbedtls_printf( "failed\n" );
  869. goto cleanup;
  870. }
  871. ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
  872. mbedtls_test_ca_crt_len );
  873. if( ret != 0 )
  874. {
  875. if( verbose != 0 )
  876. mbedtls_printf( "failed\n" );
  877. goto cleanup;
  878. }
  879. if( verbose != 0 )
  880. mbedtls_printf( "passed\n X.509 signature verify: ");
  881. ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
  882. if( ret != 0 )
  883. {
  884. if( verbose != 0 )
  885. mbedtls_printf( "failed\n" );
  886. goto cleanup;
  887. }
  888. if( verbose != 0 )
  889. mbedtls_printf( "passed\n\n");
  890. cleanup:
  891. mbedtls_x509_crt_free( &cacert );
  892. mbedtls_x509_crt_free( &clicert );
  893. #else
  894. ((void) verbose);
  895. #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
  896. return( ret );
  897. }
  898. #endif /* MBEDTLS_SELF_TEST */
  899. #endif /* MBEDTLS_X509_USE_C */