TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 2d6644ee0bbe38b29b51a0b8d8873de74acb2187 / . / lib / libmbedtls / mbedtls / library / x509_crt.c
blob: b998a36cfdaca6cc588f491b76460768f973cadb [file] [log] [blame]
Edison Ai7b079202018-02-28 15:01:47 +0800[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2/*
3 * X.509 certificate parsing and verification
4 *
5 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21/*
22 * The ITU-T X.509 standard defines a certificate format for PKI.
23 *
24 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
25 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
26 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
27 *
28 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
29 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]30 *
31 * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]32 */
33
34#if !defined(MBEDTLS_CONFIG_FILE)
35#include "mbedtls/config.h"
36#else
37#include MBEDTLS_CONFIG_FILE
38#endif
39
40#if defined(MBEDTLS_X509_CRT_PARSE_C)
41
42#include "mbedtls/x509_crt.h"
43#include "mbedtls/oid.h"
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]44#include "mbedtls/platform_util.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]45
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]46#include <string.h>
47
48#if defined(MBEDTLS_PEM_PARSE_C)
49#include "mbedtls/pem.h"
50#endif
51
52#if defined(MBEDTLS_PLATFORM_C)
53#include "mbedtls/platform.h"
54#else
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]55#include <stdio.h>
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]56#include <stdlib.h>
57#define mbedtls_free free
58#define mbedtls_calloc calloc
59#define mbedtls_snprintf snprintf
60#endif
61
62#if defined(MBEDTLS_THREADING_C)
63#include "mbedtls/threading.h"
64#endif
65
66#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
67#include <windows.h>
68#else
69#include <time.h>
70#endif
71
72#if defined(MBEDTLS_FS_IO)
73#include <stdio.h>
74#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
75#include <sys/types.h>
76#include <sys/stat.h>
77#include <dirent.h>
78#endif /* !_WIN32 || EFIX64 || EFI32 */
79#endif
80
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]81/*
82 * Item in a verification chain: cert and flags for it
83 */
84typedef struct {
85 mbedtls_x509_crt *crt;
86 uint32_t flags;
87} x509_crt_verify_chain_item;
88
89/*
90 * Max size of verification chain: end-entity + intermediates + trusted root
91 */
92#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]93
94/*
95 * Default profile
96 */
97const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
98{
99#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
100 /* Allow SHA-1 (weak, but still safe in controlled environments) */
101 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
102#endif
103 /* Only SHA-2 hashes */
104 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
105 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
106 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
107 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
108 0xFFFFFFF, /* Any PK alg */
109 0xFFFFFFF, /* Any curve */
110 2048,
111};
112
113/*
114 * Next-default profile
115 */
116const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
117{
118 /* Hashes from SHA-256 and above */
119 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
120 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
121 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
122 0xFFFFFFF, /* Any PK alg */
123#if defined(MBEDTLS_ECP_C)
124 /* Curves at or above 128-bit security level */
125 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
126 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
127 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
128 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
129 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
130 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
131 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
132#else
133 0,
134#endif
135 2048,
136};
137
138/*
139 * NSA Suite B Profile
140 */
141const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
142{
143 /* Only SHA-256 and 384 */
144 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
145 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
146 /* Only ECDSA */
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]147 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
148 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]149#if defined(MBEDTLS_ECP_C)
150 /* Only NIST P-256 and P-384 */
151 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
152 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
153#else
154 0,
155#endif
156 0,
157};
158
159/*
160 * Check md_alg against profile
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]161 * Return 0 if md_alg is acceptable for this profile, -1 otherwise
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]162 */
163static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
164 mbedtls_md_type_t md_alg )
165{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]166 if( md_alg == MBEDTLS_MD_NONE )
167 return( -1 );
168
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]169 if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
170 return( 0 );
171
172 return( -1 );
173}
174
175/*
176 * Check pk_alg against profile
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]177 * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]178 */
179static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
180 mbedtls_pk_type_t pk_alg )
181{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]182 if( pk_alg == MBEDTLS_PK_NONE )
183 return( -1 );
184
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]185 if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
186 return( 0 );
187
188 return( -1 );
189}
190
191/*
192 * Check key against profile
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]193 * Return 0 if pk is acceptable for this profile, -1 otherwise
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]194 */
195static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]196 const mbedtls_pk_context *pk )
197{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]198 const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk );
199
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]200#if defined(MBEDTLS_RSA_C)
201 if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
202 {
203 if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
204 return( 0 );
205
206 return( -1 );
207 }
208#endif
209
210#if defined(MBEDTLS_ECP_C)
211 if( pk_alg == MBEDTLS_PK_ECDSA ||
212 pk_alg == MBEDTLS_PK_ECKEY ||
213 pk_alg == MBEDTLS_PK_ECKEY_DH )
214 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]215 const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
216
217 if( gid == MBEDTLS_ECP_DP_NONE )
218 return( -1 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]219
220 if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
221 return( 0 );
222
223 return( -1 );
224 }
225#endif
226
227 return( -1 );
228}
229
230/*
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]231 * Like memcmp, but case-insensitive and always returns -1 if different
232 */
233static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
234{
235 size_t i;
236 unsigned char diff;
237 const unsigned char *n1 = s1, *n2 = s2;
238
239 for( i = 0; i < len; i++ )
240 {
241 diff = n1[i] ^ n2[i];
242
243 if( diff == 0 )
244 continue;
245
246 if( diff == 32 &&
247 ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
248 ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
249 {
250 continue;
251 }
252
253 return( -1 );
254 }
255
256 return( 0 );
257}
258
259/*
260 * Return 0 if name matches wildcard, -1 otherwise
261 */
262static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
263{
264 size_t i;
265 size_t cn_idx = 0, cn_len = strlen( cn );
266
267 /* We can't have a match if there is no wildcard to match */
268 if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
269 return( -1 );
270
271 for( i = 0; i < cn_len; ++i )
272 {
273 if( cn[i] == '.' )
274 {
275 cn_idx = i;
276 break;
277 }
278 }
279
280 if( cn_idx == 0 )
281 return( -1 );
282
283 if( cn_len - cn_idx == name->len - 1 &&
284 x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
285 {
286 return( 0 );
287 }
288
289 return( -1 );
290}
291
292/*
293 * Compare two X.509 strings, case-insensitive, and allowing for some encoding
294 * variations (but not all).
295 *
296 * Return 0 if equal, -1 otherwise.
297 */
298static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
299{
300 if( a->tag == b->tag &&
301 a->len == b->len &&
302 memcmp( a->p, b->p, b->len ) == 0 )
303 {
304 return( 0 );
305 }
306
307 if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
308 ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
309 a->len == b->len &&
310 x509_memcasecmp( a->p, b->p, b->len ) == 0 )
311 {
312 return( 0 );
313 }
314
315 return( -1 );
316}
317
318/*
319 * Compare two X.509 Names (aka rdnSequence).
320 *
321 * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
322 * we sometimes return unequal when the full algorithm would return equal,
323 * but never the other way. (In particular, we don't do Unicode normalisation
324 * or space folding.)
325 *
326 * Return 0 if equal, -1 otherwise.
327 */
328static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
329{
330 /* Avoid recursion, it might not be optimised by the compiler */
331 while( a != NULL || b != NULL )
332 {
333 if( a == NULL || b == NULL )
334 return( -1 );
335
336 /* type */
337 if( a->oid.tag != b->oid.tag ||
338 a->oid.len != b->oid.len ||
339 memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
340 {
341 return( -1 );
342 }
343
344 /* value */
345 if( x509_string_cmp( &a->val, &b->val ) != 0 )
346 return( -1 );
347
348 /* structure of the list of sets */
349 if( a->next_merged != b->next_merged )
350 return( -1 );
351
352 a = a->next;
353 b = b->next;
354 }
355
356 /* a == NULL == b */
357 return( 0 );
358}
359
360/*
361 * Reset (init or clear) a verify_chain
362 */
363static void x509_crt_verify_chain_reset(
364 mbedtls_x509_crt_verify_chain *ver_chain )
365{
366 size_t i;
367
368 for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ )
369 {
370 ver_chain->items[i].crt = NULL;
371 ver_chain->items[i].flags = -1;
372 }
373
374 ver_chain->len = 0;
375}
376
377/*
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]378 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
379 */
380static int x509_get_version( unsigned char **p,
381 const unsigned char *end,
382 int *ver )
383{
384 int ret;
385 size_t len;
386
387 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
388 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 )
389 {
390 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
391 {
392 *ver = 0;
393 return( 0 );
394 }
395
396 return( ret );
397 }
398
399 end = *p + len;
400
401 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
402 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
403
404 if( *p != end )
405 return( MBEDTLS_ERR_X509_INVALID_VERSION +
406 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
407
408 return( 0 );
409}
410
411/*
412 * Validity ::= SEQUENCE {
413 * notBefore Time,
414 * notAfter Time }
415 */
416static int x509_get_dates( unsigned char **p,
417 const unsigned char *end,
418 mbedtls_x509_time *from,
419 mbedtls_x509_time *to )
420{
421 int ret;
422 size_t len;
423
424 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
425 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
426 return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
427
428 end = *p + len;
429
430 if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
431 return( ret );
432
433 if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
434 return( ret );
435
436 if( *p != end )
437 return( MBEDTLS_ERR_X509_INVALID_DATE +
438 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
439
440 return( 0 );
441}
442
443/*
444 * X.509 v2/v3 unique identifier (not parsed)
445 */
446static int x509_get_uid( unsigned char **p,
447 const unsigned char *end,
448 mbedtls_x509_buf *uid, int n )
449{
450 int ret;
451
452 if( *p == end )
453 return( 0 );
454
455 uid->tag = **p;
456
457 if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
458 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
459 {
460 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
461 return( 0 );
462
463 return( ret );
464 }
465
466 uid->p = *p;
467 *p += uid->len;
468
469 return( 0 );
470}
471
472static int x509_get_basic_constraints( unsigned char **p,
473 const unsigned char *end,
474 int *ca_istrue,
475 int *max_pathlen )
476{
477 int ret;
478 size_t len;
479
480 /*
481 * BasicConstraints ::= SEQUENCE {
482 * cA BOOLEAN DEFAULT FALSE,
483 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
484 */
485 *ca_istrue = 0; /* DEFAULT FALSE */
486 *max_pathlen = 0; /* endless */
487
488 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
489 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
490 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
491
492 if( *p == end )
493 return( 0 );
494
495 if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
496 {
497 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
498 ret = mbedtls_asn1_get_int( p, end, ca_istrue );
499
500 if( ret != 0 )
501 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
502
503 if( *ca_istrue != 0 )
504 *ca_istrue = 1;
505 }
506
507 if( *p == end )
508 return( 0 );
509
510 if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
511 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
512
513 if( *p != end )
514 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
515 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
516
517 (*max_pathlen)++;
518
519 return( 0 );
520}
521
522static int x509_get_ns_cert_type( unsigned char **p,
523 const unsigned char *end,
524 unsigned char *ns_cert_type)
525{
526 int ret;
527 mbedtls_x509_bitstring bs = { 0, 0, NULL };
528
529 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
530 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
531
532 if( bs.len != 1 )
533 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
534 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
535
536 /* Get actual bitstring */
537 *ns_cert_type = *bs.p;
538 return( 0 );
539}
540
541static int x509_get_key_usage( unsigned char **p,
542 const unsigned char *end,
543 unsigned int *key_usage)
544{
545 int ret;
546 size_t i;
547 mbedtls_x509_bitstring bs = { 0, 0, NULL };
548
549 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
550 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
551
552 if( bs.len < 1 )
553 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
554 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
555
556 /* Get actual bitstring */
557 *key_usage = 0;
558 for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
559 {
560 *key_usage |= (unsigned int) bs.p[i] << (8*i);
561 }
562
563 return( 0 );
564}
565
566/*
567 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
568 *
569 * KeyPurposeId ::= OBJECT IDENTIFIER
570 */
571static int x509_get_ext_key_usage( unsigned char **p,
572 const unsigned char *end,
573 mbedtls_x509_sequence *ext_key_usage)
574{
575 int ret;
576
577 if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
578 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
579
580 /* Sequence length must be >= 1 */
581 if( ext_key_usage->buf.p == NULL )
582 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
583 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
584
585 return( 0 );
586}
587
588/*
589 * SubjectAltName ::= GeneralNames
590 *
591 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
592 *
593 * GeneralName ::= CHOICE {
594 * otherName [0] OtherName,
595 * rfc822Name [1] IA5String,
596 * dNSName [2] IA5String,
597 * x400Address [3] ORAddress,
598 * directoryName [4] Name,
599 * ediPartyName [5] EDIPartyName,
600 * uniformResourceIdentifier [6] IA5String,
601 * iPAddress [7] OCTET STRING,
602 * registeredID [8] OBJECT IDENTIFIER }
603 *
604 * OtherName ::= SEQUENCE {
605 * type-id OBJECT IDENTIFIER,
606 * value [0] EXPLICIT ANY DEFINED BY type-id }
607 *
608 * EDIPartyName ::= SEQUENCE {
609 * nameAssigner [0] DirectoryString OPTIONAL,
610 * partyName [1] DirectoryString }
611 *
612 * NOTE: we only parse and use dNSName at this point.
613 */
614static int x509_get_subject_alt_name( unsigned char **p,
615 const unsigned char *end,
616 mbedtls_x509_sequence *subject_alt_name )
617{
618 int ret;
619 size_t len, tag_len;
620 mbedtls_asn1_buf *buf;
621 unsigned char tag;
622 mbedtls_asn1_sequence *cur = subject_alt_name;
623
624 /* Get main sequence tag */
625 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
626 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
627 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
628
629 if( *p + len != end )
630 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
631 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
632
633 while( *p < end )
634 {
635 if( ( end - *p ) < 1 )
636 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
637 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
638
639 tag = **p;
640 (*p)++;
641 if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
642 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
643
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]644 if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
645 MBEDTLS_ASN1_CONTEXT_SPECIFIC )
646 {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]647 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
648 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]649 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]650
651 /* Skip everything but DNS name */
652 if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
653 {
654 *p += tag_len;
655 continue;
656 }
657
658 /* Allocate and assign next pointer */
659 if( cur->buf.p != NULL )
660 {
661 if( cur->next != NULL )
662 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
663
664 cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
665
666 if( cur->next == NULL )
667 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
668 MBEDTLS_ERR_ASN1_ALLOC_FAILED );
669
670 cur = cur->next;
671 }
672
673 buf = &(cur->buf);
674 buf->tag = tag;
675 buf->p = *p;
676 buf->len = tag_len;
677 *p += buf->len;
678 }
679
680 /* Set final sequence entry's next pointer to NULL */
681 cur->next = NULL;
682
683 if( *p != end )
684 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
685 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
686
687 return( 0 );
688}
689
690/*
691 * X.509 v3 extensions
692 *
693 */
694static int x509_get_crt_ext( unsigned char **p,
695 const unsigned char *end,
696 mbedtls_x509_crt *crt )
697{
698 int ret;
699 size_t len;
700 unsigned char *end_ext_data, *end_ext_octet;
701
702 if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
703 {
704 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
705 return( 0 );
706
707 return( ret );
708 }
709
710 while( *p < end )
711 {
712 /*
713 * Extension ::= SEQUENCE {
714 * extnID OBJECT IDENTIFIER,
715 * critical BOOLEAN DEFAULT FALSE,
716 * extnValue OCTET STRING }
717 */
718 mbedtls_x509_buf extn_oid = {0, 0, NULL};
719 int is_critical = 0; /* DEFAULT FALSE */
720 int ext_type = 0;
721
722 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
723 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
724 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
725
726 end_ext_data = *p + len;
727
728 /* Get extension ID */
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]729 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
730 MBEDTLS_ASN1_OID ) ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]731 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
732
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]733 extn_oid.tag = MBEDTLS_ASN1_OID;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]734 extn_oid.p = *p;
735 *p += extn_oid.len;
736
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]737 /* Get optional critical */
738 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
739 ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
740 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
741
742 /* Data should be octet string type */
743 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
744 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
745 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
746
747 end_ext_octet = *p + len;
748
749 if( end_ext_octet != end_ext_data )
750 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
751 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
752
753 /*
754 * Detect supported extensions
755 */
756 ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
757
758 if( ret != 0 )
759 {
760 /* No parser found, skip extension */
761 *p = end_ext_octet;
762
763#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
764 if( is_critical )
765 {
766 /* Data is marked as critical: fail */
767 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
768 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
769 }
770#endif
771 continue;
772 }
773
774 /* Forbid repeated extensions */
775 if( ( crt->ext_types & ext_type ) != 0 )
776 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
777
778 crt->ext_types |= ext_type;
779
780 switch( ext_type )
781 {
782 case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
783 /* Parse basic constraints */
784 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
785 &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
786 return( ret );
787 break;
788
789 case MBEDTLS_X509_EXT_KEY_USAGE:
790 /* Parse key usage */
791 if( ( ret = x509_get_key_usage( p, end_ext_octet,
792 &crt->key_usage ) ) != 0 )
793 return( ret );
794 break;
795
796 case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
797 /* Parse extended key usage */
798 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
799 &crt->ext_key_usage ) ) != 0 )
800 return( ret );
801 break;
802
803 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
804 /* Parse subject alt name */
805 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
806 &crt->subject_alt_names ) ) != 0 )
807 return( ret );
808 break;
809
810 case MBEDTLS_X509_EXT_NS_CERT_TYPE:
811 /* Parse netscape certificate type */
812 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
813 &crt->ns_cert_type ) ) != 0 )
814 return( ret );
815 break;
816
817 default:
818 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
819 }
820 }
821
822 if( *p != end )
823 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
824 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
825
826 return( 0 );
827}
828
829/*
830 * Parse and fill a single X.509 certificate in DER format
831 */
832static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
833 size_t buflen )
834{
835 int ret;
836 size_t len;
837 unsigned char *p, *end, *crt_end;
838 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
839
840 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
841 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
842 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
843
844 /*
845 * Check for valid input
846 */
847 if( crt == NULL || buf == NULL )
848 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
849
850 // Use the original buffer until we figure out actual length
851 p = (unsigned char*) buf;
852 len = buflen;
853 end = p + len;
854
855 /*
856 * Certificate ::= SEQUENCE {
857 * tbsCertificate TBSCertificate,
858 * signatureAlgorithm AlgorithmIdentifier,
859 * signatureValue BIT STRING }
860 */
861 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
862 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
863 {
864 mbedtls_x509_crt_free( crt );
865 return( MBEDTLS_ERR_X509_INVALID_FORMAT );
866 }
867
868 if( len > (size_t) ( end - p ) )
869 {
870 mbedtls_x509_crt_free( crt );
871 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
872 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
873 }
874 crt_end = p + len;
875
876 // Create and populate a new buffer for the raw field
877 crt->raw.len = crt_end - buf;
878 crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
879 if( p == NULL )
880 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
881
882 memcpy( p, buf, crt->raw.len );
883
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]884 // Direct pointers to the new buffer
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]885 p += crt->raw.len - len;
886 end = crt_end = p + len;
887
888 /*
889 * TBSCertificate ::= SEQUENCE {
890 */
891 crt->tbs.p = p;
892
893 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
894 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
895 {
896 mbedtls_x509_crt_free( crt );
897 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
898 }
899
900 end = p + len;
901 crt->tbs.len = end - crt->tbs.p;
902
903 /*
904 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
905 *
906 * CertificateSerialNumber ::= INTEGER
907 *
908 * signature AlgorithmIdentifier
909 */
910 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
911 ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
912 ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid,
913 &sig_params1 ) ) != 0 )
914 {
915 mbedtls_x509_crt_free( crt );
916 return( ret );
917 }
918
919 if( crt->version < 0 || crt->version > 2 )
920 {
921 mbedtls_x509_crt_free( crt );
922 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
923 }
924
925 crt->version++;
926
927 if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
928 &crt->sig_md, &crt->sig_pk,
929 &crt->sig_opts ) ) != 0 )
930 {
931 mbedtls_x509_crt_free( crt );
932 return( ret );
933 }
934
935 /*
936 * issuer Name
937 */
938 crt->issuer_raw.p = p;
939
940 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
941 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
942 {
943 mbedtls_x509_crt_free( crt );
944 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
945 }
946
947 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
948 {
949 mbedtls_x509_crt_free( crt );
950 return( ret );
951 }
952
953 crt->issuer_raw.len = p - crt->issuer_raw.p;
954
955 /*
956 * Validity ::= SEQUENCE {
957 * notBefore Time,
958 * notAfter Time }
959 *
960 */
961 if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
962 &crt->valid_to ) ) != 0 )
963 {
964 mbedtls_x509_crt_free( crt );
965 return( ret );
966 }
967
968 /*
969 * subject Name
970 */
971 crt->subject_raw.p = p;
972
973 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
974 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
975 {
976 mbedtls_x509_crt_free( crt );
977 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
978 }
979
980 if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
981 {
982 mbedtls_x509_crt_free( crt );
983 return( ret );
984 }
985
986 crt->subject_raw.len = p - crt->subject_raw.p;
987
988 /*
989 * SubjectPublicKeyInfo
990 */
991 if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
992 {
993 mbedtls_x509_crt_free( crt );
994 return( ret );
995 }
996
997 /*
998 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
999 * -- If present, version shall be v2 or v3
1000 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1001 * -- If present, version shall be v2 or v3
1002 * extensions [3] EXPLICIT Extensions OPTIONAL
1003 * -- If present, version shall be v3
1004 */
1005 if( crt->version == 2 || crt->version == 3 )
1006 {
1007 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1008 if( ret != 0 )
1009 {
1010 mbedtls_x509_crt_free( crt );
1011 return( ret );
1012 }
1013 }
1014
1015 if( crt->version == 2 || crt->version == 3 )
1016 {
1017 ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1018 if( ret != 0 )
1019 {
1020 mbedtls_x509_crt_free( crt );
1021 return( ret );
1022 }
1023 }
1024
1025#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
1026 if( crt->version == 3 )
1027#endif
1028 {
1029 ret = x509_get_crt_ext( &p, end, crt );
1030 if( ret != 0 )
1031 {
1032 mbedtls_x509_crt_free( crt );
1033 return( ret );
1034 }
1035 }
1036
1037 if( p != end )
1038 {
1039 mbedtls_x509_crt_free( crt );
1040 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
1041 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
1042 }
1043
1044 end = crt_end;
1045
1046 /*
1047 * }
1048 * -- end of TBSCertificate
1049 *
1050 * signatureAlgorithm AlgorithmIdentifier,
1051 * signatureValue BIT STRING
1052 */
1053 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
1054 {
1055 mbedtls_x509_crt_free( crt );
1056 return( ret );
1057 }
1058
1059 if( crt->sig_oid.len != sig_oid2.len ||
1060 memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
1061 sig_params1.len != sig_params2.len ||
1062 ( sig_params1.len != 0 &&
1063 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
1064 {
1065 mbedtls_x509_crt_free( crt );
1066 return( MBEDTLS_ERR_X509_SIG_MISMATCH );
1067 }
1068
1069 if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1070 {
1071 mbedtls_x509_crt_free( crt );
1072 return( ret );
1073 }
1074
1075 if( p != end )
1076 {
1077 mbedtls_x509_crt_free( crt );
1078 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
1079 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
1080 }
1081
1082 return( 0 );
1083}
1084
1085/*
1086 * Parse one X.509 certificate in DER format from a buffer and add them to a
1087 * chained list
1088 */
1089int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
1090 size_t buflen )
1091{
1092 int ret;
1093 mbedtls_x509_crt *crt = chain, *prev = NULL;
1094
1095 /*
1096 * Check for valid input
1097 */
1098 if( crt == NULL || buf == NULL )
1099 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1100
1101 while( crt->version != 0 && crt->next != NULL )
1102 {
1103 prev = crt;
1104 crt = crt->next;
1105 }
1106
1107 /*
1108 * Add new certificate on the end of the chain if needed.
1109 */
1110 if( crt->version != 0 && crt->next == NULL )
1111 {
1112 crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
1113
1114 if( crt->next == NULL )
1115 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
1116
1117 prev = crt;
1118 mbedtls_x509_crt_init( crt->next );
1119 crt = crt->next;
1120 }
1121
1122 if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
1123 {
1124 if( prev )
1125 prev->next = NULL;
1126
1127 if( crt != chain )
1128 mbedtls_free( crt );
1129
1130 return( ret );
1131 }
1132
1133 return( 0 );
1134}
1135
1136/*
1137 * Parse one or more PEM certificates from a buffer and add them to the chained
1138 * list
1139 */
1140int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
1141{
1142#if defined(MBEDTLS_PEM_PARSE_C)
1143 int success = 0, first_error = 0, total_failed = 0;
1144 int buf_format = MBEDTLS_X509_FORMAT_DER;
1145#endif
1146
1147 /*
1148 * Check for valid input
1149 */
1150 if( chain == NULL || buf == NULL )
1151 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1152
1153 /*
1154 * Determine buffer content. Buffer contains either one DER certificate or
1155 * one or more PEM certificates.
1156 */
1157#if defined(MBEDTLS_PEM_PARSE_C)
1158 if( buflen != 0 && buf[buflen - 1] == '\0' &&
1159 strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1160 {
1161 buf_format = MBEDTLS_X509_FORMAT_PEM;
1162 }
1163
1164 if( buf_format == MBEDTLS_X509_FORMAT_DER )
1165 return mbedtls_x509_crt_parse_der( chain, buf, buflen );
1166#else
1167 return mbedtls_x509_crt_parse_der( chain, buf, buflen );
1168#endif
1169
1170#if defined(MBEDTLS_PEM_PARSE_C)
1171 if( buf_format == MBEDTLS_X509_FORMAT_PEM )
1172 {
1173 int ret;
1174 mbedtls_pem_context pem;
1175
1176 /* 1 rather than 0 since the terminating NULL byte is counted in */
1177 while( buflen > 1 )
1178 {
1179 size_t use_len;
1180 mbedtls_pem_init( &pem );
1181
1182 /* If we get there, we know the string is null-terminated */
1183 ret = mbedtls_pem_read_buffer( &pem,
1184 "-----BEGIN CERTIFICATE-----",
1185 "-----END CERTIFICATE-----",
1186 buf, NULL, 0, &use_len );
1187
1188 if( ret == 0 )
1189 {
1190 /*
1191 * Was PEM encoded
1192 */
1193 buflen -= use_len;
1194 buf += use_len;
1195 }
1196 else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
1197 {
1198 return( ret );
1199 }
1200 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1201 {
1202 mbedtls_pem_free( &pem );
1203
1204 /*
1205 * PEM header and footer were found
1206 */
1207 buflen -= use_len;
1208 buf += use_len;
1209
1210 if( first_error == 0 )
1211 first_error = ret;
1212
1213 total_failed++;
1214 continue;
1215 }
1216 else
1217 break;
1218
1219 ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
1220
1221 mbedtls_pem_free( &pem );
1222
1223 if( ret != 0 )
1224 {
1225 /*
1226 * Quit parsing on a memory error
1227 */
1228 if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
1229 return( ret );
1230
1231 if( first_error == 0 )
1232 first_error = ret;
1233
1234 total_failed++;
1235 continue;
1236 }
1237
1238 success = 1;
1239 }
1240 }
1241
1242 if( success )
1243 return( total_failed );
1244 else if( first_error )
1245 return( first_error );
1246 else
1247 return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
1248#endif /* MBEDTLS_PEM_PARSE_C */
1249}
1250
1251#if defined(MBEDTLS_FS_IO)
1252/*
1253 * Load one or more certificates and add them to the chained list
1254 */
1255int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
1256{
1257 int ret;
1258 size_t n;
1259 unsigned char *buf;
1260
1261 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
1262 return( ret );
1263
1264 ret = mbedtls_x509_crt_parse( chain, buf, n );
1265
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1266 mbedtls_platform_zeroize( buf, n );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1267 mbedtls_free( buf );
1268
1269 return( ret );
1270}
1271
1272int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
1273{
1274 int ret = 0;
1275#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1276 int w_ret;
1277 WCHAR szDir[MAX_PATH];
1278 char filename[MAX_PATH];
1279 char *p;
1280 size_t len = strlen( path );
1281
1282 WIN32_FIND_DATAW file_data;
1283 HANDLE hFind;
1284
1285 if( len > MAX_PATH - 3 )
1286 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1287
1288 memset( szDir, 0, sizeof(szDir) );
1289 memset( filename, 0, MAX_PATH );
1290 memcpy( filename, path, len );
1291 filename[len++] = '\\';
1292 p = filename + len;
1293 filename[len++] = '*';
1294
1295 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
1296 MAX_PATH - 3 );
1297 if( w_ret == 0 )
1298 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1299
1300 hFind = FindFirstFileW( szDir, &file_data );
1301 if( hFind == INVALID_HANDLE_VALUE )
1302 return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
1303
1304 len = MAX_PATH - len;
1305 do
1306 {
1307 memset( p, 0, len );
1308
1309 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1310 continue;
1311
1312 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1313 lstrlenW( file_data.cFileName ),
1314 p, (int) len - 1,
1315 NULL, NULL );
1316 if( w_ret == 0 )
1317 {
1318 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1319 goto cleanup;
1320 }
1321
1322 w_ret = mbedtls_x509_crt_parse_file( chain, filename );
1323 if( w_ret < 0 )
1324 ret++;
1325 else
1326 ret += w_ret;
1327 }
1328 while( FindNextFileW( hFind, &file_data ) != 0 );
1329
1330 if( GetLastError() != ERROR_NO_MORE_FILES )
1331 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1332
1333cleanup:
1334 FindClose( hFind );
1335#else /* _WIN32 */
1336 int t_ret;
1337 int snp_ret;
1338 struct stat sb;
1339 struct dirent *entry;
1340 char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
1341 DIR *dir = opendir( path );
1342
1343 if( dir == NULL )
1344 return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
1345
1346#if defined(MBEDTLS_THREADING_C)
1347 if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
1348 {
1349 closedir( dir );
1350 return( ret );
1351 }
1352#endif /* MBEDTLS_THREADING_C */
1353
1354 while( ( entry = readdir( dir ) ) != NULL )
1355 {
1356 snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
1357 "%s/%s", path, entry->d_name );
1358
1359 if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
1360 {
1361 ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
1362 goto cleanup;
1363 }
1364 else if( stat( entry_name, &sb ) == -1 )
1365 {
1366 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1367 goto cleanup;
1368 }
1369
1370 if( !S_ISREG( sb.st_mode ) )
1371 continue;
1372
1373 // Ignore parse errors
1374 //
1375 t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
1376 if( t_ret < 0 )
1377 ret++;
1378 else
1379 ret += t_ret;
1380 }
1381
1382cleanup:
1383 closedir( dir );
1384
1385#if defined(MBEDTLS_THREADING_C)
1386 if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
1387 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
1388#endif /* MBEDTLS_THREADING_C */
1389
1390#endif /* _WIN32 */
1391
1392 return( ret );
1393}
1394#endif /* MBEDTLS_FS_IO */
1395
1396static int x509_info_subject_alt_name( char **buf, size_t *size,
1397 const mbedtls_x509_sequence *subject_alt_name )
1398{
1399 size_t i;
1400 size_t n = *size;
1401 char *p = *buf;
1402 const mbedtls_x509_sequence *cur = subject_alt_name;
1403 const char *sep = "";
1404 size_t sep_len = 0;
1405
1406 while( cur != NULL )
1407 {
1408 if( cur->buf.len + sep_len >= n )
1409 {
1410 *p = '\0';
1411 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
1412 }
1413
1414 n -= cur->buf.len + sep_len;
1415 for( i = 0; i < sep_len; i++ )
1416 *p++ = sep[i];
1417 for( i = 0; i < cur->buf.len; i++ )
1418 *p++ = cur->buf.p[i];
1419
1420 sep = ", ";
1421 sep_len = 2;
1422
1423 cur = cur->next;
1424 }
1425
1426 *p = '\0';
1427
1428 *size = n;
1429 *buf = p;
1430
1431 return( 0 );
1432}
1433
1434#define PRINT_ITEM(i) \
1435 { \
1436 ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
1437 MBEDTLS_X509_SAFE_SNPRINTF; \
1438 sep = ", "; \
1439 }
1440
1441#define CERT_TYPE(type,name) \
1442 if( ns_cert_type & type ) \
1443 PRINT_ITEM( name );
1444
1445static int x509_info_cert_type( char **buf, size_t *size,
1446 unsigned char ns_cert_type )
1447{
1448 int ret;
1449 size_t n = *size;
1450 char *p = *buf;
1451 const char *sep = "";
1452
1453 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
1454 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
1455 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
1456 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
1457 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
1458 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
1459 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
1460 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
1461
1462 *size = n;
1463 *buf = p;
1464
1465 return( 0 );
1466}
1467
1468#define KEY_USAGE(code,name) \
1469 if( key_usage & code ) \
1470 PRINT_ITEM( name );
1471
1472static int x509_info_key_usage( char **buf, size_t *size,
1473 unsigned int key_usage )
1474{
1475 int ret;
1476 size_t n = *size;
1477 char *p = *buf;
1478 const char *sep = "";
1479
1480 KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
1481 KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
1482 KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
1483 KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
1484 KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
1485 KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
1486 KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
1487 KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" );
1488 KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" );
1489
1490 *size = n;
1491 *buf = p;
1492
1493 return( 0 );
1494}
1495
1496static int x509_info_ext_key_usage( char **buf, size_t *size,
1497 const mbedtls_x509_sequence *extended_key_usage )
1498{
1499 int ret;
1500 const char *desc;
1501 size_t n = *size;
1502 char *p = *buf;
1503 const mbedtls_x509_sequence *cur = extended_key_usage;
1504 const char *sep = "";
1505
1506 while( cur != NULL )
1507 {
1508 if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
1509 desc = "???";
1510
1511 ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
1512 MBEDTLS_X509_SAFE_SNPRINTF;
1513
1514 sep = ", ";
1515
1516 cur = cur->next;
1517 }
1518
1519 *size = n;
1520 *buf = p;
1521
1522 return( 0 );
1523}
1524
1525/*
1526 * Return an informational string about the certificate.
1527 */
1528#define BEFORE_COLON 18
1529#define BC "18"
1530int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
1531 const mbedtls_x509_crt *crt )
1532{
1533 int ret;
1534 size_t n;
1535 char *p;
1536 char key_size_str[BEFORE_COLON];
1537
1538 p = buf;
1539 n = size;
1540
1541 if( NULL == crt )
1542 {
1543 ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
1544 MBEDTLS_X509_SAFE_SNPRINTF;
1545
1546 return( (int) ( size - n ) );
1547 }
1548
1549 ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
1550 prefix, crt->version );
1551 MBEDTLS_X509_SAFE_SNPRINTF;
1552 ret = mbedtls_snprintf( p, n, "%sserial number : ",
1553 prefix );
1554 MBEDTLS_X509_SAFE_SNPRINTF;
1555
1556 ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
1557 MBEDTLS_X509_SAFE_SNPRINTF;
1558
1559 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
1560 MBEDTLS_X509_SAFE_SNPRINTF;
1561 ret = mbedtls_x509_dn_gets( p, n, &crt->issuer );
1562 MBEDTLS_X509_SAFE_SNPRINTF;
1563
1564 ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
1565 MBEDTLS_X509_SAFE_SNPRINTF;
1566 ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
1567 MBEDTLS_X509_SAFE_SNPRINTF;
1568
1569 ret = mbedtls_snprintf( p, n, "\n%sissued on : " \
1570 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1571 crt->valid_from.year, crt->valid_from.mon,
1572 crt->valid_from.day, crt->valid_from.hour,
1573 crt->valid_from.min, crt->valid_from.sec );
1574 MBEDTLS_X509_SAFE_SNPRINTF;
1575
1576 ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \
1577 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1578 crt->valid_to.year, crt->valid_to.mon,
1579 crt->valid_to.day, crt->valid_to.hour,
1580 crt->valid_to.min, crt->valid_to.sec );
1581 MBEDTLS_X509_SAFE_SNPRINTF;
1582
1583 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
1584 MBEDTLS_X509_SAFE_SNPRINTF;
1585
1586 ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
1587 crt->sig_md, crt->sig_opts );
1588 MBEDTLS_X509_SAFE_SNPRINTF;
1589
1590 /* Key size */
1591 if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
1592 mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
1593 {
1594 return( ret );
1595 }
1596
1597 ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
1598 (int) mbedtls_pk_get_bitlen( &crt->pk ) );
1599 MBEDTLS_X509_SAFE_SNPRINTF;
1600
1601 /*
1602 * Optional extensions
1603 */
1604
1605 if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
1606 {
1607 ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
1608 crt->ca_istrue ? "true" : "false" );
1609 MBEDTLS_X509_SAFE_SNPRINTF;
1610
1611 if( crt->max_pathlen > 0 )
1612 {
1613 ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
1614 MBEDTLS_X509_SAFE_SNPRINTF;
1615 }
1616 }
1617
1618 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
1619 {
1620 ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
1621 MBEDTLS_X509_SAFE_SNPRINTF;
1622
1623 if( ( ret = x509_info_subject_alt_name( &p, &n,
1624 &crt->subject_alt_names ) ) != 0 )
1625 return( ret );
1626 }
1627
1628 if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
1629 {
1630 ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix );
1631 MBEDTLS_X509_SAFE_SNPRINTF;
1632
1633 if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
1634 return( ret );
1635 }
1636
1637 if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
1638 {
1639 ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix );
1640 MBEDTLS_X509_SAFE_SNPRINTF;
1641
1642 if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
1643 return( ret );
1644 }
1645
1646 if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
1647 {
1648 ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix );
1649 MBEDTLS_X509_SAFE_SNPRINTF;
1650
1651 if( ( ret = x509_info_ext_key_usage( &p, &n,
1652 &crt->ext_key_usage ) ) != 0 )
1653 return( ret );
1654 }
1655
1656 ret = mbedtls_snprintf( p, n, "\n" );
1657 MBEDTLS_X509_SAFE_SNPRINTF;
1658
1659 return( (int) ( size - n ) );
1660}
1661
1662struct x509_crt_verify_string {
1663 int code;
1664 const char *string;
1665};
1666
1667static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
1668 { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
1669 { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
1670 { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
1671 { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
1672 { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
1673 { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
1674 { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
1675 { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
1676 { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
1677 { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
1678 { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
1679 { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
1680 { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
1681 { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
1682 { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." },
1683 { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1684 { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
1685 { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." },
1686 { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1687 { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
1688 { 0, NULL }
1689};
1690
1691int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
1692 uint32_t flags )
1693{
1694 int ret;
1695 const struct x509_crt_verify_string *cur;
1696 char *p = buf;
1697 size_t n = size;
1698
1699 for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
1700 {
1701 if( ( flags & cur->code ) == 0 )
1702 continue;
1703
1704 ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
1705 MBEDTLS_X509_SAFE_SNPRINTF;
1706 flags ^= cur->code;
1707 }
1708
1709 if( flags != 0 )
1710 {
1711 ret = mbedtls_snprintf( p, n, "%sUnknown reason "
1712 "(this should not happen)\n", prefix );
1713 MBEDTLS_X509_SAFE_SNPRINTF;
1714 }
1715
1716 return( (int) ( size - n ) );
1717}
1718
1719#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1720int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
1721 unsigned int usage )
1722{
1723 unsigned int usage_must, usage_may;
1724 unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
1725 | MBEDTLS_X509_KU_DECIPHER_ONLY;
1726
1727 if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
1728 return( 0 );
1729
1730 usage_must = usage & ~may_mask;
1731
1732 if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
1733 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1734
1735 usage_may = usage & may_mask;
1736
1737 if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
1738 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1739
1740 return( 0 );
1741}
1742#endif
1743
1744#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
1745int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
1746 const char *usage_oid,
1747 size_t usage_len )
1748{
1749 const mbedtls_x509_sequence *cur;
1750
1751 /* Extension is not mandatory, absent means no restriction */
1752 if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
1753 return( 0 );
1754
1755 /*
1756 * Look for the requested usage (or wildcard ANY) in our list
1757 */
1758 for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
1759 {
1760 const mbedtls_x509_buf *cur_oid = &cur->buf;
1761
1762 if( cur_oid->len == usage_len &&
1763 memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
1764 {
1765 return( 0 );
1766 }
1767
1768 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
1769 return( 0 );
1770 }
1771
1772 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1773}
1774#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
1775
1776#if defined(MBEDTLS_X509_CRL_PARSE_C)
1777/*
1778 * Return 1 if the certificate is revoked, or 0 otherwise.
1779 */
1780int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl )
1781{
1782 const mbedtls_x509_crl_entry *cur = &crl->entry;
1783
1784 while( cur != NULL && cur->serial.len != 0 )
1785 {
1786 if( crt->serial.len == cur->serial.len &&
1787 memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
1788 {
1789 if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
1790 return( 1 );
1791 }
1792
1793 cur = cur->next;
1794 }
1795
1796 return( 0 );
1797}
1798
1799/*
1800 * Check that the given certificate is not revoked according to the CRL.
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1801 * Skip validation if no CRL for the given CA is present.
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1802 */
1803static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
1804 mbedtls_x509_crl *crl_list,
1805 const mbedtls_x509_crt_profile *profile )
1806{
1807 int flags = 0;
1808 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
1809 const mbedtls_md_info_t *md_info;
1810
1811 if( ca == NULL )
1812 return( flags );
1813
1814 while( crl_list != NULL )
1815 {
1816 if( crl_list->version == 0 ||
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1817 x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1818 {
1819 crl_list = crl_list->next;
1820 continue;
1821 }
1822
1823 /*
1824 * Check if the CA is configured to sign CRLs
1825 */
1826#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1827 if( mbedtls_x509_crt_check_key_usage( ca,
1828 MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1829 {
1830 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1831 break;
1832 }
1833#endif
1834
1835 /*
1836 * Check if CRL is correctly signed by the trusted CA
1837 */
1838 if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
1839 flags |= MBEDTLS_X509_BADCRL_BAD_MD;
1840
1841 if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
1842 flags |= MBEDTLS_X509_BADCRL_BAD_PK;
1843
1844 md_info = mbedtls_md_info_from_type( crl_list->sig_md );
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1845 if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1846 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1847 /* Note: this can't happen except after an internal error */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1848 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1849 break;
1850 }
1851
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1852 if( x509_profile_check_key( profile, &ca->pk ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1853 flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
1854
1855 if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
1856 crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
1857 crl_list->sig.p, crl_list->sig.len ) != 0 )
1858 {
1859 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1860 break;
1861 }
1862
1863 /*
1864 * Check for validity of CRL (Do not drop out)
1865 */
1866 if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
1867 flags |= MBEDTLS_X509_BADCRL_EXPIRED;
1868
1869 if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
1870 flags |= MBEDTLS_X509_BADCRL_FUTURE;
1871
1872 /*
1873 * Check if certificate is revoked
1874 */
1875 if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
1876 {
1877 flags |= MBEDTLS_X509_BADCERT_REVOKED;
1878 break;
1879 }
1880
1881 crl_list = crl_list->next;
1882 }
1883
1884 return( flags );
1885}
1886#endif /* MBEDTLS_X509_CRL_PARSE_C */
1887
1888/*
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1889 * Check the signature of a certificate by its parent
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1890 */
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1891static int x509_crt_check_signature( const mbedtls_x509_crt *child,
1892 mbedtls_x509_crt *parent,
1893 mbedtls_x509_crt_restart_ctx *rs_ctx )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1894{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1895 const mbedtls_md_info_t *md_info;
1896 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1897
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1898 md_info = mbedtls_md_info_from_type( child->sig_md );
1899 if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1900 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1901 /* Note: this can't happen except after an internal error */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1902 return( -1 );
1903 }
1904
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1905 /* Skip expensive computation on obvious mismatch */
1906 if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1907 return( -1 );
1908
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1909#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1910 if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1911 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1912 return( mbedtls_pk_verify_restartable( &parent->pk,
1913 child->sig_md, hash, mbedtls_md_get_size( md_info ),
1914 child->sig.p, child->sig.len, &rs_ctx->pk ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1915 }
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1916#else
1917 (void) rs_ctx;
1918#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1919
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1920 return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
1921 child->sig_md, hash, mbedtls_md_get_size( md_info ),
1922 child->sig.p, child->sig.len ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1923}
1924
1925/*
1926 * Check if 'parent' is a suitable parent (signing CA) for 'child'.
1927 * Return 0 if yes, -1 if not.
1928 *
1929 * top means parent is a locally-trusted certificate
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1930 */
1931static int x509_crt_check_parent( const mbedtls_x509_crt *child,
1932 const mbedtls_x509_crt *parent,
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1933 int top )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1934{
1935 int need_ca_bit;
1936
1937 /* Parent must be the issuer */
1938 if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
1939 return( -1 );
1940
1941 /* Parent must have the basicConstraints CA bit set as a general rule */
1942 need_ca_bit = 1;
1943
1944 /* Exception: v1/v2 certificates that are locally trusted. */
1945 if( top && parent->version < 3 )
1946 need_ca_bit = 0;
1947
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1948 if( need_ca_bit && ! parent->ca_istrue )
1949 return( -1 );
1950
1951#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1952 if( need_ca_bit &&
1953 mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
1954 {
1955 return( -1 );
1956 }
1957#endif
1958
1959 return( 0 );
1960}
1961
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]1962/*
1963 * Find a suitable parent for child in candidates, or return NULL.
1964 *
1965 * Here suitable is defined as:
1966 * 1. subject name matches child's issuer
1967 * 2. if necessary, the CA bit is set and key usage allows signing certs
1968 * 3. for trusted roots, the signature is correct
1969 * (for intermediates, the signature is checked and the result reported)
1970 * 4. pathlen constraints are satisfied
1971 *
1972 * If there's a suitable candidate which is also time-valid, return the first
1973 * such. Otherwise, return the first suitable candidate (or NULL if there is
1974 * none).
1975 *
1976 * The rationale for this rule is that someone could have a list of trusted
1977 * roots with two versions on the same root with different validity periods.
1978 * (At least one user reported having such a list and wanted it to just work.)
1979 * The reason we don't just require time-validity is that generally there is
1980 * only one version, and if it's expired we want the flags to state that
1981 * rather than NOT_TRUSTED, as would be the case if we required it here.
1982 *
1983 * The rationale for rule 3 (signature for trusted roots) is that users might
1984 * have two versions of the same CA with different keys in their list, and the
1985 * way we select the correct one is by checking the signature (as we don't
1986 * rely on key identifier extensions). (This is one way users might choose to
1987 * handle key rollover, another relies on self-issued certs, see [SIRO].)
1988 *
1989 * Arguments:
1990 * - [in] child: certificate for which we're looking for a parent
1991 * - [in] candidates: chained list of potential parents
1992 * - [out] r_parent: parent found (or NULL)
1993 * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
1994 * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
1995 * of the chain, 0 otherwise
1996 * - [in] path_cnt: number of intermediates seen so far
1997 * - [in] self_cnt: number of self-signed intermediates seen so far
1998 * (will never be greater than path_cnt)
1999 * - [in-out] rs_ctx: context for restarting operations
2000 *
2001 * Return value:
2002 * - 0 on success
2003 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2004 */
2005static int x509_crt_find_parent_in(
2006 mbedtls_x509_crt *child,
2007 mbedtls_x509_crt *candidates,
2008 mbedtls_x509_crt **r_parent,
2009 int *r_signature_is_good,
2010 int top,
2011 unsigned path_cnt,
2012 unsigned self_cnt,
2013 mbedtls_x509_crt_restart_ctx *rs_ctx )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2014{
2015 int ret;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2016 mbedtls_x509_crt *parent, *fallback_parent;
2017 int signature_is_good, fallback_signature_is_good;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2018
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2019#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2020 /* did we have something in progress? */
2021 if( rs_ctx != NULL && rs_ctx->parent != NULL )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2022 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2023 /* restore saved state */
2024 parent = rs_ctx->parent;
2025 fallback_parent = rs_ctx->fallback_parent;
2026 fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
2027
2028 /* clear saved state */
2029 rs_ctx->parent = NULL;
2030 rs_ctx->fallback_parent = NULL;
2031 rs_ctx->fallback_signature_is_good = 0;
2032
2033 /* resume where we left */
2034 goto check_signature;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2035 }
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2036#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2037
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2038 fallback_parent = NULL;
2039 fallback_signature_is_good = 0;
2040
2041 for( parent = candidates; parent != NULL; parent = parent->next )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2042 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2043 /* basic parenting skills (name, CA bit, key usage) */
2044 if( x509_crt_check_parent( child, parent, top ) != 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2045 continue;
2046
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2047 /* +1 because stored max_pathlen is 1 higher that the actual value */
2048 if( parent->max_pathlen > 0 &&
2049 (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2050 {
2051 continue;
2052 }
2053
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2054 /* Signature */
2055#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2056check_signature:
2057#endif
2058 ret = x509_crt_check_signature( child, parent, rs_ctx );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2059
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2060#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2061 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2062 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2063 /* save state */
2064 rs_ctx->parent = parent;
2065 rs_ctx->fallback_parent = fallback_parent;
2066 rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
2067
2068 return( ret );
2069 }
2070#else
2071 (void) ret;
2072#endif
2073
2074 signature_is_good = ret == 0;
2075 if( top && ! signature_is_good )
2076 continue;
2077
2078 /* optional time check */
2079 if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
2080 mbedtls_x509_time_is_future( &parent->valid_from ) )
2081 {
2082 if( fallback_parent == NULL )
2083 {
2084 fallback_parent = parent;
2085 fallback_signature_is_good = signature_is_good;
2086 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2087
2088 continue;
2089 }
2090
2091 break;
2092 }
2093
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2094 if( parent != NULL )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2095 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2096 *r_parent = parent;
2097 *r_signature_is_good = signature_is_good;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2098 }
2099 else
2100 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2101 *r_parent = fallback_parent;
2102 *r_signature_is_good = fallback_signature_is_good;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2103 }
2104
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2105 return( 0 );
2106}
2107
2108/*
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2109 * Find a parent in trusted CAs or the provided chain, or return NULL.
2110 *
2111 * Searches in trusted CAs first, and return the first suitable parent found
2112 * (see find_parent_in() for definition of suitable).
2113 *
2114 * Arguments:
2115 * - [in] child: certificate for which we're looking for a parent, followed
2116 * by a chain of possible intermediates
2117 * - [in] trust_ca: list of locally trusted certificates
2118 * - [out] parent: parent found (or NULL)
2119 * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
2120 * - [out] signature_is_good: 1 if child signature by parent is valid, or 0
2121 * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child)
2122 * - [in] self_cnt: number of self-signed certs in the chain so far
2123 * (will always be no greater than path_cnt)
2124 * - [in-out] rs_ctx: context for restarting operations
2125 *
2126 * Return value:
2127 * - 0 on success
2128 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2129 */
2130static int x509_crt_find_parent(
2131 mbedtls_x509_crt *child,
2132 mbedtls_x509_crt *trust_ca,
2133 mbedtls_x509_crt **parent,
2134 int *parent_is_trusted,
2135 int *signature_is_good,
2136 unsigned path_cnt,
2137 unsigned self_cnt,
2138 mbedtls_x509_crt_restart_ctx *rs_ctx )
2139{
2140 int ret;
2141 mbedtls_x509_crt *search_list;
2142
2143 *parent_is_trusted = 1;
2144
2145#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2146 /* restore then clear saved state if we have some stored */
2147 if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 )
2148 {
2149 *parent_is_trusted = rs_ctx->parent_is_trusted;
2150 rs_ctx->parent_is_trusted = -1;
2151 }
2152#endif
2153
2154 while( 1 ) {
2155 search_list = *parent_is_trusted ? trust_ca : child->next;
2156
2157 ret = x509_crt_find_parent_in( child, search_list,
2158 parent, signature_is_good,
2159 *parent_is_trusted,
2160 path_cnt, self_cnt, rs_ctx );
2161
2162#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2163 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
2164 {
2165 /* save state */
2166 rs_ctx->parent_is_trusted = *parent_is_trusted;
2167 return( ret );
2168 }
2169#else
2170 (void) ret;
2171#endif
2172
2173 /* stop here if found or already in second iteration */
2174 if( *parent != NULL || *parent_is_trusted == 0 )
2175 break;
2176
2177 /* prepare second iteration */
2178 *parent_is_trusted = 0;
2179 }
2180
2181 /* extra precaution against mistakes in the caller */
2182 if( *parent == NULL )
2183 {
2184 *parent_is_trusted = 0;
2185 *signature_is_good = 0;
2186 }
2187
2188 return( 0 );
2189}
2190
2191/*
2192 * Check if an end-entity certificate is locally trusted
2193 *
2194 * Currently we require such certificates to be self-signed (actually only
2195 * check for self-issued as self-signatures are not checked)
2196 */
2197static int x509_crt_check_ee_locally_trusted(
2198 mbedtls_x509_crt *crt,
2199 mbedtls_x509_crt *trust_ca )
2200{
2201 mbedtls_x509_crt *cur;
2202
2203 /* must be self-issued */
2204 if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 )
2205 return( -1 );
2206
2207 /* look for an exact match with trusted cert */
2208 for( cur = trust_ca; cur != NULL; cur = cur->next )
2209 {
2210 if( crt->raw.len == cur->raw.len &&
2211 memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
2212 {
2213 return( 0 );
2214 }
2215 }
2216
2217 /* too bad */
2218 return( -1 );
2219}
2220
2221/*
2222 * Build and verify a certificate chain
2223 *
2224 * Given a peer-provided list of certificates EE, C1, ..., Cn and
2225 * a list of trusted certs R1, ... Rp, try to build and verify a chain
2226 * EE, Ci1, ... Ciq [, Rj]
2227 * such that every cert in the chain is a child of the next one,
2228 * jumping to a trusted root as early as possible.
2229 *
2230 * Verify that chain and return it with flags for all issues found.
2231 *
2232 * Special cases:
2233 * - EE == Rj -> return a one-element list containing it
2234 * - EE, Ci1, ..., Ciq cannot be continued with a trusted root
2235 * -> return that chain with NOT_TRUSTED set on Ciq
2236 *
2237 * Tests for (aspects of) this function should include at least:
2238 * - trusted EE
2239 * - EE -> trusted root
2240 * - EE -> intermedate CA -> trusted root
2241 * - if relevant: EE untrusted
2242 * - if relevant: EE -> intermediate, untrusted
2243 * with the aspect under test checked at each relevant level (EE, int, root).
2244 * For some aspects longer chains are required, but usually length 2 is
2245 * enough (but length 1 is not in general).
2246 *
2247 * Arguments:
2248 * - [in] crt: the cert list EE, C1, ..., Cn
2249 * - [in] trust_ca: the trusted list R1, ..., Rp
2250 * - [in] ca_crl, profile: as in verify_with_profile()
2251 * - [out] ver_chain: the built and verified chain
2252 * Only valid when return value is 0, may contain garbage otherwise!
2253 * Restart note: need not be the same when calling again to resume.
2254 * - [in-out] rs_ctx: context for restarting operations
2255 *
2256 * Return value:
2257 * - non-zero if the chain could not be fully built and examined
2258 * - 0 is the chain was successfully built and examined,
2259 * even if it was found to be invalid
2260 */
2261static int x509_crt_verify_chain(
2262 mbedtls_x509_crt *crt,
2263 mbedtls_x509_crt *trust_ca,
2264 mbedtls_x509_crl *ca_crl,
2265 const mbedtls_x509_crt_profile *profile,
2266 mbedtls_x509_crt_verify_chain *ver_chain,
2267 mbedtls_x509_crt_restart_ctx *rs_ctx )
2268{
2269 /* Don't initialize any of those variables here, so that the compiler can
2270 * catch potential issues with jumping ahead when restarting */
2271 int ret;
2272 uint32_t *flags;
2273 mbedtls_x509_crt_verify_chain_item *cur;
2274 mbedtls_x509_crt *child;
2275 mbedtls_x509_crt *parent;
2276 int parent_is_trusted;
2277 int child_is_trusted;
2278 int signature_is_good;
2279 unsigned self_cnt;
2280
2281#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2282 /* resume if we had an operation in progress */
2283 if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent )
2284 {
2285 /* restore saved state */
2286 *ver_chain = rs_ctx->ver_chain; /* struct copy */
2287 self_cnt = rs_ctx->self_cnt;
2288
2289 /* restore derived state */
2290 cur = &ver_chain->items[ver_chain->len - 1];
2291 child = cur->crt;
2292 flags = &cur->flags;
2293
2294 goto find_parent;
2295 }
2296#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
2297
2298 child = crt;
2299 self_cnt = 0;
2300 parent_is_trusted = 0;
2301 child_is_trusted = 0;
2302
2303 while( 1 ) {
2304 /* Add certificate to the verification chain */
2305 cur = &ver_chain->items[ver_chain->len];
2306 cur->crt = child;
2307 cur->flags = 0;
2308 ver_chain->len++;
2309 flags = &cur->flags;
2310
2311 /* Check time-validity (all certificates) */
2312 if( mbedtls_x509_time_is_past( &child->valid_to ) )
2313 *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
2314
2315 if( mbedtls_x509_time_is_future( &child->valid_from ) )
2316 *flags |= MBEDTLS_X509_BADCERT_FUTURE;
2317
2318 /* Stop here for trusted roots (but not for trusted EE certs) */
2319 if( child_is_trusted )
2320 return( 0 );
2321
2322 /* Check signature algorithm: MD & PK algs */
2323 if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
2324 *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
2325
2326 if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
2327 *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
2328
2329 /* Special case: EE certs that are locally trusted */
2330 if( ver_chain->len == 1 &&
2331 x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
2332 {
2333 return( 0 );
2334 }
2335
2336#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2337find_parent:
2338#endif
2339 /* Look for a parent in trusted CAs or up the chain */
2340 ret = x509_crt_find_parent( child, trust_ca, &parent,
2341 &parent_is_trusted, &signature_is_good,
2342 ver_chain->len - 1, self_cnt, rs_ctx );
2343
2344#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2345 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
2346 {
2347 /* save state */
2348 rs_ctx->in_progress = x509_crt_rs_find_parent;
2349 rs_ctx->self_cnt = self_cnt;
2350 rs_ctx->ver_chain = *ver_chain; /* struct copy */
2351
2352 return( ret );
2353 }
2354#else
2355 (void) ret;
2356#endif
2357
2358 /* No parent? We're done here */
2359 if( parent == NULL )
2360 {
2361 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2362 return( 0 );
2363 }
2364
2365 /* Count intermediate self-issued (not necessarily self-signed) certs.
2366 * These can occur with some strategies for key rollover, see [SIRO],
2367 * and should be excluded from max_pathlen checks. */
2368 if( ver_chain->len != 1 &&
2369 x509_name_cmp( &child->issuer, &child->subject ) == 0 )
2370 {
2371 self_cnt++;
2372 }
2373
2374 /* path_cnt is 0 for the first intermediate CA,
2375 * and if parent is trusted it's not an intermediate CA */
2376 if( ! parent_is_trusted &&
2377 ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
2378 {
2379 /* return immediately to avoid overflow the chain array */
2380 return( MBEDTLS_ERR_X509_FATAL_ERROR );
2381 }
2382
2383 /* signature was checked while searching parent */
2384 if( ! signature_is_good )
2385 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2386
2387 /* check size of signing key */
2388 if( x509_profile_check_key( profile, &parent->pk ) != 0 )
2389 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2390
2391#if defined(MBEDTLS_X509_CRL_PARSE_C)
2392 /* Check trusted CA's CRL for the given crt */
2393 *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile );
2394#else
2395 (void) ca_crl;
2396#endif
2397
2398 /* prepare for next iteration */
2399 child = parent;
2400 parent = NULL;
2401 child_is_trusted = parent_is_trusted;
2402 signature_is_good = 0;
2403 }
2404}
2405
2406/*
2407 * Check for CN match
2408 */
2409static int x509_crt_check_cn( const mbedtls_x509_buf *name,
2410 const char *cn, size_t cn_len )
2411{
2412 /* try exact match */
2413 if( name->len == cn_len &&
2414 x509_memcasecmp( cn, name->p, cn_len ) == 0 )
2415 {
2416 return( 0 );
2417 }
2418
2419 /* try wildcard match */
2420 if( x509_check_wildcard( cn, name ) == 0 )
2421 {
2422 return( 0 );
2423 }
2424
2425 return( -1 );
2426}
2427
2428/*
2429 * Verify the requested CN - only call this if cn is not NULL!
2430 */
2431static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
2432 const char *cn,
2433 uint32_t *flags )
2434{
2435 const mbedtls_x509_name *name;
2436 const mbedtls_x509_sequence *cur;
2437 size_t cn_len = strlen( cn );
2438
2439 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
2440 {
2441 for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
2442 {
2443 if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
2444 break;
2445 }
2446
2447 if( cur == NULL )
2448 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
2449 }
2450 else
2451 {
2452 for( name = &crt->subject; name != NULL; name = name->next )
2453 {
2454 if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
2455 x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
2456 {
2457 break;
2458 }
2459 }
2460
2461 if( name == NULL )
2462 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
2463 }
2464}
2465
2466/*
2467 * Merge the flags for all certs in the chain, after calling callback
2468 */
2469static int x509_crt_merge_flags_with_cb(
2470 uint32_t *flags,
2471 const mbedtls_x509_crt_verify_chain *ver_chain,
2472 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2473 void *p_vrfy )
2474{
2475 int ret;
2476 unsigned i;
2477 uint32_t cur_flags;
2478 const mbedtls_x509_crt_verify_chain_item *cur;
2479
2480 for( i = ver_chain->len; i != 0; --i )
2481 {
2482 cur = &ver_chain->items[i-1];
2483 cur_flags = cur->flags;
2484
2485 if( NULL != f_vrfy )
2486 if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 )
2487 return( ret );
2488
2489 *flags |= cur_flags;
2490 }
2491
2492 return( 0 );
2493}
2494
2495/*
2496 * Verify the certificate validity (default profile, not restartable)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2497 */
2498int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
2499 mbedtls_x509_crt *trust_ca,
2500 mbedtls_x509_crl *ca_crl,
2501 const char *cn, uint32_t *flags,
2502 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2503 void *p_vrfy )
2504{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2505 return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl,
2506 &mbedtls_x509_crt_profile_default, cn, flags,
2507 f_vrfy, p_vrfy, NULL ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2508}
2509
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2510/*
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2511 * Verify the certificate validity (user-chosen profile, not restartable)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2512 */
2513int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
2514 mbedtls_x509_crt *trust_ca,
2515 mbedtls_x509_crl *ca_crl,
2516 const mbedtls_x509_crt_profile *profile,
2517 const char *cn, uint32_t *flags,
2518 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2519 void *p_vrfy )
2520{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2521 return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl,
2522 profile, cn, flags, f_vrfy, p_vrfy, NULL ) );
2523}
2524
2525/*
2526 * Verify the certificate validity, with profile, restartable version
2527 *
2528 * This function:
2529 * - checks the requested CN (if any)
2530 * - checks the type and size of the EE cert's key,
2531 * as that isn't done as part of chain building/verification currently
2532 * - builds and verifies the chain
2533 * - then calls the callback and merges the flags
2534 */
2535int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
2536 mbedtls_x509_crt *trust_ca,
2537 mbedtls_x509_crl *ca_crl,
2538 const mbedtls_x509_crt_profile *profile,
2539 const char *cn, uint32_t *flags,
2540 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2541 void *p_vrfy,
2542 mbedtls_x509_crt_restart_ctx *rs_ctx )
2543{
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2544 int ret;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2545 mbedtls_pk_type_t pk_type;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2546 mbedtls_x509_crt_verify_chain ver_chain;
2547 uint32_t ee_flags;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2548
2549 *flags = 0;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2550 ee_flags = 0;
2551 x509_crt_verify_chain_reset( &ver_chain );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2552
2553 if( profile == NULL )
2554 {
2555 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
2556 goto exit;
2557 }
2558
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2559 /* check name if requested */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2560 if( cn != NULL )
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2561 x509_crt_verify_name( crt, cn, &ee_flags );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2562
2563 /* Check the type and size of the key */
2564 pk_type = mbedtls_pk_get_type( &crt->pk );
2565
2566 if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2567 ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2568
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2569 if( x509_profile_check_key( profile, &crt->pk ) != 0 )
2570 ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2571
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2572 /* Check the chain */
2573 ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
2574 &ver_chain, rs_ctx );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2575
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2576 if( ret != 0 )
2577 goto exit;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2578
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2579 /* Merge end-entity flags */
2580 ver_chain.items[0].flags |= ee_flags;
2581
2582 /* Build final flags, calling callback on the way if any */
2583 ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2584
2585exit:
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2586#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2587 if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
2588 mbedtls_x509_crt_restart_free( rs_ctx );
2589#endif
2590
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2591 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
2592 * the SSL module for authmode optional, but non-zero return from the
2593 * callback means a fatal error so it shouldn't be ignored */
2594 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
2595 ret = MBEDTLS_ERR_X509_FATAL_ERROR;
2596
2597 if( ret != 0 )
2598 {
2599 *flags = (uint32_t) -1;
2600 return( ret );
2601 }
2602
2603 if( *flags != 0 )
2604 return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
2605
2606 return( 0 );
2607}
2608
2609/*
2610 * Initialize a certificate chain
2611 */
2612void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
2613{
2614 memset( crt, 0, sizeof(mbedtls_x509_crt) );
2615}
2616
2617/*
2618 * Unallocate all certificate data
2619 */
2620void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
2621{
2622 mbedtls_x509_crt *cert_cur = crt;
2623 mbedtls_x509_crt *cert_prv;
2624 mbedtls_x509_name *name_cur;
2625 mbedtls_x509_name *name_prv;
2626 mbedtls_x509_sequence *seq_cur;
2627 mbedtls_x509_sequence *seq_prv;
2628
2629 if( crt == NULL )
2630 return;
2631
2632 do
2633 {
2634 mbedtls_pk_free( &cert_cur->pk );
2635
2636#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
2637 mbedtls_free( cert_cur->sig_opts );
2638#endif
2639
2640 name_cur = cert_cur->issuer.next;
2641 while( name_cur != NULL )
2642 {
2643 name_prv = name_cur;
2644 name_cur = name_cur->next;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2645 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2646 mbedtls_free( name_prv );
2647 }
2648
2649 name_cur = cert_cur->subject.next;
2650 while( name_cur != NULL )
2651 {
2652 name_prv = name_cur;
2653 name_cur = name_cur->next;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2654 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2655 mbedtls_free( name_prv );
2656 }
2657
2658 seq_cur = cert_cur->ext_key_usage.next;
2659 while( seq_cur != NULL )
2660 {
2661 seq_prv = seq_cur;
2662 seq_cur = seq_cur->next;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2663 mbedtls_platform_zeroize( seq_prv,
2664 sizeof( mbedtls_x509_sequence ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2665 mbedtls_free( seq_prv );
2666 }
2667
2668 seq_cur = cert_cur->subject_alt_names.next;
2669 while( seq_cur != NULL )
2670 {
2671 seq_prv = seq_cur;
2672 seq_cur = seq_cur->next;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2673 mbedtls_platform_zeroize( seq_prv,
2674 sizeof( mbedtls_x509_sequence ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2675 mbedtls_free( seq_prv );
2676 }
2677
2678 if( cert_cur->raw.p != NULL )
2679 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2680 mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2681 mbedtls_free( cert_cur->raw.p );
2682 }
2683
2684 cert_cur = cert_cur->next;
2685 }
2686 while( cert_cur != NULL );
2687
2688 cert_cur = crt;
2689 do
2690 {
2691 cert_prv = cert_cur;
2692 cert_cur = cert_cur->next;
2693
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2694 mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2695 if( cert_prv != crt )
2696 mbedtls_free( cert_prv );
2697 }
2698 while( cert_cur != NULL );
2699}
2700
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame]2701#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2702/*
2703 * Initialize a restart context
2704 */
2705void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
2706{
2707 mbedtls_pk_restart_init( &ctx->pk );
2708
2709 ctx->parent = NULL;
2710 ctx->fallback_parent = NULL;
2711 ctx->fallback_signature_is_good = 0;
2712
2713 ctx->parent_is_trusted = -1;
2714
2715 ctx->in_progress = x509_crt_rs_none;
2716 ctx->self_cnt = 0;
2717 x509_crt_verify_chain_reset( &ctx->ver_chain );
2718}
2719
2720/*
2721 * Free the components of a restart context
2722 */
2723void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx )
2724{
2725 if( ctx == NULL )
2726 return;
2727
2728 mbedtls_pk_restart_free( &ctx->pk );
2729 mbedtls_x509_crt_restart_init( ctx );
2730}
2731#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
2732
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2733#endif /* MBEDTLS_X509_CRT_PARSE_C */