blob: d7da8c46ec909c61718601d14f03c044b7f703b9 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/*
2 * X.509 certificate and private key decoding
3 *
Paul Bakkerefc30292011-11-10 14:43:23 +00004 * Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +00005 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +00008 *
Paul Bakker77b385e2009-07-28 17:23:11 +00009 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +000010 *
Paul Bakker5121ce52009-01-03 21:22:43 +000011 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificat format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc2459.txt
29 * http://www.ietf.org/rfc/rfc3279.txt
30 *
31 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32 *
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35 */
36
Paul Bakker40e46942009-01-03 21:51:57 +000037#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +000038
Paul Bakker40e46942009-01-03 21:51:57 +000039#if defined(POLARSSL_X509_PARSE_C)
Paul Bakker5121ce52009-01-03 21:22:43 +000040
Paul Bakker40e46942009-01-03 21:51:57 +000041#include "polarssl/x509.h"
Paul Bakkerefc30292011-11-10 14:43:23 +000042#include "polarssl/asn1.h"
Paul Bakker96743fc2011-02-12 14:30:57 +000043#include "polarssl/pem.h"
Paul Bakker40e46942009-01-03 21:51:57 +000044#include "polarssl/des.h"
45#include "polarssl/md2.h"
46#include "polarssl/md4.h"
47#include "polarssl/md5.h"
48#include "polarssl/sha1.h"
Paul Bakker026c03b2009-03-28 17:53:03 +000049#include "polarssl/sha2.h"
50#include "polarssl/sha4.h"
Paul Bakker1b57b062011-01-06 15:48:19 +000051#include "polarssl/dhm.h"
Paul Bakker5121ce52009-01-03 21:22:43 +000052
53#include <string.h>
54#include <stdlib.h>
Paul Bakker4f229e52011-12-04 22:11:35 +000055#if defined(_WIN32)
Paul Bakkercce9d772011-11-18 14:26:47 +000056#include <windows.h>
57#else
Paul Bakker5121ce52009-01-03 21:22:43 +000058#include <time.h>
Paul Bakkercce9d772011-11-18 14:26:47 +000059#endif
Paul Bakker5121ce52009-01-03 21:22:43 +000060
Paul Bakker335db3f2011-04-25 15:28:35 +000061#if defined(POLARSSL_FS_IO)
62#include <stdio.h>
63#endif
64
Paul Bakker5121ce52009-01-03 21:22:43 +000065/*
Paul Bakker5121ce52009-01-03 21:22:43 +000066 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
67 */
68static int x509_get_version( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +000069 const unsigned char *end,
Paul Bakker5121ce52009-01-03 21:22:43 +000070 int *ver )
71{
Paul Bakker23986e52011-04-24 08:57:21 +000072 int ret;
73 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +000074
75 if( ( ret = asn1_get_tag( p, end, &len,
76 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
77 {
Paul Bakker40e46942009-01-03 21:51:57 +000078 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
Paul Bakker2a1c5f52011-10-19 14:15:17 +000079 {
80 *ver = 0;
81 return( 0 );
82 }
Paul Bakker5121ce52009-01-03 21:22:43 +000083
84 return( ret );
85 }
86
87 end = *p + len;
88
89 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +000090 return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +000091
92 if( *p != end )
Paul Bakker9d781402011-05-09 16:17:09 +000093 return( POLARSSL_ERR_X509_CERT_INVALID_VERSION +
Paul Bakker40e46942009-01-03 21:51:57 +000094 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +000095
96 return( 0 );
97}
98
99/*
Paul Bakkerfae618f2011-10-12 11:53:52 +0000100 * Version ::= INTEGER { v1(0), v2(1) }
Paul Bakker3329d1f2011-10-12 09:55:01 +0000101 */
102static int x509_crl_get_version( unsigned char **p,
103 const unsigned char *end,
104 int *ver )
105{
106 int ret;
107
108 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
109 {
110 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
Paul Bakker2a1c5f52011-10-19 14:15:17 +0000111 {
112 *ver = 0;
113 return( 0 );
114 }
Paul Bakker3329d1f2011-10-12 09:55:01 +0000115
116 return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
117 }
118
119 return( 0 );
120}
121
122/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000123 * CertificateSerialNumber ::= INTEGER
124 */
125static int x509_get_serial( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000126 const unsigned char *end,
Paul Bakker5121ce52009-01-03 21:22:43 +0000127 x509_buf *serial )
128{
129 int ret;
130
131 if( ( end - *p ) < 1 )
Paul Bakker9d781402011-05-09 16:17:09 +0000132 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL +
Paul Bakker40e46942009-01-03 21:51:57 +0000133 POLARSSL_ERR_ASN1_OUT_OF_DATA );
Paul Bakker5121ce52009-01-03 21:22:43 +0000134
135 if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
136 **p != ASN1_INTEGER )
Paul Bakker9d781402011-05-09 16:17:09 +0000137 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL +
Paul Bakker40e46942009-01-03 21:51:57 +0000138 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker5121ce52009-01-03 21:22:43 +0000139
140 serial->tag = *(*p)++;
141
142 if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000143 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000144
145 serial->p = *p;
146 *p += serial->len;
147
148 return( 0 );
149}
150
151/*
152 * AlgorithmIdentifier ::= SEQUENCE {
153 * algorithm OBJECT IDENTIFIER,
154 * parameters ANY DEFINED BY algorithm OPTIONAL }
155 */
156static int x509_get_alg( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000157 const unsigned char *end,
Paul Bakker5121ce52009-01-03 21:22:43 +0000158 x509_buf *alg )
159{
Paul Bakker23986e52011-04-24 08:57:21 +0000160 int ret;
161 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +0000162
163 if( ( ret = asn1_get_tag( p, end, &len,
164 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000165 return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000166
167 end = *p + len;
168 alg->tag = **p;
169
170 if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000171 return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000172
173 alg->p = *p;
174 *p += alg->len;
175
176 if( *p == end )
177 return( 0 );
178
179 /*
180 * assume the algorithm parameters must be NULL
181 */
182 if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000183 return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000184
185 if( *p != end )
Paul Bakker9d781402011-05-09 16:17:09 +0000186 return( POLARSSL_ERR_X509_CERT_INVALID_ALG +
Paul Bakker40e46942009-01-03 21:51:57 +0000187 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +0000188
189 return( 0 );
190}
191
192/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000193 * AttributeTypeAndValue ::= SEQUENCE {
194 * type AttributeType,
195 * value AttributeValue }
196 *
197 * AttributeType ::= OBJECT IDENTIFIER
198 *
199 * AttributeValue ::= ANY DEFINED BY AttributeType
200 */
Paul Bakker400ff6f2011-02-20 10:40:16 +0000201static int x509_get_attr_type_value( unsigned char **p,
202 const unsigned char *end,
203 x509_name *cur )
Paul Bakker5121ce52009-01-03 21:22:43 +0000204{
Paul Bakker23986e52011-04-24 08:57:21 +0000205 int ret;
206 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +0000207 x509_buf *oid;
208 x509_buf *val;
209
210 if( ( ret = asn1_get_tag( p, end, &len,
Paul Bakker5121ce52009-01-03 21:22:43 +0000211 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000212 return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000213
Paul Bakker5121ce52009-01-03 21:22:43 +0000214 oid = &cur->oid;
215 oid->tag = **p;
216
217 if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000218 return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000219
220 oid->p = *p;
221 *p += oid->len;
222
223 if( ( end - *p ) < 1 )
Paul Bakker9d781402011-05-09 16:17:09 +0000224 return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
Paul Bakker40e46942009-01-03 21:51:57 +0000225 POLARSSL_ERR_ASN1_OUT_OF_DATA );
Paul Bakker5121ce52009-01-03 21:22:43 +0000226
227 if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
228 **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
229 **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
Paul Bakker9d781402011-05-09 16:17:09 +0000230 return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
Paul Bakker40e46942009-01-03 21:51:57 +0000231 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker5121ce52009-01-03 21:22:43 +0000232
233 val = &cur->val;
234 val->tag = *(*p)++;
235
236 if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000237 return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000238
239 val->p = *p;
240 *p += val->len;
241
242 cur->next = NULL;
243
Paul Bakker400ff6f2011-02-20 10:40:16 +0000244 return( 0 );
245}
246
247/*
248 * RelativeDistinguishedName ::=
249 * SET OF AttributeTypeAndValue
250 *
251 * AttributeTypeAndValue ::= SEQUENCE {
252 * type AttributeType,
253 * value AttributeValue }
254 *
255 * AttributeType ::= OBJECT IDENTIFIER
256 *
257 * AttributeValue ::= ANY DEFINED BY AttributeType
258 */
259static int x509_get_name( unsigned char **p,
260 const unsigned char *end,
261 x509_name *cur )
262{
Paul Bakker23986e52011-04-24 08:57:21 +0000263 int ret;
264 size_t len;
Paul Bakker400ff6f2011-02-20 10:40:16 +0000265 const unsigned char *end2;
266 x509_name *use;
267
268 if( ( ret = asn1_get_tag( p, end, &len,
269 ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000270 return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
Paul Bakker400ff6f2011-02-20 10:40:16 +0000271
272 end2 = end;
273 end = *p + len;
274 use = cur;
275
276 do
277 {
278 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
279 return( ret );
280
281 if( *p != end )
282 {
283 use->next = (x509_name *) malloc(
284 sizeof( x509_name ) );
285
286 if( use->next == NULL )
287 return( 1 );
288
289 memset( use->next, 0, sizeof( x509_name ) );
290
291 use = use->next;
292 }
293 }
294 while( *p != end );
Paul Bakker5121ce52009-01-03 21:22:43 +0000295
296 /*
297 * recurse until end of SEQUENCE is reached
298 */
299 if( *p == end2 )
300 return( 0 );
301
302 cur->next = (x509_name *) malloc(
303 sizeof( x509_name ) );
304
305 if( cur->next == NULL )
306 return( 1 );
307
308 return( x509_get_name( p, end2, cur->next ) );
309}
310
311/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000312 * Time ::= CHOICE {
313 * utcTime UTCTime,
314 * generalTime GeneralizedTime }
315 */
Paul Bakker91200182010-02-18 21:26:15 +0000316static int x509_get_time( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000317 const unsigned char *end,
Paul Bakkerd98030e2009-05-02 15:13:40 +0000318 x509_time *time )
319{
Paul Bakker23986e52011-04-24 08:57:21 +0000320 int ret;
321 size_t len;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000322 char date[64];
Paul Bakker91200182010-02-18 21:26:15 +0000323 unsigned char tag;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000324
Paul Bakker91200182010-02-18 21:26:15 +0000325 if( ( end - *p ) < 1 )
Paul Bakker9d781402011-05-09 16:17:09 +0000326 return( POLARSSL_ERR_X509_CERT_INVALID_DATE +
327 POLARSSL_ERR_ASN1_OUT_OF_DATA );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000328
Paul Bakker91200182010-02-18 21:26:15 +0000329 tag = **p;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000330
Paul Bakker91200182010-02-18 21:26:15 +0000331 if ( tag == ASN1_UTC_TIME )
332 {
333 (*p)++;
334 ret = asn1_get_len( p, end, &len );
335
336 if( ret != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000337 return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000338
Paul Bakker91200182010-02-18 21:26:15 +0000339 memset( date, 0, sizeof( date ) );
Paul Bakker27fdf462011-06-09 13:55:13 +0000340 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
341 len : sizeof( date ) - 1 );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000342
Paul Bakker91200182010-02-18 21:26:15 +0000343 if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
344 &time->year, &time->mon, &time->day,
345 &time->hour, &time->min, &time->sec ) < 5 )
346 return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000347
Paul Bakker400ff6f2011-02-20 10:40:16 +0000348 time->year += 100 * ( time->year < 50 );
Paul Bakker91200182010-02-18 21:26:15 +0000349 time->year += 1900;
350
351 *p += len;
352
353 return( 0 );
354 }
355 else if ( tag == ASN1_GENERALIZED_TIME )
356 {
357 (*p)++;
358 ret = asn1_get_len( p, end, &len );
359
360 if( ret != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000361 return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
Paul Bakker91200182010-02-18 21:26:15 +0000362
363 memset( date, 0, sizeof( date ) );
Paul Bakker27fdf462011-06-09 13:55:13 +0000364 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
365 len : sizeof( date ) - 1 );
Paul Bakker91200182010-02-18 21:26:15 +0000366
367 if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
368 &time->year, &time->mon, &time->day,
369 &time->hour, &time->min, &time->sec ) < 5 )
370 return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
371
372 *p += len;
373
374 return( 0 );
375 }
376 else
Paul Bakker9d781402011-05-09 16:17:09 +0000377 return( POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000378}
379
380
381/*
382 * Validity ::= SEQUENCE {
383 * notBefore Time,
384 * notAfter Time }
385 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000386static int x509_get_dates( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000387 const unsigned char *end,
Paul Bakker5121ce52009-01-03 21:22:43 +0000388 x509_time *from,
389 x509_time *to )
390{
Paul Bakker23986e52011-04-24 08:57:21 +0000391 int ret;
392 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +0000393
394 if( ( ret = asn1_get_tag( p, end, &len,
395 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000396 return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000397
398 end = *p + len;
399
Paul Bakker91200182010-02-18 21:26:15 +0000400 if( ( ret = x509_get_time( p, end, from ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000401 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000402
Paul Bakker91200182010-02-18 21:26:15 +0000403 if( ( ret = x509_get_time( p, end, to ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000404 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000405
406 if( *p != end )
Paul Bakker9d781402011-05-09 16:17:09 +0000407 return( POLARSSL_ERR_X509_CERT_INVALID_DATE +
Paul Bakker40e46942009-01-03 21:51:57 +0000408 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +0000409
410 return( 0 );
411}
412
413/*
414 * SubjectPublicKeyInfo ::= SEQUENCE {
415 * algorithm AlgorithmIdentifier,
416 * subjectPublicKey BIT STRING }
417 */
418static int x509_get_pubkey( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000419 const unsigned char *end,
Paul Bakker5121ce52009-01-03 21:22:43 +0000420 x509_buf *pk_alg_oid,
421 mpi *N, mpi *E )
422{
Paul Bakker23986e52011-04-24 08:57:21 +0000423 int ret, can_handle;
424 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +0000425 unsigned char *end2;
426
427 if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
428 return( ret );
429
430 /*
431 * only RSA public keys handled at this time
432 */
Paul Bakker400ff6f2011-02-20 10:40:16 +0000433 can_handle = 0;
434
435 if( pk_alg_oid->len == 9 &&
436 memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) == 0 )
437 can_handle = 1;
438
439 if( pk_alg_oid->len == 9 &&
440 memcmp( pk_alg_oid->p, OID_PKCS1, 8 ) == 0 )
441 {
442 if( pk_alg_oid->p[8] >= 2 && pk_alg_oid->p[8] <= 5 )
443 can_handle = 1;
444
445 if ( pk_alg_oid->p[8] >= 11 && pk_alg_oid->p[8] <= 14 )
446 can_handle = 1;
447 }
448
449 if( pk_alg_oid->len == 5 &&
450 memcmp( pk_alg_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
451 can_handle = 1;
452
453 if( can_handle == 0 )
Paul Bakkered56b222011-07-13 11:26:43 +0000454 return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
Paul Bakker5121ce52009-01-03 21:22:43 +0000455
456 if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000457 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000458
459 if( ( end - *p ) < 1 )
Paul Bakker9d781402011-05-09 16:17:09 +0000460 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
Paul Bakker40e46942009-01-03 21:51:57 +0000461 POLARSSL_ERR_ASN1_OUT_OF_DATA );
Paul Bakker5121ce52009-01-03 21:22:43 +0000462
463 end2 = *p + len;
464
465 if( *(*p)++ != 0 )
Paul Bakker40e46942009-01-03 21:51:57 +0000466 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY );
Paul Bakker5121ce52009-01-03 21:22:43 +0000467
468 /*
469 * RSAPublicKey ::= SEQUENCE {
470 * modulus INTEGER, -- n
471 * publicExponent INTEGER -- e
472 * }
473 */
474 if( ( ret = asn1_get_tag( p, end2, &len,
475 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000476 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000477
478 if( *p + len != end2 )
Paul Bakker9d781402011-05-09 16:17:09 +0000479 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
Paul Bakker40e46942009-01-03 21:51:57 +0000480 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +0000481
482 if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
483 ( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000484 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000485
486 if( *p != end )
Paul Bakker9d781402011-05-09 16:17:09 +0000487 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
Paul Bakker40e46942009-01-03 21:51:57 +0000488 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +0000489
490 return( 0 );
491}
492
493static int x509_get_sig( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000494 const unsigned char *end,
Paul Bakker5121ce52009-01-03 21:22:43 +0000495 x509_buf *sig )
496{
Paul Bakker23986e52011-04-24 08:57:21 +0000497 int ret;
498 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +0000499
500 sig->tag = **p;
501
502 if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000503 return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000504
Paul Bakker74111d32011-01-15 16:57:55 +0000505
Paul Bakker5121ce52009-01-03 21:22:43 +0000506 if( --len < 1 || *(*p)++ != 0 )
Paul Bakker40e46942009-01-03 21:51:57 +0000507 return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE );
Paul Bakker5121ce52009-01-03 21:22:43 +0000508
509 sig->len = len;
510 sig->p = *p;
511
512 *p += len;
513
514 return( 0 );
515}
516
517/*
518 * X.509 v2/v3 unique identifier (not parsed)
519 */
520static int x509_get_uid( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000521 const unsigned char *end,
Paul Bakker5121ce52009-01-03 21:22:43 +0000522 x509_buf *uid, int n )
523{
524 int ret;
525
526 if( *p == end )
527 return( 0 );
528
529 uid->tag = **p;
530
531 if( ( ret = asn1_get_tag( p, end, &uid->len,
532 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 )
533 {
Paul Bakker40e46942009-01-03 21:51:57 +0000534 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
Paul Bakker5121ce52009-01-03 21:22:43 +0000535 return( 0 );
536
537 return( ret );
538 }
539
540 uid->p = *p;
541 *p += uid->len;
542
543 return( 0 );
544}
545
546/*
Paul Bakkerd98030e2009-05-02 15:13:40 +0000547 * X.509 Extensions (No parsing of extensions, pointer should
548 * be either manually updated or extensions should be parsed!
Paul Bakker5121ce52009-01-03 21:22:43 +0000549 */
550static int x509_get_ext( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000551 const unsigned char *end,
Paul Bakkerfbc09f32011-10-12 09:56:41 +0000552 x509_buf *ext, int tag )
Paul Bakker5121ce52009-01-03 21:22:43 +0000553{
Paul Bakker23986e52011-04-24 08:57:21 +0000554 int ret;
555 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +0000556
557 if( *p == end )
558 return( 0 );
559
560 ext->tag = **p;
Paul Bakkerff60ee62010-03-16 21:09:09 +0000561
Paul Bakker5121ce52009-01-03 21:22:43 +0000562 if( ( ret = asn1_get_tag( p, end, &ext->len,
Paul Bakkerfbc09f32011-10-12 09:56:41 +0000563 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000564 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000565
566 ext->p = *p;
567 end = *p + ext->len;
568
569 /*
570 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
571 *
572 * Extension ::= SEQUENCE {
573 * extnID OBJECT IDENTIFIER,
574 * critical BOOLEAN DEFAULT FALSE,
575 * extnValue OCTET STRING }
576 */
577 if( ( ret = asn1_get_tag( p, end, &len,
578 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000579 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000580
581 if( end != *p + len )
Paul Bakker9d781402011-05-09 16:17:09 +0000582 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakker40e46942009-01-03 21:51:57 +0000583 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +0000584
Paul Bakkerd98030e2009-05-02 15:13:40 +0000585 return( 0 );
586}
587
588/*
589 * X.509 CRL v2 extensions (no extensions parsed yet.)
590 */
591static int x509_get_crl_ext( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000592 const unsigned char *end,
593 x509_buf *ext )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000594{
Paul Bakker23986e52011-04-24 08:57:21 +0000595 int ret;
Paul Bakkerfbc09f32011-10-12 09:56:41 +0000596 size_t len = 0;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000597
Paul Bakkerfbc09f32011-10-12 09:56:41 +0000598 /* Get explicit tag */
599 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000600 {
601 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
602 return( 0 );
603
604 return( ret );
605 }
606
607 while( *p < end )
608 {
609 if( ( ret = asn1_get_tag( p, end, &len,
610 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000611 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakkerd98030e2009-05-02 15:13:40 +0000612
613 *p += len;
614 }
615
616 if( *p != end )
Paul Bakker9d781402011-05-09 16:17:09 +0000617 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakkerd98030e2009-05-02 15:13:40 +0000618 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
619
620 return( 0 );
621}
622
Paul Bakkerb5a11ab2011-10-12 09:58:41 +0000623/*
624 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
625 */
626static int x509_get_crl_entry_ext( unsigned char **p,
627 const unsigned char *end,
628 x509_buf *ext )
629{
630 int ret;
631 size_t len = 0;
632
633 /* OPTIONAL */
634 if (end <= *p)
635 return( 0 );
636
637 ext->tag = **p;
638 ext->p = *p;
639
640 /*
641 * Get CRL-entry extension sequence header
642 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
643 */
644 if( ( ret = asn1_get_tag( p, end, &ext->len,
645 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
646 {
647 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
648 {
649 ext->p = NULL;
650 return( 0 );
651 }
652 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
653 }
654
655 end = *p + ext->len;
656
657 if( end != *p + ext->len )
658 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
659 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
660
661 while( *p < end )
662 {
663 if( ( ret = asn1_get_tag( p, end, &len,
664 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
665 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
666
667 *p += len;
668 }
669
670 if( *p != end )
671 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
672 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
673
674 return( 0 );
675}
676
Paul Bakker74111d32011-01-15 16:57:55 +0000677static int x509_get_basic_constraints( unsigned char **p,
678 const unsigned char *end,
Paul Bakker74111d32011-01-15 16:57:55 +0000679 int *ca_istrue,
680 int *max_pathlen )
681{
Paul Bakker23986e52011-04-24 08:57:21 +0000682 int ret;
683 size_t len;
Paul Bakker74111d32011-01-15 16:57:55 +0000684
685 /*
686 * BasicConstraints ::= SEQUENCE {
687 * cA BOOLEAN DEFAULT FALSE,
688 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
689 */
Paul Bakker3cccddb2011-01-16 21:46:31 +0000690 *ca_istrue = 0; /* DEFAULT FALSE */
Paul Bakker74111d32011-01-15 16:57:55 +0000691 *max_pathlen = 0; /* endless */
692
693 if( ( ret = asn1_get_tag( p, end, &len,
694 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000695 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker74111d32011-01-15 16:57:55 +0000696
697 if( *p == end )
698 return 0;
699
Paul Bakker3cccddb2011-01-16 21:46:31 +0000700 if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
Paul Bakker74111d32011-01-15 16:57:55 +0000701 {
702 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
Paul Bakker3cccddb2011-01-16 21:46:31 +0000703 ret = asn1_get_int( p, end, ca_istrue );
Paul Bakker74111d32011-01-15 16:57:55 +0000704
705 if( ret != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000706 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker74111d32011-01-15 16:57:55 +0000707
Paul Bakker3cccddb2011-01-16 21:46:31 +0000708 if( *ca_istrue != 0 )
709 *ca_istrue = 1;
Paul Bakker74111d32011-01-15 16:57:55 +0000710 }
711
712 if( *p == end )
713 return 0;
714
715 if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000716 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker74111d32011-01-15 16:57:55 +0000717
718 if( *p != end )
Paul Bakker9d781402011-05-09 16:17:09 +0000719 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakker74111d32011-01-15 16:57:55 +0000720 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
721
722 (*max_pathlen)++;
723
Paul Bakker74111d32011-01-15 16:57:55 +0000724 return 0;
725}
726
727static int x509_get_ns_cert_type( unsigned char **p,
728 const unsigned char *end,
729 unsigned char *ns_cert_type)
730{
731 int ret;
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000732 x509_bitstring bs = { 0, 0, NULL };
Paul Bakker74111d32011-01-15 16:57:55 +0000733
734 if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000735 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker74111d32011-01-15 16:57:55 +0000736
737 if( bs.len != 1 )
Paul Bakker9d781402011-05-09 16:17:09 +0000738 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakker74111d32011-01-15 16:57:55 +0000739 POLARSSL_ERR_ASN1_INVALID_LENGTH );
740
741 /* Get actual bitstring */
742 *ns_cert_type = *bs.p;
743 return 0;
744}
745
746static int x509_get_key_usage( unsigned char **p,
747 const unsigned char *end,
748 unsigned char *key_usage)
749{
750 int ret;
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000751 x509_bitstring bs = { 0, 0, NULL };
Paul Bakker74111d32011-01-15 16:57:55 +0000752
753 if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000754 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker74111d32011-01-15 16:57:55 +0000755
Paul Bakkercebdf172011-11-11 15:01:31 +0000756 if( bs.len > 1 )
Paul Bakker9d781402011-05-09 16:17:09 +0000757 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakker74111d32011-01-15 16:57:55 +0000758 POLARSSL_ERR_ASN1_INVALID_LENGTH );
759
760 /* Get actual bitstring */
761 *key_usage = *bs.p;
762 return 0;
763}
764
Paul Bakkerd98030e2009-05-02 15:13:40 +0000765/*
Paul Bakker74111d32011-01-15 16:57:55 +0000766 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
767 *
768 * KeyPurposeId ::= OBJECT IDENTIFIER
769 */
770static int x509_get_ext_key_usage( unsigned char **p,
771 const unsigned char *end,
772 x509_sequence *ext_key_usage)
773{
774 int ret;
775
776 if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000777 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker74111d32011-01-15 16:57:55 +0000778
779 /* Sequence length must be >= 1 */
780 if( ext_key_usage->buf.p == NULL )
Paul Bakker9d781402011-05-09 16:17:09 +0000781 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakker74111d32011-01-15 16:57:55 +0000782 POLARSSL_ERR_ASN1_INVALID_LENGTH );
783
784 return 0;
785}
786
787/*
788 * X.509 v3 extensions
789 *
790 * TODO: Perform all of the basic constraints tests required by the RFC
791 * TODO: Set values for undetected extensions to a sane default?
792 *
Paul Bakkerd98030e2009-05-02 15:13:40 +0000793 */
794static int x509_get_crt_ext( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000795 const unsigned char *end,
Paul Bakker74111d32011-01-15 16:57:55 +0000796 x509_cert *crt )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000797{
Paul Bakker23986e52011-04-24 08:57:21 +0000798 int ret;
799 size_t len;
Paul Bakkerc6ce8382009-07-27 21:34:45 +0000800 unsigned char *end_ext_data, *end_ext_octet;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000801
Paul Bakkerfbc09f32011-10-12 09:56:41 +0000802 if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000803 {
804 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
805 return( 0 );
806
807 return( ret );
808 }
809
Paul Bakker5121ce52009-01-03 21:22:43 +0000810 while( *p < end )
811 {
Paul Bakker74111d32011-01-15 16:57:55 +0000812 /*
813 * Extension ::= SEQUENCE {
814 * extnID OBJECT IDENTIFIER,
815 * critical BOOLEAN DEFAULT FALSE,
816 * extnValue OCTET STRING }
817 */
818 x509_buf extn_oid = {0, 0, NULL};
819 int is_critical = 0; /* DEFAULT FALSE */
820
Paul Bakker5121ce52009-01-03 21:22:43 +0000821 if( ( ret = asn1_get_tag( p, end, &len,
822 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000823 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000824
Paul Bakkerc6ce8382009-07-27 21:34:45 +0000825 end_ext_data = *p + len;
826
Paul Bakker74111d32011-01-15 16:57:55 +0000827 /* Get extension ID */
828 extn_oid.tag = **p;
Paul Bakker5121ce52009-01-03 21:22:43 +0000829
Paul Bakker74111d32011-01-15 16:57:55 +0000830 if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000831 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000832
Paul Bakker74111d32011-01-15 16:57:55 +0000833 extn_oid.p = *p;
834 *p += extn_oid.len;
835
836 if( ( end - *p ) < 1 )
Paul Bakker9d781402011-05-09 16:17:09 +0000837 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakker74111d32011-01-15 16:57:55 +0000838 POLARSSL_ERR_ASN1_OUT_OF_DATA );
839
840 /* Get optional critical */
Paul Bakkerc6ce8382009-07-27 21:34:45 +0000841 if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
Paul Bakker40e46942009-01-03 21:51:57 +0000842 ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) )
Paul Bakker9d781402011-05-09 16:17:09 +0000843 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000844
Paul Bakker74111d32011-01-15 16:57:55 +0000845 /* Data should be octet string type */
Paul Bakkerc6ce8382009-07-27 21:34:45 +0000846 if( ( ret = asn1_get_tag( p, end_ext_data, &len,
Paul Bakker5121ce52009-01-03 21:22:43 +0000847 ASN1_OCTET_STRING ) ) != 0 )
Paul Bakker9d781402011-05-09 16:17:09 +0000848 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000849
Paul Bakkerc6ce8382009-07-27 21:34:45 +0000850 end_ext_octet = *p + len;
Paul Bakkerff60ee62010-03-16 21:09:09 +0000851
Paul Bakkerc6ce8382009-07-27 21:34:45 +0000852 if( end_ext_octet != end_ext_data )
Paul Bakker9d781402011-05-09 16:17:09 +0000853 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakkerc6ce8382009-07-27 21:34:45 +0000854 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +0000855
Paul Bakker74111d32011-01-15 16:57:55 +0000856 /*
857 * Detect supported extensions
858 */
859 if( ( OID_SIZE( OID_BASIC_CONSTRAINTS ) == extn_oid.len ) &&
860 memcmp( extn_oid.p, OID_BASIC_CONSTRAINTS, extn_oid.len ) == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000861 {
Paul Bakker74111d32011-01-15 16:57:55 +0000862 /* Parse basic constraints */
863 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
Paul Bakker3cccddb2011-01-16 21:46:31 +0000864 &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
Paul Bakker74111d32011-01-15 16:57:55 +0000865 return ( ret );
866 crt->ext_types |= EXT_BASIC_CONSTRAINTS;
Paul Bakker5121ce52009-01-03 21:22:43 +0000867 }
Paul Bakker74111d32011-01-15 16:57:55 +0000868 else if( ( OID_SIZE( OID_NS_CERT_TYPE ) == extn_oid.len ) &&
869 memcmp( extn_oid.p, OID_NS_CERT_TYPE, extn_oid.len ) == 0 )
870 {
871 /* Parse netscape certificate type */
872 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
873 &crt->ns_cert_type ) ) != 0 )
874 return ( ret );
875 crt->ext_types |= EXT_NS_CERT_TYPE;
876 }
877 else if( ( OID_SIZE( OID_KEY_USAGE ) == extn_oid.len ) &&
878 memcmp( extn_oid.p, OID_KEY_USAGE, extn_oid.len ) == 0 )
879 {
880 /* Parse key usage */
881 if( ( ret = x509_get_key_usage( p, end_ext_octet,
882 &crt->key_usage ) ) != 0 )
883 return ( ret );
884 crt->ext_types |= EXT_KEY_USAGE;
885 }
886 else if( ( OID_SIZE( OID_EXTENDED_KEY_USAGE ) == extn_oid.len ) &&
887 memcmp( extn_oid.p, OID_EXTENDED_KEY_USAGE, extn_oid.len ) == 0 )
888 {
889 /* Parse extended key usage */
890 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
891 &crt->ext_key_usage ) ) != 0 )
892 return ( ret );
893 crt->ext_types |= EXT_EXTENDED_KEY_USAGE;
894 }
895 else
896 {
897 /* No parser found, skip extension */
898 *p = end_ext_octet;
Paul Bakker5121ce52009-01-03 21:22:43 +0000899
Paul Bakker5c721f92011-07-27 16:51:09 +0000900#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
Paul Bakker74111d32011-01-15 16:57:55 +0000901 if( is_critical )
902 {
903 /* Data is marked as critical: fail */
Paul Bakker9d781402011-05-09 16:17:09 +0000904 return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakker74111d32011-01-15 16:57:55 +0000905 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
906 }
Paul Bakker5c721f92011-07-27 16:51:09 +0000907#endif
Paul Bakker74111d32011-01-15 16:57:55 +0000908 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000909 }
910
911 if( *p != end )
Paul Bakker9d781402011-05-09 16:17:09 +0000912 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
Paul Bakker40e46942009-01-03 21:51:57 +0000913 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +0000914
Paul Bakker5121ce52009-01-03 21:22:43 +0000915 return( 0 );
916}
917
918/*
Paul Bakkerd98030e2009-05-02 15:13:40 +0000919 * X.509 CRL Entries
920 */
921static int x509_get_entries( unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000922 const unsigned char *end,
Paul Bakkerd98030e2009-05-02 15:13:40 +0000923 x509_crl_entry *entry )
924{
Paul Bakker23986e52011-04-24 08:57:21 +0000925 int ret;
926 size_t entry_len;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000927 x509_crl_entry *cur_entry = entry;
928
929 if( *p == end )
930 return( 0 );
931
Paul Bakker9be19372009-07-27 20:21:53 +0000932 if( ( ret = asn1_get_tag( p, end, &entry_len,
Paul Bakkerd98030e2009-05-02 15:13:40 +0000933 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
934 {
935 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
936 return( 0 );
937
938 return( ret );
939 }
940
Paul Bakker9be19372009-07-27 20:21:53 +0000941 end = *p + entry_len;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000942
943 while( *p < end )
944 {
Paul Bakker23986e52011-04-24 08:57:21 +0000945 size_t len2;
Paul Bakkerb5a11ab2011-10-12 09:58:41 +0000946 const unsigned char *end2;
Paul Bakkerd98030e2009-05-02 15:13:40 +0000947
948 if( ( ret = asn1_get_tag( p, end, &len2,
949 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
950 {
Paul Bakkerd98030e2009-05-02 15:13:40 +0000951 return( ret );
952 }
953
Paul Bakker9be19372009-07-27 20:21:53 +0000954 cur_entry->raw.tag = **p;
955 cur_entry->raw.p = *p;
956 cur_entry->raw.len = len2;
Paul Bakkerb5a11ab2011-10-12 09:58:41 +0000957 end2 = *p + len2;
Paul Bakker9be19372009-07-27 20:21:53 +0000958
Paul Bakkerb5a11ab2011-10-12 09:58:41 +0000959 if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000960 return( ret );
961
Paul Bakkerb5a11ab2011-10-12 09:58:41 +0000962 if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000963 return( ret );
964
Paul Bakkerb5a11ab2011-10-12 09:58:41 +0000965 if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +0000966 return( ret );
967
Paul Bakker74111d32011-01-15 16:57:55 +0000968 if ( *p < end )
969 {
Paul Bakkerd98030e2009-05-02 15:13:40 +0000970 cur_entry->next = malloc( sizeof( x509_crl_entry ) );
971 cur_entry = cur_entry->next;
972 memset( cur_entry, 0, sizeof( x509_crl_entry ) );
973 }
974 }
975
976 return( 0 );
977}
978
Paul Bakker27d66162010-03-17 06:56:01 +0000979static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
980{
981 if( sig_oid->len == 9 &&
982 memcmp( sig_oid->p, OID_PKCS1, 8 ) == 0 )
983 {
984 if( sig_oid->p[8] >= 2 && sig_oid->p[8] <= 5 )
985 {
986 *sig_alg = sig_oid->p[8];
987 return( 0 );
988 }
989
990 if ( sig_oid->p[8] >= 11 && sig_oid->p[8] <= 14 )
991 {
992 *sig_alg = sig_oid->p[8];
993 return( 0 );
994 }
995
996 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
997 }
Paul Bakker400ff6f2011-02-20 10:40:16 +0000998 if( sig_oid->len == 5 &&
999 memcmp( sig_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
1000 {
1001 *sig_alg = SIG_RSA_SHA1;
1002 return( 0 );
1003 }
Paul Bakker27d66162010-03-17 06:56:01 +00001004
1005 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
1006}
1007
Paul Bakkerd98030e2009-05-02 15:13:40 +00001008/*
Paul Bakker6c0ceb32011-12-04 12:24:18 +00001009 * Parse and fill a single X.509 certificate in DER format
Paul Bakker5121ce52009-01-03 21:22:43 +00001010 */
Paul Bakker6c0ceb32011-12-04 12:24:18 +00001011int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
Paul Bakker5121ce52009-01-03 21:22:43 +00001012{
Paul Bakker23986e52011-04-24 08:57:21 +00001013 int ret;
Paul Bakker5690efc2011-05-26 13:16:06 +00001014 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +00001015 unsigned char *p, *end;
Paul Bakker5121ce52009-01-03 21:22:43 +00001016
Paul Bakker320a4b52009-03-28 18:52:39 +00001017 /*
1018 * Check for valid input
1019 */
1020 if( crt == NULL || buf == NULL )
1021 return( 1 );
1022
Paul Bakker96743fc2011-02-12 14:30:57 +00001023 p = (unsigned char *) malloc( len = buflen );
1024
1025 if( p == NULL )
1026 return( 1 );
1027
1028 memcpy( p, buf, buflen );
1029
1030 buflen = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +00001031
1032 crt->raw.p = p;
1033 crt->raw.len = len;
1034 end = p + len;
1035
1036 /*
1037 * Certificate ::= SEQUENCE {
1038 * tbsCertificate TBSCertificate,
1039 * signatureAlgorithm AlgorithmIdentifier,
1040 * signatureValue BIT STRING }
1041 */
1042 if( ( ret = asn1_get_tag( &p, end, &len,
1043 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1044 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001045 x509_free( crt );
Paul Bakker40e46942009-01-03 21:51:57 +00001046 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
Paul Bakker5121ce52009-01-03 21:22:43 +00001047 }
1048
Paul Bakker23986e52011-04-24 08:57:21 +00001049 if( len != (size_t) ( end - p ) )
Paul Bakker5121ce52009-01-03 21:22:43 +00001050 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001051 x509_free( crt );
Paul Bakker9d781402011-05-09 16:17:09 +00001052 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
Paul Bakker40e46942009-01-03 21:51:57 +00001053 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +00001054 }
1055
1056 /*
1057 * TBSCertificate ::= SEQUENCE {
1058 */
1059 crt->tbs.p = p;
1060
1061 if( ( ret = asn1_get_tag( &p, end, &len,
1062 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1063 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001064 x509_free( crt );
Paul Bakker9d781402011-05-09 16:17:09 +00001065 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00001066 }
1067
1068 end = p + len;
1069 crt->tbs.len = end - crt->tbs.p;
1070
1071 /*
1072 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1073 *
1074 * CertificateSerialNumber ::= INTEGER
1075 *
1076 * signature AlgorithmIdentifier
1077 */
1078 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
1079 ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
1080 ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
1081 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001082 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001083 return( ret );
1084 }
1085
1086 crt->version++;
1087
1088 if( crt->version > 3 )
1089 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001090 x509_free( crt );
Paul Bakker40e46942009-01-03 21:51:57 +00001091 return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
Paul Bakker5121ce52009-01-03 21:22:43 +00001092 }
1093
Paul Bakker27d66162010-03-17 06:56:01 +00001094 if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_alg ) ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +00001095 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001096 x509_free( crt );
Paul Bakker27d66162010-03-17 06:56:01 +00001097 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00001098 }
1099
1100 /*
1101 * issuer Name
1102 */
1103 crt->issuer_raw.p = p;
1104
1105 if( ( ret = asn1_get_tag( &p, end, &len,
1106 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1107 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001108 x509_free( crt );
Paul Bakker9d781402011-05-09 16:17:09 +00001109 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00001110 }
1111
1112 if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
1113 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001114 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001115 return( ret );
1116 }
1117
1118 crt->issuer_raw.len = p - crt->issuer_raw.p;
1119
1120 /*
1121 * Validity ::= SEQUENCE {
1122 * notBefore Time,
1123 * notAfter Time }
1124 *
1125 */
1126 if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
1127 &crt->valid_to ) ) != 0 )
1128 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001129 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001130 return( ret );
1131 }
1132
1133 /*
1134 * subject Name
1135 */
1136 crt->subject_raw.p = p;
1137
1138 if( ( ret = asn1_get_tag( &p, end, &len,
1139 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1140 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001141 x509_free( crt );
Paul Bakker9d781402011-05-09 16:17:09 +00001142 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00001143 }
1144
1145 if( ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
1146 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001147 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001148 return( ret );
1149 }
1150
1151 crt->subject_raw.len = p - crt->subject_raw.p;
1152
1153 /*
1154 * SubjectPublicKeyInfo ::= SEQUENCE
1155 * algorithm AlgorithmIdentifier,
1156 * subjectPublicKey BIT STRING }
1157 */
1158 if( ( ret = asn1_get_tag( &p, end, &len,
1159 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1160 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001161 x509_free( crt );
Paul Bakker9d781402011-05-09 16:17:09 +00001162 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00001163 }
1164
1165 if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
1166 &crt->rsa.N, &crt->rsa.E ) ) != 0 )
1167 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001168 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001169 return( ret );
1170 }
1171
1172 if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
1173 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001174 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001175 return( ret );
1176 }
1177
1178 crt->rsa.len = mpi_size( &crt->rsa.N );
1179
1180 /*
1181 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1182 * -- If present, version shall be v2 or v3
1183 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1184 * -- If present, version shall be v2 or v3
1185 * extensions [3] EXPLICIT Extensions OPTIONAL
1186 * -- If present, version shall be v3
1187 */
1188 if( crt->version == 2 || crt->version == 3 )
1189 {
1190 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1191 if( ret != 0 )
1192 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001193 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001194 return( ret );
1195 }
1196 }
1197
1198 if( crt->version == 2 || crt->version == 3 )
1199 {
1200 ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1201 if( ret != 0 )
1202 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001203 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001204 return( ret );
1205 }
1206 }
1207
1208 if( crt->version == 3 )
1209 {
Paul Bakker74111d32011-01-15 16:57:55 +00001210 ret = x509_get_crt_ext( &p, end, crt);
Paul Bakker5121ce52009-01-03 21:22:43 +00001211 if( ret != 0 )
1212 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001213 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001214 return( ret );
1215 }
1216 }
1217
1218 if( p != end )
1219 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001220 x509_free( crt );
Paul Bakker9d781402011-05-09 16:17:09 +00001221 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
Paul Bakker40e46942009-01-03 21:51:57 +00001222 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +00001223 }
1224
1225 end = crt->raw.p + crt->raw.len;
1226
1227 /*
1228 * signatureAlgorithm AlgorithmIdentifier,
1229 * signatureValue BIT STRING
1230 */
1231 if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
1232 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001233 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001234 return( ret );
1235 }
1236
Paul Bakker320a4b52009-03-28 18:52:39 +00001237 if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +00001238 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001239 x509_free( crt );
Paul Bakker40e46942009-01-03 21:51:57 +00001240 return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +00001241 }
1242
1243 if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1244 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001245 x509_free( crt );
Paul Bakker5121ce52009-01-03 21:22:43 +00001246 return( ret );
1247 }
1248
1249 if( p != end )
1250 {
Paul Bakker7d06ad22009-05-02 15:53:56 +00001251 x509_free( crt );
Paul Bakker9d781402011-05-09 16:17:09 +00001252 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
Paul Bakker40e46942009-01-03 21:51:57 +00001253 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +00001254 }
1255
Paul Bakker6c0ceb32011-12-04 12:24:18 +00001256 return( 0 );
1257}
1258
1259/*
1260 * Parse one or more PEM certificates from a buffer and add them to the chained list
1261 */
1262int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
1263 int permissive )
1264{
1265 int ret, success = 0, first_error = 0;
1266 x509_cert *crt, *prev = NULL;
1267 int buf_format = X509_FORMAT_DER;
1268
1269 crt = chain;
1270
1271 /*
1272 * Check for valid input
1273 */
1274 if( crt == NULL || buf == NULL )
1275 return( 1 );
1276
1277 while( crt->version != 0 && crt->next != NULL )
1278 {
1279 prev = crt;
1280 crt = crt->next;
1281 }
1282
1283 /*
1284 * Add new certificate on the end of the chain if needed.
1285 */
1286 if ( crt->version != 0 && crt->next == NULL)
Paul Bakker320a4b52009-03-28 18:52:39 +00001287 {
1288 crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1289
Paul Bakker7d06ad22009-05-02 15:53:56 +00001290 if( crt->next == NULL )
Paul Bakker7d06ad22009-05-02 15:53:56 +00001291 return( 1 );
Paul Bakker320a4b52009-03-28 18:52:39 +00001292
Paul Bakker6c0ceb32011-12-04 12:24:18 +00001293 prev = crt;
Paul Bakker7d06ad22009-05-02 15:53:56 +00001294 crt = crt->next;
1295 memset( crt, 0, sizeof( x509_cert ) );
Paul Bakker320a4b52009-03-28 18:52:39 +00001296 }
Paul Bakker5121ce52009-01-03 21:22:43 +00001297
Paul Bakker6c0ceb32011-12-04 12:24:18 +00001298 /*
1299 * Determine buffer content. Buffer contains either one DER certificate or
1300 * one or more PEM certificates.
1301 */
1302#if defined(POLARSSL_PEM_C)
1303 if( strstr( (char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1304 buf_format = X509_FORMAT_PEM;
1305#endif
1306
1307 if( buf_format == X509_FORMAT_DER )
1308 return x509parse_crt_der( crt, buf, buflen );
1309
1310#if defined(POLARSSL_PEM_C)
1311 if( buf_format == X509_FORMAT_PEM )
1312 {
1313 pem_context pem;
1314
1315 while( buflen > 0 )
1316 {
1317 size_t use_len;
1318 pem_init( &pem );
1319
1320 ret = pem_read_buffer( &pem,
1321 "-----BEGIN CERTIFICATE-----",
1322 "-----END CERTIFICATE-----",
1323 buf, NULL, 0, &use_len );
1324
1325 if( ret == 0 )
1326 {
1327 /*
1328 * Was PEM encoded
1329 */
1330 buflen -= use_len;
1331 buf += use_len;
1332 }
1333 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1334 {
1335 pem_free( &pem );
1336
1337 if( first_error == 0 )
1338 first_error = ret;
1339
1340 continue;
1341 }
1342 else
1343 break;
1344
1345 ret = x509parse_crt_der( crt, pem.buf, pem.buflen );
1346
1347 pem_free( &pem );
1348
1349 if( ret != 0 )
1350 {
1351 /*
1352 * quit parsing on a memory error or if in non-permissive parsing mode
1353 */
1354 if( ret == 1 || permissive != 1 )
1355 {
1356 if( prev )
1357 prev->next = NULL;
1358
1359 if( crt != chain )
1360 free( crt );
1361
1362 return( ret );
1363 }
1364
1365 if( first_error == 0 )
1366 first_error = ret;
1367
1368 memset( crt, 0, sizeof( x509_cert ) );
1369 continue;
1370 }
1371
1372 success = 1;
1373
1374 /*
1375 * Add new certificate to the list
1376 */
1377 crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1378
1379 if( crt->next == NULL )
1380 return( 1 );
1381
1382 prev = crt;
1383 crt = crt->next;
1384 memset( crt, 0, sizeof( x509_cert ) );
1385 }
1386 }
1387#endif
1388
1389 if( crt->version == 0 )
1390 {
1391 if( prev )
1392 prev->next = NULL;
1393
1394 if( crt != chain )
1395 free( crt );
1396 }
1397
1398 if( success )
1399 return( 0 );
1400 else if( first_error )
1401 return( first_error );
1402 else
1403 return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
Paul Bakker5121ce52009-01-03 21:22:43 +00001404}
1405
1406/*
Paul Bakkerd98030e2009-05-02 15:13:40 +00001407 * Parse one or more CRLs and add them to the chained list
1408 */
Paul Bakker23986e52011-04-24 08:57:21 +00001409int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
Paul Bakkerd98030e2009-05-02 15:13:40 +00001410{
Paul Bakker23986e52011-04-24 08:57:21 +00001411 int ret;
Paul Bakker5690efc2011-05-26 13:16:06 +00001412 size_t len;
Paul Bakkerd98030e2009-05-02 15:13:40 +00001413 unsigned char *p, *end;
1414 x509_crl *crl;
Paul Bakker96743fc2011-02-12 14:30:57 +00001415#if defined(POLARSSL_PEM_C)
Paul Bakker5690efc2011-05-26 13:16:06 +00001416 size_t use_len;
Paul Bakker96743fc2011-02-12 14:30:57 +00001417 pem_context pem;
1418#endif
Paul Bakkerd98030e2009-05-02 15:13:40 +00001419
1420 crl = chain;
1421
1422 /*
1423 * Check for valid input
1424 */
1425 if( crl == NULL || buf == NULL )
1426 return( 1 );
1427
1428 while( crl->version != 0 && crl->next != NULL )
1429 crl = crl->next;
1430
1431 /*
1432 * Add new CRL on the end of the chain if needed.
1433 */
1434 if ( crl->version != 0 && crl->next == NULL)
1435 {
1436 crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1437
Paul Bakker7d06ad22009-05-02 15:53:56 +00001438 if( crl->next == NULL )
1439 {
Paul Bakkerd98030e2009-05-02 15:13:40 +00001440 x509_crl_free( crl );
Paul Bakker7d06ad22009-05-02 15:53:56 +00001441 return( 1 );
1442 }
Paul Bakkerd98030e2009-05-02 15:13:40 +00001443
Paul Bakker7d06ad22009-05-02 15:53:56 +00001444 crl = crl->next;
1445 memset( crl, 0, sizeof( x509_crl ) );
Paul Bakkerd98030e2009-05-02 15:13:40 +00001446 }
1447
Paul Bakker96743fc2011-02-12 14:30:57 +00001448#if defined(POLARSSL_PEM_C)
1449 pem_init( &pem );
1450 ret = pem_read_buffer( &pem,
1451 "-----BEGIN X509 CRL-----",
1452 "-----END X509 CRL-----",
1453 buf, NULL, 0, &use_len );
Paul Bakkerd98030e2009-05-02 15:13:40 +00001454
Paul Bakker96743fc2011-02-12 14:30:57 +00001455 if( ret == 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +00001456 {
Paul Bakker96743fc2011-02-12 14:30:57 +00001457 /*
1458 * Was PEM encoded
1459 */
1460 buflen -= use_len;
1461 buf += use_len;
Paul Bakkerd98030e2009-05-02 15:13:40 +00001462
1463 /*
Paul Bakker96743fc2011-02-12 14:30:57 +00001464 * Steal PEM buffer
Paul Bakkerd98030e2009-05-02 15:13:40 +00001465 */
Paul Bakker96743fc2011-02-12 14:30:57 +00001466 p = pem.buf;
1467 pem.buf = NULL;
1468 len = pem.buflen;
1469 pem_free( &pem );
1470 }
1471 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1472 {
1473 pem_free( &pem );
1474 return( ret );
Paul Bakkerd98030e2009-05-02 15:13:40 +00001475 }
1476 else
1477 {
1478 /*
1479 * nope, copy the raw DER data
1480 */
1481 p = (unsigned char *) malloc( len = buflen );
1482
1483 if( p == NULL )
1484 return( 1 );
1485
1486 memcpy( p, buf, buflen );
1487
1488 buflen = 0;
1489 }
Paul Bakker96743fc2011-02-12 14:30:57 +00001490#else
1491 p = (unsigned char *) malloc( len = buflen );
1492
1493 if( p == NULL )
1494 return( 1 );
1495
1496 memcpy( p, buf, buflen );
1497
1498 buflen = 0;
1499#endif
Paul Bakkerd98030e2009-05-02 15:13:40 +00001500
1501 crl->raw.p = p;
1502 crl->raw.len = len;
1503 end = p + len;
1504
1505 /*
1506 * CertificateList ::= SEQUENCE {
1507 * tbsCertList TBSCertList,
1508 * signatureAlgorithm AlgorithmIdentifier,
1509 * signatureValue BIT STRING }
1510 */
1511 if( ( ret = asn1_get_tag( &p, end, &len,
1512 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1513 {
1514 x509_crl_free( crl );
1515 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
1516 }
1517
Paul Bakker23986e52011-04-24 08:57:21 +00001518 if( len != (size_t) ( end - p ) )
Paul Bakkerd98030e2009-05-02 15:13:40 +00001519 {
1520 x509_crl_free( crl );
Paul Bakker9d781402011-05-09 16:17:09 +00001521 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
Paul Bakkerd98030e2009-05-02 15:13:40 +00001522 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1523 }
1524
1525 /*
1526 * TBSCertList ::= SEQUENCE {
1527 */
1528 crl->tbs.p = p;
1529
1530 if( ( ret = asn1_get_tag( &p, end, &len,
1531 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1532 {
1533 x509_crl_free( crl );
Paul Bakker9d781402011-05-09 16:17:09 +00001534 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
Paul Bakkerd98030e2009-05-02 15:13:40 +00001535 }
1536
1537 end = p + len;
1538 crl->tbs.len = end - crl->tbs.p;
1539
1540 /*
1541 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
1542 * -- if present, MUST be v2
1543 *
1544 * signature AlgorithmIdentifier
1545 */
Paul Bakker3329d1f2011-10-12 09:55:01 +00001546 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
Paul Bakkerd98030e2009-05-02 15:13:40 +00001547 ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
1548 {
1549 x509_crl_free( crl );
1550 return( ret );
1551 }
1552
1553 crl->version++;
1554
1555 if( crl->version > 2 )
1556 {
1557 x509_crl_free( crl );
1558 return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
1559 }
1560
Paul Bakker27d66162010-03-17 06:56:01 +00001561 if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_alg ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +00001562 {
1563 x509_crl_free( crl );
1564 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
1565 }
1566
1567 /*
1568 * issuer Name
1569 */
1570 crl->issuer_raw.p = p;
1571
1572 if( ( ret = asn1_get_tag( &p, end, &len,
1573 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1574 {
1575 x509_crl_free( crl );
Paul Bakker9d781402011-05-09 16:17:09 +00001576 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
Paul Bakkerd98030e2009-05-02 15:13:40 +00001577 }
1578
1579 if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
1580 {
1581 x509_crl_free( crl );
1582 return( ret );
1583 }
1584
1585 crl->issuer_raw.len = p - crl->issuer_raw.p;
1586
1587 /*
1588 * thisUpdate Time
1589 * nextUpdate Time OPTIONAL
1590 */
Paul Bakker91200182010-02-18 21:26:15 +00001591 if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +00001592 {
1593 x509_crl_free( crl );
1594 return( ret );
1595 }
1596
Paul Bakker91200182010-02-18 21:26:15 +00001597 if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +00001598 {
Paul Bakker9d781402011-05-09 16:17:09 +00001599 if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
Paul Bakker9be19372009-07-27 20:21:53 +00001600 POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
Paul Bakker9d781402011-05-09 16:17:09 +00001601 ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
Paul Bakker9be19372009-07-27 20:21:53 +00001602 POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
Paul Bakker635f4b42009-07-20 20:34:41 +00001603 {
Paul Bakkerd98030e2009-05-02 15:13:40 +00001604 x509_crl_free( crl );
1605 return( ret );
1606 }
1607 }
1608
1609 /*
1610 * revokedCertificates SEQUENCE OF SEQUENCE {
1611 * userCertificate CertificateSerialNumber,
1612 * revocationDate Time,
1613 * crlEntryExtensions Extensions OPTIONAL
1614 * -- if present, MUST be v2
1615 * } OPTIONAL
1616 */
1617 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
1618 {
1619 x509_crl_free( crl );
1620 return( ret );
1621 }
1622
1623 /*
1624 * crlExtensions EXPLICIT Extensions OPTIONAL
1625 * -- if present, MUST be v2
1626 */
1627 if( crl->version == 2 )
1628 {
1629 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
1630
1631 if( ret != 0 )
1632 {
1633 x509_crl_free( crl );
1634 return( ret );
1635 }
1636 }
1637
1638 if( p != end )
1639 {
1640 x509_crl_free( crl );
Paul Bakker9d781402011-05-09 16:17:09 +00001641 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
Paul Bakkerd98030e2009-05-02 15:13:40 +00001642 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1643 }
1644
1645 end = crl->raw.p + crl->raw.len;
1646
1647 /*
1648 * signatureAlgorithm AlgorithmIdentifier,
1649 * signatureValue BIT STRING
1650 */
1651 if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
1652 {
1653 x509_crl_free( crl );
1654 return( ret );
1655 }
1656
1657 if( memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
1658 {
1659 x509_crl_free( crl );
1660 return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
1661 }
1662
1663 if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
1664 {
1665 x509_crl_free( crl );
1666 return( ret );
1667 }
1668
1669 if( p != end )
1670 {
1671 x509_crl_free( crl );
Paul Bakker9d781402011-05-09 16:17:09 +00001672 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
Paul Bakkerd98030e2009-05-02 15:13:40 +00001673 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1674 }
1675
1676 if( buflen > 0 )
1677 {
1678 crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1679
Paul Bakker7d06ad22009-05-02 15:53:56 +00001680 if( crl->next == NULL )
1681 {
Paul Bakkerd98030e2009-05-02 15:13:40 +00001682 x509_crl_free( crl );
Paul Bakker7d06ad22009-05-02 15:53:56 +00001683 return( 1 );
1684 }
Paul Bakkerd98030e2009-05-02 15:13:40 +00001685
Paul Bakker7d06ad22009-05-02 15:53:56 +00001686 crl = crl->next;
1687 memset( crl, 0, sizeof( x509_crl ) );
Paul Bakkerd98030e2009-05-02 15:13:40 +00001688
1689 return( x509parse_crl( crl, buf, buflen ) );
1690 }
1691
1692 return( 0 );
1693}
1694
Paul Bakker335db3f2011-04-25 15:28:35 +00001695#if defined(POLARSSL_FS_IO)
Paul Bakkerd98030e2009-05-02 15:13:40 +00001696/*
Paul Bakker2b245eb2009-04-19 18:44:26 +00001697 * Load all data from a file into a given buffer.
1698 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00001699int load_file( const char *path, unsigned char **buf, size_t *n )
Paul Bakker2b245eb2009-04-19 18:44:26 +00001700{
Paul Bakkerd98030e2009-05-02 15:13:40 +00001701 FILE *f;
Paul Bakker2b245eb2009-04-19 18:44:26 +00001702
Paul Bakkerd98030e2009-05-02 15:13:40 +00001703 if( ( f = fopen( path, "rb" ) ) == NULL )
1704 return( 1 );
Paul Bakker2b245eb2009-04-19 18:44:26 +00001705
Paul Bakkerd98030e2009-05-02 15:13:40 +00001706 fseek( f, 0, SEEK_END );
1707 *n = (size_t) ftell( f );
1708 fseek( f, 0, SEEK_SET );
Paul Bakker2b245eb2009-04-19 18:44:26 +00001709
Paul Bakkerd98030e2009-05-02 15:13:40 +00001710 if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
1711 return( 1 );
Paul Bakker2b245eb2009-04-19 18:44:26 +00001712
Paul Bakkerd98030e2009-05-02 15:13:40 +00001713 if( fread( *buf, 1, *n, f ) != *n )
1714 {
1715 fclose( f );
1716 free( *buf );
1717 return( 1 );
1718 }
Paul Bakker2b245eb2009-04-19 18:44:26 +00001719
Paul Bakkerd98030e2009-05-02 15:13:40 +00001720 fclose( f );
Paul Bakker2b245eb2009-04-19 18:44:26 +00001721
Paul Bakkerd98030e2009-05-02 15:13:40 +00001722 (*buf)[*n] = '\0';
Paul Bakker2b245eb2009-04-19 18:44:26 +00001723
Paul Bakkerd98030e2009-05-02 15:13:40 +00001724 return( 0 );
Paul Bakker2b245eb2009-04-19 18:44:26 +00001725}
1726
1727/*
Paul Bakker5121ce52009-01-03 21:22:43 +00001728 * Load one or more certificates and add them to the chained list
1729 */
Paul Bakker6c0ceb32011-12-04 12:24:18 +00001730int x509parse_crtfile( x509_cert *chain, const char *path, int permissive )
Paul Bakker5121ce52009-01-03 21:22:43 +00001731{
1732 int ret;
Paul Bakker5121ce52009-01-03 21:22:43 +00001733 size_t n;
1734 unsigned char *buf;
1735
Paul Bakker2b245eb2009-04-19 18:44:26 +00001736 if ( load_file( path, &buf, &n ) )
Paul Bakker5121ce52009-01-03 21:22:43 +00001737 return( 1 );
1738
Paul Bakker6c0ceb32011-12-04 12:24:18 +00001739 ret = x509parse_crt( chain, buf, n, permissive );
Paul Bakker5121ce52009-01-03 21:22:43 +00001740
1741 memset( buf, 0, n + 1 );
1742 free( buf );
Paul Bakker5121ce52009-01-03 21:22:43 +00001743
1744 return( ret );
1745}
1746
Paul Bakkerd98030e2009-05-02 15:13:40 +00001747/*
1748 * Load one or more CRLs and add them to the chained list
1749 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00001750int x509parse_crlfile( x509_crl *chain, const char *path )
Paul Bakkerd98030e2009-05-02 15:13:40 +00001751{
1752 int ret;
1753 size_t n;
1754 unsigned char *buf;
1755
1756 if ( load_file( path, &buf, &n ) )
1757 return( 1 );
1758
Paul Bakker27fdf462011-06-09 13:55:13 +00001759 ret = x509parse_crl( chain, buf, n );
Paul Bakkerd98030e2009-05-02 15:13:40 +00001760
1761 memset( buf, 0, n + 1 );
1762 free( buf );
1763
1764 return( ret );
1765}
1766
Paul Bakker5121ce52009-01-03 21:22:43 +00001767/*
Paul Bakker335db3f2011-04-25 15:28:35 +00001768 * Load and parse a private RSA key
1769 */
1770int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
1771{
1772 int ret;
1773 size_t n;
1774 unsigned char *buf;
1775
1776 if ( load_file( path, &buf, &n ) )
1777 return( 1 );
1778
1779 if( pwd == NULL )
Paul Bakker27fdf462011-06-09 13:55:13 +00001780 ret = x509parse_key( rsa, buf, n, NULL, 0 );
Paul Bakker335db3f2011-04-25 15:28:35 +00001781 else
Paul Bakker27fdf462011-06-09 13:55:13 +00001782 ret = x509parse_key( rsa, buf, n,
Paul Bakker335db3f2011-04-25 15:28:35 +00001783 (unsigned char *) pwd, strlen( pwd ) );
1784
1785 memset( buf, 0, n + 1 );
1786 free( buf );
1787
1788 return( ret );
1789}
1790
1791/*
1792 * Load and parse a public RSA key
1793 */
1794int x509parse_public_keyfile( rsa_context *rsa, const char *path )
1795{
1796 int ret;
1797 size_t n;
1798 unsigned char *buf;
1799
1800 if ( load_file( path, &buf, &n ) )
1801 return( 1 );
1802
Paul Bakker27fdf462011-06-09 13:55:13 +00001803 ret = x509parse_public_key( rsa, buf, n );
Paul Bakker335db3f2011-04-25 15:28:35 +00001804
1805 memset( buf, 0, n + 1 );
1806 free( buf );
1807
1808 return( ret );
1809}
1810#endif /* POLARSSL_FS_IO */
1811
1812/*
Paul Bakker5121ce52009-01-03 21:22:43 +00001813 * Parse a private RSA key
1814 */
Paul Bakker23986e52011-04-24 08:57:21 +00001815int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
1816 const unsigned char *pwd, size_t pwdlen )
Paul Bakker5121ce52009-01-03 21:22:43 +00001817{
Paul Bakker23986e52011-04-24 08:57:21 +00001818 int ret;
1819 size_t len;
Paul Bakker5121ce52009-01-03 21:22:43 +00001820 unsigned char *p, *end;
Paul Bakkered56b222011-07-13 11:26:43 +00001821 unsigned char *p_alt;
1822 x509_buf pk_alg_oid;
1823
Paul Bakker96743fc2011-02-12 14:30:57 +00001824#if defined(POLARSSL_PEM_C)
1825 pem_context pem;
Paul Bakker5121ce52009-01-03 21:22:43 +00001826
Paul Bakker96743fc2011-02-12 14:30:57 +00001827 pem_init( &pem );
1828 ret = pem_read_buffer( &pem,
1829 "-----BEGIN RSA PRIVATE KEY-----",
1830 "-----END RSA PRIVATE KEY-----",
1831 key, pwd, pwdlen, &len );
Paul Bakker5121ce52009-01-03 21:22:43 +00001832
Paul Bakkered56b222011-07-13 11:26:43 +00001833 if( ret == POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1834 {
1835 ret = pem_read_buffer( &pem,
1836 "-----BEGIN PRIVATE KEY-----",
1837 "-----END PRIVATE KEY-----",
1838 key, pwd, pwdlen, &len );
1839 }
1840
Paul Bakker96743fc2011-02-12 14:30:57 +00001841 if( ret == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +00001842 {
Paul Bakker96743fc2011-02-12 14:30:57 +00001843 /*
1844 * Was PEM encoded
1845 */
1846 keylen = pem.buflen;
Paul Bakker5121ce52009-01-03 21:22:43 +00001847 }
Paul Bakker96743fc2011-02-12 14:30:57 +00001848 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
Paul Bakkerff60ee62010-03-16 21:09:09 +00001849 {
Paul Bakker96743fc2011-02-12 14:30:57 +00001850 pem_free( &pem );
1851 return( ret );
Paul Bakkerff60ee62010-03-16 21:09:09 +00001852 }
Paul Bakker5121ce52009-01-03 21:22:43 +00001853
Paul Bakker96743fc2011-02-12 14:30:57 +00001854 p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
1855#else
Paul Bakker5690efc2011-05-26 13:16:06 +00001856 ((void) pwd);
1857 ((void) pwdlen);
Paul Bakker96743fc2011-02-12 14:30:57 +00001858 p = (unsigned char *) key;
1859#endif
1860 end = p + keylen;
1861
Paul Bakker5121ce52009-01-03 21:22:43 +00001862 /*
Paul Bakkered56b222011-07-13 11:26:43 +00001863 * Note: Depending on the type of private key file one can expect either a
1864 * PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
1865 *
1866 * PrivateKeyInfo ::= SEQUENCE {
Paul Bakker5c721f92011-07-27 16:51:09 +00001867 * version Version,
Paul Bakkered56b222011-07-13 11:26:43 +00001868 * algorithm AlgorithmIdentifier,
1869 * PrivateKey BIT STRING
1870 * }
1871 *
1872 * AlgorithmIdentifier ::= SEQUENCE {
1873 * algorithm OBJECT IDENTIFIER,
1874 * parameters ANY DEFINED BY algorithm OPTIONAL
1875 * }
1876 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001877 * RSAPrivateKey ::= SEQUENCE {
1878 * version Version,
1879 * modulus INTEGER, -- n
1880 * publicExponent INTEGER, -- e
1881 * privateExponent INTEGER, -- d
1882 * prime1 INTEGER, -- p
1883 * prime2 INTEGER, -- q
1884 * exponent1 INTEGER, -- d mod (p-1)
1885 * exponent2 INTEGER, -- d mod (q-1)
1886 * coefficient INTEGER, -- (inverse of q) mod p
1887 * otherPrimeInfos OtherPrimeInfos OPTIONAL
1888 * }
1889 */
1890 if( ( ret = asn1_get_tag( &p, end, &len,
1891 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1892 {
Paul Bakker96743fc2011-02-12 14:30:57 +00001893#if defined(POLARSSL_PEM_C)
1894 pem_free( &pem );
1895#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00001896 rsa_free( rsa );
Paul Bakker9d781402011-05-09 16:17:09 +00001897 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00001898 }
1899
1900 end = p + len;
1901
1902 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
1903 {
Paul Bakker96743fc2011-02-12 14:30:57 +00001904#if defined(POLARSSL_PEM_C)
1905 pem_free( &pem );
1906#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00001907 rsa_free( rsa );
Paul Bakker9d781402011-05-09 16:17:09 +00001908 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00001909 }
1910
1911 if( rsa->ver != 0 )
1912 {
Paul Bakker96743fc2011-02-12 14:30:57 +00001913#if defined(POLARSSL_PEM_C)
1914 pem_free( &pem );
1915#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00001916 rsa_free( rsa );
Paul Bakker9d781402011-05-09 16:17:09 +00001917 return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00001918 }
1919
Paul Bakkered56b222011-07-13 11:26:43 +00001920 p_alt = p;
1921
1922 if( ( ret = x509_get_alg( &p_alt, end, &pk_alg_oid ) ) != 0 )
1923 {
1924 // Assume that we have the PKCS#1 format if wrong
1925 // tag was encountered
1926 //
1927 if( ret != POLARSSL_ERR_X509_CERT_INVALID_ALG +
1928 POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
1929 {
1930#if defined(POLARSSL_PEM_C)
1931 pem_free( &pem );
1932#endif
1933 rsa_free( rsa );
1934 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
1935 }
1936 }
1937 else
1938 {
1939 int can_handle;
1940
1941 /*
1942 * only RSA keys handled at this time
1943 */
1944 can_handle = 0;
1945
1946 if( pk_alg_oid.len == 9 &&
1947 memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) == 0 )
1948 can_handle = 1;
1949
1950 if( pk_alg_oid.len == 9 &&
1951 memcmp( pk_alg_oid.p, OID_PKCS1, 8 ) == 0 )
1952 {
1953 if( pk_alg_oid.p[8] >= 2 && pk_alg_oid.p[8] <= 5 )
1954 can_handle = 1;
1955
1956 if ( pk_alg_oid.p[8] >= 11 && pk_alg_oid.p[8] <= 14 )
1957 can_handle = 1;
1958 }
1959
1960 if( pk_alg_oid.len == 5 &&
1961 memcmp( pk_alg_oid.p, OID_RSA_SHA_OBS, 5 ) == 0 )
1962 can_handle = 1;
1963
1964 if( can_handle == 0 )
1965 return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
1966
1967 /*
1968 * Parse the PKCS#8 format
1969 */
1970
1971 p = p_alt;
1972 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
1973 {
1974#if defined(POLARSSL_PEM_C)
1975 pem_free( &pem );
1976#endif
1977 rsa_free( rsa );
1978 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
1979 }
1980
1981 if( ( end - p ) < 1 )
1982 {
1983#if defined(POLARSSL_PEM_C)
1984 pem_free( &pem );
1985#endif
1986 rsa_free( rsa );
1987 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
1988 POLARSSL_ERR_ASN1_OUT_OF_DATA );
1989 }
1990
1991 end = p + len;
1992
1993 if( ( ret = asn1_get_tag( &p, end, &len,
1994 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1995 {
1996#if defined(POLARSSL_PEM_C)
1997 pem_free( &pem );
1998#endif
1999 rsa_free( rsa );
2000 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2001 }
2002
2003 end = p + len;
2004
2005 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2006 {
2007#if defined(POLARSSL_PEM_C)
2008 pem_free( &pem );
2009#endif
2010 rsa_free( rsa );
2011 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2012 }
2013
2014 if( rsa->ver != 0 )
2015 {
2016#if defined(POLARSSL_PEM_C)
2017 pem_free( &pem );
2018#endif
2019 rsa_free( rsa );
2020 return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2021 }
2022 }
2023
Paul Bakker5121ce52009-01-03 21:22:43 +00002024 if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
2025 ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
2026 ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
2027 ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
2028 ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
2029 ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
2030 ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
2031 ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
2032 {
Paul Bakker96743fc2011-02-12 14:30:57 +00002033#if defined(POLARSSL_PEM_C)
2034 pem_free( &pem );
2035#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00002036 rsa_free( rsa );
Paul Bakker9d781402011-05-09 16:17:09 +00002037 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
Paul Bakker5121ce52009-01-03 21:22:43 +00002038 }
2039
2040 rsa->len = mpi_size( &rsa->N );
2041
2042 if( p != end )
2043 {
Paul Bakker96743fc2011-02-12 14:30:57 +00002044#if defined(POLARSSL_PEM_C)
2045 pem_free( &pem );
2046#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00002047 rsa_free( rsa );
Paul Bakker9d781402011-05-09 16:17:09 +00002048 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
Paul Bakker40e46942009-01-03 21:51:57 +00002049 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker5121ce52009-01-03 21:22:43 +00002050 }
2051
2052 if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
2053 {
Paul Bakker96743fc2011-02-12 14:30:57 +00002054#if defined(POLARSSL_PEM_C)
2055 pem_free( &pem );
2056#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00002057 rsa_free( rsa );
2058 return( ret );
2059 }
2060
Paul Bakker96743fc2011-02-12 14:30:57 +00002061#if defined(POLARSSL_PEM_C)
2062 pem_free( &pem );
2063#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00002064
2065 return( 0 );
2066}
2067
2068/*
Paul Bakker53019ae2011-03-25 13:58:48 +00002069 * Parse a public RSA key
2070 */
Paul Bakker23986e52011-04-24 08:57:21 +00002071int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t keylen )
Paul Bakker53019ae2011-03-25 13:58:48 +00002072{
Paul Bakker23986e52011-04-24 08:57:21 +00002073 int ret;
2074 size_t len;
Paul Bakker53019ae2011-03-25 13:58:48 +00002075 unsigned char *p, *end;
2076 x509_buf alg_oid;
2077#if defined(POLARSSL_PEM_C)
2078 pem_context pem;
2079
2080 pem_init( &pem );
2081 ret = pem_read_buffer( &pem,
2082 "-----BEGIN PUBLIC KEY-----",
2083 "-----END PUBLIC KEY-----",
2084 key, NULL, 0, &len );
2085
2086 if( ret == 0 )
2087 {
2088 /*
2089 * Was PEM encoded
2090 */
2091 keylen = pem.buflen;
2092 }
2093 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
2094 {
2095 pem_free( &pem );
2096 return( ret );
2097 }
2098
2099 p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
2100#else
2101 p = (unsigned char *) key;
2102#endif
2103 end = p + keylen;
2104
2105 /*
2106 * PublicKeyInfo ::= SEQUENCE {
2107 * algorithm AlgorithmIdentifier,
2108 * PublicKey BIT STRING
2109 * }
2110 *
2111 * AlgorithmIdentifier ::= SEQUENCE {
2112 * algorithm OBJECT IDENTIFIER,
2113 * parameters ANY DEFINED BY algorithm OPTIONAL
2114 * }
2115 *
2116 * RSAPublicKey ::= SEQUENCE {
2117 * modulus INTEGER, -- n
2118 * publicExponent INTEGER -- e
2119 * }
2120 */
2121
2122 if( ( ret = asn1_get_tag( &p, end, &len,
2123 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2124 {
2125#if defined(POLARSSL_PEM_C)
2126 pem_free( &pem );
2127#endif
2128 rsa_free( rsa );
Paul Bakker9d781402011-05-09 16:17:09 +00002129 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
Paul Bakker53019ae2011-03-25 13:58:48 +00002130 }
2131
2132 if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->N, &rsa->E ) ) != 0 )
2133 {
2134#if defined(POLARSSL_PEM_C)
2135 pem_free( &pem );
2136#endif
2137 rsa_free( rsa );
Paul Bakker9d781402011-05-09 16:17:09 +00002138 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
Paul Bakker53019ae2011-03-25 13:58:48 +00002139 }
2140
2141 if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
2142 {
2143#if defined(POLARSSL_PEM_C)
2144 pem_free( &pem );
2145#endif
2146 rsa_free( rsa );
2147 return( ret );
2148 }
2149
2150 rsa->len = mpi_size( &rsa->N );
2151
2152#if defined(POLARSSL_PEM_C)
2153 pem_free( &pem );
2154#endif
2155
2156 return( 0 );
2157}
2158
Paul Bakkereaa89f82011-04-04 21:36:15 +00002159#if defined(POLARSSL_DHM_C)
Paul Bakker53019ae2011-03-25 13:58:48 +00002160/*
Paul Bakker1b57b062011-01-06 15:48:19 +00002161 * Parse DHM parameters
2162 */
Paul Bakker23986e52011-04-24 08:57:21 +00002163int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
Paul Bakker1b57b062011-01-06 15:48:19 +00002164{
Paul Bakker23986e52011-04-24 08:57:21 +00002165 int ret;
2166 size_t len;
Paul Bakker1b57b062011-01-06 15:48:19 +00002167 unsigned char *p, *end;
Paul Bakker96743fc2011-02-12 14:30:57 +00002168#if defined(POLARSSL_PEM_C)
2169 pem_context pem;
Paul Bakker1b57b062011-01-06 15:48:19 +00002170
Paul Bakker96743fc2011-02-12 14:30:57 +00002171 pem_init( &pem );
Paul Bakker1b57b062011-01-06 15:48:19 +00002172
Paul Bakker96743fc2011-02-12 14:30:57 +00002173 ret = pem_read_buffer( &pem,
2174 "-----BEGIN DH PARAMETERS-----",
2175 "-----END DH PARAMETERS-----",
2176 dhmin, NULL, 0, &dhminlen );
2177
2178 if( ret == 0 )
Paul Bakker1b57b062011-01-06 15:48:19 +00002179 {
Paul Bakker96743fc2011-02-12 14:30:57 +00002180 /*
2181 * Was PEM encoded
2182 */
2183 dhminlen = pem.buflen;
Paul Bakker1b57b062011-01-06 15:48:19 +00002184 }
Paul Bakker96743fc2011-02-12 14:30:57 +00002185 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
Paul Bakker1b57b062011-01-06 15:48:19 +00002186 {
Paul Bakker96743fc2011-02-12 14:30:57 +00002187 pem_free( &pem );
2188 return( ret );
Paul Bakker1b57b062011-01-06 15:48:19 +00002189 }
2190
Paul Bakker96743fc2011-02-12 14:30:57 +00002191 p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
2192#else
2193 p = (unsigned char *) dhmin;
2194#endif
2195 end = p + dhminlen;
2196
Paul Bakker1b57b062011-01-06 15:48:19 +00002197 memset( dhm, 0, sizeof( dhm_context ) );
2198
Paul Bakker1b57b062011-01-06 15:48:19 +00002199 /*
2200 * DHParams ::= SEQUENCE {
2201 * prime INTEGER, -- P
2202 * generator INTEGER, -- g
2203 * }
2204 */
2205 if( ( ret = asn1_get_tag( &p, end, &len,
2206 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2207 {
Paul Bakker96743fc2011-02-12 14:30:57 +00002208#if defined(POLARSSL_PEM_C)
2209 pem_free( &pem );
2210#endif
Paul Bakker9d781402011-05-09 16:17:09 +00002211 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
Paul Bakker1b57b062011-01-06 15:48:19 +00002212 }
2213
2214 end = p + len;
2215
2216 if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
2217 ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
2218 {
Paul Bakker96743fc2011-02-12 14:30:57 +00002219#if defined(POLARSSL_PEM_C)
2220 pem_free( &pem );
2221#endif
Paul Bakker1b57b062011-01-06 15:48:19 +00002222 dhm_free( dhm );
Paul Bakker9d781402011-05-09 16:17:09 +00002223 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
Paul Bakker1b57b062011-01-06 15:48:19 +00002224 }
2225
2226 if( p != end )
2227 {
Paul Bakker96743fc2011-02-12 14:30:57 +00002228#if defined(POLARSSL_PEM_C)
2229 pem_free( &pem );
2230#endif
Paul Bakker1b57b062011-01-06 15:48:19 +00002231 dhm_free( dhm );
Paul Bakker9d781402011-05-09 16:17:09 +00002232 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
Paul Bakker1b57b062011-01-06 15:48:19 +00002233 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
2234 }
2235
Paul Bakker96743fc2011-02-12 14:30:57 +00002236#if defined(POLARSSL_PEM_C)
2237 pem_free( &pem );
2238#endif
Paul Bakker1b57b062011-01-06 15:48:19 +00002239
2240 return( 0 );
2241}
2242
Paul Bakker335db3f2011-04-25 15:28:35 +00002243#if defined(POLARSSL_FS_IO)
Paul Bakker1b57b062011-01-06 15:48:19 +00002244/*
2245 * Load and parse a private RSA key
2246 */
2247int x509parse_dhmfile( dhm_context *dhm, const char *path )
2248{
2249 int ret;
2250 size_t n;
2251 unsigned char *buf;
2252
2253 if ( load_file( path, &buf, &n ) )
2254 return( 1 );
2255
Paul Bakker27fdf462011-06-09 13:55:13 +00002256 ret = x509parse_dhm( dhm, buf, n );
Paul Bakker1b57b062011-01-06 15:48:19 +00002257
2258 memset( buf, 0, n + 1 );
2259 free( buf );
2260
2261 return( ret );
2262}
Paul Bakker335db3f2011-04-25 15:28:35 +00002263#endif /* POLARSSL_FS_IO */
Paul Bakkereaa89f82011-04-04 21:36:15 +00002264#endif /* POLARSSL_DHM_C */
Paul Bakker1b57b062011-01-06 15:48:19 +00002265
Paul Bakker5121ce52009-01-03 21:22:43 +00002266#if defined _MSC_VER && !defined snprintf
Paul Bakkerd98030e2009-05-02 15:13:40 +00002267#include <stdarg.h>
2268
2269#if !defined vsnprintf
2270#define vsnprintf _vsnprintf
2271#endif // vsnprintf
2272
2273/*
2274 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
2275 * Result value is not size of buffer needed, but -1 if no fit is possible.
2276 *
2277 * This fuction tries to 'fix' this by at least suggesting enlarging the
2278 * size by 20.
2279 */
2280int compat_snprintf(char *str, size_t size, const char *format, ...)
2281{
2282 va_list ap;
2283 int res = -1;
2284
2285 va_start( ap, format );
2286
2287 res = vsnprintf( str, size, format, ap );
2288
2289 va_end( ap );
2290
2291 // No quick fix possible
2292 if ( res < 0 )
Paul Bakker23986e52011-04-24 08:57:21 +00002293 return( (int) size + 20 );
Paul Bakkerd98030e2009-05-02 15:13:40 +00002294
2295 return res;
2296}
2297
2298#define snprintf compat_snprintf
Paul Bakker5121ce52009-01-03 21:22:43 +00002299#endif
2300
Paul Bakkerd98030e2009-05-02 15:13:40 +00002301#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2302
2303#define SAFE_SNPRINTF() \
2304{ \
2305 if( ret == -1 ) \
2306 return( -1 ); \
2307 \
Paul Bakker23986e52011-04-24 08:57:21 +00002308 if ( (unsigned int) ret > n ) { \
Paul Bakkerd98030e2009-05-02 15:13:40 +00002309 p[n - 1] = '\0'; \
2310 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2311 } \
2312 \
Paul Bakker23986e52011-04-24 08:57:21 +00002313 n -= (unsigned int) ret; \
2314 p += (unsigned int) ret; \
Paul Bakkerd98030e2009-05-02 15:13:40 +00002315}
2316
Paul Bakker5121ce52009-01-03 21:22:43 +00002317/*
2318 * Store the name in printable form into buf; no more
Paul Bakkerd98030e2009-05-02 15:13:40 +00002319 * than size characters will be written
Paul Bakker5121ce52009-01-03 21:22:43 +00002320 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00002321int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
Paul Bakker5121ce52009-01-03 21:22:43 +00002322{
Paul Bakker23986e52011-04-24 08:57:21 +00002323 int ret;
2324 size_t i, n;
Paul Bakker5121ce52009-01-03 21:22:43 +00002325 unsigned char c;
Paul Bakkerff60ee62010-03-16 21:09:09 +00002326 const x509_name *name;
Paul Bakker5121ce52009-01-03 21:22:43 +00002327 char s[128], *p;
2328
2329 memset( s, 0, sizeof( s ) );
2330
2331 name = dn;
2332 p = buf;
Paul Bakkerd98030e2009-05-02 15:13:40 +00002333 n = size;
Paul Bakker5121ce52009-01-03 21:22:43 +00002334
2335 while( name != NULL )
2336 {
Paul Bakker74111d32011-01-15 16:57:55 +00002337 if( name != dn )
2338 {
Paul Bakkerd98030e2009-05-02 15:13:40 +00002339 ret = snprintf( p, n, ", " );
2340 SAFE_SNPRINTF();
2341 }
Paul Bakker5121ce52009-01-03 21:22:43 +00002342
2343 if( memcmp( name->oid.p, OID_X520, 2 ) == 0 )
2344 {
2345 switch( name->oid.p[2] )
2346 {
2347 case X520_COMMON_NAME:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002348 ret = snprintf( p, n, "CN=" ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002349
2350 case X520_COUNTRY:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002351 ret = snprintf( p, n, "C=" ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002352
2353 case X520_LOCALITY:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002354 ret = snprintf( p, n, "L=" ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002355
2356 case X520_STATE:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002357 ret = snprintf( p, n, "ST=" ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002358
2359 case X520_ORGANIZATION:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002360 ret = snprintf( p, n, "O=" ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002361
2362 case X520_ORG_UNIT:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002363 ret = snprintf( p, n, "OU=" ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002364
2365 default:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002366 ret = snprintf( p, n, "0x%02X=",
Paul Bakker5121ce52009-01-03 21:22:43 +00002367 name->oid.p[2] );
2368 break;
2369 }
Paul Bakkerd98030e2009-05-02 15:13:40 +00002370 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002371 }
2372 else if( memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
2373 {
2374 switch( name->oid.p[8] )
2375 {
2376 case PKCS9_EMAIL:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002377 ret = snprintf( p, n, "emailAddress=" ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002378
2379 default:
Paul Bakkerd98030e2009-05-02 15:13:40 +00002380 ret = snprintf( p, n, "0x%02X=",
Paul Bakker5121ce52009-01-03 21:22:43 +00002381 name->oid.p[8] );
2382 break;
2383 }
Paul Bakkerd98030e2009-05-02 15:13:40 +00002384 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002385 }
2386 else
Paul Bakker74111d32011-01-15 16:57:55 +00002387 {
Paul Bakkerd98030e2009-05-02 15:13:40 +00002388 ret = snprintf( p, n, "\?\?=" );
Paul Bakker74111d32011-01-15 16:57:55 +00002389 SAFE_SNPRINTF();
Paul Bakkerd98030e2009-05-02 15:13:40 +00002390 }
Paul Bakker5121ce52009-01-03 21:22:43 +00002391
2392 for( i = 0; i < name->val.len; i++ )
2393 {
Paul Bakker27fdf462011-06-09 13:55:13 +00002394 if( i >= sizeof( s ) - 1 )
Paul Bakker5121ce52009-01-03 21:22:43 +00002395 break;
2396
2397 c = name->val.p[i];
2398 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2399 s[i] = '?';
2400 else s[i] = c;
2401 }
2402 s[i] = '\0';
Paul Bakkerd98030e2009-05-02 15:13:40 +00002403 ret = snprintf( p, n, "%s", s );
2404 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002405 name = name->next;
2406 }
2407
Paul Bakker23986e52011-04-24 08:57:21 +00002408 return( (int) ( size - n ) );
Paul Bakker5121ce52009-01-03 21:22:43 +00002409}
2410
2411/*
Paul Bakkerdd476992011-01-16 21:34:59 +00002412 * Store the serial in printable form into buf; no more
2413 * than size characters will be written
2414 */
2415int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
2416{
Paul Bakker23986e52011-04-24 08:57:21 +00002417 int ret;
2418 size_t i, n, nr;
Paul Bakkerdd476992011-01-16 21:34:59 +00002419 char *p;
2420
2421 p = buf;
2422 n = size;
2423
2424 nr = ( serial->len <= 32 )
Paul Bakker03c7c252011-11-25 12:37:37 +00002425 ? serial->len : 28;
Paul Bakkerdd476992011-01-16 21:34:59 +00002426
2427 for( i = 0; i < nr; i++ )
2428 {
Paul Bakker93048802011-12-05 14:38:06 +00002429 if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
Paul Bakkerc8ffbe72011-12-05 14:22:49 +00002430 continue;
2431
Paul Bakkerdd476992011-01-16 21:34:59 +00002432 ret = snprintf( p, n, "%02X%s",
2433 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
2434 SAFE_SNPRINTF();
2435 }
2436
Paul Bakker03c7c252011-11-25 12:37:37 +00002437 if( nr != serial->len )
2438 {
2439 ret = snprintf( p, n, "...." );
2440 SAFE_SNPRINTF();
2441 }
2442
Paul Bakker23986e52011-04-24 08:57:21 +00002443 return( (int) ( size - n ) );
Paul Bakkerdd476992011-01-16 21:34:59 +00002444}
2445
2446/*
Paul Bakkerd98030e2009-05-02 15:13:40 +00002447 * Return an informational string about the certificate.
Paul Bakker5121ce52009-01-03 21:22:43 +00002448 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00002449int x509parse_cert_info( char *buf, size_t size, const char *prefix,
2450 const x509_cert *crt )
Paul Bakker5121ce52009-01-03 21:22:43 +00002451{
Paul Bakker23986e52011-04-24 08:57:21 +00002452 int ret;
2453 size_t n;
Paul Bakkerd98030e2009-05-02 15:13:40 +00002454 char *p;
Paul Bakker5121ce52009-01-03 21:22:43 +00002455
2456 p = buf;
Paul Bakkerd98030e2009-05-02 15:13:40 +00002457 n = size;
Paul Bakker5121ce52009-01-03 21:22:43 +00002458
Paul Bakkerd98030e2009-05-02 15:13:40 +00002459 ret = snprintf( p, n, "%scert. version : %d\n",
Paul Bakker5121ce52009-01-03 21:22:43 +00002460 prefix, crt->version );
Paul Bakkerd98030e2009-05-02 15:13:40 +00002461 SAFE_SNPRINTF();
2462 ret = snprintf( p, n, "%sserial number : ",
Paul Bakker5121ce52009-01-03 21:22:43 +00002463 prefix );
Paul Bakkerd98030e2009-05-02 15:13:40 +00002464 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002465
Paul Bakkerdd476992011-01-16 21:34:59 +00002466 ret = x509parse_serial_gets( p, n, &crt->serial);
2467 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002468
Paul Bakkerd98030e2009-05-02 15:13:40 +00002469 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2470 SAFE_SNPRINTF();
2471 ret = x509parse_dn_gets( p, n, &crt->issuer );
2472 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002473
Paul Bakkerd98030e2009-05-02 15:13:40 +00002474 ret = snprintf( p, n, "\n%ssubject name : ", prefix );
2475 SAFE_SNPRINTF();
2476 ret = x509parse_dn_gets( p, n, &crt->subject );
2477 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002478
Paul Bakkerd98030e2009-05-02 15:13:40 +00002479 ret = snprintf( p, n, "\n%sissued on : " \
Paul Bakker5121ce52009-01-03 21:22:43 +00002480 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2481 crt->valid_from.year, crt->valid_from.mon,
2482 crt->valid_from.day, crt->valid_from.hour,
2483 crt->valid_from.min, crt->valid_from.sec );
Paul Bakkerd98030e2009-05-02 15:13:40 +00002484 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002485
Paul Bakkerd98030e2009-05-02 15:13:40 +00002486 ret = snprintf( p, n, "\n%sexpires on : " \
Paul Bakker5121ce52009-01-03 21:22:43 +00002487 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2488 crt->valid_to.year, crt->valid_to.mon,
2489 crt->valid_to.day, crt->valid_to.hour,
2490 crt->valid_to.min, crt->valid_to.sec );
Paul Bakkerd98030e2009-05-02 15:13:40 +00002491 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002492
Paul Bakkerd98030e2009-05-02 15:13:40 +00002493 ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2494 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002495
Paul Bakker27d66162010-03-17 06:56:01 +00002496 switch( crt->sig_alg )
Paul Bakker5121ce52009-01-03 21:22:43 +00002497 {
Paul Bakkerd98030e2009-05-02 15:13:40 +00002498 case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2499 case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2500 case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2501 case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2502 case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2503 case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2504 case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2505 case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2506 default: ret = snprintf( p, n, "???" ); break;
2507 }
2508 SAFE_SNPRINTF();
2509
2510 ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
Paul Bakkerf4f69682011-04-24 16:08:12 +00002511 (int) crt->rsa.N.n * (int) sizeof( unsigned long ) * 8 );
Paul Bakkerd98030e2009-05-02 15:13:40 +00002512 SAFE_SNPRINTF();
2513
Paul Bakker23986e52011-04-24 08:57:21 +00002514 return( (int) ( size - n ) );
Paul Bakkerd98030e2009-05-02 15:13:40 +00002515}
2516
Paul Bakker74111d32011-01-15 16:57:55 +00002517/* Compare a given OID string with an OID x509_buf * */
2518#define OID_CMP(oid_str, oid_buf) \
2519 ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
2520 memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
2521
2522/*
2523 * Return an informational string describing the given OID
2524 */
2525const char *x509_oid_get_description( x509_buf *oid )
2526{
2527 if ( oid == NULL )
2528 return ( NULL );
2529
2530 else if( OID_CMP( OID_SERVER_AUTH, oid ) )
2531 return( STRING_SERVER_AUTH );
2532
2533 else if( OID_CMP( OID_CLIENT_AUTH, oid ) )
2534 return( STRING_CLIENT_AUTH );
2535
2536 else if( OID_CMP( OID_CODE_SIGNING, oid ) )
2537 return( STRING_CODE_SIGNING );
2538
2539 else if( OID_CMP( OID_EMAIL_PROTECTION, oid ) )
2540 return( STRING_EMAIL_PROTECTION );
2541
2542 else if( OID_CMP( OID_TIME_STAMPING, oid ) )
2543 return( STRING_TIME_STAMPING );
2544
2545 else if( OID_CMP( OID_OCSP_SIGNING, oid ) )
2546 return( STRING_OCSP_SIGNING );
2547
2548 return( NULL );
2549}
2550
2551/* Return the x.y.z.... style numeric string for the given OID */
2552int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
2553{
Paul Bakker23986e52011-04-24 08:57:21 +00002554 int ret;
2555 size_t i, n;
Paul Bakker74111d32011-01-15 16:57:55 +00002556 unsigned int value;
2557 char *p;
2558
2559 p = buf;
2560 n = size;
2561
2562 /* First byte contains first two dots */
2563 if( oid->len > 0 )
2564 {
2565 ret = snprintf( p, n, "%d.%d", oid->p[0]/40, oid->p[0]%40 );
2566 SAFE_SNPRINTF();
2567 }
2568
2569 /* TODO: value can overflow in value. */
2570 value = 0;
Paul Bakker23986e52011-04-24 08:57:21 +00002571 for( i = 1; i < oid->len; i++ )
Paul Bakker74111d32011-01-15 16:57:55 +00002572 {
2573 value <<= 7;
2574 value += oid->p[i] & 0x7F;
2575
2576 if( !( oid->p[i] & 0x80 ) )
2577 {
2578 /* Last byte */
2579 ret = snprintf( p, n, ".%d", value );
2580 SAFE_SNPRINTF();
2581 value = 0;
2582 }
2583 }
2584
Paul Bakker23986e52011-04-24 08:57:21 +00002585 return( (int) ( size - n ) );
Paul Bakker74111d32011-01-15 16:57:55 +00002586}
2587
Paul Bakkerd98030e2009-05-02 15:13:40 +00002588/*
2589 * Return an informational string about the CRL.
2590 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00002591int x509parse_crl_info( char *buf, size_t size, const char *prefix,
2592 const x509_crl *crl )
Paul Bakkerd98030e2009-05-02 15:13:40 +00002593{
Paul Bakker23986e52011-04-24 08:57:21 +00002594 int ret;
Paul Bakkerc8ffbe72011-12-05 14:22:49 +00002595 size_t n;
Paul Bakkerd98030e2009-05-02 15:13:40 +00002596 char *p;
Paul Bakkerff60ee62010-03-16 21:09:09 +00002597 const x509_crl_entry *entry;
Paul Bakkerd98030e2009-05-02 15:13:40 +00002598
2599 p = buf;
2600 n = size;
2601
2602 ret = snprintf( p, n, "%sCRL version : %d",
2603 prefix, crl->version );
2604 SAFE_SNPRINTF();
2605
2606 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2607 SAFE_SNPRINTF();
2608 ret = x509parse_dn_gets( p, n, &crl->issuer );
2609 SAFE_SNPRINTF();
2610
2611 ret = snprintf( p, n, "\n%sthis update : " \
2612 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2613 crl->this_update.year, crl->this_update.mon,
2614 crl->this_update.day, crl->this_update.hour,
2615 crl->this_update.min, crl->this_update.sec );
2616 SAFE_SNPRINTF();
2617
2618 ret = snprintf( p, n, "\n%snext update : " \
2619 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2620 crl->next_update.year, crl->next_update.mon,
2621 crl->next_update.day, crl->next_update.hour,
2622 crl->next_update.min, crl->next_update.sec );
2623 SAFE_SNPRINTF();
2624
2625 entry = &crl->entry;
2626
2627 ret = snprintf( p, n, "\n%sRevoked certificates:",
2628 prefix );
2629 SAFE_SNPRINTF();
2630
Paul Bakker9be19372009-07-27 20:21:53 +00002631 while( entry != NULL && entry->raw.len != 0 )
Paul Bakkerd98030e2009-05-02 15:13:40 +00002632 {
2633 ret = snprintf( p, n, "\n%sserial number: ",
2634 prefix );
2635 SAFE_SNPRINTF();
2636
Paul Bakkerc8ffbe72011-12-05 14:22:49 +00002637 ret = x509parse_serial_gets( p, n, &entry->serial);
2638 SAFE_SNPRINTF();
Paul Bakkerd98030e2009-05-02 15:13:40 +00002639
Paul Bakkerd98030e2009-05-02 15:13:40 +00002640 ret = snprintf( p, n, " revocation date: " \
2641 "%04d-%02d-%02d %02d:%02d:%02d",
2642 entry->revocation_date.year, entry->revocation_date.mon,
2643 entry->revocation_date.day, entry->revocation_date.hour,
2644 entry->revocation_date.min, entry->revocation_date.sec );
Paul Bakkerc8ffbe72011-12-05 14:22:49 +00002645 SAFE_SNPRINTF();
Paul Bakkerd98030e2009-05-02 15:13:40 +00002646
2647 entry = entry->next;
Paul Bakker5121ce52009-01-03 21:22:43 +00002648 }
2649
Paul Bakkerd98030e2009-05-02 15:13:40 +00002650 ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2651 SAFE_SNPRINTF();
Paul Bakker5121ce52009-01-03 21:22:43 +00002652
Paul Bakker27d66162010-03-17 06:56:01 +00002653 switch( crl->sig_alg )
Paul Bakkerd98030e2009-05-02 15:13:40 +00002654 {
2655 case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2656 case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2657 case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2658 case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2659 case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2660 case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2661 case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2662 case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2663 default: ret = snprintf( p, n, "???" ); break;
2664 }
2665 SAFE_SNPRINTF();
2666
Paul Bakker1e27bb22009-07-19 20:25:25 +00002667 ret = snprintf( p, n, "\n" );
2668 SAFE_SNPRINTF();
2669
Paul Bakker23986e52011-04-24 08:57:21 +00002670 return( (int) ( size - n ) );
Paul Bakker5121ce52009-01-03 21:22:43 +00002671}
2672
2673/*
Paul Bakker40ea7de2009-05-03 10:18:48 +00002674 * Return 0 if the x509_time is still valid, or 1 otherwise.
Paul Bakker5121ce52009-01-03 21:22:43 +00002675 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00002676int x509parse_time_expired( const x509_time *to )
Paul Bakker5121ce52009-01-03 21:22:43 +00002677{
Paul Bakkercce9d772011-11-18 14:26:47 +00002678 int year, mon, day;
2679 int hour, min, sec;
2680
2681#if defined(_WIN32)
2682 SYSTEMTIME st;
2683
2684 GetLocalTime(&st);
2685
2686 year = st.wYear;
2687 mon = st.wMonth;
2688 day = st.wDay;
2689 hour = st.wHour;
2690 min = st.wMinute;
2691 sec = st.wSecond;
2692#else
Paul Bakker5121ce52009-01-03 21:22:43 +00002693 struct tm *lt;
2694 time_t tt;
2695
2696 tt = time( NULL );
2697 lt = localtime( &tt );
2698
Paul Bakkercce9d772011-11-18 14:26:47 +00002699 year = lt->tm_year + 1900;
2700 mon = lt->tm_mon + 1;
2701 day = lt->tm_mday;
2702 hour = lt->tm_hour;
2703 min = lt->tm_min;
2704 sec = lt->tm_sec;
2705#endif
2706
2707 if( year > to->year )
Paul Bakker40ea7de2009-05-03 10:18:48 +00002708 return( 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +00002709
Paul Bakkercce9d772011-11-18 14:26:47 +00002710 if( year == to->year &&
2711 mon > to->mon )
Paul Bakker40ea7de2009-05-03 10:18:48 +00002712 return( 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +00002713
Paul Bakkercce9d772011-11-18 14:26:47 +00002714 if( year == to->year &&
2715 mon == to->mon &&
2716 day > to->day )
Paul Bakker40ea7de2009-05-03 10:18:48 +00002717 return( 1 );
2718
Paul Bakkercce9d772011-11-18 14:26:47 +00002719 if( year == to->year &&
2720 mon == to->mon &&
2721 day == to->day &&
2722 hour > to->hour )
Paul Bakkerb6194992011-01-16 21:40:22 +00002723 return( 1 );
2724
Paul Bakkercce9d772011-11-18 14:26:47 +00002725 if( year == to->year &&
2726 mon == to->mon &&
2727 day == to->day &&
2728 hour == to->hour &&
2729 min > to->min )
Paul Bakkerb6194992011-01-16 21:40:22 +00002730 return( 1 );
2731
Paul Bakkercce9d772011-11-18 14:26:47 +00002732 if( year == to->year &&
2733 mon == to->mon &&
2734 day == to->day &&
2735 hour == to->hour &&
2736 min == to->min &&
2737 sec > to->sec )
Paul Bakkerb6194992011-01-16 21:40:22 +00002738 return( 1 );
2739
Paul Bakker40ea7de2009-05-03 10:18:48 +00002740 return( 0 );
2741}
2742
2743/*
2744 * Return 1 if the certificate is revoked, or 0 otherwise.
2745 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00002746int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
Paul Bakker40ea7de2009-05-03 10:18:48 +00002747{
Paul Bakkerff60ee62010-03-16 21:09:09 +00002748 const x509_crl_entry *cur = &crl->entry;
Paul Bakker40ea7de2009-05-03 10:18:48 +00002749
2750 while( cur != NULL && cur->serial.len != 0 )
2751 {
Paul Bakkera056efc2011-01-16 21:38:35 +00002752 if( crt->serial.len == cur->serial.len &&
2753 memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
Paul Bakker40ea7de2009-05-03 10:18:48 +00002754 {
2755 if( x509parse_time_expired( &cur->revocation_date ) )
2756 return( 1 );
2757 }
2758
2759 cur = cur->next;
2760 }
Paul Bakker5121ce52009-01-03 21:22:43 +00002761
2762 return( 0 );
2763}
2764
Paul Bakkerde4d2ea2009-10-03 19:58:52 +00002765/*
2766 * Wrapper for x509 hashes.
2767 *
Paul Bakker0f5f72e2011-01-18 14:58:55 +00002768 * \param out Buffer to receive the hash (Should be at least 64 bytes)
Paul Bakkerde4d2ea2009-10-03 19:58:52 +00002769 */
Paul Bakker23986e52011-04-24 08:57:21 +00002770static void x509_hash( const unsigned char *in, size_t len, int alg,
Paul Bakker5121ce52009-01-03 21:22:43 +00002771 unsigned char *out )
2772{
2773 switch( alg )
2774 {
Paul Bakker40e46942009-01-03 21:51:57 +00002775#if defined(POLARSSL_MD2_C)
Paul Bakker4593aea2009-02-09 22:32:35 +00002776 case SIG_RSA_MD2 : md2( in, len, out ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002777#endif
Paul Bakker40e46942009-01-03 21:51:57 +00002778#if defined(POLARSSL_MD4_C)
Paul Bakker4593aea2009-02-09 22:32:35 +00002779 case SIG_RSA_MD4 : md4( in, len, out ); break;
Paul Bakker5121ce52009-01-03 21:22:43 +00002780#endif
Paul Bakkerde4d2ea2009-10-03 19:58:52 +00002781#if defined(POLARSSL_MD5_C)
Paul Bakker4593aea2009-02-09 22:32:35 +00002782 case SIG_RSA_MD5 : md5( in, len, out ); break;
Paul Bakkerde4d2ea2009-10-03 19:58:52 +00002783#endif
2784#if defined(POLARSSL_SHA1_C)
Paul Bakker4593aea2009-02-09 22:32:35 +00002785 case SIG_RSA_SHA1 : sha1( in, len, out ); break;
Paul Bakkerde4d2ea2009-10-03 19:58:52 +00002786#endif
Paul Bakker4593aea2009-02-09 22:32:35 +00002787#if defined(POLARSSL_SHA2_C)
2788 case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
2789 case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
2790#endif
Paul Bakkerfe1aea72009-10-03 20:09:14 +00002791#if defined(POLARSSL_SHA4_C)
Paul Bakker4593aea2009-02-09 22:32:35 +00002792 case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
2793 case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
2794#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00002795 default:
Paul Bakkerde4d2ea2009-10-03 19:58:52 +00002796 memset( out, '\xFF', 64 );
Paul Bakker5121ce52009-01-03 21:22:43 +00002797 break;
2798 }
2799}
2800
2801/*
Paul Bakker76fd75a2011-01-16 21:12:10 +00002802 * Check that the given certificate is valid accoring to the CRL.
2803 */
2804static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
2805 x509_crl *crl_list)
2806{
2807 int flags = 0;
2808 int hash_id;
2809 unsigned char hash[64];
2810
2811 /*
2812 * TODO: What happens if no CRL is present?
2813 * Suggestion: Revocation state should be unknown if no CRL is present.
2814 * For backwards compatibility this is not yet implemented.
2815 */
2816
2817 while( ca != NULL && crl_list != NULL && crl_list->version != 0 )
2818 {
2819 if( crl_list->issuer_raw.len != ca->subject_raw.len ||
2820 memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
2821 crl_list->issuer_raw.len ) != 0 )
2822 {
2823 crl_list = crl_list->next;
2824 continue;
2825 }
2826
2827 /*
2828 * Check if CRL is correctly signed by the trusted CA
2829 */
2830 hash_id = crl_list->sig_alg;
2831
2832 x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
2833
2834 if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC, hash_id,
2835 0, hash, crl_list->sig.p ) == 0 )
2836 {
2837 /*
2838 * CRL is not trusted
2839 */
2840 flags |= BADCRL_NOT_TRUSTED;
2841 break;
2842 }
2843
2844 /*
2845 * Check for validity of CRL (Do not drop out)
2846 */
2847 if( x509parse_time_expired( &crl_list->next_update ) )
2848 flags |= BADCRL_EXPIRED;
2849
2850 /*
2851 * Check if certificate is revoked
2852 */
2853 if( x509parse_revoked(crt, crl_list) )
2854 {
2855 flags |= BADCERT_REVOKED;
2856 break;
2857 }
2858
2859 crl_list = crl_list->next;
2860 }
2861 return flags;
2862}
2863
2864/*
Paul Bakker5121ce52009-01-03 21:22:43 +00002865 * Verify the certificate validity
2866 */
2867int x509parse_verify( x509_cert *crt,
2868 x509_cert *trust_ca,
Paul Bakker40ea7de2009-05-03 10:18:48 +00002869 x509_crl *ca_crl,
Paul Bakkerb63b0af2011-01-13 17:54:59 +00002870 const char *cn, int *flags,
2871 int (*f_vrfy)(void *, x509_cert *, int, int),
2872 void *p_vrfy )
Paul Bakker5121ce52009-01-03 21:22:43 +00002873{
Paul Bakker23986e52011-04-24 08:57:21 +00002874 size_t cn_len;
Paul Bakker5121ce52009-01-03 21:22:43 +00002875 int hash_id;
2876 int pathlen;
Paul Bakker76fd75a2011-01-16 21:12:10 +00002877 x509_cert *parent;
Paul Bakker5121ce52009-01-03 21:22:43 +00002878 x509_name *name;
Paul Bakker4593aea2009-02-09 22:32:35 +00002879 unsigned char hash[64];
Paul Bakker5121ce52009-01-03 21:22:43 +00002880
Paul Bakker40ea7de2009-05-03 10:18:48 +00002881 *flags = 0;
2882
2883 if( x509parse_time_expired( &crt->valid_to ) )
2884 *flags = BADCERT_EXPIRED;
Paul Bakker5121ce52009-01-03 21:22:43 +00002885
2886 if( cn != NULL )
2887 {
2888 name = &crt->subject;
2889 cn_len = strlen( cn );
2890
2891 while( name != NULL )
2892 {
2893 if( memcmp( name->oid.p, OID_CN, 3 ) == 0 &&
2894 memcmp( name->val.p, cn, cn_len ) == 0 &&
2895 name->val.len == cn_len )
2896 break;
2897
2898 name = name->next;
2899 }
2900
2901 if( name == NULL )
2902 *flags |= BADCERT_CN_MISMATCH;
2903 }
2904
Paul Bakker5121ce52009-01-03 21:22:43 +00002905 /*
2906 * Iterate upwards in the given cert chain,
2907 * ignoring any upper cert with CA != TRUE.
2908 */
Paul Bakker76fd75a2011-01-16 21:12:10 +00002909 parent = crt->next;
Paul Bakker5121ce52009-01-03 21:22:43 +00002910
2911 pathlen = 1;
2912
Paul Bakker76fd75a2011-01-16 21:12:10 +00002913 while( parent != NULL && parent->version != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +00002914 {
Paul Bakker76fd75a2011-01-16 21:12:10 +00002915 if( parent->ca_istrue == 0 ||
2916 crt->issuer_raw.len != parent->subject_raw.len ||
2917 memcmp( crt->issuer_raw.p, parent->subject_raw.p,
Paul Bakker5121ce52009-01-03 21:22:43 +00002918 crt->issuer_raw.len ) != 0 )
2919 {
Paul Bakker76fd75a2011-01-16 21:12:10 +00002920 parent = parent->next;
Paul Bakker5121ce52009-01-03 21:22:43 +00002921 continue;
2922 }
2923
Paul Bakker27d66162010-03-17 06:56:01 +00002924 hash_id = crt->sig_alg;
Paul Bakker5121ce52009-01-03 21:22:43 +00002925
2926 x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
2927
Paul Bakker76fd75a2011-01-16 21:12:10 +00002928 if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC, hash_id, 0, hash,
2929 crt->sig.p ) != 0 )
2930 *flags |= BADCERT_NOT_TRUSTED;
2931
2932 /* Check trusted CA's CRL for the given crt */
2933 *flags |= x509parse_verifycrl(crt, parent, ca_crl);
Paul Bakkerb63b0af2011-01-13 17:54:59 +00002934
2935 /* crt is verified to be a child of the parent cur, call verify callback */
Paul Bakker74111d32011-01-15 16:57:55 +00002936 if( NULL != f_vrfy )
2937 {
Paul Bakker76fd75a2011-01-16 21:12:10 +00002938 if( f_vrfy( p_vrfy, crt, pathlen - 1, ( *flags == 0 ) ) != 0 )
Paul Bakkerb63b0af2011-01-13 17:54:59 +00002939 return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
Paul Bakker76fd75a2011-01-16 21:12:10 +00002940 else
2941 *flags = 0;
Paul Bakkerb63b0af2011-01-13 17:54:59 +00002942 }
Paul Bakker76fd75a2011-01-16 21:12:10 +00002943 else if( *flags != 0 )
2944 return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
Paul Bakker5121ce52009-01-03 21:22:43 +00002945
2946 pathlen++;
2947
Paul Bakker76fd75a2011-01-16 21:12:10 +00002948 crt = parent;
2949 parent = crt->next;
Paul Bakker5121ce52009-01-03 21:22:43 +00002950 }
2951
2952 /*
Paul Bakker76fd75a2011-01-16 21:12:10 +00002953 * Attempt to validate topmost cert with our CA chain.
Paul Bakker5121ce52009-01-03 21:22:43 +00002954 */
Paul Bakker76fd75a2011-01-16 21:12:10 +00002955 *flags |= BADCERT_NOT_TRUSTED;
2956
Paul Bakker7c6d4a42009-03-28 20:35:47 +00002957 while( trust_ca != NULL && trust_ca->version != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +00002958 {
2959 if( crt->issuer_raw.len != trust_ca->subject_raw.len ||
2960 memcmp( crt->issuer_raw.p, trust_ca->subject_raw.p,
2961 crt->issuer_raw.len ) != 0 )
2962 {
2963 trust_ca = trust_ca->next;
2964 continue;
2965 }
2966
2967 if( trust_ca->max_pathlen > 0 &&
2968 trust_ca->max_pathlen < pathlen )
2969 break;
2970
Paul Bakker27d66162010-03-17 06:56:01 +00002971 hash_id = crt->sig_alg;
Paul Bakker5121ce52009-01-03 21:22:43 +00002972
2973 x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
2974
2975 if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
2976 0, hash, crt->sig.p ) == 0 )
2977 {
2978 /*
2979 * cert. is signed by a trusted CA
2980 */
2981 *flags &= ~BADCERT_NOT_TRUSTED;
2982 break;
2983 }
2984
2985 trust_ca = trust_ca->next;
2986 }
2987
Paul Bakker76fd75a2011-01-16 21:12:10 +00002988 /* Check trusted CA's CRL for the given crt */
2989 *flags |= x509parse_verifycrl( crt, trust_ca, ca_crl );
Paul Bakkerb63b0af2011-01-13 17:54:59 +00002990
2991 /* Verification succeeded, call callback on top cert */
Paul Bakker74111d32011-01-15 16:57:55 +00002992 if( NULL != f_vrfy )
2993 {
Paul Bakker76fd75a2011-01-16 21:12:10 +00002994 if( f_vrfy(p_vrfy, crt, pathlen-1, ( *flags == 0 ) ) != 0 )
Paul Bakkerb63b0af2011-01-13 17:54:59 +00002995 return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
Paul Bakker76fd75a2011-01-16 21:12:10 +00002996 else
2997 *flags = 0;
Paul Bakkerb63b0af2011-01-13 17:54:59 +00002998 }
Paul Bakker76fd75a2011-01-16 21:12:10 +00002999 else if( *flags != 0 )
3000 return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
Paul Bakkerb63b0af2011-01-13 17:54:59 +00003001
Paul Bakker5121ce52009-01-03 21:22:43 +00003002 return( 0 );
3003}
3004
3005/*
3006 * Unallocate all certificate data
3007 */
3008void x509_free( x509_cert *crt )
3009{
3010 x509_cert *cert_cur = crt;
3011 x509_cert *cert_prv;
3012 x509_name *name_cur;
3013 x509_name *name_prv;
Paul Bakker74111d32011-01-15 16:57:55 +00003014 x509_sequence *seq_cur;
3015 x509_sequence *seq_prv;
Paul Bakker5121ce52009-01-03 21:22:43 +00003016
3017 if( crt == NULL )
3018 return;
3019
3020 do
3021 {
3022 rsa_free( &cert_cur->rsa );
3023
3024 name_cur = cert_cur->issuer.next;
3025 while( name_cur != NULL )
3026 {
3027 name_prv = name_cur;
3028 name_cur = name_cur->next;
3029 memset( name_prv, 0, sizeof( x509_name ) );
3030 free( name_prv );
3031 }
3032
3033 name_cur = cert_cur->subject.next;
3034 while( name_cur != NULL )
3035 {
3036 name_prv = name_cur;
3037 name_cur = name_cur->next;
3038 memset( name_prv, 0, sizeof( x509_name ) );
3039 free( name_prv );
3040 }
3041
Paul Bakker74111d32011-01-15 16:57:55 +00003042 seq_cur = cert_cur->ext_key_usage.next;
3043 while( seq_cur != NULL )
3044 {
3045 seq_prv = seq_cur;
3046 seq_cur = seq_cur->next;
3047 memset( seq_prv, 0, sizeof( x509_sequence ) );
3048 free( seq_prv );
3049 }
3050
Paul Bakker5121ce52009-01-03 21:22:43 +00003051 if( cert_cur->raw.p != NULL )
3052 {
3053 memset( cert_cur->raw.p, 0, cert_cur->raw.len );
3054 free( cert_cur->raw.p );
3055 }
3056
3057 cert_cur = cert_cur->next;
3058 }
3059 while( cert_cur != NULL );
3060
3061 cert_cur = crt;
3062 do
3063 {
3064 cert_prv = cert_cur;
3065 cert_cur = cert_cur->next;
3066
3067 memset( cert_prv, 0, sizeof( x509_cert ) );
3068 if( cert_prv != crt )
3069 free( cert_prv );
3070 }
3071 while( cert_cur != NULL );
3072}
3073
Paul Bakkerd98030e2009-05-02 15:13:40 +00003074/*
3075 * Unallocate all CRL data
3076 */
3077void x509_crl_free( x509_crl *crl )
3078{
3079 x509_crl *crl_cur = crl;
3080 x509_crl *crl_prv;
3081 x509_name *name_cur;
3082 x509_name *name_prv;
3083 x509_crl_entry *entry_cur;
3084 x509_crl_entry *entry_prv;
3085
3086 if( crl == NULL )
3087 return;
3088
3089 do
3090 {
3091 name_cur = crl_cur->issuer.next;
3092 while( name_cur != NULL )
3093 {
3094 name_prv = name_cur;
3095 name_cur = name_cur->next;
3096 memset( name_prv, 0, sizeof( x509_name ) );
3097 free( name_prv );
3098 }
3099
3100 entry_cur = crl_cur->entry.next;
3101 while( entry_cur != NULL )
3102 {
3103 entry_prv = entry_cur;
3104 entry_cur = entry_cur->next;
3105 memset( entry_prv, 0, sizeof( x509_crl_entry ) );
3106 free( entry_prv );
3107 }
3108
3109 if( crl_cur->raw.p != NULL )
3110 {
3111 memset( crl_cur->raw.p, 0, crl_cur->raw.len );
3112 free( crl_cur->raw.p );
3113 }
3114
3115 crl_cur = crl_cur->next;
3116 }
3117 while( crl_cur != NULL );
3118
3119 crl_cur = crl;
3120 do
3121 {
3122 crl_prv = crl_cur;
3123 crl_cur = crl_cur->next;
3124
3125 memset( crl_prv, 0, sizeof( x509_crl ) );
3126 if( crl_prv != crl )
3127 free( crl_prv );
3128 }
3129 while( crl_cur != NULL );
3130}
3131
Paul Bakker40e46942009-01-03 21:51:57 +00003132#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +00003133
Paul Bakker40e46942009-01-03 21:51:57 +00003134#include "polarssl/certs.h"
Paul Bakker5121ce52009-01-03 21:22:43 +00003135
3136/*
3137 * Checkup routine
3138 */
3139int x509_self_test( int verbose )
3140{
Paul Bakker5690efc2011-05-26 13:16:06 +00003141#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
Paul Bakker23986e52011-04-24 08:57:21 +00003142 int ret;
3143 int flags;
3144 size_t i, j;
Paul Bakker5121ce52009-01-03 21:22:43 +00003145 x509_cert cacert;
3146 x509_cert clicert;
3147 rsa_context rsa;
Paul Bakker5690efc2011-05-26 13:16:06 +00003148#if defined(POLARSSL_DHM_C)
Paul Bakker1b57b062011-01-06 15:48:19 +00003149 dhm_context dhm;
Paul Bakker5690efc2011-05-26 13:16:06 +00003150#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00003151
3152 if( verbose != 0 )
3153 printf( " X.509 certificate load: " );
3154
3155 memset( &clicert, 0, sizeof( x509_cert ) );
3156
3157 ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
Paul Bakker6c0ceb32011-12-04 12:24:18 +00003158 strlen( test_cli_crt ), X509_NON_PERMISSIVE );
Paul Bakker5121ce52009-01-03 21:22:43 +00003159 if( ret != 0 )
3160 {
3161 if( verbose != 0 )
3162 printf( "failed\n" );
3163
3164 return( ret );
3165 }
3166
3167 memset( &cacert, 0, sizeof( x509_cert ) );
3168
3169 ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
Paul Bakker6c0ceb32011-12-04 12:24:18 +00003170 strlen( test_ca_crt ), X509_NON_PERMISSIVE );
Paul Bakker5121ce52009-01-03 21:22:43 +00003171 if( ret != 0 )
3172 {
3173 if( verbose != 0 )
3174 printf( "failed\n" );
3175
3176 return( ret );
3177 }
3178
3179 if( verbose != 0 )
3180 printf( "passed\n X.509 private key load: " );
3181
3182 i = strlen( test_ca_key );
3183 j = strlen( test_ca_pwd );
3184
Paul Bakker66b78b22011-03-25 14:22:50 +00003185 rsa_init( &rsa, RSA_PKCS_V15, 0 );
3186
Paul Bakker5121ce52009-01-03 21:22:43 +00003187 if( ( ret = x509parse_key( &rsa,
3188 (unsigned char *) test_ca_key, i,
3189 (unsigned char *) test_ca_pwd, j ) ) != 0 )
3190 {
3191 if( verbose != 0 )
3192 printf( "failed\n" );
3193
3194 return( ret );
3195 }
3196
3197 if( verbose != 0 )
3198 printf( "passed\n X.509 signature verify: ");
3199
Paul Bakker23986e52011-04-24 08:57:21 +00003200 ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
Paul Bakker5121ce52009-01-03 21:22:43 +00003201 if( ret != 0 )
3202 {
Paul Bakker23986e52011-04-24 08:57:21 +00003203 printf("%02x", flags);
Paul Bakker5121ce52009-01-03 21:22:43 +00003204 if( verbose != 0 )
3205 printf( "failed\n" );
3206
3207 return( ret );
3208 }
3209
Paul Bakker5690efc2011-05-26 13:16:06 +00003210#if defined(POLARSSL_DHM_C)
Paul Bakker5121ce52009-01-03 21:22:43 +00003211 if( verbose != 0 )
Paul Bakker1b57b062011-01-06 15:48:19 +00003212 printf( "passed\n X.509 DHM parameter load: " );
3213
3214 i = strlen( test_dhm_params );
3215 j = strlen( test_ca_pwd );
3216
3217 if( ( ret = x509parse_dhm( &dhm, (unsigned char *) test_dhm_params, i ) ) != 0 )
3218 {
3219 if( verbose != 0 )
3220 printf( "failed\n" );
3221
3222 return( ret );
3223 }
3224
3225 if( verbose != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +00003226 printf( "passed\n\n" );
Paul Bakker5690efc2011-05-26 13:16:06 +00003227#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00003228
3229 x509_free( &cacert );
3230 x509_free( &clicert );
3231 rsa_free( &rsa );
Paul Bakker5690efc2011-05-26 13:16:06 +00003232#if defined(POLARSSL_DHM_C)
Paul Bakker1b57b062011-01-06 15:48:19 +00003233 dhm_free( &dhm );
Paul Bakker5690efc2011-05-26 13:16:06 +00003234#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00003235
3236 return( 0 );
Paul Bakkerde4d2ea2009-10-03 19:58:52 +00003237#else
3238 ((void) verbose);
3239 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
3240#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00003241}
3242
3243#endif
3244
3245#endif