Blame - library/x509.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 5e6062bfa5ca8ee849e9134473692f5afb62982e [file] [log] [blame]

Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1	/*
Manuel Pégourié-Gonnard	1c082f3	2014-06-12 22:34:55 +0200	[diff] [blame]	2	* X.509 common functions for parsing and verification
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	3	*
Manuel Pégourié-Gonnard	a658a40	2015-01-23 09:45:19 +0000	[diff] [blame]	4	* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	5	*
Manuel Pégourié-Gonnard	fe44643	2015-03-06 13:17:10 +0000	[diff] [blame]	6	* This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	7	*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22	/*
				23	* The ITU-T X.509 standard defines a certificate format for PKI.
				24	*
Manuel Pégourié-Gonnard	1c082f3	2014-06-12 22:34:55 +0200	[diff] [blame]	25	* http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
				26	* http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
				27	* http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	28	*
				29	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
				30	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
				31	*/
				32
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	33	#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	34	#include "polarssl/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	35	#else
				36	#include POLARSSL_CONFIG_FILE
				37	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	38
				39	#if defined(POLARSSL_X509_USE_C)
				40
				41	#include "polarssl/x509.h"
				42	#include "polarssl/asn1.h"
				43	#include "polarssl/oid.h"
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	44
Rich Evans	36796df	2015-02-12 18:27:14 +0000	[diff] [blame]	45	#include <stdio.h>
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	46	#include <string.h>
				47
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	48	#if defined(POLARSSL_PEM_PARSE_C)
				49	#include "polarssl/pem.h"
				50	#endif
				51
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	52	#if defined(POLARSSL_PLATFORM_C)
				53	#include "polarssl/platform.h"
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	54	#else
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	55	#include <stdio.h>
				56	#include <stdlib.h>
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	57	#define polarssl_free free
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	58	#define polarssl_malloc malloc
				59	#define polarssl_printf printf
				60	#define polarssl_snprintf snprintf
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	61	#endif
				62
Paul Bakker	fa6a620	2013-10-28 18:48:30 +0100	[diff] [blame]	63	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	64	#include <windows.h>
				65	#else
				66	#include <time.h>
				67	#endif
				68
				69	#if defined(POLARSSL_FS_IO)
Rich Evans	36796df	2015-02-12 18:27:14 +0000	[diff] [blame]	70	#include <stdio.h>
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	71	#if !defined(_WIN32)
				72	#include <sys/types.h>
				73	#include <sys/stat.h>
				74	#include <dirent.h>
				75	#endif
				76	#endif
				77
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	78	#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	79	#define CHECK_RANGE(min, max, val) if( val < min \|\| val > max ){ return( ret ); }
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	80
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	81	/*
				82	* CertificateSerialNumber ::= INTEGER
				83	*/
				84	int x509_get_serial( unsigned char *p, const unsigned char end,
				85	x509_buf *serial )
				86	{
				87	int ret;
				88
				89	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	90	return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	91	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				92
				93	if( **p != ( ASN1_CONTEXT_SPECIFIC \| ASN1_PRIMITIVE \| 2 ) &&
				94	**p != ASN1_INTEGER )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	95	return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	96	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				97
				98	serial->tag = (p)++;
				99
				100	if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	101	return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	102
				103	serial->p = *p;
				104	*p += serial->len;
				105
				106	return( 0 );
				107	}
				108
				109	/* Get an algorithm identifier without parameters (eg for signatures)
				110	*
				111	* AlgorithmIdentifier ::= SEQUENCE {
				112	* algorithm OBJECT IDENTIFIER,
				113	* parameters ANY DEFINED BY algorithm OPTIONAL }
				114	*/
				115	int x509_get_alg_null( unsigned char *p, const unsigned char end,
				116	x509_buf *alg )
				117	{
				118	int ret;
				119
				120	if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	121	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	122
				123	return( 0 );
				124	}
				125
				126	/*
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	127	* Parse an algorithm identifier with (optional) paramaters
				128	*/
				129	int x509_get_alg( unsigned char *p, const unsigned char end,
				130	x509_buf alg, x509_buf params )
				131	{
				132	int ret;
				133
				134	if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
				135	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				136
				137	return( 0 );
				138	}
				139
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	140	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	141	/*
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	142	* HashAlgorithm ::= AlgorithmIdentifier
				143	*
				144	* AlgorithmIdentifier ::= SEQUENCE {
				145	* algorithm OBJECT IDENTIFIER,
				146	* parameters ANY DEFINED BY algorithm OPTIONAL }
				147	*
				148	* For HashAlgorithm, parameters MUST be NULL or absent.
				149	*/
				150	static int x509_get_hash_alg( const x509_buf alg, md_type_t md_alg )
				151	{
				152	int ret;
				153	unsigned char *p;
				154	const unsigned char *end;
				155	x509_buf md_oid;
				156	size_t len;
				157
				158	/* Make sure we got a SEQUENCE and setup bounds */
				159	if( alg->tag != ( ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) )
				160	return( POLARSSL_ERR_X509_INVALID_ALG +
				161	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				162
				163	p = (unsigned char *) alg->p;
				164	end = p + alg->len;
				165
				166	if( p >= end )
				167	return( POLARSSL_ERR_X509_INVALID_ALG +
				168	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				169
				170	/* Parse md_oid */
				171	md_oid.tag = *p;
				172
				173	if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
				174	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				175
				176	md_oid.p = p;
				177	p += md_oid.len;
				178
				179	/* Get md_alg from md_oid */
				180	if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
				181	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				182
				183	/* Make sure params is absent of NULL */
				184	if( p == end )
				185	return( 0 );
				186
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	187	if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 \|\| len != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	188	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				189
				190	if( p != end )
				191	return( POLARSSL_ERR_X509_INVALID_ALG +
				192	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				193
				194	return( 0 );
				195	}
				196
				197	/*
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	198	* RSASSA-PSS-params ::= SEQUENCE {
				199	* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
				200	* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
				201	* saltLength [2] INTEGER DEFAULT 20,
				202	* trailerField [3] INTEGER DEFAULT 1 }
				203	* -- Note that the tags in this Sequence are explicit.
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	204	*
				205	* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
				206	* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
				207	* option. Enfore this at parsing time.
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	208	*/
				209	int x509_get_rsassa_pss_params( const x509_buf *params,
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	210	md_type_t md_alg, md_type_t mgf_md,
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	211	int *salt_len )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	212	{
				213	int ret;
				214	unsigned char *p;
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	215	const unsigned char end, end2;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	216	size_t len;
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	217	x509_buf alg_id, alg_params;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	218
				219	/* First set everything to defaults */
				220	*md_alg = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	221	*mgf_md = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	222	*salt_len = 20;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	223
				224	/* Make sure params is a SEQUENCE and setup bounds */
				225	if( params->tag != ( ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) )
				226	return( POLARSSL_ERR_X509_INVALID_ALG +
				227	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				228
				229	p = (unsigned char *) params->p;
				230	end = p + params->len;
				231
				232	if( p == end )
				233	return( 0 );
				234
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	235	/*
				236	* HashAlgorithm
				237	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	238	if( ( ret = asn1_get_tag( &p, end, &len,
				239	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 0 ) ) == 0 )
				240	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	241	end2 = p + len;
				242
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	243	/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	244	if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	245	return( ret );
				246
				247	if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
				248	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	249
				250	if( p != end2 )
				251	return( POLARSSL_ERR_X509_INVALID_ALG +
				252	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	253	}
				254	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				255	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				256
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	257	if( p == end )
				258	return( 0 );
				259
				260	/*
				261	* MaskGenAlgorithm
				262	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	263	if( ( ret = asn1_get_tag( &p, end, &len,
				264	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 1 ) ) == 0 )
				265	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	266	end2 = p + len;
				267
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	268	/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	269	if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	270	return( ret );
				271
				272	/* Only MFG1 is recognised for now */
				273	if( ! OID_CMP( OID_MGF1, &alg_id ) )
				274	return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
				275	POLARSSL_ERR_OID_NOT_FOUND );
				276
				277	/* Parse HashAlgorithm */
				278	if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
				279	return( ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	280
				281	if( p != end2 )
				282	return( POLARSSL_ERR_X509_INVALID_ALG +
				283	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	284	}
				285	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				286	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				287
				288	if( p == end )
				289	return( 0 );
				290
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	291	/*
				292	* salt_len
				293	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	294	if( ( ret = asn1_get_tag( &p, end, &len,
				295	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 2 ) ) == 0 )
				296	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	297	end2 = p + len;
				298
				299	if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	300	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	301
				302	if( p != end2 )
				303	return( POLARSSL_ERR_X509_INVALID_ALG +
				304	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	305	}
				306	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				307	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				308
				309	if( p == end )
				310	return( 0 );
				311
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	312	/*
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	313	* trailer_field (if present, must be 1)
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	314	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	315	if( ( ret = asn1_get_tag( &p, end, &len,
				316	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 3 ) ) == 0 )
				317	{
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	318	int trailer_field;
				319
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	320	end2 = p + len;
				321
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	322	if( ( ret = asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	323	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	324
				325	if( p != end2 )
				326	return( POLARSSL_ERR_X509_INVALID_ALG +
				327	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	328
				329	if( trailer_field != 1 )
				330	return( POLARSSL_ERR_X509_INVALID_ALG );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	331	}
				332	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				333	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				334
				335	if( p != end )
				336	return( POLARSSL_ERR_X509_INVALID_ALG +
				337	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				338
				339	return( 0 );
				340	}
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	341	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	342
				343	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	344	* AttributeTypeAndValue ::= SEQUENCE {
				345	* type AttributeType,
				346	* value AttributeValue }
				347	*
				348	* AttributeType ::= OBJECT IDENTIFIER
				349	*
				350	* AttributeValue ::= ANY DEFINED BY AttributeType
				351	*/
				352	static int x509_get_attr_type_value( unsigned char **p,
				353	const unsigned char *end,
				354	x509_name *cur )
				355	{
				356	int ret;
				357	size_t len;
				358	x509_buf *oid;
				359	x509_buf *val;
				360
				361	if( ( ret = asn1_get_tag( p, end, &len,
				362	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	363	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	364
				365	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	366	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	367	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				368
				369	oid = &cur->oid;
				370	oid->tag = **p;
				371
				372	if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	373	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	374
				375	oid->p = *p;
				376	*p += oid->len;
				377
				378	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	379	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	380	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				381
				382	if( p != ASN1_BMP_STRING && p != ASN1_UTF8_STRING &&
				383	p != ASN1_T61_STRING && p != ASN1_PRINTABLE_STRING &&
Manuel Pégourié-Gonnard	dd5dbca	2015-03-27 13:03:09 +0100	[diff] [blame]	384	p != ASN1_IA5_STRING && p != ASN1_UNIVERSAL_STRING &&
				385	**p != ASN1_BIT_STRING )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	386	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	387	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				388
				389	val = &cur->val;
				390	val->tag = (p)++;
				391
				392	if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	393	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	394
				395	val->p = *p;
				396	*p += val->len;
				397
				398	cur->next = NULL;
				399
				400	return( 0 );
				401	}
				402
				403	/*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	404	* Name ::= CHOICE { -- only one possibility for now --
				405	* rdnSequence RDNSequence }
				406	*
				407	* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
				408	*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	409	* RelativeDistinguishedName ::=
				410	* SET OF AttributeTypeAndValue
				411	*
				412	* AttributeTypeAndValue ::= SEQUENCE {
				413	* type AttributeType,
				414	* value AttributeValue }
				415	*
				416	* AttributeType ::= OBJECT IDENTIFIER
				417	*
				418	* AttributeValue ::= ANY DEFINED BY AttributeType
Manuel Pégourié-Gonnard	5d86185	2014-10-17 12:41:41 +0200	[diff] [blame]	419	*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	420	* The data structure is optimized for the common case where each RDN has only
				421	* one element, which is represented as a list of AttributeTypeAndValue.
				422	* For the general case we still use a flat list, but we mark elements of the
				423	* same set so that they are "merged" together in the functions that consume
				424	* this list, eg x509_dn_gets().
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	425	*/
				426	int x509_get_name( unsigned char *p, const unsigned char end,
				427	x509_name *cur )
				428	{
				429	int ret;
Manuel Pégourié-Gonnard	5d86185	2014-10-17 12:41:41 +0200	[diff] [blame]	430	size_t set_len;
				431	const unsigned char *end_set;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	432
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	433	/* don't use recursion, we'd risk stack overflow if not optimized */
				434	while( 1 )
				435	{
				436	/*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	437	* parse SET
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	438	*/
				439	if( ( ret = asn1_get_tag( p, end, &set_len,
				440	ASN1_CONSTRUCTED \| ASN1_SET ) ) != 0 )
				441	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	442
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	443	end_set = *p + set_len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	444
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	445	while( 1 )
				446	{
				447	if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
				448	return( ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	449
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	450	if( *p == end_set )
				451	break;
				452
Nicholas Wilson	d0fa5cc	2015-05-11 10:39:49 +0100	[diff] [blame]	453	/* Mark this item as being not the only one in a set */
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	454	cur->next_merged = 1;
				455
Mansour Moufid	c531b4a	2015-02-15 17:35:38 -0500	[diff] [blame]	456	cur->next = polarssl_malloc( sizeof( x509_name ) );
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	457
				458	if( cur->next == NULL )
				459	return( POLARSSL_ERR_X509_MALLOC_FAILED );
				460
				461	memset( cur->next, 0, sizeof( x509_name ) );
				462
				463	cur = cur->next;
				464	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	465
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	466	/*
				467	* continue until end of SEQUENCE is reached
				468	*/
				469	if( *p == end )
				470	return( 0 );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	471
Mansour Moufid	c531b4a	2015-02-15 17:35:38 -0500	[diff] [blame]	472	cur->next = polarssl_malloc( sizeof( x509_name ) );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	473
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	474	if( cur->next == NULL )
				475	return( POLARSSL_ERR_X509_MALLOC_FAILED );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	476
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	477	memset( cur->next, 0, sizeof( x509_name ) );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	478
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	479	cur = cur->next;
				480	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	481	}
				482
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	483	static int x509_parse_int(unsigned char *p, unsigned n, int res){
				484	*res = 0;
				485	for( ; n > 0; --n ){
				486	if( ( p < '0') \|\| ( p > '9' ) ) return POLARSSL_ERR_X509_INVALID_DATE;
				487	res = 10;
				488	res += ((*p)++ - '0');
				489	}
				490	return 0;
				491	}
				492
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	493	static int x509_date_is_valid(const x509_time *t)
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	494	{
				495	int ret = POLARSSL_ERR_X509_INVALID_DATE;
				496
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	497	CHECK_RANGE( 0, 9999, t->year );
				498	CHECK_RANGE( 0, 23, t->hour );
				499	CHECK_RANGE( 0, 59, t->min );
				500	CHECK_RANGE( 0, 59, t->sec );
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	501
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	502	switch( t->mon )
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	503	{
				504	case 1: case 3: case 5: case 7: case 8: case 10: case 12:
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	505	CHECK_RANGE( 1, 31, t->day );
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	506	break;
				507	case 4: case 6: case 9: case 11:
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	508	CHECK_RANGE( 1, 30, t->day );
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	509	break;
				510	case 2:
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	511	CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day );
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	512	break;
				513	default:
				514	return( ret );
				515	}
				516
				517	return( 0 );
				518	}
				519
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	520	/*
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	521	* Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) field.
				522	*/
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	523	static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
				524	x509_time *tm )
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	525	{
				526	int ret;
				527
				528	/*
				529	* minimum length is 10 or 12 depending on yearlen
				530	*/
				531	if ( len < yearlen + 8 )
				532	return POLARSSL_ERR_X509_INVALID_DATE;
				533	len -= yearlen + 8;
				534
				535	/*
				536	* parse year, month, day, hour, minute
				537	*/
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	538	CHECK( x509_parse_int( p, yearlen, &tm->year ) );
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	539	if ( 2 == yearlen )
				540	{
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	541	if ( tm->year < 50 )
				542	tm->year += 100;
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	543
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	544	tm->year += 1900;
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	545	}
				546
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	547	CHECK( x509_parse_int( p, 2, &tm->mon ) );
				548	CHECK( x509_parse_int( p, 2, &tm->day ) );
				549	CHECK( x509_parse_int( p, 2, &tm->hour ) );
				550	CHECK( x509_parse_int( p, 2, &tm->min ) );
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	551
				552	/*
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	553	* parse seconds if present
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	554	*/
				555	if ( len >= 2 && p >= '0' && p <= '9' )
				556	{
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	557	CHECK( x509_parse_int( p, 2, &tm->sec ) );
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	558	len -= 2;
				559	}
				560	else
				561	{
				562	#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE)
				563	/*
				564	* if relaxed mode, allow seconds to be absent
				565	*/
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	566	tm->sec = 0;
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	567	#else
				568	return POLARSSL_ERR_X509_INVALID_DATE;
				569	#endif
				570	}
				571
				572	/*
				573	* parse trailing 'Z' if present
				574	*/
				575	if ( 1 == len && 'Z' == **p )
				576	{
				577	(*p)++;
				578	return 0;
				579	}
				580	#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE)
				581	/*
				582	* if relaxed mode, allow timezone to be present
				583	*/
				584	else if ( 5 == len && ( '+' == p \|\| '-' == p ) )
				585	{
				586	int tz; /* throwaway timezone */
				587
				588	(*p)++;
				589	CHECK( x509_parse_int( p, 4, &tz ) );
				590
				591	return 0;
				592	}
				593	#endif
				594	/*
				595	* okay if no trailing 'Z' or timezone specified
				596	*/
				597	else if ( 0 == len )
				598	return 0;
				599	else
				600	return POLARSSL_ERR_X509_INVALID_DATE;
				601	}
				602
				603	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	604	* Time ::= CHOICE {
				605	* utcTime UTCTime,
				606	* generalTime GeneralizedTime }
				607	*/
				608	int x509_get_time( unsigned char *p, const unsigned char end,
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	609	x509_time *tm )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	610	{
				611	int ret;
				612	size_t len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	613	unsigned char tag;
				614
				615	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	616	return( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	617	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				618
				619	tag = **p;
				620
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	621	if( tag == ASN1_UTC_TIME )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	622	{
				623	(*p)++;
				624	ret = asn1_get_len( p, end, &len );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	625	if( ret != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	626	return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	627
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	628	CHECK( x509_parse_time( p, len, 2, tm ) );
Simon Butcher	2d0ffbb	2016-10-17 22:32:47 +0100	[diff] [blame]	629
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	630	CHECK( x509_date_is_valid( tm ) );
Simon Butcher	2d0ffbb	2016-10-17 22:32:47 +0100	[diff] [blame]	631
				632	return( 0 );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	633	}
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	634	else if( tag == ASN1_GENERALIZED_TIME )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	635	{
				636	(*p)++;
				637	ret = asn1_get_len( p, end, &len );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	638	if( ret != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	639	return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	640
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	641	CHECK( x509_parse_time( p, len, 4, tm ) );
Simon Butcher	2d0ffbb	2016-10-17 22:32:47 +0100	[diff] [blame]	642
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame^]	643	CHECK( x509_date_is_valid( tm ) );
Simon Butcher	2d0ffbb	2016-10-17 22:32:47 +0100	[diff] [blame]	644
				645	return( 0 );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	646	}
				647	else
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	648	return( POLARSSL_ERR_X509_INVALID_DATE +
				649	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	650	}
				651
				652	int x509_get_sig( unsigned char *p, const unsigned char end, x509_buf *sig )
				653	{
				654	int ret;
				655	size_t len;
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	656	int tag_type;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	657
				658	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	659	return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	660	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				661
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	662	tag_type = **p;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	663
				664	if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	665	return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	666
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	667	sig->tag = tag_type;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	668	sig->len = len;
				669	sig->p = *p;
				670
				671	*p += len;
				672
				673	return( 0 );
				674	}
				675
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	676	/*
				677	* Get signature algorithm from alg OID and optional parameters
				678	*/
				679	int x509_get_sig_alg( const x509_buf sig_oid, const x509_buf sig_params,
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	680	md_type_t md_alg, pk_type_t pk_alg,
				681	void **sig_opts )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	682	{
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	683	int ret;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	684
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	685	if( *sig_opts != NULL )
				686	return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
				687
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	688	if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	689	return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	690
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	691	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	692	if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
				693	{
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	694	pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	695
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	696	pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
				697	if( pss_opts == NULL )
				698	return( POLARSSL_ERR_X509_MALLOC_FAILED );
				699
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	700	ret = x509_get_rsassa_pss_params( sig_params,
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	701	md_alg,
				702	&pss_opts->mgf1_hash_id,
				703	&pss_opts->expected_salt_len );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	704	if( ret != 0 )
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	705	{
				706	polarssl_free( pss_opts );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	707	return( ret );
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	708	}
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	709
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	710	sig_opts = (void ) pss_opts;
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	711	}
				712	else
Paul Bakker	db20c10	2014-06-17 14:34:44 +0200	[diff] [blame]	713	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	714	{
				715	/* Make sure parameters are absent or NULL */
				716	if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) \|\|
				717	sig_params->len != 0 )
				718	return( POLARSSL_ERR_X509_INVALID_ALG );
				719	}
				720
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	721	return( 0 );
				722	}
				723
				724	/*
				725	* X.509 Extensions (No parsing of extensions, pointer should
				726	* be either manually updated or extensions should be parsed!
				727	*/
				728	int x509_get_ext( unsigned char *p, const unsigned char end,
				729	x509_buf *ext, int tag )
				730	{
				731	int ret;
				732	size_t len;
				733
				734	if( *p == end )
				735	return( 0 );
				736
				737	ext->tag = **p;
				738
				739	if( ( ret = asn1_get_tag( p, end, &ext->len,
				740	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| tag ) ) != 0 )
				741	return( ret );
				742
				743	ext->p = *p;
				744	end = *p + ext->len;
				745
				746	/*
				747	* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
				748	*
				749	* Extension ::= SEQUENCE {
				750	* extnID OBJECT IDENTIFIER,
				751	* critical BOOLEAN DEFAULT FALSE,
				752	* extnValue OCTET STRING }
				753	*/
				754	if( ( ret = asn1_get_tag( p, end, &len,
				755	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	756	return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	757
				758	if( end != *p + len )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	759	return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	760	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				761
				762	return( 0 );
				763	}
				764
Paul Bakker	6edcd41	2013-10-29 15:22:54 +0100	[diff] [blame]	765	#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
				766	!defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	767	#include <stdarg.h>
				768
				769	#if !defined vsnprintf
				770	#define vsnprintf _vsnprintf
				771	#endif // vsnprintf
				772
				773	/*
				774	* Windows _snprintf and _vsnprintf are not compatible to linux versions.
				775	* Result value is not size of buffer needed, but -1 if no fit is possible.
				776	*
				777	* This fuction tries to 'fix' this by at least suggesting enlarging the
				778	* size by 20.
				779	*/
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	780	static int compat_snprintf( char str, size_t size, const char format, ... )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	781	{
				782	va_list ap;
				783	int res = -1;
				784
				785	va_start( ap, format );
				786
				787	res = vsnprintf( str, size, format, ap );
				788
				789	va_end( ap );
				790
				791	// No quick fix possible
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	792	if( res < 0 )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	793	return( (int) size + 20 );
				794
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	795	return( res );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	796	}
				797
				798	#define snprintf compat_snprintf
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	799	#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	800
				801	#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
				802
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	803	#define SAFE_SNPRINTF() \
				804	{ \
				805	if( ret == -1 ) \
				806	return( -1 ); \
				807	\
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	808	if( (unsigned int) ret > n ) { \
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	809	p[n - 1] = '\0'; \
				810	return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); \
				811	} \
				812	\
				813	n -= (unsigned int) ret; \
				814	p += (unsigned int) ret; \
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	815	}
				816
				817	/*
				818	* Store the name in printable form into buf; no more
				819	* than size characters will be written
				820	*/
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	821	int x509_dn_gets( char buf, size_t size, const x509_name dn )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	822	{
				823	int ret;
				824	size_t i, n;
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	825	unsigned char c, merge = 0;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	826	const x509_name *name;
				827	const char *short_name = NULL;
Paul Bakker	8dcb2d7	2014-08-08 12:22:30 +0200	[diff] [blame]	828	char s[X509_MAX_DN_NAME_SIZE], *p;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	829
				830	memset( s, 0, sizeof( s ) );
				831
				832	name = dn;
				833	p = buf;
				834	n = size;
				835
				836	while( name != NULL )
				837	{
				838	if( !name->oid.p )
				839	{
				840	name = name->next;
				841	continue;
				842	}
				843
				844	if( name != dn )
				845	{
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	846	ret = polarssl_snprintf( p, n, merge ? " + " : ", " );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	847	SAFE_SNPRINTF();
				848	}
				849
				850	ret = oid_get_attr_short_name( &name->oid, &short_name );
				851
				852	if( ret == 0 )
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	853	ret = polarssl_snprintf( p, n, "%s=", short_name );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	854	else
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	855	ret = polarssl_snprintf( p, n, "\?\?=" );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	856	SAFE_SNPRINTF();
				857
				858	for( i = 0; i < name->val.len; i++ )
				859	{
				860	if( i >= sizeof( s ) - 1 )
				861	break;
				862
				863	c = name->val.p[i];
				864	if( c < 32 \|\| c == 127 \|\| ( c > 128 && c < 160 ) )
				865	s[i] = '?';
				866	else s[i] = c;
				867	}
				868	s[i] = '\0';
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	869	ret = polarssl_snprintf( p, n, "%s", s );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	870	SAFE_SNPRINTF();
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	871
				872	merge = name->next_merged;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	873	name = name->next;
				874	}
				875
				876	return( (int) ( size - n ) );
				877	}
				878
				879	/*
				880	* Store the serial in printable form into buf; no more
				881	* than size characters will be written
				882	*/
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	883	int x509_serial_gets( char buf, size_t size, const x509_buf serial )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	884	{
				885	int ret;
				886	size_t i, n, nr;
				887	char *p;
				888
				889	p = buf;
				890	n = size;
				891
				892	nr = ( serial->len <= 32 )
				893	? serial->len : 28;
				894
				895	for( i = 0; i < nr; i++ )
				896	{
				897	if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
				898	continue;
				899
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	900	ret = polarssl_snprintf( p, n, "%02X%s",
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	901	serial->p[i], ( i < nr - 1 ) ? ":" : "" );
				902	SAFE_SNPRINTF();
				903	}
				904
				905	if( nr != serial->len )
				906	{
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	907	ret = polarssl_snprintf( p, n, "...." );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	908	SAFE_SNPRINTF();
				909	}
				910
				911	return( (int) ( size - n ) );
				912	}
				913
				914	/*
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	915	* Helper for writing signature algorithms
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	916	*/
				917	int x509_sig_alg_gets( char buf, size_t size, const x509_buf sig_oid,
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	918	pk_type_t pk_alg, md_type_t md_alg,
				919	const void *sig_opts )
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	920	{
				921	int ret;
				922	char *p = buf;
				923	size_t n = size;
				924	const char *desc = NULL;
				925
				926	ret = oid_get_sig_alg_desc( sig_oid, &desc );
				927	if( ret != 0 )
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	928	ret = polarssl_snprintf( p, n, "???" );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	929	else
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	930	ret = polarssl_snprintf( p, n, "%s", desc );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	931	SAFE_SNPRINTF();
				932
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	933	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	934	if( pk_alg == POLARSSL_PK_RSASSA_PSS )
				935	{
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	936	const pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	937	const md_info_t md_info, mgf_md_info;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	938
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	939	pss_opts = (const pk_rsassa_pss_options *) sig_opts;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	940
				941	md_info = md_info_from_type( md_alg );
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	942	mgf_md_info = md_info_from_type( pss_opts->mgf1_hash_id );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	943
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	944	ret = polarssl_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	945	md_info ? md_info->name : "???",
				946	mgf_md_info ? mgf_md_info->name : "???",
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	947	pss_opts->expected_salt_len );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	948	SAFE_SNPRINTF();
				949	}
				950	#else
				951	((void) pk_alg);
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	952	((void) md_alg);
				953	((void) sig_opts);
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	954	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	955
Sander Niemeijer	ef5087d	2014-08-16 12:45:52 +0200	[diff] [blame]	956	return( (int)( size - n ) );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	957	}
				958
				959	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	960	* Helper for writing "RSA key size", "EC key size", etc
				961	*/
				962	int x509_key_size_helper( char buf, size_t size, const char name )
				963	{
				964	char *p = buf;
				965	size_t n = size;
				966	int ret;
				967
				968	if( strlen( name ) + sizeof( " key size" ) > size )
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	969	return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	970
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	971	ret = polarssl_snprintf( p, n, "%s key size", name );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	972	SAFE_SNPRINTF();
				973
				974	return( 0 );
				975	}
				976
				977	/*
				978	* Return an informational string describing the given OID
				979	*/
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	980	#if ! defined(POLARSSL_DEPRECATED_REMOVED)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	981	const char x509_oid_get_description( x509_buf oid )
				982	{
				983	const char *desc = NULL;
				984	int ret;
				985
				986	ret = oid_get_extended_key_usage( oid, &desc );
				987
				988	if( ret != 0 )
				989	return( NULL );
				990
				991	return( desc );
				992	}
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	993	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	994
				995	/* Return the x.y.z.... style numeric string for the given OID */
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	996	#if ! defined(POLARSSL_DEPRECATED_REMOVED)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	997	int x509_oid_get_numeric_string( char buf, size_t size, x509_buf oid )
				998	{
				999	return oid_get_numeric_string( buf, size, oid );
				1000	}
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	1001	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1002
				1003	/*
				1004	* Return 0 if the x509_time is still valid, or 1 otherwise.
				1005	*/
				1006	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1007
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1008	static void x509_get_current_time( x509_time *now )
				1009	{
Paul Bakker	fa6a620	2013-10-28 18:48:30 +0100	[diff] [blame]	1010	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1011	SYSTEMTIME st;
				1012
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	1013	GetSystemTime( &st );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1014
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1015	now->year = st.wYear;
				1016	now->mon = st.wMonth;
				1017	now->day = st.wDay;
				1018	now->hour = st.wHour;
				1019	now->min = st.wMinute;
				1020	now->sec = st.wSecond;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1021	#else
Paul Bakker	5fff23b	2014-03-26 15:34:54 +0100	[diff] [blame]	1022	struct tm lt;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1023	time_t tt;
				1024
				1025	tt = time( NULL );
Manuel Pégourié-Gonnard	0776a43	2014-04-11 12:25:45 +0200	[diff] [blame]	1026	gmtime_r( &tt, &lt );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1027
Paul Bakker	5fff23b	2014-03-26 15:34:54 +0100	[diff] [blame]	1028	now->year = lt.tm_year + 1900;
				1029	now->mon = lt.tm_mon + 1;
				1030	now->day = lt.tm_mday;
				1031	now->hour = lt.tm_hour;
				1032	now->min = lt.tm_min;
				1033	now->sec = lt.tm_sec;
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1034	#endif /* _WIN32 && !EFIX64 && !EFI32 */
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1035	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1036
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1037	/*
				1038	* Return 0 if before <= after, 1 otherwise
				1039	*/
				1040	static int x509_check_time( const x509_time before, const x509_time after )
				1041	{
				1042	if( before->year > after->year )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1043	return( 1 );
				1044
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1045	if( before->year == after->year &&
				1046	before->mon > after->mon )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1047	return( 1 );
				1048
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1049	if( before->year == after->year &&
				1050	before->mon == after->mon &&
				1051	before->day > after->day )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1052	return( 1 );
				1053
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1054	if( before->year == after->year &&
				1055	before->mon == after->mon &&
				1056	before->day == after->day &&
				1057	before->hour > after->hour )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1058	return( 1 );
				1059
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1060	if( before->year == after->year &&
				1061	before->mon == after->mon &&
				1062	before->day == after->day &&
				1063	before->hour == after->hour &&
				1064	before->min > after->min )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1065	return( 1 );
				1066
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1067	if( before->year == after->year &&
				1068	before->mon == after->mon &&
				1069	before->day == after->day &&
				1070	before->hour == after->hour &&
				1071	before->min == after->min &&
				1072	before->sec > after->sec )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1073	return( 1 );
				1074
				1075	return( 0 );
				1076	}
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1077
				1078	int x509_time_expired( const x509_time *to )
				1079	{
				1080	x509_time now;
				1081
				1082	x509_get_current_time( &now );
				1083
				1084	return( x509_check_time( &now, to ) );
				1085	}
				1086
				1087	int x509_time_future( const x509_time *from )
				1088	{
				1089	x509_time now;
				1090
				1091	x509_get_current_time( &now );
				1092
				1093	return( x509_check_time( from, &now ) );
				1094	}
				1095
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1096	#else /* POLARSSL_HAVE_TIME */
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1097
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	1098	int x509_time_expired( const x509_time *to )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1099	{
				1100	((void) to);
				1101	return( 0 );
				1102	}
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1103
				1104	int x509_time_future( const x509_time *from )
				1105	{
				1106	((void) from);
				1107	return( 0 );
				1108	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1109	#endif /* POLARSSL_HAVE_TIME */
				1110
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1111	#if defined(POLARSSL_SELF_TEST)
				1112
				1113	#include "polarssl/x509_crt.h"
				1114	#include "polarssl/certs.h"
				1115
				1116	/*
				1117	* Checkup routine
				1118	*/
				1119	int x509_self_test( int verbose )
				1120	{
Manuel Pégourié-Gonnard	3d41370	2014-04-29 15:29:41 +0200	[diff] [blame]	1121	#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_SHA1_C)
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1122	int ret;
				1123	int flags;
Paul Bakker	c559c7a	2013-09-18 14:13:26 +0200	[diff] [blame]	1124	x509_crt cacert;
				1125	x509_crt clicert;
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1126
				1127	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1128	polarssl_printf( " X.509 certificate load: " );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1129
Paul Bakker	b6b0956	2013-09-18 14:17:41 +0200	[diff] [blame]	1130	x509_crt_init( &clicert );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1131
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1132	ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
				1133	strlen( test_cli_crt ) );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1134	if( ret != 0 )
				1135	{
				1136	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1137	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1138
				1139	return( ret );
				1140	}
				1141
Paul Bakker	b6b0956	2013-09-18 14:17:41 +0200	[diff] [blame]	1142	x509_crt_init( &cacert );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1143
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1144	ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
				1145	strlen( test_ca_crt ) );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1146	if( ret != 0 )
				1147	{
				1148	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1149	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1150
				1151	return( ret );
				1152	}
				1153
				1154	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1155	polarssl_printf( "passed\n X.509 signature verify: ");
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1156
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1157	ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1158	if( ret != 0 )
				1159	{
				1160	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1161	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1162
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	1163	polarssl_printf( "ret = %d, &flags = %04x\n", ret, flags );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1164
				1165	return( ret );
				1166	}
				1167
				1168	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1169	polarssl_printf( "passed\n\n");
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1170
				1171	x509_crt_free( &cacert );
				1172	x509_crt_free( &clicert );
				1173
				1174	return( 0 );
				1175	#else
				1176	((void) verbose);
				1177	return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1178	#endif /* POLARSSL_CERTS_C && POLARSSL_SHA1_C */
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1179	}
				1180
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1181	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1182
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1183	#endif /* POLARSSL_X509_USE_C */