Blame - library/x509.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 3619aee4fb4d92aad54fe4b26560d80a79fbc43d [file] [log] [blame]

Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1	/*
Manuel Pégourié-Gonnard	1c082f3	2014-06-12 22:34:55 +0200	[diff] [blame]	2	* X.509 common functions for parsing and verification
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	3	*
Manuel Pégourié-Gonnard	a658a40	2015-01-23 09:45:19 +0000	[diff] [blame]	4	* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	5	*
Manuel Pégourié-Gonnard	fe44643	2015-03-06 13:17:10 +0000	[diff] [blame]	6	* This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	7	*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22	/*
				23	* The ITU-T X.509 standard defines a certificate format for PKI.
				24	*
Manuel Pégourié-Gonnard	1c082f3	2014-06-12 22:34:55 +0200	[diff] [blame]	25	* http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
				26	* http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
				27	* http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	28	*
				29	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
				30	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
				31	*/
				32
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	33	#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	34	#include "polarssl/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	35	#else
				36	#include POLARSSL_CONFIG_FILE
				37	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	38
				39	#if defined(POLARSSL_X509_USE_C)
				40
				41	#include "polarssl/x509.h"
				42	#include "polarssl/asn1.h"
				43	#include "polarssl/oid.h"
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	44
Rich Evans	36796df	2015-02-12 18:27:14 +0000	[diff] [blame]	45	#include <stdio.h>
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	46	#include <string.h>
				47
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	48	#if defined(POLARSSL_PEM_PARSE_C)
				49	#include "polarssl/pem.h"
				50	#endif
				51
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	52	#if defined(POLARSSL_PLATFORM_C)
				53	#include "polarssl/platform.h"
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	54	#else
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	55	#include <stdio.h>
				56	#include <stdlib.h>
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	57	#define polarssl_free free
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	58	#define polarssl_malloc malloc
				59	#define polarssl_printf printf
				60	#define polarssl_snprintf snprintf
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	61	#endif
				62
Paul Bakker	fa6a620	2013-10-28 18:48:30 +0100	[diff] [blame]	63	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	64	#include <windows.h>
				65	#else
				66	#include <time.h>
				67	#endif
				68
				69	#if defined(POLARSSL_FS_IO)
Rich Evans	36796df	2015-02-12 18:27:14 +0000	[diff] [blame]	70	#include <stdio.h>
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	71	#if !defined(_WIN32)
				72	#include <sys/types.h>
				73	#include <sys/stat.h>
				74	#include <dirent.h>
				75	#endif
				76	#endif
				77
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	78	#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	79	#define CHECK_RANGE(min, max, val) if( val < min \|\| val > max ){ return( ret ); }
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	80
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	81	/*
				82	* CertificateSerialNumber ::= INTEGER
				83	*/
				84	int x509_get_serial( unsigned char *p, const unsigned char end,
				85	x509_buf *serial )
				86	{
				87	int ret;
				88
				89	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	90	return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	91	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				92
				93	if( **p != ( ASN1_CONTEXT_SPECIFIC \| ASN1_PRIMITIVE \| 2 ) &&
				94	**p != ASN1_INTEGER )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	95	return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	96	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				97
				98	serial->tag = (p)++;
				99
				100	if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	101	return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	102
				103	serial->p = *p;
				104	*p += serial->len;
				105
				106	return( 0 );
				107	}
				108
				109	/* Get an algorithm identifier without parameters (eg for signatures)
				110	*
				111	* AlgorithmIdentifier ::= SEQUENCE {
				112	* algorithm OBJECT IDENTIFIER,
				113	* parameters ANY DEFINED BY algorithm OPTIONAL }
				114	*/
				115	int x509_get_alg_null( unsigned char *p, const unsigned char end,
				116	x509_buf *alg )
				117	{
				118	int ret;
				119
				120	if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	121	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	122
				123	return( 0 );
				124	}
				125
				126	/*
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	127	* Parse an algorithm identifier with (optional) paramaters
				128	*/
				129	int x509_get_alg( unsigned char *p, const unsigned char end,
				130	x509_buf alg, x509_buf params )
				131	{
				132	int ret;
				133
				134	if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
				135	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				136
				137	return( 0 );
				138	}
				139
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	140	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	141	/*
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	142	* HashAlgorithm ::= AlgorithmIdentifier
				143	*
				144	* AlgorithmIdentifier ::= SEQUENCE {
				145	* algorithm OBJECT IDENTIFIER,
				146	* parameters ANY DEFINED BY algorithm OPTIONAL }
				147	*
				148	* For HashAlgorithm, parameters MUST be NULL or absent.
				149	*/
				150	static int x509_get_hash_alg( const x509_buf alg, md_type_t md_alg )
				151	{
				152	int ret;
				153	unsigned char *p;
				154	const unsigned char *end;
				155	x509_buf md_oid;
				156	size_t len;
				157
				158	/* Make sure we got a SEQUENCE and setup bounds */
				159	if( alg->tag != ( ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) )
				160	return( POLARSSL_ERR_X509_INVALID_ALG +
				161	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				162
				163	p = (unsigned char *) alg->p;
				164	end = p + alg->len;
				165
				166	if( p >= end )
				167	return( POLARSSL_ERR_X509_INVALID_ALG +
				168	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				169
				170	/* Parse md_oid */
				171	md_oid.tag = *p;
				172
				173	if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
				174	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				175
				176	md_oid.p = p;
				177	p += md_oid.len;
				178
				179	/* Get md_alg from md_oid */
				180	if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
				181	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				182
				183	/* Make sure params is absent of NULL */
				184	if( p == end )
				185	return( 0 );
				186
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	187	if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 \|\| len != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	188	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				189
				190	if( p != end )
				191	return( POLARSSL_ERR_X509_INVALID_ALG +
				192	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				193
				194	return( 0 );
				195	}
				196
				197	/*
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	198	* RSASSA-PSS-params ::= SEQUENCE {
				199	* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
				200	* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
				201	* saltLength [2] INTEGER DEFAULT 20,
				202	* trailerField [3] INTEGER DEFAULT 1 }
				203	* -- Note that the tags in this Sequence are explicit.
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	204	*
				205	* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
				206	* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
				207	* option. Enfore this at parsing time.
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	208	*/
				209	int x509_get_rsassa_pss_params( const x509_buf *params,
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	210	md_type_t md_alg, md_type_t mgf_md,
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	211	int *salt_len )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	212	{
				213	int ret;
				214	unsigned char *p;
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	215	const unsigned char end, end2;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	216	size_t len;
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	217	x509_buf alg_id, alg_params;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	218
				219	/* First set everything to defaults */
				220	*md_alg = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	221	*mgf_md = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	222	*salt_len = 20;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	223
				224	/* Make sure params is a SEQUENCE and setup bounds */
				225	if( params->tag != ( ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) )
				226	return( POLARSSL_ERR_X509_INVALID_ALG +
				227	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				228
				229	p = (unsigned char *) params->p;
				230	end = p + params->len;
				231
				232	if( p == end )
				233	return( 0 );
				234
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	235	/*
				236	* HashAlgorithm
				237	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	238	if( ( ret = asn1_get_tag( &p, end, &len,
				239	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 0 ) ) == 0 )
				240	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	241	end2 = p + len;
				242
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	243	/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	244	if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	245	return( ret );
				246
				247	if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
				248	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	249
				250	if( p != end2 )
				251	return( POLARSSL_ERR_X509_INVALID_ALG +
				252	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	253	}
				254	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				255	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				256
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	257	if( p == end )
				258	return( 0 );
				259
				260	/*
				261	* MaskGenAlgorithm
				262	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	263	if( ( ret = asn1_get_tag( &p, end, &len,
				264	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 1 ) ) == 0 )
				265	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	266	end2 = p + len;
				267
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	268	/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	269	if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	270	return( ret );
				271
				272	/* Only MFG1 is recognised for now */
				273	if( ! OID_CMP( OID_MGF1, &alg_id ) )
				274	return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
				275	POLARSSL_ERR_OID_NOT_FOUND );
				276
				277	/* Parse HashAlgorithm */
				278	if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
				279	return( ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	280
				281	if( p != end2 )
				282	return( POLARSSL_ERR_X509_INVALID_ALG +
				283	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	284	}
				285	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				286	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				287
				288	if( p == end )
				289	return( 0 );
				290
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	291	/*
				292	* salt_len
				293	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	294	if( ( ret = asn1_get_tag( &p, end, &len,
				295	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 2 ) ) == 0 )
				296	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	297	end2 = p + len;
				298
				299	if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	300	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	301
				302	if( p != end2 )
				303	return( POLARSSL_ERR_X509_INVALID_ALG +
				304	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	305	}
				306	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				307	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				308
				309	if( p == end )
				310	return( 0 );
				311
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	312	/*
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	313	* trailer_field (if present, must be 1)
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	314	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	315	if( ( ret = asn1_get_tag( &p, end, &len,
				316	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 3 ) ) == 0 )
				317	{
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	318	int trailer_field;
				319
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	320	end2 = p + len;
				321
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	322	if( ( ret = asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	323	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	324
				325	if( p != end2 )
				326	return( POLARSSL_ERR_X509_INVALID_ALG +
				327	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	328
				329	if( trailer_field != 1 )
				330	return( POLARSSL_ERR_X509_INVALID_ALG );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	331	}
				332	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				333	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				334
				335	if( p != end )
				336	return( POLARSSL_ERR_X509_INVALID_ALG +
				337	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				338
				339	return( 0 );
				340	}
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	341	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	342
				343	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	344	* AttributeTypeAndValue ::= SEQUENCE {
				345	* type AttributeType,
				346	* value AttributeValue }
				347	*
				348	* AttributeType ::= OBJECT IDENTIFIER
				349	*
				350	* AttributeValue ::= ANY DEFINED BY AttributeType
				351	*/
				352	static int x509_get_attr_type_value( unsigned char **p,
				353	const unsigned char *end,
				354	x509_name *cur )
				355	{
				356	int ret;
				357	size_t len;
				358	x509_buf *oid;
				359	x509_buf *val;
				360
				361	if( ( ret = asn1_get_tag( p, end, &len,
				362	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	363	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	364
				365	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	366	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	367	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				368
				369	oid = &cur->oid;
				370	oid->tag = **p;
				371
				372	if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	373	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	374
				375	oid->p = *p;
				376	*p += oid->len;
				377
				378	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	379	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	380	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				381
				382	if( p != ASN1_BMP_STRING && p != ASN1_UTF8_STRING &&
				383	p != ASN1_T61_STRING && p != ASN1_PRINTABLE_STRING &&
Manuel Pégourié-Gonnard	dd5dbca	2015-03-27 13:03:09 +0100	[diff] [blame]	384	p != ASN1_IA5_STRING && p != ASN1_UNIVERSAL_STRING &&
				385	**p != ASN1_BIT_STRING )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	386	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	387	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				388
				389	val = &cur->val;
				390	val->tag = (p)++;
				391
				392	if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	393	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	394
				395	val->p = *p;
				396	*p += val->len;
				397
				398	cur->next = NULL;
				399
				400	return( 0 );
				401	}
				402
				403	/*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	404	* Name ::= CHOICE { -- only one possibility for now --
				405	* rdnSequence RDNSequence }
				406	*
				407	* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
				408	*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	409	* RelativeDistinguishedName ::=
				410	* SET OF AttributeTypeAndValue
				411	*
				412	* AttributeTypeAndValue ::= SEQUENCE {
				413	* type AttributeType,
				414	* value AttributeValue }
				415	*
				416	* AttributeType ::= OBJECT IDENTIFIER
				417	*
				418	* AttributeValue ::= ANY DEFINED BY AttributeType
Manuel Pégourié-Gonnard	5d86185	2014-10-17 12:41:41 +0200	[diff] [blame]	419	*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	420	* The data structure is optimized for the common case where each RDN has only
				421	* one element, which is represented as a list of AttributeTypeAndValue.
				422	* For the general case we still use a flat list, but we mark elements of the
				423	* same set so that they are "merged" together in the functions that consume
				424	* this list, eg x509_dn_gets().
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	425	*/
				426	int x509_get_name( unsigned char *p, const unsigned char end,
				427	x509_name *cur )
				428	{
				429	int ret;
Manuel Pégourié-Gonnard	5d86185	2014-10-17 12:41:41 +0200	[diff] [blame]	430	size_t set_len;
				431	const unsigned char *end_set;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	432
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	433	/* don't use recursion, we'd risk stack overflow if not optimized */
				434	while( 1 )
				435	{
				436	/*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	437	* parse SET
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	438	*/
				439	if( ( ret = asn1_get_tag( p, end, &set_len,
				440	ASN1_CONSTRUCTED \| ASN1_SET ) ) != 0 )
				441	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	442
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	443	end_set = *p + set_len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	444
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	445	while( 1 )
				446	{
				447	if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
				448	return( ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	449
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	450	if( *p == end_set )
				451	break;
				452
Nicholas Wilson	d0fa5cc	2015-05-11 10:39:49 +0100	[diff] [blame]	453	/* Mark this item as being not the only one in a set */
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	454	cur->next_merged = 1;
				455
Mansour Moufid	c531b4a	2015-02-15 17:35:38 -0500	[diff] [blame]	456	cur->next = polarssl_malloc( sizeof( x509_name ) );
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	457
				458	if( cur->next == NULL )
				459	return( POLARSSL_ERR_X509_MALLOC_FAILED );
				460
				461	memset( cur->next, 0, sizeof( x509_name ) );
				462
				463	cur = cur->next;
				464	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	465
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	466	/*
				467	* continue until end of SEQUENCE is reached
				468	*/
				469	if( *p == end )
				470	return( 0 );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	471
Mansour Moufid	c531b4a	2015-02-15 17:35:38 -0500	[diff] [blame]	472	cur->next = polarssl_malloc( sizeof( x509_name ) );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	473
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	474	if( cur->next == NULL )
				475	return( POLARSSL_ERR_X509_MALLOC_FAILED );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	476
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	477	memset( cur->next, 0, sizeof( x509_name ) );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	478
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	479	cur = cur->next;
				480	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	481	}
				482
Andres Amaya Garcia	cf42873	2017-07-31 16:40:12 +0100	[diff] [blame^]	483	static int x509_parse_int( unsigned char *p, size_t n, int res )
				484	{
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	485	*res = 0;
Andres Amaya Garcia	cf42873	2017-07-31 16:40:12 +0100	[diff] [blame^]	486
				487	for( ; n > 0; --n )
				488	{
				489	if( ( p < '0') \|\| ( p > '9' ) )
				490	return( POLARSSL_ERR_X509_INVALID_DATE );
				491
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	492	res = 10;
Andres Amaya Garcia	cf42873	2017-07-31 16:40:12 +0100	[diff] [blame^]	493	res += ( (*p)++ - '0' );
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	494	}
Andres Amaya Garcia	cf42873	2017-07-31 16:40:12 +0100	[diff] [blame^]	495
				496	return( 0 );
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	497	}
				498
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	499	static int x509_date_is_valid(const x509_time *t)
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	500	{
				501	int ret = POLARSSL_ERR_X509_INVALID_DATE;
				502
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	503	CHECK_RANGE( 0, 9999, t->year );
				504	CHECK_RANGE( 0, 23, t->hour );
				505	CHECK_RANGE( 0, 59, t->min );
				506	CHECK_RANGE( 0, 59, t->sec );
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	507
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	508	switch( t->mon )
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	509	{
				510	case 1: case 3: case 5: case 7: case 8: case 10: case 12:
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	511	CHECK_RANGE( 1, 31, t->day );
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	512	break;
				513	case 4: case 6: case 9: case 11:
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	514	CHECK_RANGE( 1, 30, t->day );
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	515	break;
				516	case 2:
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	517	CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day );
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame]	518	break;
				519	default:
				520	return( ret );
				521	}
				522
				523	return( 0 );
				524	}
				525
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	526	/*
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	527	* Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) field.
				528	*/
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	529	static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
				530	x509_time *tm )
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	531	{
				532	int ret;
				533
				534	/*
				535	* minimum length is 10 or 12 depending on yearlen
				536	*/
				537	if ( len < yearlen + 8 )
				538	return POLARSSL_ERR_X509_INVALID_DATE;
				539	len -= yearlen + 8;
				540
				541	/*
				542	* parse year, month, day, hour, minute
				543	*/
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	544	CHECK( x509_parse_int( p, yearlen, &tm->year ) );
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	545	if ( 2 == yearlen )
				546	{
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	547	if ( tm->year < 50 )
				548	tm->year += 100;
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	549
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	550	tm->year += 1900;
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	551	}
				552
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	553	CHECK( x509_parse_int( p, 2, &tm->mon ) );
				554	CHECK( x509_parse_int( p, 2, &tm->day ) );
				555	CHECK( x509_parse_int( p, 2, &tm->hour ) );
				556	CHECK( x509_parse_int( p, 2, &tm->min ) );
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	557
				558	/*
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	559	* parse seconds if present
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	560	*/
				561	if ( len >= 2 && p >= '0' && p <= '9' )
				562	{
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	563	CHECK( x509_parse_int( p, 2, &tm->sec ) );
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	564	len -= 2;
				565	}
				566	else
				567	{
				568	#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE)
				569	/*
				570	* if relaxed mode, allow seconds to be absent
				571	*/
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	572	tm->sec = 0;
Janos Follath	17da9dd	2016-09-19 09:35:18 +0100	[diff] [blame]	573	#else
				574	return POLARSSL_ERR_X509_INVALID_DATE;
				575	#endif
				576	}
				577
				578	/*
				579	* parse trailing 'Z' if present
				580	*/
				581	if ( 1 == len && 'Z' == **p )
				582	{
				583	(*p)++;
				584	return 0;
				585	}
				586	#if defined(POLARSSL_X509_ALLOW_RELAXED_DATE)
				587	/*
				588	* if relaxed mode, allow timezone to be present
				589	*/
				590	else if ( 5 == len && ( '+' == p \|\| '-' == p ) )
				591	{
				592	int tz; /* throwaway timezone */
				593
				594	(*p)++;
				595	CHECK( x509_parse_int( p, 4, &tz ) );
				596
				597	return 0;
				598	}
				599	#endif
				600	/*
				601	* okay if no trailing 'Z' or timezone specified
				602	*/
				603	else if ( 0 == len )
				604	return 0;
				605	else
				606	return POLARSSL_ERR_X509_INVALID_DATE;
				607	}
				608
				609	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	610	* Time ::= CHOICE {
				611	* utcTime UTCTime,
				612	* generalTime GeneralizedTime }
				613	*/
				614	int x509_get_time( unsigned char *p, const unsigned char end,
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	615	x509_time *tm )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	616	{
				617	int ret;
				618	size_t len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	619	unsigned char tag;
				620
				621	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	622	return( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	623	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				624
				625	tag = **p;
				626
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	627	if( tag == ASN1_UTC_TIME )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	628	{
				629	(*p)++;
				630	ret = asn1_get_len( p, end, &len );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	631	if( ret != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	632	return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	633
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	634	CHECK( x509_parse_time( p, len, 2, tm ) );
Simon Butcher	2d0ffbb	2016-10-17 22:32:47 +0100	[diff] [blame]	635
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	636	CHECK( x509_date_is_valid( tm ) );
Simon Butcher	2d0ffbb	2016-10-17 22:32:47 +0100	[diff] [blame]	637
				638	return( 0 );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	639	}
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	640	else if( tag == ASN1_GENERALIZED_TIME )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	641	{
				642	(*p)++;
				643	ret = asn1_get_len( p, end, &len );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	644	if( ret != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	645	return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	646
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	647	CHECK( x509_parse_time( p, len, 4, tm ) );
Simon Butcher	2d0ffbb	2016-10-17 22:32:47 +0100	[diff] [blame]	648
Hanno Becker	ab3fbc2	2017-04-26 15:01:23 +0100	[diff] [blame]	649	CHECK( x509_date_is_valid( tm ) );
Simon Butcher	2d0ffbb	2016-10-17 22:32:47 +0100	[diff] [blame]	650
				651	return( 0 );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	652	}
				653	else
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	654	return( POLARSSL_ERR_X509_INVALID_DATE +
				655	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	656	}
				657
				658	int x509_get_sig( unsigned char *p, const unsigned char end, x509_buf *sig )
				659	{
				660	int ret;
				661	size_t len;
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	662	int tag_type;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	663
				664	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	665	return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	666	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				667
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	668	tag_type = **p;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	669
				670	if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	671	return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	672
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	673	sig->tag = tag_type;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	674	sig->len = len;
				675	sig->p = *p;
				676
				677	*p += len;
				678
				679	return( 0 );
				680	}
				681
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	682	/*
				683	* Get signature algorithm from alg OID and optional parameters
				684	*/
				685	int x509_get_sig_alg( const x509_buf sig_oid, const x509_buf sig_params,
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	686	md_type_t md_alg, pk_type_t pk_alg,
				687	void **sig_opts )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	688	{
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	689	int ret;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	690
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	691	if( *sig_opts != NULL )
				692	return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
				693
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	694	if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	695	return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	696
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	697	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	698	if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
				699	{
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	700	pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	701
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	702	pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
				703	if( pss_opts == NULL )
				704	return( POLARSSL_ERR_X509_MALLOC_FAILED );
				705
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	706	ret = x509_get_rsassa_pss_params( sig_params,
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	707	md_alg,
				708	&pss_opts->mgf1_hash_id,
				709	&pss_opts->expected_salt_len );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	710	if( ret != 0 )
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	711	{
				712	polarssl_free( pss_opts );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	713	return( ret );
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	714	}
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	715
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	716	sig_opts = (void ) pss_opts;
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	717	}
				718	else
Paul Bakker	db20c10	2014-06-17 14:34:44 +0200	[diff] [blame]	719	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	720	{
				721	/* Make sure parameters are absent or NULL */
				722	if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) \|\|
				723	sig_params->len != 0 )
				724	return( POLARSSL_ERR_X509_INVALID_ALG );
				725	}
				726
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	727	return( 0 );
				728	}
				729
				730	/*
				731	* X.509 Extensions (No parsing of extensions, pointer should
				732	* be either manually updated or extensions should be parsed!
				733	*/
				734	int x509_get_ext( unsigned char *p, const unsigned char end,
				735	x509_buf *ext, int tag )
				736	{
				737	int ret;
				738	size_t len;
				739
				740	if( *p == end )
				741	return( 0 );
				742
				743	ext->tag = **p;
				744
				745	if( ( ret = asn1_get_tag( p, end, &ext->len,
				746	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| tag ) ) != 0 )
				747	return( ret );
				748
				749	ext->p = *p;
				750	end = *p + ext->len;
				751
				752	/*
				753	* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
				754	*
				755	* Extension ::= SEQUENCE {
				756	* extnID OBJECT IDENTIFIER,
				757	* critical BOOLEAN DEFAULT FALSE,
				758	* extnValue OCTET STRING }
				759	*/
				760	if( ( ret = asn1_get_tag( p, end, &len,
				761	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	762	return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	763
				764	if( end != *p + len )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	765	return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	766	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				767
				768	return( 0 );
				769	}
				770
Paul Bakker	6edcd41	2013-10-29 15:22:54 +0100	[diff] [blame]	771	#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
				772	!defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	773	#include <stdarg.h>
				774
				775	#if !defined vsnprintf
				776	#define vsnprintf _vsnprintf
				777	#endif // vsnprintf
				778
				779	/*
				780	* Windows _snprintf and _vsnprintf are not compatible to linux versions.
				781	* Result value is not size of buffer needed, but -1 if no fit is possible.
				782	*
				783	* This fuction tries to 'fix' this by at least suggesting enlarging the
				784	* size by 20.
				785	*/
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	786	static int compat_snprintf( char str, size_t size, const char format, ... )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	787	{
				788	va_list ap;
				789	int res = -1;
				790
				791	va_start( ap, format );
				792
				793	res = vsnprintf( str, size, format, ap );
				794
				795	va_end( ap );
				796
				797	// No quick fix possible
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	798	if( res < 0 )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	799	return( (int) size + 20 );
				800
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	801	return( res );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	802	}
				803
				804	#define snprintf compat_snprintf
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	805	#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	806
				807	#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
				808
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	809	#define SAFE_SNPRINTF() \
				810	{ \
				811	if( ret == -1 ) \
				812	return( -1 ); \
				813	\
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	814	if( (unsigned int) ret > n ) { \
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	815	p[n - 1] = '\0'; \
				816	return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); \
				817	} \
				818	\
				819	n -= (unsigned int) ret; \
				820	p += (unsigned int) ret; \
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	821	}
				822
				823	/*
				824	* Store the name in printable form into buf; no more
				825	* than size characters will be written
				826	*/
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	827	int x509_dn_gets( char buf, size_t size, const x509_name dn )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	828	{
				829	int ret;
				830	size_t i, n;
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	831	unsigned char c, merge = 0;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	832	const x509_name *name;
				833	const char *short_name = NULL;
Paul Bakker	8dcb2d7	2014-08-08 12:22:30 +0200	[diff] [blame]	834	char s[X509_MAX_DN_NAME_SIZE], *p;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	835
				836	memset( s, 0, sizeof( s ) );
				837
				838	name = dn;
				839	p = buf;
				840	n = size;
				841
				842	while( name != NULL )
				843	{
				844	if( !name->oid.p )
				845	{
				846	name = name->next;
				847	continue;
				848	}
				849
				850	if( name != dn )
				851	{
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	852	ret = polarssl_snprintf( p, n, merge ? " + " : ", " );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	853	SAFE_SNPRINTF();
				854	}
				855
				856	ret = oid_get_attr_short_name( &name->oid, &short_name );
				857
				858	if( ret == 0 )
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	859	ret = polarssl_snprintf( p, n, "%s=", short_name );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	860	else
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	861	ret = polarssl_snprintf( p, n, "\?\?=" );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	862	SAFE_SNPRINTF();
				863
				864	for( i = 0; i < name->val.len; i++ )
				865	{
				866	if( i >= sizeof( s ) - 1 )
				867	break;
				868
				869	c = name->val.p[i];
				870	if( c < 32 \|\| c == 127 \|\| ( c > 128 && c < 160 ) )
				871	s[i] = '?';
				872	else s[i] = c;
				873	}
				874	s[i] = '\0';
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	875	ret = polarssl_snprintf( p, n, "%s", s );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	876	SAFE_SNPRINTF();
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	877
				878	merge = name->next_merged;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	879	name = name->next;
				880	}
				881
				882	return( (int) ( size - n ) );
				883	}
				884
				885	/*
				886	* Store the serial in printable form into buf; no more
				887	* than size characters will be written
				888	*/
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	889	int x509_serial_gets( char buf, size_t size, const x509_buf serial )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	890	{
				891	int ret;
				892	size_t i, n, nr;
				893	char *p;
				894
				895	p = buf;
				896	n = size;
				897
				898	nr = ( serial->len <= 32 )
				899	? serial->len : 28;
				900
				901	for( i = 0; i < nr; i++ )
				902	{
				903	if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
				904	continue;
				905
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	906	ret = polarssl_snprintf( p, n, "%02X%s",
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	907	serial->p[i], ( i < nr - 1 ) ? ":" : "" );
				908	SAFE_SNPRINTF();
				909	}
				910
				911	if( nr != serial->len )
				912	{
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	913	ret = polarssl_snprintf( p, n, "...." );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	914	SAFE_SNPRINTF();
				915	}
				916
				917	return( (int) ( size - n ) );
				918	}
				919
				920	/*
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	921	* Helper for writing signature algorithms
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	922	*/
				923	int x509_sig_alg_gets( char buf, size_t size, const x509_buf sig_oid,
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	924	pk_type_t pk_alg, md_type_t md_alg,
				925	const void *sig_opts )
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	926	{
				927	int ret;
				928	char *p = buf;
				929	size_t n = size;
				930	const char *desc = NULL;
				931
				932	ret = oid_get_sig_alg_desc( sig_oid, &desc );
				933	if( ret != 0 )
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	934	ret = polarssl_snprintf( p, n, "???" );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	935	else
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	936	ret = polarssl_snprintf( p, n, "%s", desc );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	937	SAFE_SNPRINTF();
				938
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	939	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	940	if( pk_alg == POLARSSL_PK_RSASSA_PSS )
				941	{
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	942	const pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	943	const md_info_t md_info, mgf_md_info;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	944
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	945	pss_opts = (const pk_rsassa_pss_options *) sig_opts;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	946
				947	md_info = md_info_from_type( md_alg );
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	948	mgf_md_info = md_info_from_type( pss_opts->mgf1_hash_id );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	949
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	950	ret = polarssl_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	951	md_info ? md_info->name : "???",
				952	mgf_md_info ? mgf_md_info->name : "???",
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	953	pss_opts->expected_salt_len );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	954	SAFE_SNPRINTF();
				955	}
				956	#else
				957	((void) pk_alg);
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	958	((void) md_alg);
				959	((void) sig_opts);
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	960	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	961
Sander Niemeijer	ef5087d	2014-08-16 12:45:52 +0200	[diff] [blame]	962	return( (int)( size - n ) );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	963	}
				964
				965	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	966	* Helper for writing "RSA key size", "EC key size", etc
				967	*/
				968	int x509_key_size_helper( char buf, size_t size, const char name )
				969	{
				970	char *p = buf;
				971	size_t n = size;
				972	int ret;
				973
				974	if( strlen( name ) + sizeof( " key size" ) > size )
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	975	return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	976
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	977	ret = polarssl_snprintf( p, n, "%s key size", name );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	978	SAFE_SNPRINTF();
				979
				980	return( 0 );
				981	}
				982
				983	/*
				984	* Return an informational string describing the given OID
				985	*/
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	986	#if ! defined(POLARSSL_DEPRECATED_REMOVED)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	987	const char x509_oid_get_description( x509_buf oid )
				988	{
				989	const char *desc = NULL;
				990	int ret;
				991
				992	ret = oid_get_extended_key_usage( oid, &desc );
				993
				994	if( ret != 0 )
				995	return( NULL );
				996
				997	return( desc );
				998	}
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	999	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1000
				1001	/* Return the x.y.z.... style numeric string for the given OID */
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	1002	#if ! defined(POLARSSL_DEPRECATED_REMOVED)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1003	int x509_oid_get_numeric_string( char buf, size_t size, x509_buf oid )
				1004	{
				1005	return oid_get_numeric_string( buf, size, oid );
				1006	}
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	1007	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1008
				1009	/*
				1010	* Return 0 if the x509_time is still valid, or 1 otherwise.
				1011	*/
				1012	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1013
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1014	static void x509_get_current_time( x509_time *now )
				1015	{
Paul Bakker	fa6a620	2013-10-28 18:48:30 +0100	[diff] [blame]	1016	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1017	SYSTEMTIME st;
				1018
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	1019	GetSystemTime( &st );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1020
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1021	now->year = st.wYear;
				1022	now->mon = st.wMonth;
				1023	now->day = st.wDay;
				1024	now->hour = st.wHour;
				1025	now->min = st.wMinute;
				1026	now->sec = st.wSecond;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1027	#else
Paul Bakker	5fff23b	2014-03-26 15:34:54 +0100	[diff] [blame]	1028	struct tm lt;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1029	time_t tt;
				1030
				1031	tt = time( NULL );
Manuel Pégourié-Gonnard	0776a43	2014-04-11 12:25:45 +0200	[diff] [blame]	1032	gmtime_r( &tt, &lt );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1033
Paul Bakker	5fff23b	2014-03-26 15:34:54 +0100	[diff] [blame]	1034	now->year = lt.tm_year + 1900;
				1035	now->mon = lt.tm_mon + 1;
				1036	now->day = lt.tm_mday;
				1037	now->hour = lt.tm_hour;
				1038	now->min = lt.tm_min;
				1039	now->sec = lt.tm_sec;
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1040	#endif /* _WIN32 && !EFIX64 && !EFI32 */
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1041	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1042
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1043	/*
				1044	* Return 0 if before <= after, 1 otherwise
				1045	*/
				1046	static int x509_check_time( const x509_time before, const x509_time after )
				1047	{
				1048	if( before->year > after->year )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1049	return( 1 );
				1050
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1051	if( before->year == after->year &&
				1052	before->mon > after->mon )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1053	return( 1 );
				1054
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1055	if( before->year == after->year &&
				1056	before->mon == after->mon &&
				1057	before->day > after->day )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1058	return( 1 );
				1059
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1060	if( before->year == after->year &&
				1061	before->mon == after->mon &&
				1062	before->day == after->day &&
				1063	before->hour > after->hour )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1064	return( 1 );
				1065
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1066	if( before->year == after->year &&
				1067	before->mon == after->mon &&
				1068	before->day == after->day &&
				1069	before->hour == after->hour &&
				1070	before->min > after->min )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1071	return( 1 );
				1072
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1073	if( before->year == after->year &&
				1074	before->mon == after->mon &&
				1075	before->day == after->day &&
				1076	before->hour == after->hour &&
				1077	before->min == after->min &&
				1078	before->sec > after->sec )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1079	return( 1 );
				1080
				1081	return( 0 );
				1082	}
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1083
				1084	int x509_time_expired( const x509_time *to )
				1085	{
				1086	x509_time now;
				1087
				1088	x509_get_current_time( &now );
				1089
				1090	return( x509_check_time( &now, to ) );
				1091	}
				1092
				1093	int x509_time_future( const x509_time *from )
				1094	{
				1095	x509_time now;
				1096
				1097	x509_get_current_time( &now );
				1098
				1099	return( x509_check_time( from, &now ) );
				1100	}
				1101
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1102	#else /* POLARSSL_HAVE_TIME */
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1103
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	1104	int x509_time_expired( const x509_time *to )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1105	{
				1106	((void) to);
				1107	return( 0 );
				1108	}
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1109
				1110	int x509_time_future( const x509_time *from )
				1111	{
				1112	((void) from);
				1113	return( 0 );
				1114	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1115	#endif /* POLARSSL_HAVE_TIME */
				1116
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1117	#if defined(POLARSSL_SELF_TEST)
				1118
				1119	#include "polarssl/x509_crt.h"
				1120	#include "polarssl/certs.h"
				1121
				1122	/*
				1123	* Checkup routine
				1124	*/
				1125	int x509_self_test( int verbose )
				1126	{
Manuel Pégourié-Gonnard	3d41370	2014-04-29 15:29:41 +0200	[diff] [blame]	1127	#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_SHA1_C)
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1128	int ret;
				1129	int flags;
Paul Bakker	c559c7a	2013-09-18 14:13:26 +0200	[diff] [blame]	1130	x509_crt cacert;
				1131	x509_crt clicert;
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1132
				1133	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1134	polarssl_printf( " X.509 certificate load: " );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1135
Paul Bakker	b6b0956	2013-09-18 14:17:41 +0200	[diff] [blame]	1136	x509_crt_init( &clicert );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1137
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1138	ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
				1139	strlen( test_cli_crt ) );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1140	if( ret != 0 )
				1141	{
				1142	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1143	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1144
				1145	return( ret );
				1146	}
				1147
Paul Bakker	b6b0956	2013-09-18 14:17:41 +0200	[diff] [blame]	1148	x509_crt_init( &cacert );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1149
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1150	ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
				1151	strlen( test_ca_crt ) );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1152	if( ret != 0 )
				1153	{
				1154	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1155	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1156
				1157	return( ret );
				1158	}
				1159
				1160	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1161	polarssl_printf( "passed\n X.509 signature verify: ");
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1162
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1163	ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1164	if( ret != 0 )
				1165	{
				1166	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1167	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1168
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	1169	polarssl_printf( "ret = %d, &flags = %04x\n", ret, flags );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1170
				1171	return( ret );
				1172	}
				1173
				1174	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1175	polarssl_printf( "passed\n\n");
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1176
				1177	x509_crt_free( &cacert );
				1178	x509_crt_free( &clicert );
				1179
				1180	return( 0 );
				1181	#else
				1182	((void) verbose);
				1183	return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1184	#endif /* POLARSSL_CERTS_C && POLARSSL_SHA1_C */
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1185	}
				1186
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1187	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1188
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1189	#endif /* POLARSSL_X509_USE_C */