1 /**************************************************************************/
2 /*                                                                        */
3 /*       Copyright (c) Microsoft Corporation. All rights reserved.        */
4 /*                                                                        */
5 /*       This software is licensed under the Microsoft Software License   */
6 /*       Terms for Microsoft Azure RTOS. Full text of the license can be  */
7 /*       found in the LICENSE file at https://aka.ms/AzureRTOS_EULA       */
8 /*       and in the root directory of this software.                      */
9 /*                                                                        */
10 /**************************************************************************/
11 
12 
13 /**************************************************************************/
14 /**************************************************************************/
15 /**                                                                       */
16 /** NetX Secure Component                                                 */
17 /**                                                                       */
18 /**    X.509 Digital Certificates                                         */
19 /**                                                                       */
20 /**************************************************************************/
21 /**************************************************************************/
22 
23 #define NX_SECURE_SOURCE_CODE
24 
25 #include "nx_secure_x509.h"
26 
27 /**************************************************************************/
28 /*                                                                        */
29 /*  FUNCTION                                               RELEASE        */
30 /*                                                                        */
31 /*    _nx_secure_x509_store_certificate_find              PORTABLE C      */
32 /*                                                           6.1.6        */
33 /*  AUTHOR                                                                */
34 /*                                                                        */
35 /*    Timothy Stapko, Microsoft Corporation                               */
36 /*                                                                        */
37 /*  DESCRIPTION                                                           */
38 /*                                                                        */
39 /*    This function finds a certificate in an X509 certificate store      */
40 /*    based on the Distinguished Name only. The actual position of the    */
41 /*    certificate is returned along with the certificate itself.          */
42 /*                                                                        */
43 /*  INPUT                                                                 */
44 /*                                                                        */
45 /*    store                                 Pointer to certificate store  */
46 /*    name                                  Distinguished name of cert    */
47 /*    cert_id                               Certificate ID                */
48 /*    certificate                           (Return) Pointer to cert      */
49 /*    location                              (Return) Location of cert     */
50 /*                                                                        */
51 /*  OUTPUT                                                                */
52 /*                                                                        */
53 /*    status                                Completion status             */
54 /*                                                                        */
55 /*  CALLS                                                                 */
56 /*                                                                        */
57 /*   _nx_secure_x509_certificate_list_find  Find certificate in list      */
58 /*                                                                        */
59 /*  CALLED BY                                                             */
60 /*                                                                        */
61 /*    _nx_secure_x509_certificate_chain_verify                            */
62 /*                                          Verify cert against stores    */
63 /*    _nx_secure_x509_crl_revocation_check  Check revocation in crl       */
64 /*                                                                        */
65 /*  RELEASE HISTORY                                                       */
66 /*                                                                        */
67 /*    DATE              NAME                      DESCRIPTION             */
68 /*                                                                        */
69 /*  05-19-2020     Timothy Stapko           Initial Version 6.0           */
70 /*  09-30-2020     Timothy Stapko           Modified comment(s),          */
71 /*                                            resulting in version 6.1    */
72 /*  04-02-2021     Timothy Stapko           Modified comment(s),          */
73 /*                                            removed dependency on TLS,  */
74 /*                                            resulting in version 6.1.6  */
75 /*                                                                        */
76 /**************************************************************************/
_nx_secure_x509_store_certificate_find(NX_SECURE_X509_CERTIFICATE_STORE * store,NX_SECURE_X509_DISTINGUISHED_NAME * name,UINT cert_id,NX_SECURE_X509_CERT ** certificate,UINT * location)77 UINT _nx_secure_x509_store_certificate_find(NX_SECURE_X509_CERTIFICATE_STORE *store,
78                                             NX_SECURE_X509_DISTINGUISHED_NAME *name,
79                                             UINT cert_id,
80                                             NX_SECURE_X509_CERT **certificate, UINT *location)
81 {
82 UINT status;
83 
84     /* Name and store must be non-NULL. */
85     if (name == NX_CRYPTO_NULL || store == NX_CRYPTO_NULL || certificate == NX_CRYPTO_NULL || location == NX_CRYPTO_NULL)
86     {
87 #ifdef NX_CRYPTO_STANDALONE_ENABLE
88         return(NX_CRYPTO_PTR_ERROR);
89 #else
90         return(NX_PTR_ERROR);
91 #endif /* NX_CRYPTO_STANDALONE_ENABLE */
92     }
93 
94     /* Search each location in turn. */
95 
96     /* Start with trusted certificates - if we find one, we are probably done! */
97     status = _nx_secure_x509_certificate_list_find(&store -> nx_secure_x509_trusted_certificates, name, cert_id, certificate);
98     if (status == NX_SECURE_X509_SUCCESS)
99     {
100         *location = NX_SECURE_X509_CERT_LOCATION_TRUSTED;
101         return(NX_SECURE_X509_SUCCESS);
102     }
103 
104     /* Next, local certificates. */
105     status = _nx_secure_x509_certificate_list_find(&store -> nx_secure_x509_local_certificates, name, cert_id, certificate);
106     if (status == NX_SECURE_X509_SUCCESS)
107     {
108         *location = NX_SECURE_X509_CERT_LOCATION_LOCAL;
109         return(NX_SECURE_X509_SUCCESS);
110     }
111 
112     /* Finally, check remote certs. */
113     status = _nx_secure_x509_certificate_list_find(&store -> nx_secure_x509_remote_certificates, name, cert_id, certificate);
114     if (status == NX_SECURE_X509_SUCCESS)
115     {
116         *location = NX_SECURE_X509_CERT_LOCATION_REMOTE;
117         return(NX_SECURE_X509_SUCCESS);
118     }
119 
120 
121     /* If we get here, the certificate was not found in any of the stores. */
122     *location = NX_SECURE_X509_CERT_LOCATION_NONE;
123 
124     return(NX_SECURE_X509_CERTIFICATE_NOT_FOUND);
125 }
126 
127