1 /**************************************************************************/
2 /*                                                                        */
3 /*       Copyright (c) Microsoft Corporation. All rights reserved.        */
4 /*                                                                        */
5 /*       This software is licensed under the Microsoft Software License   */
6 /*       Terms for Microsoft Azure RTOS. Full text of the license can be  */
7 /*       found in the LICENSE file at https://aka.ms/AzureRTOS_EULA       */
8 /*       and in the root directory of this software.                      */
9 /*                                                                        */
10 /**************************************************************************/
11 
12 
13 /**************************************************************************/
14 /**************************************************************************/
15 /**                                                                       */
16 /** NetX Secure Component                                                 */
17 /**                                                                       */
18 /**    X.509 Digital Certificates                                         */
19 /**                                                                       */
20 /**************************************************************************/
21 /**************************************************************************/
22 
23 #define NX_SECURE_SOURCE_CODE
24 
25 #include "nx_secure_x509.h"
26 
27 
28 /**************************************************************************/
29 /*                                                                        */
30 /*  FUNCTION                                               RELEASE        */
31 /*                                                                        */
32 /*    _nx_secure_x509_wildcard_compare                    PORTABLE C      */
33 /*                                                           6.1.6        */
34 /*  AUTHOR                                                                */
35 /*                                                                        */
36 /*    Timothy Stapko, Microsoft Corporation                               */
37 /*                                                                        */
38 /*  DESCRIPTION                                                           */
39 /*                                                                        */
40 /*    This function compares a name (string) against a name string using  */
41 /*    wildcards as found in the Common Name and subjectAltName fields of  */
42 /*    an X.509 certificate. This is primarily used when checking a DNS    */
43 /*    name against an X.509 certificate provided by a remote host.        */
44 /*                                                                        */
45 /*  INPUT                                                                 */
46 /*                                                                        */
47 /*    dns_name                              Name to check                 */
48 /*    dns_name_len                          Length of name                */
49 /*    wildcard_name                         String with name or wildcard  */
50 /*    wildcard_len                          Length of wildcard            */
51 /*                                                                        */
52 /*  OUTPUT                                                                */
53 /*                                                                        */
54 /*    compare value                         0 if equal, else non-zero     */
55 /*                                                                        */
56 /*  CALLS                                                                 */
57 /*                                                                        */
58 /*    None                                                                */
59 /*                                                                        */
60 /*  CALLED BY                                                             */
61 /*                                                                        */
62 /*    _nx_secure_x509_common_name_dns_check Check Common Name by DNS      */
63 /*    _nx_secure_x509_subject_alt_names_find                              */
64 /*                                          Find subject alt names        */
65 /*                                                                        */
66 /*  RELEASE HISTORY                                                       */
67 /*                                                                        */
68 /*    DATE              NAME                      DESCRIPTION             */
69 /*                                                                        */
70 /*  05-19-2020     Timothy Stapko           Initial Version 6.0           */
71 /*  09-30-2020     Timothy Stapko           Modified comment(s),          */
72 /*                                            resulting in version 6.1    */
73 /*  04-02-2021     Timothy Stapko           Modified comment(s),          */
74 /*                                            removed dependency on TLS,  */
75 /*                                            resulting in version 6.1.6  */
76 /*                                                                        */
77 /**************************************************************************/
_nx_secure_x509_wildcard_compare(const UCHAR * dns_name,UINT dns_name_len,const UCHAR * wildcard_name,UINT wildcard_len)78 INT _nx_secure_x509_wildcard_compare(const UCHAR *dns_name, UINT dns_name_len,
79                                      const UCHAR *wildcard_name, UINT wildcard_len)
80 {
81 INT dns_offset;
82 INT wildcard_offset;
83 
84     dns_offset = (INT)dns_name_len - 1;
85     wildcard_offset = (INT)wildcard_len - 1;
86 
87     /* Walk backwards through each name. */
88     while (dns_offset >= 0 && wildcard_offset >= 0)
89     {
90         /* Check each character. */
91         if (dns_name[dns_offset] != wildcard_name[wildcard_offset])
92         {
93             /* Characters do not match, check for wildcard. */
94             if (wildcard_name[wildcard_offset] == '*')
95             {
96                 if (wildcard_offset != 0 || wildcard_name[1] != '.')
97                 {
98                     /* Only match wildcard character when it is
99                        the only character of the left-most label. */
100                     return(1);
101                 }
102 
103                 while (dns_offset >= 0)
104                 {
105                     if (dns_name[dns_offset] == '.')
106                     {
107                         /* Wildcard does not match full stops.  */
108                         return(1);
109                     }
110                     dns_offset--;
111                 }
112                 /* Wildcard match, they are OK. */
113                 return(0);
114             }
115 
116             /* No match and no wildcard. */
117             return(1);
118         }
119 
120         /* Adjust offsets. */
121         dns_offset--;
122         wildcard_offset--;
123     }
124 
125     if (dns_offset != -1 || wildcard_offset != -1)
126     {
127         /* Length mismatch. */
128         return(1);
129     }
130     /* Both names are exactly the same. */
131     return(0);
132 }
133 
134