1 /*
2  *  X.509 common functions for parsing and verification
3  *
4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  *
19  *  This file is part of mbed TLS (https://tls.mbed.org)
20  */
21 /*
22  *  The ITU-T X.509 standard defines a certificate format for PKI.
23  *
24  *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
25  *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
26  *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
27  *
28  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
29  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
30  */
31 
32 #if !defined(MBEDTLS_CONFIG_FILE)
33 #include "mbedtls/config.h"
34 #else
35 #include MBEDTLS_CONFIG_FILE
36 #endif
37 
38 #if defined(MBEDTLS_X509_USE_C)
39 
40 #include "mbedtls/x509.h"
41 #include "mbedtls/asn1.h"
42 #include "mbedtls/oid.h"
43 
44 #include <stdio.h>
45 #include <string.h>
46 
47 #if defined(MBEDTLS_PEM_PARSE_C)
48 #include "mbedtls/pem.h"
49 #endif
50 
51 #if defined(MBEDTLS_PLATFORM_C)
52 #include "mbedtls/platform.h"
53 #else
54 #include <stdio.h>
55 #include <stdlib.h>
56 #define mbedtls_free      free
57 #define mbedtls_calloc    calloc
58 #define mbedtls_printf    printf
59 #define mbedtls_snprintf  snprintf
60 #endif
61 
62 
63 #if defined(MBEDTLS_HAVE_TIME)
64 #include "mbedtls/platform_time.h"
65 #endif
66 
67 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
68 #include <windows.h>
69 #else
70 #include <time.h>
71 #endif
72 
73 #if defined(MBEDTLS_FS_IO)
74 #include <stdio.h>
75 #if !defined(_WIN32)
76 #include <sys/types.h>
77 #include <sys/stat.h>
78 #include <dirent.h>
79 #endif
80 #endif
81 
82 #define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
83 #define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
84 
85 /*
86  *  CertificateSerialNumber  ::=  INTEGER
87  */
mbedtls_x509_get_serial(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * serial)88 int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
89                      mbedtls_x509_buf *serial )
90 {
91     int ret;
92 
93     if( ( end - *p ) < 1 )
94         return( MBEDTLS_ERR_X509_INVALID_SERIAL +
95                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
96 
97     if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
98         **p !=   MBEDTLS_ASN1_INTEGER )
99         return( MBEDTLS_ERR_X509_INVALID_SERIAL +
100                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
101 
102     serial->tag = *(*p)++;
103 
104     if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
105         return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret );
106 
107     serial->p = *p;
108     *p += serial->len;
109 
110     return( 0 );
111 }
112 
113 /* Get an algorithm identifier without parameters (eg for signatures)
114  *
115  *  AlgorithmIdentifier  ::=  SEQUENCE  {
116  *       algorithm               OBJECT IDENTIFIER,
117  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
118  */
mbedtls_x509_get_alg_null(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * alg)119 int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
120                        mbedtls_x509_buf *alg )
121 {
122     int ret;
123 
124     if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
125         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
126 
127     return( 0 );
128 }
129 
130 /*
131  * Parse an algorithm identifier with (optional) paramaters
132  */
mbedtls_x509_get_alg(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * alg,mbedtls_x509_buf * params)133 int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
134                   mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
135 {
136     int ret;
137 
138     if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
139         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
140 
141     return( 0 );
142 }
143 
144 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
145 /*
146  * HashAlgorithm ::= AlgorithmIdentifier
147  *
148  * AlgorithmIdentifier  ::=  SEQUENCE  {
149  *      algorithm               OBJECT IDENTIFIER,
150  *      parameters              ANY DEFINED BY algorithm OPTIONAL  }
151  *
152  * For HashAlgorithm, parameters MUST be NULL or absent.
153  */
x509_get_hash_alg(const mbedtls_x509_buf * alg,mbedtls_md_type_t * md_alg)154 static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
155 {
156     int ret;
157     unsigned char *p;
158     const unsigned char *end;
159     mbedtls_x509_buf md_oid;
160     size_t len;
161 
162     /* Make sure we got a SEQUENCE and setup bounds */
163     if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
164         return( MBEDTLS_ERR_X509_INVALID_ALG +
165                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
166 
167     p = (unsigned char *) alg->p;
168     end = p + alg->len;
169 
170     if( p >= end )
171         return( MBEDTLS_ERR_X509_INVALID_ALG +
172                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
173 
174     /* Parse md_oid */
175     md_oid.tag = *p;
176 
177     if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
178         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
179 
180     md_oid.p = p;
181     p += md_oid.len;
182 
183     /* Get md_alg from md_oid */
184     if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
185         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
186 
187     /* Make sure params is absent of NULL */
188     if( p == end )
189         return( 0 );
190 
191     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
192         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
193 
194     if( p != end )
195         return( MBEDTLS_ERR_X509_INVALID_ALG +
196                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
197 
198     return( 0 );
199 }
200 
201 /*
202  *    RSASSA-PSS-params  ::=  SEQUENCE  {
203  *       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
204  *       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
205  *       saltLength        [2] INTEGER DEFAULT 20,
206  *       trailerField      [3] INTEGER DEFAULT 1  }
207  *    -- Note that the tags in this Sequence are explicit.
208  *
209  * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
210  * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
211  * option. Enfore this at parsing time.
212  */
mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf * params,mbedtls_md_type_t * md_alg,mbedtls_md_type_t * mgf_md,int * salt_len)213 int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
214                                 mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
215                                 int *salt_len )
216 {
217     int ret;
218     unsigned char *p;
219     const unsigned char *end, *end2;
220     size_t len;
221     mbedtls_x509_buf alg_id, alg_params;
222 
223     /* First set everything to defaults */
224     *md_alg = MBEDTLS_MD_SHA1;
225     *mgf_md = MBEDTLS_MD_SHA1;
226     *salt_len = 20;
227 
228     /* Make sure params is a SEQUENCE and setup bounds */
229     if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
230         return( MBEDTLS_ERR_X509_INVALID_ALG +
231                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
232 
233     p = (unsigned char *) params->p;
234     end = p + params->len;
235 
236     if( p == end )
237         return( 0 );
238 
239     /*
240      * HashAlgorithm
241      */
242     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
243                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
244     {
245         end2 = p + len;
246 
247         /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
248         if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
249             return( ret );
250 
251         if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
252             return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
253 
254         if( p != end2 )
255             return( MBEDTLS_ERR_X509_INVALID_ALG +
256                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
257     }
258     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
259         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
260 
261     if( p == end )
262         return( 0 );
263 
264     /*
265      * MaskGenAlgorithm
266      */
267     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
268                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
269     {
270         end2 = p + len;
271 
272         /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
273         if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
274             return( ret );
275 
276         /* Only MFG1 is recognised for now */
277         if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
278             return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +
279                     MBEDTLS_ERR_OID_NOT_FOUND );
280 
281         /* Parse HashAlgorithm */
282         if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
283             return( ret );
284 
285         if( p != end2 )
286             return( MBEDTLS_ERR_X509_INVALID_ALG +
287                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
288     }
289     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
290         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
291 
292     if( p == end )
293         return( 0 );
294 
295     /*
296      * salt_len
297      */
298     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
299                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
300     {
301         end2 = p + len;
302 
303         if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
304             return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
305 
306         if( p != end2 )
307             return( MBEDTLS_ERR_X509_INVALID_ALG +
308                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
309     }
310     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
311         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
312 
313     if( p == end )
314         return( 0 );
315 
316     /*
317      * trailer_field (if present, must be 1)
318      */
319     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
320                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
321     {
322         int trailer_field;
323 
324         end2 = p + len;
325 
326         if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
327             return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
328 
329         if( p != end2 )
330             return( MBEDTLS_ERR_X509_INVALID_ALG +
331                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
332 
333         if( trailer_field != 1 )
334             return( MBEDTLS_ERR_X509_INVALID_ALG );
335     }
336     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
337         return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
338 
339     if( p != end )
340         return( MBEDTLS_ERR_X509_INVALID_ALG +
341                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
342 
343     return( 0 );
344 }
345 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
346 
347 /*
348  *  AttributeTypeAndValue ::= SEQUENCE {
349  *    type     AttributeType,
350  *    value    AttributeValue }
351  *
352  *  AttributeType ::= OBJECT IDENTIFIER
353  *
354  *  AttributeValue ::= ANY DEFINED BY AttributeType
355  */
x509_get_attr_type_value(unsigned char ** p,const unsigned char * end,mbedtls_x509_name * cur)356 static int x509_get_attr_type_value( unsigned char **p,
357                                      const unsigned char *end,
358                                      mbedtls_x509_name *cur )
359 {
360     int ret;
361     size_t len;
362     mbedtls_x509_buf *oid;
363     mbedtls_x509_buf *val;
364 
365     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
366             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
367         return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
368 
369     if( ( end - *p ) < 1 )
370         return( MBEDTLS_ERR_X509_INVALID_NAME +
371                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
372 
373     oid = &cur->oid;
374     oid->tag = **p;
375 
376     if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
377         return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
378 
379     oid->p = *p;
380     *p += oid->len;
381 
382     if( ( end - *p ) < 1 )
383         return( MBEDTLS_ERR_X509_INVALID_NAME +
384                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
385 
386     if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING      &&
387         **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
388         **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
389         **p != MBEDTLS_ASN1_BIT_STRING )
390         return( MBEDTLS_ERR_X509_INVALID_NAME +
391                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
392 
393     val = &cur->val;
394     val->tag = *(*p)++;
395 
396     if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
397         return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
398 
399     val->p = *p;
400     *p += val->len;
401 
402     cur->next = NULL;
403 
404     return( 0 );
405 }
406 
407 /*
408  *  Name ::= CHOICE { -- only one possibility for now --
409  *       rdnSequence  RDNSequence }
410  *
411  *  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
412  *
413  *  RelativeDistinguishedName ::=
414  *    SET OF AttributeTypeAndValue
415  *
416  *  AttributeTypeAndValue ::= SEQUENCE {
417  *    type     AttributeType,
418  *    value    AttributeValue }
419  *
420  *  AttributeType ::= OBJECT IDENTIFIER
421  *
422  *  AttributeValue ::= ANY DEFINED BY AttributeType
423  *
424  * The data structure is optimized for the common case where each RDN has only
425  * one element, which is represented as a list of AttributeTypeAndValue.
426  * For the general case we still use a flat list, but we mark elements of the
427  * same set so that they are "merged" together in the functions that consume
428  * this list, eg mbedtls_x509_dn_gets().
429  */
mbedtls_x509_get_name(unsigned char ** p,const unsigned char * end,mbedtls_x509_name * cur)430 int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
431                    mbedtls_x509_name *cur )
432 {
433     int ret;
434     size_t set_len;
435     const unsigned char *end_set;
436 
437     /* don't use recursion, we'd risk stack overflow if not optimized */
438     while( 1 )
439     {
440         /*
441          * parse SET
442          */
443         if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
444                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
445             return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
446 
447         end_set  = *p + set_len;
448 
449         while( 1 )
450         {
451             if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
452                 return( ret );
453 
454             if( *p == end_set )
455                 break;
456 
457             /* Mark this item as being no the only one in a set */
458             cur->next_merged = 1;
459 
460             cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
461 
462             if( cur->next == NULL )
463                 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
464 
465             cur = cur->next;
466         }
467 
468         /*
469          * continue until end of SEQUENCE is reached
470          */
471         if( *p == end )
472             return( 0 );
473 
474         cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
475 
476         if( cur->next == NULL )
477             return( MBEDTLS_ERR_X509_ALLOC_FAILED );
478 
479         cur = cur->next;
480     }
481 }
482 
x509_parse_int(unsigned char ** p,unsigned n,int * res)483 static int x509_parse_int(unsigned char **p, unsigned n, int *res){
484     *res = 0;
485     for( ; n > 0; --n ){
486         if( ( **p < '0') || ( **p > '9' ) ) return MBEDTLS_ERR_X509_INVALID_DATE;
487         *res *= 10;
488         *res += (*(*p)++ - '0');
489     }
490     return 0;
491 }
492 
x509_date_is_valid(const mbedtls_x509_time * time)493 static int x509_date_is_valid(const mbedtls_x509_time *time)
494 {
495     int ret = MBEDTLS_ERR_X509_INVALID_DATE;
496 
497     CHECK_RANGE( 0, 9999, time->year );
498     CHECK_RANGE( 0, 23,   time->hour );
499     CHECK_RANGE( 0, 59,   time->min  );
500     CHECK_RANGE( 0, 59,   time->sec  );
501 
502     switch( time->mon )
503     {
504         case 1: case 3: case 5: case 7: case 8: case 10: case 12:
505             CHECK_RANGE( 1, 31, time->day );
506             break;
507         case 4: case 6: case 9: case 11:
508             CHECK_RANGE( 1, 30, time->day );
509             break;
510         case 2:
511             CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day );
512             break;
513         default:
514             return( ret );
515     }
516 
517     return( 0 );
518 }
519 
520 /*
521  *  Time ::= CHOICE {
522  *       utcTime        UTCTime,
523  *       generalTime    GeneralizedTime }
524  */
mbedtls_x509_get_time(unsigned char ** p,const unsigned char * end,mbedtls_x509_time * time)525 int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
526                    mbedtls_x509_time *time )
527 {
528     int ret;
529     size_t len;
530     unsigned char tag;
531 
532     if( ( end - *p ) < 1 )
533         return( MBEDTLS_ERR_X509_INVALID_DATE +
534                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
535 
536     tag = **p;
537 
538     if( tag == MBEDTLS_ASN1_UTC_TIME )
539     {
540         (*p)++;
541         ret = mbedtls_asn1_get_len( p, end, &len );
542 
543         if( ret != 0 )
544             return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
545 
546         CHECK( x509_parse_int( p, 2, &time->year ) );
547         CHECK( x509_parse_int( p, 2, &time->mon ) );
548         CHECK( x509_parse_int( p, 2, &time->day ) );
549         CHECK( x509_parse_int( p, 2, &time->hour ) );
550         CHECK( x509_parse_int( p, 2, &time->min ) );
551         if( len > 10 )
552             CHECK( x509_parse_int( p, 2, &time->sec ) );
553         if( len > 12 && *(*p)++ != 'Z' )
554             return( MBEDTLS_ERR_X509_INVALID_DATE );
555 
556         time->year +=  100 * ( time->year < 50 );
557         time->year += 1900;
558 
559         CHECK( x509_date_is_valid( time ) );
560 
561         return( 0 );
562     }
563     else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
564     {
565         (*p)++;
566         ret = mbedtls_asn1_get_len( p, end, &len );
567 
568         if( ret != 0 )
569             return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
570 
571         CHECK( x509_parse_int( p, 4, &time->year ) );
572         CHECK( x509_parse_int( p, 2, &time->mon ) );
573         CHECK( x509_parse_int( p, 2, &time->day ) );
574         CHECK( x509_parse_int( p, 2, &time->hour ) );
575         CHECK( x509_parse_int( p, 2, &time->min ) );
576         if( len > 12 )
577             CHECK( x509_parse_int( p, 2, &time->sec ) );
578         if( len > 14 && *(*p)++ != 'Z' )
579             return( MBEDTLS_ERR_X509_INVALID_DATE );
580 
581         CHECK( x509_date_is_valid( time ) );
582 
583         return( 0 );
584     }
585     else
586         return( MBEDTLS_ERR_X509_INVALID_DATE +
587                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
588 }
589 
mbedtls_x509_get_sig(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * sig)590 int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
591 {
592     int ret;
593     size_t len;
594     int tag_type;
595 
596     if( ( end - *p ) < 1 )
597         return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
598                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
599 
600     tag_type = **p;
601 
602     if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
603         return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
604 
605     sig->tag = tag_type;
606     sig->len = len;
607     sig->p = *p;
608 
609     *p += len;
610 
611     return( 0 );
612 }
613 
614 /*
615  * Get signature algorithm from alg OID and optional parameters
616  */
mbedtls_x509_get_sig_alg(const mbedtls_x509_buf * sig_oid,const mbedtls_x509_buf * sig_params,mbedtls_md_type_t * md_alg,mbedtls_pk_type_t * pk_alg,void ** sig_opts)617 int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
618                       mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
619                       void **sig_opts )
620 {
621     int ret;
622 
623     if( *sig_opts != NULL )
624         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
625 
626     if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
627         return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );
628 
629 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
630     if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
631     {
632         mbedtls_pk_rsassa_pss_options *pss_opts;
633 
634         pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
635         if( pss_opts == NULL )
636             return( MBEDTLS_ERR_X509_ALLOC_FAILED );
637 
638         ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
639                                           md_alg,
640                                           &pss_opts->mgf1_hash_id,
641                                           &pss_opts->expected_salt_len );
642         if( ret != 0 )
643         {
644             mbedtls_free( pss_opts );
645             return( ret );
646         }
647 
648         *sig_opts = (void *) pss_opts;
649     }
650     else
651 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
652     {
653         /* Make sure parameters are absent or NULL */
654         if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
655               sig_params->len != 0 )
656         return( MBEDTLS_ERR_X509_INVALID_ALG );
657     }
658 
659     return( 0 );
660 }
661 
662 /*
663  * X.509 Extensions (No parsing of extensions, pointer should
664  * be either manually updated or extensions should be parsed!
665  */
mbedtls_x509_get_ext(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * ext,int tag)666 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
667                   mbedtls_x509_buf *ext, int tag )
668 {
669     int ret;
670     size_t len;
671 
672     if( *p == end )
673         return( 0 );
674 
675     ext->tag = **p;
676 
677     if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
678             MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ) ) != 0 )
679         return( ret );
680 
681     ext->p = *p;
682     end = *p + ext->len;
683 
684     /*
685      * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
686      *
687      * Extension  ::=  SEQUENCE  {
688      *      extnID      OBJECT IDENTIFIER,
689      *      critical    BOOLEAN DEFAULT FALSE,
690      *      extnValue   OCTET STRING  }
691      */
692     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
693             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
694         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
695 
696     if( end != *p + len )
697         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
698                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
699 
700     return( 0 );
701 }
702 
703 /*
704  * Store the name in printable form into buf; no more
705  * than size characters will be written
706  */
mbedtls_x509_dn_gets(char * buf,size_t size,const mbedtls_x509_name * dn)707 int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
708 {
709     int ret;
710     size_t i, n;
711     unsigned char c, merge = 0;
712     const mbedtls_x509_name *name;
713     const char *short_name = NULL;
714     char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
715 
716     memset( s, 0, sizeof( s ) );
717 
718     name = dn;
719     p = buf;
720     n = size;
721 
722     while( name != NULL )
723     {
724         if( !name->oid.p )
725         {
726             name = name->next;
727             continue;
728         }
729 
730         if( name != dn )
731         {
732             ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
733             MBEDTLS_X509_SAFE_SNPRINTF;
734         }
735 
736         ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
737 
738         if( ret == 0 )
739             ret = mbedtls_snprintf( p, n, "%s=", short_name );
740         else
741             ret = mbedtls_snprintf( p, n, "\?\?=" );
742         MBEDTLS_X509_SAFE_SNPRINTF;
743 
744         for( i = 0; i < name->val.len; i++ )
745         {
746             if( i >= sizeof( s ) - 1 )
747                 break;
748 
749             c = name->val.p[i];
750             if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
751                  s[i] = '?';
752             else s[i] = c;
753         }
754         s[i] = '\0';
755         ret = mbedtls_snprintf( p, n, "%s", s );
756         MBEDTLS_X509_SAFE_SNPRINTF;
757 
758         merge = name->next_merged;
759         name = name->next;
760     }
761 
762     return( (int) ( size - n ) );
763 }
764 
765 /*
766  * Store the serial in printable form into buf; no more
767  * than size characters will be written
768  */
mbedtls_x509_serial_gets(char * buf,size_t size,const mbedtls_x509_buf * serial)769 int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
770 {
771     int ret;
772     size_t i, n, nr;
773     char *p;
774 
775     p = buf;
776     n = size;
777 
778     nr = ( serial->len <= 32 )
779         ? serial->len  : 28;
780 
781     for( i = 0; i < nr; i++ )
782     {
783         if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
784             continue;
785 
786         ret = mbedtls_snprintf( p, n, "%02X%s",
787                 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
788         MBEDTLS_X509_SAFE_SNPRINTF;
789     }
790 
791     if( nr != serial->len )
792     {
793         ret = mbedtls_snprintf( p, n, "...." );
794         MBEDTLS_X509_SAFE_SNPRINTF;
795     }
796 
797     return( (int) ( size - n ) );
798 }
799 
800 /*
801  * Helper for writing signature algorithms
802  */
mbedtls_x509_sig_alg_gets(char * buf,size_t size,const mbedtls_x509_buf * sig_oid,mbedtls_pk_type_t pk_alg,mbedtls_md_type_t md_alg,const void * sig_opts)803 int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
804                        mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
805                        const void *sig_opts )
806 {
807     int ret;
808     char *p = buf;
809     size_t n = size;
810     const char *desc = NULL;
811 
812     ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
813     if( ret != 0 )
814         ret = mbedtls_snprintf( p, n, "???"  );
815     else
816         ret = mbedtls_snprintf( p, n, "%s", desc );
817     MBEDTLS_X509_SAFE_SNPRINTF;
818 
819 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
820     if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
821     {
822         const mbedtls_pk_rsassa_pss_options *pss_opts;
823         const mbedtls_md_info_t *md_info, *mgf_md_info;
824 
825         pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
826 
827         md_info = mbedtls_md_info_from_type( md_alg );
828         mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
829 
830         ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
831                               md_info ? mbedtls_md_get_name( md_info ) : "???",
832                               mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
833                               pss_opts->expected_salt_len );
834         MBEDTLS_X509_SAFE_SNPRINTF;
835     }
836 #else
837     ((void) pk_alg);
838     ((void) md_alg);
839     ((void) sig_opts);
840 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
841 
842     return( (int)( size - n ) );
843 }
844 
845 /*
846  * Helper for writing "RSA key size", "EC key size", etc
847  */
mbedtls_x509_key_size_helper(char * buf,size_t buf_size,const char * name)848 int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
849 {
850     char *p = buf;
851     size_t n = buf_size;
852     int ret;
853 
854     ret = mbedtls_snprintf( p, n, "%s key size", name );
855     MBEDTLS_X509_SAFE_SNPRINTF;
856 
857     return( 0 );
858 }
859 
860 #if defined(MBEDTLS_HAVE_TIME_DATE)
861 /*
862  * Set the time structure to the current time.
863  * Return 0 on success, non-zero on failure.
864  */
865 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
x509_get_current_time(mbedtls_x509_time * now)866 static int x509_get_current_time( mbedtls_x509_time *now )
867 {
868     SYSTEMTIME st;
869 
870     GetSystemTime( &st );
871 
872     now->year = st.wYear;
873     now->mon  = st.wMonth;
874     now->day  = st.wDay;
875     now->hour = st.wHour;
876     now->min  = st.wMinute;
877     now->sec  = st.wSecond;
878 
879     return( 0 );
880 }
881 #else
x509_get_current_time(mbedtls_x509_time * now)882 static int x509_get_current_time( mbedtls_x509_time *now )
883 {
884     struct tm *lt;
885     mbedtls_time_t tt;
886     int ret = 0;
887 
888 #if defined(MBEDTLS_THREADING_C)
889     if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
890         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
891 #endif
892 
893     tt = mbedtls_time( NULL );
894     lt = gmtime( &tt );
895 
896     if( lt == NULL )
897         ret = -1;
898     else
899     {
900         now->year = lt->tm_year + 1900;
901         now->mon  = lt->tm_mon  + 1;
902         now->day  = lt->tm_mday;
903         now->hour = lt->tm_hour;
904         now->min  = lt->tm_min;
905         now->sec  = lt->tm_sec;
906     }
907 
908 #if defined(MBEDTLS_THREADING_C)
909     if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
910         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
911 #endif
912 
913     return( ret );
914 }
915 #endif /* _WIN32 && !EFIX64 && !EFI32 */
916 
917 /*
918  * Return 0 if before <= after, 1 otherwise
919  */
x509_check_time(const mbedtls_x509_time * before,const mbedtls_x509_time * after)920 static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
921 {
922     if( before->year  > after->year )
923         return( 1 );
924 
925     if( before->year == after->year &&
926         before->mon   > after->mon )
927         return( 1 );
928 
929     if( before->year == after->year &&
930         before->mon  == after->mon  &&
931         before->day   > after->day )
932         return( 1 );
933 
934     if( before->year == after->year &&
935         before->mon  == after->mon  &&
936         before->day  == after->day  &&
937         before->hour  > after->hour )
938         return( 1 );
939 
940     if( before->year == after->year &&
941         before->mon  == after->mon  &&
942         before->day  == after->day  &&
943         before->hour == after->hour &&
944         before->min   > after->min  )
945         return( 1 );
946 
947     if( before->year == after->year &&
948         before->mon  == after->mon  &&
949         before->day  == after->day  &&
950         before->hour == after->hour &&
951         before->min  == after->min  &&
952         before->sec   > after->sec  )
953         return( 1 );
954 
955     return( 0 );
956 }
957 
mbedtls_x509_time_is_past(const mbedtls_x509_time * to)958 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
959 {
960     mbedtls_x509_time now;
961 
962     if( x509_get_current_time( &now ) != 0 )
963         return( 1 );
964 
965     return( x509_check_time( &now, to ) );
966 }
967 
mbedtls_x509_time_is_future(const mbedtls_x509_time * from)968 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
969 {
970     mbedtls_x509_time now;
971 
972     if( x509_get_current_time( &now ) != 0 )
973         return( 1 );
974 
975     return( x509_check_time( from, &now ) );
976 }
977 
978 #else  /* MBEDTLS_HAVE_TIME_DATE */
979 
mbedtls_x509_time_is_past(const mbedtls_x509_time * to)980 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
981 {
982     ((void) to);
983     return( 0 );
984 }
985 
mbedtls_x509_time_is_future(const mbedtls_x509_time * from)986 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
987 {
988     ((void) from);
989     return( 0 );
990 }
991 #endif /* MBEDTLS_HAVE_TIME_DATE */
992 
993 #if defined(MBEDTLS_SELF_TEST)
994 
995 #include "mbedtls/x509_crt.h"
996 #include "mbedtls/certs.h"
997 
998 /*
999  * Checkup routine
1000  */
mbedtls_x509_self_test(int verbose)1001 int mbedtls_x509_self_test( int verbose )
1002 {
1003 #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA1_C)
1004     int ret;
1005     uint32_t flags;
1006     mbedtls_x509_crt cacert;
1007     mbedtls_x509_crt clicert;
1008 
1009     if( verbose != 0 )
1010         mbedtls_printf( "  X.509 certificate load: " );
1011 
1012     mbedtls_x509_crt_init( &clicert );
1013 
1014     ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
1015                            mbedtls_test_cli_crt_len );
1016     if( ret != 0 )
1017     {
1018         if( verbose != 0 )
1019             mbedtls_printf( "failed\n" );
1020 
1021         return( ret );
1022     }
1023 
1024     mbedtls_x509_crt_init( &cacert );
1025 
1026     ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
1027                           mbedtls_test_ca_crt_len );
1028     if( ret != 0 )
1029     {
1030         if( verbose != 0 )
1031             mbedtls_printf( "failed\n" );
1032 
1033         return( ret );
1034     }
1035 
1036     if( verbose != 0 )
1037         mbedtls_printf( "passed\n  X.509 signature verify: ");
1038 
1039     ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
1040     if( ret != 0 )
1041     {
1042         if( verbose != 0 )
1043             mbedtls_printf( "failed\n" );
1044 
1045         return( ret );
1046     }
1047 
1048     if( verbose != 0 )
1049         mbedtls_printf( "passed\n\n");
1050 
1051     mbedtls_x509_crt_free( &cacert  );
1052     mbedtls_x509_crt_free( &clicert );
1053 
1054     return( 0 );
1055 #else
1056     ((void) verbose);
1057     return( 0 );
1058 #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
1059 }
1060 
1061 #endif /* MBEDTLS_SELF_TEST */
1062 
1063 #endif /* MBEDTLS_X509_USE_C */
1064