1 /*
2 * X.509 Certificate Signing Request (CSR) parsing
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7 /*
8 * The ITU-T X.509 standard defines a certificate format for PKI.
9 *
10 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
11 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
12 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
13 *
14 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
15 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
16 */
17
18 #include "common.h"
19
20 #if defined(MBEDTLS_X509_CSR_PARSE_C)
21
22 #include "mbedtls/x509_csr.h"
23 #include "mbedtls/error.h"
24 #include "mbedtls/oid.h"
25 #include "mbedtls/platform_util.h"
26
27 #include <string.h>
28
29 #if defined(MBEDTLS_PEM_PARSE_C)
30 #include "mbedtls/pem.h"
31 #endif
32
33 #include "mbedtls/platform.h"
34
35 #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
36 #include <stdio.h>
37 #endif
38
39 /*
40 * Version ::= INTEGER { v1(0) }
41 */
x509_csr_get_version(unsigned char ** p,const unsigned char * end,int * ver)42 static int x509_csr_get_version(unsigned char **p,
43 const unsigned char *end,
44 int *ver)
45 {
46 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
47
48 if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
49 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
50 *ver = 0;
51 return 0;
52 }
53
54 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
55 }
56
57 return 0;
58 }
59
60 /*
61 * Parse CSR extension requests in DER format
62 */
x509_csr_parse_extensions(mbedtls_x509_csr * csr,unsigned char ** p,const unsigned char * end)63 static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
64 unsigned char **p, const unsigned char *end)
65 {
66 int ret;
67 size_t len;
68 unsigned char *end_ext_data;
69 while (*p < end) {
70 mbedtls_x509_buf extn_oid = { 0, 0, NULL };
71 int ext_type = 0;
72
73 /* Read sequence tag */
74 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
75 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
76 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
77 }
78
79 end_ext_data = *p + len;
80
81 /* Get extension ID */
82 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
83 MBEDTLS_ASN1_OID)) != 0) {
84 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
85 }
86
87 extn_oid.tag = MBEDTLS_ASN1_OID;
88 extn_oid.p = *p;
89 *p += extn_oid.len;
90
91 /* Data should be octet string type */
92 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
93 MBEDTLS_ASN1_OCTET_STRING)) != 0) {
94 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
95 }
96
97 if (*p + len != end_ext_data) {
98 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
99 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
100 }
101
102 /*
103 * Detect supported extensions and skip unsupported extensions
104 */
105 ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
106
107 if (ret == 0) {
108 /* Forbid repeated extensions */
109 if ((csr->ext_types & ext_type) != 0) {
110 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
111 MBEDTLS_ERR_ASN1_INVALID_DATA);
112 }
113
114 csr->ext_types |= ext_type;
115
116 switch (ext_type) {
117 case MBEDTLS_X509_EXT_KEY_USAGE:
118 /* Parse key usage */
119 if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data,
120 &csr->key_usage)) != 0) {
121 return ret;
122 }
123 break;
124
125 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
126 /* Parse subject alt name */
127 if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data,
128 &csr->subject_alt_names)) != 0) {
129 return ret;
130 }
131 break;
132
133 case MBEDTLS_X509_EXT_NS_CERT_TYPE:
134 /* Parse netscape certificate type */
135 if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data,
136 &csr->ns_cert_type)) != 0) {
137 return ret;
138 }
139 break;
140 default:
141 break;
142 }
143 }
144 *p = end_ext_data;
145 }
146
147 if (*p != end) {
148 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
149 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
150 }
151
152 return 0;
153 }
154
155 /*
156 * Parse CSR attributes in DER format
157 */
x509_csr_parse_attributes(mbedtls_x509_csr * csr,const unsigned char * start,const unsigned char * end)158 static int x509_csr_parse_attributes(mbedtls_x509_csr *csr,
159 const unsigned char *start, const unsigned char *end)
160 {
161 int ret;
162 size_t len;
163 unsigned char *end_attr_data;
164 unsigned char **p = (unsigned char **) &start;
165
166 while (*p < end) {
167 mbedtls_x509_buf attr_oid = { 0, 0, NULL };
168
169 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
170 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
171 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
172 }
173 end_attr_data = *p + len;
174
175 /* Get attribute ID */
176 if ((ret = mbedtls_asn1_get_tag(p, end_attr_data, &attr_oid.len,
177 MBEDTLS_ASN1_OID)) != 0) {
178 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
179 }
180
181 attr_oid.tag = MBEDTLS_ASN1_OID;
182 attr_oid.p = *p;
183 *p += attr_oid.len;
184
185 /* Check that this is an extension-request attribute */
186 if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS9_CSR_EXT_REQ, &attr_oid) == 0) {
187 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
188 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) {
189 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
190 }
191
192 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
193 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
194 0) {
195 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
196 }
197
198 if ((ret = x509_csr_parse_extensions(csr, p, *p + len)) != 0) {
199 return ret;
200 }
201
202 if (*p != end_attr_data) {
203 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
204 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
205 }
206 }
207
208 *p = end_attr_data;
209 }
210
211 if (*p != end) {
212 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
213 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
214 }
215
216 return 0;
217 }
218
219 /*
220 * Parse a CSR in DER format
221 */
mbedtls_x509_csr_parse_der(mbedtls_x509_csr * csr,const unsigned char * buf,size_t buflen)222 int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
223 const unsigned char *buf, size_t buflen)
224 {
225 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
226 size_t len;
227 unsigned char *p, *end;
228 mbedtls_x509_buf sig_params;
229
230 memset(&sig_params, 0, sizeof(mbedtls_x509_buf));
231
232 /*
233 * Check for valid input
234 */
235 if (csr == NULL || buf == NULL || buflen == 0) {
236 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
237 }
238
239 mbedtls_x509_csr_init(csr);
240
241 /*
242 * first copy the raw DER data
243 */
244 p = mbedtls_calloc(1, len = buflen);
245
246 if (p == NULL) {
247 return MBEDTLS_ERR_X509_ALLOC_FAILED;
248 }
249
250 memcpy(p, buf, buflen);
251
252 csr->raw.p = p;
253 csr->raw.len = len;
254 end = p + len;
255
256 /*
257 * CertificationRequest ::= SEQUENCE {
258 * certificationRequestInfo CertificationRequestInfo,
259 * signatureAlgorithm AlgorithmIdentifier,
260 * signature BIT STRING
261 * }
262 */
263 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
264 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
265 mbedtls_x509_csr_free(csr);
266 return MBEDTLS_ERR_X509_INVALID_FORMAT;
267 }
268
269 if (len != (size_t) (end - p)) {
270 mbedtls_x509_csr_free(csr);
271 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
272 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
273 }
274
275 /*
276 * CertificationRequestInfo ::= SEQUENCE {
277 */
278 csr->cri.p = p;
279
280 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
281 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
282 mbedtls_x509_csr_free(csr);
283 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
284 }
285
286 end = p + len;
287 csr->cri.len = end - csr->cri.p;
288
289 /*
290 * Version ::= INTEGER { v1(0) }
291 */
292 if ((ret = x509_csr_get_version(&p, end, &csr->version)) != 0) {
293 mbedtls_x509_csr_free(csr);
294 return ret;
295 }
296
297 if (csr->version != 0) {
298 mbedtls_x509_csr_free(csr);
299 return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
300 }
301
302 csr->version++;
303
304 /*
305 * subject Name
306 */
307 csr->subject_raw.p = p;
308
309 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
310 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
311 mbedtls_x509_csr_free(csr);
312 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
313 }
314
315 if ((ret = mbedtls_x509_get_name(&p, p + len, &csr->subject)) != 0) {
316 mbedtls_x509_csr_free(csr);
317 return ret;
318 }
319
320 csr->subject_raw.len = p - csr->subject_raw.p;
321
322 /*
323 * subjectPKInfo SubjectPublicKeyInfo
324 */
325 if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &csr->pk)) != 0) {
326 mbedtls_x509_csr_free(csr);
327 return ret;
328 }
329
330 /*
331 * attributes [0] Attributes
332 *
333 * The list of possible attributes is open-ended, though RFC 2985
334 * (PKCS#9) defines a few in section 5.4. We currently don't support any,
335 * so we just ignore them. This is a safe thing to do as the worst thing
336 * that could happen is that we issue a certificate that does not match
337 * the requester's expectations - this cannot cause a violation of our
338 * signature policies.
339 */
340 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
341 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) !=
342 0) {
343 mbedtls_x509_csr_free(csr);
344 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
345 }
346
347 if ((ret = x509_csr_parse_attributes(csr, p, p + len)) != 0) {
348 mbedtls_x509_csr_free(csr);
349 return ret;
350 }
351
352 p += len;
353
354 end = csr->raw.p + csr->raw.len;
355
356 /*
357 * signatureAlgorithm AlgorithmIdentifier,
358 * signature BIT STRING
359 */
360 if ((ret = mbedtls_x509_get_alg(&p, end, &csr->sig_oid, &sig_params)) != 0) {
361 mbedtls_x509_csr_free(csr);
362 return ret;
363 }
364
365 if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params,
366 &csr->sig_md, &csr->sig_pk,
367 &csr->sig_opts)) != 0) {
368 mbedtls_x509_csr_free(csr);
369 return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
370 }
371
372 if ((ret = mbedtls_x509_get_sig(&p, end, &csr->sig)) != 0) {
373 mbedtls_x509_csr_free(csr);
374 return ret;
375 }
376
377 if (p != end) {
378 mbedtls_x509_csr_free(csr);
379 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
380 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
381 }
382
383 return 0;
384 }
385
386 /*
387 * Parse a CSR, allowing for PEM or raw DER encoding
388 */
mbedtls_x509_csr_parse(mbedtls_x509_csr * csr,const unsigned char * buf,size_t buflen)389 int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen)
390 {
391 #if defined(MBEDTLS_PEM_PARSE_C)
392 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
393 size_t use_len;
394 mbedtls_pem_context pem;
395 #endif
396
397 /*
398 * Check for valid input
399 */
400 if (csr == NULL || buf == NULL || buflen == 0) {
401 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
402 }
403
404 #if defined(MBEDTLS_PEM_PARSE_C)
405 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
406 if (buf[buflen - 1] == '\0') {
407 mbedtls_pem_init(&pem);
408 ret = mbedtls_pem_read_buffer(&pem,
409 "-----BEGIN CERTIFICATE REQUEST-----",
410 "-----END CERTIFICATE REQUEST-----",
411 buf, NULL, 0, &use_len);
412 if (ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
413 ret = mbedtls_pem_read_buffer(&pem,
414 "-----BEGIN NEW CERTIFICATE REQUEST-----",
415 "-----END NEW CERTIFICATE REQUEST-----",
416 buf, NULL, 0, &use_len);
417 }
418
419 if (ret == 0) {
420 /*
421 * Was PEM encoded, parse the result
422 */
423 ret = mbedtls_x509_csr_parse_der(csr, pem.buf, pem.buflen);
424 }
425
426 mbedtls_pem_free(&pem);
427 if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
428 return ret;
429 }
430 }
431 #endif /* MBEDTLS_PEM_PARSE_C */
432 return mbedtls_x509_csr_parse_der(csr, buf, buflen);
433 }
434
435 #if defined(MBEDTLS_FS_IO)
436 /*
437 * Load a CSR into the structure
438 */
mbedtls_x509_csr_parse_file(mbedtls_x509_csr * csr,const char * path)439 int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path)
440 {
441 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
442 size_t n;
443 unsigned char *buf;
444
445 if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
446 return ret;
447 }
448
449 ret = mbedtls_x509_csr_parse(csr, buf, n);
450
451 mbedtls_zeroize_and_free(buf, n);
452
453 return ret;
454 }
455 #endif /* MBEDTLS_FS_IO */
456
457 #if !defined(MBEDTLS_X509_REMOVE_INFO)
458 #define BEFORE_COLON 14
459 #define BC "14"
460 /*
461 * Return an informational string about the CSR.
462 */
mbedtls_x509_csr_info(char * buf,size_t size,const char * prefix,const mbedtls_x509_csr * csr)463 int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix,
464 const mbedtls_x509_csr *csr)
465 {
466 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
467 size_t n;
468 char *p;
469 char key_size_str[BEFORE_COLON];
470
471 p = buf;
472 n = size;
473
474 ret = mbedtls_snprintf(p, n, "%sCSR version : %d",
475 prefix, csr->version);
476 MBEDTLS_X509_SAFE_SNPRINTF;
477
478 ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix);
479 MBEDTLS_X509_SAFE_SNPRINTF;
480 ret = mbedtls_x509_dn_gets(p, n, &csr->subject);
481 MBEDTLS_X509_SAFE_SNPRINTF;
482
483 ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
484 MBEDTLS_X509_SAFE_SNPRINTF;
485
486 ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
487 csr->sig_opts);
488 MBEDTLS_X509_SAFE_SNPRINTF;
489
490 if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
491 mbedtls_pk_get_name(&csr->pk))) != 0) {
492 return ret;
493 }
494
495 ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
496 (int) mbedtls_pk_get_bitlen(&csr->pk));
497 MBEDTLS_X509_SAFE_SNPRINTF;
498
499 /*
500 * Optional extensions
501 */
502
503 if (csr->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
504 ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix);
505 MBEDTLS_X509_SAFE_SNPRINTF;
506
507 if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n,
508 &csr->subject_alt_names,
509 prefix)) != 0) {
510 return ret;
511 }
512 }
513
514 if (csr->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) {
515 ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix);
516 MBEDTLS_X509_SAFE_SNPRINTF;
517
518 if ((ret = mbedtls_x509_info_cert_type(&p, &n, csr->ns_cert_type)) != 0) {
519 return ret;
520 }
521 }
522
523 if (csr->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) {
524 ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix);
525 MBEDTLS_X509_SAFE_SNPRINTF;
526
527 if ((ret = mbedtls_x509_info_key_usage(&p, &n, csr->key_usage)) != 0) {
528 return ret;
529 }
530 }
531
532 if (csr->ext_types != 0) {
533 ret = mbedtls_snprintf(p, n, "\n");
534 MBEDTLS_X509_SAFE_SNPRINTF;
535 }
536
537 return (int) (size - n);
538 }
539 #endif /* MBEDTLS_X509_REMOVE_INFO */
540
541 /*
542 * Initialize a CSR
543 */
mbedtls_x509_csr_init(mbedtls_x509_csr * csr)544 void mbedtls_x509_csr_init(mbedtls_x509_csr *csr)
545 {
546 memset(csr, 0, sizeof(mbedtls_x509_csr));
547 }
548
549 /*
550 * Unallocate all CSR data
551 */
mbedtls_x509_csr_free(mbedtls_x509_csr * csr)552 void mbedtls_x509_csr_free(mbedtls_x509_csr *csr)
553 {
554 if (csr == NULL) {
555 return;
556 }
557
558 mbedtls_pk_free(&csr->pk);
559
560 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
561 mbedtls_free(csr->sig_opts);
562 #endif
563
564 mbedtls_asn1_free_named_data_list_shallow(csr->subject.next);
565 mbedtls_asn1_sequence_free(csr->subject_alt_names.next);
566
567 if (csr->raw.p != NULL) {
568 mbedtls_zeroize_and_free(csr->raw.p, csr->raw.len);
569 }
570
571 mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr));
572 }
573
574 #endif /* MBEDTLS_X509_CSR_PARSE_C */
575
