PolarSSL v1.2.11
x509parse.c
Go to the documentation of this file.
1 /*
2  * X.509 certificate and private key decoding
3  *
4  * Copyright (C) 2006-2011, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The ITU-T X.509 standard defines a certificate format for PKI.
27  *
28  * http://www.ietf.org/rfc/rfc3279.txt
29  * http://www.ietf.org/rfc/rfc3280.txt
30  *
31  * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32  *
33  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35  */
36 
37 #include "polarssl/config.h"
38 
39 #if defined(POLARSSL_X509_PARSE_C)
40 
41 #include "polarssl/x509.h"
42 #include "polarssl/asn1.h"
43 #include "polarssl/pem.h"
44 #include "polarssl/des.h"
45 #if defined(POLARSSL_MD2_C)
46 #include "polarssl/md2.h"
47 #endif
48 #if defined(POLARSSL_MD4_C)
49 #include "polarssl/md4.h"
50 #endif
51 #if defined(POLARSSL_MD5_C)
52 #include "polarssl/md5.h"
53 #endif
54 #if defined(POLARSSL_SHA1_C)
55 #include "polarssl/sha1.h"
56 #endif
57 #if defined(POLARSSL_SHA2_C)
58 #include "polarssl/sha2.h"
59 #endif
60 #if defined(POLARSSL_SHA4_C)
61 #include "polarssl/sha4.h"
62 #endif
63 #include "polarssl/dhm.h"
64 #if defined(POLARSSL_PKCS5_C)
65 #include "polarssl/pkcs5.h"
66 #endif
67 #if defined(POLARSSL_PKCS12_C)
68 #include "polarssl/pkcs12.h"
69 #endif
70 
71 #include <string.h>
72 #include <stdlib.h>
73 #if defined(_WIN32)
74 #include <windows.h>
75 #else
76 #include <time.h>
77 #endif
78 
79 #if defined(POLARSSL_FS_IO)
80 #include <stdio.h>
81 #if !defined(_WIN32)
82 #include <sys/types.h>
83 #include <sys/stat.h>
84 #include <dirent.h>
85 #endif
86 #endif
87 
88 /* Compare a given OID string with an OID x509_buf * */
89 #define OID_CMP(oid_str, oid_buf) \
90  ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
91  memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
92 
93 /*
94  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
95  */
96 static int x509_get_version( unsigned char **p,
97  const unsigned char *end,
98  int *ver )
99 {
100  int ret;
101  size_t len;
102 
103  if( ( ret = asn1_get_tag( p, end, &len,
104  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
105  {
107  {
108  *ver = 0;
109  return( 0 );
110  }
111 
112  return( ret );
113  }
114 
115  end = *p + len;
116 
117  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
119 
120  if( *p != end )
123 
124  return( 0 );
125 }
126 
127 /*
128  * Version ::= INTEGER { v1(0), v2(1) }
129  */
130 static int x509_crl_get_version( unsigned char **p,
131  const unsigned char *end,
132  int *ver )
133 {
134  int ret;
135 
136  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
137  {
139  {
140  *ver = 0;
141  return( 0 );
142  }
143 
145  }
146 
147  return( 0 );
148 }
149 
150 /*
151  * CertificateSerialNumber ::= INTEGER
152  */
153 static int x509_get_serial( unsigned char **p,
154  const unsigned char *end,
155  x509_buf *serial )
156 {
157  int ret;
158 
159  if( ( end - *p ) < 1 )
162 
163  if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
164  **p != ASN1_INTEGER )
167 
168  serial->tag = *(*p)++;
169 
170  if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
172 
173  serial->p = *p;
174  *p += serial->len;
175 
176  return( 0 );
177 }
178 
179 /*
180  * AlgorithmIdentifier ::= SEQUENCE {
181  * algorithm OBJECT IDENTIFIER,
182  * parameters ANY DEFINED BY algorithm OPTIONAL }
183  */
184 static int x509_get_alg( unsigned char **p,
185  const unsigned char *end,
186  x509_buf *alg )
187 {
188  int ret;
189  size_t len;
190 
191  if( ( ret = asn1_get_tag( p, end, &len,
192  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
193  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
194 
195  end = *p + len;
196  alg->tag = **p;
197 
198  if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
199  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
200 
201  alg->p = *p;
202  *p += alg->len;
203 
204  if( *p == end )
205  return( 0 );
206 
207  /*
208  * assume the algorithm parameters must be NULL
209  */
210  if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
211  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
212 
213  if( *p != end )
216 
217  return( 0 );
218 }
219 
220 /*
221  * AttributeTypeAndValue ::= SEQUENCE {
222  * type AttributeType,
223  * value AttributeValue }
224  *
225  * AttributeType ::= OBJECT IDENTIFIER
226  *
227  * AttributeValue ::= ANY DEFINED BY AttributeType
228  */
229 static int x509_get_attr_type_value( unsigned char **p,
230  const unsigned char *end,
231  x509_name *cur )
232 {
233  int ret;
234  size_t len;
235  x509_buf *oid;
236  x509_buf *val;
237 
238  if( ( ret = asn1_get_tag( p, end, &len,
239  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
240  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
241 
242  oid = &cur->oid;
243  oid->tag = **p;
244 
245  if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
246  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
247 
248  oid->p = *p;
249  *p += oid->len;
250 
251  if( ( end - *p ) < 1 )
254 
255  if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
256  **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
257  **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
260 
261  val = &cur->val;
262  val->tag = *(*p)++;
263 
264  if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
265  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
266 
267  val->p = *p;
268  *p += val->len;
269 
270  cur->next = NULL;
271 
272  return( 0 );
273 }
274 
275 /*
276  * RelativeDistinguishedName ::=
277  * SET OF AttributeTypeAndValue
278  *
279  * AttributeTypeAndValue ::= SEQUENCE {
280  * type AttributeType,
281  * value AttributeValue }
282  *
283  * AttributeType ::= OBJECT IDENTIFIER
284  *
285  * AttributeValue ::= ANY DEFINED BY AttributeType
286  */
287 static int x509_get_name( unsigned char **p,
288  const unsigned char *end,
289  x509_name *cur )
290 {
291  int ret;
292  size_t len;
293  const unsigned char *end2;
294  x509_name *use;
295 
296  if( ( ret = asn1_get_tag( p, end, &len,
297  ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
298  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
299 
300  end2 = end;
301  end = *p + len;
302  use = cur;
303 
304  do
305  {
306  if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
307  return( ret );
308 
309  if( *p != end )
310  {
311  use->next = (x509_name *) malloc(
312  sizeof( x509_name ) );
313 
314  if( use->next == NULL )
316 
317  memset( use->next, 0, sizeof( x509_name ) );
318 
319  use = use->next;
320  }
321  }
322  while( *p != end );
323 
324  /*
325  * recurse until end of SEQUENCE is reached
326  */
327  if( *p == end2 )
328  return( 0 );
329 
330  cur->next = (x509_name *) malloc(
331  sizeof( x509_name ) );
332 
333  if( cur->next == NULL )
335 
336  memset( cur->next, 0, sizeof( x509_name ) );
337 
338  return( x509_get_name( p, end2, cur->next ) );
339 }
340 
341 /*
342  * Time ::= CHOICE {
343  * utcTime UTCTime,
344  * generalTime GeneralizedTime }
345  */
346 static int x509_get_time( unsigned char **p,
347  const unsigned char *end,
348  x509_time *time )
349 {
350  int ret;
351  size_t len;
352  char date[64];
353  unsigned char tag;
354 
355  if( ( end - *p ) < 1 )
358 
359  tag = **p;
360 
361  if ( tag == ASN1_UTC_TIME )
362  {
363  (*p)++;
364  ret = asn1_get_len( p, end, &len );
365 
366  if( ret != 0 )
367  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
368 
369  memset( date, 0, sizeof( date ) );
370  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
371  len : sizeof( date ) - 1 );
372 
373  if( sscanf( date, "%2d%2d%2d%2d%2d%2dZ",
374  &time->year, &time->mon, &time->day,
375  &time->hour, &time->min, &time->sec ) < 5 )
377 
378  time->year += 100 * ( time->year < 50 );
379  time->year += 1900;
380 
381  *p += len;
382 
383  return( 0 );
384  }
385  else if ( tag == ASN1_GENERALIZED_TIME )
386  {
387  (*p)++;
388  ret = asn1_get_len( p, end, &len );
389 
390  if( ret != 0 )
391  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
392 
393  memset( date, 0, sizeof( date ) );
394  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
395  len : sizeof( date ) - 1 );
396 
397  if( sscanf( date, "%4d%2d%2d%2d%2d%2dZ",
398  &time->year, &time->mon, &time->day,
399  &time->hour, &time->min, &time->sec ) < 5 )
401 
402  *p += len;
403 
404  return( 0 );
405  }
406  else
408 }
409 
410 
411 /*
412  * Validity ::= SEQUENCE {
413  * notBefore Time,
414  * notAfter Time }
415  */
416 static int x509_get_dates( unsigned char **p,
417  const unsigned char *end,
418  x509_time *from,
419  x509_time *to )
420 {
421  int ret;
422  size_t len;
423 
424  if( ( ret = asn1_get_tag( p, end, &len,
425  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
426  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
427 
428  end = *p + len;
429 
430  if( ( ret = x509_get_time( p, end, from ) ) != 0 )
431  return( ret );
432 
433  if( ( ret = x509_get_time( p, end, to ) ) != 0 )
434  return( ret );
435 
436  if( *p != end )
439 
440  return( 0 );
441 }
442 
443 /*
444  * SubjectPublicKeyInfo ::= SEQUENCE {
445  * algorithm AlgorithmIdentifier,
446  * subjectPublicKey BIT STRING }
447  */
448 static int x509_get_pubkey( unsigned char **p,
449  const unsigned char *end,
450  x509_buf *pk_alg_oid,
451  mpi *N, mpi *E )
452 {
453  int ret;
454  size_t len;
455  unsigned char *end2;
456 
457  if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
458  return( ret );
459 
460  /*
461  * only RSA public keys handled at this time
462  */
463  if( pk_alg_oid->len != 9 ||
464  memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 )
465  {
467  }
468 
469  if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
471 
472  if( ( end - *p ) < 1 )
475 
476  end2 = *p + len;
477 
478  if( *(*p)++ != 0 )
480 
481  /*
482  * RSAPublicKey ::= SEQUENCE {
483  * modulus INTEGER, -- n
484  * publicExponent INTEGER -- e
485  * }
486  */
487  if( ( ret = asn1_get_tag( p, end2, &len,
488  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
490 
491  if( *p + len != end2 )
494 
495  if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
496  ( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
498 
499  if( *p != end )
502 
503  return( 0 );
504 }
505 
506 static int x509_get_sig( unsigned char **p,
507  const unsigned char *end,
508  x509_buf *sig )
509 {
510  int ret;
511  size_t len;
512 
513  if( ( end - *p ) < 1 )
516 
517  sig->tag = **p;
518 
519  if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
521 
522 
523  if( --len < 1 || *(*p)++ != 0 )
525 
526  sig->len = len;
527  sig->p = *p;
528 
529  *p += len;
530 
531  return( 0 );
532 }
533 
534 /*
535  * X.509 v2/v3 unique identifier (not parsed)
536  */
537 static int x509_get_uid( unsigned char **p,
538  const unsigned char *end,
539  x509_buf *uid, int n )
540 {
541  int ret;
542 
543  if( *p == end )
544  return( 0 );
545 
546  uid->tag = **p;
547 
548  if( ( ret = asn1_get_tag( p, end, &uid->len,
549  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 )
550  {
552  return( 0 );
553 
554  return( ret );
555  }
556 
557  uid->p = *p;
558  *p += uid->len;
559 
560  return( 0 );
561 }
562 
563 /*
564  * X.509 Extensions (No parsing of extensions, pointer should
565  * be either manually updated or extensions should be parsed!
566  */
567 static int x509_get_ext( unsigned char **p,
568  const unsigned char *end,
569  x509_buf *ext, int tag )
570 {
571  int ret;
572  size_t len;
573 
574  if( *p == end )
575  return( 0 );
576 
577  ext->tag = **p;
578 
579  if( ( ret = asn1_get_tag( p, end, &ext->len,
580  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
581  return( ret );
582 
583  ext->p = *p;
584  end = *p + ext->len;
585 
586  /*
587  * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
588  *
589  * Extension ::= SEQUENCE {
590  * extnID OBJECT IDENTIFIER,
591  * critical BOOLEAN DEFAULT FALSE,
592  * extnValue OCTET STRING }
593  */
594  if( ( ret = asn1_get_tag( p, end, &len,
595  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
597 
598  if( end != *p + len )
601 
602  return( 0 );
603 }
604 
605 /*
606  * X.509 CRL v2 extensions (no extensions parsed yet.)
607  */
608 static int x509_get_crl_ext( unsigned char **p,
609  const unsigned char *end,
610  x509_buf *ext )
611 {
612  int ret;
613  size_t len = 0;
614 
615  /* Get explicit tag */
616  if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
617  {
619  return( 0 );
620 
621  return( ret );
622  }
623 
624  while( *p < end )
625  {
626  if( ( ret = asn1_get_tag( p, end, &len,
627  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
629 
630  *p += len;
631  }
632 
633  if( *p != end )
636 
637  return( 0 );
638 }
639 
640 /*
641  * X.509 CRL v2 entry extensions (no extensions parsed yet.)
642  */
643 static int x509_get_crl_entry_ext( unsigned char **p,
644  const unsigned char *end,
645  x509_buf *ext )
646 {
647  int ret;
648  size_t len = 0;
649 
650  /* OPTIONAL */
651  if (end <= *p)
652  return( 0 );
653 
654  ext->tag = **p;
655  ext->p = *p;
656 
657  /*
658  * Get CRL-entry extension sequence header
659  * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
660  */
661  if( ( ret = asn1_get_tag( p, end, &ext->len,
662  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
663  {
665  {
666  ext->p = NULL;
667  return( 0 );
668  }
670  }
671 
672  end = *p + ext->len;
673 
674  if( end != *p + ext->len )
677 
678  while( *p < end )
679  {
680  if( ( ret = asn1_get_tag( p, end, &len,
681  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
683 
684  *p += len;
685  }
686 
687  if( *p != end )
690 
691  return( 0 );
692 }
693 
694 static int x509_get_basic_constraints( unsigned char **p,
695  const unsigned char *end,
696  int *ca_istrue,
697  int *max_pathlen )
698 {
699  int ret;
700  size_t len;
701 
702  /*
703  * BasicConstraints ::= SEQUENCE {
704  * cA BOOLEAN DEFAULT FALSE,
705  * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
706  */
707  *ca_istrue = 0; /* DEFAULT FALSE */
708  *max_pathlen = 0; /* endless */
709 
710  if( ( ret = asn1_get_tag( p, end, &len,
711  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
713 
714  if( *p == end )
715  return 0;
716 
717  if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
718  {
720  ret = asn1_get_int( p, end, ca_istrue );
721 
722  if( ret != 0 )
724 
725  if( *ca_istrue != 0 )
726  *ca_istrue = 1;
727  }
728 
729  if( *p == end )
730  return 0;
731 
732  if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
734 
735  if( *p != end )
738 
739  (*max_pathlen)++;
740 
741  return 0;
742 }
743 
744 static int x509_get_ns_cert_type( unsigned char **p,
745  const unsigned char *end,
746  unsigned char *ns_cert_type)
747 {
748  int ret;
749  x509_bitstring bs = { 0, 0, NULL };
750 
751  if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
753 
754  if( bs.len != 1 )
757 
758  /* Get actual bitstring */
759  *ns_cert_type = *bs.p;
760  return 0;
761 }
762 
763 static int x509_get_key_usage( unsigned char **p,
764  const unsigned char *end,
765  unsigned char *key_usage)
766 {
767  int ret;
768  x509_bitstring bs = { 0, 0, NULL };
769 
770  if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
772 
773  if( bs.len < 1 )
776 
777  /* Get actual bitstring */
778  *key_usage = *bs.p;
779  return 0;
780 }
781 
782 /*
783  * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
784  *
785  * KeyPurposeId ::= OBJECT IDENTIFIER
786  */
787 static int x509_get_ext_key_usage( unsigned char **p,
788  const unsigned char *end,
789  x509_sequence *ext_key_usage)
790 {
791  int ret;
792 
793  if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
795 
796  /* Sequence length must be >= 1 */
797  if( ext_key_usage->buf.p == NULL )
800 
801  return 0;
802 }
803 
804 /*
805  * SubjectAltName ::= GeneralNames
806  *
807  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
808  *
809  * GeneralName ::= CHOICE {
810  * otherName [0] OtherName,
811  * rfc822Name [1] IA5String,
812  * dNSName [2] IA5String,
813  * x400Address [3] ORAddress,
814  * directoryName [4] Name,
815  * ediPartyName [5] EDIPartyName,
816  * uniformResourceIdentifier [6] IA5String,
817  * iPAddress [7] OCTET STRING,
818  * registeredID [8] OBJECT IDENTIFIER }
819  *
820  * OtherName ::= SEQUENCE {
821  * type-id OBJECT IDENTIFIER,
822  * value [0] EXPLICIT ANY DEFINED BY type-id }
823  *
824  * EDIPartyName ::= SEQUENCE {
825  * nameAssigner [0] DirectoryString OPTIONAL,
826  * partyName [1] DirectoryString }
827  *
828  * NOTE: PolarSSL only parses and uses dNSName at this point.
829  */
830 static int x509_get_subject_alt_name( unsigned char **p,
831  const unsigned char *end,
832  x509_sequence *subject_alt_name )
833 {
834  int ret;
835  size_t len, tag_len;
836  asn1_buf *buf;
837  unsigned char tag;
838  asn1_sequence *cur = subject_alt_name;
839 
840  /* Get main sequence tag */
841  if( ( ret = asn1_get_tag( p, end, &len,
842  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
844 
845  if( *p + len != end )
848 
849  while( *p < end )
850  {
851  if( ( end - *p ) < 1 )
854 
855  tag = **p;
856  (*p)++;
857  if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
859 
860  if( ( tag & ASN1_CONTEXT_SPECIFIC ) != ASN1_CONTEXT_SPECIFIC )
863 
864  if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
865  {
866  *p += tag_len;
867  continue;
868  }
869 
870  buf = &(cur->buf);
871  buf->tag = tag;
872  buf->p = *p;
873  buf->len = tag_len;
874  *p += buf->len;
875 
876  /* Allocate and assign next pointer */
877  if (*p < end)
878  {
879  cur->next = (asn1_sequence *) malloc(
880  sizeof( asn1_sequence ) );
881 
882  if( cur->next == NULL )
885 
886  memset( cur->next, 0, sizeof( asn1_sequence ) );
887  cur = cur->next;
888  }
889  }
890 
891  /* Set final sequence entry's next pointer to NULL */
892  cur->next = NULL;
893 
894  if( *p != end )
897 
898  return( 0 );
899 }
900 
901 /*
902  * X.509 v3 extensions
903  *
904  * TODO: Perform all of the basic constraints tests required by the RFC
905  * TODO: Set values for undetected extensions to a sane default?
906  *
907  */
908 static int x509_get_crt_ext( unsigned char **p,
909  const unsigned char *end,
910  x509_cert *crt )
911 {
912  int ret;
913  size_t len;
914  unsigned char *end_ext_data, *end_ext_octet;
915 
916  if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
917  {
919  return( 0 );
920 
921  return( ret );
922  }
923 
924  while( *p < end )
925  {
926  /*
927  * Extension ::= SEQUENCE {
928  * extnID OBJECT IDENTIFIER,
929  * critical BOOLEAN DEFAULT FALSE,
930  * extnValue OCTET STRING }
931  */
932  x509_buf extn_oid = {0, 0, NULL};
933  int is_critical = 0; /* DEFAULT FALSE */
934 
935  if( ( ret = asn1_get_tag( p, end, &len,
936  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
938 
939  end_ext_data = *p + len;
940 
941  /* Get extension ID */
942  extn_oid.tag = **p;
943 
944  if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
946 
947  extn_oid.p = *p;
948  *p += extn_oid.len;
949 
950  if( ( end - *p ) < 1 )
953 
954  /* Get optional critical */
955  if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
958 
959  /* Data should be octet string type */
960  if( ( ret = asn1_get_tag( p, end_ext_data, &len,
961  ASN1_OCTET_STRING ) ) != 0 )
963 
964  end_ext_octet = *p + len;
965 
966  if( end_ext_octet != end_ext_data )
969 
970  /*
971  * Detect supported extensions
972  */
973  if( ( OID_SIZE( OID_BASIC_CONSTRAINTS ) == extn_oid.len ) &&
974  memcmp( extn_oid.p, OID_BASIC_CONSTRAINTS, extn_oid.len ) == 0 )
975  {
976  /* Parse basic constraints */
977  if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
978  &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
979  return ( ret );
981  }
982  else if( ( OID_SIZE( OID_NS_CERT_TYPE ) == extn_oid.len ) &&
983  memcmp( extn_oid.p, OID_NS_CERT_TYPE, extn_oid.len ) == 0 )
984  {
985  /* Parse netscape certificate type */
986  if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
987  &crt->ns_cert_type ) ) != 0 )
988  return ( ret );
989  crt->ext_types |= EXT_NS_CERT_TYPE;
990  }
991  else if( ( OID_SIZE( OID_KEY_USAGE ) == extn_oid.len ) &&
992  memcmp( extn_oid.p, OID_KEY_USAGE, extn_oid.len ) == 0 )
993  {
994  /* Parse key usage */
995  if( ( ret = x509_get_key_usage( p, end_ext_octet,
996  &crt->key_usage ) ) != 0 )
997  return ( ret );
998  crt->ext_types |= EXT_KEY_USAGE;
999  }
1000  else if( ( OID_SIZE( OID_EXTENDED_KEY_USAGE ) == extn_oid.len ) &&
1001  memcmp( extn_oid.p, OID_EXTENDED_KEY_USAGE, extn_oid.len ) == 0 )
1002  {
1003  /* Parse extended key usage */
1004  if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
1005  &crt->ext_key_usage ) ) != 0 )
1006  return ( ret );
1008  }
1009  else if( ( OID_SIZE( OID_SUBJECT_ALT_NAME ) == extn_oid.len ) &&
1010  memcmp( extn_oid.p, OID_SUBJECT_ALT_NAME, extn_oid.len ) == 0 )
1011  {
1012  /* Parse extended key usage */
1013  if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
1014  &crt->subject_alt_names ) ) != 0 )
1015  return ( ret );
1017  }
1018  else
1019  {
1020  /* No parser found, skip extension */
1021  *p = end_ext_octet;
1022 
1023 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1024  if( is_critical )
1025  {
1026  /* Data is marked as critical: fail */
1029  }
1030 #endif
1031  }
1032  }
1033 
1034  if( *p != end )
1037 
1038  return( 0 );
1039 }
1040 
1041 /*
1042  * X.509 CRL Entries
1043  */
1044 static int x509_get_entries( unsigned char **p,
1045  const unsigned char *end,
1047 {
1048  int ret;
1049  size_t entry_len;
1050  x509_crl_entry *cur_entry = entry;
1051 
1052  if( *p == end )
1053  return( 0 );
1054 
1055  if( ( ret = asn1_get_tag( p, end, &entry_len,
1056  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
1057  {
1059  return( 0 );
1060 
1061  return( ret );
1062  }
1063 
1064  end = *p + entry_len;
1065 
1066  while( *p < end )
1067  {
1068  size_t len2;
1069  const unsigned char *end2;
1070 
1071  if( ( ret = asn1_get_tag( p, end, &len2,
1072  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
1073  {
1074  return( ret );
1075  }
1076 
1077  cur_entry->raw.tag = **p;
1078  cur_entry->raw.p = *p;
1079  cur_entry->raw.len = len2;
1080  end2 = *p + len2;
1081 
1082  if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
1083  return( ret );
1084 
1085  if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
1086  return( ret );
1087 
1088  if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
1089  return( ret );
1090 
1091  if ( *p < end )
1092  {
1093  cur_entry->next = malloc( sizeof( x509_crl_entry ) );
1094 
1095  if( cur_entry->next == NULL )
1097 
1098  cur_entry = cur_entry->next;
1099  memset( cur_entry, 0, sizeof( x509_crl_entry ) );
1100  }
1101  }
1102 
1103  return( 0 );
1104 }
1105 
1106 static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
1107 {
1108  if( sig_oid->len == 9 &&
1109  memcmp( sig_oid->p, OID_PKCS1, 8 ) == 0 )
1110  {
1111  if( sig_oid->p[8] >= 2 && sig_oid->p[8] <= 5 )
1112  {
1113  *sig_alg = sig_oid->p[8];
1114  return( 0 );
1115  }
1116 
1117  if ( sig_oid->p[8] >= 11 && sig_oid->p[8] <= 14 )
1118  {
1119  *sig_alg = sig_oid->p[8];
1120  return( 0 );
1121  }
1122 
1124  }
1125  if( sig_oid->len == 5 &&
1126  memcmp( sig_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
1127  {
1128  *sig_alg = SIG_RSA_SHA1;
1129  return( 0 );
1130  }
1131 
1133 }
1134 
1135 /*
1136  * Parse and fill a single X.509 certificate in DER format
1137  */
1138 static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
1139  size_t buflen )
1140 {
1141  int ret;
1142  size_t len;
1143  unsigned char *p, *end, *crt_end;
1144 
1145  /*
1146  * Check for valid input
1147  */
1148  if( crt == NULL || buf == NULL )
1150 
1151  p = (unsigned char *) malloc( len = buflen );
1152 
1153  if( p == NULL )
1155 
1156  memcpy( p, buf, buflen );
1157 
1158  crt->raw.p = p;
1159  crt->raw.len = len;
1160  end = p + len;
1161 
1162  /*
1163  * Certificate ::= SEQUENCE {
1164  * tbsCertificate TBSCertificate,
1165  * signatureAlgorithm AlgorithmIdentifier,
1166  * signatureValue BIT STRING }
1167  */
1168  if( ( ret = asn1_get_tag( &p, end, &len,
1169  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1170  {
1171  x509_free( crt );
1173  }
1174 
1175  if( len > (size_t) ( end - p ) )
1176  {
1177  x509_free( crt );
1180  }
1181  crt_end = p + len;
1182 
1183  /*
1184  * TBSCertificate ::= SEQUENCE {
1185  */
1186  crt->tbs.p = p;
1187 
1188  if( ( ret = asn1_get_tag( &p, end, &len,
1189  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1190  {
1191  x509_free( crt );
1192  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1193  }
1194 
1195  end = p + len;
1196  crt->tbs.len = end - crt->tbs.p;
1197 
1198  /*
1199  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1200  *
1201  * CertificateSerialNumber ::= INTEGER
1202  *
1203  * signature AlgorithmIdentifier
1204  */
1205  if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
1206  ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
1207  ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
1208  {
1209  x509_free( crt );
1210  return( ret );
1211  }
1212 
1213  crt->version++;
1214 
1215  if( crt->version > 3 )
1216  {
1217  x509_free( crt );
1219  }
1220 
1221  if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_alg ) ) != 0 )
1222  {
1223  x509_free( crt );
1224  return( ret );
1225  }
1226 
1227  /*
1228  * issuer Name
1229  */
1230  crt->issuer_raw.p = p;
1231 
1232  if( ( ret = asn1_get_tag( &p, end, &len,
1233  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1234  {
1235  x509_free( crt );
1236  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1237  }
1238 
1239  if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
1240  {
1241  x509_free( crt );
1242  return( ret );
1243  }
1244 
1245  crt->issuer_raw.len = p - crt->issuer_raw.p;
1246 
1247  /*
1248  * Validity ::= SEQUENCE {
1249  * notBefore Time,
1250  * notAfter Time }
1251  *
1252  */
1253  if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
1254  &crt->valid_to ) ) != 0 )
1255  {
1256  x509_free( crt );
1257  return( ret );
1258  }
1259 
1260  /*
1261  * subject Name
1262  */
1263  crt->subject_raw.p = p;
1264 
1265  if( ( ret = asn1_get_tag( &p, end, &len,
1266  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1267  {
1268  x509_free( crt );
1269  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1270  }
1271 
1272  if( len && ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
1273  {
1274  x509_free( crt );
1275  return( ret );
1276  }
1277 
1278  crt->subject_raw.len = p - crt->subject_raw.p;
1279 
1280  /*
1281  * SubjectPublicKeyInfo ::= SEQUENCE
1282  * algorithm AlgorithmIdentifier,
1283  * subjectPublicKey BIT STRING }
1284  */
1285  if( ( ret = asn1_get_tag( &p, end, &len,
1286  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1287  {
1288  x509_free( crt );
1289  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1290  }
1291 
1292  if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
1293  &crt->rsa.N, &crt->rsa.E ) ) != 0 )
1294  {
1295  x509_free( crt );
1296  return( ret );
1297  }
1298 
1299  if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
1300  {
1301  x509_free( crt );
1302  return( ret );
1303  }
1304 
1305  crt->rsa.len = mpi_size( &crt->rsa.N );
1306 
1307  /*
1308  * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1309  * -- If present, version shall be v2 or v3
1310  * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1311  * -- If present, version shall be v2 or v3
1312  * extensions [3] EXPLICIT Extensions OPTIONAL
1313  * -- If present, version shall be v3
1314  */
1315  if( crt->version == 2 || crt->version == 3 )
1316  {
1317  ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1318  if( ret != 0 )
1319  {
1320  x509_free( crt );
1321  return( ret );
1322  }
1323  }
1324 
1325  if( crt->version == 2 || crt->version == 3 )
1326  {
1327  ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1328  if( ret != 0 )
1329  {
1330  x509_free( crt );
1331  return( ret );
1332  }
1333  }
1334 
1335  if( crt->version == 3 )
1336  {
1337  ret = x509_get_crt_ext( &p, end, crt);
1338  if( ret != 0 )
1339  {
1340  x509_free( crt );
1341  return( ret );
1342  }
1343  }
1344 
1345  if( p != end )
1346  {
1347  x509_free( crt );
1350  }
1351 
1352  end = crt_end;
1353 
1354  /*
1355  * signatureAlgorithm AlgorithmIdentifier,
1356  * signatureValue BIT STRING
1357  */
1358  if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
1359  {
1360  x509_free( crt );
1361  return( ret );
1362  }
1363 
1364  if( crt->sig_oid1.len != crt->sig_oid2.len ||
1365  memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
1366  {
1367  x509_free( crt );
1369  }
1370 
1371  if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1372  {
1373  x509_free( crt );
1374  return( ret );
1375  }
1376 
1377  if( p != end )
1378  {
1379  x509_free( crt );
1382  }
1383 
1384  return( 0 );
1385 }
1386 
1387 /*
1388  * Parse one X.509 certificate in DER format from a buffer and add them to a
1389  * chained list
1390  */
1391 int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen )
1392 {
1393  int ret;
1394  x509_cert *crt = chain, *prev = NULL;
1395 
1396  /*
1397  * Check for valid input
1398  */
1399  if( crt == NULL || buf == NULL )
1401 
1402  while( crt->version != 0 && crt->next != NULL )
1403  {
1404  prev = crt;
1405  crt = crt->next;
1406  }
1407 
1408  /*
1409  * Add new certificate on the end of the chain if needed.
1410  */
1411  if ( crt->version != 0 && crt->next == NULL)
1412  {
1413  crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1414 
1415  if( crt->next == NULL )
1417 
1418  prev = crt;
1419  crt = crt->next;
1420  memset( crt, 0, sizeof( x509_cert ) );
1421  }
1422 
1423  if( ( ret = x509parse_crt_der_core( crt, buf, buflen ) ) != 0 )
1424  {
1425  if( prev )
1426  prev->next = NULL;
1427 
1428  if( crt != chain )
1429  free( crt );
1430 
1431  return( ret );
1432  }
1433 
1434  return( 0 );
1435 }
1436 
1437 /*
1438  * Parse one or more PEM certificates from a buffer and add them to the chained list
1439  */
1440 int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
1441 {
1442  int ret, success = 0, first_error = 0, total_failed = 0;
1443  int buf_format = X509_FORMAT_DER;
1444 
1445  /*
1446  * Check for valid input
1447  */
1448  if( chain == NULL || buf == NULL )
1450 
1451  /*
1452  * Determine buffer content. Buffer contains either one DER certificate or
1453  * one or more PEM certificates.
1454  */
1455 #if defined(POLARSSL_PEM_C)
1456  if( strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1457  buf_format = X509_FORMAT_PEM;
1458 #endif
1459 
1460  if( buf_format == X509_FORMAT_DER )
1461  return x509parse_crt_der( chain, buf, buflen );
1462 
1463 #if defined(POLARSSL_PEM_C)
1464  if( buf_format == X509_FORMAT_PEM )
1465  {
1466  pem_context pem;
1467 
1468  while( buflen > 0 )
1469  {
1470  size_t use_len;
1471  pem_init( &pem );
1472 
1473  ret = pem_read_buffer( &pem,
1474  (char *) "-----BEGIN CERTIFICATE-----",
1475  (char *) "-----END CERTIFICATE-----",
1476  buf, NULL, 0, &use_len );
1477 
1478  if( ret == 0 )
1479  {
1480  /*
1481  * Was PEM encoded
1482  */
1483  buflen -= use_len;
1484  buf += use_len;
1485  }
1486  else if( ret == POLARSSL_ERR_PEM_BAD_INPUT_DATA )
1487  {
1488  return( ret );
1489  }
1491  {
1492  pem_free( &pem );
1493 
1494  /*
1495  * PEM header and footer were found
1496  */
1497  buflen -= use_len;
1498  buf += use_len;
1499 
1500  if( first_error == 0 )
1501  first_error = ret;
1502 
1503  continue;
1504  }
1505  else
1506  break;
1507 
1508  ret = x509parse_crt_der( chain, pem.buf, pem.buflen );
1509 
1510  pem_free( &pem );
1511 
1512  if( ret != 0 )
1513  {
1514  /*
1515  * Quit parsing on a memory error
1516  */
1517  if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
1518  return( ret );
1519 
1520  if( first_error == 0 )
1521  first_error = ret;
1522 
1523  total_failed++;
1524  continue;
1525  }
1526 
1527  success = 1;
1528  }
1529  }
1530 #endif
1531 
1532  if( success )
1533  return( total_failed );
1534  else if( first_error )
1535  return( first_error );
1536  else
1538 }
1539 
1540 /*
1541  * Parse one or more CRLs and add them to the chained list
1542  */
1543 int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
1544 {
1545  int ret;
1546  size_t len;
1547  unsigned char *p, *end;
1548  x509_crl *crl;
1549 #if defined(POLARSSL_PEM_C)
1550  size_t use_len;
1551  pem_context pem;
1552 #endif
1553 
1554  crl = chain;
1555 
1556  /*
1557  * Check for valid input
1558  */
1559  if( crl == NULL || buf == NULL )
1561 
1562  while( crl->version != 0 && crl->next != NULL )
1563  crl = crl->next;
1564 
1565  /*
1566  * Add new CRL on the end of the chain if needed.
1567  */
1568  if ( crl->version != 0 && crl->next == NULL)
1569  {
1570  crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1571 
1572  if( crl->next == NULL )
1573  {
1574  x509_crl_free( crl );
1576  }
1577 
1578  crl = crl->next;
1579  memset( crl, 0, sizeof( x509_crl ) );
1580  }
1581 
1582 #if defined(POLARSSL_PEM_C)
1583  pem_init( &pem );
1584  ret = pem_read_buffer( &pem,
1585  (char *) "-----BEGIN X509 CRL-----",
1586  (char *) "-----END X509 CRL-----",
1587  buf, NULL, 0, &use_len );
1588 
1589  if( ret == 0 )
1590  {
1591  /*
1592  * Was PEM encoded
1593  */
1594  buflen -= use_len;
1595  buf += use_len;
1596 
1597  /*
1598  * Steal PEM buffer
1599  */
1600  p = pem.buf;
1601  pem.buf = NULL;
1602  len = pem.buflen;
1603  pem_free( &pem );
1604  }
1606  {
1607  pem_free( &pem );
1608  return( ret );
1609  }
1610  else
1611  {
1612  /*
1613  * nope, copy the raw DER data
1614  */
1615  p = (unsigned char *) malloc( len = buflen );
1616 
1617  if( p == NULL )
1619 
1620  memcpy( p, buf, buflen );
1621 
1622  buflen = 0;
1623  }
1624 #else
1625  p = (unsigned char *) malloc( len = buflen );
1626 
1627  if( p == NULL )
1629 
1630  memcpy( p, buf, buflen );
1631 
1632  buflen = 0;
1633 #endif
1634 
1635  crl->raw.p = p;
1636  crl->raw.len = len;
1637  end = p + len;
1638 
1639  /*
1640  * CertificateList ::= SEQUENCE {
1641  * tbsCertList TBSCertList,
1642  * signatureAlgorithm AlgorithmIdentifier,
1643  * signatureValue BIT STRING }
1644  */
1645  if( ( ret = asn1_get_tag( &p, end, &len,
1646  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1647  {
1648  x509_crl_free( crl );
1650  }
1651 
1652  if( len != (size_t) ( end - p ) )
1653  {
1654  x509_crl_free( crl );
1657  }
1658 
1659  /*
1660  * TBSCertList ::= SEQUENCE {
1661  */
1662  crl->tbs.p = p;
1663 
1664  if( ( ret = asn1_get_tag( &p, end, &len,
1665  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1666  {
1667  x509_crl_free( crl );
1668  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1669  }
1670 
1671  end = p + len;
1672  crl->tbs.len = end - crl->tbs.p;
1673 
1674  /*
1675  * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
1676  * -- if present, MUST be v2
1677  *
1678  * signature AlgorithmIdentifier
1679  */
1680  if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
1681  ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
1682  {
1683  x509_crl_free( crl );
1684  return( ret );
1685  }
1686 
1687  crl->version++;
1688 
1689  if( crl->version > 2 )
1690  {
1691  x509_crl_free( crl );
1693  }
1694 
1695  if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_alg ) ) != 0 )
1696  {
1697  x509_crl_free( crl );
1699  }
1700 
1701  /*
1702  * issuer Name
1703  */
1704  crl->issuer_raw.p = p;
1705 
1706  if( ( ret = asn1_get_tag( &p, end, &len,
1707  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1708  {
1709  x509_crl_free( crl );
1710  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1711  }
1712 
1713  if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
1714  {
1715  x509_crl_free( crl );
1716  return( ret );
1717  }
1718 
1719  crl->issuer_raw.len = p - crl->issuer_raw.p;
1720 
1721  /*
1722  * thisUpdate Time
1723  * nextUpdate Time OPTIONAL
1724  */
1725  if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
1726  {
1727  x509_crl_free( crl );
1728  return( ret );
1729  }
1730 
1731  if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
1732  {
1733  if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
1737  {
1738  x509_crl_free( crl );
1739  return( ret );
1740  }
1741  }
1742 
1743  /*
1744  * revokedCertificates SEQUENCE OF SEQUENCE {
1745  * userCertificate CertificateSerialNumber,
1746  * revocationDate Time,
1747  * crlEntryExtensions Extensions OPTIONAL
1748  * -- if present, MUST be v2
1749  * } OPTIONAL
1750  */
1751  if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
1752  {
1753  x509_crl_free( crl );
1754  return( ret );
1755  }
1756 
1757  /*
1758  * crlExtensions EXPLICIT Extensions OPTIONAL
1759  * -- if present, MUST be v2
1760  */
1761  if( crl->version == 2 )
1762  {
1763  ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
1764 
1765  if( ret != 0 )
1766  {
1767  x509_crl_free( crl );
1768  return( ret );
1769  }
1770  }
1771 
1772  if( p != end )
1773  {
1774  x509_crl_free( crl );
1777  }
1778 
1779  end = crl->raw.p + crl->raw.len;
1780 
1781  /*
1782  * signatureAlgorithm AlgorithmIdentifier,
1783  * signatureValue BIT STRING
1784  */
1785  if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
1786  {
1787  x509_crl_free( crl );
1788  return( ret );
1789  }
1790 
1791  if( crl->sig_oid1.len != crl->sig_oid2.len ||
1792  memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
1793  {
1794  x509_crl_free( crl );
1796  }
1797 
1798  if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
1799  {
1800  x509_crl_free( crl );
1801  return( ret );
1802  }
1803 
1804  if( p != end )
1805  {
1806  x509_crl_free( crl );
1809  }
1810 
1811  if( buflen > 0 )
1812  {
1813  crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1814 
1815  if( crl->next == NULL )
1816  {
1817  x509_crl_free( crl );
1819  }
1820 
1821  crl = crl->next;
1822  memset( crl, 0, sizeof( x509_crl ) );
1823 
1824  return( x509parse_crl( crl, buf, buflen ) );
1825  }
1826 
1827  return( 0 );
1828 }
1829 
1830 #if defined(POLARSSL_FS_IO)
1831 /*
1832  * Load all data from a file into a given buffer.
1833  */
1834 static int load_file( const char *path, unsigned char **buf, size_t *n )
1835 {
1836  FILE *f;
1837  long size;
1838 
1839  if( ( f = fopen( path, "rb" ) ) == NULL )
1841 
1842  fseek( f, 0, SEEK_END );
1843  if( ( size = ftell( f ) ) == -1 )
1844  {
1845  fclose( f );
1847  }
1848  fseek( f, 0, SEEK_SET );
1849 
1850  *n = (size_t) size;
1851 
1852  if( *n + 1 == 0 ||
1853  ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
1854  {
1855  fclose( f );
1857  }
1858 
1859  if( fread( *buf, 1, *n, f ) != *n )
1860  {
1861  fclose( f );
1862  free( *buf );
1864  }
1865 
1866  fclose( f );
1867 
1868  (*buf)[*n] = '\0';
1869 
1870  return( 0 );
1871 }
1872 
1873 /*
1874  * Load one or more certificates and add them to the chained list
1875  */
1876 int x509parse_crtfile( x509_cert *chain, const char *path )
1877 {
1878  int ret;
1879  size_t n;
1880  unsigned char *buf;
1881 
1882  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1883  return( ret );
1884 
1885  ret = x509parse_crt( chain, buf, n );
1886 
1887  memset( buf, 0, n + 1 );
1888  free( buf );
1889 
1890  return( ret );
1891 }
1892 
1893 int x509parse_crtpath( x509_cert *chain, const char *path )
1894 {
1895  int ret = 0;
1896 #if defined(_WIN32)
1897  int w_ret;
1898  WCHAR szDir[MAX_PATH];
1899  char filename[MAX_PATH];
1900  char *p;
1901  int len = strlen( path );
1902 
1903  WIN32_FIND_DATAW file_data;
1904  HANDLE hFind;
1905 
1906  if( len > MAX_PATH - 3 )
1908 
1909  memset( szDir, 0, sizeof(szDir) );
1910  memset( filename, 0, MAX_PATH );
1911  memcpy( filename, path, len );
1912  filename[len++] = '\\';
1913  p = filename + len;
1914  filename[len++] = '*';
1915 
1916  w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, MAX_PATH - 3 );
1917 
1918  hFind = FindFirstFileW( szDir, &file_data );
1919  if (hFind == INVALID_HANDLE_VALUE)
1921 
1922  len = MAX_PATH - len;
1923  do
1924  {
1925  memset( p, 0, len );
1926 
1927  if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1928  continue;
1929 
1930  w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1931  lstrlenW(file_data.cFileName),
1932  p, len - 1,
1933  NULL, NULL );
1934 
1935  w_ret = x509parse_crtfile( chain, filename );
1936  if( w_ret < 0 )
1937  ret++;
1938  else
1939  ret += w_ret;
1940  }
1941  while( FindNextFileW( hFind, &file_data ) != 0 );
1942 
1943  if (GetLastError() != ERROR_NO_MORE_FILES)
1945 
1946  FindClose( hFind );
1947 #else
1948 #if defined(POLARSSL_HAVE_READDIR_R)
1949  int t_ret, i;
1950  struct stat sb;
1951  struct dirent entry, *result = NULL;
1952  char entry_name[255];
1953  DIR *dir = opendir( path );
1954 
1955  if( dir == NULL)
1957 
1958  while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
1959  {
1960  if( result == NULL )
1961  break;
1962 
1963  snprintf( entry_name, sizeof(entry_name), "%s/%s", path, entry.d_name );
1964 
1965  i = stat( entry_name, &sb );
1966 
1967  if( i == -1 )
1968  {
1969  closedir( dir );
1971  }
1972 
1973  if( !S_ISREG( sb.st_mode ) )
1974  continue;
1975 
1976  // Ignore parse errors
1977  //
1978  t_ret = x509parse_crtfile( chain, entry_name );
1979  if( t_ret < 0 )
1980  ret++;
1981  else
1982  ret += t_ret;
1983  }
1984  closedir( dir );
1985 #else /* POLARSSL_HAVE_READDIR_R */
1986  ((void) chain);
1987  ((void) path);
1989 #endif /* POLARSSL_HAVE_READDIR_R */
1990 #endif /* _WIN32 */
1991 
1992  return( ret );
1993 }
1994 
1995 /*
1996  * Load one or more CRLs and add them to the chained list
1997  */
1998 int x509parse_crlfile( x509_crl *chain, const char *path )
1999 {
2000  int ret;
2001  size_t n;
2002  unsigned char *buf;
2003 
2004  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2005  return( ret );
2006 
2007  ret = x509parse_crl( chain, buf, n );
2008 
2009  memset( buf, 0, n + 1 );
2010  free( buf );
2011 
2012  return( ret );
2013 }
2014 
2015 /*
2016  * Load and parse a private RSA key
2017  */
2018 int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
2019 {
2020  int ret;
2021  size_t n;
2022  unsigned char *buf;
2023 
2024  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2025  return( ret );
2026 
2027  if( pwd == NULL )
2028  ret = x509parse_key( rsa, buf, n, NULL, 0 );
2029  else
2030  ret = x509parse_key( rsa, buf, n,
2031  (unsigned char *) pwd, strlen( pwd ) );
2032 
2033  memset( buf, 0, n + 1 );
2034  free( buf );
2035 
2036  return( ret );
2037 }
2038 
2039 /*
2040  * Load and parse a public RSA key
2041  */
2042 int x509parse_public_keyfile( rsa_context *rsa, const char *path )
2043 {
2044  int ret;
2045  size_t n;
2046  unsigned char *buf;
2047 
2048  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2049  return( ret );
2050 
2051  ret = x509parse_public_key( rsa, buf, n );
2052 
2053  memset( buf, 0, n + 1 );
2054  free( buf );
2055 
2056  return( ret );
2057 }
2058 #endif /* POLARSSL_FS_IO */
2059 
2060 /*
2061  * Parse a PKCS#1 encoded private RSA key
2062  */
2063 static int x509parse_key_pkcs1_der( rsa_context *rsa,
2064  const unsigned char *key,
2065  size_t keylen )
2066 {
2067  int ret;
2068  size_t len;
2069  unsigned char *p, *end;
2070 
2071  p = (unsigned char *) key;
2072  end = p + keylen;
2073 
2074  /*
2075  * This function parses the RSAPrivateKey (PKCS#1)
2076  *
2077  * RSAPrivateKey ::= SEQUENCE {
2078  * version Version,
2079  * modulus INTEGER, -- n
2080  * publicExponent INTEGER, -- e
2081  * privateExponent INTEGER, -- d
2082  * prime1 INTEGER, -- p
2083  * prime2 INTEGER, -- q
2084  * exponent1 INTEGER, -- d mod (p-1)
2085  * exponent2 INTEGER, -- d mod (q-1)
2086  * coefficient INTEGER, -- (inverse of q) mod p
2087  * otherPrimeInfos OtherPrimeInfos OPTIONAL
2088  * }
2089  */
2090  if( ( ret = asn1_get_tag( &p, end, &len,
2091  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2092  {
2093  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2094  }
2095 
2096  end = p + len;
2097 
2098  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2099  {
2100  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2101  }
2102 
2103  if( rsa->ver != 0 )
2104  {
2105  return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2106  }
2107 
2108  if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
2109  ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
2110  ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
2111  ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
2112  ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
2113  ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
2114  ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
2115  ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
2116  {
2117  rsa_free( rsa );
2118  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2119  }
2120 
2121  rsa->len = mpi_size( &rsa->N );
2122 
2123  if( p != end )
2124  {
2125  rsa_free( rsa );
2128  }
2129 
2130  if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
2131  {
2132  rsa_free( rsa );
2133  return( ret );
2134  }
2135 
2136  return( 0 );
2137 }
2138 
2139 /*
2140  * Parse an unencrypted PKCS#8 encoded private RSA key
2141  */
2142 static int x509parse_key_pkcs8_unencrypted_der(
2143  rsa_context *rsa,
2144  const unsigned char *key,
2145  size_t keylen )
2146 {
2147  int ret;
2148  size_t len;
2149  unsigned char *p, *end;
2150  x509_buf pk_alg_oid;
2151 
2152  p = (unsigned char *) key;
2153  end = p + keylen;
2154 
2155  /*
2156  * This function parses the PrivatKeyInfo object (PKCS#8)
2157  *
2158  * PrivateKeyInfo ::= SEQUENCE {
2159  * version Version,
2160  * algorithm AlgorithmIdentifier,
2161  * PrivateKey BIT STRING
2162  * }
2163  *
2164  * AlgorithmIdentifier ::= SEQUENCE {
2165  * algorithm OBJECT IDENTIFIER,
2166  * parameters ANY DEFINED BY algorithm OPTIONAL
2167  * }
2168  *
2169  * The PrivateKey BIT STRING is a PKCS#1 RSAPrivateKey
2170  */
2171  if( ( ret = asn1_get_tag( &p, end, &len,
2172  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2173  {
2174  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2175  }
2176 
2177  end = p + len;
2178 
2179  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2180  {
2181  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2182  }
2183 
2184  if( rsa->ver != 0 )
2185  {
2186  return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2187  }
2188 
2189  if( ( ret = x509_get_alg( &p, end, &pk_alg_oid ) ) != 0 )
2190  {
2191  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2192  }
2193 
2194  /*
2195  * only RSA keys handled at this time
2196  */
2197  if( pk_alg_oid.len != 9 ||
2198  memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) != 0 )
2199  {
2201  }
2202 
2203  /*
2204  * Get the OCTET STRING and parse the PKCS#1 format inside
2205  */
2206  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
2207  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2208 
2209  if( ( end - p ) < 1 )
2210  {
2213  }
2214 
2215  end = p + len;
2216 
2217  if( ( ret = x509parse_key_pkcs1_der( rsa, p, end - p ) ) != 0 )
2218  return( ret );
2219 
2220  return( 0 );
2221 }
2222 
2223 /*
2224  * Parse an encrypted PKCS#8 encoded private RSA key
2225  */
2226 static int x509parse_key_pkcs8_encrypted_der(
2227  rsa_context *rsa,
2228  const unsigned char *key,
2229  size_t keylen,
2230  const unsigned char *pwd,
2231  size_t pwdlen )
2232 {
2233  int ret;
2234  size_t len;
2235  unsigned char *p, *end, *end2;
2236  x509_buf pbe_alg_oid, pbe_params;
2237  unsigned char buf[2048];
2238 
2239  memset(buf, 0, 2048);
2240 
2241  p = (unsigned char *) key;
2242  end = p + keylen;
2243 
2244  if( pwdlen == 0 )
2246 
2247  /*
2248  * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
2249  *
2250  * EncryptedPrivateKeyInfo ::= SEQUENCE {
2251  * encryptionAlgorithm EncryptionAlgorithmIdentifier,
2252  * encryptedData EncryptedData
2253  * }
2254  *
2255  * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
2256  *
2257  * EncryptedData ::= OCTET STRING
2258  *
2259  * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
2260  */
2261  if( ( ret = asn1_get_tag( &p, end, &len,
2262  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2263  {
2264  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2265  }
2266 
2267  end = p + len;
2268 
2269  if( ( ret = asn1_get_tag( &p, end, &len,
2270  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2271  {
2272  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2273  }
2274 
2275  end2 = p + len;
2276 
2277  if( ( ret = asn1_get_tag( &p, end, &pbe_alg_oid.len, ASN1_OID ) ) != 0 )
2278  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2279 
2280  pbe_alg_oid.p = p;
2281  p += pbe_alg_oid.len;
2282 
2283  /*
2284  * Store the algorithm parameters
2285  */
2286  pbe_params.p = p;
2287  pbe_params.len = end2 - p;
2288  p += pbe_params.len;
2289 
2290  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
2291  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2292 
2293  // buf has been sized to 2048 bytes
2294  if( len > 2048 )
2296 
2297  /*
2298  * Decrypt EncryptedData with appropriate PDE
2299  */
2300 #if defined(POLARSSL_PKCS12_C)
2301  if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) )
2302  {
2303  if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
2305  pwd, pwdlen, p, len, buf ) ) != 0 )
2306  {
2309 
2310  return( ret );
2311  }
2312  }
2313  else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) )
2314  {
2315  if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
2317  pwd, pwdlen, p, len, buf ) ) != 0 )
2318  {
2321 
2322  return( ret );
2323  }
2324  }
2325  else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
2326  {
2327  if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
2329  pwd, pwdlen,
2330  p, len, buf ) ) != 0 )
2331  {
2332  return( ret );
2333  }
2334 
2335  // Best guess for password mismatch when using RC4. If first tag is
2336  // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
2337  //
2338  if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
2340  }
2341  else
2342 #endif /* POLARSSL_PKCS12_C */
2343 #if defined(POLARSSL_PKCS5_C)
2344  if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
2345  {
2346  if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
2347  p, len, buf ) ) != 0 )
2348  {
2351 
2352  return( ret );
2353  }
2354  }
2355  else
2356 #endif /* POLARSSL_PKCS5_C */
2358 
2359  return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len );
2360 }
2361 
2362 /*
2363  * Parse a private RSA key
2364  */
2365 int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
2366  const unsigned char *pwd, size_t pwdlen )
2367 {
2368  int ret;
2369 
2370 #if defined(POLARSSL_PEM_C)
2371  size_t len;
2372  pem_context pem;
2373 
2374  pem_init( &pem );
2375  ret = pem_read_buffer( &pem,
2376  (char *) "-----BEGIN RSA PRIVATE KEY-----",
2377  (char *) "-----END RSA PRIVATE KEY-----",
2378  key, pwd, pwdlen, &len );
2379  if( ret == 0 )
2380  {
2381  if( ( ret = x509parse_key_pkcs1_der( rsa, pem.buf, pem.buflen ) ) != 0 )
2382  {
2383  rsa_free( rsa );
2384  }
2385 
2386  pem_free( &pem );
2387  return( ret );
2388  }
2389  else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
2391  else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
2394  return( ret );
2395 
2396  ret = pem_read_buffer( &pem,
2397  (char *) "-----BEGIN PRIVATE KEY-----",
2398  (char *) "-----END PRIVATE KEY-----",
2399  key, NULL, 0, &len );
2400  if( ret == 0 )
2401  {
2402  if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa,
2403  pem.buf, pem.buflen ) ) != 0 )
2404  {
2405  rsa_free( rsa );
2406  }
2407 
2408  pem_free( &pem );
2409  return( ret );
2410  }
2412  return( ret );
2413 
2414  ret = pem_read_buffer( &pem,
2415  (char *) "-----BEGIN ENCRYPTED PRIVATE KEY-----",
2416  (char *) "-----END ENCRYPTED PRIVATE KEY-----",
2417  key, NULL, 0, &len );
2418  if( ret == 0 )
2419  {
2420  if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa,
2421  pem.buf, pem.buflen,
2422  pwd, pwdlen ) ) != 0 )
2423  {
2424  rsa_free( rsa );
2425  }
2426 
2427  pem_free( &pem );
2428  return( ret );
2429  }
2431  return( ret );
2432 #else
2433  ((void) pwd);
2434  ((void) pwdlen);
2435 #endif /* POLARSSL_PEM_C */
2436 
2437  // At this point we only know it's not a PEM formatted key. Could be any
2438  // of the known DER encoded private key formats
2439  //
2440  // We try the different DER format parsers to see if one passes without
2441  // error
2442  //
2443  if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, key, keylen,
2444  pwd, pwdlen ) ) == 0 )
2445  {
2446  return( 0 );
2447  }
2448 
2449  rsa_free( rsa );
2450 
2452  {
2453  return( ret );
2454  }
2455 
2456  if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) == 0 )
2457  return( 0 );
2458 
2459  rsa_free( rsa );
2460 
2461  if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) == 0 )
2462  return( 0 );
2463 
2464  rsa_free( rsa );
2465 
2467 }
2468 
2469 /*
2470  * Parse a public RSA key
2471  */
2472 int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t keylen )
2473 {
2474  int ret;
2475  size_t len;
2476  unsigned char *p, *end;
2477  x509_buf alg_oid;
2478 #if defined(POLARSSL_PEM_C)
2479  pem_context pem;
2480 
2481  pem_init( &pem );
2482  ret = pem_read_buffer( &pem,
2483  (char *) "-----BEGIN PUBLIC KEY-----",
2484  (char *) "-----END PUBLIC KEY-----",
2485  key, NULL, 0, &len );
2486 
2487  if( ret == 0 )
2488  {
2489  /*
2490  * Was PEM encoded
2491  */
2492  keylen = pem.buflen;
2493  }
2495  {
2496  pem_free( &pem );
2497  return( ret );
2498  }
2499 
2500  p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
2501 #else
2502  p = (unsigned char *) key;
2503 #endif
2504  end = p + keylen;
2505 
2506  /*
2507  * PublicKeyInfo ::= SEQUENCE {
2508  * algorithm AlgorithmIdentifier,
2509  * PublicKey BIT STRING
2510  * }
2511  *
2512  * AlgorithmIdentifier ::= SEQUENCE {
2513  * algorithm OBJECT IDENTIFIER,
2514  * parameters ANY DEFINED BY algorithm OPTIONAL
2515  * }
2516  *
2517  * RSAPublicKey ::= SEQUENCE {
2518  * modulus INTEGER, -- n
2519  * publicExponent INTEGER -- e
2520  * }
2521  */
2522 
2523  if( ( ret = asn1_get_tag( &p, end, &len,
2524  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2525  {
2526 #if defined(POLARSSL_PEM_C)
2527  pem_free( &pem );
2528 #endif
2529  rsa_free( rsa );
2530  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
2531  }
2532 
2533  if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->N, &rsa->E ) ) != 0 )
2534  {
2535 #if defined(POLARSSL_PEM_C)
2536  pem_free( &pem );
2537 #endif
2538  rsa_free( rsa );
2539  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2540  }
2541 
2542  if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
2543  {
2544 #if defined(POLARSSL_PEM_C)
2545  pem_free( &pem );
2546 #endif
2547  rsa_free( rsa );
2548  return( ret );
2549  }
2550 
2551  rsa->len = mpi_size( &rsa->N );
2552 
2553 #if defined(POLARSSL_PEM_C)
2554  pem_free( &pem );
2555 #endif
2556 
2557  return( 0 );
2558 }
2559 
2560 #if defined(POLARSSL_DHM_C)
2561 /*
2562  * Parse DHM parameters
2563  */
2564 int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
2565 {
2566  int ret;
2567  size_t len;
2568  unsigned char *p, *end;
2569 #if defined(POLARSSL_PEM_C)
2570  pem_context pem;
2571 
2572  pem_init( &pem );
2573 
2574  ret = pem_read_buffer( &pem,
2575  (char *) "-----BEGIN DH PARAMETERS-----",
2576  (char *) "-----END DH PARAMETERS-----",
2577  dhmin, NULL, 0, &dhminlen );
2578 
2579  if( ret == 0 )
2580  {
2581  /*
2582  * Was PEM encoded
2583  */
2584  dhminlen = pem.buflen;
2585  }
2587  {
2588  pem_free( &pem );
2589  return( ret );
2590  }
2591 
2592  p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
2593 #else
2594  p = (unsigned char *) dhmin;
2595 #endif
2596  end = p + dhminlen;
2597 
2598  memset( dhm, 0, sizeof( dhm_context ) );
2599 
2600  /*
2601  * DHParams ::= SEQUENCE {
2602  * prime INTEGER, -- P
2603  * generator INTEGER, -- g
2604  * }
2605  */
2606  if( ( ret = asn1_get_tag( &p, end, &len,
2607  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2608  {
2609 #if defined(POLARSSL_PEM_C)
2610  pem_free( &pem );
2611 #endif
2612  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2613  }
2614 
2615  end = p + len;
2616 
2617  if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
2618  ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
2619  {
2620 #if defined(POLARSSL_PEM_C)
2621  pem_free( &pem );
2622 #endif
2623  dhm_free( dhm );
2624  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2625  }
2626 
2627  if( p != end )
2628  {
2629 #if defined(POLARSSL_PEM_C)
2630  pem_free( &pem );
2631 #endif
2632  dhm_free( dhm );
2635  }
2636 
2637 #if defined(POLARSSL_PEM_C)
2638  pem_free( &pem );
2639 #endif
2640 
2641  return( 0 );
2642 }
2643 
2644 #if defined(POLARSSL_FS_IO)
2645 /*
2646  * Load and parse a private RSA key
2647  */
2648 int x509parse_dhmfile( dhm_context *dhm, const char *path )
2649 {
2650  int ret;
2651  size_t n;
2652  unsigned char *buf;
2653 
2654  if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2655  return( ret );
2656 
2657  ret = x509parse_dhm( dhm, buf, n );
2658 
2659  memset( buf, 0, n + 1 );
2660  free( buf );
2661 
2662  return( ret );
2663 }
2664 #endif /* POLARSSL_FS_IO */
2665 #endif /* POLARSSL_DHM_C */
2666 
2667 #if defined _MSC_VER && !defined snprintf
2668 #include <stdarg.h>
2669 
2670 #if !defined vsnprintf
2671 #define vsnprintf _vsnprintf
2672 #endif // vsnprintf
2673 
2674 /*
2675  * Windows _snprintf and _vsnprintf are not compatible to linux versions.
2676  * Result value is not size of buffer needed, but -1 if no fit is possible.
2677  *
2678  * This fuction tries to 'fix' this by at least suggesting enlarging the
2679  * size by 20.
2680  */
2681 int compat_snprintf(char *str, size_t size, const char *format, ...)
2682 {
2683  va_list ap;
2684  int res = -1;
2685 
2686  va_start( ap, format );
2687 
2688  res = vsnprintf( str, size, format, ap );
2689 
2690  va_end( ap );
2691 
2692  // No quick fix possible
2693  if ( res < 0 )
2694  return( (int) size + 20 );
2695 
2696  return res;
2697 }
2698 
2699 #define snprintf compat_snprintf
2700 #endif
2701 
2702 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2703 
2704 #define SAFE_SNPRINTF() \
2705 { \
2706  if( ret == -1 ) \
2707  return( -1 ); \
2708  \
2709  if ( (unsigned int) ret > n ) { \
2710  p[n - 1] = '\0'; \
2711  return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2712  } \
2713  \
2714  n -= (unsigned int) ret; \
2715  p += (unsigned int) ret; \
2716 }
2717 
2718 /*
2719  * Store the name in printable form into buf; no more
2720  * than size characters will be written
2721  */
2722 int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
2723 {
2724  int ret;
2725  size_t i, n;
2726  unsigned char c;
2727  const x509_name *name;
2728  char s[128], *p;
2729 
2730  memset( s, 0, sizeof( s ) );
2731 
2732  name = dn;
2733  p = buf;
2734  n = size;
2735 
2736  while( name != NULL )
2737  {
2738  if( !name->oid.p )
2739  {
2740  name = name->next;
2741  continue;
2742  }
2743 
2744  if( name != dn )
2745  {
2746  ret = snprintf( p, n, ", " );
2747  SAFE_SNPRINTF();
2748  }
2749 
2750  if( name->oid.len == 3 &&
2751  memcmp( name->oid.p, OID_X520, 2 ) == 0 )
2752  {
2753  switch( name->oid.p[2] )
2754  {
2755  case X520_COMMON_NAME:
2756  ret = snprintf( p, n, "CN=" ); break;
2757 
2758  case X520_COUNTRY:
2759  ret = snprintf( p, n, "C=" ); break;
2760 
2761  case X520_LOCALITY:
2762  ret = snprintf( p, n, "L=" ); break;
2763 
2764  case X520_STATE:
2765  ret = snprintf( p, n, "ST=" ); break;
2766 
2767  case X520_ORGANIZATION:
2768  ret = snprintf( p, n, "O=" ); break;
2769 
2770  case X520_ORG_UNIT:
2771  ret = snprintf( p, n, "OU=" ); break;
2772 
2773  default:
2774  ret = snprintf( p, n, "0x%02X=",
2775  name->oid.p[2] );
2776  break;
2777  }
2778  SAFE_SNPRINTF();
2779  }
2780  else if( name->oid.len == 9 &&
2781  memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
2782  {
2783  switch( name->oid.p[8] )
2784  {
2785  case PKCS9_EMAIL:
2786  ret = snprintf( p, n, "emailAddress=" ); break;
2787 
2788  default:
2789  ret = snprintf( p, n, "0x%02X=",
2790  name->oid.p[8] );
2791  break;
2792  }
2793  SAFE_SNPRINTF();
2794  }
2795  else
2796  {
2797  ret = snprintf( p, n, "\?\?=" );
2798  SAFE_SNPRINTF();
2799  }
2800 
2801  for( i = 0; i < name->val.len; i++ )
2802  {
2803  if( i >= sizeof( s ) - 1 )
2804  break;
2805 
2806  c = name->val.p[i];
2807  if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2808  s[i] = '?';
2809  else s[i] = c;
2810  }
2811  s[i] = '\0';
2812  ret = snprintf( p, n, "%s", s );
2813  SAFE_SNPRINTF();
2814  name = name->next;
2815  }
2816 
2817  return( (int) ( size - n ) );
2818 }
2819 
2820 /*
2821  * Store the serial in printable form into buf; no more
2822  * than size characters will be written
2823  */
2824 int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
2825 {
2826  int ret;
2827  size_t i, n, nr;
2828  char *p;
2829 
2830  p = buf;
2831  n = size;
2832 
2833  nr = ( serial->len <= 32 )
2834  ? serial->len : 28;
2835 
2836  for( i = 0; i < nr; i++ )
2837  {
2838  if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
2839  continue;
2840 
2841  ret = snprintf( p, n, "%02X%s",
2842  serial->p[i], ( i < nr - 1 ) ? ":" : "" );
2843  SAFE_SNPRINTF();
2844  }
2845 
2846  if( nr != serial->len )
2847  {
2848  ret = snprintf( p, n, "...." );
2849  SAFE_SNPRINTF();
2850  }
2851 
2852  return( (int) ( size - n ) );
2853 }
2854 
2855 /*
2856  * Return an informational string about the certificate.
2857  */
2858 int x509parse_cert_info( char *buf, size_t size, const char *prefix,
2859  const x509_cert *crt )
2860 {
2861  int ret;
2862  size_t n;
2863  char *p;
2864 
2865  p = buf;
2866  n = size;
2867 
2868  ret = snprintf( p, n, "%scert. version : %d\n",
2869  prefix, crt->version );
2870  SAFE_SNPRINTF();
2871  ret = snprintf( p, n, "%sserial number : ",
2872  prefix );
2873  SAFE_SNPRINTF();
2874 
2875  ret = x509parse_serial_gets( p, n, &crt->serial);
2876  SAFE_SNPRINTF();
2877 
2878  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2879  SAFE_SNPRINTF();
2880  ret = x509parse_dn_gets( p, n, &crt->issuer );
2881  SAFE_SNPRINTF();
2882 
2883  ret = snprintf( p, n, "\n%ssubject name : ", prefix );
2884  SAFE_SNPRINTF();
2885  ret = x509parse_dn_gets( p, n, &crt->subject );
2886  SAFE_SNPRINTF();
2887 
2888  ret = snprintf( p, n, "\n%sissued on : " \
2889  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2890  crt->valid_from.year, crt->valid_from.mon,
2891  crt->valid_from.day, crt->valid_from.hour,
2892  crt->valid_from.min, crt->valid_from.sec );
2893  SAFE_SNPRINTF();
2894 
2895  ret = snprintf( p, n, "\n%sexpires on : " \
2896  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2897  crt->valid_to.year, crt->valid_to.mon,
2898  crt->valid_to.day, crt->valid_to.hour,
2899  crt->valid_to.min, crt->valid_to.sec );
2900  SAFE_SNPRINTF();
2901 
2902  ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2903  SAFE_SNPRINTF();
2904 
2905  switch( crt->sig_alg )
2906  {
2907  case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2908  case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2909  case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2910  case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2911  case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2912  case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2913  case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2914  case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2915  default: ret = snprintf( p, n, "???" ); break;
2916  }
2917  SAFE_SNPRINTF();
2918 
2919  ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
2920  (int) crt->rsa.N.n * (int) sizeof( t_uint ) * 8 );
2921  SAFE_SNPRINTF();
2922 
2923  return( (int) ( size - n ) );
2924 }
2925 
2926 /*
2927  * Return an informational string describing the given OID
2928  */
2929 const char *x509_oid_get_description( x509_buf *oid )
2930 {
2931  if ( oid == NULL )
2932  return ( NULL );
2933 
2934  else if( OID_CMP( OID_SERVER_AUTH, oid ) )
2935  return( STRING_SERVER_AUTH );
2936 
2937  else if( OID_CMP( OID_CLIENT_AUTH, oid ) )
2938  return( STRING_CLIENT_AUTH );
2939 
2940  else if( OID_CMP( OID_CODE_SIGNING, oid ) )
2941  return( STRING_CODE_SIGNING );
2942 
2943  else if( OID_CMP( OID_EMAIL_PROTECTION, oid ) )
2944  return( STRING_EMAIL_PROTECTION );
2945 
2946  else if( OID_CMP( OID_TIME_STAMPING, oid ) )
2947  return( STRING_TIME_STAMPING );
2948 
2949  else if( OID_CMP( OID_OCSP_SIGNING, oid ) )
2950  return( STRING_OCSP_SIGNING );
2951 
2952  return( NULL );
2953 }
2954 
2955 /* Return the x.y.z.... style numeric string for the given OID */
2956 int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
2957 {
2958  int ret;
2959  size_t i, n;
2960  unsigned int value;
2961  char *p;
2962 
2963  p = buf;
2964  n = size;
2965 
2966  /* First byte contains first two dots */
2967  if( oid->len > 0 )
2968  {
2969  ret = snprintf( p, n, "%d.%d", oid->p[0]/40, oid->p[0]%40 );
2970  SAFE_SNPRINTF();
2971  }
2972 
2973  /* TODO: value can overflow in value. */
2974  value = 0;
2975  for( i = 1; i < oid->len; i++ )
2976  {
2977  value <<= 7;
2978  value += oid->p[i] & 0x7F;
2979 
2980  if( !( oid->p[i] & 0x80 ) )
2981  {
2982  /* Last byte */
2983  ret = snprintf( p, n, ".%d", value );
2984  SAFE_SNPRINTF();
2985  value = 0;
2986  }
2987  }
2988 
2989  return( (int) ( size - n ) );
2990 }
2991 
2992 /*
2993  * Return an informational string about the CRL.
2994  */
2995 int x509parse_crl_info( char *buf, size_t size, const char *prefix,
2996  const x509_crl *crl )
2997 {
2998  int ret;
2999  size_t n;
3000  char *p;
3001  const x509_crl_entry *entry;
3002 
3003  p = buf;
3004  n = size;
3005 
3006  ret = snprintf( p, n, "%sCRL version : %d",
3007  prefix, crl->version );
3008  SAFE_SNPRINTF();
3009 
3010  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
3011  SAFE_SNPRINTF();
3012  ret = x509parse_dn_gets( p, n, &crl->issuer );
3013  SAFE_SNPRINTF();
3014 
3015  ret = snprintf( p, n, "\n%sthis update : " \
3016  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3017  crl->this_update.year, crl->this_update.mon,
3018  crl->this_update.day, crl->this_update.hour,
3019  crl->this_update.min, crl->this_update.sec );
3020  SAFE_SNPRINTF();
3021 
3022  ret = snprintf( p, n, "\n%snext update : " \
3023  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3024  crl->next_update.year, crl->next_update.mon,
3025  crl->next_update.day, crl->next_update.hour,
3026  crl->next_update.min, crl->next_update.sec );
3027  SAFE_SNPRINTF();
3028 
3029  entry = &crl->entry;
3030 
3031  ret = snprintf( p, n, "\n%sRevoked certificates:",
3032  prefix );
3033  SAFE_SNPRINTF();
3034 
3035  while( entry != NULL && entry->raw.len != 0 )
3036  {
3037  ret = snprintf( p, n, "\n%sserial number: ",
3038  prefix );
3039  SAFE_SNPRINTF();
3040 
3041  ret = x509parse_serial_gets( p, n, &entry->serial);
3042  SAFE_SNPRINTF();
3043 
3044  ret = snprintf( p, n, " revocation date: " \
3045  "%04d-%02d-%02d %02d:%02d:%02d",
3046  entry->revocation_date.year, entry->revocation_date.mon,
3047  entry->revocation_date.day, entry->revocation_date.hour,
3048  entry->revocation_date.min, entry->revocation_date.sec );
3049  SAFE_SNPRINTF();
3050 
3051  entry = entry->next;
3052  }
3053 
3054  ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
3055  SAFE_SNPRINTF();
3056 
3057  switch( crl->sig_alg )
3058  {
3059  case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
3060  case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
3061  case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
3062  case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
3063  case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
3064  case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
3065  case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
3066  case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
3067  default: ret = snprintf( p, n, "???" ); break;
3068  }
3069  SAFE_SNPRINTF();
3070 
3071  ret = snprintf( p, n, "\n" );
3072  SAFE_SNPRINTF();
3073 
3074  return( (int) ( size - n ) );
3075 }
3076 
3077 /*
3078  * Return 0 if the x509_time is still valid, or 1 otherwise.
3079  */
3080 static void x509_get_current_time( x509_time *now )
3081 {
3082 #if defined(_WIN32)
3083  SYSTEMTIME st;
3084 
3085  GetSystemTime(&st);
3086 
3087  now->year = st.wYear;
3088  now->mon = st.wMonth;
3089  now->day = st.wDay;
3090  now->hour = st.wHour;
3091  now->min = st.wMinute;
3092  now->sec = st.wSecond;
3093 #else
3094  struct tm lt;
3095  time_t tt;
3096 
3097  tt = time( NULL );
3098  gmtime_r( &tt, &lt );
3099 
3100  now->year = lt.tm_year + 1900;
3101  now->mon = lt.tm_mon + 1;
3102  now->day = lt.tm_mday;
3103  now->hour = lt.tm_hour;
3104  now->min = lt.tm_min;
3105  now->sec = lt.tm_sec;
3106 #endif
3107 }
3108 
3109 /*
3110  * Return 0 if before <= after, 1 otherwise
3111  */
3112 static int x509_check_time( const x509_time *before, const x509_time *after )
3113 {
3114  if( before->year > after->year )
3115  return( 1 );
3116 
3117  if( before->year == after->year &&
3118  before->mon > after->mon )
3119  return( 1 );
3120 
3121  if( before->year == after->year &&
3122  before->mon == after->mon &&
3123  before->day > after->day )
3124  return( 1 );
3125 
3126  if( before->year == after->year &&
3127  before->mon == after->mon &&
3128  before->day == after->day &&
3129  before->hour > after->hour )
3130  return( 1 );
3131 
3132  if( before->year == after->year &&
3133  before->mon == after->mon &&
3134  before->day == after->day &&
3135  before->hour == after->hour &&
3136  before->min > after->min )
3137  return( 1 );
3138 
3139  if( before->year == after->year &&
3140  before->mon == after->mon &&
3141  before->day == after->day &&
3142  before->hour == after->hour &&
3143  before->min == after->min &&
3144  before->sec > after->sec )
3145  return( 1 );
3146 
3147  return( 0 );
3148 }
3149 
3150 int x509parse_time_expired( const x509_time *to )
3151 {
3152  x509_time now;
3153 
3154  x509_get_current_time( &now );
3155 
3156  return( x509_check_time( &now, to ) );
3157 }
3158 
3159 int x509parse_time_future( const x509_time *from )
3160 {
3161  x509_time now;
3162 
3163  x509_get_current_time( &now );
3164 
3165  return( x509_check_time( from, &now ) );
3166 }
3167 
3168 /*
3169  * Return 1 if the certificate is revoked, or 0 otherwise.
3170  */
3171 int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
3172 {
3173  const x509_crl_entry *cur = &crl->entry;
3174 
3175  while( cur != NULL && cur->serial.len != 0 )
3176  {
3177  if( crt->serial.len == cur->serial.len &&
3178  memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
3179  {
3181  return( 1 );
3182  }
3183 
3184  cur = cur->next;
3185  }
3186 
3187  return( 0 );
3188 }
3189 
3190 /*
3191  * Wrapper for x509 hashes.
3192  */
3193 static void x509_hash( const unsigned char *in, size_t len, int alg,
3194  unsigned char *out )
3195 {
3196  switch( alg )
3197  {
3198 #if defined(POLARSSL_MD2_C)
3199  case SIG_RSA_MD2 : md2( in, len, out ); break;
3200 #endif
3201 #if defined(POLARSSL_MD4_C)
3202  case SIG_RSA_MD4 : md4( in, len, out ); break;
3203 #endif
3204 #if defined(POLARSSL_MD5_C)
3205  case SIG_RSA_MD5 : md5( in, len, out ); break;
3206 #endif
3207 #if defined(POLARSSL_SHA1_C)
3208  case SIG_RSA_SHA1 : sha1( in, len, out ); break;
3209 #endif
3210 #if defined(POLARSSL_SHA2_C)
3211  case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
3212  case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
3213 #endif
3214 #if defined(POLARSSL_SHA4_C)
3215  case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
3216  case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
3217 #endif
3218  default:
3219  memset( out, '\xFF', 64 );
3220  break;
3221  }
3222 }
3223 
3224 /*
3225  * Check that the given certificate is valid accoring to the CRL.
3226  */
3227 static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
3228  x509_crl *crl_list)
3229 {
3230  int flags = 0;
3231  int hash_id;
3232  unsigned char hash[64];
3233 
3234  if( ca == NULL )
3235  return( flags );
3236 
3237  /*
3238  * TODO: What happens if no CRL is present?
3239  * Suggestion: Revocation state should be unknown if no CRL is present.
3240  * For backwards compatibility this is not yet implemented.
3241  */
3242 
3243  while( crl_list != NULL )
3244  {
3245  if( crl_list->version == 0 ||
3246  crl_list->issuer_raw.len != ca->subject_raw.len ||
3247  memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
3248  crl_list->issuer_raw.len ) != 0 )
3249  {
3250  crl_list = crl_list->next;
3251  continue;
3252  }
3253 
3254  /*
3255  * Check if CRL is correctly signed by the trusted CA
3256  */
3257  hash_id = crl_list->sig_alg;
3258 
3259  x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
3260 
3261  if( !rsa_pkcs1_verify( &ca->rsa, NULL, NULL, RSA_PUBLIC, hash_id,
3262  0, hash, crl_list->sig.p ) == 0 )
3263  {
3264  /*
3265  * CRL is not trusted
3266  */
3267  flags |= BADCRL_NOT_TRUSTED;
3268  break;
3269  }
3270 
3271  /*
3272  * Check for validity of CRL (Do not drop out)
3273  */
3274  if( x509parse_time_expired( &crl_list->next_update ) )
3275  flags |= BADCRL_EXPIRED;
3276 
3277  if( x509parse_time_future( &crl_list->this_update ) )
3278  flags |= BADCRL_FUTURE;
3279 
3280  /*
3281  * Check if certificate is revoked
3282  */
3283  if( x509parse_revoked(crt, crl_list) )
3284  {
3285  flags |= BADCERT_REVOKED;
3286  break;
3287  }
3288 
3289  crl_list = crl_list->next;
3290  }
3291  return flags;
3292 }
3293 
3294 // Equal == 0, inequal == 1
3295 static int x509_name_cmp( const void *s1, const void *s2, size_t len )
3296 {
3297  size_t i;
3298  unsigned char diff;
3299  const unsigned char *n1 = s1, *n2 = s2;
3300 
3301  for( i = 0; i < len; i++ )
3302  {
3303  diff = n1[i] ^ n2[i];
3304 
3305  if( diff == 0 )
3306  continue;
3307 
3308  if( diff == 32 &&
3309  ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
3310  ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
3311  {
3312  continue;
3313  }
3314 
3315  return( 1 );
3316  }
3317 
3318  return( 0 );
3319 }
3320 
3321 static int x509_wildcard_verify( const char *cn, x509_buf *name )
3322 {
3323  size_t i;
3324  size_t cn_idx = 0;
3325 
3326  if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
3327  return( 0 );
3328 
3329  for( i = 0; i < strlen( cn ); ++i )
3330  {
3331  if( cn[i] == '.' )
3332  {
3333  cn_idx = i;
3334  break;
3335  }
3336  }
3337 
3338  if( cn_idx == 0 )
3339  return( 0 );
3340 
3341  if( strlen( cn ) - cn_idx == name->len - 1 &&
3342  x509_name_cmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
3343  {
3344  return( 1 );
3345  }
3346 
3347  return( 0 );
3348 }
3349 
3350 static int x509parse_verify_top(
3351  x509_cert *child, x509_cert *trust_ca,
3352  x509_crl *ca_crl, int path_cnt, int *flags,
3353  int (*f_vrfy)(void *, x509_cert *, int, int *),
3354  void *p_vrfy )
3355 {
3356  int hash_id, ret;
3357  int ca_flags = 0, check_path_cnt = path_cnt + 1;
3358  unsigned char hash[64];
3359 
3360  if( x509parse_time_expired( &child->valid_to ) )
3361  *flags |= BADCERT_EXPIRED;
3362 
3363  if( x509parse_time_future( &child->valid_from ) )
3364  *flags |= BADCERT_FUTURE;
3365 
3366  /*
3367  * Child is the top of the chain. Check against the trust_ca list.
3368  */
3369  *flags |= BADCERT_NOT_TRUSTED;
3370 
3371  while( trust_ca != NULL )
3372  {
3373  if( trust_ca->version == 0 ||
3374  child->issuer_raw.len != trust_ca->subject_raw.len ||
3375  memcmp( child->issuer_raw.p, trust_ca->subject_raw.p,
3376  child->issuer_raw.len ) != 0 )
3377  {
3378  trust_ca = trust_ca->next;
3379  continue;
3380  }
3381 
3382  /*
3383  * Reduce path_len to check against if top of the chain is
3384  * the same as the trusted CA
3385  */
3386  if( child->subject_raw.len == trust_ca->subject_raw.len &&
3387  memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
3388  child->issuer_raw.len ) == 0 )
3389  {
3390  check_path_cnt--;
3391  }
3392 
3393  if( trust_ca->max_pathlen > 0 &&
3394  trust_ca->max_pathlen < check_path_cnt )
3395  {
3396  trust_ca = trust_ca->next;
3397  continue;
3398  }
3399 
3400  hash_id = child->sig_alg;
3401 
3402  x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
3403 
3404  if( rsa_pkcs1_verify( &trust_ca->rsa, NULL, NULL, RSA_PUBLIC, hash_id,
3405  0, hash, child->sig.p ) != 0 )
3406  {
3407  trust_ca = trust_ca->next;
3408  continue;
3409  }
3410 
3411  /*
3412  * Top of chain is signed by a trusted CA
3413  */
3414  *flags &= ~BADCERT_NOT_TRUSTED;
3415  break;
3416  }
3417 
3418  /*
3419  * If top of chain is not the same as the trusted CA send a verify request
3420  * to the callback for any issues with validity and CRL presence for the
3421  * trusted CA certificate.
3422  */
3423  if( trust_ca != NULL &&
3424  ( child->subject_raw.len != trust_ca->subject_raw.len ||
3425  memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
3426  child->issuer_raw.len ) != 0 ) )
3427  {
3428  /* Check trusted CA's CRL for then chain's top crt */
3429  *flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
3430 
3431  if( x509parse_time_expired( &trust_ca->valid_to ) )
3432  ca_flags |= BADCERT_EXPIRED;
3433 
3434  if( x509parse_time_future( &trust_ca->valid_from ) )
3435  ca_flags |= BADCERT_FUTURE;
3436 
3437  if( NULL != f_vrfy )
3438  {
3439  if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
3440  return( ret );
3441  }
3442  }
3443 
3444  /* Call callback on top cert */
3445  if( NULL != f_vrfy )
3446  {
3447  if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
3448  return( ret );
3449  }
3450 
3451  *flags |= ca_flags;
3452 
3453  return( 0 );
3454 }
3455 
3456 static int x509parse_verify_child(
3457  x509_cert *child, x509_cert *parent, x509_cert *trust_ca,
3458  x509_crl *ca_crl, int path_cnt, int *flags,
3459  int (*f_vrfy)(void *, x509_cert *, int, int *),
3460  void *p_vrfy )
3461 {
3462  int hash_id, ret;
3463  int parent_flags = 0;
3464  unsigned char hash[64];
3465  x509_cert *grandparent;
3466 
3467  if( x509parse_time_expired( &child->valid_to ) )
3468  *flags |= BADCERT_EXPIRED;
3469 
3470  if( x509parse_time_future( &child->valid_from ) )
3471  *flags |= BADCERT_FUTURE;
3472 
3473  hash_id = child->sig_alg;
3474 
3475  x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
3476 
3477  if( rsa_pkcs1_verify( &parent->rsa, NULL, NULL, RSA_PUBLIC, hash_id, 0,
3478  hash, child->sig.p ) != 0 )
3479  *flags |= BADCERT_NOT_TRUSTED;
3480 
3481  /* Check trusted CA's CRL for the given crt */
3482  *flags |= x509parse_verifycrl(child, parent, ca_crl);
3483 
3484  grandparent = parent->next;
3485 
3486  while( grandparent != NULL )
3487  {
3488  if( grandparent->version == 0 ||
3489  grandparent->ca_istrue == 0 ||
3490  parent->issuer_raw.len != grandparent->subject_raw.len ||
3491  memcmp( parent->issuer_raw.p, grandparent->subject_raw.p,
3492  parent->issuer_raw.len ) != 0 )
3493  {
3494  grandparent = grandparent->next;
3495  continue;
3496  }
3497  break;
3498  }
3499 
3500  if( grandparent != NULL )
3501  {
3502  /*
3503  * Part of the chain
3504  */
3505  ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3506  if( ret != 0 )
3507  return( ret );
3508  }
3509  else
3510  {
3511  ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3512  if( ret != 0 )
3513  return( ret );
3514  }
3515 
3516  /* child is verified to be a child of the parent, call verify callback */
3517  if( NULL != f_vrfy )
3518  if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
3519  return( ret );
3520 
3521  *flags |= parent_flags;
3522 
3523  return( 0 );
3524 }
3525 
3526 /*
3527  * Verify the certificate validity
3528  */
3529 int x509parse_verify( x509_cert *crt,
3530  x509_cert *trust_ca,
3531  x509_crl *ca_crl,
3532  const char *cn, int *flags,
3533  int (*f_vrfy)(void *, x509_cert *, int, int *),
3534  void *p_vrfy )
3535 {
3536  size_t cn_len;
3537  int ret;
3538  int pathlen = 0;
3539  x509_cert *parent;
3540  x509_name *name;
3541  x509_sequence *cur = NULL;
3542 
3543  *flags = 0;
3544 
3545  if( cn != NULL )
3546  {
3547  name = &crt->subject;
3548  cn_len = strlen( cn );
3549 
3550  if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
3551  {
3552  cur = &crt->subject_alt_names;
3553 
3554  while( cur != NULL )
3555  {
3556  if( cur->buf.len == cn_len &&
3557  x509_name_cmp( cn, cur->buf.p, cn_len ) == 0 )
3558  break;
3559 
3560  if( cur->buf.len > 2 &&
3561  memcmp( cur->buf.p, "*.", 2 ) == 0 &&
3562  x509_wildcard_verify( cn, &cur->buf ) )
3563  break;
3564 
3565  cur = cur->next;
3566  }
3567 
3568  if( cur == NULL )
3569  *flags |= BADCERT_CN_MISMATCH;
3570  }
3571  else
3572  {
3573  while( name != NULL )
3574  {
3575  if( name->oid.len == 3 &&
3576  memcmp( name->oid.p, OID_CN, 3 ) == 0 )
3577  {
3578  if( name->val.len == cn_len &&
3579  x509_name_cmp( name->val.p, cn, cn_len ) == 0 )
3580  break;
3581 
3582  if( name->val.len > 2 &&
3583  memcmp( name->val.p, "*.", 2 ) == 0 &&
3584  x509_wildcard_verify( cn, &name->val ) )
3585  break;
3586  }
3587 
3588  name = name->next;
3589  }
3590 
3591  if( name == NULL )
3592  *flags |= BADCERT_CN_MISMATCH;
3593  }
3594  }
3595 
3596  /*
3597  * Iterate upwards in the given cert chain, to find our crt parent.
3598  * Ignore any upper cert with CA != TRUE.
3599  */
3600  parent = crt->next;
3601 
3602  while( parent != NULL && parent->version != 0 )
3603  {
3604  if( parent->ca_istrue == 0 ||
3605  crt->issuer_raw.len != parent->subject_raw.len ||
3606  memcmp( crt->issuer_raw.p, parent->subject_raw.p,
3607  crt->issuer_raw.len ) != 0 )
3608  {
3609  parent = parent->next;
3610  continue;
3611  }
3612  break;
3613  }
3614 
3615  if( parent != NULL )
3616  {
3617  /*
3618  * Part of the chain
3619  */
3620  ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3621  if( ret != 0 )
3622  return( ret );
3623  }
3624  else
3625  {
3626  ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3627  if( ret != 0 )
3628  return( ret );
3629  }
3630 
3631  if( *flags != 0 )
3633 
3634  return( 0 );
3635 }
3636 
3637 /*
3638  * Unallocate all certificate data
3639  */
3640 void x509_free( x509_cert *crt )
3641 {
3642  x509_cert *cert_cur = crt;
3643  x509_cert *cert_prv;
3644  x509_name *name_cur;
3645  x509_name *name_prv;
3646  x509_sequence *seq_cur;
3647  x509_sequence *seq_prv;
3648 
3649  if( crt == NULL )
3650  return;
3651 
3652  do
3653  {
3654  rsa_free( &cert_cur->rsa );
3655 
3656  name_cur = cert_cur->issuer.next;
3657  while( name_cur != NULL )
3658  {
3659  name_prv = name_cur;
3660  name_cur = name_cur->next;
3661  memset( name_prv, 0, sizeof( x509_name ) );
3662  free( name_prv );
3663  }
3664 
3665  name_cur = cert_cur->subject.next;
3666  while( name_cur != NULL )
3667  {
3668  name_prv = name_cur;
3669  name_cur = name_cur->next;
3670  memset( name_prv, 0, sizeof( x509_name ) );
3671  free( name_prv );
3672  }
3673 
3674  seq_cur = cert_cur->ext_key_usage.next;
3675  while( seq_cur != NULL )
3676  {
3677  seq_prv = seq_cur;
3678  seq_cur = seq_cur->next;
3679  memset( seq_prv, 0, sizeof( x509_sequence ) );
3680  free( seq_prv );
3681  }
3682 
3683  seq_cur = cert_cur->subject_alt_names.next;
3684  while( seq_cur != NULL )
3685  {
3686  seq_prv = seq_cur;
3687  seq_cur = seq_cur->next;
3688  memset( seq_prv, 0, sizeof( x509_sequence ) );
3689  free( seq_prv );
3690  }
3691 
3692  if( cert_cur->raw.p != NULL )
3693  {
3694  memset( cert_cur->raw.p, 0, cert_cur->raw.len );
3695  free( cert_cur->raw.p );
3696  }
3697 
3698  cert_cur = cert_cur->next;
3699  }
3700  while( cert_cur != NULL );
3701 
3702  cert_cur = crt;
3703  do
3704  {
3705  cert_prv = cert_cur;
3706  cert_cur = cert_cur->next;
3707 
3708  memset( cert_prv, 0, sizeof( x509_cert ) );
3709  if( cert_prv != crt )
3710  free( cert_prv );
3711  }
3712  while( cert_cur != NULL );
3713 }
3714 
3715 /*
3716  * Unallocate all CRL data
3717  */
3718 void x509_crl_free( x509_crl *crl )
3719 {
3720  x509_crl *crl_cur = crl;
3721  x509_crl *crl_prv;
3722  x509_name *name_cur;
3723  x509_name *name_prv;
3724  x509_crl_entry *entry_cur;
3725  x509_crl_entry *entry_prv;
3726 
3727  if( crl == NULL )
3728  return;
3729 
3730  do
3731  {
3732  name_cur = crl_cur->issuer.next;
3733  while( name_cur != NULL )
3734  {
3735  name_prv = name_cur;
3736  name_cur = name_cur->next;
3737  memset( name_prv, 0, sizeof( x509_name ) );
3738  free( name_prv );
3739  }
3740 
3741  entry_cur = crl_cur->entry.next;
3742  while( entry_cur != NULL )
3743  {
3744  entry_prv = entry_cur;
3745  entry_cur = entry_cur->next;
3746  memset( entry_prv, 0, sizeof( x509_crl_entry ) );
3747  free( entry_prv );
3748  }
3749 
3750  if( crl_cur->raw.p != NULL )
3751  {
3752  memset( crl_cur->raw.p, 0, crl_cur->raw.len );
3753  free( crl_cur->raw.p );
3754  }
3755 
3756  crl_cur = crl_cur->next;
3757  }
3758  while( crl_cur != NULL );
3759 
3760  crl_cur = crl;
3761  do
3762  {
3763  crl_prv = crl_cur;
3764  crl_cur = crl_cur->next;
3765 
3766  memset( crl_prv, 0, sizeof( x509_crl ) );
3767  if( crl_prv != crl )
3768  free( crl_prv );
3769  }
3770  while( crl_cur != NULL );
3771 }
3772 
3773 #if defined(POLARSSL_SELF_TEST)
3774 
3775 #include "polarssl/certs.h"
3776 
3777 /*
3778  * Checkup routine
3779  */
3780 int x509_self_test( int verbose )
3781 {
3782 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3783  int ret;
3784  int flags;
3785  size_t i, j;
3786  x509_cert cacert;
3787  x509_cert clicert;
3788  rsa_context rsa;
3789 #if defined(POLARSSL_DHM_C)
3790  dhm_context dhm;
3791 #endif
3792 
3793  if( verbose != 0 )
3794  printf( " X.509 certificate load: " );
3795 
3796  memset( &clicert, 0, sizeof( x509_cert ) );
3797 
3798  ret = x509parse_crt( &clicert, (const unsigned char *) test_cli_crt,
3799  strlen( test_cli_crt ) );
3800  if( ret != 0 )
3801  {
3802  if( verbose != 0 )
3803  printf( "failed\n" );
3804 
3805  return( ret );
3806  }
3807 
3808  memset( &cacert, 0, sizeof( x509_cert ) );
3809 
3810  ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt,
3811  strlen( test_ca_crt ) );
3812  if( ret != 0 )
3813  {
3814  if( verbose != 0 )
3815  printf( "failed\n" );
3816 
3817  return( ret );
3818  }
3819 
3820  if( verbose != 0 )
3821  printf( "passed\n X.509 private key load: " );
3822 
3823  i = strlen( test_ca_key );
3824  j = strlen( test_ca_pwd );
3825 
3826  rsa_init( &rsa, RSA_PKCS_V15, 0 );
3827 
3828  if( ( ret = x509parse_key( &rsa,
3829  (const unsigned char *) test_ca_key, i,
3830  (const unsigned char *) test_ca_pwd, j ) ) != 0 )
3831  {
3832  if( verbose != 0 )
3833  printf( "failed\n" );
3834 
3835  return( ret );
3836  }
3837 
3838  if( verbose != 0 )
3839  printf( "passed\n X.509 signature verify: ");
3840 
3841  ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
3842  if( ret != 0 )
3843  {
3844  if( verbose != 0 )
3845  printf( "failed\n" );
3846 
3847  return( ret );
3848  }
3849 
3850 #if defined(POLARSSL_DHM_C)
3851  if( verbose != 0 )
3852  printf( "passed\n X.509 DHM parameter load: " );
3853 
3854  i = strlen( test_dhm_params );
3855  j = strlen( test_ca_pwd );
3856 
3857  if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params, i ) ) != 0 )
3858  {
3859  if( verbose != 0 )
3860  printf( "failed\n" );
3861 
3862  return( ret );
3863  }
3864 
3865  if( verbose != 0 )
3866  printf( "passed\n\n" );
3867 #endif
3868 
3869  x509_free( &cacert );
3870  x509_free( &clicert );
3871  rsa_free( &rsa );
3872 #if defined(POLARSSL_DHM_C)
3873  dhm_free( &dhm );
3874 #endif
3875 
3876  return( 0 );
3877 #else
3878  ((void) verbose);
3880 #endif
3881 }
3882 
3883 #endif
3884 
3885 #endif
x509_time valid_to
End time of certificate validity.
Definition: x509.h:307
#define OID_CLIENT_AUTH
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
Definition: x509.h:170
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT
Invalid RSA key tag or value.
Definition: x509.h:60
x509_buf sig
Definition: x509.h:377
#define SIG_RSA_MD5
Definition: rsa.h:51
mpi P
Definition: dhm.h:139
x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509.h:300
#define ASN1_NULL
Definition: asn1.h:75
#define ASN1_PRINTABLE_STRING
Definition: asn1.h:80
int x509parse_crt_der(x509_cert *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
#define STRING_SERVER_AUTH
Definition: x509.h:176
x509_name issuer
The parsed issuer data (named information object).
Definition: x509.h:303
x509_buf tbs
The raw certificate body (DER).
Definition: x509.h:294
x509_buf val
The named value.
Definition: x509.h:270
#define ASN1_UTC_TIME
Definition: asn1.h:83
int asn1_get_sequence_of(unsigned char **p, const unsigned char *end, asn1_sequence *cur, int tag)
Parses and splits an ASN.1 "SEQUENCE OF <tag>" Updated the pointer to immediately behind the full seq...
#define X509_FORMAT_DER
Definition: x509.h:241
#define SIG_RSA_MD4
Definition: rsa.h:50
int max_pathlen
Optional Basic Constraint extension value: The maximum path length to the root certificate.
Definition: x509.h:319
#define ASN1_OID
Definition: asn1.h:76
#define OID_PKCS9
Definition: x509.h:120
#define EXT_KEY_USAGE
Definition: x509.h:221
#define ASN1_GENERALIZED_TIME
Definition: asn1.h:84
unsigned char ns_cert_type
Optional Netscape certificate type extension value: See the values below.
Definition: x509.h:325
int sec
Time.
Definition: x509.h:284
uint32_t t_uint
Definition: bignum.h:146
int version
Definition: x509.h:362
int rsa_check_privkey(const rsa_context *ctx)
Check a private RSA key.
asn1_buf buf
Buffer containing the given ASN.1 item.
Definition: asn1.h:132
#define POLARSSL_ERR_X509_PASSWORD_REQUIRED
Private key password can't be empty.
Definition: x509.h:65
x509_time next_update
Definition: x509.h:370
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:53
int pkcs12_pbe(asn1_buf *pbe_params, int mode, cipher_type_t cipher_type, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for cipher-based and md-based PBE's...
int x509parse_crtfile(x509_cert *chain, const char *path)
Load one or more certificates and add them to the chained list.
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
DHM context structure.
Definition: dhm.h:136
Certificate revocation list entry.
Definition: x509.h:339
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS
The extension tag or value is invalid.
Definition: x509.h:53
x509_buf sig
Signature: hash of the tbs part signed with the private key.
Definition: x509.h:328
#define POLARSSL_ERR_X509_INVALID_INPUT
Input invalid.
Definition: x509.h:62
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT
Format not recognized as DER or PEM.
Definition: x509.h:61
#define EXT_BASIC_CONSTRAINTS
Definition: x509.h:227
x509_name subject
The parsed subject data (named information object).
Definition: x509.h:304
#define X520_STATE
Definition: x509.h:95
#define OID_SERVER_AUTH
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
Definition: x509.h:169
struct _x509_crl * next
Definition: x509.h:380
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
size_t len
ASN1 length, e.g.
Definition: asn1.h:121
x509_buf raw
The raw certificate data (DER).
Definition: x509.h:293
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
Definition: x509.h:55
const char * x509_oid_get_description(x509_buf *oid)
Give an known OID, return its descriptive string.
#define RSA_PUBLIC
Definition: rsa.h:58
Container for date and time (precision in seconds).
Definition: x509.h:281
#define STRING_EMAIL_PROTECTION
Definition: x509.h:179
#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pkcs12.h:39
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION
The certificate version element is invalid.
Definition: x509.h:46
#define ASN1_SEQUENCE
Definition: asn1.h:78
void x509_free(x509_cert *crt)
Unallocate all certificate data.
mpi DQ
Definition: rsa.h:147
x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
Definition: x509.h:323
Configuration options (set of defines)
int rsa_check_pubkey(const rsa_context *ctx)
Check a public RSA key.
void md2(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD2( input buffer )
int pem_read_buffer(pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, size_t pwdlen, size_t *use_len)
Read a buffer for PEM information and store the resulting data into the specified context buffers...
#define ASN1_CONSTRUCTED
Definition: asn1.h:88
#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG
Key algorithm is unsupported (only RSA is supported).
Definition: x509.h:56
#define OID_CN
Definition: x509.h:107
Container for ASN1 named information objects.
Definition: x509.h:267
int x509parse_cert_info(char *buf, size_t size, const char *prefix, const x509_cert *crt)
Returns an informational string about the certificate.
MPI structure.
Definition: bignum.h:164
x509_buf sig_oid2
Definition: x509.h:376
const char test_ca_pwd[]
#define STRING_TIME_STAMPING
Definition: x509.h:180
Container for an X.509 certificate.
Definition: x509.h:291
int x509parse_dhmfile(dhm_context *dhm, const char *path)
Load and parse DHM parameters.
#define OID_PKCS5_PBES2
Definition: pkcs5.h:56
#define BADCRL_NOT_TRUSTED
CRL is not correctly signed by the trusted CA.
Definition: x509.h:78
const char test_ca_crt[]
void md4(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD4( input buffer )
#define POLARSSL_ERR_ASN1_INVALID_LENGTH
Error when trying to determine the length or invalid length.
Definition: asn1.h:52
Container for ASN1 bit strings.
Definition: asn1.h:119
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL
The serial tag or value is invalid.
Definition: x509.h:47
x509_name issuer
The parsed issuer data (named information object).
Definition: x509.h:367
x509_buf serial
Definition: x509.h:343
#define OID_PKCS1_RSA
Definition: x509.h:115
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION
Unsupported RSA key version.
Definition: x509.h:59
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
Definition: asn1.h:94
int x509parse_time_future(const x509_time *time)
Check a given x509_time against the system time and check if it is not from the future.
size_t len
Definition: rsa.h:138
#define OID_KEY_USAGE
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
Definition: x509.h:138
mpi P
Definition: rsa.h:144
x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
Definition: x509.h:372
#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
Definition: pkcs12.h:53
x509_buf sig_oid2
Signature algorithm.
Definition: x509.h:327
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH
Certificate signature algorithms do not match.
Definition: x509.h:57
#define ASN1_SET
Definition: asn1.h:79
int hour
Definition: x509.h:284
mpi Q
Definition: rsa.h:145
#define ASN1_PRIMITIVE
Definition: asn1.h:87
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pkcs5.h:47
int mon
Definition: x509.h:283
Container for a sequence of ASN.1 items.
Definition: asn1.h:130
#define OID_SUBJECT_ALT_NAME
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
Definition: x509.h:141
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can't be empty.
Definition: pem.h:43
#define BADCERT_EXPIRED
The certificate validity has expired.
Definition: x509.h:74
x509_buf sig_oid1
Definition: x509.h:363
void rsa_free(rsa_context *ctx)
Free the components of an RSA key.
int sig_alg
Internal representation of the signature algorithm, e.g.
Definition: x509.h:329
#define BADCERT_FUTURE
The certificate validity starts in the future.
Definition: x509.h:83
unsigned char * p
Raw ASN1 data for the bit string.
Definition: asn1.h:123
RSA context structure.
Definition: rsa.h:135
void pem_init(pem_context *ctx)
PEM context setup.
int x509parse_crt(x509_cert *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
Generic ASN.1 parsing.
mpi D
Definition: rsa.h:143
#define SIG_RSA_SHA512
Definition: rsa.h:56
SHA-384 and SHA-512 cryptographic hash function.
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED
Certificate verification failed, e.g.
Definition: x509.h:58
mpi QP
Definition: rsa.h:148
#define ASN1_BMP_STRING
Definition: asn1.h:86
int x509parse_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is not expired.
Privacy Enhanced Mail (PEM) decoding.
#define OID_PKCS1
Definition: x509.h:114
#define RSA_PKCS_V15
Definition: rsa.h:61
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE
The signature tag or value invalid.
Definition: x509.h:52
mpi N
Definition: rsa.h:140
int pkcs5_pbes2(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
PKCS#5 PBES2 function.
#define SIG_RSA_SHA1
Definition: rsa.h:52
mpi G
Definition: dhm.h:140
#define OID_EXTENDED_KEY_USAGE
id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
Definition: x509.h:147
#define OID_BASIC_CONSTRAINTS
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
Definition: x509.h:144
#define OID_NS_CERT_TYPE
Definition: x509.h:194
SHA-224 and SHA-256 cryptographic hash function.
void x509_crl_free(x509_crl *crl)
Unallocate all CRL data.
#define X520_LOCALITY
Definition: x509.h:94
int x509parse_dhm(dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen)
Parse DHM parameters.
#define ASN1_INTEGER
Definition: asn1.h:72
unsigned char * p
ASN1 data, e.g.
Definition: asn1.h:112
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT
The certificate format is invalid, e.g.
Definition: x509.h:45
int x509parse_crtpath(x509_cert *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list.
int x509parse_crl(x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse one or more CRLs and add them to the chained list.
int x509parse_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
int x509parse_key(rsa_context *rsa, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
Parse a private RSA key.
#define EXT_NS_CERT_TYPE
Definition: x509.h:235
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pem.h:44
int x509_oid_get_numeric_string(char *buf, size_t size, x509_buf *oid)
Give an OID, return a string version of its OID number.
#define X520_COMMON_NAME
Definition: x509.h:92
void pem_free(pem_context *ctx)
PEM context memory freeing.
x509_buf tbs
The raw certificate body (DER).
Definition: x509.h:360
int asn1_get_bool(unsigned char **p, const unsigned char *end, int *val)
Retrieve a boolean ASN.1 tag and its value.
#define STRING_OCSP_SIGNING
Definition: x509.h:181
int x509parse_public_keyfile(rsa_context *rsa, const char *path)
Load and parse a public RSA key.
x509_buf serial
Unique id for certificate issued by a specific CA.
Definition: x509.h:297
struct _x509_crl_entry * next
Definition: x509.h:349
x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
Definition: x509.h:313
#define SIG_RSA_MD2
Definition: rsa.h:49
Diffie-Hellman-Merkle key exchange.
int day
Date.
Definition: x509.h:283
const char test_ca_key[]
x509_time valid_from
Start time of certificate validity.
Definition: x509.h:306
mpi E
Definition: rsa.h:141
int tag
ASN1 type, e.g.
Definition: asn1.h:110
mpi DP
Definition: rsa.h:146
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
Definition: asn1.h:50
#define EXT_EXTENDED_KEY_USAGE
Definition: x509.h:230
x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
Definition: x509.h:312
unsigned char key_usage
Optional key usage extension value: See the values below.
Definition: x509.h:321
#define ASN1_BIT_STRING
Definition: asn1.h:73
X.509 certificate and private key decoding.
int x509parse_crl_info(char *buf, size_t size, const char *prefix, const x509_crl *crl)
Returns an informational string about the CRL.
#define OID_X520
Definition: x509.h:106
int x509parse_public_key(rsa_context *rsa, const unsigned char *key, size_t keylen)
Parse a public RSA key.
#define POLARSSL_ERR_ASN1_MALLOC_FAILED
Memory allocation failed.
Definition: asn1.h:55
#define ASN1_CONTEXT_SPECIFIC
Definition: asn1.h:89
#define BADCERT_NOT_TRUSTED
The certificate is not correctly signed by the trusted CA.
Definition: x509.h:77
struct _x509_cert * next
Next certificate in the CA-chain.
Definition: x509.h:331
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
Definition: x509.h:64
DES block cipher.
#define STRING_CODE_SIGNING
Definition: x509.h:178
PEM context structure.
Definition: pem.h:52
#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
Definition: pkcs12.h:54
#define POLARSSL_ERR_X509_CERT_INVALID_DATE
The date tag or value is invalid.
Definition: x509.h:50
x509_time this_update
Definition: x509.h:369
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:108
#define ASN1_UNIVERSAL_STRING
Definition: asn1.h:85
x509_buf entry_ext
Definition: x509.h:347
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
Certificate or CRL has an unsupported version number.
Definition: x509.h:54
int pkcs12_pbe_sha1_rc4_128(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for pbeWithSHAAnd128BitRC4.
size_t len
ASN1 length, e.g.
Definition: asn1.h:111
#define BADCRL_FUTURE
The CRL is from the future.
Definition: x509.h:84
#define X509_FORMAT_PEM
Definition: x509.h:242
void sha4(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
Output = SHA-512( input buffer )
Sample certificates and DHM parameters for testing.
#define ASN1_IA5_STRING
Definition: asn1.h:82
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY
The pubkey tag or value is invalid (only RSA is supported).
Definition: x509.h:51
#define SIG_RSA_SHA224
Definition: rsa.h:53
#define OID_PKCS12_PBE_SHA1_RC4_128
Definition: pkcs12.h:52
SHA-1 cryptographic hash function.
int year
Definition: x509.h:283
#define BADCERT_REVOKED
The certificate has been revoked (is on a CRL).
Definition: x509.h:75
size_t mpi_size(const mpi *X)
Return the total size in bytes.
int x509parse_revoked(const x509_cert *crt, const x509_crl *crl)
Verify the certificate signature.
#define ASN1_UTF8_STRING
Definition: asn1.h:77
x509_buf raw
Definition: x509.h:341
#define BADCRL_EXPIRED
CRL is expired.
Definition: x509.h:79
x509_buf subject_raw
The raw subject data (DER).
Definition: x509.h:301
#define PKCS5_DECRYPT
Definition: pkcs5.h:49
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
void rsa_init(rsa_context *ctx, int padding, int hash_id)
Initialize an RSA context.
size_t n
Definition: bignum.h:167
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
Definition: x509.h:43
unsigned char * buf
Definition: pem.h:54
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
#define X520_ORGANIZATION
Definition: x509.h:96
Certificate revocation list structure.
Definition: x509.h:357
int asn1_get_bitstring(unsigned char **p, const unsigned char *end, asn1_bitstring *bs)
Retrieve a bitstring ASN.1 tag and its value.
#define POLARSSL_ERR_X509_CERT_INVALID_ALG
The algorithm tag or value is invalid.
Definition: x509.h:48
int min
Definition: x509.h:284
#define SIG_RSA_SHA256
Definition: rsa.h:54
#define OID_TIME_STAMPING
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
Definition: x509.h:173
#define POLARSSL_ERR_X509_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: x509.h:66
#define OID_OCSP_SIGNING
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
Definition: x509.h:174
x509_sequence subject_alt_names
Optional list of Subject Alternative Names (Only dNSName supported).
Definition: x509.h:315
x509_buf v3_ext
Optional X.509 v3 extensions.
Definition: x509.h:314
void dhm_free(dhm_context *ctx)
Free the components of a DHM key.
#define OID_EMAIL_PROTECTION
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
Definition: x509.h:172
x509_buf pk_oid
Subject public key info.
Definition: x509.h:309
#define ASN1_OCTET_STRING
Definition: asn1.h:74
void sha2(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
#define STRING_CLIENT_AUTH
Definition: x509.h:177
#define OID_CODE_SIGNING
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
Definition: x509.h:171
x509_buf raw
The raw certificate data (DER).
Definition: x509.h:359
#define OID_RSA_SHA_OBS
Definition: x509.h:118
#define X520_COUNTRY
Definition: x509.h:93
#define SIG_RSA_SHA384
Definition: rsa.h:55
#define BADCERT_CN_MISMATCH
The certificate Common Name (CN) does not match with the expected CN.
Definition: x509.h:76
int x509_self_test(int verbose)
Checkup routine.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition: pem.h:38
const char test_dhm_params[]
MD4 message digest algorithm (hash function)
x509_time revocation_date
Definition: x509.h:345
int x509parse_verify(x509_cert *crt, x509_cert *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_cert *, int, int *), void *p_vrfy)
Verify the certificate signature.
x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509.h:365
const char test_cli_crt[]
#define X520_ORG_UNIT
Definition: x509.h:97
size_t buflen
Definition: pem.h:55
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
int version
The X.509 version.
Definition: x509.h:296
#define ASN1_T61_STRING
Definition: asn1.h:81
rsa_context rsa
Container for the RSA context.
Definition: x509.h:310
MD5 message digest algorithm (hash function)
#define PKCS12_PBE_DECRYPT
Definition: pkcs12.h:45
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
Definition: x509.h:63
#define PKCS9_EMAIL
Definition: x509.h:98
int ver
Definition: rsa.h:137
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA
Bad input parameters to function.
Definition: pem.h:46
x509_buf crl_ext
Definition: x509.h:374
void md5(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD5( input buffer )
MD2 message digest algorithm (hash function)
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition: asn1.h:51
PKCS#12 Personal Information Exchange Syntax.
int x509parse_keyfile(rsa_context *rsa, const char *path, const char *password)
Load and parse a private RSA key.
int rsa_pkcs1_verify(rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, int hash_id, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
Generic wrapper to perform a PKCS#1 verification using the mode from the context. ...
int x509parse_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
struct _asn1_sequence * next
The next entry in the sequence.
Definition: asn1.h:133
int x509parse_crlfile(x509_crl *chain, const char *path)
Load one or more CRLs and add them to the chained list.
int sig_alg
Definition: x509.h:378
x509_buf sig_oid1
Signature algorithm, e.g.
Definition: x509.h:298
int ca_istrue
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise...
Definition: x509.h:318
struct _x509_name * next
The next named information object.
Definition: x509.h:271
#define POLARSSL_ERR_X509_CERT_INVALID_NAME
The name tag or value is invalid.
Definition: x509.h:49
#define EXT_SUBJECT_ALT_NAME
Definition: x509.h:224
x509_buf oid
The object identifier.
Definition: x509.h:269
int ext_types
Bit string containing detected and parsed extensions.
Definition: x509.h:317