PolarSSL v1.2.10
x509parse.c
Go to the documentation of this file.
1 /*
2  * X.509 certificate and private key decoding
3  *
4  * Copyright (C) 2006-2011, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The ITU-T X.509 standard defines a certificate format for PKI.
27  *
28  * http://www.ietf.org/rfc/rfc3279.txt
29  * http://www.ietf.org/rfc/rfc3280.txt
30  *
31  * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32  *
33  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35  */
36 
37 #include "polarssl/config.h"
38 
39 #if defined(POLARSSL_X509_PARSE_C)
40 
41 #include "polarssl/x509.h"
42 #include "polarssl/asn1.h"
43 #include "polarssl/pem.h"
44 #include "polarssl/des.h"
45 #if defined(POLARSSL_MD2_C)
46 #include "polarssl/md2.h"
47 #endif
48 #if defined(POLARSSL_MD4_C)
49 #include "polarssl/md4.h"
50 #endif
51 #if defined(POLARSSL_MD5_C)
52 #include "polarssl/md5.h"
53 #endif
54 #if defined(POLARSSL_SHA1_C)
55 #include "polarssl/sha1.h"
56 #endif
57 #if defined(POLARSSL_SHA2_C)
58 #include "polarssl/sha2.h"
59 #endif
60 #if defined(POLARSSL_SHA4_C)
61 #include "polarssl/sha4.h"
62 #endif
63 #include "polarssl/dhm.h"
64 #if defined(POLARSSL_PKCS5_C)
65 #include "polarssl/pkcs5.h"
66 #endif
67 #if defined(POLARSSL_PKCS12_C)
68 #include "polarssl/pkcs12.h"
69 #endif
70 
71 #include <string.h>
72 #include <stdlib.h>
73 #if defined(_WIN32)
74 #include <windows.h>
75 #else
76 #include <time.h>
77 #endif
78 
79 #if defined(POLARSSL_FS_IO)
80 #include <stdio.h>
81 #if !defined(_WIN32)
82 #include <sys/types.h>
83 #include <sys/stat.h>
84 #include <dirent.h>
85 #endif
86 #endif
87 
88 /* Compare a given OID string with an OID x509_buf * */
89 #define OID_CMP(oid_str, oid_buf) \
90  ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
91  memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
92 
93 /*
94  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
95  */
96 static int x509_get_version( unsigned char **p,
97  const unsigned char *end,
98  int *ver )
99 {
100  int ret;
101  size_t len;
102 
103  if( ( ret = asn1_get_tag( p, end, &len,
104  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
105  {
107  {
108  *ver = 0;
109  return( 0 );
110  }
111 
112  return( ret );
113  }
114 
115  end = *p + len;
116 
117  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
119 
120  if( *p != end )
123 
124  return( 0 );
125 }
126 
127 /*
128  * Version ::= INTEGER { v1(0), v2(1) }
129  */
130 static int x509_crl_get_version( unsigned char **p,
131  const unsigned char *end,
132  int *ver )
133 {
134  int ret;
135 
136  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
137  {
139  {
140  *ver = 0;
141  return( 0 );
142  }
143 
145  }
146 
147  return( 0 );
148 }
149 
150 /*
151  * CertificateSerialNumber ::= INTEGER
152  */
153 static int x509_get_serial( unsigned char **p,
154  const unsigned char *end,
155  x509_buf *serial )
156 {
157  int ret;
158 
159  if( ( end - *p ) < 1 )
162 
163  if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
164  **p != ASN1_INTEGER )
167 
168  serial->tag = *(*p)++;
169 
170  if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
172 
173  serial->p = *p;
174  *p += serial->len;
175 
176  return( 0 );
177 }
178 
179 /*
180  * AlgorithmIdentifier ::= SEQUENCE {
181  * algorithm OBJECT IDENTIFIER,
182  * parameters ANY DEFINED BY algorithm OPTIONAL }
183  */
184 static int x509_get_alg( unsigned char **p,
185  const unsigned char *end,
186  x509_buf *alg )
187 {
188  int ret;
189  size_t len;
190 
191  if( ( ret = asn1_get_tag( p, end, &len,
192  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
193  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
194 
195  end = *p + len;
196  alg->tag = **p;
197 
198  if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
199  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
200 
201  alg->p = *p;
202  *p += alg->len;
203 
204  if( *p == end )
205  return( 0 );
206 
207  /*
208  * assume the algorithm parameters must be NULL
209  */
210  if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
211  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
212 
213  if( *p != end )
216 
217  return( 0 );
218 }
219 
220 /*
221  * AttributeTypeAndValue ::= SEQUENCE {
222  * type AttributeType,
223  * value AttributeValue }
224  *
225  * AttributeType ::= OBJECT IDENTIFIER
226  *
227  * AttributeValue ::= ANY DEFINED BY AttributeType
228  */
229 static int x509_get_attr_type_value( unsigned char **p,
230  const unsigned char *end,
231  x509_name *cur )
232 {
233  int ret;
234  size_t len;
235  x509_buf *oid;
236  x509_buf *val;
237 
238  if( ( ret = asn1_get_tag( p, end, &len,
239  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
240  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
241 
242  oid = &cur->oid;
243  oid->tag = **p;
244 
245  if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
246  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
247 
248  oid->p = *p;
249  *p += oid->len;
250 
251  if( ( end - *p ) < 1 )
254 
255  if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
256  **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
257  **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
260 
261  val = &cur->val;
262  val->tag = *(*p)++;
263 
264  if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
265  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
266 
267  val->p = *p;
268  *p += val->len;
269 
270  cur->next = NULL;
271 
272  return( 0 );
273 }
274 
275 /*
276  * RelativeDistinguishedName ::=
277  * SET OF AttributeTypeAndValue
278  *
279  * AttributeTypeAndValue ::= SEQUENCE {
280  * type AttributeType,
281  * value AttributeValue }
282  *
283  * AttributeType ::= OBJECT IDENTIFIER
284  *
285  * AttributeValue ::= ANY DEFINED BY AttributeType
286  */
287 static int x509_get_name( unsigned char **p,
288  const unsigned char *end,
289  x509_name *cur )
290 {
291  int ret;
292  size_t len;
293  const unsigned char *end2;
294  x509_name *use;
295 
296  if( ( ret = asn1_get_tag( p, end, &len,
297  ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
298  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
299 
300  end2 = end;
301  end = *p + len;
302  use = cur;
303 
304  do
305  {
306  if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
307  return( ret );
308 
309  if( *p != end )
310  {
311  use->next = (x509_name *) malloc(
312  sizeof( x509_name ) );
313 
314  if( use->next == NULL )
316 
317  memset( use->next, 0, sizeof( x509_name ) );
318 
319  use = use->next;
320  }
321  }
322  while( *p != end );
323 
324  /*
325  * recurse until end of SEQUENCE is reached
326  */
327  if( *p == end2 )
328  return( 0 );
329 
330  cur->next = (x509_name *) malloc(
331  sizeof( x509_name ) );
332 
333  if( cur->next == NULL )
335 
336  memset( cur->next, 0, sizeof( x509_name ) );
337 
338  return( x509_get_name( p, end2, cur->next ) );
339 }
340 
341 /*
342  * Time ::= CHOICE {
343  * utcTime UTCTime,
344  * generalTime GeneralizedTime }
345  */
346 static int x509_get_time( unsigned char **p,
347  const unsigned char *end,
348  x509_time *time )
349 {
350  int ret;
351  size_t len;
352  char date[64];
353  unsigned char tag;
354 
355  if( ( end - *p ) < 1 )
358 
359  tag = **p;
360 
361  if ( tag == ASN1_UTC_TIME )
362  {
363  (*p)++;
364  ret = asn1_get_len( p, end, &len );
365 
366  if( ret != 0 )
367  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
368 
369  memset( date, 0, sizeof( date ) );
370  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
371  len : sizeof( date ) - 1 );
372 
373  if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
374  &time->year, &time->mon, &time->day,
375  &time->hour, &time->min, &time->sec ) < 5 )
377 
378  time->year += 100 * ( time->year < 50 );
379  time->year += 1900;
380 
381  *p += len;
382 
383  return( 0 );
384  }
385  else if ( tag == ASN1_GENERALIZED_TIME )
386  {
387  (*p)++;
388  ret = asn1_get_len( p, end, &len );
389 
390  if( ret != 0 )
391  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
392 
393  memset( date, 0, sizeof( date ) );
394  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
395  len : sizeof( date ) - 1 );
396 
397  if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
398  &time->year, &time->mon, &time->day,
399  &time->hour, &time->min, &time->sec ) < 5 )
401 
402  *p += len;
403 
404  return( 0 );
405  }
406  else
408 }
409 
410 
411 /*
412  * Validity ::= SEQUENCE {
413  * notBefore Time,
414  * notAfter Time }
415  */
416 static int x509_get_dates( unsigned char **p,
417  const unsigned char *end,
418  x509_time *from,
419  x509_time *to )
420 {
421  int ret;
422  size_t len;
423 
424  if( ( ret = asn1_get_tag( p, end, &len,
425  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
426  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
427 
428  end = *p + len;
429 
430  if( ( ret = x509_get_time( p, end, from ) ) != 0 )
431  return( ret );
432 
433  if( ( ret = x509_get_time( p, end, to ) ) != 0 )
434  return( ret );
435 
436  if( *p != end )
439 
440  return( 0 );
441 }
442 
443 /*
444  * SubjectPublicKeyInfo ::= SEQUENCE {
445  * algorithm AlgorithmIdentifier,
446  * subjectPublicKey BIT STRING }
447  */
448 static int x509_get_pubkey( unsigned char **p,
449  const unsigned char *end,
450  x509_buf *pk_alg_oid,
451  mpi *N, mpi *E )
452 {
453  int ret;
454  size_t len;
455  unsigned char *end2;
456 
457  if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
458  return( ret );
459 
460  /*
461  * only RSA public keys handled at this time
462  */
463  if( pk_alg_oid->len != 9 ||
464  memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 )
465  {
467  }
468 
469  if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
471 
472  if( ( end - *p ) < 1 )
475 
476  end2 = *p + len;
477 
478  if( *(*p)++ != 0 )
480 
481  /*
482  * RSAPublicKey ::= SEQUENCE {
483  * modulus INTEGER, -- n
484  * publicExponent INTEGER -- e
485  * }
486  */
487  if( ( ret = asn1_get_tag( p, end2, &len,
488  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
490 
491  if( *p + len != end2 )
494 
495  if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
496  ( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
498 
499  if( *p != end )
502 
503  return( 0 );
504 }
505 
506 static int x509_get_sig( unsigned char **p,
507  const unsigned char *end,
508  x509_buf *sig )
509 {
510  int ret;
511  size_t len;
512 
513  if( ( end - *p ) < 1 )
516 
517  sig->tag = **p;
518 
519  if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
521 
522 
523  if( --len < 1 || *(*p)++ != 0 )
525 
526  sig->len = len;
527  sig->p = *p;
528 
529  *p += len;
530 
531  return( 0 );
532 }
533 
534 /*
535  * X.509 v2/v3 unique identifier (not parsed)
536  */
537 static int x509_get_uid( unsigned char **p,
538  const unsigned char *end,
539  x509_buf *uid, int n )
540 {
541  int ret;
542 
543  if( *p == end )
544  return( 0 );
545 
546  uid->tag = **p;
547 
548  if( ( ret = asn1_get_tag( p, end, &uid->len,
549  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 )
550  {
552  return( 0 );
553 
554  return( ret );
555  }
556 
557  uid->p = *p;
558  *p += uid->len;
559 
560  return( 0 );
561 }
562 
563 /*
564  * X.509 Extensions (No parsing of extensions, pointer should
565  * be either manually updated or extensions should be parsed!
566  */
567 static int x509_get_ext( unsigned char **p,
568  const unsigned char *end,
569  x509_buf *ext, int tag )
570 {
571  int ret;
572  size_t len;
573 
574  if( *p == end )
575  return( 0 );
576 
577  ext->tag = **p;
578 
579  if( ( ret = asn1_get_tag( p, end, &ext->len,
580  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
581  return( ret );
582 
583  ext->p = *p;
584  end = *p + ext->len;
585 
586  /*
587  * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
588  *
589  * Extension ::= SEQUENCE {
590  * extnID OBJECT IDENTIFIER,
591  * critical BOOLEAN DEFAULT FALSE,
592  * extnValue OCTET STRING }
593  */
594  if( ( ret = asn1_get_tag( p, end, &len,
595  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
597 
598  if( end != *p + len )
601 
602  return( 0 );
603 }
604 
605 /*
606  * X.509 CRL v2 extensions (no extensions parsed yet.)
607  */
608 static int x509_get_crl_ext( unsigned char **p,
609  const unsigned char *end,
610  x509_buf *ext )
611 {
612  int ret;
613  size_t len = 0;
614 
615  /* Get explicit tag */
616  if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
617  {
619  return( 0 );
620 
621  return( ret );
622  }
623 
624  while( *p < end )
625  {
626  if( ( ret = asn1_get_tag( p, end, &len,
627  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
629 
630  *p += len;
631  }
632 
633  if( *p != end )
636 
637  return( 0 );
638 }
639 
640 /*
641  * X.509 CRL v2 entry extensions (no extensions parsed yet.)
642  */
643 static int x509_get_crl_entry_ext( unsigned char **p,
644  const unsigned char *end,
645  x509_buf *ext )
646 {
647  int ret;
648  size_t len = 0;
649 
650  /* OPTIONAL */
651  if (end <= *p)
652  return( 0 );
653 
654  ext->tag = **p;
655  ext->p = *p;
656 
657  /*
658  * Get CRL-entry extension sequence header
659  * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
660  */
661  if( ( ret = asn1_get_tag( p, end, &ext->len,
662  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
663  {
665  {
666  ext->p = NULL;
667  return( 0 );
668  }
670  }
671 
672  end = *p + ext->len;
673 
674  if( end != *p + ext->len )
677 
678  while( *p < end )
679  {
680  if( ( ret = asn1_get_tag( p, end, &len,
681  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
683 
684  *p += len;
685  }
686 
687  if( *p != end )
690 
691  return( 0 );
692 }
693 
694 static int x509_get_basic_constraints( unsigned char **p,
695  const unsigned char *end,
696  int *ca_istrue,
697  int *max_pathlen )
698 {
699  int ret;
700  size_t len;
701 
702  /*
703  * BasicConstraints ::= SEQUENCE {
704  * cA BOOLEAN DEFAULT FALSE,
705  * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
706  */
707  *ca_istrue = 0; /* DEFAULT FALSE */
708  *max_pathlen = 0; /* endless */
709 
710  if( ( ret = asn1_get_tag( p, end, &len,
711  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
713 
714  if( *p == end )
715  return 0;
716 
717  if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
718  {
720  ret = asn1_get_int( p, end, ca_istrue );
721 
722  if( ret != 0 )
724 
725  if( *ca_istrue != 0 )
726  *ca_istrue = 1;
727  }
728 
729  if( *p == end )
730  return 0;
731 
732  if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
734 
735  if( *p != end )
738 
739  (*max_pathlen)++;
740 
741  return 0;
742 }
743 
744 static int x509_get_ns_cert_type( unsigned char **p,
745  const unsigned char *end,
746  unsigned char *ns_cert_type)
747 {
748  int ret;
749  x509_bitstring bs = { 0, 0, NULL };
750 
751  if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
753 
754  if( bs.len != 1 )
757 
758  /* Get actual bitstring */
759  *ns_cert_type = *bs.p;
760  return 0;
761 }
762 
763 static int x509_get_key_usage( unsigned char **p,
764  const unsigned char *end,
765  unsigned char *key_usage)
766 {
767  int ret;
768  x509_bitstring bs = { 0, 0, NULL };
769 
770  if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
772 
773  if( bs.len < 1 )
776 
777  /* Get actual bitstring */
778  *key_usage = *bs.p;
779  return 0;
780 }
781 
782 /*
783  * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
784  *
785  * KeyPurposeId ::= OBJECT IDENTIFIER
786  */
787 static int x509_get_ext_key_usage( unsigned char **p,
788  const unsigned char *end,
789  x509_sequence *ext_key_usage)
790 {
791  int ret;
792 
793  if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
795 
796  /* Sequence length must be >= 1 */
797  if( ext_key_usage->buf.p == NULL )
800 
801  return 0;
802 }
803 
804 /*
805  * SubjectAltName ::= GeneralNames
806  *
807  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
808  *
809  * GeneralName ::= CHOICE {
810  * otherName [0] OtherName,
811  * rfc822Name [1] IA5String,
812  * dNSName [2] IA5String,
813  * x400Address [3] ORAddress,
814  * directoryName [4] Name,
815  * ediPartyName [5] EDIPartyName,
816  * uniformResourceIdentifier [6] IA5String,
817  * iPAddress [7] OCTET STRING,
818  * registeredID [8] OBJECT IDENTIFIER }
819  *
820  * OtherName ::= SEQUENCE {
821  * type-id OBJECT IDENTIFIER,
822  * value [0] EXPLICIT ANY DEFINED BY type-id }
823  *
824  * EDIPartyName ::= SEQUENCE {
825  * nameAssigner [0] DirectoryString OPTIONAL,
826  * partyName [1] DirectoryString }
827  *
828  * NOTE: PolarSSL only parses and uses dNSName at this point.
829  */
830 static int x509_get_subject_alt_name( unsigned char **p,
831  const unsigned char *end,
832  x509_sequence *subject_alt_name )
833 {
834  int ret;
835  size_t len, tag_len;
836  asn1_buf *buf;
837  unsigned char tag;
838  asn1_sequence *cur = subject_alt_name;
839 
840  /* Get main sequence tag */
841  if( ( ret = asn1_get_tag( p, end, &len,
842  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
844 
845  if( *p + len != end )
848 
849  while( *p < end )
850  {
851  if( ( end - *p ) < 1 )
854 
855  tag = **p;
856  (*p)++;
857  if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
859 
860  if( ( tag & ASN1_CONTEXT_SPECIFIC ) != ASN1_CONTEXT_SPECIFIC )
863 
864  if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
865  {
866  *p += tag_len;
867  continue;
868  }
869 
870  buf = &(cur->buf);
871  buf->tag = tag;
872  buf->p = *p;
873  buf->len = tag_len;
874  *p += buf->len;
875 
876  /* Allocate and assign next pointer */
877  if (*p < end)
878  {
879  cur->next = (asn1_sequence *) malloc(
880  sizeof( asn1_sequence ) );
881 
882  if( cur->next == NULL )
885 
886  memset( cur->next, 0, sizeof( asn1_sequence ) );
887  cur = cur->next;
888  }
889  }
890 
891  /* Set final sequence entry's next pointer to NULL */
892  cur->next = NULL;
893 
894  if( *p != end )
897 
898  return( 0 );
899 }
900 
901 /*
902  * X.509 v3 extensions
903  *
904  * TODO: Perform all of the basic constraints tests required by the RFC
905  * TODO: Set values for undetected extensions to a sane default?
906  *
907  */
908 static int x509_get_crt_ext( unsigned char **p,
909  const unsigned char *end,
910  x509_cert *crt )
911 {
912  int ret;
913  size_t len;
914  unsigned char *end_ext_data, *end_ext_octet;
915 
916  if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
917  {
919  return( 0 );
920 
921  return( ret );
922  }
923 
924  while( *p < end )
925  {
926  /*
927  * Extension ::= SEQUENCE {
928  * extnID OBJECT IDENTIFIER,
929  * critical BOOLEAN DEFAULT FALSE,
930  * extnValue OCTET STRING }
931  */
932  x509_buf extn_oid = {0, 0, NULL};
933  int is_critical = 0; /* DEFAULT FALSE */
934 
935  if( ( ret = asn1_get_tag( p, end, &len,
936  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
938 
939  end_ext_data = *p + len;
940 
941  /* Get extension ID */
942  extn_oid.tag = **p;
943 
944  if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
946 
947  extn_oid.p = *p;
948  *p += extn_oid.len;
949 
950  if( ( end - *p ) < 1 )
953 
954  /* Get optional critical */
955  if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
958 
959  /* Data should be octet string type */
960  if( ( ret = asn1_get_tag( p, end_ext_data, &len,
961  ASN1_OCTET_STRING ) ) != 0 )
963 
964  end_ext_octet = *p + len;
965 
966  if( end_ext_octet != end_ext_data )
969 
970  /*
971  * Detect supported extensions
972  */
973  if( ( OID_SIZE( OID_BASIC_CONSTRAINTS ) == extn_oid.len ) &&
974  memcmp( extn_oid.p, OID_BASIC_CONSTRAINTS, extn_oid.len ) == 0 )
975  {
976  /* Parse basic constraints */
977  if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
978  &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
979  return ( ret );
981  }
982  else if( ( OID_SIZE( OID_NS_CERT_TYPE ) == extn_oid.len ) &&
983  memcmp( extn_oid.p, OID_NS_CERT_TYPE, extn_oid.len ) == 0 )
984  {
985  /* Parse netscape certificate type */
986  if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
987  &crt->ns_cert_type ) ) != 0 )
988  return ( ret );
989  crt->ext_types |= EXT_NS_CERT_TYPE;
990  }
991  else if( ( OID_SIZE( OID_KEY_USAGE ) == extn_oid.len ) &&
992  memcmp( extn_oid.p, OID_KEY_USAGE, extn_oid.len ) == 0 )
993  {
994  /* Parse key usage */
995  if( ( ret = x509_get_key_usage( p, end_ext_octet,
996  &crt->key_usage ) ) != 0 )
997  return ( ret );
998  crt->ext_types |= EXT_KEY_USAGE;
999  }
1000  else if( ( OID_SIZE( OID_EXTENDED_KEY_USAGE ) == extn_oid.len ) &&
1001  memcmp( extn_oid.p, OID_EXTENDED_KEY_USAGE, extn_oid.len ) == 0 )
1002  {
1003  /* Parse extended key usage */
1004  if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
1005  &crt->ext_key_usage ) ) != 0 )
1006  return ( ret );
1008  }
1009  else if( ( OID_SIZE( OID_SUBJECT_ALT_NAME ) == extn_oid.len ) &&
1010  memcmp( extn_oid.p, OID_SUBJECT_ALT_NAME, extn_oid.len ) == 0 )
1011  {
1012  /* Parse extended key usage */
1013  if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
1014  &crt->subject_alt_names ) ) != 0 )
1015  return ( ret );
1017  }
1018  else
1019  {
1020  /* No parser found, skip extension */
1021  *p = end_ext_octet;
1022 
1023 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1024  if( is_critical )
1025  {
1026  /* Data is marked as critical: fail */
1029  }
1030 #endif
1031  }
1032  }
1033 
1034  if( *p != end )
1037 
1038  return( 0 );
1039 }
1040 
1041 /*
1042  * X.509 CRL Entries
1043  */
1044 static int x509_get_entries( unsigned char **p,
1045  const unsigned char *end,
1047 {
1048  int ret;
1049  size_t entry_len;
1050  x509_crl_entry *cur_entry = entry;
1051 
1052  if( *p == end )
1053  return( 0 );
1054 
1055  if( ( ret = asn1_get_tag( p, end, &entry_len,
1056  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
1057  {
1059  return( 0 );
1060 
1061  return( ret );
1062  }
1063 
1064  end = *p + entry_len;
1065 
1066  while( *p < end )
1067  {
1068  size_t len2;
1069  const unsigned char *end2;
1070 
1071  if( ( ret = asn1_get_tag( p, end, &len2,
1072  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
1073  {
1074  return( ret );
1075  }
1076 
1077  cur_entry->raw.tag = **p;
1078  cur_entry->raw.p = *p;
1079  cur_entry->raw.len = len2;
1080  end2 = *p + len2;
1081 
1082  if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
1083  return( ret );
1084 
1085  if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
1086  return( ret );
1087 
1088  if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
1089  return( ret );
1090 
1091  if ( *p < end )
1092  {
1093  cur_entry->next = malloc( sizeof( x509_crl_entry ) );
1094 
1095  if( cur_entry->next == NULL )
1097 
1098  cur_entry = cur_entry->next;
1099  memset( cur_entry, 0, sizeof( x509_crl_entry ) );
1100  }
1101  }
1102 
1103  return( 0 );
1104 }
1105 
1106 static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
1107 {
1108  if( sig_oid->len == 9 &&
1109  memcmp( sig_oid->p, OID_PKCS1, 8 ) == 0 )
1110  {
1111  if( sig_oid->p[8] >= 2 && sig_oid->p[8] <= 5 )
1112  {
1113  *sig_alg = sig_oid->p[8];
1114  return( 0 );
1115  }
1116 
1117  if ( sig_oid->p[8] >= 11 && sig_oid->p[8] <= 14 )
1118  {
1119  *sig_alg = sig_oid->p[8];
1120  return( 0 );
1121  }
1122 
1124  }
1125  if( sig_oid->len == 5 &&
1126  memcmp( sig_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
1127  {
1128  *sig_alg = SIG_RSA_SHA1;
1129  return( 0 );
1130  }
1131 
1133 }
1134 
1135 /*
1136  * Parse and fill a single X.509 certificate in DER format
1137  */
1138 int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
1139  size_t buflen )
1140 {
1141  int ret;
1142  size_t len;
1143  unsigned char *p, *end, *crt_end;
1144 
1145  /*
1146  * Check for valid input
1147  */
1148  if( crt == NULL || buf == NULL )
1150 
1151  p = (unsigned char *) malloc( len = buflen );
1152 
1153  if( p == NULL )
1155 
1156  memcpy( p, buf, buflen );
1157 
1158  buflen = 0;
1159 
1160  crt->raw.p = p;
1161  crt->raw.len = len;
1162  end = p + len;
1163 
1164  /*
1165  * Certificate ::= SEQUENCE {
1166  * tbsCertificate TBSCertificate,
1167  * signatureAlgorithm AlgorithmIdentifier,
1168  * signatureValue BIT STRING }
1169  */
1170  if( ( ret = asn1_get_tag( &p, end, &len,
1171  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1172  {
1173  x509_free( crt );
1175  }
1176 
1177  if( len > (size_t) ( end - p ) )
1178  {
1179  x509_free( crt );
1182  }
1183  crt_end = p + len;
1184 
1185  /*
1186  * TBSCertificate ::= SEQUENCE {
1187  */
1188  crt->tbs.p = p;
1189 
1190  if( ( ret = asn1_get_tag( &p, end, &len,
1191  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1192  {
1193  x509_free( crt );
1194  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1195  }
1196 
1197  end = p + len;
1198  crt->tbs.len = end - crt->tbs.p;
1199 
1200  /*
1201  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1202  *
1203  * CertificateSerialNumber ::= INTEGER
1204  *
1205  * signature AlgorithmIdentifier
1206  */
1207  if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
1208  ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
1209  ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
1210  {
1211  x509_free( crt );
1212  return( ret );
1213  }
1214 
1215  crt->version++;
1216 
1217  if( crt->version > 3 )
1218  {
1219  x509_free( crt );
1221  }
1222 
1223  if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_alg ) ) != 0 )
1224  {
1225  x509_free( crt );
1226  return( ret );
1227  }
1228 
1229  /*
1230  * issuer Name
1231  */
1232  crt->issuer_raw.p = p;
1233 
1234  if( ( ret = asn1_get_tag( &p, end, &len,
1235  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1236  {
1237  x509_free( crt );
1238  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1239  }
1240 
1241  if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
1242  {
1243  x509_free( crt );
1244  return( ret );
1245  }
1246 
1247  crt->issuer_raw.len = p - crt->issuer_raw.p;
1248 
1249  /*
1250  * Validity ::= SEQUENCE {
1251  * notBefore Time,
1252  * notAfter Time }
1253  *
1254  */
1255  if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
1256  &crt->valid_to ) ) != 0 )
1257  {
1258  x509_free( crt );
1259  return( ret );
1260  }
1261 
1262  /*
1263  * subject Name
1264  */
1265  crt->subject_raw.p = p;
1266 
1267  if( ( ret = asn1_get_tag( &p, end, &len,
1268  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1269  {
1270  x509_free( crt );
1271  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1272  }
1273 
1274  if( len && ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
1275  {
1276  x509_free( crt );
1277  return( ret );
1278  }
1279 
1280  crt->subject_raw.len = p - crt->subject_raw.p;
1281 
1282  /*
1283  * SubjectPublicKeyInfo ::= SEQUENCE
1284  * algorithm AlgorithmIdentifier,
1285  * subjectPublicKey BIT STRING }
1286  */
1287  if( ( ret = asn1_get_tag( &p, end, &len,
1288  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1289  {
1290  x509_free( crt );
1291  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1292  }
1293 
1294  if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
1295  &crt->rsa.N, &crt->rsa.E ) ) != 0 )
1296  {
1297  x509_free( crt );
1298  return( ret );
1299  }
1300 
1301  if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
1302  {
1303  x509_free( crt );
1304  return( ret );
1305  }
1306 
1307  crt->rsa.len = mpi_size( &crt->rsa.N );
1308 
1309  /*
1310  * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1311  * -- If present, version shall be v2 or v3
1312  * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1313  * -- If present, version shall be v2 or v3
1314  * extensions [3] EXPLICIT Extensions OPTIONAL
1315  * -- If present, version shall be v3
1316  */
1317  if( crt->version == 2 || crt->version == 3 )
1318  {
1319  ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1320  if( ret != 0 )
1321  {
1322  x509_free( crt );
1323  return( ret );
1324  }
1325  }
1326 
1327  if( crt->version == 2 || crt->version == 3 )
1328  {
1329  ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1330  if( ret != 0 )
1331  {
1332  x509_free( crt );
1333  return( ret );
1334  }
1335  }
1336 
1337  if( crt->version == 3 )
1338  {
1339  ret = x509_get_crt_ext( &p, end, crt);
1340  if( ret != 0 )
1341  {
1342  x509_free( crt );
1343  return( ret );
1344  }
1345  }
1346 
1347  if( p != end )
1348  {
1349  x509_free( crt );
1352  }
1353 
1354  end = crt_end;
1355 
1356  /*
1357  * signatureAlgorithm AlgorithmIdentifier,
1358  * signatureValue BIT STRING
1359  */
1360  if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
1361  {
1362  x509_free( crt );
1363  return( ret );
1364  }
1365 
1366  if( crt->sig_oid1.len != crt->sig_oid2.len ||
1367  memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
1368  {
1369  x509_free( crt );
1371  }
1372 
1373  if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1374  {
1375  x509_free( crt );
1376  return( ret );
1377  }
1378 
1379  if( p != end )
1380  {
1381  x509_free( crt );
1384  }
1385 
1386  return( 0 );
1387 }
1388 
1389 /*
1390  * Parse one X.509 certificate in DER format from a buffer and add them to a
1391  * chained list
1392  */
1393 int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen )
1394 {
1395  int ret;
1396  x509_cert *crt = chain, *prev = NULL;
1397 
1398  /*
1399  * Check for valid input
1400  */
1401  if( crt == NULL || buf == NULL )
1403 
1404  while( crt->version != 0 && crt->next != NULL )
1405  {
1406  prev = crt;
1407  crt = crt->next;
1408  }
1409 
1410  /*
1411  * Add new certificate on the end of the chain if needed.
1412  */
1413  if ( crt->version != 0 && crt->next == NULL)
1414  {
1415  crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1416 
1417  if( crt->next == NULL )
1419 
1420  prev = crt;
1421  crt = crt->next;
1422  memset( crt, 0, sizeof( x509_cert ) );
1423  }
1424 
1425  if( ( ret = x509parse_crt_der_core( crt, buf, buflen ) ) != 0 )
1426  {
1427  if( prev )
1428  prev->next = NULL;
1429 
1430  if( crt != chain )
1431  free( crt );
1432 
1433  return( ret );
1434  }
1435 
1436  return( 0 );
1437 }
1438 
1439 /*
1440  * Parse one or more PEM certificates from a buffer and add them to the chained list
1441  */
1442 int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
1443 {
1444  int ret, success = 0, first_error = 0, total_failed = 0;
1445  int buf_format = X509_FORMAT_DER;
1446 
1447  /*
1448  * Check for valid input
1449  */
1450  if( chain == NULL || buf == NULL )
1452 
1453  /*
1454  * Determine buffer content. Buffer contains either one DER certificate or
1455  * one or more PEM certificates.
1456  */
1457 #if defined(POLARSSL_PEM_C)
1458  if( strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1459  buf_format = X509_FORMAT_PEM;
1460 #endif
1461 
1462  if( buf_format == X509_FORMAT_DER )
1463  return x509parse_crt_der( chain, buf, buflen );
1464 
1465 #if defined(POLARSSL_PEM_C)
1466  if( buf_format == X509_FORMAT_PEM )
1467  {
1468  pem_context pem;
1469 
1470  while( buflen > 0 )
1471  {
1472  size_t use_len;
1473  pem_init( &pem );
1474 
1475  ret = pem_read_buffer( &pem,
1476  "-----BEGIN CERTIFICATE-----",
1477  "-----END CERTIFICATE-----",
1478  buf, NULL, 0, &use_len );
1479 
1480  if( ret == 0 )
1481  {
1482  /*
1483  * Was PEM encoded
1484  */
1485  buflen -= use_len;
1486  buf += use_len;
1487  }
1488  else if( ret == POLARSSL_ERR_PEM_BAD_INPUT_DATA )
1489  {
1490  return( ret );
1491  }
1493  {
1494  pem_free( &pem );
1495 
1496  /*
1497  * PEM header and footer were found
1498  */
1499  buflen -= use_len;
1500  buf += use_len;
1501 
1502  if( first_error == 0 )
1503  first_error = ret;
1504 
1505  continue;
1506  }
1507  else
1508  break;
1509 
1510  ret = x509parse_crt_der( chain, pem.buf, pem.buflen );
1511 
1512  pem_free( &pem );
1513 
1514  if( ret != 0 )
1515  {
1516  /*
1517  * Quit parsing on a memory error
1518  */
1519  if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
1520  return( ret );
1521 
1522  if( first_error == 0 )
1523  first_error = ret;
1524 
1525  total_failed++;
1526  continue;
1527  }
1528 
1529  success = 1;
1530  }
1531  }
1532 #endif
1533 
1534  if( success )
1535  return( total_failed );
1536  else if( first_error )
1537  return( first_error );
1538  else
1540 }
1541 
1542 /*
1543  * Parse one or more CRLs and add them to the chained list
1544  */
1545 int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
1546 {
1547  int ret;
1548  size_t len;
1549  unsigned char *p, *end;
1550  x509_crl *crl;
1551 #if defined(POLARSSL_PEM_C)
1552  size_t use_len;
1553  pem_context pem;
1554 #endif
1555 
1556  crl = chain;
1557 
1558  /*
1559  * Check for valid input
1560  */
1561  if( crl == NULL || buf == NULL )
1563 
1564  while( crl->version != 0 && crl->next != NULL )
1565  crl = crl->next;
1566 
1567  /*
1568  * Add new CRL on the end of the chain if needed.
1569  */
1570  if ( crl->version != 0 && crl->next == NULL)
1571  {
1572  crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1573 
1574  if( crl->next == NULL )
1575  {
1576  x509_crl_free( crl );
1578  }
1579 
1580  crl = crl->next;
1581  memset( crl, 0, sizeof( x509_crl ) );
1582  }
1583 
1584 #if defined(POLARSSL_PEM_C)
1585  pem_init( &pem );
1586  ret = pem_read_buffer( &pem,
1587  "-----BEGIN X509 CRL-----",
1588  "-----END X509 CRL-----",
1589  buf, NULL, 0, &use_len );
1590 
1591  if( ret == 0 )
1592  {
1593  /*
1594  * Was PEM encoded
1595  */
1596  buflen -= use_len;
1597  buf += use_len;
1598 
1599  /*
1600  * Steal PEM buffer
1601  */
1602  p = pem.buf;
1603  pem.buf = NULL;
1604  len = pem.buflen;
1605  pem_free( &pem );
1606  }
1608  {
1609  pem_free( &pem );
1610  return( ret );
1611  }
1612  else
1613  {
1614  /*
1615  * nope, copy the raw DER data
1616  */
1617  p = (unsigned char *) malloc( len = buflen );
1618 
1619  if( p == NULL )
1621 
1622  memcpy( p, buf, buflen );
1623 
1624  buflen = 0;
1625  }
1626 #else
1627  p = (unsigned char *) malloc( len = buflen );
1628 
1629  if( p == NULL )
1631 
1632  memcpy( p, buf, buflen );
1633 
1634  buflen = 0;
1635 #endif
1636 
1637  crl->raw.p = p;
1638  crl->raw.len = len;
1639  end = p + len;
1640 
1641  /*
1642  * CertificateList ::= SEQUENCE {
1643  * tbsCertList TBSCertList,
1644  * signatureAlgorithm AlgorithmIdentifier,
1645  * signatureValue BIT STRING }
1646  */
1647  if( ( ret = asn1_get_tag( &p, end, &len,
1648  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1649  {
1650  x509_crl_free( crl );
1652  }
1653 
1654  if( len != (size_t) ( end - p ) )
1655  {
1656  x509_crl_free( crl );
1659  }
1660 
1661  /*
1662  * TBSCertList ::= SEQUENCE {
1663  */
1664  crl->tbs.p = p;
1665 
1666  if( ( ret = asn1_get_tag( &p, end, &len,
1667  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1668  {
1669  x509_crl_free( crl );
1670  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1671  }
1672 
1673  end = p + len;
1674  crl->tbs.len = end - crl->tbs.p;
1675 
1676  /*
1677  * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
1678  * -- if present, MUST be v2
1679  *
1680  * signature AlgorithmIdentifier
1681  */
1682  if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
1683  ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
1684  {
1685  x509_crl_free( crl );
1686  return( ret );
1687  }
1688 
1689  crl->version++;
1690 
1691  if( crl->version > 2 )
1692  {
1693  x509_crl_free( crl );
1695  }
1696 
1697  if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_alg ) ) != 0 )
1698  {
1699  x509_crl_free( crl );
1701  }
1702 
1703  /*
1704  * issuer Name
1705  */
1706  crl->issuer_raw.p = p;
1707 
1708  if( ( ret = asn1_get_tag( &p, end, &len,
1709  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1710  {
1711  x509_crl_free( crl );
1712  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1713  }
1714 
1715  if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
1716  {
1717  x509_crl_free( crl );
1718  return( ret );
1719  }
1720 
1721  crl->issuer_raw.len = p - crl->issuer_raw.p;
1722 
1723  /*
1724  * thisUpdate Time
1725  * nextUpdate Time OPTIONAL
1726  */
1727  if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
1728  {
1729  x509_crl_free( crl );
1730  return( ret );
1731  }
1732 
1733  if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
1734  {
1735  if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
1739  {
1740  x509_crl_free( crl );
1741  return( ret );
1742  }
1743  }
1744 
1745  /*
1746  * revokedCertificates SEQUENCE OF SEQUENCE {
1747  * userCertificate CertificateSerialNumber,
1748  * revocationDate Time,
1749  * crlEntryExtensions Extensions OPTIONAL
1750  * -- if present, MUST be v2
1751  * } OPTIONAL
1752  */
1753  if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
1754  {
1755  x509_crl_free( crl );
1756  return( ret );
1757  }
1758 
1759  /*
1760  * crlExtensions EXPLICIT Extensions OPTIONAL
1761  * -- if present, MUST be v2
1762  */
1763  if( crl->version == 2 )
1764  {
1765  ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
1766 
1767  if( ret != 0 )
1768  {
1769  x509_crl_free( crl );
1770  return( ret );
1771  }
1772  }
1773 
1774  if( p != end )
1775  {
1776  x509_crl_free( crl );
1779  }
1780 
1781  end = crl->raw.p + crl->raw.len;
1782 
1783  /*
1784  * signatureAlgorithm AlgorithmIdentifier,
1785  * signatureValue BIT STRING
1786  */
1787  if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
1788  {
1789  x509_crl_free( crl );
1790  return( ret );
1791  }
1792 
1793  if( crl->sig_oid1.len != crl->sig_oid2.len ||
1794  memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
1795  {
1796  x509_crl_free( crl );
1798  }
1799 
1800  if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
1801  {
1802  x509_crl_free( crl );
1803  return( ret );
1804  }
1805 
1806  if( p != end )
1807  {
1808  x509_crl_free( crl );
1811  }
1812 
1813  if( buflen > 0 )
1814  {
1815  crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1816 
1817  if( crl->next == NULL )
1818  {
1819  x509_crl_free( crl );
1821  }
1822 
1823  crl = crl->next;
1824  memset( crl, 0, sizeof( x509_crl ) );
1825 
1826  return( x509parse_crl( crl, buf, buflen ) );
1827  }
1828 
1829  return( 0 );
1830 }
1831 
1832 #if defined(POLARSSL_FS_IO)
1833 /*
1834  * Load all data from a file into a given buffer.
1835  */
1836 int load_file( const char *path, unsigned char **buf, size_t *n )
1837 {
1838  FILE *f;
1839  long size;
1840 
1841  if( ( f = fopen( path, "rb" ) ) == NULL )
1843 
1844  fseek( f, 0, SEEK_END );
1845  if( ( size = ftell( f ) ) == -1 )
1846  {
1847  fclose( f );
1849  }
1850  fseek( f, 0, SEEK_SET );
1851 
1852  *n = (size_t) size;
1853 
1854  if( *n + 1 == 0 ||
1855  ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
1856  {
1857  fclose( f );
1859  }
1860 
1861  if( fread( *buf, 1, *n, f ) != *n )
1862  {
1863  fclose( f );
1864  free( *buf );
1866  }
1867 
1868  fclose( f );
1869 
1870  (*buf)[*n] = '\0';
1871 
1872  return( 0 );
1873 }
1874 
1875 /*
1876  * Load one or more certificates and add them to the chained list
1877  */
1878 int x509parse_crtfile( x509_cert *chain, const char *path )
1879 {
1880  int ret;
1881  size_t n;
1882  unsigned char *buf;
1883 
1884  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1885  return( ret );
1886 
1887  ret = x509parse_crt( chain, buf, n );
1888 
1889  memset( buf, 0, n + 1 );
1890  free( buf );
1891 
1892  return( ret );
1893 }
1894 
1895 int x509parse_crtpath( x509_cert *chain, const char *path )
1896 {
1897  int ret = 0;
1898 #if defined(_WIN32)
1899  int w_ret;
1900  WCHAR szDir[MAX_PATH];
1901  char filename[MAX_PATH];
1902  char *p;
1903  int len = strlen( path );
1904 
1905  WIN32_FIND_DATAW file_data;
1906  HANDLE hFind;
1907 
1908  if( len > MAX_PATH - 3 )
1910 
1911  memset( szDir, 0, sizeof(szDir) );
1912  memset( filename, 0, MAX_PATH );
1913  memcpy( filename, path, len );
1914  filename[len++] = '\\';
1915  p = filename + len;
1916  filename[len++] = '*';
1917 
1918  w_ret = MultiByteToWideChar( CP_ACP, 0, path, len, szDir, MAX_PATH - 3 );
1919 
1920  hFind = FindFirstFileW( szDir, &file_data );
1921  if (hFind == INVALID_HANDLE_VALUE)
1923 
1924  len = MAX_PATH - len;
1925  do
1926  {
1927  memset( p, 0, len );
1928 
1929  if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1930  continue;
1931 
1932  w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1933  lstrlenW(file_data.cFileName),
1934  p, len - 1,
1935  NULL, NULL );
1936 
1937  w_ret = x509parse_crtfile( chain, filename );
1938  if( w_ret < 0 )
1939  ret++;
1940  else
1941  ret += w_ret;
1942  }
1943  while( FindNextFileW( hFind, &file_data ) != 0 );
1944 
1945  if (GetLastError() != ERROR_NO_MORE_FILES)
1947 
1948 cleanup:
1949  FindClose( hFind );
1950 #else
1951  int t_ret, i;
1952  struct stat sb;
1953  struct dirent entry, *result = NULL;
1954  char entry_name[255];
1955  DIR *dir = opendir( path );
1956 
1957  if( dir == NULL)
1959 
1960  while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
1961  {
1962  if( result == NULL )
1963  break;
1964 
1965  snprintf( entry_name, sizeof(entry_name), "%s/%s", path, entry.d_name );
1966 
1967  i = stat( entry_name, &sb );
1968 
1969  if( i == -1 )
1970  {
1971  closedir( dir );
1973  }
1974 
1975  if( !S_ISREG( sb.st_mode ) )
1976  continue;
1977 
1978  // Ignore parse errors
1979  //
1980  t_ret = x509parse_crtfile( chain, entry_name );
1981  if( t_ret < 0 )
1982  ret++;
1983  else
1984  ret += t_ret;
1985  }
1986  closedir( dir );
1987 #endif
1988 
1989  return( ret );
1990 }
1991 
1992 /*
1993  * Load one or more CRLs and add them to the chained list
1994  */
1995 int x509parse_crlfile( x509_crl *chain, const char *path )
1996 {
1997  int ret;
1998  size_t n;
1999  unsigned char *buf;
2000 
2001  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2002  return( ret );
2003 
2004  ret = x509parse_crl( chain, buf, n );
2005 
2006  memset( buf, 0, n + 1 );
2007  free( buf );
2008 
2009  return( ret );
2010 }
2011 
2012 /*
2013  * Load and parse a private RSA key
2014  */
2015 int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
2016 {
2017  int ret;
2018  size_t n;
2019  unsigned char *buf;
2020 
2021  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2022  return( ret );
2023 
2024  if( pwd == NULL )
2025  ret = x509parse_key( rsa, buf, n, NULL, 0 );
2026  else
2027  ret = x509parse_key( rsa, buf, n,
2028  (unsigned char *) pwd, strlen( pwd ) );
2029 
2030  memset( buf, 0, n + 1 );
2031  free( buf );
2032 
2033  return( ret );
2034 }
2035 
2036 /*
2037  * Load and parse a public RSA key
2038  */
2039 int x509parse_public_keyfile( rsa_context *rsa, const char *path )
2040 {
2041  int ret;
2042  size_t n;
2043  unsigned char *buf;
2044 
2045  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2046  return( ret );
2047 
2048  ret = x509parse_public_key( rsa, buf, n );
2049 
2050  memset( buf, 0, n + 1 );
2051  free( buf );
2052 
2053  return( ret );
2054 }
2055 #endif /* POLARSSL_FS_IO */
2056 
2057 /*
2058  * Parse a PKCS#1 encoded private RSA key
2059  */
2060 static int x509parse_key_pkcs1_der( rsa_context *rsa,
2061  const unsigned char *key,
2062  size_t keylen )
2063 {
2064  int ret;
2065  size_t len;
2066  unsigned char *p, *end;
2067 
2068  p = (unsigned char *) key;
2069  end = p + keylen;
2070 
2071  /*
2072  * This function parses the RSAPrivateKey (PKCS#1)
2073  *
2074  * RSAPrivateKey ::= SEQUENCE {
2075  * version Version,
2076  * modulus INTEGER, -- n
2077  * publicExponent INTEGER, -- e
2078  * privateExponent INTEGER, -- d
2079  * prime1 INTEGER, -- p
2080  * prime2 INTEGER, -- q
2081  * exponent1 INTEGER, -- d mod (p-1)
2082  * exponent2 INTEGER, -- d mod (q-1)
2083  * coefficient INTEGER, -- (inverse of q) mod p
2084  * otherPrimeInfos OtherPrimeInfos OPTIONAL
2085  * }
2086  */
2087  if( ( ret = asn1_get_tag( &p, end, &len,
2088  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2089  {
2090  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2091  }
2092 
2093  end = p + len;
2094 
2095  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2096  {
2097  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2098  }
2099 
2100  if( rsa->ver != 0 )
2101  {
2102  return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2103  }
2104 
2105  if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
2106  ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
2107  ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
2108  ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
2109  ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
2110  ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
2111  ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
2112  ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
2113  {
2114  rsa_free( rsa );
2115  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2116  }
2117 
2118  rsa->len = mpi_size( &rsa->N );
2119 
2120  if( p != end )
2121  {
2122  rsa_free( rsa );
2125  }
2126 
2127  if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
2128  {
2129  rsa_free( rsa );
2130  return( ret );
2131  }
2132 
2133  return( 0 );
2134 }
2135 
2136 /*
2137  * Parse an unencrypted PKCS#8 encoded private RSA key
2138  */
2139 static int x509parse_key_pkcs8_unencrypted_der(
2140  rsa_context *rsa,
2141  const unsigned char *key,
2142  size_t keylen )
2143 {
2144  int ret;
2145  size_t len;
2146  unsigned char *p, *end;
2147  x509_buf pk_alg_oid;
2148 
2149  p = (unsigned char *) key;
2150  end = p + keylen;
2151 
2152  /*
2153  * This function parses the PrivatKeyInfo object (PKCS#8)
2154  *
2155  * PrivateKeyInfo ::= SEQUENCE {
2156  * version Version,
2157  * algorithm AlgorithmIdentifier,
2158  * PrivateKey BIT STRING
2159  * }
2160  *
2161  * AlgorithmIdentifier ::= SEQUENCE {
2162  * algorithm OBJECT IDENTIFIER,
2163  * parameters ANY DEFINED BY algorithm OPTIONAL
2164  * }
2165  *
2166  * The PrivateKey BIT STRING is a PKCS#1 RSAPrivateKey
2167  */
2168  if( ( ret = asn1_get_tag( &p, end, &len,
2169  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2170  {
2171  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2172  }
2173 
2174  end = p + len;
2175 
2176  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2177  {
2178  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2179  }
2180 
2181  if( rsa->ver != 0 )
2182  {
2183  return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2184  }
2185 
2186  if( ( ret = x509_get_alg( &p, end, &pk_alg_oid ) ) != 0 )
2187  {
2188  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2189  }
2190 
2191  /*
2192  * only RSA keys handled at this time
2193  */
2194  if( pk_alg_oid.len != 9 ||
2195  memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) != 0 )
2196  {
2198  }
2199 
2200  /*
2201  * Get the OCTET STRING and parse the PKCS#1 format inside
2202  */
2203  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
2204  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2205 
2206  if( ( end - p ) < 1 )
2207  {
2210  }
2211 
2212  end = p + len;
2213 
2214  if( ( ret = x509parse_key_pkcs1_der( rsa, p, end - p ) ) != 0 )
2215  return( ret );
2216 
2217  return( 0 );
2218 }
2219 
2220 /*
2221  * Parse an encrypted PKCS#8 encoded private RSA key
2222  */
2223 static int x509parse_key_pkcs8_encrypted_der(
2224  rsa_context *rsa,
2225  const unsigned char *key,
2226  size_t keylen,
2227  const unsigned char *pwd,
2228  size_t pwdlen )
2229 {
2230  int ret;
2231  size_t len;
2232  unsigned char *p, *end, *end2;
2233  x509_buf pbe_alg_oid, pbe_params;
2234  unsigned char buf[2048];
2235 
2236  memset(buf, 0, 2048);
2237 
2238  p = (unsigned char *) key;
2239  end = p + keylen;
2240 
2241  if( pwdlen == 0 )
2243 
2244  /*
2245  * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
2246  *
2247  * EncryptedPrivateKeyInfo ::= SEQUENCE {
2248  * encryptionAlgorithm EncryptionAlgorithmIdentifier,
2249  * encryptedData EncryptedData
2250  * }
2251  *
2252  * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
2253  *
2254  * EncryptedData ::= OCTET STRING
2255  *
2256  * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
2257  */
2258  if( ( ret = asn1_get_tag( &p, end, &len,
2259  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2260  {
2261  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2262  }
2263 
2264  end = p + len;
2265 
2266  if( ( ret = asn1_get_tag( &p, end, &len,
2267  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2268  {
2269  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2270  }
2271 
2272  end2 = p + len;
2273 
2274  if( ( ret = asn1_get_tag( &p, end, &pbe_alg_oid.len, ASN1_OID ) ) != 0 )
2275  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2276 
2277  pbe_alg_oid.p = p;
2278  p += pbe_alg_oid.len;
2279 
2280  /*
2281  * Store the algorithm parameters
2282  */
2283  pbe_params.p = p;
2284  pbe_params.len = end2 - p;
2285  p += pbe_params.len;
2286 
2287  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
2288  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2289 
2290  // buf has been sized to 2048 bytes
2291  if( len > 2048 )
2293 
2294  /*
2295  * Decrypt EncryptedData with appropriate PDE
2296  */
2297 #if defined(POLARSSL_PKCS12_C)
2298  if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) )
2299  {
2300  if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
2302  pwd, pwdlen, p, len, buf ) ) != 0 )
2303  {
2306 
2307  return( ret );
2308  }
2309  }
2310  else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) )
2311  {
2312  if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
2314  pwd, pwdlen, p, len, buf ) ) != 0 )
2315  {
2318 
2319  return( ret );
2320  }
2321  }
2322  else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
2323  {
2324  if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
2326  pwd, pwdlen,
2327  p, len, buf ) ) != 0 )
2328  {
2329  return( ret );
2330  }
2331 
2332  // Best guess for password mismatch when using RC4. If first tag is
2333  // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
2334  //
2335  if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
2337  }
2338  else
2339 #endif /* POLARSSL_PKCS12_C */
2340 #if defined(POLARSSL_PKCS5_C)
2341  if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
2342  {
2343  if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
2344  p, len, buf ) ) != 0 )
2345  {
2348 
2349  return( ret );
2350  }
2351  }
2352  else
2353 #endif /* POLARSSL_PKCS5_C */
2355 
2356  return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len );
2357 }
2358 
2359 /*
2360  * Parse a private RSA key
2361  */
2362 int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
2363  const unsigned char *pwd, size_t pwdlen )
2364 {
2365  int ret;
2366 
2367 #if defined(POLARSSL_PEM_C)
2368  size_t len;
2369  pem_context pem;
2370 
2371  pem_init( &pem );
2372  ret = pem_read_buffer( &pem,
2373  "-----BEGIN RSA PRIVATE KEY-----",
2374  "-----END RSA PRIVATE KEY-----",
2375  key, pwd, pwdlen, &len );
2376  if( ret == 0 )
2377  {
2378  if( ( ret = x509parse_key_pkcs1_der( rsa, pem.buf, pem.buflen ) ) != 0 )
2379  {
2380  rsa_free( rsa );
2381  }
2382 
2383  pem_free( &pem );
2384  return( ret );
2385  }
2386  else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
2388  else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
2391  return( ret );
2392 
2393  ret = pem_read_buffer( &pem,
2394  "-----BEGIN PRIVATE KEY-----",
2395  "-----END PRIVATE KEY-----",
2396  key, NULL, 0, &len );
2397  if( ret == 0 )
2398  {
2399  if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa,
2400  pem.buf, pem.buflen ) ) != 0 )
2401  {
2402  rsa_free( rsa );
2403  }
2404 
2405  pem_free( &pem );
2406  return( ret );
2407  }
2409  return( ret );
2410 
2411  ret = pem_read_buffer( &pem,
2412  "-----BEGIN ENCRYPTED PRIVATE KEY-----",
2413  "-----END ENCRYPTED PRIVATE KEY-----",
2414  key, NULL, 0, &len );
2415  if( ret == 0 )
2416  {
2417  if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa,
2418  pem.buf, pem.buflen,
2419  pwd, pwdlen ) ) != 0 )
2420  {
2421  rsa_free( rsa );
2422  }
2423 
2424  pem_free( &pem );
2425  return( ret );
2426  }
2428  return( ret );
2429 #else
2430  ((void) pwd);
2431  ((void) pwdlen);
2432 #endif /* POLARSSL_PEM_C */
2433 
2434  // At this point we only know it's not a PEM formatted key. Could be any
2435  // of the known DER encoded private key formats
2436  //
2437  // We try the different DER format parsers to see if one passes without
2438  // error
2439  //
2440  if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, key, keylen,
2441  pwd, pwdlen ) ) == 0 )
2442  {
2443  return( 0 );
2444  }
2445 
2446  rsa_free( rsa );
2447 
2449  {
2450  return( ret );
2451  }
2452 
2453  if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) == 0 )
2454  return( 0 );
2455 
2456  rsa_free( rsa );
2457 
2458  if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) == 0 )
2459  return( 0 );
2460 
2461  rsa_free( rsa );
2462 
2464 }
2465 
2466 /*
2467  * Parse a public RSA key
2468  */
2469 int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t keylen )
2470 {
2471  int ret;
2472  size_t len;
2473  unsigned char *p, *end;
2474  x509_buf alg_oid;
2475 #if defined(POLARSSL_PEM_C)
2476  pem_context pem;
2477 
2478  pem_init( &pem );
2479  ret = pem_read_buffer( &pem,
2480  "-----BEGIN PUBLIC KEY-----",
2481  "-----END PUBLIC KEY-----",
2482  key, NULL, 0, &len );
2483 
2484  if( ret == 0 )
2485  {
2486  /*
2487  * Was PEM encoded
2488  */
2489  keylen = pem.buflen;
2490  }
2492  {
2493  pem_free( &pem );
2494  return( ret );
2495  }
2496 
2497  p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
2498 #else
2499  p = (unsigned char *) key;
2500 #endif
2501  end = p + keylen;
2502 
2503  /*
2504  * PublicKeyInfo ::= SEQUENCE {
2505  * algorithm AlgorithmIdentifier,
2506  * PublicKey BIT STRING
2507  * }
2508  *
2509  * AlgorithmIdentifier ::= SEQUENCE {
2510  * algorithm OBJECT IDENTIFIER,
2511  * parameters ANY DEFINED BY algorithm OPTIONAL
2512  * }
2513  *
2514  * RSAPublicKey ::= SEQUENCE {
2515  * modulus INTEGER, -- n
2516  * publicExponent INTEGER -- e
2517  * }
2518  */
2519 
2520  if( ( ret = asn1_get_tag( &p, end, &len,
2521  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2522  {
2523 #if defined(POLARSSL_PEM_C)
2524  pem_free( &pem );
2525 #endif
2526  rsa_free( rsa );
2527  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
2528  }
2529 
2530  if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->N, &rsa->E ) ) != 0 )
2531  {
2532 #if defined(POLARSSL_PEM_C)
2533  pem_free( &pem );
2534 #endif
2535  rsa_free( rsa );
2536  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2537  }
2538 
2539  if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
2540  {
2541 #if defined(POLARSSL_PEM_C)
2542  pem_free( &pem );
2543 #endif
2544  rsa_free( rsa );
2545  return( ret );
2546  }
2547 
2548  rsa->len = mpi_size( &rsa->N );
2549 
2550 #if defined(POLARSSL_PEM_C)
2551  pem_free( &pem );
2552 #endif
2553 
2554  return( 0 );
2555 }
2556 
2557 #if defined(POLARSSL_DHM_C)
2558 /*
2559  * Parse DHM parameters
2560  */
2561 int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
2562 {
2563  int ret;
2564  size_t len;
2565  unsigned char *p, *end;
2566 #if defined(POLARSSL_PEM_C)
2567  pem_context pem;
2568 
2569  pem_init( &pem );
2570 
2571  ret = pem_read_buffer( &pem,
2572  "-----BEGIN DH PARAMETERS-----",
2573  "-----END DH PARAMETERS-----",
2574  dhmin, NULL, 0, &dhminlen );
2575 
2576  if( ret == 0 )
2577  {
2578  /*
2579  * Was PEM encoded
2580  */
2581  dhminlen = pem.buflen;
2582  }
2584  {
2585  pem_free( &pem );
2586  return( ret );
2587  }
2588 
2589  p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
2590 #else
2591  p = (unsigned char *) dhmin;
2592 #endif
2593  end = p + dhminlen;
2594 
2595  memset( dhm, 0, sizeof( dhm_context ) );
2596 
2597  /*
2598  * DHParams ::= SEQUENCE {
2599  * prime INTEGER, -- P
2600  * generator INTEGER, -- g
2601  * }
2602  */
2603  if( ( ret = asn1_get_tag( &p, end, &len,
2604  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2605  {
2606 #if defined(POLARSSL_PEM_C)
2607  pem_free( &pem );
2608 #endif
2609  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2610  }
2611 
2612  end = p + len;
2613 
2614  if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
2615  ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
2616  {
2617 #if defined(POLARSSL_PEM_C)
2618  pem_free( &pem );
2619 #endif
2620  dhm_free( dhm );
2621  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2622  }
2623 
2624  if( p != end )
2625  {
2626 #if defined(POLARSSL_PEM_C)
2627  pem_free( &pem );
2628 #endif
2629  dhm_free( dhm );
2632  }
2633 
2634 #if defined(POLARSSL_PEM_C)
2635  pem_free( &pem );
2636 #endif
2637 
2638  return( 0 );
2639 }
2640 
2641 #if defined(POLARSSL_FS_IO)
2642 /*
2643  * Load and parse a private RSA key
2644  */
2645 int x509parse_dhmfile( dhm_context *dhm, const char *path )
2646 {
2647  int ret;
2648  size_t n;
2649  unsigned char *buf;
2650 
2651  if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2652  return( ret );
2653 
2654  ret = x509parse_dhm( dhm, buf, n );
2655 
2656  memset( buf, 0, n + 1 );
2657  free( buf );
2658 
2659  return( ret );
2660 }
2661 #endif /* POLARSSL_FS_IO */
2662 #endif /* POLARSSL_DHM_C */
2663 
2664 #if defined _MSC_VER && !defined snprintf
2665 #include <stdarg.h>
2666 
2667 #if !defined vsnprintf
2668 #define vsnprintf _vsnprintf
2669 #endif // vsnprintf
2670 
2671 /*
2672  * Windows _snprintf and _vsnprintf are not compatible to linux versions.
2673  * Result value is not size of buffer needed, but -1 if no fit is possible.
2674  *
2675  * This fuction tries to 'fix' this by at least suggesting enlarging the
2676  * size by 20.
2677  */
2678 int compat_snprintf(char *str, size_t size, const char *format, ...)
2679 {
2680  va_list ap;
2681  int res = -1;
2682 
2683  va_start( ap, format );
2684 
2685  res = vsnprintf( str, size, format, ap );
2686 
2687  va_end( ap );
2688 
2689  // No quick fix possible
2690  if ( res < 0 )
2691  return( (int) size + 20 );
2692 
2693  return res;
2694 }
2695 
2696 #define snprintf compat_snprintf
2697 #endif
2698 
2699 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2700 
2701 #define SAFE_SNPRINTF() \
2702 { \
2703  if( ret == -1 ) \
2704  return( -1 ); \
2705  \
2706  if ( (unsigned int) ret > n ) { \
2707  p[n - 1] = '\0'; \
2708  return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2709  } \
2710  \
2711  n -= (unsigned int) ret; \
2712  p += (unsigned int) ret; \
2713 }
2714 
2715 /*
2716  * Store the name in printable form into buf; no more
2717  * than size characters will be written
2718  */
2719 int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
2720 {
2721  int ret;
2722  size_t i, n;
2723  unsigned char c;
2724  const x509_name *name;
2725  char s[128], *p;
2726 
2727  memset( s, 0, sizeof( s ) );
2728 
2729  name = dn;
2730  p = buf;
2731  n = size;
2732 
2733  while( name != NULL )
2734  {
2735  if( !name->oid.p )
2736  {
2737  name = name->next;
2738  continue;
2739  }
2740 
2741  if( name != dn )
2742  {
2743  ret = snprintf( p, n, ", " );
2744  SAFE_SNPRINTF();
2745  }
2746 
2747  if( name->oid.len == 3 &&
2748  memcmp( name->oid.p, OID_X520, 2 ) == 0 )
2749  {
2750  switch( name->oid.p[2] )
2751  {
2752  case X520_COMMON_NAME:
2753  ret = snprintf( p, n, "CN=" ); break;
2754 
2755  case X520_COUNTRY:
2756  ret = snprintf( p, n, "C=" ); break;
2757 
2758  case X520_LOCALITY:
2759  ret = snprintf( p, n, "L=" ); break;
2760 
2761  case X520_STATE:
2762  ret = snprintf( p, n, "ST=" ); break;
2763 
2764  case X520_ORGANIZATION:
2765  ret = snprintf( p, n, "O=" ); break;
2766 
2767  case X520_ORG_UNIT:
2768  ret = snprintf( p, n, "OU=" ); break;
2769 
2770  default:
2771  ret = snprintf( p, n, "0x%02X=",
2772  name->oid.p[2] );
2773  break;
2774  }
2775  SAFE_SNPRINTF();
2776  }
2777  else if( name->oid.len == 9 &&
2778  memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
2779  {
2780  switch( name->oid.p[8] )
2781  {
2782  case PKCS9_EMAIL:
2783  ret = snprintf( p, n, "emailAddress=" ); break;
2784 
2785  default:
2786  ret = snprintf( p, n, "0x%02X=",
2787  name->oid.p[8] );
2788  break;
2789  }
2790  SAFE_SNPRINTF();
2791  }
2792  else
2793  {
2794  ret = snprintf( p, n, "\?\?=" );
2795  SAFE_SNPRINTF();
2796  }
2797 
2798  for( i = 0; i < name->val.len; i++ )
2799  {
2800  if( i >= sizeof( s ) - 1 )
2801  break;
2802 
2803  c = name->val.p[i];
2804  if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2805  s[i] = '?';
2806  else s[i] = c;
2807  }
2808  s[i] = '\0';
2809  ret = snprintf( p, n, "%s", s );
2810  SAFE_SNPRINTF();
2811  name = name->next;
2812  }
2813 
2814  return( (int) ( size - n ) );
2815 }
2816 
2817 /*
2818  * Store the serial in printable form into buf; no more
2819  * than size characters will be written
2820  */
2821 int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
2822 {
2823  int ret;
2824  size_t i, n, nr;
2825  char *p;
2826 
2827  p = buf;
2828  n = size;
2829 
2830  nr = ( serial->len <= 32 )
2831  ? serial->len : 28;
2832 
2833  for( i = 0; i < nr; i++ )
2834  {
2835  if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
2836  continue;
2837 
2838  ret = snprintf( p, n, "%02X%s",
2839  serial->p[i], ( i < nr - 1 ) ? ":" : "" );
2840  SAFE_SNPRINTF();
2841  }
2842 
2843  if( nr != serial->len )
2844  {
2845  ret = snprintf( p, n, "...." );
2846  SAFE_SNPRINTF();
2847  }
2848 
2849  return( (int) ( size - n ) );
2850 }
2851 
2852 /*
2853  * Return an informational string about the certificate.
2854  */
2855 int x509parse_cert_info( char *buf, size_t size, const char *prefix,
2856  const x509_cert *crt )
2857 {
2858  int ret;
2859  size_t n;
2860  char *p;
2861 
2862  p = buf;
2863  n = size;
2864 
2865  ret = snprintf( p, n, "%scert. version : %d\n",
2866  prefix, crt->version );
2867  SAFE_SNPRINTF();
2868  ret = snprintf( p, n, "%sserial number : ",
2869  prefix );
2870  SAFE_SNPRINTF();
2871 
2872  ret = x509parse_serial_gets( p, n, &crt->serial);
2873  SAFE_SNPRINTF();
2874 
2875  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2876  SAFE_SNPRINTF();
2877  ret = x509parse_dn_gets( p, n, &crt->issuer );
2878  SAFE_SNPRINTF();
2879 
2880  ret = snprintf( p, n, "\n%ssubject name : ", prefix );
2881  SAFE_SNPRINTF();
2882  ret = x509parse_dn_gets( p, n, &crt->subject );
2883  SAFE_SNPRINTF();
2884 
2885  ret = snprintf( p, n, "\n%sissued on : " \
2886  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2887  crt->valid_from.year, crt->valid_from.mon,
2888  crt->valid_from.day, crt->valid_from.hour,
2889  crt->valid_from.min, crt->valid_from.sec );
2890  SAFE_SNPRINTF();
2891 
2892  ret = snprintf( p, n, "\n%sexpires on : " \
2893  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2894  crt->valid_to.year, crt->valid_to.mon,
2895  crt->valid_to.day, crt->valid_to.hour,
2896  crt->valid_to.min, crt->valid_to.sec );
2897  SAFE_SNPRINTF();
2898 
2899  ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2900  SAFE_SNPRINTF();
2901 
2902  switch( crt->sig_alg )
2903  {
2904  case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2905  case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2906  case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2907  case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2908  case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2909  case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2910  case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2911  case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2912  default: ret = snprintf( p, n, "???" ); break;
2913  }
2914  SAFE_SNPRINTF();
2915 
2916  ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
2917  (int) crt->rsa.N.n * (int) sizeof( t_uint ) * 8 );
2918  SAFE_SNPRINTF();
2919 
2920  return( (int) ( size - n ) );
2921 }
2922 
2923 /*
2924  * Return an informational string describing the given OID
2925  */
2926 const char *x509_oid_get_description( x509_buf *oid )
2927 {
2928  if ( oid == NULL )
2929  return ( NULL );
2930 
2931  else if( OID_CMP( OID_SERVER_AUTH, oid ) )
2932  return( STRING_SERVER_AUTH );
2933 
2934  else if( OID_CMP( OID_CLIENT_AUTH, oid ) )
2935  return( STRING_CLIENT_AUTH );
2936 
2937  else if( OID_CMP( OID_CODE_SIGNING, oid ) )
2938  return( STRING_CODE_SIGNING );
2939 
2940  else if( OID_CMP( OID_EMAIL_PROTECTION, oid ) )
2941  return( STRING_EMAIL_PROTECTION );
2942 
2943  else if( OID_CMP( OID_TIME_STAMPING, oid ) )
2944  return( STRING_TIME_STAMPING );
2945 
2946  else if( OID_CMP( OID_OCSP_SIGNING, oid ) )
2947  return( STRING_OCSP_SIGNING );
2948 
2949  return( NULL );
2950 }
2951 
2952 /* Return the x.y.z.... style numeric string for the given OID */
2953 int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
2954 {
2955  int ret;
2956  size_t i, n;
2957  unsigned int value;
2958  char *p;
2959 
2960  p = buf;
2961  n = size;
2962 
2963  /* First byte contains first two dots */
2964  if( oid->len > 0 )
2965  {
2966  ret = snprintf( p, n, "%d.%d", oid->p[0]/40, oid->p[0]%40 );
2967  SAFE_SNPRINTF();
2968  }
2969 
2970  /* TODO: value can overflow in value. */
2971  value = 0;
2972  for( i = 1; i < oid->len; i++ )
2973  {
2974  value <<= 7;
2975  value += oid->p[i] & 0x7F;
2976 
2977  if( !( oid->p[i] & 0x80 ) )
2978  {
2979  /* Last byte */
2980  ret = snprintf( p, n, ".%d", value );
2981  SAFE_SNPRINTF();
2982  value = 0;
2983  }
2984  }
2985 
2986  return( (int) ( size - n ) );
2987 }
2988 
2989 /*
2990  * Return an informational string about the CRL.
2991  */
2992 int x509parse_crl_info( char *buf, size_t size, const char *prefix,
2993  const x509_crl *crl )
2994 {
2995  int ret;
2996  size_t n;
2997  char *p;
2998  const x509_crl_entry *entry;
2999 
3000  p = buf;
3001  n = size;
3002 
3003  ret = snprintf( p, n, "%sCRL version : %d",
3004  prefix, crl->version );
3005  SAFE_SNPRINTF();
3006 
3007  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
3008  SAFE_SNPRINTF();
3009  ret = x509parse_dn_gets( p, n, &crl->issuer );
3010  SAFE_SNPRINTF();
3011 
3012  ret = snprintf( p, n, "\n%sthis update : " \
3013  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3014  crl->this_update.year, crl->this_update.mon,
3015  crl->this_update.day, crl->this_update.hour,
3016  crl->this_update.min, crl->this_update.sec );
3017  SAFE_SNPRINTF();
3018 
3019  ret = snprintf( p, n, "\n%snext update : " \
3020  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3021  crl->next_update.year, crl->next_update.mon,
3022  crl->next_update.day, crl->next_update.hour,
3023  crl->next_update.min, crl->next_update.sec );
3024  SAFE_SNPRINTF();
3025 
3026  entry = &crl->entry;
3027 
3028  ret = snprintf( p, n, "\n%sRevoked certificates:",
3029  prefix );
3030  SAFE_SNPRINTF();
3031 
3032  while( entry != NULL && entry->raw.len != 0 )
3033  {
3034  ret = snprintf( p, n, "\n%sserial number: ",
3035  prefix );
3036  SAFE_SNPRINTF();
3037 
3038  ret = x509parse_serial_gets( p, n, &entry->serial);
3039  SAFE_SNPRINTF();
3040 
3041  ret = snprintf( p, n, " revocation date: " \
3042  "%04d-%02d-%02d %02d:%02d:%02d",
3043  entry->revocation_date.year, entry->revocation_date.mon,
3044  entry->revocation_date.day, entry->revocation_date.hour,
3045  entry->revocation_date.min, entry->revocation_date.sec );
3046  SAFE_SNPRINTF();
3047 
3048  entry = entry->next;
3049  }
3050 
3051  ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
3052  SAFE_SNPRINTF();
3053 
3054  switch( crl->sig_alg )
3055  {
3056  case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
3057  case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
3058  case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
3059  case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
3060  case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
3061  case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
3062  case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
3063  case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
3064  default: ret = snprintf( p, n, "???" ); break;
3065  }
3066  SAFE_SNPRINTF();
3067 
3068  ret = snprintf( p, n, "\n" );
3069  SAFE_SNPRINTF();
3070 
3071  return( (int) ( size - n ) );
3072 }
3073 
3074 /*
3075  * Return 0 if the x509_time is still valid, or 1 otherwise.
3076  */
3077 int x509parse_time_expired( const x509_time *to )
3078 {
3079  int year, mon, day;
3080  int hour, min, sec;
3081 
3082 #if defined(_WIN32)
3083  SYSTEMTIME st;
3084 
3085  GetLocalTime(&st);
3086 
3087  year = st.wYear;
3088  mon = st.wMonth;
3089  day = st.wDay;
3090  hour = st.wHour;
3091  min = st.wMinute;
3092  sec = st.wSecond;
3093 #else
3094  struct tm *lt;
3095  time_t tt;
3096 
3097  tt = time( NULL );
3098  lt = localtime( &tt );
3099 
3100  year = lt->tm_year + 1900;
3101  mon = lt->tm_mon + 1;
3102  day = lt->tm_mday;
3103  hour = lt->tm_hour;
3104  min = lt->tm_min;
3105  sec = lt->tm_sec;
3106 #endif
3107 
3108  if( year > to->year )
3109  return( 1 );
3110 
3111  if( year == to->year &&
3112  mon > to->mon )
3113  return( 1 );
3114 
3115  if( year == to->year &&
3116  mon == to->mon &&
3117  day > to->day )
3118  return( 1 );
3119 
3120  if( year == to->year &&
3121  mon == to->mon &&
3122  day == to->day &&
3123  hour > to->hour )
3124  return( 1 );
3125 
3126  if( year == to->year &&
3127  mon == to->mon &&
3128  day == to->day &&
3129  hour == to->hour &&
3130  min > to->min )
3131  return( 1 );
3132 
3133  if( year == to->year &&
3134  mon == to->mon &&
3135  day == to->day &&
3136  hour == to->hour &&
3137  min == to->min &&
3138  sec > to->sec )
3139  return( 1 );
3140 
3141  return( 0 );
3142 }
3143 
3144 /*
3145  * Return 1 if the certificate is revoked, or 0 otherwise.
3146  */
3147 int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
3148 {
3149  const x509_crl_entry *cur = &crl->entry;
3150 
3151  while( cur != NULL && cur->serial.len != 0 )
3152  {
3153  if( crt->serial.len == cur->serial.len &&
3154  memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
3155  {
3157  return( 1 );
3158  }
3159 
3160  cur = cur->next;
3161  }
3162 
3163  return( 0 );
3164 }
3165 
3166 /*
3167  * Wrapper for x509 hashes.
3168  */
3169 static void x509_hash( const unsigned char *in, size_t len, int alg,
3170  unsigned char *out )
3171 {
3172  switch( alg )
3173  {
3174 #if defined(POLARSSL_MD2_C)
3175  case SIG_RSA_MD2 : md2( in, len, out ); break;
3176 #endif
3177 #if defined(POLARSSL_MD4_C)
3178  case SIG_RSA_MD4 : md4( in, len, out ); break;
3179 #endif
3180 #if defined(POLARSSL_MD5_C)
3181  case SIG_RSA_MD5 : md5( in, len, out ); break;
3182 #endif
3183 #if defined(POLARSSL_SHA1_C)
3184  case SIG_RSA_SHA1 : sha1( in, len, out ); break;
3185 #endif
3186 #if defined(POLARSSL_SHA2_C)
3187  case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
3188  case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
3189 #endif
3190 #if defined(POLARSSL_SHA4_C)
3191  case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
3192  case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
3193 #endif
3194  default:
3195  memset( out, '\xFF', 64 );
3196  break;
3197  }
3198 }
3199 
3200 /*
3201  * Check that the given certificate is valid accoring to the CRL.
3202  */
3203 static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
3204  x509_crl *crl_list)
3205 {
3206  int flags = 0;
3207  int hash_id;
3208  unsigned char hash[64];
3209 
3210  if( ca == NULL )
3211  return( flags );
3212 
3213  /*
3214  * TODO: What happens if no CRL is present?
3215  * Suggestion: Revocation state should be unknown if no CRL is present.
3216  * For backwards compatibility this is not yet implemented.
3217  */
3218 
3219  while( crl_list != NULL )
3220  {
3221  if( crl_list->version == 0 ||
3222  crl_list->issuer_raw.len != ca->subject_raw.len ||
3223  memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
3224  crl_list->issuer_raw.len ) != 0 )
3225  {
3226  crl_list = crl_list->next;
3227  continue;
3228  }
3229 
3230  /*
3231  * Check if CRL is correctly signed by the trusted CA
3232  */
3233  hash_id = crl_list->sig_alg;
3234 
3235  x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
3236 
3237  if( !rsa_pkcs1_verify( &ca->rsa, NULL, NULL, RSA_PUBLIC, hash_id,
3238  0, hash, crl_list->sig.p ) == 0 )
3239  {
3240  /*
3241  * CRL is not trusted
3242  */
3243  flags |= BADCRL_NOT_TRUSTED;
3244  break;
3245  }
3246 
3247  /*
3248  * Check for validity of CRL (Do not drop out)
3249  */
3250  if( x509parse_time_expired( &crl_list->next_update ) )
3251  flags |= BADCRL_EXPIRED;
3252 
3253  /*
3254  * Check if certificate is revoked
3255  */
3256  if( x509parse_revoked(crt, crl_list) )
3257  {
3258  flags |= BADCERT_REVOKED;
3259  break;
3260  }
3261 
3262  crl_list = crl_list->next;
3263  }
3264  return flags;
3265 }
3266 
3267 // Equal == 0, inequal == 1
3268 static int x509_name_cmp( const void *s1, const void *s2, size_t len )
3269 {
3270  size_t i;
3271  unsigned char diff;
3272  const unsigned char *n1 = s1, *n2 = s2;
3273 
3274  for( i = 0; i < len; i++ )
3275  {
3276  diff = n1[i] ^ n2[i];
3277 
3278  if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
3279  continue;
3280 
3281  if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
3282  continue;
3283 
3284  return( 1 );
3285  }
3286 
3287  return( 0 );
3288 }
3289 
3290 int x509_wildcard_verify( const char *cn, x509_buf *name )
3291 {
3292  size_t i;
3293  size_t cn_idx = 0;
3294 
3295  if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
3296  return( 0 );
3297 
3298  for( i = 0; i < strlen( cn ); ++i )
3299  {
3300  if( cn[i] == '.' )
3301  {
3302  cn_idx = i;
3303  break;
3304  }
3305  }
3306 
3307  if( cn_idx == 0 )
3308  return( 0 );
3309 
3310  if( strlen( cn ) - cn_idx == name->len - 1 &&
3311  x509_name_cmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
3312  {
3313  return( 1 );
3314  }
3315 
3316  return( 0 );
3317 }
3318 
3319 static int x509parse_verify_top(
3320  x509_cert *child, x509_cert *trust_ca,
3321  x509_crl *ca_crl, int path_cnt, int *flags,
3322  int (*f_vrfy)(void *, x509_cert *, int, int *),
3323  void *p_vrfy )
3324 {
3325  int hash_id, ret;
3326  int ca_flags = 0, check_path_cnt = path_cnt + 1;
3327  unsigned char hash[64];
3328 
3329  if( x509parse_time_expired( &child->valid_to ) )
3330  *flags |= BADCERT_EXPIRED;
3331 
3332  /*
3333  * Child is the top of the chain. Check against the trust_ca list.
3334  */
3335  *flags |= BADCERT_NOT_TRUSTED;
3336 
3337  while( trust_ca != NULL )
3338  {
3339  if( trust_ca->version == 0 ||
3340  child->issuer_raw.len != trust_ca->subject_raw.len ||
3341  memcmp( child->issuer_raw.p, trust_ca->subject_raw.p,
3342  child->issuer_raw.len ) != 0 )
3343  {
3344  trust_ca = trust_ca->next;
3345  continue;
3346  }
3347 
3348  /*
3349  * Reduce path_len to check against if top of the chain is
3350  * the same as the trusted CA
3351  */
3352  if( child->subject_raw.len == trust_ca->subject_raw.len &&
3353  memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
3354  child->issuer_raw.len ) == 0 )
3355  {
3356  check_path_cnt--;
3357  }
3358 
3359  if( trust_ca->max_pathlen > 0 &&
3360  trust_ca->max_pathlen < check_path_cnt )
3361  {
3362  trust_ca = trust_ca->next;
3363  continue;
3364  }
3365 
3366  hash_id = child->sig_alg;
3367 
3368  x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
3369 
3370  if( rsa_pkcs1_verify( &trust_ca->rsa, NULL, NULL, RSA_PUBLIC, hash_id,
3371  0, hash, child->sig.p ) != 0 )
3372  {
3373  trust_ca = trust_ca->next;
3374  continue;
3375  }
3376 
3377  /*
3378  * Top of chain is signed by a trusted CA
3379  */
3380  *flags &= ~BADCERT_NOT_TRUSTED;
3381  break;
3382  }
3383 
3384  /*
3385  * If top of chain is not the same as the trusted CA send a verify request
3386  * to the callback for any issues with validity and CRL presence for the
3387  * trusted CA certificate.
3388  */
3389  if( trust_ca != NULL &&
3390  ( child->subject_raw.len != trust_ca->subject_raw.len ||
3391  memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
3392  child->issuer_raw.len ) != 0 ) )
3393  {
3394  /* Check trusted CA's CRL for then chain's top crt */
3395  *flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
3396 
3397  if( x509parse_time_expired( &trust_ca->valid_to ) )
3398  ca_flags |= BADCERT_EXPIRED;
3399 
3400  if( NULL != f_vrfy )
3401  {
3402  if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
3403  return( ret );
3404  }
3405  }
3406 
3407  /* Call callback on top cert */
3408  if( NULL != f_vrfy )
3409  {
3410  if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
3411  return( ret );
3412  }
3413 
3414  *flags |= ca_flags;
3415 
3416  return( 0 );
3417 }
3418 
3419 static int x509parse_verify_child(
3420  x509_cert *child, x509_cert *parent, x509_cert *trust_ca,
3421  x509_crl *ca_crl, int path_cnt, int *flags,
3422  int (*f_vrfy)(void *, x509_cert *, int, int *),
3423  void *p_vrfy )
3424 {
3425  int hash_id, ret;
3426  int parent_flags = 0;
3427  unsigned char hash[64];
3428  x509_cert *grandparent;
3429 
3430  if( x509parse_time_expired( &child->valid_to ) )
3431  *flags |= BADCERT_EXPIRED;
3432 
3433  hash_id = child->sig_alg;
3434 
3435  x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
3436 
3437  if( rsa_pkcs1_verify( &parent->rsa, NULL, NULL, RSA_PUBLIC, hash_id, 0,
3438  hash, child->sig.p ) != 0 )
3439  *flags |= BADCERT_NOT_TRUSTED;
3440 
3441  /* Check trusted CA's CRL for the given crt */
3442  *flags |= x509parse_verifycrl(child, parent, ca_crl);
3443 
3444  grandparent = parent->next;
3445 
3446  while( grandparent != NULL )
3447  {
3448  if( grandparent->version == 0 ||
3449  grandparent->ca_istrue == 0 ||
3450  parent->issuer_raw.len != grandparent->subject_raw.len ||
3451  memcmp( parent->issuer_raw.p, grandparent->subject_raw.p,
3452  parent->issuer_raw.len ) != 0 )
3453  {
3454  grandparent = grandparent->next;
3455  continue;
3456  }
3457  break;
3458  }
3459 
3460  if( grandparent != NULL )
3461  {
3462  /*
3463  * Part of the chain
3464  */
3465  ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3466  if( ret != 0 )
3467  return( ret );
3468  }
3469  else
3470  {
3471  ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3472  if( ret != 0 )
3473  return( ret );
3474  }
3475 
3476  /* child is verified to be a child of the parent, call verify callback */
3477  if( NULL != f_vrfy )
3478  if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
3479  return( ret );
3480 
3481  *flags |= parent_flags;
3482 
3483  return( 0 );
3484 }
3485 
3486 /*
3487  * Verify the certificate validity
3488  */
3489 int x509parse_verify( x509_cert *crt,
3490  x509_cert *trust_ca,
3491  x509_crl *ca_crl,
3492  const char *cn, int *flags,
3493  int (*f_vrfy)(void *, x509_cert *, int, int *),
3494  void *p_vrfy )
3495 {
3496  size_t cn_len;
3497  int ret;
3498  int pathlen = 0;
3499  x509_cert *parent;
3500  x509_name *name;
3501  x509_sequence *cur = NULL;
3502 
3503  *flags = 0;
3504 
3505  if( cn != NULL )
3506  {
3507  name = &crt->subject;
3508  cn_len = strlen( cn );
3509 
3510  if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
3511  {
3512  cur = &crt->subject_alt_names;
3513 
3514  while( cur != NULL )
3515  {
3516  if( cur->buf.len == cn_len &&
3517  x509_name_cmp( cn, cur->buf.p, cn_len ) == 0 )
3518  break;
3519 
3520  if( cur->buf.len > 2 &&
3521  memcmp( cur->buf.p, "*.", 2 ) == 0 &&
3522  x509_wildcard_verify( cn, &cur->buf ) )
3523  break;
3524 
3525  cur = cur->next;
3526  }
3527 
3528  if( cur == NULL )
3529  *flags |= BADCERT_CN_MISMATCH;
3530  }
3531  else
3532  {
3533  while( name != NULL )
3534  {
3535  if( name->oid.len == 3 &&
3536  memcmp( name->oid.p, OID_CN, 3 ) == 0 )
3537  {
3538  if( name->val.len == cn_len &&
3539  x509_name_cmp( name->val.p, cn, cn_len ) == 0 )
3540  break;
3541 
3542  if( name->val.len > 2 &&
3543  memcmp( name->val.p, "*.", 2 ) == 0 &&
3544  x509_wildcard_verify( cn, &name->val ) )
3545  break;
3546  }
3547 
3548  name = name->next;
3549  }
3550 
3551  if( name == NULL )
3552  *flags |= BADCERT_CN_MISMATCH;
3553  }
3554  }
3555 
3556  /*
3557  * Iterate upwards in the given cert chain, to find our crt parent.
3558  * Ignore any upper cert with CA != TRUE.
3559  */
3560  parent = crt->next;
3561 
3562  while( parent != NULL && parent->version != 0 )
3563  {
3564  if( parent->ca_istrue == 0 ||
3565  crt->issuer_raw.len != parent->subject_raw.len ||
3566  memcmp( crt->issuer_raw.p, parent->subject_raw.p,
3567  crt->issuer_raw.len ) != 0 )
3568  {
3569  parent = parent->next;
3570  continue;
3571  }
3572  break;
3573  }
3574 
3575  if( parent != NULL )
3576  {
3577  /*
3578  * Part of the chain
3579  */
3580  ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3581  if( ret != 0 )
3582  return( ret );
3583  }
3584  else
3585  {
3586  ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3587  if( ret != 0 )
3588  return( ret );
3589  }
3590 
3591  if( *flags != 0 )
3593 
3594  return( 0 );
3595 }
3596 
3597 /*
3598  * Unallocate all certificate data
3599  */
3600 void x509_free( x509_cert *crt )
3601 {
3602  x509_cert *cert_cur = crt;
3603  x509_cert *cert_prv;
3604  x509_name *name_cur;
3605  x509_name *name_prv;
3606  x509_sequence *seq_cur;
3607  x509_sequence *seq_prv;
3608 
3609  if( crt == NULL )
3610  return;
3611 
3612  do
3613  {
3614  rsa_free( &cert_cur->rsa );
3615 
3616  name_cur = cert_cur->issuer.next;
3617  while( name_cur != NULL )
3618  {
3619  name_prv = name_cur;
3620  name_cur = name_cur->next;
3621  memset( name_prv, 0, sizeof( x509_name ) );
3622  free( name_prv );
3623  }
3624 
3625  name_cur = cert_cur->subject.next;
3626  while( name_cur != NULL )
3627  {
3628  name_prv = name_cur;
3629  name_cur = name_cur->next;
3630  memset( name_prv, 0, sizeof( x509_name ) );
3631  free( name_prv );
3632  }
3633 
3634  seq_cur = cert_cur->ext_key_usage.next;
3635  while( seq_cur != NULL )
3636  {
3637  seq_prv = seq_cur;
3638  seq_cur = seq_cur->next;
3639  memset( seq_prv, 0, sizeof( x509_sequence ) );
3640  free( seq_prv );
3641  }
3642 
3643  seq_cur = cert_cur->subject_alt_names.next;
3644  while( seq_cur != NULL )
3645  {
3646  seq_prv = seq_cur;
3647  seq_cur = seq_cur->next;
3648  memset( seq_prv, 0, sizeof( x509_sequence ) );
3649  free( seq_prv );
3650  }
3651 
3652  if( cert_cur->raw.p != NULL )
3653  {
3654  memset( cert_cur->raw.p, 0, cert_cur->raw.len );
3655  free( cert_cur->raw.p );
3656  }
3657 
3658  cert_cur = cert_cur->next;
3659  }
3660  while( cert_cur != NULL );
3661 
3662  cert_cur = crt;
3663  do
3664  {
3665  cert_prv = cert_cur;
3666  cert_cur = cert_cur->next;
3667 
3668  memset( cert_prv, 0, sizeof( x509_cert ) );
3669  if( cert_prv != crt )
3670  free( cert_prv );
3671  }
3672  while( cert_cur != NULL );
3673 }
3674 
3675 /*
3676  * Unallocate all CRL data
3677  */
3678 void x509_crl_free( x509_crl *crl )
3679 {
3680  x509_crl *crl_cur = crl;
3681  x509_crl *crl_prv;
3682  x509_name *name_cur;
3683  x509_name *name_prv;
3684  x509_crl_entry *entry_cur;
3685  x509_crl_entry *entry_prv;
3686 
3687  if( crl == NULL )
3688  return;
3689 
3690  do
3691  {
3692  name_cur = crl_cur->issuer.next;
3693  while( name_cur != NULL )
3694  {
3695  name_prv = name_cur;
3696  name_cur = name_cur->next;
3697  memset( name_prv, 0, sizeof( x509_name ) );
3698  free( name_prv );
3699  }
3700 
3701  entry_cur = crl_cur->entry.next;
3702  while( entry_cur != NULL )
3703  {
3704  entry_prv = entry_cur;
3705  entry_cur = entry_cur->next;
3706  memset( entry_prv, 0, sizeof( x509_crl_entry ) );
3707  free( entry_prv );
3708  }
3709 
3710  if( crl_cur->raw.p != NULL )
3711  {
3712  memset( crl_cur->raw.p, 0, crl_cur->raw.len );
3713  free( crl_cur->raw.p );
3714  }
3715 
3716  crl_cur = crl_cur->next;
3717  }
3718  while( crl_cur != NULL );
3719 
3720  crl_cur = crl;
3721  do
3722  {
3723  crl_prv = crl_cur;
3724  crl_cur = crl_cur->next;
3725 
3726  memset( crl_prv, 0, sizeof( x509_crl ) );
3727  if( crl_prv != crl )
3728  free( crl_prv );
3729  }
3730  while( crl_cur != NULL );
3731 }
3732 
3733 #if defined(POLARSSL_SELF_TEST)
3734 
3735 #include "polarssl/certs.h"
3736 
3737 /*
3738  * Checkup routine
3739  */
3740 int x509_self_test( int verbose )
3741 {
3742 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3743  int ret;
3744  int flags;
3745  size_t i, j;
3746  x509_cert cacert;
3747  x509_cert clicert;
3748  rsa_context rsa;
3749 #if defined(POLARSSL_DHM_C)
3750  dhm_context dhm;
3751 #endif
3752 
3753  if( verbose != 0 )
3754  printf( " X.509 certificate load: " );
3755 
3756  memset( &clicert, 0, sizeof( x509_cert ) );
3757 
3758  ret = x509parse_crt( &clicert, (const unsigned char *) test_cli_crt,
3759  strlen( test_cli_crt ) );
3760  if( ret != 0 )
3761  {
3762  if( verbose != 0 )
3763  printf( "failed\n" );
3764 
3765  return( ret );
3766  }
3767 
3768  memset( &cacert, 0, sizeof( x509_cert ) );
3769 
3770  ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt,
3771  strlen( test_ca_crt ) );
3772  if( ret != 0 )
3773  {
3774  if( verbose != 0 )
3775  printf( "failed\n" );
3776 
3777  return( ret );
3778  }
3779 
3780  if( verbose != 0 )
3781  printf( "passed\n X.509 private key load: " );
3782 
3783  i = strlen( test_ca_key );
3784  j = strlen( test_ca_pwd );
3785 
3786  rsa_init( &rsa, RSA_PKCS_V15, 0 );
3787 
3788  if( ( ret = x509parse_key( &rsa,
3789  (const unsigned char *) test_ca_key, i,
3790  (const unsigned char *) test_ca_pwd, j ) ) != 0 )
3791  {
3792  if( verbose != 0 )
3793  printf( "failed\n" );
3794 
3795  return( ret );
3796  }
3797 
3798  if( verbose != 0 )
3799  printf( "passed\n X.509 signature verify: ");
3800 
3801  ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
3802  if( ret != 0 )
3803  {
3804  if( verbose != 0 )
3805  printf( "failed\n" );
3806 
3807  return( ret );
3808  }
3809 
3810 #if defined(POLARSSL_DHM_C)
3811  if( verbose != 0 )
3812  printf( "passed\n X.509 DHM parameter load: " );
3813 
3814  i = strlen( test_dhm_params );
3815  j = strlen( test_ca_pwd );
3816 
3817  if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params, i ) ) != 0 )
3818  {
3819  if( verbose != 0 )
3820  printf( "failed\n" );
3821 
3822  return( ret );
3823  }
3824 
3825  if( verbose != 0 )
3826  printf( "passed\n\n" );
3827 #endif
3828 
3829  x509_free( &cacert );
3830  x509_free( &clicert );
3831  rsa_free( &rsa );
3832 #if defined(POLARSSL_DHM_C)
3833  dhm_free( &dhm );
3834 #endif
3835 
3836  return( 0 );
3837 #else
3838  ((void) verbose);
3840 #endif
3841 }
3842 
3843 #endif
3844 
3845 #endif
x509_time valid_to
End time of certificate validity.
Definition: x509.h:304
#define OID_CLIENT_AUTH
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
Definition: x509.h:167
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT
Invalid RSA key tag or value.
Definition: x509.h:60
x509_buf sig
Definition: x509.h:374
#define SIG_RSA_MD5
Definition: rsa.h:51
mpi P
Definition: dhm.h:139
x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509.h:297
#define ASN1_NULL
Definition: asn1.h:75
#define ASN1_PRINTABLE_STRING
Definition: asn1.h:80
int x509parse_crt_der(x509_cert *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
#define STRING_SERVER_AUTH
Definition: x509.h:173
x509_name issuer
The parsed issuer data (named information object).
Definition: x509.h:300
x509_buf tbs
The raw certificate body (DER).
Definition: x509.h:291
x509_buf val
The named value.
Definition: x509.h:267
#define ASN1_UTC_TIME
Definition: asn1.h:83
int asn1_get_sequence_of(unsigned char **p, const unsigned char *end, asn1_sequence *cur, int tag)
Parses and splits an ASN.1 &quot;SEQUENCE OF &lt;tag&gt;&quot; Updated the pointer to immediately behind the full seq...
#define X509_FORMAT_DER
Definition: x509.h:238
#define SIG_RSA_MD4
Definition: rsa.h:50
int max_pathlen
Optional Basic Constraint extension value: The maximum path length to the root certificate.
Definition: x509.h:316
#define ASN1_OID
Definition: asn1.h:76
#define OID_PKCS9
Definition: x509.h:117
#define EXT_KEY_USAGE
Definition: x509.h:218
#define ASN1_GENERALIZED_TIME
Definition: asn1.h:84
unsigned char ns_cert_type
Optional Netscape certificate type extension value: See the values below.
Definition: x509.h:322
int sec
Time.
Definition: x509.h:281
uint32_t t_uint
Definition: bignum.h:146
int version
Definition: x509.h:359
int rsa_check_privkey(const rsa_context *ctx)
Check a private RSA key.
asn1_buf buf
Buffer containing the given ASN.1 item.
Definition: asn1.h:132
#define POLARSSL_ERR_X509_PASSWORD_REQUIRED
Private key password can&#39;t be empty.
Definition: x509.h:65
x509_time next_update
Definition: x509.h:367
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:53
int pkcs12_pbe(asn1_buf *pbe_params, int mode, cipher_type_t cipher_type, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for cipher-based and md-based PBE&#39;s...
int x509parse_crtfile(x509_cert *chain, const char *path)
Load one or more certificates and add them to the chained list.
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
DHM context structure.
Definition: dhm.h:136
Certificate revocation list entry.
Definition: x509.h:336
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS
The extension tag or value is invalid.
Definition: x509.h:53
x509_buf sig
Signature: hash of the tbs part signed with the private key.
Definition: x509.h:325
#define POLARSSL_ERR_X509_INVALID_INPUT
Input invalid.
Definition: x509.h:62
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT
Format not recognized as DER or PEM.
Definition: x509.h:61
#define EXT_BASIC_CONSTRAINTS
Definition: x509.h:224
x509_name subject
The parsed subject data (named information object).
Definition: x509.h:301
#define X520_STATE
Definition: x509.h:92
#define OID_SERVER_AUTH
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
Definition: x509.h:166
struct _x509_crl * next
Definition: x509.h:377
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
size_t len
ASN1 length, e.g.
Definition: asn1.h:121
x509_buf raw
The raw certificate data (DER).
Definition: x509.h:290
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
Definition: x509.h:55
const char * x509_oid_get_description(x509_buf *oid)
Give an known OID, return its descriptive string.
#define RSA_PUBLIC
Definition: rsa.h:58
Container for date and time (precision in seconds).
Definition: x509.h:278
#define STRING_EMAIL_PROTECTION
Definition: x509.h:176
#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pkcs12.h:39
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION
The certificate version element is invalid.
Definition: x509.h:46
#define ASN1_SEQUENCE
Definition: asn1.h:78
void x509_free(x509_cert *crt)
Unallocate all certificate data.
mpi DQ
Definition: rsa.h:147
x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
Definition: x509.h:320
Configuration options (set of defines)
int rsa_check_pubkey(const rsa_context *ctx)
Check a public RSA key.
void md2(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD2( input buffer )
int pem_read_buffer(pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, size_t pwdlen, size_t *use_len)
Read a buffer for PEM information and store the resulting data into the specified context buffers...
#define ASN1_CONSTRUCTED
Definition: asn1.h:88
#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG
Key algorithm is unsupported (only RSA is supported).
Definition: x509.h:56
#define OID_CN
Definition: x509.h:104
Container for ASN1 named information objects.
Definition: x509.h:264
int x509parse_cert_info(char *buf, size_t size, const char *prefix, const x509_cert *crt)
Returns an informational string about the certificate.
MPI structure.
Definition: bignum.h:164
x509_buf sig_oid2
Definition: x509.h:373
const char test_ca_pwd[]
#define STRING_TIME_STAMPING
Definition: x509.h:177
Container for an X.509 certificate.
Definition: x509.h:288
int x509parse_dhmfile(dhm_context *dhm, const char *path)
Load and parse DHM parameters.
#define OID_PKCS5_PBES2
Definition: pkcs5.h:56
#define BADCRL_NOT_TRUSTED
CRL is not correctly signed by the trusted CA.
Definition: x509.h:78
const char test_ca_crt[]
void md4(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD4( input buffer )
#define POLARSSL_ERR_ASN1_INVALID_LENGTH
Error when trying to determine the length or invalid length.
Definition: asn1.h:52
Container for ASN1 bit strings.
Definition: asn1.h:119
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL
The serial tag or value is invalid.
Definition: x509.h:47
x509_name issuer
The parsed issuer data (named information object).
Definition: x509.h:364
x509_buf serial
Definition: x509.h:340
#define OID_PKCS1_RSA
Definition: x509.h:112
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION
Unsupported RSA key version.
Definition: x509.h:59
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
Definition: asn1.h:94
size_t len
Definition: rsa.h:138
#define OID_KEY_USAGE
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
Definition: x509.h:135
mpi P
Definition: rsa.h:144
x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
Definition: x509.h:369
#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
Definition: pkcs12.h:53
x509_buf sig_oid2
Signature algorithm.
Definition: x509.h:324
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH
Certificate signature algorithms do not match.
Definition: x509.h:57
#define ASN1_SET
Definition: asn1.h:79
int hour
Definition: x509.h:281
mpi Q
Definition: rsa.h:145
#define ASN1_PRIMITIVE
Definition: asn1.h:87
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pkcs5.h:47
int mon
Definition: x509.h:280
Container for a sequence of ASN.1 items.
Definition: asn1.h:130
#define OID_SUBJECT_ALT_NAME
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
Definition: x509.h:138
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can&#39;t be empty.
Definition: pem.h:43
#define BADCERT_EXPIRED
The certificate validity has expired.
Definition: x509.h:74
x509_buf sig_oid1
Definition: x509.h:360
void rsa_free(rsa_context *ctx)
Free the components of an RSA key.
int sig_alg
Internal representation of the signature algorithm, e.g.
Definition: x509.h:326
unsigned char * p
Raw ASN1 data for the bit string.
Definition: asn1.h:123
RSA context structure.
Definition: rsa.h:135
void pem_init(pem_context *ctx)
PEM context setup.
int x509parse_crt(x509_cert *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
Generic ASN.1 parsing.
mpi D
Definition: rsa.h:143
#define SIG_RSA_SHA512
Definition: rsa.h:56
SHA-384 and SHA-512 cryptographic hash function.
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED
Certificate verification failed, e.g.
Definition: x509.h:58
mpi QP
Definition: rsa.h:148
#define ASN1_BMP_STRING
Definition: asn1.h:86
int x509parse_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is valid.
Privacy Enhanced Mail (PEM) decoding.
#define OID_PKCS1
Definition: x509.h:111
#define RSA_PKCS_V15
Definition: rsa.h:61
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE
The signature tag or value invalid.
Definition: x509.h:52
mpi N
Definition: rsa.h:140
int pkcs5_pbes2(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
PKCS#5 PBES2 function.
#define SIG_RSA_SHA1
Definition: rsa.h:52
mpi G
Definition: dhm.h:140
#define OID_EXTENDED_KEY_USAGE
id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
Definition: x509.h:144
#define OID_BASIC_CONSTRAINTS
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
Definition: x509.h:141
#define OID_NS_CERT_TYPE
Definition: x509.h:191
SHA-224 and SHA-256 cryptographic hash function.
void x509_crl_free(x509_crl *crl)
Unallocate all CRL data.
#define X520_LOCALITY
Definition: x509.h:91
int x509parse_dhm(dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen)
Parse DHM parameters.
#define ASN1_INTEGER
Definition: asn1.h:72
unsigned char * p
ASN1 data, e.g.
Definition: asn1.h:112
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT
The certificate format is invalid, e.g.
Definition: x509.h:45
int x509parse_crtpath(x509_cert *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list.
int x509parse_crl(x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse one or more CRLs and add them to the chained list.
int x509parse_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
int x509parse_key(rsa_context *rsa, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
Parse a private RSA key.
#define EXT_NS_CERT_TYPE
Definition: x509.h:232
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: pem.h:44
int x509_oid_get_numeric_string(char *buf, size_t size, x509_buf *oid)
Give an OID, return a string version of its OID number.
#define X520_COMMON_NAME
Definition: x509.h:89
void pem_free(pem_context *ctx)
PEM context memory freeing.
x509_buf tbs
The raw certificate body (DER).
Definition: x509.h:357
int asn1_get_bool(unsigned char **p, const unsigned char *end, int *val)
Retrieve a boolean ASN.1 tag and its value.
#define STRING_OCSP_SIGNING
Definition: x509.h:178
int x509parse_public_keyfile(rsa_context *rsa, const char *path)
Load and parse a public RSA key.
x509_buf serial
Unique id for certificate issued by a specific CA.
Definition: x509.h:294
struct _x509_crl_entry * next
Definition: x509.h:346
x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
Definition: x509.h:310
#define SIG_RSA_MD2
Definition: rsa.h:49
Diffie-Hellman-Merkle key exchange.
int day
Date.
Definition: x509.h:280
const char test_ca_key[]
x509_time valid_from
Start time of certificate validity.
Definition: x509.h:303
mpi E
Definition: rsa.h:141
int tag
ASN1 type, e.g.
Definition: asn1.h:110
mpi DP
Definition: rsa.h:146
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
Definition: asn1.h:50
#define EXT_EXTENDED_KEY_USAGE
Definition: x509.h:227
x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
Definition: x509.h:309
unsigned char key_usage
Optional key usage extension value: See the values below.
Definition: x509.h:318
#define ASN1_BIT_STRING
Definition: asn1.h:73
X.509 certificate and private key decoding.
int x509parse_crl_info(char *buf, size_t size, const char *prefix, const x509_crl *crl)
Returns an informational string about the CRL.
#define OID_X520
Definition: x509.h:103
int x509parse_public_key(rsa_context *rsa, const unsigned char *key, size_t keylen)
Parse a public RSA key.
#define POLARSSL_ERR_ASN1_MALLOC_FAILED
Memory allocation failed.
Definition: asn1.h:55
#define ASN1_CONTEXT_SPECIFIC
Definition: asn1.h:89
#define BADCERT_NOT_TRUSTED
The certificate is not correctly signed by the trusted CA.
Definition: x509.h:77
struct _x509_cert * next
Next certificate in the CA-chain.
Definition: x509.h:328
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
Definition: x509.h:64
DES block cipher.
#define STRING_CODE_SIGNING
Definition: x509.h:175
PEM context structure.
Definition: pem.h:52
#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
Definition: pkcs12.h:54
#define POLARSSL_ERR_X509_CERT_INVALID_DATE
The date tag or value is invalid.
Definition: x509.h:50
x509_time this_update
Definition: x509.h:366
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:108
#define ASN1_UNIVERSAL_STRING
Definition: asn1.h:85
x509_buf entry_ext
Definition: x509.h:344
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
Certificate or CRL has an unsupported version number.
Definition: x509.h:54
int pkcs12_pbe_sha1_rc4_128(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for pbeWithSHAAnd128BitRC4.
size_t len
ASN1 length, e.g.
Definition: asn1.h:111
#define X509_FORMAT_PEM
Definition: x509.h:239
void sha4(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
Output = SHA-512( input buffer )
Sample certificates and DHM parameters for testing.
#define ASN1_IA5_STRING
Definition: asn1.h:82
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY
The pubkey tag or value is invalid (only RSA is supported).
Definition: x509.h:51
#define SIG_RSA_SHA224
Definition: rsa.h:53
#define OID_PKCS12_PBE_SHA1_RC4_128
Definition: pkcs12.h:52
SHA-1 cryptographic hash function.
int year
Definition: x509.h:280
#define BADCERT_REVOKED
The certificate has been revoked (is on a CRL).
Definition: x509.h:75
size_t mpi_size(const mpi *X)
Return the total size in bytes.
int x509parse_revoked(const x509_cert *crt, const x509_crl *crl)
Verify the certificate signature.
#define ASN1_UTF8_STRING
Definition: asn1.h:77
x509_buf raw
Definition: x509.h:338
#define BADCRL_EXPIRED
CRL is expired.
Definition: x509.h:79
x509_buf subject_raw
The raw subject data (DER).
Definition: x509.h:298
#define PKCS5_DECRYPT
Definition: pkcs5.h:49
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
void rsa_init(rsa_context *ctx, int padding, int hash_id)
Initialize an RSA context.
size_t n
Definition: bignum.h:167
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
Definition: x509.h:43
unsigned char * buf
Definition: pem.h:54
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
#define X520_ORGANIZATION
Definition: x509.h:93
Certificate revocation list structure.
Definition: x509.h:354
int asn1_get_bitstring(unsigned char **p, const unsigned char *end, asn1_bitstring *bs)
Retrieve a bitstring ASN.1 tag and its value.
#define POLARSSL_ERR_X509_CERT_INVALID_ALG
The algorithm tag or value is invalid.
Definition: x509.h:48
int min
Definition: x509.h:281
#define SIG_RSA_SHA256
Definition: rsa.h:54
#define OID_TIME_STAMPING
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
Definition: x509.h:170
#define POLARSSL_ERR_X509_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Definition: x509.h:66
#define OID_OCSP_SIGNING
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
Definition: x509.h:171
x509_sequence subject_alt_names
Optional list of Subject Alternative Names (Only dNSName supported).
Definition: x509.h:312
x509_buf v3_ext
Optional X.509 v3 extensions.
Definition: x509.h:311
void dhm_free(dhm_context *ctx)
Free the components of a DHM key.
#define OID_EMAIL_PROTECTION
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
Definition: x509.h:169
x509_buf pk_oid
Subject public key info.
Definition: x509.h:306
#define ASN1_OCTET_STRING
Definition: asn1.h:74
void sha2(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
#define STRING_CLIENT_AUTH
Definition: x509.h:174
#define OID_CODE_SIGNING
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
Definition: x509.h:168
x509_buf raw
The raw certificate data (DER).
Definition: x509.h:356
#define OID_RSA_SHA_OBS
Definition: x509.h:115
#define X520_COUNTRY
Definition: x509.h:90
#define SIG_RSA_SHA384
Definition: rsa.h:55
#define BADCERT_CN_MISMATCH
The certificate Common Name (CN) does not match with the expected CN.
Definition: x509.h:76
int x509_self_test(int verbose)
Checkup routine.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition: pem.h:38
const char test_dhm_params[]
MD4 message digest algorithm (hash function)
x509_time revocation_date
Definition: x509.h:342
int x509parse_verify(x509_cert *crt, x509_cert *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_cert *, int, int *), void *p_vrfy)
Verify the certificate signature.
x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509.h:362
const char test_cli_crt[]
#define X520_ORG_UNIT
Definition: x509.h:94
size_t buflen
Definition: pem.h:55
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
int version
The X.509 version.
Definition: x509.h:293
#define ASN1_T61_STRING
Definition: asn1.h:81
rsa_context rsa
Container for the RSA context.
Definition: x509.h:307
MD5 message digest algorithm (hash function)
#define PKCS12_PBE_DECRYPT
Definition: pkcs12.h:45
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
Definition: x509.h:63
#define PKCS9_EMAIL
Definition: x509.h:95
int ver
Definition: rsa.h:137
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA
Bad input parameters to function.
Definition: pem.h:46
x509_buf crl_ext
Definition: x509.h:371
void md5(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD5( input buffer )
MD2 message digest algorithm (hash function)
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition: asn1.h:51
PKCS#12 Personal Information Exchange Syntax.
int x509parse_keyfile(rsa_context *rsa, const char *path, const char *password)
Load and parse a private RSA key.
int rsa_pkcs1_verify(rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, int hash_id, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
Generic wrapper to perform a PKCS#1 verification using the mode from the context. ...
int x509parse_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
struct _asn1_sequence * next
The next entry in the sequence.
Definition: asn1.h:133
int x509parse_crlfile(x509_crl *chain, const char *path)
Load one or more CRLs and add them to the chained list.
int sig_alg
Definition: x509.h:375
x509_buf sig_oid1
Signature algorithm, e.g.
Definition: x509.h:295
int ca_istrue
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise...
Definition: x509.h:315
struct _x509_name * next
The next named information object.
Definition: x509.h:268
#define POLARSSL_ERR_X509_CERT_INVALID_NAME
The name tag or value is invalid.
Definition: x509.h:49
#define EXT_SUBJECT_ALT_NAME
Definition: x509.h:221
x509_buf oid
The object identifier.
Definition: x509.h:266
int ext_types
Bit string containing detected and parsed extensions.
Definition: x509.h:314