PolarSSL v1.2.8
x509parse.c
Go to the documentation of this file.
1 /*
2  * X.509 certificate and private key decoding
3  *
4  * Copyright (C) 2006-2011, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The ITU-T X.509 standard defines a certificate format for PKI.
27  *
28  * http://www.ietf.org/rfc/rfc3279.txt
29  * http://www.ietf.org/rfc/rfc3280.txt
30  *
31  * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32  *
33  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35  */
36 
37 #include "polarssl/config.h"
38 
39 #if defined(POLARSSL_X509_PARSE_C)
40 
41 #include "polarssl/x509.h"
42 #include "polarssl/asn1.h"
43 #include "polarssl/pem.h"
44 #include "polarssl/des.h"
45 #if defined(POLARSSL_MD2_C)
46 #include "polarssl/md2.h"
47 #endif
48 #if defined(POLARSSL_MD4_C)
49 #include "polarssl/md4.h"
50 #endif
51 #if defined(POLARSSL_MD5_C)
52 #include "polarssl/md5.h"
53 #endif
54 #if defined(POLARSSL_SHA1_C)
55 #include "polarssl/sha1.h"
56 #endif
57 #if defined(POLARSSL_SHA2_C)
58 #include "polarssl/sha2.h"
59 #endif
60 #if defined(POLARSSL_SHA4_C)
61 #include "polarssl/sha4.h"
62 #endif
63 #include "polarssl/dhm.h"
64 #if defined(POLARSSL_PKCS5_C)
65 #include "polarssl/pkcs5.h"
66 #endif
67 #if defined(POLARSSL_PKCS12_C)
68 #include "polarssl/pkcs12.h"
69 #endif
70 
71 #include <string.h>
72 #include <stdlib.h>
73 #if defined(_WIN32)
74 #include <windows.h>
75 #else
76 #include <time.h>
77 #endif
78 
79 #if defined(POLARSSL_FS_IO)
80 #include <stdio.h>
81 #if !defined(_WIN32)
82 #include <sys/types.h>
83 #include <sys/stat.h>
84 #include <dirent.h>
85 #endif
86 #endif
87 
88 /* Compare a given OID string with an OID x509_buf * */
89 #define OID_CMP(oid_str, oid_buf) \
90  ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
91  memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
92 
93 /*
94  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
95  */
96 static int x509_get_version( unsigned char **p,
97  const unsigned char *end,
98  int *ver )
99 {
100  int ret;
101  size_t len;
102 
103  if( ( ret = asn1_get_tag( p, end, &len,
104  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
105  {
107  {
108  *ver = 0;
109  return( 0 );
110  }
111 
112  return( ret );
113  }
114 
115  end = *p + len;
116 
117  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
119 
120  if( *p != end )
123 
124  return( 0 );
125 }
126 
127 /*
128  * Version ::= INTEGER { v1(0), v2(1) }
129  */
130 static int x509_crl_get_version( unsigned char **p,
131  const unsigned char *end,
132  int *ver )
133 {
134  int ret;
135 
136  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
137  {
139  {
140  *ver = 0;
141  return( 0 );
142  }
143 
145  }
146 
147  return( 0 );
148 }
149 
150 /*
151  * CertificateSerialNumber ::= INTEGER
152  */
153 static int x509_get_serial( unsigned char **p,
154  const unsigned char *end,
155  x509_buf *serial )
156 {
157  int ret;
158 
159  if( ( end - *p ) < 1 )
162 
163  if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
164  **p != ASN1_INTEGER )
167 
168  serial->tag = *(*p)++;
169 
170  if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
172 
173  serial->p = *p;
174  *p += serial->len;
175 
176  return( 0 );
177 }
178 
179 /*
180  * AlgorithmIdentifier ::= SEQUENCE {
181  * algorithm OBJECT IDENTIFIER,
182  * parameters ANY DEFINED BY algorithm OPTIONAL }
183  */
184 static int x509_get_alg( unsigned char **p,
185  const unsigned char *end,
186  x509_buf *alg )
187 {
188  int ret;
189  size_t len;
190 
191  if( ( ret = asn1_get_tag( p, end, &len,
192  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
193  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
194 
195  end = *p + len;
196  alg->tag = **p;
197 
198  if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
199  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
200 
201  alg->p = *p;
202  *p += alg->len;
203 
204  if( *p == end )
205  return( 0 );
206 
207  /*
208  * assume the algorithm parameters must be NULL
209  */
210  if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
211  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
212 
213  if( *p != end )
216 
217  return( 0 );
218 }
219 
220 /*
221  * AttributeTypeAndValue ::= SEQUENCE {
222  * type AttributeType,
223  * value AttributeValue }
224  *
225  * AttributeType ::= OBJECT IDENTIFIER
226  *
227  * AttributeValue ::= ANY DEFINED BY AttributeType
228  */
229 static int x509_get_attr_type_value( unsigned char **p,
230  const unsigned char *end,
231  x509_name *cur )
232 {
233  int ret;
234  size_t len;
235  x509_buf *oid;
236  x509_buf *val;
237 
238  if( ( ret = asn1_get_tag( p, end, &len,
239  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
240  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
241 
242  oid = &cur->oid;
243  oid->tag = **p;
244 
245  if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
246  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
247 
248  oid->p = *p;
249  *p += oid->len;
250 
251  if( ( end - *p ) < 1 )
254 
255  if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
256  **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
257  **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
260 
261  val = &cur->val;
262  val->tag = *(*p)++;
263 
264  if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
265  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
266 
267  val->p = *p;
268  *p += val->len;
269 
270  cur->next = NULL;
271 
272  return( 0 );
273 }
274 
275 /*
276  * RelativeDistinguishedName ::=
277  * SET OF AttributeTypeAndValue
278  *
279  * AttributeTypeAndValue ::= SEQUENCE {
280  * type AttributeType,
281  * value AttributeValue }
282  *
283  * AttributeType ::= OBJECT IDENTIFIER
284  *
285  * AttributeValue ::= ANY DEFINED BY AttributeType
286  */
287 static int x509_get_name( unsigned char **p,
288  const unsigned char *end,
289  x509_name *cur )
290 {
291  int ret;
292  size_t len;
293  const unsigned char *end2;
294  x509_name *use;
295 
296  if( ( ret = asn1_get_tag( p, end, &len,
297  ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
298  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
299 
300  end2 = end;
301  end = *p + len;
302  use = cur;
303 
304  do
305  {
306  if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
307  return( ret );
308 
309  if( *p != end )
310  {
311  use->next = (x509_name *) malloc(
312  sizeof( x509_name ) );
313 
314  if( use->next == NULL )
316 
317  memset( use->next, 0, sizeof( x509_name ) );
318 
319  use = use->next;
320  }
321  }
322  while( *p != end );
323 
324  /*
325  * recurse until end of SEQUENCE is reached
326  */
327  if( *p == end2 )
328  return( 0 );
329 
330  cur->next = (x509_name *) malloc(
331  sizeof( x509_name ) );
332 
333  if( cur->next == NULL )
335 
336  memset( cur->next, 0, sizeof( x509_name ) );
337 
338  return( x509_get_name( p, end2, cur->next ) );
339 }
340 
341 /*
342  * Time ::= CHOICE {
343  * utcTime UTCTime,
344  * generalTime GeneralizedTime }
345  */
346 static int x509_get_time( unsigned char **p,
347  const unsigned char *end,
348  x509_time *time )
349 {
350  int ret;
351  size_t len;
352  char date[64];
353  unsigned char tag;
354 
355  if( ( end - *p ) < 1 )
358 
359  tag = **p;
360 
361  if ( tag == ASN1_UTC_TIME )
362  {
363  (*p)++;
364  ret = asn1_get_len( p, end, &len );
365 
366  if( ret != 0 )
367  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
368 
369  memset( date, 0, sizeof( date ) );
370  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
371  len : sizeof( date ) - 1 );
372 
373  if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
374  &time->year, &time->mon, &time->day,
375  &time->hour, &time->min, &time->sec ) < 5 )
377 
378  time->year += 100 * ( time->year < 50 );
379  time->year += 1900;
380 
381  *p += len;
382 
383  return( 0 );
384  }
385  else if ( tag == ASN1_GENERALIZED_TIME )
386  {
387  (*p)++;
388  ret = asn1_get_len( p, end, &len );
389 
390  if( ret != 0 )
391  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
392 
393  memset( date, 0, sizeof( date ) );
394  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
395  len : sizeof( date ) - 1 );
396 
397  if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
398  &time->year, &time->mon, &time->day,
399  &time->hour, &time->min, &time->sec ) < 5 )
401 
402  *p += len;
403 
404  return( 0 );
405  }
406  else
408 }
409 
410 
411 /*
412  * Validity ::= SEQUENCE {
413  * notBefore Time,
414  * notAfter Time }
415  */
416 static int x509_get_dates( unsigned char **p,
417  const unsigned char *end,
418  x509_time *from,
419  x509_time *to )
420 {
421  int ret;
422  size_t len;
423 
424  if( ( ret = asn1_get_tag( p, end, &len,
425  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
426  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
427 
428  end = *p + len;
429 
430  if( ( ret = x509_get_time( p, end, from ) ) != 0 )
431  return( ret );
432 
433  if( ( ret = x509_get_time( p, end, to ) ) != 0 )
434  return( ret );
435 
436  if( *p != end )
439 
440  return( 0 );
441 }
442 
443 /*
444  * SubjectPublicKeyInfo ::= SEQUENCE {
445  * algorithm AlgorithmIdentifier,
446  * subjectPublicKey BIT STRING }
447  */
448 static int x509_get_pubkey( unsigned char **p,
449  const unsigned char *end,
450  x509_buf *pk_alg_oid,
451  mpi *N, mpi *E )
452 {
453  int ret;
454  size_t len;
455  unsigned char *end2;
456 
457  if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
458  return( ret );
459 
460  /*
461  * only RSA public keys handled at this time
462  */
463  if( pk_alg_oid->len != 9 ||
464  memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 )
465  {
467  }
468 
469  if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
471 
472  if( ( end - *p ) < 1 )
475 
476  end2 = *p + len;
477 
478  if( *(*p)++ != 0 )
480 
481  /*
482  * RSAPublicKey ::= SEQUENCE {
483  * modulus INTEGER, -- n
484  * publicExponent INTEGER -- e
485  * }
486  */
487  if( ( ret = asn1_get_tag( p, end2, &len,
488  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
490 
491  if( *p + len != end2 )
494 
495  if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
496  ( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
498 
499  if( *p != end )
502 
503  return( 0 );
504 }
505 
506 static int x509_get_sig( unsigned char **p,
507  const unsigned char *end,
508  x509_buf *sig )
509 {
510  int ret;
511  size_t len;
512 
513  if( ( end - *p ) < 1 )
516 
517  sig->tag = **p;
518 
519  if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
521 
522 
523  if( --len < 1 || *(*p)++ != 0 )
525 
526  sig->len = len;
527  sig->p = *p;
528 
529  *p += len;
530 
531  return( 0 );
532 }
533 
534 /*
535  * X.509 v2/v3 unique identifier (not parsed)
536  */
537 static int x509_get_uid( unsigned char **p,
538  const unsigned char *end,
539  x509_buf *uid, int n )
540 {
541  int ret;
542 
543  if( *p == end )
544  return( 0 );
545 
546  uid->tag = **p;
547 
548  if( ( ret = asn1_get_tag( p, end, &uid->len,
549  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 )
550  {
552  return( 0 );
553 
554  return( ret );
555  }
556 
557  uid->p = *p;
558  *p += uid->len;
559 
560  return( 0 );
561 }
562 
563 /*
564  * X.509 Extensions (No parsing of extensions, pointer should
565  * be either manually updated or extensions should be parsed!
566  */
567 static int x509_get_ext( unsigned char **p,
568  const unsigned char *end,
569  x509_buf *ext, int tag )
570 {
571  int ret;
572  size_t len;
573 
574  if( *p == end )
575  return( 0 );
576 
577  ext->tag = **p;
578 
579  if( ( ret = asn1_get_tag( p, end, &ext->len,
580  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
581  return( ret );
582 
583  ext->p = *p;
584  end = *p + ext->len;
585 
586  /*
587  * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
588  *
589  * Extension ::= SEQUENCE {
590  * extnID OBJECT IDENTIFIER,
591  * critical BOOLEAN DEFAULT FALSE,
592  * extnValue OCTET STRING }
593  */
594  if( ( ret = asn1_get_tag( p, end, &len,
595  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
597 
598  if( end != *p + len )
601 
602  return( 0 );
603 }
604 
605 /*
606  * X.509 CRL v2 extensions (no extensions parsed yet.)
607  */
608 static int x509_get_crl_ext( unsigned char **p,
609  const unsigned char *end,
610  x509_buf *ext )
611 {
612  int ret;
613  size_t len = 0;
614 
615  /* Get explicit tag */
616  if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
617  {
619  return( 0 );
620 
621  return( ret );
622  }
623 
624  while( *p < end )
625  {
626  if( ( ret = asn1_get_tag( p, end, &len,
627  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
629 
630  *p += len;
631  }
632 
633  if( *p != end )
636 
637  return( 0 );
638 }
639 
640 /*
641  * X.509 CRL v2 entry extensions (no extensions parsed yet.)
642  */
643 static int x509_get_crl_entry_ext( unsigned char **p,
644  const unsigned char *end,
645  x509_buf *ext )
646 {
647  int ret;
648  size_t len = 0;
649 
650  /* OPTIONAL */
651  if (end <= *p)
652  return( 0 );
653 
654  ext->tag = **p;
655  ext->p = *p;
656 
657  /*
658  * Get CRL-entry extension sequence header
659  * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
660  */
661  if( ( ret = asn1_get_tag( p, end, &ext->len,
662  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
663  {
665  {
666  ext->p = NULL;
667  return( 0 );
668  }
670  }
671 
672  end = *p + ext->len;
673 
674  if( end != *p + ext->len )
677 
678  while( *p < end )
679  {
680  if( ( ret = asn1_get_tag( p, end, &len,
681  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
683 
684  *p += len;
685  }
686 
687  if( *p != end )
690 
691  return( 0 );
692 }
693 
694 static int x509_get_basic_constraints( unsigned char **p,
695  const unsigned char *end,
696  int *ca_istrue,
697  int *max_pathlen )
698 {
699  int ret;
700  size_t len;
701 
702  /*
703  * BasicConstraints ::= SEQUENCE {
704  * cA BOOLEAN DEFAULT FALSE,
705  * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
706  */
707  *ca_istrue = 0; /* DEFAULT FALSE */
708  *max_pathlen = 0; /* endless */
709 
710  if( ( ret = asn1_get_tag( p, end, &len,
711  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
713 
714  if( *p == end )
715  return 0;
716 
717  if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
718  {
720  ret = asn1_get_int( p, end, ca_istrue );
721 
722  if( ret != 0 )
724 
725  if( *ca_istrue != 0 )
726  *ca_istrue = 1;
727  }
728 
729  if( *p == end )
730  return 0;
731 
732  if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
734 
735  if( *p != end )
738 
739  (*max_pathlen)++;
740 
741  return 0;
742 }
743 
744 static int x509_get_ns_cert_type( unsigned char **p,
745  const unsigned char *end,
746  unsigned char *ns_cert_type)
747 {
748  int ret;
749  x509_bitstring bs = { 0, 0, NULL };
750 
751  if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
753 
754  if( bs.len != 1 )
757 
758  /* Get actual bitstring */
759  *ns_cert_type = *bs.p;
760  return 0;
761 }
762 
763 static int x509_get_key_usage( unsigned char **p,
764  const unsigned char *end,
765  unsigned char *key_usage)
766 {
767  int ret;
768  x509_bitstring bs = { 0, 0, NULL };
769 
770  if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
772 
773  if( bs.len < 1 )
776 
777  /* Get actual bitstring */
778  *key_usage = *bs.p;
779  return 0;
780 }
781 
782 /*
783  * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
784  *
785  * KeyPurposeId ::= OBJECT IDENTIFIER
786  */
787 static int x509_get_ext_key_usage( unsigned char **p,
788  const unsigned char *end,
789  x509_sequence *ext_key_usage)
790 {
791  int ret;
792 
793  if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
795 
796  /* Sequence length must be >= 1 */
797  if( ext_key_usage->buf.p == NULL )
800 
801  return 0;
802 }
803 
804 /*
805  * SubjectAltName ::= GeneralNames
806  *
807  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
808  *
809  * GeneralName ::= CHOICE {
810  * otherName [0] OtherName,
811  * rfc822Name [1] IA5String,
812  * dNSName [2] IA5String,
813  * x400Address [3] ORAddress,
814  * directoryName [4] Name,
815  * ediPartyName [5] EDIPartyName,
816  * uniformResourceIdentifier [6] IA5String,
817  * iPAddress [7] OCTET STRING,
818  * registeredID [8] OBJECT IDENTIFIER }
819  *
820  * OtherName ::= SEQUENCE {
821  * type-id OBJECT IDENTIFIER,
822  * value [0] EXPLICIT ANY DEFINED BY type-id }
823  *
824  * EDIPartyName ::= SEQUENCE {
825  * nameAssigner [0] DirectoryString OPTIONAL,
826  * partyName [1] DirectoryString }
827  *
828  * NOTE: PolarSSL only parses and uses dNSName at this point.
829  */
830 static int x509_get_subject_alt_name( unsigned char **p,
831  const unsigned char *end,
832  x509_sequence *subject_alt_name )
833 {
834  int ret;
835  size_t len, tag_len;
836  asn1_buf *buf;
837  unsigned char tag;
838  asn1_sequence *cur = subject_alt_name;
839 
840  /* Get main sequence tag */
841  if( ( ret = asn1_get_tag( p, end, &len,
842  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
844 
845  if( *p + len != end )
848 
849  while( *p < end )
850  {
851  if( ( end - *p ) < 1 )
854 
855  tag = **p;
856  (*p)++;
857  if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
859 
860  if( ( tag & ASN1_CONTEXT_SPECIFIC ) != ASN1_CONTEXT_SPECIFIC )
863 
864  if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
865  {
866  *p += tag_len;
867  continue;
868  }
869 
870  buf = &(cur->buf);
871  buf->tag = tag;
872  buf->p = *p;
873  buf->len = tag_len;
874  *p += buf->len;
875 
876  /* Allocate and assign next pointer */
877  if (*p < end)
878  {
879  cur->next = (asn1_sequence *) malloc(
880  sizeof( asn1_sequence ) );
881 
882  if( cur->next == NULL )
885 
886  memset( cur->next, 0, sizeof( asn1_sequence ) );
887  cur = cur->next;
888  }
889  }
890 
891  /* Set final sequence entry's next pointer to NULL */
892  cur->next = NULL;
893 
894  if( *p != end )
897 
898  return( 0 );
899 }
900 
901 /*
902  * X.509 v3 extensions
903  *
904  * TODO: Perform all of the basic constraints tests required by the RFC
905  * TODO: Set values for undetected extensions to a sane default?
906  *
907  */
908 static int x509_get_crt_ext( unsigned char **p,
909  const unsigned char *end,
910  x509_cert *crt )
911 {
912  int ret;
913  size_t len;
914  unsigned char *end_ext_data, *end_ext_octet;
915 
916  if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
917  {
919  return( 0 );
920 
921  return( ret );
922  }
923 
924  while( *p < end )
925  {
926  /*
927  * Extension ::= SEQUENCE {
928  * extnID OBJECT IDENTIFIER,
929  * critical BOOLEAN DEFAULT FALSE,
930  * extnValue OCTET STRING }
931  */
932  x509_buf extn_oid = {0, 0, NULL};
933  int is_critical = 0; /* DEFAULT FALSE */
934 
935  if( ( ret = asn1_get_tag( p, end, &len,
936  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
938 
939  end_ext_data = *p + len;
940 
941  /* Get extension ID */
942  extn_oid.tag = **p;
943 
944  if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
946 
947  extn_oid.p = *p;
948  *p += extn_oid.len;
949 
950  if( ( end - *p ) < 1 )
953 
954  /* Get optional critical */
955  if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
958 
959  /* Data should be octet string type */
960  if( ( ret = asn1_get_tag( p, end_ext_data, &len,
961  ASN1_OCTET_STRING ) ) != 0 )
963 
964  end_ext_octet = *p + len;
965 
966  if( end_ext_octet != end_ext_data )
969 
970  /*
971  * Detect supported extensions
972  */
973  if( ( OID_SIZE( OID_BASIC_CONSTRAINTS ) == extn_oid.len ) &&
974  memcmp( extn_oid.p, OID_BASIC_CONSTRAINTS, extn_oid.len ) == 0 )
975  {
976  /* Parse basic constraints */
977  if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
978  &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
979  return ( ret );
981  }
982  else if( ( OID_SIZE( OID_NS_CERT_TYPE ) == extn_oid.len ) &&
983  memcmp( extn_oid.p, OID_NS_CERT_TYPE, extn_oid.len ) == 0 )
984  {
985  /* Parse netscape certificate type */
986  if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
987  &crt->ns_cert_type ) ) != 0 )
988  return ( ret );
989  crt->ext_types |= EXT_NS_CERT_TYPE;
990  }
991  else if( ( OID_SIZE( OID_KEY_USAGE ) == extn_oid.len ) &&
992  memcmp( extn_oid.p, OID_KEY_USAGE, extn_oid.len ) == 0 )
993  {
994  /* Parse key usage */
995  if( ( ret = x509_get_key_usage( p, end_ext_octet,
996  &crt->key_usage ) ) != 0 )
997  return ( ret );
998  crt->ext_types |= EXT_KEY_USAGE;
999  }
1000  else if( ( OID_SIZE( OID_EXTENDED_KEY_USAGE ) == extn_oid.len ) &&
1001  memcmp( extn_oid.p, OID_EXTENDED_KEY_USAGE, extn_oid.len ) == 0 )
1002  {
1003  /* Parse extended key usage */
1004  if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
1005  &crt->ext_key_usage ) ) != 0 )
1006  return ( ret );
1008  }
1009  else if( ( OID_SIZE( OID_SUBJECT_ALT_NAME ) == extn_oid.len ) &&
1010  memcmp( extn_oid.p, OID_SUBJECT_ALT_NAME, extn_oid.len ) == 0 )
1011  {
1012  /* Parse extended key usage */
1013  if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
1014  &crt->subject_alt_names ) ) != 0 )
1015  return ( ret );
1017  }
1018  else
1019  {
1020  /* No parser found, skip extension */
1021  *p = end_ext_octet;
1022 
1023 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1024  if( is_critical )
1025  {
1026  /* Data is marked as critical: fail */
1029  }
1030 #endif
1031  }
1032  }
1033 
1034  if( *p != end )
1037 
1038  return( 0 );
1039 }
1040 
1041 /*
1042  * X.509 CRL Entries
1043  */
1044 static int x509_get_entries( unsigned char **p,
1045  const unsigned char *end,
1047 {
1048  int ret;
1049  size_t entry_len;
1050  x509_crl_entry *cur_entry = entry;
1051 
1052  if( *p == end )
1053  return( 0 );
1054 
1055  if( ( ret = asn1_get_tag( p, end, &entry_len,
1056  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
1057  {
1059  return( 0 );
1060 
1061  return( ret );
1062  }
1063 
1064  end = *p + entry_len;
1065 
1066  while( *p < end )
1067  {
1068  size_t len2;
1069  const unsigned char *end2;
1070 
1071  if( ( ret = asn1_get_tag( p, end, &len2,
1072  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
1073  {
1074  return( ret );
1075  }
1076 
1077  cur_entry->raw.tag = **p;
1078  cur_entry->raw.p = *p;
1079  cur_entry->raw.len = len2;
1080  end2 = *p + len2;
1081 
1082  if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
1083  return( ret );
1084 
1085  if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
1086  return( ret );
1087 
1088  if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
1089  return( ret );
1090 
1091  if ( *p < end )
1092  {
1093  cur_entry->next = malloc( sizeof( x509_crl_entry ) );
1094 
1095  if( cur_entry->next == NULL )
1097 
1098  cur_entry = cur_entry->next;
1099  memset( cur_entry, 0, sizeof( x509_crl_entry ) );
1100  }
1101  }
1102 
1103  return( 0 );
1104 }
1105 
1106 static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
1107 {
1108  if( sig_oid->len == 9 &&
1109  memcmp( sig_oid->p, OID_PKCS1, 8 ) == 0 )
1110  {
1111  if( sig_oid->p[8] >= 2 && sig_oid->p[8] <= 5 )
1112  {
1113  *sig_alg = sig_oid->p[8];
1114  return( 0 );
1115  }
1116 
1117  if ( sig_oid->p[8] >= 11 && sig_oid->p[8] <= 14 )
1118  {
1119  *sig_alg = sig_oid->p[8];
1120  return( 0 );
1121  }
1122 
1124  }
1125  if( sig_oid->len == 5 &&
1126  memcmp( sig_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
1127  {
1128  *sig_alg = SIG_RSA_SHA1;
1129  return( 0 );
1130  }
1131 
1133 }
1134 
1135 /*
1136  * Parse and fill a single X.509 certificate in DER format
1137  */
1138 int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
1139  size_t buflen )
1140 {
1141  int ret;
1142  size_t len;
1143  unsigned char *p, *end, *crt_end;
1144 
1145  /*
1146  * Check for valid input
1147  */
1148  if( crt == NULL || buf == NULL )
1150 
1151  p = (unsigned char *) malloc( len = buflen );
1152 
1153  if( p == NULL )
1155 
1156  memcpy( p, buf, buflen );
1157 
1158  buflen = 0;
1159 
1160  crt->raw.p = p;
1161  crt->raw.len = len;
1162  end = p + len;
1163 
1164  /*
1165  * Certificate ::= SEQUENCE {
1166  * tbsCertificate TBSCertificate,
1167  * signatureAlgorithm AlgorithmIdentifier,
1168  * signatureValue BIT STRING }
1169  */
1170  if( ( ret = asn1_get_tag( &p, end, &len,
1171  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1172  {
1173  x509_free( crt );
1175  }
1176 
1177  if( len > (size_t) ( end - p ) )
1178  {
1179  x509_free( crt );
1182  }
1183  crt_end = p + len;
1184 
1185  /*
1186  * TBSCertificate ::= SEQUENCE {
1187  */
1188  crt->tbs.p = p;
1189 
1190  if( ( ret = asn1_get_tag( &p, end, &len,
1191  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1192  {
1193  x509_free( crt );
1194  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1195  }
1196 
1197  end = p + len;
1198  crt->tbs.len = end - crt->tbs.p;
1199 
1200  /*
1201  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1202  *
1203  * CertificateSerialNumber ::= INTEGER
1204  *
1205  * signature AlgorithmIdentifier
1206  */
1207  if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
1208  ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
1209  ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
1210  {
1211  x509_free( crt );
1212  return( ret );
1213  }
1214 
1215  crt->version++;
1216 
1217  if( crt->version > 3 )
1218  {
1219  x509_free( crt );
1221  }
1222 
1223  if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_alg ) ) != 0 )
1224  {
1225  x509_free( crt );
1226  return( ret );
1227  }
1228 
1229  /*
1230  * issuer Name
1231  */
1232  crt->issuer_raw.p = p;
1233 
1234  if( ( ret = asn1_get_tag( &p, end, &len,
1235  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1236  {
1237  x509_free( crt );
1238  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1239  }
1240 
1241  if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
1242  {
1243  x509_free( crt );
1244  return( ret );
1245  }
1246 
1247  crt->issuer_raw.len = p - crt->issuer_raw.p;
1248 
1249  /*
1250  * Validity ::= SEQUENCE {
1251  * notBefore Time,
1252  * notAfter Time }
1253  *
1254  */
1255  if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
1256  &crt->valid_to ) ) != 0 )
1257  {
1258  x509_free( crt );
1259  return( ret );
1260  }
1261 
1262  /*
1263  * subject Name
1264  */
1265  crt->subject_raw.p = p;
1266 
1267  if( ( ret = asn1_get_tag( &p, end, &len,
1268  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1269  {
1270  x509_free( crt );
1271  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1272  }
1273 
1274  if( len && ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
1275  {
1276  x509_free( crt );
1277  return( ret );
1278  }
1279 
1280  crt->subject_raw.len = p - crt->subject_raw.p;
1281 
1282  /*
1283  * SubjectPublicKeyInfo ::= SEQUENCE
1284  * algorithm AlgorithmIdentifier,
1285  * subjectPublicKey BIT STRING }
1286  */
1287  if( ( ret = asn1_get_tag( &p, end, &len,
1288  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1289  {
1290  x509_free( crt );
1291  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1292  }
1293 
1294  if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
1295  &crt->rsa.N, &crt->rsa.E ) ) != 0 )
1296  {
1297  x509_free( crt );
1298  return( ret );
1299  }
1300 
1301  if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
1302  {
1303  x509_free( crt );
1304  return( ret );
1305  }
1306 
1307  crt->rsa.len = mpi_size( &crt->rsa.N );
1308 
1309  /*
1310  * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1311  * -- If present, version shall be v2 or v3
1312  * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1313  * -- If present, version shall be v2 or v3
1314  * extensions [3] EXPLICIT Extensions OPTIONAL
1315  * -- If present, version shall be v3
1316  */
1317  if( crt->version == 2 || crt->version == 3 )
1318  {
1319  ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1320  if( ret != 0 )
1321  {
1322  x509_free( crt );
1323  return( ret );
1324  }
1325  }
1326 
1327  if( crt->version == 2 || crt->version == 3 )
1328  {
1329  ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1330  if( ret != 0 )
1331  {
1332  x509_free( crt );
1333  return( ret );
1334  }
1335  }
1336 
1337  if( crt->version == 3 )
1338  {
1339  ret = x509_get_crt_ext( &p, end, crt);
1340  if( ret != 0 )
1341  {
1342  x509_free( crt );
1343  return( ret );
1344  }
1345  }
1346 
1347  if( p != end )
1348  {
1349  x509_free( crt );
1352  }
1353 
1354  end = crt_end;
1355 
1356  /*
1357  * signatureAlgorithm AlgorithmIdentifier,
1358  * signatureValue BIT STRING
1359  */
1360  if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
1361  {
1362  x509_free( crt );
1363  return( ret );
1364  }
1365 
1366  if( crt->sig_oid1.len != crt->sig_oid2.len ||
1367  memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
1368  {
1369  x509_free( crt );
1371  }
1372 
1373  if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1374  {
1375  x509_free( crt );
1376  return( ret );
1377  }
1378 
1379  if( p != end )
1380  {
1381  x509_free( crt );
1384  }
1385 
1386  return( 0 );
1387 }
1388 
1389 /*
1390  * Parse one X.509 certificate in DER format from a buffer and add them to a
1391  * chained list
1392  */
1393 int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen )
1394 {
1395  int ret;
1396  x509_cert *crt = chain, *prev = NULL;
1397 
1398  /*
1399  * Check for valid input
1400  */
1401  if( crt == NULL || buf == NULL )
1403 
1404  while( crt->version != 0 && crt->next != NULL )
1405  {
1406  prev = crt;
1407  crt = crt->next;
1408  }
1409 
1410  /*
1411  * Add new certificate on the end of the chain if needed.
1412  */
1413  if ( crt->version != 0 && crt->next == NULL)
1414  {
1415  crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1416 
1417  if( crt->next == NULL )
1419 
1420  prev = crt;
1421  crt = crt->next;
1422  memset( crt, 0, sizeof( x509_cert ) );
1423  }
1424 
1425  if( ( ret = x509parse_crt_der_core( crt, buf, buflen ) ) != 0 )
1426  {
1427  if( prev )
1428  prev->next = NULL;
1429 
1430  if( crt != chain )
1431  free( crt );
1432 
1433  return( ret );
1434  }
1435 
1436  return( 0 );
1437 }
1438 
1439 /*
1440  * Parse one or more PEM certificates from a buffer and add them to the chained list
1441  */
1442 int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
1443 {
1444  int ret, success = 0, first_error = 0, total_failed = 0;
1445  int buf_format = X509_FORMAT_DER;
1446 
1447  /*
1448  * Check for valid input
1449  */
1450  if( chain == NULL || buf == NULL )
1452 
1453  /*
1454  * Determine buffer content. Buffer contains either one DER certificate or
1455  * one or more PEM certificates.
1456  */
1457 #if defined(POLARSSL_PEM_C)
1458  if( strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1459  buf_format = X509_FORMAT_PEM;
1460 #endif
1461 
1462  if( buf_format == X509_FORMAT_DER )
1463  return x509parse_crt_der( chain, buf, buflen );
1464 
1465 #if defined(POLARSSL_PEM_C)
1466  if( buf_format == X509_FORMAT_PEM )
1467  {
1468  pem_context pem;
1469 
1470  while( buflen > 0 )
1471  {
1472  size_t use_len;
1473  pem_init( &pem );
1474 
1475  ret = pem_read_buffer( &pem,
1476  "-----BEGIN CERTIFICATE-----",
1477  "-----END CERTIFICATE-----",
1478  buf, NULL, 0, &use_len );
1479 
1480  if( ret == 0 )
1481  {
1482  /*
1483  * Was PEM encoded
1484  */
1485  buflen -= use_len;
1486  buf += use_len;
1487  }
1488  else if( ret == POLARSSL_ERR_PEM_BAD_INPUT_DATA )
1489  {
1490  return( ret );
1491  }
1493  {
1494  pem_free( &pem );
1495 
1496  /*
1497  * PEM header and footer were found
1498  */
1499  buflen -= use_len;
1500  buf += use_len;
1501 
1502  if( first_error == 0 )
1503  first_error = ret;
1504 
1505  continue;
1506  }
1507  else
1508  break;
1509 
1510  ret = x509parse_crt_der( chain, pem.buf, pem.buflen );
1511 
1512  pem_free( &pem );
1513 
1514  if( ret != 0 )
1515  {
1516  /*
1517  * Quit parsing on a memory error
1518  */
1519  if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
1520  return( ret );
1521 
1522  if( first_error == 0 )
1523  first_error = ret;
1524 
1525  total_failed++;
1526  continue;
1527  }
1528 
1529  success = 1;
1530  }
1531  }
1532 #endif
1533 
1534  if( success )
1535  return( total_failed );
1536  else if( first_error )
1537  return( first_error );
1538  else
1540 }
1541 
1542 /*
1543  * Parse one or more CRLs and add them to the chained list
1544  */
1545 int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
1546 {
1547  int ret;
1548  size_t len;
1549  unsigned char *p, *end;
1550  x509_crl *crl;
1551 #if defined(POLARSSL_PEM_C)
1552  size_t use_len;
1553  pem_context pem;
1554 #endif
1555 
1556  crl = chain;
1557 
1558  /*
1559  * Check for valid input
1560  */
1561  if( crl == NULL || buf == NULL )
1563 
1564  while( crl->version != 0 && crl->next != NULL )
1565  crl = crl->next;
1566 
1567  /*
1568  * Add new CRL on the end of the chain if needed.
1569  */
1570  if ( crl->version != 0 && crl->next == NULL)
1571  {
1572  crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1573 
1574  if( crl->next == NULL )
1575  {
1576  x509_crl_free( crl );
1578  }
1579 
1580  crl = crl->next;
1581  memset( crl, 0, sizeof( x509_crl ) );
1582  }
1583 
1584 #if defined(POLARSSL_PEM_C)
1585  pem_init( &pem );
1586  ret = pem_read_buffer( &pem,
1587  "-----BEGIN X509 CRL-----",
1588  "-----END X509 CRL-----",
1589  buf, NULL, 0, &use_len );
1590 
1591  if( ret == 0 )
1592  {
1593  /*
1594  * Was PEM encoded
1595  */
1596  buflen -= use_len;
1597  buf += use_len;
1598 
1599  /*
1600  * Steal PEM buffer
1601  */
1602  p = pem.buf;
1603  pem.buf = NULL;
1604  len = pem.buflen;
1605  pem_free( &pem );
1606  }
1608  {
1609  pem_free( &pem );
1610  return( ret );
1611  }
1612  else
1613  {
1614  /*
1615  * nope, copy the raw DER data
1616  */
1617  p = (unsigned char *) malloc( len = buflen );
1618 
1619  if( p == NULL )
1621 
1622  memcpy( p, buf, buflen );
1623 
1624  buflen = 0;
1625  }
1626 #else
1627  p = (unsigned char *) malloc( len = buflen );
1628 
1629  if( p == NULL )
1631 
1632  memcpy( p, buf, buflen );
1633 
1634  buflen = 0;
1635 #endif
1636 
1637  crl->raw.p = p;
1638  crl->raw.len = len;
1639  end = p + len;
1640 
1641  /*
1642  * CertificateList ::= SEQUENCE {
1643  * tbsCertList TBSCertList,
1644  * signatureAlgorithm AlgorithmIdentifier,
1645  * signatureValue BIT STRING }
1646  */
1647  if( ( ret = asn1_get_tag( &p, end, &len,
1648  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1649  {
1650  x509_crl_free( crl );
1652  }
1653 
1654  if( len != (size_t) ( end - p ) )
1655  {
1656  x509_crl_free( crl );
1659  }
1660 
1661  /*
1662  * TBSCertList ::= SEQUENCE {
1663  */
1664  crl->tbs.p = p;
1665 
1666  if( ( ret = asn1_get_tag( &p, end, &len,
1667  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1668  {
1669  x509_crl_free( crl );
1670  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1671  }
1672 
1673  end = p + len;
1674  crl->tbs.len = end - crl->tbs.p;
1675 
1676  /*
1677  * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
1678  * -- if present, MUST be v2
1679  *
1680  * signature AlgorithmIdentifier
1681  */
1682  if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
1683  ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
1684  {
1685  x509_crl_free( crl );
1686  return( ret );
1687  }
1688 
1689  crl->version++;
1690 
1691  if( crl->version > 2 )
1692  {
1693  x509_crl_free( crl );
1695  }
1696 
1697  if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_alg ) ) != 0 )
1698  {
1699  x509_crl_free( crl );
1701  }
1702 
1703  /*
1704  * issuer Name
1705  */
1706  crl->issuer_raw.p = p;
1707 
1708  if( ( ret = asn1_get_tag( &p, end, &len,
1709  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1710  {
1711  x509_crl_free( crl );
1712  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1713  }
1714 
1715  if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
1716  {
1717  x509_crl_free( crl );
1718  return( ret );
1719  }
1720 
1721  crl->issuer_raw.len = p - crl->issuer_raw.p;
1722 
1723  /*
1724  * thisUpdate Time
1725  * nextUpdate Time OPTIONAL
1726  */
1727  if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
1728  {
1729  x509_crl_free( crl );
1730  return( ret );
1731  }
1732 
1733  if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
1734  {
1735  if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
1739  {
1740  x509_crl_free( crl );
1741  return( ret );
1742  }
1743  }
1744 
1745  /*
1746  * revokedCertificates SEQUENCE OF SEQUENCE {
1747  * userCertificate CertificateSerialNumber,
1748  * revocationDate Time,
1749  * crlEntryExtensions Extensions OPTIONAL
1750  * -- if present, MUST be v2
1751  * } OPTIONAL
1752  */
1753  if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
1754  {
1755  x509_crl_free( crl );
1756  return( ret );
1757  }
1758 
1759  /*
1760  * crlExtensions EXPLICIT Extensions OPTIONAL
1761  * -- if present, MUST be v2
1762  */
1763  if( crl->version == 2 )
1764  {
1765  ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
1766 
1767  if( ret != 0 )
1768  {
1769  x509_crl_free( crl );
1770  return( ret );
1771  }
1772  }
1773 
1774  if( p != end )
1775  {
1776  x509_crl_free( crl );
1779  }
1780 
1781  end = crl->raw.p + crl->raw.len;
1782 
1783  /*
1784  * signatureAlgorithm AlgorithmIdentifier,
1785  * signatureValue BIT STRING
1786  */
1787  if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
1788  {
1789  x509_crl_free( crl );
1790  return( ret );
1791  }
1792 
1793  if( crl->sig_oid1.len != crl->sig_oid2.len ||
1794  memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
1795  {
1796  x509_crl_free( crl );
1798  }
1799 
1800  if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
1801  {
1802  x509_crl_free( crl );
1803  return( ret );
1804  }
1805 
1806  if( p != end )
1807  {
1808  x509_crl_free( crl );
1811  }
1812 
1813  if( buflen > 0 )
1814  {
1815  crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1816 
1817  if( crl->next == NULL )
1818  {
1819  x509_crl_free( crl );
1821  }
1822 
1823  crl = crl->next;
1824  memset( crl, 0, sizeof( x509_crl ) );
1825 
1826  return( x509parse_crl( crl, buf, buflen ) );
1827  }
1828 
1829  return( 0 );
1830 }
1831 
1832 #if defined(POLARSSL_FS_IO)
1833 /*
1834  * Load all data from a file into a given buffer.
1835  */
1836 int load_file( const char *path, unsigned char **buf, size_t *n )
1837 {
1838  FILE *f;
1839 
1840  if( ( f = fopen( path, "rb" ) ) == NULL )
1842 
1843  fseek( f, 0, SEEK_END );
1844  *n = (size_t) ftell( f );
1845  fseek( f, 0, SEEK_SET );
1846 
1847  if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
1849 
1850  if( fread( *buf, 1, *n, f ) != *n )
1851  {
1852  fclose( f );
1853  free( *buf );
1855  }
1856 
1857  fclose( f );
1858 
1859  (*buf)[*n] = '\0';
1860 
1861  return( 0 );
1862 }
1863 
1864 /*
1865  * Load one or more certificates and add them to the chained list
1866  */
1867 int x509parse_crtfile( x509_cert *chain, const char *path )
1868 {
1869  int ret;
1870  size_t n;
1871  unsigned char *buf;
1872 
1873  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1874  return( ret );
1875 
1876  ret = x509parse_crt( chain, buf, n );
1877 
1878  memset( buf, 0, n + 1 );
1879  free( buf );
1880 
1881  return( ret );
1882 }
1883 
1884 int x509parse_crtpath( x509_cert *chain, const char *path )
1885 {
1886  int ret = 0;
1887 #if defined(_WIN32)
1888  int w_ret;
1889  WCHAR szDir[MAX_PATH];
1890  char filename[MAX_PATH];
1891  char *p;
1892  int len = strlen( path );
1893 
1894  WIN32_FIND_DATAW file_data;
1895  HANDLE hFind;
1896 
1897  if( len > MAX_PATH - 3 )
1899 
1900  memset( szDir, 0, sizeof(szDir) );
1901  memset( filename, 0, MAX_PATH );
1902  memcpy( filename, path, len );
1903  filename[len++] = '\\';
1904  p = filename + len;
1905  filename[len++] = '*';
1906 
1907  w_ret = MultiByteToWideChar( CP_ACP, 0, path, len, szDir, MAX_PATH - 3 );
1908 
1909  hFind = FindFirstFileW( szDir, &file_data );
1910  if (hFind == INVALID_HANDLE_VALUE)
1912 
1913  len = MAX_PATH - len;
1914  do
1915  {
1916  memset( p, 0, len );
1917 
1918  if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1919  continue;
1920 
1921  w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1922  lstrlenW(file_data.cFileName),
1923  p, len - 1,
1924  NULL, NULL );
1925 
1926  w_ret = x509parse_crtfile( chain, filename );
1927  if( w_ret < 0 )
1928  ret++;
1929  else
1930  ret += w_ret;
1931  }
1932  while( FindNextFileW( hFind, &file_data ) != 0 );
1933 
1934  if (GetLastError() != ERROR_NO_MORE_FILES)
1936 
1937 cleanup:
1938  FindClose( hFind );
1939 #else
1940  int t_ret, i;
1941  struct stat sb;
1942  struct dirent entry, *result = NULL;
1943  char entry_name[255];
1944  DIR *dir = opendir( path );
1945 
1946  if( dir == NULL)
1948 
1949  while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
1950  {
1951  if( result == NULL )
1952  break;
1953 
1954  snprintf( entry_name, sizeof(entry_name), "%s/%s", path, entry.d_name );
1955 
1956  i = stat( entry_name, &sb );
1957 
1958  if( i == -1 )
1960 
1961  if( !S_ISREG( sb.st_mode ) )
1962  continue;
1963 
1964  // Ignore parse errors
1965  //
1966  t_ret = x509parse_crtfile( chain, entry_name );
1967  if( t_ret < 0 )
1968  ret++;
1969  else
1970  ret += t_ret;
1971  }
1972  closedir( dir );
1973 #endif
1974 
1975  return( ret );
1976 }
1977 
1978 /*
1979  * Load one or more CRLs and add them to the chained list
1980  */
1981 int x509parse_crlfile( x509_crl *chain, const char *path )
1982 {
1983  int ret;
1984  size_t n;
1985  unsigned char *buf;
1986 
1987  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1988  return( ret );
1989 
1990  ret = x509parse_crl( chain, buf, n );
1991 
1992  memset( buf, 0, n + 1 );
1993  free( buf );
1994 
1995  return( ret );
1996 }
1997 
1998 /*
1999  * Load and parse a private RSA key
2000  */
2001 int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
2002 {
2003  int ret;
2004  size_t n;
2005  unsigned char *buf;
2006 
2007  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2008  return( ret );
2009 
2010  if( pwd == NULL )
2011  ret = x509parse_key( rsa, buf, n, NULL, 0 );
2012  else
2013  ret = x509parse_key( rsa, buf, n,
2014  (unsigned char *) pwd, strlen( pwd ) );
2015 
2016  memset( buf, 0, n + 1 );
2017  free( buf );
2018 
2019  return( ret );
2020 }
2021 
2022 /*
2023  * Load and parse a public RSA key
2024  */
2025 int x509parse_public_keyfile( rsa_context *rsa, const char *path )
2026 {
2027  int ret;
2028  size_t n;
2029  unsigned char *buf;
2030 
2031  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2032  return( ret );
2033 
2034  ret = x509parse_public_key( rsa, buf, n );
2035 
2036  memset( buf, 0, n + 1 );
2037  free( buf );
2038 
2039  return( ret );
2040 }
2041 #endif /* POLARSSL_FS_IO */
2042 
2043 /*
2044  * Parse a PKCS#1 encoded private RSA key
2045  */
2046 static int x509parse_key_pkcs1_der( rsa_context *rsa,
2047  const unsigned char *key,
2048  size_t keylen )
2049 {
2050  int ret;
2051  size_t len;
2052  unsigned char *p, *end;
2053 
2054  p = (unsigned char *) key;
2055  end = p + keylen;
2056 
2057  /*
2058  * This function parses the RSAPrivateKey (PKCS#1)
2059  *
2060  * RSAPrivateKey ::= SEQUENCE {
2061  * version Version,
2062  * modulus INTEGER, -- n
2063  * publicExponent INTEGER, -- e
2064  * privateExponent INTEGER, -- d
2065  * prime1 INTEGER, -- p
2066  * prime2 INTEGER, -- q
2067  * exponent1 INTEGER, -- d mod (p-1)
2068  * exponent2 INTEGER, -- d mod (q-1)
2069  * coefficient INTEGER, -- (inverse of q) mod p
2070  * otherPrimeInfos OtherPrimeInfos OPTIONAL
2071  * }
2072  */
2073  if( ( ret = asn1_get_tag( &p, end, &len,
2074  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2075  {
2076  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2077  }
2078 
2079  end = p + len;
2080 
2081  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2082  {
2083  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2084  }
2085 
2086  if( rsa->ver != 0 )
2087  {
2088  return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2089  }
2090 
2091  if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
2092  ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
2093  ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
2094  ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
2095  ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
2096  ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
2097  ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
2098  ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
2099  {
2100  rsa_free( rsa );
2101  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2102  }
2103 
2104  rsa->len = mpi_size( &rsa->N );
2105 
2106  if( p != end )
2107  {
2108  rsa_free( rsa );
2111  }
2112 
2113  if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
2114  {
2115  rsa_free( rsa );
2116  return( ret );
2117  }
2118 
2119  return( 0 );
2120 }
2121 
2122 /*
2123  * Parse an unencrypted PKCS#8 encoded private RSA key
2124  */
2125 static int x509parse_key_pkcs8_unencrypted_der(
2126  rsa_context *rsa,
2127  const unsigned char *key,
2128  size_t keylen )
2129 {
2130  int ret;
2131  size_t len;
2132  unsigned char *p, *end;
2133  x509_buf pk_alg_oid;
2134 
2135  p = (unsigned char *) key;
2136  end = p + keylen;
2137 
2138  /*
2139  * This function parses the PrivatKeyInfo object (PKCS#8)
2140  *
2141  * PrivateKeyInfo ::= SEQUENCE {
2142  * version Version,
2143  * algorithm AlgorithmIdentifier,
2144  * PrivateKey BIT STRING
2145  * }
2146  *
2147  * AlgorithmIdentifier ::= SEQUENCE {
2148  * algorithm OBJECT IDENTIFIER,
2149  * parameters ANY DEFINED BY algorithm OPTIONAL
2150  * }
2151  *
2152  * The PrivateKey BIT STRING is a PKCS#1 RSAPrivateKey
2153  */
2154  if( ( ret = asn1_get_tag( &p, end, &len,
2155  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2156  {
2157  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2158  }
2159 
2160  end = p + len;
2161 
2162  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2163  {
2164  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2165  }
2166 
2167  if( rsa->ver != 0 )
2168  {
2169  return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2170  }
2171 
2172  if( ( ret = x509_get_alg( &p, end, &pk_alg_oid ) ) != 0 )
2173  {
2174  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2175  }
2176 
2177  /*
2178  * only RSA keys handled at this time
2179  */
2180  if( pk_alg_oid.len != 9 ||
2181  memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) != 0 )
2182  {
2184  }
2185 
2186  /*
2187  * Get the OCTET STRING and parse the PKCS#1 format inside
2188  */
2189  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
2190  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2191 
2192  if( ( end - p ) < 1 )
2193  {
2196  }
2197 
2198  end = p + len;
2199 
2200  if( ( ret = x509parse_key_pkcs1_der( rsa, p, end - p ) ) != 0 )
2201  return( ret );
2202 
2203  return( 0 );
2204 }
2205 
2206 /*
2207  * Parse an encrypted PKCS#8 encoded private RSA key
2208  */
2209 static int x509parse_key_pkcs8_encrypted_der(
2210  rsa_context *rsa,
2211  const unsigned char *key,
2212  size_t keylen,
2213  const unsigned char *pwd,
2214  size_t pwdlen )
2215 {
2216  int ret;
2217  size_t len;
2218  unsigned char *p, *end, *end2;
2219  x509_buf pbe_alg_oid, pbe_params;
2220  unsigned char buf[2048];
2221 
2222  memset(buf, 0, 2048);
2223 
2224  p = (unsigned char *) key;
2225  end = p + keylen;
2226 
2227  if( pwdlen == 0 )
2229 
2230  /*
2231  * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
2232  *
2233  * EncryptedPrivateKeyInfo ::= SEQUENCE {
2234  * encryptionAlgorithm EncryptionAlgorithmIdentifier,
2235  * encryptedData EncryptedData
2236  * }
2237  *
2238  * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
2239  *
2240  * EncryptedData ::= OCTET STRING
2241  *
2242  * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
2243  */
2244  if( ( ret = asn1_get_tag( &p, end, &len,
2245  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2246  {
2247  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2248  }
2249 
2250  end = p + len;
2251 
2252  if( ( ret = asn1_get_tag( &p, end, &len,
2253  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2254  {
2255  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2256  }
2257 
2258  end2 = p + len;
2259 
2260  if( ( ret = asn1_get_tag( &p, end, &pbe_alg_oid.len, ASN1_OID ) ) != 0 )
2261  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2262 
2263  pbe_alg_oid.p = p;
2264  p += pbe_alg_oid.len;
2265 
2266  /*
2267  * Store the algorithm parameters
2268  */
2269  pbe_params.p = p;
2270  pbe_params.len = end2 - p;
2271  p += pbe_params.len;
2272 
2273  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
2274  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2275 
2276  // buf has been sized to 2048 bytes
2277  if( len > 2048 )
2279 
2280  /*
2281  * Decrypt EncryptedData with appropriate PDE
2282  */
2283 #if defined(POLARSSL_PKCS12_C)
2284  if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) )
2285  {
2286  if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
2288  pwd, pwdlen, p, len, buf ) ) != 0 )
2289  {
2292 
2293  return( ret );
2294  }
2295  }
2296  else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) )
2297  {
2298  if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
2300  pwd, pwdlen, p, len, buf ) ) != 0 )
2301  {
2304 
2305  return( ret );
2306  }
2307  }
2308  else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
2309  {
2310  if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
2312  pwd, pwdlen,
2313  p, len, buf ) ) != 0 )
2314  {
2315  return( ret );
2316  }
2317 
2318  // Best guess for password mismatch when using RC4. If first tag is
2319  // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
2320  //
2321  if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
2323  }
2324  else
2325 #endif /* POLARSSL_PKCS12_C */
2326 #if defined(POLARSSL_PKCS5_C)
2327  if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
2328  {
2329  if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
2330  p, len, buf ) ) != 0 )
2331  {
2334 
2335  return( ret );
2336  }
2337  }
2338  else
2339 #endif /* POLARSSL_PKCS5_C */
2341 
2342  return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len );
2343 }
2344 
2345 /*
2346  * Parse a private RSA key
2347  */
2348 int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
2349  const unsigned char *pwd, size_t pwdlen )
2350 {
2351  int ret;
2352 
2353 #if defined(POLARSSL_PEM_C)
2354  size_t len;
2355  pem_context pem;
2356 
2357  pem_init( &pem );
2358  ret = pem_read_buffer( &pem,
2359  "-----BEGIN RSA PRIVATE KEY-----",
2360  "-----END RSA PRIVATE KEY-----",
2361  key, pwd, pwdlen, &len );
2362  if( ret == 0 )
2363  {
2364  if( ( ret = x509parse_key_pkcs1_der( rsa, pem.buf, pem.buflen ) ) != 0 )
2365  {
2366  rsa_free( rsa );
2367  }
2368 
2369  pem_free( &pem );
2370  return( ret );
2371  }
2372  else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
2374  else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
2377  return( ret );
2378 
2379  ret = pem_read_buffer( &pem,
2380  "-----BEGIN PRIVATE KEY-----",
2381  "-----END PRIVATE KEY-----",
2382  key, NULL, 0, &len );
2383  if( ret == 0 )
2384  {
2385  if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa,
2386  pem.buf, pem.buflen ) ) != 0 )
2387  {
2388  rsa_free( rsa );
2389  }
2390 
2391  pem_free( &pem );
2392  return( ret );
2393  }
2395  return( ret );
2396 
2397  ret = pem_read_buffer( &pem,
2398  "-----BEGIN ENCRYPTED PRIVATE KEY-----",
2399  "-----END ENCRYPTED PRIVATE KEY-----",
2400  key, NULL, 0, &len );
2401  if( ret == 0 )
2402  {
2403  if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa,
2404  pem.buf, pem.buflen,
2405  pwd, pwdlen ) ) != 0 )
2406  {
2407  rsa_free( rsa );
2408  }
2409 
2410  pem_free( &pem );
2411  return( ret );
2412  }
2414  return( ret );
2415 #else
2416  ((void) pwd);
2417  ((void) pwdlen);
2418 #endif /* POLARSSL_PEM_C */
2419 
2420  // At this point we only know it's not a PEM formatted key. Could be any
2421  // of the known DER encoded private key formats
2422  //
2423  // We try the different DER format parsers to see if one passes without
2424  // error
2425  //
2426  if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, key, keylen,
2427  pwd, pwdlen ) ) == 0 )
2428  {
2429  return( 0 );
2430  }
2431 
2432  rsa_free( rsa );
2433 
2435  {
2436  return( ret );
2437  }
2438 
2439  if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) == 0 )
2440  return( 0 );
2441 
2442  rsa_free( rsa );
2443 
2444  if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) == 0 )
2445  return( 0 );
2446 
2447  rsa_free( rsa );
2448 
2450 }
2451 
2452 /*
2453  * Parse a public RSA key
2454  */
2455 int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t keylen )
2456 {
2457  int ret;
2458  size_t len;
2459  unsigned char *p, *end;
2460  x509_buf alg_oid;
2461 #if defined(POLARSSL_PEM_C)
2462  pem_context pem;
2463 
2464  pem_init( &pem );
2465  ret = pem_read_buffer( &pem,
2466  "-----BEGIN PUBLIC KEY-----",
2467  "-----END PUBLIC KEY-----",
2468  key, NULL, 0, &len );
2469 
2470  if( ret == 0 )
2471  {
2472  /*
2473  * Was PEM encoded
2474  */
2475  keylen = pem.buflen;
2476  }
2478  {
2479  pem_free( &pem );
2480  return( ret );
2481  }
2482 
2483  p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
2484 #else
2485  p = (unsigned char *) key;
2486 #endif
2487  end = p + keylen;
2488 
2489  /*
2490  * PublicKeyInfo ::= SEQUENCE {
2491  * algorithm AlgorithmIdentifier,
2492  * PublicKey BIT STRING
2493  * }
2494  *
2495  * AlgorithmIdentifier ::= SEQUENCE {
2496  * algorithm OBJECT IDENTIFIER,
2497  * parameters ANY DEFINED BY algorithm OPTIONAL
2498  * }
2499  *
2500  * RSAPublicKey ::= SEQUENCE {
2501  * modulus INTEGER, -- n
2502  * publicExponent INTEGER -- e
2503  * }
2504  */
2505 
2506  if( ( ret = asn1_get_tag( &p, end, &len,
2507  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2508  {
2509 #if defined(POLARSSL_PEM_C)
2510  pem_free( &pem );
2511 #endif
2512  rsa_free( rsa );
2513  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
2514  }
2515 
2516  if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->N, &rsa->E ) ) != 0 )
2517  {
2518 #if defined(POLARSSL_PEM_C)
2519  pem_free( &pem );
2520 #endif
2521  rsa_free( rsa );
2522  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2523  }
2524 
2525  if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
2526  {
2527 #if defined(POLARSSL_PEM_C)
2528  pem_free( &pem );
2529 #endif
2530  rsa_free( rsa );
2531  return( ret );
2532  }
2533 
2534  rsa->len = mpi_size( &rsa->N );
2535 
2536 #if defined(POLARSSL_PEM_C)
2537  pem_free( &pem );
2538 #endif
2539 
2540  return( 0 );
2541 }
2542 
2543 #if defined(POLARSSL_DHM_C)
2544 /*
2545  * Parse DHM parameters
2546  */
2547 int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
2548 {
2549  int ret;
2550  size_t len;
2551  unsigned char *p, *end;
2552 #if defined(POLARSSL_PEM_C)
2553  pem_context pem;
2554 
2555  pem_init( &pem );
2556 
2557  ret = pem_read_buffer( &pem,
2558  "-----BEGIN DH PARAMETERS-----",
2559  "-----END DH PARAMETERS-----",
2560  dhmin, NULL, 0, &dhminlen );
2561 
2562  if( ret == 0 )
2563  {
2564  /*
2565  * Was PEM encoded
2566  */
2567  dhminlen = pem.buflen;
2568  }
2570  {
2571  pem_free( &pem );
2572  return( ret );
2573  }
2574 
2575  p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
2576 #else
2577  p = (unsigned char *) dhmin;
2578 #endif
2579  end = p + dhminlen;
2580 
2581  memset( dhm, 0, sizeof( dhm_context ) );
2582 
2583  /*
2584  * DHParams ::= SEQUENCE {
2585  * prime INTEGER, -- P
2586  * generator INTEGER, -- g
2587  * }
2588  */
2589  if( ( ret = asn1_get_tag( &p, end, &len,
2590  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2591  {
2592 #if defined(POLARSSL_PEM_C)
2593  pem_free( &pem );
2594 #endif
2595  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2596  }
2597 
2598  end = p + len;
2599 
2600  if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
2601  ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
2602  {
2603 #if defined(POLARSSL_PEM_C)
2604  pem_free( &pem );
2605 #endif
2606  dhm_free( dhm );
2607  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2608  }
2609 
2610  if( p != end )
2611  {
2612 #if defined(POLARSSL_PEM_C)
2613  pem_free( &pem );
2614 #endif
2615  dhm_free( dhm );
2618  }
2619 
2620 #if defined(POLARSSL_PEM_C)
2621  pem_free( &pem );
2622 #endif
2623 
2624  return( 0 );
2625 }
2626 
2627 #if defined(POLARSSL_FS_IO)
2628 /*
2629  * Load and parse a private RSA key
2630  */
2631 int x509parse_dhmfile( dhm_context *dhm, const char *path )
2632 {
2633  int ret;
2634  size_t n;
2635  unsigned char *buf;
2636 
2637  if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2638  return( ret );
2639 
2640  ret = x509parse_dhm( dhm, buf, n );
2641 
2642  memset( buf, 0, n + 1 );
2643  free( buf );
2644 
2645  return( ret );
2646 }
2647 #endif /* POLARSSL_FS_IO */
2648 #endif /* POLARSSL_DHM_C */
2649 
2650 #if defined _MSC_VER && !defined snprintf
2651 #include <stdarg.h>
2652 
2653 #if !defined vsnprintf
2654 #define vsnprintf _vsnprintf
2655 #endif // vsnprintf
2656 
2657 /*
2658  * Windows _snprintf and _vsnprintf are not compatible to linux versions.
2659  * Result value is not size of buffer needed, but -1 if no fit is possible.
2660  *
2661  * This fuction tries to 'fix' this by at least suggesting enlarging the
2662  * size by 20.
2663  */
2664 int compat_snprintf(char *str, size_t size, const char *format, ...)
2665 {
2666  va_list ap;
2667  int res = -1;
2668 
2669  va_start( ap, format );
2670 
2671  res = vsnprintf( str, size, format, ap );
2672 
2673  va_end( ap );
2674 
2675  // No quick fix possible
2676  if ( res < 0 )
2677  return( (int) size + 20 );
2678 
2679  return res;
2680 }
2681 
2682 #define snprintf compat_snprintf
2683 #endif
2684 
2685 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2686 
2687 #define SAFE_SNPRINTF() \
2688 { \
2689  if( ret == -1 ) \
2690  return( -1 ); \
2691  \
2692  if ( (unsigned int) ret > n ) { \
2693  p[n - 1] = '\0'; \
2694  return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2695  } \
2696  \
2697  n -= (unsigned int) ret; \
2698  p += (unsigned int) ret; \
2699 }
2700 
2701 /*
2702  * Store the name in printable form into buf; no more
2703  * than size characters will be written
2704  */
2705 int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
2706 {
2707  int ret;
2708  size_t i, n;
2709  unsigned char c;
2710  const x509_name *name;
2711  char s[128], *p;
2712 
2713  memset( s, 0, sizeof( s ) );
2714 
2715  name = dn;
2716  p = buf;
2717  n = size;
2718 
2719  while( name != NULL )
2720  {
2721  if( !name->oid.p )
2722  {
2723  name = name->next;
2724  continue;
2725  }
2726 
2727  if( name != dn )
2728  {
2729  ret = snprintf( p, n, ", " );
2730  SAFE_SNPRINTF();
2731  }
2732 
2733  if( name->oid.len == 3 &&
2734  memcmp( name->oid.p, OID_X520, 2 ) == 0 )
2735  {
2736  switch( name->oid.p[2] )
2737  {
2738  case X520_COMMON_NAME:
2739  ret = snprintf( p, n, "CN=" ); break;
2740 
2741  case X520_COUNTRY:
2742  ret = snprintf( p, n, "C=" ); break;
2743 
2744  case X520_LOCALITY:
2745  ret = snprintf( p, n, "L=" ); break;
2746 
2747  case X520_STATE:
2748  ret = snprintf( p, n, "ST=" ); break;
2749 
2750  case X520_ORGANIZATION:
2751  ret = snprintf( p, n, "O=" ); break;
2752 
2753  case X520_ORG_UNIT:
2754  ret = snprintf( p, n, "OU=" ); break;
2755 
2756  default:
2757  ret = snprintf( p, n, "0x%02X=",
2758  name->oid.p[2] );
2759  break;
2760  }
2761  SAFE_SNPRINTF();
2762  }
2763  else if( name->oid.len == 9 &&
2764  memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
2765  {
2766  switch( name->oid.p[8] )
2767  {
2768  case PKCS9_EMAIL:
2769  ret = snprintf( p, n, "emailAddress=" ); break;
2770 
2771  default:
2772  ret = snprintf( p, n, "0x%02X=",
2773  name->oid.p[8] );
2774  break;
2775  }
2776  SAFE_SNPRINTF();
2777  }
2778  else
2779  {
2780  ret = snprintf( p, n, "\?\?=" );
2781  SAFE_SNPRINTF();
2782  }
2783 
2784  for( i = 0; i < name->val.len; i++ )
2785  {
2786  if( i >= sizeof( s ) - 1 )
2787  break;
2788 
2789  c = name->val.p[i];
2790  if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2791  s[i] = '?';
2792  else s[i] = c;
2793  }
2794  s[i] = '\0';
2795  ret = snprintf( p, n, "%s", s );
2796  SAFE_SNPRINTF();
2797  name = name->next;
2798  }
2799 
2800  return( (int) ( size - n ) );
2801 }
2802 
2803 /*
2804  * Store the serial in printable form into buf; no more
2805  * than size characters will be written
2806  */
2807 int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
2808 {
2809  int ret;
2810  size_t i, n, nr;
2811  char *p;
2812 
2813  p = buf;
2814  n = size;
2815 
2816  nr = ( serial->len <= 32 )
2817  ? serial->len : 28;
2818 
2819  for( i = 0; i < nr; i++ )
2820  {
2821  if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
2822  continue;
2823 
2824  ret = snprintf( p, n, "%02X%s",
2825  serial->p[i], ( i < nr - 1 ) ? ":" : "" );
2826  SAFE_SNPRINTF();
2827  }
2828 
2829  if( nr != serial->len )
2830  {
2831  ret = snprintf( p, n, "...." );
2832  SAFE_SNPRINTF();
2833  }
2834 
2835  return( (int) ( size - n ) );
2836 }
2837 
2838 /*
2839  * Return an informational string about the certificate.
2840  */
2841 int x509parse_cert_info( char *buf, size_t size, const char *prefix,
2842  const x509_cert *crt )
2843 {
2844  int ret;
2845  size_t n;
2846  char *p;
2847 
2848  p = buf;
2849  n = size;
2850 
2851  ret = snprintf( p, n, "%scert. version : %d\n",
2852  prefix, crt->version );
2853  SAFE_SNPRINTF();
2854  ret = snprintf( p, n, "%sserial number : ",
2855  prefix );
2856  SAFE_SNPRINTF();
2857 
2858  ret = x509parse_serial_gets( p, n, &crt->serial);
2859  SAFE_SNPRINTF();
2860 
2861  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2862  SAFE_SNPRINTF();
2863  ret = x509parse_dn_gets( p, n, &crt->issuer );
2864  SAFE_SNPRINTF();
2865 
2866  ret = snprintf( p, n, "\n%ssubject name : ", prefix );
2867  SAFE_SNPRINTF();
2868  ret = x509parse_dn_gets( p, n, &crt->subject );
2869  SAFE_SNPRINTF();
2870 
2871  ret = snprintf( p, n, "\n%sissued on : " \
2872  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2873  crt->valid_from.year, crt->valid_from.mon,
2874  crt->valid_from.day, crt->valid_from.hour,
2875  crt->valid_from.min, crt->valid_from.sec );
2876  SAFE_SNPRINTF();
2877 
2878  ret = snprintf( p, n, "\n%sexpires on : " \
2879  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2880  crt->valid_to.year, crt->valid_to.mon,
2881  crt->valid_to.day, crt->valid_to.hour,
2882  crt->valid_to.min, crt->valid_to.sec );
2883  SAFE_SNPRINTF();
2884 
2885  ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2886  SAFE_SNPRINTF();
2887 
2888  switch( crt->sig_alg )
2889  {
2890  case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2891  case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2892  case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2893  case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2894  case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2895  case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2896  case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2897  case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2898  default: ret = snprintf( p, n, "???" ); break;
2899  }
2900  SAFE_SNPRINTF();
2901 
2902  ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
2903  (int) crt->rsa.N.n * (int) sizeof( t_uint ) * 8 );
2904  SAFE_SNPRINTF();
2905 
2906  return( (int) ( size - n ) );
2907 }
2908 
2909 /*
2910  * Return an informational string describing the given OID
2911  */
2912 const char *x509_oid_get_description( x509_buf *oid )
2913 {
2914  if ( oid == NULL )
2915  return ( NULL );
2916 
2917  else if( OID_CMP( OID_SERVER_AUTH, oid ) )
2918  return( STRING_SERVER_AUTH );
2919 
2920  else if( OID_CMP( OID_CLIENT_AUTH, oid ) )
2921  return( STRING_CLIENT_AUTH );
2922 
2923  else if( OID_CMP( OID_CODE_SIGNING, oid ) )
2924  return( STRING_CODE_SIGNING );
2925 
2926  else if( OID_CMP( OID_EMAIL_PROTECTION, oid ) )
2927  return( STRING_EMAIL_PROTECTION );
2928 
2929  else if( OID_CMP( OID_TIME_STAMPING, oid ) )
2930  return( STRING_TIME_STAMPING );
2931 
2932  else if( OID_CMP( OID_OCSP_SIGNING, oid ) )
2933  return( STRING_OCSP_SIGNING );
2934 
2935  return( NULL );
2936 }
2937 
2938 /* Return the x.y.z.... style numeric string for the given OID */
2939 int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
2940 {
2941  int ret;
2942  size_t i, n;
2943  unsigned int value;
2944  char *p;
2945 
2946  p = buf;
2947  n = size;
2948 
2949  /* First byte contains first two dots */
2950  if( oid->len > 0 )
2951  {
2952  ret = snprintf( p, n, "%d.%d", oid->p[0]/40, oid->p[0]%40 );
2953  SAFE_SNPRINTF();
2954  }
2955 
2956  /* TODO: value can overflow in value. */
2957  value = 0;
2958  for( i = 1; i < oid->len; i++ )
2959  {
2960  value <<= 7;
2961  value += oid->p[i] & 0x7F;
2962 
2963  if( !( oid->p[i] & 0x80 ) )
2964  {
2965  /* Last byte */
2966  ret = snprintf( p, n, ".%d", value );
2967  SAFE_SNPRINTF();
2968  value = 0;
2969  }
2970  }
2971 
2972  return( (int) ( size - n ) );
2973 }
2974 
2975 /*
2976  * Return an informational string about the CRL.
2977  */
2978 int x509parse_crl_info( char *buf, size_t size, const char *prefix,
2979  const x509_crl *crl )
2980 {
2981  int ret;
2982  size_t n;
2983  char *p;
2984  const x509_crl_entry *entry;
2985 
2986  p = buf;
2987  n = size;
2988 
2989  ret = snprintf( p, n, "%sCRL version : %d",
2990  prefix, crl->version );
2991  SAFE_SNPRINTF();
2992 
2993  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2994  SAFE_SNPRINTF();
2995  ret = x509parse_dn_gets( p, n, &crl->issuer );
2996  SAFE_SNPRINTF();
2997 
2998  ret = snprintf( p, n, "\n%sthis update : " \
2999  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3000  crl->this_update.year, crl->this_update.mon,
3001  crl->this_update.day, crl->this_update.hour,
3002  crl->this_update.min, crl->this_update.sec );
3003  SAFE_SNPRINTF();
3004 
3005  ret = snprintf( p, n, "\n%snext update : " \
3006  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3007  crl->next_update.year, crl->next_update.mon,
3008  crl->next_update.day, crl->next_update.hour,
3009  crl->next_update.min, crl->next_update.sec );
3010  SAFE_SNPRINTF();
3011 
3012  entry = &crl->entry;
3013 
3014  ret = snprintf( p, n, "\n%sRevoked certificates:",
3015  prefix );
3016  SAFE_SNPRINTF();
3017 
3018  while( entry != NULL && entry->raw.len != 0 )
3019  {
3020  ret = snprintf( p, n, "\n%sserial number: ",
3021  prefix );
3022  SAFE_SNPRINTF();
3023 
3024  ret = x509parse_serial_gets( p, n, &entry->serial);
3025  SAFE_SNPRINTF();
3026 
3027  ret = snprintf( p, n, " revocation date: " \
3028  "%04d-%02d-%02d %02d:%02d:%02d",
3029  entry->revocation_date.year, entry->revocation_date.mon,
3030  entry->revocation_date.day, entry->revocation_date.hour,
3031  entry->revocation_date.min, entry->revocation_date.sec );
3032  SAFE_SNPRINTF();
3033 
3034  entry = entry->next;
3035  }
3036 
3037  ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
3038  SAFE_SNPRINTF();
3039 
3040  switch( crl->sig_alg )
3041  {
3042  case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
3043  case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
3044  case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
3045  case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
3046  case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
3047  case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
3048  case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
3049  case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
3050  default: ret = snprintf( p, n, "???" ); break;
3051  }
3052  SAFE_SNPRINTF();
3053 
3054  ret = snprintf( p, n, "\n" );
3055  SAFE_SNPRINTF();
3056 
3057  return( (int) ( size - n ) );
3058 }
3059 
3060 /*
3061  * Return 0 if the x509_time is still valid, or 1 otherwise.
3062  */
3063 int x509parse_time_expired( const x509_time *to )
3064 {
3065  int year, mon, day;
3066  int hour, min, sec;
3067 
3068 #if defined(_WIN32)
3069  SYSTEMTIME st;
3070 
3071  GetLocalTime(&st);
3072 
3073  year = st.wYear;
3074  mon = st.wMonth;
3075  day = st.wDay;
3076  hour = st.wHour;
3077  min = st.wMinute;
3078  sec = st.wSecond;
3079 #else
3080  struct tm *lt;
3081  time_t tt;
3082 
3083  tt = time( NULL );
3084  lt = localtime( &tt );
3085 
3086  year = lt->tm_year + 1900;
3087  mon = lt->tm_mon + 1;
3088  day = lt->tm_mday;
3089  hour = lt->tm_hour;
3090  min = lt->tm_min;
3091  sec = lt->tm_sec;
3092 #endif
3093 
3094  if( year > to->year )
3095  return( 1 );
3096 
3097  if( year == to->year &&
3098  mon > to->mon )
3099  return( 1 );
3100 
3101  if( year == to->year &&
3102  mon == to->mon &&
3103  day > to->day )
3104  return( 1 );
3105 
3106  if( year == to->year &&
3107  mon == to->mon &&
3108  day == to->day &&
3109  hour > to->hour )
3110  return( 1 );
3111 
3112  if( year == to->year &&
3113  mon == to->mon &&
3114  day == to->day &&
3115  hour == to->hour &&
3116  min > to->min )
3117  return( 1 );
3118 
3119  if( year == to->year &&
3120  mon == to->mon &&
3121  day == to->day &&
3122  hour == to->hour &&
3123  min == to->min &&
3124  sec > to->sec )
3125  return( 1 );
3126 
3127  return( 0 );
3128 }
3129 
3130 /*
3131  * Return 1 if the certificate is revoked, or 0 otherwise.
3132  */
3133 int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
3134 {
3135  const x509_crl_entry *cur = &crl->entry;
3136 
3137  while( cur != NULL && cur->serial.len != 0 )
3138  {
3139  if( crt->serial.len == cur->serial.len &&
3140  memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
3141  {
3143  return( 1 );
3144  }
3145 
3146  cur = cur->next;
3147  }
3148 
3149  return( 0 );
3150 }
3151 
3152 /*
3153  * Wrapper for x509 hashes.
3154  */
3155 static void x509_hash( const unsigned char *in, size_t len, int alg,
3156  unsigned char *out )
3157 {
3158  switch( alg )
3159  {
3160 #if defined(POLARSSL_MD2_C)
3161  case SIG_RSA_MD2 : md2( in, len, out ); break;
3162 #endif
3163 #if defined(POLARSSL_MD4_C)
3164  case SIG_RSA_MD4 : md4( in, len, out ); break;
3165 #endif
3166 #if defined(POLARSSL_MD5_C)
3167  case SIG_RSA_MD5 : md5( in, len, out ); break;
3168 #endif
3169 #if defined(POLARSSL_SHA1_C)
3170  case SIG_RSA_SHA1 : sha1( in, len, out ); break;
3171 #endif
3172 #if defined(POLARSSL_SHA2_C)
3173  case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
3174  case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
3175 #endif
3176 #if defined(POLARSSL_SHA4_C)
3177  case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
3178  case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
3179 #endif
3180  default:
3181  memset( out, '\xFF', 64 );
3182  break;
3183  }
3184 }
3185 
3186 /*
3187  * Check that the given certificate is valid accoring to the CRL.
3188  */
3189 static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
3190  x509_crl *crl_list)
3191 {
3192  int flags = 0;
3193  int hash_id;
3194  unsigned char hash[64];
3195 
3196  if( ca == NULL )
3197  return( flags );
3198 
3199  /*
3200  * TODO: What happens if no CRL is present?
3201  * Suggestion: Revocation state should be unknown if no CRL is present.
3202  * For backwards compatibility this is not yet implemented.
3203  */
3204 
3205  while( crl_list != NULL )
3206  {
3207  if( crl_list->version == 0 ||
3208  crl_list->issuer_raw.len != ca->subject_raw.len ||
3209  memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
3210  crl_list->issuer_raw.len ) != 0 )
3211  {
3212  crl_list = crl_list->next;
3213  continue;
3214  }
3215 
3216  /*
3217  * Check if CRL is correctly signed by the trusted CA
3218  */
3219  hash_id = crl_list->sig_alg;
3220 
3221  x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
3222 
3223  if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC, hash_id,
3224  0, hash, crl_list->sig.p ) == 0 )
3225  {
3226  /*
3227  * CRL is not trusted
3228  */
3229  flags |= BADCRL_NOT_TRUSTED;
3230  break;
3231  }
3232 
3233  /*
3234  * Check for validity of CRL (Do not drop out)
3235  */
3236  if( x509parse_time_expired( &crl_list->next_update ) )
3237  flags |= BADCRL_EXPIRED;
3238 
3239  /*
3240  * Check if certificate is revoked
3241  */
3242  if( x509parse_revoked(crt, crl_list) )
3243  {
3244  flags |= BADCERT_REVOKED;
3245  break;
3246  }
3247 
3248  crl_list = crl_list->next;
3249  }
3250  return flags;
3251 }
3252 
3253 int x509_wildcard_verify( const char *cn, x509_buf *name )
3254 {
3255  size_t i;
3256  size_t cn_idx = 0;
3257 
3258  if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
3259  return( 0 );
3260 
3261  for( i = 0; i < strlen( cn ); ++i )
3262  {
3263  if( cn[i] == '.' )
3264  {
3265  cn_idx = i;
3266  break;
3267  }
3268  }
3269 
3270  if( cn_idx == 0 )
3271  return( 0 );
3272 
3273  if( strlen( cn ) - cn_idx == name->len - 1 &&
3274  memcmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
3275  {
3276  return( 1 );
3277  }
3278 
3279  return( 0 );
3280 }
3281 
3282 static int x509parse_verify_top(
3283  x509_cert *child, x509_cert *trust_ca,
3284  x509_crl *ca_crl, int path_cnt, int *flags,
3285  int (*f_vrfy)(void *, x509_cert *, int, int *),
3286  void *p_vrfy )
3287 {
3288  int hash_id, ret;
3289  int ca_flags = 0, check_path_cnt = path_cnt + 1;
3290  unsigned char hash[64];
3291 
3292  if( x509parse_time_expired( &child->valid_to ) )
3293  *flags |= BADCERT_EXPIRED;
3294 
3295  /*
3296  * Child is the top of the chain. Check against the trust_ca list.
3297  */
3298  *flags |= BADCERT_NOT_TRUSTED;
3299 
3300  while( trust_ca != NULL )
3301  {
3302  if( trust_ca->version == 0 ||
3303  child->issuer_raw.len != trust_ca->subject_raw.len ||
3304  memcmp( child->issuer_raw.p, trust_ca->subject_raw.p,
3305  child->issuer_raw.len ) != 0 )
3306  {
3307  trust_ca = trust_ca->next;
3308  continue;
3309  }
3310 
3311  /*
3312  * Reduce path_len to check against if top of the chain is
3313  * the same as the trusted CA
3314  */
3315  if( child->subject_raw.len == trust_ca->subject_raw.len &&
3316  memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
3317  child->issuer_raw.len ) == 0 )
3318  {
3319  check_path_cnt--;
3320  }
3321 
3322  if( trust_ca->max_pathlen > 0 &&
3323  trust_ca->max_pathlen < check_path_cnt )
3324  {
3325  trust_ca = trust_ca->next;
3326  continue;
3327  }
3328 
3329  hash_id = child->sig_alg;
3330 
3331  x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
3332 
3333  if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
3334  0, hash, child->sig.p ) != 0 )
3335  {
3336  trust_ca = trust_ca->next;
3337  continue;
3338  }
3339 
3340  /*
3341  * Top of chain is signed by a trusted CA
3342  */
3343  *flags &= ~BADCERT_NOT_TRUSTED;
3344  break;
3345  }
3346 
3347  /*
3348  * If top of chain is not the same as the trusted CA send a verify request
3349  * to the callback for any issues with validity and CRL presence for the
3350  * trusted CA certificate.
3351  */
3352  if( trust_ca != NULL &&
3353  ( child->subject_raw.len != trust_ca->subject_raw.len ||
3354  memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
3355  child->issuer_raw.len ) != 0 ) )
3356  {
3357  /* Check trusted CA's CRL for then chain's top crt */
3358  *flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
3359 
3360  if( x509parse_time_expired( &trust_ca->valid_to ) )
3361  ca_flags |= BADCERT_EXPIRED;
3362 
3363  if( NULL != f_vrfy )
3364  {
3365  if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
3366  return( ret );
3367  }
3368  }
3369 
3370  /* Call callback on top cert */
3371  if( NULL != f_vrfy )
3372  {
3373  if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
3374  return( ret );
3375  }
3376 
3377  *flags |= ca_flags;
3378 
3379  return( 0 );
3380 }
3381 
3382 static int x509parse_verify_child(
3383  x509_cert *child, x509_cert *parent, x509_cert *trust_ca,
3384  x509_crl *ca_crl, int path_cnt, int *flags,
3385  int (*f_vrfy)(void *, x509_cert *, int, int *),
3386  void *p_vrfy )
3387 {
3388  int hash_id, ret;
3389  int parent_flags = 0;
3390  unsigned char hash[64];
3391  x509_cert *grandparent;
3392 
3393  if( x509parse_time_expired( &child->valid_to ) )
3394  *flags |= BADCERT_EXPIRED;
3395 
3396  hash_id = child->sig_alg;
3397 
3398  x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
3399 
3400  if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC, hash_id, 0, hash,
3401  child->sig.p ) != 0 )
3402  *flags |= BADCERT_NOT_TRUSTED;
3403 
3404  /* Check trusted CA's CRL for the given crt */
3405  *flags |= x509parse_verifycrl(child, parent, ca_crl);
3406 
3407  grandparent = parent->next;
3408 
3409  while( grandparent != NULL )
3410  {
3411  if( grandparent->version == 0 ||
3412  grandparent->ca_istrue == 0 ||
3413  parent->issuer_raw.len != grandparent->subject_raw.len ||
3414  memcmp( parent->issuer_raw.p, grandparent->subject_raw.p,
3415  parent->issuer_raw.len ) != 0 )
3416  {
3417  grandparent = grandparent->next;
3418  continue;
3419  }
3420  break;
3421  }
3422 
3423  if( grandparent != NULL )
3424  {
3425  /*
3426  * Part of the chain
3427  */
3428  ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3429  if( ret != 0 )
3430  return( ret );
3431  }
3432  else
3433  {
3434  ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3435  if( ret != 0 )
3436  return( ret );
3437  }
3438 
3439  /* child is verified to be a child of the parent, call verify callback */
3440  if( NULL != f_vrfy )
3441  if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
3442  return( ret );
3443 
3444  *flags |= parent_flags;
3445 
3446  return( 0 );
3447 }
3448 
3449 /*
3450  * Verify the certificate validity
3451  */
3452 int x509parse_verify( x509_cert *crt,
3453  x509_cert *trust_ca,
3454  x509_crl *ca_crl,
3455  const char *cn, int *flags,
3456  int (*f_vrfy)(void *, x509_cert *, int, int *),
3457  void *p_vrfy )
3458 {
3459  size_t cn_len;
3460  int ret;
3461  int pathlen = 0;
3462  x509_cert *parent;
3463  x509_name *name;
3464  x509_sequence *cur = NULL;
3465 
3466  *flags = 0;
3467 
3468  if( cn != NULL )
3469  {
3470  name = &crt->subject;
3471  cn_len = strlen( cn );
3472 
3473  if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
3474  {
3475  cur = &crt->subject_alt_names;
3476 
3477  while( cur != NULL )
3478  {
3479  if( cur->buf.len == cn_len &&
3480  memcmp( cn, cur->buf.p, cn_len ) == 0 )
3481  break;
3482 
3483  if( cur->buf.len > 2 &&
3484  memcmp( cur->buf.p, "*.", 2 ) == 0 &&
3485  x509_wildcard_verify( cn, &cur->buf ) )
3486  break;
3487 
3488  cur = cur->next;
3489  }
3490 
3491  if( cur == NULL )
3492  *flags |= BADCERT_CN_MISMATCH;
3493  }
3494  else
3495  {
3496  while( name != NULL )
3497  {
3498  if( name->oid.len == 3 &&
3499  memcmp( name->oid.p, OID_CN, 3 ) == 0 )
3500  {
3501  if( name->val.len == cn_len &&
3502  memcmp( name->val.p, cn, cn_len ) == 0 )
3503  break;
3504 
3505  if( name->val.len > 2 &&
3506  memcmp( name->val.p, "*.", 2 ) == 0 &&
3507  x509_wildcard_verify( cn, &name->val ) )
3508  break;
3509  }
3510 
3511  name = name->next;
3512  }
3513 
3514  if( name == NULL )
3515  *flags |= BADCERT_CN_MISMATCH;
3516  }
3517  }
3518 
3519  /*
3520  * Iterate upwards in the given cert chain, to find our crt parent.
3521  * Ignore any upper cert with CA != TRUE.
3522  */
3523  parent = crt->next;
3524 
3525  while( parent != NULL && parent->version != 0 )
3526  {
3527  if( parent->ca_istrue == 0 ||
3528  crt->issuer_raw.len != parent->subject_raw.len ||
3529  memcmp( crt->issuer_raw.p, parent->subject_raw.p,
3530  crt->issuer_raw.len ) != 0 )
3531  {
3532  parent = parent->next;
3533  continue;
3534  }
3535  break;
3536  }
3537 
3538  if( parent != NULL )
3539  {
3540  /*
3541  * Part of the chain
3542  */
3543  ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3544  if( ret != 0 )
3545  return( ret );
3546  }
3547  else
3548  {
3549  ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3550  if( ret != 0 )
3551  return( ret );
3552  }
3553 
3554  if( *flags != 0 )
3556 
3557  return( 0 );
3558 }
3559 
3560 /*
3561  * Unallocate all certificate data
3562  */
3563 void x509_free( x509_cert *crt )
3564 {
3565  x509_cert *cert_cur = crt;
3566  x509_cert *cert_prv;
3567  x509_name *name_cur;
3568  x509_name *name_prv;
3569  x509_sequence *seq_cur;
3570  x509_sequence *seq_prv;
3571 
3572  if( crt == NULL )
3573  return;
3574 
3575  do
3576  {
3577  rsa_free( &cert_cur->rsa );
3578 
3579  name_cur = cert_cur->issuer.next;
3580  while( name_cur != NULL )
3581  {
3582  name_prv = name_cur;
3583  name_cur = name_cur->next;
3584  memset( name_prv, 0, sizeof( x509_name ) );
3585  free( name_prv );
3586  }
3587 
3588  name_cur = cert_cur->subject.next;
3589  while( name_cur != NULL )
3590  {
3591  name_prv = name_cur;
3592  name_cur = name_cur->next;
3593  memset( name_prv, 0, sizeof( x509_name ) );
3594  free( name_prv );
3595  }
3596 
3597  seq_cur = cert_cur->ext_key_usage.next;
3598  while( seq_cur != NULL )
3599  {
3600  seq_prv = seq_cur;
3601  seq_cur = seq_cur->next;
3602  memset( seq_prv, 0, sizeof( x509_sequence ) );
3603  free( seq_prv );
3604  }
3605 
3606  seq_cur = cert_cur->subject_alt_names.next;
3607  while( seq_cur != NULL )
3608  {
3609  seq_prv = seq_cur;
3610  seq_cur = seq_cur->next;
3611  memset( seq_prv, 0, sizeof( x509_sequence ) );
3612  free( seq_prv );
3613  }
3614 
3615  if( cert_cur->raw.p != NULL )
3616  {
3617  memset( cert_cur->raw.p, 0, cert_cur->raw.len );
3618  free( cert_cur->raw.p );
3619  }
3620 
3621  cert_cur = cert_cur->next;
3622  }
3623  while( cert_cur != NULL );
3624 
3625  cert_cur = crt;
3626  do
3627  {
3628  cert_prv = cert_cur;
3629  cert_cur = cert_cur->next;
3630 
3631  memset( cert_prv, 0, sizeof( x509_cert ) );
3632  if( cert_prv != crt )
3633  free( cert_prv );
3634  }
3635  while( cert_cur != NULL );
3636 }
3637 
3638 /*
3639  * Unallocate all CRL data
3640  */
3641 void x509_crl_free( x509_crl *crl )
3642 {
3643  x509_crl *crl_cur = crl;
3644  x509_crl *crl_prv;
3645  x509_name *name_cur;
3646  x509_name *name_prv;
3647  x509_crl_entry *entry_cur;
3648  x509_crl_entry *entry_prv;
3649 
3650  if( crl == NULL )
3651  return;
3652 
3653  do
3654  {
3655  name_cur = crl_cur->issuer.next;
3656  while( name_cur != NULL )
3657  {
3658  name_prv = name_cur;
3659  name_cur = name_cur->next;
3660  memset( name_prv, 0, sizeof( x509_name ) );
3661  free( name_prv );
3662  }
3663 
3664  entry_cur = crl_cur->entry.next;
3665  while( entry_cur != NULL )
3666  {
3667  entry_prv = entry_cur;
3668  entry_cur = entry_cur->next;
3669  memset( entry_prv, 0, sizeof( x509_crl_entry ) );
3670  free( entry_prv );
3671  }
3672 
3673  if( crl_cur->raw.p != NULL )
3674  {
3675  memset( crl_cur->raw.p, 0, crl_cur->raw.len );
3676  free( crl_cur->raw.p );
3677  }
3678 
3679  crl_cur = crl_cur->next;
3680  }
3681  while( crl_cur != NULL );
3682 
3683  crl_cur = crl;
3684  do
3685  {
3686  crl_prv = crl_cur;
3687  crl_cur = crl_cur->next;
3688 
3689  memset( crl_prv, 0, sizeof( x509_crl ) );
3690  if( crl_prv != crl )
3691  free( crl_prv );
3692  }
3693  while( crl_cur != NULL );
3694 }
3695 
3696 #if defined(POLARSSL_SELF_TEST)
3697 
3698 #include "polarssl/certs.h"
3699 
3700 /*
3701  * Checkup routine
3702  */
3703 int x509_self_test( int verbose )
3704 {
3705 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3706  int ret;
3707  int flags;
3708  size_t i, j;
3709  x509_cert cacert;
3710  x509_cert clicert;
3711  rsa_context rsa;
3712 #if defined(POLARSSL_DHM_C)
3713  dhm_context dhm;
3714 #endif
3715 
3716  if( verbose != 0 )
3717  printf( " X.509 certificate load: " );
3718 
3719  memset( &clicert, 0, sizeof( x509_cert ) );
3720 
3721  ret = x509parse_crt( &clicert, (const unsigned char *) test_cli_crt,
3722  strlen( test_cli_crt ) );
3723  if( ret != 0 )
3724  {
3725  if( verbose != 0 )
3726  printf( "failed\n" );
3727 
3728  return( ret );
3729  }
3730 
3731  memset( &cacert, 0, sizeof( x509_cert ) );
3732 
3733  ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt,
3734  strlen( test_ca_crt ) );
3735  if( ret != 0 )
3736  {
3737  if( verbose != 0 )
3738  printf( "failed\n" );
3739 
3740  return( ret );
3741  }
3742 
3743  if( verbose != 0 )
3744  printf( "passed\n X.509 private key load: " );
3745 
3746  i = strlen( test_ca_key );
3747  j = strlen( test_ca_pwd );
3748 
3749  rsa_init( &rsa, RSA_PKCS_V15, 0 );
3750 
3751  if( ( ret = x509parse_key( &rsa,
3752  (const unsigned char *) test_ca_key, i,
3753  (const unsigned char *) test_ca_pwd, j ) ) != 0 )
3754  {
3755  if( verbose != 0 )
3756  printf( "failed\n" );
3757 
3758  return( ret );
3759  }
3760 
3761  if( verbose != 0 )
3762  printf( "passed\n X.509 signature verify: ");
3763 
3764  ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
3765  if( ret != 0 )
3766  {
3767  printf("%02x", flags);
3768  if( verbose != 0 )
3769  printf( "failed\n" );
3770 
3771  return( ret );
3772  }
3773 
3774 #if defined(POLARSSL_DHM_C)
3775  if( verbose != 0 )
3776  printf( "passed\n X.509 DHM parameter load: " );
3777 
3778  i = strlen( test_dhm_params );
3779  j = strlen( test_ca_pwd );
3780 
3781  if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params, i ) ) != 0 )
3782  {
3783  if( verbose != 0 )
3784  printf( "failed\n" );
3785 
3786  return( ret );
3787  }
3788 
3789  if( verbose != 0 )
3790  printf( "passed\n\n" );
3791 #endif
3792 
3793  x509_free( &cacert );
3794  x509_free( &clicert );
3795  rsa_free( &rsa );
3796 #if defined(POLARSSL_DHM_C)
3797  dhm_free( &dhm );
3798 #endif
3799 
3800  return( 0 );
3801 #else
3802  ((void) verbose);
3804 #endif
3805 }
3806 
3807 #endif
3808 
3809 #endif