TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / f75f2f7c46fcc63cc9de9ed03a247a40875c58ab / . / library / x509.c
blob: ffa7980520e7828b18f65f415706570a3edba07a [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
2 * X.509 certificate and private key decoding
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificate format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc3279.txt
29 * http://www.ietf.org/rfc/rfc3280.txt
30 *
31 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32 *
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35 */
36
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]37#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]38#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]39#else
40#include POLARSSL_CONFIG_FILE
41#endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]42
43#if defined(POLARSSL_X509_USE_C)
44
45#include "polarssl/x509.h"
46#include "polarssl/asn1.h"
47#include "polarssl/oid.h"
48#if defined(POLARSSL_PEM_PARSE_C)
49#include "polarssl/pem.h"
50#endif
51
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]52#if defined(POLARSSL_PLATFORM_C)
53#include "polarssl/platform.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]54#else
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]55#define polarssl_printf printf
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]56#define polarssl_malloc malloc
57#define polarssl_free free
58#endif
59
60#include <string.h>
61#include <stdlib.h>
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]62#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]63#include <windows.h>
64#else
65#include <time.h>
66#endif
67
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]68#if defined(EFIX64) || defined(EFI32)
69#include <stdio.h>
70#endif
71
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]72#if defined(POLARSSL_FS_IO)
73#include <stdio.h>
74#if !defined(_WIN32)
75#include <sys/types.h>
76#include <sys/stat.h>
77#include <dirent.h>
78#endif
79#endif
80
81/*
82 * CertificateSerialNumber ::= INTEGER
83 */
84int x509_get_serial( unsigned char **p, const unsigned char *end,
85 x509_buf *serial )
86{
87 int ret;
88
89 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]90 return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]91 POLARSSL_ERR_ASN1_OUT_OF_DATA );
92
93 if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
94 **p != ASN1_INTEGER )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]95 return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]96 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
97
98 serial->tag = *(*p)++;
99
100 if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]101 return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]102
103 serial->p = *p;
104 *p += serial->len;
105
106 return( 0 );
107}
108
109/* Get an algorithm identifier without parameters (eg for signatures)
110 *
111 * AlgorithmIdentifier ::= SEQUENCE {
112 * algorithm OBJECT IDENTIFIER,
113 * parameters ANY DEFINED BY algorithm OPTIONAL }
114 */
115int x509_get_alg_null( unsigned char **p, const unsigned char *end,
116 x509_buf *alg )
117{
118 int ret;
119
120 if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]121 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]122
123 return( 0 );
124}
125
126/*
Manuel Pégourié-Gonnard59a75d52014-01-22 10:12:57 +0100[diff] [blame]127 * Parse an algorithm identifier with (optional) paramaters
128 */
129int x509_get_alg( unsigned char **p, const unsigned char *end,
130 x509_buf *alg, x509_buf *params )
131{
132 int ret;
133
134 if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
135 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
136
137 return( 0 );
138}
139
Manuel Pégourié-Gonnard9df5c962014-01-24 14:37:29 +0100[diff] [blame]140#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
Manuel Pégourié-Gonnard59a75d52014-01-22 10:12:57 +0100[diff] [blame]141/*
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]142 * HashAlgorithm ::= AlgorithmIdentifier
143 *
144 * AlgorithmIdentifier ::= SEQUENCE {
145 * algorithm OBJECT IDENTIFIER,
146 * parameters ANY DEFINED BY algorithm OPTIONAL }
147 *
148 * For HashAlgorithm, parameters MUST be NULL or absent.
149 */
150static int x509_get_hash_alg( const x509_buf *alg, md_type_t *md_alg )
151{
152 int ret;
153 unsigned char *p;
154 const unsigned char *end;
155 x509_buf md_oid;
156 size_t len;
157
158 /* Make sure we got a SEQUENCE and setup bounds */
159 if( alg->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
160 return( POLARSSL_ERR_X509_INVALID_ALG +
161 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
162
163 p = (unsigned char *) alg->p;
164 end = p + alg->len;
165
166 if( p >= end )
167 return( POLARSSL_ERR_X509_INVALID_ALG +
168 POLARSSL_ERR_ASN1_OUT_OF_DATA );
169
170 /* Parse md_oid */
171 md_oid.tag = *p;
172
173 if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
174 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
175
176 md_oid.p = p;
177 p += md_oid.len;
178
179 /* Get md_alg from md_oid */
180 if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
181 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
182
183 /* Make sure params is absent of NULL */
184 if( p == end )
185 return( 0 );
186
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]187 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 || len != 0 )
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]188 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
189
190 if( p != end )
191 return( POLARSSL_ERR_X509_INVALID_ALG +
192 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
193
194 return( 0 );
195}
196
197/*
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]198 * RSASSA-PSS-params ::= SEQUENCE {
199 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
200 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
201 * saltLength [2] INTEGER DEFAULT 20,
202 * trailerField [3] INTEGER DEFAULT 1 }
203 * -- Note that the tags in this Sequence are explicit.
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]204 *
205 * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
206 * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
207 * option. Enfore this at parsing time.
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]208 */
209int x509_get_rsassa_pss_params( const x509_buf *params,
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]210 md_type_t *md_alg, md_type_t *mgf_md,
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]211 int *salt_len )
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]212{
213 int ret;
214 unsigned char *p;
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]215 const unsigned char *end, *end2;
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]216 size_t len;
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]217 x509_buf alg_id, alg_params;
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]218
219 /* First set everything to defaults */
220 *md_alg = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]221 *mgf_md = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]222 *salt_len = 20;
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]223
224 /* Make sure params is a SEQUENCE and setup bounds */
225 if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
226 return( POLARSSL_ERR_X509_INVALID_ALG +
227 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
228
229 p = (unsigned char *) params->p;
230 end = p + params->len;
231
232 if( p == end )
233 return( 0 );
234
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]235 /*
236 * HashAlgorithm
237 */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]238 if( ( ret = asn1_get_tag( &p, end, &len,
239 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
240 {
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]241 end2 = p + len;
242
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]243 /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]244 if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]245 return( ret );
246
247 if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
248 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]249
250 if( p != end2 )
251 return( POLARSSL_ERR_X509_INVALID_ALG +
252 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]253 }
254 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
255 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
256
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]257 if( p == end )
258 return( 0 );
259
260 /*
261 * MaskGenAlgorithm
262 */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]263 if( ( ret = asn1_get_tag( &p, end, &len,
264 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
265 {
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]266 end2 = p + len;
267
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]268 /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]269 if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]270 return( ret );
271
272 /* Only MFG1 is recognised for now */
273 if( ! OID_CMP( OID_MGF1, &alg_id ) )
274 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
275 POLARSSL_ERR_OID_NOT_FOUND );
276
277 /* Parse HashAlgorithm */
278 if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
279 return( ret );
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]280
281 if( p != end2 )
282 return( POLARSSL_ERR_X509_INVALID_ALG +
283 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]284 }
285 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
286 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
287
288 if( p == end )
289 return( 0 );
290
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]291 /*
292 * salt_len
293 */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]294 if( ( ret = asn1_get_tag( &p, end, &len,
295 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2 ) ) == 0 )
296 {
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]297 end2 = p + len;
298
299 if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]300 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]301
302 if( p != end2 )
303 return( POLARSSL_ERR_X509_INVALID_ALG +
304 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]305 }
306 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
307 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
308
309 if( p == end )
310 return( 0 );
311
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]312 /*
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]313 * trailer_field (if present, must be 1)
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]314 */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]315 if( ( ret = asn1_get_tag( &p, end, &len,
316 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
317 {
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]318 int trailer_field;
319
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]320 end2 = p + len;
321
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]322 if( ( ret = asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]323 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]324
325 if( p != end2 )
326 return( POLARSSL_ERR_X509_INVALID_ALG +
327 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]328
329 if( trailer_field != 1 )
330 return( POLARSSL_ERR_X509_INVALID_ALG );
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]331 }
332 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
333 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
334
335 if( p != end )
336 return( POLARSSL_ERR_X509_INVALID_ALG +
337 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
338
339 return( 0 );
340}
Manuel Pégourié-Gonnard9df5c962014-01-24 14:37:29 +0100[diff] [blame]341#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]342
343/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]344 * AttributeTypeAndValue ::= SEQUENCE {
345 * type AttributeType,
346 * value AttributeValue }
347 *
348 * AttributeType ::= OBJECT IDENTIFIER
349 *
350 * AttributeValue ::= ANY DEFINED BY AttributeType
351 */
352static int x509_get_attr_type_value( unsigned char **p,
353 const unsigned char *end,
354 x509_name *cur )
355{
356 int ret;
357 size_t len;
358 x509_buf *oid;
359 x509_buf *val;
360
361 if( ( ret = asn1_get_tag( p, end, &len,
362 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]363 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]364
365 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]366 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]367 POLARSSL_ERR_ASN1_OUT_OF_DATA );
368
369 oid = &cur->oid;
370 oid->tag = **p;
371
372 if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]373 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]374
375 oid->p = *p;
376 *p += oid->len;
377
378 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]379 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]380 POLARSSL_ERR_ASN1_OUT_OF_DATA );
381
382 if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
383 **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
384 **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]385 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]386 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
387
388 val = &cur->val;
389 val->tag = *(*p)++;
390
391 if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]392 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]393
394 val->p = *p;
395 *p += val->len;
396
397 cur->next = NULL;
398
399 return( 0 );
400}
401
402/*
403 * RelativeDistinguishedName ::=
404 * SET OF AttributeTypeAndValue
405 *
406 * AttributeTypeAndValue ::= SEQUENCE {
407 * type AttributeType,
408 * value AttributeValue }
409 *
410 * AttributeType ::= OBJECT IDENTIFIER
411 *
412 * AttributeValue ::= ANY DEFINED BY AttributeType
413 */
414int x509_get_name( unsigned char **p, const unsigned char *end,
415 x509_name *cur )
416{
417 int ret;
418 size_t len;
419 const unsigned char *end2;
420 x509_name *use;
421
422 if( ( ret = asn1_get_tag( p, end, &len,
423 ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]424 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]425
426 end2 = end;
427 end = *p + len;
428 use = cur;
429
430 do
431 {
432 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
433 return( ret );
434
435 if( *p != end )
436 {
437 use->next = (x509_name *) polarssl_malloc(
438 sizeof( x509_name ) );
439
440 if( use->next == NULL )
441 return( POLARSSL_ERR_X509_MALLOC_FAILED );
442
443 memset( use->next, 0, sizeof( x509_name ) );
444
445 use = use->next;
446 }
447 }
448 while( *p != end );
449
450 /*
451 * recurse until end of SEQUENCE is reached
452 */
453 if( *p == end2 )
454 return( 0 );
455
456 cur->next = (x509_name *) polarssl_malloc(
457 sizeof( x509_name ) );
458
459 if( cur->next == NULL )
460 return( POLARSSL_ERR_X509_MALLOC_FAILED );
461
462 memset( cur->next, 0, sizeof( x509_name ) );
463
464 return( x509_get_name( p, end2, cur->next ) );
465}
466
467/*
468 * Time ::= CHOICE {
469 * utcTime UTCTime,
470 * generalTime GeneralizedTime }
471 */
472int x509_get_time( unsigned char **p, const unsigned char *end,
473 x509_time *time )
474{
475 int ret;
476 size_t len;
477 char date[64];
478 unsigned char tag;
479
480 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]481 return( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]482 POLARSSL_ERR_ASN1_OUT_OF_DATA );
483
484 tag = **p;
485
486 if ( tag == ASN1_UTC_TIME )
487 {
488 (*p)++;
489 ret = asn1_get_len( p, end, &len );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]490
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]491 if( ret != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]492 return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]493
494 memset( date, 0, sizeof( date ) );
495 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
496 len : sizeof( date ) - 1 );
497
Manuel Pégourié-Gonnard9655e452014-04-11 12:29:49 +0200[diff] [blame]498 if( sscanf( date, "%2d%2d%2d%2d%2d%2dZ",
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]499 &time->year, &time->mon, &time->day,
500 &time->hour, &time->min, &time->sec ) < 5 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]501 return( POLARSSL_ERR_X509_INVALID_DATE );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]502
503 time->year += 100 * ( time->year < 50 );
504 time->year += 1900;
505
506 *p += len;
507
508 return( 0 );
509 }
510 else if ( tag == ASN1_GENERALIZED_TIME )
511 {
512 (*p)++;
513 ret = asn1_get_len( p, end, &len );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]514
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]515 if( ret != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]516 return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]517
518 memset( date, 0, sizeof( date ) );
519 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
520 len : sizeof( date ) - 1 );
521
Manuel Pégourié-Gonnard9655e452014-04-11 12:29:49 +0200[diff] [blame]522 if( sscanf( date, "%4d%2d%2d%2d%2d%2dZ",
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]523 &time->year, &time->mon, &time->day,
524 &time->hour, &time->min, &time->sec ) < 5 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]525 return( POLARSSL_ERR_X509_INVALID_DATE );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]526
527 *p += len;
528
529 return( 0 );
530 }
531 else
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]532 return( POLARSSL_ERR_X509_INVALID_DATE +
533 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]534}
535
536int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
537{
538 int ret;
539 size_t len;
540
541 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]542 return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]543 POLARSSL_ERR_ASN1_OUT_OF_DATA );
544
545 sig->tag = **p;
546
547 if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]548 return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]549
550 sig->len = len;
551 sig->p = *p;
552
553 *p += len;
554
555 return( 0 );
556}
557
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]558/*
559 * Get signature algorithm from alg OID and optional parameters
560 */
561int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame^]562 md_type_t *md_alg, pk_type_t *pk_alg,
563 void **sig_opts )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]564{
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]565 int ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]566
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame^]567 if( *sig_opts != NULL )
568 return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
569
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]570 if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]571 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]572
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]573#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
574 if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
575 {
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame^]576 pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]577
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame^]578 pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
579 if( pss_opts == NULL )
580 return( POLARSSL_ERR_X509_MALLOC_FAILED );
581
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]582 ret = x509_get_rsassa_pss_params( sig_params,
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame^]583 md_alg,
584 &pss_opts->mgf1_hash_id,
585 &pss_opts->expected_salt_len );
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]586 if( ret != 0 )
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame^]587 {
588 polarssl_free( pss_opts );
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]589 return( ret );
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame^]590 }
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]591
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame^]592 *sig_opts = (void *) pss_opts;
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]593 }
594 else
595#endif
596 {
597 /* Make sure parameters are absent or NULL */
598 if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) ||
599 sig_params->len != 0 )
600 return( POLARSSL_ERR_X509_INVALID_ALG );
601 }
602
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]603 return( 0 );
604}
605
606/*
607 * X.509 Extensions (No parsing of extensions, pointer should
608 * be either manually updated or extensions should be parsed!
609 */
610int x509_get_ext( unsigned char **p, const unsigned char *end,
611 x509_buf *ext, int tag )
612{
613 int ret;
614 size_t len;
615
616 if( *p == end )
617 return( 0 );
618
619 ext->tag = **p;
620
621 if( ( ret = asn1_get_tag( p, end, &ext->len,
622 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
623 return( ret );
624
625 ext->p = *p;
626 end = *p + ext->len;
627
628 /*
629 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
630 *
631 * Extension ::= SEQUENCE {
632 * extnID OBJECT IDENTIFIER,
633 * critical BOOLEAN DEFAULT FALSE,
634 * extnValue OCTET STRING }
635 */
636 if( ( ret = asn1_get_tag( p, end, &len,
637 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]638 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]639
640 if( end != *p + len )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]641 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]642 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
643
644 return( 0 );
645}
646
647#if defined(POLARSSL_FS_IO)
648/*
649 * Load all data from a file into a given buffer.
650 */
651int x509_load_file( const char *path, unsigned char **buf, size_t *n )
652{
653 FILE *f;
654 long size;
655
656 if( ( f = fopen( path, "rb" ) ) == NULL )
657 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
658
659 fseek( f, 0, SEEK_END );
660 if( ( size = ftell( f ) ) == -1 )
661 {
662 fclose( f );
663 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
664 }
665 fseek( f, 0, SEEK_SET );
666
667 *n = (size_t) size;
668
669 if( *n + 1 == 0 ||
670 ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
671 {
672 fclose( f );
673 return( POLARSSL_ERR_X509_MALLOC_FAILED );
674 }
675
676 if( fread( *buf, 1, *n, f ) != *n )
677 {
678 fclose( f );
679 polarssl_free( *buf );
680 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
681 }
682
683 fclose( f );
684
685 (*buf)[*n] = '\0';
686
687 return( 0 );
688}
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]689#endif /* POLARSSL_FS_IO */
690
Paul Bakker6edcd412013-10-29 15:22:54 +0100[diff] [blame]691#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
692 !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]693#include <stdarg.h>
694
695#if !defined vsnprintf
696#define vsnprintf _vsnprintf
697#endif // vsnprintf
698
699/*
700 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
701 * Result value is not size of buffer needed, but -1 if no fit is possible.
702 *
703 * This fuction tries to 'fix' this by at least suggesting enlarging the
704 * size by 20.
705 */
706static int compat_snprintf(char *str, size_t size, const char *format, ...)
707{
708 va_list ap;
709 int res = -1;
710
711 va_start( ap, format );
712
713 res = vsnprintf( str, size, format, ap );
714
715 va_end( ap );
716
717 // No quick fix possible
718 if ( res < 0 )
719 return( (int) size + 20 );
720
721 return res;
722}
723
724#define snprintf compat_snprintf
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]725#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]726
727#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
728
729#define SAFE_SNPRINTF() \
730{ \
731 if( ret == -1 ) \
732 return( -1 ); \
733 \
734 if ( (unsigned int) ret > n ) { \
735 p[n - 1] = '\0'; \
736 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
737 } \
738 \
739 n -= (unsigned int) ret; \
740 p += (unsigned int) ret; \
741}
742
743/*
744 * Store the name in printable form into buf; no more
745 * than size characters will be written
746 */
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]747int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]748{
749 int ret;
750 size_t i, n;
751 unsigned char c;
752 const x509_name *name;
753 const char *short_name = NULL;
754 char s[128], *p;
755
756 memset( s, 0, sizeof( s ) );
757
758 name = dn;
759 p = buf;
760 n = size;
761
762 while( name != NULL )
763 {
764 if( !name->oid.p )
765 {
766 name = name->next;
767 continue;
768 }
769
770 if( name != dn )
771 {
772 ret = snprintf( p, n, ", " );
773 SAFE_SNPRINTF();
774 }
775
776 ret = oid_get_attr_short_name( &name->oid, &short_name );
777
778 if( ret == 0 )
779 ret = snprintf( p, n, "%s=", short_name );
780 else
781 ret = snprintf( p, n, "\?\?=" );
782 SAFE_SNPRINTF();
783
784 for( i = 0; i < name->val.len; i++ )
785 {
786 if( i >= sizeof( s ) - 1 )
787 break;
788
789 c = name->val.p[i];
790 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
791 s[i] = '?';
792 else s[i] = c;
793 }
794 s[i] = '\0';
795 ret = snprintf( p, n, "%s", s );
796 SAFE_SNPRINTF();
797 name = name->next;
798 }
799
800 return( (int) ( size - n ) );
801}
802
803/*
804 * Store the serial in printable form into buf; no more
805 * than size characters will be written
806 */
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]807int x509_serial_gets( char *buf, size_t size, const x509_buf *serial )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]808{
809 int ret;
810 size_t i, n, nr;
811 char *p;
812
813 p = buf;
814 n = size;
815
816 nr = ( serial->len <= 32 )
817 ? serial->len : 28;
818
819 for( i = 0; i < nr; i++ )
820 {
821 if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
822 continue;
823
824 ret = snprintf( p, n, "%02X%s",
825 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
826 SAFE_SNPRINTF();
827 }
828
829 if( nr != serial->len )
830 {
831 ret = snprintf( p, n, "...." );
832 SAFE_SNPRINTF();
833 }
834
835 return( (int) ( size - n ) );
836}
837
838/*
Manuel Pégourié-Gonnardcac31ee2014-01-25 11:50:59 +0100[diff] [blame]839 * Helper for writing signature alrogithms
840 */
841int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
842 pk_type_t pk_alg, const x509_buf *sig_params )
843{
844 int ret;
845 char *p = buf;
846 size_t n = size;
847 const char *desc = NULL;
848
849 ret = oid_get_sig_alg_desc( sig_oid, &desc );
850 if( ret != 0 )
851 ret = snprintf( p, n, "???" );
852 else
853 ret = snprintf( p, n, "%s", desc );
854 SAFE_SNPRINTF();
855
856#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
857 if( pk_alg == POLARSSL_PK_RSASSA_PSS )
858 {
859 md_type_t md_alg, mgf_md;
860 const md_info_t *md_info, *mgf_md_info;
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]861 int salt_len;
Manuel Pégourié-Gonnardcac31ee2014-01-25 11:50:59 +0100[diff] [blame]862
863 if( ( ret = x509_get_rsassa_pss_params( sig_params,
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]864 &md_alg, &mgf_md, &salt_len ) ) != 0 )
Manuel Pégourié-Gonnardcac31ee2014-01-25 11:50:59 +0100[diff] [blame]865 return( ret );
866
867 md_info = md_info_from_type( md_alg );
868 mgf_md_info = md_info_from_type( mgf_md );
869
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]870 ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
Manuel Pégourié-Gonnardcac31ee2014-01-25 11:50:59 +0100[diff] [blame]871 md_info ? md_info->name : "???",
872 mgf_md_info ? mgf_md_info->name : "???",
Manuel Pégourié-Gonnard78117d52014-05-31 17:08:16 +0200[diff] [blame]873 salt_len );
Manuel Pégourié-Gonnardcac31ee2014-01-25 11:50:59 +0100[diff] [blame]874 SAFE_SNPRINTF();
875 }
876#else
877 ((void) pk_alg);
878 ((void) sig_params);
879#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
880
881 return( (int) size - n );
882}
883
884/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]885 * Helper for writing "RSA key size", "EC key size", etc
886 */
887int x509_key_size_helper( char *buf, size_t size, const char *name )
888{
889 char *p = buf;
890 size_t n = size;
891 int ret;
892
893 if( strlen( name ) + sizeof( " key size" ) > size )
894 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
895
896 ret = snprintf( p, n, "%s key size", name );
897 SAFE_SNPRINTF();
898
899 return( 0 );
900}
901
902/*
903 * Return an informational string describing the given OID
904 */
905const char *x509_oid_get_description( x509_buf *oid )
906{
907 const char *desc = NULL;
908 int ret;
909
910 ret = oid_get_extended_key_usage( oid, &desc );
911
912 if( ret != 0 )
913 return( NULL );
914
915 return( desc );
916}
917
918/* Return the x.y.z.... style numeric string for the given OID */
919int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
920{
921 return oid_get_numeric_string( buf, size, oid );
922}
923
924/*
925 * Return 0 if the x509_time is still valid, or 1 otherwise.
926 */
927#if defined(POLARSSL_HAVE_TIME)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]928
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]929static void x509_get_current_time( x509_time *now )
930{
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]931#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]932 SYSTEMTIME st;
933
Manuel Pégourié-Gonnard0776a432014-04-11 12:25:45 +0200[diff] [blame]934 GetSystemTime(&st);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]935
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]936 now->year = st.wYear;
937 now->mon = st.wMonth;
938 now->day = st.wDay;
939 now->hour = st.wHour;
940 now->min = st.wMinute;
941 now->sec = st.wSecond;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]942#else
Paul Bakker5fff23b2014-03-26 15:34:54 +0100[diff] [blame]943 struct tm lt;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]944 time_t tt;
945
946 tt = time( NULL );
Manuel Pégourié-Gonnard0776a432014-04-11 12:25:45 +0200[diff] [blame]947 gmtime_r( &tt, &lt );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]948
Paul Bakker5fff23b2014-03-26 15:34:54 +0100[diff] [blame]949 now->year = lt.tm_year + 1900;
950 now->mon = lt.tm_mon + 1;
951 now->day = lt.tm_mday;
952 now->hour = lt.tm_hour;
953 now->min = lt.tm_min;
954 now->sec = lt.tm_sec;
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]955#endif /* _WIN32 && !EFIX64 && !EFI32 */
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]956}
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]957
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]958/*
959 * Return 0 if before <= after, 1 otherwise
960 */
961static int x509_check_time( const x509_time *before, const x509_time *after )
962{
963 if( before->year > after->year )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]964 return( 1 );
965
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]966 if( before->year == after->year &&
967 before->mon > after->mon )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]968 return( 1 );
969
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]970 if( before->year == after->year &&
971 before->mon == after->mon &&
972 before->day > after->day )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]973 return( 1 );
974
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]975 if( before->year == after->year &&
976 before->mon == after->mon &&
977 before->day == after->day &&
978 before->hour > after->hour )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]979 return( 1 );
980
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]981 if( before->year == after->year &&
982 before->mon == after->mon &&
983 before->day == after->day &&
984 before->hour == after->hour &&
985 before->min > after->min )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]986 return( 1 );
987
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]988 if( before->year == after->year &&
989 before->mon == after->mon &&
990 before->day == after->day &&
991 before->hour == after->hour &&
992 before->min == after->min &&
993 before->sec > after->sec )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]994 return( 1 );
995
996 return( 0 );
997}
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]998
999int x509_time_expired( const x509_time *to )
1000{
1001 x509_time now;
1002
1003 x509_get_current_time( &now );
1004
1005 return( x509_check_time( &now, to ) );
1006}
1007
1008int x509_time_future( const x509_time *from )
1009{
1010 x509_time now;
1011
1012 x509_get_current_time( &now );
1013
1014 return( x509_check_time( from, &now ) );
1015}
1016
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1017#else /* POLARSSL_HAVE_TIME */
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]1018
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]1019int x509_time_expired( const x509_time *to )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1020{
1021 ((void) to);
1022 return( 0 );
1023}
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]1024
1025int x509_time_future( const x509_time *from )
1026{
1027 ((void) from);
1028 return( 0 );
1029}
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1030#endif /* POLARSSL_HAVE_TIME */
1031
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1032#if defined(POLARSSL_SELF_TEST)
1033
1034#include "polarssl/x509_crt.h"
1035#include "polarssl/certs.h"
1036
1037/*
1038 * Checkup routine
1039 */
1040int x509_self_test( int verbose )
1041{
Manuel Pégourié-Gonnard3d413702014-04-29 15:29:41 +0200[diff] [blame]1042#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_SHA1_C)
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1043 int ret;
1044 int flags;
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200[diff] [blame]1045 x509_crt cacert;
1046 x509_crt clicert;
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1047
1048 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1049 polarssl_printf( " X.509 certificate load: " );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1050
Paul Bakkerb6b09562013-09-18 14:17:41 +0200[diff] [blame]1051 x509_crt_init( &clicert );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1052
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]1053 ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
1054 strlen( test_cli_crt ) );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1055 if( ret != 0 )
1056 {
1057 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1058 polarssl_printf( "failed\n" );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1059
1060 return( ret );
1061 }
1062
Paul Bakkerb6b09562013-09-18 14:17:41 +0200[diff] [blame]1063 x509_crt_init( &cacert );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1064
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]1065 ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
1066 strlen( test_ca_crt ) );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1067 if( ret != 0 )
1068 {
1069 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1070 polarssl_printf( "failed\n" );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1071
1072 return( ret );
1073 }
1074
1075 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1076 polarssl_printf( "passed\n X.509 signature verify: ");
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1077
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]1078 ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1079 if( ret != 0 )
1080 {
1081 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1082 polarssl_printf( "failed\n" );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1083
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1084 polarssl_printf("ret = %d, &flags = %04x\n", ret, flags);
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1085
1086 return( ret );
1087 }
1088
1089 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1090 polarssl_printf( "passed\n\n");
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1091
1092 x509_crt_free( &cacert );
1093 x509_crt_free( &clicert );
1094
1095 return( 0 );
1096#else
1097 ((void) verbose);
1098 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1099#endif /* POLARSSL_CERTS_C && POLARSSL_SHA1_C */
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1100}
1101
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1102#endif /* POLARSSL_SELF_TEST */
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1103
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1104#endif /* POLARSSL_X509_USE_C */