TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / cac31eed9e70cb7f8d9727af94c373c877b88896 / . / library / x509.c
blob: 02756f87b25ab490725f9e09c3598582f16b20f7 [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
2 * X.509 certificate and private key decoding
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificate format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc3279.txt
29 * http://www.ietf.org/rfc/rfc3280.txt
30 *
31 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32 *
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35 */
36
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]37#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]38#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]39#else
40#include POLARSSL_CONFIG_FILE
41#endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]42
43#if defined(POLARSSL_X509_USE_C)
44
45#include "polarssl/x509.h"
46#include "polarssl/asn1.h"
47#include "polarssl/oid.h"
48#if defined(POLARSSL_PEM_PARSE_C)
49#include "polarssl/pem.h"
50#endif
51
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]52#if defined(POLARSSL_PLATFORM_C)
53#include "polarssl/platform.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]54#else
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]55#define polarssl_printf printf
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]56#define polarssl_malloc malloc
57#define polarssl_free free
58#endif
59
60#include <string.h>
61#include <stdlib.h>
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]62#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]63#include <windows.h>
64#else
65#include <time.h>
66#endif
67
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]68#if defined(EFIX64) || defined(EFI32)
69#include <stdio.h>
70#endif
71
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]72#if defined(POLARSSL_FS_IO)
73#include <stdio.h>
74#if !defined(_WIN32)
75#include <sys/types.h>
76#include <sys/stat.h>
77#include <dirent.h>
78#endif
79#endif
80
81/*
82 * CertificateSerialNumber ::= INTEGER
83 */
84int x509_get_serial( unsigned char **p, const unsigned char *end,
85 x509_buf *serial )
86{
87 int ret;
88
89 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]90 return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]91 POLARSSL_ERR_ASN1_OUT_OF_DATA );
92
93 if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
94 **p != ASN1_INTEGER )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]95 return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]96 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
97
98 serial->tag = *(*p)++;
99
100 if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]101 return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]102
103 serial->p = *p;
104 *p += serial->len;
105
106 return( 0 );
107}
108
109/* Get an algorithm identifier without parameters (eg for signatures)
110 *
111 * AlgorithmIdentifier ::= SEQUENCE {
112 * algorithm OBJECT IDENTIFIER,
113 * parameters ANY DEFINED BY algorithm OPTIONAL }
114 */
115int x509_get_alg_null( unsigned char **p, const unsigned char *end,
116 x509_buf *alg )
117{
118 int ret;
119
120 if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]121 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]122
123 return( 0 );
124}
125
126/*
Manuel Pégourié-Gonnard59a75d52014-01-22 10:12:57 +0100[diff] [blame]127 * Parse an algorithm identifier with (optional) paramaters
128 */
129int x509_get_alg( unsigned char **p, const unsigned char *end,
130 x509_buf *alg, x509_buf *params )
131{
132 int ret;
133
134 if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
135 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
136
137 return( 0 );
138}
139
Manuel Pégourié-Gonnard9df5c962014-01-24 14:37:29 +0100[diff] [blame]140#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
Manuel Pégourié-Gonnard59a75d52014-01-22 10:12:57 +0100[diff] [blame]141/*
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]142 * HashAlgorithm ::= AlgorithmIdentifier
143 *
144 * AlgorithmIdentifier ::= SEQUENCE {
145 * algorithm OBJECT IDENTIFIER,
146 * parameters ANY DEFINED BY algorithm OPTIONAL }
147 *
148 * For HashAlgorithm, parameters MUST be NULL or absent.
149 */
150static int x509_get_hash_alg( const x509_buf *alg, md_type_t *md_alg )
151{
152 int ret;
153 unsigned char *p;
154 const unsigned char *end;
155 x509_buf md_oid;
156 size_t len;
157
158 /* Make sure we got a SEQUENCE and setup bounds */
159 if( alg->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
160 return( POLARSSL_ERR_X509_INVALID_ALG +
161 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
162
163 p = (unsigned char *) alg->p;
164 end = p + alg->len;
165
166 if( p >= end )
167 return( POLARSSL_ERR_X509_INVALID_ALG +
168 POLARSSL_ERR_ASN1_OUT_OF_DATA );
169
170 /* Parse md_oid */
171 md_oid.tag = *p;
172
173 if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
174 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
175
176 md_oid.p = p;
177 p += md_oid.len;
178
179 /* Get md_alg from md_oid */
180 if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
181 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
182
183 /* Make sure params is absent of NULL */
184 if( p == end )
185 return( 0 );
186
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]187 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 || len != 0 )
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]188 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
189
190 if( p != end )
191 return( POLARSSL_ERR_X509_INVALID_ALG +
192 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
193
194 return( 0 );
195}
196
197/*
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]198 * RSASSA-PSS-params ::= SEQUENCE {
199 * hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
200 * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
201 * saltLength [2] INTEGER DEFAULT 20,
202 * trailerField [3] INTEGER DEFAULT 1 }
203 * -- Note that the tags in this Sequence are explicit.
204 */
205int x509_get_rsassa_pss_params( const x509_buf *params,
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]206 md_type_t *md_alg, md_type_t *mgf_md,
207 int *salt_len, int *trailer_field )
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]208{
209 int ret;
210 unsigned char *p;
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]211 const unsigned char *end, *end2;
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]212 size_t len;
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]213 x509_buf alg_id, alg_params;
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]214
215 /* First set everything to defaults */
216 *md_alg = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]217 *mgf_md = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]218 *salt_len = 20;
219 *trailer_field = 1;
220
221 /* Make sure params is a SEQUENCE and setup bounds */
222 if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
223 return( POLARSSL_ERR_X509_INVALID_ALG +
224 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
225
226 p = (unsigned char *) params->p;
227 end = p + params->len;
228
229 if( p == end )
230 return( 0 );
231
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]232 /*
233 * HashAlgorithm
234 */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]235 if( ( ret = asn1_get_tag( &p, end, &len,
236 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
237 {
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]238 end2 = p + len;
239
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]240 /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]241 if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]242 return( ret );
243
244 if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
245 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]246
247 if( p != end2 )
248 return( POLARSSL_ERR_X509_INVALID_ALG +
249 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]250 }
251 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
252 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
253
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]254 if( p == end )
255 return( 0 );
256
257 /*
258 * MaskGenAlgorithm
259 */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]260 if( ( ret = asn1_get_tag( &p, end, &len,
261 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
262 {
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]263 end2 = p + len;
264
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]265 /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]266 if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
Manuel Pégourié-Gonnarde76b7502014-01-23 19:15:29 +0100[diff] [blame]267 return( ret );
268
269 /* Only MFG1 is recognised for now */
270 if( ! OID_CMP( OID_MGF1, &alg_id ) )
271 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
272 POLARSSL_ERR_OID_NOT_FOUND );
273
274 /* Parse HashAlgorithm */
275 if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
276 return( ret );
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]277
278 if( p != end2 )
279 return( POLARSSL_ERR_X509_INVALID_ALG +
280 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]281 }
282 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
283 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
284
285 if( p == end )
286 return( 0 );
287
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]288 /*
289 * salt_len
290 */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]291 if( ( ret = asn1_get_tag( &p, end, &len,
292 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2 ) ) == 0 )
293 {
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]294 end2 = p + len;
295
296 if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]297 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]298
299 if( p != end2 )
300 return( POLARSSL_ERR_X509_INVALID_ALG +
301 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]302 }
303 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
304 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
305
306 if( p == end )
307 return( 0 );
308
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]309 /*
310 * trailer_field
311 */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]312 if( ( ret = asn1_get_tag( &p, end, &len,
313 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
314 {
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]315 end2 = p + len;
316
317 if( ( ret = asn1_get_int( &p, end2, trailer_field ) ) != 0 )
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]318 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard9c9cf5b2014-01-24 14:15:20 +0100[diff] [blame]319
320 if( p != end2 )
321 return( POLARSSL_ERR_X509_INVALID_ALG +
322 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]323 }
324 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
325 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
326
327 if( p != end )
328 return( POLARSSL_ERR_X509_INVALID_ALG +
329 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
330
331 return( 0 );
332}
Manuel Pégourié-Gonnard9df5c962014-01-24 14:37:29 +0100[diff] [blame]333#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
Manuel Pégourié-Gonnardf346bab2014-01-23 16:24:44 +0100[diff] [blame]334
335/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]336 * AttributeTypeAndValue ::= SEQUENCE {
337 * type AttributeType,
338 * value AttributeValue }
339 *
340 * AttributeType ::= OBJECT IDENTIFIER
341 *
342 * AttributeValue ::= ANY DEFINED BY AttributeType
343 */
344static int x509_get_attr_type_value( unsigned char **p,
345 const unsigned char *end,
346 x509_name *cur )
347{
348 int ret;
349 size_t len;
350 x509_buf *oid;
351 x509_buf *val;
352
353 if( ( ret = asn1_get_tag( p, end, &len,
354 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]355 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]356
357 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]358 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]359 POLARSSL_ERR_ASN1_OUT_OF_DATA );
360
361 oid = &cur->oid;
362 oid->tag = **p;
363
364 if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]365 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]366
367 oid->p = *p;
368 *p += oid->len;
369
370 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]371 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]372 POLARSSL_ERR_ASN1_OUT_OF_DATA );
373
374 if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
375 **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
376 **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]377 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]378 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
379
380 val = &cur->val;
381 val->tag = *(*p)++;
382
383 if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]384 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]385
386 val->p = *p;
387 *p += val->len;
388
389 cur->next = NULL;
390
391 return( 0 );
392}
393
394/*
395 * RelativeDistinguishedName ::=
396 * SET OF AttributeTypeAndValue
397 *
398 * AttributeTypeAndValue ::= SEQUENCE {
399 * type AttributeType,
400 * value AttributeValue }
401 *
402 * AttributeType ::= OBJECT IDENTIFIER
403 *
404 * AttributeValue ::= ANY DEFINED BY AttributeType
405 */
406int x509_get_name( unsigned char **p, const unsigned char *end,
407 x509_name *cur )
408{
409 int ret;
410 size_t len;
411 const unsigned char *end2;
412 x509_name *use;
413
414 if( ( ret = asn1_get_tag( p, end, &len,
415 ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]416 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]417
418 end2 = end;
419 end = *p + len;
420 use = cur;
421
422 do
423 {
424 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
425 return( ret );
426
427 if( *p != end )
428 {
429 use->next = (x509_name *) polarssl_malloc(
430 sizeof( x509_name ) );
431
432 if( use->next == NULL )
433 return( POLARSSL_ERR_X509_MALLOC_FAILED );
434
435 memset( use->next, 0, sizeof( x509_name ) );
436
437 use = use->next;
438 }
439 }
440 while( *p != end );
441
442 /*
443 * recurse until end of SEQUENCE is reached
444 */
445 if( *p == end2 )
446 return( 0 );
447
448 cur->next = (x509_name *) polarssl_malloc(
449 sizeof( x509_name ) );
450
451 if( cur->next == NULL )
452 return( POLARSSL_ERR_X509_MALLOC_FAILED );
453
454 memset( cur->next, 0, sizeof( x509_name ) );
455
456 return( x509_get_name( p, end2, cur->next ) );
457}
458
459/*
460 * Time ::= CHOICE {
461 * utcTime UTCTime,
462 * generalTime GeneralizedTime }
463 */
464int x509_get_time( unsigned char **p, const unsigned char *end,
465 x509_time *time )
466{
467 int ret;
468 size_t len;
469 char date[64];
470 unsigned char tag;
471
472 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]473 return( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]474 POLARSSL_ERR_ASN1_OUT_OF_DATA );
475
476 tag = **p;
477
478 if ( tag == ASN1_UTC_TIME )
479 {
480 (*p)++;
481 ret = asn1_get_len( p, end, &len );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]482
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]483 if( ret != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]484 return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]485
486 memset( date, 0, sizeof( date ) );
487 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
488 len : sizeof( date ) - 1 );
489
Manuel Pégourié-Gonnard9655e452014-04-11 12:29:49 +0200[diff] [blame]490 if( sscanf( date, "%2d%2d%2d%2d%2d%2dZ",
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]491 &time->year, &time->mon, &time->day,
492 &time->hour, &time->min, &time->sec ) < 5 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]493 return( POLARSSL_ERR_X509_INVALID_DATE );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]494
495 time->year += 100 * ( time->year < 50 );
496 time->year += 1900;
497
498 *p += len;
499
500 return( 0 );
501 }
502 else if ( tag == ASN1_GENERALIZED_TIME )
503 {
504 (*p)++;
505 ret = asn1_get_len( p, end, &len );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]506
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]507 if( ret != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]508 return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]509
510 memset( date, 0, sizeof( date ) );
511 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
512 len : sizeof( date ) - 1 );
513
Manuel Pégourié-Gonnard9655e452014-04-11 12:29:49 +0200[diff] [blame]514 if( sscanf( date, "%4d%2d%2d%2d%2d%2dZ",
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]515 &time->year, &time->mon, &time->day,
516 &time->hour, &time->min, &time->sec ) < 5 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]517 return( POLARSSL_ERR_X509_INVALID_DATE );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]518
519 *p += len;
520
521 return( 0 );
522 }
523 else
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]524 return( POLARSSL_ERR_X509_INVALID_DATE +
525 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]526}
527
528int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
529{
530 int ret;
531 size_t len;
532
533 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]534 return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]535 POLARSSL_ERR_ASN1_OUT_OF_DATA );
536
537 sig->tag = **p;
538
539 if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]540 return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]541
542 sig->len = len;
543 sig->p = *p;
544
545 *p += len;
546
547 return( 0 );
548}
549
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]550/*
551 * Get signature algorithm from alg OID and optional parameters
552 */
553int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
554 md_type_t *md_alg, pk_type_t *pk_alg )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]555{
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]556 int ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]557
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]558 if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]559 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]560
Manuel Pégourié-Gonnardcf975a32014-01-24 19:28:43 +0100[diff] [blame]561#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
562 if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
563 {
564 int salt_len, trailer_field;
565 md_type_t mgf_md;
566
567 /* Make sure params are valid */
568 ret = x509_get_rsassa_pss_params( sig_params,
569 md_alg, &mgf_md, &salt_len, &trailer_field );
570 if( ret != 0 )
571 return( ret );
572
573 }
574 else
575#endif
576 {
577 /* Make sure parameters are absent or NULL */
578 if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) ||
579 sig_params->len != 0 )
580 return( POLARSSL_ERR_X509_INVALID_ALG );
581 }
582
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]583 return( 0 );
584}
585
586/*
587 * X.509 Extensions (No parsing of extensions, pointer should
588 * be either manually updated or extensions should be parsed!
589 */
590int x509_get_ext( unsigned char **p, const unsigned char *end,
591 x509_buf *ext, int tag )
592{
593 int ret;
594 size_t len;
595
596 if( *p == end )
597 return( 0 );
598
599 ext->tag = **p;
600
601 if( ( ret = asn1_get_tag( p, end, &ext->len,
602 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
603 return( ret );
604
605 ext->p = *p;
606 end = *p + ext->len;
607
608 /*
609 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
610 *
611 * Extension ::= SEQUENCE {
612 * extnID OBJECT IDENTIFIER,
613 * critical BOOLEAN DEFAULT FALSE,
614 * extnValue OCTET STRING }
615 */
616 if( ( ret = asn1_get_tag( p, end, &len,
617 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]618 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]619
620 if( end != *p + len )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]621 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]622 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
623
624 return( 0 );
625}
626
627#if defined(POLARSSL_FS_IO)
628/*
629 * Load all data from a file into a given buffer.
630 */
631int x509_load_file( const char *path, unsigned char **buf, size_t *n )
632{
633 FILE *f;
634 long size;
635
636 if( ( f = fopen( path, "rb" ) ) == NULL )
637 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
638
639 fseek( f, 0, SEEK_END );
640 if( ( size = ftell( f ) ) == -1 )
641 {
642 fclose( f );
643 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
644 }
645 fseek( f, 0, SEEK_SET );
646
647 *n = (size_t) size;
648
649 if( *n + 1 == 0 ||
650 ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
651 {
652 fclose( f );
653 return( POLARSSL_ERR_X509_MALLOC_FAILED );
654 }
655
656 if( fread( *buf, 1, *n, f ) != *n )
657 {
658 fclose( f );
659 polarssl_free( *buf );
660 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
661 }
662
663 fclose( f );
664
665 (*buf)[*n] = '\0';
666
667 return( 0 );
668}
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]669#endif /* POLARSSL_FS_IO */
670
Paul Bakker6edcd412013-10-29 15:22:54 +0100[diff] [blame]671#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
672 !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]673#include <stdarg.h>
674
675#if !defined vsnprintf
676#define vsnprintf _vsnprintf
677#endif // vsnprintf
678
679/*
680 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
681 * Result value is not size of buffer needed, but -1 if no fit is possible.
682 *
683 * This fuction tries to 'fix' this by at least suggesting enlarging the
684 * size by 20.
685 */
686static int compat_snprintf(char *str, size_t size, const char *format, ...)
687{
688 va_list ap;
689 int res = -1;
690
691 va_start( ap, format );
692
693 res = vsnprintf( str, size, format, ap );
694
695 va_end( ap );
696
697 // No quick fix possible
698 if ( res < 0 )
699 return( (int) size + 20 );
700
701 return res;
702}
703
704#define snprintf compat_snprintf
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]705#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]706
707#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
708
709#define SAFE_SNPRINTF() \
710{ \
711 if( ret == -1 ) \
712 return( -1 ); \
713 \
714 if ( (unsigned int) ret > n ) { \
715 p[n - 1] = '\0'; \
716 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
717 } \
718 \
719 n -= (unsigned int) ret; \
720 p += (unsigned int) ret; \
721}
722
723/*
724 * Store the name in printable form into buf; no more
725 * than size characters will be written
726 */
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]727int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]728{
729 int ret;
730 size_t i, n;
731 unsigned char c;
732 const x509_name *name;
733 const char *short_name = NULL;
734 char s[128], *p;
735
736 memset( s, 0, sizeof( s ) );
737
738 name = dn;
739 p = buf;
740 n = size;
741
742 while( name != NULL )
743 {
744 if( !name->oid.p )
745 {
746 name = name->next;
747 continue;
748 }
749
750 if( name != dn )
751 {
752 ret = snprintf( p, n, ", " );
753 SAFE_SNPRINTF();
754 }
755
756 ret = oid_get_attr_short_name( &name->oid, &short_name );
757
758 if( ret == 0 )
759 ret = snprintf( p, n, "%s=", short_name );
760 else
761 ret = snprintf( p, n, "\?\?=" );
762 SAFE_SNPRINTF();
763
764 for( i = 0; i < name->val.len; i++ )
765 {
766 if( i >= sizeof( s ) - 1 )
767 break;
768
769 c = name->val.p[i];
770 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
771 s[i] = '?';
772 else s[i] = c;
773 }
774 s[i] = '\0';
775 ret = snprintf( p, n, "%s", s );
776 SAFE_SNPRINTF();
777 name = name->next;
778 }
779
780 return( (int) ( size - n ) );
781}
782
783/*
784 * Store the serial in printable form into buf; no more
785 * than size characters will be written
786 */
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]787int x509_serial_gets( char *buf, size_t size, const x509_buf *serial )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]788{
789 int ret;
790 size_t i, n, nr;
791 char *p;
792
793 p = buf;
794 n = size;
795
796 nr = ( serial->len <= 32 )
797 ? serial->len : 28;
798
799 for( i = 0; i < nr; i++ )
800 {
801 if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
802 continue;
803
804 ret = snprintf( p, n, "%02X%s",
805 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
806 SAFE_SNPRINTF();
807 }
808
809 if( nr != serial->len )
810 {
811 ret = snprintf( p, n, "...." );
812 SAFE_SNPRINTF();
813 }
814
815 return( (int) ( size - n ) );
816}
817
818/*
Manuel Pégourié-Gonnardcac31ee2014-01-25 11:50:59 +0100[diff] [blame^]819 * Helper for writing signature alrogithms
820 */
821int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
822 pk_type_t pk_alg, const x509_buf *sig_params )
823{
824 int ret;
825 char *p = buf;
826 size_t n = size;
827 const char *desc = NULL;
828
829 ret = oid_get_sig_alg_desc( sig_oid, &desc );
830 if( ret != 0 )
831 ret = snprintf( p, n, "???" );
832 else
833 ret = snprintf( p, n, "%s", desc );
834 SAFE_SNPRINTF();
835
836#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
837 if( pk_alg == POLARSSL_PK_RSASSA_PSS )
838 {
839 md_type_t md_alg, mgf_md;
840 const md_info_t *md_info, *mgf_md_info;
841 int salt_len, trailer_field;
842
843 if( ( ret = x509_get_rsassa_pss_params( sig_params,
844 &md_alg, &mgf_md, &salt_len, &trailer_field ) ) != 0 )
845 return( ret );
846
847 md_info = md_info_from_type( md_alg );
848 mgf_md_info = md_info_from_type( mgf_md );
849
850 ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X, %d)",
851 md_info ? md_info->name : "???",
852 mgf_md_info ? mgf_md_info->name : "???",
853 salt_len, trailer_field );
854 SAFE_SNPRINTF();
855 }
856#else
857 ((void) pk_alg);
858 ((void) sig_params);
859#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
860
861 return( (int) size - n );
862}
863
864/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]865 * Helper for writing "RSA key size", "EC key size", etc
866 */
867int x509_key_size_helper( char *buf, size_t size, const char *name )
868{
869 char *p = buf;
870 size_t n = size;
871 int ret;
872
873 if( strlen( name ) + sizeof( " key size" ) > size )
874 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
875
876 ret = snprintf( p, n, "%s key size", name );
877 SAFE_SNPRINTF();
878
879 return( 0 );
880}
881
882/*
883 * Return an informational string describing the given OID
884 */
885const char *x509_oid_get_description( x509_buf *oid )
886{
887 const char *desc = NULL;
888 int ret;
889
890 ret = oid_get_extended_key_usage( oid, &desc );
891
892 if( ret != 0 )
893 return( NULL );
894
895 return( desc );
896}
897
898/* Return the x.y.z.... style numeric string for the given OID */
899int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
900{
901 return oid_get_numeric_string( buf, size, oid );
902}
903
904/*
905 * Return 0 if the x509_time is still valid, or 1 otherwise.
906 */
907#if defined(POLARSSL_HAVE_TIME)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]908
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]909static void x509_get_current_time( x509_time *now )
910{
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]911#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]912 SYSTEMTIME st;
913
Manuel Pégourié-Gonnard0776a432014-04-11 12:25:45 +0200[diff] [blame]914 GetSystemTime(&st);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]915
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]916 now->year = st.wYear;
917 now->mon = st.wMonth;
918 now->day = st.wDay;
919 now->hour = st.wHour;
920 now->min = st.wMinute;
921 now->sec = st.wSecond;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]922#else
Paul Bakker5fff23b2014-03-26 15:34:54 +0100[diff] [blame]923 struct tm lt;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]924 time_t tt;
925
926 tt = time( NULL );
Manuel Pégourié-Gonnard0776a432014-04-11 12:25:45 +0200[diff] [blame]927 gmtime_r( &tt, &lt );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]928
Paul Bakker5fff23b2014-03-26 15:34:54 +0100[diff] [blame]929 now->year = lt.tm_year + 1900;
930 now->mon = lt.tm_mon + 1;
931 now->day = lt.tm_mday;
932 now->hour = lt.tm_hour;
933 now->min = lt.tm_min;
934 now->sec = lt.tm_sec;
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]935#endif /* _WIN32 && !EFIX64 && !EFI32 */
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]936}
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]937
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]938/*
939 * Return 0 if before <= after, 1 otherwise
940 */
941static int x509_check_time( const x509_time *before, const x509_time *after )
942{
943 if( before->year > after->year )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]944 return( 1 );
945
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]946 if( before->year == after->year &&
947 before->mon > after->mon )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]948 return( 1 );
949
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]950 if( before->year == after->year &&
951 before->mon == after->mon &&
952 before->day > after->day )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]953 return( 1 );
954
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]955 if( before->year == after->year &&
956 before->mon == after->mon &&
957 before->day == after->day &&
958 before->hour > after->hour )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]959 return( 1 );
960
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]961 if( before->year == after->year &&
962 before->mon == after->mon &&
963 before->day == after->day &&
964 before->hour == after->hour &&
965 before->min > after->min )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]966 return( 1 );
967
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]968 if( before->year == after->year &&
969 before->mon == after->mon &&
970 before->day == after->day &&
971 before->hour == after->hour &&
972 before->min == after->min &&
973 before->sec > after->sec )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]974 return( 1 );
975
976 return( 0 );
977}
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]978
979int x509_time_expired( const x509_time *to )
980{
981 x509_time now;
982
983 x509_get_current_time( &now );
984
985 return( x509_check_time( &now, to ) );
986}
987
988int x509_time_future( const x509_time *from )
989{
990 x509_time now;
991
992 x509_get_current_time( &now );
993
994 return( x509_check_time( from, &now ) );
995}
996
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]997#else /* POLARSSL_HAVE_TIME */
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]998
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]999int x509_time_expired( const x509_time *to )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1000{
1001 ((void) to);
1002 return( 0 );
1003}
Manuel Pégourié-Gonnard6304f782014-03-10 12:26:11 +0100[diff] [blame]1004
1005int x509_time_future( const x509_time *from )
1006{
1007 ((void) from);
1008 return( 0 );
1009}
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1010#endif /* POLARSSL_HAVE_TIME */
1011
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1012#if defined(POLARSSL_SELF_TEST)
1013
1014#include "polarssl/x509_crt.h"
1015#include "polarssl/certs.h"
1016
1017/*
1018 * Checkup routine
1019 */
1020int x509_self_test( int verbose )
1021{
Manuel Pégourié-Gonnard3d413702014-04-29 15:29:41 +0200[diff] [blame]1022#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_SHA1_C)
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1023 int ret;
1024 int flags;
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200[diff] [blame]1025 x509_crt cacert;
1026 x509_crt clicert;
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1027
1028 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1029 polarssl_printf( " X.509 certificate load: " );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1030
Paul Bakkerb6b09562013-09-18 14:17:41 +0200[diff] [blame]1031 x509_crt_init( &clicert );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1032
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]1033 ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
1034 strlen( test_cli_crt ) );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1035 if( ret != 0 )
1036 {
1037 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1038 polarssl_printf( "failed\n" );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1039
1040 return( ret );
1041 }
1042
Paul Bakkerb6b09562013-09-18 14:17:41 +0200[diff] [blame]1043 x509_crt_init( &cacert );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1044
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]1045 ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
1046 strlen( test_ca_crt ) );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1047 if( ret != 0 )
1048 {
1049 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1050 polarssl_printf( "failed\n" );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1051
1052 return( ret );
1053 }
1054
1055 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1056 polarssl_printf( "passed\n X.509 signature verify: ");
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1057
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]1058 ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1059 if( ret != 0 )
1060 {
1061 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1062 polarssl_printf( "failed\n" );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1063
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1064 polarssl_printf("ret = %d, &flags = %04x\n", ret, flags);
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1065
1066 return( ret );
1067 }
1068
1069 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1070 polarssl_printf( "passed\n\n");
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1071
1072 x509_crt_free( &cacert );
1073 x509_crt_free( &clicert );
1074
1075 return( 0 );
1076#else
1077 ((void) verbose);
1078 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1079#endif /* POLARSSL_CERTS_C && POLARSSL_SHA1_C */
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1080}
1081
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1082#endif /* POLARSSL_SELF_TEST */
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]1083
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1084#endif /* POLARSSL_X509_USE_C */