Blame - library/x509.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 377c106d8c1260f3151ae8af563f13ab50b7f6a8 [file] [log] [blame]

Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1	/*
Manuel Pégourié-Gonnard	1c082f3	2014-06-12 22:34:55 +0200	[diff] [blame]	2	* X.509 common functions for parsing and verification
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	3	*
Bence Szépkúti	44bfbe3	2020-08-19 16:54:51 +0200	[diff] [blame]	4	* Copyright The Mbed TLS Contributors
Bence Szépkúti	4e9f712	2020-06-05 13:02:18 +0200	[diff] [blame]	5	* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
				6	*
				7	* This file is provided under the Apache License 2.0, or the
				8	* GNU General Public License v2.0 or later.
				9	*
				10	* **********
				11	* Apache License 2.0:
Manuel Pégourié-Gonnard	37ff140	2015-09-04 14:21:07 +0200	[diff] [blame]	12	*
				13	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				14	* not use this file except in compliance with the License.
				15	* You may obtain a copy of the License at
				16	*
				17	* http://www.apache.org/licenses/LICENSE-2.0
				18	*
				19	* Unless required by applicable law or agreed to in writing, software
				20	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				21	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				22	* See the License for the specific language governing permissions and
				23	* limitations under the License.
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	24	*
Bence Szépkúti	4e9f712	2020-06-05 13:02:18 +0200	[diff] [blame]	25	* **********
				26	*
				27	* **********
				28	* GNU General Public License v2.0 or later:
				29	*
				30	* This program is free software; you can redistribute it and/or modify
				31	* it under the terms of the GNU General Public License as published by
				32	* the Free Software Foundation; either version 2 of the License, or
				33	* (at your option) any later version.
				34	*
				35	* This program is distributed in the hope that it will be useful,
				36	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				37	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				38	* GNU General Public License for more details.
				39	*
				40	* You should have received a copy of the GNU General Public License along
				41	* with this program; if not, write to the Free Software Foundation, Inc.,
				42	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				43	*
				44	* **********
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	45	*/
				46	/*
				47	* The ITU-T X.509 standard defines a certificate format for PKI.
				48	*
Manuel Pégourié-Gonnard	1c082f3	2014-06-12 22:34:55 +0200	[diff] [blame]	49	* http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
				50	* http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
				51	* http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	52	*
				53	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
				54	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
				55	*/
				56
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	57	#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	58	#include "mbedtls/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	59	#else
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	60	#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	61	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	62
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	63	#if defined(MBEDTLS_X509_USE_C)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	64
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	65	#include "mbedtls/x509.h"
				66	#include "mbedtls/asn1.h"
				67	#include "mbedtls/oid.h"
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	68
Rich Evans	36796df	2015-02-12 18:27:14 +0000	[diff] [blame]	69	#include <stdio.h>
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	70	#include <string.h>
				71
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	72	#if defined(MBEDTLS_PEM_PARSE_C)
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	73	#include "mbedtls/pem.h"
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	74	#endif
				75
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	76	#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	77	#include "mbedtls/platform.h"
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	78	#else
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	79	#include <stdio.h>
				80	#include <stdlib.h>
SimonB	d5800b7	2016-04-26 07:43:27 +0100	[diff] [blame]	81	#define mbedtls_free free
Manuel Pégourié-Gonnard	7551cb9	2015-05-26 16:04:06 +0200	[diff] [blame]	82	#define mbedtls_calloc calloc
SimonB	d5800b7	2016-04-26 07:43:27 +0100	[diff] [blame]	83	#define mbedtls_printf printf
				84	#define mbedtls_snprintf snprintf
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	85	#endif
				86
Simon Butcher	b5b6af2	2016-07-13 14:46:18 +0100	[diff] [blame]	87
				88	#if defined(MBEDTLS_HAVE_TIME)
				89	#include "mbedtls/platform_time.h"
				90	#endif
				91
Paul Bakker	fa6a620	2013-10-28 18:48:30 +0100	[diff] [blame]	92	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	93	#include <windows.h>
				94	#else
				95	#include <time.h>
				96	#endif
				97
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	98	#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	99	#define CHECK_RANGE(min, max, val) if( val < min \|\| val > max ){ return( ret ); }
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	100
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	101	/*
				102	* CertificateSerialNumber ::= INTEGER
				103	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	104	int mbedtls_x509_get_serial( unsigned char *p, const unsigned char end,
				105	mbedtls_x509_buf *serial )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	106	{
				107	int ret;
				108
				109	if( ( end - *p ) < 1 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	110	return( MBEDTLS_ERR_X509_INVALID_SERIAL +
				111	MBEDTLS_ERR_ASN1_OUT_OF_DATA );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	112
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	113	if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_PRIMITIVE \| 2 ) &&
				114	**p != MBEDTLS_ASN1_INTEGER )
				115	return( MBEDTLS_ERR_X509_INVALID_SERIAL +
				116	MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	117
				118	serial->tag = (p)++;
				119
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	120	if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
				121	return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	122
				123	serial->p = *p;
				124	*p += serial->len;
				125
				126	return( 0 );
				127	}
				128
				129	/* Get an algorithm identifier without parameters (eg for signatures)
				130	*
				131	* AlgorithmIdentifier ::= SEQUENCE {
				132	* algorithm OBJECT IDENTIFIER,
				133	* parameters ANY DEFINED BY algorithm OPTIONAL }
				134	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	135	int mbedtls_x509_get_alg_null( unsigned char *p, const unsigned char end,
				136	mbedtls_x509_buf *alg )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	137	{
				138	int ret;
				139
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	140	if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
				141	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	142
				143	return( 0 );
				144	}
				145
				146	/*
Antonin Décimo	8fd9156	2019-01-23 15:24:37 +0100	[diff] [blame]	147	* Parse an algorithm identifier with (optional) parameters
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	148	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	149	int mbedtls_x509_get_alg( unsigned char *p, const unsigned char end,
				150	mbedtls_x509_buf alg, mbedtls_x509_buf params )
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	151	{
				152	int ret;
				153
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	154	if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
				155	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	156
				157	return( 0 );
				158	}
				159
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	160	#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	161	/*
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	162	* HashAlgorithm ::= AlgorithmIdentifier
				163	*
				164	* AlgorithmIdentifier ::= SEQUENCE {
				165	* algorithm OBJECT IDENTIFIER,
				166	* parameters ANY DEFINED BY algorithm OPTIONAL }
				167	*
				168	* For HashAlgorithm, parameters MUST be NULL or absent.
				169	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	170	static int x509_get_hash_alg( const mbedtls_x509_buf alg, mbedtls_md_type_t md_alg )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	171	{
				172	int ret;
				173	unsigned char *p;
				174	const unsigned char *end;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	175	mbedtls_x509_buf md_oid;
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	176	size_t len;
				177
				178	/* Make sure we got a SEQUENCE and setup bounds */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	179	if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) )
				180	return( MBEDTLS_ERR_X509_INVALID_ALG +
				181	MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	182
				183	p = (unsigned char *) alg->p;
				184	end = p + alg->len;
				185
				186	if( p >= end )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	187	return( MBEDTLS_ERR_X509_INVALID_ALG +
				188	MBEDTLS_ERR_ASN1_OUT_OF_DATA );
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	189
				190	/* Parse md_oid */
				191	md_oid.tag = *p;
				192
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	193	if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
				194	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	195
				196	md_oid.p = p;
				197	p += md_oid.len;
				198
				199	/* Get md_alg from md_oid */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	200	if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
				201	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	202
				203	/* Make sure params is absent of NULL */
				204	if( p == end )
				205	return( 0 );
				206
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	207	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 \|\| len != 0 )
				208	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	209
				210	if( p != end )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	211	return( MBEDTLS_ERR_X509_INVALID_ALG +
				212	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	213
				214	return( 0 );
				215	}
				216
				217	/*
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	218	* RSASSA-PSS-params ::= SEQUENCE {
				219	* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
				220	* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
				221	* saltLength [2] INTEGER DEFAULT 20,
				222	* trailerField [3] INTEGER DEFAULT 1 }
				223	* -- Note that the tags in this Sequence are explicit.
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	224	*
				225	* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
				226	* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
				227	* option. Enfore this at parsing time.
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	228	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	229	int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
				230	mbedtls_md_type_t md_alg, mbedtls_md_type_t mgf_md,
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	231	int *salt_len )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	232	{
				233	int ret;
				234	unsigned char *p;
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	235	const unsigned char end, end2;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	236	size_t len;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	237	mbedtls_x509_buf alg_id, alg_params;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	238
				239	/* First set everything to defaults */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	240	*md_alg = MBEDTLS_MD_SHA1;
				241	*mgf_md = MBEDTLS_MD_SHA1;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	242	*salt_len = 20;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	243
				244	/* Make sure params is a SEQUENCE and setup bounds */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	245	if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) )
				246	return( MBEDTLS_ERR_X509_INVALID_ALG +
				247	MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	248
				249	p = (unsigned char *) params->p;
				250	end = p + params->len;
				251
				252	if( p == end )
				253	return( 0 );
				254
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	255	/*
				256	* HashAlgorithm
				257	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	258	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
				259	MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_CONSTRUCTED \| 0 ) ) == 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	260	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	261	end2 = p + len;
				262
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	263	/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	264	if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	265	return( ret );
				266
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	267	if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
				268	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	269
				270	if( p != end2 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	271	return( MBEDTLS_ERR_X509_INVALID_ALG +
				272	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	273	}
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	274	else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
				275	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	276
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	277	if( p == end )
				278	return( 0 );
				279
				280	/*
				281	* MaskGenAlgorithm
				282	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	283	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
				284	MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_CONSTRUCTED \| 1 ) ) == 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	285	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	286	end2 = p + len;
				287
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	288	/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	289	if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	290	return( ret );
				291
				292	/* Only MFG1 is recognised for now */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	293	if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
				294	return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +
				295	MBEDTLS_ERR_OID_NOT_FOUND );
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	296
				297	/* Parse HashAlgorithm */
				298	if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
				299	return( ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	300
				301	if( p != end2 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	302	return( MBEDTLS_ERR_X509_INVALID_ALG +
				303	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	304	}
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	305	else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
				306	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	307
				308	if( p == end )
				309	return( 0 );
				310
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	311	/*
				312	* salt_len
				313	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	314	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
				315	MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_CONSTRUCTED \| 2 ) ) == 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	316	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	317	end2 = p + len;
				318
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	319	if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
				320	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	321
				322	if( p != end2 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	323	return( MBEDTLS_ERR_X509_INVALID_ALG +
				324	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	325	}
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	326	else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
				327	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	328
				329	if( p == end )
				330	return( 0 );
				331
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	332	/*
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	333	* trailer_field (if present, must be 1)
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	334	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	335	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
				336	MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_CONSTRUCTED \| 3 ) ) == 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	337	{
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	338	int trailer_field;
				339
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	340	end2 = p + len;
				341
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	342	if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
				343	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	344
				345	if( p != end2 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	346	return( MBEDTLS_ERR_X509_INVALID_ALG +
				347	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	348
				349	if( trailer_field != 1 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	350	return( MBEDTLS_ERR_X509_INVALID_ALG );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	351	}
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	352	else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
				353	return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	354
				355	if( p != end )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	356	return( MBEDTLS_ERR_X509_INVALID_ALG +
				357	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	358
				359	return( 0 );
				360	}
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	361	#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	362
				363	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	364	* AttributeTypeAndValue ::= SEQUENCE {
				365	* type AttributeType,
				366	* value AttributeValue }
				367	*
				368	* AttributeType ::= OBJECT IDENTIFIER
				369	*
				370	* AttributeValue ::= ANY DEFINED BY AttributeType
				371	*/
				372	static int x509_get_attr_type_value( unsigned char **p,
				373	const unsigned char *end,
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	374	mbedtls_x509_name *cur )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	375	{
				376	int ret;
				377	size_t len;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	378	mbedtls_x509_buf *oid;
				379	mbedtls_x509_buf *val;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	380
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	381	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
				382	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
				383	return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	384
Hanno Becker	1de13db	2019-02-12 17:22:36 +0000	[diff] [blame]	385	end = *p + len;
				386
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	387	if( ( end - *p ) < 1 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	388	return( MBEDTLS_ERR_X509_INVALID_NAME +
				389	MBEDTLS_ERR_ASN1_OUT_OF_DATA );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	390
				391	oid = &cur->oid;
				392	oid->tag = **p;
				393
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	394	if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
				395	return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	396
				397	oid->p = *p;
				398	*p += oid->len;
				399
				400	if( ( end - *p ) < 1 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	401	return( MBEDTLS_ERR_X509_INVALID_NAME +
				402	MBEDTLS_ERR_ASN1_OUT_OF_DATA );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	403
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	404	if( p != MBEDTLS_ASN1_BMP_STRING && p != MBEDTLS_ASN1_UTF8_STRING &&
				405	p != MBEDTLS_ASN1_T61_STRING && p != MBEDTLS_ASN1_PRINTABLE_STRING &&
				406	p != MBEDTLS_ASN1_IA5_STRING && p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
				407	**p != MBEDTLS_ASN1_BIT_STRING )
				408	return( MBEDTLS_ERR_X509_INVALID_NAME +
				409	MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	410
				411	val = &cur->val;
				412	val->tag = (p)++;
				413
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	414	if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
				415	return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	416
				417	val->p = *p;
				418	*p += val->len;
				419
Hanno Becker	1de13db	2019-02-12 17:22:36 +0000	[diff] [blame]	420	if( *p != end )
				421	{
				422	return( MBEDTLS_ERR_X509_INVALID_NAME +
				423	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
				424	}
				425
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	426	cur->next = NULL;
				427
				428	return( 0 );
				429	}
				430
				431	/*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	432	* Name ::= CHOICE { -- only one possibility for now --
				433	* rdnSequence RDNSequence }
				434	*
				435	* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
				436	*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	437	* RelativeDistinguishedName ::=
				438	* SET OF AttributeTypeAndValue
				439	*
				440	* AttributeTypeAndValue ::= SEQUENCE {
				441	* type AttributeType,
				442	* value AttributeValue }
				443	*
				444	* AttributeType ::= OBJECT IDENTIFIER
				445	*
				446	* AttributeValue ::= ANY DEFINED BY AttributeType
Manuel Pégourié-Gonnard	5d86185	2014-10-17 12:41:41 +0200	[diff] [blame]	447	*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	448	* The data structure is optimized for the common case where each RDN has only
				449	* one element, which is represented as a list of AttributeTypeAndValue.
				450	* For the general case we still use a flat list, but we mark elements of the
				451	* same set so that they are "merged" together in the functions that consume
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	452	* this list, eg mbedtls_x509_dn_gets().
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	453	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	454	int mbedtls_x509_get_name( unsigned char *p, const unsigned char end,
				455	mbedtls_x509_name *cur )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	456	{
				457	int ret;
Manuel Pégourié-Gonnard	5d86185	2014-10-17 12:41:41 +0200	[diff] [blame]	458	size_t set_len;
				459	const unsigned char *end_set;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	460
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	461	/* don't use recursion, we'd risk stack overflow if not optimized */
				462	while( 1 )
				463	{
				464	/*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	465	* parse SET
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	466	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	467	if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
				468	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SET ) ) != 0 )
				469	return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	470
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	471	end_set = *p + set_len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	472
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	473	while( 1 )
				474	{
				475	if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
				476	return( ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	477
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	478	if( *p == end_set )
				479	break;
				480
Manuel Pégourié-Gonnard	eecb43c	2015-05-12 12:56:41 +0200	[diff] [blame]	481	/* Mark this item as being no the only one in a set */
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	482	cur->next_merged = 1;
				483
Manuel Pégourié-Gonnard	7551cb9	2015-05-26 16:04:06 +0200	[diff] [blame]	484	cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	485
				486	if( cur->next == NULL )
Manuel Pégourié-Gonnard	6a8ca33	2015-05-28 09:33:39 +0200	[diff] [blame]	487	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	488
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	489	cur = cur->next;
				490	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	491
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	492	/*
				493	* continue until end of SEQUENCE is reached
				494	*/
				495	if( *p == end )
				496	return( 0 );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	497
Manuel Pégourié-Gonnard	7551cb9	2015-05-26 16:04:06 +0200	[diff] [blame]	498	cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	499
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	500	if( cur->next == NULL )
Manuel Pégourié-Gonnard	6a8ca33	2015-05-28 09:33:39 +0200	[diff] [blame]	501	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	502
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	503	cur = cur->next;
				504	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	505	}
				506
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	507	static int x509_parse_int( unsigned char *p, size_t n, int res )
				508	{
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	509	*res = 0;
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	510
				511	for( ; n > 0; --n )
				512	{
				513	if( ( p < '0') \|\| ( p > '9' ) )
				514	return ( MBEDTLS_ERR_X509_INVALID_DATE );
				515
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	516	res = 10;
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	517	res += ( (*p)++ - '0' );
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	518	}
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	519
				520	return( 0 );
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	521	}
				522
Andres Amaya Garcia	735b37e	2016-11-21 15:38:02 +0000	[diff] [blame]	523	static int x509_date_is_valid(const mbedtls_x509_time *t )
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	524	{
				525	int ret = MBEDTLS_ERR_X509_INVALID_DATE;
Andres Amaya Garcia	735b37e	2016-11-21 15:38:02 +0000	[diff] [blame]	526	int month_len;
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	527
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	528	CHECK_RANGE( 0, 9999, t->year );
				529	CHECK_RANGE( 0, 23, t->hour );
				530	CHECK_RANGE( 0, 59, t->min );
				531	CHECK_RANGE( 0, 59, t->sec );
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	532
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	533	switch( t->mon )
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	534	{
				535	case 1: case 3: case 5: case 7: case 8: case 10: case 12:
Andres Amaya Garcia	735b37e	2016-11-21 15:38:02 +0000	[diff] [blame]	536	month_len = 31;
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	537	break;
				538	case 4: case 6: case 9: case 11:
Andres Amaya Garcia	735b37e	2016-11-21 15:38:02 +0000	[diff] [blame]	539	month_len = 30;
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	540	break;
				541	case 2:
Andres Amaya Garcia	735b37e	2016-11-21 15:38:02 +0000	[diff] [blame]	542	if( ( !( t->year % 4 ) && t->year % 100 ) \|\|
				543	!( t->year % 400 ) )
				544	month_len = 29;
				545	else
				546	month_len = 28;
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	547	break;
				548	default:
				549	return( ret );
				550	}
Andres Amaya Garcia	735b37e	2016-11-21 15:38:02 +0000	[diff] [blame]	551	CHECK_RANGE( 1, month_len, t->day );
Andres AG	4b76aec	2016-09-23 13:16:02 +0100	[diff] [blame]	552
				553	return( 0 );
				554	}
				555
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	556	/*
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	557	* Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
				558	* field.
				559	*/
				560	static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	561	mbedtls_x509_time *tm )
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	562	{
				563	int ret;
				564
				565	/*
				566	* Minimum length is 10 or 12 depending on yearlen
				567	*/
				568	if ( len < yearlen + 8 )
				569	return ( MBEDTLS_ERR_X509_INVALID_DATE );
				570	len -= yearlen + 8;
				571
				572	/*
				573	* Parse year, month, day, hour, minute
				574	*/
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	575	CHECK( x509_parse_int( p, yearlen, &tm->year ) );
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	576	if ( 2 == yearlen )
				577	{
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	578	if ( tm->year < 50 )
				579	tm->year += 100;
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	580
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	581	tm->year += 1900;
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	582	}
				583
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	584	CHECK( x509_parse_int( p, 2, &tm->mon ) );
				585	CHECK( x509_parse_int( p, 2, &tm->day ) );
				586	CHECK( x509_parse_int( p, 2, &tm->hour ) );
				587	CHECK( x509_parse_int( p, 2, &tm->min ) );
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	588
				589	/*
				590	* Parse seconds if present
				591	*/
				592	if ( len >= 2 )
				593	{
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	594	CHECK( x509_parse_int( p, 2, &tm->sec ) );
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	595	len -= 2;
				596	}
				597	else
				598	return ( MBEDTLS_ERR_X509_INVALID_DATE );
				599
				600	/*
				601	* Parse trailing 'Z' if present
				602	*/
				603	if ( 1 == len && 'Z' == **p )
				604	{
				605	(*p)++;
				606	len--;
				607	}
				608
				609	/*
				610	* We should have parsed all characters at this point
				611	*/
				612	if ( 0 != len )
				613	return ( MBEDTLS_ERR_X509_INVALID_DATE );
				614
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	615	CHECK( x509_date_is_valid( tm ) );
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	616
				617	return ( 0 );
				618	}
				619
				620	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	621	* Time ::= CHOICE {
				622	* utcTime UTCTime,
				623	* generalTime GeneralizedTime }
				624	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	625	int mbedtls_x509_get_time( unsigned char *p, const unsigned char end,
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	626	mbedtls_x509_time *tm )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	627	{
				628	int ret;
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	629	size_t len, year_len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	630	unsigned char tag;
				631
				632	if( ( end - *p ) < 1 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	633	return( MBEDTLS_ERR_X509_INVALID_DATE +
				634	MBEDTLS_ERR_ASN1_OUT_OF_DATA );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	635
				636	tag = **p;
				637
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	638	if( tag == MBEDTLS_ASN1_UTC_TIME )
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	639	year_len = 2;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	640	else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	641	year_len = 4;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	642	else
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	643	return( MBEDTLS_ERR_X509_INVALID_DATE +
				644	MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
Janos Follath	87c9807	2017-02-03 12:36:59 +0000	[diff] [blame]	645
				646	(*p)++;
				647	ret = mbedtls_asn1_get_len( p, end, &len );
				648
				649	if( ret != 0 )
				650	return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
				651
Hanno Becker	61937d4	2017-04-26 15:01:23 +0100	[diff] [blame]	652	return x509_parse_time( p, len, year_len, tm );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	653	}
				654
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	655	int mbedtls_x509_get_sig( unsigned char *p, const unsigned char end, mbedtls_x509_buf *sig )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	656	{
				657	int ret;
				658	size_t len;
Andres AG	4bdbe09	2016-09-19 16:58:45 +0100	[diff] [blame]	659	int tag_type;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	660
				661	if( ( end - *p ) < 1 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	662	return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
				663	MBEDTLS_ERR_ASN1_OUT_OF_DATA );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	664
Andres AG	4bdbe09	2016-09-19 16:58:45 +0100	[diff] [blame]	665	tag_type = **p;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	666
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	667	if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
				668	return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	669
Andres AG	4bdbe09	2016-09-19 16:58:45 +0100	[diff] [blame]	670	sig->tag = tag_type;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	671	sig->len = len;
				672	sig->p = *p;
				673
				674	*p += len;
				675
				676	return( 0 );
				677	}
				678
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	679	/*
				680	* Get signature algorithm from alg OID and optional parameters
				681	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	682	int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf sig_oid, const mbedtls_x509_buf sig_params,
				683	mbedtls_md_type_t md_alg, mbedtls_pk_type_t pk_alg,
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	684	void **sig_opts )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	685	{
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	686	int ret;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	687
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	688	if( *sig_opts != NULL )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	689	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	690
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	691	if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
				692	return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	693
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	694	#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
				695	if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	696	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	697	mbedtls_pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	698
Manuel Pégourié-Gonnard	7551cb9	2015-05-26 16:04:06 +0200	[diff] [blame]	699	pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	700	if( pss_opts == NULL )
Manuel Pégourié-Gonnard	6a8ca33	2015-05-28 09:33:39 +0200	[diff] [blame]	701	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	702
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	703	ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	704	md_alg,
				705	&pss_opts->mgf1_hash_id,
				706	&pss_opts->expected_salt_len );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	707	if( ret != 0 )
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	708	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	709	mbedtls_free( pss_opts );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	710	return( ret );
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	711	}
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	712
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	713	sig_opts = (void ) pss_opts;
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	714	}
				715	else
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	716	#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	717	{
				718	/* Make sure parameters are absent or NULL */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	719	if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) \|\|
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	720	sig_params->len != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	721	return( MBEDTLS_ERR_X509_INVALID_ALG );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	722	}
				723
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	724	return( 0 );
				725	}
				726
				727	/*
				728	* X.509 Extensions (No parsing of extensions, pointer should
Brian J Murray	1903fb3	2016-11-06 04:45:15 -0800	[diff] [blame]	729	* be either manually updated or extensions should be parsed!)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	730	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	731	int mbedtls_x509_get_ext( unsigned char *p, const unsigned char end,
Hanno Becker	19557c2	2019-02-12 11:52:10 +0000	[diff] [blame]	732	mbedtls_x509_buf *ext, int tag )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	733	{
				734	int ret;
				735	size_t len;
				736
Hanno Becker	c24e019	2019-02-11 14:33:36 +0000	[diff] [blame]	737	/* Extension structure use EXPLICIT tagging. That is, the actual
				738	* `Extensions` structure is wrapped by a tag-length pair using
				739	* the respective context-specific tag. */
Hanno Becker	19557c2	2019-02-12 11:52:10 +0000	[diff] [blame]	740	ret = mbedtls_asn1_get_tag( p, end, &ext->len,
				741	MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_CONSTRUCTED \| tag );
				742	if( ret != 0 )
				743	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	744
Hanno Becker	19557c2	2019-02-12 11:52:10 +0000	[diff] [blame]	745	ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_CONSTRUCTED \| tag;
				746	ext->p = *p;
				747	end = *p + ext->len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	748
				749	/*
				750	* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	751	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	752	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
				753	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
				754	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	755
				756	if( end != *p + len )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	757	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
				758	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	759
				760	return( 0 );
				761	}
				762
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	763	/*
				764	* Store the name in printable form into buf; no more
				765	* than size characters will be written
				766	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	767	int mbedtls_x509_dn_gets( char buf, size_t size, const mbedtls_x509_name dn )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	768	{
				769	int ret;
				770	size_t i, n;
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	771	unsigned char c, merge = 0;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	772	const mbedtls_x509_name *name;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	773	const char *short_name = NULL;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	774	char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	775
				776	memset( s, 0, sizeof( s ) );
				777
				778	name = dn;
				779	p = buf;
				780	n = size;
				781
				782	while( name != NULL )
				783	{
				784	if( !name->oid.p )
				785	{
				786	name = name->next;
				787	continue;
				788	}
				789
				790	if( name != dn )
				791	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	792	ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
Manuel Pégourié-Gonnard	1685368	2015-06-22 11:12:02 +0200	[diff] [blame]	793	MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	794	}
				795
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	796	ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	797
				798	if( ret == 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	799	ret = mbedtls_snprintf( p, n, "%s=", short_name );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	800	else
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	801	ret = mbedtls_snprintf( p, n, "\?\?=" );
Manuel Pégourié-Gonnard	1685368	2015-06-22 11:12:02 +0200	[diff] [blame]	802	MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	803
				804	for( i = 0; i < name->val.len; i++ )
				805	{
				806	if( i >= sizeof( s ) - 1 )
				807	break;
				808
				809	c = name->val.p[i];
				810	if( c < 32 \|\| c == 127 \|\| ( c > 128 && c < 160 ) )
				811	s[i] = '?';
				812	else s[i] = c;
				813	}
				814	s[i] = '\0';
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	815	ret = mbedtls_snprintf( p, n, "%s", s );
Manuel Pégourié-Gonnard	1685368	2015-06-22 11:12:02 +0200	[diff] [blame]	816	MBEDTLS_X509_SAFE_SNPRINTF;
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	817
				818	merge = name->next_merged;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	819	name = name->next;
				820	}
				821
				822	return( (int) ( size - n ) );
				823	}
				824
				825	/*
				826	* Store the serial in printable form into buf; no more
				827	* than size characters will be written
				828	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	829	int mbedtls_x509_serial_gets( char buf, size_t size, const mbedtls_x509_buf serial )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	830	{
				831	int ret;
				832	size_t i, n, nr;
				833	char *p;
				834
				835	p = buf;
				836	n = size;
				837
				838	nr = ( serial->len <= 32 )
				839	? serial->len : 28;
				840
				841	for( i = 0; i < nr; i++ )
				842	{
				843	if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
				844	continue;
				845
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	846	ret = mbedtls_snprintf( p, n, "%02X%s",
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	847	serial->p[i], ( i < nr - 1 ) ? ":" : "" );
Manuel Pégourié-Gonnard	1685368	2015-06-22 11:12:02 +0200	[diff] [blame]	848	MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	849	}
				850
				851	if( nr != serial->len )
				852	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	853	ret = mbedtls_snprintf( p, n, "...." );
Manuel Pégourié-Gonnard	1685368	2015-06-22 11:12:02 +0200	[diff] [blame]	854	MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	855	}
				856
				857	return( (int) ( size - n ) );
				858	}
				859
				860	/*
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	861	* Helper for writing signature algorithms
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	862	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	863	int mbedtls_x509_sig_alg_gets( char buf, size_t size, const mbedtls_x509_buf sig_oid,
				864	mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	865	const void *sig_opts )
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	866	{
				867	int ret;
				868	char *p = buf;
				869	size_t n = size;
				870	const char *desc = NULL;
				871
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	872	ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	873	if( ret != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	874	ret = mbedtls_snprintf( p, n, "???" );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	875	else
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	876	ret = mbedtls_snprintf( p, n, "%s", desc );
Manuel Pégourié-Gonnard	1685368	2015-06-22 11:12:02 +0200	[diff] [blame]	877	MBEDTLS_X509_SAFE_SNPRINTF;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	878
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	879	#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
				880	if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	881	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	882	const mbedtls_pk_rsassa_pss_options *pss_opts;
				883	const mbedtls_md_info_t md_info, mgf_md_info;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	884
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	885	pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	886
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	887	md_info = mbedtls_md_info_from_type( md_alg );
				888	mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	889
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	890	ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
				891	md_info ? mbedtls_md_get_name( md_info ) : "???",
				892	mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	893	pss_opts->expected_salt_len );
Manuel Pégourié-Gonnard	1685368	2015-06-22 11:12:02 +0200	[diff] [blame]	894	MBEDTLS_X509_SAFE_SNPRINTF;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	895	}
				896	#else
				897	((void) pk_alg);
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	898	((void) md_alg);
				899	((void) sig_opts);
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	900	#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	901
Sander Niemeijer	ef5087d	2014-08-16 12:45:52 +0200	[diff] [blame]	902	return( (int)( size - n ) );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	903	}
				904
				905	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	906	* Helper for writing "RSA key size", "EC key size", etc
				907	*/
Manuel Pégourié-Gonnard	fb317c5	2015-06-18 16:25:56 +0200	[diff] [blame]	908	int mbedtls_x509_key_size_helper( char buf, size_t buf_size, const char name )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	909	{
				910	char *p = buf;
Manuel Pégourié-Gonnard	fb317c5	2015-06-18 16:25:56 +0200	[diff] [blame]	911	size_t n = buf_size;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	912	int ret;
				913
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	914	ret = mbedtls_snprintf( p, n, "%s key size", name );
Manuel Pégourié-Gonnard	1685368	2015-06-22 11:12:02 +0200	[diff] [blame]	915	MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	916
				917	return( 0 );
				918	}
				919
Manuel Pégourié-Gonnard	60c793b	2015-06-18 20:52:58 +0200	[diff] [blame]	920	#if defined(MBEDTLS_HAVE_TIME_DATE)
Manuel Pégourié-Gonnard	57e10d7	2015-06-22 18:59:21 +0200	[diff] [blame]	921	/*
				922	* Set the time structure to the current time.
				923	* Return 0 on success, non-zero on failure.
				924	*/
				925	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	926	static int x509_get_current_time( mbedtls_x509_time *now )
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	927	{
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	928	SYSTEMTIME st;
				929
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	930	GetSystemTime( &st );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	931
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	932	now->year = st.wYear;
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	933	now->mon = st.wMonth;
				934	now->day = st.wDay;
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	935	now->hour = st.wHour;
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	936	now->min = st.wMinute;
				937	now->sec = st.wSecond;
Manuel Pégourié-Gonnard	57e10d7	2015-06-22 18:59:21 +0200	[diff] [blame]	938
				939	return( 0 );
				940	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	941	#else
Manuel Pégourié-Gonnard	57e10d7	2015-06-22 18:59:21 +0200	[diff] [blame]	942	static int x509_get_current_time( mbedtls_x509_time *now )
				943	{
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	944	struct tm *lt;
SimonB	d5800b7	2016-04-26 07:43:27 +0100	[diff] [blame]	945	mbedtls_time_t tt;
Manuel Pégourié-Gonnard	57e10d7	2015-06-22 18:59:21 +0200	[diff] [blame]	946	int ret = 0;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	947
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	948	#if defined(MBEDTLS_THREADING_C)
				949	if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
				950	return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
				951	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	952
SimonB	d5800b7	2016-04-26 07:43:27 +0100	[diff] [blame]	953	tt = mbedtls_time( NULL );
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	954	lt = gmtime( &tt );
				955
Manuel Pégourié-Gonnard	57e10d7	2015-06-22 18:59:21 +0200	[diff] [blame]	956	if( lt == NULL )
				957	ret = -1;
				958	else
				959	{
				960	now->year = lt->tm_year + 1900;
				961	now->mon = lt->tm_mon + 1;
				962	now->day = lt->tm_mday;
				963	now->hour = lt->tm_hour;
				964	now->min = lt->tm_min;
				965	now->sec = lt->tm_sec;
				966	}
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	967
				968	#if defined(MBEDTLS_THREADING_C)
				969	if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
				970	return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
				971	#endif
				972
Manuel Pégourié-Gonnard	57e10d7	2015-06-22 18:59:21 +0200	[diff] [blame]	973	return( ret );
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	974	}
Manuel Pégourié-Gonnard	57e10d7	2015-06-22 18:59:21 +0200	[diff] [blame]	975	#endif /* _WIN32 && !EFIX64 && !EFI32 */
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	976
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	977	/*
				978	* Return 0 if before <= after, 1 otherwise
				979	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	980	static int x509_check_time( const mbedtls_x509_time before, const mbedtls_x509_time after )
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	981	{
				982	if( before->year > after->year )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	983	return( 1 );
				984
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	985	if( before->year == after->year &&
				986	before->mon > after->mon )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	987	return( 1 );
				988
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	989	if( before->year == after->year &&
				990	before->mon == after->mon &&
				991	before->day > after->day )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	992	return( 1 );
				993
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	994	if( before->year == after->year &&
				995	before->mon == after->mon &&
				996	before->day == after->day &&
				997	before->hour > after->hour )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	998	return( 1 );
				999
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1000	if( before->year == after->year &&
				1001	before->mon == after->mon &&
				1002	before->day == after->day &&
				1003	before->hour == after->hour &&
				1004	before->min > after->min )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1005	return( 1 );
				1006
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1007	if( before->year == after->year &&
				1008	before->mon == after->mon &&
				1009	before->day == after->day &&
				1010	before->hour == after->hour &&
				1011	before->min == after->min &&
				1012	before->sec > after->sec )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1013	return( 1 );
				1014
				1015	return( 0 );
				1016	}
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1017
Manuel Pégourié-Gonnard	c730ed3	2015-06-02 10:38:50 +0100	[diff] [blame]	1018	int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1019	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1020	mbedtls_x509_time now;
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1021
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	1022	if( x509_get_current_time( &now ) != 0 )
Manuel Pégourié-Gonnard	e7e8984	2015-06-22 19:15:32 +0200	[diff] [blame]	1023	return( 1 );
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1024
				1025	return( x509_check_time( &now, to ) );
				1026	}
				1027
Manuel Pégourié-Gonnard	c730ed3	2015-06-02 10:38:50 +0100	[diff] [blame]	1028	int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1029	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1030	mbedtls_x509_time now;
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1031
Manuel Pégourié-Gonnard	864108d	2015-05-29 10:11:03 +0200	[diff] [blame]	1032	if( x509_get_current_time( &now ) != 0 )
Manuel Pégourié-Gonnard	e7e8984	2015-06-22 19:15:32 +0200	[diff] [blame]	1033	return( 1 );
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1034
				1035	return( x509_check_time( from, &now ) );
				1036	}
				1037
Manuel Pégourié-Gonnard	60c793b	2015-06-18 20:52:58 +0200	[diff] [blame]	1038	#else /* MBEDTLS_HAVE_TIME_DATE */
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1039
Manuel Pégourié-Gonnard	c730ed3	2015-06-02 10:38:50 +0100	[diff] [blame]	1040	int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1041	{
				1042	((void) to);
				1043	return( 0 );
				1044	}
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1045
Manuel Pégourié-Gonnard	c730ed3	2015-06-02 10:38:50 +0100	[diff] [blame]	1046	int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1047	{
				1048	((void) from);
				1049	return( 0 );
				1050	}
Manuel Pégourié-Gonnard	60c793b	2015-06-18 20:52:58 +0200	[diff] [blame]	1051	#endif /* MBEDTLS_HAVE_TIME_DATE */
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1052
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1053	#if defined(MBEDTLS_SELF_TEST)
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1054
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	1055	#include "mbedtls/x509_crt.h"
				1056	#include "mbedtls/certs.h"
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1057
				1058	/*
				1059	* Checkup routine
				1060	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1061	int mbedtls_x509_self_test( int verbose )
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1062	{
Junhwan Park	e5d0163	2018-10-17 21:01:08 +0900	[diff] [blame]	1063	int ret = 0;
Gilles Peskine	750c353	2017-05-05 18:56:30 +0200	[diff] [blame]	1064	#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
Manuel Pégourié-Gonnard	e6ef16f	2015-05-11 19:54:43 +0200	[diff] [blame]	1065	uint32_t flags;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1066	mbedtls_x509_crt cacert;
				1067	mbedtls_x509_crt clicert;
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1068
				1069	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1070	mbedtls_printf( " X.509 certificate load: " );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1071
Junhwan Park	e5d0163	2018-10-17 21:01:08 +0900	[diff] [blame]	1072	mbedtls_x509_crt_init( &cacert );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1073	mbedtls_x509_crt_init( &clicert );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1074
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1075	ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
Manuel Pégourié-Gonnard	43b37cb	2015-05-12 11:20:10 +0200	[diff] [blame]	1076	mbedtls_test_cli_crt_len );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1077	if( ret != 0 )
				1078	{
				1079	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1080	mbedtls_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1081
Junhwan Park	e5d0163	2018-10-17 21:01:08 +0900	[diff] [blame]	1082	goto cleanup;
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1083	}
				1084
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1085	ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
Manuel Pégourié-Gonnard	43b37cb	2015-05-12 11:20:10 +0200	[diff] [blame]	1086	mbedtls_test_ca_crt_len );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1087	if( ret != 0 )
				1088	{
				1089	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1090	mbedtls_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1091
Junhwan Park	e5d0163	2018-10-17 21:01:08 +0900	[diff] [blame]	1092	goto cleanup;
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1093	}
				1094
				1095	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1096	mbedtls_printf( "passed\n X.509 signature verify: ");
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1097
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1098	ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1099	if( ret != 0 )
				1100	{
				1101	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1102	mbedtls_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1103
Junhwan Park	e5d0163	2018-10-17 21:01:08 +0900	[diff] [blame]	1104	goto cleanup;
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1105	}
				1106
				1107	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1108	mbedtls_printf( "passed\n\n");
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1109
Junhwan Park	e5d0163	2018-10-17 21:01:08 +0900	[diff] [blame]	1110	cleanup:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1111	mbedtls_x509_crt_free( &cacert );
				1112	mbedtls_x509_crt_free( &clicert );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1113	#else
				1114	((void) verbose);
Simon Butcher	2c3351e	2020-03-27 16:55:35 +0000	[diff] [blame]	1115	#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
Junhwan Park	e5d0163	2018-10-17 21:01:08 +0900	[diff] [blame]	1116	return( ret );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1117	}
				1118
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1119	#endif /* MBEDTLS_SELF_TEST */
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1120
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1121	#endif /* MBEDTLS_X509_USE_C */