1 /*
2  *  X.509 common functions for parsing and verification
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 /*
20  *  The ITU-T X.509 standard defines a certificate format for PKI.
21  *
22  *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
23  *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
24  *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
25  *
26  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
27  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
28  */
29 
30 #include "common.h"
31 
32 #if defined(MBEDTLS_X509_USE_C)
33 
34 #include "mbedtls/x509.h"
35 #include "mbedtls/asn1.h"
36 #include "mbedtls/error.h"
37 #include "mbedtls/oid.h"
38 
39 #include <stdio.h>
40 #include <string.h>
41 
42 #if defined(MBEDTLS_PEM_PARSE_C)
43 #include "mbedtls/pem.h"
44 #endif
45 
46 #if defined(MBEDTLS_PLATFORM_C)
47 #include "mbedtls/platform.h"
48 #else
49 #include <stdio.h>
50 #include <stdlib.h>
51 #define mbedtls_free      free
52 #define mbedtls_calloc    calloc
53 #define mbedtls_printf    printf
54 #define mbedtls_snprintf  snprintf
55 #endif
56 
57 #if defined(MBEDTLS_HAVE_TIME)
58 #include "mbedtls/platform_time.h"
59 #endif
60 #if defined(MBEDTLS_HAVE_TIME_DATE)
61 #include "mbedtls/platform_util.h"
62 #include <time.h>
63 #endif
64 
65 #define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
66 #define CHECK_RANGE(min, max, val)                      \
67     do                                                  \
68     {                                                   \
69         if( ( val ) < ( min ) || ( val ) > ( max ) )    \
70         {                                               \
71             return( ret );                              \
72         }                                               \
73     } while( 0 )
74 
75 /*
76  *  CertificateSerialNumber  ::=  INTEGER
77  */
mbedtls_x509_get_serial(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * serial)78 int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
79                      mbedtls_x509_buf *serial )
80 {
81     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
82 
83     if( ( end - *p ) < 1 )
84         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
85                 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
86 
87     if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
88         **p !=   MBEDTLS_ASN1_INTEGER )
89         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
90                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
91 
92     serial->tag = *(*p)++;
93 
94     if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
95         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, ret ) );
96 
97     serial->p = *p;
98     *p += serial->len;
99 
100     return( 0 );
101 }
102 
103 /* Get an algorithm identifier without parameters (eg for signatures)
104  *
105  *  AlgorithmIdentifier  ::=  SEQUENCE  {
106  *       algorithm               OBJECT IDENTIFIER,
107  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
108  */
mbedtls_x509_get_alg_null(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * alg)109 int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
110                        mbedtls_x509_buf *alg )
111 {
112     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
113 
114     if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
115         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
116 
117     return( 0 );
118 }
119 
120 /*
121  * Parse an algorithm identifier with (optional) parameters
122  */
mbedtls_x509_get_alg(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * alg,mbedtls_x509_buf * params)123 int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
124                   mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
125 {
126     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
127 
128     if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
129         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
130 
131     return( 0 );
132 }
133 
134 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
135 /*
136  * HashAlgorithm ::= AlgorithmIdentifier
137  *
138  * AlgorithmIdentifier  ::=  SEQUENCE  {
139  *      algorithm               OBJECT IDENTIFIER,
140  *      parameters              ANY DEFINED BY algorithm OPTIONAL  }
141  *
142  * For HashAlgorithm, parameters MUST be NULL or absent.
143  */
x509_get_hash_alg(const mbedtls_x509_buf * alg,mbedtls_md_type_t * md_alg)144 static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
145 {
146     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
147     unsigned char *p;
148     const unsigned char *end;
149     mbedtls_x509_buf md_oid;
150     size_t len;
151 
152     /* Make sure we got a SEQUENCE and setup bounds */
153     if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
154         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
155                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
156 
157     p = alg->p;
158     end = p + alg->len;
159 
160     if( p >= end )
161         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
162                 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
163 
164     /* Parse md_oid */
165     md_oid.tag = *p;
166 
167     if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
168         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
169 
170     md_oid.p = p;
171     p += md_oid.len;
172 
173     /* Get md_alg from md_oid */
174     if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
175         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
176 
177     /* Make sure params is absent of NULL */
178     if( p == end )
179         return( 0 );
180 
181     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
182         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
183 
184     if( p != end )
185         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
186                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
187 
188     return( 0 );
189 }
190 
191 /*
192  *    RSASSA-PSS-params  ::=  SEQUENCE  {
193  *       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
194  *       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
195  *       saltLength        [2] INTEGER DEFAULT 20,
196  *       trailerField      [3] INTEGER DEFAULT 1  }
197  *    -- Note that the tags in this Sequence are explicit.
198  *
199  * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
200  * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
201  * option. Enfore this at parsing time.
202  */
mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf * params,mbedtls_md_type_t * md_alg,mbedtls_md_type_t * mgf_md,int * salt_len)203 int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
204                                 mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
205                                 int *salt_len )
206 {
207     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
208     unsigned char *p;
209     const unsigned char *end, *end2;
210     size_t len;
211     mbedtls_x509_buf alg_id, alg_params;
212 
213     /* First set everything to defaults */
214     *md_alg = MBEDTLS_MD_SHA1;
215     *mgf_md = MBEDTLS_MD_SHA1;
216     *salt_len = 20;
217 
218     /* Make sure params is a SEQUENCE and setup bounds */
219     if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
220         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
221                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
222 
223     p = (unsigned char *) params->p;
224     end = p + params->len;
225 
226     if( p == end )
227         return( 0 );
228 
229     /*
230      * HashAlgorithm
231      */
232     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
233                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
234     {
235         end2 = p + len;
236 
237         /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
238         if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
239             return( ret );
240 
241         if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
242             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
243 
244         if( p != end2 )
245             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
246                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
247     }
248     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
249         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
250 
251     if( p == end )
252         return( 0 );
253 
254     /*
255      * MaskGenAlgorithm
256      */
257     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
258                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
259     {
260         end2 = p + len;
261 
262         /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
263         if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
264             return( ret );
265 
266         /* Only MFG1 is recognised for now */
267         if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
268             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
269                     MBEDTLS_ERR_OID_NOT_FOUND ) );
270 
271         /* Parse HashAlgorithm */
272         if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
273             return( ret );
274 
275         if( p != end2 )
276             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
277                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
278     }
279     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
280         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
281 
282     if( p == end )
283         return( 0 );
284 
285     /*
286      * salt_len
287      */
288     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
289                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
290     {
291         end2 = p + len;
292 
293         if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
294             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
295 
296         if( p != end2 )
297             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
298                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
299     }
300     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
301         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
302 
303     if( p == end )
304         return( 0 );
305 
306     /*
307      * trailer_field (if present, must be 1)
308      */
309     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
310                     MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
311     {
312         int trailer_field;
313 
314         end2 = p + len;
315 
316         if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
317             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
318 
319         if( p != end2 )
320             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
321                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
322 
323         if( trailer_field != 1 )
324             return( MBEDTLS_ERR_X509_INVALID_ALG );
325     }
326     else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
327         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
328 
329     if( p != end )
330         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
331                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
332 
333     return( 0 );
334 }
335 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
336 
337 /*
338  *  AttributeTypeAndValue ::= SEQUENCE {
339  *    type     AttributeType,
340  *    value    AttributeValue }
341  *
342  *  AttributeType ::= OBJECT IDENTIFIER
343  *
344  *  AttributeValue ::= ANY DEFINED BY AttributeType
345  */
x509_get_attr_type_value(unsigned char ** p,const unsigned char * end,mbedtls_x509_name * cur)346 static int x509_get_attr_type_value( unsigned char **p,
347                                      const unsigned char *end,
348                                      mbedtls_x509_name *cur )
349 {
350     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
351     size_t len;
352     mbedtls_x509_buf *oid;
353     mbedtls_x509_buf *val;
354 
355     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
356             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
357         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
358 
359     end = *p + len;
360 
361     if( ( end - *p ) < 1 )
362         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
363                 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
364 
365     oid = &cur->oid;
366     oid->tag = **p;
367 
368     if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
369         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
370 
371     oid->p = *p;
372     *p += oid->len;
373 
374     if( ( end - *p ) < 1 )
375         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
376                 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
377 
378     if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING      &&
379         **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
380         **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
381         **p != MBEDTLS_ASN1_BIT_STRING )
382         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
383                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
384 
385     val = &cur->val;
386     val->tag = *(*p)++;
387 
388     if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
389         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
390 
391     val->p = *p;
392     *p += val->len;
393 
394     if( *p != end )
395     {
396         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
397                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
398     }
399 
400     cur->next = NULL;
401 
402     return( 0 );
403 }
404 
405 /*
406  *  Name ::= CHOICE { -- only one possibility for now --
407  *       rdnSequence  RDNSequence }
408  *
409  *  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
410  *
411  *  RelativeDistinguishedName ::=
412  *    SET OF AttributeTypeAndValue
413  *
414  *  AttributeTypeAndValue ::= SEQUENCE {
415  *    type     AttributeType,
416  *    value    AttributeValue }
417  *
418  *  AttributeType ::= OBJECT IDENTIFIER
419  *
420  *  AttributeValue ::= ANY DEFINED BY AttributeType
421  *
422  * The data structure is optimized for the common case where each RDN has only
423  * one element, which is represented as a list of AttributeTypeAndValue.
424  * For the general case we still use a flat list, but we mark elements of the
425  * same set so that they are "merged" together in the functions that consume
426  * this list, eg mbedtls_x509_dn_gets().
427  */
mbedtls_x509_get_name(unsigned char ** p,const unsigned char * end,mbedtls_x509_name * cur)428 int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
429                    mbedtls_x509_name *cur )
430 {
431     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
432     size_t set_len;
433     const unsigned char *end_set;
434 
435     /* don't use recursion, we'd risk stack overflow if not optimized */
436     while( 1 )
437     {
438         /*
439          * parse SET
440          */
441         if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
442                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
443             return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
444 
445         end_set  = *p + set_len;
446 
447         while( 1 )
448         {
449             if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
450                 return( ret );
451 
452             if( *p == end_set )
453                 break;
454 
455             /* Mark this item as being no the only one in a set */
456             cur->next_merged = 1;
457 
458             cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
459 
460             if( cur->next == NULL )
461                 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
462 
463             cur = cur->next;
464         }
465 
466         /*
467          * continue until end of SEQUENCE is reached
468          */
469         if( *p == end )
470             return( 0 );
471 
472         cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
473 
474         if( cur->next == NULL )
475             return( MBEDTLS_ERR_X509_ALLOC_FAILED );
476 
477         cur = cur->next;
478     }
479 }
480 
x509_parse_int(unsigned char ** p,size_t n,int * res)481 static int x509_parse_int( unsigned char **p, size_t n, int *res )
482 {
483     *res = 0;
484 
485     for( ; n > 0; --n )
486     {
487         if( ( **p < '0') || ( **p > '9' ) )
488             return ( MBEDTLS_ERR_X509_INVALID_DATE );
489 
490         *res *= 10;
491         *res += ( *(*p)++ - '0' );
492     }
493 
494     return( 0 );
495 }
496 
x509_date_is_valid(const mbedtls_x509_time * t)497 static int x509_date_is_valid(const mbedtls_x509_time *t )
498 {
499     int ret = MBEDTLS_ERR_X509_INVALID_DATE;
500     int month_len;
501 
502     CHECK_RANGE( 0, 9999, t->year );
503     CHECK_RANGE( 0, 23,   t->hour );
504     CHECK_RANGE( 0, 59,   t->min  );
505     CHECK_RANGE( 0, 59,   t->sec  );
506 
507     switch( t->mon )
508     {
509         case 1: case 3: case 5: case 7: case 8: case 10: case 12:
510             month_len = 31;
511             break;
512         case 4: case 6: case 9: case 11:
513             month_len = 30;
514             break;
515         case 2:
516             if( ( !( t->year % 4 ) && t->year % 100 ) ||
517                 !( t->year % 400 ) )
518                 month_len = 29;
519             else
520                 month_len = 28;
521             break;
522         default:
523             return( ret );
524     }
525     CHECK_RANGE( 1, month_len, t->day );
526 
527     return( 0 );
528 }
529 
530 /*
531  * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
532  * field.
533  */
x509_parse_time(unsigned char ** p,size_t len,size_t yearlen,mbedtls_x509_time * tm)534 static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
535                             mbedtls_x509_time *tm )
536 {
537     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
538 
539     /*
540      * Minimum length is 10 or 12 depending on yearlen
541      */
542     if ( len < yearlen + 8 )
543         return ( MBEDTLS_ERR_X509_INVALID_DATE );
544     len -= yearlen + 8;
545 
546     /*
547      * Parse year, month, day, hour, minute
548      */
549     CHECK( x509_parse_int( p, yearlen, &tm->year ) );
550     if ( 2 == yearlen )
551     {
552         if ( tm->year < 50 )
553             tm->year += 100;
554 
555         tm->year += 1900;
556     }
557 
558     CHECK( x509_parse_int( p, 2, &tm->mon ) );
559     CHECK( x509_parse_int( p, 2, &tm->day ) );
560     CHECK( x509_parse_int( p, 2, &tm->hour ) );
561     CHECK( x509_parse_int( p, 2, &tm->min ) );
562 
563     /*
564      * Parse seconds if present
565      */
566     if ( len >= 2 )
567     {
568         CHECK( x509_parse_int( p, 2, &tm->sec ) );
569         len -= 2;
570     }
571     else
572         return ( MBEDTLS_ERR_X509_INVALID_DATE );
573 
574     /*
575      * Parse trailing 'Z' if present
576      */
577     if ( 1 == len && 'Z' == **p )
578     {
579         (*p)++;
580         len--;
581     }
582 
583     /*
584      * We should have parsed all characters at this point
585      */
586     if ( 0 != len )
587         return ( MBEDTLS_ERR_X509_INVALID_DATE );
588 
589     CHECK( x509_date_is_valid( tm ) );
590 
591     return ( 0 );
592 }
593 
594 /*
595  *  Time ::= CHOICE {
596  *       utcTime        UTCTime,
597  *       generalTime    GeneralizedTime }
598  */
mbedtls_x509_get_time(unsigned char ** p,const unsigned char * end,mbedtls_x509_time * tm)599 int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
600                            mbedtls_x509_time *tm )
601 {
602     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
603     size_t len, year_len;
604     unsigned char tag;
605 
606     if( ( end - *p ) < 1 )
607         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
608                 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
609 
610     tag = **p;
611 
612     if( tag == MBEDTLS_ASN1_UTC_TIME )
613         year_len = 2;
614     else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
615         year_len = 4;
616     else
617         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
618                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
619 
620     (*p)++;
621     ret = mbedtls_asn1_get_len( p, end, &len );
622 
623     if( ret != 0 )
624         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) );
625 
626     return x509_parse_time( p, len, year_len, tm );
627 }
628 
mbedtls_x509_get_sig(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * sig)629 int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
630 {
631     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
632     size_t len;
633     int tag_type;
634 
635     if( ( end - *p ) < 1 )
636         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE,
637                 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
638 
639     tag_type = **p;
640 
641     if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
642         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret ) );
643 
644     sig->tag = tag_type;
645     sig->len = len;
646     sig->p = *p;
647 
648     *p += len;
649 
650     return( 0 );
651 }
652 
653 /*
654  * Get signature algorithm from alg OID and optional parameters
655  */
mbedtls_x509_get_sig_alg(const mbedtls_x509_buf * sig_oid,const mbedtls_x509_buf * sig_params,mbedtls_md_type_t * md_alg,mbedtls_pk_type_t * pk_alg,void ** sig_opts)656 int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
657                       mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
658                       void **sig_opts )
659 {
660     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
661 
662     if( *sig_opts != NULL )
663         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
664 
665     if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
666         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret ) );
667 
668 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
669     if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
670     {
671         mbedtls_pk_rsassa_pss_options *pss_opts;
672 
673         pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
674         if( pss_opts == NULL )
675             return( MBEDTLS_ERR_X509_ALLOC_FAILED );
676 
677         ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
678                                           md_alg,
679                                           &pss_opts->mgf1_hash_id,
680                                           &pss_opts->expected_salt_len );
681         if( ret != 0 )
682         {
683             mbedtls_free( pss_opts );
684             return( ret );
685         }
686 
687         *sig_opts = (void *) pss_opts;
688     }
689     else
690 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
691     {
692         /* Make sure parameters are absent or NULL */
693         if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
694               sig_params->len != 0 )
695         return( MBEDTLS_ERR_X509_INVALID_ALG );
696     }
697 
698     return( 0 );
699 }
700 
701 /*
702  * X.509 Extensions (No parsing of extensions, pointer should
703  * be either manually updated or extensions should be parsed!)
704  */
mbedtls_x509_get_ext(unsigned char ** p,const unsigned char * end,mbedtls_x509_buf * ext,int tag)705 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
706                           mbedtls_x509_buf *ext, int tag )
707 {
708     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
709     size_t len;
710 
711     /* Extension structure use EXPLICIT tagging. That is, the actual
712      * `Extensions` structure is wrapped by a tag-length pair using
713      * the respective context-specific tag. */
714     ret = mbedtls_asn1_get_tag( p, end, &ext->len,
715               MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
716     if( ret != 0 )
717         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
718 
719     ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag;
720     ext->p   = *p;
721     end      = *p + ext->len;
722 
723     /*
724      * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
725      */
726     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
727             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
728         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
729 
730     if( end != *p + len )
731         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
732                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
733 
734     return( 0 );
735 }
736 
737 /*
738  * Store the name in printable form into buf; no more
739  * than size characters will be written
740  */
mbedtls_x509_dn_gets(char * buf,size_t size,const mbedtls_x509_name * dn)741 int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
742 {
743     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
744     size_t i, n;
745     unsigned char c, merge = 0;
746     const mbedtls_x509_name *name;
747     const char *short_name = NULL;
748     char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
749 
750     memset( s, 0, sizeof( s ) );
751 
752     name = dn;
753     p = buf;
754     n = size;
755 
756     while( name != NULL )
757     {
758         if( !name->oid.p )
759         {
760             name = name->next;
761             continue;
762         }
763 
764         if( name != dn )
765         {
766             ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
767             MBEDTLS_X509_SAFE_SNPRINTF;
768         }
769 
770         ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
771 
772         if( ret == 0 )
773             ret = mbedtls_snprintf( p, n, "%s=", short_name );
774         else
775             ret = mbedtls_snprintf( p, n, "\?\?=" );
776         MBEDTLS_X509_SAFE_SNPRINTF;
777 
778         for( i = 0; i < name->val.len; i++ )
779         {
780             if( i >= sizeof( s ) - 1 )
781                 break;
782 
783             c = name->val.p[i];
784             if( c < 32 || c >= 127 )
785                  s[i] = '?';
786             else s[i] = c;
787         }
788         s[i] = '\0';
789         ret = mbedtls_snprintf( p, n, "%s", s );
790         MBEDTLS_X509_SAFE_SNPRINTF;
791 
792         merge = name->next_merged;
793         name = name->next;
794     }
795 
796     return( (int) ( size - n ) );
797 }
798 
799 /*
800  * Store the serial in printable form into buf; no more
801  * than size characters will be written
802  */
mbedtls_x509_serial_gets(char * buf,size_t size,const mbedtls_x509_buf * serial)803 int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
804 {
805     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
806     size_t i, n, nr;
807     char *p;
808 
809     p = buf;
810     n = size;
811 
812     nr = ( serial->len <= 32 )
813         ? serial->len  : 28;
814 
815     for( i = 0; i < nr; i++ )
816     {
817         if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
818             continue;
819 
820         ret = mbedtls_snprintf( p, n, "%02X%s",
821                 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
822         MBEDTLS_X509_SAFE_SNPRINTF;
823     }
824 
825     if( nr != serial->len )
826     {
827         ret = mbedtls_snprintf( p, n, "...." );
828         MBEDTLS_X509_SAFE_SNPRINTF;
829     }
830 
831     return( (int) ( size - n ) );
832 }
833 
834 /*
835  * Helper for writing signature algorithms
836  */
mbedtls_x509_sig_alg_gets(char * buf,size_t size,const mbedtls_x509_buf * sig_oid,mbedtls_pk_type_t pk_alg,mbedtls_md_type_t md_alg,const void * sig_opts)837 int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
838                        mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
839                        const void *sig_opts )
840 {
841     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
842     char *p = buf;
843     size_t n = size;
844     const char *desc = NULL;
845 
846     ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
847     if( ret != 0 )
848         ret = mbedtls_snprintf( p, n, "???"  );
849     else
850         ret = mbedtls_snprintf( p, n, "%s", desc );
851     MBEDTLS_X509_SAFE_SNPRINTF;
852 
853 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
854     if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
855     {
856         const mbedtls_pk_rsassa_pss_options *pss_opts;
857         const mbedtls_md_info_t *md_info, *mgf_md_info;
858 
859         pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
860 
861         md_info = mbedtls_md_info_from_type( md_alg );
862         mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
863 
864         ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
865                               md_info ? mbedtls_md_get_name( md_info ) : "???",
866                               mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
867                               (unsigned int) pss_opts->expected_salt_len );
868         MBEDTLS_X509_SAFE_SNPRINTF;
869     }
870 #else
871     ((void) pk_alg);
872     ((void) md_alg);
873     ((void) sig_opts);
874 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
875 
876     return( (int)( size - n ) );
877 }
878 
879 /*
880  * Helper for writing "RSA key size", "EC key size", etc
881  */
mbedtls_x509_key_size_helper(char * buf,size_t buf_size,const char * name)882 int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
883 {
884     char *p = buf;
885     size_t n = buf_size;
886     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
887 
888     ret = mbedtls_snprintf( p, n, "%s key size", name );
889     MBEDTLS_X509_SAFE_SNPRINTF;
890 
891     return( 0 );
892 }
893 
894 #if defined(MBEDTLS_HAVE_TIME_DATE)
895 /*
896  * Set the time structure to the current time.
897  * Return 0 on success, non-zero on failure.
898  */
x509_get_current_time(mbedtls_x509_time * now)899 static int x509_get_current_time( mbedtls_x509_time *now )
900 {
901     struct tm *lt, tm_buf;
902     mbedtls_time_t tt;
903     int ret = 0;
904 
905     tt = mbedtls_time( NULL );
906     lt = mbedtls_platform_gmtime_r( &tt, &tm_buf );
907 
908     if( lt == NULL )
909         ret = -1;
910     else
911     {
912         now->year = lt->tm_year + 1900;
913         now->mon  = lt->tm_mon  + 1;
914         now->day  = lt->tm_mday;
915         now->hour = lt->tm_hour;
916         now->min  = lt->tm_min;
917         now->sec  = lt->tm_sec;
918     }
919 
920     return( ret );
921 }
922 
923 /*
924  * Return 0 if before <= after, 1 otherwise
925  */
x509_check_time(const mbedtls_x509_time * before,const mbedtls_x509_time * after)926 static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
927 {
928     if( before->year  > after->year )
929         return( 1 );
930 
931     if( before->year == after->year &&
932         before->mon   > after->mon )
933         return( 1 );
934 
935     if( before->year == after->year &&
936         before->mon  == after->mon  &&
937         before->day   > after->day )
938         return( 1 );
939 
940     if( before->year == after->year &&
941         before->mon  == after->mon  &&
942         before->day  == after->day  &&
943         before->hour  > after->hour )
944         return( 1 );
945 
946     if( before->year == after->year &&
947         before->mon  == after->mon  &&
948         before->day  == after->day  &&
949         before->hour == after->hour &&
950         before->min   > after->min  )
951         return( 1 );
952 
953     if( before->year == after->year &&
954         before->mon  == after->mon  &&
955         before->day  == after->day  &&
956         before->hour == after->hour &&
957         before->min  == after->min  &&
958         before->sec   > after->sec  )
959         return( 1 );
960 
961     return( 0 );
962 }
963 
mbedtls_x509_time_is_past(const mbedtls_x509_time * to)964 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
965 {
966     mbedtls_x509_time now;
967 
968     if( x509_get_current_time( &now ) != 0 )
969         return( 1 );
970 
971     return( x509_check_time( &now, to ) );
972 }
973 
mbedtls_x509_time_is_future(const mbedtls_x509_time * from)974 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
975 {
976     mbedtls_x509_time now;
977 
978     if( x509_get_current_time( &now ) != 0 )
979         return( 1 );
980 
981     return( x509_check_time( from, &now ) );
982 }
983 
984 #else  /* MBEDTLS_HAVE_TIME_DATE */
985 
mbedtls_x509_time_is_past(const mbedtls_x509_time * to)986 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
987 {
988     ((void) to);
989     return( 0 );
990 }
991 
mbedtls_x509_time_is_future(const mbedtls_x509_time * from)992 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
993 {
994     ((void) from);
995     return( 0 );
996 }
997 #endif /* MBEDTLS_HAVE_TIME_DATE */
998 
999 #if defined(MBEDTLS_SELF_TEST)
1000 
1001 #include "mbedtls/x509_crt.h"
1002 #include "mbedtls/certs.h"
1003 
1004 /*
1005  * Checkup routine
1006  */
mbedtls_x509_self_test(int verbose)1007 int mbedtls_x509_self_test( int verbose )
1008 {
1009     int ret = 0;
1010 #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
1011     uint32_t flags;
1012     mbedtls_x509_crt cacert;
1013     mbedtls_x509_crt clicert;
1014 
1015     if( verbose != 0 )
1016         mbedtls_printf( "  X.509 certificate load: " );
1017 
1018     mbedtls_x509_crt_init( &cacert );
1019     mbedtls_x509_crt_init( &clicert );
1020 
1021     ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
1022                            mbedtls_test_cli_crt_len );
1023     if( ret != 0 )
1024     {
1025         if( verbose != 0 )
1026             mbedtls_printf( "failed\n" );
1027 
1028         goto cleanup;
1029     }
1030 
1031     ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
1032                           mbedtls_test_ca_crt_len );
1033     if( ret != 0 )
1034     {
1035         if( verbose != 0 )
1036             mbedtls_printf( "failed\n" );
1037 
1038         goto cleanup;
1039     }
1040 
1041     if( verbose != 0 )
1042         mbedtls_printf( "passed\n  X.509 signature verify: ");
1043 
1044     ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
1045     if( ret != 0 )
1046     {
1047         if( verbose != 0 )
1048             mbedtls_printf( "failed\n" );
1049 
1050         goto cleanup;
1051     }
1052 
1053     if( verbose != 0 )
1054         mbedtls_printf( "passed\n\n");
1055 
1056 cleanup:
1057     mbedtls_x509_crt_free( &cacert  );
1058     mbedtls_x509_crt_free( &clicert );
1059 #else
1060     ((void) verbose);
1061 #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
1062     return( ret );
1063 }
1064 
1065 #endif /* MBEDTLS_SELF_TEST */
1066 
1067 #endif /* MBEDTLS_X509_USE_C */
1068