You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

axtls_asn1.c 21KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867
  1. /*
  2. * Copyright(C) 2006 Cameron Rich
  3. *
  4. * This library is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU Lesser General Public License as published by
  6. * the Free Software Foundation; either version 2.1 of the License, or
  7. * (at your option) any later version.
  8. *
  9. * This library is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU Lesser General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU Lesser General Public License
  15. * along with this library; if not, write to the Free Software
  16. * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  17. */
  18. /**
  19. * @file asn1.c
  20. *
  21. * Some primitive asn methods for extraction rsa modulus information. It also
  22. * is used for retrieving information from X.509 certificates.
  23. */
  24. #include <stdio.h>
  25. #include <stdlib.h>
  26. #include <string.h>
  27. #include <time.h>
  28. #include "crypto.h"
  29. #define SIG_OID_PREFIX_SIZE 8
  30. #define SIG_TYPE_MD2 0x02
  31. #define SIG_TYPE_MD5 0x04
  32. #define SIG_TYPE_SHA1 0x05
  33. /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
  34. static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
  35. {
  36. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
  37. };
  38. /* CN, O, OU */
  39. static const uint8_t g_dn_types[] = { 3, 10, 11 };
  40. static int get_asn1_length(const uint8_t *buf, int *offset)
  41. {
  42. int len, i;
  43. if (!(buf[*offset] & 0x80)) /* short form */
  44. {
  45. len = buf[(*offset)++];
  46. }
  47. else /* long form */
  48. {
  49. int length_bytes = buf[(*offset)++]&0x7f;
  50. len = 0;
  51. for (i = 0; i < length_bytes; i++)
  52. {
  53. len <<= 8;
  54. len += buf[(*offset)++];
  55. }
  56. }
  57. return len;
  58. }
  59. /**
  60. * Skip the ASN1.1 object type and its length. Get ready to read the object's
  61. * data.
  62. */
  63. int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
  64. {
  65. if (buf[*offset] != obj_type)
  66. return X509_NOT_OK;
  67. (*offset)++;
  68. return get_asn1_length(buf, offset);
  69. }
  70. /**
  71. * Skip over an ASN.1 object type completely. Get ready to read the next
  72. * object.
  73. */
  74. int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
  75. {
  76. int len;
  77. if (buf[*offset] != obj_type)
  78. return X509_NOT_OK;
  79. (*offset)++;
  80. len = get_asn1_length(buf, offset);
  81. *offset += len;
  82. return 0;
  83. }
  84. /**
  85. * Read an integer value for ASN.1 data
  86. * Note: This function allocates memory which must be freed by the user.
  87. */
  88. int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
  89. {
  90. int len;
  91. if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
  92. goto end_int_array;
  93. *object = (uint8_t *)malloc(len);
  94. memcpy(*object, &buf[*offset], len);
  95. *offset += len;
  96. end_int_array:
  97. return len;
  98. }
  99. #if 0
  100. /**
  101. * Get all the RSA private key specifics from an ASN.1 encoded file
  102. */
  103. int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
  104. {
  105. int offset = 7;
  106. uint8_t *modulus, *priv_exp, *pub_exp;
  107. int mod_len, priv_len, pub_len;
  108. #ifdef CONFIG_BIGINT_CRT
  109. uint8_t *p, *q, *dP, *dQ, *qInv;
  110. int p_len, q_len, dP_len, dQ_len, qInv_len;
  111. #endif
  112. /* not in der format */
  113. if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
  114. {
  115. #ifdef CONFIG_SSL_FULL_MODE
  116. printf("Error: This is not a valid ASN.1 file\n");
  117. #endif
  118. return X509_INVALID_PRIV_KEY;
  119. }
  120. /* initialise the RNG */
  121. RNG_initialize(buf, len);
  122. mod_len = asn1_get_int(buf, &offset, &modulus);
  123. pub_len = asn1_get_int(buf, &offset, &pub_exp);
  124. priv_len = asn1_get_int(buf, &offset, &priv_exp);
  125. if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
  126. return X509_INVALID_PRIV_KEY;
  127. #ifdef CONFIG_BIGINT_CRT
  128. p_len = asn1_get_int(buf, &offset, &p);
  129. q_len = asn1_get_int(buf, &offset, &q);
  130. dP_len = asn1_get_int(buf, &offset, &dP);
  131. dQ_len = asn1_get_int(buf, &offset, &dQ);
  132. qInv_len = asn1_get_int(buf, &offset, &qInv);
  133. if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
  134. return X509_INVALID_PRIV_KEY;
  135. RSA_priv_key_new(rsa_ctx,
  136. modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
  137. p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
  138. free(p);
  139. free(q);
  140. free(dP);
  141. free(dQ);
  142. free(qInv);
  143. #else
  144. RSA_priv_key_new(rsa_ctx,
  145. modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
  146. #endif
  147. free(modulus);
  148. free(priv_exp);
  149. free(pub_exp);
  150. return X509_OK;
  151. }
  152. /**
  153. * Get the time of a certificate. Ignore hours/minutes/seconds.
  154. */
  155. static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
  156. {
  157. int ret = X509_NOT_OK, len, t_offset;
  158. struct tm tm;
  159. if (buf[(*offset)++] != ASN1_UTC_TIME)
  160. goto end_utc_time;
  161. len = get_asn1_length(buf, offset);
  162. t_offset = *offset;
  163. memset(&tm, 0, sizeof(struct tm));
  164. tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
  165. if (tm.tm_year <= 50) /* 1951-2050 thing */
  166. {
  167. tm.tm_year += 100;
  168. }
  169. tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
  170. tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
  171. *t = mktime(&tm);
  172. *offset += len;
  173. ret = X509_OK;
  174. end_utc_time:
  175. return ret;
  176. }
  177. /**
  178. * Get the version type of a certificate (which we don't actually care about)
  179. */
  180. static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  181. {
  182. int ret = X509_NOT_OK;
  183. (*offset) += 2; /* get past explicit tag */
  184. if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
  185. goto end_version;
  186. ret = X509_OK;
  187. end_version:
  188. return ret;
  189. }
  190. /**
  191. * Retrieve the notbefore and notafter certificate times.
  192. */
  193. static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  194. {
  195. return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
  196. asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
  197. asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
  198. }
  199. /**
  200. * Get the components of a distinguished name
  201. */
  202. static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
  203. {
  204. int dn_type = 0;
  205. int len;
  206. if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
  207. goto end_oid;
  208. /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name
  209. components we are interested in. */
  210. if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
  211. dn_type = buf[(*offset)++];
  212. else
  213. {
  214. *offset += len; /* skip over it */
  215. }
  216. end_oid:
  217. return dn_type;
  218. }
  219. /**
  220. * Obtain an ASN.1 printable string type.
  221. */
  222. static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
  223. {
  224. int len = X509_NOT_OK;
  225. /* some certs have this awful crud in them for some reason */
  226. if (buf[*offset] != ASN1_PRINTABLE_STR &&
  227. buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR)
  228. goto end_pnt_str;
  229. (*offset)++;
  230. len = get_asn1_length(buf, offset);
  231. *str = (char *)malloc(len+1); /* allow for null */
  232. memcpy(*str, &buf[*offset], len);
  233. (*str)[len] = 0; /* null terminate */
  234. *offset += len;
  235. end_pnt_str:
  236. return len;
  237. }
  238. /**
  239. * Get the subject name (or the issuer) of a certificate.
  240. */
  241. static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
  242. {
  243. int ret = X509_NOT_OK;
  244. int dn_type;
  245. char *tmp = NULL;
  246. if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
  247. goto end_name;
  248. while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
  249. {
  250. int i, found = 0;
  251. if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
  252. (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
  253. goto end_name;
  254. if (asn1_get_printable_str(cert, offset, &tmp) < 0)
  255. {
  256. free(tmp);
  257. goto end_name;
  258. }
  259. /* find the distinguished named type */
  260. for (i = 0; i < X509_NUM_DN_TYPES; i++)
  261. {
  262. if (dn_type == g_dn_types[i])
  263. {
  264. if (dn[i] == NULL)
  265. {
  266. dn[i] = tmp;
  267. found = 1;
  268. break;
  269. }
  270. }
  271. }
  272. if (found == 0) /* not found so get rid of it */
  273. {
  274. free(tmp);
  275. }
  276. }
  277. ret = X509_OK;
  278. end_name:
  279. return ret;
  280. }
  281. /**
  282. * Read the modulus and public exponent of a certificate.
  283. */
  284. static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  285. {
  286. int ret = X509_NOT_OK, mod_len, pub_len;
  287. uint8_t *modulus, *pub_exp;
  288. if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
  289. asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
  290. asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
  291. goto end_pub_key;
  292. (*offset)++;
  293. if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
  294. goto end_pub_key;
  295. mod_len = asn1_get_int(cert, offset, &modulus);
  296. pub_len = asn1_get_int(cert, offset, &pub_exp);
  297. RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
  298. free(modulus);
  299. free(pub_exp);
  300. ret = X509_OK;
  301. end_pub_key:
  302. return ret;
  303. }
  304. #ifdef CONFIG_SSL_CERT_VERIFICATION
  305. /**
  306. * Read the signature of the certificate.
  307. */
  308. static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  309. {
  310. int ret = X509_NOT_OK;
  311. if (cert[(*offset)++] != ASN1_BIT_STRING)
  312. goto end_sig;
  313. x509_ctx->sig_len = get_asn1_length(cert, offset);
  314. x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
  315. memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
  316. *offset += x509_ctx->sig_len;
  317. ret = X509_OK;
  318. end_sig:
  319. return ret;
  320. }
  321. /*
  322. * Compare 2 distinguished name components for equality
  323. * @return 0 if a match
  324. */
  325. static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
  326. {
  327. int ret = 1;
  328. if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
  329. ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
  330. err_no_match:
  331. return ret;
  332. }
  333. /**
  334. * Clean up all of the CA certificates.
  335. */
  336. void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
  337. {
  338. int i = 0;
  339. while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
  340. {
  341. x509_free(ca_cert_ctx->cert[i]);
  342. ca_cert_ctx->cert[i++] = NULL;
  343. }
  344. free(ca_cert_ctx);
  345. }
  346. /*
  347. * Compare 2 distinguished names for equality
  348. * @return 0 if a match
  349. */
  350. static int asn1_compare_dn(char * const dn1[], char * const dn2[])
  351. {
  352. int i;
  353. for (i = 0; i < X509_NUM_DN_TYPES; i++)
  354. {
  355. if (asn1_compare_dn_comp(dn1[i], dn2[i]))
  356. {
  357. return 1;
  358. }
  359. }
  360. return 0; /* all good */
  361. }
  362. /**
  363. * Retrieve the signature from a certificate.
  364. */
  365. const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
  366. {
  367. int offset = 0;
  368. const uint8_t *ptr = NULL;
  369. if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 ||
  370. asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
  371. goto end_get_sig;
  372. if (asn1_sig[offset++] != ASN1_OCTET_STRING)
  373. goto end_get_sig;
  374. *len = get_asn1_length(asn1_sig, &offset);
  375. ptr = &asn1_sig[offset]; /* all ok */
  376. end_get_sig:
  377. return ptr;
  378. }
  379. #endif
  380. /**
  381. * Read the signature type of the certificate. We only support RSA-MD5 and
  382. * RSA-SHA1 signature types.
  383. */
  384. static int asn1_signature_type(const uint8_t *cert,
  385. int *offset, X509_CTX *x509_ctx)
  386. {
  387. int ret = X509_NOT_OK, len;
  388. if (cert[(*offset)++] != ASN1_OID)
  389. goto end_check_sig;
  390. len = get_asn1_length(cert, offset);
  391. if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
  392. goto end_check_sig; /* unrecognised cert type */
  393. x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
  394. *offset += len;
  395. if (asn1_skip_obj(cert, offset, ASN1_NULL))
  396. goto end_check_sig;
  397. ret = X509_OK;
  398. end_check_sig:
  399. return ret;
  400. }
  401. /**
  402. * Construct a new x509 object.
  403. * @return 0 if ok. < 0 if there was a problem.
  404. */
  405. int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
  406. {
  407. int begin_tbs, end_tbs;
  408. int ret = X509_NOT_OK, offset = 0, cert_size = 0;
  409. X509_CTX *x509_ctx;
  410. BI_CTX *bi_ctx;
  411. *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
  412. x509_ctx = *ctx;
  413. /* get the certificate size */
  414. asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE);
  415. if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
  416. goto end_cert;
  417. begin_tbs = offset; /* start of the tbs */
  418. end_tbs = begin_tbs; /* work out the end of the tbs */
  419. asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
  420. if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
  421. goto end_cert;
  422. if (cert[offset] == ASN1_EXPLICIT_TAG) /* optional version */
  423. {
  424. if (asn1_version(cert, &offset, x509_ctx))
  425. goto end_cert;
  426. }
  427. if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */
  428. asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
  429. goto end_cert;
  430. /* make sure the signature is ok */
  431. if (asn1_signature_type(cert, &offset, x509_ctx))
  432. {
  433. ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
  434. goto end_cert;
  435. }
  436. if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) ||
  437. asn1_validity(cert, &offset, x509_ctx) ||
  438. asn1_name(cert, &offset, x509_ctx->cert_dn) ||
  439. asn1_public_key(cert, &offset, x509_ctx))
  440. goto end_cert;
  441. bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
  442. #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
  443. /* use the appropriate signature algorithm (either SHA1 or MD5) */
  444. if (x509_ctx->sig_type == SIG_TYPE_MD5)
  445. {
  446. MD5_CTX md5_ctx;
  447. uint8_t md5_dgst[MD5_SIZE];
  448. MD5Init(&md5_ctx);
  449. MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
  450. MD5Final(&md5_ctx, md5_dgst);
  451. x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
  452. }
  453. else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
  454. {
  455. SHA1_CTX sha_ctx;
  456. uint8_t sha_dgst[SHA1_SIZE];
  457. SHA1Init(&sha_ctx);
  458. SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
  459. SHA1Final(&sha_ctx, sha_dgst);
  460. x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
  461. }
  462. offset = end_tbs; /* skip the v3 data */
  463. if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
  464. asn1_signature(cert, &offset, x509_ctx))
  465. goto end_cert;
  466. #endif
  467. if (len)
  468. {
  469. *len = cert_size;
  470. }
  471. ret = X509_OK;
  472. end_cert:
  473. #ifdef CONFIG_SSL_FULL_MODE
  474. if (ret)
  475. {
  476. printf("Error: Invalid X509 ASN.1 file\n");
  477. }
  478. #endif
  479. return ret;
  480. }
  481. /**
  482. * Free an X.509 object's resources.
  483. */
  484. void x509_free(X509_CTX *x509_ctx)
  485. {
  486. X509_CTX *next;
  487. int i;
  488. if (x509_ctx == NULL) /* if already null, then don't bother */
  489. return;
  490. for (i = 0; i < X509_NUM_DN_TYPES; i++)
  491. {
  492. free(x509_ctx->ca_cert_dn[i]);
  493. free(x509_ctx->cert_dn[i]);
  494. }
  495. free(x509_ctx->signature);
  496. #ifdef CONFIG_SSL_CERT_VERIFICATION
  497. if (x509_ctx->digest)
  498. {
  499. bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
  500. }
  501. #endif
  502. RSA_free(x509_ctx->rsa_ctx);
  503. next = x509_ctx->next;
  504. free(x509_ctx);
  505. x509_free(next); /* clear the chain */
  506. }
  507. #ifdef CONFIG_SSL_CERT_VERIFICATION
  508. /**
  509. * Do some basic checks on the certificate chain.
  510. *
  511. * Certificate verification consists of a number of checks:
  512. * - A root certificate exists in the certificate store.
  513. * - The date of the certificate is after the start date.
  514. * - The date of the certificate is before the finish date.
  515. * - The certificate chain is valid.
  516. * - That the certificate(s) are not self-signed.
  517. * - The signature of the certificate is valid.
  518. */
  519. int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
  520. {
  521. int ret = X509_OK, i = 0;
  522. bigint *cert_sig;
  523. X509_CTX *next_cert = NULL;
  524. BI_CTX *ctx;
  525. bigint *mod, *expn;
  526. struct timeval tv;
  527. int match_ca_cert = 0;
  528. if (cert == NULL || ca_cert_ctx == NULL)
  529. {
  530. ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
  531. goto end_verify;
  532. }
  533. /* last cert in the chain - look for a trusted cert */
  534. if (cert->next == NULL)
  535. {
  536. while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
  537. {
  538. if (asn1_compare_dn(cert->ca_cert_dn,
  539. ca_cert_ctx->cert[i]->cert_dn) == 0)
  540. {
  541. match_ca_cert = 1;
  542. break;
  543. }
  544. i++;
  545. }
  546. if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
  547. {
  548. next_cert = ca_cert_ctx->cert[i];
  549. }
  550. else /* trusted cert not found */
  551. {
  552. ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
  553. goto end_verify;
  554. }
  555. }
  556. else
  557. {
  558. next_cert = cert->next;
  559. }
  560. gettimeofday(&tv, NULL);
  561. /* check the not before date */
  562. if (tv.tv_sec < cert->not_before)
  563. {
  564. ret = X509_VFY_ERROR_NOT_YET_VALID;
  565. goto end_verify;
  566. }
  567. /* check the not after date */
  568. if (tv.tv_sec > cert->not_after)
  569. {
  570. ret = X509_VFY_ERROR_EXPIRED;
  571. goto end_verify;
  572. }
  573. /* check the chain integrity */
  574. if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
  575. {
  576. ret = X509_VFY_ERROR_INVALID_CHAIN;
  577. goto end_verify;
  578. }
  579. /* check for self-signing */
  580. if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
  581. {
  582. ret = X509_VFY_ERROR_SELF_SIGNED;
  583. goto end_verify;
  584. }
  585. /* check the signature */
  586. ctx = cert->rsa_ctx->bi_ctx;
  587. mod = next_cert->rsa_ctx->m;
  588. expn = next_cert->rsa_ctx->e;
  589. cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len,
  590. bi_clone(ctx, mod), bi_clone(ctx, expn));
  591. if (cert_sig)
  592. {
  593. ret = cert->digest ? /* check the signature */
  594. bi_compare(cert_sig, cert->digest) :
  595. X509_VFY_ERROR_UNSUPPORTED_DIGEST;
  596. bi_free(ctx, cert_sig);
  597. if (ret)
  598. goto end_verify;
  599. }
  600. else
  601. {
  602. ret = X509_VFY_ERROR_BAD_SIGNATURE;
  603. goto end_verify;
  604. }
  605. /* go down the certificate chain using recursion. */
  606. if (ret == 0 && cert->next)
  607. {
  608. ret = x509_verify(ca_cert_ctx, next_cert);
  609. }
  610. end_verify:
  611. return ret;
  612. }
  613. #endif
  614. #if defined (CONFIG_SSL_FULL_MODE)
  615. /**
  616. * Used for diagnostics.
  617. */
  618. void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
  619. {
  620. if (cert == NULL)
  621. return;
  622. printf("---------------- CERT DEBUG ----------------\n");
  623. printf("* CA Cert Distinguished Name\n");
  624. if (cert->ca_cert_dn[X509_COMMON_NAME])
  625. {
  626. printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
  627. }
  628. if (cert->ca_cert_dn[X509_ORGANIZATION])
  629. {
  630. printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
  631. }
  632. if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
  633. {
  634. printf("Organizational Unit (OU): %s\n",
  635. cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
  636. }
  637. printf("* Cert Distinguished Name\n");
  638. if (cert->cert_dn[X509_COMMON_NAME])
  639. {
  640. printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
  641. }
  642. if (cert->cert_dn[X509_ORGANIZATION])
  643. {
  644. printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
  645. }
  646. if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
  647. {
  648. printf("Organizational Unit (OU): %s\n",
  649. cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
  650. }
  651. printf("Not Before:\t\t%s", ctime(&cert->not_before));
  652. printf("Not After:\t\t%s", ctime(&cert->not_after));
  653. printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
  654. printf("Sig Type:\t\t");
  655. switch (cert->sig_type)
  656. {
  657. case SIG_TYPE_MD5:
  658. printf("MD5\n");
  659. break;
  660. case SIG_TYPE_SHA1:
  661. printf("SHA1\n");
  662. break;
  663. case SIG_TYPE_MD2:
  664. printf("MD2\n");
  665. break;
  666. default:
  667. printf("Unrecognized: %d\n", cert->sig_type);
  668. break;
  669. }
  670. printf("Verify:\t\t\t");
  671. if (ca_cert_ctx)
  672. {
  673. x509_display_error(x509_verify(ca_cert_ctx, cert));
  674. }
  675. printf("\n");
  676. #if 0
  677. print_blob("Signature", cert->signature, cert->sig_len);
  678. bi_print("Modulus", cert->rsa_ctx->m);
  679. bi_print("Pub Exp", cert->rsa_ctx->e);
  680. #endif
  681. if (ca_cert_ctx)
  682. {
  683. x509_print(ca_cert_ctx, cert->next);
  684. }
  685. }
  686. void x509_display_error(int error)
  687. {
  688. switch (error)
  689. {
  690. case X509_NOT_OK:
  691. printf("X509 not ok");
  692. break;
  693. case X509_VFY_ERROR_NO_TRUSTED_CERT:
  694. printf("No trusted cert is available");
  695. break;
  696. case X509_VFY_ERROR_BAD_SIGNATURE:
  697. printf("Bad signature");
  698. break;
  699. case X509_VFY_ERROR_NOT_YET_VALID:
  700. printf("Cert is not yet valid");
  701. break;
  702. case X509_VFY_ERROR_EXPIRED:
  703. printf("Cert has expired");
  704. break;
  705. case X509_VFY_ERROR_SELF_SIGNED:
  706. printf("Cert is self-signed");
  707. break;
  708. case X509_VFY_ERROR_INVALID_CHAIN:
  709. printf("Chain is invalid (check order of certs)");
  710. break;
  711. case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
  712. printf("Unsupported digest");
  713. break;
  714. case X509_INVALID_PRIV_KEY:
  715. printf("Invalid private key");
  716. break;
  717. }
  718. }
  719. #endif /* CONFIG_SSL_FULL_MODE */
  720. #endif