2
* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
3
* Software Foundation, Inc.
5
* Author: Nikos Mavrogiannopoulos
7
* This file is part of GnuTLS.
9
* The GnuTLS is free software; you can redistribute it and/or
10
* modify it under the terms of the GNU Lesser General Public License
11
* as published by the Free Software Foundation; either version 2.1 of
12
* the License, or (at your option) any later version.
14
* This library is distributed in the hope that it will be useful, but
15
* WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17
* Lesser General Public License for more details.
19
* You should have received a copy of the GNU Lesser General Public
20
* License along with this library; if not, write to the Free Software
21
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26
/* All functions which relate to X.509 certificate verification stuff are
30
#include <gnutls_int.h>
31
#include <gnutls_errors.h>
32
#include <gnutls_cert.h>
34
#include <gnutls_global.h>
35
#include <gnutls_num.h> /* MAX */
36
#include <gnutls_sig.h>
37
#include <gnutls_str.h>
38
#include <gnutls_datum.h>
42
static int _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
43
const gnutls_x509_crt_t * trusted_cas,
44
int tcas_size, unsigned int flags,
46
gnutls_x509_crt_t * issuer);
48
static int is_crl_issuer (gnutls_x509_crl_t crl,
49
gnutls_x509_crt_t issuer_cert);
51
static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
52
const gnutls_x509_crt_t * trusted_cas,
53
int tcas_size, unsigned int flags,
54
unsigned int *output);
56
/* Checks if two certs are identical. Return 0 on match. */
58
check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
60
gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin =
64
opaque serial1[128], serial2[128];
65
size_t serial1_size, serial2_size;
67
serial1_size = sizeof (serial1);
68
result = gnutls_x509_crt_get_serial (cert1, serial1, &serial1_size);
75
serial2_size = sizeof (serial2);
76
result = gnutls_x509_crt_get_serial (cert2, serial2, &serial2_size);
83
if (serial2_size != serial1_size
84
|| memcmp (serial1, serial2, serial1_size) != 0)
90
result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0);
97
result = _gnutls_x509_der_encode (cert2->cert, "", &cert2bin, 0);
104
if ((cert1bin.size == cert2bin.size) &&
105
(memcmp (cert1bin.data, cert2bin.data, cert1bin.size) == 0))
111
_gnutls_free_datum (&cert1bin);
112
_gnutls_free_datum (&cert2bin);
116
/* Checks if the issuer of a certificate is a
117
* Certificate Authority, or if the certificate is the same
118
* as the issuer (and therefore it doesn't need to be a CA).
120
* Returns true or false, if the issuer is a CA,
124
check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
127
gnutls_datum_t cert_signed_data = { NULL, 0 };
128
gnutls_datum_t issuer_signed_data = { NULL, 0 };
129
gnutls_datum_t cert_signature = { NULL, 0 };
130
gnutls_datum_t issuer_signature = { NULL, 0 };
133
/* Check if the issuer is the same with the
134
* certificate. This is added in order for trusted
135
* certificates to be able to verify themselves.
139
_gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate",
140
&issuer_signed_data);
148
_gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
157
_gnutls_x509_get_signature (issuer->cert, "signature", &issuer_signature);
165
_gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
172
/* If the subject certificate is the same as the issuer
175
if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
176
if (cert_signed_data.size == issuer_signed_data.size)
178
if ((memcmp (cert_signed_data.data, issuer_signed_data.data,
179
cert_signed_data.size) == 0) &&
180
(cert_signature.size == issuer_signature.size) &&
181
(memcmp (cert_signature.data, issuer_signature.data,
182
cert_signature.size) == 0))
189
result = gnutls_x509_crt_get_ca_status (issuer, NULL);
195
/* Handle V1 CAs that do not have a basicConstraint, but accept
196
these certs only if the appropriate flags are set. */
197
else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
198
((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
199
(!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
200
(gnutls_x509_crt_check_issuer (issuer, issuer) == 1))))
212
_gnutls_free_datum (&cert_signed_data);
213
_gnutls_free_datum (&issuer_signed_data);
214
_gnutls_free_datum (&cert_signature);
215
_gnutls_free_datum (&issuer_signature);
220
/* This function checks if 'certs' issuer is 'issuer_cert'.
221
* This does a straight (DER) compare of the issuer/subject fields in
222
* the given certificates.
224
* Returns 1 if they match and zero if they don't match. Otherwise
225
* a negative value is returned to indicate error.
228
is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert)
230
gnutls_datum_t dn1 = { NULL, 0 },
238
ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn1);
245
ret = gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2);
252
ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
256
/* check if the authority key identifier matches the subject key identifier
258
id1_size = sizeof(id1);
260
ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL);
267
id2_size = sizeof(id2);
268
ret = gnutls_x509_crt_get_subject_key_id(issuer_cert, id2, &id2_size, NULL);
276
if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0)
283
_gnutls_free_datum (&dn1);
284
_gnutls_free_datum (&dn2);
290
static inline gnutls_x509_crt_t
291
find_issuer (gnutls_x509_crt_t cert,
292
const gnutls_x509_crt_t * trusted_cas, int tcas_size)
296
/* this is serial search.
299
for (i = 0; i < tcas_size; i++)
301
if (is_issuer (cert, trusted_cas[i]) == 1)
302
return trusted_cas[i];
312
* Verifies the given certificate again a certificate list of
315
* Returns only 0 or 1. If 1 it means that the certificate
316
* was successfuly verified.
318
* 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
320
* Output will hold some extra information about the verification
321
* procedure. Issuer will hold the actual issuer from the trusted list.
324
_gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
325
const gnutls_x509_crt_t * trusted_cas,
326
int tcas_size, unsigned int flags,
327
unsigned int *output,
328
gnutls_x509_crt_t * _issuer)
330
gnutls_datum_t cert_signed_data = { NULL, 0 };
331
gnutls_datum_t cert_signature = { NULL, 0 };
332
gnutls_x509_crt_t issuer = NULL;
333
int issuer_version, result;
339
issuer = find_issuer (cert, trusted_cas, tcas_size);
344
*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
348
/* issuer is not in trusted certificate
354
*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
362
issuer_version = gnutls_x509_crt_get_version (issuer);
363
if (issuer_version < 0)
366
return issuer_version;
369
if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
370
((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
371
|| issuer_version != 1))
373
if (check_if_ca (cert, issuer, flags) == 0)
377
*output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
383
_gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
392
_gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
400
_gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
402
if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
405
/* error. ignore it */
407
*output |= GNUTLS_CERT_INVALID;
416
/* If the certificate is not self signed check if the algorithms
417
* used are secure. If the certificate is self signed it doesn't
420
if (is_issuer (cert, cert) == 0)
424
sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
426
if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
427
!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
428
((sigalg == GNUTLS_SIGN_RSA_MD5) &&
429
!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
432
*output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
438
_gnutls_free_datum (&cert_signed_data);
439
_gnutls_free_datum (&cert_signature);
445
* gnutls_x509_crt_check_issuer:
446
* @cert: is the certificate to be checked
447
* @issuer: is the certificate of a possible issuer
449
* This function will check if the given certificate was issued by the
450
* given issuer. It checks the DN fields and the authority
451
* key identifier and subject key identifier fields match.
453
* Returns: It will return true (1) if the given certificate is issued
454
* by the given issuer, and false (0) if not. A negative value is
455
* returned in case of an error.
458
gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
459
gnutls_x509_crt_t issuer)
461
return is_issuer (cert, issuer);
465
check_time (gnutls_x509_crt_t crt, time_t now)
470
t = gnutls_x509_crt_get_activation_time (crt);
471
if (t == (time_t) - 1 || now < t)
473
status |= GNUTLS_CERT_NOT_ACTIVATED;
474
status |= GNUTLS_CERT_INVALID;
478
t = gnutls_x509_crt_get_expiration_time (crt);
479
if (t == (time_t) - 1 || now > t)
481
status |= GNUTLS_CERT_EXPIRED;
482
status |= GNUTLS_CERT_INVALID;
489
/* Verify X.509 certificate chain.
491
* Note that the return value is an OR of GNUTLS_CERT_* elements.
493
* This function verifies a X.509 certificate list. The certificate
494
* list should lead to a trusted certificate in order to be trusted.
497
_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
499
const gnutls_x509_crt_t * trusted_cas,
501
const gnutls_x509_crl_t * CRLs,
502
int crls_size, unsigned int flags)
505
unsigned int status = 0, output;
506
time_t now = gnutls_time (0);
507
gnutls_x509_crt_t issuer = NULL;
511
/* Check if the last certificate in the path is self signed.
512
* In that case ignore it (a certificate is trusted only if it
513
* leads to a trusted party by us, not the server's).
515
* This prevents from verifying self signed certificates against
516
* themselves. This (although not bad) caused verification
517
* failures on some root self signed certificates that use the
520
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
521
certificate_list[clist_size - 1]) > 0)
527
/* We want to shorten the chain by removing the cert that matches
528
* one of the certs we trust and all the certs after that i.e. if
529
* cert chain is A signed-by B signed-by C signed-by D (signed-by
530
* self-signed E but already removed above), and we trust B, remove
532
if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
533
i = 0; /* also replace the first one */
535
i = 1; /* do not replace the first one */
537
for (; i < clist_size; i++)
541
for (j = 0; j < tcas_size; j++)
543
if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0)
545
/* explicity time check for trusted CA that we remove from
546
* list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
548
if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
549
&& !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
551
status |= check_time (trusted_cas[j], now);
561
/* clist_size may have been changed which gets out of loop */
565
/* The certificate is already present in the trusted certificate list.
566
* Nothing to verify. */
569
/* Verify the last certificate in the certificate path
570
* against the trusted CA certificate list.
572
* If no CAs are present returns CERT_INVALID. Thus works
573
* in self signed etc certificates.
575
ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
576
trusted_cas, tcas_size, flags, &output,
580
/* if the last certificate in the certificate
581
* list is invalid, then the certificate is not
586
status |= GNUTLS_CERT_INVALID;
590
/* Check for revoked certificates in the chain
593
for (i = 0; i < clist_size; i++)
595
ret = gnutls_x509_crt_check_revocation (certificate_list[i],
599
status |= GNUTLS_CERT_REVOKED;
600
status |= GNUTLS_CERT_INVALID;
607
/* Check activation/expiration times
609
if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
611
/* check the time of the issuer first */
612
if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS))
617
return GNUTLS_E_INTERNAL_ERROR;
620
status |= check_time (issuer, now);
627
for (i = 0; i < clist_size; i++)
629
status |= check_time (certificate_list[i], now);
637
/* Verify the certificate path (chain)
639
for (i = clist_size - 1; i > 0; i--)
644
/* note that here we disable this V1 CA flag. So that no version 1
645
* certificates can exist in a supplied chain.
647
if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
648
flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
649
flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
652
_gnutls_verify_certificate2 (certificate_list[i - 1],
653
&certificate_list[i], 1, flags,
656
status |= GNUTLS_CERT_INVALID;
665
/* Reads the digest information.
666
* we use DER here, although we should use BER. It works fine
670
decode_ber_digest_info (const gnutls_datum_t * info,
671
gnutls_mac_algorithm_t * hash,
672
opaque * digest, int *digest_size)
674
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
679
if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
681
&dinfo)) != ASN1_SUCCESS)
684
return _gnutls_asn2err (result);
687
result = asn1_der_decoding (&dinfo, info->data, info->size, NULL);
688
if (result != ASN1_SUCCESS)
691
asn1_delete_structure (&dinfo);
692
return _gnutls_asn2err (result);
695
len = sizeof (str) - 1;
696
result = asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len);
697
if (result != ASN1_SUCCESS)
700
asn1_delete_structure (&dinfo);
701
return _gnutls_asn2err (result);
704
*hash = _gnutls_x509_oid2mac_algorithm (str);
706
if (*hash == GNUTLS_MAC_UNKNOWN)
709
_gnutls_x509_log ("verify.c: HASH OID: %s\n", str);
712
asn1_delete_structure (&dinfo);
713
return GNUTLS_E_UNKNOWN_ALGORITHM;
716
len = sizeof (str) - 1;
717
result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
718
/* To avoid permitting garbage in the parameters field, either the
719
parameters field is not present, or it contains 0x05 0x00. */
720
if (!(result == ASN1_ELEMENT_NOT_FOUND ||
721
(result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
722
memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
725
asn1_delete_structure (&dinfo);
726
return GNUTLS_E_ASN1_GENERIC_ERROR;
729
result = asn1_read_value (dinfo, "digest", digest, digest_size);
730
if (result != ASN1_SUCCESS)
733
asn1_delete_structure (&dinfo);
734
return _gnutls_asn2err (result);
737
asn1_delete_structure (&dinfo);
742
/* if hash==MD5 then we do RSA-MD5
743
* if hash==SHA then we do RSA-SHA
744
* params[0] is modulus
745
* params[1] is public key
748
_pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
749
const gnutls_datum_t * prehash,
750
const gnutls_datum_t * signature, bigint_t * params,
753
gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
755
opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE], *cmp;
758
gnutls_datum_t decrypted;
761
_gnutls_pkcs1_rsa_decrypt (&decrypted, signature, params, params_len, 1);
768
/* decrypted is a BER encoded data of type DigestInfo
771
digest_size = sizeof (digest);
773
decode_ber_digest_info (&decrypted, &hash, digest, &digest_size)) != 0)
776
_gnutls_free_datum (&decrypted);
780
_gnutls_free_datum (&decrypted);
782
if (digest_size != _gnutls_hash_get_algo_len (hash))
785
return GNUTLS_E_ASN1_GENERIC_ERROR;
788
if (prehash && prehash->data && prehash->size == digest_size)
797
return GNUTLS_E_INVALID_REQUEST;
800
ret = _gnutls_hash_init (&hd, hash);
807
_gnutls_hash (&hd, text->data, text->size);
808
_gnutls_hash_deinit (&hd, md);
813
if (memcmp (cmp, digest, digest_size) != 0)
816
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
822
/* Hashes input data and verifies a DSA signature.
825
dsa_verify_sig (const gnutls_datum_t * text,
826
const gnutls_datum_t * hash,
827
const gnutls_datum_t * signature, bigint_t * params,
831
opaque _digest[MAX_HASH_SIZE];
832
gnutls_datum_t digest;
834
gnutls_digest_algorithm_t algo;
835
unsigned int hash_len;
837
algo = _gnutls_dsa_q_to_hash (params[1], &hash_len);
840
/* SHA1 or better allowed */
841
if (!hash->data || hash->size < hash_len)
844
_gnutls_debug_log("Hash size (%d) does not correspond to hash %s", (int)hash->size, gnutls_mac_get_name(algo));
846
if (hash->size != 20)
847
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
854
ret = _gnutls_hash_init (&hd, algo);
861
_gnutls_hash (&hd, text->data, text->size);
862
_gnutls_hash_deinit (&hd, _digest);
864
digest.data = _digest;
865
digest.size = _gnutls_hash_get_algo_len(algo);
868
ret = _gnutls_dsa_verify (&digest, signature, params, params_len);
873
/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
874
* not verified, or 1 otherwise.
877
pubkey_verify_sig (const gnutls_datum_t * tbs,
878
const gnutls_datum_t * hash,
879
const gnutls_datum_t * signature,
880
gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
881
int issuer_params_size)
888
if (_pkcs1_rsa_verify_sig
889
(tbs, hash, signature, issuer_params, issuer_params_size) != 0)
892
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
900
(tbs, hash, signature, issuer_params, issuer_params_size) != 0)
903
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
910
return GNUTLS_E_INTERNAL_ERROR;
915
gnutls_digest_algorithm_t
916
_gnutls_dsa_q_to_hash (bigint_t q, unsigned int* hash_len)
918
int bits = _gnutls_mpi_get_nbits (q);
922
if (hash_len) *hash_len = 20;
923
return GNUTLS_DIG_SHA1;
925
else if (bits <= 224)
927
if (hash_len) *hash_len = 28;
928
return GNUTLS_DIG_SHA256;
932
if (hash_len) *hash_len = 32;
933
return GNUTLS_DIG_SHA256;
937
/* This will return the appropriate hash to verify the given signature.
938
* If signature is NULL it will return an (or the) appropriate hash for
939
* the given parameters.
942
_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
943
const gnutls_datum_t * signature,
944
gnutls_pk_algorithm pk,
945
bigint_t * issuer_params,
946
unsigned int issuer_params_size)
948
opaque digest[MAX_HASH_SIZE];
949
gnutls_datum_t decrypted;
958
*hash = _gnutls_dsa_q_to_hash (issuer_params[1], NULL);
963
if (signature == NULL)
964
{ /* return a sensible algorithm */
966
*hash = GNUTLS_DIG_SHA256;
971
_gnutls_pkcs1_rsa_decrypt (&decrypted, signature,
972
issuer_params, issuer_params_size, 1);
981
digest_size = sizeof (digest);
983
decode_ber_digest_info (&decrypted, hash, digest,
987
_gnutls_free_datum (&decrypted);
991
_gnutls_free_datum (&decrypted);
992
if (digest_size != _gnutls_hash_get_algo_len (*hash))
995
ret = GNUTLS_E_ASN1_GENERIC_ERROR;
1004
ret = GNUTLS_E_INTERNAL_ERROR;
1013
/* verifies if the certificate is properly signed.
1014
* returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.
1016
* 'tbs' is the signed data
1017
* 'signature' is the signature!
1020
_gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
1021
const gnutls_datum_t * hash,
1022
const gnutls_datum_t * signature,
1023
gnutls_x509_crt_t issuer)
1025
bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
1026
int ret, issuer_params_size, i;
1028
/* Read the MPI parameters from the issuer's certificate.
1030
issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
1032
_gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size);
1040
pubkey_verify_sig (tbs, hash, signature,
1041
gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
1042
issuer_params, issuer_params_size);
1048
/* release all allocated MPIs
1050
for (i = 0; i < issuer_params_size; i++)
1052
_gnutls_mpi_release (&issuer_params[i]);
1058
/* verifies if the certificate is properly signed.
1059
* returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.
1061
* 'tbs' is the signed data
1062
* 'signature' is the signature!
1065
_gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
1066
const gnutls_datum_t * signature,
1067
gnutls_x509_privkey_t issuer)
1071
ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm,
1072
issuer->params, issuer->params_size);
1082
* gnutls_x509_crt_list_verify:
1083
* @cert_list: is the certificate list to be verified
1084
* @cert_list_length: holds the number of certificate in cert_list
1085
* @CA_list: is the CA list which will be used in verification
1086
* @CA_list_length: holds the number of CA certificate in CA_list
1087
* @CRL_list: holds a list of CRLs.
1088
* @CRL_list_length: the length of CRL list.
1089
* @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
1090
* @verify: will hold the certificate verification output.
1092
* This function will try to verify the given certificate list and
1093
* return its status. If no flags are specified (0), this function
1094
* will use the basicConstraints (2.5.29.19) PKIX extension. This
1095
* means that only a certificate authority is allowed to sign a
1098
* You must also check the peer's name in order to check if the verified
1099
* certificate belongs to the actual peer.
1101
* The certificate verification output will be put in @verify and will
1102
* be one or more of the gnutls_certificate_status_t enumerated
1103
* elements bitwise or'd. For a more detailed verification status use
1104
* gnutls_x509_crt_verify() per list element.
1106
* GNUTLS_CERT_INVALID: the certificate chain is not valid.
1108
* GNUTLS_CERT_REVOKED: a certificate in the chain has been revoked.
1110
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1111
* negative error value.
1114
gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
1115
int cert_list_length,
1116
const gnutls_x509_crt_t * CA_list,
1118
const gnutls_x509_crl_t * CRL_list,
1119
int CRL_list_length, unsigned int flags,
1120
unsigned int *verify)
1122
if (cert_list == NULL || cert_list_length == 0)
1123
return GNUTLS_E_NO_CERTIFICATE_FOUND;
1125
/* Verify certificate
1128
_gnutls_x509_verify_certificate (cert_list, cert_list_length,
1129
CA_list, CA_list_length, CRL_list,
1130
CRL_list_length, flags);
1136
* gnutls_x509_crt_verify:
1137
* @cert: is the certificate to be verified
1138
* @CA_list: is one certificate that is considered to be trusted one
1139
* @CA_list_length: holds the number of CA certificate in CA_list
1140
* @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
1141
* @verify: will hold the certificate verification output.
1143
* This function will try to verify the given certificate and return
1146
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1147
* negative error value.
1150
gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
1151
const gnutls_x509_crt_t * CA_list,
1152
int CA_list_length, unsigned int flags,
1153
unsigned int *verify)
1155
/* Verify certificate
1158
_gnutls_x509_verify_certificate (&cert, 1,
1159
CA_list, CA_list_length, NULL, 0, flags);
1168
* gnutls_x509_crl_check_issuer:
1169
* @crl: is the CRL to be checked
1170
* @issuer: is the certificate of a possible issuer
1172
* This function will check if the given CRL was issued by the given
1173
* issuer certificate. It will return true (1) if the given CRL was
1174
* issued by the given issuer, and false (0) if not.
1176
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1177
* negative error value.
1180
gnutls_x509_crl_check_issuer (gnutls_x509_crl_t cert,
1181
gnutls_x509_crt_t issuer)
1183
return is_crl_issuer (cert, issuer);
1187
* gnutls_x509_crl_verify:
1188
* @crl: is the crl to be verified
1189
* @CA_list: is a certificate list that is considered to be trusted one
1190
* @CA_list_length: holds the number of CA certificates in CA_list
1191
* @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
1192
* @verify: will hold the crl verification output.
1194
* This function will try to verify the given crl and return its status.
1195
* See gnutls_x509_crt_list_verify() for a detailed description of
1198
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1199
* negative error value.
1202
gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
1203
const gnutls_x509_crt_t * CA_list,
1204
int CA_list_length, unsigned int flags,
1205
unsigned int *verify)
1210
ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify);
1221
/* The same as above, but here we've got a CRL.
1224
is_crl_issuer (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert)
1226
gnutls_datum_t dn1 = { NULL, 0 }, dn2 =
1231
ret = gnutls_x509_crl_get_raw_issuer_dn (crl, &dn1);
1238
ret = gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2);
1245
ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
1248
_gnutls_free_datum (&dn1);
1249
_gnutls_free_datum (&dn2);
1254
static inline gnutls_x509_crt_t
1255
find_crl_issuer (gnutls_x509_crl_t crl,
1256
const gnutls_x509_crt_t * trusted_cas, int tcas_size)
1260
/* this is serial search.
1263
for (i = 0; i < tcas_size; i++)
1265
if (is_crl_issuer (crl, trusted_cas[i]) == 1)
1266
return trusted_cas[i];
1274
* Returns only 0 or 1. If 1 it means that the CRL
1275
* was successfuly verified.
1277
* 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
1279
* Output will hold information about the verification
1283
_gnutls_verify_crl2 (gnutls_x509_crl_t crl,
1284
const gnutls_x509_crt_t * trusted_cas,
1285
int tcas_size, unsigned int flags, unsigned int *output)
1287
/* CRL is ignored for now */
1288
gnutls_datum_t crl_signed_data = { NULL, 0 };
1289
gnutls_datum_t crl_signature = { NULL, 0 };
1290
gnutls_x509_crt_t issuer;
1297
issuer = find_crl_issuer (crl, trusted_cas, tcas_size);
1302
*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
1306
/* issuer is not in trusted certificate
1313
*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
1317
if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN))
1319
if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1)
1323
*output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
1329
_gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data);
1336
result = _gnutls_x509_get_signature (crl->crl, "signature", &crl_signature);
1344
_gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature,
1346
if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
1349
/* error. ignore it */
1351
*output |= GNUTLS_CERT_INVALID;
1354
else if (result < 0)
1363
sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
1365
if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
1366
!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
1367
((sigalg == GNUTLS_SIGN_RSA_MD5) &&
1368
!(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
1371
*output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
1377
_gnutls_free_datum (&crl_signed_data);
1378
_gnutls_free_datum (&crl_signature);