RetroArch
Classes | Macros | Functions | Variables
x509_crt.c File Reference
#include "mbedtls/config.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/oid.h"
#include <stdio.h>
#include <string.h>
#include "mbedtls/pem.h"
#include "mbedtls/platform.h"
#include <time.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <dirent.h>
#include "arc4_alt.h"
Include dependency graph for x509_crt.c:

Classes

struct  x509_crt_verify_string
 

Macros

#define PRINT_ITEM(i)
 
#define CERT_TYPE(type, name)
 
#define KEY_USAGE(code, name)
 
#define BEFORE_COLON   18
 
#define BC   "18"
 

Functions

static int x509_profile_check_md_alg (const mbedtls_x509_crt_profile *profile, mbedtls_md_type_t md_alg)
 
static int x509_profile_check_pk_alg (const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg)
 
static int x509_profile_check_key (const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg, const mbedtls_pk_context *pk)
 
static int x509_get_version (unsigned char **p, const unsigned char *end, int *ver)
 
static int x509_get_dates (unsigned char **p, const unsigned char *end, mbedtls_x509_time *from, mbedtls_x509_time *to)
 
static int x509_get_uid (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *uid, int n)
 
static int x509_get_basic_constraints (unsigned char **p, const unsigned char *end, int *ca_istrue, int *max_pathlen)
 
static int x509_get_ns_cert_type (unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type)
 
static int x509_get_key_usage (unsigned char **p, const unsigned char *end, unsigned int *key_usage)
 
static int x509_get_ext_key_usage (unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *ext_key_usage)
 
static int x509_get_subject_alt_name (unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *subject_alt_name)
 
static int x509_get_crt_ext (unsigned char **p, const unsigned char *end, mbedtls_x509_crt *crt)
 
static int x509_crt_parse_der_core (mbedtls_x509_crt *crt, const unsigned char *buf, size_t buflen)
 
int mbedtls_x509_crt_parse_der (mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse a single DER formatted certificate and add it to the chained list. More...
 
int mbedtls_x509_crt_parse (mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned. More...
 
int mbedtls_x509_crt_parse_file (mbedtls_x509_crt *chain, const char *path)
 Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned. More...
 
int mbedtls_x509_crt_parse_path (mbedtls_x509_crt *chain, const char *path)
 Load one or more certificate files from a path and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned. More...
 
static int x509_info_subject_alt_name (char **buf, size_t *size, const mbedtls_x509_sequence *subject_alt_name)
 
static int x509_info_cert_type (char **buf, size_t *size, unsigned char ns_cert_type)
 
static int x509_info_key_usage (char **buf, size_t *size, unsigned int key_usage)
 
static int x509_info_ext_key_usage (char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage)
 
int mbedtls_x509_crt_info (char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
 Returns an informational string about the certificate. More...
 
int mbedtls_x509_crt_verify_info (char *buf, size_t size, const char *prefix, uint32_t flags)
 Returns an informational string about the verification status of a certificate. More...
 
int mbedtls_x509_crt_check_key_usage (const mbedtls_x509_crt *crt, unsigned int usage)
 Check usage of certificate against keyUsage extension. More...
 
int mbedtls_x509_crt_check_extended_key_usage (const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
 Check usage of certificate against extentedJeyUsage. More...
 
int mbedtls_x509_crt_is_revoked (const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
 Verify the certificate revocation status. More...
 
static int x509_crt_verifycrl (mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, mbedtls_x509_crl *crl_list, const mbedtls_x509_crt_profile *profile)
 
static int x509_memcasecmp (const void *s1, const void *s2, size_t len)
 
static int x509_check_wildcard (const char *cn, mbedtls_x509_buf *name)
 
static int x509_string_cmp (const mbedtls_x509_buf *a, const mbedtls_x509_buf *b)
 
static int x509_name_cmp (const mbedtls_x509_name *a, const mbedtls_x509_name *b)
 
static int x509_crt_check_parent (const mbedtls_x509_crt *child, const mbedtls_x509_crt *parent, int top, int bottom)
 
static int x509_crt_verify_top (mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, int path_cnt, int self_cnt, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
 
static int x509_crt_verify_child (mbedtls_x509_crt *child, mbedtls_x509_crt *parent, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, int path_cnt, int self_cnt, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
 
int mbedtls_x509_crt_verify (mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
 Verify the certificate signature. More...
 
int mbedtls_x509_crt_verify_with_profile (mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
 Verify the certificate signature according to profile. More...
 
void mbedtls_x509_crt_init (mbedtls_x509_crt *crt)
 Initialize a certificate (chain) More...
 
void mbedtls_x509_crt_free (mbedtls_x509_crt *crt)
 Unallocate all certificate data. More...
 

Variables

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
 
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
 
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
 
static const struct x509_crt_verify_string x509_crt_verify_strings []
 

Macro Definition Documentation

◆ BC

#define BC   "18"

◆ BEFORE_COLON

#define BEFORE_COLON   18

◆ CERT_TYPE

#define CERT_TYPE (   type,
  name 
)
Value:
if( ns_cert_type & type ) \
PRINT_ITEM( name );
GLuint const GLchar * name
Definition: glext.h:6671
GLenum type
Definition: glext.h:6233

◆ KEY_USAGE

#define KEY_USAGE (   code,
  name 
)
Value:
if( key_usage & code ) \
PRINT_ITEM( name );
GLuint const GLchar * name
Definition: glext.h:6671
Definition: inftrees.h:27

◆ PRINT_ITEM

#define PRINT_ITEM (   i)
Value:
{ \
ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
MBEDTLS_X509_SAFE_SNPRINTF; \
sep = ", "; \
}
#define mbedtls_snprintf
Definition: platform.h:210
GLfloat GLfloat p
Definition: glext.h:9809
GLdouble n
Definition: glext.h:8396

Function Documentation

◆ x509_check_wildcard()

static int x509_check_wildcard ( const char *  cn,
mbedtls_x509_buf name 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_crt_check_parent()

static int x509_crt_check_parent ( const mbedtls_x509_crt child,
const mbedtls_x509_crt parent,
int  top,
int  bottom 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_crt_parse_der_core()

static int x509_crt_parse_der_core ( mbedtls_x509_crt crt,
const unsigned char *  buf,
size_t  buflen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_crt_verify_child()

static int x509_crt_verify_child ( mbedtls_x509_crt child,
mbedtls_x509_crt parent,
mbedtls_x509_crt trust_ca,
mbedtls_x509_crl ca_crl,
const mbedtls_x509_crt_profile profile,
int  path_cnt,
int  self_cnt,
uint32_t flags,
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *)  f_vrfy,
void p_vrfy 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_crt_verify_top()

static int x509_crt_verify_top ( mbedtls_x509_crt child,
mbedtls_x509_crt trust_ca,
mbedtls_x509_crl ca_crl,
const mbedtls_x509_crt_profile profile,
int  path_cnt,
int  self_cnt,
uint32_t flags,
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *)  f_vrfy,
void p_vrfy 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_crt_verifycrl()

static int x509_crt_verifycrl ( mbedtls_x509_crt crt,
mbedtls_x509_crt ca,
mbedtls_x509_crl crl_list,
const mbedtls_x509_crt_profile profile 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_basic_constraints()

static int x509_get_basic_constraints ( unsigned char **  p,
const unsigned char *  end,
int *  ca_istrue,
int *  max_pathlen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_crt_ext()

static int x509_get_crt_ext ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_crt crt 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_dates()

static int x509_get_dates ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_time from,
mbedtls_x509_time to 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_ext_key_usage()

static int x509_get_ext_key_usage ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_sequence ext_key_usage 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_key_usage()

static int x509_get_key_usage ( unsigned char **  p,
const unsigned char *  end,
unsigned int *  key_usage 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_ns_cert_type()

static int x509_get_ns_cert_type ( unsigned char **  p,
const unsigned char *  end,
unsigned char *  ns_cert_type 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_subject_alt_name()

static int x509_get_subject_alt_name ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_sequence subject_alt_name 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_uid()

static int x509_get_uid ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf uid,
int  n 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_get_version()

static int x509_get_version ( unsigned char **  p,
const unsigned char *  end,
int *  ver 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_info_cert_type()

static int x509_info_cert_type ( char **  buf,
size_t *  size,
unsigned char  ns_cert_type 
)
static
Here is the caller graph for this function:

◆ x509_info_ext_key_usage()

static int x509_info_ext_key_usage ( char **  buf,
size_t *  size,
const mbedtls_x509_sequence extended_key_usage 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_info_key_usage()

static int x509_info_key_usage ( char **  buf,
size_t *  size,
unsigned int  key_usage 
)
static
Here is the caller graph for this function:

◆ x509_info_subject_alt_name()

static int x509_info_subject_alt_name ( char **  buf,
size_t *  size,
const mbedtls_x509_sequence subject_alt_name 
)
static
Here is the caller graph for this function:

◆ x509_memcasecmp()

static int x509_memcasecmp ( const void s1,
const void s2,
size_t  len 
)
static
Here is the caller graph for this function:

◆ x509_name_cmp()

static int x509_name_cmp ( const mbedtls_x509_name a,
const mbedtls_x509_name b 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_profile_check_key()

static int x509_profile_check_key ( const mbedtls_x509_crt_profile profile,
mbedtls_pk_type_t  pk_alg,
const mbedtls_pk_context pk 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ x509_profile_check_md_alg()

static int x509_profile_check_md_alg ( const mbedtls_x509_crt_profile profile,
mbedtls_md_type_t  md_alg 
)
static
Here is the caller graph for this function:

◆ x509_profile_check_pk_alg()

static int x509_profile_check_pk_alg ( const mbedtls_x509_crt_profile profile,
mbedtls_pk_type_t  pk_alg 
)
static
Here is the caller graph for this function:

◆ x509_string_cmp()

static int x509_string_cmp ( const mbedtls_x509_buf a,
const mbedtls_x509_buf b 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ x509_crt_verify_strings

const struct x509_crt_verify_string x509_crt_verify_strings[]
static
Initial value:
= {
{ MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
{ MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
{ MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
{ MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
{ MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
{ MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
{ MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
{ MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
{ MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
{ MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
{ MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
{ MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
{ MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." },
{ MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
{ MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
{ MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." },
{ MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
{ MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
{ 0, NULL }
}
#define MBEDTLS_X509_BADCERT_FUTURE
Definition: x509.h:95
#define MBEDTLS_X509_BADCERT_BAD_KEY
Definition: x509.h:102
#define MBEDTLS_X509_BADCERT_KEY_USAGE
Definition: x509.h:97
#define MBEDTLS_X509_BADCERT_REVOKED
Definition: x509.h:87
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE
Definition: x509.h:99
#define MBEDTLS_X509_BADCRL_FUTURE
Definition: x509.h:96
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED
Definition: x509.h:90
#define MBEDTLS_X509_BADCRL_BAD_PK
Definition: x509.h:104
#define NULL
Pointer to 0.
Definition: gctypes.h:65
#define MBEDTLS_X509_BADCERT_OTHER
Definition: x509.h:94
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY
Definition: x509.h:93
#define MBEDTLS_X509_BADCERT_CN_MISMATCH
Definition: x509.h:88
#define MBEDTLS_X509_BADCRL_BAD_KEY
Definition: x509.h:105
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED
Definition: x509.h:89
#define MBEDTLS_X509_BADCERT_MISSING
Definition: x509.h:92
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
Definition: x509.h:98
#define MBEDTLS_X509_BADCERT_BAD_MD
Definition: x509.h:100
#define MBEDTLS_X509_BADCRL_EXPIRED
Definition: x509.h:91
#define MBEDTLS_X509_BADCERT_EXPIRED
Definition: x509.h:86
#define MBEDTLS_X509_BADCRL_BAD_MD
Definition: x509.h:103
#define MBEDTLS_X509_BADCERT_BAD_PK
Definition: x509.h:101