2 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
3 * Software Foundation, Inc.
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 /* All functions which relate to X.509 certificate verification stuff are
30 #include <gnutls_int.h>
31 #include <gnutls_errors.h>
32 #include <gnutls_cert.h>
34 #include <gnutls_global.h>
35 #include <gnutls_num.h> /* MAX */
36 #include <gnutls_sig.h>
37 #include <gnutls_str.h>
38 #include <gnutls_datum.h>
42 static int _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
43 const gnutls_x509_crt_t * trusted_cas,
44 int tcas_size, unsigned int flags,
46 gnutls_x509_crt_t * issuer);
48 static int is_crl_issuer (gnutls_x509_crl_t crl,
49 gnutls_x509_crt_t issuer_cert);
51 static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
52 const gnutls_x509_crt_t * trusted_cas,
53 int tcas_size, unsigned int flags,
54 unsigned int *output);
56 /* Checks if two certs are identical. Return 0 on match. */
58 check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
60 gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin =
64 opaque serial1[128], serial2[128];
65 size_t serial1_size, serial2_size;
67 serial1_size = sizeof (serial1);
68 result = gnutls_x509_crt_get_serial (cert1, serial1, &serial1_size);
75 serial2_size = sizeof (serial2);
76 result = gnutls_x509_crt_get_serial (cert2, serial2, &serial2_size);
83 if (serial2_size != serial1_size
84 || memcmp (serial1, serial2, serial1_size) != 0)
90 result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0);
97 result = _gnutls_x509_der_encode (cert2->cert, "", &cert2bin, 0);
104 if ((cert1bin.size == cert2bin.size) &&
105 (memcmp (cert1bin.data, cert2bin.data, cert1bin.size) == 0))
111 _gnutls_free_datum (&cert1bin);
112 _gnutls_free_datum (&cert2bin);
116 /* Checks if the issuer of a certificate is a
117 * Certificate Authority, or if the certificate is the same
118 * as the issuer (and therefore it doesn't need to be a CA).
120 * Returns true or false, if the issuer is a CA,
124 check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
127 gnutls_datum_t cert_signed_data = { NULL, 0 };
128 gnutls_datum_t issuer_signed_data = { NULL, 0 };
129 gnutls_datum_t cert_signature = { NULL, 0 };
130 gnutls_datum_t issuer_signature = { NULL, 0 };
133 /* Check if the issuer is the same with the
134 * certificate. This is added in order for trusted
135 * certificates to be able to verify themselves.
139 _gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate",
140 &issuer_signed_data);
148 _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
157 _gnutls_x509_get_signature (issuer->cert, "signature", &issuer_signature);
165 _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
172 /* If the subject certificate is the same as the issuer
175 if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
176 if (cert_signed_data.size == issuer_signed_data.size)
178 if ((memcmp (cert_signed_data.data, issuer_signed_data.data,
179 cert_signed_data.size) == 0) &&
180 (cert_signature.size == issuer_signature.size) &&
181 (memcmp (cert_signature.data, issuer_signature.data,
182 cert_signature.size) == 0))
189 result = gnutls_x509_crt_get_ca_status (issuer, NULL);
195 /* Handle V1 CAs that do not have a basicConstraint, but accept
196 these certs only if the appropriate flags are set. */
197 else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
198 ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
199 (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
200 (gnutls_x509_crt_check_issuer (issuer, issuer) == 1))))
212 _gnutls_free_datum (&cert_signed_data);
213 _gnutls_free_datum (&issuer_signed_data);
214 _gnutls_free_datum (&cert_signature);
215 _gnutls_free_datum (&issuer_signature);
220 /* This function checks if 'certs' issuer is 'issuer_cert'.
221 * This does a straight (DER) compare of the issuer/subject fields in
222 * the given certificates.
224 * Returns 1 if they match and zero if they don't match. Otherwise
225 * a negative value is returned to indicate error.
228 is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert)
230 gnutls_datum_t dn1 = { NULL, 0 },
238 ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn1);
245 ret = gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2);
252 ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
256 /* check if the authority key identifier matches the subject key identifier
258 id1_size = sizeof(id1);
260 ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL);
267 id2_size = sizeof(id2);
268 ret = gnutls_x509_crt_get_subject_key_id(issuer_cert, id2, &id2_size, NULL);
276 if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0)
283 _gnutls_free_datum (&dn1);
284 _gnutls_free_datum (&dn2);
290 static inline gnutls_x509_crt_t
291 find_issuer (gnutls_x509_crt_t cert,
292 const gnutls_x509_crt_t * trusted_cas, int tcas_size)
296 /* this is serial search.
299 for (i = 0; i < tcas_size; i++)
301 if (is_issuer (cert, trusted_cas[i]) == 1)
302 return trusted_cas[i];
312 * Verifies the given certificate again a certificate list of
315 * Returns only 0 or 1. If 1 it means that the certificate
316 * was successfuly verified.
318 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
320 * Output will hold some extra information about the verification
321 * procedure. Issuer will hold the actual issuer from the trusted list.
324 _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
325 const gnutls_x509_crt_t * trusted_cas,
326 int tcas_size, unsigned int flags,
327 unsigned int *output,
328 gnutls_x509_crt_t * _issuer)
330 gnutls_datum_t cert_signed_data = { NULL, 0 };
331 gnutls_datum_t cert_signature = { NULL, 0 };
332 gnutls_x509_crt_t issuer = NULL;
333 int issuer_version, result;
339 issuer = find_issuer (cert, trusted_cas, tcas_size);
344 *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
348 /* issuer is not in trusted certificate
354 *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
362 issuer_version = gnutls_x509_crt_get_version (issuer);
363 if (issuer_version < 0)
366 return issuer_version;
369 if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
370 ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
371 || issuer_version != 1))
373 if (check_if_ca (cert, issuer, flags) == 0)
377 *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
383 _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
392 _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
400 _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
402 if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
405 /* error. ignore it */
407 *output |= GNUTLS_CERT_INVALID;
416 /* If the certificate is not self signed check if the algorithms
417 * used are secure. If the certificate is self signed it doesn't
420 if (is_issuer (cert, cert) == 0)
424 sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
426 if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
427 !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
428 ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
429 !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
432 *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
438 _gnutls_free_datum (&cert_signed_data);
439 _gnutls_free_datum (&cert_signature);
445 * gnutls_x509_crt_check_issuer:
446 * @cert: is the certificate to be checked
447 * @issuer: is the certificate of a possible issuer
449 * This function will check if the given certificate was issued by the
450 * given issuer. It checks the DN fields and the authority
451 * key identifier and subject key identifier fields match.
453 * Returns: It will return true (1) if the given certificate is issued
454 * by the given issuer, and false (0) if not. A negative value is
455 * returned in case of an error.
458 gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
459 gnutls_x509_crt_t issuer)
461 return is_issuer (cert, issuer);
465 check_time (gnutls_x509_crt_t crt, time_t now)
470 t = gnutls_x509_crt_get_activation_time (crt);
471 if (t == (time_t) - 1 || now < t)
473 status |= GNUTLS_CERT_NOT_ACTIVATED;
474 status |= GNUTLS_CERT_INVALID;
478 t = gnutls_x509_crt_get_expiration_time (crt);
479 if (t == (time_t) - 1 || now > t)
481 status |= GNUTLS_CERT_EXPIRED;
482 status |= GNUTLS_CERT_INVALID;
489 /* Verify X.509 certificate chain.
491 * Note that the return value is an OR of GNUTLS_CERT_* elements.
493 * This function verifies a X.509 certificate list. The certificate
494 * list should lead to a trusted certificate in order to be trusted.
497 _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
499 const gnutls_x509_crt_t * trusted_cas,
501 const gnutls_x509_crl_t * CRLs,
502 int crls_size, unsigned int flags)
505 unsigned int status = 0, output;
506 time_t now = gnutls_time (0);
507 gnutls_x509_crt_t issuer = NULL;
511 /* Check if the last certificate in the path is self signed.
512 * In that case ignore it (a certificate is trusted only if it
513 * leads to a trusted party by us, not the server's).
515 * This prevents from verifying self signed certificates against
516 * themselves. This (although not bad) caused verification
517 * failures on some root self signed certificates that use the
520 if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
521 certificate_list[clist_size - 1]) > 0)
527 /* We want to shorten the chain by removing the cert that matches
528 * one of the certs we trust and all the certs after that i.e. if
529 * cert chain is A signed-by B signed-by C signed-by D (signed-by
530 * self-signed E but already removed above), and we trust B, remove
532 if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
533 i = 0; /* also replace the first one */
535 i = 1; /* do not replace the first one */
537 for (; i < clist_size; i++)
541 for (j = 0; j < tcas_size; j++)
543 if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0)
545 /* explicity time check for trusted CA that we remove from
546 * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
548 if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
549 && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
551 status |= check_time (trusted_cas[j], now);
561 /* clist_size may have been changed which gets out of loop */
565 /* The certificate is already present in the trusted certificate list.
566 * Nothing to verify. */
569 /* Verify the last certificate in the certificate path
570 * against the trusted CA certificate list.
572 * If no CAs are present returns CERT_INVALID. Thus works
573 * in self signed etc certificates.
575 ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
576 trusted_cas, tcas_size, flags, &output,
580 /* if the last certificate in the certificate
581 * list is invalid, then the certificate is not
586 status |= GNUTLS_CERT_INVALID;
590 /* Check for revoked certificates in the chain
593 for (i = 0; i < clist_size; i++)
595 ret = gnutls_x509_crt_check_revocation (certificate_list[i],
599 status |= GNUTLS_CERT_REVOKED;
600 status |= GNUTLS_CERT_INVALID;
607 /* Check activation/expiration times
609 if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
611 /* check the time of the issuer first */
612 if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS))
617 return GNUTLS_E_INTERNAL_ERROR;
620 status |= check_time (issuer, now);
627 for (i = 0; i < clist_size; i++)
629 status |= check_time (certificate_list[i], now);
637 /* Verify the certificate path (chain)
639 for (i = clist_size - 1; i > 0; i--)
644 /* note that here we disable this V1 CA flag. So that no version 1
645 * certificates can exist in a supplied chain.
647 if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
648 flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
650 _gnutls_verify_certificate2 (certificate_list[i - 1],
651 &certificate_list[i], 1, flags,
654 status |= GNUTLS_CERT_INVALID;
663 /* Reads the digest information.
664 * we use DER here, although we should use BER. It works fine
668 decode_ber_digest_info (const gnutls_datum_t * info,
669 gnutls_mac_algorithm_t * hash,
670 opaque * digest, int *digest_size)
672 ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
677 if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
679 &dinfo)) != ASN1_SUCCESS)
682 return _gnutls_asn2err (result);
685 result = asn1_der_decoding (&dinfo, info->data, info->size, NULL);
686 if (result != ASN1_SUCCESS)
689 asn1_delete_structure (&dinfo);
690 return _gnutls_asn2err (result);
693 len = sizeof (str) - 1;
694 result = asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len);
695 if (result != ASN1_SUCCESS)
698 asn1_delete_structure (&dinfo);
699 return _gnutls_asn2err (result);
702 *hash = _gnutls_x509_oid2mac_algorithm (str);
704 if (*hash == GNUTLS_MAC_UNKNOWN)
707 _gnutls_x509_log ("verify.c: HASH OID: %s\n", str);
710 asn1_delete_structure (&dinfo);
711 return GNUTLS_E_UNKNOWN_ALGORITHM;
714 len = sizeof (str) - 1;
715 result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
716 /* To avoid permitting garbage in the parameters field, either the
717 parameters field is not present, or it contains 0x05 0x00. */
718 if (!(result == ASN1_ELEMENT_NOT_FOUND ||
719 (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
720 memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
723 asn1_delete_structure (&dinfo);
724 return GNUTLS_E_ASN1_GENERIC_ERROR;
727 result = asn1_read_value (dinfo, "digest", digest, digest_size);
728 if (result != ASN1_SUCCESS)
731 asn1_delete_structure (&dinfo);
732 return _gnutls_asn2err (result);
735 asn1_delete_structure (&dinfo);
740 /* if hash==MD5 then we do RSA-MD5
741 * if hash==SHA then we do RSA-SHA
742 * params[0] is modulus
743 * params[1] is public key
746 _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
747 const gnutls_datum_t * prehash,
748 const gnutls_datum_t * signature, bigint_t * params,
751 gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
753 opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE], *cmp;
756 gnutls_datum_t decrypted;
759 _gnutls_pkcs1_rsa_decrypt (&decrypted, signature, params, params_len, 1);
766 /* decrypted is a BER encoded data of type DigestInfo
769 digest_size = sizeof (digest);
771 decode_ber_digest_info (&decrypted, &hash, digest, &digest_size)) != 0)
774 _gnutls_free_datum (&decrypted);
778 _gnutls_free_datum (&decrypted);
780 if (digest_size != _gnutls_hash_get_algo_len (hash))
783 return GNUTLS_E_ASN1_GENERIC_ERROR;
786 if (prehash && prehash->data && prehash->size == digest_size)
795 return GNUTLS_E_INVALID_REQUEST;
798 ret = _gnutls_hash_init (&hd, hash);
805 _gnutls_hash (&hd, text->data, text->size);
806 _gnutls_hash_deinit (&hd, md);
811 if (memcmp (cmp, digest, digest_size) != 0)
814 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
820 /* Hashes input data and verifies a DSA signature.
823 dsa_verify_sig (const gnutls_datum_t * text,
824 const gnutls_datum_t * hash,
825 const gnutls_datum_t * signature, bigint_t * params,
829 opaque _digest[MAX_HASH_SIZE];
830 gnutls_datum_t digest;
832 gnutls_digest_algorithm_t algo;
833 unsigned int hash_len;
835 algo = _gnutls_dsa_q_to_hash (params[1], &hash_len);
838 /* SHA1 or better allowed */
839 if (!hash->data || hash->size < hash_len)
842 _gnutls_debug_log("Hash size (%d) does not correspond to hash %s", (int)hash->size, gnutls_mac_get_name(algo));
844 if (hash->size != 20)
845 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
852 ret = _gnutls_hash_init (&hd, algo);
859 _gnutls_hash (&hd, text->data, text->size);
860 _gnutls_hash_deinit (&hd, _digest);
862 digest.data = _digest;
863 digest.size = _gnutls_hash_get_algo_len(algo);
866 ret = _gnutls_dsa_verify (&digest, signature, params, params_len);
871 /* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
872 * not verified, or 1 otherwise.
875 pubkey_verify_sig (const gnutls_datum_t * tbs,
876 const gnutls_datum_t * hash,
877 const gnutls_datum_t * signature,
878 gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
879 int issuer_params_size)
886 if (_pkcs1_rsa_verify_sig
887 (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
890 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
898 (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
901 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
908 return GNUTLS_E_INTERNAL_ERROR;
913 gnutls_digest_algorithm_t
914 _gnutls_dsa_q_to_hash (bigint_t q, unsigned int* hash_len)
916 int bits = _gnutls_mpi_get_nbits (q);
920 if (hash_len) *hash_len = 20;
921 return GNUTLS_DIG_SHA1;
923 else if (bits <= 224)
925 if (hash_len) *hash_len = 28;
926 return GNUTLS_DIG_SHA256;
930 if (hash_len) *hash_len = 32;
931 return GNUTLS_DIG_SHA256;
935 /* This will return the appropriate hash to verify the given signature.
936 * If signature is NULL it will return an (or the) appropriate hash for
937 * the given parameters.
940 _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
941 const gnutls_datum_t * signature,
942 gnutls_pk_algorithm pk,
943 bigint_t * issuer_params,
944 unsigned int issuer_params_size)
946 opaque digest[MAX_HASH_SIZE];
947 gnutls_datum_t decrypted;
956 *hash = _gnutls_dsa_q_to_hash (issuer_params[1], NULL);
961 if (signature == NULL)
962 { /* return a sensible algorithm */
964 *hash = GNUTLS_DIG_SHA256;
969 _gnutls_pkcs1_rsa_decrypt (&decrypted, signature,
970 issuer_params, issuer_params_size, 1);
979 digest_size = sizeof (digest);
981 decode_ber_digest_info (&decrypted, hash, digest,
985 _gnutls_free_datum (&decrypted);
989 _gnutls_free_datum (&decrypted);
990 if (digest_size != _gnutls_hash_get_algo_len (*hash))
993 ret = GNUTLS_E_ASN1_GENERIC_ERROR;
1002 ret = GNUTLS_E_INTERNAL_ERROR;
1011 /* verifies if the certificate is properly signed.
1012 * returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.
1014 * 'tbs' is the signed data
1015 * 'signature' is the signature!
1018 _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
1019 const gnutls_datum_t * hash,
1020 const gnutls_datum_t * signature,
1021 gnutls_x509_crt_t issuer)
1023 bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
1024 int ret, issuer_params_size, i;
1026 /* Read the MPI parameters from the issuer's certificate.
1028 issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
1030 _gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size);
1038 pubkey_verify_sig (tbs, hash, signature,
1039 gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
1040 issuer_params, issuer_params_size);
1046 /* release all allocated MPIs
1048 for (i = 0; i < issuer_params_size; i++)
1050 _gnutls_mpi_release (&issuer_params[i]);
1056 /* verifies if the certificate is properly signed.
1057 * returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.
1059 * 'tbs' is the signed data
1060 * 'signature' is the signature!
1063 _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
1064 const gnutls_datum_t * signature,
1065 gnutls_x509_privkey_t issuer)
1069 ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm,
1070 issuer->params, issuer->params_size);
1080 * gnutls_x509_crt_list_verify:
1081 * @cert_list: is the certificate list to be verified
1082 * @cert_list_length: holds the number of certificate in cert_list
1083 * @CA_list: is the CA list which will be used in verification
1084 * @CA_list_length: holds the number of CA certificate in CA_list
1085 * @CRL_list: holds a list of CRLs.
1086 * @CRL_list_length: the length of CRL list.
1087 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
1088 * @verify: will hold the certificate verification output.
1090 * This function will try to verify the given certificate list and
1091 * return its status. If no flags are specified (0), this function
1092 * will use the basicConstraints (2.5.29.19) PKIX extension. This
1093 * means that only a certificate authority is allowed to sign a
1096 * You must also check the peer's name in order to check if the verified
1097 * certificate belongs to the actual peer.
1099 * The certificate verification output will be put in @verify and will
1100 * be one or more of the gnutls_certificate_status_t enumerated
1101 * elements bitwise or'd. For a more detailed verification status use
1102 * gnutls_x509_crt_verify() per list element.
1104 * GNUTLS_CERT_INVALID: the certificate chain is not valid.
1106 * GNUTLS_CERT_REVOKED: a certificate in the chain has been revoked.
1108 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1109 * negative error value.
1112 gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
1113 int cert_list_length,
1114 const gnutls_x509_crt_t * CA_list,
1116 const gnutls_x509_crl_t * CRL_list,
1117 int CRL_list_length, unsigned int flags,
1118 unsigned int *verify)
1120 if (cert_list == NULL || cert_list_length == 0)
1121 return GNUTLS_E_NO_CERTIFICATE_FOUND;
1123 /* Verify certificate
1126 _gnutls_x509_verify_certificate (cert_list, cert_list_length,
1127 CA_list, CA_list_length, CRL_list,
1128 CRL_list_length, flags);
1134 * gnutls_x509_crt_verify:
1135 * @cert: is the certificate to be verified
1136 * @CA_list: is one certificate that is considered to be trusted one
1137 * @CA_list_length: holds the number of CA certificate in CA_list
1138 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
1139 * @verify: will hold the certificate verification output.
1141 * This function will try to verify the given certificate and return
1144 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1145 * negative error value.
1148 gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
1149 const gnutls_x509_crt_t * CA_list,
1150 int CA_list_length, unsigned int flags,
1151 unsigned int *verify)
1153 /* Verify certificate
1156 _gnutls_x509_verify_certificate (&cert, 1,
1157 CA_list, CA_list_length, NULL, 0, flags);
1166 * gnutls_x509_crl_check_issuer:
1167 * @crl: is the CRL to be checked
1168 * @issuer: is the certificate of a possible issuer
1170 * This function will check if the given CRL was issued by the given
1171 * issuer certificate. It will return true (1) if the given CRL was
1172 * issued by the given issuer, and false (0) if not.
1174 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1175 * negative error value.
1178 gnutls_x509_crl_check_issuer (gnutls_x509_crl_t cert,
1179 gnutls_x509_crt_t issuer)
1181 return is_crl_issuer (cert, issuer);
1185 * gnutls_x509_crl_verify:
1186 * @crl: is the crl to be verified
1187 * @CA_list: is a certificate list that is considered to be trusted one
1188 * @CA_list_length: holds the number of CA certificates in CA_list
1189 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
1190 * @verify: will hold the crl verification output.
1192 * This function will try to verify the given crl and return its status.
1193 * See gnutls_x509_crt_list_verify() for a detailed description of
1196 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1197 * negative error value.
1200 gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
1201 const gnutls_x509_crt_t * CA_list,
1202 int CA_list_length, unsigned int flags,
1203 unsigned int *verify)
1208 ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify);
1219 /* The same as above, but here we've got a CRL.
1222 is_crl_issuer (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert)
1224 gnutls_datum_t dn1 = { NULL, 0 }, dn2 =
1229 ret = gnutls_x509_crl_get_raw_issuer_dn (crl, &dn1);
1236 ret = gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2);
1243 ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
1246 _gnutls_free_datum (&dn1);
1247 _gnutls_free_datum (&dn2);
1252 static inline gnutls_x509_crt_t
1253 find_crl_issuer (gnutls_x509_crl_t crl,
1254 const gnutls_x509_crt_t * trusted_cas, int tcas_size)
1258 /* this is serial search.
1261 for (i = 0; i < tcas_size; i++)
1263 if (is_crl_issuer (crl, trusted_cas[i]) == 1)
1264 return trusted_cas[i];
1272 * Returns only 0 or 1. If 1 it means that the CRL
1273 * was successfuly verified.
1275 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
1277 * Output will hold information about the verification
1281 _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
1282 const gnutls_x509_crt_t * trusted_cas,
1283 int tcas_size, unsigned int flags, unsigned int *output)
1285 /* CRL is ignored for now */
1286 gnutls_datum_t crl_signed_data = { NULL, 0 };
1287 gnutls_datum_t crl_signature = { NULL, 0 };
1288 gnutls_x509_crt_t issuer;
1295 issuer = find_crl_issuer (crl, trusted_cas, tcas_size);
1300 *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
1304 /* issuer is not in trusted certificate
1311 *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
1315 if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN))
1317 if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1)
1321 *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
1327 _gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data);
1334 result = _gnutls_x509_get_signature (crl->crl, "signature", &crl_signature);
1342 _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature,
1344 if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
1347 /* error. ignore it */
1349 *output |= GNUTLS_CERT_INVALID;
1352 else if (result < 0)
1361 sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
1363 if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
1364 !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
1365 ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
1366 !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
1369 *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
1375 _gnutls_free_datum (&crl_signed_data);
1376 _gnutls_free_datum (&crl_signature);