1 /*
2  * X.509v3 certificate parsing and processing (RFC 3280 profile)
3  * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/crypto.h"
13 #include "asn1.h"
14 #include "x509v3.h"
15 
16 
x509_free_name(struct x509_name * name)17 void x509_free_name(struct x509_name *name)
18 {
19 	size_t i;
20 
21 	for (i = 0; i < name->num_attr; i++) {
22 		os_free(name->attr[i].value);
23 		name->attr[i].value = NULL;
24 		name->attr[i].type = X509_NAME_ATTR_NOT_USED;
25 	}
26 	name->num_attr = 0;
27 	os_free(name->email);
28 	name->email = NULL;
29 
30 	os_free(name->alt_email);
31 	os_free(name->dns);
32 	os_free(name->uri);
33 	os_free(name->ip);
34 	name->alt_email = name->dns = name->uri = NULL;
35 	name->ip = NULL;
36 	name->ip_len = 0;
37 	os_memset(&name->rid, 0, sizeof(name->rid));
38 }
39 
40 
41 /**
42  * x509_certificate_free - Free an X.509 certificate
43  * @cert: Certificate to be freed
44  */
x509_certificate_free(struct x509_certificate * cert)45 void x509_certificate_free(struct x509_certificate *cert)
46 {
47 	if (cert == NULL)
48 		return;
49 	if (cert->next) {
50 		wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
51 			   "was still on a list (next=%p)\n",
52 			   cert, cert->next);
53 	}
54 	x509_free_name(&cert->issuer);
55 	x509_free_name(&cert->subject);
56 	os_free(cert->public_key);
57 	os_free(cert->sign_value);
58 	os_free(cert->subject_dn);
59 	os_free(cert);
60 }
61 
62 
63 /**
64  * x509_certificate_free - Free an X.509 certificate chain
65  * @cert: Pointer to the first certificate in the chain
66  */
x509_certificate_chain_free(struct x509_certificate * cert)67 void x509_certificate_chain_free(struct x509_certificate *cert)
68 {
69 	struct x509_certificate *next;
70 
71 	while (cert) {
72 		next = cert->next;
73 		cert->next = NULL;
74 		x509_certificate_free(cert);
75 		cert = next;
76 	}
77 }
78 
79 
x509_whitespace(char c)80 static int x509_whitespace(char c)
81 {
82 	return c == ' ' || c == '\t';
83 }
84 
85 
x509_str_strip_whitespace(char * a)86 static void x509_str_strip_whitespace(char *a)
87 {
88 	char *ipos, *opos;
89 	int remove_whitespace = 1;
90 
91 	ipos = opos = a;
92 
93 	while (*ipos) {
94 		if (remove_whitespace && x509_whitespace(*ipos))
95 			ipos++;
96 		else {
97 			remove_whitespace = x509_whitespace(*ipos);
98 			*opos++ = *ipos++;
99 		}
100 	}
101 
102 	*opos-- = '\0';
103 	if (opos > a && x509_whitespace(*opos))
104 		*opos = '\0';
105 }
106 
107 
x509_str_compare(const char * a,const char * b)108 static int x509_str_compare(const char *a, const char *b)
109 {
110 	char *aa, *bb;
111 	int ret;
112 
113 	if (!a && b)
114 		return -1;
115 	if (a && !b)
116 		return 1;
117 	if (!a && !b)
118 		return 0;
119 
120 	aa = os_strdup(a);
121 	bb = os_strdup(b);
122 
123 	if (aa == NULL || bb == NULL) {
124 		os_free(aa);
125 		os_free(bb);
126 		return os_strcasecmp(a, b);
127 	}
128 
129 	x509_str_strip_whitespace(aa);
130 	x509_str_strip_whitespace(bb);
131 
132 	ret = os_strcasecmp(aa, bb);
133 
134 	os_free(aa);
135 	os_free(bb);
136 
137 	return ret;
138 }
139 
140 
141 /**
142  * x509_name_compare - Compare X.509 certificate names
143  * @a: Certificate name
144  * @b: Certificate name
145  * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
146  * greater than b
147  */
x509_name_compare(struct x509_name * a,struct x509_name * b)148 int x509_name_compare(struct x509_name *a, struct x509_name *b)
149 {
150 	int res;
151 	size_t i;
152 
153 	if (!a && b)
154 		return -1;
155 	if (a && !b)
156 		return 1;
157 	if (!a && !b)
158 		return 0;
159 	if (a->num_attr < b->num_attr)
160 		return -1;
161 	if (a->num_attr > b->num_attr)
162 		return 1;
163 
164 	for (i = 0; i < a->num_attr; i++) {
165 		if (a->attr[i].type < b->attr[i].type)
166 			return -1;
167 		if (a->attr[i].type > b->attr[i].type)
168 			return -1;
169 		res = x509_str_compare(a->attr[i].value, b->attr[i].value);
170 		if (res)
171 			return res;
172 	}
173 	res = x509_str_compare(a->email, b->email);
174 	if (res)
175 		return res;
176 
177 	return 0;
178 }
179 
180 
x509_parse_algorithm_identifier(const u8 * buf,size_t len,struct x509_algorithm_identifier * id,const u8 ** next)181 int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
182 				    struct x509_algorithm_identifier *id,
183 				    const u8 **next)
184 {
185 	struct asn1_hdr hdr;
186 	const u8 *pos, *end;
187 
188 	/*
189 	 * AlgorithmIdentifier ::= SEQUENCE {
190 	 *     algorithm            OBJECT IDENTIFIER,
191 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
192 	 * }
193 	 */
194 
195 	if (asn1_get_next(buf, len, &hdr) < 0 ||
196 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
197 	    hdr.tag != ASN1_TAG_SEQUENCE) {
198 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
199 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
200 			   hdr.class, hdr.tag);
201 		return -1;
202 	}
203 	if (hdr.length > buf + len - hdr.payload)
204 		return -1;
205 	pos = hdr.payload;
206 	end = pos + hdr.length;
207 
208 	*next = end;
209 
210 	if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
211 		return -1;
212 
213 	/* TODO: optional parameters */
214 
215 	return 0;
216 }
217 
218 
x509_parse_public_key(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)219 static int x509_parse_public_key(const u8 *buf, size_t len,
220 				 struct x509_certificate *cert,
221 				 const u8 **next)
222 {
223 	struct asn1_hdr hdr;
224 	const u8 *pos, *end;
225 
226 	/*
227 	 * SubjectPublicKeyInfo ::= SEQUENCE {
228 	 *     algorithm            AlgorithmIdentifier,
229 	 *     subjectPublicKey     BIT STRING
230 	 * }
231 	 */
232 
233 	pos = buf;
234 	end = buf + len;
235 
236 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
237 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
238 	    hdr.tag != ASN1_TAG_SEQUENCE) {
239 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
240 			   "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
241 			   hdr.class, hdr.tag);
242 		return -1;
243 	}
244 	pos = hdr.payload;
245 
246 	if (hdr.length > end - pos)
247 		return -1;
248 	end = pos + hdr.length;
249 	*next = end;
250 
251 	if (x509_parse_algorithm_identifier(pos, end - pos,
252 					    &cert->public_key_alg, &pos))
253 		return -1;
254 
255 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
256 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
257 	    hdr.tag != ASN1_TAG_BITSTRING) {
258 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
259 			   "(subjectPublicKey) - found class %d tag 0x%x",
260 			   hdr.class, hdr.tag);
261 		return -1;
262 	}
263 	if (hdr.length < 1)
264 		return -1;
265 	pos = hdr.payload;
266 	if (*pos) {
267 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
268 			   *pos);
269 		/*
270 		 * TODO: should this be rejected? X.509 certificates are
271 		 * unlikely to use such a construction. Now we would end up
272 		 * including the extra bits in the buffer which may also be
273 		 * ok.
274 		 */
275 	}
276 	os_free(cert->public_key);
277 	cert->public_key = os_malloc(hdr.length - 1);
278 	if (cert->public_key == NULL) {
279 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
280 			   "public key");
281 		return -1;
282 	}
283 	os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
284 	cert->public_key_len = hdr.length - 1;
285 	wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
286 		    cert->public_key, cert->public_key_len);
287 
288 	return 0;
289 }
290 
291 
x509_parse_name(const u8 * buf,size_t len,struct x509_name * name,const u8 ** next)292 int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
293 		    const u8 **next)
294 {
295 	struct asn1_hdr hdr;
296 	const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
297 	struct asn1_oid oid;
298 	char *val;
299 
300 	/*
301 	 * Name ::= CHOICE { RDNSequence }
302 	 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
303 	 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
304 	 * AttributeTypeAndValue ::= SEQUENCE {
305 	 *     type     AttributeType,
306 	 *     value    AttributeValue
307 	 * }
308 	 * AttributeType ::= OBJECT IDENTIFIER
309 	 * AttributeValue ::= ANY DEFINED BY AttributeType
310 	 */
311 
312 	if (asn1_get_next(buf, len, &hdr) < 0 ||
313 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
314 	    hdr.tag != ASN1_TAG_SEQUENCE) {
315 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
316 			   "(Name / RDNSequencer) - found class %d tag 0x%x",
317 			   hdr.class, hdr.tag);
318 		return -1;
319 	}
320 	pos = hdr.payload;
321 
322 	if (hdr.length > buf + len - pos)
323 		return -1;
324 
325 	end = *next = pos + hdr.length;
326 
327 	while (pos < end) {
328 		enum x509_name_attr_type type;
329 
330 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
331 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
332 		    hdr.tag != ASN1_TAG_SET) {
333 			wpa_printf(MSG_DEBUG, "X509: Expected SET "
334 				   "(RelativeDistinguishedName) - found class "
335 				   "%d tag 0x%x", hdr.class, hdr.tag);
336 			x509_free_name(name);
337 			return -1;
338 		}
339 
340 		set_pos = hdr.payload;
341 		pos = set_end = hdr.payload + hdr.length;
342 
343 		if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
344 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
345 		    hdr.tag != ASN1_TAG_SEQUENCE) {
346 			wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
347 				   "(AttributeTypeAndValue) - found class %d "
348 				   "tag 0x%x", hdr.class, hdr.tag);
349 			x509_free_name(name);
350 			return -1;
351 		}
352 
353 		seq_pos = hdr.payload;
354 		seq_end = hdr.payload + hdr.length;
355 
356 		if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
357 			x509_free_name(name);
358 			return -1;
359 		}
360 
361 		if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
362 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
363 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
364 				   "AttributeValue");
365 			x509_free_name(name);
366 			return -1;
367 		}
368 
369 		/* RFC 3280:
370 		 * MUST: country, organization, organizational-unit,
371 		 * distinguished name qualifier, state or province name,
372 		 * common name, serial number.
373 		 * SHOULD: locality, title, surname, given name, initials,
374 		 * pseudonym, generation qualifier.
375 		 * MUST: domainComponent (RFC 2247).
376 		 */
377 		type = X509_NAME_ATTR_NOT_USED;
378 		if (oid.len == 4 &&
379 		    oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
380 			/* id-at ::= 2.5.4 */
381 			switch (oid.oid[3]) {
382 			case 3:
383 				/* commonName */
384 				type = X509_NAME_ATTR_CN;
385 				break;
386 			case 6:
387 				/*  countryName */
388 				type = X509_NAME_ATTR_C;
389 				break;
390 			case 7:
391 				/* localityName */
392 				type = X509_NAME_ATTR_L;
393 				break;
394 			case 8:
395 				/* stateOrProvinceName */
396 				type = X509_NAME_ATTR_ST;
397 				break;
398 			case 10:
399 				/* organizationName */
400 				type = X509_NAME_ATTR_O;
401 				break;
402 			case 11:
403 				/* organizationalUnitName */
404 				type = X509_NAME_ATTR_OU;
405 				break;
406 			}
407 		} else if (oid.len == 7 &&
408 			   oid.oid[0] == 1 && oid.oid[1] == 2 &&
409 			   oid.oid[2] == 840 && oid.oid[3] == 113549 &&
410 			   oid.oid[4] == 1 && oid.oid[5] == 9 &&
411 			   oid.oid[6] == 1) {
412 			/* 1.2.840.113549.1.9.1 - e-mailAddress */
413 			os_free(name->email);
414 			name->email = os_malloc(hdr.length + 1);
415 			if (name->email == NULL) {
416 				x509_free_name(name);
417 				return -1;
418 			}
419 			os_memcpy(name->email, hdr.payload, hdr.length);
420 			name->email[hdr.length] = '\0';
421 			continue;
422 		} else if (oid.len == 7 &&
423 			   oid.oid[0] == 0 && oid.oid[1] == 9 &&
424 			   oid.oid[2] == 2342 && oid.oid[3] == 19200300 &&
425 			   oid.oid[4] == 100 && oid.oid[5] == 1 &&
426 			   oid.oid[6] == 25) {
427 			/* 0.9.2342.19200300.100.1.25 - domainComponent */
428 			type = X509_NAME_ATTR_DC;
429 		}
430 
431 		if (type == X509_NAME_ATTR_NOT_USED) {
432 			wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
433 				    (u8 *) oid.oid,
434 				    oid.len * sizeof(oid.oid[0]));
435 			wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
436 					  hdr.payload, hdr.length);
437 			continue;
438 		}
439 
440 		if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) {
441 			wpa_printf(MSG_INFO, "X509: Too many Name attributes");
442 			x509_free_name(name);
443 			return -1;
444 		}
445 
446 		val = dup_binstr(hdr.payload, hdr.length);
447 		if (val == NULL) {
448 			x509_free_name(name);
449 			return -1;
450 		}
451 		if (os_strlen(val) != hdr.length) {
452 			wpa_printf(MSG_INFO, "X509: Reject certificate with "
453 				   "embedded NUL byte in a string (%s[NUL])",
454 				   val);
455 			os_free(val);
456 			x509_free_name(name);
457 			return -1;
458 		}
459 
460 		name->attr[name->num_attr].type = type;
461 		name->attr[name->num_attr].value = val;
462 		name->num_attr++;
463 	}
464 
465 	return 0;
466 }
467 
468 
x509_name_attr_str(enum x509_name_attr_type type)469 static char * x509_name_attr_str(enum x509_name_attr_type type)
470 {
471 	switch (type) {
472 	case X509_NAME_ATTR_NOT_USED:
473 		return "[N/A]";
474 	case X509_NAME_ATTR_DC:
475 		return "DC";
476 	case X509_NAME_ATTR_CN:
477 		return "CN";
478 	case X509_NAME_ATTR_C:
479 		return "C";
480 	case X509_NAME_ATTR_L:
481 		return "L";
482 	case X509_NAME_ATTR_ST:
483 		return "ST";
484 	case X509_NAME_ATTR_O:
485 		return "O";
486 	case X509_NAME_ATTR_OU:
487 		return "OU";
488 	}
489 	return "?";
490 }
491 
492 
493 /**
494  * x509_name_string - Convert an X.509 certificate name into a string
495  * @name: Name to convert
496  * @buf: Buffer for the string
497  * @len: Maximum buffer length
498  */
x509_name_string(struct x509_name * name,char * buf,size_t len)499 void x509_name_string(struct x509_name *name, char *buf, size_t len)
500 {
501 	char *pos, *end;
502 	int ret;
503 	size_t i;
504 
505 	if (len == 0)
506 		return;
507 
508 	pos = buf;
509 	end = buf + len;
510 
511 	for (i = 0; i < name->num_attr; i++) {
512 		ret = os_snprintf(pos, end - pos, "%s=%s, ",
513 				  x509_name_attr_str(name->attr[i].type),
514 				  name->attr[i].value);
515 		if (os_snprintf_error(end - pos, ret))
516 			goto done;
517 		pos += ret;
518 	}
519 
520 	if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
521 		pos--;
522 		*pos = '\0';
523 		pos--;
524 		*pos = '\0';
525 	}
526 
527 	if (name->email) {
528 		ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
529 				  name->email);
530 		if (os_snprintf_error(end - pos, ret))
531 			goto done;
532 		pos += ret;
533 	}
534 
535 done:
536 	end[-1] = '\0';
537 }
538 
539 
x509_parse_time(const u8 * buf,size_t len,u8 asn1_tag,os_time_t * val)540 int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val)
541 {
542 	const char *pos;
543 	int year, month, day, hour, min, sec;
544 
545 	/*
546 	 * Time ::= CHOICE {
547 	 *     utcTime        UTCTime,
548 	 *     generalTime    GeneralizedTime
549 	 * }
550 	 *
551 	 * UTCTime: YYMMDDHHMMSSZ
552 	 * GeneralizedTime: YYYYMMDDHHMMSSZ
553 	 */
554 
555 	pos = (const char *) buf;
556 
557 	switch (asn1_tag) {
558 	case ASN1_TAG_UTCTIME:
559 		if (len != 13 || buf[12] != 'Z') {
560 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
561 					  "UTCTime format", buf, len);
562 			return -1;
563 		}
564 		if (sscanf(pos, "%02d", &year) != 1) {
565 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
566 					  "UTCTime year", buf, len);
567 			return -1;
568 		}
569 		if (year < 50)
570 			year += 2000;
571 		else
572 			year += 1900;
573 		pos += 2;
574 		break;
575 	case ASN1_TAG_GENERALIZEDTIME:
576 		if (len != 15 || buf[14] != 'Z') {
577 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
578 					  "GeneralizedTime format", buf, len);
579 			return -1;
580 		}
581 		if (sscanf(pos, "%04d", &year) != 1) {
582 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
583 					  "GeneralizedTime year", buf, len);
584 			return -1;
585 		}
586 		pos += 4;
587 		break;
588 	default:
589 		wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
590 			   "GeneralizedTime - found tag 0x%x", asn1_tag);
591 		return -1;
592 	}
593 
594 	if (sscanf(pos, "%02d", &month) != 1) {
595 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
596 				  "(month)", buf, len);
597 		return -1;
598 	}
599 	pos += 2;
600 
601 	if (sscanf(pos, "%02d", &day) != 1) {
602 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
603 				  "(day)", buf, len);
604 		return -1;
605 	}
606 	pos += 2;
607 
608 	if (sscanf(pos, "%02d", &hour) != 1) {
609 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
610 				  "(hour)", buf, len);
611 		return -1;
612 	}
613 	pos += 2;
614 
615 	if (sscanf(pos, "%02d", &min) != 1) {
616 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
617 				  "(min)", buf, len);
618 		return -1;
619 	}
620 	pos += 2;
621 
622 	if (sscanf(pos, "%02d", &sec) != 1) {
623 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
624 				  "(sec)", buf, len);
625 		return -1;
626 	}
627 
628 	if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
629 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
630 				  buf, len);
631 		if (year < 1970) {
632 			/*
633 			 * At least some test certificates have been configured
634 			 * to use dates prior to 1970. Set the date to
635 			 * beginning of 1970 to handle these case.
636 			 */
637 			wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
638 				   "assume epoch as the time", year);
639 			*val = 0;
640 			return 0;
641 		}
642 		return -1;
643 	}
644 
645 	return 0;
646 }
647 
648 
x509_parse_validity(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)649 static int x509_parse_validity(const u8 *buf, size_t len,
650 			       struct x509_certificate *cert, const u8 **next)
651 {
652 	struct asn1_hdr hdr;
653 	const u8 *pos;
654 	size_t plen;
655 
656 	/*
657 	 * Validity ::= SEQUENCE {
658 	 *     notBefore      Time,
659 	 *     notAfter       Time
660 	 * }
661 	 *
662 	 * RFC 3280, 4.1.2.5:
663 	 * CAs conforming to this profile MUST always encode certificate
664 	 * validity dates through the year 2049 as UTCTime; certificate
665 	 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
666 	 */
667 
668 	if (asn1_get_next(buf, len, &hdr) < 0 ||
669 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
670 	    hdr.tag != ASN1_TAG_SEQUENCE) {
671 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
672 			   "(Validity) - found class %d tag 0x%x",
673 			   hdr.class, hdr.tag);
674 		return -1;
675 	}
676 	pos = hdr.payload;
677 	plen = hdr.length;
678 
679 	if (plen > (size_t) (buf + len - pos))
680 		return -1;
681 
682 	*next = pos + plen;
683 
684 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
685 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
686 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
687 			    &cert->not_before) < 0) {
688 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
689 				  "Time", hdr.payload, hdr.length);
690 		return -1;
691 	}
692 
693 	pos = hdr.payload + hdr.length;
694 	plen = *next - pos;
695 
696 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
697 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
698 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
699 			    &cert->not_after) < 0) {
700 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
701 				  "Time", hdr.payload, hdr.length);
702 		return -1;
703 	}
704 
705 	wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
706 		   (unsigned long) cert->not_before,
707 		   (unsigned long) cert->not_after);
708 
709 	return 0;
710 }
711 
712 
x509_id_ce_oid(struct asn1_oid * oid)713 static int x509_id_ce_oid(struct asn1_oid *oid)
714 {
715 	/* id-ce arc from X.509 for standard X.509v3 extensions */
716 	return oid->len >= 4 &&
717 		oid->oid[0] == 2 /* joint-iso-ccitt */ &&
718 		oid->oid[1] == 5 /* ds */ &&
719 		oid->oid[2] == 29 /* id-ce */;
720 }
721 
722 
x509_any_ext_key_usage_oid(struct asn1_oid * oid)723 static int x509_any_ext_key_usage_oid(struct asn1_oid *oid)
724 {
725 	return oid->len == 6 &&
726 		x509_id_ce_oid(oid) &&
727 		oid->oid[3] == 37 /* extKeyUsage */ &&
728 		oid->oid[4] == 0 /* anyExtendedKeyUsage */;
729 }
730 
731 
x509_parse_ext_key_usage(struct x509_certificate * cert,const u8 * pos,size_t len)732 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
733 				    const u8 *pos, size_t len)
734 {
735 	struct asn1_hdr hdr;
736 
737 	/*
738 	 * KeyUsage ::= BIT STRING {
739 	 *     digitalSignature        (0),
740 	 *     nonRepudiation          (1),
741 	 *     keyEncipherment         (2),
742 	 *     dataEncipherment        (3),
743 	 *     keyAgreement            (4),
744 	 *     keyCertSign             (5),
745 	 *     cRLSign                 (6),
746 	 *     encipherOnly            (7),
747 	 *     decipherOnly            (8) }
748 	 */
749 
750 	if (asn1_get_next(pos, len, &hdr) < 0 ||
751 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
752 	    hdr.tag != ASN1_TAG_BITSTRING ||
753 	    hdr.length < 1) {
754 		wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
755 			   "KeyUsage; found %d tag 0x%x len %d",
756 			   hdr.class, hdr.tag, hdr.length);
757 		return -1;
758 	}
759 
760 	cert->extensions_present |= X509_EXT_KEY_USAGE;
761 	cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
762 
763 	wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
764 
765 	return 0;
766 }
767 
768 
x509_parse_ext_basic_constraints(struct x509_certificate * cert,const u8 * pos,size_t len)769 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
770 					    const u8 *pos, size_t len)
771 {
772 	struct asn1_hdr hdr;
773 	unsigned long value;
774 	size_t left;
775 
776 	/*
777 	 * BasicConstraints ::= SEQUENCE {
778 	 * cA                      BOOLEAN DEFAULT FALSE,
779 	 * pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
780 	 */
781 
782 	if (asn1_get_next(pos, len, &hdr) < 0 ||
783 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
784 	    hdr.tag != ASN1_TAG_SEQUENCE) {
785 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
786 			   "BasicConstraints; found %d tag 0x%x",
787 			   hdr.class, hdr.tag);
788 		return -1;
789 	}
790 
791 	cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
792 
793 	if (hdr.length == 0)
794 		return 0;
795 
796 	if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
797 	    hdr.class != ASN1_CLASS_UNIVERSAL) {
798 		wpa_printf(MSG_DEBUG, "X509: Failed to parse "
799 			   "BasicConstraints");
800 		return -1;
801 	}
802 
803 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
804 		if (hdr.length != 1) {
805 			wpa_printf(MSG_DEBUG, "X509: Unexpected "
806 				   "Boolean length (%u) in BasicConstraints",
807 				   hdr.length);
808 			return -1;
809 		}
810 		cert->ca = hdr.payload[0];
811 
812 		if (hdr.length == pos + len - hdr.payload) {
813 			wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
814 				   cert->ca);
815 			return 0;
816 		}
817 
818 		if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
819 				  &hdr) < 0 ||
820 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
821 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
822 				   "BasicConstraints");
823 			return -1;
824 		}
825 	}
826 
827 	if (hdr.tag != ASN1_TAG_INTEGER) {
828 		wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
829 			   "BasicConstraints; found class %d tag 0x%x",
830 			   hdr.class, hdr.tag);
831 		return -1;
832 	}
833 
834 	pos = hdr.payload;
835 	left = hdr.length;
836 	value = 0;
837 	while (left) {
838 		value <<= 8;
839 		value |= *pos++;
840 		left--;
841 	}
842 
843 	cert->path_len_constraint = value;
844 	cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
845 
846 	wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
847 		   "pathLenConstraint=%lu",
848 		   cert->ca, cert->path_len_constraint);
849 
850 	return 0;
851 }
852 
853 
x509_parse_alt_name_rfc8222(struct x509_name * name,const u8 * pos,size_t len)854 static int x509_parse_alt_name_rfc8222(struct x509_name *name,
855 				       const u8 *pos, size_t len)
856 {
857 	/* rfc822Name IA5String */
858 	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
859 	os_free(name->alt_email);
860 	name->alt_email = os_zalloc(len + 1);
861 	if (name->alt_email == NULL)
862 		return -1;
863 	os_memcpy(name->alt_email, pos, len);
864 	if (os_strlen(name->alt_email) != len) {
865 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
866 			   "embedded NUL byte in rfc822Name (%s[NUL])",
867 			   name->alt_email);
868 		os_free(name->alt_email);
869 		name->alt_email = NULL;
870 		return -1;
871 	}
872 	return 0;
873 }
874 
875 
x509_parse_alt_name_dns(struct x509_name * name,const u8 * pos,size_t len)876 static int x509_parse_alt_name_dns(struct x509_name *name,
877 				   const u8 *pos, size_t len)
878 {
879 	/* dNSName IA5String */
880 	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
881 	os_free(name->dns);
882 	name->dns = os_zalloc(len + 1);
883 	if (name->dns == NULL)
884 		return -1;
885 	os_memcpy(name->dns, pos, len);
886 	if (os_strlen(name->dns) != len) {
887 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
888 			   "embedded NUL byte in dNSName (%s[NUL])",
889 			   name->dns);
890 		os_free(name->dns);
891 		name->dns = NULL;
892 		return -1;
893 	}
894 	return 0;
895 }
896 
897 
x509_parse_alt_name_uri(struct x509_name * name,const u8 * pos,size_t len)898 static int x509_parse_alt_name_uri(struct x509_name *name,
899 				   const u8 *pos, size_t len)
900 {
901 	/* uniformResourceIdentifier IA5String */
902 	wpa_hexdump_ascii(MSG_MSGDUMP,
903 			  "X509: altName - uniformResourceIdentifier",
904 			  pos, len);
905 	os_free(name->uri);
906 	name->uri = os_zalloc(len + 1);
907 	if (name->uri == NULL)
908 		return -1;
909 	os_memcpy(name->uri, pos, len);
910 	if (os_strlen(name->uri) != len) {
911 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
912 			   "embedded NUL byte in uniformResourceIdentifier "
913 			   "(%s[NUL])", name->uri);
914 		os_free(name->uri);
915 		name->uri = NULL;
916 		return -1;
917 	}
918 	return 0;
919 }
920 
921 
x509_parse_alt_name_ip(struct x509_name * name,const u8 * pos,size_t len)922 static int x509_parse_alt_name_ip(struct x509_name *name,
923 				       const u8 *pos, size_t len)
924 {
925 	/* iPAddress OCTET STRING */
926 	wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
927 	os_free(name->ip);
928 	name->ip = os_malloc(len);
929 	if (name->ip == NULL)
930 		return -1;
931 	os_memcpy(name->ip, pos, len);
932 	name->ip_len = len;
933 	return 0;
934 }
935 
936 
x509_parse_alt_name_rid(struct x509_name * name,const u8 * pos,size_t len)937 static int x509_parse_alt_name_rid(struct x509_name *name,
938 				   const u8 *pos, size_t len)
939 {
940 	char buf[80];
941 
942 	/* registeredID OBJECT IDENTIFIER */
943 	if (asn1_parse_oid(pos, len, &name->rid) < 0)
944 		return -1;
945 
946 	asn1_oid_to_str(&name->rid, buf, sizeof(buf));
947 	wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
948 
949 	return 0;
950 }
951 
952 
x509_parse_ext_alt_name(struct x509_name * name,const u8 * pos,size_t len)953 static int x509_parse_ext_alt_name(struct x509_name *name,
954 				   const u8 *pos, size_t len)
955 {
956 	struct asn1_hdr hdr;
957 	const u8 *p, *end;
958 
959 	/*
960 	 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
961 	 *
962 	 * GeneralName ::= CHOICE {
963 	 *     otherName                       [0]     OtherName,
964 	 *     rfc822Name                      [1]     IA5String,
965 	 *     dNSName                         [2]     IA5String,
966 	 *     x400Address                     [3]     ORAddress,
967 	 *     directoryName                   [4]     Name,
968 	 *     ediPartyName                    [5]     EDIPartyName,
969 	 *     uniformResourceIdentifier       [6]     IA5String,
970 	 *     iPAddress                       [7]     OCTET STRING,
971 	 *     registeredID                    [8]     OBJECT IDENTIFIER }
972 	 *
973 	 * OtherName ::= SEQUENCE {
974 	 *     type-id    OBJECT IDENTIFIER,
975 	 *     value      [0] EXPLICIT ANY DEFINED BY type-id }
976 	 *
977 	 * EDIPartyName ::= SEQUENCE {
978 	 *     nameAssigner            [0]     DirectoryString OPTIONAL,
979 	 *     partyName               [1]     DirectoryString }
980 	 */
981 
982 	for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
983 		int res;
984 
985 		if (asn1_get_next(p, end - p, &hdr) < 0) {
986 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
987 				   "SubjectAltName item");
988 			return -1;
989 		}
990 
991 		if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
992 			continue;
993 
994 		switch (hdr.tag) {
995 		case 1:
996 			res = x509_parse_alt_name_rfc8222(name, hdr.payload,
997 							  hdr.length);
998 			break;
999 		case 2:
1000 			res = x509_parse_alt_name_dns(name, hdr.payload,
1001 						      hdr.length);
1002 			break;
1003 		case 6:
1004 			res = x509_parse_alt_name_uri(name, hdr.payload,
1005 						      hdr.length);
1006 			break;
1007 		case 7:
1008 			res = x509_parse_alt_name_ip(name, hdr.payload,
1009 						     hdr.length);
1010 			break;
1011 		case 8:
1012 			res = x509_parse_alt_name_rid(name, hdr.payload,
1013 						      hdr.length);
1014 			break;
1015 		case 0: /* TODO: otherName */
1016 		case 3: /* TODO: x500Address */
1017 		case 4: /* TODO: directoryName */
1018 		case 5: /* TODO: ediPartyName */
1019 		default:
1020 			res = 0;
1021 			break;
1022 		}
1023 		if (res < 0)
1024 			return res;
1025 	}
1026 
1027 	return 0;
1028 }
1029 
1030 
x509_parse_ext_subject_alt_name(struct x509_certificate * cert,const u8 * pos,size_t len)1031 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1032 					   const u8 *pos, size_t len)
1033 {
1034 	struct asn1_hdr hdr;
1035 
1036 	/* SubjectAltName ::= GeneralNames */
1037 
1038 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1039 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1040 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1041 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1042 			   "SubjectAltName; found %d tag 0x%x",
1043 			   hdr.class, hdr.tag);
1044 		return -1;
1045 	}
1046 
1047 	wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
1048 	cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1049 
1050 	if (hdr.length == 0)
1051 		return 0;
1052 
1053 	return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1054 				       hdr.length);
1055 }
1056 
1057 
x509_parse_ext_issuer_alt_name(struct x509_certificate * cert,const u8 * pos,size_t len)1058 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1059 					  const u8 *pos, size_t len)
1060 {
1061 	struct asn1_hdr hdr;
1062 
1063 	/* IssuerAltName ::= GeneralNames */
1064 
1065 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1066 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1067 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1068 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1069 			   "IssuerAltName; found %d tag 0x%x",
1070 			   hdr.class, hdr.tag);
1071 		return -1;
1072 	}
1073 
1074 	wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
1075 	cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1076 
1077 	if (hdr.length == 0)
1078 		return 0;
1079 
1080 	return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1081 				       hdr.length);
1082 }
1083 
1084 
x509_id_pkix_oid(struct asn1_oid * oid)1085 static int x509_id_pkix_oid(struct asn1_oid *oid)
1086 {
1087 	return oid->len >= 7 &&
1088 		oid->oid[0] == 1 /* iso */ &&
1089 		oid->oid[1] == 3 /* identified-organization */ &&
1090 		oid->oid[2] == 6 /* dod */ &&
1091 		oid->oid[3] == 1 /* internet */ &&
1092 		oid->oid[4] == 5 /* security */ &&
1093 		oid->oid[5] == 5 /* mechanisms */ &&
1094 		oid->oid[6] == 7 /* id-pkix */;
1095 }
1096 
1097 
x509_id_kp_oid(struct asn1_oid * oid)1098 static int x509_id_kp_oid(struct asn1_oid *oid)
1099 {
1100 	/* id-kp */
1101 	return oid->len >= 8 &&
1102 		x509_id_pkix_oid(oid) &&
1103 		oid->oid[7] == 3 /* id-kp */;
1104 }
1105 
1106 
x509_id_kp_server_auth_oid(struct asn1_oid * oid)1107 static int x509_id_kp_server_auth_oid(struct asn1_oid *oid)
1108 {
1109 	/* id-kp */
1110 	return oid->len == 9 &&
1111 		x509_id_kp_oid(oid) &&
1112 		oid->oid[8] == 1 /* id-kp-serverAuth */;
1113 }
1114 
1115 
x509_id_kp_client_auth_oid(struct asn1_oid * oid)1116 static int x509_id_kp_client_auth_oid(struct asn1_oid *oid)
1117 {
1118 	/* id-kp */
1119 	return oid->len == 9 &&
1120 		x509_id_kp_oid(oid) &&
1121 		oid->oid[8] == 2 /* id-kp-clientAuth */;
1122 }
1123 
1124 
x509_id_kp_ocsp_oid(struct asn1_oid * oid)1125 static int x509_id_kp_ocsp_oid(struct asn1_oid *oid)
1126 {
1127 	/* id-kp */
1128 	return oid->len == 9 &&
1129 		x509_id_kp_oid(oid) &&
1130 		oid->oid[8] == 9 /* id-kp-OCSPSigning */;
1131 }
1132 
1133 
x509_parse_ext_ext_key_usage(struct x509_certificate * cert,const u8 * pos,size_t len)1134 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
1135 					const u8 *pos, size_t len)
1136 {
1137 	struct asn1_hdr hdr;
1138 	const u8 *end;
1139 	struct asn1_oid oid;
1140 
1141 	/*
1142 	 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
1143 	 *
1144 	 * KeyPurposeId ::= OBJECT IDENTIFIER
1145 	 */
1146 
1147 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1148 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1149 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1150 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1151 			   "(ExtKeyUsageSyntax) - found class %d tag 0x%x",
1152 			   hdr.class, hdr.tag);
1153 		return -1;
1154 	}
1155 	if (hdr.length > pos + len - hdr.payload)
1156 		return -1;
1157 	pos = hdr.payload;
1158 	end = pos + hdr.length;
1159 
1160 	wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos);
1161 
1162 	while (pos < end) {
1163 		char buf[80];
1164 
1165 		if (asn1_get_oid(pos, end - pos, &oid, &pos))
1166 			return -1;
1167 		if (x509_any_ext_key_usage_oid(&oid)) {
1168 			os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf));
1169 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY;
1170 		} else if (x509_id_kp_server_auth_oid(&oid)) {
1171 			os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf));
1172 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH;
1173 		} else if (x509_id_kp_client_auth_oid(&oid)) {
1174 			os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf));
1175 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
1176 		} else if (x509_id_kp_ocsp_oid(&oid)) {
1177 			os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf));
1178 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP;
1179 		} else {
1180 			asn1_oid_to_str(&oid, buf, sizeof(buf));
1181 		}
1182 		wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf);
1183 	}
1184 
1185 	cert->extensions_present |= X509_EXT_EXT_KEY_USAGE;
1186 
1187 	return 0;
1188 }
1189 
1190 
x509_parse_extension_data(struct x509_certificate * cert,struct asn1_oid * oid,const u8 * pos,size_t len)1191 static int x509_parse_extension_data(struct x509_certificate *cert,
1192 				     struct asn1_oid *oid,
1193 				     const u8 *pos, size_t len)
1194 {
1195 	if (!x509_id_ce_oid(oid))
1196 		return 1;
1197 
1198 	/* TODO: add other extensions required by RFC 3280, Ch 4.2:
1199 	 * certificate policies (section 4.2.1.5)
1200 	 * name constraints (section 4.2.1.11)
1201 	 * policy constraints (section 4.2.1.12)
1202 	 * inhibit any-policy (section 4.2.1.15)
1203 	 */
1204 	switch (oid->oid[3]) {
1205 	case 15: /* id-ce-keyUsage */
1206 		return x509_parse_ext_key_usage(cert, pos, len);
1207 	case 17: /* id-ce-subjectAltName */
1208 		return x509_parse_ext_subject_alt_name(cert, pos, len);
1209 	case 18: /* id-ce-issuerAltName */
1210 		return x509_parse_ext_issuer_alt_name(cert, pos, len);
1211 	case 19: /* id-ce-basicConstraints */
1212 		return x509_parse_ext_basic_constraints(cert, pos, len);
1213 	case 37: /* id-ce-extKeyUsage */
1214 		return x509_parse_ext_ext_key_usage(cert, pos, len);
1215 	default:
1216 		return 1;
1217 	}
1218 }
1219 
1220 
x509_parse_extension(struct x509_certificate * cert,const u8 * pos,size_t len,const u8 ** next)1221 static int x509_parse_extension(struct x509_certificate *cert,
1222 				const u8 *pos, size_t len, const u8 **next)
1223 {
1224 	const u8 *end;
1225 	struct asn1_hdr hdr;
1226 	struct asn1_oid oid;
1227 	int critical_ext = 0, res;
1228 	char buf[80];
1229 
1230 	/*
1231 	 * Extension  ::=  SEQUENCE  {
1232 	 *     extnID      OBJECT IDENTIFIER,
1233 	 *     critical    BOOLEAN DEFAULT FALSE,
1234 	 *     extnValue   OCTET STRING
1235 	 * }
1236 	 */
1237 
1238 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1239 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1240 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1241 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1242 			   "Extensions: class %d tag 0x%x; expected SEQUENCE",
1243 			   hdr.class, hdr.tag);
1244 		return -1;
1245 	}
1246 	pos = hdr.payload;
1247 	*next = end = pos + hdr.length;
1248 
1249 	if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
1250 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
1251 			   "Extension (expected OID)");
1252 		return -1;
1253 	}
1254 
1255 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1256 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1257 	    (hdr.tag != ASN1_TAG_BOOLEAN &&
1258 	     hdr.tag != ASN1_TAG_OCTETSTRING)) {
1259 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1260 			   "Extensions: class %d tag 0x%x; expected BOOLEAN "
1261 			   "or OCTET STRING", hdr.class, hdr.tag);
1262 		return -1;
1263 	}
1264 
1265 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
1266 		if (hdr.length != 1) {
1267 			wpa_printf(MSG_DEBUG, "X509: Unexpected "
1268 				   "Boolean length (%u)", hdr.length);
1269 			return -1;
1270 		}
1271 		critical_ext = hdr.payload[0];
1272 		pos = hdr.payload;
1273 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1274 		    (hdr.class != ASN1_CLASS_UNIVERSAL &&
1275 		     hdr.class != ASN1_CLASS_PRIVATE) ||
1276 		    hdr.tag != ASN1_TAG_OCTETSTRING) {
1277 			wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
1278 				   "in Extensions: class %d tag 0x%x; "
1279 				   "expected OCTET STRING",
1280 				   hdr.class, hdr.tag);
1281 			return -1;
1282 		}
1283 	}
1284 
1285 	asn1_oid_to_str(&oid, buf, sizeof(buf));
1286 	wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
1287 		   buf, critical_ext);
1288 	wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
1289 
1290 	res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1291 	if (res < 0)
1292 		return res;
1293 	if (res == 1 && critical_ext) {
1294 		wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
1295 			   buf);
1296 		return -1;
1297 	}
1298 
1299 	return 0;
1300 }
1301 
1302 
x509_parse_extensions(struct x509_certificate * cert,const u8 * pos,size_t len)1303 static int x509_parse_extensions(struct x509_certificate *cert,
1304 				 const u8 *pos, size_t len)
1305 {
1306 	const u8 *end;
1307 	struct asn1_hdr hdr;
1308 
1309 	/* Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension */
1310 
1311 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1312 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1313 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1314 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
1315 			   "for Extensions: class %d tag 0x%x; "
1316 			   "expected SEQUENCE", hdr.class, hdr.tag);
1317 		return -1;
1318 	}
1319 
1320 	pos = hdr.payload;
1321 	end = pos + hdr.length;
1322 
1323 	while (pos < end) {
1324 		if (x509_parse_extension(cert, pos, end - pos, &pos)
1325 		    < 0)
1326 			return -1;
1327 	}
1328 
1329 	return 0;
1330 }
1331 
1332 
x509_parse_tbs_certificate(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)1333 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
1334 				      struct x509_certificate *cert,
1335 				      const u8 **next)
1336 {
1337 	struct asn1_hdr hdr;
1338 	const u8 *pos, *end;
1339 	size_t left;
1340 	char sbuf[128];
1341 	unsigned long value;
1342 	const u8 *subject_dn;
1343 
1344 	/* tbsCertificate TBSCertificate ::= SEQUENCE */
1345 	if (asn1_get_next(buf, len, &hdr) < 0 ||
1346 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1347 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1348 		wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
1349 			   "with a valid SEQUENCE - found class %d tag 0x%x",
1350 			   hdr.class, hdr.tag);
1351 		return -1;
1352 	}
1353 	pos = hdr.payload;
1354 	end = *next = pos + hdr.length;
1355 
1356 	/*
1357 	 * version [0]  EXPLICIT Version DEFAULT v1
1358 	 * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
1359 	 */
1360 	if (asn1_get_next(pos, end - pos, &hdr) < 0)
1361 		return -1;
1362 	pos = hdr.payload;
1363 
1364 	if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
1365 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
1366 			return -1;
1367 
1368 		if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1369 		    hdr.tag != ASN1_TAG_INTEGER) {
1370 			wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1371 				   "version field - found class %d tag 0x%x",
1372 				   hdr.class, hdr.tag);
1373 			return -1;
1374 		}
1375 		if (hdr.length != 1) {
1376 			wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
1377 				   "length %u (expected 1)", hdr.length);
1378 			return -1;
1379 		}
1380 		pos = hdr.payload;
1381 		left = hdr.length;
1382 		value = 0;
1383 		while (left) {
1384 			value <<= 8;
1385 			value |= *pos++;
1386 			left--;
1387 		}
1388 
1389 		cert->version = value;
1390 		if (cert->version != X509_CERT_V1 &&
1391 		    cert->version != X509_CERT_V2 &&
1392 		    cert->version != X509_CERT_V3) {
1393 			wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
1394 				   cert->version + 1);
1395 			return -1;
1396 		}
1397 
1398 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
1399 			return -1;
1400 	} else
1401 		cert->version = X509_CERT_V1;
1402 	wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1403 
1404 	/* serialNumber CertificateSerialNumber ::= INTEGER */
1405 	if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1406 	    hdr.tag != ASN1_TAG_INTEGER ||
1407 	    hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) {
1408 		wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1409 			   "serialNumber; class=%d tag=0x%x length=%u",
1410 			   hdr.class, hdr.tag, hdr.length);
1411 		return -1;
1412 	}
1413 
1414 	pos = hdr.payload + hdr.length;
1415 	while (hdr.length > 0 && hdr.payload[0] == 0) {
1416 		hdr.payload++;
1417 		hdr.length--;
1418 	}
1419 	os_memcpy(cert->serial_number, hdr.payload, hdr.length);
1420 	cert->serial_number_len = hdr.length;
1421 	wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number,
1422 		    cert->serial_number_len);
1423 
1424 	/* signature AlgorithmIdentifier */
1425 	if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1426 					    &pos))
1427 		return -1;
1428 
1429 	/* issuer Name */
1430 	if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1431 		return -1;
1432 	x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1433 	wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
1434 
1435 	/* validity Validity */
1436 	if (x509_parse_validity(pos, end - pos, cert, &pos))
1437 		return -1;
1438 
1439 	/* subject Name */
1440 	subject_dn = pos;
1441 	if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1442 		return -1;
1443 	cert->subject_dn = os_malloc(pos - subject_dn);
1444 	if (!cert->subject_dn)
1445 		return -1;
1446 	cert->subject_dn_len = pos - subject_dn;
1447 	os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
1448 	x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1449 	wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
1450 
1451 	/* subjectPublicKeyInfo SubjectPublicKeyInfo */
1452 	if (x509_parse_public_key(pos, end - pos, cert, &pos))
1453 		return -1;
1454 
1455 	if (pos == end)
1456 		return 0;
1457 
1458 	if (cert->version == X509_CERT_V1)
1459 		return 0;
1460 
1461 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1462 	    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1463 		wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1464 			   " tag to parse optional tbsCertificate "
1465 			   "field(s); parsed class %d tag 0x%x",
1466 			   hdr.class, hdr.tag);
1467 		return -1;
1468 	}
1469 
1470 	if (hdr.tag == 1) {
1471 		/* issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL */
1472 		wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
1473 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
1474 
1475 		pos = hdr.payload + hdr.length;
1476 		if (pos == end)
1477 			return 0;
1478 
1479 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1480 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1481 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1482 				   " tag to parse optional tbsCertificate "
1483 				   "field(s); parsed class %d tag 0x%x",
1484 				   hdr.class, hdr.tag);
1485 			return -1;
1486 		}
1487 	}
1488 
1489 	if (hdr.tag == 2) {
1490 		/* subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL */
1491 		wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
1492 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
1493 
1494 		pos = hdr.payload + hdr.length;
1495 		if (pos == end)
1496 			return 0;
1497 
1498 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1499 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1500 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1501 				   " tag to parse optional tbsCertificate "
1502 				   "field(s); parsed class %d tag 0x%x",
1503 				   hdr.class, hdr.tag);
1504 			return -1;
1505 		}
1506 	}
1507 
1508 	if (hdr.tag != 3) {
1509 		wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
1510 			   "Context-Specific tag %d in optional "
1511 			   "tbsCertificate fields", hdr.tag);
1512 		return 0;
1513 	}
1514 
1515 	/* extensions      [3]  EXPLICIT Extensions OPTIONAL */
1516 
1517 	if (cert->version != X509_CERT_V3) {
1518 		wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
1519 			   "Extensions data which are only allowed for "
1520 			   "version 3", cert->version + 1);
1521 		return -1;
1522 	}
1523 
1524 	if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1525 		return -1;
1526 
1527 	pos = hdr.payload + hdr.length;
1528 	if (pos < end) {
1529 		wpa_hexdump(MSG_DEBUG,
1530 			    "X509: Ignored extra tbsCertificate data",
1531 			    pos, end - pos);
1532 	}
1533 
1534 	return 0;
1535 }
1536 
1537 
x509_rsadsi_oid(struct asn1_oid * oid)1538 static int x509_rsadsi_oid(struct asn1_oid *oid)
1539 {
1540 	return oid->len >= 4 &&
1541 		oid->oid[0] == 1 /* iso */ &&
1542 		oid->oid[1] == 2 /* member-body */ &&
1543 		oid->oid[2] == 840 /* us */ &&
1544 		oid->oid[3] == 113549 /* rsadsi */;
1545 }
1546 
1547 
x509_pkcs_oid(struct asn1_oid * oid)1548 static int x509_pkcs_oid(struct asn1_oid *oid)
1549 {
1550 	return oid->len >= 5 &&
1551 		x509_rsadsi_oid(oid) &&
1552 		oid->oid[4] == 1 /* pkcs */;
1553 }
1554 
1555 
x509_digest_oid(struct asn1_oid * oid)1556 static int x509_digest_oid(struct asn1_oid *oid)
1557 {
1558 	return oid->len >= 5 &&
1559 		x509_rsadsi_oid(oid) &&
1560 		oid->oid[4] == 2 /* digestAlgorithm */;
1561 }
1562 
1563 
x509_sha1_oid(struct asn1_oid * oid)1564 int x509_sha1_oid(struct asn1_oid *oid)
1565 {
1566 	return oid->len == 6 &&
1567 		oid->oid[0] == 1 /* iso */ &&
1568 		oid->oid[1] == 3 /* identified-organization */ &&
1569 		oid->oid[2] == 14 /* oiw */ &&
1570 		oid->oid[3] == 3 /* secsig */ &&
1571 		oid->oid[4] == 2 /* algorithms */ &&
1572 		oid->oid[5] == 26 /* id-sha1 */;
1573 }
1574 
1575 
x509_sha2_oid(struct asn1_oid * oid)1576 static int x509_sha2_oid(struct asn1_oid *oid)
1577 {
1578 	return oid->len == 9 &&
1579 		oid->oid[0] == 2 /* joint-iso-itu-t */ &&
1580 		oid->oid[1] == 16 /* country */ &&
1581 		oid->oid[2] == 840 /* us */ &&
1582 		oid->oid[3] == 1 /* organization */ &&
1583 		oid->oid[4] == 101 /* gov */ &&
1584 		oid->oid[5] == 3 /* csor */ &&
1585 		oid->oid[6] == 4 /* nistAlgorithm */ &&
1586 		oid->oid[7] == 2 /* hashAlgs */;
1587 }
1588 
1589 
x509_sha256_oid(struct asn1_oid * oid)1590 int x509_sha256_oid(struct asn1_oid *oid)
1591 {
1592 	return x509_sha2_oid(oid) &&
1593 		oid->oid[8] == 1 /* sha256 */;
1594 }
1595 
1596 
x509_sha384_oid(struct asn1_oid * oid)1597 int x509_sha384_oid(struct asn1_oid *oid)
1598 {
1599 	return x509_sha2_oid(oid) &&
1600 		oid->oid[8] == 2 /* sha384 */;
1601 }
1602 
1603 
x509_sha512_oid(struct asn1_oid * oid)1604 int x509_sha512_oid(struct asn1_oid *oid)
1605 {
1606 	return x509_sha2_oid(oid) &&
1607 		oid->oid[8] == 3 /* sha512 */;
1608 }
1609 
1610 
1611 /**
1612  * x509_certificate_parse - Parse a X.509 certificate in DER format
1613  * @buf: Pointer to the X.509 certificate in DER format
1614  * @len: Buffer length
1615  * Returns: Pointer to the parsed certificate or %NULL on failure
1616  *
1617  * Caller is responsible for freeing the returned certificate by calling
1618  * x509_certificate_free().
1619  */
x509_certificate_parse(const u8 * buf,size_t len)1620 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
1621 {
1622 	struct asn1_hdr hdr;
1623 	const u8 *pos, *end, *hash_start;
1624 	struct x509_certificate *cert;
1625 
1626 	cert = os_zalloc(sizeof(*cert) + len);
1627 	if (cert == NULL)
1628 		return NULL;
1629 	os_memcpy(cert + 1, buf, len);
1630 	cert->cert_start = (u8 *) (cert + 1);
1631 	cert->cert_len = len;
1632 
1633 	pos = buf;
1634 	end = buf + len;
1635 
1636 	/* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
1637 
1638 	/* Certificate ::= SEQUENCE */
1639 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1640 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1641 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1642 		wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
1643 			   "a valid SEQUENCE - found class %d tag 0x%x",
1644 			   hdr.class, hdr.tag);
1645 		x509_certificate_free(cert);
1646 		return NULL;
1647 	}
1648 	pos = hdr.payload;
1649 
1650 	if (hdr.length > end - pos) {
1651 		x509_certificate_free(cert);
1652 		return NULL;
1653 	}
1654 
1655 	if (hdr.length < end - pos) {
1656 		wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
1657 			    "encoded certificate",
1658 			    pos + hdr.length, end - (pos + hdr.length));
1659 		end = pos + hdr.length;
1660 	}
1661 
1662 	hash_start = pos;
1663 	cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1664 	if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1665 		x509_certificate_free(cert);
1666 		return NULL;
1667 	}
1668 	cert->tbs_cert_len = pos - hash_start;
1669 
1670 	/* signatureAlgorithm AlgorithmIdentifier */
1671 	if (x509_parse_algorithm_identifier(pos, end - pos,
1672 					    &cert->signature_alg, &pos)) {
1673 		x509_certificate_free(cert);
1674 		return NULL;
1675 	}
1676 
1677 	/* signatureValue BIT STRING */
1678 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1679 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1680 	    hdr.tag != ASN1_TAG_BITSTRING) {
1681 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
1682 			   "(signatureValue) - found class %d tag 0x%x",
1683 			   hdr.class, hdr.tag);
1684 		x509_certificate_free(cert);
1685 		return NULL;
1686 	}
1687 	if (hdr.length < 1) {
1688 		x509_certificate_free(cert);
1689 		return NULL;
1690 	}
1691 	pos = hdr.payload;
1692 	if (*pos) {
1693 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
1694 			   *pos);
1695 		/* PKCS #1 v1.5 10.2.1:
1696 		 * It is an error if the length in bits of the signature S is
1697 		 * not a multiple of eight.
1698 		 */
1699 		x509_certificate_free(cert);
1700 		return NULL;
1701 	}
1702 	os_free(cert->sign_value);
1703 	cert->sign_value = os_malloc(hdr.length - 1);
1704 	if (cert->sign_value == NULL) {
1705 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
1706 			   "signatureValue");
1707 		x509_certificate_free(cert);
1708 		return NULL;
1709 	}
1710 	os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1711 	cert->sign_value_len = hdr.length - 1;
1712 	wpa_hexdump(MSG_MSGDUMP, "X509: signature",
1713 		    cert->sign_value, cert->sign_value_len);
1714 
1715 	return cert;
1716 }
1717 
1718 
1719 /**
1720  * x509_certificate_check_signature - Verify certificate signature
1721  * @issuer: Issuer certificate
1722  * @cert: Certificate to be verified
1723  * Returns: 0 if cert has a valid signature that was signed by the issuer,
1724  * -1 if not
1725  */
x509_certificate_check_signature(struct x509_certificate * issuer,struct x509_certificate * cert)1726 int x509_certificate_check_signature(struct x509_certificate *issuer,
1727 				     struct x509_certificate *cert)
1728 {
1729 	return x509_check_signature(issuer, &cert->signature,
1730 				    cert->sign_value, cert->sign_value_len,
1731 				    cert->tbs_cert_start, cert->tbs_cert_len);
1732 }
1733 
1734 
x509_check_signature(struct x509_certificate * issuer,struct x509_algorithm_identifier * signature,const u8 * sign_value,size_t sign_value_len,const u8 * signed_data,size_t signed_data_len)1735 int x509_check_signature(struct x509_certificate *issuer,
1736 			 struct x509_algorithm_identifier *signature,
1737 			 const u8 *sign_value, size_t sign_value_len,
1738 			 const u8 *signed_data, size_t signed_data_len)
1739 {
1740 	struct crypto_public_key *pk;
1741 	u8 *data;
1742 	const u8 *pos, *end, *next, *da_end;
1743 	size_t data_len;
1744 	struct asn1_hdr hdr;
1745 	struct asn1_oid oid;
1746 	u8 hash[64];
1747 	size_t hash_len;
1748 	const u8 *addr[1] = { signed_data };
1749 	size_t len[1] = { signed_data_len };
1750 
1751 	if (!x509_pkcs_oid(&signature->oid) ||
1752 	    signature->oid.len != 7 ||
1753 	    signature->oid.oid[5] != 1 /* pkcs-1 */) {
1754 		wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
1755 			   "algorithm");
1756 		return -1;
1757 	}
1758 
1759 	pk = crypto_public_key_import(issuer->public_key,
1760 				      issuer->public_key_len);
1761 	if (pk == NULL)
1762 		return -1;
1763 
1764 	data_len = sign_value_len;
1765 	data = os_malloc(data_len);
1766 	if (data == NULL) {
1767 		crypto_public_key_free(pk);
1768 		return -1;
1769 	}
1770 
1771 	if (crypto_public_key_decrypt_pkcs1(pk, sign_value,
1772 					    sign_value_len, data,
1773 					    &data_len) < 0) {
1774 		wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
1775 		crypto_public_key_free(pk);
1776 		os_free(data);
1777 		return -1;
1778 	}
1779 	crypto_public_key_free(pk);
1780 
1781 	wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
1782 
1783 	/*
1784 	 * PKCS #1 v1.5, 10.1.2:
1785 	 *
1786 	 * DigestInfo ::= SEQUENCE {
1787 	 *     digestAlgorithm DigestAlgorithmIdentifier,
1788 	 *     digest Digest
1789 	 * }
1790 	 *
1791 	 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1792 	 *
1793 	 * Digest ::= OCTET STRING
1794 	 *
1795 	 */
1796 	if (asn1_get_next(data, data_len, &hdr) < 0 ||
1797 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1798 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1799 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1800 			   "(DigestInfo) - found class %d tag 0x%x",
1801 			   hdr.class, hdr.tag);
1802 		os_free(data);
1803 		return -1;
1804 	}
1805 
1806 	pos = hdr.payload;
1807 	end = pos + hdr.length;
1808 
1809 	/*
1810 	 * X.509:
1811 	 * AlgorithmIdentifier ::= SEQUENCE {
1812 	 *     algorithm            OBJECT IDENTIFIER,
1813 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
1814 	 * }
1815 	 */
1816 
1817 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1818 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1819 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1820 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1821 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
1822 			   hdr.class, hdr.tag);
1823 		os_free(data);
1824 		return -1;
1825 	}
1826 	da_end = hdr.payload + hdr.length;
1827 
1828 	if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
1829 		wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
1830 		os_free(data);
1831 		return -1;
1832 	}
1833 
1834 	if (x509_sha1_oid(&oid)) {
1835 		if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
1836 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
1837 				   "does not match with certificate "
1838 				   "signatureAlgorithm (%lu)",
1839 				   signature->oid.oid[6]);
1840 			os_free(data);
1841 			return -1;
1842 		}
1843 		goto skip_digest_oid;
1844 	}
1845 
1846 	if (x509_sha256_oid(&oid)) {
1847 		if (signature->oid.oid[6] !=
1848 		    11 /* sha2561WithRSAEncryption */) {
1849 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
1850 				   "does not match with certificate "
1851 				   "signatureAlgorithm (%lu)",
1852 				   signature->oid.oid[6]);
1853 			os_free(data);
1854 			return -1;
1855 		}
1856 		goto skip_digest_oid;
1857 	}
1858 
1859 	if (x509_sha384_oid(&oid)) {
1860 		if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) {
1861 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 "
1862 				   "does not match with certificate "
1863 				   "signatureAlgorithm (%lu)",
1864 				   signature->oid.oid[6]);
1865 			os_free(data);
1866 			return -1;
1867 		}
1868 		goto skip_digest_oid;
1869 	}
1870 
1871 	if (x509_sha512_oid(&oid)) {
1872 		if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) {
1873 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 "
1874 				   "does not match with certificate "
1875 				   "signatureAlgorithm (%lu)",
1876 				   signature->oid.oid[6]);
1877 			os_free(data);
1878 			return -1;
1879 		}
1880 		goto skip_digest_oid;
1881 	}
1882 
1883 	if (!x509_digest_oid(&oid)) {
1884 		wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
1885 		os_free(data);
1886 		return -1;
1887 	}
1888 	switch (oid.oid[5]) {
1889 	case 5: /* md5 */
1890 		if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) {
1891 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
1892 				   "not match with certificate "
1893 				   "signatureAlgorithm (%lu)",
1894 				   signature->oid.oid[6]);
1895 			os_free(data);
1896 			return -1;
1897 		}
1898 		break;
1899 	case 2: /* md2 */
1900 	case 4: /* md4 */
1901 	default:
1902 		wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
1903 			   "(%lu)", oid.oid[5]);
1904 		os_free(data);
1905 		return -1;
1906 	}
1907 
1908 skip_digest_oid:
1909 	/* Digest ::= OCTET STRING */
1910 	pos = da_end;
1911 	end = data + data_len;
1912 
1913 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1914 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1915 	    hdr.tag != ASN1_TAG_OCTETSTRING) {
1916 		wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
1917 			   "(Digest) - found class %d tag 0x%x",
1918 			   hdr.class, hdr.tag);
1919 		os_free(data);
1920 		return -1;
1921 	}
1922 	wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
1923 		    hdr.payload, hdr.length);
1924 
1925 	switch (signature->oid.oid[6]) {
1926 	case 4: /* md5WithRSAEncryption */
1927 		md5_vector(1, addr, len, hash);
1928 		hash_len = 16;
1929 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
1930 			    hash, hash_len);
1931 		break;
1932 	case 5: /* sha-1WithRSAEncryption */
1933 		sha1_vector(1, addr, len, hash);
1934 		hash_len = 20;
1935 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
1936 			    hash, hash_len);
1937 		break;
1938 	case 11: /* sha256WithRSAEncryption */
1939 		sha256_vector(1, addr, len, hash);
1940 		hash_len = 32;
1941 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
1942 			    hash, hash_len);
1943 		break;
1944 	case 12: /* sha384WithRSAEncryption */
1945 		sha384_vector(1, addr, len, hash);
1946 		hash_len = 48;
1947 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)",
1948 			    hash, hash_len);
1949 		break;
1950 	case 13: /* sha512WithRSAEncryption */
1951 		sha512_vector(1, addr, len, hash);
1952 		hash_len = 64;
1953 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)",
1954 			    hash, hash_len);
1955 		break;
1956 	case 2: /* md2WithRSAEncryption */
1957 	default:
1958 		wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
1959 			   "algorithm (%lu)", signature->oid.oid[6]);
1960 		os_free(data);
1961 		return -1;
1962 	}
1963 
1964 	if (hdr.length != hash_len ||
1965 	    os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
1966 		wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
1967 			   "with calculated tbsCertificate hash");
1968 		os_free(data);
1969 		return -1;
1970 	}
1971 
1972 	if (hdr.payload + hdr.length < data + data_len) {
1973 		wpa_hexdump(MSG_INFO,
1974 			    "X509: Extra data after certificate signature hash",
1975 			    hdr.payload + hdr.length,
1976 			    data + data_len - hdr.payload - hdr.length);
1977 		os_free(data);
1978 		return -1;
1979 	}
1980 
1981 	os_free(data);
1982 
1983 	wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
1984 		   "calculated tbsCertificate hash");
1985 
1986 	return 0;
1987 }
1988 
1989 
x509_valid_issuer(const struct x509_certificate * cert)1990 static int x509_valid_issuer(const struct x509_certificate *cert)
1991 {
1992 	if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1993 	    !cert->ca) {
1994 		wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
1995 			   "issuer");
1996 		return -1;
1997 	}
1998 
1999 	if (cert->version == X509_CERT_V3 &&
2000 	    !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
2001 		wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
2002 			   "include BasicConstraints extension");
2003 		return -1;
2004 	}
2005 
2006 	if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
2007 	    !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
2008 		wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
2009 			   "keyCertSign bit in Key Usage");
2010 		return -1;
2011 	}
2012 
2013 	return 0;
2014 }
2015 
2016 
2017 /**
2018  * x509_certificate_chain_validate - Validate X.509 certificate chain
2019  * @trusted: List of trusted certificates
2020  * @chain: Certificate chain to be validated (first chain must be issued by
2021  * signed by the second certificate in the chain and so on)
2022  * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
2023  * Returns: 0 if chain is valid, -1 if not
2024  */
x509_certificate_chain_validate(struct x509_certificate * trusted,struct x509_certificate * chain,int * reason,int disable_time_checks)2025 int x509_certificate_chain_validate(struct x509_certificate *trusted,
2026 				    struct x509_certificate *chain,
2027 				    int *reason, int disable_time_checks)
2028 {
2029 	long unsigned idx;
2030 	int chain_trusted = 0;
2031 	struct x509_certificate *cert, *trust;
2032 	char buf[128];
2033 	struct os_time now;
2034 
2035 	*reason = X509_VALIDATE_OK;
2036 
2037 	wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
2038 	os_get_time(&now);
2039 
2040 	for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
2041 		cert->issuer_trusted = 0;
2042 		x509_name_string(&cert->subject, buf, sizeof(buf));
2043 		wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
2044 
2045 		if (chain_trusted)
2046 			continue;
2047 
2048 		if (!disable_time_checks &&
2049 		    ((unsigned long) now.sec <
2050 		     (unsigned long) cert->not_before ||
2051 		     (unsigned long) now.sec >
2052 		     (unsigned long) cert->not_after)) {
2053 			wpa_printf(MSG_INFO, "X509: Certificate not valid "
2054 				   "(now=%lu not_before=%lu not_after=%lu)",
2055 				   now.sec, cert->not_before, cert->not_after);
2056 			*reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
2057 			return -1;
2058 		}
2059 
2060 		if (cert->next) {
2061 			if (x509_name_compare(&cert->issuer,
2062 					      &cert->next->subject) != 0) {
2063 				wpa_printf(MSG_DEBUG, "X509: Certificate "
2064 					   "chain issuer name mismatch");
2065 				x509_name_string(&cert->issuer, buf,
2066 						 sizeof(buf));
2067 				wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
2068 					   buf);
2069 				x509_name_string(&cert->next->subject, buf,
2070 						 sizeof(buf));
2071 				wpa_printf(MSG_DEBUG, "X509: next cert "
2072 					   "subject: %s", buf);
2073 				*reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
2074 				return -1;
2075 			}
2076 
2077 			if (x509_valid_issuer(cert->next) < 0) {
2078 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2079 				return -1;
2080 			}
2081 
2082 			if ((cert->next->extensions_present &
2083 			     X509_EXT_PATH_LEN_CONSTRAINT) &&
2084 			    idx > cert->next->path_len_constraint) {
2085 				wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
2086 					   " not met (idx=%lu issuer "
2087 					   "pathLenConstraint=%lu)", idx,
2088 					   cert->next->path_len_constraint);
2089 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2090 				return -1;
2091 			}
2092 
2093 			if (x509_certificate_check_signature(cert->next, cert)
2094 			    < 0) {
2095 				wpa_printf(MSG_DEBUG, "X509: Invalid "
2096 					   "certificate signature within "
2097 					   "chain");
2098 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2099 				return -1;
2100 			}
2101 		}
2102 
2103 		for (trust = trusted; trust; trust = trust->next) {
2104 			if (x509_name_compare(&cert->issuer, &trust->subject)
2105 			    == 0)
2106 				break;
2107 		}
2108 
2109 		if (trust) {
2110 			wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
2111 				   "list of trusted certificates");
2112 			if (x509_valid_issuer(trust) < 0) {
2113 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2114 				return -1;
2115 			}
2116 
2117 			if (x509_certificate_check_signature(trust, cert) < 0)
2118 			{
2119 				wpa_printf(MSG_DEBUG, "X509: Invalid "
2120 					   "certificate signature");
2121 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2122 				return -1;
2123 			}
2124 
2125 			wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
2126 				   "found to complete the chain");
2127 			cert->issuer_trusted = 1;
2128 			chain_trusted = 1;
2129 		}
2130 	}
2131 
2132 	if (!chain_trusted) {
2133 		wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
2134 			   "from the list of trusted certificates");
2135 		if (trusted) {
2136 			*reason = X509_VALIDATE_UNKNOWN_CA;
2137 			return -1;
2138 		}
2139 		wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
2140 			   "disabled - ignore unknown CA issue");
2141 	}
2142 
2143 	wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
2144 
2145 	return 0;
2146 }
2147 
2148 
2149 /**
2150  * x509_certificate_get_subject - Get a certificate based on Subject name
2151  * @chain: Certificate chain to search through
2152  * @name: Subject name to search for
2153  * Returns: Pointer to the certificate with the given Subject name or
2154  * %NULL on failure
2155  */
2156 struct x509_certificate *
x509_certificate_get_subject(struct x509_certificate * chain,struct x509_name * name)2157 x509_certificate_get_subject(struct x509_certificate *chain,
2158 			     struct x509_name *name)
2159 {
2160 	struct x509_certificate *cert;
2161 
2162 	for (cert = chain; cert; cert = cert->next) {
2163 		if (x509_name_compare(&cert->subject, name) == 0)
2164 			return cert;
2165 	}
2166 	return NULL;
2167 }
2168 
2169 
2170 /**
2171  * x509_certificate_self_signed - Is the certificate self-signed?
2172  * @cert: Certificate
2173  * Returns: 1 if certificate is self-signed, 0 if not
2174  */
x509_certificate_self_signed(struct x509_certificate * cert)2175 int x509_certificate_self_signed(struct x509_certificate *cert)
2176 {
2177 	return x509_name_compare(&cert->issuer, &cert->subject) == 0;
2178 }
2179