1 /*
2 * X.509v3 certificate parsing and processing (RFC 3280 profile)
3 * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/crypto.h"
13 #include "asn1.h"
14 #include "x509v3.h"
15
16
x509_free_name(struct x509_name * name)17 void x509_free_name(struct x509_name *name)
18 {
19 size_t i;
20
21 for (i = 0; i < name->num_attr; i++) {
22 os_free(name->attr[i].value);
23 name->attr[i].value = NULL;
24 name->attr[i].type = X509_NAME_ATTR_NOT_USED;
25 }
26 name->num_attr = 0;
27 os_free(name->email);
28 name->email = NULL;
29
30 os_free(name->alt_email);
31 os_free(name->dns);
32 os_free(name->uri);
33 os_free(name->ip);
34 name->alt_email = name->dns = name->uri = NULL;
35 name->ip = NULL;
36 name->ip_len = 0;
37 os_memset(&name->rid, 0, sizeof(name->rid));
38 }
39
40
41 /**
42 * x509_certificate_free - Free an X.509 certificate
43 * @cert: Certificate to be freed
44 */
x509_certificate_free(struct x509_certificate * cert)45 void x509_certificate_free(struct x509_certificate *cert)
46 {
47 if (cert == NULL)
48 return;
49 if (cert->next) {
50 wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
51 "was still on a list (next=%p)\n",
52 cert, cert->next);
53 }
54 x509_free_name(&cert->issuer);
55 x509_free_name(&cert->subject);
56 os_free(cert->public_key);
57 os_free(cert->sign_value);
58 os_free(cert->subject_dn);
59 os_free(cert);
60 }
61
62
63 /**
64 * x509_certificate_free - Free an X.509 certificate chain
65 * @cert: Pointer to the first certificate in the chain
66 */
x509_certificate_chain_free(struct x509_certificate * cert)67 void x509_certificate_chain_free(struct x509_certificate *cert)
68 {
69 struct x509_certificate *next;
70
71 while (cert) {
72 next = cert->next;
73 cert->next = NULL;
74 x509_certificate_free(cert);
75 cert = next;
76 }
77 }
78
79
x509_whitespace(char c)80 static int x509_whitespace(char c)
81 {
82 return c == ' ' || c == '\t';
83 }
84
85
x509_str_strip_whitespace(char * a)86 static void x509_str_strip_whitespace(char *a)
87 {
88 char *ipos, *opos;
89 int remove_whitespace = 1;
90
91 ipos = opos = a;
92
93 while (*ipos) {
94 if (remove_whitespace && x509_whitespace(*ipos))
95 ipos++;
96 else {
97 remove_whitespace = x509_whitespace(*ipos);
98 *opos++ = *ipos++;
99 }
100 }
101
102 *opos-- = '\0';
103 if (opos > a && x509_whitespace(*opos))
104 *opos = '\0';
105 }
106
107
x509_str_compare(const char * a,const char * b)108 static int x509_str_compare(const char *a, const char *b)
109 {
110 char *aa, *bb;
111 int ret;
112
113 if (!a && b)
114 return -1;
115 if (a && !b)
116 return 1;
117 if (!a && !b)
118 return 0;
119
120 aa = os_strdup(a);
121 bb = os_strdup(b);
122
123 if (aa == NULL || bb == NULL) {
124 os_free(aa);
125 os_free(bb);
126 return os_strcasecmp(a, b);
127 }
128
129 x509_str_strip_whitespace(aa);
130 x509_str_strip_whitespace(bb);
131
132 ret = os_strcasecmp(aa, bb);
133
134 os_free(aa);
135 os_free(bb);
136
137 return ret;
138 }
139
140
141 /**
142 * x509_name_compare - Compare X.509 certificate names
143 * @a: Certificate name
144 * @b: Certificate name
145 * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
146 * greater than b
147 */
x509_name_compare(struct x509_name * a,struct x509_name * b)148 int x509_name_compare(struct x509_name *a, struct x509_name *b)
149 {
150 int res;
151 size_t i;
152
153 if (!a && b)
154 return -1;
155 if (a && !b)
156 return 1;
157 if (!a && !b)
158 return 0;
159 if (a->num_attr < b->num_attr)
160 return -1;
161 if (a->num_attr > b->num_attr)
162 return 1;
163
164 for (i = 0; i < a->num_attr; i++) {
165 if (a->attr[i].type < b->attr[i].type)
166 return -1;
167 if (a->attr[i].type > b->attr[i].type)
168 return -1;
169 res = x509_str_compare(a->attr[i].value, b->attr[i].value);
170 if (res)
171 return res;
172 }
173 res = x509_str_compare(a->email, b->email);
174 if (res)
175 return res;
176
177 return 0;
178 }
179
180
x509_parse_algorithm_identifier(const u8 * buf,size_t len,struct x509_algorithm_identifier * id,const u8 ** next)181 int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
182 struct x509_algorithm_identifier *id,
183 const u8 **next)
184 {
185 struct asn1_hdr hdr;
186 const u8 *pos, *end;
187
188 /*
189 * AlgorithmIdentifier ::= SEQUENCE {
190 * algorithm OBJECT IDENTIFIER,
191 * parameters ANY DEFINED BY algorithm OPTIONAL
192 * }
193 */
194
195 if (asn1_get_next(buf, len, &hdr) < 0 ||
196 hdr.class != ASN1_CLASS_UNIVERSAL ||
197 hdr.tag != ASN1_TAG_SEQUENCE) {
198 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
199 "(AlgorithmIdentifier) - found class %d tag 0x%x",
200 hdr.class, hdr.tag);
201 return -1;
202 }
203 if (hdr.length > buf + len - hdr.payload)
204 return -1;
205 pos = hdr.payload;
206 end = pos + hdr.length;
207
208 *next = end;
209
210 if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
211 return -1;
212
213 /* TODO: optional parameters */
214
215 return 0;
216 }
217
218
x509_parse_public_key(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)219 static int x509_parse_public_key(const u8 *buf, size_t len,
220 struct x509_certificate *cert,
221 const u8 **next)
222 {
223 struct asn1_hdr hdr;
224 const u8 *pos, *end;
225
226 /*
227 * SubjectPublicKeyInfo ::= SEQUENCE {
228 * algorithm AlgorithmIdentifier,
229 * subjectPublicKey BIT STRING
230 * }
231 */
232
233 pos = buf;
234 end = buf + len;
235
236 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
237 hdr.class != ASN1_CLASS_UNIVERSAL ||
238 hdr.tag != ASN1_TAG_SEQUENCE) {
239 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
240 "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
241 hdr.class, hdr.tag);
242 return -1;
243 }
244 pos = hdr.payload;
245
246 if (hdr.length > end - pos)
247 return -1;
248 end = pos + hdr.length;
249 *next = end;
250
251 if (x509_parse_algorithm_identifier(pos, end - pos,
252 &cert->public_key_alg, &pos))
253 return -1;
254
255 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
256 hdr.class != ASN1_CLASS_UNIVERSAL ||
257 hdr.tag != ASN1_TAG_BITSTRING) {
258 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
259 "(subjectPublicKey) - found class %d tag 0x%x",
260 hdr.class, hdr.tag);
261 return -1;
262 }
263 if (hdr.length < 1)
264 return -1;
265 pos = hdr.payload;
266 if (*pos) {
267 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
268 *pos);
269 /*
270 * TODO: should this be rejected? X.509 certificates are
271 * unlikely to use such a construction. Now we would end up
272 * including the extra bits in the buffer which may also be
273 * ok.
274 */
275 }
276 os_free(cert->public_key);
277 cert->public_key = os_memdup(pos + 1, hdr.length - 1);
278 if (cert->public_key == NULL) {
279 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
280 "public key");
281 return -1;
282 }
283 cert->public_key_len = hdr.length - 1;
284 wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
285 cert->public_key, cert->public_key_len);
286
287 return 0;
288 }
289
290
x509_parse_name(const u8 * buf,size_t len,struct x509_name * name,const u8 ** next)291 int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
292 const u8 **next)
293 {
294 struct asn1_hdr hdr;
295 const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
296 struct asn1_oid oid;
297 char *val;
298
299 /*
300 * Name ::= CHOICE { RDNSequence }
301 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
302 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
303 * AttributeTypeAndValue ::= SEQUENCE {
304 * type AttributeType,
305 * value AttributeValue
306 * }
307 * AttributeType ::= OBJECT IDENTIFIER
308 * AttributeValue ::= ANY DEFINED BY AttributeType
309 */
310
311 if (asn1_get_next(buf, len, &hdr) < 0 ||
312 hdr.class != ASN1_CLASS_UNIVERSAL ||
313 hdr.tag != ASN1_TAG_SEQUENCE) {
314 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
315 "(Name / RDNSequencer) - found class %d tag 0x%x",
316 hdr.class, hdr.tag);
317 return -1;
318 }
319 pos = hdr.payload;
320
321 if (hdr.length > buf + len - pos)
322 return -1;
323
324 end = *next = pos + hdr.length;
325
326 while (pos < end) {
327 enum x509_name_attr_type type;
328
329 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
330 hdr.class != ASN1_CLASS_UNIVERSAL ||
331 hdr.tag != ASN1_TAG_SET) {
332 wpa_printf(MSG_DEBUG, "X509: Expected SET "
333 "(RelativeDistinguishedName) - found class "
334 "%d tag 0x%x", hdr.class, hdr.tag);
335 x509_free_name(name);
336 return -1;
337 }
338
339 set_pos = hdr.payload;
340 pos = set_end = hdr.payload + hdr.length;
341
342 if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
343 hdr.class != ASN1_CLASS_UNIVERSAL ||
344 hdr.tag != ASN1_TAG_SEQUENCE) {
345 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
346 "(AttributeTypeAndValue) - found class %d "
347 "tag 0x%x", hdr.class, hdr.tag);
348 x509_free_name(name);
349 return -1;
350 }
351
352 seq_pos = hdr.payload;
353 seq_end = hdr.payload + hdr.length;
354
355 if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
356 x509_free_name(name);
357 return -1;
358 }
359
360 if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
361 hdr.class != ASN1_CLASS_UNIVERSAL) {
362 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
363 "AttributeValue");
364 x509_free_name(name);
365 return -1;
366 }
367
368 /* RFC 3280:
369 * MUST: country, organization, organizational-unit,
370 * distinguished name qualifier, state or province name,
371 * common name, serial number.
372 * SHOULD: locality, title, surname, given name, initials,
373 * pseudonym, generation qualifier.
374 * MUST: domainComponent (RFC 2247).
375 */
376 type = X509_NAME_ATTR_NOT_USED;
377 if (oid.len == 4 &&
378 oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
379 /* id-at ::= 2.5.4 */
380 switch (oid.oid[3]) {
381 case 3:
382 /* commonName */
383 type = X509_NAME_ATTR_CN;
384 break;
385 case 6:
386 /* countryName */
387 type = X509_NAME_ATTR_C;
388 break;
389 case 7:
390 /* localityName */
391 type = X509_NAME_ATTR_L;
392 break;
393 case 8:
394 /* stateOrProvinceName */
395 type = X509_NAME_ATTR_ST;
396 break;
397 case 10:
398 /* organizationName */
399 type = X509_NAME_ATTR_O;
400 break;
401 case 11:
402 /* organizationalUnitName */
403 type = X509_NAME_ATTR_OU;
404 break;
405 }
406 } else if (oid.len == 7 &&
407 oid.oid[0] == 1 && oid.oid[1] == 2 &&
408 oid.oid[2] == 840 && oid.oid[3] == 113549 &&
409 oid.oid[4] == 1 && oid.oid[5] == 9 &&
410 oid.oid[6] == 1) {
411 /* 1.2.840.113549.1.9.1 - e-mailAddress */
412 os_free(name->email);
413 name->email = os_malloc(hdr.length + 1);
414 if (name->email == NULL) {
415 x509_free_name(name);
416 return -1;
417 }
418 os_memcpy(name->email, hdr.payload, hdr.length);
419 name->email[hdr.length] = '\0';
420 continue;
421 } else if (oid.len == 7 &&
422 oid.oid[0] == 0 && oid.oid[1] == 9 &&
423 oid.oid[2] == 2342 && oid.oid[3] == 19200300 &&
424 oid.oid[4] == 100 && oid.oid[5] == 1 &&
425 oid.oid[6] == 25) {
426 /* 0.9.2342.19200300.100.1.25 - domainComponent */
427 type = X509_NAME_ATTR_DC;
428 }
429
430 if (type == X509_NAME_ATTR_NOT_USED) {
431 wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
432 (u8 *) oid.oid,
433 oid.len * sizeof(oid.oid[0]));
434 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
435 hdr.payload, hdr.length);
436 continue;
437 }
438
439 if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) {
440 wpa_printf(MSG_INFO, "X509: Too many Name attributes");
441 x509_free_name(name);
442 return -1;
443 }
444
445 val = dup_binstr(hdr.payload, hdr.length);
446 if (val == NULL) {
447 x509_free_name(name);
448 return -1;
449 }
450 if (os_strlen(val) != hdr.length) {
451 wpa_printf(MSG_INFO, "X509: Reject certificate with "
452 "embedded NUL byte in a string (%s[NUL])",
453 val);
454 os_free(val);
455 x509_free_name(name);
456 return -1;
457 }
458
459 name->attr[name->num_attr].type = type;
460 name->attr[name->num_attr].value = val;
461 name->num_attr++;
462 }
463
464 return 0;
465 }
466
467
x509_name_attr_str(enum x509_name_attr_type type)468 static char * x509_name_attr_str(enum x509_name_attr_type type)
469 {
470 switch (type) {
471 case X509_NAME_ATTR_NOT_USED:
472 return "[N/A]";
473 case X509_NAME_ATTR_DC:
474 return "DC";
475 case X509_NAME_ATTR_CN:
476 return "CN";
477 case X509_NAME_ATTR_C:
478 return "C";
479 case X509_NAME_ATTR_L:
480 return "L";
481 case X509_NAME_ATTR_ST:
482 return "ST";
483 case X509_NAME_ATTR_O:
484 return "O";
485 case X509_NAME_ATTR_OU:
486 return "OU";
487 }
488 return "?";
489 }
490
491
492 /**
493 * x509_name_string - Convert an X.509 certificate name into a string
494 * @name: Name to convert
495 * @buf: Buffer for the string
496 * @len: Maximum buffer length
497 */
x509_name_string(struct x509_name * name,char * buf,size_t len)498 void x509_name_string(struct x509_name *name, char *buf, size_t len)
499 {
500 char *pos, *end;
501 int ret;
502 size_t i;
503
504 if (len == 0)
505 return;
506
507 pos = buf;
508 end = buf + len;
509
510 for (i = 0; i < name->num_attr; i++) {
511 ret = os_snprintf(pos, end - pos, "%s=%s, ",
512 x509_name_attr_str(name->attr[i].type),
513 name->attr[i].value);
514 if (os_snprintf_error(end - pos, ret))
515 goto done;
516 pos += ret;
517 }
518
519 if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
520 pos--;
521 *pos = '\0';
522 pos--;
523 *pos = '\0';
524 }
525
526 if (name->email) {
527 ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
528 name->email);
529 if (os_snprintf_error(end - pos, ret))
530 goto done;
531 pos += ret;
532 }
533
534 done:
535 end[-1] = '\0';
536 }
537
538
x509_parse_time(const u8 * buf,size_t len,u8 asn1_tag,os_time_t * val)539 int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val)
540 {
541 const char *pos;
542 int year, month, day, hour, min, sec;
543
544 /*
545 * Time ::= CHOICE {
546 * utcTime UTCTime,
547 * generalTime GeneralizedTime
548 * }
549 *
550 * UTCTime: YYMMDDHHMMSSZ
551 * GeneralizedTime: YYYYMMDDHHMMSSZ
552 */
553
554 pos = (const char *) buf;
555
556 switch (asn1_tag) {
557 case ASN1_TAG_UTCTIME:
558 if (len != 13 || buf[12] != 'Z') {
559 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
560 "UTCTime format", buf, len);
561 return -1;
562 }
563 if (sscanf(pos, "%02d", &year) != 1) {
564 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
565 "UTCTime year", buf, len);
566 return -1;
567 }
568 if (year < 50)
569 year += 2000;
570 else
571 year += 1900;
572 pos += 2;
573 break;
574 case ASN1_TAG_GENERALIZEDTIME:
575 if (len != 15 || buf[14] != 'Z') {
576 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
577 "GeneralizedTime format", buf, len);
578 return -1;
579 }
580 if (sscanf(pos, "%04d", &year) != 1) {
581 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
582 "GeneralizedTime year", buf, len);
583 return -1;
584 }
585 pos += 4;
586 break;
587 default:
588 wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
589 "GeneralizedTime - found tag 0x%x", asn1_tag);
590 return -1;
591 }
592
593 if (sscanf(pos, "%02d", &month) != 1) {
594 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
595 "(month)", buf, len);
596 return -1;
597 }
598 pos += 2;
599
600 if (sscanf(pos, "%02d", &day) != 1) {
601 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
602 "(day)", buf, len);
603 return -1;
604 }
605 pos += 2;
606
607 if (sscanf(pos, "%02d", &hour) != 1) {
608 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
609 "(hour)", buf, len);
610 return -1;
611 }
612 pos += 2;
613
614 if (sscanf(pos, "%02d", &min) != 1) {
615 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
616 "(min)", buf, len);
617 return -1;
618 }
619 pos += 2;
620
621 if (sscanf(pos, "%02d", &sec) != 1) {
622 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
623 "(sec)", buf, len);
624 return -1;
625 }
626
627 if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
628 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
629 buf, len);
630 if (year < 1970) {
631 /*
632 * At least some test certificates have been configured
633 * to use dates prior to 1970. Set the date to
634 * beginning of 1970 to handle these case.
635 */
636 wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
637 "assume epoch as the time", year);
638 *val = 0;
639 return 0;
640 }
641 return -1;
642 }
643
644 return 0;
645 }
646
647
x509_parse_validity(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)648 static int x509_parse_validity(const u8 *buf, size_t len,
649 struct x509_certificate *cert, const u8 **next)
650 {
651 struct asn1_hdr hdr;
652 const u8 *pos;
653 size_t plen;
654
655 /*
656 * Validity ::= SEQUENCE {
657 * notBefore Time,
658 * notAfter Time
659 * }
660 *
661 * RFC 3280, 4.1.2.5:
662 * CAs conforming to this profile MUST always encode certificate
663 * validity dates through the year 2049 as UTCTime; certificate
664 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
665 */
666
667 if (asn1_get_next(buf, len, &hdr) < 0 ||
668 hdr.class != ASN1_CLASS_UNIVERSAL ||
669 hdr.tag != ASN1_TAG_SEQUENCE) {
670 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
671 "(Validity) - found class %d tag 0x%x",
672 hdr.class, hdr.tag);
673 return -1;
674 }
675 pos = hdr.payload;
676 plen = hdr.length;
677
678 if (plen > (size_t) (buf + len - pos))
679 return -1;
680
681 *next = pos + plen;
682
683 if (asn1_get_next(pos, plen, &hdr) < 0 ||
684 hdr.class != ASN1_CLASS_UNIVERSAL ||
685 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
686 &cert->not_before) < 0) {
687 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
688 "Time", hdr.payload, hdr.length);
689 return -1;
690 }
691
692 pos = hdr.payload + hdr.length;
693 plen = *next - pos;
694
695 if (asn1_get_next(pos, plen, &hdr) < 0 ||
696 hdr.class != ASN1_CLASS_UNIVERSAL ||
697 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
698 &cert->not_after) < 0) {
699 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
700 "Time", hdr.payload, hdr.length);
701 return -1;
702 }
703
704 wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
705 (unsigned long) cert->not_before,
706 (unsigned long) cert->not_after);
707
708 return 0;
709 }
710
711
x509_id_ce_oid(struct asn1_oid * oid)712 static int x509_id_ce_oid(struct asn1_oid *oid)
713 {
714 /* id-ce arc from X.509 for standard X.509v3 extensions */
715 return oid->len >= 4 &&
716 oid->oid[0] == 2 /* joint-iso-ccitt */ &&
717 oid->oid[1] == 5 /* ds */ &&
718 oid->oid[2] == 29 /* id-ce */;
719 }
720
721
x509_any_ext_key_usage_oid(struct asn1_oid * oid)722 static int x509_any_ext_key_usage_oid(struct asn1_oid *oid)
723 {
724 return oid->len == 6 &&
725 x509_id_ce_oid(oid) &&
726 oid->oid[3] == 37 /* extKeyUsage */ &&
727 oid->oid[4] == 0 /* anyExtendedKeyUsage */;
728 }
729
730
x509_parse_ext_key_usage(struct x509_certificate * cert,const u8 * pos,size_t len)731 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
732 const u8 *pos, size_t len)
733 {
734 struct asn1_hdr hdr;
735
736 /*
737 * KeyUsage ::= BIT STRING {
738 * digitalSignature (0),
739 * nonRepudiation (1),
740 * keyEncipherment (2),
741 * dataEncipherment (3),
742 * keyAgreement (4),
743 * keyCertSign (5),
744 * cRLSign (6),
745 * encipherOnly (7),
746 * decipherOnly (8) }
747 */
748
749 if (asn1_get_next(pos, len, &hdr) < 0 ||
750 hdr.class != ASN1_CLASS_UNIVERSAL ||
751 hdr.tag != ASN1_TAG_BITSTRING ||
752 hdr.length < 1) {
753 wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
754 "KeyUsage; found %d tag 0x%x len %d",
755 hdr.class, hdr.tag, hdr.length);
756 return -1;
757 }
758
759 cert->extensions_present |= X509_EXT_KEY_USAGE;
760 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
761
762 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
763
764 return 0;
765 }
766
767
x509_parse_ext_basic_constraints(struct x509_certificate * cert,const u8 * pos,size_t len)768 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
769 const u8 *pos, size_t len)
770 {
771 struct asn1_hdr hdr;
772 unsigned long value;
773 size_t left;
774
775 /*
776 * BasicConstraints ::= SEQUENCE {
777 * cA BOOLEAN DEFAULT FALSE,
778 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
779 */
780
781 if (asn1_get_next(pos, len, &hdr) < 0 ||
782 hdr.class != ASN1_CLASS_UNIVERSAL ||
783 hdr.tag != ASN1_TAG_SEQUENCE) {
784 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
785 "BasicConstraints; found %d tag 0x%x",
786 hdr.class, hdr.tag);
787 return -1;
788 }
789
790 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
791
792 if (hdr.length == 0)
793 return 0;
794
795 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
796 hdr.class != ASN1_CLASS_UNIVERSAL) {
797 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
798 "BasicConstraints");
799 return -1;
800 }
801
802 if (hdr.tag == ASN1_TAG_BOOLEAN) {
803 if (hdr.length != 1) {
804 wpa_printf(MSG_DEBUG, "X509: Unexpected "
805 "Boolean length (%u) in BasicConstraints",
806 hdr.length);
807 return -1;
808 }
809 cert->ca = hdr.payload[0];
810
811 if (hdr.length == pos + len - hdr.payload) {
812 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
813 cert->ca);
814 return 0;
815 }
816
817 if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
818 &hdr) < 0 ||
819 hdr.class != ASN1_CLASS_UNIVERSAL) {
820 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
821 "BasicConstraints");
822 return -1;
823 }
824 }
825
826 if (hdr.tag != ASN1_TAG_INTEGER) {
827 wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
828 "BasicConstraints; found class %d tag 0x%x",
829 hdr.class, hdr.tag);
830 return -1;
831 }
832
833 pos = hdr.payload;
834 left = hdr.length;
835 value = 0;
836 while (left) {
837 value <<= 8;
838 value |= *pos++;
839 left--;
840 }
841
842 cert->path_len_constraint = value;
843 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
844
845 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
846 "pathLenConstraint=%lu",
847 cert->ca, cert->path_len_constraint);
848
849 return 0;
850 }
851
852
x509_parse_alt_name_rfc8222(struct x509_name * name,const u8 * pos,size_t len)853 static int x509_parse_alt_name_rfc8222(struct x509_name *name,
854 const u8 *pos, size_t len)
855 {
856 /* rfc822Name IA5String */
857 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
858 os_free(name->alt_email);
859 name->alt_email = os_zalloc(len + 1);
860 if (name->alt_email == NULL)
861 return -1;
862 os_memcpy(name->alt_email, pos, len);
863 if (os_strlen(name->alt_email) != len) {
864 wpa_printf(MSG_INFO, "X509: Reject certificate with "
865 "embedded NUL byte in rfc822Name (%s[NUL])",
866 name->alt_email);
867 os_free(name->alt_email);
868 name->alt_email = NULL;
869 return -1;
870 }
871 return 0;
872 }
873
874
x509_parse_alt_name_dns(struct x509_name * name,const u8 * pos,size_t len)875 static int x509_parse_alt_name_dns(struct x509_name *name,
876 const u8 *pos, size_t len)
877 {
878 /* dNSName IA5String */
879 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
880 os_free(name->dns);
881 name->dns = os_zalloc(len + 1);
882 if (name->dns == NULL)
883 return -1;
884 os_memcpy(name->dns, pos, len);
885 if (os_strlen(name->dns) != len) {
886 wpa_printf(MSG_INFO, "X509: Reject certificate with "
887 "embedded NUL byte in dNSName (%s[NUL])",
888 name->dns);
889 os_free(name->dns);
890 name->dns = NULL;
891 return -1;
892 }
893 return 0;
894 }
895
896
x509_parse_alt_name_uri(struct x509_name * name,const u8 * pos,size_t len)897 static int x509_parse_alt_name_uri(struct x509_name *name,
898 const u8 *pos, size_t len)
899 {
900 /* uniformResourceIdentifier IA5String */
901 wpa_hexdump_ascii(MSG_MSGDUMP,
902 "X509: altName - uniformResourceIdentifier",
903 pos, len);
904 os_free(name->uri);
905 name->uri = os_zalloc(len + 1);
906 if (name->uri == NULL)
907 return -1;
908 os_memcpy(name->uri, pos, len);
909 if (os_strlen(name->uri) != len) {
910 wpa_printf(MSG_INFO, "X509: Reject certificate with "
911 "embedded NUL byte in uniformResourceIdentifier "
912 "(%s[NUL])", name->uri);
913 os_free(name->uri);
914 name->uri = NULL;
915 return -1;
916 }
917 return 0;
918 }
919
920
x509_parse_alt_name_ip(struct x509_name * name,const u8 * pos,size_t len)921 static int x509_parse_alt_name_ip(struct x509_name *name,
922 const u8 *pos, size_t len)
923 {
924 /* iPAddress OCTET STRING */
925 wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
926 os_free(name->ip);
927 name->ip = os_memdup(pos, len);
928 if (name->ip == NULL)
929 return -1;
930 name->ip_len = len;
931 return 0;
932 }
933
934
x509_parse_alt_name_rid(struct x509_name * name,const u8 * pos,size_t len)935 static int x509_parse_alt_name_rid(struct x509_name *name,
936 const u8 *pos, size_t len)
937 {
938 char buf[80];
939
940 /* registeredID OBJECT IDENTIFIER */
941 if (asn1_parse_oid(pos, len, &name->rid) < 0)
942 return -1;
943
944 asn1_oid_to_str(&name->rid, buf, sizeof(buf));
945 wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
946
947 return 0;
948 }
949
950
x509_parse_ext_alt_name(struct x509_name * name,const u8 * pos,size_t len)951 static int x509_parse_ext_alt_name(struct x509_name *name,
952 const u8 *pos, size_t len)
953 {
954 struct asn1_hdr hdr;
955 const u8 *p, *end;
956
957 /*
958 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
959 *
960 * GeneralName ::= CHOICE {
961 * otherName [0] OtherName,
962 * rfc822Name [1] IA5String,
963 * dNSName [2] IA5String,
964 * x400Address [3] ORAddress,
965 * directoryName [4] Name,
966 * ediPartyName [5] EDIPartyName,
967 * uniformResourceIdentifier [6] IA5String,
968 * iPAddress [7] OCTET STRING,
969 * registeredID [8] OBJECT IDENTIFIER }
970 *
971 * OtherName ::= SEQUENCE {
972 * type-id OBJECT IDENTIFIER,
973 * value [0] EXPLICIT ANY DEFINED BY type-id }
974 *
975 * EDIPartyName ::= SEQUENCE {
976 * nameAssigner [0] DirectoryString OPTIONAL,
977 * partyName [1] DirectoryString }
978 */
979
980 for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
981 int res;
982
983 if (asn1_get_next(p, end - p, &hdr) < 0) {
984 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
985 "SubjectAltName item");
986 return -1;
987 }
988
989 if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
990 continue;
991
992 switch (hdr.tag) {
993 case 1:
994 res = x509_parse_alt_name_rfc8222(name, hdr.payload,
995 hdr.length);
996 break;
997 case 2:
998 res = x509_parse_alt_name_dns(name, hdr.payload,
999 hdr.length);
1000 break;
1001 case 6:
1002 res = x509_parse_alt_name_uri(name, hdr.payload,
1003 hdr.length);
1004 break;
1005 case 7:
1006 res = x509_parse_alt_name_ip(name, hdr.payload,
1007 hdr.length);
1008 break;
1009 case 8:
1010 res = x509_parse_alt_name_rid(name, hdr.payload,
1011 hdr.length);
1012 break;
1013 case 0: /* TODO: otherName */
1014 case 3: /* TODO: x500Address */
1015 case 4: /* TODO: directoryName */
1016 case 5: /* TODO: ediPartyName */
1017 default:
1018 res = 0;
1019 break;
1020 }
1021 if (res < 0)
1022 return res;
1023 }
1024
1025 return 0;
1026 }
1027
1028
x509_parse_ext_subject_alt_name(struct x509_certificate * cert,const u8 * pos,size_t len)1029 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1030 const u8 *pos, size_t len)
1031 {
1032 struct asn1_hdr hdr;
1033
1034 /* SubjectAltName ::= GeneralNames */
1035
1036 if (asn1_get_next(pos, len, &hdr) < 0 ||
1037 hdr.class != ASN1_CLASS_UNIVERSAL ||
1038 hdr.tag != ASN1_TAG_SEQUENCE) {
1039 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1040 "SubjectAltName; found %d tag 0x%x",
1041 hdr.class, hdr.tag);
1042 return -1;
1043 }
1044
1045 wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
1046 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1047
1048 if (hdr.length == 0)
1049 return 0;
1050
1051 return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1052 hdr.length);
1053 }
1054
1055
x509_parse_ext_issuer_alt_name(struct x509_certificate * cert,const u8 * pos,size_t len)1056 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1057 const u8 *pos, size_t len)
1058 {
1059 struct asn1_hdr hdr;
1060
1061 /* IssuerAltName ::= GeneralNames */
1062
1063 if (asn1_get_next(pos, len, &hdr) < 0 ||
1064 hdr.class != ASN1_CLASS_UNIVERSAL ||
1065 hdr.tag != ASN1_TAG_SEQUENCE) {
1066 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1067 "IssuerAltName; found %d tag 0x%x",
1068 hdr.class, hdr.tag);
1069 return -1;
1070 }
1071
1072 wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
1073 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1074
1075 if (hdr.length == 0)
1076 return 0;
1077
1078 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1079 hdr.length);
1080 }
1081
1082
x509_id_pkix_oid(struct asn1_oid * oid)1083 static int x509_id_pkix_oid(struct asn1_oid *oid)
1084 {
1085 return oid->len >= 7 &&
1086 oid->oid[0] == 1 /* iso */ &&
1087 oid->oid[1] == 3 /* identified-organization */ &&
1088 oid->oid[2] == 6 /* dod */ &&
1089 oid->oid[3] == 1 /* internet */ &&
1090 oid->oid[4] == 5 /* security */ &&
1091 oid->oid[5] == 5 /* mechanisms */ &&
1092 oid->oid[6] == 7 /* id-pkix */;
1093 }
1094
1095
x509_id_kp_oid(struct asn1_oid * oid)1096 static int x509_id_kp_oid(struct asn1_oid *oid)
1097 {
1098 /* id-kp */
1099 return oid->len >= 8 &&
1100 x509_id_pkix_oid(oid) &&
1101 oid->oid[7] == 3 /* id-kp */;
1102 }
1103
1104
x509_id_kp_server_auth_oid(struct asn1_oid * oid)1105 static int x509_id_kp_server_auth_oid(struct asn1_oid *oid)
1106 {
1107 /* id-kp */
1108 return oid->len == 9 &&
1109 x509_id_kp_oid(oid) &&
1110 oid->oid[8] == 1 /* id-kp-serverAuth */;
1111 }
1112
1113
x509_id_kp_client_auth_oid(struct asn1_oid * oid)1114 static int x509_id_kp_client_auth_oid(struct asn1_oid *oid)
1115 {
1116 /* id-kp */
1117 return oid->len == 9 &&
1118 x509_id_kp_oid(oid) &&
1119 oid->oid[8] == 2 /* id-kp-clientAuth */;
1120 }
1121
1122
x509_id_kp_ocsp_oid(struct asn1_oid * oid)1123 static int x509_id_kp_ocsp_oid(struct asn1_oid *oid)
1124 {
1125 /* id-kp */
1126 return oid->len == 9 &&
1127 x509_id_kp_oid(oid) &&
1128 oid->oid[8] == 9 /* id-kp-OCSPSigning */;
1129 }
1130
1131
x509_parse_ext_ext_key_usage(struct x509_certificate * cert,const u8 * pos,size_t len)1132 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
1133 const u8 *pos, size_t len)
1134 {
1135 struct asn1_hdr hdr;
1136 const u8 *end;
1137 struct asn1_oid oid;
1138
1139 /*
1140 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
1141 *
1142 * KeyPurposeId ::= OBJECT IDENTIFIER
1143 */
1144
1145 if (asn1_get_next(pos, len, &hdr) < 0 ||
1146 hdr.class != ASN1_CLASS_UNIVERSAL ||
1147 hdr.tag != ASN1_TAG_SEQUENCE) {
1148 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1149 "(ExtKeyUsageSyntax) - found class %d tag 0x%x",
1150 hdr.class, hdr.tag);
1151 return -1;
1152 }
1153 if (hdr.length > pos + len - hdr.payload)
1154 return -1;
1155 pos = hdr.payload;
1156 end = pos + hdr.length;
1157
1158 wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos);
1159
1160 while (pos < end) {
1161 char buf[80];
1162
1163 if (asn1_get_oid(pos, end - pos, &oid, &pos))
1164 return -1;
1165 if (x509_any_ext_key_usage_oid(&oid)) {
1166 os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf));
1167 cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY;
1168 } else if (x509_id_kp_server_auth_oid(&oid)) {
1169 os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf));
1170 cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH;
1171 } else if (x509_id_kp_client_auth_oid(&oid)) {
1172 os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf));
1173 cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
1174 } else if (x509_id_kp_ocsp_oid(&oid)) {
1175 os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf));
1176 cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP;
1177 } else {
1178 asn1_oid_to_str(&oid, buf, sizeof(buf));
1179 }
1180 wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf);
1181 }
1182
1183 cert->extensions_present |= X509_EXT_EXT_KEY_USAGE;
1184
1185 return 0;
1186 }
1187
1188
x509_parse_extension_data(struct x509_certificate * cert,struct asn1_oid * oid,const u8 * pos,size_t len)1189 static int x509_parse_extension_data(struct x509_certificate *cert,
1190 struct asn1_oid *oid,
1191 const u8 *pos, size_t len)
1192 {
1193 if (!x509_id_ce_oid(oid))
1194 return 1;
1195
1196 /* TODO: add other extensions required by RFC 3280, Ch 4.2:
1197 * certificate policies (section 4.2.1.5)
1198 * name constraints (section 4.2.1.11)
1199 * policy constraints (section 4.2.1.12)
1200 * inhibit any-policy (section 4.2.1.15)
1201 */
1202 switch (oid->oid[3]) {
1203 case 15: /* id-ce-keyUsage */
1204 return x509_parse_ext_key_usage(cert, pos, len);
1205 case 17: /* id-ce-subjectAltName */
1206 return x509_parse_ext_subject_alt_name(cert, pos, len);
1207 case 18: /* id-ce-issuerAltName */
1208 return x509_parse_ext_issuer_alt_name(cert, pos, len);
1209 case 19: /* id-ce-basicConstraints */
1210 return x509_parse_ext_basic_constraints(cert, pos, len);
1211 case 37: /* id-ce-extKeyUsage */
1212 return x509_parse_ext_ext_key_usage(cert, pos, len);
1213 default:
1214 return 1;
1215 }
1216 }
1217
1218
x509_parse_extension(struct x509_certificate * cert,const u8 * pos,size_t len,const u8 ** next)1219 static int x509_parse_extension(struct x509_certificate *cert,
1220 const u8 *pos, size_t len, const u8 **next)
1221 {
1222 const u8 *end;
1223 struct asn1_hdr hdr;
1224 struct asn1_oid oid;
1225 int critical_ext = 0, res;
1226 char buf[80];
1227
1228 /*
1229 * Extension ::= SEQUENCE {
1230 * extnID OBJECT IDENTIFIER,
1231 * critical BOOLEAN DEFAULT FALSE,
1232 * extnValue OCTET STRING
1233 * }
1234 */
1235
1236 if (asn1_get_next(pos, len, &hdr) < 0 ||
1237 hdr.class != ASN1_CLASS_UNIVERSAL ||
1238 hdr.tag != ASN1_TAG_SEQUENCE) {
1239 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1240 "Extensions: class %d tag 0x%x; expected SEQUENCE",
1241 hdr.class, hdr.tag);
1242 return -1;
1243 }
1244 pos = hdr.payload;
1245 *next = end = pos + hdr.length;
1246
1247 if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
1248 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
1249 "Extension (expected OID)");
1250 return -1;
1251 }
1252
1253 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1254 hdr.class != ASN1_CLASS_UNIVERSAL ||
1255 (hdr.tag != ASN1_TAG_BOOLEAN &&
1256 hdr.tag != ASN1_TAG_OCTETSTRING)) {
1257 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1258 "Extensions: class %d tag 0x%x; expected BOOLEAN "
1259 "or OCTET STRING", hdr.class, hdr.tag);
1260 return -1;
1261 }
1262
1263 if (hdr.tag == ASN1_TAG_BOOLEAN) {
1264 if (hdr.length != 1) {
1265 wpa_printf(MSG_DEBUG, "X509: Unexpected "
1266 "Boolean length (%u)", hdr.length);
1267 return -1;
1268 }
1269 critical_ext = hdr.payload[0];
1270 pos = hdr.payload;
1271 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1272 (hdr.class != ASN1_CLASS_UNIVERSAL &&
1273 hdr.class != ASN1_CLASS_PRIVATE) ||
1274 hdr.tag != ASN1_TAG_OCTETSTRING) {
1275 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
1276 "in Extensions: class %d tag 0x%x; "
1277 "expected OCTET STRING",
1278 hdr.class, hdr.tag);
1279 return -1;
1280 }
1281 }
1282
1283 asn1_oid_to_str(&oid, buf, sizeof(buf));
1284 wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
1285 buf, critical_ext);
1286 wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
1287
1288 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1289 if (res < 0)
1290 return res;
1291 if (res == 1 && critical_ext) {
1292 wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
1293 buf);
1294 return -1;
1295 }
1296
1297 return 0;
1298 }
1299
1300
x509_parse_extensions(struct x509_certificate * cert,const u8 * pos,size_t len)1301 static int x509_parse_extensions(struct x509_certificate *cert,
1302 const u8 *pos, size_t len)
1303 {
1304 const u8 *end;
1305 struct asn1_hdr hdr;
1306
1307 /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */
1308
1309 if (asn1_get_next(pos, len, &hdr) < 0 ||
1310 hdr.class != ASN1_CLASS_UNIVERSAL ||
1311 hdr.tag != ASN1_TAG_SEQUENCE) {
1312 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
1313 "for Extensions: class %d tag 0x%x; "
1314 "expected SEQUENCE", hdr.class, hdr.tag);
1315 return -1;
1316 }
1317
1318 pos = hdr.payload;
1319 end = pos + hdr.length;
1320
1321 while (pos < end) {
1322 if (x509_parse_extension(cert, pos, end - pos, &pos)
1323 < 0)
1324 return -1;
1325 }
1326
1327 return 0;
1328 }
1329
1330
x509_parse_tbs_certificate(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)1331 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
1332 struct x509_certificate *cert,
1333 const u8 **next)
1334 {
1335 struct asn1_hdr hdr;
1336 const u8 *pos, *end;
1337 size_t left;
1338 char sbuf[128];
1339 unsigned long value;
1340 const u8 *subject_dn;
1341
1342 /* tbsCertificate TBSCertificate ::= SEQUENCE */
1343 if (asn1_get_next(buf, len, &hdr) < 0 ||
1344 hdr.class != ASN1_CLASS_UNIVERSAL ||
1345 hdr.tag != ASN1_TAG_SEQUENCE) {
1346 wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
1347 "with a valid SEQUENCE - found class %d tag 0x%x",
1348 hdr.class, hdr.tag);
1349 return -1;
1350 }
1351 pos = hdr.payload;
1352 end = *next = pos + hdr.length;
1353
1354 /*
1355 * version [0] EXPLICIT Version DEFAULT v1
1356 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1357 */
1358 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1359 return -1;
1360 pos = hdr.payload;
1361
1362 if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
1363 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1364 return -1;
1365
1366 if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1367 hdr.tag != ASN1_TAG_INTEGER) {
1368 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1369 "version field - found class %d tag 0x%x",
1370 hdr.class, hdr.tag);
1371 return -1;
1372 }
1373 if (hdr.length != 1) {
1374 wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
1375 "length %u (expected 1)", hdr.length);
1376 return -1;
1377 }
1378 pos = hdr.payload;
1379 left = hdr.length;
1380 value = 0;
1381 while (left) {
1382 value <<= 8;
1383 value |= *pos++;
1384 left--;
1385 }
1386
1387 cert->version = value;
1388 if (cert->version != X509_CERT_V1 &&
1389 cert->version != X509_CERT_V2 &&
1390 cert->version != X509_CERT_V3) {
1391 wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
1392 cert->version + 1);
1393 return -1;
1394 }
1395
1396 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1397 return -1;
1398 } else
1399 cert->version = X509_CERT_V1;
1400 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1401
1402 /* serialNumber CertificateSerialNumber ::= INTEGER */
1403 if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1404 hdr.tag != ASN1_TAG_INTEGER ||
1405 hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) {
1406 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1407 "serialNumber; class=%d tag=0x%x length=%u",
1408 hdr.class, hdr.tag, hdr.length);
1409 return -1;
1410 }
1411
1412 pos = hdr.payload + hdr.length;
1413 while (hdr.length > 0 && hdr.payload[0] == 0) {
1414 hdr.payload++;
1415 hdr.length--;
1416 }
1417 os_memcpy(cert->serial_number, hdr.payload, hdr.length);
1418 cert->serial_number_len = hdr.length;
1419 wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number,
1420 cert->serial_number_len);
1421
1422 /* signature AlgorithmIdentifier */
1423 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1424 &pos))
1425 return -1;
1426
1427 /* issuer Name */
1428 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1429 return -1;
1430 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1431 wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
1432
1433 /* validity Validity */
1434 if (x509_parse_validity(pos, end - pos, cert, &pos))
1435 return -1;
1436
1437 /* subject Name */
1438 subject_dn = pos;
1439 if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1440 return -1;
1441 cert->subject_dn = os_malloc(pos - subject_dn);
1442 if (!cert->subject_dn)
1443 return -1;
1444 cert->subject_dn_len = pos - subject_dn;
1445 os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
1446 x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1447 wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
1448
1449 /* subjectPublicKeyInfo SubjectPublicKeyInfo */
1450 if (x509_parse_public_key(pos, end - pos, cert, &pos))
1451 return -1;
1452
1453 if (pos == end)
1454 return 0;
1455
1456 if (cert->version == X509_CERT_V1)
1457 return 0;
1458
1459 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1460 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1461 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1462 " tag to parse optional tbsCertificate "
1463 "field(s); parsed class %d tag 0x%x",
1464 hdr.class, hdr.tag);
1465 return -1;
1466 }
1467
1468 if (hdr.tag == 1) {
1469 /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */
1470 wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
1471 /* TODO: parse UniqueIdentifier ::= BIT STRING */
1472
1473 pos = hdr.payload + hdr.length;
1474 if (pos == end)
1475 return 0;
1476
1477 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1478 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1479 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1480 " tag to parse optional tbsCertificate "
1481 "field(s); parsed class %d tag 0x%x",
1482 hdr.class, hdr.tag);
1483 return -1;
1484 }
1485 }
1486
1487 if (hdr.tag == 2) {
1488 /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */
1489 wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
1490 /* TODO: parse UniqueIdentifier ::= BIT STRING */
1491
1492 pos = hdr.payload + hdr.length;
1493 if (pos == end)
1494 return 0;
1495
1496 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1497 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1498 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1499 " tag to parse optional tbsCertificate "
1500 "field(s); parsed class %d tag 0x%x",
1501 hdr.class, hdr.tag);
1502 return -1;
1503 }
1504 }
1505
1506 if (hdr.tag != 3) {
1507 wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
1508 "Context-Specific tag %d in optional "
1509 "tbsCertificate fields", hdr.tag);
1510 return 0;
1511 }
1512
1513 /* extensions [3] EXPLICIT Extensions OPTIONAL */
1514
1515 if (cert->version != X509_CERT_V3) {
1516 wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
1517 "Extensions data which are only allowed for "
1518 "version 3", cert->version + 1);
1519 return -1;
1520 }
1521
1522 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1523 return -1;
1524
1525 pos = hdr.payload + hdr.length;
1526 if (pos < end) {
1527 wpa_hexdump(MSG_DEBUG,
1528 "X509: Ignored extra tbsCertificate data",
1529 pos, end - pos);
1530 }
1531
1532 return 0;
1533 }
1534
1535
x509_rsadsi_oid(struct asn1_oid * oid)1536 static int x509_rsadsi_oid(struct asn1_oid *oid)
1537 {
1538 return oid->len >= 4 &&
1539 oid->oid[0] == 1 /* iso */ &&
1540 oid->oid[1] == 2 /* member-body */ &&
1541 oid->oid[2] == 840 /* us */ &&
1542 oid->oid[3] == 113549 /* rsadsi */;
1543 }
1544
1545
x509_pkcs_oid(struct asn1_oid * oid)1546 static int x509_pkcs_oid(struct asn1_oid *oid)
1547 {
1548 return oid->len >= 5 &&
1549 x509_rsadsi_oid(oid) &&
1550 oid->oid[4] == 1 /* pkcs */;
1551 }
1552
1553
x509_digest_oid(struct asn1_oid * oid)1554 static int x509_digest_oid(struct asn1_oid *oid)
1555 {
1556 return oid->len >= 5 &&
1557 x509_rsadsi_oid(oid) &&
1558 oid->oid[4] == 2 /* digestAlgorithm */;
1559 }
1560
1561
x509_sha1_oid(struct asn1_oid * oid)1562 int x509_sha1_oid(struct asn1_oid *oid)
1563 {
1564 return oid->len == 6 &&
1565 oid->oid[0] == 1 /* iso */ &&
1566 oid->oid[1] == 3 /* identified-organization */ &&
1567 oid->oid[2] == 14 /* oiw */ &&
1568 oid->oid[3] == 3 /* secsig */ &&
1569 oid->oid[4] == 2 /* algorithms */ &&
1570 oid->oid[5] == 26 /* id-sha1 */;
1571 }
1572
1573
x509_sha2_oid(struct asn1_oid * oid)1574 static int x509_sha2_oid(struct asn1_oid *oid)
1575 {
1576 return oid->len == 9 &&
1577 oid->oid[0] == 2 /* joint-iso-itu-t */ &&
1578 oid->oid[1] == 16 /* country */ &&
1579 oid->oid[2] == 840 /* us */ &&
1580 oid->oid[3] == 1 /* organization */ &&
1581 oid->oid[4] == 101 /* gov */ &&
1582 oid->oid[5] == 3 /* csor */ &&
1583 oid->oid[6] == 4 /* nistAlgorithm */ &&
1584 oid->oid[7] == 2 /* hashAlgs */;
1585 }
1586
1587
x509_sha256_oid(struct asn1_oid * oid)1588 int x509_sha256_oid(struct asn1_oid *oid)
1589 {
1590 return x509_sha2_oid(oid) &&
1591 oid->oid[8] == 1 /* sha256 */;
1592 }
1593
1594
x509_sha384_oid(struct asn1_oid * oid)1595 int x509_sha384_oid(struct asn1_oid *oid)
1596 {
1597 return x509_sha2_oid(oid) &&
1598 oid->oid[8] == 2 /* sha384 */;
1599 }
1600
1601
x509_sha512_oid(struct asn1_oid * oid)1602 int x509_sha512_oid(struct asn1_oid *oid)
1603 {
1604 return x509_sha2_oid(oid) &&
1605 oid->oid[8] == 3 /* sha512 */;
1606 }
1607
1608
1609 /**
1610 * x509_certificate_parse - Parse a X.509 certificate in DER format
1611 * @buf: Pointer to the X.509 certificate in DER format
1612 * @len: Buffer length
1613 * Returns: Pointer to the parsed certificate or %NULL on failure
1614 *
1615 * Caller is responsible for freeing the returned certificate by calling
1616 * x509_certificate_free().
1617 */
x509_certificate_parse(const u8 * buf,size_t len)1618 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
1619 {
1620 struct asn1_hdr hdr;
1621 const u8 *pos, *end, *hash_start;
1622 struct x509_certificate *cert;
1623
1624 cert = os_zalloc(sizeof(*cert) + len);
1625 if (cert == NULL)
1626 return NULL;
1627 os_memcpy(cert + 1, buf, len);
1628 cert->cert_start = (u8 *) (cert + 1);
1629 cert->cert_len = len;
1630
1631 pos = buf;
1632 end = buf + len;
1633
1634 /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
1635
1636 /* Certificate ::= SEQUENCE */
1637 if (asn1_get_next(pos, len, &hdr) < 0 ||
1638 hdr.class != ASN1_CLASS_UNIVERSAL ||
1639 hdr.tag != ASN1_TAG_SEQUENCE) {
1640 wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
1641 "a valid SEQUENCE - found class %d tag 0x%x",
1642 hdr.class, hdr.tag);
1643 x509_certificate_free(cert);
1644 return NULL;
1645 }
1646 pos = hdr.payload;
1647
1648 if (hdr.length > end - pos) {
1649 x509_certificate_free(cert);
1650 return NULL;
1651 }
1652
1653 if (hdr.length < end - pos) {
1654 wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
1655 "encoded certificate",
1656 pos + hdr.length, end - (pos + hdr.length));
1657 end = pos + hdr.length;
1658 }
1659
1660 hash_start = pos;
1661 cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1662 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1663 x509_certificate_free(cert);
1664 return NULL;
1665 }
1666 cert->tbs_cert_len = pos - hash_start;
1667
1668 /* signatureAlgorithm AlgorithmIdentifier */
1669 if (x509_parse_algorithm_identifier(pos, end - pos,
1670 &cert->signature_alg, &pos)) {
1671 x509_certificate_free(cert);
1672 return NULL;
1673 }
1674
1675 /* signatureValue BIT STRING */
1676 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1677 hdr.class != ASN1_CLASS_UNIVERSAL ||
1678 hdr.tag != ASN1_TAG_BITSTRING) {
1679 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
1680 "(signatureValue) - found class %d tag 0x%x",
1681 hdr.class, hdr.tag);
1682 x509_certificate_free(cert);
1683 return NULL;
1684 }
1685 if (hdr.length < 1) {
1686 x509_certificate_free(cert);
1687 return NULL;
1688 }
1689 pos = hdr.payload;
1690 if (*pos) {
1691 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
1692 *pos);
1693 /* PKCS #1 v1.5 10.2.1:
1694 * It is an error if the length in bits of the signature S is
1695 * not a multiple of eight.
1696 */
1697 x509_certificate_free(cert);
1698 return NULL;
1699 }
1700 os_free(cert->sign_value);
1701 cert->sign_value = os_memdup(pos + 1, hdr.length - 1);
1702 if (cert->sign_value == NULL) {
1703 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
1704 "signatureValue");
1705 x509_certificate_free(cert);
1706 return NULL;
1707 }
1708 cert->sign_value_len = hdr.length - 1;
1709 wpa_hexdump(MSG_MSGDUMP, "X509: signature",
1710 cert->sign_value, cert->sign_value_len);
1711
1712 return cert;
1713 }
1714
1715
1716 /**
1717 * x509_certificate_check_signature - Verify certificate signature
1718 * @issuer: Issuer certificate
1719 * @cert: Certificate to be verified
1720 * Returns: 0 if cert has a valid signature that was signed by the issuer,
1721 * -1 if not
1722 */
x509_certificate_check_signature(struct x509_certificate * issuer,struct x509_certificate * cert)1723 int x509_certificate_check_signature(struct x509_certificate *issuer,
1724 struct x509_certificate *cert)
1725 {
1726 return x509_check_signature(issuer, &cert->signature,
1727 cert->sign_value, cert->sign_value_len,
1728 cert->tbs_cert_start, cert->tbs_cert_len);
1729 }
1730
1731
x509_check_signature(struct x509_certificate * issuer,struct x509_algorithm_identifier * signature,const u8 * sign_value,size_t sign_value_len,const u8 * signed_data,size_t signed_data_len)1732 int x509_check_signature(struct x509_certificate *issuer,
1733 struct x509_algorithm_identifier *signature,
1734 const u8 *sign_value, size_t sign_value_len,
1735 const u8 *signed_data, size_t signed_data_len)
1736 {
1737 struct crypto_public_key *pk;
1738 u8 *data;
1739 const u8 *pos, *end, *next, *da_end;
1740 size_t data_len;
1741 struct asn1_hdr hdr;
1742 struct asn1_oid oid;
1743 u8 hash[64];
1744 size_t hash_len;
1745 const u8 *addr[1] = { signed_data };
1746 size_t len[1] = { signed_data_len };
1747
1748 if (!x509_pkcs_oid(&signature->oid) ||
1749 signature->oid.len != 7 ||
1750 signature->oid.oid[5] != 1 /* pkcs-1 */) {
1751 wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
1752 "algorithm");
1753 return -1;
1754 }
1755
1756 pk = crypto_public_key_import(issuer->public_key,
1757 issuer->public_key_len);
1758 if (pk == NULL)
1759 return -1;
1760
1761 data_len = sign_value_len;
1762 data = os_malloc(data_len);
1763 if (data == NULL) {
1764 crypto_public_key_free(pk);
1765 return -1;
1766 }
1767
1768 if (crypto_public_key_decrypt_pkcs1(pk, sign_value,
1769 sign_value_len, data,
1770 &data_len) < 0) {
1771 wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
1772 crypto_public_key_free(pk);
1773 os_free(data);
1774 return -1;
1775 }
1776 crypto_public_key_free(pk);
1777
1778 wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
1779
1780 /*
1781 * PKCS #1 v1.5, 10.1.2:
1782 *
1783 * DigestInfo ::= SEQUENCE {
1784 * digestAlgorithm DigestAlgorithmIdentifier,
1785 * digest Digest
1786 * }
1787 *
1788 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1789 *
1790 * Digest ::= OCTET STRING
1791 *
1792 */
1793 if (asn1_get_next(data, data_len, &hdr) < 0 ||
1794 hdr.class != ASN1_CLASS_UNIVERSAL ||
1795 hdr.tag != ASN1_TAG_SEQUENCE) {
1796 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1797 "(DigestInfo) - found class %d tag 0x%x",
1798 hdr.class, hdr.tag);
1799 os_free(data);
1800 return -1;
1801 }
1802
1803 pos = hdr.payload;
1804 end = pos + hdr.length;
1805
1806 /*
1807 * X.509:
1808 * AlgorithmIdentifier ::= SEQUENCE {
1809 * algorithm OBJECT IDENTIFIER,
1810 * parameters ANY DEFINED BY algorithm OPTIONAL
1811 * }
1812 */
1813
1814 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1815 hdr.class != ASN1_CLASS_UNIVERSAL ||
1816 hdr.tag != ASN1_TAG_SEQUENCE) {
1817 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1818 "(AlgorithmIdentifier) - found class %d tag 0x%x",
1819 hdr.class, hdr.tag);
1820 os_free(data);
1821 return -1;
1822 }
1823 da_end = hdr.payload + hdr.length;
1824
1825 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
1826 wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
1827 os_free(data);
1828 return -1;
1829 }
1830
1831 if (x509_sha1_oid(&oid)) {
1832 if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
1833 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
1834 "does not match with certificate "
1835 "signatureAlgorithm (%lu)",
1836 signature->oid.oid[6]);
1837 os_free(data);
1838 return -1;
1839 }
1840 goto skip_digest_oid;
1841 }
1842
1843 if (x509_sha256_oid(&oid)) {
1844 if (signature->oid.oid[6] !=
1845 11 /* sha2561WithRSAEncryption */) {
1846 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
1847 "does not match with certificate "
1848 "signatureAlgorithm (%lu)",
1849 signature->oid.oid[6]);
1850 os_free(data);
1851 return -1;
1852 }
1853 goto skip_digest_oid;
1854 }
1855
1856 if (x509_sha384_oid(&oid)) {
1857 if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) {
1858 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 "
1859 "does not match with certificate "
1860 "signatureAlgorithm (%lu)",
1861 signature->oid.oid[6]);
1862 os_free(data);
1863 return -1;
1864 }
1865 goto skip_digest_oid;
1866 }
1867
1868 if (x509_sha512_oid(&oid)) {
1869 if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) {
1870 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 "
1871 "does not match with certificate "
1872 "signatureAlgorithm (%lu)",
1873 signature->oid.oid[6]);
1874 os_free(data);
1875 return -1;
1876 }
1877 goto skip_digest_oid;
1878 }
1879
1880 if (!x509_digest_oid(&oid)) {
1881 wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
1882 os_free(data);
1883 return -1;
1884 }
1885 switch (oid.oid[5]) {
1886 case 5: /* md5 */
1887 if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) {
1888 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
1889 "not match with certificate "
1890 "signatureAlgorithm (%lu)",
1891 signature->oid.oid[6]);
1892 os_free(data);
1893 return -1;
1894 }
1895 break;
1896 case 2: /* md2 */
1897 case 4: /* md4 */
1898 default:
1899 wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
1900 "(%lu)", oid.oid[5]);
1901 os_free(data);
1902 return -1;
1903 }
1904
1905 skip_digest_oid:
1906 /* Digest ::= OCTET STRING */
1907 pos = da_end;
1908 end = data + data_len;
1909
1910 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1911 hdr.class != ASN1_CLASS_UNIVERSAL ||
1912 hdr.tag != ASN1_TAG_OCTETSTRING) {
1913 wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
1914 "(Digest) - found class %d tag 0x%x",
1915 hdr.class, hdr.tag);
1916 os_free(data);
1917 return -1;
1918 }
1919 wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
1920 hdr.payload, hdr.length);
1921
1922 switch (signature->oid.oid[6]) {
1923 case 4: /* md5WithRSAEncryption */
1924 md5_vector(1, addr, len, hash);
1925 hash_len = 16;
1926 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
1927 hash, hash_len);
1928 break;
1929 case 5: /* sha-1WithRSAEncryption */
1930 sha1_vector(1, addr, len, hash);
1931 hash_len = 20;
1932 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
1933 hash, hash_len);
1934 break;
1935 case 11: /* sha256WithRSAEncryption */
1936 sha256_vector(1, addr, len, hash);
1937 hash_len = 32;
1938 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
1939 hash, hash_len);
1940 break;
1941 case 12: /* sha384WithRSAEncryption */
1942 sha384_vector(1, addr, len, hash);
1943 hash_len = 48;
1944 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)",
1945 hash, hash_len);
1946 break;
1947 case 13: /* sha512WithRSAEncryption */
1948 sha512_vector(1, addr, len, hash);
1949 hash_len = 64;
1950 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)",
1951 hash, hash_len);
1952 break;
1953 case 2: /* md2WithRSAEncryption */
1954 default:
1955 wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
1956 "algorithm (%lu)", signature->oid.oid[6]);
1957 os_free(data);
1958 return -1;
1959 }
1960
1961 if (hdr.length != hash_len ||
1962 os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
1963 wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
1964 "with calculated tbsCertificate hash");
1965 os_free(data);
1966 return -1;
1967 }
1968
1969 if (hdr.payload + hdr.length < data + data_len) {
1970 wpa_hexdump(MSG_INFO,
1971 "X509: Extra data after certificate signature hash",
1972 hdr.payload + hdr.length,
1973 data + data_len - hdr.payload - hdr.length);
1974 os_free(data);
1975 return -1;
1976 }
1977
1978 os_free(data);
1979
1980 wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
1981 "calculated tbsCertificate hash");
1982
1983 return 0;
1984 }
1985
1986
x509_valid_issuer(const struct x509_certificate * cert)1987 static int x509_valid_issuer(const struct x509_certificate *cert)
1988 {
1989 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1990 !cert->ca) {
1991 wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
1992 "issuer");
1993 return -1;
1994 }
1995
1996 if (cert->version == X509_CERT_V3 &&
1997 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
1998 wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
1999 "include BasicConstraints extension");
2000 return -1;
2001 }
2002
2003 if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
2004 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
2005 wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
2006 "keyCertSign bit in Key Usage");
2007 return -1;
2008 }
2009
2010 return 0;
2011 }
2012
2013
2014 /**
2015 * x509_certificate_chain_validate - Validate X.509 certificate chain
2016 * @trusted: List of trusted certificates
2017 * @chain: Certificate chain to be validated (first chain must be issued by
2018 * signed by the second certificate in the chain and so on)
2019 * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
2020 * Returns: 0 if chain is valid, -1 if not
2021 */
x509_certificate_chain_validate(struct x509_certificate * trusted,struct x509_certificate * chain,int * reason,int disable_time_checks)2022 int x509_certificate_chain_validate(struct x509_certificate *trusted,
2023 struct x509_certificate *chain,
2024 int *reason, int disable_time_checks)
2025 {
2026 long unsigned idx;
2027 int chain_trusted = 0;
2028 struct x509_certificate *cert, *trust;
2029 char buf[128];
2030 struct os_time now;
2031
2032 *reason = X509_VALIDATE_OK;
2033
2034 wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
2035 os_get_time(&now);
2036
2037 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
2038 cert->issuer_trusted = 0;
2039 x509_name_string(&cert->subject, buf, sizeof(buf));
2040 wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
2041
2042 if (chain_trusted)
2043 continue;
2044
2045 if (!disable_time_checks &&
2046 ((unsigned long) now.sec <
2047 (unsigned long) cert->not_before ||
2048 (unsigned long) now.sec >
2049 (unsigned long) cert->not_after)) {
2050 wpa_printf(MSG_INFO, "X509: Certificate not valid "
2051 "(now=%lu not_before=%lu not_after=%lu)",
2052 now.sec, cert->not_before, cert->not_after);
2053 *reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
2054 return -1;
2055 }
2056
2057 if (cert->next) {
2058 if (x509_name_compare(&cert->issuer,
2059 &cert->next->subject) != 0) {
2060 wpa_printf(MSG_DEBUG, "X509: Certificate "
2061 "chain issuer name mismatch");
2062 x509_name_string(&cert->issuer, buf,
2063 sizeof(buf));
2064 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
2065 buf);
2066 x509_name_string(&cert->next->subject, buf,
2067 sizeof(buf));
2068 wpa_printf(MSG_DEBUG, "X509: next cert "
2069 "subject: %s", buf);
2070 *reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
2071 return -1;
2072 }
2073
2074 if (x509_valid_issuer(cert->next) < 0) {
2075 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2076 return -1;
2077 }
2078
2079 if ((cert->next->extensions_present &
2080 X509_EXT_PATH_LEN_CONSTRAINT) &&
2081 idx > cert->next->path_len_constraint) {
2082 wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
2083 " not met (idx=%lu issuer "
2084 "pathLenConstraint=%lu)", idx,
2085 cert->next->path_len_constraint);
2086 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2087 return -1;
2088 }
2089
2090 if (x509_certificate_check_signature(cert->next, cert)
2091 < 0) {
2092 wpa_printf(MSG_DEBUG, "X509: Invalid "
2093 "certificate signature within "
2094 "chain");
2095 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2096 return -1;
2097 }
2098 }
2099
2100 for (trust = trusted; trust; trust = trust->next) {
2101 if (x509_name_compare(&cert->issuer, &trust->subject)
2102 == 0)
2103 break;
2104 }
2105
2106 if (trust) {
2107 wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
2108 "list of trusted certificates");
2109 if (x509_valid_issuer(trust) < 0) {
2110 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2111 return -1;
2112 }
2113
2114 if (x509_certificate_check_signature(trust, cert) < 0)
2115 {
2116 wpa_printf(MSG_DEBUG, "X509: Invalid "
2117 "certificate signature");
2118 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2119 return -1;
2120 }
2121
2122 wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
2123 "found to complete the chain");
2124 cert->issuer_trusted = 1;
2125 chain_trusted = 1;
2126 }
2127 }
2128
2129 if (!chain_trusted) {
2130 wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
2131 "from the list of trusted certificates");
2132 if (trusted) {
2133 *reason = X509_VALIDATE_UNKNOWN_CA;
2134 return -1;
2135 }
2136 wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
2137 "disabled - ignore unknown CA issue");
2138 }
2139
2140 wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
2141
2142 return 0;
2143 }
2144
2145
2146 /**
2147 * x509_certificate_get_subject - Get a certificate based on Subject name
2148 * @chain: Certificate chain to search through
2149 * @name: Subject name to search for
2150 * Returns: Pointer to the certificate with the given Subject name or
2151 * %NULL on failure
2152 */
2153 struct x509_certificate *
x509_certificate_get_subject(struct x509_certificate * chain,struct x509_name * name)2154 x509_certificate_get_subject(struct x509_certificate *chain,
2155 struct x509_name *name)
2156 {
2157 struct x509_certificate *cert;
2158
2159 for (cert = chain; cert; cert = cert->next) {
2160 if (x509_name_compare(&cert->subject, name) == 0)
2161 return cert;
2162 }
2163 return NULL;
2164 }
2165
2166
2167 /**
2168 * x509_certificate_self_signed - Is the certificate self-signed?
2169 * @cert: Certificate
2170 * Returns: 1 if certificate is self-signed, 0 if not
2171 */
x509_certificate_self_signed(struct x509_certificate * cert)2172 int x509_certificate_self_signed(struct x509_certificate *cert)
2173 {
2174 return x509_name_compare(&cert->issuer, &cert->subject) == 0;
2175 }
2176