1 /*
2 * X.509v3 certificate parsing and processing (RFC 3280 profile)
3 * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18
19 #ifdef CONFIG_INTERNAL_X509
20
21 #include "asn1.h"
22 #include "crypto.h"
23 #include "x509v3.h"
24
25
x509_free_name(struct x509_name * name)26 static void x509_free_name(struct x509_name *name)
27 {
28 os_free(name->cn);
29 os_free(name->c);
30 os_free(name->l);
31 os_free(name->st);
32 os_free(name->o);
33 os_free(name->ou);
34 os_free(name->email);
35 name->cn = name->c = name->l = name->st = name->o = name->ou = NULL;
36 name->email = NULL;
37 }
38
39
40 /**
41 * x509_certificate_free - Free an X.509 certificate
42 * @cert: Certificate to be freed
43 */
x509_certificate_free(struct x509_certificate * cert)44 void x509_certificate_free(struct x509_certificate *cert)
45 {
46 if (cert == NULL)
47 return;
48 if (cert->next) {
49 wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
50 "was still on a list (next=%p)\n",
51 cert, cert->next);
52 }
53 x509_free_name(&cert->issuer);
54 x509_free_name(&cert->subject);
55 os_free(cert->public_key);
56 os_free(cert->sign_value);
57 os_free(cert);
58 }
59
60
61 /**
62 * x509_certificate_free - Free an X.509 certificate chain
63 * @cert: Pointer to the first certificate in the chain
64 */
x509_certificate_chain_free(struct x509_certificate * cert)65 void x509_certificate_chain_free(struct x509_certificate *cert)
66 {
67 struct x509_certificate *next;
68
69 while (cert) {
70 next = cert->next;
71 cert->next = NULL;
72 x509_certificate_free(cert);
73 cert = next;
74 }
75 }
76
77
x509_whitespace(char c)78 static int x509_whitespace(char c)
79 {
80 return c == ' ' || c == '\t';
81 }
82
83
x509_str_strip_whitespace(char * a)84 static void x509_str_strip_whitespace(char *a)
85 {
86 char *ipos, *opos;
87 int remove_whitespace = 1;
88
89 ipos = opos = a;
90
91 while (*ipos) {
92 if (remove_whitespace && x509_whitespace(*ipos))
93 ipos++;
94 else {
95 remove_whitespace = x509_whitespace(*ipos);
96 *opos++ = *ipos++;
97 }
98 }
99
100 *opos-- = '\0';
101 if (opos > a && x509_whitespace(*opos))
102 *opos = '\0';
103 }
104
105
x509_str_compare(const char * a,const char * b)106 static int x509_str_compare(const char *a, const char *b)
107 {
108 char *aa, *bb;
109 int ret;
110
111 if (!a && b)
112 return -1;
113 if (a && !b)
114 return 1;
115 if (!a && !b)
116 return 0;
117
118 aa = os_strdup(a);
119 bb = os_strdup(b);
120
121 if (aa == NULL || bb == NULL) {
122 os_free(aa);
123 os_free(bb);
124 return os_strcasecmp(a, b);
125 }
126
127 x509_str_strip_whitespace(aa);
128 x509_str_strip_whitespace(bb);
129
130 ret = os_strcasecmp(aa, bb);
131
132 os_free(aa);
133 os_free(bb);
134
135 return ret;
136 }
137
138
139 /**
140 * x509_name_compare - Compare X.509 certificate names
141 * @a: Certificate name
142 * @b: Certificate name
143 * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
144 * greater than b
145 */
x509_name_compare(struct x509_name * a,struct x509_name * b)146 int x509_name_compare(struct x509_name *a, struct x509_name *b)
147 {
148 int res;
149
150 if (!a && b)
151 return -1;
152 if (a && !b)
153 return 1;
154 if (!a && !b)
155 return 0;
156
157 res = x509_str_compare(a->cn, b->cn);
158 if (res)
159 return res;
160 res = x509_str_compare(a->c, b->c);
161 if (res)
162 return res;
163 res = x509_str_compare(a->l, b->l);
164 if (res)
165 return res;
166 res = x509_str_compare(a->st, b->st);
167 if (res)
168 return res;
169 res = x509_str_compare(a->o, b->o);
170 if (res)
171 return res;
172 res = x509_str_compare(a->ou, b->ou);
173 if (res)
174 return res;
175 res = x509_str_compare(a->email, b->email);
176 if (res)
177 return res;
178
179 return 0;
180 }
181
182
x509_parse_algorithm_identifier(const u8 * buf,size_t len,struct x509_algorithm_identifier * id,const u8 ** next)183 static int x509_parse_algorithm_identifier(
184 const u8 *buf, size_t len,
185 struct x509_algorithm_identifier *id, const u8 **next)
186 {
187 struct asn1_hdr hdr;
188 const u8 *pos, *end;
189
190 /*
191 * AlgorithmIdentifier ::= SEQUENCE {
192 * algorithm OBJECT IDENTIFIER,
193 * parameters ANY DEFINED BY algorithm OPTIONAL
194 * }
195 */
196
197 if (asn1_get_next(buf, len, &hdr) < 0 ||
198 hdr.class != ASN1_CLASS_UNIVERSAL ||
199 hdr.tag != ASN1_TAG_SEQUENCE) {
200 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
201 "(AlgorithmIdentifier) - found class %d tag 0x%x",
202 hdr.class, hdr.tag);
203 return -1;
204 }
205 pos = hdr.payload;
206 end = pos + hdr.length;
207
208 if (end > buf + len)
209 return -1;
210
211 *next = end;
212
213 if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
214 return -1;
215
216 /* TODO: optional parameters */
217
218 return 0;
219 }
220
221
x509_parse_public_key(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)222 static int x509_parse_public_key(const u8 *buf, size_t len,
223 struct x509_certificate *cert,
224 const u8 **next)
225 {
226 struct asn1_hdr hdr;
227 const u8 *pos, *end;
228
229 /*
230 * SubjectPublicKeyInfo ::= SEQUENCE {
231 * algorithm AlgorithmIdentifier,
232 * subjectPublicKey BIT STRING
233 * }
234 */
235
236 pos = buf;
237 end = buf + len;
238
239 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
240 hdr.class != ASN1_CLASS_UNIVERSAL ||
241 hdr.tag != ASN1_TAG_SEQUENCE) {
242 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
243 "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
244 hdr.class, hdr.tag);
245 return -1;
246 }
247 pos = hdr.payload;
248
249 if (pos + hdr.length > end)
250 return -1;
251 end = pos + hdr.length;
252 *next = end;
253
254 if (x509_parse_algorithm_identifier(pos, end - pos,
255 &cert->public_key_alg, &pos))
256 return -1;
257
258 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
259 hdr.class != ASN1_CLASS_UNIVERSAL ||
260 hdr.tag != ASN1_TAG_BITSTRING) {
261 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
262 "(subjectPublicKey) - found class %d tag 0x%x",
263 hdr.class, hdr.tag);
264 return -1;
265 }
266 if (hdr.length < 1)
267 return -1;
268 pos = hdr.payload;
269 if (*pos) {
270 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
271 *pos);
272 /*
273 * TODO: should this be rejected? X.509 certificates are
274 * unlikely to use such a construction. Now we would end up
275 * including the extra bits in the buffer which may also be
276 * ok.
277 */
278 }
279 os_free(cert->public_key);
280 cert->public_key = os_malloc(hdr.length - 1);
281 if (cert->public_key == NULL) {
282 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
283 "public key");
284 return -1;
285 }
286 os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
287 cert->public_key_len = hdr.length - 1;
288 wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
289 cert->public_key, cert->public_key_len);
290
291 return 0;
292 }
293
294
x509_parse_name(const u8 * buf,size_t len,struct x509_name * name,const u8 ** next)295 static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
296 const u8 **next)
297 {
298 struct asn1_hdr hdr;
299 const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
300 struct asn1_oid oid;
301 char **fieldp;
302
303 /*
304 * Name ::= CHOICE { RDNSequence }
305 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
306 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
307 * AttributeTypeAndValue ::= SEQUENCE {
308 * type AttributeType,
309 * value AttributeValue
310 * }
311 * AttributeType ::= OBJECT IDENTIFIER
312 * AttributeValue ::= ANY DEFINED BY AttributeType
313 */
314
315 if (asn1_get_next(buf, len, &hdr) < 0 ||
316 hdr.class != ASN1_CLASS_UNIVERSAL ||
317 hdr.tag != ASN1_TAG_SEQUENCE) {
318 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
319 "(Name / RDNSequencer) - found class %d tag 0x%x",
320 hdr.class, hdr.tag);
321 return -1;
322 }
323 pos = hdr.payload;
324
325 if (pos + hdr.length > buf + len)
326 return -1;
327
328 end = *next = pos + hdr.length;
329
330 while (pos < end) {
331 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
332 hdr.class != ASN1_CLASS_UNIVERSAL ||
333 hdr.tag != ASN1_TAG_SET) {
334 wpa_printf(MSG_DEBUG, "X509: Expected SET "
335 "(RelativeDistinguishedName) - found class "
336 "%d tag 0x%x", hdr.class, hdr.tag);
337 x509_free_name(name);
338 return -1;
339 }
340
341 set_pos = hdr.payload;
342 pos = set_end = hdr.payload + hdr.length;
343
344 if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
345 hdr.class != ASN1_CLASS_UNIVERSAL ||
346 hdr.tag != ASN1_TAG_SEQUENCE) {
347 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
348 "(AttributeTypeAndValue) - found class %d "
349 "tag 0x%x", hdr.class, hdr.tag);
350 x509_free_name(name);
351 return -1;
352 }
353
354 seq_pos = hdr.payload;
355 seq_end = hdr.payload + hdr.length;
356
357 if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
358 x509_free_name(name);
359 return -1;
360 }
361
362 if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
363 hdr.class != ASN1_CLASS_UNIVERSAL) {
364 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
365 "AttributeValue");
366 x509_free_name(name);
367 return -1;
368 }
369
370 /* RFC 3280:
371 * MUST: country, organization, organizational-unit,
372 * distinguished name qualifier, state or province name,
373 * common name, serial number.
374 * SHOULD: locality, title, surname, given name, initials,
375 * pseudonym, generation qualifier.
376 * MUST: domainComponent (RFC 2247).
377 */
378 fieldp = NULL;
379 if (oid.len == 4 &&
380 oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
381 /* id-at ::= 2.5.4 */
382 switch (oid.oid[3]) {
383 case 3:
384 /* commonName */
385 fieldp = &name->cn;
386 break;
387 case 6:
388 /* countryName */
389 fieldp = &name->c;
390 break;
391 case 7:
392 /* localityName */
393 fieldp = &name->l;
394 break;
395 case 8:
396 /* stateOrProvinceName */
397 fieldp = &name->st;
398 break;
399 case 10:
400 /* organizationName */
401 fieldp = &name->o;
402 break;
403 case 11:
404 /* organizationalUnitName */
405 fieldp = &name->ou;
406 break;
407 }
408 } else if (oid.len == 7 &&
409 oid.oid[0] == 1 && oid.oid[1] == 2 &&
410 oid.oid[2] == 840 && oid.oid[3] == 113549 &&
411 oid.oid[4] == 1 && oid.oid[5] == 9 &&
412 oid.oid[6] == 1) {
413 /* 1.2.840.113549.1.9.1 - e-mailAddress */
414 fieldp = &name->email;
415 }
416
417 if (fieldp == NULL) {
418 wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
419 (u8 *) oid.oid,
420 oid.len * sizeof(oid.oid[0]));
421 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
422 hdr.payload, hdr.length);
423 continue;
424 }
425
426 os_free(*fieldp);
427 *fieldp = os_malloc(hdr.length + 1);
428 if (*fieldp == NULL) {
429 x509_free_name(name);
430 return -1;
431 }
432 os_memcpy(*fieldp, hdr.payload, hdr.length);
433 (*fieldp)[hdr.length] = '\0';
434 }
435
436 return 0;
437 }
438
439
440 /**
441 * x509_name_string - Convert an X.509 certificate name into a string
442 * @name: Name to convert
443 * @buf: Buffer for the string
444 * @len: Maximum buffer length
445 */
x509_name_string(struct x509_name * name,char * buf,size_t len)446 void x509_name_string(struct x509_name *name, char *buf, size_t len)
447 {
448 char *pos, *end;
449 int ret;
450
451 if (len == 0)
452 return;
453
454 pos = buf;
455 end = buf + len;
456
457 if (name->c) {
458 ret = os_snprintf(pos, end - pos, "C=%s, ", name->c);
459 if (ret < 0 || ret >= end - pos)
460 goto done;
461 pos += ret;
462 }
463 if (name->st) {
464 ret = os_snprintf(pos, end - pos, "ST=%s, ", name->st);
465 if (ret < 0 || ret >= end - pos)
466 goto done;
467 pos += ret;
468 }
469 if (name->l) {
470 ret = os_snprintf(pos, end - pos, "L=%s, ", name->l);
471 if (ret < 0 || ret >= end - pos)
472 goto done;
473 pos += ret;
474 }
475 if (name->o) {
476 ret = os_snprintf(pos, end - pos, "O=%s, ", name->o);
477 if (ret < 0 || ret >= end - pos)
478 goto done;
479 pos += ret;
480 }
481 if (name->ou) {
482 ret = os_snprintf(pos, end - pos, "OU=%s, ", name->ou);
483 if (ret < 0 || ret >= end - pos)
484 goto done;
485 pos += ret;
486 }
487 if (name->cn) {
488 ret = os_snprintf(pos, end - pos, "CN=%s, ", name->cn);
489 if (ret < 0 || ret >= end - pos)
490 goto done;
491 pos += ret;
492 }
493
494 if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
495 *pos-- = '\0';
496 *pos-- = '\0';
497 }
498
499 if (name->email) {
500 ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
501 name->email);
502 if (ret < 0 || ret >= end - pos)
503 goto done;
504 pos += ret;
505 }
506
507 done:
508 end[-1] = '\0';
509 }
510
511
x509_parse_time(const u8 * buf,size_t len,u8 asn1_tag,os_time_t * val)512 static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag,
513 os_time_t *val)
514 {
515 const char *pos;
516 int year, month, day, hour, min, sec;
517
518 /*
519 * Time ::= CHOICE {
520 * utcTime UTCTime,
521 * generalTime GeneralizedTime
522 * }
523 *
524 * UTCTime: YYMMDDHHMMSSZ
525 * GeneralizedTime: YYYYMMDDHHMMSSZ
526 */
527
528 pos = (const char *) buf;
529
530 switch (asn1_tag) {
531 case ASN1_TAG_UTCTIME:
532 if (len != 13 || buf[12] != 'Z') {
533 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
534 "UTCTime format", buf, len);
535 return -1;
536 }
537 if (sscanf(pos, "%02d", &year) != 1) {
538 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
539 "UTCTime year", buf, len);
540 return -1;
541 }
542 if (year < 50)
543 year += 2000;
544 else
545 year += 1900;
546 pos += 2;
547 break;
548 case ASN1_TAG_GENERALIZEDTIME:
549 if (len != 15 || buf[14] != 'Z') {
550 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
551 "GeneralizedTime format", buf, len);
552 return -1;
553 }
554 if (sscanf(pos, "%04d", &year) != 1) {
555 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
556 "GeneralizedTime year", buf, len);
557 return -1;
558 }
559 pos += 4;
560 break;
561 default:
562 wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
563 "GeneralizedTime - found tag 0x%x", asn1_tag);
564 return -1;
565 }
566
567 if (sscanf(pos, "%02d", &month) != 1) {
568 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
569 "(month)", buf, len);
570 return -1;
571 }
572 pos += 2;
573
574 if (sscanf(pos, "%02d", &day) != 1) {
575 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
576 "(day)", buf, len);
577 return -1;
578 }
579 pos += 2;
580
581 if (sscanf(pos, "%02d", &hour) != 1) {
582 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
583 "(hour)", buf, len);
584 return -1;
585 }
586 pos += 2;
587
588 if (sscanf(pos, "%02d", &min) != 1) {
589 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
590 "(min)", buf, len);
591 return -1;
592 }
593 pos += 2;
594
595 if (sscanf(pos, "%02d", &sec) != 1) {
596 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
597 "(sec)", buf, len);
598 return -1;
599 }
600
601 if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
602 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
603 buf, len);
604 if (year < 1970) {
605 /*
606 * At least some test certificates have been configured
607 * to use dates prior to 1970. Set the date to
608 * beginning of 1970 to handle these case.
609 */
610 wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
611 "assume epoch as the time", year);
612 *val = 0;
613 return 0;
614 }
615 return -1;
616 }
617
618 return 0;
619 }
620
621
x509_parse_validity(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)622 static int x509_parse_validity(const u8 *buf, size_t len,
623 struct x509_certificate *cert, const u8 **next)
624 {
625 struct asn1_hdr hdr;
626 const u8 *pos;
627 size_t plen;
628
629 /*
630 * Validity ::= SEQUENCE {
631 * notBefore Time,
632 * notAfter Time
633 * }
634 *
635 * RFC 3280, 4.1.2.5:
636 * CAs conforming to this profile MUST always encode certificate
637 * validity dates through the year 2049 as UTCTime; certificate
638 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
639 */
640
641 if (asn1_get_next(buf, len, &hdr) < 0 ||
642 hdr.class != ASN1_CLASS_UNIVERSAL ||
643 hdr.tag != ASN1_TAG_SEQUENCE) {
644 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
645 "(Validity) - found class %d tag 0x%x",
646 hdr.class, hdr.tag);
647 return -1;
648 }
649 pos = hdr.payload;
650 plen = hdr.length;
651
652 if (pos + plen > buf + len)
653 return -1;
654
655 *next = pos + plen;
656
657 if (asn1_get_next(pos, plen, &hdr) < 0 ||
658 hdr.class != ASN1_CLASS_UNIVERSAL ||
659 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
660 &cert->not_before) < 0) {
661 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
662 "Time", hdr.payload, hdr.length);
663 return -1;
664 }
665
666 pos = hdr.payload + hdr.length;
667 plen = *next - pos;
668
669 if (asn1_get_next(pos, plen, &hdr) < 0 ||
670 hdr.class != ASN1_CLASS_UNIVERSAL ||
671 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
672 &cert->not_after) < 0) {
673 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
674 "Time", hdr.payload, hdr.length);
675 return -1;
676 }
677
678 wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
679 (unsigned long) cert->not_before,
680 (unsigned long) cert->not_after);
681
682 return 0;
683 }
684
685
x509_id_ce_oid(struct asn1_oid * oid)686 static int x509_id_ce_oid(struct asn1_oid *oid)
687 {
688 /* id-ce arc from X.509 for standard X.509v3 extensions */
689 return oid->len >= 4 &&
690 oid->oid[0] == 2 /* joint-iso-ccitt */ &&
691 oid->oid[1] == 5 /* ds */ &&
692 oid->oid[2] == 29 /* id-ce */;
693 }
694
695
x509_parse_ext_key_usage(struct x509_certificate * cert,const u8 * pos,size_t len)696 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
697 const u8 *pos, size_t len)
698 {
699 struct asn1_hdr hdr;
700
701 /*
702 * KeyUsage ::= BIT STRING {
703 * digitalSignature (0),
704 * nonRepudiation (1),
705 * keyEncipherment (2),
706 * dataEncipherment (3),
707 * keyAgreement (4),
708 * keyCertSign (5),
709 * cRLSign (6),
710 * encipherOnly (7),
711 * decipherOnly (8) }
712 */
713
714 if (asn1_get_next(pos, len, &hdr) < 0 ||
715 hdr.class != ASN1_CLASS_UNIVERSAL ||
716 hdr.tag != ASN1_TAG_BITSTRING ||
717 hdr.length < 1) {
718 wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
719 "KeyUsage; found %d tag 0x%x len %d",
720 hdr.class, hdr.tag, hdr.length);
721 return -1;
722 }
723
724 cert->extensions_present |= X509_EXT_KEY_USAGE;
725 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
726
727 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
728
729 return 0;
730 }
731
732
x509_parse_ext_basic_constraints(struct x509_certificate * cert,const u8 * pos,size_t len)733 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
734 const u8 *pos, size_t len)
735 {
736 struct asn1_hdr hdr;
737 unsigned long value;
738 size_t left;
739
740 /*
741 * BasicConstraints ::= SEQUENCE {
742 * cA BOOLEAN DEFAULT FALSE,
743 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
744 */
745
746 if (asn1_get_next(pos, len, &hdr) < 0 ||
747 hdr.class != ASN1_CLASS_UNIVERSAL ||
748 hdr.tag != ASN1_TAG_SEQUENCE) {
749 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
750 "BasicConstraints; found %d tag 0x%x",
751 hdr.class, hdr.tag);
752 return -1;
753 }
754
755 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
756
757 if (hdr.length == 0)
758 return 0;
759
760 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
761 hdr.class != ASN1_CLASS_UNIVERSAL) {
762 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
763 "BasicConstraints");
764 return -1;
765 }
766
767 if (hdr.tag == ASN1_TAG_BOOLEAN) {
768 if (hdr.length != 1) {
769 wpa_printf(MSG_DEBUG, "X509: Unexpected "
770 "Boolean length (%u) in BasicConstraints",
771 hdr.length);
772 return -1;
773 }
774 cert->ca = hdr.payload[0];
775
776 if (hdr.payload + hdr.length == pos + len) {
777 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
778 cert->ca);
779 return 0;
780 }
781
782 if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
783 &hdr) < 0 ||
784 hdr.class != ASN1_CLASS_UNIVERSAL) {
785 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
786 "BasicConstraints");
787 return -1;
788 }
789 }
790
791 if (hdr.tag != ASN1_TAG_INTEGER) {
792 wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
793 "BasicConstraints; found class %d tag 0x%x",
794 hdr.class, hdr.tag);
795 return -1;
796 }
797
798 pos = hdr.payload;
799 left = hdr.length;
800 value = 0;
801 while (left) {
802 value <<= 8;
803 value |= *pos++;
804 left--;
805 }
806
807 cert->path_len_constraint = value;
808 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
809
810 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
811 "pathLenConstraint=%lu",
812 cert->ca, cert->path_len_constraint);
813
814 return 0;
815 }
816
817
x509_parse_extension_data(struct x509_certificate * cert,struct asn1_oid * oid,const u8 * pos,size_t len)818 static int x509_parse_extension_data(struct x509_certificate *cert,
819 struct asn1_oid *oid,
820 const u8 *pos, size_t len)
821 {
822 if (!x509_id_ce_oid(oid))
823 return 1;
824
825 /* TODO: add other extensions required by RFC 3280, Ch 4.2:
826 * certificate policies (section 4.2.1.5)
827 * the subject alternative name (section 4.2.1.7)
828 * name constraints (section 4.2.1.11)
829 * policy constraints (section 4.2.1.12)
830 * extended key usage (section 4.2.1.13)
831 * inhibit any-policy (section 4.2.1.15)
832 */
833 switch (oid->oid[3]) {
834 case 15: /* id-ce-keyUsage */
835 return x509_parse_ext_key_usage(cert, pos, len);
836 case 19: /* id-ce-basicConstraints */
837 return x509_parse_ext_basic_constraints(cert, pos, len);
838 default:
839 return 1;
840 }
841 }
842
843
x509_parse_extension(struct x509_certificate * cert,const u8 * pos,size_t len,const u8 ** next)844 static int x509_parse_extension(struct x509_certificate *cert,
845 const u8 *pos, size_t len, const u8 **next)
846 {
847 const u8 *end;
848 struct asn1_hdr hdr;
849 struct asn1_oid oid;
850 int critical_ext = 0, res;
851 char buf[80];
852
853 /*
854 * Extension ::= SEQUENCE {
855 * extnID OBJECT IDENTIFIER,
856 * critical BOOLEAN DEFAULT FALSE,
857 * extnValue OCTET STRING
858 * }
859 */
860
861 if (asn1_get_next(pos, len, &hdr) < 0 ||
862 hdr.class != ASN1_CLASS_UNIVERSAL ||
863 hdr.tag != ASN1_TAG_SEQUENCE) {
864 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
865 "Extensions: class %d tag 0x%x; expected SEQUENCE",
866 hdr.class, hdr.tag);
867 return -1;
868 }
869 pos = hdr.payload;
870 *next = end = pos + hdr.length;
871
872 if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
873 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
874 "Extension (expected OID)");
875 return -1;
876 }
877
878 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
879 hdr.class != ASN1_CLASS_UNIVERSAL ||
880 (hdr.tag != ASN1_TAG_BOOLEAN &&
881 hdr.tag != ASN1_TAG_OCTETSTRING)) {
882 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
883 "Extensions: class %d tag 0x%x; expected BOOLEAN "
884 "or OCTET STRING", hdr.class, hdr.tag);
885 return -1;
886 }
887
888 if (hdr.tag == ASN1_TAG_BOOLEAN) {
889 if (hdr.length != 1) {
890 wpa_printf(MSG_DEBUG, "X509: Unexpected "
891 "Boolean length (%u)", hdr.length);
892 return -1;
893 }
894 critical_ext = hdr.payload[0];
895 pos = hdr.payload;
896 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
897 (hdr.class != ASN1_CLASS_UNIVERSAL &&
898 hdr.class != ASN1_CLASS_PRIVATE) ||
899 hdr.tag != ASN1_TAG_OCTETSTRING) {
900 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
901 "in Extensions: class %d tag 0x%x; "
902 "expected OCTET STRING",
903 hdr.class, hdr.tag);
904 return -1;
905 }
906 }
907
908 asn1_oid_to_str(&oid, buf, sizeof(buf));
909 wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
910 buf, critical_ext);
911 wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
912
913 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
914 if (res < 0)
915 return res;
916 if (res == 1 && critical_ext) {
917 wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
918 buf);
919 return -1;
920 }
921
922 return 0;
923 }
924
925
x509_parse_extensions(struct x509_certificate * cert,const u8 * pos,size_t len)926 static int x509_parse_extensions(struct x509_certificate *cert,
927 const u8 *pos, size_t len)
928 {
929 const u8 *end;
930 struct asn1_hdr hdr;
931
932 /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */
933
934 if (asn1_get_next(pos, len, &hdr) < 0 ||
935 hdr.class != ASN1_CLASS_UNIVERSAL ||
936 hdr.tag != ASN1_TAG_SEQUENCE) {
937 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
938 "for Extensions: class %d tag 0x%x; "
939 "expected SEQUENCE", hdr.class, hdr.tag);
940 return -1;
941 }
942
943 pos = hdr.payload;
944 end = pos + hdr.length;
945
946 while (pos < end) {
947 if (x509_parse_extension(cert, pos, end - pos, &pos)
948 < 0)
949 return -1;
950 }
951
952 return 0;
953 }
954
955
x509_parse_tbs_certificate(const u8 * buf,size_t len,struct x509_certificate * cert,const u8 ** next)956 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
957 struct x509_certificate *cert,
958 const u8 **next)
959 {
960 struct asn1_hdr hdr;
961 const u8 *pos, *end;
962 size_t left;
963 char sbuf[128];
964 unsigned long value;
965
966 /* tbsCertificate TBSCertificate ::= SEQUENCE */
967 if (asn1_get_next(buf, len, &hdr) < 0 ||
968 hdr.class != ASN1_CLASS_UNIVERSAL ||
969 hdr.tag != ASN1_TAG_SEQUENCE) {
970 wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
971 "with a valid SEQUENCE - found class %d tag 0x%x",
972 hdr.class, hdr.tag);
973 return -1;
974 }
975 pos = hdr.payload;
976 end = *next = pos + hdr.length;
977
978 /*
979 * version [0] EXPLICIT Version DEFAULT v1
980 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
981 */
982 if (asn1_get_next(pos, end - pos, &hdr) < 0)
983 return -1;
984 pos = hdr.payload;
985
986 if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
987 if (asn1_get_next(pos, end - pos, &hdr) < 0)
988 return -1;
989
990 if (hdr.class != ASN1_CLASS_UNIVERSAL ||
991 hdr.tag != ASN1_TAG_INTEGER) {
992 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
993 "version field - found class %d tag 0x%x",
994 hdr.class, hdr.tag);
995 return -1;
996 }
997 if (hdr.length != 1) {
998 wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
999 "length %u (expected 1)", hdr.length);
1000 return -1;
1001 }
1002 pos = hdr.payload;
1003 left = hdr.length;
1004 value = 0;
1005 while (left) {
1006 value <<= 8;
1007 value |= *pos++;
1008 left--;
1009 }
1010
1011 cert->version = value;
1012 if (cert->version != X509_CERT_V1 &&
1013 cert->version != X509_CERT_V2 &&
1014 cert->version != X509_CERT_V3) {
1015 wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
1016 cert->version + 1);
1017 return -1;
1018 }
1019
1020 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1021 return -1;
1022 } else
1023 cert->version = X509_CERT_V1;
1024 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1025
1026 /* serialNumber CertificateSerialNumber ::= INTEGER */
1027 if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1028 hdr.tag != ASN1_TAG_INTEGER) {
1029 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1030 "serialNumber; class=%d tag=0x%x",
1031 hdr.class, hdr.tag);
1032 return -1;
1033 }
1034
1035 pos = hdr.payload;
1036 left = hdr.length;
1037 while (left) {
1038 cert->serial_number <<= 8;
1039 cert->serial_number |= *pos++;
1040 left--;
1041 }
1042 wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
1043
1044 /* signature AlgorithmIdentifier */
1045 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1046 &pos))
1047 return -1;
1048
1049 /* issuer Name */
1050 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1051 return -1;
1052 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1053 wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
1054
1055 /* validity Validity */
1056 if (x509_parse_validity(pos, end - pos, cert, &pos))
1057 return -1;
1058
1059 /* subject Name */
1060 if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1061 return -1;
1062 x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1063 wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
1064
1065 /* subjectPublicKeyInfo SubjectPublicKeyInfo */
1066 if (x509_parse_public_key(pos, end - pos, cert, &pos))
1067 return -1;
1068
1069 if (pos == end)
1070 return 0;
1071
1072 if (cert->version == X509_CERT_V1)
1073 return 0;
1074
1075 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1076 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1077 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1078 " tag to parse optional tbsCertificate "
1079 "field(s); parsed class %d tag 0x%x",
1080 hdr.class, hdr.tag);
1081 return -1;
1082 }
1083
1084 if (hdr.tag == 1) {
1085 /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */
1086 wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
1087 /* TODO: parse UniqueIdentifier ::= BIT STRING */
1088
1089 if (hdr.payload + hdr.length == end)
1090 return 0;
1091
1092 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1093 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1094 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1095 " tag to parse optional tbsCertificate "
1096 "field(s); parsed class %d tag 0x%x",
1097 hdr.class, hdr.tag);
1098 return -1;
1099 }
1100 }
1101
1102 if (hdr.tag == 2) {
1103 /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */
1104 wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
1105 /* TODO: parse UniqueIdentifier ::= BIT STRING */
1106
1107 if (hdr.payload + hdr.length == end)
1108 return 0;
1109
1110 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1111 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1112 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1113 " tag to parse optional tbsCertificate "
1114 "field(s); parsed class %d tag 0x%x",
1115 hdr.class, hdr.tag);
1116 return -1;
1117 }
1118 }
1119
1120 if (hdr.tag != 3) {
1121 wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
1122 "Context-Specific tag %d in optional "
1123 "tbsCertificate fields", hdr.tag);
1124 return 0;
1125 }
1126
1127 /* extensions [3] EXPLICIT Extensions OPTIONAL */
1128
1129 if (cert->version != X509_CERT_V3) {
1130 wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
1131 "Extensions data which are only allowed for "
1132 "version 3", cert->version + 1);
1133 return -1;
1134 }
1135
1136 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1137 return -1;
1138
1139 pos = hdr.payload + hdr.length;
1140 if (pos < end) {
1141 wpa_hexdump(MSG_DEBUG,
1142 "X509: Ignored extra tbsCertificate data",
1143 pos, end - pos);
1144 }
1145
1146 return 0;
1147 }
1148
1149
x509_rsadsi_oid(struct asn1_oid * oid)1150 static int x509_rsadsi_oid(struct asn1_oid *oid)
1151 {
1152 return oid->len >= 4 &&
1153 oid->oid[0] == 1 /* iso */ &&
1154 oid->oid[1] == 2 /* member-body */ &&
1155 oid->oid[2] == 840 /* us */ &&
1156 oid->oid[3] == 113549 /* rsadsi */;
1157 }
1158
1159
x509_pkcs_oid(struct asn1_oid * oid)1160 static int x509_pkcs_oid(struct asn1_oid *oid)
1161 {
1162 return oid->len >= 5 &&
1163 x509_rsadsi_oid(oid) &&
1164 oid->oid[4] == 1 /* pkcs */;
1165 }
1166
1167
x509_digest_oid(struct asn1_oid * oid)1168 static int x509_digest_oid(struct asn1_oid *oid)
1169 {
1170 return oid->len >= 5 &&
1171 x509_rsadsi_oid(oid) &&
1172 oid->oid[4] == 2 /* digestAlgorithm */;
1173 }
1174
1175
x509_sha1_oid(struct asn1_oid * oid)1176 static int x509_sha1_oid(struct asn1_oid *oid)
1177 {
1178 return oid->len == 6 &&
1179 oid->oid[0] == 1 /* iso */ &&
1180 oid->oid[1] == 3 /* identified-organization */ &&
1181 oid->oid[2] == 14 /* oiw */ &&
1182 oid->oid[3] == 3 /* secsig */ &&
1183 oid->oid[4] == 2 /* algorithms */ &&
1184 oid->oid[5] == 26 /* id-sha1 */;
1185 }
1186
1187
x509_sha256_oid(struct asn1_oid * oid)1188 static int x509_sha256_oid(struct asn1_oid *oid)
1189 {
1190 return oid->len == 9 &&
1191 oid->oid[0] == 2 /* joint-iso-itu-t */ &&
1192 oid->oid[1] == 16 /* country */ &&
1193 oid->oid[2] == 840 /* us */ &&
1194 oid->oid[3] == 1 /* organization */ &&
1195 oid->oid[4] == 101 /* gov */ &&
1196 oid->oid[5] == 3 /* csor */ &&
1197 oid->oid[6] == 4 /* nistAlgorithm */ &&
1198 oid->oid[7] == 2 /* hashAlgs */ &&
1199 oid->oid[8] == 1 /* sha256 */;
1200 }
1201
1202
1203 /**
1204 * x509_certificate_parse - Parse a X.509 certificate in DER format
1205 * @buf: Pointer to the X.509 certificate in DER format
1206 * @len: Buffer length
1207 * Returns: Pointer to the parsed certificate or %NULL on failure
1208 *
1209 * Caller is responsible for freeing the returned certificate by calling
1210 * x509_certificate_free().
1211 */
x509_certificate_parse(const u8 * buf,size_t len)1212 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
1213 {
1214 struct asn1_hdr hdr;
1215 const u8 *pos, *end, *hash_start;
1216 struct x509_certificate *cert;
1217
1218 cert = os_zalloc(sizeof(*cert) + len);
1219 if (cert == NULL)
1220 return NULL;
1221 os_memcpy(cert + 1, buf, len);
1222 cert->cert_start = (u8 *) (cert + 1);
1223 cert->cert_len = len;
1224
1225 pos = buf;
1226 end = buf + len;
1227
1228 /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
1229
1230 /* Certificate ::= SEQUENCE */
1231 if (asn1_get_next(pos, len, &hdr) < 0 ||
1232 hdr.class != ASN1_CLASS_UNIVERSAL ||
1233 hdr.tag != ASN1_TAG_SEQUENCE) {
1234 wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
1235 "a valid SEQUENCE - found class %d tag 0x%x",
1236 hdr.class, hdr.tag);
1237 x509_certificate_free(cert);
1238 return NULL;
1239 }
1240 pos = hdr.payload;
1241
1242 if (pos + hdr.length > end) {
1243 x509_certificate_free(cert);
1244 return NULL;
1245 }
1246
1247 if (pos + hdr.length < end) {
1248 wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
1249 "encoded certificate",
1250 pos + hdr.length, end - pos + hdr.length);
1251 end = pos + hdr.length;
1252 }
1253
1254 hash_start = pos;
1255 cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1256 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1257 x509_certificate_free(cert);
1258 return NULL;
1259 }
1260 cert->tbs_cert_len = pos - hash_start;
1261
1262 /* signatureAlgorithm AlgorithmIdentifier */
1263 if (x509_parse_algorithm_identifier(pos, end - pos,
1264 &cert->signature_alg, &pos)) {
1265 x509_certificate_free(cert);
1266 return NULL;
1267 }
1268
1269 /* signatureValue BIT STRING */
1270 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1271 hdr.class != ASN1_CLASS_UNIVERSAL ||
1272 hdr.tag != ASN1_TAG_BITSTRING) {
1273 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
1274 "(signatureValue) - found class %d tag 0x%x",
1275 hdr.class, hdr.tag);
1276 x509_certificate_free(cert);
1277 return NULL;
1278 }
1279 if (hdr.length < 1) {
1280 x509_certificate_free(cert);
1281 return NULL;
1282 }
1283 pos = hdr.payload;
1284 if (*pos) {
1285 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
1286 *pos);
1287 /* PKCS #1 v1.5 10.2.1:
1288 * It is an error if the length in bits of the signature S is
1289 * not a multiple of eight.
1290 */
1291 x509_certificate_free(cert);
1292 return NULL;
1293 }
1294 os_free(cert->sign_value);
1295 cert->sign_value = os_malloc(hdr.length - 1);
1296 if (cert->sign_value == NULL) {
1297 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
1298 "signatureValue");
1299 x509_certificate_free(cert);
1300 return NULL;
1301 }
1302 os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1303 cert->sign_value_len = hdr.length - 1;
1304 wpa_hexdump(MSG_MSGDUMP, "X509: signature",
1305 cert->sign_value, cert->sign_value_len);
1306
1307 return cert;
1308 }
1309
1310
1311 /**
1312 * x509_certificate_check_signature - Verify certificate signature
1313 * @issuer: Issuer certificate
1314 * @cert: Certificate to be verified
1315 * Returns: 0 if cert has a valid signature that was signed by the issuer,
1316 * -1 if not
1317 */
x509_certificate_check_signature(struct x509_certificate * issuer,struct x509_certificate * cert)1318 int x509_certificate_check_signature(struct x509_certificate *issuer,
1319 struct x509_certificate *cert)
1320 {
1321 struct crypto_public_key *pk;
1322 u8 *data;
1323 const u8 *pos, *end, *next, *da_end;
1324 size_t data_len;
1325 struct asn1_hdr hdr;
1326 struct asn1_oid oid;
1327 u8 hash[32];
1328 size_t hash_len;
1329
1330 if (!x509_pkcs_oid(&cert->signature.oid) ||
1331 cert->signature.oid.len != 7 ||
1332 cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
1333 wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
1334 "algorithm");
1335 return -1;
1336 }
1337
1338 pk = crypto_public_key_import(issuer->public_key,
1339 issuer->public_key_len);
1340 if (pk == NULL)
1341 return -1;
1342
1343 data_len = cert->sign_value_len;
1344 data = os_malloc(data_len);
1345 if (data == NULL) {
1346 crypto_public_key_free(pk);
1347 return -1;
1348 }
1349
1350 if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
1351 cert->sign_value_len, data,
1352 &data_len) < 0) {
1353 wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
1354 crypto_public_key_free(pk);
1355 os_free(data);
1356 return -1;
1357 }
1358 crypto_public_key_free(pk);
1359
1360 wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
1361
1362 /*
1363 * PKCS #1 v1.5, 10.1.2:
1364 *
1365 * DigestInfo ::= SEQUENCE {
1366 * digestAlgorithm DigestAlgorithmIdentifier,
1367 * digest Digest
1368 * }
1369 *
1370 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1371 *
1372 * Digest ::= OCTET STRING
1373 *
1374 */
1375 if (asn1_get_next(data, data_len, &hdr) < 0 ||
1376 hdr.class != ASN1_CLASS_UNIVERSAL ||
1377 hdr.tag != ASN1_TAG_SEQUENCE) {
1378 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1379 "(DigestInfo) - found class %d tag 0x%x",
1380 hdr.class, hdr.tag);
1381 os_free(data);
1382 return -1;
1383 }
1384
1385 pos = hdr.payload;
1386 end = pos + hdr.length;
1387
1388 /*
1389 * X.509:
1390 * AlgorithmIdentifier ::= SEQUENCE {
1391 * algorithm OBJECT IDENTIFIER,
1392 * parameters ANY DEFINED BY algorithm OPTIONAL
1393 * }
1394 */
1395
1396 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1397 hdr.class != ASN1_CLASS_UNIVERSAL ||
1398 hdr.tag != ASN1_TAG_SEQUENCE) {
1399 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1400 "(AlgorithmIdentifier) - found class %d tag 0x%x",
1401 hdr.class, hdr.tag);
1402 os_free(data);
1403 return -1;
1404 }
1405 da_end = hdr.payload + hdr.length;
1406
1407 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
1408 wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
1409 os_free(data);
1410 return -1;
1411 }
1412
1413 if (x509_sha1_oid(&oid)) {
1414 if (cert->signature.oid.oid[6] !=
1415 5 /* sha-1WithRSAEncryption */) {
1416 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
1417 "does not match with certificate "
1418 "signatureAlgorithm (%lu)",
1419 cert->signature.oid.oid[6]);
1420 os_free(data);
1421 return -1;
1422 }
1423 goto skip_digest_oid;
1424 }
1425
1426 if (x509_sha256_oid(&oid)) {
1427 if (cert->signature.oid.oid[6] !=
1428 11 /* sha2561WithRSAEncryption */) {
1429 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
1430 "does not match with certificate "
1431 "signatureAlgorithm (%lu)",
1432 cert->signature.oid.oid[6]);
1433 os_free(data);
1434 return -1;
1435 }
1436 goto skip_digest_oid;
1437 }
1438
1439 if (!x509_digest_oid(&oid)) {
1440 wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
1441 os_free(data);
1442 return -1;
1443 }
1444 switch (oid.oid[5]) {
1445 case 5: /* md5 */
1446 if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
1447 {
1448 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
1449 "not match with certificate "
1450 "signatureAlgorithm (%lu)",
1451 cert->signature.oid.oid[6]);
1452 os_free(data);
1453 return -1;
1454 }
1455 break;
1456 case 2: /* md2 */
1457 case 4: /* md4 */
1458 default:
1459 wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
1460 "(%lu)", oid.oid[5]);
1461 os_free(data);
1462 return -1;
1463 }
1464
1465 skip_digest_oid:
1466 /* Digest ::= OCTET STRING */
1467 pos = da_end;
1468 end = data + data_len;
1469
1470 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1471 hdr.class != ASN1_CLASS_UNIVERSAL ||
1472 hdr.tag != ASN1_TAG_OCTETSTRING) {
1473 wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
1474 "(Digest) - found class %d tag 0x%x",
1475 hdr.class, hdr.tag);
1476 os_free(data);
1477 return -1;
1478 }
1479 wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
1480 hdr.payload, hdr.length);
1481
1482 switch (cert->signature.oid.oid[6]) {
1483 case 4: /* md5WithRSAEncryption */
1484 md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1485 hash);
1486 hash_len = 16;
1487 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
1488 hash, hash_len);
1489 break;
1490 case 5: /* sha-1WithRSAEncryption */
1491 sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1492 hash);
1493 hash_len = 20;
1494 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
1495 hash, hash_len);
1496 break;
1497 case 11: /* sha256WithRSAEncryption */
1498 #ifdef NEED_SHA256
1499 sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1500 hash);
1501 hash_len = 32;
1502 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
1503 hash, hash_len);
1504 break;
1505 #else /* NEED_SHA256 */
1506 wpa_printf(MSG_INFO, "X509: SHA256 support disabled");
1507 os_free(data);
1508 return -1;
1509 #endif /* NEED_SHA256 */
1510 case 2: /* md2WithRSAEncryption */
1511 case 12: /* sha384WithRSAEncryption */
1512 case 13: /* sha512WithRSAEncryption */
1513 default:
1514 wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
1515 "algorithm (%lu)", cert->signature.oid.oid[6]);
1516 os_free(data);
1517 return -1;
1518 }
1519
1520 if (hdr.length != hash_len ||
1521 os_memcmp(hdr.payload, hash, hdr.length) != 0) {
1522 wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
1523 "with calculated tbsCertificate hash");
1524 os_free(data);
1525 return -1;
1526 }
1527
1528 os_free(data);
1529
1530 wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
1531 "calculated tbsCertificate hash");
1532
1533 return 0;
1534 }
1535
1536
x509_valid_issuer(const struct x509_certificate * cert)1537 static int x509_valid_issuer(const struct x509_certificate *cert)
1538 {
1539 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1540 !cert->ca) {
1541 wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
1542 "issuer");
1543 return -1;
1544 }
1545
1546 if (cert->version == X509_CERT_V3 &&
1547 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
1548 wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
1549 "include BasicConstraints extension");
1550 return -1;
1551 }
1552
1553 if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
1554 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
1555 wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
1556 "keyCertSign bit in Key Usage");
1557 return -1;
1558 }
1559
1560 return 0;
1561 }
1562
1563
1564 /**
1565 * x509_certificate_chain_validate - Validate X.509 certificate chain
1566 * @trusted: List of trusted certificates
1567 * @chain: Certificate chain to be validated (first chain must be issued by
1568 * signed by the second certificate in the chain and so on)
1569 * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
1570 * Returns: 0 if chain is valid, -1 if not
1571 */
x509_certificate_chain_validate(struct x509_certificate * trusted,struct x509_certificate * chain,int * reason)1572 int x509_certificate_chain_validate(struct x509_certificate *trusted,
1573 struct x509_certificate *chain,
1574 int *reason)
1575 {
1576 long unsigned idx;
1577 int chain_trusted = 0;
1578 struct x509_certificate *cert, *trust;
1579 char buf[128];
1580 struct os_time now;
1581
1582 *reason = X509_VALIDATE_OK;
1583
1584 wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
1585 os_get_time(&now);
1586
1587 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
1588 x509_name_string(&cert->subject, buf, sizeof(buf));
1589 wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
1590
1591 if (chain_trusted)
1592 continue;
1593
1594 if ((unsigned long) now.sec <
1595 (unsigned long) cert->not_before ||
1596 (unsigned long) now.sec >
1597 (unsigned long) cert->not_after) {
1598 wpa_printf(MSG_INFO, "X509: Certificate not valid "
1599 "(now=%lu not_before=%lu not_after=%lu)",
1600 now.sec, cert->not_before, cert->not_after);
1601 *reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
1602 return -1;
1603 }
1604
1605 if (cert->next) {
1606 if (x509_name_compare(&cert->issuer,
1607 &cert->next->subject) != 0) {
1608 wpa_printf(MSG_DEBUG, "X509: Certificate "
1609 "chain issuer name mismatch");
1610 x509_name_string(&cert->issuer, buf,
1611 sizeof(buf));
1612 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
1613 buf);
1614 x509_name_string(&cert->next->subject, buf,
1615 sizeof(buf));
1616 wpa_printf(MSG_DEBUG, "X509: next cert "
1617 "subject: %s", buf);
1618 *reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
1619 return -1;
1620 }
1621
1622 if (x509_valid_issuer(cert->next) < 0) {
1623 *reason = X509_VALIDATE_BAD_CERTIFICATE;
1624 return -1;
1625 }
1626
1627 if ((cert->next->extensions_present &
1628 X509_EXT_PATH_LEN_CONSTRAINT) &&
1629 idx > cert->next->path_len_constraint) {
1630 wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
1631 " not met (idx=%lu issuer "
1632 "pathLenConstraint=%lu)", idx,
1633 cert->next->path_len_constraint);
1634 *reason = X509_VALIDATE_BAD_CERTIFICATE;
1635 return -1;
1636 }
1637
1638 if (x509_certificate_check_signature(cert->next, cert)
1639 < 0) {
1640 wpa_printf(MSG_DEBUG, "X509: Invalid "
1641 "certificate signature within "
1642 "chain");
1643 *reason = X509_VALIDATE_BAD_CERTIFICATE;
1644 return -1;
1645 }
1646 }
1647
1648 for (trust = trusted; trust; trust = trust->next) {
1649 if (x509_name_compare(&cert->issuer, &trust->subject)
1650 == 0)
1651 break;
1652 }
1653
1654 if (trust) {
1655 wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
1656 "list of trusted certificates");
1657 if (x509_valid_issuer(trust) < 0) {
1658 *reason = X509_VALIDATE_BAD_CERTIFICATE;
1659 return -1;
1660 }
1661
1662 if (x509_certificate_check_signature(trust, cert) < 0)
1663 {
1664 wpa_printf(MSG_DEBUG, "X509: Invalid "
1665 "certificate signature");
1666 *reason = X509_VALIDATE_BAD_CERTIFICATE;
1667 return -1;
1668 }
1669
1670 wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
1671 "found to complete the chain");
1672 chain_trusted = 1;
1673 }
1674 }
1675
1676 if (!chain_trusted) {
1677 wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
1678 "from the list of trusted certificates");
1679 if (trusted) {
1680 *reason = X509_VALIDATE_UNKNOWN_CA;
1681 return -1;
1682 }
1683 wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
1684 "disabled - ignore unknown CA issue");
1685 }
1686
1687 wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
1688
1689 return 0;
1690 }
1691
1692
1693 /**
1694 * x509_certificate_get_subject - Get a certificate based on Subject name
1695 * @chain: Certificate chain to search through
1696 * @name: Subject name to search for
1697 * Returns: Pointer to the certificate with the given Subject name or
1698 * %NULL on failure
1699 */
1700 struct x509_certificate *
x509_certificate_get_subject(struct x509_certificate * chain,struct x509_name * name)1701 x509_certificate_get_subject(struct x509_certificate *chain,
1702 struct x509_name *name)
1703 {
1704 struct x509_certificate *cert;
1705
1706 for (cert = chain; cert; cert = cert->next) {
1707 if (x509_name_compare(&cert->subject, name) == 0)
1708 return cert;
1709 }
1710 return NULL;
1711 }
1712
1713
1714 /**
1715 * x509_certificate_self_signed - Is the certificate self-signed?
1716 * @cert: Certificate
1717 * Returns: 1 if certificate is self-signed, 0 if not
1718 */
x509_certificate_self_signed(struct x509_certificate * cert)1719 int x509_certificate_self_signed(struct x509_certificate *cert)
1720 {
1721 return x509_name_compare(&cert->issuer, &cert->subject) == 0;
1722 }
1723
1724 #endif /* CONFIG_INTERNAL_X509 */
1725