1 /* 2 * X.509v3 certificate parsing and processing (RFC 3280 profile) 3 * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 #include "crypto/crypto.h" 19 #include "asn1.h" 20 #include "x509v3.h" 21 22 23 static void x509_free_name(struct x509_name *name) 24 { 25 os_free(name->cn); 26 os_free(name->c); 27 os_free(name->l); 28 os_free(name->st); 29 os_free(name->o); 30 os_free(name->ou); 31 os_free(name->email); 32 name->cn = name->c = name->l = name->st = name->o = name->ou = NULL; 33 name->email = NULL; 34 35 os_free(name->alt_email); 36 os_free(name->dns); 37 os_free(name->uri); 38 os_free(name->ip); 39 name->alt_email = name->dns = name->uri = NULL; 40 name->ip = NULL; 41 name->ip_len = 0; 42 os_memset(&name->rid, 0, sizeof(name->rid)); 43 } 44 45 46 /** 47 * x509_certificate_free - Free an X.509 certificate 48 * @cert: Certificate to be freed 49 */ 50 void x509_certificate_free(struct x509_certificate *cert) 51 { 52 if (cert == NULL) 53 return; 54 if (cert->next) { 55 wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p " 56 "was still on a list (next=%p)\n", 57 cert, cert->next); 58 } 59 x509_free_name(&cert->issuer); 60 x509_free_name(&cert->subject); 61 os_free(cert->public_key); 62 os_free(cert->sign_value); 63 os_free(cert); 64 } 65 66 67 /** 68 * x509_certificate_free - Free an X.509 certificate chain 69 * @cert: Pointer to the first certificate in the chain 70 */ 71 void x509_certificate_chain_free(struct x509_certificate *cert) 72 { 73 struct x509_certificate *next; 74 75 while (cert) { 76 next = cert->next; 77 cert->next = NULL; 78 x509_certificate_free(cert); 79 cert = next; 80 } 81 } 82 83 84 static int x509_whitespace(char c) 85 { 86 return c == ' ' || c == '\t'; 87 } 88 89 90 static void x509_str_strip_whitespace(char *a) 91 { 92 char *ipos, *opos; 93 int remove_whitespace = 1; 94 95 ipos = opos = a; 96 97 while (*ipos) { 98 if (remove_whitespace && x509_whitespace(*ipos)) 99 ipos++; 100 else { 101 remove_whitespace = x509_whitespace(*ipos); 102 *opos++ = *ipos++; 103 } 104 } 105 106 *opos-- = '\0'; 107 if (opos > a && x509_whitespace(*opos)) 108 *opos = '\0'; 109 } 110 111 112 static int x509_str_compare(const char *a, const char *b) 113 { 114 char *aa, *bb; 115 int ret; 116 117 if (!a && b) 118 return -1; 119 if (a && !b) 120 return 1; 121 if (!a && !b) 122 return 0; 123 124 aa = os_strdup(a); 125 bb = os_strdup(b); 126 127 if (aa == NULL || bb == NULL) { 128 os_free(aa); 129 os_free(bb); 130 return os_strcasecmp(a, b); 131 } 132 133 x509_str_strip_whitespace(aa); 134 x509_str_strip_whitespace(bb); 135 136 ret = os_strcasecmp(aa, bb); 137 138 os_free(aa); 139 os_free(bb); 140 141 return ret; 142 } 143 144 145 /** 146 * x509_name_compare - Compare X.509 certificate names 147 * @a: Certificate name 148 * @b: Certificate name 149 * Returns: <0, 0, or >0 based on whether a is less than, equal to, or 150 * greater than b 151 */ 152 int x509_name_compare(struct x509_name *a, struct x509_name *b) 153 { 154 int res; 155 156 if (!a && b) 157 return -1; 158 if (a && !b) 159 return 1; 160 if (!a && !b) 161 return 0; 162 163 res = x509_str_compare(a->cn, b->cn); 164 if (res) 165 return res; 166 res = x509_str_compare(a->c, b->c); 167 if (res) 168 return res; 169 res = x509_str_compare(a->l, b->l); 170 if (res) 171 return res; 172 res = x509_str_compare(a->st, b->st); 173 if (res) 174 return res; 175 res = x509_str_compare(a->o, b->o); 176 if (res) 177 return res; 178 res = x509_str_compare(a->ou, b->ou); 179 if (res) 180 return res; 181 res = x509_str_compare(a->email, b->email); 182 if (res) 183 return res; 184 185 return 0; 186 } 187 188 189 static int x509_parse_algorithm_identifier( 190 const u8 *buf, size_t len, 191 struct x509_algorithm_identifier *id, const u8 **next) 192 { 193 struct asn1_hdr hdr; 194 const u8 *pos, *end; 195 196 /* 197 * AlgorithmIdentifier ::= SEQUENCE { 198 * algorithm OBJECT IDENTIFIER, 199 * parameters ANY DEFINED BY algorithm OPTIONAL 200 * } 201 */ 202 203 if (asn1_get_next(buf, len, &hdr) < 0 || 204 hdr.class != ASN1_CLASS_UNIVERSAL || 205 hdr.tag != ASN1_TAG_SEQUENCE) { 206 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 207 "(AlgorithmIdentifier) - found class %d tag 0x%x", 208 hdr.class, hdr.tag); 209 return -1; 210 } 211 pos = hdr.payload; 212 end = pos + hdr.length; 213 214 if (end > buf + len) 215 return -1; 216 217 *next = end; 218 219 if (asn1_get_oid(pos, end - pos, &id->oid, &pos)) 220 return -1; 221 222 /* TODO: optional parameters */ 223 224 return 0; 225 } 226 227 228 static int x509_parse_public_key(const u8 *buf, size_t len, 229 struct x509_certificate *cert, 230 const u8 **next) 231 { 232 struct asn1_hdr hdr; 233 const u8 *pos, *end; 234 235 /* 236 * SubjectPublicKeyInfo ::= SEQUENCE { 237 * algorithm AlgorithmIdentifier, 238 * subjectPublicKey BIT STRING 239 * } 240 */ 241 242 pos = buf; 243 end = buf + len; 244 245 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 246 hdr.class != ASN1_CLASS_UNIVERSAL || 247 hdr.tag != ASN1_TAG_SEQUENCE) { 248 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 249 "(SubjectPublicKeyInfo) - found class %d tag 0x%x", 250 hdr.class, hdr.tag); 251 return -1; 252 } 253 pos = hdr.payload; 254 255 if (pos + hdr.length > end) 256 return -1; 257 end = pos + hdr.length; 258 *next = end; 259 260 if (x509_parse_algorithm_identifier(pos, end - pos, 261 &cert->public_key_alg, &pos)) 262 return -1; 263 264 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 265 hdr.class != ASN1_CLASS_UNIVERSAL || 266 hdr.tag != ASN1_TAG_BITSTRING) { 267 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING " 268 "(subjectPublicKey) - found class %d tag 0x%x", 269 hdr.class, hdr.tag); 270 return -1; 271 } 272 if (hdr.length < 1) 273 return -1; 274 pos = hdr.payload; 275 if (*pos) { 276 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits", 277 *pos); 278 /* 279 * TODO: should this be rejected? X.509 certificates are 280 * unlikely to use such a construction. Now we would end up 281 * including the extra bits in the buffer which may also be 282 * ok. 283 */ 284 } 285 os_free(cert->public_key); 286 cert->public_key = os_malloc(hdr.length - 1); 287 if (cert->public_key == NULL) { 288 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " 289 "public key"); 290 return -1; 291 } 292 os_memcpy(cert->public_key, pos + 1, hdr.length - 1); 293 cert->public_key_len = hdr.length - 1; 294 wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey", 295 cert->public_key, cert->public_key_len); 296 297 return 0; 298 } 299 300 301 static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name, 302 const u8 **next) 303 { 304 struct asn1_hdr hdr; 305 const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end; 306 struct asn1_oid oid; 307 char **fieldp; 308 309 /* 310 * Name ::= CHOICE { RDNSequence } 311 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 312 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 313 * AttributeTypeAndValue ::= SEQUENCE { 314 * type AttributeType, 315 * value AttributeValue 316 * } 317 * AttributeType ::= OBJECT IDENTIFIER 318 * AttributeValue ::= ANY DEFINED BY AttributeType 319 */ 320 321 if (asn1_get_next(buf, len, &hdr) < 0 || 322 hdr.class != ASN1_CLASS_UNIVERSAL || 323 hdr.tag != ASN1_TAG_SEQUENCE) { 324 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 325 "(Name / RDNSequencer) - found class %d tag 0x%x", 326 hdr.class, hdr.tag); 327 return -1; 328 } 329 pos = hdr.payload; 330 331 if (pos + hdr.length > buf + len) 332 return -1; 333 334 end = *next = pos + hdr.length; 335 336 while (pos < end) { 337 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 338 hdr.class != ASN1_CLASS_UNIVERSAL || 339 hdr.tag != ASN1_TAG_SET) { 340 wpa_printf(MSG_DEBUG, "X509: Expected SET " 341 "(RelativeDistinguishedName) - found class " 342 "%d tag 0x%x", hdr.class, hdr.tag); 343 x509_free_name(name); 344 return -1; 345 } 346 347 set_pos = hdr.payload; 348 pos = set_end = hdr.payload + hdr.length; 349 350 if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 || 351 hdr.class != ASN1_CLASS_UNIVERSAL || 352 hdr.tag != ASN1_TAG_SEQUENCE) { 353 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 354 "(AttributeTypeAndValue) - found class %d " 355 "tag 0x%x", hdr.class, hdr.tag); 356 x509_free_name(name); 357 return -1; 358 } 359 360 seq_pos = hdr.payload; 361 seq_end = hdr.payload + hdr.length; 362 363 if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) { 364 x509_free_name(name); 365 return -1; 366 } 367 368 if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 || 369 hdr.class != ASN1_CLASS_UNIVERSAL) { 370 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 371 "AttributeValue"); 372 x509_free_name(name); 373 return -1; 374 } 375 376 /* RFC 3280: 377 * MUST: country, organization, organizational-unit, 378 * distinguished name qualifier, state or province name, 379 * common name, serial number. 380 * SHOULD: locality, title, surname, given name, initials, 381 * pseudonym, generation qualifier. 382 * MUST: domainComponent (RFC 2247). 383 */ 384 fieldp = NULL; 385 if (oid.len == 4 && 386 oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) { 387 /* id-at ::= 2.5.4 */ 388 switch (oid.oid[3]) { 389 case 3: 390 /* commonName */ 391 fieldp = &name->cn; 392 break; 393 case 6: 394 /* countryName */ 395 fieldp = &name->c; 396 break; 397 case 7: 398 /* localityName */ 399 fieldp = &name->l; 400 break; 401 case 8: 402 /* stateOrProvinceName */ 403 fieldp = &name->st; 404 break; 405 case 10: 406 /* organizationName */ 407 fieldp = &name->o; 408 break; 409 case 11: 410 /* organizationalUnitName */ 411 fieldp = &name->ou; 412 break; 413 } 414 } else if (oid.len == 7 && 415 oid.oid[0] == 1 && oid.oid[1] == 2 && 416 oid.oid[2] == 840 && oid.oid[3] == 113549 && 417 oid.oid[4] == 1 && oid.oid[5] == 9 && 418 oid.oid[6] == 1) { 419 /* 1.2.840.113549.1.9.1 - e-mailAddress */ 420 fieldp = &name->email; 421 } 422 423 if (fieldp == NULL) { 424 wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID", 425 (u8 *) oid.oid, 426 oid.len * sizeof(oid.oid[0])); 427 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data", 428 hdr.payload, hdr.length); 429 continue; 430 } 431 432 os_free(*fieldp); 433 *fieldp = os_malloc(hdr.length + 1); 434 if (*fieldp == NULL) { 435 x509_free_name(name); 436 return -1; 437 } 438 os_memcpy(*fieldp, hdr.payload, hdr.length); 439 (*fieldp)[hdr.length] = '\0'; 440 if (os_strlen(*fieldp) != hdr.length) { 441 wpa_printf(MSG_INFO, "X509: Reject certificate with " 442 "embedded NUL byte in a string (%s[NUL])", 443 *fieldp); 444 x509_free_name(name); 445 return -1; 446 } 447 } 448 449 return 0; 450 } 451 452 453 /** 454 * x509_name_string - Convert an X.509 certificate name into a string 455 * @name: Name to convert 456 * @buf: Buffer for the string 457 * @len: Maximum buffer length 458 */ 459 void x509_name_string(struct x509_name *name, char *buf, size_t len) 460 { 461 char *pos, *end; 462 int ret; 463 464 if (len == 0) 465 return; 466 467 pos = buf; 468 end = buf + len; 469 470 if (name->c) { 471 ret = os_snprintf(pos, end - pos, "C=%s, ", name->c); 472 if (ret < 0 || ret >= end - pos) 473 goto done; 474 pos += ret; 475 } 476 if (name->st) { 477 ret = os_snprintf(pos, end - pos, "ST=%s, ", name->st); 478 if (ret < 0 || ret >= end - pos) 479 goto done; 480 pos += ret; 481 } 482 if (name->l) { 483 ret = os_snprintf(pos, end - pos, "L=%s, ", name->l); 484 if (ret < 0 || ret >= end - pos) 485 goto done; 486 pos += ret; 487 } 488 if (name->o) { 489 ret = os_snprintf(pos, end - pos, "O=%s, ", name->o); 490 if (ret < 0 || ret >= end - pos) 491 goto done; 492 pos += ret; 493 } 494 if (name->ou) { 495 ret = os_snprintf(pos, end - pos, "OU=%s, ", name->ou); 496 if (ret < 0 || ret >= end - pos) 497 goto done; 498 pos += ret; 499 } 500 if (name->cn) { 501 ret = os_snprintf(pos, end - pos, "CN=%s, ", name->cn); 502 if (ret < 0 || ret >= end - pos) 503 goto done; 504 pos += ret; 505 } 506 507 if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') { 508 *pos-- = '\0'; 509 *pos-- = '\0'; 510 } 511 512 if (name->email) { 513 ret = os_snprintf(pos, end - pos, "/emailAddress=%s", 514 name->email); 515 if (ret < 0 || ret >= end - pos) 516 goto done; 517 pos += ret; 518 } 519 520 done: 521 end[-1] = '\0'; 522 } 523 524 525 static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, 526 os_time_t *val) 527 { 528 const char *pos; 529 int year, month, day, hour, min, sec; 530 531 /* 532 * Time ::= CHOICE { 533 * utcTime UTCTime, 534 * generalTime GeneralizedTime 535 * } 536 * 537 * UTCTime: YYMMDDHHMMSSZ 538 * GeneralizedTime: YYYYMMDDHHMMSSZ 539 */ 540 541 pos = (const char *) buf; 542 543 switch (asn1_tag) { 544 case ASN1_TAG_UTCTIME: 545 if (len != 13 || buf[12] != 'Z') { 546 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized " 547 "UTCTime format", buf, len); 548 return -1; 549 } 550 if (sscanf(pos, "%02d", &year) != 1) { 551 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse " 552 "UTCTime year", buf, len); 553 return -1; 554 } 555 if (year < 50) 556 year += 2000; 557 else 558 year += 1900; 559 pos += 2; 560 break; 561 case ASN1_TAG_GENERALIZEDTIME: 562 if (len != 15 || buf[14] != 'Z') { 563 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized " 564 "GeneralizedTime format", buf, len); 565 return -1; 566 } 567 if (sscanf(pos, "%04d", &year) != 1) { 568 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse " 569 "GeneralizedTime year", buf, len); 570 return -1; 571 } 572 pos += 4; 573 break; 574 default: 575 wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or " 576 "GeneralizedTime - found tag 0x%x", asn1_tag); 577 return -1; 578 } 579 580 if (sscanf(pos, "%02d", &month) != 1) { 581 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 582 "(month)", buf, len); 583 return -1; 584 } 585 pos += 2; 586 587 if (sscanf(pos, "%02d", &day) != 1) { 588 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 589 "(day)", buf, len); 590 return -1; 591 } 592 pos += 2; 593 594 if (sscanf(pos, "%02d", &hour) != 1) { 595 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 596 "(hour)", buf, len); 597 return -1; 598 } 599 pos += 2; 600 601 if (sscanf(pos, "%02d", &min) != 1) { 602 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 603 "(min)", buf, len); 604 return -1; 605 } 606 pos += 2; 607 608 if (sscanf(pos, "%02d", &sec) != 1) { 609 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 610 "(sec)", buf, len); 611 return -1; 612 } 613 614 if (os_mktime(year, month, day, hour, min, sec, val) < 0) { 615 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time", 616 buf, len); 617 if (year < 1970) { 618 /* 619 * At least some test certificates have been configured 620 * to use dates prior to 1970. Set the date to 621 * beginning of 1970 to handle these case. 622 */ 623 wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - " 624 "assume epoch as the time", year); 625 *val = 0; 626 return 0; 627 } 628 return -1; 629 } 630 631 return 0; 632 } 633 634 635 static int x509_parse_validity(const u8 *buf, size_t len, 636 struct x509_certificate *cert, const u8 **next) 637 { 638 struct asn1_hdr hdr; 639 const u8 *pos; 640 size_t plen; 641 642 /* 643 * Validity ::= SEQUENCE { 644 * notBefore Time, 645 * notAfter Time 646 * } 647 * 648 * RFC 3280, 4.1.2.5: 649 * CAs conforming to this profile MUST always encode certificate 650 * validity dates through the year 2049 as UTCTime; certificate 651 * validity dates in 2050 or later MUST be encoded as GeneralizedTime. 652 */ 653 654 if (asn1_get_next(buf, len, &hdr) < 0 || 655 hdr.class != ASN1_CLASS_UNIVERSAL || 656 hdr.tag != ASN1_TAG_SEQUENCE) { 657 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 658 "(Validity) - found class %d tag 0x%x", 659 hdr.class, hdr.tag); 660 return -1; 661 } 662 pos = hdr.payload; 663 plen = hdr.length; 664 665 if (pos + plen > buf + len) 666 return -1; 667 668 *next = pos + plen; 669 670 if (asn1_get_next(pos, plen, &hdr) < 0 || 671 hdr.class != ASN1_CLASS_UNIVERSAL || 672 x509_parse_time(hdr.payload, hdr.length, hdr.tag, 673 &cert->not_before) < 0) { 674 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore " 675 "Time", hdr.payload, hdr.length); 676 return -1; 677 } 678 679 pos = hdr.payload + hdr.length; 680 plen = *next - pos; 681 682 if (asn1_get_next(pos, plen, &hdr) < 0 || 683 hdr.class != ASN1_CLASS_UNIVERSAL || 684 x509_parse_time(hdr.payload, hdr.length, hdr.tag, 685 &cert->not_after) < 0) { 686 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter " 687 "Time", hdr.payload, hdr.length); 688 return -1; 689 } 690 691 wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu", 692 (unsigned long) cert->not_before, 693 (unsigned long) cert->not_after); 694 695 return 0; 696 } 697 698 699 static int x509_id_ce_oid(struct asn1_oid *oid) 700 { 701 /* id-ce arc from X.509 for standard X.509v3 extensions */ 702 return oid->len >= 4 && 703 oid->oid[0] == 2 /* joint-iso-ccitt */ && 704 oid->oid[1] == 5 /* ds */ && 705 oid->oid[2] == 29 /* id-ce */; 706 } 707 708 709 static int x509_parse_ext_key_usage(struct x509_certificate *cert, 710 const u8 *pos, size_t len) 711 { 712 struct asn1_hdr hdr; 713 714 /* 715 * KeyUsage ::= BIT STRING { 716 * digitalSignature (0), 717 * nonRepudiation (1), 718 * keyEncipherment (2), 719 * dataEncipherment (3), 720 * keyAgreement (4), 721 * keyCertSign (5), 722 * cRLSign (6), 723 * encipherOnly (7), 724 * decipherOnly (8) } 725 */ 726 727 if (asn1_get_next(pos, len, &hdr) < 0 || 728 hdr.class != ASN1_CLASS_UNIVERSAL || 729 hdr.tag != ASN1_TAG_BITSTRING || 730 hdr.length < 1) { 731 wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in " 732 "KeyUsage; found %d tag 0x%x len %d", 733 hdr.class, hdr.tag, hdr.length); 734 return -1; 735 } 736 737 cert->extensions_present |= X509_EXT_KEY_USAGE; 738 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length); 739 740 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage); 741 742 return 0; 743 } 744 745 746 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert, 747 const u8 *pos, size_t len) 748 { 749 struct asn1_hdr hdr; 750 unsigned long value; 751 size_t left; 752 753 /* 754 * BasicConstraints ::= SEQUENCE { 755 * cA BOOLEAN DEFAULT FALSE, 756 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 757 */ 758 759 if (asn1_get_next(pos, len, &hdr) < 0 || 760 hdr.class != ASN1_CLASS_UNIVERSAL || 761 hdr.tag != ASN1_TAG_SEQUENCE) { 762 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 763 "BasicConstraints; found %d tag 0x%x", 764 hdr.class, hdr.tag); 765 return -1; 766 } 767 768 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS; 769 770 if (hdr.length == 0) 771 return 0; 772 773 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 || 774 hdr.class != ASN1_CLASS_UNIVERSAL) { 775 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 776 "BasicConstraints"); 777 return -1; 778 } 779 780 if (hdr.tag == ASN1_TAG_BOOLEAN) { 781 if (hdr.length != 1) { 782 wpa_printf(MSG_DEBUG, "X509: Unexpected " 783 "Boolean length (%u) in BasicConstraints", 784 hdr.length); 785 return -1; 786 } 787 cert->ca = hdr.payload[0]; 788 789 if (hdr.payload + hdr.length == pos + len) { 790 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d", 791 cert->ca); 792 return 0; 793 } 794 795 if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length, 796 &hdr) < 0 || 797 hdr.class != ASN1_CLASS_UNIVERSAL) { 798 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 799 "BasicConstraints"); 800 return -1; 801 } 802 } 803 804 if (hdr.tag != ASN1_TAG_INTEGER) { 805 wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in " 806 "BasicConstraints; found class %d tag 0x%x", 807 hdr.class, hdr.tag); 808 return -1; 809 } 810 811 pos = hdr.payload; 812 left = hdr.length; 813 value = 0; 814 while (left) { 815 value <<= 8; 816 value |= *pos++; 817 left--; 818 } 819 820 cert->path_len_constraint = value; 821 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT; 822 823 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d " 824 "pathLenConstraint=%lu", 825 cert->ca, cert->path_len_constraint); 826 827 return 0; 828 } 829 830 831 static int x509_parse_alt_name_rfc8222(struct x509_name *name, 832 const u8 *pos, size_t len) 833 { 834 /* rfc822Name IA5String */ 835 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len); 836 os_free(name->alt_email); 837 name->alt_email = os_zalloc(len + 1); 838 if (name->alt_email == NULL) 839 return -1; 840 os_memcpy(name->alt_email, pos, len); 841 if (os_strlen(name->alt_email) != len) { 842 wpa_printf(MSG_INFO, "X509: Reject certificate with " 843 "embedded NUL byte in rfc822Name (%s[NUL])", 844 name->alt_email); 845 os_free(name->alt_email); 846 name->alt_email = NULL; 847 return -1; 848 } 849 return 0; 850 } 851 852 853 static int x509_parse_alt_name_dns(struct x509_name *name, 854 const u8 *pos, size_t len) 855 { 856 /* dNSName IA5String */ 857 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len); 858 os_free(name->dns); 859 name->dns = os_zalloc(len + 1); 860 if (name->dns == NULL) 861 return -1; 862 os_memcpy(name->dns, pos, len); 863 if (os_strlen(name->dns) != len) { 864 wpa_printf(MSG_INFO, "X509: Reject certificate with " 865 "embedded NUL byte in dNSName (%s[NUL])", 866 name->dns); 867 os_free(name->dns); 868 name->dns = NULL; 869 return -1; 870 } 871 return 0; 872 } 873 874 875 static int x509_parse_alt_name_uri(struct x509_name *name, 876 const u8 *pos, size_t len) 877 { 878 /* uniformResourceIdentifier IA5String */ 879 wpa_hexdump_ascii(MSG_MSGDUMP, 880 "X509: altName - uniformResourceIdentifier", 881 pos, len); 882 os_free(name->uri); 883 name->uri = os_zalloc(len + 1); 884 if (name->uri == NULL) 885 return -1; 886 os_memcpy(name->uri, pos, len); 887 if (os_strlen(name->uri) != len) { 888 wpa_printf(MSG_INFO, "X509: Reject certificate with " 889 "embedded NUL byte in uniformResourceIdentifier " 890 "(%s[NUL])", name->uri); 891 os_free(name->uri); 892 name->uri = NULL; 893 return -1; 894 } 895 return 0; 896 } 897 898 899 static int x509_parse_alt_name_ip(struct x509_name *name, 900 const u8 *pos, size_t len) 901 { 902 /* iPAddress OCTET STRING */ 903 wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len); 904 os_free(name->ip); 905 name->ip = os_malloc(len); 906 if (name->ip == NULL) 907 return -1; 908 os_memcpy(name->ip, pos, len); 909 name->ip_len = len; 910 return 0; 911 } 912 913 914 static int x509_parse_alt_name_rid(struct x509_name *name, 915 const u8 *pos, size_t len) 916 { 917 char buf[80]; 918 919 /* registeredID OBJECT IDENTIFIER */ 920 if (asn1_parse_oid(pos, len, &name->rid) < 0) 921 return -1; 922 923 asn1_oid_to_str(&name->rid, buf, sizeof(buf)); 924 wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf); 925 926 return 0; 927 } 928 929 930 static int x509_parse_ext_alt_name(struct x509_name *name, 931 const u8 *pos, size_t len) 932 { 933 struct asn1_hdr hdr; 934 const u8 *p, *end; 935 936 /* 937 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 938 * 939 * GeneralName ::= CHOICE { 940 * otherName [0] OtherName, 941 * rfc822Name [1] IA5String, 942 * dNSName [2] IA5String, 943 * x400Address [3] ORAddress, 944 * directoryName [4] Name, 945 * ediPartyName [5] EDIPartyName, 946 * uniformResourceIdentifier [6] IA5String, 947 * iPAddress [7] OCTET STRING, 948 * registeredID [8] OBJECT IDENTIFIER } 949 * 950 * OtherName ::= SEQUENCE { 951 * type-id OBJECT IDENTIFIER, 952 * value [0] EXPLICIT ANY DEFINED BY type-id } 953 * 954 * EDIPartyName ::= SEQUENCE { 955 * nameAssigner [0] DirectoryString OPTIONAL, 956 * partyName [1] DirectoryString } 957 */ 958 959 for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) { 960 int res; 961 962 if (asn1_get_next(p, end - p, &hdr) < 0) { 963 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 964 "SubjectAltName item"); 965 return -1; 966 } 967 968 if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) 969 continue; 970 971 switch (hdr.tag) { 972 case 1: 973 res = x509_parse_alt_name_rfc8222(name, hdr.payload, 974 hdr.length); 975 break; 976 case 2: 977 res = x509_parse_alt_name_dns(name, hdr.payload, 978 hdr.length); 979 break; 980 case 6: 981 res = x509_parse_alt_name_uri(name, hdr.payload, 982 hdr.length); 983 break; 984 case 7: 985 res = x509_parse_alt_name_ip(name, hdr.payload, 986 hdr.length); 987 break; 988 case 8: 989 res = x509_parse_alt_name_rid(name, hdr.payload, 990 hdr.length); 991 break; 992 case 0: /* TODO: otherName */ 993 case 3: /* TODO: x500Address */ 994 case 4: /* TODO: directoryName */ 995 case 5: /* TODO: ediPartyName */ 996 default: 997 res = 0; 998 break; 999 } 1000 if (res < 0) 1001 return res; 1002 } 1003 1004 return 0; 1005 } 1006 1007 1008 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert, 1009 const u8 *pos, size_t len) 1010 { 1011 struct asn1_hdr hdr; 1012 1013 /* SubjectAltName ::= GeneralNames */ 1014 1015 if (asn1_get_next(pos, len, &hdr) < 0 || 1016 hdr.class != ASN1_CLASS_UNIVERSAL || 1017 hdr.tag != ASN1_TAG_SEQUENCE) { 1018 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 1019 "SubjectAltName; found %d tag 0x%x", 1020 hdr.class, hdr.tag); 1021 return -1; 1022 } 1023 1024 wpa_printf(MSG_DEBUG, "X509: SubjectAltName"); 1025 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME; 1026 1027 if (hdr.length == 0) 1028 return 0; 1029 1030 return x509_parse_ext_alt_name(&cert->subject, hdr.payload, 1031 hdr.length); 1032 } 1033 1034 1035 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert, 1036 const u8 *pos, size_t len) 1037 { 1038 struct asn1_hdr hdr; 1039 1040 /* IssuerAltName ::= GeneralNames */ 1041 1042 if (asn1_get_next(pos, len, &hdr) < 0 || 1043 hdr.class != ASN1_CLASS_UNIVERSAL || 1044 hdr.tag != ASN1_TAG_SEQUENCE) { 1045 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 1046 "IssuerAltName; found %d tag 0x%x", 1047 hdr.class, hdr.tag); 1048 return -1; 1049 } 1050 1051 wpa_printf(MSG_DEBUG, "X509: IssuerAltName"); 1052 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME; 1053 1054 if (hdr.length == 0) 1055 return 0; 1056 1057 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload, 1058 hdr.length); 1059 } 1060 1061 1062 static int x509_parse_extension_data(struct x509_certificate *cert, 1063 struct asn1_oid *oid, 1064 const u8 *pos, size_t len) 1065 { 1066 if (!x509_id_ce_oid(oid)) 1067 return 1; 1068 1069 /* TODO: add other extensions required by RFC 3280, Ch 4.2: 1070 * certificate policies (section 4.2.1.5) 1071 * name constraints (section 4.2.1.11) 1072 * policy constraints (section 4.2.1.12) 1073 * extended key usage (section 4.2.1.13) 1074 * inhibit any-policy (section 4.2.1.15) 1075 */ 1076 switch (oid->oid[3]) { 1077 case 15: /* id-ce-keyUsage */ 1078 return x509_parse_ext_key_usage(cert, pos, len); 1079 case 17: /* id-ce-subjectAltName */ 1080 return x509_parse_ext_subject_alt_name(cert, pos, len); 1081 case 18: /* id-ce-issuerAltName */ 1082 return x509_parse_ext_issuer_alt_name(cert, pos, len); 1083 case 19: /* id-ce-basicConstraints */ 1084 return x509_parse_ext_basic_constraints(cert, pos, len); 1085 default: 1086 return 1; 1087 } 1088 } 1089 1090 1091 static int x509_parse_extension(struct x509_certificate *cert, 1092 const u8 *pos, size_t len, const u8 **next) 1093 { 1094 const u8 *end; 1095 struct asn1_hdr hdr; 1096 struct asn1_oid oid; 1097 int critical_ext = 0, res; 1098 char buf[80]; 1099 1100 /* 1101 * Extension ::= SEQUENCE { 1102 * extnID OBJECT IDENTIFIER, 1103 * critical BOOLEAN DEFAULT FALSE, 1104 * extnValue OCTET STRING 1105 * } 1106 */ 1107 1108 if (asn1_get_next(pos, len, &hdr) < 0 || 1109 hdr.class != ASN1_CLASS_UNIVERSAL || 1110 hdr.tag != ASN1_TAG_SEQUENCE) { 1111 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in " 1112 "Extensions: class %d tag 0x%x; expected SEQUENCE", 1113 hdr.class, hdr.tag); 1114 return -1; 1115 } 1116 pos = hdr.payload; 1117 *next = end = pos + hdr.length; 1118 1119 if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) { 1120 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for " 1121 "Extension (expected OID)"); 1122 return -1; 1123 } 1124 1125 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1126 hdr.class != ASN1_CLASS_UNIVERSAL || 1127 (hdr.tag != ASN1_TAG_BOOLEAN && 1128 hdr.tag != ASN1_TAG_OCTETSTRING)) { 1129 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in " 1130 "Extensions: class %d tag 0x%x; expected BOOLEAN " 1131 "or OCTET STRING", hdr.class, hdr.tag); 1132 return -1; 1133 } 1134 1135 if (hdr.tag == ASN1_TAG_BOOLEAN) { 1136 if (hdr.length != 1) { 1137 wpa_printf(MSG_DEBUG, "X509: Unexpected " 1138 "Boolean length (%u)", hdr.length); 1139 return -1; 1140 } 1141 critical_ext = hdr.payload[0]; 1142 pos = hdr.payload; 1143 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1144 (hdr.class != ASN1_CLASS_UNIVERSAL && 1145 hdr.class != ASN1_CLASS_PRIVATE) || 1146 hdr.tag != ASN1_TAG_OCTETSTRING) { 1147 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header " 1148 "in Extensions: class %d tag 0x%x; " 1149 "expected OCTET STRING", 1150 hdr.class, hdr.tag); 1151 return -1; 1152 } 1153 } 1154 1155 asn1_oid_to_str(&oid, buf, sizeof(buf)); 1156 wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d", 1157 buf, critical_ext); 1158 wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length); 1159 1160 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length); 1161 if (res < 0) 1162 return res; 1163 if (res == 1 && critical_ext) { 1164 wpa_printf(MSG_INFO, "X509: Unknown critical extension %s", 1165 buf); 1166 return -1; 1167 } 1168 1169 return 0; 1170 } 1171 1172 1173 static int x509_parse_extensions(struct x509_certificate *cert, 1174 const u8 *pos, size_t len) 1175 { 1176 const u8 *end; 1177 struct asn1_hdr hdr; 1178 1179 /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ 1180 1181 if (asn1_get_next(pos, len, &hdr) < 0 || 1182 hdr.class != ASN1_CLASS_UNIVERSAL || 1183 hdr.tag != ASN1_TAG_SEQUENCE) { 1184 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data " 1185 "for Extensions: class %d tag 0x%x; " 1186 "expected SEQUENCE", hdr.class, hdr.tag); 1187 return -1; 1188 } 1189 1190 pos = hdr.payload; 1191 end = pos + hdr.length; 1192 1193 while (pos < end) { 1194 if (x509_parse_extension(cert, pos, end - pos, &pos) 1195 < 0) 1196 return -1; 1197 } 1198 1199 return 0; 1200 } 1201 1202 1203 static int x509_parse_tbs_certificate(const u8 *buf, size_t len, 1204 struct x509_certificate *cert, 1205 const u8 **next) 1206 { 1207 struct asn1_hdr hdr; 1208 const u8 *pos, *end; 1209 size_t left; 1210 char sbuf[128]; 1211 unsigned long value; 1212 1213 /* tbsCertificate TBSCertificate ::= SEQUENCE */ 1214 if (asn1_get_next(buf, len, &hdr) < 0 || 1215 hdr.class != ASN1_CLASS_UNIVERSAL || 1216 hdr.tag != ASN1_TAG_SEQUENCE) { 1217 wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start " 1218 "with a valid SEQUENCE - found class %d tag 0x%x", 1219 hdr.class, hdr.tag); 1220 return -1; 1221 } 1222 pos = hdr.payload; 1223 end = *next = pos + hdr.length; 1224 1225 /* 1226 * version [0] EXPLICIT Version DEFAULT v1 1227 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 1228 */ 1229 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1230 return -1; 1231 pos = hdr.payload; 1232 1233 if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) { 1234 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1235 return -1; 1236 1237 if (hdr.class != ASN1_CLASS_UNIVERSAL || 1238 hdr.tag != ASN1_TAG_INTEGER) { 1239 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for " 1240 "version field - found class %d tag 0x%x", 1241 hdr.class, hdr.tag); 1242 return -1; 1243 } 1244 if (hdr.length != 1) { 1245 wpa_printf(MSG_DEBUG, "X509: Unexpected version field " 1246 "length %u (expected 1)", hdr.length); 1247 return -1; 1248 } 1249 pos = hdr.payload; 1250 left = hdr.length; 1251 value = 0; 1252 while (left) { 1253 value <<= 8; 1254 value |= *pos++; 1255 left--; 1256 } 1257 1258 cert->version = value; 1259 if (cert->version != X509_CERT_V1 && 1260 cert->version != X509_CERT_V2 && 1261 cert->version != X509_CERT_V3) { 1262 wpa_printf(MSG_DEBUG, "X509: Unsupported version %d", 1263 cert->version + 1); 1264 return -1; 1265 } 1266 1267 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1268 return -1; 1269 } else 1270 cert->version = X509_CERT_V1; 1271 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1); 1272 1273 /* serialNumber CertificateSerialNumber ::= INTEGER */ 1274 if (hdr.class != ASN1_CLASS_UNIVERSAL || 1275 hdr.tag != ASN1_TAG_INTEGER) { 1276 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for " 1277 "serialNumber; class=%d tag=0x%x", 1278 hdr.class, hdr.tag); 1279 return -1; 1280 } 1281 1282 pos = hdr.payload; 1283 left = hdr.length; 1284 while (left) { 1285 cert->serial_number <<= 8; 1286 cert->serial_number |= *pos++; 1287 left--; 1288 } 1289 wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number); 1290 1291 /* signature AlgorithmIdentifier */ 1292 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature, 1293 &pos)) 1294 return -1; 1295 1296 /* issuer Name */ 1297 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos)) 1298 return -1; 1299 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf)); 1300 wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf); 1301 1302 /* validity Validity */ 1303 if (x509_parse_validity(pos, end - pos, cert, &pos)) 1304 return -1; 1305 1306 /* subject Name */ 1307 if (x509_parse_name(pos, end - pos, &cert->subject, &pos)) 1308 return -1; 1309 x509_name_string(&cert->subject, sbuf, sizeof(sbuf)); 1310 wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf); 1311 1312 /* subjectPublicKeyInfo SubjectPublicKeyInfo */ 1313 if (x509_parse_public_key(pos, end - pos, cert, &pos)) 1314 return -1; 1315 1316 if (pos == end) 1317 return 0; 1318 1319 if (cert->version == X509_CERT_V1) 1320 return 0; 1321 1322 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1323 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1324 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1325 " tag to parse optional tbsCertificate " 1326 "field(s); parsed class %d tag 0x%x", 1327 hdr.class, hdr.tag); 1328 return -1; 1329 } 1330 1331 if (hdr.tag == 1) { 1332 /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */ 1333 wpa_printf(MSG_DEBUG, "X509: issuerUniqueID"); 1334 /* TODO: parse UniqueIdentifier ::= BIT STRING */ 1335 1336 if (hdr.payload + hdr.length == end) 1337 return 0; 1338 1339 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1340 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1341 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1342 " tag to parse optional tbsCertificate " 1343 "field(s); parsed class %d tag 0x%x", 1344 hdr.class, hdr.tag); 1345 return -1; 1346 } 1347 } 1348 1349 if (hdr.tag == 2) { 1350 /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */ 1351 wpa_printf(MSG_DEBUG, "X509: subjectUniqueID"); 1352 /* TODO: parse UniqueIdentifier ::= BIT STRING */ 1353 1354 if (hdr.payload + hdr.length == end) 1355 return 0; 1356 1357 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1358 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1359 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1360 " tag to parse optional tbsCertificate " 1361 "field(s); parsed class %d tag 0x%x", 1362 hdr.class, hdr.tag); 1363 return -1; 1364 } 1365 } 1366 1367 if (hdr.tag != 3) { 1368 wpa_printf(MSG_DEBUG, "X509: Ignored unexpected " 1369 "Context-Specific tag %d in optional " 1370 "tbsCertificate fields", hdr.tag); 1371 return 0; 1372 } 1373 1374 /* extensions [3] EXPLICIT Extensions OPTIONAL */ 1375 1376 if (cert->version != X509_CERT_V3) { 1377 wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and " 1378 "Extensions data which are only allowed for " 1379 "version 3", cert->version + 1); 1380 return -1; 1381 } 1382 1383 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0) 1384 return -1; 1385 1386 pos = hdr.payload + hdr.length; 1387 if (pos < end) { 1388 wpa_hexdump(MSG_DEBUG, 1389 "X509: Ignored extra tbsCertificate data", 1390 pos, end - pos); 1391 } 1392 1393 return 0; 1394 } 1395 1396 1397 static int x509_rsadsi_oid(struct asn1_oid *oid) 1398 { 1399 return oid->len >= 4 && 1400 oid->oid[0] == 1 /* iso */ && 1401 oid->oid[1] == 2 /* member-body */ && 1402 oid->oid[2] == 840 /* us */ && 1403 oid->oid[3] == 113549 /* rsadsi */; 1404 } 1405 1406 1407 static int x509_pkcs_oid(struct asn1_oid *oid) 1408 { 1409 return oid->len >= 5 && 1410 x509_rsadsi_oid(oid) && 1411 oid->oid[4] == 1 /* pkcs */; 1412 } 1413 1414 1415 static int x509_digest_oid(struct asn1_oid *oid) 1416 { 1417 return oid->len >= 5 && 1418 x509_rsadsi_oid(oid) && 1419 oid->oid[4] == 2 /* digestAlgorithm */; 1420 } 1421 1422 1423 static int x509_sha1_oid(struct asn1_oid *oid) 1424 { 1425 return oid->len == 6 && 1426 oid->oid[0] == 1 /* iso */ && 1427 oid->oid[1] == 3 /* identified-organization */ && 1428 oid->oid[2] == 14 /* oiw */ && 1429 oid->oid[3] == 3 /* secsig */ && 1430 oid->oid[4] == 2 /* algorithms */ && 1431 oid->oid[5] == 26 /* id-sha1 */; 1432 } 1433 1434 1435 static int x509_sha256_oid(struct asn1_oid *oid) 1436 { 1437 return oid->len == 9 && 1438 oid->oid[0] == 2 /* joint-iso-itu-t */ && 1439 oid->oid[1] == 16 /* country */ && 1440 oid->oid[2] == 840 /* us */ && 1441 oid->oid[3] == 1 /* organization */ && 1442 oid->oid[4] == 101 /* gov */ && 1443 oid->oid[5] == 3 /* csor */ && 1444 oid->oid[6] == 4 /* nistAlgorithm */ && 1445 oid->oid[7] == 2 /* hashAlgs */ && 1446 oid->oid[8] == 1 /* sha256 */; 1447 } 1448 1449 1450 /** 1451 * x509_certificate_parse - Parse a X.509 certificate in DER format 1452 * @buf: Pointer to the X.509 certificate in DER format 1453 * @len: Buffer length 1454 * Returns: Pointer to the parsed certificate or %NULL on failure 1455 * 1456 * Caller is responsible for freeing the returned certificate by calling 1457 * x509_certificate_free(). 1458 */ 1459 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len) 1460 { 1461 struct asn1_hdr hdr; 1462 const u8 *pos, *end, *hash_start; 1463 struct x509_certificate *cert; 1464 1465 cert = os_zalloc(sizeof(*cert) + len); 1466 if (cert == NULL) 1467 return NULL; 1468 os_memcpy(cert + 1, buf, len); 1469 cert->cert_start = (u8 *) (cert + 1); 1470 cert->cert_len = len; 1471 1472 pos = buf; 1473 end = buf + len; 1474 1475 /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */ 1476 1477 /* Certificate ::= SEQUENCE */ 1478 if (asn1_get_next(pos, len, &hdr) < 0 || 1479 hdr.class != ASN1_CLASS_UNIVERSAL || 1480 hdr.tag != ASN1_TAG_SEQUENCE) { 1481 wpa_printf(MSG_DEBUG, "X509: Certificate did not start with " 1482 "a valid SEQUENCE - found class %d tag 0x%x", 1483 hdr.class, hdr.tag); 1484 x509_certificate_free(cert); 1485 return NULL; 1486 } 1487 pos = hdr.payload; 1488 1489 if (pos + hdr.length > end) { 1490 x509_certificate_free(cert); 1491 return NULL; 1492 } 1493 1494 if (pos + hdr.length < end) { 1495 wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER " 1496 "encoded certificate", 1497 pos + hdr.length, end - pos + hdr.length); 1498 end = pos + hdr.length; 1499 } 1500 1501 hash_start = pos; 1502 cert->tbs_cert_start = cert->cert_start + (hash_start - buf); 1503 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) { 1504 x509_certificate_free(cert); 1505 return NULL; 1506 } 1507 cert->tbs_cert_len = pos - hash_start; 1508 1509 /* signatureAlgorithm AlgorithmIdentifier */ 1510 if (x509_parse_algorithm_identifier(pos, end - pos, 1511 &cert->signature_alg, &pos)) { 1512 x509_certificate_free(cert); 1513 return NULL; 1514 } 1515 1516 /* signatureValue BIT STRING */ 1517 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1518 hdr.class != ASN1_CLASS_UNIVERSAL || 1519 hdr.tag != ASN1_TAG_BITSTRING) { 1520 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING " 1521 "(signatureValue) - found class %d tag 0x%x", 1522 hdr.class, hdr.tag); 1523 x509_certificate_free(cert); 1524 return NULL; 1525 } 1526 if (hdr.length < 1) { 1527 x509_certificate_free(cert); 1528 return NULL; 1529 } 1530 pos = hdr.payload; 1531 if (*pos) { 1532 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits", 1533 *pos); 1534 /* PKCS #1 v1.5 10.2.1: 1535 * It is an error if the length in bits of the signature S is 1536 * not a multiple of eight. 1537 */ 1538 x509_certificate_free(cert); 1539 return NULL; 1540 } 1541 os_free(cert->sign_value); 1542 cert->sign_value = os_malloc(hdr.length - 1); 1543 if (cert->sign_value == NULL) { 1544 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " 1545 "signatureValue"); 1546 x509_certificate_free(cert); 1547 return NULL; 1548 } 1549 os_memcpy(cert->sign_value, pos + 1, hdr.length - 1); 1550 cert->sign_value_len = hdr.length - 1; 1551 wpa_hexdump(MSG_MSGDUMP, "X509: signature", 1552 cert->sign_value, cert->sign_value_len); 1553 1554 return cert; 1555 } 1556 1557 1558 /** 1559 * x509_certificate_check_signature - Verify certificate signature 1560 * @issuer: Issuer certificate 1561 * @cert: Certificate to be verified 1562 * Returns: 0 if cert has a valid signature that was signed by the issuer, 1563 * -1 if not 1564 */ 1565 int x509_certificate_check_signature(struct x509_certificate *issuer, 1566 struct x509_certificate *cert) 1567 { 1568 struct crypto_public_key *pk; 1569 u8 *data; 1570 const u8 *pos, *end, *next, *da_end; 1571 size_t data_len; 1572 struct asn1_hdr hdr; 1573 struct asn1_oid oid; 1574 u8 hash[32]; 1575 size_t hash_len; 1576 1577 if (!x509_pkcs_oid(&cert->signature.oid) || 1578 cert->signature.oid.len != 7 || 1579 cert->signature.oid.oid[5] != 1 /* pkcs-1 */) { 1580 wpa_printf(MSG_DEBUG, "X509: Unrecognized signature " 1581 "algorithm"); 1582 return -1; 1583 } 1584 1585 pk = crypto_public_key_import(issuer->public_key, 1586 issuer->public_key_len); 1587 if (pk == NULL) 1588 return -1; 1589 1590 data_len = cert->sign_value_len; 1591 data = os_malloc(data_len); 1592 if (data == NULL) { 1593 crypto_public_key_free(pk); 1594 return -1; 1595 } 1596 1597 if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value, 1598 cert->sign_value_len, data, 1599 &data_len) < 0) { 1600 wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature"); 1601 crypto_public_key_free(pk); 1602 os_free(data); 1603 return -1; 1604 } 1605 crypto_public_key_free(pk); 1606 1607 wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len); 1608 1609 /* 1610 * PKCS #1 v1.5, 10.1.2: 1611 * 1612 * DigestInfo ::= SEQUENCE { 1613 * digestAlgorithm DigestAlgorithmIdentifier, 1614 * digest Digest 1615 * } 1616 * 1617 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier 1618 * 1619 * Digest ::= OCTET STRING 1620 * 1621 */ 1622 if (asn1_get_next(data, data_len, &hdr) < 0 || 1623 hdr.class != ASN1_CLASS_UNIVERSAL || 1624 hdr.tag != ASN1_TAG_SEQUENCE) { 1625 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 1626 "(DigestInfo) - found class %d tag 0x%x", 1627 hdr.class, hdr.tag); 1628 os_free(data); 1629 return -1; 1630 } 1631 1632 pos = hdr.payload; 1633 end = pos + hdr.length; 1634 1635 /* 1636 * X.509: 1637 * AlgorithmIdentifier ::= SEQUENCE { 1638 * algorithm OBJECT IDENTIFIER, 1639 * parameters ANY DEFINED BY algorithm OPTIONAL 1640 * } 1641 */ 1642 1643 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1644 hdr.class != ASN1_CLASS_UNIVERSAL || 1645 hdr.tag != ASN1_TAG_SEQUENCE) { 1646 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 1647 "(AlgorithmIdentifier) - found class %d tag 0x%x", 1648 hdr.class, hdr.tag); 1649 os_free(data); 1650 return -1; 1651 } 1652 da_end = hdr.payload + hdr.length; 1653 1654 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { 1655 wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm"); 1656 os_free(data); 1657 return -1; 1658 } 1659 1660 if (x509_sha1_oid(&oid)) { 1661 if (cert->signature.oid.oid[6] != 1662 5 /* sha-1WithRSAEncryption */) { 1663 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 " 1664 "does not match with certificate " 1665 "signatureAlgorithm (%lu)", 1666 cert->signature.oid.oid[6]); 1667 os_free(data); 1668 return -1; 1669 } 1670 goto skip_digest_oid; 1671 } 1672 1673 if (x509_sha256_oid(&oid)) { 1674 if (cert->signature.oid.oid[6] != 1675 11 /* sha2561WithRSAEncryption */) { 1676 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 " 1677 "does not match with certificate " 1678 "signatureAlgorithm (%lu)", 1679 cert->signature.oid.oid[6]); 1680 os_free(data); 1681 return -1; 1682 } 1683 goto skip_digest_oid; 1684 } 1685 1686 if (!x509_digest_oid(&oid)) { 1687 wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm"); 1688 os_free(data); 1689 return -1; 1690 } 1691 switch (oid.oid[5]) { 1692 case 5: /* md5 */ 1693 if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */) 1694 { 1695 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does " 1696 "not match with certificate " 1697 "signatureAlgorithm (%lu)", 1698 cert->signature.oid.oid[6]); 1699 os_free(data); 1700 return -1; 1701 } 1702 break; 1703 case 2: /* md2 */ 1704 case 4: /* md4 */ 1705 default: 1706 wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm " 1707 "(%lu)", oid.oid[5]); 1708 os_free(data); 1709 return -1; 1710 } 1711 1712 skip_digest_oid: 1713 /* Digest ::= OCTET STRING */ 1714 pos = da_end; 1715 end = data + data_len; 1716 1717 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1718 hdr.class != ASN1_CLASS_UNIVERSAL || 1719 hdr.tag != ASN1_TAG_OCTETSTRING) { 1720 wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING " 1721 "(Digest) - found class %d tag 0x%x", 1722 hdr.class, hdr.tag); 1723 os_free(data); 1724 return -1; 1725 } 1726 wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest", 1727 hdr.payload, hdr.length); 1728 1729 switch (cert->signature.oid.oid[6]) { 1730 case 4: /* md5WithRSAEncryption */ 1731 md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len, 1732 hash); 1733 hash_len = 16; 1734 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)", 1735 hash, hash_len); 1736 break; 1737 case 5: /* sha-1WithRSAEncryption */ 1738 sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len, 1739 hash); 1740 hash_len = 20; 1741 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)", 1742 hash, hash_len); 1743 break; 1744 case 11: /* sha256WithRSAEncryption */ 1745 sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len, 1746 hash); 1747 hash_len = 32; 1748 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)", 1749 hash, hash_len); 1750 break; 1751 case 2: /* md2WithRSAEncryption */ 1752 case 12: /* sha384WithRSAEncryption */ 1753 case 13: /* sha512WithRSAEncryption */ 1754 default: 1755 wpa_printf(MSG_INFO, "X509: Unsupported certificate signature " 1756 "algorithm (%lu)", cert->signature.oid.oid[6]); 1757 os_free(data); 1758 return -1; 1759 } 1760 1761 if (hdr.length != hash_len || 1762 os_memcmp(hdr.payload, hash, hdr.length) != 0) { 1763 wpa_printf(MSG_INFO, "X509: Certificate Digest does not match " 1764 "with calculated tbsCertificate hash"); 1765 os_free(data); 1766 return -1; 1767 } 1768 1769 os_free(data); 1770 1771 wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with " 1772 "calculated tbsCertificate hash"); 1773 1774 return 0; 1775 } 1776 1777 1778 static int x509_valid_issuer(const struct x509_certificate *cert) 1779 { 1780 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) && 1781 !cert->ca) { 1782 wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an " 1783 "issuer"); 1784 return -1; 1785 } 1786 1787 if (cert->version == X509_CERT_V3 && 1788 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) { 1789 wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not " 1790 "include BasicConstraints extension"); 1791 return -1; 1792 } 1793 1794 if ((cert->extensions_present & X509_EXT_KEY_USAGE) && 1795 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) { 1796 wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have " 1797 "keyCertSign bit in Key Usage"); 1798 return -1; 1799 } 1800 1801 return 0; 1802 } 1803 1804 1805 /** 1806 * x509_certificate_chain_validate - Validate X.509 certificate chain 1807 * @trusted: List of trusted certificates 1808 * @chain: Certificate chain to be validated (first chain must be issued by 1809 * signed by the second certificate in the chain and so on) 1810 * @reason: Buffer for returning failure reason (X509_VALIDATE_*) 1811 * Returns: 0 if chain is valid, -1 if not 1812 */ 1813 int x509_certificate_chain_validate(struct x509_certificate *trusted, 1814 struct x509_certificate *chain, 1815 int *reason) 1816 { 1817 long unsigned idx; 1818 int chain_trusted = 0; 1819 struct x509_certificate *cert, *trust; 1820 char buf[128]; 1821 struct os_time now; 1822 1823 *reason = X509_VALIDATE_OK; 1824 1825 wpa_printf(MSG_DEBUG, "X509: Validate certificate chain"); 1826 os_get_time(&now); 1827 1828 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) { 1829 x509_name_string(&cert->subject, buf, sizeof(buf)); 1830 wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf); 1831 1832 if (chain_trusted) 1833 continue; 1834 1835 if ((unsigned long) now.sec < 1836 (unsigned long) cert->not_before || 1837 (unsigned long) now.sec > 1838 (unsigned long) cert->not_after) { 1839 wpa_printf(MSG_INFO, "X509: Certificate not valid " 1840 "(now=%lu not_before=%lu not_after=%lu)", 1841 now.sec, cert->not_before, cert->not_after); 1842 *reason = X509_VALIDATE_CERTIFICATE_EXPIRED; 1843 return -1; 1844 } 1845 1846 if (cert->next) { 1847 if (x509_name_compare(&cert->issuer, 1848 &cert->next->subject) != 0) { 1849 wpa_printf(MSG_DEBUG, "X509: Certificate " 1850 "chain issuer name mismatch"); 1851 x509_name_string(&cert->issuer, buf, 1852 sizeof(buf)); 1853 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s", 1854 buf); 1855 x509_name_string(&cert->next->subject, buf, 1856 sizeof(buf)); 1857 wpa_printf(MSG_DEBUG, "X509: next cert " 1858 "subject: %s", buf); 1859 *reason = X509_VALIDATE_CERTIFICATE_UNKNOWN; 1860 return -1; 1861 } 1862 1863 if (x509_valid_issuer(cert->next) < 0) { 1864 *reason = X509_VALIDATE_BAD_CERTIFICATE; 1865 return -1; 1866 } 1867 1868 if ((cert->next->extensions_present & 1869 X509_EXT_PATH_LEN_CONSTRAINT) && 1870 idx > cert->next->path_len_constraint) { 1871 wpa_printf(MSG_DEBUG, "X509: pathLenConstraint" 1872 " not met (idx=%lu issuer " 1873 "pathLenConstraint=%lu)", idx, 1874 cert->next->path_len_constraint); 1875 *reason = X509_VALIDATE_BAD_CERTIFICATE; 1876 return -1; 1877 } 1878 1879 if (x509_certificate_check_signature(cert->next, cert) 1880 < 0) { 1881 wpa_printf(MSG_DEBUG, "X509: Invalid " 1882 "certificate signature within " 1883 "chain"); 1884 *reason = X509_VALIDATE_BAD_CERTIFICATE; 1885 return -1; 1886 } 1887 } 1888 1889 for (trust = trusted; trust; trust = trust->next) { 1890 if (x509_name_compare(&cert->issuer, &trust->subject) 1891 == 0) 1892 break; 1893 } 1894 1895 if (trust) { 1896 wpa_printf(MSG_DEBUG, "X509: Found issuer from the " 1897 "list of trusted certificates"); 1898 if (x509_valid_issuer(trust) < 0) { 1899 *reason = X509_VALIDATE_BAD_CERTIFICATE; 1900 return -1; 1901 } 1902 1903 if (x509_certificate_check_signature(trust, cert) < 0) 1904 { 1905 wpa_printf(MSG_DEBUG, "X509: Invalid " 1906 "certificate signature"); 1907 *reason = X509_VALIDATE_BAD_CERTIFICATE; 1908 return -1; 1909 } 1910 1911 wpa_printf(MSG_DEBUG, "X509: Trusted certificate " 1912 "found to complete the chain"); 1913 chain_trusted = 1; 1914 } 1915 } 1916 1917 if (!chain_trusted) { 1918 wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers " 1919 "from the list of trusted certificates"); 1920 if (trusted) { 1921 *reason = X509_VALIDATE_UNKNOWN_CA; 1922 return -1; 1923 } 1924 wpa_printf(MSG_DEBUG, "X509: Certificate chain validation " 1925 "disabled - ignore unknown CA issue"); 1926 } 1927 1928 wpa_printf(MSG_DEBUG, "X509: Certificate chain valid"); 1929 1930 return 0; 1931 } 1932 1933 1934 /** 1935 * x509_certificate_get_subject - Get a certificate based on Subject name 1936 * @chain: Certificate chain to search through 1937 * @name: Subject name to search for 1938 * Returns: Pointer to the certificate with the given Subject name or 1939 * %NULL on failure 1940 */ 1941 struct x509_certificate * 1942 x509_certificate_get_subject(struct x509_certificate *chain, 1943 struct x509_name *name) 1944 { 1945 struct x509_certificate *cert; 1946 1947 for (cert = chain; cert; cert = cert->next) { 1948 if (x509_name_compare(&cert->subject, name) == 0) 1949 return cert; 1950 } 1951 return NULL; 1952 } 1953 1954 1955 /** 1956 * x509_certificate_self_signed - Is the certificate self-signed? 1957 * @cert: Certificate 1958 * Returns: 1 if certificate is self-signed, 0 if not 1959 */ 1960 int x509_certificate_self_signed(struct x509_certificate *cert) 1961 { 1962 return x509_name_compare(&cert->issuer, &cert->subject) == 0; 1963 } 1964