Home | History | Annotate | Download | only in tls
      1 /*
      2  * X.509v3 certificate parsing and processing (RFC 3280 profile)
      3  * Copyright (c) 2006-2007, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This program is free software; you can redistribute it and/or modify
      6  * it under the terms of the GNU General Public License version 2 as
      7  * published by the Free Software Foundation.
      8  *
      9  * Alternatively, this software may be distributed under the terms of BSD
     10  * license.
     11  *
     12  * See README and COPYING for more details.
     13  */
     14 
     15 #include "includes.h"
     16 
     17 #include "common.h"
     18 
     19 #ifdef CONFIG_INTERNAL_X509
     20 
     21 #include "asn1.h"
     22 #include "crypto.h"
     23 #include "x509v3.h"
     24 
     25 
     26 static void x509_free_name(struct x509_name *name)
     27 {
     28 	os_free(name->cn);
     29 	os_free(name->c);
     30 	os_free(name->l);
     31 	os_free(name->st);
     32 	os_free(name->o);
     33 	os_free(name->ou);
     34 	os_free(name->email);
     35 	name->cn = name->c = name->l = name->st = name->o = name->ou = NULL;
     36 	name->email = NULL;
     37 }
     38 
     39 
     40 /**
     41  * x509_certificate_free - Free an X.509 certificate
     42  * @cert: Certificate to be freed
     43  */
     44 void x509_certificate_free(struct x509_certificate *cert)
     45 {
     46 	if (cert == NULL)
     47 		return;
     48 	if (cert->next) {
     49 		wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
     50 			   "was still on a list (next=%p)\n",
     51 			   cert, cert->next);
     52 	}
     53 	x509_free_name(&cert->issuer);
     54 	x509_free_name(&cert->subject);
     55 	os_free(cert->public_key);
     56 	os_free(cert->sign_value);
     57 	os_free(cert);
     58 }
     59 
     60 
     61 /**
     62  * x509_certificate_free - Free an X.509 certificate chain
     63  * @cert: Pointer to the first certificate in the chain
     64  */
     65 void x509_certificate_chain_free(struct x509_certificate *cert)
     66 {
     67 	struct x509_certificate *next;
     68 
     69 	while (cert) {
     70 		next = cert->next;
     71 		cert->next = NULL;
     72 		x509_certificate_free(cert);
     73 		cert = next;
     74 	}
     75 }
     76 
     77 
     78 static int x509_whitespace(char c)
     79 {
     80 	return c == ' ' || c == '\t';
     81 }
     82 
     83 
     84 static void x509_str_strip_whitespace(char *a)
     85 {
     86 	char *ipos, *opos;
     87 	int remove_whitespace = 1;
     88 
     89 	ipos = opos = a;
     90 
     91 	while (*ipos) {
     92 		if (remove_whitespace && x509_whitespace(*ipos))
     93 			ipos++;
     94 		else {
     95 			remove_whitespace = x509_whitespace(*ipos);
     96 			*opos++ = *ipos++;
     97 		}
     98 	}
     99 
    100 	*opos-- = '\0';
    101 	if (opos > a && x509_whitespace(*opos))
    102 		*opos = '\0';
    103 }
    104 
    105 
    106 static int x509_str_compare(const char *a, const char *b)
    107 {
    108 	char *aa, *bb;
    109 	int ret;
    110 
    111 	if (!a && b)
    112 		return -1;
    113 	if (a && !b)
    114 		return 1;
    115 	if (!a && !b)
    116 		return 0;
    117 
    118 	aa = os_strdup(a);
    119 	bb = os_strdup(b);
    120 
    121 	if (aa == NULL || bb == NULL) {
    122 		os_free(aa);
    123 		os_free(bb);
    124 		return os_strcasecmp(a, b);
    125 	}
    126 
    127 	x509_str_strip_whitespace(aa);
    128 	x509_str_strip_whitespace(bb);
    129 
    130 	ret = os_strcasecmp(aa, bb);
    131 
    132 	os_free(aa);
    133 	os_free(bb);
    134 
    135 	return ret;
    136 }
    137 
    138 
    139 /**
    140  * x509_name_compare - Compare X.509 certificate names
    141  * @a: Certificate name
    142  * @b: Certificate name
    143  * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
    144  * greater than b
    145  */
    146 int x509_name_compare(struct x509_name *a, struct x509_name *b)
    147 {
    148 	int res;
    149 
    150 	if (!a && b)
    151 		return -1;
    152 	if (a && !b)
    153 		return 1;
    154 	if (!a && !b)
    155 		return 0;
    156 
    157 	res = x509_str_compare(a->cn, b->cn);
    158 	if (res)
    159 		return res;
    160 	res = x509_str_compare(a->c, b->c);
    161 	if (res)
    162 		return res;
    163 	res = x509_str_compare(a->l, b->l);
    164 	if (res)
    165 		return res;
    166 	res = x509_str_compare(a->st, b->st);
    167 	if (res)
    168 		return res;
    169 	res = x509_str_compare(a->o, b->o);
    170 	if (res)
    171 		return res;
    172 	res = x509_str_compare(a->ou, b->ou);
    173 	if (res)
    174 		return res;
    175 	res = x509_str_compare(a->email, b->email);
    176 	if (res)
    177 		return res;
    178 
    179 	return 0;
    180 }
    181 
    182 
    183 static int x509_parse_algorithm_identifier(
    184 	const u8 *buf, size_t len,
    185 	struct x509_algorithm_identifier *id, const u8 **next)
    186 {
    187 	struct asn1_hdr hdr;
    188 	const u8 *pos, *end;
    189 
    190 	/*
    191 	 * AlgorithmIdentifier ::= SEQUENCE {
    192 	 *     algorithm            OBJECT IDENTIFIER,
    193 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
    194 	 * }
    195 	 */
    196 
    197 	if (asn1_get_next(buf, len, &hdr) < 0 ||
    198 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    199 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    200 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    201 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
    202 			   hdr.class, hdr.tag);
    203 		return -1;
    204 	}
    205 	pos = hdr.payload;
    206 	end = pos + hdr.length;
    207 
    208 	if (end > buf + len)
    209 		return -1;
    210 
    211 	*next = end;
    212 
    213 	if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
    214 		return -1;
    215 
    216 	/* TODO: optional parameters */
    217 
    218 	return 0;
    219 }
    220 
    221 
    222 static int x509_parse_public_key(const u8 *buf, size_t len,
    223 				 struct x509_certificate *cert,
    224 				 const u8 **next)
    225 {
    226 	struct asn1_hdr hdr;
    227 	const u8 *pos, *end;
    228 
    229 	/*
    230 	 * SubjectPublicKeyInfo ::= SEQUENCE {
    231 	 *     algorithm            AlgorithmIdentifier,
    232 	 *     subjectPublicKey     BIT STRING
    233 	 * }
    234 	 */
    235 
    236 	pos = buf;
    237 	end = buf + len;
    238 
    239 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
    240 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    241 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    242 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    243 			   "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
    244 			   hdr.class, hdr.tag);
    245 		return -1;
    246 	}
    247 	pos = hdr.payload;
    248 
    249 	if (pos + hdr.length > end)
    250 		return -1;
    251 	end = pos + hdr.length;
    252 	*next = end;
    253 
    254 	if (x509_parse_algorithm_identifier(pos, end - pos,
    255 					    &cert->public_key_alg, &pos))
    256 		return -1;
    257 
    258 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
    259 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    260 	    hdr.tag != ASN1_TAG_BITSTRING) {
    261 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
    262 			   "(subjectPublicKey) - found class %d tag 0x%x",
    263 			   hdr.class, hdr.tag);
    264 		return -1;
    265 	}
    266 	if (hdr.length < 1)
    267 		return -1;
    268 	pos = hdr.payload;
    269 	if (*pos) {
    270 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
    271 			   *pos);
    272 		/*
    273 		 * TODO: should this be rejected? X.509 certificates are
    274 		 * unlikely to use such a construction. Now we would end up
    275 		 * including the extra bits in the buffer which may also be
    276 		 * ok.
    277 		 */
    278 	}
    279 	os_free(cert->public_key);
    280 	cert->public_key = os_malloc(hdr.length - 1);
    281 	if (cert->public_key == NULL) {
    282 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
    283 			   "public key");
    284 		return -1;
    285 	}
    286 	os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
    287 	cert->public_key_len = hdr.length - 1;
    288 	wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
    289 		    cert->public_key, cert->public_key_len);
    290 
    291 	return 0;
    292 }
    293 
    294 
    295 static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
    296 			   const u8 **next)
    297 {
    298 	struct asn1_hdr hdr;
    299 	const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
    300 	struct asn1_oid oid;
    301 	char **fieldp;
    302 
    303 	/*
    304 	 * Name ::= CHOICE { RDNSequence }
    305 	 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
    306 	 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
    307 	 * AttributeTypeAndValue ::= SEQUENCE {
    308 	 *     type     AttributeType,
    309 	 *     value    AttributeValue
    310 	 * }
    311 	 * AttributeType ::= OBJECT IDENTIFIER
    312 	 * AttributeValue ::= ANY DEFINED BY AttributeType
    313 	 */
    314 
    315 	if (asn1_get_next(buf, len, &hdr) < 0 ||
    316 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    317 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    318 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    319 			   "(Name / RDNSequencer) - found class %d tag 0x%x",
    320 			   hdr.class, hdr.tag);
    321 		return -1;
    322 	}
    323 	pos = hdr.payload;
    324 
    325 	if (pos + hdr.length > buf + len)
    326 		return -1;
    327 
    328 	end = *next = pos + hdr.length;
    329 
    330 	while (pos < end) {
    331 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
    332 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
    333 		    hdr.tag != ASN1_TAG_SET) {
    334 			wpa_printf(MSG_DEBUG, "X509: Expected SET "
    335 				   "(RelativeDistinguishedName) - found class "
    336 				   "%d tag 0x%x", hdr.class, hdr.tag);
    337 			x509_free_name(name);
    338 			return -1;
    339 		}
    340 
    341 		set_pos = hdr.payload;
    342 		pos = set_end = hdr.payload + hdr.length;
    343 
    344 		if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
    345 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
    346 		    hdr.tag != ASN1_TAG_SEQUENCE) {
    347 			wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    348 				   "(AttributeTypeAndValue) - found class %d "
    349 				   "tag 0x%x", hdr.class, hdr.tag);
    350 			x509_free_name(name);
    351 			return -1;
    352 		}
    353 
    354 		seq_pos = hdr.payload;
    355 		seq_end = hdr.payload + hdr.length;
    356 
    357 		if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
    358 			x509_free_name(name);
    359 			return -1;
    360 		}
    361 
    362 		if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
    363 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
    364 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
    365 				   "AttributeValue");
    366 			x509_free_name(name);
    367 			return -1;
    368 		}
    369 
    370 		/* RFC 3280:
    371 		 * MUST: country, organization, organizational-unit,
    372 		 * distinguished name qualifier, state or province name,
    373 		 * common name, serial number.
    374 		 * SHOULD: locality, title, surname, given name, initials,
    375 		 * pseudonym, generation qualifier.
    376 		 * MUST: domainComponent (RFC 2247).
    377 		 */
    378 		fieldp = NULL;
    379 		if (oid.len == 4 &&
    380 		    oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
    381 			/* id-at ::= 2.5.4 */
    382 			switch (oid.oid[3]) {
    383 			case 3:
    384 				/* commonName */
    385 				fieldp = &name->cn;
    386 				break;
    387 			case 6:
    388 				/*  countryName */
    389 				fieldp = &name->c;
    390 				break;
    391 			case 7:
    392 				/* localityName */
    393 				fieldp = &name->l;
    394 				break;
    395 			case 8:
    396 				/* stateOrProvinceName */
    397 				fieldp = &name->st;
    398 				break;
    399 			case 10:
    400 				/* organizationName */
    401 				fieldp = &name->o;
    402 				break;
    403 			case 11:
    404 				/* organizationalUnitName */
    405 				fieldp = &name->ou;
    406 				break;
    407 			}
    408 		} else if (oid.len == 7 &&
    409 			   oid.oid[0] == 1 && oid.oid[1] == 2 &&
    410 			   oid.oid[2] == 840 && oid.oid[3] == 113549 &&
    411 			   oid.oid[4] == 1 && oid.oid[5] == 9 &&
    412 			   oid.oid[6] == 1) {
    413 			/* 1.2.840.113549.1.9.1 - e-mailAddress */
    414 			fieldp = &name->email;
    415 		}
    416 
    417 		if (fieldp == NULL) {
    418 			wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
    419 				    (u8 *) oid.oid,
    420 				    oid.len * sizeof(oid.oid[0]));
    421 			wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
    422 					  hdr.payload, hdr.length);
    423 			continue;
    424 		}
    425 
    426 		os_free(*fieldp);
    427 		*fieldp = os_malloc(hdr.length + 1);
    428 		if (*fieldp == NULL) {
    429 			x509_free_name(name);
    430 			return -1;
    431 		}
    432 		os_memcpy(*fieldp, hdr.payload, hdr.length);
    433 		(*fieldp)[hdr.length] = '\0';
    434 	}
    435 
    436 	return 0;
    437 }
    438 
    439 
    440 /**
    441  * x509_name_string - Convert an X.509 certificate name into a string
    442  * @name: Name to convert
    443  * @buf: Buffer for the string
    444  * @len: Maximum buffer length
    445  */
    446 void x509_name_string(struct x509_name *name, char *buf, size_t len)
    447 {
    448 	char *pos, *end;
    449 	int ret;
    450 
    451 	if (len == 0)
    452 		return;
    453 
    454 	pos = buf;
    455 	end = buf + len;
    456 
    457 	if (name->c) {
    458 		ret = os_snprintf(pos, end - pos, "C=%s, ", name->c);
    459 		if (ret < 0 || ret >= end - pos)
    460 			goto done;
    461 		pos += ret;
    462 	}
    463 	if (name->st) {
    464 		ret = os_snprintf(pos, end - pos, "ST=%s, ", name->st);
    465 		if (ret < 0 || ret >= end - pos)
    466 			goto done;
    467 		pos += ret;
    468 	}
    469 	if (name->l) {
    470 		ret = os_snprintf(pos, end - pos, "L=%s, ", name->l);
    471 		if (ret < 0 || ret >= end - pos)
    472 			goto done;
    473 		pos += ret;
    474 	}
    475 	if (name->o) {
    476 		ret = os_snprintf(pos, end - pos, "O=%s, ", name->o);
    477 		if (ret < 0 || ret >= end - pos)
    478 			goto done;
    479 		pos += ret;
    480 	}
    481 	if (name->ou) {
    482 		ret = os_snprintf(pos, end - pos, "OU=%s, ", name->ou);
    483 		if (ret < 0 || ret >= end - pos)
    484 			goto done;
    485 		pos += ret;
    486 	}
    487 	if (name->cn) {
    488 		ret = os_snprintf(pos, end - pos, "CN=%s, ", name->cn);
    489 		if (ret < 0 || ret >= end - pos)
    490 			goto done;
    491 		pos += ret;
    492 	}
    493 
    494 	if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
    495 		*pos-- = '\0';
    496 		*pos-- = '\0';
    497 	}
    498 
    499 	if (name->email) {
    500 		ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
    501 				  name->email);
    502 		if (ret < 0 || ret >= end - pos)
    503 			goto done;
    504 		pos += ret;
    505 	}
    506 
    507 done:
    508 	end[-1] = '\0';
    509 }
    510 
    511 
    512 static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag,
    513 			   os_time_t *val)
    514 {
    515 	const char *pos;
    516 	int year, month, day, hour, min, sec;
    517 
    518 	/*
    519 	 * Time ::= CHOICE {
    520 	 *     utcTime        UTCTime,
    521 	 *     generalTime    GeneralizedTime
    522 	 * }
    523 	 *
    524 	 * UTCTime: YYMMDDHHMMSSZ
    525 	 * GeneralizedTime: YYYYMMDDHHMMSSZ
    526 	 */
    527 
    528 	pos = (const char *) buf;
    529 
    530 	switch (asn1_tag) {
    531 	case ASN1_TAG_UTCTIME:
    532 		if (len != 13 || buf[12] != 'Z') {
    533 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
    534 					  "UTCTime format", buf, len);
    535 			return -1;
    536 		}
    537 		if (sscanf(pos, "%02d", &year) != 1) {
    538 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
    539 					  "UTCTime year", buf, len);
    540 			return -1;
    541 		}
    542 		if (year < 50)
    543 			year += 2000;
    544 		else
    545 			year += 1900;
    546 		pos += 2;
    547 		break;
    548 	case ASN1_TAG_GENERALIZEDTIME:
    549 		if (len != 15 || buf[14] != 'Z') {
    550 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
    551 					  "GeneralizedTime format", buf, len);
    552 			return -1;
    553 		}
    554 		if (sscanf(pos, "%04d", &year) != 1) {
    555 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
    556 					  "GeneralizedTime year", buf, len);
    557 			return -1;
    558 		}
    559 		pos += 4;
    560 		break;
    561 	default:
    562 		wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
    563 			   "GeneralizedTime - found tag 0x%x", asn1_tag);
    564 		return -1;
    565 	}
    566 
    567 	if (sscanf(pos, "%02d", &month) != 1) {
    568 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    569 				  "(month)", buf, len);
    570 		return -1;
    571 	}
    572 	pos += 2;
    573 
    574 	if (sscanf(pos, "%02d", &day) != 1) {
    575 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    576 				  "(day)", buf, len);
    577 		return -1;
    578 	}
    579 	pos += 2;
    580 
    581 	if (sscanf(pos, "%02d", &hour) != 1) {
    582 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    583 				  "(hour)", buf, len);
    584 		return -1;
    585 	}
    586 	pos += 2;
    587 
    588 	if (sscanf(pos, "%02d", &min) != 1) {
    589 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    590 				  "(min)", buf, len);
    591 		return -1;
    592 	}
    593 	pos += 2;
    594 
    595 	if (sscanf(pos, "%02d", &sec) != 1) {
    596 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    597 				  "(sec)", buf, len);
    598 		return -1;
    599 	}
    600 
    601 	if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
    602 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
    603 				  buf, len);
    604 		if (year < 1970) {
    605 			/*
    606 			 * At least some test certificates have been configured
    607 			 * to use dates prior to 1970. Set the date to
    608 			 * beginning of 1970 to handle these case.
    609 			 */
    610 			wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
    611 				   "assume epoch as the time", year);
    612 			*val = 0;
    613 			return 0;
    614 		}
    615 		return -1;
    616 	}
    617 
    618 	return 0;
    619 }
    620 
    621 
    622 static int x509_parse_validity(const u8 *buf, size_t len,
    623 			       struct x509_certificate *cert, const u8 **next)
    624 {
    625 	struct asn1_hdr hdr;
    626 	const u8 *pos;
    627 	size_t plen;
    628 
    629 	/*
    630 	 * Validity ::= SEQUENCE {
    631 	 *     notBefore      Time,
    632 	 *     notAfter       Time
    633 	 * }
    634 	 *
    635 	 * RFC 3280, 4.1.2.5:
    636 	 * CAs conforming to this profile MUST always encode certificate
    637 	 * validity dates through the year 2049 as UTCTime; certificate
    638 	 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
    639 	 */
    640 
    641 	if (asn1_get_next(buf, len, &hdr) < 0 ||
    642 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    643 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    644 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    645 			   "(Validity) - found class %d tag 0x%x",
    646 			   hdr.class, hdr.tag);
    647 		return -1;
    648 	}
    649 	pos = hdr.payload;
    650 	plen = hdr.length;
    651 
    652 	if (pos + plen > buf + len)
    653 		return -1;
    654 
    655 	*next = pos + plen;
    656 
    657 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
    658 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    659 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
    660 			    &cert->not_before) < 0) {
    661 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
    662 				  "Time", hdr.payload, hdr.length);
    663 		return -1;
    664 	}
    665 
    666 	pos = hdr.payload + hdr.length;
    667 	plen = *next - pos;
    668 
    669 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
    670 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    671 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
    672 			    &cert->not_after) < 0) {
    673 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
    674 				  "Time", hdr.payload, hdr.length);
    675 		return -1;
    676 	}
    677 
    678 	wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
    679 		   (unsigned long) cert->not_before,
    680 		   (unsigned long) cert->not_after);
    681 
    682 	return 0;
    683 }
    684 
    685 
    686 static int x509_id_ce_oid(struct asn1_oid *oid)
    687 {
    688 	/* id-ce arc from X.509 for standard X.509v3 extensions */
    689 	return oid->len >= 4 &&
    690 		oid->oid[0] == 2 /* joint-iso-ccitt */ &&
    691 		oid->oid[1] == 5 /* ds */ &&
    692 		oid->oid[2] == 29 /* id-ce */;
    693 }
    694 
    695 
    696 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
    697 				    const u8 *pos, size_t len)
    698 {
    699 	struct asn1_hdr hdr;
    700 
    701 	/*
    702 	 * KeyUsage ::= BIT STRING {
    703 	 *     digitalSignature        (0),
    704 	 *     nonRepudiation          (1),
    705 	 *     keyEncipherment         (2),
    706 	 *     dataEncipherment        (3),
    707 	 *     keyAgreement            (4),
    708 	 *     keyCertSign             (5),
    709 	 *     cRLSign                 (6),
    710 	 *     encipherOnly            (7),
    711 	 *     decipherOnly            (8) }
    712 	 */
    713 
    714 	if (asn1_get_next(pos, len, &hdr) < 0 ||
    715 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    716 	    hdr.tag != ASN1_TAG_BITSTRING ||
    717 	    hdr.length < 1) {
    718 		wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
    719 			   "KeyUsage; found %d tag 0x%x len %d",
    720 			   hdr.class, hdr.tag, hdr.length);
    721 		return -1;
    722 	}
    723 
    724 	cert->extensions_present |= X509_EXT_KEY_USAGE;
    725 	cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
    726 
    727 	wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
    728 
    729 	return 0;
    730 }
    731 
    732 
    733 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
    734 					    const u8 *pos, size_t len)
    735 {
    736 	struct asn1_hdr hdr;
    737 	unsigned long value;
    738 	size_t left;
    739 
    740 	/*
    741 	 * BasicConstraints ::= SEQUENCE {
    742 	 * cA                      BOOLEAN DEFAULT FALSE,
    743 	 * pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
    744 	 */
    745 
    746 	if (asn1_get_next(pos, len, &hdr) < 0 ||
    747 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    748 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    749 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
    750 			   "BasicConstraints; found %d tag 0x%x",
    751 			   hdr.class, hdr.tag);
    752 		return -1;
    753 	}
    754 
    755 	cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
    756 
    757 	if (hdr.length == 0)
    758 		return 0;
    759 
    760 	if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
    761 	    hdr.class != ASN1_CLASS_UNIVERSAL) {
    762 		wpa_printf(MSG_DEBUG, "X509: Failed to parse "
    763 			   "BasicConstraints");
    764 		return -1;
    765 	}
    766 
    767 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
    768 		if (hdr.length != 1) {
    769 			wpa_printf(MSG_DEBUG, "X509: Unexpected "
    770 				   "Boolean length (%u) in BasicConstraints",
    771 				   hdr.length);
    772 			return -1;
    773 		}
    774 		cert->ca = hdr.payload[0];
    775 
    776 		if (hdr.payload + hdr.length == pos + len) {
    777 			wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
    778 				   cert->ca);
    779 			return 0;
    780 		}
    781 
    782 		if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
    783 				  &hdr) < 0 ||
    784 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
    785 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
    786 				   "BasicConstraints");
    787 			return -1;
    788 		}
    789 	}
    790 
    791 	if (hdr.tag != ASN1_TAG_INTEGER) {
    792 		wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
    793 			   "BasicConstraints; found class %d tag 0x%x",
    794 			   hdr.class, hdr.tag);
    795 		return -1;
    796 	}
    797 
    798 	pos = hdr.payload;
    799 	left = hdr.length;
    800 	value = 0;
    801 	while (left) {
    802 		value <<= 8;
    803 		value |= *pos++;
    804 		left--;
    805 	}
    806 
    807 	cert->path_len_constraint = value;
    808 	cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
    809 
    810 	wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
    811 		   "pathLenConstraint=%lu",
    812 		   cert->ca, cert->path_len_constraint);
    813 
    814 	return 0;
    815 }
    816 
    817 
    818 static int x509_parse_extension_data(struct x509_certificate *cert,
    819 				     struct asn1_oid *oid,
    820 				     const u8 *pos, size_t len)
    821 {
    822 	if (!x509_id_ce_oid(oid))
    823 		return 1;
    824 
    825 	/* TODO: add other extensions required by RFC 3280, Ch 4.2:
    826 	 * certificate policies (section 4.2.1.5)
    827 	 * the subject alternative name (section 4.2.1.7)
    828 	 * name constraints (section 4.2.1.11)
    829 	 * policy constraints (section 4.2.1.12)
    830 	 * extended key usage (section 4.2.1.13)
    831 	 * inhibit any-policy (section 4.2.1.15)
    832 	 */
    833 	switch (oid->oid[3]) {
    834 	case 15: /* id-ce-keyUsage */
    835 		return x509_parse_ext_key_usage(cert, pos, len);
    836 	case 19: /* id-ce-basicConstraints */
    837 		return x509_parse_ext_basic_constraints(cert, pos, len);
    838 	default:
    839 		return 1;
    840 	}
    841 }
    842 
    843 
    844 static int x509_parse_extension(struct x509_certificate *cert,
    845 				const u8 *pos, size_t len, const u8 **next)
    846 {
    847 	const u8 *end;
    848 	struct asn1_hdr hdr;
    849 	struct asn1_oid oid;
    850 	int critical_ext = 0, res;
    851 	char buf[80];
    852 
    853 	/*
    854 	 * Extension  ::=  SEQUENCE  {
    855 	 *     extnID      OBJECT IDENTIFIER,
    856 	 *     critical    BOOLEAN DEFAULT FALSE,
    857 	 *     extnValue   OCTET STRING
    858 	 * }
    859 	 */
    860 
    861 	if (asn1_get_next(pos, len, &hdr) < 0 ||
    862 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    863 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    864 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
    865 			   "Extensions: class %d tag 0x%x; expected SEQUENCE",
    866 			   hdr.class, hdr.tag);
    867 		return -1;
    868 	}
    869 	pos = hdr.payload;
    870 	*next = end = pos + hdr.length;
    871 
    872 	if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
    873 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
    874 			   "Extension (expected OID)");
    875 		return -1;
    876 	}
    877 
    878 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
    879 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    880 	    (hdr.tag != ASN1_TAG_BOOLEAN &&
    881 	     hdr.tag != ASN1_TAG_OCTETSTRING)) {
    882 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
    883 			   "Extensions: class %d tag 0x%x; expected BOOLEAN "
    884 			   "or OCTET STRING", hdr.class, hdr.tag);
    885 		return -1;
    886 	}
    887 
    888 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
    889 		if (hdr.length != 1) {
    890 			wpa_printf(MSG_DEBUG, "X509: Unexpected "
    891 				   "Boolean length (%u)", hdr.length);
    892 			return -1;
    893 		}
    894 		critical_ext = hdr.payload[0];
    895 		pos = hdr.payload;
    896 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
    897 		    (hdr.class != ASN1_CLASS_UNIVERSAL &&
    898 		     hdr.class != ASN1_CLASS_PRIVATE) ||
    899 		    hdr.tag != ASN1_TAG_OCTETSTRING) {
    900 			wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
    901 				   "in Extensions: class %d tag 0x%x; "
    902 				   "expected OCTET STRING",
    903 				   hdr.class, hdr.tag);
    904 			return -1;
    905 		}
    906 	}
    907 
    908 	asn1_oid_to_str(&oid, buf, sizeof(buf));
    909 	wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
    910 		   buf, critical_ext);
    911 	wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
    912 
    913 	res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
    914 	if (res < 0)
    915 		return res;
    916 	if (res == 1 && critical_ext) {
    917 		wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
    918 			   buf);
    919 		return -1;
    920 	}
    921 
    922 	return 0;
    923 }
    924 
    925 
    926 static int x509_parse_extensions(struct x509_certificate *cert,
    927 				 const u8 *pos, size_t len)
    928 {
    929 	const u8 *end;
    930 	struct asn1_hdr hdr;
    931 
    932 	/* Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension */
    933 
    934 	if (asn1_get_next(pos, len, &hdr) < 0 ||
    935 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    936 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    937 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
    938 			   "for Extensions: class %d tag 0x%x; "
    939 			   "expected SEQUENCE", hdr.class, hdr.tag);
    940 		return -1;
    941 	}
    942 
    943 	pos = hdr.payload;
    944 	end = pos + hdr.length;
    945 
    946 	while (pos < end) {
    947 		if (x509_parse_extension(cert, pos, end - pos, &pos)
    948 		    < 0)
    949 			return -1;
    950 	}
    951 
    952 	return 0;
    953 }
    954 
    955 
    956 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
    957 				      struct x509_certificate *cert,
    958 				      const u8 **next)
    959 {
    960 	struct asn1_hdr hdr;
    961 	const u8 *pos, *end;
    962 	size_t left;
    963 	char sbuf[128];
    964 	unsigned long value;
    965 
    966 	/* tbsCertificate TBSCertificate ::= SEQUENCE */
    967 	if (asn1_get_next(buf, len, &hdr) < 0 ||
    968 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    969 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    970 		wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
    971 			   "with a valid SEQUENCE - found class %d tag 0x%x",
    972 			   hdr.class, hdr.tag);
    973 		return -1;
    974 	}
    975 	pos = hdr.payload;
    976 	end = *next = pos + hdr.length;
    977 
    978 	/*
    979 	 * version [0]  EXPLICIT Version DEFAULT v1
    980 	 * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
    981 	 */
    982 	if (asn1_get_next(pos, end - pos, &hdr) < 0)
    983 		return -1;
    984 	pos = hdr.payload;
    985 
    986 	if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
    987 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
    988 			return -1;
    989 
    990 		if (hdr.class != ASN1_CLASS_UNIVERSAL ||
    991 		    hdr.tag != ASN1_TAG_INTEGER) {
    992 			wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
    993 				   "version field - found class %d tag 0x%x",
    994 				   hdr.class, hdr.tag);
    995 			return -1;
    996 		}
    997 		if (hdr.length != 1) {
    998 			wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
    999 				   "length %u (expected 1)", hdr.length);
   1000 			return -1;
   1001 		}
   1002 		pos = hdr.payload;
   1003 		left = hdr.length;
   1004 		value = 0;
   1005 		while (left) {
   1006 			value <<= 8;
   1007 			value |= *pos++;
   1008 			left--;
   1009 		}
   1010 
   1011 		cert->version = value;
   1012 		if (cert->version != X509_CERT_V1 &&
   1013 		    cert->version != X509_CERT_V2 &&
   1014 		    cert->version != X509_CERT_V3) {
   1015 			wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
   1016 				   cert->version + 1);
   1017 			return -1;
   1018 		}
   1019 
   1020 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
   1021 			return -1;
   1022 	} else
   1023 		cert->version = X509_CERT_V1;
   1024 	wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
   1025 
   1026 	/* serialNumber CertificateSerialNumber ::= INTEGER */
   1027 	if (hdr.class != ASN1_CLASS_UNIVERSAL ||
   1028 	    hdr.tag != ASN1_TAG_INTEGER) {
   1029 		wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
   1030 			   "serialNumber; class=%d tag=0x%x",
   1031 			   hdr.class, hdr.tag);
   1032 		return -1;
   1033 	}
   1034 
   1035 	pos = hdr.payload;
   1036 	left = hdr.length;
   1037 	while (left) {
   1038 		cert->serial_number <<= 8;
   1039 		cert->serial_number |= *pos++;
   1040 		left--;
   1041 	}
   1042 	wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
   1043 
   1044 	/* signature AlgorithmIdentifier */
   1045 	if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
   1046 					    &pos))
   1047 		return -1;
   1048 
   1049 	/* issuer Name */
   1050 	if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
   1051 		return -1;
   1052 	x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
   1053 	wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
   1054 
   1055 	/* validity Validity */
   1056 	if (x509_parse_validity(pos, end - pos, cert, &pos))
   1057 		return -1;
   1058 
   1059 	/* subject Name */
   1060 	if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
   1061 		return -1;
   1062 	x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
   1063 	wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
   1064 
   1065 	/* subjectPublicKeyInfo SubjectPublicKeyInfo */
   1066 	if (x509_parse_public_key(pos, end - pos, cert, &pos))
   1067 		return -1;
   1068 
   1069 	if (pos == end)
   1070 		return 0;
   1071 
   1072 	if (cert->version == X509_CERT_V1)
   1073 		return 0;
   1074 
   1075 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1076 	    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
   1077 		wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
   1078 			   " tag to parse optional tbsCertificate "
   1079 			   "field(s); parsed class %d tag 0x%x",
   1080 			   hdr.class, hdr.tag);
   1081 		return -1;
   1082 	}
   1083 
   1084 	if (hdr.tag == 1) {
   1085 		/* issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL */
   1086 		wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
   1087 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
   1088 
   1089 		if (hdr.payload + hdr.length == end)
   1090 			return 0;
   1091 
   1092 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1093 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
   1094 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
   1095 				   " tag to parse optional tbsCertificate "
   1096 				   "field(s); parsed class %d tag 0x%x",
   1097 				   hdr.class, hdr.tag);
   1098 			return -1;
   1099 		}
   1100 	}
   1101 
   1102 	if (hdr.tag == 2) {
   1103 		/* subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL */
   1104 		wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
   1105 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
   1106 
   1107 		if (hdr.payload + hdr.length == end)
   1108 			return 0;
   1109 
   1110 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1111 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
   1112 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
   1113 				   " tag to parse optional tbsCertificate "
   1114 				   "field(s); parsed class %d tag 0x%x",
   1115 				   hdr.class, hdr.tag);
   1116 			return -1;
   1117 		}
   1118 	}
   1119 
   1120 	if (hdr.tag != 3) {
   1121 		wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
   1122 			   "Context-Specific tag %d in optional "
   1123 			   "tbsCertificate fields", hdr.tag);
   1124 		return 0;
   1125 	}
   1126 
   1127 	/* extensions      [3]  EXPLICIT Extensions OPTIONAL */
   1128 
   1129 	if (cert->version != X509_CERT_V3) {
   1130 		wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
   1131 			   "Extensions data which are only allowed for "
   1132 			   "version 3", cert->version + 1);
   1133 		return -1;
   1134 	}
   1135 
   1136 	if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
   1137 		return -1;
   1138 
   1139 	pos = hdr.payload + hdr.length;
   1140 	if (pos < end) {
   1141 		wpa_hexdump(MSG_DEBUG,
   1142 			    "X509: Ignored extra tbsCertificate data",
   1143 			    pos, end - pos);
   1144 	}
   1145 
   1146 	return 0;
   1147 }
   1148 
   1149 
   1150 static int x509_rsadsi_oid(struct asn1_oid *oid)
   1151 {
   1152 	return oid->len >= 4 &&
   1153 		oid->oid[0] == 1 /* iso */ &&
   1154 		oid->oid[1] == 2 /* member-body */ &&
   1155 		oid->oid[2] == 840 /* us */ &&
   1156 		oid->oid[3] == 113549 /* rsadsi */;
   1157 }
   1158 
   1159 
   1160 static int x509_pkcs_oid(struct asn1_oid *oid)
   1161 {
   1162 	return oid->len >= 5 &&
   1163 		x509_rsadsi_oid(oid) &&
   1164 		oid->oid[4] == 1 /* pkcs */;
   1165 }
   1166 
   1167 
   1168 static int x509_digest_oid(struct asn1_oid *oid)
   1169 {
   1170 	return oid->len >= 5 &&
   1171 		x509_rsadsi_oid(oid) &&
   1172 		oid->oid[4] == 2 /* digestAlgorithm */;
   1173 }
   1174 
   1175 
   1176 static int x509_sha1_oid(struct asn1_oid *oid)
   1177 {
   1178 	return oid->len == 6 &&
   1179 		oid->oid[0] == 1 /* iso */ &&
   1180 		oid->oid[1] == 3 /* identified-organization */ &&
   1181 		oid->oid[2] == 14 /* oiw */ &&
   1182 		oid->oid[3] == 3 /* secsig */ &&
   1183 		oid->oid[4] == 2 /* algorithms */ &&
   1184 		oid->oid[5] == 26 /* id-sha1 */;
   1185 }
   1186 
   1187 
   1188 static int x509_sha256_oid(struct asn1_oid *oid)
   1189 {
   1190 	return oid->len == 9 &&
   1191 		oid->oid[0] == 2 /* joint-iso-itu-t */ &&
   1192 		oid->oid[1] == 16 /* country */ &&
   1193 		oid->oid[2] == 840 /* us */ &&
   1194 		oid->oid[3] == 1 /* organization */ &&
   1195 		oid->oid[4] == 101 /* gov */ &&
   1196 		oid->oid[5] == 3 /* csor */ &&
   1197 		oid->oid[6] == 4 /* nistAlgorithm */ &&
   1198 		oid->oid[7] == 2 /* hashAlgs */ &&
   1199 		oid->oid[8] == 1 /* sha256 */;
   1200 }
   1201 
   1202 
   1203 /**
   1204  * x509_certificate_parse - Parse a X.509 certificate in DER format
   1205  * @buf: Pointer to the X.509 certificate in DER format
   1206  * @len: Buffer length
   1207  * Returns: Pointer to the parsed certificate or %NULL on failure
   1208  *
   1209  * Caller is responsible for freeing the returned certificate by calling
   1210  * x509_certificate_free().
   1211  */
   1212 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
   1213 {
   1214 	struct asn1_hdr hdr;
   1215 	const u8 *pos, *end, *hash_start;
   1216 	struct x509_certificate *cert;
   1217 
   1218 	cert = os_zalloc(sizeof(*cert) + len);
   1219 	if (cert == NULL)
   1220 		return NULL;
   1221 	os_memcpy(cert + 1, buf, len);
   1222 	cert->cert_start = (u8 *) (cert + 1);
   1223 	cert->cert_len = len;
   1224 
   1225 	pos = buf;
   1226 	end = buf + len;
   1227 
   1228 	/* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
   1229 
   1230 	/* Certificate ::= SEQUENCE */
   1231 	if (asn1_get_next(pos, len, &hdr) < 0 ||
   1232 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1233 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1234 		wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
   1235 			   "a valid SEQUENCE - found class %d tag 0x%x",
   1236 			   hdr.class, hdr.tag);
   1237 		x509_certificate_free(cert);
   1238 		return NULL;
   1239 	}
   1240 	pos = hdr.payload;
   1241 
   1242 	if (pos + hdr.length > end) {
   1243 		x509_certificate_free(cert);
   1244 		return NULL;
   1245 	}
   1246 
   1247 	if (pos + hdr.length < end) {
   1248 		wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
   1249 			    "encoded certificate",
   1250 			    pos + hdr.length, end - pos + hdr.length);
   1251 		end = pos + hdr.length;
   1252 	}
   1253 
   1254 	hash_start = pos;
   1255 	cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
   1256 	if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
   1257 		x509_certificate_free(cert);
   1258 		return NULL;
   1259 	}
   1260 	cert->tbs_cert_len = pos - hash_start;
   1261 
   1262 	/* signatureAlgorithm AlgorithmIdentifier */
   1263 	if (x509_parse_algorithm_identifier(pos, end - pos,
   1264 					    &cert->signature_alg, &pos)) {
   1265 		x509_certificate_free(cert);
   1266 		return NULL;
   1267 	}
   1268 
   1269 	/* signatureValue BIT STRING */
   1270 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1271 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1272 	    hdr.tag != ASN1_TAG_BITSTRING) {
   1273 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
   1274 			   "(signatureValue) - found class %d tag 0x%x",
   1275 			   hdr.class, hdr.tag);
   1276 		x509_certificate_free(cert);
   1277 		return NULL;
   1278 	}
   1279 	if (hdr.length < 1) {
   1280 		x509_certificate_free(cert);
   1281 		return NULL;
   1282 	}
   1283 	pos = hdr.payload;
   1284 	if (*pos) {
   1285 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
   1286 			   *pos);
   1287 		/* PKCS #1 v1.5 10.2.1:
   1288 		 * It is an error if the length in bits of the signature S is
   1289 		 * not a multiple of eight.
   1290 		 */
   1291 		x509_certificate_free(cert);
   1292 		return NULL;
   1293 	}
   1294 	os_free(cert->sign_value);
   1295 	cert->sign_value = os_malloc(hdr.length - 1);
   1296 	if (cert->sign_value == NULL) {
   1297 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
   1298 			   "signatureValue");
   1299 		x509_certificate_free(cert);
   1300 		return NULL;
   1301 	}
   1302 	os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
   1303 	cert->sign_value_len = hdr.length - 1;
   1304 	wpa_hexdump(MSG_MSGDUMP, "X509: signature",
   1305 		    cert->sign_value, cert->sign_value_len);
   1306 
   1307 	return cert;
   1308 }
   1309 
   1310 
   1311 /**
   1312  * x509_certificate_check_signature - Verify certificate signature
   1313  * @issuer: Issuer certificate
   1314  * @cert: Certificate to be verified
   1315  * Returns: 0 if cert has a valid signature that was signed by the issuer,
   1316  * -1 if not
   1317  */
   1318 int x509_certificate_check_signature(struct x509_certificate *issuer,
   1319 				     struct x509_certificate *cert)
   1320 {
   1321 	struct crypto_public_key *pk;
   1322 	u8 *data;
   1323 	const u8 *pos, *end, *next, *da_end;
   1324 	size_t data_len;
   1325 	struct asn1_hdr hdr;
   1326 	struct asn1_oid oid;
   1327 	u8 hash[32];
   1328 	size_t hash_len;
   1329 
   1330 	if (!x509_pkcs_oid(&cert->signature.oid) ||
   1331 	    cert->signature.oid.len != 7 ||
   1332 	    cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
   1333 		wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
   1334 			   "algorithm");
   1335 		return -1;
   1336 	}
   1337 
   1338 	pk = crypto_public_key_import(issuer->public_key,
   1339 				      issuer->public_key_len);
   1340 	if (pk == NULL)
   1341 		return -1;
   1342 
   1343 	data_len = cert->sign_value_len;
   1344 	data = os_malloc(data_len);
   1345 	if (data == NULL) {
   1346 		crypto_public_key_free(pk);
   1347 		return -1;
   1348 	}
   1349 
   1350 	if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
   1351 					    cert->sign_value_len, data,
   1352 					    &data_len) < 0) {
   1353 		wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
   1354 		crypto_public_key_free(pk);
   1355 		os_free(data);
   1356 		return -1;
   1357 	}
   1358 	crypto_public_key_free(pk);
   1359 
   1360 	wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
   1361 
   1362 	/*
   1363 	 * PKCS #1 v1.5, 10.1.2:
   1364 	 *
   1365 	 * DigestInfo ::= SEQUENCE {
   1366 	 *     digestAlgorithm DigestAlgorithmIdentifier,
   1367 	 *     digest Digest
   1368 	 * }
   1369 	 *
   1370 	 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
   1371 	 *
   1372 	 * Digest ::= OCTET STRING
   1373 	 *
   1374 	 */
   1375 	if (asn1_get_next(data, data_len, &hdr) < 0 ||
   1376 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1377 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1378 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
   1379 			   "(DigestInfo) - found class %d tag 0x%x",
   1380 			   hdr.class, hdr.tag);
   1381 		os_free(data);
   1382 		return -1;
   1383 	}
   1384 
   1385 	pos = hdr.payload;
   1386 	end = pos + hdr.length;
   1387 
   1388 	/*
   1389 	 * X.509:
   1390 	 * AlgorithmIdentifier ::= SEQUENCE {
   1391 	 *     algorithm            OBJECT IDENTIFIER,
   1392 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
   1393 	 * }
   1394 	 */
   1395 
   1396 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1397 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1398 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1399 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
   1400 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
   1401 			   hdr.class, hdr.tag);
   1402 		os_free(data);
   1403 		return -1;
   1404 	}
   1405 	da_end = hdr.payload + hdr.length;
   1406 
   1407 	if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
   1408 		wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
   1409 		os_free(data);
   1410 		return -1;
   1411 	}
   1412 
   1413 	if (x509_sha1_oid(&oid)) {
   1414 		if (cert->signature.oid.oid[6] !=
   1415 		    5 /* sha-1WithRSAEncryption */) {
   1416 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
   1417 				   "does not match with certificate "
   1418 				   "signatureAlgorithm (%lu)",
   1419 				   cert->signature.oid.oid[6]);
   1420 			os_free(data);
   1421 			return -1;
   1422 		}
   1423 		goto skip_digest_oid;
   1424 	}
   1425 
   1426 	if (x509_sha256_oid(&oid)) {
   1427 		if (cert->signature.oid.oid[6] !=
   1428 		    11 /* sha2561WithRSAEncryption */) {
   1429 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
   1430 				   "does not match with certificate "
   1431 				   "signatureAlgorithm (%lu)",
   1432 				   cert->signature.oid.oid[6]);
   1433 			os_free(data);
   1434 			return -1;
   1435 		}
   1436 		goto skip_digest_oid;
   1437 	}
   1438 
   1439 	if (!x509_digest_oid(&oid)) {
   1440 		wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
   1441 		os_free(data);
   1442 		return -1;
   1443 	}
   1444 	switch (oid.oid[5]) {
   1445 	case 5: /* md5 */
   1446 		if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
   1447 		{
   1448 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
   1449 				   "not match with certificate "
   1450 				   "signatureAlgorithm (%lu)",
   1451 				   cert->signature.oid.oid[6]);
   1452 			os_free(data);
   1453 			return -1;
   1454 		}
   1455 		break;
   1456 	case 2: /* md2 */
   1457 	case 4: /* md4 */
   1458 	default:
   1459 		wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
   1460 			   "(%lu)", oid.oid[5]);
   1461 		os_free(data);
   1462 		return -1;
   1463 	}
   1464 
   1465 skip_digest_oid:
   1466 	/* Digest ::= OCTET STRING */
   1467 	pos = da_end;
   1468 	end = data + data_len;
   1469 
   1470 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1471 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1472 	    hdr.tag != ASN1_TAG_OCTETSTRING) {
   1473 		wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
   1474 			   "(Digest) - found class %d tag 0x%x",
   1475 			   hdr.class, hdr.tag);
   1476 		os_free(data);
   1477 		return -1;
   1478 	}
   1479 	wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
   1480 		    hdr.payload, hdr.length);
   1481 
   1482 	switch (cert->signature.oid.oid[6]) {
   1483 	case 4: /* md5WithRSAEncryption */
   1484 		md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
   1485 			   hash);
   1486 		hash_len = 16;
   1487 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
   1488 			    hash, hash_len);
   1489 		break;
   1490 	case 5: /* sha-1WithRSAEncryption */
   1491 		sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
   1492 			    hash);
   1493 		hash_len = 20;
   1494 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
   1495 			    hash, hash_len);
   1496 		break;
   1497 	case 11: /* sha256WithRSAEncryption */
   1498 #ifdef NEED_SHA256
   1499 		sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
   1500 			      hash);
   1501 		hash_len = 32;
   1502 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
   1503 			    hash, hash_len);
   1504 		break;
   1505 #else /* NEED_SHA256 */
   1506 		wpa_printf(MSG_INFO, "X509: SHA256 support disabled");
   1507 		os_free(data);
   1508 		return -1;
   1509 #endif /* NEED_SHA256 */
   1510 	case 2: /* md2WithRSAEncryption */
   1511 	case 12: /* sha384WithRSAEncryption */
   1512 	case 13: /* sha512WithRSAEncryption */
   1513 	default:
   1514 		wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
   1515 			   "algorithm (%lu)", cert->signature.oid.oid[6]);
   1516 		os_free(data);
   1517 		return -1;
   1518 	}
   1519 
   1520 	if (hdr.length != hash_len ||
   1521 	    os_memcmp(hdr.payload, hash, hdr.length) != 0) {
   1522 		wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
   1523 			   "with calculated tbsCertificate hash");
   1524 		os_free(data);
   1525 		return -1;
   1526 	}
   1527 
   1528 	os_free(data);
   1529 
   1530 	wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
   1531 		   "calculated tbsCertificate hash");
   1532 
   1533 	return 0;
   1534 }
   1535 
   1536 
   1537 static int x509_valid_issuer(const struct x509_certificate *cert)
   1538 {
   1539 	if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
   1540 	    !cert->ca) {
   1541 		wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
   1542 			   "issuer");
   1543 		return -1;
   1544 	}
   1545 
   1546 	if (cert->version == X509_CERT_V3 &&
   1547 	    !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
   1548 		wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
   1549 			   "include BasicConstraints extension");
   1550 		return -1;
   1551 	}
   1552 
   1553 	if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
   1554 	    !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
   1555 		wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
   1556 			   "keyCertSign bit in Key Usage");
   1557 		return -1;
   1558 	}
   1559 
   1560 	return 0;
   1561 }
   1562 
   1563 
   1564 /**
   1565  * x509_certificate_chain_validate - Validate X.509 certificate chain
   1566  * @trusted: List of trusted certificates
   1567  * @chain: Certificate chain to be validated (first chain must be issued by
   1568  * signed by the second certificate in the chain and so on)
   1569  * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
   1570  * Returns: 0 if chain is valid, -1 if not
   1571  */
   1572 int x509_certificate_chain_validate(struct x509_certificate *trusted,
   1573 				    struct x509_certificate *chain,
   1574 				    int *reason)
   1575 {
   1576 	long unsigned idx;
   1577 	int chain_trusted = 0;
   1578 	struct x509_certificate *cert, *trust;
   1579 	char buf[128];
   1580 	struct os_time now;
   1581 
   1582 	*reason = X509_VALIDATE_OK;
   1583 
   1584 	wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
   1585 	os_get_time(&now);
   1586 
   1587 	for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
   1588 		x509_name_string(&cert->subject, buf, sizeof(buf));
   1589 		wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
   1590 
   1591 		if (chain_trusted)
   1592 			continue;
   1593 
   1594 		if ((unsigned long) now.sec <
   1595 		    (unsigned long) cert->not_before ||
   1596 		    (unsigned long) now.sec >
   1597 		    (unsigned long) cert->not_after) {
   1598 			wpa_printf(MSG_INFO, "X509: Certificate not valid "
   1599 				   "(now=%lu not_before=%lu not_after=%lu)",
   1600 				   now.sec, cert->not_before, cert->not_after);
   1601 			*reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
   1602 			return -1;
   1603 		}
   1604 
   1605 		if (cert->next) {
   1606 			if (x509_name_compare(&cert->issuer,
   1607 					      &cert->next->subject) != 0) {
   1608 				wpa_printf(MSG_DEBUG, "X509: Certificate "
   1609 					   "chain issuer name mismatch");
   1610 				x509_name_string(&cert->issuer, buf,
   1611 						 sizeof(buf));
   1612 				wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
   1613 					   buf);
   1614 				x509_name_string(&cert->next->subject, buf,
   1615 						 sizeof(buf));
   1616 				wpa_printf(MSG_DEBUG, "X509: next cert "
   1617 					   "subject: %s", buf);
   1618 				*reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
   1619 				return -1;
   1620 			}
   1621 
   1622 			if (x509_valid_issuer(cert->next) < 0) {
   1623 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1624 				return -1;
   1625 			}
   1626 
   1627 			if ((cert->next->extensions_present &
   1628 			     X509_EXT_PATH_LEN_CONSTRAINT) &&
   1629 			    idx > cert->next->path_len_constraint) {
   1630 				wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
   1631 					   " not met (idx=%lu issuer "
   1632 					   "pathLenConstraint=%lu)", idx,
   1633 					   cert->next->path_len_constraint);
   1634 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1635 				return -1;
   1636 			}
   1637 
   1638 			if (x509_certificate_check_signature(cert->next, cert)
   1639 			    < 0) {
   1640 				wpa_printf(MSG_DEBUG, "X509: Invalid "
   1641 					   "certificate signature within "
   1642 					   "chain");
   1643 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1644 				return -1;
   1645 			}
   1646 		}
   1647 
   1648 		for (trust = trusted; trust; trust = trust->next) {
   1649 			if (x509_name_compare(&cert->issuer, &trust->subject)
   1650 			    == 0)
   1651 				break;
   1652 		}
   1653 
   1654 		if (trust) {
   1655 			wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
   1656 				   "list of trusted certificates");
   1657 			if (x509_valid_issuer(trust) < 0) {
   1658 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1659 				return -1;
   1660 			}
   1661 
   1662 			if (x509_certificate_check_signature(trust, cert) < 0)
   1663 			{
   1664 				wpa_printf(MSG_DEBUG, "X509: Invalid "
   1665 					   "certificate signature");
   1666 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1667 				return -1;
   1668 			}
   1669 
   1670 			wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
   1671 				   "found to complete the chain");
   1672 			chain_trusted = 1;
   1673 		}
   1674 	}
   1675 
   1676 	if (!chain_trusted) {
   1677 		wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
   1678 			   "from the list of trusted certificates");
   1679 		if (trusted) {
   1680 			*reason = X509_VALIDATE_UNKNOWN_CA;
   1681 			return -1;
   1682 		}
   1683 		wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
   1684 			   "disabled - ignore unknown CA issue");
   1685 	}
   1686 
   1687 	wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
   1688 
   1689 	return 0;
   1690 }
   1691 
   1692 
   1693 /**
   1694  * x509_certificate_get_subject - Get a certificate based on Subject name
   1695  * @chain: Certificate chain to search through
   1696  * @name: Subject name to search for
   1697  * Returns: Pointer to the certificate with the given Subject name or
   1698  * %NULL on failure
   1699  */
   1700 struct x509_certificate *
   1701 x509_certificate_get_subject(struct x509_certificate *chain,
   1702 			     struct x509_name *name)
   1703 {
   1704 	struct x509_certificate *cert;
   1705 
   1706 	for (cert = chain; cert; cert = cert->next) {
   1707 		if (x509_name_compare(&cert->subject, name) == 0)
   1708 			return cert;
   1709 	}
   1710 	return NULL;
   1711 }
   1712 
   1713 
   1714 /**
   1715  * x509_certificate_self_signed - Is the certificate self-signed?
   1716  * @cert: Certificate
   1717  * Returns: 1 if certificate is self-signed, 0 if not
   1718  */
   1719 int x509_certificate_self_signed(struct x509_certificate *cert)
   1720 {
   1721 	return x509_name_compare(&cert->issuer, &cert->subject) == 0;
   1722 }
   1723 
   1724 #endif /* CONFIG_INTERNAL_X509 */
   1725