Home | History | Annotate | Download | only in tls
      1 /*
      2  * X.509v3 certificate parsing and processing (RFC 3280 profile)
      3  * Copyright (c) 2006-2011, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #include "common.h"
     12 #include "crypto/crypto.h"
     13 #include "asn1.h"
     14 #include "x509v3.h"
     15 
     16 
     17 static void x509_free_name(struct x509_name *name)
     18 {
     19 	size_t i;
     20 
     21 	for (i = 0; i < name->num_attr; i++) {
     22 		os_free(name->attr[i].value);
     23 		name->attr[i].value = NULL;
     24 		name->attr[i].type = X509_NAME_ATTR_NOT_USED;
     25 	}
     26 	name->num_attr = 0;
     27 	os_free(name->email);
     28 	name->email = NULL;
     29 
     30 	os_free(name->alt_email);
     31 	os_free(name->dns);
     32 	os_free(name->uri);
     33 	os_free(name->ip);
     34 	name->alt_email = name->dns = name->uri = NULL;
     35 	name->ip = NULL;
     36 	name->ip_len = 0;
     37 	os_memset(&name->rid, 0, sizeof(name->rid));
     38 }
     39 
     40 
     41 /**
     42  * x509_certificate_free - Free an X.509 certificate
     43  * @cert: Certificate to be freed
     44  */
     45 void x509_certificate_free(struct x509_certificate *cert)
     46 {
     47 	if (cert == NULL)
     48 		return;
     49 	if (cert->next) {
     50 		wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
     51 			   "was still on a list (next=%p)\n",
     52 			   cert, cert->next);
     53 	}
     54 	x509_free_name(&cert->issuer);
     55 	x509_free_name(&cert->subject);
     56 	os_free(cert->public_key);
     57 	os_free(cert->sign_value);
     58 	os_free(cert);
     59 }
     60 
     61 
     62 /**
     63  * x509_certificate_free - Free an X.509 certificate chain
     64  * @cert: Pointer to the first certificate in the chain
     65  */
     66 void x509_certificate_chain_free(struct x509_certificate *cert)
     67 {
     68 	struct x509_certificate *next;
     69 
     70 	while (cert) {
     71 		next = cert->next;
     72 		cert->next = NULL;
     73 		x509_certificate_free(cert);
     74 		cert = next;
     75 	}
     76 }
     77 
     78 
     79 static int x509_whitespace(char c)
     80 {
     81 	return c == ' ' || c == '\t';
     82 }
     83 
     84 
     85 static void x509_str_strip_whitespace(char *a)
     86 {
     87 	char *ipos, *opos;
     88 	int remove_whitespace = 1;
     89 
     90 	ipos = opos = a;
     91 
     92 	while (*ipos) {
     93 		if (remove_whitespace && x509_whitespace(*ipos))
     94 			ipos++;
     95 		else {
     96 			remove_whitespace = x509_whitespace(*ipos);
     97 			*opos++ = *ipos++;
     98 		}
     99 	}
    100 
    101 	*opos-- = '\0';
    102 	if (opos > a && x509_whitespace(*opos))
    103 		*opos = '\0';
    104 }
    105 
    106 
    107 static int x509_str_compare(const char *a, const char *b)
    108 {
    109 	char *aa, *bb;
    110 	int ret;
    111 
    112 	if (!a && b)
    113 		return -1;
    114 	if (a && !b)
    115 		return 1;
    116 	if (!a && !b)
    117 		return 0;
    118 
    119 	aa = os_strdup(a);
    120 	bb = os_strdup(b);
    121 
    122 	if (aa == NULL || bb == NULL) {
    123 		os_free(aa);
    124 		os_free(bb);
    125 		return os_strcasecmp(a, b);
    126 	}
    127 
    128 	x509_str_strip_whitespace(aa);
    129 	x509_str_strip_whitespace(bb);
    130 
    131 	ret = os_strcasecmp(aa, bb);
    132 
    133 	os_free(aa);
    134 	os_free(bb);
    135 
    136 	return ret;
    137 }
    138 
    139 
    140 /**
    141  * x509_name_compare - Compare X.509 certificate names
    142  * @a: Certificate name
    143  * @b: Certificate name
    144  * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
    145  * greater than b
    146  */
    147 int x509_name_compare(struct x509_name *a, struct x509_name *b)
    148 {
    149 	int res;
    150 	size_t i;
    151 
    152 	if (!a && b)
    153 		return -1;
    154 	if (a && !b)
    155 		return 1;
    156 	if (!a && !b)
    157 		return 0;
    158 	if (a->num_attr < b->num_attr)
    159 		return -1;
    160 	if (a->num_attr > b->num_attr)
    161 		return 1;
    162 
    163 	for (i = 0; i < a->num_attr; i++) {
    164 		if (a->attr[i].type < b->attr[i].type)
    165 			return -1;
    166 		if (a->attr[i].type > b->attr[i].type)
    167 			return -1;
    168 		res = x509_str_compare(a->attr[i].value, b->attr[i].value);
    169 		if (res)
    170 			return res;
    171 	}
    172 	res = x509_str_compare(a->email, b->email);
    173 	if (res)
    174 		return res;
    175 
    176 	return 0;
    177 }
    178 
    179 
    180 static int x509_parse_algorithm_identifier(
    181 	const u8 *buf, size_t len,
    182 	struct x509_algorithm_identifier *id, const u8 **next)
    183 {
    184 	struct asn1_hdr hdr;
    185 	const u8 *pos, *end;
    186 
    187 	/*
    188 	 * AlgorithmIdentifier ::= SEQUENCE {
    189 	 *     algorithm            OBJECT IDENTIFIER,
    190 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
    191 	 * }
    192 	 */
    193 
    194 	if (asn1_get_next(buf, len, &hdr) < 0 ||
    195 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    196 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    197 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    198 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
    199 			   hdr.class, hdr.tag);
    200 		return -1;
    201 	}
    202 	pos = hdr.payload;
    203 	end = pos + hdr.length;
    204 
    205 	if (end > buf + len)
    206 		return -1;
    207 
    208 	*next = end;
    209 
    210 	if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
    211 		return -1;
    212 
    213 	/* TODO: optional parameters */
    214 
    215 	return 0;
    216 }
    217 
    218 
    219 static int x509_parse_public_key(const u8 *buf, size_t len,
    220 				 struct x509_certificate *cert,
    221 				 const u8 **next)
    222 {
    223 	struct asn1_hdr hdr;
    224 	const u8 *pos, *end;
    225 
    226 	/*
    227 	 * SubjectPublicKeyInfo ::= SEQUENCE {
    228 	 *     algorithm            AlgorithmIdentifier,
    229 	 *     subjectPublicKey     BIT STRING
    230 	 * }
    231 	 */
    232 
    233 	pos = buf;
    234 	end = buf + len;
    235 
    236 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
    237 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    238 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    239 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    240 			   "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
    241 			   hdr.class, hdr.tag);
    242 		return -1;
    243 	}
    244 	pos = hdr.payload;
    245 
    246 	if (pos + hdr.length > end)
    247 		return -1;
    248 	end = pos + hdr.length;
    249 	*next = end;
    250 
    251 	if (x509_parse_algorithm_identifier(pos, end - pos,
    252 					    &cert->public_key_alg, &pos))
    253 		return -1;
    254 
    255 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
    256 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    257 	    hdr.tag != ASN1_TAG_BITSTRING) {
    258 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
    259 			   "(subjectPublicKey) - found class %d tag 0x%x",
    260 			   hdr.class, hdr.tag);
    261 		return -1;
    262 	}
    263 	if (hdr.length < 1)
    264 		return -1;
    265 	pos = hdr.payload;
    266 	if (*pos) {
    267 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
    268 			   *pos);
    269 		/*
    270 		 * TODO: should this be rejected? X.509 certificates are
    271 		 * unlikely to use such a construction. Now we would end up
    272 		 * including the extra bits in the buffer which may also be
    273 		 * ok.
    274 		 */
    275 	}
    276 	os_free(cert->public_key);
    277 	cert->public_key = os_malloc(hdr.length - 1);
    278 	if (cert->public_key == NULL) {
    279 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
    280 			   "public key");
    281 		return -1;
    282 	}
    283 	os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
    284 	cert->public_key_len = hdr.length - 1;
    285 	wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
    286 		    cert->public_key, cert->public_key_len);
    287 
    288 	return 0;
    289 }
    290 
    291 
    292 static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
    293 			   const u8 **next)
    294 {
    295 	struct asn1_hdr hdr;
    296 	const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
    297 	struct asn1_oid oid;
    298 	char *val;
    299 
    300 	/*
    301 	 * Name ::= CHOICE { RDNSequence }
    302 	 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
    303 	 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
    304 	 * AttributeTypeAndValue ::= SEQUENCE {
    305 	 *     type     AttributeType,
    306 	 *     value    AttributeValue
    307 	 * }
    308 	 * AttributeType ::= OBJECT IDENTIFIER
    309 	 * AttributeValue ::= ANY DEFINED BY AttributeType
    310 	 */
    311 
    312 	if (asn1_get_next(buf, len, &hdr) < 0 ||
    313 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    314 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    315 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    316 			   "(Name / RDNSequencer) - found class %d tag 0x%x",
    317 			   hdr.class, hdr.tag);
    318 		return -1;
    319 	}
    320 	pos = hdr.payload;
    321 
    322 	if (pos + hdr.length > buf + len)
    323 		return -1;
    324 
    325 	end = *next = pos + hdr.length;
    326 
    327 	while (pos < end) {
    328 		enum x509_name_attr_type type;
    329 
    330 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
    331 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
    332 		    hdr.tag != ASN1_TAG_SET) {
    333 			wpa_printf(MSG_DEBUG, "X509: Expected SET "
    334 				   "(RelativeDistinguishedName) - found class "
    335 				   "%d tag 0x%x", hdr.class, hdr.tag);
    336 			x509_free_name(name);
    337 			return -1;
    338 		}
    339 
    340 		set_pos = hdr.payload;
    341 		pos = set_end = hdr.payload + hdr.length;
    342 
    343 		if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
    344 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
    345 		    hdr.tag != ASN1_TAG_SEQUENCE) {
    346 			wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    347 				   "(AttributeTypeAndValue) - found class %d "
    348 				   "tag 0x%x", hdr.class, hdr.tag);
    349 			x509_free_name(name);
    350 			return -1;
    351 		}
    352 
    353 		seq_pos = hdr.payload;
    354 		seq_end = hdr.payload + hdr.length;
    355 
    356 		if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
    357 			x509_free_name(name);
    358 			return -1;
    359 		}
    360 
    361 		if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
    362 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
    363 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
    364 				   "AttributeValue");
    365 			x509_free_name(name);
    366 			return -1;
    367 		}
    368 
    369 		/* RFC 3280:
    370 		 * MUST: country, organization, organizational-unit,
    371 		 * distinguished name qualifier, state or province name,
    372 		 * common name, serial number.
    373 		 * SHOULD: locality, title, surname, given name, initials,
    374 		 * pseudonym, generation qualifier.
    375 		 * MUST: domainComponent (RFC 2247).
    376 		 */
    377 		type = X509_NAME_ATTR_NOT_USED;
    378 		if (oid.len == 4 &&
    379 		    oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
    380 			/* id-at ::= 2.5.4 */
    381 			switch (oid.oid[3]) {
    382 			case 3:
    383 				/* commonName */
    384 				type = X509_NAME_ATTR_CN;
    385 				break;
    386 			case 6:
    387 				/*  countryName */
    388 				type = X509_NAME_ATTR_C;
    389 				break;
    390 			case 7:
    391 				/* localityName */
    392 				type = X509_NAME_ATTR_L;
    393 				break;
    394 			case 8:
    395 				/* stateOrProvinceName */
    396 				type = X509_NAME_ATTR_ST;
    397 				break;
    398 			case 10:
    399 				/* organizationName */
    400 				type = X509_NAME_ATTR_O;
    401 				break;
    402 			case 11:
    403 				/* organizationalUnitName */
    404 				type = X509_NAME_ATTR_OU;
    405 				break;
    406 			}
    407 		} else if (oid.len == 7 &&
    408 			   oid.oid[0] == 1 && oid.oid[1] == 2 &&
    409 			   oid.oid[2] == 840 && oid.oid[3] == 113549 &&
    410 			   oid.oid[4] == 1 && oid.oid[5] == 9 &&
    411 			   oid.oid[6] == 1) {
    412 			/* 1.2.840.113549.1.9.1 - e-mailAddress */
    413 			os_free(name->email);
    414 			name->email = os_malloc(hdr.length + 1);
    415 			if (name->email == NULL) {
    416 				x509_free_name(name);
    417 				return -1;
    418 			}
    419 			os_memcpy(name->email, hdr.payload, hdr.length);
    420 			name->email[hdr.length] = '\0';
    421 			continue;
    422 		} else if (oid.len == 7 &&
    423 			   oid.oid[0] == 0 && oid.oid[1] == 9 &&
    424 			   oid.oid[2] == 2342 && oid.oid[3] == 19200300 &&
    425 			   oid.oid[4] == 100 && oid.oid[5] == 1 &&
    426 			   oid.oid[6] == 25) {
    427 			/* 0.9.2342.19200300.100.1.25 - domainComponent */
    428 			type = X509_NAME_ATTR_DC;
    429 		}
    430 
    431 		if (type == X509_NAME_ATTR_NOT_USED) {
    432 			wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
    433 				    (u8 *) oid.oid,
    434 				    oid.len * sizeof(oid.oid[0]));
    435 			wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
    436 					  hdr.payload, hdr.length);
    437 			continue;
    438 		}
    439 
    440 		if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) {
    441 			wpa_printf(MSG_INFO, "X509: Too many Name attributes");
    442 			x509_free_name(name);
    443 			return -1;
    444 		}
    445 
    446 		val = dup_binstr(hdr.payload, hdr.length);
    447 		if (val == NULL) {
    448 			x509_free_name(name);
    449 			return -1;
    450 		}
    451 		if (os_strlen(val) != hdr.length) {
    452 			wpa_printf(MSG_INFO, "X509: Reject certificate with "
    453 				   "embedded NUL byte in a string (%s[NUL])",
    454 				   val);
    455 			os_free(val);
    456 			x509_free_name(name);
    457 			return -1;
    458 		}
    459 
    460 		name->attr[name->num_attr].type = type;
    461 		name->attr[name->num_attr].value = val;
    462 		name->num_attr++;
    463 	}
    464 
    465 	return 0;
    466 }
    467 
    468 
    469 static char * x509_name_attr_str(enum x509_name_attr_type type)
    470 {
    471 	switch (type) {
    472 	case X509_NAME_ATTR_NOT_USED:
    473 		return "[N/A]";
    474 	case X509_NAME_ATTR_DC:
    475 		return "DC";
    476 	case X509_NAME_ATTR_CN:
    477 		return "CN";
    478 	case X509_NAME_ATTR_C:
    479 		return "C";
    480 	case X509_NAME_ATTR_L:
    481 		return "L";
    482 	case X509_NAME_ATTR_ST:
    483 		return "ST";
    484 	case X509_NAME_ATTR_O:
    485 		return "O";
    486 	case X509_NAME_ATTR_OU:
    487 		return "OU";
    488 	}
    489 	return "?";
    490 }
    491 
    492 
    493 /**
    494  * x509_name_string - Convert an X.509 certificate name into a string
    495  * @name: Name to convert
    496  * @buf: Buffer for the string
    497  * @len: Maximum buffer length
    498  */
    499 void x509_name_string(struct x509_name *name, char *buf, size_t len)
    500 {
    501 	char *pos, *end;
    502 	int ret;
    503 	size_t i;
    504 
    505 	if (len == 0)
    506 		return;
    507 
    508 	pos = buf;
    509 	end = buf + len;
    510 
    511 	for (i = 0; i < name->num_attr; i++) {
    512 		ret = os_snprintf(pos, end - pos, "%s=%s, ",
    513 				  x509_name_attr_str(name->attr[i].type),
    514 				  name->attr[i].value);
    515 		if (ret < 0 || ret >= end - pos)
    516 			goto done;
    517 		pos += ret;
    518 	}
    519 
    520 	if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
    521 		pos--;
    522 		*pos = '\0';
    523 		pos--;
    524 		*pos = '\0';
    525 	}
    526 
    527 	if (name->email) {
    528 		ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
    529 				  name->email);
    530 		if (ret < 0 || ret >= end - pos)
    531 			goto done;
    532 		pos += ret;
    533 	}
    534 
    535 done:
    536 	end[-1] = '\0';
    537 }
    538 
    539 
    540 static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag,
    541 			   os_time_t *val)
    542 {
    543 	const char *pos;
    544 	int year, month, day, hour, min, sec;
    545 
    546 	/*
    547 	 * Time ::= CHOICE {
    548 	 *     utcTime        UTCTime,
    549 	 *     generalTime    GeneralizedTime
    550 	 * }
    551 	 *
    552 	 * UTCTime: YYMMDDHHMMSSZ
    553 	 * GeneralizedTime: YYYYMMDDHHMMSSZ
    554 	 */
    555 
    556 	pos = (const char *) buf;
    557 
    558 	switch (asn1_tag) {
    559 	case ASN1_TAG_UTCTIME:
    560 		if (len != 13 || buf[12] != 'Z') {
    561 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
    562 					  "UTCTime format", buf, len);
    563 			return -1;
    564 		}
    565 		if (sscanf(pos, "%02d", &year) != 1) {
    566 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
    567 					  "UTCTime year", buf, len);
    568 			return -1;
    569 		}
    570 		if (year < 50)
    571 			year += 2000;
    572 		else
    573 			year += 1900;
    574 		pos += 2;
    575 		break;
    576 	case ASN1_TAG_GENERALIZEDTIME:
    577 		if (len != 15 || buf[14] != 'Z') {
    578 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
    579 					  "GeneralizedTime format", buf, len);
    580 			return -1;
    581 		}
    582 		if (sscanf(pos, "%04d", &year) != 1) {
    583 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
    584 					  "GeneralizedTime year", buf, len);
    585 			return -1;
    586 		}
    587 		pos += 4;
    588 		break;
    589 	default:
    590 		wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
    591 			   "GeneralizedTime - found tag 0x%x", asn1_tag);
    592 		return -1;
    593 	}
    594 
    595 	if (sscanf(pos, "%02d", &month) != 1) {
    596 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    597 				  "(month)", buf, len);
    598 		return -1;
    599 	}
    600 	pos += 2;
    601 
    602 	if (sscanf(pos, "%02d", &day) != 1) {
    603 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    604 				  "(day)", buf, len);
    605 		return -1;
    606 	}
    607 	pos += 2;
    608 
    609 	if (sscanf(pos, "%02d", &hour) != 1) {
    610 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    611 				  "(hour)", buf, len);
    612 		return -1;
    613 	}
    614 	pos += 2;
    615 
    616 	if (sscanf(pos, "%02d", &min) != 1) {
    617 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    618 				  "(min)", buf, len);
    619 		return -1;
    620 	}
    621 	pos += 2;
    622 
    623 	if (sscanf(pos, "%02d", &sec) != 1) {
    624 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
    625 				  "(sec)", buf, len);
    626 		return -1;
    627 	}
    628 
    629 	if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
    630 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
    631 				  buf, len);
    632 		if (year < 1970) {
    633 			/*
    634 			 * At least some test certificates have been configured
    635 			 * to use dates prior to 1970. Set the date to
    636 			 * beginning of 1970 to handle these case.
    637 			 */
    638 			wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
    639 				   "assume epoch as the time", year);
    640 			*val = 0;
    641 			return 0;
    642 		}
    643 		return -1;
    644 	}
    645 
    646 	return 0;
    647 }
    648 
    649 
    650 static int x509_parse_validity(const u8 *buf, size_t len,
    651 			       struct x509_certificate *cert, const u8 **next)
    652 {
    653 	struct asn1_hdr hdr;
    654 	const u8 *pos;
    655 	size_t plen;
    656 
    657 	/*
    658 	 * Validity ::= SEQUENCE {
    659 	 *     notBefore      Time,
    660 	 *     notAfter       Time
    661 	 * }
    662 	 *
    663 	 * RFC 3280, 4.1.2.5:
    664 	 * CAs conforming to this profile MUST always encode certificate
    665 	 * validity dates through the year 2049 as UTCTime; certificate
    666 	 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
    667 	 */
    668 
    669 	if (asn1_get_next(buf, len, &hdr) < 0 ||
    670 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    671 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    672 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
    673 			   "(Validity) - found class %d tag 0x%x",
    674 			   hdr.class, hdr.tag);
    675 		return -1;
    676 	}
    677 	pos = hdr.payload;
    678 	plen = hdr.length;
    679 
    680 	if (pos + plen > buf + len)
    681 		return -1;
    682 
    683 	*next = pos + plen;
    684 
    685 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
    686 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    687 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
    688 			    &cert->not_before) < 0) {
    689 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
    690 				  "Time", hdr.payload, hdr.length);
    691 		return -1;
    692 	}
    693 
    694 	pos = hdr.payload + hdr.length;
    695 	plen = *next - pos;
    696 
    697 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
    698 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    699 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
    700 			    &cert->not_after) < 0) {
    701 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
    702 				  "Time", hdr.payload, hdr.length);
    703 		return -1;
    704 	}
    705 
    706 	wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
    707 		   (unsigned long) cert->not_before,
    708 		   (unsigned long) cert->not_after);
    709 
    710 	return 0;
    711 }
    712 
    713 
    714 static int x509_id_ce_oid(struct asn1_oid *oid)
    715 {
    716 	/* id-ce arc from X.509 for standard X.509v3 extensions */
    717 	return oid->len >= 4 &&
    718 		oid->oid[0] == 2 /* joint-iso-ccitt */ &&
    719 		oid->oid[1] == 5 /* ds */ &&
    720 		oid->oid[2] == 29 /* id-ce */;
    721 }
    722 
    723 
    724 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
    725 				    const u8 *pos, size_t len)
    726 {
    727 	struct asn1_hdr hdr;
    728 
    729 	/*
    730 	 * KeyUsage ::= BIT STRING {
    731 	 *     digitalSignature        (0),
    732 	 *     nonRepudiation          (1),
    733 	 *     keyEncipherment         (2),
    734 	 *     dataEncipherment        (3),
    735 	 *     keyAgreement            (4),
    736 	 *     keyCertSign             (5),
    737 	 *     cRLSign                 (6),
    738 	 *     encipherOnly            (7),
    739 	 *     decipherOnly            (8) }
    740 	 */
    741 
    742 	if (asn1_get_next(pos, len, &hdr) < 0 ||
    743 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    744 	    hdr.tag != ASN1_TAG_BITSTRING ||
    745 	    hdr.length < 1) {
    746 		wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
    747 			   "KeyUsage; found %d tag 0x%x len %d",
    748 			   hdr.class, hdr.tag, hdr.length);
    749 		return -1;
    750 	}
    751 
    752 	cert->extensions_present |= X509_EXT_KEY_USAGE;
    753 	cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
    754 
    755 	wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
    756 
    757 	return 0;
    758 }
    759 
    760 
    761 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
    762 					    const u8 *pos, size_t len)
    763 {
    764 	struct asn1_hdr hdr;
    765 	unsigned long value;
    766 	size_t left;
    767 
    768 	/*
    769 	 * BasicConstraints ::= SEQUENCE {
    770 	 * cA                      BOOLEAN DEFAULT FALSE,
    771 	 * pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
    772 	 */
    773 
    774 	if (asn1_get_next(pos, len, &hdr) < 0 ||
    775 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
    776 	    hdr.tag != ASN1_TAG_SEQUENCE) {
    777 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
    778 			   "BasicConstraints; found %d tag 0x%x",
    779 			   hdr.class, hdr.tag);
    780 		return -1;
    781 	}
    782 
    783 	cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
    784 
    785 	if (hdr.length == 0)
    786 		return 0;
    787 
    788 	if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
    789 	    hdr.class != ASN1_CLASS_UNIVERSAL) {
    790 		wpa_printf(MSG_DEBUG, "X509: Failed to parse "
    791 			   "BasicConstraints");
    792 		return -1;
    793 	}
    794 
    795 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
    796 		if (hdr.length != 1) {
    797 			wpa_printf(MSG_DEBUG, "X509: Unexpected "
    798 				   "Boolean length (%u) in BasicConstraints",
    799 				   hdr.length);
    800 			return -1;
    801 		}
    802 		cert->ca = hdr.payload[0];
    803 
    804 		if (hdr.payload + hdr.length == pos + len) {
    805 			wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
    806 				   cert->ca);
    807 			return 0;
    808 		}
    809 
    810 		if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
    811 				  &hdr) < 0 ||
    812 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
    813 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
    814 				   "BasicConstraints");
    815 			return -1;
    816 		}
    817 	}
    818 
    819 	if (hdr.tag != ASN1_TAG_INTEGER) {
    820 		wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
    821 			   "BasicConstraints; found class %d tag 0x%x",
    822 			   hdr.class, hdr.tag);
    823 		return -1;
    824 	}
    825 
    826 	pos = hdr.payload;
    827 	left = hdr.length;
    828 	value = 0;
    829 	while (left) {
    830 		value <<= 8;
    831 		value |= *pos++;
    832 		left--;
    833 	}
    834 
    835 	cert->path_len_constraint = value;
    836 	cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
    837 
    838 	wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
    839 		   "pathLenConstraint=%lu",
    840 		   cert->ca, cert->path_len_constraint);
    841 
    842 	return 0;
    843 }
    844 
    845 
    846 static int x509_parse_alt_name_rfc8222(struct x509_name *name,
    847 				       const u8 *pos, size_t len)
    848 {
    849 	/* rfc822Name IA5String */
    850 	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
    851 	os_free(name->alt_email);
    852 	name->alt_email = os_zalloc(len + 1);
    853 	if (name->alt_email == NULL)
    854 		return -1;
    855 	os_memcpy(name->alt_email, pos, len);
    856 	if (os_strlen(name->alt_email) != len) {
    857 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
    858 			   "embedded NUL byte in rfc822Name (%s[NUL])",
    859 			   name->alt_email);
    860 		os_free(name->alt_email);
    861 		name->alt_email = NULL;
    862 		return -1;
    863 	}
    864 	return 0;
    865 }
    866 
    867 
    868 static int x509_parse_alt_name_dns(struct x509_name *name,
    869 				   const u8 *pos, size_t len)
    870 {
    871 	/* dNSName IA5String */
    872 	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
    873 	os_free(name->dns);
    874 	name->dns = os_zalloc(len + 1);
    875 	if (name->dns == NULL)
    876 		return -1;
    877 	os_memcpy(name->dns, pos, len);
    878 	if (os_strlen(name->dns) != len) {
    879 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
    880 			   "embedded NUL byte in dNSName (%s[NUL])",
    881 			   name->dns);
    882 		os_free(name->dns);
    883 		name->dns = NULL;
    884 		return -1;
    885 	}
    886 	return 0;
    887 }
    888 
    889 
    890 static int x509_parse_alt_name_uri(struct x509_name *name,
    891 				   const u8 *pos, size_t len)
    892 {
    893 	/* uniformResourceIdentifier IA5String */
    894 	wpa_hexdump_ascii(MSG_MSGDUMP,
    895 			  "X509: altName - uniformResourceIdentifier",
    896 			  pos, len);
    897 	os_free(name->uri);
    898 	name->uri = os_zalloc(len + 1);
    899 	if (name->uri == NULL)
    900 		return -1;
    901 	os_memcpy(name->uri, pos, len);
    902 	if (os_strlen(name->uri) != len) {
    903 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
    904 			   "embedded NUL byte in uniformResourceIdentifier "
    905 			   "(%s[NUL])", name->uri);
    906 		os_free(name->uri);
    907 		name->uri = NULL;
    908 		return -1;
    909 	}
    910 	return 0;
    911 }
    912 
    913 
    914 static int x509_parse_alt_name_ip(struct x509_name *name,
    915 				       const u8 *pos, size_t len)
    916 {
    917 	/* iPAddress OCTET STRING */
    918 	wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
    919 	os_free(name->ip);
    920 	name->ip = os_malloc(len);
    921 	if (name->ip == NULL)
    922 		return -1;
    923 	os_memcpy(name->ip, pos, len);
    924 	name->ip_len = len;
    925 	return 0;
    926 }
    927 
    928 
    929 static int x509_parse_alt_name_rid(struct x509_name *name,
    930 				   const u8 *pos, size_t len)
    931 {
    932 	char buf[80];
    933 
    934 	/* registeredID OBJECT IDENTIFIER */
    935 	if (asn1_parse_oid(pos, len, &name->rid) < 0)
    936 		return -1;
    937 
    938 	asn1_oid_to_str(&name->rid, buf, sizeof(buf));
    939 	wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
    940 
    941 	return 0;
    942 }
    943 
    944 
    945 static int x509_parse_ext_alt_name(struct x509_name *name,
    946 				   const u8 *pos, size_t len)
    947 {
    948 	struct asn1_hdr hdr;
    949 	const u8 *p, *end;
    950 
    951 	/*
    952 	 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
    953 	 *
    954 	 * GeneralName ::= CHOICE {
    955 	 *     otherName                       [0]     OtherName,
    956 	 *     rfc822Name                      [1]     IA5String,
    957 	 *     dNSName                         [2]     IA5String,
    958 	 *     x400Address                     [3]     ORAddress,
    959 	 *     directoryName                   [4]     Name,
    960 	 *     ediPartyName                    [5]     EDIPartyName,
    961 	 *     uniformResourceIdentifier       [6]     IA5String,
    962 	 *     iPAddress                       [7]     OCTET STRING,
    963 	 *     registeredID                    [8]     OBJECT IDENTIFIER }
    964 	 *
    965 	 * OtherName ::= SEQUENCE {
    966 	 *     type-id    OBJECT IDENTIFIER,
    967 	 *     value      [0] EXPLICIT ANY DEFINED BY type-id }
    968 	 *
    969 	 * EDIPartyName ::= SEQUENCE {
    970 	 *     nameAssigner            [0]     DirectoryString OPTIONAL,
    971 	 *     partyName               [1]     DirectoryString }
    972 	 */
    973 
    974 	for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
    975 		int res;
    976 
    977 		if (asn1_get_next(p, end - p, &hdr) < 0) {
    978 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
    979 				   "SubjectAltName item");
    980 			return -1;
    981 		}
    982 
    983 		if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
    984 			continue;
    985 
    986 		switch (hdr.tag) {
    987 		case 1:
    988 			res = x509_parse_alt_name_rfc8222(name, hdr.payload,
    989 							  hdr.length);
    990 			break;
    991 		case 2:
    992 			res = x509_parse_alt_name_dns(name, hdr.payload,
    993 						      hdr.length);
    994 			break;
    995 		case 6:
    996 			res = x509_parse_alt_name_uri(name, hdr.payload,
    997 						      hdr.length);
    998 			break;
    999 		case 7:
   1000 			res = x509_parse_alt_name_ip(name, hdr.payload,
   1001 						     hdr.length);
   1002 			break;
   1003 		case 8:
   1004 			res = x509_parse_alt_name_rid(name, hdr.payload,
   1005 						      hdr.length);
   1006 			break;
   1007 		case 0: /* TODO: otherName */
   1008 		case 3: /* TODO: x500Address */
   1009 		case 4: /* TODO: directoryName */
   1010 		case 5: /* TODO: ediPartyName */
   1011 		default:
   1012 			res = 0;
   1013 			break;
   1014 		}
   1015 		if (res < 0)
   1016 			return res;
   1017 	}
   1018 
   1019 	return 0;
   1020 }
   1021 
   1022 
   1023 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
   1024 					   const u8 *pos, size_t len)
   1025 {
   1026 	struct asn1_hdr hdr;
   1027 
   1028 	/* SubjectAltName ::= GeneralNames */
   1029 
   1030 	if (asn1_get_next(pos, len, &hdr) < 0 ||
   1031 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1032 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1033 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
   1034 			   "SubjectAltName; found %d tag 0x%x",
   1035 			   hdr.class, hdr.tag);
   1036 		return -1;
   1037 	}
   1038 
   1039 	wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
   1040 	cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
   1041 
   1042 	if (hdr.length == 0)
   1043 		return 0;
   1044 
   1045 	return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
   1046 				       hdr.length);
   1047 }
   1048 
   1049 
   1050 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
   1051 					  const u8 *pos, size_t len)
   1052 {
   1053 	struct asn1_hdr hdr;
   1054 
   1055 	/* IssuerAltName ::= GeneralNames */
   1056 
   1057 	if (asn1_get_next(pos, len, &hdr) < 0 ||
   1058 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1059 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1060 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
   1061 			   "IssuerAltName; found %d tag 0x%x",
   1062 			   hdr.class, hdr.tag);
   1063 		return -1;
   1064 	}
   1065 
   1066 	wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
   1067 	cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
   1068 
   1069 	if (hdr.length == 0)
   1070 		return 0;
   1071 
   1072 	return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
   1073 				       hdr.length);
   1074 }
   1075 
   1076 
   1077 static int x509_parse_extension_data(struct x509_certificate *cert,
   1078 				     struct asn1_oid *oid,
   1079 				     const u8 *pos, size_t len)
   1080 {
   1081 	if (!x509_id_ce_oid(oid))
   1082 		return 1;
   1083 
   1084 	/* TODO: add other extensions required by RFC 3280, Ch 4.2:
   1085 	 * certificate policies (section 4.2.1.5)
   1086 	 * name constraints (section 4.2.1.11)
   1087 	 * policy constraints (section 4.2.1.12)
   1088 	 * extended key usage (section 4.2.1.13)
   1089 	 * inhibit any-policy (section 4.2.1.15)
   1090 	 */
   1091 	switch (oid->oid[3]) {
   1092 	case 15: /* id-ce-keyUsage */
   1093 		return x509_parse_ext_key_usage(cert, pos, len);
   1094 	case 17: /* id-ce-subjectAltName */
   1095 		return x509_parse_ext_subject_alt_name(cert, pos, len);
   1096 	case 18: /* id-ce-issuerAltName */
   1097 		return x509_parse_ext_issuer_alt_name(cert, pos, len);
   1098 	case 19: /* id-ce-basicConstraints */
   1099 		return x509_parse_ext_basic_constraints(cert, pos, len);
   1100 	default:
   1101 		return 1;
   1102 	}
   1103 }
   1104 
   1105 
   1106 static int x509_parse_extension(struct x509_certificate *cert,
   1107 				const u8 *pos, size_t len, const u8 **next)
   1108 {
   1109 	const u8 *end;
   1110 	struct asn1_hdr hdr;
   1111 	struct asn1_oid oid;
   1112 	int critical_ext = 0, res;
   1113 	char buf[80];
   1114 
   1115 	/*
   1116 	 * Extension  ::=  SEQUENCE  {
   1117 	 *     extnID      OBJECT IDENTIFIER,
   1118 	 *     critical    BOOLEAN DEFAULT FALSE,
   1119 	 *     extnValue   OCTET STRING
   1120 	 * }
   1121 	 */
   1122 
   1123 	if (asn1_get_next(pos, len, &hdr) < 0 ||
   1124 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1125 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1126 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
   1127 			   "Extensions: class %d tag 0x%x; expected SEQUENCE",
   1128 			   hdr.class, hdr.tag);
   1129 		return -1;
   1130 	}
   1131 	pos = hdr.payload;
   1132 	*next = end = pos + hdr.length;
   1133 
   1134 	if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
   1135 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
   1136 			   "Extension (expected OID)");
   1137 		return -1;
   1138 	}
   1139 
   1140 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1141 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1142 	    (hdr.tag != ASN1_TAG_BOOLEAN &&
   1143 	     hdr.tag != ASN1_TAG_OCTETSTRING)) {
   1144 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
   1145 			   "Extensions: class %d tag 0x%x; expected BOOLEAN "
   1146 			   "or OCTET STRING", hdr.class, hdr.tag);
   1147 		return -1;
   1148 	}
   1149 
   1150 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
   1151 		if (hdr.length != 1) {
   1152 			wpa_printf(MSG_DEBUG, "X509: Unexpected "
   1153 				   "Boolean length (%u)", hdr.length);
   1154 			return -1;
   1155 		}
   1156 		critical_ext = hdr.payload[0];
   1157 		pos = hdr.payload;
   1158 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1159 		    (hdr.class != ASN1_CLASS_UNIVERSAL &&
   1160 		     hdr.class != ASN1_CLASS_PRIVATE) ||
   1161 		    hdr.tag != ASN1_TAG_OCTETSTRING) {
   1162 			wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
   1163 				   "in Extensions: class %d tag 0x%x; "
   1164 				   "expected OCTET STRING",
   1165 				   hdr.class, hdr.tag);
   1166 			return -1;
   1167 		}
   1168 	}
   1169 
   1170 	asn1_oid_to_str(&oid, buf, sizeof(buf));
   1171 	wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
   1172 		   buf, critical_ext);
   1173 	wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
   1174 
   1175 	res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
   1176 	if (res < 0)
   1177 		return res;
   1178 	if (res == 1 && critical_ext) {
   1179 		wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
   1180 			   buf);
   1181 		return -1;
   1182 	}
   1183 
   1184 	return 0;
   1185 }
   1186 
   1187 
   1188 static int x509_parse_extensions(struct x509_certificate *cert,
   1189 				 const u8 *pos, size_t len)
   1190 {
   1191 	const u8 *end;
   1192 	struct asn1_hdr hdr;
   1193 
   1194 	/* Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension */
   1195 
   1196 	if (asn1_get_next(pos, len, &hdr) < 0 ||
   1197 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1198 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1199 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
   1200 			   "for Extensions: class %d tag 0x%x; "
   1201 			   "expected SEQUENCE", hdr.class, hdr.tag);
   1202 		return -1;
   1203 	}
   1204 
   1205 	pos = hdr.payload;
   1206 	end = pos + hdr.length;
   1207 
   1208 	while (pos < end) {
   1209 		if (x509_parse_extension(cert, pos, end - pos, &pos)
   1210 		    < 0)
   1211 			return -1;
   1212 	}
   1213 
   1214 	return 0;
   1215 }
   1216 
   1217 
   1218 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
   1219 				      struct x509_certificate *cert,
   1220 				      const u8 **next)
   1221 {
   1222 	struct asn1_hdr hdr;
   1223 	const u8 *pos, *end;
   1224 	size_t left;
   1225 	char sbuf[128];
   1226 	unsigned long value;
   1227 
   1228 	/* tbsCertificate TBSCertificate ::= SEQUENCE */
   1229 	if (asn1_get_next(buf, len, &hdr) < 0 ||
   1230 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1231 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1232 		wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
   1233 			   "with a valid SEQUENCE - found class %d tag 0x%x",
   1234 			   hdr.class, hdr.tag);
   1235 		return -1;
   1236 	}
   1237 	pos = hdr.payload;
   1238 	end = *next = pos + hdr.length;
   1239 
   1240 	/*
   1241 	 * version [0]  EXPLICIT Version DEFAULT v1
   1242 	 * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
   1243 	 */
   1244 	if (asn1_get_next(pos, end - pos, &hdr) < 0)
   1245 		return -1;
   1246 	pos = hdr.payload;
   1247 
   1248 	if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
   1249 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
   1250 			return -1;
   1251 
   1252 		if (hdr.class != ASN1_CLASS_UNIVERSAL ||
   1253 		    hdr.tag != ASN1_TAG_INTEGER) {
   1254 			wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
   1255 				   "version field - found class %d tag 0x%x",
   1256 				   hdr.class, hdr.tag);
   1257 			return -1;
   1258 		}
   1259 		if (hdr.length != 1) {
   1260 			wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
   1261 				   "length %u (expected 1)", hdr.length);
   1262 			return -1;
   1263 		}
   1264 		pos = hdr.payload;
   1265 		left = hdr.length;
   1266 		value = 0;
   1267 		while (left) {
   1268 			value <<= 8;
   1269 			value |= *pos++;
   1270 			left--;
   1271 		}
   1272 
   1273 		cert->version = value;
   1274 		if (cert->version != X509_CERT_V1 &&
   1275 		    cert->version != X509_CERT_V2 &&
   1276 		    cert->version != X509_CERT_V3) {
   1277 			wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
   1278 				   cert->version + 1);
   1279 			return -1;
   1280 		}
   1281 
   1282 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
   1283 			return -1;
   1284 	} else
   1285 		cert->version = X509_CERT_V1;
   1286 	wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
   1287 
   1288 	/* serialNumber CertificateSerialNumber ::= INTEGER */
   1289 	if (hdr.class != ASN1_CLASS_UNIVERSAL ||
   1290 	    hdr.tag != ASN1_TAG_INTEGER) {
   1291 		wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
   1292 			   "serialNumber; class=%d tag=0x%x",
   1293 			   hdr.class, hdr.tag);
   1294 		return -1;
   1295 	}
   1296 
   1297 	pos = hdr.payload;
   1298 	left = hdr.length;
   1299 	while (left) {
   1300 		cert->serial_number <<= 8;
   1301 		cert->serial_number |= *pos++;
   1302 		left--;
   1303 	}
   1304 	wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
   1305 
   1306 	/* signature AlgorithmIdentifier */
   1307 	if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
   1308 					    &pos))
   1309 		return -1;
   1310 
   1311 	/* issuer Name */
   1312 	if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
   1313 		return -1;
   1314 	x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
   1315 	wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
   1316 
   1317 	/* validity Validity */
   1318 	if (x509_parse_validity(pos, end - pos, cert, &pos))
   1319 		return -1;
   1320 
   1321 	/* subject Name */
   1322 	if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
   1323 		return -1;
   1324 	x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
   1325 	wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
   1326 
   1327 	/* subjectPublicKeyInfo SubjectPublicKeyInfo */
   1328 	if (x509_parse_public_key(pos, end - pos, cert, &pos))
   1329 		return -1;
   1330 
   1331 	if (pos == end)
   1332 		return 0;
   1333 
   1334 	if (cert->version == X509_CERT_V1)
   1335 		return 0;
   1336 
   1337 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1338 	    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
   1339 		wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
   1340 			   " tag to parse optional tbsCertificate "
   1341 			   "field(s); parsed class %d tag 0x%x",
   1342 			   hdr.class, hdr.tag);
   1343 		return -1;
   1344 	}
   1345 
   1346 	if (hdr.tag == 1) {
   1347 		/* issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL */
   1348 		wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
   1349 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
   1350 
   1351 		pos = hdr.payload + hdr.length;
   1352 		if (pos == end)
   1353 			return 0;
   1354 
   1355 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1356 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
   1357 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
   1358 				   " tag to parse optional tbsCertificate "
   1359 				   "field(s); parsed class %d tag 0x%x",
   1360 				   hdr.class, hdr.tag);
   1361 			return -1;
   1362 		}
   1363 	}
   1364 
   1365 	if (hdr.tag == 2) {
   1366 		/* subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL */
   1367 		wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
   1368 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
   1369 
   1370 		pos = hdr.payload + hdr.length;
   1371 		if (pos == end)
   1372 			return 0;
   1373 
   1374 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1375 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
   1376 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
   1377 				   " tag to parse optional tbsCertificate "
   1378 				   "field(s); parsed class %d tag 0x%x",
   1379 				   hdr.class, hdr.tag);
   1380 			return -1;
   1381 		}
   1382 	}
   1383 
   1384 	if (hdr.tag != 3) {
   1385 		wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
   1386 			   "Context-Specific tag %d in optional "
   1387 			   "tbsCertificate fields", hdr.tag);
   1388 		return 0;
   1389 	}
   1390 
   1391 	/* extensions      [3]  EXPLICIT Extensions OPTIONAL */
   1392 
   1393 	if (cert->version != X509_CERT_V3) {
   1394 		wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
   1395 			   "Extensions data which are only allowed for "
   1396 			   "version 3", cert->version + 1);
   1397 		return -1;
   1398 	}
   1399 
   1400 	if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
   1401 		return -1;
   1402 
   1403 	pos = hdr.payload + hdr.length;
   1404 	if (pos < end) {
   1405 		wpa_hexdump(MSG_DEBUG,
   1406 			    "X509: Ignored extra tbsCertificate data",
   1407 			    pos, end - pos);
   1408 	}
   1409 
   1410 	return 0;
   1411 }
   1412 
   1413 
   1414 static int x509_rsadsi_oid(struct asn1_oid *oid)
   1415 {
   1416 	return oid->len >= 4 &&
   1417 		oid->oid[0] == 1 /* iso */ &&
   1418 		oid->oid[1] == 2 /* member-body */ &&
   1419 		oid->oid[2] == 840 /* us */ &&
   1420 		oid->oid[3] == 113549 /* rsadsi */;
   1421 }
   1422 
   1423 
   1424 static int x509_pkcs_oid(struct asn1_oid *oid)
   1425 {
   1426 	return oid->len >= 5 &&
   1427 		x509_rsadsi_oid(oid) &&
   1428 		oid->oid[4] == 1 /* pkcs */;
   1429 }
   1430 
   1431 
   1432 static int x509_digest_oid(struct asn1_oid *oid)
   1433 {
   1434 	return oid->len >= 5 &&
   1435 		x509_rsadsi_oid(oid) &&
   1436 		oid->oid[4] == 2 /* digestAlgorithm */;
   1437 }
   1438 
   1439 
   1440 static int x509_sha1_oid(struct asn1_oid *oid)
   1441 {
   1442 	return oid->len == 6 &&
   1443 		oid->oid[0] == 1 /* iso */ &&
   1444 		oid->oid[1] == 3 /* identified-organization */ &&
   1445 		oid->oid[2] == 14 /* oiw */ &&
   1446 		oid->oid[3] == 3 /* secsig */ &&
   1447 		oid->oid[4] == 2 /* algorithms */ &&
   1448 		oid->oid[5] == 26 /* id-sha1 */;
   1449 }
   1450 
   1451 
   1452 static int x509_sha256_oid(struct asn1_oid *oid)
   1453 {
   1454 	return oid->len == 9 &&
   1455 		oid->oid[0] == 2 /* joint-iso-itu-t */ &&
   1456 		oid->oid[1] == 16 /* country */ &&
   1457 		oid->oid[2] == 840 /* us */ &&
   1458 		oid->oid[3] == 1 /* organization */ &&
   1459 		oid->oid[4] == 101 /* gov */ &&
   1460 		oid->oid[5] == 3 /* csor */ &&
   1461 		oid->oid[6] == 4 /* nistAlgorithm */ &&
   1462 		oid->oid[7] == 2 /* hashAlgs */ &&
   1463 		oid->oid[8] == 1 /* sha256 */;
   1464 }
   1465 
   1466 
   1467 /**
   1468  * x509_certificate_parse - Parse a X.509 certificate in DER format
   1469  * @buf: Pointer to the X.509 certificate in DER format
   1470  * @len: Buffer length
   1471  * Returns: Pointer to the parsed certificate or %NULL on failure
   1472  *
   1473  * Caller is responsible for freeing the returned certificate by calling
   1474  * x509_certificate_free().
   1475  */
   1476 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
   1477 {
   1478 	struct asn1_hdr hdr;
   1479 	const u8 *pos, *end, *hash_start;
   1480 	struct x509_certificate *cert;
   1481 
   1482 	cert = os_zalloc(sizeof(*cert) + len);
   1483 	if (cert == NULL)
   1484 		return NULL;
   1485 	os_memcpy(cert + 1, buf, len);
   1486 	cert->cert_start = (u8 *) (cert + 1);
   1487 	cert->cert_len = len;
   1488 
   1489 	pos = buf;
   1490 	end = buf + len;
   1491 
   1492 	/* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
   1493 
   1494 	/* Certificate ::= SEQUENCE */
   1495 	if (asn1_get_next(pos, len, &hdr) < 0 ||
   1496 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1497 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1498 		wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
   1499 			   "a valid SEQUENCE - found class %d tag 0x%x",
   1500 			   hdr.class, hdr.tag);
   1501 		x509_certificate_free(cert);
   1502 		return NULL;
   1503 	}
   1504 	pos = hdr.payload;
   1505 
   1506 	if (pos + hdr.length > end) {
   1507 		x509_certificate_free(cert);
   1508 		return NULL;
   1509 	}
   1510 
   1511 	if (pos + hdr.length < end) {
   1512 		wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
   1513 			    "encoded certificate",
   1514 			    pos + hdr.length, end - pos + hdr.length);
   1515 		end = pos + hdr.length;
   1516 	}
   1517 
   1518 	hash_start = pos;
   1519 	cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
   1520 	if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
   1521 		x509_certificate_free(cert);
   1522 		return NULL;
   1523 	}
   1524 	cert->tbs_cert_len = pos - hash_start;
   1525 
   1526 	/* signatureAlgorithm AlgorithmIdentifier */
   1527 	if (x509_parse_algorithm_identifier(pos, end - pos,
   1528 					    &cert->signature_alg, &pos)) {
   1529 		x509_certificate_free(cert);
   1530 		return NULL;
   1531 	}
   1532 
   1533 	/* signatureValue BIT STRING */
   1534 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1535 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1536 	    hdr.tag != ASN1_TAG_BITSTRING) {
   1537 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
   1538 			   "(signatureValue) - found class %d tag 0x%x",
   1539 			   hdr.class, hdr.tag);
   1540 		x509_certificate_free(cert);
   1541 		return NULL;
   1542 	}
   1543 	if (hdr.length < 1) {
   1544 		x509_certificate_free(cert);
   1545 		return NULL;
   1546 	}
   1547 	pos = hdr.payload;
   1548 	if (*pos) {
   1549 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
   1550 			   *pos);
   1551 		/* PKCS #1 v1.5 10.2.1:
   1552 		 * It is an error if the length in bits of the signature S is
   1553 		 * not a multiple of eight.
   1554 		 */
   1555 		x509_certificate_free(cert);
   1556 		return NULL;
   1557 	}
   1558 	os_free(cert->sign_value);
   1559 	cert->sign_value = os_malloc(hdr.length - 1);
   1560 	if (cert->sign_value == NULL) {
   1561 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
   1562 			   "signatureValue");
   1563 		x509_certificate_free(cert);
   1564 		return NULL;
   1565 	}
   1566 	os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
   1567 	cert->sign_value_len = hdr.length - 1;
   1568 	wpa_hexdump(MSG_MSGDUMP, "X509: signature",
   1569 		    cert->sign_value, cert->sign_value_len);
   1570 
   1571 	return cert;
   1572 }
   1573 
   1574 
   1575 /**
   1576  * x509_certificate_check_signature - Verify certificate signature
   1577  * @issuer: Issuer certificate
   1578  * @cert: Certificate to be verified
   1579  * Returns: 0 if cert has a valid signature that was signed by the issuer,
   1580  * -1 if not
   1581  */
   1582 int x509_certificate_check_signature(struct x509_certificate *issuer,
   1583 				     struct x509_certificate *cert)
   1584 {
   1585 	struct crypto_public_key *pk;
   1586 	u8 *data;
   1587 	const u8 *pos, *end, *next, *da_end;
   1588 	size_t data_len;
   1589 	struct asn1_hdr hdr;
   1590 	struct asn1_oid oid;
   1591 	u8 hash[32];
   1592 	size_t hash_len;
   1593 
   1594 	if (!x509_pkcs_oid(&cert->signature.oid) ||
   1595 	    cert->signature.oid.len != 7 ||
   1596 	    cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
   1597 		wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
   1598 			   "algorithm");
   1599 		return -1;
   1600 	}
   1601 
   1602 	pk = crypto_public_key_import(issuer->public_key,
   1603 				      issuer->public_key_len);
   1604 	if (pk == NULL)
   1605 		return -1;
   1606 
   1607 	data_len = cert->sign_value_len;
   1608 	data = os_malloc(data_len);
   1609 	if (data == NULL) {
   1610 		crypto_public_key_free(pk);
   1611 		return -1;
   1612 	}
   1613 
   1614 	if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
   1615 					    cert->sign_value_len, data,
   1616 					    &data_len) < 0) {
   1617 		wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
   1618 		crypto_public_key_free(pk);
   1619 		os_free(data);
   1620 		return -1;
   1621 	}
   1622 	crypto_public_key_free(pk);
   1623 
   1624 	wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
   1625 
   1626 	/*
   1627 	 * PKCS #1 v1.5, 10.1.2:
   1628 	 *
   1629 	 * DigestInfo ::= SEQUENCE {
   1630 	 *     digestAlgorithm DigestAlgorithmIdentifier,
   1631 	 *     digest Digest
   1632 	 * }
   1633 	 *
   1634 	 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
   1635 	 *
   1636 	 * Digest ::= OCTET STRING
   1637 	 *
   1638 	 */
   1639 	if (asn1_get_next(data, data_len, &hdr) < 0 ||
   1640 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1641 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1642 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
   1643 			   "(DigestInfo) - found class %d tag 0x%x",
   1644 			   hdr.class, hdr.tag);
   1645 		os_free(data);
   1646 		return -1;
   1647 	}
   1648 
   1649 	pos = hdr.payload;
   1650 	end = pos + hdr.length;
   1651 
   1652 	/*
   1653 	 * X.509:
   1654 	 * AlgorithmIdentifier ::= SEQUENCE {
   1655 	 *     algorithm            OBJECT IDENTIFIER,
   1656 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
   1657 	 * }
   1658 	 */
   1659 
   1660 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1661 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1662 	    hdr.tag != ASN1_TAG_SEQUENCE) {
   1663 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
   1664 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
   1665 			   hdr.class, hdr.tag);
   1666 		os_free(data);
   1667 		return -1;
   1668 	}
   1669 	da_end = hdr.payload + hdr.length;
   1670 
   1671 	if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
   1672 		wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
   1673 		os_free(data);
   1674 		return -1;
   1675 	}
   1676 
   1677 	if (x509_sha1_oid(&oid)) {
   1678 		if (cert->signature.oid.oid[6] !=
   1679 		    5 /* sha-1WithRSAEncryption */) {
   1680 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
   1681 				   "does not match with certificate "
   1682 				   "signatureAlgorithm (%lu)",
   1683 				   cert->signature.oid.oid[6]);
   1684 			os_free(data);
   1685 			return -1;
   1686 		}
   1687 		goto skip_digest_oid;
   1688 	}
   1689 
   1690 	if (x509_sha256_oid(&oid)) {
   1691 		if (cert->signature.oid.oid[6] !=
   1692 		    11 /* sha2561WithRSAEncryption */) {
   1693 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
   1694 				   "does not match with certificate "
   1695 				   "signatureAlgorithm (%lu)",
   1696 				   cert->signature.oid.oid[6]);
   1697 			os_free(data);
   1698 			return -1;
   1699 		}
   1700 		goto skip_digest_oid;
   1701 	}
   1702 
   1703 	if (!x509_digest_oid(&oid)) {
   1704 		wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
   1705 		os_free(data);
   1706 		return -1;
   1707 	}
   1708 	switch (oid.oid[5]) {
   1709 	case 5: /* md5 */
   1710 		if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
   1711 		{
   1712 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
   1713 				   "not match with certificate "
   1714 				   "signatureAlgorithm (%lu)",
   1715 				   cert->signature.oid.oid[6]);
   1716 			os_free(data);
   1717 			return -1;
   1718 		}
   1719 		break;
   1720 	case 2: /* md2 */
   1721 	case 4: /* md4 */
   1722 	default:
   1723 		wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
   1724 			   "(%lu)", oid.oid[5]);
   1725 		os_free(data);
   1726 		return -1;
   1727 	}
   1728 
   1729 skip_digest_oid:
   1730 	/* Digest ::= OCTET STRING */
   1731 	pos = da_end;
   1732 	end = data + data_len;
   1733 
   1734 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
   1735 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
   1736 	    hdr.tag != ASN1_TAG_OCTETSTRING) {
   1737 		wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
   1738 			   "(Digest) - found class %d tag 0x%x",
   1739 			   hdr.class, hdr.tag);
   1740 		os_free(data);
   1741 		return -1;
   1742 	}
   1743 	wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
   1744 		    hdr.payload, hdr.length);
   1745 
   1746 	switch (cert->signature.oid.oid[6]) {
   1747 	case 4: /* md5WithRSAEncryption */
   1748 		md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
   1749 			   hash);
   1750 		hash_len = 16;
   1751 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
   1752 			    hash, hash_len);
   1753 		break;
   1754 	case 5: /* sha-1WithRSAEncryption */
   1755 		sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
   1756 			    hash);
   1757 		hash_len = 20;
   1758 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
   1759 			    hash, hash_len);
   1760 		break;
   1761 	case 11: /* sha256WithRSAEncryption */
   1762 		sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
   1763 			      hash);
   1764 		hash_len = 32;
   1765 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
   1766 			    hash, hash_len);
   1767 		break;
   1768 	case 2: /* md2WithRSAEncryption */
   1769 	case 12: /* sha384WithRSAEncryption */
   1770 	case 13: /* sha512WithRSAEncryption */
   1771 	default:
   1772 		wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
   1773 			   "algorithm (%lu)", cert->signature.oid.oid[6]);
   1774 		os_free(data);
   1775 		return -1;
   1776 	}
   1777 
   1778 	if (hdr.length != hash_len ||
   1779 	    os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
   1780 		wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
   1781 			   "with calculated tbsCertificate hash");
   1782 		os_free(data);
   1783 		return -1;
   1784 	}
   1785 
   1786 	if (hdr.payload + hdr.length < data + data_len) {
   1787 		wpa_hexdump(MSG_INFO,
   1788 			    "X509: Extra data after certificate signature hash",
   1789 			    hdr.payload + hdr.length,
   1790 			    data + data_len - hdr.payload - hdr.length);
   1791 		os_free(data);
   1792 		return -1;
   1793 	}
   1794 
   1795 	os_free(data);
   1796 
   1797 	wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
   1798 		   "calculated tbsCertificate hash");
   1799 
   1800 	return 0;
   1801 }
   1802 
   1803 
   1804 static int x509_valid_issuer(const struct x509_certificate *cert)
   1805 {
   1806 	if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
   1807 	    !cert->ca) {
   1808 		wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
   1809 			   "issuer");
   1810 		return -1;
   1811 	}
   1812 
   1813 	if (cert->version == X509_CERT_V3 &&
   1814 	    !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
   1815 		wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
   1816 			   "include BasicConstraints extension");
   1817 		return -1;
   1818 	}
   1819 
   1820 	if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
   1821 	    !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
   1822 		wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
   1823 			   "keyCertSign bit in Key Usage");
   1824 		return -1;
   1825 	}
   1826 
   1827 	return 0;
   1828 }
   1829 
   1830 
   1831 /**
   1832  * x509_certificate_chain_validate - Validate X.509 certificate chain
   1833  * @trusted: List of trusted certificates
   1834  * @chain: Certificate chain to be validated (first chain must be issued by
   1835  * signed by the second certificate in the chain and so on)
   1836  * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
   1837  * Returns: 0 if chain is valid, -1 if not
   1838  */
   1839 int x509_certificate_chain_validate(struct x509_certificate *trusted,
   1840 				    struct x509_certificate *chain,
   1841 				    int *reason, int disable_time_checks)
   1842 {
   1843 	long unsigned idx;
   1844 	int chain_trusted = 0;
   1845 	struct x509_certificate *cert, *trust;
   1846 	char buf[128];
   1847 	struct os_time now;
   1848 
   1849 	*reason = X509_VALIDATE_OK;
   1850 
   1851 	wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
   1852 	os_get_time(&now);
   1853 
   1854 	for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
   1855 		x509_name_string(&cert->subject, buf, sizeof(buf));
   1856 		wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
   1857 
   1858 		if (chain_trusted)
   1859 			continue;
   1860 
   1861 		if (!disable_time_checks &&
   1862 		    ((unsigned long) now.sec <
   1863 		     (unsigned long) cert->not_before ||
   1864 		     (unsigned long) now.sec >
   1865 		     (unsigned long) cert->not_after)) {
   1866 			wpa_printf(MSG_INFO, "X509: Certificate not valid "
   1867 				   "(now=%lu not_before=%lu not_after=%lu)",
   1868 				   now.sec, cert->not_before, cert->not_after);
   1869 			*reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
   1870 			return -1;
   1871 		}
   1872 
   1873 		if (cert->next) {
   1874 			if (x509_name_compare(&cert->issuer,
   1875 					      &cert->next->subject) != 0) {
   1876 				wpa_printf(MSG_DEBUG, "X509: Certificate "
   1877 					   "chain issuer name mismatch");
   1878 				x509_name_string(&cert->issuer, buf,
   1879 						 sizeof(buf));
   1880 				wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
   1881 					   buf);
   1882 				x509_name_string(&cert->next->subject, buf,
   1883 						 sizeof(buf));
   1884 				wpa_printf(MSG_DEBUG, "X509: next cert "
   1885 					   "subject: %s", buf);
   1886 				*reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
   1887 				return -1;
   1888 			}
   1889 
   1890 			if (x509_valid_issuer(cert->next) < 0) {
   1891 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1892 				return -1;
   1893 			}
   1894 
   1895 			if ((cert->next->extensions_present &
   1896 			     X509_EXT_PATH_LEN_CONSTRAINT) &&
   1897 			    idx > cert->next->path_len_constraint) {
   1898 				wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
   1899 					   " not met (idx=%lu issuer "
   1900 					   "pathLenConstraint=%lu)", idx,
   1901 					   cert->next->path_len_constraint);
   1902 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1903 				return -1;
   1904 			}
   1905 
   1906 			if (x509_certificate_check_signature(cert->next, cert)
   1907 			    < 0) {
   1908 				wpa_printf(MSG_DEBUG, "X509: Invalid "
   1909 					   "certificate signature within "
   1910 					   "chain");
   1911 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1912 				return -1;
   1913 			}
   1914 		}
   1915 
   1916 		for (trust = trusted; trust; trust = trust->next) {
   1917 			if (x509_name_compare(&cert->issuer, &trust->subject)
   1918 			    == 0)
   1919 				break;
   1920 		}
   1921 
   1922 		if (trust) {
   1923 			wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
   1924 				   "list of trusted certificates");
   1925 			if (x509_valid_issuer(trust) < 0) {
   1926 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1927 				return -1;
   1928 			}
   1929 
   1930 			if (x509_certificate_check_signature(trust, cert) < 0)
   1931 			{
   1932 				wpa_printf(MSG_DEBUG, "X509: Invalid "
   1933 					   "certificate signature");
   1934 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
   1935 				return -1;
   1936 			}
   1937 
   1938 			wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
   1939 				   "found to complete the chain");
   1940 			chain_trusted = 1;
   1941 		}
   1942 	}
   1943 
   1944 	if (!chain_trusted) {
   1945 		wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
   1946 			   "from the list of trusted certificates");
   1947 		if (trusted) {
   1948 			*reason = X509_VALIDATE_UNKNOWN_CA;
   1949 			return -1;
   1950 		}
   1951 		wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
   1952 			   "disabled - ignore unknown CA issue");
   1953 	}
   1954 
   1955 	wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
   1956 
   1957 	return 0;
   1958 }
   1959 
   1960 
   1961 /**
   1962  * x509_certificate_get_subject - Get a certificate based on Subject name
   1963  * @chain: Certificate chain to search through
   1964  * @name: Subject name to search for
   1965  * Returns: Pointer to the certificate with the given Subject name or
   1966  * %NULL on failure
   1967  */
   1968 struct x509_certificate *
   1969 x509_certificate_get_subject(struct x509_certificate *chain,
   1970 			     struct x509_name *name)
   1971 {
   1972 	struct x509_certificate *cert;
   1973 
   1974 	for (cert = chain; cert; cert = cert->next) {
   1975 		if (x509_name_compare(&cert->subject, name) == 0)
   1976 			return cert;
   1977 	}
   1978 	return NULL;
   1979 }
   1980 
   1981 
   1982 /**
   1983  * x509_certificate_self_signed - Is the certificate self-signed?
   1984  * @cert: Certificate
   1985  * Returns: 1 if certificate is self-signed, 0 if not
   1986  */
   1987 int x509_certificate_self_signed(struct x509_certificate *cert)
   1988 {
   1989 	return x509_name_compare(&cert->issuer, &cert->subject) == 0;
   1990 }
   1991