1 /* 2 * X.509v3 certificate parsing and processing (RFC 3280 profile) 3 * Copyright (c) 2006-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/crypto.h" 13 #include "asn1.h" 14 #include "x509v3.h" 15 16 17 void x509_free_name(struct x509_name *name) 18 { 19 size_t i; 20 21 for (i = 0; i < name->num_attr; i++) { 22 os_free(name->attr[i].value); 23 name->attr[i].value = NULL; 24 name->attr[i].type = X509_NAME_ATTR_NOT_USED; 25 } 26 name->num_attr = 0; 27 os_free(name->email); 28 name->email = NULL; 29 30 os_free(name->alt_email); 31 os_free(name->dns); 32 os_free(name->uri); 33 os_free(name->ip); 34 name->alt_email = name->dns = name->uri = NULL; 35 name->ip = NULL; 36 name->ip_len = 0; 37 os_memset(&name->rid, 0, sizeof(name->rid)); 38 } 39 40 41 /** 42 * x509_certificate_free - Free an X.509 certificate 43 * @cert: Certificate to be freed 44 */ 45 void x509_certificate_free(struct x509_certificate *cert) 46 { 47 if (cert == NULL) 48 return; 49 if (cert->next) { 50 wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p " 51 "was still on a list (next=%p)\n", 52 cert, cert->next); 53 } 54 x509_free_name(&cert->issuer); 55 x509_free_name(&cert->subject); 56 os_free(cert->public_key); 57 os_free(cert->sign_value); 58 os_free(cert->subject_dn); 59 os_free(cert); 60 } 61 62 63 /** 64 * x509_certificate_free - Free an X.509 certificate chain 65 * @cert: Pointer to the first certificate in the chain 66 */ 67 void x509_certificate_chain_free(struct x509_certificate *cert) 68 { 69 struct x509_certificate *next; 70 71 while (cert) { 72 next = cert->next; 73 cert->next = NULL; 74 x509_certificate_free(cert); 75 cert = next; 76 } 77 } 78 79 80 static int x509_whitespace(char c) 81 { 82 return c == ' ' || c == '\t'; 83 } 84 85 86 static void x509_str_strip_whitespace(char *a) 87 { 88 char *ipos, *opos; 89 int remove_whitespace = 1; 90 91 ipos = opos = a; 92 93 while (*ipos) { 94 if (remove_whitespace && x509_whitespace(*ipos)) 95 ipos++; 96 else { 97 remove_whitespace = x509_whitespace(*ipos); 98 *opos++ = *ipos++; 99 } 100 } 101 102 *opos-- = '\0'; 103 if (opos > a && x509_whitespace(*opos)) 104 *opos = '\0'; 105 } 106 107 108 static int x509_str_compare(const char *a, const char *b) 109 { 110 char *aa, *bb; 111 int ret; 112 113 if (!a && b) 114 return -1; 115 if (a && !b) 116 return 1; 117 if (!a && !b) 118 return 0; 119 120 aa = os_strdup(a); 121 bb = os_strdup(b); 122 123 if (aa == NULL || bb == NULL) { 124 os_free(aa); 125 os_free(bb); 126 return os_strcasecmp(a, b); 127 } 128 129 x509_str_strip_whitespace(aa); 130 x509_str_strip_whitespace(bb); 131 132 ret = os_strcasecmp(aa, bb); 133 134 os_free(aa); 135 os_free(bb); 136 137 return ret; 138 } 139 140 141 /** 142 * x509_name_compare - Compare X.509 certificate names 143 * @a: Certificate name 144 * @b: Certificate name 145 * Returns: <0, 0, or >0 based on whether a is less than, equal to, or 146 * greater than b 147 */ 148 int x509_name_compare(struct x509_name *a, struct x509_name *b) 149 { 150 int res; 151 size_t i; 152 153 if (!a && b) 154 return -1; 155 if (a && !b) 156 return 1; 157 if (!a && !b) 158 return 0; 159 if (a->num_attr < b->num_attr) 160 return -1; 161 if (a->num_attr > b->num_attr) 162 return 1; 163 164 for (i = 0; i < a->num_attr; i++) { 165 if (a->attr[i].type < b->attr[i].type) 166 return -1; 167 if (a->attr[i].type > b->attr[i].type) 168 return -1; 169 res = x509_str_compare(a->attr[i].value, b->attr[i].value); 170 if (res) 171 return res; 172 } 173 res = x509_str_compare(a->email, b->email); 174 if (res) 175 return res; 176 177 return 0; 178 } 179 180 181 int x509_parse_algorithm_identifier(const u8 *buf, size_t len, 182 struct x509_algorithm_identifier *id, 183 const u8 **next) 184 { 185 struct asn1_hdr hdr; 186 const u8 *pos, *end; 187 188 /* 189 * AlgorithmIdentifier ::= SEQUENCE { 190 * algorithm OBJECT IDENTIFIER, 191 * parameters ANY DEFINED BY algorithm OPTIONAL 192 * } 193 */ 194 195 if (asn1_get_next(buf, len, &hdr) < 0 || 196 hdr.class != ASN1_CLASS_UNIVERSAL || 197 hdr.tag != ASN1_TAG_SEQUENCE) { 198 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 199 "(AlgorithmIdentifier) - found class %d tag 0x%x", 200 hdr.class, hdr.tag); 201 return -1; 202 } 203 if (hdr.length > buf + len - hdr.payload) 204 return -1; 205 pos = hdr.payload; 206 end = pos + hdr.length; 207 208 *next = end; 209 210 if (asn1_get_oid(pos, end - pos, &id->oid, &pos)) 211 return -1; 212 213 /* TODO: optional parameters */ 214 215 return 0; 216 } 217 218 219 static int x509_parse_public_key(const u8 *buf, size_t len, 220 struct x509_certificate *cert, 221 const u8 **next) 222 { 223 struct asn1_hdr hdr; 224 const u8 *pos, *end; 225 226 /* 227 * SubjectPublicKeyInfo ::= SEQUENCE { 228 * algorithm AlgorithmIdentifier, 229 * subjectPublicKey BIT STRING 230 * } 231 */ 232 233 pos = buf; 234 end = buf + len; 235 236 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 237 hdr.class != ASN1_CLASS_UNIVERSAL || 238 hdr.tag != ASN1_TAG_SEQUENCE) { 239 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 240 "(SubjectPublicKeyInfo) - found class %d tag 0x%x", 241 hdr.class, hdr.tag); 242 return -1; 243 } 244 pos = hdr.payload; 245 246 if (hdr.length > end - pos) 247 return -1; 248 end = pos + hdr.length; 249 *next = end; 250 251 if (x509_parse_algorithm_identifier(pos, end - pos, 252 &cert->public_key_alg, &pos)) 253 return -1; 254 255 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 256 hdr.class != ASN1_CLASS_UNIVERSAL || 257 hdr.tag != ASN1_TAG_BITSTRING) { 258 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING " 259 "(subjectPublicKey) - found class %d tag 0x%x", 260 hdr.class, hdr.tag); 261 return -1; 262 } 263 if (hdr.length < 1) 264 return -1; 265 pos = hdr.payload; 266 if (*pos) { 267 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits", 268 *pos); 269 /* 270 * TODO: should this be rejected? X.509 certificates are 271 * unlikely to use such a construction. Now we would end up 272 * including the extra bits in the buffer which may also be 273 * ok. 274 */ 275 } 276 os_free(cert->public_key); 277 cert->public_key = os_malloc(hdr.length - 1); 278 if (cert->public_key == NULL) { 279 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " 280 "public key"); 281 return -1; 282 } 283 os_memcpy(cert->public_key, pos + 1, hdr.length - 1); 284 cert->public_key_len = hdr.length - 1; 285 wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey", 286 cert->public_key, cert->public_key_len); 287 288 return 0; 289 } 290 291 292 int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name, 293 const u8 **next) 294 { 295 struct asn1_hdr hdr; 296 const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end; 297 struct asn1_oid oid; 298 char *val; 299 300 /* 301 * Name ::= CHOICE { RDNSequence } 302 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 303 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 304 * AttributeTypeAndValue ::= SEQUENCE { 305 * type AttributeType, 306 * value AttributeValue 307 * } 308 * AttributeType ::= OBJECT IDENTIFIER 309 * AttributeValue ::= ANY DEFINED BY AttributeType 310 */ 311 312 if (asn1_get_next(buf, len, &hdr) < 0 || 313 hdr.class != ASN1_CLASS_UNIVERSAL || 314 hdr.tag != ASN1_TAG_SEQUENCE) { 315 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 316 "(Name / RDNSequencer) - found class %d tag 0x%x", 317 hdr.class, hdr.tag); 318 return -1; 319 } 320 pos = hdr.payload; 321 322 if (hdr.length > buf + len - pos) 323 return -1; 324 325 end = *next = pos + hdr.length; 326 327 while (pos < end) { 328 enum x509_name_attr_type type; 329 330 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 331 hdr.class != ASN1_CLASS_UNIVERSAL || 332 hdr.tag != ASN1_TAG_SET) { 333 wpa_printf(MSG_DEBUG, "X509: Expected SET " 334 "(RelativeDistinguishedName) - found class " 335 "%d tag 0x%x", hdr.class, hdr.tag); 336 x509_free_name(name); 337 return -1; 338 } 339 340 set_pos = hdr.payload; 341 pos = set_end = hdr.payload + hdr.length; 342 343 if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 || 344 hdr.class != ASN1_CLASS_UNIVERSAL || 345 hdr.tag != ASN1_TAG_SEQUENCE) { 346 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 347 "(AttributeTypeAndValue) - found class %d " 348 "tag 0x%x", hdr.class, hdr.tag); 349 x509_free_name(name); 350 return -1; 351 } 352 353 seq_pos = hdr.payload; 354 seq_end = hdr.payload + hdr.length; 355 356 if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) { 357 x509_free_name(name); 358 return -1; 359 } 360 361 if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 || 362 hdr.class != ASN1_CLASS_UNIVERSAL) { 363 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 364 "AttributeValue"); 365 x509_free_name(name); 366 return -1; 367 } 368 369 /* RFC 3280: 370 * MUST: country, organization, organizational-unit, 371 * distinguished name qualifier, state or province name, 372 * common name, serial number. 373 * SHOULD: locality, title, surname, given name, initials, 374 * pseudonym, generation qualifier. 375 * MUST: domainComponent (RFC 2247). 376 */ 377 type = X509_NAME_ATTR_NOT_USED; 378 if (oid.len == 4 && 379 oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) { 380 /* id-at ::= 2.5.4 */ 381 switch (oid.oid[3]) { 382 case 3: 383 /* commonName */ 384 type = X509_NAME_ATTR_CN; 385 break; 386 case 6: 387 /* countryName */ 388 type = X509_NAME_ATTR_C; 389 break; 390 case 7: 391 /* localityName */ 392 type = X509_NAME_ATTR_L; 393 break; 394 case 8: 395 /* stateOrProvinceName */ 396 type = X509_NAME_ATTR_ST; 397 break; 398 case 10: 399 /* organizationName */ 400 type = X509_NAME_ATTR_O; 401 break; 402 case 11: 403 /* organizationalUnitName */ 404 type = X509_NAME_ATTR_OU; 405 break; 406 } 407 } else if (oid.len == 7 && 408 oid.oid[0] == 1 && oid.oid[1] == 2 && 409 oid.oid[2] == 840 && oid.oid[3] == 113549 && 410 oid.oid[4] == 1 && oid.oid[5] == 9 && 411 oid.oid[6] == 1) { 412 /* 1.2.840.113549.1.9.1 - e-mailAddress */ 413 os_free(name->email); 414 name->email = os_malloc(hdr.length + 1); 415 if (name->email == NULL) { 416 x509_free_name(name); 417 return -1; 418 } 419 os_memcpy(name->email, hdr.payload, hdr.length); 420 name->email[hdr.length] = '\0'; 421 continue; 422 } else if (oid.len == 7 && 423 oid.oid[0] == 0 && oid.oid[1] == 9 && 424 oid.oid[2] == 2342 && oid.oid[3] == 19200300 && 425 oid.oid[4] == 100 && oid.oid[5] == 1 && 426 oid.oid[6] == 25) { 427 /* 0.9.2342.19200300.100.1.25 - domainComponent */ 428 type = X509_NAME_ATTR_DC; 429 } 430 431 if (type == X509_NAME_ATTR_NOT_USED) { 432 wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID", 433 (u8 *) oid.oid, 434 oid.len * sizeof(oid.oid[0])); 435 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data", 436 hdr.payload, hdr.length); 437 continue; 438 } 439 440 if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) { 441 wpa_printf(MSG_INFO, "X509: Too many Name attributes"); 442 x509_free_name(name); 443 return -1; 444 } 445 446 val = dup_binstr(hdr.payload, hdr.length); 447 if (val == NULL) { 448 x509_free_name(name); 449 return -1; 450 } 451 if (os_strlen(val) != hdr.length) { 452 wpa_printf(MSG_INFO, "X509: Reject certificate with " 453 "embedded NUL byte in a string (%s[NUL])", 454 val); 455 os_free(val); 456 x509_free_name(name); 457 return -1; 458 } 459 460 name->attr[name->num_attr].type = type; 461 name->attr[name->num_attr].value = val; 462 name->num_attr++; 463 } 464 465 return 0; 466 } 467 468 469 static char * x509_name_attr_str(enum x509_name_attr_type type) 470 { 471 switch (type) { 472 case X509_NAME_ATTR_NOT_USED: 473 return "[N/A]"; 474 case X509_NAME_ATTR_DC: 475 return "DC"; 476 case X509_NAME_ATTR_CN: 477 return "CN"; 478 case X509_NAME_ATTR_C: 479 return "C"; 480 case X509_NAME_ATTR_L: 481 return "L"; 482 case X509_NAME_ATTR_ST: 483 return "ST"; 484 case X509_NAME_ATTR_O: 485 return "O"; 486 case X509_NAME_ATTR_OU: 487 return "OU"; 488 } 489 return "?"; 490 } 491 492 493 /** 494 * x509_name_string - Convert an X.509 certificate name into a string 495 * @name: Name to convert 496 * @buf: Buffer for the string 497 * @len: Maximum buffer length 498 */ 499 void x509_name_string(struct x509_name *name, char *buf, size_t len) 500 { 501 char *pos, *end; 502 int ret; 503 size_t i; 504 505 if (len == 0) 506 return; 507 508 pos = buf; 509 end = buf + len; 510 511 for (i = 0; i < name->num_attr; i++) { 512 ret = os_snprintf(pos, end - pos, "%s=%s, ", 513 x509_name_attr_str(name->attr[i].type), 514 name->attr[i].value); 515 if (os_snprintf_error(end - pos, ret)) 516 goto done; 517 pos += ret; 518 } 519 520 if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') { 521 pos--; 522 *pos = '\0'; 523 pos--; 524 *pos = '\0'; 525 } 526 527 if (name->email) { 528 ret = os_snprintf(pos, end - pos, "/emailAddress=%s", 529 name->email); 530 if (os_snprintf_error(end - pos, ret)) 531 goto done; 532 pos += ret; 533 } 534 535 done: 536 end[-1] = '\0'; 537 } 538 539 540 int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val) 541 { 542 const char *pos; 543 int year, month, day, hour, min, sec; 544 545 /* 546 * Time ::= CHOICE { 547 * utcTime UTCTime, 548 * generalTime GeneralizedTime 549 * } 550 * 551 * UTCTime: YYMMDDHHMMSSZ 552 * GeneralizedTime: YYYYMMDDHHMMSSZ 553 */ 554 555 pos = (const char *) buf; 556 557 switch (asn1_tag) { 558 case ASN1_TAG_UTCTIME: 559 if (len != 13 || buf[12] != 'Z') { 560 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized " 561 "UTCTime format", buf, len); 562 return -1; 563 } 564 if (sscanf(pos, "%02d", &year) != 1) { 565 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse " 566 "UTCTime year", buf, len); 567 return -1; 568 } 569 if (year < 50) 570 year += 2000; 571 else 572 year += 1900; 573 pos += 2; 574 break; 575 case ASN1_TAG_GENERALIZEDTIME: 576 if (len != 15 || buf[14] != 'Z') { 577 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized " 578 "GeneralizedTime format", buf, len); 579 return -1; 580 } 581 if (sscanf(pos, "%04d", &year) != 1) { 582 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse " 583 "GeneralizedTime year", buf, len); 584 return -1; 585 } 586 pos += 4; 587 break; 588 default: 589 wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or " 590 "GeneralizedTime - found tag 0x%x", asn1_tag); 591 return -1; 592 } 593 594 if (sscanf(pos, "%02d", &month) != 1) { 595 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 596 "(month)", buf, len); 597 return -1; 598 } 599 pos += 2; 600 601 if (sscanf(pos, "%02d", &day) != 1) { 602 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 603 "(day)", buf, len); 604 return -1; 605 } 606 pos += 2; 607 608 if (sscanf(pos, "%02d", &hour) != 1) { 609 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 610 "(hour)", buf, len); 611 return -1; 612 } 613 pos += 2; 614 615 if (sscanf(pos, "%02d", &min) != 1) { 616 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 617 "(min)", buf, len); 618 return -1; 619 } 620 pos += 2; 621 622 if (sscanf(pos, "%02d", &sec) != 1) { 623 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 624 "(sec)", buf, len); 625 return -1; 626 } 627 628 if (os_mktime(year, month, day, hour, min, sec, val) < 0) { 629 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time", 630 buf, len); 631 if (year < 1970) { 632 /* 633 * At least some test certificates have been configured 634 * to use dates prior to 1970. Set the date to 635 * beginning of 1970 to handle these case. 636 */ 637 wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - " 638 "assume epoch as the time", year); 639 *val = 0; 640 return 0; 641 } 642 return -1; 643 } 644 645 return 0; 646 } 647 648 649 static int x509_parse_validity(const u8 *buf, size_t len, 650 struct x509_certificate *cert, const u8 **next) 651 { 652 struct asn1_hdr hdr; 653 const u8 *pos; 654 size_t plen; 655 656 /* 657 * Validity ::= SEQUENCE { 658 * notBefore Time, 659 * notAfter Time 660 * } 661 * 662 * RFC 3280, 4.1.2.5: 663 * CAs conforming to this profile MUST always encode certificate 664 * validity dates through the year 2049 as UTCTime; certificate 665 * validity dates in 2050 or later MUST be encoded as GeneralizedTime. 666 */ 667 668 if (asn1_get_next(buf, len, &hdr) < 0 || 669 hdr.class != ASN1_CLASS_UNIVERSAL || 670 hdr.tag != ASN1_TAG_SEQUENCE) { 671 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 672 "(Validity) - found class %d tag 0x%x", 673 hdr.class, hdr.tag); 674 return -1; 675 } 676 pos = hdr.payload; 677 plen = hdr.length; 678 679 if (plen > (size_t) (buf + len - pos)) 680 return -1; 681 682 *next = pos + plen; 683 684 if (asn1_get_next(pos, plen, &hdr) < 0 || 685 hdr.class != ASN1_CLASS_UNIVERSAL || 686 x509_parse_time(hdr.payload, hdr.length, hdr.tag, 687 &cert->not_before) < 0) { 688 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore " 689 "Time", hdr.payload, hdr.length); 690 return -1; 691 } 692 693 pos = hdr.payload + hdr.length; 694 plen = *next - pos; 695 696 if (asn1_get_next(pos, plen, &hdr) < 0 || 697 hdr.class != ASN1_CLASS_UNIVERSAL || 698 x509_parse_time(hdr.payload, hdr.length, hdr.tag, 699 &cert->not_after) < 0) { 700 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter " 701 "Time", hdr.payload, hdr.length); 702 return -1; 703 } 704 705 wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu", 706 (unsigned long) cert->not_before, 707 (unsigned long) cert->not_after); 708 709 return 0; 710 } 711 712 713 static int x509_id_ce_oid(struct asn1_oid *oid) 714 { 715 /* id-ce arc from X.509 for standard X.509v3 extensions */ 716 return oid->len >= 4 && 717 oid->oid[0] == 2 /* joint-iso-ccitt */ && 718 oid->oid[1] == 5 /* ds */ && 719 oid->oid[2] == 29 /* id-ce */; 720 } 721 722 723 static int x509_any_ext_key_usage_oid(struct asn1_oid *oid) 724 { 725 return oid->len == 6 && 726 x509_id_ce_oid(oid) && 727 oid->oid[3] == 37 /* extKeyUsage */ && 728 oid->oid[4] == 0 /* anyExtendedKeyUsage */; 729 } 730 731 732 static int x509_parse_ext_key_usage(struct x509_certificate *cert, 733 const u8 *pos, size_t len) 734 { 735 struct asn1_hdr hdr; 736 737 /* 738 * KeyUsage ::= BIT STRING { 739 * digitalSignature (0), 740 * nonRepudiation (1), 741 * keyEncipherment (2), 742 * dataEncipherment (3), 743 * keyAgreement (4), 744 * keyCertSign (5), 745 * cRLSign (6), 746 * encipherOnly (7), 747 * decipherOnly (8) } 748 */ 749 750 if (asn1_get_next(pos, len, &hdr) < 0 || 751 hdr.class != ASN1_CLASS_UNIVERSAL || 752 hdr.tag != ASN1_TAG_BITSTRING || 753 hdr.length < 1) { 754 wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in " 755 "KeyUsage; found %d tag 0x%x len %d", 756 hdr.class, hdr.tag, hdr.length); 757 return -1; 758 } 759 760 cert->extensions_present |= X509_EXT_KEY_USAGE; 761 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length); 762 763 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage); 764 765 return 0; 766 } 767 768 769 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert, 770 const u8 *pos, size_t len) 771 { 772 struct asn1_hdr hdr; 773 unsigned long value; 774 size_t left; 775 776 /* 777 * BasicConstraints ::= SEQUENCE { 778 * cA BOOLEAN DEFAULT FALSE, 779 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 780 */ 781 782 if (asn1_get_next(pos, len, &hdr) < 0 || 783 hdr.class != ASN1_CLASS_UNIVERSAL || 784 hdr.tag != ASN1_TAG_SEQUENCE) { 785 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 786 "BasicConstraints; found %d tag 0x%x", 787 hdr.class, hdr.tag); 788 return -1; 789 } 790 791 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS; 792 793 if (hdr.length == 0) 794 return 0; 795 796 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 || 797 hdr.class != ASN1_CLASS_UNIVERSAL) { 798 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 799 "BasicConstraints"); 800 return -1; 801 } 802 803 if (hdr.tag == ASN1_TAG_BOOLEAN) { 804 if (hdr.length != 1) { 805 wpa_printf(MSG_DEBUG, "X509: Unexpected " 806 "Boolean length (%u) in BasicConstraints", 807 hdr.length); 808 return -1; 809 } 810 cert->ca = hdr.payload[0]; 811 812 if (hdr.length == pos + len - hdr.payload) { 813 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d", 814 cert->ca); 815 return 0; 816 } 817 818 if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length, 819 &hdr) < 0 || 820 hdr.class != ASN1_CLASS_UNIVERSAL) { 821 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 822 "BasicConstraints"); 823 return -1; 824 } 825 } 826 827 if (hdr.tag != ASN1_TAG_INTEGER) { 828 wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in " 829 "BasicConstraints; found class %d tag 0x%x", 830 hdr.class, hdr.tag); 831 return -1; 832 } 833 834 pos = hdr.payload; 835 left = hdr.length; 836 value = 0; 837 while (left) { 838 value <<= 8; 839 value |= *pos++; 840 left--; 841 } 842 843 cert->path_len_constraint = value; 844 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT; 845 846 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d " 847 "pathLenConstraint=%lu", 848 cert->ca, cert->path_len_constraint); 849 850 return 0; 851 } 852 853 854 static int x509_parse_alt_name_rfc8222(struct x509_name *name, 855 const u8 *pos, size_t len) 856 { 857 /* rfc822Name IA5String */ 858 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len); 859 os_free(name->alt_email); 860 name->alt_email = os_zalloc(len + 1); 861 if (name->alt_email == NULL) 862 return -1; 863 os_memcpy(name->alt_email, pos, len); 864 if (os_strlen(name->alt_email) != len) { 865 wpa_printf(MSG_INFO, "X509: Reject certificate with " 866 "embedded NUL byte in rfc822Name (%s[NUL])", 867 name->alt_email); 868 os_free(name->alt_email); 869 name->alt_email = NULL; 870 return -1; 871 } 872 return 0; 873 } 874 875 876 static int x509_parse_alt_name_dns(struct x509_name *name, 877 const u8 *pos, size_t len) 878 { 879 /* dNSName IA5String */ 880 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len); 881 os_free(name->dns); 882 name->dns = os_zalloc(len + 1); 883 if (name->dns == NULL) 884 return -1; 885 os_memcpy(name->dns, pos, len); 886 if (os_strlen(name->dns) != len) { 887 wpa_printf(MSG_INFO, "X509: Reject certificate with " 888 "embedded NUL byte in dNSName (%s[NUL])", 889 name->dns); 890 os_free(name->dns); 891 name->dns = NULL; 892 return -1; 893 } 894 return 0; 895 } 896 897 898 static int x509_parse_alt_name_uri(struct x509_name *name, 899 const u8 *pos, size_t len) 900 { 901 /* uniformResourceIdentifier IA5String */ 902 wpa_hexdump_ascii(MSG_MSGDUMP, 903 "X509: altName - uniformResourceIdentifier", 904 pos, len); 905 os_free(name->uri); 906 name->uri = os_zalloc(len + 1); 907 if (name->uri == NULL) 908 return -1; 909 os_memcpy(name->uri, pos, len); 910 if (os_strlen(name->uri) != len) { 911 wpa_printf(MSG_INFO, "X509: Reject certificate with " 912 "embedded NUL byte in uniformResourceIdentifier " 913 "(%s[NUL])", name->uri); 914 os_free(name->uri); 915 name->uri = NULL; 916 return -1; 917 } 918 return 0; 919 } 920 921 922 static int x509_parse_alt_name_ip(struct x509_name *name, 923 const u8 *pos, size_t len) 924 { 925 /* iPAddress OCTET STRING */ 926 wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len); 927 os_free(name->ip); 928 name->ip = os_malloc(len); 929 if (name->ip == NULL) 930 return -1; 931 os_memcpy(name->ip, pos, len); 932 name->ip_len = len; 933 return 0; 934 } 935 936 937 static int x509_parse_alt_name_rid(struct x509_name *name, 938 const u8 *pos, size_t len) 939 { 940 char buf[80]; 941 942 /* registeredID OBJECT IDENTIFIER */ 943 if (asn1_parse_oid(pos, len, &name->rid) < 0) 944 return -1; 945 946 asn1_oid_to_str(&name->rid, buf, sizeof(buf)); 947 wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf); 948 949 return 0; 950 } 951 952 953 static int x509_parse_ext_alt_name(struct x509_name *name, 954 const u8 *pos, size_t len) 955 { 956 struct asn1_hdr hdr; 957 const u8 *p, *end; 958 959 /* 960 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 961 * 962 * GeneralName ::= CHOICE { 963 * otherName [0] OtherName, 964 * rfc822Name [1] IA5String, 965 * dNSName [2] IA5String, 966 * x400Address [3] ORAddress, 967 * directoryName [4] Name, 968 * ediPartyName [5] EDIPartyName, 969 * uniformResourceIdentifier [6] IA5String, 970 * iPAddress [7] OCTET STRING, 971 * registeredID [8] OBJECT IDENTIFIER } 972 * 973 * OtherName ::= SEQUENCE { 974 * type-id OBJECT IDENTIFIER, 975 * value [0] EXPLICIT ANY DEFINED BY type-id } 976 * 977 * EDIPartyName ::= SEQUENCE { 978 * nameAssigner [0] DirectoryString OPTIONAL, 979 * partyName [1] DirectoryString } 980 */ 981 982 for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) { 983 int res; 984 985 if (asn1_get_next(p, end - p, &hdr) < 0) { 986 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 987 "SubjectAltName item"); 988 return -1; 989 } 990 991 if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) 992 continue; 993 994 switch (hdr.tag) { 995 case 1: 996 res = x509_parse_alt_name_rfc8222(name, hdr.payload, 997 hdr.length); 998 break; 999 case 2: 1000 res = x509_parse_alt_name_dns(name, hdr.payload, 1001 hdr.length); 1002 break; 1003 case 6: 1004 res = x509_parse_alt_name_uri(name, hdr.payload, 1005 hdr.length); 1006 break; 1007 case 7: 1008 res = x509_parse_alt_name_ip(name, hdr.payload, 1009 hdr.length); 1010 break; 1011 case 8: 1012 res = x509_parse_alt_name_rid(name, hdr.payload, 1013 hdr.length); 1014 break; 1015 case 0: /* TODO: otherName */ 1016 case 3: /* TODO: x500Address */ 1017 case 4: /* TODO: directoryName */ 1018 case 5: /* TODO: ediPartyName */ 1019 default: 1020 res = 0; 1021 break; 1022 } 1023 if (res < 0) 1024 return res; 1025 } 1026 1027 return 0; 1028 } 1029 1030 1031 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert, 1032 const u8 *pos, size_t len) 1033 { 1034 struct asn1_hdr hdr; 1035 1036 /* SubjectAltName ::= GeneralNames */ 1037 1038 if (asn1_get_next(pos, len, &hdr) < 0 || 1039 hdr.class != ASN1_CLASS_UNIVERSAL || 1040 hdr.tag != ASN1_TAG_SEQUENCE) { 1041 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 1042 "SubjectAltName; found %d tag 0x%x", 1043 hdr.class, hdr.tag); 1044 return -1; 1045 } 1046 1047 wpa_printf(MSG_DEBUG, "X509: SubjectAltName"); 1048 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME; 1049 1050 if (hdr.length == 0) 1051 return 0; 1052 1053 return x509_parse_ext_alt_name(&cert->subject, hdr.payload, 1054 hdr.length); 1055 } 1056 1057 1058 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert, 1059 const u8 *pos, size_t len) 1060 { 1061 struct asn1_hdr hdr; 1062 1063 /* IssuerAltName ::= GeneralNames */ 1064 1065 if (asn1_get_next(pos, len, &hdr) < 0 || 1066 hdr.class != ASN1_CLASS_UNIVERSAL || 1067 hdr.tag != ASN1_TAG_SEQUENCE) { 1068 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 1069 "IssuerAltName; found %d tag 0x%x", 1070 hdr.class, hdr.tag); 1071 return -1; 1072 } 1073 1074 wpa_printf(MSG_DEBUG, "X509: IssuerAltName"); 1075 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME; 1076 1077 if (hdr.length == 0) 1078 return 0; 1079 1080 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload, 1081 hdr.length); 1082 } 1083 1084 1085 static int x509_id_pkix_oid(struct asn1_oid *oid) 1086 { 1087 return oid->len >= 7 && 1088 oid->oid[0] == 1 /* iso */ && 1089 oid->oid[1] == 3 /* identified-organization */ && 1090 oid->oid[2] == 6 /* dod */ && 1091 oid->oid[3] == 1 /* internet */ && 1092 oid->oid[4] == 5 /* security */ && 1093 oid->oid[5] == 5 /* mechanisms */ && 1094 oid->oid[6] == 7 /* id-pkix */; 1095 } 1096 1097 1098 static int x509_id_kp_oid(struct asn1_oid *oid) 1099 { 1100 /* id-kp */ 1101 return oid->len >= 8 && 1102 x509_id_pkix_oid(oid) && 1103 oid->oid[7] == 3 /* id-kp */; 1104 } 1105 1106 1107 static int x509_id_kp_server_auth_oid(struct asn1_oid *oid) 1108 { 1109 /* id-kp */ 1110 return oid->len == 9 && 1111 x509_id_kp_oid(oid) && 1112 oid->oid[8] == 1 /* id-kp-serverAuth */; 1113 } 1114 1115 1116 static int x509_id_kp_client_auth_oid(struct asn1_oid *oid) 1117 { 1118 /* id-kp */ 1119 return oid->len == 9 && 1120 x509_id_kp_oid(oid) && 1121 oid->oid[8] == 2 /* id-kp-clientAuth */; 1122 } 1123 1124 1125 static int x509_id_kp_ocsp_oid(struct asn1_oid *oid) 1126 { 1127 /* id-kp */ 1128 return oid->len == 9 && 1129 x509_id_kp_oid(oid) && 1130 oid->oid[8] == 9 /* id-kp-OCSPSigning */; 1131 } 1132 1133 1134 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert, 1135 const u8 *pos, size_t len) 1136 { 1137 struct asn1_hdr hdr; 1138 const u8 *end; 1139 struct asn1_oid oid; 1140 1141 /* 1142 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1143 * 1144 * KeyPurposeId ::= OBJECT IDENTIFIER 1145 */ 1146 1147 if (asn1_get_next(pos, len, &hdr) < 0 || 1148 hdr.class != ASN1_CLASS_UNIVERSAL || 1149 hdr.tag != ASN1_TAG_SEQUENCE) { 1150 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 1151 "(ExtKeyUsageSyntax) - found class %d tag 0x%x", 1152 hdr.class, hdr.tag); 1153 return -1; 1154 } 1155 if (hdr.length > pos + len - hdr.payload) 1156 return -1; 1157 pos = hdr.payload; 1158 end = pos + hdr.length; 1159 1160 wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos); 1161 1162 while (pos < end) { 1163 char buf[80]; 1164 1165 if (asn1_get_oid(pos, end - pos, &oid, &pos)) 1166 return -1; 1167 if (x509_any_ext_key_usage_oid(&oid)) { 1168 os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf)); 1169 cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY; 1170 } else if (x509_id_kp_server_auth_oid(&oid)) { 1171 os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf)); 1172 cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH; 1173 } else if (x509_id_kp_client_auth_oid(&oid)) { 1174 os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf)); 1175 cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH; 1176 } else if (x509_id_kp_ocsp_oid(&oid)) { 1177 os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf)); 1178 cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP; 1179 } else { 1180 asn1_oid_to_str(&oid, buf, sizeof(buf)); 1181 } 1182 wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf); 1183 } 1184 1185 cert->extensions_present |= X509_EXT_EXT_KEY_USAGE; 1186 1187 return 0; 1188 } 1189 1190 1191 static int x509_parse_extension_data(struct x509_certificate *cert, 1192 struct asn1_oid *oid, 1193 const u8 *pos, size_t len) 1194 { 1195 if (!x509_id_ce_oid(oid)) 1196 return 1; 1197 1198 /* TODO: add other extensions required by RFC 3280, Ch 4.2: 1199 * certificate policies (section 4.2.1.5) 1200 * name constraints (section 4.2.1.11) 1201 * policy constraints (section 4.2.1.12) 1202 * inhibit any-policy (section 4.2.1.15) 1203 */ 1204 switch (oid->oid[3]) { 1205 case 15: /* id-ce-keyUsage */ 1206 return x509_parse_ext_key_usage(cert, pos, len); 1207 case 17: /* id-ce-subjectAltName */ 1208 return x509_parse_ext_subject_alt_name(cert, pos, len); 1209 case 18: /* id-ce-issuerAltName */ 1210 return x509_parse_ext_issuer_alt_name(cert, pos, len); 1211 case 19: /* id-ce-basicConstraints */ 1212 return x509_parse_ext_basic_constraints(cert, pos, len); 1213 case 37: /* id-ce-extKeyUsage */ 1214 return x509_parse_ext_ext_key_usage(cert, pos, len); 1215 default: 1216 return 1; 1217 } 1218 } 1219 1220 1221 static int x509_parse_extension(struct x509_certificate *cert, 1222 const u8 *pos, size_t len, const u8 **next) 1223 { 1224 const u8 *end; 1225 struct asn1_hdr hdr; 1226 struct asn1_oid oid; 1227 int critical_ext = 0, res; 1228 char buf[80]; 1229 1230 /* 1231 * Extension ::= SEQUENCE { 1232 * extnID OBJECT IDENTIFIER, 1233 * critical BOOLEAN DEFAULT FALSE, 1234 * extnValue OCTET STRING 1235 * } 1236 */ 1237 1238 if (asn1_get_next(pos, len, &hdr) < 0 || 1239 hdr.class != ASN1_CLASS_UNIVERSAL || 1240 hdr.tag != ASN1_TAG_SEQUENCE) { 1241 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in " 1242 "Extensions: class %d tag 0x%x; expected SEQUENCE", 1243 hdr.class, hdr.tag); 1244 return -1; 1245 } 1246 pos = hdr.payload; 1247 *next = end = pos + hdr.length; 1248 1249 if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) { 1250 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for " 1251 "Extension (expected OID)"); 1252 return -1; 1253 } 1254 1255 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1256 hdr.class != ASN1_CLASS_UNIVERSAL || 1257 (hdr.tag != ASN1_TAG_BOOLEAN && 1258 hdr.tag != ASN1_TAG_OCTETSTRING)) { 1259 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in " 1260 "Extensions: class %d tag 0x%x; expected BOOLEAN " 1261 "or OCTET STRING", hdr.class, hdr.tag); 1262 return -1; 1263 } 1264 1265 if (hdr.tag == ASN1_TAG_BOOLEAN) { 1266 if (hdr.length != 1) { 1267 wpa_printf(MSG_DEBUG, "X509: Unexpected " 1268 "Boolean length (%u)", hdr.length); 1269 return -1; 1270 } 1271 critical_ext = hdr.payload[0]; 1272 pos = hdr.payload; 1273 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1274 (hdr.class != ASN1_CLASS_UNIVERSAL && 1275 hdr.class != ASN1_CLASS_PRIVATE) || 1276 hdr.tag != ASN1_TAG_OCTETSTRING) { 1277 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header " 1278 "in Extensions: class %d tag 0x%x; " 1279 "expected OCTET STRING", 1280 hdr.class, hdr.tag); 1281 return -1; 1282 } 1283 } 1284 1285 asn1_oid_to_str(&oid, buf, sizeof(buf)); 1286 wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d", 1287 buf, critical_ext); 1288 wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length); 1289 1290 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length); 1291 if (res < 0) 1292 return res; 1293 if (res == 1 && critical_ext) { 1294 wpa_printf(MSG_INFO, "X509: Unknown critical extension %s", 1295 buf); 1296 return -1; 1297 } 1298 1299 return 0; 1300 } 1301 1302 1303 static int x509_parse_extensions(struct x509_certificate *cert, 1304 const u8 *pos, size_t len) 1305 { 1306 const u8 *end; 1307 struct asn1_hdr hdr; 1308 1309 /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ 1310 1311 if (asn1_get_next(pos, len, &hdr) < 0 || 1312 hdr.class != ASN1_CLASS_UNIVERSAL || 1313 hdr.tag != ASN1_TAG_SEQUENCE) { 1314 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data " 1315 "for Extensions: class %d tag 0x%x; " 1316 "expected SEQUENCE", hdr.class, hdr.tag); 1317 return -1; 1318 } 1319 1320 pos = hdr.payload; 1321 end = pos + hdr.length; 1322 1323 while (pos < end) { 1324 if (x509_parse_extension(cert, pos, end - pos, &pos) 1325 < 0) 1326 return -1; 1327 } 1328 1329 return 0; 1330 } 1331 1332 1333 static int x509_parse_tbs_certificate(const u8 *buf, size_t len, 1334 struct x509_certificate *cert, 1335 const u8 **next) 1336 { 1337 struct asn1_hdr hdr; 1338 const u8 *pos, *end; 1339 size_t left; 1340 char sbuf[128]; 1341 unsigned long value; 1342 const u8 *subject_dn; 1343 1344 /* tbsCertificate TBSCertificate ::= SEQUENCE */ 1345 if (asn1_get_next(buf, len, &hdr) < 0 || 1346 hdr.class != ASN1_CLASS_UNIVERSAL || 1347 hdr.tag != ASN1_TAG_SEQUENCE) { 1348 wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start " 1349 "with a valid SEQUENCE - found class %d tag 0x%x", 1350 hdr.class, hdr.tag); 1351 return -1; 1352 } 1353 pos = hdr.payload; 1354 end = *next = pos + hdr.length; 1355 1356 /* 1357 * version [0] EXPLICIT Version DEFAULT v1 1358 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 1359 */ 1360 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1361 return -1; 1362 pos = hdr.payload; 1363 1364 if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) { 1365 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1366 return -1; 1367 1368 if (hdr.class != ASN1_CLASS_UNIVERSAL || 1369 hdr.tag != ASN1_TAG_INTEGER) { 1370 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for " 1371 "version field - found class %d tag 0x%x", 1372 hdr.class, hdr.tag); 1373 return -1; 1374 } 1375 if (hdr.length != 1) { 1376 wpa_printf(MSG_DEBUG, "X509: Unexpected version field " 1377 "length %u (expected 1)", hdr.length); 1378 return -1; 1379 } 1380 pos = hdr.payload; 1381 left = hdr.length; 1382 value = 0; 1383 while (left) { 1384 value <<= 8; 1385 value |= *pos++; 1386 left--; 1387 } 1388 1389 cert->version = value; 1390 if (cert->version != X509_CERT_V1 && 1391 cert->version != X509_CERT_V2 && 1392 cert->version != X509_CERT_V3) { 1393 wpa_printf(MSG_DEBUG, "X509: Unsupported version %d", 1394 cert->version + 1); 1395 return -1; 1396 } 1397 1398 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1399 return -1; 1400 } else 1401 cert->version = X509_CERT_V1; 1402 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1); 1403 1404 /* serialNumber CertificateSerialNumber ::= INTEGER */ 1405 if (hdr.class != ASN1_CLASS_UNIVERSAL || 1406 hdr.tag != ASN1_TAG_INTEGER || 1407 hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) { 1408 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for " 1409 "serialNumber; class=%d tag=0x%x length=%u", 1410 hdr.class, hdr.tag, hdr.length); 1411 return -1; 1412 } 1413 1414 pos = hdr.payload + hdr.length; 1415 while (hdr.length > 0 && hdr.payload[0] == 0) { 1416 hdr.payload++; 1417 hdr.length--; 1418 } 1419 os_memcpy(cert->serial_number, hdr.payload, hdr.length); 1420 cert->serial_number_len = hdr.length; 1421 wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number, 1422 cert->serial_number_len); 1423 1424 /* signature AlgorithmIdentifier */ 1425 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature, 1426 &pos)) 1427 return -1; 1428 1429 /* issuer Name */ 1430 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos)) 1431 return -1; 1432 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf)); 1433 wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf); 1434 1435 /* validity Validity */ 1436 if (x509_parse_validity(pos, end - pos, cert, &pos)) 1437 return -1; 1438 1439 /* subject Name */ 1440 subject_dn = pos; 1441 if (x509_parse_name(pos, end - pos, &cert->subject, &pos)) 1442 return -1; 1443 cert->subject_dn = os_malloc(pos - subject_dn); 1444 if (!cert->subject_dn) 1445 return -1; 1446 cert->subject_dn_len = pos - subject_dn; 1447 os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len); 1448 x509_name_string(&cert->subject, sbuf, sizeof(sbuf)); 1449 wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf); 1450 1451 /* subjectPublicKeyInfo SubjectPublicKeyInfo */ 1452 if (x509_parse_public_key(pos, end - pos, cert, &pos)) 1453 return -1; 1454 1455 if (pos == end) 1456 return 0; 1457 1458 if (cert->version == X509_CERT_V1) 1459 return 0; 1460 1461 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1462 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1463 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1464 " tag to parse optional tbsCertificate " 1465 "field(s); parsed class %d tag 0x%x", 1466 hdr.class, hdr.tag); 1467 return -1; 1468 } 1469 1470 if (hdr.tag == 1) { 1471 /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */ 1472 wpa_printf(MSG_DEBUG, "X509: issuerUniqueID"); 1473 /* TODO: parse UniqueIdentifier ::= BIT STRING */ 1474 1475 pos = hdr.payload + hdr.length; 1476 if (pos == end) 1477 return 0; 1478 1479 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1480 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1481 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1482 " tag to parse optional tbsCertificate " 1483 "field(s); parsed class %d tag 0x%x", 1484 hdr.class, hdr.tag); 1485 return -1; 1486 } 1487 } 1488 1489 if (hdr.tag == 2) { 1490 /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */ 1491 wpa_printf(MSG_DEBUG, "X509: subjectUniqueID"); 1492 /* TODO: parse UniqueIdentifier ::= BIT STRING */ 1493 1494 pos = hdr.payload + hdr.length; 1495 if (pos == end) 1496 return 0; 1497 1498 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1499 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1500 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1501 " tag to parse optional tbsCertificate " 1502 "field(s); parsed class %d tag 0x%x", 1503 hdr.class, hdr.tag); 1504 return -1; 1505 } 1506 } 1507 1508 if (hdr.tag != 3) { 1509 wpa_printf(MSG_DEBUG, "X509: Ignored unexpected " 1510 "Context-Specific tag %d in optional " 1511 "tbsCertificate fields", hdr.tag); 1512 return 0; 1513 } 1514 1515 /* extensions [3] EXPLICIT Extensions OPTIONAL */ 1516 1517 if (cert->version != X509_CERT_V3) { 1518 wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and " 1519 "Extensions data which are only allowed for " 1520 "version 3", cert->version + 1); 1521 return -1; 1522 } 1523 1524 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0) 1525 return -1; 1526 1527 pos = hdr.payload + hdr.length; 1528 if (pos < end) { 1529 wpa_hexdump(MSG_DEBUG, 1530 "X509: Ignored extra tbsCertificate data", 1531 pos, end - pos); 1532 } 1533 1534 return 0; 1535 } 1536 1537 1538 static int x509_rsadsi_oid(struct asn1_oid *oid) 1539 { 1540 return oid->len >= 4 && 1541 oid->oid[0] == 1 /* iso */ && 1542 oid->oid[1] == 2 /* member-body */ && 1543 oid->oid[2] == 840 /* us */ && 1544 oid->oid[3] == 113549 /* rsadsi */; 1545 } 1546 1547 1548 static int x509_pkcs_oid(struct asn1_oid *oid) 1549 { 1550 return oid->len >= 5 && 1551 x509_rsadsi_oid(oid) && 1552 oid->oid[4] == 1 /* pkcs */; 1553 } 1554 1555 1556 static int x509_digest_oid(struct asn1_oid *oid) 1557 { 1558 return oid->len >= 5 && 1559 x509_rsadsi_oid(oid) && 1560 oid->oid[4] == 2 /* digestAlgorithm */; 1561 } 1562 1563 1564 int x509_sha1_oid(struct asn1_oid *oid) 1565 { 1566 return oid->len == 6 && 1567 oid->oid[0] == 1 /* iso */ && 1568 oid->oid[1] == 3 /* identified-organization */ && 1569 oid->oid[2] == 14 /* oiw */ && 1570 oid->oid[3] == 3 /* secsig */ && 1571 oid->oid[4] == 2 /* algorithms */ && 1572 oid->oid[5] == 26 /* id-sha1 */; 1573 } 1574 1575 1576 static int x509_sha2_oid(struct asn1_oid *oid) 1577 { 1578 return oid->len == 9 && 1579 oid->oid[0] == 2 /* joint-iso-itu-t */ && 1580 oid->oid[1] == 16 /* country */ && 1581 oid->oid[2] == 840 /* us */ && 1582 oid->oid[3] == 1 /* organization */ && 1583 oid->oid[4] == 101 /* gov */ && 1584 oid->oid[5] == 3 /* csor */ && 1585 oid->oid[6] == 4 /* nistAlgorithm */ && 1586 oid->oid[7] == 2 /* hashAlgs */; 1587 } 1588 1589 1590 int x509_sha256_oid(struct asn1_oid *oid) 1591 { 1592 return x509_sha2_oid(oid) && 1593 oid->oid[8] == 1 /* sha256 */; 1594 } 1595 1596 1597 int x509_sha384_oid(struct asn1_oid *oid) 1598 { 1599 return x509_sha2_oid(oid) && 1600 oid->oid[8] == 2 /* sha384 */; 1601 } 1602 1603 1604 int x509_sha512_oid(struct asn1_oid *oid) 1605 { 1606 return x509_sha2_oid(oid) && 1607 oid->oid[8] == 3 /* sha512 */; 1608 } 1609 1610 1611 /** 1612 * x509_certificate_parse - Parse a X.509 certificate in DER format 1613 * @buf: Pointer to the X.509 certificate in DER format 1614 * @len: Buffer length 1615 * Returns: Pointer to the parsed certificate or %NULL on failure 1616 * 1617 * Caller is responsible for freeing the returned certificate by calling 1618 * x509_certificate_free(). 1619 */ 1620 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len) 1621 { 1622 struct asn1_hdr hdr; 1623 const u8 *pos, *end, *hash_start; 1624 struct x509_certificate *cert; 1625 1626 cert = os_zalloc(sizeof(*cert) + len); 1627 if (cert == NULL) 1628 return NULL; 1629 os_memcpy(cert + 1, buf, len); 1630 cert->cert_start = (u8 *) (cert + 1); 1631 cert->cert_len = len; 1632 1633 pos = buf; 1634 end = buf + len; 1635 1636 /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */ 1637 1638 /* Certificate ::= SEQUENCE */ 1639 if (asn1_get_next(pos, len, &hdr) < 0 || 1640 hdr.class != ASN1_CLASS_UNIVERSAL || 1641 hdr.tag != ASN1_TAG_SEQUENCE) { 1642 wpa_printf(MSG_DEBUG, "X509: Certificate did not start with " 1643 "a valid SEQUENCE - found class %d tag 0x%x", 1644 hdr.class, hdr.tag); 1645 x509_certificate_free(cert); 1646 return NULL; 1647 } 1648 pos = hdr.payload; 1649 1650 if (hdr.length > end - pos) { 1651 x509_certificate_free(cert); 1652 return NULL; 1653 } 1654 1655 if (hdr.length < end - pos) { 1656 wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER " 1657 "encoded certificate", 1658 pos + hdr.length, end - (pos + hdr.length)); 1659 end = pos + hdr.length; 1660 } 1661 1662 hash_start = pos; 1663 cert->tbs_cert_start = cert->cert_start + (hash_start - buf); 1664 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) { 1665 x509_certificate_free(cert); 1666 return NULL; 1667 } 1668 cert->tbs_cert_len = pos - hash_start; 1669 1670 /* signatureAlgorithm AlgorithmIdentifier */ 1671 if (x509_parse_algorithm_identifier(pos, end - pos, 1672 &cert->signature_alg, &pos)) { 1673 x509_certificate_free(cert); 1674 return NULL; 1675 } 1676 1677 /* signatureValue BIT STRING */ 1678 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1679 hdr.class != ASN1_CLASS_UNIVERSAL || 1680 hdr.tag != ASN1_TAG_BITSTRING) { 1681 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING " 1682 "(signatureValue) - found class %d tag 0x%x", 1683 hdr.class, hdr.tag); 1684 x509_certificate_free(cert); 1685 return NULL; 1686 } 1687 if (hdr.length < 1) { 1688 x509_certificate_free(cert); 1689 return NULL; 1690 } 1691 pos = hdr.payload; 1692 if (*pos) { 1693 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits", 1694 *pos); 1695 /* PKCS #1 v1.5 10.2.1: 1696 * It is an error if the length in bits of the signature S is 1697 * not a multiple of eight. 1698 */ 1699 x509_certificate_free(cert); 1700 return NULL; 1701 } 1702 os_free(cert->sign_value); 1703 cert->sign_value = os_malloc(hdr.length - 1); 1704 if (cert->sign_value == NULL) { 1705 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " 1706 "signatureValue"); 1707 x509_certificate_free(cert); 1708 return NULL; 1709 } 1710 os_memcpy(cert->sign_value, pos + 1, hdr.length - 1); 1711 cert->sign_value_len = hdr.length - 1; 1712 wpa_hexdump(MSG_MSGDUMP, "X509: signature", 1713 cert->sign_value, cert->sign_value_len); 1714 1715 return cert; 1716 } 1717 1718 1719 /** 1720 * x509_certificate_check_signature - Verify certificate signature 1721 * @issuer: Issuer certificate 1722 * @cert: Certificate to be verified 1723 * Returns: 0 if cert has a valid signature that was signed by the issuer, 1724 * -1 if not 1725 */ 1726 int x509_certificate_check_signature(struct x509_certificate *issuer, 1727 struct x509_certificate *cert) 1728 { 1729 return x509_check_signature(issuer, &cert->signature, 1730 cert->sign_value, cert->sign_value_len, 1731 cert->tbs_cert_start, cert->tbs_cert_len); 1732 } 1733 1734 1735 int x509_check_signature(struct x509_certificate *issuer, 1736 struct x509_algorithm_identifier *signature, 1737 const u8 *sign_value, size_t sign_value_len, 1738 const u8 *signed_data, size_t signed_data_len) 1739 { 1740 struct crypto_public_key *pk; 1741 u8 *data; 1742 const u8 *pos, *end, *next, *da_end; 1743 size_t data_len; 1744 struct asn1_hdr hdr; 1745 struct asn1_oid oid; 1746 u8 hash[64]; 1747 size_t hash_len; 1748 const u8 *addr[1] = { signed_data }; 1749 size_t len[1] = { signed_data_len }; 1750 1751 if (!x509_pkcs_oid(&signature->oid) || 1752 signature->oid.len != 7 || 1753 signature->oid.oid[5] != 1 /* pkcs-1 */) { 1754 wpa_printf(MSG_DEBUG, "X509: Unrecognized signature " 1755 "algorithm"); 1756 return -1; 1757 } 1758 1759 pk = crypto_public_key_import(issuer->public_key, 1760 issuer->public_key_len); 1761 if (pk == NULL) 1762 return -1; 1763 1764 data_len = sign_value_len; 1765 data = os_malloc(data_len); 1766 if (data == NULL) { 1767 crypto_public_key_free(pk); 1768 return -1; 1769 } 1770 1771 if (crypto_public_key_decrypt_pkcs1(pk, sign_value, 1772 sign_value_len, data, 1773 &data_len) < 0) { 1774 wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature"); 1775 crypto_public_key_free(pk); 1776 os_free(data); 1777 return -1; 1778 } 1779 crypto_public_key_free(pk); 1780 1781 wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len); 1782 1783 /* 1784 * PKCS #1 v1.5, 10.1.2: 1785 * 1786 * DigestInfo ::= SEQUENCE { 1787 * digestAlgorithm DigestAlgorithmIdentifier, 1788 * digest Digest 1789 * } 1790 * 1791 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier 1792 * 1793 * Digest ::= OCTET STRING 1794 * 1795 */ 1796 if (asn1_get_next(data, data_len, &hdr) < 0 || 1797 hdr.class != ASN1_CLASS_UNIVERSAL || 1798 hdr.tag != ASN1_TAG_SEQUENCE) { 1799 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 1800 "(DigestInfo) - found class %d tag 0x%x", 1801 hdr.class, hdr.tag); 1802 os_free(data); 1803 return -1; 1804 } 1805 1806 pos = hdr.payload; 1807 end = pos + hdr.length; 1808 1809 /* 1810 * X.509: 1811 * AlgorithmIdentifier ::= SEQUENCE { 1812 * algorithm OBJECT IDENTIFIER, 1813 * parameters ANY DEFINED BY algorithm OPTIONAL 1814 * } 1815 */ 1816 1817 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1818 hdr.class != ASN1_CLASS_UNIVERSAL || 1819 hdr.tag != ASN1_TAG_SEQUENCE) { 1820 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 1821 "(AlgorithmIdentifier) - found class %d tag 0x%x", 1822 hdr.class, hdr.tag); 1823 os_free(data); 1824 return -1; 1825 } 1826 da_end = hdr.payload + hdr.length; 1827 1828 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { 1829 wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm"); 1830 os_free(data); 1831 return -1; 1832 } 1833 1834 if (x509_sha1_oid(&oid)) { 1835 if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { 1836 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 " 1837 "does not match with certificate " 1838 "signatureAlgorithm (%lu)", 1839 signature->oid.oid[6]); 1840 os_free(data); 1841 return -1; 1842 } 1843 goto skip_digest_oid; 1844 } 1845 1846 if (x509_sha256_oid(&oid)) { 1847 if (signature->oid.oid[6] != 1848 11 /* sha2561WithRSAEncryption */) { 1849 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 " 1850 "does not match with certificate " 1851 "signatureAlgorithm (%lu)", 1852 signature->oid.oid[6]); 1853 os_free(data); 1854 return -1; 1855 } 1856 goto skip_digest_oid; 1857 } 1858 1859 if (x509_sha384_oid(&oid)) { 1860 if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) { 1861 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 " 1862 "does not match with certificate " 1863 "signatureAlgorithm (%lu)", 1864 signature->oid.oid[6]); 1865 os_free(data); 1866 return -1; 1867 } 1868 goto skip_digest_oid; 1869 } 1870 1871 if (x509_sha512_oid(&oid)) { 1872 if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) { 1873 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 " 1874 "does not match with certificate " 1875 "signatureAlgorithm (%lu)", 1876 signature->oid.oid[6]); 1877 os_free(data); 1878 return -1; 1879 } 1880 goto skip_digest_oid; 1881 } 1882 1883 if (!x509_digest_oid(&oid)) { 1884 wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm"); 1885 os_free(data); 1886 return -1; 1887 } 1888 switch (oid.oid[5]) { 1889 case 5: /* md5 */ 1890 if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) { 1891 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does " 1892 "not match with certificate " 1893 "signatureAlgorithm (%lu)", 1894 signature->oid.oid[6]); 1895 os_free(data); 1896 return -1; 1897 } 1898 break; 1899 case 2: /* md2 */ 1900 case 4: /* md4 */ 1901 default: 1902 wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm " 1903 "(%lu)", oid.oid[5]); 1904 os_free(data); 1905 return -1; 1906 } 1907 1908 skip_digest_oid: 1909 /* Digest ::= OCTET STRING */ 1910 pos = da_end; 1911 end = data + data_len; 1912 1913 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1914 hdr.class != ASN1_CLASS_UNIVERSAL || 1915 hdr.tag != ASN1_TAG_OCTETSTRING) { 1916 wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING " 1917 "(Digest) - found class %d tag 0x%x", 1918 hdr.class, hdr.tag); 1919 os_free(data); 1920 return -1; 1921 } 1922 wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest", 1923 hdr.payload, hdr.length); 1924 1925 switch (signature->oid.oid[6]) { 1926 case 4: /* md5WithRSAEncryption */ 1927 md5_vector(1, addr, len, hash); 1928 hash_len = 16; 1929 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)", 1930 hash, hash_len); 1931 break; 1932 case 5: /* sha-1WithRSAEncryption */ 1933 sha1_vector(1, addr, len, hash); 1934 hash_len = 20; 1935 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)", 1936 hash, hash_len); 1937 break; 1938 case 11: /* sha256WithRSAEncryption */ 1939 sha256_vector(1, addr, len, hash); 1940 hash_len = 32; 1941 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)", 1942 hash, hash_len); 1943 break; 1944 case 12: /* sha384WithRSAEncryption */ 1945 sha384_vector(1, addr, len, hash); 1946 hash_len = 48; 1947 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)", 1948 hash, hash_len); 1949 break; 1950 case 13: /* sha512WithRSAEncryption */ 1951 sha512_vector(1, addr, len, hash); 1952 hash_len = 64; 1953 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)", 1954 hash, hash_len); 1955 break; 1956 case 2: /* md2WithRSAEncryption */ 1957 default: 1958 wpa_printf(MSG_INFO, "X509: Unsupported certificate signature " 1959 "algorithm (%lu)", signature->oid.oid[6]); 1960 os_free(data); 1961 return -1; 1962 } 1963 1964 if (hdr.length != hash_len || 1965 os_memcmp_const(hdr.payload, hash, hdr.length) != 0) { 1966 wpa_printf(MSG_INFO, "X509: Certificate Digest does not match " 1967 "with calculated tbsCertificate hash"); 1968 os_free(data); 1969 return -1; 1970 } 1971 1972 if (hdr.payload + hdr.length < data + data_len) { 1973 wpa_hexdump(MSG_INFO, 1974 "X509: Extra data after certificate signature hash", 1975 hdr.payload + hdr.length, 1976 data + data_len - hdr.payload - hdr.length); 1977 os_free(data); 1978 return -1; 1979 } 1980 1981 os_free(data); 1982 1983 wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with " 1984 "calculated tbsCertificate hash"); 1985 1986 return 0; 1987 } 1988 1989 1990 static int x509_valid_issuer(const struct x509_certificate *cert) 1991 { 1992 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) && 1993 !cert->ca) { 1994 wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an " 1995 "issuer"); 1996 return -1; 1997 } 1998 1999 if (cert->version == X509_CERT_V3 && 2000 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) { 2001 wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not " 2002 "include BasicConstraints extension"); 2003 return -1; 2004 } 2005 2006 if ((cert->extensions_present & X509_EXT_KEY_USAGE) && 2007 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) { 2008 wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have " 2009 "keyCertSign bit in Key Usage"); 2010 return -1; 2011 } 2012 2013 return 0; 2014 } 2015 2016 2017 /** 2018 * x509_certificate_chain_validate - Validate X.509 certificate chain 2019 * @trusted: List of trusted certificates 2020 * @chain: Certificate chain to be validated (first chain must be issued by 2021 * signed by the second certificate in the chain and so on) 2022 * @reason: Buffer for returning failure reason (X509_VALIDATE_*) 2023 * Returns: 0 if chain is valid, -1 if not 2024 */ 2025 int x509_certificate_chain_validate(struct x509_certificate *trusted, 2026 struct x509_certificate *chain, 2027 int *reason, int disable_time_checks) 2028 { 2029 long unsigned idx; 2030 int chain_trusted = 0; 2031 struct x509_certificate *cert, *trust; 2032 char buf[128]; 2033 struct os_time now; 2034 2035 *reason = X509_VALIDATE_OK; 2036 2037 wpa_printf(MSG_DEBUG, "X509: Validate certificate chain"); 2038 os_get_time(&now); 2039 2040 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) { 2041 cert->issuer_trusted = 0; 2042 x509_name_string(&cert->subject, buf, sizeof(buf)); 2043 wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf); 2044 2045 if (chain_trusted) 2046 continue; 2047 2048 if (!disable_time_checks && 2049 ((unsigned long) now.sec < 2050 (unsigned long) cert->not_before || 2051 (unsigned long) now.sec > 2052 (unsigned long) cert->not_after)) { 2053 wpa_printf(MSG_INFO, "X509: Certificate not valid " 2054 "(now=%lu not_before=%lu not_after=%lu)", 2055 now.sec, cert->not_before, cert->not_after); 2056 *reason = X509_VALIDATE_CERTIFICATE_EXPIRED; 2057 return -1; 2058 } 2059 2060 if (cert->next) { 2061 if (x509_name_compare(&cert->issuer, 2062 &cert->next->subject) != 0) { 2063 wpa_printf(MSG_DEBUG, "X509: Certificate " 2064 "chain issuer name mismatch"); 2065 x509_name_string(&cert->issuer, buf, 2066 sizeof(buf)); 2067 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s", 2068 buf); 2069 x509_name_string(&cert->next->subject, buf, 2070 sizeof(buf)); 2071 wpa_printf(MSG_DEBUG, "X509: next cert " 2072 "subject: %s", buf); 2073 *reason = X509_VALIDATE_CERTIFICATE_UNKNOWN; 2074 return -1; 2075 } 2076 2077 if (x509_valid_issuer(cert->next) < 0) { 2078 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2079 return -1; 2080 } 2081 2082 if ((cert->next->extensions_present & 2083 X509_EXT_PATH_LEN_CONSTRAINT) && 2084 idx > cert->next->path_len_constraint) { 2085 wpa_printf(MSG_DEBUG, "X509: pathLenConstraint" 2086 " not met (idx=%lu issuer " 2087 "pathLenConstraint=%lu)", idx, 2088 cert->next->path_len_constraint); 2089 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2090 return -1; 2091 } 2092 2093 if (x509_certificate_check_signature(cert->next, cert) 2094 < 0) { 2095 wpa_printf(MSG_DEBUG, "X509: Invalid " 2096 "certificate signature within " 2097 "chain"); 2098 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2099 return -1; 2100 } 2101 } 2102 2103 for (trust = trusted; trust; trust = trust->next) { 2104 if (x509_name_compare(&cert->issuer, &trust->subject) 2105 == 0) 2106 break; 2107 } 2108 2109 if (trust) { 2110 wpa_printf(MSG_DEBUG, "X509: Found issuer from the " 2111 "list of trusted certificates"); 2112 if (x509_valid_issuer(trust) < 0) { 2113 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2114 return -1; 2115 } 2116 2117 if (x509_certificate_check_signature(trust, cert) < 0) 2118 { 2119 wpa_printf(MSG_DEBUG, "X509: Invalid " 2120 "certificate signature"); 2121 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2122 return -1; 2123 } 2124 2125 wpa_printf(MSG_DEBUG, "X509: Trusted certificate " 2126 "found to complete the chain"); 2127 cert->issuer_trusted = 1; 2128 chain_trusted = 1; 2129 } 2130 } 2131 2132 if (!chain_trusted) { 2133 wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers " 2134 "from the list of trusted certificates"); 2135 if (trusted) { 2136 *reason = X509_VALIDATE_UNKNOWN_CA; 2137 return -1; 2138 } 2139 wpa_printf(MSG_DEBUG, "X509: Certificate chain validation " 2140 "disabled - ignore unknown CA issue"); 2141 } 2142 2143 wpa_printf(MSG_DEBUG, "X509: Certificate chain valid"); 2144 2145 return 0; 2146 } 2147 2148 2149 /** 2150 * x509_certificate_get_subject - Get a certificate based on Subject name 2151 * @chain: Certificate chain to search through 2152 * @name: Subject name to search for 2153 * Returns: Pointer to the certificate with the given Subject name or 2154 * %NULL on failure 2155 */ 2156 struct x509_certificate * 2157 x509_certificate_get_subject(struct x509_certificate *chain, 2158 struct x509_name *name) 2159 { 2160 struct x509_certificate *cert; 2161 2162 for (cert = chain; cert; cert = cert->next) { 2163 if (x509_name_compare(&cert->subject, name) == 0) 2164 return cert; 2165 } 2166 return NULL; 2167 } 2168 2169 2170 /** 2171 * x509_certificate_self_signed - Is the certificate self-signed? 2172 * @cert: Certificate 2173 * Returns: 1 if certificate is self-signed, 0 if not 2174 */ 2175 int x509_certificate_self_signed(struct x509_certificate *cert) 2176 { 2177 return x509_name_compare(&cert->issuer, &cert->subject) == 0; 2178 } 2179