1 /* 2 * X.509v3 certificate parsing and processing (RFC 3280 profile) 3 * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/crypto.h" 13 #include "asn1.h" 14 #include "x509v3.h" 15 16 17 void x509_free_name(struct x509_name *name) 18 { 19 size_t i; 20 21 for (i = 0; i < name->num_attr; i++) { 22 os_free(name->attr[i].value); 23 name->attr[i].value = NULL; 24 name->attr[i].type = X509_NAME_ATTR_NOT_USED; 25 } 26 name->num_attr = 0; 27 os_free(name->email); 28 name->email = NULL; 29 30 os_free(name->alt_email); 31 os_free(name->dns); 32 os_free(name->uri); 33 os_free(name->ip); 34 name->alt_email = name->dns = name->uri = NULL; 35 name->ip = NULL; 36 name->ip_len = 0; 37 os_memset(&name->rid, 0, sizeof(name->rid)); 38 } 39 40 41 /** 42 * x509_certificate_free - Free an X.509 certificate 43 * @cert: Certificate to be freed 44 */ 45 void x509_certificate_free(struct x509_certificate *cert) 46 { 47 if (cert == NULL) 48 return; 49 if (cert->next) { 50 wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p " 51 "was still on a list (next=%p)\n", 52 cert, cert->next); 53 } 54 x509_free_name(&cert->issuer); 55 x509_free_name(&cert->subject); 56 os_free(cert->public_key); 57 os_free(cert->sign_value); 58 os_free(cert->subject_dn); 59 os_free(cert); 60 } 61 62 63 /** 64 * x509_certificate_free - Free an X.509 certificate chain 65 * @cert: Pointer to the first certificate in the chain 66 */ 67 void x509_certificate_chain_free(struct x509_certificate *cert) 68 { 69 struct x509_certificate *next; 70 71 while (cert) { 72 next = cert->next; 73 cert->next = NULL; 74 x509_certificate_free(cert); 75 cert = next; 76 } 77 } 78 79 80 static int x509_whitespace(char c) 81 { 82 return c == ' ' || c == '\t'; 83 } 84 85 86 static void x509_str_strip_whitespace(char *a) 87 { 88 char *ipos, *opos; 89 int remove_whitespace = 1; 90 91 ipos = opos = a; 92 93 while (*ipos) { 94 if (remove_whitespace && x509_whitespace(*ipos)) 95 ipos++; 96 else { 97 remove_whitespace = x509_whitespace(*ipos); 98 *opos++ = *ipos++; 99 } 100 } 101 102 *opos-- = '\0'; 103 if (opos > a && x509_whitespace(*opos)) 104 *opos = '\0'; 105 } 106 107 108 static int x509_str_compare(const char *a, const char *b) 109 { 110 char *aa, *bb; 111 int ret; 112 113 if (!a && b) 114 return -1; 115 if (a && !b) 116 return 1; 117 if (!a && !b) 118 return 0; 119 120 aa = os_strdup(a); 121 bb = os_strdup(b); 122 123 if (aa == NULL || bb == NULL) { 124 os_free(aa); 125 os_free(bb); 126 return os_strcasecmp(a, b); 127 } 128 129 x509_str_strip_whitespace(aa); 130 x509_str_strip_whitespace(bb); 131 132 ret = os_strcasecmp(aa, bb); 133 134 os_free(aa); 135 os_free(bb); 136 137 return ret; 138 } 139 140 141 /** 142 * x509_name_compare - Compare X.509 certificate names 143 * @a: Certificate name 144 * @b: Certificate name 145 * Returns: <0, 0, or >0 based on whether a is less than, equal to, or 146 * greater than b 147 */ 148 int x509_name_compare(struct x509_name *a, struct x509_name *b) 149 { 150 int res; 151 size_t i; 152 153 if (!a && b) 154 return -1; 155 if (a && !b) 156 return 1; 157 if (!a && !b) 158 return 0; 159 if (a->num_attr < b->num_attr) 160 return -1; 161 if (a->num_attr > b->num_attr) 162 return 1; 163 164 for (i = 0; i < a->num_attr; i++) { 165 if (a->attr[i].type < b->attr[i].type) 166 return -1; 167 if (a->attr[i].type > b->attr[i].type) 168 return -1; 169 res = x509_str_compare(a->attr[i].value, b->attr[i].value); 170 if (res) 171 return res; 172 } 173 res = x509_str_compare(a->email, b->email); 174 if (res) 175 return res; 176 177 return 0; 178 } 179 180 181 int x509_parse_algorithm_identifier(const u8 *buf, size_t len, 182 struct x509_algorithm_identifier *id, 183 const u8 **next) 184 { 185 struct asn1_hdr hdr; 186 const u8 *pos, *end; 187 188 /* 189 * AlgorithmIdentifier ::= SEQUENCE { 190 * algorithm OBJECT IDENTIFIER, 191 * parameters ANY DEFINED BY algorithm OPTIONAL 192 * } 193 */ 194 195 if (asn1_get_next(buf, len, &hdr) < 0 || 196 hdr.class != ASN1_CLASS_UNIVERSAL || 197 hdr.tag != ASN1_TAG_SEQUENCE) { 198 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 199 "(AlgorithmIdentifier) - found class %d tag 0x%x", 200 hdr.class, hdr.tag); 201 return -1; 202 } 203 if (hdr.length > buf + len - hdr.payload) 204 return -1; 205 pos = hdr.payload; 206 end = pos + hdr.length; 207 208 *next = end; 209 210 if (asn1_get_oid(pos, end - pos, &id->oid, &pos)) 211 return -1; 212 213 /* TODO: optional parameters */ 214 215 return 0; 216 } 217 218 219 static int x509_parse_public_key(const u8 *buf, size_t len, 220 struct x509_certificate *cert, 221 const u8 **next) 222 { 223 struct asn1_hdr hdr; 224 const u8 *pos, *end; 225 226 /* 227 * SubjectPublicKeyInfo ::= SEQUENCE { 228 * algorithm AlgorithmIdentifier, 229 * subjectPublicKey BIT STRING 230 * } 231 */ 232 233 pos = buf; 234 end = buf + len; 235 236 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 237 hdr.class != ASN1_CLASS_UNIVERSAL || 238 hdr.tag != ASN1_TAG_SEQUENCE) { 239 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 240 "(SubjectPublicKeyInfo) - found class %d tag 0x%x", 241 hdr.class, hdr.tag); 242 return -1; 243 } 244 pos = hdr.payload; 245 246 if (hdr.length > end - pos) 247 return -1; 248 end = pos + hdr.length; 249 *next = end; 250 251 if (x509_parse_algorithm_identifier(pos, end - pos, 252 &cert->public_key_alg, &pos)) 253 return -1; 254 255 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 256 hdr.class != ASN1_CLASS_UNIVERSAL || 257 hdr.tag != ASN1_TAG_BITSTRING) { 258 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING " 259 "(subjectPublicKey) - found class %d tag 0x%x", 260 hdr.class, hdr.tag); 261 return -1; 262 } 263 if (hdr.length < 1) 264 return -1; 265 pos = hdr.payload; 266 if (*pos) { 267 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits", 268 *pos); 269 /* 270 * TODO: should this be rejected? X.509 certificates are 271 * unlikely to use such a construction. Now we would end up 272 * including the extra bits in the buffer which may also be 273 * ok. 274 */ 275 } 276 os_free(cert->public_key); 277 cert->public_key = os_memdup(pos + 1, hdr.length - 1); 278 if (cert->public_key == NULL) { 279 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " 280 "public key"); 281 return -1; 282 } 283 cert->public_key_len = hdr.length - 1; 284 wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey", 285 cert->public_key, cert->public_key_len); 286 287 return 0; 288 } 289 290 291 int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name, 292 const u8 **next) 293 { 294 struct asn1_hdr hdr; 295 const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end; 296 struct asn1_oid oid; 297 char *val; 298 299 /* 300 * Name ::= CHOICE { RDNSequence } 301 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 302 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 303 * AttributeTypeAndValue ::= SEQUENCE { 304 * type AttributeType, 305 * value AttributeValue 306 * } 307 * AttributeType ::= OBJECT IDENTIFIER 308 * AttributeValue ::= ANY DEFINED BY AttributeType 309 */ 310 311 if (asn1_get_next(buf, len, &hdr) < 0 || 312 hdr.class != ASN1_CLASS_UNIVERSAL || 313 hdr.tag != ASN1_TAG_SEQUENCE) { 314 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 315 "(Name / RDNSequencer) - found class %d tag 0x%x", 316 hdr.class, hdr.tag); 317 return -1; 318 } 319 pos = hdr.payload; 320 321 if (hdr.length > buf + len - pos) 322 return -1; 323 324 end = *next = pos + hdr.length; 325 326 while (pos < end) { 327 enum x509_name_attr_type type; 328 329 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 330 hdr.class != ASN1_CLASS_UNIVERSAL || 331 hdr.tag != ASN1_TAG_SET) { 332 wpa_printf(MSG_DEBUG, "X509: Expected SET " 333 "(RelativeDistinguishedName) - found class " 334 "%d tag 0x%x", hdr.class, hdr.tag); 335 x509_free_name(name); 336 return -1; 337 } 338 339 set_pos = hdr.payload; 340 pos = set_end = hdr.payload + hdr.length; 341 342 if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 || 343 hdr.class != ASN1_CLASS_UNIVERSAL || 344 hdr.tag != ASN1_TAG_SEQUENCE) { 345 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 346 "(AttributeTypeAndValue) - found class %d " 347 "tag 0x%x", hdr.class, hdr.tag); 348 x509_free_name(name); 349 return -1; 350 } 351 352 seq_pos = hdr.payload; 353 seq_end = hdr.payload + hdr.length; 354 355 if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) { 356 x509_free_name(name); 357 return -1; 358 } 359 360 if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 || 361 hdr.class != ASN1_CLASS_UNIVERSAL) { 362 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 363 "AttributeValue"); 364 x509_free_name(name); 365 return -1; 366 } 367 368 /* RFC 3280: 369 * MUST: country, organization, organizational-unit, 370 * distinguished name qualifier, state or province name, 371 * common name, serial number. 372 * SHOULD: locality, title, surname, given name, initials, 373 * pseudonym, generation qualifier. 374 * MUST: domainComponent (RFC 2247). 375 */ 376 type = X509_NAME_ATTR_NOT_USED; 377 if (oid.len == 4 && 378 oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) { 379 /* id-at ::= 2.5.4 */ 380 switch (oid.oid[3]) { 381 case 3: 382 /* commonName */ 383 type = X509_NAME_ATTR_CN; 384 break; 385 case 6: 386 /* countryName */ 387 type = X509_NAME_ATTR_C; 388 break; 389 case 7: 390 /* localityName */ 391 type = X509_NAME_ATTR_L; 392 break; 393 case 8: 394 /* stateOrProvinceName */ 395 type = X509_NAME_ATTR_ST; 396 break; 397 case 10: 398 /* organizationName */ 399 type = X509_NAME_ATTR_O; 400 break; 401 case 11: 402 /* organizationalUnitName */ 403 type = X509_NAME_ATTR_OU; 404 break; 405 } 406 } else if (oid.len == 7 && 407 oid.oid[0] == 1 && oid.oid[1] == 2 && 408 oid.oid[2] == 840 && oid.oid[3] == 113549 && 409 oid.oid[4] == 1 && oid.oid[5] == 9 && 410 oid.oid[6] == 1) { 411 /* 1.2.840.113549.1.9.1 - e-mailAddress */ 412 os_free(name->email); 413 name->email = os_malloc(hdr.length + 1); 414 if (name->email == NULL) { 415 x509_free_name(name); 416 return -1; 417 } 418 os_memcpy(name->email, hdr.payload, hdr.length); 419 name->email[hdr.length] = '\0'; 420 continue; 421 } else if (oid.len == 7 && 422 oid.oid[0] == 0 && oid.oid[1] == 9 && 423 oid.oid[2] == 2342 && oid.oid[3] == 19200300 && 424 oid.oid[4] == 100 && oid.oid[5] == 1 && 425 oid.oid[6] == 25) { 426 /* 0.9.2342.19200300.100.1.25 - domainComponent */ 427 type = X509_NAME_ATTR_DC; 428 } 429 430 if (type == X509_NAME_ATTR_NOT_USED) { 431 wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID", 432 (u8 *) oid.oid, 433 oid.len * sizeof(oid.oid[0])); 434 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data", 435 hdr.payload, hdr.length); 436 continue; 437 } 438 439 if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) { 440 wpa_printf(MSG_INFO, "X509: Too many Name attributes"); 441 x509_free_name(name); 442 return -1; 443 } 444 445 val = dup_binstr(hdr.payload, hdr.length); 446 if (val == NULL) { 447 x509_free_name(name); 448 return -1; 449 } 450 if (os_strlen(val) != hdr.length) { 451 wpa_printf(MSG_INFO, "X509: Reject certificate with " 452 "embedded NUL byte in a string (%s[NUL])", 453 val); 454 os_free(val); 455 x509_free_name(name); 456 return -1; 457 } 458 459 name->attr[name->num_attr].type = type; 460 name->attr[name->num_attr].value = val; 461 name->num_attr++; 462 } 463 464 return 0; 465 } 466 467 468 static char * x509_name_attr_str(enum x509_name_attr_type type) 469 { 470 switch (type) { 471 case X509_NAME_ATTR_NOT_USED: 472 return "[N/A]"; 473 case X509_NAME_ATTR_DC: 474 return "DC"; 475 case X509_NAME_ATTR_CN: 476 return "CN"; 477 case X509_NAME_ATTR_C: 478 return "C"; 479 case X509_NAME_ATTR_L: 480 return "L"; 481 case X509_NAME_ATTR_ST: 482 return "ST"; 483 case X509_NAME_ATTR_O: 484 return "O"; 485 case X509_NAME_ATTR_OU: 486 return "OU"; 487 } 488 return "?"; 489 } 490 491 492 /** 493 * x509_name_string - Convert an X.509 certificate name into a string 494 * @name: Name to convert 495 * @buf: Buffer for the string 496 * @len: Maximum buffer length 497 */ 498 void x509_name_string(struct x509_name *name, char *buf, size_t len) 499 { 500 char *pos, *end; 501 int ret; 502 size_t i; 503 504 if (len == 0) 505 return; 506 507 pos = buf; 508 end = buf + len; 509 510 for (i = 0; i < name->num_attr; i++) { 511 ret = os_snprintf(pos, end - pos, "%s=%s, ", 512 x509_name_attr_str(name->attr[i].type), 513 name->attr[i].value); 514 if (os_snprintf_error(end - pos, ret)) 515 goto done; 516 pos += ret; 517 } 518 519 if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') { 520 pos--; 521 *pos = '\0'; 522 pos--; 523 *pos = '\0'; 524 } 525 526 if (name->email) { 527 ret = os_snprintf(pos, end - pos, "/emailAddress=%s", 528 name->email); 529 if (os_snprintf_error(end - pos, ret)) 530 goto done; 531 pos += ret; 532 } 533 534 done: 535 end[-1] = '\0'; 536 } 537 538 539 int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val) 540 { 541 const char *pos; 542 int year, month, day, hour, min, sec; 543 544 /* 545 * Time ::= CHOICE { 546 * utcTime UTCTime, 547 * generalTime GeneralizedTime 548 * } 549 * 550 * UTCTime: YYMMDDHHMMSSZ 551 * GeneralizedTime: YYYYMMDDHHMMSSZ 552 */ 553 554 pos = (const char *) buf; 555 556 switch (asn1_tag) { 557 case ASN1_TAG_UTCTIME: 558 if (len != 13 || buf[12] != 'Z') { 559 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized " 560 "UTCTime format", buf, len); 561 return -1; 562 } 563 if (sscanf(pos, "%02d", &year) != 1) { 564 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse " 565 "UTCTime year", buf, len); 566 return -1; 567 } 568 if (year < 50) 569 year += 2000; 570 else 571 year += 1900; 572 pos += 2; 573 break; 574 case ASN1_TAG_GENERALIZEDTIME: 575 if (len != 15 || buf[14] != 'Z') { 576 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized " 577 "GeneralizedTime format", buf, len); 578 return -1; 579 } 580 if (sscanf(pos, "%04d", &year) != 1) { 581 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse " 582 "GeneralizedTime year", buf, len); 583 return -1; 584 } 585 pos += 4; 586 break; 587 default: 588 wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or " 589 "GeneralizedTime - found tag 0x%x", asn1_tag); 590 return -1; 591 } 592 593 if (sscanf(pos, "%02d", &month) != 1) { 594 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 595 "(month)", buf, len); 596 return -1; 597 } 598 pos += 2; 599 600 if (sscanf(pos, "%02d", &day) != 1) { 601 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 602 "(day)", buf, len); 603 return -1; 604 } 605 pos += 2; 606 607 if (sscanf(pos, "%02d", &hour) != 1) { 608 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 609 "(hour)", buf, len); 610 return -1; 611 } 612 pos += 2; 613 614 if (sscanf(pos, "%02d", &min) != 1) { 615 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 616 "(min)", buf, len); 617 return -1; 618 } 619 pos += 2; 620 621 if (sscanf(pos, "%02d", &sec) != 1) { 622 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time " 623 "(sec)", buf, len); 624 return -1; 625 } 626 627 if (os_mktime(year, month, day, hour, min, sec, val) < 0) { 628 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time", 629 buf, len); 630 if (year < 1970) { 631 /* 632 * At least some test certificates have been configured 633 * to use dates prior to 1970. Set the date to 634 * beginning of 1970 to handle these case. 635 */ 636 wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - " 637 "assume epoch as the time", year); 638 *val = 0; 639 return 0; 640 } 641 return -1; 642 } 643 644 return 0; 645 } 646 647 648 static int x509_parse_validity(const u8 *buf, size_t len, 649 struct x509_certificate *cert, const u8 **next) 650 { 651 struct asn1_hdr hdr; 652 const u8 *pos; 653 size_t plen; 654 655 /* 656 * Validity ::= SEQUENCE { 657 * notBefore Time, 658 * notAfter Time 659 * } 660 * 661 * RFC 3280, 4.1.2.5: 662 * CAs conforming to this profile MUST always encode certificate 663 * validity dates through the year 2049 as UTCTime; certificate 664 * validity dates in 2050 or later MUST be encoded as GeneralizedTime. 665 */ 666 667 if (asn1_get_next(buf, len, &hdr) < 0 || 668 hdr.class != ASN1_CLASS_UNIVERSAL || 669 hdr.tag != ASN1_TAG_SEQUENCE) { 670 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 671 "(Validity) - found class %d tag 0x%x", 672 hdr.class, hdr.tag); 673 return -1; 674 } 675 pos = hdr.payload; 676 plen = hdr.length; 677 678 if (plen > (size_t) (buf + len - pos)) 679 return -1; 680 681 *next = pos + plen; 682 683 if (asn1_get_next(pos, plen, &hdr) < 0 || 684 hdr.class != ASN1_CLASS_UNIVERSAL || 685 x509_parse_time(hdr.payload, hdr.length, hdr.tag, 686 &cert->not_before) < 0) { 687 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore " 688 "Time", hdr.payload, hdr.length); 689 return -1; 690 } 691 692 pos = hdr.payload + hdr.length; 693 plen = *next - pos; 694 695 if (asn1_get_next(pos, plen, &hdr) < 0 || 696 hdr.class != ASN1_CLASS_UNIVERSAL || 697 x509_parse_time(hdr.payload, hdr.length, hdr.tag, 698 &cert->not_after) < 0) { 699 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter " 700 "Time", hdr.payload, hdr.length); 701 return -1; 702 } 703 704 wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu", 705 (unsigned long) cert->not_before, 706 (unsigned long) cert->not_after); 707 708 return 0; 709 } 710 711 712 static int x509_id_ce_oid(struct asn1_oid *oid) 713 { 714 /* id-ce arc from X.509 for standard X.509v3 extensions */ 715 return oid->len >= 4 && 716 oid->oid[0] == 2 /* joint-iso-ccitt */ && 717 oid->oid[1] == 5 /* ds */ && 718 oid->oid[2] == 29 /* id-ce */; 719 } 720 721 722 static int x509_any_ext_key_usage_oid(struct asn1_oid *oid) 723 { 724 return oid->len == 6 && 725 x509_id_ce_oid(oid) && 726 oid->oid[3] == 37 /* extKeyUsage */ && 727 oid->oid[4] == 0 /* anyExtendedKeyUsage */; 728 } 729 730 731 static int x509_parse_ext_key_usage(struct x509_certificate *cert, 732 const u8 *pos, size_t len) 733 { 734 struct asn1_hdr hdr; 735 736 /* 737 * KeyUsage ::= BIT STRING { 738 * digitalSignature (0), 739 * nonRepudiation (1), 740 * keyEncipherment (2), 741 * dataEncipherment (3), 742 * keyAgreement (4), 743 * keyCertSign (5), 744 * cRLSign (6), 745 * encipherOnly (7), 746 * decipherOnly (8) } 747 */ 748 749 if (asn1_get_next(pos, len, &hdr) < 0 || 750 hdr.class != ASN1_CLASS_UNIVERSAL || 751 hdr.tag != ASN1_TAG_BITSTRING || 752 hdr.length < 1) { 753 wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in " 754 "KeyUsage; found %d tag 0x%x len %d", 755 hdr.class, hdr.tag, hdr.length); 756 return -1; 757 } 758 759 cert->extensions_present |= X509_EXT_KEY_USAGE; 760 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length); 761 762 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage); 763 764 return 0; 765 } 766 767 768 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert, 769 const u8 *pos, size_t len) 770 { 771 struct asn1_hdr hdr; 772 unsigned long value; 773 size_t left; 774 775 /* 776 * BasicConstraints ::= SEQUENCE { 777 * cA BOOLEAN DEFAULT FALSE, 778 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 779 */ 780 781 if (asn1_get_next(pos, len, &hdr) < 0 || 782 hdr.class != ASN1_CLASS_UNIVERSAL || 783 hdr.tag != ASN1_TAG_SEQUENCE) { 784 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 785 "BasicConstraints; found %d tag 0x%x", 786 hdr.class, hdr.tag); 787 return -1; 788 } 789 790 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS; 791 792 if (hdr.length == 0) 793 return 0; 794 795 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 || 796 hdr.class != ASN1_CLASS_UNIVERSAL) { 797 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 798 "BasicConstraints"); 799 return -1; 800 } 801 802 if (hdr.tag == ASN1_TAG_BOOLEAN) { 803 if (hdr.length != 1) { 804 wpa_printf(MSG_DEBUG, "X509: Unexpected " 805 "Boolean length (%u) in BasicConstraints", 806 hdr.length); 807 return -1; 808 } 809 cert->ca = hdr.payload[0]; 810 811 if (hdr.length == pos + len - hdr.payload) { 812 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d", 813 cert->ca); 814 return 0; 815 } 816 817 if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length, 818 &hdr) < 0 || 819 hdr.class != ASN1_CLASS_UNIVERSAL) { 820 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 821 "BasicConstraints"); 822 return -1; 823 } 824 } 825 826 if (hdr.tag != ASN1_TAG_INTEGER) { 827 wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in " 828 "BasicConstraints; found class %d tag 0x%x", 829 hdr.class, hdr.tag); 830 return -1; 831 } 832 833 pos = hdr.payload; 834 left = hdr.length; 835 value = 0; 836 while (left) { 837 value <<= 8; 838 value |= *pos++; 839 left--; 840 } 841 842 cert->path_len_constraint = value; 843 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT; 844 845 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d " 846 "pathLenConstraint=%lu", 847 cert->ca, cert->path_len_constraint); 848 849 return 0; 850 } 851 852 853 static int x509_parse_alt_name_rfc8222(struct x509_name *name, 854 const u8 *pos, size_t len) 855 { 856 /* rfc822Name IA5String */ 857 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len); 858 os_free(name->alt_email); 859 name->alt_email = os_zalloc(len + 1); 860 if (name->alt_email == NULL) 861 return -1; 862 os_memcpy(name->alt_email, pos, len); 863 if (os_strlen(name->alt_email) != len) { 864 wpa_printf(MSG_INFO, "X509: Reject certificate with " 865 "embedded NUL byte in rfc822Name (%s[NUL])", 866 name->alt_email); 867 os_free(name->alt_email); 868 name->alt_email = NULL; 869 return -1; 870 } 871 return 0; 872 } 873 874 875 static int x509_parse_alt_name_dns(struct x509_name *name, 876 const u8 *pos, size_t len) 877 { 878 /* dNSName IA5String */ 879 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len); 880 os_free(name->dns); 881 name->dns = os_zalloc(len + 1); 882 if (name->dns == NULL) 883 return -1; 884 os_memcpy(name->dns, pos, len); 885 if (os_strlen(name->dns) != len) { 886 wpa_printf(MSG_INFO, "X509: Reject certificate with " 887 "embedded NUL byte in dNSName (%s[NUL])", 888 name->dns); 889 os_free(name->dns); 890 name->dns = NULL; 891 return -1; 892 } 893 return 0; 894 } 895 896 897 static int x509_parse_alt_name_uri(struct x509_name *name, 898 const u8 *pos, size_t len) 899 { 900 /* uniformResourceIdentifier IA5String */ 901 wpa_hexdump_ascii(MSG_MSGDUMP, 902 "X509: altName - uniformResourceIdentifier", 903 pos, len); 904 os_free(name->uri); 905 name->uri = os_zalloc(len + 1); 906 if (name->uri == NULL) 907 return -1; 908 os_memcpy(name->uri, pos, len); 909 if (os_strlen(name->uri) != len) { 910 wpa_printf(MSG_INFO, "X509: Reject certificate with " 911 "embedded NUL byte in uniformResourceIdentifier " 912 "(%s[NUL])", name->uri); 913 os_free(name->uri); 914 name->uri = NULL; 915 return -1; 916 } 917 return 0; 918 } 919 920 921 static int x509_parse_alt_name_ip(struct x509_name *name, 922 const u8 *pos, size_t len) 923 { 924 /* iPAddress OCTET STRING */ 925 wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len); 926 os_free(name->ip); 927 name->ip = os_memdup(pos, len); 928 if (name->ip == NULL) 929 return -1; 930 name->ip_len = len; 931 return 0; 932 } 933 934 935 static int x509_parse_alt_name_rid(struct x509_name *name, 936 const u8 *pos, size_t len) 937 { 938 char buf[80]; 939 940 /* registeredID OBJECT IDENTIFIER */ 941 if (asn1_parse_oid(pos, len, &name->rid) < 0) 942 return -1; 943 944 asn1_oid_to_str(&name->rid, buf, sizeof(buf)); 945 wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf); 946 947 return 0; 948 } 949 950 951 static int x509_parse_ext_alt_name(struct x509_name *name, 952 const u8 *pos, size_t len) 953 { 954 struct asn1_hdr hdr; 955 const u8 *p, *end; 956 957 /* 958 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 959 * 960 * GeneralName ::= CHOICE { 961 * otherName [0] OtherName, 962 * rfc822Name [1] IA5String, 963 * dNSName [2] IA5String, 964 * x400Address [3] ORAddress, 965 * directoryName [4] Name, 966 * ediPartyName [5] EDIPartyName, 967 * uniformResourceIdentifier [6] IA5String, 968 * iPAddress [7] OCTET STRING, 969 * registeredID [8] OBJECT IDENTIFIER } 970 * 971 * OtherName ::= SEQUENCE { 972 * type-id OBJECT IDENTIFIER, 973 * value [0] EXPLICIT ANY DEFINED BY type-id } 974 * 975 * EDIPartyName ::= SEQUENCE { 976 * nameAssigner [0] DirectoryString OPTIONAL, 977 * partyName [1] DirectoryString } 978 */ 979 980 for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) { 981 int res; 982 983 if (asn1_get_next(p, end - p, &hdr) < 0) { 984 wpa_printf(MSG_DEBUG, "X509: Failed to parse " 985 "SubjectAltName item"); 986 return -1; 987 } 988 989 if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) 990 continue; 991 992 switch (hdr.tag) { 993 case 1: 994 res = x509_parse_alt_name_rfc8222(name, hdr.payload, 995 hdr.length); 996 break; 997 case 2: 998 res = x509_parse_alt_name_dns(name, hdr.payload, 999 hdr.length); 1000 break; 1001 case 6: 1002 res = x509_parse_alt_name_uri(name, hdr.payload, 1003 hdr.length); 1004 break; 1005 case 7: 1006 res = x509_parse_alt_name_ip(name, hdr.payload, 1007 hdr.length); 1008 break; 1009 case 8: 1010 res = x509_parse_alt_name_rid(name, hdr.payload, 1011 hdr.length); 1012 break; 1013 case 0: /* TODO: otherName */ 1014 case 3: /* TODO: x500Address */ 1015 case 4: /* TODO: directoryName */ 1016 case 5: /* TODO: ediPartyName */ 1017 default: 1018 res = 0; 1019 break; 1020 } 1021 if (res < 0) 1022 return res; 1023 } 1024 1025 return 0; 1026 } 1027 1028 1029 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert, 1030 const u8 *pos, size_t len) 1031 { 1032 struct asn1_hdr hdr; 1033 1034 /* SubjectAltName ::= GeneralNames */ 1035 1036 if (asn1_get_next(pos, len, &hdr) < 0 || 1037 hdr.class != ASN1_CLASS_UNIVERSAL || 1038 hdr.tag != ASN1_TAG_SEQUENCE) { 1039 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 1040 "SubjectAltName; found %d tag 0x%x", 1041 hdr.class, hdr.tag); 1042 return -1; 1043 } 1044 1045 wpa_printf(MSG_DEBUG, "X509: SubjectAltName"); 1046 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME; 1047 1048 if (hdr.length == 0) 1049 return 0; 1050 1051 return x509_parse_ext_alt_name(&cert->subject, hdr.payload, 1052 hdr.length); 1053 } 1054 1055 1056 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert, 1057 const u8 *pos, size_t len) 1058 { 1059 struct asn1_hdr hdr; 1060 1061 /* IssuerAltName ::= GeneralNames */ 1062 1063 if (asn1_get_next(pos, len, &hdr) < 0 || 1064 hdr.class != ASN1_CLASS_UNIVERSAL || 1065 hdr.tag != ASN1_TAG_SEQUENCE) { 1066 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in " 1067 "IssuerAltName; found %d tag 0x%x", 1068 hdr.class, hdr.tag); 1069 return -1; 1070 } 1071 1072 wpa_printf(MSG_DEBUG, "X509: IssuerAltName"); 1073 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME; 1074 1075 if (hdr.length == 0) 1076 return 0; 1077 1078 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload, 1079 hdr.length); 1080 } 1081 1082 1083 static int x509_id_pkix_oid(struct asn1_oid *oid) 1084 { 1085 return oid->len >= 7 && 1086 oid->oid[0] == 1 /* iso */ && 1087 oid->oid[1] == 3 /* identified-organization */ && 1088 oid->oid[2] == 6 /* dod */ && 1089 oid->oid[3] == 1 /* internet */ && 1090 oid->oid[4] == 5 /* security */ && 1091 oid->oid[5] == 5 /* mechanisms */ && 1092 oid->oid[6] == 7 /* id-pkix */; 1093 } 1094 1095 1096 static int x509_id_kp_oid(struct asn1_oid *oid) 1097 { 1098 /* id-kp */ 1099 return oid->len >= 8 && 1100 x509_id_pkix_oid(oid) && 1101 oid->oid[7] == 3 /* id-kp */; 1102 } 1103 1104 1105 static int x509_id_kp_server_auth_oid(struct asn1_oid *oid) 1106 { 1107 /* id-kp */ 1108 return oid->len == 9 && 1109 x509_id_kp_oid(oid) && 1110 oid->oid[8] == 1 /* id-kp-serverAuth */; 1111 } 1112 1113 1114 static int x509_id_kp_client_auth_oid(struct asn1_oid *oid) 1115 { 1116 /* id-kp */ 1117 return oid->len == 9 && 1118 x509_id_kp_oid(oid) && 1119 oid->oid[8] == 2 /* id-kp-clientAuth */; 1120 } 1121 1122 1123 static int x509_id_kp_ocsp_oid(struct asn1_oid *oid) 1124 { 1125 /* id-kp */ 1126 return oid->len == 9 && 1127 x509_id_kp_oid(oid) && 1128 oid->oid[8] == 9 /* id-kp-OCSPSigning */; 1129 } 1130 1131 1132 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert, 1133 const u8 *pos, size_t len) 1134 { 1135 struct asn1_hdr hdr; 1136 const u8 *end; 1137 struct asn1_oid oid; 1138 1139 /* 1140 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 1141 * 1142 * KeyPurposeId ::= OBJECT IDENTIFIER 1143 */ 1144 1145 if (asn1_get_next(pos, len, &hdr) < 0 || 1146 hdr.class != ASN1_CLASS_UNIVERSAL || 1147 hdr.tag != ASN1_TAG_SEQUENCE) { 1148 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 1149 "(ExtKeyUsageSyntax) - found class %d tag 0x%x", 1150 hdr.class, hdr.tag); 1151 return -1; 1152 } 1153 if (hdr.length > pos + len - hdr.payload) 1154 return -1; 1155 pos = hdr.payload; 1156 end = pos + hdr.length; 1157 1158 wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos); 1159 1160 while (pos < end) { 1161 char buf[80]; 1162 1163 if (asn1_get_oid(pos, end - pos, &oid, &pos)) 1164 return -1; 1165 if (x509_any_ext_key_usage_oid(&oid)) { 1166 os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf)); 1167 cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY; 1168 } else if (x509_id_kp_server_auth_oid(&oid)) { 1169 os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf)); 1170 cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH; 1171 } else if (x509_id_kp_client_auth_oid(&oid)) { 1172 os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf)); 1173 cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH; 1174 } else if (x509_id_kp_ocsp_oid(&oid)) { 1175 os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf)); 1176 cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP; 1177 } else { 1178 asn1_oid_to_str(&oid, buf, sizeof(buf)); 1179 } 1180 wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf); 1181 } 1182 1183 cert->extensions_present |= X509_EXT_EXT_KEY_USAGE; 1184 1185 return 0; 1186 } 1187 1188 1189 static int x509_parse_extension_data(struct x509_certificate *cert, 1190 struct asn1_oid *oid, 1191 const u8 *pos, size_t len) 1192 { 1193 if (!x509_id_ce_oid(oid)) 1194 return 1; 1195 1196 /* TODO: add other extensions required by RFC 3280, Ch 4.2: 1197 * certificate policies (section 4.2.1.5) 1198 * name constraints (section 4.2.1.11) 1199 * policy constraints (section 4.2.1.12) 1200 * inhibit any-policy (section 4.2.1.15) 1201 */ 1202 switch (oid->oid[3]) { 1203 case 15: /* id-ce-keyUsage */ 1204 return x509_parse_ext_key_usage(cert, pos, len); 1205 case 17: /* id-ce-subjectAltName */ 1206 return x509_parse_ext_subject_alt_name(cert, pos, len); 1207 case 18: /* id-ce-issuerAltName */ 1208 return x509_parse_ext_issuer_alt_name(cert, pos, len); 1209 case 19: /* id-ce-basicConstraints */ 1210 return x509_parse_ext_basic_constraints(cert, pos, len); 1211 case 37: /* id-ce-extKeyUsage */ 1212 return x509_parse_ext_ext_key_usage(cert, pos, len); 1213 default: 1214 return 1; 1215 } 1216 } 1217 1218 1219 static int x509_parse_extension(struct x509_certificate *cert, 1220 const u8 *pos, size_t len, const u8 **next) 1221 { 1222 const u8 *end; 1223 struct asn1_hdr hdr; 1224 struct asn1_oid oid; 1225 int critical_ext = 0, res; 1226 char buf[80]; 1227 1228 /* 1229 * Extension ::= SEQUENCE { 1230 * extnID OBJECT IDENTIFIER, 1231 * critical BOOLEAN DEFAULT FALSE, 1232 * extnValue OCTET STRING 1233 * } 1234 */ 1235 1236 if (asn1_get_next(pos, len, &hdr) < 0 || 1237 hdr.class != ASN1_CLASS_UNIVERSAL || 1238 hdr.tag != ASN1_TAG_SEQUENCE) { 1239 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in " 1240 "Extensions: class %d tag 0x%x; expected SEQUENCE", 1241 hdr.class, hdr.tag); 1242 return -1; 1243 } 1244 pos = hdr.payload; 1245 *next = end = pos + hdr.length; 1246 1247 if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) { 1248 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for " 1249 "Extension (expected OID)"); 1250 return -1; 1251 } 1252 1253 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1254 hdr.class != ASN1_CLASS_UNIVERSAL || 1255 (hdr.tag != ASN1_TAG_BOOLEAN && 1256 hdr.tag != ASN1_TAG_OCTETSTRING)) { 1257 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in " 1258 "Extensions: class %d tag 0x%x; expected BOOLEAN " 1259 "or OCTET STRING", hdr.class, hdr.tag); 1260 return -1; 1261 } 1262 1263 if (hdr.tag == ASN1_TAG_BOOLEAN) { 1264 if (hdr.length != 1) { 1265 wpa_printf(MSG_DEBUG, "X509: Unexpected " 1266 "Boolean length (%u)", hdr.length); 1267 return -1; 1268 } 1269 critical_ext = hdr.payload[0]; 1270 pos = hdr.payload; 1271 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1272 (hdr.class != ASN1_CLASS_UNIVERSAL && 1273 hdr.class != ASN1_CLASS_PRIVATE) || 1274 hdr.tag != ASN1_TAG_OCTETSTRING) { 1275 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header " 1276 "in Extensions: class %d tag 0x%x; " 1277 "expected OCTET STRING", 1278 hdr.class, hdr.tag); 1279 return -1; 1280 } 1281 } 1282 1283 asn1_oid_to_str(&oid, buf, sizeof(buf)); 1284 wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d", 1285 buf, critical_ext); 1286 wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length); 1287 1288 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length); 1289 if (res < 0) 1290 return res; 1291 if (res == 1 && critical_ext) { 1292 wpa_printf(MSG_INFO, "X509: Unknown critical extension %s", 1293 buf); 1294 return -1; 1295 } 1296 1297 return 0; 1298 } 1299 1300 1301 static int x509_parse_extensions(struct x509_certificate *cert, 1302 const u8 *pos, size_t len) 1303 { 1304 const u8 *end; 1305 struct asn1_hdr hdr; 1306 1307 /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ 1308 1309 if (asn1_get_next(pos, len, &hdr) < 0 || 1310 hdr.class != ASN1_CLASS_UNIVERSAL || 1311 hdr.tag != ASN1_TAG_SEQUENCE) { 1312 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data " 1313 "for Extensions: class %d tag 0x%x; " 1314 "expected SEQUENCE", hdr.class, hdr.tag); 1315 return -1; 1316 } 1317 1318 pos = hdr.payload; 1319 end = pos + hdr.length; 1320 1321 while (pos < end) { 1322 if (x509_parse_extension(cert, pos, end - pos, &pos) 1323 < 0) 1324 return -1; 1325 } 1326 1327 return 0; 1328 } 1329 1330 1331 static int x509_parse_tbs_certificate(const u8 *buf, size_t len, 1332 struct x509_certificate *cert, 1333 const u8 **next) 1334 { 1335 struct asn1_hdr hdr; 1336 const u8 *pos, *end; 1337 size_t left; 1338 char sbuf[128]; 1339 unsigned long value; 1340 const u8 *subject_dn; 1341 1342 /* tbsCertificate TBSCertificate ::= SEQUENCE */ 1343 if (asn1_get_next(buf, len, &hdr) < 0 || 1344 hdr.class != ASN1_CLASS_UNIVERSAL || 1345 hdr.tag != ASN1_TAG_SEQUENCE) { 1346 wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start " 1347 "with a valid SEQUENCE - found class %d tag 0x%x", 1348 hdr.class, hdr.tag); 1349 return -1; 1350 } 1351 pos = hdr.payload; 1352 end = *next = pos + hdr.length; 1353 1354 /* 1355 * version [0] EXPLICIT Version DEFAULT v1 1356 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 1357 */ 1358 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1359 return -1; 1360 pos = hdr.payload; 1361 1362 if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) { 1363 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1364 return -1; 1365 1366 if (hdr.class != ASN1_CLASS_UNIVERSAL || 1367 hdr.tag != ASN1_TAG_INTEGER) { 1368 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for " 1369 "version field - found class %d tag 0x%x", 1370 hdr.class, hdr.tag); 1371 return -1; 1372 } 1373 if (hdr.length != 1) { 1374 wpa_printf(MSG_DEBUG, "X509: Unexpected version field " 1375 "length %u (expected 1)", hdr.length); 1376 return -1; 1377 } 1378 pos = hdr.payload; 1379 left = hdr.length; 1380 value = 0; 1381 while (left) { 1382 value <<= 8; 1383 value |= *pos++; 1384 left--; 1385 } 1386 1387 cert->version = value; 1388 if (cert->version != X509_CERT_V1 && 1389 cert->version != X509_CERT_V2 && 1390 cert->version != X509_CERT_V3) { 1391 wpa_printf(MSG_DEBUG, "X509: Unsupported version %d", 1392 cert->version + 1); 1393 return -1; 1394 } 1395 1396 if (asn1_get_next(pos, end - pos, &hdr) < 0) 1397 return -1; 1398 } else 1399 cert->version = X509_CERT_V1; 1400 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1); 1401 1402 /* serialNumber CertificateSerialNumber ::= INTEGER */ 1403 if (hdr.class != ASN1_CLASS_UNIVERSAL || 1404 hdr.tag != ASN1_TAG_INTEGER || 1405 hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) { 1406 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for " 1407 "serialNumber; class=%d tag=0x%x length=%u", 1408 hdr.class, hdr.tag, hdr.length); 1409 return -1; 1410 } 1411 1412 pos = hdr.payload + hdr.length; 1413 while (hdr.length > 0 && hdr.payload[0] == 0) { 1414 hdr.payload++; 1415 hdr.length--; 1416 } 1417 os_memcpy(cert->serial_number, hdr.payload, hdr.length); 1418 cert->serial_number_len = hdr.length; 1419 wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number, 1420 cert->serial_number_len); 1421 1422 /* signature AlgorithmIdentifier */ 1423 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature, 1424 &pos)) 1425 return -1; 1426 1427 /* issuer Name */ 1428 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos)) 1429 return -1; 1430 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf)); 1431 wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf); 1432 1433 /* validity Validity */ 1434 if (x509_parse_validity(pos, end - pos, cert, &pos)) 1435 return -1; 1436 1437 /* subject Name */ 1438 subject_dn = pos; 1439 if (x509_parse_name(pos, end - pos, &cert->subject, &pos)) 1440 return -1; 1441 cert->subject_dn = os_malloc(pos - subject_dn); 1442 if (!cert->subject_dn) 1443 return -1; 1444 cert->subject_dn_len = pos - subject_dn; 1445 os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len); 1446 x509_name_string(&cert->subject, sbuf, sizeof(sbuf)); 1447 wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf); 1448 1449 /* subjectPublicKeyInfo SubjectPublicKeyInfo */ 1450 if (x509_parse_public_key(pos, end - pos, cert, &pos)) 1451 return -1; 1452 1453 if (pos == end) 1454 return 0; 1455 1456 if (cert->version == X509_CERT_V1) 1457 return 0; 1458 1459 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1460 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1461 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1462 " tag to parse optional tbsCertificate " 1463 "field(s); parsed class %d tag 0x%x", 1464 hdr.class, hdr.tag); 1465 return -1; 1466 } 1467 1468 if (hdr.tag == 1) { 1469 /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */ 1470 wpa_printf(MSG_DEBUG, "X509: issuerUniqueID"); 1471 /* TODO: parse UniqueIdentifier ::= BIT STRING */ 1472 1473 pos = hdr.payload + hdr.length; 1474 if (pos == end) 1475 return 0; 1476 1477 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1478 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1479 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1480 " tag to parse optional tbsCertificate " 1481 "field(s); parsed class %d tag 0x%x", 1482 hdr.class, hdr.tag); 1483 return -1; 1484 } 1485 } 1486 1487 if (hdr.tag == 2) { 1488 /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */ 1489 wpa_printf(MSG_DEBUG, "X509: subjectUniqueID"); 1490 /* TODO: parse UniqueIdentifier ::= BIT STRING */ 1491 1492 pos = hdr.payload + hdr.length; 1493 if (pos == end) 1494 return 0; 1495 1496 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1497 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { 1498 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific" 1499 " tag to parse optional tbsCertificate " 1500 "field(s); parsed class %d tag 0x%x", 1501 hdr.class, hdr.tag); 1502 return -1; 1503 } 1504 } 1505 1506 if (hdr.tag != 3) { 1507 wpa_printf(MSG_DEBUG, "X509: Ignored unexpected " 1508 "Context-Specific tag %d in optional " 1509 "tbsCertificate fields", hdr.tag); 1510 return 0; 1511 } 1512 1513 /* extensions [3] EXPLICIT Extensions OPTIONAL */ 1514 1515 if (cert->version != X509_CERT_V3) { 1516 wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and " 1517 "Extensions data which are only allowed for " 1518 "version 3", cert->version + 1); 1519 return -1; 1520 } 1521 1522 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0) 1523 return -1; 1524 1525 pos = hdr.payload + hdr.length; 1526 if (pos < end) { 1527 wpa_hexdump(MSG_DEBUG, 1528 "X509: Ignored extra tbsCertificate data", 1529 pos, end - pos); 1530 } 1531 1532 return 0; 1533 } 1534 1535 1536 static int x509_rsadsi_oid(struct asn1_oid *oid) 1537 { 1538 return oid->len >= 4 && 1539 oid->oid[0] == 1 /* iso */ && 1540 oid->oid[1] == 2 /* member-body */ && 1541 oid->oid[2] == 840 /* us */ && 1542 oid->oid[3] == 113549 /* rsadsi */; 1543 } 1544 1545 1546 static int x509_pkcs_oid(struct asn1_oid *oid) 1547 { 1548 return oid->len >= 5 && 1549 x509_rsadsi_oid(oid) && 1550 oid->oid[4] == 1 /* pkcs */; 1551 } 1552 1553 1554 static int x509_digest_oid(struct asn1_oid *oid) 1555 { 1556 return oid->len >= 5 && 1557 x509_rsadsi_oid(oid) && 1558 oid->oid[4] == 2 /* digestAlgorithm */; 1559 } 1560 1561 1562 int x509_sha1_oid(struct asn1_oid *oid) 1563 { 1564 return oid->len == 6 && 1565 oid->oid[0] == 1 /* iso */ && 1566 oid->oid[1] == 3 /* identified-organization */ && 1567 oid->oid[2] == 14 /* oiw */ && 1568 oid->oid[3] == 3 /* secsig */ && 1569 oid->oid[4] == 2 /* algorithms */ && 1570 oid->oid[5] == 26 /* id-sha1 */; 1571 } 1572 1573 1574 static int x509_sha2_oid(struct asn1_oid *oid) 1575 { 1576 return oid->len == 9 && 1577 oid->oid[0] == 2 /* joint-iso-itu-t */ && 1578 oid->oid[1] == 16 /* country */ && 1579 oid->oid[2] == 840 /* us */ && 1580 oid->oid[3] == 1 /* organization */ && 1581 oid->oid[4] == 101 /* gov */ && 1582 oid->oid[5] == 3 /* csor */ && 1583 oid->oid[6] == 4 /* nistAlgorithm */ && 1584 oid->oid[7] == 2 /* hashAlgs */; 1585 } 1586 1587 1588 int x509_sha256_oid(struct asn1_oid *oid) 1589 { 1590 return x509_sha2_oid(oid) && 1591 oid->oid[8] == 1 /* sha256 */; 1592 } 1593 1594 1595 int x509_sha384_oid(struct asn1_oid *oid) 1596 { 1597 return x509_sha2_oid(oid) && 1598 oid->oid[8] == 2 /* sha384 */; 1599 } 1600 1601 1602 int x509_sha512_oid(struct asn1_oid *oid) 1603 { 1604 return x509_sha2_oid(oid) && 1605 oid->oid[8] == 3 /* sha512 */; 1606 } 1607 1608 1609 /** 1610 * x509_certificate_parse - Parse a X.509 certificate in DER format 1611 * @buf: Pointer to the X.509 certificate in DER format 1612 * @len: Buffer length 1613 * Returns: Pointer to the parsed certificate or %NULL on failure 1614 * 1615 * Caller is responsible for freeing the returned certificate by calling 1616 * x509_certificate_free(). 1617 */ 1618 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len) 1619 { 1620 struct asn1_hdr hdr; 1621 const u8 *pos, *end, *hash_start; 1622 struct x509_certificate *cert; 1623 1624 cert = os_zalloc(sizeof(*cert) + len); 1625 if (cert == NULL) 1626 return NULL; 1627 os_memcpy(cert + 1, buf, len); 1628 cert->cert_start = (u8 *) (cert + 1); 1629 cert->cert_len = len; 1630 1631 pos = buf; 1632 end = buf + len; 1633 1634 /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */ 1635 1636 /* Certificate ::= SEQUENCE */ 1637 if (asn1_get_next(pos, len, &hdr) < 0 || 1638 hdr.class != ASN1_CLASS_UNIVERSAL || 1639 hdr.tag != ASN1_TAG_SEQUENCE) { 1640 wpa_printf(MSG_DEBUG, "X509: Certificate did not start with " 1641 "a valid SEQUENCE - found class %d tag 0x%x", 1642 hdr.class, hdr.tag); 1643 x509_certificate_free(cert); 1644 return NULL; 1645 } 1646 pos = hdr.payload; 1647 1648 if (hdr.length > end - pos) { 1649 x509_certificate_free(cert); 1650 return NULL; 1651 } 1652 1653 if (hdr.length < end - pos) { 1654 wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER " 1655 "encoded certificate", 1656 pos + hdr.length, end - (pos + hdr.length)); 1657 end = pos + hdr.length; 1658 } 1659 1660 hash_start = pos; 1661 cert->tbs_cert_start = cert->cert_start + (hash_start - buf); 1662 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) { 1663 x509_certificate_free(cert); 1664 return NULL; 1665 } 1666 cert->tbs_cert_len = pos - hash_start; 1667 1668 /* signatureAlgorithm AlgorithmIdentifier */ 1669 if (x509_parse_algorithm_identifier(pos, end - pos, 1670 &cert->signature_alg, &pos)) { 1671 x509_certificate_free(cert); 1672 return NULL; 1673 } 1674 1675 /* signatureValue BIT STRING */ 1676 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1677 hdr.class != ASN1_CLASS_UNIVERSAL || 1678 hdr.tag != ASN1_TAG_BITSTRING) { 1679 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING " 1680 "(signatureValue) - found class %d tag 0x%x", 1681 hdr.class, hdr.tag); 1682 x509_certificate_free(cert); 1683 return NULL; 1684 } 1685 if (hdr.length < 1) { 1686 x509_certificate_free(cert); 1687 return NULL; 1688 } 1689 pos = hdr.payload; 1690 if (*pos) { 1691 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits", 1692 *pos); 1693 /* PKCS #1 v1.5 10.2.1: 1694 * It is an error if the length in bits of the signature S is 1695 * not a multiple of eight. 1696 */ 1697 x509_certificate_free(cert); 1698 return NULL; 1699 } 1700 os_free(cert->sign_value); 1701 cert->sign_value = os_memdup(pos + 1, hdr.length - 1); 1702 if (cert->sign_value == NULL) { 1703 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for " 1704 "signatureValue"); 1705 x509_certificate_free(cert); 1706 return NULL; 1707 } 1708 cert->sign_value_len = hdr.length - 1; 1709 wpa_hexdump(MSG_MSGDUMP, "X509: signature", 1710 cert->sign_value, cert->sign_value_len); 1711 1712 return cert; 1713 } 1714 1715 1716 /** 1717 * x509_certificate_check_signature - Verify certificate signature 1718 * @issuer: Issuer certificate 1719 * @cert: Certificate to be verified 1720 * Returns: 0 if cert has a valid signature that was signed by the issuer, 1721 * -1 if not 1722 */ 1723 int x509_certificate_check_signature(struct x509_certificate *issuer, 1724 struct x509_certificate *cert) 1725 { 1726 return x509_check_signature(issuer, &cert->signature, 1727 cert->sign_value, cert->sign_value_len, 1728 cert->tbs_cert_start, cert->tbs_cert_len); 1729 } 1730 1731 1732 int x509_check_signature(struct x509_certificate *issuer, 1733 struct x509_algorithm_identifier *signature, 1734 const u8 *sign_value, size_t sign_value_len, 1735 const u8 *signed_data, size_t signed_data_len) 1736 { 1737 struct crypto_public_key *pk; 1738 u8 *data; 1739 const u8 *pos, *end, *next, *da_end; 1740 size_t data_len; 1741 struct asn1_hdr hdr; 1742 struct asn1_oid oid; 1743 u8 hash[64]; 1744 size_t hash_len; 1745 const u8 *addr[1] = { signed_data }; 1746 size_t len[1] = { signed_data_len }; 1747 1748 if (!x509_pkcs_oid(&signature->oid) || 1749 signature->oid.len != 7 || 1750 signature->oid.oid[5] != 1 /* pkcs-1 */) { 1751 wpa_printf(MSG_DEBUG, "X509: Unrecognized signature " 1752 "algorithm"); 1753 return -1; 1754 } 1755 1756 pk = crypto_public_key_import(issuer->public_key, 1757 issuer->public_key_len); 1758 if (pk == NULL) 1759 return -1; 1760 1761 data_len = sign_value_len; 1762 data = os_malloc(data_len); 1763 if (data == NULL) { 1764 crypto_public_key_free(pk); 1765 return -1; 1766 } 1767 1768 if (crypto_public_key_decrypt_pkcs1(pk, sign_value, 1769 sign_value_len, data, 1770 &data_len) < 0) { 1771 wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature"); 1772 crypto_public_key_free(pk); 1773 os_free(data); 1774 return -1; 1775 } 1776 crypto_public_key_free(pk); 1777 1778 wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len); 1779 1780 /* 1781 * PKCS #1 v1.5, 10.1.2: 1782 * 1783 * DigestInfo ::= SEQUENCE { 1784 * digestAlgorithm DigestAlgorithmIdentifier, 1785 * digest Digest 1786 * } 1787 * 1788 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier 1789 * 1790 * Digest ::= OCTET STRING 1791 * 1792 */ 1793 if (asn1_get_next(data, data_len, &hdr) < 0 || 1794 hdr.class != ASN1_CLASS_UNIVERSAL || 1795 hdr.tag != ASN1_TAG_SEQUENCE) { 1796 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 1797 "(DigestInfo) - found class %d tag 0x%x", 1798 hdr.class, hdr.tag); 1799 os_free(data); 1800 return -1; 1801 } 1802 1803 pos = hdr.payload; 1804 end = pos + hdr.length; 1805 1806 /* 1807 * X.509: 1808 * AlgorithmIdentifier ::= SEQUENCE { 1809 * algorithm OBJECT IDENTIFIER, 1810 * parameters ANY DEFINED BY algorithm OPTIONAL 1811 * } 1812 */ 1813 1814 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1815 hdr.class != ASN1_CLASS_UNIVERSAL || 1816 hdr.tag != ASN1_TAG_SEQUENCE) { 1817 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE " 1818 "(AlgorithmIdentifier) - found class %d tag 0x%x", 1819 hdr.class, hdr.tag); 1820 os_free(data); 1821 return -1; 1822 } 1823 da_end = hdr.payload + hdr.length; 1824 1825 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { 1826 wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm"); 1827 os_free(data); 1828 return -1; 1829 } 1830 1831 if (x509_sha1_oid(&oid)) { 1832 if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { 1833 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 " 1834 "does not match with certificate " 1835 "signatureAlgorithm (%lu)", 1836 signature->oid.oid[6]); 1837 os_free(data); 1838 return -1; 1839 } 1840 goto skip_digest_oid; 1841 } 1842 1843 if (x509_sha256_oid(&oid)) { 1844 if (signature->oid.oid[6] != 1845 11 /* sha2561WithRSAEncryption */) { 1846 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 " 1847 "does not match with certificate " 1848 "signatureAlgorithm (%lu)", 1849 signature->oid.oid[6]); 1850 os_free(data); 1851 return -1; 1852 } 1853 goto skip_digest_oid; 1854 } 1855 1856 if (x509_sha384_oid(&oid)) { 1857 if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) { 1858 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 " 1859 "does not match with certificate " 1860 "signatureAlgorithm (%lu)", 1861 signature->oid.oid[6]); 1862 os_free(data); 1863 return -1; 1864 } 1865 goto skip_digest_oid; 1866 } 1867 1868 if (x509_sha512_oid(&oid)) { 1869 if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) { 1870 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 " 1871 "does not match with certificate " 1872 "signatureAlgorithm (%lu)", 1873 signature->oid.oid[6]); 1874 os_free(data); 1875 return -1; 1876 } 1877 goto skip_digest_oid; 1878 } 1879 1880 if (!x509_digest_oid(&oid)) { 1881 wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm"); 1882 os_free(data); 1883 return -1; 1884 } 1885 switch (oid.oid[5]) { 1886 case 5: /* md5 */ 1887 if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) { 1888 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does " 1889 "not match with certificate " 1890 "signatureAlgorithm (%lu)", 1891 signature->oid.oid[6]); 1892 os_free(data); 1893 return -1; 1894 } 1895 break; 1896 case 2: /* md2 */ 1897 case 4: /* md4 */ 1898 default: 1899 wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm " 1900 "(%lu)", oid.oid[5]); 1901 os_free(data); 1902 return -1; 1903 } 1904 1905 skip_digest_oid: 1906 /* Digest ::= OCTET STRING */ 1907 pos = da_end; 1908 end = data + data_len; 1909 1910 if (asn1_get_next(pos, end - pos, &hdr) < 0 || 1911 hdr.class != ASN1_CLASS_UNIVERSAL || 1912 hdr.tag != ASN1_TAG_OCTETSTRING) { 1913 wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING " 1914 "(Digest) - found class %d tag 0x%x", 1915 hdr.class, hdr.tag); 1916 os_free(data); 1917 return -1; 1918 } 1919 wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest", 1920 hdr.payload, hdr.length); 1921 1922 switch (signature->oid.oid[6]) { 1923 case 4: /* md5WithRSAEncryption */ 1924 md5_vector(1, addr, len, hash); 1925 hash_len = 16; 1926 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)", 1927 hash, hash_len); 1928 break; 1929 case 5: /* sha-1WithRSAEncryption */ 1930 sha1_vector(1, addr, len, hash); 1931 hash_len = 20; 1932 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)", 1933 hash, hash_len); 1934 break; 1935 case 11: /* sha256WithRSAEncryption */ 1936 sha256_vector(1, addr, len, hash); 1937 hash_len = 32; 1938 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)", 1939 hash, hash_len); 1940 break; 1941 case 12: /* sha384WithRSAEncryption */ 1942 sha384_vector(1, addr, len, hash); 1943 hash_len = 48; 1944 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)", 1945 hash, hash_len); 1946 break; 1947 case 13: /* sha512WithRSAEncryption */ 1948 sha512_vector(1, addr, len, hash); 1949 hash_len = 64; 1950 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)", 1951 hash, hash_len); 1952 break; 1953 case 2: /* md2WithRSAEncryption */ 1954 default: 1955 wpa_printf(MSG_INFO, "X509: Unsupported certificate signature " 1956 "algorithm (%lu)", signature->oid.oid[6]); 1957 os_free(data); 1958 return -1; 1959 } 1960 1961 if (hdr.length != hash_len || 1962 os_memcmp_const(hdr.payload, hash, hdr.length) != 0) { 1963 wpa_printf(MSG_INFO, "X509: Certificate Digest does not match " 1964 "with calculated tbsCertificate hash"); 1965 os_free(data); 1966 return -1; 1967 } 1968 1969 if (hdr.payload + hdr.length < data + data_len) { 1970 wpa_hexdump(MSG_INFO, 1971 "X509: Extra data after certificate signature hash", 1972 hdr.payload + hdr.length, 1973 data + data_len - hdr.payload - hdr.length); 1974 os_free(data); 1975 return -1; 1976 } 1977 1978 os_free(data); 1979 1980 wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with " 1981 "calculated tbsCertificate hash"); 1982 1983 return 0; 1984 } 1985 1986 1987 static int x509_valid_issuer(const struct x509_certificate *cert) 1988 { 1989 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) && 1990 !cert->ca) { 1991 wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an " 1992 "issuer"); 1993 return -1; 1994 } 1995 1996 if (cert->version == X509_CERT_V3 && 1997 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) { 1998 wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not " 1999 "include BasicConstraints extension"); 2000 return -1; 2001 } 2002 2003 if ((cert->extensions_present & X509_EXT_KEY_USAGE) && 2004 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) { 2005 wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have " 2006 "keyCertSign bit in Key Usage"); 2007 return -1; 2008 } 2009 2010 return 0; 2011 } 2012 2013 2014 /** 2015 * x509_certificate_chain_validate - Validate X.509 certificate chain 2016 * @trusted: List of trusted certificates 2017 * @chain: Certificate chain to be validated (first chain must be issued by 2018 * signed by the second certificate in the chain and so on) 2019 * @reason: Buffer for returning failure reason (X509_VALIDATE_*) 2020 * Returns: 0 if chain is valid, -1 if not 2021 */ 2022 int x509_certificate_chain_validate(struct x509_certificate *trusted, 2023 struct x509_certificate *chain, 2024 int *reason, int disable_time_checks) 2025 { 2026 long unsigned idx; 2027 int chain_trusted = 0; 2028 struct x509_certificate *cert, *trust; 2029 char buf[128]; 2030 struct os_time now; 2031 2032 *reason = X509_VALIDATE_OK; 2033 2034 wpa_printf(MSG_DEBUG, "X509: Validate certificate chain"); 2035 os_get_time(&now); 2036 2037 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) { 2038 cert->issuer_trusted = 0; 2039 x509_name_string(&cert->subject, buf, sizeof(buf)); 2040 wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf); 2041 2042 if (chain_trusted) 2043 continue; 2044 2045 if (!disable_time_checks && 2046 ((unsigned long) now.sec < 2047 (unsigned long) cert->not_before || 2048 (unsigned long) now.sec > 2049 (unsigned long) cert->not_after)) { 2050 wpa_printf(MSG_INFO, "X509: Certificate not valid " 2051 "(now=%lu not_before=%lu not_after=%lu)", 2052 now.sec, cert->not_before, cert->not_after); 2053 *reason = X509_VALIDATE_CERTIFICATE_EXPIRED; 2054 return -1; 2055 } 2056 2057 if (cert->next) { 2058 if (x509_name_compare(&cert->issuer, 2059 &cert->next->subject) != 0) { 2060 wpa_printf(MSG_DEBUG, "X509: Certificate " 2061 "chain issuer name mismatch"); 2062 x509_name_string(&cert->issuer, buf, 2063 sizeof(buf)); 2064 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s", 2065 buf); 2066 x509_name_string(&cert->next->subject, buf, 2067 sizeof(buf)); 2068 wpa_printf(MSG_DEBUG, "X509: next cert " 2069 "subject: %s", buf); 2070 *reason = X509_VALIDATE_CERTIFICATE_UNKNOWN; 2071 return -1; 2072 } 2073 2074 if (x509_valid_issuer(cert->next) < 0) { 2075 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2076 return -1; 2077 } 2078 2079 if ((cert->next->extensions_present & 2080 X509_EXT_PATH_LEN_CONSTRAINT) && 2081 idx > cert->next->path_len_constraint) { 2082 wpa_printf(MSG_DEBUG, "X509: pathLenConstraint" 2083 " not met (idx=%lu issuer " 2084 "pathLenConstraint=%lu)", idx, 2085 cert->next->path_len_constraint); 2086 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2087 return -1; 2088 } 2089 2090 if (x509_certificate_check_signature(cert->next, cert) 2091 < 0) { 2092 wpa_printf(MSG_DEBUG, "X509: Invalid " 2093 "certificate signature within " 2094 "chain"); 2095 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2096 return -1; 2097 } 2098 } 2099 2100 for (trust = trusted; trust; trust = trust->next) { 2101 if (x509_name_compare(&cert->issuer, &trust->subject) 2102 == 0) 2103 break; 2104 } 2105 2106 if (trust) { 2107 wpa_printf(MSG_DEBUG, "X509: Found issuer from the " 2108 "list of trusted certificates"); 2109 if (x509_valid_issuer(trust) < 0) { 2110 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2111 return -1; 2112 } 2113 2114 if (x509_certificate_check_signature(trust, cert) < 0) 2115 { 2116 wpa_printf(MSG_DEBUG, "X509: Invalid " 2117 "certificate signature"); 2118 *reason = X509_VALIDATE_BAD_CERTIFICATE; 2119 return -1; 2120 } 2121 2122 wpa_printf(MSG_DEBUG, "X509: Trusted certificate " 2123 "found to complete the chain"); 2124 cert->issuer_trusted = 1; 2125 chain_trusted = 1; 2126 } 2127 } 2128 2129 if (!chain_trusted) { 2130 wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers " 2131 "from the list of trusted certificates"); 2132 if (trusted) { 2133 *reason = X509_VALIDATE_UNKNOWN_CA; 2134 return -1; 2135 } 2136 wpa_printf(MSG_DEBUG, "X509: Certificate chain validation " 2137 "disabled - ignore unknown CA issue"); 2138 } 2139 2140 wpa_printf(MSG_DEBUG, "X509: Certificate chain valid"); 2141 2142 return 0; 2143 } 2144 2145 2146 /** 2147 * x509_certificate_get_subject - Get a certificate based on Subject name 2148 * @chain: Certificate chain to search through 2149 * @name: Subject name to search for 2150 * Returns: Pointer to the certificate with the given Subject name or 2151 * %NULL on failure 2152 */ 2153 struct x509_certificate * 2154 x509_certificate_get_subject(struct x509_certificate *chain, 2155 struct x509_name *name) 2156 { 2157 struct x509_certificate *cert; 2158 2159 for (cert = chain; cert; cert = cert->next) { 2160 if (x509_name_compare(&cert->subject, name) == 0) 2161 return cert; 2162 } 2163 return NULL; 2164 } 2165 2166 2167 /** 2168 * x509_certificate_self_signed - Is the certificate self-signed? 2169 * @cert: Certificate 2170 * Returns: 1 if certificate is self-signed, 0 if not 2171 */ 2172 int x509_certificate_self_signed(struct x509_certificate *cert) 2173 { 2174 return x509_name_compare(&cert->issuer, &cert->subject) == 0; 2175 } 2176