2 * X.509v3 certificate parsing and processing (RFC 3280 profile)
3 * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/crypto.h"
17 void x509_free_name(struct x509_name *name)
21 for (i = 0; i < name->num_attr; i++) {
22 os_free(name->attr[i].value);
23 name->attr[i].value = NULL;
24 name->attr[i].type = X509_NAME_ATTR_NOT_USED;
30 os_free(name->alt_email);
34 name->alt_email = name->dns = name->uri = NULL;
37 os_memset(&name->rid, 0, sizeof(name->rid));
42 * x509_certificate_free - Free an X.509 certificate
43 * @cert: Certificate to be freed
45 void x509_certificate_free(struct x509_certificate *cert)
50 wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
51 "was still on a list (next=%p)\n",
54 x509_free_name(&cert->issuer);
55 x509_free_name(&cert->subject);
56 os_free(cert->public_key);
57 os_free(cert->sign_value);
58 os_free(cert->subject_dn);
64 * x509_certificate_free - Free an X.509 certificate chain
65 * @cert: Pointer to the first certificate in the chain
67 void x509_certificate_chain_free(struct x509_certificate *cert)
69 struct x509_certificate *next;
74 x509_certificate_free(cert);
80 static int x509_whitespace(char c)
82 return c == ' ' || c == '\t';
86 static void x509_str_strip_whitespace(char *a)
89 int remove_whitespace = 1;
94 if (remove_whitespace && x509_whitespace(*ipos))
97 remove_whitespace = x509_whitespace(*ipos);
103 if (opos > a && x509_whitespace(*opos))
108 static int x509_str_compare(const char *a, const char *b)
123 if (aa == NULL || bb == NULL) {
126 return os_strcasecmp(a, b);
129 x509_str_strip_whitespace(aa);
130 x509_str_strip_whitespace(bb);
132 ret = os_strcasecmp(aa, bb);
142 * x509_name_compare - Compare X.509 certificate names
143 * @a: Certificate name
144 * @b: Certificate name
145 * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
148 int x509_name_compare(struct x509_name *a, struct x509_name *b)
159 if (a->num_attr < b->num_attr)
161 if (a->num_attr > b->num_attr)
164 for (i = 0; i < a->num_attr; i++) {
165 if (a->attr[i].type < b->attr[i].type)
167 if (a->attr[i].type > b->attr[i].type)
169 res = x509_str_compare(a->attr[i].value, b->attr[i].value);
173 res = x509_str_compare(a->email, b->email);
181 int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
182 struct x509_algorithm_identifier *id,
189 * AlgorithmIdentifier ::= SEQUENCE {
190 * algorithm OBJECT IDENTIFIER,
191 * parameters ANY DEFINED BY algorithm OPTIONAL
195 if (asn1_get_next(buf, len, &hdr) < 0 ||
196 hdr.class != ASN1_CLASS_UNIVERSAL ||
197 hdr.tag != ASN1_TAG_SEQUENCE) {
198 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
199 "(AlgorithmIdentifier) - found class %d tag 0x%x",
203 if (hdr.length > buf + len - hdr.payload)
206 end = pos + hdr.length;
210 if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
213 /* TODO: optional parameters */
219 static int x509_parse_public_key(const u8 *buf, size_t len,
220 struct x509_certificate *cert,
227 * SubjectPublicKeyInfo ::= SEQUENCE {
228 * algorithm AlgorithmIdentifier,
229 * subjectPublicKey BIT STRING
236 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
237 hdr.class != ASN1_CLASS_UNIVERSAL ||
238 hdr.tag != ASN1_TAG_SEQUENCE) {
239 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
240 "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
246 if (hdr.length > end - pos)
248 end = pos + hdr.length;
251 if (x509_parse_algorithm_identifier(pos, end - pos,
252 &cert->public_key_alg, &pos))
255 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
256 hdr.class != ASN1_CLASS_UNIVERSAL ||
257 hdr.tag != ASN1_TAG_BITSTRING) {
258 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
259 "(subjectPublicKey) - found class %d tag 0x%x",
267 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
270 * TODO: should this be rejected? X.509 certificates are
271 * unlikely to use such a construction. Now we would end up
272 * including the extra bits in the buffer which may also be
276 os_free(cert->public_key);
277 cert->public_key = os_memdup(pos + 1, hdr.length - 1);
278 if (cert->public_key == NULL) {
279 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
283 cert->public_key_len = hdr.length - 1;
284 wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
285 cert->public_key, cert->public_key_len);
291 int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
295 const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
300 * Name ::= CHOICE { RDNSequence }
301 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
302 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
303 * AttributeTypeAndValue ::= SEQUENCE {
304 * type AttributeType,
305 * value AttributeValue
307 * AttributeType ::= OBJECT IDENTIFIER
308 * AttributeValue ::= ANY DEFINED BY AttributeType
311 if (asn1_get_next(buf, len, &hdr) < 0 ||
312 hdr.class != ASN1_CLASS_UNIVERSAL ||
313 hdr.tag != ASN1_TAG_SEQUENCE) {
314 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
315 "(Name / RDNSequencer) - found class %d tag 0x%x",
321 if (hdr.length > buf + len - pos)
324 end = *next = pos + hdr.length;
327 enum x509_name_attr_type type;
329 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
330 hdr.class != ASN1_CLASS_UNIVERSAL ||
331 hdr.tag != ASN1_TAG_SET) {
332 wpa_printf(MSG_DEBUG, "X509: Expected SET "
333 "(RelativeDistinguishedName) - found class "
334 "%d tag 0x%x", hdr.class, hdr.tag);
335 x509_free_name(name);
339 set_pos = hdr.payload;
340 pos = set_end = hdr.payload + hdr.length;
342 if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
343 hdr.class != ASN1_CLASS_UNIVERSAL ||
344 hdr.tag != ASN1_TAG_SEQUENCE) {
345 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
346 "(AttributeTypeAndValue) - found class %d "
347 "tag 0x%x", hdr.class, hdr.tag);
348 x509_free_name(name);
352 seq_pos = hdr.payload;
353 seq_end = hdr.payload + hdr.length;
355 if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
356 x509_free_name(name);
360 if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
361 hdr.class != ASN1_CLASS_UNIVERSAL) {
362 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
364 x509_free_name(name);
369 * MUST: country, organization, organizational-unit,
370 * distinguished name qualifier, state or province name,
371 * common name, serial number.
372 * SHOULD: locality, title, surname, given name, initials,
373 * pseudonym, generation qualifier.
374 * MUST: domainComponent (RFC 2247).
376 type = X509_NAME_ATTR_NOT_USED;
378 oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
379 /* id-at ::= 2.5.4 */
380 switch (oid.oid[3]) {
383 type = X509_NAME_ATTR_CN;
387 type = X509_NAME_ATTR_C;
391 type = X509_NAME_ATTR_L;
394 /* stateOrProvinceName */
395 type = X509_NAME_ATTR_ST;
398 /* organizationName */
399 type = X509_NAME_ATTR_O;
402 /* organizationalUnitName */
403 type = X509_NAME_ATTR_OU;
406 } else if (oid.len == 7 &&
407 oid.oid[0] == 1 && oid.oid[1] == 2 &&
408 oid.oid[2] == 840 && oid.oid[3] == 113549 &&
409 oid.oid[4] == 1 && oid.oid[5] == 9 &&
411 /* 1.2.840.113549.1.9.1 - e-mailAddress */
412 os_free(name->email);
413 name->email = os_malloc(hdr.length + 1);
414 if (name->email == NULL) {
415 x509_free_name(name);
418 os_memcpy(name->email, hdr.payload, hdr.length);
419 name->email[hdr.length] = '\0';
421 } else if (oid.len == 7 &&
422 oid.oid[0] == 0 && oid.oid[1] == 9 &&
423 oid.oid[2] == 2342 && oid.oid[3] == 19200300 &&
424 oid.oid[4] == 100 && oid.oid[5] == 1 &&
426 /* 0.9.2342.19200300.100.1.25 - domainComponent */
427 type = X509_NAME_ATTR_DC;
430 if (type == X509_NAME_ATTR_NOT_USED) {
431 wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
433 oid.len * sizeof(oid.oid[0]));
434 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
435 hdr.payload, hdr.length);
439 if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) {
440 wpa_printf(MSG_INFO, "X509: Too many Name attributes");
441 x509_free_name(name);
445 val = dup_binstr(hdr.payload, hdr.length);
447 x509_free_name(name);
450 if (os_strlen(val) != hdr.length) {
451 wpa_printf(MSG_INFO, "X509: Reject certificate with "
452 "embedded NUL byte in a string (%s[NUL])",
455 x509_free_name(name);
459 name->attr[name->num_attr].type = type;
460 name->attr[name->num_attr].value = val;
468 static char * x509_name_attr_str(enum x509_name_attr_type type)
471 case X509_NAME_ATTR_NOT_USED:
473 case X509_NAME_ATTR_DC:
475 case X509_NAME_ATTR_CN:
477 case X509_NAME_ATTR_C:
479 case X509_NAME_ATTR_L:
481 case X509_NAME_ATTR_ST:
483 case X509_NAME_ATTR_O:
485 case X509_NAME_ATTR_OU:
493 * x509_name_string - Convert an X.509 certificate name into a string
494 * @name: Name to convert
495 * @buf: Buffer for the string
496 * @len: Maximum buffer length
498 void x509_name_string(struct x509_name *name, char *buf, size_t len)
510 for (i = 0; i < name->num_attr; i++) {
511 ret = os_snprintf(pos, end - pos, "%s=%s, ",
512 x509_name_attr_str(name->attr[i].type),
513 name->attr[i].value);
514 if (os_snprintf_error(end - pos, ret))
519 if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
527 ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
529 if (os_snprintf_error(end - pos, ret))
541 static int parse_uint2(const char *pos, size_t len)
551 if (sscanf(buf, "%2d", &ret) != 1)
557 static int parse_uint4(const char *pos, size_t len)
569 if (sscanf(buf, "%4d", &ret) != 1)
575 int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val)
577 const char *pos, *end;
578 int year, month, day, hour, min, sec;
583 * generalTime GeneralizedTime
586 * UTCTime: YYMMDDHHMMSSZ
587 * GeneralizedTime: YYYYMMDDHHMMSSZ
590 pos = (const char *) buf;
594 case ASN1_TAG_UTCTIME:
595 if (len != 13 || buf[12] != 'Z') {
596 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
597 "UTCTime format", buf, len);
600 year = parse_uint2(pos, end - pos);
602 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
603 "UTCTime year", buf, len);
612 case ASN1_TAG_GENERALIZEDTIME:
613 if (len != 15 || buf[14] != 'Z') {
614 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
615 "GeneralizedTime format", buf, len);
618 year = parse_uint4(pos, end - pos);
620 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
621 "GeneralizedTime year", buf, len);
627 wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
628 "GeneralizedTime - found tag 0x%x", asn1_tag);
632 month = parse_uint2(pos, end - pos);
634 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
635 "(month)", buf, len);
640 day = parse_uint2(pos, end - pos);
642 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
648 hour = parse_uint2(pos, end - pos);
650 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
656 min = parse_uint2(pos, end - pos);
658 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
664 sec = parse_uint2(pos, end - pos);
666 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
671 if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
672 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
676 * At least some test certificates have been configured
677 * to use dates prior to 1970. Set the date to
678 * beginning of 1970 to handle these case.
680 wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
681 "assume epoch as the time", year);
692 static int x509_parse_validity(const u8 *buf, size_t len,
693 struct x509_certificate *cert, const u8 **next)
700 * Validity ::= SEQUENCE {
706 * CAs conforming to this profile MUST always encode certificate
707 * validity dates through the year 2049 as UTCTime; certificate
708 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
711 if (asn1_get_next(buf, len, &hdr) < 0 ||
712 hdr.class != ASN1_CLASS_UNIVERSAL ||
713 hdr.tag != ASN1_TAG_SEQUENCE) {
714 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
715 "(Validity) - found class %d tag 0x%x",
722 if (plen > (size_t) (buf + len - pos))
727 if (asn1_get_next(pos, plen, &hdr) < 0 ||
728 hdr.class != ASN1_CLASS_UNIVERSAL ||
729 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
730 &cert->not_before) < 0) {
731 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
732 "Time", hdr.payload, hdr.length);
736 pos = hdr.payload + hdr.length;
739 if (asn1_get_next(pos, plen, &hdr) < 0 ||
740 hdr.class != ASN1_CLASS_UNIVERSAL ||
741 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
742 &cert->not_after) < 0) {
743 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
744 "Time", hdr.payload, hdr.length);
748 wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
749 (unsigned long) cert->not_before,
750 (unsigned long) cert->not_after);
756 static int x509_id_ce_oid(struct asn1_oid *oid)
758 /* id-ce arc from X.509 for standard X.509v3 extensions */
759 return oid->len >= 4 &&
760 oid->oid[0] == 2 /* joint-iso-ccitt */ &&
761 oid->oid[1] == 5 /* ds */ &&
762 oid->oid[2] == 29 /* id-ce */;
766 static int x509_any_ext_key_usage_oid(struct asn1_oid *oid)
768 return oid->len == 6 &&
769 x509_id_ce_oid(oid) &&
770 oid->oid[3] == 37 /* extKeyUsage */ &&
771 oid->oid[4] == 0 /* anyExtendedKeyUsage */;
775 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
776 const u8 *pos, size_t len)
781 * KeyUsage ::= BIT STRING {
782 * digitalSignature (0),
783 * nonRepudiation (1),
784 * keyEncipherment (2),
785 * dataEncipherment (3),
793 if (asn1_get_next(pos, len, &hdr) < 0 ||
794 hdr.class != ASN1_CLASS_UNIVERSAL ||
795 hdr.tag != ASN1_TAG_BITSTRING ||
797 wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
798 "KeyUsage; found %d tag 0x%x len %d",
799 hdr.class, hdr.tag, hdr.length);
803 cert->extensions_present |= X509_EXT_KEY_USAGE;
804 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
806 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
812 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
813 const u8 *pos, size_t len)
821 * BasicConstraints ::= SEQUENCE {
822 * cA BOOLEAN DEFAULT FALSE,
823 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
826 if (asn1_get_next(pos, len, &hdr) < 0 ||
827 hdr.class != ASN1_CLASS_UNIVERSAL ||
828 hdr.tag != ASN1_TAG_SEQUENCE) {
829 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
830 "BasicConstraints; found %d tag 0x%x",
835 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
840 end_seq = hdr.payload + hdr.length;
841 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
842 hdr.class != ASN1_CLASS_UNIVERSAL) {
843 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
848 if (hdr.tag == ASN1_TAG_BOOLEAN) {
849 cert->ca = hdr.payload[0];
851 pos = hdr.payload + hdr.length;
852 if (pos >= end_seq) {
853 /* No optional pathLenConstraint */
854 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
858 if (asn1_get_next(pos, end_seq - pos, &hdr) < 0 ||
859 hdr.class != ASN1_CLASS_UNIVERSAL) {
860 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
866 if (hdr.tag != ASN1_TAG_INTEGER) {
867 wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
868 "BasicConstraints; found class %d tag 0x%x",
882 cert->path_len_constraint = value;
883 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
885 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
886 "pathLenConstraint=%lu",
887 cert->ca, cert->path_len_constraint);
893 static int x509_parse_alt_name_rfc8222(struct x509_name *name,
894 const u8 *pos, size_t len)
896 /* rfc822Name IA5String */
897 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
898 os_free(name->alt_email);
899 name->alt_email = os_zalloc(len + 1);
900 if (name->alt_email == NULL)
902 os_memcpy(name->alt_email, pos, len);
903 if (os_strlen(name->alt_email) != len) {
904 wpa_printf(MSG_INFO, "X509: Reject certificate with "
905 "embedded NUL byte in rfc822Name (%s[NUL])",
907 os_free(name->alt_email);
908 name->alt_email = NULL;
915 static int x509_parse_alt_name_dns(struct x509_name *name,
916 const u8 *pos, size_t len)
918 /* dNSName IA5String */
919 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
921 name->dns = os_zalloc(len + 1);
922 if (name->dns == NULL)
924 os_memcpy(name->dns, pos, len);
925 if (os_strlen(name->dns) != len) {
926 wpa_printf(MSG_INFO, "X509: Reject certificate with "
927 "embedded NUL byte in dNSName (%s[NUL])",
937 static int x509_parse_alt_name_uri(struct x509_name *name,
938 const u8 *pos, size_t len)
940 /* uniformResourceIdentifier IA5String */
941 wpa_hexdump_ascii(MSG_MSGDUMP,
942 "X509: altName - uniformResourceIdentifier",
945 name->uri = os_zalloc(len + 1);
946 if (name->uri == NULL)
948 os_memcpy(name->uri, pos, len);
949 if (os_strlen(name->uri) != len) {
950 wpa_printf(MSG_INFO, "X509: Reject certificate with "
951 "embedded NUL byte in uniformResourceIdentifier "
952 "(%s[NUL])", name->uri);
961 static int x509_parse_alt_name_ip(struct x509_name *name,
962 const u8 *pos, size_t len)
964 /* iPAddress OCTET STRING */
965 wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
967 name->ip = os_memdup(pos, len);
968 if (name->ip == NULL)
975 static int x509_parse_alt_name_rid(struct x509_name *name,
976 const u8 *pos, size_t len)
980 /* registeredID OBJECT IDENTIFIER */
981 if (asn1_parse_oid(pos, len, &name->rid) < 0)
984 asn1_oid_to_str(&name->rid, buf, sizeof(buf));
985 wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
991 static int x509_parse_ext_alt_name(struct x509_name *name,
992 const u8 *pos, size_t len)
998 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
1000 * GeneralName ::= CHOICE {
1001 * otherName [0] OtherName,
1002 * rfc822Name [1] IA5String,
1003 * dNSName [2] IA5String,
1004 * x400Address [3] ORAddress,
1005 * directoryName [4] Name,
1006 * ediPartyName [5] EDIPartyName,
1007 * uniformResourceIdentifier [6] IA5String,
1008 * iPAddress [7] OCTET STRING,
1009 * registeredID [8] OBJECT IDENTIFIER }
1011 * OtherName ::= SEQUENCE {
1012 * type-id OBJECT IDENTIFIER,
1013 * value [0] EXPLICIT ANY DEFINED BY type-id }
1015 * EDIPartyName ::= SEQUENCE {
1016 * nameAssigner [0] DirectoryString OPTIONAL,
1017 * partyName [1] DirectoryString }
1020 for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
1023 if (asn1_get_next(p, end - p, &hdr) < 0) {
1024 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
1025 "SubjectAltName item");
1029 if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
1034 res = x509_parse_alt_name_rfc8222(name, hdr.payload,
1038 res = x509_parse_alt_name_dns(name, hdr.payload,
1042 res = x509_parse_alt_name_uri(name, hdr.payload,
1046 res = x509_parse_alt_name_ip(name, hdr.payload,
1050 res = x509_parse_alt_name_rid(name, hdr.payload,
1053 case 0: /* TODO: otherName */
1054 case 3: /* TODO: x500Address */
1055 case 4: /* TODO: directoryName */
1056 case 5: /* TODO: ediPartyName */
1069 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1070 const u8 *pos, size_t len)
1072 struct asn1_hdr hdr;
1074 /* SubjectAltName ::= GeneralNames */
1076 if (asn1_get_next(pos, len, &hdr) < 0 ||
1077 hdr.class != ASN1_CLASS_UNIVERSAL ||
1078 hdr.tag != ASN1_TAG_SEQUENCE) {
1079 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1080 "SubjectAltName; found %d tag 0x%x",
1081 hdr.class, hdr.tag);
1085 wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
1086 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1088 if (hdr.length == 0)
1091 return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1096 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1097 const u8 *pos, size_t len)
1099 struct asn1_hdr hdr;
1101 /* IssuerAltName ::= GeneralNames */
1103 if (asn1_get_next(pos, len, &hdr) < 0 ||
1104 hdr.class != ASN1_CLASS_UNIVERSAL ||
1105 hdr.tag != ASN1_TAG_SEQUENCE) {
1106 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1107 "IssuerAltName; found %d tag 0x%x",
1108 hdr.class, hdr.tag);
1112 wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
1113 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1115 if (hdr.length == 0)
1118 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1123 static int x509_id_pkix_oid(struct asn1_oid *oid)
1125 return oid->len >= 7 &&
1126 oid->oid[0] == 1 /* iso */ &&
1127 oid->oid[1] == 3 /* identified-organization */ &&
1128 oid->oid[2] == 6 /* dod */ &&
1129 oid->oid[3] == 1 /* internet */ &&
1130 oid->oid[4] == 5 /* security */ &&
1131 oid->oid[5] == 5 /* mechanisms */ &&
1132 oid->oid[6] == 7 /* id-pkix */;
1136 static int x509_id_kp_oid(struct asn1_oid *oid)
1139 return oid->len >= 8 &&
1140 x509_id_pkix_oid(oid) &&
1141 oid->oid[7] == 3 /* id-kp */;
1145 static int x509_id_kp_server_auth_oid(struct asn1_oid *oid)
1148 return oid->len == 9 &&
1149 x509_id_kp_oid(oid) &&
1150 oid->oid[8] == 1 /* id-kp-serverAuth */;
1154 static int x509_id_kp_client_auth_oid(struct asn1_oid *oid)
1157 return oid->len == 9 &&
1158 x509_id_kp_oid(oid) &&
1159 oid->oid[8] == 2 /* id-kp-clientAuth */;
1163 static int x509_id_kp_ocsp_oid(struct asn1_oid *oid)
1166 return oid->len == 9 &&
1167 x509_id_kp_oid(oid) &&
1168 oid->oid[8] == 9 /* id-kp-OCSPSigning */;
1172 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
1173 const u8 *pos, size_t len)
1175 struct asn1_hdr hdr;
1177 struct asn1_oid oid;
1180 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
1182 * KeyPurposeId ::= OBJECT IDENTIFIER
1185 if (asn1_get_next(pos, len, &hdr) < 0 ||
1186 hdr.class != ASN1_CLASS_UNIVERSAL ||
1187 hdr.tag != ASN1_TAG_SEQUENCE) {
1188 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1189 "(ExtKeyUsageSyntax) - found class %d tag 0x%x",
1190 hdr.class, hdr.tag);
1193 if (hdr.length > pos + len - hdr.payload)
1196 end = pos + hdr.length;
1198 wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos);
1203 if (asn1_get_oid(pos, end - pos, &oid, &pos))
1205 if (x509_any_ext_key_usage_oid(&oid)) {
1206 os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf));
1207 cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY;
1208 } else if (x509_id_kp_server_auth_oid(&oid)) {
1209 os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf));
1210 cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH;
1211 } else if (x509_id_kp_client_auth_oid(&oid)) {
1212 os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf));
1213 cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
1214 } else if (x509_id_kp_ocsp_oid(&oid)) {
1215 os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf));
1216 cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP;
1218 asn1_oid_to_str(&oid, buf, sizeof(buf));
1220 wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf);
1223 cert->extensions_present |= X509_EXT_EXT_KEY_USAGE;
1229 static int x509_parse_extension_data(struct x509_certificate *cert,
1230 struct asn1_oid *oid,
1231 const u8 *pos, size_t len)
1233 if (!x509_id_ce_oid(oid))
1236 /* TODO: add other extensions required by RFC 3280, Ch 4.2:
1237 * certificate policies (section 4.2.1.5)
1238 * name constraints (section 4.2.1.11)
1239 * policy constraints (section 4.2.1.12)
1240 * inhibit any-policy (section 4.2.1.15)
1242 switch (oid->oid[3]) {
1243 case 15: /* id-ce-keyUsage */
1244 return x509_parse_ext_key_usage(cert, pos, len);
1245 case 17: /* id-ce-subjectAltName */
1246 return x509_parse_ext_subject_alt_name(cert, pos, len);
1247 case 18: /* id-ce-issuerAltName */
1248 return x509_parse_ext_issuer_alt_name(cert, pos, len);
1249 case 19: /* id-ce-basicConstraints */
1250 return x509_parse_ext_basic_constraints(cert, pos, len);
1251 case 37: /* id-ce-extKeyUsage */
1252 return x509_parse_ext_ext_key_usage(cert, pos, len);
1259 static int x509_parse_extension(struct x509_certificate *cert,
1260 const u8 *pos, size_t len, const u8 **next)
1263 struct asn1_hdr hdr;
1264 struct asn1_oid oid;
1265 int critical_ext = 0, res;
1269 * Extension ::= SEQUENCE {
1270 * extnID OBJECT IDENTIFIER,
1271 * critical BOOLEAN DEFAULT FALSE,
1272 * extnValue OCTET STRING
1276 if (asn1_get_next(pos, len, &hdr) < 0 ||
1277 hdr.class != ASN1_CLASS_UNIVERSAL ||
1278 hdr.tag != ASN1_TAG_SEQUENCE) {
1279 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1280 "Extensions: class %d tag 0x%x; expected SEQUENCE",
1281 hdr.class, hdr.tag);
1285 *next = end = pos + hdr.length;
1287 if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
1288 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
1289 "Extension (expected OID)");
1293 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1294 hdr.class != ASN1_CLASS_UNIVERSAL ||
1295 (hdr.tag != ASN1_TAG_BOOLEAN &&
1296 hdr.tag != ASN1_TAG_OCTETSTRING)) {
1297 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1298 "Extensions: class %d tag 0x%x; expected BOOLEAN "
1299 "or OCTET STRING", hdr.class, hdr.tag);
1303 if (hdr.tag == ASN1_TAG_BOOLEAN) {
1304 critical_ext = hdr.payload[0];
1306 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1307 (hdr.class != ASN1_CLASS_UNIVERSAL &&
1308 hdr.class != ASN1_CLASS_PRIVATE) ||
1309 hdr.tag != ASN1_TAG_OCTETSTRING) {
1310 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
1311 "in Extensions: class %d tag 0x%x; "
1312 "expected OCTET STRING",
1313 hdr.class, hdr.tag);
1318 asn1_oid_to_str(&oid, buf, sizeof(buf));
1319 wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
1321 wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
1323 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1326 if (res == 1 && critical_ext) {
1327 wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
1336 static int x509_parse_extensions(struct x509_certificate *cert,
1337 const u8 *pos, size_t len)
1340 struct asn1_hdr hdr;
1342 /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */
1344 if (asn1_get_next(pos, len, &hdr) < 0 ||
1345 hdr.class != ASN1_CLASS_UNIVERSAL ||
1346 hdr.tag != ASN1_TAG_SEQUENCE) {
1347 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
1348 "for Extensions: class %d tag 0x%x; "
1349 "expected SEQUENCE", hdr.class, hdr.tag);
1354 end = pos + hdr.length;
1357 if (x509_parse_extension(cert, pos, end - pos, &pos)
1366 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
1367 struct x509_certificate *cert,
1370 struct asn1_hdr hdr;
1371 const u8 *pos, *end;
1374 unsigned long value;
1375 const u8 *subject_dn;
1377 /* tbsCertificate TBSCertificate ::= SEQUENCE */
1378 if (asn1_get_next(buf, len, &hdr) < 0 ||
1379 hdr.class != ASN1_CLASS_UNIVERSAL ||
1380 hdr.tag != ASN1_TAG_SEQUENCE) {
1381 wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
1382 "with a valid SEQUENCE - found class %d tag 0x%x",
1383 hdr.class, hdr.tag);
1387 end = *next = pos + hdr.length;
1390 * version [0] EXPLICIT Version DEFAULT v1
1391 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1393 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1397 if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
1398 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1401 if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1402 hdr.tag != ASN1_TAG_INTEGER) {
1403 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1404 "version field - found class %d tag 0x%x",
1405 hdr.class, hdr.tag);
1408 if (hdr.length != 1) {
1409 wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
1410 "length %u (expected 1)", hdr.length);
1422 cert->version = value;
1423 if (cert->version != X509_CERT_V1 &&
1424 cert->version != X509_CERT_V2 &&
1425 cert->version != X509_CERT_V3) {
1426 wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
1431 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1434 cert->version = X509_CERT_V1;
1435 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1437 /* serialNumber CertificateSerialNumber ::= INTEGER */
1438 if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1439 hdr.tag != ASN1_TAG_INTEGER ||
1440 hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) {
1441 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1442 "serialNumber; class=%d tag=0x%x length=%u",
1443 hdr.class, hdr.tag, hdr.length);
1447 pos = hdr.payload + hdr.length;
1448 while (hdr.length > 0 && hdr.payload[0] == 0) {
1452 os_memcpy(cert->serial_number, hdr.payload, hdr.length);
1453 cert->serial_number_len = hdr.length;
1454 wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number,
1455 cert->serial_number_len);
1457 /* signature AlgorithmIdentifier */
1458 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1463 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1465 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1466 wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
1468 /* validity Validity */
1469 if (x509_parse_validity(pos, end - pos, cert, &pos))
1474 if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1476 cert->subject_dn = os_malloc(pos - subject_dn);
1477 if (!cert->subject_dn)
1479 cert->subject_dn_len = pos - subject_dn;
1480 os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
1481 x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1482 wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
1484 /* subjectPublicKeyInfo SubjectPublicKeyInfo */
1485 if (x509_parse_public_key(pos, end - pos, cert, &pos))
1491 if (cert->version == X509_CERT_V1)
1494 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1495 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1496 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1497 " tag to parse optional tbsCertificate "
1498 "field(s); parsed class %d tag 0x%x",
1499 hdr.class, hdr.tag);
1504 /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */
1505 wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
1506 /* TODO: parse UniqueIdentifier ::= BIT STRING */
1508 pos = hdr.payload + hdr.length;
1512 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1513 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1514 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1515 " tag to parse optional tbsCertificate "
1516 "field(s); parsed class %d tag 0x%x",
1517 hdr.class, hdr.tag);
1523 /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */
1524 wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
1525 /* TODO: parse UniqueIdentifier ::= BIT STRING */
1527 pos = hdr.payload + hdr.length;
1531 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1532 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1533 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1534 " tag to parse optional tbsCertificate "
1535 "field(s); parsed class %d tag 0x%x",
1536 hdr.class, hdr.tag);
1542 wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
1543 "Context-Specific tag %d in optional "
1544 "tbsCertificate fields", hdr.tag);
1548 /* extensions [3] EXPLICIT Extensions OPTIONAL */
1550 if (cert->version != X509_CERT_V3) {
1551 wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
1552 "Extensions data which are only allowed for "
1553 "version 3", cert->version + 1);
1557 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1560 pos = hdr.payload + hdr.length;
1562 wpa_hexdump(MSG_DEBUG,
1563 "X509: Ignored extra tbsCertificate data",
1571 static int x509_rsadsi_oid(struct asn1_oid *oid)
1573 return oid->len >= 4 &&
1574 oid->oid[0] == 1 /* iso */ &&
1575 oid->oid[1] == 2 /* member-body */ &&
1576 oid->oid[2] == 840 /* us */ &&
1577 oid->oid[3] == 113549 /* rsadsi */;
1581 static int x509_pkcs_oid(struct asn1_oid *oid)
1583 return oid->len >= 5 &&
1584 x509_rsadsi_oid(oid) &&
1585 oid->oid[4] == 1 /* pkcs */;
1589 static int x509_digest_oid(struct asn1_oid *oid)
1591 return oid->len >= 5 &&
1592 x509_rsadsi_oid(oid) &&
1593 oid->oid[4] == 2 /* digestAlgorithm */;
1597 int x509_sha1_oid(struct asn1_oid *oid)
1599 return oid->len == 6 &&
1600 oid->oid[0] == 1 /* iso */ &&
1601 oid->oid[1] == 3 /* identified-organization */ &&
1602 oid->oid[2] == 14 /* oiw */ &&
1603 oid->oid[3] == 3 /* secsig */ &&
1604 oid->oid[4] == 2 /* algorithms */ &&
1605 oid->oid[5] == 26 /* id-sha1 */;
1609 static int x509_sha2_oid(struct asn1_oid *oid)
1611 return oid->len == 9 &&
1612 oid->oid[0] == 2 /* joint-iso-itu-t */ &&
1613 oid->oid[1] == 16 /* country */ &&
1614 oid->oid[2] == 840 /* us */ &&
1615 oid->oid[3] == 1 /* organization */ &&
1616 oid->oid[4] == 101 /* gov */ &&
1617 oid->oid[5] == 3 /* csor */ &&
1618 oid->oid[6] == 4 /* nistAlgorithm */ &&
1619 oid->oid[7] == 2 /* hashAlgs */;
1623 int x509_sha256_oid(struct asn1_oid *oid)
1625 return x509_sha2_oid(oid) &&
1626 oid->oid[8] == 1 /* sha256 */;
1630 int x509_sha384_oid(struct asn1_oid *oid)
1632 return x509_sha2_oid(oid) &&
1633 oid->oid[8] == 2 /* sha384 */;
1637 int x509_sha512_oid(struct asn1_oid *oid)
1639 return x509_sha2_oid(oid) &&
1640 oid->oid[8] == 3 /* sha512 */;
1645 * x509_certificate_parse - Parse a X.509 certificate in DER format
1646 * @buf: Pointer to the X.509 certificate in DER format
1647 * @len: Buffer length
1648 * Returns: Pointer to the parsed certificate or %NULL on failure
1650 * Caller is responsible for freeing the returned certificate by calling
1651 * x509_certificate_free().
1653 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
1655 struct asn1_hdr hdr;
1656 const u8 *pos, *end, *hash_start;
1657 struct x509_certificate *cert;
1659 cert = os_zalloc(sizeof(*cert) + len);
1662 os_memcpy(cert + 1, buf, len);
1663 cert->cert_start = (u8 *) (cert + 1);
1664 cert->cert_len = len;
1669 /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
1671 /* Certificate ::= SEQUENCE */
1672 if (asn1_get_next(pos, len, &hdr) < 0 ||
1673 hdr.class != ASN1_CLASS_UNIVERSAL ||
1674 hdr.tag != ASN1_TAG_SEQUENCE) {
1675 wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
1676 "a valid SEQUENCE - found class %d tag 0x%x",
1677 hdr.class, hdr.tag);
1678 x509_certificate_free(cert);
1683 if (hdr.length > end - pos) {
1684 x509_certificate_free(cert);
1688 if (hdr.length < end - pos) {
1689 wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
1690 "encoded certificate",
1691 pos + hdr.length, end - (pos + hdr.length));
1692 end = pos + hdr.length;
1696 cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1697 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1698 x509_certificate_free(cert);
1701 cert->tbs_cert_len = pos - hash_start;
1703 /* signatureAlgorithm AlgorithmIdentifier */
1704 if (x509_parse_algorithm_identifier(pos, end - pos,
1705 &cert->signature_alg, &pos)) {
1706 x509_certificate_free(cert);
1710 /* signatureValue BIT STRING */
1711 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1712 hdr.class != ASN1_CLASS_UNIVERSAL ||
1713 hdr.tag != ASN1_TAG_BITSTRING) {
1714 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
1715 "(signatureValue) - found class %d tag 0x%x",
1716 hdr.class, hdr.tag);
1717 x509_certificate_free(cert);
1720 if (hdr.length < 1) {
1721 x509_certificate_free(cert);
1726 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
1728 /* PKCS #1 v1.5 10.2.1:
1729 * It is an error if the length in bits of the signature S is
1730 * not a multiple of eight.
1732 x509_certificate_free(cert);
1735 os_free(cert->sign_value);
1736 cert->sign_value = os_memdup(pos + 1, hdr.length - 1);
1737 if (cert->sign_value == NULL) {
1738 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
1740 x509_certificate_free(cert);
1743 cert->sign_value_len = hdr.length - 1;
1744 wpa_hexdump(MSG_MSGDUMP, "X509: signature",
1745 cert->sign_value, cert->sign_value_len);
1752 * x509_certificate_check_signature - Verify certificate signature
1753 * @issuer: Issuer certificate
1754 * @cert: Certificate to be verified
1755 * Returns: 0 if cert has a valid signature that was signed by the issuer,
1758 int x509_certificate_check_signature(struct x509_certificate *issuer,
1759 struct x509_certificate *cert)
1761 return x509_check_signature(issuer, &cert->signature,
1762 cert->sign_value, cert->sign_value_len,
1763 cert->tbs_cert_start, cert->tbs_cert_len);
1767 int x509_check_signature(struct x509_certificate *issuer,
1768 struct x509_algorithm_identifier *signature,
1769 const u8 *sign_value, size_t sign_value_len,
1770 const u8 *signed_data, size_t signed_data_len)
1772 struct crypto_public_key *pk;
1774 const u8 *pos, *end, *next, *da_end;
1776 struct asn1_hdr hdr;
1777 struct asn1_oid oid;
1780 const u8 *addr[1] = { signed_data };
1781 size_t len[1] = { signed_data_len };
1783 if (!x509_pkcs_oid(&signature->oid) ||
1784 signature->oid.len != 7 ||
1785 signature->oid.oid[5] != 1 /* pkcs-1 */) {
1786 wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
1791 pk = crypto_public_key_import(issuer->public_key,
1792 issuer->public_key_len);
1796 data_len = sign_value_len;
1797 data = os_malloc(data_len);
1799 crypto_public_key_free(pk);
1803 if (crypto_public_key_decrypt_pkcs1(pk, sign_value,
1804 sign_value_len, data,
1806 wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
1807 crypto_public_key_free(pk);
1811 crypto_public_key_free(pk);
1813 wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
1816 * PKCS #1 v1.5, 10.1.2:
1818 * DigestInfo ::= SEQUENCE {
1819 * digestAlgorithm DigestAlgorithmIdentifier,
1823 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1825 * Digest ::= OCTET STRING
1828 if (asn1_get_next(data, data_len, &hdr) < 0 ||
1829 hdr.class != ASN1_CLASS_UNIVERSAL ||
1830 hdr.tag != ASN1_TAG_SEQUENCE) {
1831 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1832 "(DigestInfo) - found class %d tag 0x%x",
1833 hdr.class, hdr.tag);
1839 end = pos + hdr.length;
1843 * AlgorithmIdentifier ::= SEQUENCE {
1844 * algorithm OBJECT IDENTIFIER,
1845 * parameters ANY DEFINED BY algorithm OPTIONAL
1849 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1850 hdr.class != ASN1_CLASS_UNIVERSAL ||
1851 hdr.tag != ASN1_TAG_SEQUENCE) {
1852 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1853 "(AlgorithmIdentifier) - found class %d tag 0x%x",
1854 hdr.class, hdr.tag);
1858 da_end = hdr.payload + hdr.length;
1860 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
1861 wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
1866 if (x509_sha1_oid(&oid)) {
1867 if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
1868 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
1869 "does not match with certificate "
1870 "signatureAlgorithm (%lu)",
1871 signature->oid.oid[6]);
1875 goto skip_digest_oid;
1878 if (x509_sha256_oid(&oid)) {
1879 if (signature->oid.oid[6] !=
1880 11 /* sha2561WithRSAEncryption */) {
1881 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
1882 "does not match with certificate "
1883 "signatureAlgorithm (%lu)",
1884 signature->oid.oid[6]);
1888 goto skip_digest_oid;
1891 if (x509_sha384_oid(&oid)) {
1892 if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) {
1893 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 "
1894 "does not match with certificate "
1895 "signatureAlgorithm (%lu)",
1896 signature->oid.oid[6]);
1900 goto skip_digest_oid;
1903 if (x509_sha512_oid(&oid)) {
1904 if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) {
1905 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 "
1906 "does not match with certificate "
1907 "signatureAlgorithm (%lu)",
1908 signature->oid.oid[6]);
1912 goto skip_digest_oid;
1915 if (!x509_digest_oid(&oid)) {
1916 wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
1920 switch (oid.oid[5]) {
1922 if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) {
1923 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
1924 "not match with certificate "
1925 "signatureAlgorithm (%lu)",
1926 signature->oid.oid[6]);
1934 wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
1935 "(%lu)", oid.oid[5]);
1941 /* Digest ::= OCTET STRING */
1943 end = data + data_len;
1945 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1946 hdr.class != ASN1_CLASS_UNIVERSAL ||
1947 hdr.tag != ASN1_TAG_OCTETSTRING) {
1948 wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
1949 "(Digest) - found class %d tag 0x%x",
1950 hdr.class, hdr.tag);
1954 wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
1955 hdr.payload, hdr.length);
1957 switch (signature->oid.oid[6]) {
1958 case 4: /* md5WithRSAEncryption */
1959 md5_vector(1, addr, len, hash);
1961 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
1964 case 5: /* sha-1WithRSAEncryption */
1965 sha1_vector(1, addr, len, hash);
1967 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
1970 case 11: /* sha256WithRSAEncryption */
1971 sha256_vector(1, addr, len, hash);
1973 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
1976 case 12: /* sha384WithRSAEncryption */
1977 sha384_vector(1, addr, len, hash);
1979 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)",
1982 case 13: /* sha512WithRSAEncryption */
1983 sha512_vector(1, addr, len, hash);
1985 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)",
1988 case 2: /* md2WithRSAEncryption */
1990 wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
1991 "algorithm (%lu)", signature->oid.oid[6]);
1996 if (hdr.length != hash_len ||
1997 os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
1998 wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
1999 "with calculated tbsCertificate hash");
2004 if (hdr.payload + hdr.length < data + data_len) {
2005 wpa_hexdump(MSG_INFO,
2006 "X509: Extra data after certificate signature hash",
2007 hdr.payload + hdr.length,
2008 data + data_len - hdr.payload - hdr.length);
2015 wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
2016 "calculated tbsCertificate hash");
2022 static int x509_valid_issuer(const struct x509_certificate *cert)
2024 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
2026 wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
2031 if (cert->version == X509_CERT_V3 &&
2032 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
2033 wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
2034 "include BasicConstraints extension");
2038 if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
2039 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
2040 wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
2041 "keyCertSign bit in Key Usage");
2050 * x509_certificate_chain_validate - Validate X.509 certificate chain
2051 * @trusted: List of trusted certificates
2052 * @chain: Certificate chain to be validated (first chain must be issued by
2053 * signed by the second certificate in the chain and so on)
2054 * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
2055 * Returns: 0 if chain is valid, -1 if not
2057 int x509_certificate_chain_validate(struct x509_certificate *trusted,
2058 struct x509_certificate *chain,
2059 int *reason, int disable_time_checks)
2062 int chain_trusted = 0;
2063 struct x509_certificate *cert, *trust;
2067 *reason = X509_VALIDATE_OK;
2069 wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
2072 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
2073 cert->issuer_trusted = 0;
2074 x509_name_string(&cert->subject, buf, sizeof(buf));
2075 wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
2080 if (!disable_time_checks &&
2081 ((unsigned long) now.sec <
2082 (unsigned long) cert->not_before ||
2083 (unsigned long) now.sec >
2084 (unsigned long) cert->not_after)) {
2085 wpa_printf(MSG_INFO, "X509: Certificate not valid "
2086 "(now=%lu not_before=%lu not_after=%lu)",
2087 now.sec, cert->not_before, cert->not_after);
2088 *reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
2093 if (x509_name_compare(&cert->issuer,
2094 &cert->next->subject) != 0) {
2095 wpa_printf(MSG_DEBUG, "X509: Certificate "
2096 "chain issuer name mismatch");
2097 x509_name_string(&cert->issuer, buf,
2099 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
2101 x509_name_string(&cert->next->subject, buf,
2103 wpa_printf(MSG_DEBUG, "X509: next cert "
2104 "subject: %s", buf);
2105 *reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
2109 if (x509_valid_issuer(cert->next) < 0) {
2110 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2114 if ((cert->next->extensions_present &
2115 X509_EXT_PATH_LEN_CONSTRAINT) &&
2116 idx > cert->next->path_len_constraint) {
2117 wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
2118 " not met (idx=%lu issuer "
2119 "pathLenConstraint=%lu)", idx,
2120 cert->next->path_len_constraint);
2121 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2125 if (x509_certificate_check_signature(cert->next, cert)
2127 wpa_printf(MSG_DEBUG, "X509: Invalid "
2128 "certificate signature within "
2130 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2135 for (trust = trusted; trust; trust = trust->next) {
2136 if (x509_name_compare(&cert->issuer, &trust->subject)
2142 wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
2143 "list of trusted certificates");
2144 if (x509_valid_issuer(trust) < 0) {
2145 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2149 if (x509_certificate_check_signature(trust, cert) < 0)
2151 wpa_printf(MSG_DEBUG, "X509: Invalid "
2152 "certificate signature");
2153 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2157 wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
2158 "found to complete the chain");
2159 cert->issuer_trusted = 1;
2164 if (!chain_trusted) {
2165 wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
2166 "from the list of trusted certificates");
2168 *reason = X509_VALIDATE_UNKNOWN_CA;
2171 wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
2172 "disabled - ignore unknown CA issue");
2175 wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
2182 * x509_certificate_get_subject - Get a certificate based on Subject name
2183 * @chain: Certificate chain to search through
2184 * @name: Subject name to search for
2185 * Returns: Pointer to the certificate with the given Subject name or
2188 struct x509_certificate *
2189 x509_certificate_get_subject(struct x509_certificate *chain,
2190 struct x509_name *name)
2192 struct x509_certificate *cert;
2194 for (cert = chain; cert; cert = cert->next) {
2195 if (x509_name_compare(&cert->subject, name) == 0)
2203 * x509_certificate_self_signed - Is the certificate self-signed?
2204 * @cert: Certificate
2205 * Returns: 1 if certificate is self-signed, 0 if not
2207 int x509_certificate_self_signed(struct x509_certificate *cert)
2209 return x509_name_compare(&cert->issuer, &cert->subject) == 0;