2 * X.509v3 certificate parsing and processing (RFC 3280 profile)
3 * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/crypto.h"
17 static void x509_free_name(struct x509_name *name)
21 for (i = 0; i < name->num_attr; i++) {
22 os_free(name->attr[i].value);
23 name->attr[i].value = NULL;
24 name->attr[i].type = X509_NAME_ATTR_NOT_USED;
30 os_free(name->alt_email);
34 name->alt_email = name->dns = name->uri = NULL;
37 os_memset(&name->rid, 0, sizeof(name->rid));
42 * x509_certificate_free - Free an X.509 certificate
43 * @cert: Certificate to be freed
45 void x509_certificate_free(struct x509_certificate *cert)
50 wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
51 "was still on a list (next=%p)\n",
54 x509_free_name(&cert->issuer);
55 x509_free_name(&cert->subject);
56 os_free(cert->public_key);
57 os_free(cert->sign_value);
63 * x509_certificate_free - Free an X.509 certificate chain
64 * @cert: Pointer to the first certificate in the chain
66 void x509_certificate_chain_free(struct x509_certificate *cert)
68 struct x509_certificate *next;
73 x509_certificate_free(cert);
79 static int x509_whitespace(char c)
81 return c == ' ' || c == '\t';
85 static void x509_str_strip_whitespace(char *a)
88 int remove_whitespace = 1;
93 if (remove_whitespace && x509_whitespace(*ipos))
96 remove_whitespace = x509_whitespace(*ipos);
102 if (opos > a && x509_whitespace(*opos))
107 static int x509_str_compare(const char *a, const char *b)
122 if (aa == NULL || bb == NULL) {
125 return os_strcasecmp(a, b);
128 x509_str_strip_whitespace(aa);
129 x509_str_strip_whitespace(bb);
131 ret = os_strcasecmp(aa, bb);
141 * x509_name_compare - Compare X.509 certificate names
142 * @a: Certificate name
143 * @b: Certificate name
144 * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
147 int x509_name_compare(struct x509_name *a, struct x509_name *b)
158 if (a->num_attr < b->num_attr)
160 if (a->num_attr > b->num_attr)
163 for (i = 0; i < a->num_attr; i++) {
164 if (a->attr[i].type < b->attr[i].type)
166 if (a->attr[i].type > b->attr[i].type)
168 res = x509_str_compare(a->attr[i].value, b->attr[i].value);
172 res = x509_str_compare(a->email, b->email);
180 static int x509_parse_algorithm_identifier(
181 const u8 *buf, size_t len,
182 struct x509_algorithm_identifier *id, const u8 **next)
188 * AlgorithmIdentifier ::= SEQUENCE {
189 * algorithm OBJECT IDENTIFIER,
190 * parameters ANY DEFINED BY algorithm OPTIONAL
194 if (asn1_get_next(buf, len, &hdr) < 0 ||
195 hdr.class != ASN1_CLASS_UNIVERSAL ||
196 hdr.tag != ASN1_TAG_SEQUENCE) {
197 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
198 "(AlgorithmIdentifier) - found class %d tag 0x%x",
202 if (hdr.length > buf + len - hdr.payload)
205 end = pos + hdr.length;
209 if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
212 /* TODO: optional parameters */
218 static int x509_parse_public_key(const u8 *buf, size_t len,
219 struct x509_certificate *cert,
226 * SubjectPublicKeyInfo ::= SEQUENCE {
227 * algorithm AlgorithmIdentifier,
228 * subjectPublicKey BIT STRING
235 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
236 hdr.class != ASN1_CLASS_UNIVERSAL ||
237 hdr.tag != ASN1_TAG_SEQUENCE) {
238 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
239 "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
245 if (hdr.length > end - pos)
247 end = pos + hdr.length;
250 if (x509_parse_algorithm_identifier(pos, end - pos,
251 &cert->public_key_alg, &pos))
254 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
255 hdr.class != ASN1_CLASS_UNIVERSAL ||
256 hdr.tag != ASN1_TAG_BITSTRING) {
257 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
258 "(subjectPublicKey) - found class %d tag 0x%x",
266 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
269 * TODO: should this be rejected? X.509 certificates are
270 * unlikely to use such a construction. Now we would end up
271 * including the extra bits in the buffer which may also be
275 os_free(cert->public_key);
276 cert->public_key = os_malloc(hdr.length - 1);
277 if (cert->public_key == NULL) {
278 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
282 os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
283 cert->public_key_len = hdr.length - 1;
284 wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
285 cert->public_key, cert->public_key_len);
291 static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
295 const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
300 * Name ::= CHOICE { RDNSequence }
301 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
302 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
303 * AttributeTypeAndValue ::= SEQUENCE {
304 * type AttributeType,
305 * value AttributeValue
307 * AttributeType ::= OBJECT IDENTIFIER
308 * AttributeValue ::= ANY DEFINED BY AttributeType
311 if (asn1_get_next(buf, len, &hdr) < 0 ||
312 hdr.class != ASN1_CLASS_UNIVERSAL ||
313 hdr.tag != ASN1_TAG_SEQUENCE) {
314 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
315 "(Name / RDNSequencer) - found class %d tag 0x%x",
321 if (hdr.length > buf + len - pos)
324 end = *next = pos + hdr.length;
327 enum x509_name_attr_type type;
329 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
330 hdr.class != ASN1_CLASS_UNIVERSAL ||
331 hdr.tag != ASN1_TAG_SET) {
332 wpa_printf(MSG_DEBUG, "X509: Expected SET "
333 "(RelativeDistinguishedName) - found class "
334 "%d tag 0x%x", hdr.class, hdr.tag);
335 x509_free_name(name);
339 set_pos = hdr.payload;
340 pos = set_end = hdr.payload + hdr.length;
342 if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
343 hdr.class != ASN1_CLASS_UNIVERSAL ||
344 hdr.tag != ASN1_TAG_SEQUENCE) {
345 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
346 "(AttributeTypeAndValue) - found class %d "
347 "tag 0x%x", hdr.class, hdr.tag);
348 x509_free_name(name);
352 seq_pos = hdr.payload;
353 seq_end = hdr.payload + hdr.length;
355 if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
356 x509_free_name(name);
360 if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
361 hdr.class != ASN1_CLASS_UNIVERSAL) {
362 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
364 x509_free_name(name);
369 * MUST: country, organization, organizational-unit,
370 * distinguished name qualifier, state or province name,
371 * common name, serial number.
372 * SHOULD: locality, title, surname, given name, initials,
373 * pseudonym, generation qualifier.
374 * MUST: domainComponent (RFC 2247).
376 type = X509_NAME_ATTR_NOT_USED;
378 oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
379 /* id-at ::= 2.5.4 */
380 switch (oid.oid[3]) {
383 type = X509_NAME_ATTR_CN;
387 type = X509_NAME_ATTR_C;
391 type = X509_NAME_ATTR_L;
394 /* stateOrProvinceName */
395 type = X509_NAME_ATTR_ST;
398 /* organizationName */
399 type = X509_NAME_ATTR_O;
402 /* organizationalUnitName */
403 type = X509_NAME_ATTR_OU;
406 } else if (oid.len == 7 &&
407 oid.oid[0] == 1 && oid.oid[1] == 2 &&
408 oid.oid[2] == 840 && oid.oid[3] == 113549 &&
409 oid.oid[4] == 1 && oid.oid[5] == 9 &&
411 /* 1.2.840.113549.1.9.1 - e-mailAddress */
412 os_free(name->email);
413 name->email = os_malloc(hdr.length + 1);
414 if (name->email == NULL) {
415 x509_free_name(name);
418 os_memcpy(name->email, hdr.payload, hdr.length);
419 name->email[hdr.length] = '\0';
421 } else if (oid.len == 7 &&
422 oid.oid[0] == 0 && oid.oid[1] == 9 &&
423 oid.oid[2] == 2342 && oid.oid[3] == 19200300 &&
424 oid.oid[4] == 100 && oid.oid[5] == 1 &&
426 /* 0.9.2342.19200300.100.1.25 - domainComponent */
427 type = X509_NAME_ATTR_DC;
430 if (type == X509_NAME_ATTR_NOT_USED) {
431 wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
433 oid.len * sizeof(oid.oid[0]));
434 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
435 hdr.payload, hdr.length);
439 if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) {
440 wpa_printf(MSG_INFO, "X509: Too many Name attributes");
441 x509_free_name(name);
445 val = dup_binstr(hdr.payload, hdr.length);
447 x509_free_name(name);
450 if (os_strlen(val) != hdr.length) {
451 wpa_printf(MSG_INFO, "X509: Reject certificate with "
452 "embedded NUL byte in a string (%s[NUL])",
455 x509_free_name(name);
459 name->attr[name->num_attr].type = type;
460 name->attr[name->num_attr].value = val;
468 static char * x509_name_attr_str(enum x509_name_attr_type type)
471 case X509_NAME_ATTR_NOT_USED:
473 case X509_NAME_ATTR_DC:
475 case X509_NAME_ATTR_CN:
477 case X509_NAME_ATTR_C:
479 case X509_NAME_ATTR_L:
481 case X509_NAME_ATTR_ST:
483 case X509_NAME_ATTR_O:
485 case X509_NAME_ATTR_OU:
493 * x509_name_string - Convert an X.509 certificate name into a string
494 * @name: Name to convert
495 * @buf: Buffer for the string
496 * @len: Maximum buffer length
498 void x509_name_string(struct x509_name *name, char *buf, size_t len)
510 for (i = 0; i < name->num_attr; i++) {
511 ret = os_snprintf(pos, end - pos, "%s=%s, ",
512 x509_name_attr_str(name->attr[i].type),
513 name->attr[i].value);
514 if (os_snprintf_error(end - pos, ret))
519 if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
527 ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
529 if (os_snprintf_error(end - pos, ret))
539 static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag,
543 int year, month, day, hour, min, sec;
548 * generalTime GeneralizedTime
551 * UTCTime: YYMMDDHHMMSSZ
552 * GeneralizedTime: YYYYMMDDHHMMSSZ
555 pos = (const char *) buf;
558 case ASN1_TAG_UTCTIME:
559 if (len != 13 || buf[12] != 'Z') {
560 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
561 "UTCTime format", buf, len);
564 if (sscanf(pos, "%02d", &year) != 1) {
565 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
566 "UTCTime year", buf, len);
575 case ASN1_TAG_GENERALIZEDTIME:
576 if (len != 15 || buf[14] != 'Z') {
577 wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
578 "GeneralizedTime format", buf, len);
581 if (sscanf(pos, "%04d", &year) != 1) {
582 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
583 "GeneralizedTime year", buf, len);
589 wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
590 "GeneralizedTime - found tag 0x%x", asn1_tag);
594 if (sscanf(pos, "%02d", &month) != 1) {
595 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
596 "(month)", buf, len);
601 if (sscanf(pos, "%02d", &day) != 1) {
602 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
608 if (sscanf(pos, "%02d", &hour) != 1) {
609 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
615 if (sscanf(pos, "%02d", &min) != 1) {
616 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
622 if (sscanf(pos, "%02d", &sec) != 1) {
623 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
628 if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
629 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
633 * At least some test certificates have been configured
634 * to use dates prior to 1970. Set the date to
635 * beginning of 1970 to handle these case.
637 wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
638 "assume epoch as the time", year);
649 static int x509_parse_validity(const u8 *buf, size_t len,
650 struct x509_certificate *cert, const u8 **next)
657 * Validity ::= SEQUENCE {
663 * CAs conforming to this profile MUST always encode certificate
664 * validity dates through the year 2049 as UTCTime; certificate
665 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
668 if (asn1_get_next(buf, len, &hdr) < 0 ||
669 hdr.class != ASN1_CLASS_UNIVERSAL ||
670 hdr.tag != ASN1_TAG_SEQUENCE) {
671 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
672 "(Validity) - found class %d tag 0x%x",
679 if (plen > (size_t) (buf + len - pos))
684 if (asn1_get_next(pos, plen, &hdr) < 0 ||
685 hdr.class != ASN1_CLASS_UNIVERSAL ||
686 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
687 &cert->not_before) < 0) {
688 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
689 "Time", hdr.payload, hdr.length);
693 pos = hdr.payload + hdr.length;
696 if (asn1_get_next(pos, plen, &hdr) < 0 ||
697 hdr.class != ASN1_CLASS_UNIVERSAL ||
698 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
699 &cert->not_after) < 0) {
700 wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
701 "Time", hdr.payload, hdr.length);
705 wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
706 (unsigned long) cert->not_before,
707 (unsigned long) cert->not_after);
713 static int x509_id_ce_oid(struct asn1_oid *oid)
715 /* id-ce arc from X.509 for standard X.509v3 extensions */
716 return oid->len >= 4 &&
717 oid->oid[0] == 2 /* joint-iso-ccitt */ &&
718 oid->oid[1] == 5 /* ds */ &&
719 oid->oid[2] == 29 /* id-ce */;
723 static int x509_any_ext_key_usage_oid(struct asn1_oid *oid)
725 return oid->len == 6 &&
726 x509_id_ce_oid(oid) &&
727 oid->oid[3] == 37 /* extKeyUsage */ &&
728 oid->oid[4] == 0 /* anyExtendedKeyUsage */;
732 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
733 const u8 *pos, size_t len)
738 * KeyUsage ::= BIT STRING {
739 * digitalSignature (0),
740 * nonRepudiation (1),
741 * keyEncipherment (2),
742 * dataEncipherment (3),
750 if (asn1_get_next(pos, len, &hdr) < 0 ||
751 hdr.class != ASN1_CLASS_UNIVERSAL ||
752 hdr.tag != ASN1_TAG_BITSTRING ||
754 wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
755 "KeyUsage; found %d tag 0x%x len %d",
756 hdr.class, hdr.tag, hdr.length);
760 cert->extensions_present |= X509_EXT_KEY_USAGE;
761 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
763 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
769 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
770 const u8 *pos, size_t len)
777 * BasicConstraints ::= SEQUENCE {
778 * cA BOOLEAN DEFAULT FALSE,
779 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
782 if (asn1_get_next(pos, len, &hdr) < 0 ||
783 hdr.class != ASN1_CLASS_UNIVERSAL ||
784 hdr.tag != ASN1_TAG_SEQUENCE) {
785 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
786 "BasicConstraints; found %d tag 0x%x",
791 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
796 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
797 hdr.class != ASN1_CLASS_UNIVERSAL) {
798 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
803 if (hdr.tag == ASN1_TAG_BOOLEAN) {
804 if (hdr.length != 1) {
805 wpa_printf(MSG_DEBUG, "X509: Unexpected "
806 "Boolean length (%u) in BasicConstraints",
810 cert->ca = hdr.payload[0];
812 if (hdr.length == pos + len - hdr.payload) {
813 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
818 if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
820 hdr.class != ASN1_CLASS_UNIVERSAL) {
821 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
827 if (hdr.tag != ASN1_TAG_INTEGER) {
828 wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
829 "BasicConstraints; found class %d tag 0x%x",
843 cert->path_len_constraint = value;
844 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
846 wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
847 "pathLenConstraint=%lu",
848 cert->ca, cert->path_len_constraint);
854 static int x509_parse_alt_name_rfc8222(struct x509_name *name,
855 const u8 *pos, size_t len)
857 /* rfc822Name IA5String */
858 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
859 os_free(name->alt_email);
860 name->alt_email = os_zalloc(len + 1);
861 if (name->alt_email == NULL)
863 os_memcpy(name->alt_email, pos, len);
864 if (os_strlen(name->alt_email) != len) {
865 wpa_printf(MSG_INFO, "X509: Reject certificate with "
866 "embedded NUL byte in rfc822Name (%s[NUL])",
868 os_free(name->alt_email);
869 name->alt_email = NULL;
876 static int x509_parse_alt_name_dns(struct x509_name *name,
877 const u8 *pos, size_t len)
879 /* dNSName IA5String */
880 wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
882 name->dns = os_zalloc(len + 1);
883 if (name->dns == NULL)
885 os_memcpy(name->dns, pos, len);
886 if (os_strlen(name->dns) != len) {
887 wpa_printf(MSG_INFO, "X509: Reject certificate with "
888 "embedded NUL byte in dNSName (%s[NUL])",
898 static int x509_parse_alt_name_uri(struct x509_name *name,
899 const u8 *pos, size_t len)
901 /* uniformResourceIdentifier IA5String */
902 wpa_hexdump_ascii(MSG_MSGDUMP,
903 "X509: altName - uniformResourceIdentifier",
906 name->uri = os_zalloc(len + 1);
907 if (name->uri == NULL)
909 os_memcpy(name->uri, pos, len);
910 if (os_strlen(name->uri) != len) {
911 wpa_printf(MSG_INFO, "X509: Reject certificate with "
912 "embedded NUL byte in uniformResourceIdentifier "
913 "(%s[NUL])", name->uri);
922 static int x509_parse_alt_name_ip(struct x509_name *name,
923 const u8 *pos, size_t len)
925 /* iPAddress OCTET STRING */
926 wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
928 name->ip = os_malloc(len);
929 if (name->ip == NULL)
931 os_memcpy(name->ip, pos, len);
937 static int x509_parse_alt_name_rid(struct x509_name *name,
938 const u8 *pos, size_t len)
942 /* registeredID OBJECT IDENTIFIER */
943 if (asn1_parse_oid(pos, len, &name->rid) < 0)
946 asn1_oid_to_str(&name->rid, buf, sizeof(buf));
947 wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
953 static int x509_parse_ext_alt_name(struct x509_name *name,
954 const u8 *pos, size_t len)
960 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
962 * GeneralName ::= CHOICE {
963 * otherName [0] OtherName,
964 * rfc822Name [1] IA5String,
965 * dNSName [2] IA5String,
966 * x400Address [3] ORAddress,
967 * directoryName [4] Name,
968 * ediPartyName [5] EDIPartyName,
969 * uniformResourceIdentifier [6] IA5String,
970 * iPAddress [7] OCTET STRING,
971 * registeredID [8] OBJECT IDENTIFIER }
973 * OtherName ::= SEQUENCE {
974 * type-id OBJECT IDENTIFIER,
975 * value [0] EXPLICIT ANY DEFINED BY type-id }
977 * EDIPartyName ::= SEQUENCE {
978 * nameAssigner [0] DirectoryString OPTIONAL,
979 * partyName [1] DirectoryString }
982 for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
985 if (asn1_get_next(p, end - p, &hdr) < 0) {
986 wpa_printf(MSG_DEBUG, "X509: Failed to parse "
987 "SubjectAltName item");
991 if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
996 res = x509_parse_alt_name_rfc8222(name, hdr.payload,
1000 res = x509_parse_alt_name_dns(name, hdr.payload,
1004 res = x509_parse_alt_name_uri(name, hdr.payload,
1008 res = x509_parse_alt_name_ip(name, hdr.payload,
1012 res = x509_parse_alt_name_rid(name, hdr.payload,
1015 case 0: /* TODO: otherName */
1016 case 3: /* TODO: x500Address */
1017 case 4: /* TODO: directoryName */
1018 case 5: /* TODO: ediPartyName */
1031 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1032 const u8 *pos, size_t len)
1034 struct asn1_hdr hdr;
1036 /* SubjectAltName ::= GeneralNames */
1038 if (asn1_get_next(pos, len, &hdr) < 0 ||
1039 hdr.class != ASN1_CLASS_UNIVERSAL ||
1040 hdr.tag != ASN1_TAG_SEQUENCE) {
1041 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1042 "SubjectAltName; found %d tag 0x%x",
1043 hdr.class, hdr.tag);
1047 wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
1048 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1050 if (hdr.length == 0)
1053 return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1058 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1059 const u8 *pos, size_t len)
1061 struct asn1_hdr hdr;
1063 /* IssuerAltName ::= GeneralNames */
1065 if (asn1_get_next(pos, len, &hdr) < 0 ||
1066 hdr.class != ASN1_CLASS_UNIVERSAL ||
1067 hdr.tag != ASN1_TAG_SEQUENCE) {
1068 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1069 "IssuerAltName; found %d tag 0x%x",
1070 hdr.class, hdr.tag);
1074 wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
1075 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1077 if (hdr.length == 0)
1080 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1085 static int x509_id_pkix_oid(struct asn1_oid *oid)
1087 return oid->len >= 7 &&
1088 oid->oid[0] == 1 /* iso */ &&
1089 oid->oid[1] == 3 /* identified-organization */ &&
1090 oid->oid[2] == 6 /* dod */ &&
1091 oid->oid[3] == 1 /* internet */ &&
1092 oid->oid[4] == 5 /* security */ &&
1093 oid->oid[5] == 5 /* mechanisms */ &&
1094 oid->oid[6] == 7 /* id-pkix */;
1098 static int x509_id_kp_oid(struct asn1_oid *oid)
1101 return oid->len >= 8 &&
1102 x509_id_pkix_oid(oid) &&
1103 oid->oid[7] == 3 /* id-kp */;
1107 static int x509_id_kp_server_auth_oid(struct asn1_oid *oid)
1110 return oid->len == 9 &&
1111 x509_id_kp_oid(oid) &&
1112 oid->oid[8] == 1 /* id-kp-serverAuth */;
1116 static int x509_id_kp_client_auth_oid(struct asn1_oid *oid)
1119 return oid->len == 9 &&
1120 x509_id_kp_oid(oid) &&
1121 oid->oid[8] == 2 /* id-kp-clientAuth */;
1125 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
1126 const u8 *pos, size_t len)
1128 struct asn1_hdr hdr;
1130 struct asn1_oid oid;
1133 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
1135 * KeyPurposeId ::= OBJECT IDENTIFIER
1138 if (asn1_get_next(pos, len, &hdr) < 0 ||
1139 hdr.class != ASN1_CLASS_UNIVERSAL ||
1140 hdr.tag != ASN1_TAG_SEQUENCE) {
1141 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1142 "(ExtKeyUsageSyntax) - found class %d tag 0x%x",
1143 hdr.class, hdr.tag);
1146 if (hdr.length > pos + len - hdr.payload)
1149 end = pos + hdr.length;
1151 wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos);
1156 if (asn1_get_oid(pos, end - pos, &oid, &pos))
1158 if (x509_any_ext_key_usage_oid(&oid)) {
1159 os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf));
1160 cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY;
1161 } else if (x509_id_kp_server_auth_oid(&oid)) {
1162 os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf));
1163 cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH;
1164 } else if (x509_id_kp_client_auth_oid(&oid)) {
1165 os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf));
1166 cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
1168 asn1_oid_to_str(&oid, buf, sizeof(buf));
1170 wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf);
1173 cert->extensions_present |= X509_EXT_EXT_KEY_USAGE;
1179 static int x509_parse_extension_data(struct x509_certificate *cert,
1180 struct asn1_oid *oid,
1181 const u8 *pos, size_t len)
1183 if (!x509_id_ce_oid(oid))
1186 /* TODO: add other extensions required by RFC 3280, Ch 4.2:
1187 * certificate policies (section 4.2.1.5)
1188 * name constraints (section 4.2.1.11)
1189 * policy constraints (section 4.2.1.12)
1190 * inhibit any-policy (section 4.2.1.15)
1192 switch (oid->oid[3]) {
1193 case 15: /* id-ce-keyUsage */
1194 return x509_parse_ext_key_usage(cert, pos, len);
1195 case 17: /* id-ce-subjectAltName */
1196 return x509_parse_ext_subject_alt_name(cert, pos, len);
1197 case 18: /* id-ce-issuerAltName */
1198 return x509_parse_ext_issuer_alt_name(cert, pos, len);
1199 case 19: /* id-ce-basicConstraints */
1200 return x509_parse_ext_basic_constraints(cert, pos, len);
1201 case 37: /* id-ce-extKeyUsage */
1202 return x509_parse_ext_ext_key_usage(cert, pos, len);
1209 static int x509_parse_extension(struct x509_certificate *cert,
1210 const u8 *pos, size_t len, const u8 **next)
1213 struct asn1_hdr hdr;
1214 struct asn1_oid oid;
1215 int critical_ext = 0, res;
1219 * Extension ::= SEQUENCE {
1220 * extnID OBJECT IDENTIFIER,
1221 * critical BOOLEAN DEFAULT FALSE,
1222 * extnValue OCTET STRING
1226 if (asn1_get_next(pos, len, &hdr) < 0 ||
1227 hdr.class != ASN1_CLASS_UNIVERSAL ||
1228 hdr.tag != ASN1_TAG_SEQUENCE) {
1229 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1230 "Extensions: class %d tag 0x%x; expected SEQUENCE",
1231 hdr.class, hdr.tag);
1235 *next = end = pos + hdr.length;
1237 if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
1238 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
1239 "Extension (expected OID)");
1243 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1244 hdr.class != ASN1_CLASS_UNIVERSAL ||
1245 (hdr.tag != ASN1_TAG_BOOLEAN &&
1246 hdr.tag != ASN1_TAG_OCTETSTRING)) {
1247 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1248 "Extensions: class %d tag 0x%x; expected BOOLEAN "
1249 "or OCTET STRING", hdr.class, hdr.tag);
1253 if (hdr.tag == ASN1_TAG_BOOLEAN) {
1254 if (hdr.length != 1) {
1255 wpa_printf(MSG_DEBUG, "X509: Unexpected "
1256 "Boolean length (%u)", hdr.length);
1259 critical_ext = hdr.payload[0];
1261 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1262 (hdr.class != ASN1_CLASS_UNIVERSAL &&
1263 hdr.class != ASN1_CLASS_PRIVATE) ||
1264 hdr.tag != ASN1_TAG_OCTETSTRING) {
1265 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
1266 "in Extensions: class %d tag 0x%x; "
1267 "expected OCTET STRING",
1268 hdr.class, hdr.tag);
1273 asn1_oid_to_str(&oid, buf, sizeof(buf));
1274 wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
1276 wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
1278 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1281 if (res == 1 && critical_ext) {
1282 wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
1291 static int x509_parse_extensions(struct x509_certificate *cert,
1292 const u8 *pos, size_t len)
1295 struct asn1_hdr hdr;
1297 /* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */
1299 if (asn1_get_next(pos, len, &hdr) < 0 ||
1300 hdr.class != ASN1_CLASS_UNIVERSAL ||
1301 hdr.tag != ASN1_TAG_SEQUENCE) {
1302 wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
1303 "for Extensions: class %d tag 0x%x; "
1304 "expected SEQUENCE", hdr.class, hdr.tag);
1309 end = pos + hdr.length;
1312 if (x509_parse_extension(cert, pos, end - pos, &pos)
1321 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
1322 struct x509_certificate *cert,
1325 struct asn1_hdr hdr;
1326 const u8 *pos, *end;
1329 unsigned long value;
1331 /* tbsCertificate TBSCertificate ::= SEQUENCE */
1332 if (asn1_get_next(buf, len, &hdr) < 0 ||
1333 hdr.class != ASN1_CLASS_UNIVERSAL ||
1334 hdr.tag != ASN1_TAG_SEQUENCE) {
1335 wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
1336 "with a valid SEQUENCE - found class %d tag 0x%x",
1337 hdr.class, hdr.tag);
1341 end = *next = pos + hdr.length;
1344 * version [0] EXPLICIT Version DEFAULT v1
1345 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1347 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1351 if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
1352 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1355 if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1356 hdr.tag != ASN1_TAG_INTEGER) {
1357 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1358 "version field - found class %d tag 0x%x",
1359 hdr.class, hdr.tag);
1362 if (hdr.length != 1) {
1363 wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
1364 "length %u (expected 1)", hdr.length);
1376 cert->version = value;
1377 if (cert->version != X509_CERT_V1 &&
1378 cert->version != X509_CERT_V2 &&
1379 cert->version != X509_CERT_V3) {
1380 wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
1385 if (asn1_get_next(pos, end - pos, &hdr) < 0)
1388 cert->version = X509_CERT_V1;
1389 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1391 /* serialNumber CertificateSerialNumber ::= INTEGER */
1392 if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1393 hdr.tag != ASN1_TAG_INTEGER) {
1394 wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1395 "serialNumber; class=%d tag=0x%x",
1396 hdr.class, hdr.tag);
1403 cert->serial_number <<= 8;
1404 cert->serial_number |= *pos++;
1407 wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
1409 /* signature AlgorithmIdentifier */
1410 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1415 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1417 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1418 wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
1420 /* validity Validity */
1421 if (x509_parse_validity(pos, end - pos, cert, &pos))
1425 if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1427 x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1428 wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
1430 /* subjectPublicKeyInfo SubjectPublicKeyInfo */
1431 if (x509_parse_public_key(pos, end - pos, cert, &pos))
1437 if (cert->version == X509_CERT_V1)
1440 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1441 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1442 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1443 " tag to parse optional tbsCertificate "
1444 "field(s); parsed class %d tag 0x%x",
1445 hdr.class, hdr.tag);
1450 /* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL */
1451 wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
1452 /* TODO: parse UniqueIdentifier ::= BIT STRING */
1454 pos = hdr.payload + hdr.length;
1458 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1459 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1460 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1461 " tag to parse optional tbsCertificate "
1462 "field(s); parsed class %d tag 0x%x",
1463 hdr.class, hdr.tag);
1469 /* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL */
1470 wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
1471 /* TODO: parse UniqueIdentifier ::= BIT STRING */
1473 pos = hdr.payload + hdr.length;
1477 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1478 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1479 wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1480 " tag to parse optional tbsCertificate "
1481 "field(s); parsed class %d tag 0x%x",
1482 hdr.class, hdr.tag);
1488 wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
1489 "Context-Specific tag %d in optional "
1490 "tbsCertificate fields", hdr.tag);
1494 /* extensions [3] EXPLICIT Extensions OPTIONAL */
1496 if (cert->version != X509_CERT_V3) {
1497 wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
1498 "Extensions data which are only allowed for "
1499 "version 3", cert->version + 1);
1503 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1506 pos = hdr.payload + hdr.length;
1508 wpa_hexdump(MSG_DEBUG,
1509 "X509: Ignored extra tbsCertificate data",
1517 static int x509_rsadsi_oid(struct asn1_oid *oid)
1519 return oid->len >= 4 &&
1520 oid->oid[0] == 1 /* iso */ &&
1521 oid->oid[1] == 2 /* member-body */ &&
1522 oid->oid[2] == 840 /* us */ &&
1523 oid->oid[3] == 113549 /* rsadsi */;
1527 static int x509_pkcs_oid(struct asn1_oid *oid)
1529 return oid->len >= 5 &&
1530 x509_rsadsi_oid(oid) &&
1531 oid->oid[4] == 1 /* pkcs */;
1535 static int x509_digest_oid(struct asn1_oid *oid)
1537 return oid->len >= 5 &&
1538 x509_rsadsi_oid(oid) &&
1539 oid->oid[4] == 2 /* digestAlgorithm */;
1543 static int x509_sha1_oid(struct asn1_oid *oid)
1545 return oid->len == 6 &&
1546 oid->oid[0] == 1 /* iso */ &&
1547 oid->oid[1] == 3 /* identified-organization */ &&
1548 oid->oid[2] == 14 /* oiw */ &&
1549 oid->oid[3] == 3 /* secsig */ &&
1550 oid->oid[4] == 2 /* algorithms */ &&
1551 oid->oid[5] == 26 /* id-sha1 */;
1555 static int x509_sha2_oid(struct asn1_oid *oid)
1557 return oid->len == 9 &&
1558 oid->oid[0] == 2 /* joint-iso-itu-t */ &&
1559 oid->oid[1] == 16 /* country */ &&
1560 oid->oid[2] == 840 /* us */ &&
1561 oid->oid[3] == 1 /* organization */ &&
1562 oid->oid[4] == 101 /* gov */ &&
1563 oid->oid[5] == 3 /* csor */ &&
1564 oid->oid[6] == 4 /* nistAlgorithm */ &&
1565 oid->oid[7] == 2 /* hashAlgs */;
1569 static int x509_sha256_oid(struct asn1_oid *oid)
1571 return x509_sha2_oid(oid) &&
1572 oid->oid[8] == 1 /* sha256 */;
1576 static int x509_sha384_oid(struct asn1_oid *oid)
1578 return x509_sha2_oid(oid) &&
1579 oid->oid[8] == 2 /* sha384 */;
1583 static int x509_sha512_oid(struct asn1_oid *oid)
1585 return x509_sha2_oid(oid) &&
1586 oid->oid[8] == 3 /* sha512 */;
1591 * x509_certificate_parse - Parse a X.509 certificate in DER format
1592 * @buf: Pointer to the X.509 certificate in DER format
1593 * @len: Buffer length
1594 * Returns: Pointer to the parsed certificate or %NULL on failure
1596 * Caller is responsible for freeing the returned certificate by calling
1597 * x509_certificate_free().
1599 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
1601 struct asn1_hdr hdr;
1602 const u8 *pos, *end, *hash_start;
1603 struct x509_certificate *cert;
1605 cert = os_zalloc(sizeof(*cert) + len);
1608 os_memcpy(cert + 1, buf, len);
1609 cert->cert_start = (u8 *) (cert + 1);
1610 cert->cert_len = len;
1615 /* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
1617 /* Certificate ::= SEQUENCE */
1618 if (asn1_get_next(pos, len, &hdr) < 0 ||
1619 hdr.class != ASN1_CLASS_UNIVERSAL ||
1620 hdr.tag != ASN1_TAG_SEQUENCE) {
1621 wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
1622 "a valid SEQUENCE - found class %d tag 0x%x",
1623 hdr.class, hdr.tag);
1624 x509_certificate_free(cert);
1629 if (hdr.length > end - pos) {
1630 x509_certificate_free(cert);
1634 if (hdr.length < end - pos) {
1635 wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
1636 "encoded certificate",
1637 pos + hdr.length, end - (pos + hdr.length));
1638 end = pos + hdr.length;
1642 cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1643 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1644 x509_certificate_free(cert);
1647 cert->tbs_cert_len = pos - hash_start;
1649 /* signatureAlgorithm AlgorithmIdentifier */
1650 if (x509_parse_algorithm_identifier(pos, end - pos,
1651 &cert->signature_alg, &pos)) {
1652 x509_certificate_free(cert);
1656 /* signatureValue BIT STRING */
1657 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1658 hdr.class != ASN1_CLASS_UNIVERSAL ||
1659 hdr.tag != ASN1_TAG_BITSTRING) {
1660 wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
1661 "(signatureValue) - found class %d tag 0x%x",
1662 hdr.class, hdr.tag);
1663 x509_certificate_free(cert);
1666 if (hdr.length < 1) {
1667 x509_certificate_free(cert);
1672 wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
1674 /* PKCS #1 v1.5 10.2.1:
1675 * It is an error if the length in bits of the signature S is
1676 * not a multiple of eight.
1678 x509_certificate_free(cert);
1681 os_free(cert->sign_value);
1682 cert->sign_value = os_malloc(hdr.length - 1);
1683 if (cert->sign_value == NULL) {
1684 wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
1686 x509_certificate_free(cert);
1689 os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1690 cert->sign_value_len = hdr.length - 1;
1691 wpa_hexdump(MSG_MSGDUMP, "X509: signature",
1692 cert->sign_value, cert->sign_value_len);
1699 * x509_certificate_check_signature - Verify certificate signature
1700 * @issuer: Issuer certificate
1701 * @cert: Certificate to be verified
1702 * Returns: 0 if cert has a valid signature that was signed by the issuer,
1705 int x509_certificate_check_signature(struct x509_certificate *issuer,
1706 struct x509_certificate *cert)
1708 struct crypto_public_key *pk;
1710 const u8 *pos, *end, *next, *da_end;
1712 struct asn1_hdr hdr;
1713 struct asn1_oid oid;
1717 if (!x509_pkcs_oid(&cert->signature.oid) ||
1718 cert->signature.oid.len != 7 ||
1719 cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
1720 wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
1725 pk = crypto_public_key_import(issuer->public_key,
1726 issuer->public_key_len);
1730 data_len = cert->sign_value_len;
1731 data = os_malloc(data_len);
1733 crypto_public_key_free(pk);
1737 if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
1738 cert->sign_value_len, data,
1740 wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
1741 crypto_public_key_free(pk);
1745 crypto_public_key_free(pk);
1747 wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
1750 * PKCS #1 v1.5, 10.1.2:
1752 * DigestInfo ::= SEQUENCE {
1753 * digestAlgorithm DigestAlgorithmIdentifier,
1757 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1759 * Digest ::= OCTET STRING
1762 if (asn1_get_next(data, data_len, &hdr) < 0 ||
1763 hdr.class != ASN1_CLASS_UNIVERSAL ||
1764 hdr.tag != ASN1_TAG_SEQUENCE) {
1765 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1766 "(DigestInfo) - found class %d tag 0x%x",
1767 hdr.class, hdr.tag);
1773 end = pos + hdr.length;
1777 * AlgorithmIdentifier ::= SEQUENCE {
1778 * algorithm OBJECT IDENTIFIER,
1779 * parameters ANY DEFINED BY algorithm OPTIONAL
1783 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1784 hdr.class != ASN1_CLASS_UNIVERSAL ||
1785 hdr.tag != ASN1_TAG_SEQUENCE) {
1786 wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1787 "(AlgorithmIdentifier) - found class %d tag 0x%x",
1788 hdr.class, hdr.tag);
1792 da_end = hdr.payload + hdr.length;
1794 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
1795 wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
1800 if (x509_sha1_oid(&oid)) {
1801 if (cert->signature.oid.oid[6] !=
1802 5 /* sha-1WithRSAEncryption */) {
1803 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
1804 "does not match with certificate "
1805 "signatureAlgorithm (%lu)",
1806 cert->signature.oid.oid[6]);
1810 goto skip_digest_oid;
1813 if (x509_sha256_oid(&oid)) {
1814 if (cert->signature.oid.oid[6] !=
1815 11 /* sha2561WithRSAEncryption */) {
1816 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
1817 "does not match with certificate "
1818 "signatureAlgorithm (%lu)",
1819 cert->signature.oid.oid[6]);
1823 goto skip_digest_oid;
1826 if (x509_sha384_oid(&oid)) {
1827 if (cert->signature.oid.oid[6] !=
1828 12 /* sha384WithRSAEncryption */) {
1829 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 "
1830 "does not match with certificate "
1831 "signatureAlgorithm (%lu)",
1832 cert->signature.oid.oid[6]);
1836 goto skip_digest_oid;
1839 if (x509_sha512_oid(&oid)) {
1840 if (cert->signature.oid.oid[6] !=
1841 13 /* sha512WithRSAEncryption */) {
1842 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 "
1843 "does not match with certificate "
1844 "signatureAlgorithm (%lu)",
1845 cert->signature.oid.oid[6]);
1849 goto skip_digest_oid;
1852 if (!x509_digest_oid(&oid)) {
1853 wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
1857 switch (oid.oid[5]) {
1859 if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
1861 wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
1862 "not match with certificate "
1863 "signatureAlgorithm (%lu)",
1864 cert->signature.oid.oid[6]);
1872 wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
1873 "(%lu)", oid.oid[5]);
1879 /* Digest ::= OCTET STRING */
1881 end = data + data_len;
1883 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1884 hdr.class != ASN1_CLASS_UNIVERSAL ||
1885 hdr.tag != ASN1_TAG_OCTETSTRING) {
1886 wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
1887 "(Digest) - found class %d tag 0x%x",
1888 hdr.class, hdr.tag);
1892 wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
1893 hdr.payload, hdr.length);
1895 switch (cert->signature.oid.oid[6]) {
1896 case 4: /* md5WithRSAEncryption */
1897 md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1900 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
1903 case 5: /* sha-1WithRSAEncryption */
1904 sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1907 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
1910 case 11: /* sha256WithRSAEncryption */
1911 sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1914 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
1917 case 12: /* sha384WithRSAEncryption */
1918 sha384_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1921 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)",
1924 case 13: /* sha512WithRSAEncryption */
1925 sha512_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1928 wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)",
1931 case 2: /* md2WithRSAEncryption */
1933 wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
1934 "algorithm (%lu)", cert->signature.oid.oid[6]);
1939 if (hdr.length != hash_len ||
1940 os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
1941 wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
1942 "with calculated tbsCertificate hash");
1947 if (hdr.payload + hdr.length < data + data_len) {
1948 wpa_hexdump(MSG_INFO,
1949 "X509: Extra data after certificate signature hash",
1950 hdr.payload + hdr.length,
1951 data + data_len - hdr.payload - hdr.length);
1958 wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
1959 "calculated tbsCertificate hash");
1965 static int x509_valid_issuer(const struct x509_certificate *cert)
1967 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1969 wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
1974 if (cert->version == X509_CERT_V3 &&
1975 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
1976 wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
1977 "include BasicConstraints extension");
1981 if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
1982 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
1983 wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
1984 "keyCertSign bit in Key Usage");
1993 * x509_certificate_chain_validate - Validate X.509 certificate chain
1994 * @trusted: List of trusted certificates
1995 * @chain: Certificate chain to be validated (first chain must be issued by
1996 * signed by the second certificate in the chain and so on)
1997 * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
1998 * Returns: 0 if chain is valid, -1 if not
2000 int x509_certificate_chain_validate(struct x509_certificate *trusted,
2001 struct x509_certificate *chain,
2002 int *reason, int disable_time_checks)
2005 int chain_trusted = 0;
2006 struct x509_certificate *cert, *trust;
2010 *reason = X509_VALIDATE_OK;
2012 wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
2015 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
2016 x509_name_string(&cert->subject, buf, sizeof(buf));
2017 wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
2022 if (!disable_time_checks &&
2023 ((unsigned long) now.sec <
2024 (unsigned long) cert->not_before ||
2025 (unsigned long) now.sec >
2026 (unsigned long) cert->not_after)) {
2027 wpa_printf(MSG_INFO, "X509: Certificate not valid "
2028 "(now=%lu not_before=%lu not_after=%lu)",
2029 now.sec, cert->not_before, cert->not_after);
2030 *reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
2035 if (x509_name_compare(&cert->issuer,
2036 &cert->next->subject) != 0) {
2037 wpa_printf(MSG_DEBUG, "X509: Certificate "
2038 "chain issuer name mismatch");
2039 x509_name_string(&cert->issuer, buf,
2041 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
2043 x509_name_string(&cert->next->subject, buf,
2045 wpa_printf(MSG_DEBUG, "X509: next cert "
2046 "subject: %s", buf);
2047 *reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
2051 if (x509_valid_issuer(cert->next) < 0) {
2052 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2056 if ((cert->next->extensions_present &
2057 X509_EXT_PATH_LEN_CONSTRAINT) &&
2058 idx > cert->next->path_len_constraint) {
2059 wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
2060 " not met (idx=%lu issuer "
2061 "pathLenConstraint=%lu)", idx,
2062 cert->next->path_len_constraint);
2063 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2067 if (x509_certificate_check_signature(cert->next, cert)
2069 wpa_printf(MSG_DEBUG, "X509: Invalid "
2070 "certificate signature within "
2072 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2077 for (trust = trusted; trust; trust = trust->next) {
2078 if (x509_name_compare(&cert->issuer, &trust->subject)
2084 wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
2085 "list of trusted certificates");
2086 if (x509_valid_issuer(trust) < 0) {
2087 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2091 if (x509_certificate_check_signature(trust, cert) < 0)
2093 wpa_printf(MSG_DEBUG, "X509: Invalid "
2094 "certificate signature");
2095 *reason = X509_VALIDATE_BAD_CERTIFICATE;
2099 wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
2100 "found to complete the chain");
2105 if (!chain_trusted) {
2106 wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
2107 "from the list of trusted certificates");
2109 *reason = X509_VALIDATE_UNKNOWN_CA;
2112 wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
2113 "disabled - ignore unknown CA issue");
2116 wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
2123 * x509_certificate_get_subject - Get a certificate based on Subject name
2124 * @chain: Certificate chain to search through
2125 * @name: Subject name to search for
2126 * Returns: Pointer to the certificate with the given Subject name or
2129 struct x509_certificate *
2130 x509_certificate_get_subject(struct x509_certificate *chain,
2131 struct x509_name *name)
2133 struct x509_certificate *cert;
2135 for (cert = chain; cert; cert = cert->next) {
2136 if (x509_name_compare(&cert->subject, name) == 0)
2144 * x509_certificate_self_signed - Is the certificate self-signed?
2145 * @cert: Certificate
2146 * Returns: 1 if certificate is self-signed, 0 if not
2148 int x509_certificate_self_signed(struct x509_certificate *cert)
2150 return x509_name_compare(&cert->issuer, &cert->subject) == 0;