1/*
2 * X.509v3 certificate parsing and processing (RFC 3280 profile)
3 * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "crypto/crypto.h"
13#include "asn1.h"
14#include "x509v3.h"
15
16
17void x509_free_name(struct x509_name *name)
18{
19	size_t i;
20
21	for (i = 0; i < name->num_attr; i++) {
22		os_free(name->attr[i].value);
23		name->attr[i].value = NULL;
24		name->attr[i].type = X509_NAME_ATTR_NOT_USED;
25	}
26	name->num_attr = 0;
27	os_free(name->email);
28	name->email = NULL;
29
30	os_free(name->alt_email);
31	os_free(name->dns);
32	os_free(name->uri);
33	os_free(name->ip);
34	name->alt_email = name->dns = name->uri = NULL;
35	name->ip = NULL;
36	name->ip_len = 0;
37	os_memset(&name->rid, 0, sizeof(name->rid));
38}
39
40
41/**
42 * x509_certificate_free - Free an X.509 certificate
43 * @cert: Certificate to be freed
44 */
45void x509_certificate_free(struct x509_certificate *cert)
46{
47	if (cert == NULL)
48		return;
49	if (cert->next) {
50		wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
51			   "was still on a list (next=%p)\n",
52			   cert, cert->next);
53	}
54	x509_free_name(&cert->issuer);
55	x509_free_name(&cert->subject);
56	os_free(cert->public_key);
57	os_free(cert->sign_value);
58	os_free(cert->subject_dn);
59	os_free(cert);
60}
61
62
63/**
64 * x509_certificate_free - Free an X.509 certificate chain
65 * @cert: Pointer to the first certificate in the chain
66 */
67void x509_certificate_chain_free(struct x509_certificate *cert)
68{
69	struct x509_certificate *next;
70
71	while (cert) {
72		next = cert->next;
73		cert->next = NULL;
74		x509_certificate_free(cert);
75		cert = next;
76	}
77}
78
79
80static int x509_whitespace(char c)
81{
82	return c == ' ' || c == '\t';
83}
84
85
86static void x509_str_strip_whitespace(char *a)
87{
88	char *ipos, *opos;
89	int remove_whitespace = 1;
90
91	ipos = opos = a;
92
93	while (*ipos) {
94		if (remove_whitespace && x509_whitespace(*ipos))
95			ipos++;
96		else {
97			remove_whitespace = x509_whitespace(*ipos);
98			*opos++ = *ipos++;
99		}
100	}
101
102	*opos-- = '\0';
103	if (opos > a && x509_whitespace(*opos))
104		*opos = '\0';
105}
106
107
108static int x509_str_compare(const char *a, const char *b)
109{
110	char *aa, *bb;
111	int ret;
112
113	if (!a && b)
114		return -1;
115	if (a && !b)
116		return 1;
117	if (!a && !b)
118		return 0;
119
120	aa = os_strdup(a);
121	bb = os_strdup(b);
122
123	if (aa == NULL || bb == NULL) {
124		os_free(aa);
125		os_free(bb);
126		return os_strcasecmp(a, b);
127	}
128
129	x509_str_strip_whitespace(aa);
130	x509_str_strip_whitespace(bb);
131
132	ret = os_strcasecmp(aa, bb);
133
134	os_free(aa);
135	os_free(bb);
136
137	return ret;
138}
139
140
141/**
142 * x509_name_compare - Compare X.509 certificate names
143 * @a: Certificate name
144 * @b: Certificate name
145 * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
146 * greater than b
147 */
148int x509_name_compare(struct x509_name *a, struct x509_name *b)
149{
150	int res;
151	size_t i;
152
153	if (!a && b)
154		return -1;
155	if (a && !b)
156		return 1;
157	if (!a && !b)
158		return 0;
159	if (a->num_attr < b->num_attr)
160		return -1;
161	if (a->num_attr > b->num_attr)
162		return 1;
163
164	for (i = 0; i < a->num_attr; i++) {
165		if (a->attr[i].type < b->attr[i].type)
166			return -1;
167		if (a->attr[i].type > b->attr[i].type)
168			return -1;
169		res = x509_str_compare(a->attr[i].value, b->attr[i].value);
170		if (res)
171			return res;
172	}
173	res = x509_str_compare(a->email, b->email);
174	if (res)
175		return res;
176
177	return 0;
178}
179
180
181int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
182				    struct x509_algorithm_identifier *id,
183				    const u8 **next)
184{
185	struct asn1_hdr hdr;
186	const u8 *pos, *end;
187
188	/*
189	 * AlgorithmIdentifier ::= SEQUENCE {
190	 *     algorithm            OBJECT IDENTIFIER,
191	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
192	 * }
193	 */
194
195	if (asn1_get_next(buf, len, &hdr) < 0 ||
196	    hdr.class != ASN1_CLASS_UNIVERSAL ||
197	    hdr.tag != ASN1_TAG_SEQUENCE) {
198		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
199			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
200			   hdr.class, hdr.tag);
201		return -1;
202	}
203	if (hdr.length > buf + len - hdr.payload)
204		return -1;
205	pos = hdr.payload;
206	end = pos + hdr.length;
207
208	*next = end;
209
210	if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
211		return -1;
212
213	/* TODO: optional parameters */
214
215	return 0;
216}
217
218
219static int x509_parse_public_key(const u8 *buf, size_t len,
220				 struct x509_certificate *cert,
221				 const u8 **next)
222{
223	struct asn1_hdr hdr;
224	const u8 *pos, *end;
225
226	/*
227	 * SubjectPublicKeyInfo ::= SEQUENCE {
228	 *     algorithm            AlgorithmIdentifier,
229	 *     subjectPublicKey     BIT STRING
230	 * }
231	 */
232
233	pos = buf;
234	end = buf + len;
235
236	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
237	    hdr.class != ASN1_CLASS_UNIVERSAL ||
238	    hdr.tag != ASN1_TAG_SEQUENCE) {
239		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
240			   "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
241			   hdr.class, hdr.tag);
242		return -1;
243	}
244	pos = hdr.payload;
245
246	if (hdr.length > end - pos)
247		return -1;
248	end = pos + hdr.length;
249	*next = end;
250
251	if (x509_parse_algorithm_identifier(pos, end - pos,
252					    &cert->public_key_alg, &pos))
253		return -1;
254
255	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
256	    hdr.class != ASN1_CLASS_UNIVERSAL ||
257	    hdr.tag != ASN1_TAG_BITSTRING) {
258		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
259			   "(subjectPublicKey) - found class %d tag 0x%x",
260			   hdr.class, hdr.tag);
261		return -1;
262	}
263	if (hdr.length < 1)
264		return -1;
265	pos = hdr.payload;
266	if (*pos) {
267		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
268			   *pos);
269		/*
270		 * TODO: should this be rejected? X.509 certificates are
271		 * unlikely to use such a construction. Now we would end up
272		 * including the extra bits in the buffer which may also be
273		 * ok.
274		 */
275	}
276	os_free(cert->public_key);
277	cert->public_key = os_malloc(hdr.length - 1);
278	if (cert->public_key == NULL) {
279		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
280			   "public key");
281		return -1;
282	}
283	os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
284	cert->public_key_len = hdr.length - 1;
285	wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
286		    cert->public_key, cert->public_key_len);
287
288	return 0;
289}
290
291
292int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
293		    const u8 **next)
294{
295	struct asn1_hdr hdr;
296	const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
297	struct asn1_oid oid;
298	char *val;
299
300	/*
301	 * Name ::= CHOICE { RDNSequence }
302	 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
303	 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
304	 * AttributeTypeAndValue ::= SEQUENCE {
305	 *     type     AttributeType,
306	 *     value    AttributeValue
307	 * }
308	 * AttributeType ::= OBJECT IDENTIFIER
309	 * AttributeValue ::= ANY DEFINED BY AttributeType
310	 */
311
312	if (asn1_get_next(buf, len, &hdr) < 0 ||
313	    hdr.class != ASN1_CLASS_UNIVERSAL ||
314	    hdr.tag != ASN1_TAG_SEQUENCE) {
315		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
316			   "(Name / RDNSequencer) - found class %d tag 0x%x",
317			   hdr.class, hdr.tag);
318		return -1;
319	}
320	pos = hdr.payload;
321
322	if (hdr.length > buf + len - pos)
323		return -1;
324
325	end = *next = pos + hdr.length;
326
327	while (pos < end) {
328		enum x509_name_attr_type type;
329
330		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
331		    hdr.class != ASN1_CLASS_UNIVERSAL ||
332		    hdr.tag != ASN1_TAG_SET) {
333			wpa_printf(MSG_DEBUG, "X509: Expected SET "
334				   "(RelativeDistinguishedName) - found class "
335				   "%d tag 0x%x", hdr.class, hdr.tag);
336			x509_free_name(name);
337			return -1;
338		}
339
340		set_pos = hdr.payload;
341		pos = set_end = hdr.payload + hdr.length;
342
343		if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
344		    hdr.class != ASN1_CLASS_UNIVERSAL ||
345		    hdr.tag != ASN1_TAG_SEQUENCE) {
346			wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
347				   "(AttributeTypeAndValue) - found class %d "
348				   "tag 0x%x", hdr.class, hdr.tag);
349			x509_free_name(name);
350			return -1;
351		}
352
353		seq_pos = hdr.payload;
354		seq_end = hdr.payload + hdr.length;
355
356		if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
357			x509_free_name(name);
358			return -1;
359		}
360
361		if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
362		    hdr.class != ASN1_CLASS_UNIVERSAL) {
363			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
364				   "AttributeValue");
365			x509_free_name(name);
366			return -1;
367		}
368
369		/* RFC 3280:
370		 * MUST: country, organization, organizational-unit,
371		 * distinguished name qualifier, state or province name,
372		 * common name, serial number.
373		 * SHOULD: locality, title, surname, given name, initials,
374		 * pseudonym, generation qualifier.
375		 * MUST: domainComponent (RFC 2247).
376		 */
377		type = X509_NAME_ATTR_NOT_USED;
378		if (oid.len == 4 &&
379		    oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
380			/* id-at ::= 2.5.4 */
381			switch (oid.oid[3]) {
382			case 3:
383				/* commonName */
384				type = X509_NAME_ATTR_CN;
385				break;
386			case 6:
387				/*  countryName */
388				type = X509_NAME_ATTR_C;
389				break;
390			case 7:
391				/* localityName */
392				type = X509_NAME_ATTR_L;
393				break;
394			case 8:
395				/* stateOrProvinceName */
396				type = X509_NAME_ATTR_ST;
397				break;
398			case 10:
399				/* organizationName */
400				type = X509_NAME_ATTR_O;
401				break;
402			case 11:
403				/* organizationalUnitName */
404				type = X509_NAME_ATTR_OU;
405				break;
406			}
407		} else if (oid.len == 7 &&
408			   oid.oid[0] == 1 && oid.oid[1] == 2 &&
409			   oid.oid[2] == 840 && oid.oid[3] == 113549 &&
410			   oid.oid[4] == 1 && oid.oid[5] == 9 &&
411			   oid.oid[6] == 1) {
412			/* 1.2.840.113549.1.9.1 - e-mailAddress */
413			os_free(name->email);
414			name->email = os_malloc(hdr.length + 1);
415			if (name->email == NULL) {
416				x509_free_name(name);
417				return -1;
418			}
419			os_memcpy(name->email, hdr.payload, hdr.length);
420			name->email[hdr.length] = '\0';
421			continue;
422		} else if (oid.len == 7 &&
423			   oid.oid[0] == 0 && oid.oid[1] == 9 &&
424			   oid.oid[2] == 2342 && oid.oid[3] == 19200300 &&
425			   oid.oid[4] == 100 && oid.oid[5] == 1 &&
426			   oid.oid[6] == 25) {
427			/* 0.9.2342.19200300.100.1.25 - domainComponent */
428			type = X509_NAME_ATTR_DC;
429		}
430
431		if (type == X509_NAME_ATTR_NOT_USED) {
432			wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
433				    (u8 *) oid.oid,
434				    oid.len * sizeof(oid.oid[0]));
435			wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
436					  hdr.payload, hdr.length);
437			continue;
438		}
439
440		if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) {
441			wpa_printf(MSG_INFO, "X509: Too many Name attributes");
442			x509_free_name(name);
443			return -1;
444		}
445
446		val = dup_binstr(hdr.payload, hdr.length);
447		if (val == NULL) {
448			x509_free_name(name);
449			return -1;
450		}
451		if (os_strlen(val) != hdr.length) {
452			wpa_printf(MSG_INFO, "X509: Reject certificate with "
453				   "embedded NUL byte in a string (%s[NUL])",
454				   val);
455			os_free(val);
456			x509_free_name(name);
457			return -1;
458		}
459
460		name->attr[name->num_attr].type = type;
461		name->attr[name->num_attr].value = val;
462		name->num_attr++;
463	}
464
465	return 0;
466}
467
468
469static char * x509_name_attr_str(enum x509_name_attr_type type)
470{
471	switch (type) {
472	case X509_NAME_ATTR_NOT_USED:
473		return "[N/A]";
474	case X509_NAME_ATTR_DC:
475		return "DC";
476	case X509_NAME_ATTR_CN:
477		return "CN";
478	case X509_NAME_ATTR_C:
479		return "C";
480	case X509_NAME_ATTR_L:
481		return "L";
482	case X509_NAME_ATTR_ST:
483		return "ST";
484	case X509_NAME_ATTR_O:
485		return "O";
486	case X509_NAME_ATTR_OU:
487		return "OU";
488	}
489	return "?";
490}
491
492
493/**
494 * x509_name_string - Convert an X.509 certificate name into a string
495 * @name: Name to convert
496 * @buf: Buffer for the string
497 * @len: Maximum buffer length
498 */
499void x509_name_string(struct x509_name *name, char *buf, size_t len)
500{
501	char *pos, *end;
502	int ret;
503	size_t i;
504
505	if (len == 0)
506		return;
507
508	pos = buf;
509	end = buf + len;
510
511	for (i = 0; i < name->num_attr; i++) {
512		ret = os_snprintf(pos, end - pos, "%s=%s, ",
513				  x509_name_attr_str(name->attr[i].type),
514				  name->attr[i].value);
515		if (os_snprintf_error(end - pos, ret))
516			goto done;
517		pos += ret;
518	}
519
520	if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
521		pos--;
522		*pos = '\0';
523		pos--;
524		*pos = '\0';
525	}
526
527	if (name->email) {
528		ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
529				  name->email);
530		if (os_snprintf_error(end - pos, ret))
531			goto done;
532		pos += ret;
533	}
534
535done:
536	end[-1] = '\0';
537}
538
539
540int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val)
541{
542	const char *pos;
543	int year, month, day, hour, min, sec;
544
545	/*
546	 * Time ::= CHOICE {
547	 *     utcTime        UTCTime,
548	 *     generalTime    GeneralizedTime
549	 * }
550	 *
551	 * UTCTime: YYMMDDHHMMSSZ
552	 * GeneralizedTime: YYYYMMDDHHMMSSZ
553	 */
554
555	pos = (const char *) buf;
556
557	switch (asn1_tag) {
558	case ASN1_TAG_UTCTIME:
559		if (len != 13 || buf[12] != 'Z') {
560			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
561					  "UTCTime format", buf, len);
562			return -1;
563		}
564		if (sscanf(pos, "%02d", &year) != 1) {
565			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
566					  "UTCTime year", buf, len);
567			return -1;
568		}
569		if (year < 50)
570			year += 2000;
571		else
572			year += 1900;
573		pos += 2;
574		break;
575	case ASN1_TAG_GENERALIZEDTIME:
576		if (len != 15 || buf[14] != 'Z') {
577			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
578					  "GeneralizedTime format", buf, len);
579			return -1;
580		}
581		if (sscanf(pos, "%04d", &year) != 1) {
582			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
583					  "GeneralizedTime year", buf, len);
584			return -1;
585		}
586		pos += 4;
587		break;
588	default:
589		wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
590			   "GeneralizedTime - found tag 0x%x", asn1_tag);
591		return -1;
592	}
593
594	if (sscanf(pos, "%02d", &month) != 1) {
595		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
596				  "(month)", buf, len);
597		return -1;
598	}
599	pos += 2;
600
601	if (sscanf(pos, "%02d", &day) != 1) {
602		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
603				  "(day)", buf, len);
604		return -1;
605	}
606	pos += 2;
607
608	if (sscanf(pos, "%02d", &hour) != 1) {
609		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
610				  "(hour)", buf, len);
611		return -1;
612	}
613	pos += 2;
614
615	if (sscanf(pos, "%02d", &min) != 1) {
616		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
617				  "(min)", buf, len);
618		return -1;
619	}
620	pos += 2;
621
622	if (sscanf(pos, "%02d", &sec) != 1) {
623		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
624				  "(sec)", buf, len);
625		return -1;
626	}
627
628	if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
629		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
630				  buf, len);
631		if (year < 1970) {
632			/*
633			 * At least some test certificates have been configured
634			 * to use dates prior to 1970. Set the date to
635			 * beginning of 1970 to handle these case.
636			 */
637			wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
638				   "assume epoch as the time", year);
639			*val = 0;
640			return 0;
641		}
642		return -1;
643	}
644
645	return 0;
646}
647
648
649static int x509_parse_validity(const u8 *buf, size_t len,
650			       struct x509_certificate *cert, const u8 **next)
651{
652	struct asn1_hdr hdr;
653	const u8 *pos;
654	size_t plen;
655
656	/*
657	 * Validity ::= SEQUENCE {
658	 *     notBefore      Time,
659	 *     notAfter       Time
660	 * }
661	 *
662	 * RFC 3280, 4.1.2.5:
663	 * CAs conforming to this profile MUST always encode certificate
664	 * validity dates through the year 2049 as UTCTime; certificate
665	 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
666	 */
667
668	if (asn1_get_next(buf, len, &hdr) < 0 ||
669	    hdr.class != ASN1_CLASS_UNIVERSAL ||
670	    hdr.tag != ASN1_TAG_SEQUENCE) {
671		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
672			   "(Validity) - found class %d tag 0x%x",
673			   hdr.class, hdr.tag);
674		return -1;
675	}
676	pos = hdr.payload;
677	plen = hdr.length;
678
679	if (plen > (size_t) (buf + len - pos))
680		return -1;
681
682	*next = pos + plen;
683
684	if (asn1_get_next(pos, plen, &hdr) < 0 ||
685	    hdr.class != ASN1_CLASS_UNIVERSAL ||
686	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
687			    &cert->not_before) < 0) {
688		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
689				  "Time", hdr.payload, hdr.length);
690		return -1;
691	}
692
693	pos = hdr.payload + hdr.length;
694	plen = *next - pos;
695
696	if (asn1_get_next(pos, plen, &hdr) < 0 ||
697	    hdr.class != ASN1_CLASS_UNIVERSAL ||
698	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
699			    &cert->not_after) < 0) {
700		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
701				  "Time", hdr.payload, hdr.length);
702		return -1;
703	}
704
705	wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
706		   (unsigned long) cert->not_before,
707		   (unsigned long) cert->not_after);
708
709	return 0;
710}
711
712
713static int x509_id_ce_oid(struct asn1_oid *oid)
714{
715	/* id-ce arc from X.509 for standard X.509v3 extensions */
716	return oid->len >= 4 &&
717		oid->oid[0] == 2 /* joint-iso-ccitt */ &&
718		oid->oid[1] == 5 /* ds */ &&
719		oid->oid[2] == 29 /* id-ce */;
720}
721
722
723static int x509_any_ext_key_usage_oid(struct asn1_oid *oid)
724{
725	return oid->len == 6 &&
726		x509_id_ce_oid(oid) &&
727		oid->oid[3] == 37 /* extKeyUsage */ &&
728		oid->oid[4] == 0 /* anyExtendedKeyUsage */;
729}
730
731
732static int x509_parse_ext_key_usage(struct x509_certificate *cert,
733				    const u8 *pos, size_t len)
734{
735	struct asn1_hdr hdr;
736
737	/*
738	 * KeyUsage ::= BIT STRING {
739	 *     digitalSignature        (0),
740	 *     nonRepudiation          (1),
741	 *     keyEncipherment         (2),
742	 *     dataEncipherment        (3),
743	 *     keyAgreement            (4),
744	 *     keyCertSign             (5),
745	 *     cRLSign                 (6),
746	 *     encipherOnly            (7),
747	 *     decipherOnly            (8) }
748	 */
749
750	if (asn1_get_next(pos, len, &hdr) < 0 ||
751	    hdr.class != ASN1_CLASS_UNIVERSAL ||
752	    hdr.tag != ASN1_TAG_BITSTRING ||
753	    hdr.length < 1) {
754		wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
755			   "KeyUsage; found %d tag 0x%x len %d",
756			   hdr.class, hdr.tag, hdr.length);
757		return -1;
758	}
759
760	cert->extensions_present |= X509_EXT_KEY_USAGE;
761	cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
762
763	wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
764
765	return 0;
766}
767
768
769static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
770					    const u8 *pos, size_t len)
771{
772	struct asn1_hdr hdr;
773	unsigned long value;
774	size_t left;
775
776	/*
777	 * BasicConstraints ::= SEQUENCE {
778	 * cA                      BOOLEAN DEFAULT FALSE,
779	 * pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
780	 */
781
782	if (asn1_get_next(pos, len, &hdr) < 0 ||
783	    hdr.class != ASN1_CLASS_UNIVERSAL ||
784	    hdr.tag != ASN1_TAG_SEQUENCE) {
785		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
786			   "BasicConstraints; found %d tag 0x%x",
787			   hdr.class, hdr.tag);
788		return -1;
789	}
790
791	cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
792
793	if (hdr.length == 0)
794		return 0;
795
796	if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
797	    hdr.class != ASN1_CLASS_UNIVERSAL) {
798		wpa_printf(MSG_DEBUG, "X509: Failed to parse "
799			   "BasicConstraints");
800		return -1;
801	}
802
803	if (hdr.tag == ASN1_TAG_BOOLEAN) {
804		if (hdr.length != 1) {
805			wpa_printf(MSG_DEBUG, "X509: Unexpected "
806				   "Boolean length (%u) in BasicConstraints",
807				   hdr.length);
808			return -1;
809		}
810		cert->ca = hdr.payload[0];
811
812		if (hdr.length == pos + len - hdr.payload) {
813			wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
814				   cert->ca);
815			return 0;
816		}
817
818		if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
819				  &hdr) < 0 ||
820		    hdr.class != ASN1_CLASS_UNIVERSAL) {
821			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
822				   "BasicConstraints");
823			return -1;
824		}
825	}
826
827	if (hdr.tag != ASN1_TAG_INTEGER) {
828		wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
829			   "BasicConstraints; found class %d tag 0x%x",
830			   hdr.class, hdr.tag);
831		return -1;
832	}
833
834	pos = hdr.payload;
835	left = hdr.length;
836	value = 0;
837	while (left) {
838		value <<= 8;
839		value |= *pos++;
840		left--;
841	}
842
843	cert->path_len_constraint = value;
844	cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
845
846	wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
847		   "pathLenConstraint=%lu",
848		   cert->ca, cert->path_len_constraint);
849
850	return 0;
851}
852
853
854static int x509_parse_alt_name_rfc8222(struct x509_name *name,
855				       const u8 *pos, size_t len)
856{
857	/* rfc822Name IA5String */
858	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
859	os_free(name->alt_email);
860	name->alt_email = os_zalloc(len + 1);
861	if (name->alt_email == NULL)
862		return -1;
863	os_memcpy(name->alt_email, pos, len);
864	if (os_strlen(name->alt_email) != len) {
865		wpa_printf(MSG_INFO, "X509: Reject certificate with "
866			   "embedded NUL byte in rfc822Name (%s[NUL])",
867			   name->alt_email);
868		os_free(name->alt_email);
869		name->alt_email = NULL;
870		return -1;
871	}
872	return 0;
873}
874
875
876static int x509_parse_alt_name_dns(struct x509_name *name,
877				   const u8 *pos, size_t len)
878{
879	/* dNSName IA5String */
880	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
881	os_free(name->dns);
882	name->dns = os_zalloc(len + 1);
883	if (name->dns == NULL)
884		return -1;
885	os_memcpy(name->dns, pos, len);
886	if (os_strlen(name->dns) != len) {
887		wpa_printf(MSG_INFO, "X509: Reject certificate with "
888			   "embedded NUL byte in dNSName (%s[NUL])",
889			   name->dns);
890		os_free(name->dns);
891		name->dns = NULL;
892		return -1;
893	}
894	return 0;
895}
896
897
898static int x509_parse_alt_name_uri(struct x509_name *name,
899				   const u8 *pos, size_t len)
900{
901	/* uniformResourceIdentifier IA5String */
902	wpa_hexdump_ascii(MSG_MSGDUMP,
903			  "X509: altName - uniformResourceIdentifier",
904			  pos, len);
905	os_free(name->uri);
906	name->uri = os_zalloc(len + 1);
907	if (name->uri == NULL)
908		return -1;
909	os_memcpy(name->uri, pos, len);
910	if (os_strlen(name->uri) != len) {
911		wpa_printf(MSG_INFO, "X509: Reject certificate with "
912			   "embedded NUL byte in uniformResourceIdentifier "
913			   "(%s[NUL])", name->uri);
914		os_free(name->uri);
915		name->uri = NULL;
916		return -1;
917	}
918	return 0;
919}
920
921
922static int x509_parse_alt_name_ip(struct x509_name *name,
923				       const u8 *pos, size_t len)
924{
925	/* iPAddress OCTET STRING */
926	wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
927	os_free(name->ip);
928	name->ip = os_malloc(len);
929	if (name->ip == NULL)
930		return -1;
931	os_memcpy(name->ip, pos, len);
932	name->ip_len = len;
933	return 0;
934}
935
936
937static int x509_parse_alt_name_rid(struct x509_name *name,
938				   const u8 *pos, size_t len)
939{
940	char buf[80];
941
942	/* registeredID OBJECT IDENTIFIER */
943	if (asn1_parse_oid(pos, len, &name->rid) < 0)
944		return -1;
945
946	asn1_oid_to_str(&name->rid, buf, sizeof(buf));
947	wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
948
949	return 0;
950}
951
952
953static int x509_parse_ext_alt_name(struct x509_name *name,
954				   const u8 *pos, size_t len)
955{
956	struct asn1_hdr hdr;
957	const u8 *p, *end;
958
959	/*
960	 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
961	 *
962	 * GeneralName ::= CHOICE {
963	 *     otherName                       [0]     OtherName,
964	 *     rfc822Name                      [1]     IA5String,
965	 *     dNSName                         [2]     IA5String,
966	 *     x400Address                     [3]     ORAddress,
967	 *     directoryName                   [4]     Name,
968	 *     ediPartyName                    [5]     EDIPartyName,
969	 *     uniformResourceIdentifier       [6]     IA5String,
970	 *     iPAddress                       [7]     OCTET STRING,
971	 *     registeredID                    [8]     OBJECT IDENTIFIER }
972	 *
973	 * OtherName ::= SEQUENCE {
974	 *     type-id    OBJECT IDENTIFIER,
975	 *     value      [0] EXPLICIT ANY DEFINED BY type-id }
976	 *
977	 * EDIPartyName ::= SEQUENCE {
978	 *     nameAssigner            [0]     DirectoryString OPTIONAL,
979	 *     partyName               [1]     DirectoryString }
980	 */
981
982	for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
983		int res;
984
985		if (asn1_get_next(p, end - p, &hdr) < 0) {
986			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
987				   "SubjectAltName item");
988			return -1;
989		}
990
991		if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
992			continue;
993
994		switch (hdr.tag) {
995		case 1:
996			res = x509_parse_alt_name_rfc8222(name, hdr.payload,
997							  hdr.length);
998			break;
999		case 2:
1000			res = x509_parse_alt_name_dns(name, hdr.payload,
1001						      hdr.length);
1002			break;
1003		case 6:
1004			res = x509_parse_alt_name_uri(name, hdr.payload,
1005						      hdr.length);
1006			break;
1007		case 7:
1008			res = x509_parse_alt_name_ip(name, hdr.payload,
1009						     hdr.length);
1010			break;
1011		case 8:
1012			res = x509_parse_alt_name_rid(name, hdr.payload,
1013						      hdr.length);
1014			break;
1015		case 0: /* TODO: otherName */
1016		case 3: /* TODO: x500Address */
1017		case 4: /* TODO: directoryName */
1018		case 5: /* TODO: ediPartyName */
1019		default:
1020			res = 0;
1021			break;
1022		}
1023		if (res < 0)
1024			return res;
1025	}
1026
1027	return 0;
1028}
1029
1030
1031static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1032					   const u8 *pos, size_t len)
1033{
1034	struct asn1_hdr hdr;
1035
1036	/* SubjectAltName ::= GeneralNames */
1037
1038	if (asn1_get_next(pos, len, &hdr) < 0 ||
1039	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1040	    hdr.tag != ASN1_TAG_SEQUENCE) {
1041		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1042			   "SubjectAltName; found %d tag 0x%x",
1043			   hdr.class, hdr.tag);
1044		return -1;
1045	}
1046
1047	wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
1048	cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1049
1050	if (hdr.length == 0)
1051		return 0;
1052
1053	return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1054				       hdr.length);
1055}
1056
1057
1058static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1059					  const u8 *pos, size_t len)
1060{
1061	struct asn1_hdr hdr;
1062
1063	/* IssuerAltName ::= GeneralNames */
1064
1065	if (asn1_get_next(pos, len, &hdr) < 0 ||
1066	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1067	    hdr.tag != ASN1_TAG_SEQUENCE) {
1068		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1069			   "IssuerAltName; found %d tag 0x%x",
1070			   hdr.class, hdr.tag);
1071		return -1;
1072	}
1073
1074	wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
1075	cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1076
1077	if (hdr.length == 0)
1078		return 0;
1079
1080	return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1081				       hdr.length);
1082}
1083
1084
1085static int x509_id_pkix_oid(struct asn1_oid *oid)
1086{
1087	return oid->len >= 7 &&
1088		oid->oid[0] == 1 /* iso */ &&
1089		oid->oid[1] == 3 /* identified-organization */ &&
1090		oid->oid[2] == 6 /* dod */ &&
1091		oid->oid[3] == 1 /* internet */ &&
1092		oid->oid[4] == 5 /* security */ &&
1093		oid->oid[5] == 5 /* mechanisms */ &&
1094		oid->oid[6] == 7 /* id-pkix */;
1095}
1096
1097
1098static int x509_id_kp_oid(struct asn1_oid *oid)
1099{
1100	/* id-kp */
1101	return oid->len >= 8 &&
1102		x509_id_pkix_oid(oid) &&
1103		oid->oid[7] == 3 /* id-kp */;
1104}
1105
1106
1107static int x509_id_kp_server_auth_oid(struct asn1_oid *oid)
1108{
1109	/* id-kp */
1110	return oid->len == 9 &&
1111		x509_id_kp_oid(oid) &&
1112		oid->oid[8] == 1 /* id-kp-serverAuth */;
1113}
1114
1115
1116static int x509_id_kp_client_auth_oid(struct asn1_oid *oid)
1117{
1118	/* id-kp */
1119	return oid->len == 9 &&
1120		x509_id_kp_oid(oid) &&
1121		oid->oid[8] == 2 /* id-kp-clientAuth */;
1122}
1123
1124
1125static int x509_id_kp_ocsp_oid(struct asn1_oid *oid)
1126{
1127	/* id-kp */
1128	return oid->len == 9 &&
1129		x509_id_kp_oid(oid) &&
1130		oid->oid[8] == 9 /* id-kp-OCSPSigning */;
1131}
1132
1133
1134static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
1135					const u8 *pos, size_t len)
1136{
1137	struct asn1_hdr hdr;
1138	const u8 *end;
1139	struct asn1_oid oid;
1140
1141	/*
1142	 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
1143	 *
1144	 * KeyPurposeId ::= OBJECT IDENTIFIER
1145	 */
1146
1147	if (asn1_get_next(pos, len, &hdr) < 0 ||
1148	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1149	    hdr.tag != ASN1_TAG_SEQUENCE) {
1150		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1151			   "(ExtKeyUsageSyntax) - found class %d tag 0x%x",
1152			   hdr.class, hdr.tag);
1153		return -1;
1154	}
1155	if (hdr.length > pos + len - hdr.payload)
1156		return -1;
1157	pos = hdr.payload;
1158	end = pos + hdr.length;
1159
1160	wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos);
1161
1162	while (pos < end) {
1163		char buf[80];
1164
1165		if (asn1_get_oid(pos, end - pos, &oid, &pos))
1166			return -1;
1167		if (x509_any_ext_key_usage_oid(&oid)) {
1168			os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf));
1169			cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY;
1170		} else if (x509_id_kp_server_auth_oid(&oid)) {
1171			os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf));
1172			cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH;
1173		} else if (x509_id_kp_client_auth_oid(&oid)) {
1174			os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf));
1175			cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
1176		} else if (x509_id_kp_ocsp_oid(&oid)) {
1177			os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf));
1178			cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP;
1179		} else {
1180			asn1_oid_to_str(&oid, buf, sizeof(buf));
1181		}
1182		wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf);
1183	}
1184
1185	cert->extensions_present |= X509_EXT_EXT_KEY_USAGE;
1186
1187	return 0;
1188}
1189
1190
1191static int x509_parse_extension_data(struct x509_certificate *cert,
1192				     struct asn1_oid *oid,
1193				     const u8 *pos, size_t len)
1194{
1195	if (!x509_id_ce_oid(oid))
1196		return 1;
1197
1198	/* TODO: add other extensions required by RFC 3280, Ch 4.2:
1199	 * certificate policies (section 4.2.1.5)
1200	 * name constraints (section 4.2.1.11)
1201	 * policy constraints (section 4.2.1.12)
1202	 * inhibit any-policy (section 4.2.1.15)
1203	 */
1204	switch (oid->oid[3]) {
1205	case 15: /* id-ce-keyUsage */
1206		return x509_parse_ext_key_usage(cert, pos, len);
1207	case 17: /* id-ce-subjectAltName */
1208		return x509_parse_ext_subject_alt_name(cert, pos, len);
1209	case 18: /* id-ce-issuerAltName */
1210		return x509_parse_ext_issuer_alt_name(cert, pos, len);
1211	case 19: /* id-ce-basicConstraints */
1212		return x509_parse_ext_basic_constraints(cert, pos, len);
1213	case 37: /* id-ce-extKeyUsage */
1214		return x509_parse_ext_ext_key_usage(cert, pos, len);
1215	default:
1216		return 1;
1217	}
1218}
1219
1220
1221static int x509_parse_extension(struct x509_certificate *cert,
1222				const u8 *pos, size_t len, const u8 **next)
1223{
1224	const u8 *end;
1225	struct asn1_hdr hdr;
1226	struct asn1_oid oid;
1227	int critical_ext = 0, res;
1228	char buf[80];
1229
1230	/*
1231	 * Extension  ::=  SEQUENCE  {
1232	 *     extnID      OBJECT IDENTIFIER,
1233	 *     critical    BOOLEAN DEFAULT FALSE,
1234	 *     extnValue   OCTET STRING
1235	 * }
1236	 */
1237
1238	if (asn1_get_next(pos, len, &hdr) < 0 ||
1239	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1240	    hdr.tag != ASN1_TAG_SEQUENCE) {
1241		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1242			   "Extensions: class %d tag 0x%x; expected SEQUENCE",
1243			   hdr.class, hdr.tag);
1244		return -1;
1245	}
1246	pos = hdr.payload;
1247	*next = end = pos + hdr.length;
1248
1249	if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
1250		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
1251			   "Extension (expected OID)");
1252		return -1;
1253	}
1254
1255	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1256	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1257	    (hdr.tag != ASN1_TAG_BOOLEAN &&
1258	     hdr.tag != ASN1_TAG_OCTETSTRING)) {
1259		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1260			   "Extensions: class %d tag 0x%x; expected BOOLEAN "
1261			   "or OCTET STRING", hdr.class, hdr.tag);
1262		return -1;
1263	}
1264
1265	if (hdr.tag == ASN1_TAG_BOOLEAN) {
1266		if (hdr.length != 1) {
1267			wpa_printf(MSG_DEBUG, "X509: Unexpected "
1268				   "Boolean length (%u)", hdr.length);
1269			return -1;
1270		}
1271		critical_ext = hdr.payload[0];
1272		pos = hdr.payload;
1273		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1274		    (hdr.class != ASN1_CLASS_UNIVERSAL &&
1275		     hdr.class != ASN1_CLASS_PRIVATE) ||
1276		    hdr.tag != ASN1_TAG_OCTETSTRING) {
1277			wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
1278				   "in Extensions: class %d tag 0x%x; "
1279				   "expected OCTET STRING",
1280				   hdr.class, hdr.tag);
1281			return -1;
1282		}
1283	}
1284
1285	asn1_oid_to_str(&oid, buf, sizeof(buf));
1286	wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
1287		   buf, critical_ext);
1288	wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
1289
1290	res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1291	if (res < 0)
1292		return res;
1293	if (res == 1 && critical_ext) {
1294		wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
1295			   buf);
1296		return -1;
1297	}
1298
1299	return 0;
1300}
1301
1302
1303static int x509_parse_extensions(struct x509_certificate *cert,
1304				 const u8 *pos, size_t len)
1305{
1306	const u8 *end;
1307	struct asn1_hdr hdr;
1308
1309	/* Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension */
1310
1311	if (asn1_get_next(pos, len, &hdr) < 0 ||
1312	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1313	    hdr.tag != ASN1_TAG_SEQUENCE) {
1314		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
1315			   "for Extensions: class %d tag 0x%x; "
1316			   "expected SEQUENCE", hdr.class, hdr.tag);
1317		return -1;
1318	}
1319
1320	pos = hdr.payload;
1321	end = pos + hdr.length;
1322
1323	while (pos < end) {
1324		if (x509_parse_extension(cert, pos, end - pos, &pos)
1325		    < 0)
1326			return -1;
1327	}
1328
1329	return 0;
1330}
1331
1332
1333static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
1334				      struct x509_certificate *cert,
1335				      const u8 **next)
1336{
1337	struct asn1_hdr hdr;
1338	const u8 *pos, *end;
1339	size_t left;
1340	char sbuf[128];
1341	unsigned long value;
1342	const u8 *subject_dn;
1343
1344	/* tbsCertificate TBSCertificate ::= SEQUENCE */
1345	if (asn1_get_next(buf, len, &hdr) < 0 ||
1346	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1347	    hdr.tag != ASN1_TAG_SEQUENCE) {
1348		wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
1349			   "with a valid SEQUENCE - found class %d tag 0x%x",
1350			   hdr.class, hdr.tag);
1351		return -1;
1352	}
1353	pos = hdr.payload;
1354	end = *next = pos + hdr.length;
1355
1356	/*
1357	 * version [0]  EXPLICIT Version DEFAULT v1
1358	 * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
1359	 */
1360	if (asn1_get_next(pos, end - pos, &hdr) < 0)
1361		return -1;
1362	pos = hdr.payload;
1363
1364	if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
1365		if (asn1_get_next(pos, end - pos, &hdr) < 0)
1366			return -1;
1367
1368		if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1369		    hdr.tag != ASN1_TAG_INTEGER) {
1370			wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1371				   "version field - found class %d tag 0x%x",
1372				   hdr.class, hdr.tag);
1373			return -1;
1374		}
1375		if (hdr.length != 1) {
1376			wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
1377				   "length %u (expected 1)", hdr.length);
1378			return -1;
1379		}
1380		pos = hdr.payload;
1381		left = hdr.length;
1382		value = 0;
1383		while (left) {
1384			value <<= 8;
1385			value |= *pos++;
1386			left--;
1387		}
1388
1389		cert->version = value;
1390		if (cert->version != X509_CERT_V1 &&
1391		    cert->version != X509_CERT_V2 &&
1392		    cert->version != X509_CERT_V3) {
1393			wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
1394				   cert->version + 1);
1395			return -1;
1396		}
1397
1398		if (asn1_get_next(pos, end - pos, &hdr) < 0)
1399			return -1;
1400	} else
1401		cert->version = X509_CERT_V1;
1402	wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1403
1404	/* serialNumber CertificateSerialNumber ::= INTEGER */
1405	if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1406	    hdr.tag != ASN1_TAG_INTEGER ||
1407	    hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) {
1408		wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1409			   "serialNumber; class=%d tag=0x%x length=%u",
1410			   hdr.class, hdr.tag, hdr.length);
1411		return -1;
1412	}
1413
1414	pos = hdr.payload + hdr.length;
1415	while (hdr.length > 0 && hdr.payload[0] == 0) {
1416		hdr.payload++;
1417		hdr.length--;
1418	}
1419	os_memcpy(cert->serial_number, hdr.payload, hdr.length);
1420	cert->serial_number_len = hdr.length;
1421	wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number,
1422		    cert->serial_number_len);
1423
1424	/* signature AlgorithmIdentifier */
1425	if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1426					    &pos))
1427		return -1;
1428
1429	/* issuer Name */
1430	if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1431		return -1;
1432	x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1433	wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
1434
1435	/* validity Validity */
1436	if (x509_parse_validity(pos, end - pos, cert, &pos))
1437		return -1;
1438
1439	/* subject Name */
1440	subject_dn = pos;
1441	if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1442		return -1;
1443	cert->subject_dn = os_malloc(pos - subject_dn);
1444	if (!cert->subject_dn)
1445		return -1;
1446	cert->subject_dn_len = pos - subject_dn;
1447	os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
1448	x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1449	wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
1450
1451	/* subjectPublicKeyInfo SubjectPublicKeyInfo */
1452	if (x509_parse_public_key(pos, end - pos, cert, &pos))
1453		return -1;
1454
1455	if (pos == end)
1456		return 0;
1457
1458	if (cert->version == X509_CERT_V1)
1459		return 0;
1460
1461	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1462	    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1463		wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1464			   " tag to parse optional tbsCertificate "
1465			   "field(s); parsed class %d tag 0x%x",
1466			   hdr.class, hdr.tag);
1467		return -1;
1468	}
1469
1470	if (hdr.tag == 1) {
1471		/* issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL */
1472		wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
1473		/* TODO: parse UniqueIdentifier ::= BIT STRING */
1474
1475		pos = hdr.payload + hdr.length;
1476		if (pos == end)
1477			return 0;
1478
1479		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1480		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1481			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1482				   " tag to parse optional tbsCertificate "
1483				   "field(s); parsed class %d tag 0x%x",
1484				   hdr.class, hdr.tag);
1485			return -1;
1486		}
1487	}
1488
1489	if (hdr.tag == 2) {
1490		/* subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL */
1491		wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
1492		/* TODO: parse UniqueIdentifier ::= BIT STRING */
1493
1494		pos = hdr.payload + hdr.length;
1495		if (pos == end)
1496			return 0;
1497
1498		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1499		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1500			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1501				   " tag to parse optional tbsCertificate "
1502				   "field(s); parsed class %d tag 0x%x",
1503				   hdr.class, hdr.tag);
1504			return -1;
1505		}
1506	}
1507
1508	if (hdr.tag != 3) {
1509		wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
1510			   "Context-Specific tag %d in optional "
1511			   "tbsCertificate fields", hdr.tag);
1512		return 0;
1513	}
1514
1515	/* extensions      [3]  EXPLICIT Extensions OPTIONAL */
1516
1517	if (cert->version != X509_CERT_V3) {
1518		wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
1519			   "Extensions data which are only allowed for "
1520			   "version 3", cert->version + 1);
1521		return -1;
1522	}
1523
1524	if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1525		return -1;
1526
1527	pos = hdr.payload + hdr.length;
1528	if (pos < end) {
1529		wpa_hexdump(MSG_DEBUG,
1530			    "X509: Ignored extra tbsCertificate data",
1531			    pos, end - pos);
1532	}
1533
1534	return 0;
1535}
1536
1537
1538static int x509_rsadsi_oid(struct asn1_oid *oid)
1539{
1540	return oid->len >= 4 &&
1541		oid->oid[0] == 1 /* iso */ &&
1542		oid->oid[1] == 2 /* member-body */ &&
1543		oid->oid[2] == 840 /* us */ &&
1544		oid->oid[3] == 113549 /* rsadsi */;
1545}
1546
1547
1548static int x509_pkcs_oid(struct asn1_oid *oid)
1549{
1550	return oid->len >= 5 &&
1551		x509_rsadsi_oid(oid) &&
1552		oid->oid[4] == 1 /* pkcs */;
1553}
1554
1555
1556static int x509_digest_oid(struct asn1_oid *oid)
1557{
1558	return oid->len >= 5 &&
1559		x509_rsadsi_oid(oid) &&
1560		oid->oid[4] == 2 /* digestAlgorithm */;
1561}
1562
1563
1564int x509_sha1_oid(struct asn1_oid *oid)
1565{
1566	return oid->len == 6 &&
1567		oid->oid[0] == 1 /* iso */ &&
1568		oid->oid[1] == 3 /* identified-organization */ &&
1569		oid->oid[2] == 14 /* oiw */ &&
1570		oid->oid[3] == 3 /* secsig */ &&
1571		oid->oid[4] == 2 /* algorithms */ &&
1572		oid->oid[5] == 26 /* id-sha1 */;
1573}
1574
1575
1576static int x509_sha2_oid(struct asn1_oid *oid)
1577{
1578	return oid->len == 9 &&
1579		oid->oid[0] == 2 /* joint-iso-itu-t */ &&
1580		oid->oid[1] == 16 /* country */ &&
1581		oid->oid[2] == 840 /* us */ &&
1582		oid->oid[3] == 1 /* organization */ &&
1583		oid->oid[4] == 101 /* gov */ &&
1584		oid->oid[5] == 3 /* csor */ &&
1585		oid->oid[6] == 4 /* nistAlgorithm */ &&
1586		oid->oid[7] == 2 /* hashAlgs */;
1587}
1588
1589
1590int x509_sha256_oid(struct asn1_oid *oid)
1591{
1592	return x509_sha2_oid(oid) &&
1593		oid->oid[8] == 1 /* sha256 */;
1594}
1595
1596
1597int x509_sha384_oid(struct asn1_oid *oid)
1598{
1599	return x509_sha2_oid(oid) &&
1600		oid->oid[8] == 2 /* sha384 */;
1601}
1602
1603
1604int x509_sha512_oid(struct asn1_oid *oid)
1605{
1606	return x509_sha2_oid(oid) &&
1607		oid->oid[8] == 3 /* sha512 */;
1608}
1609
1610
1611/**
1612 * x509_certificate_parse - Parse a X.509 certificate in DER format
1613 * @buf: Pointer to the X.509 certificate in DER format
1614 * @len: Buffer length
1615 * Returns: Pointer to the parsed certificate or %NULL on failure
1616 *
1617 * Caller is responsible for freeing the returned certificate by calling
1618 * x509_certificate_free().
1619 */
1620struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
1621{
1622	struct asn1_hdr hdr;
1623	const u8 *pos, *end, *hash_start;
1624	struct x509_certificate *cert;
1625
1626	cert = os_zalloc(sizeof(*cert) + len);
1627	if (cert == NULL)
1628		return NULL;
1629	os_memcpy(cert + 1, buf, len);
1630	cert->cert_start = (u8 *) (cert + 1);
1631	cert->cert_len = len;
1632
1633	pos = buf;
1634	end = buf + len;
1635
1636	/* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
1637
1638	/* Certificate ::= SEQUENCE */
1639	if (asn1_get_next(pos, len, &hdr) < 0 ||
1640	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1641	    hdr.tag != ASN1_TAG_SEQUENCE) {
1642		wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
1643			   "a valid SEQUENCE - found class %d tag 0x%x",
1644			   hdr.class, hdr.tag);
1645		x509_certificate_free(cert);
1646		return NULL;
1647	}
1648	pos = hdr.payload;
1649
1650	if (hdr.length > end - pos) {
1651		x509_certificate_free(cert);
1652		return NULL;
1653	}
1654
1655	if (hdr.length < end - pos) {
1656		wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
1657			    "encoded certificate",
1658			    pos + hdr.length, end - (pos + hdr.length));
1659		end = pos + hdr.length;
1660	}
1661
1662	hash_start = pos;
1663	cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1664	if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1665		x509_certificate_free(cert);
1666		return NULL;
1667	}
1668	cert->tbs_cert_len = pos - hash_start;
1669
1670	/* signatureAlgorithm AlgorithmIdentifier */
1671	if (x509_parse_algorithm_identifier(pos, end - pos,
1672					    &cert->signature_alg, &pos)) {
1673		x509_certificate_free(cert);
1674		return NULL;
1675	}
1676
1677	/* signatureValue BIT STRING */
1678	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1679	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1680	    hdr.tag != ASN1_TAG_BITSTRING) {
1681		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
1682			   "(signatureValue) - found class %d tag 0x%x",
1683			   hdr.class, hdr.tag);
1684		x509_certificate_free(cert);
1685		return NULL;
1686	}
1687	if (hdr.length < 1) {
1688		x509_certificate_free(cert);
1689		return NULL;
1690	}
1691	pos = hdr.payload;
1692	if (*pos) {
1693		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
1694			   *pos);
1695		/* PKCS #1 v1.5 10.2.1:
1696		 * It is an error if the length in bits of the signature S is
1697		 * not a multiple of eight.
1698		 */
1699		x509_certificate_free(cert);
1700		return NULL;
1701	}
1702	os_free(cert->sign_value);
1703	cert->sign_value = os_malloc(hdr.length - 1);
1704	if (cert->sign_value == NULL) {
1705		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
1706			   "signatureValue");
1707		x509_certificate_free(cert);
1708		return NULL;
1709	}
1710	os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1711	cert->sign_value_len = hdr.length - 1;
1712	wpa_hexdump(MSG_MSGDUMP, "X509: signature",
1713		    cert->sign_value, cert->sign_value_len);
1714
1715	return cert;
1716}
1717
1718
1719/**
1720 * x509_certificate_check_signature - Verify certificate signature
1721 * @issuer: Issuer certificate
1722 * @cert: Certificate to be verified
1723 * Returns: 0 if cert has a valid signature that was signed by the issuer,
1724 * -1 if not
1725 */
1726int x509_certificate_check_signature(struct x509_certificate *issuer,
1727				     struct x509_certificate *cert)
1728{
1729	return x509_check_signature(issuer, &cert->signature,
1730				    cert->sign_value, cert->sign_value_len,
1731				    cert->tbs_cert_start, cert->tbs_cert_len);
1732}
1733
1734
1735int x509_check_signature(struct x509_certificate *issuer,
1736			 struct x509_algorithm_identifier *signature,
1737			 const u8 *sign_value, size_t sign_value_len,
1738			 const u8 *signed_data, size_t signed_data_len)
1739{
1740	struct crypto_public_key *pk;
1741	u8 *data;
1742	const u8 *pos, *end, *next, *da_end;
1743	size_t data_len;
1744	struct asn1_hdr hdr;
1745	struct asn1_oid oid;
1746	u8 hash[64];
1747	size_t hash_len;
1748	const u8 *addr[1] = { signed_data };
1749	size_t len[1] = { signed_data_len };
1750
1751	if (!x509_pkcs_oid(&signature->oid) ||
1752	    signature->oid.len != 7 ||
1753	    signature->oid.oid[5] != 1 /* pkcs-1 */) {
1754		wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
1755			   "algorithm");
1756		return -1;
1757	}
1758
1759	pk = crypto_public_key_import(issuer->public_key,
1760				      issuer->public_key_len);
1761	if (pk == NULL)
1762		return -1;
1763
1764	data_len = sign_value_len;
1765	data = os_malloc(data_len);
1766	if (data == NULL) {
1767		crypto_public_key_free(pk);
1768		return -1;
1769	}
1770
1771	if (crypto_public_key_decrypt_pkcs1(pk, sign_value,
1772					    sign_value_len, data,
1773					    &data_len) < 0) {
1774		wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
1775		crypto_public_key_free(pk);
1776		os_free(data);
1777		return -1;
1778	}
1779	crypto_public_key_free(pk);
1780
1781	wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
1782
1783	/*
1784	 * PKCS #1 v1.5, 10.1.2:
1785	 *
1786	 * DigestInfo ::= SEQUENCE {
1787	 *     digestAlgorithm DigestAlgorithmIdentifier,
1788	 *     digest Digest
1789	 * }
1790	 *
1791	 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1792	 *
1793	 * Digest ::= OCTET STRING
1794	 *
1795	 */
1796	if (asn1_get_next(data, data_len, &hdr) < 0 ||
1797	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1798	    hdr.tag != ASN1_TAG_SEQUENCE) {
1799		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1800			   "(DigestInfo) - found class %d tag 0x%x",
1801			   hdr.class, hdr.tag);
1802		os_free(data);
1803		return -1;
1804	}
1805
1806	pos = hdr.payload;
1807	end = pos + hdr.length;
1808
1809	/*
1810	 * X.509:
1811	 * AlgorithmIdentifier ::= SEQUENCE {
1812	 *     algorithm            OBJECT IDENTIFIER,
1813	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
1814	 * }
1815	 */
1816
1817	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1818	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1819	    hdr.tag != ASN1_TAG_SEQUENCE) {
1820		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1821			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
1822			   hdr.class, hdr.tag);
1823		os_free(data);
1824		return -1;
1825	}
1826	da_end = hdr.payload + hdr.length;
1827
1828	if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
1829		wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
1830		os_free(data);
1831		return -1;
1832	}
1833
1834	if (x509_sha1_oid(&oid)) {
1835		if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
1836			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
1837				   "does not match with certificate "
1838				   "signatureAlgorithm (%lu)",
1839				   signature->oid.oid[6]);
1840			os_free(data);
1841			return -1;
1842		}
1843		goto skip_digest_oid;
1844	}
1845
1846	if (x509_sha256_oid(&oid)) {
1847		if (signature->oid.oid[6] !=
1848		    11 /* sha2561WithRSAEncryption */) {
1849			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
1850				   "does not match with certificate "
1851				   "signatureAlgorithm (%lu)",
1852				   signature->oid.oid[6]);
1853			os_free(data);
1854			return -1;
1855		}
1856		goto skip_digest_oid;
1857	}
1858
1859	if (x509_sha384_oid(&oid)) {
1860		if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) {
1861			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 "
1862				   "does not match with certificate "
1863				   "signatureAlgorithm (%lu)",
1864				   signature->oid.oid[6]);
1865			os_free(data);
1866			return -1;
1867		}
1868		goto skip_digest_oid;
1869	}
1870
1871	if (x509_sha512_oid(&oid)) {
1872		if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) {
1873			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 "
1874				   "does not match with certificate "
1875				   "signatureAlgorithm (%lu)",
1876				   signature->oid.oid[6]);
1877			os_free(data);
1878			return -1;
1879		}
1880		goto skip_digest_oid;
1881	}
1882
1883	if (!x509_digest_oid(&oid)) {
1884		wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
1885		os_free(data);
1886		return -1;
1887	}
1888	switch (oid.oid[5]) {
1889	case 5: /* md5 */
1890		if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) {
1891			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
1892				   "not match with certificate "
1893				   "signatureAlgorithm (%lu)",
1894				   signature->oid.oid[6]);
1895			os_free(data);
1896			return -1;
1897		}
1898		break;
1899	case 2: /* md2 */
1900	case 4: /* md4 */
1901	default:
1902		wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
1903			   "(%lu)", oid.oid[5]);
1904		os_free(data);
1905		return -1;
1906	}
1907
1908skip_digest_oid:
1909	/* Digest ::= OCTET STRING */
1910	pos = da_end;
1911	end = data + data_len;
1912
1913	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1914	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1915	    hdr.tag != ASN1_TAG_OCTETSTRING) {
1916		wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
1917			   "(Digest) - found class %d tag 0x%x",
1918			   hdr.class, hdr.tag);
1919		os_free(data);
1920		return -1;
1921	}
1922	wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
1923		    hdr.payload, hdr.length);
1924
1925	switch (signature->oid.oid[6]) {
1926	case 4: /* md5WithRSAEncryption */
1927		md5_vector(1, addr, len, hash);
1928		hash_len = 16;
1929		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
1930			    hash, hash_len);
1931		break;
1932	case 5: /* sha-1WithRSAEncryption */
1933		sha1_vector(1, addr, len, hash);
1934		hash_len = 20;
1935		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
1936			    hash, hash_len);
1937		break;
1938	case 11: /* sha256WithRSAEncryption */
1939		sha256_vector(1, addr, len, hash);
1940		hash_len = 32;
1941		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
1942			    hash, hash_len);
1943		break;
1944	case 12: /* sha384WithRSAEncryption */
1945		sha384_vector(1, addr, len, hash);
1946		hash_len = 48;
1947		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)",
1948			    hash, hash_len);
1949		break;
1950	case 13: /* sha512WithRSAEncryption */
1951		sha512_vector(1, addr, len, hash);
1952		hash_len = 64;
1953		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)",
1954			    hash, hash_len);
1955		break;
1956	case 2: /* md2WithRSAEncryption */
1957	default:
1958		wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
1959			   "algorithm (%lu)", signature->oid.oid[6]);
1960		os_free(data);
1961		return -1;
1962	}
1963
1964	if (hdr.length != hash_len ||
1965	    os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
1966		wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
1967			   "with calculated tbsCertificate hash");
1968		os_free(data);
1969		return -1;
1970	}
1971
1972	if (hdr.payload + hdr.length < data + data_len) {
1973		wpa_hexdump(MSG_INFO,
1974			    "X509: Extra data after certificate signature hash",
1975			    hdr.payload + hdr.length,
1976			    data + data_len - hdr.payload - hdr.length);
1977		os_free(data);
1978		return -1;
1979	}
1980
1981	os_free(data);
1982
1983	wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
1984		   "calculated tbsCertificate hash");
1985
1986	return 0;
1987}
1988
1989
1990static int x509_valid_issuer(const struct x509_certificate *cert)
1991{
1992	if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1993	    !cert->ca) {
1994		wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
1995			   "issuer");
1996		return -1;
1997	}
1998
1999	if (cert->version == X509_CERT_V3 &&
2000	    !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
2001		wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
2002			   "include BasicConstraints extension");
2003		return -1;
2004	}
2005
2006	if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
2007	    !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
2008		wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
2009			   "keyCertSign bit in Key Usage");
2010		return -1;
2011	}
2012
2013	return 0;
2014}
2015
2016
2017/**
2018 * x509_certificate_chain_validate - Validate X.509 certificate chain
2019 * @trusted: List of trusted certificates
2020 * @chain: Certificate chain to be validated (first chain must be issued by
2021 * signed by the second certificate in the chain and so on)
2022 * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
2023 * Returns: 0 if chain is valid, -1 if not
2024 */
2025int x509_certificate_chain_validate(struct x509_certificate *trusted,
2026				    struct x509_certificate *chain,
2027				    int *reason, int disable_time_checks)
2028{
2029	long unsigned idx;
2030	int chain_trusted = 0;
2031	struct x509_certificate *cert, *trust;
2032	char buf[128];
2033	struct os_time now;
2034
2035	*reason = X509_VALIDATE_OK;
2036
2037	wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
2038	os_get_time(&now);
2039
2040	for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
2041		cert->issuer_trusted = 0;
2042		x509_name_string(&cert->subject, buf, sizeof(buf));
2043		wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
2044
2045		if (chain_trusted)
2046			continue;
2047
2048		if (!disable_time_checks &&
2049		    ((unsigned long) now.sec <
2050		     (unsigned long) cert->not_before ||
2051		     (unsigned long) now.sec >
2052		     (unsigned long) cert->not_after)) {
2053			wpa_printf(MSG_INFO, "X509: Certificate not valid "
2054				   "(now=%lu not_before=%lu not_after=%lu)",
2055				   now.sec, cert->not_before, cert->not_after);
2056			*reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
2057			return -1;
2058		}
2059
2060		if (cert->next) {
2061			if (x509_name_compare(&cert->issuer,
2062					      &cert->next->subject) != 0) {
2063				wpa_printf(MSG_DEBUG, "X509: Certificate "
2064					   "chain issuer name mismatch");
2065				x509_name_string(&cert->issuer, buf,
2066						 sizeof(buf));
2067				wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
2068					   buf);
2069				x509_name_string(&cert->next->subject, buf,
2070						 sizeof(buf));
2071				wpa_printf(MSG_DEBUG, "X509: next cert "
2072					   "subject: %s", buf);
2073				*reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
2074				return -1;
2075			}
2076
2077			if (x509_valid_issuer(cert->next) < 0) {
2078				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2079				return -1;
2080			}
2081
2082			if ((cert->next->extensions_present &
2083			     X509_EXT_PATH_LEN_CONSTRAINT) &&
2084			    idx > cert->next->path_len_constraint) {
2085				wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
2086					   " not met (idx=%lu issuer "
2087					   "pathLenConstraint=%lu)", idx,
2088					   cert->next->path_len_constraint);
2089				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2090				return -1;
2091			}
2092
2093			if (x509_certificate_check_signature(cert->next, cert)
2094			    < 0) {
2095				wpa_printf(MSG_DEBUG, "X509: Invalid "
2096					   "certificate signature within "
2097					   "chain");
2098				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2099				return -1;
2100			}
2101		}
2102
2103		for (trust = trusted; trust; trust = trust->next) {
2104			if (x509_name_compare(&cert->issuer, &trust->subject)
2105			    == 0)
2106				break;
2107		}
2108
2109		if (trust) {
2110			wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
2111				   "list of trusted certificates");
2112			if (x509_valid_issuer(trust) < 0) {
2113				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2114				return -1;
2115			}
2116
2117			if (x509_certificate_check_signature(trust, cert) < 0)
2118			{
2119				wpa_printf(MSG_DEBUG, "X509: Invalid "
2120					   "certificate signature");
2121				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2122				return -1;
2123			}
2124
2125			wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
2126				   "found to complete the chain");
2127			cert->issuer_trusted = 1;
2128			chain_trusted = 1;
2129		}
2130	}
2131
2132	if (!chain_trusted) {
2133		wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
2134			   "from the list of trusted certificates");
2135		if (trusted) {
2136			*reason = X509_VALIDATE_UNKNOWN_CA;
2137			return -1;
2138		}
2139		wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
2140			   "disabled - ignore unknown CA issue");
2141	}
2142
2143	wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
2144
2145	return 0;
2146}
2147
2148
2149/**
2150 * x509_certificate_get_subject - Get a certificate based on Subject name
2151 * @chain: Certificate chain to search through
2152 * @name: Subject name to search for
2153 * Returns: Pointer to the certificate with the given Subject name or
2154 * %NULL on failure
2155 */
2156struct x509_certificate *
2157x509_certificate_get_subject(struct x509_certificate *chain,
2158			     struct x509_name *name)
2159{
2160	struct x509_certificate *cert;
2161
2162	for (cert = chain; cert; cert = cert->next) {
2163		if (x509_name_compare(&cert->subject, name) == 0)
2164			return cert;
2165	}
2166	return NULL;
2167}
2168
2169
2170/**
2171 * x509_certificate_self_signed - Is the certificate self-signed?
2172 * @cert: Certificate
2173 * Returns: 1 if certificate is self-signed, 0 if not
2174 */
2175int x509_certificate_self_signed(struct x509_certificate *cert)
2176{
2177	return x509_name_compare(&cert->issuer, &cert->subject) == 0;
2178}
2179