LXR linux/crypto/asymmetric_keys/x509_cert

   1/* X.509 certificate parser
   2 *
   3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public Licence
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the Licence, or (at your option) any later version.
  10 */
  11
  12#define pr_fmt(fmt) "X.509: "fmt
  13#include <linux/kernel.h>
  14#include <linux/export.h>
  15#include <linux/slab.h>
  16#include <linux/err.h>
  17#include <linux/oid_registry.h>
  18#include <crypto/public_key.h>
  19#include "x509_parser.h"
  20#include "x509.asn1.h"
  21#include "x509_akid.asn1.h"
  22
  23struct x509_parse_context {
  24        struct x509_certificate *cert;          /* Certificate being constructed */
  25        unsigned long   data;                   /* Start of data */
  26        const void      *cert_start;            /* Start of cert content */
  27        const void      *key;                   /* Key data */
  28        size_t          key_size;               /* Size of key data */
  29        enum OID        last_oid;               /* Last OID encountered */
  30        enum OID        algo_oid;               /* Algorithm OID */
  31        unsigned char   nr_mpi;                 /* Number of MPIs stored */
  32        u8              o_size;                 /* Size of organizationName (O) */
  33        u8              cn_size;                /* Size of commonName (CN) */
  34        u8              email_size;             /* Size of emailAddress */
  35        u16             o_offset;               /* Offset of organizationName (O) */
  36        u16             cn_offset;              /* Offset of commonName (CN) */
  37        u16             email_offset;           /* Offset of emailAddress */
  38        unsigned        raw_akid_size;
  39        const void      *raw_akid;              /* Raw authorityKeyId in ASN.1 */
  40        const void      *akid_raw_issuer;       /* Raw directoryName in authorityKeyId */
  41        unsigned        akid_raw_issuer_size;
  42};
  43
  44/*
  45 * Free an X.509 certificate
  46 */
  47void x509_free_certificate(struct x509_certificate *cert)
  48{
  49        if (cert) {
  50                public_key_free(cert->pub);
  51                public_key_signature_free(cert->sig);
  52                kfree(cert->issuer);
  53                kfree(cert->subject);
  54                kfree(cert->id);
  55                kfree(cert->skid);
  56                kfree(cert);
  57        }
  58}
  59EXPORT_SYMBOL_GPL(x509_free_certificate);
  60
  61/*
  62 * Parse an X.509 certificate
  63 */
  64struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
  65{
  66        struct x509_certificate *cert;
  67        struct x509_parse_context *ctx;
  68        struct asymmetric_key_id *kid;
  69        long ret;
  70
  71        ret = -ENOMEM;
  72        cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL);
  73        if (!cert)
  74                goto error_no_cert;
  75        cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
  76        if (!cert->pub)
  77                goto error_no_ctx;
  78        cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL);
  79        if (!cert->sig)
  80                goto error_no_ctx;
  81        ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL);
  82        if (!ctx)
  83                goto error_no_ctx;
  84
  85        ctx->cert = cert;
  86        ctx->data = (unsigned long)data;
  87
  88        /* Attempt to decode the certificate */
  89        ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen);
  90        if (ret < 0)
  91                goto error_decode;
  92
  93        /* Decode the AuthorityKeyIdentifier */
  94        if (ctx->raw_akid) {
  95                pr_devel("AKID: %u %*phN\n",
  96                         ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid);
  97                ret = asn1_ber_decoder(&x509_akid_decoder, ctx,
  98                                       ctx->raw_akid, ctx->raw_akid_size);
  99                if (ret < 0) {
 100                        pr_warn("Couldn't decode AuthKeyIdentifier\n");
 101                        goto error_decode;
 102                }
 103        }
 104
 105        ret = -ENOMEM;
 106        cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
 107        if (!cert->pub->key)
 108                goto error_decode;
 109
 110        cert->pub->keylen = ctx->key_size;
 111
 112        /* Grab the signature bits */
 113        ret = x509_get_sig_params(cert);
 114        if (ret < 0)
 115                goto error_decode;
 116
 117        /* Generate cert issuer + serial number key ID */
 118        kid = asymmetric_key_generate_id(cert->raw_serial,
 119                                         cert->raw_serial_size,
 120                                         cert->raw_issuer,
 121                                         cert->raw_issuer_size);
 122        if (IS_ERR(kid)) {
 123                ret = PTR_ERR(kid);
 124                goto error_decode;
 125        }
 126        cert->id = kid;
 127
 128        /* Detect self-signed certificates */
 129        ret = x509_check_for_self_signed(cert);
 130        if (ret < 0)
 131                goto error_decode;
 132
 133        kfree(ctx);
 134        return cert;
 135
 136error_decode:
 137        kfree(ctx);
 138error_no_ctx:
 139        x509_free_certificate(cert);
 140error_no_cert:
 141        return ERR_PTR(ret);
 142}
 143EXPORT_SYMBOL_GPL(x509_cert_parse);
 144
 145/*
 146 * Note an OID when we find one for later processing when we know how
 147 * to interpret it.
 148 */
 149int x509_note_OID(void *context, size_t hdrlen,
 150             unsigned char tag,
 151             const void *value, size_t vlen)
 152{
 153        struct x509_parse_context *ctx = context;
 154
 155        ctx->last_oid = look_up_OID(value, vlen);
 156        if (ctx->last_oid == OID__NR) {
 157                char buffer[50];
 158                sprint_oid(value, vlen, buffer, sizeof(buffer));
 159                pr_debug("Unknown OID: [%lu] %s\n",
 160                         (unsigned long)value - ctx->data, buffer);
 161        }
 162        return 0;
 163}
 164
 165/*
 166 * Save the position of the TBS data so that we can check the signature over it
 167 * later.
 168 */
 169int x509_note_tbs_certificate(void *context, size_t hdrlen,
 170                              unsigned char tag,
 171                              const void *value, size_t vlen)
 172{
 173        struct x509_parse_context *ctx = context;
 174
 175        pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n",
 176                 hdrlen, tag, (unsigned long)value - ctx->data, vlen);
 177
 178        ctx->cert->tbs = value - hdrlen;
 179        ctx->cert->tbs_size = vlen + hdrlen;
 180        return 0;
 181}
 182
 183/*
 184 * Record the public key algorithm
 185 */
 186int x509_note_pkey_algo(void *context, size_t hdrlen,
 187                        unsigned char tag,
 188                        const void *value, size_t vlen)
 189{
 190        struct x509_parse_context *ctx = context;
 191
 192        pr_debug("PubKey Algo: %u\n", ctx->last_oid);
 193
 194        switch (ctx->last_oid) {
 195        case OID_md2WithRSAEncryption:
 196        case OID_md3WithRSAEncryption:
 197        default:
 198                return -ENOPKG; /* Unsupported combination */
 199
 200        case OID_md4WithRSAEncryption:
 201                ctx->cert->sig->hash_algo = "md4";
 202                goto rsa_pkcs1;
 203
 204        case OID_sha1WithRSAEncryption:
 205                ctx->cert->sig->hash_algo = "sha1";
 206                goto rsa_pkcs1;
 207
 208        case OID_sha256WithRSAEncryption:
 209                ctx->cert->sig->hash_algo = "sha256";
 210                goto rsa_pkcs1;
 211
 212        case OID_sha384WithRSAEncryption:
 213                ctx->cert->sig->hash_algo = "sha384";
 214                goto rsa_pkcs1;
 215
 216        case OID_sha512WithRSAEncryption:
 217                ctx->cert->sig->hash_algo = "sha512";
 218                goto rsa_pkcs1;
 219
 220        case OID_sha224WithRSAEncryption:
 221                ctx->cert->sig->hash_algo = "sha224";
 222                goto rsa_pkcs1;
 223        }
 224
 225rsa_pkcs1:
 226        ctx->cert->sig->pkey_algo = "rsa";
 227        ctx->cert->sig->encoding = "pkcs1";
 228        ctx->algo_oid = ctx->last_oid;
 229        return 0;
 230}
 231
 232/*
 233 * Note the whereabouts and type of the signature.
 234 */
 235int x509_note_signature(void *context, size_t hdrlen,
 236                        unsigned char tag,
 237                        const void *value, size_t vlen)
 238{
 239        struct x509_parse_context *ctx = context;
 240
 241        pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen);
 242
 243        if (ctx->last_oid != ctx->algo_oid) {
 244                pr_warn("Got cert with pkey (%u) and sig (%u) algorithm OIDs\n",
 245                        ctx->algo_oid, ctx->last_oid);
 246                return -EINVAL;
 247        }
 248
 249        if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
 250                /* Discard the BIT STRING metadata */
 251                if (vlen < 1 || *(const u8 *)value != 0)
 252                        return -EBADMSG;
 253
 254                value++;
 255                vlen--;
 256        }
 257
 258        ctx->cert->raw_sig = value;
 259        ctx->cert->raw_sig_size = vlen;
 260        return 0;
 261}
 262
 263/*
 264 * Note the certificate serial number
 265 */
 266int x509_note_serial(void *context, size_t hdrlen,
 267                     unsigned char tag,
 268                     const void *value, size_t vlen)
 269{
 270        struct x509_parse_context *ctx = context;
 271        ctx->cert->raw_serial = value;
 272        ctx->cert->raw_serial_size = vlen;
 273        return 0;
 274}
 275
 276/*
 277 * Note some of the name segments from which we'll fabricate a name.
 278 */
 279int x509_extract_name_segment(void *context, size_t hdrlen,
 280                              unsigned char tag,
 281                              const void *value, size_t vlen)
 282{
 283        struct x509_parse_context *ctx = context;
 284
 285        switch (ctx->last_oid) {
 286        case OID_commonName:
 287                ctx->cn_size = vlen;
 288                ctx->cn_offset = (unsigned long)value - ctx->data;
 289                break;
 290        case OID_organizationName:
 291                ctx->o_size = vlen;
 292                ctx->o_offset = (unsigned long)value - ctx->data;
 293                break;
 294        case OID_email_address:
 295                ctx->email_size = vlen;
 296                ctx->email_offset = (unsigned long)value - ctx->data;
 297                break;
 298        default:
 299                break;
 300        }
 301
 302        return 0;
 303}
 304
 305/*
 306 * Fabricate and save the issuer and subject names
 307 */
 308static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen,
 309                               unsigned char tag,
 310                               char **_name, size_t vlen)
 311{
 312        const void *name, *data = (const void *)ctx->data;
 313        size_t namesize;
 314        char *buffer;
 315
 316        if (*_name)
 317                return -EINVAL;
 318
 319        /* Empty name string if no material */
 320        if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) {
 321                buffer = kmalloc(1, GFP_KERNEL);
 322                if (!buffer)
 323                        return -ENOMEM;
 324                buffer[0] = 0;
 325                goto done;
 326        }
 327
 328        if (ctx->cn_size && ctx->o_size) {
 329                /* Consider combining O and CN, but use only the CN if it is
 330                 * prefixed by the O, or a significant portion thereof.
 331                 */
 332                namesize = ctx->cn_size;
 333                name = data + ctx->cn_offset;
 334                if (ctx->cn_size >= ctx->o_size &&
 335                    memcmp(data + ctx->cn_offset, data + ctx->o_offset,
 336                           ctx->o_size) == 0)
 337                        goto single_component;
 338                if (ctx->cn_size >= 7 &&
 339                    ctx->o_size >= 7 &&
 340                    memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0)
 341                        goto single_component;
 342
 343                buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1,
 344                                 GFP_KERNEL);
 345                if (!buffer)
 346                        return -ENOMEM;
 347
 348                memcpy(buffer,
 349                       data + ctx->o_offset, ctx->o_size);
 350                buffer[ctx->o_size + 0] = ':';
 351                buffer[ctx->o_size + 1] = ' ';
 352                memcpy(buffer + ctx->o_size + 2,
 353                       data + ctx->cn_offset, ctx->cn_size);
 354                buffer[ctx->o_size + 2 + ctx->cn_size] = 0;
 355                goto done;
 356
 357        } else if (ctx->cn_size) {
 358                namesize = ctx->cn_size;
 359                name = data + ctx->cn_offset;
 360        } else if (ctx->o_size) {
 361                namesize = ctx->o_size;
 362                name = data + ctx->o_offset;
 363        } else {
 364                namesize = ctx->email_size;
 365                name = data + ctx->email_offset;
 366        }
 367
 368single_component:
 369        buffer = kmalloc(namesize + 1, GFP_KERNEL);
 370        if (!buffer)
 371                return -ENOMEM;
 372        memcpy(buffer, name, namesize);
 373        buffer[namesize] = 0;
 374
 375done:
 376        *_name = buffer;
 377        ctx->cn_size = 0;
 378        ctx->o_size = 0;
 379        ctx->email_size = 0;
 380        return 0;
 381}
 382
 383int x509_note_issuer(void *context, size_t hdrlen,
 384                     unsigned char tag,
 385                     const void *value, size_t vlen)
 386{
 387        struct x509_parse_context *ctx = context;
 388        ctx->cert->raw_issuer = value;
 389        ctx->cert->raw_issuer_size = vlen;
 390        return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
 391}
 392
 393int x509_note_subject(void *context, size_t hdrlen,
 394                      unsigned char tag,
 395                      const void *value, size_t vlen)
 396{
 397        struct x509_parse_context *ctx = context;
 398        ctx->cert->raw_subject = value;
 399        ctx->cert->raw_subject_size = vlen;
 400        return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
 401}
 402
 403/*
 404 * Extract the data for the public key algorithm
 405 */
 406int x509_extract_key_data(void *context, size_t hdrlen,
 407                          unsigned char tag,
 408                          const void *value, size_t vlen)
 409{
 410        struct x509_parse_context *ctx = context;
 411
 412        if (ctx->last_oid != OID_rsaEncryption)
 413                return -ENOPKG;
 414
 415        ctx->cert->pub->pkey_algo = "rsa";
 416
 417        /* Discard the BIT STRING metadata */
 418        if (vlen < 1 || *(const u8 *)value != 0)
 419                return -EBADMSG;
 420        ctx->key = value + 1;
 421        ctx->key_size = vlen - 1;
 422        return 0;
 423}
 424
 425/* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */
 426#define SEQ_TAG_KEYID (ASN1_CONT << 6)
 427
 428/*
 429 * Process certificate extensions that are used to qualify the certificate.
 430 */
 431int x509_process_extension(void *context, size_t hdrlen,
 432                           unsigned char tag,
 433                           const void *value, size_t vlen)
 434{
 435        struct x509_parse_context *ctx = context;
 436        struct asymmetric_key_id *kid;
 437        const unsigned char *v = value;
 438
 439        pr_debug("Extension: %u\n", ctx->last_oid);
 440
 441        if (ctx->last_oid == OID_subjectKeyIdentifier) {
 442                /* Get hold of the key fingerprint */
 443                if (ctx->cert->skid || vlen < 3)
 444                        return -EBADMSG;
 445                if (v[0] != ASN1_OTS || v[1] != vlen - 2)
 446                        return -EBADMSG;
 447                v += 2;
 448                vlen -= 2;
 449
 450                ctx->cert->raw_skid_size = vlen;
 451                ctx->cert->raw_skid = v;
 452                kid = asymmetric_key_generate_id(v, vlen, "", 0);
 453                if (IS_ERR(kid))
 454                        return PTR_ERR(kid);
 455                ctx->cert->skid = kid;
 456                pr_debug("subjkeyid %*phN\n", kid->len, kid->data);
 457                return 0;
 458        }
 459
 460        if (ctx->last_oid == OID_authorityKeyIdentifier) {
 461                /* Get hold of the CA key fingerprint */
 462                ctx->raw_akid = v;
 463                ctx->raw_akid_size = vlen;
 464                return 0;
 465        }
 466
 467        return 0;
 468}
 469
 470/**
 471 * x509_decode_time - Decode an X.509 time ASN.1 object
 472 * @_t: The time to fill in
 473 * @hdrlen: The length of the object header
 474 * @tag: The object tag
 475 * @value: The object value
 476 * @vlen: The size of the object value
 477 *
 478 * Decode an ASN.1 universal time or generalised time field into a struct the
 479 * kernel can handle and check it for validity.  The time is decoded thus:
 480 *
 481 *      [RFC5280 §4.1.2.5]
 482 *      CAs conforming to this profile MUST always encode certificate validity
 483 *      dates through the year 2049 as UTCTime; certificate validity dates in
 484 *      2050 or later MUST be encoded as GeneralizedTime.  Conforming
 485 *      applications MUST be able to process validity dates that are encoded in
 486 *      either UTCTime or GeneralizedTime.
 487 */
 488int x509_decode_time(time64_t *_t,  size_t hdrlen,
 489                     unsigned char tag,
 490                     const unsigned char *value, size_t vlen)
 491{
 492        static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30,
 493                                                       31, 31, 30, 31, 30, 31 };
 494        const unsigned char *p = value;
 495        unsigned year, mon, day, hour, min, sec, mon_len;
 496
 497#define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; })
 498#define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; })
 499
 500        if (tag == ASN1_UNITIM) {
 501                /* UTCTime: YYMMDDHHMMSSZ */
 502                if (vlen != 13)
 503                        goto unsupported_time;
 504                year = DD2bin(p);
 505                if (year >= 50)
 506                        year += 1900;
 507                else
 508                        year += 2000;
 509        } else if (tag == ASN1_GENTIM) {
 510                /* GenTime: YYYYMMDDHHMMSSZ */
 511                if (vlen != 15)
 512                        goto unsupported_time;
 513                year = DD2bin(p) * 100 + DD2bin(p);
 514                if (year >= 1950 && year <= 2049)
 515                        goto invalid_time;
 516        } else {
 517                goto unsupported_time;
 518        }
 519
 520        mon  = DD2bin(p);
 521        day = DD2bin(p);
 522        hour = DD2bin(p);
 523        min  = DD2bin(p);
 524        sec  = DD2bin(p);
 525
 526        if (*p != 'Z')
 527                goto unsupported_time;
 528
 529        if (year < 1970 ||
 530            mon < 1 || mon > 12)
 531                goto invalid_time;
 532
 533        mon_len = month_lengths[mon - 1];
 534        if (mon == 2) {
 535                if (year % 4 == 0) {
 536                        mon_len = 29;
 537                        if (year % 100 == 0) {
 538                                mon_len = 28;
 539                                if (year % 400 == 0)
 540                                        mon_len = 29;
 541                        }
 542                }
 543        }
 544
 545        if (day < 1 || day > mon_len ||
 546            hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */
 547            min > 59 ||
 548            sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */
 549                goto invalid_time;
 550
 551        *_t = mktime64(year, mon, day, hour, min, sec);
 552        return 0;
 553
 554unsupported_time:
 555        pr_debug("Got unsupported time [tag %02x]: '%*phN'\n",
 556                 tag, (int)vlen, value);
 557        return -EBADMSG;
 558invalid_time:
 559        pr_debug("Got invalid time [tag %02x]: '%*phN'\n",
 560                 tag, (int)vlen, value);
 561        return -EBADMSG;
 562}
 563EXPORT_SYMBOL_GPL(x509_decode_time);
 564
 565int x509_note_not_before(void *context, size_t hdrlen,
 566                         unsigned char tag,
 567                         const void *value, size_t vlen)
 568{
 569        struct x509_parse_context *ctx = context;
 570        return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen);
 571}
 572
 573int x509_note_not_after(void *context, size_t hdrlen,
 574                        unsigned char tag,
 575                        const void *value, size_t vlen)
 576{
 577        struct x509_parse_context *ctx = context;
 578        return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen);
 579}
 580
 581/*
 582 * Note a key identifier-based AuthorityKeyIdentifier
 583 */
 584int x509_akid_note_kid(void *context, size_t hdrlen,
 585                       unsigned char tag,
 586                       const void *value, size_t vlen)
 587{
 588        struct x509_parse_context *ctx = context;
 589        struct asymmetric_key_id *kid;
 590
 591        pr_debug("AKID: keyid: %*phN\n", (int)vlen, value);
 592
 593        if (ctx->cert->sig->auth_ids[1])
 594                return 0;
 595
 596        kid = asymmetric_key_generate_id(value, vlen, "", 0);
 597        if (IS_ERR(kid))
 598                return PTR_ERR(kid);
 599        pr_debug("authkeyid %*phN\n", kid->len, kid->data);
 600        ctx->cert->sig->auth_ids[1] = kid;
 601        return 0;
 602}
 603
 604/*
 605 * Note a directoryName in an AuthorityKeyIdentifier
 606 */
 607int x509_akid_note_name(void *context, size_t hdrlen,
 608                        unsigned char tag,
 609                        const void *value, size_t vlen)
 610{
 611        struct x509_parse_context *ctx = context;
 612
 613        pr_debug("AKID: name: %*phN\n", (int)vlen, value);
 614
 615        ctx->akid_raw_issuer = value;
 616        ctx->akid_raw_issuer_size = vlen;
 617        return 0;
 618}
 619
 620/*
 621 * Note a serial number in an AuthorityKeyIdentifier
 622 */
 623int x509_akid_note_serial(void *context, size_t hdrlen,
 624                          unsigned char tag,
 625                          const void *value, size_t vlen)
 626{
 627        struct x509_parse_context *ctx = context;
 628        struct asymmetric_key_id *kid;
 629
 630        pr_debug("AKID: serial: %*phN\n", (int)vlen, value);
 631
 632        if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0])
 633                return 0;
 634
 635        kid = asymmetric_key_generate_id(value,
 636                                         vlen,
 637                                         ctx->akid_raw_issuer,
 638                                         ctx->akid_raw_issuer_size);
 639        if (IS_ERR(kid))
 640                return PTR_ERR(kid);
 641
 642        pr_debug("authkeyid %*phN\n", kid->len, kid->data);
 643        ctx->cert->sig->auth_ids[0] = kid;
 644        return 0;
 645}
 646