Commit | Line | Data |
---|---|---|
b4d0d230 | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
c26fd69f DH |
2 | /* X.509 certificate parser |
3 | * | |
4 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | |
5 | * Written by David Howells (dhowells@redhat.com) | |
c26fd69f DH |
6 | */ |
7 | ||
8 | #define pr_fmt(fmt) "X.509: "fmt | |
9 | #include <linux/kernel.h> | |
ace0107a | 10 | #include <linux/export.h> |
c26fd69f DH |
11 | #include <linux/slab.h> |
12 | #include <linux/err.h> | |
13 | #include <linux/oid_registry.h> | |
db6c43bd | 14 | #include <crypto/public_key.h> |
c26fd69f | 15 | #include "x509_parser.h" |
4fa8bc94 MY |
16 | #include "x509.asn1.h" |
17 | #include "x509_akid.asn1.h" | |
c26fd69f DH |
18 | |
19 | struct x509_parse_context { | |
20 | struct x509_certificate *cert; /* Certificate being constructed */ | |
21 | unsigned long data; /* Start of data */ | |
c26fd69f DH |
22 | const void *key; /* Key data */ |
23 | size_t key_size; /* Size of key data */ | |
f1774cb8 VC |
24 | const void *params; /* Key parameters */ |
25 | size_t params_size; /* Size of key parameters */ | |
8f2a7b51 | 26 | enum OID key_algo; /* Algorithm used by the cert's key */ |
c26fd69f | 27 | enum OID last_oid; /* Last OID encountered */ |
8f2a7b51 | 28 | enum OID sig_algo; /* Algorithm used to sign the cert */ |
c26fd69f DH |
29 | u8 o_size; /* Size of organizationName (O) */ |
30 | u8 cn_size; /* Size of commonName (CN) */ | |
31 | u8 email_size; /* Size of emailAddress */ | |
32 | u16 o_offset; /* Offset of organizationName (O) */ | |
33 | u16 cn_offset; /* Offset of commonName (CN) */ | |
34 | u16 email_offset; /* Offset of emailAddress */ | |
b92e6570 DH |
35 | unsigned raw_akid_size; |
36 | const void *raw_akid; /* Raw authorityKeyId in ASN.1 */ | |
37 | const void *akid_raw_issuer; /* Raw directoryName in authorityKeyId */ | |
38 | unsigned akid_raw_issuer_size; | |
c26fd69f DH |
39 | }; |
40 | ||
41 | /* | |
42 | * Free an X.509 certificate | |
43 | */ | |
44 | void x509_free_certificate(struct x509_certificate *cert) | |
45 | { | |
46 | if (cert) { | |
3b764563 | 47 | public_key_free(cert->pub); |
77d0910d | 48 | public_key_signature_free(cert->sig); |
c26fd69f DH |
49 | kfree(cert->issuer); |
50 | kfree(cert->subject); | |
46963b77 DH |
51 | kfree(cert->id); |
52 | kfree(cert->skid); | |
c26fd69f DH |
53 | kfree(cert); |
54 | } | |
55 | } | |
ace0107a | 56 | EXPORT_SYMBOL_GPL(x509_free_certificate); |
c26fd69f DH |
57 | |
58 | /* | |
59 | * Parse an X.509 certificate | |
60 | */ | |
61 | struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) | |
62 | { | |
63 | struct x509_certificate *cert; | |
64 | struct x509_parse_context *ctx; | |
46963b77 | 65 | struct asymmetric_key_id *kid; |
c26fd69f DH |
66 | long ret; |
67 | ||
68 | ret = -ENOMEM; | |
69 | cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL); | |
70 | if (!cert) | |
71 | goto error_no_cert; | |
72 | cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); | |
73 | if (!cert->pub) | |
74 | goto error_no_ctx; | |
77d0910d DH |
75 | cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL); |
76 | if (!cert->sig) | |
77 | goto error_no_ctx; | |
c26fd69f DH |
78 | ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL); |
79 | if (!ctx) | |
80 | goto error_no_ctx; | |
81 | ||
82 | ctx->cert = cert; | |
83 | ctx->data = (unsigned long)data; | |
84 | ||
85 | /* Attempt to decode the certificate */ | |
86 | ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen); | |
87 | if (ret < 0) | |
88 | goto error_decode; | |
89 | ||
b92e6570 DH |
90 | /* Decode the AuthorityKeyIdentifier */ |
91 | if (ctx->raw_akid) { | |
92 | pr_devel("AKID: %u %*phN\n", | |
93 | ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid); | |
94 | ret = asn1_ber_decoder(&x509_akid_decoder, ctx, | |
95 | ctx->raw_akid, ctx->raw_akid_size); | |
96 | if (ret < 0) { | |
97 | pr_warn("Couldn't decode AuthKeyIdentifier\n"); | |
98 | goto error_decode; | |
99 | } | |
100 | } | |
101 | ||
4e880168 | 102 | ret = -ENOMEM; |
db6c43bd TS |
103 | cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL); |
104 | if (!cert->pub->key) | |
c26fd69f DH |
105 | goto error_decode; |
106 | ||
db6c43bd TS |
107 | cert->pub->keylen = ctx->key_size; |
108 | ||
f1774cb8 VC |
109 | cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL); |
110 | if (!cert->pub->params) | |
111 | goto error_decode; | |
112 | ||
113 | cert->pub->paramlen = ctx->params_size; | |
114 | cert->pub->algo = ctx->key_algo; | |
115 | ||
6c2dc5ae DH |
116 | /* Grab the signature bits */ |
117 | ret = x509_get_sig_params(cert); | |
118 | if (ret < 0) | |
119 | goto error_decode; | |
120 | ||
46963b77 DH |
121 | /* Generate cert issuer + serial number key ID */ |
122 | kid = asymmetric_key_generate_id(cert->raw_serial, | |
123 | cert->raw_serial_size, | |
124 | cert->raw_issuer, | |
125 | cert->raw_issuer_size); | |
126 | if (IS_ERR(kid)) { | |
127 | ret = PTR_ERR(kid); | |
128 | goto error_decode; | |
129 | } | |
130 | cert->id = kid; | |
131 | ||
6c2dc5ae DH |
132 | /* Detect self-signed certificates */ |
133 | ret = x509_check_for_self_signed(cert); | |
134 | if (ret < 0) | |
135 | goto error_decode; | |
136 | ||
c26fd69f DH |
137 | kfree(ctx); |
138 | return cert; | |
139 | ||
140 | error_decode: | |
141 | kfree(ctx); | |
142 | error_no_ctx: | |
143 | x509_free_certificate(cert); | |
144 | error_no_cert: | |
145 | return ERR_PTR(ret); | |
146 | } | |
ace0107a | 147 | EXPORT_SYMBOL_GPL(x509_cert_parse); |
c26fd69f DH |
148 | |
149 | /* | |
150 | * Note an OID when we find one for later processing when we know how | |
151 | * to interpret it. | |
152 | */ | |
153 | int x509_note_OID(void *context, size_t hdrlen, | |
154 | unsigned char tag, | |
155 | const void *value, size_t vlen) | |
156 | { | |
157 | struct x509_parse_context *ctx = context; | |
158 | ||
159 | ctx->last_oid = look_up_OID(value, vlen); | |
160 | if (ctx->last_oid == OID__NR) { | |
161 | char buffer[50]; | |
162 | sprint_oid(value, vlen, buffer, sizeof(buffer)); | |
cf75446e | 163 | pr_debug("Unknown OID: [%lu] %s\n", |
c26fd69f DH |
164 | (unsigned long)value - ctx->data, buffer); |
165 | } | |
166 | return 0; | |
167 | } | |
168 | ||
169 | /* | |
170 | * Save the position of the TBS data so that we can check the signature over it | |
171 | * later. | |
172 | */ | |
173 | int x509_note_tbs_certificate(void *context, size_t hdrlen, | |
174 | unsigned char tag, | |
175 | const void *value, size_t vlen) | |
176 | { | |
177 | struct x509_parse_context *ctx = context; | |
178 | ||
179 | pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n", | |
180 | hdrlen, tag, (unsigned long)value - ctx->data, vlen); | |
181 | ||
182 | ctx->cert->tbs = value - hdrlen; | |
183 | ctx->cert->tbs_size = vlen + hdrlen; | |
184 | return 0; | |
185 | } | |
186 | ||
187 | /* | |
8f2a7b51 | 188 | * Record the algorithm that was used to sign this certificate. |
c26fd69f | 189 | */ |
8f2a7b51 EB |
190 | int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag, |
191 | const void *value, size_t vlen) | |
c26fd69f DH |
192 | { |
193 | struct x509_parse_context *ctx = context; | |
194 | ||
195 | pr_debug("PubKey Algo: %u\n", ctx->last_oid); | |
196 | ||
197 | switch (ctx->last_oid) { | |
198 | case OID_md2WithRSAEncryption: | |
199 | case OID_md3WithRSAEncryption: | |
200 | default: | |
201 | return -ENOPKG; /* Unsupported combination */ | |
202 | ||
203 | case OID_md4WithRSAEncryption: | |
77d0910d | 204 | ctx->cert->sig->hash_algo = "md4"; |
03988490 | 205 | goto rsa_pkcs1; |
c26fd69f DH |
206 | |
207 | case OID_sha1WithRSAEncryption: | |
77d0910d | 208 | ctx->cert->sig->hash_algo = "sha1"; |
03988490 | 209 | goto rsa_pkcs1; |
c26fd69f DH |
210 | |
211 | case OID_sha256WithRSAEncryption: | |
77d0910d | 212 | ctx->cert->sig->hash_algo = "sha256"; |
03988490 | 213 | goto rsa_pkcs1; |
c26fd69f DH |
214 | |
215 | case OID_sha384WithRSAEncryption: | |
77d0910d | 216 | ctx->cert->sig->hash_algo = "sha384"; |
03988490 | 217 | goto rsa_pkcs1; |
c26fd69f DH |
218 | |
219 | case OID_sha512WithRSAEncryption: | |
77d0910d | 220 | ctx->cert->sig->hash_algo = "sha512"; |
03988490 | 221 | goto rsa_pkcs1; |
c26fd69f DH |
222 | |
223 | case OID_sha224WithRSAEncryption: | |
77d0910d | 224 | ctx->cert->sig->hash_algo = "sha224"; |
03988490 | 225 | goto rsa_pkcs1; |
0d7a7864 | 226 | |
299f561a SB |
227 | case OID_id_ecdsa_with_sha1: |
228 | ctx->cert->sig->hash_algo = "sha1"; | |
229 | goto ecdsa; | |
230 | ||
231 | case OID_id_ecdsa_with_sha224: | |
232 | ctx->cert->sig->hash_algo = "sha224"; | |
233 | goto ecdsa; | |
234 | ||
235 | case OID_id_ecdsa_with_sha256: | |
236 | ctx->cert->sig->hash_algo = "sha256"; | |
237 | goto ecdsa; | |
238 | ||
239 | case OID_id_ecdsa_with_sha384: | |
240 | ctx->cert->sig->hash_algo = "sha384"; | |
241 | goto ecdsa; | |
242 | ||
243 | case OID_id_ecdsa_with_sha512: | |
244 | ctx->cert->sig->hash_algo = "sha512"; | |
245 | goto ecdsa; | |
246 | ||
0d7a7864 VC |
247 | case OID_gost2012Signature256: |
248 | ctx->cert->sig->hash_algo = "streebog256"; | |
249 | goto ecrdsa; | |
250 | ||
251 | case OID_gost2012Signature512: | |
252 | ctx->cert->sig->hash_algo = "streebog512"; | |
253 | goto ecrdsa; | |
254f84f5 TZ |
254 | |
255 | case OID_SM2_with_SM3: | |
256 | ctx->cert->sig->hash_algo = "sm3"; | |
257 | goto sm2; | |
c26fd69f DH |
258 | } |
259 | ||
03988490 DH |
260 | rsa_pkcs1: |
261 | ctx->cert->sig->pkey_algo = "rsa"; | |
262 | ctx->cert->sig->encoding = "pkcs1"; | |
8f2a7b51 | 263 | ctx->sig_algo = ctx->last_oid; |
c26fd69f | 264 | return 0; |
0d7a7864 VC |
265 | ecrdsa: |
266 | ctx->cert->sig->pkey_algo = "ecrdsa"; | |
267 | ctx->cert->sig->encoding = "raw"; | |
8f2a7b51 | 268 | ctx->sig_algo = ctx->last_oid; |
0d7a7864 | 269 | return 0; |
254f84f5 TZ |
270 | sm2: |
271 | ctx->cert->sig->pkey_algo = "sm2"; | |
272 | ctx->cert->sig->encoding = "raw"; | |
8f2a7b51 | 273 | ctx->sig_algo = ctx->last_oid; |
254f84f5 | 274 | return 0; |
299f561a SB |
275 | ecdsa: |
276 | ctx->cert->sig->pkey_algo = "ecdsa"; | |
277 | ctx->cert->sig->encoding = "x962"; | |
8f2a7b51 | 278 | ctx->sig_algo = ctx->last_oid; |
299f561a | 279 | return 0; |
c26fd69f DH |
280 | } |
281 | ||
282 | /* | |
283 | * Note the whereabouts and type of the signature. | |
284 | */ | |
285 | int x509_note_signature(void *context, size_t hdrlen, | |
286 | unsigned char tag, | |
287 | const void *value, size_t vlen) | |
288 | { | |
289 | struct x509_parse_context *ctx = context; | |
290 | ||
8f2a7b51 | 291 | pr_debug("Signature: alg=%u, size=%zu\n", ctx->last_oid, vlen); |
c26fd69f | 292 | |
8f2a7b51 EB |
293 | /* |
294 | * In X.509 certificates, the signature's algorithm is stored in two | |
295 | * places: inside the TBSCertificate (the data that is signed), and | |
296 | * alongside the signature. These *must* match. | |
297 | */ | |
298 | if (ctx->last_oid != ctx->sig_algo) { | |
299 | pr_warn("signatureAlgorithm (%u) differs from tbsCertificate.signature (%u)\n", | |
300 | ctx->last_oid, ctx->sig_algo); | |
c26fd69f DH |
301 | return -EINVAL; |
302 | } | |
303 | ||
0d7a7864 | 304 | if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 || |
254f84f5 | 305 | strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 || |
299f561a SB |
306 | strcmp(ctx->cert->sig->pkey_algo, "sm2") == 0 || |
307 | strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) { | |
b65c32ec MS |
308 | /* Discard the BIT STRING metadata */ |
309 | if (vlen < 1 || *(const u8 *)value != 0) | |
310 | return -EBADMSG; | |
311 | ||
312 | value++; | |
313 | vlen--; | |
314 | } | |
315 | ||
b426beb6 DH |
316 | ctx->cert->raw_sig = value; |
317 | ctx->cert->raw_sig_size = vlen; | |
c26fd69f DH |
318 | return 0; |
319 | } | |
320 | ||
84aabd46 DH |
321 | /* |
322 | * Note the certificate serial number | |
323 | */ | |
324 | int x509_note_serial(void *context, size_t hdrlen, | |
325 | unsigned char tag, | |
326 | const void *value, size_t vlen) | |
327 | { | |
328 | struct x509_parse_context *ctx = context; | |
329 | ctx->cert->raw_serial = value; | |
330 | ctx->cert->raw_serial_size = vlen; | |
331 | return 0; | |
332 | } | |
333 | ||
c26fd69f DH |
334 | /* |
335 | * Note some of the name segments from which we'll fabricate a name. | |
336 | */ | |
337 | int x509_extract_name_segment(void *context, size_t hdrlen, | |
338 | unsigned char tag, | |
339 | const void *value, size_t vlen) | |
340 | { | |
341 | struct x509_parse_context *ctx = context; | |
342 | ||
343 | switch (ctx->last_oid) { | |
344 | case OID_commonName: | |
345 | ctx->cn_size = vlen; | |
346 | ctx->cn_offset = (unsigned long)value - ctx->data; | |
347 | break; | |
348 | case OID_organizationName: | |
349 | ctx->o_size = vlen; | |
350 | ctx->o_offset = (unsigned long)value - ctx->data; | |
351 | break; | |
352 | case OID_email_address: | |
353 | ctx->email_size = vlen; | |
354 | ctx->email_offset = (unsigned long)value - ctx->data; | |
355 | break; | |
356 | default: | |
357 | break; | |
358 | } | |
359 | ||
360 | return 0; | |
361 | } | |
362 | ||
363 | /* | |
364 | * Fabricate and save the issuer and subject names | |
365 | */ | |
366 | static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen, | |
367 | unsigned char tag, | |
368 | char **_name, size_t vlen) | |
369 | { | |
370 | const void *name, *data = (const void *)ctx->data; | |
371 | size_t namesize; | |
372 | char *buffer; | |
373 | ||
374 | if (*_name) | |
375 | return -EINVAL; | |
376 | ||
377 | /* Empty name string if no material */ | |
378 | if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { | |
379 | buffer = kmalloc(1, GFP_KERNEL); | |
380 | if (!buffer) | |
381 | return -ENOMEM; | |
382 | buffer[0] = 0; | |
383 | goto done; | |
384 | } | |
385 | ||
386 | if (ctx->cn_size && ctx->o_size) { | |
387 | /* Consider combining O and CN, but use only the CN if it is | |
388 | * prefixed by the O, or a significant portion thereof. | |
389 | */ | |
390 | namesize = ctx->cn_size; | |
391 | name = data + ctx->cn_offset; | |
392 | if (ctx->cn_size >= ctx->o_size && | |
393 | memcmp(data + ctx->cn_offset, data + ctx->o_offset, | |
394 | ctx->o_size) == 0) | |
395 | goto single_component; | |
396 | if (ctx->cn_size >= 7 && | |
397 | ctx->o_size >= 7 && | |
398 | memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0) | |
399 | goto single_component; | |
400 | ||
401 | buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1, | |
402 | GFP_KERNEL); | |
403 | if (!buffer) | |
404 | return -ENOMEM; | |
405 | ||
406 | memcpy(buffer, | |
407 | data + ctx->o_offset, ctx->o_size); | |
408 | buffer[ctx->o_size + 0] = ':'; | |
409 | buffer[ctx->o_size + 1] = ' '; | |
410 | memcpy(buffer + ctx->o_size + 2, | |
411 | data + ctx->cn_offset, ctx->cn_size); | |
412 | buffer[ctx->o_size + 2 + ctx->cn_size] = 0; | |
413 | goto done; | |
414 | ||
415 | } else if (ctx->cn_size) { | |
416 | namesize = ctx->cn_size; | |
417 | name = data + ctx->cn_offset; | |
418 | } else if (ctx->o_size) { | |
419 | namesize = ctx->o_size; | |
420 | name = data + ctx->o_offset; | |
421 | } else { | |
422 | namesize = ctx->email_size; | |
423 | name = data + ctx->email_offset; | |
424 | } | |
425 | ||
426 | single_component: | |
427 | buffer = kmalloc(namesize + 1, GFP_KERNEL); | |
428 | if (!buffer) | |
429 | return -ENOMEM; | |
430 | memcpy(buffer, name, namesize); | |
431 | buffer[namesize] = 0; | |
432 | ||
433 | done: | |
434 | *_name = buffer; | |
435 | ctx->cn_size = 0; | |
436 | ctx->o_size = 0; | |
437 | ctx->email_size = 0; | |
438 | return 0; | |
439 | } | |
440 | ||
441 | int x509_note_issuer(void *context, size_t hdrlen, | |
442 | unsigned char tag, | |
443 | const void *value, size_t vlen) | |
444 | { | |
445 | struct x509_parse_context *ctx = context; | |
7d30198e AZ |
446 | struct asymmetric_key_id *kid; |
447 | ||
84aabd46 DH |
448 | ctx->cert->raw_issuer = value; |
449 | ctx->cert->raw_issuer_size = vlen; | |
7d30198e AZ |
450 | |
451 | if (!ctx->cert->sig->auth_ids[2]) { | |
452 | kid = asymmetric_key_generate_id(value, vlen, "", 0); | |
453 | if (IS_ERR(kid)) | |
454 | return PTR_ERR(kid); | |
455 | ctx->cert->sig->auth_ids[2] = kid; | |
456 | } | |
457 | ||
c26fd69f DH |
458 | return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen); |
459 | } | |
460 | ||
461 | int x509_note_subject(void *context, size_t hdrlen, | |
462 | unsigned char tag, | |
463 | const void *value, size_t vlen) | |
464 | { | |
465 | struct x509_parse_context *ctx = context; | |
84aabd46 DH |
466 | ctx->cert->raw_subject = value; |
467 | ctx->cert->raw_subject_size = vlen; | |
c26fd69f DH |
468 | return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen); |
469 | } | |
470 | ||
f1774cb8 VC |
471 | /* |
472 | * Extract the parameters for the public key | |
473 | */ | |
474 | int x509_note_params(void *context, size_t hdrlen, | |
475 | unsigned char tag, | |
476 | const void *value, size_t vlen) | |
477 | { | |
478 | struct x509_parse_context *ctx = context; | |
479 | ||
480 | /* | |
481 | * AlgorithmIdentifier is used three times in the x509, we should skip | |
482 | * first and ignore third, using second one which is after subject and | |
483 | * before subjectPublicKey. | |
484 | */ | |
485 | if (!ctx->cert->raw_subject || ctx->key) | |
486 | return 0; | |
487 | ctx->params = value - hdrlen; | |
488 | ctx->params_size = vlen + hdrlen; | |
489 | return 0; | |
490 | } | |
491 | ||
c26fd69f DH |
492 | /* |
493 | * Extract the data for the public key algorithm | |
494 | */ | |
495 | int x509_extract_key_data(void *context, size_t hdrlen, | |
496 | unsigned char tag, | |
497 | const void *value, size_t vlen) | |
498 | { | |
499 | struct x509_parse_context *ctx = context; | |
d1a303e8 | 500 | enum OID oid; |
c26fd69f | 501 | |
0d7a7864 | 502 | ctx->key_algo = ctx->last_oid; |
254f84f5 TZ |
503 | switch (ctx->last_oid) { |
504 | case OID_rsaEncryption: | |
0d7a7864 | 505 | ctx->cert->pub->pkey_algo = "rsa"; |
254f84f5 TZ |
506 | break; |
507 | case OID_gost2012PKey256: | |
508 | case OID_gost2012PKey512: | |
0d7a7864 | 509 | ctx->cert->pub->pkey_algo = "ecrdsa"; |
254f84f5 | 510 | break; |
74ad4334 TZ |
511 | case OID_sm2: |
512 | ctx->cert->pub->pkey_algo = "sm2"; | |
513 | break; | |
254f84f5 | 514 | case OID_id_ecPublicKey: |
d1a303e8 SB |
515 | if (parse_OID(ctx->params, ctx->params_size, &oid) != 0) |
516 | return -EBADMSG; | |
517 | ||
518 | switch (oid) { | |
519 | case OID_sm2: | |
520 | ctx->cert->pub->pkey_algo = "sm2"; | |
521 | break; | |
299f561a SB |
522 | case OID_id_prime192v1: |
523 | ctx->cert->pub->pkey_algo = "ecdsa-nist-p192"; | |
524 | break; | |
525 | case OID_id_prime256v1: | |
526 | ctx->cert->pub->pkey_algo = "ecdsa-nist-p256"; | |
527 | break; | |
2a8e6154 SA |
528 | case OID_id_ansip384r1: |
529 | ctx->cert->pub->pkey_algo = "ecdsa-nist-p384"; | |
530 | break; | |
d1a303e8 SB |
531 | default: |
532 | return -ENOPKG; | |
533 | } | |
254f84f5 TZ |
534 | break; |
535 | default: | |
c26fd69f | 536 | return -ENOPKG; |
254f84f5 | 537 | } |
c26fd69f | 538 | |
67f7d60b | 539 | /* Discard the BIT STRING metadata */ |
0f30cbea EB |
540 | if (vlen < 1 || *(const u8 *)value != 0) |
541 | return -EBADMSG; | |
c26fd69f DH |
542 | ctx->key = value + 1; |
543 | ctx->key_size = vlen - 1; | |
544 | return 0; | |
545 | } | |
546 | ||
04b00bdb CYL |
547 | /* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */ |
548 | #define SEQ_TAG_KEYID (ASN1_CONT << 6) | |
549 | ||
c26fd69f DH |
550 | /* |
551 | * Process certificate extensions that are used to qualify the certificate. | |
552 | */ | |
553 | int x509_process_extension(void *context, size_t hdrlen, | |
554 | unsigned char tag, | |
555 | const void *value, size_t vlen) | |
556 | { | |
557 | struct x509_parse_context *ctx = context; | |
46963b77 | 558 | struct asymmetric_key_id *kid; |
c26fd69f | 559 | const unsigned char *v = value; |
c26fd69f DH |
560 | |
561 | pr_debug("Extension: %u\n", ctx->last_oid); | |
562 | ||
563 | if (ctx->last_oid == OID_subjectKeyIdentifier) { | |
564 | /* Get hold of the key fingerprint */ | |
46963b77 | 565 | if (ctx->cert->skid || vlen < 3) |
c26fd69f DH |
566 | return -EBADMSG; |
567 | if (v[0] != ASN1_OTS || v[1] != vlen - 2) | |
568 | return -EBADMSG; | |
569 | v += 2; | |
570 | vlen -= 2; | |
571 | ||
dd2f6c44 DH |
572 | ctx->cert->raw_skid_size = vlen; |
573 | ctx->cert->raw_skid = v; | |
a4c6e57f | 574 | kid = asymmetric_key_generate_id(v, vlen, "", 0); |
46963b77 DH |
575 | if (IS_ERR(kid)) |
576 | return PTR_ERR(kid); | |
577 | ctx->cert->skid = kid; | |
578 | pr_debug("subjkeyid %*phN\n", kid->len, kid->data); | |
c26fd69f DH |
579 | return 0; |
580 | } | |
581 | ||
56767128 ES |
582 | if (ctx->last_oid == OID_keyUsage) { |
583 | /* | |
584 | * Get hold of the keyUsage bit string | |
585 | * v[1] is the encoding size | |
586 | * (Expect either 0x02 or 0x03, making it 1 or 2 bytes) | |
587 | * v[2] is the number of unused bits in the bit string | |
588 | * (If >= 3 keyCertSign is missing when v[1] = 0x02) | |
589 | * v[3] and possibly v[4] contain the bit string | |
590 | * | |
591 | * From RFC 5280 4.2.1.3: | |
592 | * 0x04 is where keyCertSign lands in this bit string | |
593 | * 0x80 is where digitalSignature lands in this bit string | |
594 | */ | |
595 | if (v[0] != ASN1_BTS) | |
596 | return -EBADMSG; | |
597 | if (vlen < 4) | |
598 | return -EBADMSG; | |
599 | if (v[2] >= 8) | |
600 | return -EBADMSG; | |
601 | if (v[3] & 0x80) | |
602 | ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_DIGITALSIG; | |
603 | if (v[1] == 0x02 && v[2] <= 2 && (v[3] & 0x04)) | |
604 | ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN; | |
605 | else if (vlen > 4 && v[1] == 0x03 && (v[3] & 0x04)) | |
606 | ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN; | |
607 | return 0; | |
608 | } | |
609 | ||
c26fd69f DH |
610 | if (ctx->last_oid == OID_authorityKeyIdentifier) { |
611 | /* Get hold of the CA key fingerprint */ | |
b92e6570 DH |
612 | ctx->raw_akid = v; |
613 | ctx->raw_akid_size = vlen; | |
c26fd69f DH |
614 | return 0; |
615 | } | |
616 | ||
30eae2b0 ES |
617 | if (ctx->last_oid == OID_basicConstraints) { |
618 | /* | |
619 | * Get hold of the basicConstraints | |
620 | * v[1] is the encoding size | |
621 | * (Expect 0x2 or greater, making it 1 or more bytes) | |
622 | * v[2] is the encoding type | |
623 | * (Expect an ASN1_BOOL for the CA) | |
624 | * v[3] is the contents of the ASN1_BOOL | |
625 | * (Expect 1 if the CA is TRUE) | |
626 | * vlen should match the entire extension size | |
627 | */ | |
628 | if (v[0] != (ASN1_CONS_BIT | ASN1_SEQ)) | |
629 | return -EBADMSG; | |
630 | if (vlen < 2) | |
631 | return -EBADMSG; | |
632 | if (v[1] != vlen - 2) | |
633 | return -EBADMSG; | |
634 | if (vlen >= 4 && v[1] != 0 && v[2] == ASN1_BOOL && v[3] == 1) | |
635 | ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_CA; | |
636 | return 0; | |
637 | } | |
638 | ||
c26fd69f DH |
639 | return 0; |
640 | } | |
641 | ||
fd19a3d1 DH |
642 | /** |
643 | * x509_decode_time - Decode an X.509 time ASN.1 object | |
644 | * @_t: The time to fill in | |
645 | * @hdrlen: The length of the object header | |
646 | * @tag: The object tag | |
647 | * @value: The object value | |
648 | * @vlen: The size of the object value | |
649 | * | |
650 | * Decode an ASN.1 universal time or generalised time field into a struct the | |
651 | * kernel can handle and check it for validity. The time is decoded thus: | |
652 | * | |
653 | * [RFC5280 ยง4.1.2.5] | |
654 | * CAs conforming to this profile MUST always encode certificate validity | |
655 | * dates through the year 2049 as UTCTime; certificate validity dates in | |
656 | * 2050 or later MUST be encoded as GeneralizedTime. Conforming | |
657 | * applications MUST be able to process validity dates that are encoded in | |
658 | * either UTCTime or GeneralizedTime. | |
c26fd69f | 659 | */ |
fd19a3d1 DH |
660 | int x509_decode_time(time64_t *_t, size_t hdrlen, |
661 | unsigned char tag, | |
662 | const unsigned char *value, size_t vlen) | |
c26fd69f | 663 | { |
ac4cbedf | 664 | static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30, |
fd19a3d1 | 665 | 31, 31, 30, 31, 30, 31 }; |
c26fd69f | 666 | const unsigned char *p = value; |
fd19a3d1 | 667 | unsigned year, mon, day, hour, min, sec, mon_len; |
c26fd69f | 668 | |
fd19a3d1 | 669 | #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; }) |
c26fd69f DH |
670 | #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; }) |
671 | ||
672 | if (tag == ASN1_UNITIM) { | |
673 | /* UTCTime: YYMMDDHHMMSSZ */ | |
674 | if (vlen != 13) | |
675 | goto unsupported_time; | |
fd19a3d1 DH |
676 | year = DD2bin(p); |
677 | if (year >= 50) | |
678 | year += 1900; | |
c26fd69f | 679 | else |
fd19a3d1 | 680 | year += 2000; |
c26fd69f DH |
681 | } else if (tag == ASN1_GENTIM) { |
682 | /* GenTime: YYYYMMDDHHMMSSZ */ | |
683 | if (vlen != 15) | |
684 | goto unsupported_time; | |
fd19a3d1 DH |
685 | year = DD2bin(p) * 100 + DD2bin(p); |
686 | if (year >= 1950 && year <= 2049) | |
687 | goto invalid_time; | |
c26fd69f DH |
688 | } else { |
689 | goto unsupported_time; | |
690 | } | |
691 | ||
fd19a3d1 DH |
692 | mon = DD2bin(p); |
693 | day = DD2bin(p); | |
694 | hour = DD2bin(p); | |
695 | min = DD2bin(p); | |
696 | sec = DD2bin(p); | |
c26fd69f DH |
697 | |
698 | if (*p != 'Z') | |
699 | goto unsupported_time; | |
700 | ||
cc25b994 DH |
701 | if (year < 1970 || |
702 | mon < 1 || mon > 12) | |
703 | goto invalid_time; | |
704 | ||
705 | mon_len = month_lengths[mon - 1]; | |
fd19a3d1 DH |
706 | if (mon == 2) { |
707 | if (year % 4 == 0) { | |
708 | mon_len = 29; | |
709 | if (year % 100 == 0) { | |
ac4cbedf DH |
710 | mon_len = 28; |
711 | if (year % 400 == 0) | |
712 | mon_len = 29; | |
fd19a3d1 DH |
713 | } |
714 | } | |
715 | } | |
716 | ||
cc25b994 | 717 | if (day < 1 || day > mon_len || |
7650cb80 | 718 | hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */ |
4dd17c9c | 719 | min > 59 || |
da02559c | 720 | sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */ |
fd19a3d1 | 721 | goto invalid_time; |
cc25b994 | 722 | |
fd19a3d1 | 723 | *_t = mktime64(year, mon, day, hour, min, sec); |
c26fd69f DH |
724 | return 0; |
725 | ||
726 | unsupported_time: | |
fd19a3d1 DH |
727 | pr_debug("Got unsupported time [tag %02x]: '%*phN'\n", |
728 | tag, (int)vlen, value); | |
729 | return -EBADMSG; | |
730 | invalid_time: | |
731 | pr_debug("Got invalid time [tag %02x]: '%*phN'\n", | |
732 | tag, (int)vlen, value); | |
c26fd69f DH |
733 | return -EBADMSG; |
734 | } | |
fd19a3d1 | 735 | EXPORT_SYMBOL_GPL(x509_decode_time); |
c26fd69f DH |
736 | |
737 | int x509_note_not_before(void *context, size_t hdrlen, | |
738 | unsigned char tag, | |
739 | const void *value, size_t vlen) | |
740 | { | |
741 | struct x509_parse_context *ctx = context; | |
fd19a3d1 | 742 | return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); |
c26fd69f DH |
743 | } |
744 | ||
745 | int x509_note_not_after(void *context, size_t hdrlen, | |
746 | unsigned char tag, | |
747 | const void *value, size_t vlen) | |
748 | { | |
749 | struct x509_parse_context *ctx = context; | |
fd19a3d1 | 750 | return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); |
c26fd69f | 751 | } |
b92e6570 DH |
752 | |
753 | /* | |
754 | * Note a key identifier-based AuthorityKeyIdentifier | |
755 | */ | |
756 | int x509_akid_note_kid(void *context, size_t hdrlen, | |
757 | unsigned char tag, | |
758 | const void *value, size_t vlen) | |
759 | { | |
760 | struct x509_parse_context *ctx = context; | |
761 | struct asymmetric_key_id *kid; | |
762 | ||
763 | pr_debug("AKID: keyid: %*phN\n", (int)vlen, value); | |
764 | ||
77d0910d | 765 | if (ctx->cert->sig->auth_ids[1]) |
b92e6570 DH |
766 | return 0; |
767 | ||
a4c6e57f | 768 | kid = asymmetric_key_generate_id(value, vlen, "", 0); |
b92e6570 DH |
769 | if (IS_ERR(kid)) |
770 | return PTR_ERR(kid); | |
771 | pr_debug("authkeyid %*phN\n", kid->len, kid->data); | |
77d0910d | 772 | ctx->cert->sig->auth_ids[1] = kid; |
b92e6570 DH |
773 | return 0; |
774 | } | |
775 | ||
776 | /* | |
777 | * Note a directoryName in an AuthorityKeyIdentifier | |
778 | */ | |
779 | int x509_akid_note_name(void *context, size_t hdrlen, | |
780 | unsigned char tag, | |
781 | const void *value, size_t vlen) | |
782 | { | |
783 | struct x509_parse_context *ctx = context; | |
784 | ||
785 | pr_debug("AKID: name: %*phN\n", (int)vlen, value); | |
786 | ||
787 | ctx->akid_raw_issuer = value; | |
788 | ctx->akid_raw_issuer_size = vlen; | |
789 | return 0; | |
790 | } | |
791 | ||
792 | /* | |
793 | * Note a serial number in an AuthorityKeyIdentifier | |
794 | */ | |
795 | int x509_akid_note_serial(void *context, size_t hdrlen, | |
796 | unsigned char tag, | |
797 | const void *value, size_t vlen) | |
798 | { | |
799 | struct x509_parse_context *ctx = context; | |
800 | struct asymmetric_key_id *kid; | |
801 | ||
802 | pr_debug("AKID: serial: %*phN\n", (int)vlen, value); | |
803 | ||
77d0910d | 804 | if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0]) |
b92e6570 DH |
805 | return 0; |
806 | ||
807 | kid = asymmetric_key_generate_id(value, | |
808 | vlen, | |
809 | ctx->akid_raw_issuer, | |
810 | ctx->akid_raw_issuer_size); | |
811 | if (IS_ERR(kid)) | |
812 | return PTR_ERR(kid); | |
813 | ||
814 | pr_debug("authkeyid %*phN\n", kid->len, kid->data); | |
77d0910d | 815 | ctx->cert->sig->auth_ids[0] = kid; |
b92e6570 DH |
816 | return 0; |
817 | } |