1 /* X.509 certificate parser 2 * 3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) "X.509: "fmt 13 #include <linux/kernel.h> 14 #include <linux/export.h> 15 #include <linux/slab.h> 16 #include <linux/err.h> 17 #include <linux/oid_registry.h> 18 #include <crypto/public_key.h> 19 #include "x509_parser.h" 20 #include "x509-asn1.h" 21 #include "x509_akid-asn1.h" 22 23 struct x509_parse_context { 24 struct x509_certificate *cert; /* Certificate being constructed */ 25 unsigned long data; /* Start of data */ 26 const void *cert_start; /* Start of cert content */ 27 const void *key; /* Key data */ 28 size_t key_size; /* Size of key data */ 29 enum OID last_oid; /* Last OID encountered */ 30 enum OID algo_oid; /* Algorithm OID */ 31 unsigned char nr_mpi; /* Number of MPIs stored */ 32 u8 o_size; /* Size of organizationName (O) */ 33 u8 cn_size; /* Size of commonName (CN) */ 34 u8 email_size; /* Size of emailAddress */ 35 u16 o_offset; /* Offset of organizationName (O) */ 36 u16 cn_offset; /* Offset of commonName (CN) */ 37 u16 email_offset; /* Offset of emailAddress */ 38 unsigned raw_akid_size; 39 const void *raw_akid; /* Raw authorityKeyId in ASN.1 */ 40 const void *akid_raw_issuer; /* Raw directoryName in authorityKeyId */ 41 unsigned akid_raw_issuer_size; 42 }; 43 44 /* 45 * Free an X.509 certificate 46 */ 47 void x509_free_certificate(struct x509_certificate *cert) 48 { 49 if (cert) { 50 public_key_free(cert->pub); 51 public_key_signature_free(cert->sig); 52 kfree(cert->issuer); 53 kfree(cert->subject); 54 kfree(cert->id); 55 kfree(cert->skid); 56 kfree(cert); 57 } 58 } 59 EXPORT_SYMBOL_GPL(x509_free_certificate); 60 61 /* 62 * Parse an X.509 certificate 63 */ 64 struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) 65 { 66 struct x509_certificate *cert; 67 struct x509_parse_context *ctx; 68 struct asymmetric_key_id *kid; 69 long ret; 70 71 ret = -ENOMEM; 72 cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL); 73 if (!cert) 74 goto error_no_cert; 75 cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); 76 if (!cert->pub) 77 goto error_no_ctx; 78 cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL); 79 if (!cert->sig) 80 goto error_no_ctx; 81 ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL); 82 if (!ctx) 83 goto error_no_ctx; 84 85 ctx->cert = cert; 86 ctx->data = (unsigned long)data; 87 88 /* Attempt to decode the certificate */ 89 ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen); 90 if (ret < 0) 91 goto error_decode; 92 93 /* Decode the AuthorityKeyIdentifier */ 94 if (ctx->raw_akid) { 95 pr_devel("AKID: %u %*phN\n", 96 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid); 97 ret = asn1_ber_decoder(&x509_akid_decoder, ctx, 98 ctx->raw_akid, ctx->raw_akid_size); 99 if (ret < 0) { 100 pr_warn("Couldn't decode AuthKeyIdentifier\n"); 101 goto error_decode; 102 } 103 } 104 105 ret = -ENOMEM; 106 cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL); 107 if (!cert->pub->key) 108 goto error_decode; 109 110 cert->pub->keylen = ctx->key_size; 111 112 /* Grab the signature bits */ 113 ret = x509_get_sig_params(cert); 114 if (ret < 0) 115 goto error_decode; 116 117 /* Generate cert issuer + serial number key ID */ 118 kid = asymmetric_key_generate_id(cert->raw_serial, 119 cert->raw_serial_size, 120 cert->raw_issuer, 121 cert->raw_issuer_size); 122 if (IS_ERR(kid)) { 123 ret = PTR_ERR(kid); 124 goto error_decode; 125 } 126 cert->id = kid; 127 128 /* Detect self-signed certificates */ 129 ret = x509_check_for_self_signed(cert); 130 if (ret < 0) 131 goto error_decode; 132 133 kfree(ctx); 134 return cert; 135 136 error_decode: 137 kfree(ctx); 138 error_no_ctx: 139 x509_free_certificate(cert); 140 error_no_cert: 141 return ERR_PTR(ret); 142 } 143 EXPORT_SYMBOL_GPL(x509_cert_parse); 144 145 /* 146 * Note an OID when we find one for later processing when we know how 147 * to interpret it. 148 */ 149 int x509_note_OID(void *context, size_t hdrlen, 150 unsigned char tag, 151 const void *value, size_t vlen) 152 { 153 struct x509_parse_context *ctx = context; 154 155 ctx->last_oid = look_up_OID(value, vlen); 156 if (ctx->last_oid == OID__NR) { 157 char buffer[50]; 158 sprint_oid(value, vlen, buffer, sizeof(buffer)); 159 pr_debug("Unknown OID: [%lu] %s\n", 160 (unsigned long)value - ctx->data, buffer); 161 } 162 return 0; 163 } 164 165 /* 166 * Save the position of the TBS data so that we can check the signature over it 167 * later. 168 */ 169 int x509_note_tbs_certificate(void *context, size_t hdrlen, 170 unsigned char tag, 171 const void *value, size_t vlen) 172 { 173 struct x509_parse_context *ctx = context; 174 175 pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n", 176 hdrlen, tag, (unsigned long)value - ctx->data, vlen); 177 178 ctx->cert->tbs = value - hdrlen; 179 ctx->cert->tbs_size = vlen + hdrlen; 180 return 0; 181 } 182 183 /* 184 * Record the public key algorithm 185 */ 186 int x509_note_pkey_algo(void *context, size_t hdrlen, 187 unsigned char tag, 188 const void *value, size_t vlen) 189 { 190 struct x509_parse_context *ctx = context; 191 192 pr_debug("PubKey Algo: %u\n", ctx->last_oid); 193 194 switch (ctx->last_oid) { 195 case OID_md2WithRSAEncryption: 196 case OID_md3WithRSAEncryption: 197 default: 198 return -ENOPKG; /* Unsupported combination */ 199 200 case OID_md4WithRSAEncryption: 201 ctx->cert->sig->hash_algo = "md4"; 202 ctx->cert->sig->pkey_algo = "rsa"; 203 break; 204 205 case OID_sha1WithRSAEncryption: 206 ctx->cert->sig->hash_algo = "sha1"; 207 ctx->cert->sig->pkey_algo = "rsa"; 208 break; 209 210 case OID_sha256WithRSAEncryption: 211 ctx->cert->sig->hash_algo = "sha256"; 212 ctx->cert->sig->pkey_algo = "rsa"; 213 break; 214 215 case OID_sha384WithRSAEncryption: 216 ctx->cert->sig->hash_algo = "sha384"; 217 ctx->cert->sig->pkey_algo = "rsa"; 218 break; 219 220 case OID_sha512WithRSAEncryption: 221 ctx->cert->sig->hash_algo = "sha512"; 222 ctx->cert->sig->pkey_algo = "rsa"; 223 break; 224 225 case OID_sha224WithRSAEncryption: 226 ctx->cert->sig->hash_algo = "sha224"; 227 ctx->cert->sig->pkey_algo = "rsa"; 228 break; 229 } 230 231 ctx->algo_oid = ctx->last_oid; 232 return 0; 233 } 234 235 /* 236 * Note the whereabouts and type of the signature. 237 */ 238 int x509_note_signature(void *context, size_t hdrlen, 239 unsigned char tag, 240 const void *value, size_t vlen) 241 { 242 struct x509_parse_context *ctx = context; 243 244 pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen); 245 246 if (ctx->last_oid != ctx->algo_oid) { 247 pr_warn("Got cert with pkey (%u) and sig (%u) algorithm OIDs\n", 248 ctx->algo_oid, ctx->last_oid); 249 return -EINVAL; 250 } 251 252 ctx->cert->raw_sig = value; 253 ctx->cert->raw_sig_size = vlen; 254 return 0; 255 } 256 257 /* 258 * Note the certificate serial number 259 */ 260 int x509_note_serial(void *context, size_t hdrlen, 261 unsigned char tag, 262 const void *value, size_t vlen) 263 { 264 struct x509_parse_context *ctx = context; 265 ctx->cert->raw_serial = value; 266 ctx->cert->raw_serial_size = vlen; 267 return 0; 268 } 269 270 /* 271 * Note some of the name segments from which we'll fabricate a name. 272 */ 273 int x509_extract_name_segment(void *context, size_t hdrlen, 274 unsigned char tag, 275 const void *value, size_t vlen) 276 { 277 struct x509_parse_context *ctx = context; 278 279 switch (ctx->last_oid) { 280 case OID_commonName: 281 ctx->cn_size = vlen; 282 ctx->cn_offset = (unsigned long)value - ctx->data; 283 break; 284 case OID_organizationName: 285 ctx->o_size = vlen; 286 ctx->o_offset = (unsigned long)value - ctx->data; 287 break; 288 case OID_email_address: 289 ctx->email_size = vlen; 290 ctx->email_offset = (unsigned long)value - ctx->data; 291 break; 292 default: 293 break; 294 } 295 296 return 0; 297 } 298 299 /* 300 * Fabricate and save the issuer and subject names 301 */ 302 static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen, 303 unsigned char tag, 304 char **_name, size_t vlen) 305 { 306 const void *name, *data = (const void *)ctx->data; 307 size_t namesize; 308 char *buffer; 309 310 if (*_name) 311 return -EINVAL; 312 313 /* Empty name string if no material */ 314 if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { 315 buffer = kmalloc(1, GFP_KERNEL); 316 if (!buffer) 317 return -ENOMEM; 318 buffer[0] = 0; 319 goto done; 320 } 321 322 if (ctx->cn_size && ctx->o_size) { 323 /* Consider combining O and CN, but use only the CN if it is 324 * prefixed by the O, or a significant portion thereof. 325 */ 326 namesize = ctx->cn_size; 327 name = data + ctx->cn_offset; 328 if (ctx->cn_size >= ctx->o_size && 329 memcmp(data + ctx->cn_offset, data + ctx->o_offset, 330 ctx->o_size) == 0) 331 goto single_component; 332 if (ctx->cn_size >= 7 && 333 ctx->o_size >= 7 && 334 memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0) 335 goto single_component; 336 337 buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1, 338 GFP_KERNEL); 339 if (!buffer) 340 return -ENOMEM; 341 342 memcpy(buffer, 343 data + ctx->o_offset, ctx->o_size); 344 buffer[ctx->o_size + 0] = ':'; 345 buffer[ctx->o_size + 1] = ' '; 346 memcpy(buffer + ctx->o_size + 2, 347 data + ctx->cn_offset, ctx->cn_size); 348 buffer[ctx->o_size + 2 + ctx->cn_size] = 0; 349 goto done; 350 351 } else if (ctx->cn_size) { 352 namesize = ctx->cn_size; 353 name = data + ctx->cn_offset; 354 } else if (ctx->o_size) { 355 namesize = ctx->o_size; 356 name = data + ctx->o_offset; 357 } else { 358 namesize = ctx->email_size; 359 name = data + ctx->email_offset; 360 } 361 362 single_component: 363 buffer = kmalloc(namesize + 1, GFP_KERNEL); 364 if (!buffer) 365 return -ENOMEM; 366 memcpy(buffer, name, namesize); 367 buffer[namesize] = 0; 368 369 done: 370 *_name = buffer; 371 ctx->cn_size = 0; 372 ctx->o_size = 0; 373 ctx->email_size = 0; 374 return 0; 375 } 376 377 int x509_note_issuer(void *context, size_t hdrlen, 378 unsigned char tag, 379 const void *value, size_t vlen) 380 { 381 struct x509_parse_context *ctx = context; 382 ctx->cert->raw_issuer = value; 383 ctx->cert->raw_issuer_size = vlen; 384 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen); 385 } 386 387 int x509_note_subject(void *context, size_t hdrlen, 388 unsigned char tag, 389 const void *value, size_t vlen) 390 { 391 struct x509_parse_context *ctx = context; 392 ctx->cert->raw_subject = value; 393 ctx->cert->raw_subject_size = vlen; 394 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen); 395 } 396 397 /* 398 * Extract the data for the public key algorithm 399 */ 400 int x509_extract_key_data(void *context, size_t hdrlen, 401 unsigned char tag, 402 const void *value, size_t vlen) 403 { 404 struct x509_parse_context *ctx = context; 405 406 if (ctx->last_oid != OID_rsaEncryption) 407 return -ENOPKG; 408 409 ctx->cert->pub->pkey_algo = "rsa"; 410 411 /* Discard the BIT STRING metadata */ 412 if (vlen < 1 || *(const u8 *)value != 0) 413 return -EBADMSG; 414 ctx->key = value + 1; 415 ctx->key_size = vlen - 1; 416 return 0; 417 } 418 419 /* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */ 420 #define SEQ_TAG_KEYID (ASN1_CONT << 6) 421 422 /* 423 * Process certificate extensions that are used to qualify the certificate. 424 */ 425 int x509_process_extension(void *context, size_t hdrlen, 426 unsigned char tag, 427 const void *value, size_t vlen) 428 { 429 struct x509_parse_context *ctx = context; 430 struct asymmetric_key_id *kid; 431 const unsigned char *v = value; 432 433 pr_debug("Extension: %u\n", ctx->last_oid); 434 435 if (ctx->last_oid == OID_subjectKeyIdentifier) { 436 /* Get hold of the key fingerprint */ 437 if (ctx->cert->skid || vlen < 3) 438 return -EBADMSG; 439 if (v[0] != ASN1_OTS || v[1] != vlen - 2) 440 return -EBADMSG; 441 v += 2; 442 vlen -= 2; 443 444 ctx->cert->raw_skid_size = vlen; 445 ctx->cert->raw_skid = v; 446 kid = asymmetric_key_generate_id(v, vlen, "", 0); 447 if (IS_ERR(kid)) 448 return PTR_ERR(kid); 449 ctx->cert->skid = kid; 450 pr_debug("subjkeyid %*phN\n", kid->len, kid->data); 451 return 0; 452 } 453 454 if (ctx->last_oid == OID_authorityKeyIdentifier) { 455 /* Get hold of the CA key fingerprint */ 456 ctx->raw_akid = v; 457 ctx->raw_akid_size = vlen; 458 return 0; 459 } 460 461 return 0; 462 } 463 464 /** 465 * x509_decode_time - Decode an X.509 time ASN.1 object 466 * @_t: The time to fill in 467 * @hdrlen: The length of the object header 468 * @tag: The object tag 469 * @value: The object value 470 * @vlen: The size of the object value 471 * 472 * Decode an ASN.1 universal time or generalised time field into a struct the 473 * kernel can handle and check it for validity. The time is decoded thus: 474 * 475 * [RFC5280 §4.1.2.5] 476 * CAs conforming to this profile MUST always encode certificate validity 477 * dates through the year 2049 as UTCTime; certificate validity dates in 478 * 2050 or later MUST be encoded as GeneralizedTime. Conforming 479 * applications MUST be able to process validity dates that are encoded in 480 * either UTCTime or GeneralizedTime. 481 */ 482 int x509_decode_time(time64_t *_t, size_t hdrlen, 483 unsigned char tag, 484 const unsigned char *value, size_t vlen) 485 { 486 static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30, 487 31, 31, 30, 31, 30, 31 }; 488 const unsigned char *p = value; 489 unsigned year, mon, day, hour, min, sec, mon_len; 490 491 #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; }) 492 #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; }) 493 494 if (tag == ASN1_UNITIM) { 495 /* UTCTime: YYMMDDHHMMSSZ */ 496 if (vlen != 13) 497 goto unsupported_time; 498 year = DD2bin(p); 499 if (year >= 50) 500 year += 1900; 501 else 502 year += 2000; 503 } else if (tag == ASN1_GENTIM) { 504 /* GenTime: YYYYMMDDHHMMSSZ */ 505 if (vlen != 15) 506 goto unsupported_time; 507 year = DD2bin(p) * 100 + DD2bin(p); 508 if (year >= 1950 && year <= 2049) 509 goto invalid_time; 510 } else { 511 goto unsupported_time; 512 } 513 514 mon = DD2bin(p); 515 day = DD2bin(p); 516 hour = DD2bin(p); 517 min = DD2bin(p); 518 sec = DD2bin(p); 519 520 if (*p != 'Z') 521 goto unsupported_time; 522 523 if (year < 1970 || 524 mon < 1 || mon > 12) 525 goto invalid_time; 526 527 mon_len = month_lengths[mon - 1]; 528 if (mon == 2) { 529 if (year % 4 == 0) { 530 mon_len = 29; 531 if (year % 100 == 0) { 532 mon_len = 28; 533 if (year % 400 == 0) 534 mon_len = 29; 535 } 536 } 537 } 538 539 if (day < 1 || day > mon_len || 540 hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */ 541 min > 59 || 542 sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */ 543 goto invalid_time; 544 545 *_t = mktime64(year, mon, day, hour, min, sec); 546 return 0; 547 548 unsupported_time: 549 pr_debug("Got unsupported time [tag %02x]: '%*phN'\n", 550 tag, (int)vlen, value); 551 return -EBADMSG; 552 invalid_time: 553 pr_debug("Got invalid time [tag %02x]: '%*phN'\n", 554 tag, (int)vlen, value); 555 return -EBADMSG; 556 } 557 EXPORT_SYMBOL_GPL(x509_decode_time); 558 559 int x509_note_not_before(void *context, size_t hdrlen, 560 unsigned char tag, 561 const void *value, size_t vlen) 562 { 563 struct x509_parse_context *ctx = context; 564 return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); 565 } 566 567 int x509_note_not_after(void *context, size_t hdrlen, 568 unsigned char tag, 569 const void *value, size_t vlen) 570 { 571 struct x509_parse_context *ctx = context; 572 return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); 573 } 574 575 /* 576 * Note a key identifier-based AuthorityKeyIdentifier 577 */ 578 int x509_akid_note_kid(void *context, size_t hdrlen, 579 unsigned char tag, 580 const void *value, size_t vlen) 581 { 582 struct x509_parse_context *ctx = context; 583 struct asymmetric_key_id *kid; 584 585 pr_debug("AKID: keyid: %*phN\n", (int)vlen, value); 586 587 if (ctx->cert->sig->auth_ids[1]) 588 return 0; 589 590 kid = asymmetric_key_generate_id(value, vlen, "", 0); 591 if (IS_ERR(kid)) 592 return PTR_ERR(kid); 593 pr_debug("authkeyid %*phN\n", kid->len, kid->data); 594 ctx->cert->sig->auth_ids[1] = kid; 595 return 0; 596 } 597 598 /* 599 * Note a directoryName in an AuthorityKeyIdentifier 600 */ 601 int x509_akid_note_name(void *context, size_t hdrlen, 602 unsigned char tag, 603 const void *value, size_t vlen) 604 { 605 struct x509_parse_context *ctx = context; 606 607 pr_debug("AKID: name: %*phN\n", (int)vlen, value); 608 609 ctx->akid_raw_issuer = value; 610 ctx->akid_raw_issuer_size = vlen; 611 return 0; 612 } 613 614 /* 615 * Note a serial number in an AuthorityKeyIdentifier 616 */ 617 int x509_akid_note_serial(void *context, size_t hdrlen, 618 unsigned char tag, 619 const void *value, size_t vlen) 620 { 621 struct x509_parse_context *ctx = context; 622 struct asymmetric_key_id *kid; 623 624 pr_debug("AKID: serial: %*phN\n", (int)vlen, value); 625 626 if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0]) 627 return 0; 628 629 kid = asymmetric_key_generate_id(value, 630 vlen, 631 ctx->akid_raw_issuer, 632 ctx->akid_raw_issuer_size); 633 if (IS_ERR(kid)) 634 return PTR_ERR(kid); 635 636 pr_debug("authkeyid %*phN\n", kid->len, kid->data); 637 ctx->cert->sig->auth_ids[0] = kid; 638 return 0; 639 } 640