1 /* X.509 certificate parser 2 * 3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) "X.509: "fmt 13 #include <linux/kernel.h> 14 #include <linux/export.h> 15 #include <linux/slab.h> 16 #include <linux/err.h> 17 #include <linux/oid_registry.h> 18 #include <crypto/public_key.h> 19 #include "x509_parser.h" 20 #include "x509-asn1.h" 21 #include "x509_akid-asn1.h" 22 23 struct x509_parse_context { 24 struct x509_certificate *cert; /* Certificate being constructed */ 25 unsigned long data; /* Start of data */ 26 const void *cert_start; /* Start of cert content */ 27 const void *key; /* Key data */ 28 size_t key_size; /* Size of key data */ 29 enum OID last_oid; /* Last OID encountered */ 30 enum OID algo_oid; /* Algorithm OID */ 31 unsigned char nr_mpi; /* Number of MPIs stored */ 32 u8 o_size; /* Size of organizationName (O) */ 33 u8 cn_size; /* Size of commonName (CN) */ 34 u8 email_size; /* Size of emailAddress */ 35 u16 o_offset; /* Offset of organizationName (O) */ 36 u16 cn_offset; /* Offset of commonName (CN) */ 37 u16 email_offset; /* Offset of emailAddress */ 38 unsigned raw_akid_size; 39 const void *raw_akid; /* Raw authorityKeyId in ASN.1 */ 40 const void *akid_raw_issuer; /* Raw directoryName in authorityKeyId */ 41 unsigned akid_raw_issuer_size; 42 }; 43 44 /* 45 * Free an X.509 certificate 46 */ 47 void x509_free_certificate(struct x509_certificate *cert) 48 { 49 if (cert) { 50 public_key_free(cert->pub); 51 public_key_signature_free(cert->sig); 52 kfree(cert->issuer); 53 kfree(cert->subject); 54 kfree(cert->id); 55 kfree(cert->skid); 56 kfree(cert); 57 } 58 } 59 EXPORT_SYMBOL_GPL(x509_free_certificate); 60 61 /* 62 * Parse an X.509 certificate 63 */ 64 struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) 65 { 66 struct x509_certificate *cert; 67 struct x509_parse_context *ctx; 68 struct asymmetric_key_id *kid; 69 long ret; 70 71 ret = -ENOMEM; 72 cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL); 73 if (!cert) 74 goto error_no_cert; 75 cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); 76 if (!cert->pub) 77 goto error_no_ctx; 78 cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL); 79 if (!cert->sig) 80 goto error_no_ctx; 81 ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL); 82 if (!ctx) 83 goto error_no_ctx; 84 85 ctx->cert = cert; 86 ctx->data = (unsigned long)data; 87 88 /* Attempt to decode the certificate */ 89 ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen); 90 if (ret < 0) 91 goto error_decode; 92 93 /* Decode the AuthorityKeyIdentifier */ 94 if (ctx->raw_akid) { 95 pr_devel("AKID: %u %*phN\n", 96 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid); 97 ret = asn1_ber_decoder(&x509_akid_decoder, ctx, 98 ctx->raw_akid, ctx->raw_akid_size); 99 if (ret < 0) { 100 pr_warn("Couldn't decode AuthKeyIdentifier\n"); 101 goto error_decode; 102 } 103 } 104 105 cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL); 106 if (!cert->pub->key) 107 goto error_decode; 108 109 cert->pub->keylen = ctx->key_size; 110 111 /* Grab the signature bits */ 112 ret = x509_get_sig_params(cert); 113 if (ret < 0) 114 goto error_decode; 115 116 /* Generate cert issuer + serial number key ID */ 117 kid = asymmetric_key_generate_id(cert->raw_serial, 118 cert->raw_serial_size, 119 cert->raw_issuer, 120 cert->raw_issuer_size); 121 if (IS_ERR(kid)) { 122 ret = PTR_ERR(kid); 123 goto error_decode; 124 } 125 cert->id = kid; 126 127 /* Detect self-signed certificates */ 128 ret = x509_check_for_self_signed(cert); 129 if (ret < 0) 130 goto error_decode; 131 132 kfree(ctx); 133 return cert; 134 135 error_decode: 136 kfree(cert->pub->key); 137 kfree(ctx); 138 error_no_ctx: 139 x509_free_certificate(cert); 140 error_no_cert: 141 return ERR_PTR(ret); 142 } 143 EXPORT_SYMBOL_GPL(x509_cert_parse); 144 145 /* 146 * Note an OID when we find one for later processing when we know how 147 * to interpret it. 148 */ 149 int x509_note_OID(void *context, size_t hdrlen, 150 unsigned char tag, 151 const void *value, size_t vlen) 152 { 153 struct x509_parse_context *ctx = context; 154 155 ctx->last_oid = look_up_OID(value, vlen); 156 if (ctx->last_oid == OID__NR) { 157 char buffer[50]; 158 sprint_oid(value, vlen, buffer, sizeof(buffer)); 159 pr_debug("Unknown OID: [%lu] %s\n", 160 (unsigned long)value - ctx->data, buffer); 161 } 162 return 0; 163 } 164 165 /* 166 * Save the position of the TBS data so that we can check the signature over it 167 * later. 168 */ 169 int x509_note_tbs_certificate(void *context, size_t hdrlen, 170 unsigned char tag, 171 const void *value, size_t vlen) 172 { 173 struct x509_parse_context *ctx = context; 174 175 pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n", 176 hdrlen, tag, (unsigned long)value - ctx->data, vlen); 177 178 ctx->cert->tbs = value - hdrlen; 179 ctx->cert->tbs_size = vlen + hdrlen; 180 return 0; 181 } 182 183 /* 184 * Record the public key algorithm 185 */ 186 int x509_note_pkey_algo(void *context, size_t hdrlen, 187 unsigned char tag, 188 const void *value, size_t vlen) 189 { 190 struct x509_parse_context *ctx = context; 191 192 pr_debug("PubKey Algo: %u\n", ctx->last_oid); 193 194 switch (ctx->last_oid) { 195 case OID_md2WithRSAEncryption: 196 case OID_md3WithRSAEncryption: 197 default: 198 return -ENOPKG; /* Unsupported combination */ 199 200 case OID_md4WithRSAEncryption: 201 ctx->cert->sig->hash_algo = "md4"; 202 ctx->cert->sig->pkey_algo = "rsa"; 203 break; 204 205 case OID_sha1WithRSAEncryption: 206 ctx->cert->sig->hash_algo = "sha1"; 207 ctx->cert->sig->pkey_algo = "rsa"; 208 break; 209 210 case OID_sha256WithRSAEncryption: 211 ctx->cert->sig->hash_algo = "sha256"; 212 ctx->cert->sig->pkey_algo = "rsa"; 213 break; 214 215 case OID_sha384WithRSAEncryption: 216 ctx->cert->sig->hash_algo = "sha384"; 217 ctx->cert->sig->pkey_algo = "rsa"; 218 break; 219 220 case OID_sha512WithRSAEncryption: 221 ctx->cert->sig->hash_algo = "sha512"; 222 ctx->cert->sig->pkey_algo = "rsa"; 223 break; 224 225 case OID_sha224WithRSAEncryption: 226 ctx->cert->sig->hash_algo = "sha224"; 227 ctx->cert->sig->pkey_algo = "rsa"; 228 break; 229 } 230 231 ctx->algo_oid = ctx->last_oid; 232 return 0; 233 } 234 235 /* 236 * Note the whereabouts and type of the signature. 237 */ 238 int x509_note_signature(void *context, size_t hdrlen, 239 unsigned char tag, 240 const void *value, size_t vlen) 241 { 242 struct x509_parse_context *ctx = context; 243 244 pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen); 245 246 if (ctx->last_oid != ctx->algo_oid) { 247 pr_warn("Got cert with pkey (%u) and sig (%u) algorithm OIDs\n", 248 ctx->algo_oid, ctx->last_oid); 249 return -EINVAL; 250 } 251 252 ctx->cert->raw_sig = value; 253 ctx->cert->raw_sig_size = vlen; 254 return 0; 255 } 256 257 /* 258 * Note the certificate serial number 259 */ 260 int x509_note_serial(void *context, size_t hdrlen, 261 unsigned char tag, 262 const void *value, size_t vlen) 263 { 264 struct x509_parse_context *ctx = context; 265 ctx->cert->raw_serial = value; 266 ctx->cert->raw_serial_size = vlen; 267 return 0; 268 } 269 270 /* 271 * Note some of the name segments from which we'll fabricate a name. 272 */ 273 int x509_extract_name_segment(void *context, size_t hdrlen, 274 unsigned char tag, 275 const void *value, size_t vlen) 276 { 277 struct x509_parse_context *ctx = context; 278 279 switch (ctx->last_oid) { 280 case OID_commonName: 281 ctx->cn_size = vlen; 282 ctx->cn_offset = (unsigned long)value - ctx->data; 283 break; 284 case OID_organizationName: 285 ctx->o_size = vlen; 286 ctx->o_offset = (unsigned long)value - ctx->data; 287 break; 288 case OID_email_address: 289 ctx->email_size = vlen; 290 ctx->email_offset = (unsigned long)value - ctx->data; 291 break; 292 default: 293 break; 294 } 295 296 return 0; 297 } 298 299 /* 300 * Fabricate and save the issuer and subject names 301 */ 302 static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen, 303 unsigned char tag, 304 char **_name, size_t vlen) 305 { 306 const void *name, *data = (const void *)ctx->data; 307 size_t namesize; 308 char *buffer; 309 310 if (*_name) 311 return -EINVAL; 312 313 /* Empty name string if no material */ 314 if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { 315 buffer = kmalloc(1, GFP_KERNEL); 316 if (!buffer) 317 return -ENOMEM; 318 buffer[0] = 0; 319 goto done; 320 } 321 322 if (ctx->cn_size && ctx->o_size) { 323 /* Consider combining O and CN, but use only the CN if it is 324 * prefixed by the O, or a significant portion thereof. 325 */ 326 namesize = ctx->cn_size; 327 name = data + ctx->cn_offset; 328 if (ctx->cn_size >= ctx->o_size && 329 memcmp(data + ctx->cn_offset, data + ctx->o_offset, 330 ctx->o_size) == 0) 331 goto single_component; 332 if (ctx->cn_size >= 7 && 333 ctx->o_size >= 7 && 334 memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0) 335 goto single_component; 336 337 buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1, 338 GFP_KERNEL); 339 if (!buffer) 340 return -ENOMEM; 341 342 memcpy(buffer, 343 data + ctx->o_offset, ctx->o_size); 344 buffer[ctx->o_size + 0] = ':'; 345 buffer[ctx->o_size + 1] = ' '; 346 memcpy(buffer + ctx->o_size + 2, 347 data + ctx->cn_offset, ctx->cn_size); 348 buffer[ctx->o_size + 2 + ctx->cn_size] = 0; 349 goto done; 350 351 } else if (ctx->cn_size) { 352 namesize = ctx->cn_size; 353 name = data + ctx->cn_offset; 354 } else if (ctx->o_size) { 355 namesize = ctx->o_size; 356 name = data + ctx->o_offset; 357 } else { 358 namesize = ctx->email_size; 359 name = data + ctx->email_offset; 360 } 361 362 single_component: 363 buffer = kmalloc(namesize + 1, GFP_KERNEL); 364 if (!buffer) 365 return -ENOMEM; 366 memcpy(buffer, name, namesize); 367 buffer[namesize] = 0; 368 369 done: 370 *_name = buffer; 371 ctx->cn_size = 0; 372 ctx->o_size = 0; 373 ctx->email_size = 0; 374 return 0; 375 } 376 377 int x509_note_issuer(void *context, size_t hdrlen, 378 unsigned char tag, 379 const void *value, size_t vlen) 380 { 381 struct x509_parse_context *ctx = context; 382 ctx->cert->raw_issuer = value; 383 ctx->cert->raw_issuer_size = vlen; 384 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen); 385 } 386 387 int x509_note_subject(void *context, size_t hdrlen, 388 unsigned char tag, 389 const void *value, size_t vlen) 390 { 391 struct x509_parse_context *ctx = context; 392 ctx->cert->raw_subject = value; 393 ctx->cert->raw_subject_size = vlen; 394 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen); 395 } 396 397 /* 398 * Extract the data for the public key algorithm 399 */ 400 int x509_extract_key_data(void *context, size_t hdrlen, 401 unsigned char tag, 402 const void *value, size_t vlen) 403 { 404 struct x509_parse_context *ctx = context; 405 406 if (ctx->last_oid != OID_rsaEncryption) 407 return -ENOPKG; 408 409 ctx->cert->pub->pkey_algo = "rsa"; 410 411 /* Discard the BIT STRING metadata */ 412 ctx->key = value + 1; 413 ctx->key_size = vlen - 1; 414 return 0; 415 } 416 417 /* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */ 418 #define SEQ_TAG_KEYID (ASN1_CONT << 6) 419 420 /* 421 * Process certificate extensions that are used to qualify the certificate. 422 */ 423 int x509_process_extension(void *context, size_t hdrlen, 424 unsigned char tag, 425 const void *value, size_t vlen) 426 { 427 struct x509_parse_context *ctx = context; 428 struct asymmetric_key_id *kid; 429 const unsigned char *v = value; 430 431 pr_debug("Extension: %u\n", ctx->last_oid); 432 433 if (ctx->last_oid == OID_subjectKeyIdentifier) { 434 /* Get hold of the key fingerprint */ 435 if (ctx->cert->skid || vlen < 3) 436 return -EBADMSG; 437 if (v[0] != ASN1_OTS || v[1] != vlen - 2) 438 return -EBADMSG; 439 v += 2; 440 vlen -= 2; 441 442 ctx->cert->raw_skid_size = vlen; 443 ctx->cert->raw_skid = v; 444 kid = asymmetric_key_generate_id(v, vlen, "", 0); 445 if (IS_ERR(kid)) 446 return PTR_ERR(kid); 447 ctx->cert->skid = kid; 448 pr_debug("subjkeyid %*phN\n", kid->len, kid->data); 449 return 0; 450 } 451 452 if (ctx->last_oid == OID_authorityKeyIdentifier) { 453 /* Get hold of the CA key fingerprint */ 454 ctx->raw_akid = v; 455 ctx->raw_akid_size = vlen; 456 return 0; 457 } 458 459 return 0; 460 } 461 462 /** 463 * x509_decode_time - Decode an X.509 time ASN.1 object 464 * @_t: The time to fill in 465 * @hdrlen: The length of the object header 466 * @tag: The object tag 467 * @value: The object value 468 * @vlen: The size of the object value 469 * 470 * Decode an ASN.1 universal time or generalised time field into a struct the 471 * kernel can handle and check it for validity. The time is decoded thus: 472 * 473 * [RFC5280 §4.1.2.5] 474 * CAs conforming to this profile MUST always encode certificate validity 475 * dates through the year 2049 as UTCTime; certificate validity dates in 476 * 2050 or later MUST be encoded as GeneralizedTime. Conforming 477 * applications MUST be able to process validity dates that are encoded in 478 * either UTCTime or GeneralizedTime. 479 */ 480 int x509_decode_time(time64_t *_t, size_t hdrlen, 481 unsigned char tag, 482 const unsigned char *value, size_t vlen) 483 { 484 static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30, 485 31, 31, 30, 31, 30, 31 }; 486 const unsigned char *p = value; 487 unsigned year, mon, day, hour, min, sec, mon_len; 488 489 #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; }) 490 #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; }) 491 492 if (tag == ASN1_UNITIM) { 493 /* UTCTime: YYMMDDHHMMSSZ */ 494 if (vlen != 13) 495 goto unsupported_time; 496 year = DD2bin(p); 497 if (year >= 50) 498 year += 1900; 499 else 500 year += 2000; 501 } else if (tag == ASN1_GENTIM) { 502 /* GenTime: YYYYMMDDHHMMSSZ */ 503 if (vlen != 15) 504 goto unsupported_time; 505 year = DD2bin(p) * 100 + DD2bin(p); 506 if (year >= 1950 && year <= 2049) 507 goto invalid_time; 508 } else { 509 goto unsupported_time; 510 } 511 512 mon = DD2bin(p); 513 day = DD2bin(p); 514 hour = DD2bin(p); 515 min = DD2bin(p); 516 sec = DD2bin(p); 517 518 if (*p != 'Z') 519 goto unsupported_time; 520 521 if (year < 1970 || 522 mon < 1 || mon > 12) 523 goto invalid_time; 524 525 mon_len = month_lengths[mon - 1]; 526 if (mon == 2) { 527 if (year % 4 == 0) { 528 mon_len = 29; 529 if (year % 100 == 0) { 530 mon_len = 28; 531 if (year % 400 == 0) 532 mon_len = 29; 533 } 534 } 535 } 536 537 if (day < 1 || day > mon_len || 538 hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */ 539 min > 59 || 540 sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */ 541 goto invalid_time; 542 543 *_t = mktime64(year, mon, day, hour, min, sec); 544 return 0; 545 546 unsupported_time: 547 pr_debug("Got unsupported time [tag %02x]: '%*phN'\n", 548 tag, (int)vlen, value); 549 return -EBADMSG; 550 invalid_time: 551 pr_debug("Got invalid time [tag %02x]: '%*phN'\n", 552 tag, (int)vlen, value); 553 return -EBADMSG; 554 } 555 EXPORT_SYMBOL_GPL(x509_decode_time); 556 557 int x509_note_not_before(void *context, size_t hdrlen, 558 unsigned char tag, 559 const void *value, size_t vlen) 560 { 561 struct x509_parse_context *ctx = context; 562 return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); 563 } 564 565 int x509_note_not_after(void *context, size_t hdrlen, 566 unsigned char tag, 567 const void *value, size_t vlen) 568 { 569 struct x509_parse_context *ctx = context; 570 return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); 571 } 572 573 /* 574 * Note a key identifier-based AuthorityKeyIdentifier 575 */ 576 int x509_akid_note_kid(void *context, size_t hdrlen, 577 unsigned char tag, 578 const void *value, size_t vlen) 579 { 580 struct x509_parse_context *ctx = context; 581 struct asymmetric_key_id *kid; 582 583 pr_debug("AKID: keyid: %*phN\n", (int)vlen, value); 584 585 if (ctx->cert->sig->auth_ids[1]) 586 return 0; 587 588 kid = asymmetric_key_generate_id(value, vlen, "", 0); 589 if (IS_ERR(kid)) 590 return PTR_ERR(kid); 591 pr_debug("authkeyid %*phN\n", kid->len, kid->data); 592 ctx->cert->sig->auth_ids[1] = kid; 593 return 0; 594 } 595 596 /* 597 * Note a directoryName in an AuthorityKeyIdentifier 598 */ 599 int x509_akid_note_name(void *context, size_t hdrlen, 600 unsigned char tag, 601 const void *value, size_t vlen) 602 { 603 struct x509_parse_context *ctx = context; 604 605 pr_debug("AKID: name: %*phN\n", (int)vlen, value); 606 607 ctx->akid_raw_issuer = value; 608 ctx->akid_raw_issuer_size = vlen; 609 return 0; 610 } 611 612 /* 613 * Note a serial number in an AuthorityKeyIdentifier 614 */ 615 int x509_akid_note_serial(void *context, size_t hdrlen, 616 unsigned char tag, 617 const void *value, size_t vlen) 618 { 619 struct x509_parse_context *ctx = context; 620 struct asymmetric_key_id *kid; 621 622 pr_debug("AKID: serial: %*phN\n", (int)vlen, value); 623 624 if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0]) 625 return 0; 626 627 kid = asymmetric_key_generate_id(value, 628 vlen, 629 ctx->akid_raw_issuer, 630 ctx->akid_raw_issuer_size); 631 if (IS_ERR(kid)) 632 return PTR_ERR(kid); 633 634 pr_debug("authkeyid %*phN\n", kid->len, kid->data); 635 ctx->cert->sig->auth_ids[0] = kid; 636 return 0; 637 } 638