xref: /freebsd/contrib/wpa/src/tls/x509v3.c (revision 78373a5faa3bab46d247c10a7059e484bc634504)
1 /*
2  * X.509v3 certificate parsing and processing (RFC 3280 profile)
3  * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/crypto.h"
13 #include "asn1.h"
14 #include "x509v3.h"
15 
16 
17 void x509_free_name(struct x509_name *name)
18 {
19 	size_t i;
20 
21 	for (i = 0; i < name->num_attr; i++) {
22 		os_free(name->attr[i].value);
23 		name->attr[i].value = NULL;
24 		name->attr[i].type = X509_NAME_ATTR_NOT_USED;
25 	}
26 	name->num_attr = 0;
27 	os_free(name->email);
28 	name->email = NULL;
29 
30 	os_free(name->alt_email);
31 	os_free(name->dns);
32 	os_free(name->uri);
33 	os_free(name->ip);
34 	name->alt_email = name->dns = name->uri = NULL;
35 	name->ip = NULL;
36 	name->ip_len = 0;
37 	os_memset(&name->rid, 0, sizeof(name->rid));
38 }
39 
40 
41 /**
42  * x509_certificate_free - Free an X.509 certificate
43  * @cert: Certificate to be freed
44  */
45 void x509_certificate_free(struct x509_certificate *cert)
46 {
47 	if (cert == NULL)
48 		return;
49 	if (cert->next) {
50 		wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
51 			   "was still on a list (next=%p)\n",
52 			   cert, cert->next);
53 	}
54 	x509_free_name(&cert->issuer);
55 	x509_free_name(&cert->subject);
56 	os_free(cert->public_key);
57 	os_free(cert->sign_value);
58 	os_free(cert->subject_dn);
59 	os_free(cert);
60 }
61 
62 
63 /**
64  * x509_certificate_free - Free an X.509 certificate chain
65  * @cert: Pointer to the first certificate in the chain
66  */
67 void x509_certificate_chain_free(struct x509_certificate *cert)
68 {
69 	struct x509_certificate *next;
70 
71 	while (cert) {
72 		next = cert->next;
73 		cert->next = NULL;
74 		x509_certificate_free(cert);
75 		cert = next;
76 	}
77 }
78 
79 
80 static int x509_whitespace(char c)
81 {
82 	return c == ' ' || c == '\t';
83 }
84 
85 
86 static void x509_str_strip_whitespace(char *a)
87 {
88 	char *ipos, *opos;
89 	int remove_whitespace = 1;
90 
91 	ipos = opos = a;
92 
93 	while (*ipos) {
94 		if (remove_whitespace && x509_whitespace(*ipos))
95 			ipos++;
96 		else {
97 			remove_whitespace = x509_whitespace(*ipos);
98 			*opos++ = *ipos++;
99 		}
100 	}
101 
102 	*opos-- = '\0';
103 	if (opos > a && x509_whitespace(*opos))
104 		*opos = '\0';
105 }
106 
107 
108 static int x509_str_compare(const char *a, const char *b)
109 {
110 	char *aa, *bb;
111 	int ret;
112 
113 	if (!a && b)
114 		return -1;
115 	if (a && !b)
116 		return 1;
117 	if (!a && !b)
118 		return 0;
119 
120 	aa = os_strdup(a);
121 	bb = os_strdup(b);
122 
123 	if (aa == NULL || bb == NULL) {
124 		os_free(aa);
125 		os_free(bb);
126 		return os_strcasecmp(a, b);
127 	}
128 
129 	x509_str_strip_whitespace(aa);
130 	x509_str_strip_whitespace(bb);
131 
132 	ret = os_strcasecmp(aa, bb);
133 
134 	os_free(aa);
135 	os_free(bb);
136 
137 	return ret;
138 }
139 
140 
141 /**
142  * x509_name_compare - Compare X.509 certificate names
143  * @a: Certificate name
144  * @b: Certificate name
145  * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
146  * greater than b
147  */
148 int x509_name_compare(struct x509_name *a, struct x509_name *b)
149 {
150 	int res;
151 	size_t i;
152 
153 	if (!a && b)
154 		return -1;
155 	if (a && !b)
156 		return 1;
157 	if (!a && !b)
158 		return 0;
159 	if (a->num_attr < b->num_attr)
160 		return -1;
161 	if (a->num_attr > b->num_attr)
162 		return 1;
163 
164 	for (i = 0; i < a->num_attr; i++) {
165 		if (a->attr[i].type < b->attr[i].type)
166 			return -1;
167 		if (a->attr[i].type > b->attr[i].type)
168 			return -1;
169 		res = x509_str_compare(a->attr[i].value, b->attr[i].value);
170 		if (res)
171 			return res;
172 	}
173 	res = x509_str_compare(a->email, b->email);
174 	if (res)
175 		return res;
176 
177 	return 0;
178 }
179 
180 
181 int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
182 				    struct x509_algorithm_identifier *id,
183 				    const u8 **next)
184 {
185 	struct asn1_hdr hdr;
186 	const u8 *pos, *end;
187 
188 	/*
189 	 * AlgorithmIdentifier ::= SEQUENCE {
190 	 *     algorithm            OBJECT IDENTIFIER,
191 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
192 	 * }
193 	 */
194 
195 	if (asn1_get_next(buf, len, &hdr) < 0 ||
196 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
197 	    hdr.tag != ASN1_TAG_SEQUENCE) {
198 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
199 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
200 			   hdr.class, hdr.tag);
201 		return -1;
202 	}
203 	if (hdr.length > buf + len - hdr.payload)
204 		return -1;
205 	pos = hdr.payload;
206 	end = pos + hdr.length;
207 
208 	*next = end;
209 
210 	if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
211 		return -1;
212 
213 	/* TODO: optional parameters */
214 
215 	return 0;
216 }
217 
218 
219 static int x509_parse_public_key(const u8 *buf, size_t len,
220 				 struct x509_certificate *cert,
221 				 const u8 **next)
222 {
223 	struct asn1_hdr hdr;
224 	const u8 *pos, *end;
225 
226 	/*
227 	 * SubjectPublicKeyInfo ::= SEQUENCE {
228 	 *     algorithm            AlgorithmIdentifier,
229 	 *     subjectPublicKey     BIT STRING
230 	 * }
231 	 */
232 
233 	pos = buf;
234 	end = buf + len;
235 
236 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
237 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
238 	    hdr.tag != ASN1_TAG_SEQUENCE) {
239 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
240 			   "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
241 			   hdr.class, hdr.tag);
242 		return -1;
243 	}
244 	pos = hdr.payload;
245 
246 	if (hdr.length > end - pos)
247 		return -1;
248 	end = pos + hdr.length;
249 	*next = end;
250 
251 	if (x509_parse_algorithm_identifier(pos, end - pos,
252 					    &cert->public_key_alg, &pos))
253 		return -1;
254 
255 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
256 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
257 	    hdr.tag != ASN1_TAG_BITSTRING) {
258 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
259 			   "(subjectPublicKey) - found class %d tag 0x%x",
260 			   hdr.class, hdr.tag);
261 		return -1;
262 	}
263 	if (hdr.length < 1)
264 		return -1;
265 	pos = hdr.payload;
266 	if (*pos) {
267 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
268 			   *pos);
269 		/*
270 		 * TODO: should this be rejected? X.509 certificates are
271 		 * unlikely to use such a construction. Now we would end up
272 		 * including the extra bits in the buffer which may also be
273 		 * ok.
274 		 */
275 	}
276 	os_free(cert->public_key);
277 	cert->public_key = os_memdup(pos + 1, hdr.length - 1);
278 	if (cert->public_key == NULL) {
279 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
280 			   "public key");
281 		return -1;
282 	}
283 	cert->public_key_len = hdr.length - 1;
284 	wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
285 		    cert->public_key, cert->public_key_len);
286 
287 	return 0;
288 }
289 
290 
291 int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
292 		    const u8 **next)
293 {
294 	struct asn1_hdr hdr;
295 	const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
296 	struct asn1_oid oid;
297 	char *val;
298 
299 	/*
300 	 * Name ::= CHOICE { RDNSequence }
301 	 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
302 	 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
303 	 * AttributeTypeAndValue ::= SEQUENCE {
304 	 *     type     AttributeType,
305 	 *     value    AttributeValue
306 	 * }
307 	 * AttributeType ::= OBJECT IDENTIFIER
308 	 * AttributeValue ::= ANY DEFINED BY AttributeType
309 	 */
310 
311 	if (asn1_get_next(buf, len, &hdr) < 0 ||
312 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
313 	    hdr.tag != ASN1_TAG_SEQUENCE) {
314 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
315 			   "(Name / RDNSequencer) - found class %d tag 0x%x",
316 			   hdr.class, hdr.tag);
317 		return -1;
318 	}
319 	pos = hdr.payload;
320 
321 	if (hdr.length > buf + len - pos)
322 		return -1;
323 
324 	end = *next = pos + hdr.length;
325 
326 	while (pos < end) {
327 		enum x509_name_attr_type type;
328 
329 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
330 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
331 		    hdr.tag != ASN1_TAG_SET) {
332 			wpa_printf(MSG_DEBUG, "X509: Expected SET "
333 				   "(RelativeDistinguishedName) - found class "
334 				   "%d tag 0x%x", hdr.class, hdr.tag);
335 			x509_free_name(name);
336 			return -1;
337 		}
338 
339 		set_pos = hdr.payload;
340 		pos = set_end = hdr.payload + hdr.length;
341 
342 		if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
343 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
344 		    hdr.tag != ASN1_TAG_SEQUENCE) {
345 			wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
346 				   "(AttributeTypeAndValue) - found class %d "
347 				   "tag 0x%x", hdr.class, hdr.tag);
348 			x509_free_name(name);
349 			return -1;
350 		}
351 
352 		seq_pos = hdr.payload;
353 		seq_end = hdr.payload + hdr.length;
354 
355 		if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
356 			x509_free_name(name);
357 			return -1;
358 		}
359 
360 		if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
361 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
362 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
363 				   "AttributeValue");
364 			x509_free_name(name);
365 			return -1;
366 		}
367 
368 		/* RFC 3280:
369 		 * MUST: country, organization, organizational-unit,
370 		 * distinguished name qualifier, state or province name,
371 		 * common name, serial number.
372 		 * SHOULD: locality, title, surname, given name, initials,
373 		 * pseudonym, generation qualifier.
374 		 * MUST: domainComponent (RFC 2247).
375 		 */
376 		type = X509_NAME_ATTR_NOT_USED;
377 		if (oid.len == 4 &&
378 		    oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
379 			/* id-at ::= 2.5.4 */
380 			switch (oid.oid[3]) {
381 			case 3:
382 				/* commonName */
383 				type = X509_NAME_ATTR_CN;
384 				break;
385 			case 6:
386 				/*  countryName */
387 				type = X509_NAME_ATTR_C;
388 				break;
389 			case 7:
390 				/* localityName */
391 				type = X509_NAME_ATTR_L;
392 				break;
393 			case 8:
394 				/* stateOrProvinceName */
395 				type = X509_NAME_ATTR_ST;
396 				break;
397 			case 10:
398 				/* organizationName */
399 				type = X509_NAME_ATTR_O;
400 				break;
401 			case 11:
402 				/* organizationalUnitName */
403 				type = X509_NAME_ATTR_OU;
404 				break;
405 			}
406 		} else if (oid.len == 7 &&
407 			   oid.oid[0] == 1 && oid.oid[1] == 2 &&
408 			   oid.oid[2] == 840 && oid.oid[3] == 113549 &&
409 			   oid.oid[4] == 1 && oid.oid[5] == 9 &&
410 			   oid.oid[6] == 1) {
411 			/* 1.2.840.113549.1.9.1 - e-mailAddress */
412 			os_free(name->email);
413 			name->email = os_malloc(hdr.length + 1);
414 			if (name->email == NULL) {
415 				x509_free_name(name);
416 				return -1;
417 			}
418 			os_memcpy(name->email, hdr.payload, hdr.length);
419 			name->email[hdr.length] = '\0';
420 			continue;
421 		} else if (oid.len == 7 &&
422 			   oid.oid[0] == 0 && oid.oid[1] == 9 &&
423 			   oid.oid[2] == 2342 && oid.oid[3] == 19200300 &&
424 			   oid.oid[4] == 100 && oid.oid[5] == 1 &&
425 			   oid.oid[6] == 25) {
426 			/* 0.9.2342.19200300.100.1.25 - domainComponent */
427 			type = X509_NAME_ATTR_DC;
428 		}
429 
430 		if (type == X509_NAME_ATTR_NOT_USED) {
431 			wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
432 				    (u8 *) oid.oid,
433 				    oid.len * sizeof(oid.oid[0]));
434 			wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
435 					  hdr.payload, hdr.length);
436 			continue;
437 		}
438 
439 		if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) {
440 			wpa_printf(MSG_INFO, "X509: Too many Name attributes");
441 			x509_free_name(name);
442 			return -1;
443 		}
444 
445 		val = dup_binstr(hdr.payload, hdr.length);
446 		if (val == NULL) {
447 			x509_free_name(name);
448 			return -1;
449 		}
450 		if (os_strlen(val) != hdr.length) {
451 			wpa_printf(MSG_INFO, "X509: Reject certificate with "
452 				   "embedded NUL byte in a string (%s[NUL])",
453 				   val);
454 			os_free(val);
455 			x509_free_name(name);
456 			return -1;
457 		}
458 
459 		name->attr[name->num_attr].type = type;
460 		name->attr[name->num_attr].value = val;
461 		name->num_attr++;
462 	}
463 
464 	return 0;
465 }
466 
467 
468 static char * x509_name_attr_str(enum x509_name_attr_type type)
469 {
470 	switch (type) {
471 	case X509_NAME_ATTR_NOT_USED:
472 		return "[N/A]";
473 	case X509_NAME_ATTR_DC:
474 		return "DC";
475 	case X509_NAME_ATTR_CN:
476 		return "CN";
477 	case X509_NAME_ATTR_C:
478 		return "C";
479 	case X509_NAME_ATTR_L:
480 		return "L";
481 	case X509_NAME_ATTR_ST:
482 		return "ST";
483 	case X509_NAME_ATTR_O:
484 		return "O";
485 	case X509_NAME_ATTR_OU:
486 		return "OU";
487 	}
488 	return "?";
489 }
490 
491 
492 /**
493  * x509_name_string - Convert an X.509 certificate name into a string
494  * @name: Name to convert
495  * @buf: Buffer for the string
496  * @len: Maximum buffer length
497  */
498 void x509_name_string(struct x509_name *name, char *buf, size_t len)
499 {
500 	char *pos, *end;
501 	int ret;
502 	size_t i;
503 
504 	if (len == 0)
505 		return;
506 
507 	pos = buf;
508 	end = buf + len;
509 
510 	for (i = 0; i < name->num_attr; i++) {
511 		ret = os_snprintf(pos, end - pos, "%s=%s, ",
512 				  x509_name_attr_str(name->attr[i].type),
513 				  name->attr[i].value);
514 		if (os_snprintf_error(end - pos, ret))
515 			goto done;
516 		pos += ret;
517 	}
518 
519 	if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
520 		pos--;
521 		*pos = '\0';
522 		pos--;
523 		*pos = '\0';
524 	}
525 
526 	if (name->email) {
527 		ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
528 				  name->email);
529 		if (os_snprintf_error(end - pos, ret))
530 			goto done;
531 		pos += ret;
532 	}
533 
534 done:
535 	if (pos < end)
536 		*pos = '\0';
537 	end[-1] = '\0';
538 }
539 
540 
541 static int parse_uint2(const char *pos, size_t len)
542 {
543 	char buf[3];
544 	int ret;
545 
546 	if (len < 2)
547 		return -1;
548 	buf[0] = pos[0];
549 	buf[1] = pos[1];
550 	buf[2] = 0x00;
551 	if (sscanf(buf, "%2d", &ret) != 1)
552 		return -1;
553 	return ret;
554 }
555 
556 
557 static int parse_uint4(const char *pos, size_t len)
558 {
559 	char buf[5];
560 	int ret;
561 
562 	if (len < 4)
563 		return -1;
564 	buf[0] = pos[0];
565 	buf[1] = pos[1];
566 	buf[2] = pos[2];
567 	buf[3] = pos[3];
568 	buf[4] = 0x00;
569 	if (sscanf(buf, "%4d", &ret) != 1)
570 		return -1;
571 	return ret;
572 }
573 
574 
575 int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val)
576 {
577 	const char *pos, *end;
578 	int year, month, day, hour, min, sec;
579 
580 	/*
581 	 * Time ::= CHOICE {
582 	 *     utcTime        UTCTime,
583 	 *     generalTime    GeneralizedTime
584 	 * }
585 	 *
586 	 * UTCTime: YYMMDDHHMMSSZ
587 	 * GeneralizedTime: YYYYMMDDHHMMSSZ
588 	 */
589 
590 	pos = (const char *) buf;
591 	end = pos + len;
592 
593 	switch (asn1_tag) {
594 	case ASN1_TAG_UTCTIME:
595 		if (len != 13 || buf[12] != 'Z') {
596 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
597 					  "UTCTime format", buf, len);
598 			return -1;
599 		}
600 		year = parse_uint2(pos, end - pos);
601 		if (year < 0) {
602 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
603 					  "UTCTime year", buf, len);
604 			return -1;
605 		}
606 		if (year < 50)
607 			year += 2000;
608 		else
609 			year += 1900;
610 		pos += 2;
611 		break;
612 	case ASN1_TAG_GENERALIZEDTIME:
613 		if (len != 15 || buf[14] != 'Z') {
614 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
615 					  "GeneralizedTime format", buf, len);
616 			return -1;
617 		}
618 		year = parse_uint4(pos, end - pos);
619 		if (year < 0) {
620 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
621 					  "GeneralizedTime year", buf, len);
622 			return -1;
623 		}
624 		pos += 4;
625 		break;
626 	default:
627 		wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
628 			   "GeneralizedTime - found tag 0x%x", asn1_tag);
629 		return -1;
630 	}
631 
632 	month = parse_uint2(pos, end - pos);
633 	if (month < 0) {
634 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
635 				  "(month)", buf, len);
636 		return -1;
637 	}
638 	pos += 2;
639 
640 	day = parse_uint2(pos, end - pos);
641 	if (day < 0) {
642 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
643 				  "(day)", buf, len);
644 		return -1;
645 	}
646 	pos += 2;
647 
648 	hour = parse_uint2(pos, end - pos);
649 	if (hour < 0) {
650 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
651 				  "(hour)", buf, len);
652 		return -1;
653 	}
654 	pos += 2;
655 
656 	min = parse_uint2(pos, end - pos);
657 	if (min < 0) {
658 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
659 				  "(min)", buf, len);
660 		return -1;
661 	}
662 	pos += 2;
663 
664 	sec = parse_uint2(pos, end - pos);
665 	if (sec < 0) {
666 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
667 				  "(sec)", buf, len);
668 		return -1;
669 	}
670 
671 	if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
672 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
673 				  buf, len);
674 		if (year < 1970) {
675 			/*
676 			 * At least some test certificates have been configured
677 			 * to use dates prior to 1970. Set the date to
678 			 * beginning of 1970 to handle these case.
679 			 */
680 			wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
681 				   "assume epoch as the time", year);
682 			*val = 0;
683 			return 0;
684 		}
685 		return -1;
686 	}
687 
688 	return 0;
689 }
690 
691 
692 static int x509_parse_validity(const u8 *buf, size_t len,
693 			       struct x509_certificate *cert, const u8 **next)
694 {
695 	struct asn1_hdr hdr;
696 	const u8 *pos;
697 	size_t plen;
698 
699 	/*
700 	 * Validity ::= SEQUENCE {
701 	 *     notBefore      Time,
702 	 *     notAfter       Time
703 	 * }
704 	 *
705 	 * RFC 3280, 4.1.2.5:
706 	 * CAs conforming to this profile MUST always encode certificate
707 	 * validity dates through the year 2049 as UTCTime; certificate
708 	 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
709 	 */
710 
711 	if (asn1_get_next(buf, len, &hdr) < 0 ||
712 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
713 	    hdr.tag != ASN1_TAG_SEQUENCE) {
714 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
715 			   "(Validity) - found class %d tag 0x%x",
716 			   hdr.class, hdr.tag);
717 		return -1;
718 	}
719 	pos = hdr.payload;
720 	plen = hdr.length;
721 
722 	if (plen > (size_t) (buf + len - pos))
723 		return -1;
724 
725 	*next = pos + plen;
726 
727 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
728 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
729 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
730 			    &cert->not_before) < 0) {
731 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
732 				  "Time", hdr.payload, hdr.length);
733 		return -1;
734 	}
735 
736 	pos = hdr.payload + hdr.length;
737 	plen = *next - pos;
738 
739 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
740 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
741 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
742 			    &cert->not_after) < 0) {
743 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
744 				  "Time", hdr.payload, hdr.length);
745 		return -1;
746 	}
747 
748 	wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
749 		   (unsigned long) cert->not_before,
750 		   (unsigned long) cert->not_after);
751 
752 	return 0;
753 }
754 
755 
756 static int x509_id_ce_oid(struct asn1_oid *oid)
757 {
758 	/* id-ce arc from X.509 for standard X.509v3 extensions */
759 	return oid->len >= 4 &&
760 		oid->oid[0] == 2 /* joint-iso-ccitt */ &&
761 		oid->oid[1] == 5 /* ds */ &&
762 		oid->oid[2] == 29 /* id-ce */;
763 }
764 
765 
766 static int x509_any_ext_key_usage_oid(struct asn1_oid *oid)
767 {
768 	return oid->len == 6 &&
769 		x509_id_ce_oid(oid) &&
770 		oid->oid[3] == 37 /* extKeyUsage */ &&
771 		oid->oid[4] == 0 /* anyExtendedKeyUsage */;
772 }
773 
774 
775 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
776 				    const u8 *pos, size_t len)
777 {
778 	struct asn1_hdr hdr;
779 
780 	/*
781 	 * KeyUsage ::= BIT STRING {
782 	 *     digitalSignature        (0),
783 	 *     nonRepudiation          (1),
784 	 *     keyEncipherment         (2),
785 	 *     dataEncipherment        (3),
786 	 *     keyAgreement            (4),
787 	 *     keyCertSign             (5),
788 	 *     cRLSign                 (6),
789 	 *     encipherOnly            (7),
790 	 *     decipherOnly            (8) }
791 	 */
792 
793 	if (asn1_get_next(pos, len, &hdr) < 0 ||
794 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
795 	    hdr.tag != ASN1_TAG_BITSTRING ||
796 	    hdr.length < 1) {
797 		wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
798 			   "KeyUsage; found %d tag 0x%x len %d",
799 			   hdr.class, hdr.tag, hdr.length);
800 		return -1;
801 	}
802 
803 	cert->extensions_present |= X509_EXT_KEY_USAGE;
804 	cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
805 
806 	wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
807 
808 	return 0;
809 }
810 
811 
812 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
813 					    const u8 *pos, size_t len)
814 {
815 	struct asn1_hdr hdr;
816 	unsigned long value;
817 	size_t left;
818 	const u8 *end_seq;
819 
820 	/*
821 	 * BasicConstraints ::= SEQUENCE {
822 	 * cA                      BOOLEAN DEFAULT FALSE,
823 	 * pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
824 	 */
825 
826 	if (asn1_get_next(pos, len, &hdr) < 0 ||
827 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
828 	    hdr.tag != ASN1_TAG_SEQUENCE) {
829 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
830 			   "BasicConstraints; found %d tag 0x%x",
831 			   hdr.class, hdr.tag);
832 		return -1;
833 	}
834 
835 	cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
836 
837 	if (hdr.length == 0)
838 		return 0;
839 
840 	end_seq = hdr.payload + hdr.length;
841 	if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
842 	    hdr.class != ASN1_CLASS_UNIVERSAL) {
843 		wpa_printf(MSG_DEBUG, "X509: Failed to parse "
844 			   "BasicConstraints");
845 		return -1;
846 	}
847 
848 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
849 		cert->ca = hdr.payload[0];
850 
851 		pos = hdr.payload + hdr.length;
852 		if (pos >= end_seq) {
853 			/* No optional pathLenConstraint */
854 			wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
855 				   cert->ca);
856 			return 0;
857 		}
858 		if (asn1_get_next(pos, end_seq - pos, &hdr) < 0 ||
859 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
860 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
861 				   "BasicConstraints");
862 			return -1;
863 		}
864 	}
865 
866 	if (hdr.tag != ASN1_TAG_INTEGER) {
867 		wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
868 			   "BasicConstraints; found class %d tag 0x%x",
869 			   hdr.class, hdr.tag);
870 		return -1;
871 	}
872 
873 	pos = hdr.payload;
874 	left = hdr.length;
875 	value = 0;
876 	while (left) {
877 		value <<= 8;
878 		value |= *pos++;
879 		left--;
880 	}
881 
882 	cert->path_len_constraint = value;
883 	cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
884 
885 	wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
886 		   "pathLenConstraint=%lu",
887 		   cert->ca, cert->path_len_constraint);
888 
889 	return 0;
890 }
891 
892 
893 static int x509_parse_alt_name_rfc8222(struct x509_name *name,
894 				       const u8 *pos, size_t len)
895 {
896 	/* rfc822Name IA5String */
897 	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
898 	os_free(name->alt_email);
899 	name->alt_email = os_zalloc(len + 1);
900 	if (name->alt_email == NULL)
901 		return -1;
902 	os_memcpy(name->alt_email, pos, len);
903 	if (os_strlen(name->alt_email) != len) {
904 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
905 			   "embedded NUL byte in rfc822Name (%s[NUL])",
906 			   name->alt_email);
907 		os_free(name->alt_email);
908 		name->alt_email = NULL;
909 		return -1;
910 	}
911 	return 0;
912 }
913 
914 
915 static int x509_parse_alt_name_dns(struct x509_name *name,
916 				   const u8 *pos, size_t len)
917 {
918 	/* dNSName IA5String */
919 	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
920 	os_free(name->dns);
921 	name->dns = os_zalloc(len + 1);
922 	if (name->dns == NULL)
923 		return -1;
924 	os_memcpy(name->dns, pos, len);
925 	if (os_strlen(name->dns) != len) {
926 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
927 			   "embedded NUL byte in dNSName (%s[NUL])",
928 			   name->dns);
929 		os_free(name->dns);
930 		name->dns = NULL;
931 		return -1;
932 	}
933 	return 0;
934 }
935 
936 
937 static int x509_parse_alt_name_uri(struct x509_name *name,
938 				   const u8 *pos, size_t len)
939 {
940 	/* uniformResourceIdentifier IA5String */
941 	wpa_hexdump_ascii(MSG_MSGDUMP,
942 			  "X509: altName - uniformResourceIdentifier",
943 			  pos, len);
944 	os_free(name->uri);
945 	name->uri = os_zalloc(len + 1);
946 	if (name->uri == NULL)
947 		return -1;
948 	os_memcpy(name->uri, pos, len);
949 	if (os_strlen(name->uri) != len) {
950 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
951 			   "embedded NUL byte in uniformResourceIdentifier "
952 			   "(%s[NUL])", name->uri);
953 		os_free(name->uri);
954 		name->uri = NULL;
955 		return -1;
956 	}
957 	return 0;
958 }
959 
960 
961 static int x509_parse_alt_name_ip(struct x509_name *name,
962 				       const u8 *pos, size_t len)
963 {
964 	/* iPAddress OCTET STRING */
965 	wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
966 	os_free(name->ip);
967 	name->ip = os_memdup(pos, len);
968 	if (name->ip == NULL)
969 		return -1;
970 	name->ip_len = len;
971 	return 0;
972 }
973 
974 
975 static int x509_parse_alt_name_rid(struct x509_name *name,
976 				   const u8 *pos, size_t len)
977 {
978 	char buf[80];
979 
980 	/* registeredID OBJECT IDENTIFIER */
981 	if (asn1_parse_oid(pos, len, &name->rid) < 0)
982 		return -1;
983 
984 	asn1_oid_to_str(&name->rid, buf, sizeof(buf));
985 	wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
986 
987 	return 0;
988 }
989 
990 
991 static int x509_parse_ext_alt_name(struct x509_name *name,
992 				   const u8 *pos, size_t len)
993 {
994 	struct asn1_hdr hdr;
995 	const u8 *p, *end;
996 
997 	/*
998 	 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
999 	 *
1000 	 * GeneralName ::= CHOICE {
1001 	 *     otherName                       [0]     OtherName,
1002 	 *     rfc822Name                      [1]     IA5String,
1003 	 *     dNSName                         [2]     IA5String,
1004 	 *     x400Address                     [3]     ORAddress,
1005 	 *     directoryName                   [4]     Name,
1006 	 *     ediPartyName                    [5]     EDIPartyName,
1007 	 *     uniformResourceIdentifier       [6]     IA5String,
1008 	 *     iPAddress                       [7]     OCTET STRING,
1009 	 *     registeredID                    [8]     OBJECT IDENTIFIER }
1010 	 *
1011 	 * OtherName ::= SEQUENCE {
1012 	 *     type-id    OBJECT IDENTIFIER,
1013 	 *     value      [0] EXPLICIT ANY DEFINED BY type-id }
1014 	 *
1015 	 * EDIPartyName ::= SEQUENCE {
1016 	 *     nameAssigner            [0]     DirectoryString OPTIONAL,
1017 	 *     partyName               [1]     DirectoryString }
1018 	 */
1019 
1020 	for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
1021 		int res;
1022 
1023 		if (asn1_get_next(p, end - p, &hdr) < 0) {
1024 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
1025 				   "SubjectAltName item");
1026 			return -1;
1027 		}
1028 
1029 		if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
1030 			continue;
1031 
1032 		switch (hdr.tag) {
1033 		case 1:
1034 			res = x509_parse_alt_name_rfc8222(name, hdr.payload,
1035 							  hdr.length);
1036 			break;
1037 		case 2:
1038 			res = x509_parse_alt_name_dns(name, hdr.payload,
1039 						      hdr.length);
1040 			break;
1041 		case 6:
1042 			res = x509_parse_alt_name_uri(name, hdr.payload,
1043 						      hdr.length);
1044 			break;
1045 		case 7:
1046 			res = x509_parse_alt_name_ip(name, hdr.payload,
1047 						     hdr.length);
1048 			break;
1049 		case 8:
1050 			res = x509_parse_alt_name_rid(name, hdr.payload,
1051 						      hdr.length);
1052 			break;
1053 		case 0: /* TODO: otherName */
1054 		case 3: /* TODO: x500Address */
1055 		case 4: /* TODO: directoryName */
1056 		case 5: /* TODO: ediPartyName */
1057 		default:
1058 			res = 0;
1059 			break;
1060 		}
1061 		if (res < 0)
1062 			return res;
1063 	}
1064 
1065 	return 0;
1066 }
1067 
1068 
1069 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1070 					   const u8 *pos, size_t len)
1071 {
1072 	struct asn1_hdr hdr;
1073 
1074 	/* SubjectAltName ::= GeneralNames */
1075 
1076 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1077 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1078 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1079 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1080 			   "SubjectAltName; found %d tag 0x%x",
1081 			   hdr.class, hdr.tag);
1082 		return -1;
1083 	}
1084 
1085 	wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
1086 	cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1087 
1088 	if (hdr.length == 0)
1089 		return 0;
1090 
1091 	return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1092 				       hdr.length);
1093 }
1094 
1095 
1096 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1097 					  const u8 *pos, size_t len)
1098 {
1099 	struct asn1_hdr hdr;
1100 
1101 	/* IssuerAltName ::= GeneralNames */
1102 
1103 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1104 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1105 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1106 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1107 			   "IssuerAltName; found %d tag 0x%x",
1108 			   hdr.class, hdr.tag);
1109 		return -1;
1110 	}
1111 
1112 	wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
1113 	cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1114 
1115 	if (hdr.length == 0)
1116 		return 0;
1117 
1118 	return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1119 				       hdr.length);
1120 }
1121 
1122 
1123 static int x509_id_pkix_oid(struct asn1_oid *oid)
1124 {
1125 	return oid->len >= 7 &&
1126 		oid->oid[0] == 1 /* iso */ &&
1127 		oid->oid[1] == 3 /* identified-organization */ &&
1128 		oid->oid[2] == 6 /* dod */ &&
1129 		oid->oid[3] == 1 /* internet */ &&
1130 		oid->oid[4] == 5 /* security */ &&
1131 		oid->oid[5] == 5 /* mechanisms */ &&
1132 		oid->oid[6] == 7 /* id-pkix */;
1133 }
1134 
1135 
1136 static int x509_id_kp_oid(struct asn1_oid *oid)
1137 {
1138 	/* id-kp */
1139 	return oid->len >= 8 &&
1140 		x509_id_pkix_oid(oid) &&
1141 		oid->oid[7] == 3 /* id-kp */;
1142 }
1143 
1144 
1145 static int x509_id_kp_server_auth_oid(struct asn1_oid *oid)
1146 {
1147 	/* id-kp */
1148 	return oid->len == 9 &&
1149 		x509_id_kp_oid(oid) &&
1150 		oid->oid[8] == 1 /* id-kp-serverAuth */;
1151 }
1152 
1153 
1154 static int x509_id_kp_client_auth_oid(struct asn1_oid *oid)
1155 {
1156 	/* id-kp */
1157 	return oid->len == 9 &&
1158 		x509_id_kp_oid(oid) &&
1159 		oid->oid[8] == 2 /* id-kp-clientAuth */;
1160 }
1161 
1162 
1163 static int x509_id_kp_ocsp_oid(struct asn1_oid *oid)
1164 {
1165 	/* id-kp */
1166 	return oid->len == 9 &&
1167 		x509_id_kp_oid(oid) &&
1168 		oid->oid[8] == 9 /* id-kp-OCSPSigning */;
1169 }
1170 
1171 
1172 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
1173 					const u8 *pos, size_t len)
1174 {
1175 	struct asn1_hdr hdr;
1176 	const u8 *end;
1177 	struct asn1_oid oid;
1178 
1179 	/*
1180 	 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
1181 	 *
1182 	 * KeyPurposeId ::= OBJECT IDENTIFIER
1183 	 */
1184 
1185 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1186 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1187 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1188 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1189 			   "(ExtKeyUsageSyntax) - found class %d tag 0x%x",
1190 			   hdr.class, hdr.tag);
1191 		return -1;
1192 	}
1193 	if (hdr.length > pos + len - hdr.payload)
1194 		return -1;
1195 	pos = hdr.payload;
1196 	end = pos + hdr.length;
1197 
1198 	wpa_hexdump(MSG_MSGDUMP, "X509: ExtKeyUsageSyntax", pos, end - pos);
1199 
1200 	while (pos < end) {
1201 		char buf[80];
1202 
1203 		if (asn1_get_oid(pos, end - pos, &oid, &pos))
1204 			return -1;
1205 		if (x509_any_ext_key_usage_oid(&oid)) {
1206 			os_strlcpy(buf, "anyExtendedKeyUsage", sizeof(buf));
1207 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY;
1208 		} else if (x509_id_kp_server_auth_oid(&oid)) {
1209 			os_strlcpy(buf, "id-kp-serverAuth", sizeof(buf));
1210 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH;
1211 		} else if (x509_id_kp_client_auth_oid(&oid)) {
1212 			os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf));
1213 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
1214 		} else if (x509_id_kp_ocsp_oid(&oid)) {
1215 			os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf));
1216 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP;
1217 		} else {
1218 			asn1_oid_to_str(&oid, buf, sizeof(buf));
1219 		}
1220 		wpa_printf(MSG_DEBUG, "ExtKeyUsage KeyPurposeId: %s", buf);
1221 	}
1222 
1223 	cert->extensions_present |= X509_EXT_EXT_KEY_USAGE;
1224 
1225 	return 0;
1226 }
1227 
1228 
1229 static int x509_parse_extension_data(struct x509_certificate *cert,
1230 				     struct asn1_oid *oid,
1231 				     const u8 *pos, size_t len)
1232 {
1233 	if (!x509_id_ce_oid(oid))
1234 		return 1;
1235 
1236 	/* TODO: add other extensions required by RFC 3280, Ch 4.2:
1237 	 * certificate policies (section 4.2.1.5)
1238 	 * name constraints (section 4.2.1.11)
1239 	 * policy constraints (section 4.2.1.12)
1240 	 * inhibit any-policy (section 4.2.1.15)
1241 	 */
1242 	switch (oid->oid[3]) {
1243 	case 15: /* id-ce-keyUsage */
1244 		return x509_parse_ext_key_usage(cert, pos, len);
1245 	case 17: /* id-ce-subjectAltName */
1246 		return x509_parse_ext_subject_alt_name(cert, pos, len);
1247 	case 18: /* id-ce-issuerAltName */
1248 		return x509_parse_ext_issuer_alt_name(cert, pos, len);
1249 	case 19: /* id-ce-basicConstraints */
1250 		return x509_parse_ext_basic_constraints(cert, pos, len);
1251 	case 37: /* id-ce-extKeyUsage */
1252 		return x509_parse_ext_ext_key_usage(cert, pos, len);
1253 	default:
1254 		return 1;
1255 	}
1256 }
1257 
1258 
1259 static int x509_parse_extension(struct x509_certificate *cert,
1260 				const u8 *pos, size_t len, const u8 **next)
1261 {
1262 	const u8 *end;
1263 	struct asn1_hdr hdr;
1264 	struct asn1_oid oid;
1265 	int critical_ext = 0, res;
1266 	char buf[80];
1267 
1268 	/*
1269 	 * Extension  ::=  SEQUENCE  {
1270 	 *     extnID      OBJECT IDENTIFIER,
1271 	 *     critical    BOOLEAN DEFAULT FALSE,
1272 	 *     extnValue   OCTET STRING
1273 	 * }
1274 	 */
1275 
1276 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1277 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1278 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1279 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1280 			   "Extensions: class %d tag 0x%x; expected SEQUENCE",
1281 			   hdr.class, hdr.tag);
1282 		return -1;
1283 	}
1284 	pos = hdr.payload;
1285 	*next = end = pos + hdr.length;
1286 
1287 	if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
1288 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
1289 			   "Extension (expected OID)");
1290 		return -1;
1291 	}
1292 
1293 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1294 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1295 	    (hdr.tag != ASN1_TAG_BOOLEAN &&
1296 	     hdr.tag != ASN1_TAG_OCTETSTRING)) {
1297 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1298 			   "Extensions: class %d tag 0x%x; expected BOOLEAN "
1299 			   "or OCTET STRING", hdr.class, hdr.tag);
1300 		return -1;
1301 	}
1302 
1303 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
1304 		critical_ext = hdr.payload[0];
1305 		pos = hdr.payload;
1306 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1307 		    (hdr.class != ASN1_CLASS_UNIVERSAL &&
1308 		     hdr.class != ASN1_CLASS_PRIVATE) ||
1309 		    hdr.tag != ASN1_TAG_OCTETSTRING) {
1310 			wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
1311 				   "in Extensions: class %d tag 0x%x; "
1312 				   "expected OCTET STRING",
1313 				   hdr.class, hdr.tag);
1314 			return -1;
1315 		}
1316 	}
1317 
1318 	asn1_oid_to_str(&oid, buf, sizeof(buf));
1319 	wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
1320 		   buf, critical_ext);
1321 	wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
1322 
1323 	res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1324 	if (res < 0)
1325 		return res;
1326 	if (res == 1 && critical_ext) {
1327 		wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
1328 			   buf);
1329 		return -1;
1330 	}
1331 
1332 	return 0;
1333 }
1334 
1335 
1336 static int x509_parse_extensions(struct x509_certificate *cert,
1337 				 const u8 *pos, size_t len)
1338 {
1339 	const u8 *end;
1340 	struct asn1_hdr hdr;
1341 
1342 	/* Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension */
1343 
1344 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1345 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1346 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1347 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
1348 			   "for Extensions: class %d tag 0x%x; "
1349 			   "expected SEQUENCE", hdr.class, hdr.tag);
1350 		return -1;
1351 	}
1352 
1353 	pos = hdr.payload;
1354 	end = pos + hdr.length;
1355 
1356 	while (pos < end) {
1357 		if (x509_parse_extension(cert, pos, end - pos, &pos)
1358 		    < 0)
1359 			return -1;
1360 	}
1361 
1362 	return 0;
1363 }
1364 
1365 
1366 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
1367 				      struct x509_certificate *cert,
1368 				      const u8 **next)
1369 {
1370 	struct asn1_hdr hdr;
1371 	const u8 *pos, *end;
1372 	size_t left;
1373 	char sbuf[128];
1374 	unsigned long value;
1375 	const u8 *subject_dn;
1376 
1377 	/* tbsCertificate TBSCertificate ::= SEQUENCE */
1378 	if (asn1_get_next(buf, len, &hdr) < 0 ||
1379 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1380 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1381 		wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
1382 			   "with a valid SEQUENCE - found class %d tag 0x%x",
1383 			   hdr.class, hdr.tag);
1384 		return -1;
1385 	}
1386 	pos = hdr.payload;
1387 	end = *next = pos + hdr.length;
1388 
1389 	/*
1390 	 * version [0]  EXPLICIT Version DEFAULT v1
1391 	 * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
1392 	 */
1393 	if (asn1_get_next(pos, end - pos, &hdr) < 0)
1394 		return -1;
1395 	pos = hdr.payload;
1396 
1397 	if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
1398 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
1399 			return -1;
1400 
1401 		if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1402 		    hdr.tag != ASN1_TAG_INTEGER) {
1403 			wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1404 				   "version field - found class %d tag 0x%x",
1405 				   hdr.class, hdr.tag);
1406 			return -1;
1407 		}
1408 		if (hdr.length != 1) {
1409 			wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
1410 				   "length %u (expected 1)", hdr.length);
1411 			return -1;
1412 		}
1413 		pos = hdr.payload;
1414 		left = hdr.length;
1415 		value = 0;
1416 		while (left) {
1417 			value <<= 8;
1418 			value |= *pos++;
1419 			left--;
1420 		}
1421 
1422 		cert->version = value;
1423 		if (cert->version != X509_CERT_V1 &&
1424 		    cert->version != X509_CERT_V2 &&
1425 		    cert->version != X509_CERT_V3) {
1426 			wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
1427 				   cert->version + 1);
1428 			return -1;
1429 		}
1430 
1431 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
1432 			return -1;
1433 	} else
1434 		cert->version = X509_CERT_V1;
1435 	wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1436 
1437 	/* serialNumber CertificateSerialNumber ::= INTEGER */
1438 	if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1439 	    hdr.tag != ASN1_TAG_INTEGER ||
1440 	    hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) {
1441 		wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1442 			   "serialNumber; class=%d tag=0x%x length=%u",
1443 			   hdr.class, hdr.tag, hdr.length);
1444 		return -1;
1445 	}
1446 
1447 	pos = hdr.payload + hdr.length;
1448 	while (hdr.length > 0 && hdr.payload[0] == 0) {
1449 		hdr.payload++;
1450 		hdr.length--;
1451 	}
1452 	os_memcpy(cert->serial_number, hdr.payload, hdr.length);
1453 	cert->serial_number_len = hdr.length;
1454 	wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number,
1455 		    cert->serial_number_len);
1456 
1457 	/* signature AlgorithmIdentifier */
1458 	if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1459 					    &pos))
1460 		return -1;
1461 
1462 	/* issuer Name */
1463 	if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1464 		return -1;
1465 	x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1466 	wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
1467 
1468 	/* validity Validity */
1469 	if (x509_parse_validity(pos, end - pos, cert, &pos))
1470 		return -1;
1471 
1472 	/* subject Name */
1473 	subject_dn = pos;
1474 	if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1475 		return -1;
1476 	cert->subject_dn = os_malloc(pos - subject_dn);
1477 	if (!cert->subject_dn)
1478 		return -1;
1479 	cert->subject_dn_len = pos - subject_dn;
1480 	os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
1481 	x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1482 	wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
1483 
1484 	/* subjectPublicKeyInfo SubjectPublicKeyInfo */
1485 	if (x509_parse_public_key(pos, end - pos, cert, &pos))
1486 		return -1;
1487 
1488 	if (pos == end)
1489 		return 0;
1490 
1491 	if (cert->version == X509_CERT_V1)
1492 		return 0;
1493 
1494 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1495 	    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1496 		wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1497 			   " tag to parse optional tbsCertificate "
1498 			   "field(s); parsed class %d tag 0x%x",
1499 			   hdr.class, hdr.tag);
1500 		return -1;
1501 	}
1502 
1503 	if (hdr.tag == 1) {
1504 		/* issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL */
1505 		wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
1506 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
1507 
1508 		pos = hdr.payload + hdr.length;
1509 		if (pos == end)
1510 			return 0;
1511 
1512 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1513 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1514 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1515 				   " tag to parse optional tbsCertificate "
1516 				   "field(s); parsed class %d tag 0x%x",
1517 				   hdr.class, hdr.tag);
1518 			return -1;
1519 		}
1520 	}
1521 
1522 	if (hdr.tag == 2) {
1523 		/* subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL */
1524 		wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
1525 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
1526 
1527 		pos = hdr.payload + hdr.length;
1528 		if (pos == end)
1529 			return 0;
1530 
1531 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1532 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1533 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1534 				   " tag to parse optional tbsCertificate "
1535 				   "field(s); parsed class %d tag 0x%x",
1536 				   hdr.class, hdr.tag);
1537 			return -1;
1538 		}
1539 	}
1540 
1541 	if (hdr.tag != 3) {
1542 		wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
1543 			   "Context-Specific tag %d in optional "
1544 			   "tbsCertificate fields", hdr.tag);
1545 		return 0;
1546 	}
1547 
1548 	/* extensions      [3]  EXPLICIT Extensions OPTIONAL */
1549 
1550 	if (cert->version != X509_CERT_V3) {
1551 		wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
1552 			   "Extensions data which are only allowed for "
1553 			   "version 3", cert->version + 1);
1554 		return -1;
1555 	}
1556 
1557 	if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1558 		return -1;
1559 
1560 	pos = hdr.payload + hdr.length;
1561 	if (pos < end) {
1562 		wpa_hexdump(MSG_DEBUG,
1563 			    "X509: Ignored extra tbsCertificate data",
1564 			    pos, end - pos);
1565 	}
1566 
1567 	return 0;
1568 }
1569 
1570 
1571 static int x509_rsadsi_oid(struct asn1_oid *oid)
1572 {
1573 	return oid->len >= 4 &&
1574 		oid->oid[0] == 1 /* iso */ &&
1575 		oid->oid[1] == 2 /* member-body */ &&
1576 		oid->oid[2] == 840 /* us */ &&
1577 		oid->oid[3] == 113549 /* rsadsi */;
1578 }
1579 
1580 
1581 static int x509_pkcs_oid(struct asn1_oid *oid)
1582 {
1583 	return oid->len >= 5 &&
1584 		x509_rsadsi_oid(oid) &&
1585 		oid->oid[4] == 1 /* pkcs */;
1586 }
1587 
1588 
1589 static int x509_digest_oid(struct asn1_oid *oid)
1590 {
1591 	return oid->len >= 5 &&
1592 		x509_rsadsi_oid(oid) &&
1593 		oid->oid[4] == 2 /* digestAlgorithm */;
1594 }
1595 
1596 
1597 int x509_sha1_oid(struct asn1_oid *oid)
1598 {
1599 	return oid->len == 6 &&
1600 		oid->oid[0] == 1 /* iso */ &&
1601 		oid->oid[1] == 3 /* identified-organization */ &&
1602 		oid->oid[2] == 14 /* oiw */ &&
1603 		oid->oid[3] == 3 /* secsig */ &&
1604 		oid->oid[4] == 2 /* algorithms */ &&
1605 		oid->oid[5] == 26 /* id-sha1 */;
1606 }
1607 
1608 
1609 static int x509_sha2_oid(struct asn1_oid *oid)
1610 {
1611 	return oid->len == 9 &&
1612 		oid->oid[0] == 2 /* joint-iso-itu-t */ &&
1613 		oid->oid[1] == 16 /* country */ &&
1614 		oid->oid[2] == 840 /* us */ &&
1615 		oid->oid[3] == 1 /* organization */ &&
1616 		oid->oid[4] == 101 /* gov */ &&
1617 		oid->oid[5] == 3 /* csor */ &&
1618 		oid->oid[6] == 4 /* nistAlgorithm */ &&
1619 		oid->oid[7] == 2 /* hashAlgs */;
1620 }
1621 
1622 
1623 int x509_sha256_oid(struct asn1_oid *oid)
1624 {
1625 	return x509_sha2_oid(oid) &&
1626 		oid->oid[8] == 1 /* sha256 */;
1627 }
1628 
1629 
1630 int x509_sha384_oid(struct asn1_oid *oid)
1631 {
1632 	return x509_sha2_oid(oid) &&
1633 		oid->oid[8] == 2 /* sha384 */;
1634 }
1635 
1636 
1637 int x509_sha512_oid(struct asn1_oid *oid)
1638 {
1639 	return x509_sha2_oid(oid) &&
1640 		oid->oid[8] == 3 /* sha512 */;
1641 }
1642 
1643 
1644 /**
1645  * x509_certificate_parse - Parse a X.509 certificate in DER format
1646  * @buf: Pointer to the X.509 certificate in DER format
1647  * @len: Buffer length
1648  * Returns: Pointer to the parsed certificate or %NULL on failure
1649  *
1650  * Caller is responsible for freeing the returned certificate by calling
1651  * x509_certificate_free().
1652  */
1653 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
1654 {
1655 	struct asn1_hdr hdr;
1656 	const u8 *pos, *end, *hash_start;
1657 	struct x509_certificate *cert;
1658 
1659 	cert = os_zalloc(sizeof(*cert) + len);
1660 	if (cert == NULL)
1661 		return NULL;
1662 	os_memcpy(cert + 1, buf, len);
1663 	cert->cert_start = (u8 *) (cert + 1);
1664 	cert->cert_len = len;
1665 
1666 	pos = buf;
1667 	end = buf + len;
1668 
1669 	/* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
1670 
1671 	/* Certificate ::= SEQUENCE */
1672 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1673 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1674 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1675 		wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
1676 			   "a valid SEQUENCE - found class %d tag 0x%x",
1677 			   hdr.class, hdr.tag);
1678 		x509_certificate_free(cert);
1679 		return NULL;
1680 	}
1681 	pos = hdr.payload;
1682 
1683 	if (hdr.length > end - pos) {
1684 		x509_certificate_free(cert);
1685 		return NULL;
1686 	}
1687 
1688 	if (hdr.length < end - pos) {
1689 		wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
1690 			    "encoded certificate",
1691 			    pos + hdr.length, end - (pos + hdr.length));
1692 		end = pos + hdr.length;
1693 	}
1694 
1695 	hash_start = pos;
1696 	cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1697 	if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1698 		x509_certificate_free(cert);
1699 		return NULL;
1700 	}
1701 	cert->tbs_cert_len = pos - hash_start;
1702 
1703 	/* signatureAlgorithm AlgorithmIdentifier */
1704 	if (x509_parse_algorithm_identifier(pos, end - pos,
1705 					    &cert->signature_alg, &pos)) {
1706 		x509_certificate_free(cert);
1707 		return NULL;
1708 	}
1709 
1710 	/* signatureValue BIT STRING */
1711 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1712 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1713 	    hdr.tag != ASN1_TAG_BITSTRING) {
1714 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
1715 			   "(signatureValue) - found class %d tag 0x%x",
1716 			   hdr.class, hdr.tag);
1717 		x509_certificate_free(cert);
1718 		return NULL;
1719 	}
1720 	if (hdr.length < 1) {
1721 		x509_certificate_free(cert);
1722 		return NULL;
1723 	}
1724 	pos = hdr.payload;
1725 	if (*pos) {
1726 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
1727 			   *pos);
1728 		/* PKCS #1 v1.5 10.2.1:
1729 		 * It is an error if the length in bits of the signature S is
1730 		 * not a multiple of eight.
1731 		 */
1732 		x509_certificate_free(cert);
1733 		return NULL;
1734 	}
1735 	os_free(cert->sign_value);
1736 	cert->sign_value = os_memdup(pos + 1, hdr.length - 1);
1737 	if (cert->sign_value == NULL) {
1738 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
1739 			   "signatureValue");
1740 		x509_certificate_free(cert);
1741 		return NULL;
1742 	}
1743 	cert->sign_value_len = hdr.length - 1;
1744 	wpa_hexdump(MSG_MSGDUMP, "X509: signature",
1745 		    cert->sign_value, cert->sign_value_len);
1746 
1747 	return cert;
1748 }
1749 
1750 
1751 /**
1752  * x509_certificate_check_signature - Verify certificate signature
1753  * @issuer: Issuer certificate
1754  * @cert: Certificate to be verified
1755  * Returns: 0 if cert has a valid signature that was signed by the issuer,
1756  * -1 if not
1757  */
1758 int x509_certificate_check_signature(struct x509_certificate *issuer,
1759 				     struct x509_certificate *cert)
1760 {
1761 	return x509_check_signature(issuer, &cert->signature,
1762 				    cert->sign_value, cert->sign_value_len,
1763 				    cert->tbs_cert_start, cert->tbs_cert_len);
1764 }
1765 
1766 
1767 int x509_check_signature(struct x509_certificate *issuer,
1768 			 struct x509_algorithm_identifier *signature,
1769 			 const u8 *sign_value, size_t sign_value_len,
1770 			 const u8 *signed_data, size_t signed_data_len)
1771 {
1772 	struct crypto_public_key *pk;
1773 	u8 *data;
1774 	const u8 *pos, *end, *next, *da_end;
1775 	size_t data_len;
1776 	struct asn1_hdr hdr;
1777 	struct asn1_oid oid;
1778 	u8 hash[64];
1779 	size_t hash_len;
1780 	const u8 *addr[1] = { signed_data };
1781 	size_t len[1] = { signed_data_len };
1782 
1783 	if (!x509_pkcs_oid(&signature->oid) ||
1784 	    signature->oid.len != 7 ||
1785 	    signature->oid.oid[5] != 1 /* pkcs-1 */) {
1786 		wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
1787 			   "algorithm");
1788 		return -1;
1789 	}
1790 
1791 	pk = crypto_public_key_import(issuer->public_key,
1792 				      issuer->public_key_len);
1793 	if (pk == NULL)
1794 		return -1;
1795 
1796 	data_len = sign_value_len;
1797 	data = os_malloc(data_len);
1798 	if (data == NULL) {
1799 		crypto_public_key_free(pk);
1800 		return -1;
1801 	}
1802 
1803 	if (crypto_public_key_decrypt_pkcs1(pk, sign_value,
1804 					    sign_value_len, data,
1805 					    &data_len) < 0) {
1806 		wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
1807 		crypto_public_key_free(pk);
1808 		os_free(data);
1809 		return -1;
1810 	}
1811 	crypto_public_key_free(pk);
1812 
1813 	wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
1814 
1815 	/*
1816 	 * PKCS #1 v1.5, 10.1.2:
1817 	 *
1818 	 * DigestInfo ::= SEQUENCE {
1819 	 *     digestAlgorithm DigestAlgorithmIdentifier,
1820 	 *     digest Digest
1821 	 * }
1822 	 *
1823 	 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1824 	 *
1825 	 * Digest ::= OCTET STRING
1826 	 *
1827 	 */
1828 	if (asn1_get_next(data, data_len, &hdr) < 0 ||
1829 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1830 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1831 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1832 			   "(DigestInfo) - found class %d tag 0x%x",
1833 			   hdr.class, hdr.tag);
1834 		os_free(data);
1835 		return -1;
1836 	}
1837 
1838 	pos = hdr.payload;
1839 	end = pos + hdr.length;
1840 
1841 	/*
1842 	 * X.509:
1843 	 * AlgorithmIdentifier ::= SEQUENCE {
1844 	 *     algorithm            OBJECT IDENTIFIER,
1845 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
1846 	 * }
1847 	 */
1848 
1849 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1850 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1851 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1852 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1853 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
1854 			   hdr.class, hdr.tag);
1855 		os_free(data);
1856 		return -1;
1857 	}
1858 	da_end = hdr.payload + hdr.length;
1859 
1860 	if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
1861 		wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
1862 		os_free(data);
1863 		return -1;
1864 	}
1865 
1866 	if (x509_sha1_oid(&oid)) {
1867 		if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
1868 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
1869 				   "does not match with certificate "
1870 				   "signatureAlgorithm (%lu)",
1871 				   signature->oid.oid[6]);
1872 			os_free(data);
1873 			return -1;
1874 		}
1875 		goto skip_digest_oid;
1876 	}
1877 
1878 	if (x509_sha256_oid(&oid)) {
1879 		if (signature->oid.oid[6] !=
1880 		    11 /* sha2561WithRSAEncryption */) {
1881 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
1882 				   "does not match with certificate "
1883 				   "signatureAlgorithm (%lu)",
1884 				   signature->oid.oid[6]);
1885 			os_free(data);
1886 			return -1;
1887 		}
1888 		goto skip_digest_oid;
1889 	}
1890 
1891 	if (x509_sha384_oid(&oid)) {
1892 		if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) {
1893 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 "
1894 				   "does not match with certificate "
1895 				   "signatureAlgorithm (%lu)",
1896 				   signature->oid.oid[6]);
1897 			os_free(data);
1898 			return -1;
1899 		}
1900 		goto skip_digest_oid;
1901 	}
1902 
1903 	if (x509_sha512_oid(&oid)) {
1904 		if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) {
1905 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 "
1906 				   "does not match with certificate "
1907 				   "signatureAlgorithm (%lu)",
1908 				   signature->oid.oid[6]);
1909 			os_free(data);
1910 			return -1;
1911 		}
1912 		goto skip_digest_oid;
1913 	}
1914 
1915 	if (!x509_digest_oid(&oid)) {
1916 		wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
1917 		os_free(data);
1918 		return -1;
1919 	}
1920 	switch (oid.oid[5]) {
1921 	case 5: /* md5 */
1922 		if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) {
1923 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
1924 				   "not match with certificate "
1925 				   "signatureAlgorithm (%lu)",
1926 				   signature->oid.oid[6]);
1927 			os_free(data);
1928 			return -1;
1929 		}
1930 		break;
1931 	case 2: /* md2 */
1932 	case 4: /* md4 */
1933 	default:
1934 		wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
1935 			   "(%lu)", oid.oid[5]);
1936 		os_free(data);
1937 		return -1;
1938 	}
1939 
1940 skip_digest_oid:
1941 	/* Digest ::= OCTET STRING */
1942 	pos = da_end;
1943 	end = data + data_len;
1944 
1945 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1946 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1947 	    hdr.tag != ASN1_TAG_OCTETSTRING) {
1948 		wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
1949 			   "(Digest) - found class %d tag 0x%x",
1950 			   hdr.class, hdr.tag);
1951 		os_free(data);
1952 		return -1;
1953 	}
1954 	wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
1955 		    hdr.payload, hdr.length);
1956 
1957 	switch (signature->oid.oid[6]) {
1958 	case 4: /* md5WithRSAEncryption */
1959 		md5_vector(1, addr, len, hash);
1960 		hash_len = 16;
1961 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
1962 			    hash, hash_len);
1963 		break;
1964 	case 5: /* sha-1WithRSAEncryption */
1965 		sha1_vector(1, addr, len, hash);
1966 		hash_len = 20;
1967 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
1968 			    hash, hash_len);
1969 		break;
1970 	case 11: /* sha256WithRSAEncryption */
1971 		sha256_vector(1, addr, len, hash);
1972 		hash_len = 32;
1973 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
1974 			    hash, hash_len);
1975 		break;
1976 	case 12: /* sha384WithRSAEncryption */
1977 		sha384_vector(1, addr, len, hash);
1978 		hash_len = 48;
1979 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)",
1980 			    hash, hash_len);
1981 		break;
1982 	case 13: /* sha512WithRSAEncryption */
1983 		sha512_vector(1, addr, len, hash);
1984 		hash_len = 64;
1985 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)",
1986 			    hash, hash_len);
1987 		break;
1988 	case 2: /* md2WithRSAEncryption */
1989 	default:
1990 		wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
1991 			   "algorithm (%lu)", signature->oid.oid[6]);
1992 		os_free(data);
1993 		return -1;
1994 	}
1995 
1996 	if (hdr.length != hash_len ||
1997 	    os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
1998 		wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
1999 			   "with calculated tbsCertificate hash");
2000 		os_free(data);
2001 		return -1;
2002 	}
2003 
2004 	if (hdr.payload + hdr.length < data + data_len) {
2005 		wpa_hexdump(MSG_INFO,
2006 			    "X509: Extra data after certificate signature hash",
2007 			    hdr.payload + hdr.length,
2008 			    data + data_len - hdr.payload - hdr.length);
2009 		os_free(data);
2010 		return -1;
2011 	}
2012 
2013 	os_free(data);
2014 
2015 	wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
2016 		   "calculated tbsCertificate hash");
2017 
2018 	return 0;
2019 }
2020 
2021 
2022 static int x509_valid_issuer(const struct x509_certificate *cert)
2023 {
2024 	if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
2025 	    !cert->ca) {
2026 		wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
2027 			   "issuer");
2028 		return -1;
2029 	}
2030 
2031 	if (cert->version == X509_CERT_V3 &&
2032 	    !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
2033 		wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
2034 			   "include BasicConstraints extension");
2035 		return -1;
2036 	}
2037 
2038 	if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
2039 	    !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
2040 		wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
2041 			   "keyCertSign bit in Key Usage");
2042 		return -1;
2043 	}
2044 
2045 	return 0;
2046 }
2047 
2048 
2049 /**
2050  * x509_certificate_chain_validate - Validate X.509 certificate chain
2051  * @trusted: List of trusted certificates
2052  * @chain: Certificate chain to be validated (first chain must be issued by
2053  * signed by the second certificate in the chain and so on)
2054  * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
2055  * Returns: 0 if chain is valid, -1 if not
2056  */
2057 int x509_certificate_chain_validate(struct x509_certificate *trusted,
2058 				    struct x509_certificate *chain,
2059 				    int *reason, int disable_time_checks)
2060 {
2061 	long unsigned idx;
2062 	int chain_trusted = 0;
2063 	struct x509_certificate *cert, *trust;
2064 	char buf[128];
2065 	struct os_time now;
2066 
2067 	*reason = X509_VALIDATE_OK;
2068 
2069 	wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
2070 	os_get_time(&now);
2071 
2072 	for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
2073 		cert->issuer_trusted = 0;
2074 		x509_name_string(&cert->subject, buf, sizeof(buf));
2075 		wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
2076 
2077 		if (chain_trusted)
2078 			continue;
2079 
2080 		if (!disable_time_checks &&
2081 		    ((unsigned long) now.sec <
2082 		     (unsigned long) cert->not_before ||
2083 		     (unsigned long) now.sec >
2084 		     (unsigned long) cert->not_after)) {
2085 			wpa_printf(MSG_INFO, "X509: Certificate not valid "
2086 				   "(now=%lu not_before=%lu not_after=%lu)",
2087 				   now.sec, cert->not_before, cert->not_after);
2088 			*reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
2089 			return -1;
2090 		}
2091 
2092 		if (cert->next) {
2093 			if (x509_name_compare(&cert->issuer,
2094 					      &cert->next->subject) != 0) {
2095 				wpa_printf(MSG_DEBUG, "X509: Certificate "
2096 					   "chain issuer name mismatch");
2097 				x509_name_string(&cert->issuer, buf,
2098 						 sizeof(buf));
2099 				wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
2100 					   buf);
2101 				x509_name_string(&cert->next->subject, buf,
2102 						 sizeof(buf));
2103 				wpa_printf(MSG_DEBUG, "X509: next cert "
2104 					   "subject: %s", buf);
2105 				*reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
2106 				return -1;
2107 			}
2108 
2109 			if (x509_valid_issuer(cert->next) < 0) {
2110 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2111 				return -1;
2112 			}
2113 
2114 			if ((cert->next->extensions_present &
2115 			     X509_EXT_PATH_LEN_CONSTRAINT) &&
2116 			    idx > cert->next->path_len_constraint) {
2117 				wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
2118 					   " not met (idx=%lu issuer "
2119 					   "pathLenConstraint=%lu)", idx,
2120 					   cert->next->path_len_constraint);
2121 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2122 				return -1;
2123 			}
2124 
2125 			if (x509_certificate_check_signature(cert->next, cert)
2126 			    < 0) {
2127 				wpa_printf(MSG_DEBUG, "X509: Invalid "
2128 					   "certificate signature within "
2129 					   "chain");
2130 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2131 				return -1;
2132 			}
2133 		}
2134 
2135 		for (trust = trusted; trust; trust = trust->next) {
2136 			if (x509_name_compare(&cert->issuer, &trust->subject)
2137 			    == 0)
2138 				break;
2139 		}
2140 
2141 		if (trust) {
2142 			wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
2143 				   "list of trusted certificates");
2144 			if (x509_valid_issuer(trust) < 0) {
2145 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2146 				return -1;
2147 			}
2148 
2149 			if (x509_certificate_check_signature(trust, cert) < 0)
2150 			{
2151 				wpa_printf(MSG_DEBUG, "X509: Invalid "
2152 					   "certificate signature");
2153 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
2154 				return -1;
2155 			}
2156 
2157 			wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
2158 				   "found to complete the chain");
2159 			cert->issuer_trusted = 1;
2160 			chain_trusted = 1;
2161 		}
2162 	}
2163 
2164 	if (!chain_trusted) {
2165 		wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
2166 			   "from the list of trusted certificates");
2167 		if (trusted) {
2168 			*reason = X509_VALIDATE_UNKNOWN_CA;
2169 			return -1;
2170 		}
2171 		wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
2172 			   "disabled - ignore unknown CA issue");
2173 	}
2174 
2175 	wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
2176 
2177 	return 0;
2178 }
2179 
2180 
2181 /**
2182  * x509_certificate_get_subject - Get a certificate based on Subject name
2183  * @chain: Certificate chain to search through
2184  * @name: Subject name to search for
2185  * Returns: Pointer to the certificate with the given Subject name or
2186  * %NULL on failure
2187  */
2188 struct x509_certificate *
2189 x509_certificate_get_subject(struct x509_certificate *chain,
2190 			     struct x509_name *name)
2191 {
2192 	struct x509_certificate *cert;
2193 
2194 	for (cert = chain; cert; cert = cert->next) {
2195 		if (x509_name_compare(&cert->subject, name) == 0)
2196 			return cert;
2197 	}
2198 	return NULL;
2199 }
2200 
2201 
2202 /**
2203  * x509_certificate_self_signed - Is the certificate self-signed?
2204  * @cert: Certificate
2205  * Returns: 1 if certificate is self-signed, 0 if not
2206  */
2207 int x509_certificate_self_signed(struct x509_certificate *cert)
2208 {
2209 	return x509_name_compare(&cert->issuer, &cert->subject) == 0;
2210 }
2211