1 /* X.509 certificate parser 2 * 3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) "X.509: "fmt 13 #include <linux/kernel.h> 14 #include <linux/export.h> 15 #include <linux/slab.h> 16 #include <linux/err.h> 17 #include <linux/oid_registry.h> 18 #include <crypto/public_key.h> 19 #include "x509_parser.h" 20 #include "x509.asn1.h" 21 #include "x509_akid.asn1.h" 22 23 struct x509_parse_context { 24 struct x509_certificate *cert; /* Certificate being constructed */ 25 unsigned long data; /* Start of data */ 26 const void *cert_start; /* Start of cert content */ 27 const void *key; /* Key data */ 28 size_t key_size; /* Size of key data */ 29 enum OID last_oid; /* Last OID encountered */ 30 enum OID algo_oid; /* Algorithm OID */ 31 unsigned char nr_mpi; /* Number of MPIs stored */ 32 u8 o_size; /* Size of organizationName (O) */ 33 u8 cn_size; /* Size of commonName (CN) */ 34 u8 email_size; /* Size of emailAddress */ 35 u16 o_offset; /* Offset of organizationName (O) */ 36 u16 cn_offset; /* Offset of commonName (CN) */ 37 u16 email_offset; /* Offset of emailAddress */ 38 unsigned raw_akid_size; 39 const void *raw_akid; /* Raw authorityKeyId in ASN.1 */ 40 const void *akid_raw_issuer; /* Raw directoryName in authorityKeyId */ 41 unsigned akid_raw_issuer_size; 42 }; 43 44 /* 45 * Free an X.509 certificate 46 */ 47 void x509_free_certificate(struct x509_certificate *cert) 48 { 49 if (cert) { 50 public_key_free(cert->pub); 51 public_key_signature_free(cert->sig); 52 kfree(cert->issuer); 53 kfree(cert->subject); 54 kfree(cert->id); 55 kfree(cert->skid); 56 kfree(cert); 57 } 58 } 59 EXPORT_SYMBOL_GPL(x509_free_certificate); 60 61 /* 62 * Parse an X.509 certificate 63 */ 64 struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) 65 { 66 struct x509_certificate *cert; 67 struct x509_parse_context *ctx; 68 struct asymmetric_key_id *kid; 69 long ret; 70 71 ret = -ENOMEM; 72 cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL); 73 if (!cert) 74 goto error_no_cert; 75 cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); 76 if (!cert->pub) 77 goto error_no_ctx; 78 cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL); 79 if (!cert->sig) 80 goto error_no_ctx; 81 ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL); 82 if (!ctx) 83 goto error_no_ctx; 84 85 ctx->cert = cert; 86 ctx->data = (unsigned long)data; 87 88 /* Attempt to decode the certificate */ 89 ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen); 90 if (ret < 0) 91 goto error_decode; 92 93 /* Decode the AuthorityKeyIdentifier */ 94 if (ctx->raw_akid) { 95 pr_devel("AKID: %u %*phN\n", 96 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid); 97 ret = asn1_ber_decoder(&x509_akid_decoder, ctx, 98 ctx->raw_akid, ctx->raw_akid_size); 99 if (ret < 0) { 100 pr_warn("Couldn't decode AuthKeyIdentifier\n"); 101 goto error_decode; 102 } 103 } 104 105 ret = -ENOMEM; 106 cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL); 107 if (!cert->pub->key) 108 goto error_decode; 109 110 cert->pub->keylen = ctx->key_size; 111 112 /* Grab the signature bits */ 113 ret = x509_get_sig_params(cert); 114 if (ret < 0) 115 goto error_decode; 116 117 /* Generate cert issuer + serial number key ID */ 118 kid = asymmetric_key_generate_id(cert->raw_serial, 119 cert->raw_serial_size, 120 cert->raw_issuer, 121 cert->raw_issuer_size); 122 if (IS_ERR(kid)) { 123 ret = PTR_ERR(kid); 124 goto error_decode; 125 } 126 cert->id = kid; 127 128 /* Detect self-signed certificates */ 129 ret = x509_check_for_self_signed(cert); 130 if (ret < 0) 131 goto error_decode; 132 133 kfree(ctx); 134 return cert; 135 136 error_decode: 137 kfree(ctx); 138 error_no_ctx: 139 x509_free_certificate(cert); 140 error_no_cert: 141 return ERR_PTR(ret); 142 } 143 EXPORT_SYMBOL_GPL(x509_cert_parse); 144 145 /* 146 * Note an OID when we find one for later processing when we know how 147 * to interpret it. 148 */ 149 int x509_note_OID(void *context, size_t hdrlen, 150 unsigned char tag, 151 const void *value, size_t vlen) 152 { 153 struct x509_parse_context *ctx = context; 154 155 ctx->last_oid = look_up_OID(value, vlen); 156 if (ctx->last_oid == OID__NR) { 157 char buffer[50]; 158 sprint_oid(value, vlen, buffer, sizeof(buffer)); 159 pr_debug("Unknown OID: [%lu] %s\n", 160 (unsigned long)value - ctx->data, buffer); 161 } 162 return 0; 163 } 164 165 /* 166 * Save the position of the TBS data so that we can check the signature over it 167 * later. 168 */ 169 int x509_note_tbs_certificate(void *context, size_t hdrlen, 170 unsigned char tag, 171 const void *value, size_t vlen) 172 { 173 struct x509_parse_context *ctx = context; 174 175 pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n", 176 hdrlen, tag, (unsigned long)value - ctx->data, vlen); 177 178 ctx->cert->tbs = value - hdrlen; 179 ctx->cert->tbs_size = vlen + hdrlen; 180 return 0; 181 } 182 183 /* 184 * Record the public key algorithm 185 */ 186 int x509_note_pkey_algo(void *context, size_t hdrlen, 187 unsigned char tag, 188 const void *value, size_t vlen) 189 { 190 struct x509_parse_context *ctx = context; 191 192 pr_debug("PubKey Algo: %u\n", ctx->last_oid); 193 194 switch (ctx->last_oid) { 195 case OID_md2WithRSAEncryption: 196 case OID_md3WithRSAEncryption: 197 default: 198 return -ENOPKG; /* Unsupported combination */ 199 200 case OID_md4WithRSAEncryption: 201 ctx->cert->sig->hash_algo = "md4"; 202 goto rsa_pkcs1; 203 204 case OID_sha1WithRSAEncryption: 205 ctx->cert->sig->hash_algo = "sha1"; 206 goto rsa_pkcs1; 207 208 case OID_sha256WithRSAEncryption: 209 ctx->cert->sig->hash_algo = "sha256"; 210 goto rsa_pkcs1; 211 212 case OID_sha384WithRSAEncryption: 213 ctx->cert->sig->hash_algo = "sha384"; 214 goto rsa_pkcs1; 215 216 case OID_sha512WithRSAEncryption: 217 ctx->cert->sig->hash_algo = "sha512"; 218 goto rsa_pkcs1; 219 220 case OID_sha224WithRSAEncryption: 221 ctx->cert->sig->hash_algo = "sha224"; 222 goto rsa_pkcs1; 223 } 224 225 rsa_pkcs1: 226 ctx->cert->sig->pkey_algo = "rsa"; 227 ctx->cert->sig->encoding = "pkcs1"; 228 ctx->algo_oid = ctx->last_oid; 229 return 0; 230 } 231 232 /* 233 * Note the whereabouts and type of the signature. 234 */ 235 int x509_note_signature(void *context, size_t hdrlen, 236 unsigned char tag, 237 const void *value, size_t vlen) 238 { 239 struct x509_parse_context *ctx = context; 240 241 pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen); 242 243 if (ctx->last_oid != ctx->algo_oid) { 244 pr_warn("Got cert with pkey (%u) and sig (%u) algorithm OIDs\n", 245 ctx->algo_oid, ctx->last_oid); 246 return -EINVAL; 247 } 248 249 if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) { 250 /* Discard the BIT STRING metadata */ 251 if (vlen < 1 || *(const u8 *)value != 0) 252 return -EBADMSG; 253 254 value++; 255 vlen--; 256 } 257 258 ctx->cert->raw_sig = value; 259 ctx->cert->raw_sig_size = vlen; 260 return 0; 261 } 262 263 /* 264 * Note the certificate serial number 265 */ 266 int x509_note_serial(void *context, size_t hdrlen, 267 unsigned char tag, 268 const void *value, size_t vlen) 269 { 270 struct x509_parse_context *ctx = context; 271 ctx->cert->raw_serial = value; 272 ctx->cert->raw_serial_size = vlen; 273 return 0; 274 } 275 276 /* 277 * Note some of the name segments from which we'll fabricate a name. 278 */ 279 int x509_extract_name_segment(void *context, size_t hdrlen, 280 unsigned char tag, 281 const void *value, size_t vlen) 282 { 283 struct x509_parse_context *ctx = context; 284 285 switch (ctx->last_oid) { 286 case OID_commonName: 287 ctx->cn_size = vlen; 288 ctx->cn_offset = (unsigned long)value - ctx->data; 289 break; 290 case OID_organizationName: 291 ctx->o_size = vlen; 292 ctx->o_offset = (unsigned long)value - ctx->data; 293 break; 294 case OID_email_address: 295 ctx->email_size = vlen; 296 ctx->email_offset = (unsigned long)value - ctx->data; 297 break; 298 default: 299 break; 300 } 301 302 return 0; 303 } 304 305 /* 306 * Fabricate and save the issuer and subject names 307 */ 308 static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen, 309 unsigned char tag, 310 char **_name, size_t vlen) 311 { 312 const void *name, *data = (const void *)ctx->data; 313 size_t namesize; 314 char *buffer; 315 316 if (*_name) 317 return -EINVAL; 318 319 /* Empty name string if no material */ 320 if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { 321 buffer = kmalloc(1, GFP_KERNEL); 322 if (!buffer) 323 return -ENOMEM; 324 buffer[0] = 0; 325 goto done; 326 } 327 328 if (ctx->cn_size && ctx->o_size) { 329 /* Consider combining O and CN, but use only the CN if it is 330 * prefixed by the O, or a significant portion thereof. 331 */ 332 namesize = ctx->cn_size; 333 name = data + ctx->cn_offset; 334 if (ctx->cn_size >= ctx->o_size && 335 memcmp(data + ctx->cn_offset, data + ctx->o_offset, 336 ctx->o_size) == 0) 337 goto single_component; 338 if (ctx->cn_size >= 7 && 339 ctx->o_size >= 7 && 340 memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0) 341 goto single_component; 342 343 buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1, 344 GFP_KERNEL); 345 if (!buffer) 346 return -ENOMEM; 347 348 memcpy(buffer, 349 data + ctx->o_offset, ctx->o_size); 350 buffer[ctx->o_size + 0] = ':'; 351 buffer[ctx->o_size + 1] = ' '; 352 memcpy(buffer + ctx->o_size + 2, 353 data + ctx->cn_offset, ctx->cn_size); 354 buffer[ctx->o_size + 2 + ctx->cn_size] = 0; 355 goto done; 356 357 } else if (ctx->cn_size) { 358 namesize = ctx->cn_size; 359 name = data + ctx->cn_offset; 360 } else if (ctx->o_size) { 361 namesize = ctx->o_size; 362 name = data + ctx->o_offset; 363 } else { 364 namesize = ctx->email_size; 365 name = data + ctx->email_offset; 366 } 367 368 single_component: 369 buffer = kmalloc(namesize + 1, GFP_KERNEL); 370 if (!buffer) 371 return -ENOMEM; 372 memcpy(buffer, name, namesize); 373 buffer[namesize] = 0; 374 375 done: 376 *_name = buffer; 377 ctx->cn_size = 0; 378 ctx->o_size = 0; 379 ctx->email_size = 0; 380 return 0; 381 } 382 383 int x509_note_issuer(void *context, size_t hdrlen, 384 unsigned char tag, 385 const void *value, size_t vlen) 386 { 387 struct x509_parse_context *ctx = context; 388 ctx->cert->raw_issuer = value; 389 ctx->cert->raw_issuer_size = vlen; 390 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen); 391 } 392 393 int x509_note_subject(void *context, size_t hdrlen, 394 unsigned char tag, 395 const void *value, size_t vlen) 396 { 397 struct x509_parse_context *ctx = context; 398 ctx->cert->raw_subject = value; 399 ctx->cert->raw_subject_size = vlen; 400 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen); 401 } 402 403 /* 404 * Extract the data for the public key algorithm 405 */ 406 int x509_extract_key_data(void *context, size_t hdrlen, 407 unsigned char tag, 408 const void *value, size_t vlen) 409 { 410 struct x509_parse_context *ctx = context; 411 412 if (ctx->last_oid != OID_rsaEncryption) 413 return -ENOPKG; 414 415 ctx->cert->pub->pkey_algo = "rsa"; 416 417 /* Discard the BIT STRING metadata */ 418 if (vlen < 1 || *(const u8 *)value != 0) 419 return -EBADMSG; 420 ctx->key = value + 1; 421 ctx->key_size = vlen - 1; 422 return 0; 423 } 424 425 /* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */ 426 #define SEQ_TAG_KEYID (ASN1_CONT << 6) 427 428 /* 429 * Process certificate extensions that are used to qualify the certificate. 430 */ 431 int x509_process_extension(void *context, size_t hdrlen, 432 unsigned char tag, 433 const void *value, size_t vlen) 434 { 435 struct x509_parse_context *ctx = context; 436 struct asymmetric_key_id *kid; 437 const unsigned char *v = value; 438 439 pr_debug("Extension: %u\n", ctx->last_oid); 440 441 if (ctx->last_oid == OID_subjectKeyIdentifier) { 442 /* Get hold of the key fingerprint */ 443 if (ctx->cert->skid || vlen < 3) 444 return -EBADMSG; 445 if (v[0] != ASN1_OTS || v[1] != vlen - 2) 446 return -EBADMSG; 447 v += 2; 448 vlen -= 2; 449 450 ctx->cert->raw_skid_size = vlen; 451 ctx->cert->raw_skid = v; 452 kid = asymmetric_key_generate_id(v, vlen, "", 0); 453 if (IS_ERR(kid)) 454 return PTR_ERR(kid); 455 ctx->cert->skid = kid; 456 pr_debug("subjkeyid %*phN\n", kid->len, kid->data); 457 return 0; 458 } 459 460 if (ctx->last_oid == OID_authorityKeyIdentifier) { 461 /* Get hold of the CA key fingerprint */ 462 ctx->raw_akid = v; 463 ctx->raw_akid_size = vlen; 464 return 0; 465 } 466 467 return 0; 468 } 469 470 /** 471 * x509_decode_time - Decode an X.509 time ASN.1 object 472 * @_t: The time to fill in 473 * @hdrlen: The length of the object header 474 * @tag: The object tag 475 * @value: The object value 476 * @vlen: The size of the object value 477 * 478 * Decode an ASN.1 universal time or generalised time field into a struct the 479 * kernel can handle and check it for validity. The time is decoded thus: 480 * 481 * [RFC5280 §4.1.2.5] 482 * CAs conforming to this profile MUST always encode certificate validity 483 * dates through the year 2049 as UTCTime; certificate validity dates in 484 * 2050 or later MUST be encoded as GeneralizedTime. Conforming 485 * applications MUST be able to process validity dates that are encoded in 486 * either UTCTime or GeneralizedTime. 487 */ 488 int x509_decode_time(time64_t *_t, size_t hdrlen, 489 unsigned char tag, 490 const unsigned char *value, size_t vlen) 491 { 492 static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30, 493 31, 31, 30, 31, 30, 31 }; 494 const unsigned char *p = value; 495 unsigned year, mon, day, hour, min, sec, mon_len; 496 497 #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; }) 498 #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; }) 499 500 if (tag == ASN1_UNITIM) { 501 /* UTCTime: YYMMDDHHMMSSZ */ 502 if (vlen != 13) 503 goto unsupported_time; 504 year = DD2bin(p); 505 if (year >= 50) 506 year += 1900; 507 else 508 year += 2000; 509 } else if (tag == ASN1_GENTIM) { 510 /* GenTime: YYYYMMDDHHMMSSZ */ 511 if (vlen != 15) 512 goto unsupported_time; 513 year = DD2bin(p) * 100 + DD2bin(p); 514 if (year >= 1950 && year <= 2049) 515 goto invalid_time; 516 } else { 517 goto unsupported_time; 518 } 519 520 mon = DD2bin(p); 521 day = DD2bin(p); 522 hour = DD2bin(p); 523 min = DD2bin(p); 524 sec = DD2bin(p); 525 526 if (*p != 'Z') 527 goto unsupported_time; 528 529 if (year < 1970 || 530 mon < 1 || mon > 12) 531 goto invalid_time; 532 533 mon_len = month_lengths[mon - 1]; 534 if (mon == 2) { 535 if (year % 4 == 0) { 536 mon_len = 29; 537 if (year % 100 == 0) { 538 mon_len = 28; 539 if (year % 400 == 0) 540 mon_len = 29; 541 } 542 } 543 } 544 545 if (day < 1 || day > mon_len || 546 hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */ 547 min > 59 || 548 sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */ 549 goto invalid_time; 550 551 *_t = mktime64(year, mon, day, hour, min, sec); 552 return 0; 553 554 unsupported_time: 555 pr_debug("Got unsupported time [tag %02x]: '%*phN'\n", 556 tag, (int)vlen, value); 557 return -EBADMSG; 558 invalid_time: 559 pr_debug("Got invalid time [tag %02x]: '%*phN'\n", 560 tag, (int)vlen, value); 561 return -EBADMSG; 562 } 563 EXPORT_SYMBOL_GPL(x509_decode_time); 564 565 int x509_note_not_before(void *context, size_t hdrlen, 566 unsigned char tag, 567 const void *value, size_t vlen) 568 { 569 struct x509_parse_context *ctx = context; 570 return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); 571 } 572 573 int x509_note_not_after(void *context, size_t hdrlen, 574 unsigned char tag, 575 const void *value, size_t vlen) 576 { 577 struct x509_parse_context *ctx = context; 578 return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); 579 } 580 581 /* 582 * Note a key identifier-based AuthorityKeyIdentifier 583 */ 584 int x509_akid_note_kid(void *context, size_t hdrlen, 585 unsigned char tag, 586 const void *value, size_t vlen) 587 { 588 struct x509_parse_context *ctx = context; 589 struct asymmetric_key_id *kid; 590 591 pr_debug("AKID: keyid: %*phN\n", (int)vlen, value); 592 593 if (ctx->cert->sig->auth_ids[1]) 594 return 0; 595 596 kid = asymmetric_key_generate_id(value, vlen, "", 0); 597 if (IS_ERR(kid)) 598 return PTR_ERR(kid); 599 pr_debug("authkeyid %*phN\n", kid->len, kid->data); 600 ctx->cert->sig->auth_ids[1] = kid; 601 return 0; 602 } 603 604 /* 605 * Note a directoryName in an AuthorityKeyIdentifier 606 */ 607 int x509_akid_note_name(void *context, size_t hdrlen, 608 unsigned char tag, 609 const void *value, size_t vlen) 610 { 611 struct x509_parse_context *ctx = context; 612 613 pr_debug("AKID: name: %*phN\n", (int)vlen, value); 614 615 ctx->akid_raw_issuer = value; 616 ctx->akid_raw_issuer_size = vlen; 617 return 0; 618 } 619 620 /* 621 * Note a serial number in an AuthorityKeyIdentifier 622 */ 623 int x509_akid_note_serial(void *context, size_t hdrlen, 624 unsigned char tag, 625 const void *value, size_t vlen) 626 { 627 struct x509_parse_context *ctx = context; 628 struct asymmetric_key_id *kid; 629 630 pr_debug("AKID: serial: %*phN\n", (int)vlen, value); 631 632 if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0]) 633 return 0; 634 635 kid = asymmetric_key_generate_id(value, 636 vlen, 637 ctx->akid_raw_issuer, 638 ctx->akid_raw_issuer_size); 639 if (IS_ERR(kid)) 640 return PTR_ERR(kid); 641 642 pr_debug("authkeyid %*phN\n", kid->len, kid->data); 643 ctx->cert->sig->auth_ids[0] = kid; 644 return 0; 645 } 646