Commit | Line | Data |
---|---|---|
c26fd69f DH |
1 | /* X.509 certificate parser |
2 | * | |
3 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | |
4 | * Written by David Howells (dhowells@redhat.com) | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public Licence | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the Licence, or (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #define pr_fmt(fmt) "X.509: "fmt | |
13 | #include <linux/kernel.h> | |
14 | #include <linux/slab.h> | |
15 | #include <linux/err.h> | |
16 | #include <linux/oid_registry.h> | |
17 | #include "public_key.h" | |
18 | #include "x509_parser.h" | |
19 | #include "x509-asn1.h" | |
20 | #include "x509_rsakey-asn1.h" | |
21 | ||
22 | struct x509_parse_context { | |
23 | struct x509_certificate *cert; /* Certificate being constructed */ | |
24 | unsigned long data; /* Start of data */ | |
25 | const void *cert_start; /* Start of cert content */ | |
26 | const void *key; /* Key data */ | |
27 | size_t key_size; /* Size of key data */ | |
28 | enum OID last_oid; /* Last OID encountered */ | |
29 | enum OID algo_oid; /* Algorithm OID */ | |
30 | unsigned char nr_mpi; /* Number of MPIs stored */ | |
31 | u8 o_size; /* Size of organizationName (O) */ | |
32 | u8 cn_size; /* Size of commonName (CN) */ | |
33 | u8 email_size; /* Size of emailAddress */ | |
34 | u16 o_offset; /* Offset of organizationName (O) */ | |
35 | u16 cn_offset; /* Offset of commonName (CN) */ | |
36 | u16 email_offset; /* Offset of emailAddress */ | |
37 | }; | |
38 | ||
39 | /* | |
40 | * Free an X.509 certificate | |
41 | */ | |
42 | void x509_free_certificate(struct x509_certificate *cert) | |
43 | { | |
44 | if (cert) { | |
45 | public_key_destroy(cert->pub); | |
46 | kfree(cert->issuer); | |
47 | kfree(cert->subject); | |
48 | kfree(cert->fingerprint); | |
49 | kfree(cert->authority); | |
50 | kfree(cert); | |
51 | } | |
52 | } | |
53 | ||
54 | /* | |
55 | * Parse an X.509 certificate | |
56 | */ | |
57 | struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) | |
58 | { | |
59 | struct x509_certificate *cert; | |
60 | struct x509_parse_context *ctx; | |
61 | long ret; | |
62 | ||
63 | ret = -ENOMEM; | |
64 | cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL); | |
65 | if (!cert) | |
66 | goto error_no_cert; | |
67 | cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); | |
68 | if (!cert->pub) | |
69 | goto error_no_ctx; | |
70 | ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL); | |
71 | if (!ctx) | |
72 | goto error_no_ctx; | |
73 | ||
74 | ctx->cert = cert; | |
75 | ctx->data = (unsigned long)data; | |
76 | ||
77 | /* Attempt to decode the certificate */ | |
78 | ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen); | |
79 | if (ret < 0) | |
80 | goto error_decode; | |
81 | ||
82 | /* Decode the public key */ | |
83 | ret = asn1_ber_decoder(&x509_rsakey_decoder, ctx, | |
84 | ctx->key, ctx->key_size); | |
85 | if (ret < 0) | |
86 | goto error_decode; | |
87 | ||
88 | kfree(ctx); | |
89 | return cert; | |
90 | ||
91 | error_decode: | |
92 | kfree(ctx); | |
93 | error_no_ctx: | |
94 | x509_free_certificate(cert); | |
95 | error_no_cert: | |
96 | return ERR_PTR(ret); | |
97 | } | |
98 | ||
99 | /* | |
100 | * Note an OID when we find one for later processing when we know how | |
101 | * to interpret it. | |
102 | */ | |
103 | int x509_note_OID(void *context, size_t hdrlen, | |
104 | unsigned char tag, | |
105 | const void *value, size_t vlen) | |
106 | { | |
107 | struct x509_parse_context *ctx = context; | |
108 | ||
109 | ctx->last_oid = look_up_OID(value, vlen); | |
110 | if (ctx->last_oid == OID__NR) { | |
111 | char buffer[50]; | |
112 | sprint_oid(value, vlen, buffer, sizeof(buffer)); | |
113 | pr_debug("Unknown OID: [%zu] %s\n", | |
114 | (unsigned long)value - ctx->data, buffer); | |
115 | } | |
116 | return 0; | |
117 | } | |
118 | ||
119 | /* | |
120 | * Save the position of the TBS data so that we can check the signature over it | |
121 | * later. | |
122 | */ | |
123 | int x509_note_tbs_certificate(void *context, size_t hdrlen, | |
124 | unsigned char tag, | |
125 | const void *value, size_t vlen) | |
126 | { | |
127 | struct x509_parse_context *ctx = context; | |
128 | ||
129 | pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n", | |
130 | hdrlen, tag, (unsigned long)value - ctx->data, vlen); | |
131 | ||
132 | ctx->cert->tbs = value - hdrlen; | |
133 | ctx->cert->tbs_size = vlen + hdrlen; | |
134 | return 0; | |
135 | } | |
136 | ||
137 | /* | |
138 | * Record the public key algorithm | |
139 | */ | |
140 | int x509_note_pkey_algo(void *context, size_t hdrlen, | |
141 | unsigned char tag, | |
142 | const void *value, size_t vlen) | |
143 | { | |
144 | struct x509_parse_context *ctx = context; | |
145 | ||
146 | pr_debug("PubKey Algo: %u\n", ctx->last_oid); | |
147 | ||
148 | switch (ctx->last_oid) { | |
149 | case OID_md2WithRSAEncryption: | |
150 | case OID_md3WithRSAEncryption: | |
151 | default: | |
152 | return -ENOPKG; /* Unsupported combination */ | |
153 | ||
154 | case OID_md4WithRSAEncryption: | |
155 | ctx->cert->sig_hash_algo = PKEY_HASH_MD5; | |
156 | ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; | |
157 | break; | |
158 | ||
159 | case OID_sha1WithRSAEncryption: | |
160 | ctx->cert->sig_hash_algo = PKEY_HASH_SHA1; | |
161 | ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; | |
162 | break; | |
163 | ||
164 | case OID_sha256WithRSAEncryption: | |
165 | ctx->cert->sig_hash_algo = PKEY_HASH_SHA256; | |
166 | ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; | |
167 | break; | |
168 | ||
169 | case OID_sha384WithRSAEncryption: | |
170 | ctx->cert->sig_hash_algo = PKEY_HASH_SHA384; | |
171 | ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; | |
172 | break; | |
173 | ||
174 | case OID_sha512WithRSAEncryption: | |
175 | ctx->cert->sig_hash_algo = PKEY_HASH_SHA512; | |
176 | ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; | |
177 | break; | |
178 | ||
179 | case OID_sha224WithRSAEncryption: | |
180 | ctx->cert->sig_hash_algo = PKEY_HASH_SHA224; | |
181 | ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; | |
182 | break; | |
183 | } | |
184 | ||
185 | ctx->algo_oid = ctx->last_oid; | |
186 | return 0; | |
187 | } | |
188 | ||
189 | /* | |
190 | * Note the whereabouts and type of the signature. | |
191 | */ | |
192 | int x509_note_signature(void *context, size_t hdrlen, | |
193 | unsigned char tag, | |
194 | const void *value, size_t vlen) | |
195 | { | |
196 | struct x509_parse_context *ctx = context; | |
197 | ||
198 | pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen); | |
199 | ||
200 | if (ctx->last_oid != ctx->algo_oid) { | |
201 | pr_warn("Got cert with pkey (%u) and sig (%u) algorithm OIDs\n", | |
202 | ctx->algo_oid, ctx->last_oid); | |
203 | return -EINVAL; | |
204 | } | |
205 | ||
206 | ctx->cert->sig = value; | |
207 | ctx->cert->sig_size = vlen; | |
208 | return 0; | |
209 | } | |
210 | ||
211 | /* | |
212 | * Note some of the name segments from which we'll fabricate a name. | |
213 | */ | |
214 | int x509_extract_name_segment(void *context, size_t hdrlen, | |
215 | unsigned char tag, | |
216 | const void *value, size_t vlen) | |
217 | { | |
218 | struct x509_parse_context *ctx = context; | |
219 | ||
220 | switch (ctx->last_oid) { | |
221 | case OID_commonName: | |
222 | ctx->cn_size = vlen; | |
223 | ctx->cn_offset = (unsigned long)value - ctx->data; | |
224 | break; | |
225 | case OID_organizationName: | |
226 | ctx->o_size = vlen; | |
227 | ctx->o_offset = (unsigned long)value - ctx->data; | |
228 | break; | |
229 | case OID_email_address: | |
230 | ctx->email_size = vlen; | |
231 | ctx->email_offset = (unsigned long)value - ctx->data; | |
232 | break; | |
233 | default: | |
234 | break; | |
235 | } | |
236 | ||
237 | return 0; | |
238 | } | |
239 | ||
240 | /* | |
241 | * Fabricate and save the issuer and subject names | |
242 | */ | |
243 | static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen, | |
244 | unsigned char tag, | |
245 | char **_name, size_t vlen) | |
246 | { | |
247 | const void *name, *data = (const void *)ctx->data; | |
248 | size_t namesize; | |
249 | char *buffer; | |
250 | ||
251 | if (*_name) | |
252 | return -EINVAL; | |
253 | ||
254 | /* Empty name string if no material */ | |
255 | if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { | |
256 | buffer = kmalloc(1, GFP_KERNEL); | |
257 | if (!buffer) | |
258 | return -ENOMEM; | |
259 | buffer[0] = 0; | |
260 | goto done; | |
261 | } | |
262 | ||
263 | if (ctx->cn_size && ctx->o_size) { | |
264 | /* Consider combining O and CN, but use only the CN if it is | |
265 | * prefixed by the O, or a significant portion thereof. | |
266 | */ | |
267 | namesize = ctx->cn_size; | |
268 | name = data + ctx->cn_offset; | |
269 | if (ctx->cn_size >= ctx->o_size && | |
270 | memcmp(data + ctx->cn_offset, data + ctx->o_offset, | |
271 | ctx->o_size) == 0) | |
272 | goto single_component; | |
273 | if (ctx->cn_size >= 7 && | |
274 | ctx->o_size >= 7 && | |
275 | memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0) | |
276 | goto single_component; | |
277 | ||
278 | buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1, | |
279 | GFP_KERNEL); | |
280 | if (!buffer) | |
281 | return -ENOMEM; | |
282 | ||
283 | memcpy(buffer, | |
284 | data + ctx->o_offset, ctx->o_size); | |
285 | buffer[ctx->o_size + 0] = ':'; | |
286 | buffer[ctx->o_size + 1] = ' '; | |
287 | memcpy(buffer + ctx->o_size + 2, | |
288 | data + ctx->cn_offset, ctx->cn_size); | |
289 | buffer[ctx->o_size + 2 + ctx->cn_size] = 0; | |
290 | goto done; | |
291 | ||
292 | } else if (ctx->cn_size) { | |
293 | namesize = ctx->cn_size; | |
294 | name = data + ctx->cn_offset; | |
295 | } else if (ctx->o_size) { | |
296 | namesize = ctx->o_size; | |
297 | name = data + ctx->o_offset; | |
298 | } else { | |
299 | namesize = ctx->email_size; | |
300 | name = data + ctx->email_offset; | |
301 | } | |
302 | ||
303 | single_component: | |
304 | buffer = kmalloc(namesize + 1, GFP_KERNEL); | |
305 | if (!buffer) | |
306 | return -ENOMEM; | |
307 | memcpy(buffer, name, namesize); | |
308 | buffer[namesize] = 0; | |
309 | ||
310 | done: | |
311 | *_name = buffer; | |
312 | ctx->cn_size = 0; | |
313 | ctx->o_size = 0; | |
314 | ctx->email_size = 0; | |
315 | return 0; | |
316 | } | |
317 | ||
318 | int x509_note_issuer(void *context, size_t hdrlen, | |
319 | unsigned char tag, | |
320 | const void *value, size_t vlen) | |
321 | { | |
322 | struct x509_parse_context *ctx = context; | |
323 | return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen); | |
324 | } | |
325 | ||
326 | int x509_note_subject(void *context, size_t hdrlen, | |
327 | unsigned char tag, | |
328 | const void *value, size_t vlen) | |
329 | { | |
330 | struct x509_parse_context *ctx = context; | |
331 | return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen); | |
332 | } | |
333 | ||
334 | /* | |
335 | * Extract the data for the public key algorithm | |
336 | */ | |
337 | int x509_extract_key_data(void *context, size_t hdrlen, | |
338 | unsigned char tag, | |
339 | const void *value, size_t vlen) | |
340 | { | |
341 | struct x509_parse_context *ctx = context; | |
342 | ||
343 | if (ctx->last_oid != OID_rsaEncryption) | |
344 | return -ENOPKG; | |
345 | ||
346 | /* There seems to be an extraneous 0 byte on the front of the data */ | |
347 | ctx->cert->pkey_algo = PKEY_ALGO_RSA; | |
348 | ctx->key = value + 1; | |
349 | ctx->key_size = vlen - 1; | |
350 | return 0; | |
351 | } | |
352 | ||
353 | /* | |
354 | * Extract a RSA public key value | |
355 | */ | |
356 | int rsa_extract_mpi(void *context, size_t hdrlen, | |
357 | unsigned char tag, | |
358 | const void *value, size_t vlen) | |
359 | { | |
360 | struct x509_parse_context *ctx = context; | |
361 | MPI mpi; | |
362 | ||
363 | if (ctx->nr_mpi >= ARRAY_SIZE(ctx->cert->pub->mpi)) { | |
364 | pr_err("Too many public key MPIs in certificate\n"); | |
365 | return -EBADMSG; | |
366 | } | |
367 | ||
368 | mpi = mpi_read_raw_data(value, vlen); | |
369 | if (!mpi) | |
370 | return -ENOMEM; | |
371 | ||
372 | ctx->cert->pub->mpi[ctx->nr_mpi++] = mpi; | |
373 | return 0; | |
374 | } | |
375 | ||
376 | /* | |
377 | * Process certificate extensions that are used to qualify the certificate. | |
378 | */ | |
379 | int x509_process_extension(void *context, size_t hdrlen, | |
380 | unsigned char tag, | |
381 | const void *value, size_t vlen) | |
382 | { | |
383 | struct x509_parse_context *ctx = context; | |
384 | const unsigned char *v = value; | |
385 | char *f; | |
386 | int i; | |
387 | ||
388 | pr_debug("Extension: %u\n", ctx->last_oid); | |
389 | ||
390 | if (ctx->last_oid == OID_subjectKeyIdentifier) { | |
391 | /* Get hold of the key fingerprint */ | |
392 | if (vlen < 3) | |
393 | return -EBADMSG; | |
394 | if (v[0] != ASN1_OTS || v[1] != vlen - 2) | |
395 | return -EBADMSG; | |
396 | v += 2; | |
397 | vlen -= 2; | |
398 | ||
399 | f = kmalloc(vlen * 2 + 1, GFP_KERNEL); | |
400 | if (!f) | |
401 | return -ENOMEM; | |
402 | for (i = 0; i < vlen; i++) | |
403 | sprintf(f + i * 2, "%02x", v[i]); | |
404 | pr_debug("fingerprint %s\n", f); | |
405 | ctx->cert->fingerprint = f; | |
406 | return 0; | |
407 | } | |
408 | ||
409 | if (ctx->last_oid == OID_authorityKeyIdentifier) { | |
410 | /* Get hold of the CA key fingerprint */ | |
411 | if (vlen < 5) | |
412 | return -EBADMSG; | |
413 | if (v[0] != (ASN1_SEQ | (ASN1_CONS << 5)) || | |
414 | v[1] != vlen - 2 || | |
415 | v[2] != (ASN1_CONT << 6) || | |
416 | v[3] != vlen - 4) | |
417 | return -EBADMSG; | |
418 | v += 4; | |
419 | vlen -= 4; | |
420 | ||
421 | f = kmalloc(vlen * 2 + 1, GFP_KERNEL); | |
422 | if (!f) | |
423 | return -ENOMEM; | |
424 | for (i = 0; i < vlen; i++) | |
425 | sprintf(f + i * 2, "%02x", v[i]); | |
426 | pr_debug("authority %s\n", f); | |
427 | ctx->cert->authority = f; | |
428 | return 0; | |
429 | } | |
430 | ||
431 | return 0; | |
432 | } | |
433 | ||
434 | /* | |
435 | * Record a certificate time. | |
436 | */ | |
a5752d11 | 437 | static int x509_note_time(struct tm *tm, size_t hdrlen, |
c26fd69f DH |
438 | unsigned char tag, |
439 | const unsigned char *value, size_t vlen) | |
440 | { | |
c26fd69f DH |
441 | const unsigned char *p = value; |
442 | ||
443 | #define dec2bin(X) ((X) - '0') | |
444 | #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; }) | |
445 | ||
446 | if (tag == ASN1_UNITIM) { | |
447 | /* UTCTime: YYMMDDHHMMSSZ */ | |
448 | if (vlen != 13) | |
449 | goto unsupported_time; | |
a5752d11 DH |
450 | tm->tm_year = DD2bin(p); |
451 | if (tm->tm_year >= 50) | |
452 | tm->tm_year += 1900; | |
c26fd69f | 453 | else |
a5752d11 | 454 | tm->tm_year += 2000; |
c26fd69f DH |
455 | } else if (tag == ASN1_GENTIM) { |
456 | /* GenTime: YYYYMMDDHHMMSSZ */ | |
457 | if (vlen != 15) | |
458 | goto unsupported_time; | |
a5752d11 | 459 | tm->tm_year = DD2bin(p) * 100 + DD2bin(p); |
c26fd69f DH |
460 | } else { |
461 | goto unsupported_time; | |
462 | } | |
463 | ||
a5752d11 DH |
464 | tm->tm_year -= 1900; |
465 | tm->tm_mon = DD2bin(p) - 1; | |
466 | tm->tm_mday = DD2bin(p); | |
467 | tm->tm_hour = DD2bin(p); | |
468 | tm->tm_min = DD2bin(p); | |
469 | tm->tm_sec = DD2bin(p); | |
c26fd69f DH |
470 | |
471 | if (*p != 'Z') | |
472 | goto unsupported_time; | |
473 | ||
c26fd69f DH |
474 | return 0; |
475 | ||
476 | unsupported_time: | |
477 | pr_debug("Got unsupported time [tag %02x]: '%*.*s'\n", | |
478 | tag, (int)vlen, (int)vlen, value); | |
479 | return -EBADMSG; | |
480 | } | |
481 | ||
482 | int x509_note_not_before(void *context, size_t hdrlen, | |
483 | unsigned char tag, | |
484 | const void *value, size_t vlen) | |
485 | { | |
486 | struct x509_parse_context *ctx = context; | |
487 | return x509_note_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); | |
488 | } | |
489 | ||
490 | int x509_note_not_after(void *context, size_t hdrlen, | |
491 | unsigned char tag, | |
492 | const void *value, size_t vlen) | |
493 | { | |
494 | struct x509_parse_context *ctx = context; | |
495 | return x509_note_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); | |
496 | } |