1 /* X.509 certificate parser
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
12 #define pr_fmt(fmt) "X.509: "fmt
13 #include <linux/kernel.h>
14 #include <linux/export.h>
15 #include <linux/slab.h>
16 #include <linux/err.h>
17 #include <linux/oid_registry.h>
18 #include "public_key.h"
19 #include "x509_parser.h"
20 #include "x509-asn1.h"
21 #include "x509_akid-asn1.h"
22 #include "x509_rsakey-asn1.h"
24 struct x509_parse_context
{
25 struct x509_certificate
*cert
; /* Certificate being constructed */
26 unsigned long data
; /* Start of data */
27 const void *cert_start
; /* Start of cert content */
28 const void *key
; /* Key data */
29 size_t key_size
; /* Size of key data */
30 enum OID last_oid
; /* Last OID encountered */
31 enum OID algo_oid
; /* Algorithm OID */
32 unsigned char nr_mpi
; /* Number of MPIs stored */
33 u8 o_size
; /* Size of organizationName (O) */
34 u8 cn_size
; /* Size of commonName (CN) */
35 u8 email_size
; /* Size of emailAddress */
36 u16 o_offset
; /* Offset of organizationName (O) */
37 u16 cn_offset
; /* Offset of commonName (CN) */
38 u16 email_offset
; /* Offset of emailAddress */
39 unsigned raw_akid_size
;
40 const void *raw_akid
; /* Raw authorityKeyId in ASN.1 */
41 const void *akid_raw_issuer
; /* Raw directoryName in authorityKeyId */
42 unsigned akid_raw_issuer_size
;
46 * Free an X.509 certificate
48 void x509_free_certificate(struct x509_certificate
*cert
)
51 public_key_destroy(cert
->pub
);
57 kfree(cert
->akid_skid
);
58 kfree(cert
->sig
.digest
);
59 mpi_free(cert
->sig
.rsa
.s
);
63 EXPORT_SYMBOL_GPL(x509_free_certificate
);
66 * Parse an X.509 certificate
68 struct x509_certificate
*x509_cert_parse(const void *data
, size_t datalen
)
70 struct x509_certificate
*cert
;
71 struct x509_parse_context
*ctx
;
72 struct asymmetric_key_id
*kid
;
76 cert
= kzalloc(sizeof(struct x509_certificate
), GFP_KERNEL
);
79 cert
->pub
= kzalloc(sizeof(struct public_key
), GFP_KERNEL
);
82 ctx
= kzalloc(sizeof(struct x509_parse_context
), GFP_KERNEL
);
87 ctx
->data
= (unsigned long)data
;
89 /* Attempt to decode the certificate */
90 ret
= asn1_ber_decoder(&x509_decoder
, ctx
, data
, datalen
);
94 /* Decode the AuthorityKeyIdentifier */
96 pr_devel("AKID: %u %*phN\n",
97 ctx
->raw_akid_size
, ctx
->raw_akid_size
, ctx
->raw_akid
);
98 ret
= asn1_ber_decoder(&x509_akid_decoder
, ctx
,
99 ctx
->raw_akid
, ctx
->raw_akid_size
);
101 pr_warn("Couldn't decode AuthKeyIdentifier\n");
106 /* Decode the public key */
107 ret
= asn1_ber_decoder(&x509_rsakey_decoder
, ctx
,
108 ctx
->key
, ctx
->key_size
);
112 /* Generate cert issuer + serial number key ID */
113 kid
= asymmetric_key_generate_id(cert
->raw_serial
,
114 cert
->raw_serial_size
,
116 cert
->raw_issuer_size
);
129 x509_free_certificate(cert
);
133 EXPORT_SYMBOL_GPL(x509_cert_parse
);
136 * Note an OID when we find one for later processing when we know how
139 int x509_note_OID(void *context
, size_t hdrlen
,
141 const void *value
, size_t vlen
)
143 struct x509_parse_context
*ctx
= context
;
145 ctx
->last_oid
= look_up_OID(value
, vlen
);
146 if (ctx
->last_oid
== OID__NR
) {
148 sprint_oid(value
, vlen
, buffer
, sizeof(buffer
));
149 pr_debug("Unknown OID: [%lu] %s\n",
150 (unsigned long)value
- ctx
->data
, buffer
);
156 * Save the position of the TBS data so that we can check the signature over it
159 int x509_note_tbs_certificate(void *context
, size_t hdrlen
,
161 const void *value
, size_t vlen
)
163 struct x509_parse_context
*ctx
= context
;
165 pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n",
166 hdrlen
, tag
, (unsigned long)value
- ctx
->data
, vlen
);
168 ctx
->cert
->tbs
= value
- hdrlen
;
169 ctx
->cert
->tbs_size
= vlen
+ hdrlen
;
174 * Record the public key algorithm
176 int x509_note_pkey_algo(void *context
, size_t hdrlen
,
178 const void *value
, size_t vlen
)
180 struct x509_parse_context
*ctx
= context
;
182 pr_debug("PubKey Algo: %u\n", ctx
->last_oid
);
184 switch (ctx
->last_oid
) {
185 case OID_md2WithRSAEncryption
:
186 case OID_md3WithRSAEncryption
:
188 return -ENOPKG
; /* Unsupported combination */
190 case OID_md4WithRSAEncryption
:
191 ctx
->cert
->sig
.pkey_hash_algo
= HASH_ALGO_MD5
;
192 ctx
->cert
->sig
.pkey_algo
= PKEY_ALGO_RSA
;
195 case OID_sha1WithRSAEncryption
:
196 ctx
->cert
->sig
.pkey_hash_algo
= HASH_ALGO_SHA1
;
197 ctx
->cert
->sig
.pkey_algo
= PKEY_ALGO_RSA
;
200 case OID_sha256WithRSAEncryption
:
201 ctx
->cert
->sig
.pkey_hash_algo
= HASH_ALGO_SHA256
;
202 ctx
->cert
->sig
.pkey_algo
= PKEY_ALGO_RSA
;
205 case OID_sha384WithRSAEncryption
:
206 ctx
->cert
->sig
.pkey_hash_algo
= HASH_ALGO_SHA384
;
207 ctx
->cert
->sig
.pkey_algo
= PKEY_ALGO_RSA
;
210 case OID_sha512WithRSAEncryption
:
211 ctx
->cert
->sig
.pkey_hash_algo
= HASH_ALGO_SHA512
;
212 ctx
->cert
->sig
.pkey_algo
= PKEY_ALGO_RSA
;
215 case OID_sha224WithRSAEncryption
:
216 ctx
->cert
->sig
.pkey_hash_algo
= HASH_ALGO_SHA224
;
217 ctx
->cert
->sig
.pkey_algo
= PKEY_ALGO_RSA
;
221 ctx
->algo_oid
= ctx
->last_oid
;
226 * Note the whereabouts and type of the signature.
228 int x509_note_signature(void *context
, size_t hdrlen
,
230 const void *value
, size_t vlen
)
232 struct x509_parse_context
*ctx
= context
;
234 pr_debug("Signature type: %u size %zu\n", ctx
->last_oid
, vlen
);
236 if (ctx
->last_oid
!= ctx
->algo_oid
) {
237 pr_warn("Got cert with pkey (%u) and sig (%u) algorithm OIDs\n",
238 ctx
->algo_oid
, ctx
->last_oid
);
242 ctx
->cert
->raw_sig
= value
;
243 ctx
->cert
->raw_sig_size
= vlen
;
248 * Note the certificate serial number
250 int x509_note_serial(void *context
, size_t hdrlen
,
252 const void *value
, size_t vlen
)
254 struct x509_parse_context
*ctx
= context
;
255 ctx
->cert
->raw_serial
= value
;
256 ctx
->cert
->raw_serial_size
= vlen
;
261 * Note some of the name segments from which we'll fabricate a name.
263 int x509_extract_name_segment(void *context
, size_t hdrlen
,
265 const void *value
, size_t vlen
)
267 struct x509_parse_context
*ctx
= context
;
269 switch (ctx
->last_oid
) {
272 ctx
->cn_offset
= (unsigned long)value
- ctx
->data
;
274 case OID_organizationName
:
276 ctx
->o_offset
= (unsigned long)value
- ctx
->data
;
278 case OID_email_address
:
279 ctx
->email_size
= vlen
;
280 ctx
->email_offset
= (unsigned long)value
- ctx
->data
;
290 * Fabricate and save the issuer and subject names
292 static int x509_fabricate_name(struct x509_parse_context
*ctx
, size_t hdrlen
,
294 char **_name
, size_t vlen
)
296 const void *name
, *data
= (const void *)ctx
->data
;
303 /* Empty name string if no material */
304 if (!ctx
->cn_size
&& !ctx
->o_size
&& !ctx
->email_size
) {
305 buffer
= kmalloc(1, GFP_KERNEL
);
312 if (ctx
->cn_size
&& ctx
->o_size
) {
313 /* Consider combining O and CN, but use only the CN if it is
314 * prefixed by the O, or a significant portion thereof.
316 namesize
= ctx
->cn_size
;
317 name
= data
+ ctx
->cn_offset
;
318 if (ctx
->cn_size
>= ctx
->o_size
&&
319 memcmp(data
+ ctx
->cn_offset
, data
+ ctx
->o_offset
,
321 goto single_component
;
322 if (ctx
->cn_size
>= 7 &&
324 memcmp(data
+ ctx
->cn_offset
, data
+ ctx
->o_offset
, 7) == 0)
325 goto single_component
;
327 buffer
= kmalloc(ctx
->o_size
+ 2 + ctx
->cn_size
+ 1,
333 data
+ ctx
->o_offset
, ctx
->o_size
);
334 buffer
[ctx
->o_size
+ 0] = ':';
335 buffer
[ctx
->o_size
+ 1] = ' ';
336 memcpy(buffer
+ ctx
->o_size
+ 2,
337 data
+ ctx
->cn_offset
, ctx
->cn_size
);
338 buffer
[ctx
->o_size
+ 2 + ctx
->cn_size
] = 0;
341 } else if (ctx
->cn_size
) {
342 namesize
= ctx
->cn_size
;
343 name
= data
+ ctx
->cn_offset
;
344 } else if (ctx
->o_size
) {
345 namesize
= ctx
->o_size
;
346 name
= data
+ ctx
->o_offset
;
348 namesize
= ctx
->email_size
;
349 name
= data
+ ctx
->email_offset
;
353 buffer
= kmalloc(namesize
+ 1, GFP_KERNEL
);
356 memcpy(buffer
, name
, namesize
);
357 buffer
[namesize
] = 0;
367 int x509_note_issuer(void *context
, size_t hdrlen
,
369 const void *value
, size_t vlen
)
371 struct x509_parse_context
*ctx
= context
;
372 ctx
->cert
->raw_issuer
= value
;
373 ctx
->cert
->raw_issuer_size
= vlen
;
374 return x509_fabricate_name(ctx
, hdrlen
, tag
, &ctx
->cert
->issuer
, vlen
);
377 int x509_note_subject(void *context
, size_t hdrlen
,
379 const void *value
, size_t vlen
)
381 struct x509_parse_context
*ctx
= context
;
382 ctx
->cert
->raw_subject
= value
;
383 ctx
->cert
->raw_subject_size
= vlen
;
384 return x509_fabricate_name(ctx
, hdrlen
, tag
, &ctx
->cert
->subject
, vlen
);
388 * Extract the data for the public key algorithm
390 int x509_extract_key_data(void *context
, size_t hdrlen
,
392 const void *value
, size_t vlen
)
394 struct x509_parse_context
*ctx
= context
;
396 if (ctx
->last_oid
!= OID_rsaEncryption
)
399 ctx
->cert
->pub
->pkey_algo
= PKEY_ALGO_RSA
;
401 /* Discard the BIT STRING metadata */
402 ctx
->key
= value
+ 1;
403 ctx
->key_size
= vlen
- 1;
408 * Extract a RSA public key value
410 int rsa_extract_mpi(void *context
, size_t hdrlen
,
412 const void *value
, size_t vlen
)
414 struct x509_parse_context
*ctx
= context
;
417 if (ctx
->nr_mpi
>= ARRAY_SIZE(ctx
->cert
->pub
->mpi
)) {
418 pr_err("Too many public key MPIs in certificate\n");
422 mpi
= mpi_read_raw_data(value
, vlen
);
426 ctx
->cert
->pub
->mpi
[ctx
->nr_mpi
++] = mpi
;
430 /* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */
431 #define SEQ_TAG_KEYID (ASN1_CONT << 6)
434 * Process certificate extensions that are used to qualify the certificate.
436 int x509_process_extension(void *context
, size_t hdrlen
,
438 const void *value
, size_t vlen
)
440 struct x509_parse_context
*ctx
= context
;
441 struct asymmetric_key_id
*kid
;
442 const unsigned char *v
= value
;
444 pr_debug("Extension: %u\n", ctx
->last_oid
);
446 if (ctx
->last_oid
== OID_subjectKeyIdentifier
) {
447 /* Get hold of the key fingerprint */
448 if (ctx
->cert
->skid
|| vlen
< 3)
450 if (v
[0] != ASN1_OTS
|| v
[1] != vlen
- 2)
455 ctx
->cert
->raw_skid_size
= vlen
;
456 ctx
->cert
->raw_skid
= v
;
457 kid
= asymmetric_key_generate_id(v
, vlen
, "", 0);
460 ctx
->cert
->skid
= kid
;
461 pr_debug("subjkeyid %*phN\n", kid
->len
, kid
->data
);
465 if (ctx
->last_oid
== OID_authorityKeyIdentifier
) {
466 /* Get hold of the CA key fingerprint */
468 ctx
->raw_akid_size
= vlen
;
476 * x509_decode_time - Decode an X.509 time ASN.1 object
477 * @_t: The time to fill in
478 * @hdrlen: The length of the object header
479 * @tag: The object tag
480 * @value: The object value
481 * @vlen: The size of the object value
483 * Decode an ASN.1 universal time or generalised time field into a struct the
484 * kernel can handle and check it for validity. The time is decoded thus:
486 * [RFC5280 ยง4.1.2.5]
487 * CAs conforming to this profile MUST always encode certificate validity
488 * dates through the year 2049 as UTCTime; certificate validity dates in
489 * 2050 or later MUST be encoded as GeneralizedTime. Conforming
490 * applications MUST be able to process validity dates that are encoded in
491 * either UTCTime or GeneralizedTime.
493 int x509_decode_time(time64_t
*_t
, size_t hdrlen
,
495 const unsigned char *value
, size_t vlen
)
497 static const unsigned char month_lengths
[] = { 31, 29, 31, 30, 31, 30,
498 31, 31, 30, 31, 30, 31 };
499 const unsigned char *p
= value
;
500 unsigned year
, mon
, day
, hour
, min
, sec
, mon_len
;
502 #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; })
503 #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; })
505 if (tag
== ASN1_UNITIM
) {
506 /* UTCTime: YYMMDDHHMMSSZ */
508 goto unsupported_time
;
514 } else if (tag
== ASN1_GENTIM
) {
515 /* GenTime: YYYYMMDDHHMMSSZ */
517 goto unsupported_time
;
518 year
= DD2bin(p
) * 100 + DD2bin(p
);
519 if (year
>= 1950 && year
<= 2049)
522 goto unsupported_time
;
532 goto unsupported_time
;
538 mon_len
= month_lengths
[mon
- 1];
542 if (year
% 100 == 0) {
550 if (day
< 1 || day
> mon_len
||
556 *_t
= mktime64(year
, mon
, day
, hour
, min
, sec
);
560 pr_debug("Got unsupported time [tag %02x]: '%*phN'\n",
561 tag
, (int)vlen
, value
);
564 pr_debug("Got invalid time [tag %02x]: '%*phN'\n",
565 tag
, (int)vlen
, value
);
568 EXPORT_SYMBOL_GPL(x509_decode_time
);
570 int x509_note_not_before(void *context
, size_t hdrlen
,
572 const void *value
, size_t vlen
)
574 struct x509_parse_context
*ctx
= context
;
575 return x509_decode_time(&ctx
->cert
->valid_from
, hdrlen
, tag
, value
, vlen
);
578 int x509_note_not_after(void *context
, size_t hdrlen
,
580 const void *value
, size_t vlen
)
582 struct x509_parse_context
*ctx
= context
;
583 return x509_decode_time(&ctx
->cert
->valid_to
, hdrlen
, tag
, value
, vlen
);
587 * Note a key identifier-based AuthorityKeyIdentifier
589 int x509_akid_note_kid(void *context
, size_t hdrlen
,
591 const void *value
, size_t vlen
)
593 struct x509_parse_context
*ctx
= context
;
594 struct asymmetric_key_id
*kid
;
596 pr_debug("AKID: keyid: %*phN\n", (int)vlen
, value
);
598 if (ctx
->cert
->akid_skid
)
601 kid
= asymmetric_key_generate_id(value
, vlen
, "", 0);
604 pr_debug("authkeyid %*phN\n", kid
->len
, kid
->data
);
605 ctx
->cert
->akid_skid
= kid
;
610 * Note a directoryName in an AuthorityKeyIdentifier
612 int x509_akid_note_name(void *context
, size_t hdrlen
,
614 const void *value
, size_t vlen
)
616 struct x509_parse_context
*ctx
= context
;
618 pr_debug("AKID: name: %*phN\n", (int)vlen
, value
);
620 ctx
->akid_raw_issuer
= value
;
621 ctx
->akid_raw_issuer_size
= vlen
;
626 * Note a serial number in an AuthorityKeyIdentifier
628 int x509_akid_note_serial(void *context
, size_t hdrlen
,
630 const void *value
, size_t vlen
)
632 struct x509_parse_context
*ctx
= context
;
633 struct asymmetric_key_id
*kid
;
635 pr_debug("AKID: serial: %*phN\n", (int)vlen
, value
);
637 if (!ctx
->akid_raw_issuer
|| ctx
->cert
->akid_id
)
640 kid
= asymmetric_key_generate_id(value
,
642 ctx
->akid_raw_issuer
,
643 ctx
->akid_raw_issuer_size
);
647 pr_debug("authkeyid %*phN\n", kid
->len
, kid
->data
);
648 ctx
->cert
->akid_id
= kid
;