1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* X.509 certificate parser |
3 | * |
4 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. |
5 | * Written by David Howells (dhowells@redhat.com) |
6 | */ |
7 | |
8 | #define pr_fmt(fmt) "X.509: "fmt |
9 | #include <linux/kernel.h> |
10 | #include <linux/export.h> |
11 | #include <linux/slab.h> |
12 | #include <linux/err.h> |
13 | #include <linux/oid_registry.h> |
14 | #include <crypto/public_key.h> |
15 | #include "x509_parser.h" |
16 | #include "x509.asn1.h" |
17 | #include "x509_akid.asn1.h" |
18 | |
19 | struct x509_parse_context { |
20 | struct x509_certificate *cert; /* Certificate being constructed */ |
21 | unsigned long data; /* Start of data */ |
22 | const void *key; /* Key data */ |
23 | size_t key_size; /* Size of key data */ |
24 | const void *params; /* Key parameters */ |
25 | size_t params_size; /* Size of key parameters */ |
26 | enum OID key_algo; /* Algorithm used by the cert's key */ |
27 | enum OID last_oid; /* Last OID encountered */ |
28 | enum OID sig_algo; /* Algorithm used to sign the cert */ |
29 | u8 o_size; /* Size of organizationName (O) */ |
30 | u8 cn_size; /* Size of commonName (CN) */ |
31 | u8 email_size; /* Size of emailAddress */ |
32 | u16 o_offset; /* Offset of organizationName (O) */ |
33 | u16 cn_offset; /* Offset of commonName (CN) */ |
34 | u16 email_offset; /* Offset of emailAddress */ |
35 | unsigned raw_akid_size; |
36 | const void *raw_akid; /* Raw authorityKeyId in ASN.1 */ |
37 | const void *akid_raw_issuer; /* Raw directoryName in authorityKeyId */ |
38 | unsigned akid_raw_issuer_size; |
39 | }; |
40 | |
41 | /* |
42 | * Free an X.509 certificate |
43 | */ |
44 | void x509_free_certificate(struct x509_certificate *cert) |
45 | { |
46 | if (cert) { |
47 | public_key_free(key: cert->pub); |
48 | public_key_signature_free(sig: cert->sig); |
49 | kfree(objp: cert->issuer); |
50 | kfree(objp: cert->subject); |
51 | kfree(objp: cert->id); |
52 | kfree(objp: cert->skid); |
53 | kfree(objp: cert); |
54 | } |
55 | } |
56 | EXPORT_SYMBOL_GPL(x509_free_certificate); |
57 | |
58 | /* |
59 | * Parse an X.509 certificate |
60 | */ |
61 | struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) |
62 | { |
63 | struct x509_certificate *cert; |
64 | struct x509_parse_context *ctx; |
65 | struct asymmetric_key_id *kid; |
66 | long ret; |
67 | |
68 | ret = -ENOMEM; |
69 | cert = kzalloc(size: sizeof(struct x509_certificate), GFP_KERNEL); |
70 | if (!cert) |
71 | goto error_no_cert; |
72 | cert->pub = kzalloc(size: sizeof(struct public_key), GFP_KERNEL); |
73 | if (!cert->pub) |
74 | goto error_no_ctx; |
75 | cert->sig = kzalloc(size: sizeof(struct public_key_signature), GFP_KERNEL); |
76 | if (!cert->sig) |
77 | goto error_no_ctx; |
78 | ctx = kzalloc(size: sizeof(struct x509_parse_context), GFP_KERNEL); |
79 | if (!ctx) |
80 | goto error_no_ctx; |
81 | |
82 | ctx->cert = cert; |
83 | ctx->data = (unsigned long)data; |
84 | |
85 | /* Attempt to decode the certificate */ |
86 | ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen); |
87 | if (ret < 0) |
88 | goto error_decode; |
89 | |
90 | /* Decode the AuthorityKeyIdentifier */ |
91 | if (ctx->raw_akid) { |
92 | pr_devel("AKID: %u %*phN\n" , |
93 | ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid); |
94 | ret = asn1_ber_decoder(&x509_akid_decoder, ctx, |
95 | ctx->raw_akid, ctx->raw_akid_size); |
96 | if (ret < 0) { |
97 | pr_warn("Couldn't decode AuthKeyIdentifier\n" ); |
98 | goto error_decode; |
99 | } |
100 | } |
101 | |
102 | ret = -ENOMEM; |
103 | cert->pub->key = kmemdup(p: ctx->key, size: ctx->key_size, GFP_KERNEL); |
104 | if (!cert->pub->key) |
105 | goto error_decode; |
106 | |
107 | cert->pub->keylen = ctx->key_size; |
108 | |
109 | cert->pub->params = kmemdup(p: ctx->params, size: ctx->params_size, GFP_KERNEL); |
110 | if (!cert->pub->params) |
111 | goto error_decode; |
112 | |
113 | cert->pub->paramlen = ctx->params_size; |
114 | cert->pub->algo = ctx->key_algo; |
115 | |
116 | /* Grab the signature bits */ |
117 | ret = x509_get_sig_params(cert); |
118 | if (ret < 0) |
119 | goto error_decode; |
120 | |
121 | /* Generate cert issuer + serial number key ID */ |
122 | kid = asymmetric_key_generate_id(val_1: cert->raw_serial, |
123 | len_1: cert->raw_serial_size, |
124 | val_2: cert->raw_issuer, |
125 | len_2: cert->raw_issuer_size); |
126 | if (IS_ERR(ptr: kid)) { |
127 | ret = PTR_ERR(ptr: kid); |
128 | goto error_decode; |
129 | } |
130 | cert->id = kid; |
131 | |
132 | /* Detect self-signed certificates */ |
133 | ret = x509_check_for_self_signed(cert); |
134 | if (ret < 0) |
135 | goto error_decode; |
136 | |
137 | kfree(objp: ctx); |
138 | return cert; |
139 | |
140 | error_decode: |
141 | kfree(objp: ctx); |
142 | error_no_ctx: |
143 | x509_free_certificate(cert); |
144 | error_no_cert: |
145 | return ERR_PTR(error: ret); |
146 | } |
147 | EXPORT_SYMBOL_GPL(x509_cert_parse); |
148 | |
149 | /* |
150 | * Note an OID when we find one for later processing when we know how |
151 | * to interpret it. |
152 | */ |
153 | int x509_note_OID(void *context, size_t hdrlen, |
154 | unsigned char tag, |
155 | const void *value, size_t vlen) |
156 | { |
157 | struct x509_parse_context *ctx = context; |
158 | |
159 | ctx->last_oid = look_up_OID(data: value, datasize: vlen); |
160 | if (ctx->last_oid == OID__NR) { |
161 | char buffer[50]; |
162 | sprint_oid(value, vlen, buffer, sizeof(buffer)); |
163 | pr_debug("Unknown OID: [%lu] %s\n" , |
164 | (unsigned long)value - ctx->data, buffer); |
165 | } |
166 | return 0; |
167 | } |
168 | |
169 | /* |
170 | * Save the position of the TBS data so that we can check the signature over it |
171 | * later. |
172 | */ |
173 | int x509_note_tbs_certificate(void *context, size_t hdrlen, |
174 | unsigned char tag, |
175 | const void *value, size_t vlen) |
176 | { |
177 | struct x509_parse_context *ctx = context; |
178 | |
179 | pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n" , |
180 | hdrlen, tag, (unsigned long)value - ctx->data, vlen); |
181 | |
182 | ctx->cert->tbs = value - hdrlen; |
183 | ctx->cert->tbs_size = vlen + hdrlen; |
184 | return 0; |
185 | } |
186 | |
187 | /* |
188 | * Record the algorithm that was used to sign this certificate. |
189 | */ |
190 | int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag, |
191 | const void *value, size_t vlen) |
192 | { |
193 | struct x509_parse_context *ctx = context; |
194 | |
195 | pr_debug("PubKey Algo: %u\n" , ctx->last_oid); |
196 | |
197 | switch (ctx->last_oid) { |
198 | default: |
199 | return -ENOPKG; /* Unsupported combination */ |
200 | |
201 | case OID_sha1WithRSAEncryption: |
202 | ctx->cert->sig->hash_algo = "sha1" ; |
203 | goto rsa_pkcs1; |
204 | |
205 | case OID_sha256WithRSAEncryption: |
206 | ctx->cert->sig->hash_algo = "sha256" ; |
207 | goto rsa_pkcs1; |
208 | |
209 | case OID_sha384WithRSAEncryption: |
210 | ctx->cert->sig->hash_algo = "sha384" ; |
211 | goto rsa_pkcs1; |
212 | |
213 | case OID_sha512WithRSAEncryption: |
214 | ctx->cert->sig->hash_algo = "sha512" ; |
215 | goto rsa_pkcs1; |
216 | |
217 | case OID_sha224WithRSAEncryption: |
218 | ctx->cert->sig->hash_algo = "sha224" ; |
219 | goto rsa_pkcs1; |
220 | |
221 | case OID_id_ecdsa_with_sha1: |
222 | ctx->cert->sig->hash_algo = "sha1" ; |
223 | goto ecdsa; |
224 | |
225 | case OID_id_rsassa_pkcs1_v1_5_with_sha3_256: |
226 | ctx->cert->sig->hash_algo = "sha3-256" ; |
227 | goto rsa_pkcs1; |
228 | |
229 | case OID_id_rsassa_pkcs1_v1_5_with_sha3_384: |
230 | ctx->cert->sig->hash_algo = "sha3-384" ; |
231 | goto rsa_pkcs1; |
232 | |
233 | case OID_id_rsassa_pkcs1_v1_5_with_sha3_512: |
234 | ctx->cert->sig->hash_algo = "sha3-512" ; |
235 | goto rsa_pkcs1; |
236 | |
237 | case OID_id_ecdsa_with_sha224: |
238 | ctx->cert->sig->hash_algo = "sha224" ; |
239 | goto ecdsa; |
240 | |
241 | case OID_id_ecdsa_with_sha256: |
242 | ctx->cert->sig->hash_algo = "sha256" ; |
243 | goto ecdsa; |
244 | |
245 | case OID_id_ecdsa_with_sha384: |
246 | ctx->cert->sig->hash_algo = "sha384" ; |
247 | goto ecdsa; |
248 | |
249 | case OID_id_ecdsa_with_sha512: |
250 | ctx->cert->sig->hash_algo = "sha512" ; |
251 | goto ecdsa; |
252 | |
253 | case OID_id_ecdsa_with_sha3_256: |
254 | ctx->cert->sig->hash_algo = "sha3-256" ; |
255 | goto ecdsa; |
256 | |
257 | case OID_id_ecdsa_with_sha3_384: |
258 | ctx->cert->sig->hash_algo = "sha3-384" ; |
259 | goto ecdsa; |
260 | |
261 | case OID_id_ecdsa_with_sha3_512: |
262 | ctx->cert->sig->hash_algo = "sha3-512" ; |
263 | goto ecdsa; |
264 | |
265 | case OID_gost2012Signature256: |
266 | ctx->cert->sig->hash_algo = "streebog256" ; |
267 | goto ecrdsa; |
268 | |
269 | case OID_gost2012Signature512: |
270 | ctx->cert->sig->hash_algo = "streebog512" ; |
271 | goto ecrdsa; |
272 | |
273 | case OID_SM2_with_SM3: |
274 | ctx->cert->sig->hash_algo = "sm3" ; |
275 | goto sm2; |
276 | } |
277 | |
278 | rsa_pkcs1: |
279 | ctx->cert->sig->pkey_algo = "rsa" ; |
280 | ctx->cert->sig->encoding = "pkcs1" ; |
281 | ctx->sig_algo = ctx->last_oid; |
282 | return 0; |
283 | ecrdsa: |
284 | ctx->cert->sig->pkey_algo = "ecrdsa" ; |
285 | ctx->cert->sig->encoding = "raw" ; |
286 | ctx->sig_algo = ctx->last_oid; |
287 | return 0; |
288 | sm2: |
289 | ctx->cert->sig->pkey_algo = "sm2" ; |
290 | ctx->cert->sig->encoding = "raw" ; |
291 | ctx->sig_algo = ctx->last_oid; |
292 | return 0; |
293 | ecdsa: |
294 | ctx->cert->sig->pkey_algo = "ecdsa" ; |
295 | ctx->cert->sig->encoding = "x962" ; |
296 | ctx->sig_algo = ctx->last_oid; |
297 | return 0; |
298 | } |
299 | |
300 | /* |
301 | * Note the whereabouts and type of the signature. |
302 | */ |
303 | int x509_note_signature(void *context, size_t hdrlen, |
304 | unsigned char tag, |
305 | const void *value, size_t vlen) |
306 | { |
307 | struct x509_parse_context *ctx = context; |
308 | |
309 | pr_debug("Signature: alg=%u, size=%zu\n" , ctx->last_oid, vlen); |
310 | |
311 | /* |
312 | * In X.509 certificates, the signature's algorithm is stored in two |
313 | * places: inside the TBSCertificate (the data that is signed), and |
314 | * alongside the signature. These *must* match. |
315 | */ |
316 | if (ctx->last_oid != ctx->sig_algo) { |
317 | pr_warn("signatureAlgorithm (%u) differs from tbsCertificate.signature (%u)\n" , |
318 | ctx->last_oid, ctx->sig_algo); |
319 | return -EINVAL; |
320 | } |
321 | |
322 | if (strcmp(ctx->cert->sig->pkey_algo, "rsa" ) == 0 || |
323 | strcmp(ctx->cert->sig->pkey_algo, "ecrdsa" ) == 0 || |
324 | strcmp(ctx->cert->sig->pkey_algo, "sm2" ) == 0 || |
325 | strcmp(ctx->cert->sig->pkey_algo, "ecdsa" ) == 0) { |
326 | /* Discard the BIT STRING metadata */ |
327 | if (vlen < 1 || *(const u8 *)value != 0) |
328 | return -EBADMSG; |
329 | |
330 | value++; |
331 | vlen--; |
332 | } |
333 | |
334 | ctx->cert->raw_sig = value; |
335 | ctx->cert->raw_sig_size = vlen; |
336 | return 0; |
337 | } |
338 | |
339 | /* |
340 | * Note the certificate serial number |
341 | */ |
342 | int x509_note_serial(void *context, size_t hdrlen, |
343 | unsigned char tag, |
344 | const void *value, size_t vlen) |
345 | { |
346 | struct x509_parse_context *ctx = context; |
347 | ctx->cert->raw_serial = value; |
348 | ctx->cert->raw_serial_size = vlen; |
349 | return 0; |
350 | } |
351 | |
352 | /* |
353 | * Note some of the name segments from which we'll fabricate a name. |
354 | */ |
355 | int (void *context, size_t hdrlen, |
356 | unsigned char tag, |
357 | const void *value, size_t vlen) |
358 | { |
359 | struct x509_parse_context *ctx = context; |
360 | |
361 | switch (ctx->last_oid) { |
362 | case OID_commonName: |
363 | ctx->cn_size = vlen; |
364 | ctx->cn_offset = (unsigned long)value - ctx->data; |
365 | break; |
366 | case OID_organizationName: |
367 | ctx->o_size = vlen; |
368 | ctx->o_offset = (unsigned long)value - ctx->data; |
369 | break; |
370 | case OID_email_address: |
371 | ctx->email_size = vlen; |
372 | ctx->email_offset = (unsigned long)value - ctx->data; |
373 | break; |
374 | default: |
375 | break; |
376 | } |
377 | |
378 | return 0; |
379 | } |
380 | |
381 | /* |
382 | * Fabricate and save the issuer and subject names |
383 | */ |
384 | static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen, |
385 | unsigned char tag, |
386 | char **_name, size_t vlen) |
387 | { |
388 | const void *name, *data = (const void *)ctx->data; |
389 | size_t namesize; |
390 | char *buffer; |
391 | |
392 | if (*_name) |
393 | return -EINVAL; |
394 | |
395 | /* Empty name string if no material */ |
396 | if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { |
397 | buffer = kmalloc(size: 1, GFP_KERNEL); |
398 | if (!buffer) |
399 | return -ENOMEM; |
400 | buffer[0] = 0; |
401 | goto done; |
402 | } |
403 | |
404 | if (ctx->cn_size && ctx->o_size) { |
405 | /* Consider combining O and CN, but use only the CN if it is |
406 | * prefixed by the O, or a significant portion thereof. |
407 | */ |
408 | namesize = ctx->cn_size; |
409 | name = data + ctx->cn_offset; |
410 | if (ctx->cn_size >= ctx->o_size && |
411 | memcmp(p: data + ctx->cn_offset, q: data + ctx->o_offset, |
412 | size: ctx->o_size) == 0) |
413 | goto single_component; |
414 | if (ctx->cn_size >= 7 && |
415 | ctx->o_size >= 7 && |
416 | memcmp(p: data + ctx->cn_offset, q: data + ctx->o_offset, size: 7) == 0) |
417 | goto single_component; |
418 | |
419 | buffer = kmalloc(size: ctx->o_size + 2 + ctx->cn_size + 1, |
420 | GFP_KERNEL); |
421 | if (!buffer) |
422 | return -ENOMEM; |
423 | |
424 | memcpy(buffer, |
425 | data + ctx->o_offset, ctx->o_size); |
426 | buffer[ctx->o_size + 0] = ':'; |
427 | buffer[ctx->o_size + 1] = ' '; |
428 | memcpy(buffer + ctx->o_size + 2, |
429 | data + ctx->cn_offset, ctx->cn_size); |
430 | buffer[ctx->o_size + 2 + ctx->cn_size] = 0; |
431 | goto done; |
432 | |
433 | } else if (ctx->cn_size) { |
434 | namesize = ctx->cn_size; |
435 | name = data + ctx->cn_offset; |
436 | } else if (ctx->o_size) { |
437 | namesize = ctx->o_size; |
438 | name = data + ctx->o_offset; |
439 | } else { |
440 | namesize = ctx->email_size; |
441 | name = data + ctx->email_offset; |
442 | } |
443 | |
444 | single_component: |
445 | buffer = kmalloc(size: namesize + 1, GFP_KERNEL); |
446 | if (!buffer) |
447 | return -ENOMEM; |
448 | memcpy(buffer, name, namesize); |
449 | buffer[namesize] = 0; |
450 | |
451 | done: |
452 | *_name = buffer; |
453 | ctx->cn_size = 0; |
454 | ctx->o_size = 0; |
455 | ctx->email_size = 0; |
456 | return 0; |
457 | } |
458 | |
459 | int x509_note_issuer(void *context, size_t hdrlen, |
460 | unsigned char tag, |
461 | const void *value, size_t vlen) |
462 | { |
463 | struct x509_parse_context *ctx = context; |
464 | struct asymmetric_key_id *kid; |
465 | |
466 | ctx->cert->raw_issuer = value; |
467 | ctx->cert->raw_issuer_size = vlen; |
468 | |
469 | if (!ctx->cert->sig->auth_ids[2]) { |
470 | kid = asymmetric_key_generate_id(val_1: value, len_1: vlen, val_2: "" , len_2: 0); |
471 | if (IS_ERR(ptr: kid)) |
472 | return PTR_ERR(ptr: kid); |
473 | ctx->cert->sig->auth_ids[2] = kid; |
474 | } |
475 | |
476 | return x509_fabricate_name(ctx, hdrlen, tag, name: &ctx->cert->issuer, vlen); |
477 | } |
478 | |
479 | int x509_note_subject(void *context, size_t hdrlen, |
480 | unsigned char tag, |
481 | const void *value, size_t vlen) |
482 | { |
483 | struct x509_parse_context *ctx = context; |
484 | ctx->cert->raw_subject = value; |
485 | ctx->cert->raw_subject_size = vlen; |
486 | return x509_fabricate_name(ctx, hdrlen, tag, name: &ctx->cert->subject, vlen); |
487 | } |
488 | |
489 | /* |
490 | * Extract the parameters for the public key |
491 | */ |
492 | int x509_note_params(void *context, size_t hdrlen, |
493 | unsigned char tag, |
494 | const void *value, size_t vlen) |
495 | { |
496 | struct x509_parse_context *ctx = context; |
497 | |
498 | /* |
499 | * AlgorithmIdentifier is used three times in the x509, we should skip |
500 | * first and ignore third, using second one which is after subject and |
501 | * before subjectPublicKey. |
502 | */ |
503 | if (!ctx->cert->raw_subject || ctx->key) |
504 | return 0; |
505 | ctx->params = value - hdrlen; |
506 | ctx->params_size = vlen + hdrlen; |
507 | return 0; |
508 | } |
509 | |
510 | /* |
511 | * Extract the data for the public key algorithm |
512 | */ |
513 | int (void *context, size_t hdrlen, |
514 | unsigned char tag, |
515 | const void *value, size_t vlen) |
516 | { |
517 | struct x509_parse_context *ctx = context; |
518 | enum OID oid; |
519 | |
520 | ctx->key_algo = ctx->last_oid; |
521 | switch (ctx->last_oid) { |
522 | case OID_rsaEncryption: |
523 | ctx->cert->pub->pkey_algo = "rsa" ; |
524 | break; |
525 | case OID_gost2012PKey256: |
526 | case OID_gost2012PKey512: |
527 | ctx->cert->pub->pkey_algo = "ecrdsa" ; |
528 | break; |
529 | case OID_sm2: |
530 | ctx->cert->pub->pkey_algo = "sm2" ; |
531 | break; |
532 | case OID_id_ecPublicKey: |
533 | if (parse_OID(data: ctx->params, datasize: ctx->params_size, oid: &oid) != 0) |
534 | return -EBADMSG; |
535 | |
536 | switch (oid) { |
537 | case OID_sm2: |
538 | ctx->cert->pub->pkey_algo = "sm2" ; |
539 | break; |
540 | case OID_id_prime192v1: |
541 | ctx->cert->pub->pkey_algo = "ecdsa-nist-p192" ; |
542 | break; |
543 | case OID_id_prime256v1: |
544 | ctx->cert->pub->pkey_algo = "ecdsa-nist-p256" ; |
545 | break; |
546 | case OID_id_ansip384r1: |
547 | ctx->cert->pub->pkey_algo = "ecdsa-nist-p384" ; |
548 | break; |
549 | default: |
550 | return -ENOPKG; |
551 | } |
552 | break; |
553 | default: |
554 | return -ENOPKG; |
555 | } |
556 | |
557 | /* Discard the BIT STRING metadata */ |
558 | if (vlen < 1 || *(const u8 *)value != 0) |
559 | return -EBADMSG; |
560 | ctx->key = value + 1; |
561 | ctx->key_size = vlen - 1; |
562 | return 0; |
563 | } |
564 | |
565 | /* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */ |
566 | #define SEQ_TAG_KEYID (ASN1_CONT << 6) |
567 | |
568 | /* |
569 | * Process certificate extensions that are used to qualify the certificate. |
570 | */ |
571 | int x509_process_extension(void *context, size_t hdrlen, |
572 | unsigned char tag, |
573 | const void *value, size_t vlen) |
574 | { |
575 | struct x509_parse_context *ctx = context; |
576 | struct asymmetric_key_id *kid; |
577 | const unsigned char *v = value; |
578 | |
579 | pr_debug("Extension: %u\n" , ctx->last_oid); |
580 | |
581 | if (ctx->last_oid == OID_subjectKeyIdentifier) { |
582 | /* Get hold of the key fingerprint */ |
583 | if (ctx->cert->skid || vlen < 3) |
584 | return -EBADMSG; |
585 | if (v[0] != ASN1_OTS || v[1] != vlen - 2) |
586 | return -EBADMSG; |
587 | v += 2; |
588 | vlen -= 2; |
589 | |
590 | ctx->cert->raw_skid_size = vlen; |
591 | ctx->cert->raw_skid = v; |
592 | kid = asymmetric_key_generate_id(val_1: v, len_1: vlen, val_2: "" , len_2: 0); |
593 | if (IS_ERR(ptr: kid)) |
594 | return PTR_ERR(ptr: kid); |
595 | ctx->cert->skid = kid; |
596 | pr_debug("subjkeyid %*phN\n" , kid->len, kid->data); |
597 | return 0; |
598 | } |
599 | |
600 | if (ctx->last_oid == OID_keyUsage) { |
601 | /* |
602 | * Get hold of the keyUsage bit string |
603 | * v[1] is the encoding size |
604 | * (Expect either 0x02 or 0x03, making it 1 or 2 bytes) |
605 | * v[2] is the number of unused bits in the bit string |
606 | * (If >= 3 keyCertSign is missing when v[1] = 0x02) |
607 | * v[3] and possibly v[4] contain the bit string |
608 | * |
609 | * From RFC 5280 4.2.1.3: |
610 | * 0x04 is where keyCertSign lands in this bit string |
611 | * 0x80 is where digitalSignature lands in this bit string |
612 | */ |
613 | if (v[0] != ASN1_BTS) |
614 | return -EBADMSG; |
615 | if (vlen < 4) |
616 | return -EBADMSG; |
617 | if (v[2] >= 8) |
618 | return -EBADMSG; |
619 | if (v[3] & 0x80) |
620 | ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_DIGITALSIG; |
621 | if (v[1] == 0x02 && v[2] <= 2 && (v[3] & 0x04)) |
622 | ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN; |
623 | else if (vlen > 4 && v[1] == 0x03 && (v[3] & 0x04)) |
624 | ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN; |
625 | return 0; |
626 | } |
627 | |
628 | if (ctx->last_oid == OID_authorityKeyIdentifier) { |
629 | /* Get hold of the CA key fingerprint */ |
630 | ctx->raw_akid = v; |
631 | ctx->raw_akid_size = vlen; |
632 | return 0; |
633 | } |
634 | |
635 | if (ctx->last_oid == OID_basicConstraints) { |
636 | /* |
637 | * Get hold of the basicConstraints |
638 | * v[1] is the encoding size |
639 | * (Expect 0x2 or greater, making it 1 or more bytes) |
640 | * v[2] is the encoding type |
641 | * (Expect an ASN1_BOOL for the CA) |
642 | * v[3] is the contents of the ASN1_BOOL |
643 | * (Expect 1 if the CA is TRUE) |
644 | * vlen should match the entire extension size |
645 | */ |
646 | if (v[0] != (ASN1_CONS_BIT | ASN1_SEQ)) |
647 | return -EBADMSG; |
648 | if (vlen < 2) |
649 | return -EBADMSG; |
650 | if (v[1] != vlen - 2) |
651 | return -EBADMSG; |
652 | if (vlen >= 4 && v[1] != 0 && v[2] == ASN1_BOOL && v[3] == 1) |
653 | ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_CA; |
654 | return 0; |
655 | } |
656 | |
657 | return 0; |
658 | } |
659 | |
660 | /** |
661 | * x509_decode_time - Decode an X.509 time ASN.1 object |
662 | * @_t: The time to fill in |
663 | * @hdrlen: The length of the object header |
664 | * @tag: The object tag |
665 | * @value: The object value |
666 | * @vlen: The size of the object value |
667 | * |
668 | * Decode an ASN.1 universal time or generalised time field into a struct the |
669 | * kernel can handle and check it for validity. The time is decoded thus: |
670 | * |
671 | * [RFC5280 ยง4.1.2.5] |
672 | * CAs conforming to this profile MUST always encode certificate validity |
673 | * dates through the year 2049 as UTCTime; certificate validity dates in |
674 | * 2050 or later MUST be encoded as GeneralizedTime. Conforming |
675 | * applications MUST be able to process validity dates that are encoded in |
676 | * either UTCTime or GeneralizedTime. |
677 | */ |
678 | int x509_decode_time(time64_t *_t, size_t hdrlen, |
679 | unsigned char tag, |
680 | const unsigned char *value, size_t vlen) |
681 | { |
682 | static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30, |
683 | 31, 31, 30, 31, 30, 31 }; |
684 | const unsigned char *p = value; |
685 | unsigned year, mon, day, hour, min, sec, mon_len; |
686 | |
687 | #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; }) |
688 | #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; }) |
689 | |
690 | if (tag == ASN1_UNITIM) { |
691 | /* UTCTime: YYMMDDHHMMSSZ */ |
692 | if (vlen != 13) |
693 | goto unsupported_time; |
694 | year = DD2bin(p); |
695 | if (year >= 50) |
696 | year += 1900; |
697 | else |
698 | year += 2000; |
699 | } else if (tag == ASN1_GENTIM) { |
700 | /* GenTime: YYYYMMDDHHMMSSZ */ |
701 | if (vlen != 15) |
702 | goto unsupported_time; |
703 | year = DD2bin(p) * 100 + DD2bin(p); |
704 | if (year >= 1950 && year <= 2049) |
705 | goto invalid_time; |
706 | } else { |
707 | goto unsupported_time; |
708 | } |
709 | |
710 | mon = DD2bin(p); |
711 | day = DD2bin(p); |
712 | hour = DD2bin(p); |
713 | min = DD2bin(p); |
714 | sec = DD2bin(p); |
715 | |
716 | if (*p != 'Z') |
717 | goto unsupported_time; |
718 | |
719 | if (year < 1970 || |
720 | mon < 1 || mon > 12) |
721 | goto invalid_time; |
722 | |
723 | mon_len = month_lengths[mon - 1]; |
724 | if (mon == 2) { |
725 | if (year % 4 == 0) { |
726 | mon_len = 29; |
727 | if (year % 100 == 0) { |
728 | mon_len = 28; |
729 | if (year % 400 == 0) |
730 | mon_len = 29; |
731 | } |
732 | } |
733 | } |
734 | |
735 | if (day < 1 || day > mon_len || |
736 | hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */ |
737 | min > 59 || |
738 | sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */ |
739 | goto invalid_time; |
740 | |
741 | *_t = mktime64(year, mon, day, hour, min, sec); |
742 | return 0; |
743 | |
744 | unsupported_time: |
745 | pr_debug("Got unsupported time [tag %02x]: '%*phN'\n" , |
746 | tag, (int)vlen, value); |
747 | return -EBADMSG; |
748 | invalid_time: |
749 | pr_debug("Got invalid time [tag %02x]: '%*phN'\n" , |
750 | tag, (int)vlen, value); |
751 | return -EBADMSG; |
752 | } |
753 | EXPORT_SYMBOL_GPL(x509_decode_time); |
754 | |
755 | int x509_note_not_before(void *context, size_t hdrlen, |
756 | unsigned char tag, |
757 | const void *value, size_t vlen) |
758 | { |
759 | struct x509_parse_context *ctx = context; |
760 | return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); |
761 | } |
762 | |
763 | int x509_note_not_after(void *context, size_t hdrlen, |
764 | unsigned char tag, |
765 | const void *value, size_t vlen) |
766 | { |
767 | struct x509_parse_context *ctx = context; |
768 | return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); |
769 | } |
770 | |
771 | /* |
772 | * Note a key identifier-based AuthorityKeyIdentifier |
773 | */ |
774 | int x509_akid_note_kid(void *context, size_t hdrlen, |
775 | unsigned char tag, |
776 | const void *value, size_t vlen) |
777 | { |
778 | struct x509_parse_context *ctx = context; |
779 | struct asymmetric_key_id *kid; |
780 | |
781 | pr_debug("AKID: keyid: %*phN\n" , (int)vlen, value); |
782 | |
783 | if (ctx->cert->sig->auth_ids[1]) |
784 | return 0; |
785 | |
786 | kid = asymmetric_key_generate_id(val_1: value, len_1: vlen, val_2: "" , len_2: 0); |
787 | if (IS_ERR(ptr: kid)) |
788 | return PTR_ERR(ptr: kid); |
789 | pr_debug("authkeyid %*phN\n" , kid->len, kid->data); |
790 | ctx->cert->sig->auth_ids[1] = kid; |
791 | return 0; |
792 | } |
793 | |
794 | /* |
795 | * Note a directoryName in an AuthorityKeyIdentifier |
796 | */ |
797 | int x509_akid_note_name(void *context, size_t hdrlen, |
798 | unsigned char tag, |
799 | const void *value, size_t vlen) |
800 | { |
801 | struct x509_parse_context *ctx = context; |
802 | |
803 | pr_debug("AKID: name: %*phN\n" , (int)vlen, value); |
804 | |
805 | ctx->akid_raw_issuer = value; |
806 | ctx->akid_raw_issuer_size = vlen; |
807 | return 0; |
808 | } |
809 | |
810 | /* |
811 | * Note a serial number in an AuthorityKeyIdentifier |
812 | */ |
813 | int x509_akid_note_serial(void *context, size_t hdrlen, |
814 | unsigned char tag, |
815 | const void *value, size_t vlen) |
816 | { |
817 | struct x509_parse_context *ctx = context; |
818 | struct asymmetric_key_id *kid; |
819 | |
820 | pr_debug("AKID: serial: %*phN\n" , (int)vlen, value); |
821 | |
822 | if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0]) |
823 | return 0; |
824 | |
825 | kid = asymmetric_key_generate_id(val_1: value, |
826 | len_1: vlen, |
827 | val_2: ctx->akid_raw_issuer, |
828 | len_2: ctx->akid_raw_issuer_size); |
829 | if (IS_ERR(ptr: kid)) |
830 | return PTR_ERR(ptr: kid); |
831 | |
832 | pr_debug("authkeyid %*phN\n" , kid->len, kid->data); |
833 | ctx->cert->sig->auth_ids[0] = kid; |
834 | return 0; |
835 | } |
836 | |