- renamed some files
[strongswan.git] / Source / lib / asn1 / x509.c
1 /* Support of X.509 certificates
2 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
3 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
4 * Copyright (C) 2002 Mario Strasser
5 * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * RCSID $Id: x509.c,v 1.35 2006/02/28 19:12:19 as Exp $
18 */
19
20 #include <stdlib.h>
21 #include <stdio.h>
22 #include <string.h>
23 #include <unistd.h>
24 #include <dirent.h>
25 #include <time.h>
26 #include <sys/types.h>
27
28 #include <freeswan.h>
29 #include <freeswan/ipsec_policy.h>
30
31 #include "constants.h"
32 #include "defs.h"
33 #include "mp_defs.h"
34 #include "log.h"
35 #include "id.h"
36 #include "asn1.h"
37 #include "oid.h"
38 #include "pkcs1.h"
39 #include "x509.h"
40 #include "crl.h"
41 #include "ca.h"
42 #include "certs.h"
43 #include "keys.h"
44 #include "whack.h"
45 #include "fetch.h"
46 #include "ocsp.h"
47 #include "sha1.h"
48
49 /* chained lists of X.509 end certificates */
50
51 static x509cert_t *x509certs = NULL;
52
53 /* ASN.1 definition of a basicConstraints extension */
54
55 static const asn1Object_t basicConstraintsObjects[] = {
56 { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
57 { 1, "CA", ASN1_BOOLEAN, ASN1_DEF |
58 ASN1_BODY }, /* 1 */
59 { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT |
60 ASN1_BODY }, /* 2 */
61 { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
62 };
63
64 #define BASIC_CONSTRAINTS_CA 1
65 #define BASIC_CONSTRAINTS_ROOF 4
66
67 /* ASN.1 definition of time */
68
69 static const asn1Object_t timeObjects[] = {
70 { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT |
71 ASN1_BODY }, /* 0 */
72 { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
73 { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT |
74 ASN1_BODY }, /* 2 */
75 { 0, "end opt", ASN1_EOC, ASN1_END } /* 3 */
76 };
77
78 #define TIME_UTC 0
79 #define TIME_GENERALIZED 2
80 #define TIME_ROOF 4
81
82 /* ASN.1 definition of a keyIdentifier */
83
84 static const asn1Object_t keyIdentifierObjects[] = {
85 { 0, "keyIdentifier", ASN1_OCTET_STRING, ASN1_BODY } /* 0 */
86 };
87
88 /* ASN.1 definition of a authorityKeyIdentifier extension */
89
90 static const asn1Object_t authorityKeyIdentifierObjects[] = {
91 { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
92 { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT |
93 ASN1_OBJ }, /* 1 */
94 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
95 { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT |
96 ASN1_OBJ }, /* 3 */
97 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
98 { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT |
99 ASN1_BODY }, /* 5 */
100 { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */
101 };
102
103 #define AUTH_KEY_ID_KEY_ID 1
104 #define AUTH_KEY_ID_CERT_ISSUER 3
105 #define AUTH_KEY_ID_CERT_SERIAL 5
106 #define AUTH_KEY_ID_ROOF 7
107
108 /* ASN.1 definition of a authorityInfoAccess extension */
109
110 static const asn1Object_t authorityInfoAccessObjects[] = {
111 { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
112 { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
113 { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */
114 { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */
115 { 0, "end loop", ASN1_EOC, ASN1_END } /* 4 */
116 };
117
118 #define AUTH_INFO_ACCESS_METHOD 2
119 #define AUTH_INFO_ACCESS_LOCATION 3
120 #define AUTH_INFO_ACCESS_ROOF 5
121
122 /* ASN.1 definition of a extendedKeyUsage extension */
123
124 static const asn1Object_t extendedKeyUsageObjects[] = {
125 { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
126 { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */
127 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
128 };
129
130 #define EXT_KEY_USAGE_PURPOSE_ID 1
131 #define EXT_KEY_USAGE_ROOF 3
132
133 /* ASN.1 definition of generalNames */
134
135 static const asn1Object_t generalNamesObjects[] = {
136 { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
137 { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */
138 { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */
139 };
140
141 #define GENERAL_NAMES_GN 1
142 #define GENERAL_NAMES_ROOF 3
143
144 /* ASN.1 definition of generalName */
145
146 static const asn1Object_t generalNameObjects[] = {
147 { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT |
148 ASN1_BODY }, /* 0 */
149 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */
150 { 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT |
151 ASN1_BODY }, /* 2 */
152 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */
153 { 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT |
154 ASN1_BODY }, /* 4 */
155 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
156 { 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT |
157 ASN1_BODY }, /* 6 */
158 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
159 { 0, "directoryName", ASN1_CONTEXT_C_4, ASN1_OPT |
160 ASN1_BODY }, /* 8 */
161 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
162 { 0, "ediPartyName", ASN1_CONTEXT_C_5, ASN1_OPT |
163 ASN1_BODY }, /* 10 */
164 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 11 */
165 { 0, "uniformResourceIdentifier", ASN1_CONTEXT_S_6, ASN1_OPT |
166 ASN1_BODY }, /* 12 */
167 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 13 */
168 { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT |
169 ASN1_BODY }, /* 14 */
170 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */
171 { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT |
172 ASN1_BODY }, /* 16 */
173 { 0, "end choice", ASN1_EOC, ASN1_END } /* 17 */
174 };
175
176 #define GN_OBJ_OTHER_NAME 0
177 #define GN_OBJ_RFC822_NAME 2
178 #define GN_OBJ_DNS_NAME 4
179 #define GN_OBJ_X400_ADDRESS 6
180 #define GN_OBJ_DIRECTORY_NAME 8
181 #define GN_OBJ_EDI_PARTY_NAME 10
182 #define GN_OBJ_URI 12
183 #define GN_OBJ_IP_ADDRESS 14
184 #define GN_OBJ_REGISTERED_ID 16
185 #define GN_OBJ_ROOF 18
186
187 /* ASN.1 definition of otherName */
188
189 static const asn1Object_t otherNameObjects[] = {
190 {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
191 {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY } /* 1 */
192 };
193
194 #define ON_OBJ_ID_TYPE 0
195 #define ON_OBJ_VALUE 1
196 #define ON_OBJ_ROOF 2
197
198 /* ASN.1 definition of crlDistributionPoints */
199
200 static const asn1Object_t crlDistributionPointsObjects[] = {
201 { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
202 { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
203 { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT |
204 ASN1_LOOP }, /* 2 */
205 { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT |
206 ASN1_OBJ }, /* 3 */
207 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */
208 { 3, "nameRelativeToCRLIssuer", ASN1_CONTEXT_C_1, ASN1_OPT |
209 ASN1_BODY }, /* 5 */
210 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */
211 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */
212 { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT |
213 ASN1_BODY }, /* 8 */
214 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */
215 { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT |
216 ASN1_BODY }, /* 10 */
217 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */
218 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */
219 };
220
221 #define CRL_DIST_POINTS_FULLNAME 3
222 #define CRL_DIST_POINTS_ROOF 13
223
224 /* ASN.1 definition of an X.509v3 certificate */
225
226 static const asn1Object_t certObjects[] = {
227 { 0, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
228 { 1, "tbsCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
229 { 2, "DEFAULT v1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 2 */
230 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */
231 { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 4 */
232 { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 5 */
233 { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
234 { 2, "validity", ASN1_SEQUENCE, ASN1_NONE }, /* 7 */
235 { 3, "notBefore", ASN1_EOC, ASN1_RAW }, /* 8 */
236 { 3, "notAfter", ASN1_EOC, ASN1_RAW }, /* 9 */
237 { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
238 { 2, "subjectPublicKeyInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
239 { 3, "algorithm", ASN1_EOC, ASN1_RAW }, /* 12 */
240 { 3, "subjectPublicKey", ASN1_BIT_STRING, ASN1_NONE }, /* 13 */
241 { 4, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 14 */
242 { 5, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 15 */
243 { 5, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 16 */
244 { 2, "issuerUniqueID", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 17 */
245 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 18 */
246 { 2, "subjectUniqueID", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 19 */
247 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
248 { 2, "optional extensions", ASN1_CONTEXT_C_3, ASN1_OPT }, /* 21 */
249 { 3, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 22 */
250 { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 23 */
251 { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 24 */
252 { 5, "critical", ASN1_BOOLEAN, ASN1_DEF |
253 ASN1_BODY }, /* 25 */
254 { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 26 */
255 { 3, "end loop", ASN1_EOC, ASN1_END }, /* 27 */
256 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 28 */
257 { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 29 */
258 { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 30 */
259 };
260
261 #define X509_OBJ_CERTIFICATE 0
262 #define X509_OBJ_TBS_CERTIFICATE 1
263 #define X509_OBJ_VERSION 3
264 #define X509_OBJ_SERIAL_NUMBER 4
265 #define X509_OBJ_SIG_ALG 5
266 #define X509_OBJ_ISSUER 6
267 #define X509_OBJ_NOT_BEFORE 8
268 #define X509_OBJ_NOT_AFTER 9
269 #define X509_OBJ_SUBJECT 10
270 #define X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM 12
271 #define X509_OBJ_SUBJECT_PUBLIC_KEY 13
272 #define X509_OBJ_RSA_PUBLIC_KEY 14
273 #define X509_OBJ_MODULUS 15
274 #define X509_OBJ_PUBLIC_EXPONENT 16
275 #define X509_OBJ_EXTN_ID 24
276 #define X509_OBJ_CRITICAL 25
277 #define X509_OBJ_EXTN_VALUE 26
278 #define X509_OBJ_ALGORITHM 29
279 #define X509_OBJ_SIGNATURE 30
280 #define X509_OBJ_ROOF 31
281
282
283 const x509cert_t empty_x509cert = {
284 NULL , /* *next */
285 UNDEFINED_TIME, /* installed */
286 0 , /* count */
287 FALSE , /* smartcard */
288 AUTH_NONE , /* authority_flags */
289 { NULL, 0 } , /* certificate */
290 { NULL, 0 } , /* tbsCertificate */
291 1 , /* version */
292 { NULL, 0 } , /* serialNumber */
293 OID_UNKNOWN , /* sigAlg */
294 { NULL, 0 } , /* issuer */
295 /* validity */
296 0 , /* notBefore */
297 0 , /* notAfter */
298 { NULL, 0 } , /* subject */
299 /* subjectPublicKeyInfo */
300 OID_UNKNOWN , /* subjectPublicKeyAlgorithm */
301 { NULL, 0 } , /* subjectPublicKey */
302 { NULL, 0 } , /* modulus */
303 { NULL, 0 } , /* publicExponent */
304 /* issuerUniqueID */
305 /* subjectUniqueID */
306 /* extensions */
307 /* extension */
308 /* extnID */
309 /* critical */
310 /* extnValue */
311 FALSE , /* isCA */
312 FALSE , /* isOcspSigner */
313 { NULL, 0 } , /* subjectKeyID */
314 { NULL, 0 } , /* authKeyID */
315 { NULL, 0 } , /* authKeySerialNumber */
316 { NULL, 0 } , /* accessLocation */
317 NULL , /* subjectAltName */
318 NULL , /* crlDistributionPoints */
319 OID_UNKNOWN , /* algorithm */
320 { NULL, 0 } /* signature */
321 };
322
323 /* coding of X.501 distinguished name */
324
325 typedef struct {
326 const u_char *name;
327 chunk_t oid;
328 u_char type;
329 } x501rdn_t;
330
331 /* X.501 acronyms for well known object identifiers (OIDs) */
332
333 static u_char oid_ND[] = {0x02, 0x82, 0x06, 0x01,
334 0x0A, 0x07, 0x14};
335 static u_char oid_UID[] = {0x09, 0x92, 0x26, 0x89, 0x93,
336 0xF2, 0x2C, 0x64, 0x01, 0x01};
337 static u_char oid_DC[] = {0x09, 0x92, 0x26, 0x89, 0x93,
338 0xF2, 0x2C, 0x64, 0x01, 0x19};
339 static u_char oid_CN[] = {0x55, 0x04, 0x03};
340 static u_char oid_S[] = {0x55, 0x04, 0x04};
341 static u_char oid_SN[] = {0x55, 0x04, 0x05};
342 static u_char oid_C[] = {0x55, 0x04, 0x06};
343 static u_char oid_L[] = {0x55, 0x04, 0x07};
344 static u_char oid_ST[] = {0x55, 0x04, 0x08};
345 static u_char oid_O[] = {0x55, 0x04, 0x0A};
346 static u_char oid_OU[] = {0x55, 0x04, 0x0B};
347 static u_char oid_T[] = {0x55, 0x04, 0x0C};
348 static u_char oid_D[] = {0x55, 0x04, 0x0D};
349 static u_char oid_N[] = {0x55, 0x04, 0x29};
350 static u_char oid_G[] = {0x55, 0x04, 0x2A};
351 static u_char oid_I[] = {0x55, 0x04, 0x2B};
352 static u_char oid_ID[] = {0x55, 0x04, 0x2D};
353 static u_char oid_E[] = {0x2A, 0x86, 0x48, 0x86, 0xF7,
354 0x0D, 0x01, 0x09, 0x01};
355 static u_char oid_UN[] = {0x2A, 0x86, 0x48, 0x86, 0xF7,
356 0x0D, 0x01, 0x09, 0x02};
357 static u_char oid_TCGID[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0x89,
358 0x31, 0x01, 0x01, 0x02, 0x02, 0x4B};
359
360 static const x501rdn_t x501rdns[] = {
361 {"ND" , {oid_ND, 7}, ASN1_PRINTABLESTRING},
362 {"UID" , {oid_UID, 10}, ASN1_PRINTABLESTRING},
363 {"DC" , {oid_DC, 10}, ASN1_PRINTABLESTRING},
364 {"CN" , {oid_CN, 3}, ASN1_PRINTABLESTRING},
365 {"S" , {oid_S, 3}, ASN1_PRINTABLESTRING},
366 {"SN" , {oid_SN, 3}, ASN1_PRINTABLESTRING},
367 {"serialNumber" , {oid_SN, 3}, ASN1_PRINTABLESTRING},
368 {"C" , {oid_C, 3}, ASN1_PRINTABLESTRING},
369 {"L" , {oid_L, 3}, ASN1_PRINTABLESTRING},
370 {"ST" , {oid_ST, 3}, ASN1_PRINTABLESTRING},
371 {"O" , {oid_O, 3}, ASN1_PRINTABLESTRING},
372 {"OU" , {oid_OU, 3}, ASN1_PRINTABLESTRING},
373 {"T" , {oid_T, 3}, ASN1_PRINTABLESTRING},
374 {"D" , {oid_D, 3}, ASN1_PRINTABLESTRING},
375 {"N" , {oid_N, 3}, ASN1_PRINTABLESTRING},
376 {"G" , {oid_G, 3}, ASN1_PRINTABLESTRING},
377 {"I" , {oid_I, 3}, ASN1_PRINTABLESTRING},
378 {"ID" , {oid_ID, 3}, ASN1_PRINTABLESTRING},
379 {"E" , {oid_E, 9}, ASN1_IA5STRING},
380 {"Email" , {oid_E, 9}, ASN1_IA5STRING},
381 {"emailAddress" , {oid_E, 9}, ASN1_IA5STRING},
382 {"UN" , {oid_UN, 9}, ASN1_IA5STRING},
383 {"unstructuredName", {oid_UN, 9}, ASN1_IA5STRING},
384 {"TCGID" , {oid_TCGID, 12}, ASN1_PRINTABLESTRING}
385 };
386
387 #define X501_RDN_ROOF 24
388
389 static u_char ASN1_subjectAltName_oid_str[] = {
390 0x06, 0x03, 0x55, 0x1D, 0x11
391 };
392
393 static const chunk_t ASN1_subjectAltName_oid = strchunk(ASN1_subjectAltName_oid_str);
394
395 static void
396 update_chunk(chunk_t *ch, int n)
397 {
398 n = (n > -1 && n < (int)ch->len)? n : (int)ch->len-1;
399 ch->ptr += n; ch->len -= n;
400 }
401
402
403 /*
404 * Pointer is set to the first RDN in a DN
405 */
406 static err_t
407 init_rdn(chunk_t dn, chunk_t *rdn, chunk_t *attribute, bool *next)
408 {
409 *rdn = empty_chunk;
410 *attribute = empty_chunk;
411
412 /* a DN is a SEQUENCE OF RDNs */
413
414 if (*dn.ptr != ASN1_SEQUENCE)
415 {
416 return "DN is not a SEQUENCE";
417 }
418
419 rdn->len = asn1_length(&dn);
420
421 if (rdn->len == ASN1_INVALID_LENGTH)
422 return "Invalid RDN length";
423
424 rdn->ptr = dn.ptr;
425
426 /* are there any RDNs ? */
427 *next = rdn->len > 0;
428
429 return NULL;
430 }
431
432 /*
433 * Fetches the next RDN in a DN
434 */
435 static err_t
436 get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, chunk_t *value
437 , asn1_t *type, bool *next)
438 {
439 chunk_t body;
440
441 /* initialize return values */
442 *oid = empty_chunk;
443 *value = empty_chunk;
444
445 /* if all attributes have been parsed, get next rdn */
446 if (attribute->len <= 0)
447 {
448 /* an RDN is a SET OF attributeTypeAndValue */
449 if (*rdn->ptr != ASN1_SET)
450 return "RDN is not a SET";
451
452 attribute->len = asn1_length(rdn);
453
454 if (attribute->len == ASN1_INVALID_LENGTH)
455 return "Invalid attribute length";
456
457 attribute->ptr = rdn->ptr;
458
459 /* advance to start of next RDN */
460 rdn->ptr += attribute->len;
461 rdn->len -= attribute->len;
462 }
463
464 /* an attributeTypeAndValue is a SEQUENCE */
465 if (*attribute->ptr != ASN1_SEQUENCE)
466 return "attributeTypeAndValue is not a SEQUENCE";
467
468 /* extract the attribute body */
469 body.len = asn1_length(attribute);
470
471 if (body.len == ASN1_INVALID_LENGTH)
472 return "Invalid attribute body length";
473
474 body.ptr = attribute->ptr;
475
476 /* advance to start of next attribute */
477 attribute->ptr += body.len;
478 attribute->len -= body.len;
479
480 /* attribute type is an OID */
481 if (*body.ptr != ASN1_OID)
482 return "attributeType is not an OID";
483
484 /* extract OID */
485 oid->len = asn1_length(&body);
486
487 if (oid->len == ASN1_INVALID_LENGTH)
488 return "Invalid attribute OID length";
489
490 oid->ptr = body.ptr;
491
492 /* advance to the attribute value */
493 body.ptr += oid->len;
494 body.len -= oid->len;
495
496 /* extract string type */
497 *type = *body.ptr;
498
499 /* extract string value */
500 value->len = asn1_length(&body);
501
502 if (value->len == ASN1_INVALID_LENGTH)
503 return "Invalid attribute string length";
504
505 value->ptr = body.ptr;
506
507 /* are there any RDNs left? */
508 *next = rdn->len > 0 || attribute->len > 0;
509
510 return NULL;
511 }
512
513 /*
514 * Parses an ASN.1 distinguished name int its OID/value pairs
515 */
516 static err_t
517 dn_parse(chunk_t dn, chunk_t *str)
518 {
519 chunk_t rdn, oid, attribute, value;
520 asn1_t type;
521 int oid_code;
522 bool next;
523 bool first = TRUE;
524
525 err_t ugh = init_rdn(dn, &rdn, &attribute, &next);
526
527 if (ugh != NULL) /* a parsing error has occured */
528 return ugh;
529
530 while (next)
531 {
532 ugh = get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next);
533
534 if (ugh != NULL) /* a parsing error has occured */
535 return ugh;
536
537 if (first) /* first OID/value pair */
538 first = FALSE;
539 else /* separate OID/value pair by a comma */
540 update_chunk(str, snprintf(str->ptr,str->len,", "));
541
542 /* print OID */
543 oid_code = known_oid(oid);
544 if (oid_code == OID_UNKNOWN) /* OID not found in list */
545 hex_str(oid, str);
546 else
547 update_chunk(str, snprintf(str->ptr,str->len,"%s",
548 oid_names[oid_code].name));
549
550 /* print value */
551 update_chunk(str, snprintf(str->ptr,str->len,"=%.*s",
552 (int)value.len,value.ptr));
553 }
554 return NULL;
555 }
556
557 /*
558 * Count the number of wildcard RDNs in a distinguished name
559 */
560 int
561 dn_count_wildcards(chunk_t dn)
562 {
563 chunk_t rdn, attribute, oid, value;
564 asn1_t type;
565 bool next;
566 int wildcards = 0;
567
568 err_t ugh = init_rdn(dn, &rdn, &attribute, &next);
569
570 if (ugh != NULL) /* a parsing error has occured */
571 return -1;
572
573 while (next)
574 {
575 ugh = get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next);
576
577 if (ugh != NULL) /* a parsing error has occured */
578 return -1;
579 if (value.len == 1 && *value.ptr == '*')
580 wildcards++; /* we have found a wildcard RDN */
581 }
582 return wildcards;
583 }
584
585 /*
586 * Prints a binary string in hexadecimal form
587 */
588 void
589 hex_str(chunk_t bin, chunk_t *str)
590 {
591 u_int i;
592 update_chunk(str, snprintf(str->ptr,str->len,"0x"));
593 for (i=0; i < bin.len; i++)
594 update_chunk(str, snprintf(str->ptr,str->len,"%02X",*bin.ptr++));
595 }
596
597
598 /* Converts a binary DER-encoded ASN.1 distinguished name
599 * into LDAP-style human-readable ASCII format
600 */
601 int
602 dntoa(char *dst, size_t dstlen, chunk_t dn)
603 {
604 err_t ugh = NULL;
605 chunk_t str;
606
607 str.ptr = dst;
608 str.len = dstlen;
609 ugh = dn_parse(dn, &str);
610
611 if (ugh != NULL) /* error, print DN as hex string */
612 {
613 DBG(DBG_PARSING,
614 DBG_log("error in DN parsing: %s", ugh)
615 )
616 str.ptr = dst;
617 str.len = dstlen;
618 hex_str(dn, &str);
619 }
620 return (int)(dstlen - str.len);
621 }
622
623 /*
624 * Same as dntoa but prints a special string for a null dn
625 */
626 int
627 dntoa_or_null(char *dst, size_t dstlen, chunk_t dn, const char* null_dn)
628 {
629 if (dn.ptr == NULL)
630 return snprintf(dst, dstlen, "%s", null_dn);
631 else
632 return dntoa(dst, dstlen, dn);
633 }
634
635 /* Converts an LDAP-style human-readable ASCII-encoded
636 * ASN.1 distinguished name into binary DER-encoded format
637 */
638 err_t
639 atodn(char *src, chunk_t *dn)
640 {
641 /* finite state machine for atodn */
642
643 typedef enum {
644 SEARCH_OID = 0,
645 READ_OID = 1,
646 SEARCH_NAME = 2,
647 READ_NAME = 3,
648 UNKNOWN_OID = 4
649 } state_t;
650
651 u_char oid_len_buf[3];
652 u_char name_len_buf[3];
653 u_char rdn_seq_len_buf[3];
654 u_char rdn_set_len_buf[3];
655 u_char dn_seq_len_buf[3];
656
657 chunk_t asn1_oid_len = { oid_len_buf, 0 };
658 chunk_t asn1_name_len = { name_len_buf, 0 };
659 chunk_t asn1_rdn_seq_len = { rdn_seq_len_buf, 0 };
660 chunk_t asn1_rdn_set_len = { rdn_set_len_buf, 0 };
661 chunk_t asn1_dn_seq_len = { dn_seq_len_buf, 0 };
662 chunk_t oid = empty_chunk;
663 chunk_t name = empty_chunk;
664
665 int whitespace = 0;
666 int rdn_seq_len = 0;
667 int rdn_set_len = 0;
668 int dn_seq_len = 0;
669 int pos = 0;
670
671 err_t ugh = NULL;
672
673 u_char *dn_ptr = dn->ptr + 4;
674
675 state_t state = SEARCH_OID;
676
677 do
678 {
679 switch (state)
680 {
681 case SEARCH_OID:
682 if (*src != ' ' && *src != '/' && *src != ',')
683 {
684 oid.ptr = src;
685 oid.len = 1;
686 state = READ_OID;
687 }
688 break;
689 case READ_OID:
690 if (*src != ' ' && *src != '=')
691 oid.len++;
692 else
693 {
694 for (pos = 0; pos < X501_RDN_ROOF; pos++)
695 {
696 if (strlen(x501rdns[pos].name) == oid.len &&
697 strncasecmp(x501rdns[pos].name, oid.ptr, oid.len) == 0)
698 break; /* found a valid OID */
699 }
700 if (pos == X501_RDN_ROOF)
701 {
702 ugh = "unknown OID in distinguished name";
703 state = UNKNOWN_OID;
704 break;
705 }
706 code_asn1_length(x501rdns[pos].oid.len, &asn1_oid_len);
707
708 /* reset oid and change state */
709 oid = empty_chunk;
710 state = SEARCH_NAME;
711 }
712 break;
713 case SEARCH_NAME:
714 if (*src != ' ' && *src != '=')
715 {
716 name.ptr = src;
717 name.len = 1;
718 whitespace = 0;
719 state = READ_NAME;
720 }
721 break;
722 case READ_NAME:
723 if (*src != ',' && *src != '/' && *src != '\0')
724 {
725 name.len++;
726 if (*src == ' ')
727 whitespace++;
728 else
729 whitespace = 0;
730 }
731 else
732 {
733 name.len -= whitespace;
734 code_asn1_length(name.len, &asn1_name_len);
735
736 /* compute the length of the relative distinguished name sequence */
737 rdn_seq_len = 1 + asn1_oid_len.len + x501rdns[pos].oid.len +
738 1 + asn1_name_len.len + name.len;
739 code_asn1_length(rdn_seq_len, &asn1_rdn_seq_len);
740
741 /* compute the length of the relative distinguished name set */
742 rdn_set_len = 1 + asn1_rdn_seq_len.len + rdn_seq_len;
743 code_asn1_length(rdn_set_len, &asn1_rdn_set_len);
744
745 /* encode the relative distinguished name */
746 *dn_ptr++ = ASN1_SET;
747 chunkcpy(dn_ptr, asn1_rdn_set_len);
748 *dn_ptr++ = ASN1_SEQUENCE;
749 chunkcpy(dn_ptr, asn1_rdn_seq_len);
750 *dn_ptr++ = ASN1_OID;
751 chunkcpy(dn_ptr, asn1_oid_len);
752 chunkcpy(dn_ptr, x501rdns[pos].oid);
753 /* encode the ASN.1 character string type of the name */
754 *dn_ptr++ = (x501rdns[pos].type == ASN1_PRINTABLESTRING
755 && !is_printablestring(name))? ASN1_T61STRING : x501rdns[pos].type;
756 chunkcpy(dn_ptr, asn1_name_len);
757 chunkcpy(dn_ptr, name);
758
759 /* accumulate the length of the distinguished name sequence */
760 dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len;
761
762 /* reset name and change state */
763 name = empty_chunk;
764 state = SEARCH_OID;
765 }
766 break;
767 case UNKNOWN_OID:
768 break;
769 }
770 } while (*src++ != '\0');
771
772 /* complete the distinguished name sequence*/
773 code_asn1_length(dn_seq_len, &asn1_dn_seq_len);
774 dn->ptr += 3 - asn1_dn_seq_len.len;
775 dn->len = 1 + asn1_dn_seq_len.len + dn_seq_len;
776 dn_ptr = dn->ptr;
777 *dn_ptr++ = ASN1_SEQUENCE;
778 chunkcpy(dn_ptr, asn1_dn_seq_len);
779 return ugh;
780 }
781
782 /* compare two distinguished names by
783 * comparing the individual RDNs
784 */
785 bool
786 same_dn(chunk_t a, chunk_t b)
787 {
788 chunk_t rdn_a, rdn_b, attribute_a, attribute_b;
789 chunk_t oid_a, oid_b, value_a, value_b;
790 asn1_t type_a, type_b;
791 bool next_a, next_b;
792
793 /* same lengths for the DNs */
794 if (a.len != b.len)
795 return FALSE;
796
797 /* try a binary comparison first */
798 if (memcmp(a.ptr, b.ptr, b.len) == 0)
799 return TRUE;
800
801 /* initialize DN parsing */
802 if (init_rdn(a, &rdn_a, &attribute_a, &next_a) != NULL
803 || init_rdn(b, &rdn_b, &attribute_b, &next_b) != NULL)
804 return FALSE;
805
806 /* fetch next RDN pair */
807 while (next_a && next_b)
808 {
809 /* parse next RDNs and check for errors */
810 if (get_next_rdn(&rdn_a, &attribute_a, &oid_a, &value_a, &type_a, &next_a) != NULL
811 || get_next_rdn(&rdn_b, &attribute_b, &oid_b, &value_b, &type_b, &next_b) != NULL)
812 {
813 return FALSE;
814 }
815
816 /* OIDs must agree */
817 if (oid_a.len != oid_b.len || memcmp(oid_a.ptr, oid_b.ptr, oid_b.len) != 0)
818 return FALSE;
819
820 /* same lengths for values */
821 if (value_a.len != value_b.len)
822 return FALSE;
823
824 /* printableStrings and email RDNs require uppercase comparison */
825 if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING ||
826 (type_a == ASN1_IA5STRING && known_oid(oid_a) == OID_PKCS9_EMAIL)))
827 {
828 if (strncasecmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
829 return FALSE;
830 }
831 else
832 {
833 if (strncmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
834 return FALSE;
835 }
836 }
837 /* both DNs must have same number of RDNs */
838 if (next_a || next_b)
839 return FALSE;
840
841 /* the two DNs are equal! */
842 return TRUE;
843 }
844
845
846 /* compare two distinguished names by comparing the individual RDNs.
847 * A single'*' character designates a wildcard RDN in DN b.
848 */
849 bool
850 match_dn(chunk_t a, chunk_t b, int *wildcards)
851 {
852 chunk_t rdn_a, rdn_b, attribute_a, attribute_b;
853 chunk_t oid_a, oid_b, value_a, value_b;
854 asn1_t type_a, type_b;
855 bool next_a, next_b;
856
857 /* initialize wildcard counter */
858 *wildcards = 0;
859
860 /* initialize DN parsing */
861 if (init_rdn(a, &rdn_a, &attribute_a, &next_a) != NULL
862 || init_rdn(b, &rdn_b, &attribute_b, &next_b) != NULL)
863 return FALSE;
864
865 /* fetch next RDN pair */
866 while (next_a && next_b)
867 {
868 /* parse next RDNs and check for errors */
869 if (get_next_rdn(&rdn_a, &attribute_a, &oid_a, &value_a, &type_a, &next_a) != NULL
870 || get_next_rdn(&rdn_b, &attribute_b, &oid_b, &value_b, &type_b, &next_b) != NULL)
871 {
872 return FALSE;
873 }
874
875 /* OIDs must agree */
876 if (oid_a.len != oid_b.len || memcmp(oid_a.ptr, oid_b.ptr, oid_b.len) != 0)
877 return FALSE;
878
879 /* does rdn_b contain a wildcard? */
880 if (value_b.len == 1 && *value_b.ptr == '*')
881 {
882 (*wildcards)++;
883 continue;
884 }
885
886 /* same lengths for values */
887 if (value_a.len != value_b.len)
888 return FALSE;
889
890 /* printableStrings and email RDNs require uppercase comparison */
891 if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING ||
892 (type_a == ASN1_IA5STRING && known_oid(oid_a) == OID_PKCS9_EMAIL)))
893 {
894 if (strncasecmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
895 return FALSE;
896 }
897 else
898 {
899 if (strncmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
900 return FALSE;
901 }
902 }
903 /* both DNs must have same number of RDNs */
904 if (next_a || next_b)
905 return FALSE;
906
907 /* the two DNs match! */
908 return TRUE;
909 }
910
911 /*
912 * compare two X.509 certificates by comparing their signatures
913 */
914 bool
915 same_x509cert(const x509cert_t *a, const x509cert_t *b)
916 {
917 return same_chunk(a->signature, b->signature);
918 }
919
920 /* for each link pointing to the certificate
921 " increase the count by one
922 */
923 void
924 share_x509cert(x509cert_t *cert)
925 {
926 if (cert != NULL)
927 cert->count++;
928 }
929
930 /*
931 * add a X.509 user/host certificate to the chained list
932 */
933 x509cert_t*
934 add_x509cert(x509cert_t *cert)
935 {
936 x509cert_t *c = x509certs;
937
938 while (c != NULL)
939 {
940 if (same_x509cert(c, cert)) /* already in chain, free cert */
941 {
942 free_x509cert(cert);
943 return c;
944 }
945 c = c->next;
946 }
947
948 /* insert new cert at the root of the chain */
949 lock_certs_and_keys("add_x509cert");
950 cert->next = x509certs;
951 x509certs = cert;
952 DBG(DBG_CONTROL | DBG_PARSING,
953 DBG_log(" x509 cert inserted")
954 )
955 unlock_certs_and_keys("add_x509cert");
956 return cert;
957 }
958
959 /*
960 * choose either subject DN or a subjectAltName as connection end ID
961 */
962 void
963 select_x509cert_id(x509cert_t *cert, struct id *end_id)
964 {
965 bool copy_subject_dn = TRUE; /* ID is subject DN */
966
967 if (end_id->kind != ID_NONE) /* check for matching subjectAltName */
968 {
969 generalName_t *gn = cert->subjectAltName;
970
971 while (gn != NULL)
972 {
973 struct id id = empty_id;
974
975 gntoid(&id, gn);
976 if (same_id(&id, end_id))
977 {
978 copy_subject_dn = FALSE; /* take subjectAltName instead */
979 break;
980 }
981 gn = gn->next;
982 }
983 }
984
985 if (copy_subject_dn)
986 {
987 if (end_id->kind != ID_NONE && end_id->kind != ID_DER_ASN1_DN)
988 {
989 char buf[BUF_LEN];
990
991 idtoa(end_id, buf, BUF_LEN);
992 plog(" no subjectAltName matches ID '%s', replaced by subject DN", buf);
993 }
994 end_id->kind = ID_DER_ASN1_DN;
995 end_id->name.len = cert->subject.len;
996 end_id->name.ptr = temporary_cyclic_buffer();
997 memcpy(end_id->name.ptr, cert->subject.ptr, cert->subject.len);
998 }
999 }
1000
1001 /*
1002 * check for equality between two key identifiers
1003 */
1004 bool
1005 same_keyid(chunk_t a, chunk_t b)
1006 {
1007 if (a.ptr == NULL || b.ptr == NULL)
1008 return FALSE;
1009
1010 return same_chunk(a, b);
1011 }
1012
1013 /*
1014 * check for equality between two serial numbers
1015 */
1016 bool
1017 same_serial(chunk_t a, chunk_t b)
1018 {
1019 /* do not compare serial numbers if one of them is not defined */
1020 if (a.ptr == NULL || b.ptr == NULL)
1021 return TRUE;
1022
1023 return same_chunk(a, b);
1024 }
1025
1026 /*
1027 * get a X.509 certificate with a given issuer found at a certain position
1028 */
1029 x509cert_t*
1030 get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid, x509cert_t *chain)
1031 {
1032 x509cert_t *cert = (chain != NULL)? chain->next : x509certs;
1033
1034 while (cert != NULL)
1035 {
1036 if ((keyid.ptr != NULL) ? same_keyid(keyid, cert->authKeyID)
1037 : (same_dn(issuer, cert->issuer)
1038 && same_serial(serial, cert->authKeySerialNumber)))
1039 {
1040 return cert;
1041 }
1042 cert = cert->next;
1043 }
1044 return NULL;
1045 }
1046
1047 /*
1048 * encode a linked list of subjectAltNames
1049 */
1050 chunk_t
1051 build_subjectAltNames(generalName_t *subjectAltNames)
1052 {
1053 u_char *pos;
1054 chunk_t names;
1055 size_t len = 0;
1056 generalName_t *gn = subjectAltNames;
1057
1058 /* compute the total size of the ASN.1 attributes object */
1059 while (gn != NULL)
1060 {
1061 len += gn->name.len;
1062 gn = gn->next;
1063 }
1064
1065 pos = build_asn1_object(&names, ASN1_SEQUENCE, len);
1066
1067 gn = subjectAltNames;
1068 while (gn != NULL)
1069 {
1070 chunkcpy(pos, gn->name);
1071 gn = gn->next;
1072 }
1073
1074 return asn1_wrap(ASN1_SEQUENCE, "cm"
1075 , ASN1_subjectAltName_oid
1076 , asn1_wrap(ASN1_OCTET_STRING, "m", names));
1077 }
1078
1079 /*
1080 * build a to-be-signed X.509 certificate body
1081 */
1082 static chunk_t
1083 build_tbs_x509cert(x509cert_t *cert, const RSA_public_key_t *rsa)
1084 {
1085 /* version is always X.509v3 */
1086 chunk_t version = asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2);
1087
1088 chunk_t extensions = empty_chunk;
1089
1090 if (cert->subjectAltName != NULL)
1091 {
1092 extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m"
1093 , asn1_wrap(ASN1_SEQUENCE, "m"
1094 , build_subjectAltNames(cert->subjectAltName)));
1095 }
1096
1097 return asn1_wrap(ASN1_SEQUENCE, "mmccmcmm"
1098 , version
1099 , asn1_simple_object(ASN1_INTEGER, cert->serialNumber)
1100 , asn1_algorithmIdentifier(cert->sigAlg)
1101 , cert->issuer
1102 , asn1_wrap(ASN1_SEQUENCE, "mm"
1103 , timetoasn1(&cert->notBefore, ASN1_UTCTIME)
1104 , timetoasn1(&cert->notAfter, ASN1_UTCTIME)
1105 )
1106 , cert->subject
1107 , pkcs1_build_publicKeyInfo(rsa)
1108 , extensions
1109 );
1110 }
1111
1112 /*
1113 * build a DER-encoded X.509 certificate
1114 */
1115 void
1116 build_x509cert(x509cert_t *cert, const RSA_public_key_t *cert_key
1117 , const RSA_private_key_t *signer_key)
1118 {
1119 chunk_t tbs_cert = build_tbs_x509cert(cert, cert_key);
1120
1121 chunk_t signature = pkcs1_build_signature(tbs_cert, cert->sigAlg
1122 , signer_key, TRUE);
1123
1124 cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm"
1125 , tbs_cert
1126 , asn1_algorithmIdentifier(cert->sigAlg)
1127 , signature);
1128 }
1129
1130 /*
1131 * free the dynamic memory used to store generalNames
1132 */
1133 void
1134 free_generalNames(generalName_t* gn, bool free_name)
1135 {
1136 while (gn != NULL)
1137 {
1138 generalName_t *gn_top = gn;
1139 if (free_name)
1140 {
1141 pfree(gn->name.ptr);
1142 }
1143 gn = gn->next;
1144 pfree(gn_top);
1145 }
1146 }
1147
1148 /*
1149 * free a X.509 certificate
1150 */
1151 void
1152 free_x509cert(x509cert_t *cert)
1153 {
1154 if (cert != NULL)
1155 {
1156 free_generalNames(cert->subjectAltName, FALSE);
1157 free_generalNames(cert->crlDistributionPoints, FALSE);
1158 pfreeany(cert->certificate.ptr);
1159 pfree(cert);
1160 cert = NULL;
1161 }
1162 }
1163
1164 /* release of a certificate decreases the count by one
1165 " the certificate is freed when the counter reaches zero
1166 */
1167 void
1168 release_x509cert(x509cert_t *cert)
1169 {
1170 if (cert != NULL && --cert->count == 0)
1171 {
1172 x509cert_t **pp = &x509certs;
1173 while (*pp != cert)
1174 pp = &(*pp)->next;
1175 *pp = cert->next;
1176 free_x509cert(cert);
1177 }
1178 }
1179
1180
1181 /*
1182 * stores a chained list of end certs and CA certs
1183 */
1184 void
1185 store_x509certs(x509cert_t **firstcert, bool strict)
1186 {
1187 x509cert_t *cacerts = NULL;
1188 x509cert_t **pp = firstcert;
1189
1190 /* first extract CA certs, discarding root CA certs */
1191
1192 while (*pp != NULL)
1193 {
1194 x509cert_t *cert = *pp;
1195
1196 if (cert->isCA)
1197 {
1198 *pp = cert->next;
1199
1200 /* we don't accept self-signed CA certs */
1201 if (same_dn(cert->issuer, cert->subject))
1202 {
1203 plog("self-signed cacert rejected");
1204 free_x509cert(cert);
1205 }
1206 else
1207 {
1208 /* insertion into temporary chain of candidate CA certs */
1209 cert->next = cacerts;
1210 cacerts = cert;
1211 }
1212 }
1213 else
1214 pp = &cert->next;
1215 }
1216
1217 /* now verify the candidate CA certs */
1218
1219 while (cacerts != NULL)
1220 {
1221 x509cert_t *cert = cacerts;
1222
1223 cacerts = cacerts->next;
1224
1225 if (trust_authcert_candidate(cert, cacerts))
1226 {
1227 add_authcert(cert, AUTH_CA);
1228 }
1229 else
1230 {
1231 plog("intermediate cacert rejected");
1232 free_x509cert(cert);
1233 }
1234 }
1235
1236 /* now verify the end certificates */
1237
1238 pp = firstcert;
1239
1240 while (*pp != NULL)
1241 {
1242 time_t valid_until;
1243 x509cert_t *cert = *pp;
1244
1245 if (verify_x509cert(cert, strict, &valid_until))
1246 {
1247 DBG(DBG_CONTROL | DBG_PARSING,
1248 DBG_log("public key validated")
1249 )
1250 add_x509_public_key(cert, valid_until, DAL_SIGNED);
1251 }
1252 else
1253 {
1254 plog("X.509 certificate rejected");
1255 }
1256 *pp = cert->next;
1257 free_x509cert(cert);
1258 }
1259 }
1260
1261 /*
1262 * decrypts an RSA signature using the issuer's certificate
1263 */
1264 static bool
1265 decrypt_sig(chunk_t sig, int alg, const x509cert_t *issuer_cert,
1266 chunk_t *digest)
1267 {
1268 switch (alg)
1269 {
1270 chunk_t decrypted;
1271
1272 case OID_RSA_ENCRYPTION:
1273 case OID_MD2_WITH_RSA:
1274 case OID_MD5_WITH_RSA:
1275 case OID_SHA1_WITH_RSA:
1276 case OID_SHA1_WITH_RSA_OIW:
1277 case OID_SHA256_WITH_RSA:
1278 case OID_SHA384_WITH_RSA:
1279 case OID_SHA512_WITH_RSA:
1280 {
1281 mpz_t s;
1282 RSA_public_key_t rsa;
1283
1284 init_RSA_public_key(&rsa, issuer_cert->publicExponent
1285 , issuer_cert->modulus);
1286
1287 /* decrypt the signature s = s^e mod n */
1288 n_to_mpz(s, sig.ptr, sig.len);
1289 mpz_powm(s, s, &rsa.e, &rsa.n);
1290
1291 /* convert back to bytes */
1292 decrypted = mpz_to_n(s, rsa.k);
1293 DBG(DBG_PARSING,
1294 DBG_dump_chunk(" decrypted signature: ", decrypted)
1295 )
1296
1297 /* copy the least significant bits of decrypted signature
1298 * into the digest string
1299 */
1300 memcpy(digest->ptr, decrypted.ptr + decrypted.len - digest->len,
1301 digest->len);
1302
1303 /* free memory */
1304 free_RSA_public_content(&rsa);
1305 pfree(decrypted.ptr);
1306 mpz_clear(s);
1307 return TRUE;
1308 }
1309 default:
1310 digest->len = 0;
1311 return FALSE;
1312 }
1313 }
1314
1315 /*
1316 * Check if a signature over binary blob is genuine
1317 */
1318 bool
1319 check_signature(chunk_t tbs, chunk_t sig, int digest_alg, int enc_alg
1320 , const x509cert_t *issuer_cert)
1321 {
1322 u_char digest_buf[MAX_DIGEST_LEN];
1323 u_char decrypted_buf[MAX_DIGEST_LEN];
1324 chunk_t digest = {digest_buf, MAX_DIGEST_LEN};
1325 chunk_t decrypted = {decrypted_buf, MAX_DIGEST_LEN};
1326
1327 DBG(DBG_PARSING,
1328 if (digest_alg != OID_UNKNOWN)
1329 DBG_log("signature digest algorithm: '%s'",oid_names[digest_alg].name);
1330 else
1331 DBG_log("unknown signature digest algorithm");
1332 )
1333
1334 if (!compute_digest(tbs, digest_alg, &digest))
1335 {
1336 plog(" digest algorithm not supported");
1337 return FALSE;
1338 }
1339
1340 DBG(DBG_PARSING,
1341 DBG_dump_chunk(" digest:", digest)
1342 )
1343
1344 decrypted.len = digest.len; /* we want the same digest length */
1345
1346 DBG(DBG_PARSING,
1347 if (enc_alg != OID_UNKNOWN)
1348 DBG_log("signature encryption algorithm: '%s'",oid_names[enc_alg].name);
1349 else
1350 DBG_log("unknown signature encryption algorithm");
1351 )
1352
1353 if (!decrypt_sig(sig, enc_alg, issuer_cert, &decrypted))
1354 {
1355 plog(" decryption algorithm not supported");
1356 return FALSE;
1357 }
1358
1359 /* check if digests are equal */
1360 return !memcmp(decrypted.ptr, digest.ptr, digest.len);
1361 }
1362
1363 /*
1364 * extracts the basicConstraints extension
1365 */
1366 static bool
1367 parse_basicConstraints(chunk_t blob, int level0)
1368 {
1369 asn1_ctx_t ctx;
1370 chunk_t object;
1371 u_int level;
1372 int objectID = 0;
1373 bool isCA = FALSE;
1374
1375 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1376
1377 while (objectID < BASIC_CONSTRAINTS_ROOF) {
1378
1379 if (!extract_object(basicConstraintsObjects, &objectID,
1380 &object,&level, &ctx))
1381 break;
1382
1383 if (objectID == BASIC_CONSTRAINTS_CA)
1384 {
1385 isCA = object.len && *object.ptr;
1386 DBG(DBG_PARSING,
1387 DBG_log(" %s",(isCA)?"TRUE":"FALSE");
1388 )
1389 }
1390 objectID++;
1391 }
1392 return isCA;
1393 }
1394
1395 /*
1396 * Converts a X.500 generalName into an ID
1397 */
1398 void
1399 gntoid(struct id *id, const generalName_t *gn)
1400 {
1401 switch(gn->kind)
1402 {
1403 case GN_DNS_NAME: /* ID type: ID_FQDN */
1404 id->kind = ID_FQDN;
1405 id->name = gn->name;
1406 break;
1407 case GN_IP_ADDRESS: /* ID type: ID_IPV4_ADDR */
1408 {
1409 const struct af_info *afi = &af_inet4_info;
1410 err_t ugh = NULL;
1411
1412 id->kind = afi->id_addr;
1413 ugh = initaddr(gn->name.ptr, gn->name.len, afi->af, &id->ip_addr);
1414 }
1415 break;
1416 case GN_RFC822_NAME: /* ID type: ID_USER_FQDN */
1417 id->kind = ID_USER_FQDN;
1418 id->name = gn->name;
1419 break;
1420 default:
1421 id->kind = ID_NONE;
1422 id->name = empty_chunk;
1423 }
1424 }
1425
1426 /* compute the subjectKeyIdentifier according to section 4.2.1.2 of RFC 3280
1427 * as the 160 bit SHA-1 hash of the public key
1428 */
1429 void
1430 compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID)
1431 {
1432 SHA1_CTX context;
1433
1434 SHA1Init(&context);
1435 SHA1Update(&context
1436 , cert->subjectPublicKey.ptr
1437 , cert->subjectPublicKey.len);
1438 SHA1Final(subjectKeyID.ptr, &context);
1439 subjectKeyID.len = SHA1_DIGEST_SIZE;
1440 }
1441
1442 /*
1443 * extracts an otherName
1444 */
1445 static bool
1446 parse_otherName(chunk_t blob, int level0)
1447 {
1448 asn1_ctx_t ctx;
1449 chunk_t object;
1450 int objectID = 0;
1451 u_int level;
1452 int oid = OID_UNKNOWN;
1453
1454 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1455
1456 while (objectID < ON_OBJ_ROOF)
1457 {
1458 if (!extract_object(otherNameObjects, &objectID, &object, &level, &ctx))
1459 return FALSE;
1460
1461 switch (objectID)
1462 {
1463 case ON_OBJ_ID_TYPE:
1464 oid = known_oid(object);
1465 break;
1466 case ON_OBJ_VALUE:
1467 if (oid == OID_XMPP_ADDR)
1468 {
1469 if (!parse_asn1_simple_object(&object, ASN1_UTF8STRING
1470 , level + 1, "xmppAddr"))
1471 {
1472 return FALSE;
1473 }
1474 }
1475 break;
1476 default:
1477 break;
1478 }
1479 objectID++;
1480 }
1481 return TRUE;
1482 }
1483
1484
1485 /*
1486 * extracts a generalName
1487 */
1488 static generalName_t*
1489 parse_generalName(chunk_t blob, int level0)
1490 {
1491 u_char buf[BUF_LEN];
1492 asn1_ctx_t ctx;
1493 chunk_t object;
1494 int objectID = 0;
1495 u_int level;
1496
1497 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1498
1499 while (objectID < GN_OBJ_ROOF)
1500 {
1501 bool valid_gn = FALSE;
1502
1503 if (!extract_object(generalNameObjects, &objectID, &object, &level, &ctx))
1504 return NULL;
1505
1506 switch (objectID) {
1507 case GN_OBJ_RFC822_NAME:
1508 case GN_OBJ_DNS_NAME:
1509 case GN_OBJ_URI:
1510 DBG(DBG_PARSING,
1511 DBG_log(" '%.*s'", (int)object.len, object.ptr);
1512 )
1513 valid_gn = TRUE;
1514 break;
1515 case GN_OBJ_DIRECTORY_NAME:
1516 DBG(DBG_PARSING,
1517 dntoa(buf, BUF_LEN, object);
1518 DBG_log(" '%s'", buf)
1519 )
1520 valid_gn = TRUE;
1521 break;
1522 case GN_OBJ_IP_ADDRESS:
1523 DBG(DBG_PARSING,
1524 DBG_log(" '%d.%d.%d.%d'", *object.ptr, *(object.ptr+1),
1525 *(object.ptr+2), *(object.ptr+3));
1526 )
1527 valid_gn = TRUE;
1528 break;
1529 case GN_OBJ_OTHER_NAME:
1530 if (!parse_otherName(object, level + 1))
1531 return NULL;
1532 break;
1533 case GN_OBJ_X400_ADDRESS:
1534 case GN_OBJ_EDI_PARTY_NAME:
1535 case GN_OBJ_REGISTERED_ID:
1536 break;
1537 default:
1538 break;
1539 }
1540
1541 if (valid_gn)
1542 {
1543 generalName_t *gn = alloc_thing(generalName_t, "generalName");
1544 gn->kind = (objectID - GN_OBJ_OTHER_NAME) / 2;
1545 gn->name = object;
1546 gn->next = NULL;
1547 return gn;
1548 }
1549 objectID++;
1550 }
1551 return NULL;
1552 }
1553
1554
1555 /*
1556 * extracts one or several GNs and puts them into a chained list
1557 */
1558 static generalName_t*
1559 parse_generalNames(chunk_t blob, int level0, bool implicit)
1560 {
1561 asn1_ctx_t ctx;
1562 chunk_t object;
1563 u_int level;
1564 int objectID = 0;
1565
1566 generalName_t *top_gn = NULL;
1567
1568 asn1_init(&ctx, blob, level0, implicit, DBG_RAW);
1569
1570 while (objectID < GENERAL_NAMES_ROOF)
1571 {
1572 if (!extract_object(generalNamesObjects, &objectID, &object, &level, &ctx))
1573 return NULL;
1574
1575 if (objectID == GENERAL_NAMES_GN)
1576 {
1577 generalName_t *gn = parse_generalName(object, level+1);
1578 if (gn != NULL)
1579 {
1580 gn->next = top_gn;
1581 top_gn = gn;
1582 }
1583 }
1584 objectID++;
1585 }
1586 return top_gn;
1587 }
1588
1589 /*
1590 * returns a directoryName
1591 */
1592 chunk_t get_directoryName(chunk_t blob, int level, bool implicit)
1593 {
1594 chunk_t name = empty_chunk;
1595 generalName_t * gn = parse_generalNames(blob, level, implicit);
1596
1597 if (gn != NULL && gn->kind == GN_DIRECTORY_NAME)
1598 name= gn->name;
1599
1600 free_generalNames(gn, FALSE);
1601
1602 return name;
1603 }
1604
1605 /*
1606 * extracts and converts a UTCTIME or GENERALIZEDTIME object
1607 */
1608 time_t
1609 parse_time(chunk_t blob, int level0)
1610 {
1611 asn1_ctx_t ctx;
1612 chunk_t object;
1613 u_int level;
1614 int objectID = 0;
1615
1616 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1617
1618 while (objectID < TIME_ROOF)
1619 {
1620 if (!extract_object(timeObjects, &objectID, &object, &level, &ctx))
1621 return UNDEFINED_TIME;
1622
1623 if (objectID == TIME_UTC || objectID == TIME_GENERALIZED)
1624 {
1625 return asn1totime(&object, (objectID == TIME_UTC)
1626 ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME);
1627 }
1628 objectID++;
1629 }
1630 return UNDEFINED_TIME;
1631 }
1632
1633 /*
1634 * extracts a keyIdentifier
1635 */
1636 static chunk_t
1637 parse_keyIdentifier(chunk_t blob, int level0, bool implicit)
1638 {
1639 asn1_ctx_t ctx;
1640 chunk_t object;
1641 u_int level;
1642 int objectID = 0;
1643
1644 asn1_init(&ctx, blob, level0, implicit, DBG_RAW);
1645
1646 extract_object(keyIdentifierObjects, &objectID, &object, &level, &ctx);
1647 return object;
1648 }
1649
1650 /*
1651 * extracts an authoritykeyIdentifier
1652 */
1653 void
1654 parse_authorityKeyIdentifier(chunk_t blob, int level0
1655 , chunk_t *authKeyID, chunk_t *authKeySerialNumber)
1656 {
1657 asn1_ctx_t ctx;
1658 chunk_t object;
1659 u_int level;
1660 int objectID = 0;
1661
1662 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1663
1664 while (objectID < AUTH_KEY_ID_ROOF)
1665 {
1666 if (!extract_object(authorityKeyIdentifierObjects, &objectID, &object, &level, &ctx))
1667 return;
1668
1669 switch (objectID) {
1670 case AUTH_KEY_ID_KEY_ID:
1671 *authKeyID = parse_keyIdentifier(object, level+1, TRUE);
1672 break;
1673 case AUTH_KEY_ID_CERT_ISSUER:
1674 {
1675 generalName_t * gn = parse_generalNames(object, level+1, TRUE);
1676
1677 free_generalNames(gn, FALSE);
1678 }
1679 break;
1680 case AUTH_KEY_ID_CERT_SERIAL:
1681 *authKeySerialNumber = object;
1682 break;
1683 default:
1684 break;
1685 }
1686 objectID++;
1687 }
1688 }
1689
1690 /*
1691 * extracts an authorityInfoAcess location
1692 */
1693 static void
1694 parse_authorityInfoAccess(chunk_t blob, int level0, chunk_t *accessLocation)
1695 {
1696 asn1_ctx_t ctx;
1697 chunk_t object;
1698 u_int level;
1699 int objectID = 0;
1700
1701 u_int accessMethod = OID_UNKNOWN;
1702
1703 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1704
1705 while (objectID < AUTH_INFO_ACCESS_ROOF)
1706 {
1707 if (!extract_object(authorityInfoAccessObjects, &objectID, &object, &level, &ctx))
1708 return;
1709
1710 switch (objectID) {
1711 case AUTH_INFO_ACCESS_METHOD:
1712 accessMethod = known_oid(object);
1713 break;
1714 case AUTH_INFO_ACCESS_LOCATION:
1715 {
1716 switch (accessMethod)
1717 {
1718 case OID_OCSP:
1719 if (*object.ptr == ASN1_CONTEXT_S_6)
1720 {
1721 if (asn1_length(&object) == ASN1_INVALID_LENGTH)
1722 return;
1723
1724 DBG(DBG_PARSING,
1725 DBG_log(" '%.*s'",(int)object.len, object.ptr)
1726 )
1727
1728 /* only HTTP(S) URIs accepted */
1729 if (strncasecmp(object.ptr, "http", 4) == 0)
1730 {
1731 *accessLocation = object;
1732 return;
1733 }
1734 }
1735 plog("warning: ignoring OCSP InfoAccessLocation with unkown protocol");
1736 break;
1737 default:
1738 /* unkown accessMethod, ignoring */
1739 break;
1740 }
1741 }
1742 break;
1743 default:
1744 break;
1745 }
1746 objectID++;
1747 }
1748
1749 }
1750
1751 /*
1752 * extracts extendedKeyUsage OIDs
1753 */
1754 static bool
1755 parse_extendedKeyUsage(chunk_t blob, int level0)
1756 {
1757 asn1_ctx_t ctx;
1758 chunk_t object;
1759 u_int level;
1760 int objectID = 0;
1761
1762 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1763
1764 while (objectID < EXT_KEY_USAGE_ROOF)
1765 {
1766 if (!extract_object(extendedKeyUsageObjects, &objectID
1767 , &object, &level, &ctx))
1768 return FALSE;
1769
1770 if (objectID == EXT_KEY_USAGE_PURPOSE_ID
1771 && known_oid(object) == OID_OCSP_SIGNING)
1772 return TRUE;
1773 objectID++;
1774 }
1775 return FALSE;
1776 }
1777
1778 /* extracts one or several crlDistributionPoints and puts them into
1779 * a chained list
1780 */
1781 static generalName_t*
1782 parse_crlDistributionPoints(chunk_t blob, int level0)
1783 {
1784 asn1_ctx_t ctx;
1785 chunk_t object;
1786 u_int level;
1787 int objectID = 0;
1788
1789 generalName_t *top_gn = NULL; /* top of the chained list */
1790 generalName_t **tail_gn = &top_gn; /* tail of the chained list */
1791
1792 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1793
1794 while (objectID < CRL_DIST_POINTS_ROOF)
1795 {
1796 if (!extract_object(crlDistributionPointsObjects, &objectID,
1797 &object, &level, &ctx))
1798 return NULL;
1799
1800 if (objectID == CRL_DIST_POINTS_FULLNAME)
1801 {
1802 generalName_t *gn = parse_generalNames(object, level+1, TRUE);
1803 /* append extracted generalNames to existing chained list */
1804 *tail_gn = gn;
1805 /* find new tail of the chained list */
1806 while (gn != NULL)
1807 {
1808 tail_gn = &gn->next; gn = gn->next;
1809 }
1810 }
1811 objectID++;
1812 }
1813 return top_gn;
1814 }
1815
1816
1817 /*
1818 * Parses an X.509v3 certificate
1819 */
1820 bool
1821 parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert)
1822 {
1823 u_char buf[BUF_LEN];
1824 asn1_ctx_t ctx;
1825 bool critical;
1826 chunk_t object;
1827 u_int level;
1828 u_int extn_oid = OID_UNKNOWN;
1829 int objectID = 0;
1830
1831 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1832
1833 while (objectID < X509_OBJ_ROOF)
1834 {
1835 if (!extract_object(certObjects, &objectID, &object, &level, &ctx))
1836 return FALSE;
1837
1838 /* those objects which will parsed further need the next higher level */
1839 level++;
1840
1841 switch (objectID) {
1842 case X509_OBJ_CERTIFICATE:
1843 cert->certificate = object;
1844 break;
1845 case X509_OBJ_TBS_CERTIFICATE:
1846 cert->tbsCertificate = object;
1847 break;
1848 case X509_OBJ_VERSION:
1849 cert->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
1850 DBG(DBG_PARSING,
1851 DBG_log(" v%d", cert->version);
1852 )
1853 break;
1854 case X509_OBJ_SERIAL_NUMBER:
1855 cert->serialNumber = object;
1856 break;
1857 case X509_OBJ_SIG_ALG:
1858 cert->sigAlg = parse_algorithmIdentifier(object, level, NULL);
1859 break;
1860 case X509_OBJ_ISSUER:
1861 cert->issuer = object;
1862 DBG(DBG_PARSING,
1863 dntoa(buf, BUF_LEN, object);
1864 DBG_log(" '%s'",buf)
1865 )
1866 break;
1867 case X509_OBJ_NOT_BEFORE:
1868 cert->notBefore = parse_time(object, level);
1869 break;
1870 case X509_OBJ_NOT_AFTER:
1871 cert->notAfter = parse_time(object, level);
1872 break;
1873 case X509_OBJ_SUBJECT:
1874 cert->subject = object;
1875 DBG(DBG_PARSING,
1876 dntoa(buf, BUF_LEN, object);
1877 DBG_log(" '%s'",buf)
1878 )
1879 break;
1880 case X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM:
1881 if (parse_algorithmIdentifier(object, level, NULL) == OID_RSA_ENCRYPTION)
1882 cert->subjectPublicKeyAlgorithm = PUBKEY_ALG_RSA;
1883 else
1884 {
1885 plog(" unsupported public key algorithm");
1886 return FALSE;
1887 }
1888 break;
1889 case X509_OBJ_SUBJECT_PUBLIC_KEY:
1890 if (ctx.blobs[4].len > 0 && *ctx.blobs[4].ptr == 0x00)
1891 {
1892 /* skip initial bit string octet defining 0 unused bits */
1893 ctx.blobs[4].ptr++; ctx.blobs[4].len--;
1894 }
1895 else
1896 {
1897 plog(" invalid RSA public key format");
1898 return FALSE;
1899 }
1900 break;
1901 case X509_OBJ_RSA_PUBLIC_KEY:
1902 cert->subjectPublicKey = object;
1903 break;
1904 case X509_OBJ_MODULUS:
1905 if (object.len < RSA_MIN_OCTETS + 1)
1906 {
1907 plog(" " RSA_MIN_OCTETS_UGH);
1908 return FALSE;
1909 }
1910 if (object.len > RSA_MAX_OCTETS + (size_t)(*object.ptr == 0x00))
1911 {
1912 plog(" " RSA_MAX_OCTETS_UGH);
1913 return FALSE;
1914 }
1915 cert->modulus = object;
1916 break;
1917 case X509_OBJ_PUBLIC_EXPONENT:
1918 cert->publicExponent = object;
1919 break;
1920 case X509_OBJ_EXTN_ID:
1921 extn_oid = known_oid(object);
1922 break;
1923 case X509_OBJ_CRITICAL:
1924 critical = object.len && *object.ptr;
1925 DBG(DBG_PARSING,
1926 DBG_log(" %s",(critical)?"TRUE":"FALSE");
1927 )
1928 break;
1929 case X509_OBJ_EXTN_VALUE:
1930 {
1931 switch (extn_oid) {
1932 case OID_SUBJECT_KEY_ID:
1933 cert->subjectKeyID =
1934 parse_keyIdentifier(object, level, FALSE);
1935 break;
1936 case OID_SUBJECT_ALT_NAME:
1937 cert->subjectAltName =
1938 parse_generalNames(object, level, FALSE);
1939 break;
1940 case OID_BASIC_CONSTRAINTS:
1941 cert->isCA =
1942 parse_basicConstraints(object, level);
1943 break;
1944 case OID_CRL_DISTRIBUTION_POINTS:
1945 cert->crlDistributionPoints =
1946 parse_crlDistributionPoints(object, level);
1947 break;
1948 case OID_AUTHORITY_KEY_ID:
1949 parse_authorityKeyIdentifier(object, level
1950 , &cert->authKeyID, &cert->authKeySerialNumber);
1951 break;
1952 case OID_AUTHORITY_INFO_ACCESS:
1953 parse_authorityInfoAccess(object, level, &cert->accessLocation);
1954 break;
1955 case OID_EXTENDED_KEY_USAGE:
1956 cert->isOcspSigner = parse_extendedKeyUsage(object, level);
1957 break;
1958 case OID_NS_REVOCATION_URL:
1959 case OID_NS_CA_REVOCATION_URL:
1960 case OID_NS_CA_POLICY_URL:
1961 case OID_NS_COMMENT:
1962 if (!parse_asn1_simple_object(&object, ASN1_IA5STRING
1963 , level, oid_names[extn_oid].name))
1964 {
1965 return FALSE;
1966 }
1967 break;
1968 default:
1969 break;
1970 }
1971 }
1972 break;
1973 case X509_OBJ_ALGORITHM:
1974 cert->algorithm = parse_algorithmIdentifier(object, level, NULL);
1975 break;
1976 case X509_OBJ_SIGNATURE:
1977 cert->signature = object;
1978 break;
1979 default:
1980 break;
1981 }
1982 objectID++;
1983 }
1984 time(&cert->installed);
1985 return TRUE;
1986 }
1987
1988 /* verify the validity of a certificate by
1989 * checking the notBefore and notAfter dates
1990 */
1991 err_t
1992 check_validity(const x509cert_t *cert, time_t *until)
1993 {
1994 time_t current_time;
1995
1996 time(&current_time);
1997 DBG(DBG_CONTROL | DBG_PARSING ,
1998 DBG_log(" not before : %s", timetoa(&cert->notBefore, TRUE));
1999 DBG_log(" current time: %s", timetoa(&current_time, TRUE));
2000 DBG_log(" not after : %s", timetoa(&cert->notAfter, TRUE));
2001 )
2002
2003 if (cert->notAfter < *until) *until = cert->notAfter;
2004
2005 if (current_time < cert->notBefore)
2006 return "certificate is not valid yet";
2007 if (current_time > cert->notAfter)
2008 return "certificate has expired";
2009 else
2010 return NULL;
2011 }
2012
2013 /*
2014 * verifies a X.509 certificate
2015 */
2016 bool
2017 verify_x509cert(const x509cert_t *cert, bool strict, time_t *until)
2018 {
2019 int pathlen;
2020
2021 *until = cert->notAfter;
2022
2023 for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
2024 {
2025 x509cert_t *issuer_cert;
2026 u_char buf[BUF_LEN];
2027 err_t ugh = NULL;
2028
2029 DBG(DBG_CONTROL,
2030 dntoa(buf, BUF_LEN, cert->subject);
2031 DBG_log("subject: '%s'",buf);
2032 dntoa(buf, BUF_LEN, cert->issuer);
2033 DBG_log("issuer: '%s'",buf);
2034 if (cert->authKeyID.ptr != NULL)
2035 {
2036 datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':'
2037 , buf, BUF_LEN);
2038 DBG_log("authkey: %s", buf);
2039 }
2040 )
2041
2042 ugh = check_validity(cert, until);
2043
2044 if (ugh != NULL)
2045 {
2046 plog("%s", ugh);
2047 return FALSE;
2048 }
2049
2050 DBG(DBG_CONTROL,
2051 DBG_log("certificate is valid")
2052 )
2053
2054 lock_authcert_list("verify_x509cert");
2055 issuer_cert = get_authcert(cert->issuer, cert->authKeySerialNumber
2056 , cert->authKeyID, AUTH_CA);
2057
2058 if (issuer_cert == NULL)
2059 {
2060 plog("issuer cacert not found");
2061 unlock_authcert_list("verify_x509cert");
2062 return FALSE;
2063 }
2064 DBG(DBG_CONTROL,
2065 DBG_log("issuer cacert found")
2066 )
2067
2068 if (!check_signature(cert->tbsCertificate, cert->signature
2069 , cert->algorithm, cert->algorithm, issuer_cert))
2070 {
2071 plog("certificate signature is invalid");
2072 unlock_authcert_list("verify_x509cert");
2073 return FALSE;
2074 }
2075 DBG(DBG_CONTROL,
2076 DBG_log("certificate signature is valid")
2077 )
2078 unlock_authcert_list("verify_x509cert");
2079
2080 /* check if cert is a self-signed root ca */
2081 if (pathlen > 0 && same_dn(cert->issuer, cert->subject))
2082 {
2083 DBG(DBG_CONTROL,
2084 DBG_log("reached self-signed root ca")
2085 )
2086 return TRUE;
2087 }
2088 else
2089 {
2090 time_t nextUpdate = *until;
2091 time_t revocationDate = UNDEFINED_TIME;
2092 crl_reason_t revocationReason = REASON_UNSPECIFIED;
2093
2094 /* first check certificate revocation using ocsp */
2095 cert_status_t status = verify_by_ocsp(cert, &nextUpdate
2096 , &revocationDate, &revocationReason);
2097
2098 /* if ocsp service is not available then fall back to crl */
2099 if ((status == CERT_UNDEFINED)
2100 || (status == CERT_UNKNOWN && strict))
2101 {
2102 status = verify_by_crl(cert, &nextUpdate, &revocationDate
2103 , &revocationReason);
2104 }
2105
2106 switch (status)
2107 {
2108 case CERT_GOOD:
2109 /* if status information is stale */
2110 if (strict && nextUpdate < time(NULL))
2111 {
2112 DBG(DBG_CONTROL,
2113 DBG_log("certificate is good but status is stale")
2114 )
2115 remove_x509_public_key(cert);
2116 return FALSE;
2117 }
2118 DBG(DBG_CONTROL,
2119 DBG_log("certificate is good")
2120 )
2121
2122 /* with strict crl policy the public key must have the same
2123 * lifetime as the validity of the ocsp status or crl lifetime
2124 */
2125 if (strict && nextUpdate < *until)
2126 *until = nextUpdate;
2127 break;
2128 case CERT_REVOKED:
2129 plog("certificate was revoked on %s, reason: %s"
2130 , timetoa(&revocationDate, TRUE)
2131 , enum_name(&crl_reason_names, revocationReason));
2132 remove_x509_public_key(cert);
2133 return FALSE;
2134 case CERT_UNKNOWN:
2135 case CERT_UNDEFINED:
2136 default:
2137 plog("certificate status unknown");
2138 if (strict)
2139 {
2140 remove_x509_public_key(cert);
2141 return FALSE;
2142 }
2143 break;
2144 }
2145 }
2146
2147 /* go up one step in the trust chain */
2148 cert = issuer_cert;
2149 }
2150 plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
2151 return FALSE;
2152 }
2153
2154 /*
2155 * list all X.509 certs in a chained list
2156 */
2157 void
2158 list_x509cert_chain(const char *caption, x509cert_t* cert, u_char auth_flags
2159 , bool utc)
2160 {
2161 bool first = TRUE;
2162 time_t now;
2163
2164 /* determine the current time */
2165 time(&now);
2166
2167 while (cert != NULL)
2168 {
2169 if (auth_flags == AUTH_NONE || (auth_flags & cert->authority_flags))
2170 {
2171 unsigned keysize;
2172 char keyid[KEYID_BUF];
2173 u_char buf[BUF_LEN];
2174 cert_t c;
2175
2176 c.type = CERT_X509_SIGNATURE;
2177 c.u.x509 = cert;
2178
2179 if (first)
2180 {
2181 whack_log(RC_COMMENT, " ");
2182 whack_log(RC_COMMENT, "List of X.509 %s Certificates:", caption);
2183 whack_log(RC_COMMENT, " ");
2184 first = FALSE;
2185 }
2186
2187 whack_log(RC_COMMENT, "%s, count: %d", timetoa(&cert->installed, utc),
2188 cert->count);
2189 dntoa(buf, BUF_LEN, cert->subject);
2190 whack_log(RC_COMMENT, " subject: '%s'", buf);
2191 dntoa(buf, BUF_LEN, cert->issuer);
2192 whack_log(RC_COMMENT, " issuer: '%s'", buf);
2193 datatot(cert->serialNumber.ptr, cert->serialNumber.len, ':'
2194 , buf, BUF_LEN);
2195 whack_log(RC_COMMENT, " serial: %s", buf);
2196 form_keyid(cert->publicExponent, cert->modulus, keyid, &keysize);
2197 whack_log(RC_COMMENT, " pubkey: %4d RSA Key %s%s"
2198 , 8*keysize, keyid
2199 , cert->smartcard ? ", on smartcard" :
2200 (has_private_key(c)? ", has private key" : ""));
2201 whack_log(RC_COMMENT, " validity: not before %s %s",
2202 timetoa(&cert->notBefore, utc),
2203 (cert->notBefore < now)?"ok":"fatal (not valid yet)");
2204 whack_log(RC_COMMENT, " not after %s %s",
2205 timetoa(&cert->notAfter, utc),
2206 check_expiry(cert->notAfter, CA_CERT_WARNING_INTERVAL, TRUE));
2207 if (cert->subjectKeyID.ptr != NULL)
2208 {
2209 datatot(cert->subjectKeyID.ptr, cert->subjectKeyID.len, ':'
2210 , buf, BUF_LEN);
2211 whack_log(RC_COMMENT, " subjkey: %s", buf);
2212 }
2213 if (cert->authKeyID.ptr != NULL)
2214 {
2215 datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':'
2216 , buf, BUF_LEN);
2217 whack_log(RC_COMMENT, " authkey: %s", buf);
2218 }
2219 if (cert->authKeySerialNumber.ptr != NULL)
2220 {
2221 datatot(cert->authKeySerialNumber.ptr, cert->authKeySerialNumber.len
2222 , ':', buf, BUF_LEN);
2223 whack_log(RC_COMMENT, " aserial: %s", buf);
2224 }
2225 }
2226 cert = cert->next;
2227 }
2228 }
2229
2230 /*
2231 * list all X.509 end certificates in a chained list
2232 */
2233 void
2234 list_x509_end_certs(bool utc)
2235 {
2236 list_x509cert_chain("End", x509certs, AUTH_NONE, utc);
2237 }