ECDSA with OpenSSL
[strongswan.git] / src / libstrongswan / plugins / x509 / x509_cert.c
1 /*
2 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
3 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
4 * Copyright (C) 2002 Mario Strasser
5 * Copyright (C) 2000-2006 Andreas Steffen
6 * Copyright (C) 2006-2008 Martin Willi
7 * Copyright (C) 2008 Tobias Brunner
8 * Hochschule fuer Technik Rapperswil
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the
12 * Free Software Foundation; either version 2 of the License, or (at your
13 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
14 *
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 * for more details.
19 *
20 * $Id$
21 */
22
23 #define _GNU_SOURCE
24
25 #include "x509_cert.h"
26
27 #include <sys/stat.h>
28 #include <unistd.h>
29 #include <string.h>
30 #include <stdio.h>
31
32 #include <library.h>
33 #include <debug.h>
34 #include <asn1/oid.h>
35 #include <asn1/asn1.h>
36 #include <asn1/asn1_parser.h>
37 #include <asn1/pem.h>
38 #include <crypto/hashers/hasher.h>
39 #include <utils/linked_list.h>
40 #include <utils/identification.h>
41
42 /**
43 * Different kinds of generalNames
44 */
45 typedef enum {
46 GN_OTHER_NAME = 0,
47 GN_RFC822_NAME = 1,
48 GN_DNS_NAME = 2,
49 GN_X400_ADDRESS = 3,
50 GN_DIRECTORY_NAME = 4,
51 GN_EDI_PARTY_NAME = 5,
52 GN_URI = 6,
53 GN_IP_ADDRESS = 7,
54 GN_REGISTERED_ID = 8,
55 } generalNames_t;
56
57
58 typedef struct private_x509_cert_t private_x509_cert_t;
59
60 /**
61 * Private data of a x509_cert_t object.
62 */
63 struct private_x509_cert_t {
64 /**
65 * Public interface for this certificate.
66 */
67 x509_cert_t public;
68
69 /**
70 * X.509 certificate encoding in ASN.1 DER format
71 */
72 chunk_t encoding;
73
74 /**
75 * SHA1 hash of the DER encoding of this X.509 certificate
76 */
77 chunk_t encoding_hash;
78
79 /**
80 * X.509 certificate body over which signature is computed
81 */
82 chunk_t tbsCertificate;
83
84 /**
85 * Version of the X.509 certificate
86 */
87 u_int version;
88
89 /**
90 * Serial number of the X.509 certificate
91 */
92 chunk_t serialNumber;
93
94 /**
95 * ID representing the certificate issuer
96 */
97 identification_t *issuer;
98
99 /**
100 * Start time of certificate validity
101 */
102 time_t notBefore;
103
104 /**
105 * End time of certificate validity
106 */
107 time_t notAfter;
108
109 /**
110 * ID representing the certificate subject
111 */
112 identification_t *subject;
113
114 /**
115 * List of subjectAltNames as identification_t
116 */
117 linked_list_t *subjectAltNames;
118
119 /**
120 * List of crlDistributionPoints as allocated char*
121 */
122 linked_list_t *crl_uris;
123
124 /**
125 * List ocspAccessLocations as identification_t
126 */
127 linked_list_t *ocsp_uris;
128
129 /**
130 * certificates embedded public key
131 */
132 public_key_t *public_key;
133
134 /**
135 * Subject Key Identifier
136 */
137 chunk_t subjectKeyID;
138
139 /**
140 * Authority Key Identifier
141 */
142 identification_t *authKeyIdentifier;
143
144 /**
145 * Authority Key Serial Number
146 */
147 chunk_t authKeySerialNumber;
148
149 /**
150 * x509 constraints and other flags
151 */
152 x509_flag_t flags;
153
154 /**
155 * Signature algorithm
156 */
157 int algorithm;
158
159 /**
160 * Signature
161 */
162 chunk_t signature;
163
164 /**
165 * reference count
166 */
167 refcount_t ref;
168 };
169
170 static u_char ASN1_sAN_oid_buf[] = {
171 0x06, 0x03, 0x55, 0x1D, 0x11
172 };
173 static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_sAN_oid_buf);
174
175 /**
176 * ASN.1 definition of a basicConstraints extension
177 */
178 static const asn1Object_t basicConstraintsObjects[] = {
179 { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
180 { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */
181 { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
182 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
183 { 0, "exit", ASN1_EOC, ASN1_EXIT }
184 };
185 #define BASIC_CONSTRAINTS_CA 1
186
187 /**
188 * Extracts the basicConstraints extension
189 */
190 static bool parse_basicConstraints(chunk_t blob, int level0)
191 {
192 asn1_parser_t *parser;
193 chunk_t object;
194 int objectID;
195 bool isCA = FALSE;
196
197 parser = asn1_parser_create(basicConstraintsObjects, blob);
198 parser->set_top_level(parser, level0);
199
200 while (parser->iterate(parser, &objectID, &object))
201 {
202 if (objectID == BASIC_CONSTRAINTS_CA)
203 {
204 isCA = object.len && *object.ptr;
205 DBG2(" %s", isCA ? "TRUE" : "FALSE");
206 }
207 }
208 parser->destroy(parser);
209
210 return isCA;
211 }
212
213 /**
214 * ASN.1 definition of otherName
215 */
216 static const asn1Object_t otherNameObjects[] = {
217 {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
218 {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY }, /* 1 */
219 {0, "exit", ASN1_EOC, ASN1_EXIT }
220 };
221 #define ON_OBJ_ID_TYPE 0
222 #define ON_OBJ_VALUE 1
223
224 /**
225 * Extracts an otherName
226 */
227 static bool parse_otherName(chunk_t blob, int level0)
228 {
229 asn1_parser_t *parser;
230 chunk_t object;
231 int objectID;
232 int oid = OID_UNKNOWN;
233 bool success = FALSE;
234
235 parser = asn1_parser_create(otherNameObjects, blob);
236 parser->set_top_level(parser, level0);
237
238 while (parser->iterate(parser, &objectID, &object))
239 {
240 switch (objectID)
241 {
242 case ON_OBJ_ID_TYPE:
243 oid = asn1_known_oid(object);
244 break;
245 case ON_OBJ_VALUE:
246 if (oid == OID_XMPP_ADDR)
247 {
248 if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING,
249 parser->get_level(parser)+1, "xmppAddr"))
250 {
251 goto end;
252 }
253 }
254 break;
255 default:
256 break;
257 }
258 }
259 success = parser->success(parser);
260
261 end:
262 parser->destroy(parser);
263 return success;
264 }
265
266 /**
267 * ASN.1 definition of generalName
268 */
269 static const asn1Object_t generalNameObjects[] = {
270 { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */
271 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */
272 { 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT|ASN1_BODY }, /* 2 */
273 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */
274 { 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 4 */
275 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
276 { 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 6 */
277 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
278 { 0, "directoryName", ASN1_CONTEXT_C_4, ASN1_OPT|ASN1_BODY }, /* 8 */
279 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
280 { 0, "ediPartyName", ASN1_CONTEXT_C_5, ASN1_OPT|ASN1_BODY }, /* 10 */
281 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 11 */
282 { 0, "URI", ASN1_CONTEXT_S_6, ASN1_OPT|ASN1_BODY }, /* 12 */
283 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 13 */
284 { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */
285 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */
286 { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */
287 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 17 */
288 { 0, "exit", ASN1_EOC, ASN1_EXIT }
289 };
290 #define GN_OBJ_OTHER_NAME 0
291 #define GN_OBJ_RFC822_NAME 2
292 #define GN_OBJ_DNS_NAME 4
293 #define GN_OBJ_X400_ADDRESS 6
294 #define GN_OBJ_DIRECTORY_NAME 8
295 #define GN_OBJ_EDI_PARTY_NAME 10
296 #define GN_OBJ_URI 12
297 #define GN_OBJ_IP_ADDRESS 14
298 #define GN_OBJ_REGISTERED_ID 16
299
300 /**
301 * Extracts a generalName
302 */
303 static identification_t *parse_generalName(chunk_t blob, int level0)
304 {
305 asn1_parser_t *parser;
306 chunk_t object;
307 int objectID ;
308
309 identification_t *gn = NULL;
310
311 parser = asn1_parser_create(generalNameObjects, blob);
312 parser->set_top_level(parser, level0);
313
314 while (parser->iterate(parser, &objectID, &object))
315 {
316 id_type_t id_type = ID_ANY;
317
318 switch (objectID)
319 {
320 case GN_OBJ_RFC822_NAME:
321 id_type = ID_RFC822_ADDR;
322 break;
323 case GN_OBJ_DNS_NAME:
324 id_type = ID_FQDN;
325 break;
326 case GN_OBJ_URI:
327 id_type = ID_DER_ASN1_GN_URI;
328 break;
329 case GN_OBJ_DIRECTORY_NAME:
330 id_type = ID_DER_ASN1_DN;
331 break;
332 case GN_OBJ_IP_ADDRESS:
333 id_type = ID_IPV4_ADDR;
334 break;
335 case GN_OBJ_OTHER_NAME:
336 if (!parse_otherName(object, parser->get_level(parser)+1))
337 {
338 goto end;
339 }
340 break;
341 case GN_OBJ_X400_ADDRESS:
342 case GN_OBJ_EDI_PARTY_NAME:
343 case GN_OBJ_REGISTERED_ID:
344 default:
345 break;
346 }
347 if (id_type != ID_ANY)
348 {
349 gn = identification_create_from_encoding(id_type, object);
350 DBG2(" '%D'", gn);
351 goto end;
352 }
353 }
354
355 end:
356 parser->destroy(parser);
357 return gn;
358 }
359
360 /**
361 * ASN.1 definition of generalNames
362 */
363 static const asn1Object_t generalNamesObjects[] = {
364 { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
365 { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */
366 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
367 { 0, "exit", ASN1_EOC, ASN1_EXIT }
368 };
369 #define GENERAL_NAMES_GN 1
370
371 /**
372 * Extracts one or several GNs and puts them into a chained list
373 */
374 void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list)
375 {
376 asn1_parser_t *parser;
377 chunk_t object;
378 int objectID;
379
380 parser = asn1_parser_create(generalNamesObjects, blob);
381 parser->set_top_level(parser, level0);
382 parser->set_flags(parser, implicit, FALSE);
383
384 while (parser->iterate(parser, &objectID, &object))
385 {
386 if (objectID == GENERAL_NAMES_GN)
387 {
388 identification_t *gn = parse_generalName(object,
389 parser->get_level(parser)+1);
390
391 if (gn)
392 {
393 list->insert_last(list, (void *)gn);
394 }
395 }
396 }
397 parser->destroy(parser);
398 }
399
400 /**
401 * ASN.1 definition of a authorityKeyIdentifier extension
402 */
403 static const asn1Object_t authKeyIdentifierObjects[] = {
404 { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
405 { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_BODY }, /* 1 */
406 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
407 { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */
408 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
409 { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */
410 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */
411 { 0, "exit", ASN1_EOC, ASN1_EXIT }
412 };
413 #define AUTH_KEY_ID_KEY_ID 1
414 #define AUTH_KEY_ID_CERT_ISSUER 3
415 #define AUTH_KEY_ID_CERT_SERIAL 5
416
417 /**
418 * Extracts an authoritykeyIdentifier
419 */
420 identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0,
421 chunk_t *authKeySerialNumber)
422 {
423 asn1_parser_t *parser;
424 chunk_t object;
425 int objectID;
426 identification_t *authKeyIdentifier = NULL;
427
428 *authKeySerialNumber = chunk_empty;
429
430 parser = asn1_parser_create(authKeyIdentifierObjects, blob);
431 parser->set_top_level(parser, level0);
432
433 while (parser->iterate(parser, &objectID, &object))
434 {
435 switch (objectID)
436 {
437 case AUTH_KEY_ID_KEY_ID:
438 authKeyIdentifier = identification_create_from_encoding(
439 ID_PUBKEY_SHA1, object);
440 break;
441 case AUTH_KEY_ID_CERT_ISSUER:
442 /* TODO: x509_parse_generalNames(object, level+1, TRUE); */
443 break;
444 case AUTH_KEY_ID_CERT_SERIAL:
445 *authKeySerialNumber = object;
446 break;
447 default:
448 break;
449 }
450 }
451 parser->destroy(parser);
452 return authKeyIdentifier;
453 }
454
455 /**
456 * ASN.1 definition of a authorityInfoAccess extension
457 */
458 static const asn1Object_t authInfoAccessObjects[] = {
459 { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
460 { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
461 { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */
462 { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */
463 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
464 { 0, "exit", ASN1_EOC, ASN1_EXIT }
465 };
466 #define AUTH_INFO_ACCESS_METHOD 2
467 #define AUTH_INFO_ACCESS_LOCATION 3
468
469 /**
470 * Extracts an authorityInfoAcess location
471 */
472 static void parse_authorityInfoAccess(chunk_t blob, int level0,
473 private_x509_cert_t *this)
474 {
475 asn1_parser_t *parser;
476 chunk_t object;
477 int objectID;
478 int accessMethod = OID_UNKNOWN;
479
480 parser = asn1_parser_create(authInfoAccessObjects, blob);
481 parser->set_top_level(parser, level0);
482
483 while (parser->iterate(parser, &objectID, &object))
484 {
485 switch (objectID)
486 {
487 case AUTH_INFO_ACCESS_METHOD:
488 accessMethod = asn1_known_oid(object);
489 break;
490 case AUTH_INFO_ACCESS_LOCATION:
491 {
492 switch (accessMethod)
493 {
494 case OID_OCSP:
495 case OID_CA_ISSUERS:
496 {
497 identification_t *id;
498 char *uri;
499
500 id = parse_generalName(object,
501 parser->get_level(parser)+1);
502 if (id == NULL)
503 {
504 /* parsing went wrong - abort */
505 goto end;
506 }
507 DBG2(" '%D'", id);
508 if (accessMethod == OID_OCSP &&
509 asprintf(&uri, "%D", id) > 0)
510 {
511 this->ocsp_uris->insert_last(this->ocsp_uris, uri);
512 }
513 id->destroy(id);
514 }
515 break;
516 default:
517 /* unkown accessMethod, ignoring */
518 break;
519 }
520 break;
521 }
522 default:
523 break;
524 }
525 }
526
527 end:
528 parser->destroy(parser);
529 }
530
531 /**
532 * ASN.1 definition of a extendedKeyUsage extension
533 */
534 static const asn1Object_t extendedKeyUsageObjects[] = {
535 { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
536 { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */
537 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
538 { 0, "exit", ASN1_EOC, ASN1_EXIT }
539 };
540 #define EXT_KEY_USAGE_PURPOSE_ID 1
541
542 /**
543 * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned
544 */
545 static bool parse_extendedKeyUsage(chunk_t blob, int level0)
546 {
547 asn1_parser_t *parser;
548 chunk_t object;
549 int objectID;
550 bool ocsp_signing = FALSE;
551
552 parser = asn1_parser_create(extendedKeyUsageObjects, blob);
553 parser->set_top_level(parser, level0);
554
555 while (parser->iterate(parser, &objectID, &object))
556 {
557 if (objectID == EXT_KEY_USAGE_PURPOSE_ID &&
558 asn1_known_oid(object) == OID_OCSP_SIGNING)
559 {
560 ocsp_signing = TRUE;
561 }
562 }
563 parser->destroy(parser);
564 return ocsp_signing;
565 }
566
567 /**
568 * ASN.1 definition of crlDistributionPoints
569 */
570 static const asn1Object_t crlDistributionPointsObjects[] = {
571 { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
572 { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
573 { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */
574 { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */
575 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */
576 { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */
577 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */
578 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */
579 { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */
580 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */
581 { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */
582 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */
583 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */
584 { 0, "exit", ASN1_EOC, ASN1_EXIT }
585 };
586 #define CRL_DIST_POINTS_FULLNAME 3
587
588 /**
589 * Extracts one or several crlDistributionPoints into a list
590 */
591 static void parse_crlDistributionPoints(chunk_t blob, int level0,
592 private_x509_cert_t *this)
593 {
594 asn1_parser_t *parser;
595 chunk_t object;
596 int objectID;
597 linked_list_t *list = linked_list_create();
598
599 parser = asn1_parser_create(crlDistributionPointsObjects, blob);
600 parser->set_top_level(parser, level0);
601
602 while (parser->iterate(parser, &objectID, &object))
603 {
604 if (objectID == CRL_DIST_POINTS_FULLNAME)
605 {
606 identification_t *id;
607
608 /* append extracted generalNames to existing chained list */
609 x509_parse_generalNames(object, parser->get_level(parser)+1,
610 TRUE, list);
611
612 while (list->remove_last(list, (void**)&id) == SUCCESS)
613 {
614 char *uri;
615
616 if (asprintf(&uri, "%D", id) > 0)
617 {
618 this->crl_uris->insert_last(this->crl_uris, uri);
619 }
620 id->destroy(id);
621 }
622 }
623 }
624 parser->destroy(parser);
625 list->destroy(list);
626 }
627
628 /**
629 * ASN.1 definition of an X.509v3 x509_cert
630 */
631 static const asn1Object_t certObjects[] = {
632 { 0, "x509", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
633 { 1, "tbsCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
634 { 2, "DEFAULT v1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 2 */
635 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */
636 { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 4 */
637 { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 5 */
638 { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
639 { 2, "validity", ASN1_SEQUENCE, ASN1_NONE }, /* 7 */
640 { 3, "notBefore", ASN1_EOC, ASN1_RAW }, /* 8 */
641 { 3, "notAfter", ASN1_EOC, ASN1_RAW }, /* 9 */
642 { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
643 { 2, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_RAW }, /* 11 */
644 { 2, "issuerUniqueID", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 12 */
645 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 13 */
646 { 2, "subjectUniqueID", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 14 */
647 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 15 */
648 { 2, "optional extensions", ASN1_CONTEXT_C_3, ASN1_OPT }, /* 16 */
649 { 3, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 17 */
650 { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 18 */
651 { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 19 */
652 { 5, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 20 */
653 { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 21 */
654 { 3, "end loop", ASN1_EOC, ASN1_END }, /* 22 */
655 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 23 */
656 { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 24 */
657 { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 25 */
658 { 0, "exit", ASN1_EOC, ASN1_EXIT }
659 };
660 #define X509_OBJ_TBS_CERTIFICATE 1
661 #define X509_OBJ_VERSION 3
662 #define X509_OBJ_SERIAL_NUMBER 4
663 #define X509_OBJ_SIG_ALG 5
664 #define X509_OBJ_ISSUER 6
665 #define X509_OBJ_NOT_BEFORE 8
666 #define X509_OBJ_NOT_AFTER 9
667 #define X509_OBJ_SUBJECT 10
668 #define X509_OBJ_SUBJECT_PUBLIC_KEY_INFO 11
669 #define X509_OBJ_EXTN_ID 19
670 #define X509_OBJ_CRITICAL 20
671 #define X509_OBJ_EXTN_VALUE 21
672 #define X509_OBJ_ALGORITHM 24
673 #define X509_OBJ_SIGNATURE 25
674
675 /**
676 * Parses an X.509v3 certificate
677 */
678 static bool parse_certificate(private_x509_cert_t *this)
679 {
680 asn1_parser_t *parser;
681 chunk_t object;
682 int objectID;
683 int extn_oid = OID_UNKNOWN;
684 int sig_alg = OID_UNKNOWN;
685 bool success = FALSE;
686 bool critical;
687
688 parser = asn1_parser_create(certObjects, this->encoding);
689
690 while (parser->iterate(parser, &objectID, &object))
691 {
692 u_int level = parser->get_level(parser)+1;
693
694 switch (objectID)
695 {
696 case X509_OBJ_TBS_CERTIFICATE:
697 this->tbsCertificate = object;
698 break;
699 case X509_OBJ_VERSION:
700 this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
701 DBG2(" v%d", this->version);
702 break;
703 case X509_OBJ_SERIAL_NUMBER:
704 this->serialNumber = object;
705 break;
706 case X509_OBJ_SIG_ALG:
707 sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
708 break;
709 case X509_OBJ_ISSUER:
710 this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
711 DBG2(" '%D'", this->issuer);
712 break;
713 case X509_OBJ_NOT_BEFORE:
714 this->notBefore = asn1_parse_time(object, level);
715 break;
716 case X509_OBJ_NOT_AFTER:
717 this->notAfter = asn1_parse_time(object, level);
718 break;
719 case X509_OBJ_SUBJECT:
720 this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
721 DBG2(" '%D'", this->subject);
722 break;
723 case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
724 this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
725 KEY_ANY, BUILD_BLOB_ASN1_DER, chunk_clone(object), BUILD_END);
726 if (this->public_key == NULL)
727 {
728 DBG1("could not create public key");
729 goto end;
730 }
731 break;
732 case X509_OBJ_EXTN_ID:
733 extn_oid = asn1_known_oid(object);
734 break;
735 case X509_OBJ_CRITICAL:
736 critical = object.len && *object.ptr;
737 DBG2(" %s", critical ? "TRUE" : "FALSE");
738 break;
739 case X509_OBJ_EXTN_VALUE:
740 {
741 switch (extn_oid)
742 {
743 case OID_SUBJECT_KEY_ID:
744 if (!asn1_parse_simple_object(&object, ASN1_OCTET_STRING,
745 level, "keyIdentifier"))
746 {
747 goto end;
748 }
749 this->subjectKeyID = object;
750 break;
751 case OID_SUBJECT_ALT_NAME:
752 x509_parse_generalNames(object, level, FALSE,
753 this->subjectAltNames);
754 break;
755 case OID_BASIC_CONSTRAINTS:
756 if (parse_basicConstraints(object, level))
757 {
758 this->flags |= X509_CA;
759 }
760 break;
761 case OID_CRL_DISTRIBUTION_POINTS:
762 parse_crlDistributionPoints(object, level, this);
763 break;
764 case OID_AUTHORITY_KEY_ID:
765 this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object,
766 level, &this->authKeySerialNumber);
767 break;
768 case OID_AUTHORITY_INFO_ACCESS:
769 parse_authorityInfoAccess(object, level, this);
770 break;
771 case OID_EXTENDED_KEY_USAGE:
772 if (parse_extendedKeyUsage(object, level))
773 {
774 this->flags |= X509_OCSP_SIGNER;
775 }
776 break;
777 case OID_NS_REVOCATION_URL:
778 case OID_NS_CA_REVOCATION_URL:
779 case OID_NS_CA_POLICY_URL:
780 case OID_NS_COMMENT:
781 if (!asn1_parse_simple_object(&object, ASN1_IA5STRING,
782 level, oid_names[extn_oid].name))
783 {
784 goto end;
785 }
786 break;
787 default:
788 break;
789 }
790 break;
791 }
792 case X509_OBJ_ALGORITHM:
793 this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
794 if (this->algorithm != sig_alg)
795 {
796 DBG1(" signature algorithms do not agree");
797 goto end;
798 }
799 break;
800 case X509_OBJ_SIGNATURE:
801 this->signature = object;
802 break;
803 default:
804 break;
805 }
806 }
807 success = parser->success(parser);
808
809 end:
810 parser->destroy(parser);
811 return success;
812 }
813
814 /**
815 * Implementation of certificate_t.get_type
816 */
817 static certificate_type_t get_type(private_x509_cert_t *this)
818 {
819 return CERT_X509;
820 }
821
822 /**
823 * Implementation of certificate_t.get_subject
824 */
825 static identification_t* get_subject(private_x509_cert_t *this)
826 {
827 return this->subject;
828 }
829
830 /**
831 * Implementation of certificate_t.get_issuer
832 */
833 static identification_t* get_issuer(private_x509_cert_t *this)
834 {
835 return this->issuer;
836 }
837
838 /**
839 * Implementation of certificate_t.has_subject.
840 */
841 static id_match_t has_subject(private_x509_cert_t *this, identification_t *subject)
842 {
843 identification_t *current;
844 enumerator_t *enumerator;
845 id_match_t match, best;
846
847 if (this->encoding_hash.ptr && subject->get_type(subject) == ID_CERT_DER_SHA1 &&
848 chunk_equals(this->encoding_hash, subject->get_encoding(subject)))
849 {
850 return ID_MATCH_PERFECT;
851 }
852
853 best = this->subject->matches(this->subject, subject);
854 enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames);
855 while (enumerator->enumerate(enumerator, &current))
856 {
857 match = current->matches(current, subject);
858 if (match > best)
859 {
860 best = match;
861 }
862 }
863 enumerator->destroy(enumerator);
864 return best;
865 }
866
867 /**
868 * Implementation of certificate_t.has_subject.
869 */
870 static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer)
871 {
872 /* issuerAltNames currently not supported */
873 return this->issuer->matches(this->issuer, issuer);
874 }
875
876 /**
877 * Implementation of certificate_t.issued_by
878 */
879 static bool issued_by(private_x509_cert_t *this, certificate_t *issuer)
880 {
881 public_key_t *key;
882 signature_scheme_t scheme;
883 bool valid;
884 x509_t *x509 = (x509_t*)issuer;
885
886 if (&this->public.interface.interface == issuer)
887 {
888 if (this->flags & X509_SELF_SIGNED)
889 {
890 return TRUE;
891 }
892 }
893 else
894 {
895 if (issuer->get_type(issuer) != CERT_X509)
896 {
897 return FALSE;
898 }
899 if (!(x509->get_flags(x509) & X509_CA))
900 {
901 return FALSE;
902 }
903 }
904 if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
905 {
906 return FALSE;
907 }
908 /* TODO: generic OID to scheme mapper? */
909 switch (this->algorithm)
910 {
911 case OID_MD5_WITH_RSA:
912 scheme = SIGN_RSA_EMSA_PKCS1_MD5;
913 break;
914 case OID_SHA1_WITH_RSA:
915 scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
916 break;
917 case OID_SHA256_WITH_RSA:
918 scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
919 break;
920 case OID_SHA384_WITH_RSA:
921 scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
922 break;
923 case OID_SHA512_WITH_RSA:
924 scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
925 break;
926 case OID_ECDSA_WITH_SHA1:
927 scheme = SIGN_ECDSA_WITH_SHA1;
928 break;
929 default:
930 return FALSE;
931 }
932 key = issuer->get_public_key(issuer);
933 if (key == NULL)
934 {
935 return FALSE;
936 }
937 /* TODO: add a lightweight check option (comparing auth/subject keyids only) */
938 valid = key->verify(key, scheme, this->tbsCertificate, this->signature);
939 key->destroy(key);
940 return valid;
941 }
942
943 /**
944 * Implementation of certificate_t.get_public_key
945 */
946 static public_key_t* get_public_key(private_x509_cert_t *this)
947 {
948 this->public_key->get_ref(this->public_key);
949 return this->public_key;
950 }
951
952 /**
953 * Implementation of certificate_t.asdf
954 */
955 static private_x509_cert_t* get_ref(private_x509_cert_t *this)
956 {
957 ref_get(&this->ref);
958 return this;
959 }
960
961 /**
962 * Implementation of x509_cert_t.get_flags.
963 */
964 static x509_flag_t get_flags(private_x509_cert_t *this)
965 {
966 return this->flags;
967 }
968
969 /**
970 * Implementation of x509_cert_t.get_validity.
971 */
972 static bool get_validity(private_x509_cert_t *this, time_t *when,
973 time_t *not_before, time_t *not_after)
974 {
975 time_t t;
976
977 if (when)
978 {
979 t = *when;
980 }
981 else
982 {
983 t = time(NULL);
984 }
985 if (not_before)
986 {
987 *not_before = this->notBefore;
988 }
989 if (not_after)
990 {
991 *not_after = this->notAfter;
992 }
993 return (t >= this->notBefore && t <= this->notAfter);
994 }
995
996 /**
997 * Implementation of certificate_t.is_newer.
998 */
999 static bool is_newer(certificate_t *this, certificate_t *that)
1000 {
1001 time_t this_update, that_update, now = time(NULL);
1002 bool new;
1003
1004 this->get_validity(this, &now, &this_update, NULL);
1005 that->get_validity(that, &now, &that_update, NULL);
1006 new = this_update > that_update;
1007 DBG1(" certificate from %#T is %s - existing certificate from %#T %s",
1008 &this_update, FALSE, new ? "newer":"not newer",
1009 &that_update, FALSE, new ? "replaced":"retained");
1010 return new;
1011 }
1012
1013 /**
1014 * Implementation of certificate_t.get_encoding.
1015 */
1016 static chunk_t get_encoding(private_x509_cert_t *this)
1017 {
1018 return chunk_clone(this->encoding);
1019 }
1020
1021 /**
1022 * Implementation of certificate_t.equals.
1023 */
1024 static bool equals(private_x509_cert_t *this, certificate_t *other)
1025 {
1026 chunk_t encoding;
1027 bool equal;
1028
1029 if (this == (private_x509_cert_t*)other)
1030 {
1031 return TRUE;
1032 }
1033 if (other->get_type(other) != CERT_X509)
1034 {
1035 return FALSE;
1036 }
1037 if (other->equals == (void*)equals)
1038 { /* skip allocation if we have the same implementation */
1039 return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding);
1040 }
1041 encoding = other->get_encoding(other);
1042 equal = chunk_equals(this->encoding, encoding);
1043 free(encoding.ptr);
1044 return equal;
1045 }
1046
1047 /**
1048 * Implementation of x509_t.get_serial.
1049 */
1050 static chunk_t get_serial(private_x509_cert_t *this)
1051 {
1052 return this->serialNumber;
1053 }
1054
1055 /**
1056 * Implementation of x509_t.get_authKeyIdentifier.
1057 */
1058 static identification_t *get_authKeyIdentifier(private_x509_cert_t *this)
1059 {
1060 return this->authKeyIdentifier;
1061 }
1062
1063 /**
1064 * Implementation of x509_cert_t.create_subjectAltName_enumerator.
1065 */
1066 static enumerator_t* create_subjectAltName_enumerator(private_x509_cert_t *this)
1067 {
1068 return this->subjectAltNames->create_enumerator(this->subjectAltNames);
1069 }
1070
1071 /**
1072 * Implementation of x509_cert_t.create_ocsp_uri_enumerator.
1073 */
1074 static enumerator_t* create_ocsp_uri_enumerator(private_x509_cert_t *this)
1075 {
1076 return this->ocsp_uris->create_enumerator(this->ocsp_uris);
1077 }
1078
1079 /**
1080 * Implementation of x509_cert_t.create_crl_uri_enumerator.
1081 */
1082 static enumerator_t* create_crl_uri_enumerator(private_x509_cert_t *this)
1083 {
1084 return this->crl_uris->create_enumerator(this->crl_uris);
1085 }
1086
1087 /**
1088 * Implementation of certificate_t.asdf
1089 */
1090 static void destroy(private_x509_cert_t *this)
1091 {
1092 if (ref_put(&this->ref))
1093 {
1094 this->subjectAltNames->destroy_offset(this->subjectAltNames,
1095 offsetof(identification_t, destroy));
1096 this->crl_uris->destroy_function(this->crl_uris, free);
1097 this->ocsp_uris->destroy_function(this->ocsp_uris, free);
1098 DESTROY_IF(this->issuer);
1099 DESTROY_IF(this->subject);
1100 DESTROY_IF(this->public_key);
1101 DESTROY_IF(this->authKeyIdentifier);
1102 chunk_free(&this->encoding);
1103 chunk_free(&this->encoding_hash);
1104 free(this);
1105 }
1106 }
1107
1108 /**
1109 * create an empty but initialized X.509 certificate
1110 */
1111 static private_x509_cert_t* create_empty(void)
1112 {
1113 private_x509_cert_t *this = malloc_thing(private_x509_cert_t);
1114
1115 this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
1116 this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
1117 this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
1118 this->public.interface.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject;
1119 this->public.interface.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer;
1120 this->public.interface.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
1121 this->public.interface.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
1122 this->public.interface.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
1123 this->public.interface.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
1124 this->public.interface.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
1125 this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
1126 this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
1127 this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy;
1128 this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags;
1129 this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial;
1130 this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier;
1131 this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator;
1132 this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator;
1133 this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator;
1134
1135 this->encoding = chunk_empty;
1136 this->encoding_hash = chunk_empty;
1137 this->public_key = NULL;
1138 this->subject = NULL;
1139 this->issuer = NULL;
1140 this->subjectAltNames = linked_list_create();
1141 this->crl_uris = linked_list_create();
1142 this->ocsp_uris = linked_list_create();
1143 this->subjectKeyID = chunk_empty;
1144 this->authKeyIdentifier = NULL;
1145 this->authKeySerialNumber = chunk_empty;
1146 this->flags = 0;
1147 this->ref = 1;
1148
1149 return this;
1150 }
1151
1152 /**
1153 * create an X.509 certificate from a chunk
1154 */
1155 static private_x509_cert_t *create_from_chunk(chunk_t chunk)
1156 {
1157 private_x509_cert_t *this = create_empty();
1158
1159 this->encoding = chunk;
1160 if (!parse_certificate(this))
1161 {
1162 destroy(this);
1163 return NULL;
1164 }
1165
1166 /* check if the certificate is self-signed */
1167 if (issued_by(this, &this->public.interface.interface))
1168 {
1169 this->flags |= X509_SELF_SIGNED;
1170 }
1171
1172 hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
1173 if (hasher != NULL)
1174 {
1175 hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
1176 hasher->destroy(hasher);
1177 }
1178 else
1179 {
1180 DBG1(" unable to create hash of certificate, SHA1 not supported");
1181 }
1182
1183 return this;
1184 }
1185
1186 /**
1187 * create an X.509 certificate from a file
1188 */
1189 static private_x509_cert_t *create_from_file(char *path)
1190 {
1191 bool pgp = FALSE;
1192 chunk_t chunk;
1193 private_x509_cert_t *this;
1194
1195 if (!pem_asn1_load_file(path, NULL, &chunk, &pgp))
1196 {
1197 return NULL;
1198 }
1199
1200 this = create_from_chunk(chunk);
1201
1202 if (this == NULL)
1203 {
1204 DBG1(" could not parse loaded certificate file '%s'",path);
1205 return NULL;
1206 }
1207 DBG1(" loaded certificate file '%s'", path);
1208 return this;
1209
1210 }
1211
1212 typedef struct private_builder_t private_builder_t;
1213 /**
1214 * Builder implementation for certificate loading
1215 */
1216 struct private_builder_t {
1217 /** implements the builder interface */
1218 builder_t public;
1219 /** loaded certificate */
1220 private_x509_cert_t *cert;
1221 /** additional flags to enforce */
1222 x509_flag_t flags;
1223 };
1224
1225 /**
1226 * Implementation of builder_t.build
1227 */
1228 static private_x509_cert_t *build(private_builder_t *this)
1229 {
1230 private_x509_cert_t *cert = this->cert;
1231 x509_flag_t flags = this->flags;
1232
1233 free(this);
1234 if (cert == NULL)
1235 {
1236 return NULL;
1237 }
1238 if ((flags & X509_CA) && !(cert->flags & X509_CA))
1239 {
1240 DBG1(" ca certificate must have ca basic constraint set, discarded");
1241 destroy(cert);
1242 return NULL;
1243 }
1244 cert->flags |= flags;
1245 return cert;
1246 }
1247
1248 /**
1249 * Implementation of builder_t.add
1250 */
1251 static void add(private_builder_t *this, builder_part_t part, ...)
1252 {
1253 va_list args;
1254
1255 va_start(args, part);
1256 switch (part)
1257 {
1258 case BUILD_FROM_FILE:
1259 this->cert = create_from_file(va_arg(args, char*));
1260 break;
1261 case BUILD_BLOB_ASN1_DER:
1262 this->cert = create_from_chunk(va_arg(args, chunk_t));
1263 break;
1264 case BUILD_X509_FLAG:
1265 this->flags = va_arg(args, x509_flag_t);
1266 break;
1267 default:
1268 DBG1("ignoring unsupported build part %N", builder_part_names, part);
1269 break;
1270 }
1271 va_end(args);
1272 }
1273
1274 /**
1275 * Builder construction function
1276 */
1277 builder_t *x509_cert_builder(certificate_type_t type)
1278 {
1279 private_builder_t *this;
1280
1281 if (type != CERT_X509)
1282 {
1283 return NULL;
1284 }
1285
1286 this = malloc_thing(private_builder_t);
1287
1288 this->cert = NULL;
1289 this->flags = 0;
1290 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
1291 this->public.build = (void*(*)(builder_t *this))build;
1292
1293 return &this->public;
1294 }
1295