pluto and scepclient use private and public key plugins of libstrongswan
[strongswan.git] / src / pluto / x509.c
1 /* Support of X.509 certificates
2 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
3 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
4 * Copyright (C) 2002 Mario Strasser
5 * Copyright (C) 2000-2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <stdlib.h>
19 #include <stdio.h>
20 #include <string.h>
21 #include <unistd.h>
22 #include <dirent.h>
23 #include <time.h>
24 #include <sys/types.h>
25
26 #include <freeswan.h>
27
28 #include <asn1/asn1.h>
29 #include <asn1/asn1_parser.h>
30 #include <asn1/oid.h>
31 #include <crypto/hashers/hasher.h>
32
33 #include "constants.h"
34 #include "defs.h"
35 #include "mp_defs.h"
36 #include "log.h"
37 #include "id.h"
38 #include "x509.h"
39 #include "crl.h"
40 #include "ca.h"
41 #include "certs.h"
42 #include "keys.h"
43 #include "whack.h"
44 #include "fetch.h"
45 #include "ocsp.h"
46
47 /**
48 * Chained lists of X.509 end certificates
49 */
50 static x509cert_t *x509certs = NULL;
51
52 /**
53 * ASN.1 definition of a basicConstraints extension
54 */
55 static const asn1Object_t basicConstraintsObjects[] = {
56 { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
57 { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */
58 { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
59 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
60 { 0, "exit", ASN1_EOC, ASN1_EXIT }
61 };
62 #define BASIC_CONSTRAINTS_CA 1
63
64 /**
65 * ASN.1 definition of a authorityKeyIdentifier extension
66 */
67 static const asn1Object_t authKeyIdentifierObjects[] = {
68 { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
69 { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_BODY }, /* 1 */
70 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
71 { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */
72 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
73 { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */
74 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */
75 { 0, "exit", ASN1_EOC, ASN1_EXIT }
76 };
77 #define AUTH_KEY_ID_KEY_ID 1
78 #define AUTH_KEY_ID_CERT_ISSUER 3
79 #define AUTH_KEY_ID_CERT_SERIAL 5
80
81 /**
82 * ASN.1 definition of a authorityInfoAccess extension
83 */
84 static const asn1Object_t authInfoAccessObjects[] = {
85 { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
86 { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
87 { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */
88 { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */
89 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
90 { 0, "exit", ASN1_EOC, ASN1_EXIT }
91 };
92 #define AUTH_INFO_ACCESS_METHOD 2
93 #define AUTH_INFO_ACCESS_LOCATION 3
94
95 /**
96 * ASN.1 definition of a extendedKeyUsage extension
97 */
98 static const asn1Object_t extendedKeyUsageObjects[] = {
99 { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
100 { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */
101 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
102 { 0, "exit", ASN1_EOC, ASN1_EXIT }
103 };
104 #define EXT_KEY_USAGE_PURPOSE_ID 1
105
106 /**
107 * ASN.1 definition of generalNames
108 */
109 static const asn1Object_t generalNamesObjects[] = {
110 { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
111 { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */
112 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
113 { 0, "exit", ASN1_EOC, ASN1_EXIT }
114 };
115 #define GENERAL_NAMES_GN 1
116
117 /**
118 * ASN.1 definition of generalName
119 */
120 static const asn1Object_t generalNameObjects[] = {
121 { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */
122 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */
123 { 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT|ASN1_BODY }, /* 2 */
124 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */
125 { 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 4 */
126 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
127 { 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 6 */
128 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
129 { 0, "directoryName", ASN1_CONTEXT_C_4, ASN1_OPT|ASN1_BODY }, /* 8 */
130 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
131 { 0, "ediPartyName", ASN1_CONTEXT_C_5, ASN1_OPT|ASN1_BODY }, /* 10 */
132 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 11 */
133 { 0, "URI", ASN1_CONTEXT_S_6, ASN1_OPT|ASN1_BODY }, /* 12 */
134 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 13 */
135 { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */
136 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */
137 { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */
138 { 0, "end choice", ASN1_EOC, ASN1_END }, /* 17 */
139 { 0, "exit", ASN1_EOC, ASN1_EXIT }
140 };
141 #define GN_OBJ_OTHER_NAME 0
142 #define GN_OBJ_RFC822_NAME 2
143 #define GN_OBJ_DNS_NAME 4
144 #define GN_OBJ_X400_ADDRESS 6
145 #define GN_OBJ_DIRECTORY_NAME 8
146 #define GN_OBJ_EDI_PARTY_NAME 10
147 #define GN_OBJ_URI 12
148 #define GN_OBJ_IP_ADDRESS 14
149 #define GN_OBJ_REGISTERED_ID 16
150
151 /**
152 * ASN.1 definition of otherName
153 */
154 static const asn1Object_t otherNameObjects[] = {
155 {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
156 {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY }, /* 1 */
157 {0, "exit", ASN1_EOC, ASN1_EXIT }
158 };
159 #define ON_OBJ_ID_TYPE 0
160 #define ON_OBJ_VALUE 1
161
162 /**
163 * ASN.1 definition of crlDistributionPoints
164 */
165 static const asn1Object_t crlDistributionPointsObjects[] = {
166 { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
167 { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
168 { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */
169 { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */
170 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */
171 { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */
172 { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */
173 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */
174 { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */
175 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */
176 { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */
177 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */
178 { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */
179 { 0, "exit", ASN1_EOC, ASN1_EXIT }
180 };
181 #define CRL_DIST_POINTS_FULLNAME 3
182
183 /**
184 * ASN.1 definition of RSApublicKey
185 */
186 static const asn1Object_t pubkeyObjects[] = {
187 { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
188 { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
189 { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
190 { 0, "exit", ASN1_EOC, ASN1_EXIT }
191 };
192 #define PUB_KEY_RSA_PUBLIC_KEY 0
193 #define PUB_KEY_MODULUS 1
194 #define PUB_KEY_EXPONENT 2
195
196 /**
197 * ASN.1 definition of an X.509v3 x509_cert
198 */
199 static const asn1Object_t certObjects[] = {
200 { 0, "x509", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
201 { 1, "tbsCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
202 { 2, "DEFAULT v1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 2 */
203 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */
204 { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 4 */
205 { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 5 */
206 { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
207 { 2, "validity", ASN1_SEQUENCE, ASN1_NONE }, /* 7 */
208 { 3, "notBefore", ASN1_EOC, ASN1_RAW }, /* 8 */
209 { 3, "notAfter", ASN1_EOC, ASN1_RAW }, /* 9 */
210 { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
211 { 2, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_RAW }, /* 11 */
212 { 2, "issuerUniqueID", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 12 */
213 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 13 */
214 { 2, "subjectUniqueID", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 14 */
215 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 15 */
216 { 2, "optional extensions", ASN1_CONTEXT_C_3, ASN1_OPT }, /* 16 */
217 { 3, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 17 */
218 { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 18 */
219 { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 19 */
220 { 5, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 20 */
221 { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 21 */
222 { 3, "end loop", ASN1_EOC, ASN1_END }, /* 22 */
223 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 23 */
224 { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 24 */
225 { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 25 */
226 { 0, "exit", ASN1_EOC, ASN1_EXIT }
227 };
228 #define X509_OBJ_CERTIFICATE 0
229 #define X509_OBJ_TBS_CERTIFICATE 1
230 #define X509_OBJ_VERSION 3
231 #define X509_OBJ_SERIAL_NUMBER 4
232 #define X509_OBJ_SIG_ALG 5
233 #define X509_OBJ_ISSUER 6
234 #define X509_OBJ_NOT_BEFORE 8
235 #define X509_OBJ_NOT_AFTER 9
236 #define X509_OBJ_SUBJECT 10
237 #define X509_OBJ_SUBJECT_PUBLIC_KEY_INFO 11
238 #define X509_OBJ_EXTN_ID 19
239 #define X509_OBJ_CRITICAL 20
240 #define X509_OBJ_EXTN_VALUE 21
241 #define X509_OBJ_ALGORITHM 24
242 #define X509_OBJ_SIGNATURE 25
243
244 const x509cert_t empty_x509cert = {
245 NULL , /* *next */
246 UNDEFINED_TIME, /* installed */
247 0 , /* count */
248 FALSE , /* smartcard */
249 AUTH_NONE , /* authority_flags */
250 { NULL, 0 } , /* certificate */
251 { NULL, 0 } , /* tbsCertificate */
252 1 , /* version */
253 { NULL, 0 } , /* serialNumber */
254 OID_UNKNOWN , /* sigAlg */
255 { NULL, 0 } , /* issuer */
256 /* validity */
257 0 , /* notBefore */
258 0 , /* notAfter */
259 { NULL, 0 } , /* subject */
260 NULL , /* public_key */
261 /* issuerUniqueID */
262 /* subjectUniqueID */
263 /* extensions */
264 /* extension */
265 /* extnID */
266 /* critical */
267 /* extnValue */
268 FALSE , /* isCA */
269 FALSE , /* isOcspSigner */
270 { NULL, 0 } , /* subjectKeyID */
271 { NULL, 0 } , /* authKeyID */
272 { NULL, 0 } , /* authKeySerialNumber */
273 { NULL, 0 } , /* accessLocation */
274 NULL , /* subjectAltName */
275 NULL , /* crlDistributionPoints */
276 OID_UNKNOWN , /* algorithm */
277 { NULL, 0 } /* signature */
278 };
279
280 /* coding of X.501 distinguished name */
281
282 typedef struct {
283 const u_char *name;
284 chunk_t oid;
285 u_char type;
286 } x501rdn_t;
287
288 /* X.501 acronyms for well known object identifiers (OIDs) */
289
290 static u_char oid_ND[] = {0x02, 0x82, 0x06, 0x01,
291 0x0A, 0x07, 0x14};
292 static u_char oid_UID[] = {0x09, 0x92, 0x26, 0x89, 0x93,
293 0xF2, 0x2C, 0x64, 0x01, 0x01};
294 static u_char oid_DC[] = {0x09, 0x92, 0x26, 0x89, 0x93,
295 0xF2, 0x2C, 0x64, 0x01, 0x19};
296 static u_char oid_CN[] = {0x55, 0x04, 0x03};
297 static u_char oid_S[] = {0x55, 0x04, 0x04};
298 static u_char oid_SN[] = {0x55, 0x04, 0x05};
299 static u_char oid_C[] = {0x55, 0x04, 0x06};
300 static u_char oid_L[] = {0x55, 0x04, 0x07};
301 static u_char oid_ST[] = {0x55, 0x04, 0x08};
302 static u_char oid_O[] = {0x55, 0x04, 0x0A};
303 static u_char oid_OU[] = {0x55, 0x04, 0x0B};
304 static u_char oid_T[] = {0x55, 0x04, 0x0C};
305 static u_char oid_D[] = {0x55, 0x04, 0x0D};
306 static u_char oid_N[] = {0x55, 0x04, 0x29};
307 static u_char oid_G[] = {0x55, 0x04, 0x2A};
308 static u_char oid_I[] = {0x55, 0x04, 0x2B};
309 static u_char oid_ID[] = {0x55, 0x04, 0x2D};
310 static u_char oid_EN[] = {0x60, 0x86, 0x48, 0x01, 0x86,
311 0xF8, 0x42, 0x03, 0x01, 0x03};
312 static u_char oid_E[] = {0x2A, 0x86, 0x48, 0x86, 0xF7,
313 0x0D, 0x01, 0x09, 0x01};
314 static u_char oid_UN[] = {0x2A, 0x86, 0x48, 0x86, 0xF7,
315 0x0D, 0x01, 0x09, 0x02};
316 static u_char oid_TCGID[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0x89,
317 0x31, 0x01, 0x01, 0x02, 0x02, 0x4B};
318
319 static const x501rdn_t x501rdns[] = {
320 {"ND" , {oid_ND, 7}, ASN1_PRINTABLESTRING},
321 {"UID" , {oid_UID, 10}, ASN1_PRINTABLESTRING},
322 {"DC" , {oid_DC, 10}, ASN1_PRINTABLESTRING},
323 {"CN" , {oid_CN, 3}, ASN1_PRINTABLESTRING},
324 {"S" , {oid_S, 3}, ASN1_PRINTABLESTRING},
325 {"SN" , {oid_SN, 3}, ASN1_PRINTABLESTRING},
326 {"serialNumber" , {oid_SN, 3}, ASN1_PRINTABLESTRING},
327 {"C" , {oid_C, 3}, ASN1_PRINTABLESTRING},
328 {"L" , {oid_L, 3}, ASN1_PRINTABLESTRING},
329 {"ST" , {oid_ST, 3}, ASN1_PRINTABLESTRING},
330 {"O" , {oid_O, 3}, ASN1_PRINTABLESTRING},
331 {"OU" , {oid_OU, 3}, ASN1_PRINTABLESTRING},
332 {"T" , {oid_T, 3}, ASN1_PRINTABLESTRING},
333 {"D" , {oid_D, 3}, ASN1_PRINTABLESTRING},
334 {"N" , {oid_N, 3}, ASN1_PRINTABLESTRING},
335 {"G" , {oid_G, 3}, ASN1_PRINTABLESTRING},
336 {"I" , {oid_I, 3}, ASN1_PRINTABLESTRING},
337 {"ID" , {oid_ID, 3}, ASN1_PRINTABLESTRING},
338 {"EN" , {oid_EN, 10}, ASN1_PRINTABLESTRING},
339 {"employeeNumber" , {oid_EN, 10}, ASN1_PRINTABLESTRING},
340 {"E" , {oid_E, 9}, ASN1_IA5STRING},
341 {"Email" , {oid_E, 9}, ASN1_IA5STRING},
342 {"emailAddress" , {oid_E, 9}, ASN1_IA5STRING},
343 {"UN" , {oid_UN, 9}, ASN1_IA5STRING},
344 {"unstructuredName", {oid_UN, 9}, ASN1_IA5STRING},
345 {"TCGID" , {oid_TCGID, 12}, ASN1_PRINTABLESTRING}
346 };
347
348 #define X501_RDN_ROOF 26
349
350 static u_char ASN1_subjectAltName_oid_str[] = {
351 0x06, 0x03, 0x55, 0x1D, 0x11
352 };
353
354 static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str);
355
356 static void update_chunk(chunk_t *ch, int n)
357 {
358 n = (n > -1 && n < (int)ch->len)? n : (int)ch->len-1;
359 ch->ptr += n; ch->len -= n;
360 }
361
362
363 /**
364 * Pointer is set to the first RDN in a DN
365 */
366 static err_t init_rdn(chunk_t dn, chunk_t *rdn, chunk_t *attribute, bool *next)
367 {
368 *rdn = chunk_empty;
369 *attribute = chunk_empty;
370
371 /* a DN is a SEQUENCE OF RDNs */
372
373 if (*dn.ptr != ASN1_SEQUENCE)
374 {
375 return "DN is not a SEQUENCE";
376 }
377
378 rdn->len = asn1_length(&dn);
379
380 if (rdn->len == ASN1_INVALID_LENGTH)
381 {
382 return "Invalid RDN length";
383 }
384 rdn->ptr = dn.ptr;
385
386 /* are there any RDNs ? */
387 *next = rdn->len > 0;
388
389 return NULL;
390 }
391
392 /**
393 * Fetches the next RDN in a DN
394 */
395 static err_t get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid,
396 chunk_t *value, asn1_t *type, bool *next)
397 {
398 chunk_t body;
399
400 /* initialize return values */
401 *oid = chunk_empty;
402 *value = chunk_empty;
403
404 /* if all attributes have been parsed, get next rdn */
405 if (attribute->len <= 0)
406 {
407 /* an RDN is a SET OF attributeTypeAndValue */
408 if (*rdn->ptr != ASN1_SET)
409 {
410 return "RDN is not a SET";
411 }
412 attribute->len = asn1_length(rdn);
413
414 if (attribute->len == ASN1_INVALID_LENGTH)
415 {
416 return "Invalid attribute length";
417 }
418 attribute->ptr = rdn->ptr;
419
420 /* advance to start of next RDN */
421 rdn->ptr += attribute->len;
422 rdn->len -= attribute->len;
423 }
424
425 /* an attributeTypeAndValue is a SEQUENCE */
426 if (*attribute->ptr != ASN1_SEQUENCE)
427 {
428 return "attributeTypeAndValue is not a SEQUENCE";
429 }
430
431 /* extract the attribute body */
432 body.len = asn1_length(attribute);
433
434 if (body.len == ASN1_INVALID_LENGTH)
435 {
436 return "Invalid attribute body length";
437 }
438 body.ptr = attribute->ptr;
439
440 /* advance to start of next attribute */
441 attribute->ptr += body.len;
442 attribute->len -= body.len;
443
444 /* attribute type is an OID */
445 if (*body.ptr != ASN1_OID)
446 {
447 return "attributeType is not an OID";
448 }
449
450 /* extract OID */
451 oid->len = asn1_length(&body);
452
453 if (oid->len == ASN1_INVALID_LENGTH)
454 {
455 return "Invalid attribute OID length";
456 }
457 oid->ptr = body.ptr;
458
459 /* advance to the attribute value */
460 body.ptr += oid->len;
461 body.len -= oid->len;
462
463 /* extract string type */
464 *type = *body.ptr;
465
466 /* extract string value */
467 value->len = asn1_length(&body);
468
469 if (value->len == ASN1_INVALID_LENGTH)
470 {
471 return "Invalid attribute string length";
472 }
473 value->ptr = body.ptr;
474
475 /* are there any RDNs left? */
476 *next = rdn->len > 0 || attribute->len > 0;
477
478 return NULL;
479 }
480
481 /**
482 * Parses an ASN.1 distinguished name int its OID/value pairs
483 */
484 static err_t dn_parse(chunk_t dn, chunk_t *str)
485 {
486 chunk_t rdn, oid, attribute, value;
487 asn1_t type;
488 int oid_code;
489 bool next;
490 bool first = TRUE;
491
492 err_t ugh = init_rdn(dn, &rdn, &attribute, &next);
493
494 if (ugh != NULL) /* a parsing error has occured */
495 {
496 return ugh;
497 }
498
499 while (next)
500 {
501 ugh = get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next);
502
503 if (ugh != NULL) /* a parsing error has occured */
504 {
505 return ugh;
506 }
507
508 if (first) /* first OID/value pair */
509 {
510 first = FALSE;
511 }
512 else /* separate OID/value pair by a comma */
513 {
514 update_chunk(str, snprintf(str->ptr,str->len,", "));
515 }
516
517 /* print OID */
518 oid_code = asn1_known_oid(oid);
519 if (oid_code == OID_UNKNOWN) /* OID not found in list */
520 {
521 hex_str(oid, str);
522 }
523 else
524 {
525 update_chunk(str, snprintf(str->ptr,str->len,"%s",
526 oid_names[oid_code].name));
527 }
528
529 /* print value */
530 update_chunk(str, snprintf(str->ptr,str->len,"=%.*s",
531 (int)value.len,value.ptr));
532 }
533 return NULL;
534 }
535
536 /**
537 * Count the number of wildcard RDNs in a distinguished name
538 */
539 int dn_count_wildcards(chunk_t dn)
540 {
541 chunk_t rdn, attribute, oid, value;
542 asn1_t type;
543 bool next;
544 int wildcards = 0;
545
546 err_t ugh = init_rdn(dn, &rdn, &attribute, &next);
547
548 if (ugh != NULL) /* a parsing error has occured */
549 {
550 return -1;
551 }
552
553 while (next)
554 {
555 ugh = get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next);
556
557 if (ugh != NULL) /* a parsing error has occured */
558 {
559 return -1;
560 }
561 if (value.len == 1 && *value.ptr == '*')
562 {
563 wildcards++; /* we have found a wildcard RDN */
564 }
565 }
566 return wildcards;
567 }
568
569 /**
570 * Prints a binary string in hexadecimal form
571 */
572 void hex_str(chunk_t bin, chunk_t *str)
573 {
574 u_int i;
575 update_chunk(str, snprintf(str->ptr,str->len,"0x"));
576 for (i=0; i < bin.len; i++)
577 update_chunk(str, snprintf(str->ptr,str->len,"%02X",*bin.ptr++));
578 }
579
580
581 /** Converts a binary DER-encoded ASN.1 distinguished name
582 * into LDAP-style human-readable ASCII format
583 */
584 int dntoa(char *dst, size_t dstlen, chunk_t dn)
585 {
586 err_t ugh = NULL;
587 chunk_t str;
588
589 str.ptr = dst;
590 str.len = dstlen;
591 ugh = dn_parse(dn, &str);
592
593 if (ugh != NULL) /* error, print DN as hex string */
594 {
595 DBG(DBG_PARSING,
596 DBG_log("error in DN parsing: %s", ugh)
597 )
598 str.ptr = dst;
599 str.len = dstlen;
600 hex_str(dn, &str);
601 }
602 return (int)(dstlen - str.len);
603 }
604
605 /**
606 * Same as dntoa but prints a special string for a null dn
607 */
608 int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn, const char* null_dn)
609 {
610 if (dn.ptr == NULL)
611 {
612 return snprintf(dst, dstlen, "%s", null_dn);
613 }
614 else
615 {
616 return dntoa(dst, dstlen, dn);
617 }
618 }
619
620
621 /**
622 * Codes ASN.1 lengths up to a size of 16'777'215 bytes
623 */
624 static void code_asn1_length(size_t length, chunk_t *code)
625 {
626 if (length < 128)
627 {
628 code->ptr[0] = length;
629 code->len = 1;
630 }
631 else if (length < 256)
632 {
633 code->ptr[0] = 0x81;
634 code->ptr[1] = (u_char) length;
635 code->len = 2;
636 }
637 else if (length < 65536)
638 {
639 code->ptr[0] = 0x82;
640 code->ptr[1] = length >> 8;
641 code->ptr[2] = length & 0x00ff;
642 code->len = 3;
643 }
644 else
645 {
646 code->ptr[0] = 0x83;
647 code->ptr[1] = length >> 16;
648 code->ptr[2] = (length >> 8) & 0x00ff;
649 code->ptr[3] = length & 0x0000ff;
650 code->len = 4;
651 }
652 }
653
654 /**
655 * Converts an LDAP-style human-readable ASCII-encoded
656 * ASN.1 distinguished name into binary DER-encoded format
657 */
658 err_t atodn(char *src, chunk_t *dn)
659 {
660 /* finite state machine for atodn */
661
662 typedef enum {
663 SEARCH_OID = 0,
664 READ_OID = 1,
665 SEARCH_NAME = 2,
666 READ_NAME = 3,
667 UNKNOWN_OID = 4
668 } state_t;
669
670 u_char oid_len_buf[3];
671 u_char name_len_buf[3];
672 u_char rdn_seq_len_buf[3];
673 u_char rdn_set_len_buf[3];
674 u_char dn_seq_len_buf[3];
675
676 chunk_t asn1_oid_len = { oid_len_buf, 0 };
677 chunk_t asn1_name_len = { name_len_buf, 0 };
678 chunk_t asn1_rdn_seq_len = { rdn_seq_len_buf, 0 };
679 chunk_t asn1_rdn_set_len = { rdn_set_len_buf, 0 };
680 chunk_t asn1_dn_seq_len = { dn_seq_len_buf, 0 };
681 chunk_t oid = chunk_empty;
682 chunk_t name = chunk_empty;
683
684 int whitespace = 0;
685 int rdn_seq_len = 0;
686 int rdn_set_len = 0;
687 int dn_seq_len = 0;
688 int pos = 0;
689
690 err_t ugh = NULL;
691
692 u_char *dn_ptr = dn->ptr + 4;
693
694 state_t state = SEARCH_OID;
695
696 do
697 {
698 switch (state)
699 {
700 case SEARCH_OID:
701 if (*src != ' ' && *src != '/' && *src != ',')
702 {
703 oid.ptr = src;
704 oid.len = 1;
705 state = READ_OID;
706 }
707 break;
708 case READ_OID:
709 if (*src != ' ' && *src != '=')
710 {
711 oid.len++;
712 }
713 else
714 {
715 for (pos = 0; pos < X501_RDN_ROOF; pos++)
716 {
717 if (strlen(x501rdns[pos].name) == oid.len &&
718 strncasecmp(x501rdns[pos].name, oid.ptr, oid.len) == 0)
719 {
720 break; /* found a valid OID */
721 }
722 }
723 if (pos == X501_RDN_ROOF)
724 {
725 ugh = "unknown OID in distinguished name";
726 state = UNKNOWN_OID;
727 break;
728 }
729 code_asn1_length(x501rdns[pos].oid.len, &asn1_oid_len);
730
731 /* reset oid and change state */
732 oid = chunk_empty;
733 state = SEARCH_NAME;
734 }
735 break;
736 case SEARCH_NAME:
737 if (*src != ' ' && *src != '=')
738 {
739 name.ptr = src;
740 name.len = 1;
741 whitespace = 0;
742 state = READ_NAME;
743 }
744 break;
745 case READ_NAME:
746 if (*src != ',' && *src != '/' && *src != '\0')
747 {
748 name.len++;
749 if (*src == ' ')
750 {
751 whitespace++;
752 }
753 else
754 {
755 whitespace = 0;
756 }
757 }
758 else
759 {
760 name.len -= whitespace;
761 code_asn1_length(name.len, &asn1_name_len);
762
763 /* compute the length of the relative distinguished name sequence */
764 rdn_seq_len = 1 + asn1_oid_len.len + x501rdns[pos].oid.len +
765 1 + asn1_name_len.len + name.len;
766 code_asn1_length(rdn_seq_len, &asn1_rdn_seq_len);
767
768 /* compute the length of the relative distinguished name set */
769 rdn_set_len = 1 + asn1_rdn_seq_len.len + rdn_seq_len;
770 code_asn1_length(rdn_set_len, &asn1_rdn_set_len);
771
772 /* encode the relative distinguished name */
773 *dn_ptr++ = ASN1_SET;
774 chunkcpy(dn_ptr, asn1_rdn_set_len);
775 *dn_ptr++ = ASN1_SEQUENCE;
776 chunkcpy(dn_ptr, asn1_rdn_seq_len);
777 *dn_ptr++ = ASN1_OID;
778 chunkcpy(dn_ptr, asn1_oid_len);
779 chunkcpy(dn_ptr, x501rdns[pos].oid);
780 /* encode the ASN.1 character string type of the name */
781 *dn_ptr++ = (x501rdns[pos].type == ASN1_PRINTABLESTRING
782 && !asn1_is_printablestring(name))? ASN1_T61STRING : x501rdns[pos].type;
783 chunkcpy(dn_ptr, asn1_name_len);
784 chunkcpy(dn_ptr, name);
785
786 /* accumulate the length of the distinguished name sequence */
787 dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len;
788
789 /* reset name and change state */
790 name = chunk_empty;
791 state = SEARCH_OID;
792 }
793 break;
794 case UNKNOWN_OID:
795 break;
796 }
797 } while (*src++ != '\0');
798
799 /* complete the distinguished name sequence*/
800 code_asn1_length(dn_seq_len, &asn1_dn_seq_len);
801 dn->ptr += 3 - asn1_dn_seq_len.len;
802 dn->len = 1 + asn1_dn_seq_len.len + dn_seq_len;
803 dn_ptr = dn->ptr;
804 *dn_ptr++ = ASN1_SEQUENCE;
805 chunkcpy(dn_ptr, asn1_dn_seq_len);
806 return ugh;
807 }
808
809 /**
810 * compare two distinguished names by comparing the individual RDNs
811 */
812 bool same_dn(chunk_t a, chunk_t b)
813 {
814 chunk_t rdn_a, rdn_b, attribute_a, attribute_b;
815 chunk_t oid_a, oid_b, value_a, value_b;
816 asn1_t type_a, type_b;
817 bool next_a, next_b;
818
819 /* same lengths for the DNs */
820 if (a.len != b.len)
821 {
822 return FALSE;
823 }
824
825 /* try a binary comparison first */
826 if (memeq(a.ptr, b.ptr, b.len))
827 {
828 return TRUE;
829 }
830
831 /* initialize DN parsing */
832 if (init_rdn(a, &rdn_a, &attribute_a, &next_a) != NULL
833 || init_rdn(b, &rdn_b, &attribute_b, &next_b) != NULL)
834 {
835 return FALSE;
836 }
837
838 /* fetch next RDN pair */
839 while (next_a && next_b)
840 {
841 /* parse next RDNs and check for errors */
842 if (get_next_rdn(&rdn_a, &attribute_a, &oid_a, &value_a, &type_a, &next_a) != NULL
843 || get_next_rdn(&rdn_b, &attribute_b, &oid_b, &value_b, &type_b, &next_b) != NULL)
844 {
845 return FALSE;
846 }
847
848 /* OIDs must agree */
849 if (oid_a.len != oid_b.len || memcmp(oid_a.ptr, oid_b.ptr, oid_b.len) != 0)
850 {
851 return FALSE;
852 }
853
854 /* same lengths for values */
855 if (value_a.len != value_b.len)
856 {
857 return FALSE;
858 }
859
860 /* printableStrings and email RDNs require uppercase comparison */
861 if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING ||
862 (type_a == ASN1_IA5STRING && asn1_known_oid(oid_a) == OID_PKCS9_EMAIL)))
863 {
864 if (strncasecmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
865 {
866 return FALSE;
867 }
868 }
869 else
870 {
871 if (strncmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
872 {
873 return FALSE;
874 }
875 }
876 }
877 /* both DNs must have same number of RDNs */
878 if (next_a || next_b)
879 {
880 return FALSE;
881 }
882
883 /* the two DNs are equal! */
884 return TRUE;
885 }
886
887
888 /**
889 * Compare two distinguished names by comparing the individual RDNs.
890 * A single'*' character designates a wildcard RDN in DN b.
891 */
892 bool match_dn(chunk_t a, chunk_t b, int *wildcards)
893 {
894 chunk_t rdn_a, rdn_b, attribute_a, attribute_b;
895 chunk_t oid_a, oid_b, value_a, value_b;
896 asn1_t type_a, type_b;
897 bool next_a, next_b;
898
899 /* initialize wildcard counter */
900 *wildcards = 0;
901
902 /* initialize DN parsing */
903 if (init_rdn(a, &rdn_a, &attribute_a, &next_a) != NULL
904 || init_rdn(b, &rdn_b, &attribute_b, &next_b) != NULL)
905 {
906 return FALSE;
907 }
908
909 /* fetch next RDN pair */
910 while (next_a && next_b)
911 {
912 /* parse next RDNs and check for errors */
913 if (get_next_rdn(&rdn_a, &attribute_a, &oid_a, &value_a, &type_a, &next_a) != NULL
914 || get_next_rdn(&rdn_b, &attribute_b, &oid_b, &value_b, &type_b, &next_b) != NULL)
915 {
916 return FALSE;
917 }
918
919 /* OIDs must agree */
920 if (oid_a.len != oid_b.len || memcmp(oid_a.ptr, oid_b.ptr, oid_b.len) != 0)
921 {
922 return FALSE;
923 }
924
925 /* does rdn_b contain a wildcard? */
926 if (value_b.len == 1 && *value_b.ptr == '*')
927 {
928 (*wildcards)++;
929 continue;
930 }
931
932 /* same lengths for values */
933 if (value_a.len != value_b.len)
934 {
935 return FALSE;
936 }
937
938 /* printableStrings and email RDNs require uppercase comparison */
939 if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING ||
940 (type_a == ASN1_IA5STRING && asn1_known_oid(oid_a) == OID_PKCS9_EMAIL)))
941 {
942 if (strncasecmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
943 {
944 return FALSE;
945 }
946 }
947 else
948 {
949 if (strncmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
950 {
951 return FALSE;
952 }
953 }
954 }
955
956 /* both DNs must have same number of RDNs */
957 if (next_a || next_b)
958 {
959 return FALSE;
960 }
961
962 /* the two DNs match! */
963 return TRUE;
964 }
965
966 /**
967 * Compare two X.509 certificates by comparing their signatures
968 */
969 bool same_x509cert(const x509cert_t *a, const x509cert_t *b)
970 {
971 return chunk_equals(a->signature, b->signature);
972 }
973
974 /**
975 * For each link pointing to the certificate increase the count by one
976 */
977 void share_x509cert(x509cert_t *cert)
978 {
979 if (cert != NULL)
980 {
981 cert->count++;
982 }
983 }
984
985 /**
986 * Add a X.509 user/host certificate to the chained list
987 */
988 x509cert_t* add_x509cert(x509cert_t *cert)
989 {
990 x509cert_t *c = x509certs;
991
992 while (c != NULL)
993 {
994 if (same_x509cert(c, cert)) /* already in chain, free cert */
995 {
996 free_x509cert(cert);
997 return c;
998 }
999 c = c->next;
1000 }
1001
1002 /* insert new cert at the root of the chain */
1003 lock_certs_and_keys("add_x509cert");
1004 cert->next = x509certs;
1005 x509certs = cert;
1006 DBG(DBG_CONTROL | DBG_PARSING,
1007 DBG_log(" x509 cert inserted")
1008 )
1009 unlock_certs_and_keys("add_x509cert");
1010 return cert;
1011 }
1012
1013 /**
1014 * Choose either subject DN or a subjectAltName as connection end ID
1015 */
1016 void select_x509cert_id(x509cert_t *cert, struct id *end_id)
1017 {
1018 bool copy_subject_dn = TRUE; /* ID is subject DN */
1019
1020 if (end_id->kind != ID_ANY) /* check for matching subjectAltName */
1021 {
1022 generalName_t *gn = cert->subjectAltName;
1023
1024 while (gn != NULL)
1025 {
1026 struct id id = empty_id;
1027
1028 gntoid(&id, gn);
1029 if (same_id(&id, end_id))
1030 {
1031 copy_subject_dn = FALSE; /* take subjectAltName instead */
1032 break;
1033 }
1034 gn = gn->next;
1035 }
1036 }
1037
1038 if (copy_subject_dn)
1039 {
1040 if (end_id->kind != ID_ANY && end_id->kind != ID_DER_ASN1_DN)
1041 {
1042 char buf[BUF_LEN];
1043
1044 idtoa(end_id, buf, BUF_LEN);
1045 plog(" no subjectAltName matches ID '%s', replaced by subject DN", buf);
1046 }
1047 end_id->kind = ID_DER_ASN1_DN;
1048 end_id->name.len = cert->subject.len;
1049 end_id->name.ptr = temporary_cyclic_buffer();
1050 memcpy(end_id->name.ptr, cert->subject.ptr, cert->subject.len);
1051 }
1052 }
1053
1054 /**
1055 * Check for equality between two key identifiers
1056 */
1057 bool same_keyid(chunk_t a, chunk_t b)
1058 {
1059 if (a.ptr == NULL || b.ptr == NULL)
1060 {
1061 return FALSE;
1062 }
1063 return chunk_equals(a, b);
1064 }
1065
1066 /**
1067 * Check for equality between two serial numbers
1068 */
1069 bool same_serial(chunk_t a, chunk_t b)
1070 {
1071 /* do not compare serial numbers if one of them is not defined */
1072 if (a.ptr == NULL || b.ptr == NULL)
1073 {
1074 return TRUE;
1075 }
1076 return chunk_equals(a, b);
1077 }
1078
1079 /**
1080 * Get a X.509 certificate with a given issuer found at a certain position
1081 */
1082 x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid,
1083 x509cert_t *chain)
1084 {
1085 x509cert_t *cert = (chain != NULL)? chain->next : x509certs;
1086
1087 while (cert != NULL)
1088 {
1089 if ((keyid.ptr != NULL) ? same_keyid(keyid, cert->authKeyID)
1090 : (same_dn(issuer, cert->issuer)
1091 && same_serial(serial, cert->authKeySerialNumber)))
1092 {
1093 return cert;
1094 }
1095 cert = cert->next;
1096 }
1097 return NULL;
1098 }
1099
1100 /**
1101 * Encode a linked list of subjectAltNames
1102 */
1103 chunk_t build_subjectAltNames(generalName_t *subjectAltNames)
1104 {
1105 u_char *pos;
1106 chunk_t names;
1107 size_t len = 0;
1108 generalName_t *gn = subjectAltNames;
1109
1110 /* compute the total size of the ASN.1 attributes object */
1111 while (gn != NULL)
1112 {
1113 len += gn->name.len;
1114 gn = gn->next;
1115 }
1116
1117 pos = asn1_build_object(&names, ASN1_SEQUENCE, len);
1118
1119 gn = subjectAltNames;
1120 while (gn != NULL)
1121 {
1122 chunkcpy(pos, gn->name);
1123 gn = gn->next;
1124 }
1125
1126 return asn1_wrap(ASN1_SEQUENCE, "cm"
1127 , ASN1_subjectAltName_oid
1128 , asn1_wrap(ASN1_OCTET_STRING, "m", names));
1129 }
1130
1131 /**
1132 * Build a to-be-signed X.509 certificate body
1133 */
1134 static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa)
1135 {
1136 /* version is always X.509v3 */
1137 chunk_t version = asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2);
1138
1139 chunk_t extensions = chunk_empty;
1140
1141 chunk_t key = rsa->get_encoding(rsa);
1142
1143 chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
1144 asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
1145 asn1_bitstring("m", key));
1146
1147 if (cert->subjectAltName != NULL)
1148 {
1149 extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m"
1150 , asn1_wrap(ASN1_SEQUENCE, "m"
1151 , build_subjectAltNames(cert->subjectAltName)));
1152 }
1153
1154 return asn1_wrap(ASN1_SEQUENCE, "mmccmcmm"
1155 , version
1156 , asn1_integer("c", cert->serialNumber)
1157 , asn1_algorithmIdentifier(cert->sigAlg)
1158 , cert->issuer
1159 , asn1_wrap(ASN1_SEQUENCE, "mm"
1160 , asn1_from_time(&cert->notBefore, ASN1_UTCTIME)
1161 , asn1_from_time(&cert->notAfter, ASN1_UTCTIME)
1162 )
1163 , cert->subject
1164 , keyInfo
1165 , extensions
1166 );
1167 }
1168
1169 /**
1170 * Build a DER-encoded X.509 certificate
1171 */
1172 void build_x509cert(x509cert_t *cert, public_key_t *cert_key,
1173 private_key_t *signer_key)
1174 {
1175 chunk_t tbs_cert = build_tbs_x509cert(cert, cert_key);
1176
1177 chunk_t signature = x509_build_signature(tbs_cert, cert->sigAlg
1178 , signer_key, TRUE);
1179
1180 cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm"
1181 , tbs_cert
1182 , asn1_algorithmIdentifier(cert->sigAlg)
1183 , signature);
1184 }
1185
1186 /**
1187 * Free the dynamic memory used to store generalNames
1188 */
1189 void free_generalNames(generalName_t* gn, bool free_name)
1190 {
1191 while (gn != NULL)
1192 {
1193 generalName_t *gn_top = gn;
1194 if (free_name)
1195 {
1196 free(gn->name.ptr);
1197 }
1198 gn = gn->next;
1199 free(gn_top);
1200 }
1201 }
1202
1203 /**
1204 * Free a X.509 certificate
1205 */
1206 void free_x509cert(x509cert_t *cert)
1207 {
1208 if (cert != NULL)
1209 {
1210 DESTROY_IF(cert->public_key);
1211 free_generalNames(cert->subjectAltName, FALSE);
1212 free_generalNames(cert->crlDistributionPoints, FALSE);
1213 free(cert->certificate.ptr);
1214 free(cert);
1215 cert = NULL;
1216 }
1217 }
1218
1219 /**
1220 * Release of a certificate decreases the count by one
1221 * the certificate is freed when the counter reaches zero
1222 */
1223 void release_x509cert(x509cert_t *cert)
1224 {
1225 if (cert != NULL && --cert->count == 0)
1226 {
1227 x509cert_t **pp = &x509certs;
1228 while (*pp != cert)
1229 {
1230 pp = &(*pp)->next;
1231 }
1232 *pp = cert->next;
1233 free_x509cert(cert);
1234 }
1235 }
1236
1237 /**
1238 * Stores a chained list of end certs and CA certs
1239 */
1240 void store_x509certs(x509cert_t **firstcert, bool strict)
1241 {
1242 x509cert_t *cacerts = NULL;
1243 x509cert_t **pp = firstcert;
1244
1245 /* first extract CA certs, discarding root CA certs */
1246
1247 while (*pp != NULL)
1248 {
1249 x509cert_t *cert = *pp;
1250
1251 if (cert->isCA)
1252 {
1253 *pp = cert->next;
1254
1255 /* we don't accept self-signed CA certs */
1256 if (same_dn(cert->issuer, cert->subject))
1257 {
1258 plog("self-signed cacert rejected");
1259 free_x509cert(cert);
1260 }
1261 else
1262 {
1263 /* insertion into temporary chain of candidate CA certs */
1264 cert->next = cacerts;
1265 cacerts = cert;
1266 }
1267 }
1268 else
1269 {
1270 pp = &cert->next;
1271 }
1272 }
1273
1274 /* now verify the candidate CA certs */
1275
1276 while (cacerts != NULL)
1277 {
1278 x509cert_t *cert = cacerts;
1279
1280 cacerts = cacerts->next;
1281
1282 if (trust_authcert_candidate(cert, cacerts))
1283 {
1284 add_authcert(cert, AUTH_CA);
1285 }
1286 else
1287 {
1288 plog("intermediate cacert rejected");
1289 free_x509cert(cert);
1290 }
1291 }
1292
1293 /* now verify the end certificates */
1294
1295 pp = firstcert;
1296
1297 while (*pp != NULL)
1298 {
1299 time_t valid_until;
1300 x509cert_t *cert = *pp;
1301
1302 if (verify_x509cert(cert, strict, &valid_until))
1303 {
1304 DBG(DBG_CONTROL | DBG_PARSING,
1305 DBG_log("public key validated")
1306 )
1307 add_x509_public_key(cert, valid_until, DAL_SIGNED);
1308 }
1309 else
1310 {
1311 plog("X.509 certificate rejected");
1312 }
1313 *pp = cert->next;
1314 free_x509cert(cert);
1315 }
1316 }
1317
1318 /**
1319 * Check if a signature over binary blob is genuine
1320 */
1321 bool x509_check_signature(chunk_t tbs, chunk_t sig, int algorithm,
1322 const x509cert_t *issuer_cert)
1323 {
1324 public_key_t *key = issuer_cert->public_key;
1325 signature_scheme_t scheme = SIGN_DEFAULT;
1326
1327 switch (algorithm)
1328 {
1329 case OID_MD5_WITH_RSA:
1330 scheme = SIGN_RSA_EMSA_PKCS1_MD5;
1331 break;
1332 case OID_SHA1_WITH_RSA:
1333 scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
1334 break;
1335 case OID_SHA256_WITH_RSA:
1336 scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
1337 break;
1338 case OID_SHA384_WITH_RSA:
1339 scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
1340 break;
1341 case OID_SHA512_WITH_RSA:
1342 scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
1343 break;
1344 case OID_ECDSA_WITH_SHA1:
1345 scheme = SIGN_ECDSA_WITH_SHA1;
1346 break;
1347 default:
1348 return FALSE;
1349 }
1350 return key->verify(key, scheme, tbs, sig);
1351 }
1352
1353 /**
1354 * Build an ASN.1 encoded PKCS#1 signature over a binary blob
1355 */
1356 chunk_t x509_build_signature(chunk_t tbs, int hash_alg, private_key_t *key,
1357 bool bit_string)
1358 {
1359 signature_scheme_t scheme = SIGN_DEFAULT;
1360 chunk_t signature;
1361
1362 switch (hash_alg)
1363 {
1364 case OID_MD5:
1365 scheme = SIGN_RSA_EMSA_PKCS1_MD5;
1366 break;
1367 case OID_SHA1:
1368 scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
1369 break;
1370 case OID_SHA256:
1371 scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
1372 break;
1373 case OID_SHA384:
1374 scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
1375 break;
1376 case OID_SHA512:
1377 scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
1378 break;
1379 default:
1380 return chunk_empty;
1381 }
1382 if (!key->sign(key, scheme, tbs, &signature))
1383 {
1384 return chunk_empty;
1385 }
1386 return (bit_string) ? asn1_bitstring("m", signature)
1387 : asn1_wrap(ASN1_OCTET_STRING, "m", signature);
1388 }
1389
1390 /**
1391 * Extracts the basicConstraints extension
1392 */
1393 static bool parse_basicConstraints(chunk_t blob, int level0)
1394 {
1395 asn1_parser_t *parser;
1396 chunk_t object;
1397 int objectID;
1398 bool isCA = FALSE;
1399
1400 parser = asn1_parser_create(basicConstraintsObjects, blob);
1401 parser->set_top_level(parser, level0);
1402
1403 while (parser->iterate(parser, &objectID, &object))
1404 {
1405 if (objectID == BASIC_CONSTRAINTS_CA)
1406 {
1407 isCA = object.len && *object.ptr;
1408 DBG(DBG_PARSING,
1409 DBG_log(" %s",(isCA)?"TRUE":"FALSE");
1410 )
1411 }
1412 }
1413 parser->destroy(parser);
1414
1415 return isCA;
1416 }
1417
1418 /**
1419 * Converts a X.500 generalName into an ID
1420 */
1421 void gntoid(struct id *id, const generalName_t *gn)
1422 {
1423 switch(gn->kind)
1424 {
1425 case GN_DNS_NAME: /* ID type: ID_FQDN */
1426 id->kind = ID_FQDN;
1427 id->name = gn->name;
1428 break;
1429 case GN_IP_ADDRESS: /* ID type: ID_IPV4_ADDR */
1430 {
1431 const struct af_info *afi = &af_inet4_info;
1432 err_t ugh = NULL;
1433
1434 id->kind = afi->id_addr;
1435 ugh = initaddr(gn->name.ptr, gn->name.len, afi->af, &id->ip_addr);
1436 }
1437 break;
1438 case GN_RFC822_NAME: /* ID type: ID_USER_FQDN */
1439 id->kind = ID_USER_FQDN;
1440 id->name = gn->name;
1441 break;
1442 default:
1443 id->kind = ID_ANY;
1444 id->name = chunk_empty;
1445 }
1446 }
1447
1448 /**
1449 * Compute the subjectKeyIdentifier according to section 4.2.1.2 of RFC 3280
1450 * as the 160 bit SHA-1 hash of the public key
1451 */
1452 bool compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID)
1453 {
1454 identification_t *keyid;
1455 chunk_t encoding;
1456
1457 keyid = cert->public_key->get_id(cert->public_key, ID_PUBKEY_SHA1);
1458 if (keyid == NULL)
1459 {
1460 plog(" unable to compute subjectKeyID");
1461 return FALSE;
1462 }
1463 encoding = keyid->get_encoding(keyid);
1464 memcpy(subjectKeyID.ptr, encoding.ptr, subjectKeyID.len);
1465 return TRUE;
1466 }
1467
1468 /**
1469 * Extracts an otherName
1470 */
1471 static bool parse_otherName(chunk_t blob, int level0)
1472 {
1473 asn1_parser_t *parser;
1474 chunk_t object;
1475 int objectID;
1476 int oid = OID_UNKNOWN;
1477 bool success = FALSE;
1478
1479 parser = asn1_parser_create(otherNameObjects, blob);
1480 parser->set_top_level(parser, level0);
1481
1482 while (parser->iterate(parser, &objectID, &object))
1483 {
1484 switch (objectID)
1485 {
1486 case ON_OBJ_ID_TYPE:
1487 oid = asn1_known_oid(object);
1488 break;
1489 case ON_OBJ_VALUE:
1490 if (oid == OID_XMPP_ADDR)
1491 {
1492 if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING,
1493 parser->get_level(parser) + 1, "xmppAddr"))
1494 {
1495 goto end;
1496 }
1497 }
1498 break;
1499 default:
1500 break;
1501 }
1502 }
1503 success = parser->success(parser);
1504
1505 end:
1506 parser->destroy(parser);
1507 return success;
1508 }
1509
1510
1511 /**
1512 * Extracts a generalName
1513 */
1514 static generalName_t* parse_generalName(chunk_t blob, int level0)
1515 {
1516 u_char buf[BUF_LEN];
1517 asn1_parser_t *parser;
1518 chunk_t object;
1519 generalName_t *gn = NULL;
1520 int objectID;
1521
1522 parser = asn1_parser_create(generalNameObjects, blob);
1523 parser->set_top_level(parser, level0);
1524
1525 while (parser->iterate(parser, &objectID, &object))
1526 {
1527 bool valid_gn = FALSE;
1528
1529 switch (objectID) {
1530 case GN_OBJ_RFC822_NAME:
1531 case GN_OBJ_DNS_NAME:
1532 case GN_OBJ_URI:
1533 DBG(DBG_PARSING,
1534 DBG_log(" '%.*s'", (int)object.len, object.ptr);
1535 )
1536 valid_gn = TRUE;
1537 break;
1538 case GN_OBJ_DIRECTORY_NAME:
1539 DBG(DBG_PARSING,
1540 dntoa(buf, BUF_LEN, object);
1541 DBG_log(" '%s'", buf)
1542 )
1543 valid_gn = TRUE;
1544 break;
1545 case GN_OBJ_IP_ADDRESS:
1546 DBG(DBG_PARSING,
1547 DBG_log(" '%d.%d.%d.%d'", *object.ptr, *(object.ptr+1),
1548 *(object.ptr+2), *(object.ptr+3));
1549 )
1550 valid_gn = TRUE;
1551 break;
1552 case GN_OBJ_OTHER_NAME:
1553 if (!parse_otherName(object, parser->get_level(parser)+1))
1554 {
1555 goto end;
1556 }
1557 break;
1558 case GN_OBJ_X400_ADDRESS:
1559 case GN_OBJ_EDI_PARTY_NAME:
1560 case GN_OBJ_REGISTERED_ID:
1561 break;
1562 default:
1563 break;
1564 }
1565
1566 if (valid_gn)
1567 {
1568 gn = malloc_thing(generalName_t);
1569 gn->kind = (objectID - GN_OBJ_OTHER_NAME) / 2;
1570 gn->name = object;
1571 gn->next = NULL;
1572 goto end;
1573 }
1574 }
1575
1576 end:
1577 parser->destroy(parser);
1578 return gn;
1579 }
1580
1581 /**
1582 * Extracts one or several GNs and puts them into a chained list
1583 */
1584 static generalName_t* parse_generalNames(chunk_t blob, int level0, bool implicit)
1585 {
1586 asn1_parser_t *parser;
1587 chunk_t object;
1588 int objectID;
1589 generalName_t *top_gn = NULL;
1590
1591 parser = asn1_parser_create(generalNamesObjects, blob);
1592 parser->set_top_level(parser, level0);
1593 parser->set_flags(parser, implicit, FALSE);
1594
1595 while (parser->iterate(parser, &objectID, &object))
1596 {
1597 if (objectID == GENERAL_NAMES_GN)
1598 {
1599 generalName_t *gn = parse_generalName(object,
1600 parser->get_level(parser)+1);
1601 if (gn)
1602 {
1603 gn->next = top_gn;
1604 top_gn = gn;
1605 }
1606 }
1607 }
1608 parser->destroy(parser);
1609
1610 return top_gn;
1611 }
1612
1613 /**
1614 * Returns a directoryName
1615 */
1616 chunk_t get_directoryName(chunk_t blob, int level, bool implicit)
1617 {
1618 chunk_t name = chunk_empty;
1619 generalName_t * gn = parse_generalNames(blob, level, implicit);
1620
1621 if (gn != NULL && gn->kind == GN_DIRECTORY_NAME)
1622 {
1623 name= gn->name;
1624 }
1625 free_generalNames(gn, FALSE);
1626 return name;
1627 }
1628
1629 /**
1630 * Extracts an authoritykeyIdentifier
1631 */
1632 void parse_authorityKeyIdentifier(chunk_t blob, int level0,
1633 chunk_t *authKeyID,
1634 chunk_t *authKeySerialNumber)
1635 {
1636 asn1_parser_t *parser;
1637 chunk_t object;
1638 int objectID;
1639
1640 parser = asn1_parser_create(authKeyIdentifierObjects, blob);
1641 parser->set_top_level(parser, level0);
1642
1643 while (parser->iterate(parser, &objectID, &object))
1644 {
1645 switch (objectID)
1646 {
1647 case AUTH_KEY_ID_KEY_ID:
1648 *authKeyID = object;
1649 break;
1650 case AUTH_KEY_ID_CERT_ISSUER:
1651 {
1652 generalName_t * gn = parse_generalNames(object,
1653 parser->get_level(parser) + 1, TRUE);
1654
1655 free_generalNames(gn, FALSE);
1656 }
1657 break;
1658 case AUTH_KEY_ID_CERT_SERIAL:
1659 *authKeySerialNumber = object;
1660 break;
1661 default:
1662 break;
1663 }
1664 }
1665 parser->destroy(parser);
1666 }
1667
1668 /**
1669 * Extracts an authorityInfoAcess location
1670 */
1671 static void parse_authorityInfoAccess(chunk_t blob, int level0,
1672 chunk_t *accessLocation)
1673 {
1674 asn1_parser_t *parser;
1675 chunk_t object;
1676 int objectID;
1677 int accessMethod = OID_UNKNOWN;
1678
1679 parser = asn1_parser_create(authInfoAccessObjects, blob);
1680 parser->set_top_level(parser, level0);
1681
1682 while (parser->iterate(parser, &objectID, &object))
1683 {
1684 switch (objectID)
1685 {
1686 case AUTH_INFO_ACCESS_METHOD:
1687 accessMethod = asn1_known_oid(object);
1688 break;
1689 case AUTH_INFO_ACCESS_LOCATION:
1690 {
1691 switch (accessMethod)
1692 {
1693 case OID_OCSP:
1694 if (*object.ptr == ASN1_CONTEXT_S_6)
1695 {
1696 if (asn1_length(&object) == ASN1_INVALID_LENGTH)
1697 {
1698 goto end;
1699 }
1700 DBG(DBG_PARSING,
1701 DBG_log(" '%.*s'",(int)object.len, object.ptr)
1702 )
1703
1704 /* only HTTP(S) URIs accepted */
1705 if (strncasecmp(object.ptr, "http", 4) == 0)
1706 {
1707 *accessLocation = object;
1708 goto end;
1709 }
1710 }
1711 plog("warning: ignoring OCSP InfoAccessLocation with unkown protocol");
1712 break;
1713 default:
1714 /* unkown accessMethod, ignoring */
1715 break;
1716 }
1717 }
1718 break;
1719 default:
1720 break;
1721 }
1722 }
1723
1724 end:
1725 parser->destroy(parser);
1726 }
1727
1728 /**
1729 * Extracts extendedKeyUsage OIDs
1730 */
1731 static bool parse_extendedKeyUsage(chunk_t blob, int level0)
1732 {
1733 asn1_parser_t *parser;
1734 chunk_t object;
1735 int objectID;
1736 bool ocsp_signing = FALSE;
1737
1738 parser = asn1_parser_create(extendedKeyUsageObjects, blob);
1739 parser->set_top_level(parser, level0);
1740
1741 while (parser->iterate(parser, &objectID, &object))
1742 {
1743 if (objectID == EXT_KEY_USAGE_PURPOSE_ID
1744 && asn1_known_oid(object) == OID_OCSP_SIGNING)
1745 {
1746 ocsp_signing = TRUE;
1747 }
1748 }
1749 parser->destroy(parser);
1750
1751 return ocsp_signing;
1752 }
1753
1754 /**
1755 * Extracts one or several crlDistributionPoints
1756 * and puts them into a chained list
1757 */
1758 static generalName_t* parse_crlDistributionPoints(chunk_t blob, int level0)
1759 {
1760 asn1_parser_t *parser;
1761 chunk_t object;
1762 int objectID;
1763
1764 generalName_t *top_gn = NULL; /* top of the chained list */
1765 generalName_t **tail_gn = &top_gn; /* tail of the chained list */
1766
1767 parser = asn1_parser_create(crlDistributionPointsObjects, blob);
1768 parser->set_top_level(parser, level0);
1769
1770 while (parser->iterate(parser, &objectID, &object))
1771 {
1772 if (objectID == CRL_DIST_POINTS_FULLNAME)
1773 {
1774 generalName_t *gn;
1775
1776 gn = parse_generalNames(object, parser->get_level(parser)+1, TRUE);
1777 /* append extracted generalNames to existing chained list */
1778 *tail_gn = gn;
1779 /* find new tail of the chained list */
1780 while (gn != NULL)
1781 {
1782 tail_gn = &gn->next; gn = gn->next;
1783 }
1784 }
1785 }
1786 parser->destroy(parser);
1787
1788 return top_gn;
1789 }
1790
1791 /**
1792 * Parses an X.509v3 certificate
1793 */
1794 bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert)
1795 {
1796 u_char buf[BUF_LEN];
1797 asn1_parser_t *parser;
1798 chunk_t object;
1799 int objectID;
1800 int extn_oid = OID_UNKNOWN;
1801 bool critical;
1802 bool success = FALSE;
1803
1804 parser = asn1_parser_create(certObjects, blob);
1805 parser->set_top_level(parser, level0);
1806
1807 while (parser->iterate(parser, &objectID, &object))
1808 {
1809 u_int level = parser->get_level(parser) + 1;
1810
1811 switch (objectID) {
1812 case X509_OBJ_CERTIFICATE:
1813 cert->certificate = object;
1814 break;
1815 case X509_OBJ_TBS_CERTIFICATE:
1816 cert->tbsCertificate = object;
1817 break;
1818 case X509_OBJ_VERSION:
1819 cert->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
1820 DBG(DBG_PARSING,
1821 DBG_log(" v%d", cert->version);
1822 )
1823 break;
1824 case X509_OBJ_SERIAL_NUMBER:
1825 cert->serialNumber = object;
1826 break;
1827 case X509_OBJ_SIG_ALG:
1828 cert->sigAlg = asn1_parse_algorithmIdentifier(object, level, NULL);
1829 break;
1830 case X509_OBJ_ISSUER:
1831 cert->issuer = object;
1832 DBG(DBG_PARSING,
1833 dntoa(buf, BUF_LEN, object);
1834 DBG_log(" '%s'",buf)
1835 )
1836 break;
1837 case X509_OBJ_NOT_BEFORE:
1838 cert->notBefore = asn1_parse_time(object, level);
1839 break;
1840 case X509_OBJ_NOT_AFTER:
1841 cert->notAfter = asn1_parse_time(object, level);
1842 break;
1843 case X509_OBJ_SUBJECT:
1844 cert->subject = object;
1845 DBG(DBG_PARSING,
1846 dntoa(buf, BUF_LEN, object);
1847 DBG_log(" '%s'",buf)
1848 )
1849 break;
1850 case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
1851 cert->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
1852 KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
1853 if (cert->public_key == NULL)
1854 {
1855 goto end;
1856 }
1857 break;
1858 case X509_OBJ_EXTN_ID:
1859 extn_oid = asn1_known_oid(object);
1860 break;
1861 case X509_OBJ_CRITICAL:
1862 critical = object.len && *object.ptr;
1863 DBG(DBG_PARSING,
1864 DBG_log(" %s",(critical)?"TRUE":"FALSE");
1865 )
1866 break;
1867 case X509_OBJ_EXTN_VALUE:
1868 {
1869 switch (extn_oid) {
1870 case OID_SUBJECT_KEY_ID:
1871 if (!asn1_parse_simple_object(&object, ASN1_OCTET_STRING,
1872 level, "keyIdentifier"))
1873 {
1874 goto end;
1875 }
1876 cert->subjectKeyID = object;
1877 break;
1878 case OID_SUBJECT_ALT_NAME:
1879 cert->subjectAltName =
1880 parse_generalNames(object, level, FALSE);
1881 break;
1882 case OID_BASIC_CONSTRAINTS:
1883 cert->isCA =
1884 parse_basicConstraints(object, level);
1885 break;
1886 case OID_CRL_DISTRIBUTION_POINTS:
1887 cert->crlDistributionPoints =
1888 parse_crlDistributionPoints(object, level);
1889 break;
1890 case OID_AUTHORITY_KEY_ID:
1891 parse_authorityKeyIdentifier(object, level
1892 , &cert->authKeyID, &cert->authKeySerialNumber);
1893 break;
1894 case OID_AUTHORITY_INFO_ACCESS:
1895 parse_authorityInfoAccess(object, level, &cert->accessLocation);
1896 break;
1897 case OID_EXTENDED_KEY_USAGE:
1898 cert->isOcspSigner = parse_extendedKeyUsage(object, level);
1899 break;
1900 case OID_NS_REVOCATION_URL:
1901 case OID_NS_CA_REVOCATION_URL:
1902 case OID_NS_CA_POLICY_URL:
1903 case OID_NS_COMMENT:
1904 if (!asn1_parse_simple_object(&object, ASN1_IA5STRING
1905 , level, oid_names[extn_oid].name))
1906 {
1907 goto end;
1908 }
1909 break;
1910 default:
1911 break;
1912 }
1913 }
1914 break;
1915 case X509_OBJ_ALGORITHM:
1916 cert->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
1917 break;
1918 case X509_OBJ_SIGNATURE:
1919 cert->signature = object;
1920 break;
1921 default:
1922 break;
1923 }
1924 }
1925 success = parser->success(parser);
1926 time(&cert->installed);
1927
1928 end:
1929 parser->destroy(parser);
1930 return success;
1931 }
1932
1933 /**
1934 * Verify the validity of a certificate by
1935 * checking the notBefore and notAfter dates
1936 */
1937 err_t check_validity(const x509cert_t *cert, time_t *until)
1938 {
1939 time_t current_time;
1940
1941 time(&current_time);
1942 DBG(DBG_CONTROL | DBG_PARSING ,
1943 DBG_log(" not before : %T", &cert->notBefore, TRUE);
1944 DBG_log(" current time: %T", &current_time, TRUE);
1945 DBG_log(" not after : %T", &cert->notAfter, TRUE);
1946 )
1947
1948 if (cert->notAfter < *until)
1949 {
1950 *until = cert->notAfter;
1951 }
1952 if (current_time < cert->notBefore)
1953 {
1954 return "certificate is not valid yet";
1955 }
1956 if (current_time > cert->notAfter)
1957 {
1958 return "certificate has expired";
1959 }
1960 else
1961 {
1962 return NULL;
1963 }
1964 }
1965
1966 /**
1967 * Verifies a X.509 certificate
1968 */
1969 bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until)
1970 {
1971 int pathlen;
1972
1973 *until = cert->notAfter;
1974
1975 for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
1976 {
1977 x509cert_t *issuer_cert;
1978 u_char buf[BUF_LEN];
1979 err_t ugh = NULL;
1980
1981 DBG(DBG_CONTROL,
1982 dntoa(buf, BUF_LEN, cert->subject);
1983 DBG_log("subject: '%s'",buf);
1984 dntoa(buf, BUF_LEN, cert->issuer);
1985 DBG_log("issuer: '%s'",buf);
1986 if (cert->authKeyID.ptr != NULL)
1987 {
1988 datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':'
1989 , buf, BUF_LEN);
1990 DBG_log("authkey: %s", buf);
1991 }
1992 )
1993
1994 ugh = check_validity(cert, until);
1995
1996 if (ugh != NULL)
1997 {
1998 plog("%s", ugh);
1999 return FALSE;
2000 }
2001
2002 DBG(DBG_CONTROL,
2003 DBG_log("certificate is valid")
2004 )
2005
2006 lock_authcert_list("verify_x509cert");
2007 issuer_cert = get_authcert(cert->issuer, cert->authKeySerialNumber
2008 , cert->authKeyID, AUTH_CA);
2009
2010 if (issuer_cert == NULL)
2011 {
2012 plog("issuer cacert not found");
2013 unlock_authcert_list("verify_x509cert");
2014 return FALSE;
2015 }
2016 DBG(DBG_CONTROL,
2017 DBG_log("issuer cacert found")
2018 )
2019
2020 if (!x509_check_signature(cert->tbsCertificate, cert->signature,
2021 cert->algorithm, issuer_cert))
2022 {
2023 plog("certificate signature is invalid");
2024 unlock_authcert_list("verify_x509cert");
2025 return FALSE;
2026 }
2027 DBG(DBG_CONTROL,
2028 DBG_log("certificate signature is valid")
2029 )
2030 unlock_authcert_list("verify_x509cert");
2031
2032 /* check if cert is a self-signed root ca */
2033 if (pathlen > 0 && same_dn(cert->issuer, cert->subject))
2034 {
2035 DBG(DBG_CONTROL,
2036 DBG_log("reached self-signed root ca")
2037 )
2038 return TRUE;
2039 }
2040 else
2041 {
2042 time_t nextUpdate = *until;
2043 time_t revocationDate = UNDEFINED_TIME;
2044 crl_reason_t revocationReason = REASON_UNSPECIFIED;
2045
2046 /* first check certificate revocation using ocsp */
2047 cert_status_t status = verify_by_ocsp(cert, &nextUpdate
2048 , &revocationDate, &revocationReason);
2049
2050 /* if ocsp service is not available then fall back to crl */
2051 if ((status == CERT_UNDEFINED)
2052 || (status == CERT_UNKNOWN && strict))
2053 {
2054 status = verify_by_crl(cert, &nextUpdate, &revocationDate
2055 , &revocationReason);
2056 }
2057
2058 switch (status)
2059 {
2060 case CERT_GOOD:
2061 /* if status information is stale */
2062 if (strict && nextUpdate < time(NULL))
2063 {
2064 DBG(DBG_CONTROL,
2065 DBG_log("certificate is good but status is stale")
2066 )
2067 remove_x509_public_key(cert);
2068 return FALSE;
2069 }
2070 DBG(DBG_CONTROL,
2071 DBG_log("certificate is good")
2072 )
2073
2074 /* with strict crl policy the public key must have the same
2075 * lifetime as the validity of the ocsp status or crl lifetime
2076 */
2077 if (strict && nextUpdate < *until)
2078 {
2079 *until = nextUpdate;
2080 }
2081 break;
2082 case CERT_REVOKED:
2083 plog("certificate was revoked on %T, reason: %N"
2084 , &revocationDate, TRUE
2085 , crl_reason_names, revocationReason);
2086 remove_x509_public_key(cert);
2087 return FALSE;
2088 case CERT_UNKNOWN:
2089 case CERT_UNDEFINED:
2090 default:
2091 plog("certificate status unknown");
2092 if (strict)
2093 {
2094 remove_x509_public_key(cert);
2095 return FALSE;
2096 }
2097 break;
2098 }
2099 }
2100
2101 /* go up one step in the trust chain */
2102 cert = issuer_cert;
2103 }
2104 plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
2105 return FALSE;
2106 }
2107
2108 /**
2109 * List all X.509 certs in a chained list
2110 */
2111 void list_x509cert_chain(const char *caption, x509cert_t* cert,
2112 u_char auth_flags, bool utc)
2113 {
2114 bool first = TRUE;
2115 time_t now;
2116
2117 /* determine the current time */
2118 time(&now);
2119
2120 while (cert != NULL)
2121 {
2122 if (auth_flags == AUTH_NONE || (auth_flags & cert->authority_flags))
2123 {
2124 u_char buf[BUF_LEN];
2125 public_key_t *key = cert->public_key;
2126 cert_t c;
2127
2128 c.type = CERT_X509_SIGNATURE;
2129 c.u.x509 = cert;
2130
2131 if (first)
2132 {
2133 whack_log(RC_COMMENT, " ");
2134 whack_log(RC_COMMENT, "List of X.509 %s Certificates:", caption);
2135 whack_log(RC_COMMENT, " ");
2136 first = FALSE;
2137 }
2138
2139 whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc,
2140 cert->count);
2141 dntoa(buf, BUF_LEN, cert->subject);
2142 whack_log(RC_COMMENT, " subject: '%s'", buf);
2143 dntoa(buf, BUF_LEN, cert->issuer);
2144 whack_log(RC_COMMENT, " issuer: '%s'", buf);
2145 datatot(cert->serialNumber.ptr, cert->serialNumber.len, ':',
2146 buf, BUF_LEN);
2147 whack_log(RC_COMMENT, " serial: %s", buf);
2148 whack_log(RC_COMMENT, " validity: not before %T %s",
2149 &cert->notBefore, utc,
2150 (cert->notBefore < now)?"ok":"fatal (not valid yet)");
2151 whack_log(RC_COMMENT, " not after %T %s",
2152 &cert->notAfter, utc,
2153 check_expiry(cert->notAfter, CA_CERT_WARNING_INTERVAL, TRUE));
2154 whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
2155 key_type_names, key->get_type(key),
2156 key->get_keysize(key) * BITS_PER_BYTE,
2157 cert->smartcard ? ", on smartcard" :
2158 (has_private_key(c)? ", has private key" : ""));
2159 whack_log(RC_COMMENT, " keyid: %Y",
2160 key->get_id(key, ID_PUBKEY_INFO_SHA1));
2161 if (cert->subjectKeyID.ptr != NULL)
2162 {
2163 datatot(cert->subjectKeyID.ptr, cert->subjectKeyID.len, ':',
2164 buf, BUF_LEN);
2165 whack_log(RC_COMMENT, " subjkey: %s", buf);
2166 }
2167 if (cert->authKeyID.ptr != NULL)
2168 {
2169 datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':',
2170 buf, BUF_LEN);
2171 whack_log(RC_COMMENT, " authkey: %s", buf);
2172 }
2173 if (cert->authKeySerialNumber.ptr != NULL)
2174 {
2175 datatot(cert->authKeySerialNumber.ptr,
2176 cert->authKeySerialNumber.len, ':', buf, BUF_LEN);
2177 whack_log(RC_COMMENT, " aserial: %s", buf);
2178 }
2179 }
2180 cert = cert->next;
2181 }
2182 }
2183
2184 /**
2185 * List all X.509 end certificates in a chained list
2186 */
2187 void list_x509_end_certs(bool utc)
2188 {
2189 list_x509cert_chain("End", x509certs, AUTH_NONE, utc);
2190 }