1 /* Support of X.509 certificates
2 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
3 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
4 * Copyright (C) 2002 Mario Strasser
5 * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * RCSID $Id: x509.c,v 1.36 2006/04/10 16:08:33 as Exp $
26 #include <sys/types.h>
29 #include <freeswan/ipsec_policy.h>
31 #include "constants.h"
49 /* chained lists of X.509 end certificates */
51 static x509cert_t
*x509certs
= NULL
;
53 /* ASN.1 definition of a basicConstraints extension */
55 static const asn1Object_t basicConstraintsObjects
[] = {
56 { 0, "basicConstraints", ASN1_SEQUENCE
, ASN1_NONE
}, /* 0 */
57 { 1, "CA", ASN1_BOOLEAN
, ASN1_DEF
|
59 { 1, "pathLenConstraint", ASN1_INTEGER
, ASN1_OPT
|
61 { 1, "end opt", ASN1_EOC
, ASN1_END
} /* 3 */
64 #define BASIC_CONSTRAINTS_CA 1
65 #define BASIC_CONSTRAINTS_ROOF 4
67 /* ASN.1 definition of time */
69 static const asn1Object_t timeObjects
[] = {
70 { 0, "utcTime", ASN1_UTCTIME
, ASN1_OPT
|
72 { 0, "end opt", ASN1_EOC
, ASN1_END
}, /* 1 */
73 { 0, "generalizeTime", ASN1_GENERALIZEDTIME
, ASN1_OPT
|
75 { 0, "end opt", ASN1_EOC
, ASN1_END
} /* 3 */
79 #define TIME_GENERALIZED 2
82 /* ASN.1 definition of a keyIdentifier */
84 static const asn1Object_t keyIdentifierObjects
[] = {
85 { 0, "keyIdentifier", ASN1_OCTET_STRING
, ASN1_BODY
} /* 0 */
88 /* ASN.1 definition of a authorityKeyIdentifier extension */
90 static const asn1Object_t authorityKeyIdentifierObjects
[] = {
91 { 0, "authorityKeyIdentifier", ASN1_SEQUENCE
, ASN1_NONE
}, /* 0 */
92 { 1, "keyIdentifier", ASN1_CONTEXT_S_0
, ASN1_OPT
|
94 { 1, "end opt", ASN1_EOC
, ASN1_END
}, /* 2 */
95 { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1
, ASN1_OPT
|
97 { 1, "end opt", ASN1_EOC
, ASN1_END
}, /* 4 */
98 { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2
, ASN1_OPT
|
100 { 1, "end opt", ASN1_EOC
, ASN1_END
} /* 6 */
103 #define AUTH_KEY_ID_KEY_ID 1
104 #define AUTH_KEY_ID_CERT_ISSUER 3
105 #define AUTH_KEY_ID_CERT_SERIAL 5
106 #define AUTH_KEY_ID_ROOF 7
108 /* ASN.1 definition of a authorityInfoAccess extension */
110 static const asn1Object_t authorityInfoAccessObjects
[] = {
111 { 0, "authorityInfoAccess", ASN1_SEQUENCE
, ASN1_LOOP
}, /* 0 */
112 { 1, "accessDescription", ASN1_SEQUENCE
, ASN1_NONE
}, /* 1 */
113 { 2, "accessMethod", ASN1_OID
, ASN1_BODY
}, /* 2 */
114 { 2, "accessLocation", ASN1_EOC
, ASN1_RAW
}, /* 3 */
115 { 0, "end loop", ASN1_EOC
, ASN1_END
} /* 4 */
118 #define AUTH_INFO_ACCESS_METHOD 2
119 #define AUTH_INFO_ACCESS_LOCATION 3
120 #define AUTH_INFO_ACCESS_ROOF 5
122 /* ASN.1 definition of a extendedKeyUsage extension */
124 static const asn1Object_t extendedKeyUsageObjects
[] = {
125 { 0, "extendedKeyUsage", ASN1_SEQUENCE
, ASN1_LOOP
}, /* 0 */
126 { 1, "keyPurposeID", ASN1_OID
, ASN1_BODY
}, /* 1 */
127 { 0, "end loop", ASN1_EOC
, ASN1_END
}, /* 2 */
130 #define EXT_KEY_USAGE_PURPOSE_ID 1
131 #define EXT_KEY_USAGE_ROOF 3
133 /* ASN.1 definition of generalNames */
135 static const asn1Object_t generalNamesObjects
[] = {
136 { 0, "generalNames", ASN1_SEQUENCE
, ASN1_LOOP
}, /* 0 */
137 { 1, "generalName", ASN1_EOC
, ASN1_RAW
}, /* 1 */
138 { 0, "end loop", ASN1_EOC
, ASN1_END
} /* 2 */
141 #define GENERAL_NAMES_GN 1
142 #define GENERAL_NAMES_ROOF 3
144 /* ASN.1 definition of generalName */
146 static const asn1Object_t generalNameObjects
[] = {
147 { 0, "otherName", ASN1_CONTEXT_C_0
, ASN1_OPT
|
149 { 0, "end choice", ASN1_EOC
, ASN1_END
}, /* 1 */
150 { 0, "rfc822Name", ASN1_CONTEXT_S_1
, ASN1_OPT
|
152 { 0, "end choice", ASN1_EOC
, ASN1_END
}, /* 3 */
153 { 0, "dnsName", ASN1_CONTEXT_S_2
, ASN1_OPT
|
155 { 0, "end choice", ASN1_EOC
, ASN1_END
}, /* 5 */
156 { 0, "x400Address", ASN1_CONTEXT_S_3
, ASN1_OPT
|
158 { 0, "end choice", ASN1_EOC
, ASN1_END
}, /* 7 */
159 { 0, "directoryName", ASN1_CONTEXT_C_4
, ASN1_OPT
|
161 { 0, "end choice", ASN1_EOC
, ASN1_END
}, /* 9 */
162 { 0, "ediPartyName", ASN1_CONTEXT_C_5
, ASN1_OPT
|
163 ASN1_BODY
}, /* 10 */
164 { 0, "end choice", ASN1_EOC
, ASN1_END
}, /* 11 */
165 { 0, "uniformResourceIdentifier", ASN1_CONTEXT_S_6
, ASN1_OPT
|
166 ASN1_BODY
}, /* 12 */
167 { 0, "end choice", ASN1_EOC
, ASN1_END
}, /* 13 */
168 { 0, "ipAddress", ASN1_CONTEXT_S_7
, ASN1_OPT
|
169 ASN1_BODY
}, /* 14 */
170 { 0, "end choice", ASN1_EOC
, ASN1_END
}, /* 15 */
171 { 0, "registeredID", ASN1_CONTEXT_S_8
, ASN1_OPT
|
172 ASN1_BODY
}, /* 16 */
173 { 0, "end choice", ASN1_EOC
, ASN1_END
} /* 17 */
176 #define GN_OBJ_OTHER_NAME 0
177 #define GN_OBJ_RFC822_NAME 2
178 #define GN_OBJ_DNS_NAME 4
179 #define GN_OBJ_X400_ADDRESS 6
180 #define GN_OBJ_DIRECTORY_NAME 8
181 #define GN_OBJ_EDI_PARTY_NAME 10
182 #define GN_OBJ_URI 12
183 #define GN_OBJ_IP_ADDRESS 14
184 #define GN_OBJ_REGISTERED_ID 16
185 #define GN_OBJ_ROOF 18
187 /* ASN.1 definition of otherName */
189 static const asn1Object_t otherNameObjects
[] = {
190 {0, "type-id", ASN1_OID
, ASN1_BODY
}, /* 0 */
191 {0, "value", ASN1_CONTEXT_C_0
, ASN1_BODY
} /* 1 */
194 #define ON_OBJ_ID_TYPE 0
195 #define ON_OBJ_VALUE 1
196 #define ON_OBJ_ROOF 2
198 /* ASN.1 definition of crlDistributionPoints */
200 static const asn1Object_t crlDistributionPointsObjects
[] = {
201 { 0, "crlDistributionPoints", ASN1_SEQUENCE
, ASN1_LOOP
}, /* 0 */
202 { 1, "DistributionPoint", ASN1_SEQUENCE
, ASN1_NONE
}, /* 1 */
203 { 2, "distributionPoint", ASN1_CONTEXT_C_0
, ASN1_OPT
|
205 { 3, "fullName", ASN1_CONTEXT_C_0
, ASN1_OPT
|
207 { 3, "end choice", ASN1_EOC
, ASN1_END
}, /* 4 */
208 { 3, "nameRelativeToCRLIssuer", ASN1_CONTEXT_C_1
, ASN1_OPT
|
210 { 3, "end choice", ASN1_EOC
, ASN1_END
}, /* 6 */
211 { 2, "end opt", ASN1_EOC
, ASN1_END
}, /* 7 */
212 { 2, "reasons", ASN1_CONTEXT_C_1
, ASN1_OPT
|
214 { 2, "end opt", ASN1_EOC
, ASN1_END
}, /* 9 */
215 { 2, "crlIssuer", ASN1_CONTEXT_C_2
, ASN1_OPT
|
216 ASN1_BODY
}, /* 10 */
217 { 2, "end opt", ASN1_EOC
, ASN1_END
}, /* 11 */
218 { 0, "end loop", ASN1_EOC
, ASN1_END
}, /* 12 */
221 #define CRL_DIST_POINTS_FULLNAME 3
222 #define CRL_DIST_POINTS_ROOF 13
224 /* ASN.1 definition of an X.509v3 certificate */
226 static const asn1Object_t certObjects
[] = {
227 { 0, "certificate", ASN1_SEQUENCE
, ASN1_OBJ
}, /* 0 */
228 { 1, "tbsCertificate", ASN1_SEQUENCE
, ASN1_OBJ
}, /* 1 */
229 { 2, "DEFAULT v1", ASN1_CONTEXT_C_0
, ASN1_DEF
}, /* 2 */
230 { 3, "version", ASN1_INTEGER
, ASN1_BODY
}, /* 3 */
231 { 2, "serialNumber", ASN1_INTEGER
, ASN1_BODY
}, /* 4 */
232 { 2, "signature", ASN1_EOC
, ASN1_RAW
}, /* 5 */
233 { 2, "issuer", ASN1_SEQUENCE
, ASN1_OBJ
}, /* 6 */
234 { 2, "validity", ASN1_SEQUENCE
, ASN1_NONE
}, /* 7 */
235 { 3, "notBefore", ASN1_EOC
, ASN1_RAW
}, /* 8 */
236 { 3, "notAfter", ASN1_EOC
, ASN1_RAW
}, /* 9 */
237 { 2, "subject", ASN1_SEQUENCE
, ASN1_OBJ
}, /* 10 */
238 { 2, "subjectPublicKeyInfo", ASN1_SEQUENCE
, ASN1_NONE
}, /* 11 */
239 { 3, "algorithm", ASN1_EOC
, ASN1_RAW
}, /* 12 */
240 { 3, "subjectPublicKey", ASN1_BIT_STRING
, ASN1_NONE
}, /* 13 */
241 { 4, "RSAPublicKey", ASN1_SEQUENCE
, ASN1_OBJ
}, /* 14 */
242 { 5, "modulus", ASN1_INTEGER
, ASN1_BODY
}, /* 15 */
243 { 5, "publicExponent", ASN1_INTEGER
, ASN1_BODY
}, /* 16 */
244 { 2, "issuerUniqueID", ASN1_CONTEXT_C_1
, ASN1_OPT
}, /* 17 */
245 { 2, "end opt", ASN1_EOC
, ASN1_END
}, /* 18 */
246 { 2, "subjectUniqueID", ASN1_CONTEXT_C_2
, ASN1_OPT
}, /* 19 */
247 { 2, "end opt", ASN1_EOC
, ASN1_END
}, /* 20 */
248 { 2, "optional extensions", ASN1_CONTEXT_C_3
, ASN1_OPT
}, /* 21 */
249 { 3, "extensions", ASN1_SEQUENCE
, ASN1_LOOP
}, /* 22 */
250 { 4, "extension", ASN1_SEQUENCE
, ASN1_NONE
}, /* 23 */
251 { 5, "extnID", ASN1_OID
, ASN1_BODY
}, /* 24 */
252 { 5, "critical", ASN1_BOOLEAN
, ASN1_DEF
|
253 ASN1_BODY
}, /* 25 */
254 { 5, "extnValue", ASN1_OCTET_STRING
, ASN1_BODY
}, /* 26 */
255 { 3, "end loop", ASN1_EOC
, ASN1_END
}, /* 27 */
256 { 2, "end opt", ASN1_EOC
, ASN1_END
}, /* 28 */
257 { 1, "signatureAlgorithm", ASN1_EOC
, ASN1_RAW
}, /* 29 */
258 { 1, "signatureValue", ASN1_BIT_STRING
, ASN1_BODY
} /* 30 */
261 #define X509_OBJ_CERTIFICATE 0
262 #define X509_OBJ_TBS_CERTIFICATE 1
263 #define X509_OBJ_VERSION 3
264 #define X509_OBJ_SERIAL_NUMBER 4
265 #define X509_OBJ_SIG_ALG 5
266 #define X509_OBJ_ISSUER 6
267 #define X509_OBJ_NOT_BEFORE 8
268 #define X509_OBJ_NOT_AFTER 9
269 #define X509_OBJ_SUBJECT 10
270 #define X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM 12
271 #define X509_OBJ_SUBJECT_PUBLIC_KEY 13
272 #define X509_OBJ_RSA_PUBLIC_KEY 14
273 #define X509_OBJ_MODULUS 15
274 #define X509_OBJ_PUBLIC_EXPONENT 16
275 #define X509_OBJ_EXTN_ID 24
276 #define X509_OBJ_CRITICAL 25
277 #define X509_OBJ_EXTN_VALUE 26
278 #define X509_OBJ_ALGORITHM 29
279 #define X509_OBJ_SIGNATURE 30
280 #define X509_OBJ_ROOF 31
283 const x509cert_t empty_x509cert
= {
285 UNDEFINED_TIME
, /* installed */
287 FALSE
, /* smartcard */
288 AUTH_NONE
, /* authority_flags */
289 { NULL
, 0 } , /* certificate */
290 { NULL
, 0 } , /* tbsCertificate */
292 { NULL
, 0 } , /* serialNumber */
293 OID_UNKNOWN
, /* sigAlg */
294 { NULL
, 0 } , /* issuer */
298 { NULL
, 0 } , /* subject */
299 /* subjectPublicKeyInfo */
300 OID_UNKNOWN
, /* subjectPublicKeyAlgorithm */
301 { NULL
, 0 } , /* subjectPublicKey */
302 { NULL
, 0 } , /* modulus */
303 { NULL
, 0 } , /* publicExponent */
305 /* subjectUniqueID */
312 FALSE
, /* isOcspSigner */
313 { NULL
, 0 } , /* subjectKeyID */
314 { NULL
, 0 } , /* authKeyID */
315 { NULL
, 0 } , /* authKeySerialNumber */
316 { NULL
, 0 } , /* accessLocation */
317 NULL
, /* subjectAltName */
318 NULL
, /* crlDistributionPoints */
319 OID_UNKNOWN
, /* algorithm */
320 { NULL
, 0 } /* signature */
323 /* coding of X.501 distinguished name */
331 /* X.501 acronyms for well known object identifiers (OIDs) */
333 static u_char oid_ND
[] = {0x02, 0x82, 0x06, 0x01,
335 static u_char oid_UID
[] = {0x09, 0x92, 0x26, 0x89, 0x93,
336 0xF2, 0x2C, 0x64, 0x01, 0x01};
337 static u_char oid_DC
[] = {0x09, 0x92, 0x26, 0x89, 0x93,
338 0xF2, 0x2C, 0x64, 0x01, 0x19};
339 static u_char oid_CN
[] = {0x55, 0x04, 0x03};
340 static u_char oid_S
[] = {0x55, 0x04, 0x04};
341 static u_char oid_SN
[] = {0x55, 0x04, 0x05};
342 static u_char oid_C
[] = {0x55, 0x04, 0x06};
343 static u_char oid_L
[] = {0x55, 0x04, 0x07};
344 static u_char oid_ST
[] = {0x55, 0x04, 0x08};
345 static u_char oid_O
[] = {0x55, 0x04, 0x0A};
346 static u_char oid_OU
[] = {0x55, 0x04, 0x0B};
347 static u_char oid_T
[] = {0x55, 0x04, 0x0C};
348 static u_char oid_D
[] = {0x55, 0x04, 0x0D};
349 static u_char oid_N
[] = {0x55, 0x04, 0x29};
350 static u_char oid_G
[] = {0x55, 0x04, 0x2A};
351 static u_char oid_I
[] = {0x55, 0x04, 0x2B};
352 static u_char oid_ID
[] = {0x55, 0x04, 0x2D};
353 static u_char oid_EN
[] = {0x60, 0x86, 0x48, 0x01, 0x86,
354 0xF8, 0x42, 0x03, 0x01, 0x03};
355 static u_char oid_E
[] = {0x2A, 0x86, 0x48, 0x86, 0xF7,
356 0x0D, 0x01, 0x09, 0x01};
357 static u_char oid_UN
[] = {0x2A, 0x86, 0x48, 0x86, 0xF7,
358 0x0D, 0x01, 0x09, 0x02};
359 static u_char oid_TCGID
[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0x89,
360 0x31, 0x01, 0x01, 0x02, 0x02, 0x4B};
362 static const x501rdn_t x501rdns
[] = {
363 {"ND" , {oid_ND
, 7}, ASN1_PRINTABLESTRING
},
364 {"UID" , {oid_UID
, 10}, ASN1_PRINTABLESTRING
},
365 {"DC" , {oid_DC
, 10}, ASN1_PRINTABLESTRING
},
366 {"CN" , {oid_CN
, 3}, ASN1_PRINTABLESTRING
},
367 {"S" , {oid_S
, 3}, ASN1_PRINTABLESTRING
},
368 {"SN" , {oid_SN
, 3}, ASN1_PRINTABLESTRING
},
369 {"serialNumber" , {oid_SN
, 3}, ASN1_PRINTABLESTRING
},
370 {"C" , {oid_C
, 3}, ASN1_PRINTABLESTRING
},
371 {"L" , {oid_L
, 3}, ASN1_PRINTABLESTRING
},
372 {"ST" , {oid_ST
, 3}, ASN1_PRINTABLESTRING
},
373 {"O" , {oid_O
, 3}, ASN1_PRINTABLESTRING
},
374 {"OU" , {oid_OU
, 3}, ASN1_PRINTABLESTRING
},
375 {"T" , {oid_T
, 3}, ASN1_PRINTABLESTRING
},
376 {"D" , {oid_D
, 3}, ASN1_PRINTABLESTRING
},
377 {"N" , {oid_N
, 3}, ASN1_PRINTABLESTRING
},
378 {"G" , {oid_G
, 3}, ASN1_PRINTABLESTRING
},
379 {"I" , {oid_I
, 3}, ASN1_PRINTABLESTRING
},
380 {"ID" , {oid_ID
, 3}, ASN1_PRINTABLESTRING
},
381 {"EN" , {oid_EN
, 10}, ASN1_PRINTABLESTRING
},
382 {"employeeNumber" , {oid_EN
, 10}, ASN1_PRINTABLESTRING
},
383 {"E" , {oid_E
, 9}, ASN1_IA5STRING
},
384 {"Email" , {oid_E
, 9}, ASN1_IA5STRING
},
385 {"emailAddress" , {oid_E
, 9}, ASN1_IA5STRING
},
386 {"UN" , {oid_UN
, 9}, ASN1_IA5STRING
},
387 {"unstructuredName", {oid_UN
, 9}, ASN1_IA5STRING
},
388 {"TCGID" , {oid_TCGID
, 12}, ASN1_PRINTABLESTRING
}
391 #define X501_RDN_ROOF 26
393 static u_char ASN1_subjectAltName_oid_str
[] = {
394 0x06, 0x03, 0x55, 0x1D, 0x11
397 static const chunk_t ASN1_subjectAltName_oid
= strchunk(ASN1_subjectAltName_oid_str
);
400 update_chunk(chunk_t
*ch
, int n
)
402 n
= (n
> -1 && n
< (int)ch
->len
)? n
: (int)ch
->len
-1;
403 ch
->ptr
+= n
; ch
->len
-= n
;
408 * Pointer is set to the first RDN in a DN
411 init_rdn(chunk_t dn
, chunk_t
*rdn
, chunk_t
*attribute
, bool *next
)
414 *attribute
= empty_chunk
;
416 /* a DN is a SEQUENCE OF RDNs */
418 if (*dn
.ptr
!= ASN1_SEQUENCE
)
420 return "DN is not a SEQUENCE";
423 rdn
->len
= asn1_length(&dn
);
425 if (rdn
->len
== ASN1_INVALID_LENGTH
)
426 return "Invalid RDN length";
430 /* are there any RDNs ? */
431 *next
= rdn
->len
> 0;
437 * Fetches the next RDN in a DN
440 get_next_rdn(chunk_t
*rdn
, chunk_t
* attribute
, chunk_t
*oid
, chunk_t
*value
441 , asn1_t
*type
, bool *next
)
445 /* initialize return values */
447 *value
= empty_chunk
;
449 /* if all attributes have been parsed, get next rdn */
450 if (attribute
->len
<= 0)
452 /* an RDN is a SET OF attributeTypeAndValue */
453 if (*rdn
->ptr
!= ASN1_SET
)
454 return "RDN is not a SET";
456 attribute
->len
= asn1_length(rdn
);
458 if (attribute
->len
== ASN1_INVALID_LENGTH
)
459 return "Invalid attribute length";
461 attribute
->ptr
= rdn
->ptr
;
463 /* advance to start of next RDN */
464 rdn
->ptr
+= attribute
->len
;
465 rdn
->len
-= attribute
->len
;
468 /* an attributeTypeAndValue is a SEQUENCE */
469 if (*attribute
->ptr
!= ASN1_SEQUENCE
)
470 return "attributeTypeAndValue is not a SEQUENCE";
472 /* extract the attribute body */
473 body
.len
= asn1_length(attribute
);
475 if (body
.len
== ASN1_INVALID_LENGTH
)
476 return "Invalid attribute body length";
478 body
.ptr
= attribute
->ptr
;
480 /* advance to start of next attribute */
481 attribute
->ptr
+= body
.len
;
482 attribute
->len
-= body
.len
;
484 /* attribute type is an OID */
485 if (*body
.ptr
!= ASN1_OID
)
486 return "attributeType is not an OID";
489 oid
->len
= asn1_length(&body
);
491 if (oid
->len
== ASN1_INVALID_LENGTH
)
492 return "Invalid attribute OID length";
496 /* advance to the attribute value */
497 body
.ptr
+= oid
->len
;
498 body
.len
-= oid
->len
;
500 /* extract string type */
503 /* extract string value */
504 value
->len
= asn1_length(&body
);
506 if (value
->len
== ASN1_INVALID_LENGTH
)
507 return "Invalid attribute string length";
509 value
->ptr
= body
.ptr
;
511 /* are there any RDNs left? */
512 *next
= rdn
->len
> 0 || attribute
->len
> 0;
518 * Parses an ASN.1 distinguished name int its OID/value pairs
521 dn_parse(chunk_t dn
, chunk_t
*str
)
523 chunk_t rdn
, oid
, attribute
, value
;
529 err_t ugh
= init_rdn(dn
, &rdn
, &attribute
, &next
);
531 if (ugh
!= NULL
) /* a parsing error has occured */
536 ugh
= get_next_rdn(&rdn
, &attribute
, &oid
, &value
, &type
, &next
);
538 if (ugh
!= NULL
) /* a parsing error has occured */
541 if (first
) /* first OID/value pair */
543 else /* separate OID/value pair by a comma */
544 update_chunk(str
, snprintf(str
->ptr
,str
->len
,", "));
547 oid_code
= known_oid(oid
);
548 if (oid_code
== OID_UNKNOWN
) /* OID not found in list */
551 update_chunk(str
, snprintf(str
->ptr
,str
->len
,"%s",
552 oid_names
[oid_code
].name
));
555 update_chunk(str
, snprintf(str
->ptr
,str
->len
,"=%.*s",
556 (int)value
.len
,value
.ptr
));
562 * Count the number of wildcard RDNs in a distinguished name
565 dn_count_wildcards(chunk_t dn
)
567 chunk_t rdn
, attribute
, oid
, value
;
572 err_t ugh
= init_rdn(dn
, &rdn
, &attribute
, &next
);
574 if (ugh
!= NULL
) /* a parsing error has occured */
579 ugh
= get_next_rdn(&rdn
, &attribute
, &oid
, &value
, &type
, &next
);
581 if (ugh
!= NULL
) /* a parsing error has occured */
583 if (value
.len
== 1 && *value
.ptr
== '*')
584 wildcards
++; /* we have found a wildcard RDN */
590 * Prints a binary string in hexadecimal form
593 hex_str(chunk_t bin
, chunk_t
*str
)
596 update_chunk(str
, snprintf(str
->ptr
,str
->len
,"0x"));
597 for (i
=0; i
< bin
.len
; i
++)
598 update_chunk(str
, snprintf(str
->ptr
,str
->len
,"%02X",*bin
.ptr
++));
602 /* Converts a binary DER-encoded ASN.1 distinguished name
603 * into LDAP-style human-readable ASCII format
606 dntoa(char *dst
, size_t dstlen
, chunk_t dn
)
613 ugh
= dn_parse(dn
, &str
);
615 if (ugh
!= NULL
) /* error, print DN as hex string */
618 DBG_log("error in DN parsing: %s", ugh
)
624 return (int)(dstlen
- str
.len
);
628 * Same as dntoa but prints a special string for a null dn
631 dntoa_or_null(char *dst
, size_t dstlen
, chunk_t dn
, const char* null_dn
)
634 return snprintf(dst
, dstlen
, "%s", null_dn
);
636 return dntoa(dst
, dstlen
, dn
);
639 /* Converts an LDAP-style human-readable ASCII-encoded
640 * ASN.1 distinguished name into binary DER-encoded format
643 atodn(char *src
, chunk_t
*dn
)
645 /* finite state machine for atodn */
655 u_char oid_len_buf
[3];
656 u_char name_len_buf
[3];
657 u_char rdn_seq_len_buf
[3];
658 u_char rdn_set_len_buf
[3];
659 u_char dn_seq_len_buf
[3];
661 chunk_t asn1_oid_len
= { oid_len_buf
, 0 };
662 chunk_t asn1_name_len
= { name_len_buf
, 0 };
663 chunk_t asn1_rdn_seq_len
= { rdn_seq_len_buf
, 0 };
664 chunk_t asn1_rdn_set_len
= { rdn_set_len_buf
, 0 };
665 chunk_t asn1_dn_seq_len
= { dn_seq_len_buf
, 0 };
666 chunk_t oid
= empty_chunk
;
667 chunk_t name
= empty_chunk
;
677 u_char
*dn_ptr
= dn
->ptr
+ 4;
679 state_t state
= SEARCH_OID
;
686 if (*src
!= ' ' && *src
!= '/' && *src
!= ',')
694 if (*src
!= ' ' && *src
!= '=')
698 for (pos
= 0; pos
< X501_RDN_ROOF
; pos
++)
700 if (strlen(x501rdns
[pos
].name
) == oid
.len
&&
701 strncasecmp(x501rdns
[pos
].name
, oid
.ptr
, oid
.len
) == 0)
702 break; /* found a valid OID */
704 if (pos
== X501_RDN_ROOF
)
706 ugh
= "unknown OID in distinguished name";
710 code_asn1_length(x501rdns
[pos
].oid
.len
, &asn1_oid_len
);
712 /* reset oid and change state */
718 if (*src
!= ' ' && *src
!= '=')
727 if (*src
!= ',' && *src
!= '/' && *src
!= '\0')
737 name
.len
-= whitespace
;
738 code_asn1_length(name
.len
, &asn1_name_len
);
740 /* compute the length of the relative distinguished name sequence */
741 rdn_seq_len
= 1 + asn1_oid_len
.len
+ x501rdns
[pos
].oid
.len
+
742 1 + asn1_name_len
.len
+ name
.len
;
743 code_asn1_length(rdn_seq_len
, &asn1_rdn_seq_len
);
745 /* compute the length of the relative distinguished name set */
746 rdn_set_len
= 1 + asn1_rdn_seq_len
.len
+ rdn_seq_len
;
747 code_asn1_length(rdn_set_len
, &asn1_rdn_set_len
);
749 /* encode the relative distinguished name */
750 *dn_ptr
++ = ASN1_SET
;
751 chunkcpy(dn_ptr
, asn1_rdn_set_len
);
752 *dn_ptr
++ = ASN1_SEQUENCE
;
753 chunkcpy(dn_ptr
, asn1_rdn_seq_len
);
754 *dn_ptr
++ = ASN1_OID
;
755 chunkcpy(dn_ptr
, asn1_oid_len
);
756 chunkcpy(dn_ptr
, x501rdns
[pos
].oid
);
757 /* encode the ASN.1 character string type of the name */
758 *dn_ptr
++ = (x501rdns
[pos
].type
== ASN1_PRINTABLESTRING
759 && !is_printablestring(name
))? ASN1_T61STRING
: x501rdns
[pos
].type
;
760 chunkcpy(dn_ptr
, asn1_name_len
);
761 chunkcpy(dn_ptr
, name
);
763 /* accumulate the length of the distinguished name sequence */
764 dn_seq_len
+= 1 + asn1_rdn_set_len
.len
+ rdn_set_len
;
766 /* reset name and change state */
774 } while (*src
++ != '\0');
776 /* complete the distinguished name sequence*/
777 code_asn1_length(dn_seq_len
, &asn1_dn_seq_len
);
778 dn
->ptr
+= 3 - asn1_dn_seq_len
.len
;
779 dn
->len
= 1 + asn1_dn_seq_len
.len
+ dn_seq_len
;
781 *dn_ptr
++ = ASN1_SEQUENCE
;
782 chunkcpy(dn_ptr
, asn1_dn_seq_len
);
786 /* compare two distinguished names by
787 * comparing the individual RDNs
790 same_dn(chunk_t a
, chunk_t b
)
792 chunk_t rdn_a
, rdn_b
, attribute_a
, attribute_b
;
793 chunk_t oid_a
, oid_b
, value_a
, value_b
;
794 asn1_t type_a
, type_b
;
797 /* same lengths for the DNs */
801 /* try a binary comparison first */
802 if (memcmp(a
.ptr
, b
.ptr
, b
.len
) == 0)
805 /* initialize DN parsing */
806 if (init_rdn(a
, &rdn_a
, &attribute_a
, &next_a
) != NULL
807 || init_rdn(b
, &rdn_b
, &attribute_b
, &next_b
) != NULL
)
810 /* fetch next RDN pair */
811 while (next_a
&& next_b
)
813 /* parse next RDNs and check for errors */
814 if (get_next_rdn(&rdn_a
, &attribute_a
, &oid_a
, &value_a
, &type_a
, &next_a
) != NULL
815 || get_next_rdn(&rdn_b
, &attribute_b
, &oid_b
, &value_b
, &type_b
, &next_b
) != NULL
)
820 /* OIDs must agree */
821 if (oid_a
.len
!= oid_b
.len
|| memcmp(oid_a
.ptr
, oid_b
.ptr
, oid_b
.len
) != 0)
824 /* same lengths for values */
825 if (value_a
.len
!= value_b
.len
)
828 /* printableStrings and email RDNs require uppercase comparison */
829 if (type_a
== type_b
&& (type_a
== ASN1_PRINTABLESTRING
||
830 (type_a
== ASN1_IA5STRING
&& known_oid(oid_a
) == OID_PKCS9_EMAIL
)))
832 if (strncasecmp(value_a
.ptr
, value_b
.ptr
, value_b
.len
) != 0)
837 if (strncmp(value_a
.ptr
, value_b
.ptr
, value_b
.len
) != 0)
841 /* both DNs must have same number of RDNs */
842 if (next_a
|| next_b
)
845 /* the two DNs are equal! */
850 /* compare two distinguished names by comparing the individual RDNs.
851 * A single'*' character designates a wildcard RDN in DN b.
854 match_dn(chunk_t a
, chunk_t b
, int *wildcards
)
856 chunk_t rdn_a
, rdn_b
, attribute_a
, attribute_b
;
857 chunk_t oid_a
, oid_b
, value_a
, value_b
;
858 asn1_t type_a
, type_b
;
861 /* initialize wildcard counter */
864 /* initialize DN parsing */
865 if (init_rdn(a
, &rdn_a
, &attribute_a
, &next_a
) != NULL
866 || init_rdn(b
, &rdn_b
, &attribute_b
, &next_b
) != NULL
)
869 /* fetch next RDN pair */
870 while (next_a
&& next_b
)
872 /* parse next RDNs and check for errors */
873 if (get_next_rdn(&rdn_a
, &attribute_a
, &oid_a
, &value_a
, &type_a
, &next_a
) != NULL
874 || get_next_rdn(&rdn_b
, &attribute_b
, &oid_b
, &value_b
, &type_b
, &next_b
) != NULL
)
879 /* OIDs must agree */
880 if (oid_a
.len
!= oid_b
.len
|| memcmp(oid_a
.ptr
, oid_b
.ptr
, oid_b
.len
) != 0)
883 /* does rdn_b contain a wildcard? */
884 if (value_b
.len
== 1 && *value_b
.ptr
== '*')
890 /* same lengths for values */
891 if (value_a
.len
!= value_b
.len
)
894 /* printableStrings and email RDNs require uppercase comparison */
895 if (type_a
== type_b
&& (type_a
== ASN1_PRINTABLESTRING
||
896 (type_a
== ASN1_IA5STRING
&& known_oid(oid_a
) == OID_PKCS9_EMAIL
)))
898 if (strncasecmp(value_a
.ptr
, value_b
.ptr
, value_b
.len
) != 0)
903 if (strncmp(value_a
.ptr
, value_b
.ptr
, value_b
.len
) != 0)
907 /* both DNs must have same number of RDNs */
908 if (next_a
|| next_b
)
911 /* the two DNs match! */
916 * compare two X.509 certificates by comparing their signatures
919 same_x509cert(const x509cert_t
*a
, const x509cert_t
*b
)
921 return same_chunk(a
->signature
, b
->signature
);
924 /* for each link pointing to the certificate
925 " increase the count by one
928 share_x509cert(x509cert_t
*cert
)
935 * add a X.509 user/host certificate to the chained list
938 add_x509cert(x509cert_t
*cert
)
940 x509cert_t
*c
= x509certs
;
944 if (same_x509cert(c
, cert
)) /* already in chain, free cert */
952 /* insert new cert at the root of the chain */
953 lock_certs_and_keys("add_x509cert");
954 cert
->next
= x509certs
;
956 DBG(DBG_CONTROL
| DBG_PARSING
,
957 DBG_log(" x509 cert inserted")
959 unlock_certs_and_keys("add_x509cert");
964 * choose either subject DN or a subjectAltName as connection end ID
967 select_x509cert_id(x509cert_t
*cert
, struct id
*end_id
)
969 bool copy_subject_dn
= TRUE
; /* ID is subject DN */
971 if (end_id
->kind
!= ID_NONE
) /* check for matching subjectAltName */
973 generalName_t
*gn
= cert
->subjectAltName
;
977 struct id id
= empty_id
;
980 if (same_id(&id
, end_id
))
982 copy_subject_dn
= FALSE
; /* take subjectAltName instead */
991 if (end_id
->kind
!= ID_NONE
&& end_id
->kind
!= ID_DER_ASN1_DN
)
995 idtoa(end_id
, buf
, BUF_LEN
);
996 plog(" no subjectAltName matches ID '%s', replaced by subject DN", buf
);
998 end_id
->kind
= ID_DER_ASN1_DN
;
999 end_id
->name
.len
= cert
->subject
.len
;
1000 end_id
->name
.ptr
= temporary_cyclic_buffer();
1001 memcpy(end_id
->name
.ptr
, cert
->subject
.ptr
, cert
->subject
.len
);
1006 * check for equality between two key identifiers
1009 same_keyid(chunk_t a
, chunk_t b
)
1011 if (a
.ptr
== NULL
|| b
.ptr
== NULL
)
1014 return same_chunk(a
, b
);
1018 * check for equality between two serial numbers
1021 same_serial(chunk_t a
, chunk_t b
)
1023 /* do not compare serial numbers if one of them is not defined */
1024 if (a
.ptr
== NULL
|| b
.ptr
== NULL
)
1027 return same_chunk(a
, b
);
1031 * get a X.509 certificate with a given issuer found at a certain position
1034 get_x509cert(chunk_t issuer
, chunk_t serial
, chunk_t keyid
, x509cert_t
*chain
)
1036 x509cert_t
*cert
= (chain
!= NULL
)? chain
->next
: x509certs
;
1038 while (cert
!= NULL
)
1040 if ((keyid
.ptr
!= NULL
) ? same_keyid(keyid
, cert
->authKeyID
)
1041 : (same_dn(issuer
, cert
->issuer
)
1042 && same_serial(serial
, cert
->authKeySerialNumber
)))
1052 * encode a linked list of subjectAltNames
1055 build_subjectAltNames(generalName_t
*subjectAltNames
)
1060 generalName_t
*gn
= subjectAltNames
;
1062 /* compute the total size of the ASN.1 attributes object */
1065 len
+= gn
->name
.len
;
1069 pos
= build_asn1_object(&names
, ASN1_SEQUENCE
, len
);
1071 gn
= subjectAltNames
;
1074 chunkcpy(pos
, gn
->name
);
1078 return asn1_wrap(ASN1_SEQUENCE
, "cm"
1079 , ASN1_subjectAltName_oid
1080 , asn1_wrap(ASN1_OCTET_STRING
, "m", names
));
1084 * build a to-be-signed X.509 certificate body
1087 build_tbs_x509cert(x509cert_t
*cert
, const RSA_public_key_t
*rsa
)
1089 /* version is always X.509v3 */
1090 chunk_t version
= asn1_simple_object(ASN1_CONTEXT_C_0
, ASN1_INTEGER_2
);
1092 chunk_t extensions
= empty_chunk
;
1094 if (cert
->subjectAltName
!= NULL
)
1096 extensions
= asn1_wrap(ASN1_CONTEXT_C_3
, "m"
1097 , asn1_wrap(ASN1_SEQUENCE
, "m"
1098 , build_subjectAltNames(cert
->subjectAltName
)));
1101 return asn1_wrap(ASN1_SEQUENCE
, "mmccmcmm"
1103 , asn1_simple_object(ASN1_INTEGER
, cert
->serialNumber
)
1104 , asn1_algorithmIdentifier(cert
->sigAlg
)
1106 , asn1_wrap(ASN1_SEQUENCE
, "mm"
1107 , timetoasn1(&cert
->notBefore
, ASN1_UTCTIME
)
1108 , timetoasn1(&cert
->notAfter
, ASN1_UTCTIME
)
1111 , pkcs1_build_publicKeyInfo(rsa
)
1117 * build a DER-encoded X.509 certificate
1120 build_x509cert(x509cert_t
*cert
, const RSA_public_key_t
*cert_key
1121 , const RSA_private_key_t
*signer_key
)
1123 chunk_t tbs_cert
= build_tbs_x509cert(cert
, cert_key
);
1125 chunk_t signature
= pkcs1_build_signature(tbs_cert
, cert
->sigAlg
1126 , signer_key
, TRUE
);
1128 cert
->certificate
= asn1_wrap(ASN1_SEQUENCE
, "mcm"
1130 , asn1_algorithmIdentifier(cert
->sigAlg
)
1135 * free the dynamic memory used to store generalNames
1138 free_generalNames(generalName_t
* gn
, bool free_name
)
1142 generalName_t
*gn_top
= gn
;
1145 pfree(gn
->name
.ptr
);
1153 * free a X.509 certificate
1156 free_x509cert(x509cert_t
*cert
)
1160 free_generalNames(cert
->subjectAltName
, FALSE
);
1161 free_generalNames(cert
->crlDistributionPoints
, FALSE
);
1162 pfreeany(cert
->certificate
.ptr
);
1168 /* release of a certificate decreases the count by one
1169 " the certificate is freed when the counter reaches zero
1172 release_x509cert(x509cert_t
*cert
)
1174 if (cert
!= NULL
&& --cert
->count
== 0)
1176 x509cert_t
**pp
= &x509certs
;
1180 free_x509cert(cert
);
1186 * stores a chained list of end certs and CA certs
1189 store_x509certs(x509cert_t
**firstcert
, bool strict
)
1191 x509cert_t
*cacerts
= NULL
;
1192 x509cert_t
**pp
= firstcert
;
1194 /* first extract CA certs, discarding root CA certs */
1198 x509cert_t
*cert
= *pp
;
1204 /* we don't accept self-signed CA certs */
1205 if (same_dn(cert
->issuer
, cert
->subject
))
1207 plog("self-signed cacert rejected");
1208 free_x509cert(cert
);
1212 /* insertion into temporary chain of candidate CA certs */
1213 cert
->next
= cacerts
;
1221 /* now verify the candidate CA certs */
1223 while (cacerts
!= NULL
)
1225 x509cert_t
*cert
= cacerts
;
1227 cacerts
= cacerts
->next
;
1229 if (trust_authcert_candidate(cert
, cacerts
))
1231 add_authcert(cert
, AUTH_CA
);
1235 plog("intermediate cacert rejected");
1236 free_x509cert(cert
);
1240 /* now verify the end certificates */
1247 x509cert_t
*cert
= *pp
;
1249 if (verify_x509cert(cert
, strict
, &valid_until
))
1251 DBG(DBG_CONTROL
| DBG_PARSING
,
1252 DBG_log("public key validated")
1254 add_x509_public_key(cert
, valid_until
, DAL_SIGNED
);
1258 plog("X.509 certificate rejected");
1261 free_x509cert(cert
);
1266 * decrypts an RSA signature using the issuer's certificate
1269 decrypt_sig(chunk_t sig
, int alg
, const x509cert_t
*issuer_cert
,
1276 case OID_RSA_ENCRYPTION
:
1277 case OID_MD2_WITH_RSA
:
1278 case OID_MD5_WITH_RSA
:
1279 case OID_SHA1_WITH_RSA
:
1280 case OID_SHA1_WITH_RSA_OIW
:
1281 case OID_SHA256_WITH_RSA
:
1282 case OID_SHA384_WITH_RSA
:
1283 case OID_SHA512_WITH_RSA
:
1286 RSA_public_key_t rsa
;
1288 init_RSA_public_key(&rsa
, issuer_cert
->publicExponent
1289 , issuer_cert
->modulus
);
1291 /* decrypt the signature s = s^e mod n */
1292 n_to_mpz(s
, sig
.ptr
, sig
.len
);
1293 mpz_powm(s
, s
, &rsa
.e
, &rsa
.n
);
1295 /* convert back to bytes */
1296 decrypted
= mpz_to_n(s
, rsa
.k
);
1298 DBG_dump_chunk(" decrypted signature: ", decrypted
)
1301 /* copy the least significant bits of decrypted signature
1302 * into the digest string
1304 memcpy(digest
->ptr
, decrypted
.ptr
+ decrypted
.len
- digest
->len
,
1308 free_RSA_public_content(&rsa
);
1309 pfree(decrypted
.ptr
);
1320 * Check if a signature over binary blob is genuine
1323 check_signature(chunk_t tbs
, chunk_t sig
, int digest_alg
, int enc_alg
1324 , const x509cert_t
*issuer_cert
)
1326 u_char digest_buf
[MAX_DIGEST_LEN
];
1327 u_char decrypted_buf
[MAX_DIGEST_LEN
];
1328 chunk_t digest
= {digest_buf
, MAX_DIGEST_LEN
};
1329 chunk_t decrypted
= {decrypted_buf
, MAX_DIGEST_LEN
};
1332 if (digest_alg
!= OID_UNKNOWN
)
1333 DBG_log("signature digest algorithm: '%s'",oid_names
[digest_alg
].name
);
1335 DBG_log("unknown signature digest algorithm");
1338 if (!compute_digest(tbs
, digest_alg
, &digest
))
1340 plog(" digest algorithm not supported");
1345 DBG_dump_chunk(" digest:", digest
)
1348 decrypted
.len
= digest
.len
; /* we want the same digest length */
1351 if (enc_alg
!= OID_UNKNOWN
)
1352 DBG_log("signature encryption algorithm: '%s'",oid_names
[enc_alg
].name
);
1354 DBG_log("unknown signature encryption algorithm");
1357 if (!decrypt_sig(sig
, enc_alg
, issuer_cert
, &decrypted
))
1359 plog(" decryption algorithm not supported");
1363 /* check if digests are equal */
1364 return !memcmp(decrypted
.ptr
, digest
.ptr
, digest
.len
);
1368 * extracts the basicConstraints extension
1371 parse_basicConstraints(chunk_t blob
, int level0
)
1379 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1381 while (objectID
< BASIC_CONSTRAINTS_ROOF
) {
1383 if (!extract_object(basicConstraintsObjects
, &objectID
,
1384 &object
,&level
, &ctx
))
1387 if (objectID
== BASIC_CONSTRAINTS_CA
)
1389 isCA
= object
.len
&& *object
.ptr
;
1391 DBG_log(" %s",(isCA
)?"TRUE":"FALSE");
1400 * Converts a X.500 generalName into an ID
1403 gntoid(struct id
*id
, const generalName_t
*gn
)
1407 case GN_DNS_NAME
: /* ID type: ID_FQDN */
1409 id
->name
= gn
->name
;
1411 case GN_IP_ADDRESS
: /* ID type: ID_IPV4_ADDR */
1413 const struct af_info
*afi
= &af_inet4_info
;
1416 id
->kind
= afi
->id_addr
;
1417 ugh
= initaddr(gn
->name
.ptr
, gn
->name
.len
, afi
->af
, &id
->ip_addr
);
1420 case GN_RFC822_NAME
: /* ID type: ID_USER_FQDN */
1421 id
->kind
= ID_USER_FQDN
;
1422 id
->name
= gn
->name
;
1426 id
->name
= empty_chunk
;
1430 /* compute the subjectKeyIdentifier according to section 4.2.1.2 of RFC 3280
1431 * as the 160 bit SHA-1 hash of the public key
1434 compute_subjectKeyID(x509cert_t
*cert
, chunk_t subjectKeyID
)
1440 , cert
->subjectPublicKey
.ptr
1441 , cert
->subjectPublicKey
.len
);
1442 SHA1Final(subjectKeyID
.ptr
, &context
);
1443 subjectKeyID
.len
= SHA1_DIGEST_SIZE
;
1447 * extracts an otherName
1450 parse_otherName(chunk_t blob
, int level0
)
1456 int oid
= OID_UNKNOWN
;
1458 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1460 while (objectID
< ON_OBJ_ROOF
)
1462 if (!extract_object(otherNameObjects
, &objectID
, &object
, &level
, &ctx
))
1467 case ON_OBJ_ID_TYPE
:
1468 oid
= known_oid(object
);
1471 if (oid
== OID_XMPP_ADDR
)
1473 if (!parse_asn1_simple_object(&object
, ASN1_UTF8STRING
1474 , level
+ 1, "xmppAddr"))
1490 * extracts a generalName
1492 static generalName_t
*
1493 parse_generalName(chunk_t blob
, int level0
)
1495 u_char buf
[BUF_LEN
];
1501 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1503 while (objectID
< GN_OBJ_ROOF
)
1505 bool valid_gn
= FALSE
;
1507 if (!extract_object(generalNameObjects
, &objectID
, &object
, &level
, &ctx
))
1511 case GN_OBJ_RFC822_NAME
:
1512 case GN_OBJ_DNS_NAME
:
1515 DBG_log(" '%.*s'", (int)object
.len
, object
.ptr
);
1519 case GN_OBJ_DIRECTORY_NAME
:
1521 dntoa(buf
, BUF_LEN
, object
);
1522 DBG_log(" '%s'", buf
)
1526 case GN_OBJ_IP_ADDRESS
:
1528 DBG_log(" '%d.%d.%d.%d'", *object
.ptr
, *(object
.ptr
+1),
1529 *(object
.ptr
+2), *(object
.ptr
+3));
1533 case GN_OBJ_OTHER_NAME
:
1534 if (!parse_otherName(object
, level
+ 1))
1537 case GN_OBJ_X400_ADDRESS
:
1538 case GN_OBJ_EDI_PARTY_NAME
:
1539 case GN_OBJ_REGISTERED_ID
:
1547 generalName_t
*gn
= alloc_thing(generalName_t
, "generalName");
1548 gn
->kind
= (objectID
- GN_OBJ_OTHER_NAME
) / 2;
1560 * extracts one or several GNs and puts them into a chained list
1562 static generalName_t
*
1563 parse_generalNames(chunk_t blob
, int level0
, bool implicit
)
1570 generalName_t
*top_gn
= NULL
;
1572 asn1_init(&ctx
, blob
, level0
, implicit
, DBG_RAW
);
1574 while (objectID
< GENERAL_NAMES_ROOF
)
1576 if (!extract_object(generalNamesObjects
, &objectID
, &object
, &level
, &ctx
))
1579 if (objectID
== GENERAL_NAMES_GN
)
1581 generalName_t
*gn
= parse_generalName(object
, level
+1);
1594 * returns a directoryName
1596 chunk_t
get_directoryName(chunk_t blob
, int level
, bool implicit
)
1598 chunk_t name
= empty_chunk
;
1599 generalName_t
* gn
= parse_generalNames(blob
, level
, implicit
);
1601 if (gn
!= NULL
&& gn
->kind
== GN_DIRECTORY_NAME
)
1604 free_generalNames(gn
, FALSE
);
1610 * extracts and converts a UTCTIME or GENERALIZEDTIME object
1613 parse_time(chunk_t blob
, int level0
)
1620 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1622 while (objectID
< TIME_ROOF
)
1624 if (!extract_object(timeObjects
, &objectID
, &object
, &level
, &ctx
))
1625 return UNDEFINED_TIME
;
1627 if (objectID
== TIME_UTC
|| objectID
== TIME_GENERALIZED
)
1629 return asn1totime(&object
, (objectID
== TIME_UTC
)
1630 ? ASN1_UTCTIME
: ASN1_GENERALIZEDTIME
);
1634 return UNDEFINED_TIME
;
1638 * extracts a keyIdentifier
1641 parse_keyIdentifier(chunk_t blob
, int level0
, bool implicit
)
1648 asn1_init(&ctx
, blob
, level0
, implicit
, DBG_RAW
);
1650 extract_object(keyIdentifierObjects
, &objectID
, &object
, &level
, &ctx
);
1655 * extracts an authoritykeyIdentifier
1658 parse_authorityKeyIdentifier(chunk_t blob
, int level0
1659 , chunk_t
*authKeyID
, chunk_t
*authKeySerialNumber
)
1666 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1668 while (objectID
< AUTH_KEY_ID_ROOF
)
1670 if (!extract_object(authorityKeyIdentifierObjects
, &objectID
, &object
, &level
, &ctx
))
1674 case AUTH_KEY_ID_KEY_ID
:
1675 *authKeyID
= parse_keyIdentifier(object
, level
+1, TRUE
);
1677 case AUTH_KEY_ID_CERT_ISSUER
:
1679 generalName_t
* gn
= parse_generalNames(object
, level
+1, TRUE
);
1681 free_generalNames(gn
, FALSE
);
1684 case AUTH_KEY_ID_CERT_SERIAL
:
1685 *authKeySerialNumber
= object
;
1695 * extracts an authorityInfoAcess location
1698 parse_authorityInfoAccess(chunk_t blob
, int level0
, chunk_t
*accessLocation
)
1705 u_int accessMethod
= OID_UNKNOWN
;
1707 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1709 while (objectID
< AUTH_INFO_ACCESS_ROOF
)
1711 if (!extract_object(authorityInfoAccessObjects
, &objectID
, &object
, &level
, &ctx
))
1715 case AUTH_INFO_ACCESS_METHOD
:
1716 accessMethod
= known_oid(object
);
1718 case AUTH_INFO_ACCESS_LOCATION
:
1720 switch (accessMethod
)
1723 if (*object
.ptr
== ASN1_CONTEXT_S_6
)
1725 if (asn1_length(&object
) == ASN1_INVALID_LENGTH
)
1729 DBG_log(" '%.*s'",(int)object
.len
, object
.ptr
)
1732 /* only HTTP(S) URIs accepted */
1733 if (strncasecmp(object
.ptr
, "http", 4) == 0)
1735 *accessLocation
= object
;
1739 plog("warning: ignoring OCSP InfoAccessLocation with unkown protocol");
1742 /* unkown accessMethod, ignoring */
1756 * extracts extendedKeyUsage OIDs
1759 parse_extendedKeyUsage(chunk_t blob
, int level0
)
1766 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1768 while (objectID
< EXT_KEY_USAGE_ROOF
)
1770 if (!extract_object(extendedKeyUsageObjects
, &objectID
1771 , &object
, &level
, &ctx
))
1774 if (objectID
== EXT_KEY_USAGE_PURPOSE_ID
1775 && known_oid(object
) == OID_OCSP_SIGNING
)
1782 /* extracts one or several crlDistributionPoints and puts them into
1785 static generalName_t
*
1786 parse_crlDistributionPoints(chunk_t blob
, int level0
)
1793 generalName_t
*top_gn
= NULL
; /* top of the chained list */
1794 generalName_t
**tail_gn
= &top_gn
; /* tail of the chained list */
1796 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1798 while (objectID
< CRL_DIST_POINTS_ROOF
)
1800 if (!extract_object(crlDistributionPointsObjects
, &objectID
,
1801 &object
, &level
, &ctx
))
1804 if (objectID
== CRL_DIST_POINTS_FULLNAME
)
1806 generalName_t
*gn
= parse_generalNames(object
, level
+1, TRUE
);
1807 /* append extracted generalNames to existing chained list */
1809 /* find new tail of the chained list */
1812 tail_gn
= &gn
->next
; gn
= gn
->next
;
1822 * Parses an X.509v3 certificate
1825 parse_x509cert(chunk_t blob
, u_int level0
, x509cert_t
*cert
)
1827 u_char buf
[BUF_LEN
];
1832 u_int extn_oid
= OID_UNKNOWN
;
1835 asn1_init(&ctx
, blob
, level0
, FALSE
, DBG_RAW
);
1837 while (objectID
< X509_OBJ_ROOF
)
1839 if (!extract_object(certObjects
, &objectID
, &object
, &level
, &ctx
))
1842 /* those objects which will parsed further need the next higher level */
1846 case X509_OBJ_CERTIFICATE
:
1847 cert
->certificate
= object
;
1849 case X509_OBJ_TBS_CERTIFICATE
:
1850 cert
->tbsCertificate
= object
;
1852 case X509_OBJ_VERSION
:
1853 cert
->version
= (object
.len
) ? (1+(u_int
)*object
.ptr
) : 1;
1855 DBG_log(" v%d", cert
->version
);
1858 case X509_OBJ_SERIAL_NUMBER
:
1859 cert
->serialNumber
= object
;
1861 case X509_OBJ_SIG_ALG
:
1862 cert
->sigAlg
= parse_algorithmIdentifier(object
, level
, NULL
);
1864 case X509_OBJ_ISSUER
:
1865 cert
->issuer
= object
;
1867 dntoa(buf
, BUF_LEN
, object
);
1868 DBG_log(" '%s'",buf
)
1871 case X509_OBJ_NOT_BEFORE
:
1872 cert
->notBefore
= parse_time(object
, level
);
1874 case X509_OBJ_NOT_AFTER
:
1875 cert
->notAfter
= parse_time(object
, level
);
1877 case X509_OBJ_SUBJECT
:
1878 cert
->subject
= object
;
1880 dntoa(buf
, BUF_LEN
, object
);
1881 DBG_log(" '%s'",buf
)
1884 case X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM
:
1885 if (parse_algorithmIdentifier(object
, level
, NULL
) == OID_RSA_ENCRYPTION
)
1886 cert
->subjectPublicKeyAlgorithm
= PUBKEY_ALG_RSA
;
1889 plog(" unsupported public key algorithm");
1893 case X509_OBJ_SUBJECT_PUBLIC_KEY
:
1894 if (ctx
.blobs
[4].len
> 0 && *ctx
.blobs
[4].ptr
== 0x00)
1896 /* skip initial bit string octet defining 0 unused bits */
1897 ctx
.blobs
[4].ptr
++; ctx
.blobs
[4].len
--;
1901 plog(" invalid RSA public key format");
1905 case X509_OBJ_RSA_PUBLIC_KEY
:
1906 cert
->subjectPublicKey
= object
;
1908 case X509_OBJ_MODULUS
:
1909 if (object
.len
< RSA_MIN_OCTETS
+ 1)
1911 plog(" " RSA_MIN_OCTETS_UGH
);
1914 if (object
.len
> RSA_MAX_OCTETS
+ (size_t)(*object
.ptr
== 0x00))
1916 plog(" " RSA_MAX_OCTETS_UGH
);
1919 cert
->modulus
= object
;
1921 case X509_OBJ_PUBLIC_EXPONENT
:
1922 cert
->publicExponent
= object
;
1924 case X509_OBJ_EXTN_ID
:
1925 extn_oid
= known_oid(object
);
1927 case X509_OBJ_CRITICAL
:
1928 critical
= object
.len
&& *object
.ptr
;
1930 DBG_log(" %s",(critical
)?"TRUE":"FALSE");
1933 case X509_OBJ_EXTN_VALUE
:
1936 case OID_SUBJECT_KEY_ID
:
1937 cert
->subjectKeyID
=
1938 parse_keyIdentifier(object
, level
, FALSE
);
1940 case OID_SUBJECT_ALT_NAME
:
1941 cert
->subjectAltName
=
1942 parse_generalNames(object
, level
, FALSE
);
1944 case OID_BASIC_CONSTRAINTS
:
1946 parse_basicConstraints(object
, level
);
1948 case OID_CRL_DISTRIBUTION_POINTS
:
1949 cert
->crlDistributionPoints
=
1950 parse_crlDistributionPoints(object
, level
);
1952 case OID_AUTHORITY_KEY_ID
:
1953 parse_authorityKeyIdentifier(object
, level
1954 , &cert
->authKeyID
, &cert
->authKeySerialNumber
);
1956 case OID_AUTHORITY_INFO_ACCESS
:
1957 parse_authorityInfoAccess(object
, level
, &cert
->accessLocation
);
1959 case OID_EXTENDED_KEY_USAGE
:
1960 cert
->isOcspSigner
= parse_extendedKeyUsage(object
, level
);
1962 case OID_NS_REVOCATION_URL
:
1963 case OID_NS_CA_REVOCATION_URL
:
1964 case OID_NS_CA_POLICY_URL
:
1965 case OID_NS_COMMENT
:
1966 if (!parse_asn1_simple_object(&object
, ASN1_IA5STRING
1967 , level
, oid_names
[extn_oid
].name
))
1977 case X509_OBJ_ALGORITHM
:
1978 cert
->algorithm
= parse_algorithmIdentifier(object
, level
, NULL
);
1980 case X509_OBJ_SIGNATURE
:
1981 cert
->signature
= object
;
1988 time(&cert
->installed
);
1992 /* verify the validity of a certificate by
1993 * checking the notBefore and notAfter dates
1996 check_validity(const x509cert_t
*cert
, time_t *until
)
1998 time_t current_time
;
2000 time(¤t_time
);
2001 DBG(DBG_CONTROL
| DBG_PARSING
,
2002 DBG_log(" not before : %s", timetoa(&cert
->notBefore
, TRUE
));
2003 DBG_log(" current time: %s", timetoa(¤t_time
, TRUE
));
2004 DBG_log(" not after : %s", timetoa(&cert
->notAfter
, TRUE
));
2007 if (cert
->notAfter
< *until
) *until
= cert
->notAfter
;
2009 if (current_time
< cert
->notBefore
)
2010 return "certificate is not valid yet";
2011 if (current_time
> cert
->notAfter
)
2012 return "certificate has expired";
2018 * verifies a X.509 certificate
2021 verify_x509cert(const x509cert_t
*cert
, bool strict
, time_t *until
)
2025 *until
= cert
->notAfter
;
2027 for (pathlen
= 0; pathlen
< MAX_CA_PATH_LEN
; pathlen
++)
2029 x509cert_t
*issuer_cert
;
2030 u_char buf
[BUF_LEN
];
2034 dntoa(buf
, BUF_LEN
, cert
->subject
);
2035 DBG_log("subject: '%s'",buf
);
2036 dntoa(buf
, BUF_LEN
, cert
->issuer
);
2037 DBG_log("issuer: '%s'",buf
);
2038 if (cert
->authKeyID
.ptr
!= NULL
)
2040 datatot(cert
->authKeyID
.ptr
, cert
->authKeyID
.len
, ':'
2042 DBG_log("authkey: %s", buf
);
2046 ugh
= check_validity(cert
, until
);
2055 DBG_log("certificate is valid")
2058 lock_authcert_list("verify_x509cert");
2059 issuer_cert
= get_authcert(cert
->issuer
, cert
->authKeySerialNumber
2060 , cert
->authKeyID
, AUTH_CA
);
2062 if (issuer_cert
== NULL
)
2064 plog("issuer cacert not found");
2065 unlock_authcert_list("verify_x509cert");
2069 DBG_log("issuer cacert found")
2072 if (!check_signature(cert
->tbsCertificate
, cert
->signature
2073 , cert
->algorithm
, cert
->algorithm
, issuer_cert
))
2075 plog("certificate signature is invalid");
2076 unlock_authcert_list("verify_x509cert");
2080 DBG_log("certificate signature is valid")
2082 unlock_authcert_list("verify_x509cert");
2084 /* check if cert is a self-signed root ca */
2085 if (pathlen
> 0 && same_dn(cert
->issuer
, cert
->subject
))
2088 DBG_log("reached self-signed root ca")
2094 time_t nextUpdate
= *until
;
2095 time_t revocationDate
= UNDEFINED_TIME
;
2096 crl_reason_t revocationReason
= REASON_UNSPECIFIED
;
2098 /* first check certificate revocation using ocsp */
2099 cert_status_t status
= verify_by_ocsp(cert
, &nextUpdate
2100 , &revocationDate
, &revocationReason
);
2102 /* if ocsp service is not available then fall back to crl */
2103 if ((status
== CERT_UNDEFINED
)
2104 || (status
== CERT_UNKNOWN
&& strict
))
2106 status
= verify_by_crl(cert
, &nextUpdate
, &revocationDate
2107 , &revocationReason
);
2113 /* if status information is stale */
2114 if (strict
&& nextUpdate
< time(NULL
))
2117 DBG_log("certificate is good but status is stale")
2119 remove_x509_public_key(cert
);
2123 DBG_log("certificate is good")
2126 /* with strict crl policy the public key must have the same
2127 * lifetime as the validity of the ocsp status or crl lifetime
2129 if (strict
&& nextUpdate
< *until
)
2130 *until
= nextUpdate
;
2133 plog("certificate was revoked on %s, reason: %s"
2134 , timetoa(&revocationDate
, TRUE
)
2135 , enum_name(&crl_reason_names
, revocationReason
));
2136 remove_x509_public_key(cert
);
2139 case CERT_UNDEFINED
:
2141 plog("certificate status unknown");
2144 remove_x509_public_key(cert
);
2151 /* go up one step in the trust chain */
2154 plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN
);
2159 * list all X.509 certs in a chained list
2162 list_x509cert_chain(const char *caption
, x509cert_t
* cert
, u_char auth_flags
2168 /* determine the current time */
2171 while (cert
!= NULL
)
2173 if (auth_flags
== AUTH_NONE
|| (auth_flags
& cert
->authority_flags
))
2176 char keyid
[KEYID_BUF
];
2177 u_char buf
[BUF_LEN
];
2180 c
.type
= CERT_X509_SIGNATURE
;
2185 whack_log(RC_COMMENT
, " ");
2186 whack_log(RC_COMMENT
, "List of X.509 %s Certificates:", caption
);
2187 whack_log(RC_COMMENT
, " ");
2191 whack_log(RC_COMMENT
, "%s, count: %d", timetoa(&cert
->installed
, utc
),
2193 dntoa(buf
, BUF_LEN
, cert
->subject
);
2194 whack_log(RC_COMMENT
, " subject: '%s'", buf
);
2195 dntoa(buf
, BUF_LEN
, cert
->issuer
);
2196 whack_log(RC_COMMENT
, " issuer: '%s'", buf
);
2197 datatot(cert
->serialNumber
.ptr
, cert
->serialNumber
.len
, ':'
2199 whack_log(RC_COMMENT
, " serial: %s", buf
);
2200 form_keyid(cert
->publicExponent
, cert
->modulus
, keyid
, &keysize
);
2201 whack_log(RC_COMMENT
, " pubkey: %4d RSA Key %s%s"
2203 , cert
->smartcard
? ", on smartcard" :
2204 (has_private_key(c
)? ", has private key" : ""));
2205 whack_log(RC_COMMENT
, " validity: not before %s %s",
2206 timetoa(&cert
->notBefore
, utc
),
2207 (cert
->notBefore
< now
)?"ok":"fatal (not valid yet)");
2208 whack_log(RC_COMMENT
, " not after %s %s",
2209 timetoa(&cert
->notAfter
, utc
),
2210 check_expiry(cert
->notAfter
, CA_CERT_WARNING_INTERVAL
, TRUE
));
2211 if (cert
->subjectKeyID
.ptr
!= NULL
)
2213 datatot(cert
->subjectKeyID
.ptr
, cert
->subjectKeyID
.len
, ':'
2215 whack_log(RC_COMMENT
, " subjkey: %s", buf
);
2217 if (cert
->authKeyID
.ptr
!= NULL
)
2219 datatot(cert
->authKeyID
.ptr
, cert
->authKeyID
.len
, ':'
2221 whack_log(RC_COMMENT
, " authkey: %s", buf
);
2223 if (cert
->authKeySerialNumber
.ptr
!= NULL
)
2225 datatot(cert
->authKeySerialNumber
.ptr
, cert
->authKeySerialNumber
.len
2226 , ':', buf
, BUF_LEN
);
2227 whack_log(RC_COMMENT
, " aserial: %s", buf
);
2235 * list all X.509 end certificates in a chained list
2238 list_x509_end_certs(bool utc
)
2240 list_x509cert_chain("End", x509certs
, AUTH_NONE
, utc
);