1
// SPDX-License-Identifier: GPL-2.0-or-later
2
/* X.509 certificate parser
3
 *
4
 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
5
 * Written by David Howells ([email protected])
6
 */
7

8
#define pr_fmt(fmt) "X.509: "fmt
9
#include <linux/kernel.h>
10
#include <linux/export.h>
11
#include <linux/slab.h>
12
#include <linux/err.h>
13
#include <linux/oid_registry.h>
14
#include <crypto/public_key.h>
15
#include "x509_parser.h"
16
#include "x509.asn1.h"
17
#include "x509_akid.asn1.h"
18

19
struct x509_parse_context {
20
	struct x509_certificate	*cert;		/* Certificate being constructed */
21
	unsigned long	data;			/* Start of data */
22
	const void	*key;			/* Key data */
23
	size_t		key_size;		/* Size of key data */
24
	const void	*params;		/* Key parameters */
25
	size_t		params_size;		/* Size of key parameters */
26
	enum OID	key_algo;		/* Algorithm used by the cert's key */
27
	enum OID	last_oid;		/* Last OID encountered */
28
	enum OID	sig_algo;		/* Algorithm used to sign the cert */
29
	u8		o_size;			/* Size of organizationName (O) */
30
	u8		cn_size;		/* Size of commonName (CN) */
31
	u8		email_size;		/* Size of emailAddress */
32
	u16		o_offset;		/* Offset of organizationName (O) */
33
	u16		cn_offset;		/* Offset of commonName (CN) */
34
	u16		email_offset;		/* Offset of emailAddress */
35
	unsigned	raw_akid_size;
36
	const void	*raw_akid;		/* Raw authorityKeyId in ASN.1 */
37
	const void	*akid_raw_issuer;	/* Raw directoryName in authorityKeyId */
38
	unsigned	akid_raw_issuer_size;
39
};
40

41
/*
42
 * Free an X.509 certificate
43
 */
44
void x509_free_certificate(struct x509_certificate *cert)
45
{
46
	if (cert) {
47
		public_key_free(cert->pub);
48
		public_key_signature_free(cert->sig);
49
		kfree(cert->issuer);
50
		kfree(cert->subject);
51
		kfree(cert->id);
52
		kfree(cert->skid);
53
		kfree(cert);
54
	}
55
}
56
EXPORT_SYMBOL_GPL(x509_free_certificate);
57

58
/*
59
 * Parse an X.509 certificate
60
 */
61
struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
62
{
63
	struct x509_certificate *cert __free(x509_free_certificate);
64
	struct x509_parse_context *ctx __free(kfree) = NULL;
65
	struct asymmetric_key_id *kid;
66
	long ret;
67

68
	cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL);
69
	if (!cert)
70
		return ERR_PTR(-ENOMEM);
71
	cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
72
	if (!cert->pub)
73
		return ERR_PTR(-ENOMEM);
74
	cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL);
75
	if (!cert->sig)
76
		return ERR_PTR(-ENOMEM);
77
	ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL);
78
	if (!ctx)
79
		return ERR_PTR(-ENOMEM);
80

81
	ctx->cert = cert;
82
	ctx->data = (unsigned long)data;
83

84
	/* Attempt to decode the certificate */
85
	ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen);
86
	if (ret < 0)
87
		return ERR_PTR(ret);
88

89
	/* Decode the AuthorityKeyIdentifier */
90
	if (ctx->raw_akid) {
91
		pr_devel("AKID: %u %*phN\n",
92
			 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid);
93
		ret = asn1_ber_decoder(&x509_akid_decoder, ctx,
94
				       ctx->raw_akid, ctx->raw_akid_size);
95
		if (ret < 0) {
96
			pr_warn("Couldn't decode AuthKeyIdentifier\n");
97
			return ERR_PTR(ret);
98
		}
99
	}
100

101
	cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
102
	if (!cert->pub->key)
103
		return ERR_PTR(-ENOMEM);
104

105
	cert->pub->keylen = ctx->key_size;
106

107
	cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL);
108
	if (!cert->pub->params)
109
		return ERR_PTR(-ENOMEM);
110

111
	cert->pub->paramlen = ctx->params_size;
112
	cert->pub->algo = ctx->key_algo;
113

114
	/* Grab the signature bits */
115
	ret = x509_get_sig_params(cert);
116
	if (ret < 0)
117
		return ERR_PTR(ret);
118

119
	/* Generate cert issuer + serial number key ID */
120
	kid = asymmetric_key_generate_id(cert->raw_serial,
121
					 cert->raw_serial_size,
122
					 cert->raw_issuer,
123
					 cert->raw_issuer_size);
124
	if (IS_ERR(kid))
125
		return ERR_CAST(kid);
126
	cert->id = kid;
127

128
	/* Detect self-signed certificates */
129
	ret = x509_check_for_self_signed(cert);
130
	if (ret < 0)
131
		return ERR_PTR(ret);
132

133
	return_ptr(cert);
134
}
135
EXPORT_SYMBOL_GPL(x509_cert_parse);
136

137
/*
138
 * Note an OID when we find one for later processing when we know how
139
 * to interpret it.
140
 */
141
int x509_note_OID(void *context, size_t hdrlen,
142
	     unsigned char tag,
143
	     const void *value, size_t vlen)
144
{
145
	struct x509_parse_context *ctx = context;
146

147
	ctx->last_oid = look_up_OID(value, vlen);
148
	if (ctx->last_oid == OID__NR) {
149
		char buffer[50];
150
		sprint_oid(value, vlen, buffer, sizeof(buffer));
151
		pr_debug("Unknown OID: [%lu] %s\n",
152
			 (unsigned long)value - ctx->data, buffer);
153
	}
154
	return 0;
155
}
156

157
/*
158
 * Save the position of the TBS data so that we can check the signature over it
159
 * later.
160
 */
161
int x509_note_tbs_certificate(void *context, size_t hdrlen,
162
			      unsigned char tag,
163
			      const void *value, size_t vlen)
164
{
165
	struct x509_parse_context *ctx = context;
166

167
	pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n",
168
		 hdrlen, tag, (unsigned long)value - ctx->data, vlen);
169

170
	ctx->cert->tbs = value - hdrlen;
171
	ctx->cert->tbs_size = vlen + hdrlen;
172
	return 0;
173
}
174

175
/*
176
 * Record the algorithm that was used to sign this certificate.
177
 */
178
int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag,
179
		       const void *value, size_t vlen)
180
{
181
	struct x509_parse_context *ctx = context;
182

183
	pr_debug("PubKey Algo: %u\n", ctx->last_oid);
184

185
	switch (ctx->last_oid) {
186
	default:
187
		return -ENOPKG; /* Unsupported combination */
188

189
	case OID_sha1WithRSAEncryption:
190
		ctx->cert->sig->hash_algo = "sha1";
191
		goto rsa_pkcs1;
192

193
	case OID_sha256WithRSAEncryption:
194
		ctx->cert->sig->hash_algo = "sha256";
195
		goto rsa_pkcs1;
196

197
	case OID_sha384WithRSAEncryption:
198
		ctx->cert->sig->hash_algo = "sha384";
199
		goto rsa_pkcs1;
200

201
	case OID_sha512WithRSAEncryption:
202
		ctx->cert->sig->hash_algo = "sha512";
203
		goto rsa_pkcs1;
204

205
	case OID_sha224WithRSAEncryption:
206
		ctx->cert->sig->hash_algo = "sha224";
207
		goto rsa_pkcs1;
208

209
	case OID_id_ecdsa_with_sha1:
210
		ctx->cert->sig->hash_algo = "sha1";
211
		goto ecdsa;
212

213
	case OID_id_rsassa_pkcs1_v1_5_with_sha3_256:
214
		ctx->cert->sig->hash_algo = "sha3-256";
215
		goto rsa_pkcs1;
216

217
	case OID_id_rsassa_pkcs1_v1_5_with_sha3_384:
218
		ctx->cert->sig->hash_algo = "sha3-384";
219
		goto rsa_pkcs1;
220

221
	case OID_id_rsassa_pkcs1_v1_5_with_sha3_512:
222
		ctx->cert->sig->hash_algo = "sha3-512";
223
		goto rsa_pkcs1;
224

225
	case OID_id_ecdsa_with_sha224:
226
		ctx->cert->sig->hash_algo = "sha224";
227
		goto ecdsa;
228

229
	case OID_id_ecdsa_with_sha256:
230
		ctx->cert->sig->hash_algo = "sha256";
231
		goto ecdsa;
232

233
	case OID_id_ecdsa_with_sha384:
234
		ctx->cert->sig->hash_algo = "sha384";
235
		goto ecdsa;
236

237
	case OID_id_ecdsa_with_sha512:
238
		ctx->cert->sig->hash_algo = "sha512";
239
		goto ecdsa;
240

241
	case OID_id_ecdsa_with_sha3_256:
242
		ctx->cert->sig->hash_algo = "sha3-256";
243
		goto ecdsa;
244

245
	case OID_id_ecdsa_with_sha3_384:
246
		ctx->cert->sig->hash_algo = "sha3-384";
247
		goto ecdsa;
248

249
	case OID_id_ecdsa_with_sha3_512:
250
		ctx->cert->sig->hash_algo = "sha3-512";
251
		goto ecdsa;
252

253
	case OID_gost2012Signature256:
254
		ctx->cert->sig->hash_algo = "streebog256";
255
		goto ecrdsa;
256

257
	case OID_gost2012Signature512:
258
		ctx->cert->sig->hash_algo = "streebog512";
259
		goto ecrdsa;
260
	}
261

262
rsa_pkcs1:
263
	ctx->cert->sig->pkey_algo = "rsa";
264
	ctx->cert->sig->encoding = "pkcs1";
265
	ctx->sig_algo = ctx->last_oid;
266
	return 0;
267
ecrdsa:
268
	ctx->cert->sig->pkey_algo = "ecrdsa";
269
	ctx->cert->sig->encoding = "raw";
270
	ctx->sig_algo = ctx->last_oid;
271
	return 0;
272
ecdsa:
273
	ctx->cert->sig->pkey_algo = "ecdsa";
274
	ctx->cert->sig->encoding = "x962";
275
	ctx->sig_algo = ctx->last_oid;
276
	return 0;
277
}
278

279
/*
280
 * Note the whereabouts and type of the signature.
281
 */
282
int x509_note_signature(void *context, size_t hdrlen,
283
			unsigned char tag,
284
			const void *value, size_t vlen)
285
{
286
	struct x509_parse_context *ctx = context;
287

288
	pr_debug("Signature: alg=%u, size=%zu\n", ctx->last_oid, vlen);
289

290
	/*
291
	 * In X.509 certificates, the signature's algorithm is stored in two
292
	 * places: inside the TBSCertificate (the data that is signed), and
293
	 * alongside the signature.  These *must* match.
294
	 */
295
	if (ctx->last_oid != ctx->sig_algo) {
296
		pr_warn("signatureAlgorithm (%u) differs from tbsCertificate.signature (%u)\n",
297
			ctx->last_oid, ctx->sig_algo);
298
		return -EINVAL;
299
	}
300

301
	if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 ||
302
	    strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 ||
303
	    strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) {
304
		/* Discard the BIT STRING metadata */
305
		if (vlen < 1 || *(const u8 *)value != 0)
306
			return -EBADMSG;
307

308
		value++;
309
		vlen--;
310
	}
311

312
	ctx->cert->raw_sig = value;
313
	ctx->cert->raw_sig_size = vlen;
314
	return 0;
315
}
316

317
/*
318
 * Note the certificate serial number
319
 */
320
int x509_note_serial(void *context, size_t hdrlen,
321
		     unsigned char tag,
322
		     const void *value, size_t vlen)
323
{
324
	struct x509_parse_context *ctx = context;
325
	ctx->cert->raw_serial = value;
326
	ctx->cert->raw_serial_size = vlen;
327
	return 0;
328
}
329

330
/*
331
 * Note some of the name segments from which we'll fabricate a name.
332
 */
333
int x509_extract_name_segment(void *context, size_t hdrlen,
334
			      unsigned char tag,
335
			      const void *value, size_t vlen)
336
{
337
	struct x509_parse_context *ctx = context;
338

339
	switch (ctx->last_oid) {
340
	case OID_commonName:
341
		ctx->cn_size = vlen;
342
		ctx->cn_offset = (unsigned long)value - ctx->data;
343
		break;
344
	case OID_organizationName:
345
		ctx->o_size = vlen;
346
		ctx->o_offset = (unsigned long)value - ctx->data;
347
		break;
348
	case OID_email_address:
349
		ctx->email_size = vlen;
350
		ctx->email_offset = (unsigned long)value - ctx->data;
351
		break;
352
	default:
353
		break;
354
	}
355

356
	return 0;
357
}
358

359
/*
360
 * Fabricate and save the issuer and subject names
361
 */
362
static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen,
363
			       unsigned char tag,
364
			       char **_name, size_t vlen)
365
{
366
	const void *name, *data = (const void *)ctx->data;
367
	size_t namesize;
368
	char *buffer;
369

370
	if (*_name)
371
		return -EINVAL;
372

373
	/* Empty name string if no material */
374
	if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) {
375
		buffer = kzalloc(1, GFP_KERNEL);
376
		if (!buffer)
377
			return -ENOMEM;
378
		goto done;
379
	}
380

381
	if (ctx->cn_size && ctx->o_size) {
382
		/* Consider combining O and CN, but use only the CN if it is
383
		 * prefixed by the O, or a significant portion thereof.
384
		 */
385
		namesize = ctx->cn_size;
386
		name = data + ctx->cn_offset;
387
		if (ctx->cn_size >= ctx->o_size &&
388
		    memcmp(data + ctx->cn_offset, data + ctx->o_offset,
389
			   ctx->o_size) == 0)
390
			goto single_component;
391
		if (ctx->cn_size >= 7 &&
392
		    ctx->o_size >= 7 &&
393
		    memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0)
394
			goto single_component;
395

396
		buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1,
397
				 GFP_KERNEL);
398
		if (!buffer)
399
			return -ENOMEM;
400

401
		memcpy(buffer,
402
		       data + ctx->o_offset, ctx->o_size);
403
		buffer[ctx->o_size + 0] = ':';
404
		buffer[ctx->o_size + 1] = ' ';
405
		memcpy(buffer + ctx->o_size + 2,
406
		       data + ctx->cn_offset, ctx->cn_size);
407
		buffer[ctx->o_size + 2 + ctx->cn_size] = 0;
408
		goto done;
409

410
	} else if (ctx->cn_size) {
411
		namesize = ctx->cn_size;
412
		name = data + ctx->cn_offset;
413
	} else if (ctx->o_size) {
414
		namesize = ctx->o_size;
415
		name = data + ctx->o_offset;
416
	} else {
417
		namesize = ctx->email_size;
418
		name = data + ctx->email_offset;
419
	}
420

421
single_component:
422
	buffer = kmalloc(namesize + 1, GFP_KERNEL);
423
	if (!buffer)
424
		return -ENOMEM;
425
	memcpy(buffer, name, namesize);
426
	buffer[namesize] = 0;
427

428
done:
429
	*_name = buffer;
430
	ctx->cn_size = 0;
431
	ctx->o_size = 0;
432
	ctx->email_size = 0;
433
	return 0;
434
}
435

436
int x509_note_issuer(void *context, size_t hdrlen,
437
		     unsigned char tag,
438
		     const void *value, size_t vlen)
439
{
440
	struct x509_parse_context *ctx = context;
441
	struct asymmetric_key_id *kid;
442

443
	ctx->cert->raw_issuer = value;
444
	ctx->cert->raw_issuer_size = vlen;
445

446
	if (!ctx->cert->sig->auth_ids[2]) {
447
		kid = asymmetric_key_generate_id(value, vlen, "", 0);
448
		if (IS_ERR(kid))
449
			return PTR_ERR(kid);
450
		ctx->cert->sig->auth_ids[2] = kid;
451
	}
452

453
	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
454
}
455

456
int x509_note_subject(void *context, size_t hdrlen,
457
		      unsigned char tag,
458
		      const void *value, size_t vlen)
459
{
460
	struct x509_parse_context *ctx = context;
461
	ctx->cert->raw_subject = value;
462
	ctx->cert->raw_subject_size = vlen;
463
	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
464
}
465

466
/*
467
 * Extract the parameters for the public key
468
 */
469
int x509_note_params(void *context, size_t hdrlen,
470
		     unsigned char tag,
471
		     const void *value, size_t vlen)
472
{
473
	struct x509_parse_context *ctx = context;
474

475
	/*
476
	 * AlgorithmIdentifier is used three times in the x509, we should skip
477
	 * first and ignore third, using second one which is after subject and
478
	 * before subjectPublicKey.
479
	 */
480
	if (!ctx->cert->raw_subject || ctx->key)
481
		return 0;
482
	ctx->params = value - hdrlen;
483
	ctx->params_size = vlen + hdrlen;
484
	return 0;
485
}
486

487
/*
488
 * Extract the data for the public key algorithm
489
 */
490
int x509_extract_key_data(void *context, size_t hdrlen,
491
			  unsigned char tag,
492
			  const void *value, size_t vlen)
493
{
494
	struct x509_parse_context *ctx = context;
495
	enum OID oid;
496

497
	ctx->key_algo = ctx->last_oid;
498
	switch (ctx->last_oid) {
499
	case OID_rsaEncryption:
500
		ctx->cert->pub->pkey_algo = "rsa";
501
		break;
502
	case OID_gost2012PKey256:
503
	case OID_gost2012PKey512:
504
		ctx->cert->pub->pkey_algo = "ecrdsa";
505
		break;
506
	case OID_id_ecPublicKey:
507
		if (parse_OID(ctx->params, ctx->params_size, &oid) != 0)
508
			return -EBADMSG;
509

510
		switch (oid) {
511
		case OID_id_prime192v1:
512
			ctx->cert->pub->pkey_algo = "ecdsa-nist-p192";
513
			break;
514
		case OID_id_prime256v1:
515
			ctx->cert->pub->pkey_algo = "ecdsa-nist-p256";
516
			break;
517
		case OID_id_ansip384r1:
518
			ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
519
			break;
520
		case OID_id_ansip521r1:
521
			ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
522
			break;
523
		default:
524
			return -ENOPKG;
525
		}
526
		break;
527
	default:
528
		return -ENOPKG;
529
	}
530

531
	/* Discard the BIT STRING metadata */
532
	if (vlen < 1 || *(const u8 *)value != 0)
533
		return -EBADMSG;
534
	ctx->key = value + 1;
535
	ctx->key_size = vlen - 1;
536
	return 0;
537
}
538

539
/* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */
540
#define SEQ_TAG_KEYID (ASN1_CONT << 6)
541

542
/*
543
 * Process certificate extensions that are used to qualify the certificate.
544
 */
545
int x509_process_extension(void *context, size_t hdrlen,
546
			   unsigned char tag,
547
			   const void *value, size_t vlen)
548
{
549
	struct x509_parse_context *ctx = context;
550
	struct asymmetric_key_id *kid;
551
	const unsigned char *v = value;
552

553
	pr_debug("Extension: %u\n", ctx->last_oid);
554

555
	if (ctx->last_oid == OID_subjectKeyIdentifier) {
556
		/* Get hold of the key fingerprint */
557
		if (ctx->cert->skid || vlen < 3)
558
			return -EBADMSG;
559
		if (v[0] != ASN1_OTS || v[1] != vlen - 2)
560
			return -EBADMSG;
561
		v += 2;
562
		vlen -= 2;
563

564
		ctx->cert->raw_skid_size = vlen;
565
		ctx->cert->raw_skid = v;
566
		kid = asymmetric_key_generate_id(v, vlen, "", 0);
567
		if (IS_ERR(kid))
568
			return PTR_ERR(kid);
569
		ctx->cert->skid = kid;
570
		pr_debug("subjkeyid %*phN\n", kid->len, kid->data);
571
		return 0;
572
	}
573

574
	if (ctx->last_oid == OID_keyUsage) {
575
		/*
576
		 * Get hold of the keyUsage bit string
577
		 * v[1] is the encoding size
578
		 *       (Expect either 0x02 or 0x03, making it 1 or 2 bytes)
579
		 * v[2] is the number of unused bits in the bit string
580
		 *       (If >= 3 keyCertSign is missing when v[1] = 0x02)
581
		 * v[3] and possibly v[4] contain the bit string
582
		 *
583
		 * From RFC 5280 4.2.1.3:
584
		 *   0x04 is where keyCertSign lands in this bit string
585
		 *   0x80 is where digitalSignature lands in this bit string
586
		 */
587
		if (v[0] != ASN1_BTS)
588
			return -EBADMSG;
589
		if (vlen < 4)
590
			return -EBADMSG;
591
		if (v[2] >= 8)
592
			return -EBADMSG;
593
		if (v[3] & 0x80)
594
			ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_DIGITALSIG;
595
		if (v[1] == 0x02 && v[2] <= 2 && (v[3] & 0x04))
596
			ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN;
597
		else if (vlen > 4 && v[1] == 0x03 && (v[3] & 0x04))
598
			ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN;
599
		return 0;
600
	}
601

602
	if (ctx->last_oid == OID_authorityKeyIdentifier) {
603
		/* Get hold of the CA key fingerprint */
604
		ctx->raw_akid = v;
605
		ctx->raw_akid_size = vlen;
606
		return 0;
607
	}
608

609
	if (ctx->last_oid == OID_basicConstraints) {
610
		/*
611
		 * Get hold of the basicConstraints
612
		 * v[1] is the encoding size
613
		 *	(Expect 0x00 for empty SEQUENCE with CA:FALSE, or
614
		 *	0x03 or greater for non-empty SEQUENCE)
615
		 * v[2] is the encoding type
616
		 *	(Expect an ASN1_BOOL for the CA)
617
		 * v[3] is the length of the ASN1_BOOL
618
		 *	(Expect 1 for a single byte boolean)
619
		 * v[4] is the contents of the ASN1_BOOL
620
		 *	(Expect 0xFF if the CA is TRUE)
621
		 * vlen should match the entire extension size
622
		 */
623
		if (v[0] != (ASN1_CONS_BIT | ASN1_SEQ))
624
			return -EBADMSG;
625
		if (vlen < 2)
626
			return -EBADMSG;
627
		if (v[1] != vlen - 2)
628
			return -EBADMSG;
629
		/* Empty SEQUENCE means CA:FALSE (default value omitted per DER) */
630
		if (v[1] == 0)
631
			return 0;
632
		if (vlen >= 5 && v[2] == ASN1_BOOL && v[3] == 1 && v[4] == 0xFF)
633
			ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_CA;
634
		else
635
			return -EBADMSG;
636
		return 0;
637
	}
638

639
	return 0;
640
}
641

642
/**
643
 * x509_decode_time - Decode an X.509 time ASN.1 object
644
 * @_t: The time to fill in
645
 * @hdrlen: The length of the object header
646
 * @tag: The object tag
647
 * @value: The object value
648
 * @vlen: The size of the object value
649
 *
650
 * Decode an ASN.1 universal time or generalised time field into a struct the
651
 * kernel can handle and check it for validity.  The time is decoded thus:
652
 *
653
 *	[RFC5280 §4.1.2.5]
654
 *	CAs conforming to this profile MUST always encode certificate validity
655
 *	dates through the year 2049 as UTCTime; certificate validity dates in
656
 *	2050 or later MUST be encoded as GeneralizedTime.  Conforming
657
 *	applications MUST be able to process validity dates that are encoded in
658
 *	either UTCTime or GeneralizedTime.
659
 */
660
int x509_decode_time(time64_t *_t,  size_t hdrlen,
661
		     unsigned char tag,
662
		     const unsigned char *value, size_t vlen)
663
{
664
	static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30,
665
						       31, 31, 30, 31, 30, 31 };
666
	const unsigned char *p = value;
667
	unsigned year, mon, day, hour, min, sec, mon_len;
668

669
#define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; })
670
#define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; })
671

672
	if (tag == ASN1_UNITIM) {
673
		/* UTCTime: YYMMDDHHMMSSZ */
674
		if (vlen != 13)
675
			goto unsupported_time;
676
		year = DD2bin(p);
677
		if (year >= 50)
678
			year += 1900;
679
		else
680
			year += 2000;
681
	} else if (tag == ASN1_GENTIM) {
682
		/* GenTime: YYYYMMDDHHMMSSZ */
683
		if (vlen != 15)
684
			goto unsupported_time;
685
		year = DD2bin(p) * 100 + DD2bin(p);
686
		if (year >= 1950 && year <= 2049)
687
			goto invalid_time;
688
	} else {
689
		goto unsupported_time;
690
	}
691

692
	mon  = DD2bin(p);
693
	day = DD2bin(p);
694
	hour = DD2bin(p);
695
	min  = DD2bin(p);
696
	sec  = DD2bin(p);
697

698
	if (*p != 'Z')
699
		goto unsupported_time;
700

701
	if (year < 1970 ||
702
	    mon < 1 || mon > 12)
703
		goto invalid_time;
704

705
	mon_len = month_lengths[mon - 1];
706
	if (mon == 2) {
707
		if (year % 4 == 0) {
708
			mon_len = 29;
709
			if (year % 100 == 0) {
710
				mon_len = 28;
711
				if (year % 400 == 0)
712
					mon_len = 29;
713
			}
714
		}
715
	}
716

717
	if (day < 1 || day > mon_len ||
718
	    hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */
719
	    min > 59 ||
720
	    sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */
721
		goto invalid_time;
722

723
	*_t = mktime64(year, mon, day, hour, min, sec);
724
	return 0;
725

726
unsupported_time:
727
	pr_debug("Got unsupported time [tag %02x]: '%*phN'\n",
728
		 tag, (int)vlen, value);
729
	return -EBADMSG;
730
invalid_time:
731
	pr_debug("Got invalid time [tag %02x]: '%*phN'\n",
732
		 tag, (int)vlen, value);
733
	return -EBADMSG;
734
}
735
EXPORT_SYMBOL_GPL(x509_decode_time);
736

737
int x509_note_not_before(void *context, size_t hdrlen,
738
			 unsigned char tag,
739
			 const void *value, size_t vlen)
740
{
741
	struct x509_parse_context *ctx = context;
742
	return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen);
743
}
744

745
int x509_note_not_after(void *context, size_t hdrlen,
746
			unsigned char tag,
747
			const void *value, size_t vlen)
748
{
749
	struct x509_parse_context *ctx = context;
750
	return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen);
751
}
752

753
/*
754
 * Note a key identifier-based AuthorityKeyIdentifier
755
 */
756
int x509_akid_note_kid(void *context, size_t hdrlen,
757
		       unsigned char tag,
758
		       const void *value, size_t vlen)
759
{
760
	struct x509_parse_context *ctx = context;
761
	struct asymmetric_key_id *kid;
762

763
	pr_debug("AKID: keyid: %*phN\n", (int)vlen, value);
764

765
	if (ctx->cert->sig->auth_ids[1])
766
		return 0;
767

768
	kid = asymmetric_key_generate_id(value, vlen, "", 0);
769
	if (IS_ERR(kid))
770
		return PTR_ERR(kid);
771
	pr_debug("authkeyid %*phN\n", kid->len, kid->data);
772
	ctx->cert->sig->auth_ids[1] = kid;
773
	return 0;
774
}
775

776
/*
777
 * Note a directoryName in an AuthorityKeyIdentifier
778
 */
779
int x509_akid_note_name(void *context, size_t hdrlen,
780
			unsigned char tag,
781
			const void *value, size_t vlen)
782
{
783
	struct x509_parse_context *ctx = context;
784

785
	pr_debug("AKID: name: %*phN\n", (int)vlen, value);
786

787
	ctx->akid_raw_issuer = value;
788
	ctx->akid_raw_issuer_size = vlen;
789
	return 0;
790
}
791

792
/*
793
 * Note a serial number in an AuthorityKeyIdentifier
794
 */
795
int x509_akid_note_serial(void *context, size_t hdrlen,
796
			  unsigned char tag,
797
			  const void *value, size_t vlen)
798
{
799
	struct x509_parse_context *ctx = context;
800
	struct asymmetric_key_id *kid;
801

802
	pr_debug("AKID: serial: %*phN\n", (int)vlen, value);
803

804
	if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0])
805
		return 0;
806

807
	kid = asymmetric_key_generate_id(value,
808
					 vlen,
809
					 ctx->akid_raw_issuer,
810
					 ctx->akid_raw_issuer_size);
811
	if (IS_ERR(kid))
812
		return PTR_ERR(kid);
813

814
	pr_debug("authkeyid %*phN\n", kid->len, kid->data);
815
	ctx->cert->sig->auth_ids[0] = kid;
816
	return 0;
817
}
818

819