robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
4685 Commits
2 Branches
Tree: 151e4d9bfa
ipxe/src/crypto/ocsp.c

ocsp.c 27KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948 
  1. /*

  2.  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or (at your option) any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

  17.  * 02110-1301, USA.

  18.  */

  19. 

  20. FILE_LICENCE ( GPL2_OR_LATER );

  21. 

  22. #include <stdint.h>

  23. #include <stdlib.h>

  24. #include <stdio.h>

  25. #include <string.h>

  26. #include <errno.h>

  27. #include <ipxe/asn1.h>

  28. #include <ipxe/x509.h>

  29. #include <ipxe/sha1.h>

  30. #include <ipxe/base64.h>

  31. #include <ipxe/uri.h>

  32. #include <ipxe/ocsp.h>

  33. 

  34. /** @file

  35.  *

  36.  * Online Certificate Status Protocol

  37.  *

  38.  */

  39. 

  40. /* Disambiguate the various error causes */

  41. #define EACCES_CERT_STATUS						\

  42. 	__einfo_error ( EINFO_EACCES_CERT_STATUS )

  43. #define EINFO_EACCES_CERT_STATUS					\

  44. 	__einfo_uniqify ( EINFO_EACCES, 0x01,				\

  45. 			  "Certificate status not good" )

  46. #define EACCES_CERT_MISMATCH						\

  47. 	__einfo_error ( EINFO_EACCES_CERT_MISMATCH )

  48. #define EINFO_EACCES_CERT_MISMATCH					\

  49. 	__einfo_uniqify ( EINFO_EACCES, 0x02,				\

  50. 			  "Certificate ID mismatch" )

  51. #define EACCES_NON_OCSP_SIGNING						\

  52. 	__einfo_error ( EINFO_EACCES_NON_OCSP_SIGNING )

  53. #define EINFO_EACCES_NON_OCSP_SIGNING					\

  54. 	__einfo_uniqify ( EINFO_EACCES, 0x03,				\

  55. 			  "Not an OCSP signing certificate" )

  56. #define EACCES_STALE							\

  57. 	__einfo_error ( EINFO_EACCES_STALE )

  58. #define EINFO_EACCES_STALE						\

  59. 	__einfo_uniqify ( EINFO_EACCES, 0x04,				\

  60. 			  "Stale (or premature) OCSP repsonse" )

  61. #define EACCES_NO_RESPONDER						\

  62. 	__einfo_error ( EINFO_EACCES_NO_RESPONDER )

  63. #define EINFO_EACCES_NO_RESPONDER					\

  64. 	__einfo_uniqify ( EINFO_EACCES, 0x05,				\

  65. 			  "Missing OCSP responder certificate" )

  66. #define ENOTSUP_RESPONSE_TYPE						\

  67. 	__einfo_error ( EINFO_ENOTSUP_RESPONSE_TYPE )

  68. #define EINFO_ENOTSUP_RESPONSE_TYPE					\

  69. 	__einfo_uniqify ( EINFO_ENOTSUP, 0x01,				\

  70. 			  "Unsupported OCSP response type" )

  71. #define ENOTSUP_RESPONDER_ID						\

  72. 	__einfo_error ( EINFO_ENOTSUP_RESPONDER_ID )

  73. #define EINFO_ENOTSUP_RESPONDER_ID					\

  74. 	__einfo_uniqify ( EINFO_ENOTSUP, 0x02,				\

  75. 			  "Unsupported OCSP responder ID" )

  76. #define EPROTO_MALFORMED_REQUEST					\

  77. 	__einfo_error ( EINFO_EPROTO_MALFORMED_REQUEST )

  78. #define EINFO_EPROTO_MALFORMED_REQUEST					\

  79. 	__einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_MALFORMED_REQUEST,	\

  80. 			  "Illegal confirmation request" )

  81. #define EPROTO_INTERNAL_ERROR						\

  82. 	__einfo_error ( EINFO_EPROTO_INTERNAL_ERROR )

  83. #define EINFO_EPROTO_INTERNAL_ERROR					\

  84. 	__einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_INTERNAL_ERROR,	\

  85. 			  "Internal error in issuer" )

  86. #define EPROTO_TRY_LATER						\

  87. 	__einfo_error ( EINFO_EPROTO_TRY_LATER )

  88. #define EINFO_EPROTO_TRY_LATER						\

  89. 	__einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_TRY_LATER,		\

  90. 			  "Try again later" )

  91. #define EPROTO_SIG_REQUIRED						\

  92. 	__einfo_error ( EINFO_EPROTO_SIG_REQUIRED )

  93. #define EINFO_EPROTO_SIG_REQUIRED					\

  94. 	__einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_SIG_REQUIRED,	\

  95. 			  "Must sign the request" )

  96. #define EPROTO_UNAUTHORIZED						\

  97. 	__einfo_error ( EINFO_EPROTO_UNAUTHORIZED )

  98. #define EINFO_EPROTO_UNAUTHORIZED					\

  99. 	__einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_UNAUTHORIZED,	\

  100. 			  "Request unauthorized" )

  101. #define EPROTO_STATUS( status )						\

  102. 	EUNIQ ( EINFO_EPROTO, (status), EPROTO_MALFORMED_REQUEST,	\

  103. 		EPROTO_INTERNAL_ERROR, EPROTO_TRY_LATER,		\

  104. 		EPROTO_SIG_REQUIRED, EPROTO_UNAUTHORIZED )

  105. 

  106. /** OCSP digest algorithm */

  107. #define ocsp_digest_algorithm sha1_algorithm

  108. 

  109. /** OCSP digest algorithm identifier */

  110. static const uint8_t ocsp_algorithm_id[] =

  111. 	{ OCSP_ALGORITHM_IDENTIFIER ( ASN1_OID_SHA1 ) };

  112. 

  113. /** OCSP basic response type */

  114. static const uint8_t oid_basic_response_type[] = { ASN1_OID_OCSP_BASIC };

  115. 

  116. /** OCSP basic response type cursor */

  117. static struct asn1_cursor oid_basic_response_type_cursor =

  118. 	ASN1_OID_CURSOR ( oid_basic_response_type );

  119. 

  120. /**

  121.  * Free OCSP check

  122.  *

  123.  * @v refcnt		Reference count

  124.  */

  125. static void ocsp_free ( struct refcnt *refcnt ) {

  126. 	struct ocsp_check *ocsp =

  127. 		container_of ( refcnt, struct ocsp_check, refcnt );

  128. 

  129. 	x509_put ( ocsp->cert );

  130. 	x509_put ( ocsp->issuer );

  131. 	free ( ocsp->uri_string );

  132. 	free ( ocsp->request.builder.data );

  133. 	free ( ocsp->response.data );

  134. 	x509_put ( ocsp->response.signer );

  135. 	free ( ocsp );

  136. }

  137. 

  138. /**

  139.  * Build OCSP request

  140.  *

  141.  * @v ocsp		OCSP check

  142.  * @ret rc		Return status code

  143.  */

  144. static int ocsp_request ( struct ocsp_check *ocsp ) {

  145. 	struct digest_algorithm *digest = &ocsp_digest_algorithm;

  146. 	struct asn1_builder *builder = &ocsp->request.builder;

  147. 	struct asn1_cursor *cert_id = &ocsp->request.cert_id;

  148. 	uint8_t digest_ctx[digest->ctxsize];

  149. 	uint8_t name_digest[digest->digestsize];

  150. 	uint8_t pubkey_digest[digest->digestsize];

  151. 	int rc;

  152. 

  153. 	/* Generate digests */

  154. 	digest_init ( digest, digest_ctx );

  155. 	digest_update ( digest, digest_ctx, ocsp->cert->issuer.raw.data,

  156. 			ocsp->cert->issuer.raw.len );

  157. 	digest_final ( digest, digest_ctx, name_digest );

  158. 	digest_init ( digest, digest_ctx );

  159. 	digest_update ( digest, digest_ctx,

  160. 			ocsp->issuer->subject.public_key.raw_bits.data,

  161. 			ocsp->issuer->subject.public_key.raw_bits.len );

  162. 	digest_final ( digest, digest_ctx, pubkey_digest );

  163. 

  164. 	/* Construct request */

  165. 	if ( ( rc = ( asn1_prepend_raw ( builder, ocsp->cert->serial.raw.data,

  166. 					 ocsp->cert->serial.raw.len ),

  167. 		      asn1_prepend ( builder, ASN1_OCTET_STRING,

  168. 				     pubkey_digest, sizeof ( pubkey_digest ) ),

  169. 		      asn1_prepend ( builder, ASN1_OCTET_STRING,

  170. 				     name_digest, sizeof ( name_digest ) ),

  171. 		      asn1_prepend ( builder, ASN1_SEQUENCE,

  172. 				     ocsp_algorithm_id,

  173. 				     sizeof ( ocsp_algorithm_id ) ),

  174. 		      asn1_wrap ( builder, ASN1_SEQUENCE ),

  175. 		      asn1_wrap ( builder, ASN1_SEQUENCE ),

  176. 		      asn1_wrap ( builder, ASN1_SEQUENCE ),

  177. 		      asn1_wrap ( builder, ASN1_SEQUENCE ),

  178. 		      asn1_wrap ( builder, ASN1_SEQUENCE ) ) ) != 0 ) {

  179. 		DBGC ( ocsp, "OCSP %p \"%s\" could not build request: %s\n",

  180. 		       ocsp, ocsp->cert->subject.name, strerror ( rc ) );

  181. 		return rc;

  182. 	}

  183. 	DBGC2 ( ocsp, "OCSP %p \"%s\" request is:\n",

  184. 		ocsp, ocsp->cert->subject.name );

  185. 	DBGC2_HDA ( ocsp, 0, builder->data, builder->len );

  186. 

  187. 	/* Parse certificate ID for comparison with response */

  188. 	cert_id->data = builder->data;

  189. 	cert_id->len = builder->len;

  190. 	if ( ( rc = ( asn1_enter ( cert_id, ASN1_SEQUENCE ),

  191. 		      asn1_enter ( cert_id, ASN1_SEQUENCE ),

  192. 		      asn1_enter ( cert_id, ASN1_SEQUENCE ),

  193. 		      asn1_enter ( cert_id, ASN1_SEQUENCE ) ) ) != 0 ) {

  194. 		DBGC ( ocsp, "OCSP %p \"%s\" could not locate certID: %s\n",

  195. 		       ocsp, ocsp->cert->subject.name, strerror ( rc ) );

  196. 		return rc;

  197. 	}

  198. 

  199. 	return 0;

  200. }

  201. 

  202. /**

  203.  * Build OCSP URI string

  204.  *

  205.  * @v ocsp		OCSP check

  206.  * @ret rc		Return status code

  207.  */

  208. static int ocsp_uri_string ( struct ocsp_check *ocsp ) {

  209. 	struct uri path_uri;

  210. 	char *base_uri_string;

  211. 	char *path_base64_string;

  212. 	char *path_uri_string;

  213. 	size_t path_len;

  214. 	int len;

  215. 	int rc;

  216. 

  217. 	/* Sanity check */

  218. 	base_uri_string = ocsp->cert->extensions.auth_info.ocsp.uri;

  219. 	if ( ! base_uri_string ) {

  220. 		DBGC ( ocsp, "OCSP %p \"%s\" has no OCSP URI\n",

  221. 		       ocsp, ocsp->cert->subject.name );

  222. 		rc = -ENOTTY;

  223. 		goto err_no_uri;

  224. 	}

  225. 

  226. 	/* Base64-encode the request as the URI path */

  227. 	path_len = ( base64_encoded_len ( ocsp->request.builder.len )

  228. 		     + 1 /* NUL */ );

  229. 	path_base64_string = malloc ( path_len );

  230. 	if ( ! path_base64_string ) {

  231. 		rc = -ENOMEM;

  232. 		goto err_path_base64;

  233. 	}

  234. 	base64_encode ( ocsp->request.builder.data, ocsp->request.builder.len,

  235. 			path_base64_string );

  236. 

  237. 	/* URI-encode the Base64-encoded request */

  238. 	memset ( &path_uri, 0, sizeof ( path_uri ) );

  239. 	path_uri.path = path_base64_string;

  240. 	path_uri_string = format_uri_alloc ( &path_uri );

  241. 	if ( ! path_uri_string ) {

  242. 		rc = -ENOMEM;

  243. 		goto err_path_uri;

  244. 	}

  245. 

  246. 	/* Construct URI string */

  247. 	if ( ( len = asprintf ( &ocsp->uri_string, "%s/%s", base_uri_string,

  248. 				path_uri_string ) ) < 0 ) {

  249. 		rc = len;

  250. 		goto err_ocsp_uri;

  251. 	}

  252. 	DBGC2 ( ocsp, "OCSP %p \"%s\" URI is %s\n",

  253. 		ocsp, ocsp->cert->subject.name, ocsp->uri_string );

  254. 

  255. 	/* Success */

  256. 	rc = 0;

  257. 

  258.  err_ocsp_uri:

  259. 	free ( path_uri_string );

  260.  err_path_uri:

  261. 	free ( path_base64_string );

  262.  err_path_base64:

  263.  err_no_uri:

  264. 	return rc;

  265. }

  266. 

  267. /**

  268.  * Create OCSP check

  269.  *

  270.  * @v cert		Certificate to check

  271.  * @v issuer		Issuing certificate

  272.  * @ret ocsp		OCSP check

  273.  * @ret rc		Return status code

  274.  */

  275. int ocsp_check ( struct x509_certificate *cert,

  276. 		 struct x509_certificate *issuer,

  277. 		 struct ocsp_check **ocsp ) {

  278. 	int rc;

  279. 

  280. 	/* Sanity checks */

  281. 	assert ( cert != NULL );

  282. 	assert ( issuer != NULL );

  283. 	assert ( issuer->valid );

  284. 

  285. 	/* Allocate and initialise check */

  286. 	*ocsp = zalloc ( sizeof ( **ocsp ) );

  287. 	if ( ! *ocsp ) {

  288. 		rc = -ENOMEM;

  289. 		goto err_alloc;

  290. 	}

  291. 	ref_init ( &(*ocsp)->refcnt, ocsp_free );

  292. 	(*ocsp)->cert = x509_get ( cert );

  293. 	(*ocsp)->issuer = x509_get ( issuer );

  294. 

  295. 	/* Build request */

  296. 	if ( ( rc = ocsp_request ( *ocsp ) ) != 0 )

  297. 		goto err_request;

  298. 

  299. 	/* Build URI string */

  300. 	if ( ( rc = ocsp_uri_string ( *ocsp ) ) != 0 )

  301. 		goto err_uri_string;

  302. 

  303. 	return 0;

  304. 

  305.  err_uri_string:

  306.  err_request:

  307. 	ocsp_put ( *ocsp );

  308.  err_alloc:

  309. 	*ocsp = NULL;

  310. 	return rc;

  311. }

  312. 

  313. /**

  314.  * Parse OCSP response status

  315.  *

  316.  * @v ocsp		OCSP check

  317.  * @v raw		ASN.1 cursor

  318.  * @ret rc		Return status code

  319.  */

  320. static int ocsp_parse_response_status ( struct ocsp_check *ocsp,

  321. 					const struct asn1_cursor *raw ) {

  322. 	struct asn1_cursor cursor;

  323. 	uint8_t status;

  324. 	int rc;

  325. 

  326. 	/* Enter responseStatus */

  327. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  328. 	if ( ( rc = asn1_enter ( &cursor, ASN1_ENUMERATED ) ) != 0 ) {

  329. 		DBGC ( ocsp, "OCSP %p \"%s\" could not locate responseStatus: "

  330. 		       "%s\n", ocsp, ocsp->cert->subject.name, strerror ( rc ));

  331. 		return rc;

  332. 	}

  333. 

  334. 	/* Extract response status */

  335. 	if ( cursor.len != sizeof ( status ) ) {

  336. 		DBGC ( ocsp, "OCSP %p \"%s\" invalid status:\n",

  337. 		       ocsp, ocsp->cert->subject.name );

  338. 		DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );

  339. 		return -EINVAL;

  340. 	}

  341. 	memcpy ( &status, cursor.data, sizeof ( status ) );

  342. 

  343. 	/* Check response status */

  344. 	if ( status != OCSP_STATUS_SUCCESSFUL ) {

  345. 		DBGC ( ocsp, "OCSP %p \"%s\" response status %d\n",

  346. 		       ocsp, ocsp->cert->subject.name, status );

  347. 		return EPROTO_STATUS ( status );

  348. 	}

  349. 

  350. 	return 0;

  351. }

  352. 

  353. /**

  354.  * Parse OCSP response type

  355.  *

  356.  * @v ocsp		OCSP check

  357.  * @v raw		ASN.1 cursor

  358.  * @ret rc		Return status code

  359.  */

  360. static int ocsp_parse_response_type ( struct ocsp_check *ocsp,

  361. 				      const struct asn1_cursor *raw ) {

  362. 	struct asn1_cursor cursor;

  363. 

  364. 	/* Enter responseType */

  365. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  366. 	asn1_enter ( &cursor, ASN1_OID );

  367. 

  368. 	/* Check responseType is "basic" */

  369. 	if ( asn1_compare ( &oid_basic_response_type_cursor, &cursor ) != 0 ) {

  370. 		DBGC ( ocsp, "OCSP %p \"%s\" response type not supported:\n",

  371. 		       ocsp, ocsp->cert->subject.name );

  372. 		DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );

  373. 		return -ENOTSUP_RESPONSE_TYPE;

  374. 	}

  375. 

  376. 	return 0;

  377. }

  378. 

  379. /**

  380.  * Compare responder's certificate name

  381.  *

  382.  * @v ocsp		OCSP check

  383.  * @v cert		Certificate

  384.  * @ret difference	Difference as returned by memcmp()

  385.  */

  386. static int ocsp_compare_responder_name ( struct ocsp_check *ocsp,

  387. 					 struct x509_certificate *cert ) {

  388. 	struct ocsp_responder *responder = &ocsp->response.responder;

  389. 

  390. 	/* Compare responder ID with certificate's subject */

  391. 	return asn1_compare ( &responder->id, &cert->subject.raw );

  392. }

  393. 

  394. /**

  395.  * Compare responder's certificate public key hash

  396.  *

  397.  * @v ocsp		OCSP check

  398.  * @v cert		Certificate

  399.  * @ret difference	Difference as returned by memcmp()

  400.  */

  401. static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,

  402. 					     struct x509_certificate *cert ) {

  403. 	struct ocsp_responder *responder = &ocsp->response.responder;

  404. 	uint8_t ctx[SHA1_CTX_SIZE];

  405. 	uint8_t digest[SHA1_DIGEST_SIZE];

  406. 	int difference;

  407. 

  408. 	/* Sanity check */

  409. 	difference = ( sizeof ( digest ) - responder->id.len );

  410. 	if ( difference )

  411. 		return difference;

  412. 

  413. 	/* Generate SHA1 hash of certificate's public key */

  414. 	digest_init ( &sha1_algorithm, ctx );

  415. 	digest_update ( &sha1_algorithm, ctx,

  416. 			cert->subject.public_key.raw_bits.data,

  417. 			cert->subject.public_key.raw_bits.len );

  418. 	digest_final ( &sha1_algorithm, ctx, digest );

  419. 

  420. 	/* Compare responder ID with SHA1 hash of certificate's public key */

  421. 	return memcmp ( digest, responder->id.data, sizeof ( digest ) );

  422. }

  423. 

  424. /**

  425.  * Parse OCSP responder ID

  426.  *

  427.  * @v ocsp		OCSP check

  428.  * @v raw		ASN.1 cursor

  429.  * @ret rc		Return status code

  430.  */

  431. static int ocsp_parse_responder_id ( struct ocsp_check *ocsp,

  432. 				     const struct asn1_cursor *raw ) {

  433. 	struct ocsp_responder *responder = &ocsp->response.responder;

  434. 	struct asn1_cursor *responder_id = &responder->id;

  435. 	unsigned int type;

  436. 

  437. 	/* Enter responder ID */

  438. 	memcpy ( responder_id, raw, sizeof ( *responder_id ) );

  439. 	type = asn1_type ( responder_id );

  440. 	asn1_enter_any ( responder_id );

  441. 

  442. 	/* Identify responder ID type */

  443. 	switch ( type ) {

  444. 	case ASN1_EXPLICIT_TAG ( 1 ) :

  445. 		DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by name\n",

  446. 			ocsp, ocsp->cert->subject.name );

  447. 		responder->compare = ocsp_compare_responder_name;

  448. 		return 0;

  449. 	case ASN1_EXPLICIT_TAG ( 2 ) :

  450. 		DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by key "

  451. 			"hash\n", ocsp, ocsp->cert->subject.name );

  452. 		responder->compare = ocsp_compare_responder_key_hash;

  453. 		return 0;

  454. 	default:

  455. 		DBGC ( ocsp, "OCSP %p \"%s\" unsupported responder ID type "

  456. 		       "%d\n", ocsp, ocsp->cert->subject.name, type );

  457. 		return -ENOTSUP_RESPONDER_ID;

  458. 	}

  459. }

  460. 

  461. /**

  462.  * Parse OCSP certificate ID

  463.  *

  464.  * @v ocsp		OCSP check

  465.  * @v raw		ASN.1 cursor

  466.  * @ret rc		Return status code

  467.  */

  468. static int ocsp_parse_cert_id ( struct ocsp_check *ocsp,

  469. 				const struct asn1_cursor *raw ) {

  470. 	struct asn1_cursor cursor;

  471. 

  472. 	/* Check certID matches request */

  473. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  474. 	asn1_shrink_any ( &cursor );

  475. 	if ( asn1_compare ( &cursor, &ocsp->request.cert_id ) != 0 ) {

  476. 		DBGC ( ocsp, "OCSP %p \"%s\" certID mismatch:\n",

  477. 		       ocsp, ocsp->cert->subject.name );

  478. 		DBGC_HDA ( ocsp, 0, ocsp->request.cert_id.data,

  479. 			   ocsp->request.cert_id.len );

  480. 		DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );

  481. 		return -EACCES_CERT_MISMATCH;

  482. 	}

  483. 

  484. 	return 0;

  485. }

  486. 

  487. /**

  488.  * Parse OCSP responses

  489.  *

  490.  * @v ocsp		OCSP check

  491.  * @v raw		ASN.1 cursor

  492.  * @ret rc		Return status code

  493.  */

  494. static int ocsp_parse_responses ( struct ocsp_check *ocsp,

  495. 				  const struct asn1_cursor *raw ) {

  496. 	struct ocsp_response *response = &ocsp->response;

  497. 	struct asn1_cursor cursor;

  498. 	int rc;

  499. 

  500. 	/* Enter responses */

  501. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  502. 	asn1_enter ( &cursor, ASN1_SEQUENCE );

  503. 

  504. 	/* Enter first singleResponse */

  505. 	asn1_enter ( &cursor, ASN1_SEQUENCE );

  506. 

  507. 	/* Parse certID */

  508. 	if ( ( rc = ocsp_parse_cert_id ( ocsp, &cursor ) ) != 0 )

  509. 		return rc;

  510. 	asn1_skip_any ( &cursor );

  511. 

  512. 	/* Check certStatus */

  513. 	if ( asn1_type ( &cursor ) != ASN1_IMPLICIT_TAG ( 0 ) ) {

  514. 		DBGC ( ocsp, "OCSP %p \"%s\" non-good certStatus:\n",

  515. 		       ocsp, ocsp->cert->subject.name );

  516. 		DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );

  517. 		return -EACCES_CERT_STATUS;

  518. 	}

  519. 	asn1_skip_any ( &cursor );

  520. 

  521. 	/* Parse thisUpdate */

  522. 	if ( ( rc = asn1_generalized_time ( &cursor,

  523. 					    &response->this_update ) ) != 0 ) {

  524. 		DBGC ( ocsp, "OCSP %p \"%s\" could not parse thisUpdate: %s\n",

  525. 		       ocsp, ocsp->cert->subject.name, strerror ( rc ) );

  526. 		return rc;

  527. 	}

  528. 	DBGC2 ( ocsp, "OCSP %p \"%s\" this update was at time %lld\n",

  529. 		ocsp, ocsp->cert->subject.name, response->this_update );

  530. 	asn1_skip_any ( &cursor );

  531. 

  532. 	/* Parse nextUpdate, if present */

  533. 	if ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) {

  534. 		asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );

  535. 		if ( ( rc = asn1_generalized_time ( &cursor,

  536. 					     &response->next_update ) ) != 0 ) {

  537. 			DBGC ( ocsp, "OCSP %p \"%s\" could not parse "

  538. 			       "nextUpdate: %s\n", ocsp,

  539. 			       ocsp->cert->subject.name, strerror ( rc ) );

  540. 			return rc;

  541. 		}

  542. 		DBGC2 ( ocsp, "OCSP %p \"%s\" next update is at time %lld\n",

  543. 			ocsp, ocsp->cert->subject.name, response->next_update );

  544. 	} else {

  545. 		/* If no nextUpdate is present, this indicates that

  546. 		 * "newer revocation information is available all the

  547. 		 * time".  Actually, this indicates that there is no

  548. 		 * point to performing the OCSP check, since an

  549. 		 * attacker could replay the response at any future

  550. 		 * time and it would still be valid.

  551. 		 */

  552. 		DBGC ( ocsp, "OCSP %p \"%s\" responder is a moron\n",

  553. 		       ocsp, ocsp->cert->subject.name );

  554. 		response->next_update = time ( NULL );

  555. 	}

  556. 

  557. 	return 0;

  558. }

  559. 

  560. /**

  561.  * Parse OCSP response data

  562.  *

  563.  * @v ocsp		OCSP check

  564.  * @v raw		ASN.1 cursor

  565.  * @ret rc		Return status code

  566.  */

  567. static int ocsp_parse_tbs_response_data ( struct ocsp_check *ocsp,

  568. 					  const struct asn1_cursor *raw ) {

  569. 	struct ocsp_response *response = &ocsp->response;

  570. 	struct asn1_cursor cursor;

  571. 	int rc;

  572. 

  573. 	/* Record raw tbsResponseData */

  574. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  575. 	asn1_shrink_any ( &cursor );

  576. 	memcpy ( &response->tbs, &cursor, sizeof ( response->tbs ) );

  577. 

  578. 	/* Enter tbsResponseData */

  579. 	asn1_enter ( &cursor, ASN1_SEQUENCE );

  580. 

  581. 	/* Skip version, if present */

  582. 	asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );

  583. 

  584. 	/* Parse responderID */

  585. 	if ( ( rc = ocsp_parse_responder_id ( ocsp, &cursor ) ) != 0 )

  586. 		return rc;

  587. 	asn1_skip_any ( &cursor );

  588. 

  589. 	/* Skip producedAt */

  590. 	asn1_skip_any ( &cursor );

  591. 

  592. 	/* Parse responses */

  593. 	if ( ( rc = ocsp_parse_responses ( ocsp, &cursor ) ) != 0 )

  594. 		return rc;

  595. 

  596. 	return 0;

  597. }

  598. 

  599. /**

  600.  * Parse OCSP certificates

  601.  *

  602.  * @v ocsp		OCSP check

  603.  * @v raw		ASN.1 cursor

  604.  * @ret rc		Return status code

  605.  */

  606. static int ocsp_parse_certs ( struct ocsp_check *ocsp,

  607. 			      const struct asn1_cursor *raw ) {

  608. 	struct ocsp_response *response = &ocsp->response;

  609. 	struct asn1_cursor cursor;

  610. 	struct x509_certificate *cert;

  611. 	int rc;

  612. 

  613. 	/* Enter certs */

  614. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  615. 	asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );

  616. 	asn1_enter ( &cursor, ASN1_SEQUENCE );

  617. 

  618. 	/* Parse certificate, if present.  The data structure permits

  619. 	 * multiple certificates, but the protocol requires that the

  620. 	 * OCSP signing certificate must either be the issuer itself,

  621. 	 * or must be directly issued by the issuer (see RFC2560

  622. 	 * section 4.2.2.2 "Authorized Responders").  We therefore

  623. 	 * need to identify only the single certificate matching the

  624. 	 * Responder ID.

  625. 	 */

  626. 	while ( cursor.len ) {

  627. 

  628. 		/* Parse certificate */

  629. 		if ( ( rc = x509_certificate ( cursor.data, cursor.len,

  630. 					       &cert ) ) != 0 ) {

  631. 			DBGC ( ocsp, "OCSP %p \"%s\" could not parse "

  632. 			       "certificate: %s\n", ocsp,

  633. 			       ocsp->cert->subject.name, strerror ( rc ) );

  634. 			DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );

  635. 			return rc;

  636. 		}

  637. 

  638. 		/* Use if this certificate matches the responder ID */

  639. 		if ( response->responder.compare ( ocsp, cert ) == 0 ) {

  640. 			response->signer = cert;

  641. 			DBGC2 ( ocsp, "OCSP %p \"%s\" response is signed by "

  642. 				"\"%s\"\n", ocsp, ocsp->cert->subject.name,

  643. 				response->signer->subject.name );

  644. 			return 0;

  645. 		}

  646. 

  647. 		/* Otherwise, discard this certificate */

  648. 		x509_put ( cert );

  649. 		asn1_skip_any ( &cursor );

  650. 	}

  651. 

  652. 	DBGC ( ocsp, "OCSP %p \"%s\" missing responder certificate\n",

  653. 	       ocsp, ocsp->cert->subject.name );

  654. 	return -EACCES_NO_RESPONDER;

  655. }

  656. 

  657. /**

  658.  * Parse OCSP basic response

  659.  *

  660.  * @v ocsp		OCSP check

  661.  * @v raw		ASN.1 cursor

  662.  * @ret rc		Return status code

  663.  */

  664. static int ocsp_parse_basic_response ( struct ocsp_check *ocsp,

  665. 				       const struct asn1_cursor *raw ) {

  666. 	struct ocsp_response *response = &ocsp->response;

  667. 	struct asn1_algorithm **algorithm = &response->algorithm;

  668. 	struct asn1_bit_string *signature = &response->signature;

  669. 	struct asn1_cursor cursor;

  670. 	int rc;

  671. 

  672. 	/* Enter BasicOCSPResponse */

  673. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  674. 	asn1_enter ( &cursor, ASN1_SEQUENCE );

  675. 

  676. 	/* Parse tbsResponseData */

  677. 	if ( ( rc = ocsp_parse_tbs_response_data ( ocsp, &cursor ) ) != 0 )

  678. 		return rc;

  679. 	asn1_skip_any ( &cursor );

  680. 

  681. 	/* Parse signatureAlgorithm */

  682. 	if ( ( rc = asn1_signature_algorithm ( &cursor, algorithm ) ) != 0 ) {

  683. 		DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature "

  684. 		       "algorithm: %s\n",

  685. 		       ocsp, ocsp->cert->subject.name, strerror ( rc ) );

  686. 		return rc;

  687. 	}

  688. 	DBGC2 ( ocsp, "OCSP %p \"%s\" signature algorithm is %s\n",

  689. 		ocsp, ocsp->cert->subject.name, (*algorithm)->name );

  690. 	asn1_skip_any ( &cursor );

  691. 

  692. 	/* Parse signature */

  693. 	if ( ( rc = asn1_integral_bit_string ( &cursor, signature ) ) != 0 ) {

  694. 		DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature: %s\n",

  695. 		       ocsp, ocsp->cert->subject.name, strerror ( rc ) );

  696. 		return rc;

  697. 	}

  698. 	asn1_skip_any ( &cursor );

  699. 

  700. 	/* Parse certs, if present */

  701. 	if ( ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) &&

  702. 	     ( ( rc = ocsp_parse_certs ( ocsp, &cursor ) ) != 0 ) )

  703. 		return rc;

  704. 

  705. 	return 0;

  706. }

  707. 

  708. /**

  709.  * Parse OCSP response bytes

  710.  *

  711.  * @v ocsp		OCSP check

  712.  * @v raw		ASN.1 cursor

  713.  * @ret rc		Return status code

  714.  */

  715. static int ocsp_parse_response_bytes ( struct ocsp_check *ocsp,

  716. 				       const struct asn1_cursor *raw ) {

  717. 	struct asn1_cursor cursor;

  718. 	int rc;

  719. 

  720. 	/* Enter responseBytes */

  721. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  722. 	asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );

  723. 	asn1_enter ( &cursor, ASN1_SEQUENCE );

  724. 

  725. 	/* Parse responseType */

  726. 	if ( ( rc = ocsp_parse_response_type ( ocsp, &cursor ) ) != 0 )

  727. 		return rc;

  728. 	asn1_skip_any ( &cursor );

  729. 

  730. 	/* Enter response */

  731. 	asn1_enter ( &cursor, ASN1_OCTET_STRING );

  732. 

  733. 	/* Parse response */

  734. 	if ( ( rc = ocsp_parse_basic_response ( ocsp, &cursor ) ) != 0 )

  735. 		return rc;

  736. 

  737. 	return 0;

  738. }

  739. 

  740. /**

  741.  * Parse OCSP response

  742.  *

  743.  * @v ocsp		OCSP check

  744.  * @v raw		ASN.1 cursor

  745.  * @ret rc		Return status code

  746.  */

  747. static int ocsp_parse_response ( struct ocsp_check *ocsp,

  748. 				 const struct asn1_cursor *raw ) {

  749. 	struct asn1_cursor cursor;

  750. 	int rc;

  751. 

  752. 	/* Enter OCSPResponse */

  753. 	memcpy ( &cursor, raw, sizeof ( cursor ) );

  754. 	asn1_enter ( &cursor, ASN1_SEQUENCE );

  755. 

  756. 	/* Parse responseStatus */

  757. 	if ( ( rc = ocsp_parse_response_status ( ocsp, &cursor ) ) != 0 )

  758. 		return rc;

  759. 	asn1_skip_any ( &cursor );

  760. 

  761. 	/* Parse responseBytes */

  762. 	if ( ( rc = ocsp_parse_response_bytes ( ocsp, &cursor ) ) != 0 )

  763. 		return rc;

  764. 

  765. 	return 0;

  766. }

  767. 

  768. /**

  769.  * Receive OCSP response

  770.  *

  771.  * @v ocsp		OCSP check

  772.  * @v data		Response data

  773.  * @v len		Length of response data

  774.  * @ret rc		Return status code

  775.  */

  776. int ocsp_response ( struct ocsp_check *ocsp, const void *data, size_t len ) {

  777. 	struct ocsp_response *response = &ocsp->response;

  778. 	struct asn1_cursor cursor;

  779. 	int rc;

  780. 

  781. 	/* Duplicate data */

  782. 	x509_put ( response->signer );

  783. 	response->signer = NULL;

  784. 	free ( response->data );

  785. 	response->data = malloc ( len );

  786. 	if ( ! response->data )

  787. 		return -ENOMEM;

  788. 	memcpy ( response->data, data, len );

  789. 	cursor.data = response->data;

  790. 	cursor.len = len;

  791. 

  792. 	/* Parse response */

  793. 	if ( ( rc = ocsp_parse_response ( ocsp, &cursor ) ) != 0 )

  794. 		return rc;

  795. 

  796. 	return 0;

  797. }

  798. 

  799. /**

  800.  * OCSP dummy root certificate store

  801.  *

  802.  * OCSP validation uses no root certificates, since it takes place

  803.  * only when there already exists a validated issuer certificate.

  804.  */

  805. static struct x509_root ocsp_root = {

  806. 	.digest = &ocsp_digest_algorithm,

  807. 	.count = 0,

  808. 	.fingerprints = NULL,

  809. };

  810. 

  811. /**

  812.  * Check OCSP response signature

  813.  *

  814.  * @v ocsp		OCSP check

  815.  * @v signer		Signing certificate

  816.  * @ret rc		Return status code

  817.  */

  818. static int ocsp_check_signature ( struct ocsp_check *ocsp,

  819. 				  struct x509_certificate *signer ) {

  820. 	struct ocsp_response *response = &ocsp->response;

  821. 	struct digest_algorithm *digest = response->algorithm->digest;

  822. 	struct pubkey_algorithm *pubkey = response->algorithm->pubkey;

  823. 	struct x509_public_key *public_key = &signer->subject.public_key;

  824. 	uint8_t digest_ctx[ digest->ctxsize ];

  825. 	uint8_t digest_out[ digest->digestsize ];

  826. 	uint8_t pubkey_ctx[ pubkey->ctxsize ];

  827. 	int rc;

  828. 

  829. 	/* Generate digest */

  830. 	digest_init ( digest, digest_ctx );

  831. 	digest_update ( digest, digest_ctx, response->tbs.data,

  832. 			response->tbs.len );

  833. 	digest_final ( digest, digest_ctx, digest_out );

  834. 

  835. 	/* Initialise public-key algorithm */

  836. 	if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, public_key->raw.data,

  837. 				  public_key->raw.len ) ) != 0 ) {

  838. 		DBGC ( ocsp, "OCSP %p \"%s\" could not initialise public key: "

  839. 		       "%s\n", ocsp, ocsp->cert->subject.name, strerror ( rc ));

  840. 		goto err_init;

  841. 	}

  842. 

  843. 	/* Verify digest */

  844. 	if ( ( rc = pubkey_verify ( pubkey, pubkey_ctx, digest, digest_out,

  845. 				    response->signature.data,

  846. 				    response->signature.len ) ) != 0 ) {

  847. 		DBGC ( ocsp, "OCSP %p \"%s\" signature verification failed: "

  848. 		       "%s\n", ocsp, ocsp->cert->subject.name, strerror ( rc ));

  849. 		goto err_verify;

  850. 	}

  851. 

  852. 	DBGC2 ( ocsp, "OCSP %p \"%s\" signature is correct\n",

  853. 		ocsp, ocsp->cert->subject.name );

  854. 

  855.  err_verify:

  856. 	pubkey_final ( pubkey, pubkey_ctx );

  857.  err_init:

  858. 	return rc;

  859. }

  860. 

  861. /**

  862.  * Validate OCSP response

  863.  *

  864.  * @v ocsp		OCSP check

  865.  * @v time		Time at which to validate response

  866.  * @ret rc		Return status code

  867.  */

  868. int ocsp_validate ( struct ocsp_check *ocsp, time_t time ) {

  869. 	struct ocsp_response *response = &ocsp->response;

  870. 	struct x509_certificate *signer;

  871. 	int rc;

  872. 

  873. 	/* Sanity checks */

  874. 	assert ( response->data != NULL );

  875. 

  876. 	/* The response may include a signer certificate; if this is

  877. 	 * not present then the response must have been signed

  878. 	 * directly by the issuer.

  879. 	 */

  880. 	signer = ( response->signer ? response->signer : ocsp->issuer );

  881. 

  882. 	/* Validate signer, if applicable.  If the signer is not the

  883. 	 * issuer, then it must be signed directly by the issuer.

  884. 	 */

  885. 	if ( signer != ocsp->issuer ) {

  886. 		/* Forcibly invalidate the signer, since we need to

  887. 		 * ensure that it was signed by our issuer (and not

  888. 		 * some other issuer).  This prevents a sub-CA's OCSP

  889. 		 * certificate from fraudulently signing OCSP

  890. 		 * responses from the parent CA.

  891. 		 */

  892. 		x509_invalidate ( signer );

  893. 		if ( ( rc = x509_validate ( signer, ocsp->issuer, time,

  894. 					    &ocsp_root ) ) != 0 ) {

  895. 			DBGC ( ocsp, "OCSP %p \"%s\" could not validate "

  896. 			       "signer \"%s\": %s\n", ocsp,

  897. 			       ocsp->cert->subject.name, signer->subject.name,

  898. 			       strerror ( rc ) );

  899. 			return rc;

  900. 		}

  901. 

  902. 		/* If signer is not the issuer, then it must have the

  903. 		 * extendedKeyUsage id-kp-OCSPSigning.

  904. 		 */

  905. 		if ( ! ( signer->extensions.ext_usage.bits &

  906. 			 X509_OCSP_SIGNING ) ) {

  907. 			DBGC ( ocsp, "OCSP %p \"%s\" signer \"%s\" is "

  908. 			       "not an OCSP-signing certificate\n", ocsp,

  909. 			       ocsp->cert->subject.name, signer->subject.name );

  910. 			return -EACCES_NON_OCSP_SIGNING;

  911. 		}

  912. 	}

  913. 

  914. 	/* Check OCSP response signature */

  915. 	if ( ( rc = ocsp_check_signature ( ocsp, signer ) ) != 0 )

  916. 		return rc;

  917. 

  918. 	/* Check OCSP response is valid at the specified time

  919. 	 * (allowing for some margin of error).

  920. 	 */

  921. 	if ( response->this_update > ( time + X509_ERROR_MARGIN_TIME ) ) {

  922. 		DBGC ( ocsp, "OCSP %p \"%s\" response is not yet valid (at "

  923. 		       "time %lld)\n", ocsp, ocsp->cert->subject.name, time );

  924. 		return -EACCES_STALE;

  925. 	}

  926. 	if ( response->next_update < ( time - X509_ERROR_MARGIN_TIME ) ) {

  927. 		DBGC ( ocsp, "OCSP %p \"%s\" response is stale (at time "

  928. 		       "%lld)\n", ocsp, ocsp->cert->subject.name, time );

  929. 		return -EACCES_STALE;

  930. 	}

  931. 	DBGC2 ( ocsp, "OCSP %p \"%s\" response is valid (at time %lld)\n",

  932. 		ocsp, ocsp->cert->subject.name, time );

  933. 

  934. 	/* Mark certificate as passing OCSP verification */

  935. 	ocsp->cert->extensions.auth_info.ocsp.good = 1;

  936. 

  937. 	/* Validate certificate against issuer */

  938. 	if ( ( rc = x509_validate ( ocsp->cert, ocsp->issuer, time,

  939. 				    &ocsp_root ) ) != 0 ) {

  940. 		DBGC ( ocsp, "OCSP %p \"%s\" could not validate certificate: "

  941. 		       "%s\n", ocsp, ocsp->cert->subject.name, strerror ( rc ));

  942. 		return rc;

  943. 	}

  944. 	DBGC ( ocsp, "OCSP %p \"%s\" successfully validated using \"%s\"\n",

  945. 	       ocsp, ocsp->cert->subject.name, signer->subject.name );

  946. 

  947. 	return 0;

  948. }