You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

ocsp.c 28KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958
  1. /*
  2. * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
  3. *
  4. * This program is free software; you can redistribute it and/or
  5. * modify it under the terms of the GNU General Public License as
  6. * published by the Free Software Foundation; either version 2 of the
  7. * License, or (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful, but
  10. * WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  12. * General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program; if not, write to the Free Software
  16. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  17. * 02110-1301, USA.
  18. */
  19. FILE_LICENCE ( GPL2_OR_LATER );
  20. #include <stdint.h>
  21. #include <stdlib.h>
  22. #include <stdio.h>
  23. #include <string.h>
  24. #include <errno.h>
  25. #include <ipxe/asn1.h>
  26. #include <ipxe/x509.h>
  27. #include <ipxe/sha1.h>
  28. #include <ipxe/base64.h>
  29. #include <ipxe/uri.h>
  30. #include <ipxe/ocsp.h>
  31. #include <config/crypto.h>
  32. /** @file
  33. *
  34. * Online Certificate Status Protocol
  35. *
  36. */
  37. /* Disambiguate the various error causes */
  38. #define EACCES_CERT_STATUS \
  39. __einfo_error ( EINFO_EACCES_CERT_STATUS )
  40. #define EINFO_EACCES_CERT_STATUS \
  41. __einfo_uniqify ( EINFO_EACCES, 0x01, \
  42. "Certificate status not good" )
  43. #define EACCES_CERT_MISMATCH \
  44. __einfo_error ( EINFO_EACCES_CERT_MISMATCH )
  45. #define EINFO_EACCES_CERT_MISMATCH \
  46. __einfo_uniqify ( EINFO_EACCES, 0x02, \
  47. "Certificate ID mismatch" )
  48. #define EACCES_NON_OCSP_SIGNING \
  49. __einfo_error ( EINFO_EACCES_NON_OCSP_SIGNING )
  50. #define EINFO_EACCES_NON_OCSP_SIGNING \
  51. __einfo_uniqify ( EINFO_EACCES, 0x03, \
  52. "Not an OCSP signing certificate" )
  53. #define EACCES_STALE \
  54. __einfo_error ( EINFO_EACCES_STALE )
  55. #define EINFO_EACCES_STALE \
  56. __einfo_uniqify ( EINFO_EACCES, 0x04, \
  57. "Stale (or premature) OCSP repsonse" )
  58. #define EACCES_NO_RESPONDER \
  59. __einfo_error ( EINFO_EACCES_NO_RESPONDER )
  60. #define EINFO_EACCES_NO_RESPONDER \
  61. __einfo_uniqify ( EINFO_EACCES, 0x05, \
  62. "Missing OCSP responder certificate" )
  63. #define ENOTSUP_RESPONSE_TYPE \
  64. __einfo_error ( EINFO_ENOTSUP_RESPONSE_TYPE )
  65. #define EINFO_ENOTSUP_RESPONSE_TYPE \
  66. __einfo_uniqify ( EINFO_ENOTSUP, 0x01, \
  67. "Unsupported OCSP response type" )
  68. #define ENOTSUP_RESPONDER_ID \
  69. __einfo_error ( EINFO_ENOTSUP_RESPONDER_ID )
  70. #define EINFO_ENOTSUP_RESPONDER_ID \
  71. __einfo_uniqify ( EINFO_ENOTSUP, 0x02, \
  72. "Unsupported OCSP responder ID" )
  73. #define EPROTO_MALFORMED_REQUEST \
  74. __einfo_error ( EINFO_EPROTO_MALFORMED_REQUEST )
  75. #define EINFO_EPROTO_MALFORMED_REQUEST \
  76. __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_MALFORMED_REQUEST, \
  77. "Illegal confirmation request" )
  78. #define EPROTO_INTERNAL_ERROR \
  79. __einfo_error ( EINFO_EPROTO_INTERNAL_ERROR )
  80. #define EINFO_EPROTO_INTERNAL_ERROR \
  81. __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_INTERNAL_ERROR, \
  82. "Internal error in issuer" )
  83. #define EPROTO_TRY_LATER \
  84. __einfo_error ( EINFO_EPROTO_TRY_LATER )
  85. #define EINFO_EPROTO_TRY_LATER \
  86. __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_TRY_LATER, \
  87. "Try again later" )
  88. #define EPROTO_SIG_REQUIRED \
  89. __einfo_error ( EINFO_EPROTO_SIG_REQUIRED )
  90. #define EINFO_EPROTO_SIG_REQUIRED \
  91. __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_SIG_REQUIRED, \
  92. "Must sign the request" )
  93. #define EPROTO_UNAUTHORIZED \
  94. __einfo_error ( EINFO_EPROTO_UNAUTHORIZED )
  95. #define EINFO_EPROTO_UNAUTHORIZED \
  96. __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_UNAUTHORIZED, \
  97. "Request unauthorized" )
  98. #define EPROTO_STATUS( status ) \
  99. EUNIQ ( EINFO_EPROTO, (status), EPROTO_MALFORMED_REQUEST, \
  100. EPROTO_INTERNAL_ERROR, EPROTO_TRY_LATER, \
  101. EPROTO_SIG_REQUIRED, EPROTO_UNAUTHORIZED )
  102. /** OCSP digest algorithm */
  103. #define ocsp_digest_algorithm sha1_algorithm
  104. /** OCSP digest algorithm identifier */
  105. static const uint8_t ocsp_algorithm_id[] =
  106. { OCSP_ALGORITHM_IDENTIFIER ( ASN1_OID_SHA1 ) };
  107. /** OCSP basic response type */
  108. static const uint8_t oid_basic_response_type[] = { ASN1_OID_OCSP_BASIC };
  109. /** OCSP basic response type cursor */
  110. static struct asn1_cursor oid_basic_response_type_cursor =
  111. ASN1_OID_CURSOR ( oid_basic_response_type );
  112. /**
  113. * Free OCSP check
  114. *
  115. * @v refcnt Reference count
  116. */
  117. static void ocsp_free ( struct refcnt *refcnt ) {
  118. struct ocsp_check *ocsp =
  119. container_of ( refcnt, struct ocsp_check, refcnt );
  120. x509_put ( ocsp->cert );
  121. x509_put ( ocsp->issuer );
  122. free ( ocsp->uri_string );
  123. free ( ocsp->request.builder.data );
  124. free ( ocsp->response.data );
  125. x509_put ( ocsp->response.signer );
  126. free ( ocsp );
  127. }
  128. /**
  129. * Build OCSP request
  130. *
  131. * @v ocsp OCSP check
  132. * @ret rc Return status code
  133. */
  134. static int ocsp_request ( struct ocsp_check *ocsp ) {
  135. struct digest_algorithm *digest = &ocsp_digest_algorithm;
  136. struct asn1_builder *builder = &ocsp->request.builder;
  137. struct asn1_cursor *cert_id = &ocsp->request.cert_id;
  138. uint8_t digest_ctx[digest->ctxsize];
  139. uint8_t name_digest[digest->digestsize];
  140. uint8_t pubkey_digest[digest->digestsize];
  141. int rc;
  142. /* Generate digests */
  143. digest_init ( digest, digest_ctx );
  144. digest_update ( digest, digest_ctx, ocsp->cert->issuer.raw.data,
  145. ocsp->cert->issuer.raw.len );
  146. digest_final ( digest, digest_ctx, name_digest );
  147. digest_init ( digest, digest_ctx );
  148. digest_update ( digest, digest_ctx,
  149. ocsp->issuer->subject.public_key.raw_bits.data,
  150. ocsp->issuer->subject.public_key.raw_bits.len );
  151. digest_final ( digest, digest_ctx, pubkey_digest );
  152. /* Construct request */
  153. if ( ( rc = ( asn1_prepend_raw ( builder, ocsp->cert->serial.raw.data,
  154. ocsp->cert->serial.raw.len ),
  155. asn1_prepend ( builder, ASN1_OCTET_STRING,
  156. pubkey_digest, sizeof ( pubkey_digest ) ),
  157. asn1_prepend ( builder, ASN1_OCTET_STRING,
  158. name_digest, sizeof ( name_digest ) ),
  159. asn1_prepend ( builder, ASN1_SEQUENCE,
  160. ocsp_algorithm_id,
  161. sizeof ( ocsp_algorithm_id ) ),
  162. asn1_wrap ( builder, ASN1_SEQUENCE ),
  163. asn1_wrap ( builder, ASN1_SEQUENCE ),
  164. asn1_wrap ( builder, ASN1_SEQUENCE ),
  165. asn1_wrap ( builder, ASN1_SEQUENCE ),
  166. asn1_wrap ( builder, ASN1_SEQUENCE ) ) ) != 0 ) {
  167. DBGC ( ocsp, "OCSP %p \"%s\" could not build request: %s\n",
  168. ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
  169. return rc;
  170. }
  171. DBGC2 ( ocsp, "OCSP %p \"%s\" request is:\n",
  172. ocsp, x509_name ( ocsp->cert ) );
  173. DBGC2_HDA ( ocsp, 0, builder->data, builder->len );
  174. /* Parse certificate ID for comparison with response */
  175. cert_id->data = builder->data;
  176. cert_id->len = builder->len;
  177. if ( ( rc = ( asn1_enter ( cert_id, ASN1_SEQUENCE ),
  178. asn1_enter ( cert_id, ASN1_SEQUENCE ),
  179. asn1_enter ( cert_id, ASN1_SEQUENCE ),
  180. asn1_enter ( cert_id, ASN1_SEQUENCE ) ) ) != 0 ) {
  181. DBGC ( ocsp, "OCSP %p \"%s\" could not locate certID: %s\n",
  182. ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
  183. return rc;
  184. }
  185. return 0;
  186. }
  187. /**
  188. * Build OCSP URI string
  189. *
  190. * @v ocsp OCSP check
  191. * @ret rc Return status code
  192. */
  193. static int ocsp_uri_string ( struct ocsp_check *ocsp ) {
  194. struct x509_ocsp_responder *responder =
  195. &ocsp->cert->extensions.auth_info.ocsp;
  196. char *base64;
  197. char *sep;
  198. size_t base64_len;
  199. size_t uri_len;
  200. size_t len;
  201. int rc;
  202. /* Sanity check */
  203. if ( ! responder->uri.len ) {
  204. DBGC ( ocsp, "OCSP %p \"%s\" has no OCSP URI\n",
  205. ocsp, x509_name ( ocsp->cert ) );
  206. rc = -ENOTTY;
  207. goto err_no_uri;
  208. }
  209. /* Calculate base64-encoded request length */
  210. base64_len = ( base64_encoded_len ( ocsp->request.builder.len )
  211. + 1 /* NUL */ );
  212. /* Allocate and construct the base64-encoded request */
  213. base64 = malloc ( base64_len );
  214. if ( ! base64 ) {
  215. rc = -ENOMEM;
  216. goto err_alloc_base64;
  217. }
  218. base64_encode ( ocsp->request.builder.data, ocsp->request.builder.len,
  219. base64, base64_len );
  220. /* Calculate URI-encoded base64-encoded request length */
  221. uri_len = ( uri_encode ( URI_PATH, base64, ( base64_len - 1 /* NUL */ ),
  222. NULL, 0 ) + 1 /* NUL */ );
  223. /* Allocate and construct the URI string */
  224. len = ( responder->uri.len + 1 /* possible "/" */ + uri_len );
  225. ocsp->uri_string = zalloc ( len );
  226. if ( ! ocsp->uri_string ) {
  227. rc = -ENOMEM;
  228. goto err_alloc_uri;
  229. }
  230. memcpy ( ocsp->uri_string, responder->uri.data, responder->uri.len );
  231. sep = &ocsp->uri_string[ responder->uri.len - 1 ];
  232. if ( *sep != '/' )
  233. *(++sep) = '/';
  234. uri_encode ( URI_PATH, base64, base64_len, ( sep + 1 ), uri_len );
  235. DBGC2 ( ocsp, "OCSP %p \"%s\" URI is %s\n",
  236. ocsp, x509_name ( ocsp->cert ), ocsp->uri_string );
  237. /* Success */
  238. rc = 0;
  239. err_alloc_uri:
  240. free ( base64 );
  241. err_alloc_base64:
  242. err_no_uri:
  243. return rc;
  244. }
  245. /**
  246. * Create OCSP check
  247. *
  248. * @v cert Certificate to check
  249. * @v issuer Issuing certificate
  250. * @ret ocsp OCSP check
  251. * @ret rc Return status code
  252. */
  253. int ocsp_check ( struct x509_certificate *cert,
  254. struct x509_certificate *issuer,
  255. struct ocsp_check **ocsp ) {
  256. int rc;
  257. /* Sanity checks */
  258. assert ( cert != NULL );
  259. assert ( issuer != NULL );
  260. assert ( issuer->valid );
  261. /* Allocate and initialise check */
  262. *ocsp = zalloc ( sizeof ( **ocsp ) );
  263. if ( ! *ocsp ) {
  264. rc = -ENOMEM;
  265. goto err_alloc;
  266. }
  267. ref_init ( &(*ocsp)->refcnt, ocsp_free );
  268. (*ocsp)->cert = x509_get ( cert );
  269. (*ocsp)->issuer = x509_get ( issuer );
  270. /* Build request */
  271. if ( ( rc = ocsp_request ( *ocsp ) ) != 0 )
  272. goto err_request;
  273. /* Build URI string */
  274. if ( ( rc = ocsp_uri_string ( *ocsp ) ) != 0 )
  275. goto err_uri_string;
  276. return 0;
  277. err_uri_string:
  278. err_request:
  279. ocsp_put ( *ocsp );
  280. err_alloc:
  281. *ocsp = NULL;
  282. return rc;
  283. }
  284. /**
  285. * Parse OCSP response status
  286. *
  287. * @v ocsp OCSP check
  288. * @v raw ASN.1 cursor
  289. * @ret rc Return status code
  290. */
  291. static int ocsp_parse_response_status ( struct ocsp_check *ocsp,
  292. const struct asn1_cursor *raw ) {
  293. struct asn1_cursor cursor;
  294. uint8_t status;
  295. int rc;
  296. /* Enter responseStatus */
  297. memcpy ( &cursor, raw, sizeof ( cursor ) );
  298. if ( ( rc = asn1_enter ( &cursor, ASN1_ENUMERATED ) ) != 0 ) {
  299. DBGC ( ocsp, "OCSP %p \"%s\" could not locate responseStatus: "
  300. "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
  301. return rc;
  302. }
  303. /* Extract response status */
  304. if ( cursor.len != sizeof ( status ) ) {
  305. DBGC ( ocsp, "OCSP %p \"%s\" invalid status:\n",
  306. ocsp, x509_name ( ocsp->cert ) );
  307. DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
  308. return -EINVAL;
  309. }
  310. memcpy ( &status, cursor.data, sizeof ( status ) );
  311. /* Check response status */
  312. if ( status != OCSP_STATUS_SUCCESSFUL ) {
  313. DBGC ( ocsp, "OCSP %p \"%s\" response status %d\n",
  314. ocsp, x509_name ( ocsp->cert ), status );
  315. return EPROTO_STATUS ( status );
  316. }
  317. return 0;
  318. }
  319. /**
  320. * Parse OCSP response type
  321. *
  322. * @v ocsp OCSP check
  323. * @v raw ASN.1 cursor
  324. * @ret rc Return status code
  325. */
  326. static int ocsp_parse_response_type ( struct ocsp_check *ocsp,
  327. const struct asn1_cursor *raw ) {
  328. struct asn1_cursor cursor;
  329. /* Enter responseType */
  330. memcpy ( &cursor, raw, sizeof ( cursor ) );
  331. asn1_enter ( &cursor, ASN1_OID );
  332. /* Check responseType is "basic" */
  333. if ( asn1_compare ( &oid_basic_response_type_cursor, &cursor ) != 0 ) {
  334. DBGC ( ocsp, "OCSP %p \"%s\" response type not supported:\n",
  335. ocsp, x509_name ( ocsp->cert ) );
  336. DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
  337. return -ENOTSUP_RESPONSE_TYPE;
  338. }
  339. return 0;
  340. }
  341. /**
  342. * Compare responder's certificate name
  343. *
  344. * @v ocsp OCSP check
  345. * @v cert Certificate
  346. * @ret difference Difference as returned by memcmp()
  347. */
  348. static int ocsp_compare_responder_name ( struct ocsp_check *ocsp,
  349. struct x509_certificate *cert ) {
  350. struct ocsp_responder *responder = &ocsp->response.responder;
  351. /* Compare responder ID with certificate's subject */
  352. return asn1_compare ( &responder->id, &cert->subject.raw );
  353. }
  354. /**
  355. * Compare responder's certificate public key hash
  356. *
  357. * @v ocsp OCSP check
  358. * @v cert Certificate
  359. * @ret difference Difference as returned by memcmp()
  360. */
  361. static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,
  362. struct x509_certificate *cert ) {
  363. struct ocsp_responder *responder = &ocsp->response.responder;
  364. struct asn1_cursor key_hash;
  365. uint8_t ctx[SHA1_CTX_SIZE];
  366. uint8_t digest[SHA1_DIGEST_SIZE];
  367. int difference;
  368. /* Enter responder key hash */
  369. memcpy ( &key_hash, &responder->id, sizeof ( key_hash ) );
  370. asn1_enter ( &key_hash, ASN1_OCTET_STRING );
  371. /* Sanity check */
  372. difference = ( sizeof ( digest ) - key_hash.len );
  373. if ( difference )
  374. return difference;
  375. /* Generate SHA1 hash of certificate's public key */
  376. digest_init ( &sha1_algorithm, ctx );
  377. digest_update ( &sha1_algorithm, ctx,
  378. cert->subject.public_key.raw_bits.data,
  379. cert->subject.public_key.raw_bits.len );
  380. digest_final ( &sha1_algorithm, ctx, digest );
  381. /* Compare responder key hash with hash of certificate's public key */
  382. return memcmp ( digest, key_hash.data, sizeof ( digest ) );
  383. }
  384. /**
  385. * Parse OCSP responder ID
  386. *
  387. * @v ocsp OCSP check
  388. * @v raw ASN.1 cursor
  389. * @ret rc Return status code
  390. */
  391. static int ocsp_parse_responder_id ( struct ocsp_check *ocsp,
  392. const struct asn1_cursor *raw ) {
  393. struct ocsp_responder *responder = &ocsp->response.responder;
  394. struct asn1_cursor *responder_id = &responder->id;
  395. unsigned int type;
  396. /* Enter responder ID */
  397. memcpy ( responder_id, raw, sizeof ( *responder_id ) );
  398. type = asn1_type ( responder_id );
  399. asn1_enter_any ( responder_id );
  400. /* Identify responder ID type */
  401. switch ( type ) {
  402. case ASN1_EXPLICIT_TAG ( 1 ) :
  403. DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by name\n",
  404. ocsp, x509_name ( ocsp->cert ) );
  405. responder->compare = ocsp_compare_responder_name;
  406. return 0;
  407. case ASN1_EXPLICIT_TAG ( 2 ) :
  408. DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by key "
  409. "hash\n", ocsp, x509_name ( ocsp->cert ) );
  410. responder->compare = ocsp_compare_responder_key_hash;
  411. return 0;
  412. default:
  413. DBGC ( ocsp, "OCSP %p \"%s\" unsupported responder ID type "
  414. "%d\n", ocsp, x509_name ( ocsp->cert ), type );
  415. return -ENOTSUP_RESPONDER_ID;
  416. }
  417. }
  418. /**
  419. * Parse OCSP certificate ID
  420. *
  421. * @v ocsp OCSP check
  422. * @v raw ASN.1 cursor
  423. * @ret rc Return status code
  424. */
  425. static int ocsp_parse_cert_id ( struct ocsp_check *ocsp,
  426. const struct asn1_cursor *raw ) {
  427. struct asn1_cursor cursor;
  428. /* Check certID matches request */
  429. memcpy ( &cursor, raw, sizeof ( cursor ) );
  430. asn1_shrink_any ( &cursor );
  431. if ( asn1_compare ( &cursor, &ocsp->request.cert_id ) != 0 ) {
  432. DBGC ( ocsp, "OCSP %p \"%s\" certID mismatch:\n",
  433. ocsp, x509_name ( ocsp->cert ) );
  434. DBGC_HDA ( ocsp, 0, ocsp->request.cert_id.data,
  435. ocsp->request.cert_id.len );
  436. DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
  437. return -EACCES_CERT_MISMATCH;
  438. }
  439. return 0;
  440. }
  441. /**
  442. * Parse OCSP responses
  443. *
  444. * @v ocsp OCSP check
  445. * @v raw ASN.1 cursor
  446. * @ret rc Return status code
  447. */
  448. static int ocsp_parse_responses ( struct ocsp_check *ocsp,
  449. const struct asn1_cursor *raw ) {
  450. struct ocsp_response *response = &ocsp->response;
  451. struct asn1_cursor cursor;
  452. int rc;
  453. /* Enter responses */
  454. memcpy ( &cursor, raw, sizeof ( cursor ) );
  455. asn1_enter ( &cursor, ASN1_SEQUENCE );
  456. /* Enter first singleResponse */
  457. asn1_enter ( &cursor, ASN1_SEQUENCE );
  458. /* Parse certID */
  459. if ( ( rc = ocsp_parse_cert_id ( ocsp, &cursor ) ) != 0 )
  460. return rc;
  461. asn1_skip_any ( &cursor );
  462. /* Check certStatus */
  463. if ( asn1_type ( &cursor ) != ASN1_IMPLICIT_TAG ( 0 ) ) {
  464. DBGC ( ocsp, "OCSP %p \"%s\" non-good certStatus:\n",
  465. ocsp, x509_name ( ocsp->cert ) );
  466. DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
  467. return -EACCES_CERT_STATUS;
  468. }
  469. asn1_skip_any ( &cursor );
  470. /* Parse thisUpdate */
  471. if ( ( rc = asn1_generalized_time ( &cursor,
  472. &response->this_update ) ) != 0 ) {
  473. DBGC ( ocsp, "OCSP %p \"%s\" could not parse thisUpdate: %s\n",
  474. ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
  475. return rc;
  476. }
  477. DBGC2 ( ocsp, "OCSP %p \"%s\" this update was at time %lld\n",
  478. ocsp, x509_name ( ocsp->cert ), response->this_update );
  479. asn1_skip_any ( &cursor );
  480. /* Parse nextUpdate, if present */
  481. if ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) {
  482. asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
  483. if ( ( rc = asn1_generalized_time ( &cursor,
  484. &response->next_update ) ) != 0 ) {
  485. DBGC ( ocsp, "OCSP %p \"%s\" could not parse "
  486. "nextUpdate: %s\n", ocsp,
  487. x509_name ( ocsp->cert ), strerror ( rc ) );
  488. return rc;
  489. }
  490. DBGC2 ( ocsp, "OCSP %p \"%s\" next update is at time %lld\n",
  491. ocsp, x509_name ( ocsp->cert ), response->next_update );
  492. } else {
  493. /* If no nextUpdate is present, this indicates that
  494. * "newer revocation information is available all the
  495. * time". Actually, this indicates that there is no
  496. * point to performing the OCSP check, since an
  497. * attacker could replay the response at any future
  498. * time and it would still be valid.
  499. */
  500. DBGC ( ocsp, "OCSP %p \"%s\" responder is a moron\n",
  501. ocsp, x509_name ( ocsp->cert ) );
  502. response->next_update = time ( NULL );
  503. }
  504. return 0;
  505. }
  506. /**
  507. * Parse OCSP response data
  508. *
  509. * @v ocsp OCSP check
  510. * @v raw ASN.1 cursor
  511. * @ret rc Return status code
  512. */
  513. static int ocsp_parse_tbs_response_data ( struct ocsp_check *ocsp,
  514. const struct asn1_cursor *raw ) {
  515. struct ocsp_response *response = &ocsp->response;
  516. struct asn1_cursor cursor;
  517. int rc;
  518. /* Record raw tbsResponseData */
  519. memcpy ( &cursor, raw, sizeof ( cursor ) );
  520. asn1_shrink_any ( &cursor );
  521. memcpy ( &response->tbs, &cursor, sizeof ( response->tbs ) );
  522. /* Enter tbsResponseData */
  523. asn1_enter ( &cursor, ASN1_SEQUENCE );
  524. /* Skip version, if present */
  525. asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
  526. /* Parse responderID */
  527. if ( ( rc = ocsp_parse_responder_id ( ocsp, &cursor ) ) != 0 )
  528. return rc;
  529. asn1_skip_any ( &cursor );
  530. /* Skip producedAt */
  531. asn1_skip_any ( &cursor );
  532. /* Parse responses */
  533. if ( ( rc = ocsp_parse_responses ( ocsp, &cursor ) ) != 0 )
  534. return rc;
  535. return 0;
  536. }
  537. /**
  538. * Parse OCSP certificates
  539. *
  540. * @v ocsp OCSP check
  541. * @v raw ASN.1 cursor
  542. * @ret rc Return status code
  543. */
  544. static int ocsp_parse_certs ( struct ocsp_check *ocsp,
  545. const struct asn1_cursor *raw ) {
  546. struct ocsp_response *response = &ocsp->response;
  547. struct asn1_cursor cursor;
  548. struct x509_certificate *cert;
  549. int rc;
  550. /* Enter certs */
  551. memcpy ( &cursor, raw, sizeof ( cursor ) );
  552. asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
  553. asn1_enter ( &cursor, ASN1_SEQUENCE );
  554. /* Parse certificate, if present. The data structure permits
  555. * multiple certificates, but the protocol requires that the
  556. * OCSP signing certificate must either be the issuer itself,
  557. * or must be directly issued by the issuer (see RFC2560
  558. * section 4.2.2.2 "Authorized Responders"). We therefore
  559. * need to identify only the single certificate matching the
  560. * Responder ID.
  561. */
  562. while ( cursor.len ) {
  563. /* Parse certificate */
  564. if ( ( rc = x509_certificate ( cursor.data, cursor.len,
  565. &cert ) ) != 0 ) {
  566. DBGC ( ocsp, "OCSP %p \"%s\" could not parse "
  567. "certificate: %s\n", ocsp,
  568. x509_name ( ocsp->cert ), strerror ( rc ) );
  569. DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
  570. return rc;
  571. }
  572. /* Use if this certificate matches the responder ID */
  573. if ( response->responder.compare ( ocsp, cert ) == 0 ) {
  574. response->signer = cert;
  575. DBGC2 ( ocsp, "OCSP %p \"%s\" response is signed by ",
  576. ocsp, x509_name ( ocsp->cert ) );
  577. DBGC2 ( ocsp, "\"%s\"\n",
  578. x509_name ( response->signer ) );
  579. return 0;
  580. }
  581. /* Otherwise, discard this certificate */
  582. x509_put ( cert );
  583. asn1_skip_any ( &cursor );
  584. }
  585. DBGC ( ocsp, "OCSP %p \"%s\" missing responder certificate\n",
  586. ocsp, x509_name ( ocsp->cert ) );
  587. return -EACCES_NO_RESPONDER;
  588. }
  589. /**
  590. * Parse OCSP basic response
  591. *
  592. * @v ocsp OCSP check
  593. * @v raw ASN.1 cursor
  594. * @ret rc Return status code
  595. */
  596. static int ocsp_parse_basic_response ( struct ocsp_check *ocsp,
  597. const struct asn1_cursor *raw ) {
  598. struct ocsp_response *response = &ocsp->response;
  599. struct asn1_algorithm **algorithm = &response->algorithm;
  600. struct asn1_bit_string *signature = &response->signature;
  601. struct asn1_cursor cursor;
  602. int rc;
  603. /* Enter BasicOCSPResponse */
  604. memcpy ( &cursor, raw, sizeof ( cursor ) );
  605. asn1_enter ( &cursor, ASN1_SEQUENCE );
  606. /* Parse tbsResponseData */
  607. if ( ( rc = ocsp_parse_tbs_response_data ( ocsp, &cursor ) ) != 0 )
  608. return rc;
  609. asn1_skip_any ( &cursor );
  610. /* Parse signatureAlgorithm */
  611. if ( ( rc = asn1_signature_algorithm ( &cursor, algorithm ) ) != 0 ) {
  612. DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature "
  613. "algorithm: %s\n",
  614. ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
  615. return rc;
  616. }
  617. DBGC2 ( ocsp, "OCSP %p \"%s\" signature algorithm is %s\n",
  618. ocsp, x509_name ( ocsp->cert ), (*algorithm)->name );
  619. asn1_skip_any ( &cursor );
  620. /* Parse signature */
  621. if ( ( rc = asn1_integral_bit_string ( &cursor, signature ) ) != 0 ) {
  622. DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature: %s\n",
  623. ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
  624. return rc;
  625. }
  626. asn1_skip_any ( &cursor );
  627. /* Parse certs, if present */
  628. if ( ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) &&
  629. ( ( rc = ocsp_parse_certs ( ocsp, &cursor ) ) != 0 ) )
  630. return rc;
  631. return 0;
  632. }
  633. /**
  634. * Parse OCSP response bytes
  635. *
  636. * @v ocsp OCSP check
  637. * @v raw ASN.1 cursor
  638. * @ret rc Return status code
  639. */
  640. static int ocsp_parse_response_bytes ( struct ocsp_check *ocsp,
  641. const struct asn1_cursor *raw ) {
  642. struct asn1_cursor cursor;
  643. int rc;
  644. /* Enter responseBytes */
  645. memcpy ( &cursor, raw, sizeof ( cursor ) );
  646. asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
  647. asn1_enter ( &cursor, ASN1_SEQUENCE );
  648. /* Parse responseType */
  649. if ( ( rc = ocsp_parse_response_type ( ocsp, &cursor ) ) != 0 )
  650. return rc;
  651. asn1_skip_any ( &cursor );
  652. /* Enter response */
  653. asn1_enter ( &cursor, ASN1_OCTET_STRING );
  654. /* Parse response */
  655. if ( ( rc = ocsp_parse_basic_response ( ocsp, &cursor ) ) != 0 )
  656. return rc;
  657. return 0;
  658. }
  659. /**
  660. * Parse OCSP response
  661. *
  662. * @v ocsp OCSP check
  663. * @v raw ASN.1 cursor
  664. * @ret rc Return status code
  665. */
  666. static int ocsp_parse_response ( struct ocsp_check *ocsp,
  667. const struct asn1_cursor *raw ) {
  668. struct asn1_cursor cursor;
  669. int rc;
  670. /* Enter OCSPResponse */
  671. memcpy ( &cursor, raw, sizeof ( cursor ) );
  672. asn1_enter ( &cursor, ASN1_SEQUENCE );
  673. /* Parse responseStatus */
  674. if ( ( rc = ocsp_parse_response_status ( ocsp, &cursor ) ) != 0 )
  675. return rc;
  676. asn1_skip_any ( &cursor );
  677. /* Parse responseBytes */
  678. if ( ( rc = ocsp_parse_response_bytes ( ocsp, &cursor ) ) != 0 )
  679. return rc;
  680. return 0;
  681. }
  682. /**
  683. * Receive OCSP response
  684. *
  685. * @v ocsp OCSP check
  686. * @v data Response data
  687. * @v len Length of response data
  688. * @ret rc Return status code
  689. */
  690. int ocsp_response ( struct ocsp_check *ocsp, const void *data, size_t len ) {
  691. struct ocsp_response *response = &ocsp->response;
  692. struct asn1_cursor cursor;
  693. int rc;
  694. /* Duplicate data */
  695. x509_put ( response->signer );
  696. response->signer = NULL;
  697. free ( response->data );
  698. response->data = malloc ( len );
  699. if ( ! response->data )
  700. return -ENOMEM;
  701. memcpy ( response->data, data, len );
  702. cursor.data = response->data;
  703. cursor.len = len;
  704. /* Parse response */
  705. if ( ( rc = ocsp_parse_response ( ocsp, &cursor ) ) != 0 )
  706. return rc;
  707. return 0;
  708. }
  709. /**
  710. * OCSP dummy root certificate store
  711. *
  712. * OCSP validation uses no root certificates, since it takes place
  713. * only when there already exists a validated issuer certificate.
  714. */
  715. static struct x509_root ocsp_root = {
  716. .digest = &ocsp_digest_algorithm,
  717. .count = 0,
  718. .fingerprints = NULL,
  719. };
  720. /**
  721. * Check OCSP response signature
  722. *
  723. * @v ocsp OCSP check
  724. * @v signer Signing certificate
  725. * @ret rc Return status code
  726. */
  727. static int ocsp_check_signature ( struct ocsp_check *ocsp,
  728. struct x509_certificate *signer ) {
  729. struct ocsp_response *response = &ocsp->response;
  730. struct digest_algorithm *digest = response->algorithm->digest;
  731. struct pubkey_algorithm *pubkey = response->algorithm->pubkey;
  732. struct x509_public_key *public_key = &signer->subject.public_key;
  733. uint8_t digest_ctx[ digest->ctxsize ];
  734. uint8_t digest_out[ digest->digestsize ];
  735. uint8_t pubkey_ctx[ pubkey->ctxsize ];
  736. int rc;
  737. /* Generate digest */
  738. digest_init ( digest, digest_ctx );
  739. digest_update ( digest, digest_ctx, response->tbs.data,
  740. response->tbs.len );
  741. digest_final ( digest, digest_ctx, digest_out );
  742. /* Initialise public-key algorithm */
  743. if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, public_key->raw.data,
  744. public_key->raw.len ) ) != 0 ) {
  745. DBGC ( ocsp, "OCSP %p \"%s\" could not initialise public key: "
  746. "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
  747. goto err_init;
  748. }
  749. /* Verify digest */
  750. if ( ( rc = pubkey_verify ( pubkey, pubkey_ctx, digest, digest_out,
  751. response->signature.data,
  752. response->signature.len ) ) != 0 ) {
  753. DBGC ( ocsp, "OCSP %p \"%s\" signature verification failed: "
  754. "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
  755. goto err_verify;
  756. }
  757. DBGC2 ( ocsp, "OCSP %p \"%s\" signature is correct\n",
  758. ocsp, x509_name ( ocsp->cert ) );
  759. err_verify:
  760. pubkey_final ( pubkey, pubkey_ctx );
  761. err_init:
  762. return rc;
  763. }
  764. /**
  765. * Validate OCSP response
  766. *
  767. * @v ocsp OCSP check
  768. * @v time Time at which to validate response
  769. * @ret rc Return status code
  770. */
  771. int ocsp_validate ( struct ocsp_check *ocsp, time_t time ) {
  772. struct ocsp_response *response = &ocsp->response;
  773. struct x509_certificate *signer;
  774. int rc;
  775. /* Sanity checks */
  776. assert ( response->data != NULL );
  777. /* The response may include a signer certificate; if this is
  778. * not present then the response must have been signed
  779. * directly by the issuer.
  780. */
  781. signer = ( response->signer ? response->signer : ocsp->issuer );
  782. /* Validate signer, if applicable. If the signer is not the
  783. * issuer, then it must be signed directly by the issuer.
  784. */
  785. if ( signer != ocsp->issuer ) {
  786. /* Forcibly invalidate the signer, since we need to
  787. * ensure that it was signed by our issuer (and not
  788. * some other issuer). This prevents a sub-CA's OCSP
  789. * certificate from fraudulently signing OCSP
  790. * responses from the parent CA.
  791. */
  792. x509_invalidate ( signer );
  793. if ( ( rc = x509_validate ( signer, ocsp->issuer, time,
  794. &ocsp_root ) ) != 0 ) {
  795. DBGC ( ocsp, "OCSP %p \"%s\" could not validate ",
  796. ocsp, x509_name ( ocsp->cert ) );
  797. DBGC ( ocsp, "signer \"%s\": %s\n",
  798. x509_name ( signer ), strerror ( rc ) );
  799. return rc;
  800. }
  801. /* If signer is not the issuer, then it must have the
  802. * extendedKeyUsage id-kp-OCSPSigning.
  803. */
  804. if ( ! ( signer->extensions.ext_usage.bits &
  805. X509_OCSP_SIGNING ) ) {
  806. DBGC ( ocsp, "OCSP %p \"%s\" ",
  807. ocsp, x509_name ( ocsp->cert ) );
  808. DBGC ( ocsp, "signer \"%s\" is not an OCSP-signing "
  809. "certificate\n", x509_name ( signer ) );
  810. return -EACCES_NON_OCSP_SIGNING;
  811. }
  812. }
  813. /* Check OCSP response signature */
  814. if ( ( rc = ocsp_check_signature ( ocsp, signer ) ) != 0 )
  815. return rc;
  816. /* Check OCSP response is valid at the specified time
  817. * (allowing for some margin of error).
  818. */
  819. if ( response->this_update > ( time + TIMESTAMP_ERROR_MARGIN ) ) {
  820. DBGC ( ocsp, "OCSP %p \"%s\" response is not yet valid (at "
  821. "time %lld)\n", ocsp, x509_name ( ocsp->cert ), time );
  822. return -EACCES_STALE;
  823. }
  824. if ( response->next_update < ( time - TIMESTAMP_ERROR_MARGIN ) ) {
  825. DBGC ( ocsp, "OCSP %p \"%s\" response is stale (at time "
  826. "%lld)\n", ocsp, x509_name ( ocsp->cert ), time );
  827. return -EACCES_STALE;
  828. }
  829. DBGC2 ( ocsp, "OCSP %p \"%s\" response is valid (at time %lld)\n",
  830. ocsp, x509_name ( ocsp->cert ), time );
  831. /* Mark certificate as passing OCSP verification */
  832. ocsp->cert->extensions.auth_info.ocsp.good = 1;
  833. /* Validate certificate against issuer */
  834. if ( ( rc = x509_validate ( ocsp->cert, ocsp->issuer, time,
  835. &ocsp_root ) ) != 0 ) {
  836. DBGC ( ocsp, "OCSP %p \"%s\" could not validate certificate: "
  837. "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
  838. return rc;
  839. }
  840. DBGC ( ocsp, "OCSP %p \"%s\" successfully validated ",
  841. ocsp, x509_name ( ocsp->cert ) );
  842. DBGC ( ocsp, "using \"%s\"\n", x509_name ( signer ) );
  843. return 0;
  844. }