[fdt] Add ability to parse a MAC address from a flattened device tree
[ipxe.git] / src / crypto / ocsp.c
1 /*
2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 */
19
20 FILE_LICENCE ( GPL2_OR_LATER );
21
22 #include <stdint.h>
23 #include <stdlib.h>
24 #include <stdio.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <ipxe/asn1.h>
28 #include <ipxe/x509.h>
29 #include <ipxe/sha1.h>
30 #include <ipxe/base64.h>
31 #include <ipxe/uri.h>
32 #include <ipxe/ocsp.h>
33 #include <config/crypto.h>
34
35 /** @file
36 *
37 * Online Certificate Status Protocol
38 *
39 */
40
41 /* Disambiguate the various error causes */
42 #define EACCES_CERT_STATUS \
43 __einfo_error ( EINFO_EACCES_CERT_STATUS )
44 #define EINFO_EACCES_CERT_STATUS \
45 __einfo_uniqify ( EINFO_EACCES, 0x01, \
46 "Certificate status not good" )
47 #define EACCES_CERT_MISMATCH \
48 __einfo_error ( EINFO_EACCES_CERT_MISMATCH )
49 #define EINFO_EACCES_CERT_MISMATCH \
50 __einfo_uniqify ( EINFO_EACCES, 0x02, \
51 "Certificate ID mismatch" )
52 #define EACCES_NON_OCSP_SIGNING \
53 __einfo_error ( EINFO_EACCES_NON_OCSP_SIGNING )
54 #define EINFO_EACCES_NON_OCSP_SIGNING \
55 __einfo_uniqify ( EINFO_EACCES, 0x03, \
56 "Not an OCSP signing certificate" )
57 #define EACCES_STALE \
58 __einfo_error ( EINFO_EACCES_STALE )
59 #define EINFO_EACCES_STALE \
60 __einfo_uniqify ( EINFO_EACCES, 0x04, \
61 "Stale (or premature) OCSP repsonse" )
62 #define EACCES_NO_RESPONDER \
63 __einfo_error ( EINFO_EACCES_NO_RESPONDER )
64 #define EINFO_EACCES_NO_RESPONDER \
65 __einfo_uniqify ( EINFO_EACCES, 0x05, \
66 "Missing OCSP responder certificate" )
67 #define ENOTSUP_RESPONSE_TYPE \
68 __einfo_error ( EINFO_ENOTSUP_RESPONSE_TYPE )
69 #define EINFO_ENOTSUP_RESPONSE_TYPE \
70 __einfo_uniqify ( EINFO_ENOTSUP, 0x01, \
71 "Unsupported OCSP response type" )
72 #define ENOTSUP_RESPONDER_ID \
73 __einfo_error ( EINFO_ENOTSUP_RESPONDER_ID )
74 #define EINFO_ENOTSUP_RESPONDER_ID \
75 __einfo_uniqify ( EINFO_ENOTSUP, 0x02, \
76 "Unsupported OCSP responder ID" )
77 #define EPROTO_MALFORMED_REQUEST \
78 __einfo_error ( EINFO_EPROTO_MALFORMED_REQUEST )
79 #define EINFO_EPROTO_MALFORMED_REQUEST \
80 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_MALFORMED_REQUEST, \
81 "Illegal confirmation request" )
82 #define EPROTO_INTERNAL_ERROR \
83 __einfo_error ( EINFO_EPROTO_INTERNAL_ERROR )
84 #define EINFO_EPROTO_INTERNAL_ERROR \
85 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_INTERNAL_ERROR, \
86 "Internal error in issuer" )
87 #define EPROTO_TRY_LATER \
88 __einfo_error ( EINFO_EPROTO_TRY_LATER )
89 #define EINFO_EPROTO_TRY_LATER \
90 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_TRY_LATER, \
91 "Try again later" )
92 #define EPROTO_SIG_REQUIRED \
93 __einfo_error ( EINFO_EPROTO_SIG_REQUIRED )
94 #define EINFO_EPROTO_SIG_REQUIRED \
95 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_SIG_REQUIRED, \
96 "Must sign the request" )
97 #define EPROTO_UNAUTHORIZED \
98 __einfo_error ( EINFO_EPROTO_UNAUTHORIZED )
99 #define EINFO_EPROTO_UNAUTHORIZED \
100 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_UNAUTHORIZED, \
101 "Request unauthorized" )
102 #define EPROTO_STATUS( status ) \
103 EUNIQ ( EINFO_EPROTO, (status), EPROTO_MALFORMED_REQUEST, \
104 EPROTO_INTERNAL_ERROR, EPROTO_TRY_LATER, \
105 EPROTO_SIG_REQUIRED, EPROTO_UNAUTHORIZED )
106
107 /** OCSP digest algorithm */
108 #define ocsp_digest_algorithm sha1_algorithm
109
110 /** OCSP digest algorithm identifier */
111 static const uint8_t ocsp_algorithm_id[] =
112 { OCSP_ALGORITHM_IDENTIFIER ( ASN1_OID_SHA1 ) };
113
114 /** OCSP basic response type */
115 static const uint8_t oid_basic_response_type[] = { ASN1_OID_OCSP_BASIC };
116
117 /** OCSP basic response type cursor */
118 static struct asn1_cursor oid_basic_response_type_cursor =
119 ASN1_OID_CURSOR ( oid_basic_response_type );
120
121 /**
122 * Free OCSP check
123 *
124 * @v refcnt Reference count
125 */
126 static void ocsp_free ( struct refcnt *refcnt ) {
127 struct ocsp_check *ocsp =
128 container_of ( refcnt, struct ocsp_check, refcnt );
129
130 x509_put ( ocsp->cert );
131 x509_put ( ocsp->issuer );
132 free ( ocsp->uri_string );
133 free ( ocsp->request.builder.data );
134 free ( ocsp->response.data );
135 x509_put ( ocsp->response.signer );
136 free ( ocsp );
137 }
138
139 /**
140 * Build OCSP request
141 *
142 * @v ocsp OCSP check
143 * @ret rc Return status code
144 */
145 static int ocsp_request ( struct ocsp_check *ocsp ) {
146 struct digest_algorithm *digest = &ocsp_digest_algorithm;
147 struct asn1_builder *builder = &ocsp->request.builder;
148 struct asn1_cursor *cert_id_tail = &ocsp->request.cert_id_tail;
149 uint8_t digest_ctx[digest->ctxsize];
150 uint8_t name_digest[digest->digestsize];
151 uint8_t pubkey_digest[digest->digestsize];
152 int rc;
153
154 /* Generate digests */
155 digest_init ( digest, digest_ctx );
156 digest_update ( digest, digest_ctx, ocsp->cert->issuer.raw.data,
157 ocsp->cert->issuer.raw.len );
158 digest_final ( digest, digest_ctx, name_digest );
159 digest_init ( digest, digest_ctx );
160 digest_update ( digest, digest_ctx,
161 ocsp->issuer->subject.public_key.raw_bits.data,
162 ocsp->issuer->subject.public_key.raw_bits.len );
163 digest_final ( digest, digest_ctx, pubkey_digest );
164
165 /* Construct request */
166 if ( ( rc = ( asn1_prepend_raw ( builder, ocsp->cert->serial.raw.data,
167 ocsp->cert->serial.raw.len ),
168 asn1_prepend ( builder, ASN1_OCTET_STRING,
169 pubkey_digest, sizeof ( pubkey_digest ) ),
170 asn1_prepend ( builder, ASN1_OCTET_STRING,
171 name_digest, sizeof ( name_digest ) ),
172 asn1_prepend ( builder, ASN1_SEQUENCE,
173 ocsp_algorithm_id,
174 sizeof ( ocsp_algorithm_id ) ),
175 asn1_wrap ( builder, ASN1_SEQUENCE ),
176 asn1_wrap ( builder, ASN1_SEQUENCE ),
177 asn1_wrap ( builder, ASN1_SEQUENCE ),
178 asn1_wrap ( builder, ASN1_SEQUENCE ),
179 asn1_wrap ( builder, ASN1_SEQUENCE ) ) ) != 0 ) {
180 DBGC ( ocsp, "OCSP %p \"%s\" could not build request: %s\n",
181 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
182 return rc;
183 }
184 DBGC2 ( ocsp, "OCSP %p \"%s\" request is:\n",
185 ocsp, x509_name ( ocsp->cert ) );
186 DBGC2_HDA ( ocsp, 0, builder->data, builder->len );
187
188 /* Parse certificate ID for comparison with response */
189 cert_id_tail->data = builder->data;
190 cert_id_tail->len = builder->len;
191 if ( ( rc = ( asn1_enter ( cert_id_tail, ASN1_SEQUENCE ),
192 asn1_enter ( cert_id_tail, ASN1_SEQUENCE ),
193 asn1_enter ( cert_id_tail, ASN1_SEQUENCE ),
194 asn1_enter ( cert_id_tail, ASN1_SEQUENCE ),
195 asn1_enter ( cert_id_tail, ASN1_SEQUENCE ),
196 asn1_skip ( cert_id_tail, ASN1_SEQUENCE ) ) ) != 0 ) {
197 DBGC ( ocsp, "OCSP %p \"%s\" could not locate certID: %s\n",
198 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
199 return rc;
200 }
201
202 return 0;
203 }
204
205 /**
206 * Build OCSP URI string
207 *
208 * @v ocsp OCSP check
209 * @ret rc Return status code
210 */
211 static int ocsp_uri_string ( struct ocsp_check *ocsp ) {
212 struct x509_ocsp_responder *responder =
213 &ocsp->cert->extensions.auth_info.ocsp;
214 char *base64;
215 char *sep;
216 size_t base64_len;
217 size_t uri_len;
218 size_t len;
219 int rc;
220
221 /* Sanity check */
222 if ( ! responder->uri.len ) {
223 DBGC ( ocsp, "OCSP %p \"%s\" has no OCSP URI\n",
224 ocsp, x509_name ( ocsp->cert ) );
225 rc = -ENOTTY;
226 goto err_no_uri;
227 }
228
229 /* Calculate base64-encoded request length */
230 base64_len = ( base64_encoded_len ( ocsp->request.builder.len )
231 + 1 /* NUL */ );
232
233 /* Allocate and construct the base64-encoded request */
234 base64 = malloc ( base64_len );
235 if ( ! base64 ) {
236 rc = -ENOMEM;
237 goto err_alloc_base64;
238 }
239 base64_encode ( ocsp->request.builder.data, ocsp->request.builder.len,
240 base64, base64_len );
241
242 /* Calculate URI-encoded base64-encoded request length */
243 uri_len = ( uri_encode ( URI_PATH, base64, ( base64_len - 1 /* NUL */ ),
244 NULL, 0 ) + 1 /* NUL */ );
245
246 /* Allocate and construct the URI string */
247 len = ( responder->uri.len + 1 /* possible "/" */ + uri_len );
248 ocsp->uri_string = zalloc ( len );
249 if ( ! ocsp->uri_string ) {
250 rc = -ENOMEM;
251 goto err_alloc_uri;
252 }
253 memcpy ( ocsp->uri_string, responder->uri.data, responder->uri.len );
254 sep = &ocsp->uri_string[ responder->uri.len - 1 ];
255 if ( *sep != '/' )
256 *(++sep) = '/';
257 uri_encode ( URI_PATH, base64, base64_len, ( sep + 1 ), uri_len );
258 DBGC2 ( ocsp, "OCSP %p \"%s\" URI is %s\n",
259 ocsp, x509_name ( ocsp->cert ), ocsp->uri_string );
260
261 /* Success */
262 rc = 0;
263
264 err_alloc_uri:
265 free ( base64 );
266 err_alloc_base64:
267 err_no_uri:
268 return rc;
269 }
270
271 /**
272 * Create OCSP check
273 *
274 * @v cert Certificate to check
275 * @v issuer Issuing certificate
276 * @ret ocsp OCSP check
277 * @ret rc Return status code
278 */
279 int ocsp_check ( struct x509_certificate *cert,
280 struct x509_certificate *issuer,
281 struct ocsp_check **ocsp ) {
282 int rc;
283
284 /* Sanity checks */
285 assert ( cert != NULL );
286 assert ( issuer != NULL );
287 assert ( x509_is_valid ( issuer ) );
288
289 /* Allocate and initialise check */
290 *ocsp = zalloc ( sizeof ( **ocsp ) );
291 if ( ! *ocsp ) {
292 rc = -ENOMEM;
293 goto err_alloc;
294 }
295 ref_init ( &(*ocsp)->refcnt, ocsp_free );
296 (*ocsp)->cert = x509_get ( cert );
297 (*ocsp)->issuer = x509_get ( issuer );
298
299 /* Build request */
300 if ( ( rc = ocsp_request ( *ocsp ) ) != 0 )
301 goto err_request;
302
303 /* Build URI string */
304 if ( ( rc = ocsp_uri_string ( *ocsp ) ) != 0 )
305 goto err_uri_string;
306
307 return 0;
308
309 err_uri_string:
310 err_request:
311 ocsp_put ( *ocsp );
312 err_alloc:
313 *ocsp = NULL;
314 return rc;
315 }
316
317 /**
318 * Parse OCSP response status
319 *
320 * @v ocsp OCSP check
321 * @v raw ASN.1 cursor
322 * @ret rc Return status code
323 */
324 static int ocsp_parse_response_status ( struct ocsp_check *ocsp,
325 const struct asn1_cursor *raw ) {
326 struct asn1_cursor cursor;
327 uint8_t status;
328 int rc;
329
330 /* Enter responseStatus */
331 memcpy ( &cursor, raw, sizeof ( cursor ) );
332 if ( ( rc = asn1_enter ( &cursor, ASN1_ENUMERATED ) ) != 0 ) {
333 DBGC ( ocsp, "OCSP %p \"%s\" could not locate responseStatus: "
334 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
335 return rc;
336 }
337
338 /* Extract response status */
339 if ( cursor.len != sizeof ( status ) ) {
340 DBGC ( ocsp, "OCSP %p \"%s\" invalid status:\n",
341 ocsp, x509_name ( ocsp->cert ) );
342 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
343 return -EINVAL;
344 }
345 memcpy ( &status, cursor.data, sizeof ( status ) );
346
347 /* Check response status */
348 if ( status != OCSP_STATUS_SUCCESSFUL ) {
349 DBGC ( ocsp, "OCSP %p \"%s\" response status %d\n",
350 ocsp, x509_name ( ocsp->cert ), status );
351 return EPROTO_STATUS ( status );
352 }
353
354 return 0;
355 }
356
357 /**
358 * Parse OCSP response type
359 *
360 * @v ocsp OCSP check
361 * @v raw ASN.1 cursor
362 * @ret rc Return status code
363 */
364 static int ocsp_parse_response_type ( struct ocsp_check *ocsp,
365 const struct asn1_cursor *raw ) {
366 struct asn1_cursor cursor;
367
368 /* Enter responseType */
369 memcpy ( &cursor, raw, sizeof ( cursor ) );
370 asn1_enter ( &cursor, ASN1_OID );
371
372 /* Check responseType is "basic" */
373 if ( asn1_compare ( &oid_basic_response_type_cursor, &cursor ) != 0 ) {
374 DBGC ( ocsp, "OCSP %p \"%s\" response type not supported:\n",
375 ocsp, x509_name ( ocsp->cert ) );
376 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
377 return -ENOTSUP_RESPONSE_TYPE;
378 }
379
380 return 0;
381 }
382
383 /**
384 * Compare responder's certificate name
385 *
386 * @v ocsp OCSP check
387 * @v cert Certificate
388 * @ret difference Difference as returned by memcmp()
389 */
390 static int ocsp_compare_responder_name ( struct ocsp_check *ocsp,
391 struct x509_certificate *cert ) {
392 struct ocsp_responder *responder = &ocsp->response.responder;
393
394 /* Compare responder ID with certificate's subject */
395 return asn1_compare ( &responder->id, &cert->subject.raw );
396 }
397
398 /**
399 * Compare responder's certificate public key hash
400 *
401 * @v ocsp OCSP check
402 * @v cert Certificate
403 * @ret difference Difference as returned by memcmp()
404 */
405 static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,
406 struct x509_certificate *cert ) {
407 struct ocsp_responder *responder = &ocsp->response.responder;
408 struct asn1_cursor key_hash;
409 uint8_t ctx[SHA1_CTX_SIZE];
410 uint8_t digest[SHA1_DIGEST_SIZE];
411 int difference;
412
413 /* Enter responder key hash */
414 memcpy ( &key_hash, &responder->id, sizeof ( key_hash ) );
415 asn1_enter ( &key_hash, ASN1_OCTET_STRING );
416
417 /* Sanity check */
418 difference = ( sizeof ( digest ) - key_hash.len );
419 if ( difference )
420 return difference;
421
422 /* Generate SHA1 hash of certificate's public key */
423 digest_init ( &sha1_algorithm, ctx );
424 digest_update ( &sha1_algorithm, ctx,
425 cert->subject.public_key.raw_bits.data,
426 cert->subject.public_key.raw_bits.len );
427 digest_final ( &sha1_algorithm, ctx, digest );
428
429 /* Compare responder key hash with hash of certificate's public key */
430 return memcmp ( digest, key_hash.data, sizeof ( digest ) );
431 }
432
433 /**
434 * Parse OCSP responder ID
435 *
436 * @v ocsp OCSP check
437 * @v raw ASN.1 cursor
438 * @ret rc Return status code
439 */
440 static int ocsp_parse_responder_id ( struct ocsp_check *ocsp,
441 const struct asn1_cursor *raw ) {
442 struct ocsp_responder *responder = &ocsp->response.responder;
443 struct asn1_cursor *responder_id = &responder->id;
444 unsigned int type;
445
446 /* Enter responder ID */
447 memcpy ( responder_id, raw, sizeof ( *responder_id ) );
448 type = asn1_type ( responder_id );
449 asn1_enter_any ( responder_id );
450
451 /* Identify responder ID type */
452 switch ( type ) {
453 case ASN1_EXPLICIT_TAG ( 1 ) :
454 DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by name\n",
455 ocsp, x509_name ( ocsp->cert ) );
456 responder->compare = ocsp_compare_responder_name;
457 return 0;
458 case ASN1_EXPLICIT_TAG ( 2 ) :
459 DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by key "
460 "hash\n", ocsp, x509_name ( ocsp->cert ) );
461 responder->compare = ocsp_compare_responder_key_hash;
462 return 0;
463 default:
464 DBGC ( ocsp, "OCSP %p \"%s\" unsupported responder ID type "
465 "%d\n", ocsp, x509_name ( ocsp->cert ), type );
466 return -ENOTSUP_RESPONDER_ID;
467 }
468 }
469
470 /**
471 * Parse OCSP certificate ID
472 *
473 * @v ocsp OCSP check
474 * @v raw ASN.1 cursor
475 * @ret rc Return status code
476 */
477 static int ocsp_parse_cert_id ( struct ocsp_check *ocsp,
478 const struct asn1_cursor *raw ) {
479 struct asn1_cursor cursor;
480 struct asn1_algorithm *algorithm;
481 int rc;
482
483 /* Check certID algorithm */
484 memcpy ( &cursor, raw, sizeof ( cursor ) );
485 asn1_enter ( &cursor, ASN1_SEQUENCE );
486 if ( ( rc = asn1_digest_algorithm ( &cursor, &algorithm ) ) != 0 ) {
487 DBGC ( ocsp, "OCSP %p \"%s\" certID unknown algorithm: %s\n",
488 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
489 return rc;
490 }
491 if ( algorithm->digest != &ocsp_digest_algorithm ) {
492 DBGC ( ocsp, "OCSP %p \"%s\" certID wrong algorithm %s\n",
493 ocsp, x509_name ( ocsp->cert ),
494 algorithm->digest->name );
495 return -EACCES_CERT_MISMATCH;
496 }
497
498 /* Check remaining certID fields */
499 asn1_skip ( &cursor, ASN1_SEQUENCE );
500 if ( asn1_compare ( &cursor, &ocsp->request.cert_id_tail ) != 0 ) {
501 DBGC ( ocsp, "OCSP %p \"%s\" certID mismatch:\n",
502 ocsp, x509_name ( ocsp->cert ) );
503 DBGC_HDA ( ocsp, 0, ocsp->request.cert_id_tail.data,
504 ocsp->request.cert_id_tail.len );
505 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
506 return -EACCES_CERT_MISMATCH;
507 }
508
509 return 0;
510 }
511
512 /**
513 * Parse OCSP responses
514 *
515 * @v ocsp OCSP check
516 * @v raw ASN.1 cursor
517 * @ret rc Return status code
518 */
519 static int ocsp_parse_responses ( struct ocsp_check *ocsp,
520 const struct asn1_cursor *raw ) {
521 struct ocsp_response *response = &ocsp->response;
522 struct asn1_cursor cursor;
523 int rc;
524
525 /* Enter responses */
526 memcpy ( &cursor, raw, sizeof ( cursor ) );
527 asn1_enter ( &cursor, ASN1_SEQUENCE );
528
529 /* Enter first singleResponse */
530 asn1_enter ( &cursor, ASN1_SEQUENCE );
531
532 /* Parse certID */
533 if ( ( rc = ocsp_parse_cert_id ( ocsp, &cursor ) ) != 0 )
534 return rc;
535 asn1_skip_any ( &cursor );
536
537 /* Check certStatus */
538 if ( asn1_type ( &cursor ) != ASN1_IMPLICIT_TAG ( 0 ) ) {
539 DBGC ( ocsp, "OCSP %p \"%s\" non-good certStatus:\n",
540 ocsp, x509_name ( ocsp->cert ) );
541 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
542 return -EACCES_CERT_STATUS;
543 }
544 asn1_skip_any ( &cursor );
545
546 /* Parse thisUpdate */
547 if ( ( rc = asn1_generalized_time ( &cursor,
548 &response->this_update ) ) != 0 ) {
549 DBGC ( ocsp, "OCSP %p \"%s\" could not parse thisUpdate: %s\n",
550 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
551 return rc;
552 }
553 DBGC2 ( ocsp, "OCSP %p \"%s\" this update was at time %lld\n",
554 ocsp, x509_name ( ocsp->cert ), response->this_update );
555 asn1_skip_any ( &cursor );
556
557 /* Parse nextUpdate, if present */
558 if ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) {
559 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
560 if ( ( rc = asn1_generalized_time ( &cursor,
561 &response->next_update ) ) != 0 ) {
562 DBGC ( ocsp, "OCSP %p \"%s\" could not parse "
563 "nextUpdate: %s\n", ocsp,
564 x509_name ( ocsp->cert ), strerror ( rc ) );
565 return rc;
566 }
567 DBGC2 ( ocsp, "OCSP %p \"%s\" next update is at time %lld\n",
568 ocsp, x509_name ( ocsp->cert ), response->next_update );
569 } else {
570 /* If no nextUpdate is present, this indicates that
571 * "newer revocation information is available all the
572 * time". Actually, this indicates that there is no
573 * point to performing the OCSP check, since an
574 * attacker could replay the response at any future
575 * time and it would still be valid.
576 */
577 DBGC ( ocsp, "OCSP %p \"%s\" responder is a moron\n",
578 ocsp, x509_name ( ocsp->cert ) );
579 response->next_update = time ( NULL );
580 }
581
582 return 0;
583 }
584
585 /**
586 * Parse OCSP response data
587 *
588 * @v ocsp OCSP check
589 * @v raw ASN.1 cursor
590 * @ret rc Return status code
591 */
592 static int ocsp_parse_tbs_response_data ( struct ocsp_check *ocsp,
593 const struct asn1_cursor *raw ) {
594 struct ocsp_response *response = &ocsp->response;
595 struct asn1_cursor cursor;
596 int rc;
597
598 /* Record raw tbsResponseData */
599 memcpy ( &cursor, raw, sizeof ( cursor ) );
600 asn1_shrink_any ( &cursor );
601 memcpy ( &response->tbs, &cursor, sizeof ( response->tbs ) );
602
603 /* Enter tbsResponseData */
604 asn1_enter ( &cursor, ASN1_SEQUENCE );
605
606 /* Skip version, if present */
607 asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
608
609 /* Parse responderID */
610 if ( ( rc = ocsp_parse_responder_id ( ocsp, &cursor ) ) != 0 )
611 return rc;
612 asn1_skip_any ( &cursor );
613
614 /* Skip producedAt */
615 asn1_skip_any ( &cursor );
616
617 /* Parse responses */
618 if ( ( rc = ocsp_parse_responses ( ocsp, &cursor ) ) != 0 )
619 return rc;
620
621 return 0;
622 }
623
624 /**
625 * Parse OCSP certificates
626 *
627 * @v ocsp OCSP check
628 * @v raw ASN.1 cursor
629 * @ret rc Return status code
630 */
631 static int ocsp_parse_certs ( struct ocsp_check *ocsp,
632 const struct asn1_cursor *raw ) {
633 struct ocsp_response *response = &ocsp->response;
634 struct asn1_cursor cursor;
635 struct x509_certificate *cert;
636 int rc;
637
638 /* Enter certs */
639 memcpy ( &cursor, raw, sizeof ( cursor ) );
640 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
641 asn1_enter ( &cursor, ASN1_SEQUENCE );
642
643 /* Parse certificate, if present. The data structure permits
644 * multiple certificates, but the protocol requires that the
645 * OCSP signing certificate must either be the issuer itself,
646 * or must be directly issued by the issuer (see RFC2560
647 * section 4.2.2.2 "Authorized Responders"). We therefore
648 * need to identify only the single certificate matching the
649 * Responder ID.
650 */
651 while ( cursor.len ) {
652
653 /* Parse certificate */
654 if ( ( rc = x509_certificate ( cursor.data, cursor.len,
655 &cert ) ) != 0 ) {
656 DBGC ( ocsp, "OCSP %p \"%s\" could not parse "
657 "certificate: %s\n", ocsp,
658 x509_name ( ocsp->cert ), strerror ( rc ) );
659 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
660 return rc;
661 }
662
663 /* Use if this certificate matches the responder ID */
664 if ( response->responder.compare ( ocsp, cert ) == 0 ) {
665 response->signer = cert;
666 DBGC2 ( ocsp, "OCSP %p \"%s\" response is signed by ",
667 ocsp, x509_name ( ocsp->cert ) );
668 DBGC2 ( ocsp, "\"%s\"\n",
669 x509_name ( response->signer ) );
670 return 0;
671 }
672
673 /* Otherwise, discard this certificate */
674 x509_put ( cert );
675 asn1_skip_any ( &cursor );
676 }
677
678 DBGC ( ocsp, "OCSP %p \"%s\" missing responder certificate\n",
679 ocsp, x509_name ( ocsp->cert ) );
680 return -EACCES_NO_RESPONDER;
681 }
682
683 /**
684 * Parse OCSP basic response
685 *
686 * @v ocsp OCSP check
687 * @v raw ASN.1 cursor
688 * @ret rc Return status code
689 */
690 static int ocsp_parse_basic_response ( struct ocsp_check *ocsp,
691 const struct asn1_cursor *raw ) {
692 struct ocsp_response *response = &ocsp->response;
693 struct asn1_algorithm **algorithm = &response->algorithm;
694 struct asn1_bit_string *signature = &response->signature;
695 struct asn1_cursor cursor;
696 int rc;
697
698 /* Enter BasicOCSPResponse */
699 memcpy ( &cursor, raw, sizeof ( cursor ) );
700 asn1_enter ( &cursor, ASN1_SEQUENCE );
701
702 /* Parse tbsResponseData */
703 if ( ( rc = ocsp_parse_tbs_response_data ( ocsp, &cursor ) ) != 0 )
704 return rc;
705 asn1_skip_any ( &cursor );
706
707 /* Parse signatureAlgorithm */
708 if ( ( rc = asn1_signature_algorithm ( &cursor, algorithm ) ) != 0 ) {
709 DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature "
710 "algorithm: %s\n",
711 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
712 return rc;
713 }
714 DBGC2 ( ocsp, "OCSP %p \"%s\" signature algorithm is %s\n",
715 ocsp, x509_name ( ocsp->cert ), (*algorithm)->name );
716 asn1_skip_any ( &cursor );
717
718 /* Parse signature */
719 if ( ( rc = asn1_integral_bit_string ( &cursor, signature ) ) != 0 ) {
720 DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature: %s\n",
721 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
722 return rc;
723 }
724 asn1_skip_any ( &cursor );
725
726 /* Parse certs, if present */
727 if ( ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) &&
728 ( ( rc = ocsp_parse_certs ( ocsp, &cursor ) ) != 0 ) )
729 return rc;
730
731 return 0;
732 }
733
734 /**
735 * Parse OCSP response bytes
736 *
737 * @v ocsp OCSP check
738 * @v raw ASN.1 cursor
739 * @ret rc Return status code
740 */
741 static int ocsp_parse_response_bytes ( struct ocsp_check *ocsp,
742 const struct asn1_cursor *raw ) {
743 struct asn1_cursor cursor;
744 int rc;
745
746 /* Enter responseBytes */
747 memcpy ( &cursor, raw, sizeof ( cursor ) );
748 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
749 asn1_enter ( &cursor, ASN1_SEQUENCE );
750
751 /* Parse responseType */
752 if ( ( rc = ocsp_parse_response_type ( ocsp, &cursor ) ) != 0 )
753 return rc;
754 asn1_skip_any ( &cursor );
755
756 /* Enter response */
757 asn1_enter ( &cursor, ASN1_OCTET_STRING );
758
759 /* Parse response */
760 if ( ( rc = ocsp_parse_basic_response ( ocsp, &cursor ) ) != 0 )
761 return rc;
762
763 return 0;
764 }
765
766 /**
767 * Parse OCSP response
768 *
769 * @v ocsp OCSP check
770 * @v raw ASN.1 cursor
771 * @ret rc Return status code
772 */
773 static int ocsp_parse_response ( struct ocsp_check *ocsp,
774 const struct asn1_cursor *raw ) {
775 struct asn1_cursor cursor;
776 int rc;
777
778 /* Enter OCSPResponse */
779 memcpy ( &cursor, raw, sizeof ( cursor ) );
780 asn1_enter ( &cursor, ASN1_SEQUENCE );
781
782 /* Parse responseStatus */
783 if ( ( rc = ocsp_parse_response_status ( ocsp, &cursor ) ) != 0 )
784 return rc;
785 asn1_skip_any ( &cursor );
786
787 /* Parse responseBytes */
788 if ( ( rc = ocsp_parse_response_bytes ( ocsp, &cursor ) ) != 0 )
789 return rc;
790
791 return 0;
792 }
793
794 /**
795 * Receive OCSP response
796 *
797 * @v ocsp OCSP check
798 * @v data Response data
799 * @v len Length of response data
800 * @ret rc Return status code
801 */
802 int ocsp_response ( struct ocsp_check *ocsp, const void *data, size_t len ) {
803 struct ocsp_response *response = &ocsp->response;
804 struct asn1_cursor cursor;
805 int rc;
806
807 /* Duplicate data */
808 x509_put ( response->signer );
809 response->signer = NULL;
810 free ( response->data );
811 response->data = malloc ( len );
812 if ( ! response->data )
813 return -ENOMEM;
814 memcpy ( response->data, data, len );
815 cursor.data = response->data;
816 cursor.len = len;
817
818 /* Parse response */
819 if ( ( rc = ocsp_parse_response ( ocsp, &cursor ) ) != 0 )
820 return rc;
821
822 return 0;
823 }
824
825 /**
826 * OCSP dummy root certificate store
827 *
828 * OCSP validation uses no root certificates, since it takes place
829 * only when there already exists a validated issuer certificate.
830 */
831 static struct x509_root ocsp_root = {
832 .digest = &ocsp_digest_algorithm,
833 .count = 0,
834 .fingerprints = NULL,
835 };
836
837 /**
838 * Check OCSP response signature
839 *
840 * @v ocsp OCSP check
841 * @v signer Signing certificate
842 * @ret rc Return status code
843 */
844 static int ocsp_check_signature ( struct ocsp_check *ocsp,
845 struct x509_certificate *signer ) {
846 struct ocsp_response *response = &ocsp->response;
847 struct digest_algorithm *digest = response->algorithm->digest;
848 struct pubkey_algorithm *pubkey = response->algorithm->pubkey;
849 struct x509_public_key *public_key = &signer->subject.public_key;
850 uint8_t digest_ctx[ digest->ctxsize ];
851 uint8_t digest_out[ digest->digestsize ];
852 uint8_t pubkey_ctx[ pubkey->ctxsize ];
853 int rc;
854
855 /* Generate digest */
856 digest_init ( digest, digest_ctx );
857 digest_update ( digest, digest_ctx, response->tbs.data,
858 response->tbs.len );
859 digest_final ( digest, digest_ctx, digest_out );
860
861 /* Initialise public-key algorithm */
862 if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, public_key->raw.data,
863 public_key->raw.len ) ) != 0 ) {
864 DBGC ( ocsp, "OCSP %p \"%s\" could not initialise public key: "
865 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
866 goto err_init;
867 }
868
869 /* Verify digest */
870 if ( ( rc = pubkey_verify ( pubkey, pubkey_ctx, digest, digest_out,
871 response->signature.data,
872 response->signature.len ) ) != 0 ) {
873 DBGC ( ocsp, "OCSP %p \"%s\" signature verification failed: "
874 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
875 goto err_verify;
876 }
877
878 DBGC2 ( ocsp, "OCSP %p \"%s\" signature is correct\n",
879 ocsp, x509_name ( ocsp->cert ) );
880
881 err_verify:
882 pubkey_final ( pubkey, pubkey_ctx );
883 err_init:
884 return rc;
885 }
886
887 /**
888 * Validate OCSP response
889 *
890 * @v ocsp OCSP check
891 * @v time Time at which to validate response
892 * @ret rc Return status code
893 */
894 int ocsp_validate ( struct ocsp_check *ocsp, time_t time ) {
895 struct ocsp_response *response = &ocsp->response;
896 struct x509_certificate *signer;
897 int rc;
898
899 /* Sanity checks */
900 assert ( response->data != NULL );
901
902 /* The response may include a signer certificate; if this is
903 * not present then the response must have been signed
904 * directly by the issuer.
905 */
906 signer = ( response->signer ? response->signer : ocsp->issuer );
907
908 /* Validate signer, if applicable. If the signer is not the
909 * issuer, then it must be signed directly by the issuer.
910 */
911 if ( signer != ocsp->issuer ) {
912 /* Forcibly invalidate the signer, since we need to
913 * ensure that it was signed by our issuer (and not
914 * some other issuer). This prevents a sub-CA's OCSP
915 * certificate from fraudulently signing OCSP
916 * responses from the parent CA.
917 */
918 x509_invalidate ( signer );
919 if ( ( rc = x509_validate ( signer, ocsp->issuer, time,
920 &ocsp_root ) ) != 0 ) {
921 DBGC ( ocsp, "OCSP %p \"%s\" could not validate ",
922 ocsp, x509_name ( ocsp->cert ) );
923 DBGC ( ocsp, "signer \"%s\": %s\n",
924 x509_name ( signer ), strerror ( rc ) );
925 return rc;
926 }
927
928 /* If signer is not the issuer, then it must have the
929 * extendedKeyUsage id-kp-OCSPSigning.
930 */
931 if ( ! ( signer->extensions.ext_usage.bits &
932 X509_OCSP_SIGNING ) ) {
933 DBGC ( ocsp, "OCSP %p \"%s\" ",
934 ocsp, x509_name ( ocsp->cert ) );
935 DBGC ( ocsp, "signer \"%s\" is not an OCSP-signing "
936 "certificate\n", x509_name ( signer ) );
937 return -EACCES_NON_OCSP_SIGNING;
938 }
939 }
940
941 /* Check OCSP response signature */
942 if ( ( rc = ocsp_check_signature ( ocsp, signer ) ) != 0 )
943 return rc;
944
945 /* Check OCSP response is valid at the specified time
946 * (allowing for some margin of error).
947 */
948 if ( response->this_update > ( time + TIMESTAMP_ERROR_MARGIN ) ) {
949 DBGC ( ocsp, "OCSP %p \"%s\" response is not yet valid (at "
950 "time %lld)\n", ocsp, x509_name ( ocsp->cert ), time );
951 return -EACCES_STALE;
952 }
953 if ( response->next_update < ( time - TIMESTAMP_ERROR_MARGIN ) ) {
954 DBGC ( ocsp, "OCSP %p \"%s\" response is stale (at time "
955 "%lld)\n", ocsp, x509_name ( ocsp->cert ), time );
956 return -EACCES_STALE;
957 }
958 DBGC2 ( ocsp, "OCSP %p \"%s\" response is valid (at time %lld)\n",
959 ocsp, x509_name ( ocsp->cert ), time );
960
961 /* Mark certificate as passing OCSP verification */
962 ocsp->cert->extensions.auth_info.ocsp.good = 1;
963
964 /* Validate certificate against issuer */
965 if ( ( rc = x509_validate ( ocsp->cert, ocsp->issuer, time,
966 &ocsp_root ) ) != 0 ) {
967 DBGC ( ocsp, "OCSP %p \"%s\" could not validate certificate: "
968 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
969 return rc;
970 }
971 DBGC ( ocsp, "OCSP %p \"%s\" successfully validated ",
972 ocsp, x509_name ( ocsp->cert ) );
973 DBGC ( ocsp, "using \"%s\"\n", x509_name ( signer ) );
974
975 return 0;
976 }