[uri] Avoid potentially large stack allocation
[ipxe.git] / src / crypto / ocsp.c
1 /*
2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 */
19
20 FILE_LICENCE ( GPL2_OR_LATER );
21
22 #include <stdint.h>
23 #include <stdlib.h>
24 #include <stdio.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <ipxe/asn1.h>
28 #include <ipxe/x509.h>
29 #include <ipxe/sha1.h>
30 #include <ipxe/base64.h>
31 #include <ipxe/uri.h>
32 #include <ipxe/ocsp.h>
33 #include <config/crypto.h>
34
35 /** @file
36 *
37 * Online Certificate Status Protocol
38 *
39 */
40
41 /* Disambiguate the various error causes */
42 #define EACCES_CERT_STATUS \
43 __einfo_error ( EINFO_EACCES_CERT_STATUS )
44 #define EINFO_EACCES_CERT_STATUS \
45 __einfo_uniqify ( EINFO_EACCES, 0x01, \
46 "Certificate status not good" )
47 #define EACCES_CERT_MISMATCH \
48 __einfo_error ( EINFO_EACCES_CERT_MISMATCH )
49 #define EINFO_EACCES_CERT_MISMATCH \
50 __einfo_uniqify ( EINFO_EACCES, 0x02, \
51 "Certificate ID mismatch" )
52 #define EACCES_NON_OCSP_SIGNING \
53 __einfo_error ( EINFO_EACCES_NON_OCSP_SIGNING )
54 #define EINFO_EACCES_NON_OCSP_SIGNING \
55 __einfo_uniqify ( EINFO_EACCES, 0x03, \
56 "Not an OCSP signing certificate" )
57 #define EACCES_STALE \
58 __einfo_error ( EINFO_EACCES_STALE )
59 #define EINFO_EACCES_STALE \
60 __einfo_uniqify ( EINFO_EACCES, 0x04, \
61 "Stale (or premature) OCSP repsonse" )
62 #define EACCES_NO_RESPONDER \
63 __einfo_error ( EINFO_EACCES_NO_RESPONDER )
64 #define EINFO_EACCES_NO_RESPONDER \
65 __einfo_uniqify ( EINFO_EACCES, 0x05, \
66 "Missing OCSP responder certificate" )
67 #define ENOTSUP_RESPONSE_TYPE \
68 __einfo_error ( EINFO_ENOTSUP_RESPONSE_TYPE )
69 #define EINFO_ENOTSUP_RESPONSE_TYPE \
70 __einfo_uniqify ( EINFO_ENOTSUP, 0x01, \
71 "Unsupported OCSP response type" )
72 #define ENOTSUP_RESPONDER_ID \
73 __einfo_error ( EINFO_ENOTSUP_RESPONDER_ID )
74 #define EINFO_ENOTSUP_RESPONDER_ID \
75 __einfo_uniqify ( EINFO_ENOTSUP, 0x02, \
76 "Unsupported OCSP responder ID" )
77 #define EPROTO_MALFORMED_REQUEST \
78 __einfo_error ( EINFO_EPROTO_MALFORMED_REQUEST )
79 #define EINFO_EPROTO_MALFORMED_REQUEST \
80 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_MALFORMED_REQUEST, \
81 "Illegal confirmation request" )
82 #define EPROTO_INTERNAL_ERROR \
83 __einfo_error ( EINFO_EPROTO_INTERNAL_ERROR )
84 #define EINFO_EPROTO_INTERNAL_ERROR \
85 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_INTERNAL_ERROR, \
86 "Internal error in issuer" )
87 #define EPROTO_TRY_LATER \
88 __einfo_error ( EINFO_EPROTO_TRY_LATER )
89 #define EINFO_EPROTO_TRY_LATER \
90 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_TRY_LATER, \
91 "Try again later" )
92 #define EPROTO_SIG_REQUIRED \
93 __einfo_error ( EINFO_EPROTO_SIG_REQUIRED )
94 #define EINFO_EPROTO_SIG_REQUIRED \
95 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_SIG_REQUIRED, \
96 "Must sign the request" )
97 #define EPROTO_UNAUTHORIZED \
98 __einfo_error ( EINFO_EPROTO_UNAUTHORIZED )
99 #define EINFO_EPROTO_UNAUTHORIZED \
100 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_UNAUTHORIZED, \
101 "Request unauthorized" )
102 #define EPROTO_STATUS( status ) \
103 EUNIQ ( EINFO_EPROTO, (status), EPROTO_MALFORMED_REQUEST, \
104 EPROTO_INTERNAL_ERROR, EPROTO_TRY_LATER, \
105 EPROTO_SIG_REQUIRED, EPROTO_UNAUTHORIZED )
106
107 /** OCSP digest algorithm */
108 #define ocsp_digest_algorithm sha1_algorithm
109
110 /** OCSP digest algorithm identifier */
111 static const uint8_t ocsp_algorithm_id[] =
112 { OCSP_ALGORITHM_IDENTIFIER ( ASN1_OID_SHA1 ) };
113
114 /** OCSP basic response type */
115 static const uint8_t oid_basic_response_type[] = { ASN1_OID_OCSP_BASIC };
116
117 /** OCSP basic response type cursor */
118 static struct asn1_cursor oid_basic_response_type_cursor =
119 ASN1_OID_CURSOR ( oid_basic_response_type );
120
121 /**
122 * Free OCSP check
123 *
124 * @v refcnt Reference count
125 */
126 static void ocsp_free ( struct refcnt *refcnt ) {
127 struct ocsp_check *ocsp =
128 container_of ( refcnt, struct ocsp_check, refcnt );
129
130 x509_put ( ocsp->cert );
131 x509_put ( ocsp->issuer );
132 free ( ocsp->uri_string );
133 free ( ocsp->request.builder.data );
134 free ( ocsp->response.data );
135 x509_put ( ocsp->response.signer );
136 free ( ocsp );
137 }
138
139 /**
140 * Build OCSP request
141 *
142 * @v ocsp OCSP check
143 * @ret rc Return status code
144 */
145 static int ocsp_request ( struct ocsp_check *ocsp ) {
146 struct digest_algorithm *digest = &ocsp_digest_algorithm;
147 struct asn1_builder *builder = &ocsp->request.builder;
148 struct asn1_cursor *cert_id = &ocsp->request.cert_id;
149 uint8_t digest_ctx[digest->ctxsize];
150 uint8_t name_digest[digest->digestsize];
151 uint8_t pubkey_digest[digest->digestsize];
152 int rc;
153
154 /* Generate digests */
155 digest_init ( digest, digest_ctx );
156 digest_update ( digest, digest_ctx, ocsp->cert->issuer.raw.data,
157 ocsp->cert->issuer.raw.len );
158 digest_final ( digest, digest_ctx, name_digest );
159 digest_init ( digest, digest_ctx );
160 digest_update ( digest, digest_ctx,
161 ocsp->issuer->subject.public_key.raw_bits.data,
162 ocsp->issuer->subject.public_key.raw_bits.len );
163 digest_final ( digest, digest_ctx, pubkey_digest );
164
165 /* Construct request */
166 if ( ( rc = ( asn1_prepend_raw ( builder, ocsp->cert->serial.raw.data,
167 ocsp->cert->serial.raw.len ),
168 asn1_prepend ( builder, ASN1_OCTET_STRING,
169 pubkey_digest, sizeof ( pubkey_digest ) ),
170 asn1_prepend ( builder, ASN1_OCTET_STRING,
171 name_digest, sizeof ( name_digest ) ),
172 asn1_prepend ( builder, ASN1_SEQUENCE,
173 ocsp_algorithm_id,
174 sizeof ( ocsp_algorithm_id ) ),
175 asn1_wrap ( builder, ASN1_SEQUENCE ),
176 asn1_wrap ( builder, ASN1_SEQUENCE ),
177 asn1_wrap ( builder, ASN1_SEQUENCE ),
178 asn1_wrap ( builder, ASN1_SEQUENCE ),
179 asn1_wrap ( builder, ASN1_SEQUENCE ) ) ) != 0 ) {
180 DBGC ( ocsp, "OCSP %p \"%s\" could not build request: %s\n",
181 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
182 return rc;
183 }
184 DBGC2 ( ocsp, "OCSP %p \"%s\" request is:\n",
185 ocsp, x509_name ( ocsp->cert ) );
186 DBGC2_HDA ( ocsp, 0, builder->data, builder->len );
187
188 /* Parse certificate ID for comparison with response */
189 cert_id->data = builder->data;
190 cert_id->len = builder->len;
191 if ( ( rc = ( asn1_enter ( cert_id, ASN1_SEQUENCE ),
192 asn1_enter ( cert_id, ASN1_SEQUENCE ),
193 asn1_enter ( cert_id, ASN1_SEQUENCE ),
194 asn1_enter ( cert_id, ASN1_SEQUENCE ) ) ) != 0 ) {
195 DBGC ( ocsp, "OCSP %p \"%s\" could not locate certID: %s\n",
196 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
197 return rc;
198 }
199
200 return 0;
201 }
202
203 /**
204 * Build OCSP URI string
205 *
206 * @v ocsp OCSP check
207 * @ret rc Return status code
208 */
209 static int ocsp_uri_string ( struct ocsp_check *ocsp ) {
210 struct x509_ocsp_responder *responder =
211 &ocsp->cert->extensions.auth_info.ocsp;
212 struct uri path_uri;
213 char *path_base64_string;
214 char *path_uri_string;
215 size_t path_len;
216 size_t len;
217 int rc;
218
219 /* Sanity check */
220 if ( ! responder->uri.len ) {
221 DBGC ( ocsp, "OCSP %p \"%s\" has no OCSP URI\n",
222 ocsp, x509_name ( ocsp->cert ) );
223 rc = -ENOTTY;
224 goto err_no_uri;
225 }
226
227 /* Base64-encode the request as the URI path */
228 path_len = ( base64_encoded_len ( ocsp->request.builder.len )
229 + 1 /* NUL */ );
230 path_base64_string = malloc ( path_len );
231 if ( ! path_base64_string ) {
232 rc = -ENOMEM;
233 goto err_path_base64;
234 }
235 base64_encode ( ocsp->request.builder.data, ocsp->request.builder.len,
236 path_base64_string, path_len );
237
238 /* URI-encode the Base64-encoded request */
239 memset ( &path_uri, 0, sizeof ( path_uri ) );
240 path_uri.path = path_base64_string;
241 path_uri_string = format_uri_alloc ( &path_uri );
242 if ( ! path_uri_string ) {
243 rc = -ENOMEM;
244 goto err_path_uri;
245 }
246
247 /* Construct URI string */
248 len = ( responder->uri.len + strlen ( path_uri_string ) + 1 /* NUL */ );
249 ocsp->uri_string = zalloc ( len );
250 if ( ! ocsp->uri_string ) {
251 rc = -ENOMEM;
252 goto err_ocsp_uri;
253 }
254 memcpy ( ocsp->uri_string, responder->uri.data, responder->uri.len );
255 strcpy ( &ocsp->uri_string[responder->uri.len], path_uri_string );
256 DBGC2 ( ocsp, "OCSP %p \"%s\" URI is %s\n",
257 ocsp, x509_name ( ocsp->cert ), ocsp->uri_string );
258
259 /* Success */
260 rc = 0;
261
262 err_ocsp_uri:
263 free ( path_uri_string );
264 err_path_uri:
265 free ( path_base64_string );
266 err_path_base64:
267 err_no_uri:
268 return rc;
269 }
270
271 /**
272 * Create OCSP check
273 *
274 * @v cert Certificate to check
275 * @v issuer Issuing certificate
276 * @ret ocsp OCSP check
277 * @ret rc Return status code
278 */
279 int ocsp_check ( struct x509_certificate *cert,
280 struct x509_certificate *issuer,
281 struct ocsp_check **ocsp ) {
282 int rc;
283
284 /* Sanity checks */
285 assert ( cert != NULL );
286 assert ( issuer != NULL );
287 assert ( issuer->valid );
288
289 /* Allocate and initialise check */
290 *ocsp = zalloc ( sizeof ( **ocsp ) );
291 if ( ! *ocsp ) {
292 rc = -ENOMEM;
293 goto err_alloc;
294 }
295 ref_init ( &(*ocsp)->refcnt, ocsp_free );
296 (*ocsp)->cert = x509_get ( cert );
297 (*ocsp)->issuer = x509_get ( issuer );
298
299 /* Build request */
300 if ( ( rc = ocsp_request ( *ocsp ) ) != 0 )
301 goto err_request;
302
303 /* Build URI string */
304 if ( ( rc = ocsp_uri_string ( *ocsp ) ) != 0 )
305 goto err_uri_string;
306
307 return 0;
308
309 err_uri_string:
310 err_request:
311 ocsp_put ( *ocsp );
312 err_alloc:
313 *ocsp = NULL;
314 return rc;
315 }
316
317 /**
318 * Parse OCSP response status
319 *
320 * @v ocsp OCSP check
321 * @v raw ASN.1 cursor
322 * @ret rc Return status code
323 */
324 static int ocsp_parse_response_status ( struct ocsp_check *ocsp,
325 const struct asn1_cursor *raw ) {
326 struct asn1_cursor cursor;
327 uint8_t status;
328 int rc;
329
330 /* Enter responseStatus */
331 memcpy ( &cursor, raw, sizeof ( cursor ) );
332 if ( ( rc = asn1_enter ( &cursor, ASN1_ENUMERATED ) ) != 0 ) {
333 DBGC ( ocsp, "OCSP %p \"%s\" could not locate responseStatus: "
334 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
335 return rc;
336 }
337
338 /* Extract response status */
339 if ( cursor.len != sizeof ( status ) ) {
340 DBGC ( ocsp, "OCSP %p \"%s\" invalid status:\n",
341 ocsp, x509_name ( ocsp->cert ) );
342 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
343 return -EINVAL;
344 }
345 memcpy ( &status, cursor.data, sizeof ( status ) );
346
347 /* Check response status */
348 if ( status != OCSP_STATUS_SUCCESSFUL ) {
349 DBGC ( ocsp, "OCSP %p \"%s\" response status %d\n",
350 ocsp, x509_name ( ocsp->cert ), status );
351 return EPROTO_STATUS ( status );
352 }
353
354 return 0;
355 }
356
357 /**
358 * Parse OCSP response type
359 *
360 * @v ocsp OCSP check
361 * @v raw ASN.1 cursor
362 * @ret rc Return status code
363 */
364 static int ocsp_parse_response_type ( struct ocsp_check *ocsp,
365 const struct asn1_cursor *raw ) {
366 struct asn1_cursor cursor;
367
368 /* Enter responseType */
369 memcpy ( &cursor, raw, sizeof ( cursor ) );
370 asn1_enter ( &cursor, ASN1_OID );
371
372 /* Check responseType is "basic" */
373 if ( asn1_compare ( &oid_basic_response_type_cursor, &cursor ) != 0 ) {
374 DBGC ( ocsp, "OCSP %p \"%s\" response type not supported:\n",
375 ocsp, x509_name ( ocsp->cert ) );
376 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
377 return -ENOTSUP_RESPONSE_TYPE;
378 }
379
380 return 0;
381 }
382
383 /**
384 * Compare responder's certificate name
385 *
386 * @v ocsp OCSP check
387 * @v cert Certificate
388 * @ret difference Difference as returned by memcmp()
389 */
390 static int ocsp_compare_responder_name ( struct ocsp_check *ocsp,
391 struct x509_certificate *cert ) {
392 struct ocsp_responder *responder = &ocsp->response.responder;
393
394 /* Compare responder ID with certificate's subject */
395 return asn1_compare ( &responder->id, &cert->subject.raw );
396 }
397
398 /**
399 * Compare responder's certificate public key hash
400 *
401 * @v ocsp OCSP check
402 * @v cert Certificate
403 * @ret difference Difference as returned by memcmp()
404 */
405 static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,
406 struct x509_certificate *cert ) {
407 struct ocsp_responder *responder = &ocsp->response.responder;
408 struct asn1_cursor key_hash;
409 uint8_t ctx[SHA1_CTX_SIZE];
410 uint8_t digest[SHA1_DIGEST_SIZE];
411 int difference;
412
413 /* Enter responder key hash */
414 memcpy ( &key_hash, &responder->id, sizeof ( key_hash ) );
415 asn1_enter ( &key_hash, ASN1_OCTET_STRING );
416
417 /* Sanity check */
418 difference = ( sizeof ( digest ) - key_hash.len );
419 if ( difference )
420 return difference;
421
422 /* Generate SHA1 hash of certificate's public key */
423 digest_init ( &sha1_algorithm, ctx );
424 digest_update ( &sha1_algorithm, ctx,
425 cert->subject.public_key.raw_bits.data,
426 cert->subject.public_key.raw_bits.len );
427 digest_final ( &sha1_algorithm, ctx, digest );
428
429 /* Compare responder key hash with hash of certificate's public key */
430 return memcmp ( digest, key_hash.data, sizeof ( digest ) );
431 }
432
433 /**
434 * Parse OCSP responder ID
435 *
436 * @v ocsp OCSP check
437 * @v raw ASN.1 cursor
438 * @ret rc Return status code
439 */
440 static int ocsp_parse_responder_id ( struct ocsp_check *ocsp,
441 const struct asn1_cursor *raw ) {
442 struct ocsp_responder *responder = &ocsp->response.responder;
443 struct asn1_cursor *responder_id = &responder->id;
444 unsigned int type;
445
446 /* Enter responder ID */
447 memcpy ( responder_id, raw, sizeof ( *responder_id ) );
448 type = asn1_type ( responder_id );
449 asn1_enter_any ( responder_id );
450
451 /* Identify responder ID type */
452 switch ( type ) {
453 case ASN1_EXPLICIT_TAG ( 1 ) :
454 DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by name\n",
455 ocsp, x509_name ( ocsp->cert ) );
456 responder->compare = ocsp_compare_responder_name;
457 return 0;
458 case ASN1_EXPLICIT_TAG ( 2 ) :
459 DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by key "
460 "hash\n", ocsp, x509_name ( ocsp->cert ) );
461 responder->compare = ocsp_compare_responder_key_hash;
462 return 0;
463 default:
464 DBGC ( ocsp, "OCSP %p \"%s\" unsupported responder ID type "
465 "%d\n", ocsp, x509_name ( ocsp->cert ), type );
466 return -ENOTSUP_RESPONDER_ID;
467 }
468 }
469
470 /**
471 * Parse OCSP certificate ID
472 *
473 * @v ocsp OCSP check
474 * @v raw ASN.1 cursor
475 * @ret rc Return status code
476 */
477 static int ocsp_parse_cert_id ( struct ocsp_check *ocsp,
478 const struct asn1_cursor *raw ) {
479 struct asn1_cursor cursor;
480
481 /* Check certID matches request */
482 memcpy ( &cursor, raw, sizeof ( cursor ) );
483 asn1_shrink_any ( &cursor );
484 if ( asn1_compare ( &cursor, &ocsp->request.cert_id ) != 0 ) {
485 DBGC ( ocsp, "OCSP %p \"%s\" certID mismatch:\n",
486 ocsp, x509_name ( ocsp->cert ) );
487 DBGC_HDA ( ocsp, 0, ocsp->request.cert_id.data,
488 ocsp->request.cert_id.len );
489 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
490 return -EACCES_CERT_MISMATCH;
491 }
492
493 return 0;
494 }
495
496 /**
497 * Parse OCSP responses
498 *
499 * @v ocsp OCSP check
500 * @v raw ASN.1 cursor
501 * @ret rc Return status code
502 */
503 static int ocsp_parse_responses ( struct ocsp_check *ocsp,
504 const struct asn1_cursor *raw ) {
505 struct ocsp_response *response = &ocsp->response;
506 struct asn1_cursor cursor;
507 int rc;
508
509 /* Enter responses */
510 memcpy ( &cursor, raw, sizeof ( cursor ) );
511 asn1_enter ( &cursor, ASN1_SEQUENCE );
512
513 /* Enter first singleResponse */
514 asn1_enter ( &cursor, ASN1_SEQUENCE );
515
516 /* Parse certID */
517 if ( ( rc = ocsp_parse_cert_id ( ocsp, &cursor ) ) != 0 )
518 return rc;
519 asn1_skip_any ( &cursor );
520
521 /* Check certStatus */
522 if ( asn1_type ( &cursor ) != ASN1_IMPLICIT_TAG ( 0 ) ) {
523 DBGC ( ocsp, "OCSP %p \"%s\" non-good certStatus:\n",
524 ocsp, x509_name ( ocsp->cert ) );
525 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
526 return -EACCES_CERT_STATUS;
527 }
528 asn1_skip_any ( &cursor );
529
530 /* Parse thisUpdate */
531 if ( ( rc = asn1_generalized_time ( &cursor,
532 &response->this_update ) ) != 0 ) {
533 DBGC ( ocsp, "OCSP %p \"%s\" could not parse thisUpdate: %s\n",
534 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
535 return rc;
536 }
537 DBGC2 ( ocsp, "OCSP %p \"%s\" this update was at time %lld\n",
538 ocsp, x509_name ( ocsp->cert ), response->this_update );
539 asn1_skip_any ( &cursor );
540
541 /* Parse nextUpdate, if present */
542 if ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) {
543 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
544 if ( ( rc = asn1_generalized_time ( &cursor,
545 &response->next_update ) ) != 0 ) {
546 DBGC ( ocsp, "OCSP %p \"%s\" could not parse "
547 "nextUpdate: %s\n", ocsp,
548 x509_name ( ocsp->cert ), strerror ( rc ) );
549 return rc;
550 }
551 DBGC2 ( ocsp, "OCSP %p \"%s\" next update is at time %lld\n",
552 ocsp, x509_name ( ocsp->cert ), response->next_update );
553 } else {
554 /* If no nextUpdate is present, this indicates that
555 * "newer revocation information is available all the
556 * time". Actually, this indicates that there is no
557 * point to performing the OCSP check, since an
558 * attacker could replay the response at any future
559 * time and it would still be valid.
560 */
561 DBGC ( ocsp, "OCSP %p \"%s\" responder is a moron\n",
562 ocsp, x509_name ( ocsp->cert ) );
563 response->next_update = time ( NULL );
564 }
565
566 return 0;
567 }
568
569 /**
570 * Parse OCSP response data
571 *
572 * @v ocsp OCSP check
573 * @v raw ASN.1 cursor
574 * @ret rc Return status code
575 */
576 static int ocsp_parse_tbs_response_data ( struct ocsp_check *ocsp,
577 const struct asn1_cursor *raw ) {
578 struct ocsp_response *response = &ocsp->response;
579 struct asn1_cursor cursor;
580 int rc;
581
582 /* Record raw tbsResponseData */
583 memcpy ( &cursor, raw, sizeof ( cursor ) );
584 asn1_shrink_any ( &cursor );
585 memcpy ( &response->tbs, &cursor, sizeof ( response->tbs ) );
586
587 /* Enter tbsResponseData */
588 asn1_enter ( &cursor, ASN1_SEQUENCE );
589
590 /* Skip version, if present */
591 asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
592
593 /* Parse responderID */
594 if ( ( rc = ocsp_parse_responder_id ( ocsp, &cursor ) ) != 0 )
595 return rc;
596 asn1_skip_any ( &cursor );
597
598 /* Skip producedAt */
599 asn1_skip_any ( &cursor );
600
601 /* Parse responses */
602 if ( ( rc = ocsp_parse_responses ( ocsp, &cursor ) ) != 0 )
603 return rc;
604
605 return 0;
606 }
607
608 /**
609 * Parse OCSP certificates
610 *
611 * @v ocsp OCSP check
612 * @v raw ASN.1 cursor
613 * @ret rc Return status code
614 */
615 static int ocsp_parse_certs ( struct ocsp_check *ocsp,
616 const struct asn1_cursor *raw ) {
617 struct ocsp_response *response = &ocsp->response;
618 struct asn1_cursor cursor;
619 struct x509_certificate *cert;
620 int rc;
621
622 /* Enter certs */
623 memcpy ( &cursor, raw, sizeof ( cursor ) );
624 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
625 asn1_enter ( &cursor, ASN1_SEQUENCE );
626
627 /* Parse certificate, if present. The data structure permits
628 * multiple certificates, but the protocol requires that the
629 * OCSP signing certificate must either be the issuer itself,
630 * or must be directly issued by the issuer (see RFC2560
631 * section 4.2.2.2 "Authorized Responders"). We therefore
632 * need to identify only the single certificate matching the
633 * Responder ID.
634 */
635 while ( cursor.len ) {
636
637 /* Parse certificate */
638 if ( ( rc = x509_certificate ( cursor.data, cursor.len,
639 &cert ) ) != 0 ) {
640 DBGC ( ocsp, "OCSP %p \"%s\" could not parse "
641 "certificate: %s\n", ocsp,
642 x509_name ( ocsp->cert ), strerror ( rc ) );
643 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
644 return rc;
645 }
646
647 /* Use if this certificate matches the responder ID */
648 if ( response->responder.compare ( ocsp, cert ) == 0 ) {
649 response->signer = cert;
650 DBGC2 ( ocsp, "OCSP %p \"%s\" response is signed by ",
651 ocsp, x509_name ( ocsp->cert ) );
652 DBGC2 ( ocsp, "\"%s\"\n",
653 x509_name ( response->signer ) );
654 return 0;
655 }
656
657 /* Otherwise, discard this certificate */
658 x509_put ( cert );
659 asn1_skip_any ( &cursor );
660 }
661
662 DBGC ( ocsp, "OCSP %p \"%s\" missing responder certificate\n",
663 ocsp, x509_name ( ocsp->cert ) );
664 return -EACCES_NO_RESPONDER;
665 }
666
667 /**
668 * Parse OCSP basic response
669 *
670 * @v ocsp OCSP check
671 * @v raw ASN.1 cursor
672 * @ret rc Return status code
673 */
674 static int ocsp_parse_basic_response ( struct ocsp_check *ocsp,
675 const struct asn1_cursor *raw ) {
676 struct ocsp_response *response = &ocsp->response;
677 struct asn1_algorithm **algorithm = &response->algorithm;
678 struct asn1_bit_string *signature = &response->signature;
679 struct asn1_cursor cursor;
680 int rc;
681
682 /* Enter BasicOCSPResponse */
683 memcpy ( &cursor, raw, sizeof ( cursor ) );
684 asn1_enter ( &cursor, ASN1_SEQUENCE );
685
686 /* Parse tbsResponseData */
687 if ( ( rc = ocsp_parse_tbs_response_data ( ocsp, &cursor ) ) != 0 )
688 return rc;
689 asn1_skip_any ( &cursor );
690
691 /* Parse signatureAlgorithm */
692 if ( ( rc = asn1_signature_algorithm ( &cursor, algorithm ) ) != 0 ) {
693 DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature "
694 "algorithm: %s\n",
695 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
696 return rc;
697 }
698 DBGC2 ( ocsp, "OCSP %p \"%s\" signature algorithm is %s\n",
699 ocsp, x509_name ( ocsp->cert ), (*algorithm)->name );
700 asn1_skip_any ( &cursor );
701
702 /* Parse signature */
703 if ( ( rc = asn1_integral_bit_string ( &cursor, signature ) ) != 0 ) {
704 DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature: %s\n",
705 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
706 return rc;
707 }
708 asn1_skip_any ( &cursor );
709
710 /* Parse certs, if present */
711 if ( ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) &&
712 ( ( rc = ocsp_parse_certs ( ocsp, &cursor ) ) != 0 ) )
713 return rc;
714
715 return 0;
716 }
717
718 /**
719 * Parse OCSP response bytes
720 *
721 * @v ocsp OCSP check
722 * @v raw ASN.1 cursor
723 * @ret rc Return status code
724 */
725 static int ocsp_parse_response_bytes ( struct ocsp_check *ocsp,
726 const struct asn1_cursor *raw ) {
727 struct asn1_cursor cursor;
728 int rc;
729
730 /* Enter responseBytes */
731 memcpy ( &cursor, raw, sizeof ( cursor ) );
732 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
733 asn1_enter ( &cursor, ASN1_SEQUENCE );
734
735 /* Parse responseType */
736 if ( ( rc = ocsp_parse_response_type ( ocsp, &cursor ) ) != 0 )
737 return rc;
738 asn1_skip_any ( &cursor );
739
740 /* Enter response */
741 asn1_enter ( &cursor, ASN1_OCTET_STRING );
742
743 /* Parse response */
744 if ( ( rc = ocsp_parse_basic_response ( ocsp, &cursor ) ) != 0 )
745 return rc;
746
747 return 0;
748 }
749
750 /**
751 * Parse OCSP response
752 *
753 * @v ocsp OCSP check
754 * @v raw ASN.1 cursor
755 * @ret rc Return status code
756 */
757 static int ocsp_parse_response ( struct ocsp_check *ocsp,
758 const struct asn1_cursor *raw ) {
759 struct asn1_cursor cursor;
760 int rc;
761
762 /* Enter OCSPResponse */
763 memcpy ( &cursor, raw, sizeof ( cursor ) );
764 asn1_enter ( &cursor, ASN1_SEQUENCE );
765
766 /* Parse responseStatus */
767 if ( ( rc = ocsp_parse_response_status ( ocsp, &cursor ) ) != 0 )
768 return rc;
769 asn1_skip_any ( &cursor );
770
771 /* Parse responseBytes */
772 if ( ( rc = ocsp_parse_response_bytes ( ocsp, &cursor ) ) != 0 )
773 return rc;
774
775 return 0;
776 }
777
778 /**
779 * Receive OCSP response
780 *
781 * @v ocsp OCSP check
782 * @v data Response data
783 * @v len Length of response data
784 * @ret rc Return status code
785 */
786 int ocsp_response ( struct ocsp_check *ocsp, const void *data, size_t len ) {
787 struct ocsp_response *response = &ocsp->response;
788 struct asn1_cursor cursor;
789 int rc;
790
791 /* Duplicate data */
792 x509_put ( response->signer );
793 response->signer = NULL;
794 free ( response->data );
795 response->data = malloc ( len );
796 if ( ! response->data )
797 return -ENOMEM;
798 memcpy ( response->data, data, len );
799 cursor.data = response->data;
800 cursor.len = len;
801
802 /* Parse response */
803 if ( ( rc = ocsp_parse_response ( ocsp, &cursor ) ) != 0 )
804 return rc;
805
806 return 0;
807 }
808
809 /**
810 * OCSP dummy root certificate store
811 *
812 * OCSP validation uses no root certificates, since it takes place
813 * only when there already exists a validated issuer certificate.
814 */
815 static struct x509_root ocsp_root = {
816 .digest = &ocsp_digest_algorithm,
817 .count = 0,
818 .fingerprints = NULL,
819 };
820
821 /**
822 * Check OCSP response signature
823 *
824 * @v ocsp OCSP check
825 * @v signer Signing certificate
826 * @ret rc Return status code
827 */
828 static int ocsp_check_signature ( struct ocsp_check *ocsp,
829 struct x509_certificate *signer ) {
830 struct ocsp_response *response = &ocsp->response;
831 struct digest_algorithm *digest = response->algorithm->digest;
832 struct pubkey_algorithm *pubkey = response->algorithm->pubkey;
833 struct x509_public_key *public_key = &signer->subject.public_key;
834 uint8_t digest_ctx[ digest->ctxsize ];
835 uint8_t digest_out[ digest->digestsize ];
836 uint8_t pubkey_ctx[ pubkey->ctxsize ];
837 int rc;
838
839 /* Generate digest */
840 digest_init ( digest, digest_ctx );
841 digest_update ( digest, digest_ctx, response->tbs.data,
842 response->tbs.len );
843 digest_final ( digest, digest_ctx, digest_out );
844
845 /* Initialise public-key algorithm */
846 if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, public_key->raw.data,
847 public_key->raw.len ) ) != 0 ) {
848 DBGC ( ocsp, "OCSP %p \"%s\" could not initialise public key: "
849 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
850 goto err_init;
851 }
852
853 /* Verify digest */
854 if ( ( rc = pubkey_verify ( pubkey, pubkey_ctx, digest, digest_out,
855 response->signature.data,
856 response->signature.len ) ) != 0 ) {
857 DBGC ( ocsp, "OCSP %p \"%s\" signature verification failed: "
858 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
859 goto err_verify;
860 }
861
862 DBGC2 ( ocsp, "OCSP %p \"%s\" signature is correct\n",
863 ocsp, x509_name ( ocsp->cert ) );
864
865 err_verify:
866 pubkey_final ( pubkey, pubkey_ctx );
867 err_init:
868 return rc;
869 }
870
871 /**
872 * Validate OCSP response
873 *
874 * @v ocsp OCSP check
875 * @v time Time at which to validate response
876 * @ret rc Return status code
877 */
878 int ocsp_validate ( struct ocsp_check *ocsp, time_t time ) {
879 struct ocsp_response *response = &ocsp->response;
880 struct x509_certificate *signer;
881 int rc;
882
883 /* Sanity checks */
884 assert ( response->data != NULL );
885
886 /* The response may include a signer certificate; if this is
887 * not present then the response must have been signed
888 * directly by the issuer.
889 */
890 signer = ( response->signer ? response->signer : ocsp->issuer );
891
892 /* Validate signer, if applicable. If the signer is not the
893 * issuer, then it must be signed directly by the issuer.
894 */
895 if ( signer != ocsp->issuer ) {
896 /* Forcibly invalidate the signer, since we need to
897 * ensure that it was signed by our issuer (and not
898 * some other issuer). This prevents a sub-CA's OCSP
899 * certificate from fraudulently signing OCSP
900 * responses from the parent CA.
901 */
902 x509_invalidate ( signer );
903 if ( ( rc = x509_validate ( signer, ocsp->issuer, time,
904 &ocsp_root ) ) != 0 ) {
905 DBGC ( ocsp, "OCSP %p \"%s\" could not validate ",
906 ocsp, x509_name ( ocsp->cert ) );
907 DBGC ( ocsp, "signer \"%s\": %s\n",
908 x509_name ( signer ), strerror ( rc ) );
909 return rc;
910 }
911
912 /* If signer is not the issuer, then it must have the
913 * extendedKeyUsage id-kp-OCSPSigning.
914 */
915 if ( ! ( signer->extensions.ext_usage.bits &
916 X509_OCSP_SIGNING ) ) {
917 DBGC ( ocsp, "OCSP %p \"%s\" ",
918 ocsp, x509_name ( ocsp->cert ) );
919 DBGC ( ocsp, "signer \"%s\" is not an OCSP-signing "
920 "certificate\n", x509_name ( signer ) );
921 return -EACCES_NON_OCSP_SIGNING;
922 }
923 }
924
925 /* Check OCSP response signature */
926 if ( ( rc = ocsp_check_signature ( ocsp, signer ) ) != 0 )
927 return rc;
928
929 /* Check OCSP response is valid at the specified time
930 * (allowing for some margin of error).
931 */
932 if ( response->this_update > ( time + TIMESTAMP_ERROR_MARGIN ) ) {
933 DBGC ( ocsp, "OCSP %p \"%s\" response is not yet valid (at "
934 "time %lld)\n", ocsp, x509_name ( ocsp->cert ), time );
935 return -EACCES_STALE;
936 }
937 if ( response->next_update < ( time - TIMESTAMP_ERROR_MARGIN ) ) {
938 DBGC ( ocsp, "OCSP %p \"%s\" response is stale (at time "
939 "%lld)\n", ocsp, x509_name ( ocsp->cert ), time );
940 return -EACCES_STALE;
941 }
942 DBGC2 ( ocsp, "OCSP %p \"%s\" response is valid (at time %lld)\n",
943 ocsp, x509_name ( ocsp->cert ), time );
944
945 /* Mark certificate as passing OCSP verification */
946 ocsp->cert->extensions.auth_info.ocsp.good = 1;
947
948 /* Validate certificate against issuer */
949 if ( ( rc = x509_validate ( ocsp->cert, ocsp->issuer, time,
950 &ocsp_root ) ) != 0 ) {
951 DBGC ( ocsp, "OCSP %p \"%s\" could not validate certificate: "
952 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
953 return rc;
954 }
955 DBGC ( ocsp, "OCSP %p \"%s\" successfully validated ",
956 ocsp, x509_name ( ocsp->cert ) );
957 DBGC ( ocsp, "using \"%s\"\n", x509_name ( signer ) );
958
959 return 0;
960 }