2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 FILE_LICENCE ( GPL2_OR_LATER
);
27 #include <ipxe/asn1.h>
28 #include <ipxe/x509.h>
29 #include <ipxe/sha1.h>
30 #include <ipxe/base64.h>
32 #include <ipxe/ocsp.h>
33 #include <config/crypto.h>
37 * Online Certificate Status Protocol
41 /* Disambiguate the various error causes */
42 #define EACCES_CERT_STATUS \
43 __einfo_error ( EINFO_EACCES_CERT_STATUS )
44 #define EINFO_EACCES_CERT_STATUS \
45 __einfo_uniqify ( EINFO_EACCES, 0x01, \
46 "Certificate status not good" )
47 #define EACCES_CERT_MISMATCH \
48 __einfo_error ( EINFO_EACCES_CERT_MISMATCH )
49 #define EINFO_EACCES_CERT_MISMATCH \
50 __einfo_uniqify ( EINFO_EACCES, 0x02, \
51 "Certificate ID mismatch" )
52 #define EACCES_NON_OCSP_SIGNING \
53 __einfo_error ( EINFO_EACCES_NON_OCSP_SIGNING )
54 #define EINFO_EACCES_NON_OCSP_SIGNING \
55 __einfo_uniqify ( EINFO_EACCES, 0x03, \
56 "Not an OCSP signing certificate" )
57 #define EACCES_STALE \
58 __einfo_error ( EINFO_EACCES_STALE )
59 #define EINFO_EACCES_STALE \
60 __einfo_uniqify ( EINFO_EACCES, 0x04, \
61 "Stale (or premature) OCSP repsonse" )
62 #define EACCES_NO_RESPONDER \
63 __einfo_error ( EINFO_EACCES_NO_RESPONDER )
64 #define EINFO_EACCES_NO_RESPONDER \
65 __einfo_uniqify ( EINFO_EACCES, 0x05, \
66 "Missing OCSP responder certificate" )
67 #define ENOTSUP_RESPONSE_TYPE \
68 __einfo_error ( EINFO_ENOTSUP_RESPONSE_TYPE )
69 #define EINFO_ENOTSUP_RESPONSE_TYPE \
70 __einfo_uniqify ( EINFO_ENOTSUP, 0x01, \
71 "Unsupported OCSP response type" )
72 #define ENOTSUP_RESPONDER_ID \
73 __einfo_error ( EINFO_ENOTSUP_RESPONDER_ID )
74 #define EINFO_ENOTSUP_RESPONDER_ID \
75 __einfo_uniqify ( EINFO_ENOTSUP, 0x02, \
76 "Unsupported OCSP responder ID" )
77 #define EPROTO_MALFORMED_REQUEST \
78 __einfo_error ( EINFO_EPROTO_MALFORMED_REQUEST )
79 #define EINFO_EPROTO_MALFORMED_REQUEST \
80 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_MALFORMED_REQUEST, \
81 "Illegal confirmation request" )
82 #define EPROTO_INTERNAL_ERROR \
83 __einfo_error ( EINFO_EPROTO_INTERNAL_ERROR )
84 #define EINFO_EPROTO_INTERNAL_ERROR \
85 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_INTERNAL_ERROR, \
86 "Internal error in issuer" )
87 #define EPROTO_TRY_LATER \
88 __einfo_error ( EINFO_EPROTO_TRY_LATER )
89 #define EINFO_EPROTO_TRY_LATER \
90 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_TRY_LATER, \
92 #define EPROTO_SIG_REQUIRED \
93 __einfo_error ( EINFO_EPROTO_SIG_REQUIRED )
94 #define EINFO_EPROTO_SIG_REQUIRED \
95 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_SIG_REQUIRED, \
96 "Must sign the request" )
97 #define EPROTO_UNAUTHORIZED \
98 __einfo_error ( EINFO_EPROTO_UNAUTHORIZED )
99 #define EINFO_EPROTO_UNAUTHORIZED \
100 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_UNAUTHORIZED, \
101 "Request unauthorized" )
102 #define EPROTO_STATUS( status ) \
103 EUNIQ ( EINFO_EPROTO, (status), EPROTO_MALFORMED_REQUEST, \
104 EPROTO_INTERNAL_ERROR, EPROTO_TRY_LATER, \
105 EPROTO_SIG_REQUIRED, EPROTO_UNAUTHORIZED )
107 /** OCSP digest algorithm */
108 #define ocsp_digest_algorithm sha1_algorithm
110 /** OCSP digest algorithm identifier */
111 static const uint8_t ocsp_algorithm_id
[] =
112 { OCSP_ALGORITHM_IDENTIFIER ( ASN1_OID_SHA1
) };
114 /** OCSP basic response type */
115 static const uint8_t oid_basic_response_type
[] = { ASN1_OID_OCSP_BASIC
};
117 /** OCSP basic response type cursor */
118 static struct asn1_cursor oid_basic_response_type_cursor
=
119 ASN1_OID_CURSOR ( oid_basic_response_type
);
124 * @v refcnt Reference count
126 static void ocsp_free ( struct refcnt
*refcnt
) {
127 struct ocsp_check
*ocsp
=
128 container_of ( refcnt
, struct ocsp_check
, refcnt
);
130 x509_put ( ocsp
->cert
);
131 x509_put ( ocsp
->issuer
);
132 free ( ocsp
->uri_string
);
133 free ( ocsp
->request
.builder
.data
);
134 free ( ocsp
->response
.data
);
135 x509_put ( ocsp
->response
.signer
);
143 * @ret rc Return status code
145 static int ocsp_request ( struct ocsp_check
*ocsp
) {
146 struct digest_algorithm
*digest
= &ocsp_digest_algorithm
;
147 struct asn1_builder
*builder
= &ocsp
->request
.builder
;
148 struct asn1_cursor
*cert_id
= &ocsp
->request
.cert_id
;
149 uint8_t digest_ctx
[digest
->ctxsize
];
150 uint8_t name_digest
[digest
->digestsize
];
151 uint8_t pubkey_digest
[digest
->digestsize
];
154 /* Generate digests */
155 digest_init ( digest
, digest_ctx
);
156 digest_update ( digest
, digest_ctx
, ocsp
->cert
->issuer
.raw
.data
,
157 ocsp
->cert
->issuer
.raw
.len
);
158 digest_final ( digest
, digest_ctx
, name_digest
);
159 digest_init ( digest
, digest_ctx
);
160 digest_update ( digest
, digest_ctx
,
161 ocsp
->issuer
->subject
.public_key
.raw_bits
.data
,
162 ocsp
->issuer
->subject
.public_key
.raw_bits
.len
);
163 digest_final ( digest
, digest_ctx
, pubkey_digest
);
165 /* Construct request */
166 if ( ( rc
= ( asn1_prepend_raw ( builder
, ocsp
->cert
->serial
.raw
.data
,
167 ocsp
->cert
->serial
.raw
.len
),
168 asn1_prepend ( builder
, ASN1_OCTET_STRING
,
169 pubkey_digest
, sizeof ( pubkey_digest
) ),
170 asn1_prepend ( builder
, ASN1_OCTET_STRING
,
171 name_digest
, sizeof ( name_digest
) ),
172 asn1_prepend ( builder
, ASN1_SEQUENCE
,
174 sizeof ( ocsp_algorithm_id
) ),
175 asn1_wrap ( builder
, ASN1_SEQUENCE
),
176 asn1_wrap ( builder
, ASN1_SEQUENCE
),
177 asn1_wrap ( builder
, ASN1_SEQUENCE
),
178 asn1_wrap ( builder
, ASN1_SEQUENCE
),
179 asn1_wrap ( builder
, ASN1_SEQUENCE
) ) ) != 0 ) {
180 DBGC ( ocsp
, "OCSP %p \"%s\" could not build request: %s\n",
181 ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
) );
184 DBGC2 ( ocsp
, "OCSP %p \"%s\" request is:\n",
185 ocsp
, x509_name ( ocsp
->cert
) );
186 DBGC2_HDA ( ocsp
, 0, builder
->data
, builder
->len
);
188 /* Parse certificate ID for comparison with response */
189 cert_id
->data
= builder
->data
;
190 cert_id
->len
= builder
->len
;
191 if ( ( rc
= ( asn1_enter ( cert_id
, ASN1_SEQUENCE
),
192 asn1_enter ( cert_id
, ASN1_SEQUENCE
),
193 asn1_enter ( cert_id
, ASN1_SEQUENCE
),
194 asn1_enter ( cert_id
, ASN1_SEQUENCE
) ) ) != 0 ) {
195 DBGC ( ocsp
, "OCSP %p \"%s\" could not locate certID: %s\n",
196 ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
) );
204 * Build OCSP URI string
207 * @ret rc Return status code
209 static int ocsp_uri_string ( struct ocsp_check
*ocsp
) {
210 struct x509_ocsp_responder
*responder
=
211 &ocsp
->cert
->extensions
.auth_info
.ocsp
;
213 char *path_base64_string
;
214 char *path_uri_string
;
220 if ( ! responder
->uri
.len
) {
221 DBGC ( ocsp
, "OCSP %p \"%s\" has no OCSP URI\n",
222 ocsp
, x509_name ( ocsp
->cert
) );
227 /* Base64-encode the request as the URI path */
228 path_len
= ( base64_encoded_len ( ocsp
->request
.builder
.len
)
230 path_base64_string
= malloc ( path_len
);
231 if ( ! path_base64_string
) {
233 goto err_path_base64
;
235 base64_encode ( ocsp
->request
.builder
.data
, ocsp
->request
.builder
.len
,
236 path_base64_string
, path_len
);
238 /* URI-encode the Base64-encoded request */
239 memset ( &path_uri
, 0, sizeof ( path_uri
) );
240 path_uri
.path
= path_base64_string
;
241 path_uri_string
= format_uri_alloc ( &path_uri
);
242 if ( ! path_uri_string
) {
247 /* Construct URI string */
248 len
= ( responder
->uri
.len
+ strlen ( path_uri_string
) + 1 /* NUL */ );
249 ocsp
->uri_string
= zalloc ( len
);
250 if ( ! ocsp
->uri_string
) {
254 memcpy ( ocsp
->uri_string
, responder
->uri
.data
, responder
->uri
.len
);
255 strcpy ( &ocsp
->uri_string
[responder
->uri
.len
], path_uri_string
);
256 DBGC2 ( ocsp
, "OCSP %p \"%s\" URI is %s\n",
257 ocsp
, x509_name ( ocsp
->cert
), ocsp
->uri_string
);
263 free ( path_uri_string
);
265 free ( path_base64_string
);
274 * @v cert Certificate to check
275 * @v issuer Issuing certificate
276 * @ret ocsp OCSP check
277 * @ret rc Return status code
279 int ocsp_check ( struct x509_certificate
*cert
,
280 struct x509_certificate
*issuer
,
281 struct ocsp_check
**ocsp
) {
285 assert ( cert
!= NULL
);
286 assert ( issuer
!= NULL
);
287 assert ( issuer
->valid
);
289 /* Allocate and initialise check */
290 *ocsp
= zalloc ( sizeof ( **ocsp
) );
295 ref_init ( &(*ocsp
)->refcnt
, ocsp_free
);
296 (*ocsp
)->cert
= x509_get ( cert
);
297 (*ocsp
)->issuer
= x509_get ( issuer
);
300 if ( ( rc
= ocsp_request ( *ocsp
) ) != 0 )
303 /* Build URI string */
304 if ( ( rc
= ocsp_uri_string ( *ocsp
) ) != 0 )
318 * Parse OCSP response status
321 * @v raw ASN.1 cursor
322 * @ret rc Return status code
324 static int ocsp_parse_response_status ( struct ocsp_check
*ocsp
,
325 const struct asn1_cursor
*raw
) {
326 struct asn1_cursor cursor
;
330 /* Enter responseStatus */
331 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
332 if ( ( rc
= asn1_enter ( &cursor
, ASN1_ENUMERATED
) ) != 0 ) {
333 DBGC ( ocsp
, "OCSP %p \"%s\" could not locate responseStatus: "
334 "%s\n", ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
));
338 /* Extract response status */
339 if ( cursor
.len
!= sizeof ( status
) ) {
340 DBGC ( ocsp
, "OCSP %p \"%s\" invalid status:\n",
341 ocsp
, x509_name ( ocsp
->cert
) );
342 DBGC_HDA ( ocsp
, 0, cursor
.data
, cursor
.len
);
345 memcpy ( &status
, cursor
.data
, sizeof ( status
) );
347 /* Check response status */
348 if ( status
!= OCSP_STATUS_SUCCESSFUL
) {
349 DBGC ( ocsp
, "OCSP %p \"%s\" response status %d\n",
350 ocsp
, x509_name ( ocsp
->cert
), status
);
351 return EPROTO_STATUS ( status
);
358 * Parse OCSP response type
361 * @v raw ASN.1 cursor
362 * @ret rc Return status code
364 static int ocsp_parse_response_type ( struct ocsp_check
*ocsp
,
365 const struct asn1_cursor
*raw
) {
366 struct asn1_cursor cursor
;
368 /* Enter responseType */
369 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
370 asn1_enter ( &cursor
, ASN1_OID
);
372 /* Check responseType is "basic" */
373 if ( asn1_compare ( &oid_basic_response_type_cursor
, &cursor
) != 0 ) {
374 DBGC ( ocsp
, "OCSP %p \"%s\" response type not supported:\n",
375 ocsp
, x509_name ( ocsp
->cert
) );
376 DBGC_HDA ( ocsp
, 0, cursor
.data
, cursor
.len
);
377 return -ENOTSUP_RESPONSE_TYPE
;
384 * Compare responder's certificate name
387 * @v cert Certificate
388 * @ret difference Difference as returned by memcmp()
390 static int ocsp_compare_responder_name ( struct ocsp_check
*ocsp
,
391 struct x509_certificate
*cert
) {
392 struct ocsp_responder
*responder
= &ocsp
->response
.responder
;
394 /* Compare responder ID with certificate's subject */
395 return asn1_compare ( &responder
->id
, &cert
->subject
.raw
);
399 * Compare responder's certificate public key hash
402 * @v cert Certificate
403 * @ret difference Difference as returned by memcmp()
405 static int ocsp_compare_responder_key_hash ( struct ocsp_check
*ocsp
,
406 struct x509_certificate
*cert
) {
407 struct ocsp_responder
*responder
= &ocsp
->response
.responder
;
408 struct asn1_cursor key_hash
;
409 uint8_t ctx
[SHA1_CTX_SIZE
];
410 uint8_t digest
[SHA1_DIGEST_SIZE
];
413 /* Enter responder key hash */
414 memcpy ( &key_hash
, &responder
->id
, sizeof ( key_hash
) );
415 asn1_enter ( &key_hash
, ASN1_OCTET_STRING
);
418 difference
= ( sizeof ( digest
) - key_hash
.len
);
422 /* Generate SHA1 hash of certificate's public key */
423 digest_init ( &sha1_algorithm
, ctx
);
424 digest_update ( &sha1_algorithm
, ctx
,
425 cert
->subject
.public_key
.raw_bits
.data
,
426 cert
->subject
.public_key
.raw_bits
.len
);
427 digest_final ( &sha1_algorithm
, ctx
, digest
);
429 /* Compare responder key hash with hash of certificate's public key */
430 return memcmp ( digest
, key_hash
.data
, sizeof ( digest
) );
434 * Parse OCSP responder ID
437 * @v raw ASN.1 cursor
438 * @ret rc Return status code
440 static int ocsp_parse_responder_id ( struct ocsp_check
*ocsp
,
441 const struct asn1_cursor
*raw
) {
442 struct ocsp_responder
*responder
= &ocsp
->response
.responder
;
443 struct asn1_cursor
*responder_id
= &responder
->id
;
446 /* Enter responder ID */
447 memcpy ( responder_id
, raw
, sizeof ( *responder_id
) );
448 type
= asn1_type ( responder_id
);
449 asn1_enter_any ( responder_id
);
451 /* Identify responder ID type */
453 case ASN1_EXPLICIT_TAG ( 1 ) :
454 DBGC2 ( ocsp
, "OCSP %p \"%s\" responder identified by name\n",
455 ocsp
, x509_name ( ocsp
->cert
) );
456 responder
->compare
= ocsp_compare_responder_name
;
458 case ASN1_EXPLICIT_TAG ( 2 ) :
459 DBGC2 ( ocsp
, "OCSP %p \"%s\" responder identified by key "
460 "hash\n", ocsp
, x509_name ( ocsp
->cert
) );
461 responder
->compare
= ocsp_compare_responder_key_hash
;
464 DBGC ( ocsp
, "OCSP %p \"%s\" unsupported responder ID type "
465 "%d\n", ocsp
, x509_name ( ocsp
->cert
), type
);
466 return -ENOTSUP_RESPONDER_ID
;
471 * Parse OCSP certificate ID
474 * @v raw ASN.1 cursor
475 * @ret rc Return status code
477 static int ocsp_parse_cert_id ( struct ocsp_check
*ocsp
,
478 const struct asn1_cursor
*raw
) {
479 struct asn1_cursor cursor
;
481 /* Check certID matches request */
482 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
483 asn1_shrink_any ( &cursor
);
484 if ( asn1_compare ( &cursor
, &ocsp
->request
.cert_id
) != 0 ) {
485 DBGC ( ocsp
, "OCSP %p \"%s\" certID mismatch:\n",
486 ocsp
, x509_name ( ocsp
->cert
) );
487 DBGC_HDA ( ocsp
, 0, ocsp
->request
.cert_id
.data
,
488 ocsp
->request
.cert_id
.len
);
489 DBGC_HDA ( ocsp
, 0, cursor
.data
, cursor
.len
);
490 return -EACCES_CERT_MISMATCH
;
497 * Parse OCSP responses
500 * @v raw ASN.1 cursor
501 * @ret rc Return status code
503 static int ocsp_parse_responses ( struct ocsp_check
*ocsp
,
504 const struct asn1_cursor
*raw
) {
505 struct ocsp_response
*response
= &ocsp
->response
;
506 struct asn1_cursor cursor
;
509 /* Enter responses */
510 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
511 asn1_enter ( &cursor
, ASN1_SEQUENCE
);
513 /* Enter first singleResponse */
514 asn1_enter ( &cursor
, ASN1_SEQUENCE
);
517 if ( ( rc
= ocsp_parse_cert_id ( ocsp
, &cursor
) ) != 0 )
519 asn1_skip_any ( &cursor
);
521 /* Check certStatus */
522 if ( asn1_type ( &cursor
) != ASN1_IMPLICIT_TAG ( 0 ) ) {
523 DBGC ( ocsp
, "OCSP %p \"%s\" non-good certStatus:\n",
524 ocsp
, x509_name ( ocsp
->cert
) );
525 DBGC_HDA ( ocsp
, 0, cursor
.data
, cursor
.len
);
526 return -EACCES_CERT_STATUS
;
528 asn1_skip_any ( &cursor
);
530 /* Parse thisUpdate */
531 if ( ( rc
= asn1_generalized_time ( &cursor
,
532 &response
->this_update
) ) != 0 ) {
533 DBGC ( ocsp
, "OCSP %p \"%s\" could not parse thisUpdate: %s\n",
534 ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
) );
537 DBGC2 ( ocsp
, "OCSP %p \"%s\" this update was at time %lld\n",
538 ocsp
, x509_name ( ocsp
->cert
), response
->this_update
);
539 asn1_skip_any ( &cursor
);
541 /* Parse nextUpdate, if present */
542 if ( asn1_type ( &cursor
) == ASN1_EXPLICIT_TAG ( 0 ) ) {
543 asn1_enter ( &cursor
, ASN1_EXPLICIT_TAG ( 0 ) );
544 if ( ( rc
= asn1_generalized_time ( &cursor
,
545 &response
->next_update
) ) != 0 ) {
546 DBGC ( ocsp
, "OCSP %p \"%s\" could not parse "
547 "nextUpdate: %s\n", ocsp
,
548 x509_name ( ocsp
->cert
), strerror ( rc
) );
551 DBGC2 ( ocsp
, "OCSP %p \"%s\" next update is at time %lld\n",
552 ocsp
, x509_name ( ocsp
->cert
), response
->next_update
);
554 /* If no nextUpdate is present, this indicates that
555 * "newer revocation information is available all the
556 * time". Actually, this indicates that there is no
557 * point to performing the OCSP check, since an
558 * attacker could replay the response at any future
559 * time and it would still be valid.
561 DBGC ( ocsp
, "OCSP %p \"%s\" responder is a moron\n",
562 ocsp
, x509_name ( ocsp
->cert
) );
563 response
->next_update
= time ( NULL
);
570 * Parse OCSP response data
573 * @v raw ASN.1 cursor
574 * @ret rc Return status code
576 static int ocsp_parse_tbs_response_data ( struct ocsp_check
*ocsp
,
577 const struct asn1_cursor
*raw
) {
578 struct ocsp_response
*response
= &ocsp
->response
;
579 struct asn1_cursor cursor
;
582 /* Record raw tbsResponseData */
583 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
584 asn1_shrink_any ( &cursor
);
585 memcpy ( &response
->tbs
, &cursor
, sizeof ( response
->tbs
) );
587 /* Enter tbsResponseData */
588 asn1_enter ( &cursor
, ASN1_SEQUENCE
);
590 /* Skip version, if present */
591 asn1_skip_if_exists ( &cursor
, ASN1_EXPLICIT_TAG ( 0 ) );
593 /* Parse responderID */
594 if ( ( rc
= ocsp_parse_responder_id ( ocsp
, &cursor
) ) != 0 )
596 asn1_skip_any ( &cursor
);
598 /* Skip producedAt */
599 asn1_skip_any ( &cursor
);
601 /* Parse responses */
602 if ( ( rc
= ocsp_parse_responses ( ocsp
, &cursor
) ) != 0 )
609 * Parse OCSP certificates
612 * @v raw ASN.1 cursor
613 * @ret rc Return status code
615 static int ocsp_parse_certs ( struct ocsp_check
*ocsp
,
616 const struct asn1_cursor
*raw
) {
617 struct ocsp_response
*response
= &ocsp
->response
;
618 struct asn1_cursor cursor
;
619 struct x509_certificate
*cert
;
623 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
624 asn1_enter ( &cursor
, ASN1_EXPLICIT_TAG ( 0 ) );
625 asn1_enter ( &cursor
, ASN1_SEQUENCE
);
627 /* Parse certificate, if present. The data structure permits
628 * multiple certificates, but the protocol requires that the
629 * OCSP signing certificate must either be the issuer itself,
630 * or must be directly issued by the issuer (see RFC2560
631 * section 4.2.2.2 "Authorized Responders"). We therefore
632 * need to identify only the single certificate matching the
635 while ( cursor
.len
) {
637 /* Parse certificate */
638 if ( ( rc
= x509_certificate ( cursor
.data
, cursor
.len
,
640 DBGC ( ocsp
, "OCSP %p \"%s\" could not parse "
641 "certificate: %s\n", ocsp
,
642 x509_name ( ocsp
->cert
), strerror ( rc
) );
643 DBGC_HDA ( ocsp
, 0, cursor
.data
, cursor
.len
);
647 /* Use if this certificate matches the responder ID */
648 if ( response
->responder
.compare ( ocsp
, cert
) == 0 ) {
649 response
->signer
= cert
;
650 DBGC2 ( ocsp
, "OCSP %p \"%s\" response is signed by ",
651 ocsp
, x509_name ( ocsp
->cert
) );
652 DBGC2 ( ocsp
, "\"%s\"\n",
653 x509_name ( response
->signer
) );
657 /* Otherwise, discard this certificate */
659 asn1_skip_any ( &cursor
);
662 DBGC ( ocsp
, "OCSP %p \"%s\" missing responder certificate\n",
663 ocsp
, x509_name ( ocsp
->cert
) );
664 return -EACCES_NO_RESPONDER
;
668 * Parse OCSP basic response
671 * @v raw ASN.1 cursor
672 * @ret rc Return status code
674 static int ocsp_parse_basic_response ( struct ocsp_check
*ocsp
,
675 const struct asn1_cursor
*raw
) {
676 struct ocsp_response
*response
= &ocsp
->response
;
677 struct asn1_algorithm
**algorithm
= &response
->algorithm
;
678 struct asn1_bit_string
*signature
= &response
->signature
;
679 struct asn1_cursor cursor
;
682 /* Enter BasicOCSPResponse */
683 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
684 asn1_enter ( &cursor
, ASN1_SEQUENCE
);
686 /* Parse tbsResponseData */
687 if ( ( rc
= ocsp_parse_tbs_response_data ( ocsp
, &cursor
) ) != 0 )
689 asn1_skip_any ( &cursor
);
691 /* Parse signatureAlgorithm */
692 if ( ( rc
= asn1_signature_algorithm ( &cursor
, algorithm
) ) != 0 ) {
693 DBGC ( ocsp
, "OCSP %p \"%s\" cannot parse signature "
695 ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
) );
698 DBGC2 ( ocsp
, "OCSP %p \"%s\" signature algorithm is %s\n",
699 ocsp
, x509_name ( ocsp
->cert
), (*algorithm
)->name
);
700 asn1_skip_any ( &cursor
);
702 /* Parse signature */
703 if ( ( rc
= asn1_integral_bit_string ( &cursor
, signature
) ) != 0 ) {
704 DBGC ( ocsp
, "OCSP %p \"%s\" cannot parse signature: %s\n",
705 ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
) );
708 asn1_skip_any ( &cursor
);
710 /* Parse certs, if present */
711 if ( ( asn1_type ( &cursor
) == ASN1_EXPLICIT_TAG ( 0 ) ) &&
712 ( ( rc
= ocsp_parse_certs ( ocsp
, &cursor
) ) != 0 ) )
719 * Parse OCSP response bytes
722 * @v raw ASN.1 cursor
723 * @ret rc Return status code
725 static int ocsp_parse_response_bytes ( struct ocsp_check
*ocsp
,
726 const struct asn1_cursor
*raw
) {
727 struct asn1_cursor cursor
;
730 /* Enter responseBytes */
731 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
732 asn1_enter ( &cursor
, ASN1_EXPLICIT_TAG ( 0 ) );
733 asn1_enter ( &cursor
, ASN1_SEQUENCE
);
735 /* Parse responseType */
736 if ( ( rc
= ocsp_parse_response_type ( ocsp
, &cursor
) ) != 0 )
738 asn1_skip_any ( &cursor
);
741 asn1_enter ( &cursor
, ASN1_OCTET_STRING
);
744 if ( ( rc
= ocsp_parse_basic_response ( ocsp
, &cursor
) ) != 0 )
751 * Parse OCSP response
754 * @v raw ASN.1 cursor
755 * @ret rc Return status code
757 static int ocsp_parse_response ( struct ocsp_check
*ocsp
,
758 const struct asn1_cursor
*raw
) {
759 struct asn1_cursor cursor
;
762 /* Enter OCSPResponse */
763 memcpy ( &cursor
, raw
, sizeof ( cursor
) );
764 asn1_enter ( &cursor
, ASN1_SEQUENCE
);
766 /* Parse responseStatus */
767 if ( ( rc
= ocsp_parse_response_status ( ocsp
, &cursor
) ) != 0 )
769 asn1_skip_any ( &cursor
);
771 /* Parse responseBytes */
772 if ( ( rc
= ocsp_parse_response_bytes ( ocsp
, &cursor
) ) != 0 )
779 * Receive OCSP response
782 * @v data Response data
783 * @v len Length of response data
784 * @ret rc Return status code
786 int ocsp_response ( struct ocsp_check
*ocsp
, const void *data
, size_t len
) {
787 struct ocsp_response
*response
= &ocsp
->response
;
788 struct asn1_cursor cursor
;
792 x509_put ( response
->signer
);
793 response
->signer
= NULL
;
794 free ( response
->data
);
795 response
->data
= malloc ( len
);
796 if ( ! response
->data
)
798 memcpy ( response
->data
, data
, len
);
799 cursor
.data
= response
->data
;
803 if ( ( rc
= ocsp_parse_response ( ocsp
, &cursor
) ) != 0 )
810 * OCSP dummy root certificate store
812 * OCSP validation uses no root certificates, since it takes place
813 * only when there already exists a validated issuer certificate.
815 static struct x509_root ocsp_root
= {
816 .digest
= &ocsp_digest_algorithm
,
818 .fingerprints
= NULL
,
822 * Check OCSP response signature
825 * @v signer Signing certificate
826 * @ret rc Return status code
828 static int ocsp_check_signature ( struct ocsp_check
*ocsp
,
829 struct x509_certificate
*signer
) {
830 struct ocsp_response
*response
= &ocsp
->response
;
831 struct digest_algorithm
*digest
= response
->algorithm
->digest
;
832 struct pubkey_algorithm
*pubkey
= response
->algorithm
->pubkey
;
833 struct x509_public_key
*public_key
= &signer
->subject
.public_key
;
834 uint8_t digest_ctx
[ digest
->ctxsize
];
835 uint8_t digest_out
[ digest
->digestsize
];
836 uint8_t pubkey_ctx
[ pubkey
->ctxsize
];
839 /* Generate digest */
840 digest_init ( digest
, digest_ctx
);
841 digest_update ( digest
, digest_ctx
, response
->tbs
.data
,
843 digest_final ( digest
, digest_ctx
, digest_out
);
845 /* Initialise public-key algorithm */
846 if ( ( rc
= pubkey_init ( pubkey
, pubkey_ctx
, public_key
->raw
.data
,
847 public_key
->raw
.len
) ) != 0 ) {
848 DBGC ( ocsp
, "OCSP %p \"%s\" could not initialise public key: "
849 "%s\n", ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
));
854 if ( ( rc
= pubkey_verify ( pubkey
, pubkey_ctx
, digest
, digest_out
,
855 response
->signature
.data
,
856 response
->signature
.len
) ) != 0 ) {
857 DBGC ( ocsp
, "OCSP %p \"%s\" signature verification failed: "
858 "%s\n", ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
));
862 DBGC2 ( ocsp
, "OCSP %p \"%s\" signature is correct\n",
863 ocsp
, x509_name ( ocsp
->cert
) );
866 pubkey_final ( pubkey
, pubkey_ctx
);
872 * Validate OCSP response
875 * @v time Time at which to validate response
876 * @ret rc Return status code
878 int ocsp_validate ( struct ocsp_check
*ocsp
, time_t time
) {
879 struct ocsp_response
*response
= &ocsp
->response
;
880 struct x509_certificate
*signer
;
884 assert ( response
->data
!= NULL
);
886 /* The response may include a signer certificate; if this is
887 * not present then the response must have been signed
888 * directly by the issuer.
890 signer
= ( response
->signer ? response
->signer
: ocsp
->issuer
);
892 /* Validate signer, if applicable. If the signer is not the
893 * issuer, then it must be signed directly by the issuer.
895 if ( signer
!= ocsp
->issuer
) {
896 /* Forcibly invalidate the signer, since we need to
897 * ensure that it was signed by our issuer (and not
898 * some other issuer). This prevents a sub-CA's OCSP
899 * certificate from fraudulently signing OCSP
900 * responses from the parent CA.
902 x509_invalidate ( signer
);
903 if ( ( rc
= x509_validate ( signer
, ocsp
->issuer
, time
,
904 &ocsp_root
) ) != 0 ) {
905 DBGC ( ocsp
, "OCSP %p \"%s\" could not validate ",
906 ocsp
, x509_name ( ocsp
->cert
) );
907 DBGC ( ocsp
, "signer \"%s\": %s\n",
908 x509_name ( signer
), strerror ( rc
) );
912 /* If signer is not the issuer, then it must have the
913 * extendedKeyUsage id-kp-OCSPSigning.
915 if ( ! ( signer
->extensions
.ext_usage
.bits
&
916 X509_OCSP_SIGNING
) ) {
917 DBGC ( ocsp
, "OCSP %p \"%s\" ",
918 ocsp
, x509_name ( ocsp
->cert
) );
919 DBGC ( ocsp
, "signer \"%s\" is not an OCSP-signing "
920 "certificate\n", x509_name ( signer
) );
921 return -EACCES_NON_OCSP_SIGNING
;
925 /* Check OCSP response signature */
926 if ( ( rc
= ocsp_check_signature ( ocsp
, signer
) ) != 0 )
929 /* Check OCSP response is valid at the specified time
930 * (allowing for some margin of error).
932 if ( response
->this_update
> ( time
+ TIMESTAMP_ERROR_MARGIN
) ) {
933 DBGC ( ocsp
, "OCSP %p \"%s\" response is not yet valid (at "
934 "time %lld)\n", ocsp
, x509_name ( ocsp
->cert
), time
);
935 return -EACCES_STALE
;
937 if ( response
->next_update
< ( time
- TIMESTAMP_ERROR_MARGIN
) ) {
938 DBGC ( ocsp
, "OCSP %p \"%s\" response is stale (at time "
939 "%lld)\n", ocsp
, x509_name ( ocsp
->cert
), time
);
940 return -EACCES_STALE
;
942 DBGC2 ( ocsp
, "OCSP %p \"%s\" response is valid (at time %lld)\n",
943 ocsp
, x509_name ( ocsp
->cert
), time
);
945 /* Mark certificate as passing OCSP verification */
946 ocsp
->cert
->extensions
.auth_info
.ocsp
.good
= 1;
948 /* Validate certificate against issuer */
949 if ( ( rc
= x509_validate ( ocsp
->cert
, ocsp
->issuer
, time
,
950 &ocsp_root
) ) != 0 ) {
951 DBGC ( ocsp
, "OCSP %p \"%s\" could not validate certificate: "
952 "%s\n", ocsp
, x509_name ( ocsp
->cert
), strerror ( rc
));
955 DBGC ( ocsp
, "OCSP %p \"%s\" successfully validated ",
956 ocsp
, x509_name ( ocsp
->cert
) );
957 DBGC ( ocsp
, "using \"%s\"\n", x509_name ( signer
) );