[video_subr] Use memmove() for overlapping memory copy
[ipxe.git] / src / crypto / ocsp.c
1 /*
2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 */
19
20 FILE_LICENCE ( GPL2_OR_LATER );
21
22 #include <stdint.h>
23 #include <stdlib.h>
24 #include <stdio.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <ipxe/asn1.h>
28 #include <ipxe/x509.h>
29 #include <ipxe/sha1.h>
30 #include <ipxe/base64.h>
31 #include <ipxe/uri.h>
32 #include <ipxe/ocsp.h>
33 #include <config/crypto.h>
34
35 /** @file
36 *
37 * Online Certificate Status Protocol
38 *
39 */
40
41 /* Disambiguate the various error causes */
42 #define EACCES_CERT_STATUS \
43 __einfo_error ( EINFO_EACCES_CERT_STATUS )
44 #define EINFO_EACCES_CERT_STATUS \
45 __einfo_uniqify ( EINFO_EACCES, 0x01, \
46 "Certificate status not good" )
47 #define EACCES_CERT_MISMATCH \
48 __einfo_error ( EINFO_EACCES_CERT_MISMATCH )
49 #define EINFO_EACCES_CERT_MISMATCH \
50 __einfo_uniqify ( EINFO_EACCES, 0x02, \
51 "Certificate ID mismatch" )
52 #define EACCES_NON_OCSP_SIGNING \
53 __einfo_error ( EINFO_EACCES_NON_OCSP_SIGNING )
54 #define EINFO_EACCES_NON_OCSP_SIGNING \
55 __einfo_uniqify ( EINFO_EACCES, 0x03, \
56 "Not an OCSP signing certificate" )
57 #define EACCES_STALE \
58 __einfo_error ( EINFO_EACCES_STALE )
59 #define EINFO_EACCES_STALE \
60 __einfo_uniqify ( EINFO_EACCES, 0x04, \
61 "Stale (or premature) OCSP repsonse" )
62 #define EACCES_NO_RESPONDER \
63 __einfo_error ( EINFO_EACCES_NO_RESPONDER )
64 #define EINFO_EACCES_NO_RESPONDER \
65 __einfo_uniqify ( EINFO_EACCES, 0x05, \
66 "Missing OCSP responder certificate" )
67 #define ENOTSUP_RESPONSE_TYPE \
68 __einfo_error ( EINFO_ENOTSUP_RESPONSE_TYPE )
69 #define EINFO_ENOTSUP_RESPONSE_TYPE \
70 __einfo_uniqify ( EINFO_ENOTSUP, 0x01, \
71 "Unsupported OCSP response type" )
72 #define ENOTSUP_RESPONDER_ID \
73 __einfo_error ( EINFO_ENOTSUP_RESPONDER_ID )
74 #define EINFO_ENOTSUP_RESPONDER_ID \
75 __einfo_uniqify ( EINFO_ENOTSUP, 0x02, \
76 "Unsupported OCSP responder ID" )
77 #define EPROTO_MALFORMED_REQUEST \
78 __einfo_error ( EINFO_EPROTO_MALFORMED_REQUEST )
79 #define EINFO_EPROTO_MALFORMED_REQUEST \
80 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_MALFORMED_REQUEST, \
81 "Illegal confirmation request" )
82 #define EPROTO_INTERNAL_ERROR \
83 __einfo_error ( EINFO_EPROTO_INTERNAL_ERROR )
84 #define EINFO_EPROTO_INTERNAL_ERROR \
85 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_INTERNAL_ERROR, \
86 "Internal error in issuer" )
87 #define EPROTO_TRY_LATER \
88 __einfo_error ( EINFO_EPROTO_TRY_LATER )
89 #define EINFO_EPROTO_TRY_LATER \
90 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_TRY_LATER, \
91 "Try again later" )
92 #define EPROTO_SIG_REQUIRED \
93 __einfo_error ( EINFO_EPROTO_SIG_REQUIRED )
94 #define EINFO_EPROTO_SIG_REQUIRED \
95 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_SIG_REQUIRED, \
96 "Must sign the request" )
97 #define EPROTO_UNAUTHORIZED \
98 __einfo_error ( EINFO_EPROTO_UNAUTHORIZED )
99 #define EINFO_EPROTO_UNAUTHORIZED \
100 __einfo_uniqify ( EINFO_EPROTO, OCSP_STATUS_UNAUTHORIZED, \
101 "Request unauthorized" )
102 #define EPROTO_STATUS( status ) \
103 EUNIQ ( EINFO_EPROTO, (status), EPROTO_MALFORMED_REQUEST, \
104 EPROTO_INTERNAL_ERROR, EPROTO_TRY_LATER, \
105 EPROTO_SIG_REQUIRED, EPROTO_UNAUTHORIZED )
106
107 /** OCSP digest algorithm */
108 #define ocsp_digest_algorithm sha1_algorithm
109
110 /** OCSP digest algorithm identifier */
111 static const uint8_t ocsp_algorithm_id[] =
112 { OCSP_ALGORITHM_IDENTIFIER ( ASN1_OID_SHA1 ) };
113
114 /** OCSP basic response type */
115 static const uint8_t oid_basic_response_type[] = { ASN1_OID_OCSP_BASIC };
116
117 /** OCSP basic response type cursor */
118 static struct asn1_cursor oid_basic_response_type_cursor =
119 ASN1_OID_CURSOR ( oid_basic_response_type );
120
121 /**
122 * Free OCSP check
123 *
124 * @v refcnt Reference count
125 */
126 static void ocsp_free ( struct refcnt *refcnt ) {
127 struct ocsp_check *ocsp =
128 container_of ( refcnt, struct ocsp_check, refcnt );
129
130 x509_put ( ocsp->cert );
131 x509_put ( ocsp->issuer );
132 free ( ocsp->uri_string );
133 free ( ocsp->request.builder.data );
134 free ( ocsp->response.data );
135 x509_put ( ocsp->response.signer );
136 free ( ocsp );
137 }
138
139 /**
140 * Build OCSP request
141 *
142 * @v ocsp OCSP check
143 * @ret rc Return status code
144 */
145 static int ocsp_request ( struct ocsp_check *ocsp ) {
146 struct digest_algorithm *digest = &ocsp_digest_algorithm;
147 struct asn1_builder *builder = &ocsp->request.builder;
148 struct asn1_cursor *cert_id = &ocsp->request.cert_id;
149 uint8_t digest_ctx[digest->ctxsize];
150 uint8_t name_digest[digest->digestsize];
151 uint8_t pubkey_digest[digest->digestsize];
152 int rc;
153
154 /* Generate digests */
155 digest_init ( digest, digest_ctx );
156 digest_update ( digest, digest_ctx, ocsp->cert->issuer.raw.data,
157 ocsp->cert->issuer.raw.len );
158 digest_final ( digest, digest_ctx, name_digest );
159 digest_init ( digest, digest_ctx );
160 digest_update ( digest, digest_ctx,
161 ocsp->issuer->subject.public_key.raw_bits.data,
162 ocsp->issuer->subject.public_key.raw_bits.len );
163 digest_final ( digest, digest_ctx, pubkey_digest );
164
165 /* Construct request */
166 if ( ( rc = ( asn1_prepend_raw ( builder, ocsp->cert->serial.raw.data,
167 ocsp->cert->serial.raw.len ),
168 asn1_prepend ( builder, ASN1_OCTET_STRING,
169 pubkey_digest, sizeof ( pubkey_digest ) ),
170 asn1_prepend ( builder, ASN1_OCTET_STRING,
171 name_digest, sizeof ( name_digest ) ),
172 asn1_prepend ( builder, ASN1_SEQUENCE,
173 ocsp_algorithm_id,
174 sizeof ( ocsp_algorithm_id ) ),
175 asn1_wrap ( builder, ASN1_SEQUENCE ),
176 asn1_wrap ( builder, ASN1_SEQUENCE ),
177 asn1_wrap ( builder, ASN1_SEQUENCE ),
178 asn1_wrap ( builder, ASN1_SEQUENCE ),
179 asn1_wrap ( builder, ASN1_SEQUENCE ) ) ) != 0 ) {
180 DBGC ( ocsp, "OCSP %p \"%s\" could not build request: %s\n",
181 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
182 return rc;
183 }
184 DBGC2 ( ocsp, "OCSP %p \"%s\" request is:\n",
185 ocsp, x509_name ( ocsp->cert ) );
186 DBGC2_HDA ( ocsp, 0, builder->data, builder->len );
187
188 /* Parse certificate ID for comparison with response */
189 cert_id->data = builder->data;
190 cert_id->len = builder->len;
191 if ( ( rc = ( asn1_enter ( cert_id, ASN1_SEQUENCE ),
192 asn1_enter ( cert_id, ASN1_SEQUENCE ),
193 asn1_enter ( cert_id, ASN1_SEQUENCE ),
194 asn1_enter ( cert_id, ASN1_SEQUENCE ) ) ) != 0 ) {
195 DBGC ( ocsp, "OCSP %p \"%s\" could not locate certID: %s\n",
196 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
197 return rc;
198 }
199
200 return 0;
201 }
202
203 /**
204 * Build OCSP URI string
205 *
206 * @v ocsp OCSP check
207 * @ret rc Return status code
208 */
209 static int ocsp_uri_string ( struct ocsp_check *ocsp ) {
210 struct x509_ocsp_responder *responder =
211 &ocsp->cert->extensions.auth_info.ocsp;
212 char *base64;
213 char *sep;
214 size_t base64_len;
215 size_t uri_len;
216 size_t len;
217 int rc;
218
219 /* Sanity check */
220 if ( ! responder->uri.len ) {
221 DBGC ( ocsp, "OCSP %p \"%s\" has no OCSP URI\n",
222 ocsp, x509_name ( ocsp->cert ) );
223 rc = -ENOTTY;
224 goto err_no_uri;
225 }
226
227 /* Calculate base64-encoded request length */
228 base64_len = ( base64_encoded_len ( ocsp->request.builder.len )
229 + 1 /* NUL */ );
230
231 /* Allocate and construct the base64-encoded request */
232 base64 = malloc ( base64_len );
233 if ( ! base64 ) {
234 rc = -ENOMEM;
235 goto err_alloc_base64;
236 }
237 base64_encode ( ocsp->request.builder.data, ocsp->request.builder.len,
238 base64, base64_len );
239
240 /* Calculate URI-encoded base64-encoded request length */
241 uri_len = ( uri_encode ( URI_PATH, base64, ( base64_len - 1 /* NUL */ ),
242 NULL, 0 ) + 1 /* NUL */ );
243
244 /* Allocate and construct the URI string */
245 len = ( responder->uri.len + 1 /* possible "/" */ + uri_len );
246 ocsp->uri_string = zalloc ( len );
247 if ( ! ocsp->uri_string ) {
248 rc = -ENOMEM;
249 goto err_alloc_uri;
250 }
251 memcpy ( ocsp->uri_string, responder->uri.data, responder->uri.len );
252 sep = &ocsp->uri_string[ responder->uri.len - 1 ];
253 if ( *sep != '/' )
254 *(++sep) = '/';
255 uri_encode ( URI_PATH, base64, base64_len, ( sep + 1 ), uri_len );
256 DBGC2 ( ocsp, "OCSP %p \"%s\" URI is %s\n",
257 ocsp, x509_name ( ocsp->cert ), ocsp->uri_string );
258
259 /* Success */
260 rc = 0;
261
262 err_alloc_uri:
263 free ( base64 );
264 err_alloc_base64:
265 err_no_uri:
266 return rc;
267 }
268
269 /**
270 * Create OCSP check
271 *
272 * @v cert Certificate to check
273 * @v issuer Issuing certificate
274 * @ret ocsp OCSP check
275 * @ret rc Return status code
276 */
277 int ocsp_check ( struct x509_certificate *cert,
278 struct x509_certificate *issuer,
279 struct ocsp_check **ocsp ) {
280 int rc;
281
282 /* Sanity checks */
283 assert ( cert != NULL );
284 assert ( issuer != NULL );
285 assert ( x509_is_valid ( issuer ) );
286
287 /* Allocate and initialise check */
288 *ocsp = zalloc ( sizeof ( **ocsp ) );
289 if ( ! *ocsp ) {
290 rc = -ENOMEM;
291 goto err_alloc;
292 }
293 ref_init ( &(*ocsp)->refcnt, ocsp_free );
294 (*ocsp)->cert = x509_get ( cert );
295 (*ocsp)->issuer = x509_get ( issuer );
296
297 /* Build request */
298 if ( ( rc = ocsp_request ( *ocsp ) ) != 0 )
299 goto err_request;
300
301 /* Build URI string */
302 if ( ( rc = ocsp_uri_string ( *ocsp ) ) != 0 )
303 goto err_uri_string;
304
305 return 0;
306
307 err_uri_string:
308 err_request:
309 ocsp_put ( *ocsp );
310 err_alloc:
311 *ocsp = NULL;
312 return rc;
313 }
314
315 /**
316 * Parse OCSP response status
317 *
318 * @v ocsp OCSP check
319 * @v raw ASN.1 cursor
320 * @ret rc Return status code
321 */
322 static int ocsp_parse_response_status ( struct ocsp_check *ocsp,
323 const struct asn1_cursor *raw ) {
324 struct asn1_cursor cursor;
325 uint8_t status;
326 int rc;
327
328 /* Enter responseStatus */
329 memcpy ( &cursor, raw, sizeof ( cursor ) );
330 if ( ( rc = asn1_enter ( &cursor, ASN1_ENUMERATED ) ) != 0 ) {
331 DBGC ( ocsp, "OCSP %p \"%s\" could not locate responseStatus: "
332 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
333 return rc;
334 }
335
336 /* Extract response status */
337 if ( cursor.len != sizeof ( status ) ) {
338 DBGC ( ocsp, "OCSP %p \"%s\" invalid status:\n",
339 ocsp, x509_name ( ocsp->cert ) );
340 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
341 return -EINVAL;
342 }
343 memcpy ( &status, cursor.data, sizeof ( status ) );
344
345 /* Check response status */
346 if ( status != OCSP_STATUS_SUCCESSFUL ) {
347 DBGC ( ocsp, "OCSP %p \"%s\" response status %d\n",
348 ocsp, x509_name ( ocsp->cert ), status );
349 return EPROTO_STATUS ( status );
350 }
351
352 return 0;
353 }
354
355 /**
356 * Parse OCSP response type
357 *
358 * @v ocsp OCSP check
359 * @v raw ASN.1 cursor
360 * @ret rc Return status code
361 */
362 static int ocsp_parse_response_type ( struct ocsp_check *ocsp,
363 const struct asn1_cursor *raw ) {
364 struct asn1_cursor cursor;
365
366 /* Enter responseType */
367 memcpy ( &cursor, raw, sizeof ( cursor ) );
368 asn1_enter ( &cursor, ASN1_OID );
369
370 /* Check responseType is "basic" */
371 if ( asn1_compare ( &oid_basic_response_type_cursor, &cursor ) != 0 ) {
372 DBGC ( ocsp, "OCSP %p \"%s\" response type not supported:\n",
373 ocsp, x509_name ( ocsp->cert ) );
374 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
375 return -ENOTSUP_RESPONSE_TYPE;
376 }
377
378 return 0;
379 }
380
381 /**
382 * Compare responder's certificate name
383 *
384 * @v ocsp OCSP check
385 * @v cert Certificate
386 * @ret difference Difference as returned by memcmp()
387 */
388 static int ocsp_compare_responder_name ( struct ocsp_check *ocsp,
389 struct x509_certificate *cert ) {
390 struct ocsp_responder *responder = &ocsp->response.responder;
391
392 /* Compare responder ID with certificate's subject */
393 return asn1_compare ( &responder->id, &cert->subject.raw );
394 }
395
396 /**
397 * Compare responder's certificate public key hash
398 *
399 * @v ocsp OCSP check
400 * @v cert Certificate
401 * @ret difference Difference as returned by memcmp()
402 */
403 static int ocsp_compare_responder_key_hash ( struct ocsp_check *ocsp,
404 struct x509_certificate *cert ) {
405 struct ocsp_responder *responder = &ocsp->response.responder;
406 struct asn1_cursor key_hash;
407 uint8_t ctx[SHA1_CTX_SIZE];
408 uint8_t digest[SHA1_DIGEST_SIZE];
409 int difference;
410
411 /* Enter responder key hash */
412 memcpy ( &key_hash, &responder->id, sizeof ( key_hash ) );
413 asn1_enter ( &key_hash, ASN1_OCTET_STRING );
414
415 /* Sanity check */
416 difference = ( sizeof ( digest ) - key_hash.len );
417 if ( difference )
418 return difference;
419
420 /* Generate SHA1 hash of certificate's public key */
421 digest_init ( &sha1_algorithm, ctx );
422 digest_update ( &sha1_algorithm, ctx,
423 cert->subject.public_key.raw_bits.data,
424 cert->subject.public_key.raw_bits.len );
425 digest_final ( &sha1_algorithm, ctx, digest );
426
427 /* Compare responder key hash with hash of certificate's public key */
428 return memcmp ( digest, key_hash.data, sizeof ( digest ) );
429 }
430
431 /**
432 * Parse OCSP responder ID
433 *
434 * @v ocsp OCSP check
435 * @v raw ASN.1 cursor
436 * @ret rc Return status code
437 */
438 static int ocsp_parse_responder_id ( struct ocsp_check *ocsp,
439 const struct asn1_cursor *raw ) {
440 struct ocsp_responder *responder = &ocsp->response.responder;
441 struct asn1_cursor *responder_id = &responder->id;
442 unsigned int type;
443
444 /* Enter responder ID */
445 memcpy ( responder_id, raw, sizeof ( *responder_id ) );
446 type = asn1_type ( responder_id );
447 asn1_enter_any ( responder_id );
448
449 /* Identify responder ID type */
450 switch ( type ) {
451 case ASN1_EXPLICIT_TAG ( 1 ) :
452 DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by name\n",
453 ocsp, x509_name ( ocsp->cert ) );
454 responder->compare = ocsp_compare_responder_name;
455 return 0;
456 case ASN1_EXPLICIT_TAG ( 2 ) :
457 DBGC2 ( ocsp, "OCSP %p \"%s\" responder identified by key "
458 "hash\n", ocsp, x509_name ( ocsp->cert ) );
459 responder->compare = ocsp_compare_responder_key_hash;
460 return 0;
461 default:
462 DBGC ( ocsp, "OCSP %p \"%s\" unsupported responder ID type "
463 "%d\n", ocsp, x509_name ( ocsp->cert ), type );
464 return -ENOTSUP_RESPONDER_ID;
465 }
466 }
467
468 /**
469 * Parse OCSP certificate ID
470 *
471 * @v ocsp OCSP check
472 * @v raw ASN.1 cursor
473 * @ret rc Return status code
474 */
475 static int ocsp_parse_cert_id ( struct ocsp_check *ocsp,
476 const struct asn1_cursor *raw ) {
477 struct asn1_cursor cursor;
478
479 /* Check certID matches request */
480 memcpy ( &cursor, raw, sizeof ( cursor ) );
481 asn1_shrink_any ( &cursor );
482 if ( asn1_compare ( &cursor, &ocsp->request.cert_id ) != 0 ) {
483 DBGC ( ocsp, "OCSP %p \"%s\" certID mismatch:\n",
484 ocsp, x509_name ( ocsp->cert ) );
485 DBGC_HDA ( ocsp, 0, ocsp->request.cert_id.data,
486 ocsp->request.cert_id.len );
487 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
488 return -EACCES_CERT_MISMATCH;
489 }
490
491 return 0;
492 }
493
494 /**
495 * Parse OCSP responses
496 *
497 * @v ocsp OCSP check
498 * @v raw ASN.1 cursor
499 * @ret rc Return status code
500 */
501 static int ocsp_parse_responses ( struct ocsp_check *ocsp,
502 const struct asn1_cursor *raw ) {
503 struct ocsp_response *response = &ocsp->response;
504 struct asn1_cursor cursor;
505 int rc;
506
507 /* Enter responses */
508 memcpy ( &cursor, raw, sizeof ( cursor ) );
509 asn1_enter ( &cursor, ASN1_SEQUENCE );
510
511 /* Enter first singleResponse */
512 asn1_enter ( &cursor, ASN1_SEQUENCE );
513
514 /* Parse certID */
515 if ( ( rc = ocsp_parse_cert_id ( ocsp, &cursor ) ) != 0 )
516 return rc;
517 asn1_skip_any ( &cursor );
518
519 /* Check certStatus */
520 if ( asn1_type ( &cursor ) != ASN1_IMPLICIT_TAG ( 0 ) ) {
521 DBGC ( ocsp, "OCSP %p \"%s\" non-good certStatus:\n",
522 ocsp, x509_name ( ocsp->cert ) );
523 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
524 return -EACCES_CERT_STATUS;
525 }
526 asn1_skip_any ( &cursor );
527
528 /* Parse thisUpdate */
529 if ( ( rc = asn1_generalized_time ( &cursor,
530 &response->this_update ) ) != 0 ) {
531 DBGC ( ocsp, "OCSP %p \"%s\" could not parse thisUpdate: %s\n",
532 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
533 return rc;
534 }
535 DBGC2 ( ocsp, "OCSP %p \"%s\" this update was at time %lld\n",
536 ocsp, x509_name ( ocsp->cert ), response->this_update );
537 asn1_skip_any ( &cursor );
538
539 /* Parse nextUpdate, if present */
540 if ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) {
541 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
542 if ( ( rc = asn1_generalized_time ( &cursor,
543 &response->next_update ) ) != 0 ) {
544 DBGC ( ocsp, "OCSP %p \"%s\" could not parse "
545 "nextUpdate: %s\n", ocsp,
546 x509_name ( ocsp->cert ), strerror ( rc ) );
547 return rc;
548 }
549 DBGC2 ( ocsp, "OCSP %p \"%s\" next update is at time %lld\n",
550 ocsp, x509_name ( ocsp->cert ), response->next_update );
551 } else {
552 /* If no nextUpdate is present, this indicates that
553 * "newer revocation information is available all the
554 * time". Actually, this indicates that there is no
555 * point to performing the OCSP check, since an
556 * attacker could replay the response at any future
557 * time and it would still be valid.
558 */
559 DBGC ( ocsp, "OCSP %p \"%s\" responder is a moron\n",
560 ocsp, x509_name ( ocsp->cert ) );
561 response->next_update = time ( NULL );
562 }
563
564 return 0;
565 }
566
567 /**
568 * Parse OCSP response data
569 *
570 * @v ocsp OCSP check
571 * @v raw ASN.1 cursor
572 * @ret rc Return status code
573 */
574 static int ocsp_parse_tbs_response_data ( struct ocsp_check *ocsp,
575 const struct asn1_cursor *raw ) {
576 struct ocsp_response *response = &ocsp->response;
577 struct asn1_cursor cursor;
578 int rc;
579
580 /* Record raw tbsResponseData */
581 memcpy ( &cursor, raw, sizeof ( cursor ) );
582 asn1_shrink_any ( &cursor );
583 memcpy ( &response->tbs, &cursor, sizeof ( response->tbs ) );
584
585 /* Enter tbsResponseData */
586 asn1_enter ( &cursor, ASN1_SEQUENCE );
587
588 /* Skip version, if present */
589 asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
590
591 /* Parse responderID */
592 if ( ( rc = ocsp_parse_responder_id ( ocsp, &cursor ) ) != 0 )
593 return rc;
594 asn1_skip_any ( &cursor );
595
596 /* Skip producedAt */
597 asn1_skip_any ( &cursor );
598
599 /* Parse responses */
600 if ( ( rc = ocsp_parse_responses ( ocsp, &cursor ) ) != 0 )
601 return rc;
602
603 return 0;
604 }
605
606 /**
607 * Parse OCSP certificates
608 *
609 * @v ocsp OCSP check
610 * @v raw ASN.1 cursor
611 * @ret rc Return status code
612 */
613 static int ocsp_parse_certs ( struct ocsp_check *ocsp,
614 const struct asn1_cursor *raw ) {
615 struct ocsp_response *response = &ocsp->response;
616 struct asn1_cursor cursor;
617 struct x509_certificate *cert;
618 int rc;
619
620 /* Enter certs */
621 memcpy ( &cursor, raw, sizeof ( cursor ) );
622 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
623 asn1_enter ( &cursor, ASN1_SEQUENCE );
624
625 /* Parse certificate, if present. The data structure permits
626 * multiple certificates, but the protocol requires that the
627 * OCSP signing certificate must either be the issuer itself,
628 * or must be directly issued by the issuer (see RFC2560
629 * section 4.2.2.2 "Authorized Responders"). We therefore
630 * need to identify only the single certificate matching the
631 * Responder ID.
632 */
633 while ( cursor.len ) {
634
635 /* Parse certificate */
636 if ( ( rc = x509_certificate ( cursor.data, cursor.len,
637 &cert ) ) != 0 ) {
638 DBGC ( ocsp, "OCSP %p \"%s\" could not parse "
639 "certificate: %s\n", ocsp,
640 x509_name ( ocsp->cert ), strerror ( rc ) );
641 DBGC_HDA ( ocsp, 0, cursor.data, cursor.len );
642 return rc;
643 }
644
645 /* Use if this certificate matches the responder ID */
646 if ( response->responder.compare ( ocsp, cert ) == 0 ) {
647 response->signer = cert;
648 DBGC2 ( ocsp, "OCSP %p \"%s\" response is signed by ",
649 ocsp, x509_name ( ocsp->cert ) );
650 DBGC2 ( ocsp, "\"%s\"\n",
651 x509_name ( response->signer ) );
652 return 0;
653 }
654
655 /* Otherwise, discard this certificate */
656 x509_put ( cert );
657 asn1_skip_any ( &cursor );
658 }
659
660 DBGC ( ocsp, "OCSP %p \"%s\" missing responder certificate\n",
661 ocsp, x509_name ( ocsp->cert ) );
662 return -EACCES_NO_RESPONDER;
663 }
664
665 /**
666 * Parse OCSP basic response
667 *
668 * @v ocsp OCSP check
669 * @v raw ASN.1 cursor
670 * @ret rc Return status code
671 */
672 static int ocsp_parse_basic_response ( struct ocsp_check *ocsp,
673 const struct asn1_cursor *raw ) {
674 struct ocsp_response *response = &ocsp->response;
675 struct asn1_algorithm **algorithm = &response->algorithm;
676 struct asn1_bit_string *signature = &response->signature;
677 struct asn1_cursor cursor;
678 int rc;
679
680 /* Enter BasicOCSPResponse */
681 memcpy ( &cursor, raw, sizeof ( cursor ) );
682 asn1_enter ( &cursor, ASN1_SEQUENCE );
683
684 /* Parse tbsResponseData */
685 if ( ( rc = ocsp_parse_tbs_response_data ( ocsp, &cursor ) ) != 0 )
686 return rc;
687 asn1_skip_any ( &cursor );
688
689 /* Parse signatureAlgorithm */
690 if ( ( rc = asn1_signature_algorithm ( &cursor, algorithm ) ) != 0 ) {
691 DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature "
692 "algorithm: %s\n",
693 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
694 return rc;
695 }
696 DBGC2 ( ocsp, "OCSP %p \"%s\" signature algorithm is %s\n",
697 ocsp, x509_name ( ocsp->cert ), (*algorithm)->name );
698 asn1_skip_any ( &cursor );
699
700 /* Parse signature */
701 if ( ( rc = asn1_integral_bit_string ( &cursor, signature ) ) != 0 ) {
702 DBGC ( ocsp, "OCSP %p \"%s\" cannot parse signature: %s\n",
703 ocsp, x509_name ( ocsp->cert ), strerror ( rc ) );
704 return rc;
705 }
706 asn1_skip_any ( &cursor );
707
708 /* Parse certs, if present */
709 if ( ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) &&
710 ( ( rc = ocsp_parse_certs ( ocsp, &cursor ) ) != 0 ) )
711 return rc;
712
713 return 0;
714 }
715
716 /**
717 * Parse OCSP response bytes
718 *
719 * @v ocsp OCSP check
720 * @v raw ASN.1 cursor
721 * @ret rc Return status code
722 */
723 static int ocsp_parse_response_bytes ( struct ocsp_check *ocsp,
724 const struct asn1_cursor *raw ) {
725 struct asn1_cursor cursor;
726 int rc;
727
728 /* Enter responseBytes */
729 memcpy ( &cursor, raw, sizeof ( cursor ) );
730 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
731 asn1_enter ( &cursor, ASN1_SEQUENCE );
732
733 /* Parse responseType */
734 if ( ( rc = ocsp_parse_response_type ( ocsp, &cursor ) ) != 0 )
735 return rc;
736 asn1_skip_any ( &cursor );
737
738 /* Enter response */
739 asn1_enter ( &cursor, ASN1_OCTET_STRING );
740
741 /* Parse response */
742 if ( ( rc = ocsp_parse_basic_response ( ocsp, &cursor ) ) != 0 )
743 return rc;
744
745 return 0;
746 }
747
748 /**
749 * Parse OCSP response
750 *
751 * @v ocsp OCSP check
752 * @v raw ASN.1 cursor
753 * @ret rc Return status code
754 */
755 static int ocsp_parse_response ( struct ocsp_check *ocsp,
756 const struct asn1_cursor *raw ) {
757 struct asn1_cursor cursor;
758 int rc;
759
760 /* Enter OCSPResponse */
761 memcpy ( &cursor, raw, sizeof ( cursor ) );
762 asn1_enter ( &cursor, ASN1_SEQUENCE );
763
764 /* Parse responseStatus */
765 if ( ( rc = ocsp_parse_response_status ( ocsp, &cursor ) ) != 0 )
766 return rc;
767 asn1_skip_any ( &cursor );
768
769 /* Parse responseBytes */
770 if ( ( rc = ocsp_parse_response_bytes ( ocsp, &cursor ) ) != 0 )
771 return rc;
772
773 return 0;
774 }
775
776 /**
777 * Receive OCSP response
778 *
779 * @v ocsp OCSP check
780 * @v data Response data
781 * @v len Length of response data
782 * @ret rc Return status code
783 */
784 int ocsp_response ( struct ocsp_check *ocsp, const void *data, size_t len ) {
785 struct ocsp_response *response = &ocsp->response;
786 struct asn1_cursor cursor;
787 int rc;
788
789 /* Duplicate data */
790 x509_put ( response->signer );
791 response->signer = NULL;
792 free ( response->data );
793 response->data = malloc ( len );
794 if ( ! response->data )
795 return -ENOMEM;
796 memcpy ( response->data, data, len );
797 cursor.data = response->data;
798 cursor.len = len;
799
800 /* Parse response */
801 if ( ( rc = ocsp_parse_response ( ocsp, &cursor ) ) != 0 )
802 return rc;
803
804 return 0;
805 }
806
807 /**
808 * OCSP dummy root certificate store
809 *
810 * OCSP validation uses no root certificates, since it takes place
811 * only when there already exists a validated issuer certificate.
812 */
813 static struct x509_root ocsp_root = {
814 .digest = &ocsp_digest_algorithm,
815 .count = 0,
816 .fingerprints = NULL,
817 };
818
819 /**
820 * Check OCSP response signature
821 *
822 * @v ocsp OCSP check
823 * @v signer Signing certificate
824 * @ret rc Return status code
825 */
826 static int ocsp_check_signature ( struct ocsp_check *ocsp,
827 struct x509_certificate *signer ) {
828 struct ocsp_response *response = &ocsp->response;
829 struct digest_algorithm *digest = response->algorithm->digest;
830 struct pubkey_algorithm *pubkey = response->algorithm->pubkey;
831 struct x509_public_key *public_key = &signer->subject.public_key;
832 uint8_t digest_ctx[ digest->ctxsize ];
833 uint8_t digest_out[ digest->digestsize ];
834 uint8_t pubkey_ctx[ pubkey->ctxsize ];
835 int rc;
836
837 /* Generate digest */
838 digest_init ( digest, digest_ctx );
839 digest_update ( digest, digest_ctx, response->tbs.data,
840 response->tbs.len );
841 digest_final ( digest, digest_ctx, digest_out );
842
843 /* Initialise public-key algorithm */
844 if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, public_key->raw.data,
845 public_key->raw.len ) ) != 0 ) {
846 DBGC ( ocsp, "OCSP %p \"%s\" could not initialise public key: "
847 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
848 goto err_init;
849 }
850
851 /* Verify digest */
852 if ( ( rc = pubkey_verify ( pubkey, pubkey_ctx, digest, digest_out,
853 response->signature.data,
854 response->signature.len ) ) != 0 ) {
855 DBGC ( ocsp, "OCSP %p \"%s\" signature verification failed: "
856 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
857 goto err_verify;
858 }
859
860 DBGC2 ( ocsp, "OCSP %p \"%s\" signature is correct\n",
861 ocsp, x509_name ( ocsp->cert ) );
862
863 err_verify:
864 pubkey_final ( pubkey, pubkey_ctx );
865 err_init:
866 return rc;
867 }
868
869 /**
870 * Validate OCSP response
871 *
872 * @v ocsp OCSP check
873 * @v time Time at which to validate response
874 * @ret rc Return status code
875 */
876 int ocsp_validate ( struct ocsp_check *ocsp, time_t time ) {
877 struct ocsp_response *response = &ocsp->response;
878 struct x509_certificate *signer;
879 int rc;
880
881 /* Sanity checks */
882 assert ( response->data != NULL );
883
884 /* The response may include a signer certificate; if this is
885 * not present then the response must have been signed
886 * directly by the issuer.
887 */
888 signer = ( response->signer ? response->signer : ocsp->issuer );
889
890 /* Validate signer, if applicable. If the signer is not the
891 * issuer, then it must be signed directly by the issuer.
892 */
893 if ( signer != ocsp->issuer ) {
894 /* Forcibly invalidate the signer, since we need to
895 * ensure that it was signed by our issuer (and not
896 * some other issuer). This prevents a sub-CA's OCSP
897 * certificate from fraudulently signing OCSP
898 * responses from the parent CA.
899 */
900 x509_invalidate ( signer );
901 if ( ( rc = x509_validate ( signer, ocsp->issuer, time,
902 &ocsp_root ) ) != 0 ) {
903 DBGC ( ocsp, "OCSP %p \"%s\" could not validate ",
904 ocsp, x509_name ( ocsp->cert ) );
905 DBGC ( ocsp, "signer \"%s\": %s\n",
906 x509_name ( signer ), strerror ( rc ) );
907 return rc;
908 }
909
910 /* If signer is not the issuer, then it must have the
911 * extendedKeyUsage id-kp-OCSPSigning.
912 */
913 if ( ! ( signer->extensions.ext_usage.bits &
914 X509_OCSP_SIGNING ) ) {
915 DBGC ( ocsp, "OCSP %p \"%s\" ",
916 ocsp, x509_name ( ocsp->cert ) );
917 DBGC ( ocsp, "signer \"%s\" is not an OCSP-signing "
918 "certificate\n", x509_name ( signer ) );
919 return -EACCES_NON_OCSP_SIGNING;
920 }
921 }
922
923 /* Check OCSP response signature */
924 if ( ( rc = ocsp_check_signature ( ocsp, signer ) ) != 0 )
925 return rc;
926
927 /* Check OCSP response is valid at the specified time
928 * (allowing for some margin of error).
929 */
930 if ( response->this_update > ( time + TIMESTAMP_ERROR_MARGIN ) ) {
931 DBGC ( ocsp, "OCSP %p \"%s\" response is not yet valid (at "
932 "time %lld)\n", ocsp, x509_name ( ocsp->cert ), time );
933 return -EACCES_STALE;
934 }
935 if ( response->next_update < ( time - TIMESTAMP_ERROR_MARGIN ) ) {
936 DBGC ( ocsp, "OCSP %p \"%s\" response is stale (at time "
937 "%lld)\n", ocsp, x509_name ( ocsp->cert ), time );
938 return -EACCES_STALE;
939 }
940 DBGC2 ( ocsp, "OCSP %p \"%s\" response is valid (at time %lld)\n",
941 ocsp, x509_name ( ocsp->cert ), time );
942
943 /* Mark certificate as passing OCSP verification */
944 ocsp->cert->extensions.auth_info.ocsp.good = 1;
945
946 /* Validate certificate against issuer */
947 if ( ( rc = x509_validate ( ocsp->cert, ocsp->issuer, time,
948 &ocsp_root ) ) != 0 ) {
949 DBGC ( ocsp, "OCSP %p \"%s\" could not validate certificate: "
950 "%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
951 return rc;
952 }
953 DBGC ( ocsp, "OCSP %p \"%s\" successfully validated ",
954 ocsp, x509_name ( ocsp->cert ) );
955 DBGC ( ocsp, "using \"%s\"\n", x509_name ( signer ) );
956
957 return 0;
958 }