f495e3f4497a076b1a127be00c7ad24fa3e950bc
[strongswan.git] / src / pluto / ocsp.c
1 /* Support of the Online Certificate Status Protocol (OCSP)
2 * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
3 * Zuercher Hochschule Winterthur
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * RCSID $Id$
16 */
17
18 #include <unistd.h>
19 #include <stdlib.h>
20 #include <string.h>
21 #include <time.h>
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <fcntl.h>
25
26 #include <freeswan.h>
27 #include <ipsec_policy.h>
28
29 #include "constants.h"
30 #include "defs.h"
31 #include "log.h"
32 #include "x509.h"
33 #include "crl.h"
34 #include "ca.h"
35 #include "rnd.h"
36 #include "asn1.h"
37 #include "certs.h"
38 #include "smartcard.h"
39 #include <asn1/oid.h>
40 #include "whack.h"
41 #include "pkcs1.h"
42 #include "keys.h"
43 #include "fetch.h"
44 #include "ocsp.h"
45
46 #define NONCE_LENGTH 16
47
48 static const char *const cert_status_names[] = {
49 "good",
50 "revoked",
51 "unknown",
52 "undefined"
53 };
54
55
56 static const char *const response_status_names[] = {
57 "successful",
58 "malformed request",
59 "internal error",
60 "try later",
61 "signature required",
62 "unauthorized"
63 };
64
65 /* response container */
66 typedef struct response response_t;
67
68 struct response {
69 chunk_t tbs;
70 chunk_t responder_id_name;
71 chunk_t responder_id_key;
72 time_t produced_at;
73 chunk_t responses;
74 chunk_t nonce;
75 int algorithm;
76 chunk_t signature;
77 };
78
79 const response_t empty_response = {
80 { NULL, 0 } , /* tbs */
81 { NULL, 0 } , /* responder_id_name */
82 { NULL, 0 } , /* responder_id_key */
83 UNDEFINED_TIME, /* produced_at */
84 { NULL, 0 } , /* single_response */
85 { NULL, 0 } , /* nonce */
86 OID_UNKNOWN , /* signature_algorithm */
87 { NULL, 0 } /* signature */
88 };
89
90 /* single response container */
91 typedef struct single_response single_response_t;
92
93 struct single_response {
94 single_response_t *next;
95 int hash_algorithm;
96 chunk_t issuer_name_hash;
97 chunk_t issuer_key_hash;
98 chunk_t serialNumber;
99 cert_status_t status;
100 time_t revocationTime;
101 crl_reason_t revocationReason;
102 time_t thisUpdate;
103 time_t nextUpdate;
104 };
105
106 const single_response_t empty_single_response = {
107 NULL , /* *next */
108 OID_UNKNOWN , /* hash_algorithm */
109 { NULL, 0 } , /* issuer_name_hash */
110 { NULL, 0 } , /* issuer_key_hash */
111 { NULL, 0 } , /* serial_number */
112 CERT_UNDEFINED , /* status */
113 UNDEFINED_TIME , /* revocationTime */
114 REASON_UNSPECIFIED, /* revocationReason */
115 UNDEFINED_TIME , /* this_update */
116 UNDEFINED_TIME /* next_update */
117 };
118
119
120 /* list of single requests */
121 typedef struct request_list request_list_t;
122 struct request_list {
123 chunk_t request;
124 request_list_t *next;
125 };
126
127 /* some OCSP specific prefabricated ASN.1 constants */
128
129 static u_char ASN1_nonce_oid_str[] = {
130 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02
131 };
132
133 static const chunk_t ASN1_nonce_oid = strchunk(ASN1_nonce_oid_str);
134
135 static u_char ASN1_response_oid_str[] = {
136 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04
137 };
138
139 static const chunk_t ASN1_response_oid = strchunk(ASN1_response_oid_str);
140
141 static u_char ASN1_response_content_str[] = {
142 0x04, 0x0D,
143 0x30, 0x0B,
144 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01
145 };
146
147 static const chunk_t ASN1_response_content = strchunk(ASN1_response_content_str);
148
149 /* default OCSP uri */
150 static chunk_t ocsp_default_uri;
151
152 /* ocsp cache: pointer to first element */
153 static ocsp_location_t *ocsp_cache = NULL;
154
155 /* static temporary storage for ocsp requestor information */
156 static x509cert_t *ocsp_requestor_cert = NULL;
157
158 static smartcard_t *ocsp_requestor_sc = NULL;
159
160 static const struct RSA_private_key *ocsp_requestor_pri = NULL;
161
162 /* asn.1 definitions for parsing */
163
164 static const asn1Object_t ocspResponseObjects[] = {
165 { 0, "OCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
166 { 1, "responseStatus", ASN1_ENUMERATED, ASN1_BODY }, /* 1 */
167 { 1, "responseBytesContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 2 */
168 { 2, "responseBytes", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */
169 { 3, "responseType", ASN1_OID, ASN1_BODY }, /* 4 */
170 { 3, "response", ASN1_OCTET_STRING, ASN1_BODY }, /* 5 */
171 { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */
172 };
173
174 #define OCSP_RESPONSE_STATUS 1
175 #define OCSP_RESPONSE_TYPE 4
176 #define OCSP_RESPONSE 5
177 #define OCSP_RESPONSE_ROOF 7
178
179 static const asn1Object_t basicResponseObjects[] = {
180 { 0, "BasicOCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
181 { 1, "tbsResponseData", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
182 { 2, "versionContext", ASN1_CONTEXT_C_0, ASN1_NONE |
183 ASN1_DEF }, /* 2 */
184 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */
185 { 2, "responderIdContext", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 4 */
186 { 3, "responderIdByName", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */
187 { 2, "end choice", ASN1_EOC, ASN1_END }, /* 6 */
188 { 2, "responderIdContext", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 7 */
189 { 3, "responderIdByKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 8 */
190 { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
191 { 2, "producedAt", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 10 */
192 { 2, "responses", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
193 { 2, "responseExtensionsContext", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 12 */
194 { 3, "responseExtensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 13 */
195 { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 14 */
196 { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 15 */
197 { 5, "critical", ASN1_BOOLEAN, ASN1_BODY |
198 ASN1_DEF }, /* 16 */
199 { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 17 */
200 { 4, "end loop", ASN1_EOC, ASN1_END }, /* 18 */
201 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 19 */
202 { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 20 */
203 { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 21 */
204 { 1, "certsContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 22 */
205 { 2, "certs", ASN1_SEQUENCE, ASN1_LOOP }, /* 23 */
206 { 3, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 24 */
207 { 2, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
208 { 1, "end opt", ASN1_EOC, ASN1_END } /* 26 */
209 };
210
211 #define BASIC_RESPONSE_TBS_DATA 1
212 #define BASIC_RESPONSE_VERSION 3
213 #define BASIC_RESPONSE_ID_BY_NAME 5
214 #define BASIC_RESPONSE_ID_BY_KEY 8
215 #define BASIC_RESPONSE_PRODUCED_AT 10
216 #define BASIC_RESPONSE_RESPONSES 11
217 #define BASIC_RESPONSE_EXT_ID 15
218 #define BASIC_RESPONSE_CRITICAL 16
219 #define BASIC_RESPONSE_EXT_VALUE 17
220 #define BASIC_RESPONSE_ALGORITHM 20
221 #define BASIC_RESPONSE_SIGNATURE 21
222 #define BASIC_RESPONSE_CERTIFICATE 24
223 #define BASIC_RESPONSE_ROOF 27
224
225 static const asn1Object_t responsesObjects[] = {
226 { 0, "responses", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
227 { 1, "singleResponse", ASN1_EOC, ASN1_RAW }, /* 1 */
228 { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */
229 };
230
231 #define RESPONSES_SINGLE_RESPONSE 1
232 #define RESPONSES_ROOF 3
233
234 static const asn1Object_t singleResponseObjects[] = {
235 { 0, "singleResponse", ASN1_SEQUENCE, ASN1_BODY }, /* 0 */
236 { 1, "certID", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
237 { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 2 */
238 { 2, "issuerNameHash", ASN1_OCTET_STRING, ASN1_BODY }, /* 3 */
239 { 2, "issuerKeyHash", ASN1_OCTET_STRING, ASN1_BODY }, /* 4 */
240 { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 5 */
241 { 1, "certStatusGood", ASN1_CONTEXT_S_0, ASN1_OPT }, /* 6 */
242 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 7 */
243 { 1, "certStatusRevoked", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 8 */
244 { 2, "revocationTime", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 9 */
245 { 2, "revocationReason", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 10 */
246 { 3, "crlReason", ASN1_ENUMERATED, ASN1_BODY }, /* 11 */
247 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 12 */
248 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 13 */
249 { 1, "certStatusUnknown", ASN1_CONTEXT_S_2, ASN1_OPT }, /* 14 */
250 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 15 */
251 { 1, "thisUpdate", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 16 */
252 { 1, "nextUpdateContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 17 */
253 { 2, "nextUpdate", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 18 */
254 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 19 */
255 { 1, "singleExtensionsContext", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 20 */
256 { 2, "singleExtensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 21 */
257 { 3, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 22 */
258 { 4, "extnID", ASN1_OID, ASN1_BODY }, /* 23 */
259 { 4, "critical", ASN1_BOOLEAN, ASN1_BODY |
260 ASN1_DEF }, /* 24 */
261 { 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 25 */
262 { 2, "end loop", ASN1_EOC, ASN1_END }, /* 26 */
263 { 1, "end opt", ASN1_EOC, ASN1_END } /* 27 */
264 };
265
266 #define SINGLE_RESPONSE_ALGORITHM 2
267 #define SINGLE_RESPONSE_ISSUER_NAME_HASH 3
268 #define SINGLE_RESPONSE_ISSUER_KEY_HASH 4
269 #define SINGLE_RESPONSE_SERIAL_NUMBER 5
270 #define SINGLE_RESPONSE_CERT_STATUS_GOOD 6
271 #define SINGLE_RESPONSE_CERT_STATUS_REVOKED 8
272 #define SINGLE_RESPONSE_CERT_STATUS_REVOCATION_TIME 9
273 #define SINGLE_RESPONSE_CERT_STATUS_CRL_REASON 11
274 #define SINGLE_RESPONSE_CERT_STATUS_UNKNOWN 14
275 #define SINGLE_RESPONSE_THIS_UPDATE 16
276 #define SINGLE_RESPONSE_NEXT_UPDATE 18
277 #define SINGLE_RESPONSE_EXT_ID 23
278 #define SINGLE_RESPONSE_CRITICAL 24
279 #define SINGLE_RESPONSE_EXT_VALUE 25
280 #define SINGLE_RESPONSE_ROOF 28
281
282 /* build an ocsp location from certificate information
283 * without unsharing its contents
284 */
285 static bool
286 build_ocsp_location(const x509cert_t *cert, ocsp_location_t *location)
287 {
288 static u_char digest[SHA1_DIGEST_SIZE]; /* temporary storage */
289
290 location->uri = cert->accessLocation;
291
292 if (location->uri.ptr == NULL)
293 {
294 ca_info_t *ca = get_ca_info(cert->issuer, cert->authKeySerialNumber
295 , cert->authKeyID);
296 if (ca != NULL && ca->ocspuri != NULL)
297 setchunk(location->uri, ca->ocspuri, strlen(ca->ocspuri))
298 else
299 /* abort if no ocsp location uri is defined */
300 return FALSE;
301 }
302
303 setchunk(location->authNameID, digest, SHA1_DIGEST_SIZE);
304 compute_digest(cert->issuer, OID_SHA1, &location->authNameID);
305
306 location->next = NULL;
307 location->issuer = cert->issuer;
308 location->authKeyID = cert->authKeyID;
309 location->authKeySerialNumber = cert->authKeySerialNumber;
310
311 if (cert->authKeyID.ptr == NULL)
312 {
313 x509cert_t *authcert = get_authcert(cert->issuer
314 , cert->authKeySerialNumber, cert->authKeyID, AUTH_CA);
315
316 if (authcert != NULL)
317 {
318 location->authKeyID = authcert->subjectKeyID;
319 location->authKeySerialNumber = authcert->serialNumber;
320 }
321 }
322
323 location->nonce = empty_chunk;
324 location->certinfo = NULL;
325
326 return TRUE;
327 }
328
329 /*
330 * compare two ocsp locations for equality
331 */
332 static bool
333 same_ocsp_location(const ocsp_location_t *a, const ocsp_location_t *b)
334 {
335 return ((a->authKeyID.ptr != NULL)
336 ? same_keyid(a->authKeyID, b->authKeyID)
337 : (same_dn(a->issuer, b->issuer)
338 && same_serial(a->authKeySerialNumber, b->authKeySerialNumber)))
339 && same_chunk(a->uri, b->uri);
340 }
341
342 /*
343 * find an existing ocsp location in a chained list
344 */
345 ocsp_location_t*
346 get_ocsp_location(const ocsp_location_t * loc, ocsp_location_t *chain)
347 {
348
349 while (chain != NULL)
350 {
351 if (same_ocsp_location(loc, chain))
352 return chain;
353 chain = chain->next;
354 }
355 return NULL;
356 }
357
358 /* retrieves the status of a cert from the ocsp cache
359 * returns CERT_UNDEFINED if no status is found
360 */
361 static cert_status_t
362 get_ocsp_status(const ocsp_location_t *loc, chunk_t serialNumber
363 ,time_t *nextUpdate, time_t *revocationTime, crl_reason_t *revocationReason)
364 {
365 ocsp_certinfo_t *certinfo, **certinfop;
366 int cmp = -1;
367
368 /* find location */
369 ocsp_location_t *location = get_ocsp_location(loc, ocsp_cache);
370
371 if (location == NULL)
372 return CERT_UNDEFINED;
373
374 /* traverse list of certinfos in increasing order */
375 certinfop = &location->certinfo;
376 certinfo = *certinfop;
377
378 while (certinfo != NULL)
379 {
380 cmp = cmp_chunk(serialNumber, certinfo->serialNumber);
381 if (cmp <= 0)
382 break;
383 certinfop = &certinfo->next;
384 certinfo = *certinfop;
385 }
386
387 if (cmp == 0)
388 {
389 *nextUpdate = certinfo->nextUpdate;
390 *revocationTime = certinfo->revocationTime;
391 *revocationReason = certinfo->revocationReason;
392 return certinfo->status;
393 }
394
395 return CERT_UNDEFINED;
396 }
397
398 /*
399 * verify the ocsp status of a certificate
400 */
401 cert_status_t
402 verify_by_ocsp(const x509cert_t *cert, time_t *until
403 , time_t *revocationDate, crl_reason_t *revocationReason)
404 {
405 cert_status_t status;
406 ocsp_location_t location;
407 time_t nextUpdate = 0;
408
409 *revocationDate = UNDEFINED_TIME;
410 *revocationReason = REASON_UNSPECIFIED;
411
412 /* is an ocsp location defined? */
413 if (!build_ocsp_location(cert, &location))
414 return CERT_UNDEFINED;
415
416 lock_ocsp_cache("verify_by_ocsp");
417 status = get_ocsp_status(&location, cert->serialNumber, &nextUpdate
418 , revocationDate, revocationReason);
419 unlock_ocsp_cache("verify_by_ocsp");
420
421 if (status == CERT_UNDEFINED || nextUpdate < time(NULL))
422 {
423 plog("ocsp status is stale or not in cache");
424 add_ocsp_fetch_request(&location, cert->serialNumber);
425
426 /* inititate fetching of ocsp status */
427 wake_fetch_thread("verify_by_ocsp");
428 }
429 *until = nextUpdate;
430 return status;
431 }
432
433 /*
434 * check if an ocsp status is about to expire
435 */
436 void
437 check_ocsp(void)
438 {
439 ocsp_location_t *location;
440
441 lock_ocsp_cache("check_ocsp");
442 location = ocsp_cache;
443
444 while (location != NULL)
445 {
446 char buf[BUF_LEN];
447 bool first = TRUE;
448 ocsp_certinfo_t *certinfo = location->certinfo;
449
450 while (certinfo != NULL)
451 {
452 if (!certinfo->once)
453 {
454 time_t time_left = certinfo->nextUpdate - time(NULL);
455
456 DBG(DBG_CONTROL,
457 if (first)
458 {
459 dntoa(buf, BUF_LEN, location->issuer);
460 DBG_log("issuer: '%s'", buf);
461 if (location->authKeyID.ptr != NULL)
462 {
463 datatot(location->authKeyID.ptr, location->authKeyID.len
464 , ':', buf, BUF_LEN);
465 DBG_log("authkey: %s", buf);
466 }
467 first = FALSE;
468 }
469 datatot(certinfo->serialNumber.ptr, certinfo->serialNumber.len
470 , ':', buf, BUF_LEN);
471 DBG_log("serial: %s, %ld seconds left", buf, time_left)
472 )
473
474 if (time_left < 2*crl_check_interval)
475 add_ocsp_fetch_request(location, certinfo->serialNumber);
476 }
477 certinfo = certinfo->next;
478 }
479 location = location->next;
480 }
481 unlock_ocsp_cache("check_ocsp");
482 }
483
484 /*
485 * frees the allocated memory of a certinfo struct
486 */
487 static void
488 free_certinfo(ocsp_certinfo_t *certinfo)
489 {
490 freeanychunk(certinfo->serialNumber);
491 pfree(certinfo);
492 }
493
494 /*
495 * frees all certinfos in a chained list
496 */
497 static void
498 free_certinfos(ocsp_certinfo_t *chain)
499 {
500 ocsp_certinfo_t *certinfo;
501
502 while (chain != NULL)
503 {
504 certinfo = chain;
505 chain = chain->next;
506 free_certinfo(certinfo);
507 }
508 }
509
510 /*
511 * frees the memory allocated to an ocsp location including all certinfos
512 */
513 static void
514 free_ocsp_location(ocsp_location_t* location)
515 {
516 freeanychunk(location->issuer);
517 freeanychunk(location->authNameID);
518 freeanychunk(location->authKeyID);
519 freeanychunk(location->authKeySerialNumber);
520 freeanychunk(location->uri);
521 free_certinfos(location->certinfo);
522 pfree(location);
523 }
524
525 /*
526 * free a chained list of ocsp locations
527 */
528 void
529 free_ocsp_locations(ocsp_location_t **chain)
530 {
531 while (*chain != NULL)
532 {
533 ocsp_location_t *location = *chain;
534 *chain = location->next;
535 free_ocsp_location(location);
536 }
537 }
538
539 /*
540 * free the ocsp cache
541 */
542 void
543 free_ocsp_cache(void)
544 {
545 lock_ocsp_cache("free_ocsp_cache");
546 free_ocsp_locations(&ocsp_cache);
547 unlock_ocsp_cache("free_ocsp_cache");
548 }
549
550 /*
551 * frees the ocsp cache and global variables
552 */
553 void
554 free_ocsp(void)
555 {
556 pfreeany(ocsp_default_uri.ptr);
557 free_ocsp_cache();
558 }
559
560 /*
561 * list a chained list of ocsp_locations
562 */
563 void
564 list_ocsp_locations(ocsp_location_t *location, bool requests, bool utc
565 , bool strict)
566 {
567 bool first = TRUE;
568
569 while (location != NULL)
570 {
571 ocsp_certinfo_t *certinfo = location->certinfo;
572
573 if (certinfo != NULL)
574 {
575 u_char buf[BUF_LEN];
576
577 if (first)
578 {
579 whack_log(RC_COMMENT, " ");
580 whack_log(RC_COMMENT, "List of OCSP %s:", requests?
581 "fetch requests":"responses");
582 first = FALSE;
583 }
584 whack_log(RC_COMMENT, " ");
585 if (location->issuer.ptr != NULL)
586 {
587 dntoa(buf, BUF_LEN, location->issuer);
588 whack_log(RC_COMMENT, " issuer: '%s'", buf);
589 }
590 whack_log(RC_COMMENT, " uri: '%.*s'", (int)location->uri.len
591 , location->uri.ptr);
592 if (location->authNameID.ptr != NULL)
593 {
594 datatot(location->authNameID.ptr, location->authNameID.len, ':'
595 , buf, BUF_LEN);
596 whack_log(RC_COMMENT, " authname: %s", buf);
597 }
598 if (location->authKeyID.ptr != NULL)
599 {
600 datatot(location->authKeyID.ptr, location->authKeyID.len, ':'
601 , buf, BUF_LEN);
602 whack_log(RC_COMMENT, " authkey: %s", buf);
603 }
604 if (location->authKeySerialNumber.ptr != NULL)
605 {
606 datatot(location->authKeySerialNumber.ptr
607 , location->authKeySerialNumber.len, ':', buf, BUF_LEN);
608 whack_log(RC_COMMENT, " aserial: %s", buf);
609 }
610 while (certinfo != NULL)
611 {
612 char thisUpdate[TIMETOA_BUF];
613
614 strcpy(thisUpdate, timetoa(&certinfo->thisUpdate, utc));
615
616 if (requests)
617 {
618 whack_log(RC_COMMENT, "%s, trials: %d", thisUpdate
619 , certinfo->trials);
620 }
621 else if (certinfo->once)
622 {
623 whack_log(RC_COMMENT, "%s, onetime use%s", thisUpdate
624 , (certinfo->nextUpdate < time(NULL))? " (expired)": "");
625 }
626 else
627 {
628 whack_log(RC_COMMENT, "%s, until %s %s", thisUpdate
629 , timetoa(&certinfo->nextUpdate, utc)
630 , check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict));
631 }
632 datatot(certinfo->serialNumber.ptr, certinfo->serialNumber.len, ':'
633 , buf, BUF_LEN);
634 whack_log(RC_COMMENT, " serial: %s, %s", buf
635 , cert_status_names[certinfo->status]);
636 certinfo = certinfo->next;
637 }
638 }
639 location = location->next;
640 }
641 }
642
643 /*
644 * list the ocsp cache
645 */
646 void
647 list_ocsp_cache(bool utc, bool strict)
648 {
649 lock_ocsp_cache("list_ocsp_cache");
650 list_ocsp_locations(ocsp_cache, FALSE, utc, strict);
651 unlock_ocsp_cache("list_ocsp_cache");
652 }
653
654 static bool
655 get_ocsp_requestor_cert(ocsp_location_t *location)
656 {
657 x509cert_t *cert = NULL;
658
659 /* initialize temporary static storage */
660 ocsp_requestor_cert = NULL;
661 ocsp_requestor_sc = NULL;
662 ocsp_requestor_pri = NULL;
663
664 for (;;)
665 {
666 char buf[BUF_LEN];
667
668 /* looking for a certificate from the same issuer */
669 cert = get_x509cert(location->issuer, location->authKeySerialNumber
670 ,location->authKeyID, cert);
671 if (cert == NULL)
672 break;
673
674 DBG(DBG_CONTROL,
675 dntoa(buf, BUF_LEN, cert->subject);
676 DBG_log("candidate: '%s'", buf);
677 )
678
679 if (cert->smartcard)
680 {
681 /* look for a matching private key on a smartcard */
682 smartcard_t *sc = scx_get(cert);
683
684 if (sc != NULL)
685 {
686 DBG(DBG_CONTROL,
687 DBG_log("matching smartcard found")
688 )
689 if (sc->valid)
690 {
691 ocsp_requestor_cert = cert;
692 ocsp_requestor_sc = sc;
693 return TRUE;
694 }
695 plog("unable to sign ocsp request without PIN");
696 }
697 }
698 else
699 {
700 /* look for a matching private key in the chained list */
701 const struct RSA_private_key *pri = get_x509_private_key(cert);
702
703 if (pri != NULL)
704 {
705 DBG(DBG_CONTROL,
706 DBG_log("matching private key found")
707 )
708 ocsp_requestor_cert = cert;
709 ocsp_requestor_pri = pri;
710 return TRUE;
711 }
712 }
713 }
714 return FALSE;
715 }
716
717 static chunk_t
718 generate_signature(chunk_t digest, smartcard_t *sc
719 , const RSA_private_key_t *pri)
720 {
721 chunk_t sigdata;
722 u_char *pos;
723 size_t siglen = 0;
724
725 if (sc != NULL)
726 {
727 /* RSA signature is done on smartcard */
728
729 if (!scx_establish_context(sc) || !scx_login(sc))
730 {
731 scx_release_context(sc);
732 return empty_chunk;
733 }
734
735 siglen = scx_get_keylength(sc);
736
737 if (siglen == 0)
738 {
739 plog("failed to get keylength from smartcard");
740 scx_release_context(sc);
741 return empty_chunk;
742 }
743
744 DBG(DBG_CONTROL | DBG_CRYPT,
745 DBG_log("signing hash with RSA key from smartcard (slot: %d, id: %s)"
746 , (int)sc->slot, sc->id)
747 )
748
749 pos = build_asn1_object(&sigdata, ASN1_BIT_STRING, 1 + siglen);
750 *pos++ = 0x00;
751 scx_sign_hash(sc, digest.ptr, digest.len, pos, siglen);
752 if (!pkcs11_keep_state)
753 scx_release_context(sc);
754 }
755 else
756 {
757 /* RSA signature is done in software */
758 siglen = pri->pub.k;
759 pos = build_asn1_object(&sigdata, ASN1_BIT_STRING, 1 + siglen);
760 *pos++ = 0x00;
761 sign_hash(pri, digest.ptr, digest.len, pos, siglen);
762 }
763 return sigdata;
764 }
765
766 /*
767 * build signature into ocsp request
768 * gets built only if a request cert with
769 * a corresponding private key is found
770 */
771 static chunk_t
772 build_signature(chunk_t tbsRequest)
773 {
774 chunk_t sigdata, certs;
775 chunk_t digest_info;
776
777 u_char digest_buf[MAX_DIGEST_LEN];
778 chunk_t digest_raw = { digest_buf, MAX_DIGEST_LEN };
779
780 if (!compute_digest(tbsRequest, OID_SHA1, &digest_raw))
781 return empty_chunk;
782
783 /* according to PKCS#1 v2.1 digest must be packaged into
784 * an ASN.1 structure for encryption
785 */
786 digest_info = asn1_wrap(ASN1_SEQUENCE, "cm"
787 , ASN1_sha1_id
788 , asn1_simple_object(ASN1_OCTET_STRING, digest_raw));
789
790 /* generate the RSA signature */
791 sigdata = generate_signature(digest_info
792 , ocsp_requestor_sc
793 , ocsp_requestor_pri);
794 freeanychunk(digest_info);
795
796 /* has the RSA signature generation been successful? */
797 if (sigdata.ptr == NULL)
798 return empty_chunk;
799
800 /* include our certificate */
801 certs = asn1_wrap(ASN1_CONTEXT_C_0, "m"
802 , asn1_simple_object(ASN1_SEQUENCE
803 , ocsp_requestor_cert->certificate
804 )
805 );
806
807 /* build signature comprising algorithm, signature and cert */
808 return asn1_wrap(ASN1_CONTEXT_C_0, "m"
809 , asn1_wrap(ASN1_SEQUENCE, "cmm"
810 , ASN1_sha1WithRSA_id
811 , sigdata
812 , certs
813 )
814 );
815 }
816
817 /* build request (into requestList)
818 * no singleRequestExtensions used
819 */
820 static chunk_t
821 build_request(ocsp_location_t *location, ocsp_certinfo_t *certinfo)
822 {
823 chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "cmmm"
824 , ASN1_sha1_id
825 , asn1_simple_object(ASN1_OCTET_STRING, location->authNameID)
826 , asn1_simple_object(ASN1_OCTET_STRING, location->authKeyID)
827 , asn1_simple_object(ASN1_INTEGER, certinfo->serialNumber));
828
829 return asn1_wrap(ASN1_SEQUENCE, "m", reqCert);
830 }
831
832 /*
833 * build requestList (into TBSRequest)
834 */
835 static chunk_t
836 build_request_list(ocsp_location_t *location)
837 {
838 chunk_t requestList;
839 request_list_t *reqs = NULL;
840 ocsp_certinfo_t *certinfo = location->certinfo;
841 u_char *pos;
842
843 size_t datalen = 0;
844
845 /* build content */
846 while (certinfo != NULL)
847 {
848 /* build request for every certificate in list
849 * and store them in a chained list
850 */
851 request_list_t *req = alloc_thing(request_list_t, "ocsp request");
852
853 req->request = build_request(location, certinfo);
854 req->next = reqs;
855 reqs = req;
856
857 datalen += req->request.len;
858 certinfo = certinfo->next;
859 }
860
861 pos = build_asn1_object(&requestList, ASN1_SEQUENCE
862 , datalen);
863
864 /* copy all in chained list, free list afterwards */
865 while (reqs != NULL)
866 {
867 request_list_t *req = reqs;
868
869 mv_chunk(&pos, req->request);
870 reqs = reqs->next;
871 pfree(req);
872 }
873
874 return requestList;
875 }
876
877 /*
878 * build requestorName (into TBSRequest)
879 */
880 static chunk_t
881 build_requestor_name(void)
882 {
883 return asn1_wrap(ASN1_CONTEXT_C_1, "m"
884 , asn1_simple_object(ASN1_CONTEXT_C_4
885 , ocsp_requestor_cert->subject));
886 }
887
888 /*
889 * build nonce extension (into requestExtensions)
890 */
891 static chunk_t
892 build_nonce_extension(ocsp_location_t *location)
893 {
894 /* generate a random nonce */
895 location->nonce.ptr = alloc_bytes(NONCE_LENGTH, "ocsp nonce"),
896 location->nonce.len = NONCE_LENGTH;
897 get_rnd_bytes(location->nonce.ptr, NONCE_LENGTH);
898
899 return asn1_wrap(ASN1_SEQUENCE, "cm"
900 , ASN1_nonce_oid
901 , asn1_simple_object(ASN1_OCTET_STRING, location->nonce));
902 }
903
904 /*
905 * build requestExtensions (into TBSRequest)
906 */
907 static chunk_t
908 build_request_ext(ocsp_location_t *location)
909 {
910 return asn1_wrap(ASN1_CONTEXT_C_2, "m"
911 , asn1_wrap(ASN1_SEQUENCE, "mm"
912 , build_nonce_extension(location)
913 , asn1_wrap(ASN1_SEQUENCE, "cc"
914 , ASN1_response_oid
915 , ASN1_response_content
916 )
917 )
918 );
919 }
920
921 /*
922 * build TBSRequest (into OCSPRequest)
923 */
924 static chunk_t
925 build_tbs_request(ocsp_location_t *location, bool has_requestor_cert)
926 {
927 /* version is skipped since the default is ok */
928 return asn1_wrap(ASN1_SEQUENCE, "mmm"
929 , (has_requestor_cert)
930 ? build_requestor_name()
931 : empty_chunk
932 , build_request_list(location)
933 , build_request_ext(location));
934 }
935
936 /* assembles an ocsp request to given location
937 * and sets nonce field in location to the sent nonce
938 */
939 chunk_t
940 build_ocsp_request(ocsp_location_t *location)
941 {
942 bool has_requestor_cert;
943 chunk_t tbsRequest, signature;
944 char buf[BUF_LEN];
945
946 DBG(DBG_CONTROL,
947 DBG_log("assembling ocsp request");
948 dntoa(buf, BUF_LEN, location->issuer);
949 DBG_log("issuer: '%s'", buf);
950 if (location->authKeyID.ptr != NULL)
951 {
952 datatot(location->authKeyID.ptr, location->authKeyID.len, ':'
953 , buf, BUF_LEN);
954 DBG_log("authkey: %s", buf);
955 }
956 )
957 lock_certs_and_keys("build_ocsp_request");
958
959 /* looks for requestor cert and matching private key */
960 has_requestor_cert = get_ocsp_requestor_cert(location);
961
962 /* build content */
963 tbsRequest = build_tbs_request(location, has_requestor_cert);
964
965 /* sign tbsReuqest */
966 signature = (has_requestor_cert)? build_signature(tbsRequest)
967 : empty_chunk;
968
969 unlock_certs_and_keys("build_ocsp_request");
970
971 return asn1_wrap(ASN1_SEQUENCE, "mm"
972 , tbsRequest
973 , signature);
974 }
975
976 /*
977 * check if the OCSP response has a valid signature
978 */
979 static bool
980 valid_ocsp_response(response_t *res)
981 {
982 int pathlen;
983 x509cert_t *authcert;
984
985 lock_authcert_list("valid_ocsp_response");
986
987 authcert = get_authcert(res->responder_id_name, empty_chunk
988 , res->responder_id_key, AUTH_OCSP | AUTH_CA);
989
990 if (authcert == NULL)
991 {
992 plog("no matching ocsp signer cert found");
993 unlock_authcert_list("valid_ocsp_response");
994 return FALSE;
995 }
996 DBG(DBG_CONTROL,
997 DBG_log("ocsp signer cert found")
998 )
999
1000 if (!check_signature(res->tbs, res->signature, res->algorithm
1001 , res->algorithm, authcert))
1002 {
1003 plog("signature of ocsp response is invalid");
1004 unlock_authcert_list("valid_ocsp_response");
1005 return FALSE;
1006 }
1007 DBG(DBG_CONTROL,
1008 DBG_log("signature of ocsp response is valid")
1009 )
1010
1011
1012 for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
1013 {
1014 u_char buf[BUF_LEN];
1015 err_t ugh = NULL;
1016 time_t until;
1017
1018 x509cert_t *cert = authcert;
1019
1020 DBG(DBG_CONTROL,
1021 dntoa(buf, BUF_LEN, cert->subject);
1022 DBG_log("subject: '%s'",buf);
1023 dntoa(buf, BUF_LEN, cert->issuer);
1024 DBG_log("issuer: '%s'",buf);
1025 if (cert->authKeyID.ptr != NULL)
1026 {
1027 datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':'
1028 , buf, BUF_LEN);
1029 DBG_log("authkey: %s", buf);
1030 }
1031 )
1032
1033 ugh = check_validity(authcert, &until);
1034
1035 if (ugh != NULL)
1036 {
1037 plog("%s", ugh);
1038 unlock_authcert_list("valid_ocsp_response");
1039 return FALSE;
1040 }
1041
1042 DBG(DBG_CONTROL,
1043 DBG_log("certificate is valid")
1044 )
1045
1046 authcert = get_authcert(cert->issuer, cert->authKeySerialNumber
1047 , cert->authKeyID, AUTH_CA);
1048
1049 if (authcert == NULL)
1050 {
1051 plog("issuer cacert not found");
1052 unlock_authcert_list("valid_ocsp_response");
1053 return FALSE;
1054 }
1055 DBG(DBG_CONTROL,
1056 DBG_log("issuer cacert found")
1057 )
1058
1059 if (!check_signature(cert->tbsCertificate, cert->signature
1060 , cert->algorithm, cert->algorithm, authcert))
1061 {
1062 plog("certificate signature is invalid");
1063 unlock_authcert_list("valid_ocsp_response");
1064 return FALSE;
1065 }
1066 DBG(DBG_CONTROL,
1067 DBG_log("certificate signature is valid")
1068 )
1069
1070 /* check if cert is self-signed */
1071 if (same_dn(cert->issuer, cert->subject))
1072 {
1073 DBG(DBG_CONTROL,
1074 DBG_log("reached self-signed root ca")
1075 )
1076 unlock_authcert_list("valid_ocsp_response");
1077 return TRUE;
1078 }
1079 }
1080 plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
1081 unlock_authcert_list("valid_ocsp_response");
1082 return FALSE;
1083 }
1084
1085 /*
1086 * parse a basic OCSP response
1087 */
1088 static bool
1089 parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res)
1090 {
1091 asn1_ctx_t ctx;
1092 bool critical;
1093 chunk_t object;
1094 u_int level, version;
1095 u_char buf[BUF_LEN];
1096 int objectID = 0;
1097 int extn_oid = OID_UNKNOWN;
1098
1099 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1100
1101 while (objectID < BASIC_RESPONSE_ROOF)
1102 {
1103 if (!extract_object(basicResponseObjects, &objectID, &object, &level, &ctx))
1104 return FALSE;
1105
1106 switch (objectID)
1107 {
1108 case BASIC_RESPONSE_TBS_DATA:
1109 res->tbs = object;
1110 break;
1111 case BASIC_RESPONSE_VERSION:
1112 version = (object.len)? (1 + (u_int)*object.ptr) : 1;
1113 if (version != OCSP_BASIC_RESPONSE_VERSION)
1114 {
1115 plog("wrong ocsp basic response version (version= %i)", version);
1116 return FALSE;
1117 }
1118 break;
1119 case BASIC_RESPONSE_ID_BY_NAME:
1120 res->responder_id_name = object;
1121 DBG(DBG_PARSING,
1122 dntoa(buf, BUF_LEN, object);
1123 DBG_log(" '%s'",buf)
1124 )
1125 break;
1126 case BASIC_RESPONSE_ID_BY_KEY:
1127 res->responder_id_key = object;
1128 break;
1129 case BASIC_RESPONSE_PRODUCED_AT:
1130 res->produced_at = asn1totime(&object, ASN1_GENERALIZEDTIME);
1131 break;
1132 case BASIC_RESPONSE_RESPONSES:
1133 res->responses = object;
1134 break;
1135 case BASIC_RESPONSE_EXT_ID:
1136 extn_oid = known_oid(object);
1137 break;
1138 case BASIC_RESPONSE_CRITICAL:
1139 critical = object.len && *object.ptr;
1140 DBG(DBG_PARSING,
1141 DBG_log(" %s",(critical)?"TRUE":"FALSE");
1142 )
1143 break;
1144 case BASIC_RESPONSE_EXT_VALUE:
1145 if (extn_oid == OID_NONCE)
1146 res->nonce = object;
1147 break;
1148 case BASIC_RESPONSE_ALGORITHM:
1149 res->algorithm = parse_algorithmIdentifier(object, level+1, NULL);
1150 break;
1151 case BASIC_RESPONSE_SIGNATURE:
1152 res->signature = object;
1153 break;
1154 case BASIC_RESPONSE_CERTIFICATE:
1155 {
1156 chunk_t blob;
1157 x509cert_t *cert = alloc_thing(x509cert_t, "ocspcert");
1158
1159 clonetochunk(blob, object.ptr, object.len, "ocspcert blob");
1160 *cert = empty_x509cert;
1161
1162 if (parse_x509cert(blob, level+1, cert)
1163 && cert->isOcspSigner
1164 && trust_authcert_candidate(cert, NULL))
1165 {
1166 add_authcert(cert, AUTH_OCSP);
1167 }
1168 else
1169 {
1170 DBG(DBG_CONTROL | DBG_PARSING,
1171 DBG_log("embedded ocsp certificate rejected")
1172 )
1173 free_x509cert(cert);
1174 }
1175 }
1176 break;
1177 }
1178 objectID++;
1179 }
1180 return TRUE;
1181 }
1182
1183
1184 /*
1185 * parse an ocsp response and return the result as a response_t struct
1186 */
1187 static response_status
1188 parse_ocsp_response(chunk_t blob, response_t * res)
1189 {
1190 asn1_ctx_t ctx;
1191 chunk_t object;
1192 u_int level;
1193 int objectID = 0;
1194 int ocspResponseType = OID_UNKNOWN;
1195 response_status rStatus = STATUS_INTERNALERROR;
1196
1197 asn1_init(&ctx, blob, 0, FALSE, DBG_RAW);
1198
1199 while (objectID < OCSP_RESPONSE_ROOF)
1200 {
1201 if (!extract_object(ocspResponseObjects, &objectID, &object, &level, &ctx))
1202 return STATUS_INTERNALERROR;
1203
1204 switch (objectID) {
1205 case OCSP_RESPONSE_STATUS:
1206 rStatus = (response_status) *object.ptr;
1207
1208 switch (rStatus)
1209 {
1210 case STATUS_SUCCESSFUL:
1211 break;
1212 case STATUS_MALFORMEDREQUEST:
1213 case STATUS_INTERNALERROR:
1214 case STATUS_TRYLATER:
1215 case STATUS_SIGREQUIRED:
1216 case STATUS_UNAUTHORIZED:
1217 plog("ocsp response: server said '%s'"
1218 , response_status_names[rStatus]);
1219 return rStatus;
1220 default:
1221 return STATUS_INTERNALERROR;
1222 }
1223 break;
1224 case OCSP_RESPONSE_TYPE:
1225 ocspResponseType = known_oid(object);
1226 break;
1227 case OCSP_RESPONSE:
1228 {
1229 switch (ocspResponseType) {
1230 case OID_BASIC:
1231 if (!parse_basic_ocsp_response(object, level+1, res))
1232 return STATUS_INTERNALERROR;
1233 break;
1234 default:
1235 DBG(DBG_CONTROL,
1236 DBG_log("ocsp response is not of type BASIC");
1237 DBG_dump_chunk("ocsp response OID: ", object);
1238 )
1239 return STATUS_INTERNALERROR;
1240 }
1241 }
1242 break;
1243 }
1244 objectID++;
1245 }
1246 return rStatus;
1247 }
1248
1249 /*
1250 * parse a basic OCSP response
1251 */
1252 static bool
1253 parse_ocsp_single_response(chunk_t blob, int level0, single_response_t *sres)
1254 {
1255 u_int level, extn_oid;
1256 asn1_ctx_t ctx;
1257 bool critical;
1258 chunk_t object;
1259 int objectID = 0;
1260
1261 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1262
1263 while (objectID < SINGLE_RESPONSE_ROOF)
1264 {
1265 if (!extract_object(singleResponseObjects, &objectID, &object, &level, &ctx))
1266 return FALSE;
1267
1268 switch (objectID)
1269 {
1270 case SINGLE_RESPONSE_ALGORITHM:
1271 sres->hash_algorithm = parse_algorithmIdentifier(object, level+1, NULL);
1272 break;
1273 case SINGLE_RESPONSE_ISSUER_NAME_HASH:
1274 sres->issuer_name_hash = object;
1275 break;
1276 case SINGLE_RESPONSE_ISSUER_KEY_HASH:
1277 sres->issuer_key_hash = object;
1278 break;
1279 case SINGLE_RESPONSE_SERIAL_NUMBER:
1280 sres->serialNumber = object;
1281 break;
1282 case SINGLE_RESPONSE_CERT_STATUS_GOOD:
1283 sres->status = CERT_GOOD;
1284 break;
1285 case SINGLE_RESPONSE_CERT_STATUS_REVOKED:
1286 sres->status = CERT_REVOKED;
1287 break;
1288 case SINGLE_RESPONSE_CERT_STATUS_REVOCATION_TIME:
1289 sres->revocationTime = asn1totime(&object, ASN1_GENERALIZEDTIME);
1290 break;
1291 case SINGLE_RESPONSE_CERT_STATUS_CRL_REASON:
1292 sres->revocationReason = (object.len == 1)
1293 ? *object.ptr : REASON_UNSPECIFIED;
1294 break;
1295 case SINGLE_RESPONSE_CERT_STATUS_UNKNOWN:
1296 sres->status = CERT_UNKNOWN;
1297 break;
1298 case SINGLE_RESPONSE_THIS_UPDATE:
1299 sres->thisUpdate = asn1totime(&object, ASN1_GENERALIZEDTIME);
1300 break;
1301 case SINGLE_RESPONSE_NEXT_UPDATE:
1302 sres->nextUpdate = asn1totime(&object, ASN1_GENERALIZEDTIME);
1303 break;
1304 case SINGLE_RESPONSE_EXT_ID:
1305 extn_oid = known_oid(object);
1306 break;
1307 case SINGLE_RESPONSE_CRITICAL:
1308 critical = object.len && *object.ptr;
1309 DBG(DBG_PARSING,
1310 DBG_log(" %s",(critical)?"TRUE":"FALSE");
1311 )
1312 case SINGLE_RESPONSE_EXT_VALUE:
1313 break;
1314 }
1315 objectID++;
1316 }
1317 return TRUE;
1318 }
1319
1320 /*
1321 * add an ocsp location to a chained list
1322 */
1323 ocsp_location_t*
1324 add_ocsp_location(const ocsp_location_t *loc, ocsp_location_t **chain)
1325 {
1326 ocsp_location_t *location = alloc_thing(ocsp_location_t, "ocsp location");
1327
1328 /* unshare location fields */
1329 clonetochunk(location->issuer
1330 , loc->issuer.ptr, loc->issuer.len
1331 , "ocsp issuer");
1332
1333 clonetochunk(location->authNameID
1334 , loc->authNameID.ptr, loc->authNameID.len
1335 , "ocsp authNameID");
1336
1337 if (loc->authKeyID.ptr == NULL)
1338 location->authKeyID = empty_chunk;
1339 else
1340 clonetochunk(location->authKeyID
1341 , loc->authKeyID.ptr, loc->authKeyID.len
1342 , "ocsp authKeyID");
1343
1344 if (loc->authKeySerialNumber.ptr == NULL)
1345 location->authKeySerialNumber = empty_chunk;
1346 else
1347 clonetochunk(location->authKeySerialNumber
1348 , loc->authKeySerialNumber.ptr, loc->authKeySerialNumber.len
1349 , "ocsp authKeySerialNumber");
1350
1351 clonetochunk(location->uri
1352 , loc->uri.ptr, loc->uri.len
1353 , "ocsp uri");
1354
1355 location->certinfo = NULL;
1356
1357 /* insert new ocsp location in front of chain */
1358 location->next = *chain;
1359 *chain = location;
1360
1361 DBG(DBG_CONTROL,
1362 DBG_log("new ocsp location added")
1363 )
1364
1365 return location;
1366 }
1367
1368 /*
1369 * add a certinfo struct to a chained list
1370 */
1371 void
1372 add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chain
1373 , bool request)
1374 {
1375 ocsp_location_t *location;
1376 ocsp_certinfo_t *certinfo, **certinfop;
1377 char buf[BUF_LEN];
1378 time_t now;
1379 int cmp = -1;
1380
1381 location = get_ocsp_location(loc, *chain);
1382 if (location == NULL)
1383 location = add_ocsp_location(loc, chain);
1384
1385 /* traverse list of certinfos in increasing order */
1386 certinfop = &location->certinfo;
1387 certinfo = *certinfop;
1388
1389 while (certinfo != NULL)
1390 {
1391 cmp = cmp_chunk(info->serialNumber, certinfo->serialNumber);
1392 if (cmp <= 0)
1393 break;
1394 certinfop = &certinfo->next;
1395 certinfo = *certinfop;
1396 }
1397
1398 if (cmp != 0)
1399 {
1400 /* add a new certinfo entry */
1401 ocsp_certinfo_t *cnew = alloc_thing(ocsp_certinfo_t, "ocsp certinfo");
1402 clonetochunk(cnew->serialNumber, info->serialNumber.ptr
1403 , info->serialNumber.len, "serialNumber");
1404 cnew->next = certinfo;
1405 *certinfop = cnew;
1406 certinfo = cnew;
1407 }
1408
1409 DBG(DBG_CONTROL,
1410 datatot(info->serialNumber.ptr, info->serialNumber.len, ':'
1411 , buf, BUF_LEN);
1412 DBG_log("ocsp %s for serial %s %s"
1413 , request?"fetch request":"certinfo"
1414 , buf
1415 , (cmp == 0)? (request?"already exists":"updated"):"added")
1416 )
1417
1418 time(&now);
1419
1420 if (request)
1421 {
1422 certinfo->status = CERT_UNDEFINED;
1423
1424 if (cmp != 0)
1425 certinfo->thisUpdate = now;
1426
1427 certinfo->nextUpdate = UNDEFINED_TIME;
1428 }
1429 else
1430 {
1431 certinfo->status = info->status;
1432 certinfo->revocationTime = info->revocationTime;
1433 certinfo->revocationReason = info->revocationReason;
1434
1435 certinfo->thisUpdate = (info->thisUpdate != UNDEFINED_TIME)?
1436 info->thisUpdate : now;
1437
1438 certinfo->once = (info->nextUpdate == UNDEFINED_TIME);
1439
1440 certinfo->nextUpdate = (certinfo->once)?
1441 (now + OCSP_DEFAULT_VALID_TIME) : info->nextUpdate;
1442 }
1443 }
1444
1445 /*
1446 * process received ocsp single response and add it to ocsp cache
1447 */
1448 static void
1449 process_single_response(ocsp_location_t *location, single_response_t *sres)
1450 {
1451 ocsp_certinfo_t *certinfo, **certinfop;
1452 int cmp = -1;
1453
1454 if (sres->hash_algorithm != OID_SHA1)
1455 {
1456 plog("only SHA-1 hash supported in OCSP single response");
1457 return;
1458 }
1459 if (!(same_chunk(sres->issuer_name_hash, location->authNameID)
1460 && same_chunk(sres->issuer_key_hash, location->authKeyID)))
1461 {
1462 plog("ocsp single response has wrong issuer");
1463 return;
1464 }
1465
1466 /* traverse list of certinfos in increasing order */
1467 certinfop = &location->certinfo;
1468 certinfo = *certinfop;
1469
1470 while (certinfo != NULL)
1471 {
1472 cmp = cmp_chunk(sres->serialNumber, certinfo->serialNumber);
1473 if (cmp <= 0)
1474 break;
1475 certinfop = &certinfo->next;
1476 certinfo = *certinfop;
1477 }
1478
1479 if (cmp != 0)
1480 {
1481 plog("received unrequested cert status from ocsp server");
1482 return;
1483 }
1484
1485 /* unlink cert from ocsp fetch request list */
1486 *certinfop = certinfo->next;
1487
1488 /* update certinfo using the single response information */
1489 certinfo->thisUpdate = sres->thisUpdate;
1490 certinfo->nextUpdate = sres->nextUpdate;
1491 certinfo->status = sres->status;
1492 certinfo->revocationTime = sres->revocationTime;
1493 certinfo->revocationReason = sres->revocationReason;
1494
1495 /* add or update certinfo in ocsp cache */
1496 lock_ocsp_cache("process_single_response");
1497 add_certinfo(location, certinfo, &ocsp_cache, FALSE);
1498 unlock_ocsp_cache("process_single_response");
1499
1500 /* free certinfo unlinked from ocsp fetch request list */
1501 free_certinfo(certinfo);
1502
1503 }
1504
1505 /*
1506 * parse and verify ocsp response and update the ocsp cache
1507 */
1508 void
1509 parse_ocsp(ocsp_location_t *location, chunk_t blob)
1510 {
1511 response_t res = empty_response;
1512
1513 /* parse the ocsp response without looking at the single responses yet */
1514 response_status status = parse_ocsp_response(blob, &res);
1515
1516 if (status != STATUS_SUCCESSFUL)
1517 {
1518 plog("error in ocsp response");
1519 return;
1520 }
1521 /* check if there was a nonce in the request */
1522 if (location->nonce.ptr != NULL && res.nonce.ptr == NULL)
1523 {
1524 plog("ocsp response contains no nonce, replay attack possible");
1525 }
1526 /* check if the nonce is identical */
1527 if (res.nonce.ptr != NULL && !same_chunk(res.nonce, location->nonce))
1528 {
1529 plog("invalid nonce in ocsp response");
1530 return;
1531 }
1532 /* check if the response is signed by a trusted key */
1533 if (!valid_ocsp_response(&res))
1534 {
1535 plog("invalid ocsp response");
1536 return;
1537 }
1538 DBG(DBG_CONTROL,
1539 DBG_log("valid ocsp response")
1540 )
1541
1542 /* now parse the single responses one at a time */
1543 {
1544 u_int level;
1545 asn1_ctx_t ctx;
1546 chunk_t object;
1547 int objectID = 0;
1548
1549 asn1_init(&ctx, res.responses, 0, FALSE, DBG_RAW);
1550
1551 while (objectID < RESPONSES_ROOF)
1552 {
1553 if (!extract_object(responsesObjects, &objectID, &object, &level, &ctx))
1554 return;
1555
1556 if (objectID == RESPONSES_SINGLE_RESPONSE)
1557 {
1558 single_response_t sres = empty_single_response;
1559
1560 if (parse_ocsp_single_response(object, level+1, &sres))
1561 {
1562 process_single_response(location, &sres);
1563 }
1564 }
1565 objectID++;
1566 }
1567 }
1568 }