projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
OID_UNKNOWN (-1) requires int type
[strongswan.git] / src / pluto / ocsp.c
1 /* Support of the Online Certificate Status Protocol (OCSP)
2 * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
3 * Zuercher Hochschule Winterthur
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 */
16
17 #include <unistd.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <time.h>
21 #include <sys/types.h>
22 #include <sys/stat.h>
23 #include <fcntl.h>
24
25 #include <freeswan.h>
26 #include <ipsec_policy.h>
27
28 #include "constants.h"
29 #include "defs.h"
30 #include "log.h"
31 #include "x509.h"
32 #include "crl.h"
33 #include "ca.h"
34 #include "rnd.h"
35 #include "asn1.h"
36 #include "certs.h"
37 #include "smartcard.h"
38 #include <asn1/oid.h>
39 #include "whack.h"
40 #include "pkcs1.h"
41 #include "keys.h"
42 #include "fetch.h"
43 #include "ocsp.h"
44
45 #define NONCE_LENGTH 16
46
47 static const char *const cert_status_names[] = {
48 "good",
49 "revoked",
50 "unknown",
51 "undefined"
52 };
53
54
55 static const char *const response_status_names[] = {
56 "successful",
57 "malformed request",
58 "internal error",
59 "try later",
60 "signature required",
61 "unauthorized"
62 };
63
64 /* response container */
65 typedef struct response response_t;
66
67 struct response {
68 chunk_t tbs;
69 chunk_t responder_id_name;
70 chunk_t responder_id_key;
71 time_t produced_at;
72 chunk_t responses;
73 chunk_t nonce;
74 int algorithm;
75 chunk_t signature;
76 };
77
78 const response_t empty_response = {
79 { NULL, 0 } , /* tbs */
80 { NULL, 0 } , /* responder_id_name */
81 { NULL, 0 } , /* responder_id_key */
82 UNDEFINED_TIME, /* produced_at */
83 { NULL, 0 } , /* single_response */
84 { NULL, 0 } , /* nonce */
85 OID_UNKNOWN , /* signature_algorithm */
86 { NULL, 0 } /* signature */
87 };
88
89 /* single response container */
90 typedef struct single_response single_response_t;
91
92 struct single_response {
93 single_response_t *next;
94 int hash_algorithm;
95 chunk_t issuer_name_hash;
96 chunk_t issuer_key_hash;
97 chunk_t serialNumber;
98 cert_status_t status;
99 time_t revocationTime;
100 crl_reason_t revocationReason;
101 time_t thisUpdate;
102 time_t nextUpdate;
103 };
104
105 const single_response_t empty_single_response = {
106 NULL , /* *next */
107 OID_UNKNOWN , /* hash_algorithm */
108 { NULL, 0 } , /* issuer_name_hash */
109 { NULL, 0 } , /* issuer_key_hash */
110 { NULL, 0 } , /* serial_number */
111 CERT_UNDEFINED , /* status */
112 UNDEFINED_TIME , /* revocationTime */
113 REASON_UNSPECIFIED, /* revocationReason */
114 UNDEFINED_TIME , /* this_update */
115 UNDEFINED_TIME /* next_update */
116 };
117
118
119 /* list of single requests */
120 typedef struct request_list request_list_t;
121 struct request_list {
122 chunk_t request;
123 request_list_t *next;
124 };
125
126 /* some OCSP specific prefabricated ASN.1 constants */
127
128 static u_char ASN1_nonce_oid_str[] = {
129 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02
130 };
131
132 static const chunk_t ASN1_nonce_oid = strchunk(ASN1_nonce_oid_str);
133
134 static u_char ASN1_response_oid_str[] = {
135 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04
136 };
137
138 static const chunk_t ASN1_response_oid = strchunk(ASN1_response_oid_str);
139
140 static u_char ASN1_response_content_str[] = {
141 0x04, 0x0D,
142 0x30, 0x0B,
143 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01
144 };
145
146 static const chunk_t ASN1_response_content = strchunk(ASN1_response_content_str);
147
148 /* default OCSP uri */
149 static chunk_t ocsp_default_uri;
150
151 /* ocsp cache: pointer to first element */
152 static ocsp_location_t *ocsp_cache = NULL;
153
154 /* static temporary storage for ocsp requestor information */
155 static x509cert_t *ocsp_requestor_cert = NULL;
156
157 static smartcard_t *ocsp_requestor_sc = NULL;
158
159 static const struct RSA_private_key *ocsp_requestor_pri = NULL;
160
161 /* asn.1 definitions for parsing */
162
163 static const asn1Object_t ocspResponseObjects[] = {
164 { 0, "OCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
165 { 1, "responseStatus", ASN1_ENUMERATED, ASN1_BODY }, /* 1 */
166 { 1, "responseBytesContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 2 */
167 { 2, "responseBytes", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */
168 { 3, "responseType", ASN1_OID, ASN1_BODY }, /* 4 */
169 { 3, "response", ASN1_OCTET_STRING, ASN1_BODY }, /* 5 */
170 { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */
171 };
172
173 #define OCSP_RESPONSE_STATUS 1
174 #define OCSP_RESPONSE_TYPE 4
175 #define OCSP_RESPONSE 5
176 #define OCSP_RESPONSE_ROOF 7
177
178 static const asn1Object_t basicResponseObjects[] = {
179 { 0, "BasicOCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
180 { 1, "tbsResponseData", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
181 { 2, "versionContext", ASN1_CONTEXT_C_0, ASN1_NONE |
182 ASN1_DEF }, /* 2 */
183 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */
184 { 2, "responderIdContext", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 4 */
185 { 3, "responderIdByName", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */
186 { 2, "end choice", ASN1_EOC, ASN1_END }, /* 6 */
187 { 2, "responderIdContext", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 7 */
188 { 3, "responderIdByKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 8 */
189 { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
190 { 2, "producedAt", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 10 */
191 { 2, "responses", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
192 { 2, "responseExtensionsContext", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 12 */
193 { 3, "responseExtensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 13 */
194 { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 14 */
195 { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 15 */
196 { 5, "critical", ASN1_BOOLEAN, ASN1_BODY |
197 ASN1_DEF }, /* 16 */
198 { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 17 */
199 { 4, "end loop", ASN1_EOC, ASN1_END }, /* 18 */
200 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 19 */
201 { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 20 */
202 { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 21 */
203 { 1, "certsContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 22 */
204 { 2, "certs", ASN1_SEQUENCE, ASN1_LOOP }, /* 23 */
205 { 3, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 24 */
206 { 2, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
207 { 1, "end opt", ASN1_EOC, ASN1_END } /* 26 */
208 };
209
210 #define BASIC_RESPONSE_TBS_DATA 1
211 #define BASIC_RESPONSE_VERSION 3
212 #define BASIC_RESPONSE_ID_BY_NAME 5
213 #define BASIC_RESPONSE_ID_BY_KEY 8
214 #define BASIC_RESPONSE_PRODUCED_AT 10
215 #define BASIC_RESPONSE_RESPONSES 11
216 #define BASIC_RESPONSE_EXT_ID 15
217 #define BASIC_RESPONSE_CRITICAL 16
218 #define BASIC_RESPONSE_EXT_VALUE 17
219 #define BASIC_RESPONSE_ALGORITHM 20
220 #define BASIC_RESPONSE_SIGNATURE 21
221 #define BASIC_RESPONSE_CERTIFICATE 24
222 #define BASIC_RESPONSE_ROOF 27
223
224 static const asn1Object_t responsesObjects[] = {
225 { 0, "responses", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
226 { 1, "singleResponse", ASN1_EOC, ASN1_RAW }, /* 1 */
227 { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */
228 };
229
230 #define RESPONSES_SINGLE_RESPONSE 1
231 #define RESPONSES_ROOF 3
232
233 static const asn1Object_t singleResponseObjects[] = {
234 { 0, "singleResponse", ASN1_SEQUENCE, ASN1_BODY }, /* 0 */
235 { 1, "certID", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
236 { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 2 */
237 { 2, "issuerNameHash", ASN1_OCTET_STRING, ASN1_BODY }, /* 3 */
238 { 2, "issuerKeyHash", ASN1_OCTET_STRING, ASN1_BODY }, /* 4 */
239 { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 5 */
240 { 1, "certStatusGood", ASN1_CONTEXT_S_0, ASN1_OPT }, /* 6 */
241 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 7 */
242 { 1, "certStatusRevoked", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 8 */
243 { 2, "revocationTime", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 9 */
244 { 2, "revocationReason", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 10 */
245 { 3, "crlReason", ASN1_ENUMERATED, ASN1_BODY }, /* 11 */
246 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 12 */
247 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 13 */
248 { 1, "certStatusUnknown", ASN1_CONTEXT_S_2, ASN1_OPT }, /* 14 */
249 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 15 */
250 { 1, "thisUpdate", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 16 */
251 { 1, "nextUpdateContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 17 */
252 { 2, "nextUpdate", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 18 */
253 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 19 */
254 { 1, "singleExtensionsContext", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 20 */
255 { 2, "singleExtensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 21 */
256 { 3, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 22 */
257 { 4, "extnID", ASN1_OID, ASN1_BODY }, /* 23 */
258 { 4, "critical", ASN1_BOOLEAN, ASN1_BODY |
259 ASN1_DEF }, /* 24 */
260 { 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 25 */
261 { 2, "end loop", ASN1_EOC, ASN1_END }, /* 26 */
262 { 1, "end opt", ASN1_EOC, ASN1_END } /* 27 */
263 };
264
265 #define SINGLE_RESPONSE_ALGORITHM 2
266 #define SINGLE_RESPONSE_ISSUER_NAME_HASH 3
267 #define SINGLE_RESPONSE_ISSUER_KEY_HASH 4
268 #define SINGLE_RESPONSE_SERIAL_NUMBER 5
269 #define SINGLE_RESPONSE_CERT_STATUS_GOOD 6
270 #define SINGLE_RESPONSE_CERT_STATUS_REVOKED 8
271 #define SINGLE_RESPONSE_CERT_STATUS_REVOCATION_TIME 9
272 #define SINGLE_RESPONSE_CERT_STATUS_CRL_REASON 11
273 #define SINGLE_RESPONSE_CERT_STATUS_UNKNOWN 14
274 #define SINGLE_RESPONSE_THIS_UPDATE 16
275 #define SINGLE_RESPONSE_NEXT_UPDATE 18
276 #define SINGLE_RESPONSE_EXT_ID 23
277 #define SINGLE_RESPONSE_CRITICAL 24
278 #define SINGLE_RESPONSE_EXT_VALUE 25
279 #define SINGLE_RESPONSE_ROOF 28
280
281 /* build an ocsp location from certificate information
282 * without unsharing its contents
283 */
284 static bool
285 build_ocsp_location(const x509cert_t *cert, ocsp_location_t *location)
286 {
287 static u_char digest[SHA1_DIGEST_SIZE]; /* temporary storage */
288
289 location->uri = cert->accessLocation;
290
291 if (location->uri.ptr == NULL)
292 {
293 ca_info_t *ca = get_ca_info(cert->issuer, cert->authKeySerialNumber
294 , cert->authKeyID);
295 if (ca != NULL && ca->ocspuri != NULL)
296 setchunk(location->uri, ca->ocspuri, strlen(ca->ocspuri))
297 else
298 /* abort if no ocsp location uri is defined */
299 return FALSE;
300 }
301
302 setchunk(location->authNameID, digest, SHA1_DIGEST_SIZE);
303 compute_digest(cert->issuer, OID_SHA1, &location->authNameID);
304
305 location->next = NULL;
306 location->issuer = cert->issuer;
307 location->authKeyID = cert->authKeyID;
308 location->authKeySerialNumber = cert->authKeySerialNumber;
309
310 if (cert->authKeyID.ptr == NULL)
311 {
312 x509cert_t *authcert = get_authcert(cert->issuer
313 , cert->authKeySerialNumber, cert->authKeyID, AUTH_CA);
314
315 if (authcert != NULL)
316 {
317 location->authKeyID = authcert->subjectKeyID;
318 location->authKeySerialNumber = authcert->serialNumber;
319 }
320 }
321
322 location->nonce = empty_chunk;
323 location->certinfo = NULL;
324
325 return TRUE;
326 }
327
328 /*
329 * compare two ocsp locations for equality
330 */
331 static bool
332 same_ocsp_location(const ocsp_location_t *a, const ocsp_location_t *b)
333 {
334 return ((a->authKeyID.ptr != NULL)
335 ? same_keyid(a->authKeyID, b->authKeyID)
336 : (same_dn(a->issuer, b->issuer)
337 && same_serial(a->authKeySerialNumber, b->authKeySerialNumber)))
338 && same_chunk(a->uri, b->uri);
339 }
340
341 /*
342 * find an existing ocsp location in a chained list
343 */
344 ocsp_location_t*
345 get_ocsp_location(const ocsp_location_t * loc, ocsp_location_t *chain)
346 {
347
348 while (chain != NULL)
349 {
350 if (same_ocsp_location(loc, chain))
351 return chain;
352 chain = chain->next;
353 }
354 return NULL;
355 }
356
357 /* retrieves the status of a cert from the ocsp cache
358 * returns CERT_UNDEFINED if no status is found
359 */
360 static cert_status_t
361 get_ocsp_status(const ocsp_location_t *loc, chunk_t serialNumber
362 ,time_t *nextUpdate, time_t *revocationTime, crl_reason_t *revocationReason)
363 {
364 ocsp_certinfo_t *certinfo, **certinfop;
365 int cmp = -1;
366
367 /* find location */
368 ocsp_location_t *location = get_ocsp_location(loc, ocsp_cache);
369
370 if (location == NULL)
371 return CERT_UNDEFINED;
372
373 /* traverse list of certinfos in increasing order */
374 certinfop = &location->certinfo;
375 certinfo = *certinfop;
376
377 while (certinfo != NULL)
378 {
379 cmp = cmp_chunk(serialNumber, certinfo->serialNumber);
380 if (cmp <= 0)
381 break;
382 certinfop = &certinfo->next;
383 certinfo = *certinfop;
384 }
385
386 if (cmp == 0)
387 {
388 *nextUpdate = certinfo->nextUpdate;
389 *revocationTime = certinfo->revocationTime;
390 *revocationReason = certinfo->revocationReason;
391 return certinfo->status;
392 }
393
394 return CERT_UNDEFINED;
395 }
396
397 /*
398 * verify the ocsp status of a certificate
399 */
400 cert_status_t
401 verify_by_ocsp(const x509cert_t *cert, time_t *until
402 , time_t *revocationDate, crl_reason_t *revocationReason)
403 {
404 cert_status_t status;
405 ocsp_location_t location;
406 time_t nextUpdate = 0;
407
408 *revocationDate = UNDEFINED_TIME;
409 *revocationReason = REASON_UNSPECIFIED;
410
411 /* is an ocsp location defined? */
412 if (!build_ocsp_location(cert, &location))
413 return CERT_UNDEFINED;
414
415 lock_ocsp_cache("verify_by_ocsp");
416 status = get_ocsp_status(&location, cert->serialNumber, &nextUpdate
417 , revocationDate, revocationReason);
418 unlock_ocsp_cache("verify_by_ocsp");
419
420 if (status == CERT_UNDEFINED || nextUpdate < time(NULL))
421 {
422 plog("ocsp status is stale or not in cache");
423 add_ocsp_fetch_request(&location, cert->serialNumber);
424
425 /* inititate fetching of ocsp status */
426 wake_fetch_thread("verify_by_ocsp");
427 }
428 *until = nextUpdate;
429 return status;
430 }
431
432 /*
433 * check if an ocsp status is about to expire
434 */
435 void
436 check_ocsp(void)
437 {
438 ocsp_location_t *location;
439
440 lock_ocsp_cache("check_ocsp");
441 location = ocsp_cache;
442
443 while (location != NULL)
444 {
445 char buf[BUF_LEN];
446 bool first = TRUE;
447 ocsp_certinfo_t *certinfo = location->certinfo;
448
449 while (certinfo != NULL)
450 {
451 if (!certinfo->once)
452 {
453 time_t time_left = certinfo->nextUpdate - time(NULL);
454
455 DBG(DBG_CONTROL,
456 if (first)
457 {
458 dntoa(buf, BUF_LEN, location->issuer);
459 DBG_log("issuer: '%s'", buf);
460 if (location->authKeyID.ptr != NULL)
461 {
462 datatot(location->authKeyID.ptr, location->authKeyID.len
463 , ':', buf, BUF_LEN);
464 DBG_log("authkey: %s", buf);
465 }
466 first = FALSE;
467 }
468 datatot(certinfo->serialNumber.ptr, certinfo->serialNumber.len
469 , ':', buf, BUF_LEN);
470 DBG_log("serial: %s, %ld seconds left", buf, time_left)
471 )
472
473 if (time_left < 2*crl_check_interval)
474 add_ocsp_fetch_request(location, certinfo->serialNumber);
475 }
476 certinfo = certinfo->next;
477 }
478 location = location->next;
479 }
480 unlock_ocsp_cache("check_ocsp");
481 }
482
483 /*
484 * frees the allocated memory of a certinfo struct
485 */
486 static void
487 free_certinfo(ocsp_certinfo_t *certinfo)
488 {
489 freeanychunk(certinfo->serialNumber);
490 pfree(certinfo);
491 }
492
493 /*
494 * frees all certinfos in a chained list
495 */
496 static void
497 free_certinfos(ocsp_certinfo_t *chain)
498 {
499 ocsp_certinfo_t *certinfo;
500
501 while (chain != NULL)
502 {
503 certinfo = chain;
504 chain = chain->next;
505 free_certinfo(certinfo);
506 }
507 }
508
509 /*
510 * frees the memory allocated to an ocsp location including all certinfos
511 */
512 static void
513 free_ocsp_location(ocsp_location_t* location)
514 {
515 freeanychunk(location->issuer);
516 freeanychunk(location->authNameID);
517 freeanychunk(location->authKeyID);
518 freeanychunk(location->authKeySerialNumber);
519 freeanychunk(location->uri);
520 free_certinfos(location->certinfo);
521 pfree(location);
522 }
523
524 /*
525 * free a chained list of ocsp locations
526 */
527 void
528 free_ocsp_locations(ocsp_location_t **chain)
529 {
530 while (*chain != NULL)
531 {
532 ocsp_location_t *location = *chain;
533 *chain = location->next;
534 free_ocsp_location(location);
535 }
536 }
537
538 /*
539 * free the ocsp cache
540 */
541 void
542 free_ocsp_cache(void)
543 {
544 lock_ocsp_cache("free_ocsp_cache");
545 free_ocsp_locations(&ocsp_cache);
546 unlock_ocsp_cache("free_ocsp_cache");
547 }
548
549 /*
550 * frees the ocsp cache and global variables
551 */
552 void
553 free_ocsp(void)
554 {
555 pfreeany(ocsp_default_uri.ptr);
556 free_ocsp_cache();
557 }
558
559 /*
560 * list a chained list of ocsp_locations
561 */
562 void
563 list_ocsp_locations(ocsp_location_t *location, bool requests, bool utc
564 , bool strict)
565 {
566 bool first = TRUE;
567
568 while (location != NULL)
569 {
570 ocsp_certinfo_t *certinfo = location->certinfo;
571
572 if (certinfo != NULL)
573 {
574 u_char buf[BUF_LEN];
575
576 if (first)
577 {
578 whack_log(RC_COMMENT, " ");
579 whack_log(RC_COMMENT, "List of OCSP %s:", requests?
580 "fetch requests":"responses");
581 first = FALSE;
582 }
583 whack_log(RC_COMMENT, " ");
584 if (location->issuer.ptr != NULL)
585 {
586 dntoa(buf, BUF_LEN, location->issuer);
587 whack_log(RC_COMMENT, " issuer: '%s'", buf);
588 }
589 whack_log(RC_COMMENT, " uri: '%.*s'", (int)location->uri.len
590 , location->uri.ptr);
591 if (location->authNameID.ptr != NULL)
592 {
593 datatot(location->authNameID.ptr, location->authNameID.len, ':'
594 , buf, BUF_LEN);
595 whack_log(RC_COMMENT, " authname: %s", buf);
596 }
597 if (location->authKeyID.ptr != NULL)
598 {
599 datatot(location->authKeyID.ptr, location->authKeyID.len, ':'
600 , buf, BUF_LEN);
601 whack_log(RC_COMMENT, " authkey: %s", buf);
602 }
603 if (location->authKeySerialNumber.ptr != NULL)
604 {
605 datatot(location->authKeySerialNumber.ptr
606 , location->authKeySerialNumber.len, ':', buf, BUF_LEN);
607 whack_log(RC_COMMENT, " aserial: %s", buf);
608 }
609 while (certinfo != NULL)
610 {
611 char thisUpdate[TIMETOA_BUF];
612
613 strcpy(thisUpdate, timetoa(&certinfo->thisUpdate, utc));
614
615 if (requests)
616 {
617 whack_log(RC_COMMENT, "%s, trials: %d", thisUpdate
618 , certinfo->trials);
619 }
620 else if (certinfo->once)
621 {
622 whack_log(RC_COMMENT, "%s, onetime use%s", thisUpdate
623 , (certinfo->nextUpdate < time(NULL))? " (expired)": "");
624 }
625 else
626 {
627 whack_log(RC_COMMENT, "%s, until %s %s", thisUpdate
628 , timetoa(&certinfo->nextUpdate, utc)
629 , check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict));
630 }
631 datatot(certinfo->serialNumber.ptr, certinfo->serialNumber.len, ':'
632 , buf, BUF_LEN);
633 whack_log(RC_COMMENT, " serial: %s, %s", buf
634 , cert_status_names[certinfo->status]);
635 certinfo = certinfo->next;
636 }
637 }
638 location = location->next;
639 }
640 }
641
642 /*
643 * list the ocsp cache
644 */
645 void
646 list_ocsp_cache(bool utc, bool strict)
647 {
648 lock_ocsp_cache("list_ocsp_cache");
649 list_ocsp_locations(ocsp_cache, FALSE, utc, strict);
650 unlock_ocsp_cache("list_ocsp_cache");
651 }
652
653 static bool
654 get_ocsp_requestor_cert(ocsp_location_t *location)
655 {
656 x509cert_t *cert = NULL;
657
658 /* initialize temporary static storage */
659 ocsp_requestor_cert = NULL;
660 ocsp_requestor_sc = NULL;
661 ocsp_requestor_pri = NULL;
662
663 for (;;)
664 {
665 char buf[BUF_LEN];
666
667 /* looking for a certificate from the same issuer */
668 cert = get_x509cert(location->issuer, location->authKeySerialNumber
669 ,location->authKeyID, cert);
670 if (cert == NULL)
671 break;
672
673 DBG(DBG_CONTROL,
674 dntoa(buf, BUF_LEN, cert->subject);
675 DBG_log("candidate: '%s'", buf);
676 )
677
678 if (cert->smartcard)
679 {
680 /* look for a matching private key on a smartcard */
681 smartcard_t *sc = scx_get(cert);
682
683 if (sc != NULL)
684 {
685 DBG(DBG_CONTROL,
686 DBG_log("matching smartcard found")
687 )
688 if (sc->valid)
689 {
690 ocsp_requestor_cert = cert;
691 ocsp_requestor_sc = sc;
692 return TRUE;
693 }
694 plog("unable to sign ocsp request without PIN");
695 }
696 }
697 else
698 {
699 /* look for a matching private key in the chained list */
700 const struct RSA_private_key *pri = get_x509_private_key(cert);
701
702 if (pri != NULL)
703 {
704 DBG(DBG_CONTROL,
705 DBG_log("matching private key found")
706 )
707 ocsp_requestor_cert = cert;
708 ocsp_requestor_pri = pri;
709 return TRUE;
710 }
711 }
712 }
713 return FALSE;
714 }
715
716 static chunk_t
717 generate_signature(chunk_t digest, smartcard_t *sc
718 , const RSA_private_key_t *pri)
719 {
720 chunk_t sigdata;
721 u_char *pos;
722 size_t siglen = 0;
723
724 if (sc != NULL)
725 {
726 /* RSA signature is done on smartcard */
727
728 if (!scx_establish_context(sc) || !scx_login(sc))
729 {
730 scx_release_context(sc);
731 return empty_chunk;
732 }
733
734 siglen = scx_get_keylength(sc);
735
736 if (siglen == 0)
737 {
738 plog("failed to get keylength from smartcard");
739 scx_release_context(sc);
740 return empty_chunk;
741 }
742
743 DBG(DBG_CONTROL | DBG_CRYPT,
744 DBG_log("signing hash with RSA key from smartcard (slot: %d, id: %s)"
745 , (int)sc->slot, sc->id)
746 )
747
748 pos = build_asn1_object(&sigdata, ASN1_BIT_STRING, 1 + siglen);
749 *pos++ = 0x00;
750 scx_sign_hash(sc, digest.ptr, digest.len, pos, siglen);
751 if (!pkcs11_keep_state)
752 scx_release_context(sc);
753 }
754 else
755 {
756 /* RSA signature is done in software */
757 siglen = pri->pub.k;
758 pos = build_asn1_object(&sigdata, ASN1_BIT_STRING, 1 + siglen);
759 *pos++ = 0x00;
760 sign_hash(pri, digest.ptr, digest.len, pos, siglen);
761 }
762 return sigdata;
763 }
764
765 /*
766 * build signature into ocsp request
767 * gets built only if a request cert with
768 * a corresponding private key is found
769 */
770 static chunk_t
771 build_signature(chunk_t tbsRequest)
772 {
773 chunk_t sigdata, certs;
774 chunk_t digest_info;
775
776 u_char digest_buf[MAX_DIGEST_LEN];
777 chunk_t digest_raw = { digest_buf, MAX_DIGEST_LEN };
778
779 if (!compute_digest(tbsRequest, OID_SHA1, &digest_raw))
780 return empty_chunk;
781
782 /* according to PKCS#1 v2.1 digest must be packaged into
783 * an ASN.1 structure for encryption
784 */
785 digest_info = asn1_wrap(ASN1_SEQUENCE, "cm"
786 , ASN1_sha1_id
787 , asn1_simple_object(ASN1_OCTET_STRING, digest_raw));
788
789 /* generate the RSA signature */
790 sigdata = generate_signature(digest_info
791 , ocsp_requestor_sc
792 , ocsp_requestor_pri);
793 freeanychunk(digest_info);
794
795 /* has the RSA signature generation been successful? */
796 if (sigdata.ptr == NULL)
797 return empty_chunk;
798
799 /* include our certificate */
800 certs = asn1_wrap(ASN1_CONTEXT_C_0, "m"
801 , asn1_simple_object(ASN1_SEQUENCE
802 , ocsp_requestor_cert->certificate
803 )
804 );
805
806 /* build signature comprising algorithm, signature and cert */
807 return asn1_wrap(ASN1_CONTEXT_C_0, "m"
808 , asn1_wrap(ASN1_SEQUENCE, "cmm"
809 , ASN1_sha1WithRSA_id
810 , sigdata
811 , certs
812 )
813 );
814 }
815
816 /* build request (into requestList)
817 * no singleRequestExtensions used
818 */
819 static chunk_t
820 build_request(ocsp_location_t *location, ocsp_certinfo_t *certinfo)
821 {
822 chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "cmmm"
823 , ASN1_sha1_id
824 , asn1_simple_object(ASN1_OCTET_STRING, location->authNameID)
825 , asn1_simple_object(ASN1_OCTET_STRING, location->authKeyID)
826 , asn1_simple_object(ASN1_INTEGER, certinfo->serialNumber));
827
828 return asn1_wrap(ASN1_SEQUENCE, "m", reqCert);
829 }
830
831 /*
832 * build requestList (into TBSRequest)
833 */
834 static chunk_t
835 build_request_list(ocsp_location_t *location)
836 {
837 chunk_t requestList;
838 request_list_t *reqs = NULL;
839 ocsp_certinfo_t *certinfo = location->certinfo;
840 u_char *pos;
841
842 size_t datalen = 0;
843
844 /* build content */
845 while (certinfo != NULL)
846 {
847 /* build request for every certificate in list
848 * and store them in a chained list
849 */
850 request_list_t *req = alloc_thing(request_list_t, "ocsp request");
851
852 req->request = build_request(location, certinfo);
853 req->next = reqs;
854 reqs = req;
855
856 datalen += req->request.len;
857 certinfo = certinfo->next;
858 }
859
860 pos = build_asn1_object(&requestList, ASN1_SEQUENCE
861 , datalen);
862
863 /* copy all in chained list, free list afterwards */
864 while (reqs != NULL)
865 {
866 request_list_t *req = reqs;
867
868 mv_chunk(&pos, req->request);
869 reqs = reqs->next;
870 pfree(req);
871 }
872
873 return requestList;
874 }
875
876 /*
877 * build requestorName (into TBSRequest)
878 */
879 static chunk_t
880 build_requestor_name(void)
881 {
882 return asn1_wrap(ASN1_CONTEXT_C_1, "m"
883 , asn1_simple_object(ASN1_CONTEXT_C_4
884 , ocsp_requestor_cert->subject));
885 }
886
887 /*
888 * build nonce extension (into requestExtensions)
889 */
890 static chunk_t
891 build_nonce_extension(ocsp_location_t *location)
892 {
893 /* generate a random nonce */
894 location->nonce.ptr = alloc_bytes(NONCE_LENGTH, "ocsp nonce"),
895 location->nonce.len = NONCE_LENGTH;
896 get_rnd_bytes(location->nonce.ptr, NONCE_LENGTH);
897
898 return asn1_wrap(ASN1_SEQUENCE, "cm"
899 , ASN1_nonce_oid
900 , asn1_simple_object(ASN1_OCTET_STRING, location->nonce));
901 }
902
903 /*
904 * build requestExtensions (into TBSRequest)
905 */
906 static chunk_t
907 build_request_ext(ocsp_location_t *location)
908 {
909 return asn1_wrap(ASN1_CONTEXT_C_2, "m"
910 , asn1_wrap(ASN1_SEQUENCE, "mm"
911 , build_nonce_extension(location)
912 , asn1_wrap(ASN1_SEQUENCE, "cc"
913 , ASN1_response_oid
914 , ASN1_response_content
915 )
916 )
917 );
918 }
919
920 /*
921 * build TBSRequest (into OCSPRequest)
922 */
923 static chunk_t
924 build_tbs_request(ocsp_location_t *location, bool has_requestor_cert)
925 {
926 /* version is skipped since the default is ok */
927 return asn1_wrap(ASN1_SEQUENCE, "mmm"
928 , (has_requestor_cert)
929 ? build_requestor_name()
930 : empty_chunk
931 , build_request_list(location)
932 , build_request_ext(location));
933 }
934
935 /* assembles an ocsp request to given location
936 * and sets nonce field in location to the sent nonce
937 */
938 chunk_t
939 build_ocsp_request(ocsp_location_t *location)
940 {
941 bool has_requestor_cert;
942 chunk_t tbsRequest, signature;
943 char buf[BUF_LEN];
944
945 DBG(DBG_CONTROL,
946 DBG_log("assembling ocsp request");
947 dntoa(buf, BUF_LEN, location->issuer);
948 DBG_log("issuer: '%s'", buf);
949 if (location->authKeyID.ptr != NULL)
950 {
951 datatot(location->authKeyID.ptr, location->authKeyID.len, ':'
952 , buf, BUF_LEN);
953 DBG_log("authkey: %s", buf);
954 }
955 )
956 lock_certs_and_keys("build_ocsp_request");
957
958 /* looks for requestor cert and matching private key */
959 has_requestor_cert = get_ocsp_requestor_cert(location);
960
961 /* build content */
962 tbsRequest = build_tbs_request(location, has_requestor_cert);
963
964 /* sign tbsReuqest */
965 signature = (has_requestor_cert)? build_signature(tbsRequest)
966 : empty_chunk;
967
968 unlock_certs_and_keys("build_ocsp_request");
969
970 return asn1_wrap(ASN1_SEQUENCE, "mm"
971 , tbsRequest
972 , signature);
973 }
974
975 /*
976 * check if the OCSP response has a valid signature
977 */
978 static bool
979 valid_ocsp_response(response_t *res)
980 {
981 int pathlen;
982 x509cert_t *authcert;
983
984 lock_authcert_list("valid_ocsp_response");
985
986 authcert = get_authcert(res->responder_id_name, empty_chunk
987 , res->responder_id_key, AUTH_OCSP | AUTH_CA);
988
989 if (authcert == NULL)
990 {
991 plog("no matching ocsp signer cert found");
992 unlock_authcert_list("valid_ocsp_response");
993 return FALSE;
994 }
995 DBG(DBG_CONTROL,
996 DBG_log("ocsp signer cert found")
997 )
998
999 if (!check_signature(res->tbs, res->signature, res->algorithm
1000 , res->algorithm, authcert))
1001 {
1002 plog("signature of ocsp response is invalid");
1003 unlock_authcert_list("valid_ocsp_response");
1004 return FALSE;
1005 }
1006 DBG(DBG_CONTROL,
1007 DBG_log("signature of ocsp response is valid")
1008 )
1009
1010
1011 for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
1012 {
1013 u_char buf[BUF_LEN];
1014 err_t ugh = NULL;
1015 time_t until;
1016
1017 x509cert_t *cert = authcert;
1018
1019 DBG(DBG_CONTROL,
1020 dntoa(buf, BUF_LEN, cert->subject);
1021 DBG_log("subject: '%s'",buf);
1022 dntoa(buf, BUF_LEN, cert->issuer);
1023 DBG_log("issuer: '%s'",buf);
1024 if (cert->authKeyID.ptr != NULL)
1025 {
1026 datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':'
1027 , buf, BUF_LEN);
1028 DBG_log("authkey: %s", buf);
1029 }
1030 )
1031
1032 ugh = check_validity(authcert, &until);
1033
1034 if (ugh != NULL)
1035 {
1036 plog("%s", ugh);
1037 unlock_authcert_list("valid_ocsp_response");
1038 return FALSE;
1039 }
1040
1041 DBG(DBG_CONTROL,
1042 DBG_log("certificate is valid")
1043 )
1044
1045 authcert = get_authcert(cert->issuer, cert->authKeySerialNumber
1046 , cert->authKeyID, AUTH_CA);
1047
1048 if (authcert == NULL)
1049 {
1050 plog("issuer cacert not found");
1051 unlock_authcert_list("valid_ocsp_response");
1052 return FALSE;
1053 }
1054 DBG(DBG_CONTROL,
1055 DBG_log("issuer cacert found")
1056 )
1057
1058 if (!check_signature(cert->tbsCertificate, cert->signature
1059 , cert->algorithm, cert->algorithm, authcert))
1060 {
1061 plog("certificate signature is invalid");
1062 unlock_authcert_list("valid_ocsp_response");
1063 return FALSE;
1064 }
1065 DBG(DBG_CONTROL,
1066 DBG_log("certificate signature is valid")
1067 )
1068
1069 /* check if cert is self-signed */
1070 if (same_dn(cert->issuer, cert->subject))
1071 {
1072 DBG(DBG_CONTROL,
1073 DBG_log("reached self-signed root ca")
1074 )
1075 unlock_authcert_list("valid_ocsp_response");
1076 return TRUE;
1077 }
1078 }
1079 plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
1080 unlock_authcert_list("valid_ocsp_response");
1081 return FALSE;
1082 }
1083
1084 /*
1085 * parse a basic OCSP response
1086 */
1087 static bool
1088 parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res)
1089 {
1090 asn1_ctx_t ctx;
1091 bool critical;
1092 chunk_t object;
1093 u_int level, version;
1094 u_char buf[BUF_LEN];
1095 int objectID = 0;
1096 int extn_oid = OID_UNKNOWN;
1097
1098 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1099
1100 while (objectID < BASIC_RESPONSE_ROOF)
1101 {
1102 if (!extract_object(basicResponseObjects, &objectID, &object, &level, &ctx))
1103 return FALSE;
1104
1105 switch (objectID)
1106 {
1107 case BASIC_RESPONSE_TBS_DATA:
1108 res->tbs = object;
1109 break;
1110 case BASIC_RESPONSE_VERSION:
1111 version = (object.len)? (1 + (u_int)*object.ptr) : 1;
1112 if (version != OCSP_BASIC_RESPONSE_VERSION)
1113 {
1114 plog("wrong ocsp basic response version (version= %i)", version);
1115 return FALSE;
1116 }
1117 break;
1118 case BASIC_RESPONSE_ID_BY_NAME:
1119 res->responder_id_name = object;
1120 DBG(DBG_PARSING,
1121 dntoa(buf, BUF_LEN, object);
1122 DBG_log(" '%s'",buf)
1123 )
1124 break;
1125 case BASIC_RESPONSE_ID_BY_KEY:
1126 res->responder_id_key = object;
1127 break;
1128 case BASIC_RESPONSE_PRODUCED_AT:
1129 res->produced_at = asn1totime(&object, ASN1_GENERALIZEDTIME);
1130 break;
1131 case BASIC_RESPONSE_RESPONSES:
1132 res->responses = object;
1133 break;
1134 case BASIC_RESPONSE_EXT_ID:
1135 extn_oid = known_oid(object);
1136 break;
1137 case BASIC_RESPONSE_CRITICAL:
1138 critical = object.len && *object.ptr;
1139 DBG(DBG_PARSING,
1140 DBG_log(" %s",(critical)?"TRUE":"FALSE");
1141 )
1142 break;
1143 case BASIC_RESPONSE_EXT_VALUE:
1144 if (extn_oid == OID_NONCE)
1145 res->nonce = object;
1146 break;
1147 case BASIC_RESPONSE_ALGORITHM:
1148 res->algorithm = parse_algorithmIdentifier(object, level+1, NULL);
1149 break;
1150 case BASIC_RESPONSE_SIGNATURE:
1151 res->signature = object;
1152 break;
1153 case BASIC_RESPONSE_CERTIFICATE:
1154 {
1155 chunk_t blob;
1156 x509cert_t *cert = alloc_thing(x509cert_t, "ocspcert");
1157
1158 clonetochunk(blob, object.ptr, object.len, "ocspcert blob");
1159 *cert = empty_x509cert;
1160
1161 if (parse_x509cert(blob, level+1, cert)
1162 && cert->isOcspSigner
1163 && trust_authcert_candidate(cert, NULL))
1164 {
1165 add_authcert(cert, AUTH_OCSP);
1166 }
1167 else
1168 {
1169 DBG(DBG_CONTROL | DBG_PARSING,
1170 DBG_log("embedded ocsp certificate rejected")
1171 )
1172 free_x509cert(cert);
1173 }
1174 }
1175 break;
1176 }
1177 objectID++;
1178 }
1179 return TRUE;
1180 }
1181
1182
1183 /*
1184 * parse an ocsp response and return the result as a response_t struct
1185 */
1186 static response_status
1187 parse_ocsp_response(chunk_t blob, response_t * res)
1188 {
1189 asn1_ctx_t ctx;
1190 chunk_t object;
1191 u_int level;
1192 int objectID = 0;
1193 int ocspResponseType = OID_UNKNOWN;
1194 response_status rStatus = STATUS_INTERNALERROR;
1195
1196 asn1_init(&ctx, blob, 0, FALSE, DBG_RAW);
1197
1198 while (objectID < OCSP_RESPONSE_ROOF)
1199 {
1200 if (!extract_object(ocspResponseObjects, &objectID, &object, &level, &ctx))
1201 return STATUS_INTERNALERROR;
1202
1203 switch (objectID) {
1204 case OCSP_RESPONSE_STATUS:
1205 rStatus = (response_status) *object.ptr;
1206
1207 switch (rStatus)
1208 {
1209 case STATUS_SUCCESSFUL:
1210 break;
1211 case STATUS_MALFORMEDREQUEST:
1212 case STATUS_INTERNALERROR:
1213 case STATUS_TRYLATER:
1214 case STATUS_SIGREQUIRED:
1215 case STATUS_UNAUTHORIZED:
1216 plog("ocsp response: server said '%s'"
1217 , response_status_names[rStatus]);
1218 return rStatus;
1219 default:
1220 return STATUS_INTERNALERROR;
1221 }
1222 break;
1223 case OCSP_RESPONSE_TYPE:
1224 ocspResponseType = known_oid(object);
1225 break;
1226 case OCSP_RESPONSE:
1227 {
1228 switch (ocspResponseType) {
1229 case OID_BASIC:
1230 if (!parse_basic_ocsp_response(object, level+1, res))
1231 return STATUS_INTERNALERROR;
1232 break;
1233 default:
1234 DBG(DBG_CONTROL,
1235 DBG_log("ocsp response is not of type BASIC");
1236 DBG_dump_chunk("ocsp response OID: ", object);
1237 )
1238 return STATUS_INTERNALERROR;
1239 }
1240 }
1241 break;
1242 }
1243 objectID++;
1244 }
1245 return rStatus;
1246 }
1247
1248 /*
1249 * parse a basic OCSP response
1250 */
1251 static bool
1252 parse_ocsp_single_response(chunk_t blob, int level0, single_response_t *sres)
1253 {
1254 u_int level, extn_oid;
1255 asn1_ctx_t ctx;
1256 bool critical;
1257 chunk_t object;
1258 int objectID = 0;
1259
1260 asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
1261
1262 while (objectID < SINGLE_RESPONSE_ROOF)
1263 {
1264 if (!extract_object(singleResponseObjects, &objectID, &object, &level, &ctx))
1265 return FALSE;
1266
1267 switch (objectID)
1268 {
1269 case SINGLE_RESPONSE_ALGORITHM:
1270 sres->hash_algorithm = parse_algorithmIdentifier(object, level+1, NULL);
1271 break;
1272 case SINGLE_RESPONSE_ISSUER_NAME_HASH:
1273 sres->issuer_name_hash = object;
1274 break;
1275 case SINGLE_RESPONSE_ISSUER_KEY_HASH:
1276 sres->issuer_key_hash = object;
1277 break;
1278 case SINGLE_RESPONSE_SERIAL_NUMBER:
1279 sres->serialNumber = object;
1280 break;
1281 case SINGLE_RESPONSE_CERT_STATUS_GOOD:
1282 sres->status = CERT_GOOD;
1283 break;
1284 case SINGLE_RESPONSE_CERT_STATUS_REVOKED:
1285 sres->status = CERT_REVOKED;
1286 break;
1287 case SINGLE_RESPONSE_CERT_STATUS_REVOCATION_TIME:
1288 sres->revocationTime = asn1totime(&object, ASN1_GENERALIZEDTIME);
1289 break;
1290 case SINGLE_RESPONSE_CERT_STATUS_CRL_REASON:
1291 sres->revocationReason = (object.len == 1)
1292 ? *object.ptr : REASON_UNSPECIFIED;
1293 break;
1294 case SINGLE_RESPONSE_CERT_STATUS_UNKNOWN:
1295 sres->status = CERT_UNKNOWN;
1296 break;
1297 case SINGLE_RESPONSE_THIS_UPDATE:
1298 sres->thisUpdate = asn1totime(&object, ASN1_GENERALIZEDTIME);
1299 break;
1300 case SINGLE_RESPONSE_NEXT_UPDATE:
1301 sres->nextUpdate = asn1totime(&object, ASN1_GENERALIZEDTIME);
1302 break;
1303 case SINGLE_RESPONSE_EXT_ID:
1304 extn_oid = known_oid(object);
1305 break;
1306 case SINGLE_RESPONSE_CRITICAL:
1307 critical = object.len && *object.ptr;
1308 DBG(DBG_PARSING,
1309 DBG_log(" %s",(critical)?"TRUE":"FALSE");
1310 )
1311 case SINGLE_RESPONSE_EXT_VALUE:
1312 break;
1313 }
1314 objectID++;
1315 }
1316 return TRUE;
1317 }
1318
1319 /*
1320 * add an ocsp location to a chained list
1321 */
1322 ocsp_location_t*
1323 add_ocsp_location(const ocsp_location_t *loc, ocsp_location_t **chain)
1324 {
1325 ocsp_location_t *location = alloc_thing(ocsp_location_t, "ocsp location");
1326
1327 /* unshare location fields */
1328 clonetochunk(location->issuer
1329 , loc->issuer.ptr, loc->issuer.len
1330 , "ocsp issuer");
1331
1332 clonetochunk(location->authNameID
1333 , loc->authNameID.ptr, loc->authNameID.len
1334 , "ocsp authNameID");
1335
1336 if (loc->authKeyID.ptr == NULL)
1337 location->authKeyID = empty_chunk;
1338 else
1339 clonetochunk(location->authKeyID
1340 , loc->authKeyID.ptr, loc->authKeyID.len
1341 , "ocsp authKeyID");
1342
1343 if (loc->authKeySerialNumber.ptr == NULL)
1344 location->authKeySerialNumber = empty_chunk;
1345 else
1346 clonetochunk(location->authKeySerialNumber
1347 , loc->authKeySerialNumber.ptr, loc->authKeySerialNumber.len
1348 , "ocsp authKeySerialNumber");
1349
1350 clonetochunk(location->uri
1351 , loc->uri.ptr, loc->uri.len
1352 , "ocsp uri");
1353
1354 location->certinfo = NULL;
1355
1356 /* insert new ocsp location in front of chain */
1357 location->next = *chain;
1358 *chain = location;
1359
1360 DBG(DBG_CONTROL,
1361 DBG_log("new ocsp location added")
1362 )
1363
1364 return location;
1365 }
1366
1367 /*
1368 * add a certinfo struct to a chained list
1369 */
1370 void
1371 add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chain
1372 , bool request)
1373 {
1374 ocsp_location_t *location;
1375 ocsp_certinfo_t *certinfo, **certinfop;
1376 char buf[BUF_LEN];
1377 time_t now;
1378 int cmp = -1;
1379
1380 location = get_ocsp_location(loc, *chain);
1381 if (location == NULL)
1382 location = add_ocsp_location(loc, chain);
1383
1384 /* traverse list of certinfos in increasing order */
1385 certinfop = &location->certinfo;
1386 certinfo = *certinfop;
1387
1388 while (certinfo != NULL)
1389 {
1390 cmp = cmp_chunk(info->serialNumber, certinfo->serialNumber);
1391 if (cmp <= 0)
1392 break;
1393 certinfop = &certinfo->next;
1394 certinfo = *certinfop;
1395 }
1396
1397 if (cmp != 0)
1398 {
1399 /* add a new certinfo entry */
1400 ocsp_certinfo_t *cnew = alloc_thing(ocsp_certinfo_t, "ocsp certinfo");
1401 clonetochunk(cnew->serialNumber, info->serialNumber.ptr
1402 , info->serialNumber.len, "serialNumber");
1403 cnew->next = certinfo;
1404 *certinfop = cnew;
1405 certinfo = cnew;
1406 }
1407
1408 DBG(DBG_CONTROL,
1409 datatot(info->serialNumber.ptr, info->serialNumber.len, ':'
1410 , buf, BUF_LEN);
1411 DBG_log("ocsp %s for serial %s %s"
1412 , request?"fetch request":"certinfo"
1413 , buf
1414 , (cmp == 0)? (request?"already exists":"updated"):"added")
1415 )
1416
1417 time(&now);
1418
1419 if (request)
1420 {
1421 certinfo->status = CERT_UNDEFINED;
1422
1423 if (cmp != 0)
1424 certinfo->thisUpdate = now;
1425
1426 certinfo->nextUpdate = UNDEFINED_TIME;
1427 }
1428 else
1429 {
1430 certinfo->status = info->status;
1431 certinfo->revocationTime = info->revocationTime;
1432 certinfo->revocationReason = info->revocationReason;
1433
1434 certinfo->thisUpdate = (info->thisUpdate != UNDEFINED_TIME)?
1435 info->thisUpdate : now;
1436
1437 certinfo->once = (info->nextUpdate == UNDEFINED_TIME);
1438
1439 certinfo->nextUpdate = (certinfo->once)?
1440 (now + OCSP_DEFAULT_VALID_TIME) : info->nextUpdate;
1441 }
1442 }
1443
1444 /*
1445 * process received ocsp single response and add it to ocsp cache
1446 */
1447 static void
1448 process_single_response(ocsp_location_t *location, single_response_t *sres)
1449 {
1450 ocsp_certinfo_t *certinfo, **certinfop;
1451 int cmp = -1;
1452
1453 if (sres->hash_algorithm != OID_SHA1)
1454 {
1455 plog("only SHA-1 hash supported in OCSP single response");
1456 return;
1457 }
1458 if (!(same_chunk(sres->issuer_name_hash, location->authNameID)
1459 && same_chunk(sres->issuer_key_hash, location->authKeyID)))
1460 {
1461 plog("ocsp single response has wrong issuer");
1462 return;
1463 }
1464
1465 /* traverse list of certinfos in increasing order */
1466 certinfop = &location->certinfo;
1467 certinfo = *certinfop;
1468
1469 while (certinfo != NULL)
1470 {
1471 cmp = cmp_chunk(sres->serialNumber, certinfo->serialNumber);
1472 if (cmp <= 0)
1473 break;
1474 certinfop = &certinfo->next;
1475 certinfo = *certinfop;
1476 }
1477
1478 if (cmp != 0)
1479 {
1480 plog("received unrequested cert status from ocsp server");
1481 return;
1482 }
1483
1484 /* unlink cert from ocsp fetch request list */
1485 *certinfop = certinfo->next;
1486
1487 /* update certinfo using the single response information */
1488 certinfo->thisUpdate = sres->thisUpdate;
1489 certinfo->nextUpdate = sres->nextUpdate;
1490 certinfo->status = sres->status;
1491 certinfo->revocationTime = sres->revocationTime;
1492 certinfo->revocationReason = sres->revocationReason;
1493
1494 /* add or update certinfo in ocsp cache */
1495 lock_ocsp_cache("process_single_response");
1496 add_certinfo(location, certinfo, &ocsp_cache, FALSE);
1497 unlock_ocsp_cache("process_single_response");
1498
1499 /* free certinfo unlinked from ocsp fetch request list */
1500 free_certinfo(certinfo);
1501
1502 }
1503
1504 /*
1505 * parse and verify ocsp response and update the ocsp cache
1506 */
1507 void
1508 parse_ocsp(ocsp_location_t *location, chunk_t blob)
1509 {
1510 response_t res = empty_response;
1511
1512 /* parse the ocsp response without looking at the single responses yet */
1513 response_status status = parse_ocsp_response(blob, &res);
1514
1515 if (status != STATUS_SUCCESSFUL)
1516 {
1517 plog("error in ocsp response");
1518 return;
1519 }
1520 /* check if there was a nonce in the request */
1521 if (location->nonce.ptr != NULL && res.nonce.ptr == NULL)
1522 {
1523 plog("ocsp response contains no nonce, replay attack possible");
1524 }
1525 /* check if the nonce is identical */
1526 if (res.nonce.ptr != NULL && !same_chunk(res.nonce, location->nonce))
1527 {
1528 plog("invalid nonce in ocsp response");
1529 return;
1530 }
1531 /* check if the response is signed by a trusted key */
1532 if (!valid_ocsp_response(&res))
1533 {
1534 plog("invalid ocsp response");
1535 return;
1536 }
1537 DBG(DBG_CONTROL,
1538 DBG_log("valid ocsp response")
1539 )
1540
1541 /* now parse the single responses one at a time */
1542 {
1543 u_int level;
1544 asn1_ctx_t ctx;
1545 chunk_t object;
1546 int objectID = 0;
1547
1548 asn1_init(&ctx, res.responses, 0, FALSE, DBG_RAW);
1549
1550 while (objectID < RESPONSES_ROOF)
1551 {
1552 if (!extract_object(responsesObjects, &objectID, &object, &level, &ctx))
1553 return;
1554
1555 if (objectID == RESPONSES_SINGLE_RESPONSE)
1556 {
1557 single_response_t sres = empty_single_response;
1558
1559 if (parse_ocsp_single_response(object, level+1, &sres))
1560 {
1561 process_single_response(location, &sres);
1562 }
1563 }
1564 objectID++;
1565 }
1566 }
1567 }
strongSwan - IPsec VPN