2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * @page page_revoke Revocation methods
37 * There are two revocation method for PKIX/X.509: CRL and OCSP.
38 * Revocation is needed if the private key is lost and
39 * stolen. Depending on how picky you are, you might want to make
40 * revocation for destroyed private keys too (smartcard broken), but
41 * that should not be a problem.
43 * CRL is a list of certifiates that have expired.
45 * OCSP is an online checking method where the requestor sends a list
46 * of certificates to the OCSP server to return a signed reply if they
47 * are valid or not. Some services sends a OCSP reply as part of the
48 * hand-shake to make the revoktion decision simpler/faster for the
57 CRLCertificateList crl
;
65 OCSPBasicOCSPResponse ocsp
;
71 struct hx509_revoke_ctx_data
{
74 struct revoke_crl
*val
;
78 struct revoke_ocsp
*val
;
84 * Allocate a revokation context. Free with hx509_revoke_free().
86 * @param context A hx509 context.
87 * @param ctx returns a newly allocated revokation context.
89 * @return An hx509 error code, see hx509_get_error_string().
91 * @ingroup hx509_revoke
95 hx509_revoke_init(hx509_context context
, hx509_revoke_ctx
*ctx
)
97 *ctx
= calloc(1, sizeof(**ctx
));
102 (*ctx
)->crls
.len
= 0;
103 (*ctx
)->crls
.val
= NULL
;
104 (*ctx
)->ocsps
.len
= 0;
105 (*ctx
)->ocsps
.val
= NULL
;
111 _hx509_revoke_ref(hx509_revoke_ctx ctx
)
116 _hx509_abort("revoke ctx refcount == 0 on ref");
118 if (ctx
->ref
== UINT_MAX
)
119 _hx509_abort("revoke ctx refcount == UINT_MAX on ref");
124 free_ocsp(struct revoke_ocsp
*ocsp
)
127 free_OCSPBasicOCSPResponse(&ocsp
->ocsp
);
128 hx509_certs_free(&ocsp
->certs
);
129 hx509_cert_free(ocsp
->signer
);
133 * Free a hx509 revokation context.
135 * @param ctx context to be freed
137 * @ingroup hx509_revoke
141 hx509_revoke_free(hx509_revoke_ctx
*ctx
)
145 if (ctx
== NULL
|| *ctx
== NULL
)
148 if ((*ctx
)->ref
== 0)
149 _hx509_abort("revoke ctx refcount == 0 on free");
150 if (--(*ctx
)->ref
> 0)
153 for (i
= 0; i
< (*ctx
)->crls
.len
; i
++) {
154 free((*ctx
)->crls
.val
[i
].path
);
155 free_CRLCertificateList(&(*ctx
)->crls
.val
[i
].crl
);
158 for (i
= 0; i
< (*ctx
)->ocsps
.len
; i
++)
159 free_ocsp(&(*ctx
)->ocsps
.val
[i
]);
160 free((*ctx
)->ocsps
.val
);
162 free((*ctx
)->crls
.val
);
164 memset(*ctx
, 0, sizeof(**ctx
));
170 verify_ocsp(hx509_context context
,
171 struct revoke_ocsp
*ocsp
,
176 hx509_cert signer
= NULL
;
180 _hx509_query_clear(&q
);
183 * Need to match on issuer too in case there are two CA that have
184 * issued the same name to a certificate. One example of this is
185 * the www.openvalidation.org test's ocsp validator.
188 q
.match
= HX509_QUERY_MATCH_ISSUER_NAME
;
189 q
.issuer_name
= &_hx509_get_cert(parent
)->tbsCertificate
.issuer
;
191 switch(ocsp
->ocsp
.tbsResponseData
.responderID
.element
) {
192 case choice_OCSPResponderID_byName
:
193 q
.match
|= HX509_QUERY_MATCH_SUBJECT_NAME
;
194 q
.subject_name
= &ocsp
->ocsp
.tbsResponseData
.responderID
.u
.byName
;
196 case choice_OCSPResponderID_byKey
:
197 q
.match
|= HX509_QUERY_MATCH_KEY_HASH_SHA1
;
198 q
.keyhash_sha1
= &ocsp
->ocsp
.tbsResponseData
.responderID
.u
.byKey
;
202 ret
= hx509_certs_find(context
, certs
, &q
, &signer
);
203 if (ret
&& ocsp
->certs
)
204 ret
= hx509_certs_find(context
, ocsp
->certs
, &q
, &signer
);
209 * If signer certificate isn't the CA certificate, lets check the
210 * it is the CA that signed the signer certificate and the OCSP EKU
213 if (hx509_cert_cmp(signer
, parent
) != 0) {
214 Certificate
*p
= _hx509_get_cert(parent
);
215 Certificate
*s
= _hx509_get_cert(signer
);
217 ret
= _hx509_cert_is_parent_cmp(s
, p
, 0);
219 ret
= HX509_PARENT_NOT_CA
;
220 hx509_set_error_string(context
, 0, ret
, "Revoke OCSP signer is "
221 "doesn't have CA as signer certificate");
225 ret
= _hx509_verify_signature_bitstring(context
,
227 &s
->signatureAlgorithm
,
228 &s
->tbsCertificate
._save
,
231 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
232 "OCSP signer signature invalid");
236 ret
= hx509_cert_check_eku(context
, signer
,
237 &asn1_oid_id_pkix_kp_OCSPSigning
, 0);
242 ret
= _hx509_verify_signature_bitstring(context
,
244 &ocsp
->ocsp
.signatureAlgorithm
,
245 &ocsp
->ocsp
.tbsResponseData
._save
,
246 &ocsp
->ocsp
.signature
);
248 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
249 "OCSP signature invalid");
253 ocsp
->signer
= signer
;
257 hx509_cert_free(signer
);
267 parse_ocsp_basic(const void *data
, size_t length
, OCSPBasicOCSPResponse
*basic
)
273 memset(basic
, 0, sizeof(*basic
));
275 ret
= decode_OCSPResponse(data
, length
, &resp
, &size
);
278 if (length
!= size
) {
279 free_OCSPResponse(&resp
);
280 return ASN1_EXTRA_DATA
;
283 switch (resp
.responseStatus
) {
287 free_OCSPResponse(&resp
);
288 return HX509_REVOKE_WRONG_DATA
;
291 if (resp
.responseBytes
== NULL
) {
292 free_OCSPResponse(&resp
);
296 ret
= der_heim_oid_cmp(&resp
.responseBytes
->responseType
,
297 &asn1_oid_id_pkix_ocsp_basic
);
299 free_OCSPResponse(&resp
);
300 return HX509_REVOKE_WRONG_DATA
;
303 ret
= decode_OCSPBasicOCSPResponse(resp
.responseBytes
->response
.data
,
304 resp
.responseBytes
->response
.length
,
308 free_OCSPResponse(&resp
);
311 if (size
!= resp
.responseBytes
->response
.length
) {
312 free_OCSPResponse(&resp
);
313 free_OCSPBasicOCSPResponse(basic
);
314 return ASN1_EXTRA_DATA
;
316 free_OCSPResponse(&resp
);
326 load_ocsp(hx509_context context
, struct revoke_ocsp
*ocsp
)
328 OCSPBasicOCSPResponse basic
;
329 hx509_certs certs
= NULL
;
335 ret
= rk_undumpdata(ocsp
->path
, &data
, &length
);
339 ret
= stat(ocsp
->path
, &sb
);
343 ret
= parse_ocsp_basic(data
, length
, &basic
);
346 hx509_set_error_string(context
, 0, ret
,
347 "Failed to parse OCSP response");
354 ret
= hx509_certs_init(context
, "MEMORY:ocsp-certs", 0,
357 free_OCSPBasicOCSPResponse(&basic
);
361 for (i
= 0; i
< basic
.certs
->len
; i
++) {
364 c
= hx509_cert_init(context
, &basic
.certs
->val
[i
], NULL
);
368 ret
= hx509_certs_add(context
, certs
, c
);
375 ocsp
->last_modfied
= sb
.st_mtime
;
377 free_OCSPBasicOCSPResponse(&ocsp
->ocsp
);
378 hx509_certs_free(&ocsp
->certs
);
379 hx509_cert_free(ocsp
->signer
);
389 * Add a OCSP file to the revokation context.
391 * @param context hx509 context
392 * @param ctx hx509 revokation context
393 * @param path path to file that is going to be added to the context.
395 * @return An hx509 error code, see hx509_get_error_string().
397 * @ingroup hx509_revoke
401 hx509_revoke_add_ocsp(hx509_context context
,
402 hx509_revoke_ctx ctx
,
409 if (strncmp(path
, "FILE:", 5) != 0) {
410 hx509_set_error_string(context
, 0, HX509_UNSUPPORTED_OPERATION
,
411 "unsupport type in %s", path
);
412 return HX509_UNSUPPORTED_OPERATION
;
417 for (i
= 0; i
< ctx
->ocsps
.len
; i
++) {
418 if (strcmp(ctx
->ocsps
.val
[0].path
, path
) == 0)
422 data
= realloc(ctx
->ocsps
.val
,
423 (ctx
->ocsps
.len
+ 1) * sizeof(ctx
->ocsps
.val
[0]));
425 hx509_clear_error_string(context
);
429 ctx
->ocsps
.val
= data
;
431 memset(&ctx
->ocsps
.val
[ctx
->ocsps
.len
], 0,
432 sizeof(ctx
->ocsps
.val
[0]));
434 ctx
->ocsps
.val
[ctx
->ocsps
.len
].path
= strdup(path
);
435 if (ctx
->ocsps
.val
[ctx
->ocsps
.len
].path
== NULL
) {
436 hx509_clear_error_string(context
);
440 ret
= load_ocsp(context
, &ctx
->ocsps
.val
[ctx
->ocsps
.len
]);
442 free(ctx
->ocsps
.val
[ctx
->ocsps
.len
].path
);
455 verify_crl(hx509_context context
,
456 hx509_revoke_ctx ctx
,
457 CRLCertificateList
*crl
,
467 t
= _hx509_Time2time_t(&crl
->tbsCertList
.thisUpdate
);
469 hx509_set_error_string(context
, 0, HX509_CRL_USED_BEFORE_TIME
,
470 "CRL used before time");
471 return HX509_CRL_USED_BEFORE_TIME
;
474 if (crl
->tbsCertList
.nextUpdate
== NULL
) {
475 hx509_set_error_string(context
, 0, HX509_CRL_INVALID_FORMAT
,
476 "CRL missing nextUpdate");
477 return HX509_CRL_INVALID_FORMAT
;
480 t
= _hx509_Time2time_t(crl
->tbsCertList
.nextUpdate
);
482 hx509_set_error_string(context
, 0, HX509_CRL_USED_AFTER_TIME
,
483 "CRL used after time");
484 return HX509_CRL_USED_AFTER_TIME
;
487 _hx509_query_clear(&q
);
490 * If it's the signer have CRLSIGN bit set, use that as the signer
491 * cert for the certificate, otherwise, search for a certificate.
493 if (_hx509_check_key_usage(context
, parent
, 1 << 6, FALSE
) == 0) {
494 signer
= hx509_cert_ref(parent
);
496 q
.match
= HX509_QUERY_MATCH_SUBJECT_NAME
;
497 q
.match
|= HX509_QUERY_KU_CRLSIGN
;
498 q
.subject_name
= &crl
->tbsCertList
.issuer
;
500 ret
= hx509_certs_find(context
, certs
, &q
, &signer
);
502 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
503 "Failed to find certificate for CRL");
508 ret
= _hx509_verify_signature_bitstring(context
,
510 &crl
->signatureAlgorithm
,
511 &crl
->tbsCertList
._save
,
512 &crl
->signatureValue
);
514 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
515 "CRL signature invalid");
520 * If signer is not CA cert, need to check revoke status of this
521 * CRL signing cert too, this include all parent CRL signer cert
522 * up to the root *sigh*, assume root at least hve CERTSIGN flag
525 while (_hx509_check_key_usage(context
, signer
, 1 << 5, TRUE
)) {
526 hx509_cert crl_parent
;
528 _hx509_query_clear(&q
);
530 q
.match
= HX509_QUERY_MATCH_SUBJECT_NAME
;
531 q
.match
|= HX509_QUERY_KU_CRLSIGN
;
532 q
.subject_name
= &_hx509_get_cert(signer
)->tbsCertificate
.issuer
;
534 ret
= hx509_certs_find(context
, certs
, &q
, &crl_parent
);
536 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
537 "Failed to find parent of CRL signer");
541 ret
= hx509_revoke_verify(context
,
547 hx509_cert_free(signer
);
550 hx509_set_error_string(context
, HX509_ERROR_APPEND
, ret
,
551 "Failed to verify revoke "
552 "status of CRL signer");
558 hx509_cert_free(signer
);
564 load_crl(const char *path
, time_t *t
, CRLCertificateList
*crl
)
571 memset(crl
, 0, sizeof(*crl
));
573 ret
= rk_undumpdata(path
, &data
, &length
);
577 ret
= stat(path
, &sb
);
583 ret
= decode_CRLCertificateList(data
, length
, crl
, &size
);
588 /* check signature is aligned */
589 if (crl
->signatureValue
.length
& 7) {
590 free_CRLCertificateList(crl
);
591 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
597 * Add a CRL file to the revokation context.
599 * @param context hx509 context
600 * @param ctx hx509 revokation context
601 * @param path path to file that is going to be added to the context.
603 * @return An hx509 error code, see hx509_get_error_string().
605 * @ingroup hx509_revoke
609 hx509_revoke_add_crl(hx509_context context
,
610 hx509_revoke_ctx ctx
,
617 if (strncmp(path
, "FILE:", 5) != 0) {
618 hx509_set_error_string(context
, 0, HX509_UNSUPPORTED_OPERATION
,
619 "unsupport type in %s", path
);
620 return HX509_UNSUPPORTED_OPERATION
;
626 for (i
= 0; i
< ctx
->crls
.len
; i
++) {
627 if (strcmp(ctx
->crls
.val
[0].path
, path
) == 0)
631 data
= realloc(ctx
->crls
.val
,
632 (ctx
->crls
.len
+ 1) * sizeof(ctx
->crls
.val
[0]));
634 hx509_clear_error_string(context
);
637 ctx
->crls
.val
= data
;
639 memset(&ctx
->crls
.val
[ctx
->crls
.len
], 0, sizeof(ctx
->crls
.val
[0]));
641 ctx
->crls
.val
[ctx
->crls
.len
].path
= strdup(path
);
642 if (ctx
->crls
.val
[ctx
->crls
.len
].path
== NULL
) {
643 hx509_clear_error_string(context
);
648 &ctx
->crls
.val
[ctx
->crls
.len
].last_modfied
,
649 &ctx
->crls
.val
[ctx
->crls
.len
].crl
);
651 free(ctx
->crls
.val
[ctx
->crls
.len
].path
);
661 * Check that a certificate is not expired according to a revokation
662 * context. Also need the parent certificte to the check OCSP
665 * @param context hx509 context
666 * @param ctx hx509 revokation context
672 * @return An hx509 error code, see hx509_get_error_string().
674 * @ingroup hx509_revoke
679 hx509_revoke_verify(hx509_context context
,
680 hx509_revoke_ctx ctx
,
684 hx509_cert parent_cert
)
686 const Certificate
*c
= _hx509_get_cert(cert
);
687 const Certificate
*p
= _hx509_get_cert(parent_cert
);
688 unsigned long i
, j
, k
;
691 hx509_clear_error_string(context
);
693 for (i
= 0; i
< ctx
->ocsps
.len
; i
++) {
694 struct revoke_ocsp
*ocsp
= &ctx
->ocsps
.val
[i
];
697 /* check this ocsp apply to this cert */
699 /* check if there is a newer version of the file */
700 ret
= stat(ocsp
->path
, &sb
);
701 if (ret
== 0 && ocsp
->last_modfied
!= sb
.st_mtime
) {
702 ret
= load_ocsp(context
, ocsp
);
707 /* verify signature in ocsp if not already done */
708 if (ocsp
->signer
== NULL
) {
709 ret
= verify_ocsp(context
, ocsp
, now
, certs
, parent_cert
);
714 for (j
= 0; j
< ocsp
->ocsp
.tbsResponseData
.responses
.len
; j
++) {
715 heim_octet_string os
;
717 ret
= der_heim_integer_cmp(&ocsp
->ocsp
.tbsResponseData
.responses
.val
[j
].certID
.serialNumber
,
718 &c
->tbsCertificate
.serialNumber
);
722 /* verify issuer hashes hash */
723 ret
= _hx509_verify_signature(context
,
725 &ocsp
->ocsp
.tbsResponseData
.responses
.val
[i
].certID
.hashAlgorithm
,
726 &c
->tbsCertificate
.issuer
._save
,
727 &ocsp
->ocsp
.tbsResponseData
.responses
.val
[i
].certID
.issuerNameHash
);
731 os
.data
= p
->tbsCertificate
.subjectPublicKeyInfo
.subjectPublicKey
.data
;
732 os
.length
= p
->tbsCertificate
.subjectPublicKeyInfo
.subjectPublicKey
.length
/ 8;
734 ret
= _hx509_verify_signature(context
,
736 &ocsp
->ocsp
.tbsResponseData
.responses
.val
[j
].certID
.hashAlgorithm
,
738 &ocsp
->ocsp
.tbsResponseData
.responses
.val
[j
].certID
.issuerKeyHash
);
742 switch (ocsp
->ocsp
.tbsResponseData
.responses
.val
[j
].certStatus
.element
) {
743 case choice_OCSPCertStatus_good
:
745 case choice_OCSPCertStatus_revoked
:
746 hx509_set_error_string(context
, 0,
748 "Certificate revoked by issuer in OCSP");
749 return HX509_CERT_REVOKED
;
750 case choice_OCSPCertStatus_unknown
:
754 /* don't allow the update to be in the future */
755 if (ocsp
->ocsp
.tbsResponseData
.responses
.val
[j
].thisUpdate
>
756 now
+ context
->ocsp_time_diff
)
759 /* don't allow the next update to be in the past */
760 if (ocsp
->ocsp
.tbsResponseData
.responses
.val
[j
].nextUpdate
) {
761 if (*ocsp
->ocsp
.tbsResponseData
.responses
.val
[j
].nextUpdate
< now
)
763 } /* else should force a refetch, but can we ? */
769 for (i
= 0; i
< ctx
->crls
.len
; i
++) {
770 struct revoke_crl
*crl
= &ctx
->crls
.val
[i
];
774 /* check if cert.issuer == crls.val[i].crl.issuer */
775 ret
= _hx509_name_cmp(&c
->tbsCertificate
.issuer
,
776 &crl
->crl
.tbsCertList
.issuer
, &diff
);
780 ret
= stat(crl
->path
, &sb
);
781 if (ret
== 0 && crl
->last_modfied
!= sb
.st_mtime
) {
782 CRLCertificateList cl
;
784 ret
= load_crl(crl
->path
, &crl
->last_modfied
, &cl
);
786 free_CRLCertificateList(&crl
->crl
);
789 crl
->failed_verify
= 0;
792 if (crl
->failed_verify
)
795 /* verify signature in crl if not already done */
796 if (crl
->verified
== 0) {
797 ret
= verify_crl(context
, ctx
, &crl
->crl
, now
, certs
, parent_cert
);
799 crl
->failed_verify
= 1;
805 if (crl
->crl
.tbsCertList
.crlExtensions
) {
806 for (j
= 0; j
< crl
->crl
.tbsCertList
.crlExtensions
->len
; j
++) {
807 if (crl
->crl
.tbsCertList
.crlExtensions
->val
[j
].critical
) {
808 hx509_set_error_string(context
, 0,
809 HX509_CRL_UNKNOWN_EXTENSION
,
810 "Unknown CRL extension");
811 return HX509_CRL_UNKNOWN_EXTENSION
;
816 if (crl
->crl
.tbsCertList
.revokedCertificates
== NULL
)
819 /* check if cert is in crl */
820 for (j
= 0; j
< crl
->crl
.tbsCertList
.revokedCertificates
->len
; j
++) {
823 ret
= der_heim_integer_cmp(&crl
->crl
.tbsCertList
.revokedCertificates
->val
[j
].userCertificate
,
824 &c
->tbsCertificate
.serialNumber
);
828 t
= _hx509_Time2time_t(&crl
->crl
.tbsCertList
.revokedCertificates
->val
[j
].revocationDate
);
832 if (crl
->crl
.tbsCertList
.revokedCertificates
->val
[j
].crlEntryExtensions
)
833 for (k
= 0; k
< crl
->crl
.tbsCertList
.revokedCertificates
->val
[j
].crlEntryExtensions
->len
; k
++)
834 if (crl
->crl
.tbsCertList
.revokedCertificates
->val
[j
].crlEntryExtensions
->val
[k
].critical
)
835 return HX509_CRL_UNKNOWN_EXTENSION
;
837 hx509_set_error_string(context
, 0,
839 "Certificate revoked by issuer in CRL");
840 return HX509_CERT_REVOKED
;
847 if (context
->flags
& HX509_CTX_VERIFY_MISSING_OK
)
849 hx509_set_error_string(context
, HX509_ERROR_APPEND
,
850 HX509_REVOKE_STATUS_MISSING
,
851 "No revoke status found for "
853 return HX509_REVOKE_STATUS_MISSING
;
856 struct ocsp_add_ctx
{
859 const AlgorithmIdentifier
*digest
;
864 add_to_req(hx509_context context
, void *ptr
, hx509_cert cert
)
866 struct ocsp_add_ctx
*ctx
= ptr
;
867 OCSPInnerRequest
*one
;
868 hx509_cert parent
= NULL
;
869 Certificate
*p
, *c
= _hx509_get_cert(cert
);
870 heim_octet_string os
;
875 d
= realloc(ctx
->req
->requestList
.val
,
876 sizeof(ctx
->req
->requestList
.val
[0]) *
877 (ctx
->req
->requestList
.len
+ 1));
880 ctx
->req
->requestList
.val
= d
;
882 one
= &ctx
->req
->requestList
.val
[ctx
->req
->requestList
.len
];
883 memset(one
, 0, sizeof(*one
));
885 _hx509_query_clear(&q
);
887 q
.match
|= HX509_QUERY_FIND_ISSUER_CERT
;
890 ret
= hx509_certs_find(context
, ctx
->certs
, &q
, &parent
);
895 if (hx509_cert_cmp(ctx
->parent
, parent
) != 0) {
896 ret
= HX509_REVOKE_NOT_SAME_PARENT
;
897 hx509_set_error_string(context
, 0, ret
,
898 "Not same parent certifate as "
899 "last certificate in request");
903 ctx
->parent
= hx509_cert_ref(parent
);
905 p
= _hx509_get_cert(parent
);
907 ret
= copy_AlgorithmIdentifier(ctx
->digest
, &one
->reqCert
.hashAlgorithm
);
911 ret
= _hx509_create_signature(context
,
913 &one
->reqCert
.hashAlgorithm
,
914 &c
->tbsCertificate
.issuer
._save
,
916 &one
->reqCert
.issuerNameHash
);
920 os
.data
= p
->tbsCertificate
.subjectPublicKeyInfo
.subjectPublicKey
.data
;
922 p
->tbsCertificate
.subjectPublicKeyInfo
.subjectPublicKey
.length
/ 8;
924 ret
= _hx509_create_signature(context
,
926 &one
->reqCert
.hashAlgorithm
,
929 &one
->reqCert
.issuerKeyHash
);
933 ret
= copy_CertificateSerialNumber(&c
->tbsCertificate
.serialNumber
,
934 &one
->reqCert
.serialNumber
);
938 ctx
->req
->requestList
.len
++;
940 hx509_cert_free(parent
);
942 free_OCSPInnerRequest(one
);
943 memset(one
, 0, sizeof(*one
));
950 * Create an OCSP request for a set of certificates.
952 * @param context a hx509 context
953 * @param reqcerts list of certificates to request ocsp data for
954 * @param pool certificate pool to use when signing
955 * @param signer certificate to use to sign the request
956 * @param digest the signing algorithm in the request, if NULL use the
957 * default signature algorithm,
958 * @param request the encoded request, free with free_heim_octet_string().
959 * @param nonce nonce in the request, free with free_heim_octet_string().
961 * @return An hx509 error code, see hx509_get_error_string().
963 * @ingroup hx509_revoke
967 hx509_ocsp_request(hx509_context context
,
968 hx509_certs reqcerts
,
971 const AlgorithmIdentifier
*digest
,
972 heim_octet_string
*request
,
973 heim_octet_string
*nonce
)
978 struct ocsp_add_ctx ctx
;
981 memset(&req
, 0, sizeof(req
));
984 digest
= _hx509_crypto_default_digest_alg
;
986 ctx
.req
= &req
.tbsRequest
;
991 ret
= hx509_certs_iter_f(context
, reqcerts
, add_to_req
, &ctx
);
992 hx509_cert_free(ctx
.parent
);
997 req
.tbsRequest
.requestExtensions
=
998 calloc(1, sizeof(*req
.tbsRequest
.requestExtensions
));
999 if (req
.tbsRequest
.requestExtensions
== NULL
) {
1004 es
= req
.tbsRequest
.requestExtensions
;
1006 es
->val
= calloc(es
->len
, sizeof(es
->val
[0]));
1007 if (es
->val
== NULL
) {
1012 ret
= der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce
, &es
->val
[0].extnID
);
1014 free_OCSPRequest(&req
);
1018 es
->val
[0].extnValue
.data
= malloc(10);
1019 if (es
->val
[0].extnValue
.data
== NULL
) {
1023 es
->val
[0].extnValue
.length
= 10;
1025 ret
= RAND_bytes(es
->val
[0].extnValue
.data
,
1026 es
->val
[0].extnValue
.length
);
1028 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
1031 ret
= der_copy_octet_string(nonce
, &es
->val
[0].extnValue
);
1038 ASN1_MALLOC_ENCODE(OCSPRequest
, request
->data
, request
->length
,
1040 free_OCSPRequest(&req
);
1043 if (size
!= request
->length
)
1044 _hx509_abort("internal ASN.1 encoder error");
1049 free_OCSPRequest(&req
);
1054 printable_time(time_t t
)
1058 if ((p
= ctime(&t
)) == NULL
)
1059 strlcpy(s
, "?", sizeof(s
));
1061 strlcpy(s
, p
+ 4, sizeof(s
));
1068 * Print the OCSP reply stored in a file.
1070 * @param context a hx509 context
1071 * @param path path to a file with a OCSP reply
1072 * @param out the out FILE descriptor to print the reply on
1074 * @return An hx509 error code, see hx509_get_error_string().
1076 * @ingroup hx509_revoke
1080 hx509_revoke_ocsp_print(hx509_context context
, const char *path
, FILE *out
)
1082 struct revoke_ocsp ocsp
;
1089 memset(&ocsp
, 0, sizeof(ocsp
));
1091 ocsp
.path
= strdup(path
);
1092 if (ocsp
.path
== NULL
)
1095 ret
= load_ocsp(context
, &ocsp
);
1101 fprintf(out
, "signer: ");
1103 switch(ocsp
.ocsp
.tbsResponseData
.responderID
.element
) {
1104 case choice_OCSPResponderID_byName
: {
1107 _hx509_name_from_Name(&ocsp
.ocsp
.tbsResponseData
.responderID
.u
.byName
, &n
);
1108 hx509_name_to_string(n
, &s
);
1109 hx509_name_free(&n
);
1110 fprintf(out
, " byName: %s\n", s
);
1114 case choice_OCSPResponderID_byKey
: {
1116 hex_encode(ocsp
.ocsp
.tbsResponseData
.responderID
.u
.byKey
.data
,
1117 ocsp
.ocsp
.tbsResponseData
.responderID
.u
.byKey
.length
,
1119 fprintf(out
, " byKey: %s\n", s
);
1124 _hx509_abort("choice_OCSPResponderID unknown");
1128 fprintf(out
, "producedAt: %s\n",
1129 printable_time(ocsp
.ocsp
.tbsResponseData
.producedAt
));
1131 fprintf(out
, "replies: %d\n", ocsp
.ocsp
.tbsResponseData
.responses
.len
);
1133 for (i
= 0; i
< ocsp
.ocsp
.tbsResponseData
.responses
.len
; i
++) {
1135 switch (ocsp
.ocsp
.tbsResponseData
.responses
.val
[i
].certStatus
.element
) {
1136 case choice_OCSPCertStatus_good
:
1139 case choice_OCSPCertStatus_revoked
:
1142 case choice_OCSPCertStatus_unknown
:
1146 status
= "element unknown";
1149 fprintf(out
, "\t%zu. status: %s\n", i
, status
);
1151 fprintf(out
, "\tthisUpdate: %s\n",
1152 printable_time(ocsp
.ocsp
.tbsResponseData
.responses
.val
[i
].thisUpdate
));
1153 if (ocsp
.ocsp
.tbsResponseData
.responses
.val
[i
].nextUpdate
)
1154 fprintf(out
, "\tproducedAt: %s\n",
1155 printable_time(ocsp
.ocsp
.tbsResponseData
.responses
.val
[i
].thisUpdate
));
1159 fprintf(out
, "appended certs:\n");
1161 ret
= hx509_certs_iter_f(context
, ocsp
.certs
, hx509_ci_print_names
, out
);
1168 * Verify that the certificate is part of the OCSP reply and it's not
1169 * expired. Doesn't verify signature the OCSP reply or it's done by a
1170 * authorized sender, that is assumed to be already done.
1172 * @param context a hx509 context
1173 * @param now the time right now, if 0, use the current time.
1174 * @param cert the certificate to verify
1175 * @param flags flags control the behavior
1176 * @param data pointer to the encode ocsp reply
1177 * @param length the length of the encode ocsp reply
1178 * @param expiration return the time the OCSP will expire and need to
1181 * @return An hx509 error code, see hx509_get_error_string().
1183 * @ingroup hx509_verify
1187 hx509_ocsp_verify(hx509_context context
,
1191 const void *data
, size_t length
,
1194 const Certificate
*c
= _hx509_get_cert(cert
);
1195 OCSPBasicOCSPResponse basic
;
1204 ret
= parse_ocsp_basic(data
, length
, &basic
);
1206 hx509_set_error_string(context
, 0, ret
,
1207 "Failed to parse OCSP response");
1211 for (i
= 0; i
< basic
.tbsResponseData
.responses
.len
; i
++) {
1213 ret
= der_heim_integer_cmp(&basic
.tbsResponseData
.responses
.val
[i
].certID
.serialNumber
,
1214 &c
->tbsCertificate
.serialNumber
);
1218 /* verify issuer hashes hash */
1219 ret
= _hx509_verify_signature(context
,
1221 &basic
.tbsResponseData
.responses
.val
[i
].certID
.hashAlgorithm
,
1222 &c
->tbsCertificate
.issuer
._save
,
1223 &basic
.tbsResponseData
.responses
.val
[i
].certID
.issuerNameHash
);
1227 switch (basic
.tbsResponseData
.responses
.val
[i
].certStatus
.element
) {
1228 case choice_OCSPCertStatus_good
:
1230 case choice_OCSPCertStatus_revoked
:
1231 case choice_OCSPCertStatus_unknown
:
1235 /* don't allow the update to be in the future */
1236 if (basic
.tbsResponseData
.responses
.val
[i
].thisUpdate
>
1237 now
+ context
->ocsp_time_diff
)
1240 /* don't allow the next update to be in the past */
1241 if (basic
.tbsResponseData
.responses
.val
[i
].nextUpdate
) {
1242 if (*basic
.tbsResponseData
.responses
.val
[i
].nextUpdate
< now
)
1244 *expiration
= *basic
.tbsResponseData
.responses
.val
[i
].nextUpdate
;
1248 free_OCSPBasicOCSPResponse(&basic
);
1252 free_OCSPBasicOCSPResponse(&basic
);
1258 ret
= hx509_cert_get_subject(cert
, &name
);
1260 hx509_clear_error_string(context
);
1263 ret
= hx509_name_to_string(name
, &subject
);
1264 hx509_name_free(&name
);
1266 hx509_clear_error_string(context
);
1269 hx509_set_error_string(context
, 0, HX509_CERT_NOT_IN_OCSP
,
1270 "Certificate %s not in OCSP response "
1276 return HX509_CERT_NOT_IN_OCSP
;
1280 hx509_certs revoked
;
1285 * Create a CRL context. Use hx509_crl_free() to free the CRL context.
1287 * @param context a hx509 context.
1288 * @param crl return pointer to a newly allocated CRL context.
1290 * @return An hx509 error code, see hx509_get_error_string().
1292 * @ingroup hx509_verify
1296 hx509_crl_alloc(hx509_context context
, hx509_crl
*crl
)
1300 *crl
= calloc(1, sizeof(**crl
));
1302 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1306 ret
= hx509_certs_init(context
, "MEMORY:crl", 0, NULL
, &(*crl
)->revoked
);
1317 * Add revoked certificate to an CRL context.
1319 * @param context a hx509 context.
1320 * @param crl the CRL to add the revoked certificate to.
1321 * @param certs keyset of certificate to revoke.
1323 * @return An hx509 error code, see hx509_get_error_string().
1325 * @ingroup hx509_verify
1329 hx509_crl_add_revoked_certs(hx509_context context
,
1333 return hx509_certs_merge(context
, crl
->revoked
, certs
);
1337 * Set the lifetime of a CRL context.
1339 * @param context a hx509 context.
1340 * @param crl a CRL context
1341 * @param delta delta time the certificate is valid, library adds the
1342 * current time to this.
1344 * @return An hx509 error code, see hx509_get_error_string().
1346 * @ingroup hx509_verify
1350 hx509_crl_lifetime(hx509_context context
, hx509_crl crl
, int delta
)
1352 crl
->expire
= time(NULL
) + delta
;
1357 * Free a CRL context.
1359 * @param context a hx509 context.
1360 * @param crl a CRL context to free.
1362 * @ingroup hx509_verify
1366 hx509_crl_free(hx509_context context
, hx509_crl
*crl
)
1370 hx509_certs_free(&(*crl
)->revoked
);
1371 memset(*crl
, 0, sizeof(**crl
));
1377 add_revoked(hx509_context context
, void *ctx
, hx509_cert cert
)
1379 TBSCRLCertList
*c
= ctx
;
1384 num
= c
->revokedCertificates
->len
;
1385 ptr
= realloc(c
->revokedCertificates
->val
,
1386 (num
+ 1) * sizeof(c
->revokedCertificates
->val
[0]));
1388 hx509_clear_error_string(context
);
1391 c
->revokedCertificates
->val
= ptr
;
1393 ret
= hx509_cert_get_serialnumber(cert
,
1394 &c
->revokedCertificates
->val
[num
].userCertificate
);
1396 hx509_clear_error_string(context
);
1399 c
->revokedCertificates
->val
[num
].revocationDate
.element
=
1400 choice_Time_generalTime
;
1401 c
->revokedCertificates
->val
[num
].revocationDate
.u
.generalTime
=
1402 time(NULL
) - 3600 * 24;
1403 c
->revokedCertificates
->val
[num
].crlEntryExtensions
= NULL
;
1405 c
->revokedCertificates
->len
++;
1411 * Sign a CRL and return an encode certificate.
1413 * @param context a hx509 context.
1414 * @param signer certificate to sign the CRL with
1415 * @param crl the CRL to sign
1416 * @param os return the signed and encoded CRL, free with
1417 * free_heim_octet_string()
1419 * @return An hx509 error code, see hx509_get_error_string().
1421 * @ingroup hx509_verify
1425 hx509_crl_sign(hx509_context context
,
1428 heim_octet_string
*os
)
1430 const AlgorithmIdentifier
*sigalg
= _hx509_crypto_default_sig_alg
;
1431 CRLCertificateList c
;
1434 hx509_private_key signerkey
;
1436 memset(&c
, 0, sizeof(c
));
1438 signerkey
= _hx509_cert_private_key(signer
);
1439 if (signerkey
== NULL
) {
1440 ret
= HX509_PRIVATE_KEY_MISSING
;
1441 hx509_set_error_string(context
, 0, ret
,
1442 "Private key missing for CRL signing");
1446 c
.tbsCertList
.version
= malloc(sizeof(*c
.tbsCertList
.version
));
1447 if (c
.tbsCertList
.version
== NULL
) {
1448 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1452 *c
.tbsCertList
.version
= 1;
1454 ret
= copy_AlgorithmIdentifier(sigalg
, &c
.tbsCertList
.signature
);
1456 hx509_clear_error_string(context
);
1460 ret
= copy_Name(&_hx509_get_cert(signer
)->tbsCertificate
.issuer
,
1461 &c
.tbsCertList
.issuer
);
1463 hx509_clear_error_string(context
);
1467 c
.tbsCertList
.thisUpdate
.element
= choice_Time_generalTime
;
1468 c
.tbsCertList
.thisUpdate
.u
.generalTime
= time(NULL
) - 24 * 3600;
1470 c
.tbsCertList
.nextUpdate
= malloc(sizeof(*c
.tbsCertList
.nextUpdate
));
1471 if (c
.tbsCertList
.nextUpdate
== NULL
) {
1472 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1478 time_t next
= crl
->expire
;
1480 next
= time(NULL
) + 24 * 3600 * 365;
1482 c
.tbsCertList
.nextUpdate
->element
= choice_Time_generalTime
;
1483 c
.tbsCertList
.nextUpdate
->u
.generalTime
= next
;
1486 c
.tbsCertList
.revokedCertificates
=
1487 calloc(1, sizeof(*c
.tbsCertList
.revokedCertificates
));
1488 if (c
.tbsCertList
.revokedCertificates
== NULL
) {
1489 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1493 c
.tbsCertList
.crlExtensions
= NULL
;
1495 ret
= hx509_certs_iter_f(context
, crl
->revoked
, add_revoked
, &c
.tbsCertList
);
1499 /* if not revoked certs, remove OPTIONAL entry */
1500 if (c
.tbsCertList
.revokedCertificates
->len
== 0) {
1501 free(c
.tbsCertList
.revokedCertificates
);
1502 c
.tbsCertList
.revokedCertificates
= NULL
;
1505 ASN1_MALLOC_ENCODE(TBSCRLCertList
, os
->data
, os
->length
,
1506 &c
.tbsCertList
, &size
, ret
);
1508 hx509_set_error_string(context
, 0, ret
, "failed to encode tbsCRL");
1511 if (size
!= os
->length
)
1512 _hx509_abort("internal ASN.1 encoder error");
1515 ret
= _hx509_create_signature_bitstring(context
,
1519 &c
.signatureAlgorithm
,
1523 hx509_set_error_string(context
, 0, ret
, "Failed to sign CRL");
1527 ASN1_MALLOC_ENCODE(CRLCertificateList
, os
->data
, os
->length
,
1530 hx509_set_error_string(context
, 0, ret
, "failed to encode CRL");
1533 if (size
!= os
->length
)
1534 _hx509_abort("internal ASN.1 encoder error");
1536 free_CRLCertificateList(&c
);
1541 free_CRLCertificateList(&c
);