1 /* ocsp.c - OCSP (rfc2560)
2 * Copyright (C) 2003, 2004, 2005, 2006, 2012 g10 Code GmbH
4 * This file is part of KSBA.
6 * KSBA is free software; you can redistribute it and/or modify
7 * it under the terms of either
9 * - the GNU Lesser General Public License as published by the Free
10 * Software Foundation; either version 3 of the License, or (at
11 * your option) any later version.
15 * - the GNU General Public License as published by the Free
16 * Software Foundation; either version 2 of the License, or (at
17 * your option) any later version.
19 * or both in parallel, as here.
21 * KSBA is distributed in the hope that it will be useful, but WITHOUT
22 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
23 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
24 * License for more details.
26 * You should have received a copies of the GNU General Public License
27 * and the GNU Lesser General Public License along with this program;
28 * if not, see <http://www.gnu.org/licenses/>.
42 #include "der-encoder.h"
47 static const char oidstr_sha1[] = "1.3.14.3.2.26";
48 static const char oidstr_ocsp_basic[] = "1.3.6.1.5.5.7.48.1.1";
49 static const char oidstr_ocsp_nonce[] = "1.3.6.1.5.5.7.48.1.2";
54 dump_hex (const unsigned char *p, size_t n)
57 fputs ("none", stderr);
61 fprintf (stderr, " %02X", *p);
67 /* Create a new OCSP object and retrun it in R_OCSP. Return 0 on
68 success or an error code.
71 ksba_ocsp_new (ksba_ocsp_t *r_ocsp)
73 *r_ocsp = xtrycalloc (1, sizeof **r_ocsp);
75 return gpg_error_from_syserror ();
81 release_ocsp_certlist (struct ocsp_certlist_s *cl)
85 struct ocsp_certlist_s *tmp = cl->next;
86 ksba_cert_release (cl->cert);
94 release_ocsp_extensions (struct ocsp_extension_s *ex)
98 struct ocsp_extension_s *tmp = ex->next;
105 /* Release the OCSP object and all its resources. Passing NULL for
106 OCSP is a valid nop. */
108 ksba_ocsp_release (ksba_ocsp_t ocsp)
110 struct ocsp_reqitem_s *ri;
114 xfree (ocsp->digest_oid);
115 xfree (ocsp->request_buffer);
116 for (; (ri=ocsp->requestlist); ri = ocsp->requestlist )
118 ocsp->requestlist = ri->next;
119 ksba_cert_release (ri->cert);
120 ksba_cert_release (ri->issuer_cert);
121 release_ocsp_extensions (ri->single_extensions);
122 xfree (ri->serialno);
124 xfree (ocsp->sigval);
125 xfree (ocsp->responder_id.name);
126 xfree (ocsp->responder_id.keyid);
127 release_ocsp_certlist (ocsp->received_certs);
128 release_ocsp_extensions (ocsp->response_extensions);
134 /* Set the hash algorithm to be used for signing the request to OID.
135 Using this function will force the creation of a signed
138 ksba_ocsp_set_digest_algo (ksba_ocsp_t ocsp, const char *oid)
140 if (!ocsp || !oid || !*oid)
141 return gpg_error (GPG_ERR_INV_VALUE);
142 if (ocsp->digest_oid)
143 xfree (ocsp->digest_oid);
144 ocsp->digest_oid = xtrystrdup (oid);
145 if (!ocsp->digest_oid)
146 return gpg_error_from_syserror ();
152 ksba_ocsp_set_requestor (ksba_ocsp_t ocsp, ksba_cert_t cert)
156 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
160 /* Add the certificate CERT for which the status is to be requested
161 and it's issuer certificate ISSUER_CERT to the context. This
162 function may be called multiple time to create a list of targets to
163 get combined into one actual request. */
165 ksba_ocsp_add_target (ksba_ocsp_t ocsp,
166 ksba_cert_t cert, ksba_cert_t issuer_cert)
168 struct ocsp_reqitem_s *ri;
170 if (!ocsp || !cert || !issuer_cert)
171 return gpg_error (GPG_ERR_INV_VALUE);
173 ri = xtrycalloc (1, sizeof *ri);
175 return gpg_error_from_syserror ();
176 ksba_cert_ref (cert);
178 ksba_cert_ref (issuer_cert);
179 ri->issuer_cert = issuer_cert;
181 ri->next = ocsp->requestlist;
182 ocsp->requestlist = ri;
188 /* Set the nonce to be used for the request to the content of the
189 buffer NONCE of size NONCELEN. Libksba may have an upper limit of
190 the allowed size of the nonce; if the supplied nonce is larger it
191 will be truncated and the actual used length of the nonce returned.
192 To detect the implementation limit (which should be considered as a
193 good suggestion), the function may be called with NULL for NONCE,
194 in which case the maximal usable noncelength is returned. The
195 function returns the length of the nonce which will be used. */
197 ksba_ocsp_set_nonce (ksba_ocsp_t ocsp, unsigned char *nonce, size_t noncelen)
202 return sizeof ocsp->nonce;
203 if (noncelen > sizeof ocsp->nonce)
204 noncelen = sizeof ocsp->nonce;
207 memcpy (ocsp->nonce, nonce, noncelen);
209 ocsp->noncelen = noncelen;
214 /* Compute the SHA-1 nameHash for the certificate CERT and put it in
215 the buffer SHA1_BUFFER which must have been allocated to at least
218 issuer_name_hash (ksba_cert_t cert, unsigned char *sha1_buffer)
221 const unsigned char *ptr;
222 size_t length, dummy;
224 err = _ksba_cert_get_subject_dn_ptr (cert, &ptr, &length);
227 err = _ksba_hash_buffer (NULL, ptr, length, 20, sha1_buffer, &dummy);
228 if (!err && dummy != 20)
229 err = gpg_error (GPG_ERR_BUG);
234 /* Compute the SHA-1 hash of the public key of CERT and put it in teh
235 buffer SHA1_BUFFER which must have been allocated with at least 20
238 issuer_key_hash (ksba_cert_t cert, unsigned char *sha1_buffer)
241 const unsigned char *ptr;
242 size_t length, dummy;
244 err = _ksba_cert_get_public_key_ptr (cert, &ptr, &length);
247 err = _ksba_hash_buffer (NULL, ptr, length, 20, sha1_buffer, &dummy);
248 if (!err && dummy != 20)
249 err = gpg_error (GPG_ERR_BUG);
255 /* Write the extensions for a request to WOUT. */
257 write_request_extensions (ksba_ocsp_t ocsp, ksba_writer_t wout)
264 ksba_writer_t w1 = NULL;
265 ksba_writer_t w2 = NULL;
268 return 0; /* We do only support the nonce extension. */
270 /* Create writer objects for construction of the extension. */
271 err = ksba_writer_new (&w2);
273 err = ksba_writer_set_mem (w2, 256);
275 err = ksba_writer_new (&w1);
277 err = ksba_writer_set_mem (w1, 256);
281 /* Write OID and nonce. */
282 err = ksba_oid_from_str (oidstr_ocsp_nonce, &buf, &buflen);
285 err = _ksba_ber_write_tl (w1, TYPE_OBJECT_ID, CLASS_UNIVERSAL, 0, buflen);
287 err = ksba_writer_write (w1, buf, buflen);
288 xfree (buf); buf = NULL;
289 /* We known that the nonce is short enough to put the tag into 2 bytes, thus
290 we write the encapsulating octet string directly with a fixed length. */
292 err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0,
295 err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0,
298 err = ksba_writer_write (w1, ocsp->nonce, ocsp->noncelen);
300 /* Put a sequence around. */
301 p = ksba_writer_snatch_mem (w1, &derlen);
304 err = ksba_writer_error (w1);
307 err = _ksba_ber_write_tl (w2, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, derlen);
309 err = ksba_writer_write (w2, p, derlen);
312 /* Put the sequence around all extensions. */
313 err = ksba_writer_set_mem (w1, 256);
316 p = ksba_writer_snatch_mem (w2, &derlen);
319 err = ksba_writer_error (w2);
322 err = _ksba_ber_write_tl (w1, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, derlen);
324 err = ksba_writer_write (w1, p, derlen);
327 /* And put a context tag around everything. */
328 p = ksba_writer_snatch_mem (w1, &derlen);
331 err = ksba_writer_error (w1);
334 err = _ksba_ber_write_tl (wout, 2, CLASS_CONTEXT, 1, derlen);
336 err = ksba_writer_write (wout, p, derlen);
341 ksba_writer_release (w2);
342 ksba_writer_release (w1);
347 /* Build a request from the current context. The function checks that
348 all necessary information have been set and stores the prepared
349 request in the context. A subsequent ksba_ocsp_build_request may
350 then be used to retrieve this request. Optional the requestmay be
351 signed beofre calling ksba_ocsp_build_request.
354 ksba_ocsp_prepare_request (ksba_ocsp_t ocsp)
357 struct ocsp_reqitem_s *ri;
359 const unsigned char *der;
362 ksba_writer_t w1 = NULL;
363 ksba_writer_t w2 = NULL;
364 ksba_writer_t w3 = NULL;
365 ksba_writer_t w4, w5, w6, w7; /* Used as aliases. */
368 return gpg_error (GPG_ERR_INV_VALUE);
370 xfree (ocsp->request_buffer);
371 ocsp->request_buffer = NULL;
372 ocsp->request_buflen = 0;
374 if (!ocsp->requestlist)
375 return gpg_error (GPG_ERR_MISSING_ACTION);
377 /* Create three writer objects for construction of the request. */
378 err = ksba_writer_new (&w3);
380 err = ksba_writer_set_mem (w3, 2048);
382 err = ksba_writer_new (&w2);
384 err = ksba_writer_new (&w1);
389 /* Loop over all single requests. */
390 for (ri=ocsp->requestlist; ri; ri = ri->next)
392 err = ksba_writer_set_mem (w2, 256);
394 err = ksba_writer_set_mem (w1, 256);
398 /* Write the AlgorithmIdentifier. */
399 err = _ksba_der_write_algorithm_identifier (w1, oidstr_sha1, NULL, 0);
403 /* Compute the issuerNameHash and write it into the CertID object. */
404 err = issuer_name_hash (ri->issuer_cert, ri->issuer_name_hash);
406 err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0,20);
408 err = ksba_writer_write (w1, ri->issuer_name_hash, 20);
412 /* Compute the issuerKeyHash and write it. */
413 err = issuer_key_hash (ri->issuer_cert, ri->issuer_key_hash);
415 err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0,20);
417 err = ksba_writer_write (w1, ri->issuer_key_hash, 20);
421 /* Write the serialNumber of the certificate to be checked. */
422 err = _ksba_cert_get_serial_ptr (ri->cert, &der, &derlen);
424 err = ksba_writer_write (w1, der, derlen);
427 /* Store the integer value. */
429 const unsigned char *tmpder = der;
430 size_t tmpderlen = derlen;
432 err = parse_integer (&tmpder, &tmpderlen, &ti);
435 xfree (ri->serialno);
436 ri->serialno = xtrymalloc (tmpderlen);
439 err = gpg_error_from_syserror ();
442 memcpy (ri->serialno, tmpder, tmpderlen);
443 ri->serialnolen = tmpderlen;
446 /* Now write it out as a sequence to the outer certID object. */
447 p = ksba_writer_snatch_mem (w1, &derlen);
450 err = ksba_writer_error (w1);
453 err = _ksba_ber_write_tl (w2, TYPE_SEQUENCE, CLASS_UNIVERSAL,
456 err = ksba_writer_write (w2, p, derlen);
461 /* Here we would write singleRequestExtensions. */
463 /* Now write it out as a sequence to the outer Request object. */
464 p = ksba_writer_snatch_mem (w2, &derlen);
467 err = ksba_writer_error (w2);
470 err = _ksba_ber_write_tl (w3, TYPE_SEQUENCE, CLASS_UNIVERSAL,
473 err = ksba_writer_write (w3, p, derlen);
478 } /* End of looping over single requests. */
480 /* Reuse writers; for clarity, use new names. */
483 err = ksba_writer_set_mem (w4, 2048);
485 err = ksba_writer_set_mem (w5, 2048);
489 /* Put a sequence tag before the requestList. */
490 p = ksba_writer_snatch_mem (w3, &derlen);
493 err = ksba_writer_error (w3);
496 err = _ksba_ber_write_tl (w4, TYPE_SEQUENCE, CLASS_UNIVERSAL,
499 err = ksba_writer_write (w4, p, derlen);
504 /* The requestExtensions go here. */
505 err = write_request_extensions (ocsp, w4);
507 /* Write the tbsRequest. */
509 /* The version is default, thus we don't write it. */
511 /* The requesterName would go here. */
513 /* Write the requestList. */
514 p = ksba_writer_snatch_mem (w4, &derlen);
517 err = ksba_writer_error (w4);
520 err = _ksba_ber_write_tl (w5, TYPE_SEQUENCE, CLASS_UNIVERSAL,
523 err = ksba_writer_write (w5, p, derlen);
528 /* Reuse writers; for clarity, use new names. */
531 err = ksba_writer_set_mem (w6, 2048);
533 err = ksba_writer_set_mem (w7, 2048);
537 /* Prepend a sequence tag. */
538 p = ksba_writer_snatch_mem (w5, &derlen);
541 err = ksba_writer_error (w5);
544 err = _ksba_ber_write_tl (w6, TYPE_SEQUENCE, CLASS_UNIVERSAL,
547 err = ksba_writer_write (w6, p, derlen);
552 /* Write the ocspRequest. */
554 /* Note that we do not support the optional signature, because this
555 saves us one writer object. */
557 /* Prepend a sequence tag. */
558 /* p = ksba_writer_snatch_mem (w6, &derlen); */
561 /* err = ksba_writer_error (w6); */
564 /* err = _ksba_ber_write_tl (w7, TYPE_SEQUENCE, CLASS_UNIVERSAL, */
567 /* err = ksba_writer_write (w7, p, derlen); */
568 /* xfree (p); p = NULL; */
573 /* Read out the entire request. */
574 p = ksba_writer_snatch_mem (w6, &derlen);
577 err = ksba_writer_error (w6);
580 ocsp->request_buffer = p;
581 ocsp->request_buflen = derlen;
585 ksba_writer_release (w3);
586 ksba_writer_release (w2);
587 ksba_writer_release (w1);
593 ksba_ocsp_hash_request (ksba_ocsp_t ocsp,
594 void (*hasher)(void *, const void *,
601 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
606 ksba_ocsp_set_sig_val (ksba_ocsp_t ocsp,
607 ksba_const_sexp_t sigval)
611 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
616 ksba_ocsp_add_cert (ksba_ocsp_t ocsp, ksba_cert_t cert)
620 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
625 /* Build a request from the current context. The function checks that
626 all necessary information have been set and then returns an
627 allocated buffer with the resulting request.
630 ksba_ocsp_build_request (ksba_ocsp_t ocsp,
631 unsigned char **r_buffer, size_t *r_buflen)
635 if (!ocsp || !r_buffer || !r_buflen)
636 return gpg_error (GPG_ERR_INV_VALUE);
640 if (!ocsp->requestlist)
641 return gpg_error (GPG_ERR_MISSING_ACTION);
642 if (!ocsp->request_buffer)
644 /* No prepare done, do it now. */
645 err = ksba_ocsp_prepare_request (ocsp);
648 assert (ocsp->request_buffer);
650 *r_buffer = ocsp->request_buffer;
651 *r_buflen = ocsp->request_buflen;
652 ocsp->request_buffer = NULL;
653 ocsp->request_buflen = 0;
660 Parse the response extensions and store them aways. While doing
661 this we also check the nonce extension. A typical data ASN.1 blob
662 with only the nonce extension as passed to this function is:
666 OBJECT IDENTIFIER ocspNonce (1 3 6 1 5 5 7 48 1 2)
667 OCTET STRING, encapsulates {
669 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50
676 parse_response_extensions (ksba_ocsp_t ocsp,
677 const unsigned char *data, size_t datalen)
684 assert (!ocsp->response_extensions);
685 err = parse_sequence (&data, &datalen, &ti);
691 struct ocsp_extension_s *ex;
694 err = parse_sequence (&data, &datalen, &ti);
697 if (length < ti.nhdr + ti.length)
699 err = gpg_error (GPG_ERR_BAD_BER);
702 length -= ti.nhdr + ti.length;
705 err = parse_object_id_into_str (&data, &datalen, &oid);
709 err = parse_optional_boolean (&data, &datalen, &is_crit);
712 err = parse_octet_string (&data, &datalen, &ti);
715 if (!strcmp (oid, oidstr_ocsp_nonce))
717 err = parse_octet_string (&data, &datalen, &ti);
720 if (ocsp->noncelen != ti.length
721 || memcmp (ocsp->nonce, data, ti.length))
724 ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
727 err = gpg_error_from_syserror ();
731 strcpy (ex->data, oid);
732 ex->data[strlen (oid)] = 0;
733 ex->off = strlen (oid) + 1;
735 memcpy (ex->data + ex->off, data, ti.length);
736 ex->next = ocsp->response_extensions;
737 ocsp->response_extensions = ex;
739 parse_skip (&data, &datalen, &ti); /* Skip the octet string / integer. */
749 Parse single extensions and store them away.
752 parse_single_extensions (struct ocsp_reqitem_s *ri,
753 const unsigned char *data, size_t datalen)
760 assert (ri && !ri->single_extensions);
761 err = parse_sequence (&data, &datalen, &ti);
767 struct ocsp_extension_s *ex;
770 err = parse_sequence (&data, &datalen, &ti);
773 if (length < ti.nhdr + ti.length)
775 err = gpg_error (GPG_ERR_BAD_BER);
778 length -= ti.nhdr + ti.length;
781 err = parse_object_id_into_str (&data, &datalen, &oid);
785 err = parse_optional_boolean (&data, &datalen, &is_crit);
788 err = parse_octet_string (&data, &datalen, &ti);
791 ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
794 err = gpg_error_from_syserror ();
798 strcpy (ex->data, oid);
799 ex->data[strlen (oid)] = 0;
800 ex->off = strlen (oid) + 1;
802 memcpy (ex->data + ex->off, data, ti.length);
803 ex->next = ri->single_extensions;
804 ri->single_extensions = ex;
806 parse_skip (&data, &datalen, &ti); /* Skip the octet string / integer. */
815 /* Parse the first part of a response:
817 OCSPResponse ::= SEQUENCE {
818 responseStatus OCSPResponseStatus,
819 responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
821 OCSPResponseStatus ::= ENUMERATED {
822 successful (0), --Response has valid confirmations
823 malformedRequest (1), --Illegal confirmation request
824 internalError (2), --Internal error in issuer
825 tryLater (3), --Try again later
827 sigRequired (5), --Must sign the request
828 unauthorized (6) --Request unauthorized
831 ResponseBytes ::= SEQUENCE {
832 responseType OBJECT IDENTIFIER,
833 response OCTET STRING }
835 On success the RESPONSE_STATUS field of OCSP will be set to the
836 response status and DATA will now point to the first byte in the
837 octet string of the response; RLEN will be set to the length of
838 this octet string. Note thate DATALEN is also updated but might
839 point to a value larger than RLEN points to, if the provided data
840 is a part of a larger image. */
842 parse_response_status (ksba_ocsp_t ocsp,
843 unsigned char const **data, size_t *datalen,
851 /* Parse the OCSPResponse sequence. */
852 err = parse_sequence (data, datalen, &ti);
855 /* Parse the OCSPResponseStatus. */
856 err = parse_enumerated (data, datalen, &ti, 1);
861 case 0: ocsp->response_status = KSBA_OCSP_RSPSTATUS_SUCCESS; break;
862 case 1: ocsp->response_status = KSBA_OCSP_RSPSTATUS_MALFORMED; break;
863 case 2: ocsp->response_status = KSBA_OCSP_RSPSTATUS_INTERNAL; break;
864 case 3: ocsp->response_status = KSBA_OCSP_RSPSTATUS_TRYLATER; break;
865 case 5: ocsp->response_status = KSBA_OCSP_RSPSTATUS_SIGREQUIRED; break;
866 case 6: ocsp->response_status = KSBA_OCSP_RSPSTATUS_UNAUTHORIZED; break;
867 default: ocsp->response_status = KSBA_OCSP_RSPSTATUS_OTHER; break;
869 parse_skip (data, datalen, &ti);
871 if (ocsp->response_status)
872 return 0; /* This is an error reponse; we have to stop here. */
874 /* We have a successful reponse status, thus we check that
875 ResponseBytes are actually available. */
876 err = parse_context_tag (data, datalen, &ti, 0);
879 err = parse_sequence (data, datalen, &ti);
882 err = parse_object_id_into_str (data, datalen, &oid);
885 if (strcmp (oid, oidstr_ocsp_basic))
888 return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
892 /* Check that the next field is an octet string. */
893 err = parse_octet_string (data, datalen, &ti);
896 *rlength = ti.length;
902 SingleResponse ::= SEQUENCE {
904 certStatus CertStatus,
905 thisUpdate GeneralizedTime,
906 nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
907 singleExtensions [1] EXPLICIT Extensions OPTIONAL }
909 CertStatus ::= CHOICE {
910 good [0] IMPLICIT NULL,
911 revoked [1] IMPLICIT RevokedInfo,
912 unknown [2] IMPLICIT UnknownInfo }
914 RevokedInfo ::= SEQUENCE {
915 revocationTime GeneralizedTime,
916 revocationReason [0] EXPLICIT CRLReason OPTIONAL }
918 UnknownInfo ::= NULL -- this can be replaced with an enumeration
923 parse_single_response (ksba_ocsp_t ocsp,
924 unsigned char const **data, size_t *datalen)
928 const unsigned char *savedata;
929 const unsigned char *endptr;
933 ksba_isotime_t this_update, next_update, revocation_time;
934 int look_for_request;
935 const unsigned char *name_hash;
936 const unsigned char *key_hash;
937 const unsigned char *serialno;
939 struct ocsp_reqitem_s *request_item = NULL;
941 /* The SingeResponse sequence. */
942 err = parse_sequence (data, datalen, &ti);
945 endptr = *data + ti.length;
949 hashAlgorithm AlgorithmIdentifier,
950 issuerNameHash OCTET STRING, -- Hash of Issuer's DN
951 issuerKeyHash OCTET STRING, -- Hash of Issuers public key
952 serialNumber CertificateSerialNumber }
954 err = parse_sequence (data, datalen, &ti);
957 err = _ksba_parse_algorithm_identifier (*data, *datalen, &n, &oid);
960 assert (n <= *datalen);
963 /* gpgrt_log_debug ("algorithmIdentifier is `%s'\n", oid); */
964 look_for_request = !strcmp (oid, oidstr_sha1);
967 err = parse_octet_string (data, datalen, &ti);
971 /* fprintf (stderr, "issuerNameHash="); */
972 /* dump_hex (*data, ti.length); */
973 /* putc ('\n', stderr); */
975 look_for_request = 0; /* Can't be a SHA-1 digest. */
976 parse_skip (data, datalen, &ti);
978 err = parse_octet_string (data, datalen, &ti);
982 /* fprintf (stderr, "issuerKeyHash="); */
983 /* dump_hex (*data, ti.length); */
984 /* putc ('\n', stderr); */
986 look_for_request = 0; /* Can't be a SHA-1 digest. */
987 parse_skip (data, datalen, &ti);
989 err= parse_integer (data, datalen, &ti);
993 serialnolen = ti.length;
994 /* fprintf (stderr, "serialNumber="); */
995 /* dump_hex (*data, ti.length); */
996 /* putc ('\n', stderr); */
997 parse_skip (data, datalen, &ti);
999 if (look_for_request)
1001 for (request_item = ocsp->requestlist;
1002 request_item; request_item = request_item->next)
1003 if (!memcmp (request_item->issuer_name_hash, name_hash, 20)
1004 && !memcmp (request_item->issuer_key_hash, key_hash, 20)
1005 && request_item->serialnolen == serialnolen
1006 && !memcmp (request_item->serialno, serialno, serialnolen))
1007 break; /* Got it. */
1012 CertStatus ::= CHOICE {
1013 good [0] IMPLICIT NULL,
1014 revoked [1] IMPLICIT RevokedInfo,
1015 unknown [2] IMPLICIT UnknownInfo }
1017 *revocation_time = 0;
1018 err = _ksba_ber_parse_tl (data, datalen, &ti);
1021 if (ti.length > *datalen)
1022 return gpg_error (GPG_ERR_BAD_BER);
1023 else if (ti.class == CLASS_CONTEXT && ti.tag == 0 && !ti.is_constructed)
1026 ; /* Cope with zero length objects. */
1027 else if (*datalen && !**data)
1028 { /* Skip the NULL. */
1033 return gpg_error (GPG_ERR_INV_OBJ);
1036 request_item->status = KSBA_STATUS_GOOD;
1038 else if (ti.class == CLASS_CONTEXT && ti.tag == 1 && ti.is_constructed)
1040 ksba_crl_reason_t reason = KSBA_CRLREASON_UNSPECIFIED;
1042 err = parse_asntime_into_isotime (data, datalen, revocation_time);
1045 /* fprintf (stderr, "revocationTime=%s\n", revocation_time); */
1047 savedatalen = *datalen;
1048 err = parse_context_tag (data, datalen, &ti, 0);
1052 *datalen = savedatalen;
1055 { /* Got a revocationReason. */
1056 err = parse_enumerated (data, datalen, &ti, 1);
1061 case 0: reason = KSBA_CRLREASON_UNSPECIFIED; break;
1062 case 1: reason = KSBA_CRLREASON_KEY_COMPROMISE; break;
1063 case 2: reason = KSBA_CRLREASON_CA_COMPROMISE; break;
1064 case 3: reason = KSBA_CRLREASON_AFFILIATION_CHANGED; break;
1065 case 4: reason = KSBA_CRLREASON_SUPERSEDED; break;
1066 case 5: reason = KSBA_CRLREASON_CESSATION_OF_OPERATION; break;
1067 case 6: reason = KSBA_CRLREASON_CERTIFICATE_HOLD; break;
1068 case 8: reason = KSBA_CRLREASON_REMOVE_FROM_CRL; break;
1069 case 9: reason = KSBA_CRLREASON_PRIVILEGE_WITHDRAWN; break;
1070 case 10: reason = KSBA_CRLREASON_AA_COMPROMISE; break;
1071 default: reason = KSBA_CRLREASON_OTHER; break;
1073 parse_skip (data, datalen, &ti);
1075 /* fprintf (stderr, "revocationReason=%04x\n", reason); */
1078 request_item->status = KSBA_STATUS_REVOKED;
1079 _ksba_copy_time (request_item->revocation_time, revocation_time);
1080 request_item->revocation_reason = reason;
1083 else if (ti.class == CLASS_CONTEXT && ti.tag == 2 && !ti.is_constructed
1087 ; /* Cope with zero length objects. */
1089 { /* Skip the NULL. */
1093 else /* The comment indicates that an enumeration may come here. */
1095 err = parse_enumerated (data, datalen, &ti, 0);
1098 fprintf (stderr, "libksba: unknownReason with an enum of "
1099 "length %u detected\n",
1100 (unsigned int)ti.length);
1101 parse_skip (data, datalen, &ti);
1104 request_item->status = KSBA_STATUS_UNKNOWN;
1107 err = gpg_error (GPG_ERR_INV_OBJ);
1110 err = parse_asntime_into_isotime (data, datalen, this_update);
1114 _ksba_copy_time (request_item->this_update, this_update);
1116 /* nextUpdate is optional. */
1117 if (*data >= endptr)
1120 err = _ksba_ber_parse_tl (data, datalen, &ti);
1123 if (ti.length > *datalen)
1124 return gpg_error (GPG_ERR_BAD_BER);
1125 else if (ti.class == CLASS_CONTEXT && ti.tag == 0 && ti.is_constructed)
1126 { /* have nextUpdate */
1127 err = parse_asntime_into_isotime (data, datalen, next_update);
1131 _ksba_copy_time (request_item->next_update, next_update);
1133 else if (ti.class == CLASS_CONTEXT && ti.tag == 1 && ti.is_constructed)
1134 { /* Undo that read. */
1136 *datalen += ti.nhdr;
1139 err = gpg_error (GPG_ERR_INV_OBJ);
1141 /* singleExtensions is optional */
1142 if (*data >= endptr)
1144 err = _ksba_ber_parse_tl (data, datalen, &ti);
1147 if (ti.length > *datalen)
1148 return gpg_error (GPG_ERR_BAD_BER);
1149 if (ti.class == CLASS_CONTEXT && ti.tag == 1 && ti.is_constructed)
1153 err = parse_single_extensions (request_item, *data, ti.length);
1157 parse_skip (data, datalen, &ti);
1160 err = gpg_error (GPG_ERR_INV_OBJ);
1165 /* Parse the object:
1167 ResponseData ::= SEQUENCE {
1168 version [0] EXPLICIT Version DEFAULT v1,
1169 responderID ResponderID,
1170 producedAt GeneralizedTime,
1171 responses SEQUENCE OF SingleResponse,
1172 responseExtensions [1] EXPLICIT Extensions OPTIONAL }
1174 ResponderID ::= CHOICE {
1181 parse_response_data (ksba_ocsp_t ocsp,
1182 unsigned char const **data, size_t *datalen)
1186 const unsigned char *savedata;
1188 size_t responses_length;
1190 /* The out er sequence. */
1191 err = parse_sequence (data, datalen, &ti);
1195 /* The optional version field. */
1197 savedatalen = *datalen;
1198 err = parse_context_tag (data, datalen, &ti, 0);
1202 *datalen = savedatalen;
1206 /* FIXME: check that the version matches. */
1207 parse_skip (data, datalen, &ti);
1210 /* The responderID field. */
1211 assert (!ocsp->responder_id.name);
1212 assert (!ocsp->responder_id.keyid);
1213 err = _ksba_ber_parse_tl (data, datalen, &ti);
1216 if (ti.length > *datalen)
1217 return gpg_error (GPG_ERR_BAD_BER);
1218 else if (ti.class == CLASS_CONTEXT && ti.tag == 1 && ti.is_constructed)
1220 err = _ksba_derdn_to_str (*data, ti.length, &ocsp->responder_id.name);
1223 parse_skip (data, datalen, &ti);
1225 else if (ti.class == CLASS_CONTEXT && ti.tag == 2 && ti.is_constructed)
1227 err = parse_octet_string (data, datalen, &ti);
1231 return gpg_error (GPG_ERR_INV_OBJ); /* Zero length key id. */
1232 ocsp->responder_id.keyid = xtrymalloc (ti.length);
1233 if (!ocsp->responder_id.keyid)
1234 return gpg_error_from_syserror ();
1235 memcpy (ocsp->responder_id.keyid, *data, ti.length);
1236 ocsp->responder_id.keyidlen = ti.length;
1237 parse_skip (data, datalen, &ti);
1240 err = gpg_error (GPG_ERR_INV_OBJ);
1242 /* The producedAt field. */
1243 err = parse_asntime_into_isotime (data, datalen, ocsp->produced_at);
1247 /* The responses field set. */
1248 err = parse_sequence (data, datalen, &ti);
1251 responses_length = ti.length;
1252 while (responses_length)
1254 savedatalen = *datalen;
1255 err = parse_single_response (ocsp, data, datalen);
1258 assert (responses_length >= savedatalen - *datalen);
1259 responses_length -= savedatalen - *datalen;
1262 /* The optional responseExtensions set. */
1264 savedatalen = *datalen;
1265 err = parse_context_tag (data, datalen, &ti, 1);
1268 err = parse_response_extensions (ocsp, *data, ti.length);
1271 parse_skip (data, datalen, &ti);
1273 else if (gpg_err_code (err) == GPG_ERR_INV_OBJ)
1276 *datalen = savedatalen;
1285 /* Parse the entire response message pointed to by MSG of length
1288 parse_response (ksba_ocsp_t ocsp, const unsigned char *msg, size_t msglen)
1292 const unsigned char *msgstart;
1293 const unsigned char *endptr;
1299 err = parse_response_status (ocsp, &msg, &msglen, &len);
1302 msglen = len; /* We don't care about any extra bytes provided to us. */
1303 if (ocsp->response_status)
1305 /* fprintf (stderr,"response status found to be %d - stop\n", */
1306 /* ocsp->response_status); */
1310 /* Now that we are sure that it is a BasicOCSPResponse, we can parse
1311 the really important things:
1313 BasicOCSPResponse ::= SEQUENCE {
1314 tbsResponseData ResponseData,
1315 signatureAlgorithm AlgorithmIdentifier,
1316 signature BIT STRING,
1317 certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
1319 err = parse_sequence (&msg, &msglen, &ti);
1322 endptr = msg + ti.length;
1324 ocsp->hash_offset = msg - msgstart;
1325 err = parse_response_data (ocsp, &msg, &msglen);
1328 ocsp->hash_length = msg - msgstart - ocsp->hash_offset;
1330 /* The signatureAlgorithm and the signature. We only need to get the
1331 length of both objects and let a specialized function do the
1335 err = parse_sequence (&msg, &msglen, &ti);
1338 parse_skip (&msg, &msglen, &ti);
1339 err= _ksba_ber_parse_tl (&msg, &msglen, &ti);
1342 if (!(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_BIT_STRING
1343 && !ti.is_constructed) )
1344 err = gpg_error (GPG_ERR_INV_OBJ);
1345 else if (!ti.length)
1346 err = gpg_error (GPG_ERR_TOO_SHORT);
1347 else if (ti.length > msglen)
1348 err = gpg_error (GPG_ERR_BAD_BER);
1349 parse_skip (&msg, &msglen, &ti);
1351 xfree (ocsp->sigval); ocsp->sigval = NULL;
1352 err = _ksba_sigval_to_sexp (s, len, &ocsp->sigval);
1356 /* Parse the optional sequence of certificates. */
1358 return 0; /* It's optional, so stop now. */
1359 err = parse_context_tag (&msg, &msglen, &ti, 0);
1360 if (gpg_err_code (err) == GPG_ERR_INV_OBJ)
1361 return 0; /* Not the right tag. Stop here. */
1364 err = parse_sequence (&msg, &msglen, &ti);
1368 return gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
1372 struct ocsp_certlist_s *cl, **cl_tail;
1374 assert (!ocsp->received_certs);
1375 cl_tail = &ocsp->received_certs;
1376 endptr = msg + ti.length;
1377 while (msg < endptr)
1379 /* Find the length of the certificate. */
1381 err = parse_sequence (&msg, &msglen, &ti);
1384 err = ksba_cert_new (&cert);
1387 err = ksba_cert_init_from_mem (cert, msg - ti.nhdr,
1388 ti.nhdr + ti.length);
1391 ksba_cert_release (cert);
1394 parse_skip (&msg, &msglen, &ti);
1395 cl = xtrycalloc (1, sizeof *cl);
1398 err = gpg_error_from_syserror ();
1399 ksba_cert_release (cert);
1406 cl_tail = &cl->next;
1414 /* Given the OCSP context and a binary reponse message of MSGLEN bytes
1415 in MSG, this fucntion parses the response and prepares it for
1416 signature verification. The status from the server is returned in
1417 RESPONSE_STATUS and must be checked even if the function returns
1418 without an error. */
1420 ksba_ocsp_parse_response (ksba_ocsp_t ocsp,
1421 const unsigned char *msg, size_t msglen,
1422 ksba_ocsp_response_status_t *response_status)
1425 struct ocsp_reqitem_s *ri;
1427 if (!ocsp || !msg || !msglen || !response_status)
1428 return gpg_error (GPG_ERR_INV_VALUE);
1430 if (!ocsp->requestlist)
1431 return gpg_error (GPG_ERR_MISSING_ACTION);
1433 /* Reset the fields used to track the response. This is so that we
1434 can use the parse function a second time for the same
1435 request. This is useful in case of a TryLater response status. */
1436 ocsp->response_status = KSBA_OCSP_RSPSTATUS_NONE;
1437 release_ocsp_certlist (ocsp->received_certs);
1438 release_ocsp_extensions (ocsp->response_extensions);
1439 ocsp->received_certs = NULL;
1440 ocsp->hash_length = 0;
1441 ocsp->bad_nonce = 0;
1442 xfree (ocsp->responder_id.name);
1443 ocsp->responder_id.name = NULL;
1444 xfree (ocsp->responder_id.keyid);
1445 ocsp->responder_id.keyid = NULL;
1446 for (ri=ocsp->requestlist; ri; ri = ri->next)
1448 ri->status = KSBA_STATUS_NONE;
1449 *ri->this_update = 0;
1450 *ri->next_update = 0;
1451 *ri->revocation_time = 0;
1452 ri->revocation_reason = 0;
1453 release_ocsp_extensions (ri->single_extensions);
1456 /* Run the actual parser. */
1457 err = parse_response (ocsp, msg, msglen);
1458 *response_status = ocsp->response_status;
1460 /* FIXME: find duplicates in the request list and set them to the
1463 /* We used to assume that the server needs to return a nonce, but
1464 * that is not true (see for example RFC-8954). Thus we do not
1465 * check the former good_nonce flag anymore. */
1466 if (*response_status == KSBA_OCSP_RSPSTATUS_SUCCESS
1468 *response_status = KSBA_OCSP_RSPSTATUS_REPLAYED;
1474 /* Return the digest algorithm to be used for the signature or NULL in
1475 case of an error. The returned pointer is valid as long as the
1476 context is valid and no other ksba_ocsp_parse_response or
1477 ksba_ocsp_build_request has been used. */
1479 ksba_ocsp_get_digest_algo (ksba_ocsp_t ocsp)
1481 return ocsp? ocsp->digest_oid : NULL;
1485 /* Hash the data of the response using the hash function HASHER which
1486 will be passed HASHER_ARG as its first argument and a pointer and a
1487 length of the data to be hashed. This hash function might be called
1488 several times and should update the hash context. The algorithm to
1489 be used for the hashing can be retrieved using
1490 ksba_ocsp_get_digest_algo. Note that MSG and MSGLEN should be
1491 indentical to the values passed to ksba_ocsp_parse_response. */
1493 ksba_ocsp_hash_response (ksba_ocsp_t ocsp,
1494 const unsigned char *msg, size_t msglen,
1495 void (*hasher)(void *, const void *, size_t length),
1499 if (!ocsp || !msg || !hasher)
1500 return gpg_error (GPG_ERR_INV_VALUE);
1501 if (!ocsp->hash_length)
1502 return gpg_error (GPG_ERR_MISSING_ACTION);
1503 if (ocsp->hash_offset + ocsp->hash_length >= msglen)
1504 return gpg_error (GPG_ERR_CONFLICT);
1506 hasher (hasher_arg, msg + ocsp->hash_offset, ocsp->hash_length);
1511 /* Return the actual signature in a format suitable to be used as
1512 input to Libgcrypt's verification function. The caller must free
1513 the returned string and that function may be called only once after
1514 a successful ksba_ocsp_parse_response. Returns NULL for an invalid
1515 handle or if no signature is available. If PRODUCED_AT is not NULL,
1516 it will receive the time the response was signed. */
1518 ksba_ocsp_get_sig_val (ksba_ocsp_t ocsp, ksba_isotime_t produced_at)
1524 if (!ocsp || !ocsp->sigval )
1528 _ksba_copy_time (produced_at, ocsp->produced_at);
1531 ocsp->sigval = NULL;
1536 /* Return the responder ID for the current response into R_NAME or
1537 into R_KEYID. On sucess either R_NAME or R_KEYID will receive an
1538 allocated object. If R_NAME or R_KEYID has been passed as NULL but
1539 a value is available the errorcode GPG_ERR_NO_DATA is returned.
1540 Caller must release the values stored at R_NAME or R_KEYID; the
1541 function stores NULL tehre in case of an error. */
1543 ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
1544 char **r_name, ksba_sexp_t *r_keyid)
1552 return gpg_error (GPG_ERR_INV_VALUE);
1554 if (ocsp->responder_id.name && r_name)
1556 *r_name = xtrystrdup (ocsp->responder_id.name);
1558 return gpg_error_from_syserror ();
1560 else if (ocsp->responder_id.keyid && r_keyid)
1565 sprintf (numbuf,"(%lu:", (unsigned long)ocsp->responder_id.keyidlen);
1566 numbuflen = strlen (numbuf);
1567 *r_keyid = xtrymalloc (numbuflen + ocsp->responder_id.keyidlen + 2);
1569 return gpg_error_from_syserror ();
1570 strcpy (*r_keyid, numbuf);
1571 memcpy (*r_keyid+numbuflen,
1572 ocsp->responder_id.keyid, ocsp->responder_id.keyidlen);
1573 (*r_keyid)[numbuflen + ocsp->responder_id.keyidlen] = ')';
1574 (*r_keyid)[numbuflen + ocsp->responder_id.keyidlen + 1] = 0;
1577 return gpg_error (GPG_ERR_NO_DATA);
1583 /* Get optional certificates out of a response. The caller may use
1584 * this in a loop to get all certificates. The returned certificate
1585 * is a shallow copy of the original one; the caller must still use
1586 * ksba_cert_release() to free it. Returns: A certificate object or
1587 * NULL for end of list or error. */
1589 ksba_ocsp_get_cert (ksba_ocsp_t ocsp, int idx)
1591 struct ocsp_certlist_s *cl;
1593 if (!ocsp || idx < 0)
1596 for (cl=ocsp->received_certs; cl && idx; cl = cl->next, idx--)
1600 ksba_cert_ref (cl->cert);
1607 /* Return the status of the certificate CERT for the last response
1608 done on the context OCSP. CERT must be the same certificate as
1609 used for the request; only a shallow compare is done (i.e. the
1610 pointers are compared). R_STATUS returns the status value,
1611 R_THIS_UPDATE and R_NEXT_UPDATE are the corresponding OCSP response
1612 values, R_REVOCATION_TIME is only set to the revocation time if the
1613 indicated status is revoked, R_REASON will be set to the reason
1614 given for a revocation. All the R_* arguments may be given as NULL
1615 if the value is not required. The function return 0 on success,
1616 GPG_ERR_NOT_FOUND if CERT was not used in the request or any other
1617 error code. Note that the caller should have checked the signature
1618 of the entire reponse to be good before using the stati retruned by
1621 ksba_ocsp_get_status (ksba_ocsp_t ocsp, ksba_cert_t cert,
1622 ksba_status_t *r_status,
1623 ksba_isotime_t r_this_update,
1624 ksba_isotime_t r_next_update,
1625 ksba_isotime_t r_revocation_time,
1626 ksba_crl_reason_t *r_reason)
1628 struct ocsp_reqitem_s *ri;
1630 if (!ocsp || !cert || !r_status)
1631 return gpg_error (GPG_ERR_INV_VALUE);
1632 if (!ocsp->requestlist)
1633 return gpg_error (GPG_ERR_MISSING_ACTION);
1635 /* Find the certificate. We don't care about the issuer certificate
1636 and stop at the first match. The implementation may be optimized
1637 by keeping track of the last certificate found to start with the
1638 next one then. Given that a usual request consists only of a few
1639 certificates, this does not make much sense in reality. */
1640 for (ri=ocsp->requestlist; ri; ri = ri->next)
1641 if (ri->cert == cert)
1644 return gpg_error (GPG_ERR_NOT_FOUND);
1646 *r_status = ri->status;
1648 _ksba_copy_time (r_this_update, ri->this_update);
1650 _ksba_copy_time (r_next_update, ri->next_update);
1651 if (r_revocation_time)
1652 _ksba_copy_time (r_revocation_time, ri->revocation_time);
1654 *r_reason = ri->revocation_reason;
1659 /* WARNING: The returned values ares only valid as long as no other
1660 ocsp function is called on the same context. */
1662 ksba_ocsp_get_extension (ksba_ocsp_t ocsp, ksba_cert_t cert, int idx,
1663 char const **r_oid, int *r_crit,
1664 unsigned char const **r_der, size_t *r_derlen)
1666 struct ocsp_extension_s *ex;
1669 return gpg_error (GPG_ERR_INV_VALUE);
1670 if (!ocsp->requestlist)
1671 return gpg_error (GPG_ERR_MISSING_ACTION);
1673 return gpg_error (GPG_ERR_INV_INDEX);
1677 /* Return extensions for the certificate (singleExtensions). */
1678 struct ocsp_reqitem_s *ri;
1680 for (ri=ocsp->requestlist; ri; ri = ri->next)
1681 if (ri->cert == cert)
1684 return gpg_error (GPG_ERR_NOT_FOUND);
1686 for (ex=ri->single_extensions; ex && idx; ex = ex->next, idx--)
1689 return gpg_error (GPG_ERR_EOF); /* No more extensions. */
1693 /* Return extensions for the response (responseExtensions). */
1694 for (ex=ocsp->response_extensions; ex && idx; ex = ex->next, idx--)
1697 return gpg_error (GPG_ERR_EOF); /* No more extensions. */
1705 *r_der = ex->data + ex->off;
1707 *r_derlen = ex->len;