#include "common.h"
#include "crypto/tls.h"
+#include "crypto/sha1.h"
#include "asn1.h"
+#include "x509v3.h"
#include "tlsv1_common.h"
#include "tlsv1_record.h"
#include "tlsv1_client.h"
}
+static int ocsp_responder_id_match(struct x509_certificate *signer,
+ struct x509_name *name, const u8 *key_hash)
+{
+ if (key_hash) {
+ u8 hash[SHA1_MAC_LEN];
+ const u8 *addr[1] = { signer->public_key };
+ size_t len[1] = { signer->public_key_len };
+
+ if (sha1_vector(1, addr, len, hash) < 0)
+ return 0;
+ return os_memcmp(hash, key_hash, SHA1_MAC_LEN) == 0;
+ }
+
+ return x509_name_compare(&signer->subject, name) == 0;
+}
+
+
static enum tls_ocsp_result
tls_process_basic_ocsp_response(struct tlsv1_client *conn, const u8 *resp,
size_t len)
{
+ struct asn1_hdr hdr;
+ const u8 *pos, *end;
+ const u8 *resp_data, *sign_value, *key_hash = NULL, *responses;
+ const u8 *resp_data_signed;
+ size_t resp_data_len, sign_value_len, responses_len;
+ size_t resp_data_signed_len;
+ struct x509_algorithm_identifier alg;
+ struct x509_certificate *certs = NULL, *last_cert = NULL;
+ struct x509_certificate *issuer, *signer;
+ struct x509_name name; /* used if key_hash == NULL */
+ char buf[100];
+ os_time_t produced_at;
+
wpa_hexdump(MSG_MSGDUMP, "OCSP: BasicOCSPResponse", resp, len);
+ os_memset(&name, 0, sizeof(name));
+
/*
* RFC 6960, 4.2.1:
* BasicOCSPResponse ::= SEQUENCE {
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
*/
- /* TODO */
+ if (asn1_get_next(resp, len, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Expected SEQUENCE (BasicOCSPResponse) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return TLS_OCSP_INVALID;
+ }
+ pos = hdr.payload;
+ end = hdr.payload + hdr.length;
+
+ /* ResponseData ::= SEQUENCE */
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Expected SEQUENCE (ResponseData) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return TLS_OCSP_INVALID;
+ }
+ resp_data = hdr.payload;
+ resp_data_len = hdr.length;
+ resp_data_signed = pos;
+ pos = hdr.payload + hdr.length;
+ resp_data_signed_len = pos - resp_data_signed;
+
+ /* signatureAlgorithm AlgorithmIdentifier */
+ if (x509_parse_algorithm_identifier(pos, end - pos, &alg, &pos))
+ return TLS_OCSP_INVALID;
+
+ /* signature BIT STRING */
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_BITSTRING) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Expected BITSTRING (signature) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return TLS_OCSP_INVALID;
+ }
+ if (hdr.length < 1)
+ return TLS_OCSP_INVALID;
+ pos = hdr.payload;
+ if (*pos) {
+ wpa_printf(MSG_DEBUG, "OCSP: BITSTRING - %d unused bits", *pos);
+ /* PKCS #1 v1.5 10.2.1:
+ * It is an error if the length in bits of the signature S is
+ * not a multiple of eight.
+ */
+ return TLS_OCSP_INVALID;
+ }
+ sign_value = pos + 1;
+ sign_value_len = hdr.length - 1;
+ pos += hdr.length;
+ wpa_hexdump(MSG_MSGDUMP, "OCSP: signature", sign_value, sign_value_len);
+
+ /* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL */
+ if (pos < end) {
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC ||
+ hdr.tag != 0) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Expected [0] EXPLICIT (certs) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ return TLS_OCSP_INVALID;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "OCSP: certs",
+ hdr.payload, hdr.length);
+ pos = hdr.payload;
+ end = hdr.payload + hdr.length;
+ while (pos < end) {
+ struct x509_certificate *cert;
+
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Expected SEQUENCE (Certificate) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ goto fail;
+ }
+
+ cert = x509_certificate_parse(hdr.payload, hdr.length);
+ if (!cert)
+ goto fail;
+ if (last_cert) {
+ last_cert->next = cert;
+ last_cert = cert;
+ } else {
+ last_cert = certs = cert;
+ }
+ pos = hdr.payload + hdr.length;
+ }
+ }
+
+ /*
+ * ResponseData ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * responderID ResponderID,
+ * producedAt GeneralizedTime,
+ * responses SEQUENCE OF SingleResponse,
+ * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
+ */
+ pos = resp_data;
+ end = resp_data + resp_data_len;
+ wpa_hexdump(MSG_MSGDUMP, "OCSP: ResponseData", pos, end - pos);
+
+ /*
+ * version [0] EXPLICIT Version DEFAULT v1
+ * Version ::= INTEGER { v1(0) }
+ */
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 &&
+ hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC &&
+ hdr.tag == 0) {
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_INTEGER ||
+ hdr.length != 1) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: No INTEGER (len=1) tag found for version field - found class %d tag 0x%x length %d",
+ hdr.class, hdr.tag, hdr.length);
+ goto fail;
+ }
+ wpa_printf(MSG_DEBUG, "OCSP: ResponseData version %u",
+ hdr.payload[0]);
+ if (hdr.payload[0] != 0) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Unsupported ResponseData version %u",
+ hdr.payload[0]);
+ goto no_resp;
+ }
+ pos = hdr.payload + hdr.length;
+ } else {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Default ResponseData version (v1)");
+ }
+
+ /*
+ * ResponderID ::= CHOICE {
+ * byName [1] Name,
+ * byKey [2] KeyHash }
+ */
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Expected CHOICE (ResponderID) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ goto fail;
+ }
+
+ if (hdr.tag == 1) {
+ /* Name */
+ if (x509_parse_name(hdr.payload, hdr.length, &name, &pos) < 0)
+ goto fail;
+ x509_name_string(&name, buf, sizeof(buf));
+ wpa_printf(MSG_DEBUG, "OCSP: ResponderID byName Name: %s", buf);
+ } else if (hdr.tag == 2) {
+ /* KeyHash ::= OCTET STRING */
+ if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_OCTETSTRING) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Expected OCTET STRING (KeyHash) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ goto fail;
+ }
+ key_hash = hdr.payload;
+ wpa_hexdump(MSG_DEBUG, "OCSP: ResponderID byKey KeyHash",
+ key_hash, hdr.length);
+ if (hdr.length != SHA1_MAC_LEN) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Unexpected byKey KeyHash length %u - expected %u for SHA-1",
+ hdr.length, SHA1_MAC_LEN);
+ goto fail;
+ }
+ pos = hdr.payload + hdr.length;
+ } else {
+ wpa_printf(MSG_DEBUG, "OCSP: Unexpected ResponderID CHOICE %u",
+ hdr.tag);
+ goto fail;
+ }
+
+ /* producedAt GeneralizedTime */
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_GENERALIZEDTIME ||
+ x509_parse_time(hdr.payload, hdr.length, hdr.tag,
+ &produced_at) < 0) {
+ wpa_printf(MSG_DEBUG, "OCSP: Failed to parse producedAt");
+ goto fail;
+ }
+ wpa_printf(MSG_DEBUG, "OCSP: producedAt %lu",
+ (unsigned long) produced_at);
+ pos = hdr.payload + hdr.length;
+
+ /* responses SEQUENCE OF SingleResponse */
+ if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+ hdr.class != ASN1_CLASS_UNIVERSAL ||
+ hdr.tag != ASN1_TAG_SEQUENCE) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Expected SEQUENCE (responses) - found class %d tag 0x%x",
+ hdr.class, hdr.tag);
+ goto fail;
+ }
+ responses = hdr.payload;
+ responses_len = hdr.length;
+ wpa_hexdump(MSG_MSGDUMP, "OCSP: responses", responses, responses_len);
+ pos = hdr.payload + hdr.length;
+
+ if (pos < end) {
+ /* responseExtensions [1] EXPLICIT Extensions OPTIONAL */
+ wpa_hexdump(MSG_MSGDUMP, "OCSP: responseExtensions",
+ pos, end - pos);
+ /* Ignore for now. */
+ }
+
+ if (!conn->server_cert) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Server certificate not known - cannot check OCSP response");
+ goto no_resp;
+ }
+
+ if (conn->server_cert->next) {
+ /* Issuer has already been verified in the chain */
+ issuer = conn->server_cert->next;
+ } else {
+ /* Find issuer from the set of trusted certificates */
+ for (issuer = conn->cred ? conn->cred->trusted_certs : NULL;
+ issuer; issuer = issuer->next) {
+ if (x509_name_compare(&conn->server_cert->issuer,
+ &issuer->subject) == 0)
+ break;
+ }
+ }
+ if (!issuer) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Server certificate issuer not known - cannot check OCSP response");
+ goto no_resp;
+ }
+
+ if (ocsp_responder_id_match(issuer, &name, key_hash)) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Server certificate issuer certificate matches ResponderID");
+ signer = issuer;
+ } else {
+ for (signer = certs; signer; signer = signer->next) {
+ if (!ocsp_responder_id_match(signer, &name, key_hash) ||
+ x509_name_compare(&conn->server_cert->issuer,
+ &issuer->subject) != 0 ||
+ !(signer->ext_key_usage &
+ X509_EXT_KEY_USAGE_OCSP) ||
+ x509_certificate_check_signature(issuer, signer) <
+ 0)
+ continue;
+ wpa_printf(MSG_DEBUG,
+ "OCSP: An extra certificate from the response matches ResponderID and is trusted as an OCSP signer");
+ break;
+ }
+ if (!signer) {
+ wpa_printf(MSG_DEBUG,
+ "OCSP: Could not find OCSP signer certificate");
+ goto no_resp;
+ }
+ }
+
+ x509_free_name(&name);
+ os_memset(&name, 0, sizeof(name));
+ x509_certificate_chain_free(certs);
+ certs = NULL;
+
+ if (x509_check_signature(signer, &alg, sign_value, sign_value_len,
+ resp_data_signed, resp_data_signed_len) < 0) {
+ wpa_printf(MSG_DEBUG, "OCSP: Invalid signature");
+ return TLS_OCSP_INVALID;
+ }
+
+ /* TODO: Check responses */
+
+no_resp:
+ x509_free_name(&name);
+ x509_certificate_chain_free(certs);
return TLS_OCSP_NO_RESPONSE;
+
+fail:
+ x509_free_name(&name);
+ x509_certificate_chain_free(certs);
+ return TLS_OCSP_INVALID;
}
/*
* X.509v3 certificate parsing and processing (RFC 3280 profile)
- * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
#include "x509v3.h"
-static void x509_free_name(struct x509_name *name)
+void x509_free_name(struct x509_name *name)
{
size_t i;
}
-static int x509_parse_algorithm_identifier(
- const u8 *buf, size_t len,
- struct x509_algorithm_identifier *id, const u8 **next)
+int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
+ struct x509_algorithm_identifier *id,
+ const u8 **next)
{
struct asn1_hdr hdr;
const u8 *pos, *end;
}
-static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
- const u8 **next)
+int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
+ const u8 **next)
{
struct asn1_hdr hdr;
const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
}
-static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag,
- os_time_t *val)
+int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val)
{
const char *pos;
int year, month, day, hour, min, sec;
}
+static int x509_id_kp_ocsp_oid(struct asn1_oid *oid)
+{
+ /* id-kp */
+ return oid->len == 9 &&
+ x509_id_kp_oid(oid) &&
+ oid->oid[8] == 9 /* id-kp-OCSPSigning */;
+}
+
+
static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
const u8 *pos, size_t len)
{
} else if (x509_id_kp_client_auth_oid(&oid)) {
os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf));
cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
+ } else if (x509_id_kp_ocsp_oid(&oid)) {
+ os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf));
+ cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP;
} else {
asn1_oid_to_str(&oid, buf, sizeof(buf));
}
*/
int x509_certificate_check_signature(struct x509_certificate *issuer,
struct x509_certificate *cert)
+{
+ return x509_check_signature(issuer, &cert->signature,
+ cert->sign_value, cert->sign_value_len,
+ cert->tbs_cert_start, cert->tbs_cert_len);
+}
+
+
+int x509_check_signature(struct x509_certificate *issuer,
+ struct x509_algorithm_identifier *signature,
+ const u8 *sign_value, size_t sign_value_len,
+ const u8 *signed_data, size_t signed_data_len)
{
struct crypto_public_key *pk;
u8 *data;
struct asn1_oid oid;
u8 hash[64];
size_t hash_len;
+ const u8 *addr[1] = { signed_data };
+ size_t len[1] = { signed_data_len };
- if (!x509_pkcs_oid(&cert->signature.oid) ||
- cert->signature.oid.len != 7 ||
- cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
+ if (!x509_pkcs_oid(&signature->oid) ||
+ signature->oid.len != 7 ||
+ signature->oid.oid[5] != 1 /* pkcs-1 */) {
wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
"algorithm");
return -1;
if (pk == NULL)
return -1;
- data_len = cert->sign_value_len;
+ data_len = sign_value_len;
data = os_malloc(data_len);
if (data == NULL) {
crypto_public_key_free(pk);
return -1;
}
- if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
- cert->sign_value_len, data,
+ if (crypto_public_key_decrypt_pkcs1(pk, sign_value,
+ sign_value_len, data,
&data_len) < 0) {
wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
crypto_public_key_free(pk);
}
if (x509_sha1_oid(&oid)) {
- if (cert->signature.oid.oid[6] !=
- 5 /* sha-1WithRSAEncryption */) {
+ if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
"does not match with certificate "
"signatureAlgorithm (%lu)",
- cert->signature.oid.oid[6]);
+ signature->oid.oid[6]);
os_free(data);
return -1;
}
}
if (x509_sha256_oid(&oid)) {
- if (cert->signature.oid.oid[6] !=
+ if (signature->oid.oid[6] !=
11 /* sha2561WithRSAEncryption */) {
wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
"does not match with certificate "
"signatureAlgorithm (%lu)",
- cert->signature.oid.oid[6]);
+ signature->oid.oid[6]);
os_free(data);
return -1;
}
}
if (x509_sha384_oid(&oid)) {
- if (cert->signature.oid.oid[6] !=
- 12 /* sha384WithRSAEncryption */) {
+ if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) {
wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 "
"does not match with certificate "
"signatureAlgorithm (%lu)",
- cert->signature.oid.oid[6]);
+ signature->oid.oid[6]);
os_free(data);
return -1;
}
}
if (x509_sha512_oid(&oid)) {
- if (cert->signature.oid.oid[6] !=
- 13 /* sha512WithRSAEncryption */) {
+ if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) {
wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 "
"does not match with certificate "
"signatureAlgorithm (%lu)",
- cert->signature.oid.oid[6]);
+ signature->oid.oid[6]);
os_free(data);
return -1;
}
}
switch (oid.oid[5]) {
case 5: /* md5 */
- if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
- {
+ if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) {
wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
"not match with certificate "
"signatureAlgorithm (%lu)",
- cert->signature.oid.oid[6]);
+ signature->oid.oid[6]);
os_free(data);
return -1;
}
wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
hdr.payload, hdr.length);
- switch (cert->signature.oid.oid[6]) {
+ switch (signature->oid.oid[6]) {
case 4: /* md5WithRSAEncryption */
- md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
- hash);
+ md5_vector(1, addr, len, hash);
hash_len = 16;
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
hash, hash_len);
break;
case 5: /* sha-1WithRSAEncryption */
- sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
- hash);
+ sha1_vector(1, addr, len, hash);
hash_len = 20;
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
hash, hash_len);
break;
case 11: /* sha256WithRSAEncryption */
- sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
- hash);
+ sha256_vector(1, addr, len, hash);
hash_len = 32;
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
hash, hash_len);
break;
case 12: /* sha384WithRSAEncryption */
- sha384_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
- hash);
+ sha384_vector(1, addr, len, hash);
hash_len = 48;
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)",
hash, hash_len);
break;
case 13: /* sha512WithRSAEncryption */
- sha512_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
- hash);
+ sha512_vector(1, addr, len, hash);
hash_len = 64;
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)",
hash, hash_len);
case 2: /* md2WithRSAEncryption */
default:
wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
- "algorithm (%lu)", cert->signature.oid.oid[6]);
+ "algorithm (%lu)", signature->oid.oid[6]);
os_free(data);
return -1;
}
projects / thirdparty / hostap.git / commitdiff
