Botan  2.11.0
Crypto and TLS for C++11
ocsp.cpp
Go to the documentation of this file.
1 /*
2 * OCSP
3 * (C) 2012,2013 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/ocsp.h>
9 #include <botan/certstor.h>
10 #include <botan/der_enc.h>
11 #include <botan/ber_dec.h>
12 #include <botan/x509_ext.h>
13 #include <botan/oids.h>
14 #include <botan/base64.h>
15 #include <botan/pubkey.h>
16 #include <botan/parsing.h>
17 
18 #if defined(BOTAN_HAS_HTTP_UTIL)
19  #include <botan/http_util.h>
20 #endif
21 
22 namespace Botan {
23 
24 namespace OCSP {
25 
26 namespace {
27 
28 // TODO: should this be in a header somewhere?
29 void decode_optional_list(BER_Decoder& ber,
30  ASN1_Tag tag,
31  std::vector<X509_Certificate>& output)
32  {
33  BER_Object obj = ber.get_next_object();
34 
35  if(obj.is_a(tag, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)) == false)
36  {
37  ber.push_back(obj);
38  return;
39  }
40 
41  BER_Decoder list(obj);
42 
43  while(list.more_items())
44  {
45  BER_Object certbits = list.get_next_object();
46  X509_Certificate cert(certbits.bits(), certbits.length());
47  output.push_back(std::move(cert));
48  }
49  }
50 
51 }
52 
53 Request::Request(const X509_Certificate& issuer_cert,
54  const X509_Certificate& subject_cert) :
55  m_issuer(issuer_cert),
56  m_certid(m_issuer, BigInt::decode(subject_cert.serial_number()))
57  {
58  if(subject_cert.issuer_dn() != issuer_cert.subject_dn())
59  throw Invalid_Argument("Invalid cert pair to OCSP::Request (mismatched issuer,subject args?)");
60  }
61 
62 Request::Request(const X509_Certificate& issuer_cert,
63  const BigInt& subject_serial) :
64  m_issuer(issuer_cert),
65  m_certid(m_issuer, subject_serial)
66  {
67  }
68 
69 std::vector<uint8_t> Request::BER_encode() const
70  {
71  std::vector<uint8_t> output;
72  DER_Encoder(output).start_cons(SEQUENCE)
73  .start_cons(SEQUENCE)
74  .start_explicit(0)
75  .encode(static_cast<size_t>(0)) // version #
76  .end_explicit()
77  .start_cons(SEQUENCE)
78  .start_cons(SEQUENCE)
79  .encode(m_certid)
80  .end_cons()
81  .end_cons()
82  .end_cons()
83  .end_cons();
84 
85  return output;
86  }
87 
88 std::string Request::base64_encode() const
89  {
90  return Botan::base64_encode(BER_encode());
91  }
92 
93 Response::Response(Certificate_Status_Code status)
94  {
95  m_dummy_response_status = status;
96  }
97 
98 Response::Response(const uint8_t response_bits[], size_t response_bits_len) :
99  m_response_bits(response_bits, response_bits + response_bits_len)
100  {
101  m_dummy_response_status = Certificate_Status_Code::OCSP_RESPONSE_INVALID;
102 
103  BER_Decoder response_outer = BER_Decoder(m_response_bits).start_cons(SEQUENCE);
104 
105  size_t resp_status = 0;
106 
107  response_outer.decode(resp_status, ENUMERATED, UNIVERSAL);
108 
109  /*
110  * FIXME: properly decode error responses
111  */
112  if(resp_status != 0)
113  throw Decoding_Error("OCSP response status " + std::to_string(resp_status));
114 
115  if(response_outer.more_items())
116  {
117  BER_Decoder response_bytes =
118  response_outer.start_cons(ASN1_Tag(0), CONTEXT_SPECIFIC).start_cons(SEQUENCE);
119 
120  response_bytes.decode_and_check(OID("1.3.6.1.5.5.7.48.1.1"),
121  "Unknown response type in OCSP response");
122 
123  BER_Decoder basicresponse =
124  BER_Decoder(response_bytes.get_next_octet_string()).start_cons(SEQUENCE);
125 
126  basicresponse.start_cons(SEQUENCE)
127  .raw_bytes(m_tbs_bits)
128  .end_cons()
129  .decode(m_sig_algo)
130  .decode(m_signature, BIT_STRING);
131  decode_optional_list(basicresponse, ASN1_Tag(0), m_certs);
132 
133  size_t responsedata_version = 0;
134  Extensions extensions;
135 
136  BER_Decoder(m_tbs_bits)
137  .decode_optional(responsedata_version, ASN1_Tag(0),
138  ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
139 
140  .decode_optional(m_signer_name, ASN1_Tag(1),
141  ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
142 
143  .decode_optional_string(m_key_hash, OCTET_STRING, 2,
144  ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
145 
146  .decode(m_produced_at)
147 
148  .decode_list(m_responses)
149 
150  .decode_optional(extensions, ASN1_Tag(1),
151  ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC));
152  }
153 
154  response_outer.end_cons();
155  }
156 
157 Certificate_Status_Code Response::verify_signature(const X509_Certificate& issuer) const
158  {
159  if (m_responses.empty())
160  return m_dummy_response_status;
161 
162  try
163  {
164  std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key());
165 
166  const std::vector<std::string> sig_info =
167  split_on(OIDS::lookup(m_sig_algo.get_oid()), '/');
168 
169  if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name())
170  return Certificate_Status_Code::OCSP_RESPONSE_INVALID;
171 
172  std::string padding = sig_info[1];
173  Signature_Format format = (pub_key->message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
174 
175  PK_Verifier verifier(*pub_key, padding, format);
176 
177  if(verifier.verify_message(ASN1::put_in_sequence(m_tbs_bits), m_signature))
178  return Certificate_Status_Code::OCSP_SIGNATURE_OK;
179  else
180  return Certificate_Status_Code::OCSP_SIGNATURE_ERROR;
181  }
182  catch(Exception&)
183  {
184  return Certificate_Status_Code::OCSP_SIGNATURE_ERROR;
185  }
186  }
187 
188 Certificate_Status_Code Response::check_signature(const std::vector<Certificate_Store*>& trusted_roots,
189  const std::vector<std::shared_ptr<const X509_Certificate>>& ee_cert_path) const
190  {
191  if (m_responses.empty())
192  return m_dummy_response_status;
193 
194  std::shared_ptr<const X509_Certificate> signing_cert;
195 
196  for(size_t i = 0; i != trusted_roots.size(); ++i)
197  {
198  if(m_signer_name.empty() && m_key_hash.empty())
199  return Certificate_Status_Code::OCSP_RESPONSE_INVALID;
200 
201  if(!m_signer_name.empty())
202  {
203  signing_cert = trusted_roots[i]->find_cert(m_signer_name, std::vector<uint8_t>());
204  if(signing_cert)
205  {
206  break;
207  }
208  }
209 
210  if(m_key_hash.size() > 0)
211  {
212  signing_cert = trusted_roots[i]->find_cert_by_pubkey_sha1(m_key_hash);
213  if(signing_cert)
214  {
215  break;
216  }
217  }
218  }
219 
220  if(!signing_cert && ee_cert_path.size() > 1)
221  {
222  // End entity cert is not allowed to sign their own OCSP request :)
223  for(size_t i = 1; i < ee_cert_path.size(); ++i)
224  {
225  // Check all CA certificates in the (assumed validated) EE cert path
226  if(!m_signer_name.empty() && ee_cert_path[i]->subject_dn() == m_signer_name)
227  {
228  signing_cert = ee_cert_path[i];
229  break;
230  }
231 
232  if(m_key_hash.size() > 0 && ee_cert_path[i]->subject_public_key_bitstring_sha1() == m_key_hash)
233  {
234  signing_cert = ee_cert_path[i];
235  break;
236  }
237  }
238  }
239 
240  if(!signing_cert && m_certs.size() > 0)
241  {
242  for(size_t i = 0; i < m_certs.size(); ++i)
243  {
244  // Check all CA certificates in the (assumed validated) EE cert path
245  if(!m_signer_name.empty() && m_certs[i].subject_dn() == m_signer_name)
246  {
247  signing_cert = std::make_shared<const X509_Certificate>(m_certs[i]);
248  break;
249  }
250 
251  if(m_key_hash.size() > 0 && m_certs[i].subject_public_key_bitstring_sha1() == m_key_hash)
252  {
253  signing_cert = std::make_shared<const X509_Certificate>(m_certs[i]);
254  break;
255  }
256  }
257  }
258 
259  if(!signing_cert)
260  return Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND;
261 
262  if(!signing_cert->allowed_usage(CRL_SIGN) &&
263  !signing_cert->allowed_extended_usage("PKIX.OCSPSigning"))
264  {
265  return Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE;
266  }
267 
268  return this->verify_signature(*signing_cert);
269  }
270 
271 Certificate_Status_Code Response::status_for(const X509_Certificate& issuer,
272  const X509_Certificate& subject,
273  std::chrono::system_clock::time_point ref_time,
274  std::chrono::seconds max_age) const
275  {
276  if(m_responses.empty())
277  { return m_dummy_response_status; }
278 
279  for(const auto& response : m_responses)
280  {
281  if(response.certid().is_id_for(issuer, subject))
282  {
283  X509_Time x509_ref_time(ref_time);
284 
285  if(response.cert_status() == 1)
286  { return Certificate_Status_Code::CERT_IS_REVOKED; }
287 
288  if(response.this_update() > x509_ref_time)
289  { return Certificate_Status_Code::OCSP_NOT_YET_VALID; }
290 
291  if(response.next_update().time_is_set())
292  {
293  if(x509_ref_time > response.next_update())
294  { return Certificate_Status_Code::OCSP_HAS_EXPIRED; }
295  }
296  else if(max_age > std::chrono::seconds::zero() && ref_time - response.this_update().to_std_timepoint() > max_age)
297  { return Certificate_Status_Code::OCSP_IS_TOO_OLD; }
298 
299  if(response.cert_status() == 0)
300  { return Certificate_Status_Code::OCSP_RESPONSE_GOOD; }
301  else
302  { return Certificate_Status_Code::OCSP_BAD_STATUS; }
303  }
304  }
305 
306  return Certificate_Status_Code::OCSP_CERT_NOT_LISTED;
307  }
308 
309 #if defined(BOTAN_HAS_HTTP_UTIL)
310 
311 Response online_check(const X509_Certificate& issuer,
312  const BigInt& subject_serial,
313  const std::string& ocsp_responder,
314  Certificate_Store* trusted_roots,
315  std::chrono::milliseconds timeout)
316  {
317  if(ocsp_responder.empty())
318  throw Invalid_Argument("No OCSP responder specified");
319 
320  OCSP::Request req(issuer, subject_serial);
321 
322  auto http = HTTP::POST_sync(ocsp_responder,
323  "application/ocsp-request",
324  req.BER_encode(),
325  1,
326  timeout);
327 
328  http.throw_unless_ok();
329 
330  // Check the MIME type?
331 
332  OCSP::Response response(http.body());
333 
334  std::vector<Certificate_Store*> trusted_roots_vec;
335  trusted_roots_vec.push_back(trusted_roots);
336 
337  if(trusted_roots)
338  response.check_signature(trusted_roots_vec);
339 
340  return response;
341  }
342 
343 
344 Response online_check(const X509_Certificate& issuer,
345  const X509_Certificate& subject,
346  Certificate_Store* trusted_roots,
347  std::chrono::milliseconds timeout)
348  {
349  if(subject.issuer_dn() != issuer.subject_dn())
350  throw Invalid_Argument("Invalid cert pair to OCSP::online_check (mismatched issuer,subject args?)");
351 
352  return online_check(issuer,
353  BigInt::decode(subject.serial_number()),
354  subject.ocsp_responder(),
355  trusted_roots,
356  timeout);
357  }
358 
359 #endif
360 
361 }
362 
363 }
output
uint32_t uint8_t output[]
Definition: ffi.h:512
Botan::trusted_roots
Path_Validation_Result const Path_Validation_Restrictions const std::vector< Certificate_Store * > & trusted_roots
Definition: x509path.h:250
CRL_SIGN
Definition: ffi.h:1532
Botan::HTTP::POST_sync
Response POST_sync(const std::string &url, const std::string &content_type, const std::vector< uint8_t > &body, size_t allowable_redirects, std::chrono::milliseconds timeout)
Definition: http_util.cpp:242
padding
botan_pubkey_t const char * padding
Definition: ffi.h:1341
Botan::Signature_Format
Signature_Format
Definition: pubkey.h:28
Botan::split_on
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:144
cert
const uint8_t cert[]
Definition: ffi.h:1483
Botan::ASN1::to_string
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
Botan::ASN1_Tag
ASN1_Tag
Definition: asn1_obj.h:23
Botan::PKCS8::BER_encode
secure_vector< uint8_t > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:139
Botan::base64_encode
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:166
Botan
Definition: alg_id.cpp:13
Botan::PEM_Code::decode
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
Botan::ASN1::put_in_sequence
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition: asn1_obj.cpp:195
Botan::output
void BlockCipher const uint8_t size_t uint8_t output[]
Definition: package.h:29
Botan::Certificate_Status_Code
Certificate_Status_Code
Definition: cert_status.h:19
Botan::OIDS::lookup
std::string lookup(const OID &oid)
Definition: oids.cpp:113
Generated by   doxygen 1.8.15