/src/gnutls/lib/cert-session.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2001-2015 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2015 Nikos Mavrogiannopoulos |
4 | | * |
5 | | * Author: Nikos Mavrogiannopoulos |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
21 | | * |
22 | | */ |
23 | | |
24 | | /* This file contains certificate authentication functions to be exported in the |
25 | | * API which did not fit elsewhere. |
26 | | */ |
27 | | |
28 | | #include "gnutls_int.h" |
29 | | #include "auth/srp_kx.h" |
30 | | #include "auth/anon.h" |
31 | | #include "auth/cert.h" |
32 | | #include "auth/psk.h" |
33 | | #include "errors.h" |
34 | | #include "auth.h" |
35 | | #include "state.h" |
36 | | #include "datum.h" |
37 | | #include "algorithms.h" |
38 | | #include <gnutls/ocsp.h> |
39 | | #include "x509.h" |
40 | | #include "hello_ext.h" |
41 | | #include "x509/ocsp.h" |
42 | | |
43 | | /** |
44 | | * gnutls_certificate_get_ours: |
45 | | * @session: is a gnutls session |
46 | | * |
47 | | * Gets the certificate as sent to the peer in the last handshake. |
48 | | * The certificate is in raw (DER) format. No certificate |
49 | | * list is being returned. Only the first certificate. |
50 | | * |
51 | | * This function returns the certificate that was sent in the current |
52 | | * handshake. In subsequent resumed sessions this function will return |
53 | | * %NULL. That differs from gnutls_certificate_get_peers() which always |
54 | | * returns the peer's certificate used in the original session. |
55 | | * |
56 | | * Returns: a pointer to a #gnutls_datum_t containing our |
57 | | * certificate, or %NULL in case of an error or if no certificate |
58 | | * was used. |
59 | | **/ |
60 | | const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session) |
61 | 0 | { |
62 | 0 | gnutls_certificate_credentials_t cred; |
63 | |
|
64 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, NULL); |
65 | |
|
66 | 0 | cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( |
67 | 0 | session, GNUTLS_CRD_CERTIFICATE); |
68 | 0 | if (cred == NULL) { |
69 | 0 | gnutls_assert(); |
70 | 0 | return NULL; |
71 | 0 | } |
72 | | |
73 | 0 | if (session->internals.selected_cert_list == NULL) |
74 | 0 | return NULL; |
75 | | |
76 | 0 | return &session->internals.selected_cert_list[0].cert; |
77 | 0 | } |
78 | | |
79 | | /** |
80 | | * gnutls_certificate_get_peers: |
81 | | * @session: is a gnutls session |
82 | | * @list_size: is the length of the certificate list (may be %NULL) |
83 | | * |
84 | | * Get the peer's raw certificate (chain) as sent by the peer. These |
85 | | * certificates are in raw format (DER encoded for X.509). In case of |
86 | | * a X.509 then a certificate list may be present. The list |
87 | | * is provided as sent by the server; the server must send as first |
88 | | * certificate in the list its own certificate, following the |
89 | | * issuer's certificate, then the issuer's issuer etc. However, there |
90 | | * are servers which violate this principle and thus on certain |
91 | | * occasions this may be an unsorted list. |
92 | | * |
93 | | * In resumed sessions, this function will return the peer's certificate |
94 | | * list as used in the first/original session. |
95 | | * |
96 | | * Returns: a pointer to a #gnutls_datum_t containing the peer's |
97 | | * certificates, or %NULL in case of an error or if no certificate |
98 | | * was used. |
99 | | **/ |
100 | | const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t session, |
101 | | unsigned int *list_size) |
102 | 0 | { |
103 | 0 | cert_auth_info_t info; |
104 | |
|
105 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, NULL); |
106 | |
|
107 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
108 | 0 | if (info == NULL) |
109 | 0 | return NULL; |
110 | | |
111 | 0 | if (list_size) |
112 | 0 | *list_size = info->ncerts; |
113 | 0 | return info->raw_certificate_list; |
114 | 0 | } |
115 | | |
116 | | /** |
117 | | * gnutls_certificate_client_get_request_status: |
118 | | * @session: is a gnutls session |
119 | | * |
120 | | * Get whether client certificate was requested on the last |
121 | | * handshake or not. |
122 | | * |
123 | | * Returns: 0 if the peer (server) did not request client |
124 | | * authentication or 1 otherwise. |
125 | | **/ |
126 | | unsigned gnutls_certificate_client_get_request_status(gnutls_session_t session) |
127 | 0 | { |
128 | 0 | return (session->internals.hsk_flags & HSK_CRT_ASKED) ? 1 : 0; |
129 | 0 | } |
130 | | |
131 | | /** |
132 | | * gnutls_certificate_set_params_function: |
133 | | * @res: is a gnutls_certificate_credentials_t type |
134 | | * @func: is the function to be called |
135 | | * |
136 | | * This function will set a callback in order for the server to get |
137 | | * the Diffie-Hellman or RSA parameters for certificate |
138 | | * authentication. The callback should return %GNUTLS_E_SUCCESS (0) on success. |
139 | | * |
140 | | * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 |
141 | | * or later. Since 3.6.0, DH parameters are negotiated |
142 | | * following RFC7919. |
143 | | * |
144 | | **/ |
145 | | void gnutls_certificate_set_params_function( |
146 | | gnutls_certificate_credentials_t res, gnutls_params_function *func) |
147 | 0 | { |
148 | 0 | res->params_func = func; |
149 | 0 | } |
150 | | |
151 | | /** |
152 | | * gnutls_certificate_set_flags: |
153 | | * @res: is a gnutls_certificate_credentials_t type |
154 | | * @flags: are the flags of #gnutls_certificate_flags type |
155 | | * |
156 | | * This function will set flags to tweak the operation of |
157 | | * the credentials structure. See the #gnutls_certificate_flags enumerations |
158 | | * for more information on the available flags. |
159 | | * |
160 | | * Since: 3.4.7 |
161 | | **/ |
162 | | void gnutls_certificate_set_flags(gnutls_certificate_credentials_t res, |
163 | | unsigned int flags) |
164 | 0 | { |
165 | 0 | res->flags = flags; |
166 | 0 | } |
167 | | |
168 | | /** |
169 | | * gnutls_certificate_set_verify_flags: |
170 | | * @res: is a gnutls_certificate_credentials_t type |
171 | | * @flags: are the flags |
172 | | * |
173 | | * This function will set the flags to be used for verification |
174 | | * of certificates and override any defaults. The provided flags must be an OR of the |
175 | | * #gnutls_certificate_verify_flags enumerations. |
176 | | * |
177 | | **/ |
178 | | void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t res, |
179 | | unsigned int flags) |
180 | 0 | { |
181 | 0 | res->verify_flags = flags; |
182 | 0 | } |
183 | | |
184 | | /** |
185 | | * gnutls_certificate_get_verify_flags: |
186 | | * @res: is a gnutls_certificate_credentials_t type |
187 | | * |
188 | | * Returns the verification flags set with |
189 | | * gnutls_certificate_set_verify_flags(). |
190 | | * |
191 | | * Returns: The certificate verification flags used by @res. |
192 | | * |
193 | | * Since: 3.4.0 |
194 | | */ |
195 | | unsigned int |
196 | | gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res) |
197 | 0 | { |
198 | 0 | return res->verify_flags; |
199 | 0 | } |
200 | | |
201 | | /** |
202 | | * gnutls_certificate_set_verify_limits: |
203 | | * @res: is a gnutls_certificate_credentials type |
204 | | * @max_bits: is the number of bits of an acceptable certificate (default 8200) |
205 | | * @max_depth: is maximum depth of the verification of a certificate chain (default 5) |
206 | | * |
207 | | * This function will set some upper limits for the default |
208 | | * verification function, gnutls_certificate_verify_peers2(), to avoid |
209 | | * denial of service attacks. You can set them to zero to disable |
210 | | * limits. |
211 | | **/ |
212 | | void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t res, |
213 | | unsigned int max_bits, |
214 | | unsigned int max_depth) |
215 | 0 | { |
216 | 0 | res->verify_depth = max_depth; |
217 | 0 | res->verify_bits = max_bits; |
218 | 0 | } |
219 | | |
220 | | #ifdef ENABLE_OCSP |
221 | | static int _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session, |
222 | | gnutls_x509_crt_t cert, |
223 | | unsigned int *ocsp_status); |
224 | | |
225 | | /* If the certificate is revoked status will be GNUTLS_CERT_REVOKED. |
226 | | * |
227 | | * Returns: |
228 | | * Zero on success, a negative error code otherwise. |
229 | | */ |
230 | | static int check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert, |
231 | | gnutls_x509_trust_list_t tl, |
232 | | unsigned verify_flags, |
233 | | gnutls_x509_crt_t *cand_issuers, |
234 | | unsigned cand_issuers_size, gnutls_datum_t *data, |
235 | | unsigned int *ostatus) |
236 | 0 | { |
237 | 0 | gnutls_ocsp_resp_t resp; |
238 | 0 | int ret; |
239 | 0 | unsigned int status, cert_status; |
240 | 0 | time_t rtime, vtime, ntime, now; |
241 | 0 | int check_failed = 0; |
242 | |
|
243 | 0 | now = gnutls_time(0); |
244 | |
|
245 | 0 | ret = gnutls_ocsp_resp_init(&resp); |
246 | 0 | if (ret < 0) |
247 | 0 | return gnutls_assert_val(ret); |
248 | | |
249 | 0 | ret = gnutls_ocsp_resp_import(resp, data); |
250 | 0 | if (ret < 0) { |
251 | 0 | _gnutls_audit_log( |
252 | 0 | session, |
253 | 0 | "There was an error parsing the OCSP response: %s.\n", |
254 | 0 | gnutls_strerror(ret)); |
255 | 0 | ret = gnutls_assert_val(0); |
256 | 0 | check_failed = 1; |
257 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
258 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
259 | 0 | goto cleanup; |
260 | 0 | } |
261 | | |
262 | 0 | if (gnutls_ocsp_resp_get_status(resp) != GNUTLS_OCSP_RESP_SUCCESSFUL) { |
263 | 0 | ret = _gnutls_ocsp_verify_mandatory_stapling(session, cert, |
264 | 0 | ostatus); |
265 | 0 | if (ret < 0) { |
266 | 0 | gnutls_assert(); |
267 | 0 | goto cleanup; |
268 | 0 | } |
269 | 0 | if (*ostatus & GNUTLS_CERT_MISSING_OCSP_STATUS) { |
270 | 0 | _gnutls_audit_log( |
271 | 0 | session, |
272 | 0 | "Missing basic OCSP response while required: %s.\n", |
273 | 0 | gnutls_strerror(ret)); |
274 | 0 | check_failed = 1; |
275 | 0 | } |
276 | 0 | ret = gnutls_assert_val(0); |
277 | 0 | goto cleanup; |
278 | 0 | } |
279 | | |
280 | 0 | ret = gnutls_ocsp_resp_check_crt(resp, 0, cert); |
281 | 0 | if (ret < 0) { |
282 | 0 | ret = gnutls_assert_val(0); |
283 | 0 | _gnutls_audit_log( |
284 | 0 | session, |
285 | 0 | "Got OCSP response with an unrelated certificate.\n"); |
286 | 0 | check_failed = 1; |
287 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
288 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
289 | 0 | goto cleanup; |
290 | 0 | } |
291 | | |
292 | | /* Attempt to verify against our trusted list */ |
293 | 0 | ret = gnutls_ocsp_resp_verify(resp, tl, &status, verify_flags); |
294 | 0 | if ((ret < 0 || status != 0) && cand_issuers_size > 0) { |
295 | | /* Attempt to verify against the certificate list provided by the server */ |
296 | |
|
297 | 0 | ret = gnutls_ocsp_resp_verify_direct(resp, cand_issuers[0], |
298 | 0 | &status, verify_flags); |
299 | | /* if verification fails attempt to find whether any of the other |
300 | | * bundled CAs is an issuer of the OCSP response */ |
301 | 0 | if ((ret < 0 || status != 0) && cand_issuers_size > 1) { |
302 | 0 | int ret2; |
303 | 0 | unsigned status2, i; |
304 | |
|
305 | 0 | for (i = 1; i < cand_issuers_size; i++) { |
306 | 0 | ret2 = gnutls_ocsp_resp_verify_direct( |
307 | 0 | resp, cand_issuers[i], &status2, |
308 | 0 | verify_flags); |
309 | 0 | if (ret2 >= 0 && status2 == 0) { |
310 | 0 | status = status2; |
311 | 0 | ret = ret2; |
312 | 0 | break; |
313 | 0 | } |
314 | 0 | } |
315 | 0 | } |
316 | 0 | } |
317 | |
|
318 | 0 | if (ret < 0) { |
319 | 0 | ret = gnutls_assert_val(0); |
320 | 0 | gnutls_assert(); |
321 | 0 | check_failed = 1; |
322 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
323 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
324 | 0 | goto cleanup; |
325 | 0 | } |
326 | | |
327 | | /* do not consider revocation data if response was not verified */ |
328 | 0 | if (status != 0) { |
329 | 0 | char buf[MAX_OCSP_MSG_SIZE]; |
330 | |
|
331 | 0 | _gnutls_debug_log("OCSP rejection reason: %s\n", |
332 | 0 | _gnutls_ocsp_verify_status_to_str(status, |
333 | 0 | buf)); |
334 | |
|
335 | 0 | ret = gnutls_assert_val(0); |
336 | 0 | check_failed = 1; |
337 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
338 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
339 | 0 | goto cleanup; |
340 | 0 | } |
341 | | |
342 | 0 | ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL, |
343 | 0 | &cert_status, &vtime, &ntime, &rtime, |
344 | 0 | NULL); |
345 | 0 | if (ret < 0) { |
346 | 0 | _gnutls_audit_log( |
347 | 0 | session, |
348 | 0 | "There was an error parsing the OCSP response: %s.\n", |
349 | 0 | gnutls_strerror(ret)); |
350 | 0 | ret = gnutls_assert_val(0); |
351 | 0 | check_failed = 1; |
352 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
353 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
354 | 0 | goto cleanup; |
355 | 0 | } |
356 | | |
357 | 0 | if (cert_status == GNUTLS_OCSP_CERT_REVOKED) { |
358 | 0 | _gnutls_audit_log(session, |
359 | 0 | "The certificate was revoked via OCSP\n"); |
360 | 0 | check_failed = 1; |
361 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
362 | 0 | *ostatus |= GNUTLS_CERT_REVOKED; |
363 | 0 | ret = gnutls_assert_val(0); |
364 | 0 | goto cleanup; |
365 | 0 | } |
366 | | |
367 | | /* Report but do not fail on the following errors. That is |
368 | | * because including the OCSP response in the handshake shouldn't |
369 | | * cause more problems that not including it. |
370 | | */ |
371 | 0 | if (ntime == -1) { |
372 | 0 | if (now - vtime > MAX_OCSP_VALIDITY_SECS) { |
373 | 0 | _gnutls_audit_log(session, |
374 | 0 | "The OCSP response is old\n"); |
375 | 0 | check_failed = 1; |
376 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
377 | 0 | *ostatus |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED; |
378 | 0 | goto cleanup; |
379 | 0 | } |
380 | 0 | } else { |
381 | | /* there is a newer OCSP answer, don't trust this one */ |
382 | 0 | if (ntime < now) { |
383 | 0 | _gnutls_audit_log( |
384 | 0 | session, |
385 | 0 | "There is a newer OCSP response but was not provided by the server\n"); |
386 | 0 | check_failed = 1; |
387 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
388 | 0 | *ostatus |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED; |
389 | 0 | goto cleanup; |
390 | 0 | } |
391 | 0 | } |
392 | | |
393 | 0 | ret = 0; |
394 | 0 | cleanup: |
395 | 0 | if (check_failed == 0) |
396 | 0 | session->internals.ocsp_check_ok = 1; |
397 | |
|
398 | 0 | gnutls_ocsp_resp_deinit(resp); |
399 | |
|
400 | 0 | return ret; |
401 | 0 | } |
402 | | |
403 | | static int _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session, |
404 | | gnutls_x509_crt_t cert, |
405 | | unsigned int *ocsp_status) |
406 | 0 | { |
407 | 0 | gnutls_x509_tlsfeatures_t tlsfeatures; |
408 | 0 | int i, ret; |
409 | 0 | unsigned feature; |
410 | | |
411 | | /* RFC 7633: If cert has TLS feature GNUTLS_EXTENSION_STATUS_REQUEST, stapling is mandatory. |
412 | | * |
413 | | * At this point, we know that we did not get the certificate status. |
414 | | * |
415 | | * To proceed, first check whether we have requested the certificate status |
416 | | */ |
417 | 0 | if (!(session->internals.hsk_flags & HSK_OCSP_REQUESTED)) |
418 | 0 | return 0; |
419 | | |
420 | 0 | ret = gnutls_x509_tlsfeatures_init(&tlsfeatures); |
421 | 0 | if (ret < 0) { |
422 | 0 | gnutls_assert(); |
423 | 0 | return ret; |
424 | 0 | } |
425 | | |
426 | | /* We have requested the status, now check whether the certificate mandates a response */ |
427 | 0 | if (gnutls_x509_crt_get_tlsfeatures(cert, tlsfeatures, 0, NULL) == 0) { |
428 | 0 | for (i = 0;; ++i) { |
429 | 0 | ret = gnutls_x509_tlsfeatures_get(tlsfeatures, i, |
430 | 0 | &feature); |
431 | 0 | if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { |
432 | 0 | break; |
433 | 0 | } |
434 | | |
435 | 0 | if (ret < 0) { |
436 | 0 | gnutls_assert(); |
437 | 0 | goto cleanup; |
438 | 0 | } |
439 | | |
440 | 0 | if (feature == 5 /* TLS ID for status request */) { |
441 | | /* We sent a status request, the certificate mandates a reply, but we did not get any. */ |
442 | 0 | *ocsp_status |= GNUTLS_CERT_INVALID; |
443 | 0 | *ocsp_status |= GNUTLS_CERT_MISSING_OCSP_STATUS; |
444 | 0 | break; |
445 | 0 | } |
446 | 0 | } |
447 | 0 | } |
448 | | |
449 | 0 | ret = 0; |
450 | 0 | cleanup: |
451 | 0 | gnutls_x509_tlsfeatures_deinit(tlsfeatures); |
452 | 0 | return ret; |
453 | 0 | } |
454 | | #endif |
455 | | |
456 | | #define CLEAR_CERTS \ |
457 | 0 | for (x = 0; x < peer_certificate_list_size; x++) { \ |
458 | 0 | if (peer_certificate_list[x]) \ |
459 | 0 | gnutls_x509_crt_deinit(peer_certificate_list[x]); \ |
460 | 0 | } \ |
461 | 0 | gnutls_free(peer_certificate_list) |
462 | | |
463 | | /*- |
464 | | * _gnutls_x509_cert_verify_peers - return the peer's certificate status |
465 | | * @session: is a gnutls session |
466 | | * |
467 | | * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). |
468 | | * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. |
469 | | * However you must also check the peer's name in order to check if the verified certificate belongs to the |
470 | | * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. |
471 | | -*/ |
472 | | int _gnutls_x509_cert_verify_peers(gnutls_session_t session, |
473 | | gnutls_typed_vdata_st *data, |
474 | | unsigned int elements, unsigned int *status) |
475 | 0 | { |
476 | 0 | cert_auth_info_t info; |
477 | 0 | gnutls_certificate_credentials_t cred; |
478 | 0 | gnutls_x509_crt_t *peer_certificate_list; |
479 | 0 | gnutls_datum_t resp; |
480 | 0 | int peer_certificate_list_size, i, x, ret; |
481 | 0 | gnutls_x509_crt_t *cand_issuers; |
482 | 0 | unsigned cand_issuers_size; |
483 | 0 | unsigned int ocsp_status = 0; |
484 | 0 | unsigned int verify_flags; |
485 | | |
486 | | /* No OCSP check so far */ |
487 | 0 | session->internals.ocsp_check_ok = 0; |
488 | |
|
489 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); |
490 | |
|
491 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
492 | 0 | if (info == NULL) { |
493 | 0 | gnutls_assert(); |
494 | 0 | return GNUTLS_E_INVALID_REQUEST; |
495 | 0 | } |
496 | | |
497 | 0 | cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( |
498 | 0 | session, GNUTLS_CRD_CERTIFICATE); |
499 | 0 | if (cred == NULL) { |
500 | 0 | gnutls_assert(); |
501 | 0 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
502 | 0 | } |
503 | | |
504 | 0 | if (info->raw_certificate_list == NULL || info->ncerts == 0) |
505 | 0 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
506 | | |
507 | 0 | if (info->ncerts > cred->verify_depth && cred->verify_depth > 0) { |
508 | 0 | gnutls_assert(); |
509 | 0 | return GNUTLS_E_CONSTRAINT_ERROR; |
510 | 0 | } |
511 | | |
512 | 0 | verify_flags = cred->verify_flags | |
513 | 0 | session->internals.additional_verify_flags; |
514 | | /* generate a list of gnutls_certs based on the auth info |
515 | | * raw certs. |
516 | | */ |
517 | 0 | peer_certificate_list_size = info->ncerts; |
518 | 0 | peer_certificate_list = gnutls_calloc(peer_certificate_list_size, |
519 | 0 | sizeof(gnutls_x509_crt_t)); |
520 | 0 | if (peer_certificate_list == NULL) { |
521 | 0 | gnutls_assert(); |
522 | 0 | return GNUTLS_E_MEMORY_ERROR; |
523 | 0 | } |
524 | | |
525 | 0 | for (i = 0; i < peer_certificate_list_size; i++) { |
526 | 0 | ret = gnutls_x509_crt_init(&peer_certificate_list[i]); |
527 | 0 | if (ret < 0) { |
528 | 0 | gnutls_assert(); |
529 | 0 | CLEAR_CERTS; |
530 | 0 | return ret; |
531 | 0 | } |
532 | | |
533 | 0 | ret = gnutls_x509_crt_import(peer_certificate_list[i], |
534 | 0 | &info->raw_certificate_list[i], |
535 | 0 | GNUTLS_X509_FMT_DER); |
536 | 0 | if (ret < 0) { |
537 | 0 | gnutls_assert(); |
538 | 0 | CLEAR_CERTS; |
539 | 0 | return ret; |
540 | 0 | } |
541 | 0 | } |
542 | | |
543 | | /* Use the OCSP extension if any */ |
544 | 0 | #ifdef ENABLE_OCSP |
545 | 0 | if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS) |
546 | 0 | goto skip_ocsp; |
547 | | |
548 | 0 | for (i = 0; i < peer_certificate_list_size; i++) { |
549 | 0 | ret = gnutls_ocsp_status_request_get2(session, i, &resp); |
550 | 0 | if (ret < 0) { |
551 | 0 | ret = _gnutls_ocsp_verify_mandatory_stapling( |
552 | 0 | session, peer_certificate_list[i], |
553 | 0 | &ocsp_status); |
554 | 0 | if (ret < 0) { |
555 | 0 | gnutls_assert(); |
556 | 0 | CLEAR_CERTS; |
557 | 0 | return ret; |
558 | 0 | } |
559 | | |
560 | 0 | continue; |
561 | 0 | } |
562 | | |
563 | 0 | cand_issuers = NULL; |
564 | 0 | cand_issuers_size = 0; |
565 | 0 | if (peer_certificate_list_size > i + 1) { |
566 | 0 | cand_issuers = &peer_certificate_list[i + 1]; |
567 | 0 | cand_issuers_size = peer_certificate_list_size - i - 1; |
568 | 0 | } |
569 | |
|
570 | 0 | ret = check_ocsp_response(session, peer_certificate_list[i], |
571 | 0 | cred->tlist, verify_flags, |
572 | 0 | cand_issuers, cand_issuers_size, |
573 | 0 | &resp, &ocsp_status); |
574 | |
|
575 | 0 | if (ret < 0) { |
576 | 0 | CLEAR_CERTS; |
577 | 0 | return gnutls_assert_val(ret); |
578 | 0 | } |
579 | 0 | } |
580 | 0 | #endif |
581 | | |
582 | 0 | skip_ocsp: |
583 | | /* Verify certificate |
584 | | */ |
585 | 0 | if (session->internals.cert_output_callback != NULL) { |
586 | 0 | _gnutls_debug_log( |
587 | 0 | "Print full certificate path validation to trust root.\n"); |
588 | 0 | ret = gnutls_x509_trust_list_verify_crt2( |
589 | 0 | cred->tlist, peer_certificate_list, |
590 | 0 | peer_certificate_list_size, data, elements, |
591 | 0 | verify_flags, status, |
592 | 0 | session->internals.cert_output_callback); |
593 | 0 | } else { |
594 | 0 | ret = gnutls_x509_trust_list_verify_crt2( |
595 | 0 | cred->tlist, peer_certificate_list, |
596 | 0 | peer_certificate_list_size, data, elements, |
597 | 0 | verify_flags, status, NULL); |
598 | 0 | } |
599 | |
|
600 | 0 | if (ret < 0) { |
601 | 0 | gnutls_assert(); |
602 | 0 | CLEAR_CERTS; |
603 | 0 | return ret; |
604 | 0 | } |
605 | | |
606 | 0 | CLEAR_CERTS; |
607 | |
|
608 | 0 | *status |= ocsp_status; |
609 | |
|
610 | 0 | return 0; |
611 | 0 | } |
612 | | |
613 | | /** |
614 | | * gnutls_certificate_verify_peers2: |
615 | | * @session: is a gnutls session |
616 | | * @status: is the output of the verification |
617 | | * |
618 | | * This function will verify the peer's certificate and store |
619 | | * the status in the @status variable as a bitwise OR of gnutls_certificate_status_t |
620 | | * values or zero if the certificate is trusted. Note that value in @status |
621 | | * is set only when the return value of this function is success (i.e, failure |
622 | | * to trust a certificate does not imply a negative return value). |
623 | | * The default verification flags used by this function can be overridden |
624 | | * using gnutls_certificate_set_verify_flags(). |
625 | | * |
626 | | * This function will take into account the stapled OCSP responses sent by the server, |
627 | | * as well as the following X.509 certificate extensions: Name Constraints, |
628 | | * Key Usage, and Basic Constraints (pathlen). |
629 | | * |
630 | | * Note that you must also check the peer's name in order to check if |
631 | | * the verified certificate belongs to the actual peer, see gnutls_x509_crt_check_hostname(), |
632 | | * or use gnutls_certificate_verify_peers3(). |
633 | | * |
634 | | * To avoid denial of service attacks some |
635 | | * default upper limits regarding the certificate key size and chain |
636 | | * size are set. To override them use gnutls_certificate_set_verify_limits(). |
637 | | * |
638 | | * Note that when using raw public-keys verification will not work because there is |
639 | | * no corresponding certificate body belonging to the raw key that can be verified. In that |
640 | | * case this function will return %GNUTLS_E_INVALID_REQUEST. |
641 | | * |
642 | | * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. |
643 | | * A successful error code means that the @status parameter must be checked to obtain the validation status. |
644 | | **/ |
645 | | int gnutls_certificate_verify_peers2(gnutls_session_t session, |
646 | | unsigned int *status) |
647 | 0 | { |
648 | 0 | return gnutls_certificate_verify_peers(session, NULL, 0, status); |
649 | 0 | } |
650 | | |
651 | | /** |
652 | | * gnutls_certificate_verify_peers3: |
653 | | * @session: is a gnutls session |
654 | | * @hostname: is the expected name of the peer; may be %NULL |
655 | | * @status: is the output of the verification |
656 | | * |
657 | | * This function will verify the peer's certificate and store the |
658 | | * the status in the @status variable as a bitwise OR of gnutls_certificate_status_t |
659 | | * values or zero if the certificate is trusted. Note that value in @status |
660 | | * is set only when the return value of this function is success (i.e, failure |
661 | | * to trust a certificate does not imply a negative return value). |
662 | | * The default verification flags used by this function can be overridden |
663 | | * using gnutls_certificate_set_verify_flags(). See the documentation |
664 | | * of gnutls_certificate_verify_peers2() for details in the verification process. |
665 | | * |
666 | | * This function will take into account the stapled OCSP responses sent by the server, |
667 | | * as well as the following X.509 certificate extensions: Name Constraints, |
668 | | * Key Usage, and Basic Constraints (pathlen). |
669 | | * |
670 | | * If the @hostname provided is non-NULL then this function will compare |
671 | | * the hostname in the certificate against it. The comparison will follow |
672 | | * the RFC6125 recommendations. If names do not match the |
673 | | * %GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set. |
674 | | * |
675 | | * In order to verify the purpose of the end-certificate (by checking the extended |
676 | | * key usage), use gnutls_certificate_verify_peers(). |
677 | | * |
678 | | * To avoid denial of service attacks some |
679 | | * default upper limits regarding the certificate key size and chain |
680 | | * size are set. To override them use gnutls_certificate_set_verify_limits(). |
681 | | * |
682 | | * Note that when using raw public-keys verification will not work because there is |
683 | | * no corresponding certificate body belonging to the raw key that can be verified. In that |
684 | | * case this function will return %GNUTLS_E_INVALID_REQUEST. |
685 | | * |
686 | | * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. |
687 | | * A successful error code means that the @status parameter must be checked to obtain the validation status. |
688 | | * |
689 | | * Since: 3.1.4 |
690 | | **/ |
691 | | int gnutls_certificate_verify_peers3(gnutls_session_t session, |
692 | | const char *hostname, unsigned int *status) |
693 | 0 | { |
694 | 0 | gnutls_typed_vdata_st data; |
695 | |
|
696 | 0 | data.type = GNUTLS_DT_DNS_HOSTNAME; |
697 | 0 | data.size = 0; |
698 | 0 | data.data = (void *)hostname; |
699 | |
|
700 | 0 | return gnutls_certificate_verify_peers(session, &data, 1, status); |
701 | 0 | } |
702 | | |
703 | | /** |
704 | | * gnutls_certificate_verify_peers: |
705 | | * @session: is a gnutls session |
706 | | * @data: an array of typed data |
707 | | * @elements: the number of data elements |
708 | | * @status: is the output of the verification |
709 | | * |
710 | | * This function will verify the peer's certificate and store the |
711 | | * the status in the @status variable as a bitwise OR of gnutls_certificate_status_t |
712 | | * values or zero if the certificate is trusted. Note that value in @status |
713 | | * is set only when the return value of this function is success (i.e, failure |
714 | | * to trust a certificate does not imply a negative return value). |
715 | | * The default verification flags used by this function can be overridden |
716 | | * using gnutls_certificate_set_verify_flags(). See the documentation |
717 | | * of gnutls_certificate_verify_peers2() for details in the verification process. |
718 | | * |
719 | | * This function will take into account the stapled OCSP responses sent by the server, |
720 | | * as well as the following X.509 certificate extensions: Name Constraints, |
721 | | * Key Usage, and Basic Constraints (pathlen). |
722 | | * |
723 | | * The acceptable @data types are %GNUTLS_DT_DNS_HOSTNAME, %GNUTLS_DT_RFC822NAME and %GNUTLS_DT_KEY_PURPOSE_OID. |
724 | | * The former two accept as data a null-terminated hostname or email address, and the latter a null-terminated |
725 | | * object identifier (e.g., %GNUTLS_KP_TLS_WWW_SERVER). |
726 | | * |
727 | | * If a DNS hostname is provided then this function will compare |
728 | | * the hostname in the certificate against the given. If names do not match the |
729 | | * %GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set. |
730 | | * If a key purpose OID is provided and the end-certificate contains the extended key |
731 | | * usage PKIX extension, it will be required to be have the provided key purpose |
732 | | * or be marked for any purpose, otherwise verification status will have the |
733 | | * %GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE flag set. |
734 | | * |
735 | | * To avoid denial of service attacks some |
736 | | * default upper limits regarding the certificate key size and chain |
737 | | * size are set. To override them use gnutls_certificate_set_verify_limits(). |
738 | | * |
739 | | * Note that when using raw public-keys verification will not work because there is |
740 | | * no corresponding certificate body belonging to the raw key that can be verified. In that |
741 | | * case this function will return %GNUTLS_E_INVALID_REQUEST. |
742 | | * |
743 | | * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. |
744 | | * A successful error code means that the @status parameter must be checked to obtain the validation status. |
745 | | * |
746 | | * Since: 3.3.0 |
747 | | **/ |
748 | | int gnutls_certificate_verify_peers(gnutls_session_t session, |
749 | | gnutls_typed_vdata_st *data, |
750 | | unsigned int elements, unsigned int *status) |
751 | 0 | { |
752 | 0 | cert_auth_info_t info; |
753 | |
|
754 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); |
755 | |
|
756 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
757 | 0 | if (info == NULL) { |
758 | 0 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
759 | 0 | } |
760 | | |
761 | 0 | if (info->raw_certificate_list == NULL || info->ncerts == 0) |
762 | 0 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
763 | | |
764 | 0 | switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { |
765 | 0 | case GNUTLS_CRT_X509: |
766 | 0 | return _gnutls_x509_cert_verify_peers(session, data, elements, |
767 | 0 | status); |
768 | 0 | default: |
769 | 0 | return GNUTLS_E_INVALID_REQUEST; |
770 | 0 | } |
771 | 0 | } |
772 | | |
773 | | /*- |
774 | | * _gnutls_x509_extract_certificate_activation_time - return the peer's certificate activation time |
775 | | * @cert: should contain an X.509 DER encoded certificate |
776 | | * |
777 | | * This function will return the certificate's activation time in UNIX time |
778 | | * (ie seconds since 00:00:00 UTC January 1, 1970). |
779 | | * |
780 | | * Returns a (time_t) -1 in case of an error. |
781 | | * |
782 | | -*/ |
783 | | static time_t |
784 | | _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t *cert) |
785 | 0 | { |
786 | 0 | gnutls_x509_crt_t xcert; |
787 | 0 | time_t result; |
788 | |
|
789 | 0 | result = gnutls_x509_crt_init(&xcert); |
790 | 0 | if (result < 0) |
791 | 0 | return (time_t)-1; |
792 | | |
793 | 0 | result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER); |
794 | 0 | if (result < 0) { |
795 | 0 | gnutls_x509_crt_deinit(xcert); |
796 | 0 | return (time_t)-1; |
797 | 0 | } |
798 | | |
799 | 0 | result = gnutls_x509_crt_get_activation_time(xcert); |
800 | |
|
801 | 0 | gnutls_x509_crt_deinit(xcert); |
802 | |
|
803 | 0 | return result; |
804 | 0 | } |
805 | | |
806 | | /*- |
807 | | * gnutls_x509_extract_certificate_expiration_time: |
808 | | * @cert: should contain an X.509 DER encoded certificate |
809 | | * |
810 | | * This function will return the certificate's expiration time in UNIX |
811 | | * time (ie seconds since 00:00:00 UTC January 1, 1970). Returns a |
812 | | * |
813 | | * (time_t) -1 in case of an error. |
814 | | * |
815 | | -*/ |
816 | | static time_t |
817 | | _gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t *cert) |
818 | 0 | { |
819 | 0 | gnutls_x509_crt_t xcert; |
820 | 0 | time_t result; |
821 | |
|
822 | 0 | result = gnutls_x509_crt_init(&xcert); |
823 | 0 | if (result < 0) |
824 | 0 | return (time_t)-1; |
825 | | |
826 | 0 | result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER); |
827 | 0 | if (result < 0) { |
828 | 0 | gnutls_x509_crt_deinit(xcert); |
829 | 0 | return (time_t)-1; |
830 | 0 | } |
831 | | |
832 | 0 | result = gnutls_x509_crt_get_expiration_time(xcert); |
833 | |
|
834 | 0 | gnutls_x509_crt_deinit(xcert); |
835 | |
|
836 | 0 | return result; |
837 | 0 | } |
838 | | |
839 | | /** |
840 | | * gnutls_certificate_expiration_time_peers: |
841 | | * @session: is a gnutls session |
842 | | * |
843 | | * This function will return the peer's certificate expiration time. |
844 | | * |
845 | | * Returns: (time_t)-1 on error. |
846 | | * |
847 | | * Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times. |
848 | | **/ |
849 | | time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session) |
850 | 0 | { |
851 | 0 | cert_auth_info_t info; |
852 | |
|
853 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); |
854 | |
|
855 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
856 | 0 | if (info == NULL) { |
857 | 0 | return (time_t)-1; |
858 | 0 | } |
859 | | |
860 | 0 | if (info->raw_certificate_list == NULL || info->ncerts == 0) { |
861 | 0 | gnutls_assert(); |
862 | 0 | return (time_t)-1; |
863 | 0 | } |
864 | | |
865 | 0 | switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { |
866 | 0 | case GNUTLS_CRT_X509: |
867 | 0 | return _gnutls_x509_get_raw_crt_expiration_time( |
868 | 0 | &info->raw_certificate_list[0]); |
869 | 0 | default: |
870 | 0 | return (time_t)-1; |
871 | 0 | } |
872 | 0 | } |
873 | | |
874 | | /** |
875 | | * gnutls_certificate_activation_time_peers: |
876 | | * @session: is a gnutls session |
877 | | * |
878 | | * This function will return the peer's certificate activation time. |
879 | | * |
880 | | * Returns: (time_t)-1 on error. |
881 | | * |
882 | | * Deprecated: gnutls_certificate_verify_peers2() now verifies activation times. |
883 | | **/ |
884 | | time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) |
885 | 0 | { |
886 | 0 | cert_auth_info_t info; |
887 | |
|
888 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); |
889 | |
|
890 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
891 | 0 | if (info == NULL) { |
892 | 0 | return (time_t)-1; |
893 | 0 | } |
894 | | |
895 | 0 | if (info->raw_certificate_list == NULL || info->ncerts == 0) { |
896 | 0 | gnutls_assert(); |
897 | 0 | return (time_t)-1; |
898 | 0 | } |
899 | | |
900 | 0 | switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { |
901 | 0 | case GNUTLS_CRT_X509: |
902 | 0 | return _gnutls_x509_get_raw_crt_activation_time( |
903 | 0 | &info->raw_certificate_list[0]); |
904 | 0 | default: |
905 | 0 | return (time_t)-1; |
906 | 0 | } |
907 | 0 | } |