/src/gnutls/lib/cert-session.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2001-2015 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2015 Nikos Mavrogiannopoulos |
4 | | * |
5 | | * Author: Nikos Mavrogiannopoulos |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
21 | | * |
22 | | */ |
23 | | |
24 | | /* This file contains certificate authentication functions to be exported in the |
25 | | * API which did not fit elsewhere. |
26 | | */ |
27 | | |
28 | | #include "gnutls_int.h" |
29 | | #include "auth/srp_kx.h" |
30 | | #include "auth/anon.h" |
31 | | #include "auth/cert.h" |
32 | | #include "auth/psk.h" |
33 | | #include "errors.h" |
34 | | #include "auth.h" |
35 | | #include "state.h" |
36 | | #include "datum.h" |
37 | | #include "algorithms.h" |
38 | | #include <gnutls/ocsp.h> |
39 | | #include "x509.h" |
40 | | #include "hello_ext.h" |
41 | | #include "x509/ocsp.h" |
42 | | |
43 | | /** |
44 | | * gnutls_certificate_get_ours: |
45 | | * @session: is a gnutls session |
46 | | * |
47 | | * Gets the certificate as sent to the peer in the last handshake. |
48 | | * The certificate is in raw (DER) format. No certificate |
49 | | * list is being returned. Only the first certificate. |
50 | | * |
51 | | * This function returns the certificate that was sent in the current |
52 | | * handshake. In subsequent resumed sessions this function will return |
53 | | * %NULL. That differs from gnutls_certificate_get_peers() which always |
54 | | * returns the peer's certificate used in the original session. |
55 | | * |
56 | | * Returns: a pointer to a #gnutls_datum_t containing our |
57 | | * certificate, or %NULL in case of an error or if no certificate |
58 | | * was used. |
59 | | **/ |
60 | | const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session) |
61 | 0 | { |
62 | 0 | gnutls_certificate_credentials_t cred; |
63 | |
|
64 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, NULL); |
65 | |
|
66 | 0 | cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( |
67 | 0 | session, GNUTLS_CRD_CERTIFICATE); |
68 | 0 | if (cred == NULL) { |
69 | 0 | gnutls_assert(); |
70 | 0 | return NULL; |
71 | 0 | } |
72 | | |
73 | 0 | if (session->internals.selected_cert_list == NULL) |
74 | 0 | return NULL; |
75 | | |
76 | 0 | return &session->internals.selected_cert_list[0].cert; |
77 | 0 | } |
78 | | |
79 | | /** |
80 | | * gnutls_certificate_get_peers: |
81 | | * @session: is a gnutls session |
82 | | * @list_size: is the length of the certificate list (may be %NULL) |
83 | | * |
84 | | * Get the peer's raw certificate (chain) as sent by the peer. These |
85 | | * certificates are in raw format (DER encoded for X.509). In case of |
86 | | * a X.509 then a certificate list may be present. The list |
87 | | * is provided as sent by the server; the server must send as first |
88 | | * certificate in the list its own certificate, following the |
89 | | * issuer's certificate, then the issuer's issuer etc. However, there |
90 | | * are servers which violate this principle and thus on certain |
91 | | * occasions this may be an unsorted list. |
92 | | * |
93 | | * In resumed sessions, this function will return the peer's certificate |
94 | | * list as used in the first/original session. |
95 | | * |
96 | | * Returns: a pointer to a #gnutls_datum_t containing the peer's |
97 | | * certificates, or %NULL in case of an error or if no certificate |
98 | | * was used. |
99 | | **/ |
100 | | const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t session, |
101 | | unsigned int *list_size) |
102 | 0 | { |
103 | 0 | cert_auth_info_t info; |
104 | |
|
105 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, NULL); |
106 | |
|
107 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
108 | 0 | if (info == NULL) |
109 | 0 | return NULL; |
110 | | |
111 | 0 | if (list_size) |
112 | 0 | *list_size = info->ncerts; |
113 | 0 | return info->raw_certificate_list; |
114 | 0 | } |
115 | | |
116 | | /** |
117 | | * gnutls_certificate_client_get_request_status: |
118 | | * @session: is a gnutls session |
119 | | * |
120 | | * Get whether client certificate was requested on the last |
121 | | * handshake or not. |
122 | | * |
123 | | * Returns: 0 if the peer (server) did not request client |
124 | | * authentication or 1 otherwise. |
125 | | **/ |
126 | | unsigned gnutls_certificate_client_get_request_status(gnutls_session_t session) |
127 | 0 | { |
128 | 0 | return (session->internals.hsk_flags & HSK_CRT_ASKED) ? 1 : 0; |
129 | 0 | } |
130 | | |
131 | | /** |
132 | | * gnutls_certificate_set_params_function: |
133 | | * @res: is a gnutls_certificate_credentials_t type |
134 | | * @func: is the function to be called |
135 | | * |
136 | | * This function will set a callback in order for the server to get |
137 | | * the Diffie-Hellman or RSA parameters for certificate |
138 | | * authentication. The callback should return %GNUTLS_E_SUCCESS (0) on success. |
139 | | * |
140 | | * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 |
141 | | * or later. Since 3.6.0, DH parameters are negotiated |
142 | | * following RFC7919. |
143 | | * |
144 | | **/ |
145 | | void gnutls_certificate_set_params_function( |
146 | | gnutls_certificate_credentials_t res, gnutls_params_function *func) |
147 | 0 | { |
148 | 0 | res->params_func = func; |
149 | 0 | } |
150 | | |
151 | | /** |
152 | | * gnutls_certificate_set_flags: |
153 | | * @res: is a gnutls_certificate_credentials_t type |
154 | | * @flags: are the flags of #gnutls_certificate_flags type |
155 | | * |
156 | | * This function will set flags to tweak the operation of |
157 | | * the credentials structure. See the #gnutls_certificate_flags enumerations |
158 | | * for more information on the available flags. |
159 | | * |
160 | | * Since: 3.4.7 |
161 | | **/ |
162 | | void gnutls_certificate_set_flags(gnutls_certificate_credentials_t res, |
163 | | unsigned int flags) |
164 | 0 | { |
165 | 0 | res->flags = flags; |
166 | 0 | } |
167 | | |
168 | | /** |
169 | | * gnutls_certificate_set_verify_flags: |
170 | | * @res: is a gnutls_certificate_credentials_t type |
171 | | * @flags: are the flags |
172 | | * |
173 | | * This function will set the flags to be used for verification |
174 | | * of certificates and override any defaults. The provided flags must be an OR of the |
175 | | * #gnutls_certificate_verify_flags enumerations. |
176 | | * |
177 | | **/ |
178 | | void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t res, |
179 | | unsigned int flags) |
180 | 0 | { |
181 | 0 | res->verify_flags = flags; |
182 | 0 | } |
183 | | |
184 | | /** |
185 | | * gnutls_certificate_get_verify_flags: |
186 | | * @res: is a gnutls_certificate_credentials_t type |
187 | | * |
188 | | * Returns the verification flags set with |
189 | | * gnutls_certificate_set_verify_flags(). |
190 | | * |
191 | | * Returns: The certificate verification flags used by @res. |
192 | | * |
193 | | * Since: 3.4.0 |
194 | | */ |
195 | | unsigned int |
196 | | gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res) |
197 | 0 | { |
198 | 0 | return res->verify_flags; |
199 | 0 | } |
200 | | |
201 | | /** |
202 | | * gnutls_certificate_set_verify_limits: |
203 | | * @res: is a gnutls_certificate_credentials type |
204 | | * @max_bits: is the number of bits of an acceptable certificate (default 8200) |
205 | | * @max_depth: is maximum depth of the verification of a certificate chain (default 5) |
206 | | * |
207 | | * This function will set some upper limits for the default |
208 | | * verification function, gnutls_certificate_verify_peers2(), to avoid |
209 | | * denial of service attacks. You can set them to zero to disable |
210 | | * limits. |
211 | | **/ |
212 | | void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t res, |
213 | | unsigned int max_bits, |
214 | | unsigned int max_depth) |
215 | 0 | { |
216 | 0 | res->verify_depth = max_depth; |
217 | 0 | res->verify_bits = max_bits; |
218 | 0 | } |
219 | | |
220 | | #ifdef ENABLE_OCSP |
221 | | static int _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session, |
222 | | gnutls_x509_crt_t cert, |
223 | | unsigned int *ocsp_status); |
224 | | |
225 | | /* If the certificate is revoked status will be GNUTLS_CERT_REVOKED. |
226 | | * |
227 | | * Returns: |
228 | | * Zero on success, a negative error code otherwise. |
229 | | */ |
230 | | static int check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert, |
231 | | gnutls_x509_trust_list_t tl, |
232 | | unsigned verify_flags, |
233 | | gnutls_x509_crt_t *cand_issuers, |
234 | | unsigned cand_issuers_size, gnutls_datum_t *data, |
235 | | unsigned int *ostatus) |
236 | 0 | { |
237 | 0 | gnutls_ocsp_resp_t resp; |
238 | 0 | int ret; |
239 | 0 | unsigned int status, cert_status, resp_indx; |
240 | 0 | time_t rtime, vtime, ntime, now; |
241 | 0 | int check_failed = 0; |
242 | |
|
243 | 0 | now = gnutls_time(0); |
244 | |
|
245 | 0 | ret = gnutls_ocsp_resp_init(&resp); |
246 | 0 | if (ret < 0) |
247 | 0 | return gnutls_assert_val(ret); |
248 | | |
249 | 0 | ret = gnutls_ocsp_resp_import(resp, data); |
250 | 0 | if (ret < 0) { |
251 | 0 | _gnutls_audit_log( |
252 | 0 | session, |
253 | 0 | "There was an error parsing the OCSP response: %s.\n", |
254 | 0 | gnutls_strerror(ret)); |
255 | 0 | ret = gnutls_assert_val(0); |
256 | 0 | check_failed = 1; |
257 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
258 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
259 | 0 | goto cleanup; |
260 | 0 | } |
261 | | |
262 | 0 | if (gnutls_ocsp_resp_get_status(resp) != GNUTLS_OCSP_RESP_SUCCESSFUL) { |
263 | 0 | ret = _gnutls_ocsp_verify_mandatory_stapling(session, cert, |
264 | 0 | ostatus); |
265 | 0 | if (ret < 0) { |
266 | 0 | gnutls_assert(); |
267 | 0 | goto cleanup; |
268 | 0 | } |
269 | 0 | if (*ostatus & GNUTLS_CERT_MISSING_OCSP_STATUS) { |
270 | 0 | _gnutls_audit_log( |
271 | 0 | session, |
272 | 0 | "Missing basic OCSP response while required: %s.\n", |
273 | 0 | gnutls_strerror(ret)); |
274 | 0 | check_failed = 1; |
275 | 0 | } |
276 | 0 | ret = gnutls_assert_val(0); |
277 | 0 | goto cleanup; |
278 | 0 | } |
279 | | |
280 | 0 | for (resp_indx = 0;; resp_indx++) { |
281 | 0 | ret = gnutls_ocsp_resp_check_crt(resp, resp_indx, cert); |
282 | 0 | if (ret == 0 || ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) |
283 | 0 | break; |
284 | 0 | } |
285 | 0 | if (ret < 0) { |
286 | 0 | ret = gnutls_assert_val(0); |
287 | 0 | _gnutls_audit_log( |
288 | 0 | session, |
289 | 0 | "Got OCSP response with an unrelated certificate.\n"); |
290 | 0 | check_failed = 1; |
291 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
292 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
293 | 0 | goto cleanup; |
294 | 0 | } |
295 | | |
296 | | /* Attempt to verify against our trusted list */ |
297 | 0 | ret = gnutls_ocsp_resp_verify(resp, tl, &status, verify_flags); |
298 | 0 | if ((ret < 0 || status != 0) && cand_issuers_size > 0) { |
299 | | /* Attempt to verify against the certificate list provided by the server */ |
300 | |
|
301 | 0 | ret = gnutls_ocsp_resp_verify_direct(resp, cand_issuers[0], |
302 | 0 | &status, verify_flags); |
303 | | /* if verification fails attempt to find whether any of the other |
304 | | * bundled CAs is an issuer of the OCSP response */ |
305 | 0 | if ((ret < 0 || status != 0) && cand_issuers_size > 1) { |
306 | 0 | int ret2; |
307 | 0 | unsigned status2, i; |
308 | |
|
309 | 0 | for (i = 1; i < cand_issuers_size; i++) { |
310 | 0 | ret2 = gnutls_ocsp_resp_verify_direct( |
311 | 0 | resp, cand_issuers[i], &status2, |
312 | 0 | verify_flags); |
313 | 0 | if (ret2 >= 0 && status2 == 0) { |
314 | 0 | status = status2; |
315 | 0 | ret = ret2; |
316 | 0 | break; |
317 | 0 | } |
318 | 0 | } |
319 | 0 | } |
320 | 0 | } |
321 | |
|
322 | 0 | if (ret < 0) { |
323 | 0 | ret = gnutls_assert_val(0); |
324 | 0 | gnutls_assert(); |
325 | 0 | check_failed = 1; |
326 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
327 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
328 | 0 | goto cleanup; |
329 | 0 | } |
330 | | |
331 | | /* do not consider revocation data if response was not verified */ |
332 | 0 | if (status != 0) { |
333 | 0 | char buf[MAX_OCSP_MSG_SIZE]; |
334 | |
|
335 | 0 | _gnutls_debug_log("OCSP rejection reason: %s\n", |
336 | 0 | _gnutls_ocsp_verify_status_to_str(status, |
337 | 0 | buf)); |
338 | |
|
339 | 0 | ret = gnutls_assert_val(0); |
340 | 0 | check_failed = 1; |
341 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
342 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
343 | 0 | goto cleanup; |
344 | 0 | } |
345 | | |
346 | 0 | ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL, |
347 | 0 | &cert_status, &vtime, &ntime, &rtime, |
348 | 0 | NULL); |
349 | 0 | if (ret < 0) { |
350 | 0 | _gnutls_audit_log( |
351 | 0 | session, |
352 | 0 | "There was an error parsing the OCSP response: %s.\n", |
353 | 0 | gnutls_strerror(ret)); |
354 | 0 | ret = gnutls_assert_val(0); |
355 | 0 | check_failed = 1; |
356 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
357 | 0 | *ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS; |
358 | 0 | goto cleanup; |
359 | 0 | } |
360 | | |
361 | 0 | if (cert_status == GNUTLS_OCSP_CERT_REVOKED) { |
362 | 0 | _gnutls_audit_log(session, |
363 | 0 | "The certificate was revoked via OCSP\n"); |
364 | 0 | check_failed = 1; |
365 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
366 | 0 | *ostatus |= GNUTLS_CERT_REVOKED; |
367 | 0 | ret = gnutls_assert_val(0); |
368 | 0 | goto cleanup; |
369 | 0 | } |
370 | | |
371 | | /* Report but do not fail on the following errors. That is |
372 | | * because including the OCSP response in the handshake shouldn't |
373 | | * cause more problems that not including it. |
374 | | */ |
375 | 0 | if (ntime == -1) { |
376 | 0 | if (now - vtime > MAX_OCSP_VALIDITY_SECS) { |
377 | 0 | _gnutls_audit_log(session, |
378 | 0 | "The OCSP response is old\n"); |
379 | 0 | check_failed = 1; |
380 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
381 | 0 | *ostatus |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED; |
382 | 0 | goto cleanup; |
383 | 0 | } |
384 | 0 | } else { |
385 | | /* there is a newer OCSP answer, don't trust this one */ |
386 | 0 | if (ntime < now) { |
387 | 0 | _gnutls_audit_log( |
388 | 0 | session, |
389 | 0 | "There is a newer OCSP response but was not provided by the server\n"); |
390 | 0 | check_failed = 1; |
391 | 0 | *ostatus |= GNUTLS_CERT_INVALID; |
392 | 0 | *ostatus |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED; |
393 | 0 | goto cleanup; |
394 | 0 | } |
395 | 0 | } |
396 | | |
397 | 0 | ret = 0; |
398 | 0 | cleanup: |
399 | 0 | if (check_failed == 0) |
400 | 0 | session->internals.ocsp_check_ok = 1; |
401 | |
|
402 | 0 | gnutls_ocsp_resp_deinit(resp); |
403 | |
|
404 | 0 | return ret; |
405 | 0 | } |
406 | | |
407 | | static int _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session, |
408 | | gnutls_x509_crt_t cert, |
409 | | unsigned int *ocsp_status) |
410 | 0 | { |
411 | 0 | gnutls_x509_tlsfeatures_t tlsfeatures; |
412 | 0 | int i, ret; |
413 | 0 | unsigned feature; |
414 | | |
415 | | /* RFC 7633: If cert has TLS feature GNUTLS_EXTENSION_STATUS_REQUEST, stapling is mandatory. |
416 | | * |
417 | | * At this point, we know that we did not get the certificate status. |
418 | | * |
419 | | * To proceed, first check whether we have requested the certificate status |
420 | | */ |
421 | 0 | if (!(session->internals.hsk_flags & HSK_OCSP_REQUESTED)) |
422 | 0 | return 0; |
423 | | |
424 | 0 | ret = gnutls_x509_tlsfeatures_init(&tlsfeatures); |
425 | 0 | if (ret < 0) { |
426 | 0 | gnutls_assert(); |
427 | 0 | return ret; |
428 | 0 | } |
429 | | |
430 | | /* We have requested the status, now check whether the certificate mandates a response */ |
431 | 0 | if (gnutls_x509_crt_get_tlsfeatures(cert, tlsfeatures, 0, NULL) == 0) { |
432 | 0 | for (i = 0;; ++i) { |
433 | 0 | ret = gnutls_x509_tlsfeatures_get(tlsfeatures, i, |
434 | 0 | &feature); |
435 | 0 | if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { |
436 | 0 | break; |
437 | 0 | } |
438 | | |
439 | 0 | if (ret < 0) { |
440 | 0 | gnutls_assert(); |
441 | 0 | goto cleanup; |
442 | 0 | } |
443 | | |
444 | 0 | if (feature == 5 /* TLS ID for status request */) { |
445 | | /* We sent a status request, the certificate mandates a reply, but we did not get any. */ |
446 | 0 | *ocsp_status |= GNUTLS_CERT_INVALID; |
447 | 0 | *ocsp_status |= GNUTLS_CERT_MISSING_OCSP_STATUS; |
448 | 0 | break; |
449 | 0 | } |
450 | 0 | } |
451 | 0 | } |
452 | | |
453 | 0 | ret = 0; |
454 | 0 | cleanup: |
455 | 0 | gnutls_x509_tlsfeatures_deinit(tlsfeatures); |
456 | 0 | return ret; |
457 | 0 | } |
458 | | #endif |
459 | | |
460 | | #define CLEAR_CERTS \ |
461 | 0 | for (x = 0; x < peer_certificate_list_size; x++) { \ |
462 | 0 | if (peer_certificate_list[x]) \ |
463 | 0 | gnutls_x509_crt_deinit(peer_certificate_list[x]); \ |
464 | 0 | } \ |
465 | 0 | gnutls_free(peer_certificate_list) |
466 | | |
467 | | /*- |
468 | | * _gnutls_x509_cert_verify_peers - return the peer's certificate status |
469 | | * @session: is a gnutls session |
470 | | * |
471 | | * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). |
472 | | * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. |
473 | | * However you must also check the peer's name in order to check if the verified certificate belongs to the |
474 | | * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. |
475 | | -*/ |
476 | | int _gnutls_x509_cert_verify_peers(gnutls_session_t session, |
477 | | gnutls_typed_vdata_st *data, |
478 | | unsigned int elements, unsigned int *status) |
479 | 0 | { |
480 | 0 | cert_auth_info_t info; |
481 | 0 | gnutls_certificate_credentials_t cred; |
482 | 0 | gnutls_x509_crt_t *peer_certificate_list; |
483 | 0 | gnutls_datum_t resp; |
484 | 0 | int peer_certificate_list_size, i, x, ret; |
485 | 0 | gnutls_x509_crt_t *cand_issuers; |
486 | 0 | unsigned cand_issuers_size; |
487 | 0 | unsigned int ocsp_status = 0; |
488 | 0 | unsigned int verify_flags; |
489 | | |
490 | | /* No OCSP check so far */ |
491 | 0 | session->internals.ocsp_check_ok = 0; |
492 | |
|
493 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); |
494 | |
|
495 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
496 | 0 | if (info == NULL) { |
497 | 0 | gnutls_assert(); |
498 | 0 | return GNUTLS_E_INVALID_REQUEST; |
499 | 0 | } |
500 | | |
501 | 0 | cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( |
502 | 0 | session, GNUTLS_CRD_CERTIFICATE); |
503 | 0 | if (cred == NULL) { |
504 | 0 | gnutls_assert(); |
505 | 0 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
506 | 0 | } |
507 | | |
508 | 0 | if (info->raw_certificate_list == NULL || info->ncerts == 0) |
509 | 0 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
510 | | |
511 | 0 | if (info->ncerts > cred->verify_depth && cred->verify_depth > 0) { |
512 | 0 | gnutls_assert(); |
513 | 0 | return GNUTLS_E_CONSTRAINT_ERROR; |
514 | 0 | } |
515 | | |
516 | 0 | verify_flags = cred->verify_flags | |
517 | 0 | session->internals.additional_verify_flags; |
518 | | /* generate a list of gnutls_certs based on the auth info |
519 | | * raw certs. |
520 | | */ |
521 | 0 | peer_certificate_list_size = info->ncerts; |
522 | 0 | peer_certificate_list = gnutls_calloc(peer_certificate_list_size, |
523 | 0 | sizeof(gnutls_x509_crt_t)); |
524 | 0 | if (peer_certificate_list == NULL) { |
525 | 0 | gnutls_assert(); |
526 | 0 | return GNUTLS_E_MEMORY_ERROR; |
527 | 0 | } |
528 | | |
529 | 0 | for (i = 0; i < peer_certificate_list_size; i++) { |
530 | 0 | ret = gnutls_x509_crt_init(&peer_certificate_list[i]); |
531 | 0 | if (ret < 0) { |
532 | 0 | gnutls_assert(); |
533 | 0 | CLEAR_CERTS; |
534 | 0 | return ret; |
535 | 0 | } |
536 | | |
537 | 0 | ret = gnutls_x509_crt_import(peer_certificate_list[i], |
538 | 0 | &info->raw_certificate_list[i], |
539 | 0 | GNUTLS_X509_FMT_DER); |
540 | 0 | if (ret < 0) { |
541 | 0 | gnutls_assert(); |
542 | 0 | CLEAR_CERTS; |
543 | 0 | return ret; |
544 | 0 | } |
545 | 0 | } |
546 | | |
547 | | /* Use the OCSP extension if any */ |
548 | 0 | #ifdef ENABLE_OCSP |
549 | 0 | if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS) |
550 | 0 | goto skip_ocsp; |
551 | | |
552 | 0 | for (i = 0; i < peer_certificate_list_size; i++) { |
553 | 0 | ret = gnutls_ocsp_status_request_get2(session, i, &resp); |
554 | 0 | if (ret < 0) { |
555 | 0 | ret = _gnutls_ocsp_verify_mandatory_stapling( |
556 | 0 | session, peer_certificate_list[i], |
557 | 0 | &ocsp_status); |
558 | 0 | if (ret < 0) { |
559 | 0 | gnutls_assert(); |
560 | 0 | CLEAR_CERTS; |
561 | 0 | return ret; |
562 | 0 | } |
563 | | |
564 | 0 | continue; |
565 | 0 | } |
566 | | |
567 | 0 | cand_issuers = NULL; |
568 | 0 | cand_issuers_size = 0; |
569 | 0 | if (peer_certificate_list_size > i + 1) { |
570 | 0 | cand_issuers = &peer_certificate_list[i + 1]; |
571 | 0 | cand_issuers_size = peer_certificate_list_size - i - 1; |
572 | 0 | } |
573 | |
|
574 | 0 | ret = check_ocsp_response(session, peer_certificate_list[i], |
575 | 0 | cred->tlist, verify_flags, |
576 | 0 | cand_issuers, cand_issuers_size, |
577 | 0 | &resp, &ocsp_status); |
578 | |
|
579 | 0 | if (ret < 0) { |
580 | 0 | CLEAR_CERTS; |
581 | 0 | return gnutls_assert_val(ret); |
582 | 0 | } |
583 | 0 | } |
584 | 0 | #endif |
585 | | |
586 | 0 | skip_ocsp: |
587 | | /* Verify certificate |
588 | | */ |
589 | 0 | if (session->internals.cert_output_callback != NULL) { |
590 | 0 | _gnutls_debug_log( |
591 | 0 | "Print full certificate path validation to trust root.\n"); |
592 | 0 | ret = gnutls_x509_trust_list_verify_crt2( |
593 | 0 | cred->tlist, peer_certificate_list, |
594 | 0 | peer_certificate_list_size, data, elements, |
595 | 0 | verify_flags, status, |
596 | 0 | session->internals.cert_output_callback); |
597 | 0 | } else { |
598 | 0 | ret = gnutls_x509_trust_list_verify_crt2( |
599 | 0 | cred->tlist, peer_certificate_list, |
600 | 0 | peer_certificate_list_size, data, elements, |
601 | 0 | verify_flags, status, NULL); |
602 | 0 | } |
603 | |
|
604 | 0 | if (ret < 0) { |
605 | 0 | gnutls_assert(); |
606 | 0 | CLEAR_CERTS; |
607 | 0 | return ret; |
608 | 0 | } |
609 | | |
610 | 0 | CLEAR_CERTS; |
611 | |
|
612 | 0 | *status |= ocsp_status; |
613 | |
|
614 | 0 | return 0; |
615 | 0 | } |
616 | | |
617 | | /** |
618 | | * gnutls_certificate_verify_peers2: |
619 | | * @session: is a gnutls session |
620 | | * @status: is the output of the verification |
621 | | * |
622 | | * This function will verify the peer's certificate and store |
623 | | * the status in the @status variable as a bitwise OR of gnutls_certificate_status_t |
624 | | * values or zero if the certificate is trusted. Note that value in @status |
625 | | * is set only when the return value of this function is success (i.e, failure |
626 | | * to trust a certificate does not imply a negative return value). |
627 | | * The default verification flags used by this function can be overridden |
628 | | * using gnutls_certificate_set_verify_flags(). |
629 | | * |
630 | | * This function will take into account the stapled OCSP responses sent by the server, |
631 | | * as well as the following X.509 certificate extensions: Name Constraints, |
632 | | * Key Usage, and Basic Constraints (pathlen). |
633 | | * |
634 | | * Note that you must also check the peer's name in order to check if |
635 | | * the verified certificate belongs to the actual peer, see gnutls_x509_crt_check_hostname(), |
636 | | * or use gnutls_certificate_verify_peers3(). |
637 | | * |
638 | | * To avoid denial of service attacks some |
639 | | * default upper limits regarding the certificate key size and chain |
640 | | * size are set. To override them use gnutls_certificate_set_verify_limits(). |
641 | | * |
642 | | * Note that when using raw public-keys verification will not work because there is |
643 | | * no corresponding certificate body belonging to the raw key that can be verified. In that |
644 | | * case this function will return %GNUTLS_E_INVALID_REQUEST. |
645 | | * |
646 | | * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. |
647 | | * A successful error code means that the @status parameter must be checked to obtain the validation status. |
648 | | **/ |
649 | | int gnutls_certificate_verify_peers2(gnutls_session_t session, |
650 | | unsigned int *status) |
651 | 0 | { |
652 | 0 | return gnutls_certificate_verify_peers(session, NULL, 0, status); |
653 | 0 | } |
654 | | |
655 | | /** |
656 | | * gnutls_certificate_verify_peers3: |
657 | | * @session: is a gnutls session |
658 | | * @hostname: is the expected name of the peer; may be %NULL |
659 | | * @status: is the output of the verification |
660 | | * |
661 | | * This function will verify the peer's certificate and store the |
662 | | * the status in the @status variable as a bitwise OR of gnutls_certificate_status_t |
663 | | * values or zero if the certificate is trusted. Note that value in @status |
664 | | * is set only when the return value of this function is success (i.e, failure |
665 | | * to trust a certificate does not imply a negative return value). |
666 | | * The default verification flags used by this function can be overridden |
667 | | * using gnutls_certificate_set_verify_flags(). See the documentation |
668 | | * of gnutls_certificate_verify_peers2() for details in the verification process. |
669 | | * |
670 | | * This function will take into account the stapled OCSP responses sent by the server, |
671 | | * as well as the following X.509 certificate extensions: Name Constraints, |
672 | | * Key Usage, and Basic Constraints (pathlen). |
673 | | * |
674 | | * If the @hostname provided is non-NULL then this function will compare |
675 | | * the hostname in the certificate against it. The comparison will follow |
676 | | * the RFC6125 recommendations. If names do not match the |
677 | | * %GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set. |
678 | | * |
679 | | * In order to verify the purpose of the end-certificate (by checking the extended |
680 | | * key usage), use gnutls_certificate_verify_peers(). |
681 | | * |
682 | | * To avoid denial of service attacks some |
683 | | * default upper limits regarding the certificate key size and chain |
684 | | * size are set. To override them use gnutls_certificate_set_verify_limits(). |
685 | | * |
686 | | * Note that when using raw public-keys verification will not work because there is |
687 | | * no corresponding certificate body belonging to the raw key that can be verified. In that |
688 | | * case this function will return %GNUTLS_E_INVALID_REQUEST. |
689 | | * |
690 | | * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. |
691 | | * A successful error code means that the @status parameter must be checked to obtain the validation status. |
692 | | * |
693 | | * Since: 3.1.4 |
694 | | **/ |
695 | | int gnutls_certificate_verify_peers3(gnutls_session_t session, |
696 | | const char *hostname, unsigned int *status) |
697 | 0 | { |
698 | 0 | gnutls_typed_vdata_st data; |
699 | |
|
700 | 0 | data.type = GNUTLS_DT_DNS_HOSTNAME; |
701 | 0 | data.size = 0; |
702 | 0 | data.data = (void *)hostname; |
703 | |
|
704 | 0 | return gnutls_certificate_verify_peers(session, &data, 1, status); |
705 | 0 | } |
706 | | |
707 | | /** |
708 | | * gnutls_certificate_verify_peers: |
709 | | * @session: is a gnutls session |
710 | | * @data: an array of typed data |
711 | | * @elements: the number of data elements |
712 | | * @status: is the output of the verification |
713 | | * |
714 | | * This function will verify the peer's certificate and store the |
715 | | * the status in the @status variable as a bitwise OR of gnutls_certificate_status_t |
716 | | * values or zero if the certificate is trusted. Note that value in @status |
717 | | * is set only when the return value of this function is success (i.e, failure |
718 | | * to trust a certificate does not imply a negative return value). |
719 | | * The default verification flags used by this function can be overridden |
720 | | * using gnutls_certificate_set_verify_flags(). See the documentation |
721 | | * of gnutls_certificate_verify_peers2() for details in the verification process. |
722 | | * |
723 | | * This function will take into account the stapled OCSP responses sent by the server, |
724 | | * as well as the following X.509 certificate extensions: Name Constraints, |
725 | | * Key Usage, and Basic Constraints (pathlen). |
726 | | * |
727 | | * The acceptable @data types are %GNUTLS_DT_DNS_HOSTNAME, %GNUTLS_DT_RFC822NAME and %GNUTLS_DT_KEY_PURPOSE_OID. |
728 | | * The former two accept as data a null-terminated hostname or email address, and the latter a null-terminated |
729 | | * object identifier (e.g., %GNUTLS_KP_TLS_WWW_SERVER). |
730 | | * |
731 | | * If a DNS hostname is provided then this function will compare |
732 | | * the hostname in the certificate against the given. If names do not match the |
733 | | * %GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set. |
734 | | * If a key purpose OID is provided and the end-certificate contains the extended key |
735 | | * usage PKIX extension, it will be required to be have the provided key purpose |
736 | | * or be marked for any purpose, otherwise verification status will have the |
737 | | * %GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE flag set. |
738 | | * |
739 | | * To avoid denial of service attacks some |
740 | | * default upper limits regarding the certificate key size and chain |
741 | | * size are set. To override them use gnutls_certificate_set_verify_limits(). |
742 | | * |
743 | | * Note that when using raw public-keys verification will not work because there is |
744 | | * no corresponding certificate body belonging to the raw key that can be verified. In that |
745 | | * case this function will return %GNUTLS_E_INVALID_REQUEST. |
746 | | * |
747 | | * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. |
748 | | * A successful error code means that the @status parameter must be checked to obtain the validation status. |
749 | | * |
750 | | * Since: 3.3.0 |
751 | | **/ |
752 | | int gnutls_certificate_verify_peers(gnutls_session_t session, |
753 | | gnutls_typed_vdata_st *data, |
754 | | unsigned int elements, unsigned int *status) |
755 | 0 | { |
756 | 0 | cert_auth_info_t info; |
757 | |
|
758 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); |
759 | |
|
760 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
761 | 0 | if (info == NULL) { |
762 | 0 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
763 | 0 | } |
764 | | |
765 | 0 | if (info->raw_certificate_list == NULL || info->ncerts == 0) |
766 | 0 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
767 | | |
768 | 0 | switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { |
769 | 0 | case GNUTLS_CRT_X509: |
770 | 0 | return _gnutls_x509_cert_verify_peers(session, data, elements, |
771 | 0 | status); |
772 | 0 | default: |
773 | 0 | return GNUTLS_E_INVALID_REQUEST; |
774 | 0 | } |
775 | 0 | } |
776 | | |
777 | | /*- |
778 | | * _gnutls_x509_extract_certificate_activation_time - return the peer's certificate activation time |
779 | | * @cert: should contain an X.509 DER encoded certificate |
780 | | * |
781 | | * This function will return the certificate's activation time in UNIX time |
782 | | * (ie seconds since 00:00:00 UTC January 1, 1970). |
783 | | * |
784 | | * Returns a (time_t) -1 in case of an error. |
785 | | * |
786 | | -*/ |
787 | | static time_t |
788 | | _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t *cert) |
789 | 0 | { |
790 | 0 | gnutls_x509_crt_t xcert; |
791 | 0 | time_t result; |
792 | |
|
793 | 0 | result = gnutls_x509_crt_init(&xcert); |
794 | 0 | if (result < 0) |
795 | 0 | return (time_t)-1; |
796 | | |
797 | 0 | result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER); |
798 | 0 | if (result < 0) { |
799 | 0 | gnutls_x509_crt_deinit(xcert); |
800 | 0 | return (time_t)-1; |
801 | 0 | } |
802 | | |
803 | 0 | result = gnutls_x509_crt_get_activation_time(xcert); |
804 | |
|
805 | 0 | gnutls_x509_crt_deinit(xcert); |
806 | |
|
807 | 0 | return result; |
808 | 0 | } |
809 | | |
810 | | /*- |
811 | | * gnutls_x509_extract_certificate_expiration_time: |
812 | | * @cert: should contain an X.509 DER encoded certificate |
813 | | * |
814 | | * This function will return the certificate's expiration time in UNIX |
815 | | * time (ie seconds since 00:00:00 UTC January 1, 1970). Returns a |
816 | | * |
817 | | * (time_t) -1 in case of an error. |
818 | | * |
819 | | -*/ |
820 | | static time_t |
821 | | _gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t *cert) |
822 | 0 | { |
823 | 0 | gnutls_x509_crt_t xcert; |
824 | 0 | time_t result; |
825 | |
|
826 | 0 | result = gnutls_x509_crt_init(&xcert); |
827 | 0 | if (result < 0) |
828 | 0 | return (time_t)-1; |
829 | | |
830 | 0 | result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER); |
831 | 0 | if (result < 0) { |
832 | 0 | gnutls_x509_crt_deinit(xcert); |
833 | 0 | return (time_t)-1; |
834 | 0 | } |
835 | | |
836 | 0 | result = gnutls_x509_crt_get_expiration_time(xcert); |
837 | |
|
838 | 0 | gnutls_x509_crt_deinit(xcert); |
839 | |
|
840 | 0 | return result; |
841 | 0 | } |
842 | | |
843 | | /** |
844 | | * gnutls_certificate_expiration_time_peers: |
845 | | * @session: is a gnutls session |
846 | | * |
847 | | * This function will return the peer's certificate expiration time. |
848 | | * |
849 | | * Returns: (time_t)-1 on error. |
850 | | * |
851 | | * Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times. |
852 | | **/ |
853 | | time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session) |
854 | 0 | { |
855 | 0 | cert_auth_info_t info; |
856 | |
|
857 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); |
858 | |
|
859 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
860 | 0 | if (info == NULL) { |
861 | 0 | return (time_t)-1; |
862 | 0 | } |
863 | | |
864 | 0 | if (info->raw_certificate_list == NULL || info->ncerts == 0) { |
865 | 0 | gnutls_assert(); |
866 | 0 | return (time_t)-1; |
867 | 0 | } |
868 | | |
869 | 0 | switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { |
870 | 0 | case GNUTLS_CRT_X509: |
871 | 0 | return _gnutls_x509_get_raw_crt_expiration_time( |
872 | 0 | &info->raw_certificate_list[0]); |
873 | 0 | default: |
874 | 0 | return (time_t)-1; |
875 | 0 | } |
876 | 0 | } |
877 | | |
878 | | /** |
879 | | * gnutls_certificate_activation_time_peers: |
880 | | * @session: is a gnutls session |
881 | | * |
882 | | * This function will return the peer's certificate activation time. |
883 | | * |
884 | | * Returns: (time_t)-1 on error. |
885 | | * |
886 | | * Deprecated: gnutls_certificate_verify_peers2() now verifies activation times. |
887 | | **/ |
888 | | time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) |
889 | 0 | { |
890 | 0 | cert_auth_info_t info; |
891 | |
|
892 | 0 | CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); |
893 | |
|
894 | 0 | info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); |
895 | 0 | if (info == NULL) { |
896 | 0 | return (time_t)-1; |
897 | 0 | } |
898 | | |
899 | 0 | if (info->raw_certificate_list == NULL || info->ncerts == 0) { |
900 | 0 | gnutls_assert(); |
901 | 0 | return (time_t)-1; |
902 | 0 | } |
903 | | |
904 | 0 | switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { |
905 | 0 | case GNUTLS_CRT_X509: |
906 | 0 | return _gnutls_x509_get_raw_crt_activation_time( |
907 | 0 | &info->raw_certificate_list[0]); |
908 | 0 | default: |
909 | 0 | return (time_t)-1; |
910 | 0 | } |
911 | 0 | } |