lib/ext/status_request.c

/*
 * Copyright (C) 2012-2017 Free Software Foundation, Inc.
 * Copyright (C) 2017 Red Hat, Inc.
 *
 * Author: Simon Josefsson, Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

/*
  Status Request (OCSP) TLS extension.  See RFC 6066 section 8:
  https://tools.ietf.org/html/rfc6066#section-8
*/

#include "gnutls_int.h"
#include "errors.h"
#include <hello_ext.h>
#include <ext/status_request.h>
#include <mbuffers.h>
#include <auth.h>
#include <auth/cert.h>
#include <handshake.h>

#ifdef ENABLE_OCSP

typedef struct {
	/* server response */
	gnutls_datum_t sresp;

	unsigned int expect_cstatus;
} status_request_ext_st;

/*
  From RFC 6066.  Client sends:

      struct {
	  CertificateStatusType status_type;
	  select (status_type) {
	      case ocsp: OCSPStatusRequest;
	  } request;
      } CertificateStatusRequest;

      enum { ocsp(1), (255) } CertificateStatusType;

      struct {
	  ResponderID responder_id_list<0..2^16-1>;
	  Extensions  request_extensions;
      } OCSPStatusRequest;

      opaque ResponderID<1..2^16-1>;
      opaque Extensions<0..2^16-1>;
*/


static int
client_send(gnutls_session_t session,
	    gnutls_buffer_st * extdata, status_request_ext_st * priv)
{
	const uint8_t data[5] = "\x01\x00\x00\x00\x00";
	const int len = 5;
	int ret;

	/* We do not support setting either ResponderID or Extensions */

	ret = _gnutls_buffer_append_data(extdata, data, len);
	if (ret < 0)
		return gnutls_assert_val(ret);

	session->internals.hsk_flags |= HSK_OCSP_REQUESTED;

	return len;
}

static int
server_recv(gnutls_session_t session,
	    const uint8_t * data, size_t data_size)
{
	unsigned rid_bytes = 0;

	/* minimum message is type (1) + responder_id_list (2) +
	   request_extension (2) = 5 */
	if (data_size < 5)
		return
		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	/* We ignore non-ocsp CertificateStatusType.  The spec is unclear
	   what should be done. */
	if (data[0] != 0x01) {
		gnutls_assert();
		_gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",
				      session, data[0]);
		return 0;
	}
	DECR_LEN(data_size, 1);
	data++;

	rid_bytes = _gnutls_read_uint16(data);

	DECR_LEN(data_size, 2);
	/*data += 2;*/

	/* sanity check only, we don't use any of the data below */

	if (data_size < rid_bytes)
		return
		    gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);

	_gnutls_handshake_log("EXT[%p]: OCSP status was requested\n", session);
	session->internals.hsk_flags |= HSK_OCSP_REQUESTED;

	return 0;
}


static int
client_recv(gnutls_session_t session,
	    status_request_ext_st * priv,
	    const uint8_t * data, size_t size)
{
	if (size != 0)
		return
		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
	else {
		priv->expect_cstatus = 1;
		return 0;
	}
}


/*
 * Servers return a certificate response along with their certificate
 * by sending a "CertificateStatus" message immediately after the
 * "Certificate" message (and before any "ServerKeyExchange" or
 * "CertificateRequest" messages).  If a server returns a
 * "CertificateStatus" message, then the server MUST have included an
 * extension of type "status_request" with empty "extension_data" in
 * the extended server hello.
 *
 * According to the description above, as a server we could simply
 * return GNUTLS_E_INT_RET_0 on this function. In that case we would
 * only need to use the callbacks at the time we need to send the data,
 * and skip the status response packet if no such data are there.
 * However, that behavior would break gnutls 3.3.x which expects the status
 * response to be always send if the extension is present.
 *
 * Instead we ensure that this extension is parsed after the CS/certificate
 * are selected (with the _GNUTLS_EXT_TLS_POST_CS type), and we discover
 * (or not) the response to send early.
 */
static int
server_send(gnutls_session_t session,
	    gnutls_buffer_st * extdata, status_request_ext_st * priv)
{
	int ret;
	gnutls_certificate_credentials_t cred;
	gnutls_status_request_ocsp_func func;
	void *func_ptr;
	const version_entry_st *ver = get_version(session);

	cred = (gnutls_certificate_credentials_t)
	    _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
	if (cred == NULL)	/* no certificate authentication */
		return 0;

	/* no need to set sresp; responses are send during certificate sending and
	 * no response is required from server side. */
	if (ver && ver->multi_ocsp)
		return 0;

	/* Under TLS1.2 we obtain the response at this point in order to respond
	 * appropriately (empty extension vs no response) */
	if (session->internals.selected_ocsp_length > 0) {
		if (session->internals.selected_ocsp[0].response.data) {
			if (session->internals.selected_ocsp[0].exptime != 0 &&
			    (gnutls_time(0) >= session->internals.selected_ocsp[0].exptime)) {
				gnutls_assert();
				return 0;
			}

			ret = _gnutls_set_datum(&priv->sresp,
						session->internals.selected_ocsp[0].response.data,
						session->internals.selected_ocsp[0].response.size);
			if (ret < 0)
				return gnutls_assert_val(ret);
			return GNUTLS_E_INT_RET_0;
		} else {
			return 0;
		}
	} else if (session->internals.selected_ocsp_func) {
		func = session->internals.selected_ocsp_func;
		func_ptr = session->internals.selected_ocsp_func_ptr;

		if (func == NULL)
			return 0;

		ret = func(session, func_ptr, &priv->sresp);
		if (ret == GNUTLS_E_NO_CERTIFICATE_STATUS)
			return 0;
		else if (ret < 0)
			return gnutls_assert_val(ret);
	} else {
		return 0;
	}

	return GNUTLS_E_INT_RET_0;
}

static int
_gnutls_status_request_send_params(gnutls_session_t session,
				   gnutls_buffer_st * extdata)
{
	gnutls_ext_priv_data_t epriv;
	status_request_ext_st *priv;
	int ret;

	/* Do not bother sending the OCSP status request extension
	 * if we are not using certificate authentication */
	if (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL)
		return 0;

	if (session->security_parameters.entity == GNUTLS_CLIENT) {
		ret = _gnutls_hello_ext_get_priv(session,
						 GNUTLS_EXTENSION_STATUS_REQUEST,
						 &epriv);
		if (ret < 0 || epriv == NULL)	/* it is ok not to have it */
			return 0;
		priv = epriv;

		return client_send(session, extdata, priv);
	} else {
		epriv = priv = gnutls_calloc(1, sizeof(*priv));
		if (priv == NULL)
			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);

		_gnutls_hello_ext_set_priv(session,
					   GNUTLS_EXTENSION_STATUS_REQUEST,
					   epriv);

		return server_send(session, extdata, priv);
	}
}

static int
_gnutls_status_request_recv_params(gnutls_session_t session,
				   const uint8_t * data, size_t size)
{
	gnutls_ext_priv_data_t epriv;
	status_request_ext_st *priv;
	int ret;

	if (session->security_parameters.entity == GNUTLS_CLIENT) {
		ret = _gnutls_hello_ext_get_priv(session,
						 GNUTLS_EXTENSION_STATUS_REQUEST,
						 &epriv);
		if (ret < 0 || epriv == NULL)	/* it is ok not to have it */
			return 0;
		priv = epriv;

		return client_recv(session, priv, data, size);
	} else {
		return server_recv(session, data, size);
	}
}

/**
 * gnutls_ocsp_status_request_enable_client:
 * @session: is a #gnutls_session_t type.
 * @responder_id: ignored, must be %NULL
 * @responder_id_size: ignored, must be zero
 * @extensions: ignored, must be %NULL
 *
 * This function is to be used by clients to request OCSP response
 * from the server, using the "status_request" TLS extension.  Only
 * OCSP status type is supported.
 *
 * Previous versions of GnuTLS supported setting @responder_id and
 * @extensions fields, but due to the difficult semantics of the
 * parameter usage, and other issues, this support was removed
 * since 3.6.0 and these parameters must be set to %NULL.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
 *   otherwise a negative error code is returned.
 *
 * Since: 3.1.3
 **/
int
gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
					 gnutls_datum_t * responder_id,
					 size_t responder_id_size,
					 gnutls_datum_t * extensions)
{
	status_request_ext_st *priv;
	gnutls_ext_priv_data_t epriv;

	if (session->security_parameters.entity == GNUTLS_SERVER)
		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

	epriv = priv = gnutls_calloc(1, sizeof(*priv));
	if (priv == NULL)
		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);

	_gnutls_hello_ext_set_priv(session,
				     GNUTLS_EXTENSION_STATUS_REQUEST,
				     epriv);

	return 0;
}


static void _gnutls_status_request_deinit_data(gnutls_ext_priv_data_t epriv)
{
	status_request_ext_st *priv = epriv;

	if (priv == NULL)
		return;

	gnutls_free(priv->sresp.data);
	gnutls_free(priv);
}

const hello_ext_entry_st ext_mod_status_request = {
	.name = "OCSP Status Request",
	.tls_id = STATUS_REQUEST_TLS_ID,
	.gid = GNUTLS_EXTENSION_STATUS_REQUEST,
	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
		    GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
	.client_parse_point = _GNUTLS_EXT_TLS_POST_CS,
	.server_parse_point = _GNUTLS_EXT_TLS_POST_CS,
	.recv_func = _gnutls_status_request_recv_params,
	.send_func = _gnutls_status_request_send_params,
	.deinit_func = _gnutls_status_request_deinit_data,
	.cannot_be_overriden = 1
};

/* Functions to be called from handshake */

int
_gnutls_send_server_certificate_status(gnutls_session_t session, int again)
{
	mbuffer_st *bufel = NULL;
	uint8_t *data;
	int data_size = 0;
	int ret;
	gnutls_ext_priv_data_t epriv;
	status_request_ext_st *priv;

	if (!(session->internals.hsk_flags & HSK_OCSP_REQUESTED))
		return 0;

	if (again == 0) {
		ret =
		    _gnutls_hello_ext_get_priv(session,
						GNUTLS_EXTENSION_STATUS_REQUEST,
						&epriv);
		if (ret < 0)
			return 0;

		priv = epriv;

		if (!priv->sresp.size)
			return 0;

		data_size = priv->sresp.size + 4;
		bufel =
		    _gnutls_handshake_alloc(session, data_size);
		if (!bufel) {
			_gnutls_free_datum(&priv->sresp);
			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
		}

		data = _mbuffer_get_udata_ptr(bufel);

		data[0] = 0x01;
		_gnutls_write_uint24(priv->sresp.size, &data[1]);
		memcpy(&data[4], priv->sresp.data, priv->sresp.size);

		_gnutls_free_datum(&priv->sresp);
	}
	return _gnutls_send_handshake(session, data_size ? bufel : NULL,
				      GNUTLS_HANDSHAKE_CERTIFICATE_STATUS);
}

int _gnutls_parse_ocsp_response(gnutls_session_t session, const uint8_t *data, ssize_t data_size, gnutls_datum_t *resp)
{
	int ret;
	ssize_t r_size;

	resp->data = 0;
	resp->size = 0;

	/* minimum message is type (1) + response (3) + data */
	if (data_size < 4)
		return
		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	if (data[0] != 0x01) {
		gnutls_assert();
		_gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",
				      session, data[0]);
		return 0;
	}

	DECR_LENGTH_RET(data_size, 1,
			GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
	data++;

	DECR_LENGTH_RET(data_size, 3,
			GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	r_size = _gnutls_read_uint24(data);
	data += 3;

	DECR_LENGTH_RET(data_size, r_size,
			GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	if (r_size < 1)
		return
		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	ret = _gnutls_set_datum(resp, data, r_size);
	if (ret < 0)
		return gnutls_assert_val(ret);

	return 0;
}

int _gnutls_recv_server_certificate_status(gnutls_session_t session)
{
	uint8_t *data;
	ssize_t data_size;
	gnutls_buffer_st buf;
	int ret;
	gnutls_datum_t resp;
	status_request_ext_st *priv = NULL;
	gnutls_ext_priv_data_t epriv;
	cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);

	if (info == NULL)
		return 0;

	ret =
	    _gnutls_hello_ext_get_priv(session,
					 GNUTLS_EXTENSION_STATUS_REQUEST,
					 &epriv);
	if (ret < 0)
		return 0;

	priv = epriv;

	if (!priv->expect_cstatus)
		return 0;

	ret = _gnutls_recv_handshake(session,
				     GNUTLS_HANDSHAKE_CERTIFICATE_STATUS,
				     1, &buf);
	if (ret < 0)
		return gnutls_assert_val_fatal(ret);

	priv->expect_cstatus = 0;

	data = buf.data;
	data_size = buf.length;

	if (data_size == 0) {
		ret = 0;
		goto error;
	}

	ret = _gnutls_parse_ocsp_response(session, data, data_size, &resp);
	if (ret < 0) {
		gnutls_assert();
		goto error;
	}

	if (resp.data && resp.size > 0) {
		info->raw_ocsp_list = gnutls_malloc(sizeof(gnutls_datum_t));
		if (info->raw_ocsp_list == NULL) {
			ret = GNUTLS_E_MEMORY_ERROR;
			goto error;
		}
		info->raw_ocsp_list[0].data = resp.data;
		info->raw_ocsp_list[0].size = resp.size;
		info->nocsp = 1;
	}

	ret = 0;

      error:
	_gnutls_buffer_clear(&buf);

	return ret;
}

#endif