Merge pull request #7543 from u3s/kuba/ssl/client_ocsp/OTP-18606

Kuba/ssl/client ocsp/otp 18606

Author: u3s

lib/public_key/doc/src/public_key.xml

@@ -771,6 +771,31 @@ fun(#'DistributionPoint'{}, #'CertificateList'{},
     </desc>
   </func>
 
+  <func>
+    <name name="pkix_ocsp_validate" arity="5" since="OTP 27.0"/>
+    <fsummary>Validate OCSP response.</fsummary>
+    <desc>
+      <p>Perform OCSP response validation according to RFC
+      6960. Returns 'ok' when OCSP response is successfully
+      validated and {error, {bad_cert, Reason}} otherwise.</p>
+
+      <p>Available options:</p>
+      <taglist>
+	<tag>{is_trusted_responder_fun, fun()}</tag>
+	<item>
+	  <p>The fun has the following type specification:</p>
+	  <code> fun(#cert{}) ->
+	  boolean()</code>
+	  <p>The fun returns the <c>true</c> if certificate in the
+	  argument is trusted. If this fun is not specified, Public
+	  Key uses the default implementation:
+	  </p>
+	  <code> fun(_) -> false end</code>
+	</item>
+      </taglist>
+    </desc>
+  </func>
+
   <func>
     <name name="pkix_sign" arity="2" since="OTP R14B"/>
     <fsummary>Signs certificate.</fsummary>

lib/public_key/src/pubkey_ocsp.erl

@@ -19,23 +19,18 @@
 %%
 
 -module(pubkey_ocsp).
+-feature(maybe_expr,enable).
 -include("public_key.hrl").
 
 -export([find_single_response/3,
          get_acceptable_response_types_extn/0,
          get_nonce_extn/1,
-         get_ocsp_responder_id/1,
-         ocsp_status/1,
-         verify_ocsp_response/3,
-         decode_ocsp_response/1]).
+         status/1,
+         verify_response/5,
+         decode_response/1]).
 %% Tracing
 -export([handle_trace/3]).
 
--spec get_ocsp_responder_id(#'Certificate'{}) -> binary().
-get_ocsp_responder_id(#'Certificate'{tbsCertificate = TbsCert}) ->
-    public_key:der_encode(
-        'ResponderID', {byName, TbsCert#'TBSCertificate'.subject}).
-
 -spec get_nonce_extn(undefined | binary()) -> undefined | #'Extension'{}.
 get_nonce_extn(undefined) ->
     undefined;
@@ -45,10 +40,29 @@ get_nonce_extn(Nonce) when is_binary(Nonce) ->
         extnValue = Nonce
     }.
 
--spec verify_ocsp_response(#'BasicOCSPResponse'{}, list(), undefined | binary()) ->
+-spec verify_response(#'BasicOCSPResponse'{}, list(), undefined | binary(),
+                           public_key:cert(), fun()) ->
     {ok, term()} | {error, term()}.
-verify_ocsp_response(OCSPResponse, ResponderCerts, Nonce) ->
-    do_verify_ocsp_response(OCSPResponse, ResponderCerts, Nonce).
+verify_response(#'BasicOCSPResponse'{
+                   tbsResponseData = ResponseData,
+                   signatureAlgorithm = SignatureAlgo,
+                   signature = Signature},
+                ResponderCerts, Nonce, IssuerCert,
+                IsTrustedResponderFun) ->
+    #'ResponseData'{responderID = ResponderID,
+                    producedAt = ProducedAt} = ResponseData,
+    maybe
+        ok ?= verify_past_timestamp(ProducedAt),
+        ok ?= verify_signature(
+                public_key:der_encode('ResponseData', ResponseData),
+                SignatureAlgo#'AlgorithmIdentifier'.algorithm,
+                Signature, ResponderCerts,
+                ResponderID, IssuerCert, IsTrustedResponderFun),
+        verify_nonce(ResponseData, Nonce)
+    else
+        {error, Reason} ->
+            {error, Reason}
+    end.
 
 -spec get_acceptable_response_types_extn() -> #'Extension'{}.
 get_acceptable_response_types_extn() ->
@@ -67,15 +81,15 @@ find_single_response(Cert, IssuerCert, SingleResponseList) ->
     SerialNum = get_serial_num(Cert),
     match_single_response(IssuerName, IssuerKey, SerialNum, SingleResponseList).
 
--spec ocsp_status({atom(), term()}) -> atom() | {atom(), {atom(), term()}}.
-ocsp_status({good, _}) ->
-    valid;
-ocsp_status({unknown, Reason}) ->
-    {bad_cert, {revocation_status_undetermined, Reason}};
-ocsp_status({revoked, Reason}) ->
-    {bad_cert, {revoked, Reason}}.
+-spec status({atom(), term()}) -> ok | {error, {bad_cert, term()}}.
+status({good, _}) ->
+    ok;
+status({unknown, Reason}) ->
+    {error, {bad_cert, {revocation_status_undetermined, Reason}}};
+status({revoked, Reason}) ->
+    {error, {bad_cert, {revoked, Reason}}}.
 
-decode_ocsp_response(ResponseDer) ->
+decode_response(ResponseDer) ->
     Resp = public_key:der_decode('OCSPResponse', ResponseDer),
     case Resp#'OCSPResponse'.responseStatus of
         successful ->
@@ -92,16 +106,23 @@ match_single_response(_IssuerName, _IssuerKey, _SerialNum, []) ->
 match_single_response(IssuerName, IssuerKey, SerialNum,
                       [#'SingleResponse'{
                           certID = #'CertID'{hashAlgorithm = Algo} = CertID} =
-                           Response | Responses]) ->
+                           SingleResponse | Tail]) ->
+    #'SingleResponse'{thisUpdate = ThisUpdate,
+                      nextUpdate = NextUpdate} = SingleResponse,
     HashType = public_key:pkix_hash_type(Algo#'AlgorithmIdentifier'.algorithm),
     case (SerialNum == CertID#'CertID'.serialNumber) andalso
         (crypto:hash(HashType, IssuerName) == CertID#'CertID'.issuerNameHash) andalso
-        (crypto:hash(HashType, IssuerKey) == CertID#'CertID'.issuerKeyHash) of
+        (crypto:hash(HashType, IssuerKey) == CertID#'CertID'.issuerKeyHash) andalso
+        verify_past_timestamp(ThisUpdate) == ok andalso
+        verify_next_update(NextUpdate) == ok of
         true ->
-            {ok, Response};
+            {ok, SingleResponse};
         false ->
-            match_single_response(IssuerName, IssuerKey, SerialNum, Responses)
-    end.
+            match_single_response(IssuerName, IssuerKey, SerialNum, Tail)
+    end;
+match_single_response(IssuerName, IssuerKey, SerialNum,
+                      [_BadSingleResponse | Tail]) ->
+    match_single_response(IssuerName, IssuerKey, SerialNum, Tail).
 
 get_serial_num(#'OTPCertificate'{tbsCertificate = TbsCert}) ->
     TbsCert#'OTPTBSCertificate'.serialNumber.
@@ -113,24 +134,7 @@ decode_response_bytes(#'ResponseBytes'{
 decode_response_bytes(#'ResponseBytes'{responseType = RespType}) ->
     {error, {ocsp_response_type_not_supported, RespType}}.
 
-do_verify_ocsp_response(#'BasicOCSPResponse'{
-                           tbsResponseData = ResponseData,
-                           signatureAlgorithm = SignatureAlgo,
-                           signature = Signature},
-                        ResponderCerts, Nonce) ->
-    #'ResponseData'{responderID = ResponderID} = ResponseData,
-    case verify_ocsp_signature(
-           public_key:der_encode('ResponseData', ResponseData),
-           SignatureAlgo#'AlgorithmIdentifier'.algorithm,
-           Signature, ResponderCerts,
-           ResponderID) of
-        ok ->
-            verify_ocsp_nonce(ResponseData, Nonce);
-        {error, Reason} ->
-            {error, Reason}
-    end.
-
-verify_ocsp_nonce(ResponseData, Nonce) ->
+verify_nonce(ResponseData, Nonce) ->
     #'ResponseData'{responses = Responses, responseExtensions = ResponseExtns} =
         ResponseData,
     case get_nonce_value(ResponseExtns) of
@@ -153,31 +157,91 @@ get_nonce_value([#'Extension'{
 get_nonce_value([_Extn | Rest]) ->
     get_nonce_value(Rest).
 
-verify_ocsp_signature(ResponseDataDer, SignatureAlgo, Signature,
-                      Certs, ResponderID) ->
-    case find_responder_cert(ResponderID, Certs) of
-        {ok, Cert} ->
-            do_verify_ocsp_signature(
-                ResponseDataDer, Signature, SignatureAlgo, Cert);
-        {error, Reason} ->
-            {error, Reason}
+verify_signature(_, _, _, [], _, _, _) ->
+    {error, ocsp_responder_cert_not_found};
+verify_signature(ResponseDataDer, SignatureAlgo, Signature,
+                 [ResponderCert | RCs], ResponderID, IssuerCert,
+                 IsTrustedResponderFun) ->
+    maybe
+        true ?= is_responder_cert(ResponderID, ResponderCert),
+        true ?= is_authorized_responder(ResponderCert, IssuerCert,
+                                        IsTrustedResponderFun),
+        ok ?= do_verify_signature(ResponseDataDer, Signature, SignatureAlgo,
+                                  ResponderCert)
+    else
+        _->
+            verify_signature(ResponseDataDer, SignatureAlgo, Signature,
+                             RCs, ResponderID, IssuerCert,
+                             IsTrustedResponderFun)
     end.
 
-find_responder_cert(_ResponderID, []) ->
-    {error, ocsp_responder_cert_not_found};
-find_responder_cert(ResponderID, [Cert | TCerts]) ->
-    case is_responder(ResponderID, Cert) of
+verify_past_timestamp(Timestamp) ->
+    {Now, TimestampSec} = get_time_in_sec(Timestamp),
+    verify_timestamp(Now, TimestampSec, past_timestamp).
+
+verify_future_timestamp(Timestamp) ->
+    {Now, TimestampSec} = get_time_in_sec(Timestamp),
+    verify_timestamp(Now, TimestampSec, future_timestamp).
+
+verify_timestamp(Now, Timestamp, past_timestamp) when Timestamp =< Now ->
+    ok;
+verify_timestamp(Now, Timestamp, future_timestamp) when Now =< Timestamp ->
+    ok;
+verify_timestamp(_, _, _) ->
+    {error, ocsp_stale_response}.
+
+get_time_in_sec(Timestamp) ->
+    Now = calendar:datetime_to_gregorian_seconds(calendar:universal_time()),
+    TimestampSec = pubkey_cert:time_str_2_gregorian_sec(
+                     {generalTime, Timestamp}),
+    {Now, TimestampSec}.
+
+verify_next_update(asn1_NOVALUE) ->
+    ok;
+verify_next_update(NextUpdate) ->
+    verify_future_timestamp(NextUpdate).
+
+is_responder_cert({byName, Name}, #cert{otp = Cert}) ->
+    public_key:der_encode('Name', Name) == get_subject_name(Cert);
+is_responder_cert({byKey, Key}, #cert{otp = Cert}) ->
+    Key == crypto:hash(sha, get_public_key(Cert)).
+
+is_authorized_responder(CombinedResponderCert = #cert{otp = ResponderCert},
+                        IssuerCert, IsTrustedResponderFun) ->
+    Case1 =
+        %% the CA who issued the certificate in question signed the
+        %% response
+        fun() ->
+                ResponderCert == IssuerCert
+        end,
+    Case2 =
+        %% a CA Designated Responder (Authorized Responder, defined in
+        %%      Section 4.2.2.2) who holds a specially marked certificate
+        %%      issued directly by the CA, indicating that the responder may
+        %%      issue OCSP responses for that CA (id-kp-OCSPSigning)
+        fun() ->
+                public_key:pkix_is_issuer(ResponderCert, IssuerCert) andalso
+                                 designated_for_ocsp_signing(ResponderCert)
+        end,
+    Case3 =
+        %% a Trusted Responder whose public key is trusted by the requestor
+        fun() ->
+                IsTrustedResponderFun(CombinedResponderCert)
+        end,
+
+    case lists:any(fun(E) -> E() end, [Case1, Case2, Case3]) of
         true ->
-            {ok, Cert};
+            true;
         false ->
-            find_responder_cert(ResponderID, TCerts)
+            not_authorized_responder
     end.
 
-do_verify_ocsp_signature(ResponseDataDer, Signature, AlgorithmID, Cert) ->
+do_verify_signature(ResponseDataDer, Signature, AlgorithmID,
+                    #cert{otp = ResponderCert}) ->
     {DigestType, _SignatureType} = public_key:pkix_sign_types(AlgorithmID),
     case public_key:verify(
            ResponseDataDer, DigestType, Signature,
-           get_public_key_rec(Cert)) of
+           get_public_key_rec(ResponderCert)) of
         true ->
             ok;
         false ->
@@ -188,11 +252,6 @@ get_public_key_rec(#'OTPCertificate'{tbsCertificate = TbsCert}) ->
     PKInfo = TbsCert#'OTPTBSCertificate'.subjectPublicKeyInfo,
     PKInfo#'OTPSubjectPublicKeyInfo'.subjectPublicKey.
 
-is_responder({byName, Name}, Cert) ->
-    public_key:der_encode('Name', Name) == get_subject_name(Cert);
-is_responder({byKey, Key}, Cert) ->
-    Key == crypto:hash(sha, get_public_key(Cert)).
-
 get_subject_name(#'OTPCertificate'{tbsCertificate = TbsCert}) ->
     public_key:pkix_encode('Name', TbsCert#'OTPTBSCertificate'.subject, otp).
 
@@ -207,22 +266,26 @@ enc_pub_key({DsaInt, #'Dss-Parms'{}}) when is_integer(DsaInt) ->
 enc_pub_key({#'ECPoint'{point = Key}, _ECParam}) ->
     Key.
 
+designated_for_ocsp_signing(OtpCert) ->
+    TBSCert = OtpCert#'OTPCertificate'.tbsCertificate,
+    TBSExtensions = TBSCert#'OTPTBSCertificate'.extensions,
+    Extensions = pubkey_cert:extensions_list(TBSExtensions),
+    case pubkey_cert:select_extension(?'id-ce-extKeyUsage', Extensions) of
+	undefined ->
+	    false;
+	#'Extension'{extnValue = KeyUses} ->
+            lists:member(?'id-kp-OCSPSigning', KeyUses)
+    end.
+
 %%%################################################################
 %%%#
 %%%# Tracing
 %%%#
-handle_trace(csp,
-             {call, {?MODULE, do_verify_ocsp_response, [BasicOcspResponse | _]}}, Stack) ->
-    #'BasicOCSPResponse'{
-       tbsResponseData =
-           #'ResponseData'{responderID = ResponderID,
-                           producedAt = ProducedAt}} = BasicOcspResponse,
-    {io_lib:format("ResponderId = ~W producedAt = ~p", [ResponderID, 5, ProducedAt]), Stack};
 handle_trace(csp,
              {call, {?MODULE, match_single_response,
                      [_IssuerName, _IssuerKey, _SerialNum,
                      [#'SingleResponse'{thisUpdate = ThisUpdate,
-                                        nextUpdate = NextUpdate}]]}}, Stack) ->
+                                        nextUpdate = NextUpdate} | _]]}}, Stack) ->
     {io_lib:format("ThisUpdate = ~p NextUpdate = ~p", [ThisUpdate, NextUpdate]), Stack};
 handle_trace(csp,
              {call, {?MODULE, is_responder, [Id, Cert]}}, Stack) ->