2010-06-09 16:53:51 +00:00
|
|
|
|
/* validate.c - Validate a certificate chain.
|
|
|
|
|
* Copyright (C) 2001, 2003, 2004, 2008 Free Software Foundation, Inc.
|
2017-02-17 14:19:15 +01:00
|
|
|
|
* Copyright (C) 2004, 2006, 2008, 2017 g10 Code GmbH
|
2010-06-09 16:53:51 +00:00
|
|
|
|
*
|
|
|
|
|
* This file is part of DirMngr.
|
|
|
|
|
*
|
|
|
|
|
* DirMngr is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* DirMngr is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#include <ctype.h>
|
|
|
|
|
|
|
|
|
|
#include "dirmngr.h"
|
|
|
|
|
#include "certcache.h"
|
|
|
|
|
#include "crlcache.h"
|
|
|
|
|
#include "validate.h"
|
|
|
|
|
#include "misc.h"
|
|
|
|
|
|
2017-02-17 14:19:15 +01:00
|
|
|
|
|
|
|
|
|
/* Mode parameters for cert_check_usage(). */
|
|
|
|
|
enum cert_usage_modes
|
|
|
|
|
{
|
|
|
|
|
CERT_USAGE_MODE_SIGN, /* Usable for encryption. */
|
|
|
|
|
CERT_USAGE_MODE_ENCR, /* Usable for signing. */
|
|
|
|
|
CERT_USAGE_MODE_VRFY, /* Usable for verification. */
|
|
|
|
|
CERT_USAGE_MODE_DECR, /* Usable for decryption. */
|
|
|
|
|
CERT_USAGE_MODE_CERT, /* Usable for cert signing. */
|
|
|
|
|
CERT_USAGE_MODE_OCSP, /* Usable for OCSP respone signing. */
|
|
|
|
|
CERT_USAGE_MODE_CRL /* Usable for CRL signing. */
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
/* While running the validation function we need to keep track of the
|
|
|
|
|
certificates and the validation outcome of each. We use this type
|
|
|
|
|
for it. */
|
|
|
|
|
struct chain_item_s
|
|
|
|
|
{
|
|
|
|
|
struct chain_item_s *next;
|
|
|
|
|
ksba_cert_t cert; /* The certificate. */
|
|
|
|
|
unsigned char fpr[20]; /* Fingerprint of the certificate. */
|
|
|
|
|
int is_self_signed; /* This certificate is self-signed. */
|
|
|
|
|
int is_valid; /* The certifiate is valid except for revocations. */
|
|
|
|
|
};
|
|
|
|
|
typedef struct chain_item_s *chain_item_t;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* A couple of constants with Object Identifiers. */
|
|
|
|
|
static const char oid_kp_serverAuth[] = "1.3.6.1.5.5.7.3.1";
|
|
|
|
|
static const char oid_kp_clientAuth[] = "1.3.6.1.5.5.7.3.2";
|
|
|
|
|
static const char oid_kp_codeSigning[] = "1.3.6.1.5.5.7.3.3";
|
|
|
|
|
static const char oid_kp_emailProtection[]= "1.3.6.1.5.5.7.3.4";
|
|
|
|
|
static const char oid_kp_timeStamping[] = "1.3.6.1.5.5.7.3.8";
|
|
|
|
|
static const char oid_kp_ocspSigning[] = "1.3.6.1.5.5.7.3.9";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Prototypes. */
|
|
|
|
|
static gpg_error_t check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
|
|
|
|
|
|
|
|
|
|
|
2017-02-21 14:55:04 +01:00
|
|
|
|
/* Make sure that the values defined in the headers are correct. We
|
|
|
|
|
* can't use the preprocessor due to the use of enums. */
|
|
|
|
|
static void
|
|
|
|
|
check_header_constants (void)
|
|
|
|
|
{
|
|
|
|
|
log_assert (CERTTRUST_CLASS_SYSTEM == VALIDATE_FLAG_TRUST_SYSTEM);
|
|
|
|
|
log_assert (CERTTRUST_CLASS_CONFIG == VALIDATE_FLAG_TRUST_CONFIG);
|
|
|
|
|
log_assert (CERTTRUST_CLASS_HKP == VALIDATE_FLAG_TRUST_HKP);
|
|
|
|
|
log_assert (CERTTRUST_CLASS_HKPSPOOL == VALIDATE_FLAG_TRUST_HKPSPOOL);
|
|
|
|
|
|
|
|
|
|
#undef X
|
|
|
|
|
#define X (VALIDATE_FLAG_TRUST_SYSTEM | VALIDATE_FLAG_TRUST_CONFIG \
|
|
|
|
|
| VALIDATE_FLAG_TRUST_HKP | VALIDATE_FLAG_TRUST_HKPSPOOL)
|
|
|
|
|
|
|
|
|
|
#if ( X & VALIDATE_FLAG_MASK_TRUST ) != X
|
|
|
|
|
# error VALIDATE_FLAG_MASK_TRUST is bad
|
|
|
|
|
#endif
|
|
|
|
|
#if ( ~X & VALIDATE_FLAG_MASK_TRUST )
|
|
|
|
|
# error VALIDATE_FLAG_MASK_TRUST is bad
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#undef X
|
|
|
|
|
}
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Check whether CERT contains critical extensions we don't know
|
|
|
|
|
about. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
unknown_criticals (ksba_cert_t cert)
|
|
|
|
|
{
|
|
|
|
|
static const char *known[] = {
|
|
|
|
|
"2.5.29.15", /* keyUsage */
|
|
|
|
|
"2.5.29.19", /* basic Constraints */
|
|
|
|
|
"2.5.29.32", /* certificatePolicies */
|
|
|
|
|
"2.5.29.37", /* extendedKeyUsage */
|
|
|
|
|
NULL
|
|
|
|
|
};
|
|
|
|
|
int i, idx, crit;
|
|
|
|
|
const char *oid;
|
|
|
|
|
int unsupported;
|
|
|
|
|
strlist_t sl;
|
|
|
|
|
gpg_error_t err, rc;
|
|
|
|
|
|
|
|
|
|
rc = 0;
|
|
|
|
|
for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
|
|
|
|
|
&oid, &crit, NULL, NULL));idx++)
|
|
|
|
|
{
|
|
|
|
|
if (!crit)
|
|
|
|
|
continue;
|
|
|
|
|
for (i=0; known[i] && strcmp (known[i],oid); i++)
|
|
|
|
|
;
|
|
|
|
|
unsupported = !known[i];
|
|
|
|
|
|
|
|
|
|
/* If this critical extension is not supported, check the list
|
|
|
|
|
of to be ignored extensions to see whether we claim that it
|
|
|
|
|
is supported. */
|
|
|
|
|
if (unsupported && opt.ignored_cert_extensions)
|
|
|
|
|
{
|
|
|
|
|
for (sl=opt.ignored_cert_extensions;
|
|
|
|
|
sl && strcmp (sl->d, oid); sl = sl->next)
|
|
|
|
|
;
|
|
|
|
|
if (sl)
|
|
|
|
|
unsupported = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (unsupported)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("critical certificate extension %s is not supported"),
|
|
|
|
|
oid);
|
|
|
|
|
rc = gpg_error (GPG_ERR_UNSUPPORTED_CERT);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (err && gpg_err_code (err) != GPG_ERR_EOF)
|
2017-04-28 10:06:33 +09:00
|
|
|
|
rc = err; /* Such an error takes precedence. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
return rc;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Basic check for supported policies. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
check_cert_policy (ksba_cert_t cert)
|
|
|
|
|
{
|
|
|
|
|
static const char *allowed[] = {
|
|
|
|
|
"2.289.9.9",
|
|
|
|
|
NULL
|
|
|
|
|
};
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int idx;
|
|
|
|
|
char *p, *haystack;
|
|
|
|
|
char *policies;
|
|
|
|
|
int any_critical;
|
|
|
|
|
|
|
|
|
|
err = ksba_cert_get_cert_policies (cert, &policies);
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
|
|
|
|
|
return 0; /* No policy given. */
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
/* STRING is a line delimited list of certifiate policies as stored
|
|
|
|
|
in the certificate. The line itself is colon delimited where the
|
|
|
|
|
first field is the OID of the policy and the second field either
|
|
|
|
|
N or C for normal or critical extension */
|
|
|
|
|
if (opt.verbose > 1)
|
|
|
|
|
log_info ("certificate's policy list: %s\n", policies);
|
|
|
|
|
|
|
|
|
|
/* The check is very minimal but won't give false positives */
|
|
|
|
|
any_critical = !!strstr (policies, ":C");
|
|
|
|
|
|
|
|
|
|
/* See whether we find ALLOWED (which is an OID) in POLICIES */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (idx=0; allowed[idx]; idx++)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
|
|
|
|
for (haystack=policies; (p=strstr (haystack, allowed[idx]));
|
|
|
|
|
haystack = p+1)
|
|
|
|
|
{
|
|
|
|
|
if ( !(p == policies || p[-1] == '\n') )
|
|
|
|
|
continue; /* Does not match the begin of a line. */
|
|
|
|
|
if (p[strlen (allowed[idx])] != ':')
|
|
|
|
|
continue; /* The length does not match. */
|
|
|
|
|
/* Yep - it does match: Return okay. */
|
|
|
|
|
ksba_free (policies);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (!any_critical)
|
|
|
|
|
{
|
2014-10-10 15:29:42 +02:00
|
|
|
|
log_info (_("Note: non-critical certificate policy not allowed"));
|
2010-06-09 16:53:51 +00:00
|
|
|
|
err = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
log_info (_("certificate policy not allowed"));
|
|
|
|
|
err = gpg_error (GPG_ERR_NO_POLICY_MATCH);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ksba_free (policies);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
allowed_ca (ksba_cert_t cert, int *chainlen)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int flag;
|
|
|
|
|
|
|
|
|
|
err = ksba_cert_is_ca (cert, &flag, chainlen);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
if (!flag)
|
|
|
|
|
{
|
2017-02-21 12:23:20 +01:00
|
|
|
|
if (!is_trusted_cert (cert, CERTTRUST_CLASS_CONFIG))
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
|
|
|
|
/* The German SigG Root CA's certificate does not flag
|
|
|
|
|
itself as a CA; thus we relax this requirement if we
|
|
|
|
|
trust a root CA. I think this is reasonable. Note, that
|
|
|
|
|
gpgsm implements a far stricter scheme here. */
|
|
|
|
|
if (chainlen)
|
|
|
|
|
*chainlen = 3; /* That is what the SigG implements. */
|
|
|
|
|
if (opt.verbose)
|
|
|
|
|
log_info (_("accepting root CA not marked as a CA"));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
log_error (_("issuer certificate is not marked as a CA"));
|
|
|
|
|
return gpg_error (GPG_ERR_BAD_CA_CERT);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Helper for validate_cert_chain. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
check_revocations (ctrl_t ctrl, chain_item_t chain)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
|
int any_revoked = 0;
|
|
|
|
|
int any_no_crl = 0;
|
|
|
|
|
int any_crl_too_old = 0;
|
|
|
|
|
chain_item_t ci;
|
|
|
|
|
|
2017-02-17 16:39:48 +01:00
|
|
|
|
log_assert (ctrl->check_revocations_nest_level >= 0);
|
|
|
|
|
log_assert (chain);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
if (ctrl->check_revocations_nest_level > 10)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("CRL checking too deeply nested\n"));
|
|
|
|
|
return gpg_error(GPG_ERR_BAD_CERT_CHAIN);
|
|
|
|
|
}
|
|
|
|
|
ctrl->check_revocations_nest_level++;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for (ci=chain; ci; ci = ci->next)
|
|
|
|
|
{
|
|
|
|
|
assert (ci->cert);
|
|
|
|
|
if (ci == chain)
|
|
|
|
|
{
|
|
|
|
|
/* It does not make sense to check the root certificate for
|
|
|
|
|
revocations. In almost all cases this will lead to a
|
|
|
|
|
catch-22 as the root certificate is the final trust
|
|
|
|
|
anchor for the certificates and the CRLs. We expect the
|
|
|
|
|
user to remove root certificates from the list of trusted
|
|
|
|
|
certificates in case they have been revoked. */
|
|
|
|
|
if (opt.verbose)
|
|
|
|
|
cert_log_name (_("not checking CRL for"), ci->cert);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
continue;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (opt.verbose)
|
|
|
|
|
cert_log_name (_("checking CRL for"), ci->cert);
|
|
|
|
|
err = crl_cache_cert_isvalid (ctrl, ci->cert, 0);
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NO_CRL_KNOWN)
|
|
|
|
|
{
|
|
|
|
|
err = crl_cache_reload_crl (ctrl, ci->cert);
|
|
|
|
|
if (!err)
|
|
|
|
|
err = crl_cache_cert_isvalid (ctrl, ci->cert, 0);
|
|
|
|
|
}
|
|
|
|
|
switch (gpg_err_code (err))
|
|
|
|
|
{
|
|
|
|
|
case 0: err = 0; break;
|
|
|
|
|
case GPG_ERR_CERT_REVOKED: any_revoked = 1; err = 0; break;
|
|
|
|
|
case GPG_ERR_NO_CRL_KNOWN: any_no_crl = 1; err = 0; break;
|
|
|
|
|
case GPG_ERR_CRL_TOO_OLD: any_crl_too_old = 1; err = 0; break;
|
|
|
|
|
default: break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ctrl->check_revocations_nest_level--;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
|
;
|
|
|
|
|
else if (any_revoked)
|
|
|
|
|
err = gpg_error (GPG_ERR_CERT_REVOKED);
|
|
|
|
|
else if (any_no_crl)
|
|
|
|
|
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
|
|
|
|
|
else if (any_crl_too_old)
|
|
|
|
|
err = gpg_error (GPG_ERR_CRL_TOO_OLD);
|
|
|
|
|
else
|
|
|
|
|
err = 0;
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Check whether CERT is a root certificate. ISSUERDN and SUBJECTDN
|
|
|
|
|
are the DNs already extracted by the caller from CERT. Returns
|
|
|
|
|
True if this is the case. */
|
|
|
|
|
static int
|
|
|
|
|
is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int result = 0;
|
|
|
|
|
ksba_sexp_t serialno;
|
|
|
|
|
ksba_sexp_t ak_keyid;
|
|
|
|
|
ksba_name_t ak_name;
|
|
|
|
|
ksba_sexp_t ak_sn;
|
|
|
|
|
const char *ak_name_str;
|
|
|
|
|
ksba_sexp_t subj_keyid = NULL;
|
|
|
|
|
|
|
|
|
|
if (!issuerdn || !subjectdn)
|
|
|
|
|
return 0; /* No. */
|
|
|
|
|
|
|
|
|
|
if (strcmp (issuerdn, subjectdn))
|
|
|
|
|
return 0; /* No. */
|
|
|
|
|
|
|
|
|
|
err = ksba_cert_get_auth_key_id (cert, &ak_keyid, &ak_name, &ak_sn);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
|
|
|
|
|
return 1; /* Yes. Without a authorityKeyIdentifier this needs
|
2017-04-28 10:06:33 +09:00
|
|
|
|
to be the Root certificate (our trust anchor). */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
log_error ("error getting authorityKeyIdentifier: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
return 0; /* Well, it is broken anyway. Return No. */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
serialno = ksba_cert_get_serial (cert);
|
|
|
|
|
if (!serialno)
|
|
|
|
|
{
|
|
|
|
|
log_error ("error getting serialno: %s\n", gpg_strerror (err));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check whether the auth name's matches the issuer name+sn. If
|
|
|
|
|
that is the case this is a root certificate. */
|
|
|
|
|
ak_name_str = ksba_name_enum (ak_name, 0);
|
|
|
|
|
if (ak_name_str
|
2011-02-04 12:57:53 +01:00
|
|
|
|
&& !strcmp (ak_name_str, issuerdn)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
&& !cmp_simple_canon_sexp (ak_sn, serialno))
|
|
|
|
|
{
|
|
|
|
|
result = 1; /* Right, CERT is self-signed. */
|
|
|
|
|
goto leave;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
/* Similar for the ak_keyid. */
|
|
|
|
|
if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
|
|
|
|
|
&& !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
|
|
|
|
|
{
|
|
|
|
|
result = 1; /* Right, CERT is self-signed. */
|
|
|
|
|
goto leave;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
ksba_free (subj_keyid);
|
|
|
|
|
ksba_free (ak_keyid);
|
|
|
|
|
ksba_name_release (ak_name);
|
|
|
|
|
ksba_free (ak_sn);
|
|
|
|
|
ksba_free (serialno);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return result;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Validate the certificate CHAIN up to the trust anchor. Optionally
|
|
|
|
|
return the closest expiration time in R_EXPTIME (this is useful for
|
2011-02-04 12:57:53 +01:00
|
|
|
|
caching issues). MODE is one of the VALIDATE_MODE_* constants.
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
2016-08-18 11:23:40 +02:00
|
|
|
|
Note that VALIDATE_MODE_OCSP is not used due to the removal of the
|
|
|
|
|
system service in 2.1.15. Instead only the callback to gpgsm to
|
|
|
|
|
validate a certificate is used.
|
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
If R_TRUST_ANCHOR is not NULL and the validation would fail only
|
|
|
|
|
because the root certificate is not trusted, the hexified
|
|
|
|
|
fingerprint of that root certificate is stored at R_TRUST_ANCHOR
|
|
|
|
|
and success is returned. The caller needs to free the value at
|
|
|
|
|
R_TRUST_ANCHOR; in all other cases NULL is stored there. */
|
|
|
|
|
gpg_error_t
|
|
|
|
|
validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
|
2017-02-17 21:31:33 +01:00
|
|
|
|
unsigned int flags, char **r_trust_anchor)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
|
int depth, maxdepth;
|
|
|
|
|
char *issuer = NULL;
|
|
|
|
|
char *subject = NULL;
|
2017-02-16 10:35:18 +01:00
|
|
|
|
ksba_cert_t subject_cert = NULL;
|
|
|
|
|
ksba_cert_t issuer_cert = NULL;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
ksba_isotime_t current_time;
|
|
|
|
|
ksba_isotime_t exptime;
|
|
|
|
|
int any_expired = 0;
|
|
|
|
|
int any_no_policy_match = 0;
|
|
|
|
|
chain_item_t chain;
|
|
|
|
|
|
2017-02-21 14:55:04 +01:00
|
|
|
|
check_header_constants ();
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
if (r_exptime)
|
|
|
|
|
*r_exptime = 0;
|
|
|
|
|
*exptime = 0;
|
|
|
|
|
|
|
|
|
|
if (r_trust_anchor)
|
|
|
|
|
*r_trust_anchor = NULL;
|
|
|
|
|
|
|
|
|
|
if (DBG_X509)
|
|
|
|
|
dump_cert ("subject", cert);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
/* May the target certificate be used for this purpose? */
|
2017-02-17 21:31:33 +01:00
|
|
|
|
if ((flags & VALIDATE_FLAG_OCSP) && (err = check_cert_use_ocsp (cert)))
|
|
|
|
|
return err;
|
|
|
|
|
if ((flags & VALIDATE_FLAG_CRL) && (err = check_cert_use_crl (cert)))
|
2010-06-09 16:53:51 +00:00
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
/* If we already validated the certificate not too long ago, we can
|
|
|
|
|
avoid the excessive computations and lookups unless the caller
|
|
|
|
|
asked for the expiration time. */
|
|
|
|
|
if (!r_exptime)
|
|
|
|
|
{
|
|
|
|
|
size_t buflen;
|
|
|
|
|
time_t validated_at;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
|
|
|
|
err = ksba_cert_get_user_data (cert, "validated_at",
|
2010-06-09 16:53:51 +00:00
|
|
|
|
&validated_at, sizeof (validated_at),
|
|
|
|
|
&buflen);
|
|
|
|
|
if (err || buflen != sizeof (validated_at) || !validated_at)
|
|
|
|
|
err = 0; /* Not available or other error. */
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* If the validation is not older than 30 minutes we are ready. */
|
|
|
|
|
if (validated_at < gnupg_get_time () + (30*60))
|
|
|
|
|
{
|
|
|
|
|
if (opt.verbose)
|
|
|
|
|
log_info ("certificate is good (cached)\n");
|
|
|
|
|
/* Note, that we can't jump to leave here as this would
|
|
|
|
|
falsely updated the validation timestamp. */
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get the current time. */
|
|
|
|
|
gnupg_get_isotime (current_time);
|
|
|
|
|
|
|
|
|
|
/* We walk up the chain until we find a trust anchor. */
|
|
|
|
|
subject_cert = cert;
|
2017-02-16 10:35:18 +01:00
|
|
|
|
maxdepth = 10; /* Sensible limit on the length of the chain. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
chain = NULL;
|
|
|
|
|
depth = 0;
|
|
|
|
|
for (;;)
|
|
|
|
|
{
|
|
|
|
|
/* Get the subject and issuer name from the current
|
|
|
|
|
certificate. */
|
|
|
|
|
ksba_free (issuer);
|
|
|
|
|
ksba_free (subject);
|
|
|
|
|
issuer = ksba_cert_get_issuer (subject_cert, 0);
|
|
|
|
|
subject = ksba_cert_get_subject (subject_cert, 0);
|
|
|
|
|
|
|
|
|
|
if (!issuer)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("no issuer found in certificate\n"));
|
|
|
|
|
err = gpg_error (GPG_ERR_BAD_CERT);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Handle the notBefore and notAfter timestamps. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
{
|
2010-06-09 16:53:51 +00:00
|
|
|
|
ksba_isotime_t not_before, not_after;
|
|
|
|
|
|
|
|
|
|
err = ksba_cert_get_validity (subject_cert, 0, not_before);
|
|
|
|
|
if (!err)
|
|
|
|
|
err = ksba_cert_get_validity (subject_cert, 1, not_after);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("certificate with invalid validity: %s"),
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
err = gpg_error (GPG_ERR_BAD_CERT);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Keep track of the nearest expiration time in EXPTIME. */
|
|
|
|
|
if (*not_after)
|
|
|
|
|
{
|
|
|
|
|
if (!*exptime)
|
|
|
|
|
gnupg_copy_time (exptime, not_after);
|
|
|
|
|
else if (strcmp (not_after, exptime) < 0 )
|
|
|
|
|
gnupg_copy_time (exptime, not_after);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check whether the certificate is already valid. */
|
|
|
|
|
if (*not_before && strcmp (current_time, not_before) < 0 )
|
|
|
|
|
{
|
|
|
|
|
log_error (_("certificate not yet valid"));
|
|
|
|
|
log_info ("(valid from ");
|
|
|
|
|
dump_isotime (not_before);
|
|
|
|
|
log_printf (")\n");
|
|
|
|
|
err = gpg_error (GPG_ERR_CERT_TOO_YOUNG);
|
|
|
|
|
goto leave;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
/* Now check whether the certificate has expired. */
|
|
|
|
|
if (*not_after && strcmp (current_time, not_after) > 0 )
|
|
|
|
|
{
|
|
|
|
|
log_error (_("certificate has expired"));
|
|
|
|
|
log_info ("(expired at ");
|
|
|
|
|
dump_isotime (not_after);
|
|
|
|
|
log_printf (")\n");
|
|
|
|
|
any_expired = 1;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Do we have any critical extensions in the certificate we
|
|
|
|
|
can't handle? */
|
|
|
|
|
err = unknown_criticals (subject_cert);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave; /* yes. */
|
|
|
|
|
|
|
|
|
|
/* Check that given policies are allowed. */
|
|
|
|
|
err = check_cert_policy (subject_cert);
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NO_POLICY_MATCH)
|
|
|
|
|
{
|
|
|
|
|
any_no_policy_match = 1;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
err = 0;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
else if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* Is this a self-signed certificate? */
|
2017-02-16 10:35:18 +01:00
|
|
|
|
if (is_root_cert (subject_cert, issuer, subject))
|
2011-02-04 12:57:53 +01:00
|
|
|
|
{
|
2010-06-09 16:53:51 +00:00
|
|
|
|
/* Yes, this is our trust anchor. */
|
|
|
|
|
if (check_cert_sig (subject_cert, subject_cert) )
|
|
|
|
|
{
|
|
|
|
|
log_error (_("selfsigned certificate has a BAD signature"));
|
|
|
|
|
err = gpg_error (depth? GPG_ERR_BAD_CERT_CHAIN
|
|
|
|
|
: GPG_ERR_BAD_CERT);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Is this certificate allowed to act as a CA. */
|
|
|
|
|
err = allowed_ca (subject_cert, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave; /* No. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2017-02-21 14:55:04 +01:00
|
|
|
|
err = is_trusted_cert (subject_cert,
|
|
|
|
|
(flags & VALIDATE_FLAG_MASK_TRUST));
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (!err)
|
|
|
|
|
; /* Yes we trust this cert. */
|
|
|
|
|
else if (gpg_err_code (err) == GPG_ERR_NOT_TRUSTED)
|
|
|
|
|
{
|
|
|
|
|
char *fpr;
|
|
|
|
|
|
|
|
|
|
log_error (_("root certificate is not marked trusted"));
|
|
|
|
|
fpr = get_fingerprint_hexstring (subject_cert);
|
|
|
|
|
log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
|
|
|
|
|
dump_cert ("issuer", subject_cert);
|
|
|
|
|
if (r_trust_anchor)
|
|
|
|
|
{
|
|
|
|
|
/* Caller wants to do another trustiness check. */
|
|
|
|
|
*r_trust_anchor = fpr;
|
|
|
|
|
err = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
xfree (fpr);
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
|
|
|
|
log_error (_("checking trustworthiness of "
|
|
|
|
|
"root certificate failed: %s\n"),
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
}
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* Prepend the certificate to our list. */
|
|
|
|
|
{
|
|
|
|
|
chain_item_t ci;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
ci = xtrycalloc (1, sizeof *ci);
|
|
|
|
|
if (!ci)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_errno (errno);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
ksba_cert_ref (subject_cert);
|
|
|
|
|
ci->cert = subject_cert;
|
|
|
|
|
cert_compute_fpr (subject_cert, ci->fpr);
|
|
|
|
|
ci->next = chain;
|
|
|
|
|
chain = ci;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opt.verbose)
|
|
|
|
|
{
|
|
|
|
|
if (r_trust_anchor && *r_trust_anchor)
|
|
|
|
|
log_info ("root certificate is good but not trusted\n");
|
|
|
|
|
else
|
|
|
|
|
log_info ("root certificate is good and trusted\n");
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-28 10:06:33 +09:00
|
|
|
|
break; /* Okay: a self-signed certificate is an end-point. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
2015-11-16 12:41:46 +01:00
|
|
|
|
/* To avoid loops, we use an arbitrary limit on the length of
|
2010-06-09 16:53:51 +00:00
|
|
|
|
the chain. */
|
|
|
|
|
depth++;
|
|
|
|
|
if (depth > maxdepth)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("certificate chain too long\n"));
|
|
|
|
|
err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Find the next cert up the tree. */
|
|
|
|
|
ksba_cert_release (issuer_cert); issuer_cert = NULL;
|
|
|
|
|
err = find_issuing_cert (ctrl, subject_cert, &issuer_cert);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("issuer certificate not found"));
|
|
|
|
|
log_info ("issuer certificate: #/");
|
|
|
|
|
dump_string (issuer);
|
|
|
|
|
log_printf ("\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
log_error (_("issuer certificate not found: %s\n"),
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
/* Use a better understandable error code. */
|
2010-10-01 20:33:53 +00:00
|
|
|
|
err = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* try_another_cert: */
|
|
|
|
|
if (DBG_X509)
|
|
|
|
|
{
|
|
|
|
|
log_debug ("got issuer's certificate:\n");
|
|
|
|
|
dump_cert ("issuer", issuer_cert);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-16 10:35:18 +01:00
|
|
|
|
/* Now check the signature of the certificate. FIXME: we should
|
|
|
|
|
* delay this until later so that faked certificates can't be
|
|
|
|
|
* turned into a DoS easily. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
err = check_cert_sig (issuer_cert, subject_cert);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("certificate has a BAD signature"));
|
|
|
|
|
#if 0
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_BAD_SIGNATURE)
|
|
|
|
|
{
|
|
|
|
|
/* We now try to find other issuer certificates which
|
|
|
|
|
might have been used. This is required because some
|
|
|
|
|
CAs are reusing the issuer and subject DN for new
|
|
|
|
|
root certificates without using a authorityKeyIdentifier. */
|
|
|
|
|
rc = find_up (kh, subject_cert, issuer, 1);
|
|
|
|
|
if (!rc)
|
|
|
|
|
{
|
|
|
|
|
ksba_cert_t tmp_cert;
|
|
|
|
|
|
|
|
|
|
rc = keydb_get_cert (kh, &tmp_cert);
|
|
|
|
|
if (rc || !compare_certs (issuer_cert, tmp_cert))
|
|
|
|
|
{
|
|
|
|
|
/* The find next did not work or returned an
|
|
|
|
|
identical certificate. We better stop here
|
|
|
|
|
to avoid infinite checks. */
|
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
|
|
|
|
|
ksba_cert_release (tmp_cert);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
do_list (0, lm, fp, _("found another possible matching "
|
|
|
|
|
"CA certificate - trying again"));
|
2011-02-04 12:57:53 +01:00
|
|
|
|
ksba_cert_release (issuer_cert);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
issuer_cert = tmp_cert;
|
|
|
|
|
goto try_another_cert;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2017-02-16 10:35:18 +01:00
|
|
|
|
/* Return a more descriptive error code than the one
|
|
|
|
|
* returned from the signature checking. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check that the length of the chain is not longer than allowed
|
2017-02-16 10:35:18 +01:00
|
|
|
|
* by the CA. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
|
|
|
|
int chainlen;
|
|
|
|
|
|
|
|
|
|
err = allowed_ca (issuer_cert, &chainlen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
if (chainlen >= 0 && (depth - 1) > chainlen)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("certificate chain longer than allowed by CA (%d)"),
|
|
|
|
|
chainlen);
|
|
|
|
|
err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* May that certificate be used for certification? */
|
2017-02-17 14:19:15 +01:00
|
|
|
|
err = check_cert_use_cert (issuer_cert);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave; /* No. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
/* Prepend the certificate to our list. */
|
|
|
|
|
{
|
|
|
|
|
chain_item_t ci;
|
|
|
|
|
|
|
|
|
|
ci = xtrycalloc (1, sizeof *ci);
|
|
|
|
|
if (!ci)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_errno (errno);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
ksba_cert_ref (subject_cert);
|
|
|
|
|
ci->cert = subject_cert;
|
|
|
|
|
cert_compute_fpr (subject_cert, ci->fpr);
|
|
|
|
|
ci->next = chain;
|
|
|
|
|
chain = ci;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opt.verbose)
|
|
|
|
|
log_info (_("certificate is good\n"));
|
|
|
|
|
|
|
|
|
|
/* Now to the next level up. */
|
|
|
|
|
subject_cert = issuer_cert;
|
|
|
|
|
issuer_cert = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-16 10:35:18 +01:00
|
|
|
|
/* Even if we have no error here we need to check whether we
|
|
|
|
|
* encountered an error somewhere during the checks. Set the error
|
|
|
|
|
* code to the most critical one. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (!err)
|
2017-02-16 10:35:18 +01:00
|
|
|
|
{
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (any_expired)
|
|
|
|
|
err = gpg_error (GPG_ERR_CERT_EXPIRED);
|
|
|
|
|
else if (any_no_policy_match)
|
|
|
|
|
err = gpg_error (GPG_ERR_NO_POLICY_MATCH);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!err && opt.verbose)
|
|
|
|
|
{
|
|
|
|
|
chain_item_t citem;
|
|
|
|
|
|
|
|
|
|
log_info (_("certificate chain is good\n"));
|
|
|
|
|
for (citem = chain; citem; citem = citem->next)
|
|
|
|
|
cert_log_name (" certificate", citem->cert);
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2017-02-17 21:31:33 +01:00
|
|
|
|
/* Now check for revocations unless CRL checks are disabled or we
|
|
|
|
|
* are non-recursive CRL mode. */
|
|
|
|
|
if (!err
|
|
|
|
|
&& !(flags & VALIDATE_FLAG_NOCRLCHECK)
|
|
|
|
|
&& !((flags & VALIDATE_FLAG_CRL)
|
|
|
|
|
&& !(flags & VALIDATE_FLAG_RECURSIVE)))
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{ /* Now that everything is fine, walk the chain and check each
|
2017-02-16 10:35:18 +01:00
|
|
|
|
* certificate for revocations.
|
|
|
|
|
*
|
|
|
|
|
* 1. item in the chain - The root certificate.
|
|
|
|
|
* 2. item - the CA below the root
|
|
|
|
|
* last item - the target certificate.
|
|
|
|
|
*
|
|
|
|
|
* Now for each certificate in the chain check whether it has
|
|
|
|
|
* been included in a CRL and thus be revoked. We don't do OCSP
|
|
|
|
|
* here because this does not seem to make much sense. This
|
|
|
|
|
* might become a recursive process and we should better cache
|
|
|
|
|
* our validity results to avoid double work. Far worse a
|
|
|
|
|
* catch-22 may happen for an improper setup hierarchy and we
|
|
|
|
|
* need a way to break up such a deadlock. */
|
2017-02-17 21:31:33 +01:00
|
|
|
|
err = check_revocations (ctrl, chain);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!err && opt.verbose)
|
|
|
|
|
{
|
|
|
|
|
if (r_trust_anchor && *r_trust_anchor)
|
|
|
|
|
log_info ("target certificate may be valid\n");
|
|
|
|
|
else
|
|
|
|
|
log_info ("target certificate is valid\n");
|
|
|
|
|
}
|
|
|
|
|
else if (err && opt.verbose)
|
|
|
|
|
log_info ("target certificate is NOT valid\n");
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
leave:
|
|
|
|
|
if (!err && !(r_trust_anchor && *r_trust_anchor))
|
|
|
|
|
{
|
|
|
|
|
/* With no error we can update the validation cache. We do this
|
2017-02-16 10:35:18 +01:00
|
|
|
|
* for all certificates in the chain. Note that we can't use
|
|
|
|
|
* the cache if the caller requested to check the trustiness of
|
|
|
|
|
* the root certificate himself. Adding such a feature would
|
|
|
|
|
* require us to also store the fingerprint of root
|
|
|
|
|
* certificate. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
chain_item_t citem;
|
|
|
|
|
time_t validated_at = gnupg_get_time ();
|
|
|
|
|
|
|
|
|
|
for (citem = chain; citem; citem = citem->next)
|
|
|
|
|
{
|
|
|
|
|
err = ksba_cert_set_user_data (citem->cert, "validated_at",
|
|
|
|
|
&validated_at, sizeof (validated_at));
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("set_user_data(validated_at) failed: %s\n",
|
2011-02-04 12:57:53 +01:00
|
|
|
|
gpg_strerror (err));
|
2010-06-09 16:53:51 +00:00
|
|
|
|
err = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (r_exptime)
|
|
|
|
|
gnupg_copy_time (r_exptime, exptime);
|
|
|
|
|
ksba_free (issuer);
|
|
|
|
|
ksba_free (subject);
|
|
|
|
|
ksba_cert_release (issuer_cert);
|
|
|
|
|
if (subject_cert != cert)
|
|
|
|
|
ksba_cert_release (subject_cert);
|
|
|
|
|
while (chain)
|
|
|
|
|
{
|
|
|
|
|
chain_item_t ci_next = chain->next;
|
|
|
|
|
if (chain->cert)
|
|
|
|
|
ksba_cert_release (chain->cert);
|
|
|
|
|
xfree (chain);
|
|
|
|
|
chain = ci_next;
|
|
|
|
|
}
|
|
|
|
|
if (err && r_trust_anchor && *r_trust_anchor)
|
|
|
|
|
{
|
|
|
|
|
xfree (*r_trust_anchor);
|
|
|
|
|
*r_trust_anchor = NULL;
|
|
|
|
|
}
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Return the public key algorithm id from the S-expression PKEY.
|
|
|
|
|
FIXME: libgcrypt should provide such a function. Note that this
|
|
|
|
|
implementation uses the names as used by libksba. */
|
|
|
|
|
static int
|
|
|
|
|
pk_algo_from_sexp (gcry_sexp_t pkey)
|
|
|
|
|
{
|
|
|
|
|
gcry_sexp_t l1, l2;
|
|
|
|
|
const char *name;
|
|
|
|
|
size_t n;
|
|
|
|
|
int algo;
|
|
|
|
|
|
|
|
|
|
l1 = gcry_sexp_find_token (pkey, "public-key", 0);
|
|
|
|
|
if (!l1)
|
|
|
|
|
return 0; /* Not found. */
|
|
|
|
|
l2 = gcry_sexp_cadr (l1);
|
|
|
|
|
gcry_sexp_release (l1);
|
|
|
|
|
|
|
|
|
|
name = gcry_sexp_nth_data (l2, 0, &n);
|
|
|
|
|
if (!name)
|
|
|
|
|
algo = 0; /* Not found. */
|
|
|
|
|
else if (n==3 && !memcmp (name, "rsa", 3))
|
|
|
|
|
algo = GCRY_PK_RSA;
|
|
|
|
|
else if (n==3 && !memcmp (name, "dsa", 3))
|
|
|
|
|
algo = GCRY_PK_DSA;
|
|
|
|
|
else if (n==13 && !memcmp (name, "ambiguous-rsa", 13))
|
|
|
|
|
algo = GCRY_PK_RSA;
|
|
|
|
|
else
|
|
|
|
|
algo = 0;
|
|
|
|
|
gcry_sexp_release (l2);
|
|
|
|
|
return algo;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-04-09 13:05:55 +02:00
|
|
|
|
/* Return the hash algorithm's algo id from its name given in the
|
|
|
|
|
* non-null termnated string in (buffer,buflen). Returns 0 on failure
|
|
|
|
|
* or if the algo is not known. */
|
|
|
|
|
static int
|
|
|
|
|
hash_algo_from_buffer (const void *buffer, size_t buflen)
|
|
|
|
|
{
|
|
|
|
|
char *string;
|
|
|
|
|
int algo;
|
|
|
|
|
|
|
|
|
|
string = xtrymalloc (buflen + 1);
|
|
|
|
|
if (!string)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("out of core\n"));
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
memcpy (string, buffer, buflen);
|
|
|
|
|
string[buflen] = 0;
|
|
|
|
|
algo = gcry_md_map_name (string);
|
|
|
|
|
if (!algo)
|
|
|
|
|
log_error ("unknown digest algorithm '%s' used in certificate\n", string);
|
|
|
|
|
xfree (string);
|
|
|
|
|
return algo;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Return an unsigned integer from the non-null termnated string
|
|
|
|
|
* (buffer,buflen). Returns 0 on failure. */
|
|
|
|
|
static unsigned int
|
|
|
|
|
uint_from_buffer (const void *buffer, size_t buflen)
|
|
|
|
|
{
|
|
|
|
|
char *string;
|
|
|
|
|
unsigned int val;
|
|
|
|
|
|
|
|
|
|
string = xtrymalloc (buflen + 1);
|
|
|
|
|
if (!string)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("out of core\n"));
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
memcpy (string, buffer, buflen);
|
|
|
|
|
string[buflen] = 0;
|
|
|
|
|
val = strtoul (string, NULL, 10);
|
|
|
|
|
xfree (string);
|
|
|
|
|
return val;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
/* Check the signature on CERT using the ISSUER_CERT. This function
|
2017-02-16 10:35:18 +01:00
|
|
|
|
* does only test the cryptographic signature and nothing else. It is
|
|
|
|
|
* assumed that the ISSUER_CERT is valid. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
const char *algoid;
|
|
|
|
|
gcry_md_hd_t md;
|
2020-04-09 13:05:55 +02:00
|
|
|
|
int algo;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
ksba_sexp_t p;
|
|
|
|
|
size_t n;
|
|
|
|
|
gcry_sexp_t s_sig, s_hash, s_pkey;
|
2020-04-09 13:05:55 +02:00
|
|
|
|
const char *algo_name; /* hash algorithm name converted to lower case. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
int digestlen;
|
|
|
|
|
unsigned char *digest;
|
2020-04-09 13:05:55 +02:00
|
|
|
|
int use_pss = 0;
|
|
|
|
|
unsigned int saltlen;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
/* Hash the target certificate using the algorithm from that certificate. */
|
|
|
|
|
algoid = ksba_cert_get_digest_algo (cert);
|
|
|
|
|
algo = gcry_md_map_name (algoid);
|
2020-04-09 13:05:55 +02:00
|
|
|
|
if (!algo && algoid && !strcmp (algoid, "1.2.840.113549.1.1.10"))
|
|
|
|
|
use_pss = 1;
|
|
|
|
|
else if (!algo)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
2012-06-05 19:29:22 +02:00
|
|
|
|
log_error (_("unknown hash algorithm '%s'\n"), algoid? algoid:"?");
|
2010-06-09 16:53:51 +00:00
|
|
|
|
return gpg_error (GPG_ERR_GENERAL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get the signature value out of the target certificate. */
|
|
|
|
|
p = ksba_cert_get_sig_val (cert);
|
|
|
|
|
n = gcry_sexp_canon_len (p, 0, NULL, NULL);
|
|
|
|
|
if (!n)
|
|
|
|
|
{
|
|
|
|
|
log_error ("libksba did not return a proper S-Exp\n");
|
|
|
|
|
ksba_free (p);
|
|
|
|
|
return gpg_error (GPG_ERR_BUG);
|
|
|
|
|
}
|
2020-04-09 13:05:55 +02:00
|
|
|
|
err = gcry_sexp_sscan ( &s_sig, NULL, p, n);
|
|
|
|
|
ksba_free (p);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (err));
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (DBG_CRYPTO)
|
2020-04-09 13:05:55 +02:00
|
|
|
|
gcry_log_debugsxp ("sigval", s_sig);
|
|
|
|
|
|
|
|
|
|
if (use_pss)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
2020-04-09 13:05:55 +02:00
|
|
|
|
/* Extract the hash algorithm and the salt length from the sigval. */
|
|
|
|
|
gcry_buffer_t ioarray[2] = { {0}, {0} };
|
|
|
|
|
|
|
|
|
|
err = gcry_sexp_extract_param (s_sig, "sig-val",
|
|
|
|
|
"&'hash-algo''salt-length'",
|
|
|
|
|
ioarray+0, ioarray+1, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
log_error ("extracting params from PSS failed: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
algo = hash_algo_from_buffer (ioarray[0].data, ioarray[0].len);
|
|
|
|
|
saltlen = uint_from_buffer (ioarray[1].data, ioarray[1].len);
|
|
|
|
|
xfree (ioarray[0].data);
|
|
|
|
|
xfree (ioarray[1].data);
|
|
|
|
|
if (saltlen < 20)
|
|
|
|
|
{
|
|
|
|
|
log_error ("length of PSS salt too short\n");
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
return gpg_error (GPG_ERR_DIGEST_ALGO);
|
|
|
|
|
}
|
|
|
|
|
if (!algo)
|
|
|
|
|
{
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
return gpg_error (GPG_ERR_DIGEST_ALGO);
|
|
|
|
|
}
|
2020-04-15 11:05:41 +02:00
|
|
|
|
/* Add some restrictions; see ../sm/certcheck.c for details. */
|
|
|
|
|
switch (algo)
|
|
|
|
|
{
|
|
|
|
|
case GCRY_MD_SHA1:
|
|
|
|
|
case GCRY_MD_SHA256:
|
|
|
|
|
case GCRY_MD_SHA384:
|
|
|
|
|
case GCRY_MD_SHA512:
|
|
|
|
|
case GCRY_MD_SHA3_256:
|
|
|
|
|
case GCRY_MD_SHA3_384:
|
|
|
|
|
case GCRY_MD_SHA3_512:
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
log_error ("PSS hash algorithm '%s' rejected\n",
|
|
|
|
|
gcry_md_algo_name (algo));
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
return gpg_error (GPG_ERR_DIGEST_ALGO);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (gcry_md_get_algo_dlen (algo) != saltlen)
|
|
|
|
|
{
|
|
|
|
|
log_error ("PSS hash algorithm '%s' rejected due to salt length %u\n",
|
|
|
|
|
gcry_md_algo_name (algo), saltlen);
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
return gpg_error (GPG_ERR_DIGEST_ALGO);
|
|
|
|
|
}
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
2020-04-09 13:05:55 +02:00
|
|
|
|
algo_name = hash_algo_to_string (algo);
|
|
|
|
|
err = gcry_md_open (&md, algo, 0);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (err)
|
|
|
|
|
{
|
2020-04-09 13:05:55 +02:00
|
|
|
|
log_error ("md_open failed: %s\n", gpg_strerror (err));
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
if (DBG_HASHING)
|
|
|
|
|
gcry_md_debug (md, "hash.cert");
|
|
|
|
|
|
|
|
|
|
err = ksba_cert_hash (cert, 1, HASH_FNC, md);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (err));
|
2010-06-09 16:53:51 +00:00
|
|
|
|
gcry_md_close (md);
|
2020-04-09 13:05:55 +02:00
|
|
|
|
gcry_sexp_release (s_sig);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
return err;
|
|
|
|
|
}
|
2020-04-09 13:05:55 +02:00
|
|
|
|
gcry_md_final (md);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
|
|
|
|
/* Get the public key from the issuer certificate. */
|
|
|
|
|
p = ksba_cert_get_public_key (issuer_cert);
|
|
|
|
|
n = gcry_sexp_canon_len (p, 0, NULL, NULL);
|
|
|
|
|
if (!n)
|
|
|
|
|
{
|
|
|
|
|
log_error ("libksba did not return a proper S-Exp\n");
|
|
|
|
|
gcry_md_close (md);
|
|
|
|
|
ksba_free (p);
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
return gpg_error (GPG_ERR_BUG);
|
|
|
|
|
}
|
|
|
|
|
err = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
|
|
|
|
|
ksba_free (p);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (err));
|
|
|
|
|
gcry_md_close (md);
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Prepare the values for signature verification. At this point we
|
2017-02-16 10:35:18 +01:00
|
|
|
|
* have these values:
|
|
|
|
|
*
|
|
|
|
|
* S_PKEY - S-expression with the issuer's public key.
|
|
|
|
|
* S_SIG - Signature value as given in the certificate.
|
|
|
|
|
* MD - Finalized hash context with hash of the certificate.
|
|
|
|
|
* ALGO_NAME - Lowercase hash algorithm name
|
2020-04-09 13:05:55 +02:00
|
|
|
|
* SALTLEN - Salt length for rsaPSS.
|
2010-06-09 16:53:51 +00:00
|
|
|
|
*/
|
|
|
|
|
digestlen = gcry_md_get_algo_dlen (algo);
|
|
|
|
|
digest = gcry_md_read (md, algo);
|
2020-04-09 13:05:55 +02:00
|
|
|
|
if (use_pss)
|
|
|
|
|
{
|
|
|
|
|
err = gcry_sexp_build (&s_hash, NULL,
|
|
|
|
|
"(data (flags pss)"
|
|
|
|
|
"(hash %s %b)"
|
|
|
|
|
"(salt-length %u))",
|
|
|
|
|
algo_name,
|
|
|
|
|
(int)digestlen,
|
|
|
|
|
digest,
|
|
|
|
|
saltlen);
|
|
|
|
|
}
|
|
|
|
|
else if (pk_algo_from_sexp (s_pkey) == GCRY_PK_DSA)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
2017-02-16 10:35:18 +01:00
|
|
|
|
/* NB.: We support only SHA-1 here because we had problems back
|
|
|
|
|
* then to get test data for DSA-2. Meanwhile DSA has been
|
|
|
|
|
* replaced by ECDSA which we do not yet support. */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (digestlen != 20)
|
|
|
|
|
{
|
2017-02-16 10:35:18 +01:00
|
|
|
|
log_error ("DSA requires the use of a 160 bit hash algorithm\n");
|
2010-06-09 16:53:51 +00:00
|
|
|
|
gcry_md_close (md);
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
return gpg_error (GPG_ERR_INTERNAL);
|
|
|
|
|
}
|
2020-04-09 13:05:55 +02:00
|
|
|
|
err = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
|
|
|
|
|
(int)digestlen, digest);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
2017-02-16 10:35:18 +01:00
|
|
|
|
else /* Not DSA - we assume RSA */
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
2020-04-09 13:05:55 +02:00
|
|
|
|
err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
|
|
|
|
|
algo_name, (int)digestlen, digest);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2020-04-09 13:05:55 +02:00
|
|
|
|
if (!err)
|
|
|
|
|
err = gcry_pk_verify (s_sig, s_hash, s_pkey);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (DBG_X509)
|
|
|
|
|
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
|
|
|
|
|
gcry_md_close (md);
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
|
gcry_sexp_release (s_hash);
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2017-02-17 14:19:15 +01:00
|
|
|
|
/* Return 0 if CERT is usable for MODE. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
check_cert_usage (ksba_cert_t cert, enum cert_usage_modes mode)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
unsigned int use;
|
|
|
|
|
char *extkeyusages;
|
|
|
|
|
int have_ocsp_signing = 0;
|
|
|
|
|
|
|
|
|
|
err = ksba_cert_get_ext_key_usages (cert, &extkeyusages);
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
|
|
|
|
|
err = 0; /* No policy given. */
|
|
|
|
|
if (!err)
|
|
|
|
|
{
|
|
|
|
|
unsigned int extusemask = ~0; /* Allow all. */
|
|
|
|
|
|
|
|
|
|
if (extkeyusages)
|
|
|
|
|
{
|
|
|
|
|
char *p, *pend;
|
|
|
|
|
int any_critical = 0;
|
|
|
|
|
|
|
|
|
|
extusemask = 0;
|
|
|
|
|
|
|
|
|
|
p = extkeyusages;
|
|
|
|
|
while (p && (pend=strchr (p, ':')))
|
|
|
|
|
{
|
|
|
|
|
*pend++ = 0;
|
|
|
|
|
/* Only care about critical flagged usages. */
|
|
|
|
|
if ( *pend == 'C' )
|
|
|
|
|
{
|
|
|
|
|
any_critical = 1;
|
|
|
|
|
if ( !strcmp (p, oid_kp_serverAuth))
|
|
|
|
|
extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
|
|
|
|
|
| KSBA_KEYUSAGE_KEY_ENCIPHERMENT
|
|
|
|
|
| KSBA_KEYUSAGE_KEY_AGREEMENT);
|
|
|
|
|
else if ( !strcmp (p, oid_kp_clientAuth))
|
|
|
|
|
extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
|
|
|
|
|
| KSBA_KEYUSAGE_KEY_AGREEMENT);
|
|
|
|
|
else if ( !strcmp (p, oid_kp_codeSigning))
|
|
|
|
|
extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE);
|
|
|
|
|
else if ( !strcmp (p, oid_kp_emailProtection))
|
|
|
|
|
extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
|
|
|
|
|
| KSBA_KEYUSAGE_NON_REPUDIATION
|
|
|
|
|
| KSBA_KEYUSAGE_KEY_ENCIPHERMENT
|
|
|
|
|
| KSBA_KEYUSAGE_KEY_AGREEMENT);
|
|
|
|
|
else if ( !strcmp (p, oid_kp_timeStamping))
|
|
|
|
|
extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
|
|
|
|
|
| KSBA_KEYUSAGE_NON_REPUDIATION);
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
/* This is a hack to cope with OCSP. Note that we do
|
|
|
|
|
not yet fully comply with the requirements and that
|
|
|
|
|
the entire CRL/OCSP checking thing should undergo a
|
|
|
|
|
thorough review and probably redesign. */
|
|
|
|
|
if ( !strcmp (p, oid_kp_ocspSigning))
|
|
|
|
|
have_ocsp_signing = 1;
|
|
|
|
|
|
|
|
|
|
if ((p = strchr (pend, '\n')))
|
|
|
|
|
p++;
|
|
|
|
|
}
|
|
|
|
|
ksba_free (extkeyusages);
|
|
|
|
|
extkeyusages = NULL;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if (!any_critical)
|
|
|
|
|
extusemask = ~0; /* Reset to the don't care mask. */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
err = ksba_cert_get_key_usage (cert, &use);
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
|
|
|
|
|
{
|
|
|
|
|
err = 0;
|
2017-02-17 14:19:15 +01:00
|
|
|
|
if (opt.verbose && (mode == CERT_USAGE_MODE_SIGN
|
|
|
|
|
|| mode == CERT_USAGE_MODE_ENCR))
|
2010-06-09 16:53:51 +00:00
|
|
|
|
log_info (_("no key usage specified - assuming all usages\n"));
|
|
|
|
|
use = ~0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Apply extKeyUsage. */
|
|
|
|
|
use &= extusemask;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
if (err)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
{
|
2010-06-09 16:53:51 +00:00
|
|
|
|
log_error (_("error getting key usage information: %s\n"),
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
ksba_free (extkeyusages);
|
|
|
|
|
return err;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
2017-02-17 14:19:15 +01:00
|
|
|
|
switch (mode)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
2017-02-17 14:19:15 +01:00
|
|
|
|
case CERT_USAGE_MODE_SIGN:
|
|
|
|
|
case CERT_USAGE_MODE_VRFY:
|
|
|
|
|
if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
|
|
|
|
|
| KSBA_KEYUSAGE_NON_REPUDIATION)))
|
|
|
|
|
return 0;
|
|
|
|
|
log_info (mode == CERT_USAGE_MODE_VRFY
|
|
|
|
|
? _("certificate should not have been used for signing\n")
|
|
|
|
|
: _("certificate is not usable for signing\n"));
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case CERT_USAGE_MODE_ENCR:
|
|
|
|
|
case CERT_USAGE_MODE_DECR:
|
|
|
|
|
if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT
|
|
|
|
|
| KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
|
|
|
|
|
return 0;
|
|
|
|
|
log_info (mode == CERT_USAGE_MODE_DECR
|
|
|
|
|
? _("certificate should not have been used for encryption\n")
|
|
|
|
|
: _("certificate is not usable for encryption\n"));
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case CERT_USAGE_MODE_CERT:
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
|
|
|
|
|
return 0;
|
2012-08-22 12:54:38 -04:00
|
|
|
|
log_info (_("certificate should not have "
|
2010-06-09 16:53:51 +00:00
|
|
|
|
"been used for certification\n"));
|
2017-02-17 14:19:15 +01:00
|
|
|
|
break;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
2017-02-17 14:19:15 +01:00
|
|
|
|
case CERT_USAGE_MODE_OCSP:
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (use != ~0
|
2010-06-09 16:53:51 +00:00
|
|
|
|
&& (have_ocsp_signing
|
|
|
|
|
|| (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
|
|
|
|
|
|KSBA_KEYUSAGE_CRL_SIGN))))
|
|
|
|
|
return 0;
|
2012-08-22 12:54:38 -04:00
|
|
|
|
log_info (_("certificate should not have "
|
2010-06-09 16:53:51 +00:00
|
|
|
|
"been used for OCSP response signing\n"));
|
2017-02-17 14:19:15 +01:00
|
|
|
|
break;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
|
2017-02-17 14:19:15 +01:00
|
|
|
|
case CERT_USAGE_MODE_CRL:
|
2010-06-09 16:53:51 +00:00
|
|
|
|
if ((use & (KSBA_KEYUSAGE_CRL_SIGN)))
|
|
|
|
|
return 0;
|
2012-08-22 12:54:38 -04:00
|
|
|
|
log_info (_("certificate should not have "
|
2010-06-09 16:53:51 +00:00
|
|
|
|
"been used for CRL signing\n"));
|
2017-02-17 14:19:15 +01:00
|
|
|
|
break;
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-17 14:19:15 +01:00
|
|
|
|
|
2010-06-09 16:53:51 +00:00
|
|
|
|
/* Return 0 if the certificate CERT is usable for certification. */
|
|
|
|
|
gpg_error_t
|
2017-02-17 14:19:15 +01:00
|
|
|
|
check_cert_use_cert (ksba_cert_t cert)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
2017-02-17 14:19:15 +01:00
|
|
|
|
return check_cert_usage (cert, CERT_USAGE_MODE_CERT);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return 0 if the certificate CERT is usable for signing OCSP
|
|
|
|
|
responses. */
|
|
|
|
|
gpg_error_t
|
2017-02-17 14:19:15 +01:00
|
|
|
|
check_cert_use_ocsp (ksba_cert_t cert)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
2017-02-17 14:19:15 +01:00
|
|
|
|
return check_cert_usage (cert, CERT_USAGE_MODE_OCSP);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return 0 if the certificate CERT is usable for signing CRLs. */
|
|
|
|
|
gpg_error_t
|
2017-02-17 14:19:15 +01:00
|
|
|
|
check_cert_use_crl (ksba_cert_t cert)
|
2010-06-09 16:53:51 +00:00
|
|
|
|
{
|
2017-02-17 14:19:15 +01:00
|
|
|
|
return check_cert_usage (cert, CERT_USAGE_MODE_CRL);
|
2010-06-09 16:53:51 +00:00
|
|
|
|
}
|