]> git.saurik.com Git - apple/security.git/blame - OSX/libsecurity_smime/lib/tsaSupport.c
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-58286.70.7.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / tsaSupport.c
CommitLineData
b1ab9ed8 1/*
8a50f688 2 * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved.
427c49bc 3 *
b1ab9ed8 4 * @APPLE_LICENSE_HEADER_START@
d8f41ccd 5 *
b1ab9ed8
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
d8f41ccd 12 *
b1ab9ed8
A		 13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
d8f41ccd 20 *
b1ab9ed8
A		 21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * tsaSupport.c - ASN1 templates Time Stamping Authority requests and responses
24 */
25
26/*
27#include <Security/SecCmsDigestContext.h>
28#include <Security/SecCmsMessage.h>
29#include <security_asn1/secasn1.h>
30#include <security_asn1/secerr.h>
31*/
32
33#include <security_utilities/debugging.h>
34#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
35
36#include <Security/SecCmsDecoder.h>
37#include <Security/SecCmsMessage.h>
38#include <Security/SecCmsContentInfo.h>
39#include <Security/SecCmsSignedData.h>
40#include <Security/SecCmsSignerInfo.h>
41#include "tsaTemplates.h"
42#include <Security/SecAsn1Coder.h>
43#include <AssertMacros.h>
8a50f688 44#include <Security/SecBasePriv.h>
b1ab9ed8
A		 45#include <Security/SecPolicy.h>
46#include <Security/SecTrustPriv.h>
47#include <Security/SecImportExport.h>
48#include <Security/SecCertificatePriv.h>
d8f41ccd 49#include <utilities/SecCFRelease.h>
fa7225c8 50#include <utilities/SecDispatchRelease.h>
b1ab9ed8
A		 51
52#include "tsaSupport.h"
53#include "tsaSupportPriv.h"
54#include "tsaTemplates.h"
55#include "cmslocal.h"
56
57#include "secoid.h"
58#include "secitem.h"
59#include <fcntl.h>
60
61const CFStringRef kTSAContextKeyURL = CFSTR("ServerURL");
62const CFStringRef kTSAContextKeyNoCerts = CFSTR("NoCerts");
63const CFStringRef kTSADebugContextKeyBadReq = CFSTR("DebugBadReq");
64const CFStringRef kTSADebugContextKeyBadNonce = CFSTR("DebugBadNonce");
65
66extern const SecAsn1Template kSecAsn1TSATSTInfoTemplate[];
67
68extern OSStatus impExpImportCertCommon(
69 const CSSM_DATA *cdata,
70 SecKeychainRef importKeychain, // optional
427c49bc 71 CFMutableArrayRef outArray); // optional, append here
b1ab9ed8
A		 72
73#pragma mark ----- Debug Logs -----
74
75#ifndef NDEBUG
76#define TSA_USE_SYSLOG 1
77#endif
78
79#if TSA_USE_SYSLOG
80#include <syslog.h>
81 #include <time.h>
82 #include <sys/time.h>
83 #define tsaDebug(fmt, ...) \
84 do { if (true) { \
85 char buf[64]; \
86 struct timeval time_now; \
87 gettimeofday(&time_now, NULL); \
88 struct tm* time_info = localtime(&time_now.tv_sec); \
89 strftime(buf, sizeof(buf), "[%Y-%m-%d %H:%M:%S]", time_info); \
90 fprintf(stderr, "%s " fmt, buf, ## __VA_ARGS__); \
91 syslog(LOG_ERR, " " fmt, ## __VA_ARGS__); \
92 } } while (0)
fa7225c8 93 #define tsa_secinfo(scope, format...) \
b1ab9ed8
A		 94 { \
95 syslog(LOG_NOTICE, format); \
fa7225c8 96 secinfo(scope, format); \
b1ab9ed8
A		 97 printf(format); \
98 }
99#else
fa7225c8
A		 100 #define tsaDebug(args...) tsa_secinfo("tsa", ## args)
101#define tsa_secinfo(scope, format...) \
102 secinfo(scope, format)
b1ab9ed8
A		 103#endif
104
105#ifndef NDEBUG
106#define TSTINFO_DEBUG 1 //jch
107#endif
108
109#if TSTINFO_DEBUG
110#define dtprintf(args...) tsaDebug(args)
111#else
112#define dtprintf(args...)
113#endif
114
115#define kHTTPResponseCodeContinue 100
116#define kHTTPResponseCodeOK 200
117#define kHTTPResponseCodeNoContent 204
118#define kHTTPResponseCodeBadRequest 400
119#define kHTTPResponseCodeUnauthorized 401
120#define kHTTPResponseCodeForbidden 403
121#define kHTTPResponseCodeNotFound 404
122#define kHTTPResponseCodeConflict 409
123#define kHTTPResponseCodeExpectationFailed 417
124#define kHTTPResponseCodeServFail 500
125#define kHTTPResponseCodeServiceUnavailable 503
126#define kHTTPResponseCodeInsufficientStorage 507
127
128#pragma mark ----- Debug/Utilities -----
129
130static OSStatus remapHTTPErrorCodes(OSStatus status)
131{
132 switch (status)
133 {
134 case kHTTPResponseCodeOK:
135 case kHTTPResponseCodeContinue:
136 return noErr;
137 case kHTTPResponseCodeBadRequest:
138 return errSecTimestampBadRequest;
139 case kHTTPResponseCodeNoContent:
140 case kHTTPResponseCodeUnauthorized:
141 case kHTTPResponseCodeForbidden:
142 case kHTTPResponseCodeNotFound:
143 case kHTTPResponseCodeConflict:
144 case kHTTPResponseCodeExpectationFailed:
145 case kHTTPResponseCodeServFail:
146 case kHTTPResponseCodeInsufficientStorage:
147 case kHTTPResponseCodeServiceUnavailable:
148 return errSecTimestampServiceNotAvailable;
149 default:
150 return status;
151 }
152 return status;
427c49bc 153
b1ab9ed8
A		 154}
155
156static void printDataAsHex(const char *title, const CSSM_DATA *d, unsigned maxToPrint) // 0 means print it all
157{
158#ifndef NDEBUG
159 unsigned i;
160 bool more = false;
161 uint32 len = (uint32)d->Length;
162 uint8 *cp = d->Data;
163 char *buffer = NULL;
164 size_t bufferSize;
165 int offset, sz = 0;
166 const int wrapwid = 24; // large enough so SHA-1 hashes fit on one line...
427c49bc 167
ecaf5866 168 if ((maxToPrint != 0) && (len > maxToPrint)) {
b1ab9ed8
A		 169 len = maxToPrint;
170 more = true;
171 }
172
173 bufferSize = wrapwid+3*len;
174 buffer = (char *)malloc(bufferSize);
427c49bc 175
b1ab9ed8
A		 176 offset = sprintf(buffer, "%s [len = %u]\n", title, len);
177 dtprintf("%s", buffer);
178 offset = 0;
179
ecaf5866 180 for (i=0; (i < len) && (offset+3 < bufferSize); i++, offset += sz) {
b1ab9ed8 181 sz = sprintf(buffer + offset, " %02x", (unsigned int)cp[i] & 0xff);
ecaf5866
A		 182 if ((i % wrapwid) == (wrapwid-1)) {
183 dtprintf("%s\n", buffer);
b1ab9ed8
A		 184 offset = 0;
185 sz = 0;
186 }
187 }
427c49bc 188
b1ab9ed8 189 sz=sprintf(buffer + offset, more?" ...\n":"\n");
ecaf5866 190 offset += sz;
b1ab9ed8 191 buffer[offset+1]=0;
427c49bc 192
b1ab9ed8 193 dtprintf("%s", buffer);
d87e1158
A		 194
195 free(buffer);
b1ab9ed8
A		 196#endif
197}
198
199#ifndef NDEBUG
200int tsaWriteFileX(const char *fileName, const unsigned char *bytes, size_t numBytes)
201{
202 int rtn;
203 int fd;
204
205 fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, 0600);
866f8763 206 if (fd == -1) {
b1ab9ed8 207 return errno;
866f8763 208 }
b1ab9ed8
A		 209
210 rtn = (int)write(fd, bytes, numBytes);
211 if(rtn != (int)numBytes)
212 {
213 if (rtn >= 0)
214 fprintf(stderr, "writeFile: short write\n");
215 rtn = EIO;
216 }
217 else
218 rtn = 0;
219
220 close(fd);
221 return rtn;
222}
223#endif
224
225char *cfStringToChar(CFStringRef inStr)
226{
227 // Caller must free
228 char *result = NULL;
229 const char *str = NULL;
b1ab9ed8 230
427c49bc 231 if (!inStr)
c2a06e24 232 return strdup(""); // return a null string
b1ab9ed8 233
427c49bc
A		 234 // quick path first
235 if ((str = CFStringGetCStringPtr(inStr, kCFStringEncodingUTF8))) {
c2a06e24 236 result = strdup(str);
427c49bc 237 } else {
c2a06e24
A		 238 // need to extract into buffer
239 CFIndex length = CFStringGetLength(inStr); // in 16-bit character units
240 CFIndex bytesToAllocate = CFStringGetMaximumSizeForEncoding(length, kCFStringEncodingUTF8) + 1;
241 result = malloc(bytesToAllocate);
242 if (!CFStringGetCString(inStr, result, bytesToAllocate, kCFStringEncodingUTF8))
243 result[0] = 0;
244 }
427c49bc
A		 245
246 return result;
b1ab9ed8
A		 247}
248
249/* Oids longer than this are considered invalid. */
250#define MAX_OID_SIZE 32
251
427c49bc
A		 252#ifndef NDEBUG
253/* FIXME: There are other versions of this in SecCertifcate.c and SecCertificateP.c */
b1ab9ed8 254static CFStringRef SecDERItemCopyOIDDecimalRepresentation(CFAllocatorRef allocator, const CSSM_OID *oid)
427c49bc 255{
b1ab9ed8
A		 256 if (oid->Length == 0)
257 return CFSTR("<NULL>");
258
259 if (oid->Length > MAX_OID_SIZE)
260 return CFSTR("Oid too long");
261
262 CFMutableStringRef result = CFStringCreateMutable(allocator, 0);
263
264 // The first two levels are encoded into one byte, since the root levelq
265 // has only 3 nodes (40*x + y). However if x = joint-iso-itu-t(2) then
266 // y may be > 39, so we have to add special-case handling for this.
267 uint32_t x = oid->Data[0] / 40;
268 uint32_t y = oid->Data[0] % 40;
269 if (x > 2)
270 {
271 // Handle special case for large y if x = 2
272 y += (x - 2) * 40;
273 x = 2;
274 }
275 CFStringAppendFormat(result, NULL, CFSTR("%u.%u"), x, y);
276
277 uint32_t value = 0;
278 for (x = 1; x < oid->Length; ++x)
279 {
280 value = (value << 7) | (oid->Data[x] & 0x7F);
281 /* @@@ value may not span more than 4 bytes. */
282 /* A max number of 20 values is allowed. */
283 if (!(oid->Data[x] & 0x80))
284 {
427c49bc 285 CFStringAppendFormat(result, NULL, CFSTR(".%lu"), (unsigned long)value);
b1ab9ed8
A		 286 value = 0;
287 }
288 }
289 return result;
290}
427c49bc 291#endif
b1ab9ed8
A		 292
293static void debugSaveCertificates(CSSM_DATA **outCerts)
294{
295#ifndef NDEBUG
296 if (outCerts)
297 {
298 CSSM_DATA_PTR *certp;
299 unsigned jx = 0;
300 const char *certNameBase = "/tmp/tsa-resp-cert-";
301 char fname[PATH_MAX];
302 unsigned certCount = SecCmsArrayCount((void **)outCerts);
303 dtprintf("Found %d certs\n",certCount);
304
305 for (certp=outCerts;*certp;certp++, ++jx)
306 {
307 char numstr[32];
308 strncpy(fname, certNameBase, strlen(certNameBase)+1);
309 sprintf(numstr,"%u", jx);
310 strcat(fname,numstr);
311 tsaWriteFileX(fname, (*certp)->Data, (*certp)->Length);
312 if (jx > 5)
313 break; //something wrong
314 }
315 }
316#endif
317}
318
319static void debugShowSignerInfo(SecCmsSignedDataRef signedData)
320{
321#ifndef NDEBUG
322 int numberOfSigners = SecCmsSignedDataSignerInfoCount (signedData);
323 dtprintf("numberOfSigners : %d\n", numberOfSigners);
324 int ix;
325 for (ix=0;ix < numberOfSigners;ix++)
326 {
327 SecCmsSignerInfoRef sigi = SecCmsSignedDataGetSignerInfo(signedData,ix);
328 if (sigi)
329 {
330 CFStringRef commonName = SecCmsSignerInfoGetSignerCommonName(sigi);
331 const char *signerhdr = " signer : ";
332 if (commonName)
333 {
334 char *cn = cfStringToChar(commonName);
335 dtprintf("%s%s\n", signerhdr, cn);
336 if (cn)
337 free(cn);
d87e1158 338 CFReleaseNull(commonName);
b1ab9ed8
A		 339 }
340 else
341 dtprintf("%s<NULL>\n", signerhdr);
342 }
343 }
344#endif
345}
346
347static void debugShowContentTypeOID(SecCmsContentInfoRef contentInfo)
348{
349#ifndef NDEBUG
350
351 CSSM_OID *typeOID = SecCmsContentInfoGetContentTypeOID(contentInfo);
352 if (typeOID)
353 {
354 CFStringRef oidCFStr = SecDERItemCopyOIDDecimalRepresentation(kCFAllocatorDefault, typeOID);
355 char *oidstr = cfStringToChar(oidCFStr);
356 printDataAsHex("oid:", typeOID, (unsigned int)typeOID->Length);
357 dtprintf("\toid: %s\n", oidstr);
358 if (oidCFStr)
359 CFRelease(oidCFStr);
360 if (oidstr)
361 free(oidstr);
362 }
363#endif
364}
365
366uint64_t tsaDER_ToInt(const CSSM_DATA *DER_Data)
367{
368 uint64_t rtn = 0;
369 unsigned i = 0;
370
371 while(i < DER_Data->Length) {
372 rtn |= DER_Data->Data[i];
373 if(++i == DER_Data->Length) {
374 break;
375 }
376 rtn <<= 8;
377 }
378 return rtn;
379}
380
381void displayTSTInfo(SecAsn1TSATSTInfo *tstInfo)
382{
383#ifndef NDEBUG
384 dtprintf("--- TSTInfo ---\n");
385 if (!tstInfo)
386 return;
387
388 if (tstInfo->version.Data)
389 {
390 uint64_t vers = tsaDER_ToInt(&tstInfo->version);
391 dtprintf("Version:\t\t%u\n", (int)vers);
392 }
393
394 if (tstInfo->serialNumber.Data)
395 {
396 uint64_t sn = tsaDER_ToInt(&tstInfo->serialNumber);
397 dtprintf("SerialNumber:\t%llu\n", sn);
398 }
399
400 if (tstInfo->ordering.Data)
401 {
402 uint64_t ord = tsaDER_ToInt(&tstInfo->ordering);
403 dtprintf("Ordering:\t\t%s\n", ord?"yes":"no");
404 }
405
406 if (tstInfo->nonce.Data)
407 {
408 uint64_t nonce = tsaDER_ToInt(&tstInfo->nonce);
409 dtprintf("Nonce:\t\t%llu\n", nonce);
410 }
411 else
412 dtprintf("Nonce:\t\tnot specified\n");
413
414 if (tstInfo->genTime.Data)
415 {
416 char buf[tstInfo->genTime.Length+1];
417 memcpy(buf, (const char *)tstInfo->genTime.Data, tstInfo->genTime.Length);
418 buf[tstInfo->genTime.Length]=0;
419 dtprintf("GenTime:\t\t%s\n", buf);
420 }
421
422 dtprintf("-- MessageImprint --\n");
423 if (true) // SecAsn1TSAMessageImprint
424 {
425 printDataAsHex(" Algorithm:",&tstInfo->messageImprint.hashAlgorithm.algorithm, 0);
426 printDataAsHex(" Message :", &tstInfo->messageImprint.hashedMessage, 0);//tstInfo->messageImprint.hashedMessage.Length);
427 }
428#endif
429}
430
431#pragma mark ----- TimeStamp Response using XPC -----
432
433#include <xpc/private.h>
434
435static OSStatus checkForNonDERResponse(const unsigned char *resp, size_t respLen)
436{
437 /*
438 Good start is something like 30 82 0c 03 30 15 02 01 00 30 10 0c 0e 4f 70 65
427c49bc 439
b1ab9ed8
A		 440 URL: http://timestamp-int.corp.apple.com/signserver/process?TimeStampSigner
441 Resp: Http/1.1 Service Unavailable
427c49bc 442
b1ab9ed8
A		 443 URL: http://timestamp-int.corp.apple.com/ts01
444 Resp: blank
427c49bc 445
b1ab9ed8
A		 446 URL: http://cutandtaste.com/404 (or other forced 404 site)
447 Resp: 404
448 */
427c49bc 449
b1ab9ed8
A		 450 OSStatus status = noErr;
451 const char ader[2] = { 0x30, 0x82 };
452 char *respStr = NULL;
453 size_t maxlen = 0;
454 size_t badResponseCount;
427c49bc 455
b1ab9ed8
A		 456 const char *badResponses[] =
457 {
458 "<!DOCTYPE html>",
459 "Http/1.1 Service Unavailable",
460 "blank"
461 };
427c49bc 462
b1ab9ed8 463 require_action(resp && respLen, xit, status = errSecTimestampServiceNotAvailable);
427c49bc 464
b1ab9ed8
A		 465 // This is usual case
466 if ((respLen > 1) && (memcmp(resp, ader, 2)==0)) // might be good; pass on to DER decoder
467 return noErr;
468
469 badResponseCount = sizeof(badResponses)/sizeof(char *);
470 int ix;
471 for (ix = 0; ix < badResponseCount; ++ix)
472 if (strlen(badResponses[ix]) > maxlen)
473 maxlen = strlen(badResponses[ix]);
474
475 // Prevent a large response from allocating a ton of memory
476 if (respLen > maxlen)
477 respLen = maxlen;
427c49bc 478
b1ab9ed8
A		 479 respStr = (char *)malloc(respLen+1);
480 strlcpy(respStr, (const char *)resp, respLen);
427c49bc 481
b1ab9ed8
A		 482 for (ix = 0; ix < badResponseCount; ++ix)
483 if (strcmp(respStr, badResponses[ix])==0)
484 return errSecTimestampServiceNotAvailable;
427c49bc 485
b1ab9ed8
A		 486xit:
487 if (respStr)
488 free((void *)respStr);
489
490 return status;
491}
492
493static OSStatus sendTSARequestWithXPC(const unsigned char *tsaReq, size_t tsaReqLength, const unsigned char *tsaURL, unsigned char **tsaResp, size_t *tsaRespLength)
427c49bc 494{
b1ab9ed8
A		 495 __block OSStatus result = noErr;
496 int timeoutInSeconds = 15;
497 extern xpc_object_t xpc_create_with_format(const char * format, ...);
498
499 dispatch_queue_t xpc_queue = dispatch_queue_create("com.apple.security.XPCTimeStampingService", DISPATCH_QUEUE_SERIAL);
500 __block dispatch_semaphore_t waitSemaphore = dispatch_semaphore_create(0);
501 dispatch_time_t finishTime = dispatch_time(DISPATCH_TIME_NOW, timeoutInSeconds * NSEC_PER_SEC);
502
503 xpc_connection_t con = xpc_connection_create("com.apple.security.XPCTimeStampingService", xpc_queue);
504
505 xpc_connection_set_event_handler(con, ^(xpc_object_t event) {
506 xpc_type_t xtype = xpc_get_type(event);
507 if (XPC_TYPE_ERROR == xtype)
508 { tsaDebug("default: connection error: %s\n", xpc_dictionary_get_string(event, XPC_ERROR_KEY_DESCRIPTION)); }
509 else
427c49bc 510 { tsaDebug("default: unexpected connection event %p\n", event); }
b1ab9ed8
A		 511 });
512
513 xpc_connection_resume(con);
514
515 xpc_object_t tsaReqData = xpc_data_create(tsaReq, tsaReqLength);
516 const char *urlstr = (tsaURL?(const char *)tsaURL:"");
517 xpc_object_t url_as_xpc_string = xpc_string_create(urlstr);
518
519 xpc_object_t message = xpc_create_with_format("{operation: TimeStampRequest, ServerURL: %value, TimeStampRequest: %value}", url_as_xpc_string, tsaReqData);
520
521 xpc_connection_send_message_with_reply(con, message, xpc_queue, ^(xpc_object_t reply)
522 {
523 tsaDebug("xpc_connection_send_message_with_reply handler called back\n");
fa7225c8 524 dispatch_retain_safe(waitSemaphore);
b1ab9ed8 525
fa7225c8 526 xpc_type_t xtype = xpc_get_type(reply);
b1ab9ed8
A		 527 if (XPC_TYPE_ERROR == xtype)
528 { tsaDebug("message error: %s\n", xpc_dictionary_get_string(reply, XPC_ERROR_KEY_DESCRIPTION)); }
529 else if (XPC_TYPE_CONNECTION == xtype)
530 { tsaDebug("received connection\n"); }
531 else if (XPC_TYPE_DICTIONARY == xtype)
532 {
533#ifndef NDEBUG
534 /*
535 // This is useful for debugging.
536 char *debug = xpc_copy_description(reply);
537 tsaDebug("DEBUG %s\n", debug);
538 free(debug);
539 */
540#endif
427c49bc 541
b1ab9ed8
A		 542 xpc_object_t xpcTimeStampReply = xpc_dictionary_get_value(reply, "TimeStampReply");
543 size_t xpcTSRLength = xpc_data_get_length(xpcTimeStampReply);
544 tsaDebug("xpcTSRLength: %ld bytes of response\n", xpcTSRLength);
545
546 xpc_object_t xpcTimeStampError = xpc_dictionary_get_value(reply, "TimeStampError");
547 xpc_object_t xpcTimeStampStatus = xpc_dictionary_get_value(reply, "TimeStampStatus");
427c49bc 548
b1ab9ed8
A		 549 if (xpcTimeStampError || xpcTimeStampStatus)
550 {
551#ifndef NDEBUG
552 if (xpcTimeStampError)
553 {
554 size_t len = xpc_string_get_length(xpcTimeStampError);
555 char *buf = (char *)malloc(len);
556 strlcpy(buf, xpc_string_get_string_ptr(xpcTimeStampError), len+1);
557 tsaDebug("xpcTimeStampError: %s\n", buf);
558 if (buf)
559 free(buf);
560 }
561#endif
562 if (xpcTimeStampStatus)
563 {
564 result = (OSStatus)xpc_int64_get_value(xpcTimeStampStatus);
565 tsaDebug("xpcTimeStampStatus: %d\n", (int)result);
566 }
567 }
427c49bc 568
b1ab9ed8
A		 569 result = remapHTTPErrorCodes(result);
570
571 if ((result == noErr) && tsaResp && tsaRespLength)
572 {
573 *tsaRespLength = xpcTSRLength;
574 *tsaResp = (unsigned char *)malloc(xpcTSRLength);
575
576 size_t bytesCopied = xpc_data_get_bytes(xpcTimeStampReply, *tsaResp, 0, xpcTSRLength);
577 if (bytesCopied != xpcTSRLength)
578 { tsaDebug("length mismatch: copied: %ld, xpc: %ld\n", bytesCopied, xpcTSRLength); }
579 else
580 if ((result = checkForNonDERResponse(*tsaResp,bytesCopied)))
581 {
582 tsaDebug("received non-DER response from timestamp server\n");
583 }
584 else
585 {
586 result = noErr;
587 tsaDebug("copied: %ld bytes of response\n", bytesCopied);
588 }
589 }
590 tsaDebug("releasing connection\n");
591 xpc_release(con);
592 }
593 else
594 { tsaDebug("unexpected message reply type %p\n", xtype); }
fa7225c8
A		 595 if (waitSemaphore) { dispatch_semaphore_signal(waitSemaphore); }
596 dispatch_release_null(waitSemaphore);
b1ab9ed8 597 });
b1ab9ed8 598 { tsaDebug("waiting up to %d seconds for response from XPC\n", timeoutInSeconds); }
fa7225c8 599 if (waitSemaphore) { dispatch_semaphore_wait(waitSemaphore, finishTime); }
b1ab9ed8 600
fa7225c8 601 dispatch_release_null(waitSemaphore);
b1ab9ed8
A		 602 xpc_release(tsaReqData);
603 xpc_release(message);
427c49bc 604
b1ab9ed8
A		 605 { tsaDebug("sendTSARequestWithXPC exit\n"); }
606
607 return result;
608}
609
610#pragma mark ----- TimeStamp request -----
611
612#include "tsaTemplates.h"
613#include <security_asn1/SecAsn1Coder.h>
614#include <Security/oidsalg.h>
615#include <AssertMacros.h>
616#include <libkern/OSByteOrder.h>
617
618extern const SecAsn1Template kSecAsn1TSATimeStampReqTemplate;
619extern const SecAsn1Template kSecAsn1TSATimeStampRespTemplateDER;
620
621CFMutableDictionaryRef SecCmsTSAGetDefaultContext(CFErrorRef *error)
622{
623 // Caller responsible for retain/release
624 // <rdar://problem/11077440> Update SecCmsTSAGetDefaultContext with actual URL for Apple Timestamp server
625 // URL will be in TimeStampingPrefs.plist
427c49bc 626
b1ab9ed8
A		 627 CFBundleRef secFWbundle = NULL;
628 CFURLRef resourceURL = NULL;
629 CFDataRef resourceData = NULL;
630 CFPropertyListRef prefs = NULL;
631 CFMutableDictionaryRef contextDict = NULL;
632 SInt32 errorCode = 0;
633 CFOptionFlags options = 0;
634 CFPropertyListFormat format = 0;
635 OSStatus status = noErr;
427c49bc 636
b1ab9ed8 637 require_action(secFWbundle = CFBundleGetBundleWithIdentifier(CFSTR("com.apple.security")), xit, status = errSecInternalError);
5c19dc3a
A		 638 CFRetain(secFWbundle);
639
b1ab9ed8
A		 640 require_action(resourceURL = CFBundleCopyResourceURL(secFWbundle, CFSTR("TimeStampingPrefs"), CFSTR("plist"), NULL),
641 xit, status = errSecInvalidPrefsDomain);
642
643 require(CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault, resourceURL, &resourceData,
644 NULL, NULL, &errorCode), xit);
645 require_action(resourceData, xit, status = errSecDataNotAvailable);
646
647 prefs = CFPropertyListCreateWithData(kCFAllocatorDefault, resourceData, options, &format, error);
648 require_action(prefs && (CFGetTypeID(prefs)==CFDictionaryGetTypeID()), xit, status = errSecInvalidPrefsDomain);
427c49bc 649
b1ab9ed8
A		 650 contextDict = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 0, prefs);
651
652 if (error)
653 *error = NULL;
654xit:
655 if (errorCode)
656 status = errorCode;
657 if (error && status)
658 *error = CFErrorCreate(kCFAllocatorDefault, kCFErrorDomainOSStatus, status, NULL);
659 if (secFWbundle)
660 CFRelease(secFWbundle);
661 if (resourceURL)
662 CFRelease(resourceURL);
663 if (resourceData)
664 CFRelease(resourceData);
665 if (prefs)
666 CFRelease(prefs);
667
668 return contextDict;
669}
670
671static CFDataRef _SecTSARequestCopyDEREncoding(SecAsn1TSAMessageImprint *messageImprint, bool noCerts, uint64_t nonce)
672{
673 // Returns DER encoded TimeStampReq
674 // Modeled on _SecOCSPRequestCopyDEREncoding
675 // The Timestamp Authority supports 64 bit nonces (or more possibly)
427c49bc 676
b1ab9ed8
A		 677 SecAsn1CoderRef coder = NULL;
678 uint8_t version = 1;
679 SecAsn1Item vers = {1, &version};
680 uint8_t creq = noCerts?0:1;
681 SecAsn1Item certReq = {1, &creq}; //jch - to request or not?
682 SecAsn1TSATimeStampReq tsreq = {};
683 CFDataRef der = NULL;
684 uint64_t nonceVal = OSSwapHostToBigConstInt64(nonce);
685 SecAsn1Item nonceItem = {sizeof(uint64_t), (unsigned char *)&nonceVal};
686
427c49bc 687 uint8_t OID_FakePolicy_Data[] = { 0x2A, 0x03, 0x04, 0x05, 0x06};
b1ab9ed8
A		 688 const CSSM_OID fakePolicyOID = {sizeof(OID_FakePolicy_Data),OID_FakePolicy_Data};
689
690 tsreq.version = vers;
691
692 tsreq.messageImprint = *messageImprint;
693 tsreq.certReq = certReq;
427c49bc 694
b1ab9ed8
A		 695 // skip reqPolicy, extensions for now - FAKES - jch
696 tsreq.reqPolicy = fakePolicyOID; //policyID;
697
698 tsreq.nonce = nonceItem;
699
700 // Encode the request
701 require_noerr(SecAsn1CoderCreate(&coder), errOut);
427c49bc 702
b1ab9ed8
A		 703 SecAsn1Item encoded;
704 require_noerr(SecAsn1EncodeItem(coder, &tsreq,
705 &kSecAsn1TSATimeStampReqTemplate, &encoded), errOut);
706 der = CFDataCreate(kCFAllocatorDefault, encoded.Data,
707 encoded.Length);
708
709errOut:
710 if (coder)
711 SecAsn1CoderRelease(coder);
712
713 return der;
714}
715
716OSStatus SecTSAResponseCopyDEREncoding(SecAsn1CoderRef coder, const CSSM_DATA *tsaResponse, SecAsn1TimeStampRespDER *respDER)
717{
718 // Partially decode the response
719 OSStatus status = paramErr;
427c49bc 720
b1ab9ed8
A		 721 require(tsaResponse && respDER, errOut);
722 require_noerr(SecAsn1DecodeData(coder, tsaResponse,
723 &kSecAsn1TSATimeStampRespTemplateDER, respDER), errOut);
724 status = noErr;
725
726errOut:
727
728 return status;
729}
730
731#pragma mark ----- TS Callback -----
732
733OSStatus SecCmsTSADefaultCallback(CFTypeRef context, void *messageImprintV, uint64_t nonce, CSSM_DATA *signedDERBlob)
734{
735 OSStatus result = paramErr;
736 const unsigned char *tsaReq = NULL;
737 size_t tsaReqLength = 0;
738 CFDataRef cfreq = NULL;
739 unsigned char *tsaURL = NULL;
740 bool noCerts = false;
427c49bc 741
b1ab9ed8
A		 742 if (!context || CFGetTypeID(context)!=CFDictionaryGetTypeID())
743 return paramErr;
427c49bc 744
b1ab9ed8
A		 745 SecAsn1TSAMessageImprint *messageImprint = (SecAsn1TSAMessageImprint *)messageImprintV;
746 if (!messageImprint || !signedDERBlob)
747 return paramErr;
748
749 CFBooleanRef cfnocerts = (CFBooleanRef)CFDictionaryGetValue((CFDictionaryRef)context, kTSAContextKeyNoCerts);
750 if (cfnocerts)
751 {
752 tsaDebug("[TSA] Request noCerts\n");
753 noCerts = CFBooleanGetValue(cfnocerts);
754 }
755
756 // We must spoof the nonce here, before sending the request.
757 // If we tried to alter the reply, then the signature would break instead.
758 CFBooleanRef cfBadNonce = (CFBooleanRef)CFDictionaryGetValue((CFDictionaryRef)context, kTSADebugContextKeyBadNonce);
759 if (cfBadNonce && CFBooleanGetValue(cfBadNonce))
760 {
761 tsaDebug("[TSA] Forcing bad TS Request by changing nonce\n");
762 nonce++;
763 }
764
765 printDataAsHex("[TSA] hashToTimeStamp:", &messageImprint->hashedMessage,128);
766 cfreq = _SecTSARequestCopyDEREncoding(messageImprint, noCerts, nonce);
767 if (cfreq)
768 {
769 tsaReq = CFDataGetBytePtr(cfreq);
770 tsaReqLength = CFDataGetLength(cfreq);
427c49bc 771
b1ab9ed8
A		 772#ifndef NDEBUG
773 CFShow(cfreq);
774 tsaWriteFileX("/tmp/tsareq.req", tsaReq, tsaReqLength);
775#endif
776 }
427c49bc 777
fa7225c8 778 CFTypeRef url = CFDictionaryGetValue((CFDictionaryRef)context, kTSAContextKeyURL);
b1ab9ed8
A		 779 if (!url)
780 {
781 tsaDebug("[TSA] missing URL for TSA (key: %s)\n", "kTSAContextKeyURL");
782 goto xit;
783 }
427c49bc 784
fa7225c8
A		 785 CFStringRef urlStr = NULL;
786 if (CFURLGetTypeID() == CFGetTypeID(url)) {
787 urlStr = CFURLGetString(url);
788 } else {
789 require_quiet(CFStringGetTypeID() == CFGetTypeID(url), xit);
790 urlStr = url;
791 }
792 require_quiet(urlStr, xit);
793
b1ab9ed8
A		 794 /*
795 If debugging, look at special values in the context to mess things up
796 */
427c49bc 797
b1ab9ed8
A		 798 CFBooleanRef cfBadReq = (CFBooleanRef)CFDictionaryGetValue((CFDictionaryRef)context, kTSADebugContextKeyBadReq);
799 if (cfBadReq && CFBooleanGetValue(cfBadReq))
800 {
801 tsaDebug("[TSA] Forcing bad TS Request by truncating length from %ld to %ld\n", tsaReqLength, (tsaReqLength-4));
802 tsaReqLength -= 4;
803 }
427c49bc 804
b1ab9ed8 805 // need to extract into buffer
fa7225c8 806 CFIndex length = CFStringGetLength(urlStr); // in 16-bit character units
b1ab9ed8 807 tsaURL = malloc(6 * length + 1); // pessimistic
fa7225c8 808 if (!CFStringGetCString(urlStr, (char *)tsaURL, 6 * length + 1, kCFStringEncodingUTF8))
b1ab9ed8
A		 809 goto xit;
810
811 tsaDebug("[TSA] URL for timestamp server: %s\n", tsaURL);
812
813 unsigned char *tsaResp = NULL;
814 size_t tsaRespLength = 0;
815 tsaDebug("calling sendTSARequestWithXPC with %ld bytes of request\n", tsaReqLength);
816
817 require_noerr(result = sendTSARequestWithXPC(tsaReq, tsaReqLength, tsaURL, &tsaResp, &tsaRespLength), xit);
818
819 tsaDebug("sendTSARequestWithXPC copied: %ld bytes of response\n", tsaRespLength);
820
821 signedDERBlob->Data = tsaResp;
822 signedDERBlob->Length = tsaRespLength;
427c49bc 823
b1ab9ed8 824 result = noErr;
427c49bc 825
b1ab9ed8
A		 826xit:
827 if (tsaURL)
828 free((void *)tsaURL);
829 if (cfreq)
830 CFRelease(cfreq);
831
832 return result;
833}
834
835#pragma mark ----- TimeStamp Verification -----
836
837static OSStatus convertGeneralizedTimeToCFAbsoluteTime(const char *timeStr, CFAbsoluteTime *ptime)
838{
839 /*
840 See http://userguide.icu-project.org/formatparse/datetime for date/time format.
841 The "Z" signal a GMT time, but CFDateFormatterGetAbsoluteTimeFromString returns
427c49bc 842 values based on local time.
b1ab9ed8
A		 843 */
844
845 OSStatus result = noErr;
846 CFDateFormatterRef formatter = NULL;
847 CFStringRef time_string = NULL;
848 CFTimeZoneRef gmt = NULL;
849 CFLocaleRef locale = NULL;
850 CFRange *rangep = NULL;
851
852 require(timeStr && timeStr[0] && ptime, xit);
853 require(formatter = CFDateFormatterCreate(kCFAllocatorDefault, locale, kCFDateFormatterNoStyle, kCFDateFormatterNoStyle), xit);
854// CFRetain(formatter);
855 CFDateFormatterSetFormat(formatter, CFSTR("yyyyMMddHHmmss'Z'")); // GeneralizedTime
856 gmt = CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0);
857 CFDateFormatterSetProperty(formatter, kCFDateFormatterTimeZone, gmt);
858
859 time_string = CFStringCreateWithCString(kCFAllocatorDefault, timeStr, kCFStringEncodingUTF8);
860 if (!time_string || !CFDateFormatterGetAbsoluteTimeFromString(formatter, time_string, rangep, ptime))
861 {
862 dtprintf("%s is not a valid date\n", timeStr);
863 result = 1;
864 }
865
866xit:
427c49bc 867 if (formatter)
b1ab9ed8 868 CFRelease(formatter);
427c49bc 869 if (time_string)
b1ab9ed8 870 CFRelease(time_string);
427c49bc 871 if (gmt)
b1ab9ed8 872 CFRelease(gmt);
427c49bc 873
b1ab9ed8
A		 874 return result;
875}
876
8a50f688 877static OSStatus SecTSAValidateTimestamp(const SecAsn1TSATSTInfo *tstInfo, SecCertificateRef signerCert, CFAbsoluteTime *timestampTime)
b1ab9ed8
A		 878{
879 // See <rdar://problem/11077708> Properly handle revocation information of timestamping certificate
880 OSStatus result = paramErr;
881 CFAbsoluteTime genTime = 0;
882 char timeStr[32] = {0,};
b1ab9ed8 883
8a50f688 884 require(tstInfo && signerCert && (tstInfo->genTime.Length < 16), xit);;
427c49bc 885
b1ab9ed8
A		 886 memcpy(timeStr, tstInfo->genTime.Data, tstInfo->genTime.Length);
887 timeStr[tstInfo->genTime.Length] = 0;
888 require_noerr(convertGeneralizedTimeToCFAbsoluteTime(timeStr, &genTime), xit);
8a50f688 889 if (SecCertificateIsValidX(signerCert, genTime)) // iOS?
b1ab9ed8
A		 890 result = noErr;
891 else
892 result = errSecTimestampInvalid;
893 if (timestampTime)
894 *timestampTime = genTime;
895xit:
896 return result;
897}
898
8a50f688 899static OSStatus verifyTSTInfo(const CSSM_DATA_PTR content, SecCertificateRef signerCert, SecAsn1TSATSTInfo *tstInfo, CFAbsoluteTime *timestampTime, uint64_t expectedNonce)
b1ab9ed8
A		 900{
901 OSStatus status = paramErr;
902 SecAsn1CoderRef coder = NULL;
903
904 if (!tstInfo)
905 return SECFailure;
427c49bc 906
b1ab9ed8 907 require_noerr(SecAsn1CoderCreate(&coder), xit);
427c49bc 908 require_noerr(SecAsn1Decode(coder, content->Data, content->Length,
b1ab9ed8
A		 909 kSecAsn1TSATSTInfoTemplate, tstInfo), xit);
910 displayTSTInfo(tstInfo);
427c49bc 911
b1ab9ed8
A		 912 // Check the nonce
913 if (tstInfo->nonce.Data && expectedNonce!=0)
914 {
915 uint64_t nonce = tsaDER_ToInt(&tstInfo->nonce);
916 // if (expectedNonce!=nonce)
917 dtprintf("verifyTSTInfo nonce: actual: %lld, expected: %lld\n", nonce, expectedNonce);
918 require_action(expectedNonce==nonce, xit, status = errSecTimestampRejection);
919 }
427c49bc 920
8a50f688 921 status = SecTSAValidateTimestamp(tstInfo, signerCert, timestampTime);
b1ab9ed8
A		 922 dtprintf("SecTSAValidateTimestamp result: %ld\n", (long)status);
923
924xit:
925 if (coder)
926 SecAsn1CoderRelease(coder);
927 return status;
928}
929
930static void debugShowExtendedTrustResult(int index, CFDictionaryRef extendedResult)
931{
932#ifndef NDEBUG
933 if (extendedResult)
934 {
935 CFStringRef xresStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL,
936 CFSTR("Extended trust result for signer #%d : %@"), index, extendedResult);
937 if (xresStr)
938 {
939 CFShow(xresStr);
940 CFRelease(xresStr);
941 }
942 }
943#endif
944}
945
946#ifndef NDEBUG
947extern const char *cssmErrorString(CSSM_RETURN error);
948
949static void statusBitTest(CSSM_TP_APPLE_CERT_STATUS certStatus, uint32 bit, const char *str)
950{
951 if (certStatus & bit)
952 dtprintf("%s ", str);
953}
954#endif
955
956static void debugShowCertEvidenceInfo(uint16_t certCount, const CSSM_TP_APPLE_EVIDENCE_INFO *info)
957{
958#ifndef NDEBUG
959 CSSM_TP_APPLE_CERT_STATUS cs;
960// const CSSM_TP_APPLE_EVIDENCE_INFO *pinfo = info;
961 uint16_t ix;
962 for (ix=0; info && (ix<certCount); ix++, ++info)
963 {
964 cs = info->StatusBits;
965 dtprintf(" cert %u:\n", ix);
966 dtprintf(" StatusBits : 0x%x", (unsigned)cs);
967 if (cs)
968 {
969 dtprintf(" ( ");
970 statusBitTest(cs, CSSM_CERT_STATUS_EXPIRED, "EXPIRED");
427c49bc 971 statusBitTest(cs, CSSM_CERT_STATUS_NOT_VALID_YET,
b1ab9ed8 972 "NOT_VALID_YET");
427c49bc 973 statusBitTest(cs, CSSM_CERT_STATUS_IS_IN_INPUT_CERTS,
b1ab9ed8 974 "IS_IN_INPUT_CERTS");
427c49bc 975 statusBitTest(cs, CSSM_CERT_STATUS_IS_IN_ANCHORS,
b1ab9ed8
A		 976 "IS_IN_ANCHORS");
977 statusBitTest(cs, CSSM_CERT_STATUS_IS_ROOT, "IS_ROOT");
978 statusBitTest(cs, CSSM_CERT_STATUS_IS_FROM_NET, "IS_FROM_NET");
979 dtprintf(")\n");
980 }
981 else
982 dtprintf("\n");
983
984 dtprintf(" NumStatusCodes : %u ", info->NumStatusCodes);
985 CSSM_RETURN *pstatuscode = info->StatusCodes;
986 uint16_t jx;
987 for (jx=0; pstatuscode && (jx<info->NumStatusCodes); jx++, ++pstatuscode)
988 dtprintf("%s ", cssmErrorString(*pstatuscode));
427c49bc 989
b1ab9ed8
A		 990 dtprintf("\n");
991 dtprintf(" Index: %u\n", info->Index);
992 }
993
994#endif
995}
996
427c49bc 997#ifndef NDEBUG
b1ab9ed8
A		 998static const char *trustResultTypeString(SecTrustResultType trustResultType)
999{
b1ab9ed8
A		 1000 switch (trustResultType)
1001 {
1002 case kSecTrustResultProceed: return "TrustResultProceed";
1003 case kSecTrustResultUnspecified: return "TrustResultUnspecified";
1004 case kSecTrustResultDeny: return "TrustResultDeny"; // user reject
1005 case kSecTrustResultInvalid: return "TrustResultInvalid";
b1ab9ed8
A		 1006 case kSecTrustResultRecoverableTrustFailure: return "TrustResultRecoverableTrustFailure";
1007 case kSecTrustResultFatalTrustFailure: return "TrustResultUnspecified";
1008 case kSecTrustResultOtherError: return "TrustResultOtherError";
1009 default: return "TrustResultUnknown";
1010 }
b1ab9ed8
A		 1011 return "";
1012}
427c49bc 1013#endif
b1ab9ed8 1014
d8f41ccd 1015static OSStatus verifySigners(SecCmsSignedDataRef signedData, int numberOfSigners, CFTypeRef timeStampPolicy)
b1ab9ed8
A		 1016{
1017 // See <rdar://problem/11077588> Bubble up SecTrustEvaluate of timestamp response to high level callers
1018 // Also <rdar://problem/11077708> Properly handle revocation information of timestamping certificate
1019
d87e1158 1020 SecTrustRef trustRef = NULL;
d8f41ccd 1021 CFTypeRef policy = CFRetainSafe(timeStampPolicy);
427c49bc
A		 1022 int result=errSecInternalError;
1023 int rx;
1024
d8f41ccd
A		 1025 if (!policy) {
1026 require(policy = SecPolicyCreateWithOID(kSecPolicyAppleTimeStamping), xit);
1027 }
1028
b1ab9ed8
A		 1029 int jx;
1030 for (jx = 0; jx < numberOfSigners; ++jx)
1031 {
1032 SecTrustResultType trustResultType;
b1ab9ed8
A		 1033 CFDictionaryRef extendedResult = NULL;
1034 CFArrayRef certChain = NULL;
1035 uint16_t certCount = 0;
427c49bc 1036
b1ab9ed8
A		 1037 CSSM_TP_APPLE_EVIDENCE_INFO *statusChain = NULL;
1038
1039 // SecCmsSignedDataVerifySignerInfo returns trustRef, which we can call SecTrustEvaluate on
1040 // usually (always?) if result is noErr, the SecTrust*Result calls will return errSecTrustNotAvailable
1041 result = SecCmsSignedDataVerifySignerInfo (signedData, jx, NULL, policy, &trustRef);
1042 dtprintf("[%s] SecCmsSignedDataVerifySignerInfo: result: %d, signer: %d\n",
1043 __FUNCTION__, result, jx);
1044 require_noerr(result, xit);
8e292c99 1045
b1ab9ed8
A		 1046 result = SecTrustEvaluate (trustRef, &trustResultType);
1047 dtprintf("[%s] SecTrustEvaluate: result: %d, trustResult: %s (%d)\n",
1048 __FUNCTION__, result, trustResultTypeString(trustResultType), trustResultType);
1049 if (result)
1050 goto xit;
1051 switch (trustResultType)
1052 {
1053 case kSecTrustResultProceed:
1054 case kSecTrustResultUnspecified:
1055 break; // success
1056 case kSecTrustResultDeny: // user reject
1057 result = errSecTimestampNotTrusted; // SecCmsVSTimestampNotTrusted ?
1058 break;
1059 case kSecTrustResultInvalid:
1060 assert(false); // should never happen
1061 result = errSecTimestampNotTrusted; // SecCmsVSTimestampNotTrusted ?
1062 break;
b1ab9ed8
A		 1063 case kSecTrustResultRecoverableTrustFailure:
1064 case kSecTrustResultFatalTrustFailure:
1065 case kSecTrustResultOtherError:
1066 default:
1067 {
1068 /*
1069 There are two "errors" that need to be resolved externally:
1070 CSSMERR_TP_CERT_EXPIRED can be OK if the timestamp was made
1071 before the TSA chain expired; CSSMERR_TP_CERT_NOT_VALID_YET
1072 can happen in the case where the user's clock was set to 0.
1073 We don't want to prevent them using apps automatically, so
1074 return noErr and let codesign or whover decide.
1075 */
1076 OSStatus resultCode;
1077 require_action(SecTrustGetCssmResultCode(trustRef, &resultCode)==noErr, xit, result = errSecTimestampNotTrusted);
1078 result = (resultCode == CSSMERR_TP_CERT_EXPIRED || resultCode == CSSMERR_TP_CERT_NOT_VALID_YET)?noErr:errSecTimestampNotTrusted;
1079 }
1080 break;
1081 }
427c49bc 1082
b1ab9ed8
A		 1083 rx = SecTrustGetResult(trustRef, &trustResultType, &certChain, &statusChain);
1084 dtprintf("[%s] SecTrustGetResult: result: %d, type: %d\n", __FUNCTION__,rx, trustResultType);
1085 certCount = certChain?CFArrayGetCount(certChain):0;
1086 debugShowCertEvidenceInfo(certCount, statusChain);
d87e1158 1087 CFReleaseNull(certChain);
427c49bc 1088
b1ab9ed8
A		 1089 rx = SecTrustCopyExtendedResult(trustRef, &extendedResult);
1090 dtprintf("[%s] SecTrustCopyExtendedResult: result: %d\n", __FUNCTION__, rx);
1091 if (extendedResult)
1092 {
1093 debugShowExtendedTrustResult(jx, extendedResult);
1094 CFRelease(extendedResult);
1095 }
427c49bc 1096
b1ab9ed8 1097 if (trustRef)
d87e1158 1098 CFReleaseNull(trustRef);
b1ab9ed8
A		 1099 }
1100
1101xit:
d87e1158
A		 1102 if (trustRef)
1103 CFReleaseNull(trustRef);
b1ab9ed8 1104 if (policy)
d87e1158 1105 CFRelease(policy);
b1ab9ed8
A		 1106 return result;
1107}
1108
1109static OSStatus impExpImportCertUnCommon(
1110 const CSSM_DATA *cdata,
1111 SecKeychainRef importKeychain, // optional
427c49bc 1112 CFMutableArrayRef outArray) // optional, append here
b1ab9ed8
A		 1113{
1114 // The only difference between this and impExpImportCertCommon is that we append to outArray
1115 // before attempting to add to the keychain
1116 OSStatus status = noErr;
1117 SecCertificateRef certRef = NULL;
427c49bc 1118
b1ab9ed8
A		 1119 require_action(cdata, xit, status = errSecUnsupportedFormat);
1120
1121 /* Pass kCFAllocatorNull as bytesDeallocator to assure the bytes aren't freed */
1122 CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)cdata->Data, (CFIndex)cdata->Length, kCFAllocatorNull);
1123 require_action(data, xit, status = errSecUnsupportedFormat);
1124
1125 certRef = SecCertificateCreateWithData(kCFAllocatorDefault, data);
1126 CFRelease(data); /* certRef has its own copy of the data now */
1127 if(!certRef) {
1128 dtprintf("impExpHandleCert error\n");
1129 return errSecUnsupportedFormat;
1130 }
1131
1132 if (outArray)
1133 CFArrayAppendValue(outArray, certRef);
1134
1135 if (importKeychain)
1136 {
1137 status = SecCertificateAddToKeychain(certRef, importKeychain);
1138 if (status!=noErr && status!=errSecDuplicateItem)
1139 { dtprintf("SecCertificateAddToKeychain error: %ld\n", (long)status); }
1140 }
1141
1142xit:
1143 if (certRef)
1144 CFRelease(certRef);
1145 return status;
1146}
1147
1148static void saveTSACertificates(CSSM_DATA **signingCerts, CFMutableArrayRef outArray)
1149{
1150 SecKeychainRef defaultKeychain = NULL;
8e292c99
A		 1151 // Don't save certificates in keychain to avoid securityd issues
1152// if (SecKeychainCopyDefault(&defaultKeychain))
1153// defaultKeychain = NULL;
b1ab9ed8
A		 1154
1155 unsigned certCount = SecCmsArrayCount((void **)signingCerts);
1156 unsigned dex;
1157 for (dex=0; dex<certCount; dex++)
1158 {
1159 OSStatus rx = impExpImportCertUnCommon(signingCerts[dex], defaultKeychain, outArray);
1160 if (rx!=noErr && rx!=errSecDuplicateItem)
1161 dtprintf("impExpImportCertCommon failed: %ld\n", (long)rx);
1162 }
1163 if (defaultKeychain)
1164 CFRelease(defaultKeychain);
1165}
1166
1167static const char *cfabsoluteTimeToString(CFAbsoluteTime abstime)
1168{
1169 CFGregorianDate greg = CFAbsoluteTimeGetGregorianDate(abstime, NULL);
1170 char str[20];
1171 if (19 != snprintf(str, 20, "%4.4d-%2.2d-%2.2d_%2.2d:%2.2d:%2.2d",
1172 (int)greg.year, greg.month, greg.day, greg.hour, greg.minute, (int)greg.second))
1173 str[0]=0;
1174 char *data = (char *)malloc(20);
1175 strncpy(data, str, 20);
1176 return data;
1177}
1178
1179static OSStatus setTSALeafValidityDates(SecCmsSignerInfoRef signerinfo)
1180{
8a50f688 1181 SecCertificateRef tsaLeaf = SecCmsSignerInfoGetSigningCertificate(signerinfo, NULL);
427c49bc 1182
8a50f688 1183 if (!tsaLeaf)
b1ab9ed8 1184 return SecCmsVSSigningCertNotFound;
427c49bc 1185
427c49bc
A		 1186 signerinfo->tsaLeafNotBefore = SecCertificateNotValidBefore(tsaLeaf); /* Start date for Timestamp Authority leaf */
1187 signerinfo->tsaLeafNotAfter = SecCertificateNotValidAfter(tsaLeaf); /* Expiration date for Timestamp Authority leaf */
b1ab9ed8
A		 1188
1189 const char *nbefore = cfabsoluteTimeToString(signerinfo->tsaLeafNotBefore);
1190 const char *nafter = cfabsoluteTimeToString(signerinfo->tsaLeafNotAfter);
1191 if (nbefore && nafter)
1192 {
1193 dtprintf("Timestamp Authority leaf valid from %s to %s\n", nbefore, nafter);
1194 free((void *)nbefore);free((void *)nafter);
1195 }
1196
8a50f688 1197 return errSecSuccess;
b1ab9ed8
A		 1198}
1199
1200/*
1201 From RFC 3161: Time-Stamp Protocol (TSP),August 2001, APPENDIX B:
427c49bc 1202
b1ab9ed8
A		 1203 B) The validity of the digital signature may then be verified in the
1204 following way:
1205
1206 1) The time-stamp token itself MUST be verified and it MUST be
1207 verified that it applies to the signature of the signer.
1208
1209 2) The date/time indicated by the TSA in the TimeStampToken
1210 MUST be retrieved.
1211
1212 3) The certificate used by the signer MUST be identified and
1213 retrieved.
1214
1215 4) The date/time indicated by the TSA MUST be within the
1216 validity period of the signer's certificate.
1217
1218 5) The revocation information about that certificate, at the
1219 date/time of the Time-Stamping operation, MUST be retrieved.
1220
1221 6) Should the certificate be revoked, then the date/time of
1222 revocation shall be later than the date/time indicated by
1223 the TSA.
1224
1225 If all these conditions are successful, then the digital signature
1226 shall be declared as valid.
1227
1228*/
1229
1230OSStatus decodeTimeStampToken(SecCmsSignerInfoRef signerinfo, CSSM_DATA_PTR inData, CSSM_DATA_PTR encDigest, uint64_t expectedNonce)
d8f41ccd
A		 1231{
1232 return decodeTimeStampTokenWithPolicy(signerinfo, NULL, inData, encDigest, expectedNonce);
1233}
1234
1235OSStatus decodeTimeStampTokenWithPolicy(SecCmsSignerInfoRef signerinfo, CFTypeRef timeStampPolicy, CSSM_DATA_PTR inData, CSSM_DATA_PTR encDigest, uint64_t expectedNonce)
b1ab9ed8
A		 1236{
1237 /*
1238 We update signerinfo with timestamp and tsa certificate chain.
1239 encDigest is the original signed blob, which we must hash and compare.
1240 inData comes from the unAuthAttr section of the CMS message
427c49bc 1241
b1ab9ed8 1242 These are set in signerinfo as side effects:
ecaf5866 1243 timestampTime
b1ab9ed8 1244 timestampCertList
ecaf5866 1245 timestampCert
b1ab9ed8
A		 1246 */
1247
1248 SecCmsDecoderRef decoderContext = NULL;
1249 SecCmsMessageRef cmsMessage = NULL;
1250 SecCmsContentInfoRef contentInfo;
1251 SecCmsSignedDataRef signedData;
1252 SECOidTag contentTypeTag;
1253 int contentLevelCount;
1254 int ix;
1255 OSStatus result = errSecUnknownFormat;
1256 CSSM_DATA **signingCerts = NULL;
1257
427c49bc 1258 dtprintf("decodeTimeStampToken top: PORT_GetError() %d -----\n", PORT_GetError());
8e292c99 1259 PORT_SetError(0);
427c49bc 1260
b1ab9ed8
A		 1261 /* decode the message */
1262 require_noerr(result = SecCmsDecoderCreate (NULL, NULL, NULL, NULL, NULL, NULL, NULL, &decoderContext), xit);
1263 result = SecCmsDecoderUpdate(decoderContext, inData->Data, inData->Length);
1264 if (result)
1265 {
1266 result = errSecTimestampInvalid;
1267 SecCmsDecoderDestroy(decoderContext);
1268 goto xit;
1269 }
427c49bc 1270
b1ab9ed8
A		 1271 require_noerr(result = SecCmsDecoderFinish(decoderContext, &cmsMessage), xit);
1272
1273 // process the results
1274 contentLevelCount = SecCmsMessageContentLevelCount(cmsMessage);
427c49bc 1275
b1ab9ed8
A		 1276 if (encDigest)
1277 printDataAsHex("encDigest",encDigest, 0);
1278
1279 for (ix = 0; ix < contentLevelCount; ++ix)
1280 {
1281 dtprintf("\n----- Content Level %d -----\n", ix);
1282 // get content information
1283 contentInfo = SecCmsMessageContentLevel (cmsMessage, ix);
1284 contentTypeTag = SecCmsContentInfoGetContentTypeTag (contentInfo);
427c49bc 1285
b1ab9ed8
A		 1286 // After 2nd round, contentInfo.content.data is the TSTInfo
1287
1288 debugShowContentTypeOID(contentInfo);
427c49bc 1289
b1ab9ed8
A		 1290 switch (contentTypeTag)
1291 {
1292 case SEC_OID_PKCS7_SIGNED_DATA:
1293 {
1294 require((signedData = (SecCmsSignedDataRef)SecCmsContentInfoGetContent(contentInfo)) != NULL, xit);
427c49bc 1295
b1ab9ed8
A		 1296 debugShowSignerInfo(signedData);
1297
1298 SECAlgorithmID **digestAlgorithms = SecCmsSignedDataGetDigestAlgs(signedData);
1299 unsigned digestAlgCount = SecCmsArrayCount((void **)digestAlgorithms);
1300 dtprintf("digestAlgCount: %d\n", digestAlgCount);
1301 if (signedData->digests)
1302 {
1303 int jx;
1304 char buffer[128];
1305 for (jx=0;jx < digestAlgCount;jx++)
1306 {
1307 sprintf(buffer, " digest[%u]", jx);
1308 printDataAsHex(buffer,signedData->digests[jx], 0);
1309 }
1310 }
1311 else
1312 {
1313 dtprintf("No digests\n");
1314 CSSM_DATA_PTR innerContent = SecCmsContentInfoGetInnerContent(contentInfo);
1315 if (innerContent)
1316 {
1317 dtprintf("inner content length: %ld\n", innerContent->Length);
1318 SecAsn1TSAMessageImprint fakeMessageImprint = {{{0}},};
1319 OSStatus status = createTSAMessageImprint(signedData, innerContent, &fakeMessageImprint);
866f8763 1320 require_noerr_action(status, xit, dtprintf("createTSAMessageImprint status: %d\n", (int)status); result = status);
b1ab9ed8
A		 1321 printDataAsHex("inner content hash",&fakeMessageImprint.hashedMessage, 0);
1322 CSSM_DATA_PTR digestdata = &fakeMessageImprint.hashedMessage;
1323 CSSM_DATA_PTR digests[2] = {digestdata, NULL};
866f8763
A		 1324 status = SecCmsSignedDataSetDigests(signedData, digestAlgorithms, (CSSM_DATA_PTR *)&digests);
1325 require_noerr_action(status, xit, dtprintf("createTSAMessageImprint status: %d\n", (int)status); result = status);
b1ab9ed8
A		 1326 }
1327 else
1328 dtprintf("no inner content\n");
1329 }
1330
1331 /*
1332 Import the certificates. We leave this as a warning, since
1333 there are configurations where the certificates are not returned.
1334 */
1335 signingCerts = SecCmsSignedDataGetCertificateList(signedData);
1336 if (signingCerts == NULL)
1337 { dtprintf("SecCmsSignedDataGetCertificateList returned NULL\n"); }
1338 else
1339 {
1340 if (!signerinfo->timestampCertList)
1341 signerinfo->timestampCertList = CFArrayCreateMutable(kCFAllocatorDefault, 10, &kCFTypeArrayCallBacks);
1342 saveTSACertificates(signingCerts, signerinfo->timestampCertList);
1343 require_noerr(result = setTSALeafValidityDates(signerinfo), xit);
1344 debugSaveCertificates(signingCerts);
1345 }
1346
1347 int numberOfSigners = SecCmsSignedDataSignerInfoCount (signedData);
1348
ecaf5866
A		 1349 if (numberOfSigners > 0) {
1350 /* @@@ assume there's only one signer since SecCms can't handle multiple signers anyway */
1351 signerinfo->timestampCert = CFRetainSafe(SecCmsSignerInfoGetSigningCertificate(signedData->signerInfos[0], NULL));
1352 }
1353
d8f41ccd 1354 result = verifySigners(signedData, numberOfSigners, timeStampPolicy);
b1ab9ed8
A		 1355 if (result)
1356 dtprintf("verifySigners failed: %ld\n", (long)result); // warning
427c49bc
A		 1357
1358
b1ab9ed8
A		 1359 if (result) // remap to SecCmsVSTimestampNotTrusted ?
1360 goto xit;
427c49bc 1361
b1ab9ed8
A		 1362 break;
1363 }
1364 case SEC_OID_PKCS9_SIGNING_CERTIFICATE:
1365 {
1366 dtprintf("SEC_OID_PKCS9_SIGNING_CERTIFICATE seen\n");
1367 break;
1368 }
427c49bc 1369
b1ab9ed8
A		 1370 case SEC_OID_PKCS9_ID_CT_TSTInfo:
1371 {
1372 SecAsn1TSATSTInfo tstInfo = {{0},};
ecaf5866 1373 SecCertificateRef signerCert = SecCmsSignerInfoGetTimestampSigningCert(signerinfo);
8a50f688 1374 result = verifyTSTInfo(contentInfo->rawContent, signerCert, &tstInfo, &signerinfo->timestampTime, expectedNonce);
b1ab9ed8
A		 1375 if (signerinfo->timestampTime)
1376 {
1377 const char *tstamp = cfabsoluteTimeToString(signerinfo->timestampTime);
1378 if (tstamp)
1379 {
1380 dtprintf("Timestamp Authority timestamp: %s\n", tstamp);
1381 free((void *)tstamp);
1382 }
1383 }
1384 break;
1385 }
1386 case SEC_OID_OTHER:
1387 {
427c49bc 1388 dtprintf("otherContent : %p\n", (char *)SecCmsContentInfoGetContent (contentInfo));
b1ab9ed8
A		 1389 break;
1390 }
1391 default:
1392 dtprintf("ContentTypeTag : %x\n", contentTypeTag);
1393 break;
1394 }
1395 }
1396xit:
1397 if (cmsMessage)
1398 SecCmsMessageDestroy(cmsMessage);
1399
1400 return result;
1401}
1402
1403
mirror of Security