+++ /dev/null
-/*
- * Copyright (c) 2008-2010 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-#include "SecSCEP.h"
-
-#include <Security/SecCMS.h>
-#include <Security/SecRandom.h>
-#include <Security/SecIdentityPriv.h>
-#include <string.h>
-#include <AssertMacros.h>
-#include <CommonCrypto/CommonDigest.h>
-#include <CommonCrypto/CommonDigestSPI.h>
-#include <Security/SecItem.h>
-#include <Security/SecInternal.h>
-#include <Security/SecCertificateInternal.h>
-#include <Security/SecKeyPriv.h>
-#include <Security/SecInternal.h>
-#include <libDER/DER_Encode.h>
-#include <uuid/uuid.h>
-#include <utilities/array_size.h>
-#include <utilities/debugging.h>
-#include <utilities/SecIOFormat.h>
-
-typedef enum {
- messageType = 2,
- pkiStatus = 3,
- failInfo = 4,
- senderNonce = 5,
- recipientNonce = 6,
- transId = 7
-} scep_attr_t;
-
-static CFDataRef scep_oid(scep_attr_t type)
-{
-/* +-------------------+-----------------------------------------------+
- | Name | ASN.1 Definition |
- +-------------------+-----------------------------------------------+
- | id-VeriSign | OBJECT_IDENTIFIER ::= {2 16 US(840) 1 |
- | | VeriSign(113733)} |
- | id-pki | OBJECT_IDENTIFIER ::= {id-VeriSign pki(1)} |
- | id-attributes | OBJECT_IDENTIFIER ::= {id-pki attributes(9)} |
- | id-messageType | OBJECT_IDENTIFIER ::= {id-attributes |
- | | messageType(2)} |
- | id-pkiStatus | OBJECT_IDENTIFIER ::= {id-attributes |
- | | pkiStatus(3)} |
- | id-failInfo | OBJECT_IDENTIFIER ::= {id-attributes |
- | | failInfo(4)} |
- | id-senderNonce | OBJECT_IDENTIFIER ::= {id-attributes |
- | | senderNonce(5)} |
- | id-recipientNonce | OBJECT_IDENTIFIER ::= {id-attributes |
- | | recipientNonce(6)} |
- | id-transId | OBJECT_IDENTIFIER ::= {id-attributes |
- | | transId(7)} |
- | id-extensionReq | OBJECT_IDENTIFIER ::= {id-attributes |
- | | extensionReq(8)} |
- +-------------------+-----------------------------------------------+ */
- uint8_t oid_scep_attrs[] =
- { 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0 };
- /* messageType:2 pkiStatus:3 failInfo:4 senderNonce:5 recipientNonce:6 transId:7 */
- if ((type < messageType) || (type > transId))
- return NULL;
-
- oid_scep_attrs[sizeof(oid_scep_attrs) - 1] = type;
- return CFDataCreate(kCFAllocatorDefault, oid_scep_attrs, sizeof(oid_scep_attrs));
-}
-
-static const char CertRep[] = "3";
-static const char PKCSReq[] = "19";
-static const char GetCertInitial[] = "20";
-static const char GetCert[] = "21";
-static const char GetCRL[] = "22";
-static const char PKIStatusSUCCESS[] = "0";
-static const char PKIStatusFAILURE[] = "2";
-static const char PKIStatusPENDING[] = "3";
-
-static CFDataRef
-printable_string_data(size_t length, const char *bytes)
-{
- DERSize der_length_len = DERLengthOfLength(length);
- size_t value_length = sizeof(SecASN1PrintableString) + der_length_len + length;
- CFMutableDataRef data = CFDataCreateMutable(kCFAllocatorDefault, value_length);
- CFDataSetLength(data, value_length);
- uint8_t *ptr = (uint8_t *)CFDataGetBytePtr(data);
- *ptr++ = SecASN1PrintableString;
- DEREncodeLength(length, ptr, &der_length_len);
- ptr += der_length_len;
- memcpy(ptr, bytes, length);
- return (CFDataRef)data;
-}
-
-#define scep_result(value) printable_string_data(sizeof(value)-1, value)
-
-static CFTypeRef
-dictionary_array_value_1(CFDictionaryRef attrs, CFTypeRef attr)
-{
- CFTypeRef value = NULL;
- CFArrayRef attr_values = NULL;
-
- require(attr_values = (CFArrayRef)CFDictionaryGetValue(attrs, attr), out);
- require(CFArrayGetCount(attr_values) == 1, out);
- value = CFArrayGetValueAtIndex(attr_values, 0);
-out:
- return value;
-}
-
-/* @@@ consider splitting into function returning single value
- and function creating printable string from c str */
-static bool scep_attr_has_val(CFDictionaryRef attrs, scep_attr_t attr, const char *val)
-{
- bool result = false;
- CFDataRef msgtype_value_data = printable_string_data(strlen(val), val);
- CFArrayRef msgtype_value_datas = CFArrayCreate(kCFAllocatorDefault,
- (const void **)&msgtype_value_data, 1, &kCFTypeArrayCallBacks);
- CFRelease(msgtype_value_data);
- CFDataRef msgtype_oid_data = scep_oid(attr);
- CFArrayRef msgtype_values = (CFArrayRef)CFDictionaryGetValue(attrs, msgtype_oid_data);
- CFRelease(msgtype_oid_data);
- if (msgtype_values && CFEqual(msgtype_value_datas, msgtype_values))
- result = true;
- CFRelease(msgtype_value_datas);
-
- return result;
-}
-
-static CFDataRef hexencode(CFDataRef data)
-{
- CFIndex ix, length = CFDataGetLength(data);
- const uint8_t *bin_data = CFDataGetBytePtr(data);
- uint8_t *hex_data = calloc(1, 2*length + 1);
- require(length && bin_data && hex_data, out);
-
- for (ix = 0; ix < length; ix++)
- snprintf((char *)&hex_data[2*ix], 3, "%02X", bin_data[ix]);
-
- return CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, hex_data,
- 2*length, kCFAllocatorMalloc);
-out:
- if (hex_data)
- free(hex_data);
- return NULL;
-}
-
-static CFDataRef pubkeyhash(SecKeyRef key)
-{
- CFTypeRef key_type = NULL;
- CFDictionaryRef pubkey_attrs = NULL;
- CFDataRef hash_pubkey_data = NULL, pubkey_data = NULL;
- uint8_t pubkey_hash[CC_SHA1_DIGEST_LENGTH];
-
- require(pubkey_attrs = SecKeyCopyAttributeDictionary(key), out);
- require( (key_type = CFDictionaryGetValue(pubkey_attrs, kSecAttrKeyClass)) &&
- CFEqual(key_type, kSecAttrKeyClassPublic), out);
- require(pubkey_data = CFDictionaryGetValue(pubkey_attrs, kSecValueData), out);
- require((unsigned long)CFDataGetLength(pubkey_data)<=UINT32_MAX, out); /* Correct as long as CFIndex is long */
- CCDigest(kCCDigestSHA1, CFDataGetBytePtr(pubkey_data), (CC_LONG)CFDataGetLength(pubkey_data), pubkey_hash);
- hash_pubkey_data = CFDataCreate(kCFAllocatorDefault, pubkey_hash, sizeof(pubkey_hash));
-out:
- CFReleaseSafe(pubkey_attrs);
- return hash_pubkey_data;
-}
-
-static void generate_sender_nonce(CFMutableDictionaryRef dict)
-{
- /* random sender nonce, to be verified against recipient nonce in reply */
- CFDataRef senderNonce_oid_data = scep_oid(senderNonce);
- uint8_t senderNonce_value[18] = { 4, 16, };
- SecRandomCopyBytes(kSecRandomDefault, sizeof(senderNonce_value) - 2, senderNonce_value + 2);
- CFDataRef senderNonce_value_data = CFDataCreate(kCFAllocatorDefault,
- senderNonce_value, sizeof(senderNonce_value));
- if (senderNonce_oid_data && senderNonce_value_data)
- CFDictionarySetValue(dict, senderNonce_oid_data, senderNonce_value_data);
- CFReleaseNull(senderNonce_oid_data);
- CFReleaseNull(senderNonce_value_data);
-}
-
-SecIdentityRef SecSCEPCreateTemporaryIdentity(SecKeyRef publicKey, SecKeyRef privateKey)
-{
- int key_usage = kSecKeyUsageDigitalSignature | kSecKeyUsageKeyEncipherment;
- CFDictionaryRef self_signed_parameters = NULL;
- CFNumberRef key_usage_num = NULL;
- SecCertificateRef self_signed_certificate = NULL;
- SecIdentityRef self_signed_identity = NULL;
- CFStringRef cn_uuid = NULL;
- CFArrayRef cn_dn = NULL, cn_dns = NULL, unique_rdns = NULL;
-
- key_usage_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &key_usage);
- require(key_usage_num, out);
-
- const void *key[] = { kSecCertificateKeyUsage };
- const void *val[] = { key_usage_num };
- self_signed_parameters = CFDictionaryCreate(kCFAllocatorDefault,
- key, val, array_size(key),
- &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
- require(self_signed_parameters, out);
-
- char uuid_string[37] = {};
- uuid_t uuid;
- uuid_generate_random(uuid);
- uuid_unparse(uuid, uuid_string);
- cn_uuid = CFStringCreateWithCString(kCFAllocatorDefault, uuid_string, kCFStringEncodingASCII);
- require(cn_uuid, out);
- const void * cn[] = { kSecOidCommonName, cn_uuid };
- cn_dn = CFArrayCreate(kCFAllocatorDefault, cn, 2, NULL);
- require(cn_dn, out);
- cn_dns = CFArrayCreate(kCFAllocatorDefault, (const void **)&cn_dn, 1, NULL);
- require(cn_dns, out);
- unique_rdns = CFArrayCreate(kCFAllocatorDefault, (const void **)&cn_dns, 1, NULL);
- require(unique_rdns, out);
-
- self_signed_certificate = SecGenerateSelfSignedCertificate(unique_rdns, self_signed_parameters, publicKey, privateKey);
- require(self_signed_certificate, out);
- self_signed_identity = SecIdentityCreate(kCFAllocatorDefault, self_signed_certificate, privateKey);
-
-out:
- CFReleaseSafe(key_usage_num);
- CFReleaseSafe(self_signed_parameters);
- CFReleaseSafe(self_signed_certificate);
- CFReleaseSafe(unique_rdns);
- CFReleaseSafe(cn_dns);
- CFReleaseSafe(cn_dn);
- CFReleaseSafe(cn_uuid);
-
- return self_signed_identity;
-}
-
-CFDataRef
-SecSCEPGenerateCertificateRequest(CFArrayRef subject, CFDictionaryRef parameters,
- SecKeyRef publicKey, SecKeyRef privateKey,
- SecIdentityRef signer, CFTypeRef recipients)
-{
- CFDataRef csr = NULL;
- CFMutableDataRef enveloped_data = NULL;
- CFMutableDictionaryRef simple_attr = NULL;
- SecIdentityRef self_signed_identity = NULL;
- CFMutableDataRef signed_request = NULL;
- SecCertificateRef recipient = NULL;
-
- if (CFGetTypeID(recipients) == SecCertificateGetTypeID()) {
- recipient = (SecCertificateRef)recipients;
- } else if (CFGetTypeID(recipients) == CFArrayGetTypeID()) {
- CFIndex recipient_count = CFArrayGetCount(recipients);
- if (recipient_count > 1) {
- /* get the encryption cert */
- recipient = (SecCertificateRef)CFArrayGetValueAtIndex(recipients, 0);
- } else if (recipient_count == 1) {
- /* if there is at least one we'll assume it's sign+encrypt */
- recipient = (SecCertificateRef)CFArrayGetValueAtIndex(recipients, 0);
- }
- }
- require(recipient, out);
-
- require(csr = SecGenerateCertificateRequest(subject, parameters, publicKey, privateKey), out);
- require(enveloped_data = CFDataCreateMutable(kCFAllocatorDefault, 0), out);
- require_noerr(SecCMSCreateEnvelopedData(recipient, parameters, csr, enveloped_data), out);
- CFReleaseNull(csr);
-
- simple_attr = CFDictionaryCreateMutable(kCFAllocatorDefault, 3,
- &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
-
- /* generate a transaction id: hex encoded pubkey hash */
- CFDataRef public_key_hash = pubkeyhash(publicKey);
- CFDataRef public_key_hash_hex = hexencode(public_key_hash);
- CFReleaseSafe(public_key_hash);
- CFDataRef transid_oid_data = scep_oid(transId);
- CFDataRef transid_data = printable_string_data(CFDataGetLength(public_key_hash_hex),
- (const char *)CFDataGetBytePtr(public_key_hash_hex));
- CFReleaseSafe(public_key_hash_hex);
-
- CFDictionarySetValue(simple_attr, transid_oid_data, transid_data);
- CFReleaseNull(transid_oid_data);
- CFReleaseNull(transid_data);
-
- /* message type: PKCSReq (19) */
- CFDataRef msgtype_value_data = NULL;
- CFDataRef msgtype_oid_data = NULL;
- require(msgtype_oid_data = scep_oid(messageType), out);
- require(msgtype_value_data = printable_string_data(strlen(PKCSReq), PKCSReq), out);
-
- CFDictionarySetValue(simple_attr, msgtype_oid_data, msgtype_value_data);
- CFReleaseNull(msgtype_oid_data);
- CFReleaseNull(msgtype_value_data);
-
- /* random sender nonce, to be verified against recipient nonce in reply */
- generate_sender_nonce(simple_attr);
-
- /* XXX/cs remove auto-generation once managedconfig is no longer using this */
- if (signer) {
- self_signed_identity = signer;
- CFRetain(self_signed_identity);
- } else {
- self_signed_identity = SecSCEPCreateTemporaryIdentity(publicKey, privateKey);
-
- /* Add our temporary cert to the keychain for CMS decryption of
- the reply. If we happened to have picked an existing UUID
- we fail. We should pick a different UUID and try again. */
- require(self_signed_identity, out);
- CFDictionaryRef identity_add = CFDictionaryCreate(NULL,
- &kSecValueRef, (const void **)&self_signed_identity, 1, NULL, NULL);
- require_noerr_action(SecItemAdd(identity_add, NULL), out,
- CFReleaseSafe(identity_add));
- CFReleaseSafe(identity_add);
- }
- require(self_signed_identity, out);
-
- signed_request = CFDataCreateMutable(kCFAllocatorDefault, 0);
- require_noerr_action(SecCMSCreateSignedData(self_signed_identity, enveloped_data,
- parameters, simple_attr, signed_request), out, CFReleaseNull(signed_request));
-
-
-out:
-
- CFReleaseSafe(simple_attr);
- CFReleaseSafe(self_signed_identity);
- CFReleaseSafe(enveloped_data);
- CFReleaseSafe(csr);
- return signed_request;
-}
-
-
-CFDataRef
-SecSCEPCertifyRequest(CFDataRef request, SecIdentityRef ca_identity, CFDataRef serialno, bool pend_request)
-{
- CFDictionaryRef simple_attr = NULL;
- SecCertificateRef ca_certificate = NULL;
- SecKeyRef ca_public_key = NULL;
- SecCertificateRef cert = NULL;
- SecPolicyRef policy = NULL;
- CFDataRef cert_pkcs7 = NULL;
- CFMutableDataRef cert_msg = NULL;
- CFMutableDataRef signed_reply = NULL;
- SecTrustRef trust = NULL;
- CFDataRef signed_content = NULL;
- CFDictionaryRef signed_attributes = NULL;
- SecCertificateRef signer_cert = NULL;
- CFDataRef transid_oid_data = NULL, senderNonce_oid_data = NULL, transid_value = NULL;
- CFDataRef subject = NULL, extensions = NULL, senderNonce_value = NULL;
- CFStringRef challenge = NULL;
- SecKeyRef tbsPublicKey = NULL;
- CFMutableDataRef encrypted_content = NULL;
- SecCertificateRef recipient = NULL;
- CFDictionaryRef parameters = NULL;
-
- require_noerr(SecIdentityCopyCertificate(ca_identity, &ca_certificate), out);
- ca_public_key = SecCertificateCopyPublicKey(ca_certificate); /*@@@*/
-
- /* unwrap outer layer: */
- policy = SecPolicyCreateBasicX509();
-
- require_noerr(SecCMSVerifyCopyDataAndAttributes(request, NULL,
- policy, &trust, &signed_content, &signed_attributes), out);
- /* remember signer: is signer certified by us, then re-certify, no challenge needed */
- SecTrustResultType result;
- require_noerr(SecTrustEvaluate(trust, &result), out);
- require (signer_cert = SecTrustGetCertificateAtIndex(trust, 0), out);
- bool recertify = !SecCertificateIsSignedBy(signer_cert, ca_public_key);
-
- /* msgType should be certreq msg */
- require(scep_attr_has_val(signed_attributes, messageType, PKCSReq), out);
-
- /* remember transaction id just for reuse */
- require(transid_oid_data = scep_oid(transId), out);
- require(transid_value =
- dictionary_array_value_1(signed_attributes, transid_oid_data), out);
-
- /* senderNonce becomes recipientNonce */
- require(senderNonce_oid_data = scep_oid(senderNonce), out);
- require(senderNonce_value =
- dictionary_array_value_1(signed_attributes, senderNonce_oid_data), out);
-
- /* decrypt the request */
- encrypted_content = CFDataCreateMutable(kCFAllocatorDefault, 0);
- require_noerr(SecCMSDecryptEnvelopedData(signed_content, encrypted_content, &recipient), out);
- require(recipient && CFEqual(ca_certificate, recipient), out);
-
- /* verify CSR */
- require(SecVerifyCertificateRequest(encrypted_content, &tbsPublicKey, &challenge, &subject, &extensions), out);
- CFReleaseNull(encrypted_content);
-
- /* @@@
- // alternatively send a pending message
- // pkistatus {{id-attributes pkiStatus(3)} "FAILURE"}
- // failInfo {{id-attributes failInfo(4)} "the reason to reject"}
- */
-
- /* verify challenge - this would need to be a callout that can determine
- the challenge appropriate for the subject */
- if (!recertify)
- require( challenge && (CFStringGetTypeID() == CFGetTypeID(challenge)) &&
- CFEqual(CFSTR("magic"), challenge), out);
-
- require(cert_msg = CFDataCreateMutable(kCFAllocatorDefault, 0), out);
-
- if (!pend_request) {
- /* sign cert */
- cert = SecIdentitySignCertificate(ca_identity, serialno,
- tbsPublicKey, subject, extensions);
-
- /* degenerate cms with cert */
- require (cert_pkcs7 = SecCMSCreateCertificatesOnlyMessage(cert), out);
- CFReleaseNull(cert);
-
- /* envelope for client */
- require_noerr(SecCMSCreateEnvelopedData(signer_cert, NULL, cert_pkcs7, cert_msg), out);
- CFReleaseNull(cert_pkcs7);
- }
-
- CFDataRef pki_status_oid = scep_oid(pkiStatus);
- CFDataRef pki_status_value = pend_request ? scep_result(PKIStatusPENDING) : scep_result(PKIStatusSUCCESS);
- CFDataRef message_type_oid = scep_oid(messageType), message_type_value = scep_result(CertRep);
- const void *oid[] = { transid_oid_data, pki_status_oid, message_type_oid };
- const void *value[] = { transid_value, pki_status_value, message_type_value };
- simple_attr = CFDictionaryCreate(kCFAllocatorDefault, oid, value, array_size(oid),
- &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
- CFReleaseSafe(pki_status_oid); CFReleaseSafe(pki_status_value);
- CFReleaseSafe(message_type_oid); CFReleaseSafe(message_type_value);
-
- /* sign with ra/ca cert and add attributes */
- signed_reply = CFDataCreateMutable(kCFAllocatorDefault, 0);
- const void *signing_params[] = { kSecCMSCertChainMode };
- const void *signing_params_vals[] = { kSecCMSCertChainModeNone };
- parameters = CFDictionaryCreate(kCFAllocatorDefault, signing_params, signing_params_vals, array_size(signing_params), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
- require_noerr_action(SecCMSCreateSignedData(ca_identity, cert_msg, parameters, simple_attr, signed_reply), out, CFReleaseNull(signed_reply));
-
-out:
- CFReleaseSafe(ca_certificate);
- CFReleaseSafe(ca_public_key);
- CFReleaseSafe(cert);
- CFReleaseSafe(cert_pkcs7);
- CFReleaseSafe(cert_msg);
- CFReleaseSafe(trust);
- CFReleaseSafe(policy);
- CFReleaseSafe(signed_content);
- CFReleaseSafe(signed_attributes);
- CFReleaseSafe(transid_oid_data);
- CFReleaseSafe(senderNonce_oid_data);
- CFReleaseSafe(subject);
- CFReleaseSafe(extensions);
- CFReleaseSafe(challenge);
- CFReleaseSafe(tbsPublicKey);
- CFReleaseSafe(encrypted_content);
- CFReleaseSafe(simple_attr);
- CFReleaseSafe(recipient);
- CFReleaseSafe(parameters);
-
- return signed_reply;
-}
-
-static CFStringRef
-copy_signed_attr_printable_string_value(CFDictionaryRef signed_attributes, scep_attr_t attr)
-{
- CFStringRef printable_string = NULL;
- CFDataRef key_oid = NULL;
-
- key_oid = scep_oid(attr);
- require(key_oid, out);
-
- CFArrayRef values = (CFArrayRef)CFDictionaryGetValue(signed_attributes, key_oid);
- require_quiet(values && (CFGetTypeID(values) == CFArrayGetTypeID())
- && (CFArrayGetCount(values) == 1), out);
- CFDataRef value = CFArrayGetValueAtIndex(values, 0);
- const uint8_t *bytes = CFDataGetBytePtr(value);
- size_t length = CFDataGetLength(value);
- require(length >= 2, out);
- require(bytes[0] == 0x13, out);
- /* no scep responses defined that are longer */
- require(!(bytes[1] & 0x80) && (bytes[1] == length-2), out);
- printable_string = CFStringCreateWithBytes(kCFAllocatorDefault,
- bytes + 2, length - 2, kCFStringEncodingASCII, false);
-out:
- CFReleaseSafe(key_oid);
-
- return printable_string;
-}
-
-CFArrayRef
-SecSCEPVerifyReply(CFDataRef request, CFDataRef reply, CFTypeRef ca_certificates,
- CFErrorRef *server_error)
-{
- SecKeyRef ca_public_key = NULL;
- SecCertificateRef cert = NULL;
- SecPolicyRef policy = NULL;
- CFDataRef cert_msg = NULL;
- CFMutableDataRef enc_cert_msg = NULL;
- SecTrustRef trust = NULL;
- CFDataRef signed_content = NULL;
- CFDictionaryRef signed_attributes = NULL;
- CFDictionaryRef attributes = NULL;
- SecCertificateRef signer_cert = NULL;
-
- CFMutableDataRef encrypted_content = NULL;
- SecCertificateRef recipient = NULL;
- CFArrayRef certificates = NULL;
-
- SecCertificateRef reply_signer = NULL;
-
- CFStringRef msg_type = NULL;
- CFStringRef pki_status = NULL;
-
- if (CFGetTypeID(ca_certificates) == SecCertificateGetTypeID()) {
- reply_signer = (SecCertificateRef)ca_certificates;
- } else if (CFGetTypeID(ca_certificates) == CFArrayGetTypeID()) {
- CFIndex reply_signer_count = CFArrayGetCount(ca_certificates);
- if (reply_signer_count > 1) {
- /* get the signer cert */
- reply_signer = (SecCertificateRef)CFArrayGetValueAtIndex(ca_certificates, 1);
- } else if (reply_signer_count == 1) {
- /* if there is at least one we'll assume it's sign+encrypt */
- reply_signer = (SecCertificateRef)CFArrayGetValueAtIndex(ca_certificates, 0);
- }
- }
- require(reply_signer, out);
-
- /* unwrap outer layer */
- policy = SecPolicyCreateBasicX509();
- CFArrayRef additional_certificates = CFArrayCreate(kCFAllocatorDefault, (const void **)&reply_signer, 1, &kCFTypeArrayCallBacks);
- require_noerr(SecCMSVerifySignedData(reply, NULL,
- policy, &trust, additional_certificates, &signed_content, &attributes), out);
- CFReleaseSafe(additional_certificates);
- if (attributes)
- signed_attributes = CFDictionaryGetValue(attributes, kSecCMSSignedAttributes);
-
- /* response should be signed by ra */
- SecTrustResultType result;
- require_noerr(SecTrustEvaluate(trust, &result), out);
- require(signer_cert = SecTrustGetCertificateAtIndex(trust, 0), out);
- require(CFEqual(reply_signer, signer_cert), out);
-
- /* msgType should be certreq msg */
- require(signed_attributes, out);
- msg_type = copy_signed_attr_printable_string_value(signed_attributes, messageType);
- pki_status = copy_signed_attr_printable_string_value(signed_attributes, pkiStatus);
-
- if (msg_type || pki_status) {
- require(msg_type && CFEqual(msg_type, CFSTR("3")), out);
-
- require(pki_status, out);
- if (CFEqual(pki_status, CFSTR("2"))) {
- goto out; // FAILURE, the end (return NULL)
- } else if (CFEqual(pki_status, CFSTR("3"))) {
- CFDataRef transid_oid_data = NULL, transid_value = NULL;
- require(transid_oid_data = scep_oid(transId), out);
- require(transid_value = dictionary_array_value_1(signed_attributes, transid_oid_data), out);
- CFDictionaryRef err_dict = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&transid_oid_data, (const void **)&transid_value, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
- *server_error = CFErrorCreate(kCFAllocatorDefault,
- CFSTR("PENDING"), 3, err_dict);
- CFReleaseSafe(err_dict);
- CFReleaseSafe(transid_oid_data);
- goto out;
- }
- require(CFEqual(pki_status, CFSTR("0")), out);
- }
-
- // can we decode the request?
- encrypted_content = CFDataCreateMutable(kCFAllocatorDefault, 0);
- require_noerr(SecCMSDecryptEnvelopedData(signed_content, encrypted_content, &recipient), out);
- require(recipient, out);
- // verify recipient belongs with our private key
-
- // verify CSR:
- require(certificates = SecCMSCertificatesOnlyMessageCopyCertificates(encrypted_content), out);
-
- // recipient is either our temporary self-signed cert or the old cert we just used
- // to recertify. if we have new certificates and have stored them successfully we
- // can now get rid of the cert.
- /* XXX/cs
- This should move outside of thise function when we force a signer
- to be passed in */
- CFDictionaryRef cert_delete = CFDictionaryCreate(NULL,
- &kSecValueRef, (const void **)&recipient, 1, NULL, NULL);
- require_noerr_action(SecItemDelete(cert_delete), out,
- CFReleaseSafe(cert_delete));
- CFReleaseSafe(cert_delete);
-
-out:
- CFReleaseSafe(ca_public_key);
- CFReleaseSafe(cert);
- CFReleaseSafe(cert_msg);
- CFReleaseSafe(enc_cert_msg);
- CFReleaseSafe(trust);
- CFReleaseSafe(policy);
- CFReleaseSafe(signed_content);
- CFReleaseSafe(encrypted_content);
- CFReleaseSafe(recipient);
- CFReleaseSafe(msg_type);
- CFReleaseSafe(pki_status);
- CFReleaseSafe(attributes);
-
- return certificates;
-}
-
-OSStatus SecSCEPValidateCACertMessage(CFArrayRef certs,
- CFDataRef ca_fingerprint,
- SecCertificateRef *ca_certificate,
- SecCertificateRef *ra_signing_certificate,
- SecCertificateRef *ra_encryption_certificate)
-{
- OSStatus status = errSecParam;
- SecCertificateRef _ca_certificate = NULL, _ra_signing_certificate = NULL,
- _ra_encryption_certificate = NULL, _ra_certificate = NULL;
-
- CFIndex j, count = CFArrayGetCount(certs);
- CFMutableArrayRef chain = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- SecPolicyRef policy = SecPolicyCreateBasicX509();
- SecTrustRef trust = NULL;
- require(chain, out);
- for (j=0; j<count; j++) {
- const void *candidate_leaf = CFArrayGetValueAtIndex(certs, j);
- CFArrayRemoveAllValues(chain);
- CFArraySetValueAtIndex(chain, 0, candidate_leaf);
- CFArrayAppendArray(chain, certs, CFRangeMake(0, count));
- CFArrayRemoveValueAtIndex(chain, 1 + j);
- require_noerr(SecTrustCreateWithCertificates(chain,
- policy, &trust), out);
- SecTrustResultType trust_result;
- SecTrustEvaluate(trust, &trust_result);
- CFIndex chain_count = SecTrustGetCertificateCount(trust);
- secdebug("scep", "candidate leaf: %@ forms chain of length %" PRIdCFIndex, candidate_leaf, chain_count);
- if (chain_count > 1) {
- SecCertificateRef leaf = SecTrustGetCertificateAtIndex(trust, 0);
- SecCertificateRef ca_leaf = SecTrustGetCertificateAtIndex(trust, chain_count - 1);
- if (!_ca_certificate) {
- if (ca_fingerprint) {
- secdebug("scep", "checking ca %@ against fingerprint %@", ca_leaf, ca_fingerprint);
- uint8_t ca_hash[CC_SHA1_DIGEST_LENGTH]; /*max(md5,sha-1)*/
- CFDataRef ca_cert_data = SecCertificateCopyData(ca_leaf);
- require(ca_cert_data, out);
- size_t ca_data_len = CFDataGetLength(ca_cert_data);
- size_t ca_fingerprint_len = CFDataGetLength(ca_fingerprint);
- const uint8_t *ca_data = CFDataGetBytePtr(ca_cert_data);
- require(ca_data_len && ca_data, out);
- require(ca_data_len<UINT32_MAX, out);
- switch (ca_fingerprint_len) {
- case CC_MD5_DIGEST_LENGTH:
- CC_MD5(ca_data, (CC_LONG)ca_data_len, ca_hash);
- break;
-
- case CC_SHA1_DIGEST_LENGTH:
- CCDigest(kCCDigestSHA1, ca_data, (CC_LONG)ca_data_len, ca_hash);
- break;
-
- default:
- goto out;
- }
- CFRelease(ca_cert_data);
- CFDataRef ca_hash_cfdata = CFDataCreate(kCFAllocatorDefault,
- ca_hash, ca_fingerprint_len);
- require(ca_hash_cfdata, out);
- require_action(CFEqual(ca_fingerprint, ca_hash_cfdata),
- out, CFRelease(ca_hash_cfdata));
- CFRelease(ca_hash_cfdata);
- }
- _ca_certificate = ca_leaf;
- CFRetain(ca_leaf);
- } else {
- // if ca_certificate is already set, this should be the same
- require(CFEqual(_ca_certificate, ca_leaf), out);
- }
-
- // is leaf allowed to sign and/or encrypt?
- SecKeyUsage key_usage = SecCertificateGetKeyUsage(leaf);
- bool can_sign = (key_usage & kSecKeyUsageDigitalSignature);
- bool can_enc = (key_usage & kSecKeyUsageKeyEncipherment);
- if (!_ra_certificate && can_sign && can_enc) {
- _ra_certificate = leaf;
- CFRetain(leaf);
- }
- else if (!_ra_encryption_certificate && !can_sign && can_enc) {
- _ra_encryption_certificate = leaf;
- CFRetain(leaf);
- }
- else if (!_ra_signing_certificate && !can_enc && can_sign) {
- _ra_signing_certificate = leaf;
- CFRetain(leaf);
- }
- }
- if (trust) { CFRelease(trust); trust = NULL; }
- }
-
- // we should have both a ca certificate and at least one ra certificate now
- require(_ca_certificate, out);
- require(_ra_certificate ||
- (_ra_signing_certificate && _ra_encryption_certificate), out);
-
- if (ca_certificate) {
- *ca_certificate = _ca_certificate;
- _ca_certificate = NULL;
- }
- if (_ra_signing_certificate && _ra_encryption_certificate) {
- if (ra_signing_certificate) {
- *ra_signing_certificate = _ra_signing_certificate;
- _ra_signing_certificate = NULL;
- }
- if (ra_encryption_certificate) {
- *ra_encryption_certificate = _ra_encryption_certificate;
- _ra_encryption_certificate = NULL;
- }
- } else if (_ra_certificate) {
- if (ra_signing_certificate) {
- *ra_signing_certificate = _ra_certificate;
- _ra_certificate = NULL;
- }
- }
-
- status = errSecSuccess;
-
-out:
- if (_ra_encryption_certificate) CFRelease(_ra_encryption_certificate);
- if (_ra_signing_certificate) CFRelease(_ra_signing_certificate);
- if (_ca_certificate) CFRelease(_ca_certificate);
- if (policy) CFRelease(policy);
- if (trust) CFRelease(trust);
- if (chain) CFRelease(chain);
- return status;
-
-}
-
-
-/*!
- @function SecSCEPGetCertInitial
- @abstract generate a scep cert initial request, to be presented to
- a scep server, in case the first request timed out
- */
-
-// XXX/cs pass CA/RA certificates as a CFTypeRef: one or more certificates for ca_certificate and recipient
-
-CFDataRef
-SecSCEPGetCertInitial(SecCertificateRef ca_certificate, CFArrayRef subject, CFDictionaryRef parameters,
- CFDictionaryRef signed_attrs, SecIdentityRef signer, CFTypeRef recipient)
-{
- CFMutableDataRef signed_request = NULL;
- CFMutableDictionaryRef simple_attr = NULL;
- CFDataRef pki_message_contents = NULL;
- CFMutableDataRef enveloped_data = NULL;
-
- require(signed_attrs, out);
- require(pki_message_contents = SecGenerateCertificateRequestSubject(ca_certificate, subject), out);
- require(enveloped_data = CFDataCreateMutable(kCFAllocatorDefault, 0), out);
- require_noerr(SecCMSCreateEnvelopedData(recipient, parameters, pki_message_contents, enveloped_data), out);
-
- /* remember transaction id just for reuse */
- simple_attr = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 3, signed_attrs);
-
- /* message type: GetCertInitial (20) */
- CFDataRef msgtype_value_data = NULL;
- CFDataRef msgtype_oid_data = NULL;
- require(msgtype_oid_data = scep_oid(messageType), out);
- require(msgtype_value_data = printable_string_data(sizeof(GetCertInitial) - 1, GetCertInitial), out);
- CFDictionarySetValue(simple_attr, msgtype_oid_data, msgtype_value_data);
- CFReleaseNull(msgtype_oid_data);
- CFReleaseNull(msgtype_value_data);
-
- /* random sender nonce, to be verified against recipient nonce in reply */
- generate_sender_nonce(simple_attr);
- signed_request = CFDataCreateMutable(kCFAllocatorDefault, 0);
- require_noerr_action(SecCMSCreateSignedData(signer, enveloped_data,
- parameters, simple_attr, signed_request), out, CFReleaseNull(signed_request));
-
-out:
- CFReleaseSafe(simple_attr);
- CFReleaseSafe(pki_message_contents);
- CFReleaseSafe(enveloped_data);
- return signed_request;
-}
-
-
-/*
- +----------------+-----------------+---------------------------+
- | Attribute | Encoding | Comment |
- +----------------+-----------------+---------------------------+
- | transactionID | PrintableString | Decimal value as a string |
- | messageType | PrintableString | Decimal value as a string |
- | pkiStatus | PrintableString | Decimal value as a string |
- | failInfo | PrintableString | Decimal value as a string |
- | senderNonce | OctetString | |
- | recipientNonce | OctetString | |
- +----------------+-----------------+---------------------------+
-
-4.2.1. transactionID
-
- The transactionID is an attribute which uniquely identifies a
- transaction. This attribute is required in all PKI messages.
-
- Because the enrollment transaction could be interrupted by various
- errors, including network connection errors or client reboot, the
- SCEP client generates a transaction identifier by calculating a hash
- on the public key value for which the enrollment is requested. This
- retains the same transaction identifier throughout the enrollment
- transaction, even if the client has rebooted or timed out, and issues
- a new enrollment request for the same key pair.
-
- It also provides the way for the CA to uniquely identify a
- transaction in its database. At the requester side, it generates a
- transaction identifier which is included in PKCSReq. If the CA
- returns a response of PENDING, the requester will poll by
- periodically sending out GetCertInitial with the same transaction
- identifier until either a response other than PENDING is obtained, or
- the configured maximum time has elapsed.
-
- For non-enrollment message (for example GetCert and GetCRL), the
- transactionID should be a number unique to the client.
-
-
-4.2.2. messageType
-
- The messageType attribute specify the type of operation performed by
- the transaction. This attribute is required in all PKI messages.
- Currently, the following message types are defined:
-
- o PKCSReq (19) -- PKCS#10 [RFC2986] certificate request
-
- o CertRep (3) -- Response to certificate or CRL request
-
- o GetCertInitial (20) -- Certificate polling in manual enrollment
-
- o GetCert (21) -- Retrieve a certificate
-
- o GetCRL (22) -- Retrieve a CRL
-
-4.2.3. pkiStatus
-
- All response message will include transaction status information
- which is defined as pkiStatus attribute:
-
- o SUCCESS (0) -- request granted
-
- o FAILURE (2) -- request rejected. This also requires a failInfo
- attribute to be present, as defined in section 4.2.4.
-
- o PENDING (3) -- request pending for manual approval
-
-
-4.2.4. failInfo
-
- The failInfo attribute will contain one of the following failure
- reasons:
-
- o badAlg (0) -- Unrecognized or unsupported algorithm ident
-
- o badMessageCheck (1) -- integrity check failed
-
- o badRequest (2) -- transaction not permitted or supported
-
- o badTime (3) -- Message time field was not sufficiently close to
- the system time
-
- o badCertId (4) -- No certificate could be identified matching the
- provided criteria
-
-4.2.5. senderNonce and responderNonce
-
- The attributes of senderNonce and recipientNonce are the 16 byte
- random numbers generated for each transaction to prevent the replay
- attack.
-
- When a requester sends a PKI message to the server, a senderNonce is
- included in the message. After the server processes the request, it
- will send back the requester senderNonce as the recipientNonce and
- generates another nonce as the senderNonce in the response message.
- Because the proposed PKI protocol is a two-way communication
- protocol, it is clear that the nonce can only be used by the
- requester to prevent the replay. The server has to employ extra
- state related information to prevent a replay attack.
-
-*/
projects / apple / security.git / blobdiff