Modify the existing tests for producedAt as in reality it was testing
also for an invalid thisUpdate value. Also add tests for each of the
components independently. That is, a different response for each case:
* future producedAt
* expired nextUpdate
* future thisUpdate
* future producedAt and thisUpdate
The function mbedtls_x509_ocsp_response_verify_info() was added, which
is similar to mbedtls_x509_crt_verify_info() but for OCSP responses
instead of certificates. To avoid code duplication, both of these
functions actually call a new function mbedtls_x509_verify_info() in
x509.h with their specific flags and strings in an array of struct
mbedtls_x509_info_string.
Ensure that the internal function x509_ocsp_is_issuer() sets the in/out
issuer pointer to NULL when the supplied certificate is not the issuer
of the OCSP response.
Complete the code that implements the checks between the relationship
between the requested certificate and the OCSP response issuer as part
of the verification process. The checks essentially use the information
in the OCSP response and the supplied certificate chains to:
* Check whether the issuer is the parent of the requested cert
failing that, we check that
* There is a parent for the issuer in one of the supplied cert
chains
* The issuer's parent is also the parent of the requested cert
If either of the two checks succeeds, we accept this verification step.
Ensure that when the OCSP response issuer is not the parent of the cert
whose status was requested the issuer has OCSPSigning enabled in the
extended key usage X.509 extension.
Add code to identify the relationship between the OCSP request issuer
certificate and the certificate whose status was requested. According
to RFC 6960 Section 4.2.2.2 the OCSP response issuer can be:
1. A locally configured signing authority.
- This has not been implemented at this stage
2. The certificate of the CA that issued the certificate in question
3. A certificate that includes the value of id-kp-OCSPSigning in an
extended key usage extension and is issued by the CA that issued
the certificate in question
Note that at this stage the relationship between the certificates has
only been validated based on the information supplied within the OCSP
response.
Add skeleton code that will be filled in with functionality that
verifies a SingleResponse given the OCSP response issuer and the
requested certificate. Also, helper functions have been added to
x509_ocsp.c to find the parent of the requested certificate's status by
using the information in the OCSP SingleResponse supplied.
Modify the x509_crt.c and pkparse.c slightly so that the certificate
parsing (and mbedtls_x509_crt) keeps a pointer to the raw DER structure
containing the SubjectPublicKeyInfo. This improves the efficiency of
the OCSP response verification because we have to take the hash of the
certificate's key.
Add code that loops through every requested certificate and finds out
the corresponding SingleResponse in the OCSP response. This code is the
skeleton for the verification of each SingleResponse. However, at this
stage the verification code is very minimal.
The function follows RFC 6960 and uses either the responder's name or
the responder's hash of their key as available in the OCSP response to
locate the correct issuer certificate.
To avoid code duplication, some functionality from x509_crt.c module
was moved to x509.c and made public in x509.h.
Add the main skeleton code of a function
x509_ocsp_find_response_issuer_crt() that traverses the certs field in
the OCSP response and other user supplied certificates to find the OCSP
response's issuer. At the momment, the helper function is unimplemented
Add the main OCSP response verification function
mbedtls_x509_ocsp_verify_response() to the header file x509_ocsp.h and
a simple definition to x509_ocsp.c. At this stage, the verification
function only checks the response status and the timestamp and sets the
verification flags accordingly.
Also, new verification errors and flags are added as macros. These
values will be used in subsequent commits.
Rework the function mbedtls_x509_ocsp_response_info() to ensure that
it follows the example of similar functions in other X.509 components.
That is, the function should return the number of bytes written to the
provided buffer and in case of error return a negative value.
Rename the following functions in x509_ocsp.h and x509_ocsp.c to fit
the calling convention in other X.509 components (e.g CRL and CRT):
* mbedtls_x509_ocsp_parse_response -> mbedtls_x509_ocsp_response_parse
* mbedtls_x509_ocsp_parse_response_file -> mbedtls_x509_ocsp_response_parse_file
Return a mores specific error code MBEDTLS_ERR_X509_INVALID_DATE +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG instead of simply
MBEDTLS_ERR_X509_INVALID_DATE to help debugging.
This commit only adds the test code for
mbedtls_x509_ocsp_parse_response() and an initial set of negative tests
So far, the tests introduced are manually crafted malicious OCSP
responses that tests several error conditions in the initial part of
the response structure including the response status, producedAt date,
ResponderID, part of the tsbResponseData, etc.
Factor common code into a new function x509_ocsp_get_md(). The function
takes in a pointer to the DER-encoded buffer, parses the octet string
containing some hash value and then checks that the length corresponds
to the expected length for each md algorithm.
The responseType indicates a large portion of the syntax of an OCSP
response message. At this stage we only support OCSP Basic, so this
change ensure that the parser returns a failure code if the
responseType does not match the OID id-pkix-ocsp-basic.
Add missing dependency checks to check_config.h and documentation to
config.h. Note that SHA-1 is required for OCSP as RFC 6960 Section
4.4.2 specifies that the ResponderID byKey is the SHA-1 hash of the
responder's public key. That is, without SHA-1 we might not be able to
tell who signed the OCSP response.
Assign the type of response_id used in the OCSP response ID is recorded
before the actual ID is initialised. In this way, if the initialisation
call to a Name ID fails, the function mbedtls_x509_ocsp_response_free()
calls the correct free() function on the response ID avoiding potential
memory leaks.
