Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform.

net/cert/cert_verify_proc.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/cert_verify_proc.h"
 
 #include <stdint.h>
 
 #include <algorithm>
 
 #include "base/metrics/histogram.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/sha1.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
 #include "net/base/net_errors.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/base/url_util.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_proc_whitelist.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/crl_set.h"
+#include "net/cert/internal/parse_ocsp.h"
+#include "net/cert/ocsp_revocation_status.h"
 #include "net/cert/x509_certificate.h"
+#include "net/der/encode_values.h"
 #include "url/url_canon.h"
 
 #if defined(USE_NSS_CERTS)
 #include "net/cert/cert_verify_proc_nss.h"
 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
 #include "net/cert/cert_verify_proc_openssl.h"
 #elif defined(OS_ANDROID)
 #include "net/cert/cert_verify_proc_android.h"
 #elif defined(OS_IOS)
 #include "net/cert/cert_verify_proc_ios.h"
@@ skipping 138 matching lines @@
 bool IsPastSHA1DeprecationDate(const X509Certificate& cert) {
   const base::Time& start = cert.valid_start();
   if (start.is_max() || start.is_null())
     return true;
   // 2016-01-01 00:00:00 UTC.
   const base::Time kSHA1DeprecationDate =
       base::Time::FromInternalValue(INT64_C(13096080000000000));
   return start >= kSHA1DeprecationDate;
 }
 
+// Checks if the given RFC 6960 OCSPCertID structure |cert_id| has the same
+// serial number as |certificate|.
+//
+// TODO(dadrian): Verify name and key hashes. https://crbug.com/620005
+bool CheckCertIDMatchesCertificate(const OCSPCertID& cert_id,
+                                   const X509Certificate& certificate) {
+  der::Input serial(&certificate.serial_number());
+  return cert_id.serial_number == serial;
+}
+
+// Populates |ocsp_result| with revocation information for |certificate|, based
+// on the unparsed OCSP response in |raw_response|.
+void CheckOCSP(const std::string& raw_response,
+               const X509Certificate& certificate,
+               OCSPVerifyResult* ocsp_result) {
+  // The maximum age for an OCSP response, implemented as time since the
+  // |this_update| field in OCSPSingleREsponse. Responses older than |max_age|
+  // will be considered invalid.
+  static base::TimeDelta max_age = base::TimeDelta::FromDays(7);
+  *ocsp_result = OCSPVerifyResult();
+
+  if (raw_response.empty()) {
+    ocsp_result->response_status = OCSPVerifyResult::MISSING;
+    return;
+  }
+
+  der::Input response_der(&raw_response);
+  OCSPResponse response;
+  if (!ParseOCSPResponse(response_der, &response)) {
+    ocsp_result->response_status = OCSPVerifyResult::PARSE_RESPONSE_ERROR;
+    return;
+  }
+
+  // RFC 6960 defines all responses |response_status| != SUCCESSFUL as error
+  // responses. No revocation information is provided on error responses, and
+  // the OCSPResponseData structure is not set.
+  if (response.status != OCSPResponse::ResponseStatus::SUCCESSFUL) {
+    ocsp_result->response_status = OCSPVerifyResult::ERROR_RESPONSE;
+    return;
+  }
+
+  // Actual revocation information is contained within the BasicOCSPResponse as
+  // a ResponseData structure. The BasicOCSPResponse was parsed above, and
+  // contains an unparsed ResponseData. From RFC 6960:
+  //
+  // BasicOCSPResponse       ::= SEQUENCE {
+  //    tbsResponseData      ResponseData,
+  //    signatureAlgorithm   AlgorithmIdentifier,
+  //    signature            BIT STRING,
+  //    certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+  //
+  // ResponseData ::= SEQUENCE {
+  //     version              [0] EXPLICIT Version DEFAULT v1,
+  //     responderID              ResponderID,
+  //     producedAt               GeneralizedTime,
+  //     responses                SEQUENCE OF SingleResponse,
+  //     responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+  OCSPResponseData response_data;
+  if (!ParseOCSPResponseData(response.data, &response_data)) {
+    ocsp_result->response_status = OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR;
+    return;
+  }
+
+  // If producedAt is outside of the certificate validity period, reject the
+  // response.
+  der::GeneralizedTime not_before, not_after;
+  if (!der::EncodeTimeAsGeneralizedTime(certificate.valid_start(),
+                                        &not_before) ||
+      !der::EncodeTimeAsGeneralizedTime(certificate.valid_expiry(),
+                                        &not_after)) {
+    ocsp_result->response_status = OCSPVerifyResult::BAD_PRODUCED_AT;
+    return;
+  }
+  if (response_data.produced_at < not_before ||
+      response_data.produced_at > not_after) {
+    ocsp_result->response_status = OCSPVerifyResult::BAD_PRODUCED_AT;
+    return;
+  }
+
+  // TODO(svaldez): Unify with GetOCSPCertStatus. https://crbug.com/629249
+  base::Time verify_time = base::Time::Now();
+  ocsp_result->response_status = OCSPVerifyResult::NO_MATCHING_RESPONSE;
+  for (const auto& single_response_der : response_data.responses) {
+    // In the common case, there should only be one SingleResponse in the
+    // ResponseData (matching the certificate requested and used on this
+    // connection). However, it is possible for the OCSP responder to provide
+    // multiple responses for multiple certificates. Look through all the
+    // provided SingleResponses, and check to see if any match the certificate.
+    // A SingleResponse matches a certificate if it has the same serial number.
+    OCSPSingleResponse single_response;
+    if (!ParseOCSPSingleResponse(single_response_der, &single_response))
+      continue;
+    OCSPCertID cert_id;
+    if (!ParseOCSPCertID(single_response.cert_id_tlv, &cert_id))
+      continue;
+    if (!CheckCertIDMatchesCertificate(cert_id, certificate))
+      continue;
+    // The SingleResponse matches the certificate, but may be out of date.  Out

[Ryan Sleevi, 2016/07/18 22:56:37]

s/  / / (single space)

[dadrian, 2016/07/18 23:20:26]

Done.

Vim auto-line-breaker has a love of extra spaces because it hates people.

+    // of date responses are matching responses are noted seperate from

[Ryan Sleevi, 2016/07/18 22:56:37]

grammar: are matching response are ?

[dadrian, 2016/07/18 23:20:26]

Done.

+    // responses with mismatched serial numbers. If an OCSP responder provides
+    // both an up to date response and an expired response, the up to date
+    // response takes precedence (PROVIDED > INVALID_DATE).
+    if (!CheckOCSPDateValid(single_response, verify_time, max_age)) {
+      if (ocsp_result->response_status != OCSPVerifyResult::PROVIDED)
+        ocsp_result->response_status = OCSPVerifyResult::INVALID_DATE;
+      continue;
+    }
+
+    // In the case with multiple matching and up to date responses, keep only
+    // the strictest status (REVOKED > UNKNOWN > GOOD). The current
+    // |revocation_status| is only valid if |response_status| is already set to
+    // PROVIDED.
+    OCSPRevocationStatus current_status = OCSPRevocationStatus::GOOD;
+    if (ocsp_result->response_status == OCSPVerifyResult::PROVIDED) {
+      current_status = ocsp_result->revocation_status;
+    }
+    if (current_status == OCSPRevocationStatus::GOOD ||
+        single_response.cert_status.status == OCSPRevocationStatus::REVOKED) {
+      ocsp_result->revocation_status = single_response.cert_status.status;
+    }
+    ocsp_result->response_status = OCSPVerifyResult::PROVIDED;
+  }
+}
+
 // Comparison functor used for binary searching whether a given HashValue,
 // which MUST be a SHA-256 hash, is contained with an array of SHA-256
 // hashes.
 struct HashToArrayComparator {
   template <size_t N>
   bool operator()(const uint8_t(&lhs)[N], const HashValue& rhs) const {
     static_assert(N == crypto::kSHA256Length,
                   "Only SHA-256 hashes are supported");
     return memcmp(lhs, rhs.data(), crypto::kSHA256Length) < 0;
   }
@@ skipping 56 matching lines @@
   int rv = VerifyInternal(cert, hostname, ocsp_response, flags, crl_set,
                           additional_trust_anchors, verify_result);
 
   UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback",
                         verify_result->common_name_fallback_used);
   if (!verify_result->is_issued_by_known_root) {
     UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA",
                           verify_result->common_name_fallback_used);
   }
 
+  CheckOCSP(ocsp_response, *verify_result->verified_cert,
+            &verify_result->ocsp_result);
+
   // This check is done after VerifyInternal so that VerifyInternal can fill
   // in the list of public key hashes.
   if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) {
     verify_result->cert_status |= CERT_STATUS_REVOKED;
     rv = MapCertStatusToNetError(verify_result->cert_status);
   }
 
   std::vector<std::string> dns_names, ip_addrs;
   cert->GetSubjectAltName(&dns_names, &ip_addrs);
   if (HasNameConstraintsViolation(verify_result->public_key_hashes,
@@ skipping 305 matching lines @@
     return true;
 
   // For certificates issued after 1 April 2015: 39 months.
   if (start >= time_2015_04_01 && month_diff > 39)
     return true;
 
   return false;
 }
 
 }  // namespace net