/*

 * Copyright (C) 2012-2017 Free Software Foundation, Inc.

 * Copyright (C) 2017 Red Hat, Inc.

 *

 * Author: Simon Josefsson, Nikos Mavrogiannopoulos

 *

 * This file is part of GnuTLS.

 *

 * The GnuTLS is free software; you can redistribute it and/or

 * modify it under the terms of the GNU Lesser General Public License

 * as published by the Free Software Foundation; either version 2.1 of

 * the License, or (at your option) any later version.

 *

 * This library is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General Public License

 * along with this program.  If not, see <https://www.gnu.org/licenses/>

 *

 */

/*

  Status Request (OCSP) TLS extension.  See RFC 6066 section 8:

  https://tools.ietf.org/html/rfc6066#section-8

*/

#include "gnutls_int.h"

#include "errors.h"

#include <hello_ext.h>

#include <ext/status_request.h>

#include <mbuffers.h>

#include <auth.h>

#include <auth/cert.h>

#include <handshake.h>

#ifdef ENABLE_OCSP

typedef struct {

	/* server response */

	gnutls_datum_t sresp;

	unsigned int expect_cstatus;

} status_request_ext_st;

/*

  From RFC 6066.  Client sends:

      struct {

	  CertificateStatusType status_type;

	  select (status_type) {

	      case ocsp: OCSPStatusRequest;

	  } request;

      } CertificateStatusRequest;

      enum { ocsp(1), (255) } CertificateStatusType;

      struct {

	  ResponderID responder_id_list<0..2^16-1>;

	  Extensions  request_extensions;

      } OCSPStatusRequest;

      opaque ResponderID<1..2^16-1>;

      opaque Extensions<0..2^16-1>;

*/

static int

client_send(gnutls_session_t session,

	    gnutls_buffer_st * extdata, status_request_ext_st * priv)

{

	const uint8_t data[5] = "\x01\x00\x00\x00\x00";

	const int len = 5;

	int ret;

	/* We do not support setting either ResponderID or Extensions */

	ret = _gnutls_buffer_append_data(extdata, data, len);

	if (ret < 0)

		return gnutls_assert_val(ret);

	session->internals.hsk_flags |= HSK_OCSP_REQUESTED;

	return len;

}

static int

server_recv(gnutls_session_t session,

	    const uint8_t * data, size_t data_size)

{

	unsigned rid_bytes = 0;

	/* minimum message is type (1) + responder_id_list (2) +

	   request_extension (2) = 5 */

	if (data_size < 5)

		return

		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	/* We ignore non-ocsp CertificateStatusType.  The spec is unclear

	   what should be done. */

	if (data[0] != 0x01) {

		gnutls_assert();

		_gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",

				      session, data[0]);

		return 0;

	}

	DECR_LEN(data_size, 1);

	data++;

	rid_bytes = _gnutls_read_uint16(data);

	DECR_LEN(data_size, 2);

	/*data += 2;*/

	/* sanity check only, we don't use any of the data below */

	if (data_size < rid_bytes)

		return

		    gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);

	_gnutls_handshake_log("EXT[%p]: OCSP status was requested\n", session);

	session->internals.hsk_flags |= HSK_OCSP_REQUESTED;

	return 0;

}

static int

client_recv(gnutls_session_t session,

	    status_request_ext_st * priv,

	    const uint8_t * data, size_t size)

{

	if (size != 0)

		return

		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	else {

		priv->expect_cstatus = 1;

		return 0;

	}

}

/*

 * Servers return a certificate response along with their certificate

 * by sending a "CertificateStatus" message immediately after the

 * "Certificate" message (and before any "ServerKeyExchange" or

 * "CertificateRequest" messages).  If a server returns a

 * "CertificateStatus" message, then the server MUST have included an

 * extension of type "status_request" with empty "extension_data" in

 * the extended server hello.

 *

 * According to the description above, as a server we could simply 

 * return GNUTLS_E_INT_RET_0 on this function. In that case we would

 * only need to use the callbacks at the time we need to send the data,

 * and skip the status response packet if no such data are there.

 * However, that behavior would break gnutls 3.3.x which expects the status 

 * response to be always send if the extension is present.

 *

 * Instead we ensure that this extension is parsed after the CS/certificate

 * are selected (with the _GNUTLS_EXT_TLS_POST_CS type), and we discover

 * (or not) the response to send early.

 */

static int

server_send(gnutls_session_t session,

	    gnutls_buffer_st * extdata, status_request_ext_st * priv)

{

	int ret;

	gnutls_certificate_credentials_t cred;

	gnutls_status_request_ocsp_func func;

	void *func_ptr;

	const version_entry_st *ver = get_version(session);

	cred = (gnutls_certificate_credentials_t)

	    _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);

	if (cred == NULL)	/* no certificate authentication */

		return 0;

	/* no need to set sresp; responses are send during certificate sending and

	 * no response is required from server side. */

	if (ver && ver->multi_ocsp)

		return 0;

	/* Under TLS1.2 we obtain the response at this point in order to respond

	 * appropriately (empty extension vs no response) */

	if (session->internals.selected_ocsp_length > 0) {

		if (session->internals.selected_ocsp[0].response.data) {

			if (session->internals.selected_ocsp[0].exptime != 0 &&

			    (gnutls_time(0) >= session->internals.selected_ocsp[0].exptime)) {

				gnutls_assert();

				return 0;

			}

			ret = _gnutls_set_datum(&priv->sresp,

						session->internals.selected_ocsp[0].response.data,

						session->internals.selected_ocsp[0].response.size);

			if (ret < 0)

				return gnutls_assert_val(ret);

			return GNUTLS_E_INT_RET_0;

		} else {

			return 0;

		}

	} else if (session->internals.selected_ocsp_func) {

		func = session->internals.selected_ocsp_func;

		func_ptr = session->internals.selected_ocsp_func_ptr;

		if (func == NULL)

			return 0;

		ret = func(session, func_ptr, &priv->sresp);

		if (ret == GNUTLS_E_NO_CERTIFICATE_STATUS)

			return 0;

		else if (ret < 0)

			return gnutls_assert_val(ret);

	} else {

		return 0;

	}

	return GNUTLS_E_INT_RET_0;

}

static int

_gnutls_status_request_send_params(gnutls_session_t session,

				   gnutls_buffer_st * extdata)

{

	gnutls_ext_priv_data_t epriv;

	status_request_ext_st *priv;

	int ret;

	/* Do not bother sending the OCSP status request extension

	 * if we are not using certificate authentication */

	if (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL)

		return 0;

	if (session->security_parameters.entity == GNUTLS_CLIENT) {

		ret = _gnutls_hello_ext_get_priv(session,

						 GNUTLS_EXTENSION_STATUS_REQUEST,

						 &epriv);

		if (ret < 0 || epriv == NULL)	/* it is ok not to have it */

			return 0;

		priv = epriv;

		return client_send(session, extdata, priv);

	} else {

		epriv = priv = gnutls_calloc(1, sizeof(*priv));

		if (priv == NULL)

			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);

		_gnutls_hello_ext_set_priv(session,

					   GNUTLS_EXTENSION_STATUS_REQUEST,

					   epriv);

		return server_send(session, extdata, priv);

	}

}

static int

_gnutls_status_request_recv_params(gnutls_session_t session,

				   const uint8_t * data, size_t size)

{

	gnutls_ext_priv_data_t epriv;

	status_request_ext_st *priv;

	int ret;

	if (session->security_parameters.entity == GNUTLS_CLIENT) {

		ret = _gnutls_hello_ext_get_priv(session,

						 GNUTLS_EXTENSION_STATUS_REQUEST,

						 &epriv);

		if (ret < 0 || epriv == NULL)	/* it is ok not to have it */

			return 0;

		priv = epriv;

		return client_recv(session, priv, data, size);

	} else {

		return server_recv(session, data, size);

	}

}

/**

 * gnutls_ocsp_status_request_enable_client:

 * @session: is a #gnutls_session_t type.

 * @responder_id: ignored, must be %NULL

 * @responder_id_size: ignored, must be zero

 * @extensions: ignored, must be %NULL

 *

 * This function is to be used by clients to request OCSP response

 * from the server, using the "status_request" TLS extension.  Only

 * OCSP status type is supported.

 *

 * Previous versions of GnuTLS supported setting @responder_id and

 * @extensions fields, but due to the difficult semantics of the

 * parameter usage, and other issues, this support was removed

 * since 3.6.0 and these parameters must be set to %NULL.

 *

 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,

 *   otherwise a negative error code is returned.

 *

 * Since: 3.1.3

 **/

int

gnutls_ocsp_status_request_enable_client(gnutls_session_t session,

					 gnutls_datum_t * responder_id,

					 size_t responder_id_size,

					 gnutls_datum_t * extensions)

{

	status_request_ext_st *priv;

	gnutls_ext_priv_data_t epriv;

	if (session->security_parameters.entity == GNUTLS_SERVER)

		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

	epriv = priv = gnutls_calloc(1, sizeof(*priv));

	if (priv == NULL)

		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);

	_gnutls_hello_ext_set_priv(session,

				     GNUTLS_EXTENSION_STATUS_REQUEST,

				     epriv);

	return 0;

}

static void _gnutls_status_request_deinit_data(gnutls_ext_priv_data_t epriv)

{

	status_request_ext_st *priv = epriv;

	if (priv == NULL)

		return;

	gnutls_free(priv->sresp.data);

	gnutls_free(priv);

}

const hello_ext_entry_st ext_mod_status_request = {

	.name = "OCSP Status Request",

	.tls_id = STATUS_REQUEST_TLS_ID,

	.gid = GNUTLS_EXTENSION_STATUS_REQUEST,

	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |

		    GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,

	.client_parse_point = _GNUTLS_EXT_TLS_POST_CS,

	.server_parse_point = _GNUTLS_EXT_TLS_POST_CS,

	.recv_func = _gnutls_status_request_recv_params,

	.send_func = _gnutls_status_request_send_params,

	.deinit_func = _gnutls_status_request_deinit_data,

	.cannot_be_overriden = 1

};

/* Functions to be called from handshake */

int

_gnutls_send_server_certificate_status(gnutls_session_t session, int again)

{

	mbuffer_st *bufel = NULL;

	uint8_t *data;

	int data_size = 0;

	int ret;

	gnutls_ext_priv_data_t epriv;

	status_request_ext_st *priv;

	if (!(session->internals.hsk_flags & HSK_OCSP_REQUESTED))

		return 0;

	if (again == 0) {

		ret =

		    _gnutls_hello_ext_get_priv(session,

						GNUTLS_EXTENSION_STATUS_REQUEST,

						&epriv);

		if (ret < 0)

			return 0;

		priv = epriv;

		if (!priv->sresp.size)

			return 0;

		data_size = priv->sresp.size + 4;

		bufel =

		    _gnutls_handshake_alloc(session, data_size);

		if (!bufel) {

			_gnutls_free_datum(&priv->sresp);

			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);

		}

		data = _mbuffer_get_udata_ptr(bufel);

		data[0] = 0x01;

		_gnutls_write_uint24(priv->sresp.size, &data[1]);

		memcpy(&data[4], priv->sresp.data, priv->sresp.size);

		_gnutls_free_datum(&priv->sresp);

	}

	return _gnutls_send_handshake(session, data_size ? bufel : NULL,

				      GNUTLS_HANDSHAKE_CERTIFICATE_STATUS);

}

int _gnutls_parse_ocsp_response(gnutls_session_t session, const uint8_t *data, ssize_t data_size, gnutls_datum_t *resp)

{

	int ret;

	ssize_t r_size;

	resp->data = 0;

	resp->size = 0;

	/* minimum message is type (1) + response (3) + data */

	if (data_size < 4)

		return

		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	if (data[0] != 0x01) {

		gnutls_assert();

		_gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",

				      session, data[0]);

		return 0;

	}

	DECR_LENGTH_RET(data_size, 1,

			GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	data++;

	DECR_LENGTH_RET(data_size, 3,

			GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	r_size = _gnutls_read_uint24(data);

	data += 3;

	DECR_LENGTH_RET(data_size, r_size,

			GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	if (r_size < 1)

		return

		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	ret = _gnutls_set_datum(resp, data, r_size);

	if (ret < 0)

		return gnutls_assert_val(ret);

	return 0;

}

int _gnutls_recv_server_certificate_status(gnutls_session_t session)

{

	uint8_t *data;

	ssize_t data_size;

	gnutls_buffer_st buf;

	int ret;

	gnutls_datum_t resp;

	status_request_ext_st *priv = NULL;

	gnutls_ext_priv_data_t epriv;

	cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);

	if (info == NULL)

		return 0;

	ret =

	    _gnutls_hello_ext_get_priv(session,

					 GNUTLS_EXTENSION_STATUS_REQUEST,

					 &epriv);

	if (ret < 0)

		return 0;

	priv = epriv;

	if (!priv->expect_cstatus)

		return 0;

	ret = _gnutls_recv_handshake(session,

				     GNUTLS_HANDSHAKE_CERTIFICATE_STATUS,

				     1, &buf;;

	if (ret < 0)

		return gnutls_assert_val_fatal(ret);

	priv->expect_cstatus = 0;

	data = buf.data;

	data_size = buf.length;

	if (data_size == 0) {

		ret = 0;

		goto error;

	}

	ret = _gnutls_parse_ocsp_response(session, data, data_size, &resp);

	if (ret < 0) {

		gnutls_assert();

		goto error;

	}

	if (resp.data && resp.size > 0) {

		info->raw_ocsp_list = gnutls_malloc(sizeof(gnutls_datum_t));

		if (info->raw_ocsp_list == NULL) {

			ret = GNUTLS_E_MEMORY_ERROR;

			goto error;

		}

		info->raw_ocsp_list[0].data = resp.data;

		info->raw_ocsp_list[0].size = resp.size;

		info->nocsp = 1;

	}

	ret = 0;

      error:

	_gnutls_buffer_clear(&buf;;

	return ret;

}

#endif