static void sendErrorResponse( INOUT SESSION_INFO *sessionInfoPtr,
INOUT SCEP_PROTOCOL_INFO *protocolInfo,
IN_ERROR const int scepStatus )
{
CRYPT_CERTIFICATE iCmsAttributes;
int status;
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isWritePtr( protocolInfo, sizeof( SCEP_PROTOCOL_INFO ) ) );
REQUIRES_V( cryptStatusError( scepStatus ) );
/* Sign the error response using the CA key and SCEP attributes */
status = createScepAttributes( sessionInfoPtr, protocolInfo,
&iCmsAttributes, MESSAGETYPE_CERTREP,
scepStatus );
if( cryptStatusOK( status ) )
{
ERROR_INFO errorInfo;
/* Since this message is being sent in response to an existing
error, we don't care about the possible error information
returned from the function that sends the error response,
so the errorInfo result is ignored */
status = envelopeSign( NULL, 0, sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize,
&sessionInfoPtr->receiveBufEnd,
CRYPT_CONTENT_NONE, sessionInfoPtr->privateKey,
iCmsAttributes, &errorInfo );
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
}
if( cryptStatusError( status ) )
{
HTTP_DATA_INFO httpDataInfo;
/* If we encounter an error processing the initial request then
there won't be enough information available to create an error
response. Similarly if we run into problems generating the
response then there won't be anything available to send. At this
point the best that we can do is send an error at the HTTP
level */
initHttpDataInfo( &httpDataInfo, sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize );
httpDataInfo.reqStatus = scepStatus;
swrite( &sessionInfoPtr->stream, &httpDataInfo,
sizeof( HTTP_DATA_INFO ) );
return;
}
DEBUG_DUMP_FILE( "scep_srespx", sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufEnd );
/* Return the response to the client, discarding any error indication
from the write. Since we're already in an error state there's not
much that we can do in terms of alerting the user if a further error
occurs when writing the error response, so we ignore any potential
write errors that occur at this point */
sioctlSet( &sessionInfoPtr->stream, STREAM_IOCTL_LASTMESSAGE, TRUE );
( void ) writePkiDatagram( sessionInfoPtr, SCEP_CONTENT_TYPE,
SCEP_CONTENT_TYPE_LEN );
}
static int createScepResponse( INOUT SESSION_INFO *sessionInfoPtr,
INOUT SCEP_PROTOCOL_INFO *protocolInfo )
{
CRYPT_CERTIFICATE iCmsAttributes;
MESSAGE_DATA msgData;
int dataLength, status;
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isWritePtr( protocolInfo, sizeof( SCEP_PROTOCOL_INFO ) ) );
/* Extract the response data into the session buffer */
setMessageData( &msgData, sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize );
status = krnlSendMessage( sessionInfoPtr->iCertResponse,
IMESSAGE_CRT_EXPORT, &msgData,
CRYPT_CERTFORMAT_CERTCHAIN );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Couldn't get PKCS #7 certificate chain from SCEP "
"response object" ) );
}
DEBUG_DUMP_FILE( "scep_sresp0", sessionInfoPtr->receiveBuffer,
msgData.length );
/* Phase 1: Encrypt the data using the client's key */
status = envelopeWrap( sessionInfoPtr->receiveBuffer, msgData.length,
sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize, &dataLength,
CRYPT_FORMAT_CMS, CRYPT_CONTENT_NONE,
protocolInfo->iScepCert );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Couldn't encrypt response data with client key" ) );
}
DEBUG_DUMP_FILE( "scep_sresp1", sessionInfoPtr->receiveBuffer,
dataLength );
/* Create the SCEP signing attributes */
status = createScepAttributes( sessionInfoPtr, protocolInfo,
&iCmsAttributes, FALSE, CRYPT_OK );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Couldn't create SCEP response signing attributes" ) );
}
/* Phase 2: Sign the data using the CA key and SCEP attributes */
status = envelopeSign( sessionInfoPtr->receiveBuffer, dataLength,
sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize,
&sessionInfoPtr->receiveBufEnd,
CRYPT_CONTENT_NONE, sessionInfoPtr->privateKey,
iCmsAttributes );
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Couldn't sign response data with CA key" ) );
}
DEBUG_DUMP_FILE( "scep_sresp2", sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufEnd );
return( CRYPT_OK );
}
static int checkScepRequest( INOUT SESSION_INFO *sessionInfoPtr,
INOUT SCEP_PROTOCOL_INFO *protocolInfo,
OUT BOOLEAN *requestDataAvailable )
{
CRYPT_CERTIFICATE iCmsAttributes;
MESSAGE_CREATEOBJECT_INFO createInfo;
MESSAGE_DATA msgData;
int dataLength, sigResult, value, status;
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isWritePtr( protocolInfo, sizeof( SCEP_PROTOCOL_INFO ) ) );
assert( isWritePtr( requestDataAvailable, sizeof( BOOLEAN ) ) );
/* Clear return value */
*requestDataAvailable = FALSE;
/* Phase 1: Sig-check the self-signed data */
DEBUG_DUMP_FILE( "scep_sreq2", sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufEnd );
status = envelopeSigCheck( sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufEnd,
sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize, &dataLength,
CRYPT_UNUSED, &sigResult,
&protocolInfo->iScepCert, &iCmsAttributes );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Invalid CMS signed data in client request" ) );
}
DEBUG_DUMP_FILE( "scep_sreq1", sessionInfoPtr->receiveBuffer,
dataLength );
if( cryptStatusError( sigResult ) )
{
/* The signed data was valid but the signature on it wasn't, this is
a different style of error than the previous one */
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
retExt( sigResult,
( sigResult, SESSION_ERRINFO,
"Bad signature on client request data" ) );
}
/* Make sure that the client certificate is valid for signing and
decryption. In effect the signing capability has already been
checked by the fact that the certificate signed the request but we do
an explicit check here just to be thorough */
status = krnlSendMessage( protocolInfo->iScepCert, IMESSAGE_CHECK,
NULL, MESSAGE_CHECK_PKC_SIGCHECK );
if( cryptStatusOK( status ) )
status = krnlSendMessage( protocolInfo->iScepCert, IMESSAGE_CHECK,
NULL, MESSAGE_CHECK_PKC_ENCRYPT );
if( cryptStatusError( status ) )
{
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
retExt( CRYPT_ERROR_INVALID,
( CRYPT_ERROR_INVALID, SESSION_ERRINFO,
"Ephemeral SCEP client certificate isn't valid for "
"signing/encryption" ) );
}
/* Get the nonce and transaction ID and save it for the reply */
setMessageData( &msgData, protocolInfo->nonce, CRYPT_MAX_HASHSIZE );
status = krnlSendMessage( iCmsAttributes, IMESSAGE_GETATTRIBUTE_S,
&msgData, CRYPT_CERTINFO_SCEP_SENDERNONCE );
if( cryptStatusOK( status ) )
{
protocolInfo->nonceSize = msgData.length;
setMessageData( &msgData, protocolInfo->transID, CRYPT_MAX_HASHSIZE );
status = krnlSendMessage( iCmsAttributes, IMESSAGE_GETATTRIBUTE_S,
&msgData,
CRYPT_CERTINFO_SCEP_TRANSACTIONID );
}
if( cryptStatusError( status ) )
{
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
retExt( CRYPT_ERROR_BADDATA,
( CRYPT_ERROR_BADDATA, SESSION_ERRINFO,
"Request is missing a nonce/transaction ID" ) );
}
protocolInfo->transIDsize = msgData.length;
/* We've now got enough request data available to construct a SCEP-level
response to an error instead of an HTTP-level one, let the caller
know. Note that this lets an attacker know that they've made it this
far in the checking, but it's not obvious that this is a security
problem, especially since they can get a good idea of how far they
got from the different error conditions that will be returned */
*requestDataAvailable = TRUE;
/* Since the request is for a cryptlib server it'll have a transaction
ID that's a cryptlib-encoded PKI user ID. If we don't get this then
we reject the request */
if( protocolInfo->transIDsize != 17 || \
!isPKIUserValue( protocolInfo->transID, protocolInfo->transIDsize ) )
{
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
retExt( CRYPT_ERROR_BADDATA,
( CRYPT_ERROR_BADDATA, SESSION_ERRINFO,
"Request has an invalid transaction ID '%s'",
sanitiseString( protocolInfo->transID,
protocolInfo->transIDsize,
protocolInfo->transIDsize ) ) );
}
status = updateSessionInfo( &sessionInfoPtr->attributeList,
CRYPT_SESSINFO_USERNAME,
protocolInfo->transID,
protocolInfo->transIDsize,
CRYPT_MAX_TEXTSIZE, ATTR_FLAG_ENCODEDVALUE );
if( cryptStatusError( status ) )
{
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
return( status );
}
/* Check that we've been sent the correct type of message */
status = getScepStatusValue( iCmsAttributes,
CRYPT_CERTINFO_SCEP_MESSAGETYPE, &value );
if( cryptStatusOK( status ) && value != MESSAGETYPE_PKCSREQ_VALUE )
status = CRYPT_ERROR_BADDATA;
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Incorrect SCEP message type %d", value ) );
}
/* Phase 2: Decrypt the data using our CA key */
status = envelopeUnwrap( sessionInfoPtr->receiveBuffer, dataLength,
sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize, &dataLength,
sessionInfoPtr->privateKey );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Couldn't decrypt CMS enveloped data in client request" ) );
}
/* Finally, import the request as a PKCS #10 request */
setMessageCreateObjectIndirectInfo( &createInfo,
sessionInfoPtr->receiveBuffer, dataLength,
CRYPT_CERTTYPE_CERTREQUEST );
status = krnlSendMessage( SYSTEM_OBJECT_HANDLE,
IMESSAGE_DEV_CREATEOBJECT_INDIRECT,
&createInfo, OBJECT_TYPE_CERTIFICATE );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Invalid PKCS #10 request in client request" ) );
}
sessionInfoPtr->iCertRequest = createInfo.cryptHandle;
return( CRYPT_OK );
}
