usr.sbin/rpki-client/mft.c

*bb0e26feStb/*	$OpenBSD: mft.c,v 1.121 2024/12/24 10:03:59 tb Exp $ */
9a7e9e7fSjob/*
740e9a54Stb * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
9a7e9e7fSjob * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
9a7e9e7fSjob *
9a7e9e7fSjob * Permission to use, copy, modify, and distribute this software for any
9a7e9e7fSjob * purpose with or without fee is hereby granted, provided that the above
9a7e9e7fSjob * copyright notice and this permission notice appear in all copies.
9a7e9e7fSjob *
9a7e9e7fSjob * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9a7e9e7fSjob * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9a7e9e7fSjob * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
9a7e9e7fSjob * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
9a7e9e7fSjob * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
9a7e9e7fSjob * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
9a7e9e7fSjob * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
9a7e9e7fSjob */
9a7e9e7fSjob
9a7e9e7fSjob#include <assert.h>
9a7e9e7fSjob#include <err.h>
fa2ce094Sclaudio#include <limits.h>
9a7e9e7fSjob#include <stdint.h>
9a7e9e7fSjob#include <stdlib.h>
9a7e9e7fSjob#include <string.h>
9a7e9e7fSjob#include <unistd.h>
9a7e9e7fSjob
ab5c69fdSjob#include <openssl/bn.h>
a1753de6Sclaudio#include <openssl/asn1.h>
23e50b68Stb#include <openssl/asn1t.h>
23e50b68Stb#include <openssl/safestack.h>
96932cf3Sderaadt#include <openssl/sha.h>
23e50b68Stb#include <openssl/stack.h>
a1753de6Sclaudio#include <openssl/x509.h>
9a7e9e7fSjob
9a7e9e7fSjob#include "extern.h"
9a7e9e7fSjob
de9b6f5dSclaudioextern ASN1_OBJECT	*mft_oid;
318f0572SjobBN_CTX			*bn_ctx;
d2e465bbSclaudio
9a7e9e7fSjob/*
23e50b68Stb * Types and templates for the Manifest eContent, RFC 6486, section 4.2.
23e50b68Stb */
23e50b68Stb
d3d26873SjobASN1_ITEM_EXP FileAndHash_it;
d3d26873SjobASN1_ITEM_EXP Manifest_it;
d3d26873Sjob
23e50b68Stbtypedef struct {
23e50b68Stb	ASN1_IA5STRING	*file;
23e50b68Stb	ASN1_BIT_STRING	*hash;
23e50b68Stb} FileAndHash;
23e50b68Stb
23e50b68StbDECLARE_STACK_OF(FileAndHash);
23e50b68Stb
9395df6fStb#ifndef DEFINE_STACK_OF
58c75743Stb#define sk_FileAndHash_dup(sk)		SKM_sk_dup(FileAndHash, (sk))
58c75743Stb#define sk_FileAndHash_free(sk)		SKM_sk_free(FileAndHash, (sk))
23e50b68Stb#define sk_FileAndHash_num(sk)		SKM_sk_num(FileAndHash, (sk))
23e50b68Stb#define sk_FileAndHash_value(sk, i)	SKM_sk_value(FileAndHash, (sk), (i))
58c75743Stb#define sk_FileAndHash_sort(sk)		SKM_sk_sort(FileAndHash, (sk))
58c75743Stb#define sk_FileAndHash_set_cmp_func(sk, cmp) \
58c75743Stb    SKM_sk_set_cmp_func(FileAndHash, (sk), (cmp))
23e50b68Stb#endif
23e50b68Stb
23e50b68Stbtypedef struct {
23e50b68Stb	ASN1_INTEGER		*version;
23e50b68Stb	ASN1_INTEGER		*manifestNumber;
23e50b68Stb	ASN1_GENERALIZEDTIME	*thisUpdate;
23e50b68Stb	ASN1_GENERALIZEDTIME	*nextUpdate;
23e50b68Stb	ASN1_OBJECT		*fileHashAlg;
23e50b68Stb	STACK_OF(FileAndHash)	*fileList;
23e50b68Stb} Manifest;
23e50b68Stb
23e50b68StbASN1_SEQUENCE(FileAndHash) = {
23e50b68Stb	ASN1_SIMPLE(FileAndHash, file, ASN1_IA5STRING),
23e50b68Stb	ASN1_SIMPLE(FileAndHash, hash, ASN1_BIT_STRING),
23e50b68Stb} ASN1_SEQUENCE_END(FileAndHash);
23e50b68Stb
23e50b68StbASN1_SEQUENCE(Manifest) = {
bb9f70d1Stb	ASN1_EXP_OPT(Manifest, version, ASN1_INTEGER, 0),
23e50b68Stb	ASN1_SIMPLE(Manifest, manifestNumber, ASN1_INTEGER),
23e50b68Stb	ASN1_SIMPLE(Manifest, thisUpdate, ASN1_GENERALIZEDTIME),
23e50b68Stb	ASN1_SIMPLE(Manifest, nextUpdate, ASN1_GENERALIZEDTIME),
23e50b68Stb	ASN1_SIMPLE(Manifest, fileHashAlg, ASN1_OBJECT),
23e50b68Stb	ASN1_SEQUENCE_OF(Manifest, fileList, FileAndHash),
23e50b68Stb} ASN1_SEQUENCE_END(Manifest);
23e50b68Stb
23e50b68StbDECLARE_ASN1_FUNCTIONS(Manifest);
23e50b68StbIMPLEMENT_ASN1_FUNCTIONS(Manifest);
23e50b68Stb
8a0e7acdStb#define GENTIME_LENGTH 15
8a0e7acdStb
23e50b68Stb/*
043caafeStb * Determine rtype corresponding to file extension. Returns RTYPE_INVALID
f452fe1cStb * on error or unknown extension.
043caafeStb */
043caafeStbenum rtype
043caafeStbrtype_from_file_extension(const char *fn)
043caafeStb{
043caafeStb	size_t	 sz;
043caafeStb
043caafeStb	sz = strlen(fn);
043caafeStb	if (sz < 5)
043caafeStb		return RTYPE_INVALID;
043caafeStb
043caafeStb	if (strcasecmp(fn + sz - 4, ".tal") == 0)
043caafeStb		return RTYPE_TAL;
043caafeStb	if (strcasecmp(fn + sz - 4, ".cer") == 0)
043caafeStb		return RTYPE_CER;
043caafeStb	if (strcasecmp(fn + sz - 4, ".crl") == 0)
043caafeStb		return RTYPE_CRL;
043caafeStb	if (strcasecmp(fn + sz - 4, ".mft") == 0)
043caafeStb		return RTYPE_MFT;
043caafeStb	if (strcasecmp(fn + sz - 4, ".roa") == 0)
043caafeStb		return RTYPE_ROA;
043caafeStb	if (strcasecmp(fn + sz - 4, ".gbr") == 0)
043caafeStb		return RTYPE_GBR;
04834fbdSjob	if (strcasecmp(fn + sz - 4, ".sig") == 0)
04834fbdSjob		return RTYPE_RSC;
a29ddfd5Sjob	if (strcasecmp(fn + sz - 4, ".asa") == 0)
a29ddfd5Sjob		return RTYPE_ASPA;
ee2a33daSjob	if (strcasecmp(fn + sz - 4, ".tak") == 0)
ee2a33daSjob		return RTYPE_TAK;
ef3f6f56Sjob	if (strcasecmp(fn + sz - 4, ".csv") == 0)
ef3f6f56Sjob		return RTYPE_GEOFEED;
d4be4cdeSjob	if (strcasecmp(fn + sz - 4, ".spl") == 0)
d4be4cdeSjob		return RTYPE_SPL;
043caafeStb
043caafeStb	return RTYPE_INVALID;
043caafeStb}
043caafeStb
043caafeStb/*
043caafeStb * Validate that a filename listed on a Manifest only contains characters
c7a965b3Stb * permitted in RFC 9286 section 4.2.2.
203dfefcStb * Also ensure that there is exactly one '.'.
043caafeStb */
685326f5Sclaudiostatic int
203dfefcStbvalid_mft_filename(const char *fn, size_t len)
043caafeStb{
043caafeStb	const unsigned char *c;
043caafeStb
203dfefcStb	if (!valid_filename(fn, len))
685326f5Sclaudio		return 0;
043caafeStb
685326f5Sclaudio	c = memchr(fn, '.', len);
685326f5Sclaudio	if (c == NULL || c != memrchr(fn, '.', len))
685326f5Sclaudio		return 0;
685326f5Sclaudio
685326f5Sclaudio	return 1;
685326f5Sclaudio}
685326f5Sclaudio
685326f5Sclaudio/*
a7b03bb4Sclaudio * Check that the file is allowed to be part of a manifest and the parser
a7b03bb4Sclaudio * for this type is implemented in rpki-client.
a7b03bb4Sclaudio * Returns corresponding rtype or RTYPE_INVALID to mark the file as unknown.
685326f5Sclaudio */
685326f5Sclaudiostatic enum rtype
685326f5Sclaudiortype_from_mftfile(const char *fn)
685326f5Sclaudio{
685326f5Sclaudio	enum rtype		 type;
043caafeStb
043caafeStb	type = rtype_from_file_extension(fn);
043caafeStb	switch (type) {
043caafeStb	case RTYPE_CER:
043caafeStb	case RTYPE_CRL:
043caafeStb	case RTYPE_GBR:
043caafeStb	case RTYPE_ROA:
a29ddfd5Sjob	case RTYPE_ASPA:
d4be4cdeSjob	case RTYPE_SPL:
ee2a33daSjob	case RTYPE_TAK:
043caafeStb		return type;
043caafeStb	default:
043caafeStb		return RTYPE_INVALID;
043caafeStb	}
043caafeStb}
043caafeStb
043caafeStb/*
9a7e9e7fSjob * Parse an individual "FileAndHash", RFC 6486, sec. 4.2.
9a7e9e7fSjob * Return zero on failure, non-zero on success.
9a7e9e7fSjob */
9a7e9e7fSjobstatic int
be6e5ad5Stbmft_parse_filehash(const char *fn, struct mft *mft, const FileAndHash *fh,
be6e5ad5Stb    int *found_crl)
9a7e9e7fSjob{
d7658e14Stb	char			*file = NULL;
630e12adSclaudio	int			 rc = 0;
9a7e9e7fSjob	struct mftfile		*fent;
23bc08f8Sclaudio	enum rtype		 type;
31ac5904Sjob	size_t			 new_idx = 0;
9a7e9e7fSjob
23e50b68Stb	if (!valid_mft_filename(fh->file->data, fh->file->length)) {
be6e5ad5Stb		warnx("%s: RFC 6486 section 4.2.2: bad filename", fn);
685326f5Sclaudio		goto out;
685326f5Sclaudio	}
d7658e14Stb	file = strndup(fh->file->data, fh->file->length);
d7658e14Stb	if (file == NULL)
7addb040Sbenno		err(1, NULL);
9a7e9e7fSjob
23e50b68Stb	if (fh->hash->length != SHA256_DIGEST_LENGTH) {
9a7e9e7fSjob		warnx("%s: RFC 6486 section 4.2.1: hash: "
be6e5ad5Stb		    "invalid SHA256 length, have %d", fn, fh->hash->length);
630e12adSclaudio		goto out;
9a7e9e7fSjob	}
9a7e9e7fSjob
d7658e14Stb	type = rtype_from_mftfile(file);
8a9424f8Sjob	if (type == RTYPE_CRL) {
8a9424f8Sjob		if (*found_crl == 1) {
8a9424f8Sjob			warnx("%s: RFC 6487: too many CRLs listed on MFT", fn);
8a9424f8Sjob			goto out;
8a9424f8Sjob		}
8a9424f8Sjob		if (strcmp(file, mft->crl) != 0) {
8a9424f8Sjob			warnx("%s: RFC 6487: name (%s) doesn't match CRLDP "
8a9424f8Sjob			    "(%s)", fn, file, mft->crl);
8a9424f8Sjob			goto out;
8a9424f8Sjob		}
23bc08f8Sclaudio		/* remember the filehash for the CRL in struct mft */
be6e5ad5Stb		memcpy(mft->crlhash, fh->hash->data, SHA256_DIGEST_LENGTH);
be6e5ad5Stb		*found_crl = 1;
23bc08f8Sclaudio	}
23bc08f8Sclaudio
31ac5904Sjob	if (filemode)
be6e5ad5Stb		fent = &mft->files[mft->filesz++];
31ac5904Sjob	else {
31ac5904Sjob		/* Fisher-Yates shuffle */
be6e5ad5Stb		new_idx = arc4random_uniform(mft->filesz + 1);
be6e5ad5Stb		mft->files[mft->filesz++] = mft->files[new_idx];
be6e5ad5Stb		fent = &mft->files[new_idx];
31ac5904Sjob	}
31ac5904Sjob
23bc08f8Sclaudio	fent->type = type;
d7658e14Stb	fent->file = file;
d7658e14Stb	file = NULL;
23e50b68Stb	memcpy(fent->hash, fh->hash->data, SHA256_DIGEST_LENGTH);
9a7e9e7fSjob
630e12adSclaudio	rc = 1;
630e12adSclaudio out:
d7658e14Stb	free(file);
9a7e9e7fSjob	return rc;
9a7e9e7fSjob}
9a7e9e7fSjob
58c75743Stbstatic int
58c75743Stbmft_fh_cmp_name(const FileAndHash *const *a, const FileAndHash *const *b)
58c75743Stb{
58c75743Stb	if ((*a)->file->length < (*b)->file->length)
58c75743Stb		return -1;
58c75743Stb	if ((*a)->file->length > (*b)->file->length)
58c75743Stb		return 1;
58c75743Stb
58c75743Stb	return memcmp((*a)->file->data, (*b)->file->data, (*b)->file->length);
58c75743Stb}
58c75743Stb
58c75743Stbstatic int
58c75743Stbmft_fh_cmp_hash(const FileAndHash *const *a, const FileAndHash *const *b)
58c75743Stb{
58c75743Stb	assert((*a)->hash->length == SHA256_DIGEST_LENGTH);
58c75743Stb	assert((*b)->hash->length == SHA256_DIGEST_LENGTH);
58c75743Stb
58c75743Stb	return memcmp((*a)->hash->data, (*b)->hash->data, (*b)->hash->length);
58c75743Stb}
58c75743Stb
58c75743Stb/*
58c75743Stb * Assuming that the hash lengths are validated, this checks that all file names
58c75743Stb * and hashes in a manifest are unique. Returns 1 on success, 0 on failure.
58c75743Stb */
58c75743Stbstatic int
58c75743Stbmft_has_unique_names_and_hashes(const char *fn, const Manifest *mft)
58c75743Stb{
58c75743Stb	STACK_OF(FileAndHash)	*fhs;
58c75743Stb	int			 i, ret = 0;
58c75743Stb
58c75743Stb	if ((fhs = sk_FileAndHash_dup(mft->fileList)) == NULL)
58c75743Stb		err(1, NULL);
58c75743Stb
58c75743Stb	(void)sk_FileAndHash_set_cmp_func(fhs, mft_fh_cmp_name);
58c75743Stb	sk_FileAndHash_sort(fhs);
58c75743Stb
58c75743Stb	for (i = 0; i < sk_FileAndHash_num(fhs) - 1; i++) {
58c75743Stb		const FileAndHash *curr = sk_FileAndHash_value(fhs, i);
58c75743Stb		const FileAndHash *next = sk_FileAndHash_value(fhs, i + 1);
58c75743Stb
58c75743Stb		if (mft_fh_cmp_name(&curr, &next) == 0) {
58c75743Stb			warnx("%s: duplicate name: %.*s", fn,
58c75743Stb			    curr->file->length, curr->file->data);
58c75743Stb			goto err;
58c75743Stb		}
58c75743Stb	}
58c75743Stb
58c75743Stb	(void)sk_FileAndHash_set_cmp_func(fhs, mft_fh_cmp_hash);
58c75743Stb	sk_FileAndHash_sort(fhs);
58c75743Stb
58c75743Stb	for (i = 0; i < sk_FileAndHash_num(fhs) - 1; i++) {
58c75743Stb		const FileAndHash *curr = sk_FileAndHash_value(fhs, i);
58c75743Stb		const FileAndHash *next = sk_FileAndHash_value(fhs, i + 1);
58c75743Stb
58c75743Stb		if (mft_fh_cmp_hash(&curr, &next) == 0) {
58c75743Stb			warnx("%s: duplicate hash for %.*s and %.*s", fn,
58c75743Stb			    curr->file->length, curr->file->data,
58c75743Stb			    next->file->length, next->file->data);
58c75743Stb			goto err;
58c75743Stb		}
58c75743Stb	}
58c75743Stb
58c75743Stb	ret = 1;
58c75743Stb
58c75743Stb err:
58c75743Stb	sk_FileAndHash_free(fhs);
58c75743Stb
58c75743Stb	return ret;
58c75743Stb}
58c75743Stb
9a7e9e7fSjob/*
9a7e9e7fSjob * Handle the eContent of the manifest object, RFC 6486 sec. 4.2.
651b53faSclaudio * Returns 0 on failure and 1 on success.
9a7e9e7fSjob */
9a7e9e7fSjobstatic int
be6e5ad5Stbmft_parse_econtent(const char *fn, struct mft *mft, const unsigned char *d,
be6e5ad5Stb    size_t dsz)
9a7e9e7fSjob{
d115f50dSjob	const unsigned char	*oder;
cd9dc441Stb	Manifest		*mft_asn1;
23e50b68Stb	FileAndHash		*fh;
be6e5ad5Stb	int			 found_crl, i, rc = 0;
9a7e9e7fSjob
d115f50dSjob	oder = d;
cd9dc441Stb	if ((mft_asn1 = d2i_Manifest(NULL, &d, dsz)) == NULL) {
be6e5ad5Stb		warnx("%s: RFC 6486 section 4: failed to parse Manifest", fn);
9a7e9e7fSjob		goto out;
9a7e9e7fSjob	}
d115f50dSjob	if (d != oder + dsz) {
be6e5ad5Stb		warnx("%s: %td bytes trailing garbage in eContent", fn,
d115f50dSjob		    oder + dsz - d);
d115f50dSjob		goto out;
d115f50dSjob	}
9a7e9e7fSjob
be6e5ad5Stb	if (!valid_econtent_version(fn, mft_asn1->version, 0))
9a7e9e7fSjob		goto out;
ab5c69fdSjob
904d9c60Stb	mft->seqnum = x509_convert_seqnum(fn, "manifest number",
904d9c60Stb	    mft_asn1->manifestNumber);
be6e5ad5Stb	if (mft->seqnum == NULL)
ab5c69fdSjob		goto out;
ab5c69fdSjob
851cae3dSjob	/*
851cae3dSjob	 * OpenSSL's DER decoder implementation will accept a GeneralizedTime
851cae3dSjob	 * which doesn't conform to RFC 5280. So, double check.
851cae3dSjob	 */
cd9dc441Stb	if (ASN1_STRING_length(mft_asn1->thisUpdate) != GENTIME_LENGTH) {
be6e5ad5Stb		warnx("%s: embedded from time format invalid", fn);
9a7e9e7fSjob		goto out;
851cae3dSjob	}
cd9dc441Stb	if (ASN1_STRING_length(mft_asn1->nextUpdate) != GENTIME_LENGTH) {
be6e5ad5Stb		warnx("%s: embedded until time format invalid", fn);
851cae3dSjob		goto out;
851cae3dSjob	}
851cae3dSjob
be6e5ad5Stb	if (!x509_get_time(mft_asn1->thisUpdate, &mft->thisupdate)) {
be6e5ad5Stb		warn("%s: parsing manifest thisUpdate failed", fn);
851cae3dSjob		goto out;
851cae3dSjob	}
be6e5ad5Stb	if (!x509_get_time(mft_asn1->nextUpdate, &mft->nextupdate)) {
be6e5ad5Stb		warn("%s: parsing manifest nextUpdate failed", fn);
851cae3dSjob		goto out;
851cae3dSjob	}
851cae3dSjob
be6e5ad5Stb	if (mft->thisupdate > mft->nextupdate) {
be6e5ad5Stb		warnx("%s: bad update interval", fn);
851cae3dSjob		goto out;
851cae3dSjob	}
bf682897Stb
cd9dc441Stb	if (OBJ_obj2nid(mft_asn1->fileHashAlg) != NID_sha256) {
9a7e9e7fSjob		warnx("%s: RFC 6486 section 4.2.1: fileHashAlg: "
1731179dStb		    "want SHA256 object, have %s", fn,
1731179dStb		    nid2str(OBJ_obj2nid(mft_asn1->fileHashAlg)));
9a7e9e7fSjob		goto out;
9a7e9e7fSjob	}
9a7e9e7fSjob
*bb0e26feStb	if (sk_FileAndHash_num(mft_asn1->fileList) <= 0) {
*bb0e26feStb		warnx("%s: no files in manifest fileList", fn);
*bb0e26feStb		goto out;
*bb0e26feStb	}
cd9dc441Stb	if (sk_FileAndHash_num(mft_asn1->fileList) >= MAX_MANIFEST_ENTRIES) {
be6e5ad5Stb		warnx("%s: %d exceeds manifest entry limit (%d)", fn,
cd9dc441Stb		    sk_FileAndHash_num(mft_asn1->fileList),
cd9dc441Stb		    MAX_MANIFEST_ENTRIES);
9a7e9e7fSjob		goto out;
651b53faSclaudio	}
651b53faSclaudio
be6e5ad5Stb	mft->files = calloc(sk_FileAndHash_num(mft_asn1->fileList),
23e50b68Stb	    sizeof(struct mftfile));
be6e5ad5Stb	if (mft->files == NULL)
23e50b68Stb		err(1, NULL);
23e50b68Stb
be6e5ad5Stb	found_crl = 0;
cd9dc441Stb	for (i = 0; i < sk_FileAndHash_num(mft_asn1->fileList); i++) {
cd9dc441Stb		fh = sk_FileAndHash_value(mft_asn1->fileList, i);
be6e5ad5Stb		if (!mft_parse_filehash(fn, mft, fh, &found_crl))
9a7e9e7fSjob			goto out;
23e50b68Stb	}
23e50b68Stb
be6e5ad5Stb	if (!found_crl) {
be6e5ad5Stb		warnx("%s: CRL not part of MFT fileList", fn);
23e50b68Stb		goto out;
23e50b68Stb	}
9a7e9e7fSjob
be6e5ad5Stb	if (!mft_has_unique_names_and_hashes(fn, mft_asn1))
58c75743Stb		goto out;
58c75743Stb
bf682897Stb	rc = 1;
9a7e9e7fSjob out:
cd9dc441Stb	Manifest_free(mft_asn1);
9a7e9e7fSjob	return rc;
9a7e9e7fSjob}
9a7e9e7fSjob
9a7e9e7fSjob/*
9a7e9e7fSjob * Parse the objects that have been published in the manifest.
c6be5ad7Sjob * Return mft if it conforms to RFC 6486, otherwise NULL.
9a7e9e7fSjob */
9a7e9e7fSjobstruct mft *
0636c4d0Stbmft_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
0636c4d0Stb    size_t len)
9a7e9e7fSjob{
be6e5ad5Stb	struct mft	*mft;
b454bae8Sjob	struct cert	*cert = NULL;
651b53faSclaudio	int		 rc = 0;
651b53faSclaudio	size_t		 cmsz;
9a7e9e7fSjob	unsigned char	*cms;
05ed64a0Stb	char		*crldp = NULL, *crlfile;
beccb378Stb	time_t		 signtime = 0;
9a7e9e7fSjob
1330c972Stb	cms = cms_parse_validate(x509, fn, der, len, mft_oid, &cmsz, &signtime);
9a7e9e7fSjob	if (cms == NULL)
9a7e9e7fSjob		return NULL;
9a7e9e7fSjob	assert(*x509 != NULL);
9a7e9e7fSjob
be6e5ad5Stb	if ((mft = calloc(1, sizeof(*mft))) == NULL)
7addb040Sbenno		err(1, NULL);
be6e5ad5Stb	mft->signtime = signtime;
1f25fa5dStb
be6e5ad5Stb	if (!x509_get_aia(*x509, fn, &mft->aia))
f999fe57Sclaudio		goto out;
be6e5ad5Stb	if (!x509_get_aki(*x509, fn, &mft->aki))
f999fe57Sclaudio		goto out;
be6e5ad5Stb	if (!x509_get_sia(*x509, fn, &mft->sia))
2cf0e122Sjob		goto out;
be6e5ad5Stb	if (!x509_get_ski(*x509, fn, &mft->ski))
f999fe57Sclaudio		goto out;
be6e5ad5Stb	if (mft->aia == NULL || mft->aki == NULL || mft->sia == NULL ||
be6e5ad5Stb	    mft->ski == NULL) {
1f25fa5dStb		warnx("%s: RFC 6487 section 4.8: "
2cf0e122Sjob		    "missing AIA, AKI, SIA, or SKI X509 extension", fn);
9a7e9e7fSjob		goto out;
1f25fa5dStb	}
9a7e9e7fSjob
3a363cbdSjob	if (!x509_inherits(*x509)) {
3a363cbdSjob		warnx("%s: RFC 3779 extension not set to inherit", fn);
3a363cbdSjob		goto out;
3a363cbdSjob	}
3a363cbdSjob
23bc08f8Sclaudio	/* get CRL info for later */
23bc08f8Sclaudio	if (!x509_get_crl(*x509, fn, &crldp))
23bc08f8Sclaudio		goto out;
23bc08f8Sclaudio	if (crldp == NULL) {
23bc08f8Sclaudio		warnx("%s: RFC 6487 section 4.8.6: CRL: "
23bc08f8Sclaudio		    "missing CRL distribution point extension", fn);
23bc08f8Sclaudio		goto out;
23bc08f8Sclaudio	}
6747684dSjob	crlfile = strrchr(crldp, '/');
6747684dSjob	if (crlfile == NULL) {
6747684dSjob		warnx("%s: RFC 6487 section 4.8.6: "
6747684dSjob		    "invalid CRL distribution point", fn);
6747684dSjob		goto out;
6747684dSjob	}
6747684dSjob	crlfile++;
6747684dSjob	if (!valid_mft_filename(crlfile, strlen(crlfile)) ||
6747684dSjob	    rtype_from_file_extension(crlfile) != RTYPE_CRL) {
23bc08f8Sclaudio		warnx("%s: RFC 6487 section 4.8.6: CRL: "
23bc08f8Sclaudio		    "bad CRL distribution point extension", fn);
23bc08f8Sclaudio		goto out;
23bc08f8Sclaudio	}
be6e5ad5Stb	if ((mft->crl = strdup(crlfile)) == NULL)
23bc08f8Sclaudio		err(1, NULL);
23bc08f8Sclaudio
be6e5ad5Stb	if (mft_parse_econtent(fn, mft, cms, cmsz) == 0)
9a7e9e7fSjob		goto out;
9a7e9e7fSjob
891d6bceSjob	if ((cert = cert_parse_ee_cert(fn, talid, *x509)) == NULL)
b454bae8Sjob		goto out;
b454bae8Sjob
be6e5ad5Stb	if (mft->signtime > mft->nextupdate) {
36b57f80Sjob		warnx("%s: dating issue: CMS signing-time after MFT nextUpdate",
36b57f80Sjob		    fn);
36b57f80Sjob		goto out;
36b57f80Sjob	}
36b57f80Sjob
9a7e9e7fSjob	rc = 1;
9a7e9e7fSjobout:
9a7e9e7fSjob	if (rc == 0) {
be6e5ad5Stb		mft_free(mft);
be6e5ad5Stb		mft = NULL;
9a7e9e7fSjob		X509_free(*x509);
9a7e9e7fSjob		*x509 = NULL;
9a7e9e7fSjob	}
05ed64a0Stb	free(crldp);
b454bae8Sjob	cert_free(cert);
9a7e9e7fSjob	free(cms);
be6e5ad5Stb	return mft;
9a7e9e7fSjob}
9a7e9e7fSjob
9a7e9e7fSjob/*
9a7e9e7fSjob * Free an MFT pointer.
9a7e9e7fSjob * Safe to call with NULL.
9a7e9e7fSjob */
9a7e9e7fSjobvoid
9a7e9e7fSjobmft_free(struct mft *p)
9a7e9e7fSjob{
9a7e9e7fSjob	size_t	 i;
9a7e9e7fSjob
9a7e9e7fSjob	if (p == NULL)
9a7e9e7fSjob		return;
9a7e9e7fSjob
9a7e9e7fSjob	for (i = 0; i < p->filesz; i++)
9a7e9e7fSjob		free(p->files[i].file);
9a7e9e7fSjob
a9a51c4fStb	free(p->path);
a9a51c4fStb	free(p->files);
a9a51c4fStb	free(p->seqnum);
ebd55816Sjob	free(p->aia);
9a7e9e7fSjob	free(p->aki);
2cf0e122Sjob	free(p->sia);
9a7e9e7fSjob	free(p->ski);
a9a51c4fStb	free(p->crl);
9a7e9e7fSjob	free(p);
9a7e9e7fSjob}
9a7e9e7fSjob
9a7e9e7fSjob/*
9a7e9e7fSjob * Serialise MFT parsed content into the given buffer.
9a7e9e7fSjob * See mft_read() for the other side of the pipe.
9a7e9e7fSjob */
9a7e9e7fSjobvoid
08db1177Sclaudiomft_buffer(struct ibuf *b, const struct mft *p)
9a7e9e7fSjob{
9a7e9e7fSjob	size_t		 i;
9a7e9e7fSjob
100ded9eSclaudio	io_simple_buffer(b, &p->repoid, sizeof(p->repoid));
1fc2657fSclaudio	io_simple_buffer(b, &p->talid, sizeof(p->talid));
0bc420b9Sclaudio	io_simple_buffer(b, &p->certid, sizeof(p->certid));
318f0572Sjob	io_simple_buffer(b, &p->seqnum_gap, sizeof(p->seqnum_gap));
100ded9eSclaudio	io_str_buffer(b, p->path);
9a7e9e7fSjob
ebd55816Sjob	io_str_buffer(b, p->aia);
08db1177Sclaudio	io_str_buffer(b, p->aki);
08db1177Sclaudio	io_str_buffer(b, p->ski);
100ded9eSclaudio
100ded9eSclaudio	io_simple_buffer(b, &p->filesz, sizeof(size_t));
100ded9eSclaudio	for (i = 0; i < p->filesz; i++) {
100ded9eSclaudio		io_str_buffer(b, p->files[i].file);
22cec6c4Stb		io_simple_buffer(b, &p->files[i].type,
22cec6c4Stb		    sizeof(p->files[i].type));
df512fbcSclaudio		io_simple_buffer(b, &p->files[i].location,
df512fbcSclaudio		    sizeof(p->files[i].location));
100ded9eSclaudio		io_simple_buffer(b, p->files[i].hash, SHA256_DIGEST_LENGTH);
100ded9eSclaudio	}
9a7e9e7fSjob}
9a7e9e7fSjob
9a7e9e7fSjob/*
9a7e9e7fSjob * Read an MFT structure from the file descriptor.
9a7e9e7fSjob * Result must be passed to mft_free().
9a7e9e7fSjob */
9a7e9e7fSjobstruct mft *
7eb79a4aSclaudiomft_read(struct ibuf *b)
9a7e9e7fSjob{
9a7e9e7fSjob	struct mft	*p = NULL;
9a7e9e7fSjob	size_t		 i;
9a7e9e7fSjob
9a7e9e7fSjob	if ((p = calloc(1, sizeof(struct mft))) == NULL)
7addb040Sbenno		err(1, NULL);
9a7e9e7fSjob
100ded9eSclaudio	io_read_buf(b, &p->repoid, sizeof(p->repoid));
1fc2657fSclaudio	io_read_buf(b, &p->talid, sizeof(p->talid));
0bc420b9Sclaudio	io_read_buf(b, &p->certid, sizeof(p->certid));
318f0572Sjob	io_read_buf(b, &p->seqnum_gap, sizeof(p->seqnum_gap));
100ded9eSclaudio	io_read_str(b, &p->path);
9a7e9e7fSjob
100ded9eSclaudio	io_read_str(b, &p->aia);
100ded9eSclaudio	io_read_str(b, &p->aki);
100ded9eSclaudio	io_read_str(b, &p->ski);
100ded9eSclaudio	assert(p->aia && p->aki && p->ski);
100ded9eSclaudio
100ded9eSclaudio	io_read_buf(b, &p->filesz, sizeof(size_t));
9a7e9e7fSjob	if ((p->files = calloc(p->filesz, sizeof(struct mftfile))) == NULL)
7addb040Sbenno		err(1, NULL);
9a7e9e7fSjob
9a7e9e7fSjob	for (i = 0; i < p->filesz; i++) {
7eb79a4aSclaudio		io_read_str(b, &p->files[i].file);
22cec6c4Stb		io_read_buf(b, &p->files[i].type, sizeof(p->files[i].type));
df512fbcSclaudio		io_read_buf(b, &p->files[i].location,
df512fbcSclaudio		    sizeof(p->files[i].location));
7eb79a4aSclaudio		io_read_buf(b, p->files[i].hash, SHA256_DIGEST_LENGTH);
9a7e9e7fSjob	}
9a7e9e7fSjob
9a7e9e7fSjob	return p;
9a7e9e7fSjob}
df512fbcSclaudio
df512fbcSclaudio/*
1039ba60Stb * Compare the thisupdate time of two mft files.
1039ba60Stb */
1039ba60Stbint
1039ba60Stbmft_compare_issued(const struct mft *a, const struct mft *b)
1039ba60Stb{
1039ba60Stb	if (a->thisupdate > b->thisupdate)
1039ba60Stb		return 1;
1039ba60Stb	if (a->thisupdate < b->thisupdate)
1039ba60Stb		return -1;
1039ba60Stb	return 0;
1039ba60Stb}
1039ba60Stb
1039ba60Stb/*
e73085f8Stb * Compare the manifestNumber of two mft files.
df512fbcSclaudio */
df512fbcSclaudioint
e73085f8Stbmft_compare_seqnum(const struct mft *a, const struct mft *b)
df512fbcSclaudio{
df512fbcSclaudio	int r;
df512fbcSclaudio
df512fbcSclaudio	r = strlen(a->seqnum) - strlen(b->seqnum);
df512fbcSclaudio	if (r > 0)	/* seqnum in a is longer -> higher */
df512fbcSclaudio		return 1;
df512fbcSclaudio	if (r < 0)	/* seqnum in a is shorter -> smaller */
0c60a445Sjob		return -1;
df512fbcSclaudio
df512fbcSclaudio	r = strcmp(a->seqnum, b->seqnum);
73a8ca21Sclaudio	if (r > 0)	/* a is greater, prefer a */
df512fbcSclaudio		return 1;
0c60a445Sjob	if (r < 0)	/* b is greater, prefer b */
0c60a445Sjob		return -1;
0c60a445Sjob
df512fbcSclaudio	return 0;
df512fbcSclaudio}
318f0572Sjob
318f0572Sjob/*
318f0572Sjob * Test if there is a gap in the sequence numbers of two MFTs.
318f0572Sjob * Return 1 if a gap is detected.
318f0572Sjob */
318f0572Sjobint
318f0572Sjobmft_seqnum_gap_present(const struct mft *a, const struct mft *b)
318f0572Sjob{
318f0572Sjob	BIGNUM *diff, *seqnum_a, *seqnum_b;
318f0572Sjob	int ret = 0;
318f0572Sjob
318f0572Sjob	BN_CTX_start(bn_ctx);
318f0572Sjob	if ((diff = BN_CTX_get(bn_ctx)) == NULL ||
318f0572Sjob	    (seqnum_a = BN_CTX_get(bn_ctx)) == NULL ||
318f0572Sjob	    (seqnum_b = BN_CTX_get(bn_ctx)) == NULL)
318f0572Sjob		errx(1, "BN_CTX_get");
318f0572Sjob
318f0572Sjob	if (!BN_hex2bn(&seqnum_a, a->seqnum))
318f0572Sjob		errx(1, "BN_hex2bn");
318f0572Sjob
318f0572Sjob	if (!BN_hex2bn(&seqnum_b, b->seqnum))
318f0572Sjob		errx(1, "BN_hex2bn");
318f0572Sjob
318f0572Sjob	if (!BN_sub(diff, seqnum_a, seqnum_b))
318f0572Sjob		errx(1, "BN_sub");
318f0572Sjob
318f0572Sjob	ret = !BN_is_one(diff);
318f0572Sjob
318f0572Sjob	BN_CTX_end(bn_ctx);
318f0572Sjob
318f0572Sjob	return ret;
318f0572Sjob}