From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- .../nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp | 900 +++++++++++++++++++++ 1 file changed, 900 insertions(+) create mode 100644 security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp (limited to 'security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp') diff --git a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp new file mode 100644 index 0000000000..df9a3d40e2 --- /dev/null +++ b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp @@ -0,0 +1,900 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This code is made available to you under your choice of the following sets + * of licensing terms: + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ +/* Copyright 2013 Mozilla Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined(_MSC_VER) && _MSC_VER < 1900 +// When building with -D_HAS_EXCEPTIONS=0, MSVC's header triggers +// warning C4702: unreachable code. +// https://connect.microsoft.com/VisualStudio/feedback/details/809962 +#pragma warning(push) +#pragma warning(disable: 4702) +#endif + +#include +#include + +#if defined(_MSC_VER) && _MSC_VER < 1900 +#pragma warning(pop) +#endif + +#include "pkixgtest.h" + +#include "mozpkix/pkixder.h" + +using namespace mozilla::pkix; +using namespace mozilla::pkix::test; + +static ByteString +CreateCert(const char* issuerCN, // null means "empty name" + const char* subjectCN, // null means "empty name" + EndEntityOrCA endEntityOrCA, + /*optional modified*/ std::map* + subjectDERToCertDER = nullptr, + /*optional*/ const ByteString* extension = nullptr, + /*optional*/ const TestKeyPair* issuerKeyPair = nullptr, + /*optional*/ const TestKeyPair* subjectKeyPair = nullptr) +{ + static long serialNumberValue = 0; + ++serialNumberValue; + ByteString serialNumber(CreateEncodedSerialNumber(serialNumberValue)); + EXPECT_FALSE(ENCODING_FAILED(serialNumber)); + + ByteString issuerDER(issuerCN ? CNToDERName(issuerCN) : Name(ByteString())); + ByteString subjectDER(subjectCN ? CNToDERName(subjectCN) : Name(ByteString())); + + std::vector extensions; + if (endEntityOrCA == EndEntityOrCA::MustBeCA) { + ByteString basicConstraints = + CreateEncodedBasicConstraints(true, nullptr, Critical::Yes); + EXPECT_FALSE(ENCODING_FAILED(basicConstraints)); + extensions.push_back(basicConstraints); + } + if (extension) { + extensions.push_back(*extension); + } + extensions.push_back(ByteString()); // marks the end of the list + + ScopedTestKeyPair reusedKey(CloneReusedKeyPair()); + ByteString certDER(CreateEncodedCertificate( + v3, sha256WithRSAEncryption(), serialNumber, issuerDER, + oneDayBeforeNow, oneDayAfterNow, subjectDER, + subjectKeyPair ? *subjectKeyPair : *reusedKey, + extensions.data(), + issuerKeyPair ? *issuerKeyPair : *reusedKey, + sha256WithRSAEncryption())); + EXPECT_FALSE(ENCODING_FAILED(certDER)); + + if (subjectDERToCertDER) { + (*subjectDERToCertDER)[subjectDER] = certDER; + } + + return certDER; +} + +class TestTrustDomain final : public DefaultCryptoTrustDomain +{ +public: + // The "cert chain tail" is a longish chain of certificates that is used by + // all of the tests here. We share this chain across all the tests in order + // to speed up the tests (generating keypairs for the certs is very slow). + bool SetUpCertChainTail() + { + static char const* const names[] = { + "CA1 (Root)", "CA2", "CA3", "CA4", "CA5", "CA6", "CA7" + }; + + for (size_t i = 0; i < MOZILLA_PKIX_ARRAY_LENGTH(names); ++i) { + const char* issuerName = i == 0 ? names[0] : names[i-1]; + CreateCACert(issuerName, names[i]); + if (i == 0) { + rootCACertDER = leafCACertDER; + } + } + + return true; + } + + void CreateCACert(const char* issuerName, const char* subjectName) + { + leafCACertDER = CreateCert(issuerName, subjectName, + EndEntityOrCA::MustBeCA, &subjectDERToCertDER); + assert(!ENCODING_FAILED(leafCACertDER)); + } + + ByteString GetLeafCACertDER() const { return leafCACertDER; } + +private: + Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input candidateCert, + /*out*/ TrustLevel& trustLevel) override + { + trustLevel = InputEqualsByteString(candidateCert, rootCACertDER) + ? TrustLevel::TrustAnchor + : TrustLevel::InheritsTrust; + return Success; + } + + Result FindIssuer(Input encodedIssuerName, IssuerChecker& checker, Time) + override + { + ByteString subjectDER(InputToByteString(encodedIssuerName)); + ByteString certDER(subjectDERToCertDER[subjectDER]); + Input derCert; + Result rv = derCert.Init(certDER.data(), certDER.length()); + if (rv != Success) { + return rv; + } + bool keepGoing; + rv = checker.Check(derCert, nullptr/*additionalNameConstraints*/, + keepGoing); + if (rv != Success) { + return rv; + } + return Success; + } + + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + /*optional*/ const Input*, /*optional*/ const Input*, + /*optional*/ const Input*) + override + { + return Success; + } + + Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override + { + return Success; + } + + std::map subjectDERToCertDER; + ByteString leafCACertDER; + ByteString rootCACertDER; +}; + +class pkixbuild : public ::testing::Test +{ +public: + static void SetUpTestSuite() + { + if (!trustDomain.SetUpCertChainTail()) { + abort(); + } + } + +protected: + + static TestTrustDomain trustDomain; +}; + +/*static*/ TestTrustDomain pkixbuild::trustDomain; + +TEST_F(pkixbuild, MaxAcceptableCertChainLength) +{ + { + ByteString leafCACert(trustDomain.GetLeafCACertDER()); + Input certDER; + ASSERT_EQ(Success, certDER.Init(leafCACert.data(), leafCACert.length())); + ASSERT_EQ(Success, + BuildCertChain(trustDomain, certDER, Now(), + EndEntityOrCA::MustBeCA, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); + } + + { + ByteString certDER(CreateCert("CA7", "Direct End-Entity", + EndEntityOrCA::MustBeEndEntity)); + ASSERT_FALSE(ENCODING_FAILED(certDER)); + Input certDERInput; + ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length())); + ASSERT_EQ(Success, + BuildCertChain(trustDomain, certDERInput, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); + } +} + +TEST_F(pkixbuild, BeyondMaxAcceptableCertChainLength) +{ + static char const* const caCertName = "CA Too Far"; + + trustDomain.CreateCACert("CA7", caCertName); + + { + ByteString certDER(trustDomain.GetLeafCACertDER()); + Input certDERInput; + ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length())); + ASSERT_EQ(Result::ERROR_UNKNOWN_ISSUER, + BuildCertChain(trustDomain, certDERInput, Now(), + EndEntityOrCA::MustBeCA, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); + } + + { + ByteString certDER(CreateCert(caCertName, "End-Entity Too Far", + EndEntityOrCA::MustBeEndEntity)); + ASSERT_FALSE(ENCODING_FAILED(certDER)); + Input certDERInput; + ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length())); + ASSERT_EQ(Result::ERROR_UNKNOWN_ISSUER, + BuildCertChain(trustDomain, certDERInput, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); + } +} + +// A TrustDomain that checks certificates against a given root certificate. +// It is initialized with the DER encoding of a root certificate that +// is treated as a trust anchor and is assumed to have issued all certificates +// (i.e. FindIssuer always attempts to build the next step in the chain with +// it). +class SingleRootTrustDomain : public DefaultCryptoTrustDomain +{ +public: + explicit SingleRootTrustDomain(ByteString aRootDER) + : rootDER(aRootDER) + { + } + + // The CertPolicyId argument is unused because we don't care about EV. + Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input candidateCert, + /*out*/ TrustLevel& trustLevel) override + { + Input rootCert; + Result rv = rootCert.Init(rootDER.data(), rootDER.length()); + if (rv != Success) { + return rv; + } + if (InputsAreEqual(candidateCert, rootCert)) { + trustLevel = TrustLevel::TrustAnchor; + } else { + trustLevel = TrustLevel::InheritsTrust; + } + return Success; + } + + Result FindIssuer(Input, IssuerChecker& checker, Time) override + { + // keepGoing is an out parameter from IssuerChecker.Check. It would tell us + // whether or not to continue attempting other potential issuers. We only + // know of one potential issuer, however, so we ignore it. + bool keepGoing; + Input rootCert; + Result rv = rootCert.Init(rootDER.data(), rootDER.length()); + if (rv != Success) { + return rv; + } + return checker.Check(rootCert, nullptr, keepGoing); + } + + Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override + { + return Success; + } + + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + /*optional*/ const Input*, /*optional*/ const Input*, + /*optional*/ const Input*) + override + { + return Success; + } + +private: + ByteString rootDER; +}; + +// A TrustDomain that explicitly fails if CheckRevocation is called. +class ExpiredCertTrustDomain final : public SingleRootTrustDomain +{ +public: + explicit ExpiredCertTrustDomain(ByteString aRootDER) + : SingleRootTrustDomain(aRootDER) + { + } + + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + /*optional*/ const Input*, /*optional*/ const Input*, + /*optional*/ const Input*) + override + { + ADD_FAILURE(); + return NotReached("CheckRevocation should not be called", + Result::FATAL_ERROR_LIBRARY_FAILURE); + } +}; + +TEST_F(pkixbuild, NoRevocationCheckingForExpiredCert) +{ + const char* rootCN = "Root CA"; + ByteString rootDER(CreateCert(rootCN, rootCN, EndEntityOrCA::MustBeCA, + nullptr)); + EXPECT_FALSE(ENCODING_FAILED(rootDER)); + ExpiredCertTrustDomain expiredCertTrustDomain(rootDER); + + ByteString serialNumber(CreateEncodedSerialNumber(100)); + EXPECT_FALSE(ENCODING_FAILED(serialNumber)); + ByteString issuerDER(CNToDERName(rootCN)); + ByteString subjectDER(CNToDERName("Expired End-Entity Cert")); + ScopedTestKeyPair reusedKey(CloneReusedKeyPair()); + ByteString certDER(CreateEncodedCertificate( + v3, sha256WithRSAEncryption(), + serialNumber, issuerDER, + twoDaysBeforeNow, + oneDayBeforeNow, + subjectDER, *reusedKey, nullptr, *reusedKey, + sha256WithRSAEncryption())); + EXPECT_FALSE(ENCODING_FAILED(certDER)); + + Input cert; + ASSERT_EQ(Success, cert.Init(certDER.data(), certDER.length())); + ASSERT_EQ(Result::ERROR_EXPIRED_CERTIFICATE, + BuildCertChain(expiredCertTrustDomain, cert, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr)); +} + +class DSSTrustDomain final : public EverythingFailsByDefaultTrustDomain +{ +public: + Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, + Input, /*out*/ TrustLevel& trustLevel) override + { + trustLevel = TrustLevel::TrustAnchor; + return Success; + } +}; + +class pkixbuild_DSS : public ::testing::Test { }; + +TEST_F(pkixbuild_DSS, DSSEndEntityKeyNotAccepted) +{ + DSSTrustDomain trustDomain; + + ByteString serialNumber(CreateEncodedSerialNumber(1)); + ASSERT_FALSE(ENCODING_FAILED(serialNumber)); + + ByteString subjectDER(CNToDERName("DSS")); + ASSERT_FALSE(ENCODING_FAILED(subjectDER)); + ScopedTestKeyPair subjectKey(GenerateDSSKeyPair()); + ASSERT_TRUE(subjectKey.get()); + + ByteString issuerDER(CNToDERName("RSA")); + ASSERT_FALSE(ENCODING_FAILED(issuerDER)); + ScopedTestKeyPair issuerKey(CloneReusedKeyPair()); + ASSERT_TRUE(issuerKey.get()); + + ByteString cert(CreateEncodedCertificate(v3, sha256WithRSAEncryption(), + serialNumber, issuerDER, + oneDayBeforeNow, oneDayAfterNow, + subjectDER, *subjectKey, nullptr, + *issuerKey, sha256WithRSAEncryption())); + ASSERT_FALSE(ENCODING_FAILED(cert)); + Input certDER; + ASSERT_EQ(Success, certDER.Init(cert.data(), cert.length())); + + ASSERT_EQ(Result::ERROR_UNSUPPORTED_KEYALG, + BuildCertChain(trustDomain, certDER, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); +} + +class IssuerNameCheckTrustDomain final : public DefaultCryptoTrustDomain +{ +public: + IssuerNameCheckTrustDomain(const ByteString& aIssuer, bool aExpectedKeepGoing) + : issuer(aIssuer) + , expectedKeepGoing(aExpectedKeepGoing) + { + } + + Result GetCertTrust(EndEntityOrCA endEntityOrCA, const CertPolicyId&, Input, + /*out*/ TrustLevel& trustLevel) override + { + trustLevel = endEntityOrCA == EndEntityOrCA::MustBeCA + ? TrustLevel::TrustAnchor + : TrustLevel::InheritsTrust; + return Success; + } + + Result FindIssuer(Input, IssuerChecker& checker, Time) override + { + Input issuerInput; + EXPECT_EQ(Success, issuerInput.Init(issuer.data(), issuer.length())); + bool keepGoing; + EXPECT_EQ(Success, + checker.Check(issuerInput, nullptr /*additionalNameConstraints*/, + keepGoing)); + EXPECT_EQ(expectedKeepGoing, keepGoing); + return Success; + } + + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + /*optional*/ const Input*, /*optional*/ const Input*, + /*optional*/ const Input*) + override + { + return Success; + } + + Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override + { + return Success; + } + +private: + const ByteString issuer; + const bool expectedKeepGoing; +}; + +struct IssuerNameCheckParams +{ + const char* subjectIssuerCN; // null means "empty name" + const char* issuerSubjectCN; // null means "empty name" + bool matches; + Result expectedError; +}; + +static const IssuerNameCheckParams ISSUER_NAME_CHECK_PARAMS[] = +{ + { "foo", "foo", true, Success }, + { "foo", "bar", false, Result::ERROR_UNKNOWN_ISSUER }, + { "f", "foo", false, Result::ERROR_UNKNOWN_ISSUER }, // prefix + { "foo", "f", false, Result::ERROR_UNKNOWN_ISSUER }, // prefix + { "foo", "Foo", false, Result::ERROR_UNKNOWN_ISSUER }, // case sensitive + { "", "", true, Success }, + { nullptr, nullptr, false, Result::ERROR_EMPTY_ISSUER_NAME }, // empty issuer + + // check that certificate-related errors are deferred and superseded by + // ERROR_UNKNOWN_ISSUER when a chain can't be built due to name mismatches + { "foo", nullptr, false, Result::ERROR_UNKNOWN_ISSUER }, + { nullptr, "foo", false, Result::ERROR_UNKNOWN_ISSUER } +}; + +class pkixbuild_IssuerNameCheck + : public ::testing::Test + , public ::testing::WithParamInterface +{ +}; + +TEST_P(pkixbuild_IssuerNameCheck, MatchingName) +{ + const IssuerNameCheckParams& params(GetParam()); + + ByteString issuerCertDER(CreateCert(params.issuerSubjectCN, + params.issuerSubjectCN, + EndEntityOrCA::MustBeCA, nullptr)); + ASSERT_FALSE(ENCODING_FAILED(issuerCertDER)); + + ByteString subjectCertDER(CreateCert(params.subjectIssuerCN, "end-entity", + EndEntityOrCA::MustBeEndEntity, + nullptr)); + ASSERT_FALSE(ENCODING_FAILED(subjectCertDER)); + + Input subjectCertDERInput; + ASSERT_EQ(Success, subjectCertDERInput.Init(subjectCertDER.data(), + subjectCertDER.length())); + + IssuerNameCheckTrustDomain trustDomain(issuerCertDER, !params.matches); + ASSERT_EQ(params.expectedError, + BuildCertChain(trustDomain, subjectCertDERInput, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); +} + +INSTANTIATE_TEST_SUITE_P(pkixbuild_IssuerNameCheck, pkixbuild_IssuerNameCheck, + testing::ValuesIn(ISSUER_NAME_CHECK_PARAMS)); + + +// Records the embedded SCT list extension for later examination. +class EmbeddedSCTListTestTrustDomain final : public SingleRootTrustDomain +{ +public: + explicit EmbeddedSCTListTestTrustDomain(ByteString aRootDER) + : SingleRootTrustDomain(aRootDER) + { + } + + virtual void NoteAuxiliaryExtension(AuxiliaryExtension extension, + Input extensionData) override + { + if (extension == AuxiliaryExtension::EmbeddedSCTList) { + signedCertificateTimestamps = InputToByteString(extensionData); + } else { + ADD_FAILURE(); + } + } + + ByteString signedCertificateTimestamps; +}; + +TEST_F(pkixbuild, CertificateTransparencyExtension) +{ + // python security/pkix/tools/DottedOIDToCode.py --tlv + // id-embeddedSctList 1.3.6.1.4.1.11129.2.4.2 + static const uint8_t tlv_id_embeddedSctList[] = { + 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x04, 0x02 + }; + static const uint8_t dummySctList[] = { + 0x01, 0x02, 0x03, 0x04, 0x05 + }; + + ByteString ctExtension = TLV(der::SEQUENCE, + BytesToByteString(tlv_id_embeddedSctList) + + Boolean(false) + + TLV(der::OCTET_STRING, + // SignedCertificateTimestampList structure is encoded as an OCTET STRING + // within the X.509v3 extension (see RFC 6962 section 3.3). + // pkix decodes it internally and returns the actual structure. + TLV(der::OCTET_STRING, BytesToByteString(dummySctList)))); + + const char* rootCN = "Root CA"; + ByteString rootDER(CreateCert(rootCN, rootCN, EndEntityOrCA::MustBeCA)); + ASSERT_FALSE(ENCODING_FAILED(rootDER)); + + ByteString certDER(CreateCert(rootCN, "Cert with SCT list", + EndEntityOrCA::MustBeEndEntity, + nullptr, /*subjectDERToCertDER*/ + &ctExtension)); + ASSERT_FALSE(ENCODING_FAILED(certDER)); + + Input certInput; + ASSERT_EQ(Success, certInput.Init(certDER.data(), certDER.length())); + + EmbeddedSCTListTestTrustDomain extTrustDomain(rootDER); + ASSERT_EQ(Success, + BuildCertChain(extTrustDomain, certInput, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::anyExtendedKeyUsage, + CertPolicyId::anyPolicy, + nullptr /*stapledOCSPResponse*/)); + ASSERT_EQ(BytesToByteString(dummySctList), + extTrustDomain.signedCertificateTimestamps); +} + +// This TrustDomain implements a hierarchy like so: +// +// A B +// | | +// C D +// \ / +// E +// +// where A is a trust anchor, B is not a trust anchor and has no known issuer, C +// and D are intermediates with the same subject and subject public key, and E +// is an end-entity (in practice, the end-entity will be generated by the test +// functions using this trust domain). +class MultiplePathTrustDomain: public DefaultCryptoTrustDomain +{ +public: + void SetUpCerts() + { + ASSERT_FALSE(ENCODING_FAILED(CreateCert("UntrustedRoot", "UntrustedRoot", + EndEntityOrCA::MustBeCA, + &subjectDERToCertDER))); + // The subject DER -> cert DER mapping would be overwritten for subject + // "Intermediate" when we create the second "Intermediate" certificate, so + // we keep a copy of this "Intermediate". + intermediateSignedByUntrustedRootCertDER = + CreateCert("UntrustedRoot", "Intermediate", EndEntityOrCA::MustBeCA); + ASSERT_FALSE(ENCODING_FAILED(intermediateSignedByUntrustedRootCertDER)); + rootCACertDER = CreateCert("TrustedRoot", "TrustedRoot", + EndEntityOrCA::MustBeCA, &subjectDERToCertDER); + ASSERT_FALSE(ENCODING_FAILED(rootCACertDER)); + ASSERT_FALSE(ENCODING_FAILED(CreateCert("TrustedRoot", "Intermediate", + EndEntityOrCA::MustBeCA, + &subjectDERToCertDER))); + } + +private: + Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input candidateCert, + /*out*/ TrustLevel& trustLevel) override + { + trustLevel = InputEqualsByteString(candidateCert, rootCACertDER) + ? TrustLevel::TrustAnchor + : TrustLevel::InheritsTrust; + return Success; + } + + Result CheckCert(ByteString& certDER, IssuerChecker& checker, bool& keepGoing) + { + Input derCert; + Result rv = derCert.Init(certDER.data(), certDER.length()); + if (rv != Success) { + return rv; + } + return checker.Check(derCert, nullptr/*additionalNameConstraints*/, + keepGoing); + } + + Result FindIssuer(Input encodedIssuerName, IssuerChecker& checker, Time) + override + { + ByteString subjectDER(InputToByteString(encodedIssuerName)); + ByteString certDER(subjectDERToCertDER[subjectDER]); + assert(!ENCODING_FAILED(certDER)); + bool keepGoing; + Result rv = CheckCert(certDER, checker, keepGoing); + if (rv != Success) { + return rv; + } + // Also try the other intermediate. + if (keepGoing) { + rv = CheckCert(intermediateSignedByUntrustedRootCertDER, checker, + keepGoing); + if (rv != Success) { + return rv; + } + } + return Success; + } + + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + /*optional*/ const Input*, + /*optional*/ const Input*, + /*optional*/ const Input*) override + { + return Success; + } + + Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override + { + return Success; + } + + std::map subjectDERToCertDER; + ByteString rootCACertDER; + ByteString intermediateSignedByUntrustedRootCertDER; +}; + +TEST_F(pkixbuild, BadEmbeddedSCTWithMultiplePaths) +{ + MultiplePathTrustDomain localTrustDomain; + localTrustDomain.SetUpCerts(); + + // python security/pkix/tools/DottedOIDToCode.py --tlv + // id-embeddedSctList 1.3.6.1.4.1.11129.2.4.2 + static const uint8_t tlv_id_embeddedSctList[] = { + 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x04, 0x02 + }; + static const uint8_t dummySctList[] = { + 0x01, 0x02, 0x03, 0x04, 0x05 + }; + ByteString ctExtension = TLV(der::SEQUENCE, + BytesToByteString(tlv_id_embeddedSctList) + + Boolean(false) + + // The contents of the OCTET STRING are supposed to consist of an OCTET + // STRING of useful data. We're testing what happens if it isn't, so shove + // some bogus (non-OCTET STRING) data in there. + TLV(der::OCTET_STRING, BytesToByteString(dummySctList))); + ByteString certDER(CreateCert("Intermediate", "Cert with bogus SCT list", + EndEntityOrCA::MustBeEndEntity, + nullptr, /*subjectDERToCertDER*/ + &ctExtension)); + ASSERT_FALSE(ENCODING_FAILED(certDER)); + Input certDERInput; + ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length())); + ASSERT_EQ(Result::ERROR_BAD_DER, + BuildCertChain(localTrustDomain, certDERInput, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); +} + +// Same as a MultiplePathTrustDomain, but the end-entity is revoked. +class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain +{ +public: + Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time, + Duration, /*optional*/ const Input*, + /*optional*/ const Input*, /*optional*/ const Input*) override + { + if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) { + return Result::ERROR_REVOKED_CERTIFICATE; + } + return Success; + } +}; + +TEST_F(pkixbuild, RevokedEndEntityWithMultiplePaths) +{ + RevokedEndEntityTrustDomain localTrustDomain; + localTrustDomain.SetUpCerts(); + ByteString certDER(CreateCert("Intermediate", "RevokedEndEntity", + EndEntityOrCA::MustBeEndEntity)); + ASSERT_FALSE(ENCODING_FAILED(certDER)); + Input certDERInput; + ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length())); + ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, + BuildCertChain(localTrustDomain, certDERInput, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); +} + +// This represents a collection of different certificates that all have the same +// subject and issuer distinguished name. +class SelfIssuedCertificatesTrustDomain final : public DefaultCryptoTrustDomain +{ +public: + void SetUpCerts(size_t totalCerts) + { + ASSERT_TRUE(totalCerts > 0); + // First we generate a trust anchor. + ScopedTestKeyPair rootKeyPair(GenerateKeyPair()); + rootCACertDER = CreateCert("DN", "DN", EndEntityOrCA::MustBeCA, nullptr, + nullptr, rootKeyPair.get(), rootKeyPair.get()); + ASSERT_FALSE(ENCODING_FAILED(rootCACertDER)); + certs.push_back(rootCACertDER); + ScopedTestKeyPair issuerKeyPair(rootKeyPair.release()); + size_t subCAsGenerated; + // Then we generate 6 sub-CAs (given that we were requested to generate at + // least that many). + for (subCAsGenerated = 0; + subCAsGenerated < totalCerts - 1 && subCAsGenerated < 6; + subCAsGenerated++) { + // Each certificate has to have a unique SPKI (mozilla::pkix does loop + // detection and stops searching if it encounters two certificates in a + // path with the same subject and SPKI). + ScopedTestKeyPair keyPair(GenerateKeyPair()); + ByteString cert(CreateCert("DN", "DN", EndEntityOrCA::MustBeCA, nullptr, + nullptr, issuerKeyPair.get(), keyPair.get())); + ASSERT_FALSE(ENCODING_FAILED(cert)); + certs.push_back(cert); + issuerKeyPair.reset(keyPair.release()); + } + // We set firstIssuerKey here because we can't end up with a path that has + // more than 7 CAs in it (because mozilla::pkix limits the path length). + firstIssuerKey.reset(issuerKeyPair.release()); + // For any more sub CAs we generate, it doesn't matter what their keys are + // as long as they're different. + for (; subCAsGenerated < totalCerts - 1; subCAsGenerated++) { + ScopedTestKeyPair keyPair(GenerateKeyPair()); + ByteString cert(CreateCert("DN", "DN", EndEntityOrCA::MustBeCA, nullptr, + nullptr, keyPair.get(), keyPair.get())); + ASSERT_FALSE(ENCODING_FAILED(cert)); + certs.insert(certs.begin(), cert); + } + } + + const TestKeyPair* GetFirstIssuerKey() + { + return firstIssuerKey.get(); + } + +private: + Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input candidateCert, + /*out*/ TrustLevel& trustLevel) override + { + trustLevel = InputEqualsByteString(candidateCert, rootCACertDER) + ? TrustLevel::TrustAnchor + : TrustLevel::InheritsTrust; + return Success; + } + + Result FindIssuer(Input, IssuerChecker& checker, Time) override + { + bool keepGoing; + for (auto& cert: certs) { + Input certInput; + Result rv = certInput.Init(cert.data(), cert.length()); + if (rv != Success) { + return rv; + } + rv = checker.Check(certInput, nullptr, keepGoing); + if (rv != Success || !keepGoing) { + return rv; + } + } + return Success; + } + + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + /*optional*/ const Input*, /*optional*/ const Input*, + /*optional*/ const Input*) + override + { + return Success; + } + + Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override + { + return Success; + } + + std::vector certs; + ByteString rootCACertDER; + ScopedTestKeyPair firstIssuerKey; +}; + +TEST_F(pkixbuild, AvoidUnboundedPathSearchingFailure) +{ + SelfIssuedCertificatesTrustDomain localTrustDomain; + // This creates a few hundred million potential paths of length 8 (end entity + // + 6 sub-CAs + root). It would be prohibitively expensive to enumerate all + // of these, so we give mozilla::pkix a budget that is spent when searching + // paths. If the budget is exhausted, it simply returns an unknown issuer + // error. In the future it might be nice to return a specific error that would + // give the front-end a hint that maybe it shouldn't have so many certificates + // that all have the same subject and issuer DN but different SPKIs. + localTrustDomain.SetUpCerts(18); + ByteString certDER(CreateCert("DN", "DN", EndEntityOrCA::MustBeEndEntity, + nullptr, nullptr, + localTrustDomain.GetFirstIssuerKey())); + ASSERT_FALSE(ENCODING_FAILED(certDER)); + Input certDERInput; + ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length())); + ASSERT_EQ(Result::ERROR_UNKNOWN_ISSUER, + BuildCertChain(localTrustDomain, certDERInput, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); +} + +TEST_F(pkixbuild, AvoidUnboundedPathSearchingSuccess) +{ + SelfIssuedCertificatesTrustDomain localTrustDomain; + // This creates a few hundred thousand possible potential paths of length 8 + // (end entity + 6 sub-CAs + root). This will nearly exhaust mozilla::pkix's + // search budget, so this should succeed. + localTrustDomain.SetUpCerts(10); + ByteString certDER(CreateCert("DN", "DN", EndEntityOrCA::MustBeEndEntity, + nullptr, nullptr, + localTrustDomain.GetFirstIssuerKey())); + ASSERT_FALSE(ENCODING_FAILED(certDER)); + Input certDERInput; + ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length())); + ASSERT_EQ(Success, + BuildCertChain(localTrustDomain, certDERInput, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_serverAuth, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/)); +} -- cgit v1.2.3