1 // Copyright 2016 The Chromium Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #include "path_builder.h" 16 17 #include <cstdint> 18 19 #include <openssl/pool.h> 20 #include "cert_issuer_source_static.h" 21 #include "common_cert_errors.h" 22 #include "crl.h" 23 #include "encode_values.h" 24 #include "input.h" 25 #include "parse_certificate.h" 26 #include "parsed_certificate.h" 27 #include "simple_path_builder_delegate.h" 28 #include "trust_store_in_memory.h" 29 #include "verify_certificate_chain.h" 30 31 #include "nist_pkits_unittest.h" 32 33 constexpr int64_t kOneYear = 60 * 60 * 24 * 365; 34 35 BSSL_NAMESPACE_BEGIN 36 37 namespace { 38 39 class CrlCheckingPathBuilderDelegate : public SimplePathBuilderDelegate { 40 public: CrlCheckingPathBuilderDelegate(const std::vector<std::string> & der_crls,int64_t verify_time,int64_t max_age,size_t min_rsa_modulus_length_bits,DigestPolicy digest_policy)41 CrlCheckingPathBuilderDelegate(const std::vector<std::string> &der_crls, 42 int64_t verify_time, int64_t max_age, 43 size_t min_rsa_modulus_length_bits, 44 DigestPolicy digest_policy) 45 : SimplePathBuilderDelegate(min_rsa_modulus_length_bits, digest_policy), 46 der_crls_(der_crls), 47 verify_time_(verify_time), 48 max_age_(max_age) {} 49 CheckPathAfterVerification(const CertPathBuilder & path_builder,CertPathBuilderResultPath * path)50 void CheckPathAfterVerification(const CertPathBuilder &path_builder, 51 CertPathBuilderResultPath *path) override { 52 SimplePathBuilderDelegate::CheckPathAfterVerification(path_builder, path); 53 54 if (!path->IsValid()) { 55 return; 56 } 57 58 // It would be preferable if this test could use 59 // CheckValidatedChainRevocation somehow, but that only supports getting 60 // CRLs by http distributionPoints. So this just settles for writing a 61 // little bit of wrapper code to test CheckCRL directly. 62 const ParsedCertificateList &certs = path->certs; 63 for (size_t reverse_i = 0; reverse_i < certs.size(); ++reverse_i) { 64 size_t i = certs.size() - reverse_i - 1; 65 66 // Trust anchors bypass OCSP/CRL revocation checks. (The only way to 67 // revoke trust anchors is via CRLSet or the built-in SPKI block list). 68 if (reverse_i == 0 && path->last_cert_trust.IsTrustAnchor()) { 69 continue; 70 } 71 72 // RFC 5280 6.3.3. [If the CRL was not specified in a distribution 73 // point], assume a DP with both the reasons and the 74 // cRLIssuer fields omitted and a distribution point 75 // name of the certificate issuer. 76 // Since this implementation only supports URI names in distribution 77 // points, this means a default-initialized ParsedDistributionPoint is 78 // sufficient. 79 ParsedDistributionPoint fake_cert_dp; 80 const ParsedDistributionPoint *cert_dp = &fake_cert_dp; 81 82 // If the target cert does have a distribution point, use it. 83 std::vector<ParsedDistributionPoint> distribution_points; 84 ParsedExtension crl_dp_extension; 85 if (certs[i]->GetExtension(der::Input(kCrlDistributionPointsOid), 86 &crl_dp_extension)) { 87 ASSERT_TRUE(ParseCrlDistributionPoints(crl_dp_extension.value, 88 &distribution_points)); 89 // TODO(mattm): some test cases (some of the 4.14.* onlySomeReasons 90 // tests)) have two CRLs and two distribution points, one point 91 // corresponding to each CRL. Should select the matching point for 92 // each CRL. (Doesn't matter currently since we don't support 93 // reasons.) 94 95 // Look for a DistributionPoint without reasons. 96 for (const auto &dp : distribution_points) { 97 if (!dp.reasons) { 98 cert_dp = &dp; 99 break; 100 } 101 } 102 // If there were only DistributionPoints with reasons, just use the 103 // first one. 104 if (cert_dp == &fake_cert_dp && !distribution_points.empty()) { 105 cert_dp = &distribution_points[0]; 106 } 107 } 108 109 bool cert_good = false; 110 111 for (const auto &der_crl : der_crls_) { 112 CRLRevocationStatus crl_status = 113 CheckCRL(der_crl, certs, i, *cert_dp, verify_time_, max_age_); 114 if (crl_status == CRLRevocationStatus::REVOKED) { 115 path->errors.GetErrorsForCert(i)->AddError( 116 cert_errors::kCertificateRevoked); 117 return; 118 } 119 if (crl_status == CRLRevocationStatus::GOOD) { 120 cert_good = true; 121 break; 122 } 123 } 124 if (!cert_good) { 125 // PKITS tests assume hard-fail revocation checking. 126 // From PKITS 4.4: "When running the tests in this section, the 127 // application should be configured in such a way that the 128 // certification path is not accepted unless valid, up-to-date 129 // revocation data is available for every certificate in the path." 130 path->errors.GetErrorsForCert(i)->AddError( 131 cert_errors::kUnableToCheckRevocation); 132 } 133 } 134 } 135 136 private: 137 std::vector<std::string> der_crls_; 138 int64_t verify_time_; 139 int64_t max_age_; 140 }; 141 142 class PathBuilderPkitsTestDelegate { 143 public: RunTest(std::vector<std::string> cert_ders,std::vector<std::string> crl_ders,const PkitsTestInfo & orig_info)144 static void RunTest(std::vector<std::string> cert_ders, 145 std::vector<std::string> crl_ders, 146 const PkitsTestInfo &orig_info) { 147 PkitsTestInfo info = orig_info; 148 149 ASSERT_FALSE(cert_ders.empty()); 150 ParsedCertificateList certs; 151 for (const std::string &der : cert_ders) { 152 CertErrors errors; 153 ASSERT_TRUE(ParsedCertificate::CreateAndAddToVector( 154 bssl::UniquePtr<CRYPTO_BUFFER>( 155 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t *>(der.data()), 156 der.size(), nullptr)), 157 {}, &certs, &errors)) 158 << errors.ToDebugString(); 159 } 160 // First entry in the PKITS chain is the trust anchor. 161 // TODO(mattm): test with all possible trust anchors in the trust store? 162 TrustStoreInMemory trust_store; 163 164 trust_store.AddTrustAnchor(certs[0]); 165 166 // TODO(mattm): test with other irrelevant certs in cert_issuer_sources? 167 CertIssuerSourceStatic cert_issuer_source; 168 for (size_t i = 1; i < cert_ders.size() - 1; ++i) { 169 cert_issuer_source.AddCert(certs[i]); 170 } 171 172 std::shared_ptr<const ParsedCertificate> target_cert(certs.back()); 173 174 int64_t verify_time; 175 ASSERT_TRUE(der::GeneralizedTimeToPosixTime(info.time, &verify_time)); 176 CrlCheckingPathBuilderDelegate path_builder_delegate( 177 crl_ders, verify_time, /*max_age=*/kOneYear * 2, 1024, 178 SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); 179 180 std::string_view test_number = info.test_number; 181 if (test_number == "4.4.19" || test_number == "4.5.3" || 182 test_number == "4.5.4" || test_number == "4.5.6") { 183 // 4.4.19 - fails since CRL is signed by a certificate that is not part 184 // of the verified chain, which is not supported. 185 // 4.5.3 - fails since non-URI distribution point names are not supported 186 // 4.5.4, 4.5.6 - fails since CRL is signed by a certificate that is not 187 // part of verified chain, and also non-URI distribution 188 // point names not supported 189 info.should_validate = false; 190 } else if (test_number == "4.14.1" || test_number == "4.14.4" || 191 test_number == "4.14.5" || test_number == "4.14.7" || 192 test_number == "4.14.18" || test_number == "4.14.19" || 193 test_number == "4.14.22" || test_number == "4.14.24" || 194 test_number == "4.14.25" || test_number == "4.14.28" || 195 test_number == "4.14.29" || test_number == "4.14.30" || 196 test_number == "4.14.33") { 197 // 4.14 tests: 198 // .1 - fails since non-URI distribution point names not supported 199 // .2, .3 - fails since non-URI distribution point names not supported 200 // (but test is expected to fail for other reason) 201 // .4, .5 - fails since non-URI distribution point names not supported, 202 // also uses nameRelativeToCRLIssuer which is not supported 203 // .6 - fails since non-URI distribution point names not supported, also 204 // uses nameRelativeToCRLIssuer which is not supported (but test is 205 // expected to fail for other reason) 206 // .7 - fails since relative distributionPointName not supported 207 // .8, .9 - fails since relative distributionPointName not supported (but 208 // test is expected to fail for other reason) 209 // .10, .11, .12, .13, .14, .27, .35 - PASS 210 // .15, .16, .17, .20, .21 - fails since onlySomeReasons is not supported 211 // (but test is expected to fail for other 212 // reason) 213 // .18, .19 - fails since onlySomeReasons is not supported 214 // .22, .24, .25, .28, .29, .30, .33 - fails since indirect CRLs are not 215 // supported 216 // .23, .26, .31, .32, .34 - fails since indirect CRLs are not supported 217 // (but test is expected to fail for other 218 // reason) 219 info.should_validate = false; 220 } else if (test_number == "4.15.1" || test_number == "4.15.5") { 221 // 4.15 tests: 222 // .1 - fails due to unhandled critical deltaCRLIndicator extension 223 // .2, .3, .6, .7, .8, .9, .10 - PASS since expected cert status is 224 // reflected in base CRL and delta CRL is 225 // ignored 226 // .5 - fails, cert status is "on hold" in base CRL but the delta CRL 227 // which removes the cert from CRL is ignored 228 info.should_validate = false; 229 } else if (test_number == "4.15.4") { 230 // 4.15.4 - Invalid delta-CRL Test4 has the target cert marked revoked in 231 // a delta-CRL. Since delta-CRLs are not supported, the chain validates 232 // successfully. 233 info.should_validate = true; 234 } 235 236 CertPathBuilder path_builder( 237 std::move(target_cert), &trust_store, &path_builder_delegate, info.time, 238 KeyPurpose::ANY_EKU, info.initial_explicit_policy, 239 info.initial_policy_set, info.initial_policy_mapping_inhibit, 240 info.initial_inhibit_any_policy); 241 path_builder.AddCertIssuerSource(&cert_issuer_source); 242 243 CertPathBuilder::Result result = path_builder.Run(); 244 245 if (info.should_validate != result.HasValidPath()) { 246 testing::Message msg; 247 for (size_t i = 0; i < result.paths.size(); ++i) { 248 const bssl::CertPathBuilderResultPath *result_path = 249 result.paths[i].get(); 250 msg << "path " << i << " errors:\n" 251 << result_path->errors.ToDebugString(result_path->certs) << "\n"; 252 } 253 ASSERT_EQ(info.should_validate, result.HasValidPath()) << msg; 254 } 255 256 if (result.HasValidPath()) { 257 EXPECT_EQ(info.user_constrained_policy_set, 258 result.GetBestValidPath()->user_constrained_policy_set); 259 } 260 } 261 }; 262 263 } // namespace 264 265 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest01SignatureVerification, 266 PathBuilderPkitsTestDelegate); 267 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest02ValidityPeriods, 268 PathBuilderPkitsTestDelegate); 269 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest03VerifyingNameChaining, 270 PathBuilderPkitsTestDelegate); 271 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, 272 PkitsTest04BasicCertificateRevocationTests, 273 PathBuilderPkitsTestDelegate); 274 INSTANTIATE_TYPED_TEST_SUITE_P( 275 PathBuilder, PkitsTest05VerifyingPathswithSelfIssuedCertificates, 276 PathBuilderPkitsTestDelegate); 277 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, 278 PkitsTest06VerifyingBasicConstraints, 279 PathBuilderPkitsTestDelegate); 280 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest07KeyUsage, 281 PathBuilderPkitsTestDelegate); 282 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest08CertificatePolicies, 283 PathBuilderPkitsTestDelegate); 284 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest09RequireExplicitPolicy, 285 PathBuilderPkitsTestDelegate); 286 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest10PolicyMappings, 287 PathBuilderPkitsTestDelegate); 288 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest11InhibitPolicyMapping, 289 PathBuilderPkitsTestDelegate); 290 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest12InhibitAnyPolicy, 291 PathBuilderPkitsTestDelegate); 292 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest13NameConstraints, 293 PathBuilderPkitsTestDelegate); 294 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest14DistributionPoints, 295 PathBuilderPkitsTestDelegate); 296 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest15DeltaCRLs, 297 PathBuilderPkitsTestDelegate); 298 INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, 299 PkitsTest16PrivateCertificateExtensions, 300 PathBuilderPkitsTestDelegate); 301 302 BSSL_NAMESPACE_END 303