security/certverifier/CertVerifier.cpp@6474c204b198 (annotated)
security/certverifier/CertVerifier.cpp
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
| michael@0 | 2 | /* vim: set ts=8 sts=2 et sw=2 tw=80: */ |
| michael@0 | 3 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 4 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 5 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 6 | |
| michael@0 | 7 | #include "CertVerifier.h" |
| michael@0 | 8 | |
| michael@0 | 9 | #include <stdint.h> |
| michael@0 | 10 | |
| michael@0 | 11 | #include "pkix/pkix.h" |
| michael@0 | 12 | #include "ExtendedValidation.h" |
| michael@0 | 13 | #include "NSSCertDBTrustDomain.h" |
| michael@0 | 14 | #include "PublicKeyPinningService.h" |
| michael@0 | 15 | #include "cert.h" |
| michael@0 | 16 | #include "ocsp.h" |
| michael@0 | 17 | #include "secerr.h" |
| michael@0 | 18 | #include "pk11pub.h" |
| michael@0 | 19 | #include "prerror.h" |
| michael@0 | 20 | #include "sslerr.h" |
| michael@0 | 21 | |
| michael@0 | 22 | // ScopedXXX in this file are mozilla::pkix::ScopedXXX, not |
| michael@0 | 23 | // mozilla::ScopedXXX. |
| michael@0 | 24 | using namespace mozilla::pkix; |
| michael@0 | 25 | using namespace mozilla::psm; |
| michael@0 | 26 | |
| michael@0 | 27 | #ifdef PR_LOGGING |
| michael@0 | 28 | PRLogModuleInfo* gCertVerifierLog = nullptr; |
| michael@0 | 29 | #endif |
| michael@0 | 30 | |
| michael@0 | 31 | namespace mozilla { namespace psm { |
| michael@0 | 32 | |
| michael@0 | 33 | const CertVerifier::Flags CertVerifier::FLAG_LOCAL_ONLY = 1; |
| michael@0 | 34 | const CertVerifier::Flags CertVerifier::FLAG_MUST_BE_EV = 2; |
| michael@0 | 35 | |
| michael@0 | 36 | CertVerifier::CertVerifier(implementation_config ic, |
| michael@0 | 37 | #ifndef NSS_NO_LIBPKIX |
| michael@0 | 38 | missing_cert_download_config mcdc, |
| michael@0 | 39 | crl_download_config cdc, |
| michael@0 | 40 | #endif |
| michael@0 | 41 | ocsp_download_config odc, |
| michael@0 | 42 | ocsp_strict_config osc, |
| michael@0 | 43 | ocsp_get_config ogc, |
| michael@0 | 44 | pinning_enforcement_config pel) |
| michael@0 | 45 | : mImplementation(ic) |
| michael@0 | 46 | #ifndef NSS_NO_LIBPKIX |
| michael@0 | 47 | , mMissingCertDownloadEnabled(mcdc == missing_cert_download_on) |
| michael@0 | 48 | , mCRLDownloadEnabled(cdc == crl_download_allowed) |
| michael@0 | 49 | #endif |
| michael@0 | 50 | , mOCSPDownloadEnabled(odc == ocsp_on) |
| michael@0 | 51 | , mOCSPStrict(osc == ocsp_strict) |
| michael@0 | 52 | , mOCSPGETEnabled(ogc == ocsp_get_enabled) |
| michael@0 | 53 | , mPinningEnforcementLevel(pel) |
| michael@0 | 54 | { |
| michael@0 | 55 | } |
| michael@0 | 56 | |
| michael@0 | 57 | CertVerifier::~CertVerifier() |
| michael@0 | 58 | { |
| michael@0 | 59 | } |
| michael@0 | 60 | |
| michael@0 | 61 | void |
| michael@0 | 62 | InitCertVerifierLog() |
| michael@0 | 63 | { |
| michael@0 | 64 | #ifdef PR_LOGGING |
| michael@0 | 65 | if (!gCertVerifierLog) { |
| michael@0 | 66 | gCertVerifierLog = PR_NewLogModule("certverifier"); |
| michael@0 | 67 | } |
| michael@0 | 68 | #endif |
| michael@0 | 69 | } |
| michael@0 | 70 | |
| michael@0 | 71 | // Once we migrate to mozilla::pkix or change the overridable error |
| michael@0 | 72 | // logic this will become unnecesary. |
| michael@0 | 73 | static SECStatus |
| michael@0 | 74 | insertErrorIntoVerifyLog(CERTCertificate* cert, const PRErrorCode err, |
| michael@0 | 75 | CERTVerifyLog* verifyLog){ |
| michael@0 | 76 | CERTVerifyLogNode* node; |
| michael@0 | 77 | node = (CERTVerifyLogNode *)PORT_ArenaAlloc(verifyLog->arena, |
| michael@0 | 78 | sizeof(CERTVerifyLogNode)); |
| michael@0 | 79 | if (!node) { |
| michael@0 | 80 | PR_SetError(PR_UNKNOWN_ERROR, 0); |
| michael@0 | 81 | return SECFailure; |
| michael@0 | 82 | } |
| michael@0 | 83 | node->cert = CERT_DupCertificate(cert); |
| michael@0 | 84 | node->error = err; |
| michael@0 | 85 | node->depth = 0; |
| michael@0 | 86 | node->arg = nullptr; |
| michael@0 | 87 | //and at to head! |
| michael@0 | 88 | node->prev = nullptr; |
| michael@0 | 89 | node->next = verifyLog->head; |
| michael@0 | 90 | if (verifyLog->head) { |
| michael@0 | 91 | verifyLog->head->prev = node; |
| michael@0 | 92 | } |
| michael@0 | 93 | verifyLog->head = node; |
| michael@0 | 94 | if (!verifyLog->tail) { |
| michael@0 | 95 | verifyLog->tail = node; |
| michael@0 | 96 | } |
| michael@0 | 97 | verifyLog->count++; |
| michael@0 | 98 | |
| michael@0 | 99 | return SECSuccess; |
| michael@0 | 100 | } |
| michael@0 | 101 | |
| michael@0 | 102 | SECStatus |
| michael@0 | 103 | IsCertBuiltInRoot(CERTCertificate* cert, bool& result) { |
| michael@0 | 104 | result = false; |
| michael@0 | 105 | ScopedPtr<PK11SlotList, PK11_FreeSlotList> slots; |
| michael@0 | 106 | slots = PK11_GetAllSlotsForCert(cert, nullptr); |
| michael@0 | 107 | if (!slots) { |
| michael@0 | 108 | if (PORT_GetError() == SEC_ERROR_NO_TOKEN) { |
| michael@0 | 109 | // no list |
| michael@0 | 110 | return SECSuccess; |
| michael@0 | 111 | } |
| michael@0 | 112 | return SECFailure; |
| michael@0 | 113 | } |
| michael@0 | 114 | for (PK11SlotListElement* le = slots->head; le; le = le->next) { |
| michael@0 | 115 | char* token = PK11_GetTokenName(le->slot); |
| michael@0 | 116 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, |
| michael@0 | 117 | ("BuiltInRoot? subject=%s token=%s",cert->subjectName, token)); |
| michael@0 | 118 | if (strcmp("Builtin Object Token", token) == 0) { |
| michael@0 | 119 | result = true; |
| michael@0 | 120 | return SECSuccess; |
| michael@0 | 121 | } |
| michael@0 | 122 | } |
| michael@0 | 123 | return SECSuccess; |
| michael@0 | 124 | } |
| michael@0 | 125 | |
| michael@0 | 126 | struct ChainValidationCallbackState |
| michael@0 | 127 | { |
| michael@0 | 128 | const char* hostname; |
| michael@0 | 129 | const CertVerifier::pinning_enforcement_config pinningEnforcementLevel; |
| michael@0 | 130 | const SECCertificateUsage usage; |
| michael@0 | 131 | const PRTime time; |
| michael@0 | 132 | }; |
| michael@0 | 133 | |
| michael@0 | 134 | SECStatus chainValidationCallback(void* state, const CERTCertList* certList, |
| michael@0 | 135 | PRBool* chainOK) |
| michael@0 | 136 | { |
| michael@0 | 137 | ChainValidationCallbackState* callbackState = |
| michael@0 | 138 | reinterpret_cast<ChainValidationCallbackState*>(state); |
| michael@0 | 139 | |
| michael@0 | 140 | *chainOK = PR_FALSE; |
| michael@0 | 141 | |
| michael@0 | 142 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, |
| michael@0 | 143 | ("verifycert: Inside the Callback \n")); |
| michael@0 | 144 | |
| michael@0 | 145 | // On sanity failure we fail closed. |
| michael@0 | 146 | if (!certList) { |
| michael@0 | 147 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, |
| michael@0 | 148 | ("verifycert: Short circuit, callback, sanity check failed \n")); |
| michael@0 | 149 | PR_SetError(PR_INVALID_STATE_ERROR, 0); |
| michael@0 | 150 | return SECFailure; |
| michael@0 | 151 | } |
| michael@0 | 152 | if (!callbackState) { |
| michael@0 | 153 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, |
| michael@0 | 154 | ("verifycert: Short circuit, callback, no state! \n")); |
| michael@0 | 155 | PR_SetError(PR_INVALID_STATE_ERROR, 0); |
| michael@0 | 156 | return SECFailure; |
| michael@0 | 157 | } |
| michael@0 | 158 | |
| michael@0 | 159 | if (callbackState->usage != certificateUsageSSLServer || |
| michael@0 | 160 | callbackState->pinningEnforcementLevel == CertVerifier::pinningDisabled) { |
| michael@0 | 161 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, |
| michael@0 | 162 | ("verifycert: Callback shortcut pel=%d \n", |
| michael@0 | 163 | callbackState->pinningEnforcementLevel)); |
| michael@0 | 164 | *chainOK = PR_TRUE; |
| michael@0 | 165 | return SECSuccess; |
| michael@0 | 166 | } |
| michael@0 | 167 | |
| michael@0 | 168 | for (CERTCertListNode* node = CERT_LIST_HEAD(certList); |
| michael@0 | 169 | !CERT_LIST_END(node, certList); |
| michael@0 | 170 | node = CERT_LIST_NEXT(node)) { |
| michael@0 | 171 | CERTCertificate* currentCert = node->cert; |
| michael@0 | 172 | if (CERT_LIST_END(CERT_LIST_NEXT(node), certList)) { |
| michael@0 | 173 | bool isBuiltInRoot = false; |
| michael@0 | 174 | SECStatus srv = IsCertBuiltInRoot(currentCert, isBuiltInRoot); |
| michael@0 | 175 | if (srv != SECSuccess) { |
| michael@0 | 176 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("Is BuiltInRoot failure")); |
| michael@0 | 177 | return srv; |
| michael@0 | 178 | } |
| michael@0 | 179 | // If desired, the user can enable "allow user CA MITM mode", in which |
| michael@0 | 180 | // case key pinning is not enforced for certificates that chain to trust |
| michael@0 | 181 | // anchors that are not in Mozilla's root program |
| michael@0 | 182 | if (!isBuiltInRoot && |
| michael@0 | 183 | (callbackState->pinningEnforcementLevel == |
| michael@0 | 184 | CertVerifier::pinningAllowUserCAMITM)) { |
| michael@0 | 185 | *chainOK = PR_TRUE; |
| michael@0 | 186 | return SECSuccess; |
| michael@0 | 187 | } |
| michael@0 | 188 | } |
| michael@0 | 189 | } |
| michael@0 | 190 | |
| michael@0 | 191 | const bool enforceTestMode = (callbackState->pinningEnforcementLevel == |
| michael@0 | 192 | CertVerifier::pinningEnforceTestMode); |
| michael@0 | 193 | *chainOK = PublicKeyPinningService:: |
| michael@0 | 194 | ChainHasValidPins(certList, callbackState->hostname, callbackState->time, |
| michael@0 | 195 | enforceTestMode); |
| michael@0 | 196 | |
| michael@0 | 197 | return SECSuccess; |
| michael@0 | 198 | } |
| michael@0 | 199 | |
| michael@0 | 200 | // This always returns secfailure but its objective is to replate |
| michael@0 | 201 | // the PR_Error |
| michael@0 | 202 | static void |
| michael@0 | 203 | tryWorsenPRErrorInCallback(CERTCertificate* cert, |
| michael@0 | 204 | ChainValidationCallbackState* callbackState) { |
| michael@0 | 205 | ScopedCERTCertificate certCopy(CERT_DupCertificate(cert)); |
| michael@0 | 206 | if (!certCopy) { |
| michael@0 | 207 | return; |
| michael@0 | 208 | } |
| michael@0 | 209 | ScopedCERTCertList certList(CERT_NewCertList()); |
| michael@0 | 210 | if (!certList) { |
| michael@0 | 211 | return; |
| michael@0 | 212 | } |
| michael@0 | 213 | SECStatus srv = CERT_AddCertToListTail(certList.get(), certCopy.get()); |
| michael@0 | 214 | if (srv != SECSuccess) { |
| michael@0 | 215 | return; |
| michael@0 | 216 | } |
| michael@0 | 217 | certCopy.release(); // now owned by certList |
| michael@0 | 218 | PRBool chainOK = false; |
| michael@0 | 219 | srv = chainValidationCallback(&callbackState, certList.get(), &chainOK); |
| michael@0 | 220 | if (srv != SECSuccess) { |
| michael@0 | 221 | return; |
| michael@0 | 222 | } |
| michael@0 | 223 | if (!chainOK) { |
| michael@0 | 224 | PR_SetError(SEC_ERROR_APPLICATION_CALLBACK_ERROR, 0); // same as libpkix |
| michael@0 | 225 | return ; |
| michael@0 | 226 | } |
| michael@0 | 227 | return; // no change in PR_error |
| michael@0 | 228 | } |
| michael@0 | 229 | |
| michael@0 | 230 | static SECStatus |
| michael@0 | 231 | ClassicVerifyCert(CERTCertificate* cert, |
| michael@0 | 232 | const SECCertificateUsage usage, |
| michael@0 | 233 | const PRTime time, |
| michael@0 | 234 | void* pinArg, |
| michael@0 | 235 | ChainValidationCallbackState* callbackState, |
| michael@0 | 236 | /*optional out*/ ScopedCERTCertList* validationChain, |
| michael@0 | 237 | /*optional out*/ CERTVerifyLog* verifyLog) |
| michael@0 | 238 | { |
| michael@0 | 239 | SECStatus rv; |
| michael@0 | 240 | SECCertUsage enumUsage; |
| michael@0 | 241 | switch (usage) { |
| michael@0 | 242 | case certificateUsageSSLClient: |
| michael@0 | 243 | enumUsage = certUsageSSLClient; |
| michael@0 | 244 | break; |
| michael@0 | 245 | case certificateUsageSSLServer: |
| michael@0 | 246 | enumUsage = certUsageSSLServer; |
| michael@0 | 247 | break; |
| michael@0 | 248 | case certificateUsageSSLCA: |
| michael@0 | 249 | enumUsage = certUsageSSLCA; |
| michael@0 | 250 | break; |
| michael@0 | 251 | case certificateUsageEmailSigner: |
| michael@0 | 252 | enumUsage = certUsageEmailSigner; |
| michael@0 | 253 | break; |
| michael@0 | 254 | case certificateUsageEmailRecipient: |
| michael@0 | 255 | enumUsage = certUsageEmailRecipient; |
| michael@0 | 256 | break; |
| michael@0 | 257 | case certificateUsageObjectSigner: |
| michael@0 | 258 | enumUsage = certUsageObjectSigner; |
| michael@0 | 259 | break; |
| michael@0 | 260 | case certificateUsageVerifyCA: |
| michael@0 | 261 | enumUsage = certUsageVerifyCA; |
| michael@0 | 262 | break; |
| michael@0 | 263 | case certificateUsageStatusResponder: |
| michael@0 | 264 | enumUsage = certUsageStatusResponder; |
| michael@0 | 265 | break; |
| michael@0 | 266 | default: |
| michael@0 | 267 | PR_NOT_REACHED("unexpected usage"); |
| michael@0 | 268 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| michael@0 | 269 | return SECFailure; |
| michael@0 | 270 | } |
| michael@0 | 271 | if (usage == certificateUsageSSLServer) { |
| michael@0 | 272 | // SSL server cert verification has always used CERT_VerifyCert, so we |
| michael@0 | 273 | // continue to use it for SSL cert verification to minimize the risk of |
| michael@0 | 274 | // there being any differnce in results between CERT_VerifyCert and |
| michael@0 | 275 | // CERT_VerifyCertificate. |
| michael@0 | 276 | rv = CERT_VerifyCert(CERT_GetDefaultCertDB(), cert, true, |
| michael@0 | 277 | certUsageSSLServer, time, pinArg, verifyLog); |
| michael@0 | 278 | } else { |
| michael@0 | 279 | rv = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), cert, true, |
| michael@0 | 280 | usage, time, pinArg, verifyLog, nullptr); |
| michael@0 | 281 | } |
| michael@0 | 282 | |
| michael@0 | 283 | if (rv == SECSuccess && |
| michael@0 | 284 | (validationChain || usage == certificateUsageSSLServer)) { |
| michael@0 | 285 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, |
| michael@0 | 286 | ("VerifyCert: getting chain in 'classic' \n")); |
| michael@0 | 287 | ScopedCERTCertList certChain(CERT_GetCertChainFromCert(cert, time, |
| michael@0 | 288 | enumUsage)); |
| michael@0 | 289 | if (!certChain) { |
| michael@0 | 290 | return SECFailure; |
| michael@0 | 291 | } |
| michael@0 | 292 | if (usage == certificateUsageSSLServer) { |
| michael@0 | 293 | PRBool chainOK = PR_FALSE; |
| michael@0 | 294 | SECStatus srv = chainValidationCallback(callbackState, certChain.get(), |
| michael@0 | 295 | &chainOK); |
| michael@0 | 296 | if (srv != SECSuccess) { |
| michael@0 | 297 | return srv; |
| michael@0 | 298 | } |
| michael@0 | 299 | if (chainOK != PR_TRUE) { |
| michael@0 | 300 | if (verifyLog) { |
| michael@0 | 301 | insertErrorIntoVerifyLog(cert, |
| michael@0 | 302 | SEC_ERROR_APPLICATION_CALLBACK_ERROR, |
| michael@0 | 303 | verifyLog); |
| michael@0 | 304 | } |
| michael@0 | 305 | PR_SetError(SEC_ERROR_APPLICATION_CALLBACK_ERROR, 0); // same as libpkix |
| michael@0 | 306 | return SECFailure; |
| michael@0 | 307 | } |
| michael@0 | 308 | } |
| michael@0 | 309 | |
| michael@0 | 310 | // If there is an error we may need to worsen to error to be a pinning failure |
| michael@0 | 311 | if (rv != SECSuccess && usage == certificateUsageSSLServer) { |
| michael@0 | 312 | tryWorsenPRErrorInCallback(cert, callbackState); |
| michael@0 | 313 | } |
| michael@0 | 314 | |
| michael@0 | 315 | if (rv == SECSuccess && validationChain) { |
| michael@0 | 316 | *validationChain = certChain.release(); |
| michael@0 | 317 | } |
| michael@0 | 318 | } |
| michael@0 | 319 | |
| michael@0 | 320 | return rv; |
| michael@0 | 321 | } |
| michael@0 | 322 | |
| michael@0 | 323 | #ifndef NSS_NO_LIBPKIX |
| michael@0 | 324 | static void |
| michael@0 | 325 | destroyCertListThatShouldNotExist(CERTCertList** certChain) |
| michael@0 | 326 | { |
| michael@0 | 327 | PR_ASSERT(certChain); |
| michael@0 | 328 | PR_ASSERT(!*certChain); |
| michael@0 | 329 | if (certChain && *certChain) { |
| michael@0 | 330 | // There SHOULD not be a validation chain on failure, asserion here for |
| michael@0 | 331 | // the debug builds AND a fallback for production builds |
| michael@0 | 332 | CERT_DestroyCertList(*certChain); |
| michael@0 | 333 | *certChain = nullptr; |
| michael@0 | 334 | } |
| michael@0 | 335 | } |
| michael@0 | 336 | #endif |
| michael@0 | 337 | |
| michael@0 | 338 | static SECStatus |
| michael@0 | 339 | BuildCertChainForOneKeyUsage(TrustDomain& trustDomain, CERTCertificate* cert, |
| michael@0 | 340 | PRTime time, KeyUsage ku1, KeyUsage ku2, |
| michael@0 | 341 | KeyUsage ku3, SECOidTag eku, |
| michael@0 | 342 | SECOidTag requiredPolicy, |
| michael@0 | 343 | const SECItem* stapledOCSPResponse, |
| michael@0 | 344 | ScopedCERTCertList& builtChain) |
| michael@0 | 345 | { |
| michael@0 | 346 | SECStatus rv = BuildCertChain(trustDomain, cert, time, MustBeEndEntity, |
| michael@0 | 347 | ku1, eku, requiredPolicy, stapledOCSPResponse, |
| michael@0 | 348 | builtChain); |
| michael@0 | 349 | if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INADEQUATE_KEY_USAGE) { |
| michael@0 | 350 | rv = BuildCertChain(trustDomain, cert, time, MustBeEndEntity, |
| michael@0 | 351 | ku2, eku, requiredPolicy, stapledOCSPResponse, |
| michael@0 | 352 | builtChain); |
| michael@0 | 353 | if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INADEQUATE_KEY_USAGE) { |
| michael@0 | 354 | rv = BuildCertChain(trustDomain, cert, time, MustBeEndEntity, |
| michael@0 | 355 | ku3, eku, requiredPolicy, stapledOCSPResponse, |
| michael@0 | 356 | builtChain); |
| michael@0 | 357 | if (rv != SECSuccess) { |
| michael@0 | 358 | PR_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE, 0); |
| michael@0 | 359 | } |
| michael@0 | 360 | } |
| michael@0 | 361 | } |
| michael@0 | 362 | return rv; |
| michael@0 | 363 | } |
| michael@0 | 364 | |
| michael@0 | 365 | SECStatus |
| michael@0 | 366 | CertVerifier::MozillaPKIXVerifyCert( |
| michael@0 | 367 | CERTCertificate* cert, |
| michael@0 | 368 | const SECCertificateUsage usage, |
| michael@0 | 369 | const PRTime time, |
| michael@0 | 370 | void* pinArg, |
| michael@0 | 371 | const Flags flags, |
| michael@0 | 372 | ChainValidationCallbackState* callbackState, |
| michael@0 | 373 | /*optional*/ const SECItem* stapledOCSPResponse, |
| michael@0 | 374 | /*optional out*/ mozilla::pkix::ScopedCERTCertList* validationChain, |
| michael@0 | 375 | /*optional out*/ SECOidTag* evOidPolicy) |
| michael@0 | 376 | { |
| michael@0 | 377 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("Top of MozillaPKIXVerifyCert\n")); |
| michael@0 | 378 | |
| michael@0 | 379 | PR_ASSERT(cert); |
| michael@0 | 380 | PR_ASSERT(usage == certificateUsageSSLServer || !(flags & FLAG_MUST_BE_EV)); |
| michael@0 | 381 | |
| michael@0 | 382 | if (validationChain) { |
| michael@0 | 383 | *validationChain = nullptr; |
| michael@0 | 384 | } |
| michael@0 | 385 | if (evOidPolicy) { |
| michael@0 | 386 | *evOidPolicy = SEC_OID_UNKNOWN; |
| michael@0 | 387 | } |
| michael@0 | 388 | |
| michael@0 | 389 | if (!cert || |
| michael@0 | 390 | (usage != certificateUsageSSLServer && (flags & FLAG_MUST_BE_EV))) { |
| michael@0 | 391 | PR_SetError(SEC_ERROR_INVALID_ARGS, 0); |
| michael@0 | 392 | return SECFailure; |
| michael@0 | 393 | } |
| michael@0 | 394 | |
| michael@0 | 395 | CERTChainVerifyCallback callbackContainer; |
| michael@0 | 396 | callbackContainer.isChainValid = chainValidationCallback; |
| michael@0 | 397 | callbackContainer.isChainValidArg = callbackState; |
| michael@0 | 398 | |
| michael@0 | 399 | NSSCertDBTrustDomain::OCSPFetching ocspFetching |
| michael@0 | 400 | = !mOCSPDownloadEnabled || |
| michael@0 | 401 | (flags & FLAG_LOCAL_ONLY) ? NSSCertDBTrustDomain::NeverFetchOCSP |
| michael@0 | 402 | : !mOCSPStrict ? NSSCertDBTrustDomain::FetchOCSPForDVSoftFail |
| michael@0 | 403 | : NSSCertDBTrustDomain::FetchOCSPForDVHardFail; |
| michael@0 | 404 | |
| michael@0 | 405 | SECStatus rv; |
| michael@0 | 406 | |
| michael@0 | 407 | // TODO(bug 970750): anyExtendedKeyUsage |
| michael@0 | 408 | // TODO: encipherOnly/decipherOnly |
| michael@0 | 409 | // S/MIME Key Usage: http://tools.ietf.org/html/rfc3850#section-4.4.2 |
| michael@0 | 410 | // S/MIME EKU: http://tools.ietf.org/html/rfc3850#section-4.4.4 |
| michael@0 | 411 | |
| michael@0 | 412 | // TODO(bug 915931): Pass in stapled OCSP response in all calls to |
| michael@0 | 413 | // BuildCertChain. |
| michael@0 | 414 | |
| michael@0 | 415 | mozilla::pkix::ScopedCERTCertList builtChain; |
| michael@0 | 416 | switch (usage) { |
| michael@0 | 417 | case certificateUsageSSLClient: { |
| michael@0 | 418 | // XXX: We don't really have a trust bit for SSL client authentication so |
| michael@0 | 419 | // just use trustEmail as it is the closest alternative. |
| michael@0 | 420 | NSSCertDBTrustDomain trustDomain(trustEmail, ocspFetching, mOCSPCache, |
| michael@0 | 421 | pinArg); |
| michael@0 | 422 | rv = BuildCertChain(trustDomain, cert, time, MustBeEndEntity, |
| michael@0 | 423 | KeyUsage::digitalSignature, |
| michael@0 | 424 | SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH, |
| michael@0 | 425 | SEC_OID_X509_ANY_POLICY, |
| michael@0 | 426 | stapledOCSPResponse, builtChain); |
| michael@0 | 427 | break; |
| michael@0 | 428 | } |
| michael@0 | 429 | |
| michael@0 | 430 | case certificateUsageSSLServer: { |
| michael@0 | 431 | // TODO: When verifying a certificate in an SSL handshake, we should |
| michael@0 | 432 | // restrict the acceptable key usage based on the key exchange method |
| michael@0 | 433 | // chosen by the server. |
| michael@0 | 434 | |
| michael@0 | 435 | #ifndef MOZ_NO_EV_CERTS |
| michael@0 | 436 | // Try to validate for EV first. |
| michael@0 | 437 | SECOidTag evPolicy = SEC_OID_UNKNOWN; |
| michael@0 | 438 | rv = GetFirstEVPolicy(cert, evPolicy); |
| michael@0 | 439 | if (rv == SECSuccess && evPolicy != SEC_OID_UNKNOWN) { |
| michael@0 | 440 | NSSCertDBTrustDomain |
| michael@0 | 441 | trustDomain(trustSSL, |
| michael@0 | 442 | ocspFetching == NSSCertDBTrustDomain::NeverFetchOCSP |
| michael@0 | 443 | ? NSSCertDBTrustDomain::LocalOnlyOCSPForEV |
| michael@0 | 444 | : NSSCertDBTrustDomain::FetchOCSPForEV, |
| michael@0 | 445 | mOCSPCache, pinArg, &callbackContainer); |
| michael@0 | 446 | rv = BuildCertChainForOneKeyUsage(trustDomain, cert, time, |
| michael@0 | 447 | KeyUsage::digitalSignature, // ECDHE/DHE |
| michael@0 | 448 | KeyUsage::keyEncipherment, // RSA |
| michael@0 | 449 | KeyUsage::keyAgreement, // (EC)DH |
| michael@0 | 450 | SEC_OID_EXT_KEY_USAGE_SERVER_AUTH, |
| michael@0 | 451 | evPolicy, stapledOCSPResponse, |
| michael@0 | 452 | builtChain); |
| michael@0 | 453 | if (rv == SECSuccess) { |
| michael@0 | 454 | if (evOidPolicy) { |
| michael@0 | 455 | *evOidPolicy = evPolicy; |
| michael@0 | 456 | } |
| michael@0 | 457 | break; |
| michael@0 | 458 | } |
| michael@0 | 459 | builtChain = nullptr; // clear built chain, just in case. |
| michael@0 | 460 | } |
| michael@0 | 461 | #endif |
| michael@0 | 462 | |
| michael@0 | 463 | if (flags & FLAG_MUST_BE_EV) { |
| michael@0 | 464 | PR_SetError(SEC_ERROR_POLICY_VALIDATION_FAILED, 0); |
| michael@0 | 465 | rv = SECFailure; |
| michael@0 | 466 | break; |
| michael@0 | 467 | } |
| michael@0 | 468 | |
| michael@0 | 469 | // Now try non-EV. |
| michael@0 | 470 | NSSCertDBTrustDomain trustDomain(trustSSL, ocspFetching, mOCSPCache, |
| michael@0 | 471 | pinArg, &callbackContainer); |
| michael@0 | 472 | rv = BuildCertChainForOneKeyUsage(trustDomain, cert, time, |
| michael@0 | 473 | KeyUsage::digitalSignature, // (EC)DHE |
| michael@0 | 474 | KeyUsage::keyEncipherment, // RSA |
| michael@0 | 475 | KeyUsage::keyAgreement, // (EC)DH |
| michael@0 | 476 | SEC_OID_EXT_KEY_USAGE_SERVER_AUTH, |
| michael@0 | 477 | SEC_OID_X509_ANY_POLICY, |
| michael@0 | 478 | stapledOCSPResponse, builtChain); |
| michael@0 | 479 | break; |
| michael@0 | 480 | } |
| michael@0 | 481 | |
| michael@0 | 482 | case certificateUsageSSLCA: { |
| michael@0 | 483 | NSSCertDBTrustDomain trustDomain(trustSSL, ocspFetching, mOCSPCache, |
| michael@0 | 484 | pinArg); |
| michael@0 | 485 | rv = BuildCertChain(trustDomain, cert, time, MustBeCA, |
| michael@0 | 486 | KeyUsage::keyCertSign, |
| michael@0 | 487 | SEC_OID_EXT_KEY_USAGE_SERVER_AUTH, |
| michael@0 | 488 | SEC_OID_X509_ANY_POLICY, |
| michael@0 | 489 | stapledOCSPResponse, builtChain); |
| michael@0 | 490 | break; |
| michael@0 | 491 | } |
| michael@0 | 492 | |
| michael@0 | 493 | case certificateUsageEmailSigner: { |
| michael@0 | 494 | NSSCertDBTrustDomain trustDomain(trustEmail, ocspFetching, mOCSPCache, |
| michael@0 | 495 | pinArg); |
| michael@0 | 496 | rv = BuildCertChain(trustDomain, cert, time, MustBeEndEntity, |
| michael@0 | 497 | KeyUsage::digitalSignature, |
| michael@0 | 498 | SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT, |
| michael@0 | 499 | SEC_OID_X509_ANY_POLICY, |
| michael@0 | 500 | stapledOCSPResponse, builtChain); |
| michael@0 | 501 | break; |
| michael@0 | 502 | } |
| michael@0 | 503 | |
| michael@0 | 504 | case certificateUsageEmailRecipient: { |
| michael@0 | 505 | // TODO: The higher level S/MIME processing should pass in which key |
| michael@0 | 506 | // usage it is trying to verify for, and base its algorithm choices |
| michael@0 | 507 | // based on the result of the verification(s). |
| michael@0 | 508 | NSSCertDBTrustDomain trustDomain(trustEmail, ocspFetching, mOCSPCache, |
| michael@0 | 509 | pinArg); |
| michael@0 | 510 | rv = BuildCertChain(trustDomain, cert, time, MustBeEndEntity, |
| michael@0 | 511 | KeyUsage::keyEncipherment, // RSA |
| michael@0 | 512 | SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT, |
| michael@0 | 513 | SEC_OID_X509_ANY_POLICY, |
| michael@0 | 514 | stapledOCSPResponse, builtChain); |
| michael@0 | 515 | if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INADEQUATE_KEY_USAGE) { |
| michael@0 | 516 | rv = BuildCertChain(trustDomain, cert, time, MustBeEndEntity, |
| michael@0 | 517 | KeyUsage::keyAgreement, // ECDH/DH |
| michael@0 | 518 | SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT, |
| michael@0 | 519 | SEC_OID_X509_ANY_POLICY, |
| michael@0 | 520 | stapledOCSPResponse, builtChain); |
| michael@0 | 521 | } |
| michael@0 | 522 | break; |
| michael@0 | 523 | } |
| michael@0 | 524 | |
| michael@0 | 525 | case certificateUsageObjectSigner: { |
| michael@0 | 526 | NSSCertDBTrustDomain trustDomain(trustObjectSigning, ocspFetching, |
| michael@0 | 527 | mOCSPCache, pinArg); |
| michael@0 | 528 | rv = BuildCertChain(trustDomain, cert, time, MustBeEndEntity, |
| michael@0 | 529 | KeyUsage::digitalSignature, |
| michael@0 | 530 | SEC_OID_EXT_KEY_USAGE_CODE_SIGN, |
| michael@0 | 531 | SEC_OID_X509_ANY_POLICY, |
| michael@0 | 532 | stapledOCSPResponse, builtChain); |
| michael@0 | 533 | break; |
| michael@0 | 534 | } |
| michael@0 | 535 | |
| michael@0 | 536 | case certificateUsageVerifyCA: |
| michael@0 | 537 | case certificateUsageStatusResponder: { |
| michael@0 | 538 | // XXX This is a pretty useless way to verify a certificate. It is used |
| michael@0 | 539 | // by the implementation of window.crypto.importCertificates and in the |
| michael@0 | 540 | // certificate viewer UI. Because we don't know what trust bit is |
| michael@0 | 541 | // interesting, we just try them all. |
| michael@0 | 542 | mozilla::pkix::EndEntityOrCA endEntityOrCA; |
| michael@0 | 543 | mozilla::pkix::KeyUsage keyUsage; |
| michael@0 | 544 | SECOidTag eku; |
| michael@0 | 545 | if (usage == certificateUsageVerifyCA) { |
| michael@0 | 546 | endEntityOrCA = MustBeCA; |
| michael@0 | 547 | keyUsage = KeyUsage::keyCertSign; |
| michael@0 | 548 | eku = SEC_OID_UNKNOWN; |
| michael@0 | 549 | } else { |
| michael@0 | 550 | endEntityOrCA = MustBeEndEntity; |
| michael@0 | 551 | keyUsage = KeyUsage::digitalSignature; |
| michael@0 | 552 | eku = SEC_OID_OCSP_RESPONDER; |
| michael@0 | 553 | } |
| michael@0 | 554 | |
| michael@0 | 555 | NSSCertDBTrustDomain sslTrust(trustSSL, ocspFetching, mOCSPCache, |
| michael@0 | 556 | pinArg); |
| michael@0 | 557 | rv = BuildCertChain(sslTrust, cert, time, endEntityOrCA, |
| michael@0 | 558 | keyUsage, eku, SEC_OID_X509_ANY_POLICY, |
| michael@0 | 559 | stapledOCSPResponse, builtChain); |
| michael@0 | 560 | if (rv == SECFailure && PR_GetError() == SEC_ERROR_UNKNOWN_ISSUER) { |
| michael@0 | 561 | NSSCertDBTrustDomain emailTrust(trustEmail, ocspFetching, mOCSPCache, |
| michael@0 | 562 | pinArg); |
| michael@0 | 563 | rv = BuildCertChain(emailTrust, cert, time, endEntityOrCA, keyUsage, |
| michael@0 | 564 | eku, SEC_OID_X509_ANY_POLICY, |
| michael@0 | 565 | stapledOCSPResponse, builtChain); |
| michael@0 | 566 | if (rv == SECFailure && PR_GetError() == SEC_ERROR_UNKNOWN_ISSUER) { |
| michael@0 | 567 | NSSCertDBTrustDomain objectSigningTrust(trustObjectSigning, |
| michael@0 | 568 | ocspFetching, mOCSPCache, |
| michael@0 | 569 | pinArg); |
| michael@0 | 570 | rv = BuildCertChain(objectSigningTrust, cert, time, endEntityOrCA, |
| michael@0 | 571 | keyUsage, eku, SEC_OID_X509_ANY_POLICY, |
| michael@0 | 572 | stapledOCSPResponse, builtChain); |
| michael@0 | 573 | } |
| michael@0 | 574 | } |
| michael@0 | 575 | |
| michael@0 | 576 | break; |
| michael@0 | 577 | } |
| michael@0 | 578 | |
| michael@0 | 579 | default: |
| michael@0 | 580 | PR_SetError(SEC_ERROR_INVALID_ARGS, 0); |
| michael@0 | 581 | return SECFailure; |
| michael@0 | 582 | } |
| michael@0 | 583 | |
| michael@0 | 584 | // If there is an error we may need to worsen to error to be a pinning failure |
| michael@0 | 585 | if (rv != SECSuccess && usage == certificateUsageSSLServer && |
| michael@0 | 586 | PR_GetError() != SEC_ERROR_APPLICATION_CALLBACK_ERROR) { |
| michael@0 | 587 | tryWorsenPRErrorInCallback(cert, callbackState); |
| michael@0 | 588 | } |
| michael@0 | 589 | |
| michael@0 | 590 | if (validationChain && rv == SECSuccess) { |
| michael@0 | 591 | *validationChain = builtChain.release(); |
| michael@0 | 592 | } |
| michael@0 | 593 | |
| michael@0 | 594 | return rv; |
| michael@0 | 595 | } |
| michael@0 | 596 | |
| michael@0 | 597 | SECStatus |
| michael@0 | 598 | CertVerifier::VerifyCert(CERTCertificate* cert, |
| michael@0 | 599 | const SECCertificateUsage usage, |
| michael@0 | 600 | const PRTime time, |
| michael@0 | 601 | void* pinArg, |
| michael@0 | 602 | const char* hostname, |
| michael@0 | 603 | const Flags flags, |
| michael@0 | 604 | /*optional in*/ const SECItem* stapledOCSPResponse, |
| michael@0 | 605 | /*optional out*/ ScopedCERTCertList* validationChain, |
| michael@0 | 606 | /*optional out*/ SECOidTag* evOidPolicy, |
| michael@0 | 607 | /*optional out*/ CERTVerifyLog* verifyLog) |
| michael@0 | 608 | { |
| michael@0 | 609 | ChainValidationCallbackState callbackState = { hostname, |
| michael@0 | 610 | mPinningEnforcementLevel, |
| michael@0 | 611 | usage, |
| michael@0 | 612 | time }; |
| michael@0 | 613 | |
| michael@0 | 614 | if (mImplementation == mozillapkix) { |
| michael@0 | 615 | return MozillaPKIXVerifyCert(cert, usage, time, pinArg, flags, |
| michael@0 | 616 | &callbackState, stapledOCSPResponse, |
| michael@0 | 617 | validationChain, evOidPolicy); |
| michael@0 | 618 | } |
| michael@0 | 619 | |
| michael@0 | 620 | if (!cert) |
| michael@0 | 621 | { |
| michael@0 | 622 | PR_NOT_REACHED("Invalid arguments to CertVerifier::VerifyCert"); |
| michael@0 | 623 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| michael@0 | 624 | return SECFailure; |
| michael@0 | 625 | } |
| michael@0 | 626 | if (validationChain) { |
| michael@0 | 627 | *validationChain = nullptr; |
| michael@0 | 628 | } |
| michael@0 | 629 | if (evOidPolicy) { |
| michael@0 | 630 | *evOidPolicy = SEC_OID_UNKNOWN; |
| michael@0 | 631 | } |
| michael@0 | 632 | |
| michael@0 | 633 | switch(usage){ |
| michael@0 | 634 | case certificateUsageSSLClient: |
| michael@0 | 635 | case certificateUsageSSLServer: |
| michael@0 | 636 | case certificateUsageSSLCA: |
| michael@0 | 637 | case certificateUsageEmailSigner: |
| michael@0 | 638 | case certificateUsageEmailRecipient: |
| michael@0 | 639 | case certificateUsageObjectSigner: |
| michael@0 | 640 | case certificateUsageVerifyCA: |
| michael@0 | 641 | case certificateUsageStatusResponder: |
| michael@0 | 642 | break; |
| michael@0 | 643 | default: |
| michael@0 | 644 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| michael@0 | 645 | return SECFailure; |
| michael@0 | 646 | } |
| michael@0 | 647 | |
| michael@0 | 648 | if ((flags & FLAG_MUST_BE_EV) && usage != certificateUsageSSLServer) { |
| michael@0 | 649 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| michael@0 | 650 | return SECFailure; |
| michael@0 | 651 | } |
| michael@0 | 652 | |
| michael@0 | 653 | #ifndef NSS_NO_LIBPKIX |
| michael@0 | 654 | ScopedCERTCertList trustAnchors; |
| michael@0 | 655 | SECStatus rv; |
| michael@0 | 656 | SECOidTag evPolicy = SEC_OID_UNKNOWN; |
| michael@0 | 657 | |
| michael@0 | 658 | // Do EV checking only for sslserver usage |
| michael@0 | 659 | if (usage == certificateUsageSSLServer) { |
| michael@0 | 660 | SECStatus srv = GetFirstEVPolicy(cert, evPolicy); |
| michael@0 | 661 | if (srv == SECSuccess) { |
| michael@0 | 662 | if (evPolicy != SEC_OID_UNKNOWN) { |
| michael@0 | 663 | trustAnchors = GetRootsForOid(evPolicy); |
| michael@0 | 664 | } |
| michael@0 | 665 | if (!trustAnchors) { |
| michael@0 | 666 | return SECFailure; |
| michael@0 | 667 | } |
| michael@0 | 668 | // pkix ignores an empty trustanchors list and |
| michael@0 | 669 | // decides then to use the whole set of trust in the DB |
| michael@0 | 670 | // so we set the evPolicy to unkown in this case |
| michael@0 | 671 | if (CERT_LIST_EMPTY(trustAnchors)) { |
| michael@0 | 672 | evPolicy = SEC_OID_UNKNOWN; |
| michael@0 | 673 | } |
| michael@0 | 674 | } else { |
| michael@0 | 675 | // No known EV policy found |
| michael@0 | 676 | if (flags & FLAG_MUST_BE_EV) { |
| michael@0 | 677 | PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); |
| michael@0 | 678 | return SECFailure; |
| michael@0 | 679 | } |
| michael@0 | 680 | // Do not setup EV verification params |
| michael@0 | 681 | evPolicy = SEC_OID_UNKNOWN; |
| michael@0 | 682 | } |
| michael@0 | 683 | if ((evPolicy == SEC_OID_UNKNOWN) && (flags & FLAG_MUST_BE_EV)) { |
| michael@0 | 684 | PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); |
| michael@0 | 685 | return SECFailure; |
| michael@0 | 686 | } |
| michael@0 | 687 | } |
| michael@0 | 688 | |
| michael@0 | 689 | PR_ASSERT(evPolicy == SEC_OID_UNKNOWN || trustAnchors); |
| michael@0 | 690 | |
| michael@0 | 691 | size_t i = 0; |
| michael@0 | 692 | size_t validationChainLocation = 0; |
| michael@0 | 693 | size_t validationTrustAnchorLocation = 0; |
| michael@0 | 694 | CERTValOutParam cvout[4]; |
| michael@0 | 695 | if (verifyLog) { |
| michael@0 | 696 | cvout[i].type = cert_po_errorLog; |
| michael@0 | 697 | cvout[i].value.pointer.log = verifyLog; |
| michael@0 | 698 | ++i; |
| michael@0 | 699 | } |
| michael@0 | 700 | if (validationChain) { |
| michael@0 | 701 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: setting up validation chain outparam.\n")); |
| michael@0 | 702 | validationChainLocation = i; |
| michael@0 | 703 | cvout[i].type = cert_po_certList; |
| michael@0 | 704 | cvout[i].value.pointer.chain = nullptr; |
| michael@0 | 705 | ++i; |
| michael@0 | 706 | validationTrustAnchorLocation = i; |
| michael@0 | 707 | cvout[i].type = cert_po_trustAnchor; |
| michael@0 | 708 | cvout[i].value.pointer.cert = nullptr; |
| michael@0 | 709 | ++i; |
| michael@0 | 710 | } |
| michael@0 | 711 | cvout[i].type = cert_po_end; |
| michael@0 | 712 | |
| michael@0 | 713 | CERTRevocationFlags rev; |
| michael@0 | 714 | |
| michael@0 | 715 | CERTRevocationMethodIndex revPreferredMethods[2]; |
| michael@0 | 716 | rev.leafTests.preferred_methods = |
| michael@0 | 717 | rev.chainTests.preferred_methods = revPreferredMethods; |
| michael@0 | 718 | |
| michael@0 | 719 | uint64_t revFlagsPerMethod[2]; |
| michael@0 | 720 | rev.leafTests.cert_rev_flags_per_method = |
| michael@0 | 721 | rev.chainTests.cert_rev_flags_per_method = revFlagsPerMethod; |
| michael@0 | 722 | rev.leafTests.number_of_preferred_methods = |
| michael@0 | 723 | rev.chainTests.number_of_preferred_methods = 1; |
| michael@0 | 724 | |
| michael@0 | 725 | rev.leafTests.number_of_defined_methods = |
| michael@0 | 726 | rev.chainTests.number_of_defined_methods = cert_revocation_method_ocsp + 1; |
| michael@0 | 727 | |
| michael@0 | 728 | const bool localOnly = flags & FLAG_LOCAL_ONLY; |
| michael@0 | 729 | CERTValInParam cvin[7]; |
| michael@0 | 730 | |
| michael@0 | 731 | // Parameters for both EV and DV validation |
| michael@0 | 732 | cvin[0].type = cert_pi_useAIACertFetch; |
| michael@0 | 733 | cvin[0].value.scalar.b = mMissingCertDownloadEnabled && !localOnly; |
| michael@0 | 734 | cvin[1].type = cert_pi_revocationFlags; |
| michael@0 | 735 | cvin[1].value.pointer.revocation = &rev; |
| michael@0 | 736 | cvin[2].type = cert_pi_date; |
| michael@0 | 737 | cvin[2].value.scalar.time = time; |
| michael@0 | 738 | i = 3; |
| michael@0 | 739 | |
| michael@0 | 740 | CERTChainVerifyCallback callbackContainer; |
| michael@0 | 741 | if (usage == certificateUsageSSLServer) { |
| michael@0 | 742 | callbackContainer.isChainValid = chainValidationCallback; |
| michael@0 | 743 | callbackContainer.isChainValidArg = &callbackState; |
| michael@0 | 744 | cvin[i].type = cert_pi_chainVerifyCallback; |
| michael@0 | 745 | cvin[i].value.pointer.chainVerifyCallback = &callbackContainer; |
| michael@0 | 746 | ++i; |
| michael@0 | 747 | } |
| michael@0 | 748 | |
| michael@0 | 749 | const size_t evParamLocation = i; |
| michael@0 | 750 | |
| michael@0 | 751 | if (evPolicy != SEC_OID_UNKNOWN) { |
| michael@0 | 752 | // EV setup! |
| michael@0 | 753 | // XXX 859872 The current flags are not quite correct. (use |
| michael@0 | 754 | // of ocsp flags for crl preferences). |
| michael@0 | 755 | uint64_t ocspRevMethodFlags = |
| michael@0 | 756 | CERT_REV_M_TEST_USING_THIS_METHOD |
| michael@0 | 757 | | ((mOCSPDownloadEnabled && !localOnly) ? |
| michael@0 | 758 | CERT_REV_M_ALLOW_NETWORK_FETCHING : CERT_REV_M_FORBID_NETWORK_FETCHING) |
| michael@0 | 759 | | CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE |
| michael@0 | 760 | | CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE |
| michael@0 | 761 | | CERT_REV_M_IGNORE_MISSING_FRESH_INFO |
| michael@0 | 762 | | CERT_REV_M_STOP_TESTING_ON_FRESH_INFO |
| michael@0 | 763 | | (mOCSPGETEnabled ? 0 : CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP); |
| michael@0 | 764 | |
| michael@0 | 765 | rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_crl] = |
| michael@0 | 766 | rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_crl] |
| michael@0 | 767 | = CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD; |
| michael@0 | 768 | |
| michael@0 | 769 | rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] = |
| michael@0 | 770 | rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] |
| michael@0 | 771 | = ocspRevMethodFlags; |
| michael@0 | 772 | |
| michael@0 | 773 | rev.leafTests.cert_rev_method_independent_flags = |
| michael@0 | 774 | rev.chainTests.cert_rev_method_independent_flags = |
| michael@0 | 775 | // avoiding the network is good, let's try local first |
| michael@0 | 776 | CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
| michael@0 | 777 | // is overall revocation requirement strict or relaxed? |
| michael@0 | 778 | | CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE |
| michael@0 | 779 | ; |
| michael@0 | 780 | |
| michael@0 | 781 | rev.leafTests.preferred_methods[0] = |
| michael@0 | 782 | rev.chainTests.preferred_methods[0] = cert_revocation_method_ocsp; |
| michael@0 | 783 | |
| michael@0 | 784 | cvin[i].type = cert_pi_policyOID; |
| michael@0 | 785 | cvin[i].value.arraySize = 1; |
| michael@0 | 786 | cvin[i].value.array.oids = &evPolicy; |
| michael@0 | 787 | ++i; |
| michael@0 | 788 | PR_ASSERT(trustAnchors); |
| michael@0 | 789 | cvin[i].type = cert_pi_trustAnchors; |
| michael@0 | 790 | cvin[i].value.pointer.chain = trustAnchors.get(); |
| michael@0 | 791 | ++i; |
| michael@0 | 792 | |
| michael@0 | 793 | cvin[i].type = cert_pi_end; |
| michael@0 | 794 | |
| michael@0 | 795 | rv = CERT_PKIXVerifyCert(cert, usage, cvin, cvout, pinArg); |
| michael@0 | 796 | if (rv == SECSuccess) { |
| michael@0 | 797 | if (evOidPolicy) { |
| michael@0 | 798 | *evOidPolicy = evPolicy; |
| michael@0 | 799 | } |
| michael@0 | 800 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, |
| michael@0 | 801 | ("VerifyCert: successful CERT_PKIXVerifyCert(ev) \n")); |
| michael@0 | 802 | goto pkix_done; |
| michael@0 | 803 | } |
| michael@0 | 804 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, |
| michael@0 | 805 | ("VerifyCert: failed CERT_PKIXVerifyCert(ev)\n")); |
| michael@0 | 806 | if (flags & FLAG_MUST_BE_EV) { |
| michael@0 | 807 | return rv; |
| michael@0 | 808 | } |
| michael@0 | 809 | if (validationChain) { |
| michael@0 | 810 | destroyCertListThatShouldNotExist( |
| michael@0 | 811 | &cvout[validationChainLocation].value.pointer.chain); |
| michael@0 | 812 | } |
| michael@0 | 813 | |
| michael@0 | 814 | if (verifyLog) { |
| michael@0 | 815 | // Cleanup the log so that it is ready the the next validation |
| michael@0 | 816 | CERTVerifyLogNode* i_node; |
| michael@0 | 817 | for (i_node = verifyLog->head; i_node; i_node = i_node->next) { |
| michael@0 | 818 | //destroy cert if any. |
| michael@0 | 819 | if (i_node->cert) { |
| michael@0 | 820 | CERT_DestroyCertificate(i_node->cert); |
| michael@0 | 821 | } |
| michael@0 | 822 | // No need to cleanup the actual nodes in the arena. |
| michael@0 | 823 | } |
| michael@0 | 824 | verifyLog->count = 0; |
| michael@0 | 825 | verifyLog->head = nullptr; |
| michael@0 | 826 | verifyLog->tail = nullptr; |
| michael@0 | 827 | } |
| michael@0 | 828 | |
| michael@0 | 829 | } |
| michael@0 | 830 | #endif |
| michael@0 | 831 | |
| michael@0 | 832 | // If we're here, PKIX EV verification failed. |
| michael@0 | 833 | // If requested, don't do DV fallback. |
| michael@0 | 834 | if (flags & FLAG_MUST_BE_EV) { |
| michael@0 | 835 | PR_ASSERT(*evOidPolicy == SEC_OID_UNKNOWN); |
| michael@0 | 836 | #ifdef NSS_NO_LIBPKIX |
| michael@0 | 837 | PR_SetError(SEC_ERROR_INVALID_ARGS, 0); |
| michael@0 | 838 | #else |
| michael@0 | 839 | PR_SetError(PR_INVALID_STATE_ERROR, 0); |
| michael@0 | 840 | #endif |
| michael@0 | 841 | return SECFailure; |
| michael@0 | 842 | } |
| michael@0 | 843 | |
| michael@0 | 844 | if (mImplementation == classic) { |
| michael@0 | 845 | // XXX: we do not care about the localOnly flag (currently) as the |
| michael@0 | 846 | // caller that wants localOnly should disable and reenable the fetching. |
| michael@0 | 847 | return ClassicVerifyCert(cert, usage, time, pinArg, &callbackState, |
| michael@0 | 848 | validationChain, verifyLog); |
| michael@0 | 849 | } |
| michael@0 | 850 | |
| michael@0 | 851 | #ifdef NSS_NO_LIBPKIX |
| michael@0 | 852 | PR_NOT_REACHED("libpkix implementation chosen but not even compiled in"); |
| michael@0 | 853 | PR_SetError(PR_INVALID_STATE_ERROR, 0); |
| michael@0 | 854 | return SECFailure; |
| michael@0 | 855 | #else |
| michael@0 | 856 | PR_ASSERT(mImplementation == libpkix); |
| michael@0 | 857 | |
| michael@0 | 858 | // The current flags check the chain the same way as the leafs |
| michael@0 | 859 | rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_crl] = |
| michael@0 | 860 | rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_crl] = |
| michael@0 | 861 | // implicit default source - makes no sense for CRLs |
| michael@0 | 862 | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE |
| michael@0 | 863 | |
| michael@0 | 864 | // let's not stop on fresh CRL. If OCSP is enabled, too, let's check it |
| michael@0 | 865 | | CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO |
| michael@0 | 866 | |
| michael@0 | 867 | // no fresh CRL? well, let other flag decide whether to fail or not |
| michael@0 | 868 | | CERT_REV_M_IGNORE_MISSING_FRESH_INFO |
| michael@0 | 869 | |
| michael@0 | 870 | // testing using local CRLs is always allowed |
| michael@0 | 871 | | CERT_REV_M_TEST_USING_THIS_METHOD |
| michael@0 | 872 | |
| michael@0 | 873 | // no local crl and don't know where to get it from? ignore |
| michael@0 | 874 | | CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE |
| michael@0 | 875 | |
| michael@0 | 876 | // crl download based on parameter |
| michael@0 | 877 | | ((mCRLDownloadEnabled && !localOnly) ? |
| michael@0 | 878 | CERT_REV_M_ALLOW_NETWORK_FETCHING : CERT_REV_M_FORBID_NETWORK_FETCHING) |
| michael@0 | 879 | ; |
| michael@0 | 880 | |
| michael@0 | 881 | rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] = |
| michael@0 | 882 | rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] = |
| michael@0 | 883 | // use OCSP |
| michael@0 | 884 | CERT_REV_M_TEST_USING_THIS_METHOD |
| michael@0 | 885 | |
| michael@0 | 886 | // if app has a default OCSP responder configured, let's use it |
| michael@0 | 887 | | CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE |
| michael@0 | 888 | |
| michael@0 | 889 | // of course OCSP doesn't work without a source. let's accept such certs |
| michael@0 | 890 | | CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE |
| michael@0 | 891 | |
| michael@0 | 892 | // if ocsp is required stop on lack of freshness |
| michael@0 | 893 | | (mOCSPStrict ? |
| michael@0 | 894 | CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO : CERT_REV_M_IGNORE_MISSING_FRESH_INFO) |
| michael@0 | 895 | |
| michael@0 | 896 | // ocsp success is sufficient |
| michael@0 | 897 | | CERT_REV_M_STOP_TESTING_ON_FRESH_INFO |
| michael@0 | 898 | |
| michael@0 | 899 | // ocsp enabled controls network fetching, too |
| michael@0 | 900 | | ((mOCSPDownloadEnabled && !localOnly) ? |
| michael@0 | 901 | CERT_REV_M_ALLOW_NETWORK_FETCHING : CERT_REV_M_FORBID_NETWORK_FETCHING) |
| michael@0 | 902 | |
| michael@0 | 903 | | (mOCSPGETEnabled ? 0 : CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP); |
| michael@0 | 904 | ; |
| michael@0 | 905 | |
| michael@0 | 906 | rev.leafTests.preferred_methods[0] = |
| michael@0 | 907 | rev.chainTests.preferred_methods[0] = cert_revocation_method_ocsp; |
| michael@0 | 908 | |
| michael@0 | 909 | rev.leafTests.cert_rev_method_independent_flags = |
| michael@0 | 910 | rev.chainTests.cert_rev_method_independent_flags = |
| michael@0 | 911 | // avoiding the network is good, let's try local first |
| michael@0 | 912 | CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST; |
| michael@0 | 913 | |
| michael@0 | 914 | // Skip EV parameters |
| michael@0 | 915 | cvin[evParamLocation].type = cert_pi_end; |
| michael@0 | 916 | |
| michael@0 | 917 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: calling CERT_PKIXVerifyCert(dv) \n")); |
| michael@0 | 918 | rv = CERT_PKIXVerifyCert(cert, usage, cvin, cvout, pinArg); |
| michael@0 | 919 | |
| michael@0 | 920 | pkix_done: |
| michael@0 | 921 | // If there is an error we may need to worsen to error to be a pinning failure |
| michael@0 | 922 | if (rv != SECSuccess && usage == certificateUsageSSLServer && |
| michael@0 | 923 | PR_GetError() != SEC_ERROR_APPLICATION_CALLBACK_ERROR) { |
| michael@0 | 924 | tryWorsenPRErrorInCallback(cert, &callbackState); |
| michael@0 | 925 | } |
| michael@0 | 926 | |
| michael@0 | 927 | if (validationChain) { |
| michael@0 | 928 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: validation chain requested\n")); |
| michael@0 | 929 | ScopedCERTCertificate trustAnchor(cvout[validationTrustAnchorLocation].value.pointer.cert); |
| michael@0 | 930 | |
| michael@0 | 931 | if (rv == SECSuccess) { |
| michael@0 | 932 | if (! cvout[validationChainLocation].value.pointer.chain) { |
| michael@0 | 933 | PR_SetError(PR_UNKNOWN_ERROR, 0); |
| michael@0 | 934 | return SECFailure; |
| michael@0 | 935 | } |
| michael@0 | 936 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: I have a chain\n")); |
| michael@0 | 937 | *validationChain = cvout[validationChainLocation].value.pointer.chain; |
| michael@0 | 938 | if (trustAnchor) { |
| michael@0 | 939 | // we should only add the issuer to the chain if it is not already |
| michael@0 | 940 | // present. On CA cert checking, the issuer is the same cert, so in |
| michael@0 | 941 | // that case we do not add the cert to the chain. |
| michael@0 | 942 | if (!CERT_CompareCerts(trustAnchor.get(), cert)) { |
| michael@0 | 943 | PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: adding issuer to tail for display\n")); |
| michael@0 | 944 | // note: rv is reused to catch errors on cert creation! |
| michael@0 | 945 | ScopedCERTCertificate tempCert(CERT_DupCertificate(trustAnchor.get())); |
| michael@0 | 946 | rv = CERT_AddCertToListTail(validationChain->get(), tempCert.get()); |
| michael@0 | 947 | if (rv == SECSuccess) { |
| michael@0 | 948 | tempCert.release(); // ownership traferred to validationChain |
| michael@0 | 949 | } else { |
| michael@0 | 950 | *validationChain = nullptr; |
| michael@0 | 951 | } |
| michael@0 | 952 | } |
| michael@0 | 953 | } |
| michael@0 | 954 | } else { |
| michael@0 | 955 | destroyCertListThatShouldNotExist( |
| michael@0 | 956 | &cvout[validationChainLocation].value.pointer.chain); |
| michael@0 | 957 | } |
| michael@0 | 958 | } |
| michael@0 | 959 | |
| michael@0 | 960 | return rv; |
| michael@0 | 961 | #endif |
| michael@0 | 962 | } |
| michael@0 | 963 | |
| michael@0 | 964 | SECStatus |
| michael@0 | 965 | CertVerifier::VerifySSLServerCert(CERTCertificate* peerCert, |
| michael@0 | 966 | /*optional*/ const SECItem* stapledOCSPResponse, |
| michael@0 | 967 | PRTime time, |
| michael@0 | 968 | /*optional*/ void* pinarg, |
| michael@0 | 969 | const char* hostname, |
| michael@0 | 970 | bool saveIntermediatesInPermanentDatabase, |
| michael@0 | 971 | /*optional out*/ mozilla::pkix::ScopedCERTCertList* certChainOut, |
| michael@0 | 972 | /*optional out*/ SECOidTag* evOidPolicy) |
| michael@0 | 973 | { |
| michael@0 | 974 | PR_ASSERT(peerCert); |
| michael@0 | 975 | // XXX: PR_ASSERT(pinarg) |
| michael@0 | 976 | PR_ASSERT(hostname); |
| michael@0 | 977 | PR_ASSERT(hostname[0]); |
| michael@0 | 978 | |
| michael@0 | 979 | if (certChainOut) { |
| michael@0 | 980 | *certChainOut = nullptr; |
| michael@0 | 981 | } |
| michael@0 | 982 | if (evOidPolicy) { |
| michael@0 | 983 | *evOidPolicy = SEC_OID_UNKNOWN; |
| michael@0 | 984 | } |
| michael@0 | 985 | |
| michael@0 | 986 | if (!hostname || !hostname[0]) { |
| michael@0 | 987 | PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0); |
| michael@0 | 988 | return SECFailure; |
| michael@0 | 989 | } |
| michael@0 | 990 | |
| michael@0 | 991 | // CreateCertErrorRunnable assumes that CERT_VerifyCertName is only called |
| michael@0 | 992 | // if VerifyCert succeeded. |
| michael@0 | 993 | ScopedCERTCertList validationChain; |
| michael@0 | 994 | SECStatus rv = VerifyCert(peerCert, certificateUsageSSLServer, time, pinarg, |
| michael@0 | 995 | hostname, 0, stapledOCSPResponse, &validationChain, |
| michael@0 | 996 | evOidPolicy, nullptr); |
| michael@0 | 997 | if (rv != SECSuccess) { |
| michael@0 | 998 | return rv; |
| michael@0 | 999 | } |
| michael@0 | 1000 | |
| michael@0 | 1001 | rv = CERT_VerifyCertName(peerCert, hostname); |
| michael@0 | 1002 | if (rv != SECSuccess) { |
| michael@0 | 1003 | return rv; |
| michael@0 | 1004 | } |
| michael@0 | 1005 | |
| michael@0 | 1006 | if (saveIntermediatesInPermanentDatabase) { |
| michael@0 | 1007 | SaveIntermediateCerts(validationChain); |
| michael@0 | 1008 | } |
| michael@0 | 1009 | |
| michael@0 | 1010 | if (certChainOut) { |
| michael@0 | 1011 | *certChainOut = validationChain.release(); |
| michael@0 | 1012 | } |
| michael@0 | 1013 | |
| michael@0 | 1014 | return SECSuccess; |
| michael@0 | 1015 | } |
| michael@0 | 1016 | |
| michael@0 | 1017 | } } // namespace mozilla::psm |
