michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "secutil.h" michael@0: #include "plgetopt.h" michael@0: #include "cert.h" michael@0: #include "secoid.h" michael@0: #include "cryptohi.h" michael@0: michael@0: /* maximum supported modulus length in bits (indicate problem if over this) */ michael@0: #define MAX_MODULUS (1024) michael@0: michael@0: michael@0: static void Usage(char *progName) michael@0: { michael@0: fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n", michael@0: progName); michael@0: fprintf(stderr, "%-20s Cert to check is base64 encoded\n", michael@0: "-a"); michael@0: fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n", michael@0: "-A"); michael@0: fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n", michael@0: "-v"); michael@0: fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n", michael@0: "-f"); michael@0: fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", michael@0: "-o output"); michael@0: fprintf(stderr, "%-20s Specify the input type (no default)\n", michael@0: "-t type"); michael@0: exit(-1); michael@0: } michael@0: michael@0: michael@0: /* michael@0: * Check integer field named fieldName, printing out results and michael@0: * returning the length of the integer in bits michael@0: */ michael@0: michael@0: static michael@0: int checkInteger(SECItem *intItem, char *fieldName, int verbose) michael@0: { michael@0: int len, bitlen; michael@0: if (verbose) { michael@0: printf("Checking %s\n", fieldName); michael@0: } michael@0: michael@0: len = intItem->len; michael@0: michael@0: if (len && (intItem->data[0] & 0x80)) { michael@0: printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n", michael@0: fieldName); michael@0: } michael@0: michael@0: michael@0: /* calculate bit length and check for unnecessary leading zeros */ michael@0: bitlen = len << 3; michael@0: if (len > 1 && intItem->data[0] == 0) { michael@0: /* leading zero byte(s) */ michael@0: if (!(intItem->data[1] & 0x80)) { michael@0: printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n", michael@0: fieldName); michael@0: } michael@0: /* strip leading zeros in length calculation */ michael@0: { michael@0: int i=0; michael@0: while (bitlen > 8 && intItem->data[i] == 0) { michael@0: bitlen -= 8; michael@0: i++; michael@0: } michael@0: } michael@0: } michael@0: return bitlen; michael@0: } michael@0: michael@0: michael@0: michael@0: michael@0: static michael@0: void checkName(CERTName *n, char *fieldName, int verbose) michael@0: { michael@0: char *v=0; michael@0: if (verbose) { michael@0: printf("Checking %s\n", fieldName); michael@0: } michael@0: michael@0: v = CERT_GetCountryName(n); michael@0: if (!v) { michael@0: printf("PROBLEM: %s lacks Country Name (C)\n", michael@0: fieldName); michael@0: } michael@0: PORT_Free(v); michael@0: michael@0: v = CERT_GetOrgName(n); michael@0: if (!v) { michael@0: printf("PROBLEM: %s lacks Organization Name (O)\n", michael@0: fieldName); michael@0: } michael@0: PORT_Free(v); michael@0: michael@0: v = CERT_GetOrgUnitName(n); michael@0: if (!v) { michael@0: printf("WARNING: %s lacks Organization Unit Name (OU)\n", michael@0: fieldName); michael@0: } michael@0: PORT_Free(v); michael@0: michael@0: v = CERT_GetCommonName(n); michael@0: if (!v) { michael@0: printf("PROBLEM: %s lacks Common Name (CN)\n", michael@0: fieldName); michael@0: } michael@0: PORT_Free(v); michael@0: } michael@0: michael@0: michael@0: static michael@0: SECStatus michael@0: OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, michael@0: SECItem *sig, SECAlgorithmID *sigAlgorithm) michael@0: { michael@0: SECStatus rv; michael@0: VFYContext *cx; michael@0: SECOidData *sigAlgOid, *oiddata; michael@0: SECOidTag sigAlgTag; michael@0: SECOidTag hashAlgTag; michael@0: int showDigestOid=0; michael@0: michael@0: cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag, michael@0: NULL); michael@0: if (cx == NULL) michael@0: return SECFailure; michael@0: michael@0: sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); michael@0: if (sigAlgOid == 0) michael@0: return SECFailure; michael@0: sigAlgTag = sigAlgOid->offset; michael@0: michael@0: michael@0: if (showDigestOid) { michael@0: oiddata = SECOID_FindOIDByTag(hashAlgTag); michael@0: if ( oiddata ) { michael@0: printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc); michael@0: } else { michael@0: SECU_PrintAsHex(stdout, michael@0: &oiddata->oid, "PROBLEM: UNKNOWN OID", 0); michael@0: } michael@0: } michael@0: michael@0: rv = VFY_Begin(cx); michael@0: if (rv == SECSuccess) { michael@0: rv = VFY_Update(cx, buf, len); michael@0: if (rv == SECSuccess) michael@0: rv = VFY_End(cx); michael@0: } michael@0: michael@0: VFY_DestroyContext(cx, PR_TRUE); michael@0: return rv; michael@0: } michael@0: michael@0: michael@0: michael@0: static michael@0: SECStatus michael@0: OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert) michael@0: { michael@0: SECItem sig; michael@0: SECKEYPublicKey *pubKey = 0; michael@0: SECStatus rv; michael@0: michael@0: /* check the certificate's validity */ michael@0: rv = CERT_CertTimesValid(cert); michael@0: if ( rv ) { michael@0: return(SECFailure); michael@0: } michael@0: michael@0: /* get cert's public key */ michael@0: pubKey = CERT_ExtractPublicKey(cert); michael@0: if ( !pubKey ) { michael@0: return(SECFailure); michael@0: } michael@0: michael@0: /* check the signature */ michael@0: sig = sd->signature; michael@0: DER_ConvertBitString(&sig); michael@0: rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig, michael@0: &sd->signatureAlgorithm); michael@0: michael@0: SECKEY_DestroyPublicKey(pubKey); michael@0: michael@0: if ( rv ) { michael@0: return(SECFailure); michael@0: } michael@0: michael@0: return(SECSuccess); michael@0: } michael@0: michael@0: michael@0: michael@0: michael@0: static michael@0: CERTCertificate *createEmptyCertificate(void) michael@0: { michael@0: PLArenaPool *arena = 0; michael@0: CERTCertificate *c = 0; michael@0: michael@0: arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); michael@0: if ( !arena ) { michael@0: return 0; michael@0: } michael@0: michael@0: michael@0: c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate)); michael@0: michael@0: if (c) { michael@0: c->referenceCount = 1; michael@0: c->arena = arena; michael@0: } else { michael@0: PORT_FreeArena(arena,PR_TRUE); michael@0: } michael@0: michael@0: return c; michael@0: } michael@0: michael@0: michael@0: michael@0: michael@0: int main(int argc, char **argv) michael@0: { michael@0: int rv, verbose=0, force=0; michael@0: int ascii=0, issuerAscii=0; michael@0: char *progName=0; michael@0: PRFileDesc *inFile=0, *issuerCertFile=0; michael@0: SECItem derCert, derIssuerCert; michael@0: PLArenaPool *arena=0; michael@0: CERTSignedData *signedData=0; michael@0: CERTCertificate *cert=0, *issuerCert=0; michael@0: SECKEYPublicKey *rsapubkey=0; michael@0: SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption; michael@0: SECAlgorithmID sha1WithRSAEncryption, rsaEncryption; michael@0: SECItem spk; michael@0: int selfSigned=0; michael@0: int invalid=0; michael@0: char *inFileName = NULL, *issuerCertFileName = NULL; michael@0: PLOptState *optstate; michael@0: PLOptStatus status; michael@0: michael@0: PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption)); michael@0: PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption)); michael@0: PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption)); michael@0: PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption)); michael@0: michael@0: progName = strrchr(argv[0], '/'); michael@0: progName = progName ? progName+1 : argv[0]; michael@0: michael@0: optstate = PL_CreateOptState(argc, argv, "aAvf"); michael@0: while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { michael@0: switch (optstate->option) { michael@0: case 'v': michael@0: verbose = 1; michael@0: break; michael@0: michael@0: case 'f': michael@0: force = 1; michael@0: break; michael@0: michael@0: case 'a': michael@0: ascii = 1; michael@0: break; michael@0: michael@0: case 'A': michael@0: issuerAscii = 1; michael@0: break; michael@0: michael@0: case '\0': michael@0: if (!inFileName) michael@0: inFileName = PL_strdup(optstate->value); michael@0: else if (!issuerCertFileName) michael@0: issuerCertFileName = PL_strdup(optstate->value); michael@0: else michael@0: Usage(progName); michael@0: break; michael@0: } michael@0: } michael@0: michael@0: if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) { michael@0: /* insufficient or excess args */ michael@0: Usage(progName); michael@0: } michael@0: michael@0: inFile = PR_Open(inFileName, PR_RDONLY, 0); michael@0: if (!inFile) { michael@0: fprintf(stderr, "%s: unable to open \"%s\" for reading\n", michael@0: progName, inFileName); michael@0: exit(1); michael@0: } michael@0: michael@0: issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0); michael@0: if (!issuerCertFile) { michael@0: fprintf(stderr, "%s: unable to open \"%s\" for reading\n", michael@0: progName, issuerCertFileName); michael@0: exit(1); michael@0: } michael@0: michael@0: if (SECU_ReadDERFromFile(&derCert, inFile, ascii, PR_FALSE) != SECSuccess) { michael@0: printf("Couldn't read input certificate as DER binary or base64\n"); michael@0: exit(1); michael@0: } michael@0: michael@0: arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); michael@0: if (arena == 0) { michael@0: fprintf(stderr,"%s: can't allocate scratch arena!", progName); michael@0: exit(1); michael@0: } michael@0: michael@0: if (issuerCertFile) { michael@0: CERTSignedData *issuerCertSD=0; michael@0: if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii, michael@0: PR_FALSE) != SECSuccess) { michael@0: printf("Couldn't read issuer certificate as DER binary or base64.\n"); michael@0: exit(1); michael@0: } michael@0: issuerCertSD = PORT_ArenaZNew(arena, CERTSignedData); michael@0: if (!issuerCertSD) { michael@0: fprintf(stderr,"%s: can't allocate issuer signed data!", progName); michael@0: exit(1); michael@0: } michael@0: rv = SEC_ASN1DecodeItem(arena, issuerCertSD, michael@0: SEC_ASN1_GET(CERT_SignedDataTemplate), michael@0: &derIssuerCert); michael@0: if (rv) { michael@0: fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n", michael@0: progName); michael@0: exit(1); michael@0: } michael@0: issuerCert = createEmptyCertificate(); michael@0: if (!issuerCert) { michael@0: printf("%s: can't allocate space for issuer cert.", progName); michael@0: exit(1); michael@0: } michael@0: rv = SEC_ASN1DecodeItem(arena, issuerCert, michael@0: SEC_ASN1_GET(CERT_CertificateTemplate), michael@0: &issuerCertSD->data); michael@0: if (rv) { michael@0: printf("%s: Does not appear to be an X509 Certificate.\n", michael@0: progName); michael@0: exit(1); michael@0: } michael@0: } michael@0: michael@0: signedData = PORT_ArenaZNew(arena,CERTSignedData); michael@0: if (!signedData) { michael@0: fprintf(stderr,"%s: can't allocate signedData!", progName); michael@0: exit(1); michael@0: } michael@0: michael@0: rv = SEC_ASN1DecodeItem(arena, signedData, michael@0: SEC_ASN1_GET(CERT_SignedDataTemplate), michael@0: &derCert); michael@0: if (rv) { michael@0: fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n", michael@0: progName); michael@0: exit(1); michael@0: } michael@0: michael@0: if (verbose) { michael@0: printf("Decoded ok as X509 SIGNED data.\n"); michael@0: } michael@0: michael@0: cert = createEmptyCertificate(); michael@0: if (!cert) { michael@0: fprintf(stderr, "%s: can't allocate cert", progName); michael@0: exit(1); michael@0: } michael@0: michael@0: rv = SEC_ASN1DecodeItem(arena, cert, michael@0: SEC_ASN1_GET(CERT_CertificateTemplate), michael@0: &signedData->data); michael@0: if (rv) { michael@0: fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n", michael@0: progName); michael@0: exit(1); michael@0: } michael@0: michael@0: michael@0: if (verbose) { michael@0: printf("Decoded ok as an X509 certificate.\n"); michael@0: } michael@0: michael@0: SECU_RegisterDynamicOids(); michael@0: rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, michael@0: SECU_PrintCertificate); michael@0: michael@0: if (rv) { michael@0: fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", michael@0: progName, PORT_GetError()); michael@0: if (!force) { michael@0: exit(1); michael@0: } michael@0: } michael@0: michael@0: michael@0: /* Do various checks on the cert */ michael@0: michael@0: printf("\n"); michael@0: michael@0: /* Check algorithms */ michael@0: SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, michael@0: SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL); michael@0: michael@0: SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, michael@0: SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL); michael@0: michael@0: SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, michael@0: SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL); michael@0: michael@0: SECOID_SetAlgorithmID(arena, &rsaEncryption, michael@0: SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); michael@0: michael@0: { michael@0: int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature, michael@0: &md5WithRSAEncryption) == 0); michael@0: int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature, michael@0: &md2WithRSAEncryption) == 0); michael@0: int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature, michael@0: &sha1WithRSAEncryption) == 0); michael@0: michael@0: if (verbose) { michael@0: printf("\nDoing algorithm checks.\n"); michael@0: } michael@0: michael@0: if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) { michael@0: printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n"); michael@0: } else if (!isMD5RSA) { michael@0: printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n"); michael@0: } michael@0: michael@0: if (SECOID_CompareAlgorithmID(&cert->signature, michael@0: &signedData->signatureAlgorithm)) { michael@0: printf("PROBLEM: Algorithm in sig and certInfo don't match.\n"); michael@0: } michael@0: } michael@0: michael@0: if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm, michael@0: &rsaEncryption)) { michael@0: printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n"); michael@0: } michael@0: michael@0: /* Check further public key properties */ michael@0: spk = cert->subjectPublicKeyInfo.subjectPublicKey; michael@0: DER_ConvertBitString(&spk); michael@0: michael@0: if (verbose) { michael@0: printf("\nsubjectPublicKey DER\n"); michael@0: rv = DER_PrettyPrint(stdout, &spk, PR_FALSE); michael@0: printf("\n"); michael@0: } michael@0: michael@0: rsapubkey = (SECKEYPublicKey *) michael@0: PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey)); michael@0: if (!rsapubkey) { michael@0: fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName); michael@0: exit(1); michael@0: } michael@0: michael@0: rv = SEC_ASN1DecodeItem(arena, rsapubkey, michael@0: SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk); michael@0: if (rv) { michael@0: printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n"); michael@0: } else { michael@0: int mlen; michael@0: int pubexp; michael@0: if (verbose) { michael@0: printf("Decoded RSA Public Key ok. Doing key checks.\n"); michael@0: } michael@0: PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */ michael@0: mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose); michael@0: printf("INFO: Public Key modulus length in bits: %d\n", mlen); michael@0: if (mlen > MAX_MODULUS) { michael@0: printf("PROBLEM: Modulus length exceeds %d bits.\n", michael@0: MAX_MODULUS); michael@0: } michael@0: if (mlen < 512) { michael@0: printf("WARNING: Short modulus.\n"); michael@0: } michael@0: if (mlen != (1 << (ffs(mlen)-1))) { michael@0: printf("WARNING: Unusual modulus length (not a power of two).\n"); michael@0: } michael@0: checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent", michael@0: verbose); michael@0: pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent); michael@0: if (pubexp != 17 && pubexp != 3 && pubexp != 65537) { michael@0: printf("WARNING: Public exponent not any of: 3, 17, 65537\n"); michael@0: } michael@0: } michael@0: michael@0: michael@0: /* Name checks */ michael@0: checkName(&cert->issuer, "Issuer Name", verbose); michael@0: checkName(&cert->subject, "Subject Name", verbose); michael@0: michael@0: if (issuerCert) { michael@0: SECComparison c = michael@0: CERT_CompareName(&cert->issuer, &issuerCert->subject); michael@0: if (c) { michael@0: printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n"); michael@0: } michael@0: } michael@0: michael@0: /* Check if self-signed */ michael@0: selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0); michael@0: if (selfSigned) { michael@0: printf("INFO: Certificate is self signed.\n"); michael@0: } else { michael@0: printf("INFO: Certificate is NOT self-signed.\n"); michael@0: } michael@0: michael@0: michael@0: /* Validity time check */ michael@0: if (CERT_CertTimesValid(cert) == SECSuccess) { michael@0: printf("INFO: Inside validity period of certificate.\n"); michael@0: } else { michael@0: printf("PROBLEM: Not in validity period of certificate.\n"); michael@0: invalid = 1; michael@0: } michael@0: michael@0: /* Signature check if self-signed */ michael@0: if (selfSigned && !invalid) { michael@0: if (rsapubkey->u.rsa.modulus.len) { michael@0: SECStatus ver; michael@0: if (verbose) { michael@0: printf("Checking self signature.\n"); michael@0: } michael@0: ver = OurVerifySignedData(signedData, cert); michael@0: if (ver != SECSuccess) { michael@0: printf("PROBLEM: Verification of self-signature failed!\n"); michael@0: } else { michael@0: printf("INFO: Self-signature verifies ok.\n"); michael@0: } michael@0: } else { michael@0: printf("INFO: Not checking signature due to key problems.\n"); michael@0: } michael@0: } else if (!selfSigned && !invalid && issuerCert) { michael@0: SECStatus ver; michael@0: ver = OurVerifySignedData(signedData, issuerCert); michael@0: if (ver != SECSuccess) { michael@0: printf("PROBLEM: Verification of issuer's signature failed!\n"); michael@0: } else { michael@0: printf("INFO: Issuer's signature verifies ok.\n"); michael@0: } michael@0: } else { michael@0: printf("INFO: Not checking signature.\n"); michael@0: } michael@0: michael@0: return 0; michael@0: } michael@0: michael@0: michael@0: