|  | /* Copyright 2023 The BoringSSL Authors | 
|  | * | 
|  | * Permission to use, copy, modify, and/or distribute this software for any | 
|  | * purpose with or without fee is hereby granted, provided that the above | 
|  | * copyright notice and this permission notice appear in all copies. | 
|  | * | 
|  | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | 
|  | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | 
|  | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | 
|  | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | 
|  | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | 
|  | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | 
|  | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | 
|  |  | 
|  | #include <openssl/pki/verify.h> | 
|  |  | 
|  | #include <assert.h> | 
|  |  | 
|  | #include <chrono> | 
|  | #include <optional> | 
|  | #include <string_view> | 
|  |  | 
|  | #include <openssl/base.h> | 
|  | #include <openssl/bytestring.h> | 
|  | #include <openssl/pool.h> | 
|  |  | 
|  | #include <openssl/pki/signature_verify_cache.h> | 
|  |  | 
|  | #include "cert_errors.h" | 
|  | #include "cert_issuer_source_static.h" | 
|  | #include "certificate_policies.h" | 
|  | #include "common_cert_errors.h" | 
|  | #include "encode_values.h" | 
|  | #include "input.h" | 
|  | #include "parse_certificate.h" | 
|  | #include "parse_values.h" | 
|  | #include "parsed_certificate.h" | 
|  | #include "path_builder.h" | 
|  | #include "simple_path_builder_delegate.h" | 
|  | #include "trust_store.h" | 
|  | #include "trust_store_in_memory.h" | 
|  | #include "verify_certificate_chain.h" | 
|  |  | 
|  | BSSL_NAMESPACE_BEGIN | 
|  |  | 
|  | namespace { | 
|  |  | 
|  | std::optional<std::shared_ptr<const ParsedCertificate>> | 
|  | InternalParseCertificate(Span<const uint8_t> cert, std::string *out_diagnostic) { | 
|  | ParseCertificateOptions default_options{}; | 
|  | // We follow Chromium in setting |allow_invalid_serial_numbers| in order to | 
|  | // not choke on 21-byte serial numbers, which are common. | 
|  | // | 
|  | // The reason for the discrepancy is that unsigned numbers with the high bit | 
|  | // otherwise set get an extra 0 byte in front to keep them positive. So if you | 
|  | // do: | 
|  | //    var num [20]byte | 
|  | //    fillWithRandom(num[:]) | 
|  | //    serialNumber := new(big.Int).SetBytes(num[:]) | 
|  | //    encodeASN1Integer(serialNumber) | 
|  | // | 
|  | // Then half of your serial numbers will be encoded with 21 bytes. (And | 
|  | // 1/512th will have 19 bytes instead of 20.) | 
|  | default_options.allow_invalid_serial_numbers = true; | 
|  |  | 
|  | UniquePtr<CRYPTO_BUFFER> buffer( | 
|  | CRYPTO_BUFFER_new(cert.data(), cert.size(), nullptr)); | 
|  | CertErrors errors; | 
|  | std::shared_ptr<const ParsedCertificate> parsed_cert( | 
|  | ParsedCertificate::Create(std::move(buffer), default_options, &errors)); | 
|  | if (!parsed_cert) { | 
|  | *out_diagnostic = errors.ToDebugString(); | 
|  | return {}; | 
|  | } | 
|  | return parsed_cert; | 
|  | } | 
|  | }  // namespace | 
|  |  | 
|  |  | 
|  | CertPool::CertPool() {} | 
|  |  | 
|  | CertificateVerifyOptions::CertificateVerifyOptions() {} | 
|  |  | 
|  | static std::unique_ptr<VerifyTrustStore> WrapTrustStore( | 
|  | std::unique_ptr<TrustStoreInMemory> trust_store) { | 
|  | std::unique_ptr<VerifyTrustStore> ret(new VerifyTrustStore); | 
|  | ret->trust_store = std::move(trust_store); | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | VerifyTrustStore::~VerifyTrustStore() {} | 
|  |  | 
|  | std::unique_ptr<VerifyTrustStore> VerifyTrustStore::FromDER( | 
|  | std::string_view der_certs, std::string *out_diagnostic) { | 
|  | auto store = std::make_unique<TrustStoreInMemory>(); | 
|  | CBS cbs = StringAsBytes(der_certs); | 
|  |  | 
|  | for (size_t cert_num = 1; CBS_len(&cbs) != 0; cert_num++) { | 
|  | CBS cert; | 
|  | if (!CBS_get_asn1_element(&cbs, &cert, CBS_ASN1_SEQUENCE)) { | 
|  | *out_diagnostic = "failed to get ASN.1 SEQUENCE from input at cert " + | 
|  | std::to_string(cert_num); | 
|  | return {}; | 
|  | } | 
|  |  | 
|  | auto parsed_cert = InternalParseCertificate(cert, out_diagnostic); | 
|  | if (!parsed_cert.has_value()) { | 
|  | return {}; | 
|  | } | 
|  | store->AddTrustAnchor(parsed_cert.value()); | 
|  | } | 
|  |  | 
|  | return WrapTrustStore(std::move(store)); | 
|  | } | 
|  |  | 
|  | std::unique_ptr<VerifyTrustStore> VerifyTrustStore::FromDER( | 
|  | const std::vector<std::string_view> &der_roots, | 
|  | std::string *out_diagnostic) { | 
|  | auto store = std::make_unique<TrustStoreInMemory>(); | 
|  |  | 
|  | for (const std::string_view &cert : der_roots) { | 
|  | auto parsed_cert = InternalParseCertificate(StringAsBytes(cert), out_diagnostic); | 
|  | if (!parsed_cert.has_value()) { | 
|  | return {}; | 
|  | } | 
|  | store->AddTrustAnchor(parsed_cert.value()); | 
|  | } | 
|  |  | 
|  | return WrapTrustStore(std::move(store)); | 
|  | } | 
|  |  | 
|  | CertPool::~CertPool() {} | 
|  |  | 
|  |  | 
|  | std::unique_ptr<CertPool> CertPool::FromCerts( | 
|  | const std::vector<std::string_view> &der_certs, | 
|  | std::string *out_diagnostic) { | 
|  | auto pool = std::make_unique<CertPool>(); | 
|  | pool->impl_ = std::make_unique<CertIssuerSourceStatic>(); | 
|  |  | 
|  | for (const std::string_view &cert : der_certs) { | 
|  | auto parsed_cert = | 
|  | InternalParseCertificate(StringAsBytes(cert), out_diagnostic); | 
|  | if (!parsed_cert.has_value()) { | 
|  | return {}; | 
|  | } | 
|  | pool->impl_->AddCert(std::move(parsed_cert.value())); | 
|  | } | 
|  |  | 
|  | return pool; | 
|  | } | 
|  |  | 
|  | CertificateVerifyStatus::CertificateVerifyStatus() {} | 
|  |  | 
|  | size_t CertificateVerifyStatus::IterationCount() const { | 
|  | return iteration_count_; | 
|  | } | 
|  |  | 
|  | size_t CertificateVerifyStatus::MaxDepthSeen() const { return max_depth_seen_; } | 
|  |  | 
|  | // PathBuilderDelegateImpl implements a deadline and allows for the | 
|  | // use of a SignatureVerifyCache if an implementation is provided. | 
|  | class PathBuilderDelegateImpl : public SimplePathBuilderDelegate { | 
|  | public: | 
|  | PathBuilderDelegateImpl( | 
|  | size_t min_rsa_modulus_length_bits, DigestPolicy digest_policy, | 
|  | std::chrono::time_point<std::chrono::steady_clock> deadline, | 
|  | SignatureVerifyCache *cache) | 
|  | : SimplePathBuilderDelegate(min_rsa_modulus_length_bits, digest_policy), | 
|  | deadline_(deadline), | 
|  | cache_(cache) {} | 
|  |  | 
|  | bool IsDeadlineExpired() override { | 
|  | return (std::chrono::steady_clock::now() > deadline_); | 
|  | } | 
|  |  | 
|  | SignatureVerifyCache *GetVerifyCache() override { return cache_; } | 
|  |  | 
|  | private: | 
|  | const std::chrono::time_point<std::chrono::steady_clock> deadline_; | 
|  | SignatureVerifyCache *cache_; | 
|  | }; | 
|  |  | 
|  | std::optional<std::vector<std::vector<std::string>>> CertificateVerifyInternal( | 
|  | const CertificateVerifyOptions &opts, VerifyError *out_error, | 
|  | CertificateVerifyStatus *out_status, bool all_paths) { | 
|  | VerifyError dummy; | 
|  | if (!out_error) { | 
|  | out_error = &dummy; | 
|  | } | 
|  | if (out_status != nullptr) { | 
|  | out_status->iteration_count_ = 0; | 
|  | out_status->max_depth_seen_ = 0; | 
|  | } | 
|  |  | 
|  | std::string diagnostic; | 
|  | std::optional<std::shared_ptr<const ParsedCertificate>> maybe_leaf = | 
|  | InternalParseCertificate(StringAsBytes(opts.leaf_cert), &diagnostic); | 
|  |  | 
|  | if (!maybe_leaf.has_value()) { | 
|  | *out_error = {VerifyError::StatusCode::CERTIFICATE_INVALID, 0, diagnostic}; | 
|  | return {}; | 
|  | } | 
|  | std::shared_ptr<const ParsedCertificate> leaf_cert = maybe_leaf.value(); | 
|  |  | 
|  | int64_t now; | 
|  | if (opts.time.has_value()) { | 
|  | now = opts.time.value(); | 
|  | } else { | 
|  | now = time(NULL); | 
|  | } | 
|  |  | 
|  | der::GeneralizedTime verification_time; | 
|  | if (!der::EncodePosixTimeAsGeneralizedTime(now, &verification_time)) { | 
|  | *out_error = {VerifyError::StatusCode::VERIFICATION_FAILURE, -1, | 
|  | "\nCould not encode verification time\n"}; | 
|  | return {}; | 
|  | } | 
|  |  | 
|  | TrustStore *trust_store = nullptr; | 
|  | if (opts.trust_store) { | 
|  | trust_store = opts.trust_store->trust_store.get(); | 
|  | } | 
|  |  | 
|  | auto digest_policy = SimplePathBuilderDelegate::DigestPolicy::kStrong; | 
|  | // TODO(b/111551631): remove this | 
|  | if (opts.insecurely_allow_sha1) { | 
|  | digest_policy = SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1; | 
|  | } | 
|  |  | 
|  | std::chrono::time_point<std::chrono::steady_clock> deadline = | 
|  | std::chrono::time_point<std::chrono::steady_clock>::max(); | 
|  | if (opts.deadline.has_value()) { | 
|  | deadline = opts.deadline.value(); | 
|  | } | 
|  |  | 
|  | PathBuilderDelegateImpl path_builder_delegate( | 
|  | opts.min_rsa_modulus_length, digest_policy, deadline, | 
|  | opts.signature_verify_cache); | 
|  |  | 
|  | KeyPurpose key_purpose = KeyPurpose::SERVER_AUTH; | 
|  | switch (opts.key_purpose) { | 
|  | case CertificateVerifyOptions::KeyPurpose::ANY_EKU: | 
|  | key_purpose = KeyPurpose::ANY_EKU; | 
|  | break; | 
|  | case CertificateVerifyOptions::KeyPurpose::SERVER_AUTH: | 
|  | key_purpose = KeyPurpose::SERVER_AUTH; | 
|  | break; | 
|  | case CertificateVerifyOptions::KeyPurpose::CLIENT_AUTH: | 
|  | key_purpose = KeyPurpose::CLIENT_AUTH; | 
|  | break; | 
|  | case CertificateVerifyOptions::KeyPurpose::SERVER_AUTH_STRICT: | 
|  | key_purpose = KeyPurpose::SERVER_AUTH_STRICT; | 
|  | break; | 
|  | case CertificateVerifyOptions::KeyPurpose::CLIENT_AUTH_STRICT: | 
|  | key_purpose = KeyPurpose::CLIENT_AUTH_STRICT; | 
|  | break; | 
|  | case CertificateVerifyOptions::KeyPurpose::SERVER_AUTH_STRICT_LEAF: | 
|  | key_purpose = KeyPurpose::SERVER_AUTH_STRICT_LEAF; | 
|  | break; | 
|  | case CertificateVerifyOptions::KeyPurpose::CLIENT_AUTH_STRICT_LEAF: | 
|  | key_purpose = KeyPurpose::CLIENT_AUTH_STRICT_LEAF; | 
|  | break; | 
|  | } | 
|  | CertPathBuilder path_builder(leaf_cert, trust_store, &path_builder_delegate, | 
|  | verification_time, key_purpose, | 
|  | InitialExplicitPolicy::kFalse, | 
|  | /* user_initial_policy_set= */ | 
|  | {der::Input(kAnyPolicyOid)}, | 
|  | InitialPolicyMappingInhibit::kFalse, | 
|  | InitialAnyPolicyInhibit::kFalse); | 
|  |  | 
|  | CertIssuerSourceStatic intermediates; | 
|  | for (const std::string_view &cert : opts.intermediates) { | 
|  | std::string diag_string; | 
|  | std::optional<std::shared_ptr<const ParsedCertificate>> parsed = | 
|  | InternalParseCertificate(StringAsBytes(cert), &diag_string); | 
|  | if (!parsed.has_value()) { | 
|  | if (path_builder_delegate.IsDebugLogEnabled()) { | 
|  | path_builder_delegate.DebugLog("skipping bad intermediate: " + | 
|  | diag_string); | 
|  | } | 
|  | continue; | 
|  | } | 
|  | intermediates.AddCert(std::move(parsed.value())); | 
|  | } | 
|  | path_builder.AddCertIssuerSource(&intermediates); | 
|  |  | 
|  | if (opts.extra_intermediates != nullptr) { | 
|  | path_builder.AddCertIssuerSource(opts.extra_intermediates->impl_.get()); | 
|  | } | 
|  |  | 
|  | if (opts.max_iteration_count > 0) { | 
|  | path_builder.SetIterationLimit(opts.max_iteration_count); | 
|  | } | 
|  |  | 
|  | if (opts.max_path_building_depth > 0) { | 
|  | path_builder.SetDepthLimit(opts.max_path_building_depth); | 
|  | } | 
|  |  | 
|  | path_builder.SetExploreAllPaths(all_paths); | 
|  |  | 
|  | CertPathBuilder::Result result = path_builder.Run(); | 
|  |  | 
|  | if (out_status != nullptr) { | 
|  | out_status->iteration_count_ = result.iteration_count; | 
|  | out_status->max_depth_seen_ = result.max_depth_seen; | 
|  | } | 
|  |  | 
|  | *out_error = result.GetBestPathVerifyError(); | 
|  |  | 
|  | if (result.HasValidPath()) { | 
|  | std::vector<std::vector<std::string>> ret; | 
|  | if (!all_paths) { | 
|  | auto best_path = result.GetBestValidPath(); | 
|  | ret.push_back(std::vector<std::string>()); | 
|  | for (size_t i = 0; i < best_path->certs.size(); i++) { | 
|  | ret[0].emplace_back(BytesAsStringView(best_path->certs[i]->der_cert())); | 
|  | } | 
|  | return ret; | 
|  | } | 
|  | for (const auto &path : result.paths) { | 
|  | if (!path->IsValid()) { | 
|  | continue; | 
|  | } | 
|  | std::vector<std::string> ret_path; | 
|  | for (const auto &cert : path->certs) { | 
|  | ret_path.emplace_back(BytesAsStringView(cert->der_cert())); | 
|  | } | 
|  | ret.push_back(ret_path); | 
|  | } | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | return {}; | 
|  | } | 
|  |  | 
|  | std::optional<std::vector<std::string>> CertificateVerify( | 
|  | const CertificateVerifyOptions &opts, VerifyError *out_error, | 
|  | CertificateVerifyStatus *out_status) { | 
|  | auto single_path = CertificateVerifyInternal(opts, out_error, out_status, | 
|  | /*all_paths=*/false); | 
|  | if (!single_path.has_value()) { | 
|  | return {}; | 
|  | } | 
|  | return single_path.value()[0]; | 
|  | } | 
|  |  | 
|  | std::optional<std::vector<std::vector<std::string>>> CertificateVerifyAllPaths( | 
|  | const CertificateVerifyOptions &opts) { | 
|  | return CertificateVerifyInternal(opts, nullptr, nullptr, /*all_paths=*/true); | 
|  | } | 
|  |  | 
|  | BSSL_NAMESPACE_END |