tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pkixgtest.h (9688B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This code is made available to you under your choice of the following sets
      4 * of licensing terms:
      5 */
      6 /* This Source Code Form is subject to the terms of the Mozilla Public
      7 * License, v. 2.0. If a copy of the MPL was not distributed with this
      8 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
      9 */
     10 /* Copyright 2014 Mozilla Contributors
     11 *
     12 * Licensed under the Apache License, Version 2.0 (the "License");
     13 * you may not use this file except in compliance with the License.
     14 * You may obtain a copy of the License at
     15 *
     16 *     http://www.apache.org/licenses/LICENSE-2.0
     17 *
     18 * Unless required by applicable law or agreed to in writing, software
     19 * distributed under the License is distributed on an "AS IS" BASIS,
     20 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     21 * See the License for the specific language governing permissions and
     22 * limitations under the License.
     23 */
     24 #ifndef mozilla_pkix_pkixgtest_h
     25 #define mozilla_pkix_pkixgtest_h
     26 
     27 #include <ostream>
     28 
     29 #if defined(__clang__)
     30 #pragma clang diagnostic push
     31 #pragma clang diagnostic ignored "-Wdeprecated"
     32 #pragma clang diagnostic ignored "-Wmissing-noreturn"
     33 #pragma clang diagnostic ignored "-Wshift-sign-overflow"
     34 #pragma clang diagnostic ignored "-Wsign-conversion"
     35 #pragma clang diagnostic ignored "-Wundef"
     36 #elif defined(__GNUC__)
     37 #pragma GCC diagnostic push
     38 #pragma GCC diagnostic ignored "-Wextra"
     39 #elif defined(_MSC_VER)
     40 #pragma warning(push, 3)
     41 // C4224: Nonstandard extension used: formal parameter 'X' was previously
     42 //        defined as a type.
     43 #pragma warning(disable : 4224)
     44 // C4826: Conversion from 'type1 ' to 'type_2' is sign - extended. This may
     45 //        cause unexpected runtime behavior.
     46 #pragma warning(disable : 4826)
     47 #endif
     48 
     49 #include "gtest/gtest.h"
     50 
     51 #if defined(__clang__)
     52 #pragma clang diagnostic pop
     53 #elif defined(__GNUC__)
     54 #pragma GCC diagnostic pop
     55 #elif defined(_MSC_VER)
     56 #pragma warning(pop)
     57 #endif
     58 
     59 #include "mozpkix/pkix.h"
     60 #include "mozpkix/pkixder.h"
     61 #include "mozpkix/test/pkixtestutil.h"
     62 
     63 // PrintTo must be in the same namespace as the type we're overloading it for.
     64 namespace mozilla {
     65 namespace pkix {
     66 
     67 inline void PrintTo(const Result& result, ::std::ostream* os) {
     68  const char* stringified = MapResultToName(result);
     69  if (stringified) {
     70    *os << stringified;
     71  } else {
     72    *os << "mozilla::pkix::Result(" << static_cast<unsigned int>(result) << ")";
     73  }
     74 }
     75 }  // namespace pkix
     76 }  // namespace mozilla
     77 
     78 namespace mozilla {
     79 namespace pkix {
     80 namespace test {
     81 
     82 extern const std::time_t oneDayBeforeNow;
     83 extern const std::time_t oneDayAfterNow;
     84 extern const std::time_t twoDaysBeforeNow;
     85 extern const std::time_t twoDaysAfterNow;
     86 extern const std::time_t tenDaysBeforeNow;
     87 extern const std::time_t tenDaysAfterNow;
     88 
     89 class EverythingFailsByDefaultTrustDomain : public TrustDomain {
     90 public:
     91  Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input,
     92                      /*out*/ TrustLevel&) override {
     93    ADD_FAILURE();
     94    return NotReached("GetCertTrust should not be called",
     95                      Result::FATAL_ERROR_LIBRARY_FAILURE);
     96  }
     97 
     98  Result FindIssuer(Input, IssuerChecker&, Time) override {
     99    ADD_FAILURE();
    100    return NotReached("FindIssuer should not be called",
    101                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    102  }
    103 
    104  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
    105                         /*optional*/ const Input*,
    106                         /*optional*/ const Input*) override {
    107    ADD_FAILURE();
    108    return NotReached("CheckRevocation should not be called",
    109                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    110  }
    111 
    112  Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override {
    113    ADD_FAILURE();
    114    return NotReached("IsChainValid should not be called",
    115                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    116  }
    117 
    118  Result DigestBuf(Input, DigestAlgorithm, /*out*/ uint8_t*, size_t) override {
    119    ADD_FAILURE();
    120    return NotReached("DigestBuf should not be called",
    121                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    122  }
    123 
    124  Result CheckSignatureDigestAlgorithm(DigestAlgorithm, EndEntityOrCA,
    125                                       Time) override {
    126    ADD_FAILURE();
    127    return NotReached("CheckSignatureDigestAlgorithm should not be called",
    128                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    129  }
    130 
    131  Result CheckECDSACurveIsAcceptable(EndEntityOrCA, NamedCurve) override {
    132    ADD_FAILURE();
    133    return NotReached("CheckECDSACurveIsAcceptable should not be called",
    134                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    135  }
    136 
    137  Result VerifyECDSASignedData(Input, DigestAlgorithm, Input, Input) override {
    138    ADD_FAILURE();
    139    return NotReached("VerifyECDSASignedData should not be called",
    140                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    141  }
    142 
    143  Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA,
    144                                            unsigned int) override {
    145    ADD_FAILURE();
    146    return NotReached("CheckRSAPublicKeyModulusSizeInBits should not be called",
    147                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    148  }
    149 
    150  Result VerifyRSAPKCS1SignedData(Input, DigestAlgorithm, Input,
    151                                  Input) override {
    152    ADD_FAILURE();
    153    return NotReached("VerifyRSAPKCS1SignedData should not be called",
    154                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    155  }
    156 
    157  Result VerifyRSAPSSSignedData(Input, DigestAlgorithm, Input, Input) override {
    158    ADD_FAILURE();
    159    return NotReached("VerifyRSAPSSSignedData should not be called",
    160                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    161  }
    162 
    163  Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA,
    164                                   KeyPurposeId) override {
    165    ADD_FAILURE();
    166    return NotReached("CheckValidityIsAcceptable should not be called",
    167                      Result::FATAL_ERROR_LIBRARY_FAILURE);
    168  }
    169 
    170  virtual void NoteAuxiliaryExtension(AuxiliaryExtension, Input) override {
    171    ADD_FAILURE();
    172  }
    173 };
    174 
    175 class DefaultCryptoTrustDomain : public EverythingFailsByDefaultTrustDomain {
    176  Result DigestBuf(Input item, DigestAlgorithm digestAlg,
    177                   /*out*/ uint8_t* digestBuf, size_t digestBufLen) override {
    178    return TestDigestBuf(item, digestAlg, digestBuf, digestBufLen);
    179  }
    180 
    181  Result CheckSignatureDigestAlgorithm(DigestAlgorithm, EndEntityOrCA,
    182                                       Time) override {
    183    return Success;
    184  }
    185 
    186  Result CheckECDSACurveIsAcceptable(EndEntityOrCA, NamedCurve) override {
    187    return Success;
    188  }
    189 
    190  Result VerifyECDSASignedData(Input data, DigestAlgorithm digestAlgorithm,
    191                               Input signature,
    192                               Input subjectPublicKeyInfo) override {
    193    return TestVerifyECDSASignedData(data, digestAlgorithm, signature,
    194                                     subjectPublicKeyInfo);
    195  }
    196 
    197  Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA,
    198                                            unsigned int) override {
    199    return Success;
    200  }
    201 
    202  Result VerifyRSAPKCS1SignedData(Input data, DigestAlgorithm digestAlgorithm,
    203                                  Input signature,
    204                                  Input subjectPublicKeyInfo) override {
    205    return TestVerifyRSAPKCS1SignedData(data, digestAlgorithm, signature,
    206                                        subjectPublicKeyInfo);
    207  }
    208 
    209  Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA,
    210                                   KeyPurposeId) override {
    211    return Success;
    212  }
    213 
    214  void NoteAuxiliaryExtension(AuxiliaryExtension, Input) override {}
    215 };
    216 
    217 class DefaultNameMatchingPolicy : public NameMatchingPolicy {
    218 public:
    219  virtual Result FallBackToCommonName(
    220      Time,
    221      /*out*/ FallBackToSearchWithinSubject& fallBackToCommonName) override {
    222    fallBackToCommonName = FallBackToSearchWithinSubject::Yes;
    223    return Success;
    224  }
    225 
    226  virtual HandleInvalidSubjectAlternativeNamesBy
    227  HandleInvalidSubjectAlternativeNames() override {
    228    return HandleInvalidSubjectAlternativeNamesBy::Halting;
    229  }
    230 };
    231 
    232 // python DottedOIDToCode.py --tlv id-kp-clientAuth 1.3.6.1.5.5.7.3.2
    233 const uint8_t tlv_id_kp_clientAuth[] = {0x06, 0x08, 0x2b, 0x06, 0x01,
    234                                        0x05, 0x05, 0x07, 0x03, 0x02};
    235 
    236 // python DottedOIDToCode.py --tlv id-kp-codeSigning 1.3.6.1.5.5.7.3.3
    237 const uint8_t tlv_id_kp_codeSigning[] = {0x06, 0x08, 0x2b, 0x06, 0x01,
    238                                         0x05, 0x05, 0x07, 0x03, 0x03};
    239 
    240 // python DottedOIDToCode.py --tlv id-ce-extKeyUsage 2.5.29.37
    241 const uint8_t tlv_id_ce_extKeyUsage[] = {0x06, 0x03, 0x55, 0x1d, 0x25};
    242 
    243 // python DottedOIDToCode.py --tlv id-kp-documentSigning 1.3.6.1.5.5.7.3.36
    244 static const uint8_t tlv_id_kp_documentSigning[] = {
    245    0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x24};
    246 
    247 // python DottedOIDToCode.py --tlv
    248 // id-kp-documentSigningAdobe 1.2.840.113583.1.1.5
    249 static const uint8_t tlv_id_kp_documentSigningAdobe[] = {
    250    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x2f, 0x01, 0x01, 0x05};
    251 
    252 // python DottedOIDToCode.py --tlv
    253 // id-kp-documentSigningMicrosoft 1.3.6.1.4.1.311.10.3.12
    254 static const uint8_t tlv_id_kp_documentSigningMicrosoft[] = {
    255    0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x0c};
    256 
    257 inline ByteString CreateEKUExtension(ByteString ekuOIDs) {
    258  return TLV(der::SEQUENCE,
    259             BytesToByteString(tlv_id_ce_extKeyUsage) +
    260                 TLV(der::OCTET_STRING, TLV(der::SEQUENCE, ekuOIDs)));
    261 }
    262 
    263 }  // namespace test
    264 }  // namespace pkix
    265 }  // namespace mozilla
    266 
    267 #endif  // mozilla_pkix_pkixgtest_h