Back to index

lightning-sunbird  0.9+nobinonly
checkcert.c
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #include "secutil.h"
00038 #include "plgetopt.h"
00039 #include "cert.h"
00040 #include "secoid.h"
00041 #include "cryptohi.h"
00042 
00043 /* maximum supported modulus length in bits (indicate problem if over this) */
00044 #define MAX_MODULUS (1024)
00045 
00046 
00047 static void Usage(char *progName)
00048 {
00049     fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n",
00050            progName);
00051     fprintf(stderr, "%-20s Cert to check is base64 encoded\n",
00052            "-a");
00053     fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n",
00054            "-A");
00055     fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n",
00056            "-v");
00057     fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n",
00058            "-f");
00059     fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
00060            "-o output");
00061     fprintf(stderr, "%-20s Specify the input type (no default)\n",
00062            "-t type");
00063     exit(-1);
00064 }
00065 
00066 
00067 /*
00068  * Check integer field named fieldName, printing out results and
00069  * returning the length of the integer in bits
00070  */   
00071 
00072 static
00073 int checkInteger(SECItem *intItem, char *fieldName, int verbose) 
00074 {
00075     int len, bitlen;
00076     if (verbose) {
00077        printf("Checking %s\n", fieldName);
00078     }
00079 
00080     len = intItem->len;
00081 
00082     if (len && (intItem->data[0] & 0x80)) {
00083        printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n",
00084               fieldName);
00085     }
00086 
00087 
00088     /* calculate bit length and check for unnecessary leading zeros */
00089     bitlen = len << 3;
00090     if (len > 1 && intItem->data[0] == 0) {
00091        /* leading zero byte(s) */
00092        if (!(intItem->data[1] & 0x80)) {
00093            printf("PROBLEM: %s has unneeded leading zeros.  Violates DER.\n",
00094                  fieldName);
00095        }
00096        /* strip leading zeros in length calculation */
00097        {
00098            int i=0;
00099            while (bitlen > 8 && intItem->data[i] == 0) {
00100               bitlen -= 8;
00101               i++;
00102            }
00103        }
00104     }
00105     return bitlen;
00106 }
00107 
00108 
00109 
00110 
00111 static
00112 void checkName(CERTName *n, char *fieldName, int verbose)
00113 {
00114     char *v=0;
00115     if (verbose) {
00116        printf("Checking %s\n", fieldName);
00117     }
00118 
00119     v = CERT_GetCountryName(n);
00120     if (!v) {
00121        printf("PROBLEM: %s lacks Country Name (C)\n",
00122               fieldName);
00123     }
00124     PORT_Free(v);
00125 
00126     v = CERT_GetOrgName(n);
00127     if (!v) {
00128        printf("PROBLEM: %s lacks Organization Name (O)\n",
00129               fieldName);
00130     }
00131     PORT_Free(v);
00132 
00133     v = CERT_GetOrgUnitName(n);
00134     if (!v) {
00135        printf("WARNING: %s lacks Organization Unit Name (OU)\n",
00136               fieldName);
00137     }
00138     PORT_Free(v);    
00139 
00140     v = CERT_GetCommonName(n);
00141     if (!v) {
00142        printf("PROBLEM: %s lacks Common Name (CN)\n",
00143               fieldName);
00144     }
00145     PORT_Free(v);
00146 }
00147 
00148 
00149 
00150 
00151 /*
00152  * Private version of verification that checks for agreement between
00153  * signature algorithm oid (at the SignedData level) and oid in DigestInfo.
00154  *
00155  */
00156 
00157 
00158 /* Returns the tag for the hash algorithm in the given signature algorithm */
00159      static
00160      int hashAlg(int sigAlgTag) {
00161         int rv;
00162         switch(sigAlgTag) {
00163           case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
00164             rv = SEC_OID_MD2;
00165             break;
00166           case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
00167             rv = SEC_OID_MD5;
00168             break;
00169           case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
00170             rv = SEC_OID_SHA1;
00171             break;
00172           default:
00173             rv = -1;
00174         }
00175         return rv;
00176      }
00177 
00178 
00179 
00180 struct VFYContextStr {
00181     int alg;
00182     unsigned char digest[32];
00183     void *hasher;
00184     void (*begin)(void *);
00185     void (*update)(void *, unsigned char*, unsigned);
00186     SECStatus (*end)(void *, unsigned char*, unsigned int*, unsigned);
00187     void (*destroy)(void *, PRBool);
00188 };
00189 
00190 
00191 static
00192 SECStatus
00193 OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
00194              SECItem *sig, SECAlgorithmID *sigAlgorithm)
00195 {
00196     SECStatus rv;
00197     VFYContext *cx;
00198     SECOidData *sigAlgOid, *oiddata;
00199     int sigAlgTag;
00200     int hashAlgTag;
00201     int showDigestOid=0;
00202 
00203     cx = VFY_CreateContext(key, sig, SECOID_GetAlgorithmTag(sigAlgorithm),
00204                         NULL);
00205     if (cx == NULL)
00206        return SECFailure;
00207 
00208     sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
00209     if (sigAlgOid == 0)
00210        return SECFailure;
00211     sigAlgTag = sigAlgOid->offset;
00212 
00213     hashAlgTag = hashAlg(sigAlgTag);
00214     if (hashAlgTag == -1) {
00215        printf("PROBLEM: Unsupported Digest Algorithm in DigestInfo");
00216        showDigestOid = 1;
00217     } else if (hashAlgTag != cx->alg) {
00218        printf("PROBLEM: Digest OID in DigestInfo is incompatible "
00219               "with Signature Algorithm\n");
00220        showDigestOid = 1;
00221     } 
00222 
00223     if (showDigestOid) {
00224        oiddata = SECOID_FindOIDByTag(cx->alg);
00225        if ( oiddata ) {
00226            printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
00227        } else {
00228            SECU_PrintAsHex(stdout,
00229                          &oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
00230        }
00231     }
00232 
00233     rv = VFY_Begin(cx);
00234     if (rv == SECSuccess) {
00235        rv = VFY_Update(cx, buf, len);
00236        if (rv == SECSuccess)
00237            rv = VFY_End(cx);
00238     }
00239 
00240     VFY_DestroyContext(cx, PR_TRUE);
00241     return rv;
00242 }
00243 
00244 
00245 
00246 static
00247 SECStatus
00248 OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert)
00249 {
00250     SECItem sig;
00251     SECKEYPublicKey *pubKey = 0;
00252     SECStatus rv;
00253 
00254     /* check the certificate's validity */
00255     rv = CERT_CertTimesValid(cert);
00256     if ( rv ) {
00257        return(SECFailure);
00258     }
00259 
00260     /* get cert's public key */
00261     pubKey = CERT_ExtractPublicKey(cert);
00262     if ( !pubKey ) {
00263        return(SECFailure);
00264     }
00265 
00266     /* check the signature */
00267     sig = sd->signature;
00268     DER_ConvertBitString(&sig);
00269     rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig,
00270                      &sd->signatureAlgorithm);
00271 
00272     SECKEY_DestroyPublicKey(pubKey);
00273 
00274     if ( rv ) {
00275        return(SECFailure);
00276     }
00277 
00278     return(SECSuccess);
00279 }
00280 
00281 
00282 
00283 
00284 static
00285 CERTCertificate *createEmptyCertificate(void)
00286 {
00287     PRArenaPool *arena = 0;
00288     CERTCertificate *c = 0;
00289 
00290     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
00291     if ( !arena ) {
00292        return 0;
00293     }
00294 
00295 
00296     c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
00297 
00298     if (c) {
00299        c->referenceCount = 1;
00300        c->arena = arena;
00301     } else {
00302        PORT_FreeArena(arena,PR_TRUE);
00303     }
00304 
00305     return c;
00306 }    
00307 
00308 
00309 
00310 
00311 int main(int argc, char **argv)
00312 {
00313     int rv, verbose=0, force=0;
00314     int ascii=0, issuerAscii=0;
00315     char *progName=0;
00316     PRFileDesc *inFile=0, *issuerCertFile=0;
00317     SECItem derCert, derIssuerCert;
00318     PRArenaPool *arena=0;
00319     CERTSignedData *signedData=0;
00320     CERTCertificate *cert=0, *issuerCert=0;
00321     SECKEYPublicKey *rsapubkey=0;
00322     SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption;
00323     SECAlgorithmID sha1WithRSAEncryption, rsaEncryption;
00324     SECItem spk;
00325     int selfSigned=0;
00326     int invalid=0;
00327     char *inFileName = NULL, *issuerCertFileName = NULL;
00328     PLOptState *optstate;
00329     PLOptStatus status;
00330 
00331     PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption));
00332     PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption));
00333     PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption));
00334     PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption));
00335 
00336     progName = strrchr(argv[0], '/');
00337     progName = progName ? progName+1 : argv[0];
00338 
00339     optstate = PL_CreateOptState(argc, argv, "aAvf");
00340     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
00341        switch (optstate->option) {
00342          case 'v':
00343            verbose = 1;
00344            break;
00345 
00346          case 'f':
00347            force = 1;
00348            break;
00349 
00350          case 'a':
00351            ascii = 1;
00352            break;
00353 
00354          case 'A':
00355            issuerAscii = 1;
00356            break;
00357 
00358          case '\0':
00359            if (!inFileName)
00360               inFileName = PL_strdup(optstate->value);
00361            else if (!issuerCertFileName)
00362               issuerCertFileName = PL_strdup(optstate->value);
00363            else
00364               Usage(progName);
00365            break;
00366        }
00367     }
00368 
00369     if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) {
00370        /* insufficient or excess args */
00371        Usage(progName);
00372     }
00373 
00374     inFile = PR_Open(inFileName, PR_RDONLY, 0);
00375     if (!inFile) {
00376        fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
00377                         progName, inFileName);
00378        exit(1);
00379     }
00380 
00381     issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0);
00382     if (!issuerCertFile) {
00383        fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
00384                         progName, issuerCertFileName);
00385        exit(1);
00386     }
00387 
00388     if (SECU_ReadDERFromFile(&derCert, inFile, ascii) != SECSuccess) {
00389        printf("Couldn't read input certificate as DER binary or base64\n");
00390        exit(1);
00391     }
00392 
00393     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
00394     if (arena == 0) {
00395        fprintf(stderr,"%s: can't allocate scratch arena!", progName);
00396        exit(1);
00397     }
00398 
00399     if (issuerCertFile) {
00400        CERTSignedData *issuerCertSD=0;
00401        if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii)
00402            != SECSuccess) {
00403            printf("Couldn't read issuer certificate as DER binary or base64.\n");
00404            exit(1);
00405        }
00406        issuerCertSD = PORT_ArenaZNew(arena, CERTSignedData);
00407        if (!issuerCertSD) {
00408            fprintf(stderr,"%s: can't allocate issuer signed data!", progName);
00409            exit(1);
00410        }
00411        rv = SEC_ASN1DecodeItem(arena, issuerCertSD, 
00412                                SEC_ASN1_GET(CERT_SignedDataTemplate),
00413                             &derIssuerCert);
00414        if (rv) {
00415            fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n",
00416                   progName);
00417            exit(1);
00418        }
00419        issuerCert = createEmptyCertificate();
00420        if (!issuerCert) {
00421            printf("%s: can't allocate space for issuer cert.", progName);
00422            exit(1);
00423        }
00424        rv = SEC_ASN1DecodeItem(arena, issuerCert, 
00425                            SEC_ASN1_GET(CERT_CertificateTemplate),
00426                          &issuerCertSD->data);
00427        if (rv) {
00428            printf("%s: Does not appear to be an X509 Certificate.\n",
00429                  progName);
00430            exit(1);
00431        }
00432     }
00433 
00434     signedData =  PORT_ArenaZNew(arena,CERTSignedData);
00435     if (!signedData) {
00436        fprintf(stderr,"%s: can't allocate signedData!", progName);
00437        exit(1);
00438     }
00439 
00440     rv = SEC_ASN1DecodeItem(arena, signedData, 
00441                             SEC_ASN1_GET(CERT_SignedDataTemplate), 
00442                          &derCert);
00443     if (rv) {
00444        fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n",
00445               progName);
00446        exit(1);
00447     }
00448 
00449     if (verbose) {
00450        printf("Decoded ok as X509 SIGNED data.\n");
00451     }
00452 
00453     cert = createEmptyCertificate();
00454     if (!cert) {
00455        fprintf(stderr, "%s: can't allocate cert", progName);
00456        exit(1);
00457     }
00458 
00459     rv = SEC_ASN1DecodeItem(arena, cert, 
00460                         SEC_ASN1_GET(CERT_CertificateTemplate), 
00461                      &signedData->data);
00462     if (rv) {
00463        fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n",
00464               progName);
00465        exit(1);
00466     }
00467 
00468 
00469     if (verbose) {
00470        printf("Decoded ok as an X509 certificate.\n");
00471     }
00472 
00473     SECU_RegisterDynamicOids();
00474     rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0,
00475                            SECU_PrintCertificate);
00476 
00477     if (rv) {
00478        fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n",
00479               progName, PORT_GetError());
00480        if (!force) {
00481            exit(1);
00482        }
00483     }
00484 
00485 
00486     /* Do various checks on the cert */
00487 
00488     printf("\n");
00489 
00490     /* Check algorithms */
00491     SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption,
00492                      SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL);
00493 
00494     SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption,
00495                      SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL);
00496 
00497     SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption,
00498                      SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL);
00499 
00500     SECOID_SetAlgorithmID(arena, &rsaEncryption,
00501                      SEC_OID_PKCS1_RSA_ENCRYPTION, NULL);
00502 
00503     {
00504        int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature,
00505                                           &md5WithRSAEncryption) == 0);
00506        int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature,
00507                                           &md2WithRSAEncryption) == 0);
00508        int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature,
00509                                           &sha1WithRSAEncryption) == 0);
00510 
00511        if (verbose) {
00512            printf("\nDoing algorithm checks.\n");
00513        }
00514 
00515        if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) {
00516            printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n");
00517        } else if (!isMD5RSA) {
00518            printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n");
00519        }
00520 
00521        if (SECOID_CompareAlgorithmID(&cert->signature,
00522                                &signedData->signatureAlgorithm)) {
00523            printf("PROBLEM: Algorithm in sig and certInfo don't match.\n");
00524        }
00525     }
00526 
00527     if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm,
00528                             &rsaEncryption)) {
00529        printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n");
00530     }
00531 
00532     /* Check further public key properties */
00533     spk = cert->subjectPublicKeyInfo.subjectPublicKey;
00534     DER_ConvertBitString(&spk);
00535 
00536     if (verbose) {
00537        printf("\nsubjectPublicKey DER\n");
00538        rv = DER_PrettyPrint(stdout, &spk, PR_FALSE);
00539        printf("\n");
00540     }
00541 
00542     rsapubkey = (SECKEYPublicKey *) 
00543                     PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey));
00544     if (!rsapubkey) {
00545        fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName);
00546        exit(1);
00547     }
00548 
00549     rv = SEC_ASN1DecodeItem(arena, rsapubkey, 
00550                             SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk);
00551     if (rv) {
00552        printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n");
00553     } else {
00554        int mlen;
00555        int pubexp;
00556        if (verbose) {
00557            printf("Decoded RSA Public Key ok.  Doing key checks.\n");
00558        }
00559        PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */
00560        mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose);
00561        printf("INFO: Public Key modulus length in bits: %d\n", mlen);
00562        if (mlen > MAX_MODULUS) {
00563            printf("PROBLEM: Modulus length exceeds %d bits.\n",
00564                  MAX_MODULUS);
00565        }
00566        if (mlen < 512) {
00567            printf("WARNING: Short modulus.\n");
00568        }
00569        if (mlen != (1 << (ffs(mlen)-1))) {
00570            printf("WARNING: Unusual modulus length (not a power of two).\n");
00571        }
00572        checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent",
00573                      verbose);
00574        pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent);
00575        if (pubexp != 17 && pubexp != 3 && pubexp != 65537) {
00576            printf("WARNING: Public exponent not any of: 3, 17, 65537\n");
00577        }
00578     }
00579 
00580 
00581     /* Name checks */
00582     checkName(&cert->issuer, "Issuer Name", verbose);
00583     checkName(&cert->subject, "Subject Name", verbose);
00584 
00585     if (issuerCert) {
00586        SECComparison c =
00587            CERT_CompareName(&cert->issuer, &issuerCert->subject);
00588        if (c) {
00589          printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n");
00590         }
00591     }
00592 
00593     /* Check if self-signed */
00594     selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0);
00595     if (selfSigned) {
00596        printf("INFO: Certificate is self signed.\n");
00597     } else {
00598        printf("INFO: Certificate is NOT self-signed.\n");
00599     }
00600 
00601 
00602     /* Validity time check */
00603     if (CERT_CertTimesValid(cert) == SECSuccess) {
00604        printf("INFO: Inside validity period of certificate.\n");
00605     } else {
00606        printf("PROBLEM: Not in validity period of certificate.\n");
00607        invalid = 1;
00608     }
00609 
00610     /* Signature check if self-signed */
00611     if (selfSigned && !invalid) {
00612        if (rsapubkey->u.rsa.modulus.len) {
00613            SECStatus ver;
00614            if (verbose) {
00615               printf("Checking self signature.\n");
00616            }
00617            ver = OurVerifySignedData(signedData, cert);
00618            if (ver != SECSuccess) {
00619               printf("PROBLEM: Verification of self-signature failed!\n");
00620            } else {
00621               printf("INFO: Self-signature verifies ok.\n");
00622            }
00623        } else {
00624            printf("INFO: Not checking signature due to key problems.\n");
00625        }
00626     } else if (!selfSigned && !invalid && issuerCert) {
00627        SECStatus ver;
00628        ver = OurVerifySignedData(signedData, issuerCert);
00629        if (ver != SECSuccess) {
00630            printf("PROBLEM: Verification of issuer's signature failed!\n");
00631        } else {
00632            printf("INFO: Issuer's signature verifies ok.\n");
00633        }
00634     } else {
00635        printf("INFO: Not checking signature.\n");
00636     }
00637 
00638     return 0;    
00639 }
00640 
00641 
00642