bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes

2024-09-13 09:24:08 -07:00 · 2015-04-07 17:29:05 -07:00 · 2015-04-07 17:29:05 -07:00 · 5f4152c364
commit 5f4152c364
parent 107362ed54
3 changed files with 6440 additions and 0 deletions
--- a/security/certverifier/CNNICHashWhitelist.inc
+++ b/security/certverifier/CNNICHashWhitelist.inc
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@ -25,6 +25,8 @@
 #include "ScopedNSSTypes.h"
 #include "secerr.h"
 #include "CNNICHashWhitelist.inc"
 using namespace mozilla;
 using namespace mozilla::pkix;
@ -679,6 +681,40 @@ NSSCertDBTrustDomain::VerifyAndMaybeCacheEncodedOCSPResponse(
  return rv;
 }
 static const uint8_t CNNIC_ROOT_CA_SUBJECT_DATA[] =
  "\x30\x32\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x0E\x30"
  "\x0C\x06\x03\x55\x04\x0A\x13\x05\x43\x4E\x4E\x49\x43\x31\x13\x30\x11\x06"
  "\x03\x55\x04\x03\x13\x0A\x43\x4E\x4E\x49\x43\x20\x52\x4F\x4F\x54";
 static const uint8_t CNNIC_EV_ROOT_CA_SUBJECT_DATA[] =
  "\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x32"
  "\x30\x30\x06\x03\x55\x04\x0A\x0C\x29\x43\x68\x69\x6E\x61\x20\x49\x6E\x74"
  "\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F"
  "\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x31\x47\x30\x45"
  "\x06\x03\x55\x04\x03\x0C\x3E\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72"
  "\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D"
  "\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x20\x45\x56\x20\x43\x65"
  "\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x52\x6F\x6F\x74";
 class WhitelistedCNNICHashBinarySearchComparator
 {
 public:
  explicit WhitelistedCNNICHashBinarySearchComparator(const uint8_t* aTarget,
                                                      size_t aTargetLength)
    : mTarget(aTarget)
  {
    MOZ_ASSERT(aTargetLength == CNNIC_WHITELIST_HASH_LEN,
               "Hashes should be of the same length.");
  }
  int operator()(const WhitelistedCNNICHash val) const {
    return memcmp(mTarget, val.hash, CNNIC_WHITELIST_HASH_LEN);
  }
 private:
  const uint8_t* mTarget;
 };
 Result
 NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time)
 {
@ -692,6 +728,49 @@ NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time)
    return MapPRErrorCodeToResult(PR_GetError());
  }
  // If the certificate appears to have been issued by a CNNIC root, only allow
  // it if it is on the whitelist.
  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
  if (!rootNode) {
    return Result::FATAL_ERROR_LIBRARY_FAILURE;
  }
  CERTCertificate* root = rootNode->cert;
  if (!root) {
    return Result::FATAL_ERROR_LIBRARY_FAILURE;
  }
  if ((root->derSubject.len == sizeof(CNNIC_ROOT_CA_SUBJECT_DATA) - 1 &&
       memcmp(root->derSubject.data, CNNIC_ROOT_CA_SUBJECT_DATA,
              root->derSubject.len) == 0) ||
      (root->derSubject.len == sizeof(CNNIC_EV_ROOT_CA_SUBJECT_DATA) - 1 &&
       memcmp(root->derSubject.data, CNNIC_EV_ROOT_CA_SUBJECT_DATA,
              root->derSubject.len) == 0)) {
    CERTCertListNode* certNode = CERT_LIST_HEAD(certList);
    if (!certNode) {
      return Result::FATAL_ERROR_LIBRARY_FAILURE;
    }
    CERTCertificate* cert = certNode->cert;
    if (!cert) {
      return Result::FATAL_ERROR_LIBRARY_FAILURE;
    }
    Digest digest;
    nsresult nsrv = digest.DigestBuf(SEC_OID_SHA256, cert->derCert.data,
                                     cert->derCert.len);
    if (NS_FAILED(nsrv)) {
      return Result::FATAL_ERROR_LIBRARY_FAILURE;
    }
    const uint8_t* certHash(
      reinterpret_cast<const uint8_t*>(digest.get().data));
    size_t certHashLen = digest.get().len;
    size_t unused;
    if (!mozilla::BinarySearchIf(WhitelistedCNNICHashes, 0,
                                 ArrayLength(WhitelistedCNNICHashes),
                                 WhitelistedCNNICHashBinarySearchComparator(
                                   certHash, certHashLen),
                                 &unused)) {
      return Result::ERROR_REVOKED_CERTIFICATE;
    }
  }
  Result result = CertListContainsExpectedKeys(certList, mHostname, time,
                                               mPinningMode);
  if (result != Success) {
--- a/security/manager/tools/makeCNNICHashes.js
+++ b/security/manager/tools/makeCNNICHashes.js
@ -0,0 +1,214 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 // How to run this file:
 // 1. [obtain CNNIC-issued certificates to be whitelisted]
 // 2. [obtain firefox source code]
 // 3. [build/obtain firefox binaries]
 // 4. run `[path to]/run-mozilla.sh [path to]/xpcshell makeCNNICHashes.js \
 //                                  [path to]/certlist'
 //    where certlist is a file containing a list of paths to certificates to
 //    be included in the whitelist
 const Cc = Components.classes;
 const Ci = Components.interfaces;
 const Cu = Components.utils;
 let gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
                .getService(Ci.nsIX509CertDB);
 let { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
 const HEADER = "// This Source Code Form is subject to the terms of the Mozilla Public\n" +
 "// License, v. 2.0. If a copy of the MPL was not distributed with this\n" +
 "// file, You can obtain one at http://mozilla.org/MPL/2.0/.\n" +
 "//\n" +
 "//***************************************************************************\n" +
 "// This file was automatically generated by makeCNNICHashes.js. It shouldn't\n" +
 "// need to be manually edited.\n" +
 "//***************************************************************************\n" +
 "\n";
 const PREAMBLE = "#define CNNIC_WHITELIST_HASH_LEN 32\n\n" +
 "struct WhitelistedCNNICHash {\n" +
 " const uint8_t hash[CNNIC_WHITELIST_HASH_LEN];\n" +
 "};\n\n" +
 "static const struct WhitelistedCNNICHash WhitelistedCNNICHashes[] = {\n";
 const POSTAMBLE = "};\n";
 function writeString(fos, string) {
  fos.write(string, string.length);
 }
 // fingerprint is in the form "00:11:22:..."
 function hexSlice(fingerprint, start, end) {
  let hexBytes = fingerprint.split(":");
  let ret = "";
  for (let i = start; i < end; i++) {
    let hex = hexBytes[i];
    ret += "0x" + hex;
    if (i < end - 1) {
      ret += ", ";
    }
  }
  return ret;
 }
 // Write the C++ header file
 function writeHashes(certs, lastValidTime, fos) {
  writeString(fos, HEADER);
  writeString(fos, `// This file may be removed after ${new Date(lastValidTime)}\n\n`);
  writeString(fos, PREAMBLE);
  certs.forEach(function(cert) {
    writeString(fos, "  {\n");
    writeString(fos, "    { " + hexSlice(cert.sha256Fingerprint, 0, 16) + ",\n");
    writeString(fos, "      " + hexSlice(cert.sha256Fingerprint, 16, 32) + " },\n");
    writeString(fos, "  },\n");
  });
  writeString(fos, POSTAMBLE);
 }
 function readFileContents(file) {
  let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
                  .createInstance(Ci.nsIFileInputStream);
  fstream.init(file, -1, 0, 0);
  let data = NetUtil.readInputStreamToString(fstream, fstream.available());
  fstream.close();
  return data;
 }
 function relativePathToFile(path) {
  let currentDirectory = Cc["@mozilla.org/file/directory_service;1"]
                           .getService(Ci.nsIProperties)
                           .get("CurWorkD", Ci.nsILocalFile);
  let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
  file.initWithPath(currentDirectory.path + "/" + path);
  return file;
 }
 function pathToFile(path) {
  let file = relativePathToFile(path);
  if (!file.exists()) {
    // Fall back to trying absolute path
    file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
    file.initWithPath(path);
  }
  return file;
 }
 // punt on dealing with leap-years
 const sixYearsInMilliseconds = 6 * 366 * 24 * 60 * 60 * 1000;
 function loadCertificates(certFile) {
  let nowInMilliseconds = (new Date()).getTime();
  let latestNotAfter = nowInMilliseconds;
  let certs = [];
  let invalidCerts = [];
  let paths = readFileContents(certFile).split("\n");
  for (let path of paths) {
    if (!path) {
      continue;
    }
    let certData = readFileContents(pathToFile(path));
    let cert = null;
    try {
      cert = gCertDB.constructX509FromBase64(certData);
    } catch (e) {}
    if (!cert) {
      cert = gCertDB.constructX509(certData, certData.length);
    }
    let durationMilliseconds = (cert.validity.notAfter - cert.validity.notBefore) / 1000;
    let notAfterMilliseconds = cert.validity.notAfter / 1000;
    // Only consider certificates that haven't expired and have a validity
    // period shorter than 6 years (there is a delegated OCSP responder
    // certificate with a validity period of 6 years that should be on the
    // whitelist).
    if (notAfterMilliseconds > nowInMilliseconds &&
        durationMilliseconds < sixYearsInMilliseconds) {
      certs.push(cert);
      if (notAfterMilliseconds > latestNotAfter) {
        latestNotAfter = notAfterMilliseconds;
      }
    }
    if (durationMilliseconds >= sixYearsInMilliseconds) {
      invalidCerts.push(cert);
    }
  }
  return { certs: certs,
           lastValidTime: latestNotAfter,
           invalidCerts: invalidCerts };
 }
 // Expects something like "00:11:22:...", returns a string of bytes.
 function hexToBinaryString(hexString) {
  let hexBytes = hexString.split(":");
  let result = "";
  for (let hexByte of hexBytes) {
    result += String.fromCharCode(parseInt(hexByte, 16));
  }
  return result;
 }
 function compareCertificatesByHash(certA, certB) {
  let aBin = hexToBinaryString(certA.sha256Fingerprint);
  let bBin = hexToBinaryString(certB.sha256Fingerprint);
  if (aBin < bBin) {
     return -1;
  }
  if (aBin > bBin) {
     return 1;
  }
 return 0;
 }
 function certToPEM(cert) {
  let der = cert.getRawDER({});
  let derString = '';
  for (let i = 0; i < der.length; i++) {
    derString += String.fromCharCode(der[i]);
  }
  let base64Lines = btoa(derString).replace(/(.{64})/g, "$1\n");
  let output = "-----BEGIN CERTIFICATE-----\n";
  for (let line of base64Lines.split("\n")) {
    if (line.length > 0) {
      output += line + "\n";
    }
  }
  output += "-----END CERTIFICATE-----";
  return output;
 }
 ///////////////////////////////////////////////////////////////////////////////
 ///////////////////////////////////////////////////////////////////////////////
 ///////////////////////////////////////////////////////////////////////////////
 if (arguments.length != 1) {
  throw "Usage: makeCNNICHashes.js <path to list of certificates>";
 }
 let certFile = pathToFile(arguments[0]);
 let { certs, lastValidTime, invalidCerts } = loadCertificates(certFile);
 dump("The following certificates were not included due to overlong validity periods:\n");
 for (let cert of invalidCerts) {
  dump(certToPEM(cert) + "\n");
 }
 // Sort the key hashes to allow for binary search.
 certs.sort(compareCertificatesByHash);
 // Write the output file.
 let outFile = relativePathToFile("CNNICHashWhitelist.inc");
 if (!outFile.exists()) {
  outFile.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0644);
 }
 let outStream = Cc["@mozilla.org/network/file-output-stream;1"]
                  .createInstance(Ci.nsIFileOutputStream);
 outStream.init(outFile, -1, 0, 0);
 writeHashes(certs, lastValidTime, outStream);
 outStream.close();