Bug 921891, Part 1: Add insanity::pkix::Result and insanity::pkix::TrustDomain, r=keeler, r=cviecco

--HG-- extra : rebase_source : 2157dbe076e0f50d7c618964804fd17d7e735904 extra : source : 682de9276170560ac62d5bc5ffbe5b707060321b
2024-09-13 09:24:08 -07:00 · 2013-10-13 23:38:49 -07:00 · 2013-10-13 23:38:49 -07:00 · da7f929c3d
commit da7f929c3d
parent 6d9cce8656
2 changed files with 139 additions and 13 deletions
--- a/security/insanity/include/insanity/pkixtypes.h
+++ b/security/insanity/include/insanity/pkixtypes.h
@ -1,18 +1,18 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* Copyright 2012 Mozilla Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+/* Copyright 2012 Mozilla Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
 */

 #ifndef insanity_pkix__pkixtypes_h
@ -33,6 +33,60 @@ typedef ScopedPtr<CERTCertList, CERT_DestroyCertList> ScopedCERTCertList;
 typedef ScopedPtr<SECKEYPublicKey, SECKEY_DestroyPublicKey>
        ScopedSECKEYPublicKey;

+typedef unsigned int KeyUsages;
+
+enum EndEntityOrCA { MustBeEndEntity, MustBeCA };
+
+// Applications control the behavior of path building and verification by
+// implementing the TrustDomain interface. The TrustDomain is used for all
+// cryptography and for determining which certificates are trusted or
+// distrusted.
+class TrustDomain
+{
+public:
+  virtual ~TrustDomain() { }
+
+  enum TrustLevel {
+    TrustAnchor = 1,        // certificate is a trusted root CA certificate or
+                            // equivalent
+    ActivelyDistrusted = 2, // certificate is known to be bad
+    InheritsTrust = 3       // certificate must chain to a trust anchor
+  };
+
+  // Determine the level of trust in the given certificate for the given role.
+  // This will be called for every certificate encountered during path
+  // building.
+  virtual SECStatus GetCertTrust(EndEntityOrCA endEntityOrCA,
+                                 const CERTCertificate* candidateCert,
+                         /*out*/ TrustLevel* trustLevel) = 0;
+
+  // Find all certificates (intermediate and/or root) in the certificate
+  // database that have a subject name matching |encodedIssuerName| at
+  // the given time. Certificates where the given time is not within the
+  // certificate's validity period may be excluded. The results should be
+  // added to the |results| certificate list.
+  virtual SECStatus FindPotentialIssuers(const SECItem* encodedIssuerName,
+                                         PRTime time,
+                                 /*out*/ ScopedCERTCertList& results) = 0;
+
+  // Verify the given signature using the public key of the given certificate.
+  // The implementation should be careful to ensure that the given certificate
+  // has all the public key information needed--i.e. it should ensure that the
+  // certificate is not trying to use EC(DSA) parameter inheritance.
+  //
+  // Most implementations of this function should probably forward the call
+  // directly to insanity::pkix::VerifySignedData.
+  virtual SECStatus VerifySignedData(const CERTSignedData* signedData,
+                                     const CERTCertificate* cert) = 0;
+
+protected:
+  TrustDomain() { }
+
+private:
+  TrustDomain(const TrustDomain&) /* = delete */;
+  void operator=(const TrustDomain&) /* = delete */;
+};
+
 } } // namespace insanity::pkix

 #endif // insanity_pkix__pkixtypes_h
--- a/security/insanity/lib/pkixutil.h
+++ b/security/insanity/lib/pkixutil.h
@ -0,0 +1,72 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Copyright 2013 Mozilla Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef insanity_pkix__pkixutil_h
+#define insanity_pkix__pkixutil_h
+
+#include "insanity/pkixtypes.h"
+#include "prerror.h"
+#include "seccomon.h"
+#include "secerr.h"
+
+namespace insanity { namespace pkix {
+
+enum Result
+{
+  Success = 0,
+  FatalError = -1,      // An error was encountered that caused path building
+                        // to stop immediately. example: out-of-memory.
+  RecoverableError = -2 // an error that will cause path building to continue
+                        // searching for alternative paths. example: expired
+                        // certificate.
+};
+
+// When returning errors, use this function instead of calling PR_SetError
+// directly. This helps ensure that we always call PR_SetError when we return
+// an error code. This is a useful place to set a breakpoint when a debugging
+// a certificate verification failure.
+inline Result
+Fail(Result result, PRErrorCode errorCode)
+{
+  PR_ASSERT(result != Success);
+  PR_SetError(errorCode, 0);
+  return result;
+}
+
+inline Result
+MapSECStatus(SECStatus srv)
+{
+  if (srv == SECSuccess) {
+    return Success;
+  }
+
+  PRErrorCode error = PORT_GetError();
+  switch (error) {
+    case SEC_ERROR_EXTENSION_NOT_FOUND:
+      return RecoverableError;
+
+    case SEC_ERROR_LIBRARY_FAILURE:
+    case SEC_ERROR_NO_MEMORY:
+      return FatalError;
+  }
+
+  // TODO: PORT_Assert(false); // we haven't classified the error yet
+  return RecoverableError;
+}
+} } // namespace insanity::pkix
+
+#endif // insanity_pkix__pkixutil_h