1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include "src/core/tsi/transport_security.h"
20 
21 #include <string.h>
22 
23 #include <grpc/support/alloc.h>
24 #include <grpc/support/log.h>
25 #include <grpc/support/string_util.h>
26 
27 #include <openssl/crypto.h>
28 
29 #include "src/core/lib/gpr/string.h"
30 #include "src/core/lib/gpr/useful.h"
31 #include "src/core/tsi/fake_transport_security.h"
32 #include "src/core/tsi/ssl_transport_security.h"
33 #include "test/core/util/test_config.h"
34 
35 typedef struct {
36   /* 1 if success, 0 if failure. */
37   int expected;
38 
39   /* Host name to match. */
40   const char* host_name;
41 
42   /* Common name (CN). */
43   const char* common_name;
44 
45   /* Comma separated list of certificate names to match against. Any occurrence
46      of '#' will be replaced with a null character before processing. */
47   const char* dns_names;
48 
49   /* Comma separated list of IP SANs to match aggainst */
50   const char* ip_names;
51 } cert_name_test_entry;
52 
53 /* Largely inspired from:
54    chromium/src/net/cert/x509_certificate_unittest.cc.
55    TODO(jboeuf) uncomment test cases as we fix tsi_ssl_peer_matches_name. */
56 const cert_name_test_entry cert_name_test_entries[] = {
57     {1, "foo.com", "foo.com", nullptr, nullptr},
58     {1, "f", "f", nullptr, nullptr},
59     {0, "h", "i", nullptr, nullptr},
60     {1, "bar.foo.com", "*.foo.com", nullptr, nullptr},
61     {1, "www.test.fr", "common.name",
62      "*.test.com,*.test.co.uk,*.test.de,*.test.fr", nullptr},
63     /*
64        {1, "wwW.tESt.fr", "common.name", ",*.*,*.test.de,*.test.FR,www"},
65      */
66     {0, "f.uk", ".uk", nullptr, nullptr},
67     {0, "w.bar.foo.com", "?.bar.foo.com", nullptr, nullptr},
68     {0, "www.foo.com", "(www|ftp).foo.com", nullptr, nullptr},
69     {0, "www.foo.com", "www.foo.com#", nullptr, nullptr}, /* # = null char. */
70     {0, "www.foo.com", "", "www.foo.com#*.foo.com,#,#", nullptr},
71     {0, "www.house.example", "ww.house.example", nullptr, nullptr},
72     {0, "test.org", "", "www.test.org,*.test.org,*.org", nullptr},
73     {0, "w.bar.foo.com", "w*.bar.foo.com", nullptr, nullptr},
74     {0, "www.bar.foo.com", "ww*ww.bar.foo.com", nullptr, nullptr},
75     {0, "wwww.bar.foo.com", "ww*ww.bar.foo.com", nullptr, nullptr},
76     {0, "wwww.bar.foo.com", "w*w.bar.foo.com", nullptr, nullptr},
77     {0, "wwww.bar.foo.com", "w*w.bar.foo.c0m", nullptr, nullptr},
78     {0, "WALLY.bar.foo.com", "wa*.bar.foo.com", nullptr, nullptr},
79     {0, "wally.bar.foo.com", "*Ly.bar.foo.com", nullptr, nullptr},
80     /*
81        {1, "ww%57.foo.com", "", "www.foo.com"},
82        {1, "www&.foo.com", "www%26.foo.com", NULL},
83      */
84 
85     /* Common name must not be used if subject alternative name was provided. */
86     {0, "www.test.co.jp", "www.test.co.jp",
87      "*.test.de,*.jp,www.test.co.uk,www.*.co.jp", nullptr},
88     {0, "www.bar.foo.com", "www.bar.foo.com",
89      "*.foo.com,*.*.foo.com,*.*.bar.foo.com,*..bar.foo.com,", nullptr},
90 
91     /* IDN tests */
92     {1, "xn--poema-9qae5a.com.br", "xn--poema-9qae5a.com.br", nullptr, nullptr},
93     {1, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br", nullptr,
94      nullptr},
95     {0, "xn--poema-9qae5a.com.br", "",
96      "*.xn--poema-9qae5a.com.br,"
97      "xn--poema-*.com.br,"
98      "xn--*-9qae5a.com.br,"
99      "*--poema-9qae5a.com.br",
100      nullptr},
101 
102     /* The following are adapted from the  examples quoted from
103        http://tools.ietf.org/html/rfc6125#section-6.4.3
104        (e.g., *.example.com would match foo.example.com but
105        not bar.foo.example.com or example.com). */
106     {1, "foo.example.com", "*.example.com", nullptr, nullptr},
107     {0, "bar.foo.example.com", "*.example.com", nullptr, nullptr},
108     {0, "example.com", "*.example.com", nullptr, nullptr},
109 
110     /* Partial wildcards are disallowed, though RFC 2818 rules allow them.
111        That is, forms such as baz*.example.net, *baz.example.net, and
112        b*z.example.net should NOT match domains. Instead, the wildcard must
113        always be the left-most label, and only a single label. */
114     {0, "baz1.example.net", "baz*.example.net", nullptr, nullptr},
115     {0, "foobaz.example.net", "*baz.example.net", nullptr, nullptr},
116     {0, "buzz.example.net", "b*z.example.net", nullptr, nullptr},
117     {0, "www.test.example.net", "www.*.example.net", nullptr, nullptr},
118 
119     /* Wildcards should not be valid for public registry controlled domains,
120        and unknown/unrecognized domains, at least three domain components must
121        be present. */
122     {1, "www.test.example", "*.test.example", nullptr, nullptr},
123     {1, "test.example.co.uk", "*.example.co.uk", nullptr, nullptr},
124     {0, "test.example", "*.example", nullptr, nullptr},
125     /*
126        {0, "example.co.uk", "*.co.uk", NULL},
127      */
128     {0, "foo.com", "*.com", nullptr, nullptr},
129     {0, "foo.us", "*.us", nullptr, nullptr},
130     {0, "foo", "*", nullptr, nullptr},
131 
132     /* IDN variants of wildcards and registry controlled domains. */
133     {1, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br", nullptr,
134      nullptr},
135     {1, "test.example.xn--mgbaam7a8h", "*.example.xn--mgbaam7a8h", nullptr,
136      nullptr},
137     /*
138        {0, "xn--poema-9qae5a.com.br", "*.com.br", NULL},
139      */
140     {0, "example.xn--mgbaam7a8h", "*.xn--mgbaam7a8h", nullptr, nullptr},
141 
142     /* Wildcards should be permissible for 'private' registry controlled
143        domains. */
144     {1, "www.appspot.com", "*.appspot.com", nullptr, nullptr},
145     {1, "foo.s3.amazonaws.com", "*.s3.amazonaws.com", nullptr, nullptr},
146 
147     /* Multiple wildcards are not valid. */
148     {0, "foo.example.com", "*.*.com", nullptr, nullptr},
149     {0, "foo.bar.example.com", "*.bar.*.com", nullptr, nullptr},
150 
151     /* Absolute vs relative DNS name tests. Although not explicitly specified
152        in RFC 6125, absolute reference names (those ending in a .) should
153        match either absolute or relative presented names. */
154     {1, "foo.com", "foo.com.", nullptr, nullptr},
155     {1, "foo.com.", "foo.com", nullptr, nullptr},
156     {1, "foo.com.", "foo.com.", nullptr, nullptr},
157     {1, "f", "f.", nullptr, nullptr},
158     {1, "f.", "f", nullptr, nullptr},
159     {1, "f.", "f.", nullptr, nullptr},
160     {1, "www-3.bar.foo.com", "*.bar.foo.com.", nullptr, nullptr},
161     {1, "www-3.bar.foo.com.", "*.bar.foo.com", nullptr, nullptr},
162     {1, "www-3.bar.foo.com.", "*.bar.foo.com.", nullptr, nullptr},
163     {0, ".", ".", nullptr, nullptr},
164     {0, "example.com", "*.com.", nullptr, nullptr},
165     {0, "example.com.", "*.com", nullptr, nullptr},
166     {0, "example.com.", "*.com.", nullptr, nullptr},
167     {0, "foo.", "*.", nullptr, nullptr},
168     {0, "foo", "*.", nullptr, nullptr},
169     /*
170        {0, "foo.co.uk", "*.co.uk.", NULL},
171        {0, "foo.co.uk.", "*.co.uk.", NULL},
172      */
173 
174     /* An empty CN is OK. */
175     {1, "test.foo.com", "", "test.foo.com", nullptr},
176 
177     /* An IP should not be used for the CN. */
178     {0, "173.194.195.139", "173.194.195.139", nullptr, nullptr},
179     /* An IP can be used if the SAN IP is present */
180     {1, "173.194.195.139", "foo.example.com", nullptr, "173.194.195.139"},
181     {0, "173.194.195.139", "foo.example.com", nullptr, "8.8.8.8"},
182     {0, "173.194.195.139", "foo.example.com", nullptr, "8.8.8.8,8.8.4.4"},
183     {1, "173.194.195.139", "foo.example.com", nullptr,
184      "8.8.8.8,173.194.195.139"},
185     {0, "173.194.195.139", "foo.example.com", nullptr, "173.194.195.13"},
186     {0, "2001:db8:a0b:12f0::1", "foo.example.com", nullptr, "173.194.195.13"},
187     {1, "2001:db8:a0b:12f0::1", "foo.example.com", nullptr,
188      "2001:db8:a0b:12f0::1"},
189     {0, "2001:db8:a0b:12f0::1", "foo.example.com", nullptr,
190      "2001:db8:a0b:12f0::2"},
191     {1, "2001:db8:a0b:12f0::1", "foo.example.com", nullptr,
192      "2001:db8:a0b:12f0::2,2001:db8:a0b:12f0::1,8.8.8.8"},
193 };
194 
195 typedef struct name_list {
196   const char* name;
197   struct name_list* next;
198 } name_list;
199 
200 typedef struct {
201   size_t name_count;
202   char* buffer;
203   name_list* names;
204 } parsed_names;
205 
name_list_add(const char * n)206 name_list* name_list_add(const char* n) {
207   name_list* result = static_cast<name_list*>(gpr_malloc(sizeof(name_list)));
208   result->name = n;
209   result->next = nullptr;
210   return result;
211 }
212 
parse_names(const char * names_str)213 static parsed_names parse_names(const char* names_str) {
214   parsed_names result;
215   name_list* current_nl;
216   size_t i;
217   memset(&result, 0, sizeof(parsed_names));
218   if (names_str == nullptr) return result;
219   result.name_count = 1;
220   result.buffer = gpr_strdup(names_str);
221   result.names = name_list_add(result.buffer);
222   current_nl = result.names;
223   for (i = 0; i < strlen(names_str); i++) {
224     if (names_str[i] == ',') {
225       result.buffer[i] = '\0';
226       result.name_count++;
227       i++;
228       current_nl->next = name_list_add(result.buffer + i);
229       current_nl = current_nl->next;
230     }
231   }
232   return result;
233 }
234 
destruct_parsed_names(parsed_names * pdn)235 static void destruct_parsed_names(parsed_names* pdn) {
236   name_list* nl = pdn->names;
237   if (pdn->buffer != nullptr) gpr_free(pdn->buffer);
238   while (nl != nullptr) {
239     name_list* to_be_free = nl;
240     nl = nl->next;
241     gpr_free(to_be_free);
242   }
243 }
244 
processed_name(const char * name)245 static char* processed_name(const char* name) {
246   char* result = gpr_strdup(name);
247   size_t i;
248   for (i = 0; i < strlen(result); i++) {
249     if (result[i] == '#') {
250       result[i] = '\0';
251     }
252   }
253   return result;
254 }
255 
peer_from_cert_name_test_entry(const cert_name_test_entry * entry)256 static tsi_peer peer_from_cert_name_test_entry(
257     const cert_name_test_entry* entry) {
258   size_t i;
259   tsi_peer peer;
260   name_list* nl;
261   parsed_names dns_entries = parse_names(entry->dns_names);
262   parsed_names ip_entries = parse_names(entry->ip_names);
263   nl = dns_entries.names;
264   GPR_ASSERT(tsi_construct_peer(
265                  1 + dns_entries.name_count + ip_entries.name_count, &peer) ==
266              TSI_OK);
267   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
268                  TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, entry->common_name,
269                  &peer.properties[0]) == TSI_OK);
270   i = 1;
271   while (nl != nullptr) {
272     char* processed = processed_name(nl->name);
273     GPR_ASSERT(tsi_construct_string_peer_property(
274                    TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, processed,
275                    strlen(nl->name), &peer.properties[i++]) == TSI_OK);
276     nl = nl->next;
277     gpr_free(processed);
278   }
279 
280   nl = ip_entries.names;
281   while (nl != nullptr) {
282     char* processed = processed_name(nl->name);
283     GPR_ASSERT(tsi_construct_string_peer_property(
284                    TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, processed,
285                    strlen(nl->name), &peer.properties[i++]) == TSI_OK);
286     nl = nl->next;
287     gpr_free(processed);
288   }
289   destruct_parsed_names(&dns_entries);
290   destruct_parsed_names(&ip_entries);
291   return peer;
292 }
293 
cert_name_test_entry_to_string(const cert_name_test_entry * entry)294 char* cert_name_test_entry_to_string(const cert_name_test_entry* entry) {
295   char* s;
296   gpr_asprintf(&s,
297                "{ success = %s, host_name = %s, common_name = %s, dns_names = "
298                "%s, ip_names = %s}",
299                entry->expected ? "true" : "false", entry->host_name,
300                entry->common_name,
301                entry->dns_names != nullptr ? entry->dns_names : "",
302                entry->ip_names != nullptr ? entry->ip_names : "");
303   return s;
304 }
305 
test_peer_matches_name(void)306 static void test_peer_matches_name(void) {
307   size_t i = 0;
308   for (i = 0; i < GPR_ARRAY_SIZE(cert_name_test_entries); i++) {
309     const cert_name_test_entry* entry = &cert_name_test_entries[i];
310     tsi_peer peer = peer_from_cert_name_test_entry(entry);
311     int result = tsi_ssl_peer_matches_name(&peer, entry->host_name);
312     if (result != entry->expected) {
313       char* entry_str = cert_name_test_entry_to_string(entry);
314       gpr_log(GPR_ERROR, "%s", entry_str);
315       gpr_free(entry_str);
316       GPR_ASSERT(0); /* Unexpected result. */
317     }
318     tsi_peer_destruct(&peer);
319   }
320 }
321 
322 typedef struct {
323   tsi_result res;
324   const char* str;
325 } tsi_result_string_pair;
326 
test_result_strings(void)327 static void test_result_strings(void) {
328   const tsi_result_string_pair results[] = {
329       {TSI_OK, "TSI_OK"},
330       {TSI_UNKNOWN_ERROR, "TSI_UNKNOWN_ERROR"},
331       {TSI_INVALID_ARGUMENT, "TSI_INVALID_ARGUMENT"},
332       {TSI_PERMISSION_DENIED, "TSI_PERMISSION_DENIED"},
333       {TSI_INCOMPLETE_DATA, "TSI_INCOMPLETE_DATA"},
334       {TSI_FAILED_PRECONDITION, "TSI_FAILED_PRECONDITION"},
335       {TSI_UNIMPLEMENTED, "TSI_UNIMPLEMENTED"},
336       {TSI_INTERNAL_ERROR, "TSI_INTERNAL_ERROR"},
337       {TSI_DATA_CORRUPTED, "TSI_DATA_CORRUPTED"},
338       {TSI_NOT_FOUND, "TSI_NOT_FOUND"},
339       {TSI_PROTOCOL_FAILURE, "TSI_PROTOCOL_FAILURE"},
340       {TSI_HANDSHAKE_IN_PROGRESS, "TSI_HANDSHAKE_IN_PROGRESS"},
341       {TSI_OUT_OF_RESOURCES, "TSI_OUT_OF_RESOURCES"}};
342   size_t i;
343   for (i = 0; i < GPR_ARRAY_SIZE(results); i++) {
344     GPR_ASSERT(strcmp(results[i].str, tsi_result_to_string(results[i].res)) ==
345                0);
346   }
347   GPR_ASSERT(strcmp("UNKNOWN", tsi_result_to_string((tsi_result)42)) == 0);
348 }
349 
test_protector_invalid_args(void)350 static void test_protector_invalid_args(void) {
351   GPR_ASSERT(tsi_frame_protector_protect(nullptr, nullptr, nullptr, nullptr,
352                                          nullptr) == TSI_INVALID_ARGUMENT);
353   GPR_ASSERT(tsi_frame_protector_protect_flush(
354                  nullptr, nullptr, nullptr, nullptr) == TSI_INVALID_ARGUMENT);
355   GPR_ASSERT(tsi_frame_protector_unprotect(nullptr, nullptr, nullptr, nullptr,
356                                            nullptr) == TSI_INVALID_ARGUMENT);
357 }
358 
test_handshaker_invalid_args(void)359 static void test_handshaker_invalid_args(void) {
360   GPR_ASSERT(tsi_handshaker_get_result(nullptr) == TSI_INVALID_ARGUMENT);
361   GPR_ASSERT(tsi_handshaker_extract_peer(nullptr, nullptr) ==
362              TSI_INVALID_ARGUMENT);
363   GPR_ASSERT(tsi_handshaker_create_frame_protector(nullptr, nullptr, nullptr) ==
364              TSI_INVALID_ARGUMENT);
365   GPR_ASSERT(tsi_handshaker_process_bytes_from_peer(
366                  nullptr, nullptr, nullptr) == TSI_INVALID_ARGUMENT);
367   GPR_ASSERT(tsi_handshaker_get_bytes_to_send_to_peer(
368                  nullptr, nullptr, nullptr) == TSI_INVALID_ARGUMENT);
369   GPR_ASSERT(tsi_handshaker_next(nullptr, nullptr, 0, nullptr, nullptr, nullptr,
370                                  nullptr, nullptr) == TSI_INVALID_ARGUMENT);
371 }
372 
test_handshaker_invalid_state(void)373 static void test_handshaker_invalid_state(void) {
374   tsi_handshaker* h = tsi_create_fake_handshaker(0);
375   tsi_peer peer;
376   tsi_frame_protector* p;
377   GPR_ASSERT(tsi_handshaker_extract_peer(h, &peer) == TSI_FAILED_PRECONDITION);
378   GPR_ASSERT(tsi_handshaker_create_frame_protector(h, nullptr, &p) ==
379              TSI_FAILED_PRECONDITION);
380   tsi_handshaker_destroy(h);
381 }
382 
main(int argc,char ** argv)383 int main(int argc, char** argv) {
384   grpc_test_init(argc, argv);
385   test_peer_matches_name();
386   test_result_strings();
387   test_protector_invalid_args();
388   test_handshaker_invalid_args();
389   test_handshaker_invalid_state();
390   return 0;
391 }
392