[apple/security.git] / SecurityTests / clxutils / NISCC / TLS_SSL / certDecode / certDecode.cpp

/*
 * Attempt to decode either one file, or every file in cwd,
 * as a cert. Used to study vulnerability to NISCC cert DOS attacks. 
 */
#include <Security/SecAsn1Coder.h>
#include <Security/X509Templates.h>
#include <security_cdsa_utils/cuFileIo.h>
#include <sys/types.h>
#include <dirent.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>

static void usage(char **argv)
{
	printf("usage: %s [-l(oop))] [certFile]\n", argv[0]);
	exit(1);
}

/*
 * Known file names to NOT parse
 */
static const char *skipTheseFiles[] = 
{
	/* standard entries */
	".",
	"..",
	"CVS",
	".cvsignore",
	/* the certs we know crash */
	#if 0
	"00000668",
	"00000681",
	"00001980",
	"00002040",
	"00002892",
	"00007472",
	"00008064",
	"00008656",
	"00009840",
	"00010432",
	"00011614",	// trouble somewhere in this neighborhood
	"00011615",
	"00011616",
	#endif
	NULL
};

/* returns false if specified fileName is in skipTheseFiles[] */
static bool shouldWeParse(
	const char *fileName)		// C string
{
	for(const char **stf=skipTheseFiles; *stf!=NULL; stf++) { 
		const char *tf = *stf;
		if(!strcmp(fileName, *stf)) {
			return false;
		}
	}
	return true;
}

/* 
 * Just try to decode - if SecAsn1Decode returns, good 'nuff.
 * Returns true if it does (i.e. ignore decode error; we're trying
 * to detect a crash when the decoder should return an error).
 */
bool decodeCert(
	const void *certData, 
	size_t certDataLen)
{
	SecAsn1CoderRef coder = NULL;
	NSS_Certificate nssCert;
	NSS_SignedCertOrCRL certOrCrl;
	
	SecAsn1CoderCreate(&coder);
	
	/* first the full decode */
	memset(&nssCert, 0, sizeof(nssCert));
	SecAsn1Decode(coder, certData, certDataLen,	kSecAsn1SignedCertTemplate, &nssCert);

	/* now the "just TBS and sig" decode - this is actually harder
	 * due to nested SEC_ASN1_SAVE ops */
	memset(&certOrCrl, 0, sizeof(NSS_SignedCertOrCRL));
	SecAsn1Decode(coder, certData, certDataLen,	kSecAsn1SignedCertOrCRLTemplate, &certOrCrl);

	SecAsn1CoderRelease(coder);
	return true;
}

int main(int argc, char **argv)
{
	bool quiet = false;
	unsigned char *certData;
	unsigned certDataLen;
	bool loop = false;
	int filearg = 1;
	
	if(argc > 3 ) {
		usage(argv);
	}
	if((argc > 1) && (argv[1][0] == '-')) {
		switch(argv[1][1]) {
			case 'l':
				loop = true;
				break;
			default:
				usage(argv);
		}
		filearg++;
		argc--;
	}
	if(argc == 2) {
		/* read & parse one file */
		char *oneFile = argv[filearg];
		if(readFile(oneFile, &certData, &certDataLen)) {
			printf("\n***Error reading file %s. Aborting.\n", oneFile);
			exit(1);
		}
		do {
			if(!quiet) {
				printf("...%s", oneFile);
				fflush(stdout);
			}
			if(!decodeCert(certData, certDataLen)) {
				printf("\n***GOT AN EXCEPTION ON %s\n", oneFile);
				exit(1);
			}
		} while(loop);
		free(certData);
		exit(0);
	}
	DIR *dir = opendir(".");
	if(dir == NULL) {
		printf("Huh? Can't open . as a directory.\n");
		exit(1);
	}
	struct dirent *de = readdir(dir);
	while(de != NULL) {
		char filename[MAXNAMLEN + 1];
		memmove(filename, de->d_name, de->d_namlen);
		filename[de->d_namlen] = '\0';
		if(shouldWeParse(filename)) {
			if(!quiet) {
				printf("...%s", filename);
				fflush(stdout);
			}
			if(readFile(filename, &certData, &certDataLen)) {
				printf("\n***Error reading file %s. Aborting.\n", filename);
				exit(1);
			}
			if(!decodeCert(certData, certDataLen)) {
				printf("\n***GOT AN EXCEPTION ON %s\n", filename);
				exit(1);
			}
			free(certData);
		}
		de = readdir(dir);
	}	
	closedir(dir);
	printf("\ncertDecode did not crash.\n");
	return 0;
}
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Attempt to decode either one file, or every file in cwd,
	3	* as a cert. Used to study vulnerability to NISCC cert DOS attacks.
	4	*/
	5	#include <Security/SecAsn1Coder.h>
	6	#include <Security/X509Templates.h>
	7	#include <security_cdsa_utils/cuFileIo.h>
	8	#include <sys/types.h>
	9	#include <dirent.h>
	10	#include <stdio.h>
	11	#include <stdlib.h>
	12	#include <strings.h>
	13
	14	static void usage(char **argv)
	15	{
	16	printf("usage: %s [-l(oop))] [certFile]\n", argv[0]);
	17	exit(1);
	18	}
	19
	20	/*
	21	* Known file names to NOT parse
	22	*/
	23	static const char *skipTheseFiles[] =
	24	{
	25	/* standard entries */
	26	".",
	27	"..",
	28	"CVS",
	29	".cvsignore",
	30	/* the certs we know crash */
	31	#if 0
	32	"00000668",
	33	"00000681",
	34	"00001980",
	35	"00002040",
	36	"00002892",
	37	"00007472",
	38	"00008064",
	39	"00008656",
	40	"00009840",
	41	"00010432",
	42	"00011614", // trouble somewhere in this neighborhood
	43	"00011615",
	44	"00011616",
	45	#endif
	46	NULL
	47	};
	48
	49	/* returns false if specified fileName is in skipTheseFiles[] */
	50	static bool shouldWeParse(
	51	const char *fileName) // C string
	52	{
	53	for(const char *stf=skipTheseFiles; stf!=NULL; stf++) {
	54	const char tf = stf;
	55	if(!strcmp(fileName, *stf)) {
	56	return false;
	57	}
	58	}
	59	return true;
	60	}
	61
	62	/*
	63	* Just try to decode - if SecAsn1Decode returns, good 'nuff.
	64	* Returns true if it does (i.e. ignore decode error; we're trying
65	* to detect a crash when the decoder should return an error).
66	*/
67	bool decodeCert(
68	const void *certData,
69	size_t certDataLen)
70	{
71	SecAsn1CoderRef coder = NULL;
72	NSS_Certificate nssCert;
73	NSS_SignedCertOrCRL certOrCrl;
74
75	SecAsn1CoderCreate(&coder);
76
77	/* first the full decode */
78	memset(&nssCert, 0, sizeof(nssCert));
79	SecAsn1Decode(coder, certData, certDataLen, kSecAsn1SignedCertTemplate, &nssCert);
80
81	/* now the "just TBS and sig" decode - this is actually harder
82	* due to nested SEC_ASN1_SAVE ops */
83	memset(&certOrCrl, 0, sizeof(NSS_SignedCertOrCRL));
84	SecAsn1Decode(coder, certData, certDataLen, kSecAsn1SignedCertOrCRLTemplate, &certOrCrl);
85
86	SecAsn1CoderRelease(coder);
87	return true;
88	}
89
90	int main(int argc, char **argv)
91	{
92	bool quiet = false;
93	unsigned char *certData;
94	unsigned certDataLen;
95	bool loop = false;
96	int filearg = 1;
97
98	if(argc > 3 ) {
99	usage(argv);
100	}
101	if((argc > 1) && (argv[1][0] == '-')) {
102	switch(argv[1][1]) {
103	case 'l':
104	loop = true;
105	break;
106	default:
107	usage(argv);
108	}
109	filearg++;
110	argc--;
111	}
112	if(argc == 2) {
113	/* read & parse one file */
114	char *oneFile = argv[filearg];
115	if(readFile(oneFile, &certData, &certDataLen)) {
116	printf("\n***Error reading file %s. Aborting.\n", oneFile);
117	exit(1);
118	}
119	do {
120	if(!quiet) {
121	printf("...%s", oneFile);
122	fflush(stdout);
123	}
124	if(!decodeCert(certData, certDataLen)) {
125	printf("\n***GOT AN EXCEPTION ON %s\n", oneFile);
126	exit(1);
127	}
128	} while(loop);
129	free(certData);
130	exit(0);
131	}
132	DIR *dir = opendir(".");
133	if(dir == NULL) {
134	printf("Huh? Can't open . as a directory.\n");
135	exit(1);
136	}
137	struct dirent *de = readdir(dir);
138	while(de != NULL) {
139	char filename[MAXNAMLEN + 1];
140	memmove(filename, de->d_name, de->d_namlen);
141	filename[de->d_namlen] = '\0';
142	if(shouldWeParse(filename)) {
143	if(!quiet) {
144	printf("...%s", filename);
145	fflush(stdout);
146	}
147	if(readFile(filename, &certData, &certDataLen)) {
148	printf("\n***Error reading file %s. Aborting.\n", filename);
149	exit(1);
150	}
151	if(!decodeCert(certData, certDataLen)) {
152	printf("\n***GOT AN EXCEPTION ON %s\n", filename);
153	exit(1);
154	}
155	free(certData);
156	}
157	de = readdir(dir);
158	}
159	closedir(dir);
160	printf("\ncertDecode did not crash.\n");
161	return 0;
162	}
163