]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/NISCC/TLS_SSL/dmitchNotes
Security-57031.10.10.tar.gz
[apple/security.git] / SecurityTests / clxutils / NISCC / TLS_SSL / dmitchNotes
1 testing the NISCC test cases
2
3 -- testing client certs, use good server cert --------
4
5 1. Set up server KC
6
7 % rm -f ~/Library/Keychains/nisccServer
8 % certtool i server_crt.pem k=nisccServer r=server_key.pem c
9
10 2. Run server (from testcases dir)
11
12 % sslServer l k=nisccServer P=1300 a rootca.crt u=t
13
14 -- not u=t --> try auth
15
16 3. Run client no auth
17
18 % sv localhost P=1300 H a rootca.crt
19
20 -- note 'H' - disable host name verify since server common name =
21 "Simple Server"
22
23 4. Set up client keychain
24
25 % rm -f ~/Library/Keychains/nisccClient
26 % certtool i client_crt.pem k=nisccClient r=client_key.pem c
27
28 5. Run client w/auth
29
30 % sv localhost P=1300 H a rootca.crt k=nisccClient
31
32 6. Bad client
33
34 # just once
35 % pemtool d client_key.pem client_key.der
36 #
37 % rm -f ~/Library/Keychains/nisccClient
38 % certtool i simple_client/00035377 k=nisccClient r=client_key.der c
39 % sv localhost P=1300 H k=nisccClient x
40
41 ...note 'x' avoids client checking its own bogus cert, and we don't have to specify
42 an anchor
43
44 result on client side = errSSLPeerCertUnknown
45 clientCertState = ClientCertRejected
46
47 result on server side = errSSLXCertChainInvalid
48 clientCertState = ClientCertRejected
49
50 7. Mods needed to uses these certs
51
52 -- modified dbTool to allow importing a bad cert (via DL/DB, not Sec*)
53 -- wrote simple client app, clxutils/NISCC/TLS_SSL/nisccSimpleClient
54
55 -- also SecureTransport needs the following mod to ignore bad certs on client side
56
57 ===================================================================
58 RCS file: /cvs/root/Security/SecureTransport/sslKeychain.cpp,v
59 retrieving revision 1.5
60 diff -u -r1.5 sslKeychain.cpp
61 --- sslKeychain.cpp 2003/04/25 19:40:18 1.5
62 +++ sslKeychain.cpp 2003/11/10 21:20:14
63 @@ -174,6 +174,11 @@
64 /* FIXME = release keyRef? */
65
66 /* obtain public key from cert */
67 + /*
68 + * FIXME : THIS IS TOTALLY UNNECESSARY WHEN PARSING OUR OWN CERTS, except
69 + * for the "separate signing and encryptionj certs" case. For now, to
70 + * facilitate NISCC testing, we ignore errors here.
71 + */
72 ortn = SecCertificateGetCLHandle(certRef, &clHand);
73 if(ortn) {
74 sslErrorLog("parseIncomingCerts: SecCertificateGetCLHandle err %d\n",
75 @@ -183,10 +188,12 @@
76 certData.Data = thisSslCert->derCert.data;
77 certData.Length = thisSslCert->derCert.length;
78 crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, pubKey);
79 + #if 0
80 if(crtn) {
81 sslErrorLog("parseIncomingCerts: CSSM_CL_CertGetKeyInfo err\n");
82 return (OSStatus)crtn;
83 }
84 + #endif
85
86 /* obtain keychain from key, CSP handle from keychain */
87 ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef);
88
89 ........
90
91 ...with this in place cert 00070004 causes anything parsing it to get a seg fault.
92
93 ...........
94
95 problems found:
96
97 1. Processing SEC_ASN1_SAVE, the destination item is mallocd once, with the length
98 of the top-level item to be saved. However data gets added to this item on a
99 leaf-by-leaf basis so that if the sizes of the leaves adds up to greater than
100 the stated/mallocd len of the otp-level item, overflow.
101
102 -- verified by disabling the SAVE in TBS_Cert
103 -- fixed using sec_asn1d_state.dest_alloc_len field to track alloc size in
104 aggregate items
105
106 ..............
107
108 certs known to crash the Panther Security.framework:
109
110 "00000668",
111 "00000681",
112 "00001980",
113 "00002040",
114 "00007472",
115 "00008064",
116 "00008656",
117 "00009840",
118 "00010432",
119 "00011614",
120 "00011615",
121 "00011616",