RFC 2459 name comparison.

net/cert/internal/verify_name_match.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/internal/verify_name_match.h"
+
+#include <string.h>
+
+#include "base/stl_util.h"
+#include "base/strings/string16.h"
+#include "base/strings/string_util.h"
+#include "base/strings/utf_string_conversion_utils.h"
+#include "base/strings/utf_string_conversions.h"
+#include "base/sys_byteorder.h"
+#include "base/third_party/icu/icu_utf.h"
+#include "base/tuple.h"
 #include "net/der/input.h"
+#include "net/der/parser.h"
+#include "net/der/tag.h"
 
 namespace net {
 
+namespace {
+
+// Types of character set checking that NormalizeDirectoryString can perform.
+enum CharsetEnforcement {
+  NO_ENFORCEMENT,
+  ENFORCE_PRINTABLE_STRING,
+  ENFORCE_ASCII,
+};
+
+// Normalizes |output|, a UTF-8 encoded string, as if it contained
+// only ASCII characters.
+//
+// This could be considered a partial subset of RFC 5280 rules, and
+// is compatible with RFC 2459/3280.
+//
+// In particular, RFC 5280, Section 7.1 describes how UTF8String
+// and PrintableString should be compared - using the LDAP StringPrep
+// profile of RFC 4518, with case folding and whitespace compression.
+// However, because it is optional for 2459/3280 implementations and because
+// it's desirable to avoid the size cost of the StringPrep tables,
+// this function treats |output| as if it was composed of ASCII.
+//
+// That is, rather than folding all whitespace characters, it only
+// folds ' '. Rather than case folding using locale-aware handling,
+// it only folds A-Z to a-z.
+//
+// This gives better results than outright rejecting (due to mismatched
+// encodings), or from doing a strict binary comparison (the minimum
+// required by RFC 3280), and is sufficient for those certificates
+// publicly deployed.
+//
+// If |charset_enforcement| is not NO_ENFORCEMENT and |output| contains any
+// characters not allowed in the specified charset, returns false.
+//
+// NOTE: |output| will be modified regardless of the return.
+WARN_UNUSED_RESULT bool NormalizeDirectoryString(
+    CharsetEnforcement charset_enforcement,
+    std::string* output) {
+  // Normalized version will always be equal or shorter than input.
+  // Normalize in place and then truncate the output if necessary.
+  std::string::const_iterator read_iter = output->begin();
+  std::string::iterator write_iter = output->begin();
+
+  for (; read_iter != output->end() && *read_iter == ' '; ++read_iter) {
+    // Ignore leading whitespace.
+  }
+
+  for (; read_iter != output->end(); ++read_iter) {
+    const unsigned char c = *read_iter;
+    if (c == ' ') {
+      // If there are non-whitespace characters remaining in input, compress
+      // multiple whitespace chars to a single space, otherwise ignore trailing
+      // whitespace.
+      std::string::const_iterator next_iter = read_iter + 1;
+      if (next_iter != output->end() && *next_iter != ' ')
+        *(write_iter++) = ' ';
+    } else if (c >= 'A' && c <= 'Z') {
+      // Fold case.
+      *(write_iter++) = c + ('a' - 'A');
+    } else {
+      // Note that these checks depend on the characters allowed by earlier
+      // conditions also being valid for the enforced charset.
+      switch (charset_enforcement) {
+        case ENFORCE_PRINTABLE_STRING:
+          // See NormalizePrintableStringValue comment for the acceptable list
+          // of characters.
+          if (!((c >= 'a' && c <= 'z') || (c >= '\'' && c <= ':') || c == '=' ||
+                c == '?'))
+            return false;
+          break;
+        case ENFORCE_ASCII:
+          if (c > 0x7F)
+            return false;
+          break;
+        case NO_ENFORCEMENT:
+          break;
+      }
+      *(write_iter++) = c;
+    }
+  }
+  if (write_iter != output->end())
+    output->erase(write_iter, output->end());
+  return true;
+}
+
+// Normalizes the DER-encoded PrintableString value |in| according to
+// RFC 2459, Section 4.1.2.4
+//
+// Briefly, normalization involves removing leading and trailing
+// whitespace, folding multiple whitespace characters into a single
+// whitespace character, and normalizing on case (this function
+// normalizes to lowercase).
+//
+// During normalization, this function also validates that |in|
+// is properly encoded - that is, that it restricts to the character
+// set defined in X.680 (2008), Section 41.4, Table 10. X.680 defines
+// the valid characters as
+//   a-z A-Z 0-9 (space) ' ( ) + , - . / : = ?
+//
+// However, due to an old OpenSSL encoding bug, a number of
+// certificates have also included '*', which has historically been
+// allowed by implementations, and so is also allowed here.
+//
+// If |in| can be normalized, returns true and sets |output| to the
+// case folded, normalized value. If |in| is invalid, returns false.
+// NOTE: |output| will be modified regardless of the return.
+WARN_UNUSED_RESULT bool NormalizePrintableStringValue(const der::Input& in,
+                                                      std::string* output) {
+  in.AsString().swap(*output);
+  return NormalizeDirectoryString(ENFORCE_PRINTABLE_STRING, output);
+}
+
+// Normalized a UTF8String value. See the comment for NormalizeDirectoryString
+// for details.
+//
+// If |in| can be normalized, returns true and sets |output| to the
+// case folded, normalized value. If |in| is invalid, returns false.
+// NOTE: |output| will be modified regardless of the return.
+WARN_UNUSED_RESULT bool NormalizeUtf8StringValue(const der::Input& in,
+                                                 std::string* output) {
+  in.AsString().swap(*output);
+  return NormalizeDirectoryString(NO_ENFORCEMENT, output);
+}
+
+// IA5String is ISO/IEC Registrations 1 and 6 from the ISO
+// "International Register of Coded Character Sets to be used
+// with Escape Sequences", plus space and delete. That's just the
+// polite way of saying 0x00 - 0x7F, aka ASCII (or, more formally,
+// ISO/IEC 646)
+//
+// If |in| can be normalized, returns true and sets |output| to the case folded,
+// normalized value. If |in| is invalid, returns false.
+// NOTE: |output| will be modified regardless of the return.
+WARN_UNUSED_RESULT bool NormalizeIA5StringValue(const der::Input& in,
+                                                std::string* output) {
+  in.AsString().swap(*output);
+  return NormalizeDirectoryString(ENFORCE_ASCII, output);
+}
+
+// Converts BMPString value to UTF-8 and then normalizes it. See the comment for
+// NormalizeDirectoryString for details.
+//
+// If |in| can be normalized, returns true and sets |output| to the case folded,
+// normalized value. If |in| is invalid, returns false.
+// NOTE: |output| will be modified regardless of the return.
+WARN_UNUSED_RESULT bool NormalizeBmpStringValue(const der::Input& in,
+                                                std::string* output) {
+  if (in.Length() % 2 != 0)
+    return false;
+
+  base::string16 in_16bit;
+  if (in.Length()) {
+    memcpy(base::WriteInto(&in_16bit, in.Length() / 2 + 1), in.UnsafeData(),
+           in.Length());
+  }
+  for (base::char16& c : in_16bit) {
+    // BMPString is UCS-2 in big-endian order.
+    c = base::NetToHost16(c);
+
+    // BMPString only supports codepoints in the Basic Multilingual Plane;
+    // surrogates are not allowed.
+    if (CBU_IS_SURROGATE(c))
+      return false;
+  }
+  if (!base::UTF16ToUTF8(in_16bit.data(), in_16bit.size(), output))
+    return false;
+  return NormalizeDirectoryString(NO_ENFORCEMENT, output);
+}
+
+// Converts UniversalString value to UTF-8 and then normalizes it. See the
+// comment for NormalizeDirectoryString for details.
+//
+// If |in| can be normalized, returns true and sets |output| to the case folded,
+// normalized value. If |in| is invalid, returns false.
+// NOTE: |output| will be modified regardless of the return.
+WARN_UNUSED_RESULT bool NormalizeUniversalStringValue(const der::Input& in,
+                                                      std::string* output) {
+  if (in.Length() % 4 != 0)
+    return false;
+
+  std::vector<uint32_t> in_32bit(in.Length() / 4);
+  if (in.Length())
+    memcpy(vector_as_array(&in_32bit), in.UnsafeData(), in.Length());
+  for (const uint32_t c : in_32bit) {
+    // UniversalString is UCS-4 in big-endian order.
+    uint32_t codepoint = base::NetToHost32(c);
+    if (!CBU_IS_UNICODE_CHAR(codepoint))
+      return false;
+
+    base::WriteUnicodeCharacter(codepoint, output);
+  }
+  return NormalizeDirectoryString(NO_ENFORCEMENT, output);
+}
+
+// Converts the string |value| to UTF-8, normalizes it, and stores in |output|.
+// |tag| must one of the types for which IsNormalizableDirectoryString is true.
+//
+// If |value| can be normalized, returns true and sets |output| to the case
+// folded, normalized value. If |value| is invalid, returns false.
+// NOTE: |output| will be modified regardless of the return.
+WARN_UNUSED_RESULT bool NormalizeValue(const der::Tag tag,
+                                       const der::Input& value,
+                                       std::string* output) {
+  switch (tag) {
+    case der::kPrintableString:
+      return NormalizePrintableStringValue(value, output);
+    case der::kUtf8String:
+      return NormalizeUtf8StringValue(value, output);
+    case der::kIA5String:
+      return NormalizeIA5StringValue(value, output);
+    case der::kUniversalString:
+      return NormalizeUniversalStringValue(value, output);
+    case der::kBmpString:
+      return NormalizeBmpStringValue(value, output);
+    default:
+      NOTREACHED();
+      return false;
+  }
+}
+
+// Returns true if |tag| is a string type that NormalizeValue can handle.
+bool IsNormalizableDirectoryString(der::Tag tag) {
+  switch (tag) {
+    case der::kPrintableString:
+    case der::kUtf8String:
+    // RFC 5280 only requires handling IA5String for comparing domainComponent
+    // values, but handling it here avoids the need to special case anything.
+    case der::kIA5String:
+    case der::kUniversalString:
+    case der::kBmpString:
+      return true;
+    // TeletexString isn't normalized. Section 8 of RFC 5280 briefly
+    // describes the historical confusion between treating TeletexString
+    // as Latin1String vs T.61, and there are even incompatibilities within
+    // T.61 implementations. As this time is virtually unused, simply
+    // treat it with a binary comparison, as permitted by RFC 3280/5280.
+    default:
+      return false;
+  }
+}
+
+// Returns true if the AttributeValue (|a_tag|, |a_value|) matches (|b_tag|,
+// |b_value|).
+bool VerifyValueMatch(const der::Tag a_tag,
+                      const der::Input& a_value,
+                      const der::Tag b_tag,
+                      const der::Input& b_value) {
+  if (IsNormalizableDirectoryString(a_tag) &&
+      IsNormalizableDirectoryString(b_tag)) {
+    std::string a_normalized, b_normalized;
+    if (!NormalizeValue(a_tag, a_value, &a_normalized) ||
+        !NormalizeValue(b_tag, b_value, &b_normalized))
+      return false;
+    return a_normalized == b_normalized;
+  }
+  // Attributes encoded with different types may be assumed to be unequal.
+  if (a_tag != b_tag)
+    return false;
+  // All other types use binary comparison.
+  return a_value.Equals(b_value);
+}
+
+struct AttributeTypeAndValue {
+  AttributeTypeAndValue(der::Input in_type,
+                        der::Tag in_value_tag,
+                        der::Input in_value)
+      : type(in_type), value_tag(in_value_tag), value(in_value) {}
+  der::Input type;
+  der::Tag value_tag;
+  der::Input value;
+};
+
+// Parses all the ASN.1 AttributeTypeAndValue elements in |parser| and stores
+// each as an AttributeTypeAndValue object in |out|.
+//
+// AttributeTypeAndValue is defined in RFC 5280 section 4.1.2.4:
+//
+// AttributeTypeAndValue ::= SEQUENCE {
+//   type     AttributeType,
+//   value    AttributeValue }
+//
+// AttributeType ::= OBJECT IDENTIFIER
+//
+// AttributeValue ::= ANY -- DEFINED BY AttributeType
+//
+// DirectoryString ::= CHOICE {
+//       teletexString           TeletexString (SIZE (1..MAX)),
+//       printableString         PrintableString (SIZE (1..MAX)),
+//       universalString         UniversalString (SIZE (1..MAX)),
+//       utf8String              UTF8String (SIZE (1..MAX)),
+//       bmpString               BMPString (SIZE (1..MAX)) }
+//
+// The type of the component AttributeValue is determined by the AttributeType;
+// in general it will be a DirectoryString.
+WARN_UNUSED_RESULT bool ReadRdn(der::Parser* parser,
+                                std::vector<AttributeTypeAndValue>* out) {
+  while (parser->HasMore()) {
+    der::Parser attr_type_and_value;
+    if (!parser->ReadSequence(&attr_type_and_value))
+      return false;
+    // Read the attribute type, which must be an OBJECT IDENTIFIER.
+    der::Input type;
+    if (!attr_type_and_value.ReadTag(der::kOid, &type))
+      return false;
+
+    // Read the attribute value.
+    der::Tag tag;
+    der::Input value;
+    if (!attr_type_and_value.ReadTagAndValue(&tag, &value))
+      return false;
+
+    // There should be no more elements in the sequence after reading the
+    // attribute type and value.
+    if (attr_type_and_value.HasMore())
+      return false;
+
+    out->push_back(AttributeTypeAndValue(type, tag, value));
+  }
+  return true;
+}
+
+// Verifies that |a_parser| and |b_parser| are the same length and that every
+// AttributeTypeAndValue in |a_parser| has a matching AttributeTypeAndValue in
+// |b_parser|.
+bool VerifyRdnMatch(der::Parser* a_parser, der::Parser* b_parser) {
+  std::vector<AttributeTypeAndValue> a_type_and_values, b_type_and_values;
+  if (!ReadRdn(a_parser, &a_type_and_values) ||
+      !ReadRdn(b_parser, &b_type_and_values))
+    return false;
+
+  // RFC 5280 section 4.1.2.4
+  // RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
+  if (a_type_and_values.empty() || b_type_and_values.empty())
+    return false;
+
+  // RFC 5280 section 7.1:
+  // Two relative distinguished names RDN1 and RDN2 match if they have the same
+  // number of naming attributes and for each naming attribute in RDN1 there is
+  // a matching naming attribute in RDN2.
+  if (a_type_and_values.size() != b_type_and_values.size())

[eroman, 2015/09/09 00:01:11]

If we are relying on a size check as part of our equality comparison, shouldn't
we also check for duplicates?

For instance given these two RDNS:

rdn1:
  Attribute1=Value1
  Attribute1=Value1

rdn2:
  Attribute1=Value1
  Attribute2=Value2

Then

VerifyRdnMatch(rdn1, rdn2) == true

However going in the other direction:

VerifyRdnMatch(rdn2, rdn1) == false


... That doesn't seem right...

[mattm, 2015/09/09 01:25:52]

Yeah, good point. I'll send out a CL to fix that.

+    return false;
+
+  // The ordering of elements may differ due to denormalized values sorting
+  // differently in the DER encoding. Since the number of elements should be
+  // small, a naive linear search for each element should be fine. (Hostile
+  // certificates already have ways to provoke pathological behavior.)
+  for (const auto& a : a_type_and_values) {
+    bool matched = false;
+    for (const auto& b : b_type_and_values) {
+      if (a.type.Equals(b.type) &&
+          VerifyValueMatch(a.value_tag, a.value, b.value_tag, b.value)) {
+        matched = true;
+        break;
+      }
+    }
+    if (!matched)
+      return false;
+  }
+
+  // Every element in |a_type_and_values| had a matching element in
+  // |b_type_and_values|.
+  return true;
+}
+
+}  // namespace
+
+// |a| and |b| are ASN.1 RDNSequence values (not including the Sequence tag),
+// defined in RFC 5280 section 4.1.2.4:
+//
+// Name ::= CHOICE { -- only one possibility for now --
+//   rdnSequence  RDNSequence }
+//
+// RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+//
+// RelativeDistinguishedName ::=
+//   SET SIZE (1..MAX) OF AttributeTypeAndValue
 bool VerifyNameMatch(const der::Input& a, const der::Input& b) {
-  // TODO(mattm): use normalization as specified in RFC 5280 section 7.
-  return a.Equals(b);
+  // Empty Names are allowed.  RFC 5280 section 4.1.2.4 requires "The issuer
+  // field MUST contain a non-empty distinguished name (DN)", while section
+  // 4.1.2.6 allows for the Subject to be empty in certain cases. The caller is
+  // assumed to have verified those conditions.
+
+  // RFC 5280 section 7.1:
+  // Two distinguished names DN1 and DN2 match if they have the same number of
+  // RDNs, for each RDN in DN1 there is a matching RDN in DN2, and the matching
+  // RDNs appear in the same order in both DNs.
+
+  // First just check if the inputs have the same number of RDNs:
+  der::Parser a_rdn_sequence_counter(a);
+  der::Parser b_rdn_sequence_counter(b);
+  while (a_rdn_sequence_counter.HasMore() && b_rdn_sequence_counter.HasMore()) {
+    if (!a_rdn_sequence_counter.SkipTag(der::kSet) ||
+        !b_rdn_sequence_counter.SkipTag(der::kSet)) {
+      return false;
+    }
+  }
+  if (a_rdn_sequence_counter.HasMore() || b_rdn_sequence_counter.HasMore())
+    return false;
+
+  // Same number of RDNs, now check if they match.
+  der::Parser a_rdn_sequence(a);
+  der::Parser b_rdn_sequence(b);
+  while (a_rdn_sequence.HasMore() && b_rdn_sequence.HasMore()) {
+    der::Parser a_rdn, b_rdn;
+    if (!a_rdn_sequence.ReadConstructed(der::kSet, &a_rdn) ||
+        !b_rdn_sequence.ReadConstructed(der::kSet, &b_rdn)) {
+      return false;
+    }
+    if (!VerifyRdnMatch(&a_rdn, &b_rdn))
+      return false;
+  }
+
+  return true;
 }
 
 }  // namespace net