Detect SHA-1 when it appears in certificate chains

net/cert/cert_verify_proc_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/cert_verify_proc.h"
 
 #include <vector>
 
 #include "base/callback_helpers.h"
 #include "base/files/file_path.h"
@@ skipping 1242 matching lines @@
   error = Verify(leaf.get(),
                  "test.example.com",
                  flags,
                  crl_set.get(),
                  empty_cert_list_,
                  &verify_result);
   EXPECT_EQ(ERR_CERT_REVOKED, error);
 }
 #endif
 
+enum ExpectedAlgorithms {
+  EXPECT_MD2 = 1 << 0,
+  EXPECT_MD4 = 1 << 1,
+  EXPECT_MD5 = 1 << 2,
+  EXPECT_SHA1 = 1 << 3
+};
+
 struct WeakDigestTestData {
   const char* root_cert_filename;
   const char* intermediate_cert_filename;
   const char* ee_cert_filename;
-  bool expected_has_md5;
-  bool expected_has_md4;
-  bool expected_has_md2;
+  int expected_algorithms;
 };
 
 // GTest 'magic' pretty-printer, so that if/when a test fails, it knows how
 // to output the parameter that was passed. Without this, it will simply
 // attempt to print out the first twenty bytes of the object, which depending
 // on platform and alignment, may result in an invalid read.
 void PrintTo(const WeakDigestTestData& data, std::ostream* os) {
   *os << "root: "
       << (data.root_cert_filename ? data.root_cert_filename : "none")
       << "; intermediate: " << data.intermediate_cert_filename
@@ skipping 36 matching lines @@
   ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain.get());
 
   int flags = 0;
   CertVerifyResult verify_result;
   int rv = Verify(ee_chain.get(),
                   "127.0.0.1",
                   flags,
                   NULL,
                   empty_cert_list_,
                   &verify_result);
-  EXPECT_EQ(data.expected_has_md5, verify_result.has_md5);
-  EXPECT_EQ(data.expected_has_md4, verify_result.has_md4);
-  EXPECT_EQ(data.expected_has_md2, verify_result.has_md2);
+  EXPECT_EQ(!!(data.expected_algorithms & EXPECT_MD2), verify_result.has_md2);
+  EXPECT_EQ(!!(data.expected_algorithms & EXPECT_MD4), verify_result.has_md4);
+  EXPECT_EQ(!!(data.expected_algorithms & EXPECT_MD5), verify_result.has_md5);
+  EXPECT_EQ(!!(data.expected_algorithms & EXPECT_SHA1), verify_result.has_sha1);
+
   EXPECT_FALSE(verify_result.is_issued_by_additional_trust_anchor);
 
   // Ensure that MD4 and MD2 are tagged as invalid.
-  if (data.expected_has_md4 || data.expected_has_md2) {
+  if (data.expected_algorithms & (EXPECT_MD2 | EXPECT_MD4)) {
     EXPECT_EQ(CERT_STATUS_INVALID,
               verify_result.cert_status & CERT_STATUS_INVALID);
   }
 
   // Ensure that MD5 is flagged as weak.
-  if (data.expected_has_md5) {
+  if (data.expected_algorithms & EXPECT_MD5) {
     EXPECT_EQ(
         CERT_STATUS_WEAK_SIGNATURE_ALGORITHM,
         verify_result.cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM);
   }
 
   // If a root cert is present, then check that the chain was rejected if any
   // weak algorithms are present. This is only checked when a root cert is
   // present because the error reported for incomplete chains with weak
   // algorithms depends on which implementation was used to validate (NSS,
   // OpenSSL, CryptoAPI, Security.framework) and upon which weak algorithm
   // present (MD2, MD4, MD5).
   if (data.root_cert_filename) {
-    if (data.expected_has_md4 || data.expected_has_md2) {
+    if (data.expected_algorithms & (EXPECT_MD2 | EXPECT_MD4)) {
       EXPECT_EQ(ERR_CERT_INVALID, rv);
-    } else if (data.expected_has_md5) {
+    } else if (data.expected_algorithms & EXPECT_MD5) {
       EXPECT_EQ(ERR_CERT_WEAK_SIGNATURE_ALGORITHM, rv);
     } else {
       EXPECT_EQ(OK, rv);
     }
   }
 }
 
 // Unlike TEST/TEST_F, which are macros that expand to further macros,
 // INSTANTIATE_TEST_CASE_P is a macro that expands directly to code that
 // stringizes the arguments. As a result, macros passed as parameters (such as
 // prefix or test_case_name) will not be expanded by the preprocessor. To work
 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the
 // pre-processor will expand macros such as MAYBE_test_name before
 // instantiating the test.
 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \
     INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator)
 
 // The signature algorithm of the root CA should not matter.
 const WeakDigestTestData kVerifyRootCATestData[] = {
   { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem",
-    "weak_digest_sha1_ee.pem", false, false, false },
+    "weak_digest_sha1_ee.pem", EXPECT_SHA1 },
 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
   // MD4 is not supported by OS X / NSS
   { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem",
-    "weak_digest_sha1_ee.pem", false, false, false },
+    "weak_digest_sha1_ee.pem", EXPECT_SHA1 },
 #endif
   { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem",
-    "weak_digest_sha1_ee.pem", false, false, false },
+    "weak_digest_sha1_ee.pem", EXPECT_SHA1 },
 };
 INSTANTIATE_TEST_CASE_P(VerifyRoot, CertVerifyProcWeakDigestTest,
                         testing::ValuesIn(kVerifyRootCATestData));
 
 // The signature algorithm of intermediates should be properly detected.
 const WeakDigestTestData kVerifyIntermediateCATestData[] = {
   { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
-    "weak_digest_sha1_ee.pem", true, false, false },
+    "weak_digest_sha1_ee.pem", EXPECT_MD5 | EXPECT_SHA1 },
 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
   // MD4 is not supported by OS X / NSS
   { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
-    "weak_digest_sha1_ee.pem", false, true, false },
+    "weak_digest_sha1_ee.pem", EXPECT_MD4 | EXPECT_SHA1 },
 #endif
   { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
-    "weak_digest_sha1_ee.pem", false, false, true },
+    "weak_digest_sha1_ee.pem", EXPECT_MD2 | EXPECT_SHA1 },
 };
 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled.
 #if defined(USE_NSS) || defined(OS_IOS)
 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate
 #else
 #define MAYBE_VerifyIntermediate VerifyIntermediate
 #endif
 WRAPPED_INSTANTIATE_TEST_CASE_P(
     MAYBE_VerifyIntermediate,
     CertVerifyProcWeakDigestTest,
     testing::ValuesIn(kVerifyIntermediateCATestData));
 
 // The signature algorithm of end-entity should be properly detected.
 const WeakDigestTestData kVerifyEndEntityTestData[] = {
   { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
-    "weak_digest_md5_ee.pem", true, false, false },
+    "weak_digest_md5_ee.pem", EXPECT_MD5 | EXPECT_SHA1 },
 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
   // MD4 is not supported by OS X / NSS
   { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
-    "weak_digest_md4_ee.pem", false, true, false },
+    "weak_digest_md4_ee.pem", EXPECT_MD4 | EXPECT_SHA1 },
 #endif
   { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
-    "weak_digest_md2_ee.pem", false, false, true },
+    "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_SHA1 },
 };
 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot
 // be cleared until NSS is cleanly shutdown, which is not presently supported
 // in Chromium.
 #if defined(USE_NSS) || defined(OS_IOS)
 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity
 #else
 #define MAYBE_VerifyEndEntity VerifyEndEntity
 #endif
 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity,
                                 CertVerifyProcWeakDigestTest,
                                 testing::ValuesIn(kVerifyEndEntityTestData));
 
 // Incomplete chains should still report the status of the intermediate.
 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = {
   { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem",
-    true, false, false },
+    EXPECT_MD5 | EXPECT_SHA1 },
 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
   // MD4 is not supported by OS X / NSS
   { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem",
-    false, true, false },
+    EXPECT_MD4 | EXPECT_SHA1 },
 #endif
   { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem",
-    false, false, true },
+    EXPECT_MD2 | EXPECT_SHA1 },
 };
 // Disabled on NSS - libpkix does not return constructed chains on error,
 // preventing us from detecting/inspecting the verified chain.
 #if defined(USE_NSS) || defined(OS_IOS)
 #define MAYBE_VerifyIncompleteIntermediate \
     DISABLED_VerifyIncompleteIntermediate
 #else
 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate
 #endif
 WRAPPED_INSTANTIATE_TEST_CASE_P(
     MAYBE_VerifyIncompleteIntermediate,
     CertVerifyProcWeakDigestTest,
     testing::ValuesIn(kVerifyIncompleteIntermediateTestData));
 
 // Incomplete chains should still report the status of the end-entity.
 const WeakDigestTestData kVerifyIncompleteEETestData[] = {
   { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem",
-    true, false, false },
+    EXPECT_MD5 | EXPECT_SHA1 },
 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
   // MD4 is not supported by OS X / NSS
   { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem",
-    false, true, false },
+    EXPECT_MD4 | EXPECT_SHA1 },
 #endif
   { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem",
-    false, false, true },
+    EXPECT_MD2 | EXPECT_SHA1 },
 };
 // Disabled on NSS - libpkix does not return constructed chains on error,
 // preventing us from detecting/inspecting the verified chain.
 #if defined(USE_NSS) || defined(OS_IOS)
 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity
 #else
 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity
 #endif
 WRAPPED_INSTANTIATE_TEST_CASE_P(
     MAYBE_VerifyIncompleteEndEntity,
     CertVerifyProcWeakDigestTest,
     testing::ValuesIn(kVerifyIncompleteEETestData));
 
 // Differing algorithms between the intermediate and the EE should still be
 // reported.
 const WeakDigestTestData kVerifyMixedTestData[] = {
   { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
-    "weak_digest_md2_ee.pem", true, false, true },
+    "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD5 },
   { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
-    "weak_digest_md5_ee.pem", true, false, true },
+    "weak_digest_md5_ee.pem", EXPECT_MD2 | EXPECT_MD5 },
 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
   // MD4 is not supported by OS X / NSS
   { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
-    "weak_digest_md2_ee.pem", false, true, true },
+    "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD4 },
 #endif
 };
 // NSS does not support MD4 and does not enable MD2 by default, making all
 // permutations invalid.
 #if defined(USE_NSS) || defined(OS_IOS)
 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
 #else
 #define MAYBE_VerifyMixed VerifyMixed
 #endif
 WRAPPED_INSTANTIATE_TEST_CASE_P(
@@ skipping 60 matching lines @@
     EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
   }
 }
 
 WRAPPED_INSTANTIATE_TEST_CASE_P(
     VerifyName,
     CertVerifyProcNameTest,
     testing::ValuesIn(kVerifyNameData));
 
 }  // namespace net