Bug 1405522 - Fix authenticated attribute migration under password ch…

…anges in the sql DBs r=ttaubert Summary: The underlying issue is that the sqlite-backed DB format stores CK_ULONG values in a machine-independent format, meaning it has to translate back and forth when running on a machine where CK_ULONG is not the same size (or endianness, presumably) as the stored format. Before this patch, both sftkdb_SetAttributeValue and sftk_updateMacs did not use the machine-independent format in the correct places. This manifested in a bug where if the password was changed, certificate trust settings would be reset to "untrusted". Bug #: 1405522 Differential Revision: https://phabricator.services.mozilla.com/D100 --HG-- extra : rebase_source : f2a7853405e5ce8b6a6c65eb0eb41f5c985a8e9e
sailfishos-mirror · Oct 12, 2017 · 7181762 · 7181762
1 parent dac31eb
commit 7181762
Show file tree

Hide file tree

Showing 4 changed files with 119 additions and 4 deletions.
diff --git a/gtests/softoken_gtest/softoken_gtest.cc b/gtests/softoken_gtest/softoken_gtest.cc
@@ -1,5 +1,7 @@
 #include <cstdlib>
 
+#include "cert.h"
+#include "certdb.h"
 #include "nspr.h"
 #include "nss.h"
 #include "pk11pub.h"
@@ -200,6 +202,110 @@ TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) {
   EXPECT_NE(nullptr, obj);
 }
 
+// This is just any X509 certificate. Its contents don't matter.
+static unsigned char certDER[] = {
+    0x30, 0x82, 0x01, 0xEF, 0x30, 0x82, 0x01, 0x94, 0xA0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x14, 0x49, 0xC4, 0xC4, 0x4A, 0xB6, 0x86, 0x07, 0xA3, 0x06,
+    0xDC, 0x4D, 0xC8, 0xC3, 0xFE, 0xC7, 0x21, 0x3A, 0x2D, 0xE4, 0xDA, 0x30,
+    0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
+    0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+    0x04, 0x74, 0x65, 0x73, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31,
+    0x35, 0x31, 0x31, 0x32, 0x38, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A,
+    0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0C, 0x04, 0x74, 0x65, 0x73, 0x74, 0x30, 0x82,
+    0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
+    0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82,
+    0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBA, 0x88, 0x51, 0xA8, 0x44,
+    0x8E, 0x16, 0xD6, 0x41, 0xFD, 0x6E, 0xB6, 0x88, 0x06, 0x36, 0x10, 0x3D,
+    0x3C, 0x13, 0xD9, 0xEA, 0xE4, 0x35, 0x4A, 0xB4, 0xEC, 0xF5, 0x68, 0x57,
+    0x6C, 0x24, 0x7B, 0xC1, 0xC7, 0x25, 0xA8, 0xE0, 0xD8, 0x1F, 0xBD, 0xB1,
+    0x9C, 0x06, 0x9B, 0x6E, 0x1A, 0x86, 0xF2, 0x6B, 0xE2, 0xAF, 0x5A, 0x75,
+    0x6B, 0x6A, 0x64, 0x71, 0x08, 0x7A, 0xA5, 0x5A, 0xA7, 0x45, 0x87, 0xF7,
+    0x1C, 0xD5, 0x24, 0x9C, 0x02, 0x7E, 0xCD, 0x43, 0xFC, 0x1E, 0x69, 0xD0,
+    0x38, 0x20, 0x29, 0x93, 0xAB, 0x20, 0xC3, 0x49, 0xE4, 0xDB, 0xB9, 0x4C,
+    0xC2, 0x6B, 0x6C, 0x0E, 0xED, 0x15, 0x82, 0x0F, 0xF1, 0x7E, 0xAD, 0x69,
+    0x1A, 0xB1, 0xD3, 0x02, 0x3A, 0x8B, 0x2A, 0x41, 0xEE, 0xA7, 0x70, 0xE0,
+    0x0F, 0x0D, 0x8D, 0xFD, 0x66, 0x0B, 0x2B, 0xB0, 0x24, 0x92, 0xA4, 0x7D,
+    0xB9, 0x88, 0x61, 0x79, 0x90, 0xB1, 0x57, 0x90, 0x3D, 0xD2, 0x3B, 0xC5,
+    0xE0, 0xB8, 0x48, 0x1F, 0xA8, 0x37, 0xD3, 0x88, 0x43, 0xEF, 0x27, 0x16,
+    0xD8, 0x55, 0xB7, 0x66, 0x5A, 0xAA, 0x7E, 0x02, 0x90, 0x2F, 0x3A, 0x7B,
+    0x10, 0x80, 0x06, 0x24, 0xCC, 0x1C, 0x6C, 0x97, 0xAD, 0x96, 0x61, 0x5B,
+    0xB7, 0xE2, 0x96, 0x12, 0xC0, 0x75, 0x31, 0xA3, 0x0C, 0x91, 0xDD, 0xB4,
+    0xCA, 0xF7, 0xFC, 0xAD, 0x1D, 0x25, 0xD3, 0x09, 0xEF, 0xB9, 0x17, 0x0E,
+    0xA7, 0x68, 0xE1, 0xB3, 0x7B, 0x2F, 0x22, 0x6F, 0x69, 0xE3, 0xB4, 0x8A,
+    0x95, 0x61, 0x1D, 0xEE, 0x26, 0xD6, 0x25, 0x9D, 0xAB, 0x91, 0x08, 0x4E,
+    0x36, 0xCB, 0x1C, 0x24, 0x04, 0x2C, 0xBF, 0x16, 0x8B, 0x2F, 0xE5, 0xF1,
+    0x8F, 0x99, 0x17, 0x31, 0xB8, 0xB3, 0xFE, 0x49, 0x23, 0xFA, 0x72, 0x51,
+    0xC4, 0x31, 0xD5, 0x03, 0xAC, 0xDA, 0x18, 0x0A, 0x35, 0xED, 0x8D, 0x02,
+    0x03, 0x01, 0x00, 0x01, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+    0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20,
+    0x5C, 0x75, 0x51, 0x9F, 0x13, 0x11, 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20,
+    0xA3, 0xBC, 0x06, 0x30, 0x91, 0xFF, 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64,
+    0xEC, 0xFD, 0xCB, 0x42, 0x80, 0x0A, 0x70, 0xE6, 0x02, 0x21, 0x00, 0x82,
+    0x12, 0xF7, 0xE5, 0xEA, 0x40, 0x27, 0xFD, 0xF7, 0xC0, 0x0E, 0x25, 0xF3,
+    0x3E, 0x34, 0x95, 0x80, 0xB9, 0xA3, 0x38, 0xE0, 0x56, 0x68, 0xDA, 0xE5,
+    0xC1, 0xF5, 0x37, 0xC7, 0xB5, 0xCE, 0x0D};
+
+struct PasswordPair {
+  const char *mInitialPassword;
+  const char *mSecondPassword;
+};
+
+class SoftokenPasswordChangeTest
+    : public SoftokenTest,
+      public ::testing::WithParamInterface<PasswordPair> {};
+
+TEST_P(SoftokenPasswordChangeTest, KeepTrustAfterPasswordChange) {
+  const PasswordPair &passwords = GetParam();
+  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+  ASSERT_TRUE(slot);
+  // Set a password.
+  EXPECT_EQ(SECSuccess,
+            PK11_InitPin(slot.get(), nullptr, passwords.mInitialPassword));
+  SECItem certDERItem = {siBuffer, certDER, sizeof(certDER)};
+  // Import a certificate.
+  ScopedCERTCertificate cert(CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &certDERItem, nullptr, true, true));
+  EXPECT_TRUE(cert);
+  SECStatus result =
+      PK11_ImportCert(slot.get(), cert.get(), CK_INVALID_HANDLE, "test", false);
+  EXPECT_EQ(SECSuccess, result);
+  // Set a trust value.
+  CERTCertTrust trust = {CERTDB_TRUSTED_CLIENT_CA | CERTDB_NS_TRUSTED_CA |
+                             CERTDB_TRUSTED_CA | CERTDB_VALID_CA,
+                         0, 0};
+  result = CERT_ChangeCertTrust(nullptr, cert.get(), &trust);
+  EXPECT_EQ(SECSuccess, result);
+  // Release the certificate to ensure we get it from the DB rather than an
+  // in-memory cache, below.
+  cert = nullptr;
+  // Change the password.
+  result = PK11_ChangePW(slot.get(), passwords.mInitialPassword,
+                         passwords.mSecondPassword);
+  EXPECT_EQ(SECSuccess, result);
+  // Look up the certificate again.
+  ScopedCERTCertificate newCert(
+      PK11_FindCertFromDERCertItem(slot.get(), &certDERItem, nullptr));
+  EXPECT_TRUE(newCert.get());
+  // The trust should be the same as before.
+  CERTCertTrust newTrust = {0, 0, 0};
+  result = CERT_GetCertTrust(newCert.get(), &newTrust);
+  EXPECT_EQ(SECSuccess, result);
+  EXPECT_EQ(trust.sslFlags, newTrust.sslFlags);
+  EXPECT_EQ(trust.emailFlags, newTrust.emailFlags);
+  EXPECT_EQ(trust.objectSigningFlags, newTrust.objectSigningFlags);
+}
+
+static const PasswordPair PASSWORD_CHANGE_TESTS[] = {
+    {"password", ""},           // non-empty to empty password
+    {"", "password"},           // empty to non-empty password
+    {"password", "password2"},  // non-empty to non-empty password
+};
+
+INSTANTIATE_TEST_CASE_P(SoftokenPasswordChangeTests, SoftokenPasswordChangeTest,
+                        ::testing::ValuesIn(PASSWORD_CHANGE_TESTS));
+
 class SoftokenNoDBTest : public ::testing::Test {};
 
 TEST_F(SoftokenNoDBTest, NeedUserInitNoDB) {

diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c
@@ -40,7 +40,7 @@
  */
 #define BBP 8
 
-static PRBool
+PRBool
 sftkdb_isULONGAttribute(CK_ATTRIBUTE_TYPE type)
 {
     switch (type) {
@@ -1370,7 +1370,8 @@ sftkdb_SetAttributeValue(SFTKDBHandle *handle, SFTKObject *object,
     }
 
     /* make sure we don't have attributes that conflict with the existing DB */
-    crv = sftkdb_checkConflicts(db, object->objclass, template, count, objectID);
+    crv = sftkdb_checkConflicts(db, object->objclass, ntemplate, count,
+                                objectID);
     if (crv != CKR_OK) {
         goto loser;
     }
@@ -1386,8 +1387,8 @@ sftkdb_SetAttributeValue(SFTKDBHandle *handle, SFTKObject *object,
         goto loser;
     }
     inTransaction = PR_TRUE;
-    crv = sftkdb_setAttributeValue(arena, handle, db,
-                                   objectID, template, count);
+    crv = sftkdb_setAttributeValue(arena, handle, db, objectID, ntemplate,
+                                   count);
     if (crv != CKR_OK) {
         goto loser;
     }

diff --git a/lib/softoken/sftkdbti.h b/lib/softoken/sftkdbti.h
@@ -49,6 +49,7 @@ SECStatus sftkdb_VerifyAttribute(SECItem *passKey,
                                  CK_ATTRIBUTE_TYPE attrType,
                                  SECItem *plainText, SECItem *sigText);
 
+PRBool sftkdb_isULONGAttribute(CK_ATTRIBUTE_TYPE type);
 void sftk_ULong2SDBULong(unsigned char *data, CK_ULONG value);
 CK_RV sftkdb_Update(SFTKDBHandle *handle, SECItem *key);
 CK_RV sftkdb_PutAttributeSignature(SFTKDBHandle *handle,

diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c
@@ -926,6 +926,13 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
             continue;
         }
 
+        if (authAttrs[i].ulValueLen == sizeof(CK_ULONG) &&
+            sftkdb_isULONGAttribute(authAttrs[i].type)) {
+            CK_ULONG value = *(CK_ULONG *)authAttrs[i].pValue;
+            sftk_ULong2SDBULong(authAttrs[i].pValue, value);
+            authAttrs[i].ulValueLen = SDB_ULONG_SIZE;
+        }
+
         plainText.data = authAttrs[i].pValue;
         plainText.len = authAttrs[i].ulValueLen;
         rv = sftkdb_SignAttribute(arena, newKey, id,