« QA/Firefox3.1/TestPlan

Cryptography Test Plan

Overview

This test document details the features of Firefox that deal with cryptography, including SSL/TLS, client-side certificates, validation checking, UI, and so on.

Some of these tests require the use of a Mozilla-run certificate authority such as the Dogtag open source project's CA.

Test Strategy

 List major areas of test coverage
 List areas that will NOT be covered (by developer, third party, etc.)
 Describe how testcases will be created (litmus, mochitests, reftests, gristmill, etc..)

Certificate Issuance

Users can obtain personal certificates for the following purposes:

1. Client-auth: Some HTTPS servers request/require users to present a personal certificate while negotiating the SSL/TLS connection. We sometimes refer to this connection as an "SSL client auth" connection. Read more here...
2. Form signing: Firefox supports a mechanism for a web page developer to request that users digitally sign forms at the time of submission. Read more here...
3. Plug-ins: There are a few plug-ins that require users to have personal certificates. One example is the S/MIME plug-in for GMail. Read more here...

Some times these personal certificates live on smartcards, and sometimes they live on the hard drive in the form of a "soft token". Interestingly, Firefox's NSS cryptography libraries treat software-based certificates as if they were hardware tokens. In other words, there's just one way for Firefox to talk to both software and hardware tokens (PKCS#11). Read more here...

Public CA Test

For these tests, we will use the Thawte CA: Get a cert from Thawte on Linux, Windows XP, Vista, and OSX

Thawte: http://www.thawte.com/

Mozilla-owned CA Test

Mozilla should install an instance of the Dogtag Certificate Authority 1.0 and run the following tests against that CA.

Dogtag open source CA home page: http://pki.fedoraproject.org/wiki/PKI_Main_Page

Certificate Usage

This section comprises the bulk of the testing Firefox needs before shipping.

SSL Server Authentication

All SSL server-auth tests should be automated. Mozilla should set up servers that will disable all ciphersuites, and them enable them one at a time. For each ciphersuite, the browser will then make a connection to a test SSL server that supports all the default ciphersuites. After the browser makes a connection to the server, the test script will confirm that the ciphersuite in question was actually negotiated.

The ciphersuites that are enabled by default are:

security.ssl3.rsa_rc4_128_md5
security.ssl3.rsa_rc4_128_sha
security.ssl3.rsa_fips_des_ede3_sha
security.ssl3.rsa_des_ede3_sha
security.ssl3.dhe_rsa_camellia_256_sha
security.ssl3.dhe_dss_camellia_256_sha
security.ssl3.rsa_camellia_256_sha
security.ssl3.dhe_rsa_camellia_128_sha
security.ssl3.dhe_dss_camellia_128_sha
security.ssl3.rsa_camellia_128_sha
security.ssl3.dhe_rsa_aes_256_sha
security.ssl3.dhe_dss_aes_256_sha
security.ssl3.rsa_aes_256_sha
security.ssl3.ecdhe_ecdsa_aes_256_sha
security.ssl3.ecdhe_ecdsa_aes_128_sha
security.ssl3.ecdhe_ecdsa_des_ede3_sha
security.ssl3.ecdhe_ecdsa_rc4_128_sha
security.ssl3.ecdhe_rsa_aes_256_sha
security.ssl3.ecdhe_rsa_aes_128_sha
security.ssl3.ecdhe_rsa_des_ede3_sha
security.ssl3.ecdhe_rsa_rc4_128_sha
security.ssl3.ecdh_ecdsa_aes_256_sha
security.ssl3.ecdh_ecdsa_aes_128_sha
security.ssl3.ecdh_ecdsa_des_ede3_sha
security.ssl3.ecdh_ecdsa_rc4_128_sha
security.ssl3.ecdh_rsa_aes_256_sha
security.ssl3.ecdh_rsa_aes_128_sha
security.ssl3.ecdh_rsa_des_ede3_sha
security.ssl3.ecdh_rsa_rc4_128_sha
security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_dss_aes_128_sha
security.ssl3.rsa_aes_128_sha
security.ssl3.dhe_rsa_des_ede3_sha
security.ssl3.dhe_dss_des_ede3_sha

The above represent positive test cases. The ciphersuite tests should also include negative test cases. For example, the browser should attempt to make an SSL connection to the server with a ciphersuite they do not have in common. The test should ensure that the browser displays the proper error message

SSL Client Authentication

Presentation of States

A page shown in Firefox usually consists of many invidiual items, text, scripts, stylesheets, images. Each item might have a different security state. The challenge is to use UI that correctly represents the overall state of a given page.

This set of tests involves visiting sites that have a mix of content. The browser should render the page in a manner consistent with the matrix on the "Presentation of States" page.

Basic chrome

Cert Viewer

Certificate Management

Users can manage certs in a number of ways. For their own personal certs (the ones for which they have the corresponding private key), they can backup and restore them (if not on a smartcard). Users can also import/export certificates for other people, server, and authorities. They can also set trust bits on these certificates to allow them to be used for specific functions. For example, a user can mark a CA cert as valid for a purpose such as issuing S/MIME certs to other people.

This section describes these features and the effort required to test them.

"Your Certificates" tab

1. View
2. Backup
3. Backup all
4. Import
5. Delete

"People" tab

1. View
2. Edit
3. Import
4. Export
5. Delete

"Servers" tab

1. View
2. Edit
3. Import
4. Export
5. Delete
6. Add Exception

"Authorities" tab

1. View
2. Edit
3. Import
4. Export
5. Delete

"Others" tab

1. View
2. Export
3. Delete

Certificate Validation

Although all certificates, even CA certificates, have expiration dates, sometimes something goes wrong and the owner needs to revoke them. Firefox uses two methods for validating a certificate: OSCP and CRLs.

The test team will need access to a CA to test these features. In general, only the CA that issues the cert is able to comment on its validity.

OCSP

CRLs

Form signing

Key Plug-ins

Cert Viewer Plus

Extends the certificate viewer with two options: an X.509 certificate can either be displayed in PEM format (opens in a new window) or saved to a file (PEM/DER/PKCS#7). Furthermore, an entry for direct access to the certificate manager is added to the Tools menu, including a keyboard shortcut.

https://addons.mozilla.org/en-US/firefox/addon/1964

S/MIME

With the Gmail S/MIME extension, you can send and receive signed and encrypted S/MIME messages in Gmail.

• http://www.seantek.com/gmailsmime/
• https://addons.mozilla.org/en-US/firefox/addon/592

Smart cards

Schedule Scoping

 Estimate amount of time it will take to complete feature
 (Consider nightly builds, security reviews, bugs turnaround time)

References

• http://www.mozilla.org/projects/security/pki/psm/help_21/ssl_help.html
• https://wiki.mozilla.org/Security:SSLErrorPages
• http://kuix.de/mozilla/certwarndiscussion/proposal20061016/
• http://blog.johnath.com/2008/04/16/security-ui-in-firefox-3plus1/
• https://wiki.mozilla.org/Security:SSLErrorPages#Mixed_Content
• https://bugzilla.mozilla.org/show_bug.cgi?id=62178
• https://wiki.mozilla.org/Security:PresentationOfStates
• https://bugzilla.mozilla.org/show_bug.cgi?id=428009 hook up ssltunnel to mochitest
• https://bugzilla.mozilla.org/show_bug.cgi?id=135007 Transfer mode of images should be relevant for shown lock icon state (mixed content)