1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "simple_path_builder_delegate.h"
6
7 #include "cert_error_params.h"
8 #include "cert_errors.h"
9 #include "signature_algorithm.h"
10 #include "signature_verify_cache.h"
11 #include "verify_signed_data.h"
12 #include <openssl/bn.h>
13 #include <openssl/bytestring.h>
14 #include <openssl/digest.h>
15 #include <openssl/ec.h>
16 #include <openssl/ec_key.h>
17 #include <openssl/evp.h>
18 #include <openssl/nid.h>
19 #include <openssl/rsa.h>
20
21 namespace bssl {
22
23 DEFINE_CERT_ERROR_ID(SimplePathBuilderDelegate::kRsaModulusTooSmall,
24 "RSA modulus too small");
25
26 namespace {
27
28 DEFINE_CERT_ERROR_ID(kUnacceptableCurveForEcdsa,
29 "Only P-256, P-384, P-521 are supported for ECDSA");
30
IsAcceptableCurveForEcdsa(int curve_nid)31 bool IsAcceptableCurveForEcdsa(int curve_nid) {
32 switch (curve_nid) {
33 case NID_X9_62_prime256v1:
34 case NID_secp384r1:
35 case NID_secp521r1:
36 return true;
37 }
38
39 return false;
40 }
41
42 } // namespace
43
SimplePathBuilderDelegate(size_t min_rsa_modulus_length_bits,DigestPolicy digest_policy)44 SimplePathBuilderDelegate::SimplePathBuilderDelegate(
45 size_t min_rsa_modulus_length_bits,
46 DigestPolicy digest_policy)
47 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits),
48 digest_policy_(digest_policy) {}
49
CheckPathAfterVerification(const CertPathBuilder & path_builder,CertPathBuilderResultPath * path)50 void SimplePathBuilderDelegate::CheckPathAfterVerification(
51 const CertPathBuilder& path_builder,
52 CertPathBuilderResultPath* path) {
53 // Do nothing - consider all candidate paths valid.
54 }
55
IsDeadlineExpired()56 bool SimplePathBuilderDelegate::IsDeadlineExpired() {
57 return false;
58 }
59
GetVerifyCache()60 SignatureVerifyCache* SimplePathBuilderDelegate::GetVerifyCache() {
61 return nullptr;
62 }
63
IsSignatureAlgorithmAcceptable(SignatureAlgorithm algorithm,CertErrors * errors)64 bool SimplePathBuilderDelegate::IsSignatureAlgorithmAcceptable(
65 SignatureAlgorithm algorithm,
66 CertErrors* errors) {
67 switch (algorithm) {
68 case SignatureAlgorithm::kRsaPkcs1Sha1:
69 case SignatureAlgorithm::kEcdsaSha1:
70 return digest_policy_ == DigestPolicy::kWeakAllowSha1;
71
72 case SignatureAlgorithm::kRsaPkcs1Sha256:
73 case SignatureAlgorithm::kRsaPkcs1Sha384:
74 case SignatureAlgorithm::kRsaPkcs1Sha512:
75 case SignatureAlgorithm::kEcdsaSha256:
76 case SignatureAlgorithm::kEcdsaSha384:
77 case SignatureAlgorithm::kEcdsaSha512:
78 case SignatureAlgorithm::kRsaPssSha256:
79 case SignatureAlgorithm::kRsaPssSha384:
80 case SignatureAlgorithm::kRsaPssSha512:
81 return true;
82 }
83 return false;
84 }
85
IsPublicKeyAcceptable(EVP_PKEY * public_key,CertErrors * errors)86 bool SimplePathBuilderDelegate::IsPublicKeyAcceptable(EVP_PKEY* public_key,
87 CertErrors* errors) {
88 int pkey_id = EVP_PKEY_id(public_key);
89 if (pkey_id == EVP_PKEY_RSA) {
90 // Extract the modulus length from the key.
91 RSA* rsa = EVP_PKEY_get0_RSA(public_key);
92 if (!rsa)
93 return false;
94 unsigned int modulus_length_bits = RSA_bits(rsa);
95
96 if (modulus_length_bits < min_rsa_modulus_length_bits_) {
97 errors->AddError(
98 kRsaModulusTooSmall,
99 CreateCertErrorParams2SizeT("actual", modulus_length_bits, "minimum",
100 min_rsa_modulus_length_bits_));
101 return false;
102 }
103
104 return true;
105 }
106
107 if (pkey_id == EVP_PKEY_EC) {
108 // Extract the curve name.
109 EC_KEY* ec = EVP_PKEY_get0_EC_KEY(public_key);
110 if (!ec)
111 return false; // Unexpected.
112 int curve_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
113
114 if (!IsAcceptableCurveForEcdsa(curve_nid)) {
115 errors->AddError(kUnacceptableCurveForEcdsa);
116 return false;
117 }
118
119 return true;
120 }
121
122 // Unexpected key type.
123 return false;
124 }
125
126 } // namespace net
127