1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/x509_util.h"
6
7 #include <string.h>
8 #include <map>
9 #include <memory>
10
11 #include "base/lazy_instance.h"
12 #include "base/logging.h"
13 #include "base/memory/raw_ptr.h"
14 #include "base/notreached.h"
15 #include "base/strings/string_split.h"
16 #include "base/strings/string_util.h"
17 #include "base/time/time.h"
18 #include "build/build_config.h"
19 #include "crypto/openssl_util.h"
20 #include "crypto/rsa_private_key.h"
21 #include "crypto/sha2.h"
22 #include "net/base/hash_value.h"
23 #include "net/cert/asn1_util.h"
24 #include "net/cert/time_conversions.h"
25 #include "net/cert/x509_certificate.h"
26 #include "third_party/boringssl/src/include/openssl/bytestring.h"
27 #include "third_party/boringssl/src/include/openssl/digest.h"
28 #include "third_party/boringssl/src/include/openssl/evp.h"
29 #include "third_party/boringssl/src/include/openssl/mem.h"
30 #include "third_party/boringssl/src/include/openssl/pkcs7.h"
31 #include "third_party/boringssl/src/include/openssl/pool.h"
32 #include "third_party/boringssl/src/include/openssl/stack.h"
33 #include "third_party/boringssl/src/pki/cert_errors.h"
34 #include "third_party/boringssl/src/pki/input.h"
35 #include "third_party/boringssl/src/pki/name_constraints.h"
36 #include "third_party/boringssl/src/pki/parse_certificate.h"
37 #include "third_party/boringssl/src/pki/parse_name.h"
38 #include "third_party/boringssl/src/pki/parse_values.h"
39 #include "third_party/boringssl/src/pki/signature_algorithm.h"
40
41 namespace net::x509_util {
42
43 namespace {
44
AddRSASignatureAlgorithm(CBB * cbb,DigestAlgorithm algorithm)45 bool AddRSASignatureAlgorithm(CBB* cbb, DigestAlgorithm algorithm) {
46 // See RFC 4055.
47 static const uint8_t kSHA256WithRSAEncryption[] = {
48 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b};
49
50 // An AlgorithmIdentifier is described in RFC 5280, 4.1.1.2.
51 CBB sequence, oid, params;
52 if (!CBB_add_asn1(cbb, &sequence, CBS_ASN1_SEQUENCE) ||
53 !CBB_add_asn1(&sequence, &oid, CBS_ASN1_OBJECT)) {
54 return false;
55 }
56
57 switch (algorithm) {
58 case DIGEST_SHA256:
59 if (!CBB_add_bytes(&oid, kSHA256WithRSAEncryption,
60 sizeof(kSHA256WithRSAEncryption)))
61 return false;
62 break;
63 }
64
65 // All supported algorithms use null parameters.
66 if (!CBB_add_asn1(&sequence, ¶ms, CBS_ASN1_NULL) || !CBB_flush(cbb)) {
67 return false;
68 }
69
70 return true;
71 }
72
ToEVP(DigestAlgorithm alg)73 const EVP_MD* ToEVP(DigestAlgorithm alg) {
74 switch (alg) {
75 case DIGEST_SHA256:
76 return EVP_sha256();
77 }
78 return nullptr;
79 }
80
81 class BufferPoolSingleton {
82 public:
BufferPoolSingleton()83 BufferPoolSingleton() {
84 crypto::EnsureOpenSSLInit();
85
86 pool_ = CRYPTO_BUFFER_POOL_new();
87 }
88
pool()89 CRYPTO_BUFFER_POOL* pool() { return pool_; }
90
91 private:
92 // The singleton is leaky, so there is no need to use a smart pointer.
93 raw_ptr<CRYPTO_BUFFER_POOL> pool_;
94 };
95
96 base::LazyInstance<BufferPoolSingleton>::Leaky g_buffer_pool_singleton =
97 LAZY_INSTANCE_INITIALIZER;
98
99 } // namespace
100
101 // Adds an X.509 Name with the specified distinguished name to |cbb|.
AddName(CBB * cbb,base::StringPiece name)102 bool AddName(CBB* cbb, base::StringPiece name) {
103 // See RFC 4519.
104 static const uint8_t kCommonName[] = {0x55, 0x04, 0x03};
105 static const uint8_t kCountryName[] = {0x55, 0x04, 0x06};
106 static const uint8_t kOrganizationName[] = {0x55, 0x04, 0x0a};
107 static const uint8_t kOrganizationalUnitName[] = {0x55, 0x04, 0x0b};
108
109 std::vector<std::string> attributes = SplitString(
110 name, /*separators=*/",", base::WhitespaceHandling::TRIM_WHITESPACE,
111 base::SplitResult::SPLIT_WANT_NONEMPTY);
112
113 if (attributes.size() == 0) {
114 LOG(ERROR) << "Missing DN or wrong format";
115 return false;
116 }
117
118 // See RFC 5280, section 4.1.2.4.
119 CBB rdns;
120 if (!CBB_add_asn1(cbb, &rdns, CBS_ASN1_SEQUENCE)) {
121 return false;
122 }
123
124 for (const std::string& attribute : attributes) {
125 std::vector<std::string> parts =
126 SplitString(attribute, /*separators=*/"=",
127 base::WhitespaceHandling::KEEP_WHITESPACE,
128 base::SplitResult::SPLIT_WANT_ALL);
129 if (parts.size() != 2) {
130 LOG(ERROR) << "Wrong DN format at " + attribute;
131 return false;
132 }
133
134 const std::string& type_string = parts[0];
135 const std::string& value_string = parts[1];
136 base::span<const uint8_t> type_bytes;
137 if (type_string == "CN") {
138 type_bytes = kCommonName;
139 } else if (type_string == "C") {
140 type_bytes = kCountryName;
141 } else if (type_string == "O") {
142 type_bytes = kOrganizationName;
143 } else if (type_string == "OU") {
144 type_bytes = kOrganizationalUnitName;
145 } else {
146 LOG(ERROR) << "Unrecognized type " + type_string;
147 return false;
148 }
149
150 CBB rdn, attr, type, value;
151 if (!CBB_add_asn1(&rdns, &rdn, CBS_ASN1_SET) ||
152 !CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE) ||
153 !CBB_add_asn1(&attr, &type, CBS_ASN1_OBJECT) ||
154 !CBB_add_bytes(&type, type_bytes.data(), type_bytes.size()) ||
155 !CBB_add_asn1(&attr, &value, type_string == "C" ?
156 CBS_ASN1_PRINTABLESTRING : CBS_ASN1_UTF8STRING) ||
157 !CBB_add_bytes(&value,
158 reinterpret_cast<const uint8_t*>(value_string.data()),
159 value_string.size()) ||
160 !CBB_flush(&rdns)) {
161 return false;
162 }
163 }
164 if (!CBB_flush(cbb)) {
165 return false;
166 }
167 return true;
168 }
169
CBBAddTime(CBB * cbb,base::Time time)170 bool CBBAddTime(CBB* cbb, base::Time time) {
171 bssl::der::GeneralizedTime generalized_time;
172 if (!EncodeTimeAsGeneralizedTime(time, &generalized_time)) {
173 return false;
174 }
175
176 // Per RFC 5280, 4.1.2.5, times which fit in UTCTime must be encoded as
177 // UTCTime rather than GeneralizedTime.
178 CBB child;
179 uint8_t* out;
180 if (generalized_time.InUTCTimeRange()) {
181 return CBB_add_asn1(cbb, &child, CBS_ASN1_UTCTIME) &&
182 CBB_add_space(&child, &out, bssl::der::kUTCTimeLength) &&
183 bssl::der::EncodeUTCTime(generalized_time, out) && CBB_flush(cbb);
184 }
185
186 return CBB_add_asn1(cbb, &child, CBS_ASN1_GENERALIZEDTIME) &&
187 CBB_add_space(&child, &out, bssl::der::kGeneralizedTimeLength) &&
188 bssl::der::EncodeGeneralizedTime(generalized_time, out) &&
189 CBB_flush(cbb);
190 }
191
GetTLSServerEndPointChannelBinding(const X509Certificate & certificate,std::string * token)192 bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate,
193 std::string* token) {
194 static const char kChannelBindingPrefix[] = "tls-server-end-point:";
195
196 base::StringPiece der_encoded_certificate =
197 x509_util::CryptoBufferAsStringPiece(certificate.cert_buffer());
198
199 bssl::der::Input tbs_certificate_tlv;
200 bssl::der::Input signature_algorithm_tlv;
201 bssl::der::BitString signature_value;
202 if (!bssl::ParseCertificate(bssl::der::Input(der_encoded_certificate),
203 &tbs_certificate_tlv, &signature_algorithm_tlv,
204 &signature_value, nullptr)) {
205 return false;
206 }
207 std::optional<bssl::SignatureAlgorithm> signature_algorithm =
208 bssl::ParseSignatureAlgorithm(signature_algorithm_tlv);
209 if (!signature_algorithm) {
210 return false;
211 }
212
213 std::optional<bssl::DigestAlgorithm> binding_digest =
214 bssl::GetTlsServerEndpointDigestAlgorithm(*signature_algorithm);
215 if (!binding_digest) {
216 return false;
217 }
218 const EVP_MD* digest_evp_md = nullptr;
219 switch (binding_digest.value()) {
220 case bssl::DigestAlgorithm::Md2:
221 case bssl::DigestAlgorithm::Md4:
222 case bssl::DigestAlgorithm::Md5:
223 case bssl::DigestAlgorithm::Sha1:
224 // Legacy digests are not supported, and
225 // `GetTlsServerEndpointDigestAlgorithm` internally maps MD5 and SHA-1 to
226 // SHA-256.
227 NOTREACHED();
228 break;
229
230 case bssl::DigestAlgorithm::Sha256:
231 digest_evp_md = EVP_sha256();
232 break;
233
234 case bssl::DigestAlgorithm::Sha384:
235 digest_evp_md = EVP_sha384();
236 break;
237
238 case bssl::DigestAlgorithm::Sha512:
239 digest_evp_md = EVP_sha512();
240 break;
241 }
242 if (!digest_evp_md)
243 return false;
244
245 uint8_t digest[EVP_MAX_MD_SIZE];
246 unsigned int out_size;
247 if (!EVP_Digest(der_encoded_certificate.data(),
248 der_encoded_certificate.size(), digest, &out_size,
249 digest_evp_md, nullptr))
250 return false;
251
252 token->assign(kChannelBindingPrefix);
253 token->append(digest, digest + out_size);
254 return true;
255 }
256
257 // RSA keys created by CreateKeyAndSelfSignedCert will be of this length.
258 static const uint16_t kRSAKeyLength = 1024;
259
260 // Certificates made by CreateKeyAndSelfSignedCert will be signed using this
261 // digest algorithm.
262 static const DigestAlgorithm kSignatureDigestAlgorithm = DIGEST_SHA256;
263
CreateKeyAndSelfSignedCert(const std::string & subject,uint32_t serial_number,base::Time not_valid_before,base::Time not_valid_after,std::unique_ptr<crypto::RSAPrivateKey> * key,std::string * der_cert)264 bool CreateKeyAndSelfSignedCert(const std::string& subject,
265 uint32_t serial_number,
266 base::Time not_valid_before,
267 base::Time not_valid_after,
268 std::unique_ptr<crypto::RSAPrivateKey>* key,
269 std::string* der_cert) {
270 std::unique_ptr<crypto::RSAPrivateKey> new_key(
271 crypto::RSAPrivateKey::Create(kRSAKeyLength));
272 if (!new_key)
273 return false;
274
275 bool success = CreateSelfSignedCert(new_key->key(), kSignatureDigestAlgorithm,
276 subject, serial_number, not_valid_before,
277 not_valid_after, {}, der_cert);
278 if (success)
279 *key = std::move(new_key);
280
281 return success;
282 }
283
Extension(base::span<const uint8_t> in_oid,bool in_critical,base::span<const uint8_t> in_contents)284 Extension::Extension(base::span<const uint8_t> in_oid,
285 bool in_critical,
286 base::span<const uint8_t> in_contents)
287 : oid(in_oid), critical(in_critical), contents(in_contents) {}
288 Extension::~Extension() = default;
289 Extension::Extension(const Extension&) = default;
290
CreateSelfSignedCert(EVP_PKEY * key,DigestAlgorithm alg,const std::string & subject,uint32_t serial_number,base::Time not_valid_before,base::Time not_valid_after,const std::vector<Extension> & extension_specs,std::string * der_encoded)291 bool CreateSelfSignedCert(EVP_PKEY* key,
292 DigestAlgorithm alg,
293 const std::string& subject,
294 uint32_t serial_number,
295 base::Time not_valid_before,
296 base::Time not_valid_after,
297 const std::vector<Extension>& extension_specs,
298 std::string* der_encoded) {
299 crypto::EnsureOpenSSLInit();
300 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
301
302 // See RFC 5280, section 4.1. First, construct the TBSCertificate.
303 bssl::ScopedCBB cbb;
304 CBB tbs_cert, version, validity;
305 uint8_t* tbs_cert_bytes;
306 size_t tbs_cert_len;
307 if (!CBB_init(cbb.get(), 64) ||
308 !CBB_add_asn1(cbb.get(), &tbs_cert, CBS_ASN1_SEQUENCE) ||
309 !CBB_add_asn1(&tbs_cert, &version,
310 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
311 !CBB_add_asn1_uint64(&version, 2) ||
312 !CBB_add_asn1_uint64(&tbs_cert, serial_number) ||
313 !AddRSASignatureAlgorithm(&tbs_cert, alg) || // signature
314 !AddName(&tbs_cert, subject) || // issuer
315 !CBB_add_asn1(&tbs_cert, &validity, CBS_ASN1_SEQUENCE) ||
316 !CBBAddTime(&validity, not_valid_before) ||
317 !CBBAddTime(&validity, not_valid_after) ||
318 !AddName(&tbs_cert, subject) || // subject
319 !EVP_marshal_public_key(&tbs_cert, key)) { // subjectPublicKeyInfo
320 return false;
321 }
322
323 if (!extension_specs.empty()) {
324 CBB outer_extensions, extensions;
325 if (!CBB_add_asn1(&tbs_cert, &outer_extensions,
326 3 | CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED) ||
327 !CBB_add_asn1(&outer_extensions, &extensions, CBS_ASN1_SEQUENCE)) {
328 return false;
329 }
330
331 for (const auto& extension_spec : extension_specs) {
332 CBB extension, oid, value;
333 if (!CBB_add_asn1(&extensions, &extension, CBS_ASN1_SEQUENCE) ||
334 !CBB_add_asn1(&extension, &oid, CBS_ASN1_OBJECT) ||
335 !CBB_add_bytes(&oid, extension_spec.oid.data(),
336 extension_spec.oid.size()) ||
337 (extension_spec.critical && !CBB_add_asn1_bool(&extension, 1)) ||
338 !CBB_add_asn1(&extension, &value, CBS_ASN1_OCTETSTRING) ||
339 !CBB_add_bytes(&value, extension_spec.contents.data(),
340 extension_spec.contents.size()) ||
341 !CBB_flush(&extensions)) {
342 return false;
343 }
344 }
345
346 if (!CBB_flush(&tbs_cert)) {
347 return false;
348 }
349 }
350
351 if (!CBB_finish(cbb.get(), &tbs_cert_bytes, &tbs_cert_len))
352 return false;
353 bssl::UniquePtr<uint8_t> delete_tbs_cert_bytes(tbs_cert_bytes);
354
355 // Sign the TBSCertificate and write the entire certificate.
356 CBB cert, signature;
357 bssl::ScopedEVP_MD_CTX ctx;
358 uint8_t* sig_out;
359 size_t sig_len;
360 uint8_t* cert_bytes;
361 size_t cert_len;
362 if (!CBB_init(cbb.get(), tbs_cert_len) ||
363 !CBB_add_asn1(cbb.get(), &cert, CBS_ASN1_SEQUENCE) ||
364 !CBB_add_bytes(&cert, tbs_cert_bytes, tbs_cert_len) ||
365 !AddRSASignatureAlgorithm(&cert, alg) ||
366 !CBB_add_asn1(&cert, &signature, CBS_ASN1_BITSTRING) ||
367 !CBB_add_u8(&signature, 0 /* no unused bits */) ||
368 !EVP_DigestSignInit(ctx.get(), nullptr, ToEVP(alg), nullptr, key) ||
369 // Compute the maximum signature length.
370 !EVP_DigestSign(ctx.get(), nullptr, &sig_len, tbs_cert_bytes,
371 tbs_cert_len) ||
372 !CBB_reserve(&signature, &sig_out, sig_len) ||
373 // Actually sign the TBSCertificate.
374 !EVP_DigestSign(ctx.get(), sig_out, &sig_len, tbs_cert_bytes,
375 tbs_cert_len) ||
376 !CBB_did_write(&signature, sig_len) ||
377 !CBB_finish(cbb.get(), &cert_bytes, &cert_len)) {
378 return false;
379 }
380 bssl::UniquePtr<uint8_t> delete_cert_bytes(cert_bytes);
381 der_encoded->assign(reinterpret_cast<char*>(cert_bytes), cert_len);
382 return true;
383 }
384
GetBufferPool()385 CRYPTO_BUFFER_POOL* GetBufferPool() {
386 return g_buffer_pool_singleton.Get().pool();
387 }
388
CreateCryptoBuffer(base::span<const uint8_t> data)389 bssl::UniquePtr<CRYPTO_BUFFER> CreateCryptoBuffer(
390 base::span<const uint8_t> data) {
391 return bssl::UniquePtr<CRYPTO_BUFFER>(
392 CRYPTO_BUFFER_new(data.data(), data.size(), GetBufferPool()));
393 }
394
CreateCryptoBuffer(base::StringPiece data)395 bssl::UniquePtr<CRYPTO_BUFFER> CreateCryptoBuffer(base::StringPiece data) {
396 return bssl::UniquePtr<CRYPTO_BUFFER>(
397 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(data.data()),
398 data.size(), GetBufferPool()));
399 }
400
CreateCryptoBufferFromStaticDataUnsafe(base::span<const uint8_t> data)401 bssl::UniquePtr<CRYPTO_BUFFER> CreateCryptoBufferFromStaticDataUnsafe(
402 base::span<const uint8_t> data) {
403 return bssl::UniquePtr<CRYPTO_BUFFER>(
404 CRYPTO_BUFFER_new_from_static_data_unsafe(data.data(), data.size(),
405 GetBufferPool()));
406 }
407
CryptoBufferEqual(const CRYPTO_BUFFER * a,const CRYPTO_BUFFER * b)408 bool CryptoBufferEqual(const CRYPTO_BUFFER* a, const CRYPTO_BUFFER* b) {
409 DCHECK(a && b);
410 if (a == b)
411 return true;
412 return CRYPTO_BUFFER_len(a) == CRYPTO_BUFFER_len(b) &&
413 memcmp(CRYPTO_BUFFER_data(a), CRYPTO_BUFFER_data(b),
414 CRYPTO_BUFFER_len(a)) == 0;
415 }
416
CryptoBufferAsStringPiece(const CRYPTO_BUFFER * buffer)417 base::StringPiece CryptoBufferAsStringPiece(const CRYPTO_BUFFER* buffer) {
418 return base::StringPiece(
419 reinterpret_cast<const char*>(CRYPTO_BUFFER_data(buffer)),
420 CRYPTO_BUFFER_len(buffer));
421 }
422
CryptoBufferAsSpan(const CRYPTO_BUFFER * buffer)423 base::span<const uint8_t> CryptoBufferAsSpan(const CRYPTO_BUFFER* buffer) {
424 return base::make_span(CRYPTO_BUFFER_data(buffer), CRYPTO_BUFFER_len(buffer));
425 }
426
CreateX509CertificateFromBuffers(const STACK_OF (CRYPTO_BUFFER)* buffers)427 scoped_refptr<X509Certificate> CreateX509CertificateFromBuffers(
428 const STACK_OF(CRYPTO_BUFFER) * buffers) {
429 if (sk_CRYPTO_BUFFER_num(buffers) == 0) {
430 NOTREACHED();
431 return nullptr;
432 }
433
434 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediate_chain;
435 for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(buffers); ++i) {
436 intermediate_chain.push_back(
437 bssl::UpRef(sk_CRYPTO_BUFFER_value(buffers, i)));
438 }
439 return X509Certificate::CreateFromBuffer(
440 bssl::UpRef(sk_CRYPTO_BUFFER_value(buffers, 0)),
441 std::move(intermediate_chain));
442 }
443
CreateCertBuffersFromPKCS7Bytes(base::span<const uint8_t> data,std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> * handles)444 bool CreateCertBuffersFromPKCS7Bytes(
445 base::span<const uint8_t> data,
446 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>>* handles) {
447 crypto::EnsureOpenSSLInit();
448 crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);
449
450 CBS der_data;
451 CBS_init(&der_data, data.data(), data.size());
452 STACK_OF(CRYPTO_BUFFER)* certs = sk_CRYPTO_BUFFER_new_null();
453 bool success =
454 PKCS7_get_raw_certificates(certs, &der_data, x509_util::GetBufferPool());
455 if (success) {
456 for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(certs); ++i) {
457 handles->push_back(
458 bssl::UniquePtr<CRYPTO_BUFFER>(sk_CRYPTO_BUFFER_value(certs, i)));
459 }
460 }
461 // |handles| took ownership of the individual buffers, so only free the list
462 // itself.
463 sk_CRYPTO_BUFFER_free(certs);
464
465 return success;
466 }
467
DefaultParseCertificateOptions()468 bssl::ParseCertificateOptions DefaultParseCertificateOptions() {
469 bssl::ParseCertificateOptions options;
470 options.allow_invalid_serial_numbers = true;
471 return options;
472 }
473
CalculateSha256SpkiHash(const CRYPTO_BUFFER * buffer,HashValue * hash)474 bool CalculateSha256SpkiHash(const CRYPTO_BUFFER* buffer, HashValue* hash) {
475 base::StringPiece spki;
476 if (!asn1::ExtractSPKIFromDERCert(CryptoBufferAsStringPiece(buffer), &spki)) {
477 return false;
478 }
479 *hash = HashValue(HASH_VALUE_SHA256);
480 crypto::SHA256HashString(spki, hash->data(), hash->size());
481 return true;
482 }
483
SignatureVerifierInitWithCertificate(crypto::SignatureVerifier * verifier,crypto::SignatureVerifier::SignatureAlgorithm signature_algorithm,base::span<const uint8_t> signature,const CRYPTO_BUFFER * certificate)484 bool SignatureVerifierInitWithCertificate(
485 crypto::SignatureVerifier* verifier,
486 crypto::SignatureVerifier::SignatureAlgorithm signature_algorithm,
487 base::span<const uint8_t> signature,
488 const CRYPTO_BUFFER* certificate) {
489 base::StringPiece cert_der =
490 x509_util::CryptoBufferAsStringPiece(certificate);
491
492 bssl::der::Input tbs_certificate_tlv;
493 bssl::der::Input signature_algorithm_tlv;
494 bssl::der::BitString signature_value;
495 bssl::ParsedTbsCertificate tbs;
496 if (!bssl::ParseCertificate(bssl::der::Input(cert_der), &tbs_certificate_tlv,
497 &signature_algorithm_tlv, &signature_value,
498 nullptr) ||
499 !ParseTbsCertificate(tbs_certificate_tlv,
500 DefaultParseCertificateOptions(), &tbs, nullptr)) {
501 return false;
502 }
503
504 // The key usage extension, if present, must assert the digitalSignature bit.
505 if (tbs.extensions_tlv) {
506 std::map<bssl::der::Input, bssl::ParsedExtension> extensions;
507 if (!ParseExtensions(tbs.extensions_tlv.value(), &extensions)) {
508 return false;
509 }
510 bssl::ParsedExtension key_usage_ext;
511 if (ConsumeExtension(bssl::der::Input(bssl::kKeyUsageOid), &extensions,
512 &key_usage_ext)) {
513 bssl::der::BitString key_usage;
514 if (!bssl::ParseKeyUsage(key_usage_ext.value, &key_usage) ||
515 !key_usage.AssertsBit(bssl::KEY_USAGE_BIT_DIGITAL_SIGNATURE)) {
516 return false;
517 }
518 }
519 }
520
521 return verifier->VerifyInit(
522 signature_algorithm, signature,
523 base::make_span(tbs.spki_tlv.UnsafeData(), tbs.spki_tlv.Length()));
524 }
525
HasRsaPkcs1Sha1Signature(const CRYPTO_BUFFER * cert_buffer)526 bool HasRsaPkcs1Sha1Signature(const CRYPTO_BUFFER* cert_buffer) {
527 bssl::der::Input tbs_certificate_tlv;
528 bssl::der::Input signature_algorithm_tlv;
529 bssl::der::BitString signature_value;
530 if (!bssl::ParseCertificate(bssl::der::Input(CRYPTO_BUFFER_data(cert_buffer),
531 CRYPTO_BUFFER_len(cert_buffer)),
532 &tbs_certificate_tlv, &signature_algorithm_tlv,
533 &signature_value, /*out_errors=*/nullptr)) {
534 return false;
535 }
536
537 std::optional<bssl::SignatureAlgorithm> signature_algorithm =
538 bssl::ParseSignatureAlgorithm(signature_algorithm_tlv);
539
540 return signature_algorithm &&
541 *signature_algorithm == bssl::SignatureAlgorithm::kRsaPkcs1Sha1;
542 }
543
544 } // namespace net::x509_util
545