1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/x509_util_openssl.h"
6
7 #include <algorithm>
8 #include <openssl/asn1.h>
9
10 #include "base/lazy_instance.h"
11 #include "base/logging.h"
12 #include "base/strings/string_piece.h"
13 #include "crypto/ec_private_key.h"
14 #include "crypto/openssl_util.h"
15 #include "crypto/rsa_private_key.h"
16 #include "net/cert/x509_cert_types.h"
17 #include "net/cert/x509_util.h"
18
19 namespace net {
20
21 namespace {
22
ToEVP(x509_util::DigestAlgorithm alg)23 const EVP_MD* ToEVP(x509_util::DigestAlgorithm alg) {
24 switch (alg) {
25 case x509_util::DIGEST_SHA1:
26 return EVP_sha1();
27 case x509_util::DIGEST_SHA256:
28 return EVP_sha256();
29 }
30 return NULL;
31 }
32
33 } // namespace
34
35 namespace x509_util {
36
37 namespace {
38
CreateCertificate(EVP_PKEY * key,DigestAlgorithm alg,const std::string & common_name,uint32_t serial_number,base::Time not_valid_before,base::Time not_valid_after)39 X509* CreateCertificate(EVP_PKEY* key,
40 DigestAlgorithm alg,
41 const std::string& common_name,
42 uint32_t serial_number,
43 base::Time not_valid_before,
44 base::Time not_valid_after) {
45 // Put the serial number into an OpenSSL-friendly object.
46 crypto::ScopedOpenSSL<ASN1_INTEGER, ASN1_INTEGER_free> asn1_serial(
47 ASN1_INTEGER_new());
48 if (!asn1_serial.get() ||
49 !ASN1_INTEGER_set(asn1_serial.get(), static_cast<long>(serial_number))) {
50 LOG(ERROR) << "Invalid serial number " << serial_number;
51 return NULL;
52 }
53
54 // Do the same for the time stamps.
55 crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free> asn1_not_before_time(
56 ASN1_TIME_set(NULL, not_valid_before.ToTimeT()));
57 if (!asn1_not_before_time.get()) {
58 LOG(ERROR) << "Invalid not_valid_before time: "
59 << not_valid_before.ToTimeT();
60 return NULL;
61 }
62
63 crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free> asn1_not_after_time(
64 ASN1_TIME_set(NULL, not_valid_after.ToTimeT()));
65 if (!asn1_not_after_time.get()) {
66 LOG(ERROR) << "Invalid not_valid_after time: " << not_valid_after.ToTimeT();
67 return NULL;
68 }
69
70 // Because |common_name| only contains a common name and starts with 'CN=',
71 // there is no need for a full RFC 2253 parser here. Do some sanity checks
72 // though.
73 static const char kCommonNamePrefix[] = "CN=";
74 const size_t kCommonNamePrefixLen = sizeof(kCommonNamePrefix) - 1;
75 if (common_name.size() < kCommonNamePrefixLen ||
76 strncmp(common_name.c_str(), kCommonNamePrefix, kCommonNamePrefixLen)) {
77 LOG(ERROR) << "Common name must begin with " << kCommonNamePrefix;
78 return NULL;
79 }
80 if (common_name.size() > INT_MAX) {
81 LOG(ERROR) << "Common name too long";
82 return NULL;
83 }
84 unsigned char* common_name_str =
85 reinterpret_cast<unsigned char*>(const_cast<char*>(common_name.data())) +
86 kCommonNamePrefixLen;
87 int common_name_len =
88 static_cast<int>(common_name.size() - kCommonNamePrefixLen);
89
90 crypto::ScopedOpenSSL<X509_NAME, X509_NAME_free> name(X509_NAME_new());
91 if (!name.get() || !X509_NAME_add_entry_by_NID(name.get(),
92 NID_commonName,
93 MBSTRING_ASC,
94 common_name_str,
95 common_name_len,
96 -1,
97 0)) {
98 LOG(ERROR) << "Can't parse common name: " << common_name.c_str();
99 return NULL;
100 }
101
102 // Now create certificate and populate it.
103 crypto::ScopedOpenSSL<X509, X509_free> cert(X509_new());
104 if (!cert.get() || !X509_set_version(cert.get(), 2L) /* i.e. version 3 */ ||
105 !X509_set_pubkey(cert.get(), key) ||
106 !X509_set_serialNumber(cert.get(), asn1_serial.get()) ||
107 !X509_set_notBefore(cert.get(), asn1_not_before_time.get()) ||
108 !X509_set_notAfter(cert.get(), asn1_not_after_time.get()) ||
109 !X509_set_subject_name(cert.get(), name.get()) ||
110 !X509_set_issuer_name(cert.get(), name.get())) {
111 LOG(ERROR) << "Could not create certificate";
112 return NULL;
113 }
114
115 return cert.release();
116 }
117
SignAndDerEncodeCert(X509 * cert,EVP_PKEY * key,DigestAlgorithm alg,std::string * der_encoded)118 bool SignAndDerEncodeCert(X509* cert,
119 EVP_PKEY* key,
120 DigestAlgorithm alg,
121 std::string* der_encoded) {
122 // Get the message digest algorithm
123 const EVP_MD* md = ToEVP(alg);
124 if (!md) {
125 LOG(ERROR) << "Unrecognized hash algorithm.";
126 return false;
127 }
128
129 // Sign it with the private key.
130 if (!X509_sign(cert, key, md)) {
131 LOG(ERROR) << "Could not sign certificate with key.";
132 return false;
133 }
134
135 // Convert it into a DER-encoded string copied to |der_encoded|.
136 int der_data_length = i2d_X509(cert, NULL);
137 if (der_data_length < 0)
138 return false;
139
140 der_encoded->resize(der_data_length);
141 unsigned char* der_data =
142 reinterpret_cast<unsigned char*>(&(*der_encoded)[0]);
143 if (i2d_X509(cert, &der_data) < 0)
144 return false;
145
146 return true;
147 }
148
149 // There is no OpenSSL NID for the 'originBoundCertificate' extension OID yet,
150 // so create a global ASN1_OBJECT lazily with the right parameters.
151 class DomainBoundOid {
152 public:
DomainBoundOid()153 DomainBoundOid() : obj_(OBJ_txt2obj(kDomainBoundOidText, 1)) { CHECK(obj_); }
154
~DomainBoundOid()155 ~DomainBoundOid() {
156 if (obj_)
157 ASN1_OBJECT_free(obj_);
158 }
159
obj() const160 ASN1_OBJECT* obj() const { return obj_; }
161
162 private:
163 static const char kDomainBoundOidText[];
164
165 ASN1_OBJECT* obj_;
166 };
167
168 // 1.3.6.1.4.1.11129.2.1.6
169 // (iso.org.dod.internet.private.enterprises.google.googleSecurity.
170 // certificateExtensions.originBoundCertificate)
171 const char DomainBoundOid::kDomainBoundOidText[] = "1.3.6.1.4.1.11129.2.1.6";
172
GetDomainBoundOid()173 ASN1_OBJECT* GetDomainBoundOid() {
174 static base::LazyInstance<DomainBoundOid>::Leaky s_lazy =
175 LAZY_INSTANCE_INITIALIZER;
176 return s_lazy.Get().obj();
177 }
178
179 } // namespace
180
IsSupportedValidityRange(base::Time not_valid_before,base::Time not_valid_after)181 bool IsSupportedValidityRange(base::Time not_valid_before,
182 base::Time not_valid_after) {
183 if (not_valid_before > not_valid_after)
184 return false;
185
186 // The validity field of a certificate can only encode years 1-9999.
187
188 // Compute the base::Time values corresponding to Jan 1st,0001 and
189 // Jan 1st, 10000 respectively. Done by using the pre-computed numbers
190 // of days between these dates and the Unix epoch, i.e. Jan 1st, 1970,
191 // using the following Python script:
192 //
193 // from datetime import date as D
194 // print (D(1970,1,1)-D(1,1,1)) # -> 719162 days
195 // print (D(9999,12,31)-D(1970,1,1)) # -> 2932896 days
196 //
197 // Note: This ignores leap seconds, but should be enough in practice.
198 //
199 const int64 kDaysFromYear0001ToUnixEpoch = 719162;
200 const int64 kDaysFromUnixEpochToYear10000 = 2932896 + 1;
201 const base::Time kEpoch = base::Time::UnixEpoch();
202 const base::Time kYear0001 = kEpoch -
203 base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch);
204 const base::Time kYear10000 = kEpoch +
205 base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000);
206
207 if (not_valid_before < kYear0001 || not_valid_before >= kYear10000 ||
208 not_valid_after < kYear0001 || not_valid_after >= kYear10000)
209 return false;
210
211 return true;
212 }
213
CreateDomainBoundCertEC(crypto::ECPrivateKey * key,DigestAlgorithm alg,const std::string & domain,uint32 serial_number,base::Time not_valid_before,base::Time not_valid_after,std::string * der_cert)214 bool CreateDomainBoundCertEC(
215 crypto::ECPrivateKey* key,
216 DigestAlgorithm alg,
217 const std::string& domain,
218 uint32 serial_number,
219 base::Time not_valid_before,
220 base::Time not_valid_after,
221 std::string* der_cert) {
222 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
223 // Create certificate.
224 crypto::ScopedOpenSSL<X509, X509_free> cert(
225 CreateCertificate(key->key(),
226 alg,
227 "CN=anonymous.invalid",
228 serial_number,
229 not_valid_before,
230 not_valid_after));
231 if (!cert.get())
232 return false;
233
234 // Add TLS-Channel-ID extension to the certificate before signing it.
235 // The value must be stored DER-encoded, as a ASN.1 IA5String.
236 crypto::ScopedOpenSSL<ASN1_STRING, ASN1_STRING_free> domain_ia5(
237 ASN1_IA5STRING_new());
238 if (!domain_ia5.get() ||
239 !ASN1_STRING_set(domain_ia5.get(), domain.data(), domain.size()))
240 return false;
241
242 std::string domain_der;
243 int domain_der_len = i2d_ASN1_IA5STRING(domain_ia5.get(), NULL);
244 if (domain_der_len < 0)
245 return false;
246
247 domain_der.resize(domain_der_len);
248 unsigned char* domain_der_data =
249 reinterpret_cast<unsigned char*>(&domain_der[0]);
250 if (i2d_ASN1_IA5STRING(domain_ia5.get(), &domain_der_data) < 0)
251 return false;
252
253 crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free> domain_str(
254 ASN1_OCTET_STRING_new());
255 if (!domain_str.get() ||
256 !ASN1_STRING_set(domain_str.get(), domain_der.data(), domain_der.size()))
257 return false;
258
259 crypto::ScopedOpenSSL<X509_EXTENSION, X509_EXTENSION_free> ext(
260 X509_EXTENSION_create_by_OBJ(
261 NULL, GetDomainBoundOid(), 1 /* critical */, domain_str.get()));
262 if (!ext.get() || !X509_add_ext(cert.get(), ext.get(), -1)) {
263 return false;
264 }
265
266 // Sign and encode it.
267 return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_cert);
268 }
269
CreateSelfSignedCert(crypto::RSAPrivateKey * key,DigestAlgorithm alg,const std::string & common_name,uint32 serial_number,base::Time not_valid_before,base::Time not_valid_after,std::string * der_encoded)270 bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,
271 DigestAlgorithm alg,
272 const std::string& common_name,
273 uint32 serial_number,
274 base::Time not_valid_before,
275 base::Time not_valid_after,
276 std::string* der_encoded) {
277 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
278 crypto::ScopedOpenSSL<X509, X509_free> cert(
279 CreateCertificate(key->key(),
280 alg,
281 common_name,
282 serial_number,
283 not_valid_before,
284 not_valid_after));
285 if (!cert.get())
286 return false;
287
288 return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_encoded);
289 }
290
ParsePrincipalKeyAndValueByIndex(X509_NAME * name,int index,std::string * key,std::string * value)291 bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name,
292 int index,
293 std::string* key,
294 std::string* value) {
295 X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, index);
296 if (!entry)
297 return false;
298
299 if (key) {
300 ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry);
301 key->assign(OBJ_nid2sn(OBJ_obj2nid(object)));
302 }
303
304 ASN1_STRING* data = X509_NAME_ENTRY_get_data(entry);
305 if (!data)
306 return false;
307
308 unsigned char* buf = NULL;
309 int len = ASN1_STRING_to_UTF8(&buf, data);
310 if (len <= 0)
311 return false;
312
313 value->assign(reinterpret_cast<const char*>(buf), len);
314 OPENSSL_free(buf);
315 return true;
316 }
317
ParsePrincipalValueByIndex(X509_NAME * name,int index,std::string * value)318 bool ParsePrincipalValueByIndex(X509_NAME* name,
319 int index,
320 std::string* value) {
321 return ParsePrincipalKeyAndValueByIndex(name, index, NULL, value);
322 }
323
ParsePrincipalValueByNID(X509_NAME * name,int nid,std::string * value)324 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) {
325 int index = X509_NAME_get_index_by_NID(name, nid, -1);
326 if (index < 0)
327 return false;
328
329 return ParsePrincipalValueByIndex(name, index, value);
330 }
331
ParseDate(ASN1_TIME * x509_time,base::Time * time)332 bool ParseDate(ASN1_TIME* x509_time, base::Time* time) {
333 if (!x509_time ||
334 (x509_time->type != V_ASN1_UTCTIME &&
335 x509_time->type != V_ASN1_GENERALIZEDTIME))
336 return false;
337
338 base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data),
339 x509_time->length);
340
341 CertDateFormat format = x509_time->type == V_ASN1_UTCTIME ?
342 CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME;
343 return ParseCertificateDate(str_date, format, time);
344 }
345
346 } // namespace x509_util
347
348 } // namespace net
349