• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/cert/x509_util_openssl.h"
6 
7 #include <algorithm>
8 #include <openssl/asn1.h>
9 
10 #include "base/lazy_instance.h"
11 #include "base/logging.h"
12 #include "base/strings/string_piece.h"
13 #include "crypto/ec_private_key.h"
14 #include "crypto/openssl_util.h"
15 #include "crypto/rsa_private_key.h"
16 #include "net/cert/x509_cert_types.h"
17 #include "net/cert/x509_util.h"
18 
19 namespace net {
20 
21 namespace {
22 
ToEVP(x509_util::DigestAlgorithm alg)23 const EVP_MD* ToEVP(x509_util::DigestAlgorithm alg) {
24   switch (alg) {
25     case x509_util::DIGEST_SHA1:
26       return EVP_sha1();
27     case x509_util::DIGEST_SHA256:
28       return EVP_sha256();
29   }
30   return NULL;
31 }
32 
33 }  // namespace
34 
35 namespace x509_util {
36 
37 namespace {
38 
CreateCertificate(EVP_PKEY * key,DigestAlgorithm alg,const std::string & common_name,uint32_t serial_number,base::Time not_valid_before,base::Time not_valid_after)39 X509* CreateCertificate(EVP_PKEY* key,
40                         DigestAlgorithm alg,
41                         const std::string& common_name,
42                         uint32_t serial_number,
43                         base::Time not_valid_before,
44                         base::Time not_valid_after) {
45   // Put the serial number into an OpenSSL-friendly object.
46   crypto::ScopedOpenSSL<ASN1_INTEGER, ASN1_INTEGER_free> asn1_serial(
47       ASN1_INTEGER_new());
48   if (!asn1_serial.get() ||
49       !ASN1_INTEGER_set(asn1_serial.get(), static_cast<long>(serial_number))) {
50     LOG(ERROR) << "Invalid serial number " << serial_number;
51     return NULL;
52   }
53 
54   // Do the same for the time stamps.
55   crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free> asn1_not_before_time(
56       ASN1_TIME_set(NULL, not_valid_before.ToTimeT()));
57   if (!asn1_not_before_time.get()) {
58     LOG(ERROR) << "Invalid not_valid_before time: "
59                << not_valid_before.ToTimeT();
60     return NULL;
61   }
62 
63   crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free> asn1_not_after_time(
64       ASN1_TIME_set(NULL, not_valid_after.ToTimeT()));
65   if (!asn1_not_after_time.get()) {
66     LOG(ERROR) << "Invalid not_valid_after time: " << not_valid_after.ToTimeT();
67     return NULL;
68   }
69 
70   // Because |common_name| only contains a common name and starts with 'CN=',
71   // there is no need for a full RFC 2253 parser here. Do some sanity checks
72   // though.
73   static const char kCommonNamePrefix[] = "CN=";
74   const size_t kCommonNamePrefixLen = sizeof(kCommonNamePrefix) - 1;
75   if (common_name.size() < kCommonNamePrefixLen ||
76       strncmp(common_name.c_str(), kCommonNamePrefix, kCommonNamePrefixLen)) {
77     LOG(ERROR) << "Common name must begin with " << kCommonNamePrefix;
78     return NULL;
79   }
80   if (common_name.size() > INT_MAX) {
81     LOG(ERROR) << "Common name too long";
82     return NULL;
83   }
84   unsigned char* common_name_str =
85       reinterpret_cast<unsigned char*>(const_cast<char*>(common_name.data())) +
86       kCommonNamePrefixLen;
87   int common_name_len =
88       static_cast<int>(common_name.size() - kCommonNamePrefixLen);
89 
90   crypto::ScopedOpenSSL<X509_NAME, X509_NAME_free> name(X509_NAME_new());
91   if (!name.get() || !X509_NAME_add_entry_by_NID(name.get(),
92                                                  NID_commonName,
93                                                  MBSTRING_ASC,
94                                                  common_name_str,
95                                                  common_name_len,
96                                                  -1,
97                                                  0)) {
98     LOG(ERROR) << "Can't parse common name: " << common_name.c_str();
99     return NULL;
100   }
101 
102   // Now create certificate and populate it.
103   crypto::ScopedOpenSSL<X509, X509_free> cert(X509_new());
104   if (!cert.get() || !X509_set_version(cert.get(), 2L) /* i.e. version 3 */ ||
105       !X509_set_pubkey(cert.get(), key) ||
106       !X509_set_serialNumber(cert.get(), asn1_serial.get()) ||
107       !X509_set_notBefore(cert.get(), asn1_not_before_time.get()) ||
108       !X509_set_notAfter(cert.get(), asn1_not_after_time.get()) ||
109       !X509_set_subject_name(cert.get(), name.get()) ||
110       !X509_set_issuer_name(cert.get(), name.get())) {
111     LOG(ERROR) << "Could not create certificate";
112     return NULL;
113   }
114 
115   return cert.release();
116 }
117 
SignAndDerEncodeCert(X509 * cert,EVP_PKEY * key,DigestAlgorithm alg,std::string * der_encoded)118 bool SignAndDerEncodeCert(X509* cert,
119                           EVP_PKEY* key,
120                           DigestAlgorithm alg,
121                           std::string* der_encoded) {
122   // Get the message digest algorithm
123   const EVP_MD* md = ToEVP(alg);
124   if (!md) {
125     LOG(ERROR) << "Unrecognized hash algorithm.";
126     return false;
127   }
128 
129   // Sign it with the private key.
130   if (!X509_sign(cert, key, md)) {
131     LOG(ERROR) << "Could not sign certificate with key.";
132     return false;
133   }
134 
135   // Convert it into a DER-encoded string copied to |der_encoded|.
136   int der_data_length = i2d_X509(cert, NULL);
137   if (der_data_length < 0)
138     return false;
139 
140   der_encoded->resize(der_data_length);
141   unsigned char* der_data =
142       reinterpret_cast<unsigned char*>(&(*der_encoded)[0]);
143   if (i2d_X509(cert, &der_data) < 0)
144     return false;
145 
146   return true;
147 }
148 
149 // There is no OpenSSL NID for the 'originBoundCertificate' extension OID yet,
150 // so create a global ASN1_OBJECT lazily with the right parameters.
151 class DomainBoundOid {
152  public:
DomainBoundOid()153   DomainBoundOid() : obj_(OBJ_txt2obj(kDomainBoundOidText, 1)) { CHECK(obj_); }
154 
~DomainBoundOid()155   ~DomainBoundOid() {
156     if (obj_)
157       ASN1_OBJECT_free(obj_);
158   }
159 
obj() const160   ASN1_OBJECT* obj() const { return obj_; }
161 
162  private:
163   static const char kDomainBoundOidText[];
164 
165   ASN1_OBJECT* obj_;
166 };
167 
168 // 1.3.6.1.4.1.11129.2.1.6
169 // (iso.org.dod.internet.private.enterprises.google.googleSecurity.
170 //  certificateExtensions.originBoundCertificate)
171 const char DomainBoundOid::kDomainBoundOidText[] = "1.3.6.1.4.1.11129.2.1.6";
172 
GetDomainBoundOid()173 ASN1_OBJECT* GetDomainBoundOid() {
174   static base::LazyInstance<DomainBoundOid>::Leaky s_lazy =
175       LAZY_INSTANCE_INITIALIZER;
176   return s_lazy.Get().obj();
177 }
178 
179 }  // namespace
180 
IsSupportedValidityRange(base::Time not_valid_before,base::Time not_valid_after)181 bool IsSupportedValidityRange(base::Time not_valid_before,
182                               base::Time not_valid_after) {
183   if (not_valid_before > not_valid_after)
184     return false;
185 
186   // The validity field of a certificate can only encode years 1-9999.
187 
188   // Compute the base::Time values corresponding to Jan 1st,0001 and
189   // Jan 1st, 10000 respectively. Done by using the pre-computed numbers
190   // of days between these dates and the Unix epoch, i.e. Jan 1st, 1970,
191   // using the following Python script:
192   //
193   //     from datetime import date as D
194   //     print (D(1970,1,1)-D(1,1,1))        # -> 719162 days
195   //     print (D(9999,12,31)-D(1970,1,1))   # -> 2932896 days
196   //
197   // Note: This ignores leap seconds, but should be enough in practice.
198   //
199   const int64 kDaysFromYear0001ToUnixEpoch = 719162;
200   const int64 kDaysFromUnixEpochToYear10000 = 2932896 + 1;
201   const base::Time kEpoch = base::Time::UnixEpoch();
202   const base::Time kYear0001 = kEpoch -
203       base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch);
204   const base::Time kYear10000 = kEpoch +
205       base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000);
206 
207   if (not_valid_before < kYear0001 || not_valid_before >= kYear10000 ||
208       not_valid_after < kYear0001 || not_valid_after >= kYear10000)
209     return false;
210 
211   return true;
212 }
213 
CreateDomainBoundCertEC(crypto::ECPrivateKey * key,DigestAlgorithm alg,const std::string & domain,uint32 serial_number,base::Time not_valid_before,base::Time not_valid_after,std::string * der_cert)214 bool CreateDomainBoundCertEC(
215     crypto::ECPrivateKey* key,
216     DigestAlgorithm alg,
217     const std::string& domain,
218     uint32 serial_number,
219     base::Time not_valid_before,
220     base::Time not_valid_after,
221     std::string* der_cert) {
222   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
223   // Create certificate.
224   crypto::ScopedOpenSSL<X509, X509_free> cert(
225       CreateCertificate(key->key(),
226                         alg,
227                         "CN=anonymous.invalid",
228                         serial_number,
229                         not_valid_before,
230                         not_valid_after));
231   if (!cert.get())
232     return false;
233 
234   // Add TLS-Channel-ID extension to the certificate before signing it.
235   // The value must be stored DER-encoded, as a ASN.1 IA5String.
236   crypto::ScopedOpenSSL<ASN1_STRING, ASN1_STRING_free> domain_ia5(
237       ASN1_IA5STRING_new());
238   if (!domain_ia5.get() ||
239       !ASN1_STRING_set(domain_ia5.get(), domain.data(), domain.size()))
240     return false;
241 
242   std::string domain_der;
243   int domain_der_len = i2d_ASN1_IA5STRING(domain_ia5.get(), NULL);
244   if (domain_der_len < 0)
245     return false;
246 
247   domain_der.resize(domain_der_len);
248   unsigned char* domain_der_data =
249       reinterpret_cast<unsigned char*>(&domain_der[0]);
250   if (i2d_ASN1_IA5STRING(domain_ia5.get(), &domain_der_data) < 0)
251     return false;
252 
253   crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free> domain_str(
254       ASN1_OCTET_STRING_new());
255   if (!domain_str.get() ||
256       !ASN1_STRING_set(domain_str.get(), domain_der.data(), domain_der.size()))
257     return false;
258 
259   crypto::ScopedOpenSSL<X509_EXTENSION, X509_EXTENSION_free> ext(
260       X509_EXTENSION_create_by_OBJ(
261           NULL, GetDomainBoundOid(), 1 /* critical */, domain_str.get()));
262   if (!ext.get() || !X509_add_ext(cert.get(), ext.get(), -1)) {
263     return false;
264   }
265 
266   // Sign and encode it.
267   return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_cert);
268 }
269 
CreateSelfSignedCert(crypto::RSAPrivateKey * key,DigestAlgorithm alg,const std::string & common_name,uint32 serial_number,base::Time not_valid_before,base::Time not_valid_after,std::string * der_encoded)270 bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,
271                           DigestAlgorithm alg,
272                           const std::string& common_name,
273                           uint32 serial_number,
274                           base::Time not_valid_before,
275                           base::Time not_valid_after,
276                           std::string* der_encoded) {
277   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
278   crypto::ScopedOpenSSL<X509, X509_free> cert(
279       CreateCertificate(key->key(),
280                         alg,
281                         common_name,
282                         serial_number,
283                         not_valid_before,
284                         not_valid_after));
285   if (!cert.get())
286     return false;
287 
288   return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_encoded);
289 }
290 
ParsePrincipalKeyAndValueByIndex(X509_NAME * name,int index,std::string * key,std::string * value)291 bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name,
292                                       int index,
293                                       std::string* key,
294                                       std::string* value) {
295   X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, index);
296   if (!entry)
297     return false;
298 
299   if (key) {
300     ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry);
301     key->assign(OBJ_nid2sn(OBJ_obj2nid(object)));
302   }
303 
304   ASN1_STRING* data = X509_NAME_ENTRY_get_data(entry);
305   if (!data)
306     return false;
307 
308   unsigned char* buf = NULL;
309   int len = ASN1_STRING_to_UTF8(&buf, data);
310   if (len <= 0)
311     return false;
312 
313   value->assign(reinterpret_cast<const char*>(buf), len);
314   OPENSSL_free(buf);
315   return true;
316 }
317 
ParsePrincipalValueByIndex(X509_NAME * name,int index,std::string * value)318 bool ParsePrincipalValueByIndex(X509_NAME* name,
319                                 int index,
320                                 std::string* value) {
321   return ParsePrincipalKeyAndValueByIndex(name, index, NULL, value);
322 }
323 
ParsePrincipalValueByNID(X509_NAME * name,int nid,std::string * value)324 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) {
325   int index = X509_NAME_get_index_by_NID(name, nid, -1);
326   if (index < 0)
327     return false;
328 
329   return ParsePrincipalValueByIndex(name, index, value);
330 }
331 
ParseDate(ASN1_TIME * x509_time,base::Time * time)332 bool ParseDate(ASN1_TIME* x509_time, base::Time* time) {
333   if (!x509_time ||
334       (x509_time->type != V_ASN1_UTCTIME &&
335        x509_time->type != V_ASN1_GENERALIZEDTIME))
336     return false;
337 
338   base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data),
339                              x509_time->length);
340 
341   CertDateFormat format = x509_time->type == V_ASN1_UTCTIME ?
342       CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME;
343   return ParseCertificateDate(str_date, format, time);
344 }
345 
346 }  // namespace x509_util
347 
348 }  // namespace net
349