1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #if HAVE_OPENSSL_SSL_H
12
13 #include "webrtc/base/opensslidentity.h"
14
15 // Must be included first before openssl headers.
16 #include "webrtc/base/win32.h" // NOLINT
17
18 #include <openssl/bio.h>
19 #include <openssl/err.h>
20 #include <openssl/pem.h>
21 #include <openssl/bn.h>
22 #include <openssl/rsa.h>
23 #include <openssl/crypto.h>
24
25 #include "webrtc/base/checks.h"
26 #include "webrtc/base/helpers.h"
27 #include "webrtc/base/logging.h"
28 #include "webrtc/base/openssl.h"
29 #include "webrtc/base/openssldigest.h"
30
31 namespace rtc {
32
33 // We could have exposed a myriad of parameters for the crypto stuff,
34 // but keeping it simple seems best.
35
36 // Random bits for certificate serial number
37 static const int SERIAL_RAND_BITS = 64;
38
39 // Certificate validity lifetime
40 static const int CERTIFICATE_LIFETIME = 60*60*24*30; // 30 days, arbitrarily
41 // Certificate validity window.
42 // This is to compensate for slightly incorrect system clocks.
43 static const int CERTIFICATE_WINDOW = -60*60*24;
44
45 // Generate a key pair. Caller is responsible for freeing the returned object.
MakeKey(const KeyParams & key_params)46 static EVP_PKEY* MakeKey(const KeyParams& key_params) {
47 LOG(LS_INFO) << "Making key pair";
48 EVP_PKEY* pkey = EVP_PKEY_new();
49 if (key_params.type() == KT_RSA) {
50 int key_length = key_params.rsa_params().mod_size;
51 BIGNUM* exponent = BN_new();
52 RSA* rsa = RSA_new();
53 if (!pkey || !exponent || !rsa ||
54 !BN_set_word(exponent, key_params.rsa_params().pub_exp) ||
55 !RSA_generate_key_ex(rsa, key_length, exponent, NULL) ||
56 !EVP_PKEY_assign_RSA(pkey, rsa)) {
57 EVP_PKEY_free(pkey);
58 BN_free(exponent);
59 RSA_free(rsa);
60 LOG(LS_ERROR) << "Failed to make RSA key pair";
61 return NULL;
62 }
63 // ownership of rsa struct was assigned, don't free it.
64 BN_free(exponent);
65 } else if (key_params.type() == KT_ECDSA) {
66 if (key_params.ec_curve() == EC_NIST_P256) {
67 EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
68 if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
69 !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
70 EVP_PKEY_free(pkey);
71 EC_KEY_free(ec_key);
72 LOG(LS_ERROR) << "Failed to make EC key pair";
73 return NULL;
74 }
75 // ownership of ec_key struct was assigned, don't free it.
76 } else {
77 // Add generation of any other curves here.
78 EVP_PKEY_free(pkey);
79 LOG(LS_ERROR) << "ECDSA key requested for unknown curve";
80 return NULL;
81 }
82 } else {
83 EVP_PKEY_free(pkey);
84 LOG(LS_ERROR) << "Key type requested not understood";
85 return NULL;
86 }
87
88 LOG(LS_INFO) << "Returning key pair";
89 return pkey;
90 }
91
92 // Generate a self-signed certificate, with the public key from the
93 // given key pair. Caller is responsible for freeing the returned object.
MakeCertificate(EVP_PKEY * pkey,const SSLIdentityParams & params)94 static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) {
95 LOG(LS_INFO) << "Making certificate for " << params.common_name;
96 X509* x509 = NULL;
97 BIGNUM* serial_number = NULL;
98 X509_NAME* name = NULL;
99 time_t epoch_off = 0; // Time offset since epoch.
100
101 if ((x509=X509_new()) == NULL)
102 goto error;
103
104 if (!X509_set_pubkey(x509, pkey))
105 goto error;
106
107 // serial number
108 // temporary reference to serial number inside x509 struct
109 ASN1_INTEGER* asn1_serial_number;
110 if ((serial_number = BN_new()) == NULL ||
111 !BN_pseudo_rand(serial_number, SERIAL_RAND_BITS, 0, 0) ||
112 (asn1_serial_number = X509_get_serialNumber(x509)) == NULL ||
113 !BN_to_ASN1_INTEGER(serial_number, asn1_serial_number))
114 goto error;
115
116 if (!X509_set_version(x509, 0L)) // version 1
117 goto error;
118
119 // There are a lot of possible components for the name entries. In
120 // our P2P SSL mode however, the certificates are pre-exchanged
121 // (through the secure XMPP channel), and so the certificate
122 // identification is arbitrary. It can't be empty, so we set some
123 // arbitrary common_name. Note that this certificate goes out in
124 // clear during SSL negotiation, so there may be a privacy issue in
125 // putting anything recognizable here.
126 if ((name = X509_NAME_new()) == NULL ||
127 !X509_NAME_add_entry_by_NID(
128 name, NID_commonName, MBSTRING_UTF8,
129 (unsigned char*)params.common_name.c_str(), -1, -1, 0) ||
130 !X509_set_subject_name(x509, name) ||
131 !X509_set_issuer_name(x509, name))
132 goto error;
133
134 if (!X509_time_adj(X509_get_notBefore(x509), params.not_before, &epoch_off) ||
135 !X509_time_adj(X509_get_notAfter(x509), params.not_after, &epoch_off))
136 goto error;
137
138 if (!X509_sign(x509, pkey, EVP_sha256()))
139 goto error;
140
141 BN_free(serial_number);
142 X509_NAME_free(name);
143 LOG(LS_INFO) << "Returning certificate";
144 return x509;
145
146 error:
147 BN_free(serial_number);
148 X509_NAME_free(name);
149 X509_free(x509);
150 return NULL;
151 }
152
153 // This dumps the SSL error stack to the log.
LogSSLErrors(const std::string & prefix)154 static void LogSSLErrors(const std::string& prefix) {
155 char error_buf[200];
156 unsigned long err;
157
158 while ((err = ERR_get_error()) != 0) {
159 ERR_error_string_n(err, error_buf, sizeof(error_buf));
160 LOG(LS_ERROR) << prefix << ": " << error_buf << "\n";
161 }
162 }
163
Generate(const KeyParams & key_params)164 OpenSSLKeyPair* OpenSSLKeyPair::Generate(const KeyParams& key_params) {
165 EVP_PKEY* pkey = MakeKey(key_params);
166 if (!pkey) {
167 LogSSLErrors("Generating key pair");
168 return NULL;
169 }
170 return new OpenSSLKeyPair(pkey);
171 }
172
~OpenSSLKeyPair()173 OpenSSLKeyPair::~OpenSSLKeyPair() {
174 EVP_PKEY_free(pkey_);
175 }
176
GetReference()177 OpenSSLKeyPair* OpenSSLKeyPair::GetReference() {
178 AddReference();
179 return new OpenSSLKeyPair(pkey_);
180 }
181
AddReference()182 void OpenSSLKeyPair::AddReference() {
183 #if defined(OPENSSL_IS_BORINGSSL)
184 EVP_PKEY_up_ref(pkey_);
185 #else
186 CRYPTO_add(&pkey_->references, 1, CRYPTO_LOCK_EVP_PKEY);
187 #endif
188 }
189
190 #if !defined(NDEBUG)
191 // Print a certificate to the log, for debugging.
PrintCert(X509 * x509)192 static void PrintCert(X509* x509) {
193 BIO* temp_memory_bio = BIO_new(BIO_s_mem());
194 if (!temp_memory_bio) {
195 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio";
196 return;
197 }
198 X509_print_ex(temp_memory_bio, x509, XN_FLAG_SEP_CPLUS_SPC, 0);
199 BIO_write(temp_memory_bio, "\0", 1);
200 char* buffer;
201 BIO_get_mem_data(temp_memory_bio, &buffer);
202 LOG(LS_VERBOSE) << buffer;
203 BIO_free(temp_memory_bio);
204 }
205 #endif
206
Generate(OpenSSLKeyPair * key_pair,const SSLIdentityParams & params)207 OpenSSLCertificate* OpenSSLCertificate::Generate(
208 OpenSSLKeyPair* key_pair, const SSLIdentityParams& params) {
209 SSLIdentityParams actual_params(params);
210 if (actual_params.common_name.empty()) {
211 // Use a random string, arbitrarily 8chars long.
212 actual_params.common_name = CreateRandomString(8);
213 }
214 X509* x509 = MakeCertificate(key_pair->pkey(), actual_params);
215 if (!x509) {
216 LogSSLErrors("Generating certificate");
217 return NULL;
218 }
219 #if !defined(NDEBUG)
220 PrintCert(x509);
221 #endif
222 OpenSSLCertificate* ret = new OpenSSLCertificate(x509);
223 X509_free(x509);
224 return ret;
225 }
226
FromPEMString(const std::string & pem_string)227 OpenSSLCertificate* OpenSSLCertificate::FromPEMString(
228 const std::string& pem_string) {
229 BIO* bio = BIO_new_mem_buf(const_cast<char*>(pem_string.c_str()), -1);
230 if (!bio)
231 return NULL;
232 BIO_set_mem_eof_return(bio, 0);
233 X509* x509 = PEM_read_bio_X509(bio, NULL, NULL, const_cast<char*>("\0"));
234 BIO_free(bio); // Frees the BIO, but not the pointed-to string.
235
236 if (!x509)
237 return NULL;
238
239 OpenSSLCertificate* ret = new OpenSSLCertificate(x509);
240 X509_free(x509);
241 return ret;
242 }
243
244 // NOTE: This implementation only functions correctly after InitializeSSL
245 // and before CleanupSSL.
GetSignatureDigestAlgorithm(std::string * algorithm) const246 bool OpenSSLCertificate::GetSignatureDigestAlgorithm(
247 std::string* algorithm) const {
248 int nid = OBJ_obj2nid(x509_->sig_alg->algorithm);
249 switch (nid) {
250 case NID_md5WithRSA:
251 case NID_md5WithRSAEncryption:
252 *algorithm = DIGEST_MD5;
253 break;
254 case NID_ecdsa_with_SHA1:
255 case NID_dsaWithSHA1:
256 case NID_dsaWithSHA1_2:
257 case NID_sha1WithRSA:
258 case NID_sha1WithRSAEncryption:
259 *algorithm = DIGEST_SHA_1;
260 break;
261 case NID_ecdsa_with_SHA224:
262 case NID_sha224WithRSAEncryption:
263 case NID_dsa_with_SHA224:
264 *algorithm = DIGEST_SHA_224;
265 break;
266 case NID_ecdsa_with_SHA256:
267 case NID_sha256WithRSAEncryption:
268 case NID_dsa_with_SHA256:
269 *algorithm = DIGEST_SHA_256;
270 break;
271 case NID_ecdsa_with_SHA384:
272 case NID_sha384WithRSAEncryption:
273 *algorithm = DIGEST_SHA_384;
274 break;
275 case NID_ecdsa_with_SHA512:
276 case NID_sha512WithRSAEncryption:
277 *algorithm = DIGEST_SHA_512;
278 break;
279 default:
280 // Unknown algorithm. There are several unhandled options that are less
281 // common and more complex.
282 LOG(LS_ERROR) << "Unknown signature algorithm NID: " << nid;
283 algorithm->clear();
284 return false;
285 }
286 return true;
287 }
288
GetChain(SSLCertChain ** chain) const289 bool OpenSSLCertificate::GetChain(SSLCertChain** chain) const {
290 // Chains are not yet supported when using OpenSSL.
291 // OpenSSLStreamAdapter::SSLVerifyCallback currently requires the remote
292 // certificate to be self-signed.
293 return false;
294 }
295
ComputeDigest(const std::string & algorithm,unsigned char * digest,size_t size,size_t * length) const296 bool OpenSSLCertificate::ComputeDigest(const std::string& algorithm,
297 unsigned char* digest,
298 size_t size,
299 size_t* length) const {
300 return ComputeDigest(x509_, algorithm, digest, size, length);
301 }
302
ComputeDigest(const X509 * x509,const std::string & algorithm,unsigned char * digest,size_t size,size_t * length)303 bool OpenSSLCertificate::ComputeDigest(const X509* x509,
304 const std::string& algorithm,
305 unsigned char* digest,
306 size_t size,
307 size_t* length) {
308 const EVP_MD* md;
309 unsigned int n;
310
311 if (!OpenSSLDigest::GetDigestEVP(algorithm, &md))
312 return false;
313
314 if (size < static_cast<size_t>(EVP_MD_size(md)))
315 return false;
316
317 X509_digest(x509, md, digest, &n);
318
319 *length = n;
320
321 return true;
322 }
323
~OpenSSLCertificate()324 OpenSSLCertificate::~OpenSSLCertificate() {
325 X509_free(x509_);
326 }
327
GetReference() const328 OpenSSLCertificate* OpenSSLCertificate::GetReference() const {
329 return new OpenSSLCertificate(x509_);
330 }
331
ToPEMString() const332 std::string OpenSSLCertificate::ToPEMString() const {
333 BIO* bio = BIO_new(BIO_s_mem());
334 if (!bio) {
335 FATAL() << "unreachable code";
336 }
337 if (!PEM_write_bio_X509(bio, x509_)) {
338 BIO_free(bio);
339 FATAL() << "unreachable code";
340 }
341 BIO_write(bio, "\0", 1);
342 char* buffer;
343 BIO_get_mem_data(bio, &buffer);
344 std::string ret(buffer);
345 BIO_free(bio);
346 return ret;
347 }
348
ToDER(Buffer * der_buffer) const349 void OpenSSLCertificate::ToDER(Buffer* der_buffer) const {
350 // In case of failure, make sure to leave the buffer empty.
351 der_buffer->SetSize(0);
352
353 // Calculates the DER representation of the certificate, from scratch.
354 BIO* bio = BIO_new(BIO_s_mem());
355 if (!bio) {
356 FATAL() << "unreachable code";
357 }
358 if (!i2d_X509_bio(bio, x509_)) {
359 BIO_free(bio);
360 FATAL() << "unreachable code";
361 }
362 char* data;
363 size_t length = BIO_get_mem_data(bio, &data);
364 der_buffer->SetData(data, length);
365 BIO_free(bio);
366 }
367
AddReference() const368 void OpenSSLCertificate::AddReference() const {
369 ASSERT(x509_ != NULL);
370 #if defined(OPENSSL_IS_BORINGSSL)
371 X509_up_ref(x509_);
372 #else
373 CRYPTO_add(&x509_->references, 1, CRYPTO_LOCK_X509);
374 #endif
375 }
376
377 // Documented in sslidentity.h.
CertificateExpirationTime() const378 int64_t OpenSSLCertificate::CertificateExpirationTime() const {
379 ASN1_TIME* expire_time = X509_get_notAfter(x509_);
380 bool long_format;
381
382 if (expire_time->type == V_ASN1_UTCTIME) {
383 long_format = false;
384 } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) {
385 long_format = true;
386 } else {
387 return -1;
388 }
389
390 return ASN1TimeToSec(expire_time->data, expire_time->length, long_format);
391 }
392
OpenSSLIdentity(OpenSSLKeyPair * key_pair,OpenSSLCertificate * certificate)393 OpenSSLIdentity::OpenSSLIdentity(OpenSSLKeyPair* key_pair,
394 OpenSSLCertificate* certificate)
395 : key_pair_(key_pair), certificate_(certificate) {
396 ASSERT(key_pair != NULL);
397 ASSERT(certificate != NULL);
398 }
399
400 OpenSSLIdentity::~OpenSSLIdentity() = default;
401
GenerateInternal(const SSLIdentityParams & params)402 OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
403 const SSLIdentityParams& params) {
404 OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_params);
405 if (key_pair) {
406 OpenSSLCertificate* certificate =
407 OpenSSLCertificate::Generate(key_pair, params);
408 if (certificate)
409 return new OpenSSLIdentity(key_pair, certificate);
410 delete key_pair;
411 }
412 LOG(LS_INFO) << "Identity generation failed";
413 return NULL;
414 }
415
Generate(const std::string & common_name,const KeyParams & key_params)416 OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name,
417 const KeyParams& key_params) {
418 SSLIdentityParams params;
419 params.key_params = key_params;
420 params.common_name = common_name;
421 time_t now = time(NULL);
422 params.not_before = now + CERTIFICATE_WINDOW;
423 params.not_after = now + CERTIFICATE_LIFETIME;
424 return GenerateInternal(params);
425 }
426
GenerateForTest(const SSLIdentityParams & params)427 OpenSSLIdentity* OpenSSLIdentity::GenerateForTest(
428 const SSLIdentityParams& params) {
429 return GenerateInternal(params);
430 }
431
FromPEMStrings(const std::string & private_key,const std::string & certificate)432 SSLIdentity* OpenSSLIdentity::FromPEMStrings(
433 const std::string& private_key,
434 const std::string& certificate) {
435 scoped_ptr<OpenSSLCertificate> cert(
436 OpenSSLCertificate::FromPEMString(certificate));
437 if (!cert) {
438 LOG(LS_ERROR) << "Failed to create OpenSSLCertificate from PEM string.";
439 return NULL;
440 }
441
442 BIO* bio = BIO_new_mem_buf(const_cast<char*>(private_key.c_str()), -1);
443 if (!bio) {
444 LOG(LS_ERROR) << "Failed to create a new BIO buffer.";
445 return NULL;
446 }
447 BIO_set_mem_eof_return(bio, 0);
448 EVP_PKEY* pkey =
449 PEM_read_bio_PrivateKey(bio, NULL, NULL, const_cast<char*>("\0"));
450 BIO_free(bio); // Frees the BIO, but not the pointed-to string.
451
452 if (!pkey) {
453 LOG(LS_ERROR) << "Failed to create the private key from PEM string.";
454 return NULL;
455 }
456
457 return new OpenSSLIdentity(new OpenSSLKeyPair(pkey),
458 cert.release());
459 }
460
certificate() const461 const OpenSSLCertificate& OpenSSLIdentity::certificate() const {
462 return *certificate_;
463 }
464
GetReference() const465 OpenSSLIdentity* OpenSSLIdentity::GetReference() const {
466 return new OpenSSLIdentity(key_pair_->GetReference(),
467 certificate_->GetReference());
468 }
469
ConfigureIdentity(SSL_CTX * ctx)470 bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) {
471 // 1 is the documented success return code.
472 if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 ||
473 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) {
474 LogSSLErrors("Configuring key and certificate");
475 return false;
476 }
477 return true;
478 }
479
480 } // namespace rtc
481
482 #endif // HAVE_OPENSSL_SSL_H
483