Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 5 | #include "net/cert/x509_util_openssl.h" |
| 6 | |
| 7 | #include <algorithm> |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 8 | #include <openssl/asn1.h> |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 9 | |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 10 | #include "base/lazy_instance.h" |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 11 | #include "base/logging.h" |
| 12 | #include "base/strings/string_piece.h" |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 13 | #include "crypto/ec_private_key.h" |
| 14 | #include "crypto/openssl_util.h" |
| 15 | #include "crypto/rsa_private_key.h" |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 16 | #include "net/cert/x509_cert_types.h" |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 17 | #include "net/cert/x509_util.h" |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 18 | |
| 19 | namespace net { |
| 20 | |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 21 | namespace { |
| 22 | |
| 23 | const EVP_MD* ToEVP(x509_util::DigestAlgorithm alg) { |
| 24 | switch (alg) { |
| 25 | case x509_util::DIGEST_SHA1: |
| 26 | return EVP_sha1(); |
| 27 | case x509_util::DIGEST_SHA256: |
| 28 | return EVP_sha256(); |
| 29 | } |
| 30 | return NULL; |
| 31 | } |
| 32 | |
| 33 | } // namespace |
| 34 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 35 | namespace x509_util { |
| 36 | |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 37 | namespace { |
| 38 | |
| 39 | X509* CreateCertificate(EVP_PKEY* key, |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 40 | DigestAlgorithm alg, |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 41 | const std::string& common_name, |
| 42 | uint32_t serial_number, |
| 43 | base::Time not_valid_before, |
| 44 | base::Time not_valid_after) { |
| 45 | // Put the serial number into an OpenSSL-friendly object. |
| 46 | crypto::ScopedOpenSSL<ASN1_INTEGER, ASN1_INTEGER_free> asn1_serial( |
| 47 | ASN1_INTEGER_new()); |
| 48 | if (!asn1_serial.get() || |
| 49 | !ASN1_INTEGER_set(asn1_serial.get(), static_cast<long>(serial_number))) { |
| 50 | LOG(ERROR) << "Invalid serial number " << serial_number; |
| 51 | return NULL; |
| 52 | } |
| 53 | |
| 54 | // Do the same for the time stamps. |
| 55 | crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free> asn1_not_before_time( |
| 56 | ASN1_TIME_set(NULL, not_valid_before.ToTimeT())); |
| 57 | if (!asn1_not_before_time.get()) { |
| 58 | LOG(ERROR) << "Invalid not_valid_before time: " |
| 59 | << not_valid_before.ToTimeT(); |
| 60 | return NULL; |
| 61 | } |
| 62 | |
| 63 | crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free> asn1_not_after_time( |
| 64 | ASN1_TIME_set(NULL, not_valid_after.ToTimeT())); |
| 65 | if (!asn1_not_after_time.get()) { |
| 66 | LOG(ERROR) << "Invalid not_valid_after time: " << not_valid_after.ToTimeT(); |
| 67 | return NULL; |
| 68 | } |
| 69 | |
| 70 | // Because |common_name| only contains a common name and starts with 'CN=', |
| 71 | // there is no need for a full RFC 2253 parser here. Do some sanity checks |
| 72 | // though. |
| 73 | static const char kCommonNamePrefix[] = "CN="; |
| 74 | const size_t kCommonNamePrefixLen = sizeof(kCommonNamePrefix) - 1; |
| 75 | if (common_name.size() < kCommonNamePrefixLen || |
| 76 | strncmp(common_name.c_str(), kCommonNamePrefix, kCommonNamePrefixLen)) { |
| 77 | LOG(ERROR) << "Common name must begin with " << kCommonNamePrefix; |
| 78 | return NULL; |
| 79 | } |
| 80 | if (common_name.size() > INT_MAX) { |
| 81 | LOG(ERROR) << "Common name too long"; |
| 82 | return NULL; |
| 83 | } |
| 84 | unsigned char* common_name_str = |
| 85 | reinterpret_cast<unsigned char*>(const_cast<char*>(common_name.data())) + |
| 86 | kCommonNamePrefixLen; |
| 87 | int common_name_len = |
| 88 | static_cast<int>(common_name.size() - kCommonNamePrefixLen); |
| 89 | |
| 90 | crypto::ScopedOpenSSL<X509_NAME, X509_NAME_free> name(X509_NAME_new()); |
| 91 | if (!name.get() || !X509_NAME_add_entry_by_NID(name.get(), |
| 92 | NID_commonName, |
| 93 | MBSTRING_ASC, |
| 94 | common_name_str, |
| 95 | common_name_len, |
| 96 | -1, |
| 97 | 0)) { |
| 98 | LOG(ERROR) << "Can't parse common name: " << common_name.c_str(); |
| 99 | return NULL; |
| 100 | } |
| 101 | |
| 102 | // Now create certificate and populate it. |
| 103 | crypto::ScopedOpenSSL<X509, X509_free> cert(X509_new()); |
| 104 | if (!cert.get() || !X509_set_version(cert.get(), 2L) /* i.e. version 3 */ || |
| 105 | !X509_set_pubkey(cert.get(), key) || |
| 106 | !X509_set_serialNumber(cert.get(), asn1_serial.get()) || |
| 107 | !X509_set_notBefore(cert.get(), asn1_not_before_time.get()) || |
| 108 | !X509_set_notAfter(cert.get(), asn1_not_after_time.get()) || |
| 109 | !X509_set_subject_name(cert.get(), name.get()) || |
| 110 | !X509_set_issuer_name(cert.get(), name.get())) { |
| 111 | LOG(ERROR) << "Could not create certificate"; |
| 112 | return NULL; |
| 113 | } |
| 114 | |
| 115 | return cert.release(); |
| 116 | } |
| 117 | |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 118 | bool SignAndDerEncodeCert(X509* cert, |
| 119 | EVP_PKEY* key, |
| 120 | DigestAlgorithm alg, |
| 121 | std::string* der_encoded) { |
| 122 | // Get the message digest algorithm |
| 123 | const EVP_MD* md = ToEVP(alg); |
| 124 | if (!md) { |
| 125 | LOG(ERROR) << "Unrecognized hash algorithm."; |
| 126 | return false; |
| 127 | } |
| 128 | |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 129 | // Sign it with the private key. |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 130 | if (!X509_sign(cert, key, md)) { |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 131 | LOG(ERROR) << "Could not sign certificate with key."; |
| 132 | return false; |
| 133 | } |
| 134 | |
| 135 | // Convert it into a DER-encoded string copied to |der_encoded|. |
| 136 | int der_data_length = i2d_X509(cert, NULL); |
| 137 | if (der_data_length < 0) |
| 138 | return false; |
| 139 | |
| 140 | der_encoded->resize(der_data_length); |
| 141 | unsigned char* der_data = |
| 142 | reinterpret_cast<unsigned char*>(&(*der_encoded)[0]); |
| 143 | if (i2d_X509(cert, &der_data) < 0) |
| 144 | return false; |
| 145 | |
| 146 | return true; |
| 147 | } |
| 148 | |
| 149 | // There is no OpenSSL NID for the 'originBoundCertificate' extension OID yet, |
| 150 | // so create a global ASN1_OBJECT lazily with the right parameters. |
| 151 | class DomainBoundOid { |
| 152 | public: |
| 153 | DomainBoundOid() : obj_(OBJ_txt2obj(kDomainBoundOidText, 1)) { CHECK(obj_); } |
| 154 | |
| 155 | ~DomainBoundOid() { |
| 156 | if (obj_) |
| 157 | ASN1_OBJECT_free(obj_); |
| 158 | } |
| 159 | |
| 160 | ASN1_OBJECT* obj() const { return obj_; } |
| 161 | |
| 162 | private: |
| 163 | static const char kDomainBoundOidText[]; |
| 164 | |
| 165 | ASN1_OBJECT* obj_; |
| 166 | }; |
| 167 | |
| 168 | // 1.3.6.1.4.1.11129.2.1.6 |
| 169 | // (iso.org.dod.internet.private.enterprises.google.googleSecurity. |
| 170 | // certificateExtensions.originBoundCertificate) |
| 171 | const char DomainBoundOid::kDomainBoundOidText[] = "1.3.6.1.4.1.11129.2.1.6"; |
| 172 | |
| 173 | ASN1_OBJECT* GetDomainBoundOid() { |
| 174 | static base::LazyInstance<DomainBoundOid>::Leaky s_lazy = |
| 175 | LAZY_INSTANCE_INITIALIZER; |
| 176 | return s_lazy.Get().obj(); |
| 177 | } |
| 178 | |
| 179 | } // namespace |
| 180 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 181 | bool IsSupportedValidityRange(base::Time not_valid_before, |
| 182 | base::Time not_valid_after) { |
| 183 | if (not_valid_before > not_valid_after) |
| 184 | return false; |
| 185 | |
| 186 | // The validity field of a certificate can only encode years 1-9999. |
| 187 | |
| 188 | // Compute the base::Time values corresponding to Jan 1st,0001 and |
| 189 | // Jan 1st, 10000 respectively. Done by using the pre-computed numbers |
| 190 | // of days between these dates and the Unix epoch, i.e. Jan 1st, 1970, |
| 191 | // using the following Python script: |
| 192 | // |
| 193 | // from datetime import date as D |
| 194 | // print (D(1970,1,1)-D(1,1,1)) # -> 719162 days |
| 195 | // print (D(9999,12,31)-D(1970,1,1)) # -> 2932896 days |
| 196 | // |
| 197 | // Note: This ignores leap seconds, but should be enough in practice. |
| 198 | // |
| 199 | const int64 kDaysFromYear0001ToUnixEpoch = 719162; |
| 200 | const int64 kDaysFromUnixEpochToYear10000 = 2932896 + 1; |
| 201 | const base::Time kEpoch = base::Time::UnixEpoch(); |
| 202 | const base::Time kYear0001 = kEpoch - |
| 203 | base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch); |
| 204 | const base::Time kYear10000 = kEpoch + |
| 205 | base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000); |
| 206 | |
| 207 | if (not_valid_before < kYear0001 || not_valid_before >= kYear10000 || |
| 208 | not_valid_after < kYear0001 || not_valid_after >= kYear10000) |
| 209 | return false; |
| 210 | |
| 211 | return true; |
| 212 | } |
| 213 | |
| 214 | bool CreateDomainBoundCertEC( |
| 215 | crypto::ECPrivateKey* key, |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 216 | DigestAlgorithm alg, |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 217 | const std::string& domain, |
| 218 | uint32 serial_number, |
| 219 | base::Time not_valid_before, |
| 220 | base::Time not_valid_after, |
| 221 | std::string* der_cert) { |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 222 | crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 223 | // Create certificate. |
| 224 | crypto::ScopedOpenSSL<X509, X509_free> cert( |
| 225 | CreateCertificate(key->key(), |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 226 | alg, |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 227 | "CN=anonymous.invalid", |
| 228 | serial_number, |
| 229 | not_valid_before, |
| 230 | not_valid_after)); |
| 231 | if (!cert.get()) |
| 232 | return false; |
| 233 | |
| 234 | // Add TLS-Channel-ID extension to the certificate before signing it. |
| 235 | // The value must be stored DER-encoded, as a ASN.1 IA5String. |
| 236 | crypto::ScopedOpenSSL<ASN1_STRING, ASN1_STRING_free> domain_ia5( |
| 237 | ASN1_IA5STRING_new()); |
| 238 | if (!domain_ia5.get() || |
| 239 | !ASN1_STRING_set(domain_ia5.get(), domain.data(), domain.size())) |
| 240 | return false; |
| 241 | |
| 242 | std::string domain_der; |
| 243 | int domain_der_len = i2d_ASN1_IA5STRING(domain_ia5.get(), NULL); |
| 244 | if (domain_der_len < 0) |
| 245 | return false; |
| 246 | |
| 247 | domain_der.resize(domain_der_len); |
| 248 | unsigned char* domain_der_data = |
| 249 | reinterpret_cast<unsigned char*>(&domain_der[0]); |
| 250 | if (i2d_ASN1_IA5STRING(domain_ia5.get(), &domain_der_data) < 0) |
| 251 | return false; |
| 252 | |
| 253 | crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free> domain_str( |
| 254 | ASN1_OCTET_STRING_new()); |
| 255 | if (!domain_str.get() || |
| 256 | !ASN1_STRING_set(domain_str.get(), domain_der.data(), domain_der.size())) |
| 257 | return false; |
| 258 | |
| 259 | crypto::ScopedOpenSSL<X509_EXTENSION, X509_EXTENSION_free> ext( |
| 260 | X509_EXTENSION_create_by_OBJ( |
| 261 | NULL, GetDomainBoundOid(), 1 /* critical */, domain_str.get())); |
| 262 | if (!ext.get() || !X509_add_ext(cert.get(), ext.get(), -1)) { |
| 263 | return false; |
| 264 | } |
| 265 | |
| 266 | // Sign and encode it. |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 267 | return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_cert); |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 268 | } |
| 269 | |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 270 | bool CreateSelfSignedCert(crypto::RSAPrivateKey* key, |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 271 | DigestAlgorithm alg, |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 272 | const std::string& common_name, |
| 273 | uint32 serial_number, |
| 274 | base::Time not_valid_before, |
| 275 | base::Time not_valid_after, |
| 276 | std::string* der_encoded) { |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 277 | crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 278 | crypto::ScopedOpenSSL<X509, X509_free> cert( |
| 279 | CreateCertificate(key->key(), |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 280 | alg, |
Torne (Richard Coles) | 8bcbed8 | 2013-10-22 16:41:35 +0100 | [diff] [blame] | 281 | common_name, |
| 282 | serial_number, |
| 283 | not_valid_before, |
| 284 | not_valid_after)); |
| 285 | if (!cert.get()) |
| 286 | return false; |
| 287 | |
Torne (Richard Coles) | 0f1bc08 | 2013-11-06 12:27:47 +0000 | [diff] [blame] | 288 | return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_encoded); |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 289 | } |
| 290 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 291 | bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name, |
| 292 | int index, |
| 293 | std::string* key, |
| 294 | std::string* value) { |
| 295 | X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, index); |
| 296 | if (!entry) |
| 297 | return false; |
| 298 | |
| 299 | if (key) { |
| 300 | ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry); |
| 301 | key->assign(OBJ_nid2sn(OBJ_obj2nid(object))); |
| 302 | } |
| 303 | |
| 304 | ASN1_STRING* data = X509_NAME_ENTRY_get_data(entry); |
| 305 | if (!data) |
| 306 | return false; |
| 307 | |
| 308 | unsigned char* buf = NULL; |
| 309 | int len = ASN1_STRING_to_UTF8(&buf, data); |
| 310 | if (len <= 0) |
| 311 | return false; |
| 312 | |
| 313 | value->assign(reinterpret_cast<const char*>(buf), len); |
| 314 | OPENSSL_free(buf); |
| 315 | return true; |
| 316 | } |
| 317 | |
| 318 | bool ParsePrincipalValueByIndex(X509_NAME* name, |
| 319 | int index, |
| 320 | std::string* value) { |
| 321 | return ParsePrincipalKeyAndValueByIndex(name, index, NULL, value); |
| 322 | } |
| 323 | |
| 324 | bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) { |
| 325 | int index = X509_NAME_get_index_by_NID(name, nid, -1); |
| 326 | if (index < 0) |
| 327 | return false; |
| 328 | |
| 329 | return ParsePrincipalValueByIndex(name, index, value); |
| 330 | } |
| 331 | |
| 332 | bool ParseDate(ASN1_TIME* x509_time, base::Time* time) { |
| 333 | if (!x509_time || |
| 334 | (x509_time->type != V_ASN1_UTCTIME && |
| 335 | x509_time->type != V_ASN1_GENERALIZEDTIME)) |
| 336 | return false; |
| 337 | |
| 338 | base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data), |
| 339 | x509_time->length); |
| 340 | |
| 341 | CertDateFormat format = x509_time->type == V_ASN1_UTCTIME ? |
| 342 | CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME; |
| 343 | return ParseCertificateDate(str_date, format, time); |
| 344 | } |
| 345 | |
| 346 | } // namespace x509_util |
| 347 | |
| 348 | } // namespace net |