1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/x509_util_openssl.h" 6 7 #include <algorithm> 8 #include <openssl/asn1.h> 9 10 #include "base/lazy_instance.h" 11 #include "base/logging.h" 12 #include "base/strings/string_piece.h" 13 #include "crypto/ec_private_key.h" 14 #include "crypto/openssl_util.h" 15 #include "crypto/rsa_private_key.h" 16 #include "net/cert/x509_cert_types.h" 17 #include "net/cert/x509_util.h" 18 19 namespace net { 20 21 namespace { 22 23 const EVP_MD* ToEVP(x509_util::DigestAlgorithm alg) { 24 switch (alg) { 25 case x509_util::DIGEST_SHA1: 26 return EVP_sha1(); 27 case x509_util::DIGEST_SHA256: 28 return EVP_sha256(); 29 } 30 return NULL; 31 } 32 33 } // namespace 34 35 namespace x509_util { 36 37 namespace { 38 39 X509* CreateCertificate(EVP_PKEY* key, 40 DigestAlgorithm alg, 41 const std::string& common_name, 42 uint32_t serial_number, 43 base::Time not_valid_before, 44 base::Time not_valid_after) { 45 // Put the serial number into an OpenSSL-friendly object. 46 crypto::ScopedOpenSSL<ASN1_INTEGER, ASN1_INTEGER_free> asn1_serial( 47 ASN1_INTEGER_new()); 48 if (!asn1_serial.get() || 49 !ASN1_INTEGER_set(asn1_serial.get(), static_cast<long>(serial_number))) { 50 LOG(ERROR) << "Invalid serial number " << serial_number; 51 return NULL; 52 } 53 54 // Do the same for the time stamps. 55 crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free> asn1_not_before_time( 56 ASN1_TIME_set(NULL, not_valid_before.ToTimeT())); 57 if (!asn1_not_before_time.get()) { 58 LOG(ERROR) << "Invalid not_valid_before time: " 59 << not_valid_before.ToTimeT(); 60 return NULL; 61 } 62 63 crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free> asn1_not_after_time( 64 ASN1_TIME_set(NULL, not_valid_after.ToTimeT())); 65 if (!asn1_not_after_time.get()) { 66 LOG(ERROR) << "Invalid not_valid_after time: " << not_valid_after.ToTimeT(); 67 return NULL; 68 } 69 70 // Because |common_name| only contains a common name and starts with 'CN=', 71 // there is no need for a full RFC 2253 parser here. Do some sanity checks 72 // though. 73 static const char kCommonNamePrefix[] = "CN="; 74 const size_t kCommonNamePrefixLen = sizeof(kCommonNamePrefix) - 1; 75 if (common_name.size() < kCommonNamePrefixLen || 76 strncmp(common_name.c_str(), kCommonNamePrefix, kCommonNamePrefixLen)) { 77 LOG(ERROR) << "Common name must begin with " << kCommonNamePrefix; 78 return NULL; 79 } 80 if (common_name.size() > INT_MAX) { 81 LOG(ERROR) << "Common name too long"; 82 return NULL; 83 } 84 unsigned char* common_name_str = 85 reinterpret_cast<unsigned char*>(const_cast<char*>(common_name.data())) + 86 kCommonNamePrefixLen; 87 int common_name_len = 88 static_cast<int>(common_name.size() - kCommonNamePrefixLen); 89 90 crypto::ScopedOpenSSL<X509_NAME, X509_NAME_free> name(X509_NAME_new()); 91 if (!name.get() || !X509_NAME_add_entry_by_NID(name.get(), 92 NID_commonName, 93 MBSTRING_ASC, 94 common_name_str, 95 common_name_len, 96 -1, 97 0)) { 98 LOG(ERROR) << "Can't parse common name: " << common_name.c_str(); 99 return NULL; 100 } 101 102 // Now create certificate and populate it. 103 crypto::ScopedOpenSSL<X509, X509_free> cert(X509_new()); 104 if (!cert.get() || !X509_set_version(cert.get(), 2L) /* i.e. version 3 */ || 105 !X509_set_pubkey(cert.get(), key) || 106 !X509_set_serialNumber(cert.get(), asn1_serial.get()) || 107 !X509_set_notBefore(cert.get(), asn1_not_before_time.get()) || 108 !X509_set_notAfter(cert.get(), asn1_not_after_time.get()) || 109 !X509_set_subject_name(cert.get(), name.get()) || 110 !X509_set_issuer_name(cert.get(), name.get())) { 111 LOG(ERROR) << "Could not create certificate"; 112 return NULL; 113 } 114 115 return cert.release(); 116 } 117 118 bool SignAndDerEncodeCert(X509* cert, 119 EVP_PKEY* key, 120 DigestAlgorithm alg, 121 std::string* der_encoded) { 122 // Get the message digest algorithm 123 const EVP_MD* md = ToEVP(alg); 124 if (!md) { 125 LOG(ERROR) << "Unrecognized hash algorithm."; 126 return false; 127 } 128 129 // Sign it with the private key. 130 if (!X509_sign(cert, key, md)) { 131 LOG(ERROR) << "Could not sign certificate with key."; 132 return false; 133 } 134 135 // Convert it into a DER-encoded string copied to |der_encoded|. 136 int der_data_length = i2d_X509(cert, NULL); 137 if (der_data_length < 0) 138 return false; 139 140 der_encoded->resize(der_data_length); 141 unsigned char* der_data = 142 reinterpret_cast<unsigned char*>(&(*der_encoded)[0]); 143 if (i2d_X509(cert, &der_data) < 0) 144 return false; 145 146 return true; 147 } 148 149 // There is no OpenSSL NID for the 'originBoundCertificate' extension OID yet, 150 // so create a global ASN1_OBJECT lazily with the right parameters. 151 class DomainBoundOid { 152 public: 153 DomainBoundOid() : obj_(OBJ_txt2obj(kDomainBoundOidText, 1)) { CHECK(obj_); } 154 155 ~DomainBoundOid() { 156 if (obj_) 157 ASN1_OBJECT_free(obj_); 158 } 159 160 ASN1_OBJECT* obj() const { return obj_; } 161 162 private: 163 static const char kDomainBoundOidText[]; 164 165 ASN1_OBJECT* obj_; 166 }; 167 168 // 1.3.6.1.4.1.11129.2.1.6 169 // (iso.org.dod.internet.private.enterprises.google.googleSecurity. 170 // certificateExtensions.originBoundCertificate) 171 const char DomainBoundOid::kDomainBoundOidText[] = "1.3.6.1.4.1.11129.2.1.6"; 172 173 ASN1_OBJECT* GetDomainBoundOid() { 174 static base::LazyInstance<DomainBoundOid>::Leaky s_lazy = 175 LAZY_INSTANCE_INITIALIZER; 176 return s_lazy.Get().obj(); 177 } 178 179 } // namespace 180 181 bool IsSupportedValidityRange(base::Time not_valid_before, 182 base::Time not_valid_after) { 183 if (not_valid_before > not_valid_after) 184 return false; 185 186 // The validity field of a certificate can only encode years 1-9999. 187 188 // Compute the base::Time values corresponding to Jan 1st,0001 and 189 // Jan 1st, 10000 respectively. Done by using the pre-computed numbers 190 // of days between these dates and the Unix epoch, i.e. Jan 1st, 1970, 191 // using the following Python script: 192 // 193 // from datetime import date as D 194 // print (D(1970,1,1)-D(1,1,1)) # -> 719162 days 195 // print (D(9999,12,31)-D(1970,1,1)) # -> 2932896 days 196 // 197 // Note: This ignores leap seconds, but should be enough in practice. 198 // 199 const int64 kDaysFromYear0001ToUnixEpoch = 719162; 200 const int64 kDaysFromUnixEpochToYear10000 = 2932896 + 1; 201 const base::Time kEpoch = base::Time::UnixEpoch(); 202 const base::Time kYear0001 = kEpoch - 203 base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch); 204 const base::Time kYear10000 = kEpoch + 205 base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000); 206 207 if (not_valid_before < kYear0001 || not_valid_before >= kYear10000 || 208 not_valid_after < kYear0001 || not_valid_after >= kYear10000) 209 return false; 210 211 return true; 212 } 213 214 bool CreateDomainBoundCertEC( 215 crypto::ECPrivateKey* key, 216 DigestAlgorithm alg, 217 const std::string& domain, 218 uint32 serial_number, 219 base::Time not_valid_before, 220 base::Time not_valid_after, 221 std::string* der_cert) { 222 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 223 // Create certificate. 224 crypto::ScopedOpenSSL<X509, X509_free> cert( 225 CreateCertificate(key->key(), 226 alg, 227 "CN=anonymous.invalid", 228 serial_number, 229 not_valid_before, 230 not_valid_after)); 231 if (!cert.get()) 232 return false; 233 234 // Add TLS-Channel-ID extension to the certificate before signing it. 235 // The value must be stored DER-encoded, as a ASN.1 IA5String. 236 crypto::ScopedOpenSSL<ASN1_STRING, ASN1_STRING_free> domain_ia5( 237 ASN1_IA5STRING_new()); 238 if (!domain_ia5.get() || 239 !ASN1_STRING_set(domain_ia5.get(), domain.data(), domain.size())) 240 return false; 241 242 std::string domain_der; 243 int domain_der_len = i2d_ASN1_IA5STRING(domain_ia5.get(), NULL); 244 if (domain_der_len < 0) 245 return false; 246 247 domain_der.resize(domain_der_len); 248 unsigned char* domain_der_data = 249 reinterpret_cast<unsigned char*>(&domain_der[0]); 250 if (i2d_ASN1_IA5STRING(domain_ia5.get(), &domain_der_data) < 0) 251 return false; 252 253 crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free> domain_str( 254 ASN1_OCTET_STRING_new()); 255 if (!domain_str.get() || 256 !ASN1_STRING_set(domain_str.get(), domain_der.data(), domain_der.size())) 257 return false; 258 259 crypto::ScopedOpenSSL<X509_EXTENSION, X509_EXTENSION_free> ext( 260 X509_EXTENSION_create_by_OBJ( 261 NULL, GetDomainBoundOid(), 1 /* critical */, domain_str.get())); 262 if (!ext.get() || !X509_add_ext(cert.get(), ext.get(), -1)) { 263 return false; 264 } 265 266 // Sign and encode it. 267 return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_cert); 268 } 269 270 bool CreateSelfSignedCert(crypto::RSAPrivateKey* key, 271 DigestAlgorithm alg, 272 const std::string& common_name, 273 uint32 serial_number, 274 base::Time not_valid_before, 275 base::Time not_valid_after, 276 std::string* der_encoded) { 277 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 278 crypto::ScopedOpenSSL<X509, X509_free> cert( 279 CreateCertificate(key->key(), 280 alg, 281 common_name, 282 serial_number, 283 not_valid_before, 284 not_valid_after)); 285 if (!cert.get()) 286 return false; 287 288 return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_encoded); 289 } 290 291 bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name, 292 int index, 293 std::string* key, 294 std::string* value) { 295 X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, index); 296 if (!entry) 297 return false; 298 299 if (key) { 300 ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry); 301 key->assign(OBJ_nid2sn(OBJ_obj2nid(object))); 302 } 303 304 ASN1_STRING* data = X509_NAME_ENTRY_get_data(entry); 305 if (!data) 306 return false; 307 308 unsigned char* buf = NULL; 309 int len = ASN1_STRING_to_UTF8(&buf, data); 310 if (len <= 0) 311 return false; 312 313 value->assign(reinterpret_cast<const char*>(buf), len); 314 OPENSSL_free(buf); 315 return true; 316 } 317 318 bool ParsePrincipalValueByIndex(X509_NAME* name, 319 int index, 320 std::string* value) { 321 return ParsePrincipalKeyAndValueByIndex(name, index, NULL, value); 322 } 323 324 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) { 325 int index = X509_NAME_get_index_by_NID(name, nid, -1); 326 if (index < 0) 327 return false; 328 329 return ParsePrincipalValueByIndex(name, index, value); 330 } 331 332 bool ParseDate(ASN1_TIME* x509_time, base::Time* time) { 333 if (!x509_time || 334 (x509_time->type != V_ASN1_UTCTIME && 335 x509_time->type != V_ASN1_GENERALIZEDTIME)) 336 return false; 337 338 base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data), 339 x509_time->length); 340 341 CertDateFormat format = x509_time->type == V_ASN1_UTCTIME ? 342 CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME; 343 return ParseCertificateDate(str_date, format, time); 344 } 345 346 } // namespace x509_util 347 348 } // namespace net 349