blob: 1f2ce870eb7bf44d31cb04a47c0539a91a9bc1f8 [file] [log] [blame]
// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "quiche/quic/core/crypto/certificate_util.h"
#include "absl/strings/str_format.h"
#include "absl/strings/str_split.h"
#include "absl/strings/string_view.h"
#include "openssl/bn.h"
#include "openssl/bytestring.h"
#include "openssl/digest.h"
#include "openssl/ec_key.h"
#include "openssl/mem.h"
#include "openssl/pkcs7.h"
#include "openssl/pool.h"
#include "openssl/rsa.h"
#include "openssl/stack.h"
#include "quiche/quic/core/crypto/boring_utils.h"
#include "quiche/quic/platform/api/quic_logging.h"
namespace quic {
namespace {
bool AddEcdsa256SignatureAlgorithm(CBB* cbb) {
// See RFC 5758. This is the encoding of OID 1.2.840.10045.4.3.2.
static const uint8_t kEcdsaWithSha256[] = {0x2a, 0x86, 0x48, 0xce,
0x3d, 0x04, 0x03, 0x02};
// An AlgorithmIdentifier is described in RFC 5280, 4.1.1.2.
CBB sequence, oid;
if (!CBB_add_asn1(cbb, &sequence, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&sequence, &oid, CBS_ASN1_OBJECT)) {
return false;
}
if (!CBB_add_bytes(&oid, kEcdsaWithSha256, sizeof(kEcdsaWithSha256))) {
return false;
}
// RFC 5758, section 3.2: ecdsa-with-sha256 MUST omit the parameters field.
return CBB_flush(cbb);
}
// Adds an X.509 Name with the specified distinguished name to |cbb|.
bool AddName(CBB* cbb, absl::string_view name) {
// See RFC 4519.
static const uint8_t kCommonName[] = {0x55, 0x04, 0x03};
static const uint8_t kCountryName[] = {0x55, 0x04, 0x06};
static const uint8_t kOrganizationName[] = {0x55, 0x04, 0x0a};
static const uint8_t kOrganizationalUnitName[] = {0x55, 0x04, 0x0b};
std::vector<std::string> attributes =
absl::StrSplit(name, ',', absl::SkipEmpty());
if (attributes.empty()) {
QUIC_LOG(ERROR) << "Missing DN or wrong format";
return false;
}
// See RFC 5280, section 4.1.2.4.
CBB rdns;
if (!CBB_add_asn1(cbb, &rdns, CBS_ASN1_SEQUENCE)) {
return false;
}
for (const std::string& attribute : attributes) {
std::vector<std::string> parts =
absl::StrSplit(absl::StripAsciiWhitespace(attribute), '=');
if (parts.size() != 2) {
QUIC_LOG(ERROR) << "Wrong DN format at " + attribute;
return false;
}
const std::string& type_string = parts[0];
const std::string& value_string = parts[1];
absl::Span<const uint8_t> type_bytes;
if (type_string == "CN") {
type_bytes = kCommonName;
} else if (type_string == "C") {
type_bytes = kCountryName;
} else if (type_string == "O") {
type_bytes = kOrganizationName;
} else if (type_string == "OU") {
type_bytes = kOrganizationalUnitName;
} else {
QUIC_LOG(ERROR) << "Unrecognized type " + type_string;
return false;
}
CBB rdn, attr, type, value;
if (!CBB_add_asn1(&rdns, &rdn, CBS_ASN1_SET) ||
!CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&attr, &type, CBS_ASN1_OBJECT) ||
!CBB_add_bytes(&type, type_bytes.data(), type_bytes.size()) ||
!CBB_add_asn1(&attr, &value,
type_string == "C" ? CBS_ASN1_PRINTABLESTRING
: CBS_ASN1_UTF8STRING) ||
!AddStringToCbb(&value, value_string) || !CBB_flush(&rdns)) {
return false;
}
}
if (!CBB_flush(cbb)) {
return false;
}
return true;
}
bool CBBAddTime(CBB* cbb, const CertificateTimestamp& timestamp) {
CBB child;
std::string formatted_time;
// Per RFC 5280, 4.1.2.5, times which fit in UTCTime must be encoded as
// UTCTime rather than GeneralizedTime.
const bool is_utc_time = (1950 <= timestamp.year && timestamp.year < 2050);
if (is_utc_time) {
uint16_t year = timestamp.year - 1900;
if (year >= 100) {
year -= 100;
}
formatted_time = absl::StrFormat("%02d", year);
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_UTCTIME)) {
return false;
}
} else {
formatted_time = absl::StrFormat("%04d", timestamp.year);
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_GENERALIZEDTIME)) {
return false;
}
}
absl::StrAppendFormat(&formatted_time, "%02d%02d%02d%02d%02dZ",
timestamp.month, timestamp.day, timestamp.hour,
timestamp.minute, timestamp.second);
static const size_t kGeneralizedTimeLength = 15;
static const size_t kUTCTimeLength = 13;
QUICHE_DCHECK_EQ(formatted_time.size(),
is_utc_time ? kUTCTimeLength : kGeneralizedTimeLength);
return AddStringToCbb(&child, formatted_time) && CBB_flush(cbb);
}
bool CBBAddExtension(CBB* extensions, absl::Span<const uint8_t> oid,
bool critical, absl::Span<const uint8_t> contents) {
CBB extension, cbb_oid, cbb_contents;
if (!CBB_add_asn1(extensions, &extension, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&extension, &cbb_oid, CBS_ASN1_OBJECT) ||
!CBB_add_bytes(&cbb_oid, oid.data(), oid.size()) ||
(critical && !CBB_add_asn1_bool(&extension, 1)) ||
!CBB_add_asn1(&extension, &cbb_contents, CBS_ASN1_OCTETSTRING) ||
!CBB_add_bytes(&cbb_contents, contents.data(), contents.size()) ||
!CBB_flush(extensions)) {
return false;
}
return true;
}
bool IsEcdsa256Key(const EVP_PKEY& evp_key) {
if (EVP_PKEY_id(&evp_key) != EVP_PKEY_EC) {
return false;
}
const EC_KEY* key = EVP_PKEY_get0_EC_KEY(&evp_key);
if (key == nullptr) {
return false;
}
const EC_GROUP* group = EC_KEY_get0_group(key);
if (group == nullptr) {
return false;
}
return EC_GROUP_get_curve_name(group) == NID_X9_62_prime256v1;
}
} // namespace
bssl::UniquePtr<EVP_PKEY> MakeKeyPairForSelfSignedCertificate() {
bssl::UniquePtr<EVP_PKEY_CTX> context(
EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr));
if (!context) {
return nullptr;
}
if (EVP_PKEY_keygen_init(context.get()) != 1) {
return nullptr;
}
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(context.get(),
NID_X9_62_prime256v1) != 1) {
return nullptr;
}
EVP_PKEY* raw_key = nullptr;
if (EVP_PKEY_keygen(context.get(), &raw_key) != 1) {
return nullptr;
}
return bssl::UniquePtr<EVP_PKEY>(raw_key);
}
std::string CreateSelfSignedCertificate(EVP_PKEY& key,
const CertificateOptions& options) {
std::string error;
if (!IsEcdsa256Key(key)) {
QUIC_LOG(ERROR) << "CreateSelfSignedCert only accepts ECDSA P-256 keys";
return error;
}
// See RFC 5280, section 4.1. First, construct the TBSCertificate.
bssl::ScopedCBB cbb;
CBB tbs_cert, version, validity;
uint8_t* tbs_cert_bytes;
size_t tbs_cert_len;
if (!CBB_init(cbb.get(), 64) ||
!CBB_add_asn1(cbb.get(), &tbs_cert, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&tbs_cert, &version,
CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
!CBB_add_asn1_uint64(&version, 2) || // X.509 version 3
!CBB_add_asn1_uint64(&tbs_cert, options.serial_number) ||
!AddEcdsa256SignatureAlgorithm(&tbs_cert) || // signature algorithm
!AddName(&tbs_cert, options.subject) || // issuer
!CBB_add_asn1(&tbs_cert, &validity, CBS_ASN1_SEQUENCE) ||
!CBBAddTime(&validity, options.validity_start) ||
!CBBAddTime(&validity, options.validity_end) ||
!AddName(&tbs_cert, options.subject) || // subject
!EVP_marshal_public_key(&tbs_cert, &key)) { // subjectPublicKeyInfo
return error;
}
CBB outer_extensions, extensions;
if (!CBB_add_asn1(&tbs_cert, &outer_extensions,
3 | CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED) ||
!CBB_add_asn1(&outer_extensions, &extensions, CBS_ASN1_SEQUENCE)) {
return error;
}
// Key Usage
constexpr uint8_t kKeyUsageOid[] = {0x55, 0x1d, 0x0f};
constexpr uint8_t kKeyUsageContent[] = {
0x3, // BIT STRING
0x2, // Length
0x0, // Unused bits
0x80, // bit(0): digitalSignature
};
CBBAddExtension(&extensions, kKeyUsageOid, true, kKeyUsageContent);
// TODO(wub): Add more extensions here if needed.
if (!CBB_finish(cbb.get(), &tbs_cert_bytes, &tbs_cert_len)) {
return error;
}
bssl::UniquePtr<uint8_t> delete_tbs_cert_bytes(tbs_cert_bytes);
// Sign the TBSCertificate and write the entire certificate.
CBB cert, signature;
bssl::ScopedEVP_MD_CTX ctx;
uint8_t* sig_out;
size_t sig_len;
uint8_t* cert_bytes;
size_t cert_len;
if (!CBB_init(cbb.get(), tbs_cert_len) ||
!CBB_add_asn1(cbb.get(), &cert, CBS_ASN1_SEQUENCE) ||
!CBB_add_bytes(&cert, tbs_cert_bytes, tbs_cert_len) ||
!AddEcdsa256SignatureAlgorithm(&cert) ||
!CBB_add_asn1(&cert, &signature, CBS_ASN1_BITSTRING) ||
!CBB_add_u8(&signature, 0 /* no unused bits */) ||
!EVP_DigestSignInit(ctx.get(), nullptr, EVP_sha256(), nullptr, &key) ||
// Compute the maximum signature length.
!EVP_DigestSign(ctx.get(), nullptr, &sig_len, tbs_cert_bytes,
tbs_cert_len) ||
!CBB_reserve(&signature, &sig_out, sig_len) ||
// Actually sign the TBSCertificate.
!EVP_DigestSign(ctx.get(), sig_out, &sig_len, tbs_cert_bytes,
tbs_cert_len) ||
!CBB_did_write(&signature, sig_len) ||
!CBB_finish(cbb.get(), &cert_bytes, &cert_len)) {
return error;
}
bssl::UniquePtr<uint8_t> delete_cert_bytes(cert_bytes);
return std::string(reinterpret_cast<char*>(cert_bytes), cert_len);
}
} // namespace quic