search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / net / quic / crypto / proof_verifier_chromium.cc
blob90543cbbbccf5fcfd3fbb85b8a5eca250acca533
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/crypto/proof_verifier_chromium.h"
6
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/callback_helpers.h"
10 #include "base/compiler_specific.h"
11 #include "base/logging.h"
12 #include "base/metrics/histogram_macros.h"
13 #include "base/profiler/scoped_tracker.h"
14 #include "base/stl_util.h"
15 #include "base/strings/stringprintf.h"
16 #include "crypto/signature_verifier.h"
17 #include "net/base/net_errors.h"
18 #include "net/cert/asn1_util.h"
19 #include "net/cert/cert_status_flags.h"
20 #include "net/cert/cert_verifier.h"
21 #include "net/cert/cert_verify_result.h"
22 #include "net/cert/x509_certificate.h"
23 #include "net/cert/x509_util.h"
24 #include "net/http/transport_security_state.h"
25 #include "net/log/net_log.h"
26 #include "net/quic/crypto/crypto_protocol.h"
27 #include "net/ssl/ssl_config_service.h"
28
29 using base::StringPiece;
30 using base::StringPrintf;
31 using std::string;
32 using std::vector;
33
34 namespace net {
35
36 ProofVerifyDetails* ProofVerifyDetailsChromium::Clone() const {
37 ProofVerifyDetailsChromium* other = new ProofVerifyDetailsChromium;
38 other->cert_verify_result = cert_verify_result;
39 return other;
40 }
41
42 // A Job handles the verification of a single proof. It is owned by the
43 // ProofVerifier. If the verification can not complete synchronously, it
44 // will notify the ProofVerifier upon completion.
45 class ProofVerifierChromium::Job {
46 public:
47 Job(ProofVerifierChromium* proof_verifier,
48 CertVerifier* cert_verifier,
49 TransportSecurityState* transport_security_state,
50 int cert_verify_flags,
51 const BoundNetLog& net_log);
52
53 // Starts the proof verification. If |QUIC_PENDING| is returned, then
54 // |callback| will be invoked asynchronously when the verification completes.
55 QuicAsyncStatus VerifyProof(const std::string& hostname,
56 const std::string& server_config,
57 const std::vector<std::string>& certs,
58 const std::string& signature,
59 std::string* error_details,
60 scoped_ptr<ProofVerifyDetails>* verify_details,
61 ProofVerifierCallback* callback);
62
63 private:
64 enum State {
65 STATE_NONE,
66 STATE_VERIFY_CERT,
67 STATE_VERIFY_CERT_COMPLETE,
68 };
69
70 int DoLoop(int last_io_result);
71 void OnIOComplete(int result);
72 int DoVerifyCert(int result);
73 int DoVerifyCertComplete(int result);
74
75 bool VerifySignature(const std::string& signed_data,
76 const std::string& signature,
77 const std::string& cert);
78
79 // Proof verifier to notify when this jobs completes.
80 ProofVerifierChromium* proof_verifier_;
81
82 // The underlying verifier used for verifying certificates.
83 CertVerifier* verifier_;
84 scoped_ptr<CertVerifier::Request> cert_verifier_request_;
85
86 TransportSecurityState* transport_security_state_;
87
88 // |hostname| specifies the hostname for which |certs| is a valid chain.
89 std::string hostname_;
90
91 scoped_ptr<ProofVerifierCallback> callback_;
92 scoped_ptr<ProofVerifyDetailsChromium> verify_details_;
93 std::string error_details_;
94
95 // X509Certificate from a chain of DER encoded certificates.
96 scoped_refptr<X509Certificate> cert_;
97
98 // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is
99 // passed to CertVerifier::Verify.
100 int cert_verify_flags_;
101
102 State next_state_;
103
104 BoundNetLog net_log_;
105
106 DISALLOW_COPY_AND_ASSIGN(Job);
107 };
108
109 ProofVerifierChromium::Job::Job(
110 ProofVerifierChromium* proof_verifier,
111 CertVerifier* cert_verifier,
112 TransportSecurityState* transport_security_state,
113 int cert_verify_flags,
114 const BoundNetLog& net_log)
115 : proof_verifier_(proof_verifier),
116 verifier_(cert_verifier),
117 transport_security_state_(transport_security_state),
118 cert_verify_flags_(cert_verify_flags),
119 next_state_(STATE_NONE),
120 net_log_(net_log) {
121 }
122
123 QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof(
124 const string& hostname,
125 const string& server_config,
126 const vector<string>& certs,
127 const string& signature,
128 std::string* error_details,
129 scoped_ptr<ProofVerifyDetails>* verify_details,
130 ProofVerifierCallback* callback) {
131 DCHECK(error_details);
132 DCHECK(verify_details);
133 DCHECK(callback);
134
135 error_details->clear();
136
137 if (STATE_NONE != next_state_) {
138 *error_details = "Certificate is already set and VerifyProof has begun";
139 DLOG(DFATAL) << *error_details;
140 return QUIC_FAILURE;
141 }
142
143 verify_details_.reset(new ProofVerifyDetailsChromium);
144
145 if (certs.empty()) {
146 *error_details = "Failed to create certificate chain. Certs are empty.";
147 DLOG(WARNING) << *error_details;
148 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID;
149 *verify_details = verify_details_.Pass();
150 return QUIC_FAILURE;
151 }
152
153 // Convert certs to X509Certificate.
154 vector<StringPiece> cert_pieces(certs.size());
155 for (unsigned i = 0; i < certs.size(); i++) {
156 cert_pieces[i] = base::StringPiece(certs[i]);
157 }
158 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces);
159 if (!cert_.get()) {
160 *error_details = "Failed to create certificate chain";
161 DLOG(WARNING) << *error_details;
162 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID;
163 *verify_details = verify_details_.Pass();
164 return QUIC_FAILURE;
165 }
166
167 // We call VerifySignature first to avoid copying of server_config and
168 // signature.
169 if (!VerifySignature(server_config, signature, certs[0])) {
170 *error_details = "Failed to verify signature of server config";
171 DLOG(WARNING) << *error_details;
172 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID;
173 *verify_details = verify_details_.Pass();
174 return QUIC_FAILURE;
175 }
176
177 hostname_ = hostname;
178
179 next_state_ = STATE_VERIFY_CERT;
180 switch (DoLoop(OK)) {
181 case OK:
182 *verify_details = verify_details_.Pass();
183 return QUIC_SUCCESS;
184 case ERR_IO_PENDING:
185 callback_.reset(callback);
186 return QUIC_PENDING;
187 default:
188 *error_details = error_details_;
189 *verify_details = verify_details_.Pass();
190 return QUIC_FAILURE;
191 }
192 }
193
194 int ProofVerifierChromium::Job::DoLoop(int last_result) {
195 int rv = last_result;
196 do {
197 State state = next_state_;
198 next_state_ = STATE_NONE;
199 switch (state) {
200 case STATE_VERIFY_CERT:
201 DCHECK(rv == OK);
202 rv = DoVerifyCert(rv);
203 break;
204 case STATE_VERIFY_CERT_COMPLETE:
205 rv = DoVerifyCertComplete(rv);
206 break;
207 case STATE_NONE:
208 default:
209 rv = ERR_UNEXPECTED;
210 LOG(DFATAL) << "unexpected state " << state;
211 break;
212 }
213 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
214 return rv;
215 }
216
217 void ProofVerifierChromium::Job::OnIOComplete(int result) {
218 int rv = DoLoop(result);
219 if (rv != ERR_IO_PENDING) {
220 scoped_ptr<ProofVerifierCallback> callback(callback_.Pass());
221 // Callback expects ProofVerifyDetails not ProofVerifyDetailsChromium.
222 scoped_ptr<ProofVerifyDetails> verify_details(verify_details_.Pass());
223 callback->Run(rv == OK, error_details_, &verify_details);
224 // Will delete |this|.
225 proof_verifier_->OnJobComplete(this);
226 }
227 }
228
229 int ProofVerifierChromium::Job::DoVerifyCert(int result) {
230 next_state_ = STATE_VERIFY_CERT_COMPLETE;
231
232 return verifier_->Verify(
233 cert_.get(), hostname_, std::string(), cert_verify_flags_,
234 SSLConfigService::GetCRLSet().get(), &verify_details_->cert_verify_result,
235 base::Bind(&ProofVerifierChromium::Job::OnIOComplete,
236 base::Unretained(this)),
237 &cert_verifier_request_, net_log_);
238 }
239
240 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
241 cert_verifier_request_.reset();
242
243 const CertVerifyResult& cert_verify_result =
244 verify_details_->cert_verify_result;
245 const CertStatus cert_status = cert_verify_result.cert_status;
246 if (transport_security_state_ &&
247 (result == OK ||
248 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
249 !transport_security_state_->CheckPublicKeyPins(
250 hostname_,
251 cert_verify_result.is_issued_by_known_root,
252 cert_verify_result.public_key_hashes,
253 &verify_details_->pinning_failure_log)) {
254 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
255 }
256
257 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
258 SSLConfigService::GetEVCertsWhitelist();
259 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() &&
260 ev_whitelist->IsValid()) {
261 const SHA256HashValue fingerprint(
262 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle()));
263
264 UMA_HISTOGRAM_BOOLEAN(
265 "Net.SSL_EVCertificateInWhitelist",
266 ev_whitelist->ContainsCertificateHash(
267 std::string(reinterpret_cast<const char*>(fingerprint.data), 8)));
268 }
269
270 if (result != OK) {
271 std::string error_string = ErrorToString(result);
272 error_details_ = StringPrintf("Failed to verify certificate chain: %s",
273 error_string.c_str());
274 DLOG(WARNING) << error_details_;
275 }
276
277 // Exit DoLoop and return the result to the caller to VerifyProof.
278 DCHECK_EQ(STATE_NONE, next_state_);
279 return result;
280 }
281
282 bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data,
283 const string& signature,
284 const string& cert) {
285 // TODO(rtenneti): Remove ScopedTracker below once crbug.com/422516 is fixed.
286 tracked_objects::ScopedTracker tracking_profile(
287 FROM_HERE_WITH_EXPLICIT_FUNCTION(
288 "422516 ProofVerifierChromium::Job::VerifySignature"));
289
290 StringPiece spki;
291 if (!asn1::ExtractSPKIFromDERCert(cert, &spki)) {
292 DLOG(WARNING) << "ExtractSPKIFromDERCert failed";
293 return false;
294 }
295
296 crypto::SignatureVerifier verifier;
297
298 size_t size_bits;
299 X509Certificate::PublicKeyType type;
300 X509Certificate::GetPublicKeyInfo(cert_->os_cert_handle(), &size_bits,
301 &type);
302 if (type == X509Certificate::kPublicKeyTypeRSA) {
303 crypto::SignatureVerifier::HashAlgorithm hash_alg =
304 crypto::SignatureVerifier::SHA256;
305 crypto::SignatureVerifier::HashAlgorithm mask_hash_alg = hash_alg;
306 unsigned int hash_len = 32; // 32 is the length of a SHA-256 hash.
307
308 bool ok = verifier.VerifyInitRSAPSS(
309 hash_alg, mask_hash_alg, hash_len,
310 reinterpret_cast<const uint8*>(signature.data()), signature.size(),
311 reinterpret_cast<const uint8*>(spki.data()), spki.size());
312 if (!ok) {
313 DLOG(WARNING) << "VerifyInitRSAPSS failed";
314 return false;
315 }
316 } else if (type == X509Certificate::kPublicKeyTypeECDSA) {
317 // This is the algorithm ID for ECDSA with SHA-256. Parameters are ABSENT.
318 // RFC 5758:
319 // ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
320 // us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
321 // ...
322 // When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
323 // ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
324 // as an AlgorithmIdentifier, the encoding MUST omit the parameters
325 // field. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one
326 // component, the OID ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-
327 // SHA384, or ecdsa-with-SHA512.
328 // See also RFC 5480, Appendix A.
329 static const uint8 kECDSAWithSHA256AlgorithmID[] = {
330 0x30, 0x0a,
331 0x06, 0x08,
332 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
333 };
334
335 if (!verifier.VerifyInit(
336 kECDSAWithSHA256AlgorithmID, sizeof(kECDSAWithSHA256AlgorithmID),
337 reinterpret_cast<const uint8*>(signature.data()),
338 signature.size(),
339 reinterpret_cast<const uint8*>(spki.data()),
340 spki.size())) {
341 DLOG(WARNING) << "VerifyInit failed";
342 return false;
343 }
344 } else {
345 LOG(ERROR) << "Unsupported public key type " << type;
346 return false;
347 }
348
349 verifier.VerifyUpdate(reinterpret_cast<const uint8*>(kProofSignatureLabel),
350 sizeof(kProofSignatureLabel));
351 verifier.VerifyUpdate(reinterpret_cast<const uint8*>(signed_data.data()),
352 signed_data.size());
353
354 if (!verifier.VerifyFinal()) {
355 DLOG(WARNING) << "VerifyFinal failed";
356 return false;
357 }
358
359 DVLOG(1) << "VerifyFinal success";
360 return true;
361 }
362
363 ProofVerifierChromium::ProofVerifierChromium(
364 CertVerifier* cert_verifier,
365 TransportSecurityState* transport_security_state)
366 : cert_verifier_(cert_verifier),
367 transport_security_state_(transport_security_state) {
368 }
369
370 ProofVerifierChromium::~ProofVerifierChromium() {
371 STLDeleteElements(&active_jobs_);
372 }
373
374 QuicAsyncStatus ProofVerifierChromium::VerifyProof(
375 const std::string& hostname,
376 const std::string& server_config,
377 const std::vector<std::string>& certs,
378 const std::string& signature,
379 const ProofVerifyContext* verify_context,
380 std::string* error_details,
381 scoped_ptr<ProofVerifyDetails>* verify_details,
382 ProofVerifierCallback* callback) {
383 if (!verify_context) {
384 *error_details = "Missing context";
385 return QUIC_FAILURE;
386 }
387 const ProofVerifyContextChromium* chromium_context =
388 reinterpret_cast<const ProofVerifyContextChromium*>(verify_context);
389 scoped_ptr<Job> job(new Job(this, cert_verifier_, transport_security_state_,
390 chromium_context->cert_verify_flags,
391 chromium_context->net_log));
392 QuicAsyncStatus status =
393 job->VerifyProof(hostname, server_config, certs, signature, error_details,
394 verify_details, callback);
395 if (status == QUIC_PENDING) {
396 active_jobs_.insert(job.release());
397 }
398 return status;
399 }
400
401 void ProofVerifierChromium::OnJobComplete(Job* job) {
402 active_jobs_.erase(job);
403 delete job;
404 }
405
406 } // namespace net