search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add more logging to debug DumpAccessibilityEvent* test failures
[chromium-blink-merge.git] / net / cert / sha256_legacy_support_openssl_win.cc
blob991f05196128bef71e888e04a39cc1e0cb674ea5
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <openssl/asn1.h>
6 #include <openssl/bytestring.h>
7 #include <openssl/evp.h>
8 #include <openssl/obj.h>
9 #include <openssl/x509.h>
10
11 #include "base/logging.h"
12 #include "crypto/scoped_openssl_types.h"
13 #include "net/cert/sha256_legacy_support_win.h"
14
15 namespace net {
16
17 namespace sha256_interception {
18
19 namespace {
20
21 typedef crypto::ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free>::Type
22 ScopedX509_ALGOR;
23
24 // Parses |subject_signature| and writes the components into |*out_tbs_data|,
25 // |*out_algor|, and |*out_signature|. The BIT STRING in the signature must be
26 // a multiple of 8 bits. |*out_signature| will have the padding byte removed.
27 // It returns true on success and false on failure.
28 bool ParseSubjectSignature(const base::StringPiece& subject_signature,
29 CBS* out_tbs_data,
30 ScopedX509_ALGOR* out_algor,
31 CBS* out_signature) {
32 CBS cbs, sequence, tbs_data, algorithm, signature;
33 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(subject_signature.data()),
34 subject_signature.size());
35 if (!CBS_get_asn1(&cbs, &sequence, CBS_ASN1_SEQUENCE) ||
36 CBS_len(&cbs) != 0 ||
37 !CBS_get_any_asn1_element(&sequence, &tbs_data, nullptr, nullptr) ||
38 !CBS_get_asn1_element(&sequence, &algorithm,
39 CBS_ASN1_SEQUENCE) ||
40 !CBS_get_asn1(&sequence, &signature, CBS_ASN1_BITSTRING) ||
41 CBS_len(&sequence) != 0) {
42 return false;
43 }
44
45 // Decode the algorithm.
46 const uint8_t* ptr = CBS_data(&algorithm);
47 ScopedX509_ALGOR algor(d2i_X509_ALGOR(NULL, &ptr, CBS_len(&algorithm)));
48 if (!algor || ptr != CBS_data(&algorithm) + CBS_len(&algorithm))
49 return false;
50
51 // An ASN.1 BIT STRING is encoded with a leading byte denoting the number of
52 // padding bits. All supported signature algorithms output octets, so the
53 // leading byte must be zero.
54 uint8_t padding;
55 if (!CBS_get_u8(&signature, &padding) || padding != 0)
56 return false;
57
58 *out_tbs_data = tbs_data;
59 *out_algor = algor.Pass();
60 *out_signature = signature;
61 return true;
62 }
63
64 } // namespace
65
66 BOOL CryptVerifyCertificateSignatureExHook(
67 CryptVerifyCertificateSignatureExFunc original_func,
68 HCRYPTPROV_LEGACY provider,
69 DWORD encoding_type,
70 DWORD subject_type,
71 void* subject_data,
72 DWORD issuer_type,
73 void* issuer_data,
74 DWORD flags,
75 void* extra) {
76 CHECK(original_func);
77
78 // Only intercept if the arguments are supported.
79 if (provider != NULL || (encoding_type != X509_ASN_ENCODING) ||
80 !IsSupportedSubjectType(subject_type) || subject_data == NULL ||
81 !IsSupportedIssuerType(issuer_type) || issuer_data == NULL) {
82 return original_func(provider, encoding_type, subject_type, subject_data,
83 issuer_type, issuer_data, flags, extra);
84 }
85
86 base::StringPiece subject_signature =
87 GetSubjectSignature(subject_type, subject_data);
88 bool should_intercept = false;
89
90 // Parse out the data, AlgorithmIdentifier, and signature.
91 CBS tbs_data, signature;
92 ScopedX509_ALGOR algor;
93 if (ParseSubjectSignature(subject_signature, &tbs_data, &algor,
94 &signature)) {
95 // If the signature algorithm is RSA with one of the SHA-2 algorithms
96 // supported by BoringSSL (excluding SHA-224, which is pointless), then
97 // defer to the BoringSSL implementation. Otherwise, fall back and let the
98 // OS handle it (e.g. in case there are any algorithm policies in effect).
99 int nid = OBJ_obj2nid(algor->algorithm);
100 if (nid == NID_sha256WithRSAEncryption ||
101 nid == NID_sha384WithRSAEncryption ||
102 nid == NID_sha512WithRSAEncryption) {
103 should_intercept = true;
104 }
105 }
106
107 if (!should_intercept) {
108 return original_func(provider, encoding_type, subject_type, subject_data,
109 issuer_type, issuer_data, flags, extra);
110 }
111
112 // Rather than attempting to synthesize an EVP_PKEY by hand, just force the
113 // OS to do an ASN.1 encoding and then decode it back into BoringSSL. This
114 // is silly for performance, but safest for consistency.
115 PCERT_PUBLIC_KEY_INFO issuer_public_key =
116 GetIssuerPublicKey(issuer_type, issuer_data);
117 if (!issuer_public_key) {
118 SetLastError(static_cast<DWORD>(NTE_BAD_ALGID));
119 return FALSE;
120 }
121
122 uint8_t* issuer_spki_data = NULL;
123 DWORD issuer_spki_len = 0;
124 if (!CryptEncodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO,
125 issuer_public_key, CRYPT_ENCODE_ALLOC_FLAG, NULL,
126 &issuer_spki_data, &issuer_spki_len)) {
127 return FALSE;
128 }
129
130 const uint8_t* ptr = issuer_spki_data;
131 crypto::ScopedEVP_PKEY pubkey(d2i_PUBKEY(NULL, &ptr, issuer_spki_len));
132 if (!pubkey.get() || ptr != issuer_spki_data + issuer_spki_len) {
133 ::LocalFree(issuer_spki_data);
134 SetLastError(static_cast<DWORD>(NTE_BAD_ALGID));
135 return FALSE;
136 }
137 ::LocalFree(issuer_spki_data);
138
139 crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create());
140 if (!EVP_DigestVerifyInitFromAlgorithm(md_ctx.get(), algor.get(),
141 pubkey.get()) ||
142 !EVP_DigestVerifyUpdate(md_ctx.get(), CBS_data(&tbs_data),
143 CBS_len(&tbs_data)) ||
144 !EVP_DigestVerifyFinal(md_ctx.get(), CBS_data(&signature),
145 CBS_len(&signature))) {
146 SetLastError(static_cast<DWORD>(NTE_BAD_SIGNATURE));
147 return FALSE;
148 }
149 return TRUE;
150 }
151
152 } // namespace sha256_interception
153
154 } // namespace net