Support tls-server-end-point channel bindings for HTTP authentication.

net/cert/x509_util_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_util_openssl.h"
 
 #include <limits.h>
 #include <openssl/asn1.h>
+#include <openssl/digest.h>
 #include <openssl/mem.h>
 
 #include <algorithm>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "crypto/ec_private_key.h"
 #include "crypto/openssl_util.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/scoped_openssl_types.h"
+#include "net/cert/internal/parse_certificate.h"
+#include "net/cert/internal/signature_algorithm.h"
 #include "net/cert/x509_cert_types.h"
+#include "net/cert/x509_certificate.h"
 #include "net/cert/x509_util.h"
 #include "net/ssl/scoped_openssl_types.h"
 
 namespace net {
 
 namespace {
 
 using ScopedASN1_INTEGER =
     crypto::ScopedOpenSSL<ASN1_INTEGER, ASN1_INTEGER_free>;
 using ScopedASN1_OCTET_STRING =
@@ skipping 263 matching lines @@
     scoped_ptr<DERCache> new_cache(new DERCache);
     if (!DerEncodeCert(x509, &new_cache->data))
       return false;
     internal_cache = new_cache.get();
     X509_set_ex_data(x509, x509_der_cache_index, new_cache.release());
   }
   *der_cache = base::StringPiece(internal_cache->data);
   return true;
 }
 
+bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate,
+                                        std::string* token) {
+  static const char kChannelBindingPrefix[] = "tls-server-end-point:";
+
+  std::string der_encoded_certificate;
+  if (!X509Certificate::GetDEREncoded(certificate.os_cert_handle(),
+                                      &der_encoded_certificate))
+    return false;
+
+  ParsedCertificate parsed_certificate;
+  if (!ParseCertificate(der::Input(base::StringPiece(der_encoded_certificate)),
+                        &parsed_certificate))
+    return false;
+
+  scoped_ptr<SignatureAlgorithm> signature_algorithm =
+      SignatureAlgorithm::CreateFromDer(
+          parsed_certificate.signature_algorithm_tlv);
+  if (!signature_algorithm)
+    return false;
+
+  const EVP_MD* digest_evp_md = nullptr;
+  switch (signature_algorithm->digest()) {
+    case net::DigestAlgorithm::Sha1:

[eroman, 2017/03/02 21:13:02]

Is this fall-through intentional? Seems like either:

* It should return false if Sha1 is not supported
* It should set EVP_sha1()
* There needs to be a comment explaining why a fallthrough is intentional.

[asanka, 2017/03/02 21:28:57]

This is per https://tools.ietf.org/html/rfc5929#section-4.1 which states that if
the digest algorithm is MD5, SHA-1 or SHA-256, then the channel bindings should
be based on a SHA-256 digest of the certificate.

We don't support the MD5 case.

+    case net::DigestAlgorithm::Sha256:
+      digest_evp_md = EVP_sha256();
+      break;
+
+    case net::DigestAlgorithm::Sha384:
+      digest_evp_md = EVP_sha384();
+      break;
+
+    case net::DigestAlgorithm::Sha512:
+      digest_evp_md = EVP_sha512();
+      break;
+  }
+  if (!digest_evp_md)
+    return false;
+
+  std::vector<uint8_t> digest(EVP_MAX_MD_SIZE);
+  unsigned int out_size = digest.size();
+  if (!EVP_Digest(der_encoded_certificate.data(),
+                  der_encoded_certificate.size(), digest.data(), &out_size,
+                  digest_evp_md, nullptr))
+    return false;
+
+  digest.resize(out_size);
+  token->assign(kChannelBindingPrefix);
+  token->append(digest.begin(), digest.end());
+  return true;
+}
+
 }  // namespace x509_util
 
 }  // namespace net