| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_source_chromium.h" | 5 #include "net/quic/crypto/proof_source_chromium.h" |
| 6 | 6 |
| 7 #include <openssl/digest.h> | 7 #include <openssl/digest.h> |
| 8 #include <openssl/evp.h> | 8 #include <openssl/evp.h> |
| 9 #include <openssl/rsa.h> | 9 #include <openssl/rsa.h> |
| 10 | 10 |
| 11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
| 12 #include "base/strings/string_number_conversions.h" | 12 #include "base/strings/string_number_conversions.h" |
| 13 #include "crypto/openssl_util.h" | 13 #include "crypto/openssl_util.h" |
| 14 #include "net/quic/crypto/crypto_protocol.h" | 14 #include "net/quic/crypto/crypto_protocol.h" |
| 15 #include "net/ssl/scoped_openssl_types.h" | 15 #include "net/ssl/scoped_openssl_types.h" |
| 16 | 16 |
| 17 using std::string; | 17 using std::string; |
| 18 using std::vector; | 18 using std::vector; |
| 19 | 19 |
| 20 namespace net { | 20 namespace net { |
| 21 | 21 |
| 22 ProofSourceChromium::ProofSourceChromium() {} | 22 ProofSourceChromium::ProofSourceChromium() {} |
| 23 | 23 |
| 24 ProofSourceChromium::~ProofSourceChromium() {} | 24 ProofSourceChromium::~ProofSourceChromium() {} |
| 25 | 25 |
| 26 bool ProofSourceChromium::Initialize(const base::FilePath& cert_path, | 26 bool ProofSourceChromium::Initialize(const base::FilePath& cert_path, |
| 27 const base::FilePath& key_path) { | 27 const base::FilePath& key_path, |
| 28 const base::FilePath& sct_path) { |
| 28 crypto::EnsureOpenSSLInit(); | 29 crypto::EnsureOpenSSLInit(); |
| 29 | 30 |
| 30 std::string cert_data; | 31 std::string cert_data; |
| 31 if (!base::ReadFileToString(cert_path, &cert_data)) { | 32 if (!base::ReadFileToString(cert_path, &cert_data)) { |
| 32 DLOG(FATAL) << "Unable to read certificates."; | 33 DLOG(FATAL) << "Unable to read certificates."; |
| 33 return false; | 34 return false; |
| 34 } | 35 } |
| 35 | 36 |
| 36 CertificateList certs_in_file = | 37 CertificateList certs_in_file = |
| 37 X509Certificate::CreateCertificateListFromBytes( | 38 X509Certificate::CreateCertificateListFromBytes( |
| (...skipping 19 matching lines...) Expand all Loading... |
| 57 return false; | 58 return false; |
| 58 } | 59 } |
| 59 | 60 |
| 60 const uint8_t* p = reinterpret_cast<const uint8_t*>(key_data.data()); | 61 const uint8_t* p = reinterpret_cast<const uint8_t*>(key_data.data()); |
| 61 std::vector<uint8_t> input(p, p + key_data.size()); | 62 std::vector<uint8_t> input(p, p + key_data.size()); |
| 62 private_key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input)); | 63 private_key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input)); |
| 63 if (private_key_.get() == nullptr) { | 64 if (private_key_.get() == nullptr) { |
| 64 DLOG(FATAL) << "Unable to create private key."; | 65 DLOG(FATAL) << "Unable to create private key."; |
| 65 return false; | 66 return false; |
| 66 } | 67 } |
| 68 |
| 69 // Loading of the signed certificate timestamp is optional. |
| 70 if (sct_path.empty()) |
| 71 return true; |
| 72 |
| 73 if (!base::ReadFileToString(sct_path, &signed_certificate_timestamp_)) { |
| 74 DLOG(FATAL) << "Unable to read signed certificate timestamp."; |
| 75 return false; |
| 76 } |
| 77 |
| 67 return true; | 78 return true; |
| 68 } | 79 } |
| 69 | 80 |
| 70 bool ProofSourceChromium::GetProof(const IPAddressNumber& server_ip, | 81 bool ProofSourceChromium::GetProof(const IPAddressNumber& server_ip, |
| 71 const string& hostname, | 82 const string& hostname, |
| 72 const string& server_config, | 83 const string& server_config, |
| 73 bool ecdsa_ok, | 84 bool ecdsa_ok, |
| 74 const vector<string>** out_certs, | 85 const vector<string>** out_certs, |
| 75 string* out_signature) { | 86 string* out_signature, |
| 87 string* out_leaf_cert_sct) { |
| 76 DCHECK(private_key_.get()) << " this: " << this; | 88 DCHECK(private_key_.get()) << " this: " << this; |
| 77 | 89 |
| 78 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 90 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 79 crypto::ScopedEVP_MD_CTX sign_context(EVP_MD_CTX_create()); | 91 crypto::ScopedEVP_MD_CTX sign_context(EVP_MD_CTX_create()); |
| 80 EVP_PKEY_CTX* pkey_ctx; | 92 EVP_PKEY_CTX* pkey_ctx; |
| 81 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr, | 93 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr, |
| 82 private_key_->key()) || | 94 private_key_->key()) || |
| 83 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || | 95 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || |
| 84 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) || | 96 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) || |
| 85 !EVP_DigestSignUpdate(sign_context.get(), reinterpret_cast<const uint8*>( | 97 !EVP_DigestSignUpdate(sign_context.get(), reinterpret_cast<const uint8*>( |
| (...skipping 15 matching lines...) Expand all Loading... |
| 101 if (!EVP_DigestSignFinal(sign_context.get(), vector_as_array(&signature), | 113 if (!EVP_DigestSignFinal(sign_context.get(), vector_as_array(&signature), |
| 102 &len)) { | 114 &len)) { |
| 103 return false; | 115 return false; |
| 104 } | 116 } |
| 105 signature.resize(len); | 117 signature.resize(len); |
| 106 out_signature->assign(reinterpret_cast<const char*>(&signature[0]), | 118 out_signature->assign(reinterpret_cast<const char*>(&signature[0]), |
| 107 signature.size()); | 119 signature.size()); |
| 108 *out_certs = &certificates_; | 120 *out_certs = &certificates_; |
| 109 VLOG(1) << "signature: " | 121 VLOG(1) << "signature: " |
| 110 << base::HexEncode(out_signature->data(), out_signature->size()); | 122 << base::HexEncode(out_signature->data(), out_signature->size()); |
| 123 *out_leaf_cert_sct = signed_certificate_timestamp_; |
| 111 return true; | 124 return true; |
| 112 } | 125 } |
| 113 | 126 |
| 114 } // namespace net | 127 } // namespace net |
| OLD | NEW |