OpenSSL/NSS implementation of ProofVerfifier.

net/quic/crypto/proof_verifier_chromium.cc

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/quic/crypto/proof_verifier_chromium.h"
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/callback_helpers.h"
+#include "base/compiler_specific.h"
+#include "base/logging.h"
+#include "crypto/signature_verifier.h"
+#include "net/base/net_errors.h"
+#include "net/base/net_log.h"
+#include "net/cert/asn1_util.h"
+#include "net/cert/cert_status_flags.h"
+#include "net/cert/cert_verifier.h"
+#include "net/cert/cert_verify_result.h"
+#include "net/cert/single_request_cert_verifier.h"
+#include "net/cert/x509_certificate.h"
+#include "net/cert/x509_util.h"
+#include "net/quic/crypto/crypto_protocol.h"
+#include "net/ssl/ssl_config_service.h"
+
+using base::StringPiece;
+using std::string;
+using std::vector;
+
+namespace net {
+
+ProofVerifierChromium::ProofVerifierChromium(CertVerifier* cert_verifier)
+  : cert_verifier_(cert_verifier),
+    completed_cert_verification_(false),
+    server_cert_(NULL),
+    next_cert_state_(STATE_NONE) {
+}
+
+ProofVerifierChromium::~ProofVerifierChromium() {
+  verifier_.reset();
+
+  // Reset object state.
+  callback_.Reset();
+  server_cert_verify_result_.Reset();
+  completed_cert_verification_ = false;
+}
+
+int ProofVerifierChromium::VerifyProof(const string& hostname,
+                                       const string& server_config,
+                                       const vector<string>& certs,
+                                       const string& signature,
+                                       const CompletionCallback& callback,
+                                       string* error_details) {
+  // We call VerifySignature first to avoid copying of server_config data.

[wtc, 2013/06/24 22:36:56]

server_config => server_config and signature.

Remove "data".

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+  if (!VerifySignature(server_config, signature, certs[0])) {
+    *error_details = "Failed to verify signature of server config";
+    return ERR_FAILED;
+  }
+
+  hostname_ = hostname;
+  callback_ = callback;
+  completed_cert_verification_ = false;
+
+  int error = VerifyChain(certs);
+  if (error <= ERR_FAILED) {
+    *error_details = "Failed to verify certificate chain";
+    // TODO(rtenneti): do we need to save the original |error|?

[wtc, 2013/06/24 22:36:56]

I suggest saving the original |error| in string form in |*error_details|.
Something like:

    *error_details = "Failed to verify certificate chain: error " +
                     ErrorToString(error);
    error = ERR_FAILED;

But, this whole thing (lines 64-68) should be moved to DoVerifyCertComplete().

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+    error = ERR_FAILED;
+  }
+
+  return error;
+}
+
+int ProofVerifierChromium::VerifyChain(const vector<string>& certs) {
+  if (certs.empty()) {
+    DLOG(WARNING) << "certs are empty";
+    return ERR_FAILED;
+  }
+
+  // Convert certs to X509.

[wtc, 2013/06/24 22:36:56]

X509 => X509Certificate

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+  vector<StringPiece> v(certs.size());
+  for (unsigned i = 0; i < certs.size(); i++) {
+    v[i] = base::StringPiece(certs[i]);
+  }
+  server_cert_ = X509Certificate::CreateFromDERCertChain(v);
+  if (!server_cert_.get()) {
+    server_cert_verify_result_.Reset();
+    server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;
+    return ERR_FAILED;

[wtc, 2013/06/24 22:36:56]

ERR_FAILED => ERR_CERT_INVALID

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+  }
+
+  // Let's verify the certificate.
+  next_cert_state_ = STATE_VERIFY_CERT;
+  return DoVerifyCertLoop(OK);
+}
+
+int ProofVerifierChromium::DoVerifyCertLoop(int last_result) {
+  int rv = last_result;
+  do {
+    State state = next_cert_state_;
+    next_cert_state_ = STATE_NONE;
+    switch (state) {
+      case STATE_VERIFY_CERT:
+        DCHECK(rv == OK);
+        rv = DoVerifyCert(rv);
+        break;
+      case STATE_VERIFY_CERT_COMPLETE:
+        rv = DoVerifyCertComplete(rv);
+        break;
+      case STATE_NONE:
+      default:
+        rv = ERR_UNEXPECTED;
+        LOG(DFATAL) << "unexpected state " << state;
+        break;
+    }
+  } while (rv != ERR_IO_PENDING && next_cert_state_ != STATE_NONE);
+  return rv;
+}
+
+void ProofVerifierChromium::OnVerifyCertIOComplete(int result) {
+  int rv = DoVerifyCertLoop(result);
+  if (rv != ERR_IO_PENDING) {
+    // TODO(rtenneti): do we need to save the original |rv|?
+    base::ResetAndReturn(&callback_).Run(rv >= OK ? OK : ERR_FAILED);

[wtc, 2013/06/24 22:36:56]

We should pass just |rv| to Run(). The error code mapping should be done
in DoVerifyCertComplete().

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+  }
+}
+
+int ProofVerifierChromium::DoVerifyCert(int result) {
+  next_cert_state_ = STATE_VERIFY_CERT_COMPLETE;
+
+  // TODO(rtenneti): Are the following flags correct??

[wtc, 2013/06/24 22:36:56]

Let's start with the following:
  int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED |
              CertVerifier::VERIFY_CERT_IO_ENABLED;

[ramant (doing other things), 2013/06/28 19:16:56]

Done.

+  int flags = 0;
+  flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED;                              //
+  flags |= CertVerifier::VERIFY_EV_CERT;                                           //
+  flags |= CertVerifier::VERIFY_CERT_IO_ENABLED;
+  verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
+  return verifier_->Verify(
+      server_cert_.get(),
+      hostname_,
+      flags,
+      SSLConfigService::GetCRLSet().get(),
+      &server_cert_verify_result_,
+      base::Bind(&ProofVerifierChromium::OnVerifyCertIOComplete,
+                 base::Unretained(this)),
+      net_log_);
+}
+
+int ProofVerifierChromium::DoVerifyCertComplete(int result) {
+  verifier_.reset();
+
+  completed_cert_verification_ = true;
+
+  // Exit DoVerifyCertLoop and return the result to the caller to ProofVerify.
+  DCHECK_EQ(STATE_NONE, next_cert_state_);
+  return result;
+}
+
+// static
+bool ProofVerifierChromium::VerifySignature(const string& signed_data,
+                                       const string& signature,
+                                       const string& cert) {
+  StringPiece spki;
+  if (!asn1::ExtractSPKIFromDERCert(cert, &spki)) {
+    DLOG(WARNING) << "ExtractSPKIFromDERCert failed";
+    return false;
+  }
+
+  // We use the signature verifier to perform signature verification.
+  crypto::SignatureVerifier verifier;
+
+  // TODO(rtenneti): Define the algorithm ID for RSA_PKCS1_PSS_PADDING based on
+  // the cert.
+
+  // This is the algorithm ID for SHA-256 with EC encryption.
+  const uint8 kECDSAWithSHA256AlgorithmID[] = {
+    0x30, 0x0c,
+      0x06, 0x08,
+        0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
+      0x05, 0x00
+  };
+
+  if (!verifier.VerifyInit(
+          kECDSAWithSHA256AlgorithmID, sizeof(kECDSAWithSHA256AlgorithmID),
+          reinterpret_cast<const uint8*>(signature.data()),
+          signature.size(),
+          reinterpret_cast<const uint8*>(spki.data()),
+          spki.size())) {
+    DLOG(WARNING) << "VerifyInit failed";
+    return false;
+  }
+
+  verifier.VerifyUpdate(reinterpret_cast<const uint8*>(kProofSignatureLabel),
+                        sizeof(kProofSignatureLabel));
+  verifier.VerifyUpdate(reinterpret_cast<const uint8*>(signed_data.data()),
+                        signed_data.size());
+
+  if (!verifier.VerifyFinal()) {
+    DLOG(WARNING) << "VerifyFinal failed";
+    return false;
+  }
+
+  return true;
+}
+
+}  // namespace net