OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/common/extensions/api/networking_private/networking_private_cry
pto.h" | 5 #include "chrome/common/extensions/api/networking_private/networking_private_cry
pto.h" |
6 | 6 |
7 #include <openssl/digest.h> | 7 #include <openssl/digest.h> |
8 #include <openssl/evp.h> | 8 #include <openssl/evp.h> |
9 #include <openssl/rsa.h> | 9 #include <openssl/rsa.h> |
10 #include <openssl/x509.h> | 10 #include <openssl/x509.h> |
11 #include <stddef.h> | 11 #include <stddef.h> |
12 | 12 |
| 13 #include <memory> |
| 14 |
13 #include "base/logging.h" | 15 #include "base/logging.h" |
14 #include "base/memory/scoped_ptr.h" | |
15 #include "base/strings/string_util.h" | 16 #include "base/strings/string_util.h" |
16 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
17 #include "crypto/rsa_private_key.h" | 18 #include "crypto/rsa_private_key.h" |
18 #include "crypto/scoped_openssl_types.h" | 19 #include "crypto/scoped_openssl_types.h" |
19 #include "extensions/common/cast/cast_cert_validator.h" | 20 #include "extensions/common/cast/cast_cert_validator.h" |
20 #include "net/cert/pem_tokenizer.h" | 21 #include "net/cert/pem_tokenizer.h" |
21 | 22 |
22 namespace { | 23 namespace { |
23 | 24 |
24 namespace cast_crypto = ::extensions::api::cast_crypto; | 25 namespace cast_crypto = ::extensions::api::cast_crypto; |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
87 certs.push_back(ica_pem_tokenizer.data()); | 88 certs.push_back(ica_pem_tokenizer.data()); |
88 } else { | 89 } else { |
89 LOG(WARNING) << "Failed to parse intermediate certificates."; | 90 LOG(WARNING) << "Failed to parse intermediate certificates."; |
90 } | 91 } |
91 } | 92 } |
92 | 93 |
93 // Note that the device certificate's policy is not enforced here. The goal | 94 // Note that the device certificate's policy is not enforced here. The goal |
94 // is simply to verify that the device belongs to the Cast ecosystem. | 95 // is simply to verify that the device belongs to the Cast ecosystem. |
95 cast_crypto::CastDeviceCertPolicy unused_policy; | 96 cast_crypto::CastDeviceCertPolicy unused_policy; |
96 | 97 |
97 scoped_ptr<cast_crypto::CertVerificationContext> verification_context; | 98 std::unique_ptr<cast_crypto::CertVerificationContext> verification_context; |
98 if (!cast_crypto::VerifyDeviceCert(certs, time, &verification_context, | 99 if (!cast_crypto::VerifyDeviceCert(certs, time, &verification_context, |
99 &unused_policy)) { | 100 &unused_policy)) { |
100 LOG(ERROR) << kErrorPrefix << "Failed verifying cast device cert"; | 101 LOG(ERROR) << kErrorPrefix << "Failed verifying cast device cert"; |
101 return false; | 102 return false; |
102 } | 103 } |
103 | 104 |
104 // Check that the device listed in the certificate is correct. | 105 // Check that the device listed in the certificate is correct. |
105 // Something like evt_e161 001a11ffacdf | 106 // Something like evt_e161 001a11ffacdf |
106 std::string common_name = verification_context->GetCommonName(); | 107 std::string common_name = verification_context->GetCommonName(); |
107 std::string translated_mac; | 108 std::string translated_mac; |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
151 const std::vector<uint8_t>& encrypted_data, | 152 const std::vector<uint8_t>& encrypted_data, |
152 std::string* decrypted_output) { | 153 std::string* decrypted_output) { |
153 crypto::EnsureOpenSSLInit(); | 154 crypto::EnsureOpenSSLInit(); |
154 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 155 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
155 | 156 |
156 std::vector<uint8_t> private_key_data; | 157 std::vector<uint8_t> private_key_data; |
157 if (!GetDERFromPEM(private_key_pem, "PRIVATE KEY", &private_key_data)) { | 158 if (!GetDERFromPEM(private_key_pem, "PRIVATE KEY", &private_key_data)) { |
158 LOG(ERROR) << "Failed to parse private key PEM."; | 159 LOG(ERROR) << "Failed to parse private key PEM."; |
159 return false; | 160 return false; |
160 } | 161 } |
161 scoped_ptr<crypto::RSAPrivateKey> private_key( | 162 std::unique_ptr<crypto::RSAPrivateKey> private_key( |
162 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(private_key_data)); | 163 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(private_key_data)); |
163 if (!private_key || !private_key->key()) { | 164 if (!private_key || !private_key->key()) { |
164 LOG(ERROR) << "Failed to parse private key DER."; | 165 LOG(ERROR) << "Failed to parse private key DER."; |
165 return false; | 166 return false; |
166 } | 167 } |
167 | 168 |
168 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(private_key->key())); | 169 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(private_key->key())); |
169 if (!rsa || RSA_size(rsa.get()) == 0) { | 170 if (!rsa || RSA_size(rsa.get()) == 0) { |
170 LOG(ERROR) << "Failed to get RSA key."; | 171 LOG(ERROR) << "Failed to get RSA key."; |
171 return false; | 172 return false; |
172 } | 173 } |
173 | 174 |
174 uint8_t* output = reinterpret_cast<uint8_t*>( | 175 uint8_t* output = reinterpret_cast<uint8_t*>( |
175 base::WriteInto(decrypted_output, RSA_size(rsa.get()) + 1)); | 176 base::WriteInto(decrypted_output, RSA_size(rsa.get()) + 1)); |
176 int output_length = | 177 int output_length = |
177 RSA_private_decrypt(encrypted_data.size(), &encrypted_data[0], output, | 178 RSA_private_decrypt(encrypted_data.size(), &encrypted_data[0], output, |
178 rsa.get(), RSA_PKCS1_PADDING); | 179 rsa.get(), RSA_PKCS1_PADDING); |
179 if (output_length < 0) { | 180 if (output_length < 0) { |
180 LOG(ERROR) << "Error during decryption."; | 181 LOG(ERROR) << "Error during decryption."; |
181 return false; | 182 return false; |
182 } | 183 } |
183 decrypted_output->resize(output_length); | 184 decrypted_output->resize(output_length); |
184 return true; | 185 return true; |
185 } | 186 } |
186 | 187 |
187 } // namespace networking_private_crypto | 188 } // namespace networking_private_crypto |
OLD | NEW |