| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/quic/crypto/proof_source_chromium.h" | |
| 6 | |
| 7 #include <openssl/digest.h> | |
| 8 #include <openssl/evp.h> | |
| 9 #include <openssl/rsa.h> | |
| 10 | |
| 11 #include "base/strings/string_number_conversions.h" | |
| 12 #include "crypto/openssl_util.h" | |
| 13 #include "net/quic/crypto/crypto_protocol.h" | |
| 14 #include "net/ssl/scoped_openssl_types.h" | |
| 15 | |
| 16 using std::string; | |
| 17 using std::vector; | |
| 18 | |
| 19 namespace net { | |
| 20 | |
| 21 ProofSourceChromium::ProofSourceChromium() {} | |
| 22 | |
| 23 ProofSourceChromium::~ProofSourceChromium() {} | |
| 24 | |
| 25 bool ProofSourceChromium::Initialize(const base::FilePath& cert_path, | |
| 26 const base::FilePath& key_path, | |
| 27 const base::FilePath& sct_path) { | |
| 28 crypto::EnsureOpenSSLInit(); | |
| 29 | |
| 30 std::string cert_data; | |
| 31 if (!base::ReadFileToString(cert_path, &cert_data)) { | |
| 32 DLOG(FATAL) << "Unable to read certificates."; | |
| 33 return false; | |
| 34 } | |
| 35 | |
| 36 CertificateList certs_in_file = | |
| 37 X509Certificate::CreateCertificateListFromBytes( | |
| 38 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | |
| 39 | |
| 40 if (certs_in_file.empty()) { | |
| 41 DLOG(FATAL) << "No certificates."; | |
| 42 return false; | |
| 43 } | |
| 44 | |
| 45 vector<string> certs; | |
| 46 for (const scoped_refptr<X509Certificate>& cert : certs_in_file) { | |
| 47 std::string der_encoded_cert; | |
| 48 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), | |
| 49 &der_encoded_cert)) { | |
| 50 return false; | |
| 51 } | |
| 52 certs.push_back(der_encoded_cert); | |
| 53 } | |
| 54 chain_ = new ProofSource::Chain(certs); | |
| 55 | |
| 56 std::string key_data; | |
| 57 if (!base::ReadFileToString(key_path, &key_data)) { | |
| 58 DLOG(FATAL) << "Unable to read key."; | |
| 59 return false; | |
| 60 } | |
| 61 | |
| 62 const uint8_t* p = reinterpret_cast<const uint8_t*>(key_data.data()); | |
| 63 std::vector<uint8_t> input(p, p + key_data.size()); | |
| 64 private_key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input)); | |
| 65 if (private_key_.get() == nullptr) { | |
| 66 DLOG(FATAL) << "Unable to create private key."; | |
| 67 return false; | |
| 68 } | |
| 69 | |
| 70 // Loading of the signed certificate timestamp is optional. | |
| 71 if (sct_path.empty()) | |
| 72 return true; | |
| 73 | |
| 74 if (!base::ReadFileToString(sct_path, &signed_certificate_timestamp_)) { | |
| 75 DLOG(FATAL) << "Unable to read signed certificate timestamp."; | |
| 76 return false; | |
| 77 } | |
| 78 | |
| 79 return true; | |
| 80 } | |
| 81 | |
| 82 bool ProofSourceChromium::GetProof(const IPAddress& server_ip, | |
| 83 const string& hostname, | |
| 84 const string& server_config, | |
| 85 QuicVersion quic_version, | |
| 86 base::StringPiece chlo_hash, | |
| 87 bool ecdsa_ok, | |
| 88 scoped_refptr<ProofSource::Chain>* out_chain, | |
| 89 string* out_signature, | |
| 90 string* out_leaf_cert_sct) { | |
| 91 DCHECK(private_key_.get()) << " this: " << this; | |
| 92 | |
| 93 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
| 94 crypto::ScopedEVP_MD_CTX sign_context(EVP_MD_CTX_create()); | |
| 95 EVP_PKEY_CTX* pkey_ctx; | |
| 96 | |
| 97 if (quic_version > QUIC_VERSION_30) { | |
| 98 uint32_t len = chlo_hash.length(); | |
| 99 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), | |
| 100 nullptr, private_key_->key()) || | |
| 101 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || | |
| 102 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) || | |
| 103 !EVP_DigestSignUpdate( | |
| 104 sign_context.get(), | |
| 105 reinterpret_cast<const uint8_t*>(kProofSignatureLabel), | |
| 106 sizeof(kProofSignatureLabel)) || | |
| 107 !EVP_DigestSignUpdate(sign_context.get(), | |
| 108 reinterpret_cast<const uint8_t*>(&len), | |
| 109 sizeof(len)) || | |
| 110 !EVP_DigestSignUpdate( | |
| 111 sign_context.get(), | |
| 112 reinterpret_cast<const uint8_t*>(chlo_hash.data()), len) || | |
| 113 !EVP_DigestSignUpdate( | |
| 114 sign_context.get(), | |
| 115 reinterpret_cast<const uint8_t*>(server_config.data()), | |
| 116 server_config.size())) { | |
| 117 return false; | |
| 118 } | |
| 119 } else if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), | |
| 120 nullptr, private_key_->key()) || | |
| 121 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || | |
| 122 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) || | |
| 123 !EVP_DigestSignUpdate( | |
| 124 sign_context.get(), | |
| 125 reinterpret_cast<const uint8_t*>(kProofSignatureLabelOld), | |
| 126 sizeof(kProofSignatureLabelOld)) || | |
| 127 !EVP_DigestSignUpdate( | |
| 128 sign_context.get(), | |
| 129 reinterpret_cast<const uint8_t*>(server_config.data()), | |
| 130 server_config.size())) { | |
| 131 return false; | |
| 132 } | |
| 133 | |
| 134 // Determine the maximum length of the signature. | |
| 135 size_t len = 0; | |
| 136 if (!EVP_DigestSignFinal(sign_context.get(), nullptr, &len)) { | |
| 137 return false; | |
| 138 } | |
| 139 std::vector<uint8_t> signature(len); | |
| 140 // Sign it. | |
| 141 if (!EVP_DigestSignFinal(sign_context.get(), signature.data(), &len)) { | |
| 142 return false; | |
| 143 } | |
| 144 signature.resize(len); | |
| 145 out_signature->assign(reinterpret_cast<const char*>(signature.data()), | |
| 146 signature.size()); | |
| 147 *out_chain = chain_; | |
| 148 VLOG(1) << "signature: " | |
| 149 << base::HexEncode(out_signature->data(), out_signature->size()); | |
| 150 *out_leaf_cert_sct = signed_certificate_timestamp_; | |
| 151 return true; | |
| 152 } | |
| 153 | |
| 154 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1916463002:
Rename _openssl files in net/quic/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master