OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include <stdint.h> | |
6 | |
7 #include <memory> | |
8 | |
9 #include "base/base64.h" | |
10 #include "base/location.h" | |
11 #include "base/logging.h" | |
12 #include "base/strings/string_piece.h" | |
13 #include "crypto/openssl_util.h" | |
14 #include "crypto/rsa_private_key.h" | |
15 #include "net/base/keygen_handler.h" | |
16 #include "net/base/openssl_private_key_store.h" | |
17 #include "third_party/boringssl/src/include/openssl/bytestring.h" | |
18 #include "third_party/boringssl/src/include/openssl/digest.h" | |
19 #include "third_party/boringssl/src/include/openssl/evp.h" | |
20 #include "third_party/boringssl/src/include/openssl/mem.h" | |
21 | |
22 namespace net { | |
23 | |
24 std::string KeygenHandler::GenKeyAndSignChallenge() { | |
25 std::unique_ptr<crypto::RSAPrivateKey> key( | |
26 crypto::RSAPrivateKey::Create(key_size_in_bits_)); | |
27 EVP_PKEY* pkey = key->key(); | |
28 | |
29 if (stores_key_) | |
30 OpenSSLPrivateKeyStore::StoreKeyPair(url_, pkey); | |
31 | |
32 // Serialize the following structure, from | |
33 // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen. | |
34 // | |
35 // PublicKeyAndChallenge ::= SEQUENCE { | |
36 // spki SubjectPublicKeyInfo, | |
37 // challenge IA5STRING | |
38 // } | |
39 // | |
40 // SignedPublicKeyAndChallenge ::= SEQUENCE { | |
41 // publicKeyAndChallenge PublicKeyAndChallenge, | |
42 // signatureAlgorithm AlgorithmIdentifier, | |
43 // signature BIT STRING | |
44 // } | |
45 // | |
46 // The signature is over the PublicKeyAndChallenge. | |
47 | |
48 // TODO(davidben): If we gain another consumer, factor this code out into | |
49 // shared logic, sharing OID definitions with the verifier, to support signing | |
50 // other X.509-style structures. | |
51 | |
52 crypto::OpenSSLErrStackTracer tracer(FROM_HERE); | |
53 | |
54 // Serialize up to the PublicKeyAndChallenge. | |
55 bssl::ScopedCBB cbb; | |
56 CBB spkac, public_key_and_challenge, challenge; | |
57 if (!CBB_init(cbb.get(), 0) || | |
58 !CBB_add_asn1(cbb.get(), &spkac, CBS_ASN1_SEQUENCE) || | |
59 !CBB_add_asn1(&spkac, &public_key_and_challenge, CBS_ASN1_SEQUENCE) || | |
60 !EVP_marshal_public_key(&public_key_and_challenge, pkey) || | |
61 !CBB_add_asn1(&public_key_and_challenge, &challenge, | |
62 CBS_ASN1_IA5STRING) || | |
63 !CBB_add_bytes(&challenge, | |
64 reinterpret_cast<const uint8_t*>(challenge_.data()), | |
65 challenge_.size()) || | |
66 !CBB_flush(&spkac)) { | |
67 return std::string(); | |
68 } | |
69 | |
70 // Hash what's been written so far. | |
71 bssl::ScopedEVP_MD_CTX ctx; | |
72 if (!EVP_DigestSignInit(ctx.get(), nullptr, EVP_md5(), nullptr, pkey) || | |
73 !EVP_DigestSignUpdate(ctx.get(), CBB_data(&spkac), CBB_len(&spkac))) { | |
74 return std::string(); | |
75 } | |
76 | |
77 // The DER encoding of 1.2.840.113549.1.1.4, MD5 with RSA encryption. | |
78 static const uint8_t kMd5WithRsaEncryption[] = { | |
79 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, | |
80 }; | |
81 | |
82 // Write the signatureAlgorithm. | |
83 CBB algorithm, oid, null; | |
84 if (!CBB_add_asn1(&spkac, &algorithm, CBS_ASN1_SEQUENCE) || | |
85 !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) || | |
86 !CBB_add_bytes(&oid, kMd5WithRsaEncryption, | |
87 sizeof(kMd5WithRsaEncryption)) || | |
88 !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL)) { | |
89 return std::string(); | |
90 } | |
91 | |
92 // Compute and write the signature. Note that X.509 signatures, although | |
93 // always byte strings for RSA, are encoded as BIT STRINGS with a multiple of | |
94 // 8 bits. | |
95 CBB sig_bitstring; | |
96 uint8_t* sig; | |
97 size_t sig_len; | |
98 if (!CBB_add_asn1(&spkac, &sig_bitstring, CBS_ASN1_BITSTRING) || | |
99 !CBB_add_u8(&sig_bitstring, 0 /* no unused bits */) || | |
100 // Determine the maximum length of the signature. | |
101 !EVP_DigestSignFinal(ctx.get(), nullptr, &sig_len) || | |
102 // Reserve |sig_len| bytes and write the signature to |spkac|. | |
103 !CBB_reserve(&sig_bitstring, &sig, sig_len) || | |
104 !EVP_DigestSignFinal(ctx.get(), sig, &sig_len) || | |
105 !CBB_did_write(&sig_bitstring, sig_len)) { | |
106 return std::string(); | |
107 } | |
108 | |
109 // Finally, the structure is base64-encoded. | |
110 uint8_t* der; | |
111 size_t der_len; | |
112 if (!CBB_finish(cbb.get(), &der, &der_len)) { | |
113 return std::string(); | |
114 } | |
115 std::string result; | |
116 base::Base64Encode( | |
117 base::StringPiece(reinterpret_cast<const char*>(der), der_len), &result); | |
118 OPENSSL_free(der); | |
119 return result; | |
120 } | |
121 | |
122 } // namespace net | |
OLD | NEW |