Implement crypto signature verification routines using OpenSSL.

extensions/browser/api/cast_channel/cast_auth_util_openssl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/cast_channel/cast_auth_util.h"
 
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+#include <stddef.h>
+
 #include "base/logging.h"
+#include "base/strings/stringprintf.h"
+#include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
+#include "extensions/browser/api/cast_channel/cast_auth_ica.h"
+#include "extensions/browser/api/cast_channel/cast_message_util.h"
+#include "extensions/common/api/cast_channel/cast_channel.pb.h"
+#include "net/cert/x509_certificate.h"
+#include "net/cert/x509_util_openssl.h"
 
 namespace extensions {
 namespace core_api {
 namespace cast_channel {
+namespace {
 
-AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
-                                      const std::string& peer_cert) {
-  NOTREACHED();
+typedef crypto::ScopedOpenSSL<X509, X509_free>::Type ScopedX509;
+
+std::vector<std::pair<std::string, int>> GetOpenSSLErrors() {
+  const char* filename;
+  int line_num;
+  std::vector<std::pair<std::string, int>> output;
+  while (ERR_get_error_line(&filename, &line_num) != 0)  {

[mark a. foltz, 2014/10/31 22:29:25]

Do we want to capture the return value from this to get the packed_error integer
from OpenSSL?

Even better, there are routines in err.c to turn them into human readable
strings, which would probably help us understand what happened.

https://code.google.com/p/chromium/codesearch#chromium/src/third_party/boring...

[davidben, 2014/11/01 00:19:34]

Please do not use ERR_error_string and use ERR_error_string_n instead.
ERR_error_string is not thread-safe. (On that note, I should excise its use from
net...)

[Kevin M, 2014/11/03 18:35:57]

? The code is calling ERR_get_error_line(), which does not have a deprecation
notice in err.h? Does it also have thread safety issues?

[davidben, 2014/11/03 19:01:50]

Nah, that was fine. Sorry, I was referring to the codesearch link. Although,
reading it again, it's specifically the buf == NULL case that's a problem.
(Though ERR_error_string_n is better for being explicit.)

+    output.push_back(std::make_pair(filename, line_num));
+  }
+  return output;
+}
+
+}  // namespace
+
+// This function does the following
+// * Verifies that the trusted CA |response.intermediate_certificate| is
+//   whitelisted for use.
+// * Verifies that |response.client_auth_certificate| is signed
+//   by the trusted CA certificate.
+// * Verifies that |response.signature| matches the signature
+//   of |peer_cert| by |response.client_auth_certificate|'s public
+//   key.
+AuthResult VerifyCredentials(const AuthResponse& response,
+                             const std::string& peer_cert) {
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+  // Get the public key of the ICA that was used to sign the client's cert.
+  base::StringPiece ca_public_key_bytes;
+  if (response.intermediate_certificate().size() <= 0) {
+    ca_public_key_bytes = GetDefaultTrustedICAPublicKey();
+  } else {
+    ca_public_key_bytes =
+        GetTrustedICAPublicKey(response.intermediate_certificate(0));
+    if (ca_public_key_bytes.empty()) {
+      LOG(ERROR) << "Couldn't find trusted ICA.";
+      return AuthResult::CreateWithOpenSSLErrors(
+          "failed to verify credentials: cert not signed by trusted CA",
+          AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,
+          GetOpenSSLErrors());
+    }
+  }
+
+  // Parse the CA public key.
+  const uint8_t* ca_ptr =
+      reinterpret_cast<const uint8_t*>(ca_public_key_bytes.data());
+  const uint8_t* ca_public_key_end = ca_ptr + ca_public_key_bytes.size();
+  crypto::ScopedRSA ca_public_key_rsa(
+      d2i_RSAPublicKey(NULL, &ca_ptr, ca_public_key_bytes.size()));
+  if (!ca_public_key_rsa || ca_ptr != ca_public_key_end) {
+    LOG(ERROR) << "Failed to import trusted public key.";
+    return AuthResult::CreateWithOpenSSLErrors(
+        "failed to import trusted public key.",
+        AuthResult::ERROR_CERT_PARSING_FAILED,
+        GetOpenSSLErrors());
+  }
+  crypto::ScopedEVP_PKEY ca_public_key(EVP_PKEY_new());
+  if (!ca_public_key ||
+      !EVP_PKEY_set1_RSA(ca_public_key.get(), ca_public_key_rsa.get())) {
+    LOG(ERROR) << "Failed to initialize EVP_PKEY";
+    return AuthResult::CreateWithOpenSSLErrors(
+        "failed to initialize EVP_PKEY.",
+        AuthResult::ERROR_CANNOT_EXTRACT_PUBLIC_KEY,
+        GetOpenSSLErrors());
+  }
+
+  // Parse the client auth certificate.
+  const uint8_t* client_cert_ptr = reinterpret_cast<const uint8_t*>(
+      response.client_auth_certificate().data());
+  const uint8_t* client_cert_end =
+      client_cert_ptr +
+      response.client_auth_certificate().size();
+  const ScopedX509 client_cert(
+      d2i_X509(NULL, &client_cert_ptr,
+               response.client_auth_certificate().size()));
+  if (!client_cert || client_cert_ptr != client_cert_end) {
+    LOG(ERROR) << "Failed to parse certificate.";
+    return AuthResult::CreateWithOpenSSLErrors(
+        "failed to parse client_auth_certificate.",
+        AuthResult::ERROR_CERT_PARSING_FAILED,
+        GetOpenSSLErrors());
+  }
+
+  // Verify that the client auth certificate was signed by a trusted CA.
+  if (X509_verify(client_cert.get(), ca_public_key.get()) <= 0) {
+    LOG(ERROR) << "Certificate is not issued by a trusted CA.";
+      return AuthResult::CreateWithOpenSSLErrors(
+          "cert not signed by trusted CA",
+          AuthResult::ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,
+          GetOpenSSLErrors());
+  }
+
+  // Get the client auth certificate's public key.
+  const crypto::ScopedEVP_PKEY client_public_key(
+      X509_get_pubkey(client_cert.get()));
+  const int client_public_key_type = EVP_PKEY_id(client_public_key.get());
+  if (client_public_key_type != EVP_PKEY_RSA) {
+    LOG(ERROR) << "Expected RSA key type for client certificate, got "
+               << client_public_key_type << " instead.";
+    return AuthResult::CreateWithOpenSSLErrors(
+        "couldn't extract public_key from client cert.",
+        AuthResult::ERROR_CANNOT_EXTRACT_PUBLIC_KEY,
+        GetOpenSSLErrors());
+  }
+
+  // Check that the SSL peer certificate was signed using the client's public
+  // key.
+  const crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
+  if (!ctx) {

[davidben, 2014/11/01 00:19:35]

135 through 150 can be coalesced into one block now that you're capturing all
the errors anyway.

[Kevin M, 2014/11/03 19:41:55]

Done.

+    LOG(ERROR) << "Unable to allocate EVP_MD_CTX.";
+    return AuthResult::CreateWithOpenSSLErrors(
+        "unable to allocate EVP_MD_CTX.",
+        AuthResult::ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT,
+        GetOpenSSLErrors());
+  }
+  if (!EVP_DigestVerifyInit(ctx.get(), NULL, EVP_sha1(), NULL,
+                            client_public_key.get())) {
+    LOG(ERROR) << "EVP_DigestVerifyInit failed.";
+    return AuthResult::CreateWithOpenSSLErrors(
+        "EVP_DigestVerifyInit failed.",
+        AuthResult::ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT,
+        GetOpenSSLErrors());
+  }
+  if (!EVP_DigestVerifyUpdate(ctx.get(), peer_cert.data(), peer_cert.size())) {
+    LOG(ERROR) << "EVP_DigestVerifyUpdate failed.";
+    return AuthResult::CreateWithOpenSSLErrors(
+        "EVP_DigestVerifyUpdate failed.",
+        AuthResult::ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT,
+        GetOpenSSLErrors());
+  }
+  const std::string& signature = response.signature();
+  if (!EVP_DigestVerifyFinal(
+          ctx.get(),
+          reinterpret_cast<uint8_t*>(const_cast<char*>(signature.data())),
+          signature.size())) {
+    return AuthResult::CreateWithOpenSSLErrors(
+        "payload verification failed.",
+        AuthResult::ERROR_SIGNED_BLOBS_MISMATCH,
+        GetOpenSSLErrors());
+  }
+
   return AuthResult();
 }
 
 }  // namespace cast_channel
 }  // namespace core_api
 }  // namespace extensions