| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/sha256_legacy_support_win.h" | 5 #include "net/cert/sha256_legacy_support_win.h" |
| 6 | 6 |
| 7 #include <cert.h> | |
| 8 #include <keyhi.h> | |
| 9 #include <secoid.h> | |
| 10 | |
| 11 #include "base/lazy_instance.h" | |
| 12 #include "base/logging.h" | |
| 13 #include "base/strings/string_piece.h" | |
| 14 #include "base/win/windows_version.h" | |
| 15 #include "crypto/scoped_nss_types.h" | |
| 16 | |
| 17 namespace net { | 7 namespace net { |
| 18 | 8 |
| 19 namespace sha256_interception { | 9 namespace sha256_interception { |
| 20 | 10 |
| 21 namespace { | |
| 22 | |
| 23 bool IsSupportedSubjectType(DWORD subject_type) { | 11 bool IsSupportedSubjectType(DWORD subject_type) { |
| 24 switch (subject_type) { | 12 switch (subject_type) { |
| 25 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB: | 13 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB: |
| 26 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT: | 14 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT: |
| 27 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL: | 15 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL: |
| 28 return true; | 16 return true; |
| 29 } | 17 } |
| 30 return false; | 18 return false; |
| 31 } | 19 } |
| 32 | 20 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 79 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: { | 67 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: { |
| 80 PCCERT_CHAIN_CONTEXT chain = | 68 PCCERT_CHAIN_CONTEXT chain = |
| 81 reinterpret_cast<PCCERT_CHAIN_CONTEXT>(issuer_data); | 69 reinterpret_cast<PCCERT_CHAIN_CONTEXT>(issuer_data); |
| 82 PCCERT_CONTEXT cert = chain->rgpChain[0]->rgpElement[0]->pCertContext; | 70 PCCERT_CONTEXT cert = chain->rgpChain[0]->rgpElement[0]->pCertContext; |
| 83 return &cert->pCertInfo->SubjectPublicKeyInfo; | 71 return &cert->pCertInfo->SubjectPublicKeyInfo; |
| 84 } | 72 } |
| 85 } | 73 } |
| 86 return NULL; | 74 return NULL; |
| 87 } | 75 } |
| 88 | 76 |
| 89 } // namespace | |
| 90 | |
| 91 BOOL CryptVerifyCertificateSignatureExHook( | |
| 92 CryptVerifyCertificateSignatureExFunc original_func, | |
| 93 HCRYPTPROV_LEGACY provider, | |
| 94 DWORD encoding_type, | |
| 95 DWORD subject_type, | |
| 96 void* subject_data, | |
| 97 DWORD issuer_type, | |
| 98 void* issuer_data, | |
| 99 DWORD flags, | |
| 100 void* extra) { | |
| 101 CHECK(original_func); | |
| 102 | |
| 103 // Only intercept if the arguments are supported. | |
| 104 if (provider != NULL || (encoding_type != X509_ASN_ENCODING) || | |
| 105 !IsSupportedSubjectType(subject_type) || subject_data == NULL || | |
| 106 !IsSupportedIssuerType(issuer_type) || issuer_data == NULL) { | |
| 107 return original_func(provider, encoding_type, subject_type, subject_data, | |
| 108 issuer_type, issuer_data, flags, extra); | |
| 109 } | |
| 110 | |
| 111 base::StringPiece subject_signature = | |
| 112 GetSubjectSignature(subject_type, subject_data); | |
| 113 bool should_intercept = false; | |
| 114 | |
| 115 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); | |
| 116 CERTSignedData signed_data; | |
| 117 memset(&signed_data, 0, sizeof(signed_data)); | |
| 118 | |
| 119 // Attempt to decode the subject using the generic "Signed Data" template, | |
| 120 // which all of the supported subject types match. If the signature | |
| 121 // algorithm is RSA with one of the SHA-2 algorithms supported by NSS | |
| 122 // (excluding SHA-224, which is pointless), then defer to the NSS | |
| 123 // implementation. Otherwise, fall back and let the OS handle it (e.g. | |
| 124 // in case there are any algorithm policies in effect). | |
| 125 if (!subject_signature.empty()) { | |
| 126 SECItem subject_sig_item; | |
| 127 subject_sig_item.data = const_cast<unsigned char*>( | |
| 128 reinterpret_cast<const unsigned char*>(subject_signature.data())); | |
| 129 subject_sig_item.len = subject_signature.size(); | |
| 130 SECStatus rv = SEC_QuickDERDecodeItem( | |
| 131 arena.get(), &signed_data, SEC_ASN1_GET(CERT_SignedDataTemplate), | |
| 132 &subject_sig_item); | |
| 133 if (rv == SECSuccess) { | |
| 134 SECOidTag signature_alg = | |
| 135 SECOID_GetAlgorithmTag(&signed_data.signatureAlgorithm); | |
| 136 if (signature_alg == SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION || | |
| 137 signature_alg == SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION || | |
| 138 signature_alg == SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION) { | |
| 139 should_intercept = true; | |
| 140 } | |
| 141 } | |
| 142 } | |
| 143 | |
| 144 if (!should_intercept) { | |
| 145 return original_func(provider, encoding_type, subject_type, subject_data, | |
| 146 issuer_type, issuer_data, flags, extra); | |
| 147 } | |
| 148 | |
| 149 // Rather than attempting to synthesize a CERTSubjectPublicKeyInfo by hand, | |
| 150 // just force the OS to do an ASN.1 encoding and then decode it back into | |
| 151 // NSS. This is silly for performance, but safest for consistency. | |
| 152 PCERT_PUBLIC_KEY_INFO issuer_public_key = | |
| 153 GetIssuerPublicKey(issuer_type, issuer_data); | |
| 154 if (!issuer_public_key) { | |
| 155 SetLastError(static_cast<DWORD>(NTE_BAD_ALGID)); | |
| 156 return FALSE; | |
| 157 } | |
| 158 | |
| 159 unsigned char* issuer_spki_data = NULL; | |
| 160 DWORD issuer_spki_len = 0; | |
| 161 if (!CryptEncodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, | |
| 162 issuer_public_key, CRYPT_ENCODE_ALLOC_FLAG, NULL, | |
| 163 &issuer_spki_data, &issuer_spki_len)) { | |
| 164 return FALSE; | |
| 165 } | |
| 166 | |
| 167 SECItem nss_issuer_spki; | |
| 168 nss_issuer_spki.data = issuer_spki_data; | |
| 169 nss_issuer_spki.len = issuer_spki_len; | |
| 170 CERTSubjectPublicKeyInfo* spki = | |
| 171 SECKEY_DecodeDERSubjectPublicKeyInfo(&nss_issuer_spki); | |
| 172 ::LocalFree(issuer_spki_data); | |
| 173 if (!spki) { | |
| 174 SetLastError(static_cast<DWORD>(NTE_BAD_ALGID)); | |
| 175 return FALSE; | |
| 176 } | |
| 177 | |
| 178 // Attempt to actually verify the signed data. If it fails, synthesize the | |
| 179 // failure as a generic "bad signature" and let CryptoAPI handle the rest. | |
| 180 SECStatus rv = CERT_VerifySignedDataWithPublicKeyInfo( | |
| 181 &signed_data, spki, NULL); | |
| 182 SECKEY_DestroySubjectPublicKeyInfo(spki); | |
| 183 if (rv != SECSuccess) { | |
| 184 SetLastError(static_cast<DWORD>(NTE_BAD_SIGNATURE)); | |
| 185 return FALSE; | |
| 186 } | |
| 187 return TRUE; | |
| 188 } | |
| 189 | |
| 190 } // namespace sha256_interception | 77 } // namespace sha256_interception |
| 191 | 78 |
| 192 } // namespace net | 79 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 687833002:
Get net_unittests working on Windows BoringSSL port. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@wincrypt