| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/cert/ct_objects_extractor.h" | |
| 6 | |
| 7 #include <cert.h> | |
| 8 #include <secasn1.h> | |
| 9 #include <secitem.h> | |
| 10 #include <secoid.h> | |
| 11 | |
| 12 #include "base/lazy_instance.h" | |
| 13 #include "base/sha1.h" | |
| 14 #include "crypto/scoped_nss_types.h" | |
| 15 #include "crypto/sha2.h" | |
| 16 #include "net/cert/asn1_util.h" | |
| 17 #include "net/cert/scoped_nss_types.h" | |
| 18 #include "net/cert/signed_certificate_timestamp.h" | |
| 19 | |
| 20 namespace net { | |
| 21 | |
| 22 namespace ct { | |
| 23 | |
| 24 namespace { | |
| 25 | |
| 26 // NSS black magic to get the address of externally defined template at runtime. | |
| 27 SEC_ASN1_MKSUB(SEC_IntegerTemplate) | |
| 28 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) | |
| 29 SEC_ASN1_MKSUB(SEC_GeneralizedTimeTemplate) | |
| 30 SEC_ASN1_MKSUB(CERT_SequenceOfCertExtensionTemplate) | |
| 31 | |
| 32 // Wrapper class to convert a X509Certificate::OSCertHandle directly | |
| 33 // into a CERTCertificate* usable with other NSS functions. This is used for | |
| 34 // platforms where X509Certificate::OSCertHandle refers to a different type | |
| 35 // than a CERTCertificate*. | |
| 36 struct NSSCertWrapper { | |
| 37 explicit NSSCertWrapper(X509Certificate::OSCertHandle cert_handle); | |
| 38 ~NSSCertWrapper() {} | |
| 39 | |
| 40 ScopedCERTCertificate cert; | |
| 41 }; | |
| 42 | |
| 43 NSSCertWrapper::NSSCertWrapper(X509Certificate::OSCertHandle cert_handle) { | |
| 44 #if defined(USE_NSS) | |
| 45 cert.reset(CERT_DupCertificate(cert_handle)); | |
| 46 #else | |
| 47 SECItem der_cert; | |
| 48 std::string der_data; | |
| 49 if (!X509Certificate::GetDEREncoded(cert_handle, &der_data)) | |
| 50 return; | |
| 51 der_cert.data = | |
| 52 reinterpret_cast<unsigned char*>(const_cast<char*>(der_data.data())); | |
| 53 der_cert.len = der_data.size(); | |
| 54 | |
| 55 // Note: CERT_NewTempCertificate may return NULL if the certificate | |
| 56 // shares a serial number with another cert issued by the same CA, | |
| 57 // which is not supposed to happen. | |
| 58 cert.reset(CERT_NewTempCertificate( | |
| 59 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE)); | |
| 60 #endif | |
| 61 DCHECK(cert.get() != NULL); | |
| 62 } | |
| 63 | |
| 64 // The wire form of the OID 1.3.6.1.4.1.11129.2.4.2. See Section 3.3 of | |
| 65 // RFC6962. | |
| 66 const unsigned char kEmbeddedSCTOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01, | |
| 67 0xD6, 0x79, 0x02, 0x04, 0x02}; | |
| 68 const char kEmbeddedSCTDescription[] = | |
| 69 "X.509v3 Certificate Transparency Embedded Signed Certificate Timestamp " | |
| 70 "List"; | |
| 71 | |
| 72 // The wire form of the OID 1.3.6.1.4.1.11129.2.4.5 - OCSP SingleExtension for | |
| 73 // X.509v3 Certificate Transparency Signed Certificate Timestamp List, see | |
| 74 // Section 3.3 of RFC6962. | |
| 75 const unsigned char kOCSPExtensionOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01, | |
| 76 0xD6, 0x79, 0x02, 0x04, 0x05}; | |
| 77 | |
| 78 const SECItem kOCSPExtensionOidItem = { | |
| 79 siBuffer, const_cast<unsigned char*>(kOCSPExtensionOid), | |
| 80 sizeof(kOCSPExtensionOid) | |
| 81 }; | |
| 82 | |
| 83 // id-ad-ocsp: 1.3.6.1.5.5.7.48.1.1 | |
| 84 const unsigned char kBasicOCSPResponseOid[] = {0x2B, 0x06, 0x01, 0x05, 0x05, | |
| 85 0x07, 0x30, 0x01, 0x01}; | |
| 86 | |
| 87 const SECItem kBasicOCSPResponseOidItem = { | |
| 88 siBuffer, const_cast<unsigned char*>(kBasicOCSPResponseOid), | |
| 89 sizeof(kBasicOCSPResponseOid) | |
| 90 }; | |
| 91 | |
| 92 | |
| 93 // Initializes the necessary NSS internals for use with Certificate | |
| 94 // Transparency. | |
| 95 class CTInitSingleton { | |
| 96 public: | |
| 97 SECOidTag embedded_oid() const { return embedded_oid_; } | |
| 98 | |
| 99 private: | |
| 100 friend struct base::DefaultLazyInstanceTraits<CTInitSingleton>; | |
| 101 | |
| 102 CTInitSingleton() : embedded_oid_(SEC_OID_UNKNOWN) { | |
| 103 embedded_oid_ = RegisterOid( | |
| 104 kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid), kEmbeddedSCTDescription); | |
| 105 } | |
| 106 | |
| 107 ~CTInitSingleton() {} | |
| 108 | |
| 109 SECOidTag RegisterOid(const unsigned char* oid, | |
| 110 unsigned int oid_len, | |
| 111 const char* description) { | |
| 112 SECOidData oid_data; | |
| 113 oid_data.oid.len = oid_len; | |
| 114 oid_data.oid.data = const_cast<unsigned char*>(oid); | |
| 115 oid_data.offset = SEC_OID_UNKNOWN; | |
| 116 oid_data.desc = description; | |
| 117 oid_data.mechanism = CKM_INVALID_MECHANISM; | |
| 118 // Setting this to SUPPORTED_CERT_EXTENSION ensures that if a certificate | |
| 119 // contains this extension with the critical bit set, NSS will not reject | |
| 120 // it. However, because verification of this extension happens after NSS, | |
| 121 // it is currently left as INVALID_CERT_EXTENSION. | |
| 122 oid_data.supportedExtension = INVALID_CERT_EXTENSION; | |
| 123 | |
| 124 SECOidTag result = SECOID_AddEntry(&oid_data); | |
| 125 CHECK_NE(SEC_OID_UNKNOWN, result); | |
| 126 | |
| 127 return result; | |
| 128 } | |
| 129 | |
| 130 SECOidTag embedded_oid_; | |
| 131 | |
| 132 DISALLOW_COPY_AND_ASSIGN(CTInitSingleton); | |
| 133 }; | |
| 134 | |
| 135 base::LazyInstance<CTInitSingleton>::Leaky g_ct_singleton = | |
| 136 LAZY_INSTANCE_INITIALIZER; | |
| 137 | |
| 138 // Obtains the data for an X.509v3 certificate extension identified by |oid| | |
| 139 // and encoded as an OCTET STRING. Returns true if the extension was found in | |
| 140 // the certificate, updating |ext_data| to be the extension data after removing | |
| 141 // the DER encoding of OCTET STRING. | |
| 142 bool GetCertOctetStringExtension(CERTCertificate* cert, | |
| 143 SECOidTag oid, | |
| 144 std::string* extension_data) { | |
| 145 SECItem extension; | |
| 146 SECStatus rv = CERT_FindCertExtension(cert, oid, &extension); | |
| 147 if (rv != SECSuccess) | |
| 148 return false; | |
| 149 | |
| 150 base::StringPiece raw_data(reinterpret_cast<char*>(extension.data), | |
| 151 extension.len); | |
| 152 base::StringPiece parsed_data; | |
| 153 if (!asn1::GetElement(&raw_data, asn1::kOCTETSTRING, &parsed_data) || | |
| 154 raw_data.size() > 0) { // Decoding failure or raw data left | |
| 155 rv = SECFailure; | |
| 156 } else { | |
| 157 parsed_data.CopyToString(extension_data); | |
| 158 } | |
| 159 | |
| 160 SECITEM_FreeItem(&extension, PR_FALSE); | |
| 161 return rv == SECSuccess; | |
| 162 } | |
| 163 | |
| 164 // NSS offers CERT_FindCertExtension for certificates, but that only accepts | |
| 165 // CERTCertificate* inputs, so the method below extracts the SCT extension | |
| 166 // directly from the CERTCertExtension** of an OCSP response. | |
| 167 // | |
| 168 // Obtains the data for an OCSP extension identified by kOCSPExtensionOidItem | |
| 169 // and encoded as an OCTET STRING. Returns true if the extension was found in | |
| 170 // |extensions|, updating |extension_data| to be the extension data after | |
| 171 // removing the DER encoding of OCTET STRING. | |
| 172 bool GetSCTListFromOCSPExtension(PLArenaPool* arena, | |
| 173 const CERTCertExtension* const* extensions, | |
| 174 std::string* extension_data) { | |
| 175 if (!extensions) | |
| 176 return false; | |
| 177 | |
| 178 const CERTCertExtension* match = NULL; | |
| 179 | |
| 180 for (const CERTCertExtension* const* exts = extensions; *exts; ++exts) { | |
| 181 const CERTCertExtension* ext = *exts; | |
| 182 if (SECITEM_ItemsAreEqual(&kOCSPExtensionOidItem, &ext->id)) { | |
| 183 match = ext; | |
| 184 break; | |
| 185 } | |
| 186 } | |
| 187 | |
| 188 if (!match) | |
| 189 return false; | |
| 190 | |
| 191 SECItem contents; | |
| 192 // SEC_QuickDERDecodeItem sets |contents| to point to |match|, so it is not | |
| 193 // necessary to free the contents of |contents|. | |
| 194 SECStatus rv = SEC_QuickDERDecodeItem(arena, &contents, | |
| 195 SEC_ASN1_GET(SEC_OctetStringTemplate), | |
| 196 &match->value); | |
| 197 if (rv != SECSuccess) | |
| 198 return false; | |
| 199 | |
| 200 base::StringPiece parsed_data(reinterpret_cast<char*>(contents.data), | |
| 201 contents.len); | |
| 202 parsed_data.CopyToString(extension_data); | |
| 203 return true; | |
| 204 } | |
| 205 | |
| 206 // Given a |cert|, extract the TBSCertificate from this certificate, also | |
| 207 // removing the X.509 extension with OID 1.3.6.1.4.1.11129.2.4.2 (that is, | |
| 208 // the embedded SCT) | |
| 209 bool ExtractTBSCertWithoutSCTs(CERTCertificate* cert, | |
| 210 std::string* to_be_signed) { | |
| 211 SECOidData* oid = SECOID_FindOIDByTag(g_ct_singleton.Get().embedded_oid()); | |
| 212 if (!oid) | |
| 213 return false; | |
| 214 | |
| 215 // This is a giant hack, due to the fact that NSS does not expose a good API | |
| 216 // for simply removing certificate fields from existing certificates. | |
| 217 CERTCertificate temp_cert; | |
| 218 temp_cert = *cert; | |
| 219 temp_cert.extensions = NULL; | |
| 220 | |
| 221 // Strip out the embedded SCT OID from the new certificate by directly | |
| 222 // mutating the extensions in place. | |
| 223 std::vector<CERTCertExtension*> new_extensions; | |
| 224 if (cert->extensions) { | |
| 225 for (CERTCertExtension** exts = cert->extensions; *exts; ++exts) { | |
| 226 CERTCertExtension* ext = *exts; | |
| 227 SECComparison result = SECITEM_CompareItem(&oid->oid, &ext->id); | |
| 228 if (result != SECEqual) | |
| 229 new_extensions.push_back(ext); | |
| 230 } | |
| 231 } | |
| 232 if (!new_extensions.empty()) { | |
| 233 new_extensions.push_back(NULL); | |
| 234 temp_cert.extensions = &new_extensions[0]; | |
| 235 } | |
| 236 | |
| 237 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); | |
| 238 | |
| 239 SECItem tbs_data; | |
| 240 tbs_data.len = 0; | |
| 241 tbs_data.data = NULL; | |
| 242 void* result = SEC_ASN1EncodeItem(arena.get(), | |
| 243 &tbs_data, | |
| 244 &temp_cert, | |
| 245 SEC_ASN1_GET(CERT_CertificateTemplate)); | |
| 246 if (!result) | |
| 247 return false; | |
| 248 | |
| 249 to_be_signed->assign(reinterpret_cast<char*>(tbs_data.data), tbs_data.len); | |
| 250 return true; | |
| 251 } | |
| 252 | |
| 253 // The following code is adapted from the NSS OCSP module, in order to expose | |
| 254 // the internal structure of an OCSP response. | |
| 255 | |
| 256 // ResponseBytes ::= SEQUENCE { | |
| 257 // responseType OBJECT IDENTIFIER, | |
| 258 // response OCTET STRING } | |
| 259 struct ResponseBytes { | |
| 260 SECItem response_type; | |
| 261 SECItem der_response; | |
| 262 }; | |
| 263 | |
| 264 const SEC_ASN1Template kResponseBytesTemplate[] = { | |
| 265 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ResponseBytes) }, | |
| 266 { SEC_ASN1_OBJECT_ID, offsetof(ResponseBytes, response_type) }, | |
| 267 { SEC_ASN1_OCTET_STRING, offsetof(ResponseBytes, der_response) }, | |
| 268 { 0 } | |
| 269 }; | |
| 270 | |
| 271 // OCSPResponse ::= SEQUENCE { | |
| 272 // responseStatus OCSPResponseStatus, | |
| 273 // responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } | |
| 274 struct OCSPResponse { | |
| 275 SECItem response_status; | |
| 276 // This indirection is needed because |response_bytes| is an optional | |
| 277 // component and we need a way to determine if it is missing. | |
| 278 ResponseBytes* response_bytes; | |
| 279 }; | |
| 280 | |
| 281 const SEC_ASN1Template kPointerToResponseBytesTemplate[] = { | |
| 282 { SEC_ASN1_POINTER, 0, kResponseBytesTemplate } | |
| 283 }; | |
| 284 | |
| 285 const SEC_ASN1Template kOCSPResponseTemplate[] = { | |
| 286 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(OCSPResponse) }, | |
| 287 { SEC_ASN1_ENUMERATED, offsetof(OCSPResponse, response_status) }, | |
| 288 { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | | |
| 289 SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(OCSPResponse, response_bytes), | |
| 290 kPointerToResponseBytesTemplate }, | |
| 291 { 0 } | |
| 292 }; | |
| 293 | |
| 294 // CertID ::= SEQUENCE { | |
| 295 // hashAlgorithm AlgorithmIdentifier, | |
| 296 // issuerNameHash OCTET STRING, -- Hash of Issuer's DN | |
| 297 // issuerKeyHash OCTET STRING, -- Hash of Issuers public key | |
| 298 // serialNumber CertificateSerialNumber } | |
| 299 struct CertID { | |
| 300 SECAlgorithmID hash_algorithm; | |
| 301 SECItem issuer_name_hash; | |
| 302 SECItem issuer_key_hash; | |
| 303 SECItem serial_number; | |
| 304 }; | |
| 305 | |
| 306 const SEC_ASN1Template kCertIDTemplate[] = { | |
| 307 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CertID) }, | |
| 308 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CertID, hash_algorithm), | |
| 309 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, | |
| 310 { SEC_ASN1_OCTET_STRING, offsetof(CertID, issuer_name_hash) }, | |
| 311 { SEC_ASN1_OCTET_STRING, offsetof(CertID, issuer_key_hash) }, | |
| 312 { SEC_ASN1_INTEGER, offsetof(CertID, serial_number) }, | |
| 313 { 0 } | |
| 314 }; | |
| 315 | |
| 316 // SingleResponse ::= SEQUENCE { | |
| 317 // certID CertID, | |
| 318 // certStatus CertStatus, | |
| 319 // thisUpdate GeneralizedTime, | |
| 320 // nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, | |
| 321 // singleExtensions [1] EXPLICIT Extensions OPTIONAL } | |
| 322 struct SingleResponse { | |
| 323 CertID cert_id; | |
| 324 // The following three fields are not used. | |
| 325 SECItem der_cert_status; | |
| 326 SECItem this_update; | |
| 327 SECItem next_update; | |
| 328 CERTCertExtension** single_extensions; | |
| 329 }; | |
| 330 | |
| 331 const SEC_ASN1Template kSingleResponseTemplate[] = { | |
| 332 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SingleResponse) }, | |
| 333 { SEC_ASN1_INLINE, offsetof(SingleResponse, cert_id), kCertIDTemplate }, | |
| 334 // Really a CHOICE but we make it an ANY because we don't care about the | |
| 335 // contents of this field. | |
| 336 // TODO(ekasper): use SEC_ASN1_CHOICE. | |
| 337 { SEC_ASN1_ANY, offsetof(SingleResponse, der_cert_status) }, | |
| 338 { SEC_ASN1_GENERALIZED_TIME, offsetof(SingleResponse, this_update) }, | |
| 339 { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | | |
| 340 SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, | |
| 341 offsetof(SingleResponse, next_update), | |
| 342 SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) }, | |
| 343 { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | | |
| 344 SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, | |
| 345 offsetof(SingleResponse, single_extensions), | |
| 346 SEC_ASN1_SUB(CERT_SequenceOfCertExtensionTemplate) }, | |
| 347 { 0 } | |
| 348 }; | |
| 349 | |
| 350 // ResponseData ::= SEQUENCE { | |
| 351 // version [0] EXPLICIT Version DEFAULT v1, | |
| 352 // responderID ResponderID, | |
| 353 // producedAt GeneralizedTime, | |
| 354 // responses SEQUENCE OF SingleResponse, | |
| 355 // responseExtensions [1] EXPLICIT Extensions OPTIONAL } | |
| 356 struct ResponseData { | |
| 357 // The first three fields are not used. | |
| 358 SECItem version; | |
| 359 SECItem der_responder_id; | |
| 360 SECItem produced_at; | |
| 361 SingleResponse** single_responses; | |
| 362 // Skip extensions. | |
| 363 }; | |
| 364 | |
| 365 const SEC_ASN1Template kResponseDataTemplate[] = { | |
| 366 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ResponseData) }, | |
| 367 { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | | |
| 368 SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, | |
| 369 offsetof(ResponseData, version), SEC_ASN1_SUB(SEC_IntegerTemplate) }, | |
| 370 // Really a CHOICE but we make it an ANY because we don't care about the | |
| 371 // contents of this field. | |
| 372 // TODO(ekasper): use SEC_ASN1_CHOICE. | |
| 373 { SEC_ASN1_ANY, offsetof(ResponseData, der_responder_id) }, | |
| 374 { SEC_ASN1_GENERALIZED_TIME, offsetof(ResponseData, produced_at) }, | |
| 375 { SEC_ASN1_SEQUENCE_OF, offsetof(ResponseData, single_responses), | |
| 376 kSingleResponseTemplate }, | |
| 377 { SEC_ASN1_SKIP_REST }, | |
| 378 { 0 } | |
| 379 }; | |
| 380 | |
| 381 // BasicOCSPResponse ::= SEQUENCE { | |
| 382 // tbsResponseData ResponseData, | |
| 383 // signatureAlgorithm AlgorithmIdentifier, | |
| 384 // signature BIT STRING, | |
| 385 // certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } | |
| 386 struct BasicOCSPResponse { | |
| 387 ResponseData tbs_response_data; | |
| 388 // We do not care about the rest. | |
| 389 }; | |
| 390 | |
| 391 const SEC_ASN1Template kBasicOCSPResponseTemplate[] = { | |
| 392 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(BasicOCSPResponse) }, | |
| 393 { SEC_ASN1_INLINE, offsetof(BasicOCSPResponse, tbs_response_data), | |
| 394 kResponseDataTemplate }, | |
| 395 { SEC_ASN1_SKIP_REST }, | |
| 396 { 0 } | |
| 397 }; | |
| 398 | |
| 399 bool StringEqualToSECItem(const std::string& value1, const SECItem& value2) { | |
| 400 if (value1.size() != value2.len) | |
| 401 return false; | |
| 402 return memcmp(value1.data(), value2.data, value2.len) == 0; | |
| 403 } | |
| 404 | |
| 405 // TODO(ekasper): also use the issuer name hash in matching. | |
| 406 bool CertIDMatches(const CertID& cert_id, | |
| 407 const std::string& serial_number, | |
| 408 const std::string& issuer_key_sha1_hash, | |
| 409 const std::string& issuer_key_sha256_hash) { | |
| 410 if (!StringEqualToSECItem(serial_number, cert_id.serial_number)) | |
| 411 return false; | |
| 412 | |
| 413 SECOidTag hash_alg = SECOID_FindOIDTag(&cert_id.hash_algorithm.algorithm); | |
| 414 switch (hash_alg) { | |
| 415 case SEC_OID_SHA1: | |
| 416 return StringEqualToSECItem(issuer_key_sha1_hash, | |
| 417 cert_id.issuer_key_hash); | |
| 418 case SEC_OID_SHA256: | |
| 419 return StringEqualToSECItem(issuer_key_sha256_hash, | |
| 420 cert_id.issuer_key_hash); | |
| 421 default: | |
| 422 return false; | |
| 423 } | |
| 424 } | |
| 425 | |
| 426 } // namespace | |
| 427 | |
| 428 bool ExtractEmbeddedSCTList(X509Certificate::OSCertHandle cert, | |
| 429 std::string* sct_list) { | |
| 430 DCHECK(cert); | |
| 431 | |
| 432 NSSCertWrapper leaf_cert(cert); | |
| 433 if (!leaf_cert.cert) | |
| 434 return false; | |
| 435 | |
| 436 return GetCertOctetStringExtension(leaf_cert.cert.get(), | |
| 437 g_ct_singleton.Get().embedded_oid(), | |
| 438 sct_list); | |
| 439 } | |
| 440 | |
| 441 bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf, | |
| 442 X509Certificate::OSCertHandle issuer, | |
| 443 LogEntry* result) { | |
| 444 DCHECK(leaf); | |
| 445 DCHECK(issuer); | |
| 446 | |
| 447 NSSCertWrapper leaf_cert(leaf); | |
| 448 NSSCertWrapper issuer_cert(issuer); | |
| 449 | |
| 450 result->Reset(); | |
| 451 // XXX(rsleevi): This check may be overkill, since we should be able to | |
| 452 // generate precerts for certs without the extension. For now, just a sanity | |
| 453 // check to match the reference implementation. | |
| 454 SECItem extension; | |
| 455 SECStatus rv = CERT_FindCertExtension( | |
| 456 leaf_cert.cert.get(), g_ct_singleton.Get().embedded_oid(), &extension); | |
| 457 if (rv != SECSuccess) | |
| 458 return false; | |
| 459 SECITEM_FreeItem(&extension, PR_FALSE); | |
| 460 | |
| 461 std::string to_be_signed; | |
| 462 if (!ExtractTBSCertWithoutSCTs(leaf_cert.cert.get(), &to_be_signed)) | |
| 463 return false; | |
| 464 | |
| 465 if (!issuer_cert.cert) { | |
| 466 // This can happen when the issuer and leaf certs share the same serial | |
| 467 // number and are from the same CA, which should never be the case | |
| 468 // (but happened with bad test certs). | |
| 469 VLOG(1) << "Issuer cert is null, cannot generate Precert entry."; | |
| 470 return false; | |
| 471 } | |
| 472 | |
| 473 SECKEYPublicKey* issuer_pub_key = | |
| 474 SECKEY_ExtractPublicKey(&(issuer_cert.cert->subjectPublicKeyInfo)); | |
| 475 if (!issuer_pub_key) { | |
| 476 VLOG(1) << "Could not extract issuer public key, " | |
| 477 << "cannot generate Precert entry."; | |
| 478 return false; | |
| 479 } | |
| 480 | |
| 481 SECItem* encoded_issuer_pubKey = | |
| 482 SECKEY_EncodeDERSubjectPublicKeyInfo(issuer_pub_key); | |
| 483 if (!encoded_issuer_pubKey) { | |
| 484 SECKEY_DestroyPublicKey(issuer_pub_key); | |
| 485 return false; | |
| 486 } | |
| 487 | |
| 488 result->type = ct::LogEntry::LOG_ENTRY_TYPE_PRECERT; | |
| 489 result->tbs_certificate.swap(to_be_signed); | |
| 490 | |
| 491 crypto::SHA256HashString( | |
| 492 base::StringPiece(reinterpret_cast<char*>(encoded_issuer_pubKey->data), | |
| 493 encoded_issuer_pubKey->len), | |
| 494 result->issuer_key_hash.data, | |
| 495 sizeof(result->issuer_key_hash.data)); | |
| 496 | |
| 497 SECITEM_FreeItem(encoded_issuer_pubKey, PR_TRUE); | |
| 498 SECKEY_DestroyPublicKey(issuer_pub_key); | |
| 499 | |
| 500 return true; | |
| 501 } | |
| 502 | |
| 503 bool GetX509LogEntry(X509Certificate::OSCertHandle leaf, LogEntry* result) { | |
| 504 DCHECK(leaf); | |
| 505 | |
| 506 std::string encoded; | |
| 507 if (!X509Certificate::GetDEREncoded(leaf, &encoded)) | |
| 508 return false; | |
| 509 | |
| 510 result->Reset(); | |
| 511 result->type = ct::LogEntry::LOG_ENTRY_TYPE_X509; | |
| 512 result->leaf_certificate.swap(encoded); | |
| 513 return true; | |
| 514 } | |
| 515 | |
| 516 bool ExtractSCTListFromOCSPResponse(X509Certificate::OSCertHandle issuer, | |
| 517 const std::string& cert_serial_number, | |
| 518 const std::string& ocsp_response, | |
| 519 std::string* sct_list) { | |
| 520 DCHECK(issuer); | |
| 521 | |
| 522 // Any OCSP response is unlikely to be even close to 2^24 bytes; further, CT | |
| 523 // only uses stapled OCSP responses which have this limit imposed by the TLS | |
| 524 // protocol. | |
| 525 if (ocsp_response.size() > 0xffffff) | |
| 526 return false; | |
| 527 | |
| 528 crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); | |
| 529 | |
| 530 OCSPResponse response; | |
| 531 memset(&response, 0, sizeof(response)); | |
| 532 | |
| 533 SECItem src = { siBuffer, | |
| 534 reinterpret_cast<unsigned char*>(const_cast<char*>( | |
| 535 ocsp_response.data())), | |
| 536 static_cast<unsigned int>(ocsp_response.size()) }; | |
| 537 | |
| 538 // |response| will point directly into |src|, so it's not necessary to | |
| 539 // free the |response| contents, but they may only be used while |src| | |
| 540 // is valid (i.e., in this method). | |
| 541 SECStatus rv = SEC_QuickDERDecodeItem(arena.get(), &response, | |
| 542 kOCSPResponseTemplate, &src); | |
| 543 if (rv != SECSuccess) | |
| 544 return false; | |
| 545 | |
| 546 if (!response.response_bytes) | |
| 547 return false; | |
| 548 | |
| 549 if (!SECITEM_ItemsAreEqual(&kBasicOCSPResponseOidItem, | |
| 550 &response.response_bytes->response_type)) { | |
| 551 return false; | |
| 552 } | |
| 553 | |
| 554 BasicOCSPResponse basic_response; | |
| 555 memset(&basic_response, 0, sizeof(basic_response)); | |
| 556 | |
| 557 rv = SEC_QuickDERDecodeItem(arena.get(), &basic_response, | |
| 558 kBasicOCSPResponseTemplate, | |
| 559 &response.response_bytes->der_response); | |
| 560 if (rv != SECSuccess) | |
| 561 return false; | |
| 562 | |
| 563 SingleResponse** responses = | |
| 564 basic_response.tbs_response_data.single_responses; | |
| 565 if (!responses) | |
| 566 return false; | |
| 567 | |
| 568 std::string issuer_der; | |
| 569 if (!X509Certificate::GetDEREncoded(issuer, &issuer_der)) | |
| 570 return false; | |
| 571 | |
| 572 base::StringPiece issuer_spki; | |
| 573 if (!asn1::ExtractSPKIFromDERCert(issuer_der, &issuer_spki)) | |
| 574 return false; | |
| 575 | |
| 576 // In OCSP, only the key itself is under hash. | |
| 577 base::StringPiece issuer_spk; | |
| 578 if (!asn1::ExtractSubjectPublicKeyFromSPKI(issuer_spki, &issuer_spk)) | |
| 579 return false; | |
| 580 | |
| 581 // ExtractSubjectPublicKey... does not remove the initial octet encoding the | |
| 582 // number of unused bits in the ASN.1 BIT STRING so we do it here. For public | |
| 583 // keys, the bitstring is in practice always byte-aligned. | |
| 584 if (issuer_spk.empty() || issuer_spk[0] != 0) | |
| 585 return false; | |
| 586 issuer_spk.remove_prefix(1); | |
| 587 | |
| 588 // NSS OCSP lib recognizes SHA1, MD5 and MD2; MD5 and MD2 are dead but | |
| 589 // https://bugzilla.mozilla.org/show_bug.cgi?id=663315 will add SHA-256 | |
| 590 // and SHA-384. | |
| 591 // TODO(ekasper): add SHA-384 to crypto/sha2.h and here if it proves | |
| 592 // necessary. | |
| 593 // TODO(ekasper): only compute the hashes on demand. | |
| 594 std::string issuer_key_sha256_hash = crypto::SHA256HashString(issuer_spk); | |
| 595 std::string issuer_key_sha1_hash = base::SHA1HashString( | |
| 596 issuer_spk.as_string()); | |
| 597 | |
| 598 const SingleResponse* match = NULL; | |
| 599 for (const SingleResponse* const* resps = responses; *resps; ++resps) { | |
| 600 const SingleResponse* resp = *resps; | |
| 601 if (CertIDMatches(resp->cert_id, cert_serial_number, | |
| 602 issuer_key_sha1_hash, issuer_key_sha256_hash)) { | |
| 603 match = resp; | |
| 604 break; | |
| 605 } | |
| 606 } | |
| 607 | |
| 608 if (!match) | |
| 609 return false; | |
| 610 | |
| 611 return GetSCTListFromOCSPExtension(arena.get(), match->single_extensions, | |
| 612 sct_list); | |
| 613 } | |
| 614 | |
| 615 } // namespace ct | |
| 616 | |
| 617 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master