1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include "rtc_base/openssl_certificate.h"
12
13 #if defined(WEBRTC_WIN)
14 // Must be included first before openssl headers.
15 #include "rtc_base/win32.h" // NOLINT
16 #endif // WEBRTC_WIN
17
18 #include <openssl/bio.h>
19 #include <openssl/bn.h>
20 #include <openssl/pem.h>
21 #include <time.h>
22
23 #include <memory>
24
25 #include "rtc_base/checks.h"
26 #include "rtc_base/helpers.h"
27 #include "rtc_base/logging.h"
28 #include "rtc_base/message_digest.h"
29 #include "rtc_base/openssl_digest.h"
30 #include "rtc_base/openssl_identity.h"
31 #include "rtc_base/openssl_utility.h"
32
33 namespace rtc {
34 namespace {
35
36 // Random bits for certificate serial number
37 static const int SERIAL_RAND_BITS = 64;
38
39 #if !defined(NDEBUG)
40 // Print a certificate to the log, for debugging.
PrintCert(X509 * x509)41 static void PrintCert(X509* x509) {
42 BIO* temp_memory_bio = BIO_new(BIO_s_mem());
43 if (!temp_memory_bio) {
44 RTC_DLOG_F(LS_ERROR) << "Failed to allocate temporary memory bio";
45 return;
46 }
47 X509_print_ex(temp_memory_bio, x509, XN_FLAG_SEP_CPLUS_SPC, 0);
48 BIO_write(temp_memory_bio, "\0", 1);
49 char* buffer;
50 BIO_get_mem_data(temp_memory_bio, &buffer);
51 RTC_DLOG(LS_VERBOSE) << buffer;
52 BIO_free(temp_memory_bio);
53 }
54 #endif
55
56 // Generate a self-signed certificate, with the public key from the
57 // given key pair. Caller is responsible for freeing the returned object.
MakeCertificate(EVP_PKEY * pkey,const SSLIdentityParams & params)58 static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) {
59 RTC_LOG(LS_INFO) << "Making certificate for " << params.common_name;
60
61 ASN1_INTEGER* asn1_serial_number = nullptr;
62 std::unique_ptr<BIGNUM, decltype(&::BN_free)> serial_number{nullptr,
63 ::BN_free};
64 std::unique_ptr<X509, decltype(&::X509_free)> x509{nullptr, ::X509_free};
65 std::unique_ptr<X509_NAME, decltype(&::X509_NAME_free)> name{
66 nullptr, ::X509_NAME_free};
67 time_t epoch_off = 0; // Time offset since epoch.
68 x509.reset(X509_new());
69 if (x509 == nullptr) {
70 return nullptr;
71 }
72 if (!X509_set_pubkey(x509.get(), pkey)) {
73 return nullptr;
74 }
75 // serial number - temporary reference to serial number inside x509 struct
76 serial_number.reset(BN_new());
77 if (serial_number == nullptr ||
78 !BN_pseudo_rand(serial_number.get(), SERIAL_RAND_BITS, 0, 0) ||
79 (asn1_serial_number = X509_get_serialNumber(x509.get())) == nullptr ||
80 !BN_to_ASN1_INTEGER(serial_number.get(), asn1_serial_number)) {
81 return nullptr;
82 }
83 // Set version to X509.V3
84 if (!X509_set_version(x509.get(), 2L)) {
85 return nullptr;
86 }
87
88 // There are a lot of possible components for the name entries. In
89 // our P2P SSL mode however, the certificates are pre-exchanged
90 // (through the secure XMPP channel), and so the certificate
91 // identification is arbitrary. It can't be empty, so we set some
92 // arbitrary common_name. Note that this certificate goes out in
93 // clear during SSL negotiation, so there may be a privacy issue in
94 // putting anything recognizable here.
95 name.reset(X509_NAME_new());
96 if (name == nullptr ||
97 !X509_NAME_add_entry_by_NID(name.get(), NID_commonName, MBSTRING_UTF8,
98 (unsigned char*)params.common_name.c_str(),
99 -1, -1, 0) ||
100 !X509_set_subject_name(x509.get(), name.get()) ||
101 !X509_set_issuer_name(x509.get(), name.get())) {
102 return nullptr;
103 }
104 if (!X509_time_adj(X509_get_notBefore(x509.get()), params.not_before,
105 &epoch_off) ||
106 !X509_time_adj(X509_get_notAfter(x509.get()), params.not_after,
107 &epoch_off)) {
108 return nullptr;
109 }
110 if (!X509_sign(x509.get(), pkey, EVP_sha256())) {
111 return nullptr;
112 }
113
114 RTC_LOG(LS_INFO) << "Returning certificate";
115 return x509.release();
116 }
117
118 } // namespace
119
OpenSSLCertificate(X509 * x509)120 OpenSSLCertificate::OpenSSLCertificate(X509* x509) : x509_(x509) {
121 RTC_DCHECK(x509_ != nullptr);
122 X509_up_ref(x509_);
123 }
124
Generate(OpenSSLKeyPair * key_pair,const SSLIdentityParams & params)125 std::unique_ptr<OpenSSLCertificate> OpenSSLCertificate::Generate(
126 OpenSSLKeyPair* key_pair,
127 const SSLIdentityParams& params) {
128 SSLIdentityParams actual_params(params);
129 if (actual_params.common_name.empty()) {
130 // Use a random string, arbitrarily 8chars long.
131 actual_params.common_name = CreateRandomString(8);
132 }
133 X509* x509 = MakeCertificate(key_pair->pkey(), actual_params);
134 if (!x509) {
135 openssl::LogSSLErrors("Generating certificate");
136 return nullptr;
137 }
138 #if !defined(NDEBUG)
139 PrintCert(x509);
140 #endif
141 auto ret = std::make_unique<OpenSSLCertificate>(x509);
142 X509_free(x509);
143 return ret;
144 }
145
FromPEMString(absl::string_view pem_string)146 std::unique_ptr<OpenSSLCertificate> OpenSSLCertificate::FromPEMString(
147 absl::string_view pem_string) {
148 BIO* bio = BIO_new_mem_buf(const_cast<char*>(pem_string.data()), -1);
149 if (!bio) {
150 return nullptr;
151 }
152
153 BIO_set_mem_eof_return(bio, 0);
154 X509* x509 =
155 PEM_read_bio_X509(bio, nullptr, nullptr, const_cast<char*>("\0"));
156 BIO_free(bio); // Frees the BIO, but not the pointed-to string.
157
158 if (!x509) {
159 return nullptr;
160 }
161 auto ret = std::make_unique<OpenSSLCertificate>(x509);
162 X509_free(x509);
163 return ret;
164 }
165
166 // NOTE: This implementation only functions correctly after InitializeSSL
167 // and before CleanupSSL.
GetSignatureDigestAlgorithm(std::string * algorithm) const168 bool OpenSSLCertificate::GetSignatureDigestAlgorithm(
169 std::string* algorithm) const {
170 int nid = X509_get_signature_nid(x509_);
171 switch (nid) {
172 case NID_md5WithRSA:
173 case NID_md5WithRSAEncryption:
174 *algorithm = DIGEST_MD5;
175 break;
176 case NID_ecdsa_with_SHA1:
177 case NID_dsaWithSHA1:
178 case NID_dsaWithSHA1_2:
179 case NID_sha1WithRSA:
180 case NID_sha1WithRSAEncryption:
181 *algorithm = DIGEST_SHA_1;
182 break;
183 case NID_ecdsa_with_SHA224:
184 case NID_sha224WithRSAEncryption:
185 case NID_dsa_with_SHA224:
186 *algorithm = DIGEST_SHA_224;
187 break;
188 case NID_ecdsa_with_SHA256:
189 case NID_sha256WithRSAEncryption:
190 case NID_dsa_with_SHA256:
191 *algorithm = DIGEST_SHA_256;
192 break;
193 case NID_ecdsa_with_SHA384:
194 case NID_sha384WithRSAEncryption:
195 *algorithm = DIGEST_SHA_384;
196 break;
197 case NID_ecdsa_with_SHA512:
198 case NID_sha512WithRSAEncryption:
199 *algorithm = DIGEST_SHA_512;
200 break;
201 default:
202 // Unknown algorithm. There are several unhandled options that are less
203 // common and more complex.
204 RTC_LOG(LS_ERROR) << "Unknown signature algorithm NID: " << nid;
205 algorithm->clear();
206 return false;
207 }
208 return true;
209 }
210
ComputeDigest(absl::string_view algorithm,unsigned char * digest,size_t size,size_t * length) const211 bool OpenSSLCertificate::ComputeDigest(absl::string_view algorithm,
212 unsigned char* digest,
213 size_t size,
214 size_t* length) const {
215 return ComputeDigest(x509_, algorithm, digest, size, length);
216 }
217
ComputeDigest(const X509 * x509,absl::string_view algorithm,unsigned char * digest,size_t size,size_t * length)218 bool OpenSSLCertificate::ComputeDigest(const X509* x509,
219 absl::string_view algorithm,
220 unsigned char* digest,
221 size_t size,
222 size_t* length) {
223 const EVP_MD* md = nullptr;
224 unsigned int n = 0;
225 if (!OpenSSLDigest::GetDigestEVP(algorithm, &md)) {
226 return false;
227 }
228 if (size < static_cast<size_t>(EVP_MD_size(md))) {
229 return false;
230 }
231 X509_digest(x509, md, digest, &n);
232 *length = n;
233 return true;
234 }
235
~OpenSSLCertificate()236 OpenSSLCertificate::~OpenSSLCertificate() {
237 X509_free(x509_);
238 }
239
Clone() const240 std::unique_ptr<SSLCertificate> OpenSSLCertificate::Clone() const {
241 return std::make_unique<OpenSSLCertificate>(x509_);
242 }
243
ToPEMString() const244 std::string OpenSSLCertificate::ToPEMString() const {
245 BIO* bio = BIO_new(BIO_s_mem());
246 RTC_CHECK(bio);
247 RTC_CHECK(PEM_write_bio_X509(bio, x509_));
248 BIO_write(bio, "\0", 1);
249 char* buffer;
250 BIO_get_mem_data(bio, &buffer);
251 std::string ret(buffer);
252 BIO_free(bio);
253 return ret;
254 }
255
ToDER(Buffer * der_buffer) const256 void OpenSSLCertificate::ToDER(Buffer* der_buffer) const {
257 // In case of failure, make sure to leave the buffer empty.
258 der_buffer->SetSize(0);
259 // Calculates the DER representation of the certificate, from scratch.
260 BIO* bio = BIO_new(BIO_s_mem());
261 RTC_CHECK(bio);
262 RTC_CHECK(i2d_X509_bio(bio, x509_));
263 char* data = nullptr;
264 size_t length = BIO_get_mem_data(bio, &data);
265 der_buffer->SetData(data, length);
266 BIO_free(bio);
267 }
268
operator ==(const OpenSSLCertificate & other) const269 bool OpenSSLCertificate::operator==(const OpenSSLCertificate& other) const {
270 return X509_cmp(x509_, other.x509_) == 0;
271 }
272
operator !=(const OpenSSLCertificate & other) const273 bool OpenSSLCertificate::operator!=(const OpenSSLCertificate& other) const {
274 return !(*this == other);
275 }
276
CertificateExpirationTime() const277 int64_t OpenSSLCertificate::CertificateExpirationTime() const {
278 ASN1_TIME* expire_time = X509_get_notAfter(x509_);
279 bool long_format;
280 if (expire_time->type == V_ASN1_UTCTIME) {
281 long_format = false;
282 } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) {
283 long_format = true;
284 } else {
285 return -1;
286 }
287 return ASN1TimeToSec(expire_time->data, expire_time->length, long_format);
288 }
289
290 } // namespace rtc
291