1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define LOG_TAG "RpcTlsTestUtils"
18 #include <log/log.h>
19 
20 #include <binder/RpcTlsTestUtils.h>
21 
22 #include <binder/RpcTlsUtils.h>
23 
24 #include "../Utils.h" // for TEST_AND_RETURN
25 
26 namespace android {
27 
makeKeyPairForSelfSignedCert()28 bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert() {
29     bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
30     if (ec_key == nullptr || !EC_KEY_generate_key(ec_key.get())) {
31         ALOGE("Failed to generate key pair.");
32         return nullptr;
33     }
34     bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
35     // Use set1 instead of assign to avoid leaking ec_key when assign fails. set1 increments
36     // the refcount of the ec_key, so it is okay to release it at the end of this function.
37     if (pkey == nullptr || !EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get())) {
38         ALOGE("Failed to assign key pair.");
39         return nullptr;
40     }
41     return pkey;
42 }
43 
makeSelfSignedCert(EVP_PKEY * pkey,const uint32_t validSeconds)44 bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pkey, const uint32_t validSeconds) {
45     bssl::UniquePtr<X509> x509(X509_new());
46     bssl::UniquePtr<BIGNUM> serial(BN_new());
47     bssl::UniquePtr<BIGNUM> serialLimit(BN_new());
48     TEST_AND_RETURN(nullptr, BN_lshift(serialLimit.get(), BN_value_one(), 128));
49     TEST_AND_RETURN(nullptr, BN_rand_range(serial.get(), serialLimit.get()));
50     TEST_AND_RETURN(nullptr, BN_to_ASN1_INTEGER(serial.get(), X509_get_serialNumber(x509.get())));
51     TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0));
52     TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notAfter(x509.get()), validSeconds));
53 
54     X509_NAME* subject = X509_get_subject_name(x509.get());
55     TEST_AND_RETURN(nullptr,
56                     X509_NAME_add_entry_by_txt(subject, "O", MBSTRING_ASC,
57                                                reinterpret_cast<const uint8_t*>("Android"), -1, -1,
58                                                0));
59     TEST_AND_RETURN(nullptr,
60                     X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
61                                                reinterpret_cast<const uint8_t*>("BinderRPC"), -1,
62                                                -1, 0));
63     TEST_AND_RETURN(nullptr, X509_set_issuer_name(x509.get(), subject));
64 
65     TEST_AND_RETURN(nullptr, X509_set_pubkey(x509.get(), pkey));
66     TEST_AND_RETURN(nullptr, X509_sign(x509.get(), pkey, EVP_sha256()));
67     return x509;
68 }
69 
configure(SSL_CTX * ctx)70 status_t RpcAuthSelfSigned::configure(SSL_CTX* ctx) {
71     auto pkey = makeKeyPairForSelfSignedCert();
72     TEST_AND_RETURN(UNKNOWN_ERROR, pkey != nullptr);
73     auto cert = makeSelfSignedCert(pkey.get(), mValidSeconds);
74     TEST_AND_RETURN(UNKNOWN_ERROR, cert != nullptr);
75     TEST_AND_RETURN(INVALID_OPERATION, SSL_CTX_use_PrivateKey(ctx, pkey.get()));
76     TEST_AND_RETURN(INVALID_OPERATION, SSL_CTX_use_certificate(ctx, cert.get()));
77     return OK;
78 }
79 
configure(SSL_CTX * ctx)80 status_t RpcAuthPreSigned::configure(SSL_CTX* ctx) {
81     if (!SSL_CTX_use_PrivateKey(ctx, mPkey.get())) {
82         return INVALID_OPERATION;
83     }
84     if (!SSL_CTX_use_certificate(ctx, mCert.get())) {
85         return INVALID_OPERATION;
86     }
87     return OK;
88 }
89 
verify(const SSL * ssl,uint8_t * outAlert)90 status_t RpcCertificateVerifierSimple::verify(const SSL* ssl, uint8_t* outAlert) {
91     const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client";
92     bssl::UniquePtr<X509> peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue
93     LOG_ALWAYS_FATAL_IF(peerCert == nullptr,
94                         "%s: libssl should not ask to verify non-existing cert", logPrefix);
95 
96     std::lock_guard<std::mutex> lock(mMutex);
97     for (const auto& trustedCert : mTrustedPeerCertificates) {
98         if (0 == X509_cmp(trustedCert.get(), peerCert.get())) {
99             return OK;
100         }
101     }
102     *outAlert = SSL_AD_CERTIFICATE_UNKNOWN;
103     return PERMISSION_DENIED;
104 }
105 
addTrustedPeerCertificate(RpcCertificateFormat format,const std::vector<uint8_t> & cert)106 status_t RpcCertificateVerifierSimple::addTrustedPeerCertificate(RpcCertificateFormat format,
107                                                                  const std::vector<uint8_t>& cert) {
108     bssl::UniquePtr<X509> x509 = deserializeCertificate(cert, format);
109     if (x509 == nullptr) {
110         ALOGE("Certificate is not in the proper format %s", PrintToString(format).c_str());
111         return BAD_VALUE;
112     }
113     std::lock_guard<std::mutex> lock(mMutex);
114     mTrustedPeerCertificates.push_back(std::move(x509));
115     return OK;
116 }
117 
118 } // namespace android
119