1 /*
2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #if HAVE_OPENSSL_SSL_H
12 
13 #include "webrtc/base/opensslidentity.h"
14 
15 // Must be included first before openssl headers.
16 #include "webrtc/base/win32.h"  // NOLINT
17 
18 #include <openssl/bio.h>
19 #include <openssl/err.h>
20 #include <openssl/pem.h>
21 #include <openssl/bn.h>
22 #include <openssl/rsa.h>
23 #include <openssl/crypto.h>
24 
25 #include "webrtc/base/checks.h"
26 #include "webrtc/base/helpers.h"
27 #include "webrtc/base/logging.h"
28 #include "webrtc/base/openssl.h"
29 #include "webrtc/base/openssldigest.h"
30 
31 namespace rtc {
32 
33 // We could have exposed a myriad of parameters for the crypto stuff,
34 // but keeping it simple seems best.
35 
36 // Random bits for certificate serial number
37 static const int SERIAL_RAND_BITS = 64;
38 
39 // Certificate validity lifetime
40 static const int CERTIFICATE_LIFETIME = 60*60*24*30;  // 30 days, arbitrarily
41 // Certificate validity window.
42 // This is to compensate for slightly incorrect system clocks.
43 static const int CERTIFICATE_WINDOW = -60*60*24;
44 
45 // Generate a key pair. Caller is responsible for freeing the returned object.
MakeKey(const KeyParams & key_params)46 static EVP_PKEY* MakeKey(const KeyParams& key_params) {
47   LOG(LS_INFO) << "Making key pair";
48   EVP_PKEY* pkey = EVP_PKEY_new();
49   if (key_params.type() == KT_RSA) {
50     int key_length = key_params.rsa_params().mod_size;
51     BIGNUM* exponent = BN_new();
52     RSA* rsa = RSA_new();
53     if (!pkey || !exponent || !rsa ||
54         !BN_set_word(exponent, key_params.rsa_params().pub_exp) ||
55         !RSA_generate_key_ex(rsa, key_length, exponent, NULL) ||
56         !EVP_PKEY_assign_RSA(pkey, rsa)) {
57       EVP_PKEY_free(pkey);
58       BN_free(exponent);
59       RSA_free(rsa);
60       LOG(LS_ERROR) << "Failed to make RSA key pair";
61       return NULL;
62     }
63     // ownership of rsa struct was assigned, don't free it.
64     BN_free(exponent);
65   } else if (key_params.type() == KT_ECDSA) {
66     if (key_params.ec_curve() == EC_NIST_P256) {
67       EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
68       if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
69           !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
70         EVP_PKEY_free(pkey);
71         EC_KEY_free(ec_key);
72         LOG(LS_ERROR) << "Failed to make EC key pair";
73         return NULL;
74       }
75       // ownership of ec_key struct was assigned, don't free it.
76     } else {
77       // Add generation of any other curves here.
78       EVP_PKEY_free(pkey);
79       LOG(LS_ERROR) << "ECDSA key requested for unknown curve";
80       return NULL;
81     }
82   } else {
83     EVP_PKEY_free(pkey);
84     LOG(LS_ERROR) << "Key type requested not understood";
85     return NULL;
86   }
87 
88   LOG(LS_INFO) << "Returning key pair";
89   return pkey;
90 }
91 
92 // Generate a self-signed certificate, with the public key from the
93 // given key pair. Caller is responsible for freeing the returned object.
MakeCertificate(EVP_PKEY * pkey,const SSLIdentityParams & params)94 static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) {
95   LOG(LS_INFO) << "Making certificate for " << params.common_name;
96   X509* x509 = NULL;
97   BIGNUM* serial_number = NULL;
98   X509_NAME* name = NULL;
99   time_t epoch_off = 0;  // Time offset since epoch.
100 
101   if ((x509=X509_new()) == NULL)
102     goto error;
103 
104   if (!X509_set_pubkey(x509, pkey))
105     goto error;
106 
107   // serial number
108   // temporary reference to serial number inside x509 struct
109   ASN1_INTEGER* asn1_serial_number;
110   if ((serial_number = BN_new()) == NULL ||
111       !BN_pseudo_rand(serial_number, SERIAL_RAND_BITS, 0, 0) ||
112       (asn1_serial_number = X509_get_serialNumber(x509)) == NULL ||
113       !BN_to_ASN1_INTEGER(serial_number, asn1_serial_number))
114     goto error;
115 
116   if (!X509_set_version(x509, 0L))  // version 1
117     goto error;
118 
119   // There are a lot of possible components for the name entries. In
120   // our P2P SSL mode however, the certificates are pre-exchanged
121   // (through the secure XMPP channel), and so the certificate
122   // identification is arbitrary. It can't be empty, so we set some
123   // arbitrary common_name. Note that this certificate goes out in
124   // clear during SSL negotiation, so there may be a privacy issue in
125   // putting anything recognizable here.
126   if ((name = X509_NAME_new()) == NULL ||
127       !X509_NAME_add_entry_by_NID(
128           name, NID_commonName, MBSTRING_UTF8,
129           (unsigned char*)params.common_name.c_str(), -1, -1, 0) ||
130       !X509_set_subject_name(x509, name) ||
131       !X509_set_issuer_name(x509, name))
132     goto error;
133 
134   if (!X509_time_adj(X509_get_notBefore(x509), params.not_before, &epoch_off) ||
135       !X509_time_adj(X509_get_notAfter(x509), params.not_after, &epoch_off))
136     goto error;
137 
138   if (!X509_sign(x509, pkey, EVP_sha256()))
139     goto error;
140 
141   BN_free(serial_number);
142   X509_NAME_free(name);
143   LOG(LS_INFO) << "Returning certificate";
144   return x509;
145 
146  error:
147   BN_free(serial_number);
148   X509_NAME_free(name);
149   X509_free(x509);
150   return NULL;
151 }
152 
153 // This dumps the SSL error stack to the log.
LogSSLErrors(const std::string & prefix)154 static void LogSSLErrors(const std::string& prefix) {
155   char error_buf[200];
156   unsigned long err;
157 
158   while ((err = ERR_get_error()) != 0) {
159     ERR_error_string_n(err, error_buf, sizeof(error_buf));
160     LOG(LS_ERROR) << prefix << ": " << error_buf << "\n";
161   }
162 }
163 
Generate(const KeyParams & key_params)164 OpenSSLKeyPair* OpenSSLKeyPair::Generate(const KeyParams& key_params) {
165   EVP_PKEY* pkey = MakeKey(key_params);
166   if (!pkey) {
167     LogSSLErrors("Generating key pair");
168     return NULL;
169   }
170   return new OpenSSLKeyPair(pkey);
171 }
172 
~OpenSSLKeyPair()173 OpenSSLKeyPair::~OpenSSLKeyPair() {
174   EVP_PKEY_free(pkey_);
175 }
176 
GetReference()177 OpenSSLKeyPair* OpenSSLKeyPair::GetReference() {
178   AddReference();
179   return new OpenSSLKeyPair(pkey_);
180 }
181 
AddReference()182 void OpenSSLKeyPair::AddReference() {
183 #if defined(OPENSSL_IS_BORINGSSL)
184   EVP_PKEY_up_ref(pkey_);
185 #else
186   CRYPTO_add(&pkey_->references, 1, CRYPTO_LOCK_EVP_PKEY);
187 #endif
188 }
189 
190 #if !defined(NDEBUG)
191 // Print a certificate to the log, for debugging.
PrintCert(X509 * x509)192 static void PrintCert(X509* x509) {
193   BIO* temp_memory_bio = BIO_new(BIO_s_mem());
194   if (!temp_memory_bio) {
195     LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio";
196     return;
197   }
198   X509_print_ex(temp_memory_bio, x509, XN_FLAG_SEP_CPLUS_SPC, 0);
199   BIO_write(temp_memory_bio, "\0", 1);
200   char* buffer;
201   BIO_get_mem_data(temp_memory_bio, &buffer);
202   LOG(LS_VERBOSE) << buffer;
203   BIO_free(temp_memory_bio);
204 }
205 #endif
206 
Generate(OpenSSLKeyPair * key_pair,const SSLIdentityParams & params)207 OpenSSLCertificate* OpenSSLCertificate::Generate(
208     OpenSSLKeyPair* key_pair, const SSLIdentityParams& params) {
209   SSLIdentityParams actual_params(params);
210   if (actual_params.common_name.empty()) {
211     // Use a random string, arbitrarily 8chars long.
212     actual_params.common_name = CreateRandomString(8);
213   }
214   X509* x509 = MakeCertificate(key_pair->pkey(), actual_params);
215   if (!x509) {
216     LogSSLErrors("Generating certificate");
217     return NULL;
218   }
219 #if !defined(NDEBUG)
220   PrintCert(x509);
221 #endif
222   OpenSSLCertificate* ret = new OpenSSLCertificate(x509);
223   X509_free(x509);
224   return ret;
225 }
226 
FromPEMString(const std::string & pem_string)227 OpenSSLCertificate* OpenSSLCertificate::FromPEMString(
228     const std::string& pem_string) {
229   BIO* bio = BIO_new_mem_buf(const_cast<char*>(pem_string.c_str()), -1);
230   if (!bio)
231     return NULL;
232   BIO_set_mem_eof_return(bio, 0);
233   X509* x509 = PEM_read_bio_X509(bio, NULL, NULL, const_cast<char*>("\0"));
234   BIO_free(bio);  // Frees the BIO, but not the pointed-to string.
235 
236   if (!x509)
237     return NULL;
238 
239   OpenSSLCertificate* ret = new OpenSSLCertificate(x509);
240   X509_free(x509);
241   return ret;
242 }
243 
244 // NOTE: This implementation only functions correctly after InitializeSSL
245 // and before CleanupSSL.
GetSignatureDigestAlgorithm(std::string * algorithm) const246 bool OpenSSLCertificate::GetSignatureDigestAlgorithm(
247     std::string* algorithm) const {
248   int nid = OBJ_obj2nid(x509_->sig_alg->algorithm);
249   switch (nid) {
250     case NID_md5WithRSA:
251     case NID_md5WithRSAEncryption:
252       *algorithm = DIGEST_MD5;
253       break;
254     case NID_ecdsa_with_SHA1:
255     case NID_dsaWithSHA1:
256     case NID_dsaWithSHA1_2:
257     case NID_sha1WithRSA:
258     case NID_sha1WithRSAEncryption:
259       *algorithm = DIGEST_SHA_1;
260       break;
261     case NID_ecdsa_with_SHA224:
262     case NID_sha224WithRSAEncryption:
263     case NID_dsa_with_SHA224:
264       *algorithm = DIGEST_SHA_224;
265       break;
266     case NID_ecdsa_with_SHA256:
267     case NID_sha256WithRSAEncryption:
268     case NID_dsa_with_SHA256:
269       *algorithm = DIGEST_SHA_256;
270       break;
271     case NID_ecdsa_with_SHA384:
272     case NID_sha384WithRSAEncryption:
273       *algorithm = DIGEST_SHA_384;
274       break;
275     case NID_ecdsa_with_SHA512:
276     case NID_sha512WithRSAEncryption:
277       *algorithm = DIGEST_SHA_512;
278       break;
279     default:
280       // Unknown algorithm.  There are several unhandled options that are less
281       // common and more complex.
282       LOG(LS_ERROR) << "Unknown signature algorithm NID: " << nid;
283       algorithm->clear();
284       return false;
285   }
286   return true;
287 }
288 
GetChain(SSLCertChain ** chain) const289 bool OpenSSLCertificate::GetChain(SSLCertChain** chain) const {
290   // Chains are not yet supported when using OpenSSL.
291   // OpenSSLStreamAdapter::SSLVerifyCallback currently requires the remote
292   // certificate to be self-signed.
293   return false;
294 }
295 
ComputeDigest(const std::string & algorithm,unsigned char * digest,size_t size,size_t * length) const296 bool OpenSSLCertificate::ComputeDigest(const std::string& algorithm,
297                                        unsigned char* digest,
298                                        size_t size,
299                                        size_t* length) const {
300   return ComputeDigest(x509_, algorithm, digest, size, length);
301 }
302 
ComputeDigest(const X509 * x509,const std::string & algorithm,unsigned char * digest,size_t size,size_t * length)303 bool OpenSSLCertificate::ComputeDigest(const X509* x509,
304                                        const std::string& algorithm,
305                                        unsigned char* digest,
306                                        size_t size,
307                                        size_t* length) {
308   const EVP_MD* md;
309   unsigned int n;
310 
311   if (!OpenSSLDigest::GetDigestEVP(algorithm, &md))
312     return false;
313 
314   if (size < static_cast<size_t>(EVP_MD_size(md)))
315     return false;
316 
317   X509_digest(x509, md, digest, &n);
318 
319   *length = n;
320 
321   return true;
322 }
323 
~OpenSSLCertificate()324 OpenSSLCertificate::~OpenSSLCertificate() {
325   X509_free(x509_);
326 }
327 
GetReference() const328 OpenSSLCertificate* OpenSSLCertificate::GetReference() const {
329   return new OpenSSLCertificate(x509_);
330 }
331 
ToPEMString() const332 std::string OpenSSLCertificate::ToPEMString() const {
333   BIO* bio = BIO_new(BIO_s_mem());
334   if (!bio) {
335     FATAL() << "unreachable code";
336   }
337   if (!PEM_write_bio_X509(bio, x509_)) {
338     BIO_free(bio);
339     FATAL() << "unreachable code";
340   }
341   BIO_write(bio, "\0", 1);
342   char* buffer;
343   BIO_get_mem_data(bio, &buffer);
344   std::string ret(buffer);
345   BIO_free(bio);
346   return ret;
347 }
348 
ToDER(Buffer * der_buffer) const349 void OpenSSLCertificate::ToDER(Buffer* der_buffer) const {
350   // In case of failure, make sure to leave the buffer empty.
351   der_buffer->SetSize(0);
352 
353   // Calculates the DER representation of the certificate, from scratch.
354   BIO* bio = BIO_new(BIO_s_mem());
355   if (!bio) {
356     FATAL() << "unreachable code";
357   }
358   if (!i2d_X509_bio(bio, x509_)) {
359     BIO_free(bio);
360     FATAL() << "unreachable code";
361   }
362   char* data;
363   size_t length = BIO_get_mem_data(bio, &data);
364   der_buffer->SetData(data, length);
365   BIO_free(bio);
366 }
367 
AddReference() const368 void OpenSSLCertificate::AddReference() const {
369   ASSERT(x509_ != NULL);
370 #if defined(OPENSSL_IS_BORINGSSL)
371   X509_up_ref(x509_);
372 #else
373   CRYPTO_add(&x509_->references, 1, CRYPTO_LOCK_X509);
374 #endif
375 }
376 
377 // Documented in sslidentity.h.
CertificateExpirationTime() const378 int64_t OpenSSLCertificate::CertificateExpirationTime() const {
379   ASN1_TIME* expire_time = X509_get_notAfter(x509_);
380   bool long_format;
381 
382   if (expire_time->type == V_ASN1_UTCTIME) {
383     long_format = false;
384   } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) {
385     long_format = true;
386   } else {
387     return -1;
388   }
389 
390   return ASN1TimeToSec(expire_time->data, expire_time->length, long_format);
391 }
392 
OpenSSLIdentity(OpenSSLKeyPair * key_pair,OpenSSLCertificate * certificate)393 OpenSSLIdentity::OpenSSLIdentity(OpenSSLKeyPair* key_pair,
394                                  OpenSSLCertificate* certificate)
395     : key_pair_(key_pair), certificate_(certificate) {
396   ASSERT(key_pair != NULL);
397   ASSERT(certificate != NULL);
398 }
399 
400 OpenSSLIdentity::~OpenSSLIdentity() = default;
401 
GenerateInternal(const SSLIdentityParams & params)402 OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
403     const SSLIdentityParams& params) {
404   OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_params);
405   if (key_pair) {
406     OpenSSLCertificate* certificate =
407         OpenSSLCertificate::Generate(key_pair, params);
408     if (certificate)
409       return new OpenSSLIdentity(key_pair, certificate);
410     delete key_pair;
411   }
412   LOG(LS_INFO) << "Identity generation failed";
413   return NULL;
414 }
415 
Generate(const std::string & common_name,const KeyParams & key_params)416 OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name,
417                                            const KeyParams& key_params) {
418   SSLIdentityParams params;
419   params.key_params = key_params;
420   params.common_name = common_name;
421   time_t now = time(NULL);
422   params.not_before = now + CERTIFICATE_WINDOW;
423   params.not_after = now + CERTIFICATE_LIFETIME;
424   return GenerateInternal(params);
425 }
426 
GenerateForTest(const SSLIdentityParams & params)427 OpenSSLIdentity* OpenSSLIdentity::GenerateForTest(
428     const SSLIdentityParams& params) {
429   return GenerateInternal(params);
430 }
431 
FromPEMStrings(const std::string & private_key,const std::string & certificate)432 SSLIdentity* OpenSSLIdentity::FromPEMStrings(
433     const std::string& private_key,
434     const std::string& certificate) {
435   scoped_ptr<OpenSSLCertificate> cert(
436       OpenSSLCertificate::FromPEMString(certificate));
437   if (!cert) {
438     LOG(LS_ERROR) << "Failed to create OpenSSLCertificate from PEM string.";
439     return NULL;
440   }
441 
442   BIO* bio = BIO_new_mem_buf(const_cast<char*>(private_key.c_str()), -1);
443   if (!bio) {
444     LOG(LS_ERROR) << "Failed to create a new BIO buffer.";
445     return NULL;
446   }
447   BIO_set_mem_eof_return(bio, 0);
448   EVP_PKEY* pkey =
449       PEM_read_bio_PrivateKey(bio, NULL, NULL, const_cast<char*>("\0"));
450   BIO_free(bio);  // Frees the BIO, but not the pointed-to string.
451 
452   if (!pkey) {
453     LOG(LS_ERROR) << "Failed to create the private key from PEM string.";
454     return NULL;
455   }
456 
457   return new OpenSSLIdentity(new OpenSSLKeyPair(pkey),
458                              cert.release());
459 }
460 
certificate() const461 const OpenSSLCertificate& OpenSSLIdentity::certificate() const {
462   return *certificate_;
463 }
464 
GetReference() const465 OpenSSLIdentity* OpenSSLIdentity::GetReference() const {
466   return new OpenSSLIdentity(key_pair_->GetReference(),
467                              certificate_->GetReference());
468 }
469 
ConfigureIdentity(SSL_CTX * ctx)470 bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) {
471   // 1 is the documented success return code.
472   if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 ||
473      SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) {
474     LogSSLErrors("Configuring key and certificate");
475     return false;
476   }
477   return true;
478 }
479 
480 }  // namespace rtc
481 
482 #endif  // HAVE_OPENSSL_SSL_H
483