root/net/cert/asn1_util.cc

DEFINITIONS

1. ParseElement
2. GetElement
3. SeekToSPKI
4. ExtractSPKIFromDERCert
5. ExtractSubjectPublicKeyFromSPKI
6. ExtractCRLURLsFromDERCert

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/cert/asn1_util.h"

namespace net {

namespace asn1 {

bool ParseElement(base::StringPiece* in,
                  unsigned tag_value,
                  base::StringPiece* out,
                  unsigned *out_header_len) {
  const uint8* data = reinterpret_cast<const uint8*>(in->data());

  // We don't support kAny and kOptional at the same time.
  if ((tag_value & kAny) && (tag_value & kOptional))
    return false;

  if (in->empty() && (tag_value & kOptional)) {
    if (out_header_len)
      *out_header_len = 0;
    if (out)
      *out = base::StringPiece();
    return true;
  }

  if (in->size() < 2)
    return false;

  if (tag_value != kAny &&
      static_cast<unsigned char>(data[0]) != (tag_value & 0xff)) {
    if (tag_value & kOptional) {
      if (out_header_len)
        *out_header_len = 0;
      if (out)
        *out = base::StringPiece();
      return true;
    }
    return false;
  }

  size_t len = 0;
  if ((data[1] & 0x80) == 0) {
    // short form length
    if (out_header_len)
      *out_header_len = 2;
    len = static_cast<size_t>(data[1]) + 2;
  } else {
    // long form length
    const unsigned num_bytes = data[1] & 0x7f;
    if (num_bytes == 0 || num_bytes > 2)
      return false;
    if (in->size() < 2 + num_bytes)
      return false;
    len = data[2];
    if (num_bytes == 2) {
      if (len == 0) {
        // the length encoding must be minimal.
        return false;
      }
      len <<= 8;
      len += data[3];
    }
    if (len < 128) {
      // the length should have been encoded in short form. This distinguishes
      // DER from BER encoding.
      return false;
    }
    if (out_header_len)
      *out_header_len = 2 + num_bytes;
    len += 2 + num_bytes;
  }

  if (in->size() < len)
    return false;
  if (out)
    *out = base::StringPiece(in->data(), len);
  in->remove_prefix(len);
  return true;
}

bool GetElement(base::StringPiece* in,
                unsigned tag_value,
                base::StringPiece* out) {
  unsigned header_len;
  if (!ParseElement(in, tag_value, out, &header_len))
    return false;
  if (out)
    out->remove_prefix(header_len);
  return true;
}

// SeekToSPKI changes |cert| so that it points to a suffix of the
// TBSCertificate where the suffix begins at the start of the ASN.1
// SubjectPublicKeyInfo value.
static bool SeekToSPKI(base::StringPiece* cert) {
  // From RFC 5280, section 4.1
  //    Certificate  ::=  SEQUENCE  {
  //      tbsCertificate       TBSCertificate,
  //      signatureAlgorithm   AlgorithmIdentifier,
  //      signatureValue       BIT STRING  }

  // TBSCertificate  ::=  SEQUENCE  {
  //      version         [0]  EXPLICIT Version DEFAULT v1,
  //      serialNumber         CertificateSerialNumber,
  //      signature            AlgorithmIdentifier,
  //      issuer               Name,
  //      validity             Validity,
  //      subject              Name,
  //      subjectPublicKeyInfo SubjectPublicKeyInfo,

  base::StringPiece certificate;
  if (!GetElement(cert, kSEQUENCE, &certificate))
    return false;

  // We don't allow junk after the certificate.
  if (!cert->empty())
    return false;

  base::StringPiece tbs_certificate;
  if (!GetElement(&certificate, kSEQUENCE, &tbs_certificate))
    return false;

  if (!GetElement(&tbs_certificate,
                  kOptional | kConstructed | kContextSpecific | 0,
                  NULL)) {
    return false;
  }

  // serialNumber
  if (!GetElement(&tbs_certificate, kINTEGER, NULL))
    return false;
  // signature
  if (!GetElement(&tbs_certificate, kSEQUENCE, NULL))
    return false;
  // issuer
  if (!GetElement(&tbs_certificate, kSEQUENCE, NULL))
    return false;
  // validity
  if (!GetElement(&tbs_certificate, kSEQUENCE, NULL))
    return false;
  // subject
  if (!GetElement(&tbs_certificate, kSEQUENCE, NULL))
    return false;
  *cert = tbs_certificate;
  return true;
}

bool ExtractSPKIFromDERCert(base::StringPiece cert,
                            base::StringPiece* spki_out) {
  if (!SeekToSPKI(&cert))
    return false;
  if (!ParseElement(&cert, kSEQUENCE, spki_out, NULL))
    return false;
  return true;
}

bool ExtractSubjectPublicKeyFromSPKI(base::StringPiece spki,
                                     base::StringPiece* spk_out) {
  // From RFC 5280, Section 4.1
  //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
  //     algorithm            AlgorithmIdentifier,
  //     subjectPublicKey     BIT STRING  }
  //
  //   AlgorithmIdentifier  ::=  SEQUENCE  {
  //     algorithm               OBJECT IDENTIFIER,
  //     parameters              ANY DEFINED BY algorithm OPTIONAL  }

  // Step into SubjectPublicKeyInfo sequence.
  base::StringPiece spki_contents;
  if (!asn1::GetElement(&spki, asn1::kSEQUENCE, &spki_contents))
    return false;

  // Step over algorithm field (a SEQUENCE).
  base::StringPiece algorithm;
  if (!asn1::GetElement(&spki_contents, asn1::kSEQUENCE, &algorithm))
    return false;

  // Extract the subjectPublicKey field.
  if (!asn1::GetElement(&spki_contents, asn1::kBITSTRING, spk_out))
    return false;
  return true;
}


bool ExtractCRLURLsFromDERCert(base::StringPiece cert,
                               std::vector<base::StringPiece>* urls_out) {
  urls_out->clear();
  std::vector<base::StringPiece> tmp_urls_out;

  if (!SeekToSPKI(&cert))
    return false;

  // From RFC 5280, section 4.1
  // TBSCertificate  ::=  SEQUENCE  {
  //      ...
  //      subjectPublicKeyInfo SubjectPublicKeyInfo,
  //      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
  //      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
  //      extensions      [3]  EXPLICIT Extensions OPTIONAL

  // subjectPublicKeyInfo
  if (!GetElement(&cert, kSEQUENCE, NULL))
    return false;
  // issuerUniqueID
  if (!GetElement(&cert, kOptional | kConstructed | kContextSpecific | 1, NULL))
    return false;
  // subjectUniqueID
  if (!GetElement(&cert, kOptional | kConstructed | kContextSpecific | 2, NULL))
    return false;

  base::StringPiece extensions_seq;
  if (!GetElement(&cert, kOptional | kConstructed | kContextSpecific | 3,
                  &extensions_seq)) {
    return false;
  }

  if (extensions_seq.empty())
    return true;

  // Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
  // Extension   ::=  SEQUENCE  {
  //      extnID      OBJECT IDENTIFIER,
  //      critical    BOOLEAN DEFAULT FALSE,
  //      extnValue   OCTET STRING

  // |extensions_seq| was EXPLICITly tagged, so we still need to remove the
  // ASN.1 SEQUENCE header.
  base::StringPiece extensions;
  if (!GetElement(&extensions_seq, kSEQUENCE, &extensions))
    return false;

  while (extensions.size() > 0) {
    base::StringPiece extension;
    if (!GetElement(&extensions, kSEQUENCE, &extension))
      return false;

    base::StringPiece oid;
    if (!GetElement(&extension, kOID, &oid))
      return false;

    // kCRLDistributionPointsOID is the DER encoding of the OID for the X.509
    // CRL Distribution Points extension.
    static const uint8 kCRLDistributionPointsOID[] = {0x55, 0x1d, 0x1f};

    if (oid.size() != sizeof(kCRLDistributionPointsOID) ||
        memcmp(oid.data(), kCRLDistributionPointsOID, oid.size()) != 0) {
      continue;
    }

    // critical
    GetElement(&extension, kBOOLEAN, NULL);

    // extnValue
    base::StringPiece extension_value;
    if (!GetElement(&extension, kOCTETSTRING, &extension_value))
      return false;

    // RFC 5280, section 4.2.1.13.
    //
    // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
    //
    // DistributionPoint ::= SEQUENCE {
    //  distributionPoint       [0]     DistributionPointName OPTIONAL,
    //  reasons                 [1]     ReasonFlags OPTIONAL,
    //  cRLIssuer               [2]     GeneralNames OPTIONAL }

    base::StringPiece distribution_points;
    if (!GetElement(&extension_value, kSEQUENCE, &distribution_points))
      return false;

    while (distribution_points.size() > 0) {
      base::StringPiece distrib_point;
      if (!GetElement(&distribution_points, kSEQUENCE, &distrib_point))
        return false;

      base::StringPiece name;
      if (!GetElement(&distrib_point, kContextSpecific | kConstructed | 0,
                      &name)) {
        // If it doesn't contain a name then we skip it.
        continue;
      }

      if (GetElement(&distrib_point, kContextSpecific | 1, NULL)) {
        // If it contains a subset of reasons then we skip it. We aren't
        // interested in subsets of CRLs and the RFC states that there MUST be
        // a CRL that covers all reasons.
        continue;
      }

      if (GetElement(&distrib_point,
                     kContextSpecific | kConstructed | 2, NULL)) {
        // If it contains a alternative issuer, then we skip it.
        continue;
      }

      // DistributionPointName ::= CHOICE {
      //   fullName                [0]     GeneralNames,
      //   nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
      base::StringPiece general_names;
      if (!GetElement(&name,
                      kContextSpecific | kConstructed | 0, &general_names)) {
        continue;
      }

      // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
      // GeneralName ::= CHOICE {
      //   ...
      //   uniformResourceIdentifier [6]  IA5String,
      //   ...
      while (general_names.size() > 0) {
        base::StringPiece url;
        if (GetElement(&general_names, kContextSpecific | 6, &url)) {
          tmp_urls_out.push_back(url);
        } else {
          if (!GetElement(&general_names, kAny, NULL))
            return false;
        }
      }
    }
  }

  urls_out->swap(tmp_urls_out);
  return true;
}

} // namespace asn1

} // namespace net