blob: 5f44b05dd2a02031b845489877fae869ea25662c [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <cert.h>
#include <keyhi.h>
#include <secoid.h>
#include "base/logging.h"
#include "crypto/scoped_nss_types.h"
#include "net/cert/sha256_legacy_support_win.h"
namespace net {
namespace sha256_interception {
BOOL CryptVerifyCertificateSignatureExHook(
CryptVerifyCertificateSignatureExFunc original_func,
DWORD encoding_type,
DWORD subject_type,
void* subject_data,
DWORD issuer_type,
void* issuer_data,
DWORD flags,
void* extra) {
// Only intercept if the arguments are supported.
if (provider != NULL || (encoding_type != X509_ASN_ENCODING) ||
!IsSupportedSubjectType(subject_type) || subject_data == NULL ||
!IsSupportedIssuerType(issuer_type) || issuer_data == NULL) {
return original_func(provider, encoding_type, subject_type, subject_data,
issuer_type, issuer_data, flags, extra);
base::StringPiece subject_signature =
GetSubjectSignature(subject_type, subject_data);
bool should_intercept = false;
crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
CERTSignedData signed_data;
memset(&signed_data, 0, sizeof(signed_data));
// Attempt to decode the subject using the generic "Signed Data" template,
// which all of the supported subject types match. If the signature
// algorithm is RSA with one of the SHA-2 algorithms supported by NSS
// (excluding SHA-224, which is pointless), then defer to the NSS
// implementation. Otherwise, fall back and let the OS handle it (e.g.
// in case there are any algorithm policies in effect).
if (!subject_signature.empty()) {
SECItem subject_sig_item; = const_cast<unsigned char*>(
reinterpret_cast<const unsigned char*>(;
subject_sig_item.len = subject_signature.size();
SECStatus rv = SEC_QuickDERDecodeItem(
arena.get(), &signed_data, SEC_ASN1_GET(CERT_SignedDataTemplate),
if (rv == SECSuccess) {
SECOidTag signature_alg =
if (signature_alg == SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION ||
signature_alg == SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION ||
signature_alg == SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION) {
should_intercept = true;
if (!should_intercept) {
return original_func(provider, encoding_type, subject_type, subject_data,
issuer_type, issuer_data, flags, extra);
// Rather than attempting to synthesize a CERTSubjectPublicKeyInfo by hand,
// just force the OS to do an ASN.1 encoding and then decode it back into
// NSS. This is silly for performance, but safest for consistency.
PCERT_PUBLIC_KEY_INFO issuer_public_key =
GetIssuerPublicKey(issuer_type, issuer_data);
if (!issuer_public_key) {
return FALSE;
unsigned char* issuer_spki_data = NULL;
DWORD issuer_spki_len = 0;
if (!CryptEncodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO,
issuer_public_key, CRYPT_ENCODE_ALLOC_FLAG, NULL,
&issuer_spki_data, &issuer_spki_len)) {
return FALSE;
SECItem nss_issuer_spki; = issuer_spki_data;
nss_issuer_spki.len = issuer_spki_len;
CERTSubjectPublicKeyInfo* spki =
if (!spki) {
return FALSE;
// Attempt to actually verify the signed data. If it fails, synthesize the
// failure as a generic "bad signature" and let CryptoAPI handle the rest.
SECStatus rv = CERT_VerifySignedDataWithPublicKeyInfo(
&signed_data, spki, NULL);
if (rv != SECSuccess) {
return FALSE;
return TRUE;
} // namespace sha256_interception
} // namespace net