crypto/x509_generator.cpp - platform/packages/modules/adb - Git at Google

 /*
  * Copyright (C) 2019 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include "adb/crypto/x509_generator.h"

 #include <vector>

 #include <android-base/logging.h>
 #include <crypto_utils/android_pubkey.h>
 #include <openssl/bn.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>

 namespace adb {
 namespace crypto {

 namespace {

 const char kBasicConstraints[] = "critical,CA:TRUE";
 const char kKeyUsage[] = "critical,keyCertSign,cRLSign,digitalSignature";
 const char kSubjectKeyIdentifier[] = "hash";
 constexpr int kCertLifetimeSeconds = 10 * 365 * 24 * 60 * 60;

 bool add_ext(X509* cert, int nid, const char* value) {
     size_t len = strlen(value) + 1;
     std::vector<char> mutableValue(value, value + len);
     X509V3_CTX context;

     X509V3_set_ctx_nodb(&context);

     X509V3_set_ctx(&context, cert, cert, nullptr, nullptr, 0);
     X509_EXTENSION* ex = X509V3_EXT_nconf_nid(nullptr, &context, nid, mutableValue.data());
     if (!ex) {
         return false;
     }

     X509_add_ext(cert, ex, -1);
     X509_EXTENSION_free(ex);
     return true;
 }

 }  // namespace

 bssl::UniquePtr<X509> GenerateX509Certificate(EVP_PKEY* pkey) {
     CHECK(pkey);
     bssl::UniquePtr<X509> x509(X509_new());
     if (!x509) {
         LOG(ERROR) << "Unable to allocate x509 container";
         return nullptr;
     }
     X509_set_version(x509.get(), 2);

     ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), 1);
     X509_gmtime_adj(X509_get_notBefore(x509.get()), 0);
     X509_gmtime_adj(X509_get_notAfter(x509.get()), kCertLifetimeSeconds);

     if (!X509_set_pubkey(x509.get(), pkey)) {
         LOG(ERROR) << "Unable to set x509 public key";
         return nullptr;
     }

     X509_NAME* name = X509_get_subject_name(x509.get());
     if (!name) {
         LOG(ERROR) << "Unable to get x509 subject name";
         return nullptr;
     }
     X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
                                reinterpret_cast<const unsigned char*>("US"), -1, -1, 0);
     X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
                                reinterpret_cast<const unsigned char*>("Android"), -1, -1, 0);
     X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
                                reinterpret_cast<const unsigned char*>("Adb"), -1, -1, 0);
     if (!X509_set_issuer_name(x509.get(), name)) {
         LOG(ERROR) << "Unable to set x509 issuer name";
         return nullptr;
     }

     add_ext(x509.get(), NID_basic_constraints, kBasicConstraints);
     add_ext(x509.get(), NID_key_usage, kKeyUsage);
     add_ext(x509.get(), NID_subject_key_identifier, kSubjectKeyIdentifier);

     int bytes = X509_sign(x509.get(), pkey, EVP_sha256());
     if (bytes <= 0) {
         LOG(ERROR) << "Unable to sign x509 certificate";
         return nullptr;
     }

     return x509;
 }

 std::string X509ToPEMString(X509* x509) {
     bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
     int rc = PEM_write_bio_X509(bio.get(), x509);
     if (rc != 1) {
         LOG(ERROR) << "PEM_write_bio_X509 failed";
         return "";
     }

     BUF_MEM* mem = nullptr;
     BIO_get_mem_ptr(bio.get(), &mem);
     if (!mem || !mem->data || !mem->length) {
         LOG(ERROR) << "BIO_get_mem_ptr failed";
         return "";
     }

     return std::string(mem->data, mem->length);
 }

 }  // namespace crypto
 }  // namespace adb
	/*
	* Copyright (C) 2019 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#include "adb/crypto/x509_generator.h"

	#include <vector>

	#include <android-base/logging.h>
	#include <crypto_utils/android_pubkey.h>
	#include <openssl/bn.h>
	#include <openssl/pem.h>
	#include <openssl/rsa.h>

	namespace adb {
	namespace crypto {

	namespace {

	const char kBasicConstraints[] = "critical,CA:TRUE";
	const char kKeyUsage[] = "critical,keyCertSign,cRLSign,digitalSignature";
	const char kSubjectKeyIdentifier[] = "hash";
	constexpr int kCertLifetimeSeconds = 10 * 365 * 24 * 60 * 60;

	bool add_ext(X509* cert, int nid, const char* value) {
	size_t len = strlen(value) + 1;
	std::vector<char> mutableValue(value, value + len);
	X509V3_CTX context;

	X509V3_set_ctx_nodb(&context);

	X509V3_set_ctx(&context, cert, cert, nullptr, nullptr, 0);
	X509_EXTENSION* ex = X509V3_EXT_nconf_nid(nullptr, &context, nid, mutableValue.data());
	if (!ex) {
	return false;
	}

	X509_add_ext(cert, ex, -1);
	X509_EXTENSION_free(ex);
	return true;
	}

	} // namespace

	bssl::UniquePtr<X509> GenerateX509Certificate(EVP_PKEY* pkey) {
	CHECK(pkey);
	bssl::UniquePtr<X509> x509(X509_new());
	if (!x509) {
	LOG(ERROR) << "Unable to allocate x509 container";
	return nullptr;
	}
	X509_set_version(x509.get(), 2);

	ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), 1);
	X509_gmtime_adj(X509_get_notBefore(x509.get()), 0);
	X509_gmtime_adj(X509_get_notAfter(x509.get()), kCertLifetimeSeconds);

	if (!X509_set_pubkey(x509.get(), pkey)) {
	LOG(ERROR) << "Unable to set x509 public key";
	return nullptr;
	}

	X509_NAME* name = X509_get_subject_name(x509.get());
	if (!name) {
	LOG(ERROR) << "Unable to get x509 subject name";
	return nullptr;
	}
	X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
	reinterpret_cast<const unsigned char*>("US"), -1, -1, 0);
	X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
	reinterpret_cast<const unsigned char*>("Android"), -1, -1, 0);
	X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
	reinterpret_cast<const unsigned char*>("Adb"), -1, -1, 0);
	if (!X509_set_issuer_name(x509.get(), name)) {
	LOG(ERROR) << "Unable to set x509 issuer name";
	return nullptr;
	}

	add_ext(x509.get(), NID_basic_constraints, kBasicConstraints);
	add_ext(x509.get(), NID_key_usage, kKeyUsage);
	add_ext(x509.get(), NID_subject_key_identifier, kSubjectKeyIdentifier);

	int bytes = X509_sign(x509.get(), pkey, EVP_sha256());
	if (bytes <= 0) {
	LOG(ERROR) << "Unable to sign x509 certificate";
	return nullptr;
	}

	return x509;
	}

	std::string X509ToPEMString(X509* x509) {
	bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
	int rc = PEM_write_bio_X509(bio.get(), x509);
	if (rc != 1) {
	LOG(ERROR) << "PEM_write_bio_X509 failed";
	return "";
	}

	BUF_MEM* mem = nullptr;
	BIO_get_mem_ptr(bio.get(), &mem);
	if (!mem \|\| !mem->data \|\| !mem->length) {
	LOG(ERROR) << "BIO_get_mem_ptr failed";
	return "";
	}

	return std::string(mem->data, mem->length);
	}

	} // namespace crypto
	} // namespace adb