| // Copyright 2021 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chromeos/ash/components/chaps_util/chaps_util_impl.h" |
| |
| #include <dlfcn.h> |
| #include <keyhi.h> |
| #include <pk11pub.h> |
| #include <pkcs11.h> |
| #include <pkcs11t.h> |
| #include <stdint.h> |
| |
| #include <optional> |
| #include <ostream> |
| #include <string> |
| #include <string_view> |
| #include <vector> |
| |
| #include "base/check.h" |
| #include "base/functional/bind.h" |
| #include "base/functional/callback.h" |
| #include "base/logging.h" |
| #include "base/strings/string_number_conversions.h" |
| #include "chromeos/ash/components/chaps_util/chaps_slot_session.h" |
| #include "crypto/chaps_support.h" |
| #include "crypto/scoped_nss_types.h" |
| #include "third_party/boringssl/src/include/openssl/base.h" |
| #include "third_party/boringssl/src/include/openssl/mem.h" |
| #include "third_party/boringssl/src/include/openssl/pkcs8.h" |
| #include "third_party/boringssl/src/include/openssl/stack.h" |
| |
| namespace chromeos { |
| |
| namespace { |
| |
| // TODO(b/202374261): Move these into a shared header. |
| // Signals to chaps that a generated key should be software-backed. |
| constexpr CK_ATTRIBUTE_TYPE kForceSoftwareAttribute = CKA_VENDOR_DEFINED + 4; |
| // Chaps sets this for keys that are software-backed. |
| constexpr CK_ATTRIBUTE_TYPE kKeyInSoftware = CKA_VENDOR_DEFINED + 5; |
| struct KeyPairHandles { |
| CK_OBJECT_HANDLE public_key; |
| CK_OBJECT_HANDLE private_key; |
| }; |
| |
| using Pkcs11Operation = base::RepeatingCallback<CK_RV()>; |
| |
| // Performs |operation| and handles return values indicating that the PKCS11 |
| // session has been closed by attempting to re-open the |chaps_session|. |
| // This is useful because the session could be closed e.g. because NSS could |
| // have called C_CloseAllSessions. |
| bool PerformWithRetries(ChapsSlotSession* chaps_session, |
| std::string_view operation_name, |
| const Pkcs11Operation& operation) { |
| const int kMaxAttempts = 5; |
| |
| for (int attempt = 0; attempt < kMaxAttempts; ++attempt) { |
| CK_RV result = operation.Run(); |
| if (result == CKR_OK) { |
| return true; |
| } |
| if (result != CKR_SESSION_HANDLE_INVALID && result != CKR_SESSION_CLOSED) { |
| LOG(ERROR) << operation_name << " failed with " << result; |
| return false; |
| } |
| if (!chaps_session->ReopenSession()) { |
| return false; |
| } |
| } |
| LOG(ERROR) << operation_name << " failed"; |
| return false; |
| } |
| |
| // Uses |chaps_session| to generate a software-backed RSA key pair with modulus |
| // length |num_bits|. |
| std::optional<KeyPairHandles> GenerateSoftwareBackedRSAKeyPair( |
| ChapsSlotSession* chaps_session, |
| uint16_t num_bits) { |
| CK_ULONG modulus_bits = num_bits; |
| CK_BBOOL true_value = CK_TRUE; |
| CK_BBOOL false_value = CK_FALSE; |
| CK_BYTE public_exponent[3] = {0x01, 0x00, 0x01}; // 65537 |
| |
| // Public key attributes |
| // Note: CKA_ID is set later (computed from the public key modulus) and |
| // CKA_LABEL is not set to match NSS behavior |
| // (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Implement). |
| CK_ATTRIBUTE pub_attributes[] = { |
| {CKA_TOKEN, &true_value, sizeof(true_value)}, |
| {CKA_PRIVATE, &false_value, sizeof(false_value)}, |
| {CKA_VERIFY, &true_value, sizeof(true_value)}, |
| {CKA_MODULUS_BITS, &modulus_bits, sizeof(modulus_bits)}, |
| {CKA_PUBLIC_EXPONENT, public_exponent, sizeof(public_exponent)}}; |
| |
| // Private key attributes |
| // Note: CKA_ID is set later (computed from the public key modulus) and |
| // CKA_LABEL is not set to match NSS behavior |
| // (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Implement). |
| CK_ATTRIBUTE priv_attributes[] = { |
| {CKA_TOKEN, &true_value, sizeof(true_value)}, |
| {CKA_PRIVATE, &true_value, sizeof(true_value)}, |
| {CKA_SENSITIVE, &true_value, sizeof(true_value)}, |
| {CKA_EXTRACTABLE, &false_value, sizeof(false_value)}, |
| {kForceSoftwareAttribute, &true_value, sizeof(true_value)}, |
| {CKA_SIGN, &true_value, sizeof(true_value)}}; |
| CK_MECHANISM mechanism = {CKM_RSA_PKCS_KEY_PAIR_GEN, /* pParameter */ nullptr, |
| /* ulParameterLen*/ 0}; |
| |
| KeyPairHandles key_pair; |
| |
| if (!PerformWithRetries( |
| chaps_session, "GenerateKeyPair", |
| base::BindRepeating(&ChapsSlotSession::GenerateKeyPair, |
| base::Unretained(chaps_session), &mechanism, |
| pub_attributes, std::size(pub_attributes), |
| priv_attributes, std::size(priv_attributes), |
| &(key_pair.public_key), |
| &(key_pair.private_key)))) { |
| return {}; |
| } |
| return key_pair; |
| } |
| |
| // Read the modulus of the public key identified by |pub_key_handle| and return |
| // it. |
| std::optional<std::vector<CK_BYTE>> ExtractModulus( |
| ChapsSlotSession* chaps_session, |
| CK_OBJECT_HANDLE pub_key_handle) { |
| std::vector<CK_BYTE> modulus(256); |
| CK_ATTRIBUTE attrs_get_modulus[] = { |
| {CKA_MODULUS, modulus.data(), modulus.size()}}; |
| if (!PerformWithRetries( |
| chaps_session, "GetAttributeValue", |
| base::BindRepeating(&ChapsSlotSession::GetAttributeValue, |
| base::Unretained(chaps_session), pub_key_handle, |
| attrs_get_modulus, |
| std::size(attrs_get_modulus)))) { |
| return {}; |
| } |
| return modulus; |
| } |
| |
| crypto::ScopedSECItem MakeIdFromPubKeyNss( |
| const std::vector<uint8_t>& public_key_bytes) { |
| SECItem secitem_modulus; |
| secitem_modulus.data = const_cast<uint8_t*>(public_key_bytes.data()); |
| secitem_modulus.len = public_key_bytes.size(); |
| return crypto::ScopedSECItem(PK11_MakeIDFromPubKey(&secitem_modulus)); |
| } |
| |
| // Read the modulus of the public key identified by |pub_key_handle| and return |
| // it. |
| std::optional<bool> IsKeySoftwareBacked(ChapsSlotSession* chaps_session, |
| CK_OBJECT_HANDLE private_key_handle) { |
| CK_BBOOL key_in_software = CK_FALSE; |
| CK_ATTRIBUTE attrs_get_key_in_software[] = { |
| {kKeyInSoftware, &key_in_software, sizeof(key_in_software)}}; |
| if (!PerformWithRetries( |
| chaps_session, "GetAttributeValue", |
| base::BindRepeating(&ChapsSlotSession::GetAttributeValue, |
| base::Unretained(chaps_session), |
| private_key_handle, attrs_get_key_in_software, |
| std::size(attrs_get_key_in_software)))) { |
| return {}; |
| } |
| return key_in_software; |
| } |
| |
| // Create the CKA_ID value that NSS would use for |key_pair| and return it. |
| crypto::ScopedSECItem CreateNssCkaId(ChapsSlotSession* chaps_session, |
| const KeyPairHandles& key_pair) { |
| auto modulus = ExtractModulus(chaps_session, key_pair.public_key); |
| if (!modulus) { |
| return nullptr; |
| } |
| return MakeIdFromPubKeyNss(modulus.value()); |
| } |
| |
| // Set the CKA_ID attribute of the public and private key objects in |key_pair| |
| // to |cka_id|. |
| bool SetCkaId(ChapsSlotSession* chaps_session, |
| KeyPairHandles& key_pair, |
| SECItem* cka_id) { |
| CK_ATTRIBUTE attrs_set_id[] = {{CKA_ID, cka_id->data, cka_id->len}}; |
| if (!PerformWithRetries( |
| chaps_session, "SetAttributeValue", |
| base::BindRepeating(&ChapsSlotSession::SetAttributeValue, |
| base::Unretained(chaps_session), |
| key_pair.private_key, attrs_set_id, |
| std::size(attrs_set_id)))) { |
| return false; |
| } |
| if (!PerformWithRetries( |
| chaps_session, "SetAttributeValue", |
| base::BindRepeating(&ChapsSlotSession::SetAttributeValue, |
| base::Unretained(chaps_session), |
| key_pair.public_key, attrs_set_id, |
| std::size(attrs_set_id)))) { |
| return false; |
| } |
| return true; |
| } |
| |
| } // namespace |
| |
| ChapsUtilImpl::ChapsUtilImpl( |
| std::unique_ptr<ChapsSlotSessionFactory> chaps_slot_session_factory) |
| : chaps_slot_session_factory_(std::move(chaps_slot_session_factory)) {} |
| ChapsUtilImpl::~ChapsUtilImpl() = default; |
| |
| bool ChapsUtilImpl::GenerateSoftwareBackedRSAKey( |
| PK11SlotInfo* slot, |
| uint16_t num_bits, |
| crypto::ScopedSECKEYPublicKey* out_public_key, |
| crypto::ScopedSECKEYPrivateKey* out_private_key) { |
| DCHECK(out_public_key); |
| DCHECK(out_private_key); |
| |
| std::unique_ptr<ChapsSlotSession> chaps_session = |
| GetChapsSlotSessionForSlot(slot); |
| if (!chaps_session) { |
| return false; |
| } |
| |
| std::optional<KeyPairHandles> key_pair = |
| GenerateSoftwareBackedRSAKeyPair(chaps_session.get(), num_bits); |
| if (!key_pair) { |
| return false; |
| } |
| |
| // Safety check that software-backed key generation was triggered. |
| std::optional<bool> is_software_backed = |
| IsKeySoftwareBacked(chaps_session.get(), key_pair->private_key); |
| if (!is_software_backed || !is_software_backed.value()) { |
| return false; |
| } |
| |
| crypto::ScopedSECItem cka_id = |
| CreateNssCkaId(chaps_session.get(), key_pair.value()); |
| if (!cka_id) { |
| return false; |
| } |
| if (!SetCkaId(chaps_session.get(), key_pair.value(), cka_id.get())) { |
| return false; |
| } |
| |
| out_private_key->reset(PK11_FindKeyByKeyID(slot, cka_id.get(), nullptr)); |
| if (!*out_private_key) { |
| LOG(ERROR) << "Failed to find private key."; |
| return false; |
| } |
| out_public_key->reset(SECKEY_ConvertToPublicKey(out_private_key->get())); |
| if (!*out_public_key) { |
| LOG(ERROR) << "Failed to extract public key."; |
| return false; |
| } |
| return true; |
| } |
| |
| std::unique_ptr<ChapsSlotSession> ChapsUtilImpl::GetChapsSlotSessionForSlot( |
| PK11SlotInfo* slot) { |
| if (!slot || (!is_chaps_provided_slot_for_testing_ && |
| !crypto::IsSlotProvidedByChaps(slot))) { |
| return nullptr; |
| } |
| |
| // Note that ChapsSlotSession(Factory) expects something else to have called |
| // C_Initialize. It is a safe assumption that NSS has called C_Initialize for |
| // chaps if |slot| is actually a chaps-provided slot, which is verified above. |
| return chaps_slot_session_factory_->CreateChapsSlotSession( |
| PK11_GetSlotID(slot)); |
| } |
| |
| } // namespace chromeos |
