| // Copyright 2015 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/ssl/ssl_platform_key_mac.h" |
| |
| #include <CoreFoundation/CoreFoundation.h> |
| #include <Security/SecBase.h> |
| #include <Security/SecCertificate.h> |
| #include <Security/SecIdentity.h> |
| #include <Security/SecKey.h> |
| |
| #include <memory> |
| #include <optional> |
| #include <utility> |
| #include <vector> |
| |
| #include "base/apple/foundation_util.h" |
| #include "base/apple/osstatus_logging.h" |
| #include "base/apple/scoped_cftyperef.h" |
| #include "base/containers/span.h" |
| #include "base/logging.h" |
| #include "base/mac/mac_util.h" |
| #include "base/memory/scoped_policy.h" |
| #include "base/numerics/safe_conversions.h" |
| #include "crypto/openssl_util.h" |
| #include "net/base/net_errors.h" |
| #include "net/cert/x509_certificate.h" |
| #include "net/cert/x509_util_apple.h" |
| #include "net/ssl/ssl_platform_key_util.h" |
| #include "net/ssl/ssl_private_key.h" |
| #include "net/ssl/threaded_ssl_private_key.h" |
| #include "third_party/boringssl/src/include/openssl/evp.h" |
| #include "third_party/boringssl/src/include/openssl/mem.h" |
| #include "third_party/boringssl/src/include/openssl/nid.h" |
| #include "third_party/boringssl/src/include/openssl/rsa.h" |
| #include "third_party/boringssl/src/include/openssl/ssl.h" |
| |
| namespace net { |
| |
| namespace { |
| |
| // Returns the corresponding SecKeyAlgorithm or nullptr if unrecognized. |
| SecKeyAlgorithm GetSecKeyAlgorithm(uint16_t algorithm) { |
| switch (algorithm) { |
| case SSL_SIGN_RSA_PKCS1_SHA512: |
| return kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512; |
| case SSL_SIGN_RSA_PKCS1_SHA384: |
| return kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384; |
| case SSL_SIGN_RSA_PKCS1_SHA256: |
| return kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256; |
| case SSL_SIGN_RSA_PKCS1_SHA1: |
| return kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1; |
| case SSL_SIGN_ECDSA_SECP521R1_SHA512: |
| return kSecKeyAlgorithmECDSASignatureDigestX962SHA512; |
| case SSL_SIGN_ECDSA_SECP384R1_SHA384: |
| return kSecKeyAlgorithmECDSASignatureDigestX962SHA384; |
| case SSL_SIGN_ECDSA_SECP256R1_SHA256: |
| return kSecKeyAlgorithmECDSASignatureDigestX962SHA256; |
| case SSL_SIGN_ECDSA_SHA1: |
| return kSecKeyAlgorithmECDSASignatureDigestX962SHA1; |
| case SSL_SIGN_RSA_PSS_SHA512: |
| return kSecKeyAlgorithmRSASignatureDigestPSSSHA512; |
| case SSL_SIGN_RSA_PSS_SHA384: |
| return kSecKeyAlgorithmRSASignatureDigestPSSSHA384; |
| case SSL_SIGN_RSA_PSS_SHA256: |
| return kSecKeyAlgorithmRSASignatureDigestPSSSHA256; |
| } |
| |
| return nullptr; |
| } |
| |
| class SSLPlatformKeySecKey : public ThreadedSSLPrivateKey::Delegate { |
| public: |
| SSLPlatformKeySecKey(bssl::UniquePtr<EVP_PKEY> pubkey, SecKeyRef key) |
| : pubkey_(std::move(pubkey)), key_(key, base::scoped_policy::RETAIN) { |
| // Determine the algorithms supported by the key. |
| for (uint16_t algorithm : SSLPrivateKey::DefaultAlgorithmPreferences( |
| EVP_PKEY_id(pubkey_.get()), true /* include PSS */)) { |
| bool unused; |
| if (GetSecKeyAlgorithmWithFallback(algorithm, &unused)) { |
| preferences_.push_back(algorithm); |
| } |
| } |
| } |
| |
| SSLPlatformKeySecKey(const SSLPlatformKeySecKey&) = delete; |
| SSLPlatformKeySecKey& operator=(const SSLPlatformKeySecKey&) = delete; |
| |
| ~SSLPlatformKeySecKey() override = default; |
| |
| std::string GetProviderName() override { |
| // TODO(https://crbug.com/900721): Is there a more descriptive name to |
| // return? |
| return "SecKey"; |
| } |
| |
| std::vector<uint16_t> GetAlgorithmPreferences() override { |
| return preferences_; |
| } |
| |
| Error Sign(uint16_t algorithm, |
| base::span<const uint8_t> input, |
| std::vector<uint8_t>* signature) override { |
| bool pss_fallback = false; |
| SecKeyAlgorithm sec_algorithm = |
| GetSecKeyAlgorithmWithFallback(algorithm, &pss_fallback); |
| if (!sec_algorithm) { |
| // The caller should not request a signature algorithm we do not support. |
| // However, it's possible `key_` previously reported it supported an |
| // algorithm but no longer does. A compromised network service could also |
| // request invalid algorithms, so cleanly fail. |
| LOG(ERROR) << "Unsupported signature algorithm: " << algorithm; |
| return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; |
| } |
| |
| const EVP_MD* md = SSL_get_signature_algorithm_digest(algorithm); |
| uint8_t digest_buf[EVP_MAX_MD_SIZE]; |
| unsigned digest_len; |
| if (!md || !EVP_Digest(input.data(), input.size(), digest_buf, &digest_len, |
| md, nullptr)) { |
| return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; |
| } |
| base::span<const uint8_t> digest = base::make_span(digest_buf, digest_len); |
| |
| std::optional<std::vector<uint8_t>> pss_storage; |
| if (pss_fallback) { |
| // Implement RSA-PSS by adding the padding manually and then using |
| // kSecKeyAlgorithmRSASignatureRaw. |
| DCHECK(SSL_is_signature_algorithm_rsa_pss(algorithm)); |
| DCHECK_EQ(sec_algorithm, kSecKeyAlgorithmRSASignatureRaw); |
| pss_storage = AddPSSPadding(pubkey_.get(), md, digest); |
| if (!pss_storage) { |
| return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; |
| } |
| digest = *pss_storage; |
| } |
| |
| base::apple::ScopedCFTypeRef<CFDataRef> digest_ref( |
| CFDataCreate(kCFAllocatorDefault, digest.data(), |
| base::checked_cast<CFIndex>(digest.size()))); |
| |
| base::apple::ScopedCFTypeRef<CFErrorRef> error; |
| base::apple::ScopedCFTypeRef<CFDataRef> signature_ref(SecKeyCreateSignature( |
| key_.get(), sec_algorithm, digest_ref.get(), error.InitializeInto())); |
| if (!signature_ref) { |
| LOG(ERROR) << error.get(); |
| return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; |
| } |
| |
| signature->assign(CFDataGetBytePtr(signature_ref.get()), |
| CFDataGetBytePtr(signature_ref.get()) + |
| CFDataGetLength(signature_ref.get())); |
| return OK; |
| } |
| |
| private: |
| // Returns the algorithm to use with |algorithm| and this key, or nullptr if |
| // not supported. If the resulting algorithm should be manually padded for |
| // RSA-PSS, |*out_pss_fallback| is set to true. |
| SecKeyAlgorithm GetSecKeyAlgorithmWithFallback(uint16_t algorithm, |
| bool* out_pss_fallback) { |
| SecKeyAlgorithm sec_algorithm = GetSecKeyAlgorithm(algorithm); |
| if (sec_algorithm && |
| SecKeyIsAlgorithmSupported(key_.get(), kSecKeyOperationTypeSign, |
| sec_algorithm)) { |
| *out_pss_fallback = false; |
| return sec_algorithm; |
| } |
| |
| if (SSL_is_signature_algorithm_rsa_pss(algorithm) && |
| SecKeyIsAlgorithmSupported(key_.get(), kSecKeyOperationTypeSign, |
| kSecKeyAlgorithmRSASignatureRaw)) { |
| *out_pss_fallback = true; |
| return kSecKeyAlgorithmRSASignatureRaw; |
| } |
| |
| return nullptr; |
| } |
| |
| std::vector<uint16_t> preferences_; |
| bssl::UniquePtr<EVP_PKEY> pubkey_; |
| base::apple::ScopedCFTypeRef<SecKeyRef> key_; |
| }; |
| |
| } // namespace |
| |
| scoped_refptr<SSLPrivateKey> CreateSSLPrivateKeyForSecKey( |
| const X509Certificate* certificate, |
| SecKeyRef key) { |
| bssl::UniquePtr<EVP_PKEY> pubkey = GetClientCertPublicKey(certificate); |
| if (!pubkey) |
| return nullptr; |
| |
| return base::MakeRefCounted<ThreadedSSLPrivateKey>( |
| std::make_unique<SSLPlatformKeySecKey>(std::move(pubkey), key), |
| GetSSLPlatformKeyTaskRunner()); |
| } |
| |
| scoped_refptr<SSLPrivateKey> WrapUnexportableKey( |
| const crypto::UnexportableSigningKey& unexportable_key) { |
| bssl::UniquePtr<EVP_PKEY> pubkey = |
| ParseSpki(unexportable_key.GetSubjectPublicKeyInfo()); |
| if (!pubkey) { |
| return nullptr; |
| } |
| |
| return base::MakeRefCounted<ThreadedSSLPrivateKey>( |
| std::make_unique<SSLPlatformKeySecKey>(std::move(pubkey), |
| unexportable_key.GetSecKeyRef()), |
| GetSSLPlatformKeyTaskRunner()); |
| } |
| |
| } // namespace net |