// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/ssl/ssl_platform_key_mac.h" #include #include #include #include #include #include #include #include "base/location.h" #include "base/logging.h" #include "base/mac/availability.h" #include "base/mac/foundation_util.h" #include "base/mac/mac_logging.h" #include "base/mac/mac_util.h" #include "base/mac/scoped_cftyperef.h" #include "base/macros.h" #include "base/memory/scoped_policy.h" #include "base/numerics/safe_conversions.h" #include "base/synchronization/lock.h" #include "crypto/mac_security_services_lock.h" #include "crypto/openssl_util.h" #include "net/base/net_errors.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util_mac.h" #include "net/ssl/ssl_platform_key_util.h" #include "net/ssl/ssl_private_key.h" #include "net/ssl/threaded_ssl_private_key.h" #include "third_party/boringssl/src/include/openssl/ecdsa.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/mem.h" #include "third_party/boringssl/src/include/openssl/nid.h" #include "third_party/boringssl/src/include/openssl/rsa.h" #include "third_party/boringssl/src/include/openssl/ssl.h" namespace net { // CSSM functions are deprecated as of OSX 10.7, but have no replacement. // https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1 #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wdeprecated-declarations" namespace { // TODO(davidben): Remove this when we switch to building to the 10.13 // SDK. https://crbug.com/780980 #if !defined(MAC_OS_X_VERSION_10_13) || \ MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_13 API_AVAILABLE(macosx(10.13)) const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA256 = CFSTR("algid:sign:RSA:digest-PSS:SHA256:SHA256:32"); API_AVAILABLE(macosx(10.13)) const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA384 = CFSTR("algid:sign:RSA:digest-PSS:SHA384:SHA384:48"); API_AVAILABLE(macosx(10.13)) const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA512 = CFSTR("algid:sign:RSA:digest-PSS:SHA512:SHA512:64"); #endif class ScopedCSSM_CC_HANDLE { public: ScopedCSSM_CC_HANDLE() : handle_(0) {} explicit ScopedCSSM_CC_HANDLE(CSSM_CC_HANDLE handle) : handle_(handle) {} ~ScopedCSSM_CC_HANDLE() { reset(); } CSSM_CC_HANDLE get() const { return handle_; } void reset() { if (handle_) CSSM_DeleteContext(handle_); handle_ = 0; } private: CSSM_CC_HANDLE handle_; DISALLOW_COPY_AND_ASSIGN(ScopedCSSM_CC_HANDLE); }; class SSLPlatformKeyCSSM : public ThreadedSSLPrivateKey::Delegate { public: SSLPlatformKeyCSSM(int type, size_t max_length, SecKeyRef key, const CSSM_KEY* cssm_key) : type_(type), max_length_(max_length), key_(key, base::scoped_policy::RETAIN), cssm_key_(cssm_key) {} ~SSLPlatformKeyCSSM() override {} std::vector GetAlgorithmPreferences() override { return SSLPrivateKey::DefaultAlgorithmPreferences(type_, false /* no PSS */); } Error Sign(uint16_t algorithm, base::span input, std::vector* signature) override { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); CSSM_CSP_HANDLE csp_handle; OSStatus status = SecKeyGetCSPHandle(key_.get(), &csp_handle); if (status != noErr) { OSSTATUS_LOG(WARNING, status); return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } const CSSM_ACCESS_CREDENTIALS* cssm_creds = nullptr; status = SecKeyGetCredentials(key_.get(), CSSM_ACL_AUTHORIZATION_SIGN, kSecCredentialTypeDefault, &cssm_creds); if (status != noErr) { OSSTATUS_LOG(WARNING, status); return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } CSSM_CC_HANDLE cssm_signature_raw = 0; if (CSSM_CSP_CreateSignatureContext( csp_handle, cssm_key_->KeyHeader.AlgorithmId, cssm_creds, cssm_key_, &cssm_signature_raw) != CSSM_OK) { return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } ScopedCSSM_CC_HANDLE cssm_signature(cssm_signature_raw); // Hash the input. const EVP_MD* md = SSL_get_signature_algorithm_digest(algorithm); uint8_t digest[EVP_MAX_MD_SIZE]; unsigned digest_len; if (!md || !EVP_Digest(input.data(), input.size(), digest, &digest_len, md, nullptr)) { return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } CSSM_DATA hash_data; hash_data.Length = digest_len; hash_data.Data = digest; bssl::UniquePtr free_digest_info; if (cssm_key_->KeyHeader.AlgorithmId == CSSM_ALGID_RSA) { // CSSM expects the caller to prepend the DigestInfo. int hash_nid = EVP_MD_type(md); int is_alloced; if (!RSA_add_pkcs1_prefix(&hash_data.Data, &hash_data.Length, &is_alloced, hash_nid, hash_data.Data, hash_data.Length)) { return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } if (is_alloced) free_digest_info.reset(hash_data.Data); // Set RSA blinding. CSSM_CONTEXT_ATTRIBUTE blinding_attr; blinding_attr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING; blinding_attr.AttributeLength = sizeof(uint32_t); blinding_attr.Attribute.Uint32 = 1; if (CSSM_UpdateContextAttributes(cssm_signature.get(), 1, &blinding_attr) != CSSM_OK) { return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } } signature->resize(max_length_); CSSM_DATA signature_data; signature_data.Length = signature->size(); signature_data.Data = signature->data(); if (CSSM_SignData(cssm_signature.get(), &hash_data, 1, CSSM_ALGID_NONE, &signature_data) != CSSM_OK) { return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } signature->resize(signature_data.Length); return OK; } private: int type_; size_t max_length_; base::ScopedCFTypeRef key_; const CSSM_KEY* cssm_key_; DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyCSSM); }; // Returns the corresponding SecKeyAlgorithm or nullptr if unrecognized. API_AVAILABLE(macosx(10.12)) SecKeyAlgorithm GetSecKeyAlgorithm(uint16_t algorithm) { switch (algorithm) { case SSL_SIGN_RSA_PKCS1_SHA512: return kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512; case SSL_SIGN_RSA_PKCS1_SHA384: return kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384; case SSL_SIGN_RSA_PKCS1_SHA256: return kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256; case SSL_SIGN_RSA_PKCS1_SHA1: return kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1; case SSL_SIGN_RSA_PKCS1_MD5_SHA1: return kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw; case SSL_SIGN_ECDSA_SECP521R1_SHA512: return kSecKeyAlgorithmECDSASignatureDigestX962SHA512; case SSL_SIGN_ECDSA_SECP384R1_SHA384: return kSecKeyAlgorithmECDSASignatureDigestX962SHA384; case SSL_SIGN_ECDSA_SECP256R1_SHA256: return kSecKeyAlgorithmECDSASignatureDigestX962SHA256; case SSL_SIGN_ECDSA_SHA1: return kSecKeyAlgorithmECDSASignatureDigestX962SHA1; } if (__builtin_available(macOS 10.13, *)) { switch (algorithm) { case SSL_SIGN_RSA_PSS_SHA512: return kSecKeyAlgorithmRSASignatureDigestPSSSHA512; case SSL_SIGN_RSA_PSS_SHA384: return kSecKeyAlgorithmRSASignatureDigestPSSSHA384; case SSL_SIGN_RSA_PSS_SHA256: return kSecKeyAlgorithmRSASignatureDigestPSSSHA256; } } return nullptr; } class API_AVAILABLE(macosx(10.12)) SSLPlatformKeySecKey : public ThreadedSSLPrivateKey::Delegate { public: SSLPlatformKeySecKey(int type, size_t max_length, SecKeyRef key) : key_(key, base::scoped_policy::RETAIN) { // Determine the algorithms supported by the key. for (uint16_t algorithm : SSLPrivateKey::DefaultAlgorithmPreferences( type, true /* include PSS */)) { SecKeyAlgorithm sec_algorithm = GetSecKeyAlgorithm(algorithm); if (sec_algorithm && SecKeyIsAlgorithmSupported(key_.get(), kSecKeyOperationTypeSign, sec_algorithm)) { preferences_.push_back(algorithm); } } } ~SSLPlatformKeySecKey() override {} std::vector GetAlgorithmPreferences() override { return preferences_; } Error Sign(uint16_t algorithm, base::span input, std::vector* signature) override { SecKeyAlgorithm sec_algorithm = GetSecKeyAlgorithm(algorithm); if (!sec_algorithm) { NOTREACHED(); return ERR_FAILED; } const EVP_MD* md = SSL_get_signature_algorithm_digest(algorithm); uint8_t digest[EVP_MAX_MD_SIZE]; unsigned digest_len; if (!md || !EVP_Digest(input.data(), input.size(), digest, &digest_len, md, nullptr)) { return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } base::ScopedCFTypeRef digest_ref(CFDataCreateWithBytesNoCopy( kCFAllocatorDefault, digest, base::checked_cast(digest_len), kCFAllocatorNull)); base::ScopedCFTypeRef error; base::ScopedCFTypeRef signature_ref(SecKeyCreateSignature( key_, sec_algorithm, digest_ref, error.InitializeInto())); if (!signature_ref) { LOG(ERROR) << error; return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } signature->assign( CFDataGetBytePtr(signature_ref), CFDataGetBytePtr(signature_ref) + CFDataGetLength(signature_ref)); return OK; } private: std::vector preferences_; base::ScopedCFTypeRef key_; DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeySecKey); }; scoped_refptr CreateSSLPrivateKeyForSecKey( const X509Certificate* certificate, SecKeyRef private_key) { int key_type; size_t max_length; if (!GetClientCertInfo(certificate, &key_type, &max_length)) return nullptr; if (__builtin_available(macOS 10.12, *)) { return base::MakeRefCounted( std::make_unique(key_type, max_length, private_key), GetSSLPlatformKeyTaskRunner()); } const CSSM_KEY* cssm_key; OSStatus status = SecKeyGetCSSMKey(private_key, &cssm_key); if (status != noErr) { OSSTATUS_LOG(WARNING, status); return nullptr; } return base::MakeRefCounted( std::make_unique(key_type, max_length, private_key, cssm_key), GetSSLPlatformKeyTaskRunner()); } } // namespace scoped_refptr CreateSSLPrivateKeyForSecIdentity( const X509Certificate* certificate, SecIdentityRef identity) { base::ScopedCFTypeRef private_key; OSStatus status = SecIdentityCopyPrivateKey(identity, private_key.InitializeInto()); if (status != noErr) { OSSTATUS_LOG(WARNING, status); return nullptr; } return CreateSSLPrivateKeyForSecKey(certificate, private_key.get()); } #pragma clang diagnostic pop // "-Wdeprecated-declarations" } // namespace net