// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/base/keygen_handler.h" #include <Security/SecAsn1Coder.h> #include <Security/SecAsn1Templates.h> #include <Security/Security.h> #include "base/base64.h" #include "base/logging.h" #include "base/mac/scoped_cftyperef.h" #include "base/string_util.h" #include "base/synchronization/lock.h" #include "base/sys_string_conversions.h" #include "crypto/cssm_init.h" #include "crypto/mac_security_services_lock.h" // These are in Security.framework but not declared in a public header. extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[]; extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[]; namespace net { // Declarations of Netscape keygen cert structures for ASN.1 encoding: struct PublicKeyAndChallenge { CSSM_X509_SUBJECT_PUBLIC_KEY_INFO spki; CSSM_DATA challenge_string; }; // This is a copy of the built-in kSecAsn1IA5StringTemplate, but without the // 'streamable' flag, which was causing bogus data to be written. const SecAsn1Template kIA5StringTemplate[] = { { SEC_ASN1_IA5_STRING, 0, NULL, sizeof(CSSM_DATA) } }; static const SecAsn1Template kPublicKeyAndChallengeTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PublicKeyAndChallenge) }, { SEC_ASN1_INLINE, offsetof(PublicKeyAndChallenge, spki), kSecAsn1SubjectPublicKeyInfoTemplate }, { SEC_ASN1_INLINE, offsetof(PublicKeyAndChallenge, challenge_string), kIA5StringTemplate }, { 0 } }; struct SignedPublicKeyAndChallenge { PublicKeyAndChallenge pkac; CSSM_X509_ALGORITHM_IDENTIFIER signature_algorithm; CSSM_DATA signature; }; static const SecAsn1Template kSignedPublicKeyAndChallengeTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SignedPublicKeyAndChallenge) }, { SEC_ASN1_INLINE, offsetof(SignedPublicKeyAndChallenge, pkac), kPublicKeyAndChallengeTemplate }, { SEC_ASN1_INLINE, offsetof(SignedPublicKeyAndChallenge, signature_algorithm), kSecAsn1AlgorithmIDTemplate }, { SEC_ASN1_BIT_STRING, offsetof(SignedPublicKeyAndChallenge, signature) }, { 0 } }; static OSStatus CreateRSAKeyPair(int size_in_bits, SecAccessRef initial_access, SecKeyRef* out_pub_key, SecKeyRef* out_priv_key); static OSStatus SignData(CSSM_DATA data, SecKeyRef private_key, CSSM_DATA* signature); std::string KeygenHandler::GenKeyAndSignChallenge() { std::string result; OSStatus err; SecAccessRef initial_access = NULL; SecKeyRef public_key = NULL; SecKeyRef private_key = NULL; SecAsn1CoderRef coder = NULL; CSSM_DATA signature = {0, NULL}; { if (url_.has_host()) { // TODO(davidben): Use something like "Key generated for // example.com", but localize it. base::mac::ScopedCFTypeRef<CFStringRef> label( base::SysUTF8ToCFStringRef(url_.host())); // Create an initial access object to set the SecAccessRef. This // sets a label on the Keychain dialogs. Pass NULL as the second // argument to use the default trusted list; only allow the // current application to access without user confirmation. err = SecAccessCreate(label, NULL, &initial_access); // If we fail, just continue without a label. if (err) crypto::LogCSSMError("SecAccessCreate", err); } // Create the key-pair. err = CreateRSAKeyPair(key_size_in_bits_, initial_access, &public_key, &private_key); if (err) goto failure; // Get the public key data (DER sequence of modulus, exponent). CFDataRef key_data = NULL; err = SecKeychainItemExport(public_key, kSecFormatBSAFE, 0, NULL, &key_data); if (err) { crypto::LogCSSMError("SecKeychainItemExpor", err); goto failure; } base::mac::ScopedCFTypeRef<CFDataRef> scoped_key_data(key_data); // Create an ASN.1 encoder. err = SecAsn1CoderCreate(&coder); if (err) { crypto::LogCSSMError("SecAsn1CoderCreate", err); goto failure; } // Fill in and DER-encode the PublicKeyAndChallenge: SignedPublicKeyAndChallenge spkac; memset(&spkac, 0, sizeof(spkac)); spkac.pkac.spki.algorithm.algorithm = CSSMOID_RSA; spkac.pkac.spki.subjectPublicKey.Length = CFDataGetLength(key_data) * 8; // interpreted as a _bit_ count spkac.pkac.spki.subjectPublicKey.Data = const_cast<uint8_t*>(CFDataGetBytePtr(key_data)); spkac.pkac.challenge_string.Length = challenge_.length(); spkac.pkac.challenge_string.Data = reinterpret_cast<uint8_t*>(const_cast<char*>(challenge_.data())); CSSM_DATA encoded; err = SecAsn1EncodeItem(coder, &spkac.pkac, kPublicKeyAndChallengeTemplate, &encoded); if (err) { crypto::LogCSSMError("SecAsn1EncodeItem", err); goto failure; } // Compute a signature of the result: err = SignData(encoded, private_key, &signature); if (err) goto failure; spkac.signature.Data = signature.Data; spkac.signature.Length = signature.Length * 8; // a _bit_ count spkac.signature_algorithm.algorithm = CSSMOID_MD5WithRSA; // TODO(snej): MD5 is weak. Can we use SHA1 instead? // See <https://bugzilla.mozilla.org/show_bug.cgi?id=549460> // DER-encode the entire SignedPublicKeyAndChallenge: err = SecAsn1EncodeItem(coder, &spkac, kSignedPublicKeyAndChallengeTemplate, &encoded); if (err) { crypto::LogCSSMError("SecAsn1EncodeItem", err); goto failure; } // Base64 encode the result. std::string input(reinterpret_cast<char*>(encoded.Data), encoded.Length); base::Base64Encode(input, &result); } failure: if (err) LOG(ERROR) << "SSL Keygen failed! OSStatus = " << err; else VLOG(1) << "SSL Keygen succeeded! Output is: " << result; // Remove keys from keychain if asked to during unit testing: if (!stores_key_) { if (public_key) SecKeychainItemDelete(reinterpret_cast<SecKeychainItemRef>(public_key)); if (private_key) SecKeychainItemDelete(reinterpret_cast<SecKeychainItemRef>(private_key)); } // Clean up: free(signature.Data); if (coder) SecAsn1CoderRelease(coder); if (initial_access) CFRelease(initial_access); if (public_key) CFRelease(public_key); if (private_key) CFRelease(private_key); return result; } // Create an RSA key pair with size |size_in_bits|. |initial_access| // is passed as the initial access control list in Keychain. The // public and private keys are placed in |out_pub_key| and // |out_priv_key|, respectively. static OSStatus CreateRSAKeyPair(int size_in_bits, SecAccessRef initial_access, SecKeyRef* out_pub_key, SecKeyRef* out_priv_key) { OSStatus err; SecKeychainRef keychain; err = SecKeychainCopyDefault(&keychain); if (err) { crypto::LogCSSMError("SecKeychainCopyDefault", err); return err; } base::mac::ScopedCFTypeRef<SecKeychainRef> scoped_keychain(keychain); { base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecKeyCreatePair( keychain, CSSM_ALGID_RSA, size_in_bits, 0LL, // public key usage and attributes: CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP, CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, // private key usage and attributes: CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN | CSSM_KEYUSE_UNWRAP, CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE, initial_access, out_pub_key, out_priv_key); } if (err) crypto::LogCSSMError("SecKeyCreatePair", err); return err; } static OSStatus CreateSignatureContext(SecKeyRef key, CSSM_ALGORITHMS algorithm, CSSM_CC_HANDLE* out_cc_handle) { OSStatus err; const CSSM_ACCESS_CREDENTIALS* credentials = NULL; { base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN, kSecCredentialTypeDefault, &credentials); } if (err) { crypto::LogCSSMError("SecKeyGetCredentials", err); return err; } CSSM_CSP_HANDLE csp_handle = 0; { base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecKeyGetCSPHandle(key, &csp_handle); } if (err) { crypto::LogCSSMError("SecKeyGetCSPHandle", err); return err; } const CSSM_KEY* cssm_key = NULL; { base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecKeyGetCSSMKey(key, &cssm_key); } if (err) { crypto::LogCSSMError("SecKeyGetCSSMKey", err); return err; } err = CSSM_CSP_CreateSignatureContext(csp_handle, algorithm, credentials, cssm_key, out_cc_handle); if (err) crypto::LogCSSMError("CSSM_CSP_CreateSignatureContext", err); return err; } static OSStatus SignData(CSSM_DATA data, SecKeyRef private_key, CSSM_DATA* signature) { CSSM_CC_HANDLE cc_handle; OSStatus err = CreateSignatureContext(private_key, CSSM_ALGID_MD5WithRSA, &cc_handle); if (err) { crypto::LogCSSMError("CreateSignatureContext", err); return err; } err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); if (err) crypto::LogCSSMError("CSSM_SignData", err); CSSM_DeleteContext(cc_handle); return err; } } // namespace net