net/ssl/openssl_platform_key_win.cc - Issue 1178193002: Sign CertificateVerify messages on a background thread.

Side by Side Diff: net/ssl/openssl_platform_key_win.cc

Issue 1178193002: Sign CertificateVerify messages on a background thread. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: more mac build fix, this is blind while mac checkout syncs Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/ssl/openssl_platform_key.h"

6

7 #include <windows.h>

8 #include <NCrypt.h>

9

10 #include <string.h>

11

12 #include <algorithm>

13 #include <vector>

14

15 #include <openssl/bn.h>

16 #include <openssl/digest.h>

17 #include <openssl/ec_key.h>

18 #include <openssl/err.h>

19 #include <openssl/engine.h>

20 #include <openssl/evp.h>

21 #include <openssl/md5.h>

22 #include <openssl/obj_mac.h>

23 #include <openssl/rsa.h>

24 #include <openssl/sha.h>

25 #include <openssl/x509.h>

26

27 #include "base/debug/debugger.h"

28 #include "base/debug/stack_trace.h"

29 #include "base/lazy_instance.h"

30 #include "base/logging.h"

31 #include "base/memory/scoped_ptr.h"

32 #include "base/win/windows_version.h"

33 #include "crypto/openssl_util.h"

34 #include "crypto/scoped_capi_types.h"

35 #include "crypto/wincrypt_shim.h"

36 #include "net/base/net_errors.h"

37 #include "net/cert/x509_certificate.h"

38 #include "net/ssl/openssl_ssl_util.h"

39 #include "net/ssl/scoped_openssl_types.h"

40

41 namespace net {

42

43 namespace {

44

45 using NCryptFreeObjectFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_HANDLE);

46 using NCryptSignHashFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_KEY_HANDLE, // hKey

47 VOID*, // pPaddingInfo

48 BYTE*, // pbHashValue

49 DWORD, // cbHashValue

50 BYTE*, // pbSignature

51 DWORD, // cbSignature

52 DWORD*, // pcbResult

53 DWORD); // dwFlags

54

55 class CNGFunctions {

56 public:

57 CNGFunctions()

58 : ncrypt_free_object_(nullptr),

59 ncrypt_sign_hash_(nullptr) {

60 HMODULE ncrypt = GetModuleHandle(L"ncrypt.dll");

61 if (ncrypt != nullptr) {

62 ncrypt_free_object_ = reinterpret_cast<NCryptFreeObjectFunc>(

63 GetProcAddress(ncrypt, "NCryptFreeObject"));

64 ncrypt_sign_hash_ = reinterpret_cast<NCryptSignHashFunc>(

65 GetProcAddress(ncrypt, "NCryptSignHash"));

66 }

67 }

68

69 NCryptFreeObjectFunc ncrypt_free_object() const {

70 return ncrypt_free_object_;

71 }

72

73 NCryptSignHashFunc ncrypt_sign_hash() const { return ncrypt_sign_hash_; }

74

75 private:

76 NCryptFreeObjectFunc ncrypt_free_object_;

77 NCryptSignHashFunc ncrypt_sign_hash_;

78 };

79

80 base::LazyInstance<CNGFunctions>::Leaky g_cng_functions =

81 LAZY_INSTANCE_INITIALIZER;

82

83 struct CERT_KEY_CONTEXTDeleter {

84 void operator()(PCERT_KEY_CONTEXT key) {

85 if (key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {

86 g_cng_functions.Get().ncrypt_free_object()(key->hNCryptKey);

87 } else {

88 CryptReleaseContext(key->hCryptProv, 0);

89 }

90 delete key;

91 }

92 };

93

94 using ScopedCERT_KEY_CONTEXT =

95 scoped_ptr<CERT_KEY_CONTEXT, CERT_KEY_CONTEXTDeleter>;

96

97 // KeyExData contains the data that is contained in the EX_DATA of the

98 // RSA and ECDSA objects that are created to wrap Windows system keys.

99 struct KeyExData {

100 KeyExData(ScopedCERT_KEY_CONTEXT key, size_t key_length)

101 : key(key.Pass()), key_length(key_length) {}

102

103 ScopedCERT_KEY_CONTEXT key;

104 size_t key_length;

105 };

106

107 // ExDataDup is called when one of the RSA or EC_KEY objects is

108 // duplicated. This is not supported and should never happen.

109 int ExDataDup(CRYPTO_EX_DATA* to,

110 const CRYPTO_EX_DATA* from,

111 void** from_d,

112 int idx,

113 long argl,

114 void* argp) {

115 CHECK_EQ((void)nullptr, from_d);

116 return 0;

117 }

118

119 // ExDataFree is called when one of the RSA or EC_KEY objects is freed.

120 void ExDataFree(void* parent,

121 void* ptr,

122 CRYPTO_EX_DATA* ex_data,

123 int idx,

124 long argl,

125 void* argp) {

126 KeyExData* data = reinterpret_cast<KeyExData*>(ptr);

127 delete data;

128 }

129

130 extern const RSA_METHOD win_rsa_method;

131 extern const ECDSA_METHOD win_ecdsa_method;

132

133 // BoringSSLEngine is a BoringSSL ENGINE that implements RSA and ECDSA

134 // by forwarding the requested operations to CAPI or CNG.

135 class BoringSSLEngine {

136 public:

137 BoringSSLEngine()

138 : rsa_index_(RSA_get_ex_new_index(0 /* argl */,

139 nullptr /* argp */,

140 nullptr /* new_func */,

141 ExDataDup,

142 ExDataFree)),

143 ec_key_index_(EC_KEY_get_ex_new_index(0 /* argl */,

144 nullptr /* argp */,

145 nullptr /* new_func */,

146 ExDataDup,

147 ExDataFree)),

148 engine_(ENGINE_new()) {

149 ENGINE_set_RSA_method(engine_, &win_rsa_method, sizeof(win_rsa_method));

150 ENGINE_set_ECDSA_method(engine_, &win_ecdsa_method,

151 sizeof(win_ecdsa_method));

152 }

153

154 int rsa_ex_index() const { return rsa_index_; }

155 int ec_key_ex_index() const { return ec_key_index_; }

156

157 const ENGINE* engine() const { return engine_; }

158

159 private:

160 const int rsa_index_;

161 const int ec_key_index_;

162 ENGINE* const engine_;

163 };

164

165 base::LazyInstance<BoringSSLEngine>::Leaky global_boringssl_engine =

166 LAZY_INSTANCE_INITIALIZER;

167

168 // Signs \|in\| with \|key\|, writing the output to \|out\| and the size to \|out_len\|.

169 // Although the buffer is preallocated, this calls NCryptSignHash twice. Some

170 // smartcards are buggy and assume the two-call pattern. See

171 // https://crbug.com/470204. Returns true on success and false on error.

172 bool DoNCryptSignHash(NCRYPT_KEY_HANDLE key,

173 void* padding,

174 const BYTE* in,

175 DWORD in_len,

176 BYTE* out,

177 DWORD max_out,

178 DWORD* out_len,

179 DWORD flags) {

180 // Determine the output length.

181 DWORD signature_len;

182 SECURITY_STATUS ncrypt_status = g_cng_functions.Get().ncrypt_sign_hash()(

183 key, padding, const_cast<BYTE*>(in), in_len, nullptr, 0, &signature_len,

184 flags);

185 if (FAILED(ncrypt_status)) {

186 LOG(ERROR) << "NCryptSignHash failed: " << ncrypt_status;

187 return false;

188 }

189 // Check \|max_out\| externally rather than trust the smartcard.

190 if (signature_len == 0 \|\| signature_len > max_out) {

191 LOG(ERROR) << "Bad signature length.";

192 return false;

193 }

194 // It is important that \|signature_len\| already be initialized with the

195 // correct size. Some smartcards are buggy and do not write to it on the

196 // second call.

197 ncrypt_status = g_cng_functions.Get().ncrypt_sign_hash()(

198 key, padding, const_cast<BYTE*>(in), in_len, out, signature_len,

199 &signature_len, flags);

200 if (FAILED(ncrypt_status)) {

201 LOG(ERROR) << "NCryptSignHash failed: " << ncrypt_status;

202 return false;

203 }

204 if (signature_len == 0) {

205 LOG(ERROR) << "Bad signature length.";

206 return false;

207 }

208 *out_len = signature_len;

209 return true;

210 }

211

212 // Custom RSA_METHOD that uses the platform APIs for signing.

213

214 const KeyExData* RsaGetExData(const RSA* rsa) {

215 return reinterpret_cast<const KeyExData*>(

216 RSA_get_ex_data(rsa, global_boringssl_engine.Get().rsa_ex_index()));

217 }

218

219 size_t RsaMethodSize(const RSA* rsa) {

220 const KeyExData* ex_data = RsaGetExData(rsa);

221 return (ex_data->key_length + 7) / 8;

222 }

223

224 int RsaMethodSign(int hash_nid,

225 const uint8_t* in,

226 unsigned in_len,

227 uint8_t* out,

228 unsigned* out_len,

229 const RSA* rsa) {

230 // TODO(davidben): Switch BoringSSL's sign hook to using size_t rather than

231 // unsigned.

232 const KeyExData* ex_data = RsaGetExData(rsa);

233 if (!ex_data) {

234 NOTREACHED();

235 OPENSSL_PUT_ERROR(RSA, RSA_sign, ERR_R_INTERNAL_ERROR);

236 return 0;

237 }

238

239 if (ex_data->key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {

240 BCRYPT_PKCS1_PADDING_INFO rsa_padding_info;

241 switch (hash_nid) {

242 case NID_md5_sha1:

243 rsa_padding_info.pszAlgId = nullptr;

244 break;

245 case NID_sha1:

246 rsa_padding_info.pszAlgId = BCRYPT_SHA1_ALGORITHM;

247 break;

248 case NID_sha256:

249 rsa_padding_info.pszAlgId = BCRYPT_SHA256_ALGORITHM;

250 break;

251 case NID_sha384:

252 rsa_padding_info.pszAlgId = BCRYPT_SHA384_ALGORITHM;

253 break;

254 case NID_sha512:

255 rsa_padding_info.pszAlgId = BCRYPT_SHA512_ALGORITHM;

256 break;

257 default:

258 OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_UNKNOWN_ALGORITHM_TYPE);

259 return 0;

260 }

261

262 DWORD signature_len;

263 if (!DoNCryptSignHash(ex_data->key->hNCryptKey, &rsa_padding_info, in,

264 in_len, out, RSA_size(rsa), &signature_len,

265 BCRYPT_PAD_PKCS1)) {

266 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

267 return 0;

268 }

269 *out_len = signature_len;

270 return 1;

271 }

272

273 ALG_ID hash_alg;

274 switch (hash_nid) {

275 case NID_md5_sha1:

276 hash_alg = CALG_SSL3_SHAMD5;

277 break;

278 case NID_sha1:

279 hash_alg = CALG_SHA1;

280 break;

281 case NID_sha256:

282 hash_alg = CALG_SHA_256;

283 break;

284 case NID_sha384:

285 hash_alg = CALG_SHA_384;

286 break;

287 case NID_sha512:

288 hash_alg = CALG_SHA_512;

289 break;

290 default:

291 OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_UNKNOWN_ALGORITHM_TYPE);

292 return 0;

293 }

294

295 crypto::ScopedHCRYPTHASH hash;

296 if (!CryptCreateHash(ex_data->key->hCryptProv, hash_alg, 0, 0,

297 hash.receive())) {

298 PLOG(ERROR) << "CreateCreateHash failed";

299 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

300 return 0;

301 }

302 DWORD hash_len;

303 DWORD arg_len = sizeof(hash_len);

304 if (!CryptGetHashParam(hash.get(), HP_HASHSIZE,

305 reinterpret_cast<BYTE*>(&hash_len), &arg_len, 0)) {

306 PLOG(ERROR) << "CryptGetHashParam HP_HASHSIZE failed";

307 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

308 return 0;

309 }

310 if (hash_len != in_len) {

311 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

312 return 0;

313 }

314 if (!CryptSetHashParam(hash.get(), HP_HASHVAL, const_cast<BYTE*>(in), 0)) {

315 PLOG(ERROR) << "CryptSetHashParam HP_HASHVAL failed";

316 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

317 return 0;

318 }

319 DWORD signature_len = RSA_size(rsa);

320 if (!CryptSignHash(hash.get(), ex_data->key->dwKeySpec, nullptr, 0, out,

321 &signature_len)) {

322 PLOG(ERROR) << "CryptSignHash failed";

323 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

324 return 0;

325 }

326

327 /* CryptoAPI signs in little-endian, so reverse it. */

328 std::reverse(out, out + signature_len);

329 *out_len = signature_len;

330 return 1;

331 }

332

333 int RsaMethodEncrypt(RSA* rsa,

334 size_t* out_len,

335 uint8_t* out,

336 size_t max_out,

337 const uint8_t* in,

338 size_t in_len,

339 int padding) {

340 NOTIMPLEMENTED();

341 OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);

342 return 0;

343 }

344

345 int RsaMethodSignRaw(RSA* rsa,

346 size_t* out_len,

347 uint8_t* out,

348 size_t max_out,

349 const uint8_t* in,

350 size_t in_len,

351 int padding) {

352 NOTIMPLEMENTED();

353 OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);

354 return 0;

355 }

356

357 int RsaMethodDecrypt(RSA* rsa,

358 size_t* out_len,

359 uint8_t* out,

360 size_t max_out,

361 const uint8_t* in,

362 size_t in_len,

363 int padding) {

364 NOTIMPLEMENTED();

365 OPENSSL_PUT_ERROR(RSA, decrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);

366 return 0;

367 }

368

369 int RsaMethodVerifyRaw(RSA* rsa,

370 size_t* out_len,

371 uint8_t* out,

372 size_t max_out,

373 const uint8_t* in,

374 size_t in_len,

375 int padding) {

376 NOTIMPLEMENTED();

377 OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_UNKNOWN_ALGORITHM_TYPE);

378 return 0;

379 }

380

381 int RsaMethodSupportsDigest(const RSA* rsa, const EVP_MD* md) {

382 const KeyExData* ex_data = RsaGetExData(rsa);

383 if (!ex_data) {

384 NOTREACHED();

385 return 0;

386 }

387

388 int hash_nid = EVP_MD_type(md);

389 if (ex_data->key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {

390 // Only hashes which appear in RsaSignPKCS1 are supported.

391 if (hash_nid != NID_sha1 && hash_nid != NID_sha256 &&

392 hash_nid != NID_sha384 && hash_nid != NID_sha512) {

393 return 0;

394 }

395

396 // If the key is a 1024-bit RSA, assume conservatively that it may only be

397 // able to sign SHA-1 hashes. This is the case for older Estonian ID cards

398 // that have 1024-bit RSA keys.

399 //

400 // CNG does provide NCryptIsAlgSupported and NCryptEnumAlgorithms functions,

401 // however they seem to both return NTE_NOT_SUPPORTED when querying the

402 // NCRYPT_PROV_HANDLE at the key's NCRYPT_PROVIDER_HANDLE_PROPERTY.

403 if (ex_data->key_length <= 1024 && hash_nid != NID_sha1)

404 return 0;

405

406 return 1;

407 } else {

408 // If the key is in CAPI, assume conservatively that the CAPI service

409 // provider may only be able to sign SHA-1 hashes.

410 return hash_nid == NID_sha1;

411 }

412 }

413

414 const RSA_METHOD win_rsa_method = {

415 {

416 0, // references

417 1, // is_static

418 },

419 nullptr, // app_data

420

421 nullptr, // init

422 nullptr, // finish

423 RsaMethodSize,

424 RsaMethodSign,

425 nullptr, // verify

426 RsaMethodEncrypt,

427 RsaMethodSignRaw,

428 RsaMethodDecrypt,

429 RsaMethodVerifyRaw,

430 nullptr, // private_transform

431 nullptr, // mod_exp

432 nullptr, // bn_mod_exp

433 RSA_FLAG_OPAQUE,

434 nullptr, // keygen

435 nullptr, // multi_prime_keygen

436 RsaMethodSupportsDigest,

437 };

438

439 // Custom ECDSA_METHOD that uses the platform APIs.

440 // Note that for now, only signing through ECDSA_sign() is really supported.

441 // all other method pointers are either stubs returning errors, or no-ops.

442

443 const KeyExData* EcKeyGetExData(const EC_KEY* ec_key) {

444 return reinterpret_cast<const KeyExData*>(EC_KEY_get_ex_data(

445 ec_key, global_boringssl_engine.Get().ec_key_ex_index()));

446 }

447

448 size_t EcdsaMethodGroupOrderSize(const EC_KEY* ec_key) {

449 const KeyExData* ex_data = EcKeyGetExData(ec_key);

450 // key_length is the size of the group order for EC keys.

451 return (ex_data->key_length + 7) / 8;

452 }

453

454 int EcdsaMethodSign(const uint8_t* digest,

455 size_t digest_len,

456 uint8_t* out_sig,

457 unsigned int* out_sig_len,

458 EC_KEY* ec_key) {

459 const KeyExData* ex_data = EcKeyGetExData(ec_key);

460 // Only CNG supports ECDSA.

461 if (!ex_data \|\| ex_data->key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) {

462 NOTREACHED();

463 OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_INTERNAL_ERROR);

464 return 0;

465 }

466

467 // An ECDSA signature is two integers, modulo the order of the group.

468 size_t order_len = (ex_data->key_length + 7) / 8;

469 if (order_len == 0) {

470 NOTREACHED();

471 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

472 return 0;

473 }

474 std::vector<uint8_t> raw_sig(order_len * 2);

475

476 DWORD signature_len;

477 if (!DoNCryptSignHash(ex_data->key->hNCryptKey, nullptr, digest, digest_len,

478 &raw_sig[0], raw_sig.size(), &signature_len, 0)) {

479 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

480 return 0;

481 }

482 if (signature_len != raw_sig.size()) {

483 LOG(ERROR) << "Bad signature length";

484 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

485 return 0;

486 }

487

488 // Convert the RAW ECDSA signature to a DER-encoded ECDSA-Sig-Value.

489 crypto::ScopedECDSA_SIG sig(ECDSA_SIG_new());

490 if (!sig) {

491 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

492 return 0;

493 }

494 sig->r = BN_bin2bn(&raw_sig[0], order_len, nullptr);

495 sig->s = BN_bin2bn(&raw_sig[order_len], order_len, nullptr);

496 if (!sig->r \|\| !sig->s) {

497 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

498 return 0;

499 }

500

501 // Ensure the DER-encoded signature fits in the bounds.

502 int len = i2d_ECDSA_SIG(sig.get(), nullptr);

503 if (len < 0 \|\| static_cast<size_t>(len) > ECDSA_size(ec_key)) {

504 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

505 return 0;

506 }

507

508 len = i2d_ECDSA_SIG(sig.get(), &out_sig);

509 if (len < 0) {

510 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);

511 return 0;

512 }

513 *out_sig_len = len;

514 return 1;

515 }

516

517 int EcdsaMethodVerify(const uint8_t* digest,

518 size_t digest_len,

519 const uint8_t* sig,

520 size_t sig_len,

521 EC_KEY* eckey) {

522 NOTIMPLEMENTED();

523 OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_NOT_IMPLEMENTED);

524 return 0;

525 }

526

527 const ECDSA_METHOD win_ecdsa_method = {

528 {

529 0, // references

530 1, // is_static

531 },

532 nullptr, // app_data

533

534 nullptr, // init

535 nullptr, // finish

536 EcdsaMethodGroupOrderSize,

537 EcdsaMethodSign,

538 EcdsaMethodVerify,

539 ECDSA_FLAG_OPAQUE,

540 };

541

542 // Determines the key type and length of \|certificate\|'s public key. The type is

543 // returned as an OpenSSL EVP_PKEY type. The key length for RSA key is the size

544 // of the RSA modulus in bits. For an ECDSA key, it is the number of bits to

545 // represent the group order. It returns true on success and false on failure.

546 bool GetKeyInfo(const X509Certificate* certificate,

547 int* out_type,

548 size_t* out_length) {

549 crypto::OpenSSLErrStackTracer tracker(FROM_HERE);

550

551 std::string der_encoded;

552 if (!X509Certificate::GetDEREncoded(certificate->os_cert_handle(),

553 &der_encoded))

554 return false;

555 const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());

556 ScopedX509 x509(d2i_X509(NULL, &bytes, der_encoded.size()));

557 if (!x509)

558 return false;

559 crypto::ScopedEVP_PKEY key(X509_get_pubkey(x509.get()));

560 if (!key)

561 return false;

562 *out_type = EVP_PKEY_id(key.get());

563 *out_length = EVP_PKEY_bits(key.get());

564 return true;

565 }

566

567 crypto::ScopedEVP_PKEY CreateRSAWrapper(ScopedCERT_KEY_CONTEXT key,

568 size_t key_length) {

569 crypto::ScopedRSA rsa(RSA_new_method(global_boringssl_engine.Get().engine()));

570 if (!rsa)

571 return nullptr;

572

573 RSA_set_ex_data(rsa.get(), global_boringssl_engine.Get().rsa_ex_index(),

574 new KeyExData(key.Pass(), key_length));

575

576 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());

577 if (!pkey \|\| !EVP_PKEY_set1_RSA(pkey.get(), rsa.get()))

578 return nullptr;

579 return pkey.Pass();

580 }

581

582 crypto::ScopedEVP_PKEY CreateECDSAWrapper(ScopedCERT_KEY_CONTEXT key,

583 size_t key_length) {

584 crypto::ScopedEC_KEY ec_key(

585 EC_KEY_new_method(global_boringssl_engine.Get().engine()));

586 if (!ec_key)

587 return nullptr;

588

589 EC_KEY_set_ex_data(ec_key.get(),

590 global_boringssl_engine.Get().ec_key_ex_index(),

591 new KeyExData(key.Pass(), key_length));

592

593 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());

594 if (!pkey \|\| !EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get()))

595 return nullptr;

596

597 return pkey.Pass();

598 }

599

600 } // namespace

601

602 crypto::ScopedEVP_PKEY FetchClientCertPrivateKey(

603 const X509Certificate* certificate) {

604 PCCERT_CONTEXT cert_context = certificate->os_cert_handle();

605

606 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0;

607 DWORD key_spec = 0;

608 BOOL must_free = FALSE;

609 DWORD flags = 0;

610 if (base::win::GetVersion() >= base::win::VERSION_VISTA)

611 flags \|= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;

612

613 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr,

614 &crypt_prov, &key_spec, &must_free)) {

615 PLOG(WARNING) << "Could not acquire private key";

616 return nullptr;

617 }

618

619 // Should never get a cached handle back - ownership must always be

620 // transferred.

621 CHECK_EQ(must_free, TRUE);

622 ScopedCERT_KEY_CONTEXT key(new CERT_KEY_CONTEXT);

623 key->dwKeySpec = key_spec;

624 key->hCryptProv = crypt_prov;

625

626 // Rather than query the private key for metadata, extract the public key from

627 // the certificate without using Windows APIs. CAPI and CNG do not

628 // consistently work depending on the system. See https://crbug.com/468345.

629 int key_type;

630 size_t key_length;

631 if (!GetKeyInfo(certificate, &key_type, &key_length))

632 return nullptr;

633

634 switch (key_type) {

635 case EVP_PKEY_RSA:

636 return CreateRSAWrapper(key.Pass(), key_length);

637 case EVP_PKEY_EC:

638 return CreateECDSAWrapper(key.Pass(), key_length);

639 default:

640 return nullptr;

641 }

642 }

643

644 } // namespace net

OLD	NEW

« no previous file with comments | « net/ssl/openssl_platform_key_nss.cc ('k') | net/ssl/ssl_platform_key.h » ('j') | no next file with comments »