Report curve types in ECDSA SSLPrivateKeys.

net/ssl/ssl_platform_key_mac.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/ssl_platform_key.h"
 
 #include <Security/SecBase.h>
 #include <Security/SecCertificate.h>
 #include <Security/SecIdentity.h>
 #include <Security/SecKey.h>
@@ skipping 11 matching lines @@
 #include "base/mac/scoped_cftyperef.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/memory/scoped_policy.h"
 #include "base/sequenced_task_runner.h"
 #include "base/synchronization/lock.h"
 #include "crypto/mac_security_services_lock.h"
 #include "crypto/openssl_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/x509_certificate.h"
-#include "net/ssl/ssl_platform_key_task_runner.h"
+#include "net/ssl/ssl_platform_key_util.h"
 #include "net/ssl/ssl_private_key.h"
 #include "net/ssl/threaded_ssl_private_key.h"
 
 namespace net {
 
 // CSSM functions are deprecated as of OSX 10.7, but have no replacement.
 // https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
 
@@ skipping 41 matching lines @@
   if (status != noErr) {
     OSSTATUS_LOG(WARNING, status);
     return nullptr;
   }
 
   return private_key.release();
 }
 
 class SSLPlatformKeyMac : public ThreadedSSLPrivateKey::Delegate {
  public:
-  SSLPlatformKeyMac(SecKeyRef key, const CSSM_KEY* cssm_key)
-      : key_(key, base::scoped_policy::RETAIN), cssm_key_(cssm_key) {
-    DCHECK(cssm_key_->KeyHeader.AlgorithmId == CSSM_ALGID_RSA ||
-           cssm_key_->KeyHeader.AlgorithmId == CSSM_ALGID_ECDSA);
-  }
+  SSLPlatformKeyMac(SSLPrivateKey::Type type,
+                    size_t max_length,
+                    SecKeyRef key,
+                    const CSSM_KEY* cssm_key)
+      : type_(type),
+        max_length_(max_length),
+        key_(key, base::scoped_policy::RETAIN),
+        cssm_key_(cssm_key) {}
 
   ~SSLPlatformKeyMac() override {}
 
-  SSLPrivateKey::Type GetType() override {
-    if (cssm_key_->KeyHeader.AlgorithmId == CSSM_ALGID_RSA) {
-      return SSLPrivateKey::Type::RSA;
-    } else {
-      DCHECK_EQ(CSSM_ALGID_ECDSA, cssm_key_->KeyHeader.AlgorithmId);
-      return SSLPrivateKey::Type::ECDSA;
-    }
-  }
+  SSLPrivateKey::Type GetType() override { return type_; }
 
   std::vector<SSLPrivateKey::Hash> GetDigestPreferences() override {
     static const SSLPrivateKey::Hash kHashes[] = {
         SSLPrivateKey::Hash::SHA512, SSLPrivateKey::Hash::SHA384,
         SSLPrivateKey::Hash::SHA256, SSLPrivateKey::Hash::SHA1};
     return std::vector<SSLPrivateKey::Hash>(kHashes,
                                             kHashes + arraysize(kHashes));
   }
 
-  size_t GetMaxSignatureLengthInBytes() override {
-    if (cssm_key_->KeyHeader.AlgorithmId == CSSM_ALGID_RSA) {
-      return (cssm_key_->KeyHeader.LogicalKeySizeInBits + 7) / 8;
-    } else {
-      // LogicalKeySizeInBits is the size of an EC public key. But an
-      // ECDSA signature length depends on the size of the base point's
-      // order. For P-256, P-384, and P-521, these two sizes are the same.
-      return ECDSA_SIG_max_len((cssm_key_->KeyHeader.LogicalKeySizeInBits + 7) /
-                               8);
-    }
-  }
+  size_t GetMaxSignatureLengthInBytes() override { return max_length_; }
 
   Error SignDigest(SSLPrivateKey::Hash hash,
                    const base::StringPiece& input,
                    std::vector<uint8_t>* signature) override {
     crypto::OpenSSLErrStackTracer tracer(FROM_HERE);
 
     CSSM_CSP_HANDLE csp_handle;
     OSStatus status = SecKeyGetCSPHandle(key_.get(), &csp_handle);
     if (status != noErr) {
       OSSTATUS_LOG(WARNING, status);
@@ skipping 55 matching lines @@
       CSSM_CONTEXT_ATTRIBUTE blinding_attr;
       blinding_attr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING;
       blinding_attr.AttributeLength = sizeof(uint32_t);
       blinding_attr.Attribute.Uint32 = 1;
       if (CSSM_UpdateContextAttributes(cssm_signature.get(), 1,
                                        &blinding_attr) != CSSM_OK) {
         return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
       }
     }
 
-    signature->resize(GetMaxSignatureLengthInBytes());
+    signature->resize(max_length_);
     CSSM_DATA signature_data;
     signature_data.Length = signature->size();
     signature_data.Data = signature->data();
 
     if (CSSM_SignData(cssm_signature.get(), &hash_data, 1, CSSM_ALGID_NONE,
                       &signature_data) != CSSM_OK) {
       return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
     }
     signature->resize(signature_data.Length);
     return OK;
   }
 
  private:
+  SSLPrivateKey::Type type_;
+  size_t max_length_;
   base::ScopedCFTypeRef<SecKeyRef> key_;
   const CSSM_KEY* cssm_key_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyMac);
 };
 
 }  // namespace
 
 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
     X509Certificate* certificate) {
   // Look up the private key.
   base::ScopedCFTypeRef<SecKeyRef> private_key(
       FetchSecKeyRefForCertificate(certificate));
   if (!private_key)
     return nullptr;
 
   const CSSM_KEY* cssm_key;
   OSStatus status = SecKeyGetCSSMKey(private_key.get(), &cssm_key);
   if (status != noErr)
     return nullptr;
 
-  if (cssm_key->KeyHeader.AlgorithmId != CSSM_ALGID_RSA &&
-      cssm_key->KeyHeader.AlgorithmId != CSSM_ALGID_ECDSA) {
-    LOG(ERROR) << "Unknown key type: " << cssm_key->KeyHeader.AlgorithmId;
+  SSLPrivateKey::Type key_type;
+  size_t max_length;
+  if (!GetClientCertInfo(certificate, &key_type, &max_length))
     return nullptr;
-  }
+
   return make_scoped_refptr(new ThreadedSSLPrivateKey(
-      base::MakeUnique<SSLPlatformKeyMac>(private_key.get(), cssm_key),
+      base::MakeUnique<SSLPlatformKeyMac>(key_type, max_length,
+                                          private_key.get(), cssm_key),
       GetSSLPlatformKeyTaskRunner()));
 }
 
 #pragma clang diagnostic pop  // "-Wdeprecated-declarations"
 
 }  // namespace net