| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_platform_key_android.h" | 5 #include "net/ssl/ssl_platform_key_android.h" |
| 6 | 6 |
| 7 #include <strings.h> | 7 #include <strings.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <utility> | 10 #include <utility> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/android/build_info.h" | 13 #include "base/android/build_info.h" |
| 14 #include "base/android/scoped_java_ref.h" | 14 #include "base/android/scoped_java_ref.h" |
| 15 #include "base/lazy_instance.h" | 15 #include "base/lazy_instance.h" |
| 16 #include "base/logging.h" | 16 #include "base/logging.h" |
| 17 #include "base/macros.h" | 17 #include "base/macros.h" |
| 18 #include "base/memory/ptr_util.h" | 18 #include "base/memory/ptr_util.h" |
| 19 #include "net/android/keystore.h" | 19 #include "net/android/keystore.h" |
| 20 #include "net/android/legacy_openssl.h" | 20 #include "net/android/legacy_openssl.h" |
| 21 #include "net/base/net_errors.h" | 21 #include "net/base/net_errors.h" |
| 22 #include "net/ssl/openssl_client_key_store.h" | 22 #include "net/ssl/openssl_client_key_store.h" |
| 23 #include "net/ssl/ssl_platform_key.h" | 23 #include "net/ssl/ssl_platform_key.h" |
| 24 #include "net/ssl/ssl_platform_key_util.h" | 24 #include "net/ssl/ssl_platform_key_util.h" |
| 25 #include "net/ssl/threaded_ssl_private_key.h" | 25 #include "net/ssl/threaded_ssl_private_key.h" |
| 26 #include "third_party/boringssl/src/include/openssl/ecdsa.h" | 26 #include "third_party/boringssl/src/include/openssl/ecdsa.h" |
| 27 #include "third_party/boringssl/src/include/openssl/evp.h" |
| 27 #include "third_party/boringssl/src/include/openssl/mem.h" | 28 #include "third_party/boringssl/src/include/openssl/mem.h" |
| 28 #include "third_party/boringssl/src/include/openssl/nid.h" | 29 #include "third_party/boringssl/src/include/openssl/nid.h" |
| 29 #include "third_party/boringssl/src/include/openssl/rsa.h" | 30 #include "third_party/boringssl/src/include/openssl/rsa.h" |
| 30 | 31 |
| 31 using base::android::JavaRef; | 32 using base::android::JavaRef; |
| 32 using base::android::ScopedJavaGlobalRef; | 33 using base::android::ScopedJavaGlobalRef; |
| 33 using base::android::ScopedJavaLocalRef; | 34 using base::android::ScopedJavaLocalRef; |
| 34 | 35 |
| 35 namespace net { | 36 namespace net { |
| 36 | 37 |
| (...skipping 30 matching lines...) Expand all Loading... |
| 67 }; | 68 }; |
| 68 | 69 |
| 69 void LeakEngine(const JavaRef<jobject>& private_key) { | 70 void LeakEngine(const JavaRef<jobject>& private_key) { |
| 70 static base::LazyInstance<KeystoreEngineWorkaround>::Leaky s_instance = | 71 static base::LazyInstance<KeystoreEngineWorkaround>::Leaky s_instance = |
| 71 LAZY_INSTANCE_INITIALIZER; | 72 LAZY_INSTANCE_INITIALIZER; |
| 72 s_instance.Get().LeakEngine(private_key); | 73 s_instance.Get().LeakEngine(private_key); |
| 73 } | 74 } |
| 74 | 75 |
| 75 class SSLPlatformKeyAndroid : public ThreadedSSLPrivateKey::Delegate { | 76 class SSLPlatformKeyAndroid : public ThreadedSSLPrivateKey::Delegate { |
| 76 public: | 77 public: |
| 77 SSLPlatformKeyAndroid(SSLPrivateKey::Type type, | 78 SSLPlatformKeyAndroid(int type, |
| 78 const JavaRef<jobject>& key, | 79 const JavaRef<jobject>& key, |
| 79 size_t max_length, | 80 size_t max_length, |
| 80 android::AndroidRSA* legacy_rsa) | 81 android::AndroidRSA* legacy_rsa) |
| 81 : type_(type), max_length_(max_length), legacy_rsa_(legacy_rsa) { | 82 : type_(type), max_length_(max_length), legacy_rsa_(legacy_rsa) { |
| 82 key_.Reset(key); | 83 key_.Reset(key); |
| 83 } | 84 } |
| 84 | 85 |
| 85 ~SSLPlatformKeyAndroid() override {} | 86 ~SSLPlatformKeyAndroid() override {} |
| 86 | 87 |
| 87 SSLPrivateKey::Type GetType() override { return type_; } | |
| 88 | |
| 89 std::vector<SSLPrivateKey::Hash> GetDigestPreferences() override { | 88 std::vector<SSLPrivateKey::Hash> GetDigestPreferences() override { |
| 90 static const SSLPrivateKey::Hash kHashes[] = { | 89 static const SSLPrivateKey::Hash kHashes[] = { |
| 91 SSLPrivateKey::Hash::SHA512, SSLPrivateKey::Hash::SHA384, | 90 SSLPrivateKey::Hash::SHA512, SSLPrivateKey::Hash::SHA384, |
| 92 SSLPrivateKey::Hash::SHA256, SSLPrivateKey::Hash::SHA1}; | 91 SSLPrivateKey::Hash::SHA256, SSLPrivateKey::Hash::SHA1}; |
| 93 return std::vector<SSLPrivateKey::Hash>(kHashes, | 92 return std::vector<SSLPrivateKey::Hash>(kHashes, |
| 94 kHashes + arraysize(kHashes)); | 93 kHashes + arraysize(kHashes)); |
| 95 } | 94 } |
| 96 | 95 |
| 97 size_t GetMaxSignatureLengthInBytes() override { return max_length_; } | |
| 98 | |
| 99 Error SignDigest(SSLPrivateKey::Hash hash, | 96 Error SignDigest(SSLPrivateKey::Hash hash, |
| 100 const base::StringPiece& input_in, | 97 const base::StringPiece& input_in, |
| 101 std::vector<uint8_t>* signature) override { | 98 std::vector<uint8_t>* signature) override { |
| 102 base::StringPiece input = input_in; | 99 base::StringPiece input = input_in; |
| 103 | 100 |
| 104 // Prepend the DigestInfo for RSA. | 101 // Prepend the DigestInfo for RSA. |
| 105 bssl::UniquePtr<uint8_t> digest_info_storage; | 102 bssl::UniquePtr<uint8_t> digest_info_storage; |
| 106 if (type_ == SSLPrivateKey::Type::RSA) { | 103 if (type_ == EVP_PKEY_RSA) { |
| 107 int hash_nid = NID_undef; | 104 int hash_nid = NID_undef; |
| 108 switch (hash) { | 105 switch (hash) { |
| 109 case SSLPrivateKey::Hash::MD5_SHA1: | 106 case SSLPrivateKey::Hash::MD5_SHA1: |
| 110 hash_nid = NID_md5_sha1; | 107 hash_nid = NID_md5_sha1; |
| 111 break; | 108 break; |
| 112 case SSLPrivateKey::Hash::SHA1: | 109 case SSLPrivateKey::Hash::SHA1: |
| 113 hash_nid = NID_sha1; | 110 hash_nid = NID_sha1; |
| 114 break; | 111 break; |
| 115 case SSLPrivateKey::Hash::SHA256: | 112 case SSLPrivateKey::Hash::SHA256: |
| 116 hash_nid = NID_sha256; | 113 hash_nid = NID_sha256; |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 161 } | 158 } |
| 162 | 159 |
| 163 if (!android::RawSignDigestWithPrivateKey(key_, input, signature)) { | 160 if (!android::RawSignDigestWithPrivateKey(key_, input, signature)) { |
| 164 LOG(WARNING) << "Could not sign message with private key!"; | 161 LOG(WARNING) << "Could not sign message with private key!"; |
| 165 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; | 162 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; |
| 166 } | 163 } |
| 167 return OK; | 164 return OK; |
| 168 } | 165 } |
| 169 | 166 |
| 170 private: | 167 private: |
| 171 SSLPrivateKey::Type type_; | 168 int type_; |
| 172 ScopedJavaGlobalRef<jobject> key_; | 169 ScopedJavaGlobalRef<jobject> key_; |
| 173 size_t max_length_; | 170 size_t max_length_; |
| 174 android::AndroidRSA* legacy_rsa_; | 171 android::AndroidRSA* legacy_rsa_; |
| 175 | 172 |
| 176 DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyAndroid); | 173 DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyAndroid); |
| 177 }; | 174 }; |
| 178 | 175 |
| 179 } // namespace | 176 } // namespace |
| 180 | 177 |
| 181 scoped_refptr<SSLPrivateKey> WrapJavaPrivateKey( | 178 scoped_refptr<SSLPrivateKey> WrapJavaPrivateKey( |
| 182 const X509Certificate* certificate, | 179 const X509Certificate* certificate, |
| 183 const JavaRef<jobject>& key) { | 180 const JavaRef<jobject>& key) { |
| 184 SSLPrivateKey::Type type; | 181 int type; |
| 185 size_t max_length; | 182 size_t max_length; |
| 186 if (!GetClientCertInfo(certificate, &type, &max_length)) | 183 if (!GetClientCertInfo(certificate, &type, &max_length)) |
| 187 return nullptr; | 184 return nullptr; |
| 188 | 185 |
| 189 android::AndroidRSA* sys_rsa = nullptr; | 186 android::AndroidRSA* sys_rsa = nullptr; |
| 190 if (type == SSLPrivateKey::Type::RSA) { | 187 if (type == EVP_PKEY_RSA) { |
| 191 const int kAndroid42ApiLevel = 17; | 188 const int kAndroid42ApiLevel = 17; |
| 192 if (base::android::BuildInfo::GetInstance()->sdk_int() < | 189 if (base::android::BuildInfo::GetInstance()->sdk_int() < |
| 193 kAndroid42ApiLevel) { | 190 kAndroid42ApiLevel) { |
| 194 // Route around platform limitations: if Android < 4.2, then | 191 // Route around platform limitations: if Android < 4.2, then |
| 195 // base::android::RawSignDigestWithPrivateKey() cannot work, so try to get | 192 // base::android::RawSignDigestWithPrivateKey() cannot work, so try to get |
| 196 // the system OpenSSL's EVP_PKEY backing this PrivateKey object. | 193 // the system OpenSSL's EVP_PKEY backing this PrivateKey object. |
| 197 android::AndroidEVP_PKEY* sys_pkey = | 194 android::AndroidEVP_PKEY* sys_pkey = |
| 198 android::GetOpenSSLSystemHandleForPrivateKey(key); | 195 android::GetOpenSSLSystemHandleForPrivateKey(key); |
| 199 if (!sys_pkey) | 196 if (!sys_pkey) |
| 200 return nullptr; | 197 return nullptr; |
| (...skipping 21 matching lines...) Expand all Loading... |
| 222 GetSSLPlatformKeyTaskRunner())); | 219 GetSSLPlatformKeyTaskRunner())); |
| 223 } | 220 } |
| 224 | 221 |
| 225 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( | 222 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( |
| 226 const X509Certificate* certificate) { | 223 const X509Certificate* certificate) { |
| 227 return OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey( | 224 return OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey( |
| 228 certificate); | 225 certificate); |
| 229 } | 226 } |
| 230 | 227 |
| 231 } // namespace net | 228 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2822283002:
Remove SSLPrivateKey metadata hooks. (Closed)
