Implement chrome.platformKeys.getKeyPair().

chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/platform_keys/platform_keys.h"
 
+#include <cert.h>
 #include <cryptohi.h>
+#include <keyhi.h>
+#include <secder.h>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/single_thread_task_runner.h"
+#include "base/stl_util.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_process_platform_part_chromeos.h"
 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h"
 #include "chrome/browser/net/nss_context.h"
 #include "chrome/browser/profiles/profile.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "crypto/rsa_private_key.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_database.h"
 #include "net/cert/nss_cert_database.h"
 #include "net/cert/x509_certificate.h"
+#include "net/cert/x509_util_nss.h"
 #include "net/ssl/client_cert_store_chromeos.h"
 #include "net/ssl/ssl_cert_request_info.h"
 
 using content::BrowserContext;
 using content::BrowserThread;
 
 namespace {
 const char kErrorInternal[] = "Internal Error.";
 const char kErrorKeyNotFound[] = "Key not found.";
 const char kErrorCertificateNotFound[] = "Certificate could not be found.";
@@ skipping 115 matching lines @@
         from, base::Bind(callback_, public_key_spki_der, error_message));
   }
 
   const unsigned int modulus_length_bits_;
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   subtle::GenerateKeyCallback callback_;
 };
 
-class SignState : public NSSOperationState {
+class SignRSAState : public NSSOperationState {
  public:
-  SignState(const std::string& public_key,
-            HashAlgorithm hash_algorithm,
-            const std::string& data,
-            const subtle::SignCallback& callback);
-  ~SignState() override {}
+  SignRSAState(scoped_ptr<SignRSAParams> params,
+               const subtle::SignCallback& callback);
+  ~SignRSAState() override {}
 
   void OnError(const tracked_objects::Location& from,
                const std::string& error_message) override {
     CallBack(from, std::string() /* no signature */, error_message);
   }
 
   void CallBack(const tracked_objects::Location& from,
                 const std::string& signature,
                 const std::string& error_message) {
     origin_task_runner_->PostTask(
         from, base::Bind(callback_, signature, error_message));
   }
 
-  const std::string public_key_;
-  HashAlgorithm hash_algorithm_;
-  const std::string data_;
+  scoped_ptr<SignRSAParams> params_;
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   subtle::SignCallback callback_;
 };
 
 class SelectCertificatesState : public NSSOperationState {
  public:
   explicit SelectCertificatesState(
       const std::string& username_hash,
@@ skipping 125 matching lines @@
 NSSOperationState::NSSOperationState()
     : origin_task_runner_(base::ThreadTaskRunnerHandle::Get()) {
 }
 
 GenerateRSAKeyState::GenerateRSAKeyState(
     unsigned int modulus_length_bits,
     const subtle::GenerateKeyCallback& callback)
     : modulus_length_bits_(modulus_length_bits), callback_(callback) {
 }
 
-SignState::SignState(const std::string& public_key,
-                     HashAlgorithm hash_algorithm,
-                     const std::string& data,
-                     const subtle::SignCallback& callback)
-    : public_key_(public_key),
-      hash_algorithm_(hash_algorithm),
-      data_(data),
-      callback_(callback) {
+SignRSAState::SignRSAState(scoped_ptr<SignRSAParams> params,
+                           const subtle::SignCallback& callback)
+    : params_(params.Pass()), callback_(callback) {
 }
 
 SelectCertificatesState::SelectCertificatesState(
     const std::string& username_hash,
     const bool use_system_key_slot,
     scoped_refptr<net::SSLCertRequestInfo> cert_request_info,
     const subtle::SelectCertificatesCallback& callback)
     : username_hash_(username_hash),
       use_system_key_slot_(use_system_key_slot),
       cert_request_info_(cert_request_info),
@@ skipping 51 matching lines @@
 void GenerateRSAKeyWithDB(scoped_ptr<GenerateRSAKeyState> state,
                           net::NSSCertDatabase* cert_db) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|.
   base::WorkerPool::PostTask(
       FROM_HERE,
       base::Bind(&GenerateRSAKeyOnWorkerThread, base::Passed(&state)),
       true /*task is slow*/);
 }
 
-// Does the actual signing on a worker thread. Used by RSASignWithDB().
-void RSASignOnWorkerThread(scoped_ptr<SignState> state) {
+// Does the actual signing on a worker thread. Used by SignRSAWithDB().
+void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) {
+  const SignRSAParams& params = *state->params_;
   const uint8* public_key_uint8 =
-      reinterpret_cast<const uint8*>(state->public_key_.data());
+      reinterpret_cast<const uint8*>(params.public_key.data());
   std::vector<uint8> public_key_vector(
-      public_key_uint8, public_key_uint8 + state->public_key_.size());
+      public_key_uint8, public_key_uint8 + params.public_key.size());
 
   // TODO(pneubeck): This searches all slots. Change to look only at |slot_|.
   scoped_ptr<crypto::RSAPrivateKey> rsa_key(
       crypto::RSAPrivateKey::FindFromPublicKeyInfo(public_key_vector));
-  if (!rsa_key || rsa_key->key()->pkcs11Slot != state->slot_) {
+
+  // Fail if the key was not found. If a specific slot was requested, also fail
+  // if the key was found in the wrong slot.
+  if (!rsa_key ||
+      (state->slot_ && rsa_key->key()->pkcs11Slot != state->slot_)) {
     state->OnError(FROM_HERE, kErrorKeyNotFound);
     return;
   }
 
-  SECOidTag sign_alg_tag = SEC_OID_UNKNOWN;
-  switch (state->hash_algorithm_) {
-    case HASH_ALGORITHM_SHA1:
-      sign_alg_tag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
-      break;
-    case HASH_ALGORITHM_SHA256:
-      sign_alg_tag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
-      break;
-    case HASH_ALGORITHM_SHA384:
-      sign_alg_tag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
-      break;
-    case HASH_ALGORITHM_SHA512:
-      sign_alg_tag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
-      break;
+  std::vector<unsigned char> data_vec(params.data.begin(), params.data.end());
+  std::string signature_str;
+  if (params.sign_direct_pkcs_padded) {
+    SECItem input = {siBuffer, vector_as_array(&data_vec), data_vec.size()};
+
+    // Compute signature of hash.
+    int signature_len = PK11_SignatureLen(rsa_key->key());
+    if (signature_len <= 0) {
+      state->OnError(FROM_HERE, kErrorInternal);
+      return;
+    }
+
+    std::vector<unsigned char> signature(signature_len);
+    SECItem signature_output = {
+        siBuffer, vector_as_array(&signature), signature.size()};
+    if (PK11_Sign(rsa_key->key(), &signature_output, &input) == SECSuccess)
+      signature_str.assign(signature.begin(), signature.end());
+  } else {
+    SECOidTag sign_alg_tag = SEC_OID_UNKNOWN;
+    switch (params.hash_algorithm) {
+      case HASH_ALGORITHM_SHA1:
+        sign_alg_tag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+        break;
+      case HASH_ALGORITHM_SHA256:
+        sign_alg_tag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
+        break;
+      case HASH_ALGORITHM_SHA384:
+        sign_alg_tag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
+        break;
+      case HASH_ALGORITHM_SHA512:
+        sign_alg_tag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
+        break;
+      case HASH_ALGORITHM_NONE:

[Ryan Sleevi, 2015/02/07 02:09:40]

Add a default? Or are we relying on the compiler to yell at us? Are we sure it
will?

[pneubeck (no reviews), 2015/02/08 10:52:00]

yes it will.
'default' prevents the completeness check by the compiler.

+        NOTREACHED();
+        break;
+    }
+
+    SECItem sign_result = {siBuffer, nullptr, 0};
+    if (SEC_SignData(&sign_result, vector_as_array(&data_vec), data_vec.size(),
+                     rsa_key->key(), sign_alg_tag) == SECSuccess) {
+      signature_str.assign(sign_result.data,
+                           sign_result.data + sign_result.len);
+    }
   }
 
-  crypto::ScopedSECItem sign_result(SECITEM_AllocItem(NULL, NULL, 0));
-  if (SEC_SignData(sign_result.get(),
-                   reinterpret_cast<const unsigned char*>(state->data_.data()),
-                   state->data_.size(),
-                   rsa_key->key(),
-                   sign_alg_tag) != SECSuccess) {
+  if (signature_str.empty()) {
     LOG(ERROR) << "Couldn't sign.";
     state->OnError(FROM_HERE, kErrorInternal);
     return;
   }
 
-  std::string signature(reinterpret_cast<const char*>(sign_result->data),
-                        sign_result->len);
-  state->CallBack(FROM_HERE, signature, std::string() /* no error */);
+  state->CallBack(FROM_HERE, signature_str, std::string() /* no error */);
 }
 
 // Continues signing with the obtained NSSCertDatabase. Used by Sign().
-void RSASignWithDB(scoped_ptr<SignState> state, net::NSSCertDatabase* cert_db) {
+void SignRSAWithDB(scoped_ptr<SignRSAState> state,
+                   net::NSSCertDatabase* cert_db) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|.
   base::WorkerPool::PostTask(
-      FROM_HERE,
-      base::Bind(&RSASignOnWorkerThread, base::Passed(&state)),
+      FROM_HERE, base::Bind(&SignRSAOnWorkerThread, base::Passed(&state)),
       true /*task is slow*/);
 }
 
 // Called when ClientCertStoreChromeOS::GetClientCerts is done. Builds the list
 // of net::CertificateList and calls back. Used by
 // SelectCertificatesOnIOThread().
 void DidSelectCertificatesOnIOThread(
     scoped_ptr<SelectCertificatesState> state) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   state->CallBack(FROM_HERE, state->certs_.Pass(),
@@ skipping 166 matching lines @@
   }
 
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(token_id,
                   base::Bind(&GenerateRSAKeyWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
-void Sign(const std::string& token_id,
-          const std::string& public_key,
-          HashAlgorithm hash_algorithm,
-          const std::string& data,
-          const SignCallback& callback,
-          BrowserContext* browser_context) {
+void SignRSA(const std::string& token_id,
+             scoped_ptr<SignRSAParams> params,
+             const SignCallback& callback,
+             BrowserContext* browser_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  scoped_ptr<SignState> state(
-      new SignState(public_key, hash_algorithm, data, callback));
+  scoped_ptr<SignRSAState> state(new SignRSAState(params.Pass(), callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
 
   // The NSSCertDatabase object is not required. But in case it's not available
   // we would get more informative error messages and we can double check that
   // we use a key of the correct token.
-  GetCertDatabase(token_id,
-                  base::Bind(&RSASignWithDB, base::Passed(&state)),
-                  browser_context,
-                  state_ptr);
+  GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)),
+                  browser_context, state_ptr);
 }
 
 void SelectClientCertificates(const ClientCertificateRequest& request,
                               const SelectCertificatesCallback& callback,
                               content::BrowserContext* browser_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   scoped_refptr<net::SSLCertRequestInfo> cert_request_info(
       new net::SSLCertRequestInfo);
   cert_request_info->cert_key_types = request.certificate_key_types;
@@ skipping 12 matching lines @@
   scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState(
       user->username_hash(), use_system_key_slot, cert_request_info, callback));
 
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state)));
 }
 
 }  // namespace subtle
 
+bool GetPublicKey(scoped_refptr<net::X509Certificate> certificate,
+                  SubjectPublicKeyInfo* info) {
+  const SECItem& spki_der = certificate->os_cert_handle()->derPublicKey;
+
+  *info = SubjectPublicKeyInfo();
+  info->public_key_spki_der.assign(spki_der.data, spki_der.data + spki_der.len);
+
+  net::X509Certificate::GetPublicKeyInfo(certificate->os_cert_handle(),
+                                         &info->key_size_bits, &info->key_type);
+
+  if (info->key_type == net::X509Certificate::kPublicKeyTypeUnknown) {
+    LOG(WARNING) << "Could not extract public key of certificate.";
+    return false;
+  }
+  if (info->key_type == net::X509Certificate::kPublicKeyTypeRSA) {
+    // TODO(pneubeck): Verify that the public exponent equals 65537.
+
+    crypto::ScopedSECKEYPublicKey public_key(
+        CERT_ExtractPublicKey(certificate->os_cert_handle()));
+    if (!public_key) {
+      LOG(WARNING) << "Could not extract public key of certificate.";
+      return false;
+    }
+    long public_exponent = DER_GetInteger(&public_key->u.rsa.publicExponent);
+    if (public_exponent != 65537L) {
+      LOG(ERROR) << "Rejecting RSA public exponent that is unequal 65537.";
+      return false;
+    }
+  }
+  return true;
+}
+
 void GetCertificates(const std::string& token_id,
                      const GetCertificatesCallback& callback,
                      BrowserContext* browser_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   scoped_ptr<GetCertificatesState> state(new GetCertificatesState(callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(token_id,
                   base::Bind(&GetCertificatesWithDB, base::Passed(&state)),
                   browser_context,
@@ skipping 45 matching lines @@
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(std::string() /* don't get any specific slot */,
                   base::Bind(&GetTokensWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 }  // namespace platform_keys
 
 }  // namespace chromeos