Implement chrome.platformKeys.getKeyPair().

chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/platform_keys/platform_keys.h"
 
+#include <cert.h>
 #include <cryptohi.h>
+#include <keyhi.h>
+#include <secder.h>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/single_thread_task_runner.h"
+#include "base/stl_util.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/threading/worker_pool.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_process_platform_part_chromeos.h"
 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api.h"
 #include "chrome/browser/net/nss_context.h"
 #include "chrome/browser/profiles/profile.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "crypto/rsa_private_key.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_database.h"
 #include "net/cert/nss_cert_database.h"
 #include "net/cert/x509_certificate.h"
+#include "net/cert/x509_util_nss.h"
 #include "net/ssl/client_cert_store_chromeos.h"
 #include "net/ssl/ssl_cert_request_info.h"
 
 using content::BrowserContext;
 using content::BrowserThread;
 
 namespace {
 const char kErrorInternal[] = "Internal Error.";
 const char kErrorKeyNotFound[] = "Key not found.";
 const char kErrorCertificateNotFound[] = "Certificate could not be found.";
@@ skipping 115 matching lines @@
         from, base::Bind(callback_, public_key_spki_der, error_message));
   }
 
   const unsigned int modulus_length_bits_;
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   subtle::GenerateKeyCallback callback_;
 };
 
-class SignState : public NSSOperationState {
+class SignRSAState : public NSSOperationState {
  public:
-  SignState(const std::string& public_key,
-            HashAlgorithm hash_algorithm,
-            const std::string& data,
-            const subtle::SignCallback& callback);
-  ~SignState() override {}
+  SignRSAState(const std::string& data,
+               const std::string& public_key,
+               bool sign_direct_pkcs_padded,
+               HashAlgorithm hash_algorithm,
+               const subtle::SignCallback& callback);
+  ~SignRSAState() override {}
 
   void OnError(const tracked_objects::Location& from,
                const std::string& error_message) override {
     CallBack(from, std::string() /* no signature */, error_message);
   }
 
   void CallBack(const tracked_objects::Location& from,
                 const std::string& signature,
                 const std::string& error_message) {
     origin_task_runner_->PostTask(
         from, base::Bind(callback_, signature, error_message));
   }
 
+  // The data that will be signed.
+  const std::string data_;
+
+  // Must be the DER encoding of a SubjectPublicKeyInfo.
   const std::string public_key_;
-  HashAlgorithm hash_algorithm_;
-  const std::string data_;
+
+  // If true, |data_| will not be hashed before signing. Only PKCS#1 v1.5
+  // padding will be applied before signing.
+  // If false, |hash_algorithm_| must be set to a value != NONE.
+  const bool sign_direct_pkcs_padded_;
+
+  // Determines the hash algorithm that is used to digest |data| before signing.
+  // Ignored if |sign_direct_pkcs_padded_| is true.
+  const HashAlgorithm hash_algorithm_;
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   subtle::SignCallback callback_;
 };
 
 class SelectCertificatesState : public NSSOperationState {
  public:
   explicit SelectCertificatesState(
       const std::string& username_hash,
       const bool use_system_key_slot,
-      scoped_refptr<net::SSLCertRequestInfo> request,
+      const scoped_refptr<net::SSLCertRequestInfo>& request,
       const subtle::SelectCertificatesCallback& callback);
   ~SelectCertificatesState() override {}
 
   void OnError(const tracked_objects::Location& from,
                const std::string& error_message) override {
     CallBack(from, scoped_ptr<net::CertificateList>() /* no matches */,
              error_message);
   }
 
   void CallBack(const tracked_objects::Location& from,
@@ skipping 35 matching lines @@
 
   scoped_ptr<net::CertificateList> certs_;
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   GetCertificatesCallback callback_;
 };
 
 class ImportCertificateState : public NSSOperationState {
  public:
-  ImportCertificateState(scoped_refptr<net::X509Certificate> certificate,
+  ImportCertificateState(const scoped_refptr<net::X509Certificate>& certificate,
                          const ImportCertificateCallback& callback);
   ~ImportCertificateState() override {}
 
   void OnError(const tracked_objects::Location& from,
                const std::string& error_message) override {
     CallBack(from, error_message);
   }
 
   void CallBack(const tracked_objects::Location& from,
                 const std::string& error_message) {
     origin_task_runner_->PostTask(from, base::Bind(callback_, error_message));
   }
 
   scoped_refptr<net::X509Certificate> certificate_;
 
  private:
   // Must be called on origin thread, therefore use CallBack().
   ImportCertificateCallback callback_;
 };
 
 class RemoveCertificateState : public NSSOperationState {
  public:
-  RemoveCertificateState(scoped_refptr<net::X509Certificate> certificate,
+  RemoveCertificateState(const scoped_refptr<net::X509Certificate>& certificate,
                          const RemoveCertificateCallback& callback);
   ~RemoveCertificateState() override {}
 
   void OnError(const tracked_objects::Location& from,
                const std::string& error_message) override {
     CallBack(from, error_message);
   }
 
   void CallBack(const tracked_objects::Location& from,
                 const std::string& error_message) {
@@ skipping 34 matching lines @@
 NSSOperationState::NSSOperationState()
     : origin_task_runner_(base::ThreadTaskRunnerHandle::Get()) {
 }
 
 GenerateRSAKeyState::GenerateRSAKeyState(
     unsigned int modulus_length_bits,
     const subtle::GenerateKeyCallback& callback)
     : modulus_length_bits_(modulus_length_bits), callback_(callback) {
 }
 
-SignState::SignState(const std::string& public_key,
-                     HashAlgorithm hash_algorithm,
-                     const std::string& data,
-                     const subtle::SignCallback& callback)
-    : public_key_(public_key),
+SignRSAState::SignRSAState(const std::string& data,
+                           const std::string& public_key,
+                           bool sign_direct_pkcs_padded,
+                           HashAlgorithm hash_algorithm,
+                           const subtle::SignCallback& callback)
+    : data_(data),
+      public_key_(public_key),
+      sign_direct_pkcs_padded_(sign_direct_pkcs_padded),
       hash_algorithm_(hash_algorithm),
-      data_(data),
       callback_(callback) {
 }
 
 SelectCertificatesState::SelectCertificatesState(
     const std::string& username_hash,
     const bool use_system_key_slot,
-    scoped_refptr<net::SSLCertRequestInfo> cert_request_info,
+    const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info,
     const subtle::SelectCertificatesCallback& callback)
     : username_hash_(username_hash),
       use_system_key_slot_(use_system_key_slot),
       cert_request_info_(cert_request_info),
       callback_(callback) {
 }
 
 GetCertificatesState::GetCertificatesState(
     const GetCertificatesCallback& callback)
     : callback_(callback) {
 }
 
 ImportCertificateState::ImportCertificateState(
-    scoped_refptr<net::X509Certificate> certificate,
+    const scoped_refptr<net::X509Certificate>& certificate,
     const ImportCertificateCallback& callback)
     : certificate_(certificate), callback_(callback) {
 }
 
 RemoveCertificateState::RemoveCertificateState(
-    scoped_refptr<net::X509Certificate> certificate,
+    const scoped_refptr<net::X509Certificate>& certificate,
     const RemoveCertificateCallback& callback)
     : certificate_(certificate), callback_(callback) {
 }
 
 GetTokensState::GetTokensState(const GetTokensCallback& callback)
     : callback_(callback) {
 }
 
 // Does the actual key generation on a worker thread. Used by
 // GenerateRSAKeyWithDB().
@@ skipping 25 matching lines @@
 void GenerateRSAKeyWithDB(scoped_ptr<GenerateRSAKeyState> state,
                           net::NSSCertDatabase* cert_db) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|.
   base::WorkerPool::PostTask(
       FROM_HERE,
       base::Bind(&GenerateRSAKeyOnWorkerThread, base::Passed(&state)),
       true /*task is slow*/);
 }
 
-// Does the actual signing on a worker thread. Used by RSASignWithDB().
-void RSASignOnWorkerThread(scoped_ptr<SignState> state) {
+// Does the actual signing on a worker thread. Used by SignRSAWithDB().
+void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) {
   const uint8* public_key_uint8 =
       reinterpret_cast<const uint8*>(state->public_key_.data());
   std::vector<uint8> public_key_vector(
       public_key_uint8, public_key_uint8 + state->public_key_.size());
 
   // TODO(pneubeck): This searches all slots. Change to look only at |slot_|.
   scoped_ptr<crypto::RSAPrivateKey> rsa_key(
       crypto::RSAPrivateKey::FindFromPublicKeyInfo(public_key_vector));
-  if (!rsa_key || rsa_key->key()->pkcs11Slot != state->slot_) {
+
+  // Fail if the key was not found. If a specific slot was requested, also fail
+  // if the key was found in the wrong slot.
+  if (!rsa_key ||
+      (state->slot_ && rsa_key->key()->pkcs11Slot != state->slot_)) {
     state->OnError(FROM_HERE, kErrorKeyNotFound);
     return;
   }
 
-  SECOidTag sign_alg_tag = SEC_OID_UNKNOWN;
-  switch (state->hash_algorithm_) {
-    case HASH_ALGORITHM_SHA1:
-      sign_alg_tag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
-      break;
-    case HASH_ALGORITHM_SHA256:
-      sign_alg_tag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
-      break;
-    case HASH_ALGORITHM_SHA384:
-      sign_alg_tag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
-      break;
-    case HASH_ALGORITHM_SHA512:
-      sign_alg_tag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
-      break;
+  std::vector<unsigned char> data_vec(state->data_.begin(), state->data_.end());
+  std::string signature_str;
+  if (state->sign_direct_pkcs_padded_) {
+    SECItem input = {siBuffer, vector_as_array(&data_vec), data_vec.size()};

[Ryan Sleevi, 2015/02/10 21:25:28]

It doesn't seem necessary to make the copy of |data_vec|. Why can't you just

reinterpret_cast<unsigned char*>(const_cast<char*>(state->data_.data()))

While more typing, this does feel more idiomatic with our crypto code.

(The const vs non-const is an artifact of NSS's ABI limitations. WE can make
PK11_Sign take a "const SECItem", but it still means the .data pointer of the
secitem is non-const, even if the data isn't mutated)

[pneubeck (no reviews), 2015/02/11 14:37:05]

Done.

+
+    // Compute signature of hash.
+    int signature_len = PK11_SignatureLen(rsa_key->key());
+    if (signature_len <= 0) {
+      state->OnError(FROM_HERE, kErrorInternal);
+      return;
+    }
+
+    std::vector<unsigned char> signature(signature_len);
+    SECItem signature_output = {
+        siBuffer, vector_as_array(&signature), signature.size()};
+    if (PK11_Sign(rsa_key->key(), &signature_output, &input) == SECSuccess)
+      signature_str.assign(signature.begin(), signature.end());
+  } else {
+    SECOidTag sign_alg_tag = SEC_OID_UNKNOWN;
+    switch (state->hash_algorithm_) {
+      case HASH_ALGORITHM_SHA1:
+        sign_alg_tag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+        break;
+      case HASH_ALGORITHM_SHA256:
+        sign_alg_tag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
+        break;
+      case HASH_ALGORITHM_SHA384:
+        sign_alg_tag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
+        break;
+      case HASH_ALGORITHM_SHA512:
+        sign_alg_tag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
+        break;
+      case HASH_ALGORITHM_NONE:
+        NOTREACHED();
+        break;
+    }
+
+    SECItem sign_result = {siBuffer, nullptr, 0};
+    if (SEC_SignData(&sign_result, vector_as_array(&data_vec), data_vec.size(),
+                     rsa_key->key(), sign_alg_tag) == SECSuccess) {
+      signature_str.assign(sign_result.data,
+                           sign_result.data + sign_result.len);
+    }
   }
 
-  crypto::ScopedSECItem sign_result(SECITEM_AllocItem(NULL, NULL, 0));
-  if (SEC_SignData(sign_result.get(),
-                   reinterpret_cast<const unsigned char*>(state->data_.data()),
-                   state->data_.size(),
-                   rsa_key->key(),
-                   sign_alg_tag) != SECSuccess) {
+  if (signature_str.empty()) {
     LOG(ERROR) << "Couldn't sign.";
     state->OnError(FROM_HERE, kErrorInternal);
     return;
   }
 
-  std::string signature(reinterpret_cast<const char*>(sign_result->data),
-                        sign_result->len);
-  state->CallBack(FROM_HERE, signature, std::string() /* no error */);
+  state->CallBack(FROM_HERE, signature_str, std::string() /* no error */);
 }
 
 // Continues signing with the obtained NSSCertDatabase. Used by Sign().
-void RSASignWithDB(scoped_ptr<SignState> state, net::NSSCertDatabase* cert_db) {
+void SignRSAWithDB(scoped_ptr<SignRSAState> state,
+                   net::NSSCertDatabase* cert_db) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   // Only the slot and not the NSSCertDatabase is required. Ignore |cert_db|.
   base::WorkerPool::PostTask(
-      FROM_HERE,
-      base::Bind(&RSASignOnWorkerThread, base::Passed(&state)),
+      FROM_HERE, base::Bind(&SignRSAOnWorkerThread, base::Passed(&state)),
       true /*task is slow*/);
 }
 
 // Called when ClientCertStoreChromeOS::GetClientCerts is done. Builds the list
 // of net::CertificateList and calls back. Used by
 // SelectCertificatesOnIOThread().
 void DidSelectCertificatesOnIOThread(
     scoped_ptr<SelectCertificatesState> state) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   state->CallBack(FROM_HERE, state->certs_.Pass(),
@@ skipping 166 matching lines @@
   }
 
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(token_id,
                   base::Bind(&GenerateRSAKeyWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
-void Sign(const std::string& token_id,
-          const std::string& public_key,
-          HashAlgorithm hash_algorithm,
-          const std::string& data,
-          const SignCallback& callback,
-          BrowserContext* browser_context) {
+void SignRSAPKCS1Digest(const std::string& token_id,
+                        const std::string& data,
+                        const std::string& public_key,
+                        HashAlgorithm hash_algorithm,
+                        const SignCallback& callback,
+                        content::BrowserContext* browser_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  scoped_ptr<SignState> state(
-      new SignState(public_key, hash_algorithm, data, callback));
+  scoped_ptr<SignRSAState> state(
+      new SignRSAState(data, public_key, false /* digest before signing */,
+                       hash_algorithm, callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
 
   // The NSSCertDatabase object is not required. But in case it's not available
   // we would get more informative error messages and we can double check that
   // we use a key of the correct token.
-  GetCertDatabase(token_id,
-                  base::Bind(&RSASignWithDB, base::Passed(&state)),
-                  browser_context,
-                  state_ptr);
+  GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)),
+                  browser_context, state_ptr);
+}
+
+void SignRSAPKCS1Raw(const std::string& token_id,
+                     const std::string& data,
+                     const std::string& public_key,
+                     const SignCallback& callback,
+                     content::BrowserContext* browser_context) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  scoped_ptr<SignRSAState> state(new SignRSAState(
+      data, public_key, true /* sign directly without hashing */,
+      HASH_ALGORITHM_NONE, callback));
+  // Get the pointer to |state| before base::Passed releases |state|.
+  NSSOperationState* state_ptr = state.get();
+
+  // The NSSCertDatabase object is not required. But in case it's not available
+  // we would get more informative error messages and we can double check that
+  // we use a key of the correct token.
+  GetCertDatabase(token_id, base::Bind(&SignRSAWithDB, base::Passed(&state)),
+                  browser_context, state_ptr);
 }
 
 void SelectClientCertificates(const ClientCertificateRequest& request,
                               const SelectCertificatesCallback& callback,
                               content::BrowserContext* browser_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   scoped_refptr<net::SSLCertRequestInfo> cert_request_info(
       new net::SSLCertRequestInfo);
   cert_request_info->cert_key_types = request.certificate_key_types;
@@ skipping 12 matching lines @@
   scoped_ptr<SelectCertificatesState> state(new SelectCertificatesState(
       user->username_hash(), use_system_key_slot, cert_request_info, callback));
 
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&SelectCertificatesOnIOThread, base::Passed(&state)));
 }
 
 }  // namespace subtle
 
+bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate,

[Ryan Sleevi, 2015/02/10 21:25:28]

API: Don't make the three output parameters optional.

First, it creates a situation where all three parameters may be nullptr, which
is a little weird, because it means you did all this work for nothing.

Second, it doesn't seem like you're saving any significant amount of copying
(even the SPKI copy is lightweight) to be worth omitting it.

[pneubeck (no reviews), 2015/02/11 14:37:04]

Done.

+                  std::string* out_public_key_spki_der,
+                  net::X509Certificate::PublicKeyType* out_key_type,
+                  size_t* out_key_size_bits) {
+  const SECItem& spki_der = certificate->os_cert_handle()->derPublicKey;
+
+  net::X509Certificate::PublicKeyType key_type;
+  size_t key_size_bits = 0;
+  net::X509Certificate::GetPublicKeyInfo(certificate->os_cert_handle(),
+                                         &key_size_bits, &key_type);
+
+  if (key_type == net::X509Certificate::kPublicKeyTypeUnknown) {
+    LOG(WARNING) << "Could not extract public key of certificate.";
+    return false;
+  }
+  if (key_type == net::X509Certificate::kPublicKeyTypeRSA) {

[Ryan Sleevi, 2015/02/10 21:25:28]

And what about ECC keys? Should they be rejected with "return false"?

[pneubeck (no reviews), 2015/02/11 14:37:04]

I didn't see need for that here, as the caller of this function can itself
decide that on the value of |key_type|.

As it doesn't matter for now and simplifies this function, rejecting ECC keys.

Done.

+    crypto::ScopedSECKEYPublicKey public_key(
+        CERT_ExtractPublicKey(certificate->os_cert_handle()));
+    if (!public_key) {
+      LOG(WARNING) << "Could not extract public key of certificate.";
+      return false;
+    }
+    long public_exponent = DER_GetInteger(&public_key->u.rsa.publicExponent);
+    if (public_exponent != 65537L) {
+      LOG(ERROR) << "Rejecting RSA public exponent that is unequal 65537.";
+      return false;
+    }
+  }
+
+  if (out_public_key_spki_der) {
+    out_public_key_spki_der->assign(spki_der.data,
+                                    spki_der.data + spki_der.len);
+  }
+  if (out_key_type)
+    *out_key_type = key_type;
+  if (out_key_size_bits)
+    *out_key_size_bits = key_size_bits;
+
+  return true;
+}
+
 void GetCertificates(const std::string& token_id,
                      const GetCertificatesCallback& callback,
                      BrowserContext* browser_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   scoped_ptr<GetCertificatesState> state(new GetCertificatesState(callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(token_id,
                   base::Bind(&GetCertificatesWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 void ImportCertificate(const std::string& token_id,
-                       scoped_refptr<net::X509Certificate> certificate,
+                       const scoped_refptr<net::X509Certificate>& certificate,
                        const ImportCertificateCallback& callback,
                        BrowserContext* browser_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   scoped_ptr<ImportCertificateState> state(
       new ImportCertificateState(certificate, callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
 
   // The NSSCertDatabase object is not required. But in case it's not available
   // we would get more informative error messages and we can double check that
   // we use a key of the correct token.
   GetCertDatabase(token_id,
                   base::Bind(&ImportCertificateWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 void RemoveCertificate(const std::string& token_id,
-                       scoped_refptr<net::X509Certificate> certificate,
+                       const scoped_refptr<net::X509Certificate>& certificate,
                        const RemoveCertificateCallback& callback,
                        BrowserContext* browser_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   scoped_ptr<RemoveCertificateState> state(
       new RemoveCertificateState(certificate, callback));
   // Get the pointer to |state| before base::Passed releases |state|.
   NSSOperationState* state_ptr = state.get();
 
   // The NSSCertDatabase object is not required. But in case it's not available
   // we would get more informative error messages.
@@ skipping 11 matching lines @@
   NSSOperationState* state_ptr = state.get();
   GetCertDatabase(std::string() /* don't get any specific slot */,
                   base::Bind(&GetTokensWithDB, base::Passed(&state)),
                   browser_context,
                   state_ptr);
 }
 
 }  // namespace platform_keys
 
 }  // namespace chromeos