• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2021 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include <vector>
6 
7 #include "base/check.h"
8 #include "crypto/scoped_mock_unexportable_key_provider.h"
9 #include "crypto/sha2.h"
10 #include "crypto/signature_verifier.h"
11 #include "crypto/unexportable_key.h"
12 #include "third_party/boringssl/src/include/openssl/bytestring.h"
13 #include "third_party/boringssl/src/include/openssl/ec.h"
14 #include "third_party/boringssl/src/include/openssl/ec_key.h"
15 #include "third_party/boringssl/src/include/openssl/ecdsa.h"
16 #include "third_party/boringssl/src/include/openssl/evp.h"
17 #include "third_party/boringssl/src/include/openssl/obj.h"
18 
19 namespace crypto {
20 
21 namespace {
22 
CBBToVector(const CBB * cbb)23 std::vector<uint8_t> CBBToVector(const CBB* cbb) {
24   return std::vector<uint8_t>(CBB_data(cbb), CBB_data(cbb) + CBB_len(cbb));
25 }
26 
27 class SoftwareECDSA : public UnexportableSigningKey {
28  public:
SoftwareECDSA(bssl::UniquePtr<EC_KEY> key)29   explicit SoftwareECDSA(bssl::UniquePtr<EC_KEY> key) : key_(std::move(key)) {}
30   ~SoftwareECDSA() override = default;
31 
Algorithm() const32   SignatureVerifier::SignatureAlgorithm Algorithm() const override {
33     return SignatureVerifier::SignatureAlgorithm::ECDSA_SHA256;
34   }
35 
GetSubjectPublicKeyInfo() const36   std::vector<uint8_t> GetSubjectPublicKeyInfo() const override {
37     bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
38     CHECK(EVP_PKEY_set1_EC_KEY(pkey.get(), key_.get()));
39 
40     bssl::ScopedCBB cbb;
41     CHECK(CBB_init(cbb.get(), /*initial_capacity=*/128) &&
42           EVP_marshal_public_key(cbb.get(), pkey.get()));
43     return CBBToVector(cbb.get());
44   }
45 
GetWrappedKey() const46   std::vector<uint8_t> GetWrappedKey() const override {
47     bssl::ScopedCBB cbb;
48     CHECK(
49         CBB_init(cbb.get(), /*initial_capacity=*/128) &&
50         EC_KEY_marshal_private_key(cbb.get(), key_.get(),
51                                    EC_PKEY_NO_PARAMETERS | EC_PKEY_NO_PUBKEY));
52     return CBBToVector(cbb.get());
53   }
54 
SignSlowly(base::span<const uint8_t> data)55   absl::optional<std::vector<uint8_t>> SignSlowly(
56       base::span<const uint8_t> data) override {
57     std::vector<uint8_t> ret(ECDSA_size(key_.get()));
58     std::array<uint8_t, kSHA256Length> digest = SHA256Hash(data);
59     unsigned int ret_size;
60     CHECK(ECDSA_sign(0, digest.data(), digest.size(), ret.data(), &ret_size,
61                      key_.get()));
62     ret.resize(ret_size);
63     return ret;
64   }
65 
66  private:
67   bssl::UniquePtr<EC_KEY> key_;
68 };
69 
70 class SoftwareProvider : public UnexportableKeyProvider {
71  public:
72   ~SoftwareProvider() override = default;
73 
SelectAlgorithm(base::span<const SignatureVerifier::SignatureAlgorithm> acceptable_algorithms)74   absl::optional<SignatureVerifier::SignatureAlgorithm> SelectAlgorithm(
75       base::span<const SignatureVerifier::SignatureAlgorithm>
76           acceptable_algorithms) override {
77     for (auto algo : acceptable_algorithms) {
78       if (algo == SignatureVerifier::SignatureAlgorithm::ECDSA_SHA256) {
79         return algo;
80       }
81     }
82 
83     return absl::nullopt;
84   }
85 
GenerateSigningKeySlowly(base::span<const SignatureVerifier::SignatureAlgorithm> acceptable_algorithms)86   std::unique_ptr<UnexportableSigningKey> GenerateSigningKeySlowly(
87       base::span<const SignatureVerifier::SignatureAlgorithm>
88           acceptable_algorithms) override {
89     if (!SelectAlgorithm(acceptable_algorithms)) {
90       return nullptr;
91     }
92 
93     bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
94     CHECK(EC_KEY_generate_key(key.get()));
95 
96     return std::make_unique<SoftwareECDSA>(std::move(key));
97   }
98 
FromWrappedSigningKeySlowly(base::span<const uint8_t> wrapped_key)99   std::unique_ptr<UnexportableSigningKey> FromWrappedSigningKeySlowly(
100       base::span<const uint8_t> wrapped_key) override {
101     bssl::UniquePtr<EC_GROUP> p256(
102         EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
103     CBS cbs;
104     CBS_init(&cbs, wrapped_key.data(), wrapped_key.size());
105     bssl::UniquePtr<EC_KEY> key(EC_KEY_parse_private_key(&cbs, p256.get()));
106     if (!key || CBS_len(&cbs) != 0) {
107       return nullptr;
108     }
109     return std::make_unique<SoftwareECDSA>(std::move(key));
110   }
111 };
112 
GetUnexportableKeyProviderMock()113 std::unique_ptr<UnexportableKeyProvider> GetUnexportableKeyProviderMock() {
114   return std::make_unique<SoftwareProvider>();
115 }
116 
GetUnexportableKeyProviderNull()117 std::unique_ptr<UnexportableKeyProvider> GetUnexportableKeyProviderNull() {
118   return nullptr;
119 }
120 
121 }  // namespace
122 
ScopedMockUnexportableKeyProvider()123 ScopedMockUnexportableKeyProvider::ScopedMockUnexportableKeyProvider() {
124   internal::SetUnexportableKeyProviderForTesting(
125       GetUnexportableKeyProviderMock);
126 }
127 
~ScopedMockUnexportableKeyProvider()128 ScopedMockUnexportableKeyProvider::~ScopedMockUnexportableKeyProvider() {
129   internal::SetUnexportableKeyProviderForTesting(nullptr);
130 }
131 
ScopedNullUnexportableKeyProvider()132 ScopedNullUnexportableKeyProvider::ScopedNullUnexportableKeyProvider() {
133   internal::SetUnexportableKeyProviderForTesting(
134       GetUnexportableKeyProviderNull);
135 }
136 
~ScopedNullUnexportableKeyProvider()137 ScopedNullUnexportableKeyProvider::~ScopedNullUnexportableKeyProvider() {
138   internal::SetUnexportableKeyProviderForTesting(nullptr);
139 }
140 
141 }  // namespace crypto
142