1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc_ios.h"
6
7 #include <CommonCrypto/CommonDigest.h>
8
9 #include "base/logging.h"
10 #include "base/mac/foundation_util.h"
11 #include "base/mac/mac_logging.h"
12 #include "base/mac/scoped_cftyperef.h"
13 #include "base/notreached.h"
14 #include "crypto/sha2.h"
15 #include "net/base/net_errors.h"
16 #include "net/cert/asn1_util.h"
17 #include "net/cert/cert_verify_result.h"
18 #include "net/cert/crl_set.h"
19 #include "net/cert/ct_serialization.h"
20 #include "net/cert/known_roots.h"
21 #include "net/cert/test_root_certs.h"
22 #include "net/cert/x509_certificate.h"
23 #include "net/cert/x509_util.h"
24 #include "net/cert/x509_util_apple.h"
25
26 using base::ScopedCFTypeRef;
27
28 namespace net {
29
30 namespace {
31
NetErrorFromOSStatus(OSStatus status)32 int NetErrorFromOSStatus(OSStatus status) {
33 switch (status) {
34 case noErr:
35 return OK;
36 case errSecNotAvailable:
37 return ERR_NOT_IMPLEMENTED;
38 case errSecAuthFailed:
39 return ERR_ACCESS_DENIED;
40 default:
41 return ERR_FAILED;
42 }
43 }
44
45 // Maps errors from OSStatus codes to CertStatus flags.
46 //
47 // The selection of errors is based off of Apple's SecPolicyChecks.list, and
48 // any unknown errors are mapped to CERT_STATUS_INVALID for safety.
CertStatusFromOSStatus(OSStatus status)49 CertStatus CertStatusFromOSStatus(OSStatus status) {
50 switch (status) {
51 case errSecHostNameMismatch:
52 return CERT_STATUS_COMMON_NAME_INVALID;
53
54 case errSecCertificateExpired:
55 case errSecCertificateNotValidYet:
56 return CERT_STATUS_DATE_INVALID;
57
58 case errSecCreateChainFailed:
59 case errSecNotTrusted:
60 // errSecVerifyActionFailed is used when CT is required
61 // and not present. The OS rejected this chain, and so mapping
62 // to CERT_STATUS_CT_COMPLIANCE_FAILED (which is informational,
63 // as policy enforcement is not handled in the CertVerifier)
64 // would cause this error to be ignored and mapped to
65 // CERT_STATUS_INVALID. Rather than do that, mark it simply as
66 // "untrusted". The CT_COMPLIANCE_FAILED bit is not set, since
67 // it's not necessarily a compliance failure with the embedder's
68 // CT policy. It's a bit of a hack, but hopefully temporary.
69 // errSecNotTrusted is somewhat similar. It applies for
70 // situations where a root isn't trusted or an intermediate
71 // isn't trusted, when a key is restricted, or when the calling
72 // application requested CT enforcement (which CertVerifier
73 // should never being doing).
74 case errSecVerifyActionFailed:
75 return CERT_STATUS_AUTHORITY_INVALID;
76
77 case errSecInvalidIDLinkage:
78 case errSecNoBasicConstraintsCA:
79 case errSecInvalidSubjectName:
80 case errSecInvalidExtendedKeyUsage:
81 case errSecInvalidKeyUsageForPolicy:
82 case errSecMissingRequiredExtension:
83 case errSecNoBasicConstraints:
84 case errSecPathLengthConstraintExceeded:
85 case errSecUnknownCertExtension:
86 case errSecUnknownCriticalExtensionFlag:
87 // errSecCertificatePolicyNotAllowed and errSecCertificateNameNotAllowed
88 // are used for certificates that violate the constraints imposed upon the
89 // issuer. Nominally this could be mapped to CERT_STATUS_AUTHORITY_INVALID,
90 // except the trustd behaviour is to treat this as a fatal
91 // (non-recoverable) error. That behavior is preserved here for consistency
92 // with Safari.
93 case errSecCertificatePolicyNotAllowed:
94 case errSecCertificateNameNotAllowed:
95 return CERT_STATUS_INVALID;
96
97 // Unfortunately, iOS's handling of weak digest algorithms and key sizes
98 // doesn't map exactly to Chrome's. errSecInvalidDigestAlgorithm and
99 // errSecUnsupportedKeySize may indicate errors that iOS considers fatal
100 // (too weak to process at all) or recoverable (too weak according to
101 // compliance policies).
102 // Further, because SecTrustEvaluateWithError only returns a single error
103 // code, a fatal error may have occurred elsewhere in the chain, so the
104 // overall result can't be used to distinguish individual certificate
105 // errors. For this complicated reason, the weak key and weak digest cases
106 // also map to CERT_STATUS_INVALID for safety.
107 case errSecInvalidDigestAlgorithm:
108 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM | CERT_STATUS_INVALID;
109 case errSecUnsupportedKeySize:
110 return CERT_STATUS_WEAK_KEY | CERT_STATUS_INVALID;
111
112 case errSecCertificateRevoked:
113 return CERT_STATUS_REVOKED;
114
115 case errSecIncompleteCertRevocationCheck:
116 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
117
118 case errSecCertificateValidityPeriodTooLong:
119 return CERT_STATUS_VALIDITY_TOO_LONG;
120
121 case errSecInvalidCertificateRef:
122 case errSecInvalidName:
123 case errSecInvalidPolicyIdentifiers:
124 return CERT_STATUS_INVALID;
125
126 // This function should only be called on errors, so should always return a
127 // CertStatus code that is considered an error. If the input is unexpectedly
128 // errSecSuccess, return CERT_STATUS_INVALID for safety.
129 case errSecSuccess:
130 default:
131 OSSTATUS_LOG(WARNING, status)
132 << "Unknown error mapped to CERT_STATUS_INVALID";
133 return CERT_STATUS_INVALID;
134 }
135 }
136
137 // Creates a series of SecPolicyRefs to be added to a SecTrustRef used to
138 // validate a certificate for an SSL server. |hostname| contains the name of
139 // the SSL server that the certificate should be verified against. If
140 // successful, returns noErr, and stores the resultant array of SecPolicyRefs
141 // in |policies|.
CreateTrustPolicies(ScopedCFTypeRef<CFArrayRef> * policies)142 OSStatus CreateTrustPolicies(ScopedCFTypeRef<CFArrayRef>* policies) {
143 ScopedCFTypeRef<CFMutableArrayRef> local_policies(
144 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks));
145 if (!local_policies)
146 return errSecAllocate;
147
148 SecPolicyRef ssl_policy = SecPolicyCreateBasicX509();
149 CFArrayAppendValue(local_policies, ssl_policy);
150 CFRelease(ssl_policy);
151 ssl_policy = SecPolicyCreateSSL(true, nullptr);
152 CFArrayAppendValue(local_policies, ssl_policy);
153 CFRelease(ssl_policy);
154
155 policies->reset(local_policies.release());
156 return noErr;
157 }
158
159 // Builds and evaluates a SecTrustRef for the certificate chain contained
160 // in |cert_array|, using the verification policies in |trust_policies|. On
161 // success, returns OK, and updates |trust_ref|, |is_trusted|, and
162 // |trust_error|. On failure, no output parameters are modified.
163 //
164 // Note: An OK return does not mean that |cert_array| is trusted, merely that
165 // verification was performed successfully.
BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,CFArrayRef trust_policies,CFDataRef ocsp_response_ref,CFArrayRef sct_array_ref,ScopedCFTypeRef<SecTrustRef> * trust_ref,ScopedCFTypeRef<CFArrayRef> * verified_chain,bool * is_trusted,ScopedCFTypeRef<CFErrorRef> * trust_error)166 int BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,
167 CFArrayRef trust_policies,
168 CFDataRef ocsp_response_ref,
169 CFArrayRef sct_array_ref,
170 ScopedCFTypeRef<SecTrustRef>* trust_ref,
171 ScopedCFTypeRef<CFArrayRef>* verified_chain,
172 bool* is_trusted,
173 ScopedCFTypeRef<CFErrorRef>* trust_error) {
174 SecTrustRef tmp_trust = nullptr;
175 OSStatus status =
176 SecTrustCreateWithCertificates(cert_array, trust_policies, &tmp_trust);
177 if (status)
178 return NetErrorFromOSStatus(status);
179 ScopedCFTypeRef<SecTrustRef> scoped_tmp_trust(tmp_trust);
180
181 if (TestRootCerts::HasInstance()) {
182 status = TestRootCerts::GetInstance()->FixupSecTrustRef(tmp_trust);
183 if (status)
184 return NetErrorFromOSStatus(status);
185 }
186
187 if (ocsp_response_ref) {
188 status = SecTrustSetOCSPResponse(tmp_trust, ocsp_response_ref);
189 if (status)
190 return NetErrorFromOSStatus(status);
191 }
192
193 if (sct_array_ref) {
194 if (__builtin_available(iOS 12.1.1, *)) {
195 status = SecTrustSetSignedCertificateTimestamps(tmp_trust, sct_array_ref);
196 if (status)
197 return NetErrorFromOSStatus(status);
198 }
199 }
200
201 ScopedCFTypeRef<CFErrorRef> tmp_error;
202 bool tmp_is_trusted = false;
203 if (__builtin_available(iOS 12.0, *)) {
204 tmp_is_trusted =
205 SecTrustEvaluateWithError(tmp_trust, tmp_error.InitializeInto());
206 } else {
207 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
208 SecTrustResultType tmp_trust_result;
209 status = SecTrustEvaluate(tmp_trust, &tmp_trust_result);
210 if (status)
211 return NetErrorFromOSStatus(status);
212 switch (tmp_trust_result) {
213 case kSecTrustResultUnspecified:
214 case kSecTrustResultProceed:
215 tmp_is_trusted = true;
216 break;
217 case kSecTrustResultInvalid:
218 return ERR_FAILED;
219 default:
220 tmp_is_trusted = false;
221 }
222 #endif
223 }
224
225 trust_ref->swap(scoped_tmp_trust);
226 trust_error->swap(tmp_error);
227 *verified_chain = x509_util::CertificateChainFromSecTrust(tmp_trust);
228 *is_trusted = tmp_is_trusted;
229 return OK;
230 }
231
GetCertChainInfo(CFArrayRef cert_chain,CertVerifyResult * verify_result)232 void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
233 DCHECK_LT(0, CFArrayGetCount(cert_chain));
234
235 base::ScopedCFTypeRef<SecCertificateRef> verified_cert;
236 std::vector<base::ScopedCFTypeRef<SecCertificateRef>> verified_chain;
237 for (CFIndex i = 0, count = CFArrayGetCount(cert_chain); i < count; ++i) {
238 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>(
239 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i)));
240 if (i == 0) {
241 verified_cert.reset(chain_cert, base::scoped_policy::RETAIN);
242 } else {
243 verified_chain.emplace_back(chain_cert, base::scoped_policy::RETAIN);
244 }
245
246 base::ScopedCFTypeRef<CFDataRef> der_data(
247 SecCertificateCopyData(chain_cert));
248 if (!der_data) {
249 verify_result->cert_status |= CERT_STATUS_INVALID;
250 return;
251 }
252
253 base::StringPiece spki_bytes;
254 if (!asn1::ExtractSPKIFromDERCert(
255 base::StringPiece(
256 reinterpret_cast<const char*>(CFDataGetBytePtr(der_data)),
257 CFDataGetLength(der_data)),
258 &spki_bytes)) {
259 verify_result->cert_status |= CERT_STATUS_INVALID;
260 return;
261 }
262
263 HashValue sha256(HASH_VALUE_SHA256);
264 CC_SHA256(spki_bytes.data(), spki_bytes.size(), sha256.data());
265 verify_result->public_key_hashes.push_back(sha256);
266 }
267 if (!verified_cert.get()) {
268 NOTREACHED();
269 verify_result->cert_status |= CERT_STATUS_INVALID;
270 return;
271 }
272
273 scoped_refptr<X509Certificate> verified_cert_with_chain =
274 x509_util::CreateX509CertificateFromSecCertificate(verified_cert,
275 verified_chain);
276 if (verified_cert_with_chain)
277 verify_result->verified_cert = std::move(verified_cert_with_chain);
278 else
279 verify_result->cert_status |= CERT_STATUS_INVALID;
280 }
281
282 } // namespace
283
CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set)284 CertVerifyProcIOS::CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set)
285 : CertVerifyProc(std::move(crl_set)) {}
286
287 // static
GetCertFailureStatusFromError(CFErrorRef error)288 CertStatus CertVerifyProcIOS::GetCertFailureStatusFromError(CFErrorRef error) {
289 if (!error)
290 return CERT_STATUS_INVALID;
291
292 base::ScopedCFTypeRef<CFStringRef> error_domain(CFErrorGetDomain(error));
293 CFIndex error_code = CFErrorGetCode(error);
294
295 if (error_domain != kCFErrorDomainOSStatus) {
296 LOG(WARNING) << "Unhandled error domain: " << error;
297 return CERT_STATUS_INVALID;
298 }
299
300 return CertStatusFromOSStatus(error_code);
301 }
302
303 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
304 // The iOS APIs don't expose an API-stable set of reasons for certificate
305 // validation failures. However, internally, the reason is tracked, and it's
306 // converted to user-facing localized strings.
307 //
308 // In the absence of a consistent API, convert the English strings to their
309 // localized counterpart, and then compare that with the error properties. If
310 // they're equal, it's a strong sign that this was the cause for the error.
311 // While this will break if/when iOS changes the contents of these strings,
312 // it's sufficient enough for now.
313 //
314 // TODO(rsleevi): https://crbug.com/601915 - Use a less brittle solution when
315 // possible.
316 // static
GetCertFailureStatusFromTrust(SecTrustRef trust)317 CertStatus CertVerifyProcIOS::GetCertFailureStatusFromTrust(SecTrustRef trust) {
318 CertStatus reason = 0;
319
320 base::ScopedCFTypeRef<CFArrayRef> properties(SecTrustCopyProperties(trust));
321 if (!properties)
322 return CERT_STATUS_INVALID;
323
324 const CFIndex properties_length = CFArrayGetCount(properties);
325 if (properties_length == 0)
326 return CERT_STATUS_INVALID;
327
328 CFBundleRef bundle =
329 CFBundleGetBundleWithIdentifier(CFSTR("com.apple.Security"));
330 CFStringRef date_string =
331 CFSTR("One or more certificates have expired or are not valid yet.");
332 ScopedCFTypeRef<CFStringRef> date_error(CFBundleCopyLocalizedString(
333 bundle, date_string, date_string, CFSTR("SecCertificate")));
334 CFStringRef trust_string = CFSTR("Root certificate is not trusted.");
335 ScopedCFTypeRef<CFStringRef> trust_error(CFBundleCopyLocalizedString(
336 bundle, trust_string, trust_string, CFSTR("SecCertificate")));
337 CFStringRef weak_string =
338 CFSTR("One or more certificates is using a weak key size.");
339 ScopedCFTypeRef<CFStringRef> weak_error(CFBundleCopyLocalizedString(
340 bundle, weak_string, weak_string, CFSTR("SecCertificate")));
341 CFStringRef hostname_mismatch_string = CFSTR("Hostname mismatch.");
342 ScopedCFTypeRef<CFStringRef> hostname_mismatch_error(
343 CFBundleCopyLocalizedString(bundle, hostname_mismatch_string,
344 hostname_mismatch_string,
345 CFSTR("SecCertificate")));
346 CFStringRef root_certificate_string =
347 CFSTR("Unable to build chain to root certificate.");
348 ScopedCFTypeRef<CFStringRef> root_certificate_error(
349 CFBundleCopyLocalizedString(bundle, root_certificate_string,
350 root_certificate_string,
351 CFSTR("SecCertificate")));
352 CFStringRef policy_requirements_not_met_string =
353 CFSTR("Policy requirements not met.");
354 ScopedCFTypeRef<CFStringRef> policy_requirements_not_met_error(
355 CFBundleCopyLocalizedString(bundle, policy_requirements_not_met_string,
356 policy_requirements_not_met_string,
357 CFSTR("SecCertificate")));
358
359 for (CFIndex i = 0; i < properties_length; ++i) {
360 CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(
361 const_cast<void*>(CFArrayGetValueAtIndex(properties, i)));
362 CFStringRef error = reinterpret_cast<CFStringRef>(
363 const_cast<void*>(CFDictionaryGetValue(dict, CFSTR("value"))));
364
365 if (CFEqual(error, date_error)) {
366 reason |= CERT_STATUS_DATE_INVALID;
367 } else if (CFEqual(error, trust_error)) {
368 reason |= CERT_STATUS_AUTHORITY_INVALID;
369 } else if (CFEqual(error, weak_error)) {
370 reason |= CERT_STATUS_WEAK_KEY;
371 } else if (CFEqual(error, hostname_mismatch_error)) {
372 reason |= CERT_STATUS_COMMON_NAME_INVALID;
373 } else if (CFEqual(error, policy_requirements_not_met_error)) {
374 reason |= CERT_STATUS_INVALID | CERT_STATUS_AUTHORITY_INVALID;
375 } else if (CFEqual(error, root_certificate_error)) {
376 reason |= CERT_STATUS_AUTHORITY_INVALID;
377 } else {
378 LOG(ERROR) << "Unrecognized error: " << error;
379 reason |= CERT_STATUS_INVALID;
380 }
381 }
382
383 return reason;
384 }
385 #endif // !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED <
386 // __IPHONE_12_0
387
SupportsAdditionalTrustAnchors() const388 bool CertVerifyProcIOS::SupportsAdditionalTrustAnchors() const {
389 return false;
390 }
391
392 CertVerifyProcIOS::~CertVerifyProcIOS() = default;
393
VerifyInternal(X509Certificate * cert,const std::string & hostname,const std::string & ocsp_response,const std::string & sct_list,int flags,const CertificateList & additional_trust_anchors,CertVerifyResult * verify_result,const NetLogWithSource & net_log)394 int CertVerifyProcIOS::VerifyInternal(
395 X509Certificate* cert,
396 const std::string& hostname,
397 const std::string& ocsp_response,
398 const std::string& sct_list,
399 int flags,
400 const CertificateList& additional_trust_anchors,
401 CertVerifyResult* verify_result,
402 const NetLogWithSource& net_log) {
403 ScopedCFTypeRef<CFArrayRef> trust_policies;
404 OSStatus status = CreateTrustPolicies(&trust_policies);
405 if (status)
406 return NetErrorFromOSStatus(status);
407
408 ScopedCFTypeRef<CFMutableArrayRef> cert_array(
409 x509_util::CreateSecCertificateArrayForX509Certificate(
410 cert, x509_util::InvalidIntermediateBehavior::kIgnore));
411 if (!cert_array) {
412 verify_result->cert_status |= CERT_STATUS_INVALID;
413 return ERR_CERT_INVALID;
414 }
415
416 ScopedCFTypeRef<CFDataRef> ocsp_response_ref;
417 if (!ocsp_response.empty()) {
418 ocsp_response_ref.reset(
419 CFDataCreate(kCFAllocatorDefault,
420 reinterpret_cast<const UInt8*>(ocsp_response.data()),
421 base::checked_cast<CFIndex>(ocsp_response.size())));
422 if (!ocsp_response_ref)
423 return ERR_OUT_OF_MEMORY;
424 }
425
426 ScopedCFTypeRef<CFMutableArrayRef> sct_array_ref;
427 if (!sct_list.empty()) {
428 if (__builtin_available(iOS 12.1.1, *)) {
429 std::vector<base::StringPiece> decoded_sct_list;
430 if (ct::DecodeSCTList(sct_list, &decoded_sct_list)) {
431 sct_array_ref.reset(CFArrayCreateMutable(kCFAllocatorDefault,
432 decoded_sct_list.size(),
433 &kCFTypeArrayCallBacks));
434 if (!sct_array_ref)
435 return ERR_OUT_OF_MEMORY;
436 for (const auto& sct : decoded_sct_list) {
437 ScopedCFTypeRef<CFDataRef> sct_ref(CFDataCreate(
438 kCFAllocatorDefault, reinterpret_cast<const UInt8*>(sct.data()),
439 base::checked_cast<CFIndex>(sct.size())));
440 if (!sct_ref)
441 return ERR_OUT_OF_MEMORY;
442 CFArrayAppendValue(sct_array_ref.get(), sct_ref.get());
443 }
444 }
445 }
446 }
447
448 ScopedCFTypeRef<SecTrustRef> trust_ref;
449 bool is_trusted = false;
450 ScopedCFTypeRef<CFArrayRef> final_chain;
451 ScopedCFTypeRef<CFErrorRef> trust_error;
452
453 int err = BuildAndEvaluateSecTrustRef(
454 cert_array, trust_policies, ocsp_response_ref.get(), sct_array_ref.get(),
455 &trust_ref, &final_chain, &is_trusted, &trust_error);
456 if (err)
457 return err;
458
459 if (CFArrayGetCount(final_chain) == 0)
460 return ERR_FAILED;
461
462 // TODO(rsleevi): Support CRLSet revocation.
463 if (!is_trusted) {
464 if (__builtin_available(iOS 12.0, *)) {
465 verify_result->cert_status |= GetCertFailureStatusFromError(trust_error);
466 } else {
467 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
468 SecTrustResultType trust_result = kSecTrustResultInvalid;
469 status = SecTrustGetTrustResult(trust_ref.get(), &trust_result);
470 if (status)
471 return NetErrorFromOSStatus(status);
472 switch (trust_result) {
473 case kSecTrustResultUnspecified:
474 case kSecTrustResultProceed:
475 NOTREACHED();
476 break;
477 case kSecTrustResultDeny:
478 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
479 break;
480 default:
481 verify_result->cert_status |=
482 GetCertFailureStatusFromTrust(trust_ref);
483 }
484 #else
485 // It should be impossible to reach this code, but if somehow it is
486 // reached it would allow any certificate as valid since no errors would
487 // be added to cert_status. Therefore, add a CHECK as a fail safe.
488 CHECK(false);
489 #endif
490 }
491 }
492 GetCertChainInfo(final_chain, verify_result);
493
494 // While iOS lacks the ability to distinguish system-trusted versus
495 // user-installed roots, the set of roots that are expected to comply with
496 // the Baseline Requirements can be determined by
497 // GetNetTrustAnchorHistogramForSPKI() - a non-zero value means that it is
498 // known as a publicly trusted, and therefore subject to the BRs, cert.
499 for (auto it = verify_result->public_key_hashes.rbegin();
500 it != verify_result->public_key_hashes.rend() &&
501 !verify_result->is_issued_by_known_root;
502 ++it) {
503 verify_result->is_issued_by_known_root =
504 GetNetTrustAnchorHistogramIdForSPKI(*it) != 0;
505 }
506
507 if (IsCertStatusError(verify_result->cert_status))
508 return MapCertStatusToNetError(verify_result->cert_status);
509
510 if (TestRootCerts::HasInstance() &&
511 !verify_result->verified_cert->intermediate_buffers().empty() &&
512 TestRootCerts::GetInstance()->IsKnownRoot(x509_util::CryptoBufferAsSpan(
513 verify_result->verified_cert->intermediate_buffers().back().get()))) {
514 verify_result->is_issued_by_known_root = true;
515 }
516
517 LogNameNormalizationMetrics(".IOS", verify_result->verified_cert.get(),
518 verify_result->is_issued_by_known_root);
519
520 return OK;
521 }
522
523 } // namespace net
524