1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc_ios.h"
6
7 #include <CommonCrypto/CommonDigest.h>
8
9 #include "base/apple/foundation_util.h"
10 #include "base/apple/osstatus_logging.h"
11 #include "base/apple/scoped_cftyperef.h"
12 #include "base/logging.h"
13 #include "base/notreached.h"
14 #include "crypto/sha2.h"
15 #include "net/base/net_errors.h"
16 #include "net/cert/asn1_util.h"
17 #include "net/cert/cert_verify_result.h"
18 #include "net/cert/crl_set.h"
19 #include "net/cert/ct_serialization.h"
20 #include "net/cert/known_roots.h"
21 #include "net/cert/test_root_certs.h"
22 #include "net/cert/x509_certificate.h"
23 #include "net/cert/x509_util.h"
24 #include "net/cert/x509_util_apple.h"
25
26 using base::apple::ScopedCFTypeRef;
27
28 namespace net {
29
30 namespace {
31
NetErrorFromOSStatus(OSStatus status)32 int NetErrorFromOSStatus(OSStatus status) {
33 switch (status) {
34 case noErr:
35 return OK;
36 case errSecNotAvailable:
37 return ERR_NOT_IMPLEMENTED;
38 case errSecAuthFailed:
39 return ERR_ACCESS_DENIED;
40 default:
41 return ERR_FAILED;
42 }
43 }
44
45 // Maps errors from OSStatus codes to CertStatus flags.
46 //
47 // The selection of errors is based off of Apple's SecPolicyChecks.list, and
48 // any unknown errors are mapped to CERT_STATUS_INVALID for safety.
CertStatusFromOSStatus(OSStatus status)49 CertStatus CertStatusFromOSStatus(OSStatus status) {
50 switch (status) {
51 case errSecHostNameMismatch:
52 return CERT_STATUS_COMMON_NAME_INVALID;
53
54 case errSecCertificateExpired:
55 case errSecCertificateNotValidYet:
56 return CERT_STATUS_DATE_INVALID;
57
58 case errSecCreateChainFailed:
59 case errSecNotTrusted:
60 // errSecVerifyActionFailed is used when CT is required
61 // and not present. The OS rejected this chain, and so mapping
62 // to CERT_STATUS_CT_COMPLIANCE_FAILED (which is informational,
63 // as policy enforcement is not handled in the CertVerifier)
64 // would cause this error to be ignored and mapped to
65 // CERT_STATUS_INVALID. Rather than do that, mark it simply as
66 // "untrusted". The CT_COMPLIANCE_FAILED bit is not set, since
67 // it's not necessarily a compliance failure with the embedder's
68 // CT policy. It's a bit of a hack, but hopefully temporary.
69 // errSecNotTrusted is somewhat similar. It applies for
70 // situations where a root isn't trusted or an intermediate
71 // isn't trusted, when a key is restricted, or when the calling
72 // application requested CT enforcement (which CertVerifier
73 // should never being doing).
74 case errSecVerifyActionFailed:
75 return CERT_STATUS_AUTHORITY_INVALID;
76
77 case errSecInvalidIDLinkage:
78 case errSecNoBasicConstraintsCA:
79 case errSecInvalidSubjectName:
80 case errSecInvalidExtendedKeyUsage:
81 case errSecInvalidKeyUsageForPolicy:
82 case errSecMissingRequiredExtension:
83 case errSecNoBasicConstraints:
84 case errSecPathLengthConstraintExceeded:
85 case errSecUnknownCertExtension:
86 case errSecUnknownCriticalExtensionFlag:
87 // errSecCertificatePolicyNotAllowed and errSecCertificateNameNotAllowed
88 // are used for certificates that violate the constraints imposed upon the
89 // issuer. Nominally this could be mapped to CERT_STATUS_AUTHORITY_INVALID,
90 // except the trustd behaviour is to treat this as a fatal
91 // (non-recoverable) error. That behavior is preserved here for consistency
92 // with Safari.
93 case errSecCertificatePolicyNotAllowed:
94 case errSecCertificateNameNotAllowed:
95 return CERT_STATUS_INVALID;
96
97 // Unfortunately, iOS's handling of weak digest algorithms and key sizes
98 // doesn't map exactly to Chrome's. errSecInvalidDigestAlgorithm and
99 // errSecUnsupportedKeySize may indicate errors that iOS considers fatal
100 // (too weak to process at all) or recoverable (too weak according to
101 // compliance policies).
102 // Further, because SecTrustEvaluateWithError only returns a single error
103 // code, a fatal error may have occurred elsewhere in the chain, so the
104 // overall result can't be used to distinguish individual certificate
105 // errors. For this complicated reason, the weak key and weak digest cases
106 // also map to CERT_STATUS_INVALID for safety.
107 case errSecInvalidDigestAlgorithm:
108 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM | CERT_STATUS_INVALID;
109 case errSecUnsupportedKeySize:
110 return CERT_STATUS_WEAK_KEY | CERT_STATUS_INVALID;
111
112 case errSecCertificateRevoked:
113 return CERT_STATUS_REVOKED;
114
115 case errSecIncompleteCertRevocationCheck:
116 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
117
118 case errSecCertificateValidityPeriodTooLong:
119 return CERT_STATUS_VALIDITY_TOO_LONG;
120
121 case errSecInvalidCertificateRef:
122 case errSecInvalidName:
123 case errSecInvalidPolicyIdentifiers:
124 return CERT_STATUS_INVALID;
125
126 // This function should only be called on errors, so should always return a
127 // CertStatus code that is considered an error. If the input is unexpectedly
128 // errSecSuccess, return CERT_STATUS_INVALID for safety.
129 case errSecSuccess:
130 default:
131 OSSTATUS_LOG(WARNING, status)
132 << "Unknown error mapped to CERT_STATUS_INVALID";
133 return CERT_STATUS_INVALID;
134 }
135 }
136
137 // Creates a series of SecPolicyRefs to be added to a SecTrustRef used to
138 // validate a certificate for an SSL server. |hostname| contains the name of
139 // the SSL server that the certificate should be verified against. If
140 // successful, returns noErr, and stores the resultant array of SecPolicyRefs
141 // in |policies|.
CreateTrustPolicies(ScopedCFTypeRef<CFArrayRef> * policies)142 OSStatus CreateTrustPolicies(ScopedCFTypeRef<CFArrayRef>* policies) {
143 ScopedCFTypeRef<CFMutableArrayRef> local_policies(
144 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks));
145 if (!local_policies)
146 return errSecAllocate;
147
148 base::apple::ScopedCFTypeRef<SecPolicyRef> ssl_policy(
149 SecPolicyCreateBasicX509());
150 CFArrayAppendValue(local_policies.get(), ssl_policy.get());
151 ssl_policy.reset(SecPolicyCreateSSL(/*server=*/true, /*hostname=*/nullptr));
152 CFArrayAppendValue(local_policies.get(), ssl_policy.get());
153
154 *policies = std::move(local_policies);
155 return noErr;
156 }
157
158 // Builds and evaluates a SecTrustRef for the certificate chain contained
159 // in |cert_array|, using the verification policies in |trust_policies|. On
160 // success, returns OK, and updates |trust_ref|, |is_trusted|, and
161 // |trust_error|. On failure, no output parameters are modified.
162 //
163 // Note: An OK return does not mean that |cert_array| is trusted, merely that
164 // verification was performed successfully.
BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,CFArrayRef trust_policies,CFDataRef ocsp_response_ref,CFArrayRef sct_array_ref,ScopedCFTypeRef<SecTrustRef> * trust_ref,ScopedCFTypeRef<CFArrayRef> * verified_chain,bool * is_trusted,ScopedCFTypeRef<CFErrorRef> * trust_error)165 int BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,
166 CFArrayRef trust_policies,
167 CFDataRef ocsp_response_ref,
168 CFArrayRef sct_array_ref,
169 ScopedCFTypeRef<SecTrustRef>* trust_ref,
170 ScopedCFTypeRef<CFArrayRef>* verified_chain,
171 bool* is_trusted,
172 ScopedCFTypeRef<CFErrorRef>* trust_error) {
173 ScopedCFTypeRef<SecTrustRef> tmp_trust;
174 OSStatus status = SecTrustCreateWithCertificates(cert_array, trust_policies,
175 tmp_trust.InitializeInto());
176 if (status)
177 return NetErrorFromOSStatus(status);
178
179 if (TestRootCerts::HasInstance()) {
180 status = TestRootCerts::GetInstance()->FixupSecTrustRef(tmp_trust.get());
181 if (status)
182 return NetErrorFromOSStatus(status);
183 }
184
185 if (ocsp_response_ref) {
186 status = SecTrustSetOCSPResponse(tmp_trust.get(), ocsp_response_ref);
187 if (status)
188 return NetErrorFromOSStatus(status);
189 }
190
191 if (sct_array_ref) {
192 if (__builtin_available(iOS 12.1.1, *)) {
193 status = SecTrustSetSignedCertificateTimestamps(tmp_trust.get(),
194 sct_array_ref);
195 if (status)
196 return NetErrorFromOSStatus(status);
197 }
198 }
199
200 ScopedCFTypeRef<CFErrorRef> tmp_error;
201 bool tmp_is_trusted = false;
202 if (__builtin_available(iOS 12.0, *)) {
203 tmp_is_trusted =
204 SecTrustEvaluateWithError(tmp_trust.get(), tmp_error.InitializeInto());
205 } else {
206 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
207 SecTrustResultType tmp_trust_result;
208 status = SecTrustEvaluate(tmp_trust.get(), &tmp_trust_result);
209 if (status)
210 return NetErrorFromOSStatus(status);
211 switch (tmp_trust_result) {
212 case kSecTrustResultUnspecified:
213 case kSecTrustResultProceed:
214 tmp_is_trusted = true;
215 break;
216 case kSecTrustResultInvalid:
217 return ERR_FAILED;
218 default:
219 tmp_is_trusted = false;
220 }
221 #endif
222 }
223
224 trust_ref->swap(tmp_trust);
225 trust_error->swap(tmp_error);
226 *verified_chain = x509_util::CertificateChainFromSecTrust(trust_ref->get());
227 *is_trusted = tmp_is_trusted;
228 return OK;
229 }
230
GetCertChainInfo(CFArrayRef cert_chain,CertVerifyResult * verify_result)231 void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
232 DCHECK_LT(0, CFArrayGetCount(cert_chain));
233
234 base::apple::ScopedCFTypeRef<SecCertificateRef> verified_cert;
235 std::vector<base::apple::ScopedCFTypeRef<SecCertificateRef>> verified_chain;
236 for (CFIndex i = 0, count = CFArrayGetCount(cert_chain); i < count; ++i) {
237 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>(
238 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i)));
239 if (i == 0) {
240 verified_cert.reset(chain_cert, base::scoped_policy::RETAIN);
241 } else {
242 verified_chain.emplace_back(chain_cert, base::scoped_policy::RETAIN);
243 }
244
245 base::apple::ScopedCFTypeRef<CFDataRef> der_data(
246 SecCertificateCopyData(chain_cert));
247 if (!der_data) {
248 verify_result->cert_status |= CERT_STATUS_INVALID;
249 return;
250 }
251
252 base::StringPiece spki_bytes;
253 if (!asn1::ExtractSPKIFromDERCert(
254 base::StringPiece(
255 reinterpret_cast<const char*>(CFDataGetBytePtr(der_data.get())),
256 CFDataGetLength(der_data.get())),
257 &spki_bytes)) {
258 verify_result->cert_status |= CERT_STATUS_INVALID;
259 return;
260 }
261
262 HashValue sha256(HASH_VALUE_SHA256);
263 CC_SHA256(spki_bytes.data(), spki_bytes.size(), sha256.data());
264 verify_result->public_key_hashes.push_back(sha256);
265 }
266 if (!verified_cert.get()) {
267 NOTREACHED();
268 verify_result->cert_status |= CERT_STATUS_INVALID;
269 return;
270 }
271
272 scoped_refptr<X509Certificate> verified_cert_with_chain =
273 x509_util::CreateX509CertificateFromSecCertificate(verified_cert,
274 verified_chain);
275 if (verified_cert_with_chain)
276 verify_result->verified_cert = std::move(verified_cert_with_chain);
277 else
278 verify_result->cert_status |= CERT_STATUS_INVALID;
279 }
280
281 } // namespace
282
CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set)283 CertVerifyProcIOS::CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set)
284 : CertVerifyProc(std::move(crl_set)) {}
285
286 // static
GetCertFailureStatusFromError(CFErrorRef error)287 CertStatus CertVerifyProcIOS::GetCertFailureStatusFromError(CFErrorRef error) {
288 if (!error)
289 return CERT_STATUS_INVALID;
290
291 base::apple::ScopedCFTypeRef<CFStringRef> error_domain(
292 CFErrorGetDomain(error));
293 CFIndex error_code = CFErrorGetCode(error);
294
295 if (error_domain.get() != kCFErrorDomainOSStatus) {
296 LOG(WARNING) << "Unhandled error domain: " << error;
297 return CERT_STATUS_INVALID;
298 }
299
300 return CertStatusFromOSStatus(error_code);
301 }
302
303 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
304 // The iOS APIs don't expose an API-stable set of reasons for certificate
305 // validation failures. However, internally, the reason is tracked, and it's
306 // converted to user-facing localized strings.
307 //
308 // In the absence of a consistent API, convert the English strings to their
309 // localized counterpart, and then compare that with the error properties. If
310 // they're equal, it's a strong sign that this was the cause for the error.
311 // While this will break if/when iOS changes the contents of these strings,
312 // it's sufficient enough for now.
313 //
314 // TODO(rsleevi): https://crbug.com/601915 - Use a less brittle solution when
315 // possible.
316 // static
GetCertFailureStatusFromTrust(SecTrustRef trust)317 CertStatus CertVerifyProcIOS::GetCertFailureStatusFromTrust(SecTrustRef trust) {
318 CertStatus reason = 0;
319
320 base::apple::ScopedCFTypeRef<CFArrayRef> properties(
321 SecTrustCopyProperties(trust));
322 if (!properties)
323 return CERT_STATUS_INVALID;
324
325 const CFIndex properties_length = CFArrayGetCount(properties.get());
326 if (properties_length == 0)
327 return CERT_STATUS_INVALID;
328
329 CFBundleRef bundle =
330 CFBundleGetBundleWithIdentifier(CFSTR("com.apple.Security"));
331 CFStringRef date_string =
332 CFSTR("One or more certificates have expired or are not valid yet.");
333 ScopedCFTypeRef<CFStringRef> date_error(CFBundleCopyLocalizedString(
334 bundle, date_string, date_string, CFSTR("SecCertificate")));
335 CFStringRef trust_string = CFSTR("Root certificate is not trusted.");
336 ScopedCFTypeRef<CFStringRef> trust_error(CFBundleCopyLocalizedString(
337 bundle, trust_string, trust_string, CFSTR("SecCertificate")));
338 CFStringRef weak_string =
339 CFSTR("One or more certificates is using a weak key size.");
340 ScopedCFTypeRef<CFStringRef> weak_error(CFBundleCopyLocalizedString(
341 bundle, weak_string, weak_string, CFSTR("SecCertificate")));
342 CFStringRef hostname_mismatch_string = CFSTR("Hostname mismatch.");
343 ScopedCFTypeRef<CFStringRef> hostname_mismatch_error(
344 CFBundleCopyLocalizedString(bundle, hostname_mismatch_string,
345 hostname_mismatch_string,
346 CFSTR("SecCertificate")));
347 CFStringRef root_certificate_string =
348 CFSTR("Unable to build chain to root certificate.");
349 ScopedCFTypeRef<CFStringRef> root_certificate_error(
350 CFBundleCopyLocalizedString(bundle, root_certificate_string,
351 root_certificate_string,
352 CFSTR("SecCertificate")));
353 CFStringRef policy_requirements_not_met_string =
354 CFSTR("Policy requirements not met.");
355 ScopedCFTypeRef<CFStringRef> policy_requirements_not_met_error(
356 CFBundleCopyLocalizedString(bundle, policy_requirements_not_met_string,
357 policy_requirements_not_met_string,
358 CFSTR("SecCertificate")));
359
360 for (CFIndex i = 0; i < properties_length; ++i) {
361 CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(
362 const_cast<void*>(CFArrayGetValueAtIndex(properties.get(), i)));
363 CFStringRef error = reinterpret_cast<CFStringRef>(
364 const_cast<void*>(CFDictionaryGetValue(dict, CFSTR("value"))));
365
366 if (CFEqual(error, date_error.get())) {
367 reason |= CERT_STATUS_DATE_INVALID;
368 } else if (CFEqual(error, trust_error.get())) {
369 reason |= CERT_STATUS_AUTHORITY_INVALID;
370 } else if (CFEqual(error, weak_error.get())) {
371 reason |= CERT_STATUS_WEAK_KEY;
372 } else if (CFEqual(error, hostname_mismatch_error.get())) {
373 reason |= CERT_STATUS_COMMON_NAME_INVALID;
374 } else if (CFEqual(error, policy_requirements_not_met_error.get())) {
375 reason |= CERT_STATUS_INVALID | CERT_STATUS_AUTHORITY_INVALID;
376 } else if (CFEqual(error, root_certificate_error.get())) {
377 reason |= CERT_STATUS_AUTHORITY_INVALID;
378 } else {
379 LOG(ERROR) << "Unrecognized error: " << error;
380 reason |= CERT_STATUS_INVALID;
381 }
382 }
383
384 return reason;
385 }
386 #endif // !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED <
387 // __IPHONE_12_0
388
389 CertVerifyProcIOS::~CertVerifyProcIOS() = default;
390
VerifyInternal(X509Certificate * cert,const std::string & hostname,const std::string & ocsp_response,const std::string & sct_list,int flags,CertVerifyResult * verify_result,const NetLogWithSource & net_log)391 int CertVerifyProcIOS::VerifyInternal(
392 X509Certificate* cert,
393 const std::string& hostname,
394 const std::string& ocsp_response,
395 const std::string& sct_list,
396 int flags,
397 CertVerifyResult* verify_result,
398 const NetLogWithSource& net_log) {
399 ScopedCFTypeRef<CFArrayRef> trust_policies;
400 OSStatus status = CreateTrustPolicies(&trust_policies);
401 if (status)
402 return NetErrorFromOSStatus(status);
403
404 ScopedCFTypeRef<CFMutableArrayRef> cert_array(
405 x509_util::CreateSecCertificateArrayForX509Certificate(
406 cert, x509_util::InvalidIntermediateBehavior::kIgnore));
407 if (!cert_array) {
408 verify_result->cert_status |= CERT_STATUS_INVALID;
409 return ERR_CERT_INVALID;
410 }
411
412 ScopedCFTypeRef<CFDataRef> ocsp_response_ref;
413 if (!ocsp_response.empty()) {
414 ocsp_response_ref.reset(
415 CFDataCreate(kCFAllocatorDefault,
416 reinterpret_cast<const UInt8*>(ocsp_response.data()),
417 base::checked_cast<CFIndex>(ocsp_response.size())));
418 if (!ocsp_response_ref)
419 return ERR_OUT_OF_MEMORY;
420 }
421
422 ScopedCFTypeRef<CFMutableArrayRef> sct_array_ref;
423 if (!sct_list.empty()) {
424 if (__builtin_available(iOS 12.1.1, *)) {
425 std::vector<base::StringPiece> decoded_sct_list;
426 if (ct::DecodeSCTList(sct_list, &decoded_sct_list)) {
427 sct_array_ref.reset(CFArrayCreateMutable(kCFAllocatorDefault,
428 decoded_sct_list.size(),
429 &kCFTypeArrayCallBacks));
430 if (!sct_array_ref)
431 return ERR_OUT_OF_MEMORY;
432 for (const auto& sct : decoded_sct_list) {
433 ScopedCFTypeRef<CFDataRef> sct_ref(CFDataCreate(
434 kCFAllocatorDefault, reinterpret_cast<const UInt8*>(sct.data()),
435 base::checked_cast<CFIndex>(sct.size())));
436 if (!sct_ref)
437 return ERR_OUT_OF_MEMORY;
438 CFArrayAppendValue(sct_array_ref.get(), sct_ref.get());
439 }
440 }
441 }
442 }
443
444 ScopedCFTypeRef<SecTrustRef> trust_ref;
445 bool is_trusted = false;
446 ScopedCFTypeRef<CFArrayRef> final_chain;
447 ScopedCFTypeRef<CFErrorRef> trust_error;
448
449 int err = BuildAndEvaluateSecTrustRef(
450 cert_array.get(), trust_policies.get(), ocsp_response_ref.get(),
451 sct_array_ref.get(), &trust_ref, &final_chain, &is_trusted, &trust_error);
452 if (err)
453 return err;
454
455 if (CFArrayGetCount(final_chain.get()) == 0) {
456 return ERR_FAILED;
457 }
458
459 // TODO(rsleevi): Support CRLSet revocation.
460 if (!is_trusted) {
461 if (__builtin_available(iOS 12.0, *)) {
462 verify_result->cert_status |=
463 GetCertFailureStatusFromError(trust_error.get());
464 } else {
465 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
466 SecTrustResultType trust_result = kSecTrustResultInvalid;
467 status = SecTrustGetTrustResult(trust_ref.get(), &trust_result);
468 if (status)
469 return NetErrorFromOSStatus(status);
470 switch (trust_result) {
471 case kSecTrustResultUnspecified:
472 case kSecTrustResultProceed:
473 NOTREACHED();
474 break;
475 case kSecTrustResultDeny:
476 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
477 break;
478 default:
479 verify_result->cert_status |=
480 GetCertFailureStatusFromTrust(trust_ref.get());
481 }
482 #else
483 // It should be impossible to reach this code, but if somehow it is
484 // reached it would allow any certificate as valid since no errors would
485 // be added to cert_status. Therefore, add a CHECK as a fail safe.
486 CHECK(false);
487 #endif
488 }
489 }
490 GetCertChainInfo(final_chain.get(), verify_result);
491
492 // While iOS lacks the ability to distinguish system-trusted versus
493 // user-installed roots, the set of roots that are expected to comply with
494 // the Baseline Requirements can be determined by
495 // GetNetTrustAnchorHistogramForSPKI() - a non-zero value means that it is
496 // known as a publicly trusted, and therefore subject to the BRs, cert.
497 for (auto it = verify_result->public_key_hashes.rbegin();
498 it != verify_result->public_key_hashes.rend() &&
499 !verify_result->is_issued_by_known_root;
500 ++it) {
501 verify_result->is_issued_by_known_root =
502 GetNetTrustAnchorHistogramIdForSPKI(*it) != 0;
503 }
504
505 if (IsCertStatusError(verify_result->cert_status))
506 return MapCertStatusToNetError(verify_result->cert_status);
507
508 if (TestRootCerts::HasInstance() &&
509 !verify_result->verified_cert->intermediate_buffers().empty() &&
510 TestRootCerts::GetInstance()->IsKnownRoot(x509_util::CryptoBufferAsSpan(
511 verify_result->verified_cert->intermediate_buffers().back().get()))) {
512 verify_result->is_issued_by_known_root = true;
513 }
514
515 LogNameNormalizationMetrics(".IOS", verify_result->verified_cert.get(),
516 verify_result->is_issued_by_known_root);
517
518 return OK;
519 }
520
521 } // namespace net
522