1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc_ios.h"
6
7 #include <CommonCrypto/CommonDigest.h>
8
9 #include <string_view>
10
11 #include "base/apple/foundation_util.h"
12 #include "base/apple/osstatus_logging.h"
13 #include "base/apple/scoped_cftyperef.h"
14 #include "base/containers/span.h"
15 #include "base/logging.h"
16 #include "base/notreached.h"
17 #include "crypto/sha2.h"
18 #include "net/base/net_errors.h"
19 #include "net/cert/asn1_util.h"
20 #include "net/cert/cert_verify_result.h"
21 #include "net/cert/crl_set.h"
22 #include "net/cert/ct_serialization.h"
23 #include "net/cert/known_roots.h"
24 #include "net/cert/test_root_certs.h"
25 #include "net/cert/x509_certificate.h"
26 #include "net/cert/x509_util.h"
27 #include "net/cert/x509_util_apple.h"
28
29 using base::apple::ScopedCFTypeRef;
30
31 namespace net {
32
33 namespace {
34
NetErrorFromOSStatus(OSStatus status)35 int NetErrorFromOSStatus(OSStatus status) {
36 switch (status) {
37 case noErr:
38 return OK;
39 case errSecNotAvailable:
40 return ERR_NOT_IMPLEMENTED;
41 case errSecAuthFailed:
42 return ERR_ACCESS_DENIED;
43 default:
44 return ERR_FAILED;
45 }
46 }
47
48 // Maps errors from OSStatus codes to CertStatus flags.
49 //
50 // The selection of errors is based off of Apple's SecPolicyChecks.list, and
51 // any unknown errors are mapped to CERT_STATUS_INVALID for safety.
CertStatusFromOSStatus(OSStatus status)52 CertStatus CertStatusFromOSStatus(OSStatus status) {
53 switch (status) {
54 case errSecHostNameMismatch:
55 return CERT_STATUS_COMMON_NAME_INVALID;
56
57 case errSecCertificateExpired:
58 case errSecCertificateNotValidYet:
59 return CERT_STATUS_DATE_INVALID;
60
61 case errSecCreateChainFailed:
62 case errSecNotTrusted:
63 // errSecVerifyActionFailed is used when CT is required
64 // and not present. The OS rejected this chain, and so mapping
65 // to CERT_STATUS_CT_COMPLIANCE_FAILED (which is informational,
66 // as policy enforcement is not handled in the CertVerifier)
67 // would cause this error to be ignored and mapped to
68 // CERT_STATUS_INVALID. Rather than do that, mark it simply as
69 // "untrusted". The CT_COMPLIANCE_FAILED bit is not set, since
70 // it's not necessarily a compliance failure with the embedder's
71 // CT policy. It's a bit of a hack, but hopefully temporary.
72 // errSecNotTrusted is somewhat similar. It applies for
73 // situations where a root isn't trusted or an intermediate
74 // isn't trusted, when a key is restricted, or when the calling
75 // application requested CT enforcement (which CertVerifier
76 // should never being doing).
77 case errSecVerifyActionFailed:
78 return CERT_STATUS_AUTHORITY_INVALID;
79
80 case errSecInvalidIDLinkage:
81 case errSecNoBasicConstraintsCA:
82 case errSecInvalidSubjectName:
83 case errSecInvalidExtendedKeyUsage:
84 case errSecInvalidKeyUsageForPolicy:
85 case errSecMissingRequiredExtension:
86 case errSecNoBasicConstraints:
87 case errSecPathLengthConstraintExceeded:
88 case errSecUnknownCertExtension:
89 case errSecUnknownCriticalExtensionFlag:
90 // errSecCertificatePolicyNotAllowed and errSecCertificateNameNotAllowed
91 // are used for certificates that violate the constraints imposed upon the
92 // issuer. Nominally this could be mapped to CERT_STATUS_AUTHORITY_INVALID,
93 // except the trustd behaviour is to treat this as a fatal
94 // (non-recoverable) error. That behavior is preserved here for consistency
95 // with Safari.
96 case errSecCertificatePolicyNotAllowed:
97 case errSecCertificateNameNotAllowed:
98 return CERT_STATUS_INVALID;
99
100 // Unfortunately, iOS's handling of weak digest algorithms and key sizes
101 // doesn't map exactly to Chrome's. errSecInvalidDigestAlgorithm and
102 // errSecUnsupportedKeySize may indicate errors that iOS considers fatal
103 // (too weak to process at all) or recoverable (too weak according to
104 // compliance policies).
105 // Further, because SecTrustEvaluateWithError only returns a single error
106 // code, a fatal error may have occurred elsewhere in the chain, so the
107 // overall result can't be used to distinguish individual certificate
108 // errors. For this complicated reason, the weak key and weak digest cases
109 // also map to CERT_STATUS_INVALID for safety.
110 case errSecInvalidDigestAlgorithm:
111 return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM | CERT_STATUS_INVALID;
112 case errSecUnsupportedKeySize:
113 return CERT_STATUS_WEAK_KEY | CERT_STATUS_INVALID;
114
115 case errSecCertificateRevoked:
116 return CERT_STATUS_REVOKED;
117
118 case errSecIncompleteCertRevocationCheck:
119 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
120
121 case errSecCertificateValidityPeriodTooLong:
122 return CERT_STATUS_VALIDITY_TOO_LONG;
123
124 case errSecInvalidCertificateRef:
125 case errSecInvalidName:
126 case errSecInvalidPolicyIdentifiers:
127 return CERT_STATUS_INVALID;
128
129 // This function should only be called on errors, so should always return a
130 // CertStatus code that is considered an error. If the input is unexpectedly
131 // errSecSuccess, return CERT_STATUS_INVALID for safety.
132 case errSecSuccess:
133 default:
134 OSSTATUS_LOG(WARNING, status)
135 << "Unknown error mapped to CERT_STATUS_INVALID";
136 return CERT_STATUS_INVALID;
137 }
138 }
139
140 // Creates a series of SecPolicyRefs to be added to a SecTrustRef used to
141 // validate a certificate for an SSL server. |hostname| contains the name of
142 // the SSL server that the certificate should be verified against. If
143 // successful, returns noErr, and stores the resultant array of SecPolicyRefs
144 // in |policies|.
CreateTrustPolicies(ScopedCFTypeRef<CFArrayRef> * policies)145 OSStatus CreateTrustPolicies(ScopedCFTypeRef<CFArrayRef>* policies) {
146 ScopedCFTypeRef<CFMutableArrayRef> local_policies(
147 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks));
148 if (!local_policies)
149 return errSecAllocate;
150
151 base::apple::ScopedCFTypeRef<SecPolicyRef> ssl_policy(
152 SecPolicyCreateBasicX509());
153 CFArrayAppendValue(local_policies.get(), ssl_policy.get());
154 ssl_policy.reset(SecPolicyCreateSSL(/*server=*/true, /*hostname=*/nullptr));
155 CFArrayAppendValue(local_policies.get(), ssl_policy.get());
156
157 *policies = std::move(local_policies);
158 return noErr;
159 }
160
161 // Builds and evaluates a SecTrustRef for the certificate chain contained
162 // in |cert_array|, using the verification policies in |trust_policies|. On
163 // success, returns OK, and updates |trust_ref|, |is_trusted|, and
164 // |trust_error|. On failure, no output parameters are modified.
165 //
166 // Note: An OK return does not mean that |cert_array| is trusted, merely that
167 // verification was performed successfully.
BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,CFArrayRef trust_policies,CFDataRef ocsp_response_ref,CFArrayRef sct_array_ref,ScopedCFTypeRef<SecTrustRef> * trust_ref,ScopedCFTypeRef<CFArrayRef> * verified_chain,bool * is_trusted,ScopedCFTypeRef<CFErrorRef> * trust_error)168 int BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,
169 CFArrayRef trust_policies,
170 CFDataRef ocsp_response_ref,
171 CFArrayRef sct_array_ref,
172 ScopedCFTypeRef<SecTrustRef>* trust_ref,
173 ScopedCFTypeRef<CFArrayRef>* verified_chain,
174 bool* is_trusted,
175 ScopedCFTypeRef<CFErrorRef>* trust_error) {
176 ScopedCFTypeRef<SecTrustRef> tmp_trust;
177 OSStatus status = SecTrustCreateWithCertificates(cert_array, trust_policies,
178 tmp_trust.InitializeInto());
179 if (status)
180 return NetErrorFromOSStatus(status);
181
182 if (TestRootCerts::HasInstance()) {
183 status = TestRootCerts::GetInstance()->FixupSecTrustRef(tmp_trust.get());
184 if (status)
185 return NetErrorFromOSStatus(status);
186 }
187
188 if (ocsp_response_ref) {
189 status = SecTrustSetOCSPResponse(tmp_trust.get(), ocsp_response_ref);
190 if (status)
191 return NetErrorFromOSStatus(status);
192 }
193
194 if (sct_array_ref) {
195 if (__builtin_available(iOS 12.1.1, *)) {
196 status = SecTrustSetSignedCertificateTimestamps(tmp_trust.get(),
197 sct_array_ref);
198 if (status)
199 return NetErrorFromOSStatus(status);
200 }
201 }
202
203 ScopedCFTypeRef<CFErrorRef> tmp_error;
204 bool tmp_is_trusted = false;
205 if (__builtin_available(iOS 12.0, *)) {
206 tmp_is_trusted =
207 SecTrustEvaluateWithError(tmp_trust.get(), tmp_error.InitializeInto());
208 } else {
209 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
210 SecTrustResultType tmp_trust_result;
211 status = SecTrustEvaluate(tmp_trust.get(), &tmp_trust_result);
212 if (status)
213 return NetErrorFromOSStatus(status);
214 switch (tmp_trust_result) {
215 case kSecTrustResultUnspecified:
216 case kSecTrustResultProceed:
217 tmp_is_trusted = true;
218 break;
219 case kSecTrustResultInvalid:
220 return ERR_FAILED;
221 default:
222 tmp_is_trusted = false;
223 }
224 #endif
225 }
226
227 trust_ref->swap(tmp_trust);
228 trust_error->swap(tmp_error);
229 *verified_chain = x509_util::CertificateChainFromSecTrust(trust_ref->get());
230 *is_trusted = tmp_is_trusted;
231 return OK;
232 }
233
GetCertChainInfo(CFArrayRef cert_chain,CertVerifyResult * verify_result)234 void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
235 DCHECK_LT(0, CFArrayGetCount(cert_chain));
236
237 base::apple::ScopedCFTypeRef<SecCertificateRef> verified_cert;
238 std::vector<base::apple::ScopedCFTypeRef<SecCertificateRef>> verified_chain;
239 for (CFIndex i = 0, count = CFArrayGetCount(cert_chain); i < count; ++i) {
240 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>(
241 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i)));
242 if (i == 0) {
243 verified_cert.reset(chain_cert, base::scoped_policy::RETAIN);
244 } else {
245 verified_chain.emplace_back(chain_cert, base::scoped_policy::RETAIN);
246 }
247
248 base::apple::ScopedCFTypeRef<CFDataRef> der_data(
249 SecCertificateCopyData(chain_cert));
250 if (!der_data) {
251 verify_result->cert_status |= CERT_STATUS_INVALID;
252 return;
253 }
254
255 std::string_view spki_bytes;
256 if (!asn1::ExtractSPKIFromDERCert(
257 base::as_string_view(base::apple::CFDataToSpan(der_data.get())),
258 &spki_bytes)) {
259 verify_result->cert_status |= CERT_STATUS_INVALID;
260 return;
261 }
262
263 HashValue sha256(HASH_VALUE_SHA256);
264 CC_SHA256(spki_bytes.data(), spki_bytes.size(), sha256.data());
265 verify_result->public_key_hashes.push_back(sha256);
266 }
267 if (!verified_cert.get()) {
268 NOTREACHED();
269 }
270
271 scoped_refptr<X509Certificate> verified_cert_with_chain =
272 x509_util::CreateX509CertificateFromSecCertificate(verified_cert,
273 verified_chain);
274 if (verified_cert_with_chain)
275 verify_result->verified_cert = std::move(verified_cert_with_chain);
276 else
277 verify_result->cert_status |= CERT_STATUS_INVALID;
278 }
279
280 } // namespace
281
CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set)282 CertVerifyProcIOS::CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set)
283 : CertVerifyProc(std::move(crl_set)) {}
284
285 // static
GetCertFailureStatusFromError(CFErrorRef error)286 CertStatus CertVerifyProcIOS::GetCertFailureStatusFromError(CFErrorRef error) {
287 if (!error)
288 return CERT_STATUS_INVALID;
289
290 base::apple::ScopedCFTypeRef<CFStringRef> error_domain(
291 CFErrorGetDomain(error));
292 CFIndex error_code = CFErrorGetCode(error);
293
294 if (error_domain.get() != kCFErrorDomainOSStatus) {
295 LOG(WARNING) << "Unhandled error domain: " << error;
296 return CERT_STATUS_INVALID;
297 }
298
299 return CertStatusFromOSStatus(error_code);
300 }
301
302 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
303 // The iOS APIs don't expose an API-stable set of reasons for certificate
304 // validation failures. However, internally, the reason is tracked, and it's
305 // converted to user-facing localized strings.
306 //
307 // In the absence of a consistent API, convert the English strings to their
308 // localized counterpart, and then compare that with the error properties. If
309 // they're equal, it's a strong sign that this was the cause for the error.
310 // While this will break if/when iOS changes the contents of these strings,
311 // it's sufficient enough for now.
312 //
313 // TODO(rsleevi): https://crbug.com/601915 - Use a less brittle solution when
314 // possible.
315 // static
GetCertFailureStatusFromTrust(SecTrustRef trust)316 CertStatus CertVerifyProcIOS::GetCertFailureStatusFromTrust(SecTrustRef trust) {
317 CertStatus reason = 0;
318
319 base::apple::ScopedCFTypeRef<CFArrayRef> properties(
320 SecTrustCopyProperties(trust));
321 if (!properties)
322 return CERT_STATUS_INVALID;
323
324 const CFIndex properties_length = CFArrayGetCount(properties.get());
325 if (properties_length == 0)
326 return CERT_STATUS_INVALID;
327
328 CFBundleRef bundle =
329 CFBundleGetBundleWithIdentifier(CFSTR("com.apple.Security"));
330 CFStringRef date_string =
331 CFSTR("One or more certificates have expired or are not valid yet.");
332 ScopedCFTypeRef<CFStringRef> date_error(CFBundleCopyLocalizedString(
333 bundle, date_string, date_string, CFSTR("SecCertificate")));
334 CFStringRef trust_string = CFSTR("Root certificate is not trusted.");
335 ScopedCFTypeRef<CFStringRef> trust_error(CFBundleCopyLocalizedString(
336 bundle, trust_string, trust_string, CFSTR("SecCertificate")));
337 CFStringRef weak_string =
338 CFSTR("One or more certificates is using a weak key size.");
339 ScopedCFTypeRef<CFStringRef> weak_error(CFBundleCopyLocalizedString(
340 bundle, weak_string, weak_string, CFSTR("SecCertificate")));
341 CFStringRef hostname_mismatch_string = CFSTR("Hostname mismatch.");
342 ScopedCFTypeRef<CFStringRef> hostname_mismatch_error(
343 CFBundleCopyLocalizedString(bundle, hostname_mismatch_string,
344 hostname_mismatch_string,
345 CFSTR("SecCertificate")));
346 CFStringRef root_certificate_string =
347 CFSTR("Unable to build chain to root certificate.");
348 ScopedCFTypeRef<CFStringRef> root_certificate_error(
349 CFBundleCopyLocalizedString(bundle, root_certificate_string,
350 root_certificate_string,
351 CFSTR("SecCertificate")));
352 CFStringRef policy_requirements_not_met_string =
353 CFSTR("Policy requirements not met.");
354 ScopedCFTypeRef<CFStringRef> policy_requirements_not_met_error(
355 CFBundleCopyLocalizedString(bundle, policy_requirements_not_met_string,
356 policy_requirements_not_met_string,
357 CFSTR("SecCertificate")));
358
359 for (CFIndex i = 0; i < properties_length; ++i) {
360 CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(
361 const_cast<void*>(CFArrayGetValueAtIndex(properties.get(), i)));
362 CFStringRef error = reinterpret_cast<CFStringRef>(
363 const_cast<void*>(CFDictionaryGetValue(dict, CFSTR("value"))));
364
365 if (CFEqual(error, date_error.get())) {
366 reason |= CERT_STATUS_DATE_INVALID;
367 } else if (CFEqual(error, trust_error.get())) {
368 reason |= CERT_STATUS_AUTHORITY_INVALID;
369 } else if (CFEqual(error, weak_error.get())) {
370 reason |= CERT_STATUS_WEAK_KEY;
371 } else if (CFEqual(error, hostname_mismatch_error.get())) {
372 reason |= CERT_STATUS_COMMON_NAME_INVALID;
373 } else if (CFEqual(error, policy_requirements_not_met_error.get())) {
374 reason |= CERT_STATUS_INVALID | CERT_STATUS_AUTHORITY_INVALID;
375 } else if (CFEqual(error, root_certificate_error.get())) {
376 reason |= CERT_STATUS_AUTHORITY_INVALID;
377 } else {
378 LOG(ERROR) << "Unrecognized error: " << error;
379 reason |= CERT_STATUS_INVALID;
380 }
381 }
382
383 return reason;
384 }
385 #endif // !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED <
386 // __IPHONE_12_0
387
388 CertVerifyProcIOS::~CertVerifyProcIOS() = default;
389
VerifyInternal(X509Certificate * cert,const std::string & hostname,const std::string & ocsp_response,const std::string & sct_list,int flags,CertVerifyResult * verify_result,const NetLogWithSource & net_log)390 int CertVerifyProcIOS::VerifyInternal(X509Certificate* cert,
391 const std::string& hostname,
392 const std::string& ocsp_response,
393 const std::string& sct_list,
394 int flags,
395 CertVerifyResult* verify_result,
396 const NetLogWithSource& net_log) {
397 ScopedCFTypeRef<CFArrayRef> trust_policies;
398 OSStatus status = CreateTrustPolicies(&trust_policies);
399 if (status)
400 return NetErrorFromOSStatus(status);
401
402 ScopedCFTypeRef<CFMutableArrayRef> cert_array(
403 x509_util::CreateSecCertificateArrayForX509Certificate(
404 cert, x509_util::InvalidIntermediateBehavior::kIgnore));
405 if (!cert_array) {
406 verify_result->cert_status |= CERT_STATUS_INVALID;
407 return ERR_CERT_INVALID;
408 }
409
410 ScopedCFTypeRef<CFDataRef> ocsp_response_ref;
411 if (!ocsp_response.empty()) {
412 ocsp_response_ref.reset(
413 CFDataCreate(kCFAllocatorDefault,
414 reinterpret_cast<const UInt8*>(ocsp_response.data()),
415 base::checked_cast<CFIndex>(ocsp_response.size())));
416 if (!ocsp_response_ref)
417 return ERR_OUT_OF_MEMORY;
418 }
419
420 ScopedCFTypeRef<CFMutableArrayRef> sct_array_ref;
421 if (!sct_list.empty()) {
422 if (__builtin_available(iOS 12.1.1, *)) {
423 std::vector<std::string_view> decoded_sct_list;
424 if (ct::DecodeSCTList(sct_list, &decoded_sct_list)) {
425 sct_array_ref.reset(CFArrayCreateMutable(kCFAllocatorDefault,
426 decoded_sct_list.size(),
427 &kCFTypeArrayCallBacks));
428 if (!sct_array_ref)
429 return ERR_OUT_OF_MEMORY;
430 for (const auto& sct : decoded_sct_list) {
431 ScopedCFTypeRef<CFDataRef> sct_ref(CFDataCreate(
432 kCFAllocatorDefault, reinterpret_cast<const UInt8*>(sct.data()),
433 base::checked_cast<CFIndex>(sct.size())));
434 if (!sct_ref)
435 return ERR_OUT_OF_MEMORY;
436 CFArrayAppendValue(sct_array_ref.get(), sct_ref.get());
437 }
438 }
439 }
440 }
441
442 ScopedCFTypeRef<SecTrustRef> trust_ref;
443 bool is_trusted = false;
444 ScopedCFTypeRef<CFArrayRef> final_chain;
445 ScopedCFTypeRef<CFErrorRef> trust_error;
446
447 int err = BuildAndEvaluateSecTrustRef(
448 cert_array.get(), trust_policies.get(), ocsp_response_ref.get(),
449 sct_array_ref.get(), &trust_ref, &final_chain, &is_trusted, &trust_error);
450 if (err)
451 return err;
452
453 if (CFArrayGetCount(final_chain.get()) == 0) {
454 return ERR_FAILED;
455 }
456
457 // TODO(rsleevi): Support CRLSet revocation.
458 if (!is_trusted) {
459 if (__builtin_available(iOS 12.0, *)) {
460 verify_result->cert_status |=
461 GetCertFailureStatusFromError(trust_error.get());
462 } else {
463 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
464 SecTrustResultType trust_result = kSecTrustResultInvalid;
465 status = SecTrustGetTrustResult(trust_ref.get(), &trust_result);
466 if (status)
467 return NetErrorFromOSStatus(status);
468 switch (trust_result) {
469 case kSecTrustResultUnspecified:
470 case kSecTrustResultProceed:
471 NOTREACHED();
472 case kSecTrustResultDeny:
473 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
474 break;
475 default:
476 verify_result->cert_status |=
477 GetCertFailureStatusFromTrust(trust_ref.get());
478 }
479 #else
480 // It should be impossible to reach this code, but if somehow it is
481 // reached it would allow any certificate as valid since no errors would
482 // be added to cert_status. Therefore, add a NOTREACHED() as a fail safe.
483 NOTREACHED();
484 #endif
485 }
486 }
487 GetCertChainInfo(final_chain.get(), verify_result);
488
489 // While iOS lacks the ability to distinguish system-trusted versus
490 // user-installed roots, the set of roots that are expected to comply with
491 // the Baseline Requirements can be determined by
492 // GetNetTrustAnchorHistogramForSPKI() - a non-zero value means that it is
493 // known as a publicly trusted, and therefore subject to the BRs, cert.
494 for (auto it = verify_result->public_key_hashes.rbegin();
495 it != verify_result->public_key_hashes.rend() &&
496 !verify_result->is_issued_by_known_root;
497 ++it) {
498 verify_result->is_issued_by_known_root =
499 GetNetTrustAnchorHistogramIdForSPKI(*it) != 0;
500 }
501
502 if (IsCertStatusError(verify_result->cert_status))
503 return MapCertStatusToNetError(verify_result->cert_status);
504
505 if (TestRootCerts::HasInstance() &&
506 !verify_result->verified_cert->intermediate_buffers().empty() &&
507 TestRootCerts::GetInstance()->IsKnownRoot(x509_util::CryptoBufferAsSpan(
508 verify_result->verified_cert->intermediate_buffers().back().get()))) {
509 verify_result->is_issued_by_known_root = true;
510 }
511
512 LogNameNormalizationMetrics(".IOS", verify_result->verified_cert.get(),
513 verify_result->is_issued_by_known_root);
514
515 return OK;
516 }
517
518 } // namespace net
519