search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
media: Specify WebRTC owners in media OWNERS file.
[chromium-blink-merge.git] / net / ssl / openssl_platform_key_win.cc
blob82b76ca9af8067a5d2b87bd940880beb47eff6da
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/ssl/openssl_platform_key.h"
6
7 #include <windows.h>
8 #include <NCrypt.h>
9
10 #include <string.h>
11
12 #include <algorithm>
13 #include <vector>
14
15 #include <openssl/bn.h>
16 #include <openssl/digest.h>
17 #include <openssl/ec_key.h>
18 #include <openssl/err.h>
19 #include <openssl/engine.h>
20 #include <openssl/evp.h>
21 #include <openssl/md5.h>
22 #include <openssl/obj_mac.h>
23 #include <openssl/rsa.h>
24 #include <openssl/sha.h>
25
26 #include "base/debug/debugger.h"
27 #include "base/debug/stack_trace.h"
28 #include "base/lazy_instance.h"
29 #include "base/logging.h"
30 #include "base/memory/scoped_ptr.h"
31 #include "base/profiler/scoped_tracker.h"
32 #include "base/win/windows_version.h"
33 #include "crypto/scoped_capi_types.h"
34 #include "crypto/wincrypt_shim.h"
35 #include "net/base/net_errors.h"
36 #include "net/cert/x509_certificate.h"
37 #include "net/ssl/openssl_ssl_util.h"
38
39 namespace net {
40
41 namespace {
42
43 using NCryptFreeObjectFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_HANDLE);
44 using NCryptGetPropertyFunc =
45 SECURITY_STATUS(WINAPI*)(NCRYPT_HANDLE, // hObject
46 LPCWSTR, // pszProperty
47 PBYTE, // pbOutput
48 DWORD, // cbOutput
49 DWORD*, // pcbResult
50 DWORD); // dwFlags
51 using NCryptSignHashFunc =
52 SECURITY_STATUS(WINAPI*)(NCRYPT_KEY_HANDLE, // hKey
53 VOID*, // pPaddingInfo
54 PBYTE, // pbHashValue
55 DWORD, // cbHashValue
56 PBYTE, // pbSignature
57 DWORD, // cbSignature
58 DWORD*, // pcbResult
59 DWORD); // dwFlags
60
61 class CNGFunctions {
62 public:
63 CNGFunctions()
64 : ncrypt_free_object_(nullptr),
65 ncrypt_get_property_(nullptr),
66 ncrypt_sign_hash_(nullptr) {
67 HMODULE ncrypt = GetModuleHandle(L"ncrypt.dll");
68 if (ncrypt != nullptr) {
69 ncrypt_free_object_ = reinterpret_cast<NCryptFreeObjectFunc>(
70 GetProcAddress(ncrypt, "NCryptFreeObject"));
71 ncrypt_get_property_ = reinterpret_cast<NCryptGetPropertyFunc>(
72 GetProcAddress(ncrypt, "NCryptGetProperty"));
73 ncrypt_sign_hash_ = reinterpret_cast<NCryptSignHashFunc>(
74 GetProcAddress(ncrypt, "NCryptSignHash"));
75 }
76 }
77
78 NCryptFreeObjectFunc ncrypt_free_object() const {
79 return ncrypt_free_object_;
80 }
81
82 NCryptGetPropertyFunc ncrypt_get_property() const {
83 return ncrypt_get_property_;
84 }
85
86 NCryptSignHashFunc ncrypt_sign_hash() const { return ncrypt_sign_hash_; }
87
88 private:
89 NCryptFreeObjectFunc ncrypt_free_object_;
90 NCryptGetPropertyFunc ncrypt_get_property_;
91 NCryptSignHashFunc ncrypt_sign_hash_;
92 };
93
94 base::LazyInstance<CNGFunctions>::Leaky g_cng_functions =
95 LAZY_INSTANCE_INITIALIZER;
96
97 struct CERT_KEY_CONTEXTDeleter {
98 void operator()(PCERT_KEY_CONTEXT key) {
99 if (key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
100 g_cng_functions.Get().ncrypt_free_object()(key->hNCryptKey);
101 } else {
102 CryptReleaseContext(key->hCryptProv, 0);
103 }
104 delete key;
105 }
106 };
107
108 using ScopedCERT_KEY_CONTEXT =
109 scoped_ptr<CERT_KEY_CONTEXT, CERT_KEY_CONTEXTDeleter>;
110
111 // KeyExData contains the data that is contained in the EX_DATA of the
112 // RSA and ECDSA objects that are created to wrap Windows system keys.
113 struct KeyExData {
114 KeyExData(ScopedCERT_KEY_CONTEXT key, DWORD key_length)
115 : key(key.Pass()), key_length(key_length) {}
116
117 ScopedCERT_KEY_CONTEXT key;
118 DWORD key_length;
119 };
120
121 // ExDataDup is called when one of the RSA or EC_KEY objects is
122 // duplicated. This is not supported and should never happen.
123 int ExDataDup(CRYPTO_EX_DATA* to,
124 const CRYPTO_EX_DATA* from,
125 void** from_d,
126 int idx,
127 long argl,
128 void* argp) {
129 CHECK_EQ((void*)nullptr, *from_d);
130 return 0;
131 }
132
133 // ExDataFree is called when one of the RSA or EC_KEY objects is freed.
134 void ExDataFree(void* parent,
135 void* ptr,
136 CRYPTO_EX_DATA* ex_data,
137 int idx,
138 long argl,
139 void* argp) {
140 KeyExData* data = reinterpret_cast<KeyExData*>(ptr);
141 delete data;
142 }
143
144 extern const RSA_METHOD win_rsa_method;
145 extern const ECDSA_METHOD win_ecdsa_method;
146
147 // BoringSSLEngine is a BoringSSL ENGINE that implements RSA and ECDSA
148 // by forwarding the requested operations to CAPI or CNG.
149 class BoringSSLEngine {
150 public:
151 BoringSSLEngine()
152 : rsa_index_(RSA_get_ex_new_index(0 /* argl */,
153 nullptr /* argp */,
154 nullptr /* new_func */,
155 ExDataDup,
156 ExDataFree)),
157 ec_key_index_(EC_KEY_get_ex_new_index(0 /* argl */,
158 nullptr /* argp */,
159 nullptr /* new_func */,
160 ExDataDup,
161 ExDataFree)),
162 engine_(ENGINE_new()) {
163 ENGINE_set_RSA_method(engine_, &win_rsa_method, sizeof(win_rsa_method));
164 ENGINE_set_ECDSA_method(engine_, &win_ecdsa_method,
165 sizeof(win_ecdsa_method));
166 }
167
168 int rsa_ex_index() const { return rsa_index_; }
169 int ec_key_ex_index() const { return ec_key_index_; }
170
171 const ENGINE* engine() const { return engine_; }
172
173 private:
174 const int rsa_index_;
175 const int ec_key_index_;
176 ENGINE* const engine_;
177 };
178
179 base::LazyInstance<BoringSSLEngine>::Leaky global_boringssl_engine =
180 LAZY_INSTANCE_INITIALIZER;
181
182 // Custom RSA_METHOD that uses the platform APIs for signing.
183
184 const KeyExData* RsaGetExData(const RSA* rsa) {
185 return reinterpret_cast<const KeyExData*>(
186 RSA_get_ex_data(rsa, global_boringssl_engine.Get().rsa_ex_index()));
187 }
188
189 size_t RsaMethodSize(const RSA* rsa) {
190 const KeyExData* ex_data = RsaGetExData(rsa);
191 return (ex_data->key_length + 7) / 8;
192 }
193
194 int RsaMethodSign(int hash_nid,
195 const uint8_t* in,
196 unsigned in_len,
197 uint8_t* out,
198 unsigned* out_len,
199 const RSA* rsa) {
200 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed.
201 tracked_objects::ScopedTracker tracking_profile(
202 FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 RsaMethodSign"));
203
204 // TODO(davidben): Switch BoringSSL's sign hook to using size_t rather than
205 // unsigned.
206 const KeyExData* ex_data = RsaGetExData(rsa);
207 if (!ex_data) {
208 NOTREACHED();
209 OPENSSL_PUT_ERROR(RSA, RSA_sign, ERR_R_INTERNAL_ERROR);
210 return 0;
211 }
212
213 if (ex_data->key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
214 BCRYPT_PKCS1_PADDING_INFO rsa_padding_info;
215 switch (hash_nid) {
216 case NID_md5_sha1:
217 rsa_padding_info.pszAlgId = nullptr;
218 break;
219 case NID_sha1:
220 rsa_padding_info.pszAlgId = BCRYPT_SHA1_ALGORITHM;
221 break;
222 case NID_sha256:
223 rsa_padding_info.pszAlgId = BCRYPT_SHA256_ALGORITHM;
224 break;
225 case NID_sha384:
226 rsa_padding_info.pszAlgId = BCRYPT_SHA384_ALGORITHM;
227 break;
228 case NID_sha512:
229 rsa_padding_info.pszAlgId = BCRYPT_SHA512_ALGORITHM;
230 break;
231 default:
232 OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_UNKNOWN_ALGORITHM_TYPE);
233 return 0;
234 }
235
236 DWORD signature_len;
237 SECURITY_STATUS ncrypt_status = g_cng_functions.Get().ncrypt_sign_hash()(
238 ex_data->key->hNCryptKey, &rsa_padding_info, const_cast<PBYTE>(in),
239 in_len, out, RSA_size(rsa), &signature_len, BCRYPT_PAD_PKCS1);
240 if (FAILED(ncrypt_status) || signature_len == 0) {
241 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
242 return 0;
243 }
244 *out_len = signature_len;
245 return 1;
246 }
247
248 ALG_ID hash_alg;
249 switch (hash_nid) {
250 case NID_md5_sha1:
251 hash_alg = CALG_SSL3_SHAMD5;
252 break;
253 case NID_sha1:
254 hash_alg = CALG_SHA1;
255 break;
256 case NID_sha256:
257 hash_alg = CALG_SHA_256;
258 break;
259 case NID_sha384:
260 hash_alg = CALG_SHA_384;
261 break;
262 case NID_sha512:
263 hash_alg = CALG_SHA_512;
264 break;
265 default:
266 OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_UNKNOWN_ALGORITHM_TYPE);
267 return 0;
268 }
269
270 HCRYPTHASH hash;
271 if (!CryptCreateHash(ex_data->key->hCryptProv, hash_alg, 0, 0, &hash)) {
272 PLOG(ERROR) << "CreateCreateHash failed";
273 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
274 return 0;
275 }
276 DWORD hash_len;
277 DWORD arg_len = sizeof(hash_len);
278 if (!CryptGetHashParam(hash, HP_HASHSIZE, reinterpret_cast<BYTE*>(&hash_len),
279 &arg_len, 0)) {
280 PLOG(ERROR) << "CryptGetHashParam HP_HASHSIZE failed";
281 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
282 return 0;
283 }
284 if (hash_len != in_len) {
285 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
286 return 0;
287 }
288 if (!CryptSetHashParam(hash, HP_HASHVAL, const_cast<BYTE*>(in), 0)) {
289 PLOG(ERROR) << "CryptSetHashParam HP_HASHVAL failed";
290 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
291 return 0;
292 }
293 DWORD signature_len = RSA_size(rsa);
294 if (!CryptSignHash(hash, ex_data->key->dwKeySpec, nullptr, 0, out,
295 &signature_len)) {
296 PLOG(ERROR) << "CryptSignHash failed";
297 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
298 return 0;
299 }
300
301 /* CryptoAPI signs in little-endian, so reverse it. */
302 std::reverse(out, out + signature_len);
303 *out_len = signature_len;
304 return 1;
305 }
306
307 int RsaMethodEncrypt(RSA* rsa,
308 size_t* out_len,
309 uint8_t* out,
310 size_t max_out,
311 const uint8_t* in,
312 size_t in_len,
313 int padding) {
314 NOTIMPLEMENTED();
315 OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);
316 return 0;
317 }
318
319 int RsaMethodSignRaw(RSA* rsa,
320 size_t* out_len,
321 uint8_t* out,
322 size_t max_out,
323 const uint8_t* in,
324 size_t in_len,
325 int padding) {
326 NOTIMPLEMENTED();
327 OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);
328 return 0;
329 }
330
331 int RsaMethodDecrypt(RSA* rsa,
332 size_t* out_len,
333 uint8_t* out,
334 size_t max_out,
335 const uint8_t* in,
336 size_t in_len,
337 int padding) {
338 NOTIMPLEMENTED();
339 OPENSSL_PUT_ERROR(RSA, decrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);
340 return 0;
341 }
342
343 int RsaMethodVerifyRaw(RSA* rsa,
344 size_t* out_len,
345 uint8_t* out,
346 size_t max_out,
347 const uint8_t* in,
348 size_t in_len,
349 int padding) {
350 NOTIMPLEMENTED();
351 OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_UNKNOWN_ALGORITHM_TYPE);
352 return 0;
353 }
354
355 int RsaMethodSupportsDigest(const RSA* rsa, const EVP_MD* md) {
356 const KeyExData* ex_data = RsaGetExData(rsa);
357 if (!ex_data) {
358 NOTREACHED();
359 return 0;
360 }
361
362 int hash_nid = EVP_MD_type(md);
363 if (ex_data->key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
364 // Only hashes which appear in RsaSignPKCS1 are supported.
365 if (hash_nid != NID_sha1 && hash_nid != NID_sha256 &&
366 hash_nid != NID_sha384 && hash_nid != NID_sha512) {
367 return 0;
368 }
369
370 // If the key is a 1024-bit RSA, assume conservatively that it may only be
371 // able to sign SHA-1 hashes. This is the case for older Estonian ID cards
372 // that have 1024-bit RSA keys.
373 //
374 // CNG does provide NCryptIsAlgSupported and NCryptEnumAlgorithms functions,
375 // however they seem to both return NTE_NOT_SUPPORTED when querying the
376 // NCRYPT_PROV_HANDLE at the key's NCRYPT_PROVIDER_HANDLE_PROPERTY.
377 if (ex_data->key_length <= 1024 && hash_nid != NID_sha1)
378 return 0;
379
380 return 1;
381 } else {
382 // If the key is in CAPI, assume conservatively that the CAPI service
383 // provider may only be able to sign SHA-1 hashes.
384 return hash_nid == NID_sha1;
385 }
386 }
387
388 const RSA_METHOD win_rsa_method = {
389 {
390 0, // references
391 1, // is_static
392 },
393 nullptr, // app_data
394
395 nullptr, // init
396 nullptr, // finish
397 RsaMethodSize,
398 RsaMethodSign,
399 nullptr, // verify
400 RsaMethodEncrypt,
401 RsaMethodSignRaw,
402 RsaMethodDecrypt,
403 RsaMethodVerifyRaw,
404 nullptr, // private_transform
405 nullptr, // mod_exp
406 nullptr, // bn_mod_exp
407 RSA_FLAG_OPAQUE,
408 nullptr, // keygen
409 RsaMethodSupportsDigest,
410 };
411
412 // Custom ECDSA_METHOD that uses the platform APIs.
413 // Note that for now, only signing through ECDSA_sign() is really supported.
414 // all other method pointers are either stubs returning errors, or no-ops.
415
416 const KeyExData* EcKeyGetExData(const EC_KEY* ec_key) {
417 return reinterpret_cast<const KeyExData*>(EC_KEY_get_ex_data(
418 ec_key, global_boringssl_engine.Get().ec_key_ex_index()));
419 }
420
421 size_t EcdsaMethodGroupOrderSize(const EC_KEY* ec_key) {
422 const KeyExData* ex_data = EcKeyGetExData(ec_key);
423 // Windows doesn't distinguish the sizes of the curve's degree (which
424 // determines the size of a point on the curve) and the base point's order
425 // (which determines the size of a scalar). For P-256, P-384, and P-521, these
426 // two sizes are the same.
427 //
428 // See
429 // http://msdn.microsoft.com/en-us/library/windows/desktop/aa375520(v=vs.85).aspx
430 // which uses the same length for both.
431 return (ex_data->key_length + 7) / 8;
432 }
433
434 int EcdsaMethodSign(const uint8_t* digest,
435 size_t digest_len,
436 uint8_t* out_sig,
437 unsigned int* out_sig_len,
438 EC_KEY* ec_key) {
439 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed.
440 tracked_objects::ScopedTracker tracking_profile(
441 FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 EcdsaMethodSign"));
442
443 const KeyExData* ex_data = EcKeyGetExData(ec_key);
444 // Only CNG supports ECDSA.
445 if (!ex_data || ex_data->key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) {
446 NOTREACHED();
447 OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_INTERNAL_ERROR);
448 return 0;
449 }
450
451 size_t degree = (ex_data->key_length + 7) / 8;
452 if (degree == 0) {
453 NOTREACHED();
454 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
455 return 0;
456 }
457 std::vector<uint8_t> raw_sig(degree * 2);
458
459 DWORD signature_len;
460 SECURITY_STATUS ncrypt_status = g_cng_functions.Get().ncrypt_sign_hash()(
461 ex_data->key->hNCryptKey, nullptr, const_cast<PBYTE>(digest), digest_len,
462 &raw_sig[0], raw_sig.size(), &signature_len, 0);
463 if (FAILED(ncrypt_status) || signature_len != raw_sig.size()) {
464 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
465 return 0;
466 }
467
468 // Convert the RAW ECDSA signature to a DER-encoded ECDSA-Sig-Value.
469 crypto::ScopedECDSA_SIG sig(ECDSA_SIG_new());
470 if (!sig) {
471 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
472 return 0;
473 }
474 sig->r = BN_bin2bn(&raw_sig[0], degree, nullptr);
475 sig->s = BN_bin2bn(&raw_sig[degree], degree, nullptr);
476 if (!sig->r || !sig->s) {
477 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
478 return 0;
479 }
480
481 // Ensure the DER-encoded signature fits in the bounds.
482 int len = i2d_ECDSA_SIG(sig.get(), nullptr);
483 if (len < 0 || static_cast<size_t>(len) > ECDSA_size(ec_key)) {
484 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
485 return 0;
486 }
487
488 len = i2d_ECDSA_SIG(sig.get(), &out_sig);
489 if (len < 0) {
490 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
491 return 0;
492 }
493 *out_sig_len = len;
494 return 1;
495 }
496
497 int EcdsaMethodVerify(const uint8_t* digest,
498 size_t digest_len,
499 const uint8_t* sig,
500 size_t sig_len,
501 EC_KEY* eckey) {
502 NOTIMPLEMENTED();
503 OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_NOT_IMPLEMENTED);
504 return 0;
505 }
506
507 const ECDSA_METHOD win_ecdsa_method = {
508 {
509 0, // references
510 1, // is_static
511 },
512 nullptr, // app_data
513
514 nullptr, // init
515 nullptr, // finish
516 EcdsaMethodGroupOrderSize,
517 EcdsaMethodSign,
518 EcdsaMethodVerify,
519 ECDSA_FLAG_OPAQUE,
520 };
521
522 // Determines the key type and length of |key|. The type is returned as an
523 // OpenSSL EVP_PKEY type. The key length for RSA key is the size of the RSA
524 // modulus in bits. For an ECDSA key, it is the number of bits to represent the
525 // group order. It returns true on success and false on failure.
526 bool GetKeyInfo(PCERT_KEY_CONTEXT key, int* out_type, DWORD* out_length) {
527 if (key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
528 DWORD prop_len;
529 SECURITY_STATUS status = g_cng_functions.Get().ncrypt_get_property()(
530 key->hNCryptKey, NCRYPT_ALGORITHM_GROUP_PROPERTY, nullptr, 0, &prop_len,
531 0);
532 if (FAILED(status) || prop_len == 0 || prop_len % 2 != 0) {
533 LOG(ERROR) << "Could not query CNG key type: " << status;
534 return false;
535 }
536
537 std::vector<BYTE> prop_buf(prop_len);
538 status = g_cng_functions.Get().ncrypt_get_property()(
539 key->hNCryptKey, NCRYPT_ALGORITHM_GROUP_PROPERTY, &prop_buf[0],
540 prop_buf.size(), &prop_len, 0);
541 if (FAILED(status) || prop_len == 0 || prop_len % 2 != 0) {
542 LOG(ERROR) << "Could not query CNG key type: " << status;
543 return false;
544 }
545
546 int type;
547 const wchar_t* alg = reinterpret_cast<const wchar_t*>(&prop_buf[0]);
548 if (wcsncmp(NCRYPT_RSA_ALGORITHM_GROUP, alg, prop_len / 2) == 0) {
549 type = EVP_PKEY_RSA;
550 } else if (wcsncmp(NCRYPT_ECDSA_ALGORITHM_GROUP, alg, prop_len / 2) == 0 ||
551 wcsncmp(NCRYPT_ECDH_ALGORITHM_GROUP, alg, prop_len / 2) == 0) {
552 // Importing an ECDSA key via PKCS #12 seems to label it as ECDH rather
553 // than ECDSA, so also allow ECDH.
554 type = EVP_PKEY_EC;
555 } else {
556 LOG(ERROR) << "Unknown CNG key type: "
557 << std::wstring(alg, wcsnlen(alg, prop_len / 2));
558 return false;
559 }
560
561 DWORD length;
562 prop_len;
563 status = g_cng_functions.Get().ncrypt_get_property()(
564 key->hNCryptKey, NCRYPT_LENGTH_PROPERTY,
565 reinterpret_cast<BYTE*>(&length), sizeof(DWORD), &prop_len, 0);
566 if (FAILED(status)) {
567 LOG(ERROR) << "Could not get CNG key length " << status;
568 return false;
569 }
570 DCHECK_EQ(sizeof(DWORD), prop_len);
571
572 *out_type = type;
573 *out_length = length;
574 return true;
575 }
576
577 crypto::ScopedHCRYPTKEY hcryptkey;
578 if (!CryptGetUserKey(key->hCryptProv, key->dwKeySpec, hcryptkey.receive())) {
579 PLOG(ERROR) << "Could not get CAPI key handle";
580 return false;
581 }
582
583 ALG_ID alg_id;
584 DWORD prop_len = sizeof(alg_id);
585 if (!CryptGetKeyParam(hcryptkey.get(), KP_ALGID,
586 reinterpret_cast<BYTE*>(&alg_id), &prop_len, 0)) {
587 PLOG(ERROR) << "Could not query CAPI key type";
588 return false;
589 }
590
591 if (alg_id != CALG_RSA_SIGN && alg_id != CALG_RSA_KEYX) {
592 LOG(ERROR) << "Unknown CAPI key type: " << alg_id;
593 return false;
594 }
595
596 DWORD length;
597 prop_len = sizeof(DWORD);
598 if (!CryptGetKeyParam(hcryptkey.get(), KP_KEYLEN,
599 reinterpret_cast<BYTE*>(&length), &prop_len, 0)) {
600 PLOG(ERROR) << "Could not get CAPI key length";
601 return false;
602 }
603 DCHECK_EQ(sizeof(DWORD), prop_len);
604
605 *out_type = EVP_PKEY_RSA;
606 *out_length = length;
607 return true;
608 }
609
610 crypto::ScopedEVP_PKEY CreateRSAWrapper(ScopedCERT_KEY_CONTEXT key,
611 DWORD key_length) {
612 crypto::ScopedRSA rsa(RSA_new_method(global_boringssl_engine.Get().engine()));
613 if (!rsa)
614 return nullptr;
615
616 RSA_set_ex_data(rsa.get(), global_boringssl_engine.Get().rsa_ex_index(),
617 new KeyExData(key.Pass(), key_length));
618
619 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
620 if (!pkey || !EVP_PKEY_set1_RSA(pkey.get(), rsa.get()))
621 return nullptr;
622 return pkey.Pass();
623 }
624
625 crypto::ScopedEVP_PKEY CreateECDSAWrapper(ScopedCERT_KEY_CONTEXT key,
626 DWORD key_length) {
627 crypto::ScopedEC_KEY ec_key(
628 EC_KEY_new_method(global_boringssl_engine.Get().engine()));
629 if (!ec_key)
630 return nullptr;
631
632 EC_KEY_set_ex_data(ec_key.get(),
633 global_boringssl_engine.Get().ec_key_ex_index(),
634 new KeyExData(key.Pass(), key_length));
635
636 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
637 if (!pkey || !EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get()))
638 return nullptr;
639
640 return pkey.Pass();
641 }
642
643 } // namespace
644
645 crypto::ScopedEVP_PKEY FetchClientCertPrivateKey(
646 const X509Certificate* certificate) {
647 PCCERT_CONTEXT cert_context = certificate->os_cert_handle();
648
649 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0;
650 DWORD key_spec = 0;
651 BOOL must_free = FALSE;
652 DWORD flags = 0;
653 if (base::win::GetVersion() >= base::win::VERSION_VISTA)
654 flags |= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;
655
656 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr,
657 &crypt_prov, &key_spec, &must_free)) {
658 PLOG(WARNING) << "Could not acquire private key";
659 return nullptr;
660 }
661
662 // Should never get a cached handle back - ownership must always be
663 // transferred.
664 CHECK_EQ(must_free, TRUE);
665 ScopedCERT_KEY_CONTEXT key(new CERT_KEY_CONTEXT);
666 key->dwKeySpec = key_spec;
667 key->hCryptProv = crypt_prov;
668
669 int key_type;
670 DWORD key_length;
671 if (!GetKeyInfo(key.get(), &key_type, &key_length))
672 return nullptr;
673
674 switch (key_type) {
675 case EVP_PKEY_RSA:
676 return CreateRSAWrapper(key.Pass(), key_length);
677 case EVP_PKEY_EC:
678 return CreateECDSAWrapper(key.Pass(), key_length);
679 default:
680 return nullptr;
681 }
682 }
683
684 } // namespace net