[Android WebView] Fix webview perf bot switchover to use org.chromium.webview_shell...
[chromium-blink-merge.git] / net / ssl / openssl_platform_key_win.cc
blobb6a9c0c5b3ca7d5c7980cd8e4344ab58c72d7bd9
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/ssl/openssl_platform_key.h"
7 #include <windows.h>
8 #include <NCrypt.h>
10 #include <string.h>
12 #include <algorithm>
13 #include <vector>
15 #include <openssl/bn.h>
16 #include <openssl/digest.h>
17 #include <openssl/ec_key.h>
18 #include <openssl/err.h>
19 #include <openssl/engine.h>
20 #include <openssl/evp.h>
21 #include <openssl/md5.h>
22 #include <openssl/obj_mac.h>
23 #include <openssl/rsa.h>
24 #include <openssl/sha.h>
25 #include <openssl/x509.h>
27 #include "base/debug/debugger.h"
28 #include "base/debug/stack_trace.h"
29 #include "base/lazy_instance.h"
30 #include "base/logging.h"
31 #include "base/memory/scoped_ptr.h"
32 #include "base/win/windows_version.h"
33 #include "crypto/openssl_util.h"
34 #include "crypto/scoped_capi_types.h"
35 #include "crypto/wincrypt_shim.h"
36 #include "net/base/net_errors.h"
37 #include "net/cert/x509_certificate.h"
38 #include "net/ssl/openssl_ssl_util.h"
39 #include "net/ssl/scoped_openssl_types.h"
41 namespace net {
43 namespace {
45 using NCryptFreeObjectFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_HANDLE);
46 using NCryptSignHashFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_KEY_HANDLE, // hKey
47 VOID*, // pPaddingInfo
48 BYTE*, // pbHashValue
49 DWORD, // cbHashValue
50 BYTE*, // pbSignature
51 DWORD, // cbSignature
52 DWORD*, // pcbResult
53 DWORD); // dwFlags
55 class CNGFunctions {
56 public:
57 CNGFunctions()
58 : ncrypt_free_object_(nullptr),
59 ncrypt_sign_hash_(nullptr) {
60 HMODULE ncrypt = GetModuleHandle(L"ncrypt.dll");
61 if (ncrypt != nullptr) {
62 ncrypt_free_object_ = reinterpret_cast<NCryptFreeObjectFunc>(
63 GetProcAddress(ncrypt, "NCryptFreeObject"));
64 ncrypt_sign_hash_ = reinterpret_cast<NCryptSignHashFunc>(
65 GetProcAddress(ncrypt, "NCryptSignHash"));
69 NCryptFreeObjectFunc ncrypt_free_object() const {
70 return ncrypt_free_object_;
73 NCryptSignHashFunc ncrypt_sign_hash() const { return ncrypt_sign_hash_; }
75 private:
76 NCryptFreeObjectFunc ncrypt_free_object_;
77 NCryptSignHashFunc ncrypt_sign_hash_;
80 base::LazyInstance<CNGFunctions>::Leaky g_cng_functions =
81 LAZY_INSTANCE_INITIALIZER;
83 struct CERT_KEY_CONTEXTDeleter {
84 void operator()(PCERT_KEY_CONTEXT key) {
85 if (key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
86 g_cng_functions.Get().ncrypt_free_object()(key->hNCryptKey);
87 } else {
88 CryptReleaseContext(key->hCryptProv, 0);
90 delete key;
94 using ScopedCERT_KEY_CONTEXT =
95 scoped_ptr<CERT_KEY_CONTEXT, CERT_KEY_CONTEXTDeleter>;
97 // KeyExData contains the data that is contained in the EX_DATA of the
98 // RSA and ECDSA objects that are created to wrap Windows system keys.
99 struct KeyExData {
100 KeyExData(ScopedCERT_KEY_CONTEXT key, size_t key_length)
101 : key(key.Pass()), key_length(key_length) {}
103 ScopedCERT_KEY_CONTEXT key;
104 size_t key_length;
107 // ExDataDup is called when one of the RSA or EC_KEY objects is
108 // duplicated. This is not supported and should never happen.
109 int ExDataDup(CRYPTO_EX_DATA* to,
110 const CRYPTO_EX_DATA* from,
111 void** from_d,
112 int idx,
113 long argl,
114 void* argp) {
115 CHECK_EQ((void*)nullptr, *from_d);
116 return 0;
119 // ExDataFree is called when one of the RSA or EC_KEY objects is freed.
120 void ExDataFree(void* parent,
121 void* ptr,
122 CRYPTO_EX_DATA* ex_data,
123 int idx,
124 long argl,
125 void* argp) {
126 KeyExData* data = reinterpret_cast<KeyExData*>(ptr);
127 delete data;
130 extern const RSA_METHOD win_rsa_method;
131 extern const ECDSA_METHOD win_ecdsa_method;
133 // BoringSSLEngine is a BoringSSL ENGINE that implements RSA and ECDSA
134 // by forwarding the requested operations to CAPI or CNG.
135 class BoringSSLEngine {
136 public:
137 BoringSSLEngine()
138 : rsa_index_(RSA_get_ex_new_index(0 /* argl */,
139 nullptr /* argp */,
140 nullptr /* new_func */,
141 ExDataDup,
142 ExDataFree)),
143 ec_key_index_(EC_KEY_get_ex_new_index(0 /* argl */,
144 nullptr /* argp */,
145 nullptr /* new_func */,
146 ExDataDup,
147 ExDataFree)),
148 engine_(ENGINE_new()) {
149 ENGINE_set_RSA_method(engine_, &win_rsa_method, sizeof(win_rsa_method));
150 ENGINE_set_ECDSA_method(engine_, &win_ecdsa_method,
151 sizeof(win_ecdsa_method));
154 int rsa_ex_index() const { return rsa_index_; }
155 int ec_key_ex_index() const { return ec_key_index_; }
157 const ENGINE* engine() const { return engine_; }
159 private:
160 const int rsa_index_;
161 const int ec_key_index_;
162 ENGINE* const engine_;
165 base::LazyInstance<BoringSSLEngine>::Leaky global_boringssl_engine =
166 LAZY_INSTANCE_INITIALIZER;
168 // Signs |in| with |key|, writing the output to |out| and the size to |out_len|.
169 // Although the buffer is preallocated, this calls NCryptSignHash twice. Some
170 // smartcards are buggy and assume the two-call pattern. See
171 // https://crbug.com/470204. Returns true on success and false on error.
172 bool DoNCryptSignHash(NCRYPT_KEY_HANDLE key,
173 void* padding,
174 const BYTE* in,
175 DWORD in_len,
176 BYTE* out,
177 DWORD max_out,
178 DWORD* out_len,
179 DWORD flags) {
180 // Determine the output length.
181 DWORD signature_len;
182 SECURITY_STATUS ncrypt_status = g_cng_functions.Get().ncrypt_sign_hash()(
183 key, padding, const_cast<BYTE*>(in), in_len, nullptr, 0, &signature_len,
184 flags);
185 if (FAILED(ncrypt_status)) {
186 LOG(ERROR) << "NCryptSignHash failed: " << ncrypt_status;
187 return false;
189 // Check |max_out| externally rather than trust the smartcard.
190 if (signature_len == 0 || signature_len > max_out) {
191 LOG(ERROR) << "Bad signature length.";
192 return false;
194 // It is important that |signature_len| already be initialized with the
195 // correct size. Some smartcards are buggy and do not write to it on the
196 // second call.
197 ncrypt_status = g_cng_functions.Get().ncrypt_sign_hash()(
198 key, padding, const_cast<BYTE*>(in), in_len, out, signature_len,
199 &signature_len, flags);
200 if (FAILED(ncrypt_status)) {
201 LOG(ERROR) << "NCryptSignHash failed: " << ncrypt_status;
202 return false;
204 if (signature_len == 0) {
205 LOG(ERROR) << "Bad signature length.";
206 return false;
208 *out_len = signature_len;
209 return true;
212 // Custom RSA_METHOD that uses the platform APIs for signing.
214 const KeyExData* RsaGetExData(const RSA* rsa) {
215 return reinterpret_cast<const KeyExData*>(
216 RSA_get_ex_data(rsa, global_boringssl_engine.Get().rsa_ex_index()));
219 size_t RsaMethodSize(const RSA* rsa) {
220 const KeyExData* ex_data = RsaGetExData(rsa);
221 return (ex_data->key_length + 7) / 8;
224 int RsaMethodSign(int hash_nid,
225 const uint8_t* in,
226 unsigned in_len,
227 uint8_t* out,
228 unsigned* out_len,
229 const RSA* rsa) {
230 // TODO(davidben): Switch BoringSSL's sign hook to using size_t rather than
231 // unsigned.
232 const KeyExData* ex_data = RsaGetExData(rsa);
233 if (!ex_data) {
234 NOTREACHED();
235 OPENSSL_PUT_ERROR(RSA, RSA_sign, ERR_R_INTERNAL_ERROR);
236 return 0;
239 if (ex_data->key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
240 BCRYPT_PKCS1_PADDING_INFO rsa_padding_info;
241 switch (hash_nid) {
242 case NID_md5_sha1:
243 rsa_padding_info.pszAlgId = nullptr;
244 break;
245 case NID_sha1:
246 rsa_padding_info.pszAlgId = BCRYPT_SHA1_ALGORITHM;
247 break;
248 case NID_sha256:
249 rsa_padding_info.pszAlgId = BCRYPT_SHA256_ALGORITHM;
250 break;
251 case NID_sha384:
252 rsa_padding_info.pszAlgId = BCRYPT_SHA384_ALGORITHM;
253 break;
254 case NID_sha512:
255 rsa_padding_info.pszAlgId = BCRYPT_SHA512_ALGORITHM;
256 break;
257 default:
258 OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_UNKNOWN_ALGORITHM_TYPE);
259 return 0;
262 DWORD signature_len;
263 if (!DoNCryptSignHash(ex_data->key->hNCryptKey, &rsa_padding_info, in,
264 in_len, out, RSA_size(rsa), &signature_len,
265 BCRYPT_PAD_PKCS1)) {
266 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
267 return 0;
269 *out_len = signature_len;
270 return 1;
273 ALG_ID hash_alg;
274 switch (hash_nid) {
275 case NID_md5_sha1:
276 hash_alg = CALG_SSL3_SHAMD5;
277 break;
278 case NID_sha1:
279 hash_alg = CALG_SHA1;
280 break;
281 case NID_sha256:
282 hash_alg = CALG_SHA_256;
283 break;
284 case NID_sha384:
285 hash_alg = CALG_SHA_384;
286 break;
287 case NID_sha512:
288 hash_alg = CALG_SHA_512;
289 break;
290 default:
291 OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_UNKNOWN_ALGORITHM_TYPE);
292 return 0;
295 crypto::ScopedHCRYPTHASH hash;
296 if (!CryptCreateHash(ex_data->key->hCryptProv, hash_alg, 0, 0,
297 hash.receive())) {
298 PLOG(ERROR) << "CreateCreateHash failed";
299 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
300 return 0;
302 DWORD hash_len;
303 DWORD arg_len = sizeof(hash_len);
304 if (!CryptGetHashParam(hash.get(), HP_HASHSIZE,
305 reinterpret_cast<BYTE*>(&hash_len), &arg_len, 0)) {
306 PLOG(ERROR) << "CryptGetHashParam HP_HASHSIZE failed";
307 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
308 return 0;
310 if (hash_len != in_len) {
311 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
312 return 0;
314 if (!CryptSetHashParam(hash.get(), HP_HASHVAL, const_cast<BYTE*>(in), 0)) {
315 PLOG(ERROR) << "CryptSetHashParam HP_HASHVAL failed";
316 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
317 return 0;
319 DWORD signature_len = RSA_size(rsa);
320 if (!CryptSignHash(hash.get(), ex_data->key->dwKeySpec, nullptr, 0, out,
321 &signature_len)) {
322 PLOG(ERROR) << "CryptSignHash failed";
323 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
324 return 0;
327 /* CryptoAPI signs in little-endian, so reverse it. */
328 std::reverse(out, out + signature_len);
329 *out_len = signature_len;
330 return 1;
333 int RsaMethodEncrypt(RSA* rsa,
334 size_t* out_len,
335 uint8_t* out,
336 size_t max_out,
337 const uint8_t* in,
338 size_t in_len,
339 int padding) {
340 NOTIMPLEMENTED();
341 OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);
342 return 0;
345 int RsaMethodSignRaw(RSA* rsa,
346 size_t* out_len,
347 uint8_t* out,
348 size_t max_out,
349 const uint8_t* in,
350 size_t in_len,
351 int padding) {
352 NOTIMPLEMENTED();
353 OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);
354 return 0;
357 int RsaMethodDecrypt(RSA* rsa,
358 size_t* out_len,
359 uint8_t* out,
360 size_t max_out,
361 const uint8_t* in,
362 size_t in_len,
363 int padding) {
364 NOTIMPLEMENTED();
365 OPENSSL_PUT_ERROR(RSA, decrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);
366 return 0;
369 int RsaMethodVerifyRaw(RSA* rsa,
370 size_t* out_len,
371 uint8_t* out,
372 size_t max_out,
373 const uint8_t* in,
374 size_t in_len,
375 int padding) {
376 NOTIMPLEMENTED();
377 OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_UNKNOWN_ALGORITHM_TYPE);
378 return 0;
381 int RsaMethodSupportsDigest(const RSA* rsa, const EVP_MD* md) {
382 const KeyExData* ex_data = RsaGetExData(rsa);
383 if (!ex_data) {
384 NOTREACHED();
385 return 0;
388 int hash_nid = EVP_MD_type(md);
389 if (ex_data->key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
390 // Only hashes which appear in RsaSignPKCS1 are supported.
391 if (hash_nid != NID_sha1 && hash_nid != NID_sha256 &&
392 hash_nid != NID_sha384 && hash_nid != NID_sha512) {
393 return 0;
396 // If the key is a 1024-bit RSA, assume conservatively that it may only be
397 // able to sign SHA-1 hashes. This is the case for older Estonian ID cards
398 // that have 1024-bit RSA keys.
400 // CNG does provide NCryptIsAlgSupported and NCryptEnumAlgorithms functions,
401 // however they seem to both return NTE_NOT_SUPPORTED when querying the
402 // NCRYPT_PROV_HANDLE at the key's NCRYPT_PROVIDER_HANDLE_PROPERTY.
403 if (ex_data->key_length <= 1024 && hash_nid != NID_sha1)
404 return 0;
406 return 1;
407 } else {
408 // If the key is in CAPI, assume conservatively that the CAPI service
409 // provider may only be able to sign SHA-1 hashes.
410 return hash_nid == NID_sha1;
414 const RSA_METHOD win_rsa_method = {
416 0, // references
417 1, // is_static
419 nullptr, // app_data
421 nullptr, // init
422 nullptr, // finish
423 RsaMethodSize,
424 RsaMethodSign,
425 nullptr, // verify
426 RsaMethodEncrypt,
427 RsaMethodSignRaw,
428 RsaMethodDecrypt,
429 RsaMethodVerifyRaw,
430 nullptr, // private_transform
431 nullptr, // mod_exp
432 nullptr, // bn_mod_exp
433 RSA_FLAG_OPAQUE,
434 nullptr, // keygen
435 nullptr, // multi_prime_keygen
436 RsaMethodSupportsDigest,
439 // Custom ECDSA_METHOD that uses the platform APIs.
440 // Note that for now, only signing through ECDSA_sign() is really supported.
441 // all other method pointers are either stubs returning errors, or no-ops.
443 const KeyExData* EcKeyGetExData(const EC_KEY* ec_key) {
444 return reinterpret_cast<const KeyExData*>(EC_KEY_get_ex_data(
445 ec_key, global_boringssl_engine.Get().ec_key_ex_index()));
448 size_t EcdsaMethodGroupOrderSize(const EC_KEY* ec_key) {
449 const KeyExData* ex_data = EcKeyGetExData(ec_key);
450 // key_length is the size of the group order for EC keys.
451 return (ex_data->key_length + 7) / 8;
454 int EcdsaMethodSign(const uint8_t* digest,
455 size_t digest_len,
456 uint8_t* out_sig,
457 unsigned int* out_sig_len,
458 EC_KEY* ec_key) {
459 const KeyExData* ex_data = EcKeyGetExData(ec_key);
460 // Only CNG supports ECDSA.
461 if (!ex_data || ex_data->key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) {
462 NOTREACHED();
463 OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_INTERNAL_ERROR);
464 return 0;
467 // An ECDSA signature is two integers, modulo the order of the group.
468 size_t order_len = (ex_data->key_length + 7) / 8;
469 if (order_len == 0) {
470 NOTREACHED();
471 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
472 return 0;
474 std::vector<uint8_t> raw_sig(order_len * 2);
476 DWORD signature_len;
477 if (!DoNCryptSignHash(ex_data->key->hNCryptKey, nullptr, digest, digest_len,
478 &raw_sig[0], raw_sig.size(), &signature_len, 0)) {
479 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
480 return 0;
482 if (signature_len != raw_sig.size()) {
483 LOG(ERROR) << "Bad signature length";
484 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
485 return 0;
488 // Convert the RAW ECDSA signature to a DER-encoded ECDSA-Sig-Value.
489 crypto::ScopedECDSA_SIG sig(ECDSA_SIG_new());
490 if (!sig) {
491 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
492 return 0;
494 sig->r = BN_bin2bn(&raw_sig[0], order_len, nullptr);
495 sig->s = BN_bin2bn(&raw_sig[order_len], order_len, nullptr);
496 if (!sig->r || !sig->s) {
497 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
498 return 0;
501 // Ensure the DER-encoded signature fits in the bounds.
502 int len = i2d_ECDSA_SIG(sig.get(), nullptr);
503 if (len < 0 || static_cast<size_t>(len) > ECDSA_size(ec_key)) {
504 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
505 return 0;
508 len = i2d_ECDSA_SIG(sig.get(), &out_sig);
509 if (len < 0) {
510 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
511 return 0;
513 *out_sig_len = len;
514 return 1;
517 int EcdsaMethodVerify(const uint8_t* digest,
518 size_t digest_len,
519 const uint8_t* sig,
520 size_t sig_len,
521 EC_KEY* eckey) {
522 NOTIMPLEMENTED();
523 OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_NOT_IMPLEMENTED);
524 return 0;
527 const ECDSA_METHOD win_ecdsa_method = {
529 0, // references
530 1, // is_static
532 nullptr, // app_data
534 nullptr, // init
535 nullptr, // finish
536 EcdsaMethodGroupOrderSize,
537 EcdsaMethodSign,
538 EcdsaMethodVerify,
539 ECDSA_FLAG_OPAQUE,
542 // Determines the key type and length of |certificate|'s public key. The type is
543 // returned as an OpenSSL EVP_PKEY type. The key length for RSA key is the size
544 // of the RSA modulus in bits. For an ECDSA key, it is the number of bits to
545 // represent the group order. It returns true on success and false on failure.
546 bool GetKeyInfo(const X509Certificate* certificate,
547 int* out_type,
548 size_t* out_length) {
549 crypto::OpenSSLErrStackTracer tracker(FROM_HERE);
551 std::string der_encoded;
552 if (!X509Certificate::GetDEREncoded(certificate->os_cert_handle(),
553 &der_encoded))
554 return false;
555 const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());
556 ScopedX509 x509(d2i_X509(NULL, &bytes, der_encoded.size()));
557 if (!x509)
558 return false;
559 crypto::ScopedEVP_PKEY key(X509_get_pubkey(x509.get()));
560 if (!key)
561 return false;
562 *out_type = EVP_PKEY_id(key.get());
563 *out_length = EVP_PKEY_bits(key.get());
564 return true;
567 crypto::ScopedEVP_PKEY CreateRSAWrapper(ScopedCERT_KEY_CONTEXT key,
568 size_t key_length) {
569 crypto::ScopedRSA rsa(RSA_new_method(global_boringssl_engine.Get().engine()));
570 if (!rsa)
571 return nullptr;
573 RSA_set_ex_data(rsa.get(), global_boringssl_engine.Get().rsa_ex_index(),
574 new KeyExData(key.Pass(), key_length));
576 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
577 if (!pkey || !EVP_PKEY_set1_RSA(pkey.get(), rsa.get()))
578 return nullptr;
579 return pkey.Pass();
582 crypto::ScopedEVP_PKEY CreateECDSAWrapper(ScopedCERT_KEY_CONTEXT key,
583 size_t key_length) {
584 crypto::ScopedEC_KEY ec_key(
585 EC_KEY_new_method(global_boringssl_engine.Get().engine()));
586 if (!ec_key)
587 return nullptr;
589 EC_KEY_set_ex_data(ec_key.get(),
590 global_boringssl_engine.Get().ec_key_ex_index(),
591 new KeyExData(key.Pass(), key_length));
593 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
594 if (!pkey || !EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get()))
595 return nullptr;
597 return pkey.Pass();
600 } // namespace
602 crypto::ScopedEVP_PKEY FetchClientCertPrivateKey(
603 const X509Certificate* certificate) {
604 PCCERT_CONTEXT cert_context = certificate->os_cert_handle();
606 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0;
607 DWORD key_spec = 0;
608 BOOL must_free = FALSE;
609 DWORD flags = 0;
610 if (base::win::GetVersion() >= base::win::VERSION_VISTA)
611 flags |= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;
613 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr,
614 &crypt_prov, &key_spec, &must_free)) {
615 PLOG(WARNING) << "Could not acquire private key";
616 return nullptr;
619 // Should never get a cached handle back - ownership must always be
620 // transferred.
621 CHECK_EQ(must_free, TRUE);
622 ScopedCERT_KEY_CONTEXT key(new CERT_KEY_CONTEXT);
623 key->dwKeySpec = key_spec;
624 key->hCryptProv = crypt_prov;
626 // Rather than query the private key for metadata, extract the public key from
627 // the certificate without using Windows APIs. CAPI and CNG do not
628 // consistently work depending on the system. See https://crbug.com/468345.
629 int key_type;
630 size_t key_length;
631 if (!GetKeyInfo(certificate, &key_type, &key_length))
632 return nullptr;
634 switch (key_type) {
635 case EVP_PKEY_RSA:
636 return CreateRSAWrapper(key.Pass(), key_length);
637 case EVP_PKEY_EC:
638 return CreateECDSAWrapper(key.Pass(), key_length);
639 default:
640 return nullptr;
644 } // namespace net