1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/cert_verify_proc_mac.h" 6 7 #include <CommonCrypto/CommonDigest.h> 8 #include <CoreServices/CoreServices.h> 9 #include <Security/Security.h> 10 11 #include <string> 12 #include <vector> 13 14 #include "base/logging.h" 15 #include "base/mac/mac_logging.h" 16 #include "base/mac/scoped_cftyperef.h" 17 #include "base/sha1.h" 18 #include "base/strings/string_piece.h" 19 #include "base/synchronization/lock.h" 20 #include "crypto/mac_security_services_lock.h" 21 #include "crypto/nss_util.h" 22 #include "crypto/sha2.h" 23 #include "net/base/net_errors.h" 24 #include "net/cert/asn1_util.h" 25 #include "net/cert/cert_status_flags.h" 26 #include "net/cert/cert_verifier.h" 27 #include "net/cert/cert_verify_result.h" 28 #include "net/cert/crl_set.h" 29 #include "net/cert/test_root_certs.h" 30 #include "net/cert/x509_certificate.h" 31 #include "net/cert/x509_certificate_known_roots_mac.h" 32 #include "net/cert/x509_util_mac.h" 33 34 // From 10.7.2 libsecurity_keychain-55035/lib/SecTrustPriv.h, for use with 35 // SecTrustCopyExtendedResult. 36 #ifndef kSecEVOrganizationName 37 #define kSecEVOrganizationName CFSTR("Organization") 38 #endif 39 40 using base::ScopedCFTypeRef; 41 42 namespace net { 43 44 namespace { 45 46 typedef OSStatus (*SecTrustCopyExtendedResultFuncPtr)(SecTrustRef, 47 CFDictionaryRef*); 48 49 int NetErrorFromOSStatus(OSStatus status) { 50 switch (status) { 51 case noErr: 52 return OK; 53 case errSecNotAvailable: 54 case errSecNoCertificateModule: 55 case errSecNoPolicyModule: 56 return ERR_NOT_IMPLEMENTED; 57 case errSecAuthFailed: 58 return ERR_ACCESS_DENIED; 59 default: { 60 OSSTATUS_LOG(ERROR, status) << "Unknown error mapped to ERR_FAILED"; 61 return ERR_FAILED; 62 } 63 } 64 } 65 66 CertStatus CertStatusFromOSStatus(OSStatus status) { 67 switch (status) { 68 case noErr: 69 return 0; 70 71 case CSSMERR_TP_INVALID_ANCHOR_CERT: 72 case CSSMERR_TP_NOT_TRUSTED: 73 case CSSMERR_TP_INVALID_CERT_AUTHORITY: 74 return CERT_STATUS_AUTHORITY_INVALID; 75 76 case CSSMERR_TP_CERT_EXPIRED: 77 case CSSMERR_TP_CERT_NOT_VALID_YET: 78 // "Expired" and "not yet valid" collapse into a single status. 79 return CERT_STATUS_DATE_INVALID; 80 81 case CSSMERR_TP_CERT_REVOKED: 82 case CSSMERR_TP_CERT_SUSPENDED: 83 return CERT_STATUS_REVOKED; 84 85 case CSSMERR_APPLETP_HOSTNAME_MISMATCH: 86 return CERT_STATUS_COMMON_NAME_INVALID; 87 88 case CSSMERR_APPLETP_CRL_NOT_FOUND: 89 case CSSMERR_APPLETP_OCSP_UNAVAILABLE: 90 case CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK: 91 return CERT_STATUS_NO_REVOCATION_MECHANISM; 92 93 case CSSMERR_APPLETP_CRL_EXPIRED: 94 case CSSMERR_APPLETP_CRL_NOT_VALID_YET: 95 case CSSMERR_APPLETP_CRL_SERVER_DOWN: 96 case CSSMERR_APPLETP_CRL_NOT_TRUSTED: 97 case CSSMERR_APPLETP_CRL_INVALID_ANCHOR_CERT: 98 case CSSMERR_APPLETP_CRL_POLICY_FAIL: 99 case CSSMERR_APPLETP_OCSP_BAD_RESPONSE: 100 case CSSMERR_APPLETP_OCSP_BAD_REQUEST: 101 case CSSMERR_APPLETP_OCSP_STATUS_UNRECOGNIZED: 102 case CSSMERR_APPLETP_NETWORK_FAILURE: 103 case CSSMERR_APPLETP_OCSP_NOT_TRUSTED: 104 case CSSMERR_APPLETP_OCSP_INVALID_ANCHOR_CERT: 105 case CSSMERR_APPLETP_OCSP_SIG_ERROR: 106 case CSSMERR_APPLETP_OCSP_NO_SIGNER: 107 case CSSMERR_APPLETP_OCSP_RESP_MALFORMED_REQ: 108 case CSSMERR_APPLETP_OCSP_RESP_INTERNAL_ERR: 109 case CSSMERR_APPLETP_OCSP_RESP_TRY_LATER: 110 case CSSMERR_APPLETP_OCSP_RESP_SIG_REQUIRED: 111 case CSSMERR_APPLETP_OCSP_RESP_UNAUTHORIZED: 112 case CSSMERR_APPLETP_OCSP_NONCE_MISMATCH: 113 // We asked for a revocation check, but didn't get it. 114 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; 115 116 case CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE: 117 // TODO(wtc): Should we add CERT_STATUS_WRONG_USAGE? 118 return CERT_STATUS_INVALID; 119 120 case CSSMERR_APPLETP_CRL_BAD_URI: 121 case CSSMERR_APPLETP_IDP_FAIL: 122 return CERT_STATUS_INVALID; 123 124 case CSSMERR_CSP_UNSUPPORTED_KEY_SIZE: 125 // Mapping UNSUPPORTED_KEY_SIZE to CERT_STATUS_WEAK_KEY is not strictly 126 // accurate, as the error may have been returned due to a key size 127 // that exceeded the maximum supported. However, within 128 // CertVerifyProcMac::VerifyInternal(), this code should only be 129 // encountered as a certificate status code, and only when the key size 130 // is smaller than the minimum required (1024 bits). 131 return CERT_STATUS_WEAK_KEY; 132 133 default: { 134 // Failure was due to something Chromium doesn't define a 135 // specific status for (such as basic constraints violation, or 136 // unknown critical extension) 137 OSSTATUS_LOG(WARNING, status) 138 << "Unknown error mapped to CERT_STATUS_INVALID"; 139 return CERT_STATUS_INVALID; 140 } 141 } 142 } 143 144 // Creates a series of SecPolicyRefs to be added to a SecTrustRef used to 145 // validate a certificate for an SSL server. |hostname| contains the name of 146 // the SSL server that the certificate should be verified against. |flags| is 147 // a bitwise-OR of VerifyFlags that can further alter how trust is validated, 148 // such as how revocation is checked. If successful, returns noErr, and 149 // stores the resultant array of SecPolicyRefs in |policies|. 150 OSStatus CreateTrustPolicies(const std::string& hostname, 151 int flags, 152 ScopedCFTypeRef<CFArrayRef>* policies) { 153 ScopedCFTypeRef<CFMutableArrayRef> local_policies( 154 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks)); 155 if (!local_policies) 156 return memFullErr; 157 158 SecPolicyRef ssl_policy; 159 OSStatus status = x509_util::CreateSSLServerPolicy(hostname, &ssl_policy); 160 if (status) 161 return status; 162 CFArrayAppendValue(local_policies, ssl_policy); 163 CFRelease(ssl_policy); 164 165 // Explicitly add revocation policies, in order to override system 166 // revocation checking policies and instead respect the application-level 167 // revocation preference. 168 status = x509_util::CreateRevocationPolicies( 169 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED), 170 (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY), 171 local_policies); 172 if (status) 173 return status; 174 175 policies->reset(local_policies.release()); 176 return noErr; 177 } 178 179 // Saves some information about the certificate chain |cert_chain| in 180 // |*verify_result|. The caller MUST initialize |*verify_result| before 181 // calling this function. 182 void GetCertChainInfo(CFArrayRef cert_chain, 183 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info, 184 CertVerifyResult* verify_result) { 185 SecCertificateRef verified_cert = NULL; 186 std::vector<SecCertificateRef> verified_chain; 187 for (CFIndex i = 0, count = CFArrayGetCount(cert_chain); i < count; ++i) { 188 SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>( 189 const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); 190 if (i == 0) { 191 verified_cert = chain_cert; 192 } else { 193 verified_chain.push_back(chain_cert); 194 } 195 196 if ((chain_info[i].StatusBits & CSSM_CERT_STATUS_IS_IN_ANCHORS) || 197 (chain_info[i].StatusBits & CSSM_CERT_STATUS_IS_ROOT)) { 198 // The current certificate is either in the user's trusted store or is 199 // a root (self-signed) certificate. Ignore the signature algorithm for 200 // these certificates, as it is meaningless for security. We allow 201 // self-signed certificates (i == 0 & IS_ROOT), since we accept that 202 // any security assertions by such a cert are inherently meaningless. 203 continue; 204 } 205 206 x509_util::CSSMCachedCertificate cached_cert; 207 OSStatus status = cached_cert.Init(chain_cert); 208 if (status) 209 continue; 210 x509_util::CSSMFieldValue signature_field; 211 status = cached_cert.GetField(&CSSMOID_X509V1SignatureAlgorithm, 212 &signature_field); 213 if (status || !signature_field.field()) 214 continue; 215 // Match the behaviour of OS X system tools and defensively check that 216 // sizes are appropriate. This would indicate a critical failure of the 217 // OS X certificate library, but based on history, it is best to play it 218 // safe. 219 const CSSM_X509_ALGORITHM_IDENTIFIER* sig_algorithm = 220 signature_field.GetAs<CSSM_X509_ALGORITHM_IDENTIFIER>(); 221 if (!sig_algorithm) 222 continue; 223 224 const CSSM_OID* alg_oid = &sig_algorithm->algorithm; 225 if (CSSMOIDEqual(alg_oid, &CSSMOID_MD2WithRSA)) { 226 verify_result->has_md2 = true; 227 } else if (CSSMOIDEqual(alg_oid, &CSSMOID_MD4WithRSA)) { 228 verify_result->has_md4 = true; 229 } else if (CSSMOIDEqual(alg_oid, &CSSMOID_MD5WithRSA)) { 230 verify_result->has_md5 = true; 231 } 232 } 233 if (!verified_cert) 234 return; 235 236 verify_result->verified_cert = 237 X509Certificate::CreateFromHandle(verified_cert, verified_chain); 238 } 239 240 void AppendPublicKeyHashes(CFArrayRef chain, 241 HashValueVector* hashes) { 242 const CFIndex n = CFArrayGetCount(chain); 243 for (CFIndex i = 0; i < n; i++) { 244 SecCertificateRef cert = reinterpret_cast<SecCertificateRef>( 245 const_cast<void*>(CFArrayGetValueAtIndex(chain, i))); 246 247 CSSM_DATA cert_data; 248 OSStatus err = SecCertificateGetData(cert, &cert_data); 249 DCHECK_EQ(err, noErr); 250 base::StringPiece der_bytes(reinterpret_cast<const char*>(cert_data.Data), 251 cert_data.Length); 252 base::StringPiece spki_bytes; 253 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) 254 continue; 255 256 HashValue sha1(HASH_VALUE_SHA1); 257 CC_SHA1(spki_bytes.data(), spki_bytes.size(), sha1.data()); 258 hashes->push_back(sha1); 259 260 HashValue sha256(HASH_VALUE_SHA256); 261 CC_SHA256(spki_bytes.data(), spki_bytes.size(), sha256.data()); 262 hashes->push_back(sha256); 263 } 264 } 265 266 bool CheckRevocationWithCRLSet(CFArrayRef chain, CRLSet* crl_set) { 267 if (CFArrayGetCount(chain) == 0) 268 return true; 269 270 // We iterate from the root certificate down to the leaf, keeping track of 271 // the issuer's SPKI at each step. 272 std::string issuer_spki_hash; 273 for (CFIndex i = CFArrayGetCount(chain) - 1; i >= 0; i--) { 274 SecCertificateRef cert = reinterpret_cast<SecCertificateRef>( 275 const_cast<void*>(CFArrayGetValueAtIndex(chain, i))); 276 277 CSSM_DATA cert_data; 278 OSStatus err = SecCertificateGetData(cert, &cert_data); 279 if (err != noErr) { 280 NOTREACHED(); 281 continue; 282 } 283 base::StringPiece der_bytes(reinterpret_cast<const char*>(cert_data.Data), 284 cert_data.Length); 285 base::StringPiece spki; 286 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki)) { 287 NOTREACHED(); 288 continue; 289 } 290 291 const std::string spki_hash = crypto::SHA256HashString(spki); 292 x509_util::CSSMCachedCertificate cached_cert; 293 if (cached_cert.Init(cert) != CSSM_OK) { 294 NOTREACHED(); 295 continue; 296 } 297 x509_util::CSSMFieldValue serial_number; 298 err = cached_cert.GetField(&CSSMOID_X509V1SerialNumber, &serial_number); 299 if (err || !serial_number.field()) { 300 NOTREACHED(); 301 continue; 302 } 303 304 base::StringPiece serial( 305 reinterpret_cast<const char*>(serial_number.field()->Data), 306 serial_number.field()->Length); 307 308 CRLSet::Result result = crl_set->CheckSPKI(spki_hash); 309 310 if (result != CRLSet::REVOKED && !issuer_spki_hash.empty()) 311 result = crl_set->CheckSerial(serial, issuer_spki_hash); 312 313 issuer_spki_hash = spki_hash; 314 315 switch (result) { 316 case CRLSet::REVOKED: 317 return false; 318 case CRLSet::UNKNOWN: 319 case CRLSet::GOOD: 320 continue; 321 default: 322 NOTREACHED(); 323 return false; 324 } 325 } 326 327 return true; 328 } 329 330 // IsIssuedByKnownRoot returns true if the given chain is rooted at a root CA 331 // that we recognise as a standard root. 332 // static 333 bool IsIssuedByKnownRoot(CFArrayRef chain) { 334 int n = CFArrayGetCount(chain); 335 if (n < 1) 336 return false; 337 SecCertificateRef root_ref = reinterpret_cast<SecCertificateRef>( 338 const_cast<void*>(CFArrayGetValueAtIndex(chain, n - 1))); 339 SHA1HashValue hash = X509Certificate::CalculateFingerprint(root_ref); 340 return IsSHA1HashInSortedArray( 341 hash, &kKnownRootCertSHA1Hashes[0][0], sizeof(kKnownRootCertSHA1Hashes)); 342 } 343 344 // Builds and evaluates a SecTrustRef for the certificate chain contained 345 // in |cert_array|, using the verification policies in |trust_policies|. On 346 // success, returns OK, and updates |trust_ref|, |trust_result|, 347 // |verified_chain|, and |chain_info| with the verification results. On 348 // failure, no output parameters are modified. 349 // 350 // Note: An OK return does not mean that |cert_array| is trusted, merely that 351 // verification was performed successfully. 352 // 353 // This function should only be called while the Mac Security Services lock is 354 // held. 355 int BuildAndEvaluateSecTrustRef(CFArrayRef cert_array, 356 CFArrayRef trust_policies, 357 int flags, 358 ScopedCFTypeRef<SecTrustRef>* trust_ref, 359 SecTrustResultType* trust_result, 360 ScopedCFTypeRef<CFArrayRef>* verified_chain, 361 CSSM_TP_APPLE_EVIDENCE_INFO** chain_info) { 362 SecTrustRef tmp_trust = NULL; 363 OSStatus status = SecTrustCreateWithCertificates(cert_array, trust_policies, 364 &tmp_trust); 365 if (status) 366 return NetErrorFromOSStatus(status); 367 ScopedCFTypeRef<SecTrustRef> scoped_tmp_trust(tmp_trust); 368 369 if (TestRootCerts::HasInstance()) { 370 status = TestRootCerts::GetInstance()->FixupSecTrustRef(tmp_trust); 371 if (status) 372 return NetErrorFromOSStatus(status); 373 } 374 375 CSSM_APPLE_TP_ACTION_DATA tp_action_data; 376 memset(&tp_action_data, 0, sizeof(tp_action_data)); 377 tp_action_data.Version = CSSM_APPLE_TP_ACTION_VERSION; 378 // Allow CSSM to download any missing intermediate certificates if an 379 // authorityInfoAccess extension or issuerAltName extension is present. 380 tp_action_data.ActionFlags = CSSM_TP_ACTION_FETCH_CERT_FROM_NET | 381 CSSM_TP_ACTION_TRUST_SETTINGS; 382 383 // Note: For EV certificates, the Apple TP will handle setting these flags 384 // as part of EV evaluation. 385 if (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED) { 386 // Require a positive result from an OCSP responder or a CRL (or both) 387 // for every certificate in the chain. The Apple TP automatically 388 // excludes the self-signed root from this requirement. If a certificate 389 // is missing both a crlDistributionPoints extension and an 390 // authorityInfoAccess extension with an OCSP responder URL, then we 391 // will get a kSecTrustResultRecoverableTrustFailure back from 392 // SecTrustEvaluate(), with a 393 // CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK error code. In that case, 394 // we'll set our own result to include 395 // CERT_STATUS_NO_REVOCATION_MECHANISM. If one or both extensions are 396 // present, and a check fails (server unavailable, OCSP retry later, 397 // signature mismatch), then we'll set our own result to include 398 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION. 399 tp_action_data.ActionFlags |= CSSM_TP_ACTION_REQUIRE_REV_PER_CERT; 400 401 // Note, even if revocation checking is disabled, SecTrustEvaluate() will 402 // modify the OCSP options so as to attempt OCSP checking if it believes a 403 // certificate may chain to an EV root. However, because network fetches 404 // are disabled in CreateTrustPolicies() when revocation checking is 405 // disabled, these will only go against the local cache. 406 } 407 408 CFDataRef action_data_ref = 409 CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, 410 reinterpret_cast<UInt8*>(&tp_action_data), 411 sizeof(tp_action_data), kCFAllocatorNull); 412 if (!action_data_ref) 413 return ERR_OUT_OF_MEMORY; 414 ScopedCFTypeRef<CFDataRef> scoped_action_data_ref(action_data_ref); 415 status = SecTrustSetParameters(tmp_trust, CSSM_TP_ACTION_DEFAULT, 416 action_data_ref); 417 if (status) 418 return NetErrorFromOSStatus(status); 419 420 // Verify the certificate. A non-zero result from SecTrustGetResult() 421 // indicates that some fatal error occurred and the chain couldn't be 422 // processed, not that the chain contains no errors. We need to examine the 423 // output of SecTrustGetResult() to determine that. 424 SecTrustResultType tmp_trust_result; 425 status = SecTrustEvaluate(tmp_trust, &tmp_trust_result); 426 if (status) 427 return NetErrorFromOSStatus(status); 428 CFArrayRef tmp_verified_chain = NULL; 429 CSSM_TP_APPLE_EVIDENCE_INFO* tmp_chain_info; 430 status = SecTrustGetResult(tmp_trust, &tmp_trust_result, &tmp_verified_chain, 431 &tmp_chain_info); 432 if (status) 433 return NetErrorFromOSStatus(status); 434 435 trust_ref->swap(scoped_tmp_trust); 436 *trust_result = tmp_trust_result; 437 verified_chain->reset(tmp_verified_chain); 438 *chain_info = tmp_chain_info; 439 440 return OK; 441 } 442 443 // OS X ships with both "GTE CyberTrust Global Root" and "Baltimore CyberTrust 444 // Root" as part of its trusted root store. However, a cross-certified version 445 // of the "Baltimore CyberTrust Root" exists that chains to "GTE CyberTrust 446 // Global Root". When OS X/Security.framework attempts to evaluate such a 447 // certificate chain, it disregards the "Baltimore CyberTrust Root" that exists 448 // within Keychain and instead attempts to terminate the chain in the "GTE 449 // CyberTrust Global Root". However, the GTE root is scheduled to be removed in 450 // a future OS X update (for sunsetting purposes), and once removed, such 451 // chains will fail validation, even though a trust anchor still exists. 452 // 453 // Rather than over-generalizing a solution that may mask a number of TLS 454 // misconfigurations, attempt to specifically match the affected 455 // cross-certified certificate and remove it from certificate chain processing. 456 bool IsBadBaltimoreGTECertificate(SecCertificateRef cert) { 457 // Matches the GTE-signed Baltimore CyberTrust Root 458 // https://cacert.omniroot.com/Baltimore-to-GTE-04-12.pem 459 static const SHA1HashValue kBadBaltimoreHashNew = 460 { { 0x4D, 0x34, 0xEA, 0x92, 0x76, 0x4B, 0x3A, 0x31, 0x49, 0x11, 461 0x99, 0x52, 0xF4, 0x19, 0x30, 0xCA, 0x11, 0x34, 0x83, 0x61 } }; 462 // Matches the legacy GTE-signed Baltimore CyberTrust Root 463 // https://cacert.omniroot.com/gte-2-2025.pem 464 static const SHA1HashValue kBadBaltimoreHashOld = 465 { { 0x54, 0xD8, 0xCB, 0x49, 0x1F, 0xA1, 0x6D, 0xF8, 0x87, 0xDC, 466 0x94, 0xA9, 0x34, 0xCC, 0x83, 0x6B, 0xDA, 0xA8, 0xA3, 0x69 } }; 467 468 SHA1HashValue fingerprint = X509Certificate::CalculateFingerprint(cert); 469 470 return fingerprint.Equals(kBadBaltimoreHashNew) || 471 fingerprint.Equals(kBadBaltimoreHashOld); 472 } 473 474 // Attempts to re-verify |cert_array| after adjusting the inputs to work around 475 // known issues in OS X. To be used if BuildAndEvaluateSecTrustRef fails to 476 // return a positive result for verification. 477 // 478 // This function should only be called while the Mac Security Services lock is 479 // held. 480 void RetrySecTrustEvaluateWithAdjustedChain( 481 CFArrayRef cert_array, 482 CFArrayRef trust_policies, 483 int flags, 484 ScopedCFTypeRef<SecTrustRef>* trust_ref, 485 SecTrustResultType* trust_result, 486 ScopedCFTypeRef<CFArrayRef>* verified_chain, 487 CSSM_TP_APPLE_EVIDENCE_INFO** chain_info) { 488 CFIndex count = CFArrayGetCount(*verified_chain); 489 CFIndex slice_point = 0; 490 491 for (CFIndex i = 1; i < count; ++i) { 492 SecCertificateRef cert = reinterpret_cast<SecCertificateRef>( 493 const_cast<void*>(CFArrayGetValueAtIndex(*verified_chain, i))); 494 if (cert == NULL) 495 return; // Strange times; can't fix things up. 496 497 if (IsBadBaltimoreGTECertificate(cert)) { 498 slice_point = i; 499 break; 500 } 501 } 502 if (slice_point == 0) 503 return; // Nothing to do. 504 505 ScopedCFTypeRef<CFMutableArrayRef> adjusted_cert_array( 506 CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks)); 507 // Note: This excludes the certificate at |slice_point|. 508 CFArrayAppendArray(adjusted_cert_array, cert_array, 509 CFRangeMake(0, slice_point)); 510 511 // Ignore the result; failure will preserve the old verification results. 512 BuildAndEvaluateSecTrustRef( 513 adjusted_cert_array, trust_policies, flags, trust_ref, trust_result, 514 verified_chain, chain_info); 515 } 516 517 } // namespace 518 519 CertVerifyProcMac::CertVerifyProcMac() {} 520 521 CertVerifyProcMac::~CertVerifyProcMac() {} 522 523 bool CertVerifyProcMac::SupportsAdditionalTrustAnchors() const { 524 return false; 525 } 526 527 int CertVerifyProcMac::VerifyInternal( 528 X509Certificate* cert, 529 const std::string& hostname, 530 int flags, 531 CRLSet* crl_set, 532 const CertificateList& additional_trust_anchors, 533 CertVerifyResult* verify_result) { 534 ScopedCFTypeRef<CFArrayRef> trust_policies; 535 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies); 536 if (status) 537 return NetErrorFromOSStatus(status); 538 539 // Create and configure a SecTrustRef, which takes our certificate(s) 540 // and our SSL SecPolicyRef. SecTrustCreateWithCertificates() takes an 541 // array of certificates, the first of which is the certificate we're 542 // verifying, and the subsequent (optional) certificates are used for 543 // chain building. 544 ScopedCFTypeRef<CFArrayRef> cert_array(cert->CreateOSCertChainForCert()); 545 546 // Serialize all calls that may use the Keychain, to work around various 547 // issues in OS X 10.6+ with multi-threaded access to Security.framework. 548 base::AutoLock lock(crypto::GetMacSecurityServicesLock()); 549 550 ScopedCFTypeRef<SecTrustRef> trust_ref; 551 SecTrustResultType trust_result = kSecTrustResultDeny; 552 ScopedCFTypeRef<CFArrayRef> completed_chain; 553 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info = NULL; 554 555 int rv = BuildAndEvaluateSecTrustRef( 556 cert_array, trust_policies, flags, &trust_ref, &trust_result, 557 &completed_chain, &chain_info); 558 if (rv != OK) 559 return rv; 560 if (trust_result != kSecTrustResultUnspecified && 561 trust_result != kSecTrustResultProceed) { 562 RetrySecTrustEvaluateWithAdjustedChain( 563 cert_array, trust_policies, flags, &trust_ref, &trust_result, 564 &completed_chain, &chain_info); 565 } 566 567 if (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED) 568 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; 569 570 if (crl_set && !CheckRevocationWithCRLSet(completed_chain, crl_set)) 571 verify_result->cert_status |= CERT_STATUS_REVOKED; 572 573 GetCertChainInfo(completed_chain, chain_info, verify_result); 574 575 // As of Security Update 2012-002/OS X 10.7.4, when an RSA key < 1024 bits 576 // is encountered, CSSM returns CSSMERR_TP_VERIFY_ACTION_FAILED and adds 577 // CSSMERR_CSP_UNSUPPORTED_KEY_SIZE as a certificate status. Avoid mapping 578 // the CSSMERR_TP_VERIFY_ACTION_FAILED to CERT_STATUS_INVALID if the only 579 // error was due to an unsupported key size. 580 bool policy_failed = false; 581 bool weak_key = false; 582 583 // Evaluate the results 584 OSStatus cssm_result; 585 switch (trust_result) { 586 case kSecTrustResultUnspecified: 587 case kSecTrustResultProceed: 588 // Certificate chain is valid and trusted ("unspecified" indicates that 589 // the user has not explicitly set a trust setting) 590 break; 591 592 // According to SecTrust.h, kSecTrustResultConfirm isn't returned on 10.5+, 593 // and it is marked deprecated in the 10.9 SDK. 594 case kSecTrustResultDeny: 595 // Certificate chain is explicitly untrusted. 596 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; 597 break; 598 599 case kSecTrustResultRecoverableTrustFailure: 600 // Certificate chain has a failure that can be overridden by the user. 601 status = SecTrustGetCssmResultCode(trust_ref, &cssm_result); 602 if (status) 603 return NetErrorFromOSStatus(status); 604 if (cssm_result == CSSMERR_TP_VERIFY_ACTION_FAILED) { 605 policy_failed = true; 606 } else { 607 verify_result->cert_status |= CertStatusFromOSStatus(cssm_result); 608 } 609 // Walk the chain of error codes in the CSSM_TP_APPLE_EVIDENCE_INFO 610 // structure which can catch multiple errors from each certificate. 611 for (CFIndex index = 0, chain_count = CFArrayGetCount(completed_chain); 612 index < chain_count; ++index) { 613 if (chain_info[index].StatusBits & CSSM_CERT_STATUS_EXPIRED || 614 chain_info[index].StatusBits & CSSM_CERT_STATUS_NOT_VALID_YET) 615 verify_result->cert_status |= CERT_STATUS_DATE_INVALID; 616 if (!IsCertStatusError(verify_result->cert_status) && 617 chain_info[index].NumStatusCodes == 0) { 618 LOG(WARNING) << "chain_info[" << index << "].NumStatusCodes is 0" 619 ", chain_info[" << index << "].StatusBits is " 620 << chain_info[index].StatusBits; 621 } 622 for (uint32 status_code_index = 0; 623 status_code_index < chain_info[index].NumStatusCodes; 624 ++status_code_index) { 625 CertStatus mapped_status = CertStatusFromOSStatus( 626 chain_info[index].StatusCodes[status_code_index]); 627 if (mapped_status == CERT_STATUS_WEAK_KEY) 628 weak_key = true; 629 verify_result->cert_status |= mapped_status; 630 } 631 } 632 if (policy_failed && !weak_key) { 633 // If CSSMERR_TP_VERIFY_ACTION_FAILED wasn't returned due to a weak 634 // key, map it back to an appropriate error code. 635 verify_result->cert_status |= CertStatusFromOSStatus(cssm_result); 636 } 637 if (!IsCertStatusError(verify_result->cert_status)) { 638 LOG(ERROR) << "cssm_result=" << cssm_result; 639 verify_result->cert_status |= CERT_STATUS_INVALID; 640 NOTREACHED(); 641 } 642 break; 643 644 default: 645 status = SecTrustGetCssmResultCode(trust_ref, &cssm_result); 646 if (status) 647 return NetErrorFromOSStatus(status); 648 verify_result->cert_status |= CertStatusFromOSStatus(cssm_result); 649 if (!IsCertStatusError(verify_result->cert_status)) { 650 LOG(WARNING) << "trust_result=" << trust_result; 651 verify_result->cert_status |= CERT_STATUS_INVALID; 652 } 653 break; 654 } 655 656 // Perform hostname verification independent of SecTrustEvaluate. In order to 657 // do so, mask off any reported name errors first. 658 verify_result->cert_status &= ~CERT_STATUS_COMMON_NAME_INVALID; 659 if (!cert->VerifyNameMatch(hostname)) 660 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; 661 662 // TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be 663 // compatible with Windows, which in turn implements this behavior to be 664 // compatible with WinHTTP, which doesn't report this error (bug 3004). 665 verify_result->cert_status &= ~CERT_STATUS_NO_REVOCATION_MECHANISM; 666 667 AppendPublicKeyHashes(completed_chain, &verify_result->public_key_hashes); 668 verify_result->is_issued_by_known_root = IsIssuedByKnownRoot(completed_chain); 669 670 if (IsCertStatusError(verify_result->cert_status)) 671 return MapCertStatusToNetError(verify_result->cert_status); 672 673 if (flags & CertVerifier::VERIFY_EV_CERT) { 674 // Determine the certificate's EV status using SecTrustCopyExtendedResult(), 675 // which is an internal/private API function added in OS X 10.5.7. 676 // Note: "ExtendedResult" means extended validation results. 677 CFBundleRef bundle = 678 CFBundleGetBundleWithIdentifier(CFSTR("com.apple.security")); 679 if (bundle) { 680 SecTrustCopyExtendedResultFuncPtr copy_extended_result = 681 reinterpret_cast<SecTrustCopyExtendedResultFuncPtr>( 682 CFBundleGetFunctionPointerForName(bundle, 683 CFSTR("SecTrustCopyExtendedResult"))); 684 if (copy_extended_result) { 685 CFDictionaryRef ev_dict_temp = NULL; 686 status = copy_extended_result(trust_ref, &ev_dict_temp); 687 ScopedCFTypeRef<CFDictionaryRef> ev_dict(ev_dict_temp); 688 ev_dict_temp = NULL; 689 if (status == noErr && ev_dict) { 690 // In 10.7.3, SecTrustCopyExtendedResult returns noErr and populates 691 // ev_dict even for non-EV certificates, but only EV certificates 692 // will cause ev_dict to contain kSecEVOrganizationName. In previous 693 // releases, SecTrustCopyExtendedResult would only return noErr and 694 // populate ev_dict for EV certificates, but would always include 695 // kSecEVOrganizationName in that case, so checking for this key is 696 // appropriate for all known versions of SecTrustCopyExtendedResult. 697 // The actual organization name is unneeded here and can be accessed 698 // through other means. All that matters here is the OS' conception 699 // of whether or not the certificate is EV. 700 if (CFDictionaryContainsKey(ev_dict, 701 kSecEVOrganizationName)) { 702 verify_result->cert_status |= CERT_STATUS_IS_EV; 703 if (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY) 704 verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; 705 } 706 } 707 } 708 } 709 } 710 711 return OK; 712 } 713 714 } // namespace net 715
