/src/mozilla-central/services/crypto/component/IdentityCryptoService.cpp

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsIIdentityCryptoService.h"
#include "mozilla/ModuleUtils.h"
#include "nsServiceManagerUtils.h"
#include "nsIThread.h"
#include "nsThreadUtils.h"
#include "nsCOMPtr.h"
#include "nsProxyRelease.h"
#include "nsString.h"
#include "mozilla/ArrayUtils.h" // ArrayLength
#include "mozilla/Base64.h"
#include "ScopedNSSTypes.h"
#include "NSSErrorsService.h"

#include "nss.h"
#include "pk11pub.h"
#include "secmod.h"
#include "secerr.h"
#include "keyhi.h"
#include "cryptohi.h"

#include <limits.h>

using namespace mozilla;

namespace {

void
HexEncode(const SECItem * it, nsACString & result)
{
  static const char digits[] = "0123456789ABCDEF";
  result.SetLength(it->len * 2);
  char * p = result.BeginWriting();
  for (unsigned int i = 0; i < it->len; ++i) {
    *p++ = digits[it->data[i] >> 4];
    *p++ = digits[it->data[i] & 0x0f];
  }
}

#define DSA_KEY_TYPE_STRING (NS_LITERAL_CSTRING("DS160"))
#define RSA_KEY_TYPE_STRING (NS_LITERAL_CSTRING("RS256"))

class KeyPair : public nsIIdentityKeyPair
{
public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSIIDENTITYKEYPAIR

  KeyPair(SECKEYPrivateKey* aPrivateKey, SECKEYPublicKey* aPublicKey,
          nsIEventTarget* aOperationThread);

private:
  virtual ~KeyPair()
  {
    if (mPrivateKey) {
      SECKEY_DestroyPrivateKey(mPrivateKey);
    }
    if (mPublicKey) {
      SECKEY_DestroyPublicKey(mPublicKey);
    }
  }

  SECKEYPrivateKey * mPrivateKey;
  SECKEYPublicKey * mPublicKey;
  nsCOMPtr<nsIEventTarget> mThread;

  KeyPair(const KeyPair &) = delete;
  void operator=(const KeyPair &) = delete;
};

NS_IMPL_ISUPPORTS(KeyPair, nsIIdentityKeyPair)

class KeyGenRunnable : public Runnable
{
public:
  NS_DECL_NSIRUNNABLE

  KeyGenRunnable(KeyType keyType, nsIIdentityKeyGenCallback * aCallback,
                 nsIEventTarget* aOperationThread);

private:
  const KeyType mKeyType; // in
  nsMainThreadPtrHandle<nsIIdentityKeyGenCallback> mCallback; // in
  nsresult mRv; // out
  nsCOMPtr<nsIIdentityKeyPair> mKeyPair; // out
  nsCOMPtr<nsIEventTarget> mThread;

  KeyGenRunnable(const KeyGenRunnable &) = delete;
  void operator=(const KeyGenRunnable &) = delete;
};

class SignRunnable : public Runnable
{
public:
  NS_DECL_NSIRUNNABLE

  SignRunnable(const nsACString & textToSign, SECKEYPrivateKey * privateKey,
               nsIIdentitySignCallback * aCallback);

private:
  ~SignRunnable() override
  {
    if (mPrivateKey) {
      SECKEY_DestroyPrivateKey(mPrivateKey);
    }
  }

  const nsCString mTextToSign; // in
  SECKEYPrivateKey* mPrivateKey; // in
  nsMainThreadPtrHandle<nsIIdentitySignCallback> mCallback; // in
  nsresult mRv; // out
  nsCString mSignature; // out

private:
  SignRunnable(const SignRunnable &) = delete;
  void operator=(const SignRunnable &) = delete;
};

class IdentityCryptoService final : public nsIIdentityCryptoService
{
public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSIIDENTITYCRYPTOSERVICE

  IdentityCryptoService() = default;
  nsresult Init()
  {
    nsresult rv;
    nsCOMPtr<nsISupports> dummyUsedToEnsureNSSIsInitialized
      = do_GetService("@mozilla.org/psm;1", &rv);
    NS_ENSURE_SUCCESS(rv, rv);

    nsCOMPtr<nsIThread> thread;
    rv = NS_NewNamedThread("IdentityCrypto", getter_AddRefs(thread));
    NS_ENSURE_SUCCESS(rv, rv);

    mThread = thread.forget();

    return NS_OK;
  }

private:
  ~IdentityCryptoService() = default;
  IdentityCryptoService(const KeyPair &) = delete;
  void operator=(const IdentityCryptoService &) = delete;

  nsCOMPtr<nsIEventTarget> mThread;
};

NS_IMPL_ISUPPORTS(IdentityCryptoService, nsIIdentityCryptoService)

NS_IMETHODIMP
IdentityCryptoService::GenerateKeyPair(
  const nsACString & keyTypeString, nsIIdentityKeyGenCallback * callback)
{
  KeyType keyType;
  if (keyTypeString.Equals(RSA_KEY_TYPE_STRING)) {
    keyType = rsaKey;
  } else if (keyTypeString.Equals(DSA_KEY_TYPE_STRING)) {
    keyType = dsaKey;
  } else {
    return NS_ERROR_UNEXPECTED;
  }

  nsCOMPtr<nsIRunnable> r = new KeyGenRunnable(keyType, callback, mThread);
  nsresult rv = mThread->Dispatch(r.forget(), NS_DISPATCH_NORMAL);
  NS_ENSURE_SUCCESS(rv, rv);

  return NS_OK;
}

NS_IMETHODIMP
IdentityCryptoService::Base64UrlEncode(const nsACString & utf8Input,
                                       nsACString & result)
{
  return Base64URLEncode(utf8Input.Length(),
    reinterpret_cast<const uint8_t*>(utf8Input.BeginReading()),
    Base64URLEncodePaddingPolicy::Include, result);
}

KeyPair::KeyPair(SECKEYPrivateKey * privateKey, SECKEYPublicKey * publicKey,
                 nsIEventTarget* operationThread)
  : mPrivateKey(privateKey)
  , mPublicKey(publicKey)
  , mThread(operationThread)
{
  MOZ_ASSERT(!NS_IsMainThread());
}

NS_IMETHODIMP
KeyPair::GetHexRSAPublicKeyExponent(nsACString & result)
{
  MOZ_ASSERT(NS_IsMainThread());
  NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
  NS_ENSURE_TRUE(mPublicKey->keyType == rsaKey, NS_ERROR_NOT_AVAILABLE);
  HexEncode(&mPublicKey->u.rsa.publicExponent, result);
  return NS_OK;
}

NS_IMETHODIMP
KeyPair::GetHexRSAPublicKeyModulus(nsACString & result)
{
  MOZ_ASSERT(NS_IsMainThread());
  NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
  NS_ENSURE_TRUE(mPublicKey->keyType == rsaKey, NS_ERROR_NOT_AVAILABLE);
  HexEncode(&mPublicKey->u.rsa.modulus, result);
  return NS_OK;
}

NS_IMETHODIMP
KeyPair::GetHexDSAPrime(nsACString & result)
{
  MOZ_ASSERT(NS_IsMainThread());
  NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
  NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
  HexEncode(&mPublicKey->u.dsa.params.prime, result);
  return NS_OK;
}

NS_IMETHODIMP
KeyPair::GetHexDSASubPrime(nsACString & result)
{
  MOZ_ASSERT(NS_IsMainThread());
  NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
  NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
  HexEncode(&mPublicKey->u.dsa.params.subPrime, result);
  return NS_OK;
}

NS_IMETHODIMP
KeyPair::GetHexDSAGenerator(nsACString & result)
{
  MOZ_ASSERT(NS_IsMainThread());
  NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
  NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
  HexEncode(&mPublicKey->u.dsa.params.base, result);
  return NS_OK;
}

NS_IMETHODIMP
KeyPair::GetHexDSAPublicValue(nsACString & result)
{
  MOZ_ASSERT(NS_IsMainThread());
  NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
  NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
  HexEncode(&mPublicKey->u.dsa.publicValue, result);
  return NS_OK;
}

NS_IMETHODIMP
KeyPair::GetKeyType(nsACString & result)
{
  MOZ_ASSERT(NS_IsMainThread());
  NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);

  switch (mPublicKey->keyType) {
    case rsaKey: result = RSA_KEY_TYPE_STRING; return NS_OK;
    case dsaKey: result = DSA_KEY_TYPE_STRING; return NS_OK;
    default: return NS_ERROR_UNEXPECTED;
  }
}

NS_IMETHODIMP
KeyPair::Sign(const nsACString & textToSign,
              nsIIdentitySignCallback* callback)
{
  MOZ_ASSERT(NS_IsMainThread());
  nsCOMPtr<nsIRunnable> r = new SignRunnable(textToSign, mPrivateKey,
                                             callback);

  return mThread->Dispatch(r, NS_DISPATCH_NORMAL);
}

KeyGenRunnable::KeyGenRunnable(KeyType keyType,
                               nsIIdentityKeyGenCallback* callback,
                               nsIEventTarget* operationThread)
  : mozilla::Runnable("KeyGenRunnable")
  , mKeyType(keyType)
  , mCallback(new nsMainThreadPtrHolder<nsIIdentityKeyGenCallback>(
      "KeyGenRunnable::mCallback", callback))
  , mRv(NS_ERROR_NOT_INITIALIZED)
  , mThread(operationThread)
{
}

MOZ_MUST_USE nsresult
GenerateKeyPair(PK11SlotInfo * slot,
                SECKEYPrivateKey ** privateKey,
                SECKEYPublicKey ** publicKey,
                CK_MECHANISM_TYPE mechanism,
                void * params)
{
  *publicKey = nullptr;
  *privateKey = PK11_GenerateKeyPair(slot, mechanism, params, publicKey,
                                     PR_FALSE /*isPerm*/,
                                     PR_TRUE /*isSensitive*/,
                                     nullptr /*&pwdata*/);
  if (!*privateKey) {
    MOZ_ASSERT(!*publicKey);
    return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
  }
  if (!*publicKey) {
    SECKEY_DestroyPrivateKey(*privateKey);
    *privateKey = nullptr;
    MOZ_CRASH("PK11_GnerateKeyPair returned private key without public key");
  }

  return NS_OK;
}


MOZ_MUST_USE nsresult
GenerateRSAKeyPair(PK11SlotInfo * slot,
                   SECKEYPrivateKey ** privateKey,
                   SECKEYPublicKey ** publicKey)
{
  MOZ_ASSERT(!NS_IsMainThread());

  PK11RSAGenParams rsaParams;
  rsaParams.keySizeInBits = 2048;
  rsaParams.pe = 0x10001;
  return GenerateKeyPair(slot, privateKey, publicKey, CKM_RSA_PKCS_KEY_PAIR_GEN,
                         &rsaParams);
}

MOZ_MUST_USE nsresult
GenerateDSAKeyPair(PK11SlotInfo * slot,
                   SECKEYPrivateKey ** privateKey,
                   SECKEYPublicKey ** publicKey)
{
  MOZ_ASSERT(!NS_IsMainThread());

  // XXX: These could probably be static const arrays, but this way we avoid
  // compiler warnings and also we avoid having to worry much about whether the
  // functions that take these inputs will (unexpectedly) modify them.

  // Using NIST parameters. Some other BrowserID components require that these
  // exact parameters are used.
  uint8_t P[] = {
    0xFF,0x60,0x04,0x83,0xDB,0x6A,0xBF,0xC5,0xB4,0x5E,0xAB,0x78,
    0x59,0x4B,0x35,0x33,0xD5,0x50,0xD9,0xF1,0xBF,0x2A,0x99,0x2A,
    0x7A,0x8D,0xAA,0x6D,0xC3,0x4F,0x80,0x45,0xAD,0x4E,0x6E,0x0C,
    0x42,0x9D,0x33,0x4E,0xEE,0xAA,0xEF,0xD7,0xE2,0x3D,0x48,0x10,
    0xBE,0x00,0xE4,0xCC,0x14,0x92,0xCB,0xA3,0x25,0xBA,0x81,0xFF,
    0x2D,0x5A,0x5B,0x30,0x5A,0x8D,0x17,0xEB,0x3B,0xF4,0xA0,0x6A,
    0x34,0x9D,0x39,0x2E,0x00,0xD3,0x29,0x74,0x4A,0x51,0x79,0x38,
    0x03,0x44,0xE8,0x2A,0x18,0xC4,0x79,0x33,0x43,0x8F,0x89,0x1E,
    0x22,0xAE,0xEF,0x81,0x2D,0x69,0xC8,0xF7,0x5E,0x32,0x6C,0xB7,
    0x0E,0xA0,0x00,0xC3,0xF7,0x76,0xDF,0xDB,0xD6,0x04,0x63,0x8C,
    0x2E,0xF7,0x17,0xFC,0x26,0xD0,0x2E,0x17
  };

  uint8_t Q[] = {
    0xE2,0x1E,0x04,0xF9,0x11,0xD1,0xED,0x79,0x91,0x00,0x8E,0xCA,
    0xAB,0x3B,0xF7,0x75,0x98,0x43,0x09,0xC3
  };

  uint8_t G[] = {
    0xC5,0x2A,0x4A,0x0F,0xF3,0xB7,0xE6,0x1F,0xDF,0x18,0x67,0xCE,
    0x84,0x13,0x83,0x69,0xA6,0x15,0x4F,0x4A,0xFA,0x92,0x96,0x6E,
    0x3C,0x82,0x7E,0x25,0xCF,0xA6,0xCF,0x50,0x8B,0x90,0xE5,0xDE,
    0x41,0x9E,0x13,0x37,0xE0,0x7A,0x2E,0x9E,0x2A,0x3C,0xD5,0xDE,
    0xA7,0x04,0xD1,0x75,0xF8,0xEB,0xF6,0xAF,0x39,0x7D,0x69,0xE1,
    0x10,0xB9,0x6A,0xFB,0x17,0xC7,0xA0,0x32,0x59,0x32,0x9E,0x48,
    0x29,0xB0,0xD0,0x3B,0xBC,0x78,0x96,0xB1,0x5B,0x4A,0xDE,0x53,
    0xE1,0x30,0x85,0x8C,0xC3,0x4D,0x96,0x26,0x9A,0xA8,0x90,0x41,
    0xF4,0x09,0x13,0x6C,0x72,0x42,0xA3,0x88,0x95,0xC9,0xD5,0xBC,
    0xCA,0xD4,0xF3,0x89,0xAF,0x1D,0x7A,0x4B,0xD1,0x39,0x8B,0xD0,
    0x72,0xDF,0xFA,0x89,0x62,0x33,0x39,0x7A
  };

  static_assert(MOZ_ARRAY_LENGTH(P) == 1024 / CHAR_BIT, "bad DSA P");
  static_assert(MOZ_ARRAY_LENGTH(Q) ==  160 / CHAR_BIT, "bad DSA Q");
  static_assert(MOZ_ARRAY_LENGTH(G) == 1024 / CHAR_BIT, "bad DSA G");

  PQGParams pqgParams  = {
    nullptr /*arena*/,
    { siBuffer, P, static_cast<unsigned int>(mozilla::ArrayLength(P)) },
    { siBuffer, Q, static_cast<unsigned int>(mozilla::ArrayLength(Q)) },
    { siBuffer, G, static_cast<unsigned int>(mozilla::ArrayLength(G)) }
  };

  return GenerateKeyPair(slot, privateKey, publicKey, CKM_DSA_KEY_PAIR_GEN,
                         &pqgParams);
}

NS_IMETHODIMP
KeyGenRunnable::Run()
{
  if (!NS_IsMainThread()) {
    // We always want to use the internal slot for BrowserID; in particular,
    // we want to avoid smartcard slots.
    PK11SlotInfo *slot = PK11_GetInternalSlot();
    if (!slot) {
      mRv = NS_ERROR_UNEXPECTED;
    } else {
      SECKEYPrivateKey *privk = nullptr;
      SECKEYPublicKey *pubk = nullptr;

      switch (mKeyType) {
      case rsaKey:
        mRv = GenerateRSAKeyPair(slot, &privk, &pubk);
        break;
      case dsaKey:
        mRv = GenerateDSAKeyPair(slot, &privk, &pubk);
        break;
      default:
        MOZ_CRASH("unknown key type");
      }

      PK11_FreeSlot(slot);

      if (NS_SUCCEEDED(mRv)) {
        MOZ_ASSERT(privk);
        MOZ_ASSERT(pubk);
    // mKeyPair will take over ownership of privk and pubk
        mKeyPair = new KeyPair(privk, pubk, mThread);
      }
    }

    NS_DispatchToMainThread(this);
  } else {
    // Back on Main Thread
    (void) mCallback->GenerateKeyPairFinished(mRv, mKeyPair);
  }
  return NS_OK;
}

SignRunnable::SignRunnable(const nsACString& aText,
                           SECKEYPrivateKey* privateKey,
                           nsIIdentitySignCallback* aCallback)
  : mozilla::Runnable("SignRunnable")
  , mTextToSign(aText)
  , mPrivateKey(SECKEY_CopyPrivateKey(privateKey))
  , mCallback(new nsMainThreadPtrHolder<nsIIdentitySignCallback>(
      "SignRunnable::mCallback", aCallback))
  , mRv(NS_ERROR_NOT_INITIALIZED)
{
}

NS_IMETHODIMP
SignRunnable::Run()
{
  if (!NS_IsMainThread()) {
    // We need the output in PKCS#11 format, not DER encoding, so we must use
    // PK11_HashBuf and PK11_Sign instead of SEC_SignData.

    SECItem sig = { siBuffer, nullptr, 0 };
    int sigLength = PK11_SignatureLen(mPrivateKey);
    if (sigLength <= 0) {
      mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
    } else if (!SECITEM_AllocItem(nullptr, &sig, sigLength)) {
      mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
    } else {
      uint8_t hash[32]; // big enough for SHA-1 or SHA-256
      SECOidTag hashAlg = mPrivateKey->keyType == dsaKey ? SEC_OID_SHA1
                                                         : SEC_OID_SHA256;
      SECItem hashItem = { siBuffer, hash,
                           hashAlg == SEC_OID_SHA1 ? 20u : 32u };

      mRv = MapSECStatus(PK11_HashBuf(hashAlg, hash,
                  const_cast<uint8_t*>(reinterpret_cast<const uint8_t *>(
                                          mTextToSign.get())),
                                    mTextToSign.Length()));
      if (NS_SUCCEEDED(mRv)) {
        mRv = MapSECStatus(PK11_Sign(mPrivateKey, &sig, &hashItem));
      }
      if (NS_SUCCEEDED(mRv)) {
        mRv = Base64URLEncode(sig.len, sig.data,
                              Base64URLEncodePaddingPolicy::Include,
                              mSignature);
      }
      SECITEM_FreeItem(&sig, false);
    }

    NS_DispatchToMainThread(this);
  } else {
    // Back on Main Thread
    (void) mCallback->SignFinished(mRv, mSignature);
  }

  return NS_OK;
}

// XPCOM module registration

NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(IdentityCryptoService, Init)

#define NS_IDENTITYCRYPTOSERVICE_CID \
  {0xbea13a3a, 0x44e8, 0x4d7f, {0xa0, 0xa2, 0x2c, 0x67, 0xf8, 0x4e, 0x3a, 0x97}}

NS_DEFINE_NAMED_CID(NS_IDENTITYCRYPTOSERVICE_CID);

const mozilla::Module::CIDEntry kCIDs[] = {
  { &kNS_IDENTITYCRYPTOSERVICE_CID, false, nullptr, IdentityCryptoServiceConstructor },
  { nullptr }
};

const mozilla::Module::ContractIDEntry kContracts[] = {
  { "@mozilla.org/identity/crypto-service;1", &kNS_IDENTITYCRYPTOSERVICE_CID },
  { nullptr }
};

const mozilla::Module kModule = {
  mozilla::Module::kVersion,
  kCIDs,
  kContracts
};

} // unnamed namespace

NSMODULE_DEFN(identity) = &kModule;

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=2 et sw=2 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this file,
5		* You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#include "nsIIdentityCryptoService.h"
8		#include "mozilla/ModuleUtils.h"
9		#include "nsServiceManagerUtils.h"
10		#include "nsIThread.h"
11		#include "nsThreadUtils.h"
12		#include "nsCOMPtr.h"
13		#include "nsProxyRelease.h"
14		#include "nsString.h"
15		#include "mozilla/ArrayUtils.h" // ArrayLength
16		#include "mozilla/Base64.h"
17		#include "ScopedNSSTypes.h"
18		#include "NSSErrorsService.h"
19
20		#include "nss.h"
21		#include "pk11pub.h"
22		#include "secmod.h"
23		#include "secerr.h"
24		#include "keyhi.h"
25		#include "cryptohi.h"
26
27		#include <limits.h>
28
29		using namespace mozilla;
30
31		namespace {
32
33		void
34		HexEncode(const SECItem * it, nsACString & result)
35	0	{
36	0	static const char digits[] = "0123456789ABCDEF";
37	0	result.SetLength(it->len * 2);
38	0	char * p = result.BeginWriting();
39	0	for (unsigned int i = 0; i < it->len; ++i) {
40	0	*p++ = digits[it->data[i] >> 4];
41	0	*p++ = digits[it->data[i] & 0x0f];
42	0	}
43	0	}
44
45	0	#define DSA_KEY_TYPE_STRING (NS_LITERAL_CSTRING("DS160"))
46	0	#define RSA_KEY_TYPE_STRING (NS_LITERAL_CSTRING("RS256"))
47
48		class KeyPair : public nsIIdentityKeyPair
49		{
50		public:
51		NS_DECL_THREADSAFE_ISUPPORTS
52		NS_DECL_NSIIDENTITYKEYPAIR
53
54		KeyPair(SECKEYPrivateKey* aPrivateKey, SECKEYPublicKey* aPublicKey,
55		nsIEventTarget* aOperationThread);
56
57		private:
58		virtual ~KeyPair()
59	0	{
60	0	if (mPrivateKey) {
61	0	SECKEY_DestroyPrivateKey(mPrivateKey);
62	0	}
63	0	if (mPublicKey) {
64	0	SECKEY_DestroyPublicKey(mPublicKey);
65	0	}
66	0	}
67
68		SECKEYPrivateKey * mPrivateKey;
69		SECKEYPublicKey * mPublicKey;
70		nsCOMPtr<nsIEventTarget> mThread;
71
72		KeyPair(const KeyPair &) = delete;
73		void operator=(const KeyPair &) = delete;
74		};
75
76		NS_IMPL_ISUPPORTS(KeyPair, nsIIdentityKeyPair)
77
78		class KeyGenRunnable : public Runnable
79		{
80		public:
81		NS_DECL_NSIRUNNABLE
82
83		KeyGenRunnable(KeyType keyType, nsIIdentityKeyGenCallback * aCallback,
84		nsIEventTarget* aOperationThread);
85
86		private:
87		const KeyType mKeyType; // in
88		nsMainThreadPtrHandle<nsIIdentityKeyGenCallback> mCallback; // in
89		nsresult mRv; // out
90		nsCOMPtr<nsIIdentityKeyPair> mKeyPair; // out
91		nsCOMPtr<nsIEventTarget> mThread;
92
93		KeyGenRunnable(const KeyGenRunnable &) = delete;
94		void operator=(const KeyGenRunnable &) = delete;
95		};
96
97		class SignRunnable : public Runnable
98		{
99		public:
100		NS_DECL_NSIRUNNABLE
101
102		SignRunnable(const nsACString & textToSign, SECKEYPrivateKey * privateKey,
103		nsIIdentitySignCallback * aCallback);
104
105		private:
106		~SignRunnable() override
107	0	{
108	0	if (mPrivateKey) {
109	0	SECKEY_DestroyPrivateKey(mPrivateKey);
110	0	}
111	0	}
112
113		const nsCString mTextToSign; // in
114		SECKEYPrivateKey* mPrivateKey; // in
115		nsMainThreadPtrHandle<nsIIdentitySignCallback> mCallback; // in
116		nsresult mRv; // out
117		nsCString mSignature; // out
118
119		private:
120		SignRunnable(const SignRunnable &) = delete;
121		void operator=(const SignRunnable &) = delete;
122		};
123
124		class IdentityCryptoService final : public nsIIdentityCryptoService
125		{
126		public:
127		NS_DECL_THREADSAFE_ISUPPORTS
128		NS_DECL_NSIIDENTITYCRYPTOSERVICE
129
130	0	IdentityCryptoService() = default;
131		nsresult Init()
132	0	{
133	0	nsresult rv;
134	0	nsCOMPtr<nsISupports> dummyUsedToEnsureNSSIsInitialized
135	0	= do_GetService("@mozilla.org/psm;1", &rv);
136	0	NS_ENSURE_SUCCESS(rv, rv);
137	0
138	0	nsCOMPtr<nsIThread> thread;
139	0	rv = NS_NewNamedThread("IdentityCrypto", getter_AddRefs(thread));
140	0	NS_ENSURE_SUCCESS(rv, rv);
141	0
142	0	mThread = thread.forget();
143	0
144	0	return NS_OK;
145	0	}
146
147		private:
148	0	~IdentityCryptoService() = default;
149		IdentityCryptoService(const KeyPair &) = delete;
150		void operator=(const IdentityCryptoService &) = delete;
151
152		nsCOMPtr<nsIEventTarget> mThread;
153		};
154
155		NS_IMPL_ISUPPORTS(IdentityCryptoService, nsIIdentityCryptoService)
156
157		NS_IMETHODIMP
158		IdentityCryptoService::GenerateKeyPair(
159		const nsACString & keyTypeString, nsIIdentityKeyGenCallback * callback)
160	0	{
161	0	KeyType keyType;
162	0	if (keyTypeString.Equals(RSA_KEY_TYPE_STRING)) {
163	0	keyType = rsaKey;
164	0	} else if (keyTypeString.Equals(DSA_KEY_TYPE_STRING)) {
165	0	keyType = dsaKey;
166	0	} else {
167	0	return NS_ERROR_UNEXPECTED;
168	0	}
169	0
170	0	nsCOMPtr<nsIRunnable> r = new KeyGenRunnable(keyType, callback, mThread);
171	0	nsresult rv = mThread->Dispatch(r.forget(), NS_DISPATCH_NORMAL);
172	0	NS_ENSURE_SUCCESS(rv, rv);
173	0
174	0	return NS_OK;
175	0	}
176
177		NS_IMETHODIMP
178		IdentityCryptoService::Base64UrlEncode(const nsACString & utf8Input,
179		nsACString & result)
180	0	{
181	0	return Base64URLEncode(utf8Input.Length(),
182	0	reinterpret_cast<const uint8_t*>(utf8Input.BeginReading()),
183	0	Base64URLEncodePaddingPolicy::Include, result);
184	0	}
185
186		KeyPair::KeyPair(SECKEYPrivateKey * privateKey, SECKEYPublicKey * publicKey,
187		nsIEventTarget* operationThread)
188		: mPrivateKey(privateKey)
189		, mPublicKey(publicKey)
190		, mThread(operationThread)
191	0	{
192	0	MOZ_ASSERT(!NS_IsMainThread());
193	0	}
194
195		NS_IMETHODIMP
196		KeyPair::GetHexRSAPublicKeyExponent(nsACString & result)
197	0	{
198	0	MOZ_ASSERT(NS_IsMainThread());
199	0	NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
200	0	NS_ENSURE_TRUE(mPublicKey->keyType == rsaKey, NS_ERROR_NOT_AVAILABLE);
201	0	HexEncode(&mPublicKey->u.rsa.publicExponent, result);
202	0	return NS_OK;
203	0	}
204
205		NS_IMETHODIMP
206		KeyPair::GetHexRSAPublicKeyModulus(nsACString & result)
207	0	{
208	0	MOZ_ASSERT(NS_IsMainThread());
209	0	NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
210	0	NS_ENSURE_TRUE(mPublicKey->keyType == rsaKey, NS_ERROR_NOT_AVAILABLE);
211	0	HexEncode(&mPublicKey->u.rsa.modulus, result);
212	0	return NS_OK;
213	0	}
214
215		NS_IMETHODIMP
216		KeyPair::GetHexDSAPrime(nsACString & result)
217	0	{
218	0	MOZ_ASSERT(NS_IsMainThread());
219	0	NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
220	0	NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
221	0	HexEncode(&mPublicKey->u.dsa.params.prime, result);
222	0	return NS_OK;
223	0	}
224
225		NS_IMETHODIMP
226		KeyPair::GetHexDSASubPrime(nsACString & result)
227	0	{
228	0	MOZ_ASSERT(NS_IsMainThread());
229	0	NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
230	0	NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
231	0	HexEncode(&mPublicKey->u.dsa.params.subPrime, result);
232	0	return NS_OK;
233	0	}
234
235		NS_IMETHODIMP
236		KeyPair::GetHexDSAGenerator(nsACString & result)
237	0	{
238	0	MOZ_ASSERT(NS_IsMainThread());
239	0	NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
240	0	NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
241	0	HexEncode(&mPublicKey->u.dsa.params.base, result);
242	0	return NS_OK;
243	0	}
244
245		NS_IMETHODIMP
246		KeyPair::GetHexDSAPublicValue(nsACString & result)
247	0	{
248	0	MOZ_ASSERT(NS_IsMainThread());
249	0	NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
250	0	NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
251	0	HexEncode(&mPublicKey->u.dsa.publicValue, result);
252	0	return NS_OK;
253	0	}
254
255		NS_IMETHODIMP
256		KeyPair::GetKeyType(nsACString & result)
257	0	{
258	0	MOZ_ASSERT(NS_IsMainThread());
259	0	NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
260	0
261	0	switch (mPublicKey->keyType) {
262	0	case rsaKey: result = RSA_KEY_TYPE_STRING; return NS_OK;
263	0	case dsaKey: result = DSA_KEY_TYPE_STRING; return NS_OK;
264	0	default: return NS_ERROR_UNEXPECTED;
265	0	}
266	0	}
267
268		NS_IMETHODIMP
269		KeyPair::Sign(const nsACString & textToSign,
270		nsIIdentitySignCallback* callback)
271	0	{
272	0	MOZ_ASSERT(NS_IsMainThread());
273	0	nsCOMPtr<nsIRunnable> r = new SignRunnable(textToSign, mPrivateKey,
274	0	callback);
275	0
276	0	return mThread->Dispatch(r, NS_DISPATCH_NORMAL);
277	0	}
278
279		KeyGenRunnable::KeyGenRunnable(KeyType keyType,
280		nsIIdentityKeyGenCallback* callback,
281		nsIEventTarget* operationThread)
282		: mozilla::Runnable("KeyGenRunnable")
283		, mKeyType(keyType)
284		, mCallback(new nsMainThreadPtrHolder<nsIIdentityKeyGenCallback>(
285		"KeyGenRunnable::mCallback", callback))
286		, mRv(NS_ERROR_NOT_INITIALIZED)
287		, mThread(operationThread)
288	0	{
289	0	}
290
291		MOZ_MUST_USE nsresult
292		GenerateKeyPair(PK11SlotInfo * slot,
293		SECKEYPrivateKey ** privateKey,
294		SECKEYPublicKey ** publicKey,
295		CK_MECHANISM_TYPE mechanism,
296		void * params)
297	0	{
298	0	*publicKey = nullptr;
299	0	*privateKey = PK11_GenerateKeyPair(slot, mechanism, params, publicKey,
300	0	PR_FALSE /isPerm/,
301	0	PR_TRUE /isSensitive/,
302	0	nullptr /&pwdata/);
303	0	if (!*privateKey) {
304	0	MOZ_ASSERT(!*publicKey);
305	0	return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
306	0	}
307	0	if (!*publicKey) {
308	0	SECKEY_DestroyPrivateKey(*privateKey);
309	0	*privateKey = nullptr;
310	0	MOZ_CRASH("PK11_GnerateKeyPair returned private key without public key");
311	0	}
312	0
313	0	return NS_OK;
314	0	}
315
316
317		MOZ_MUST_USE nsresult
318		GenerateRSAKeyPair(PK11SlotInfo * slot,
319		SECKEYPrivateKey ** privateKey,
320		SECKEYPublicKey ** publicKey)
321	0	{
322	0	MOZ_ASSERT(!NS_IsMainThread());
323	0
324	0	PK11RSAGenParams rsaParams;
325	0	rsaParams.keySizeInBits = 2048;
326	0	rsaParams.pe = 0x10001;
327	0	return GenerateKeyPair(slot, privateKey, publicKey, CKM_RSA_PKCS_KEY_PAIR_GEN,
328	0	&rsaParams);
329	0	}
330
331		MOZ_MUST_USE nsresult
332		GenerateDSAKeyPair(PK11SlotInfo * slot,
333		SECKEYPrivateKey ** privateKey,
334		SECKEYPublicKey ** publicKey)
335	0	{
336	0	MOZ_ASSERT(!NS_IsMainThread());
337	0
338	0	// XXX: These could probably be static const arrays, but this way we avoid
339	0	// compiler warnings and also we avoid having to worry much about whether the
340	0	// functions that take these inputs will (unexpectedly) modify them.
341	0
342	0	// Using NIST parameters. Some other BrowserID components require that these
343	0	// exact parameters are used.
344	0	uint8_t P[] = {
345	0	0xFF,0x60,0x04,0x83,0xDB,0x6A,0xBF,0xC5,0xB4,0x5E,0xAB,0x78,
346	0	0x59,0x4B,0x35,0x33,0xD5,0x50,0xD9,0xF1,0xBF,0x2A,0x99,0x2A,
347	0	0x7A,0x8D,0xAA,0x6D,0xC3,0x4F,0x80,0x45,0xAD,0x4E,0x6E,0x0C,
348	0	0x42,0x9D,0x33,0x4E,0xEE,0xAA,0xEF,0xD7,0xE2,0x3D,0x48,0x10,
349	0	0xBE,0x00,0xE4,0xCC,0x14,0x92,0xCB,0xA3,0x25,0xBA,0x81,0xFF,
350	0	0x2D,0x5A,0x5B,0x30,0x5A,0x8D,0x17,0xEB,0x3B,0xF4,0xA0,0x6A,
351	0	0x34,0x9D,0x39,0x2E,0x00,0xD3,0x29,0x74,0x4A,0x51,0x79,0x38,
352	0	0x03,0x44,0xE8,0x2A,0x18,0xC4,0x79,0x33,0x43,0x8F,0x89,0x1E,
353	0	0x22,0xAE,0xEF,0x81,0x2D,0x69,0xC8,0xF7,0x5E,0x32,0x6C,0xB7,
354	0	0x0E,0xA0,0x00,0xC3,0xF7,0x76,0xDF,0xDB,0xD6,0x04,0x63,0x8C,
355	0	0x2E,0xF7,0x17,0xFC,0x26,0xD0,0x2E,0x17
356	0	};
357	0
358	0	uint8_t Q[] = {
359	0	0xE2,0x1E,0x04,0xF9,0x11,0xD1,0xED,0x79,0x91,0x00,0x8E,0xCA,
360	0	0xAB,0x3B,0xF7,0x75,0x98,0x43,0x09,0xC3
361	0	};
362	0
363	0	uint8_t G[] = {
364	0	0xC5,0x2A,0x4A,0x0F,0xF3,0xB7,0xE6,0x1F,0xDF,0x18,0x67,0xCE,
365	0	0x84,0x13,0x83,0x69,0xA6,0x15,0x4F,0x4A,0xFA,0x92,0x96,0x6E,
366	0	0x3C,0x82,0x7E,0x25,0xCF,0xA6,0xCF,0x50,0x8B,0x90,0xE5,0xDE,
367	0	0x41,0x9E,0x13,0x37,0xE0,0x7A,0x2E,0x9E,0x2A,0x3C,0xD5,0xDE,
368	0	0xA7,0x04,0xD1,0x75,0xF8,0xEB,0xF6,0xAF,0x39,0x7D,0x69,0xE1,
369	0	0x10,0xB9,0x6A,0xFB,0x17,0xC7,0xA0,0x32,0x59,0x32,0x9E,0x48,
370	0	0x29,0xB0,0xD0,0x3B,0xBC,0x78,0x96,0xB1,0x5B,0x4A,0xDE,0x53,
371	0	0xE1,0x30,0x85,0x8C,0xC3,0x4D,0x96,0x26,0x9A,0xA8,0x90,0x41,
372	0	0xF4,0x09,0x13,0x6C,0x72,0x42,0xA3,0x88,0x95,0xC9,0xD5,0xBC,
373	0	0xCA,0xD4,0xF3,0x89,0xAF,0x1D,0x7A,0x4B,0xD1,0x39,0x8B,0xD0,
374	0	0x72,0xDF,0xFA,0x89,0x62,0x33,0x39,0x7A
375	0	};
376	0
377	0	static_assert(MOZ_ARRAY_LENGTH(P) == 1024 / CHAR_BIT, "bad DSA P");
378	0	static_assert(MOZ_ARRAY_LENGTH(Q) == 160 / CHAR_BIT, "bad DSA Q");
379	0	static_assert(MOZ_ARRAY_LENGTH(G) == 1024 / CHAR_BIT, "bad DSA G");
380	0
381	0	PQGParams pqgParams = {
382	0	nullptr /arena/,
383	0	{ siBuffer, P, static_cast<unsigned int>(mozilla::ArrayLength(P)) },
384	0	{ siBuffer, Q, static_cast<unsigned int>(mozilla::ArrayLength(Q)) },
385	0	{ siBuffer, G, static_cast<unsigned int>(mozilla::ArrayLength(G)) }
386	0	};
387	0
388	0	return GenerateKeyPair(slot, privateKey, publicKey, CKM_DSA_KEY_PAIR_GEN,
389	0	&pqgParams);
390	0	}
391
392		NS_IMETHODIMP
393		KeyGenRunnable::Run()
394	0	{
395	0	if (!NS_IsMainThread()) {
396	0	// We always want to use the internal slot for BrowserID; in particular,
397	0	// we want to avoid smartcard slots.
398	0	PK11SlotInfo *slot = PK11_GetInternalSlot();
399	0	if (!slot) {
400	0	mRv = NS_ERROR_UNEXPECTED;
401	0	} else {
402	0	SECKEYPrivateKey *privk = nullptr;
403	0	SECKEYPublicKey *pubk = nullptr;
404	0
405	0	switch (mKeyType) {
406	0	case rsaKey:
407	0	mRv = GenerateRSAKeyPair(slot, &privk, &pubk);
408	0	break;
409	0	case dsaKey:
410	0	mRv = GenerateDSAKeyPair(slot, &privk, &pubk);
411	0	break;
412	0	default:
413	0	MOZ_CRASH("unknown key type");
414	0	}
415	0
416	0	PK11_FreeSlot(slot);
417	0
418	0	if (NS_SUCCEEDED(mRv)) {
419	0	MOZ_ASSERT(privk);
420	0	MOZ_ASSERT(pubk);
421	0	// mKeyPair will take over ownership of privk and pubk
422	0	mKeyPair = new KeyPair(privk, pubk, mThread);
423	0	}
424	0	}
425	0
426	0	NS_DispatchToMainThread(this);
427	0	} else {
428	0	// Back on Main Thread
429	0	(void) mCallback->GenerateKeyPairFinished(mRv, mKeyPair);
430	0	}
431	0	return NS_OK;
432	0	}
433
434		SignRunnable::SignRunnable(const nsACString& aText,
435		SECKEYPrivateKey* privateKey,
436		nsIIdentitySignCallback* aCallback)
437		: mozilla::Runnable("SignRunnable")
438		, mTextToSign(aText)
439		, mPrivateKey(SECKEY_CopyPrivateKey(privateKey))
440		, mCallback(new nsMainThreadPtrHolder<nsIIdentitySignCallback>(
441		"SignRunnable::mCallback", aCallback))
442		, mRv(NS_ERROR_NOT_INITIALIZED)
443	0	{
444	0	}
445
446		NS_IMETHODIMP
447		SignRunnable::Run()
448	0	{
449	0	if (!NS_IsMainThread()) {
450	0	// We need the output in PKCS#11 format, not DER encoding, so we must use
451	0	// PK11_HashBuf and PK11_Sign instead of SEC_SignData.
452	0
453	0	SECItem sig = { siBuffer, nullptr, 0 };
454	0	int sigLength = PK11_SignatureLen(mPrivateKey);
455	0	if (sigLength <= 0) {
456	0	mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
457	0	} else if (!SECITEM_AllocItem(nullptr, &sig, sigLength)) {
458	0	mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
459	0	} else {
460	0	uint8_t hash[32]; // big enough for SHA-1 or SHA-256
461	0	SECOidTag hashAlg = mPrivateKey->keyType == dsaKey ? SEC_OID_SHA1
462	0	: SEC_OID_SHA256;
463	0	SECItem hashItem = { siBuffer, hash,
464	0	hashAlg == SEC_OID_SHA1 ? 20u : 32u };
465	0
466	0	mRv = MapSECStatus(PK11_HashBuf(hashAlg, hash,
467	0	const_cast<uint8_t>(reinterpret_cast<const uint8_t >(
468	0	mTextToSign.get())),
469	0	mTextToSign.Length()));
470	0	if (NS_SUCCEEDED(mRv)) {
471	0	mRv = MapSECStatus(PK11_Sign(mPrivateKey, &sig, &hashItem));
472	0	}
473	0	if (NS_SUCCEEDED(mRv)) {
474	0	mRv = Base64URLEncode(sig.len, sig.data,
475	0	Base64URLEncodePaddingPolicy::Include,
476	0	mSignature);
477	0	}
478	0	SECITEM_FreeItem(&sig, false);
479	0	}
480	0
481	0	NS_DispatchToMainThread(this);
482	0	} else {
483	0	// Back on Main Thread
484	0	(void) mCallback->SignFinished(mRv, mSignature);
485	0	}
486	0
487	0	return NS_OK;
488	0	}
489
490		// XPCOM module registration
491
492		NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(IdentityCryptoService, Init)
493
494		#define NS_IDENTITYCRYPTOSERVICE_CID \
495		{0xbea13a3a, 0x44e8, 0x4d7f, {0xa0, 0xa2, 0x2c, 0x67, 0xf8, 0x4e, 0x3a, 0x97}}
496
497		NS_DEFINE_NAMED_CID(NS_IDENTITYCRYPTOSERVICE_CID);
498
499		const mozilla::Module::CIDEntry kCIDs[] = {
500		{ &kNS_IDENTITYCRYPTOSERVICE_CID, false, nullptr, IdentityCryptoServiceConstructor },
501		{ nullptr }
502		};
503
504		const mozilla::Module::ContractIDEntry kContracts[] = {
505		{ "@mozilla.org/identity/crypto-service;1", &kNS_IDENTITYCRYPTOSERVICE_CID },
506		{ nullptr }
507		};
508
509		const mozilla::Module kModule = {
510		mozilla::Module::kVersion,
511		kCIDs,
512		kContracts
513		};
514
515		} // unnamed namespace
516
517		NSMODULE_DEFN(identity) = &kModule;