Changeset 164181 in webkit

Timestamp:

Feb 15, 2014 3:26:21 PM (10 years ago)

Author:

ap@apple.com

Message:

[Mac] All WebKit clients should encrypt WebCrypto keys automatically
​https://bugs.webkit.org/show_bug.cgi?id=128852

Reviewed by Oliver Hunt.

Source/WebCore:

Install a persistent master key in Keychain on first use of WebCrypto key serialization.
The key is per application, protected with ACL.

• English.lproj/Localizable.strings:
• WebCore.exp.in:
• crypto/SerializedCryptoKeyWrap.h:
• crypto/mac/SerializedCryptoKeyWrapMac.mm:

(WebCore::masterKeyAccountNameForCurrentApplication):
(WebCore::getDefaultWebCryptoMasterKey):
(WebCore::createAndStoreMasterKey):
(WebCore::findMasterKey):

• platform/LocalizedStrings.cpp:

(WebCore::webCryptoMasterKeyKeychainLabel):
(WebCore::webCryptoMasterKeyKeychainComment):

• platform/LocalizedStrings.h:

Source/WebKit/mac:

• WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::wrapCryptoKey):
(WebChromeClient::unwrapCryptoKey):
Call the default implementation if key is not provided by a client.

Source/WebKit2:

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::wrapCryptoKey):
(WebKit::WebPageProxy::unwrapCryptoKey):
Call the default implementation if key is not provided by a client.

Location:

trunk/Source

Files:

• WebCore/ChangeLog (modified) (1 diff)
• WebCore/English.lproj/Localizable.strings (modified) (2 diffs)
• WebCore/WebCore.exp.in (modified) (1 diff)
• WebCore/crypto/SerializedCryptoKeyWrap.h (modified) (1 diff)
• WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm (modified) (3 diffs)
• WebCore/platform/LocalizedStrings.cpp (modified) (1 diff)
• WebCore/platform/LocalizedStrings.h (modified) (1 diff)
• WebKit/mac/ChangeLog (modified) (1 diff)
• WebKit/mac/WebCoreSupport/WebChromeClient.mm (modified) (1 diff)
• WebKit2/ChangeLog (modified) (1 diff)
• WebKit2/UIProcess/WebPageProxy.cpp (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2014-02-15  Alexey Proskuryakov  <ap@apple.com>
+
+        [Mac] All WebKit clients should encrypt WebCrypto keys automatically
+        https://bugs.webkit.org/show_bug.cgi?id=128852
+
+        Reviewed by Oliver Hunt.
+
+        Install a persistent master key in Keychain on first use of WebCrypto key serialization.
+        The key is per application, protected with ACL.
+
+        * English.lproj/Localizable.strings:
+        * WebCore.exp.in:
+        * crypto/SerializedCryptoKeyWrap.h:
+        * crypto/mac/SerializedCryptoKeyWrapMac.mm:
+        (WebCore::masterKeyAccountNameForCurrentApplication):
+        (WebCore::getDefaultWebCryptoMasterKey):
+        (WebCore::createAndStoreMasterKey):
+        (WebCore::findMasterKey):
+        * platform/LocalizedStrings.cpp:
+        (WebCore::webCryptoMasterKeyKeychainLabel):
+        (WebCore::webCryptoMasterKeyKeychainComment):
+        * platform/LocalizedStrings.h:
+
 2014-02-15  Ryosuke Niwa  <rniwa@webkit.org>
 

trunk/Source/WebCore/English.lproj/Localizable.strings

@@ -41 +41 @@
 "%@ Web Content" = "%@ Web Content";
 
+/* Name of application's single WebCrypto master key in Keychain */
+"%@ WebCrypto Master Key" = "%@ WebCrypto Master Key";
+
 /* Label to describe the number of files selected in a file upload control that allows multiple files */
 "%d files" = "%d files";
@@ -596 +599 @@
 "Use Standard Ligatures (Undo action name)" = "Use Standard Ligatures";
 
+/* Description of WebCrypto master keys in Keychain */
+"Used to encrypt WebCrypto keys in persistent storage, such as IndexedDB" = "Used to encrypt WebCrypto keys in persistent storage, such as IndexedDB";
+
 /* Web Inspector window title */
 "Web Inspector — %@" = "Web Inspector — %@";

trunk/Source/WebCore/WebCore.exp.in

@@ -2626 +2626 @@
 __ZN7WebCore23wrapSerializedCryptoKeyERKN3WTF6VectorIhLm0ENS0_15CrashOnOverflowEEES5_RS3_
 __ZN7WebCore25unwrapSerializedCryptoKeyERKN3WTF6VectorIhLm0ENS0_15CrashOnOverflowEEES5_RS3_
+__ZN7WebCore28getDefaultWebCryptoMasterKeyERN3WTF6VectorIhLm0ENS0_15CrashOnOverflowEEE
 #endif
 

trunk/Source/WebCore/crypto/SerializedCryptoKeyWrap.h

@@ -34 +34 @@
 namespace WebCore {
 
+bool getDefaultWebCryptoMasterKey(Vector<uint8_t>&);
+
 bool wrapSerializedCryptoKey(const Vector<uint8_t>& masterKey, const Vector<uint8_t>& key, Vector<uint8_t>& result);
 bool unwrapSerializedCryptoKey(const Vector<uint8_t>& masterKey, const Vector<uint8_t>& wrappedKey, Vector<uint8_t>& key);

trunk/Source/WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm

@@ -30 +30 @@
 
 #include "CommonCryptoUtilities.h"
+#include "LocalizedStrings.h"
 #include <CommonCrypto/CommonSymmetricKeywrap.h>
+#include <wtf/text/Base64.h>
 #include <wtf/text/CString.h>
 #include <wtf/CryptographicUtilities.h>
+#include <wtf/RetainPtr.h>
 
 namespace WebCore {
@@ -43 +46 @@
 const NSString* tagKey = @"tag";
 
+const size_t masterKeySizeInBytes = 16;
+
 inline Vector<uint8_t> vectorFromNSData(NSData* data)
 {
@@ -49 +54 @@
     return result;
 }
+
+#if PLATFORM(IOS)
+
+bool getDefaultWebCryptoMasterKey(Vector<uint8_t>& masterKey)
+{
+    // FIXME: Implement.
+    masterKey.resize(masterKeySizeInBytes);
+    memset(masterKey.data(), 0, masterKey.size());
+    return true;
+}
+
+#else
+
+static NSString* masterKeyAccountNameForCurrentApplication()
+{
+    return [NSString stringWithFormat:@"com.apple.WebKit.WebCrypto.master+%@", [[NSRunningApplication currentApplication] bundleIdentifier]];
+}
+
+static bool createAndStoreMasterKey(Vector<uint8_t>& masterKeyData)
+{
+    masterKeyData.resize(masterKeySizeInBytes);
+    CCRandomCopyBytes(kCCRandomDefault, masterKeyData.data(), masterKeyData.size());
+
+    NSString *localizedItemName = webCryptoMasterKeyKeychainLabel([[NSRunningApplication currentApplication] localizedName]);
+
+    SecAccessRef accessRef;
+    OSStatus status = SecAccessCreate((CFStringRef)localizedItemName, nullptr, &accessRef);
+    if (status) {
+        WTFLogAlways("Cannot create a security access object for storing WebCrypto master key, error %d", (int)status);
+        return nullptr;
+    }
+    RetainPtr<SecAccessRef> access = adoptCF(accessRef);
+
+    RetainPtr<CFArrayRef> acls = adoptCF(SecAccessCopyMatchingACLList(accessRef, kSecACLAuthorizationExportClear));
+    SecACLRef acl = (SecACLRef)CFArrayGetValueAtIndex(acls.get(), 0);
+
+    SecTrustedApplicationRef trustedAppRef;
+    status = SecTrustedApplicationCreateFromPath(0, &trustedAppRef);
+    if (status) {
+        WTFLogAlways("Cannot create a trusted application object for storing WebCrypto master key, error %d", (int)status);
+        return nullptr;
+    }
+    RetainPtr<SecTrustedApplicationRef> trustedApp = adoptCF(trustedAppRef);
+
+    status = SecACLSetContents(acl, (CFArrayRef)@[ (id)trustedApp.get() ], (CFStringRef)localizedItemName, kSecKeychainPromptRequirePassphase);
+    if (status) {
+        WTFLogAlways("Cannot set ACL for WebCrypto master key, error %d", (int)status);
+        return nullptr;
+    }
+
+    Vector<char> base64EncodedMasterKeyData;
+    base64Encode(masterKeyData, base64EncodedMasterKeyData);
+
+    // Cannot use kSecClassKey because of <rdar://problem/16068207>.
+    NSDictionary *attributes = @{
+        (id)kSecClass : (id)kSecClassGenericPassword,
+        (id)kSecAttrSynchronizable : @NO,
+        (id)kSecAttrIsPermanent : @YES,
+        (id)kSecAttrAccess : (id)access.get(),
+        (id)kSecAttrComment : webCryptoMasterKeyKeychainComment(),
+        (id)kSecAttrLabel : localizedItemName,
+        (id)kSecAttrAccount : masterKeyAccountNameForCurrentApplication(),
+        (id)kSecValueData : [NSData dataWithBytes:base64EncodedMasterKeyData.data() length:base64EncodedMasterKeyData.size()],
+    };
+
+    status = SecItemAdd((CFDictionaryRef)attributes, nullptr);
+    if (status) {
+        WTFLogAlways("Cannot store WebCrypto master key, error %d", (int)status);
+        return nullptr;
+    }
+    return true;
+}
+
+static bool findMasterKey(Vector<uint8_t>& masterKeyData)
+{
+    NSDictionary *query = @{
+        (id)kSecClass : (id)kSecClassGenericPassword,
+        (id)kSecAttrAccount : masterKeyAccountNameForCurrentApplication(),
+        (id)kSecReturnData : @YES,
+    };
+
+    CFDataRef keyDataRef;
+    OSStatus status = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef*)&keyDataRef);
+    if (status) {
+        if (status != errSecItemNotFound && status != errSecUserCanceled)
+            WTFLogAlways("Could not find WebCrypto master key in Keychain, error %d", (int)status);
+        return false;
+    }
+    RetainPtr<CFDataRef> keyData = adoptCF(keyDataRef);
+
+    Vector<uint8_t> base64EncodedMasterKeyData = vectorFromNSData((NSData *)keyData.get());
+    return base64Decode((const char*)base64EncodedMasterKeyData.data(), base64EncodedMasterKeyData.size(), masterKeyData);
+}
+
+bool getDefaultWebCryptoMasterKey(Vector<uint8_t>& masterKey)
+{
+    if (!findMasterKey(masterKey) && !createAndStoreMasterKey(masterKey))
+        return false;
+    RELEASE_ASSERT(masterKey.size() == masterKeySizeInBytes);
+    return true;
+}
+
+#endif
 
 bool wrapSerializedCryptoKey(const Vector<uint8_t>& masterKey, const Vector<uint8_t>& key, Vector<uint8_t>& result)

trunk/Source/WebCore/platform/LocalizedStrings.cpp

@@ -1119 +1119 @@
 }
 
+#if ENABLE(SUBTLE_CRYPTO)
+String webCryptoMasterKeyKeychainLabel(const String& localizedApplicationName)
+{
+    return formatLocalizedString(WEB_UI_STRING("%@ WebCrypto Master Key", "Name of application's single WebCrypto master key in Keychain"), localizedApplicationName.createCFString().get());
+}
+
+String webCryptoMasterKeyKeychainComment()
+{
+    return WEB_UI_STRING("Used to encrypt WebCrypto keys in persistent storage, such as IndexedDB", "Description of WebCrypto master keys in Keychain");
+}
+#endif
+
 } // namespace WebCore

trunk/Source/WebCore/platform/LocalizedStrings.h

@@ -264 +264 @@
     String useBlockedPlugInContextMenuTitle();
 
+#if ENABLE(SUBTLE_CRYPTO)
+    String webCryptoMasterKeyKeychainLabel(const String& localizedApplicationName);
+    String webCryptoMasterKeyKeychainComment();
+#endif
+
 #define WEB_UI_STRING(string, description) WebCore::localizedString(string)
 #define WEB_UI_STRING_KEY(string, key, description) WebCore::localizedString(key)

trunk/Source/WebKit/mac/ChangeLog

@@ +1 @@
+2014-02-15  Alexey Proskuryakov  <ap@apple.com>
+
+        [Mac] All WebKit clients should encrypt WebCrypto keys automatically
+        https://bugs.webkit.org/show_bug.cgi?id=128852
+
+        Reviewed by Oliver Hunt.
+
+        * WebCoreSupport/WebChromeClient.mm:
+        (WebChromeClient::wrapCryptoKey):
+        (WebChromeClient::unwrapCryptoKey):
+        Call the default implementation if key is not provided by a client.
+
 2014-02-14  Anders Carlsson  <andersca@apple.com>
 

trunk/Source/WebKit/mac/WebCoreSupport/WebChromeClient.mm

@@ -1003 +1003 @@
 bool WebChromeClient::wrapCryptoKey(const Vector<uint8_t>& key, Vector<uint8_t>& wrappedKey) const
 {
+    Vector<uint8_t> masterKey;
     SEL selector = @selector(webCryptoMasterKeyForWebView:);
-    if (![[m_webView UIDelegate] respondsToSelector:selector])
+    if ([[m_webView UIDelegate] respondsToSelector:selector]) {
+        NSData *keyData = CallUIDelegate(m_webView, selector);
+        masterKey.append((uint8_t*)[keyData bytes], [keyData length]);
+    } else if (!getDefaultWebCryptoMasterKey(masterKey))
         return false;
 
-    NSData* keyData = CallUIDelegate(m_webView, selector);
-
+    return wrapSerializedCryptoKey(masterKey, key, wrappedKey);
+}
+
+bool WebChromeClient::unwrapCryptoKey(const Vector<uint8_t>& wrappedKey, Vector<uint8_t>& key) const
+{
     Vector<uint8_t> masterKey;
-    masterKey.append((uint8_t*)[keyData bytes], [keyData length]);
-    return wrapSerializedCryptoKey(masterKey, key, wrappedKey);
-}
-
-bool WebChromeClient::unwrapCryptoKey(const Vector<uint8_t>& wrappedKey, Vector<uint8_t>& key) const
-{
     SEL selector = @selector(webCryptoMasterKeyForWebView:);
-    if (![[m_webView UIDelegate] respondsToSelector:selector])
+    if ([[m_webView UIDelegate] respondsToSelector:selector]) {
+        NSData *keyData = CallUIDelegate(m_webView, selector);
+        masterKey.append((uint8_t*)[keyData bytes], [keyData length]);
+    } else if (!getDefaultWebCryptoMasterKey(masterKey))
         return false;
 
-    NSData *keyData = CallUIDelegate(m_webView, selector);
-
-    Vector<uint8_t> masterKey;
-    masterKey.append((uint8_t*)[keyData bytes], [keyData length]);
     return unwrapSerializedCryptoKey(masterKey, wrappedKey, key);
 }

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2014-02-15  Alexey Proskuryakov  <ap@apple.com>
+
+        [Mac] All WebKit clients should encrypt WebCrypto keys automatically
+        https://bugs.webkit.org/show_bug.cgi?id=128852
+
+        Reviewed by Oliver Hunt.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::wrapCryptoKey):
+        (WebKit::WebPageProxy::unwrapCryptoKey):
+        Call the default implementation if key is not provided by a client.
+
 2014-02-15  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>
 

trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp

@@ -4484 +4484 @@
 void WebPageProxy::wrapCryptoKey(const Vector<uint8_t>& key, bool& succeeded, Vector<uint8_t>& wrappedKey)
 {
+    Vector<uint8_t> masterKey;
     RefPtr<API::Data> keyData = m_process->context().client().copyWebCryptoMasterKey(&m_process->context());
-    if (!keyData) {
+    if (keyData)
+        masterKey = keyData->dataReference().vector();
+    else if (!getDefaultWebCryptoMasterKey(masterKey)) {
         succeeded = false;
         return;
     }
 
-    Vector<uint8_t> masterKey = keyData->dataReference().vector();
     succeeded = wrapSerializedCryptoKey(masterKey, key, wrappedKey);
 }
@@ -4496 +4498 @@
 void WebPageProxy::unwrapCryptoKey(const Vector<uint8_t>& wrappedKey, bool& succeeded, Vector<uint8_t>& key)
 {
+    Vector<uint8_t> masterKey;
     RefPtr<API::Data> keyData = m_process->context().client().copyWebCryptoMasterKey(&m_process->context());
-    if (!keyData) {
+    if (keyData)
+        masterKey = keyData->dataReference().vector();
+    else if (!getDefaultWebCryptoMasterKey(masterKey)) {
         succeeded = false;
         return;
     }
 
-    Vector<uint8_t> masterKey = keyData->dataReference().vector();
     succeeded = unwrapSerializedCryptoKey(masterKey, wrappedKey, key);
 }