Add SecureMessage definitions to CryptAuth.

components/proximity_auth/cryptauth/fake_secure_message_delegate.cc

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/proximity_auth/cryptauth/fake_secure_message_delegate.h"
+
+#include <algorithm>
+
+#include "base/callback.h"
+#include "base/md5.h"
+
+namespace proximity_auth {
+
+namespace {
+
+const char kKeyPrefix[] = "fake_key_";
+const char kPrivateKeyPrefix[] = "private_";
+
+// Encrypts the |plaintext| with the |key| using the |encryption_scheme| and
+// returns the ciphertext.
+std::string Encrypt(const std::string& plaintext,
+                    const std::string& key,
+                    const securemessage::EncScheme& encryption_scheme) {
+  if (encryption_scheme == securemessage::NONE)
+    return plaintext;
+
+  // Encrypt with a Vigenere cipher.
+  std::string ciphertext;
+  ciphertext.resize(plaintext.size());
+  for (size_t i = 0; i < plaintext.size(); ++i) {
+    unsigned char plaintext_char = plaintext[i];
+    unsigned char key_char = key[i % key.size()];
+    ciphertext[i] = plaintext_char + key_char;
+  }
+  return ciphertext;
+}
+
+// Decrypts the |ciphertext| with the |key| using the |encryption_scheme| and
+// returns the plaintext.
+std::string Decrypt(const std::string& ciphertext,
+                    const std::string& key,
+                    const securemessage::EncScheme& encryption_scheme) {
+  if (encryption_scheme == securemessage::NONE)
+    return ciphertext;
+
+  // Decrypt with a Vigenere cipher.
+  std::string plaintext;
+  plaintext.resize(ciphertext.size());
+  for (size_t i = 0; i < ciphertext.size(); ++i) {
+    unsigned char ciphertext_char = ciphertext[i];
+    unsigned char key_char = key[i % key.size()];
+    plaintext[i] = ciphertext_char - key_char;
+  }
+  return plaintext;
+}
+
+// Signs the |payload| and |associated_data| with the |key| using the
+// |signature_scheme| and returns the signature.
+std::string Sign(const std::string& payload,
+                 const std::string& associated_data,
+                 const std::string& key,
+                 const securemessage::SigScheme& signature_scheme) {

[Ilya Sherman, 2015/04/03 22:43:41]

nit: The |signature_scheme| is not used, so let's omit it?

[Tim Song, 2015/04/04 05:06:14]

Done.

+  return base::MD5String(payload + "|" + associated_data + "|" + key);
+}
+
+// Verifies that the |signature| for the the |payload| and |associated_data| is
+// valid for the given the |key| and |signature_scheme|.
+bool Verify(const std::string& signature,
+            const std::string& payload,
+            const std::string& associated_data,
+            const std::string& key,
+            const securemessage::SigScheme& signature_scheme) {
+  // Verify signatures created using symmetric keys.
+  if (signature_scheme == securemessage::HMAC_SHA256) {
+    std::string expected_signature =
+        Sign(payload, associated_data, key, signature_scheme);
+    return signature == expected_signature;
+  }

[Ilya Sherman, 2015/04/03 22:43:41]

I think this method would be clearer if it were structured as:

std::string signing_key;
if (symmetric) {
  signing_key = key;
} else {
  signing_key = opposite_key;
}

std::string expected_signature = Sign(payload, associated_data, signing_key);
return signature == expected_signature;

[Tim Song, 2015/04/04 05:06:14]

Done.

+
+  // Verify signatures created using asymmetric keys.
+  std::string prefix = kPrivateKeyPrefix;
+  bool is_private_key = key.substr(0, prefix.size()) == prefix;
+  std::string signing_key =
+      is_private_key ? key.substr(prefix.size()) : prefix + key;
+
+  std::string expected_signature =
+      Sign(payload, associated_data, signing_key, signature_scheme);
+  << signature_scheme;

[Ilya Sherman, 2015/04/03 22:43:41]

Hmm?

[Tim Song, 2015/04/04 05:06:14]

Sorry, forgot to delete this.

+  return signature == expected_signature;
+}
+}
+
+FakeSecureMessageDelegate::FakeSecureMessageDelegate()
+    : next_public_key_(std::string(kKeyPrefix) + "0") {
+}
+
+FakeSecureMessageDelegate::~FakeSecureMessageDelegate() {
+}
+
+void FakeSecureMessageDelegate::GenerateKeyPair(
+    const GenerateKeyPairCallback& callback) {
+  std::string public_key = next_public_key_;
+
+  // The private key is simply the public key prepended with "private_".
+  std::string private_key(std::string(kPrivateKeyPrefix + public_key));

[Ilya Sherman, 2015/04/03 22:43:41]

nit: No need for the inner "std::string"

[Tim Song, 2015/04/04 05:06:14]

Done.

+
+  next_public_key_ = std::string(kKeyPrefix) + base::MD5String(public_key);
+
+  callback.Run(public_key, private_key);
+}
+
+void FakeSecureMessageDelegate::DeriveKey(const std::string& private_key,
+                                          const std::string& public_key,
+                                          const DeriveKeyCallback& callback) {
+  // Ensure that the same symmetric is derived for DeriveKey(private1, public2)

[Ilya Sherman, 2015/04/03 22:43:41]

nit: "same symmetric" -> "same symmetric key"

[Tim Song, 2015/04/04 05:06:14]

Done.

+  // and DeriveKey(private2, public1).

[Ilya Sherman, 2015/04/03 22:43:41]

I think it would help to explain, in the comment, that you're basically
transforming the private key back into its public key.

[Tim Song, 2015/04/04 05:06:14]

Done.

+  std::string prefix(kPrivateKeyPrefix);
+  std::string normalized_private_key =
+      private_key.size() > prefix.size()

[Ilya Sherman, 2015/04/03 22:43:41]

I'm not really following why you're just comparing the string sizes.  Do you
want to test the strings for prefix equality, as you do above?

[Tim Song, 2015/04/04 05:06:14]

I don't want to call substr with an out of bounds index.

[Ilya Sherman, 2015/04/06 18:33:51]

I mean, sure, but trimming off the prefix only makes sense if the prefix is
actually "private_", not if it's just a long enough key.  So, I was expecting a
StartsWith check here.

[Tim Song, 2015/04/06 19:37:23]

All private keys are expected to start with "private_", so anything else is
undefined behaviour. I changed this check to use StartsWithASCII for clarity.

+          ? private_key.substr(std::string(kPrivateKeyPrefix).size())

[Ilya Sherman, 2015/04/03 22:43:41]

nit: s/std::string(kPrivateKeyPrefix)/prefix

[Tim Song, 2015/04/04 05:06:14]

Done.

+          : private_key;
+
+  std::vector<std::string> keys;
+  keys.push_back(normalized_private_key);
+  keys.push_back(public_key);
+  std::sort(keys.begin(), keys.end());
+  callback.Run(base::MD5String(keys[0] + "|" + keys[1]));
+}
+
+void FakeSecureMessageDelegate::CreateSecureMessage(
+    const std::string& payload,
+    const std::string& key,
+    const CreateOptions& create_options,
+    const CreateSecureMessageCallback& callback) {
+  securemessage::Header header;
+  header.set_signature_scheme(create_options.signature_scheme);
+  header.set_encryption_scheme(create_options.encryption_scheme);
+  if (!create_options.public_metadata.empty())
+    header.set_public_metadata(create_options.public_metadata);
+  if (!create_options.verification_key_id.empty())
+    header.set_verification_key_id(create_options.verification_key_id);
+  if (!create_options.decryption_key_id.empty())
+    header.set_decryption_key_id(create_options.decryption_key_id);
+
+  securemessage::HeaderAndBody header_and_body;
+  header_and_body.mutable_header()->CopyFrom(header);
+  header_and_body.set_body(
+      Encrypt(payload, key, create_options.encryption_scheme));
+  std::string serialized_header_and_body;
+  header_and_body.SerializeToString(&serialized_header_and_body);
+
+  securemessage::SecureMessage secure_message;
+  secure_message.set_header_and_body(serialized_header_and_body);
+  secure_message.set_signature(Sign(payload, create_options.associated_data,
+                                    key, create_options.signature_scheme));
+
+  std::string serialized_secure_message;
+  secure_message.SerializeToString(&serialized_secure_message);
+  callback.Run(serialized_secure_message);
+}

[Ilya Sherman, 2015/04/03 22:43:41]

Most of this seems appropriate to do in the base class, rather than in the fake
class.  Maybe the base class should just have protected virtual methods Sign()
and Encrypt()?

[Tim Song, 2015/04/04 05:06:14]

We need to keep SecureMessageDelegate as an interface, since the easy-unlock
daemon does all of this serialization and more. It's not ideal, but we still
can't bring securemessage to Chrome itself due to the OpenSSL migration.

+
+void FakeSecureMessageDelegate::UnwrapSecureMessage(
+    const std::string& serialized_message,
+    const std::string& key,
+    const UnwrapOptions& unwrap_options,
+    const UnwrapSecureMessageCallback& callback) {
+  securemessage::SecureMessage secure_message;
+  if (!secure_message.ParseFromString(serialized_message)) {
+    LOG(ERROR) << "Failed to parse SecureMessage.";
+    callback.Run(false, std::string(), securemessage::Header());
+    return;
+  }
+
+  securemessage::HeaderAndBody header_and_body;
+  if (!header_and_body.ParseFromString(secure_message.header_and_body())) {
+    LOG(ERROR) << "Failed to parse secure message HeaderAndBody.";
+    callback.Run(false, std::string(), securemessage::Header());
+    return;
+  }
+
+  const securemessage::Header& header = header_and_body.header();
+  std::string payload =
+      Decrypt(header_and_body.body(), key, unwrap_options.encryption_scheme);
+
+  bool verified = Verify(secure_message.signature(), payload,
+                         unwrap_options.associated_data, key,
+                         unwrap_options.signature_scheme);
+  if (verified) {
+    callback.Run(true, payload, header);
+  } else {
+    callback.Run(false, std::string(), securemessage::Header());
+  }
+}

[Ilya Sherman, 2015/04/03 22:43:41]

Same applies here.

[Tim Song, 2015/04/04 05:06:14]

Same reasoning.

+
+}  // namespace proximity_auth