Encrypt certificate reports before uploading to HTTP URLs

chrome/browser/net/certificate_error_reporter.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/certificate_error_reporter.h"
 
 #include <set>
 
 #include "base/logging.h"
 #include "base/stl_util.h"
 #include "base/time/time.h"
 #include "chrome/browser/net/cert_logger.pb.h"
+
+#if defined(USE_OPENSSL)
+#include "crypto/aead_openssl.h"
+#endif
+
+#include "crypto/curve25519.h"
+#include "crypto/hkdf.h"
+#include "crypto/random.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/load_flags.h"
 #include "net/base/request_priority.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_info.h"
 #include "net/url_request/url_request_context.h"
 
+namespace {
+
+// Constants used for crypto
+static const uint8 kServerPublicKey[] = {
+    0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18,
+    0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f,
+    0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b};
+static const uint32 kServerPublicKeyVersion = 1;
+
+#if defined(USE_OPENSSL)
+
+static const char kHkdfLabel[] = "certificate report";
+
+bool EncryptSerializedReport(
+    const uint8* server_public_key,
+    uint32 server_public_key_version,
+    const std::string& report,
+    chrome_browser_net::EncryptedCertLoggerRequest* encrypted_report) {
+  // Generate an ephemeral key pair to generate a shared secret.
+  uint8 public_key[crypto::curve25519::kBytes];
+  uint8 private_key[crypto::curve25519::kScalarBytes];
+  uint8 shared_secret[crypto::curve25519::kBytes];
+
+  crypto::RandBytes(private_key, sizeof(private_key));
+  crypto::curve25519::ScalarBaseMult(private_key, public_key);
+  crypto::curve25519::ScalarMult(private_key, server_public_key, shared_secret);
+
+  crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
+  crypto::HKDF hkdf(std::string((char*)shared_secret, sizeof(shared_secret)),
+                    kHkdfLabel, std::string(), 0, 0, aead.KeyLength());
+
+  const std::string key(hkdf.subkey_secret().data(),
+                        hkdf.subkey_secret().size());
+  aead.Init(&key);
+
+  // Use an all-zero nonce because the key is random per-message.
+  std::string nonce(aead.NonceLength(), 0);
+
+  std::string ciphertext;
+  if (!aead.Seal(report, nonce, "", &ciphertext)) {
+    LOG(ERROR) << "Error sealing certificate report.";
+    return false;
+  }
+
+  encrypted_report->set_encrypted_report(ciphertext);
+  encrypted_report->set_server_public_key_version(server_public_key_version);
+  encrypted_report->set_client_public_key(
+      std::string((char*)public_key, sizeof(public_key)));
+  encrypted_report->set_algorithm(
+      chrome_browser_net::EncryptedCertLoggerRequest::
+          AEAD_ECDH_AES_128_CTR_HMAC_SHA256);
+  return true;
+}
+#endif
+
+}  // namespace
+
 namespace chrome_browser_net {
 
 CertificateErrorReporter::CertificateErrorReporter(
     net::URLRequestContext* request_context,
     const GURL& upload_url,
     CookiesPreference cookies_preference)
+    : CertificateErrorReporter(request_context,
+                               upload_url,
+                               cookies_preference,
+                               kServerPublicKey,
+                               kServerPublicKeyVersion) {
+}
+
+CertificateErrorReporter::CertificateErrorReporter(
+    net::URLRequestContext* request_context,
+    const GURL& upload_url,
+    CookiesPreference cookies_preference,
+    const uint8 server_public_key[32],
+    const uint32 server_public_key_version)
     : request_context_(request_context),
       upload_url_(upload_url),
-      cookies_preference_(cookies_preference) {
+      cookies_preference_(cookies_preference),
+      server_public_key_(server_public_key),
+      server_public_key_version_(server_public_key_version) {
   DCHECK(!upload_url.is_empty());
 }
 
 CertificateErrorReporter::~CertificateErrorReporter() {
   STLDeleteElements(&inflight_requests_);
 }
 
 void CertificateErrorReporter::SendReport(ReportType type,
                                           const std::string& hostname,
                                           const net::SSLInfo& ssl_info) {
   CertLoggerRequest request;
-  std::string out;
-
   BuildReport(hostname, ssl_info, &request);
 
   switch (type) {
     case REPORT_TYPE_PINNING_VIOLATION:
       SendCertLoggerRequest(request);
       break;
     case REPORT_TYPE_EXTENDED_REPORTING:
-      // TODO(estark): Encrypt the report if not sending over HTTPS.
-      DCHECK(upload_url_.SchemeIsCryptographic());
-      SendCertLoggerRequest(request);
+      if (upload_url_.SchemeIsCryptographic()) {
+        SendCertLoggerRequest(request);
+      } else {
+        DCHECK(IsHttpUploadUrlSupported());
+#if defined(USE_OPENSSL)
+        EncryptedCertLoggerRequest encrypted_report;
+        std::string serialized_report;
+        request.SerializeToString(&serialized_report);
+        if (!EncryptSerializedReport(server_public_key_,
+                                     server_public_key_version_,
+                                     serialized_report, &encrypted_report)) {
+          LOG(ERROR) << "Failed to encrypt serialized report.";
+          return;
+        }
+        std::string serialized_encrypted_report;
+        encrypted_report.SerializeToString(&serialized_encrypted_report);
+        SendSerializedRequest(serialized_encrypted_report);
+#endif
+      }
       break;
     default:
       NOTREACHED();
   }
 }
 
 void CertificateErrorReporter::OnResponseStarted(net::URLRequest* request) {
   const net::URLRequestStatus& status(request->status());
   if (!status.is_success()) {
     LOG(WARNING) << "Certificate upload failed"
@@ skipping 14 matching lines @@
     net::URLRequestContext* context) {
   scoped_ptr<net::URLRequest> request =
       context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this);
   if (cookies_preference_ != SEND_COOKIES) {
     request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
                           net::LOAD_DO_NOT_SAVE_COOKIES);
   }
   return request.Pass();
 }
 
+bool CertificateErrorReporter::IsHttpUploadUrlSupported() {
+#if defined(USE_OPENSSL)
+  return true;
+#else
+  return false;
+#endif
+}
+
+// Used only by tests.
+#if defined(USE_OPENSSL)
+bool CertificateErrorReporter::DecryptCertificateErrorReport(
+    const uint8 server_private_key[32],
+    const EncryptedCertLoggerRequest& encrypted_report,
+    CertLoggerRequest* decrypted_report) {
+  uint8 shared_secret[crypto::curve25519::kBytes];
+  crypto::curve25519::ScalarMult(
+      server_private_key, (uint8*)encrypted_report.client_public_key().data(),
+      shared_secret);
+
+  crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
+  crypto::HKDF hkdf(std::string((char*)shared_secret, sizeof(shared_secret)),
+                    kHkdfLabel, std::string(), 0, 0, aead.KeyLength());
+
+  const std::string key(hkdf.subkey_secret().data(),
+                        hkdf.subkey_secret().size());
+  aead.Init(&key);
+
+  // Use an all-zero nonce because the key is random per-message.
+  std::string nonce(aead.NonceLength(), 0);
+
+  std::string plaintext;
+  if (!aead.Open(encrypted_report.encrypted_report(), nonce, "", &plaintext)) {
+    LOG(ERROR) << "Error opening certificate report";
+    return false;
+  }
+
+  return decrypted_report->ParseFromString(plaintext);
+}
+#endif
+
 void CertificateErrorReporter::SendCertLoggerRequest(
     const CertLoggerRequest& request) {
   std::string serialized_request;
   request.SerializeToString(&serialized_request);
+  SendSerializedRequest(serialized_request);
+}
 
+void CertificateErrorReporter::SendSerializedRequest(
+    const std::string& serialized_request) {
   scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);
   url_request->set_method("POST");
 
   scoped_ptr<net::UploadElementReader> reader(
       net::UploadOwnedBytesElementReader::CreateWithString(serialized_request));
   url_request->set_upload(
       net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0));
 
   net::HttpRequestHeaders headers;
   headers.SetHeader(net::HttpRequestHeaders::kContentType,
@@ skipping 24 matching lines @@
 }
 
 void CertificateErrorReporter::RequestComplete(net::URLRequest* request) {
   std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request);
   DCHECK(i != inflight_requests_.end());
   scoped_ptr<net::URLRequest> url_request(*i);
   inflight_requests_.erase(i);
 }
 
 }  // namespace chrome_browser_net