content/common/experiments/api_key.cc - Issue 1522813002: Add public key and signature verification to browser-side API keys

Side by Side Diff: content/common/experiments/api_key.cc

Issue 1522813002: Add public key and signature verification to browser-side API keys (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@keys

Patch Set: Switch to Ed25519 for signature verification Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/common/experiments/api_key.h"	5 #include "content/common/experiments/api_key.h"

6	6

7 #include <vector>	7 #include <vector>

	8 #include <openssl/curve25519.h>

8	9

9 #include "base/base64.h"	10 #include "base/base64.h"

10 #include "base/strings/string_number_conversions.h"	11 #include "base/strings/string_number_conversions.h"

11 #include "base/strings/string_split.h"	12 #include "base/strings/string_split.h"

12 #include "base/strings/string_util.h"	13 #include "base/strings/string_util.h"

13 #include "base/strings/utf_string_conversions.h"	14 #include "base/strings/utf_string_conversions.h"

14 #include "base/time/time.h"	15 #include "base/time/time.h"

15 #include "url/origin.h"	16 #include "url/origin.h"

16	17

17 namespace content {	18 namespace content {

18	19

19 namespace {	20 namespace {

20	21

	22 // This is the default public key used for validating signatures.

	23 // TODO(iclelland): Move this to the embedder, and provide a mechanism to allow

	24 // for multiple signing keys. https://crbug.com/543220

	25 static const uint8_t kPublicKey[] = {

	26 0x7c, 0xc4, 0xb8, 0x9a, 0x93, 0xba, 0x6e, 0xe2, 0xd0, 0xfd, 0x03,

	27 0x1d, 0xfb, 0x32, 0x66, 0xc7, 0x3b, 0x72, 0xfd, 0x54, 0x3a, 0x07,

	28 0x51, 0x14, 0x66, 0xaa, 0x02, 0x53, 0x4e, 0x33, 0xa1, 0x15,

	29 };

	30 static const size_t kPublicKeyLength = sizeof(kPublicKey);

	31

21 const char* kApiKeyFieldSeparator = "\|";	32 const char* kApiKeyFieldSeparator = "\|";

22 }	33

	34 } // namespace

23	35

24 ApiKey::~ApiKey() {}	36 ApiKey::~ApiKey() {}

25	37

26 scoped_ptr<ApiKey> ApiKey::Parse(const std::string& key_text) {	38 scoped_ptr<ApiKey> ApiKey::Parse(const std::string& key_text) {

27 if (key_text.empty()) {	39 if (key_text.empty()) {

28 return nullptr;	40 return nullptr;

29 }	41 }

30	42

31 // API Key should resemble:	43 // API Key should resemble:

32 // signature\|origin\|api_name\|expiry_timestamp	44 // signature\|origin\|api_name\|expiry_timestamp

	45 // TODO(iclelland): Add version code to API key format to identify key algo

	46 // https://crbug.com/570684

33 std::vector<std::string> parts =	47 std::vector<std::string> parts =

34 SplitString(key_text, kApiKeyFieldSeparator, base::KEEP_WHITESPACE,	48 SplitString(key_text, kApiKeyFieldSeparator, base::KEEP_WHITESPACE,

35 base::SPLIT_WANT_ALL);	49 base::SPLIT_WANT_ALL);

36 if (parts.size() != 4) {	50 if (parts.size() != 4) {

37 return nullptr;	51 return nullptr;

38 }	52 }

39	53

40 const std::string& signature = parts[0];	54 const std::string& signature = parts[0];

41 const std::string& origin_string = parts[1];	55 const std::string& origin_string = parts[1];

42 const std::string& api_name = parts[2];	56 const std::string& api_name = parts[2];

(...skipping 27 matching lines...) Expand all Loading...
70 origin_(origin),	84 origin_(origin),

71 api_name_(api_name),	85 api_name_(api_name),

72 expiry_timestamp_(expiry_timestamp) {}	86 expiry_timestamp_(expiry_timestamp) {}

73	87

74 bool ApiKey::IsAppropriate(const std::string& origin,	88 bool ApiKey::IsAppropriate(const std::string& origin,

75 const std::string& api_name) const {	89 const std::string& api_name) const {

76 return ValidateOrigin(origin) && ValidateApiName(api_name);	90 return ValidateOrigin(origin) && ValidateApiName(api_name);

77 }	91 }

78	92

79 bool ApiKey::IsValid(const base::Time& now) const {	93 bool ApiKey::IsValid(const base::Time& now) const {

80 // TODO(iclelland): Validate signature on key data here as well.	94 return ValidateDate(now) && ValidateSignature(kPublicKey, kPublicKeyLength);

81 // https://crbug.com/543215

82 return ValidateDate(now);

83 }	95 }

84	96

85 bool ApiKey::ValidateOrigin(const std::string& origin) const {	97 bool ApiKey::ValidateOrigin(const std::string& origin) const {

86 return GURL(origin) == origin_;	98 return GURL(origin) == origin_;

87 }	99 }

88	100

89 bool ApiKey::ValidateApiName(const std::string& api_name) const {	101 bool ApiKey::ValidateApiName(const std::string& api_name) const {

90 return base::EqualsCaseInsensitiveASCII(api_name, api_name_);	102 return base::EqualsCaseInsensitiveASCII(api_name, api_name_);

91 }	103 }

92	104

93 bool ApiKey::ValidateDate(const base::Time& now) const {	105 bool ApiKey::ValidateDate(const base::Time& now) const {

94 base::Time expiry_time = base::Time::FromDoubleT((double)expiry_timestamp_);	106 base::Time expiry_time = base::Time::FromDoubleT((double)expiry_timestamp_);

95 return expiry_time > now;	107 return expiry_time > now;

96 }	108 }

97	109

	110 bool ApiKey::ValidateSignature(const uint8_t* public_key,

	111 size_t public_key_length) const {

	112 return ValidateSignature(signature_, data_, public_key, public_key_length);

	113 }

	114

	115 // static

	116 bool ApiKey::ValidateSignature(const std::string& signature_text,

	117 const std::string& data,

	118 const uint8_t* public_key,

	119 size_t public_key_length) {
	chasej 2016/01/11 16:11:25 Remove the public_key_length parameter? I don't s Remove the public_key_length parameter? I don't see it used with the new algorithm for signature validation. That should allow the constant kPublicKeyLength to be removed as well. iclelland 2016/01/11 18:59:40 No, it's a holdover from the previous (RSAPSS) cod Show quoted text On 2016/01/11 16:11:25, chasej wrote: > Remove the public_key_length parameter? I don't see it used with the new > algorithm for signature validation. That should allow the constant > kPublicKeyLength to be removed as well. No, it's a holdover from the previous (RSAPSS) code. Removed.
	120 std::string signature;

	121 // signature is base64-encoded

	122 if (!base::Base64Decode(signature_text, &signature)) {

	123 return false;

	124 }

	125

	126 // TODO: verify signature length is 64

	127 int result = ED25519_verify(

	128 reinterpret_cast<const uint8_t*>(data.data()), data.length(),

	129 reinterpret_cast<const uint8_t*>(signature.data()), public_key);

	130 return (result != 0);

	131 }

	132

98 } // namespace content	133 } // namespace content

OLD	NEW

« no previous file with comments | « content/common/experiments/api_key.h ('k') | content/common/experiments/api_key_unittest.cc » ('j') | content/common/experiments/api_key_unittest.cc » ('J')