Chromium Code Reviews Chromium Code Reviews
Issue 1522813002:
Add public key and signature verification to browser-side API keys (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@keys| Index: content/common/experiments/api_key.cc |
| diff --git a/content/common/experiments/api_key.cc b/content/common/experiments/api_key.cc |
| index 09b607f5a523005feca5332e64728b2801dfb127..9bfd48ced3980bc97371cf613f5aeca49643e64d 100644 |
| --- a/content/common/experiments/api_key.cc |
| +++ b/content/common/experiments/api_key.cc |
| @@ -5,6 +5,7 @@ |
| #include "content/common/experiments/api_key.h" |
| #include <vector> |
| +#include <openssl/curve25519.h> |
| #include "base/base64.h" |
| #include "base/strings/string_number_conversions.h" |
| @@ -18,8 +19,19 @@ namespace content { |
| namespace { |
| +// This is the default public key used for validating signatures. |
| +// TODO(iclelland): Move this to the embedder, and provide a mechanism to allow |
| +// for multiple signing keys. https://crbug.com/543220 |
| +static const uint8_t kPublicKey[] = { |
| + 0x7c, 0xc4, 0xb8, 0x9a, 0x93, 0xba, 0x6e, 0xe2, 0xd0, 0xfd, 0x03, |
| + 0x1d, 0xfb, 0x32, 0x66, 0xc7, 0x3b, 0x72, 0xfd, 0x54, 0x3a, 0x07, |
| + 0x51, 0x14, 0x66, 0xaa, 0x02, 0x53, 0x4e, 0x33, 0xa1, 0x15, |
| +}; |
| +static const size_t kPublicKeyLength = sizeof(kPublicKey); |
| + |
| const char* kApiKeyFieldSeparator = "|"; |
| -} |
| + |
| +} // namespace |
| ApiKey::~ApiKey() {} |
| @@ -30,6 +42,8 @@ scoped_ptr<ApiKey> ApiKey::Parse(const std::string& key_text) { |
| // API Key should resemble: |
| // signature|origin|api_name|expiry_timestamp |
| + // TODO(iclelland): Add version code to API key format to identify key algo |
| + // https://crbug.com/570684 |
| std::vector<std::string> parts = |
| SplitString(key_text, kApiKeyFieldSeparator, base::KEEP_WHITESPACE, |
| base::SPLIT_WANT_ALL); |
| @@ -77,9 +91,7 @@ bool ApiKey::IsAppropriate(const std::string& origin, |
| } |
| bool ApiKey::IsValid(const base::Time& now) const { |
| - // TODO(iclelland): Validate signature on key data here as well. |
| - // https://crbug.com/543215 |
| - return ValidateDate(now); |
| + return ValidateDate(now) && ValidateSignature(kPublicKey, kPublicKeyLength); |
| } |
| bool ApiKey::ValidateOrigin(const std::string& origin) const { |
| @@ -95,4 +107,27 @@ bool ApiKey::ValidateDate(const base::Time& now) const { |
| return expiry_time > now; |
| } |
| +bool ApiKey::ValidateSignature(const uint8_t* public_key, |
| + size_t public_key_length) const { |
| + return ValidateSignature(signature_, data_, public_key, public_key_length); |
| +} |
| + |
| +// static |
| +bool ApiKey::ValidateSignature(const std::string& signature_text, |
| + const std::string& data, |
| + const uint8_t* public_key, |
| + size_t public_key_length) { |
|
chasej
2016/01/11 16:11:25
Remove the public_key_length parameter? I don't s
iclelland
2016/01/11 18:59:40
No, it's a holdover from the previous (RSAPSS) cod
|
| + std::string signature; |
| + // signature is base64-encoded |
| + if (!base::Base64Decode(signature_text, &signature)) { |
| + return false; |
| + } |
| + |
| + // TODO: verify signature length is 64 |
| + int result = ED25519_verify( |
| + reinterpret_cast<const uint8_t*>(data.data()), data.length(), |
| + reinterpret_cast<const uint8_t*>(signature.data()), public_key); |
| + return (result != 0); |
| +} |
| + |
| } // namespace content |
