OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/certificate_reporting/error_reporter.h" | 5 #include "components/certificate_reporting/error_reporter.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <set> | 8 #include <set> |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "components/certificate_reporting/encrypted_cert_logger.pb.h" | 12 #include "components/certificate_reporting/encrypted_cert_logger.pb.h" |
13 | |
14 #if defined(USE_OPENSSL) | |
15 #include "crypto/aead_openssl.h" | 13 #include "crypto/aead_openssl.h" |
16 #endif | |
17 | |
18 #include "crypto/curve25519.h" | 14 #include "crypto/curve25519.h" |
19 #include "crypto/hkdf.h" | 15 #include "crypto/hkdf.h" |
20 #include "crypto/random.h" | 16 #include "crypto/random.h" |
21 #include "net/url_request/certificate_report_sender.h" | 17 #include "net/url_request/certificate_report_sender.h" |
22 | 18 |
23 namespace certificate_reporting { | 19 namespace certificate_reporting { |
24 | 20 |
25 namespace { | 21 namespace { |
26 | 22 |
27 // Constants used for crypto. The corresponding private key is used by | 23 // Constants used for crypto. The corresponding private key is used by |
28 // the SafeBrowsing client-side detection server to decrypt reports. | 24 // the SafeBrowsing client-side detection server to decrypt reports. |
29 static const uint8_t kServerPublicKey[] = { | 25 static const uint8_t kServerPublicKey[] = { |
30 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, | 26 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, |
31 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, | 27 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, |
32 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; | 28 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; |
33 static const uint32_t kServerPublicKeyVersion = 1; | 29 static const uint32_t kServerPublicKeyVersion = 1; |
34 | 30 |
35 #if defined(USE_OPENSSL) | |
36 | |
37 static const char kHkdfLabel[] = "certificate report"; | 31 static const char kHkdfLabel[] = "certificate report"; |
38 | 32 |
39 bool GetHkdfSubkeySecret(size_t subkey_length, | 33 bool GetHkdfSubkeySecret(size_t subkey_length, |
40 const uint8_t* private_key, | 34 const uint8_t* private_key, |
41 const uint8_t* public_key, | 35 const uint8_t* public_key, |
42 std::string* secret) { | 36 std::string* secret) { |
43 uint8_t shared_secret[crypto::curve25519::kBytes]; | 37 uint8_t shared_secret[crypto::curve25519::kBytes]; |
44 if (!crypto::curve25519::ScalarMult(private_key, public_key, shared_secret)) | 38 if (!crypto::curve25519::ScalarMult(private_key, public_key, shared_secret)) |
45 return false; | 39 return false; |
46 | 40 |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
94 } | 88 } |
95 | 89 |
96 encrypted_report->set_encrypted_report(ciphertext); | 90 encrypted_report->set_encrypted_report(ciphertext); |
97 encrypted_report->set_server_public_key_version(server_public_key_version); | 91 encrypted_report->set_server_public_key_version(server_public_key_version); |
98 encrypted_report->set_client_public_key(reinterpret_cast<char*>(public_key), | 92 encrypted_report->set_client_public_key(reinterpret_cast<char*>(public_key), |
99 sizeof(public_key)); | 93 sizeof(public_key)); |
100 encrypted_report->set_algorithm( | 94 encrypted_report->set_algorithm( |
101 EncryptedCertLoggerRequest::AEAD_ECDH_AES_128_CTR_HMAC_SHA256); | 95 EncryptedCertLoggerRequest::AEAD_ECDH_AES_128_CTR_HMAC_SHA256); |
102 return true; | 96 return true; |
103 } | 97 } |
104 #endif | |
105 | 98 |
106 } // namespace | 99 } // namespace |
107 | 100 |
108 ErrorReporter::ErrorReporter( | 101 ErrorReporter::ErrorReporter( |
109 net::URLRequestContext* request_context, | 102 net::URLRequestContext* request_context, |
110 const GURL& upload_url, | 103 const GURL& upload_url, |
111 net::CertificateReportSender::CookiesPreference cookies_preference) | 104 net::CertificateReportSender::CookiesPreference cookies_preference) |
112 : ErrorReporter(upload_url, | 105 : ErrorReporter(upload_url, |
113 kServerPublicKey, | 106 kServerPublicKey, |
114 kServerPublicKeyVersion, | 107 kServerPublicKeyVersion, |
(...skipping 15 matching lines...) Expand all Loading... |
130 } | 123 } |
131 | 124 |
132 ErrorReporter::~ErrorReporter() {} | 125 ErrorReporter::~ErrorReporter() {} |
133 | 126 |
134 void ErrorReporter::SendExtendedReportingReport( | 127 void ErrorReporter::SendExtendedReportingReport( |
135 const std::string& serialized_report) { | 128 const std::string& serialized_report) { |
136 if (upload_url_.SchemeIsCryptographic()) { | 129 if (upload_url_.SchemeIsCryptographic()) { |
137 certificate_report_sender_->Send(upload_url_, serialized_report); | 130 certificate_report_sender_->Send(upload_url_, serialized_report); |
138 } else { | 131 } else { |
139 DCHECK(IsHttpUploadUrlSupported()); | 132 DCHECK(IsHttpUploadUrlSupported()); |
140 #if defined(USE_OPENSSL) | |
141 EncryptedCertLoggerRequest encrypted_report; | 133 EncryptedCertLoggerRequest encrypted_report; |
142 if (!EncryptSerializedReport(server_public_key_, server_public_key_version_, | 134 if (!EncryptSerializedReport(server_public_key_, server_public_key_version_, |
143 serialized_report, &encrypted_report)) { | 135 serialized_report, &encrypted_report)) { |
144 LOG(ERROR) << "Failed to encrypt serialized report."; | 136 LOG(ERROR) << "Failed to encrypt serialized report."; |
145 return; | 137 return; |
146 } | 138 } |
147 std::string serialized_encrypted_report; | 139 std::string serialized_encrypted_report; |
148 encrypted_report.SerializeToString(&serialized_encrypted_report); | 140 encrypted_report.SerializeToString(&serialized_encrypted_report); |
149 certificate_report_sender_->Send(upload_url_, serialized_encrypted_report); | 141 certificate_report_sender_->Send(upload_url_, serialized_encrypted_report); |
150 #endif | |
151 } | 142 } |
152 } | 143 } |
153 | 144 |
154 bool ErrorReporter::IsHttpUploadUrlSupported() { | 145 bool ErrorReporter::IsHttpUploadUrlSupported() { |
155 #if defined(USE_OPENSSL) | |
156 return true; | 146 return true; |
157 #else | |
158 return false; | |
159 #endif | |
160 } | 147 } |
161 | 148 |
162 // Used only by tests. | 149 // Used only by tests. |
163 #if defined(USE_OPENSSL) | |
164 bool ErrorReporter::DecryptErrorReport( | 150 bool ErrorReporter::DecryptErrorReport( |
165 const uint8_t server_private_key[32], | 151 const uint8_t server_private_key[32], |
166 const EncryptedCertLoggerRequest& encrypted_report, | 152 const EncryptedCertLoggerRequest& encrypted_report, |
167 std::string* decrypted_serialized_report) { | 153 std::string* decrypted_serialized_report) { |
168 crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); | 154 crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); |
169 std::string key; | 155 std::string key; |
170 if (!GetHkdfSubkeySecret(aead.KeyLength(), server_private_key, | 156 if (!GetHkdfSubkeySecret(aead.KeyLength(), server_private_key, |
171 reinterpret_cast<const uint8_t*>( | 157 reinterpret_cast<const uint8_t*>( |
172 encrypted_report.client_public_key().data()), | 158 encrypted_report.client_public_key().data()), |
173 &key)) { | 159 &key)) { |
174 LOG(ERROR) << "Error getting subkey secret."; | 160 LOG(ERROR) << "Error getting subkey secret."; |
175 return false; | 161 return false; |
176 } | 162 } |
177 aead.Init(&key); | 163 aead.Init(&key); |
178 | 164 |
179 // Use an all-zero nonce because the key is random per-message. | 165 // Use an all-zero nonce because the key is random per-message. |
180 std::string nonce(aead.NonceLength(), 0); | 166 std::string nonce(aead.NonceLength(), 0); |
181 | 167 |
182 return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(), | 168 return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(), |
183 decrypted_serialized_report); | 169 decrypted_serialized_report); |
184 } | 170 } |
185 #endif | |
186 | 171 |
187 } // namespace certificate_reporting | 172 } // namespace certificate_reporting |
OLD | NEW |