| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/certificate_reporting/error_reporter.h" | 5 #include "components/certificate_reporting/error_reporter.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <set> | 8 #include <set> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "components/certificate_reporting/encrypted_cert_logger.pb.h" | 12 #include "components/certificate_reporting/encrypted_cert_logger.pb.h" |
| 13 | |
| 14 #if defined(USE_OPENSSL) | |
| 15 #include "crypto/aead_openssl.h" | 13 #include "crypto/aead_openssl.h" |
| 16 #endif | |
| 17 | |
| 18 #include "crypto/curve25519.h" | 14 #include "crypto/curve25519.h" |
| 19 #include "crypto/hkdf.h" | 15 #include "crypto/hkdf.h" |
| 20 #include "crypto/random.h" | 16 #include "crypto/random.h" |
| 21 #include "net/url_request/certificate_report_sender.h" | 17 #include "net/url_request/certificate_report_sender.h" |
| 22 | 18 |
| 23 namespace certificate_reporting { | 19 namespace certificate_reporting { |
| 24 | 20 |
| 25 namespace { | 21 namespace { |
| 26 | 22 |
| 27 // Constants used for crypto. The corresponding private key is used by | 23 // Constants used for crypto. The corresponding private key is used by |
| 28 // the SafeBrowsing client-side detection server to decrypt reports. | 24 // the SafeBrowsing client-side detection server to decrypt reports. |
| 29 static const uint8_t kServerPublicKey[] = { | 25 static const uint8_t kServerPublicKey[] = { |
| 30 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, | 26 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, |
| 31 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, | 27 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, |
| 32 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; | 28 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; |
| 33 static const uint32_t kServerPublicKeyVersion = 1; | 29 static const uint32_t kServerPublicKeyVersion = 1; |
| 34 | 30 |
| 35 #if defined(USE_OPENSSL) | |
| 36 | |
| 37 static const char kHkdfLabel[] = "certificate report"; | 31 static const char kHkdfLabel[] = "certificate report"; |
| 38 | 32 |
| 39 bool GetHkdfSubkeySecret(size_t subkey_length, | 33 bool GetHkdfSubkeySecret(size_t subkey_length, |
| 40 const uint8_t* private_key, | 34 const uint8_t* private_key, |
| 41 const uint8_t* public_key, | 35 const uint8_t* public_key, |
| 42 std::string* secret) { | 36 std::string* secret) { |
| 43 uint8_t shared_secret[crypto::curve25519::kBytes]; | 37 uint8_t shared_secret[crypto::curve25519::kBytes]; |
| 44 if (!crypto::curve25519::ScalarMult(private_key, public_key, shared_secret)) | 38 if (!crypto::curve25519::ScalarMult(private_key, public_key, shared_secret)) |
| 45 return false; | 39 return false; |
| 46 | 40 |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 94 } | 88 } |
| 95 | 89 |
| 96 encrypted_report->set_encrypted_report(ciphertext); | 90 encrypted_report->set_encrypted_report(ciphertext); |
| 97 encrypted_report->set_server_public_key_version(server_public_key_version); | 91 encrypted_report->set_server_public_key_version(server_public_key_version); |
| 98 encrypted_report->set_client_public_key(reinterpret_cast<char*>(public_key), | 92 encrypted_report->set_client_public_key(reinterpret_cast<char*>(public_key), |
| 99 sizeof(public_key)); | 93 sizeof(public_key)); |
| 100 encrypted_report->set_algorithm( | 94 encrypted_report->set_algorithm( |
| 101 EncryptedCertLoggerRequest::AEAD_ECDH_AES_128_CTR_HMAC_SHA256); | 95 EncryptedCertLoggerRequest::AEAD_ECDH_AES_128_CTR_HMAC_SHA256); |
| 102 return true; | 96 return true; |
| 103 } | 97 } |
| 104 #endif | |
| 105 | 98 |
| 106 } // namespace | 99 } // namespace |
| 107 | 100 |
| 108 ErrorReporter::ErrorReporter( | 101 ErrorReporter::ErrorReporter( |
| 109 net::URLRequestContext* request_context, | 102 net::URLRequestContext* request_context, |
| 110 const GURL& upload_url, | 103 const GURL& upload_url, |
| 111 net::CertificateReportSender::CookiesPreference cookies_preference) | 104 net::CertificateReportSender::CookiesPreference cookies_preference) |
| 112 : ErrorReporter(upload_url, | 105 : ErrorReporter(upload_url, |
| 113 kServerPublicKey, | 106 kServerPublicKey, |
| 114 kServerPublicKeyVersion, | 107 kServerPublicKeyVersion, |
| (...skipping 15 matching lines...) Expand all Loading... |
| 130 } | 123 } |
| 131 | 124 |
| 132 ErrorReporter::~ErrorReporter() {} | 125 ErrorReporter::~ErrorReporter() {} |
| 133 | 126 |
| 134 void ErrorReporter::SendExtendedReportingReport( | 127 void ErrorReporter::SendExtendedReportingReport( |
| 135 const std::string& serialized_report) { | 128 const std::string& serialized_report) { |
| 136 if (upload_url_.SchemeIsCryptographic()) { | 129 if (upload_url_.SchemeIsCryptographic()) { |
| 137 certificate_report_sender_->Send(upload_url_, serialized_report); | 130 certificate_report_sender_->Send(upload_url_, serialized_report); |
| 138 } else { | 131 } else { |
| 139 DCHECK(IsHttpUploadUrlSupported()); | 132 DCHECK(IsHttpUploadUrlSupported()); |
| 140 #if defined(USE_OPENSSL) | |
| 141 EncryptedCertLoggerRequest encrypted_report; | 133 EncryptedCertLoggerRequest encrypted_report; |
| 142 if (!EncryptSerializedReport(server_public_key_, server_public_key_version_, | 134 if (!EncryptSerializedReport(server_public_key_, server_public_key_version_, |
| 143 serialized_report, &encrypted_report)) { | 135 serialized_report, &encrypted_report)) { |
| 144 LOG(ERROR) << "Failed to encrypt serialized report."; | 136 LOG(ERROR) << "Failed to encrypt serialized report."; |
| 145 return; | 137 return; |
| 146 } | 138 } |
| 147 std::string serialized_encrypted_report; | 139 std::string serialized_encrypted_report; |
| 148 encrypted_report.SerializeToString(&serialized_encrypted_report); | 140 encrypted_report.SerializeToString(&serialized_encrypted_report); |
| 149 certificate_report_sender_->Send(upload_url_, serialized_encrypted_report); | 141 certificate_report_sender_->Send(upload_url_, serialized_encrypted_report); |
| 150 #endif | |
| 151 } | 142 } |
| 152 } | 143 } |
| 153 | 144 |
| 154 bool ErrorReporter::IsHttpUploadUrlSupported() { | 145 bool ErrorReporter::IsHttpUploadUrlSupported() { |
| 155 #if defined(USE_OPENSSL) | |
| 156 return true; | 146 return true; |
| 157 #else | |
| 158 return false; | |
| 159 #endif | |
| 160 } | 147 } |
| 161 | 148 |
| 162 // Used only by tests. | 149 // Used only by tests. |
| 163 #if defined(USE_OPENSSL) | |
| 164 bool ErrorReporter::DecryptErrorReport( | 150 bool ErrorReporter::DecryptErrorReport( |
| 165 const uint8_t server_private_key[32], | 151 const uint8_t server_private_key[32], |
| 166 const EncryptedCertLoggerRequest& encrypted_report, | 152 const EncryptedCertLoggerRequest& encrypted_report, |
| 167 std::string* decrypted_serialized_report) { | 153 std::string* decrypted_serialized_report) { |
| 168 crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); | 154 crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); |
| 169 std::string key; | 155 std::string key; |
| 170 if (!GetHkdfSubkeySecret(aead.KeyLength(), server_private_key, | 156 if (!GetHkdfSubkeySecret(aead.KeyLength(), server_private_key, |
| 171 reinterpret_cast<const uint8_t*>( | 157 reinterpret_cast<const uint8_t*>( |
| 172 encrypted_report.client_public_key().data()), | 158 encrypted_report.client_public_key().data()), |
| 173 &key)) { | 159 &key)) { |
| 174 LOG(ERROR) << "Error getting subkey secret."; | 160 LOG(ERROR) << "Error getting subkey secret."; |
| 175 return false; | 161 return false; |
| 176 } | 162 } |
| 177 aead.Init(&key); | 163 aead.Init(&key); |
| 178 | 164 |
| 179 // Use an all-zero nonce because the key is random per-message. | 165 // Use an all-zero nonce because the key is random per-message. |
| 180 std::string nonce(aead.NonceLength(), 0); | 166 std::string nonce(aead.NonceLength(), 0); |
| 181 | 167 |
| 182 return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(), | 168 return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(), |
| 183 decrypted_serialized_report); | 169 decrypted_serialized_report); |
| 184 } | 170 } |
| 185 #endif | |
| 186 | 171 |
| 187 } // namespace certificate_reporting | 172 } // namespace certificate_reporting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master