| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/origin_trials/trial_token.h" | 5 #include "content/common/origin_trials/trial_token.h" |
| 6 | 6 |
| 7 #include <openssl/curve25519.h> | 7 #include <openssl/curve25519.h> |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/big_endian.h" |
| 13 #include "base/json/json_reader.h" |
| 12 #include "base/macros.h" | 14 #include "base/macros.h" |
| 13 #include "base/strings/string_number_conversions.h" | 15 #include "base/memory/ptr_util.h" |
| 14 #include "base/strings/string_split.h" | 16 #include "base/strings/string_piece.h" |
| 15 #include "base/strings/string_util.h" | |
| 16 #include "base/strings/utf_string_conversions.h" | |
| 17 #include "base/time/time.h" | 17 #include "base/time/time.h" |
| 18 #include "base/values.h" |
| 18 #include "url/gurl.h" | 19 #include "url/gurl.h" |
| 19 #include "url/origin.h" | 20 #include "url/origin.h" |
| 20 | 21 |
| 21 namespace content { | 22 namespace content { |
| 22 | 23 |
| 23 namespace { | 24 namespace { |
| 24 | 25 |
| 25 // Version 1 is the only token version currently supported | 26 // Version is a 1-byte field at offset 0. |
| 26 const uint8_t kVersion1 = 1; | 27 const size_t kVersionOffset = 0; |
| 28 const size_t kVersionSize = 1; |
| 27 | 29 |
| 28 const char* kFieldSeparator = "|"; | 30 // These constants define the Version 2 field sizes and offsets. |
| 31 const size_t kSignatureOffset = kVersionOffset + kVersionSize; |
| 32 const size_t kSignatureSize = 64; |
| 33 const size_t kPayloadLengthOffset = kSignatureOffset + kSignatureSize; |
| 34 const size_t kPayloadLengthSize = 4; |
| 35 const size_t kPayloadOffset = kPayloadLengthOffset + kPayloadLengthSize; |
| 36 |
| 37 // Version 2 is the only token version currently supported. Version 1 was |
| 38 // introduced in Chrome M50, and removed in M51. There were no experiments |
| 39 // enabled in the stable M50 release which would have used those tokens. |
| 40 const uint8_t kVersion2 = 2; |
| 29 | 41 |
| 30 } // namespace | 42 } // namespace |
| 31 | 43 |
| 32 TrialToken::~TrialToken() {} | 44 TrialToken::~TrialToken() {} |
| 33 | 45 |
| 34 scoped_ptr<TrialToken> TrialToken::Parse(const std::string& token_text) { | 46 // static |
| 35 if (token_text.empty()) { | 47 std::unique_ptr<TrialToken> TrialToken::From(const std::string& token_text, |
| 48 base::StringPiece public_key) { |
| 49 std::unique_ptr<std::string> token_payload = Extract(token_text, public_key); |
| 50 if (!token_payload) { |
| 51 return nullptr; |
| 52 } |
| 53 return Parse(*token_payload); |
| 54 } |
| 55 |
| 56 bool TrialToken::IsValidForFeature(const url::Origin& origin, |
| 57 base::StringPiece feature_name, |
| 58 const base::Time& now) const { |
| 59 return ValidateOrigin(origin) && ValidateFeatureName(feature_name) && |
| 60 ValidateDate(now); |
| 61 } |
| 62 |
| 63 std::unique_ptr<std::string> TrialToken::Extract( |
| 64 const std::string& token_payload, |
| 65 base::StringPiece public_key) { |
| 66 if (token_payload.empty()) { |
| 36 return nullptr; | 67 return nullptr; |
| 37 } | 68 } |
| 38 | 69 |
| 39 // Extract the version from the token. The version must be the first part of | 70 // Token is base64-encoded; decode first. |
| 40 // the token, separated from the remainder, as: | 71 std::string token_contents; |
| 41 // version|<version-specific contents> | 72 if (!base::Base64Decode(token_payload, &token_contents)) { |
| 42 size_t version_end = token_text.find(kFieldSeparator); | |
| 43 if (version_end == std::string::npos) { | |
| 44 return nullptr; | 73 return nullptr; |
| 45 } | 74 } |
| 46 | 75 |
| 47 std::string version_string = token_text.substr(0, version_end); | 76 // Only version 2 currently supported. |
| 48 unsigned int version = 0; | 77 if (token_contents.length() < (kVersionOffset + kVersionSize)) { |
| 49 if (!base::StringToUint(version_string, &version) || version > UINT8_MAX) { | 78 return nullptr; |
| 79 } |
| 80 uint8_t version = token_contents[kVersionOffset]; |
| 81 if (version != kVersion2) { |
| 50 return nullptr; | 82 return nullptr; |
| 51 } | 83 } |
| 52 | 84 |
| 53 // Only version 1 currently supported | 85 // Token must be large enough to contain a version, signature, and payload |
| 54 if (version != kVersion1) { | 86 // length. |
| 87 if (token_contents.length() < (kPayloadLengthOffset + kPayloadLengthSize)) { |
| 55 return nullptr; | 88 return nullptr; |
| 56 } | 89 } |
| 57 | 90 |
| 58 // Extract the version-specific contents of the token | 91 // Extract the length of the signed data (Big-endian). |
| 59 std::string token_contents = token_text.substr(version_end + 1); | 92 uint32_t payload_length; |
| 93 base::ReadBigEndian(&(token_contents[kPayloadLengthOffset]), &payload_length); |
| 60 | 94 |
| 61 // The contents of a valid version 1 token should resemble: | 95 // Validate that the stated length matches the actual payload length. |
| 62 // signature|origin|feature_name|expiry_timestamp | 96 if (payload_length != token_contents.length() - kPayloadOffset) { |
| 63 std::vector<std::string> parts = | |
| 64 SplitString(token_contents, kFieldSeparator, base::KEEP_WHITESPACE, | |
| 65 base::SPLIT_WANT_ALL); | |
| 66 if (parts.size() != 4) { | |
| 67 return nullptr; | 97 return nullptr; |
| 68 } | 98 } |
| 69 | 99 |
| 70 const std::string& signature = parts[0]; | 100 // Extract the version-specific contents of the token. |
| 71 const std::string& origin_string = parts[1]; | 101 const char* token_bytes = token_contents.data(); |
| 72 const std::string& feature_name = parts[2]; | 102 base::StringPiece version_piece(token_bytes + kVersionOffset, kVersionSize); |
| 73 const std::string& expiry_string = parts[3]; | 103 base::StringPiece signature(token_bytes + kSignatureOffset, kSignatureSize); |
| 104 base::StringPiece payload_piece(token_bytes + kPayloadLengthOffset, |
| 105 kPayloadLengthSize + payload_length); |
| 74 | 106 |
| 75 uint64_t expiry_timestamp; | 107 // The data which is covered by the signature is (version + length + payload). |
| 76 if (!base::StringToUint64(expiry_string, &expiry_timestamp)) { | 108 std::string signed_data = |
| 109 version_piece.as_string() + payload_piece.as_string(); |
| 110 |
| 111 // Validate the signature on the data before proceeding. |
| 112 if (!TrialToken::ValidateSignature(signature, signed_data, public_key)) { |
| 77 return nullptr; | 113 return nullptr; |
| 78 } | 114 } |
| 79 | 115 |
| 80 // Ensure that the origin is a valid (non-unique) origin URL | 116 // Return just the payload, as a new string. |
| 117 return base::WrapUnique( |
| 118 new std::string(token_contents, kPayloadOffset, payload_length)); |
| 119 } |
| 120 |
| 121 std::unique_ptr<TrialToken> TrialToken::Parse(const std::string& token_json) { |
| 122 std::unique_ptr<base::DictionaryValue> datadict = |
| 123 base::DictionaryValue::From(base::JSONReader::Read(token_json)); |
| 124 if (!datadict) { |
| 125 return nullptr; |
| 126 } |
| 127 |
| 128 std::string origin_string; |
| 129 std::string feature_name; |
| 130 int expiry_timestamp = 0; |
| 131 datadict->GetString("origin", &origin_string); |
| 132 datadict->GetString("feature", &feature_name); |
| 133 datadict->GetInteger("expiry", &expiry_timestamp); |
| 134 |
| 135 // Ensure that the origin is a valid (non-unique) origin URL. |
| 81 url::Origin origin = url::Origin(GURL(origin_string)); | 136 url::Origin origin = url::Origin(GURL(origin_string)); |
| 82 if (origin.unique()) { | 137 if (origin.unique()) { |
| 83 return nullptr; | 138 return nullptr; |
| 84 } | 139 } |
| 85 | 140 |
| 86 // Signed data is (origin + "|" + feature_name + "|" + expiry). | 141 // Ensure that the feature name is a valid string. |
| 87 std::string data = token_contents.substr(signature.length() + 1); | 142 if (feature_name.empty()) { |
| 143 return nullptr; |
| 144 } |
| 88 | 145 |
| 89 return make_scoped_ptr(new TrialToken(version, signature, data, origin, | 146 // Ensure that the expiry timestamp is a valid (positive) integer. |
| 90 feature_name, expiry_timestamp)); | 147 if (expiry_timestamp <= 0) { |
| 91 } | 148 return nullptr; |
| 149 } |
| 92 | 150 |
| 93 bool TrialToken::IsAppropriate(const url::Origin& origin, | 151 return base::WrapUnique( |
| 94 base::StringPiece feature_name) const { | 152 new TrialToken(origin, feature_name, expiry_timestamp)); |
| 95 return ValidateOrigin(origin) && ValidateFeatureName(feature_name); | |
| 96 } | |
| 97 | |
| 98 bool TrialToken::IsValid(const base::Time& now, | |
| 99 base::StringPiece public_key) const { | |
| 100 // TODO(iclelland): Allow for multiple signing keys, and iterate over all | |
| 101 // active keys here. https://crbug.com/543220 | |
| 102 return ValidateDate(now) && ValidateSignature(public_key); | |
| 103 } | 153 } |
| 104 | 154 |
| 105 bool TrialToken::ValidateOrigin(const url::Origin& origin) const { | 155 bool TrialToken::ValidateOrigin(const url::Origin& origin) const { |
| 106 return origin == origin_; | 156 return origin == origin_; |
| 107 } | 157 } |
| 108 | 158 |
| 109 bool TrialToken::ValidateFeatureName(base::StringPiece feature_name) const { | 159 bool TrialToken::ValidateFeatureName(base::StringPiece feature_name) const { |
| 110 return feature_name == feature_name_; | 160 return feature_name == feature_name_; |
| 111 } | 161 } |
| 112 | 162 |
| 113 bool TrialToken::ValidateDate(const base::Time& now) const { | 163 bool TrialToken::ValidateDate(const base::Time& now) const { |
| 114 return expiry_time_ > now; | 164 return expiry_time_ > now; |
| 115 } | 165 } |
| 116 | 166 |
| 117 bool TrialToken::ValidateSignature(base::StringPiece public_key) const { | |
| 118 return ValidateSignature(signature_, data_, public_key); | |
| 119 } | |
| 120 | |
| 121 // static | 167 // static |
| 122 bool TrialToken::ValidateSignature(const std::string& signature_text, | 168 bool TrialToken::ValidateSignature(base::StringPiece signature, |
| 123 const std::string& data, | 169 const std::string& data, |
| 124 base::StringPiece public_key) { | 170 base::StringPiece public_key) { |
| 125 // Public key must be 32 bytes long for Ed25519. | 171 // Public key must be 32 bytes long for Ed25519. |
| 126 CHECK_EQ(public_key.length(), 32UL); | 172 CHECK_EQ(public_key.length(), 32UL); |
| 127 | 173 |
| 128 std::string signature; | 174 // Signature must be 64 bytes long. |
| 129 // signature_text is base64-encoded; decode first. | |
| 130 if (!base::Base64Decode(signature_text, &signature)) { | |
| 131 return false; | |
| 132 } | |
| 133 | |
| 134 // Signature must be 64 bytes long | |
| 135 if (signature.length() != 64) { | 175 if (signature.length() != 64) { |
| 136 return false; | 176 return false; |
| 137 } | 177 } |
| 138 | 178 |
| 139 int result = ED25519_verify( | 179 int result = ED25519_verify( |
| 140 reinterpret_cast<const uint8_t*>(data.data()), data.length(), | 180 reinterpret_cast<const uint8_t*>(data.data()), data.length(), |
| 141 reinterpret_cast<const uint8_t*>(signature.data()), | 181 reinterpret_cast<const uint8_t*>(signature.data()), |
| 142 reinterpret_cast<const uint8_t*>(public_key.data())); | 182 reinterpret_cast<const uint8_t*>(public_key.data())); |
| 143 return (result != 0); | 183 return (result != 0); |
| 144 } | 184 } |
| 145 | 185 |
| 146 TrialToken::TrialToken(uint8_t version, | 186 TrialToken::TrialToken(const url::Origin& origin, |
| 147 const std::string& signature, | |
| 148 const std::string& data, | |
| 149 const url::Origin& origin, | |
| 150 const std::string& feature_name, | 187 const std::string& feature_name, |
| 151 uint64_t expiry_timestamp) | 188 uint64_t expiry_timestamp) |
| 152 : version_(version), | 189 : origin_(origin), |
| 153 signature_(signature), | |
| 154 data_(data), | |
| 155 origin_(origin), | |
| 156 feature_name_(feature_name), | 190 feature_name_(feature_name), |
| 157 expiry_time_(base::Time::FromDoubleT(expiry_timestamp)) {} | 191 expiry_time_(base::Time::FromDoubleT(expiry_timestamp)) {} |
| 158 | 192 |
| 159 } // namespace content | 193 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1887223003:
Change origin trial token format (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@2704