Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(72)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/host/gnubby_util.cc

Issue 205493005: Do minimal processing of gnubby data. Add request timeouts and send error (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Address review comments Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « remoting/host/gnubby_util.h ('k') | remoting/host/gnubby_util_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "remoting/host/gnubby_util.h"
6
7 #include <algorithm>
8 #include <vector>
9
10 #include "base/base64.h"
11 #include "base/json/json_reader.h"
12 #include "base/json/json_writer.h"
13 #include "base/logging.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/values.h"
16 #include "remoting/base/logging.h"
17
18 namespace remoting {
19
20 namespace {
21
22 // Failure code to use when the code from the webapp response isn't available.
23 const int kGnubbyResponseFail = 1;
24
25 const int kSsh2AgentcGnubbySignRequest = 101; // 0x65
26 const int kSsh2AgentcGnubbySignResponse = 102; // 0x66
27
28 const char kAppIdHash[] = "appIdHash";
29 const char kChallengeHash[] = "challengeHash";
30 const char kCode[] = "code";
31 const char kKeyHandle[] = "keyHandle";
32 const char kResponseData[] = "responseData";
33 const char kSignData[] = "signData";
34 const char kSignReply[] = "sign_helper_reply";
35 const char kSignRequest[] = "sign_helper_request";
36 const char kSignatureData[] = "signatureData";
37 const char kTimeout[] = "timeout";
38 const char kType[] = "type";
39 const char kVersion[] = "version";
40
41 void WebSafeBase64Encode(const std::string& data, std::string* encoded_data) {
42 base::Base64Encode(data, encoded_data);
43
44 std::replace(encoded_data->begin(), encoded_data->end(), '+', '-');
45 std::replace(encoded_data->begin(), encoded_data->end(), '/', '_');
46 encoded_data->erase(
47 std::remove(encoded_data->begin(), encoded_data->end(), '='),
48 encoded_data->end());
49 }
50
51 void WebSafeBase64Decode(const std::string& encoded_data, std::string* data) {
52 std::string temp(encoded_data);
53 std::replace(temp.begin(), temp.end(), '-', '+');
54 std::replace(temp.begin(), temp.end(), '_', '/');
55
56 int num_equals = temp.length() % 3;
57 temp.append(num_equals, '=');
58
59 base::Base64Decode(temp, data);
60 }
61
62 bool DecodeDataFromDictionary(const base::DictionaryValue& dictionary,
63 const std::string& path,
64 std::string* data) {
65 std::string encoded_data;
66 bool result = dictionary.GetString(path, &encoded_data);
67 if (result) {
68 WebSafeBase64Decode(encoded_data, data);
69 } else {
70 LOG(ERROR) << "Failed to get dictionary value " << path;
71 data->erase();
72 }
73 return result;
74 }
75
76 // Class to read gnubby blob data.
77 class BlobReader {
78 public:
79 // Create a blob with the given data. Does not take ownership of the memory.
80 BlobReader(const uint8_t* data, size_t data_len);
81 virtual ~BlobReader();
82
83 // Read a byte from the blob. Returns true on success.
84 bool ReadByte(uint8_t* value);
85
86 // Read a four byte size from the blob. Returns true on success.
87 bool ReadSize(size_t* value);
88
89 // Read a size-prefixed blob. Returns true on success.
90 bool ReadBlobReader(scoped_ptr<BlobReader>* value);
91
92 // Read a size-prefixed string from the blob. Returns true on success.
93 bool ReadString(std::string* value);
94
95 private:
96 // The blob data.
97 const uint8_t* data_;
98
99 // The length of the blob data.
100 size_t data_len_;
101
102 // The current read index.
103 size_t index_;
104
105 DISALLOW_COPY_AND_ASSIGN(BlobReader);
106 };
107
108 // Class to write gnubby blob data.
109 class BlobWriter {
110 public:
111 BlobWriter();
112 virtual ~BlobWriter();
113
114 // Write a byte to the blob.
115 void WriteByte(uint8_t value);
116
117 // Write a four byte size to the blob.
118 void WriteSize(size_t value);
119
120 // Write a size-prefixed blob to the blob.
121 void WriteBlobWriter(const BlobWriter& value);
122
123 // Write a size-prefixed string to the blob.
124 void WriteString(const std::string& value);
125
126 // Returns the blob data.
127 std::string GetData() const;
128
129 private:
130 // The blob data.
131 std::vector<uint8_t> data_;
132
133 DISALLOW_COPY_AND_ASSIGN(BlobWriter);
134 };
135
136 BlobReader::BlobReader(const uint8_t* data, size_t data_len)
137 : data_(data), data_len_(data_len), index_(0) {}
138
139 BlobReader::~BlobReader() {}
140
141 bool BlobReader::ReadByte(uint8_t* value) {
142 if (data_len_ < index_) {
143 *value = 0;
144 return false;
145 }
146 *value = data_[index_++];
147 return true;
148 }
149
150 bool BlobReader::ReadSize(size_t* value) {
151 if (data_len_ < (index_ + 4)) {
152 *value = 0;
153 return false;
154 }
155 *value = ((data_[index_] & 255) << 24) + ((data_[index_ + 1] & 255) << 16) +
156 ((data_[index_ + 2] & 255) << 8) + (data_[index_ + 3] & 255);
157 index_ += 4;
158 return true;
159 }
160
161 bool BlobReader::ReadBlobReader(scoped_ptr<BlobReader>* value) {
162 size_t blob_size;
163 if (!ReadSize(&blob_size) || data_len_ < (index_ + blob_size)) {
164 value->reset();
165 return 0;
166 }
167 value->reset(new BlobReader(data_ + index_, blob_size));
168 index_ += blob_size;
169 return true;
170 }
171
172 bool BlobReader::ReadString(std::string* value) {
173 size_t length;
174 if (!ReadSize(&length) || data_len_ < (index_ + length)) {
175 value->erase();
176 return 0;
177 }
178 value->assign(reinterpret_cast<const char*>(data_ + index_), length);
179 index_ += length;
180 return true;
181 }
182
183 BlobWriter::BlobWriter() {}
184
185 BlobWriter::~BlobWriter() {}
186
187 void BlobWriter::WriteByte(uint8_t value) { data_.push_back(value); }
188
189 void BlobWriter::WriteSize(size_t value) {
190 data_.push_back((value & 0xff000000) >> 24);
191 data_.push_back((value & 0xff0000) >> 16);
192 data_.push_back((value & 0xff00) >> 8);
193 data_.push_back(value & 0xff);
194 }
195
196 void BlobWriter::WriteBlobWriter(const BlobWriter& value) {
197 WriteString(value.GetData());
198 }
199
200 void BlobWriter::WriteString(const std::string& value) {
201 WriteSize(value.length());
202 data_.insert(data_.end(), value.begin(), value.end());
203 }
204
205 std::string BlobWriter::GetData() const {
206 return std::string(reinterpret_cast<const char*>(data_.data()), data_.size());
207 }
208
209 } // namespace
210
211 bool GetJsonFromGnubbyRequest(const char* data,
212 int data_len,
213 std::string* json) {
214 json->empty();
215
216 BlobReader ssh_request(reinterpret_cast<const uint8_t*>(data), data_len);
217 scoped_ptr<BlobReader> blob;
218 if (!ssh_request.ReadBlobReader(&blob))
219 return false;
220
221 uint8_t cmd = 0;
222 uint8_t timeout = 0;
223 size_t request_count = 0;
224 bool result = blob->ReadByte(&cmd);
225 result = result && blob->ReadByte(&timeout);
226 result = result && blob->ReadSize(&request_count);
227 if (!result || cmd != kSsh2AgentcGnubbySignRequest)
228 return false;
229
230 base::DictionaryValue request;
231 request.SetString(kType, kSignRequest);
232 request.SetInteger(kTimeout, timeout);
233
234 base::ListValue* sign_requests = new base::ListValue();
235 request.Set(kSignData, sign_requests);
236
237 for (unsigned int i = 0; i < request_count; ++i) {
238 scoped_ptr<BlobReader> sign_request;
239 std::string version;
240 std::string challenge_hash;
241 std::string origin_hash;
242 std::string key_handle;
243
244 if (!(blob->ReadBlobReader(&sign_request) &&
245 sign_request->ReadString(&version) &&
246 sign_request->ReadString(&challenge_hash) &&
247 sign_request->ReadString(&origin_hash) &&
248 sign_request->ReadString(&key_handle)))
249 return false;
250
251 std::string encoded_origin_hash;
252 std::string encoded_challenge_hash;
253 std::string encoded_key_handle;
254
255 WebSafeBase64Encode(origin_hash, &encoded_origin_hash);
256 WebSafeBase64Encode(challenge_hash, &encoded_challenge_hash);
257 WebSafeBase64Encode(key_handle, &encoded_key_handle);
258
259 base::DictionaryValue* request = new base::DictionaryValue();
260 request->SetString(kAppIdHash, encoded_origin_hash);
261 request->SetString(kChallengeHash, encoded_challenge_hash);
262 request->SetString(kKeyHandle, encoded_key_handle);
263 request->SetString(kVersion, version);
264 sign_requests->Append(request);
265 }
266
267 base::JSONWriter::Write(&request, json);
268 return true;
269 }
270
271 void GetGnubbyResponseFromJson(const std::string& json, std::string* data) {
272 data->erase();
273
274 scoped_ptr<base::Value> json_value(base::JSONReader::Read(json));
275 base::DictionaryValue* reply;
276 if (json_value && json_value->GetAsDictionary(&reply)) {
277 BlobWriter response;
278 response.WriteByte(kSsh2AgentcGnubbySignResponse);
279
280 int code;
281 if (reply->GetInteger(kCode, &code) && code == 0) {
282 response.WriteSize(code);
283
284 std::string type;
285 if (!(reply->GetString(kType, &type) && type == kSignReply)) {
286 LOG(ERROR) << "Invalid type";
287 return;
288 }
289
290 base::DictionaryValue* reply_data;
291 if (!reply->GetDictionary(kResponseData, &reply_data)) {
292 LOG(ERROR) << "Invalid response data";
293 return;
294 }
295
296 BlobWriter tmp;
297 std::string version;
298 if (reply_data->GetString(kVersion, &version)) {
299 tmp.WriteString(version);
300 } else {
301 tmp.WriteSize(0);
302 }
303
304 std::string challenge_hash;
305 if (!DecodeDataFromDictionary(
306 *reply_data, kChallengeHash, &challenge_hash)) {
307 LOG(ERROR) << "Invalid challenge hash";
308 return;
309 }
310 tmp.WriteString(challenge_hash);
311
312 std::string app_id_hash;
313 if (!DecodeDataFromDictionary(*reply_data, kAppIdHash, &app_id_hash)) {
314 LOG(ERROR) << "Invalid app id hash";
315 return;
316 }
317 tmp.WriteString(app_id_hash);
318
319 std::string key_handle;
320 if (!DecodeDataFromDictionary(*reply_data, kKeyHandle, &key_handle)) {
321 LOG(ERROR) << "Invalid key handle";
322 return;
323 }
324 tmp.WriteString(key_handle);
325
326 std::string signature_data;
327 if (!DecodeDataFromDictionary(
328 *reply_data, kSignatureData, &signature_data)) {
329 LOG(ERROR) << "Invalid signature data";
330 return;
331 }
332 tmp.WriteString(signature_data);
333
334 response.WriteBlobWriter(tmp);
335 } else {
336 response.WriteSize(kGnubbyResponseFail);
337 }
338
339 BlobWriter ssh_response;
340 ssh_response.WriteBlobWriter(response);
341 data->assign(ssh_response.GetData());
342 } else {
343 LOG(ERROR) << "Could not parse json: " << json;
344 }
345 }
346
347 } // namespace remoting
OLDNEW
« no previous file with comments | « remoting/host/gnubby_util.h ('k') | remoting/host/gnubby_util_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698