| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h" | 5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 143 | 143 |
| 144 CryptoKeyHeaderIterator crypto_key_header_iterator( | 144 CryptoKeyHeaderIterator crypto_key_header_iterator( |
| 145 crypto_key_header->second.begin(), crypto_key_header->second.end()); | 145 crypto_key_header->second.begin(), crypto_key_header->second.end()); |
| 146 if (!crypto_key_header_iterator.GetNext()) { | 146 if (!crypto_key_header_iterator.GetNext()) { |
| 147 DLOG(ERROR) << "Unable to parse the value of the Crypto-Key header"; | 147 DLOG(ERROR) << "Unable to parse the value of the Crypto-Key header"; |
| 148 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, | 148 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, |
| 149 IncomingMessage()); | 149 IncomingMessage()); |
| 150 return; | 150 return; |
| 151 } | 151 } |
| 152 | 152 |
| 153 if (crypto_key_header_iterator.dh().empty()) { | 153 // Ignore values that don't include the "dh" property. When using VAPID, it is |
| 154 // valid for the application server to supply multiple values. |
| 155 while (crypto_key_header_iterator.dh().empty() && |
| 156 crypto_key_header_iterator.GetNext()) {} |
| 157 |
| 158 bool valid_crypto_key_header = false; |
| 159 std::string dh; |
| 160 |
| 161 if (!crypto_key_header_iterator.dh().empty()) { |
| 162 dh = crypto_key_header_iterator.dh(); |
| 163 valid_crypto_key_header = true; |
| 164 |
| 165 // Guard against the "dh" property being included more than once. |
| 166 while (crypto_key_header_iterator.GetNext()) { |
| 167 if (crypto_key_header_iterator.dh().empty()) |
| 168 continue; |
| 169 |
| 170 valid_crypto_key_header = false; |
| 171 break; |
| 172 } |
| 173 } |
| 174 |
| 175 if (!valid_crypto_key_header) { |
| 154 DLOG(ERROR) << "Invalid values supplied in the Crypto-Key header"; | 176 DLOG(ERROR) << "Invalid values supplied in the Crypto-Key header"; |
| 155 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, | 177 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, |
| 156 IncomingMessage()); | 178 IncomingMessage()); |
| 157 return; | 179 return; |
| 158 } | 180 } |
| 159 | 181 |
| 160 // Use |fallback_to_empty_authorized_entity|, since this message might have | 182 // Use |fallback_to_empty_authorized_entity|, since this message might have |
| 161 // been sent to either an InstanceID token or a non-InstanceID registration. | 183 // been sent to either an InstanceID token or a non-InstanceID registration. |
| 162 key_store_->GetKeys(app_id, message.sender_id /* authorized_entity */, | 184 key_store_->GetKeys(app_id, message.sender_id /* authorized_entity */, |
| 163 true /* fallback_to_empty_authorized_entity */, | 185 true /* fallback_to_empty_authorized_entity */, |
| 164 base::Bind(&GCMEncryptionProvider::DecryptMessageWithKey, | 186 base::Bind(&GCMEncryptionProvider::DecryptMessageWithKey, |
| 165 weak_ptr_factory_.GetWeakPtr(), message, | 187 weak_ptr_factory_.GetWeakPtr(), message, |
| 166 callback, encryption_header_iterator.salt(), | 188 callback, encryption_header_iterator.salt(), |
| 167 crypto_key_header_iterator.dh(), | 189 dh, encryption_header_iterator.rs())); |
| 168 encryption_header_iterator.rs())); | |
| 169 } | 190 } |
| 170 | 191 |
| 171 void GCMEncryptionProvider::DidGetEncryptionInfo( | 192 void GCMEncryptionProvider::DidGetEncryptionInfo( |
| 172 const std::string& app_id, | 193 const std::string& app_id, |
| 173 const std::string& authorized_entity, | 194 const std::string& authorized_entity, |
| 174 const EncryptionInfoCallback& callback, | 195 const EncryptionInfoCallback& callback, |
| 175 const KeyPair& pair, | 196 const KeyPair& pair, |
| 176 const std::string& auth_secret) { | 197 const std::string& auth_secret) { |
| 177 if (!pair.IsInitialized()) { | 198 if (!pair.IsInitialized()) { |
| 178 key_store_->CreateKeys( | 199 key_store_->CreateKeys( |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 242 decrypted_message.decrypted = true; | 263 decrypted_message.decrypted = true; |
| 243 | 264 |
| 244 // There must be no data associated with the decrypted message at this point, | 265 // There must be no data associated with the decrypted message at this point, |
| 245 // to make sure that we don't end up in an infinite decryption loop. | 266 // to make sure that we don't end up in an infinite decryption loop. |
| 246 DCHECK_EQ(0u, decrypted_message.data.size()); | 267 DCHECK_EQ(0u, decrypted_message.data.size()); |
| 247 | 268 |
| 248 callback.Run(DECRYPTION_RESULT_DECRYPTED, decrypted_message); | 269 callback.Run(DECRYPTION_RESULT_DECRYPTED, decrypted_message); |
| 249 } | 270 } |
| 250 | 271 |
| 251 } // namespace gcm | 272 } // namespace gcm |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2114703002:
Ignore Crypto-Key header values that do not have "dh" values (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master