| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/certificate_reporting/error_reporter.h" | 5 #include "components/certificate_reporting/error_reporter.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <set> | 9 #include <set> |
| 10 #include <utility> | 10 #include <utility> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/ptr_util.h" | 13 #include "base/memory/ptr_util.h" |
| 14 #include "components/certificate_reporting/encrypted_cert_logger.pb.h" | 14 #include "components/certificate_reporting/encrypted_cert_logger.pb.h" |
| 15 #include "crypto/aead.h" | 15 #include "crypto/aead.h" |
| 16 #include "crypto/curve25519.h" | |
| 17 #include "crypto/hkdf.h" | 16 #include "crypto/hkdf.h" |
| 18 #include "crypto/random.h" | 17 #include "crypto/random.h" |
| 19 #include "net/url_request/report_sender.h" | 18 #include "net/url_request/report_sender.h" |
| 19 #include "third_party/boringssl/src/include/openssl/curve25519.h" |
| 20 | 20 |
| 21 namespace certificate_reporting { | 21 namespace certificate_reporting { |
| 22 | 22 |
| 23 namespace { | 23 namespace { |
| 24 | 24 |
| 25 // Constants used for crypto. The corresponding private key is used by | 25 // Constants used for crypto. The corresponding private key is used by |
| 26 // the SafeBrowsing client-side detection server to decrypt reports. | 26 // the SafeBrowsing client-side detection server to decrypt reports. |
| 27 static const uint8_t kServerPublicKey[] = { | 27 static const uint8_t kServerPublicKey[] = { |
| 28 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, | 28 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, |
| 29 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, | 29 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, |
| 30 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; | 30 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; |
| 31 static const uint32_t kServerPublicKeyVersion = 1; | 31 static const uint32_t kServerPublicKeyVersion = 1; |
| 32 | 32 |
| 33 static const char kHkdfLabel[] = "certificate report"; | 33 static const char kHkdfLabel[] = "certificate report"; |
| 34 | 34 |
| 35 bool GetHkdfSubkeySecret(size_t subkey_length, | 35 bool GetHkdfSubkeySecret(size_t subkey_length, |
| 36 const uint8_t* private_key, | 36 const uint8_t* private_key, |
| 37 const uint8_t* public_key, | 37 const uint8_t* public_key, |
| 38 std::string* secret) { | 38 std::string* secret) { |
| 39 uint8_t shared_secret[crypto::curve25519::kBytes]; | 39 uint8_t shared_secret[X25519_SHARED_KEY_LEN]; |
| 40 if (!crypto::curve25519::ScalarMult(private_key, public_key, shared_secret)) | 40 if (!X25519(shared_secret, private_key, public_key)) |
| 41 return false; | 41 return false; |
| 42 | 42 |
| 43 // By mistake, the HKDF label here ends up with an extra null byte on | 43 // By mistake, the HKDF label here ends up with an extra null byte on |
| 44 // the end, due to using sizeof(kHkdfLabel) in the StringPiece | 44 // the end, due to using sizeof(kHkdfLabel) in the StringPiece |
| 45 // constructor instead of strlen(kHkdfLabel). Ideally this code should | 45 // constructor instead of strlen(kHkdfLabel). Ideally this code should |
| 46 // be just passing kHkdfLabel directly into the HKDF constructor. | 46 // be just passing kHkdfLabel directly into the HKDF constructor. |
| 47 // | 47 // |
| 48 // TODO(estark): fix this in coordination with the server-side code -- | 48 // TODO(estark): fix this in coordination with the server-side code -- |
| 49 // perhaps by rolling the public key version forward and using the | 49 // perhaps by rolling the public key version forward and using the |
| 50 // version to decide whether to use the extra-null-byte version of the | 50 // version to decide whether to use the extra-null-byte version of the |
| 51 // label. https://crbug.com/517746 | 51 // label. https://crbug.com/517746 |
| 52 crypto::HKDF hkdf(base::StringPiece(reinterpret_cast<char*>(shared_secret), | 52 crypto::HKDF hkdf(base::StringPiece(reinterpret_cast<char*>(shared_secret), |
| 53 sizeof(shared_secret)), | 53 sizeof(shared_secret)), |
| 54 "" /* salt */, | 54 "" /* salt */, |
| 55 base::StringPiece(kHkdfLabel, sizeof(kHkdfLabel)), | 55 base::StringPiece(kHkdfLabel, sizeof(kHkdfLabel)), |
| 56 0 /* key bytes */, 0 /* iv bytes */, subkey_length); | 56 0 /* key bytes */, 0 /* iv bytes */, subkey_length); |
| 57 | 57 |
| 58 *secret = hkdf.subkey_secret().as_string(); | 58 *secret = hkdf.subkey_secret().as_string(); |
| 59 return true; | 59 return true; |
| 60 } | 60 } |
| 61 | 61 |
| 62 bool EncryptSerializedReport(const uint8_t* server_public_key, | 62 bool EncryptSerializedReport(const uint8_t* server_public_key, |
| 63 uint32_t server_public_key_version, | 63 uint32_t server_public_key_version, |
| 64 const std::string& report, | 64 const std::string& report, |
| 65 EncryptedCertLoggerRequest* encrypted_report) { | 65 EncryptedCertLoggerRequest* encrypted_report) { |
| 66 // Generate an ephemeral key pair to generate a shared secret. | 66 // Generate an ephemeral key pair to generate a shared secret. |
| 67 uint8_t public_key[crypto::curve25519::kBytes]; | 67 uint8_t public_key[X25519_PUBLIC_VALUE_LEN]; |
| 68 uint8_t private_key[crypto::curve25519::kScalarBytes]; | 68 uint8_t private_key[X25519_PRIVATE_KEY_LEN]; |
| 69 | 69 |
| 70 crypto::RandBytes(private_key, sizeof(private_key)); | 70 crypto::RandBytes(private_key, sizeof(private_key)); |
| 71 crypto::curve25519::ScalarBaseMult(private_key, public_key); | 71 X25519_public_from_private(public_key, private_key); |
| 72 | 72 |
| 73 crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); | 73 crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); |
| 74 std::string key; | 74 std::string key; |
| 75 if (!GetHkdfSubkeySecret(aead.KeyLength(), private_key, | 75 if (!GetHkdfSubkeySecret(aead.KeyLength(), private_key, |
| 76 reinterpret_cast<const uint8_t*>(server_public_key), | 76 reinterpret_cast<const uint8_t*>(server_public_key), |
| 77 &key)) { | 77 &key)) { |
| 78 LOG(ERROR) << "Error getting subkey secret."; | 78 LOG(ERROR) << "Error getting subkey secret."; |
| 79 return false; | 79 return false; |
| 80 } | 80 } |
| 81 aead.Init(&key); | 81 aead.Init(&key); |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 165 aead.Init(&key); | 165 aead.Init(&key); |
| 166 | 166 |
| 167 // Use an all-zero nonce because the key is random per-message. | 167 // Use an all-zero nonce because the key is random per-message. |
| 168 std::string nonce(aead.NonceLength(), 0); | 168 std::string nonce(aead.NonceLength(), 0); |
| 169 | 169 |
| 170 return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(), | 170 return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(), |
| 171 decrypted_serialized_report); | 171 decrypted_serialized_report); |
| 172 } | 172 } |
| 173 | 173 |
| 174 } // namespace certificate_reporting | 174 } // namespace certificate_reporting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2457153003:
Remove crypto/curve25519.h in favor of BoringSSL's. (Closed)
