Chromium Code Reviews Chromium Code Reviews
Issue 2709523008:
[Cast Channel] Add support for nonce challenge to Cast channel authentication. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" | 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/feature_list.h" | 9 #include "base/feature_list.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/macros.h" | 11 #include "base/macros.h" |
| 12 #include "base/memory/ptr_util.h" | |
| 13 #include "base/memory/singleton.h" | |
| 12 #include "base/metrics/histogram_macros.h" | 14 #include "base/metrics/histogram_macros.h" |
| 13 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
| 16 #include "base/strings/string_util.h" | |
| 14 #include "base/strings/stringprintf.h" | 17 #include "base/strings/stringprintf.h" |
| 15 #include "components/cast_certificate/cast_cert_validator.h" | 18 #include "components/cast_certificate/cast_cert_validator.h" |
| 16 #include "components/cast_certificate/cast_crl.h" | 19 #include "components/cast_certificate/cast_crl.h" |
| 20 #include "crypto/random.h" | |
| 17 #include "extensions/browser/api/cast_channel/cast_message_util.h" | 21 #include "extensions/browser/api/cast_channel/cast_message_util.h" |
| 18 #include "extensions/common/api/cast_channel/cast_channel.pb.h" | 22 #include "extensions/common/api/cast_channel/cast_channel.pb.h" |
| 19 #include "net/cert/x509_certificate.h" | 23 #include "net/cert/x509_certificate.h" |
| 20 #include "net/der/parse_values.h" | 24 #include "net/der/parse_values.h" |
| 21 | 25 |
| 22 namespace extensions { | 26 namespace extensions { |
| 23 namespace api { | 27 namespace api { |
| 24 namespace cast_channel { | 28 namespace cast_channel { |
| 25 namespace { | 29 namespace { |
| 26 | 30 |
| 27 const char kParseErrorPrefix[] = "Failed to parse auth message: "; | 31 const char kParseErrorPrefix[] = "Failed to parse auth message: "; |
| 28 | 32 |
| 29 // The maximum number of days a cert can live for. | 33 // The maximum number of days a cert can live for. |
| 30 const int kMaxSelfSignedCertLifetimeInDays = 4; | 34 const int kMaxSelfSignedCertLifetimeInDays = 4; |
| 31 | 35 |
| 36 // The size of the nonce challenge in bytes. | |
| 37 const int kNonceSizeInBytes = 16; | |
| 38 | |
| 39 // The number of hours after which a nonce is regenerated. | |
| 40 long kNonceExpirationTimeInHours = 24; | |
| 41 | |
| 32 // Enforce certificate revocation when enabled. | 42 // Enforce certificate revocation when enabled. |
| 33 // If disabled, any revocation failures are ignored. | 43 // If disabled, any revocation failures are ignored. |
| 34 // | 44 // |
| 35 // This flags only controls the enforcement. Revocation is checked regardless. | 45 // This flags only controls the enforcement. Revocation is checked regardless. |
| 36 // | 46 // |
| 37 // This flag tracks the changes necessary to fully enforce revocation. | 47 // This flag tracks the changes necessary to fully enforce revocation. |
| 38 const base::Feature kEnforceRevocationChecking{ | 48 const base::Feature kEnforceRevocationChecking{ |
| 39 "CastCertificateRevocation", base::FEATURE_DISABLED_BY_DEFAULT}; | 49 "CastCertificateRevocation", base::FEATURE_DISABLED_BY_DEFAULT}; |
| 40 | 50 |
| 51 // Enforce nonce checking when enabled. | |
| 52 // If disabled, the nonce value returned from the device is not checked against | |
| 53 // the one sent to the device. As a result, the nonce can be empty and omitted | |
| 54 // from the signature. This allows backwards compatibility with legacy Cast | |
| 55 // receivers. | |
| 56 | |
| 57 const base::Feature kEnforceNonceChecking{"CastNonceEnforced", | |
| 58 base::FEATURE_DISABLED_BY_DEFAULT}; | |
| 59 | |
| 41 namespace cast_crypto = ::cast_certificate; | 60 namespace cast_crypto = ::cast_certificate; |
| 42 | 61 |
| 43 // Extracts an embedded DeviceAuthMessage payload from an auth challenge reply | 62 // Extracts an embedded DeviceAuthMessage payload from an auth challenge reply |
| 44 // message. | 63 // message. |
| 45 AuthResult ParseAuthMessage(const CastMessage& challenge_reply, | 64 AuthResult ParseAuthMessage(const CastMessage& challenge_reply, |
| 46 DeviceAuthMessage* auth_message) { | 65 DeviceAuthMessage* auth_message) { |
| 47 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) { | 66 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) { |
| 48 return AuthResult::CreateWithParseError( | 67 return AuthResult::CreateWithParseError( |
| 49 "Wrong payload type in challenge reply", | 68 "Wrong payload type in challenge reply", |
| 50 AuthResult::ERROR_WRONG_PAYLOAD_TYPE); | 69 AuthResult::ERROR_WRONG_PAYLOAD_TYPE); |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 68 base::IntToString(auth_message->error().error_type()), | 87 base::IntToString(auth_message->error().error_type()), |
| 69 AuthResult::ERROR_MESSAGE_ERROR); | 88 AuthResult::ERROR_MESSAGE_ERROR); |
| 70 } | 89 } |
| 71 if (!auth_message->has_response()) { | 90 if (!auth_message->has_response()) { |
| 72 return AuthResult::CreateWithParseError( | 91 return AuthResult::CreateWithParseError( |
| 73 "Auth message has no response field", AuthResult::ERROR_NO_RESPONSE); | 92 "Auth message has no response field", AuthResult::ERROR_NO_RESPONSE); |
| 74 } | 93 } |
| 75 return AuthResult(); | 94 return AuthResult(); |
| 76 } | 95 } |
| 77 | 96 |
| 97 class CastNonce { | |
| 98 public: | |
| 99 static CastNonce* GetInstance() { | |
| 100 return base::Singleton<CastNonce, | |
| 101 base::LeakySingletonTraits<CastNonce>>::get(); | |
| 102 } | |
| 103 | |
| 104 static const std::string& Get() { | |
| 105 GetInstance()->EnsureNonceTimely(); | |
| 106 return GetInstance()->nonce_; | |
| 107 } | |
| 108 | |
| 109 private: | |
| 110 friend struct base::DefaultSingletonTraits<CastNonce>; | |
| 111 | |
| 112 CastNonce() { GenerateNonce(); } | |
| 113 void GenerateNonce() { | |
| 114 // Create a cryptographically secure nonce. | |
| 115 crypto::RandBytes(base::WriteInto(&nonce_, kNonceSizeInBytes + 1), | |
| 116 kNonceSizeInBytes); | |
| 117 nonce_generation_time_ = base::Time::Now(); | |
| 118 } | |
| 119 | |
| 120 void EnsureNonceTimely() { | |
| 121 if (base::Time::Now() > | |
| 122 (nonce_generation_time_ + | |
| 123 base::TimeDelta::FromHours(kNonceExpirationTimeInHours))) { | |
| 124 GenerateNonce(); | |
| 125 } | |
| 126 } | |
| 127 | |
| 128 // The nonce challenge to send to the Cast receiver. | |
| 129 // The nonce is updated daily. | |
| 130 std::string nonce_; | |
| 131 base::Time nonce_generation_time_; | |
| 132 }; | |
| 133 | |
| 78 // Must match with histogram enum CastCertificateStatus. | 134 // Must match with histogram enum CastCertificateStatus. |
| 79 // This should never be reordered. | 135 // This should never be reordered. |
| 80 enum CertVerificationStatus { | 136 enum CertVerificationStatus { |
| 81 CERT_STATUS_OK, | 137 CERT_STATUS_OK, |
| 82 CERT_STATUS_INVALID_CRL, | 138 CERT_STATUS_INVALID_CRL, |
| 83 CERT_STATUS_VERIFICATION_FAILED, | 139 CERT_STATUS_VERIFICATION_FAILED, |
| 84 CERT_STATUS_REVOKED, | 140 CERT_STATUS_REVOKED, |
| 85 CERT_STATUS_COUNT, | 141 CERT_STATUS_COUNT, |
| 86 }; | 142 }; |
| 87 | 143 |
| 144 // Must match with histogram enum CastNonce. | |
| 145 // This should never be reordered. | |
| 146 enum NonceVerificationStatus { | |
| 147 NONCE_MATCH, | |
| 148 NONCE_MISMATCH, | |
| 149 NONCE_MISSING, | |
| 150 NONCE_COUNT, | |
| 151 }; | |
| 152 | |
| 88 } // namespace | 153 } // namespace |
| 89 | 154 |
| 90 AuthResult::AuthResult() | 155 AuthResult::AuthResult() |
| 91 : error_type(ERROR_NONE), channel_policies(POLICY_NONE) {} | 156 : error_type(ERROR_NONE), channel_policies(POLICY_NONE) {} |
| 92 | 157 |
| 93 AuthResult::AuthResult(const std::string& error_message, ErrorType error_type) | 158 AuthResult::AuthResult(const std::string& error_message, ErrorType error_type) |
| 94 : error_message(error_message), error_type(error_type) {} | 159 : error_message(error_message), error_type(error_type) {} |
| 95 | 160 |
| 96 AuthResult::~AuthResult() { | 161 AuthResult::~AuthResult() { |
| 97 } | 162 } |
| 98 | 163 |
| 99 // static | 164 // static |
| 100 AuthResult AuthResult::CreateWithParseError(const std::string& error_message, | 165 AuthResult AuthResult::CreateWithParseError(const std::string& error_message, |
| 101 ErrorType error_type) { | 166 ErrorType error_type) { |
| 102 return AuthResult(kParseErrorPrefix + error_message, error_type); | 167 return AuthResult(kParseErrorPrefix + error_message, error_type); |
| 103 } | 168 } |
| 104 | 169 |
| 105 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, | 170 // static |
| 106 const net::X509Certificate& peer_cert) { | 171 AuthContext AuthContext::Create() { |
| 107 DeviceAuthMessage auth_message; | 172 return AuthContext(CastNonce::Get()); |
| 108 AuthResult result = ParseAuthMessage(challenge_reply, &auth_message); | 173 } |
| 109 if (!result.success()) { | 174 |
| 110 return result; | 175 AuthContext::AuthContext(const std::string& nonce) : nonce_(nonce) {} |
| 176 | |
| 177 AuthContext::~AuthContext() {} | |
| 178 | |
| 179 AuthResult AuthContext::VerifySenderNonce( | |
| 180 const std::string& nonce_response) const { | |
| 181 if (nonce_ != nonce_response) { | |
| 182 if (nonce_response.empty()) { | |
| 183 UMA_HISTOGRAM_ENUMERATION("Cast.Channel.Nonce", NONCE_MISSING, | |
| 184 NONCE_COUNT); | |
| 185 } else { | |
| 186 UMA_HISTOGRAM_ENUMERATION("Cast.Channel.Nonce", NONCE_MISMATCH, | |
| 187 NONCE_COUNT); | |
|
Ilya Sherman
2017/03/17 19:45:26
Please use a small wrapper function of the form Re
ryanchung
2017/03/17 20:48:34
Done.
| |
| 188 } | |
| 189 if (base::FeatureList::IsEnabled(kEnforceNonceChecking)) { | |
| 190 return AuthResult("Sender nonce mismatched.", | |
| 191 AuthResult::ERROR_SENDER_NONCE_MISMATCH); | |
| 192 } | |
| 193 } else { | |
| 194 UMA_HISTOGRAM_ENUMERATION("Cast.Channel.Nonce", NONCE_MATCH, NONCE_COUNT); | |
| 111 } | 195 } |
| 196 return AuthResult(); | |
| 197 } | |
| 112 | 198 |
| 199 // Verifies the peer certificate and populates |peer_cert_der| with the DER | |
| 200 // encoded certificate. | |
| 201 AuthResult VerifyTLSCertificate(const net::X509Certificate& peer_cert, | |
| 202 std::string* peer_cert_der, | |
| 203 const base::Time& verification_time) { | |
| 113 // Get the DER-encoded form of the certificate. | 204 // Get the DER-encoded form of the certificate. |
| 114 std::string peer_cert_der; | |
| 115 if (!net::X509Certificate::GetDEREncoded(peer_cert.os_cert_handle(), | 205 if (!net::X509Certificate::GetDEREncoded(peer_cert.os_cert_handle(), |
| 116 &peer_cert_der) || | 206 peer_cert_der) || |
| 117 peer_cert_der.empty()) { | 207 peer_cert_der->empty()) { |
| 118 return AuthResult::CreateWithParseError( | 208 return AuthResult::CreateWithParseError( |
| 119 "Could not create DER-encoded peer cert.", | 209 "Could not create DER-encoded peer cert.", |
| 120 AuthResult::ERROR_CERT_PARSING_FAILED); | 210 AuthResult::ERROR_CERT_PARSING_FAILED); |
| 121 } | 211 } |
| 122 | 212 |
| 123 // Ensure the peer cert is valid and doesn't have an excessive remaining | 213 // Ensure the peer cert is valid and doesn't have an excessive remaining |
| 124 // lifetime. Although it is not verified as an X.509 certificate, the entire | 214 // lifetime. Although it is not verified as an X.509 certificate, the entire |
| 125 // structure is signed by the AuthResponse, so the validity field from X.509 | 215 // structure is signed by the AuthResponse, so the validity field from X.509 |
| 126 // is repurposed as this signature's expiration. | 216 // is repurposed as this signature's expiration. |
| 127 base::Time expiry = peer_cert.valid_expiry(); | 217 base::Time expiry = peer_cert.valid_expiry(); |
| 128 base::Time lifetime_limit = | 218 base::Time lifetime_limit = |
| 129 base::Time::Now() + | 219 verification_time + |
| 130 base::TimeDelta::FromDays(kMaxSelfSignedCertLifetimeInDays); | 220 base::TimeDelta::FromDays(kMaxSelfSignedCertLifetimeInDays); |
| 131 if (peer_cert.valid_start().is_null() || | 221 if (peer_cert.valid_start().is_null() || |
| 132 peer_cert.valid_start() > base::Time::Now()) { | 222 peer_cert.valid_start() > verification_time) { |
| 133 return AuthResult::CreateWithParseError( | 223 return AuthResult::CreateWithParseError( |
| 134 "Certificate's valid start date is in the future.", | 224 "Certificate's valid start date is in the future.", |
| 135 AuthResult::ERROR_TLS_CERT_VALID_START_DATE_IN_FUTURE); | 225 AuthResult::ERROR_TLS_CERT_VALID_START_DATE_IN_FUTURE); |
| 136 } | 226 } |
| 137 if (expiry.is_null() || peer_cert.HasExpired()) { | 227 if (expiry.is_null() || peer_cert.valid_expiry() < verification_time) { |
| 138 return AuthResult::CreateWithParseError("Certificate has expired.", | 228 return AuthResult::CreateWithParseError("Certificate has expired.", |
| 139 AuthResult::ERROR_TLS_CERT_EXPIRED); | 229 AuthResult::ERROR_TLS_CERT_EXPIRED); |
| 140 } | 230 } |
| 141 if (expiry > lifetime_limit) { | 231 if (expiry > lifetime_limit) { |
| 142 return AuthResult::CreateWithParseError( | 232 return AuthResult::CreateWithParseError( |
| 143 "Peer cert lifetime is too long.", | 233 "Peer cert lifetime is too long.", |
| 144 AuthResult::ERROR_TLS_CERT_VALIDITY_PERIOD_TOO_LONG); | 234 AuthResult::ERROR_TLS_CERT_VALIDITY_PERIOD_TOO_LONG); |
| 145 } | 235 } |
| 236 return AuthResult(); | |
| 237 } | |
| 238 | |
| 239 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, | |
| 240 const net::X509Certificate& peer_cert, | |
| 241 const AuthContext& auth_context) { | |
| 242 DeviceAuthMessage auth_message; | |
| 243 AuthResult result = ParseAuthMessage(challenge_reply, &auth_message); | |
| 244 if (!result.success()) { | |
| 245 return result; | |
| 246 } | |
| 247 | |
| 248 std::string peer_cert_der; | |
| 249 result = VerifyTLSCertificate(peer_cert, &peer_cert_der, base::Time::Now()); | |
| 250 if (!result.success()) { | |
| 251 return result; | |
| 252 } | |
| 146 | 253 |
| 147 const AuthResponse& response = auth_message.response(); | 254 const AuthResponse& response = auth_message.response(); |
| 148 return VerifyCredentials(response, peer_cert_der); | 255 const std::string& nonce_response = response.sender_nonce(); |
| 256 | |
| 257 result = auth_context.VerifySenderNonce(nonce_response); | |
| 258 if (!result.success()) { | |
| 259 return result; | |
| 260 } | |
| 261 | |
| 262 return VerifyCredentials(response, nonce_response + peer_cert_der); | |
| 149 } | 263 } |
| 150 | 264 |
| 151 // This function does the following | 265 // This function does the following |
| 152 // | 266 // |
| 153 // * Verifies that the certificate chain |response.client_auth_certificate| + | 267 // * Verifies that the certificate chain |response.client_auth_certificate| + |
| 154 // |response.intermediate_certificate| is valid and chains to a trusted | 268 // |response.intermediate_certificate| is valid and chains to a trusted |
| 155 // Cast root. The list of trusted Cast roots can be overrided by providing a | 269 // Cast root. The list of trusted Cast roots can be overrided by providing a |
| 156 // non-nullptr |cast_trust_store|. The certificate is verified at | 270 // non-nullptr |cast_trust_store|. The certificate is verified at |
| 157 // |verification_time|. | 271 // |verification_time|. |
| 158 // | 272 // |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 272 net::TrustStore* crl_trust_store, | 386 net::TrustStore* crl_trust_store, |
| 273 const base::Time& verification_time) { | 387 const base::Time& verification_time) { |
| 274 return VerifyCredentialsImpl(response, signature_input, crl_policy, | 388 return VerifyCredentialsImpl(response, signature_input, crl_policy, |
| 275 cast_trust_store, crl_trust_store, | 389 cast_trust_store, crl_trust_store, |
| 276 verification_time); | 390 verification_time); |
| 277 } | 391 } |
| 278 | 392 |
| 279 } // namespace cast_channel | 393 } // namespace cast_channel |
| 280 } // namespace api | 394 } // namespace api |
| 281 } // namespace extensions | 395 } // namespace extensions |
| OLD | NEW |
