Chromium Code Reviews Chromium Code Reviews
Issue 2899863002:
Updating D2D protocol to v1 to support separate sequence numbers. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cryptauth/device_to_device_responder_operations.h" | 5 #include "components/cryptauth/device_to_device_responder_operations.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "components/cryptauth/proto/cryptauth_api.pb.h" | 9 #include "components/cryptauth/proto/cryptauth_api.pb.h" |
| 10 #include "components/cryptauth/proto/securemessage.pb.h" | 10 #include "components/cryptauth/proto/securemessage.pb.h" |
| 11 #include "components/cryptauth/secure_message_delegate.h" | 11 #include "components/cryptauth/secure_message_delegate.h" |
| 12 #include "components/cryptauth/session_keys.h" | |
| 12 #include "components/proximity_auth/logging/logging.h" | 13 #include "components/proximity_auth/logging/logging.h" |
| 13 | 14 |
| 14 namespace cryptauth { | 15 namespace cryptauth { |
| 15 | 16 |
| 16 namespace { | 17 namespace { |
| 17 | 18 |
| 18 // TODO(tengs): Due to a bug with the ChromeOS secure message daemon, we cannot | 19 // TODO(tengs): Due to a bug with the ChromeOS secure message daemon, we cannot |
| 19 // create SecureMessages with empty payloads. To workaround this bug, this value | 20 // create SecureMessages with empty payloads. To workaround this bug, this value |
| 20 // is put into the payload if it would otherwise be empty. | 21 // is put into the payload if it would otherwise be empty. |
| 21 // See crbug.com/512894. | 22 // See crbug.com/512894. |
| 22 const char kPayloadFiller[] = "\xae"; | 23 const char kPayloadFiller[] = "\xae"; |
| 23 | 24 |
| 24 // The version to put in the GcmMetadata field. | 25 // The version to put in the GcmMetadata field. |
| 25 const int kGcmMetadataVersion = 1; | 26 const int kGcmMetadataVersion = 1; |
| 26 | 27 |
| 28 // The D2D protocol version. | |
| 29 const int kD2DProtocolVersion = 1; | |
| 30 | |
| 27 // Callback for DeviceToDeviceResponderOperations::ValidateHelloMessage(), | 31 // Callback for DeviceToDeviceResponderOperations::ValidateHelloMessage(), |
| 28 // after the [Hello] message is unwrapped. | 32 // after the [Hello] message is unwrapped. |
| 29 void OnHelloMessageUnwrapped( | 33 void OnHelloMessageUnwrapped( |
| 30 const DeviceToDeviceResponderOperations::ValidateHelloCallback& callback, | 34 const DeviceToDeviceResponderOperations::ValidateHelloCallback& callback, |
| 31 bool verified, | 35 bool verified, |
| 32 const std::string& payload, | 36 const std::string& payload, |
| 33 const securemessage::Header& header) { | 37 const securemessage::Header& header) { |
| 34 securemessage::InitiatorHello initiator_hello; | 38 securemessage::InitiatorHello initiator_hello; |
| 35 if (!verified || !initiator_hello.ParseFromString(header.public_metadata())) { | 39 if (!verified || !initiator_hello.ParseFromString(header.public_metadata()) || |
| 40 initiator_hello.protocol_version() != kD2DProtocolVersion) { | |
| 36 callback.Run(false, std::string()); | 41 callback.Run(false, std::string()); |
| 37 return; | 42 return; |
| 38 } | 43 } |
| 39 | 44 |
| 40 callback.Run(true, initiator_hello.public_dh_key().SerializeAsString()); | 45 callback.Run(true, initiator_hello.public_dh_key().SerializeAsString()); |
| 41 } | 46 } |
| 42 | 47 |
| 43 // Helper struct containing all the context needed to create the [Responder | 48 // Helper struct containing all the context needed to create the [Responder |
| 44 // Auth] message. | 49 // Auth] message. |
| 45 struct CreateResponderAuthMessageContext { | 50 struct CreateResponderAuthMessageContext { |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 154 | 159 |
| 155 // Store the responder's session public key in plaintext in the header. | 160 // Store the responder's session public key in plaintext in the header. |
| 156 securemessage::ResponderHello responder_hello; | 161 securemessage::ResponderHello responder_hello; |
| 157 if (!responder_hello.mutable_public_dh_key()->ParseFromString( | 162 if (!responder_hello.mutable_public_dh_key()->ParseFromString( |
| 158 context.session_public_key)) { | 163 context.session_public_key)) { |
| 159 PA_LOG(ERROR) << "Error parsing public key while creating [Responder Auth]"; | 164 PA_LOG(ERROR) << "Error parsing public key while creating [Responder Auth]"; |
| 160 PA_LOG(ERROR) << context.session_public_key; | 165 PA_LOG(ERROR) << context.session_public_key; |
| 161 context.callback.Run(std::string()); | 166 context.callback.Run(std::string()); |
| 162 return; | 167 return; |
| 163 } | 168 } |
| 169 responder_hello.set_protocol_version(kD2DProtocolVersion); | |
| 164 | 170 |
| 165 // Create the outer most message, wrapping the other messages created | 171 // Create the outer most message, wrapping the other messages created |
| 166 // previously. | 172 // previously. |
| 167 securemessage::DeviceToDeviceMessage device_to_device_message; | 173 securemessage::DeviceToDeviceMessage device_to_device_message; |
| 168 device_to_device_message.set_message(context.middle_message); | 174 device_to_device_message.set_message(context.middle_message); |
| 169 device_to_device_message.set_sequence_number(1); | 175 device_to_device_message.set_sequence_number(1); |
| 170 | 176 |
| 171 SecureMessageDelegate::CreateOptions create_options; | 177 SecureMessageDelegate::CreateOptions create_options; |
| 172 create_options.encryption_scheme = securemessage::AES_256_CBC; | 178 create_options.encryption_scheme = securemessage::AES_256_CBC; |
| 173 create_options.signature_scheme = securemessage::HMAC_SHA256; | 179 create_options.signature_scheme = securemessage::HMAC_SHA256; |
| 174 create_options.public_metadata = gcm_metadata.SerializeAsString(); | 180 create_options.public_metadata = gcm_metadata.SerializeAsString(); |
| 175 responder_hello.SerializeToString(&create_options.decryption_key_id); | 181 responder_hello.SerializeToString(&create_options.decryption_key_id); |
| 176 | 182 |
| 177 context.secure_message_delegate->CreateSecureMessage( | 183 context.secure_message_delegate->CreateSecureMessage( |
| 178 device_to_device_message.SerializeAsString(), session_symmetric_key, | 184 device_to_device_message.SerializeAsString(), |
| 179 create_options, context.callback); | 185 SessionKeys(session_symmetric_key).responder_encode_key(), create_options, |
| 186 context.callback); | |
| 180 } | 187 } |
| 181 | 188 |
| 182 // Helper struct containing all the context needed to validate the [Initiator | 189 // Helper struct containing all the context needed to validate the [Initiator |
| 183 // Auth] message. | 190 // Auth] message. |
| 184 struct ValidateInitiatorAuthMessageContext { | 191 struct ValidateInitiatorAuthMessageContext { |
| 185 std::string persistent_symmetric_key; | 192 std::string persistent_symmetric_key; |
| 186 std::string responder_auth_message; | 193 std::string responder_auth_message; |
| 187 SecureMessageDelegate* secure_message_delegate; | 194 SecureMessageDelegate* secure_message_delegate; |
| 188 DeviceToDeviceResponderOperations::ValidationCallback callback; | 195 DeviceToDeviceResponderOperations::ValidationCallback callback; |
| 189 }; | 196 }; |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 207 const securemessage::Header& header) { | 214 const securemessage::Header& header) { |
| 208 if (!verified) { | 215 if (!verified) { |
| 209 PA_LOG(INFO) << "Failed to verify outer [Initiator Auth] message"; | 216 PA_LOG(INFO) << "Failed to verify outer [Initiator Auth] message"; |
| 210 context.callback.Run(false); | 217 context.callback.Run(false); |
| 211 return; | 218 return; |
| 212 } | 219 } |
| 213 | 220 |
| 214 // Parse the decrypted payload. | 221 // Parse the decrypted payload. |
| 215 securemessage::DeviceToDeviceMessage device_to_device_message; | 222 securemessage::DeviceToDeviceMessage device_to_device_message; |
| 216 if (!device_to_device_message.ParseFromString(payload) || | 223 if (!device_to_device_message.ParseFromString(payload) || |
| 217 device_to_device_message.sequence_number() != 2) { | 224 device_to_device_message.sequence_number() != 1) { |
| 218 PA_LOG(INFO) << "Failed to validate DeviceToDeviceMessage payload."; | 225 PA_LOG(INFO) << "Failed to validate DeviceToDeviceMessage payload."; |
| 219 context.callback.Run(false); | 226 context.callback.Run(false); |
| 220 return; | 227 return; |
| 221 } | 228 } |
| 222 | 229 |
| 223 // Unwrap the inner message of [Initiator Auth]. | 230 // Unwrap the inner message of [Initiator Auth]. |
| 224 SecureMessageDelegate::UnwrapOptions unwrap_options; | 231 SecureMessageDelegate::UnwrapOptions unwrap_options; |
| 225 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; | 232 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; |
| 226 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; | 233 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; |
| 227 unwrap_options.associated_data = context.responder_auth_message; | 234 unwrap_options.associated_data = context.responder_auth_message; |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 290 // To create the [Responder Auth] message, we need to first parse the | 297 // To create the [Responder Auth] message, we need to first parse the |
| 291 // initiator's [Hello] message and extract the initiator's session public key. | 298 // initiator's [Hello] message and extract the initiator's session public key. |
| 292 DeviceToDeviceResponderOperations::ValidateHelloMessage( | 299 DeviceToDeviceResponderOperations::ValidateHelloMessage( |
| 293 hello_message, persistent_symmetric_key, secure_message_delegate, | 300 hello_message, persistent_symmetric_key, secure_message_delegate, |
| 294 base::Bind(&OnHelloMessageValidatedForResponderAuth, context)); | 301 base::Bind(&OnHelloMessageValidatedForResponderAuth, context)); |
| 295 } | 302 } |
| 296 | 303 |
| 297 // static | 304 // static |
| 298 void DeviceToDeviceResponderOperations::ValidateInitiatorAuthMessage( | 305 void DeviceToDeviceResponderOperations::ValidateInitiatorAuthMessage( |
| 299 const std::string& initiator_auth_message, | 306 const std::string& initiator_auth_message, |
| 300 const std::string& session_symmetric_key, | 307 SessionKeys* session_keys, |
|
Tim Song
2017/05/22 23:18:24
You should be able to use "const SessionKey&" inst
sacomoto
2017/05/23 09:50:14
Done.
| |
| 301 const std::string& persistent_symmetric_key, | 308 const std::string& persistent_symmetric_key, |
| 302 const std::string& responder_auth_message, | 309 const std::string& responder_auth_message, |
| 303 SecureMessageDelegate* secure_message_delegate, | 310 SecureMessageDelegate* secure_message_delegate, |
| 304 const ValidationCallback& callback) { | 311 const ValidationCallback& callback) { |
| 305 // The [Initiator Auth] message has the structure: | 312 // The [Initiator Auth] message has the structure: |
| 306 // { | 313 // { |
| 307 // header: Sig(payload1, session_symmetric_key) | 314 // header: Sig(payload1, session_symmetric_key) |
| 308 // payload1: Enc({ | 315 // payload1: Enc({ |
| 309 // sequence_number: 2, | 316 // sequence_number: 2, |
| 310 // body: { | 317 // body: { |
| 311 // header: Sig(payload2 + responder_auth_message, | 318 // header: Sig(payload2 + responder_auth_message, |
| 312 // persistent_symmetric_key) | 319 // persistent_symmetric_key) |
| 313 // payload2: "" | 320 // payload2: "" |
| 314 // } | 321 // } |
| 315 // }, session_symmetric_key) | 322 // }, session_symmetric_key) |
| 316 // } | 323 // } |
| 317 ValidateInitiatorAuthMessageContext context = { | 324 ValidateInitiatorAuthMessageContext context = { |
| 318 persistent_symmetric_key, responder_auth_message, secure_message_delegate, | 325 persistent_symmetric_key, responder_auth_message, secure_message_delegate, |
| 319 callback}; | 326 callback}; |
| 320 | 327 |
| 321 SecureMessageDelegate::UnwrapOptions unwrap_options; | 328 SecureMessageDelegate::UnwrapOptions unwrap_options; |
| 322 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; | 329 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; |
| 323 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; | 330 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; |
| 324 secure_message_delegate->UnwrapSecureMessage( | 331 secure_message_delegate->UnwrapSecureMessage( |
| 325 initiator_auth_message, session_symmetric_key, unwrap_options, | 332 initiator_auth_message, session_keys->initiator_encode_key(), |
| 333 unwrap_options, | |
| 326 base::Bind(&OnOuterMessageUnwrappedForInitiatorAuth, context)); | 334 base::Bind(&OnOuterMessageUnwrappedForInitiatorAuth, context)); |
| 327 } | 335 } |
| 328 | 336 |
| 329 } // cryptauth | 337 } // cryptauth |
| OLD | NEW |
