components/cryptauth/device_to_device_secure_context.cc - Issue 2899863002: Updating D2D protocol to v1 to support separate sequence numbers.

Side by Side Diff: components/cryptauth/device_to_device_secure_context.cc

Issue 2899863002: Updating D2D protocol to v1 to support separate sequence numbers. (Closed)

Patch Set: Fixing tests Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« components/cryptauth/device_to_device_responder_operations.cc ('K') | « components/cryptauth/device_to_device_secure_context.h ('k') | components/cryptauth/device_to_device_secure_context_unittest.cc » ('j') | components/cryptauth/session_keys.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/cryptauth/device_to_device_secure_context.h"	5 #include "components/cryptauth/device_to_device_secure_context.h"

6	6

7 #include <utility>	7 #include <utility>

8	8

9 #include "base/bind.h"	9 #include "base/bind.h"

10 #include "base/callback.h"	10 #include "base/callback.h"

11 #include "components/cryptauth/proto/cryptauth_api.pb.h"	11 #include "components/cryptauth/proto/cryptauth_api.pb.h"

12 #include "components/cryptauth/proto/securemessage.pb.h"	12 #include "components/cryptauth/proto/securemessage.pb.h"

13 #include "components/cryptauth/secure_message_delegate.h"	13 #include "components/cryptauth/secure_message_delegate.h"

	14 #include "components/cryptauth/session_keys.h"

14 #include "components/proximity_auth/logging/logging.h"	15 #include "components/proximity_auth/logging/logging.h"

15	16

16 namespace cryptauth {	17 namespace cryptauth {

17	18

18 namespace {	19 namespace {

19	20

20 // The version to put in the GcmMetadata field.	21 // The version to put in the GcmMetadata field.

21 const int kGcmMetadataVersion = 1;	22 const int kGcmMetadataVersion = 1;

22	23

23 // The sequence number of the last message used during authentication. These	24 // The sequence number of the last message sent during authentication. These

24 // messages are sent and received before the SecureContext is created.	25 // messages are sent and received before the SecureContext is created.

25 const int kAuthenticationSequenceNumber = 2;	26 const int kAuthenticationEncodeSequenceNumber = 1;

	27

	28 // The sequence number of the last message received during authentication. These

	29 // messages are sent and received before the SecureContext is created.

	30 const int kAuthenticationDecodeSequenceNumber = 1;

26	31

27 } // namespace	32 } // namespace

28	33

29 DeviceToDeviceSecureContext::DeviceToDeviceSecureContext(	34 DeviceToDeviceSecureContext::DeviceToDeviceSecureContext(

30 std::unique_ptr<SecureMessageDelegate> secure_message_delegate,	35 std::unique_ptr<SecureMessageDelegate> secure_message_delegate,

31 const std::string& symmetric_key,	36 std::unique_ptr<SessionKeys> session_keys,

32 const std::string& responder_auth_message,	37 const std::string& responder_auth_message,

33 ProtocolVersion protocol_version)	38 ProtocolVersion protocol_version)

34 : secure_message_delegate_(std::move(secure_message_delegate)),	39 : secure_message_delegate_(std::move(secure_message_delegate)),

35 symmetric_key_(symmetric_key),	40 session_keys_(std::move(session_keys)),

36 responder_auth_message_(responder_auth_message),	41 responder_auth_message_(responder_auth_message),

37 protocol_version_(protocol_version),	42 protocol_version_(protocol_version),

38 last_sequence_number_(kAuthenticationSequenceNumber),	43 last_encode_sequence_number_(kAuthenticationEncodeSequenceNumber),

	44 last_decode_sequence_number_(kAuthenticationDecodeSequenceNumber),

39 weak_ptr_factory_(this) {}	45 weak_ptr_factory_(this) {}

40	46

41 DeviceToDeviceSecureContext::~DeviceToDeviceSecureContext() {}	47 DeviceToDeviceSecureContext::~DeviceToDeviceSecureContext() {}

42	48

43 void DeviceToDeviceSecureContext::Decode(const std::string& encoded_message,	49 void DeviceToDeviceSecureContext::Decode(const std::string& encoded_message,

44 const MessageCallback& callback) {	50 const MessageCallback& callback) {

45 SecureMessageDelegate::UnwrapOptions unwrap_options;	51 SecureMessageDelegate::UnwrapOptions unwrap_options;

46 unwrap_options.encryption_scheme = securemessage::AES_256_CBC;	52 unwrap_options.encryption_scheme = securemessage::AES_256_CBC;

47 unwrap_options.signature_scheme = securemessage::HMAC_SHA256;	53 unwrap_options.signature_scheme = securemessage::HMAC_SHA256;

48	54

49 secure_message_delegate_->UnwrapSecureMessage(	55 secure_message_delegate_->UnwrapSecureMessage(

50 encoded_message, symmetric_key_, unwrap_options,	56 encoded_message, session_keys_->responder_encode_key(), unwrap_options,

51 base::Bind(&DeviceToDeviceSecureContext::HandleUnwrapResult,	57 base::Bind(&DeviceToDeviceSecureContext::HandleUnwrapResult,

52 weak_ptr_factory_.GetWeakPtr(), callback));	58 weak_ptr_factory_.GetWeakPtr(), callback));

53 }	59 }

54	60

55 void DeviceToDeviceSecureContext::Encode(const std::string& message,	61 void DeviceToDeviceSecureContext::Encode(const std::string& message,

56 const MessageCallback& callback) {	62 const MessageCallback& callback) {

57 // Create a GcmMetadata field to put in the header.	63 // Create a GcmMetadata field to put in the header.

58 GcmMetadata gcm_metadata;	64 GcmMetadata gcm_metadata;

59 gcm_metadata.set_type(DEVICE_TO_DEVICE_MESSAGE);	65 gcm_metadata.set_type(DEVICE_TO_DEVICE_MESSAGE);

60 gcm_metadata.set_version(kGcmMetadataVersion);	66 gcm_metadata.set_version(kGcmMetadataVersion);

61	67

62 // Wrap \|message\| inside a DeviceToDeviceMessage proto.	68 // Wrap \|message\| inside a DeviceToDeviceMessage proto.

63 securemessage::DeviceToDeviceMessage device_to_device_message;	69 securemessage::DeviceToDeviceMessage device_to_device_message;

64 device_to_device_message.set_sequence_number(++last_sequence_number_);	70 device_to_device_message.set_sequence_number(++last_encode_sequence_number_);

65 device_to_device_message.set_message(message);	71 device_to_device_message.set_message(message);

66	72

67 SecureMessageDelegate::CreateOptions create_options;	73 SecureMessageDelegate::CreateOptions create_options;

68 create_options.encryption_scheme = securemessage::AES_256_CBC;	74 create_options.encryption_scheme = securemessage::AES_256_CBC;

69 create_options.signature_scheme = securemessage::HMAC_SHA256;	75 create_options.signature_scheme = securemessage::HMAC_SHA256;

70 gcm_metadata.SerializeToString(&create_options.public_metadata);	76 gcm_metadata.SerializeToString(&create_options.public_metadata);

71	77

72 secure_message_delegate_->CreateSecureMessage(	78 secure_message_delegate_->CreateSecureMessage(

73 device_to_device_message.SerializeAsString(), symmetric_key_,	79 device_to_device_message.SerializeAsString(),

74 create_options, callback);	80 session_keys_->initiator_encode_key(), create_options, callback);

75 }	81 }

76	82

77 std::string DeviceToDeviceSecureContext::GetChannelBindingData() const {	83 std::string DeviceToDeviceSecureContext::GetChannelBindingData() const {

78 return responder_auth_message_;	84 return responder_auth_message_;

79 }	85 }

80	86

81 SecureContext::ProtocolVersion DeviceToDeviceSecureContext::GetProtocolVersion()	87 SecureContext::ProtocolVersion DeviceToDeviceSecureContext::GetProtocolVersion()

82 const {	88 const {

83 return protocol_version_;	89 return protocol_version_;

84 }	90 }

85	91

86 void DeviceToDeviceSecureContext::HandleUnwrapResult(	92 void DeviceToDeviceSecureContext::HandleUnwrapResult(

87 const DeviceToDeviceSecureContext::MessageCallback& callback,	93 const DeviceToDeviceSecureContext::MessageCallback& callback,

88 bool verified,	94 bool verified,

89 const std::string& payload,	95 const std::string& payload,

90 const securemessage::Header& header) {	96 const securemessage::Header& header) {

91 // The payload should contain a DeviceToDeviceMessage proto.	97 // The payload should contain a DeviceToDeviceMessage proto.

92 securemessage::DeviceToDeviceMessage device_to_device_message;	98 securemessage::DeviceToDeviceMessage device_to_device_message;

93 if (!verified \|\| !device_to_device_message.ParseFromString(payload)) {	99 if (!verified \|\| !device_to_device_message.ParseFromString(payload)) {

94 PA_LOG(ERROR) << "Failed to unwrap secure message.";	100 PA_LOG(ERROR) << "Failed to unwrap secure message.";

95 callback.Run(std::string());	101 callback.Run(std::string());

96 return;	102 return;

97 }	103 }

98	104

99 // Check that the sequence number matches the expected sequence number.	105 // Check that the sequence number matches the expected sequence number.

100 if (device_to_device_message.sequence_number() != last_sequence_number_ + 1) {	106 if (device_to_device_message.sequence_number() !=

101 PA_LOG(ERROR) << "Expected sequence_number=" << last_sequence_number_ + 1	107 last_decode_sequence_number_ + 1) {

102 << ", but got " << device_to_device_message.sequence_number();	108 PA_LOG(ERROR) << "Expected sequence_number="

	109 << last_decode_sequence_number_ + 1 << ", but got "

	110 << device_to_device_message.sequence_number();

103 callback.Run(std::string());	111 callback.Run(std::string());

104 return;	112 return;

105 }	113 }

106	114

107 // Validate the GcmMetadata proto in the header.	115 // Validate the GcmMetadata proto in the header.

108 GcmMetadata gcm_metadata;	116 GcmMetadata gcm_metadata;

109 if (!gcm_metadata.ParseFromString(header.public_metadata()) \|\|	117 if (!gcm_metadata.ParseFromString(header.public_metadata()) \|\|

110 gcm_metadata.type() != DEVICE_TO_DEVICE_MESSAGE \|\|	118 gcm_metadata.type() != DEVICE_TO_DEVICE_MESSAGE \|\|

111 gcm_metadata.version() != kGcmMetadataVersion) {	119 gcm_metadata.version() != kGcmMetadataVersion) {

112 PA_LOG(ERROR) << "Failed to validate GcmMetadata.";	120 PA_LOG(ERROR) << "Failed to validate GcmMetadata.";

113 callback.Run(std::string());	121 callback.Run(std::string());

114 return;	122 return;

115 }	123 }

116	124

117 last_sequence_number_++;	125 last_decode_sequence_number_++;

118 callback.Run(device_to_device_message.message());	126 callback.Run(device_to_device_message.message());

119 }	127 }

120	128

121 } // cryptauth	129 } // cryptauth

OLD	NEW