| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/cryptauth/device_to_device_responder_operations.h" | 5 #include "components/cryptauth/device_to_device_responder_operations.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "components/cryptauth/proto/cryptauth_api.pb.h" | 9 #include "components/cryptauth/proto/cryptauth_api.pb.h" |
| 10 #include "components/cryptauth/proto/securemessage.pb.h" | 10 #include "components/cryptauth/proto/securemessage.pb.h" |
| 11 #include "components/cryptauth/secure_message_delegate.h" | 11 #include "components/cryptauth/secure_message_delegate.h" |
| 12 #include "components/proximity_auth/logging/logging.h" | 12 #include "components/proximity_auth/logging/logging.h" |
| 13 | 13 |
| 14 namespace cryptauth { | 14 namespace cryptauth { |
| 15 | 15 |
| 16 namespace { | 16 namespace { |
| 17 | 17 |
| 18 // TODO(tengs): Due to a bug with the ChromeOS secure message daemon, we cannot | 18 // TODO(tengs): Due to a bug with the ChromeOS secure message daemon, we cannot |
| 19 // create SecureMessages with empty payloads. To workaround this bug, this value | 19 // create SecureMessages with empty payloads. To workaround this bug, this value |
| 20 // is put into the payload if it would otherwise be empty. | 20 // is put into the payload if it would otherwise be empty. |
| 21 // See crbug.com/512894. | 21 // See crbug.com/512894. |
| 22 const char kPayloadFiller[] = "\xae"; | 22 const char kPayloadFiller[] = "\xae"; |
| 23 | 23 |
| 24 // The version to put in the GcmMetadata field. | 24 // The version to put in the GcmMetadata field. |
| 25 const int kGcmMetadataVersion = 1; | 25 const int kGcmMetadataVersion = 1; |
| 26 | 26 |
| 27 // The D2D protocol version. |
| 28 const int kD2DProtocolVersion = 1; |
| 29 |
| 27 // Callback for DeviceToDeviceResponderOperations::ValidateHelloMessage(), | 30 // Callback for DeviceToDeviceResponderOperations::ValidateHelloMessage(), |
| 28 // after the [Hello] message is unwrapped. | 31 // after the [Hello] message is unwrapped. |
| 29 void OnHelloMessageUnwrapped( | 32 void OnHelloMessageUnwrapped( |
| 30 const DeviceToDeviceResponderOperations::ValidateHelloCallback& callback, | 33 const DeviceToDeviceResponderOperations::ValidateHelloCallback& callback, |
| 31 bool verified, | 34 bool verified, |
| 32 const std::string& payload, | 35 const std::string& payload, |
| 33 const securemessage::Header& header) { | 36 const securemessage::Header& header) { |
| 34 securemessage::InitiatorHello initiator_hello; | 37 securemessage::InitiatorHello initiator_hello; |
| 35 if (!verified || !initiator_hello.ParseFromString(header.public_metadata())) { | 38 if (!verified || !initiator_hello.ParseFromString(header.public_metadata()) || |
| 39 initiator_hello.protocol_version() != kD2DProtocolVersion) { |
| 36 callback.Run(false, std::string()); | 40 callback.Run(false, std::string()); |
| 37 return; | 41 return; |
| 38 } | 42 } |
| 39 | 43 |
| 40 callback.Run(true, initiator_hello.public_dh_key().SerializeAsString()); | 44 callback.Run(true, initiator_hello.public_dh_key().SerializeAsString()); |
| 41 } | 45 } |
| 42 | 46 |
| 43 // Helper struct containing all the context needed to create the [Responder | 47 // Helper struct containing all the context needed to create the [Responder |
| 44 // Auth] message. | 48 // Auth] message. |
| 45 struct CreateResponderAuthMessageContext { | 49 struct CreateResponderAuthMessageContext { |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 154 | 158 |
| 155 // Store the responder's session public key in plaintext in the header. | 159 // Store the responder's session public key in plaintext in the header. |
| 156 securemessage::ResponderHello responder_hello; | 160 securemessage::ResponderHello responder_hello; |
| 157 if (!responder_hello.mutable_public_dh_key()->ParseFromString( | 161 if (!responder_hello.mutable_public_dh_key()->ParseFromString( |
| 158 context.session_public_key)) { | 162 context.session_public_key)) { |
| 159 PA_LOG(ERROR) << "Error parsing public key while creating [Responder Auth]"; | 163 PA_LOG(ERROR) << "Error parsing public key while creating [Responder Auth]"; |
| 160 PA_LOG(ERROR) << context.session_public_key; | 164 PA_LOG(ERROR) << context.session_public_key; |
| 161 context.callback.Run(std::string()); | 165 context.callback.Run(std::string()); |
| 162 return; | 166 return; |
| 163 } | 167 } |
| 168 responder_hello.set_protocol_version(kD2DProtocolVersion); |
| 164 | 169 |
| 165 // Create the outer most message, wrapping the other messages created | 170 // Create the outer most message, wrapping the other messages created |
| 166 // previously. | 171 // previously. |
| 167 securemessage::DeviceToDeviceMessage device_to_device_message; | 172 securemessage::DeviceToDeviceMessage device_to_device_message; |
| 168 device_to_device_message.set_message(context.middle_message); | 173 device_to_device_message.set_message(context.middle_message); |
| 169 device_to_device_message.set_sequence_number(1); | 174 device_to_device_message.set_sequence_number(1); |
| 170 | 175 |
| 171 SecureMessageDelegate::CreateOptions create_options; | 176 SecureMessageDelegate::CreateOptions create_options; |
| 172 create_options.encryption_scheme = securemessage::AES_256_CBC; | 177 create_options.encryption_scheme = securemessage::AES_256_CBC; |
| 173 create_options.signature_scheme = securemessage::HMAC_SHA256; | 178 create_options.signature_scheme = securemessage::HMAC_SHA256; |
| 174 create_options.public_metadata = gcm_metadata.SerializeAsString(); | 179 create_options.public_metadata = gcm_metadata.SerializeAsString(); |
| 175 responder_hello.SerializeToString(&create_options.decryption_key_id); | 180 responder_hello.SerializeToString(&create_options.decryption_key_id); |
| 176 | 181 |
| 177 context.secure_message_delegate->CreateSecureMessage( | 182 context.secure_message_delegate->CreateSecureMessage( |
| 178 device_to_device_message.SerializeAsString(), session_symmetric_key, | 183 device_to_device_message.SerializeAsString(), |
| 179 create_options, context.callback); | 184 SessionKeys(session_symmetric_key).responder_encode_key(), create_options, |
| 185 context.callback); |
| 180 } | 186 } |
| 181 | 187 |
| 182 // Helper struct containing all the context needed to validate the [Initiator | 188 // Helper struct containing all the context needed to validate the [Initiator |
| 183 // Auth] message. | 189 // Auth] message. |
| 184 struct ValidateInitiatorAuthMessageContext { | 190 struct ValidateInitiatorAuthMessageContext { |
| 185 std::string persistent_symmetric_key; | 191 std::string persistent_symmetric_key; |
| 186 std::string responder_auth_message; | 192 std::string responder_auth_message; |
| 187 SecureMessageDelegate* secure_message_delegate; | 193 SecureMessageDelegate* secure_message_delegate; |
| 188 DeviceToDeviceResponderOperations::ValidationCallback callback; | 194 DeviceToDeviceResponderOperations::ValidationCallback callback; |
| 189 }; | 195 }; |
| (...skipping 17 matching lines...) Expand all Loading... |
| 207 const securemessage::Header& header) { | 213 const securemessage::Header& header) { |
| 208 if (!verified) { | 214 if (!verified) { |
| 209 PA_LOG(INFO) << "Failed to verify outer [Initiator Auth] message"; | 215 PA_LOG(INFO) << "Failed to verify outer [Initiator Auth] message"; |
| 210 context.callback.Run(false); | 216 context.callback.Run(false); |
| 211 return; | 217 return; |
| 212 } | 218 } |
| 213 | 219 |
| 214 // Parse the decrypted payload. | 220 // Parse the decrypted payload. |
| 215 securemessage::DeviceToDeviceMessage device_to_device_message; | 221 securemessage::DeviceToDeviceMessage device_to_device_message; |
| 216 if (!device_to_device_message.ParseFromString(payload) || | 222 if (!device_to_device_message.ParseFromString(payload) || |
| 217 device_to_device_message.sequence_number() != 2) { | 223 device_to_device_message.sequence_number() != 1) { |
| 218 PA_LOG(INFO) << "Failed to validate DeviceToDeviceMessage payload."; | 224 PA_LOG(INFO) << "Failed to validate DeviceToDeviceMessage payload."; |
| 219 context.callback.Run(false); | 225 context.callback.Run(false); |
| 220 return; | 226 return; |
| 221 } | 227 } |
| 222 | 228 |
| 223 // Unwrap the inner message of [Initiator Auth]. | 229 // Unwrap the inner message of [Initiator Auth]. |
| 224 SecureMessageDelegate::UnwrapOptions unwrap_options; | 230 SecureMessageDelegate::UnwrapOptions unwrap_options; |
| 225 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; | 231 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; |
| 226 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; | 232 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; |
| 227 unwrap_options.associated_data = context.responder_auth_message; | 233 unwrap_options.associated_data = context.responder_auth_message; |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 290 // To create the [Responder Auth] message, we need to first parse the | 296 // To create the [Responder Auth] message, we need to first parse the |
| 291 // initiator's [Hello] message and extract the initiator's session public key. | 297 // initiator's [Hello] message and extract the initiator's session public key. |
| 292 DeviceToDeviceResponderOperations::ValidateHelloMessage( | 298 DeviceToDeviceResponderOperations::ValidateHelloMessage( |
| 293 hello_message, persistent_symmetric_key, secure_message_delegate, | 299 hello_message, persistent_symmetric_key, secure_message_delegate, |
| 294 base::Bind(&OnHelloMessageValidatedForResponderAuth, context)); | 300 base::Bind(&OnHelloMessageValidatedForResponderAuth, context)); |
| 295 } | 301 } |
| 296 | 302 |
| 297 // static | 303 // static |
| 298 void DeviceToDeviceResponderOperations::ValidateInitiatorAuthMessage( | 304 void DeviceToDeviceResponderOperations::ValidateInitiatorAuthMessage( |
| 299 const std::string& initiator_auth_message, | 305 const std::string& initiator_auth_message, |
| 300 const std::string& session_symmetric_key, | 306 const SessionKeys& session_keys, |
| 301 const std::string& persistent_symmetric_key, | 307 const std::string& persistent_symmetric_key, |
| 302 const std::string& responder_auth_message, | 308 const std::string& responder_auth_message, |
| 303 SecureMessageDelegate* secure_message_delegate, | 309 SecureMessageDelegate* secure_message_delegate, |
| 304 const ValidationCallback& callback) { | 310 const ValidationCallback& callback) { |
| 305 // The [Initiator Auth] message has the structure: | 311 // The [Initiator Auth] message has the structure: |
| 306 // { | 312 // { |
| 307 // header: Sig(payload1, session_symmetric_key) | 313 // header: Sig(payload1, session_symmetric_key) |
| 308 // payload1: Enc({ | 314 // payload1: Enc({ |
| 309 // sequence_number: 2, | 315 // sequence_number: 2, |
| 310 // body: { | 316 // body: { |
| 311 // header: Sig(payload2 + responder_auth_message, | 317 // header: Sig(payload2 + responder_auth_message, |
| 312 // persistent_symmetric_key) | 318 // persistent_symmetric_key) |
| 313 // payload2: "" | 319 // payload2: "" |
| 314 // } | 320 // } |
| 315 // }, session_symmetric_key) | 321 // }, session_symmetric_key) |
| 316 // } | 322 // } |
| 317 ValidateInitiatorAuthMessageContext context = { | 323 ValidateInitiatorAuthMessageContext context = { |
| 318 persistent_symmetric_key, responder_auth_message, secure_message_delegate, | 324 persistent_symmetric_key, responder_auth_message, secure_message_delegate, |
| 319 callback}; | 325 callback}; |
| 320 | 326 |
| 321 SecureMessageDelegate::UnwrapOptions unwrap_options; | 327 SecureMessageDelegate::UnwrapOptions unwrap_options; |
| 322 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; | 328 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; |
| 323 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; | 329 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; |
| 324 secure_message_delegate->UnwrapSecureMessage( | 330 secure_message_delegate->UnwrapSecureMessage( |
| 325 initiator_auth_message, session_symmetric_key, unwrap_options, | 331 initiator_auth_message, session_keys.initiator_encode_key(), |
| 332 unwrap_options, |
| 326 base::Bind(&OnOuterMessageUnwrappedForInitiatorAuth, context)); | 333 base::Bind(&OnOuterMessageUnwrappedForInitiatorAuth, context)); |
| 327 } | 334 } |
| 328 | 335 |
| 329 } // cryptauth | 336 } // cryptauth |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2899863002:
Updating D2D protocol to v1 to support separate sequence numbers. (Closed)
