Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(385)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/cryptauth/device_to_device_secure_context.cc

Issue 2899863002: Updating D2D protocol to v1 to support separate sequence numbers. (Closed)
Patch Set: Addressing comments Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/cryptauth/device_to_device_secure_context.h ('k') | components/cryptauth/device_to_device_secure_context_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/cryptauth/device_to_device_secure_context.h" 5 #include "components/cryptauth/device_to_device_secure_context.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/callback.h" 10 #include "base/callback.h"
11 #include "components/cryptauth/proto/cryptauth_api.pb.h" 11 #include "components/cryptauth/proto/cryptauth_api.pb.h"
12 #include "components/cryptauth/proto/securemessage.pb.h" 12 #include "components/cryptauth/proto/securemessage.pb.h"
13 #include "components/cryptauth/secure_message_delegate.h" 13 #include "components/cryptauth/secure_message_delegate.h"
14 #include "components/proximity_auth/logging/logging.h" 14 #include "components/proximity_auth/logging/logging.h"
15 15
16 namespace cryptauth { 16 namespace cryptauth {
17 17
18 namespace { 18 namespace {
19 19
20 // The version to put in the GcmMetadata field. 20 // The version to put in the GcmMetadata field.
21 const int kGcmMetadataVersion = 1; 21 const int kGcmMetadataVersion = 1;
22 22
23 // The sequence number of the last message used during authentication. These 23 // The sequence number of the last message sent during authentication. These
24 // messages are sent and received before the SecureContext is created. 24 // messages are sent and received before the SecureContext is created.
25 const int kAuthenticationSequenceNumber = 2; 25 const int kAuthenticationEncodeSequenceNumber = 1;
26
27 // The sequence number of the last message received during authentication. These
28 // messages are sent and received before the SecureContext is created.
29 const int kAuthenticationDecodeSequenceNumber = 1;
26 30
27 } // namespace 31 } // namespace
28 32
29 DeviceToDeviceSecureContext::DeviceToDeviceSecureContext( 33 DeviceToDeviceSecureContext::DeviceToDeviceSecureContext(
30 std::unique_ptr<SecureMessageDelegate> secure_message_delegate, 34 std::unique_ptr<SecureMessageDelegate> secure_message_delegate,
31 const std::string& symmetric_key, 35 const SessionKeys& session_keys,
32 const std::string& responder_auth_message, 36 const std::string& responder_auth_message,
33 ProtocolVersion protocol_version) 37 ProtocolVersion protocol_version)
34 : secure_message_delegate_(std::move(secure_message_delegate)), 38 : secure_message_delegate_(std::move(secure_message_delegate)),
35 symmetric_key_(symmetric_key), 39 encryption_key_(session_keys.initiator_encode_key()),
40 decryption_key_(session_keys.responder_encode_key()),
36 responder_auth_message_(responder_auth_message), 41 responder_auth_message_(responder_auth_message),
37 protocol_version_(protocol_version), 42 protocol_version_(protocol_version),
38 last_sequence_number_(kAuthenticationSequenceNumber), 43 last_encode_sequence_number_(kAuthenticationEncodeSequenceNumber),
44 last_decode_sequence_number_(kAuthenticationDecodeSequenceNumber),
39 weak_ptr_factory_(this) {} 45 weak_ptr_factory_(this) {}
40 46
41 DeviceToDeviceSecureContext::~DeviceToDeviceSecureContext() {} 47 DeviceToDeviceSecureContext::~DeviceToDeviceSecureContext() {}
42 48
43 void DeviceToDeviceSecureContext::Decode(const std::string& encoded_message, 49 void DeviceToDeviceSecureContext::Decode(const std::string& encoded_message,
44 const MessageCallback& callback) { 50 const MessageCallback& callback) {
45 SecureMessageDelegate::UnwrapOptions unwrap_options; 51 SecureMessageDelegate::UnwrapOptions unwrap_options;
46 unwrap_options.encryption_scheme = securemessage::AES_256_CBC; 52 unwrap_options.encryption_scheme = securemessage::AES_256_CBC;
47 unwrap_options.signature_scheme = securemessage::HMAC_SHA256; 53 unwrap_options.signature_scheme = securemessage::HMAC_SHA256;
48 54
49 secure_message_delegate_->UnwrapSecureMessage( 55 secure_message_delegate_->UnwrapSecureMessage(
50 encoded_message, symmetric_key_, unwrap_options, 56 encoded_message, decryption_key_, unwrap_options,
51 base::Bind(&DeviceToDeviceSecureContext::HandleUnwrapResult, 57 base::Bind(&DeviceToDeviceSecureContext::HandleUnwrapResult,
52 weak_ptr_factory_.GetWeakPtr(), callback)); 58 weak_ptr_factory_.GetWeakPtr(), callback));
53 } 59 }
54 60
55 void DeviceToDeviceSecureContext::Encode(const std::string& message, 61 void DeviceToDeviceSecureContext::Encode(const std::string& message,
56 const MessageCallback& callback) { 62 const MessageCallback& callback) {
57 // Create a GcmMetadata field to put in the header. 63 // Create a GcmMetadata field to put in the header.
58 GcmMetadata gcm_metadata; 64 GcmMetadata gcm_metadata;
59 gcm_metadata.set_type(DEVICE_TO_DEVICE_MESSAGE); 65 gcm_metadata.set_type(DEVICE_TO_DEVICE_MESSAGE);
60 gcm_metadata.set_version(kGcmMetadataVersion); 66 gcm_metadata.set_version(kGcmMetadataVersion);
61 67
62 // Wrap |message| inside a DeviceToDeviceMessage proto. 68 // Wrap |message| inside a DeviceToDeviceMessage proto.
63 securemessage::DeviceToDeviceMessage device_to_device_message; 69 securemessage::DeviceToDeviceMessage device_to_device_message;
64 device_to_device_message.set_sequence_number(++last_sequence_number_); 70 device_to_device_message.set_sequence_number(++last_encode_sequence_number_);
65 device_to_device_message.set_message(message); 71 device_to_device_message.set_message(message);
66 72
67 SecureMessageDelegate::CreateOptions create_options; 73 SecureMessageDelegate::CreateOptions create_options;
68 create_options.encryption_scheme = securemessage::AES_256_CBC; 74 create_options.encryption_scheme = securemessage::AES_256_CBC;
69 create_options.signature_scheme = securemessage::HMAC_SHA256; 75 create_options.signature_scheme = securemessage::HMAC_SHA256;
70 gcm_metadata.SerializeToString(&create_options.public_metadata); 76 gcm_metadata.SerializeToString(&create_options.public_metadata);
71 77
72 secure_message_delegate_->CreateSecureMessage( 78 secure_message_delegate_->CreateSecureMessage(
73 device_to_device_message.SerializeAsString(), symmetric_key_, 79 device_to_device_message.SerializeAsString(), encryption_key_,
74 create_options, callback); 80 create_options, callback);
75 } 81 }
76 82
77 std::string DeviceToDeviceSecureContext::GetChannelBindingData() const { 83 std::string DeviceToDeviceSecureContext::GetChannelBindingData() const {
78 return responder_auth_message_; 84 return responder_auth_message_;
79 } 85 }
80 86
81 SecureContext::ProtocolVersion DeviceToDeviceSecureContext::GetProtocolVersion() 87 SecureContext::ProtocolVersion DeviceToDeviceSecureContext::GetProtocolVersion()
82 const { 88 const {
83 return protocol_version_; 89 return protocol_version_;
84 } 90 }
85 91
86 void DeviceToDeviceSecureContext::HandleUnwrapResult( 92 void DeviceToDeviceSecureContext::HandleUnwrapResult(
87 const DeviceToDeviceSecureContext::MessageCallback& callback, 93 const DeviceToDeviceSecureContext::MessageCallback& callback,
88 bool verified, 94 bool verified,
89 const std::string& payload, 95 const std::string& payload,
90 const securemessage::Header& header) { 96 const securemessage::Header& header) {
91 // The payload should contain a DeviceToDeviceMessage proto. 97 // The payload should contain a DeviceToDeviceMessage proto.
92 securemessage::DeviceToDeviceMessage device_to_device_message; 98 securemessage::DeviceToDeviceMessage device_to_device_message;
93 if (!verified || !device_to_device_message.ParseFromString(payload)) { 99 if (!verified || !device_to_device_message.ParseFromString(payload)) {
94 PA_LOG(ERROR) << "Failed to unwrap secure message."; 100 PA_LOG(ERROR) << "Failed to unwrap secure message.";
95 callback.Run(std::string()); 101 callback.Run(std::string());
96 return; 102 return;
97 } 103 }
98 104
99 // Check that the sequence number matches the expected sequence number. 105 // Check that the sequence number matches the expected sequence number.
100 if (device_to_device_message.sequence_number() != last_sequence_number_ + 1) { 106 if (device_to_device_message.sequence_number() !=
101 PA_LOG(ERROR) << "Expected sequence_number=" << last_sequence_number_ + 1 107 last_decode_sequence_number_ + 1) {
102 << ", but got " << device_to_device_message.sequence_number(); 108 PA_LOG(ERROR) << "Expected sequence_number="
109 << last_decode_sequence_number_ + 1 << ", but got "
110 << device_to_device_message.sequence_number();
103 callback.Run(std::string()); 111 callback.Run(std::string());
104 return; 112 return;
105 } 113 }
106 114
107 // Validate the GcmMetadata proto in the header. 115 // Validate the GcmMetadata proto in the header.
108 GcmMetadata gcm_metadata; 116 GcmMetadata gcm_metadata;
109 if (!gcm_metadata.ParseFromString(header.public_metadata()) || 117 if (!gcm_metadata.ParseFromString(header.public_metadata()) ||
110 gcm_metadata.type() != DEVICE_TO_DEVICE_MESSAGE || 118 gcm_metadata.type() != DEVICE_TO_DEVICE_MESSAGE ||
111 gcm_metadata.version() != kGcmMetadataVersion) { 119 gcm_metadata.version() != kGcmMetadataVersion) {
112 PA_LOG(ERROR) << "Failed to validate GcmMetadata."; 120 PA_LOG(ERROR) << "Failed to validate GcmMetadata.";
113 callback.Run(std::string()); 121 callback.Run(std::string());
114 return; 122 return;
115 } 123 }
116 124
117 last_sequence_number_++; 125 last_decode_sequence_number_++;
118 callback.Run(device_to_device_message.message()); 126 callback.Run(device_to_device_message.message());
119 } 127 }
120 128
121 } // cryptauth 129 } // cryptauth
OLDNEW
« no previous file with comments | « components/cryptauth/device_to_device_secure_context.h ('k') | components/cryptauth/device_to_device_secure_context_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698