chrome/browser/net/certificate_error_reporter.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/net/certificate_error_reporter.h"
   6
   7 #include <set>
   8
   9 #include "base/logging.h"
  10 #include "chrome/browser/net/encrypted_cert_logger.pb.h"
  11
  12 #if defined(USE_OPENSSL)
  13 #include "crypto/aead_openssl.h"
  14 #endif
  15
  16 #include "crypto/curve25519.h"
  17 #include "crypto/hkdf.h"
  18 #include "crypto/random.h"
  19 #include "net/url_request/certificate_report_sender.h"
  20
  21 namespace {
  22
  23 // Constants used for crypto
  24 static const uint8 kServerPublicKey[] = {
  25     0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18,
  26     0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f,
  27     0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b};
  28 static const uint32 kServerPublicKeyVersion = 1;
  29
  30 #if defined(USE_OPENSSL)
  31
  32 static const char kHkdfLabel[] = "certificate report";
  33
  34 bool EncryptSerializedReport(
  35     const uint8* server_public_key,
  36     uint32 server_public_key_version,
  37     const std::string& report,
  38     chrome_browser_net::EncryptedCertLoggerRequest* encrypted_report) {
  39   // Generate an ephemeral key pair to generate a shared secret.
  40   uint8 public_key[crypto::curve25519::kBytes];
  41   uint8 private_key[crypto::curve25519::kScalarBytes];
  42   uint8 shared_secret[crypto::curve25519::kBytes];
  43
  44   crypto::RandBytes(private_key, sizeof(private_key));
  45   crypto::curve25519::ScalarBaseMult(private_key, public_key);
  46   crypto::curve25519::ScalarMult(private_key, server_public_key, shared_secret);
  47
  48   crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
  49   crypto::HKDF hkdf(std::string(reinterpret_cast<char*>(shared_secret),
  50                                 sizeof(shared_secret)),
  51                     std::string(),
  52                     base::StringPiece(kHkdfLabel, sizeof(kHkdfLabel)), 0, 0,
  53                     aead.KeyLength());
  54
  55   const std::string key(hkdf.subkey_secret().data(),
  56                         hkdf.subkey_secret().size());
  57   aead.Init(&key);
  58
  59   // Use an all-zero nonce because the key is random per-message.
  60   std::string nonce(aead.NonceLength(), 0);
  61
  62   std::string ciphertext;
  63   if (!aead.Seal(report, nonce, std::string(), &ciphertext)) {
  64     LOG(ERROR) << "Error sealing certificate report.";
  65     return false;
  66   }
  67
  68   encrypted_report->set_encrypted_report(ciphertext);
  69   encrypted_report->set_server_public_key_version(server_public_key_version);
  70   encrypted_report->set_client_public_key(
  71       std::string(reinterpret_cast<char*>(public_key), sizeof(public_key)));
  72   encrypted_report->set_algorithm(
  73       chrome_browser_net::EncryptedCertLoggerRequest::
  74           AEAD_ECDH_AES_128_CTR_HMAC_SHA256);
  75   return true;
  76 }
  77 #endif
  78
  79 }  // namespace
  80
  81 namespace chrome_browser_net {
  82
  83 CertificateErrorReporter::CertificateErrorReporter(
  84     net::URLRequestContext* request_context,
  85     const GURL& upload_url,
  86     net::CertificateReportSender::CookiesPreference cookies_preference)
  87     : CertificateErrorReporter(upload_url,
  88                                kServerPublicKey,
  89                                kServerPublicKeyVersion,
  90                                make_scoped_ptr(new net::CertificateReportSender(
  91                                    request_context,
  92                                    cookies_preference))) {}
  93
  94 CertificateErrorReporter::CertificateErrorReporter(
  95     const GURL& upload_url,
  96     const uint8 server_public_key[32],
  97     const uint32 server_public_key_version,
  98     scoped_ptr<net::CertificateReportSender> certificate_report_sender)
  99     : certificate_report_sender_(certificate_report_sender.Pass()),
 100       upload_url_(upload_url),
 101       server_public_key_(server_public_key),
 102       server_public_key_version_(server_public_key_version) {
 103   DCHECK(certificate_report_sender_);
 104   DCHECK(!upload_url.is_empty());
 105 }
 106
 107 CertificateErrorReporter::~CertificateErrorReporter() {
 108 }
 109
 110 void CertificateErrorReporter::SendReport(
 111     ReportType type,
 112     const std::string& serialized_report) {
 113   switch (type) {
 114     case REPORT_TYPE_PINNING_VIOLATION:
 115       certificate_report_sender_->Send(upload_url_, serialized_report);
 116       break;
 117     case REPORT_TYPE_EXTENDED_REPORTING:
 118       if (upload_url_.SchemeIsCryptographic()) {
 119         certificate_report_sender_->Send(upload_url_, serialized_report);
 120       } else {
 121         DCHECK(IsHttpUploadUrlSupported());
 122 #if defined(USE_OPENSSL)
 123         EncryptedCertLoggerRequest encrypted_report;
 124         if (!EncryptSerializedReport(server_public_key_,
 125                                      server_public_key_version_,
 126                                      serialized_report, &encrypted_report)) {
 127           LOG(ERROR) << "Failed to encrypt serialized report.";
 128           return;
 129         }
 130         std::string serialized_encrypted_report;
 131         encrypted_report.SerializeToString(&serialized_encrypted_report);
 132         certificate_report_sender_->Send(upload_url_,
 133                                          serialized_encrypted_report);
 134 #endif
 135       }
 136       break;
 137     default:
 138       NOTREACHED();
 139   }
 140 }
 141
 142 bool CertificateErrorReporter::IsHttpUploadUrlSupported() {
 143 #if defined(USE_OPENSSL)
 144   return true;
 145 #else
 146   return false;
 147 #endif
 148 }
 149
 150 // Used only by tests.
 151 #if defined(USE_OPENSSL)
 152 bool CertificateErrorReporter::DecryptCertificateErrorReport(
 153     const uint8 server_private_key[32],
 154     const EncryptedCertLoggerRequest& encrypted_report,
 155     std::string* decrypted_serialized_report) {
 156   uint8 shared_secret[crypto::curve25519::kBytes];
 157   crypto::curve25519::ScalarMult(
 158       server_private_key, reinterpret_cast<const uint8*>(
 159                               encrypted_report.client_public_key().data()),
 160       shared_secret);
 161
 162   crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
 163   crypto::HKDF hkdf(std::string(reinterpret_cast<char*>(shared_secret),
 164                                 sizeof(shared_secret)),
 165                     std::string(),
 166                     base::StringPiece(kHkdfLabel, sizeof(kHkdfLabel)), 0, 0,
 167                     aead.KeyLength());
 168
 169   const std::string key(hkdf.subkey_secret().data(),
 170                         hkdf.subkey_secret().size());
 171   aead.Init(&key);
 172
 173   // Use an all-zero nonce because the key is random per-message.
 174   std::string nonce(aead.NonceLength(), 0);
 175
 176   return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(),
 177                    decrypted_serialized_report);
 178 }
 179 #endif
 180
 181 }  // namespace chrome_browser_net