remoting/protocol/ssl_hmac_channel_authenticator.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
   6
   7 #include "base/bind.h"
   8 #include "base/bind_helpers.h"
   9 #include "crypto/secure_util.h"
  10 #include "net/base/host_port_pair.h"
  11 #include "net/base/io_buffer.h"
  12 #include "net/base/net_errors.h"
  13 #include "net/cert/x509_certificate.h"
  14 #include "net/http/transport_security_state.h"
  15 #include "net/socket/client_socket_factory.h"
  16 #include "net/socket/client_socket_handle.h"
  17 #include "net/socket/ssl_client_socket.h"
  18 #include "net/socket/ssl_server_socket.h"
  19 #include "net/ssl/ssl_config_service.h"
  20 #include "remoting/base/rsa_key_pair.h"
  21 #include "remoting/protocol/auth_util.h"
  22
  23 namespace remoting {
  24 namespace protocol {
  25
  26 // static
  27 scoped_ptr<SslHmacChannelAuthenticator>
  28 SslHmacChannelAuthenticator::CreateForClient(
  29       const std::string& remote_cert,
  30       const std::string& auth_key) {
  31   scoped_ptr<SslHmacChannelAuthenticator> result(
  32       new SslHmacChannelAuthenticator(auth_key));
  33   result->remote_cert_ = remote_cert;
  34   return result.Pass();
  35 }
  36
  37 scoped_ptr<SslHmacChannelAuthenticator>
  38 SslHmacChannelAuthenticator::CreateForHost(
  39     const std::string& local_cert,
  40     scoped_refptr<RsaKeyPair> key_pair,
  41     const std::string& auth_key) {
  42   scoped_ptr<SslHmacChannelAuthenticator> result(
  43       new SslHmacChannelAuthenticator(auth_key));
  44   result->local_cert_ = local_cert;
  45   result->local_key_pair_ = key_pair;
  46   return result.Pass();
  47 }
  48
  49 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(
  50     const std::string& auth_key)
  51     : auth_key_(auth_key) {
  52 }
  53
  54 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {
  55 }
  56
  57 void SslHmacChannelAuthenticator::SecureAndAuthenticate(
  58     scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) {
  59   DCHECK(CalledOnValidThread());
  60   DCHECK(socket->IsConnected());
  61
  62   done_callback_ = done_callback;
  63
  64   int result;
  65   if (is_ssl_server()) {
  66     scoped_refptr<net::X509Certificate> cert =
  67         net::X509Certificate::CreateFromBytes(
  68             local_cert_.data(), local_cert_.length());
  69     if (!cert.get()) {
  70       LOG(ERROR) << "Failed to parse X509Certificate";
  71       NotifyError(net::ERR_FAILED);
  72       return;
  73     }
  74
  75     net::SSLConfig ssl_config;
  76     ssl_config.require_forward_secrecy = true;
  77
  78     scoped_ptr<net::SSLServerSocket> server_socket =
  79         net::CreateSSLServerSocket(socket.Pass(),
  80                                    cert.get(),
  81                                    local_key_pair_->private_key(),
  82                                    ssl_config);
  83     net::SSLServerSocket* raw_server_socket = server_socket.get();
  84     socket_ = server_socket.Pass();
  85     result = raw_server_socket->Handshake(
  86         base::Bind(&SslHmacChannelAuthenticator::OnConnected,
  87                    base::Unretained(this)));
  88   } else {
  89     transport_security_state_.reset(new net::TransportSecurityState);
  90
  91     net::SSLConfig::CertAndStatus cert_and_status;
  92     cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
  93     cert_and_status.der_cert = remote_cert_;
  94
  95     net::SSLConfig ssl_config;
  96     // Certificate verification and revocation checking are not needed
  97     // because we use self-signed certs. Disable it so that the SSL
  98     // layer doesn't try to initialize OCSP (OCSP works only on the IO
  99     // thread).
 100     ssl_config.cert_io_enabled = false;
 101     ssl_config.rev_checking_enabled = false;
 102     ssl_config.allowed_bad_certs.push_back(cert_and_status);
 103
 104     net::HostPortPair host_and_port(kSslFakeHostName, 0);
 105     net::SSLClientSocketContext context;
 106     context.transport_security_state = transport_security_state_.get();
 107     scoped_ptr<net::ClientSocketHandle> connection(new net::ClientSocketHandle);
 108     connection->SetSocket(socket.Pass());
 109     socket_ =
 110         net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(
 111             connection.Pass(), host_and_port, ssl_config, context);
 112
 113     result = socket_->Connect(
 114         base::Bind(&SslHmacChannelAuthenticator::OnConnected,
 115                    base::Unretained(this)));
 116   }
 117
 118   if (result == net::ERR_IO_PENDING)
 119     return;
 120
 121   OnConnected(result);
 122 }
 123
 124 bool SslHmacChannelAuthenticator::is_ssl_server() {
 125   return local_key_pair_.get() != NULL;
 126 }
 127
 128 void SslHmacChannelAuthenticator::OnConnected(int result) {
 129   if (result != net::OK) {
 130     LOG(WARNING) << "Failed to establish SSL connection";
 131     NotifyError(result);
 132     return;
 133   }
 134
 135   // Generate authentication digest to write to the socket.
 136   std::string auth_bytes = GetAuthBytes(
 137       socket_.get(), is_ssl_server() ?
 138       kHostAuthSslExporterLabel : kClientAuthSslExporterLabel, auth_key_);
 139   if (auth_bytes.empty()) {
 140     NotifyError(net::ERR_FAILED);
 141     return;
 142   }
 143
 144   // Allocate a buffer to write the digest.
 145   auth_write_buf_ = new net::DrainableIOBuffer(
 146       new net::StringIOBuffer(auth_bytes), auth_bytes.size());
 147
 148   // Read an incoming token.
 149   auth_read_buf_ = new net::GrowableIOBuffer();
 150   auth_read_buf_->SetCapacity(kAuthDigestLength);
 151
 152   // If WriteAuthenticationBytes() results in |done_callback_| being
 153   // called then we must not do anything else because this object may
 154   // be destroyed at that point.
 155   bool callback_called = false;
 156   WriteAuthenticationBytes(&callback_called);
 157   if (!callback_called)
 158     ReadAuthenticationBytes();
 159 }
 160
 161 void SslHmacChannelAuthenticator::WriteAuthenticationBytes(
 162     bool* callback_called) {
 163   while (true) {
 164     int result = socket_->Write(
 165         auth_write_buf_.get(),
 166         auth_write_buf_->BytesRemaining(),
 167         base::Bind(&SslHmacChannelAuthenticator::OnAuthBytesWritten,
 168                    base::Unretained(this)));
 169     if (result == net::ERR_IO_PENDING)
 170       break;
 171     if (!HandleAuthBytesWritten(result, callback_called))
 172       break;
 173   }
 174 }
 175
 176 void SslHmacChannelAuthenticator::OnAuthBytesWritten(int result) {
 177   DCHECK(CalledOnValidThread());
 178
 179   if (HandleAuthBytesWritten(result, NULL))
 180     WriteAuthenticationBytes(NULL);
 181 }
 182
 183 bool SslHmacChannelAuthenticator::HandleAuthBytesWritten(
 184     int result, bool* callback_called) {
 185   if (result <= 0) {
 186     LOG(ERROR) << "Error writing authentication: " << result;
 187     if (callback_called)
 188       *callback_called = false;
 189     NotifyError(result);
 190     return false;
 191   }
 192
 193   auth_write_buf_->DidConsume(result);
 194   if (auth_write_buf_->BytesRemaining() > 0)
 195     return true;
 196
 197   auth_write_buf_ = NULL;
 198   CheckDone(callback_called);
 199   return false;
 200 }
 201
 202 void SslHmacChannelAuthenticator::ReadAuthenticationBytes() {
 203   while (true) {
 204     int result =
 205         socket_->Read(auth_read_buf_.get(),
 206                       auth_read_buf_->RemainingCapacity(),
 207                       base::Bind(&SslHmacChannelAuthenticator::OnAuthBytesRead,
 208                                  base::Unretained(this)));
 209     if (result == net::ERR_IO_PENDING)
 210       break;
 211     if (!HandleAuthBytesRead(result))
 212       break;
 213   }
 214 }
 215
 216 void SslHmacChannelAuthenticator::OnAuthBytesRead(int result) {
 217   DCHECK(CalledOnValidThread());
 218
 219   if (HandleAuthBytesRead(result))
 220     ReadAuthenticationBytes();
 221 }
 222
 223 bool SslHmacChannelAuthenticator::HandleAuthBytesRead(int read_result) {
 224   if (read_result <= 0) {
 225     NotifyError(read_result);
 226     return false;
 227   }
 228
 229   auth_read_buf_->set_offset(auth_read_buf_->offset() + read_result);
 230   if (auth_read_buf_->RemainingCapacity() > 0)
 231     return true;
 232
 233   if (!VerifyAuthBytes(std::string(
 234           auth_read_buf_->StartOfBuffer(),
 235           auth_read_buf_->StartOfBuffer() + kAuthDigestLength))) {
 236     LOG(WARNING) << "Mismatched authentication";
 237     NotifyError(net::ERR_FAILED);
 238     return false;
 239   }
 240
 241   auth_read_buf_ = NULL;
 242   CheckDone(NULL);
 243   return false;
 244 }
 245
 246 bool SslHmacChannelAuthenticator::VerifyAuthBytes(
 247     const std::string& received_auth_bytes) {
 248   DCHECK(received_auth_bytes.length() == kAuthDigestLength);
 249
 250   // Compute expected auth bytes.
 251   std::string auth_bytes = GetAuthBytes(
 252       socket_.get(), is_ssl_server() ?
 253       kClientAuthSslExporterLabel : kHostAuthSslExporterLabel, auth_key_);
 254   if (auth_bytes.empty())
 255     return false;
 256
 257   return crypto::SecureMemEqual(received_auth_bytes.data(),
 258                                 &(auth_bytes[0]), kAuthDigestLength);
 259 }
 260
 261 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) {
 262   if (auth_write_buf_.get() == NULL && auth_read_buf_.get() == NULL) {
 263     DCHECK(socket_.get() != NULL);
 264     if (callback_called)
 265       *callback_called = true;
 266     done_callback_.Run(net::OK, socket_.PassAs<net::StreamSocket>());
 267   }
 268 }
 269
 270 void SslHmacChannelAuthenticator::NotifyError(int error) {
 271   done_callback_.Run(static_cast<net::Error>(error),
 272                      scoped_ptr<net::StreamSocket>());
 273 }
 274
 275 }  // namespace protocol
 276 }  // namespace remoting