remoting/protocol/ssl_hmac_channel_authenticator.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
   6
   7 #include "base/bind.h"
   8 #include "base/bind_helpers.h"
   9 #include "base/callback_helpers.h"
  10 #include "base/logging.h"
  11 #include "crypto/secure_util.h"
  12 #include "net/base/host_port_pair.h"
  13 #include "net/base/io_buffer.h"
  14 #include "net/base/net_errors.h"
  15 #include "net/cert/cert_status_flags.h"
  16 #include "net/cert/cert_verifier.h"
  17 #include "net/cert/x509_certificate.h"
  18 #include "net/http/transport_security_state.h"
  19 #include "net/socket/client_socket_factory.h"
  20 #include "net/socket/client_socket_handle.h"
  21 #include "net/socket/ssl_client_socket.h"
  22 #include "net/socket/ssl_client_socket_openssl.h"
  23 #include "net/socket/ssl_server_socket.h"
  24 #include "net/ssl/ssl_config_service.h"
  25 #include "remoting/base/rsa_key_pair.h"
  26 #include "remoting/protocol/auth_util.h"
  27
  28 namespace remoting {
  29 namespace protocol {
  30
  31 namespace {
  32
  33 // A CertVerifier which rejects every certificate.
  34 class FailingCertVerifier : public net::CertVerifier {
  35  public:
  36   FailingCertVerifier() {}
  37   ~FailingCertVerifier() override {}
  38
  39   int Verify(net::X509Certificate* cert,
  40              const std::string& hostname,
  41              const std::string& ocsp_response,
  42              int flags,
  43              net::CRLSet* crl_set,
  44              net::CertVerifyResult* verify_result,
  45              const net::CompletionCallback& callback,
  46              scoped_ptr<Request>* out_req,
  47              const net::BoundNetLog& net_log) override {
  48     verify_result->verified_cert = cert;
  49     verify_result->cert_status = net::CERT_STATUS_INVALID;
  50     return net::ERR_CERT_INVALID;
  51   }
  52 };
  53
  54 }  // namespace
  55
  56 // static
  57 scoped_ptr<SslHmacChannelAuthenticator>
  58 SslHmacChannelAuthenticator::CreateForClient(
  59       const std::string& remote_cert,
  60       const std::string& auth_key) {
  61   scoped_ptr<SslHmacChannelAuthenticator> result(
  62       new SslHmacChannelAuthenticator(auth_key));
  63   result->remote_cert_ = remote_cert;
  64   return result.Pass();
  65 }
  66
  67 scoped_ptr<SslHmacChannelAuthenticator>
  68 SslHmacChannelAuthenticator::CreateForHost(
  69     const std::string& local_cert,
  70     scoped_refptr<RsaKeyPair> key_pair,
  71     const std::string& auth_key) {
  72   scoped_ptr<SslHmacChannelAuthenticator> result(
  73       new SslHmacChannelAuthenticator(auth_key));
  74   result->local_cert_ = local_cert;
  75   result->local_key_pair_ = key_pair;
  76   return result.Pass();
  77 }
  78
  79 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(
  80     const std::string& auth_key)
  81     : auth_key_(auth_key) {
  82 }
  83
  84 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {
  85 }
  86
  87 void SslHmacChannelAuthenticator::SecureAndAuthenticate(
  88     scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) {
  89   DCHECK(CalledOnValidThread());
  90   DCHECK(socket->IsConnected());
  91
  92   done_callback_ = done_callback;
  93
  94   int result;
  95   if (is_ssl_server()) {
  96 #if defined(OS_NACL)
  97     // Client plugin doesn't use server SSL sockets, and so SSLServerSocket
  98     // implementation is not compiled for NaCl as part of net_nacl.
  99     NOTREACHED();
 100     result = net::ERR_FAILED;
 101 #else
 102     scoped_refptr<net::X509Certificate> cert =
 103         net::X509Certificate::CreateFromBytes(
 104             local_cert_.data(), local_cert_.length());
 105     if (!cert.get()) {
 106       LOG(ERROR) << "Failed to parse X509Certificate";
 107       NotifyError(net::ERR_FAILED);
 108       return;
 109     }
 110
 111     net::SSLConfig ssl_config;
 112     ssl_config.require_ecdhe = true;
 113
 114     scoped_ptr<net::SSLServerSocket> server_socket =
 115         net::CreateSSLServerSocket(socket.Pass(),
 116                                    cert.get(),
 117                                    local_key_pair_->private_key(),
 118                                    ssl_config);
 119     net::SSLServerSocket* raw_server_socket = server_socket.get();
 120     socket_ = server_socket.Pass();
 121     result = raw_server_socket->Handshake(
 122         base::Bind(&SslHmacChannelAuthenticator::OnConnected,
 123                    base::Unretained(this)));
 124 #endif
 125   } else {
 126     transport_security_state_.reset(new net::TransportSecurityState);
 127     cert_verifier_.reset(new FailingCertVerifier);
 128
 129     net::SSLConfig::CertAndStatus cert_and_status;
 130     cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
 131     cert_and_status.der_cert = remote_cert_;
 132
 133     net::SSLConfig ssl_config;
 134     // Certificate verification and revocation checking are not needed
 135     // because we use self-signed certs. Disable it so that the SSL
 136     // layer doesn't try to initialize OCSP (OCSP works only on the IO
 137     // thread).
 138     ssl_config.cert_io_enabled = false;
 139     ssl_config.rev_checking_enabled = false;
 140     ssl_config.allowed_bad_certs.push_back(cert_and_status);
 141     ssl_config.require_ecdhe = false;
 142
 143     net::HostPortPair host_and_port(kSslFakeHostName, 0);
 144     net::SSLClientSocketContext context;
 145     context.transport_security_state = transport_security_state_.get();
 146     context.cert_verifier = cert_verifier_.get();
 147     scoped_ptr<net::ClientSocketHandle> socket_handle(
 148         new net::ClientSocketHandle);
 149     socket_handle->SetSocket(socket.Pass());
 150
 151 #if defined(OS_NACL)
 152     // net_nacl doesn't include ClientSocketFactory.
 153     socket_.reset(new net::SSLClientSocketOpenSSL(
 154         socket_handle.Pass(), host_and_port, ssl_config, context));
 155 #else
 156     socket_ =
 157         net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(
 158             socket_handle.Pass(), host_and_port, ssl_config, context);
 159 #endif
 160
 161     result = socket_->Connect(
 162         base::Bind(&SslHmacChannelAuthenticator::OnConnected,
 163                    base::Unretained(this)));
 164   }
 165
 166   if (result == net::ERR_IO_PENDING)
 167     return;
 168
 169   OnConnected(result);
 170 }
 171
 172 bool SslHmacChannelAuthenticator::is_ssl_server() {
 173   return local_key_pair_.get() != nullptr;
 174 }
 175
 176 void SslHmacChannelAuthenticator::OnConnected(int result) {
 177   if (result != net::OK) {
 178     LOG(WARNING) << "Failed to establish SSL connection.  Error: "
 179                  << net::ErrorToString(result);
 180     NotifyError(result);
 181     return;
 182   }
 183
 184   // Generate authentication digest to write to the socket.
 185   std::string auth_bytes = GetAuthBytes(
 186       socket_.get(), is_ssl_server() ?
 187       kHostAuthSslExporterLabel : kClientAuthSslExporterLabel, auth_key_);
 188   if (auth_bytes.empty()) {
 189     NotifyError(net::ERR_FAILED);
 190     return;
 191   }
 192
 193   // Allocate a buffer to write the digest.
 194   auth_write_buf_ = new net::DrainableIOBuffer(
 195       new net::StringIOBuffer(auth_bytes), auth_bytes.size());
 196
 197   // Read an incoming token.
 198   auth_read_buf_ = new net::GrowableIOBuffer();
 199   auth_read_buf_->SetCapacity(kAuthDigestLength);
 200
 201   // If WriteAuthenticationBytes() results in |done_callback_| being
 202   // called then we must not do anything else because this object may
 203   // be destroyed at that point.
 204   bool callback_called = false;
 205   WriteAuthenticationBytes(&callback_called);
 206   if (!callback_called)
 207     ReadAuthenticationBytes();
 208 }
 209
 210 void SslHmacChannelAuthenticator::WriteAuthenticationBytes(
 211     bool* callback_called) {
 212   while (true) {
 213     int result = socket_->Write(
 214         auth_write_buf_.get(),
 215         auth_write_buf_->BytesRemaining(),
 216         base::Bind(&SslHmacChannelAuthenticator::OnAuthBytesWritten,
 217                    base::Unretained(this)));
 218     if (result == net::ERR_IO_PENDING)
 219       break;
 220     if (!HandleAuthBytesWritten(result, callback_called))
 221       break;
 222   }
 223 }
 224
 225 void SslHmacChannelAuthenticator::OnAuthBytesWritten(int result) {
 226   DCHECK(CalledOnValidThread());
 227
 228   if (HandleAuthBytesWritten(result, nullptr))
 229     WriteAuthenticationBytes(nullptr);
 230 }
 231
 232 bool SslHmacChannelAuthenticator::HandleAuthBytesWritten(
 233     int result, bool* callback_called) {
 234   if (result <= 0) {
 235     LOG(ERROR) << "Error writing authentication: " << result;
 236     if (callback_called)
 237       *callback_called = false;
 238     NotifyError(result);
 239     return false;
 240   }
 241
 242   auth_write_buf_->DidConsume(result);
 243   if (auth_write_buf_->BytesRemaining() > 0)
 244     return true;
 245
 246   auth_write_buf_ = nullptr;
 247   CheckDone(callback_called);
 248   return false;
 249 }
 250
 251 void SslHmacChannelAuthenticator::ReadAuthenticationBytes() {
 252   while (true) {
 253     int result =
 254         socket_->Read(auth_read_buf_.get(),
 255                       auth_read_buf_->RemainingCapacity(),
 256                       base::Bind(&SslHmacChannelAuthenticator::OnAuthBytesRead,
 257                                  base::Unretained(this)));
 258     if (result == net::ERR_IO_PENDING)
 259       break;
 260     if (!HandleAuthBytesRead(result))
 261       break;
 262   }
 263 }
 264
 265 void SslHmacChannelAuthenticator::OnAuthBytesRead(int result) {
 266   DCHECK(CalledOnValidThread());
 267
 268   if (HandleAuthBytesRead(result))
 269     ReadAuthenticationBytes();
 270 }
 271
 272 bool SslHmacChannelAuthenticator::HandleAuthBytesRead(int read_result) {
 273   if (read_result <= 0) {
 274     NotifyError(read_result);
 275     return false;
 276   }
 277
 278   auth_read_buf_->set_offset(auth_read_buf_->offset() + read_result);
 279   if (auth_read_buf_->RemainingCapacity() > 0)
 280     return true;
 281
 282   if (!VerifyAuthBytes(std::string(
 283           auth_read_buf_->StartOfBuffer(),
 284           auth_read_buf_->StartOfBuffer() + kAuthDigestLength))) {
 285     LOG(WARNING) << "Mismatched authentication";
 286     NotifyError(net::ERR_FAILED);
 287     return false;
 288   }
 289
 290   auth_read_buf_ = nullptr;
 291   CheckDone(nullptr);
 292   return false;
 293 }
 294
 295 bool SslHmacChannelAuthenticator::VerifyAuthBytes(
 296     const std::string& received_auth_bytes) {
 297   DCHECK(received_auth_bytes.length() == kAuthDigestLength);
 298
 299   // Compute expected auth bytes.
 300   std::string auth_bytes = GetAuthBytes(
 301       socket_.get(), is_ssl_server() ?
 302       kClientAuthSslExporterLabel : kHostAuthSslExporterLabel, auth_key_);
 303   if (auth_bytes.empty())
 304     return false;
 305
 306   return crypto::SecureMemEqual(received_auth_bytes.data(),
 307                                 &(auth_bytes[0]), kAuthDigestLength);
 308 }
 309
 310 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) {
 311   if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) {
 312     DCHECK(socket_.get() != nullptr);
 313     if (callback_called)
 314       *callback_called = true;
 315
 316     base::ResetAndReturn(&done_callback_).Run(net::OK, socket_.Pass());
 317   }
 318 }
 319
 320 void SslHmacChannelAuthenticator::NotifyError(int error) {
 321   base::ResetAndReturn(&done_callback_).Run(error, nullptr);
 322 }
 323
 324 }  // namespace protocol
 325 }  // namespace remoting