// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/quic/crypto/channel_id_chromium.h" #include #include "base/stl_util.h" #include "base/strings/string_util.h" #include "crypto/ec_private_key.h" #include "crypto/ec_signature_creator.h" #include "net/base/net_errors.h" #include "net/cert/asn1_util.h" #include "net/ssl/channel_id_service.h" namespace net { ChannelIDKeyChromium::ChannelIDKeyChromium( crypto::ECPrivateKey* ec_private_key) : ec_private_key_(ec_private_key) {} ChannelIDKeyChromium::~ChannelIDKeyChromium() {} bool ChannelIDKeyChromium::Sign(base::StringPiece signed_data, std::string* out_signature) const { scoped_ptr sig_creator( crypto::ECSignatureCreator::Create(ec_private_key_.get())); if (!sig_creator) { return false; } const size_t len1 = strlen(ChannelIDVerifier::kContextStr) + 1; const size_t len2 = strlen(ChannelIDVerifier::kClientToServerStr) + 1; std::vector data(len1 + len2 + signed_data.size()); memcpy(&data[0], ChannelIDVerifier::kContextStr, len1); memcpy(&data[len1], ChannelIDVerifier::kClientToServerStr, len2); memcpy(&data[len1 + len2], signed_data.data(), signed_data.size()); std::vector der_signature; if (!sig_creator->Sign(&data[0], data.size(), &der_signature)) { return false; } std::vector raw_signature; if (!sig_creator->DecodeSignature(der_signature, &raw_signature)) { return false; } memcpy(WriteInto(out_signature, raw_signature.size() + 1), &raw_signature[0], raw_signature.size()); return true; } std::string ChannelIDKeyChromium::SerializeKey() const { std::string out_key; if (!ec_private_key_->ExportRawPublicKey(&out_key)) { return std::string(); } return out_key; } // A Job handles the lookup of a single channel ID. It is owned by the // ChannelIDSource. If the operation can not complete synchronously, it will // notify the ChannelIDSource upon completion. class ChannelIDSourceChromium::Job { public: Job(ChannelIDSourceChromium* channel_id_source, ChannelIDService* channel_id_service); // Starts the channel ID lookup. If |QUIC_PENDING| is returned, then // |callback| will be invoked asynchronously when the operation completes. QuicAsyncStatus GetChannelIDKey(const std::string& hostname, scoped_ptr* channel_id_key, ChannelIDSourceCallback* callback); private: enum State { STATE_NONE, STATE_GET_CHANNEL_ID_KEY, STATE_GET_CHANNEL_ID_KEY_COMPLETE, }; int DoLoop(int last_io_result); void OnIOComplete(int result); int DoGetChannelIDKey(int result); int DoGetChannelIDKeyComplete(int result); // Channel ID source to notify when this jobs completes. ChannelIDSourceChromium* const channel_id_source_; ChannelIDService* const channel_id_service_; std::string channel_id_private_key_; std::string channel_id_cert_; ChannelIDService::RequestHandle channel_id_request_handle_; // |hostname| specifies the hostname for which we need a channel ID. std::string hostname_; scoped_ptr callback_; scoped_ptr channel_id_key_; State next_state_; DISALLOW_COPY_AND_ASSIGN(Job); }; ChannelIDSourceChromium::Job::Job( ChannelIDSourceChromium* channel_id_source, ChannelIDService* channel_id_service) : channel_id_source_(channel_id_source), channel_id_service_(channel_id_service), next_state_(STATE_NONE) { } QuicAsyncStatus ChannelIDSourceChromium::Job::GetChannelIDKey( const std::string& hostname, scoped_ptr* channel_id_key, ChannelIDSourceCallback* callback) { DCHECK(channel_id_key); DCHECK(callback); if (STATE_NONE != next_state_) { DLOG(DFATAL) << "GetChannelIDKey has begun"; return QUIC_FAILURE; } channel_id_key_.reset(); hostname_ = hostname; next_state_ = STATE_GET_CHANNEL_ID_KEY; switch (DoLoop(OK)) { case OK: channel_id_key->reset(channel_id_key_.release()); return QUIC_SUCCESS; case ERR_IO_PENDING: callback_.reset(callback); return QUIC_PENDING; default: channel_id_key->reset(); return QUIC_FAILURE; } } int ChannelIDSourceChromium::Job::DoLoop(int last_result) { int rv = last_result; do { State state = next_state_; next_state_ = STATE_NONE; switch (state) { case STATE_GET_CHANNEL_ID_KEY: DCHECK(rv == OK); rv = DoGetChannelIDKey(rv); break; case STATE_GET_CHANNEL_ID_KEY_COMPLETE: rv = DoGetChannelIDKeyComplete(rv); break; case STATE_NONE: default: rv = ERR_UNEXPECTED; LOG(DFATAL) << "unexpected state " << state; break; } } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); return rv; } void ChannelIDSourceChromium::Job::OnIOComplete(int result) { int rv = DoLoop(result); if (rv != ERR_IO_PENDING) { scoped_ptr callback(callback_.release()); callback->Run(&channel_id_key_); // Will delete |this|. channel_id_source_->OnJobComplete(this); } } int ChannelIDSourceChromium::Job::DoGetChannelIDKey(int result) { next_state_ = STATE_GET_CHANNEL_ID_KEY_COMPLETE; return channel_id_service_->GetOrCreateChannelID( hostname_, &channel_id_private_key_, &channel_id_cert_, base::Bind(&ChannelIDSourceChromium::Job::OnIOComplete, base::Unretained(this)), &channel_id_request_handle_); } int ChannelIDSourceChromium::Job::DoGetChannelIDKeyComplete(int result) { DCHECK_EQ(STATE_NONE, next_state_); if (result != OK) { DLOG(WARNING) << "Failed to look up channel ID: " << ErrorToString(result); return result; } std::vector encrypted_private_key_info( channel_id_private_key_.size()); memcpy(&encrypted_private_key_info[0], channel_id_private_key_.data(), channel_id_private_key_.size()); base::StringPiece spki_piece; if (!asn1::ExtractSPKIFromDERCert(channel_id_cert_, &spki_piece)) { return ERR_UNEXPECTED; } std::vector subject_public_key_info(spki_piece.size()); memcpy(&subject_public_key_info[0], spki_piece.data(), spki_piece.size()); crypto::ECPrivateKey* ec_private_key = crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( ChannelIDService::kEPKIPassword, encrypted_private_key_info, subject_public_key_info); if (!ec_private_key) { // TODO(wtc): use the new error code ERR_CHANNEL_ID_IMPORT_FAILED to be // added in https://codereview.chromium.org/338093012/. return ERR_UNEXPECTED; } channel_id_key_.reset(new ChannelIDKeyChromium(ec_private_key)); return result; } ChannelIDSourceChromium::ChannelIDSourceChromium( ChannelIDService* channel_id_service) : channel_id_service_(channel_id_service) { } ChannelIDSourceChromium::~ChannelIDSourceChromium() { STLDeleteElements(&active_jobs_); } QuicAsyncStatus ChannelIDSourceChromium::GetChannelIDKey( const std::string& hostname, scoped_ptr* channel_id_key, ChannelIDSourceCallback* callback) { scoped_ptr job(new Job(this, channel_id_service_)); QuicAsyncStatus status = job->GetChannelIDKey(hostname, channel_id_key, callback); if (status == QUIC_PENDING) { active_jobs_.insert(job.release()); } return status; } void ChannelIDSourceChromium::OnJobComplete(Job* job) { active_jobs_.erase(job); delete job; } } // namespace net