Blame - cryptohome/key_challenge_service_impl.cc - chromium.googlesource.com/chromiumos/platform2

blob: 01f19b3f349587c3de39c26348841ffb5ca5d9ad [file] [log] [blame]

Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	1	// Copyright 2018 The Chromium OS Authors. All rights reserved.
				2	// Use of this source code is governed by a BSD-style license that can be
				3	// found in the LICENSE file.
				4
				5	#include "cryptohome/key_challenge_service_impl.h"
				6
				7	#include <cstdint>
				8	#include <memory>
				9	#include <utility>
				10	#include <vector>
				11
				12	#include <base/bind.h>
Qijiang Fan	713061e	2021-03-08 15:45:12 +0900	[diff] [blame]	13	#include <base/check.h>
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	14	#include <base/logging.h>
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	15	#include <base/optional.h>
Maksim Ivanov	9de3f8b	2020-02-26 18:35:40 +0100	[diff] [blame]	16	#include <base/time/time.h>
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	17	#include <brillo/errors/error.h>
				18	#include <dbus/bus.h>
				19	#include <google/protobuf/message_lite.h>
				20
				21	namespace cryptohome {
				22
				23	namespace {
				24
Maksim Ivanov	9de3f8b	2020-02-26 18:35:40 +0100	[diff] [blame]	25	// This is currently equal to the timeout used by the Chrome when making
				26	// MountEx/CheckKeyEx calls to cryptohomed. (These timeouts are not technically
				27	// required to be equal, but it's good from the UX perspective).
				28	constexpr base::TimeDelta kDbusCallTimeout = base::TimeDelta::FromMinutes(2);
				29
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	30	// Used for holding OnceCallback when multiple callback function needs it, but
				31	// only one of them will run. Note: This is not thread safe.
				32	template <typename T>
				33	class OnceCallbackHolder {
				34	public:
				35	explicit OnceCallbackHolder(T obj) : obj_(std::move(obj)) {}
				36
				37	T get() {
John L Chen	c36f8b0	2019-05-14 21:52:32 +0800	[diff] [blame]	38	DCHECK(obj_.has_value());
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	39	base::Optional<T> res;
				40	std::swap(res, obj_);
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	41	return std::move(res.value());
				42	}
				43
				44	private:
				45	// The object that we are holding
				46	base::Optional<T> obj_;
				47	};
				48
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	49	std::vector<uint8_t> SerializeProto(
				50	const google::protobuf::MessageLite& proto) {
				51	std::vector<uint8_t> serialized_proto(proto.ByteSizeLong());
				52	CHECK(
				53	proto.SerializeToArray(serialized_proto.data(), serialized_proto.size()));
				54	return serialized_proto;
				55	}
				56
				57	bool DeserializeProto(const std::vector<uint8_t>& raw_buf,
				58	google::protobuf::MessageLite* proto) {
				59	return proto->ParseFromArray(raw_buf.data(), raw_buf.size());
				60	}
				61
				62	void OnDBusChallengeKeySuccess(
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	63	std::shared_ptr<OnceCallbackHolder<KeyChallengeService::ResponseCallback>>
				64	callback_holder,
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	65	const std::vector<uint8_t>& challenge_response) {
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	66	KeyChallengeService::ResponseCallback original_callback =
				67	callback_holder->get();
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	68	if (challenge_response.empty()) {
Maksim Ivanov	df2e528	2020-01-30 02:00:27 +0100	[diff] [blame]	69	// TODO(crbug.com/1046860): Remove the logging after stabilizing the
				70	// feature.
				71	LOG(INFO) << "Signature key challenge failed: empty response";
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	72	std::move(original_callback).Run(nullptr /* response */);
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	73	return;
				74	}
				75	auto response_proto = std::make_unique<KeyChallengeResponse>();
				76	if (!DeserializeProto(challenge_response, response_proto.get())) {
				77	LOG(ERROR)
				78	<< "Failed to parse KeyChallengeResponse from ChallengeKey D-Bus call";
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	79	std::move(original_callback).Run(nullptr /* response */);
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	80	return;
				81	}
Maksim Ivanov	df2e528	2020-01-30 02:00:27 +0100	[diff] [blame]	82	// TODO(crbug.com/1046860): Remove the logging after stabilizing the feature.
				83	if (response_proto->has_signature_response_data()) {
				84	LOG(INFO) << "Signature key challenge succeeded: signature size "
				85	<< response_proto->signature_response_data().signature().size();
				86	} else {
				87	LOG(INFO) << "Key challenge completed with no signature";
				88	}
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	89	std::move(original_callback).Run(std::move(response_proto));
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	90	}
				91
				92	void OnDBusChallengeKeyFailure(
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	93	std::shared_ptr<OnceCallbackHolder<KeyChallengeService::ResponseCallback>>
				94	callback_holder,
Maksim Ivanov	df2e528	2020-01-30 02:00:27 +0100	[diff] [blame]	95	brillo::Error* error) {
				96	// TODO(crbug.com/1046860): Remove the logging after stabilizing the feature.
				97	if (error) {
				98	LOG(INFO) << "Signature key challenge failed: dbus error code "
				99	<< error->GetCode() << ", message " << error->GetMessage();
				100	} else {
				101	LOG(INFO) << "Key challenge failed: unknown dbus error";
				102	}
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	103	KeyChallengeService::ResponseCallback original_callback =
				104	callback_holder->get();
				105	std::move(original_callback).Run(nullptr /* response */);
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	106	}
				107
Xiaoyong Zhou	d42c242	2019-11-15 14:29:30 -0800	[diff] [blame]	108	void OnDBusFidoMakeCredentialSuccess(
				109	std::shared_ptr<OnceCallbackHolder<
				110	KeyChallengeService::MakeCredentialCallback>> callback_holder,
				111	const std::vector<uint8_t>& make_credential_response) {
				112	KeyChallengeService::MakeCredentialCallback original_callback =
				113	callback_holder->get();
				114
				115	if (make_credential_response.empty()) {
				116	std::move(original_callback).Run(nullptr /* response */);
				117	return;
				118	}
				119	auto response =
				120	std::make_unique<cryptohome::fido::MakeCredentialAuthenticatorResponse>();
				121	if (!DeserializeProto(make_credential_response, response.get())) {
				122	LOG(ERROR) << "Failed to parse MakeCredentialAuthenticatorResponse from "
				123	<< "FidoMakeCredential D-Bus call";
				124	return;
				125	}
				126	std::move(original_callback).Run(std::move(response));
				127	}
				128
				129	void OnDBusFidoMakeCredentialFailure(
				130	std::shared_ptr<OnceCallbackHolder<
				131	KeyChallengeService::MakeCredentialCallback>> callback_holder,
				132	brillo::Error* error) {
				133	LOG(ERROR) << error->GetMessage();
				134	KeyChallengeService::MakeCredentialCallback original_callback =
				135	callback_holder->get();
				136	std::move(original_callback).Run(nullptr /* response */);
				137	}
				138
				139	void OnDBusFidoGetAssertionSuccess(
				140	std::shared_ptr<OnceCallbackHolder<
				141	KeyChallengeService::GetAssertionCallback>> callback_holder,
				142	const std::vector<uint8_t>& get_assertion_response) {
				143	KeyChallengeService::GetAssertionCallback original_callback =
				144	callback_holder->get();
				145
				146	if (get_assertion_response.empty()) {
				147	std::move(original_callback).Run(nullptr /* response */);
				148	return;
				149	}
				150
				151	auto response =
				152	std::make_unique<cryptohome::fido::GetAssertionAuthenticatorResponse>();
				153	if (!DeserializeProto(get_assertion_response, response.get())) {
				154	LOG(ERROR) << "Failed to parse GetAssertionAuthenticatorResponse from "
				155	<< "FidoGetAssertion D-Bus call";
				156	return;
				157	}
				158	std::move(original_callback).Run(std::move(response));
				159	}
				160
				161	void OnDBusFidoGetAssertionFailure(
				162	std::shared_ptr<OnceCallbackHolder<
				163	KeyChallengeService::GetAssertionCallback>> callback_holder,
				164	brillo::Error* error) {
				165	LOG(ERROR) << error->GetMessage();
				166	KeyChallengeService::GetAssertionCallback original_callback =
				167	callback_holder->get();
				168	std::move(original_callback).Run(nullptr /* response */);
				169	}
				170
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	171	} // namespace
				172
				173	KeyChallengeServiceImpl::KeyChallengeServiceImpl(
				174	scoped_refptr<dbus::Bus> dbus_bus,
				175	const std::string& key_delegate_dbus_service_name)
Maksim Ivanov	e6232ad	2019-03-13 21:13:22 +0100	[diff] [blame]	176	: key_delegate_dbus_service_name_(key_delegate_dbus_service_name),
				177	dbus_proxy_(dbus_bus, key_delegate_dbus_service_name_) {
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	178	DCHECK(dbus_bus);
Maksim Ivanov	e6232ad	2019-03-13 21:13:22 +0100	[diff] [blame]	179	DCHECK(!key_delegate_dbus_service_name_.empty());
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	180	}
				181
				182	KeyChallengeServiceImpl::~KeyChallengeServiceImpl() = default;
				183
				184	void KeyChallengeServiceImpl::ChallengeKey(
				185	const AccountIdentifier& account_id,
				186	const KeyChallengeRequest& key_challenge_request,
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	187	ResponseCallback response_callback) {
Maksim Ivanov	e6232ad	2019-03-13 21:13:22 +0100	[diff] [blame]	188	if (!dbus_validate_bus_name(key_delegate_dbus_service_name_.c_str(),
				189	nullptr /* error */)) {
				190	// Bail out to avoid crashing inside the D-Bus library.
				191	// TODO(emaxx): Remove this special handling once libchrome is uprev'ed to
				192	// include the fix from crbug.com/927196.
Xiaoyong Zhou	d42c242	2019-11-15 14:29:30 -0800	[diff] [blame]	193	LOG(ERROR) << "Invalid key challenge service name "
				194	<< key_delegate_dbus_service_name_;
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	195	std::move(response_callback).Run(nullptr /* response */);
Maksim Ivanov	e6232ad	2019-03-13 21:13:22 +0100	[diff] [blame]	196	return;
				197	}
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	198	std::shared_ptr<OnceCallbackHolder<ResponseCallback>> callback_holder(
				199	new OnceCallbackHolder<ResponseCallback>(std::move(response_callback)));
Maksim Ivanov	df2e528	2020-01-30 02:00:27 +0100	[diff] [blame]	200	// TODO(crbug.com/1046860): Remove the logging after stabilizing the feature.
				201	if (key_challenge_request.has_signature_request_data()) {
				202	LOG(INFO)
				203	<< "Starting signature key challenge request, size "
				204	<< key_challenge_request.signature_request_data().data_to_sign().size()
				205	<< ", spki size "
				206	<< key_challenge_request.signature_request_data()
				207	.public_key_spki_der()
				208	.size()
				209	<< ", algorithm "
				210	<< key_challenge_request.signature_request_data().signature_algorithm();
				211	}
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	212	dbus_proxy_.ChallengeKeyAsync(
				213	SerializeProto(account_id), SerializeProto(key_challenge_request),
John L Chen	5fcf406	2019-05-13 02:27:51 +0800	[diff] [blame]	214	base::Bind(&OnDBusChallengeKeySuccess, callback_holder),
Maksim Ivanov	9de3f8b	2020-02-26 18:35:40 +0100	[diff] [blame]	215	base::Bind(&OnDBusChallengeKeyFailure, callback_holder),
				216	/timeout_ms=/kDbusCallTimeout.InMilliseconds());
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	217	}
				218
Xiaoyong Zhou	d42c242	2019-11-15 14:29:30 -0800	[diff] [blame]	219	void KeyChallengeServiceImpl::FidoMakeCredential(
				220	const std::string& client_data_json,
				221	const cryptohome::fido::PublicKeyCredentialCreationOptions& request,
				222	MakeCredentialCallback response_callback) {
				223	if (!dbus_validate_bus_name(key_delegate_dbus_service_name_.c_str(),
				224	nullptr /* error */)) {
				225	LOG(ERROR) << "Invalid key challenge service name "
				226	<< key_delegate_dbus_service_name_;
				227	std::move(response_callback).Run(nullptr /* response */);
				228	return;
				229	}
				230
				231	std::shared_ptr<OnceCallbackHolder<MakeCredentialCallback>> callback_holder(
				232	new OnceCallbackHolder<MakeCredentialCallback>(
				233	std::move(response_callback)));
				234	dbus_proxy_.FidoMakeCredentialAsync(
				235	client_data_json, SerializeProto(request),
				236	base::Bind(&OnDBusFidoMakeCredentialSuccess, callback_holder),
				237	base::Bind(&OnDBusFidoMakeCredentialFailure, callback_holder));
				238	}
				239
				240	void KeyChallengeServiceImpl::FidoGetAssertion(
				241	const std::string& client_data_json,
				242	const cryptohome::fido::PublicKeyCredentialRequestOptions& request,
				243	GetAssertionCallback response_callback) {
				244	if (!dbus_validate_bus_name(key_delegate_dbus_service_name_.c_str(),
				245	nullptr)) {
				246	LOG(ERROR) << "Invalid key challenge service name "
				247	<< key_delegate_dbus_service_name_;
				248	std::move(response_callback).Run(nullptr /* response */);
				249	return;
				250	}
				251
				252	std::shared_ptr<OnceCallbackHolder<GetAssertionCallback>> callback_holder(
				253	new OnceCallbackHolder<GetAssertionCallback>(
				254	std::move(response_callback)));
				255	dbus_proxy_.FidoGetAssertionAsync(
				256	client_data_json, SerializeProto(request),
				257	base::Bind(&OnDBusFidoGetAssertionSuccess, callback_holder),
				258	base::Bind(&OnDBusFidoGetAssertionFailure, callback_holder));
				259	}
				260
Maksim Ivanov	43477a9	2018-12-03 04:59:27 +0100	[diff] [blame]	261	} // namespace cryptohome