blob: 3b086135463ade020ca9193610036cb1cb8be13d [file] [log] [blame]
// Copyright 2015 The Weave Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "src/privet/security_manager.h"
#include <algorithm>
#include <limits>
#include <memory>
#include <set>
#include <base/bind.h>
#include <base/guid.h>
#include <base/logging.h>
#include <base/rand_util.h>
#include <base/strings/string_number_conversions.h>
#include <base/strings/stringprintf.h>
#include <base/time/time.h>
#include <weave/provider/task_runner.h>
#include "src/data_encoding.h"
#include "src/privet/auth_manager.h"
#include "src/privet/constants.h"
#include "src/privet/openssl_utils.h"
#include "src/string_utils.h"
#include "third_party/chromium/crypto/p224_spake.h"
namespace weave {
namespace privet {
namespace {
const int kSessionExpirationTimeMinutes = 5;
const int kPairingExpirationTimeMinutes = 5;
const int kMaxAllowedPairingAttemts = 3;
const int kPairingBlockingTimeMinutes = 1;
const int kAccessTokenExpirationSeconds = 3600;
class Spakep224Exchanger : public SecurityManager::KeyExchanger {
public:
explicit Spakep224Exchanger(const std::string& password)
: spake_(crypto::P224EncryptedKeyExchange::kPeerTypeServer, password) {}
~Spakep224Exchanger() override = default;
// SecurityManager::KeyExchanger methods.
const std::string& GetMessage() override { return spake_.GetNextMessage(); }
bool ProcessMessage(const std::string& message, ErrorPtr* error) override {
switch (spake_.ProcessMessage(message)) {
case crypto::P224EncryptedKeyExchange::kResultPending:
return true;
case crypto::P224EncryptedKeyExchange::kResultFailed:
return Error::AddTo(error, FROM_HERE, errors::kInvalidClientCommitment,
spake_.error());
default:
LOG(FATAL) << "SecurityManager uses only one round trip";
}
return false;
}
const std::string& GetKey() const override {
return spake_.GetUnverifiedKey();
}
private:
crypto::P224EncryptedKeyExchange spake_;
};
} // namespace
SecurityManager::SecurityManager(const Config* config,
AuthManager* auth_manager,
provider::TaskRunner* task_runner)
: config_{config}, auth_manager_{auth_manager}, task_runner_{task_runner} {
CHECK(auth_manager_);
CHECK_EQ(GetSettings().embedded_code.empty(),
std::find(GetSettings().pairing_modes.begin(),
GetSettings().pairing_modes.end(),
PairingType::kEmbeddedCode) ==
GetSettings().pairing_modes.end());
}
SecurityManager::~SecurityManager() {
while (!pending_sessions_.empty())
ClosePendingSession(pending_sessions_.begin()->first);
}
bool SecurityManager::CreateAccessTokenImpl(AuthType auth_type,
AuthScope desired_scope,
std::vector<uint8_t>* access_token,
AuthScope* access_token_scope,
base::TimeDelta* access_token_ttl) {
auto user_id = std::to_string(++last_user_id_);
UserInfo user_info{
desired_scope,
UserAppId{auth_type, {user_id.begin(), user_id.end()}, {}}};
const base::TimeDelta kTtl =
base::TimeDelta::FromSeconds(kAccessTokenExpirationSeconds);
if (access_token)
*access_token = auth_manager_->CreateAccessToken(user_info, kTtl);
if (access_token_scope)
*access_token_scope = user_info.scope();
if (access_token_ttl)
*access_token_ttl = kTtl;
return true;
}
bool SecurityManager::CreateAccessTokenImpl(
AuthType auth_type,
const std::vector<uint8_t>& auth_code,
AuthScope desired_scope,
std::vector<uint8_t>* access_token,
AuthScope* access_token_scope,
base::TimeDelta* access_token_ttl,
ErrorPtr* error) {
auto disabled_mode = [](ErrorPtr* error) {
return Error::AddTo(error, FROM_HERE, errors::kInvalidAuthMode,
"Mode is not available");
};
switch (auth_type) {
case AuthType::kAnonymous:
if (!IsAnonymousAuthSupported())
return disabled_mode(error);
return CreateAccessTokenImpl(auth_type, desired_scope, access_token,
access_token_scope, access_token_ttl);
case AuthType::kPairing:
if (!IsPairingAuthSupported())
return disabled_mode(error);
if (!IsValidPairingCode(auth_code)) {
return Error::AddTo(error, FROM_HERE, errors::kInvalidAuthCode,
"Invalid authCode");
}
return CreateAccessTokenImpl(auth_type, desired_scope, access_token,
access_token_scope, access_token_ttl);
case AuthType::kLocal:
if (!IsLocalAuthSupported())
return disabled_mode(error);
const base::TimeDelta kTtl =
base::TimeDelta::FromSeconds(kAccessTokenExpirationSeconds);
return auth_manager_->CreateAccessTokenFromAuth(
auth_code, kTtl, access_token, access_token_scope, access_token_ttl,
error);
}
return Error::AddTo(error, FROM_HERE, errors::kInvalidAuthMode,
"Unsupported auth mode");
}
bool SecurityManager::CreateAccessToken(AuthType auth_type,
const std::string& auth_code,
AuthScope desired_scope,
std::string* access_token,
AuthScope* access_token_scope,
base::TimeDelta* access_token_ttl,
ErrorPtr* error) {
std::vector<uint8_t> auth_decoded;
if (auth_type != AuthType::kAnonymous &&
!Base64Decode(auth_code, &auth_decoded)) {
Error::AddToPrintf(error, FROM_HERE, errors::kInvalidAuthorization,
"Invalid auth_code encoding: %s", auth_code.c_str());
return false;
}
std::vector<uint8_t> access_token_decoded;
if (!CreateAccessTokenImpl(auth_type, auth_decoded, desired_scope,
&access_token_decoded, access_token_scope,
access_token_ttl, error)) {
return false;
}
if (access_token)
*access_token = Base64Encode(access_token_decoded);
return true;
}
bool SecurityManager::ParseAccessToken(const std::string& token,
UserInfo* user_info,
ErrorPtr* error) const {
std::vector<uint8_t> decoded;
if (!Base64Decode(token, &decoded)) {
Error::AddToPrintf(error, FROM_HERE, errors::kInvalidAuthorization,
"Invalid token encoding: %s", token.c_str());
return false;
}
return auth_manager_->ParseAccessToken(decoded, user_info, error);
}
std::set<PairingType> SecurityManager::GetPairingTypes() const {
return GetSettings().pairing_modes;
}
std::set<CryptoType> SecurityManager::GetCryptoTypes() const {
std::set<CryptoType> result{CryptoType::kSpake_p224};
return result;
}
std::set<AuthType> SecurityManager::GetAuthTypes() const {
std::set<AuthType> result;
if (IsAnonymousAuthSupported())
result.insert(AuthType::kAnonymous);
if (IsPairingAuthSupported())
result.insert(AuthType::kPairing);
if (IsLocalAuthSupported())
result.insert(AuthType::kLocal);
return result;
}
std::string SecurityManager::ClaimRootClientAuthToken(ErrorPtr* error) {
return Base64Encode(auth_manager_->ClaimRootClientAuthToken(
RootClientTokenOwner::kClient, error));
}
bool SecurityManager::ConfirmClientAuthToken(const std::string& token,
ErrorPtr* error) {
std::vector<uint8_t> token_decoded;
if (!Base64Decode(token, &token_decoded)) {
Error::AddToPrintf(error, FROM_HERE, errors::kInvalidFormat,
"Invalid auth token string: '%s'", token.c_str());
return false;
}
return auth_manager_->ConfirmClientAuthToken(token_decoded, error);
}
const Config::Settings& SecurityManager::GetSettings() const {
return config_->GetSettings();
}
bool SecurityManager::IsValidPairingCode(
const std::vector<uint8_t>& auth_code) const {
for (const auto& session : confirmed_sessions_) {
const std::string& key = session.second->GetKey();
const std::string& id = session.first;
if (auth_code == HmacSha256(std::vector<uint8_t>(key.begin(), key.end()),
std::vector<uint8_t>(id.begin(), id.end()))) {
pairing_attemts_ = 0;
block_pairing_until_ = base::Time{};
return true;
}
}
LOG(ERROR) << "Attempt to authenticate with invalide code.";
return false;
}
bool SecurityManager::StartPairing(PairingType mode,
CryptoType crypto,
std::string* session_id,
std::string* device_commitment,
ErrorPtr* error) {
if (!CheckIfPairingAllowed(error))
return false;
const auto& pairing_modes = GetSettings().pairing_modes;
if (std::find(pairing_modes.begin(), pairing_modes.end(), mode) ==
pairing_modes.end()) {
return Error::AddTo(error, FROM_HERE, errors::kInvalidParams,
"Pairing mode is not enabled");
}
std::string code;
switch (mode) {
case PairingType::kEmbeddedCode:
CHECK(!GetSettings().embedded_code.empty());
code = GetSettings().embedded_code;
break;
case PairingType::kPinCode:
code = base::StringPrintf("%04i", base::RandInt(0, 9999));
break;
default:
return Error::AddTo(error, FROM_HERE, errors::kInvalidParams,
"Unsupported pairing mode");
}
std::unique_ptr<KeyExchanger> spake;
switch (crypto) {
case CryptoType::kSpake_p224:
spake.reset(new Spakep224Exchanger(code));
break;
// Fall through...
default:
return Error::AddTo(error, FROM_HERE, errors::kInvalidParams,
"Unsupported crypto");
}
// Allow only a single session at a time for now.
while (!pending_sessions_.empty())
ClosePendingSession(pending_sessions_.begin()->first);
std::string session;
do {
session = base::GenerateGUID();
} while (confirmed_sessions_.find(session) != confirmed_sessions_.end() ||
pending_sessions_.find(session) != pending_sessions_.end());
std::string commitment = spake->GetMessage();
pending_sessions_.insert(std::make_pair(session, std::move(spake)));
task_runner_->PostDelayedTask(
FROM_HERE,
base::Bind(base::IgnoreResult(&SecurityManager::ClosePendingSession),
weak_ptr_factory_.GetWeakPtr(), session),
base::TimeDelta::FromMinutes(kPairingExpirationTimeMinutes));
*session_id = session;
*device_commitment = Base64Encode(commitment);
LOG(INFO) << "Pairing code for session " << *session_id << " is " << code;
// TODO(vitalybuka): Handle case when device can't start multiple pairing
// simultaneously and implement throttling to avoid brute force attack.
if (!on_start_.is_null()) {
on_start_.Run(session, mode,
std::vector<uint8_t>{code.begin(), code.end()});
}
return true;
}
bool SecurityManager::ConfirmPairing(const std::string& session_id,
const std::string& client_commitment,
std::string* fingerprint,
std::string* signature,
ErrorPtr* error) {
auto session = pending_sessions_.find(session_id);
if (session == pending_sessions_.end()) {
Error::AddToPrintf(error, FROM_HERE, errors::kUnknownSession,
"Unknown session id: '%s'", session_id.c_str());
return false;
}
std::vector<uint8_t> commitment;
if (!Base64Decode(client_commitment, &commitment)) {
ClosePendingSession(session_id);
Error::AddToPrintf(error, FROM_HERE, errors::kInvalidFormat,
"Invalid commitment string: '%s'",
client_commitment.c_str());
return false;
}
if (!session->second->ProcessMessage(
std::string(commitment.begin(), commitment.end()), error)) {
ClosePendingSession(session_id);
return Error::AddTo(error, FROM_HERE, errors::kCommitmentMismatch,
"Pairing code or crypto implementation mismatch");
}
const std::string& key = session->second->GetKey();
VLOG(3) << "KEY " << base::HexEncode(key.data(), key.size());
const auto& certificate_fingerprint =
auth_manager_->GetCertificateFingerprint();
*fingerprint = Base64Encode(certificate_fingerprint);
std::vector<uint8_t> cert_hmac = HmacSha256(
std::vector<uint8_t>(key.begin(), key.end()), certificate_fingerprint);
*signature = Base64Encode(cert_hmac);
confirmed_sessions_.insert(
std::make_pair(session->first, std::move(session->second)));
task_runner_->PostDelayedTask(
FROM_HERE,
base::Bind(base::IgnoreResult(&SecurityManager::CloseConfirmedSession),
weak_ptr_factory_.GetWeakPtr(), session_id),
base::TimeDelta::FromMinutes(kSessionExpirationTimeMinutes));
ClosePendingSession(session_id);
return true;
}
bool SecurityManager::CancelPairing(const std::string& session_id,
ErrorPtr* error) {
bool confirmed = CloseConfirmedSession(session_id);
bool pending = ClosePendingSession(session_id);
if (pending) {
CHECK_GE(pairing_attemts_, 1);
--pairing_attemts_;
}
CHECK(!confirmed || !pending);
if (confirmed || pending)
return true;
Error::AddToPrintf(error, FROM_HERE, errors::kUnknownSession,
"Unknown session id: '%s'", session_id.c_str());
return false;
}
std::string SecurityManager::CreateSessionId() {
return auth_manager_->CreateSessionId();
}
void SecurityManager::RegisterPairingListeners(
const PairingStartListener& on_start,
const PairingEndListener& on_end) {
CHECK(on_start_.is_null() && on_end_.is_null());
on_start_ = on_start;
on_end_ = on_end;
}
bool SecurityManager::CheckIfPairingAllowed(ErrorPtr* error) {
if (block_pairing_until_ > auth_manager_->Now()) {
return Error::AddTo(error, FROM_HERE, errors::kDeviceBusy,
"Too many pairing attempts");
}
if (++pairing_attemts_ >= kMaxAllowedPairingAttemts) {
LOG(INFO) << "Pairing blocked for" << kPairingBlockingTimeMinutes
<< "minutes.";
block_pairing_until_ = auth_manager_->Now();
block_pairing_until_ +=
base::TimeDelta::FromMinutes(kPairingBlockingTimeMinutes);
}
return true;
}
bool SecurityManager::ClosePendingSession(const std::string& session_id) {
// The most common source of these session_id values is the map containing
// the sessions, which we're about to clear out. Make a local copy.
const std::string safe_session_id{session_id};
const size_t num_erased = pending_sessions_.erase(safe_session_id);
if (num_erased > 0 && !on_end_.is_null())
on_end_.Run(safe_session_id);
return num_erased != 0;
}
bool SecurityManager::CloseConfirmedSession(const std::string& session_id) {
return confirmed_sessions_.erase(session_id) != 0;
}
bool SecurityManager::IsAnonymousAuthSupported() const {
return GetSettings().local_anonymous_access_role != AuthScope::kNone;
}
bool SecurityManager::IsPairingAuthSupported() const {
return GetSettings().local_pairing_enabled;
}
bool SecurityManager::IsLocalAuthSupported() const {
return GetSettings().root_client_token_owner != RootClientTokenOwner::kNone;
}
} // namespace privet
} // namespace weave