| // Copyright 2024 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/device_bound_sessions/test_support.h" |
| |
| #include <vector> |
| |
| #include "base/base64url.h" |
| #include "base/compiler_specific.h" |
| #include "base/containers/to_vector.h" |
| #include "base/json/json_reader.h" |
| #include "base/json/json_writer.h" |
| #include "base/strings/strcat.h" |
| #include "base/strings/string_util.h" |
| #include "base/values.h" |
| #include "crypto/signature_verifier.h" |
| #include "net/test/embedded_test_server/http_request.h" |
| #include "net/test/embedded_test_server/http_response.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| #include "third_party/boringssl/src/include/openssl/base.h" |
| #include "third_party/boringssl/src/include/openssl/bn.h" |
| #include "third_party/boringssl/src/include/openssl/bytestring.h" |
| #include "third_party/boringssl/src/include/openssl/ec_key.h" |
| #include "third_party/boringssl/src/include/openssl/ecdsa.h" |
| #include "third_party/boringssl/src/include/openssl/evp.h" |
| #include "third_party/boringssl/src/include/openssl/mem.h" |
| |
| namespace net::device_bound_sessions { |
| |
| namespace { |
| |
| std::unique_ptr<net::test_server::HttpResponse> RequestHandler( |
| const GURL& base_url, |
| const net::test_server::HttpRequest& request) { |
| auto response = std::make_unique<net::test_server::BasicHttpResponse>(); |
| response->set_code(net::HTTP_OK); |
| if (request.relative_url == "/dbsc_required") { |
| response->AddCustomHeader( |
| "Sec-Session-Registration", |
| "(RS256 " |
| "ES256);challenge=\"challenge_value\";path=\"dbsc_register_session\""); |
| return response; |
| } else if (request.relative_url == "/dbsc_register_session") { |
| response->AddCustomHeader("Set-Cookie", "auth_cookie=abcdef0123;"); |
| |
| const auto registration_response = |
| base::Value::Dict() |
| .Set("session_identifier", "session_id") |
| .Set("refresh_url", |
| base_url.Resolve("/dbsc_refresh_session").spec()) |
| .Set("credentials", |
| base::Value::List().Append(base::Value::Dict() |
| .Set("type", "cookie") |
| .Set("name", "auth_cookie") |
| .Set("attributes", ""))); |
| |
| std::optional<std::string> json = base::WriteJson(registration_response); |
| EXPECT_TRUE(json.has_value()); |
| response->set_content(*json); |
| return response; |
| } |
| return nullptr; |
| } |
| |
| std::optional<std::vector<uint8_t>> Es256JwkToSpki( |
| const base::Value::Dict& jwk) { |
| const std::string* x = jwk.FindString("x"); |
| const std::string* y = jwk.FindString("y"); |
| if (!x || !y) { |
| return std::nullopt; |
| } |
| |
| std::optional<std::vector<uint8_t>> x_bytes = |
| base::Base64UrlDecode(*x, base::Base64UrlDecodePolicy::DISALLOW_PADDING); |
| std::optional<std::vector<uint8_t>> y_bytes = |
| base::Base64UrlDecode(*y, base::Base64UrlDecodePolicy::DISALLOW_PADDING); |
| if (!x_bytes || !y_bytes) { |
| return std::nullopt; |
| } |
| |
| bssl::UniquePtr<EC_KEY> ec_key( |
| EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); |
| if (!ec_key) { |
| return std::nullopt; |
| } |
| |
| bssl::UniquePtr<BIGNUM> x_bn( |
| BN_bin2bn(x_bytes->data(), x_bytes->size(), nullptr)); |
| bssl::UniquePtr<BIGNUM> y_bn( |
| BN_bin2bn(y_bytes->data(), y_bytes->size(), nullptr)); |
| if (!x_bn || !y_bn) { |
| return std::nullopt; |
| } |
| |
| if (!EC_KEY_set_public_key_affine_coordinates(ec_key.get(), x_bn.get(), |
| y_bn.get())) { |
| return std::nullopt; |
| } |
| |
| bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); |
| if (!pkey || !EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get())) { |
| return std::nullopt; |
| } |
| |
| bssl::ScopedCBB cbb; |
| if (!CBB_init(cbb.get(), 0) || |
| !EVP_marshal_public_key(cbb.get(), pkey.get())) { |
| return std::nullopt; |
| } |
| |
| uint8_t* data; |
| size_t len; |
| if (!CBB_finish(cbb.get(), &data, &len)) { |
| return std::nullopt; |
| } |
| |
| bssl::UniquePtr<uint8_t> delete_der(data); |
| // SAFETY: `CBB_finish` uses a C-style API. |
| auto spki_span = UNSAFE_BUFFERS(base::span<const uint8_t>(data, len)); |
| return base::ToVector(spki_span); |
| } |
| |
| std::optional<std::vector<uint8_t>> RawSigToDerSig( |
| base::span<const uint8_t> raw_sig) { |
| base::span<const uint8_t> r_bytes = raw_sig.first(32u); |
| base::span<const uint8_t> s_bytes = raw_sig.subspan(32u); |
| |
| bssl::UniquePtr<ECDSA_SIG> ecdsa_sig(ECDSA_SIG_new()); |
| if (!ecdsa_sig) { |
| return std::nullopt; |
| } |
| |
| BN_bin2bn(r_bytes.data(), r_bytes.size(), ecdsa_sig->r); |
| BN_bin2bn(s_bytes.data(), s_bytes.size(), ecdsa_sig->s); |
| if (!ecdsa_sig->r || !ecdsa_sig->s) { |
| return std::nullopt; |
| } |
| |
| uint8_t* der; |
| size_t der_len; |
| if (!ECDSA_SIG_to_bytes(&der, &der_len, ecdsa_sig.get())) { |
| return std::nullopt; |
| } |
| |
| bssl::UniquePtr<uint8_t> delete_der(der); |
| // SAFETY: `ECDSA_SIG_to_bytes` uses a C-style API. |
| auto der_span = UNSAFE_BUFFERS(base::span<const uint8_t>(der, der_len)); |
| return base::ToVector(der_span); |
| } |
| |
| } // namespace |
| |
| std::pair<base::span<const uint8_t>, std::string> |
| GetRS256SpkiAndJwkForTesting() { |
| static constexpr uint8_t kSpki[] = { |
| 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, |
| 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, |
| 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB8, 0x72, 0x09, |
| 0xEA, 0xD7, 0x1D, 0x84, 0xD4, 0x9B, 0x22, 0xA1, 0xE8, 0x6A, 0x5F, 0xB1, |
| 0x6C, 0x03, 0x8B, 0x45, 0xDA, 0xF7, 0xE5, 0xF9, 0x0E, 0x95, 0xF2, 0x43, |
| 0xE6, 0x38, 0x19, 0x2B, 0x23, 0x29, 0x22, 0xA7, 0xE6, 0xF6, 0xEC, 0xB6, |
| 0x43, 0x61, 0xFB, 0x5F, 0x4C, 0xEA, 0xB8, 0x77, 0x9E, 0x43, 0x18, 0x76, |
| 0x2D, 0x16, 0x84, 0x44, 0xA1, 0x29, 0xA6, 0x93, 0xC3, 0x02, 0x1A, 0x11, |
| 0x1F, 0x2A, 0x3D, 0xDC, 0xE9, 0x44, 0xAE, 0x61, 0x9F, 0xC1, 0xDE, 0xDB, |
| 0xEA, 0x04, 0x01, 0xE5, 0x2A, 0xAB, 0x55, 0x67, 0xA6, 0x3D, 0xB3, 0x97, |
| 0xA7, 0x15, 0x02, 0x7B, 0xCA, 0x4C, 0x44, 0xA1, 0x4D, 0x2B, 0xB9, 0xBE, |
| 0xE3, 0x96, 0xC3, 0x17, 0x42, 0x4D, 0xCA, 0x60, 0xA8, 0x30, 0xC5, 0xD0, |
| 0xC9, 0x64, 0xD8, 0x39, 0xB0, 0x91, 0xA8, 0x22, 0x94, 0xA0, 0x61, 0x6B, |
| 0xE6, 0xF4, 0xD9, 0x64, 0x82, 0x17, 0xB3, 0x27, 0xF6, 0xDA, 0x3D, 0xEF, |
| 0xD8, 0x05, 0x87, 0x90, 0x1C, 0xE5, 0xB5, 0xB3, 0xB5, 0x41, 0x0E, 0xFC, |
| 0x45, 0xAD, 0x64, 0xCA, 0xB1, 0x39, 0x10, 0x63, 0x32, 0x67, 0x7E, 0x88, |
| 0x95, 0x0F, 0xFD, 0x8E, 0xCE, 0x5A, 0xF7, 0x5B, 0x60, 0x85, 0xA3, 0xB0, |
| 0x48, 0x26, 0x10, 0x19, 0xDA, 0x0A, 0xC5, 0xD3, 0x78, 0x6E, 0x0B, 0x86, |
| 0x78, 0x55, 0xB4, 0xA8, 0xFD, 0x1C, 0x81, 0x8A, 0x33, 0x18, 0x40, 0x1A, |
| 0x5F, 0x75, 0x87, 0xD1, 0x05, 0x2B, 0x2B, 0x53, 0x1F, 0xAD, 0x8E, 0x22, |
| 0xB3, 0xEE, 0x1C, 0xA1, 0x03, 0x97, 0xF1, 0xE0, 0x88, 0x0F, 0x98, 0xAF, |
| 0x05, 0x37, 0xB3, 0xC3, 0x95, 0x1C, 0x34, 0xDE, 0x39, 0xEB, 0x85, 0x12, |
| 0xEC, 0x3D, 0x77, 0x27, 0xA7, 0x5C, 0xEA, 0x39, 0x24, 0xD5, 0xE9, 0x49, |
| 0xCF, 0x97, 0x88, 0x4A, 0xF4, 0x01, 0x4F, 0xA4, 0x7E, 0x77, 0x57, 0x7F, |
| 0x73, 0x02, 0x03, 0x01, 0x00, 0x01}; |
| |
| static constexpr char kJwkTemplate[] = R"json({ |
| "kty": "RSA", |
| "n": "<n>", |
| "e": "AQAB"})json"; |
| |
| static constexpr char kRsaN[] = |
| "uHIJ6tcdhNSbIqHoal-xbAOLRdr35fkOlfJD5jgZKyMpIqfm9uy2Q2H7X0zquHeeQxh2LRaE" |
| "RKEpppPDAhoRHyo93OlErmGfwd7b6gQB5SqrVWemPbOXpxUCe8pMRKFNK7m-45bDF0JNymCo" |
| "MMXQyWTYObCRqCKUoGFr5vTZZIIXsyf22j3v2AWHkBzltbO1QQ78Ra1kyrE5EGMyZ36IlQ_9" |
| "js5a91tghaOwSCYQGdoKxdN4bguGeFW0qP0cgYozGEAaX3WH0QUrK1MfrY4is-4coQOX8eCI" |
| "D5ivBTezw5UcNN4564US7D13J6dc6jkk1elJz5eISvQBT6R-d1d_cw"; |
| |
| std::string jwk = kJwkTemplate; |
| base::ReplaceFirstSubstringAfterOffset(&jwk, 0, "<n>", kRsaN); |
| |
| return {kSpki, jwk}; |
| } |
| |
| EmbeddedTestServer::HandleRequestCallback GetTestRequestHandler( |
| const GURL& base_url) { |
| return base::BindRepeating(&RequestHandler, base_url); |
| } |
| |
| bool VerifyEs256Jwt(std::string_view jwt) { |
| // Parse JWT. |
| std::vector<std::string> jwt_sections = |
| base::SplitString(jwt, ".", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); |
| if (jwt_sections.size() != 3u) { |
| return false; |
| } |
| |
| const std::string& header64 = jwt_sections[0]; |
| const std::string& payload64 = jwt_sections[1]; |
| const std::string& signature64 = jwt_sections[2]; |
| |
| std::string payload, signature; |
| if (!base::Base64UrlDecode( |
| payload64, base::Base64UrlDecodePolicy::DISALLOW_PADDING, &payload) || |
| !base::Base64UrlDecode(signature64, |
| base::Base64UrlDecodePolicy::DISALLOW_PADDING, |
| &signature)) { |
| return false; |
| } |
| |
| // Extract the JWK. |
| const std::optional<base::Value::Dict> payload_json = |
| base::JSONReader::ReadDict(payload); |
| if (!payload_json) { |
| return false; |
| } |
| |
| const base::Value::Dict* jwk = payload_json->FindDict("key"); |
| if (!jwk) { |
| return false; |
| } |
| |
| // `crypto::SignatureVerifier` expects the public key in the |
| // SubjectPublicKeyInfo format and the signature in the DER format, so convert |
| // accordingly. |
| std::optional<std::vector<uint8_t>> spki = Es256JwkToSpki(*jwk); |
| if (!spki) { |
| return false; |
| } |
| |
| std::optional<std::vector<uint8_t>> der_sig = |
| RawSigToDerSig(base::as_byte_span((signature))); |
| if (!der_sig) { |
| return false; |
| } |
| |
| crypto::SignatureVerifier verifier; |
| verifier.VerifyInit(crypto::SignatureVerifier::ECDSA_SHA256, der_sig.value(), |
| spki.value()); |
| verifier.VerifyUpdate( |
| base::as_byte_span(base::StrCat({header64, ".", payload64}))); |
| return verifier.VerifyFinal(); |
| } |
| |
| } // namespace net::device_bound_sessions |