// Copyright 2015 The Weave Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "src/privet/security_manager.h" #include <algorithm> #include <limits> #include <memory> #include <set> #include <base/bind.h> #include <base/guid.h> #include <base/logging.h> #include <base/rand_util.h> #include <base/strings/string_number_conversions.h> #include <base/strings/stringprintf.h> #include <base/time/time.h> #include <weave/provider/task_runner.h> #include "src/data_encoding.h" #include "src/privet/auth_manager.h" #include "src/privet/constants.h" #include "src/privet/openssl_utils.h" #include "src/string_utils.h" #include "third_party/chromium/crypto/p224_spake.h" namespace weave { namespace privet { namespace { const int kSessionExpirationTimeMinutes = 5; const int kPairingExpirationTimeMinutes = 5; const int kMaxAllowedPairingAttemts = 3; const int kPairingBlockingTimeMinutes = 1; const int kAccessTokenExpirationSeconds = 3600; class Spakep224Exchanger : public SecurityManager::KeyExchanger { public: explicit Spakep224Exchanger(const std::string& password) : spake_(crypto::P224EncryptedKeyExchange::kPeerTypeServer, password) {} ~Spakep224Exchanger() override = default; // SecurityManager::KeyExchanger methods. const std::string& GetMessage() override { return spake_.GetNextMessage(); } bool ProcessMessage(const std::string& message, ErrorPtr* error) override { switch (spake_.ProcessMessage(message)) { case crypto::P224EncryptedKeyExchange::kResultPending: return true; case crypto::P224EncryptedKeyExchange::kResultFailed: return Error::AddTo(error, FROM_HERE, errors::kInvalidClientCommitment, spake_.error()); default: LOG(FATAL) << "SecurityManager uses only one round trip"; } return false; } const std::string& GetKey() const override { return spake_.GetUnverifiedKey(); } private: crypto::P224EncryptedKeyExchange spake_; }; } // namespace SecurityManager::SecurityManager(const Config* config, AuthManager* auth_manager, provider::TaskRunner* task_runner) : config_{config}, auth_manager_{auth_manager}, task_runner_{task_runner} { CHECK(auth_manager_); CHECK_EQ(GetSettings().embedded_code.empty(), std::find(GetSettings().pairing_modes.begin(), GetSettings().pairing_modes.end(), PairingType::kEmbeddedCode) == GetSettings().pairing_modes.end()); } SecurityManager::~SecurityManager() { while (!pending_sessions_.empty()) ClosePendingSession(pending_sessions_.begin()->first); } bool SecurityManager::CreateAccessTokenImpl(AuthType auth_type, AuthScope desired_scope, std::vector<uint8_t>* access_token, AuthScope* access_token_scope, base::TimeDelta* access_token_ttl) { auto user_id = std::to_string(++last_user_id_); UserInfo user_info{ desired_scope, UserAppId{auth_type, {user_id.begin(), user_id.end()}, {}}}; const base::TimeDelta kTtl = base::TimeDelta::FromSeconds(kAccessTokenExpirationSeconds); if (access_token) *access_token = auth_manager_->CreateAccessToken(user_info, kTtl); if (access_token_scope) *access_token_scope = user_info.scope(); if (access_token_ttl) *access_token_ttl = kTtl; return true; } bool SecurityManager::CreateAccessTokenImpl( AuthType auth_type, const std::vector<uint8_t>& auth_code, AuthScope desired_scope, std::vector<uint8_t>* access_token, AuthScope* access_token_scope, base::TimeDelta* access_token_ttl, ErrorPtr* error) { auto disabled_mode = [](ErrorPtr* error) { return Error::AddTo(error, FROM_HERE, errors::kInvalidAuthMode, "Mode is not available"); }; switch (auth_type) { case AuthType::kAnonymous: if (!IsAnonymousAuthSupported()) return disabled_mode(error); return CreateAccessTokenImpl(auth_type, desired_scope, access_token, access_token_scope, access_token_ttl); case AuthType::kPairing: if (!IsPairingAuthSupported()) return disabled_mode(error); if (!IsValidPairingCode(auth_code)) { return Error::AddTo(error, FROM_HERE, errors::kInvalidAuthCode, "Invalid authCode"); } return CreateAccessTokenImpl(auth_type, desired_scope, access_token, access_token_scope, access_token_ttl); case AuthType::kLocal: if (!IsLocalAuthSupported()) return disabled_mode(error); const base::TimeDelta kTtl = base::TimeDelta::FromSeconds(kAccessTokenExpirationSeconds); return auth_manager_->CreateAccessTokenFromAuth( auth_code, kTtl, access_token, access_token_scope, access_token_ttl, error); } return Error::AddTo(error, FROM_HERE, errors::kInvalidAuthMode, "Unsupported auth mode"); } bool SecurityManager::CreateAccessToken(AuthType auth_type, const std::string& auth_code, AuthScope desired_scope, std::string* access_token, AuthScope* access_token_scope, base::TimeDelta* access_token_ttl, ErrorPtr* error) { std::vector<uint8_t> auth_decoded; if (auth_type != AuthType::kAnonymous && !Base64Decode(auth_code, &auth_decoded)) { Error::AddToPrintf(error, FROM_HERE, errors::kInvalidAuthorization, "Invalid auth_code encoding: %s", auth_code.c_str()); return false; } std::vector<uint8_t> access_token_decoded; if (!CreateAccessTokenImpl(auth_type, auth_decoded, desired_scope, &access_token_decoded, access_token_scope, access_token_ttl, error)) { return false; } if (access_token) *access_token = Base64Encode(access_token_decoded); return true; } bool SecurityManager::ParseAccessToken(const std::string& token, UserInfo* user_info, ErrorPtr* error) const { std::vector<uint8_t> decoded; if (!Base64Decode(token, &decoded)) { Error::AddToPrintf(error, FROM_HERE, errors::kInvalidAuthorization, "Invalid token encoding: %s", token.c_str()); return false; } return auth_manager_->ParseAccessToken(decoded, user_info, error); } std::set<PairingType> SecurityManager::GetPairingTypes() const { return GetSettings().pairing_modes; } std::set<CryptoType> SecurityManager::GetCryptoTypes() const { std::set<CryptoType> result{CryptoType::kSpake_p224}; return result; } std::set<AuthType> SecurityManager::GetAuthTypes() const { std::set<AuthType> result; if (IsAnonymousAuthSupported()) result.insert(AuthType::kAnonymous); if (IsPairingAuthSupported()) result.insert(AuthType::kPairing); if (IsLocalAuthSupported()) result.insert(AuthType::kLocal); return result; } std::string SecurityManager::ClaimRootClientAuthToken(ErrorPtr* error) { return Base64Encode(auth_manager_->ClaimRootClientAuthToken( RootClientTokenOwner::kClient, error)); } bool SecurityManager::ConfirmClientAuthToken(const std::string& token, ErrorPtr* error) { std::vector<uint8_t> token_decoded; if (!Base64Decode(token, &token_decoded)) { Error::AddToPrintf(error, FROM_HERE, errors::kInvalidFormat, "Invalid auth token string: '%s'", token.c_str()); return false; } return auth_manager_->ConfirmClientAuthToken(token_decoded, error); } const Config::Settings& SecurityManager::GetSettings() const { return config_->GetSettings(); } bool SecurityManager::IsValidPairingCode( const std::vector<uint8_t>& auth_code) const { for (const auto& session : confirmed_sessions_) { const std::string& key = session.second->GetKey(); const std::string& id = session.first; if (auth_code == HmacSha256(std::vector<uint8_t>(key.begin(), key.end()), std::vector<uint8_t>(id.begin(), id.end()))) { pairing_attemts_ = 0; block_pairing_until_ = base::Time{}; return true; } } LOG(ERROR) << "Attempt to authenticate with invalide code."; return false; } bool SecurityManager::StartPairing(PairingType mode, CryptoType crypto, std::string* session_id, std::string* device_commitment, ErrorPtr* error) { if (!CheckIfPairingAllowed(error)) return false; const auto& pairing_modes = GetSettings().pairing_modes; if (std::find(pairing_modes.begin(), pairing_modes.end(), mode) == pairing_modes.end()) { return Error::AddTo(error, FROM_HERE, errors::kInvalidParams, "Pairing mode is not enabled"); } std::string code; switch (mode) { case PairingType::kEmbeddedCode: CHECK(!GetSettings().embedded_code.empty()); code = GetSettings().embedded_code; break; case PairingType::kPinCode: code = base::StringPrintf("%04i", base::RandInt(0, 9999)); break; default: return Error::AddTo(error, FROM_HERE, errors::kInvalidParams, "Unsupported pairing mode"); } std::unique_ptr<KeyExchanger> spake; switch (crypto) { case CryptoType::kSpake_p224: spake.reset(new Spakep224Exchanger(code)); break; // Fall through... default: return Error::AddTo(error, FROM_HERE, errors::kInvalidParams, "Unsupported crypto"); } // Allow only a single session at a time for now. while (!pending_sessions_.empty()) ClosePendingSession(pending_sessions_.begin()->first); std::string session; do { session = base::GenerateGUID(); } while (confirmed_sessions_.find(session) != confirmed_sessions_.end() || pending_sessions_.find(session) != pending_sessions_.end()); std::string commitment = spake->GetMessage(); pending_sessions_.insert(std::make_pair(session, std::move(spake))); task_runner_->PostDelayedTask( FROM_HERE, base::Bind(base::IgnoreResult(&SecurityManager::ClosePendingSession), weak_ptr_factory_.GetWeakPtr(), session), base::TimeDelta::FromMinutes(kPairingExpirationTimeMinutes)); *session_id = session; *device_commitment = Base64Encode(commitment); LOG(INFO) << "Pairing code for session " << *session_id << " is " << code; // TODO(vitalybuka): Handle case when device can't start multiple pairing // simultaneously and implement throttling to avoid brute force attack. if (!on_start_.is_null()) { on_start_.Run(session, mode, std::vector<uint8_t>{code.begin(), code.end()}); } return true; } bool SecurityManager::ConfirmPairing(const std::string& session_id, const std::string& client_commitment, std::string* fingerprint, std::string* signature, ErrorPtr* error) { auto session = pending_sessions_.find(session_id); if (session == pending_sessions_.end()) { Error::AddToPrintf(error, FROM_HERE, errors::kUnknownSession, "Unknown session id: '%s'", session_id.c_str()); return false; } std::vector<uint8_t> commitment; if (!Base64Decode(client_commitment, &commitment)) { ClosePendingSession(session_id); Error::AddToPrintf(error, FROM_HERE, errors::kInvalidFormat, "Invalid commitment string: '%s'", client_commitment.c_str()); return false; } if (!session->second->ProcessMessage( std::string(commitment.begin(), commitment.end()), error)) { ClosePendingSession(session_id); return Error::AddTo(error, FROM_HERE, errors::kCommitmentMismatch, "Pairing code or crypto implementation mismatch"); } const std::string& key = session->second->GetKey(); VLOG(3) << "KEY " << base::HexEncode(key.data(), key.size()); const auto& certificate_fingerprint = auth_manager_->GetCertificateFingerprint(); *fingerprint = Base64Encode(certificate_fingerprint); std::vector<uint8_t> cert_hmac = HmacSha256( std::vector<uint8_t>(key.begin(), key.end()), certificate_fingerprint); *signature = Base64Encode(cert_hmac); confirmed_sessions_.insert( std::make_pair(session->first, std::move(session->second))); task_runner_->PostDelayedTask( FROM_HERE, base::Bind(base::IgnoreResult(&SecurityManager::CloseConfirmedSession), weak_ptr_factory_.GetWeakPtr(), session_id), base::TimeDelta::FromMinutes(kSessionExpirationTimeMinutes)); ClosePendingSession(session_id); return true; } bool SecurityManager::CancelPairing(const std::string& session_id, ErrorPtr* error) { bool confirmed = CloseConfirmedSession(session_id); bool pending = ClosePendingSession(session_id); if (pending) { CHECK_GE(pairing_attemts_, 1); --pairing_attemts_; } CHECK(!confirmed || !pending); if (confirmed || pending) return true; Error::AddToPrintf(error, FROM_HERE, errors::kUnknownSession, "Unknown session id: '%s'", session_id.c_str()); return false; } std::string SecurityManager::CreateSessionId() { return auth_manager_->CreateSessionId(); } void SecurityManager::RegisterPairingListeners( const PairingStartListener& on_start, const PairingEndListener& on_end) { CHECK(on_start_.is_null() && on_end_.is_null()); on_start_ = on_start; on_end_ = on_end; } bool SecurityManager::CheckIfPairingAllowed(ErrorPtr* error) { if (block_pairing_until_ > auth_manager_->Now()) { return Error::AddTo(error, FROM_HERE, errors::kDeviceBusy, "Too many pairing attempts"); } if (++pairing_attemts_ >= kMaxAllowedPairingAttemts) { LOG(INFO) << "Pairing blocked for" << kPairingBlockingTimeMinutes << "minutes."; block_pairing_until_ = auth_manager_->Now(); block_pairing_until_ += base::TimeDelta::FromMinutes(kPairingBlockingTimeMinutes); } return true; } bool SecurityManager::ClosePendingSession(const std::string& session_id) { // The most common source of these session_id values is the map containing // the sessions, which we're about to clear out. Make a local copy. const std::string safe_session_id{session_id}; const size_t num_erased = pending_sessions_.erase(safe_session_id); if (num_erased > 0 && !on_end_.is_null()) on_end_.Run(safe_session_id); return num_erased != 0; } bool SecurityManager::CloseConfirmedSession(const std::string& session_id) { return confirmed_sessions_.erase(session_id) != 0; } bool SecurityManager::IsAnonymousAuthSupported() const { return GetSettings().local_anonymous_access_role != AuthScope::kNone; } bool SecurityManager::IsPairingAuthSupported() const { return GetSettings().local_pairing_enabled; } bool SecurityManager::IsLocalAuthSupported() const { return GetSettings().root_client_token_owner != RootClientTokenOwner::kNone; } } // namespace privet } // namespace weave