components/gcm_driver/crypto/encryption_header_parsers.cc - Issue 1244803002: Add parsers for the Encryption and Encryption-Key HTTP headers.

Unified Diff: components/gcm_driver/crypto/encryption_header_parsers.cc

Issue 1244803002: Add parsers for the Encryption and Encryption-Key HTTP headers. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« components/gcm_driver/crypto/encryption_header_parsers.h ('K') | « components/gcm_driver/crypto/encryption_header_parsers.h ('k') | components/gcm_driver/crypto/encryption_header_parsers_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/gcm_driver/crypto/encryption_header_parsers.cc

diff --git a/components/gcm_driver/crypto/encryption_header_parsers.cc b/components/gcm_driver/crypto/encryption_header_parsers.cc

new file mode 100644

index 0000000000000000000000000000000000000000..ce18aeb659a8a33083a17f9b911c95060b967b67

--- /dev/null

+++ b/components/gcm_driver/crypto/encryption_header_parsers.cc

@@ -0,0 +1,195 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "components/gcm_driver/crypto/encryption_header_parsers.h"

+#include "base/base64.h"

+#include "base/numerics/safe_math.h"

+#include "base/strings/string_number_conversions.h"

+#include "base/strings/string_piece.h"

+#include "base/strings/string_util.h"

+#include "net/http/http_util.h"

+namespace gcm {

+namespace {

+// The default record size in bytes, as defined in section two of

+// https://tools.ietf.org/html/draft-thomson-http-encryption-01.

+const uint64_t kDefaultRecordSizeBytes = 4096;

+// TODO(peter): Unify the base64url implementations. https://crbug.com/536745

+bool Base64URLDecode(const base::StringPiece& input, std::string* output) {

+ // Bail on malformed strings, which already contain a '+' or a '/'. All valid

+ // strings should escape these special characters as '-' and '_',

+ // respectively.

+ if (input.find_first_of("+/") != std::string::npos)

+ return false;

+ base::CheckedNumeric<size_t> checked_padded_size = input.size();

+ if (input.size() % 4)

+ checked_padded_size += 4 - (input.size() % 4);

+ // Add padding to |input|.

+ std::string padded_input(input.begin(), input.end());

+ padded_input.resize(checked_padded_size.ValueOrDie(), '=');

+ // Convert to standard base64 alphabet.

+ base::ReplaceChars(padded_input, "-", "+", &padded_input);

+ base::ReplaceChars(padded_input, "_", "/", &padded_input);

+ return base::Base64Decode(padded_input, output);

+bool ValueToDecodedString(const std::string::const_iterator& begin,

+ const std::string::const_iterator& end,

+ std::string* salt) {

+ const base::StringPiece value(begin, end);

+ if (value.empty())

+ return false;

+ return Base64URLDecode(value, salt);

+bool RecordSizeToInt(const std::string::const_iterator& begin,

Ryan Sleevi 2015/10/01 22:50:45 Document

Peter Beverloo 2015/10/02 13:10:22 Done.

+ const std::string::const_iterator& end,

+ uint64_t* rs) {

+ const base::StringPiece value(begin, end);

+ if (value.empty())

+ return false;

+ // Parsing the "rs" parameter uses stricter semantics than parsing rules for

+ // normal integers, in that we want to reject values such as "+5" for

+ // compatibility with UAs that use other number parsing mechanisms.

+ if (value[0] == '+')

+ return false;

+ if (!base::StringToUint64(value, rs))

+ return false;

+ // The record size MUST be greater than 1.

+ return *rs > 1;

+bool ParseEncryptionHeaderValuesImpl(std::string::const_iterator input_begin,

Ryan Sleevi 2015/10/01 22:50:45 Document

Peter Beverloo 2015/10/02 13:10:22 Done.

+ std::string::const_iterator input_end,

+ EncryptionHeaderValues* values) {

+ net::HttpUtil::NameValuePairsIterator name_value_pairs(

+ input_begin, input_end, ';',

+ net::HttpUtil::NameValuePairsIterator::VALUES_NOT_OPTIONAL);

+ while (name_value_pairs.GetNext()) {

+ const base::StringPiece name(name_value_pairs.name_begin(),

+ name_value_pairs.name_end());

+ if (base::LowerCaseEqualsASCII(name, "keyid")) {

+ values->keyid.assign(name_value_pairs.value_begin(),

+ name_value_pairs.value_end());

+ } else if (base::LowerCaseEqualsASCII(name, "salt")) {

+ if (!ValueToDecodedString(name_value_pairs.value_begin(),

+ name_value_pairs.value_end(), &values->salt)) {

+ return false;

+ }

+ } else if (base::LowerCaseEqualsASCII(name, "rs")) {

+ if (!RecordSizeToInt(name_value_pairs.value_begin(),

+ name_value_pairs.value_end(), &values->rs)) {

+ return false;

+ }

+ } else {

+ // Silently ignore unknown directives for forward compatibility.

+ }

+ return name_value_pairs.valid();

+bool ParseEncryptionKeyHeaderValuesImpl(std::string::const_iterator input_begin,

Ryan Sleevi 2015/10/01 22:50:45 Document

Peter Beverloo 2015/10/02 13:10:22 Done.

+ std::string::const_iterator input_end,

+ EncryptionKeyHeaderValues* values) {

+ net::HttpUtil::NameValuePairsIterator name_value_pairs(

+ input_begin, input_end, ';',

+ net::HttpUtil::NameValuePairsIterator::VALUES_NOT_OPTIONAL);

+ while (name_value_pairs.GetNext()) {

+ const base::StringPiece name(name_value_pairs.name_begin(),

+ name_value_pairs.name_end());

+ if (base::LowerCaseEqualsASCII(name, "keyid")) {

+ values->keyid.assign(name_value_pairs.value_begin(),

+ name_value_pairs.value_end());

+ } else if (base::LowerCaseEqualsASCII(name, "key")) {

+ if (!ValueToDecodedString(name_value_pairs.value_begin(),

+ name_value_pairs.value_end(), &values->key)) {

+ return false;

+ }

+ } else if (base::LowerCaseEqualsASCII(name, "dh")) {

+ if (!ValueToDecodedString(name_value_pairs.value_begin(),

+ name_value_pairs.value_end(), &values->dh)) {

+ return false;

+ }

+ } else {

+ // Silently ignore unknown directives for forward compatibility.

+ }

+ return name_value_pairs.valid();

+} // namespace

+// "Encryption" ":"

+// [ "keyid" "=" string ]

+// [ ";" "salt" "=" base64url ]

+// [ ";" "rs" "=" octet-count ]

Ryan Sleevi 2015/10/01 22:50:45 Seems like this comment should be moved to 75?

Peter Beverloo 2015/10/02 13:10:22 Done.

+bool ParseEncryptionHeader(const std::string& input,

+ std::vector<EncryptionHeaderValues>* values) {

+ DCHECK(values);

+ std::vector<EncryptionHeaderValues> candidate_values;

+ net::HttpUtil::ValuesIterator value_iterator(input.begin(), input.end(), ',');

Ryan Sleevi 2015/10/01 22:50:45 Worth documenting this header follows #list rule a

Peter Beverloo 2015/10/02 13:10:22 Done in the header, so that this function doesn't

+ while (value_iterator.GetNext()) {

+ EncryptionHeaderValues candidate_value;

+ candidate_value.rs = kDefaultRecordSizeBytes;

+ if (!ParseEncryptionHeaderValuesImpl(value_iterator.value_begin(),

+ value_iterator.value_end(),

+ &candidate_value)) {

+ return false;

+ }

+ candidate_values.push_back(candidate_value);

+ }

+ values->swap(candidate_values);

+ return true;

+// "Encryption-Key" ":"

+// [ "keyid" "=" string ]

+// [ ";" "key" "=" base64url ]

+// [ ";" "dh" "=" base64url ]

Ryan Sleevi 2015/10/01 22:50:45 And this to 107?

Peter Beverloo 2015/10/02 13:10:22 Done.

+bool ParseEncryptionKeyHeader(const std::string& input,

+ std::vector<EncryptionKeyHeaderValues>* values) {

+ DCHECK(values);

+ std::vector<EncryptionKeyHeaderValues> candidate_values;

+ net::HttpUtil::ValuesIterator value_iterator(input.begin(), input.end(), ',');

Ryan Sleevi 2015/10/01 22:50:45 Ditto :)

Peter Beverloo 2015/10/02 13:10:22 Done.

+ while (value_iterator.GetNext()) {

+ EncryptionKeyHeaderValues candidate_value;

+ if (!ParseEncryptionKeyHeaderValuesImpl(value_iterator.value_begin(),

+ value_iterator.value_end(),

+ &candidate_value)) {

+ return false;

+ }

+ candidate_values.push_back(candidate_value);

+ }

+ values->swap(candidate_values);

+ return true;

+} // namespace gcm