Chromium Code Reviews Chromium Code Reviews
Issue 1244803002:
Add parsers for the Encryption and Encryption-Key HTTP headers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: components/gcm_driver/crypto/encryption_header_parsers.cc |
| diff --git a/components/gcm_driver/crypto/encryption_header_parsers.cc b/components/gcm_driver/crypto/encryption_header_parsers.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..7908be4158ec9aaf0799914c60b197d1ffad769c |
| --- /dev/null |
| +++ b/components/gcm_driver/crypto/encryption_header_parsers.cc |
| @@ -0,0 +1,173 @@ |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "components/gcm_driver/crypto/encryption_header_parsers.h" |
| + |
| +#include "base/base64.h" |
| +#include "base/strings/string_number_conversions.h" |
| +#include "base/strings/string_piece.h" |
| +#include "base/strings/string_util.h" |
| +#include "net/http/http_util.h" |
| + |
| +namespace gcm { |
| + |
| +namespace { |
| + |
| +const int64_t kDefaultRecordSize = 4096; |
|
whywhat
2015/09/14 14:57:43
Is this size in bytes? Kb?
Peter Beverloo
2015/09/15 19:41:11
Done. Also clarified the origin of this value.
|
| + |
| +bool Base64DecodeURLSafe(const base::StringPiece& input, std::string* output) { |
|
whywhat
2015/09/14 14:57:43
perhaps a comment what you mean by safe here?
You
Peter Beverloo
2015/09/15 19:41:11
Renamed to the more appropriate Base64URLDecode.
|
| + size_t padded_size = (input.size() + 3) - (input.size() + 3) % 4; |
|
whywhat
2015/09/14 14:57:43
Does it have to be an arithmetic expression? I had
Peter Beverloo
2015/09/15 19:41:11
Hah. I adopted your suggestion. This is not perfor
|
| + |
| + // Add padding to |input|. |
| + std::string padded_input(input.begin(), input.end()); |
| + padded_input.resize(padded_size, '='); |
| + |
| + // Convert to standard base64 alphabet. |
| + base::ReplaceChars(padded_input, "-", "+", &padded_input); |
| + base::ReplaceChars(padded_input, "_", "/", &padded_input); |
| + |
| + return base::Base64Decode(padded_input, output); |
| +} |
| + |
| +bool ValueToDecodedString(std::string::const_iterator begin, |
|
whywhat
2015/09/14 14:57:43
can you pass iterators by reference (perhaps only
Peter Beverloo
2015/09/15 19:41:11
Done.
|
| + std::string::const_iterator end, |
| + std::string* salt) { |
| + const base::StringPiece value(begin, end); |
| + if (value.empty()) |
|
whywhat
2015/09/14 14:57:43
you could check if begin == end before constructin
Peter Beverloo
2015/09/15 19:41:11
Construction of the StringPiece should be inline,
|
| + return false; |
| + |
| + return Base64DecodeURLSafe(value, salt); |
| +} |
| + |
| +bool RecordSizeToInt(std::string::const_iterator begin, |
|
whywhat
2015/09/14 14:57:43
Read this a "record (verb) a size to an int". Mayb
Peter Beverloo
2015/09/15 19:41:11
As discussed offline - I understand you concern bu
|
| + std::string::const_iterator end, |
| + int64_t* rs) { |
| + const base::StringPiece value(begin, end); |
| + if (value.empty()) |
| + return false; |
| + |
| + if (!base::StringToInt64(value, rs)) |
| + return false; |
| + |
| + // The record size MUST be greater than 1. |
| + return *rs > 1; |
|
whywhat
2015/09/14 14:57:43
this has a possible unintended effect of changing
Peter Beverloo
2015/09/15 19:41:11
Ack, that's why we use temps in the public :)
|
| +} |
| + |
| +bool ParseEncryptionHeaderImpl(const std::string& input, |
| + std::string* keyid, |
| + std::string* salt, |
| + int64_t* rs) { |
| + net::HttpUtil::NameValuePairsIterator name_value_pairs( |
| + input.begin(), input.end(), ';', |
| + net::HttpUtil::NameValuePairsIterator::VALUES_NOT_OPTIONAL); |
| + |
| + while (name_value_pairs.GetNext()) { |
| + const base::StringPiece name = |
|
whywhat
2015/09/14 14:57:43
can't you do:
const base::StringPiece name(n_v_p.
Peter Beverloo
2015/09/15 19:41:11
Done.
|
| + base::StringPiece(name_value_pairs.name_begin(), |
| + name_value_pairs.name_end()); |
| + |
| + if (base::LowerCaseEqualsASCII(name, "keyid")) { |
|
whywhat
2015/09/14 14:57:43
give names to the magic constants? you only reuse
Peter Beverloo
2015/09/15 19:41:11
As you say, the gain is minimal while this is much
|
| + keyid->assign(name_value_pairs.value_begin(), |
| + name_value_pairs.value_end()); |
| + } else if (base::LowerCaseEqualsASCII(name, "salt")) { |
| + if (!ValueToDecodedString(name_value_pairs.value_begin(), |
| + name_value_pairs.value_end(), salt)) { |
| + return false; |
| + } |
| + } else if (base::LowerCaseEqualsASCII(name, "rs")) { |
| + if (!RecordSizeToInt(name_value_pairs.value_begin(), |
| + name_value_pairs.value_end(), rs)) { |
| + return false; |
| + } |
| + } else { |
| + // Silently ignore unknown directives for forward compatibility. |
| + } |
| + } |
| + |
| + return name_value_pairs.valid(); |
| +} |
| + |
| +bool ParseEncryptionKeyHeaderImpl(const std::string& input, |
| + std::string* keyid, |
| + std::string* key, |
| + std::string* dh) { |
| + net::HttpUtil::NameValuePairsIterator name_value_pairs( |
| + input.begin(), input.end(), ';', |
| + net::HttpUtil::NameValuePairsIterator::VALUES_NOT_OPTIONAL); |
| + |
| + while (name_value_pairs.GetNext()) { |
| + const base::StringPiece name = |
| + base::StringPiece(name_value_pairs.name_begin(), |
| + name_value_pairs.name_end()); |
| + |
| + if (base::LowerCaseEqualsASCII(name, "keyid")) { |
| + keyid->assign(name_value_pairs.value_begin(), |
| + name_value_pairs.value_end()); |
| + } else if (base::LowerCaseEqualsASCII(name, "key")) { |
| + if (!ValueToDecodedString(name_value_pairs.value_begin(), |
| + name_value_pairs.value_end(), key)) { |
| + return false; |
| + } |
| + } else if (base::LowerCaseEqualsASCII(name, "dh")) { |
| + if (!ValueToDecodedString(name_value_pairs.value_begin(), |
| + name_value_pairs.value_end(), dh)) { |
| + return false; |
| + } |
| + } else { |
| + // Silently ignore unknown directives for forward compatibility. |
| + } |
| + } |
| + |
| + return name_value_pairs.valid(); |
| +} |
| + |
| +} // namespace |
| + |
| +// "Encryption" ":" |
| +// [ "keyid" "=" string ] |
| +// [ ";" "salt" "=" base64url ] |
| +// [ ";" "rs" "=" octet-count ] |
| +bool ParseEncryptionHeader(const std::string& input, |
| + std::string* keyid, |
| + std::string* salt, |
| + int64_t* rs) { |
| + std::string candidate_keyid; |
| + std::string candidate_salt; |
| + int64_t candidate_rs = kDefaultRecordSize; |
| + |
| + if (!ParseEncryptionHeaderImpl(input, &candidate_keyid, &candidate_salt, |
| + &candidate_rs)) { |
| + return false; |
| + } |
| + |
| + keyid->swap(candidate_keyid); |
| + salt->swap(candidate_salt); |
| + *rs = candidate_rs; |
| + return true; |
| +} |
| + |
| +// "Encryption-Key" ":" |
| +// [ "keyid" "=" string ] |
| +// [ ";" "key" "=" base64url ] |
| +// [ ";" "dh" "=" base64url ] |
| +bool ParseEncryptionKeyHeader(const std::string& input, |
| + std::string* keyid, |
| + std::string* key, |
| + std::string* dh) { |
| + std::string candidate_keyid; |
| + std::string candidate_key; |
| + std::string candidate_dh; |
| + |
| + if (!ParseEncryptionKeyHeaderImpl(input, &candidate_keyid, &candidate_key, |
| + &candidate_dh)) { |
| + return false; |
| + } |
| + |
| + keyid->swap(candidate_keyid); |
| + key->swap(candidate_key); |
| + dh->swap(candidate_dh); |
| + return true; |
| +} |
| + |
| +} // namespace gcm |
