OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_SSL_TOKEN_BINDING_H_ | |
6 #define NET_SSL_TOKEN_BINDING_H_ | |
7 | |
8 #include <string> | |
9 #include <vector> | |
10 | |
11 #include "crypto/ec_private_key.h" | |
12 | |
13 namespace net { | |
14 | |
15 // Given a vector of serialized TokenBinding structs (as defined in | |
16 // draft-ietf-tokbind-protocol-02), this function combines them to form the | |
17 // serialized TokenBindingMessage struct in |*out|. This function returns a net | |
18 // error. | |
davidben
2015/11/18 20:49:00
You can return a net::Error to make that clearer s
nharper
2015/12/04 01:42:20
Done.
| |
19 // | |
20 // struct { | |
21 // TokenBinding tokenbindings<0..2^16-1>; | |
22 // } TokenBindingMessage; | |
23 int BuildTokenBindingMessageFromTokenBindings( | |
24 const std::vector<std::string>& token_bindings, | |
25 std::string* out); | |
26 | |
27 // Builds a TokenBinding struct with a provided TokenBindingID created from | |
28 // |*key| and a signature of |ekm| using |*key| to sign. | |
29 // | |
30 // enum { | |
31 // rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255) | |
32 // } TokenBindingKeyParameters; | |
33 // | |
34 // struct { | |
35 // opaque modulus<1..2^16-1>; | |
36 // opaque publicexponent<1..2^8-1>; | |
37 // } RSAPublicKey; | |
38 // | |
39 // struct { | |
40 // opaque point <1..2^8-1>; | |
41 // } ECPoint; | |
42 // | |
43 // enum { | |
44 // provided_token_binding(0), referred_token_binding(1), (255) | |
davidben
2015/11/18 20:49:01
This is somewhat less related, but what exactly is
nharper
2015/12/04 01:42:20
The type (provided vs referred) is for the federat
| |
45 // } TokenBindingType; | |
46 // | |
47 // struct { | |
48 // TokenBindingType tokenbinding_type; | |
49 // TokenBindingKeyParameters key_parameters; | |
50 // select (key_parameters) { | |
51 // case rsa2048_pkcs1.5: | |
52 // case rsa2048_pss: | |
53 // RSAPublicKey rsapubkey; | |
54 // case ecdsap256: | |
55 // ECPoint point; | |
56 // } | |
57 // } TokenBindingID; | |
58 // | |
59 // struct { | |
60 // TokenBindingID tokenbindingid; | |
61 // opaque signature<0..2^16-1>;// Signature over the exported keying | |
62 // // material value | |
63 // Extension extensions<0..2^16-1>; | |
64 // } TokenBinding; | |
65 int BuildProvidedTokenBinding(crypto::ECPrivateKey* key, | |
66 const std::vector<uint8_t>& ekm, | |
67 std::string* out); | |
68 | |
69 // Given a TokenBindingMessage, parses the first TokenBinding from it, | |
70 // extracts the ECPoint of the TokenBindingID into |*ec_point|, and extracts the | |
71 // signature of the EKM value into |*signature|. It also verifies that the first | |
72 // TokenBinding is a provided Token Binding, and that the key parameters is | |
73 // ecdsap256. This function returns whether the message was able to be parsed | |
74 // successfully. | |
75 bool ParseTokenBindingMessage(const std::string& token_binding_message, | |
davidben
2015/11/18 20:49:01
This doesn't appear to have any callers.
nharper
2015/12/04 01:42:20
This is called in url_request_unittest.cc
| |
76 std::string* ec_point, | |
77 std::string* signature); | |
davidben
2015/11/18 20:49:01
StringPiece to avoid all the copies? This function
nharper
2015/12/04 01:42:20
Done.
| |
78 | |
79 // Takes an ECPoint |ec_point| from a TokenBindingID and |signature| from a | |
80 // TokenBinding and verifies that |signature| is the signature of |ekm| using | |
81 // |ec_point| as the public key. Returns true if the signature verifies and | |
82 // false if it doesn't or some other error occurs in verification. This function | |
83 // is only provided for testing. | |
84 bool VerifyEKMSignature(const std::string& ec_point, | |
davidben
2015/11/18 20:49:01
This doesn't appear to have any callers.
nharper
2015/12/04 01:42:20
This is called in url_request_unittest.cc
| |
85 const std::string& signature, | |
86 const std::string& ekm); | |
87 | |
88 } // namespace net | |
89 | |
90 #endif // NET_SSL_TOKEN_BINDING_H_ | |
OLD | NEW |