OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/ssl/token_binding.h" | |
6 | |
7 #include <openssl/bytestring.h> | |
8 #include <openssl/ec.h> | |
9 #include <openssl/evp.h> | |
10 #include <openssl/mem.h> | |
11 | |
12 #include "crypto/scoped_openssl_types.h" | |
13 #include "net/base/net_errors.h" | |
14 #include "net/ssl/ssl_config.h" | |
15 | |
16 namespace net { | |
17 | |
18 namespace { | |
19 | |
20 enum TokenBindingType { | |
21 TB_TYPE_PROVIDED = 0, | |
22 TB_TYPE_REFERRED = 1, | |
23 }; | |
24 | |
25 bool BuildTokenBindingID(TokenBindingType type, | |
26 crypto::ECPrivateKey* key, | |
27 CBB* out) { | |
28 CBB ec_point; | |
29 if (!CBB_add_u8(out, type) || !CBB_add_u8(out, TB_PARAM_ECDSAP256) || | |
30 !CBB_add_u8_length_prefixed(out, &ec_point)) { | |
31 return false; | |
32 } | |
33 | |
34 EVP_PKEY* pkey = key->key(); | |
35 static const int kExpectedKeyLength = 65; | |
36 if (i2d_PublicKey(pkey, NULL) != kExpectedKeyLength) | |
davidben
2015/11/18 20:49:01
It's kind of confusing what type you're using when
nharper
2015/12/04 01:42:20
Done.
| |
37 return false; | |
38 uint8_t buf[kExpectedKeyLength]; | |
39 uint8_t* bufp = buf; | |
40 if (i2d_PublicKey(pkey, &bufp) != kExpectedKeyLength) | |
41 return false; | |
42 | |
43 if (!CBB_add_bytes(&ec_point, buf, kExpectedKeyLength) || !CBB_flush(out)) { | |
44 return false; | |
45 } | |
davidben
2015/11/18 20:49:01
You can save the extra copy by doing:
uint8_t *
nharper
2015/12/04 01:42:20
Done.
| |
46 return true; | |
47 } | |
48 | |
49 } // namespace | |
50 | |
51 int BuildTokenBindingMessageFromTokenBindings( | |
52 const std::vector<std::string>& token_bindings, | |
53 std::string* out) { | |
54 CBB tb_message, tb_messages; | |
davidben
2015/11/18 20:49:01
tb_message vs tb_messages is kind of confusing. I'
nharper
2015/12/04 01:42:20
Done.
| |
55 if (!CBB_init(&tb_message, 0) || | |
56 !CBB_add_u16_length_prefixed(&tb_message, &tb_messages)) { | |
57 CBB_cleanup(&tb_message); | |
58 return ERR_FAILED; | |
59 } | |
60 for (const std::string& token_binding : token_bindings) { | |
61 if (!CBB_add_bytes( | |
62 &tb_messages, | |
63 reinterpret_cast<uint8_t*>(const_cast<char*>(token_binding.data())), | |
davidben
2015/11/18 20:49:01
No need for the const_cast
nharper
2015/12/04 01:42:20
Done.
| |
64 token_binding.size())) { | |
65 CBB_cleanup(&tb_message); | |
66 return ERR_FAILED; | |
67 } | |
68 } | |
69 | |
70 uint8_t* out_data; | |
71 size_t out_len; | |
72 if (!CBB_finish(&tb_message, &out_data, &out_len)) { | |
73 CBB_cleanup(&tb_message); | |
74 return ERR_FAILED; | |
75 } | |
76 out->assign(reinterpret_cast<char*>(out_data), out_len); | |
77 OPENSSL_free(out_data); | |
78 return OK; | |
79 } | |
80 | |
81 int BuildProvidedTokenBinding(crypto::ECPrivateKey* key, | |
82 const std::vector<uint8_t>& signed_ekm, | |
83 std::string* out) { | |
84 uint8_t* out_data; | |
85 size_t out_len; | |
86 CBB token_binding; | |
87 if (!CBB_init(&token_binding, 0) || | |
88 !BuildTokenBindingID(TB_TYPE_PROVIDED, key, &token_binding) || | |
89 !CBB_add_u16(&token_binding, signed_ekm.size()) || | |
90 !CBB_add_bytes(&token_binding, &signed_ekm[0], signed_ekm.size()) || | |
davidben
2015/11/18 20:49:01
vector_as_array(&signed_ekm)
nharper
2015/12/04 01:42:20
Done.
| |
91 // 0-length extensions | |
92 !CBB_add_u16(&token_binding, 0) || | |
93 !CBB_finish(&token_binding, &out_data, &out_len)) { | |
94 CBB_cleanup(&token_binding); | |
95 return ERR_FAILED; | |
96 } | |
97 out->assign(reinterpret_cast<char*>(out_data), out_len); | |
98 OPENSSL_free(out_data); | |
99 return OK; | |
100 } | |
101 | |
102 bool ParseTokenBindingMessage(const std::string& token_binding_message, | |
103 std::string* ec_point_out, | |
104 std::string* signature_out) { | |
105 CBS tb_message, tb, ec_point, signature; | |
106 uint8_t tb_type, tb_param; | |
107 CBS_init(&tb_message, | |
108 reinterpret_cast<const uint8_t*>(token_binding_message.data()), | |
109 token_binding_message.size()); | |
110 if (!CBS_get_u16_length_prefixed(&tb_message, &tb) || | |
111 !CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) || | |
112 !CBS_get_u8_length_prefixed(&tb, &ec_point) || | |
113 !CBS_get_u16_length_prefixed(&tb, &signature) || | |
114 tb_type != TB_TYPE_PROVIDED || tb_param != TB_PARAM_ECDSAP256) { | |
115 return false; | |
116 } | |
117 | |
118 *ec_point_out = std::string( | |
119 reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point)); | |
120 *signature_out = std::string( | |
121 reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature)); | |
122 return true; | |
123 } | |
124 | |
125 bool VerifyEKMSignature(const std::string& ec_point, | |
126 const std::string& signature, | |
127 const std::string& ekm) { | |
128 crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); | |
129 EC_KEY* keyp = key.get(); | |
130 const uint8_t* ec_point_data = | |
131 reinterpret_cast<const uint8_t*>(ec_point.data()); | |
132 if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get()) | |
133 return false; | |
134 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); | |
135 if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release())) | |
136 return false; | |
137 crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); | |
138 if (!EVP_PKEY_verify_init(pctx.get()) || | |
139 !EVP_PKEY_verify( | |
140 pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()), | |
141 signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()), | |
142 ekm.size())) { | |
143 return false; | |
144 } | |
145 return true; | |
146 } | |
147 | |
148 } // namespace net | |
OLD | NEW |