net/ssl/token_binding_openssl.cc - Issue 1378613004: Set Token-Binding HTTP header

Side by Side Diff: net/ssl/token_binding_openssl.cc

Issue 1378613004: Set Token-Binding HTTP header (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@tb-tls-ext-new

Patch Set: Add UMA logging of Token Binding support and NetLog event for Token Binding key lookup Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/ssl/token_binding.h"

	6

	7 #include <openssl/bytestring.h>

	8 #include <openssl/ec.h>

	9 #include <openssl/evp.h>

	10 #include <openssl/mem.h>

	11

	12 #include "crypto/scoped_openssl_types.h"

	13 #include "net/base/net_errors.h"

	14 #include "net/ssl/ssl_config.h"

	15

	16 namespace net {

	17

	18 namespace {

	19

	20 enum TokenBindingType {

	21 TB_TYPE_PROVIDED = 0,

	22 TB_TYPE_REFERRED = 1,

	23 };

	24

	25 bool BuildTokenBindingID(TokenBindingType type,

	26 crypto::ECPrivateKey* key,

	27 CBB* out) {

	28 CBB ec_point;

	29 if (!CBB_add_u8(out, type) \|\| !CBB_add_u8(out, TB_PARAM_ECDSAP256) \|\|

	30 !CBB_add_u8_length_prefixed(out, &ec_point)) {

	31 return false;

	32 }

	33

	34 EVP_PKEY* pkey = key->key();

	35 static const int kExpectedKeyLength = 65;

	36 if (i2d_PublicKey(pkey, NULL) != kExpectedKeyLength)
	davidben 2015/11/18 20:49:01 It's kind of confusing what type you're using when It's kind of confusing what type you're using when you call i2d_PublicKey. It's even kind of screwy because, despite the name, you aren't serializing to DER. I'll get a better API later, but for now I'd use: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ec_key.h.htm... nharper 2015/12/04 01:42:20 Done. Show quoted text On 2015/11/18 20:49:01, davidben (behind on reviews) wrote: > It's kind of confusing what type you're using when you call i2d_PublicKey. It's > even kind of screwy because, despite the name, you aren't serializing to DER. > > I'll get a better API later, but for now I'd use: > https://commondatastorage.googleapis.com/chromium-boringssl-docs/ec_key.h.htm... Done.
	37 return false;

	38 uint8_t buf[kExpectedKeyLength];

	39 uint8_t* bufp = buf;

	40 if (i2d_PublicKey(pkey, &bufp) != kExpectedKeyLength)

	41 return false;

	42

	43 if (!CBB_add_bytes(&ec_point, buf, kExpectedKeyLength) \|\| !CBB_flush(out)) {

	44 return false;

	45 }
	davidben 2015/11/18 20:49:01 You can save the extra copy by doing: uint8_t * You can save the extra copy by doing: uint8_t buf; if (i2d_Foo(pkey, nullptr) != kExpectedKeyLength \|\| !CBB_add_space(&ec_point, &buf, kExpectedKeyLength) \|\| i2d_Foo(pkey, &buf) != kExpectedKeyLength \|\| !CBB_flush(out)) { return false; } Which is generalizable to cases where you don't know the expected length by using what the first call returned. (It's not generalizable to the EVP_PKEY_sign case where you only get an upper-bound initially, but I'll add a CBB_reserve + CBB_advance pair at some point when we need it.) nharper* 2015/12/04 01:42:20 Done. Show quoted text On 2015/11/18 20:49:01, davidben (behind on reviews) wrote: > You can save the extra copy by doing: > > uint8_t *buf; > if (i2d_Foo(pkey, nullptr) != kExpectedKeyLength \|\| > !CBB_add_space(&ec_point, &buf, kExpectedKeyLength) \|\| > i2d_Foo(pkey, &buf) != kExpectedKeyLength \|\| > !CBB_flush(out)) { > return false; > } > > Which is generalizable to cases where you don't know the expected length by > using what the first call returned. (It's not generalizable to the EVP_PKEY_sign > case where you only get an upper-bound initially, but I'll add a CBB_reserve + > CBB_advance pair at some point when we need it.) Done.
	46 return true;

	47 }

	48

	49 } // namespace

	50

	51 int BuildTokenBindingMessageFromTokenBindings(

	52 const std::vector<std::string>& token_bindings,

	53 std::string* out) {

	54 CBB tb_message, tb_messages;
	davidben 2015/11/18 20:49:01 tb_message vs tb_messages is kind of confusing. I' tb_message vs tb_messages is kind of confusing. I'd probably just call the second one 'child'. nharper 2015/12/04 01:42:20 Done. Show quoted text On 2015/11/18 20:49:01, davidben (behind on reviews) wrote: > tb_message vs tb_messages is kind of confusing. I'd probably just call the > second one 'child'. Done.
	55 if (!CBB_init(&tb_message, 0) \|\|

	56 !CBB_add_u16_length_prefixed(&tb_message, &tb_messages)) {

	57 CBB_cleanup(&tb_message);

	58 return ERR_FAILED;

	59 }

	60 for (const std::string& token_binding : token_bindings) {

	61 if (!CBB_add_bytes(

	62 &tb_messages,

	63 reinterpret_cast<uint8_t>(const_cast<char>(token_binding.data())),
	davidben 2015/11/18 20:49:01 No need for the const_cast No need for the const_cast nharper 2015/12/04 01:42:20 Done. Show quoted text On 2015/11/18 20:49:01, davidben (behind on reviews) wrote: > No need for the const_cast Done.
	64 token_binding.size())) {

	65 CBB_cleanup(&tb_message);

	66 return ERR_FAILED;

	67 }

	68 }

	69

	70 uint8_t* out_data;

	71 size_t out_len;

	72 if (!CBB_finish(&tb_message, &out_data, &out_len)) {

	73 CBB_cleanup(&tb_message);

	74 return ERR_FAILED;

	75 }

	76 out->assign(reinterpret_cast<char*>(out_data), out_len);

	77 OPENSSL_free(out_data);

	78 return OK;

	79 }

	80

	81 int BuildProvidedTokenBinding(crypto::ECPrivateKey* key,

	82 const std::vector<uint8_t>& signed_ekm,

	83 std::string* out) {

	84 uint8_t* out_data;

	85 size_t out_len;

	86 CBB token_binding;

	87 if (!CBB_init(&token_binding, 0) \|\|

	88 !BuildTokenBindingID(TB_TYPE_PROVIDED, key, &token_binding) \|\|

	89 !CBB_add_u16(&token_binding, signed_ekm.size()) \|\|

	90 !CBB_add_bytes(&token_binding, &signed_ekm[0], signed_ekm.size()) \|\|
	davidben 2015/11/18 20:49:01 vector_as_array(&signed_ekm) vector_as_array(&signed_ekm) nharper 2015/12/04 01:42:20 Done. Show quoted text On 2015/11/18 20:49:01, davidben (behind on reviews) wrote: > vector_as_array(&signed_ekm) Done.
	91 // 0-length extensions

	92 !CBB_add_u16(&token_binding, 0) \|\|

	93 !CBB_finish(&token_binding, &out_data, &out_len)) {

	94 CBB_cleanup(&token_binding);

	95 return ERR_FAILED;

	96 }

	97 out->assign(reinterpret_cast<char*>(out_data), out_len);

	98 OPENSSL_free(out_data);

	99 return OK;

	100 }

	101

	102 bool ParseTokenBindingMessage(const std::string& token_binding_message,

	103 std::string* ec_point_out,

	104 std::string* signature_out) {

	105 CBS tb_message, tb, ec_point, signature;

	106 uint8_t tb_type, tb_param;

	107 CBS_init(&tb_message,

	108 reinterpret_cast<const uint8_t*>(token_binding_message.data()),

	109 token_binding_message.size());

	110 if (!CBS_get_u16_length_prefixed(&tb_message, &tb) \|\|

	111 !CBS_get_u8(&tb, &tb_type) \|\| !CBS_get_u8(&tb, &tb_param) \|\|

	112 !CBS_get_u8_length_prefixed(&tb, &ec_point) \|\|

	113 !CBS_get_u16_length_prefixed(&tb, &signature) \|\|

	114 tb_type != TB_TYPE_PROVIDED \|\| tb_param != TB_PARAM_ECDSAP256) {

	115 return false;

	116 }

	117

	118 *ec_point_out = std::string(

	119 reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point));

	120 *signature_out = std::string(

	121 reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature));

	122 return true;

	123 }

	124

	125 bool VerifyEKMSignature(const std::string& ec_point,

	126 const std::string& signature,

	127 const std::string& ekm) {

	128 crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));

	129 EC_KEY* keyp = key.get();

	130 const uint8_t* ec_point_data =

	131 reinterpret_cast<const uint8_t*>(ec_point.data());

	132 if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get())

	133 return false;

	134 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());

	135 if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release()))

	136 return false;

	137 crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));

	138 if (!EVP_PKEY_verify_init(pctx.get()) \|\|

	139 !EVP_PKEY_verify(

	140 pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()),

	141 signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()),

	142 ekm.size())) {

	143 return false;

	144 }

	145 return true;

	146 }

	147

	148 } // namespace net

OLD	NEW

« net/ssl/token_binding.h ('K') | « net/ssl/token_binding_nss.cc ('k') | net/tools/testserver/testserver.py » ('j') | third_party/tlslite/tlslite/session.py » ('J')