OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/ssl/token_binding.h" | |
6 | |
7 #include <openssl/bytestring.h> | |
8 #include <openssl/ec.h> | |
9 #include <openssl/evp.h> | |
10 #include <openssl/mem.h> | |
11 | |
12 #include "base/stl_util.h" | |
13 #include "crypto/scoped_openssl_types.h" | |
14 #include "net/base/net_errors.h" | |
15 #include "net/ssl/ssl_config.h" | |
16 | |
17 namespace net { | |
18 | |
19 namespace { | |
20 | |
21 enum TokenBindingType { | |
22 TB_TYPE_PROVIDED = 0, | |
23 TB_TYPE_REFERRED = 1, | |
24 }; | |
25 | |
26 bool BuildTokenBindingID(TokenBindingType type, | |
27 crypto::ECPrivateKey* key, | |
28 CBB* out) { | |
29 CBB ec_point; | |
30 if (!CBB_add_u8(out, type) || !CBB_add_u8(out, TB_PARAM_ECDSAP256) || | |
31 !CBB_add_u8_length_prefixed(out, &ec_point)) { | |
32 return false; | |
33 } | |
34 | |
35 EVP_PKEY* pkey = key->key(); | |
36 static const int kExpectedKeyLength = 65; | |
37 uint8_t* buf; | |
38 if (pkey->type != EVP_PKEY_EC || | |
39 i2o_ECPublicKey(pkey->pkey.ec, nullptr) != kExpectedKeyLength || | |
40 !CBB_add_space(&ec_point, &buf, kExpectedKeyLength) || | |
41 i2o_ECPublicKey(pkey->pkey.ec, &buf) != kExpectedKeyLength || | |
42 !CBB_flush(out)) { | |
davidben
2016/01/22 00:19:22
[Later there'll be an EC_POINT_point2cbb but appar
nharper
2016/01/22 19:36:52
Added a TODO to use EC_POINT_point2cbb.
| |
43 return false; | |
44 } | |
45 return true; | |
46 } | |
47 | |
48 } // namespace | |
49 | |
50 Error BuildTokenBindingMessageFromTokenBindings( | |
51 const std::vector<base::StringPiece>& token_bindings, | |
52 std::string* out) { | |
53 CBB tb_message, child; | |
54 if (!CBB_init(&tb_message, 0) || | |
55 !CBB_add_u16_length_prefixed(&tb_message, &child)) { | |
56 CBB_cleanup(&tb_message); | |
57 return ERR_FAILED; | |
58 } | |
59 for (const base::StringPiece& token_binding : token_bindings) { | |
60 if (!CBB_add_bytes(&child, | |
61 reinterpret_cast<const uint8_t*>(token_binding.data()), | |
62 token_binding.size())) { | |
63 CBB_cleanup(&tb_message); | |
64 return ERR_FAILED; | |
65 } | |
66 } | |
67 | |
68 uint8_t* out_data; | |
69 size_t out_len; | |
70 if (!CBB_finish(&tb_message, &out_data, &out_len)) { | |
71 CBB_cleanup(&tb_message); | |
72 return ERR_FAILED; | |
73 } | |
74 out->assign(reinterpret_cast<char*>(out_data), out_len); | |
75 OPENSSL_free(out_data); | |
76 return OK; | |
77 } | |
78 | |
79 Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key, | |
80 const std::vector<uint8_t>& signed_ekm, | |
81 std::string* out) { | |
82 uint8_t* out_data; | |
83 size_t out_len; | |
84 CBB token_binding; | |
85 if (!CBB_init(&token_binding, 0) || | |
86 !BuildTokenBindingID(TB_TYPE_PROVIDED, key, &token_binding) || | |
87 !CBB_add_u16(&token_binding, signed_ekm.size()) || | |
88 !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) || | |
89 // 0-length extensions | |
90 !CBB_add_u16(&token_binding, 0) || | |
91 !CBB_finish(&token_binding, &out_data, &out_len)) { | |
92 CBB_cleanup(&token_binding); | |
93 return ERR_FAILED; | |
94 } | |
95 out->assign(reinterpret_cast<char*>(out_data), out_len); | |
96 OPENSSL_free(out_data); | |
97 return OK; | |
98 } | |
99 | |
100 bool ParseTokenBindingMessage(base::StringPiece token_binding_message, | |
101 base::StringPiece* ec_point_out, | |
102 base::StringPiece* signature_out) { | |
103 CBS tb_message, tb, ec_point, signature; | |
104 uint8_t tb_type, tb_param; | |
105 CBS_init(&tb_message, | |
106 reinterpret_cast<const uint8_t*>(token_binding_message.data()), | |
107 token_binding_message.size()); | |
108 if (!CBS_get_u16_length_prefixed(&tb_message, &tb) || | |
109 !CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) || | |
110 !CBS_get_u8_length_prefixed(&tb, &ec_point) || | |
111 !CBS_get_u16_length_prefixed(&tb, &signature) || | |
112 tb_type != TB_TYPE_PROVIDED || tb_param != TB_PARAM_ECDSAP256) { | |
113 return false; | |
114 } | |
115 | |
116 *ec_point_out = base::StringPiece( | |
117 reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point)); | |
118 *signature_out = base::StringPiece( | |
119 reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature)); | |
120 return true; | |
121 } | |
122 | |
123 bool VerifyEKMSignature(base::StringPiece ec_point, | |
124 base::StringPiece signature, | |
125 base::StringPiece ekm) { | |
126 crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); | |
127 EC_KEY* keyp = key.get(); | |
128 const uint8_t* ec_point_data = | |
129 reinterpret_cast<const uint8_t*>(ec_point.data()); | |
130 if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get()) | |
131 return false; | |
132 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); | |
133 if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release())) | |
134 return false; | |
135 crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); | |
136 if (!EVP_PKEY_verify_init(pctx.get()) || | |
137 !EVP_PKEY_verify( | |
138 pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()), | |
139 signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()), | |
140 ekm.size())) { | |
141 return false; | |
142 } | |
143 return true; | |
144 } | |
145 | |
146 } // namespace net | |
OLD | NEW |