OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/ssl/token_binding.h" |
| 6 |
| 7 #include <openssl/bytestring.h> |
| 8 #include <openssl/ec.h> |
| 9 #include <openssl/evp.h> |
| 10 #include <openssl/mem.h> |
| 11 |
| 12 #include "base/stl_util.h" |
| 13 #include "crypto/scoped_openssl_types.h" |
| 14 #include "net/base/net_errors.h" |
| 15 #include "net/ssl/ssl_config.h" |
| 16 |
| 17 namespace net { |
| 18 |
| 19 namespace { |
| 20 |
| 21 enum TokenBindingType { |
| 22 TB_TYPE_PROVIDED = 0, |
| 23 TB_TYPE_REFERRED = 1, |
| 24 }; |
| 25 |
| 26 bool BuildTokenBindingID(TokenBindingType type, |
| 27 crypto::ECPrivateKey* key, |
| 28 CBB* out) { |
| 29 CBB ec_point; |
| 30 if (!CBB_add_u8(out, type) || !CBB_add_u8(out, TB_PARAM_ECDSAP256) || |
| 31 !CBB_add_u8_length_prefixed(out, &ec_point)) { |
| 32 return false; |
| 33 } |
| 34 |
| 35 EVP_PKEY* pkey = key->key(); |
| 36 static const int kExpectedKeyLength = 65; |
| 37 uint8_t* buf; |
| 38 // TODO(nharper): Replace i2o_ECPublicKey with EC_POINT_point2cbb. |
| 39 if (pkey->type != EVP_PKEY_EC || |
| 40 i2o_ECPublicKey(pkey->pkey.ec, nullptr) != kExpectedKeyLength || |
| 41 !CBB_add_space(&ec_point, &buf, kExpectedKeyLength) || |
| 42 i2o_ECPublicKey(pkey->pkey.ec, &buf) != kExpectedKeyLength || |
| 43 !CBB_flush(out)) { |
| 44 return false; |
| 45 } |
| 46 return true; |
| 47 } |
| 48 |
| 49 } // namespace |
| 50 |
| 51 Error BuildTokenBindingMessageFromTokenBindings( |
| 52 const std::vector<base::StringPiece>& token_bindings, |
| 53 std::string* out) { |
| 54 CBB tb_message, child; |
| 55 if (!CBB_init(&tb_message, 0) || |
| 56 !CBB_add_u16_length_prefixed(&tb_message, &child)) { |
| 57 CBB_cleanup(&tb_message); |
| 58 return ERR_FAILED; |
| 59 } |
| 60 for (const base::StringPiece& token_binding : token_bindings) { |
| 61 if (!CBB_add_bytes(&child, |
| 62 reinterpret_cast<const uint8_t*>(token_binding.data()), |
| 63 token_binding.size())) { |
| 64 CBB_cleanup(&tb_message); |
| 65 return ERR_FAILED; |
| 66 } |
| 67 } |
| 68 |
| 69 uint8_t* out_data; |
| 70 size_t out_len; |
| 71 if (!CBB_finish(&tb_message, &out_data, &out_len)) { |
| 72 CBB_cleanup(&tb_message); |
| 73 return ERR_FAILED; |
| 74 } |
| 75 out->assign(reinterpret_cast<char*>(out_data), out_len); |
| 76 OPENSSL_free(out_data); |
| 77 return OK; |
| 78 } |
| 79 |
| 80 Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key, |
| 81 const std::vector<uint8_t>& signed_ekm, |
| 82 std::string* out) { |
| 83 uint8_t* out_data; |
| 84 size_t out_len; |
| 85 CBB token_binding; |
| 86 if (!CBB_init(&token_binding, 0) || |
| 87 !BuildTokenBindingID(TB_TYPE_PROVIDED, key, &token_binding) || |
| 88 !CBB_add_u16(&token_binding, signed_ekm.size()) || |
| 89 !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) || |
| 90 // 0-length extensions |
| 91 !CBB_add_u16(&token_binding, 0) || |
| 92 !CBB_finish(&token_binding, &out_data, &out_len)) { |
| 93 CBB_cleanup(&token_binding); |
| 94 return ERR_FAILED; |
| 95 } |
| 96 out->assign(reinterpret_cast<char*>(out_data), out_len); |
| 97 OPENSSL_free(out_data); |
| 98 return OK; |
| 99 } |
| 100 |
| 101 bool ParseTokenBindingMessage(base::StringPiece token_binding_message, |
| 102 base::StringPiece* ec_point_out, |
| 103 base::StringPiece* signature_out) { |
| 104 CBS tb_message, tb, ec_point, signature; |
| 105 uint8_t tb_type, tb_param; |
| 106 CBS_init(&tb_message, |
| 107 reinterpret_cast<const uint8_t*>(token_binding_message.data()), |
| 108 token_binding_message.size()); |
| 109 if (!CBS_get_u16_length_prefixed(&tb_message, &tb) || |
| 110 !CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) || |
| 111 !CBS_get_u8_length_prefixed(&tb, &ec_point) || |
| 112 !CBS_get_u16_length_prefixed(&tb, &signature) || |
| 113 tb_type != TB_TYPE_PROVIDED || tb_param != TB_PARAM_ECDSAP256) { |
| 114 return false; |
| 115 } |
| 116 |
| 117 *ec_point_out = base::StringPiece( |
| 118 reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point)); |
| 119 *signature_out = base::StringPiece( |
| 120 reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature)); |
| 121 return true; |
| 122 } |
| 123 |
| 124 bool VerifyEKMSignature(base::StringPiece ec_point, |
| 125 base::StringPiece signature, |
| 126 base::StringPiece ekm) { |
| 127 crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); |
| 128 EC_KEY* keyp = key.get(); |
| 129 const uint8_t* ec_point_data = |
| 130 reinterpret_cast<const uint8_t*>(ec_point.data()); |
| 131 if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get()) |
| 132 return false; |
| 133 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); |
| 134 if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release())) |
| 135 return false; |
| 136 crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); |
| 137 if (!EVP_PKEY_verify_init(pctx.get()) || |
| 138 !EVP_PKEY_verify( |
| 139 pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()), |
| 140 signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()), |
| 141 ekm.size())) { |
| 142 return false; |
| 143 } |
| 144 return true; |
| 145 } |
| 146 |
| 147 } // namespace net |
OLD | NEW |