Index: net/ssl/token_binding_openssl.cc |
diff --git a/net/ssl/token_binding_openssl.cc b/net/ssl/token_binding_openssl.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..0cfc3fe94d816cc0dd616a3b20105c2f10ec2969 |
--- /dev/null |
+++ b/net/ssl/token_binding_openssl.cc |
@@ -0,0 +1,147 @@ |
+// Copyright 2015 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "net/ssl/token_binding.h" |
+ |
+#include <openssl/bytestring.h> |
+#include <openssl/ec.h> |
+#include <openssl/evp.h> |
+#include <openssl/mem.h> |
+ |
+#include "base/stl_util.h" |
+#include "crypto/scoped_openssl_types.h" |
+#include "net/base/net_errors.h" |
+#include "net/ssl/ssl_config.h" |
+ |
+namespace net { |
+ |
+namespace { |
+ |
+enum TokenBindingType { |
+ TB_TYPE_PROVIDED = 0, |
+ TB_TYPE_REFERRED = 1, |
+}; |
+ |
+bool BuildTokenBindingID(TokenBindingType type, |
+ crypto::ECPrivateKey* key, |
+ CBB* out) { |
+ CBB ec_point; |
+ if (!CBB_add_u8(out, type) || !CBB_add_u8(out, TB_PARAM_ECDSAP256) || |
+ !CBB_add_u8_length_prefixed(out, &ec_point)) { |
+ return false; |
+ } |
+ |
+ EVP_PKEY* pkey = key->key(); |
+ static const int kExpectedKeyLength = 65; |
+ uint8_t* buf; |
+ // TODO(nharper): Replace i2o_ECPublicKey with EC_POINT_point2cbb. |
+ if (pkey->type != EVP_PKEY_EC || |
+ i2o_ECPublicKey(pkey->pkey.ec, nullptr) != kExpectedKeyLength || |
+ !CBB_add_space(&ec_point, &buf, kExpectedKeyLength) || |
+ i2o_ECPublicKey(pkey->pkey.ec, &buf) != kExpectedKeyLength || |
+ !CBB_flush(out)) { |
+ return false; |
+ } |
+ return true; |
+} |
+ |
+} // namespace |
+ |
+Error BuildTokenBindingMessageFromTokenBindings( |
+ const std::vector<base::StringPiece>& token_bindings, |
+ std::string* out) { |
+ CBB tb_message, child; |
+ if (!CBB_init(&tb_message, 0) || |
+ !CBB_add_u16_length_prefixed(&tb_message, &child)) { |
+ CBB_cleanup(&tb_message); |
+ return ERR_FAILED; |
+ } |
+ for (const base::StringPiece& token_binding : token_bindings) { |
+ if (!CBB_add_bytes(&child, |
+ reinterpret_cast<const uint8_t*>(token_binding.data()), |
+ token_binding.size())) { |
+ CBB_cleanup(&tb_message); |
+ return ERR_FAILED; |
+ } |
+ } |
+ |
+ uint8_t* out_data; |
+ size_t out_len; |
+ if (!CBB_finish(&tb_message, &out_data, &out_len)) { |
+ CBB_cleanup(&tb_message); |
+ return ERR_FAILED; |
+ } |
+ out->assign(reinterpret_cast<char*>(out_data), out_len); |
+ OPENSSL_free(out_data); |
+ return OK; |
+} |
+ |
+Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key, |
+ const std::vector<uint8_t>& signed_ekm, |
+ std::string* out) { |
+ uint8_t* out_data; |
+ size_t out_len; |
+ CBB token_binding; |
+ if (!CBB_init(&token_binding, 0) || |
+ !BuildTokenBindingID(TB_TYPE_PROVIDED, key, &token_binding) || |
+ !CBB_add_u16(&token_binding, signed_ekm.size()) || |
+ !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) || |
+ // 0-length extensions |
+ !CBB_add_u16(&token_binding, 0) || |
+ !CBB_finish(&token_binding, &out_data, &out_len)) { |
+ CBB_cleanup(&token_binding); |
+ return ERR_FAILED; |
+ } |
+ out->assign(reinterpret_cast<char*>(out_data), out_len); |
+ OPENSSL_free(out_data); |
+ return OK; |
+} |
+ |
+bool ParseTokenBindingMessage(base::StringPiece token_binding_message, |
+ base::StringPiece* ec_point_out, |
+ base::StringPiece* signature_out) { |
+ CBS tb_message, tb, ec_point, signature; |
+ uint8_t tb_type, tb_param; |
+ CBS_init(&tb_message, |
+ reinterpret_cast<const uint8_t*>(token_binding_message.data()), |
+ token_binding_message.size()); |
+ if (!CBS_get_u16_length_prefixed(&tb_message, &tb) || |
+ !CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) || |
+ !CBS_get_u8_length_prefixed(&tb, &ec_point) || |
+ !CBS_get_u16_length_prefixed(&tb, &signature) || |
+ tb_type != TB_TYPE_PROVIDED || tb_param != TB_PARAM_ECDSAP256) { |
+ return false; |
+ } |
+ |
+ *ec_point_out = base::StringPiece( |
+ reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point)); |
+ *signature_out = base::StringPiece( |
+ reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature)); |
+ return true; |
+} |
+ |
+bool VerifyEKMSignature(base::StringPiece ec_point, |
+ base::StringPiece signature, |
+ base::StringPiece ekm) { |
+ crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); |
+ EC_KEY* keyp = key.get(); |
+ const uint8_t* ec_point_data = |
+ reinterpret_cast<const uint8_t*>(ec_point.data()); |
+ if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get()) |
+ return false; |
+ crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); |
+ if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release())) |
+ return false; |
+ crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); |
+ if (!EVP_PKEY_verify_init(pctx.get()) || |
+ !EVP_PKEY_verify( |
+ pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()), |
+ signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()), |
+ ekm.size())) { |
+ return false; |
+ } |
+ return true; |
+} |
+ |
+} // namespace net |