Implement referred Token Bindings

net/ssl/token_binding_openssl.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/token_binding.h"
 
 #include <openssl/bytestring.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>
 
 #include "base/stl_util.h"
+#include "base/strings/string_number_conversions.h"

[davidben, 2016/03/15 22:49:56]

Where is this used?

[nharper, 2016/03/16 17:49:22]

I used it for some temporary debugging and forgot to remove it.

 #include "crypto/scoped_openssl_types.h"
 #include "net/base/net_errors.h"
 #include "net/ssl/ssl_config.h"
 
 namespace net {
 
 namespace {
 
-enum TokenBindingType {
-  TB_TYPE_PROVIDED = 0,
-  TB_TYPE_REFERRED = 1,
-};
-
 bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) {
   EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key->key());
   DCHECK(ec_key);
 
   CBB ec_point;
   return CBB_add_u8(out, TB_PARAM_ECDSAP256) &&
          CBB_add_u8_length_prefixed(out, &ec_point) &&
          EC_POINT_point2cbb(&ec_point, EC_KEY_get0_group(ec_key),
                             EC_KEY_get0_public_key(ec_key),
                             POINT_CONVERSION_UNCOMPRESSED, nullptr) &&
          CBB_flush(out);
 }
 
-Error BuildTokenBinding(TokenBindingType type,
-                        crypto::ECPrivateKey* key,
-                        const std::vector<uint8_t>& signed_ekm,
-                        std::string* out) {
-  uint8_t* out_data;
-  size_t out_len;
-  CBB token_binding;
-  if (!CBB_init(&token_binding, 0) || !CBB_add_u8(&token_binding, type) ||
-      !BuildTokenBindingID(key, &token_binding) ||
-      !CBB_add_u16(&token_binding, signed_ekm.size()) ||
-      !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) ||
-      // 0-length extensions
-      !CBB_add_u16(&token_binding, 0) ||
-      !CBB_finish(&token_binding, &out_data, &out_len)) {
-    CBB_cleanup(&token_binding);
-    return ERR_FAILED;
-  }
-  out->assign(reinterpret_cast<char*>(out_data), out_len);
-  OPENSSL_free(out_data);
-  return OK;
-}
-
 }  // namespace
 
 bool IsTokenBindingSupported() {
   return true;
 }
 
 bool SignTokenBindingEkm(base::StringPiece ekm,
                          crypto::ECPrivateKey* key,
                          std::vector<uint8_t>* out) {
   size_t sig_len;
@@ skipping 32 matching lines @@
   size_t out_len;
   if (!CBB_finish(&tb_message, &out_data, &out_len)) {
     CBB_cleanup(&tb_message);
     return ERR_FAILED;
   }
   out->assign(reinterpret_cast<char*>(out_data), out_len);
   OPENSSL_free(out_data);
   return OK;
 }
 
-Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key,
-                                const std::vector<uint8_t>& signed_ekm,
-                                std::string* out) {
-  return BuildTokenBinding(TB_TYPE_PROVIDED, key, signed_ekm, out);
+Error BuildTokenBinding(TokenBindingType type,
+                        crypto::ECPrivateKey* key,
+                        const std::vector<uint8_t>& signed_ekm,
+                        std::string* out) {
+  uint8_t* out_data;
+  size_t out_len;
+  CBB token_binding;
+  if (!CBB_init(&token_binding, 0) || !CBB_add_u8(&token_binding, type) ||
+      !BuildTokenBindingID(key, &token_binding) ||
+      !CBB_add_u16(&token_binding, signed_ekm.size()) ||
+      !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) ||
+      // 0-length extensions
+      !CBB_add_u16(&token_binding, 0) ||
+      !CBB_finish(&token_binding, &out_data, &out_len)) {
+    CBB_cleanup(&token_binding);
+    return ERR_FAILED;
+  }
+  out->assign(reinterpret_cast<char*>(out_data), out_len);
+  OPENSSL_free(out_data);
+  return OK;
 }
 
+TokenBinding::TokenBinding() {}
+
 bool ParseTokenBindingMessage(base::StringPiece token_binding_message,
-                              base::StringPiece* ec_point_out,
-                              base::StringPiece* signature_out) {
-  CBS tb_message, tb, ec_point, signature;
+                              std::vector<TokenBinding>* token_bindings) {
+  CBS tb_message, tb, ec_point, signature, extensions;
   uint8_t tb_type, tb_param;
   CBS_init(&tb_message,
            reinterpret_cast<const uint8_t*>(token_binding_message.data()),
            token_binding_message.size());
-  if (!CBS_get_u16_length_prefixed(&tb_message, &tb) ||
-      !CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) ||
-      !CBS_get_u8_length_prefixed(&tb, &ec_point) ||
-      !CBS_get_u16_length_prefixed(&tb, &signature) ||
-      tb_type != TB_TYPE_PROVIDED || tb_param != TB_PARAM_ECDSAP256) {
+  if (!CBS_get_u16_length_prefixed(&tb_message, &tb))
     return false;
+  while (CBS_len(&tb)) {
+    if (!CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) ||
+        !CBS_get_u8_length_prefixed(&tb, &ec_point) ||
+        !CBS_get_u16_length_prefixed(&tb, &signature) ||
+        !CBS_get_u16_length_prefixed(&tb, &extensions) ||
+        tb_param != TB_PARAM_ECDSAP256) {
+      return false;
+    }
+
+    TokenBinding token_binding;
+    token_binding.type = TokenBindingType(tb_type);

[davidben, 2016/03/15 22:49:56]

Since this is an enum, probably you should validate it's a known type? Otherwise
you're stuffing unknown values into the enum which seems a little off.

[nharper, 2016/03/16 17:49:22]

Done.

+    token_binding.ec_point = base::StringPiece(
+        reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point));
+    token_binding.signature =
+        base::StringPiece(reinterpret_cast<const char*>(CBS_data(&signature)),
+                          CBS_len(&signature));
+    token_bindings->push_back(token_binding);
   }
-
-  *ec_point_out = base::StringPiece(
-      reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point));
-  *signature_out = base::StringPiece(
-      reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature));
   return true;
 }
 
 bool VerifyEKMSignature(base::StringPiece ec_point,
                         base::StringPiece signature,
                         base::StringPiece ekm) {
   crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
   EC_KEY* keyp = key.get();
   const uint8_t* ec_point_data =
       reinterpret_cast<const uint8_t*>(ec_point.data());
   if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get())
     return false;
   crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
   if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release()))
     return false;
   crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));
   if (!EVP_PKEY_verify_init(pctx.get()) ||
       !EVP_PKEY_verify(
           pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()),
           signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()),
           ekm.size())) {
     return false;
   }
   return true;
 }
 
 }  // namespace net