OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/token_binding.h" | 5 #include "net/ssl/token_binding.h" |
6 | 6 |
7 #include <openssl/bytestring.h> | 7 #include <openssl/bytestring.h> |
8 #include <openssl/ec.h> | 8 #include <openssl/ec.h> |
9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
10 #include <openssl/mem.h> | 10 #include <openssl/mem.h> |
11 | 11 |
12 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
13 #include "crypto/scoped_openssl_types.h" | 13 #include "crypto/scoped_openssl_types.h" |
14 #include "net/base/net_errors.h" | 14 #include "net/base/net_errors.h" |
15 #include "net/ssl/ssl_config.h" | 15 #include "net/ssl/ssl_config.h" |
16 | 16 |
17 namespace net { | 17 namespace net { |
18 | 18 |
19 namespace { | 19 namespace { |
20 | 20 |
21 enum TokenBindingType { | |
22 TB_TYPE_PROVIDED = 0, | |
23 TB_TYPE_REFERRED = 1, | |
24 }; | |
25 | |
26 bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) { | 21 bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) { |
27 EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key->key()); | 22 EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key->key()); |
28 DCHECK(ec_key); | 23 DCHECK(ec_key); |
29 | 24 |
30 CBB ec_point; | 25 CBB ec_point; |
31 return CBB_add_u8(out, TB_PARAM_ECDSAP256) && | 26 return CBB_add_u8(out, TB_PARAM_ECDSAP256) && |
32 CBB_add_u8_length_prefixed(out, &ec_point) && | 27 CBB_add_u8_length_prefixed(out, &ec_point) && |
33 EC_POINT_point2cbb(&ec_point, EC_KEY_get0_group(ec_key), | 28 EC_POINT_point2cbb(&ec_point, EC_KEY_get0_group(ec_key), |
34 EC_KEY_get0_public_key(ec_key), | 29 EC_KEY_get0_public_key(ec_key), |
35 POINT_CONVERSION_UNCOMPRESSED, nullptr) && | 30 POINT_CONVERSION_UNCOMPRESSED, nullptr) && |
36 CBB_flush(out); | 31 CBB_flush(out); |
37 } | 32 } |
38 | 33 |
39 Error BuildTokenBinding(TokenBindingType type, | |
40 crypto::ECPrivateKey* key, | |
41 const std::vector<uint8_t>& signed_ekm, | |
42 std::string* out) { | |
43 uint8_t* out_data; | |
44 size_t out_len; | |
45 CBB token_binding; | |
46 if (!CBB_init(&token_binding, 0) || !CBB_add_u8(&token_binding, type) || | |
47 !BuildTokenBindingID(key, &token_binding) || | |
48 !CBB_add_u16(&token_binding, signed_ekm.size()) || | |
49 !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) || | |
50 // 0-length extensions | |
51 !CBB_add_u16(&token_binding, 0) || | |
52 !CBB_finish(&token_binding, &out_data, &out_len)) { | |
53 CBB_cleanup(&token_binding); | |
54 return ERR_FAILED; | |
55 } | |
56 out->assign(reinterpret_cast<char*>(out_data), out_len); | |
57 OPENSSL_free(out_data); | |
58 return OK; | |
59 } | |
60 | |
61 } // namespace | 34 } // namespace |
62 | 35 |
63 bool IsTokenBindingSupported() { | 36 bool IsTokenBindingSupported() { |
64 return true; | 37 return true; |
65 } | 38 } |
66 | 39 |
67 bool SignTokenBindingEkm(base::StringPiece ekm, | 40 bool SignTokenBindingEkm(base::StringPiece ekm, |
68 crypto::ECPrivateKey* key, | 41 crypto::ECPrivateKey* key, |
69 std::vector<uint8_t>* out) { | 42 std::vector<uint8_t>* out) { |
70 size_t sig_len; | 43 size_t sig_len; |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
103 size_t out_len; | 76 size_t out_len; |
104 if (!CBB_finish(&tb_message, &out_data, &out_len)) { | 77 if (!CBB_finish(&tb_message, &out_data, &out_len)) { |
105 CBB_cleanup(&tb_message); | 78 CBB_cleanup(&tb_message); |
106 return ERR_FAILED; | 79 return ERR_FAILED; |
107 } | 80 } |
108 out->assign(reinterpret_cast<char*>(out_data), out_len); | 81 out->assign(reinterpret_cast<char*>(out_data), out_len); |
109 OPENSSL_free(out_data); | 82 OPENSSL_free(out_data); |
110 return OK; | 83 return OK; |
111 } | 84 } |
112 | 85 |
113 Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key, | 86 Error BuildTokenBinding(TokenBindingType type, |
114 const std::vector<uint8_t>& signed_ekm, | 87 crypto::ECPrivateKey* key, |
115 std::string* out) { | 88 const std::vector<uint8_t>& signed_ekm, |
116 return BuildTokenBinding(TB_TYPE_PROVIDED, key, signed_ekm, out); | 89 std::string* out) { |
90 uint8_t* out_data; | |
91 size_t out_len; | |
92 CBB token_binding; | |
93 if (!CBB_init(&token_binding, 0) || !CBB_add_u8(&token_binding, type) || | |
94 !BuildTokenBindingID(key, &token_binding) || | |
95 !CBB_add_u16(&token_binding, signed_ekm.size()) || | |
96 !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) || | |
97 // 0-length extensions | |
98 !CBB_add_u16(&token_binding, 0) || | |
99 !CBB_finish(&token_binding, &out_data, &out_len)) { | |
100 CBB_cleanup(&token_binding); | |
101 return ERR_FAILED; | |
102 } | |
103 out->assign(reinterpret_cast<char*>(out_data), out_len); | |
104 OPENSSL_free(out_data); | |
105 return OK; | |
117 } | 106 } |
118 | 107 |
108 TokenBinding::TokenBinding() {} | |
109 | |
119 bool ParseTokenBindingMessage(base::StringPiece token_binding_message, | 110 bool ParseTokenBindingMessage(base::StringPiece token_binding_message, |
120 base::StringPiece* ec_point_out, | 111 std::vector<TokenBinding>* token_bindings) { |
121 base::StringPiece* signature_out) { | 112 CBS tb_message, tb, ec_point, signature, extensions; |
122 CBS tb_message, tb, ec_point, signature; | |
123 uint8_t tb_type, tb_param; | 113 uint8_t tb_type, tb_param; |
124 CBS_init(&tb_message, | 114 CBS_init(&tb_message, |
125 reinterpret_cast<const uint8_t*>(token_binding_message.data()), | 115 reinterpret_cast<const uint8_t*>(token_binding_message.data()), |
126 token_binding_message.size()); | 116 token_binding_message.size()); |
127 if (!CBS_get_u16_length_prefixed(&tb_message, &tb) || | 117 if (!CBS_get_u16_length_prefixed(&tb_message, &tb)) |
128 !CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) || | |
129 !CBS_get_u8_length_prefixed(&tb, &ec_point) || | |
130 !CBS_get_u16_length_prefixed(&tb, &signature) || | |
131 tb_type != TB_TYPE_PROVIDED || tb_param != TB_PARAM_ECDSAP256) { | |
132 return false; | 118 return false; |
119 while (CBS_len(&tb)) { | |
120 if (!CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) || | |
121 !CBS_get_u8_length_prefixed(&tb, &ec_point) || | |
122 !CBS_get_u16_length_prefixed(&tb, &signature) || | |
123 !CBS_get_u16_length_prefixed(&tb, &extensions) || | |
124 tb_param != TB_PARAM_ECDSAP256) { | |
125 return false; | |
126 } | |
127 if (tb_type != TB_TYPE_PROVIDED && tb_type != TB_TYPE_REFERRED) | |
128 return false; | |
davidben
2016/03/24 20:53:52
Really nitpicky nit: Maybe chain this into the abo
nharper
2016/03/25 01:34:29
Done.
| |
129 | |
130 TokenBinding token_binding; | |
131 token_binding.type = TokenBindingType(tb_type); | |
132 token_binding.ec_point = base::StringPiece( | |
133 reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point)); | |
134 token_binding.signature = | |
135 base::StringPiece(reinterpret_cast<const char*>(CBS_data(&signature)), | |
136 CBS_len(&signature)); | |
137 token_bindings->push_back(token_binding); | |
133 } | 138 } |
134 | |
135 *ec_point_out = base::StringPiece( | |
136 reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point)); | |
137 *signature_out = base::StringPiece( | |
138 reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature)); | |
139 return true; | 139 return true; |
140 } | 140 } |
141 | 141 |
142 bool VerifyEKMSignature(base::StringPiece ec_point, | 142 bool VerifyEKMSignature(base::StringPiece ec_point, |
143 base::StringPiece signature, | 143 base::StringPiece signature, |
144 base::StringPiece ekm) { | 144 base::StringPiece ekm) { |
145 crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); | 145 crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); |
146 EC_KEY* keyp = key.get(); | 146 EC_KEY* keyp = key.get(); |
147 const uint8_t* ec_point_data = | 147 const uint8_t* ec_point_data = |
148 reinterpret_cast<const uint8_t*>(ec_point.data()); | 148 reinterpret_cast<const uint8_t*>(ec_point.data()); |
149 if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get()) | 149 if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get()) |
150 return false; | 150 return false; |
151 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); | 151 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); |
152 if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release())) | 152 if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release())) |
153 return false; | 153 return false; |
154 crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); | 154 crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); |
155 if (!EVP_PKEY_verify_init(pctx.get()) || | 155 if (!EVP_PKEY_verify_init(pctx.get()) || |
156 !EVP_PKEY_verify( | 156 !EVP_PKEY_verify( |
157 pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()), | 157 pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()), |
158 signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()), | 158 signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()), |
159 ekm.size())) { | 159 ekm.size())) { |
160 return false; | 160 return false; |
161 } | 161 } |
162 return true; | 162 return true; |
163 } | 163 } |
164 | 164 |
165 } // namespace net | 165 } // namespace net |
OLD | NEW |