Implement referred Token Bindings

net/ssl/token_binding.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SSL_TOKEN_BINDING_H_
 #define NET_SSL_TOKEN_BINDING_H_
 
 #include <string>
 #include <vector>
 
 #include "base/strings/string_piece.h"
 #include "crypto/ec_private_key.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_export.h"
 
 namespace net {
 
+enum TokenBindingType {

[dcheng, 2016/03/26 08:54:58]

Nit: enum class and just name the enum members PROVIDED and REFERRED

[nharper, 2016/03/28 22:02:05]

It turns out I was implicitly casting to/from integer types in quite a few
places. Now that this is an enum class, those are explicit.

+  TB_TYPE_PROVIDED = 0,
+  TB_TYPE_REFERRED = 1,
+};
+
 // Returns whether Token Binding is supported on this platform. If this function
 // returns false, Token Binding must not be negotiated.
 bool IsTokenBindingSupported();
 
 // Takes an exported keying material value |ekm| from the TLS layer and a token
 // binding key |key| and signs the EKM, putting the signature in |*out|. Returns
 // true on success or false if there's an error in the signing operations.
 bool SignTokenBindingEkm(base::StringPiece ekm,
                          crypto::ECPrivateKey* key,
                          std::vector<uint8_t>* out);
 
 // Given a vector of serialized TokenBinding structs (as defined in
 // draft-ietf-tokbind-protocol-04), this function combines them to form the
 // serialized TokenBindingMessage struct in |*out|. This function returns a net
 // error.
 //
 // struct {
 //     TokenBinding tokenbindings<0..2^16-1>;
 // } TokenBindingMessage;
 Error BuildTokenBindingMessageFromTokenBindings(
     const std::vector<base::StringPiece>& token_bindings,
     std::string* out);
 
-// Builds a TokenBinding struct with a provided TokenBindingID created from
-// |*key| and a signature of |ekm| using |*key| to sign.
+// Builds a TokenBinding struct of type |type| with a TokenBindingID created
+// from |*key| and a signature of |ekm| using |*key| to sign.
 //
 // enum {
 //     rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255)
 // } TokenBindingKeyParameters;
 //
 // struct {
 //     opaque modulus<1..2^16-1>;
 //     opaque publicexponent<1..2^8-1>;
 // } RSAPublicKey;
 //
@@ skipping 16 matching lines @@
 //             ECPoint point;
 //     }
 // } TokenBindingID;
 //
 // struct {
 //     TokenBindingID tokenbindingid;
 //     opaque signature<0..2^16-1>;// Signature over the exported keying
 //                                 // material value
 //     Extension extensions<0..2^16-1>;
 // } TokenBinding;
-Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key,
-                                const std::vector<uint8_t>& ekm,
-                                std::string* out);
+Error BuildTokenBinding(TokenBindingType type,
+                        crypto::ECPrivateKey* key,
+                        const std::vector<uint8_t>& ekm,
+                        std::string* out);
 
-// Given a TokenBindingMessage, parses the first TokenBinding from it,
-// extracts the ECPoint of the TokenBindingID into |*ec_point|, and extracts the
-// signature of the EKM value into |*signature|. It also verifies that the first
-// TokenBinding is a provided Token Binding, and that the key parameters is
-// ecdsap256. This function returns whether the message was able to be parsed
-// successfully.
+// Represents a parsed TokenBinding from a TokenBindingMessage.
+struct TokenBinding {
+  TokenBinding();
+
+  TokenBindingType type;
+  base::StringPiece ec_point;

[dcheng, 2016/03/26 08:54:58]

It looks like this is just encapsulating some already existing state into a
struct, but holding StringPieces in a struct like this? I, too, like to live
dangerously.

[nharper, 2016/03/28 22:02:06]

I was going to say that this is only used in unittests so I'm not too concerned
about the safety. Then I realized I can change them to std::strings (to not
worry about safety) and make the test slightly more expensive (I'm not concerned
about the slight penalty of allocating more memory and copying these).

+  base::StringPiece signature;
+};
+
+// Given a TokenBindingMessage, parses the TokenBinding structs from it, putting
+// them into |*token_bindings|. If there is an error parsing the
+// TokenBindingMessage or the key parameter for any TokenBinding in the
+// TokenBindingMessage is not ecdsap25, then this function returns false.
 NET_EXPORT_PRIVATE bool ParseTokenBindingMessage(
     base::StringPiece token_binding_message,
-    base::StringPiece* ec_point,
-    base::StringPiece* signature);
+    std::vector<TokenBinding>* token_bindings);
 
 // Takes an ECPoint |ec_point| from a TokenBindingID and |signature| from a
 // TokenBinding and verifies that |signature| is the signature of |ekm| using
 // |ec_point| as the public key. Returns true if the signature verifies and
 // false if it doesn't or some other error occurs in verification. This function
 // is only provided for testing.
 NET_EXPORT_PRIVATE bool VerifyEKMSignature(base::StringPiece ec_point,
                                            base::StringPiece signature,
                                            base::StringPiece ekm);
 
 }  // namespace net
 
 #endif  // NET_SSL_TOKEN_BINDING_H_