Index: net/ssl/token_binding_openssl.cc |
diff --git a/net/ssl/token_binding_openssl.cc b/net/ssl/token_binding_openssl.cc |
index 24eaccddfcb03465c95d206c58328b961ffb285d..6caffe8bb0094c23c98b1363ae7e3c00dd1b13ba 100644 |
--- a/net/ssl/token_binding_openssl.cc |
+++ b/net/ssl/token_binding_openssl.cc |
@@ -10,6 +10,7 @@ |
#include <openssl/mem.h> |
#include "base/stl_util.h" |
+#include "base/strings/string_number_conversions.h" |
davidben
2016/03/15 22:49:56
Where is this used?
nharper
2016/03/16 17:49:22
I used it for some temporary debugging and forgot
|
#include "crypto/scoped_openssl_types.h" |
#include "net/base/net_errors.h" |
#include "net/ssl/ssl_config.h" |
@@ -18,11 +19,6 @@ namespace net { |
namespace { |
-enum TokenBindingType { |
- TB_TYPE_PROVIDED = 0, |
- TB_TYPE_REFERRED = 1, |
-}; |
- |
bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) { |
EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key->key()); |
DCHECK(ec_key); |
@@ -36,28 +32,6 @@ bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) { |
CBB_flush(out); |
} |
-Error BuildTokenBinding(TokenBindingType type, |
- crypto::ECPrivateKey* key, |
- const std::vector<uint8_t>& signed_ekm, |
- std::string* out) { |
- uint8_t* out_data; |
- size_t out_len; |
- CBB token_binding; |
- if (!CBB_init(&token_binding, 0) || !CBB_add_u8(&token_binding, type) || |
- !BuildTokenBindingID(key, &token_binding) || |
- !CBB_add_u16(&token_binding, signed_ekm.size()) || |
- !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) || |
- // 0-length extensions |
- !CBB_add_u16(&token_binding, 0) || |
- !CBB_finish(&token_binding, &out_data, &out_len)) { |
- CBB_cleanup(&token_binding); |
- return ERR_FAILED; |
- } |
- out->assign(reinterpret_cast<char*>(out_data), out_len); |
- OPENSSL_free(out_data); |
- return OK; |
-} |
- |
} // namespace |
bool IsTokenBindingSupported() { |
@@ -110,32 +84,57 @@ Error BuildTokenBindingMessageFromTokenBindings( |
return OK; |
} |
-Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key, |
- const std::vector<uint8_t>& signed_ekm, |
- std::string* out) { |
- return BuildTokenBinding(TB_TYPE_PROVIDED, key, signed_ekm, out); |
+Error BuildTokenBinding(TokenBindingType type, |
+ crypto::ECPrivateKey* key, |
+ const std::vector<uint8_t>& signed_ekm, |
+ std::string* out) { |
+ uint8_t* out_data; |
+ size_t out_len; |
+ CBB token_binding; |
+ if (!CBB_init(&token_binding, 0) || !CBB_add_u8(&token_binding, type) || |
+ !BuildTokenBindingID(key, &token_binding) || |
+ !CBB_add_u16(&token_binding, signed_ekm.size()) || |
+ !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) || |
+ // 0-length extensions |
+ !CBB_add_u16(&token_binding, 0) || |
+ !CBB_finish(&token_binding, &out_data, &out_len)) { |
+ CBB_cleanup(&token_binding); |
+ return ERR_FAILED; |
+ } |
+ out->assign(reinterpret_cast<char*>(out_data), out_len); |
+ OPENSSL_free(out_data); |
+ return OK; |
} |
+TokenBinding::TokenBinding() {} |
+ |
bool ParseTokenBindingMessage(base::StringPiece token_binding_message, |
- base::StringPiece* ec_point_out, |
- base::StringPiece* signature_out) { |
- CBS tb_message, tb, ec_point, signature; |
+ std::vector<TokenBinding>* token_bindings) { |
+ CBS tb_message, tb, ec_point, signature, extensions; |
uint8_t tb_type, tb_param; |
CBS_init(&tb_message, |
reinterpret_cast<const uint8_t*>(token_binding_message.data()), |
token_binding_message.size()); |
- if (!CBS_get_u16_length_prefixed(&tb_message, &tb) || |
- !CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) || |
- !CBS_get_u8_length_prefixed(&tb, &ec_point) || |
- !CBS_get_u16_length_prefixed(&tb, &signature) || |
- tb_type != TB_TYPE_PROVIDED || tb_param != TB_PARAM_ECDSAP256) { |
+ if (!CBS_get_u16_length_prefixed(&tb_message, &tb)) |
return false; |
- } |
+ while (CBS_len(&tb)) { |
+ if (!CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) || |
+ !CBS_get_u8_length_prefixed(&tb, &ec_point) || |
+ !CBS_get_u16_length_prefixed(&tb, &signature) || |
+ !CBS_get_u16_length_prefixed(&tb, &extensions) || |
+ tb_param != TB_PARAM_ECDSAP256) { |
+ return false; |
+ } |
- *ec_point_out = base::StringPiece( |
- reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point)); |
- *signature_out = base::StringPiece( |
- reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature)); |
+ TokenBinding token_binding; |
+ token_binding.type = TokenBindingType(tb_type); |
davidben
2016/03/15 22:49:56
Since this is an enum, probably you should validat
nharper
2016/03/16 17:49:22
Done.
|
+ token_binding.ec_point = base::StringPiece( |
+ reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point)); |
+ token_binding.signature = |
+ base::StringPiece(reinterpret_cast<const char*>(CBS_data(&signature)), |
+ CBS_len(&signature)); |
+ token_bindings->push_back(token_binding); |
+ } |
return true; |
} |