Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1315)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/token_binding.h

Issue 1781003003: Implement referred Token Bindings (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix nits; add unittest Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/http/http_network_transaction_ssl_unittest.cc ('K') | « net/http/http_request_info.h ('k') | net/ssl/token_binding_nss.cc » ('j') | net/ssl/token_binding_openssl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/token_binding.h
diff --git a/net/ssl/token_binding.h b/net/ssl/token_binding.h
index f20f34165fb8cef863c863f84a3a28243aab926c..b0ad568d368f4b5b0836c4c582d55cf94f568b14 100644
--- a/net/ssl/token_binding.h
+++ b/net/ssl/token_binding.h
@@ -15,6 +15,11 @@
namespace net {
+enum TokenBindingType {
+ TB_TYPE_PROVIDED = 0,
+ TB_TYPE_REFERRED = 1,
+};
+
// Returns whether Token Binding is supported on this platform. If this function
// returns false, Token Binding must not be negotiated.
bool IsTokenBindingSupported();
@@ -38,8 +43,8 @@ Error BuildTokenBindingMessageFromTokenBindings(
const std::vector<base::StringPiece>& token_bindings,
std::string* out);
-// Builds a TokenBinding struct with a provided TokenBindingID created from
-// |*key| and a signature of |ekm| using |*key| to sign.
+// Builds a TokenBinding struct of type |type| with a TokenBindingID created
+// from |*key| and a signature of |ekm| using |*key| to sign.
//
// enum {
// rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255)
@@ -76,20 +81,27 @@ Error BuildTokenBindingMessageFromTokenBindings(
// // material value
// Extension extensions<0..2^16-1>;
// } TokenBinding;
-Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key,
- const std::vector<uint8_t>& ekm,
- std::string* out);
+Error BuildTokenBinding(TokenBindingType type,
+ crypto::ECPrivateKey* key,
+ const std::vector<uint8_t>& ekm,
+ std::string* out);
+
+// Represents a parsed TokenBinding from a TokenBindingMessage.
+struct TokenBinding {
+ TokenBinding();
+
+ TokenBindingType type;
+ base::StringPiece ec_point;
+ base::StringPiece signature;
+};
-// Given a TokenBindingMessage, parses the first TokenBinding from it,
-// extracts the ECPoint of the TokenBindingID into |*ec_point|, and extracts the
-// signature of the EKM value into |*signature|. It also verifies that the first
-// TokenBinding is a provided Token Binding, and that the key parameters is
-// ecdsap256. This function returns whether the message was able to be parsed
-// successfully.
+// Given a TokenBindingMessage, parses the TokenBinding structs from it, putting
+// them into |*token_bindings|. If there is an error parsing the
+// TokenBindingMessage or the key parameter for any TokenBinding in the
+// TokenBindingMessage is not ecdsap25, then this function returns false.
NET_EXPORT_PRIVATE bool ParseTokenBindingMessage(
base::StringPiece token_binding_message,
- base::StringPiece* ec_point,
- base::StringPiece* signature);
+ std::vector<TokenBinding>* token_bindings);
// Takes an ECPoint |ec_point| from a TokenBindingID and |signature| from a
// TokenBinding and verifies that |signature| is the signature of |ekm| using
« net/http/http_network_transaction_ssl_unittest.cc ('K') | « net/http/http_request_info.h ('k') | net/ssl/token_binding_nss.cc » ('j') | net/ssl/token_binding_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698