Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2029)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/token_binding_openssl.cc

Issue 1781003003: Implement referred Token Bindings (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix nits; add unittest Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/http/http_network_transaction_ssl_unittest.cc ('K') | « net/ssl/token_binding_nss.cc ('k') | net/tools/testserver/testserver.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/token_binding_openssl.cc
diff --git a/net/ssl/token_binding_openssl.cc b/net/ssl/token_binding_openssl.cc
index 24eaccddfcb03465c95d206c58328b961ffb285d..4290ee1bf0bbb8d0ed88aada1b332d713113d50c 100644
--- a/net/ssl/token_binding_openssl.cc
+++ b/net/ssl/token_binding_openssl.cc
@@ -18,11 +18,6 @@ namespace net {
namespace {
-enum TokenBindingType {
- TB_TYPE_PROVIDED = 0,
- TB_TYPE_REFERRED = 1,
-};
-
bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) {
EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key->key());
DCHECK(ec_key);
@@ -36,28 +31,6 @@ bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) {
CBB_flush(out);
}
-Error BuildTokenBinding(TokenBindingType type,
- crypto::ECPrivateKey* key,
- const std::vector<uint8_t>& signed_ekm,
- std::string* out) {
- uint8_t* out_data;
- size_t out_len;
- CBB token_binding;
- if (!CBB_init(&token_binding, 0) || !CBB_add_u8(&token_binding, type) ||
- !BuildTokenBindingID(key, &token_binding) ||
- !CBB_add_u16(&token_binding, signed_ekm.size()) ||
- !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) ||
- // 0-length extensions
- !CBB_add_u16(&token_binding, 0) ||
- !CBB_finish(&token_binding, &out_data, &out_len)) {
- CBB_cleanup(&token_binding);
- return ERR_FAILED;
- }
- out->assign(reinterpret_cast<char*>(out_data), out_len);
- OPENSSL_free(out_data);
- return OK;
-}
-
} // namespace
bool IsTokenBindingSupported() {
@@ -110,32 +83,59 @@ Error BuildTokenBindingMessageFromTokenBindings(
return OK;
}
-Error BuildProvidedTokenBinding(crypto::ECPrivateKey* key,
- const std::vector<uint8_t>& signed_ekm,
- std::string* out) {
- return BuildTokenBinding(TB_TYPE_PROVIDED, key, signed_ekm, out);
+Error BuildTokenBinding(TokenBindingType type,
+ crypto::ECPrivateKey* key,
+ const std::vector<uint8_t>& signed_ekm,
+ std::string* out) {
+ uint8_t* out_data;
+ size_t out_len;
+ CBB token_binding;
+ if (!CBB_init(&token_binding, 0) || !CBB_add_u8(&token_binding, type) ||
+ !BuildTokenBindingID(key, &token_binding) ||
+ !CBB_add_u16(&token_binding, signed_ekm.size()) ||
+ !CBB_add_bytes(&token_binding, signed_ekm.data(), signed_ekm.size()) ||
+ // 0-length extensions
+ !CBB_add_u16(&token_binding, 0) ||
+ !CBB_finish(&token_binding, &out_data, &out_len)) {
+ CBB_cleanup(&token_binding);
+ return ERR_FAILED;
+ }
+ out->assign(reinterpret_cast<char*>(out_data), out_len);
+ OPENSSL_free(out_data);
+ return OK;
}
+TokenBinding::TokenBinding() {}
+
bool ParseTokenBindingMessage(base::StringPiece token_binding_message,
- base::StringPiece* ec_point_out,
- base::StringPiece* signature_out) {
- CBS tb_message, tb, ec_point, signature;
+ std::vector<TokenBinding>* token_bindings) {
+ CBS tb_message, tb, ec_point, signature, extensions;
uint8_t tb_type, tb_param;
CBS_init(&tb_message,
reinterpret_cast<const uint8_t*>(token_binding_message.data()),
token_binding_message.size());
- if (!CBS_get_u16_length_prefixed(&tb_message, &tb) ||
- !CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) ||
- !CBS_get_u8_length_prefixed(&tb, &ec_point) ||
- !CBS_get_u16_length_prefixed(&tb, &signature) ||
- tb_type != TB_TYPE_PROVIDED || tb_param != TB_PARAM_ECDSAP256) {
+ if (!CBS_get_u16_length_prefixed(&tb_message, &tb))
return false;
+ while (CBS_len(&tb)) {
+ if (!CBS_get_u8(&tb, &tb_type) || !CBS_get_u8(&tb, &tb_param) ||
+ !CBS_get_u8_length_prefixed(&tb, &ec_point) ||
+ !CBS_get_u16_length_prefixed(&tb, &signature) ||
+ !CBS_get_u16_length_prefixed(&tb, &extensions) ||
+ tb_param != TB_PARAM_ECDSAP256) {
+ return false;
+ }
+ if (tb_type != TB_TYPE_PROVIDED && tb_type != TB_TYPE_REFERRED)
+ return false;
davidben 2016/03/24 20:53:52 Really nitpicky nit: Maybe chain this into the abo
nharper 2016/03/25 01:34:29 Done.
+
+ TokenBinding token_binding;
+ token_binding.type = TokenBindingType(tb_type);
+ token_binding.ec_point = base::StringPiece(
+ reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point));
+ token_binding.signature =
+ base::StringPiece(reinterpret_cast<const char*>(CBS_data(&signature)),
+ CBS_len(&signature));
+ token_bindings->push_back(token_binding);
}
-
- *ec_point_out = base::StringPiece(
- reinterpret_cast<const char*>(CBS_data(&ec_point)), CBS_len(&ec_point));
- *signature_out = base::StringPiece(
- reinterpret_cast<const char*>(CBS_data(&signature)), CBS_len(&signature));
return true;
}
« net/http/http_network_transaction_ssl_unittest.cc ('K') | « net/ssl/token_binding_nss.cc ('k') | net/tools/testserver/testserver.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698