Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(812)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/token_binding.cc

Issue 2137193002: Update token binding code to latest drafts (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Remove unnecessary cast Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/tools/testserver/testserver.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/token_binding.cc
diff --git a/net/ssl/token_binding.cc b/net/ssl/token_binding.cc
index 0c6dd81fafc3b1649a944ec70e7e8685f8bc2221..63fc9dbaf5cf1b1fb3bf761fff02eb6a684ad5b9 100644
--- a/net/ssl/token_binding.cc
+++ b/net/ssl/token_binding.cc
@@ -6,6 +6,7 @@
#include <openssl/bytestring.h>
#include <openssl/ec.h>
+#include <openssl/ec_key.h>
#include <openssl/evp.h>
#include <openssl/mem.h>
@@ -18,16 +19,23 @@ namespace net {
namespace {
+const size_t kUncompressedPointLen = 65;
+
bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) {
EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key->key());
DCHECK(ec_key);
+ uint8_t point_buf[kUncompressedPointLen];
+ if (EC_POINT_point2oct(
+ EC_KEY_get0_group(ec_key), EC_KEY_get0_public_key(ec_key),
+ POINT_CONVERSION_UNCOMPRESSED, point_buf, kUncompressedPointLen,
+ NULL) != kUncompressedPointLen) {
+ return false;
+ }
CBB ec_point;
return CBB_add_u8(out, TB_PARAM_ECDSAP256) &&
CBB_add_u8_length_prefixed(out, &ec_point) &&
- EC_POINT_point2cbb(&ec_point, EC_KEY_get0_group(ec_key),
- EC_KEY_get0_public_key(ec_key),
- POINT_CONVERSION_UNCOMPRESSED, nullptr) &&
+ CBB_add_bytes(&ec_point, point_buf + 1, kUncompressedPointLen - 1) &&
CBB_flush(out);
}
@@ -162,12 +170,20 @@ bool ParseTokenBindingMessage(base::StringPiece token_binding_message,
bool VerifyEKMSignature(base::StringPiece ec_point,
base::StringPiece signature,
base::StringPiece ekm) {
+ if (ec_point.size() != kUncompressedPointLen - 1)
+ return false;
+ uint8_t x9_62_ec_point[kUncompressedPointLen];
+ x9_62_ec_point[0] = 4;
+ memcpy(x9_62_ec_point + 1, ec_point.data(), kUncompressedPointLen - 1);
crypto::ScopedEC_Key key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
EC_KEY* keyp = key.get();
- const uint8_t* ec_point_data =
- reinterpret_cast<const uint8_t*>(ec_point.data());
- if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get())
+ crypto::ScopedEC_POINT pub_key(EC_POINT_new(EC_KEY_get0_group(keyp)));
+ if (!EC_POINT_oct2point(EC_KEY_get0_group(keyp), pub_key.get(),
+ x9_62_ec_point, kUncompressedPointLen, nullptr) ||
+ !EC_KEY_set_public_key(keyp, pub_key.get())) {
return false;
+ }
+
crypto::ScopedECDSA_SIG sig(RawToECDSA_SIG(keyp, signature));
if (!sig)
return false;
« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/tools/testserver/testserver.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698