OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_TOKEN_BINDING_H_ | 5 #ifndef NET_SSL_TOKEN_BINDING_H_ |
6 #define NET_SSL_TOKEN_BINDING_H_ | 6 #define NET_SSL_TOKEN_BINDING_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/strings/string_piece.h" | 11 #include "base/strings/string_piece.h" |
12 #include "crypto/ec_private_key.h" | 12 #include "crypto/ec_private_key.h" |
13 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
14 #include "net/base/net_export.h" | 14 #include "net/base/net_export.h" |
15 | 15 |
16 namespace net { | 16 namespace net { |
17 | 17 |
18 enum class TokenBindingType { | 18 enum class TokenBindingType { |
19 PROVIDED = 0, | 19 PROVIDED = 0, |
20 REFERRED = 1, | 20 REFERRED = 1, |
21 }; | 21 }; |
22 | 22 |
23 // Takes an exported keying material value |ekm| from the TLS layer and a token | 23 // Takes an exported keying material value |ekm| from the TLS layer, the type of |
24 // binding key |key| and signs the EKM, putting the signature in |*out|. Returns | 24 // Token Binding |type|, and a token binding key |key| and concatenates the |
25 // true on success or false if there's an error in the signing operations. | 25 // Token Binding type, key type, and ekm. This concatenation is signed with |
26 bool SignTokenBindingEkm(base::StringPiece ekm, | 26 // |key| in accordance with section 3.3 of draft-ietf-tokbind-protocol-10, with |
27 crypto::ECPrivateKey* key, | 27 // the signature written to |*out|. Returns true on success or false if there's |
28 std::vector<uint8_t>* out); | 28 // an error in the signing operations. |
| 29 bool CreateTokenBindingSignature(base::StringPiece ekm, |
| 30 TokenBindingType type, |
| 31 crypto::ECPrivateKey* key, |
| 32 std::vector<uint8_t>* out); |
29 | 33 |
30 // Given a vector of serialized TokenBinding structs (as defined in | 34 // Given a vector of serialized TokenBinding structs (as defined in |
31 // draft-ietf-tokbind-protocol-04), this function combines them to form the | 35 // draft-ietf-tokbind-protocol-04), this function combines them to form the |
32 // serialized TokenBindingMessage struct in |*out|. This function returns a net | 36 // serialized TokenBindingMessage struct in |*out|. This function returns a net |
33 // error. | 37 // error. |
34 // | 38 // |
35 // struct { | 39 // struct { |
36 // TokenBinding tokenbindings<0..2^16-1>; | 40 // TokenBinding tokenbindings<0..2^16-1>; |
37 // } TokenBindingMessage; | 41 // } TokenBindingMessage; |
38 Error BuildTokenBindingMessageFromTokenBindings( | 42 Error BuildTokenBindingMessageFromTokenBindings( |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 }; | 96 }; |
93 | 97 |
94 // Given a TokenBindingMessage, parses the TokenBinding structs from it, putting | 98 // Given a TokenBindingMessage, parses the TokenBinding structs from it, putting |
95 // them into |*token_bindings|. If there is an error parsing the | 99 // them into |*token_bindings|. If there is an error parsing the |
96 // TokenBindingMessage or the key parameter for any TokenBinding in the | 100 // TokenBindingMessage or the key parameter for any TokenBinding in the |
97 // TokenBindingMessage is not ecdsap256, then this function returns false. | 101 // TokenBindingMessage is not ecdsap256, then this function returns false. |
98 NET_EXPORT_PRIVATE bool ParseTokenBindingMessage( | 102 NET_EXPORT_PRIVATE bool ParseTokenBindingMessage( |
99 base::StringPiece token_binding_message, | 103 base::StringPiece token_binding_message, |
100 std::vector<TokenBinding>* token_bindings); | 104 std::vector<TokenBinding>* token_bindings); |
101 | 105 |
102 // Takes an ECPoint |ec_point| from a TokenBindingID and |signature| from a | 106 // Takes an ECPoint |ec_point| from a TokenBindingID, |signature| from a |
103 // TokenBinding and verifies that |signature| is the signature of |ekm| using | 107 // TokenBinding, and a Token Binding type |type| and verifies that |signature| |
104 // |ec_point| as the public key. Returns true if the signature verifies and | 108 // is the signature of |ekm| using |ec_point| as the public key. Returns true if |
105 // false if it doesn't or some other error occurs in verification. This function | 109 // the signature verifies and false if it doesn't or some other error occurs in |
106 // is only provided for testing. | 110 // verification. This function is only provided for testing. |
107 NET_EXPORT_PRIVATE bool VerifyEKMSignature(base::StringPiece ec_point, | 111 NET_EXPORT_PRIVATE bool VerifyTokenBindingSignature(base::StringPiece ec_point, |
108 base::StringPiece signature, | 112 base::StringPiece signature, |
109 base::StringPiece ekm); | 113 TokenBindingType type, |
| 114 base::StringPiece ekm); |
110 | 115 |
111 } // namespace net | 116 } // namespace net |
112 | 117 |
113 #endif // NET_SSL_TOKEN_BINDING_H_ | 118 #endif // NET_SSL_TOKEN_BINDING_H_ |
OLD | NEW |