Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1100)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/token_binding.h

Issue 2337253004: Update Token Binding code to the latest drafts (Closed)
Patch Set: Add call to CBS_len() Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/spdy/spdy_session.cc ('k') | net/ssl/token_binding.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SSL_TOKEN_BINDING_H_ 5 #ifndef NET_SSL_TOKEN_BINDING_H_
6 #define NET_SSL_TOKEN_BINDING_H_ 6 #define NET_SSL_TOKEN_BINDING_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/strings/string_piece.h" 11 #include "base/strings/string_piece.h"
12 #include "crypto/ec_private_key.h" 12 #include "crypto/ec_private_key.h"
13 #include "net/base/net_errors.h" 13 #include "net/base/net_errors.h"
14 #include "net/base/net_export.h" 14 #include "net/base/net_export.h"
15 15
16 namespace net { 16 namespace net {
17 17
18 enum class TokenBindingType { 18 enum class TokenBindingType {
19 PROVIDED = 0, 19 PROVIDED = 0,
20 REFERRED = 1, 20 REFERRED = 1,
21 }; 21 };
22 22
23 // Takes an exported keying material value |ekm| from the TLS layer and a token 23 // Takes an exported keying material value |ekm| from the TLS layer, the type of
24 // binding key |key| and signs the EKM, putting the signature in |*out|. Returns 24 // Token Binding |type|, and a token binding key |key| and concatenates the
25 // true on success or false if there's an error in the signing operations. 25 // Token Binding type, key type, and ekm. This concatenation is signed with
26 bool SignTokenBindingEkm(base::StringPiece ekm, 26 // |key| in accordance with section 3.3 of draft-ietf-tokbind-protocol-10, with
27 crypto::ECPrivateKey* key, 27 // the signature written to |*out|. Returns true on success or false if there's
28 std::vector<uint8_t>* out); 28 // an error in the signing operations.
29 bool CreateTokenBindingSignature(base::StringPiece ekm,
30 TokenBindingType type,
31 crypto::ECPrivateKey* key,
32 std::vector<uint8_t>* out);
29 33
30 // Given a vector of serialized TokenBinding structs (as defined in 34 // Given a vector of serialized TokenBinding structs (as defined in
31 // draft-ietf-tokbind-protocol-04), this function combines them to form the 35 // draft-ietf-tokbind-protocol-04), this function combines them to form the
32 // serialized TokenBindingMessage struct in |*out|. This function returns a net 36 // serialized TokenBindingMessage struct in |*out|. This function returns a net
33 // error. 37 // error.
34 // 38 //
35 // struct { 39 // struct {
36 // TokenBinding tokenbindings<0..2^16-1>; 40 // TokenBinding tokenbindings<0..2^16-1>;
37 // } TokenBindingMessage; 41 // } TokenBindingMessage;
38 Error BuildTokenBindingMessageFromTokenBindings( 42 Error BuildTokenBindingMessageFromTokenBindings(
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
92 }; 96 };
93 97
94 // Given a TokenBindingMessage, parses the TokenBinding structs from it, putting 98 // Given a TokenBindingMessage, parses the TokenBinding structs from it, putting
95 // them into |*token_bindings|. If there is an error parsing the 99 // them into |*token_bindings|. If there is an error parsing the
96 // TokenBindingMessage or the key parameter for any TokenBinding in the 100 // TokenBindingMessage or the key parameter for any TokenBinding in the
97 // TokenBindingMessage is not ecdsap256, then this function returns false. 101 // TokenBindingMessage is not ecdsap256, then this function returns false.
98 NET_EXPORT_PRIVATE bool ParseTokenBindingMessage( 102 NET_EXPORT_PRIVATE bool ParseTokenBindingMessage(
99 base::StringPiece token_binding_message, 103 base::StringPiece token_binding_message,
100 std::vector<TokenBinding>* token_bindings); 104 std::vector<TokenBinding>* token_bindings);
101 105
102 // Takes an ECPoint |ec_point| from a TokenBindingID and |signature| from a 106 // Takes an ECPoint |ec_point| from a TokenBindingID, |signature| from a
103 // TokenBinding and verifies that |signature| is the signature of |ekm| using 107 // TokenBinding, and a Token Binding type |type| and verifies that |signature|
104 // |ec_point| as the public key. Returns true if the signature verifies and 108 // is the signature of |ekm| using |ec_point| as the public key. Returns true if
105 // false if it doesn't or some other error occurs in verification. This function 109 // the signature verifies and false if it doesn't or some other error occurs in
106 // is only provided for testing. 110 // verification. This function is only provided for testing.
107 NET_EXPORT_PRIVATE bool VerifyEKMSignature(base::StringPiece ec_point, 111 NET_EXPORT_PRIVATE bool VerifyTokenBindingSignature(base::StringPiece ec_point,
108 base::StringPiece signature, 112 base::StringPiece signature,
109 base::StringPiece ekm); 113 TokenBindingType type,
114 base::StringPiece ekm);
110 115
111 } // namespace net 116 } // namespace net
112 117
113 #endif // NET_SSL_TOKEN_BINDING_H_ 118 #endif // NET_SSL_TOKEN_BINDING_H_
OLDNEW
« no previous file with comments | « net/spdy/spdy_session.cc ('k') | net/ssl/token_binding.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698