Add a parser for messages with a Web Push Protocol-based payload

components/gcm_driver/crypto/message_payload_parser.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_GCM_DRIVER_CRYPTO_MESSAGE_PAYLOAD_PARSER_H_
+#define COMPONENTS_GCM_DRIVER_CRYPTO_MESSAGE_PAYLOAD_PARSER_H_
+
+#include <stdint.h>
+
+#include "base/logging.h"
+#include "base/macros.h"
+#include "base/strings/string_piece.h"
+
+namespace gcm {
+
+// Parses and validates the binary message payload included in messages that
+// are encrypted per draft-ietf-webpush-encryption-08:
+//
+// https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-08#section-2.1
+//
+// In summary, such messages start with a binary header block that includes the
+// parameters needed to decrypt the content, other than the key. All content
+// following this binary header is considered the ciphertext.
+//
+// +-----------+--------+-----------+---------------+
+// | salt (16) | rs (4) | idlen (1) | keyid (idlen) |
+// +-----------+--------+-----------+---------------+
+//
+// Specific to Web Push encryption, the `keyid` parameter of this header must

[johnme, 2017/05/22 16:18:39]

I take it that overrides <<A "keyid" parameter SHOULD be a UTF-8 [RFC3629]
encoded string, particularly where the identifier might need to appear in a
textual form.>> from
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-08#section...

[Peter Beverloo, 2017/05/22 17:25:12]

Yes.

+// be set to the ECDH public key of the sender. This is a point on the P-256
+// elliptic curve in uncompressed form, 65 bytes long starting with 0x04.
+//
+// https://tools.ietf.org/html/draft-ietf-webpush-encryption-08#section-3.1
+class MessagePayloadParser {
+ public:
+  // Ownership of the |message| remains with the caller, and must outlive this

[johnme, 2017/05/22 16:18:39]

Seems a little bit hairy (albeit nice and efficient). Shame we don't have ref
counted strings in chromium :-| Oh well.

[Peter Beverloo, 2017/05/22 17:25:12]

Agreed. This doesn't really make usage prettier either, and in practice we'll
need the copy. Updated.

+  // instance of the payload parser.
+  explicit MessagePayloadParser(base::StringPiece message);
+  ~MessagePayloadParser();
+
+  // Returns whether the parser represents a valid message.
+  bool IsValid() const { return is_valid_; }
+
+  // Returns the 16-byte long salt for the message. Must only be called after
+  // validity of the message has been verified.
+  base::StringPiece salt() const {
+    DCHECK(is_valid_);
+    return salt_;
+  }
+
+  // Returns the record size for the message. Must only be called after validity
+  // of the message has been verified.
+  uint32_t record_size() const {
+    DCHECK(is_valid_);
+    return record_size_;
+  }
+
+  // Returns the sender's ECDH public key for the message. This will be a point
+  // on the P-256 elliptic curve in uncompressed form. Must only be called after
+  // validity of the message has been verified.
+  base::StringPiece public_key() const {
+    DCHECK(is_valid_);
+    return public_key_;
+  }
+
+  // Returns the ciphertext for the message. This will be at least the size of
+  // a single record, which is 18 octets. Must only be called after validity of
+  // the message has been verified.
+  base::StringPiece ciphertext() const {
+    DCHECK(is_valid_);

[johnme, 2017/05/22 16:18:39]

Nit: One or more of these should probably be CHECKs since they seem to have
security implications?

[Peter Beverloo, 2017/05/22 17:25:13]

Done.

+    return ciphertext_;
+  }
+
+ private:
+  bool is_valid_ = false;
+
+  base::StringPiece salt_;
+  uint32_t record_size_ = 0;
+  base::StringPiece public_key_;
+  base::StringPiece ciphertext_;
+
+  DISALLOW_COPY_AND_ASSIGN(MessagePayloadParser);
+};
+
+}  // namespace gcm
+
+#endif  // COMPONENTS_GCM_DRIVER_CRYPTO_MESSAGE_PAYLOAD_PARSER_H_