OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef COMPONENTS_GCM_DRIVER_CRYPTO_MESSAGE_PAYLOAD_PARSER_H_ | |
6 #define COMPONENTS_GCM_DRIVER_CRYPTO_MESSAGE_PAYLOAD_PARSER_H_ | |
7 | |
8 #include <stdint.h> | |
9 | |
10 #include "base/logging.h" | |
11 #include "base/macros.h" | |
12 #include "base/strings/string_piece.h" | |
13 | |
14 namespace gcm { | |
15 | |
16 // Parses and validates the binary message payload included in messages that | |
17 // are encrypted per draft-ietf-webpush-encryption-08: | |
18 // | |
19 // https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-08#section -2.1 | |
20 // | |
21 // In summary, such messages start with a binary header block that includes the | |
22 // parameters needed to decrypt the content, other than the key. All content | |
23 // following this binary header is considered the ciphertext. | |
24 // | |
25 // +-----------+--------+-----------+---------------+ | |
26 // | salt (16) | rs (4) | idlen (1) | keyid (idlen) | | |
27 // +-----------+--------+-----------+---------------+ | |
28 // | |
29 // Specific to Web Push encryption, the `keyid` parameter of this header must | |
johnme
2017/05/22 16:18:39
I take it that overrides <<A "keyid" parameter SHO
Peter Beverloo
2017/05/22 17:25:12
Yes.
| |
30 // be set to the ECDH public key of the sender. This is a point on the P-256 | |
31 // elliptic curve in uncompressed form, 65 bytes long starting with 0x04. | |
32 // | |
33 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-08#section-3.1 | |
34 class MessagePayloadParser { | |
35 public: | |
36 // Ownership of the |message| remains with the caller, and must outlive this | |
johnme
2017/05/22 16:18:39
Seems a little bit hairy (albeit nice and efficien
Peter Beverloo
2017/05/22 17:25:12
Agreed. This doesn't really make usage prettier ei
| |
37 // instance of the payload parser. | |
38 explicit MessagePayloadParser(base::StringPiece message); | |
39 ~MessagePayloadParser(); | |
40 | |
41 // Returns whether the parser represents a valid message. | |
42 bool IsValid() const { return is_valid_; } | |
43 | |
44 // Returns the 16-byte long salt for the message. Must only be called after | |
45 // validity of the message has been verified. | |
46 base::StringPiece salt() const { | |
47 DCHECK(is_valid_); | |
48 return salt_; | |
49 } | |
50 | |
51 // Returns the record size for the message. Must only be called after validity | |
52 // of the message has been verified. | |
53 uint32_t record_size() const { | |
54 DCHECK(is_valid_); | |
55 return record_size_; | |
56 } | |
57 | |
58 // Returns the sender's ECDH public key for the message. This will be a point | |
59 // on the P-256 elliptic curve in uncompressed form. Must only be called after | |
60 // validity of the message has been verified. | |
61 base::StringPiece public_key() const { | |
62 DCHECK(is_valid_); | |
63 return public_key_; | |
64 } | |
65 | |
66 // Returns the ciphertext for the message. This will be at least the size of | |
67 // a single record, which is 18 octets. Must only be called after validity of | |
68 // the message has been verified. | |
69 base::StringPiece ciphertext() const { | |
70 DCHECK(is_valid_); | |
johnme
2017/05/22 16:18:39
Nit: One or more of these should probably be CHECK
Peter Beverloo
2017/05/22 17:25:13
Done.
| |
71 return ciphertext_; | |
72 } | |
73 | |
74 private: | |
75 bool is_valid_ = false; | |
76 | |
77 base::StringPiece salt_; | |
78 uint32_t record_size_ = 0; | |
79 base::StringPiece public_key_; | |
80 base::StringPiece ciphertext_; | |
81 | |
82 DISALLOW_COPY_AND_ASSIGN(MessagePayloadParser); | |
83 }; | |
84 | |
85 } // namespace gcm | |
86 | |
87 #endif // COMPONENTS_GCM_DRIVER_CRYPTO_MESSAGE_PAYLOAD_PARSER_H_ | |
OLD | NEW |