Commit 2840f95e authored by nharper's avatar nharper Committed by Commit bot
Browse files

Update Token Binding code to draft 06

BUG=

Review-Url: https://codereview.chromium.org/2013303002
Cr-Commit-Position: refs/heads/master@{#402364}
parent e2bfbe7f
...@@ -80,9 +80,9 @@ const unsigned int kTbExtNum = 24; ...@@ -80,9 +80,9 @@ const unsigned int kTbExtNum = 24;
// Token Binding ProtocolVersions supported. // Token Binding ProtocolVersions supported.
const uint8_t kTbProtocolVersionMajor = 0; const uint8_t kTbProtocolVersionMajor = 0;
const uint8_t kTbProtocolVersionMinor = 5; const uint8_t kTbProtocolVersionMinor = 6;
const uint8_t kTbMinProtocolVersionMajor = 0; const uint8_t kTbMinProtocolVersionMajor = 0;
const uint8_t kTbMinProtocolVersionMinor = 3; const uint8_t kTbMinProtocolVersionMinor = 6;
bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {
switch (EVP_MD_type(md)) { switch (EVP_MD_type(md)) {
......
...@@ -31,23 +31,46 @@ bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) { ...@@ -31,23 +31,46 @@ bool BuildTokenBindingID(crypto::ECPrivateKey* key, CBB* out) {
CBB_flush(out); CBB_flush(out);
} }
bool ECDSA_SIGToRaw(ECDSA_SIG* ec_sig, EC_KEY* ec, std::vector<uint8_t>* out) {
const EC_GROUP* group = EC_KEY_get0_group(ec);
const BIGNUM* order = EC_GROUP_get0_order(group);
size_t len = BN_num_bytes(order);
out->resize(2 * len);
if (!BN_bn2bin_padded(out->data(), len, ec_sig->r) ||
!BN_bn2bin_padded(out->data() + len, len, ec_sig->s)) {
return false;
}
return true;
}
ECDSA_SIG* RawToECDSA_SIG(EC_KEY* ec, base::StringPiece sig) {
crypto::ScopedECDSA_SIG raw_sig(ECDSA_SIG_new());
const EC_GROUP* group = EC_KEY_get0_group(ec);
const BIGNUM* order = EC_GROUP_get0_order(group);
size_t group_size = BN_num_bytes(order);
if (sig.size() != group_size * 2)
return nullptr;
const uint8_t* sigp = reinterpret_cast<const uint8_t*>(sig.data());
if (!BN_bin2bn(sigp, group_size, raw_sig->r) ||
!BN_bin2bn(sigp + group_size, group_size, raw_sig->s)) {
return nullptr;
}
return raw_sig.release();
}
} // namespace } // namespace
bool SignTokenBindingEkm(base::StringPiece ekm, bool SignTokenBindingEkm(base::StringPiece ekm,
crypto::ECPrivateKey* key, crypto::ECPrivateKey* key,
std::vector<uint8_t>* out) { std::vector<uint8_t>* out) {
size_t sig_len;
const uint8_t* ekm_data = reinterpret_cast<const uint8_t*>(ekm.data()); const uint8_t* ekm_data = reinterpret_cast<const uint8_t*>(ekm.data());
crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(key->key(), nullptr)); EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key->key());
if (!EVP_PKEY_sign_init(pctx.get()) || if (!ec_key)
!EVP_PKEY_sign(pctx.get(), nullptr, &sig_len, ekm_data, ekm.size())) {
return false; return false;
} crypto::ScopedECDSA_SIG sig(ECDSA_do_sign(ekm_data, ekm.size(), ec_key));
out->resize(sig_len); if (!sig)
if (!EVP_PKEY_sign(pctx.get(), out->data(), &sig_len, ekm_data, ekm.size()))
return false; return false;
out->resize(sig_len); return ECDSA_SIGToRaw(sig.get(), ec_key, out);
return true;
} }
Error BuildTokenBindingMessageFromTokenBindings( Error BuildTokenBindingMessageFromTokenBindings(
...@@ -145,18 +168,11 @@ bool VerifyEKMSignature(base::StringPiece ec_point, ...@@ -145,18 +168,11 @@ bool VerifyEKMSignature(base::StringPiece ec_point,
reinterpret_cast<const uint8_t*>(ec_point.data()); reinterpret_cast<const uint8_t*>(ec_point.data());
if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get()) if (o2i_ECPublicKey(&keyp, &ec_point_data, ec_point.size()) != key.get())
return false; return false;
crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); crypto::ScopedECDSA_SIG sig(RawToECDSA_SIG(keyp, signature));
if (!EVP_PKEY_assign_EC_KEY(pkey.get(), key.release())) if (!sig)
return false; return false;
crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); return !!ECDSA_do_verify(reinterpret_cast<const uint8_t*>(ekm.data()),
if (!EVP_PKEY_verify_init(pctx.get()) || ekm.size(), sig.get(), keyp);
!EVP_PKEY_verify(
pctx.get(), reinterpret_cast<const uint8_t*>(signature.data()),
signature.size(), reinterpret_cast<const uint8_t*>(ekm.data()),
ekm.size())) {
return false;
}
return true;
} }
} // namespace net } // namespace net
...@@ -42,7 +42,7 @@ Local Modifications: ...@@ -42,7 +42,7 @@ Local Modifications:
- patches/extended_master_secret.patch: Add server support for extended - patches/extended_master_secret.patch: Add server support for extended
master secret. master secret.
- patches/token_binding_negotiation.patch: Add server support for token - patches/token_binding_negotiation.patch: Add server support for token
binding negotiation TLS extension (draft-ietf-tokbind-negotiation-02) binding negotiation TLS extension (draft-ietf-tokbind-negotiation-02).
- patches/disable_channel_id.patch: Add flag to HandshakeSettings to allow - patches/disable_channel_id.patch: Add flag to HandshakeSettings to allow
for disabling channel id. for disabling channel id.
- patches/exported_keying_material.patch: Add method to Session to get - patches/exported_keying_material.patch: Add method to Session to get
......
...@@ -65,7 +65,7 @@ index 9b553ce..ab2be57 100644 ...@@ -65,7 +65,7 @@ index 9b553ce..ab2be57 100644
+ p2 = Parser(tokenBindingBytes) + p2 = Parser(tokenBindingBytes)
+ ver_minor = p2.get(1) + ver_minor = p2.get(1)
+ ver_major = p2.get(1) + ver_major = p2.get(1)
+ if (ver_major, ver_minor) >= (0, 3): + if (ver_major, ver_minor) >= (0, 6):
+ p2.startLengthCheck(1) + p2.startLengthCheck(1)
+ while not p2.atLengthCheck(): + while not p2.atLengthCheck():
+ self.tb_client_params.append(p2.get(1)) + self.tb_client_params.append(p2.get(1))
...@@ -90,7 +90,7 @@ index 9b553ce..ab2be57 100644 ...@@ -90,7 +90,7 @@ index 9b553ce..ab2be57 100644
+ w2.add(4, 2) + w2.add(4, 2)
+ # version + # version
+ w2.add(0, 1) + w2.add(0, 1)
+ w2.add(4, 1) + w2.add(6, 1)
+ # length of params (defined as variable length <1..2^8-1>, but in + # length of params (defined as variable length <1..2^8-1>, but in
+ # this context the server can only send a single value. + # this context the server can only send a single value.
+ w2.add(1, 1) + w2.add(1, 1)
......
...@@ -194,7 +194,7 @@ class ClientHello(HandshakeMsg): ...@@ -194,7 +194,7 @@ class ClientHello(HandshakeMsg):
p2 = Parser(tokenBindingBytes) p2 = Parser(tokenBindingBytes)
ver_minor = p2.get(1) ver_minor = p2.get(1)
ver_major = p2.get(1) ver_major = p2.get(1)
if (ver_major, ver_minor) >= (0, 3): if (ver_major, ver_minor) >= (0, 6):
p2.startLengthCheck(1) p2.startLengthCheck(1)
while not p2.atLengthCheck(): while not p2.atLengthCheck():
self.tb_client_params.append(p2.get(1)) self.tb_client_params.append(p2.get(1))
...@@ -382,7 +382,7 @@ class ServerHello(HandshakeMsg): ...@@ -382,7 +382,7 @@ class ServerHello(HandshakeMsg):
w2.add(4, 2) w2.add(4, 2)
# version # version
w2.add(0, 1) w2.add(0, 1)
w2.add(4, 1) w2.add(6, 1)
# length of params (defined as variable length <1..2^8-1>, but in # length of params (defined as variable length <1..2^8-1>, but in
# this context the server can only send a single value. # this context the server can only send a single value.
w2.add(1, 1) w2.add(1, 1)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment