| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/spdy/spdy_credential_builder.h" |
| 6 |
| 7 #include "base/logging.h" |
| 8 #include "base/string_piece.h" |
| 9 #include "crypto/ec_private_key.h" |
| 10 #include "crypto/ec_signature_creator.h" |
| 11 #include "crypto/signature_creator.h" |
| 12 #include "net/base/asn1_util.h" |
| 13 #include "net/base/server_bound_cert_service.h" |
| 14 #include "net/base/net_errors.h" |
| 15 #include "net/socket/ssl_client_socket.h" |
| 16 #include "net/spdy/spdy_framer.h" |
| 17 |
| 18 namespace net { |
| 19 |
| 20 namespace { |
| 21 |
| 22 std::vector<uint8> ToVector(base::StringPiece piece) { |
| 23 return std::vector<uint8>(piece.data(), piece.data() + piece.length()); |
| 24 } |
| 25 |
| 26 } // namespace |
| 27 |
| 28 // static |
| 29 int SpdyCredentialBuilder::Build(std::string tls_unique, |
| 30 SSLClientCertType type, |
| 31 const std::string& key, |
| 32 const std::string& cert, |
| 33 size_t slot, |
| 34 SpdyCredential* credential) { |
| 35 if (type != CLIENT_CERT_ECDSA_SIGN) |
| 36 return ERR_BAD_SSL_CLIENT_AUTH_CERT; |
| 37 |
| 38 std::string secret = SpdyCredentialBuilder::GetCredentialSecret(tls_unique); |
| 39 |
| 40 // Extract the SubjectPublicKeyInfo from the certificate. |
| 41 base::StringPiece public_key_info; |
| 42 if(!asn1::ExtractSPKIFromDERCert(cert, &public_key_info)) |
| 43 return ERR_BAD_SSL_CLIENT_AUTH_CERT; |
| 44 |
| 45 // Next, extract the SubjectPublicKey data, which will actually |
| 46 // be stored in the cert field of the credential frame. |
| 47 base::StringPiece public_key; |
| 48 if (!asn1::ExtractSubjectPublicKeyFromSPKI(public_key_info, &public_key)) |
| 49 return ERR_BAD_SSL_CLIENT_AUTH_CERT; |
| 50 // Drop one byte of padding bits count from the BIT STRING |
| 51 // (this will always be zero). Drop one byte of X9.62 format specification |
| 52 // (this will always be 4 to indicated an uncompressed point). |
| 53 DCHECK_GT(public_key.length(), 2u); |
| 54 DCHECK_EQ(0, static_cast<int>(public_key[0])); |
| 55 DCHECK_EQ(4, static_cast<int>(public_key[1])); |
| 56 public_key = public_key.substr(2, public_key.length()); |
| 57 |
| 58 // Convert the strings into a vector<unit8> |
| 59 std::vector<uint8> proof_vector; |
| 60 scoped_ptr<crypto::ECPrivateKey> private_key( |
| 61 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 62 ServerBoundCertService::kEPKIPassword, |
| 63 ToVector(key), ToVector(public_key_info))); |
| 64 scoped_ptr<crypto::ECSignatureCreator> creator( |
| 65 crypto::ECSignatureCreator::Create(private_key.get())); |
| 66 creator->Sign(reinterpret_cast<const unsigned char *>(secret.data()), |
| 67 secret.length(), &proof_vector); |
| 68 |
| 69 credential->slot = slot; |
| 70 credential->certs.push_back(public_key.as_string()); |
| 71 credential->proof.assign(proof_vector.begin(), proof_vector.end()); |
| 72 return OK; |
| 73 } |
| 74 |
| 75 // static |
| 76 std::string SpdyCredentialBuilder::GetCredentialSecret(std::string tls_unique) { |
| 77 const char prefix[] = "SPDY CREDENTIAL ChannelID\0client -> server"; |
| 78 std::string secret(prefix, arraysize(prefix)); |
| 79 secret.append(tls_unique); |
| 80 |
| 81 return secret; |
| 82 } |
| 83 |
| 84 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10807088:
Implement TLS Channel ID support for SPDY CREDENTIAL frames (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src