proxygen: fizz::extensions::TokenBindingConstructor Class Reference

#include <TokenBindingConstructor.h>

Static Public Member Functions
static TokenBinding	createTokenBinding (EVP_PKEY &keyPair, const Buf &ekm, TokenBindingKeyParameters negotiatedParameters, TokenBindingType type)

Static Private Member Functions
static Buf	encodeEcKey (const folly::ssl::EcKeyUniquePtr &ecKey)

static Buf	encodeEcdsaSignature (const folly::ssl::EcdsaSigUniquePtr &signature)

static Buf	signWithEcKey (const folly::ssl::EcKeyUniquePtr &key, const Buf &message)

static void	addBignumToSignature (const Buf &signature, BIGNUM *bigNum)

Detailed Description

Definition at line 17 of file TokenBindingConstructor.h.

Member Function Documentation

void fizz::extensions::TokenBindingConstructor::addBignumToSignature	(	const Buf &	signature,
		BIGNUM *	bigNum
	)

staticprivate

Definition at line 87 of file TokenBindingConstructor.cpp.

                     {
   auto length = BN_num_bytes(bigNum);
   if (length > TokenBindingUtils::kP256EcKeySize / 2) {
     throw std::runtime_error("ECDSA sig bignum is of incorrect size");
   }
   // if a bignum is less than 32 bytes long, it has a most significant byte
   // of 0, so we have to pad the buffer
   size_t padding = (TokenBindingUtils::kP256EcKeySize / 2) - length;
   std::memset(signature->writableTail(), 0x00, padding);
   signature->append(padding);
 
   auto lenActual = BN_bn2bin(bigNum, signature->writableTail());
   signature->append(lenActual);
   if (lenActual != length) {
     throw std::runtime_error("bn2bin returned unexpected value");
   }
 }

TokenBinding fizz::extensions::TokenBindingConstructor::createTokenBinding	(	EVP_PKEY &	keyPair,
		const Buf &	ekm,
		TokenBindingKeyParameters	negotiatedParameters,
		TokenBindingType	type
	)

static

Definition at line 24 of file TokenBindingConstructor.cpp.

References folly::IOBuf::create(), fizz::extensions::TokenBinding::extensions, fizz::extensions::TokenBindingID::key_parameters, folly::gen::move, fizz::extensions::TokenBinding::signature, fizz::extensions::TokenBinding::tokenbinding_type, fizz::extensions::TokenBinding::tokenbindingid, and type.

                            {
   if (negotiatedParameters != TokenBindingKeyParameters::ecdsap256) {
     throw std::runtime_error(folly::to<std::string>(
         "key params not implemented: ", negotiatedParameters));
   }
 
   EcKeyUniquePtr ecKey(EVP_PKEY_get1_EC_KEY(&keyPair));
   if (!ecKey) {
     throw std::runtime_error("Unable to retrieve EC Key");
   }
 
   TokenBinding binding;
   binding.tokenbinding_type = type;
   binding.extensions = folly::IOBuf::create(0);
 
   auto message =
       TokenBindingUtils::constructMessage(type, negotiatedParameters, ekm);
   binding.signature = signWithEcKey(ecKey, message);
 
   TokenBindingID id;
   id.key_parameters = negotiatedParameters;
   id.key = encodeEcKey(ecKey);
   binding.tokenbindingid = std::move(id);
   return binding;
 }

Buf fizz::extensions::TokenBindingConstructor::encodeEcdsaSignature ( const folly::ssl::EcdsaSigUniquePtr & signature )

staticprivate

Definition at line 71 of file TokenBindingConstructor.cpp.

References folly::IOBuf::create(), folly::portability::ssl::ECDSA_SIG_get0(), and s.

                                         {
   BIGNUM* r;
   BIGNUM* s;
   ECDSA_SIG_get0(signature.get(), (const BIGNUM**)&r, (const BIGNUM**)&s);
   if (!r || !s) {
     throw std::runtime_error("Unable to retrieve Bignum from ECDSA sig");
   }
 
   Buf encodedSignature =
       folly::IOBuf::create(TokenBindingUtils::kP256EcKeySize);
   addBignumToSignature(encodedSignature, r);
   addBignumToSignature(encodedSignature, s);
   return encodedSignature;
 }

Buf fizz::extensions::TokenBindingConstructor::encodeEcKey ( const folly::ssl::EcKeyUniquePtr & ecKey )

staticprivate

Definition at line 107 of file TokenBindingConstructor.cpp.

References fizz::detail::encodeECPublicKey().

                                                                     {
   auto ecKeyBuf = detail::encodeECPublicKey(ecKey);
   if (ecKeyBuf->isChained() ||
       ecKeyBuf->length() != TokenBindingUtils::kP256EcKeySize + 1) {
     throw std::runtime_error("Incorrect encoded EC Key Length");
   }
   ecKeyBuf->writableData()[0] = TokenBindingUtils::kP256EcKeySize;
   return ecKeyBuf;
 }

Buf fizz::extensions::TokenBindingConstructor::signWithEcKey	(	const folly::ssl::EcKeyUniquePtr &	key,
		const Buf &	message
	)

staticprivate

Definition at line 54 of file TokenBindingConstructor.cpp.

References fizz::Sha< Sha256 >::hash().

                         {
   std::array<uint8_t, fizz::Sha256::HashLen> hashedMessage;
   fizz::Sha256::hash(
       *message,
       folly::MutableByteRange(hashedMessage.data(), hashedMessage.size()));
 
   EcdsaSigUniquePtr ecSignature(
       ECDSA_do_sign(hashedMessage.data(), hashedMessage.size(), key.get()));
   if (!ecSignature.get()) {
     throw std::runtime_error("Unable to sign message with EC Key");
   }
 
   return encodeEcdsaSignature(ecSignature);
 }

The documentation for this class was generated from the following files:

proxygen/fizz/fizz/extensions/tokenbinding/TokenBindingConstructor.h
proxygen/fizz/fizz/extensions/tokenbinding/TokenBindingConstructor.cpp

Static Public Member Functions

Static Private Member Functions

Detailed Description

Member Function Documentation