Add client-side support for the origin bound certificate TLS extension.

net/third_party/nss/ssl/ssl3ext.c

Index: net/third_party/nss/ssl/ssl3ext.c
===================================================================
--- net/third_party/nss/ssl/ssl3ext.c	(revision 91902)
+++ net/third_party/nss/ssl/ssl3ext.c	(working copy)
@@ -248,12 +248,14 @@
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
     { ssl_next_proto_neg_xtn,     &ssl3_ClientHandleNextProtoNegoXtn },
     { ssl_cached_info_xtn,        &ssl3_ClientHandleCachedInfoXtn },
+    { ssl_ob_cert_xtn,            &ssl3_ClientHandleOBCertXtn },

[wtc, 2011/07/13 01:17:15]

Nit: list this after ssl_cert_status_xtn for consistency
with the clientHelloSendersTLS array.

     { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
     { -1, NULL }
 };
 
 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
+    { ssl_ob_cert_xtn,            &ssl3_ClientHandleOBCertXtn },

[wtc, 2011/07/13 01:17:15]

BUG: remove this.  In SSL 3.0 the only extension we support
is the renegotiation info extension.

     { -1, NULL }
 };
 
@@ -274,7 +276,8 @@
     { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
     { ssl_next_proto_neg_xtn,     &ssl3_ClientSendNextProtoNegoXtn },
     { ssl_cached_info_xtn,        &ssl3_ClientSendCachedInfoXtn },
-    { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn }
+    { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
+    { ssl_ob_cert_xtn,            &ssl3_ClientSendOBCertXtn }
     /* any extra entries will appear as { 0, NULL }    */
 };
 
@@ -1867,3 +1870,100 @@
     return rv;
 }
 
+PRInt32
+ssl3_ClientSendOBCertXtn(sslSocket * ss, PRBool append,
+                       PRUint32 maxBytes)

[wtc, 2011/07/13 01:17:15]

Align the arguments properly.

Make the same change to other functions below.

+{
+    SECStatus rv;
+    TLSExtensionData *xtnData = &ss->xtnData;
+ 
+   if (!ss)

[wtc, 2011/07/13 01:17:15]

Indentation seems wrong.

+    	return 0;
+    
+    /* extension length = extension_type (2-bytes) +
+     * length(extension_data) (2-bytes) +
+     */
+
+    PRUint32 extension_length = 4;
+
+    if (append && maxBytes >= extension_length) {
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2); 
+        if (rv != SECSuccess) return -1;
+        /* length of extension_data */
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); 
+        if (rv != SECSuccess) return -1;
+
+	xtnData = &ss->xtnData;
+	xtnData->advertised[xtnData->numAdvertised++] = ssl_ob_cert_xtn;
+    }
+
+    return extension_length;
+}
+
+SECStatus
+ssl3_ServerHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type,
+				  SECItem *data)
+{
+    SECStatus rv;
+
+    /* TODO(rkn): Is enableOBCerts true only when we actually want an OBCert? */

[wtc, 2011/07/13 01:17:15]

Good question.  I believe that the condition "we actually
want an OBCert" requires both the SSL_ENABLE_OB_CERTS and
SSL_REQUEST_CERTIFICATE options to be set.  Please find
out how that translates to code.

FYI, here's how the NSS selfserv test program requests SSL
client auth:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/cmd/selfserv...

+    /* Ignore the OBCert extension if it is disabled. */
+    if (!ss->opt.enableOBCerts)
+	return SECSuccess;
+
+    /* The echoed extension must be empty. */
+    if (data->len != 0)
+	return SECFailure;
+
+    /* Keep track of negotiated extensions. */
+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+
+    return SECSuccess;
+}
+
+PRInt32
+ssl3_ServerSendOBCertXtn(sslSocket * ss, PRBool append,
+                       PRUint32 maxBytes)
+{
+    SECStatus rv;
+    if (!ss)
+    	return 0;
+    
+    /* extension length = extension_type (2-bytes) +
+     * length(extension_data) (2-bytes) +
+     */
+
+    PRUint32 extension_length = 4;
+
+    if (append && maxBytes >= extension_length) {
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_ob_cert_xtn, 2); 
+        if (rv != SECSuccess) return -1;
+        /* length of extension_data */
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); 
+        if (rv != SECSuccess) return -1;
+    }
+
+    return extension_length;
+}
+
+SECStatus
+ssl3_ClientHandleOBCertXtn(sslSocket *ss, PRUint16 ex_type,
+				  SECItem *data)
+{
+    /* If we didn't request this extension, then the server may not echo it. */
+    if (!ss->opt.enableOBCerts)
+	return SECFailure;
+
+    /* The echoed extension must be empty. */
+    if (data->len != 0)
+	return SECFailure;
+
+    ss->ssl3.hs.may_get_cert_status = PR_TRUE;

[wtc, 2011/07/13 01:17:15]

I think this line should be deleted.  (It must have been copied
from the cert_status extension handler.)

+
+    /* Keep track of negotiated extensions. */
+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+
+    return SECSuccess;
+}