Expose OpenSSL's key_exchange_info in the content API

net/http/http_response_info.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_response_info.h"
 
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/time/time.h"
 #include "net/base/auth.h"
@@ skipping 75 matching lines @@
   RESPONSE_INFO_HAS_CONNECTION_INFO = 1 << 18,
 
   // This bit is set if the request has http authentication.
   RESPONSE_INFO_USE_HTTP_AUTHENTICATION = 1 << 19,
 
   // This bit is set if ssl_info has SCTs.
   RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS = 1 << 20,
 
   RESPONSE_INFO_UNUSED_SINCE_PREFETCH = 1 << 21,
 
+  // This bit is set if the response has a key-exchange-info field at the end.
+  RESPONSE_INFO_HAS_KEY_EXCHANGE_INFO = 1 << 22,
+
   // TODO(darin): Add other bits to indicate alternate request methods.
   // For now, we don't support storing those.
 };
 
 HttpResponseInfo::HttpResponseInfo()
     : was_cached(false),
       server_data_unavailable(false),
       network_accessed(false),
       was_fetched_via_spdy(false),
       was_npn_negotiated(false),
@@ skipping 160 matching lines @@
     int value;
     if (!iter.ReadInt(&value))
       return false;
 
     if (value > static_cast<int>(CONNECTION_INFO_UNKNOWN) &&
         value < static_cast<int>(NUM_OF_CONNECTION_INFOS)) {
       connection_info = static_cast<ConnectionInfo>(value);
     }
   }
 
+  // Read key_exchange_info
+  if (flags & RESPONSE_INFO_HAS_KEY_EXCHANGE_INFO) {
+    int key_exchange_info;
+    if (!iter.ReadInt(&key_exchange_info))
+      return false;
+    ssl_info.key_exchange_info = key_exchange_info;

[Ryan Sleevi, 2015/09/15 08:23:21]

Is there any validation of |key_exchange_info| that can or should be done after
deserialization?

[sigbjorn, 2015/09/15 08:34:35]

This is modelled on security_bits above, which is an int with similar
characteristics. No further checks are done there. It would be possible to
verify it being non-negative in both places.

[estark, 2015/09/15 14:37:49]

|security_bits| can be -1 and it is actually sanity-checked in
DeserializeSecurityInfo:
https://code.google.com/p/chromium/codesearch#chromium/src/content/common/ssl...

[sigbjorn, 2015/09/15 15:10:56]

|key_exchange_info| is already sanity-checked in DeserializeSecurityInfo.

+  }
+
   was_fetched_via_spdy = (flags & RESPONSE_INFO_WAS_SPDY) != 0;
 
   was_npn_negotiated = (flags & RESPONSE_INFO_WAS_NPN) != 0;
 
   was_fetched_via_proxy = (flags & RESPONSE_INFO_WAS_PROXY) != 0;
 
   *response_truncated = (flags & RESPONSE_INFO_TRUNCATED) != 0;
 
   did_use_http_auth = (flags & RESPONSE_INFO_USE_HTTP_AUTHENTICATION) != 0;
 
   unused_since_prefetch = (flags & RESPONSE_INFO_UNUSED_SINCE_PREFETCH) != 0;
 
   return true;
 }
 
 void HttpResponseInfo::Persist(base::Pickle* pickle,
                                bool skip_transient_headers,
                                bool response_truncated) const {
   int flags = RESPONSE_INFO_VERSION;
   if (ssl_info.is_valid()) {
     flags |= RESPONSE_INFO_HAS_CERT;
     flags |= RESPONSE_INFO_HAS_CERT_STATUS;
     if (ssl_info.security_bits != -1)
       flags |= RESPONSE_INFO_HAS_SECURITY_BITS;
+    if (ssl_info.key_exchange_info != 0)
+      flags |= RESPONSE_INFO_HAS_KEY_EXCHANGE_INFO;
     if (ssl_info.connection_status != 0)
       flags |= RESPONSE_INFO_HAS_SSL_CONNECTION_STATUS;
   }
   if (vary_data.is_valid())
     flags |= RESPONSE_INFO_HAS_VARY_DATA;
   if (response_truncated)
     flags |= RESPONSE_INFO_TRUNCATED;
   if (was_fetched_via_spdy)
     flags |= RESPONSE_INFO_WAS_SPDY;
   if (was_npn_negotiated) {
@@ skipping 51 matching lines @@
     vary_data.Persist(pickle);
 
   pickle->WriteString(socket_address.host());
   pickle->WriteUInt16(socket_address.port());
 
   if (was_npn_negotiated)
     pickle->WriteString(npn_negotiated_protocol);
 
   if (connection_info != CONNECTION_INFO_UNKNOWN)
     pickle->WriteInt(static_cast<int>(connection_info));
+
+  // Write key_exchange_info here to provide backwards compatibility

[Ryan Sleevi, 2015/09/15 08:23:21]

Drop this comment; doesn't feel like it's adding much, especially if someone is
fresh reading this file.

(In particular, ambiguity regarding 'here' compared to....? that knowledge is
only clear from the context of this CL, not from the source itself)

[sigbjorn, 2015/09/15 08:34:35]

Done.

+  if (ssl_info.is_valid() && ssl_info.key_exchange_info != 0)
+    pickle->WriteInt(ssl_info.key_exchange_info);
 }
 
 HttpResponseInfo::ConnectionInfo HttpResponseInfo::ConnectionInfoFromNextProto(
     NextProto next_proto) {
   switch (next_proto) {
     case kProtoDeprecatedSPDY2:
       return CONNECTION_INFO_DEPRECATED_SPDY2;
     case kProtoSPDY3:
     case kProtoSPDY31:
       return CONNECTION_INFO_SPDY3;
@@ skipping 39 matching lines @@
     case CONNECTION_INFO_QUIC1_SPDY3:
       return "quic/1+spdy/3";
     case NUM_OF_CONNECTION_INFOS:
       break;
   }
   NOTREACHED();
   return "";
 }
 
 }  // namespace net