Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(595)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: rebase Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/net/ssl_config_service_manager_pref.cc ('K') | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_openssl.h » ('j') | net/socket/ssl_client_socket_openssl.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/metrics/histogram_macros.h" 7 #include "base/metrics/histogram_macros.h"
8 #include "base/metrics/sparse_histogram.h" 8 #include "base/metrics/sparse_histogram.h"
9 #include "base/strings/string_util.h" 9 #include "base/strings/string_util.h"
10 #include "crypto/ec_private_key.h" 10 #include "crypto/ec_private_key.h"
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after
143 if (negotiated_channel_id) { 143 if (negotiated_channel_id) {
144 supported = CLIENT_AND_SERVER; 144 supported = CLIENT_AND_SERVER;
145 } else if (channel_id_enabled) { 145 } else if (channel_id_enabled) {
146 if (!channel_id_service) 146 if (!channel_id_service)
147 supported = CLIENT_NO_CHANNEL_ID_SERVICE; 147 supported = CLIENT_NO_CHANNEL_ID_SERVICE;
148 else if (!supports_ecc) 148 else if (!supports_ecc)
149 supported = CLIENT_NO_ECC; 149 supported = CLIENT_NO_ECC;
150 else 150 else
151 supported = CLIENT_ONLY; 151 supported = CLIENT_ONLY;
152 } 152 }
153 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, 153 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
mattm 2015/09/24 22:13:12 Add a similar histogram for token binding?
nharper 2015/09/28 21:43:38 Done.
154 CHANNEL_ID_USAGE_MAX); 154 CHANNEL_ID_USAGE_MAX);
155 } 155 }
156 156
157 // static 157 // static
158 bool SSLClientSocket::IsChannelIDEnabled( 158 bool SSLClientSocket::IsChannelIDEnabled(
159 const SSLConfig& ssl_config, 159 const SSLConfig& ssl_config,
160 ChannelIDService* channel_id_service) { 160 ChannelIDService* channel_id_service) {
161 if (!ssl_config.channel_id_enabled) 161 if (!ssl_config.channel_id_enabled)
162 return false; 162 return false;
163 if (!channel_id_service) { 163 if (!channel_id_service) {
164 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID."; 164 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID.";
165 return false; 165 return false;
166 } 166 }
167 if (!crypto::ECPrivateKey::IsSupported()) { 167 if (!crypto::ECPrivateKey::IsSupported()) {
168 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; 168 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID.";
169 return false; 169 return false;
170 } 170 }
171 return true; 171 return true;
172 } 172 }
173 173
174 // static 174 // static
175 bool SSLClientSocket::IsTokenBindingEnabled(
176 const SSLConfig& ssl_config,
177 ChannelIDService* channel_id_service) {
178 if (ssl_config.token_binding_params.size() != 1 ||
179 ssl_config.token_binding_params[0] != TB_PARAM_ECDSAP256_SHA256) {
180 return false;
181 }
182 return IsChannelIDEnabled(ssl_config, channel_id_service);
183 }
184
185 // static
175 bool SSLClientSocket::HasCipherAdequateForHTTP2( 186 bool SSLClientSocket::HasCipherAdequateForHTTP2(
176 const std::vector<uint16>& cipher_suites) { 187 const std::vector<uint16>& cipher_suites) {
177 for (uint16 cipher : cipher_suites) { 188 for (uint16 cipher : cipher_suites) {
178 if (IsSecureTLSCipherSuite(cipher)) 189 if (IsSecureTLSCipherSuite(cipher))
179 return true; 190 return true;
180 } 191 }
181 return false; 192 return false;
182 } 193 }
183 194
184 // static 195 // static
(...skipping 23 matching lines...) Expand all
208 wire_protos.push_back(proto.size()); 219 wire_protos.push_back(proto.size());
209 for (const char ch : proto) { 220 for (const char ch : proto) {
210 wire_protos.push_back(static_cast<uint8_t>(ch)); 221 wire_protos.push_back(static_cast<uint8_t>(ch));
211 } 222 }
212 } 223 }
213 224
214 return wire_protos; 225 return wire_protos;
215 } 226 }
216 227
217 } // namespace net 228 } // namespace net
OLDNEW
« chrome/browser/net/ssl_config_service_manager_pref.cc ('K') | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_openssl.h » ('j') | net/socket/ssl_client_socket_openssl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698