Implement Token Binding negotiation TLS extension

net/socket/ssl_client_socket_openssl.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
 
 #include <openssl/base.h>
+#include <openssl/bytestring.h>
 #include <openssl/ssl.h>
 
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/io_buffer.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/ct_verify_result.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/ssl/channel_id_service.h"
 #include "net/ssl/openssl_ssl_util.h"
 #include "net/ssl/ssl_client_cert_type.h"
 #include "net/ssl/ssl_config_service.h"
 #include "net/ssl/ssl_failure_state.h"
 
 namespace net {
 
 class CertVerifier;
 class CTVerifier;
 class SSLCertRequestInfo;
 class SSLInfo;
 class SSLPrivateKey;
 
+// Stores the state and result of the token binding negotiation TLS extension.
+// (draft-ietf-tokbind-negotiation-00).
+class TokenBindingExtension {

[mattm, 2015/09/24 22:13:13]

Maybe this should be a subclass of SSLClientSocketOpenSSL?

[nharper, 2015/09/28 21:43:39]

Done.

+ public:
+  static const unsigned int kExtNum = 30033;
+
+  // Token Binding ProtocolVersion that this extension supports.
+  static const uint8_t kProtocolVersionMajor = 0;
+  static const uint8_t kProtocolVersionMinor = 2;
+
+  TokenBindingExtension();
+  ~TokenBindingExtension();
+
+  // Sets the supported key params to use in negotiation. If empty, token
+  // binding will not be negotiated. Does not take ownership of |params|.
+  void SetParams(std::vector<TokenBindingParam>* params);
+
+  // Returns which TokenBindingParam was negotiated. This value is only valid if
+  // WasNegotiated returns true.
+  TokenBindingParam NegotiationResult() const;
+
+  // Returns whether token binding was negotiated.
+  bool WasNegotiated() const;
+
+  // Sets the custom extension api callbacks to ClientAddCallback,
+  // ClientFreeCallback, and ClientParseCallback. The callbacks are static
+  // methods (since the OpenSSL api takes function pointers) and are wrappers to
+  // call ClientAdd or ClientParse on the TokenBindingExtension object that is a
+  // member of the SSLClientSocketOpenSSL for the corresponding SSL struct
+  // passed in to the callback.
+  static int RegisterCallbacks(SSL_CTX* ssl_ctx);
+
+ private:
+  static int ClientAddCallback(SSL* s,
+                               unsigned int ext_type,
+                               const unsigned char** out,
+                               size_t* outlen,
+                               int* al,
+                               void* add_arg);
+  static void ClientFreeCallback(SSL* s,
+                                 unsigned int ext_type,
+                                 const unsigned char* out,
+                                 void* add_arg);
+  static int ClientParseCallback(SSL* s,
+                                 unsigned int ext_type,
+                                 const unsigned char* in,
+                                 size_t inlen,
+                                 int* al,
+                                 void* parse_arg);
+
+  int ClientAdd(SSL* s,
+                unsigned int ext_type,
+                const unsigned char** out,
+                size_t* outlen,
+                int* al);
+  int ClientParse(SSL* s,
+                  unsigned int ext_type,
+                  const unsigned char* in,
+                  size_t inlen,
+                  int* al);
+
+  bool negotiated_;
+  TokenBindingParam negotiated_param_;
+  std::vector<TokenBindingParam> supported_params_;
+};
+
 // An SSL client socket implemented with OpenSSL.
 class SSLClientSocketOpenSSL : public SSLClientSocket {
  public:
   // Takes ownership of the transport_socket, which may already be connected.
   // The given hostname will be compared with the name(s) in the server's
   // certificate during the SSL handshake.  ssl_config specifies the SSL
   // settings.
   SSLClientSocketOpenSSL(scoped_ptr<ClientSocketHandle> transport_socket,
                          const HostPortPair& host_and_port,
                          const SSLConfig& ssl_config,
@@ skipping 44 matching lines @@
             int buf_len,
             const CompletionCallback& callback) override;
   int SetReceiveBufferSize(int32 size) override;
   int SetSendBufferSize(int32 size) override;
 
  private:
   class PeerCertificateChain;
   class SSLContext;
   friend class SSLClientSocket;
   friend class SSLContext;
+  friend class TokenBindingExtension;
 
   int Init();
   void DoReadCallback(int result);
   void DoWriteCallback(int result);
 
   bool DoTransportIO();
   int DoHandshake();
   int DoHandshakeComplete(int result);
   int DoChannelIDLookup();
   int DoChannelIDLookupComplete(int result);
+  int DoTokenBindingLookup();
+  int DoTokenBindingLookupComplete(int result);
   int DoVerifyCert(int result);
   int DoVerifyCertComplete(int result);
   void DoConnectCallback(int result);
   void UpdateServerCert();
   void VerifyCT();
 
   void OnHandshakeIOComplete(int result);
   void OnSendComplete(int result);
   void OnRecvComplete(int result);
 
@@ skipping 148 matching lines @@
   CertVerifier* const cert_verifier_;
   scoped_ptr<CertVerifier::Request> cert_verifier_request_;
   base::TimeTicks start_cert_verification_time_;
 
   // Certificate Transparency: Verifier and result holder.
   ct::CTVerifyResult ct_verify_result_;
   CTVerifier* cert_transparency_verifier_;
 
   // The service for retrieving Channel ID keys.  May be NULL.
   ChannelIDService* channel_id_service_;
+  TokenBindingExtension token_binding_extension_;
 
   // OpenSSL stuff
   SSL* ssl_;
   BIO* transport_bio_;
 
   scoped_ptr<ClientSocketHandle> transport_;
   const HostPortPair host_and_port_;
   SSLConfig ssl_config_;
   // ssl_session_cache_shard_ is an opaque string that partitions the SSL
   // session cache. i.e. sessions created with one value will not attempt to
   // resume on the socket with a different value.
   const std::string ssl_session_cache_shard_;
 
   enum State {
     STATE_NONE,
     STATE_HANDSHAKE,
     STATE_HANDSHAKE_COMPLETE,
     STATE_CHANNEL_ID_LOOKUP,
     STATE_CHANNEL_ID_LOOKUP_COMPLETE,
+    STATE_TOKEN_BINDING_LOOKUP,
+    STATE_TOKEN_BINDING_LOOKUP_COMPLETE,
     STATE_VERIFY_CERT,
     STATE_VERIFY_CERT_COMPLETE,
   };
   State next_handshake_state_;
 
   // True if the socket has been disconnected.
   bool disconnected_;
 
   NextProtoStatus npn_status_;
   std::string npn_proto_;
@@ skipping 24 matching lines @@
   // pinning failure. It is a (somewhat) human-readable string.
   std::string pinning_failure_log_;
 
   BoundNetLog net_log_;
   base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_