Implement Token Binding negotiation TLS extension

net/socket/ssl_client_socket_openssl.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
 
 #include <openssl/base.h>
+#include <openssl/bytestring.h>
 #include <openssl/ssl.h>
 
 #include <string>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/base/io_buffer.h"
@@ skipping 69 matching lines @@
   int Read(IOBuffer* buf,
            int buf_len,
            const CompletionCallback& callback) override;
   int Write(IOBuffer* buf,
             int buf_len,
             const CompletionCallback& callback) override;
   int SetReceiveBufferSize(int32 size) override;
   int SetSendBufferSize(int32 size) override;
 
  private:
+  // Stores the state and result of the token binding negotiation TLS extension.
+  // (draft-ietf-tokbind-negotiation-00).
+  class TokenBindingExtension {
+   public:
+    static const unsigned int kExtNum = 30033;

[davidben, 2015/10/01 16:15:17]

I believe this is actually an ODR violation for weird reasons. There was some
Chromium-dev thread. Ditto below. A lot of this can probably get stuffed into
the cc file somewhere.

There's actually little enough state here, that I might just fold them into
SSLClientSocketOpenSSL. That class is pretty intertwined with everything anyway
and it doesn't look like the individual methods here do much, outside the
extension callbacks.

[nharper, 2015/10/01 19:12:23]

To be clear, you're suggesting removing the TokenBindingExtension class and
folding its methods and members into SSLClientSocketOpenSSL? That sounds
reasonable enough.

+
+    // Token Binding ProtocolVersion that this extension supports.
+    static const uint8_t kProtocolVersionMajor = 0;
+    static const uint8_t kProtocolVersionMinor = 2;
+    static const uint8_t kMinProtocolVersionMajor = 0;
+    static const uint8_t kMinProtocolVersionMinor = 2;
+
+    TokenBindingExtension();
+    ~TokenBindingExtension();
+
+    // Sets the supported key params to use in negotiation. If empty, token
+    // binding will not be negotiated.
+    void SetParams(const std::vector<TokenBindingParam>& params);
+
+    // Returns which TokenBindingParam was negotiated. This value is only valid
+    // if WasNegotiated returns true.
+    TokenBindingParam NegotiationResult() const;
+
+    // Returns whether token binding was negotiated.
+    bool WasNegotiated() const;
+
+    // Sets the custom extension api callbacks to ClientAddCallback,
+    // ClientFreeCallback, and ClientParseCallback. The callbacks are static
+    // methods (since the OpenSSL api takes function pointers) and are wrappers
+    // to call ClientAdd or ClientParse on the TokenBindingExtension object that
+    // is a member of the SSLClientSocketOpenSSL for the corresponding SSL
+    // struct passed in to the callback.
+    static bool RegisterCallbacks(SSL_CTX* ssl_ctx);
+
+   private:
+    static int ClientAddCallback(SSL* ssl,
+                                 unsigned int extension_value,
+                                 const uint8_t** out,
+                                 size_t* out_len,
+                                 int* out_alert_value,
+                                 void* add_arg);
+    static void ClientFreeCallback(SSL* ssl,
+                                   unsigned int extension_value,
+                                   const uint8_t* out,
+                                   void* add_arg);
+    static int ClientParseCallback(SSL* ssl,
+                                   unsigned int extension_value,
+                                   const uint8_t* contents,
+                                   size_t contents_len,
+                                   int* out_alert_value,
+                                   void* parse_arg);

[davidben, 2015/10/01 16:15:17]

The random static methods thus far have ended up on SSLContext so they needn't
be in the header.

[nharper, 2015/10/02 03:31:27]

These static methods are calling the private methods. Is there a way to leave
them out of the header while still declaring and defining a private method in
the .cc file? I tried making them functions in the anonymous namespace in the
.cc file, but that didn't work because they were calling private methods.

+
+    int ClientAdd(const uint8_t** out, size_t* out_len, int* out_alert_value);
+    int ClientParse(const uint8_t* contents,
+                    size_t contents_len,
+                    int* out_alert_value);
+
+    bool negotiated_;
+    TokenBindingParam negotiated_param_;
+    std::vector<TokenBindingParam> supported_params_;
+  };
   class PeerCertificateChain;
   class SSLContext;
   friend class SSLClientSocket;
   friend class SSLContext;
+  friend class TokenBindingExtension;
 
   int Init();
   void DoReadCallback(int result);
   void DoWriteCallback(int result);
 
   bool DoTransportIO();
   int DoHandshake();
   int DoHandshakeComplete(int result);
   int DoChannelIDLookup();
   int DoChannelIDLookupComplete(int result);
+  int DoTokenBindingLookup();
+  int DoTokenBindingLookupComplete(int result);
   int DoVerifyCert(int result);
   int DoVerifyCertComplete(int result);
   void DoConnectCallback(int result);
   void UpdateServerCert();
   void VerifyCT();
 
   void OnHandshakeIOComplete(int result);
   void OnSendComplete(int result);
   void OnRecvComplete(int result);
 
@@ skipping 147 matching lines @@
   CertVerifier* const cert_verifier_;
   scoped_ptr<CertVerifier::Request> cert_verifier_request_;
   base::TimeTicks start_cert_verification_time_;
 
   // Certificate Transparency: Verifier and result holder.
   ct::CTVerifyResult ct_verify_result_;
   CTVerifier* cert_transparency_verifier_;
 
   // The service for retrieving Channel ID keys.  May be NULL.
   ChannelIDService* channel_id_service_;
+  TokenBindingExtension token_binding_extension_;
 
   // OpenSSL stuff
   SSL* ssl_;
   BIO* transport_bio_;
 
   scoped_ptr<ClientSocketHandle> transport_;
   const HostPortPair host_and_port_;
   SSLConfig ssl_config_;
   // ssl_session_cache_shard_ is an opaque string that partitions the SSL
   // session cache. i.e. sessions created with one value will not attempt to
   // resume on the socket with a different value.
   const std::string ssl_session_cache_shard_;
 
   enum State {
     STATE_NONE,
     STATE_HANDSHAKE,
     STATE_HANDSHAKE_COMPLETE,
     STATE_CHANNEL_ID_LOOKUP,
     STATE_CHANNEL_ID_LOOKUP_COMPLETE,
+    STATE_TOKEN_BINDING_LOOKUP,
+    STATE_TOKEN_BINDING_LOOKUP_COMPLETE,
     STATE_VERIFY_CERT,
     STATE_VERIFY_CERT_COMPLETE,
   };
   State next_handshake_state_;
 
   // True if the socket has been disconnected.
   bool disconnected_;
 
   NextProtoStatus npn_status_;
   std::string npn_proto_;
@@ skipping 24 matching lines @@
   // pinning failure. It is a (somewhat) human-readable string.
   std::string pinning_failure_log_;
 
   BoundNetLog net_log_;
   base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_