OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
7 | 7 |
8 #include <openssl/base.h> | 8 #include <openssl/base.h> |
9 #include <openssl/bytestring.h> | |
9 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
10 | 11 |
11 #include <string> | 12 #include <string> |
12 #include <vector> | 13 #include <vector> |
13 | 14 |
14 #include "base/compiler_specific.h" | 15 #include "base/compiler_specific.h" |
15 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
16 #include "base/memory/weak_ptr.h" | 17 #include "base/memory/weak_ptr.h" |
17 #include "net/base/completion_callback.h" | 18 #include "net/base/completion_callback.h" |
18 #include "net/base/io_buffer.h" | 19 #include "net/base/io_buffer.h" |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
88 int Read(IOBuffer* buf, | 89 int Read(IOBuffer* buf, |
89 int buf_len, | 90 int buf_len, |
90 const CompletionCallback& callback) override; | 91 const CompletionCallback& callback) override; |
91 int Write(IOBuffer* buf, | 92 int Write(IOBuffer* buf, |
92 int buf_len, | 93 int buf_len, |
93 const CompletionCallback& callback) override; | 94 const CompletionCallback& callback) override; |
94 int SetReceiveBufferSize(int32 size) override; | 95 int SetReceiveBufferSize(int32 size) override; |
95 int SetSendBufferSize(int32 size) override; | 96 int SetSendBufferSize(int32 size) override; |
96 | 97 |
97 private: | 98 private: |
99 // Stores the state and result of the token binding negotiation TLS extension. | |
100 // (draft-ietf-tokbind-negotiation-00). | |
101 class TokenBindingExtension { | |
102 public: | |
103 static const unsigned int kExtNum = 30033; | |
davidben
2015/10/01 16:15:17
I believe this is actually an ODR violation for we
nharper
2015/10/01 19:12:23
To be clear, you're suggesting removing the TokenB
| |
104 | |
105 // Token Binding ProtocolVersion that this extension supports. | |
106 static const uint8_t kProtocolVersionMajor = 0; | |
107 static const uint8_t kProtocolVersionMinor = 2; | |
108 static const uint8_t kMinProtocolVersionMajor = 0; | |
109 static const uint8_t kMinProtocolVersionMinor = 2; | |
110 | |
111 TokenBindingExtension(); | |
112 ~TokenBindingExtension(); | |
113 | |
114 // Sets the supported key params to use in negotiation. If empty, token | |
115 // binding will not be negotiated. | |
116 void SetParams(const std::vector<TokenBindingParam>& params); | |
117 | |
118 // Returns which TokenBindingParam was negotiated. This value is only valid | |
119 // if WasNegotiated returns true. | |
120 TokenBindingParam NegotiationResult() const; | |
121 | |
122 // Returns whether token binding was negotiated. | |
123 bool WasNegotiated() const; | |
124 | |
125 // Sets the custom extension api callbacks to ClientAddCallback, | |
126 // ClientFreeCallback, and ClientParseCallback. The callbacks are static | |
127 // methods (since the OpenSSL api takes function pointers) and are wrappers | |
128 // to call ClientAdd or ClientParse on the TokenBindingExtension object that | |
129 // is a member of the SSLClientSocketOpenSSL for the corresponding SSL | |
130 // struct passed in to the callback. | |
131 static bool RegisterCallbacks(SSL_CTX* ssl_ctx); | |
132 | |
133 private: | |
134 static int ClientAddCallback(SSL* ssl, | |
135 unsigned int extension_value, | |
136 const uint8_t** out, | |
137 size_t* out_len, | |
138 int* out_alert_value, | |
139 void* add_arg); | |
140 static void ClientFreeCallback(SSL* ssl, | |
141 unsigned int extension_value, | |
142 const uint8_t* out, | |
143 void* add_arg); | |
144 static int ClientParseCallback(SSL* ssl, | |
145 unsigned int extension_value, | |
146 const uint8_t* contents, | |
147 size_t contents_len, | |
148 int* out_alert_value, | |
149 void* parse_arg); | |
davidben
2015/10/01 16:15:17
The random static methods thus far have ended up o
nharper
2015/10/02 03:31:27
These static methods are calling the private metho
| |
150 | |
151 int ClientAdd(const uint8_t** out, size_t* out_len, int* out_alert_value); | |
152 int ClientParse(const uint8_t* contents, | |
153 size_t contents_len, | |
154 int* out_alert_value); | |
155 | |
156 bool negotiated_; | |
157 TokenBindingParam negotiated_param_; | |
158 std::vector<TokenBindingParam> supported_params_; | |
159 }; | |
98 class PeerCertificateChain; | 160 class PeerCertificateChain; |
99 class SSLContext; | 161 class SSLContext; |
100 friend class SSLClientSocket; | 162 friend class SSLClientSocket; |
101 friend class SSLContext; | 163 friend class SSLContext; |
164 friend class TokenBindingExtension; | |
102 | 165 |
103 int Init(); | 166 int Init(); |
104 void DoReadCallback(int result); | 167 void DoReadCallback(int result); |
105 void DoWriteCallback(int result); | 168 void DoWriteCallback(int result); |
106 | 169 |
107 bool DoTransportIO(); | 170 bool DoTransportIO(); |
108 int DoHandshake(); | 171 int DoHandshake(); |
109 int DoHandshakeComplete(int result); | 172 int DoHandshakeComplete(int result); |
110 int DoChannelIDLookup(); | 173 int DoChannelIDLookup(); |
111 int DoChannelIDLookupComplete(int result); | 174 int DoChannelIDLookupComplete(int result); |
175 int DoTokenBindingLookup(); | |
176 int DoTokenBindingLookupComplete(int result); | |
112 int DoVerifyCert(int result); | 177 int DoVerifyCert(int result); |
113 int DoVerifyCertComplete(int result); | 178 int DoVerifyCertComplete(int result); |
114 void DoConnectCallback(int result); | 179 void DoConnectCallback(int result); |
115 void UpdateServerCert(); | 180 void UpdateServerCert(); |
116 void VerifyCT(); | 181 void VerifyCT(); |
117 | 182 |
118 void OnHandshakeIOComplete(int result); | 183 void OnHandshakeIOComplete(int result); |
119 void OnSendComplete(int result); | 184 void OnSendComplete(int result); |
120 void OnRecvComplete(int result); | 185 void OnRecvComplete(int result); |
121 | 186 |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
269 CertVerifier* const cert_verifier_; | 334 CertVerifier* const cert_verifier_; |
270 scoped_ptr<CertVerifier::Request> cert_verifier_request_; | 335 scoped_ptr<CertVerifier::Request> cert_verifier_request_; |
271 base::TimeTicks start_cert_verification_time_; | 336 base::TimeTicks start_cert_verification_time_; |
272 | 337 |
273 // Certificate Transparency: Verifier and result holder. | 338 // Certificate Transparency: Verifier and result holder. |
274 ct::CTVerifyResult ct_verify_result_; | 339 ct::CTVerifyResult ct_verify_result_; |
275 CTVerifier* cert_transparency_verifier_; | 340 CTVerifier* cert_transparency_verifier_; |
276 | 341 |
277 // The service for retrieving Channel ID keys. May be NULL. | 342 // The service for retrieving Channel ID keys. May be NULL. |
278 ChannelIDService* channel_id_service_; | 343 ChannelIDService* channel_id_service_; |
344 TokenBindingExtension token_binding_extension_; | |
279 | 345 |
280 // OpenSSL stuff | 346 // OpenSSL stuff |
281 SSL* ssl_; | 347 SSL* ssl_; |
282 BIO* transport_bio_; | 348 BIO* transport_bio_; |
283 | 349 |
284 scoped_ptr<ClientSocketHandle> transport_; | 350 scoped_ptr<ClientSocketHandle> transport_; |
285 const HostPortPair host_and_port_; | 351 const HostPortPair host_and_port_; |
286 SSLConfig ssl_config_; | 352 SSLConfig ssl_config_; |
287 // ssl_session_cache_shard_ is an opaque string that partitions the SSL | 353 // ssl_session_cache_shard_ is an opaque string that partitions the SSL |
288 // session cache. i.e. sessions created with one value will not attempt to | 354 // session cache. i.e. sessions created with one value will not attempt to |
289 // resume on the socket with a different value. | 355 // resume on the socket with a different value. |
290 const std::string ssl_session_cache_shard_; | 356 const std::string ssl_session_cache_shard_; |
291 | 357 |
292 enum State { | 358 enum State { |
293 STATE_NONE, | 359 STATE_NONE, |
294 STATE_HANDSHAKE, | 360 STATE_HANDSHAKE, |
295 STATE_HANDSHAKE_COMPLETE, | 361 STATE_HANDSHAKE_COMPLETE, |
296 STATE_CHANNEL_ID_LOOKUP, | 362 STATE_CHANNEL_ID_LOOKUP, |
297 STATE_CHANNEL_ID_LOOKUP_COMPLETE, | 363 STATE_CHANNEL_ID_LOOKUP_COMPLETE, |
364 STATE_TOKEN_BINDING_LOOKUP, | |
365 STATE_TOKEN_BINDING_LOOKUP_COMPLETE, | |
298 STATE_VERIFY_CERT, | 366 STATE_VERIFY_CERT, |
299 STATE_VERIFY_CERT_COMPLETE, | 367 STATE_VERIFY_CERT_COMPLETE, |
300 }; | 368 }; |
301 State next_handshake_state_; | 369 State next_handshake_state_; |
302 | 370 |
303 // True if the socket has been disconnected. | 371 // True if the socket has been disconnected. |
304 bool disconnected_; | 372 bool disconnected_; |
305 | 373 |
306 NextProtoStatus npn_status_; | 374 NextProtoStatus npn_status_; |
307 std::string npn_proto_; | 375 std::string npn_proto_; |
(...skipping 24 matching lines...) Expand all Loading... | |
332 // pinning failure. It is a (somewhat) human-readable string. | 400 // pinning failure. It is a (somewhat) human-readable string. |
333 std::string pinning_failure_log_; | 401 std::string pinning_failure_log_; |
334 | 402 |
335 BoundNetLog net_log_; | 403 BoundNetLog net_log_; |
336 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_; | 404 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_; |
337 }; | 405 }; |
338 | 406 |
339 } // namespace net | 407 } // namespace net |
340 | 408 |
341 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 409 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
OLD | NEW |