OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include "base/metrics/histogram_macros.h" | 7 #include "base/metrics/histogram_macros.h" |
8 #include "base/metrics/sparse_histogram.h" | 8 #include "base/metrics/sparse_histogram.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "crypto/ec_private_key.h" | 10 #include "crypto/ec_private_key.h" |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
148 else if (!supports_ecc) | 148 else if (!supports_ecc) |
149 supported = CLIENT_NO_ECC; | 149 supported = CLIENT_NO_ECC; |
150 else | 150 else |
151 supported = CLIENT_ONLY; | 151 supported = CLIENT_ONLY; |
152 } | 152 } |
153 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 153 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
154 CHANNEL_ID_USAGE_MAX); | 154 CHANNEL_ID_USAGE_MAX); |
155 } | 155 } |
156 | 156 |
157 // static | 157 // static |
158 void SSLClientSocket::RecordTokenBindingSupport( | |
159 const SSLConfig& ssl_config, | |
160 ChannelIDService* channel_id_service, | |
davidben
2015/10/15 21:52:08
Since TB won't touch ChannelIDService from SSLClie
nharper
2015/10/20 22:52:18
Gone.
| |
161 bool negotiated_token_binding) { | |
162 // This enum is used for UMA histograms - do not remove or change any values. | |
163 enum { | |
164 DISABLED = 0, | |
165 CLIENT_ONLY = 1, | |
166 CLIENT_AND_SERVER = 2, | |
167 CLIENT_NO_ECC = 3, | |
168 CLIENT_NO_CHANNEL_ID_SERVICE = 4, | |
169 TOKEN_BINDING_USAGE_MAX | |
170 } supported = DISABLED; | |
171 if (negotiated_token_binding) { | |
172 supported = CLIENT_AND_SERVER; | |
173 } else if (IsTokenBindingEnabled(ssl_config, channel_id_service)) { | |
174 if (!channel_id_service) { | |
175 supported = CLIENT_NO_CHANNEL_ID_SERVICE; | |
176 } else if (!crypto::ECPrivateKey::IsSupported()) { | |
davidben
2015/10/15 21:52:08
Oh! I'll go ahead and unwind that code. (https://c
| |
177 supported = CLIENT_NO_ECC; | |
178 } else { | |
179 supported = CLIENT_ONLY; | |
180 } | |
181 } | |
182 UMA_HISTOGRAM_ENUMERATION("TokenBinding.Support", supported, | |
183 TOKEN_BINDING_USAGE_MAX); | |
184 } | |
185 | |
186 // static | |
158 bool SSLClientSocket::IsChannelIDEnabled( | 187 bool SSLClientSocket::IsChannelIDEnabled( |
159 const SSLConfig& ssl_config, | 188 const SSLConfig& ssl_config, |
160 ChannelIDService* channel_id_service) { | 189 ChannelIDService* channel_id_service) { |
161 if (!ssl_config.channel_id_enabled) | 190 if (!ssl_config.channel_id_enabled) |
162 return false; | 191 return false; |
163 if (!channel_id_service) { | 192 if (!channel_id_service) { |
164 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID."; | 193 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID."; |
165 return false; | 194 return false; |
166 } | 195 } |
167 if (!crypto::ECPrivateKey::IsSupported()) { | 196 if (!crypto::ECPrivateKey::IsSupported()) { |
168 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; | 197 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; |
169 return false; | 198 return false; |
170 } | 199 } |
171 return true; | 200 return true; |
172 } | 201 } |
173 | 202 |
174 // static | 203 // static |
204 bool SSLClientSocket::IsTokenBindingEnabled( | |
205 const SSLConfig& ssl_config, | |
206 ChannelIDService* channel_id_service) { | |
davidben
2015/10/15 21:52:08
Ditto re ChannelIDService not being involved.
nharper
2015/10/20 22:52:18
This method is now gone.
| |
207 if (ssl_config.token_binding_params.size() != 1 || | |
208 ssl_config.token_binding_params[0] != TB_PARAM_ECDSAP256_SHA256) { | |
209 return false; | |
210 } | |
211 return IsChannelIDEnabled(ssl_config, channel_id_service); | |
davidben
2015/10/15 21:52:08
(This doesn't really make sense anyway since TB ma
| |
212 } | |
213 | |
214 // static | |
175 bool SSLClientSocket::HasCipherAdequateForHTTP2( | 215 bool SSLClientSocket::HasCipherAdequateForHTTP2( |
176 const std::vector<uint16>& cipher_suites) { | 216 const std::vector<uint16>& cipher_suites) { |
177 for (uint16 cipher : cipher_suites) { | 217 for (uint16 cipher : cipher_suites) { |
178 if (IsSecureTLSCipherSuite(cipher)) | 218 if (IsSecureTLSCipherSuite(cipher)) |
179 return true; | 219 return true; |
180 } | 220 } |
181 return false; | 221 return false; |
182 } | 222 } |
183 | 223 |
184 // static | 224 // static |
(...skipping 19 matching lines...) Expand all Loading... | |
204 wire_protos.push_back(proto.size()); | 244 wire_protos.push_back(proto.size()); |
205 for (const char ch : proto) { | 245 for (const char ch : proto) { |
206 wire_protos.push_back(static_cast<uint8_t>(ch)); | 246 wire_protos.push_back(static_cast<uint8_t>(ch)); |
207 } | 247 } |
208 } | 248 } |
209 | 249 |
210 return wire_protos; | 250 return wire_protos; |
211 } | 251 } |
212 | 252 |
213 } // namespace net | 253 } // namespace net |
OLD | NEW |