net/socket/ssl_client_socket_openssl.h - Issue 1360633002: Implement Token Binding negotiation TLS extension

Side by Side Diff: net/socket/ssl_client_socket_openssl.h

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags

Patch Set: update to latest version of tb nego spec; tweak SSLConfig Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_	5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_

6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_	6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_

7	7

8 #include <openssl/base.h>	8 #include <openssl/base.h>

9 #include <openssl/ssl.h>	9 #include <openssl/ssl.h>

10 #include <stdint.h>	10 #include <stdint.h>

(...skipping 192 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
203 const EVP_MD* md,	203 const EVP_MD* md,

204 const uint8_t* in,	204 const uint8_t* in,

205 size_t in_len);	205 size_t in_len);

206 ssl_private_key_result_t PrivateKeySignCompleteCallback(uint8_t* out,	206 ssl_private_key_result_t PrivateKeySignCompleteCallback(uint8_t* out,

207 size_t* out_len,	207 size_t* out_len,

208 size_t max_out);	208 size_t max_out);

209	209

210 void OnPrivateKeySignComplete(Error error,	210 void OnPrivateKeySignComplete(Error error,

211 const std::vector<uint8_t>& signature);	211 const std::vector<uint8_t>& signature);

212	212

	213 // Token Binding Extension callbacks. RegisterTokenBindingExtensionCallbacks

	214 // sets the following static methods as the callbacks for the boringssl custom

	215 // extension API. The Add and Parse callbacks are wrappers around the instance

	216 // methods; The Free callback is a wrapper around OPENSSL_free.
	davidben 2015/11/04 00:40:36 "; The" -> "; the" Though I'd probably just drop "; The" -> "; the" Though I'd probably just drop that bit altogether. I don't think readers of the header file need to know that's what the Free callbacbk is. nharper 2015/11/04 02:28:04 Done. Show quoted text On 2015/11/04 00:40:36, davidben wrote: > "; The" -> "; the" > > Though I'd probably just drop that bit altogether. I don't think readers of the > header file need to know that's what the Free callbacbk is. Done.
	217 static bool RegisterTokenBindingExtensionCallbacks(SSL_CTX* ssl_ctx);

	218 static int TokenBindingAddCallback(SSL* ssl,

	219 unsigned int extension_value,

	220 const uint8_t** out,

	221 size_t* out_len,

	222 int* out_alert_value,

	223 void* add_arg);

	224 static void TokenBindingFreeCallback(SSL* ssl,

	225 unsigned int extension_value,

	226 const uint8_t* out,

	227 void* add_arg);

	228 static int TokenBindingParseCallback(SSL* ssl,

	229 unsigned int extension_value,

	230 const uint8_t* contents,

	231 size_t contents_len,

	232 int* out_alert_value,

	233 void* parse_arg);

	234

	235 int TokenBindingAdd(const uint8_t** out,

	236 size_t* out_len,

	237 int* out_alert_value);

	238 int TokenBindingParse(const uint8_t* contents,

	239 size_t contents_len,

	240 int* out_alert_value);

	241

213 bool transport_send_busy_;	242 bool transport_send_busy_;

214 bool transport_recv_busy_;	243 bool transport_recv_busy_;

215	244

216 // Buffers which are shared by BoringSSL and SSLClientSocketOpenSSL.	245 // Buffers which are shared by BoringSSL and SSLClientSocketOpenSSL.

217 // GrowableIOBuffer is used to keep ownership and setting offset.	246 // GrowableIOBuffer is used to keep ownership and setting offset.

218 scoped_refptr<GrowableIOBuffer> send_buffer_;	247 scoped_refptr<GrowableIOBuffer> send_buffer_;

219 scoped_refptr<GrowableIOBuffer> recv_buffer_;	248 scoped_refptr<GrowableIOBuffer> recv_buffer_;

220	249

221 CompletionCallback user_connect_callback_;	250 CompletionCallback user_connect_callback_;

222 CompletionCallback user_read_callback_;	251 CompletionCallback user_read_callback_;

(...skipping 51 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
274 CertVerifier* const cert_verifier_;	303 CertVerifier* const cert_verifier_;

275 scoped_ptr<CertVerifier::Request> cert_verifier_request_;	304 scoped_ptr<CertVerifier::Request> cert_verifier_request_;

276 base::TimeTicks start_cert_verification_time_;	305 base::TimeTicks start_cert_verification_time_;

277	306

278 // Certificate Transparency: Verifier and result holder.	307 // Certificate Transparency: Verifier and result holder.

279 ct::CTVerifyResult ct_verify_result_;	308 ct::CTVerifyResult ct_verify_result_;

280 CTVerifier* cert_transparency_verifier_;	309 CTVerifier* cert_transparency_verifier_;

281	310

282 // The service for retrieving Channel ID keys. May be NULL.	311 // The service for retrieving Channel ID keys. May be NULL.

283 ChannelIDService* channel_id_service_;	312 ChannelIDService* channel_id_service_;

	313 bool tb_was_negotiated_;

	314 TokenBindingParam tb_negotiated_param_;

284	315

285 // OpenSSL stuff	316 // OpenSSL stuff

286 SSL* ssl_;	317 SSL* ssl_;

287 BIO* transport_bio_;	318 BIO* transport_bio_;

288	319

289 scoped_ptr<ClientSocketHandle> transport_;	320 scoped_ptr<ClientSocketHandle> transport_;

290 const HostPortPair host_and_port_;	321 const HostPortPair host_and_port_;

291 SSLConfig ssl_config_;	322 SSLConfig ssl_config_;

292 // ssl_session_cache_shard_ is an opaque string that partitions the SSL	323 // ssl_session_cache_shard_ is an opaque string that partitions the SSL

293 // session cache. i.e. sessions created with one value will not attempt to	324 // session cache. i.e. sessions created with one value will not attempt to

(...skipping 43 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
337 // pinning failure. It is a (somewhat) human-readable string.	368 // pinning failure. It is a (somewhat) human-readable string.

338 std::string pinning_failure_log_;	369 std::string pinning_failure_log_;

339	370

340 BoundNetLog net_log_;	371 BoundNetLog net_log_;

341 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_;	372 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_;

342 };	373 };

343	374

344 } // namespace net	375 } // namespace net

345	376

346 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_	377 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_

OLD	NEW

« net/log/net_log_event_type_list.h ('K') | « net/log/net_log_event_type_list.h ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')