Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(38)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_openssl.h

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: fix msvc error Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_openssl.h
diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
index 228214b42d6e2f5b925050f976a5a8274c0171c2..6bee84cb799987efcb94ff6c730a9a6743b3b04a 100644
--- a/net/socket/ssl_client_socket_openssl.h
+++ b/net/socket/ssl_client_socket_openssl.h
@@ -6,6 +6,7 @@
#define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
#include <openssl/base.h>
+#include <openssl/bytestring.h>
#include <openssl/ssl.h>
#include <string>
@@ -95,10 +96,72 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
int SetSendBufferSize(int32 size) override;
private:
+ // Stores the state and result of the token binding negotiation TLS extension.
+ // (draft-ietf-tokbind-negotiation-00).
+ class TokenBindingExtension {
+ public:
+ static const unsigned int kExtNum = 30033;
+
+ // Token Binding ProtocolVersion that this extension supports.
+ static const uint8_t kProtocolVersionMajor = 0;
+ static const uint8_t kProtocolVersionMinor = 2;
+ static const uint8_t kMinProtocolVersionMajor = 0;
+ static const uint8_t kMinProtocolVersionMinor = 2;
+
+ TokenBindingExtension();
+ ~TokenBindingExtension();
+
+ // Sets the supported key params to use in negotiation. If empty, token
+ // binding will not be negotiated.
+ void SetParams(const std::vector<TokenBindingParam>& params);
+
+ // Returns which TokenBindingParam was negotiated. This value is only valid
+ // if WasNegotiated returns true.
+ TokenBindingParam NegotiationResult() const;
+
+ // Returns whether token binding was negotiated.
+ bool WasNegotiated() const;
+
+ // Sets the custom extension api callbacks to ClientAddCallback,
+ // ClientFreeCallback, and ClientParseCallback. The callbacks are static
+ // methods (since the OpenSSL api takes function pointers) and are wrappers
+ // to call ClientAdd or ClientParse on the TokenBindingExtension object that
+ // is a member of the SSLClientSocketOpenSSL for the corresponding SSL
+ // struct passed in to the callback.
+ static bool RegisterCallbacks(SSL_CTX* ssl_ctx);
+
+ private:
+ static int ClientAddCallback(SSL* ssl,
+ unsigned int extension_value,
+ const uint8_t** out,
+ size_t* out_len,
+ int* out_alert_value,
+ void* add_arg);
+ static void ClientFreeCallback(SSL* ssl,
+ unsigned int extension_value,
+ const uint8_t* out,
+ void* add_arg);
+ static int ClientParseCallback(SSL* ssl,
+ unsigned int extension_value,
+ const uint8_t* contents,
+ size_t contents_len,
+ int* out_alert_value,
+ void* parse_arg);
+
+ int ClientAdd(const uint8_t** out, size_t* out_len, int* out_alert_value);
+ int ClientParse(const uint8_t* contents,
+ size_t contents_len,
+ int* out_alert_value);
+
+ bool negotiated_;
+ TokenBindingParam negotiated_param_;
+ std::vector<TokenBindingParam> supported_params_;
+ };
class PeerCertificateChain;
class SSLContext;
friend class SSLClientSocket;
friend class SSLContext;
+ friend class TokenBindingExtension;
int Init();
void DoReadCallback(int result);
@@ -109,6 +172,8 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
int DoHandshakeComplete(int result);
int DoChannelIDLookup();
int DoChannelIDLookupComplete(int result);
+ int DoTokenBindingLookup();
+ int DoTokenBindingLookupComplete(int result);
int DoVerifyCert(int result);
int DoVerifyCertComplete(int result);
void DoConnectCallback(int result);
@@ -276,6 +341,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
// The service for retrieving Channel ID keys. May be NULL.
ChannelIDService* channel_id_service_;
+ TokenBindingExtension token_binding_extension_;
// OpenSSL stuff
SSL* ssl_;
@@ -295,6 +361,8 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
STATE_HANDSHAKE_COMPLETE,
STATE_CHANNEL_ID_LOOKUP,
STATE_CHANNEL_ID_LOOKUP_COMPLETE,
+ STATE_TOKEN_BINDING_LOOKUP,
+ STATE_TOKEN_BINDING_LOOKUP_COMPLETE,
STATE_VERIFY_CERT,
STATE_VERIFY_CERT_COMPLETE,
};
« no previous file with comments | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698