Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(508)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: Rip out TB key lookup from SSLClientSocketOpenSSL; fold TokenBindingExtension class into SSLClientS… Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/common/pref_names.cc ('K') | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_openssl.h » ('j') | net/socket/ssl_client_socket_openssl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket.cc
diff --git a/net/socket/ssl_client_socket.cc b/net/socket/ssl_client_socket.cc
index 3472fd023f2aae650c253a8212de8c533dbc5c55..10a7584b19da6ffa61b04fd6340fa87d645dce41 100644
--- a/net/socket/ssl_client_socket.cc
+++ b/net/socket/ssl_client_socket.cc
@@ -155,6 +155,35 @@ void SSLClientSocket::RecordChannelIDSupport(
}
// static
+void SSLClientSocket::RecordTokenBindingSupport(
+ const SSLConfig& ssl_config,
+ ChannelIDService* channel_id_service,
davidben 2015/10/15 21:52:08 Since TB won't touch ChannelIDService from SSLClie
nharper 2015/10/20 22:52:18 Gone.
+ bool negotiated_token_binding) {
+ // This enum is used for UMA histograms - do not remove or change any values.
+ enum {
+ DISABLED = 0,
+ CLIENT_ONLY = 1,
+ CLIENT_AND_SERVER = 2,
+ CLIENT_NO_ECC = 3,
+ CLIENT_NO_CHANNEL_ID_SERVICE = 4,
+ TOKEN_BINDING_USAGE_MAX
+ } supported = DISABLED;
+ if (negotiated_token_binding) {
+ supported = CLIENT_AND_SERVER;
+ } else if (IsTokenBindingEnabled(ssl_config, channel_id_service)) {
+ if (!channel_id_service) {
+ supported = CLIENT_NO_CHANNEL_ID_SERVICE;
+ } else if (!crypto::ECPrivateKey::IsSupported()) {
davidben 2015/10/15 21:52:08 Oh! I'll go ahead and unwind that code. (https://c
+ supported = CLIENT_NO_ECC;
+ } else {
+ supported = CLIENT_ONLY;
+ }
+ }
+ UMA_HISTOGRAM_ENUMERATION("TokenBinding.Support", supported,
+ TOKEN_BINDING_USAGE_MAX);
+}
+
+// static
bool SSLClientSocket::IsChannelIDEnabled(
const SSLConfig& ssl_config,
ChannelIDService* channel_id_service) {
@@ -172,6 +201,17 @@ bool SSLClientSocket::IsChannelIDEnabled(
}
// static
+bool SSLClientSocket::IsTokenBindingEnabled(
+ const SSLConfig& ssl_config,
+ ChannelIDService* channel_id_service) {
davidben 2015/10/15 21:52:08 Ditto re ChannelIDService not being involved.
nharper 2015/10/20 22:52:18 This method is now gone.
+ if (ssl_config.token_binding_params.size() != 1 ||
+ ssl_config.token_binding_params[0] != TB_PARAM_ECDSAP256_SHA256) {
+ return false;
+ }
+ return IsChannelIDEnabled(ssl_config, channel_id_service);
davidben 2015/10/15 21:52:08 (This doesn't really make sense anyway since TB ma
+}
+
+// static
bool SSLClientSocket::HasCipherAdequateForHTTP2(
const std::vector<uint16>& cipher_suites) {
for (uint16 cipher : cipher_suites) {
« chrome/common/pref_names.cc ('K') | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_openssl.h » ('j') | net/socket/ssl_client_socket_openssl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698