Implement Token Binding negotiation TLS extension

net/socket/ssl_client_socket_openssl.h

Index: net/socket/ssl_client_socket_openssl.h
diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
index 228214b42d6e2f5b925050f976a5a8274c0171c2..1aa95af8e548bece35c5ad353a7d6b54642ac4ff 100644
--- a/net/socket/ssl_client_socket_openssl.h
+++ b/net/socket/ssl_client_socket_openssl.h
@@ -6,6 +6,7 @@
 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
 
 #include <openssl/base.h>
+#include <openssl/bytestring.h>

[davidben, 2015/10/15 21:52:09]

Not needed. (Actually base.h will forward-declare everything anyway. ssl.h is
only here because there's some enum and those can't be forward-declared.)

[nharper, 2015/10/20 22:52:19]

Done.

 #include <openssl/ssl.h>
 
 #include <string>
@@ -205,6 +206,35 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
   void OnPrivateKeySignComplete(Error error,
                                 const std::vector<uint8_t>& signature);
 
+  // Token Binding Extension callbacks. RegisterTokenBidningExtensionCallbacks

[davidben, 2015/10/15 21:52:09]

Bidning -> Binding

[nharper, 2015/10/20 22:52:19]

Done.

+  // sets the following static methods as the callbacks for the boringssl custom
+  // extension API. The Add and Parse callbacks are wrappers around the instance
+  // methods; The Free callback is a wrapper around OPENSSL_free.
+  static bool RegisterTokenBindingExtensionCallbacks(SSL_CTX* ssl_ctx);
+  static int TokenBindingAddCallback(SSL* ssl,
+                                     unsigned int extension_value,
+                                     const uint8_t** out,
+                                     size_t* out_len,
+                                     int* out_alert_value,
+                                     void* add_arg);
+  static void TokenBindingFreeCallback(SSL* ssl,
+                                       unsigned int extension_value,
+                                       const uint8_t* out,
+                                       void* add_arg);
+  static int TokenBindingParseCallback(SSL* ssl,
+                                       unsigned int extension_value,
+                                       const uint8_t* contents,
+                                       size_t contents_len,
+                                       int* out_alert_value,
+                                       void* parse_arg);
+
+  int TokenBindingAdd(const uint8_t** out,
+                      size_t* out_len,
+                      int* out_alert_value);
+  int TokenBindingParse(const uint8_t* contents,
+                        size_t contents_len,
+                        int* out_alert_value);
+
   bool transport_send_busy_;
   bool transport_recv_busy_;
 
@@ -276,6 +306,8 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
 
   // The service for retrieving Channel ID keys.  May be NULL.
   ChannelIDService* channel_id_service_;
+  bool tb_was_negotiated_;
+  TokenBindingParam tb_negotiated_param_;
 
   // OpenSSL stuff
   SSL* ssl_;