Set Token-Binding HTTP header

net/http/http_network_transaction.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <set>
 #include <vector>
 
+#include "base/base64.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/format_macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/stl_util.h"
@@ skipping 33 matching lines @@
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/socks_client_socket_pool.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/ssl_client_socket_pool.h"
 #include "net/socket/transport_client_socket_pool.h"
 #include "net/spdy/spdy_http_stream.h"
 #include "net/spdy/spdy_session.h"
 #include "net/spdy/spdy_session_pool.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_connection_status_flags.h"
+#include "net/ssl/token_binding.h"
 #include "url/gurl.h"
 #include "url/url_canon.h"
 
 namespace net {
 
 namespace {
 
 void ProcessAlternativeServices(HttpNetworkSession* session,
                                 const HttpResponseHeaders& headers,
                                 const HostPortPair& http_host_port_pair) {
@@ skipping 118 matching lines @@
     proxy_ssl_config_.rev_checking_enabled = false;
   }
 
   if (request_->load_flags & LOAD_PREFETCH)
     response_.unused_since_prefetch = true;
 
   // Channel ID is disabled if privacy mode is enabled for this request.
   if (request_->privacy_mode == PRIVACY_MODE_ENABLED)
     server_ssl_config_.channel_id_enabled = false;
 
+  if (session_->params().enable_token_binding &&
+      session_->params().channel_id_service) {
+    server_ssl_config_.token_binding_params.push_back(TB_PARAM_ECDSAP256);
+  }
+
   next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM;
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)
     callback_ = callback;
   return rv;
 }
 
 int HttpNetworkTransaction::RestartIgnoringLastError(
     const CompletionCallback& callback) {
   DCHECK(!stream_.get());
@@ skipping 396 matching lines @@
 
 void HttpNetworkTransaction::GetConnectionAttempts(
     ConnectionAttempts* out) const {
   *out = connection_attempts_;
 }
 
 bool HttpNetworkTransaction::IsSecureRequest() const {
   return request_->url.SchemeIsCryptographic();
 }
 
+bool HttpNetworkTransaction::IsTokenBindingEnabled() const {
+  if (!IsSecureRequest())
+    return false;
+  SSLInfo ssl_info;
+  stream_->GetSSLInfo(&ssl_info);
+  if (!ssl_info.token_binding_negotiated)
+    return false;
+  if (ssl_info.token_binding_key_param != TB_PARAM_ECDSAP256)
+    return false;
+  if (!session_->params().channel_id_service)
+    return false;
+  return true;
+}
+
+void HttpNetworkTransaction::RecordTokenBindingSupport() const {
+  enum {
+    DISABLED = 0,
+    CLIENT_ONLY = 1,
+    CLIENT_AND_SERVER = 2,
+    CLIENT_NO_CHANNEL_ID_SERVICE = 3,
+    UNSUPPORTED_KEY_PARAM = 4,
+    TOKEN_BINDING_SUPPORT_MAX
+  } supported;
+  if (!IsSecureRequest())
+    return;
+  SSLInfo ssl_info;
+  stream_->GetSSLInfo(&ssl_info);
+  if (!session_->params().enable_token_binding) {
+    supported = DISABLED;
+  } else if (!session_->params().channel_id_service) {
+    supported = CLIENT_NO_CHANNEL_ID_SERVICE;
+  } else if (ssl_info.token_binding_key_param != TB_PARAM_ECDSAP256) {
+    supported = UNSUPPORTED_KEY_PARAM;

[davidben, 2015/11/18 20:49:00]

This can never happen, no? You'll only negotiate the ones you set up in line
205. Also probably bad to look at this before the bool below.

[nharper, 2015/12/04 01:42:19]

My thought here was if the server can negotiate token binding, but not with a
key param that we support, then record it here. Clearly that doesn't work. The
easier thing to do is drop UNSUPPORTED_KEY_PARAM from this enum altogether;
otherwise I'll need to plumb more info up into SSLInfo to expose what happened
in the extension at the ssl layer.

I've removed UNSUPPORTED_KEY_PARAM for now.

+  } else if (ssl_info.token_binding_negotiated) {
+    supported = CLIENT_AND_SERVER;
+  } else {
+    supported = CLIENT_ONLY;
+  }
+  UMA_HISTOGRAM_ENUMERATION("TokenBinding.Support", supported,
+                            TOKEN_BINDING_SUPPORT_MAX);
+}
+
 bool HttpNetworkTransaction::UsingHttpProxyWithoutTunnel() const {
   return (proxy_info_.is_http() || proxy_info_.is_https() ||
           proxy_info_.is_quic()) &&
          !(request_->url.SchemeIs("https") || request_->url.SchemeIsWSOrWSS());
 }
 
 void HttpNetworkTransaction::DoCallback(int rv) {
   DCHECK_NE(rv, ERR_IO_PENDING);
   DCHECK(!callback_.is_null());
 
@@ skipping 42 matching lines @@
       case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
         rv = DoGenerateProxyAuthTokenComplete(rv);
         break;
       case STATE_GENERATE_SERVER_AUTH_TOKEN:
         DCHECK_EQ(OK, rv);
         rv = DoGenerateServerAuthToken();
         break;
       case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
         rv = DoGenerateServerAuthTokenComplete(rv);
         break;
+      case STATE_GET_TOKEN_BINDING_KEY:
+        DCHECK_EQ(OK, rv);
+        rv = DoGetTokenBindingKey();
+        break;
+      case STATE_GET_TOKEN_BINDING_KEY_COMPLETE:
+        rv = DoGetTokenBindingKeyComplete(rv);
+        break;
       case STATE_INIT_REQUEST_BODY:
         DCHECK_EQ(OK, rv);
         rv = DoInitRequestBody();
         break;
       case STATE_INIT_REQUEST_BODY_COMPLETE:
         rv = DoInitRequestBodyComplete(rv);
         break;
       case STATE_BUILD_REQUEST:
         DCHECK_EQ(OK, rv);
         net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST);
@@ skipping 195 matching lines @@
   if (!ShouldApplyServerAuth())
     return OK;
   return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
                                                            io_callback_,
                                                            net_log_);
 }
 
 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) {
   DCHECK_NE(ERR_IO_PENDING, rv);
   if (rv == OK)
-    next_state_ = STATE_INIT_REQUEST_BODY;
+    next_state_ = STATE_GET_TOKEN_BINDING_KEY;
   return rv;
 }
 
+int HttpNetworkTransaction::DoGetTokenBindingKey() {
+  next_state_ = STATE_GET_TOKEN_BINDING_KEY_COMPLETE;
+  if (!IsTokenBindingEnabled())
+    return OK;
+
+  net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY);
+  ChannelIDService* channel_id_service = session_->params().channel_id_service;
+  return channel_id_service->GetOrCreateChannelID(
+      request_->url.host(), &token_binding_key_,
+      base::Bind(&HttpNetworkTransaction::OnIOComplete, base::Unretained(this)),

[davidben, 2015/11/18 20:49:00]

io_callback_

[nharper, 2015/12/04 01:42:19]

Done.

+      &token_binding_request_);
+}
+
+int HttpNetworkTransaction::DoGetTokenBindingKeyComplete(int rv) {
+  DCHECK_NE(ERR_IO_PENDING, rv);
+  next_state_ = STATE_INIT_REQUEST_BODY;
+  if (!IsTokenBindingEnabled())
+    return OK;
+
+  if (rv == OK && !token_binding_key_)
+    rv = ERR_CHANNEL_ID_IMPORT_FAILED;

[davidben, 2015/11/18 20:49:00]

Is this possible?

[nharper, 2015/12/04 01:42:19]

I can't see how this would be possible (GetOrCreateChannelID's documentation
indicates that token_binding_key_ will be filled if it returns success), but
SSLClientSocketOpenSSL has a similar check when looking up the channel ID key.

+
+  net_log_.EndEventWithNetErrorCode(
+      NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv);
+  return rv;
+}
+
 void HttpNetworkTransaction::BuildRequestHeaders(
     bool using_http_proxy_without_tunnel) {
   request_headers_.SetHeader(HttpRequestHeaders::kHost,
                              GetHostAndOptionalPort(request_->url));
 
   // For compat with HTTP/1.0 servers and proxies:
   if (using_http_proxy_without_tunnel) {
     request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection,
                                "keep-alive");
   } else {
@@ skipping 13 matching lines @@
   } else if (request_->method == "POST" || request_->method == "PUT") {
     // An empty POST/PUT request still needs a content length.  As for HEAD,
     // IE and Safari also add a content length header.  Presumably it is to
     // support sending a HEAD request to an URL that only expects to be sent a
     // POST or some other method that normally would have a message body.
     // Firefox (40.0) does not send the header, and RFC 7230 & 7231
     // specify that it should not be sent due to undefined behavior.
     request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0");
   }
 
+  RecordTokenBindingSupport();
+  if (token_binding_key_) {

[davidben, 2015/11/18 20:49:00]

An HttpNetworkSession may run through a request multiple times (see
ResetStateForRestart). The server may change its mind on whether to negotiate TB
or whatever. You should probably reset everything in ResetStateForRestart,
otherwise this check is invalid and some other stuff might be weird.

[nharper, 2015/12/04 01:42:19]

Done.

+    std::string token_binding_header = BuildTokenBindingHeader();
+    if (token_binding_header != "") {
+      request_headers_.SetHeader(HttpRequestHeaders::kTokenBinding,
+                                 token_binding_header);
+    }
+  }
+
   // Honor load flags that impact proxy caches.
   if (request_->load_flags & LOAD_BYPASS_CACHE) {
     request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache");
     request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache");
   } else if (request_->load_flags & LOAD_VALIDATE_CACHE) {
     request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0");
   }
 
   if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY))
     auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader(
         &request_headers_);
   if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER))
     auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader(
         &request_headers_);
 
   request_headers_.MergeFrom(request_->extra_headers);
 
   if (using_http_proxy_without_tunnel &&
       !before_proxy_headers_sent_callback_.is_null())
     before_proxy_headers_sent_callback_.Run(proxy_info_, &request_headers_);
 
   response_.did_use_http_auth =
       request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) ||
       request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization);
 }
 
+std::string HttpNetworkTransaction::BuildTokenBindingHeader() {
+  std::string provided_token_binding;
+  int rv = stream_->GetProvidedTokenBindingWithKey(token_binding_key_,
+                                                   &provided_token_binding);
+  if (rv != OK)
+    return "";

[davidben, 2015/11/18 20:49:00]

If this or below fails, it should probably be fatal to the connection.

[nharper, 2015/12/04 01:42:19]

Done.

+  std::vector<std::string> token_bindings;
+  token_bindings.push_back(provided_token_binding);
+  std::string header;
+  rv = BuildTokenBindingMessageFromTokenBindings(token_bindings, &header);
+  if (rv != OK)
+    return "";
+  std::string base64_header;
+  base::Base64Encode(header, &base64_header);
+  base::ReplaceChars(base64_header, "+", "-", &base64_header);
+  base::ReplaceChars(base64_header, "/", "_", &base64_header);

[davidben, 2015/11/18 20:49:00]

base/base64url.h

[nharper, 2015/12/04 01:42:19]

Done.

+  return base64_header;
+}
+
 int HttpNetworkTransaction::DoInitRequestBody() {
   next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE;
   int rv = OK;
   if (request_->upload_data_stream)
     rv = request_->upload_data_stream->Init(io_callback_);
   return rv;
 }
 
 int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) {
   if (result == OK)
@@ skipping 706 matching lines @@
   DCHECK(stream_request_);
 
   // Since the transaction can restart with auth credentials, it may create a
   // stream more than once. Accumulate all of the connection attempts across
   // those streams by appending them to the vector:
   for (const auto& attempt : stream_request_->connection_attempts())
     connection_attempts_.push_back(attempt);
 }
 
 }  // namespace net