Set Token-Binding HTTP header

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <errno.h>
@@ skipping 479 matching lines @@
       transport_read_error_(OK),
       transport_write_error_(OK),
       server_cert_chain_(new PeerCertificateChain(NULL)),
       completed_connect_(false),
       was_ever_used_(false),
       cert_verifier_(context.cert_verifier),
       cert_transparency_verifier_(context.cert_transparency_verifier),
       channel_id_service_(context.channel_id_service),
       tb_was_negotiated_(false),
       tb_negotiated_param_(TB_PARAM_ECDSAP256),
+      tb_signed_ekm_map_(SignedEkmMap::NO_AUTO_EVICT),

[davidben, 2015/11/18 20:49:00]

With NO_AUTO_EVICT and no explicit evictions, this means we're not actually
using the MRU-ness, right? Seems we'd want to just set a fairly conservative one
and leave it at that.

[nharper, 2015/12/04 01:42:20]

Correct. I've changed it to 10.

       ssl_(NULL),
       transport_bio_(NULL),
       transport_(transport_socket.Pass()),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
       next_handshake_state_(STATE_NONE),
       disconnected_(false),
       npn_status_(kNextProtoUnsupported),
       channel_id_sent_(false),
@@ skipping 35 matching lines @@
     std::string* proto) const {
   *proto = npn_proto_;
   return npn_status_;
 }
 
 ChannelIDService*
 SSLClientSocketOpenSSL::GetChannelIDService() const {
   return channel_id_service_;
 }
 
+int SSLClientSocketOpenSSL::GetSignedEKMForTokenBinding(
+    crypto::ECPrivateKey* key,
+    std::vector<uint8_t>* out) {

[davidben, 2015/11/18 20:49:00]

I think this deserves a comment like:

  // The same key will be asserted for multiple requests, so look up a
  // signature in the cache first.

[nharper, 2015/12/04 01:42:20]

Done.

+  std::string raw_public_key;
+  if (!key->ExportRawPublicKey(&raw_public_key))
+    return ERR_FAILED;
+  SignedEkmMap::iterator it = tb_signed_ekm_map_.Get(raw_public_key);
+  if (it != tb_signed_ekm_map_.end()) {
+    *out = it->second;
+    return OK;
+  }

[davidben, 2015/11/18 20:49:00]

Nit: Newline here, probably.

[nharper, 2015/12/04 01:42:20]

Done.

+  size_t tb_ekm_size = 32;
+  uint8_t tb_ekm_buf[32];
+  const char tb_ekm_label[] = "EXPORTER-Token-Binding";

[davidben, 2015/11/18 20:49:00]

Nit: static const char kTbEkmLabel[]. Or maybe kTokenBindingEkmLabel[] or even
kTokenBindingExporterLabel[] to cut down on abbreviation soup?

[nharper, 2015/12/04 01:42:20]

Done.

+  // The EKM label as specified does not include a null terminating byte.
+  // Calling arraysize on a char array includes the null terminator in the
+  // length, so subtract 1 to account for that.
+  size_t ekm_label_length = arraysize(tb_ekm_label) - 1;

[davidben, 2015/11/18 20:49:00]

Rather than that long comment, how about just using strlen? I'm sure the
compiler will be smart enough to avoid the function call.

[nharper, 2015/12/04 01:42:20]

I forgot about strlen. Done.

+  if (!SSL_export_keying_material(ssl_, tb_ekm_buf, tb_ekm_size, tb_ekm_label,
+                                  ekm_label_length, nullptr, 0, false)) {
+    return ERR_FAILED;
+  }
+
+  size_t sig_len;
+  crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(key->key(), nullptr));
+  if (!EVP_PKEY_sign_init(pctx.get()) ||
+      !EVP_PKEY_sign(pctx.get(), nullptr, &sig_len, tb_ekm_buf, tb_ekm_size)) {
+    return ERR_FAILED;
+  }
+  out->resize(sig_len);
+  if (!EVP_PKEY_sign(pctx.get(), &out->front(), &sig_len, tb_ekm_buf,

[davidben, 2015/11/18 20:49:00]

vector_as_array(out) from base/stl_util.h, very soon to be replaced with
out->data().

[nharper, 2015/12/04 01:42:20]

Done.

+                     tb_ekm_size)) {
+    return ERR_FAILED;
+  }
+  out->resize(sig_len);
+  tb_signed_ekm_map_.Put(raw_public_key, *out);
+  return OK;
+}
+
 SSLFailureState SSLClientSocketOpenSSL::GetSSLFailureState() const {
   return ssl_failure_state_;
 }
 
 int SSLClientSocketOpenSSL::ExportKeyingMaterial(
     const base::StringPiece& label,
     bool has_context, const base::StringPiece& context,
     unsigned char* out, unsigned int outlen) {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
@@ skipping 1746 matching lines @@
       tb_was_negotiated_ = true;
       return 1;
     }
   }
 
   *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
   return 0;
 }
 
 }  // namespace net