Set Token-Binding HTTP header

net/http/http_network_transaction.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <set>
 #include <utility>
 #include <vector>
 
+#include "base/base64url.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/format_macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/stl_util.h"
@@ skipping 34 matching lines @@
 #include "net/socket/socks_client_socket_pool.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/ssl_client_socket_pool.h"
 #include "net/socket/transport_client_socket_pool.h"
 #include "net/spdy/spdy_http_stream.h"
 #include "net/spdy/spdy_session.h"
 #include "net/spdy/spdy_session_pool.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_private_key.h"
+#include "net/ssl/token_binding.h"
 #include "url/gurl.h"
 #include "url/url_canon.h"
 
 namespace net {
 
 namespace {
 
 void ProcessAlternativeServices(HttpNetworkSession* session,
                                 const HttpResponseHeaders& headers,
                                 const HostPortPair& http_host_port_pair) {
@@ skipping 119 matching lines @@
     proxy_ssl_config_.rev_checking_enabled = false;
   }
 
   if (request_->load_flags & LOAD_PREFETCH)
     response_.unused_since_prefetch = true;
 
   // Channel ID is disabled if privacy mode is enabled for this request.
   if (request_->privacy_mode == PRIVACY_MODE_ENABLED)
     server_ssl_config_.channel_id_enabled = false;
 
+  if (session_->params().enable_token_binding &&
+      session_->params().channel_id_service) {
+    server_ssl_config_.token_binding_params.push_back(TB_PARAM_ECDSAP256);
+  }
+
   next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM;
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)
     callback_ = callback;
   return rv;
 }
 
 int HttpNetworkTransaction::RestartIgnoringLastError(
     const CompletionCallback& callback) {
   DCHECK(!stream_.get());
@@ skipping 418 matching lines @@
 
 void HttpNetworkTransaction::GetConnectionAttempts(
     ConnectionAttempts* out) const {
   *out = connection_attempts_;
 }
 
 bool HttpNetworkTransaction::IsSecureRequest() const {
   return request_->url.SchemeIsCryptographic();
 }
 
+bool HttpNetworkTransaction::IsTokenBindingEnabled() const {
+  if (!IsSecureRequest())
+    return false;
+  SSLInfo ssl_info;
+  stream_->GetSSLInfo(&ssl_info);
+  if (!ssl_info.token_binding_negotiated)
+    return false;
+  if (ssl_info.token_binding_key_param != TB_PARAM_ECDSAP256)
+    return false;
+  if (!session_->params().channel_id_service)
+    return false;
+  return true;

[davidben, 2016/01/22 00:19:20]

Nit: You could also just write

  return ssl_info.token_binding_negotiated &&
         ssl_info.token_binding_key_param == TB_PARAM_ECDSAP256 &&
         session_->params().channel_id_service;

(Alternatively, it's not actually possible for token_binding_negotiated to be
true and the others false, right? Could also just DCHECK the rest.)

[nharper, 2016/01/22 19:36:51]

If there's a bug in the code elsewhere, it's possible for
session_->params().channel_id_service to be null and still have
token_binding_negotiated true. (That is to say, a channel_id_service is not
needed to negotiated token binding.)

token_binding_key_param could be DCHECK'd if token_binding_negotiated is true,
but that makes things complicated (and if the DCHECK fails, it would still need
to return the correct false in non-debug builds). I think the return statement
you wrote is the cleanest.

+}
+
+void HttpNetworkTransaction::RecordTokenBindingSupport() const {
+  enum {
+    DISABLED = 0,
+    CLIENT_ONLY = 1,
+    CLIENT_AND_SERVER = 2,
+    CLIENT_NO_CHANNEL_ID_SERVICE = 3,
+    TOKEN_BINDING_SUPPORT_MAX
+  } supported;
+  if (!IsSecureRequest())
+    return;
+  SSLInfo ssl_info;
+  stream_->GetSSLInfo(&ssl_info);
+  if (!session_->params().enable_token_binding) {
+    supported = DISABLED;
+  } else if (!session_->params().channel_id_service) {
+    supported = CLIENT_NO_CHANNEL_ID_SERVICE;
+  } else if (ssl_info.token_binding_negotiated) {
+    supported = CLIENT_AND_SERVER;
+  } else {
+    supported = CLIENT_ONLY;
+  }
+  UMA_HISTOGRAM_ENUMERATION("Net.TokenBinding.Support", supported,
+                            TOKEN_BINDING_SUPPORT_MAX);
+}
+
 bool HttpNetworkTransaction::UsingHttpProxyWithoutTunnel() const {
   return (proxy_info_.is_http() || proxy_info_.is_https() ||
           proxy_info_.is_quic()) &&
          !(request_->url.SchemeIs("https") || request_->url.SchemeIsWSOrWSS());
 }
 
 void HttpNetworkTransaction::DoCallback(int rv) {
   DCHECK_NE(rv, ERR_IO_PENDING);
   DCHECK(!callback_.is_null());
 
@@ skipping 42 matching lines @@
       case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
         rv = DoGenerateProxyAuthTokenComplete(rv);
         break;
       case STATE_GENERATE_SERVER_AUTH_TOKEN:
         DCHECK_EQ(OK, rv);
         rv = DoGenerateServerAuthToken();
         break;
       case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
         rv = DoGenerateServerAuthTokenComplete(rv);
         break;
+      case STATE_GET_TOKEN_BINDING_KEY:
+        DCHECK_EQ(OK, rv);
+        rv = DoGetTokenBindingKey();
+        break;
+      case STATE_GET_TOKEN_BINDING_KEY_COMPLETE:
+        rv = DoGetTokenBindingKeyComplete(rv);
+        break;
       case STATE_INIT_REQUEST_BODY:
         DCHECK_EQ(OK, rv);
         rv = DoInitRequestBody();
         break;
       case STATE_INIT_REQUEST_BODY_COMPLETE:
         rv = DoInitRequestBodyComplete(rv);
         break;
       case STATE_BUILD_REQUEST:
         DCHECK_EQ(OK, rv);
         net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST);
@@ skipping 195 matching lines @@
   if (!ShouldApplyServerAuth())
     return OK;
   return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
                                                            io_callback_,
                                                            net_log_);
 }
 
 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) {
   DCHECK_NE(ERR_IO_PENDING, rv);
   if (rv == OK)
-    next_state_ = STATE_INIT_REQUEST_BODY;
+    next_state_ = STATE_GET_TOKEN_BINDING_KEY;
   return rv;
 }
 
-void HttpNetworkTransaction::BuildRequestHeaders(
+int HttpNetworkTransaction::DoGetTokenBindingKey() {
+  next_state_ = STATE_GET_TOKEN_BINDING_KEY_COMPLETE;
+  if (!IsTokenBindingEnabled())
+    return OK;
+
+  net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY);
+  ChannelIDService* channel_id_service = session_->params().channel_id_service;
+  return channel_id_service->GetOrCreateChannelID(
+      request_->url.host(), &token_binding_key_, io_callback_,
+      &token_binding_request_);
+}
+
+int HttpNetworkTransaction::DoGetTokenBindingKeyComplete(int rv) {
+  DCHECK_NE(ERR_IO_PENDING, rv);
+  next_state_ = STATE_INIT_REQUEST_BODY;
+  if (!IsTokenBindingEnabled())
+    return OK;
+
+  if (rv == OK && !token_binding_key_)
+    rv = ERR_CHANNEL_ID_IMPORT_FAILED;

[davidben, 2016/01/22 00:19:20]

Pfft. Apparently this dates to
https://codereview.chromium.org/338093012/diff/60001/net/socket/ssl_client_so...
which is my fault. And then yours in
https://codereview.chromium.org/1076063002

Originally, the key would come out as a string rather than an ECPrivateKey.
Let's ditch it here and we also land
https://codereview.chromium.org/1615943003/.

[nharper, 2016/01/22 19:36:51]

This statement is now removed.

+
+  net_log_.EndEventWithNetErrorCode(
+      NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv);
+  return rv;
+}
+
+int HttpNetworkTransaction::BuildRequestHeaders(
     bool using_http_proxy_without_tunnel) {
   request_headers_.SetHeader(HttpRequestHeaders::kHost,
                              GetHostAndOptionalPort(request_->url));
 
   // For compat with HTTP/1.0 servers and proxies:
   if (using_http_proxy_without_tunnel) {
     request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection,
                                "keep-alive");
   } else {
     request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive");
@@ skipping 12 matching lines @@
   } else if (request_->method == "POST" || request_->method == "PUT") {
     // An empty POST/PUT request still needs a content length.  As for HEAD,
     // IE and Safari also add a content length header.  Presumably it is to
     // support sending a HEAD request to an URL that only expects to be sent a
     // POST or some other method that normally would have a message body.
     // Firefox (40.0) does not send the header, and RFC 7230 & 7231
     // specify that it should not be sent due to undefined behavior.
     request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0");
   }
 
+  RecordTokenBindingSupport();
+  if (token_binding_key_) {
+    std::string token_binding_header;
+    int rv = BuildTokenBindingHeader(&token_binding_header);
+    if (rv != OK)
+      return rv;
+    request_headers_.SetHeader(HttpRequestHeaders::kTokenBinding,
+                               token_binding_header);
+  }
+
   // Honor load flags that impact proxy caches.
   if (request_->load_flags & LOAD_BYPASS_CACHE) {
     request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache");
     request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache");
   } else if (request_->load_flags & LOAD_VALIDATE_CACHE) {
     request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0");
   }
 
   if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY))
     auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader(
         &request_headers_);
   if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER))
     auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader(
         &request_headers_);
 
   request_headers_.MergeFrom(request_->extra_headers);
 
   if (using_http_proxy_without_tunnel &&
       !before_proxy_headers_sent_callback_.is_null())
     before_proxy_headers_sent_callback_.Run(proxy_info_, &request_headers_);
 
   response_.did_use_http_auth =
       request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) ||
       request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization);
+  return OK;
+}
+
+int HttpNetworkTransaction::BuildTokenBindingHeader(std::string* out) {
+  std::vector<uint8_t> signed_ekm;
+  int rv = stream_->GetSignedEKMForTokenBinding(token_binding_key_.get(),
+                                                &signed_ekm);
+  if (rv != OK)
+    return rv;
+  std::string provided_token_binding;
+  rv = BuildProvidedTokenBinding(token_binding_key_.get(), signed_ekm,
+                                 &provided_token_binding);
+  if (rv != OK)
+    return rv;
+  std::vector<base::StringPiece> token_bindings;
+  token_bindings.push_back(provided_token_binding);
+  std::string header;
+  rv = BuildTokenBindingMessageFromTokenBindings(token_bindings, &header);

[davidben, 2016/01/22 00:19:20]

You could probably fold this and BuildProvidedTokenBinding into one function.
Save a copy even. Or do you expect the other TB types to want them decomposed?

[nharper, 2016/01/22 19:36:52]

Once we support the federated use case (i.e. referred token bindings), we'll
need to call BuildTokenBindingMessageFromTokenBindings with a vector that has
both the provided and referred token bindings.

+  if (rv != OK)
+    return rv;
+  base::Base64UrlEncode(header, base::Base64UrlEncodePolicy::INCLUDE_PADDING,
+                        out);
+  return OK;
 }
 
 int HttpNetworkTransaction::DoInitRequestBody() {
   next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE;
   int rv = OK;
   if (request_->upload_data_stream)
     rv = request_->upload_data_stream->Init(io_callback_);
   return rv;
 }
 
 int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) {
   if (result == OK)
     next_state_ = STATE_BUILD_REQUEST;
   return result;
 }
 
 int HttpNetworkTransaction::DoBuildRequest() {
   next_state_ = STATE_BUILD_REQUEST_COMPLETE;
   headers_valid_ = false;
 
   // This is constructed lazily (instead of within our Start method), so that
   // we have proxy info available.
   if (request_headers_.IsEmpty()) {
     bool using_http_proxy_without_tunnel = UsingHttpProxyWithoutTunnel();
-    BuildRequestHeaders(using_http_proxy_without_tunnel);
+    return BuildRequestHeaders(using_http_proxy_without_tunnel);
   }
 
   return OK;
 }
 
 int HttpNetworkTransaction::DoBuildRequestComplete(int result) {
   if (result == OK)
     next_state_ = STATE_SEND_REQUEST;
   return result;
 }
@@ skipping 464 matching lines @@
   pending_auth_target_ = HttpAuth::AUTH_NONE;
   read_buf_ = NULL;
   read_buf_len_ = 0;
   headers_valid_ = false;
   request_headers_.Clear();
   response_ = HttpResponseInfo();
   establishing_tunnel_ = false;
   remote_endpoint_ = IPEndPoint();
   net_error_details_.quic_broken = false;
   net_error_details_.quic_connection_error = QUIC_NO_ERROR;
+  token_binding_key_.reset();
 }
 
 void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() {
   if (stream_)
     stream_->PopulateNetErrorDetails(&net_error_details_);
   stream_.reset();
 }
 
 void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) {
   if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK)
@@ skipping 210 matching lines @@
   DCHECK(stream_request_);
 
   // Since the transaction can restart with auth credentials, it may create a
   // stream more than once. Accumulate all of the connection attempts across
   // those streams by appending them to the vector:
   for (const auto& attempt : stream_request_->connection_attempts())
     connection_attempts_.push_back(attempt);
 }
 
 }  // namespace net