| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 508 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 519 transport_read_error_(OK), | 519 transport_read_error_(OK), |
| 520 transport_write_error_(OK), | 520 transport_write_error_(OK), |
| 521 server_cert_chain_(new PeerCertificateChain(NULL)), | 521 server_cert_chain_(new PeerCertificateChain(NULL)), |
| 522 completed_connect_(false), | 522 completed_connect_(false), |
| 523 was_ever_used_(false), | 523 was_ever_used_(false), |
| 524 cert_verifier_(context.cert_verifier), | 524 cert_verifier_(context.cert_verifier), |
| 525 cert_transparency_verifier_(context.cert_transparency_verifier), | 525 cert_transparency_verifier_(context.cert_transparency_verifier), |
| 526 channel_id_service_(context.channel_id_service), | 526 channel_id_service_(context.channel_id_service), |
| 527 tb_was_negotiated_(false), | 527 tb_was_negotiated_(false), |
| 528 tb_negotiated_param_(TB_PARAM_ECDSAP256), | 528 tb_negotiated_param_(TB_PARAM_ECDSAP256), |
| 529 tb_signed_ekm_map_(10), |
| 529 ssl_(NULL), | 530 ssl_(NULL), |
| 530 transport_bio_(NULL), | 531 transport_bio_(NULL), |
| 531 transport_(std::move(transport_socket)), | 532 transport_(std::move(transport_socket)), |
| 532 host_and_port_(host_and_port), | 533 host_and_port_(host_and_port), |
| 533 ssl_config_(ssl_config), | 534 ssl_config_(ssl_config), |
| 534 ssl_session_cache_shard_(context.ssl_session_cache_shard), | 535 ssl_session_cache_shard_(context.ssl_session_cache_shard), |
| 535 next_handshake_state_(STATE_NONE), | 536 next_handshake_state_(STATE_NONE), |
| 536 disconnected_(false), | 537 disconnected_(false), |
| 537 npn_status_(kNextProtoUnsupported), | 538 npn_status_(kNextProtoUnsupported), |
| 538 channel_id_sent_(false), | 539 channel_id_sent_(false), |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 570 std::string* proto) const { | 571 std::string* proto) const { |
| 571 *proto = npn_proto_; | 572 *proto = npn_proto_; |
| 572 return npn_status_; | 573 return npn_status_; |
| 573 } | 574 } |
| 574 | 575 |
| 575 ChannelIDService* | 576 ChannelIDService* |
| 576 SSLClientSocketOpenSSL::GetChannelIDService() const { | 577 SSLClientSocketOpenSSL::GetChannelIDService() const { |
| 577 return channel_id_service_; | 578 return channel_id_service_; |
| 578 } | 579 } |
| 579 | 580 |
| 581 Error SSLClientSocketOpenSSL::GetSignedEKMForTokenBinding( |
| 582 crypto::ECPrivateKey* key, |
| 583 std::vector<uint8_t>* out) { |
| 584 // The same key will be used across multiple requests to sign the same value, |
| 585 // so the signature is cached. |
| 586 std::string raw_public_key; |
| 587 if (!key->ExportRawPublicKey(&raw_public_key)) |
| 588 return ERR_FAILED; |
| 589 SignedEkmMap::iterator it = tb_signed_ekm_map_.Get(raw_public_key); |
| 590 if (it != tb_signed_ekm_map_.end()) { |
| 591 *out = it->second; |
| 592 return OK; |
| 593 } |
| 594 |
| 595 uint8_t tb_ekm_buf[32]; |
| 596 static const char kTokenBindingExporterLabel[] = "EXPORTER-Token-Binding"; |
| 597 if (!SSL_export_keying_material(ssl_, tb_ekm_buf, sizeof(tb_ekm_buf), |
| 598 kTokenBindingExporterLabel, |
| 599 strlen(kTokenBindingExporterLabel), nullptr, |
| 600 0, false /* no context */)) { |
| 601 return ERR_FAILED; |
| 602 } |
| 603 |
| 604 size_t sig_len; |
| 605 crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(key->key(), nullptr)); |
| 606 if (!EVP_PKEY_sign_init(pctx.get()) || |
| 607 !EVP_PKEY_sign(pctx.get(), nullptr, &sig_len, tb_ekm_buf, |
| 608 sizeof(tb_ekm_buf))) { |
| 609 return ERR_FAILED; |
| 610 } |
| 611 out->resize(sig_len); |
| 612 if (!EVP_PKEY_sign(pctx.get(), out->data(), &sig_len, tb_ekm_buf, |
| 613 sizeof(tb_ekm_buf))) { |
| 614 return ERR_FAILED; |
| 615 } |
| 616 out->resize(sig_len); |
| 617 |
| 618 tb_signed_ekm_map_.Put(raw_public_key, *out); |
| 619 return OK; |
| 620 } |
| 621 |
| 580 SSLFailureState SSLClientSocketOpenSSL::GetSSLFailureState() const { | 622 SSLFailureState SSLClientSocketOpenSSL::GetSSLFailureState() const { |
| 581 return ssl_failure_state_; | 623 return ssl_failure_state_; |
| 582 } | 624 } |
| 583 | 625 |
| 584 int SSLClientSocketOpenSSL::ExportKeyingMaterial( | 626 int SSLClientSocketOpenSSL::ExportKeyingMaterial( |
| 585 const base::StringPiece& label, | 627 const base::StringPiece& label, |
| 586 bool has_context, const base::StringPiece& context, | 628 bool has_context, const base::StringPiece& context, |
| 587 unsigned char* out, unsigned int outlen) { | 629 unsigned char* out, unsigned int outlen) { |
| 588 if (!IsConnected()) | 630 if (!IsConnected()) |
| 589 return ERR_SOCKET_NOT_CONNECTED; | 631 return ERR_SOCKET_NOT_CONNECTED; |
| (...skipping 1714 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2304 tb_was_negotiated_ = true; | 2346 tb_was_negotiated_ = true; |
| 2305 return 1; | 2347 return 1; |
| 2306 } | 2348 } |
| 2307 } | 2349 } |
| 2308 | 2350 |
| 2309 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; | 2351 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; |
| 2310 return 0; | 2352 return 0; |
| 2311 } | 2353 } |
| 2312 | 2354 |
| 2313 } // namespace net | 2355 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1378613004:
Set Token-Binding HTTP header (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@tb-tls-ext-new