Set Token-Binding HTTP header

net/socket/ssl_client_socket_openssl.cc

Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 59d170778bf2cbfec29ff2134455ae71d87dadde..db837babc5a140bbefb9d5a914c40cd389170970 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -497,6 +497,7 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
       channel_id_service_(context.channel_id_service),
       tb_was_negotiated_(false),
       tb_negotiated_param_(TB_PARAM_ECDSAP256),
+      tb_signed_ekm_map_(SignedEkmMap::NO_AUTO_EVICT),

[davidben, 2015/11/18 20:49:00]

With NO_AUTO_EVICT and no explicit evictions, this means we're not actually
using the MRU-ness, right? Seems we'd want to just set a fairly conservative one
and leave it at that.

[nharper, 2015/12/04 01:42:20]

Correct. I've changed it to 10.

       ssl_(NULL),
       transport_bio_(NULL),
       transport_(transport_socket.Pass()),
@@ -552,6 +553,45 @@ SSLClientSocketOpenSSL::GetChannelIDService() const {
   return channel_id_service_;
 }
 
+int SSLClientSocketOpenSSL::GetSignedEKMForTokenBinding(
+    crypto::ECPrivateKey* key,
+    std::vector<uint8_t>* out) {

[davidben, 2015/11/18 20:49:00]

I think this deserves a comment like:

  // The same key will be asserted for multiple requests, so look up a
  // signature in the cache first.

[nharper, 2015/12/04 01:42:20]

Done.

+  std::string raw_public_key;
+  if (!key->ExportRawPublicKey(&raw_public_key))
+    return ERR_FAILED;
+  SignedEkmMap::iterator it = tb_signed_ekm_map_.Get(raw_public_key);
+  if (it != tb_signed_ekm_map_.end()) {
+    *out = it->second;
+    return OK;
+  }

[davidben, 2015/11/18 20:49:00]

Nit: Newline here, probably.

[nharper, 2015/12/04 01:42:20]

Done.

+  size_t tb_ekm_size = 32;
+  uint8_t tb_ekm_buf[32];
+  const char tb_ekm_label[] = "EXPORTER-Token-Binding";

[davidben, 2015/11/18 20:49:00]

Nit: static const char kTbEkmLabel[]. Or maybe kTokenBindingEkmLabel[] or even
kTokenBindingExporterLabel[] to cut down on abbreviation soup?

[nharper, 2015/12/04 01:42:20]

Done.

+  // The EKM label as specified does not include a null terminating byte.
+  // Calling arraysize on a char array includes the null terminator in the
+  // length, so subtract 1 to account for that.
+  size_t ekm_label_length = arraysize(tb_ekm_label) - 1;

[davidben, 2015/11/18 20:49:00]

Rather than that long comment, how about just using strlen? I'm sure the
compiler will be smart enough to avoid the function call.

[nharper, 2015/12/04 01:42:20]

I forgot about strlen. Done.

+  if (!SSL_export_keying_material(ssl_, tb_ekm_buf, tb_ekm_size, tb_ekm_label,
+                                  ekm_label_length, nullptr, 0, false)) {
+    return ERR_FAILED;
+  }
+
+  size_t sig_len;
+  crypto::ScopedEVP_PKEY_CTX pctx(EVP_PKEY_CTX_new(key->key(), nullptr));
+  if (!EVP_PKEY_sign_init(pctx.get()) ||
+      !EVP_PKEY_sign(pctx.get(), nullptr, &sig_len, tb_ekm_buf, tb_ekm_size)) {
+    return ERR_FAILED;
+  }
+  out->resize(sig_len);
+  if (!EVP_PKEY_sign(pctx.get(), &out->front(), &sig_len, tb_ekm_buf,

[davidben, 2015/11/18 20:49:00]

vector_as_array(out) from base/stl_util.h, very soon to be replaced with
out->data().

[nharper, 2015/12/04 01:42:20]

Done.

+                     tb_ekm_size)) {
+    return ERR_FAILED;
+  }
+  out->resize(sig_len);
+  tb_signed_ekm_map_.Put(raw_public_key, *out);
+  return OK;
+}
+
 SSLFailureState SSLClientSocketOpenSSL::GetSSLFailureState() const {
   return ssl_failure_state_;
 }