SSLTCP (pseudo-SSL with fake handshake and unencrypted data) support for p2p socket.

content/browser/renderer_host/p2p/ssltcp_helper.cc

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/renderer_host/p2p/ssltcp_helper.h"

[Mallinath (Gone from Chromium), 2013/06/17 22:13:22]

I discovered this lately, there is already code which does this. Take a look at
jingle/glue/fake_ssl_client_socket.cc

[Sergey Ulanov, 2013/06/18 20:05:49]

That's a good point. Looks like you can just swap the underlying the socket with
a FakeSSLClientSocket and it will handle fake SSL handshake for you.

+
+namespace {
+
+// This is a SSL v2 CLIENT_HELLO message, got from libjingle code
+// talk/base/socketadapters.cc.
+const char kSslClientHello[] = {

[Sergey Ulanov, 2013/06/18 20:01:26]

Are these standard? Can other implementation use slightly different message?

+  0x80, 0x46,                                            // msg len
+  0x01,                                                  // CLIENT_HELLO
+  0x03, 0x01,                                            // SSL 3.1
+  0x00, 0x2d,                                            // ciphersuite len
+  0x00, 0x00,                                            // session id len
+  0x00, 0x10,                                            // challenge len
+  0x01, 0x00, 0x80, 0x03, 0x00, 0x80, 0x07, 0x00, 0xc0,  // ciphersuites
+  0x06, 0x00, 0x40, 0x02, 0x00, 0x80, 0x04, 0x00, 0x80,  //
+  0x00, 0x00, 0x04, 0x00, 0xfe, 0xff, 0x00, 0x00, 0x0a,  //
+  0x00, 0xfe, 0xfe, 0x00, 0x00, 0x09, 0x00, 0x00, 0x64,  //
+  0x00, 0x00, 0x62, 0x00, 0x00, 0x03, 0x00, 0x00, 0x06,  //
+  0x1f, 0x17, 0x0c, 0xa6, 0x2f, 0x00, 0x78, 0xfc,        // challenge
+  0x46, 0x55, 0x2e, 0xb1, 0x83, 0x39, 0xf1, 0xea         //
+};
+
+// This is a TLSv1 SERVER_HELLO message.
+const char kSslServerHello[] = {
+  0x16,                                            // handshake message
+  0x03, 0x01,                                      // SSL 3.1
+  0x00, 0x4a,                                      // message len
+  0x02,                                            // SERVER_HELLO
+  0x00, 0x00, 0x46,                                // handshake len
+  0x03, 0x01,                                      // SSL 3.1
+  0x42, 0x85, 0x45, 0xa7, 0x27, 0xa9, 0x5d, 0xa0,  // server random
+  0xb3, 0xc5, 0xe7, 0x53, 0xda, 0x48, 0x2b, 0x3f,  //
+  0xc6, 0x5a, 0xca, 0x89, 0xc1, 0x58, 0x52, 0xa1,  //
+  0x78, 0x3c, 0x5b, 0x17, 0x46, 0x00, 0x85, 0x3f,  //
+  0x20,                                            // session id len
+  0x0e, 0xd3, 0x06, 0x72, 0x5b, 0x5b, 0x1b, 0x5f,  // session id
+  0x15, 0xac, 0x13, 0xf9, 0x88, 0x53, 0x9d, 0x9b,  //
+  0xe8, 0x3d, 0x7b, 0x0c, 0x30, 0x32, 0x6e, 0x38,  //
+  0x4d, 0xa2, 0x75, 0x57, 0x41, 0x6c, 0x34, 0x5c,  //
+  0x00, 0x04,                                      // RSA/RC4-128/MD5
+  0x00                                             // null compression
+};
+}  // namespace
+
+namespace content {
+
+size_t client_hello_message_size() {
+  return sizeof(kSslClientHello);
+}
+
+size_t server_hello_message_size() {
+  return sizeof(kSslServerHello);
+}
+
+SsltcpHelper::SsltcpHelper()
+    : client_(true),
+      hello_sent_(false),
+      hello_received_(false),
+      client_hello_message_(client_hello_message_size()),

[Sergey Ulanov, 2013/06/18 20:01:26]

client_hello_message_(kSslClientHello, sizeof(kSslClientHello)), then you don't
need memcpy below.

same for the next field.

+      server_hello_message_(server_hello_message_size()) {
+  memcpy(&client_hello_message_[0], kSslClientHello,
+         client_hello_message_size());
+  memcpy(&server_hello_message_[0], kSslServerHello,
+         server_hello_message_size());
+}
+
+SsltcpHelper::~SsltcpHelper() {
+}
+
+void SsltcpHelper::Init(bool client) {
+  client_ = client;
+}
+
+bool SsltcpHelper::IsClient() const {
+  return client_;
+}
+
+void SsltcpHelper::set_hello_sent(bool hello_sent) {
+  hello_sent_ = hello_sent;
+}
+
+bool SsltcpHelper::hello_sent() const {
+  return hello_sent_;
+}
+
+void SsltcpHelper::set_hello_received(bool hello_received) {
+  hello_received_ = hello_received;
+}
+
+bool SsltcpHelper::hello_received() const {
+  return hello_received_;
+}
+
+const std::vector<char>& SsltcpHelper::client_hello_message() const {
+  return client_hello_message_;
+}
+
+const std::vector<char>& SsltcpHelper::server_hello_message() const {
+  return server_hello_message_;
+}
+
+bool SsltcpHelper::IsHelloMessage(const char* message) {

[Sergey Ulanov, 2013/06/18 20:01:26]

I think it would be better to pass size of the buffer here. Then the caller
wouldn't have to worry about comparing message size with
remote_hello_message_size().

Also you can call it ProcessHelloMessage() and set hello_received_ right here,
so the caller wouldn't need to worry about it.

+  const char* expect = client_ ? kSslServerHello : kSslClientHello;

[Sergey Ulanov, 2013/06/18 20:01:26]

 const std::string& expected = client_ ? server_hello_message_ :
client_hello_message_;
And then compare the strings. You also wound't need remote_hello_message_size()
in that case.

+  return (memcmp(expect, message, remote_hello_message_size()) == 0);

[Sergey Ulanov, 2013/06/18 20:01:26]

nit: IMHO it's less readable with these parentheses, but feel free to keep them
if you disagree.

+}
+
+size_t SsltcpHelper::hello_message_size() {
+  return client_ ? client_hello_message_size() : server_hello_message_size();
+}
+
+size_t SsltcpHelper::remote_hello_message_size() {
+  return client_ ? server_hello_message_size() : client_hello_message_size();
+}
+
+}  // namespace content