OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | |
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | |
7 | |
8 #include <openssl/base.h> | |
9 #include <openssl/ssl.h> | |
10 #include <stddef.h> | |
11 #include <stdint.h> | |
12 | |
13 #include <memory> | |
14 #include <string> | |
15 #include <vector> | |
16 | |
17 #include "base/compiler_specific.h" | |
18 #include "base/containers/mru_cache.h" | |
19 #include "base/memory/ref_counted.h" | |
20 #include "base/memory/weak_ptr.h" | |
21 #include "build/build_config.h" | |
22 #include "net/base/completion_callback.h" | |
23 #include "net/base/io_buffer.h" | |
24 #include "net/cert/cert_verifier.h" | |
25 #include "net/cert/cert_verify_result.h" | |
26 #include "net/cert/ct_verify_result.h" | |
27 #include "net/socket/client_socket_handle.h" | |
28 #include "net/socket/ssl_client_socket.h" | |
29 #include "net/ssl/channel_id_service.h" | |
30 #include "net/ssl/openssl_ssl_util.h" | |
31 #include "net/ssl/ssl_client_cert_type.h" | |
32 #include "net/ssl/ssl_config_service.h" | |
33 #include "net/ssl/ssl_failure_state.h" | |
34 | |
35 namespace base { | |
36 class FilePath; | |
37 class SequencedTaskRunner; | |
38 } | |
39 | |
40 namespace net { | |
41 | |
42 class CertVerifier; | |
43 class CTVerifier; | |
44 class SSLCertRequestInfo; | |
45 class SSLInfo; | |
46 | |
47 using SignedEkmMap = base::MRUCache<std::string, std::vector<uint8_t>>; | |
48 | |
49 // An SSL client socket implemented with OpenSSL. | |
50 class SSLClientSocketOpenSSL : public SSLClientSocket { | |
51 public: | |
52 // Takes ownership of the transport_socket, which may already be connected. | |
53 // The given hostname will be compared with the name(s) in the server's | |
54 // certificate during the SSL handshake. ssl_config specifies the SSL | |
55 // settings. | |
56 SSLClientSocketOpenSSL(std::unique_ptr<ClientSocketHandle> transport_socket, | |
57 const HostPortPair& host_and_port, | |
58 const SSLConfig& ssl_config, | |
59 const SSLClientSocketContext& context); | |
60 ~SSLClientSocketOpenSSL() override; | |
61 | |
62 const HostPortPair& host_and_port() const { return host_and_port_; } | |
63 const std::string& ssl_session_cache_shard() const { | |
64 return ssl_session_cache_shard_; | |
65 } | |
66 | |
67 #if !defined(OS_NACL) | |
68 // Log SSL key material to |path| on |task_runner|. Must be called before any | |
69 // SSLClientSockets are created. | |
70 static void SetSSLKeyLogFile( | |
71 const base::FilePath& path, | |
72 const scoped_refptr<base::SequencedTaskRunner>& task_runner); | |
73 #endif | |
74 | |
75 // SSLClientSocket implementation. | |
76 void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override; | |
77 NextProtoStatus GetNextProto(std::string* proto) const override; | |
78 ChannelIDService* GetChannelIDService() const override; | |
79 Error GetSignedEKMForTokenBinding(crypto::ECPrivateKey* key, | |
80 std::vector<uint8_t>* out) override; | |
81 crypto::ECPrivateKey* GetChannelIDKey() const override; | |
82 SSLFailureState GetSSLFailureState() const override; | |
83 | |
84 // SSLSocket implementation. | |
85 int ExportKeyingMaterial(const base::StringPiece& label, | |
86 bool has_context, | |
87 const base::StringPiece& context, | |
88 unsigned char* out, | |
89 unsigned int outlen) override; | |
90 | |
91 // StreamSocket implementation. | |
92 int Connect(const CompletionCallback& callback) override; | |
93 void Disconnect() override; | |
94 bool IsConnected() const override; | |
95 bool IsConnectedAndIdle() const override; | |
96 int GetPeerAddress(IPEndPoint* address) const override; | |
97 int GetLocalAddress(IPEndPoint* address) const override; | |
98 const BoundNetLog& NetLog() const override; | |
99 void SetSubresourceSpeculation() override; | |
100 void SetOmniboxSpeculation() override; | |
101 bool WasEverUsed() const override; | |
102 bool GetSSLInfo(SSLInfo* ssl_info) override; | |
103 void GetConnectionAttempts(ConnectionAttempts* out) const override; | |
104 void ClearConnectionAttempts() override {} | |
105 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {} | |
106 int64_t GetTotalReceivedBytes() const override; | |
107 | |
108 // Socket implementation. | |
109 int Read(IOBuffer* buf, | |
110 int buf_len, | |
111 const CompletionCallback& callback) override; | |
112 int Write(IOBuffer* buf, | |
113 int buf_len, | |
114 const CompletionCallback& callback) override; | |
115 int SetReceiveBufferSize(int32_t size) override; | |
116 int SetSendBufferSize(int32_t size) override; | |
117 | |
118 private: | |
119 class PeerCertificateChain; | |
120 class SSLContext; | |
121 friend class SSLClientSocket; | |
122 friend class SSLContext; | |
123 | |
124 int Init(); | |
125 void DoReadCallback(int result); | |
126 void DoWriteCallback(int result); | |
127 | |
128 bool DoTransportIO(); | |
129 int DoHandshake(); | |
130 int DoHandshakeComplete(int result); | |
131 int DoChannelIDLookup(); | |
132 int DoChannelIDLookupComplete(int result); | |
133 int DoVerifyCert(int result); | |
134 int DoVerifyCertComplete(int result); | |
135 void DoConnectCallback(int result); | |
136 void UpdateServerCert(); | |
137 void VerifyCT(); | |
138 | |
139 void OnHandshakeIOComplete(int result); | |
140 void OnSendComplete(int result); | |
141 void OnRecvComplete(int result); | |
142 | |
143 int DoHandshakeLoop(int last_io_result); | |
144 int DoReadLoop(); | |
145 int DoWriteLoop(); | |
146 int DoPayloadRead(); | |
147 int DoPayloadWrite(); | |
148 | |
149 // Called when an asynchronous event completes which may have blocked the | |
150 // pending Read or Write calls, if any. Retries both state machines and, if | |
151 // complete, runs the respective callbacks. | |
152 void PumpReadWriteEvents(); | |
153 | |
154 int BufferSend(); | |
155 int BufferRecv(); | |
156 void BufferSendComplete(int result); | |
157 void BufferRecvComplete(int result); | |
158 void TransportWriteComplete(int result); | |
159 int TransportReadComplete(int result); | |
160 | |
161 // Callback from the SSL layer that indicates the remote server is requesting | |
162 // a certificate for this client. | |
163 int ClientCertRequestCallback(SSL* ssl); | |
164 | |
165 // CertVerifyCallback is called to verify the server's certificates. We do | |
166 // verification after the handshake so this function only enforces that the | |
167 // certificates don't change during renegotiation. | |
168 int CertVerifyCallback(X509_STORE_CTX *store_ctx); | |
169 | |
170 // Callback from the SSL layer to check which NPN protocol we are supporting | |
171 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, | |
172 const unsigned char* in, unsigned int inlen); | |
173 | |
174 // Called during an operation on |transport_bio_|'s peer. Checks saved | |
175 // transport error state and, if appropriate, returns an error through | |
176 // OpenSSL's error system. | |
177 long MaybeReplayTransportError(BIO *bio, | |
178 int cmd, | |
179 const char *argp, int argi, long argl, | |
180 long retvalue); | |
181 | |
182 // Callback from the SSL layer when an operation is performed on | |
183 // |transport_bio_|'s peer. | |
184 static long BIOCallback(BIO *bio, | |
185 int cmd, | |
186 const char *argp, int argi, long argl, | |
187 long retvalue); | |
188 | |
189 // Called after the initial handshake completes and after the server | |
190 // certificate has been verified. The order of handshake completion and | |
191 // certificate verification depends on whether the connection was false | |
192 // started. After both have happened (thus calling this twice), the session is | |
193 // safe to cache and will be cached. | |
194 void MaybeCacheSession(); | |
195 | |
196 // Called from the SSL layer whenever a new session is established. | |
197 int NewSessionCallback(SSL_SESSION* session); | |
198 | |
199 // Adds the Certificate Transparency info from ct_verify_result_ to | |
200 // |ssl_info|. | |
201 // SCTs are held in three separate vectors in ct_verify_result, each | |
202 // vetor representing a particular verification state, this method associates | |
203 // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to | |
204 // the |ssl_info|.signed_certificate_timestamps list. | |
205 void AddCTInfoToSSLInfo(SSLInfo* ssl_info) const; | |
206 | |
207 // Returns a unique key string for the SSL session cache for | |
208 // this socket. | |
209 std::string GetSessionCacheKey() const; | |
210 | |
211 // Returns true if renegotiations are allowed. | |
212 bool IsRenegotiationAllowed() const; | |
213 | |
214 // Callbacks for operations with the private key. | |
215 int PrivateKeyTypeCallback(); | |
216 size_t PrivateKeyMaxSignatureLenCallback(); | |
217 ssl_private_key_result_t PrivateKeySignCallback(uint8_t* out, | |
218 size_t* out_len, | |
219 size_t max_out, | |
220 const EVP_MD* md, | |
221 const uint8_t* in, | |
222 size_t in_len); | |
223 ssl_private_key_result_t PrivateKeySignCompleteCallback(uint8_t* out, | |
224 size_t* out_len, | |
225 size_t max_out); | |
226 | |
227 void OnPrivateKeySignComplete(Error error, | |
228 const std::vector<uint8_t>& signature); | |
229 | |
230 int TokenBindingAdd(const uint8_t** out, | |
231 size_t* out_len, | |
232 int* out_alert_value); | |
233 int TokenBindingParse(const uint8_t* contents, | |
234 size_t contents_len, | |
235 int* out_alert_value); | |
236 | |
237 bool transport_send_busy_; | |
238 bool transport_recv_busy_; | |
239 | |
240 // Buffers which are shared by BoringSSL and SSLClientSocketOpenSSL. | |
241 // GrowableIOBuffer is used to keep ownership and setting offset. | |
242 scoped_refptr<GrowableIOBuffer> send_buffer_; | |
243 scoped_refptr<GrowableIOBuffer> recv_buffer_; | |
244 | |
245 CompletionCallback user_connect_callback_; | |
246 CompletionCallback user_read_callback_; | |
247 CompletionCallback user_write_callback_; | |
248 | |
249 // Used by Read function. | |
250 scoped_refptr<IOBuffer> user_read_buf_; | |
251 int user_read_buf_len_; | |
252 | |
253 // Used by Write function. | |
254 scoped_refptr<IOBuffer> user_write_buf_; | |
255 int user_write_buf_len_; | |
256 | |
257 // Used by DoPayloadRead() when attempting to fill the caller's buffer with | |
258 // as much data as possible without blocking. | |
259 // If DoPayloadRead() encounters an error after having read some data, stores | |
260 // the result to return on the *next* call to DoPayloadRead(). A value > 0 | |
261 // indicates there is no pending result, otherwise 0 indicates EOF and < 0 | |
262 // indicates an error. | |
263 int pending_read_error_; | |
264 | |
265 // If there is a pending read result, the OpenSSL result code (output of | |
266 // SSL_get_error) associated with it. | |
267 int pending_read_ssl_error_; | |
268 | |
269 // If there is a pending read result, the OpenSSLErrorInfo associated with it. | |
270 OpenSSLErrorInfo pending_read_error_info_; | |
271 | |
272 // Used by TransportReadComplete() to signify an error reading from the | |
273 // transport socket. A value of OK indicates the socket is still | |
274 // readable. EOFs are mapped to ERR_CONNECTION_CLOSED. | |
275 int transport_read_error_; | |
276 | |
277 // Used by TransportWriteComplete() and TransportReadComplete() to signify an | |
278 // error writing to the transport socket. A value of OK indicates no error. | |
279 int transport_write_error_; | |
280 | |
281 // Set when Connect finishes. | |
282 std::unique_ptr<PeerCertificateChain> server_cert_chain_; | |
283 scoped_refptr<X509Certificate> server_cert_; | |
284 CertVerifyResult server_cert_verify_result_; | |
285 bool completed_connect_; | |
286 | |
287 // Set when Read() or Write() successfully reads or writes data to or from the | |
288 // network. | |
289 bool was_ever_used_; | |
290 | |
291 // List of DER-encoded X.509 DistinguishedName of certificate authorities | |
292 // allowed by the server. | |
293 std::vector<std::string> cert_authorities_; | |
294 // List of SSLClientCertType values for client certificates allowed by the | |
295 // server. | |
296 std::vector<SSLClientCertType> cert_key_types_; | |
297 | |
298 CertVerifier* const cert_verifier_; | |
299 std::unique_ptr<CertVerifier::Request> cert_verifier_request_; | |
300 base::TimeTicks start_cert_verification_time_; | |
301 | |
302 // Certificate Transparency: Verifier and result holder. | |
303 ct::CTVerifyResult ct_verify_result_; | |
304 CTVerifier* cert_transparency_verifier_; | |
305 | |
306 // The service for retrieving Channel ID keys. May be NULL. | |
307 ChannelIDService* channel_id_service_; | |
308 bool tb_was_negotiated_; | |
309 TokenBindingParam tb_negotiated_param_; | |
310 SignedEkmMap tb_signed_ekm_map_; | |
311 | |
312 // OpenSSL stuff | |
313 SSL* ssl_; | |
314 BIO* transport_bio_; | |
315 | |
316 std::unique_ptr<ClientSocketHandle> transport_; | |
317 const HostPortPair host_and_port_; | |
318 SSLConfig ssl_config_; | |
319 // ssl_session_cache_shard_ is an opaque string that partitions the SSL | |
320 // session cache. i.e. sessions created with one value will not attempt to | |
321 // resume on the socket with a different value. | |
322 const std::string ssl_session_cache_shard_; | |
323 | |
324 enum State { | |
325 STATE_NONE, | |
326 STATE_HANDSHAKE, | |
327 STATE_HANDSHAKE_COMPLETE, | |
328 STATE_CHANNEL_ID_LOOKUP, | |
329 STATE_CHANNEL_ID_LOOKUP_COMPLETE, | |
330 STATE_VERIFY_CERT, | |
331 STATE_VERIFY_CERT_COMPLETE, | |
332 }; | |
333 State next_handshake_state_; | |
334 | |
335 // True if the socket has been disconnected. | |
336 bool disconnected_; | |
337 | |
338 NextProtoStatus npn_status_; | |
339 std::string npn_proto_; | |
340 // Written by the |channel_id_service_|. | |
341 std::unique_ptr<crypto::ECPrivateKey> channel_id_key_; | |
342 // True if a channel ID was sent. | |
343 bool channel_id_sent_; | |
344 // True if the current session was newly-established, but the certificate had | |
345 // not yet been verified externally, so it cannot be inserted into the cache | |
346 // until later. | |
347 bool session_pending_; | |
348 // True if the initial handshake's certificate has been verified. | |
349 bool certificate_verified_; | |
350 // The request handle for |channel_id_service_|. | |
351 ChannelIDService::Request channel_id_request_; | |
352 SSLFailureState ssl_failure_state_; | |
353 | |
354 int signature_result_; | |
355 std::vector<uint8_t> signature_; | |
356 | |
357 TransportSecurityState* transport_security_state_; | |
358 | |
359 CTPolicyEnforcer* const policy_enforcer_; | |
360 | |
361 // pinning_failure_log contains a message produced by | |
362 // TransportSecurityState::CheckPublicKeyPins in the event of a | |
363 // pinning failure. It is a (somewhat) human-readable string. | |
364 std::string pinning_failure_log_; | |
365 | |
366 BoundNetLog net_log_; | |
367 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_; | |
368 }; | |
369 | |
370 } // namespace net | |
371 | |
372 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | |
OLD | NEW |