Chromium Code Reviews Chromium Code Reviews
Issue 2337253004:
Update Token Binding code to the latest drafts (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 75 const char kDefaultSupportedNPNProtocol[] = "http/1.1"; | 75 const char kDefaultSupportedNPNProtocol[] = "http/1.1"; |
| 76 | 76 |
| 77 // Default size of the internal BoringSSL buffers. | 77 // Default size of the internal BoringSSL buffers. |
| 78 const int kDefaultOpenSSLBufferSize = 17 * 1024; | 78 const int kDefaultOpenSSLBufferSize = 17 * 1024; |
| 79 | 79 |
| 80 // TLS extension number use for Token Binding. | 80 // TLS extension number use for Token Binding. |
| 81 const unsigned int kTbExtNum = 24; | 81 const unsigned int kTbExtNum = 24; |
| 82 | 82 |
| 83 // Token Binding ProtocolVersions supported. | 83 // Token Binding ProtocolVersions supported. |
| 84 const uint8_t kTbProtocolVersionMajor = 0; | 84 const uint8_t kTbProtocolVersionMajor = 0; |
| 85 const uint8_t kTbProtocolVersionMinor = 8; | 85 const uint8_t kTbProtocolVersionMinor = 10; |
| 86 const uint8_t kTbMinProtocolVersionMajor = 0; | 86 const uint8_t kTbMinProtocolVersionMajor = 0; |
| 87 const uint8_t kTbMinProtocolVersionMinor = 6; | 87 const uint8_t kTbMinProtocolVersionMinor = 10; |
| 88 | 88 |
| 89 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { | 89 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { |
| 90 switch (EVP_MD_type(md)) { | 90 switch (EVP_MD_type(md)) { |
| 91 case NID_md5_sha1: | 91 case NID_md5_sha1: |
| 92 *hash = SSLPrivateKey::Hash::MD5_SHA1; | 92 *hash = SSLPrivateKey::Hash::MD5_SHA1; |
| 93 return true; | 93 return true; |
| 94 case NID_sha1: | 94 case NID_sha1: |
| 95 *hash = SSLPrivateKey::Hash::SHA1; | 95 *hash = SSLPrivateKey::Hash::SHA1; |
| 96 return true; | 96 return true; |
| 97 case NID_sha256: | 97 case NID_sha256: |
| (...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 494 transport_read_error_(OK), | 494 transport_read_error_(OK), |
| 495 transport_write_error_(OK), | 495 transport_write_error_(OK), |
| 496 server_cert_chain_(new PeerCertificateChain(NULL)), | 496 server_cert_chain_(new PeerCertificateChain(NULL)), |
| 497 completed_connect_(false), | 497 completed_connect_(false), |
| 498 was_ever_used_(false), | 498 was_ever_used_(false), |
| 499 cert_verifier_(context.cert_verifier), | 499 cert_verifier_(context.cert_verifier), |
| 500 cert_transparency_verifier_(context.cert_transparency_verifier), | 500 cert_transparency_verifier_(context.cert_transparency_verifier), |
| 501 channel_id_service_(context.channel_id_service), | 501 channel_id_service_(context.channel_id_service), |
| 502 tb_was_negotiated_(false), | 502 tb_was_negotiated_(false), |
| 503 tb_negotiated_param_(TB_PARAM_ECDSAP256), | 503 tb_negotiated_param_(TB_PARAM_ECDSAP256), |
| 504 tb_signed_ekm_map_(10), | 504 tb_signature_map_(10), |
| 505 ssl_(NULL), | 505 ssl_(NULL), |
| 506 transport_bio_(NULL), | 506 transport_bio_(NULL), |
| 507 transport_(std::move(transport_socket)), | 507 transport_(std::move(transport_socket)), |
| 508 host_and_port_(host_and_port), | 508 host_and_port_(host_and_port), |
| 509 ssl_config_(ssl_config), | 509 ssl_config_(ssl_config), |
| 510 ssl_session_cache_shard_(context.ssl_session_cache_shard), | 510 ssl_session_cache_shard_(context.ssl_session_cache_shard), |
| 511 next_handshake_state_(STATE_NONE), | 511 next_handshake_state_(STATE_NONE), |
| 512 disconnected_(false), | 512 disconnected_(false), |
| 513 npn_status_(kNextProtoUnsupported), | 513 npn_status_(kNextProtoUnsupported), |
| 514 negotiated_protocol_(kProtoUnknown), | 514 negotiated_protocol_(kProtoUnknown), |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 543 SSLCertRequestInfo* cert_request_info) { | 543 SSLCertRequestInfo* cert_request_info) { |
| 544 cert_request_info->host_and_port = host_and_port_; | 544 cert_request_info->host_and_port = host_and_port_; |
| 545 cert_request_info->cert_authorities = cert_authorities_; | 545 cert_request_info->cert_authorities = cert_authorities_; |
| 546 cert_request_info->cert_key_types = cert_key_types_; | 546 cert_request_info->cert_key_types = cert_key_types_; |
| 547 } | 547 } |
| 548 | 548 |
| 549 ChannelIDService* SSLClientSocketImpl::GetChannelIDService() const { | 549 ChannelIDService* SSLClientSocketImpl::GetChannelIDService() const { |
| 550 return channel_id_service_; | 550 return channel_id_service_; |
| 551 } | 551 } |
| 552 | 552 |
| 553 Error SSLClientSocketImpl::GetSignedEKMForTokenBinding( | 553 Error SSLClientSocketImpl::GetTokenBindingSignature(crypto::ECPrivateKey* key, |
| 554 crypto::ECPrivateKey* key, | 554 TokenBindingType tb_type, |
| 555 std::vector<uint8_t>* out) { | 555 std::vector<uint8_t>* out) { |
| 556 // The same key will be used across multiple requests to sign the same value, | 556 // The same key will be used across multiple requests to sign the same value, |
| 557 // so the signature is cached. | 557 // so the signature is cached. |
| 558 std::string raw_public_key; | 558 std::string raw_public_key; |
| 559 if (!key->ExportRawPublicKey(&raw_public_key)) | 559 if (!key->ExportRawPublicKey(&raw_public_key)) |
| 560 return ERR_FAILED; | 560 return ERR_FAILED; |
| 561 SignedEkmMap::iterator it = tb_signed_ekm_map_.Get(raw_public_key); | 561 TokenBindingSignatureMap::iterator it = |
|
davidben
2016/09/19 21:24:14
Optional: auto?
nharper
2016/09/19 22:32:23
Done.
| |
| 562 if (it != tb_signed_ekm_map_.end()) { | 562 tb_signature_map_.Get(std::make_pair(tb_type, raw_public_key)); |
| 563 if (it != tb_signature_map_.end()) { | |
| 563 *out = it->second; | 564 *out = it->second; |
| 564 return OK; | 565 return OK; |
| 565 } | 566 } |
| 566 | 567 |
| 567 uint8_t tb_ekm_buf[32]; | 568 uint8_t tb_ekm_buf[32]; |
| 568 static const char kTokenBindingExporterLabel[] = "EXPORTER-Token-Binding"; | 569 static const char kTokenBindingExporterLabel[] = "EXPORTER-Token-Binding"; |
| 569 if (!SSL_export_keying_material(ssl_, tb_ekm_buf, sizeof(tb_ekm_buf), | 570 if (!SSL_export_keying_material(ssl_, tb_ekm_buf, sizeof(tb_ekm_buf), |
| 570 kTokenBindingExporterLabel, | 571 kTokenBindingExporterLabel, |
| 571 strlen(kTokenBindingExporterLabel), nullptr, | 572 strlen(kTokenBindingExporterLabel), nullptr, |
| 572 0, false /* no context */)) { | 573 0, false /* no context */)) { |
| 573 return ERR_FAILED; | 574 return ERR_FAILED; |
| 574 } | 575 } |
| 575 | 576 |
| 576 if (!SignTokenBindingEkm( | 577 if (!CreateTokenBindingSignature( |
| 577 base::StringPiece(reinterpret_cast<char*>(tb_ekm_buf), | 578 base::StringPiece(reinterpret_cast<char*>(tb_ekm_buf), |
| 578 sizeof(tb_ekm_buf)), | 579 sizeof(tb_ekm_buf)), |
| 579 key, out)) | 580 tb_type, key, out)) |
| 580 return ERR_FAILED; | 581 return ERR_FAILED; |
| 581 | 582 |
| 582 tb_signed_ekm_map_.Put(raw_public_key, *out); | 583 tb_signature_map_.Put(std::make_pair(tb_type, raw_public_key), *out); |
| 583 return OK; | 584 return OK; |
| 584 } | 585 } |
| 585 | 586 |
| 586 crypto::ECPrivateKey* SSLClientSocketImpl::GetChannelIDKey() const { | 587 crypto::ECPrivateKey* SSLClientSocketImpl::GetChannelIDKey() const { |
| 587 return channel_id_key_.get(); | 588 return channel_id_key_.get(); |
| 588 } | 589 } |
| 589 | 590 |
| 590 int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label, | 591 int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label, |
| 591 bool has_context, | 592 bool has_context, |
| 592 const base::StringPiece& context, | 593 const base::StringPiece& context, |
| (...skipping 597 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1190 // afterwards. This is to aid in diagnosing connection failures because a | 1191 // afterwards. This is to aid in diagnosing connection failures because a |
| 1191 // server requires DHE ciphers. | 1192 // server requires DHE ciphers. |
| 1192 // | 1193 // |
| 1193 // TODO(davidben): A few releases after DHE's removal, remove this logic. | 1194 // TODO(davidben): A few releases after DHE's removal, remove this logic. |
| 1194 if (!ssl_config_.dhe_enabled && | 1195 if (!ssl_config_.dhe_enabled && |
| 1195 SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_))) { | 1196 SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_))) { |
| 1196 return ERR_SSL_OBSOLETE_CIPHER; | 1197 return ERR_SSL_OBSOLETE_CIPHER; |
| 1197 } | 1198 } |
| 1198 | 1199 |
| 1199 // Check that if token binding was negotiated, then extended master secret | 1200 // Check that if token binding was negotiated, then extended master secret |
| 1200 // must also be negotiated. | 1201 // and renegotiation indication must also be negotiated. |
| 1201 if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_)) | 1202 if (tb_was_negotiated_ && |
| 1203 !(SSL_get_extms_support(ssl_) && | |
| 1204 SSL_get_secure_renegotiation_support(ssl_))) { | |
| 1202 return ERR_SSL_PROTOCOL_ERROR; | 1205 return ERR_SSL_PROTOCOL_ERROR; |
| 1206 } | |
| 1203 | 1207 |
| 1204 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. | 1208 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. |
| 1205 if (npn_status_ == kNextProtoUnsupported) { | 1209 if (npn_status_ == kNextProtoUnsupported) { |
| 1206 const uint8_t* alpn_proto = NULL; | 1210 const uint8_t* alpn_proto = NULL; |
| 1207 unsigned alpn_len = 0; | 1211 unsigned alpn_len = 0; |
| 1208 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); | 1212 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); |
| 1209 if (alpn_len > 0) { | 1213 if (alpn_len > 0) { |
| 1210 base::StringPiece proto(reinterpret_cast<const char*>(alpn_proto), | 1214 base::StringPiece proto(reinterpret_cast<const char*>(alpn_proto), |
| 1211 alpn_len); | 1215 alpn_len); |
| 1212 negotiated_protocol_ = NextProtoFromString(proto); | 1216 negotiated_protocol_ = NextProtoFromString(proto); |
| (...skipping 1169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2382 } | 2386 } |
| 2383 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 2387 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
| 2384 CHANNEL_ID_USAGE_MAX); | 2388 CHANNEL_ID_USAGE_MAX); |
| 2385 } | 2389 } |
| 2386 | 2390 |
| 2387 bool SSLClientSocketImpl::IsChannelIDEnabled() const { | 2391 bool SSLClientSocketImpl::IsChannelIDEnabled() const { |
| 2388 return ssl_config_.channel_id_enabled && channel_id_service_; | 2392 return ssl_config_.channel_id_enabled && channel_id_service_; |
| 2389 } | 2393 } |
| 2390 | 2394 |
| 2391 } // namespace net | 2395 } // namespace net |
| OLD | NEW |
