Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(517)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_impl.h

Issue 2337253004: Update Token Binding code to the latest drafts (Closed)
Patch Set: Add call to CBS_len() Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_impl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_
7 7
8 #include <openssl/base.h> 8 #include <openssl/base.h>
9 #include <openssl/ssl.h> 9 #include <openssl/ssl.h>
10 #include <stddef.h> 10 #include <stddef.h>
(...skipping 26 matching lines...) Expand all
37 class SequencedTaskRunner; 37 class SequencedTaskRunner;
38 } 38 }
39 39
40 namespace net { 40 namespace net {
41 41
42 class CertVerifier; 42 class CertVerifier;
43 class CTVerifier; 43 class CTVerifier;
44 class SSLCertRequestInfo; 44 class SSLCertRequestInfo;
45 class SSLInfo; 45 class SSLInfo;
46 46
47 using SignedEkmMap = base::MRUCache<std::string, std::vector<uint8_t>>; 47 using TokenBindingSignatureMap =
48 base::MRUCache<std::pair<TokenBindingType, std::string>,
49 std::vector<uint8_t>>;
48 50
49 class SSLClientSocketImpl : public SSLClientSocket { 51 class SSLClientSocketImpl : public SSLClientSocket {
50 public: 52 public:
51 // Takes ownership of the transport_socket, which may already be connected. 53 // Takes ownership of the transport_socket, which may already be connected.
52 // The given hostname will be compared with the name(s) in the server's 54 // The given hostname will be compared with the name(s) in the server's
53 // certificate during the SSL handshake. ssl_config specifies the SSL 55 // certificate during the SSL handshake. ssl_config specifies the SSL
54 // settings. 56 // settings.
55 SSLClientSocketImpl(std::unique_ptr<ClientSocketHandle> transport_socket, 57 SSLClientSocketImpl(std::unique_ptr<ClientSocketHandle> transport_socket,
56 const HostPortPair& host_and_port, 58 const HostPortPair& host_and_port,
57 const SSLConfig& ssl_config, 59 const SSLConfig& ssl_config,
58 const SSLClientSocketContext& context); 60 const SSLClientSocketContext& context);
59 ~SSLClientSocketImpl() override; 61 ~SSLClientSocketImpl() override;
60 62
61 const HostPortPair& host_and_port() const { return host_and_port_; } 63 const HostPortPair& host_and_port() const { return host_and_port_; }
62 const std::string& ssl_session_cache_shard() const { 64 const std::string& ssl_session_cache_shard() const {
63 return ssl_session_cache_shard_; 65 return ssl_session_cache_shard_;
64 } 66 }
65 67
66 #if !defined(OS_NACL) 68 #if !defined(OS_NACL)
67 // Log SSL key material to |path| on |task_runner|. Must be called before any 69 // Log SSL key material to |path| on |task_runner|. Must be called before any
68 // SSLClientSockets are created. 70 // SSLClientSockets are created.
69 static void SetSSLKeyLogFile( 71 static void SetSSLKeyLogFile(
70 const base::FilePath& path, 72 const base::FilePath& path,
71 const scoped_refptr<base::SequencedTaskRunner>& task_runner); 73 const scoped_refptr<base::SequencedTaskRunner>& task_runner);
72 #endif 74 #endif
73 75
74 // SSLClientSocket implementation. 76 // SSLClientSocket implementation.
75 void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override; 77 void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override;
76 ChannelIDService* GetChannelIDService() const override; 78 ChannelIDService* GetChannelIDService() const override;
77 Error GetSignedEKMForTokenBinding(crypto::ECPrivateKey* key, 79 Error GetTokenBindingSignature(crypto::ECPrivateKey* key,
78 std::vector<uint8_t>* out) override; 80 TokenBindingType tb_type,
81 std::vector<uint8_t>* out) override;
79 crypto::ECPrivateKey* GetChannelIDKey() const override; 82 crypto::ECPrivateKey* GetChannelIDKey() const override;
80 83
81 // SSLSocket implementation. 84 // SSLSocket implementation.
82 int ExportKeyingMaterial(const base::StringPiece& label, 85 int ExportKeyingMaterial(const base::StringPiece& label,
83 bool has_context, 86 bool has_context,
84 const base::StringPiece& context, 87 const base::StringPiece& context,
85 unsigned char* out, 88 unsigned char* out,
86 unsigned int outlen) override; 89 unsigned int outlen) override;
87 90
88 // StreamSocket implementation. 91 // StreamSocket implementation.
(...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after
312 base::TimeTicks start_cert_verification_time_; 315 base::TimeTicks start_cert_verification_time_;
313 316
314 // Certificate Transparency: Verifier and result holder. 317 // Certificate Transparency: Verifier and result holder.
315 ct::CTVerifyResult ct_verify_result_; 318 ct::CTVerifyResult ct_verify_result_;
316 CTVerifier* cert_transparency_verifier_; 319 CTVerifier* cert_transparency_verifier_;
317 320
318 // The service for retrieving Channel ID keys. May be NULL. 321 // The service for retrieving Channel ID keys. May be NULL.
319 ChannelIDService* channel_id_service_; 322 ChannelIDService* channel_id_service_;
320 bool tb_was_negotiated_; 323 bool tb_was_negotiated_;
321 TokenBindingParam tb_negotiated_param_; 324 TokenBindingParam tb_negotiated_param_;
322 SignedEkmMap tb_signed_ekm_map_; 325 TokenBindingSignatureMap tb_signature_map_;
323 326
324 // OpenSSL stuff 327 // OpenSSL stuff
325 SSL* ssl_; 328 SSL* ssl_;
326 BIO* transport_bio_; 329 BIO* transport_bio_;
327 330
328 std::unique_ptr<ClientSocketHandle> transport_; 331 std::unique_ptr<ClientSocketHandle> transport_;
329 const HostPortPair host_and_port_; 332 const HostPortPair host_and_port_;
330 SSLConfig ssl_config_; 333 SSLConfig ssl_config_;
331 // ssl_session_cache_shard_ is an opaque string that partitions the SSL 334 // ssl_session_cache_shard_ is an opaque string that partitions the SSL
332 // session cache. i.e. sessions created with one value will not attempt to 335 // session cache. i.e. sessions created with one value will not attempt to
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
375 // True if PKP is bypassed due to a local trust anchor. 378 // True if PKP is bypassed due to a local trust anchor.
376 bool pkp_bypassed_; 379 bool pkp_bypassed_;
377 380
378 BoundNetLog net_log_; 381 BoundNetLog net_log_;
379 base::WeakPtrFactory<SSLClientSocketImpl> weak_factory_; 382 base::WeakPtrFactory<SSLClientSocketImpl> weak_factory_;
380 }; 383 };
381 384
382 } // namespace net 385 } // namespace net
383 386
384 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ 387 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_impl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698