| Index: net/socket/ssl_client_socket_impl.cc
|
| diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
|
| index 0af70d3e93c25de14b49efb57ddb37f3bcda5934..13172790e914d7696f49b3c3cc38912a7bfa74c3 100644
|
| --- a/net/socket/ssl_client_socket_impl.cc
|
| +++ b/net/socket/ssl_client_socket_impl.cc
|
| @@ -78,9 +78,9 @@ const unsigned int kTbExtNum = 24;
|
|
|
| // Token Binding ProtocolVersions supported.
|
| const uint8_t kTbProtocolVersionMajor = 0;
|
| -const uint8_t kTbProtocolVersionMinor = 8;
|
| +const uint8_t kTbProtocolVersionMinor = 10;
|
| const uint8_t kTbMinProtocolVersionMajor = 0;
|
| -const uint8_t kTbMinProtocolVersionMinor = 6;
|
| +const uint8_t kTbMinProtocolVersionMinor = 10;
|
|
|
| bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {
|
| switch (EVP_MD_type(md)) {
|
| @@ -487,7 +487,7 @@ SSLClientSocketImpl::SSLClientSocketImpl(
|
| channel_id_service_(context.channel_id_service),
|
| tb_was_negotiated_(false),
|
| tb_negotiated_param_(TB_PARAM_ECDSAP256),
|
| - tb_signed_ekm_map_(10),
|
| + tb_signature_map_(10),
|
| ssl_(NULL),
|
| transport_bio_(NULL),
|
| transport_(std::move(transport_socket)),
|
| @@ -534,16 +534,16 @@ ChannelIDService* SSLClientSocketImpl::GetChannelIDService() const {
|
| return channel_id_service_;
|
| }
|
|
|
| -Error SSLClientSocketImpl::GetSignedEKMForTokenBinding(
|
| - crypto::ECPrivateKey* key,
|
| - std::vector<uint8_t>* out) {
|
| +Error SSLClientSocketImpl::GetTokenBindingSignature(crypto::ECPrivateKey* key,
|
| + TokenBindingType tb_type,
|
| + std::vector<uint8_t>* out) {
|
| // The same key will be used across multiple requests to sign the same value,
|
| // so the signature is cached.
|
| std::string raw_public_key;
|
| if (!key->ExportRawPublicKey(&raw_public_key))
|
| return ERR_FAILED;
|
| - SignedEkmMap::iterator it = tb_signed_ekm_map_.Get(raw_public_key);
|
| - if (it != tb_signed_ekm_map_.end()) {
|
| + auto it = tb_signature_map_.Get(std::make_pair(tb_type, raw_public_key));
|
| + if (it != tb_signature_map_.end()) {
|
| *out = it->second;
|
| return OK;
|
| }
|
| @@ -557,13 +557,13 @@ Error SSLClientSocketImpl::GetSignedEKMForTokenBinding(
|
| return ERR_FAILED;
|
| }
|
|
|
| - if (!SignTokenBindingEkm(
|
| + if (!CreateTokenBindingSignature(
|
| base::StringPiece(reinterpret_cast<char*>(tb_ekm_buf),
|
| sizeof(tb_ekm_buf)),
|
| - key, out))
|
| + tb_type, key, out))
|
| return ERR_FAILED;
|
|
|
| - tb_signed_ekm_map_.Put(raw_public_key, *out);
|
| + tb_signature_map_.Put(std::make_pair(tb_type, raw_public_key), *out);
|
| return OK;
|
| }
|
|
|
| @@ -1174,9 +1174,12 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) {
|
| }
|
|
|
| // Check that if token binding was negotiated, then extended master secret
|
| - // must also be negotiated.
|
| - if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_))
|
| + // and renegotiation indication must also be negotiated.
|
| + if (tb_was_negotiated_ &&
|
| + !(SSL_get_extms_support(ssl_) &&
|
| + SSL_get_secure_renegotiation_support(ssl_))) {
|
| return ERR_SSL_PROTOCOL_ERROR;
|
| + }
|
|
|
| const uint8_t* alpn_proto = NULL;
|
| unsigned alpn_len = 0;
|
|
|
Chromium Code Reviews
Issue 2337253004:
Update Token Binding code to the latest drafts (Closed)
