Add TLS-SRP (RFC 5054) support

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 57 matching lines @@
 
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/nss_util.h"
 #include "base/singleton.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/utf_string_conversions.h"
 #include "base/values.h"
 #include "net/base/address_list.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/connection_type_histograms.h"
 #include "net/base/dns_util.h"
 #include "net/base/dnsrr_resolver.h"
 #include "net/base/dnssec_chain_verifier.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
@@ skipping 374 matching lines @@
       user_write_buf_len_(0),
       server_cert_nss_(NULL),
       server_cert_verify_result_(NULL),
       ssl_connection_status_(0),
       client_auth_cert_needed_(false),
       cert_verifier_(cert_verifier),
       handshake_callback_called_(false),
       completed_handshake_(false),
       pseudo_connected_(false),
       eset_mitm_detected_(false),
+      server_cert_needed_(true),
       predicted_cert_chain_correct_(false),
       peername_initialized_(false),
       dnssec_provider_(NULL),
       next_handshake_state_(STATE_NONE),
       nss_fd_(NULL),
       nss_bufs_(NULL),
       net_log_(transport_socket->socket()->NetLog()),
       predicted_npn_status_(kNextProtoUnsupported),
       predicted_npn_proto_used_(false),
       ssl_host_info_(ssl_host_info),
       dns_cert_checker_(dns_ctx) {
   EnterFunction("");
 }
 
 SSLClientSocketNSS::~SSLClientSocketNSS() {
   EnterFunction("");
   Disconnect();
   LeaveFunction("");
 }
 
 // static
 void SSLClientSocketNSS::ClearSessionCache() {
   SSL_ClearSessionCache();
 }
 
 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
   EnterFunction("");
   ssl_info->Reset();
 
-  if (!server_cert_) {
-    LOG(DFATAL) << "!server_cert_";
+  if (!server_cert_ && server_cert_needed_) {
+    LOG(DFATAL) << "!server_cert_ && server_cert_needed_";
     return;
   }
 
-  ssl_info->cert_status = server_cert_verify_result_->cert_status;
-  DCHECK(server_cert_ != NULL);
-  ssl_info->cert = server_cert_;
   ssl_info->connection_status = ssl_connection_status_;
+  if (server_cert_verify_result_) {
+    ssl_info->cert_status = server_cert_verify_result_->cert_status;
+  }
+  if (server_cert_ != NULL) {
+    ssl_info->cert = server_cert_;
+  }
+  if (ssl_config_.use_tls_auth && !authenticated_tls_username_.empty()) {
+    ssl_info->tls_username = UTF8ToUTF16(authenticated_tls_username_);
+  }
 
   PRUint16 cipher_suite =
       SSLConnectionStatusToCipherSuite(ssl_connection_status_);
   SSLCipherSuiteInfo cipher_info;
   SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite,
                                         &cipher_info, sizeof(cipher_info));
   if (ok == SECSuccess) {
     ssl_info->security_bits = cipher_info.effectiveKeyBits;
   } else {
     ssl_info->security_bits = -1;
@@ skipping 384 matching lines @@
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL3");
     return ERR_UNEXPECTED;
   }
 
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_TLS, ssl_config_.tls1_enabled);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_TLS");
     return ERR_UNEXPECTED;
   }
 
-  for (std::vector<uint16>::const_iterator it =
-           ssl_config_.disabled_cipher_suites.begin();
-       it != ssl_config_.disabled_cipher_suites.end(); ++it) {
-    // This will fail if the specified cipher is not implemented by NSS, but
-    // the failure is harmless.
-    SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
-  }
-
 #ifdef SSL_ENABLE_SESSION_TICKETS
   // Support RFC 5077
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(
         net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
   }
 #else
   #error "You need to install NSS-3.12 or later to build chromium"
 #endif
@@ skipping 90 matching lines @@
   rv = SSL_GetPlatformClientAuthDataHook(nss_fd_, PlatformClientAuthHandler,
                                          this);
 #else
   rv = SSL_GetClientAuthDataHook(nss_fd_, ClientAuthHandler, this);
 #endif
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_GetClientAuthDataHook", "");
     return ERR_UNEXPECTED;
   }
 
+  if (ssl_config_.use_tls_auth) {
+    // Enable SRP ciphers, and disable non-SRP ciphers if we *require* TLS auth.
+    rv = SetCiphersForTLSAuth(true, ssl_config_.require_tls_auth);
+    if (rv != OK)
+      return rv;
+
+    if (!ssl_config_.tls_username.empty() &&
+        !ssl_config_.tls_password.empty()) {
+      LOG(WARNING) << "Using TLS-SRP as " <<
+          ssl_config_.tls_username << " / " << ssl_config_.tls_password;
+
+      rv = SSL_SetUserLogin(nss_fd_,
+                            ssl_config_.tls_username.c_str(),
+                            ssl_config_.tls_password.c_str());
+      if (rv != SECSuccess) {
+        LogFailedNSSFunction(net_log_, "SSL_SetUserLogin", "");
+        return ERR_UNEXPECTED;
+      }
+    } else
+      LOG(INFO) << "Using TLS-SRP with no username/password";
+  } else {
+    // Disable SRP ciphers.
+    // TODO(sqs): this disable step should only be called if the SRP cipher
+    // suites are on by default.
+    rv = SetCiphersForTLSAuth(false, false);
+    if (rv != OK)
+      return rv;
+  }
+
+  for (std::vector<uint16>::const_iterator it =
+           ssl_config_.disabled_cipher_suites.begin();
+       it != ssl_config_.disabled_cipher_suites.end(); ++it) {
+    // This will fail if the specified cipher is not implemented by NSS, but
+    // the failure is harmless.
+    SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
+  }
+
   rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", "");
     return ERR_UNEXPECTED;
   }
 
   // Tell SSL the hostname we're trying to connect to.
   SSL_SetURL(nss_fd_, host_and_port_.host().c_str());
 
   // Tell SSL we're a client; needed if not letting NSPR do socket I/O
   SSL_ResetHandshake(nss_fd_, 0);
 
   return OK;
 }
 
+// Enables SRP ciphers if |set_srp_ciphers| is true; otherwise, disables SRP
+// ciphers. If |disable_non_srp_ciphers| is true, then disable non-SRP ciphers;
+// otherwise, leave them alone.
+int SSLClientSocketNSS::SetCiphersForTLSAuth(bool set_srp_ciphers,
+                                             bool disable_non_srp_ciphers) {
+  int rv;
+  const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
+  int numCiphers = SSL_GetNumImplementedCiphers();
+  SSLCipherSuiteInfo info;
+  for (int i = 0; i < numCiphers; i++) {
+    PRUint16 suite = cipherSuites[i];
+    rv = SSL_GetCipherSuiteInfo(suite, &info, sizeof(info));
+    if (rv != SECSuccess) {
+      LogFailedNSSFunction(net_log_, "SSL_GetCipherSuiteInfo", "");
+      return ERR_UNEXPECTED;
+    }
+    if (IsNSSCipherKEATypeSRP(info.keaType)) {
+      rv = SSL_CipherPrefSet(nss_fd_, suite, set_srp_ciphers);
+    } else if (disable_non_srp_ciphers) {
+      rv = SSL_CipherPrefSet(nss_fd_, suite, PR_FALSE);
+    }
+    if (rv != SECSuccess) {
+      LogFailedNSSFunction(net_log_, "SSL_CipherPrefSet", "");
+      return ERR_UNEXPECTED;
+    }
+  }
+  return OK;
+}
+
 int SSLClientSocketNSS::InitializeSSLPeerName() {
   // Tell NSS who we're connected to
   AddressList peer_address;
   int err = transport_->socket()->GetPeerAddress(&peer_address);
   if (err != OK)
     return err;
 
   const struct addrinfo* ai = peer_address.head();
 
   PRNetAddr peername;
@@ skipping 32 matching lines @@
     server_cert_nss_ = SSL_PeerCertificate(nss_fd_);
     if (server_cert_nss_) {
       PeerCertificateChain certs(nss_fd_);
       server_cert_ = X509Certificate::CreateFromDERCertChain(
           certs.AsStringPieceVector());
     }
   }
   return server_cert_;
 }
 
+// Sets tls_username_ and server_cert_needed_.
+void SSLClientSocketNSS::UpdateAuth() {
+  if (ssl_config_.use_tls_auth) {
+    // Get the username that we actually authenticated with.
+    SECItem user;
+    SECStatus rv = SSL_GetChannelUsername(nss_fd_, &user);
+    if (rv != SECSuccess) {
+      LogFailedNSSFunction(net_log_, "SSL_GetChannelUsername", "");
+    } else {
+      authenticated_tls_username_.assign(const_cast<char *>((char *)user.data),
+                                         (size_t)user.len);
+      SECITEM_FreeItem(&user, PR_FALSE);
+    }
+    DCHECK(authenticated_tls_username_ == ssl_config_.tls_username);
+
+    // See whether this SRP cipher suite uses certs.
+    SSLChannelInfo channel_info;
+    SSLCipherSuiteInfo info;
+    rv = SSL_GetChannelInfo(nss_fd_, &channel_info, sizeof(channel_info));
+    if (rv != SECSuccess) {
+      LogFailedNSSFunction(net_log_, "SSL_GetChannelInfo", "");
+      return;
+    }
+    if (!channel_info.cipherSuite) {
+      LOG(WARNING) << "Couldn't get SSL channel cipher suite";
+      return;
+    }
+    rv = SSL_GetCipherSuiteInfo(channel_info.cipherSuite, &info, sizeof(info));
+    if (rv != SECSuccess) {
+      LogFailedNSSFunction(net_log_, "SSL_GetCipherSuiteInfo", "");
+      return;
+    }
+    bool cipher_is_srp_no_certs = (info.keaType == ssl_kea_srp);
+    server_cert_needed_ = !cipher_is_srp_no_certs;
+  }
+}
+
 // Sets ssl_connection_status_.
 void SSLClientSocketNSS::UpdateConnectionStatus() {
   SSLChannelInfo channel_info;
   SECStatus ok = SSL_GetChannelInfo(nss_fd_,
                                     &channel_info, sizeof(channel_info));
   if (ok == SECSuccess &&
       channel_info.length == sizeof(channel_info) &&
       channel_info.cipherSuite) {
     ssl_connection_status_ |=
         (static_cast<int>(channel_info.cipherSuite) &
@@ skipping 333 matching lines @@
   SECStatus rv = SSL_SetSnapStartApplicationData(
       nss_fd_, reinterpret_cast<const unsigned char*>(user_write_buf_->data()),
       user_write_buf_len_);
   DCHECK_EQ(SECSuccess, rv);
 
   GotoState(STATE_HANDSHAKE);
   LeaveFunction("");
   return OK;
 }
 
+// TODO(sqs): this hangs if the server returns an unknown_psk_identity alert
+// that is not fatal (that is a warning)
 int SSLClientSocketNSS::DoHandshake() {
   EnterFunction("");
   int net_error = net::OK;
   SECStatus rv = SSL_ForceHandshake(nss_fd_);
 
   if (client_auth_cert_needed_) {
     net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
     net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR,
                       make_scoped_refptr(new SSLErrorParams(net_error, 0)));
     // If the handshake already succeeded (because the server requests but
@@ skipping 171 matching lines @@
       break;
     default:
       NOTREACHED();
       GotoState(STATE_VERIFY_CERT);
   }
 
   return OK;
 }
 
 int SSLClientSocketNSS::DoVerifyCert(int result) {
+  if (!server_cert_needed_) {
+    DCHECK(ssl_config_.use_tls_auth);
+    DCHECK(!ssl_config_.tls_username.empty());
+    GotoState(STATE_VERIFY_CERT_COMPLETE);
+    return OK;
+  }
+
   DCHECK(server_cert_);
 
   GotoState(STATE_VERIFY_CERT_COMPLETE);
   start_cert_verification_time_ = base::TimeTicks::Now();
 
   if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() &&
       predicted_cert_chain_correct_) {
     // If the SSLHostInfo had a prediction for the certificate chain of this
     // server then it will have optimistically started a verification of that
     // chain. So, if the prediction was correct, we should wait for that
@@ skipping 149 matching lines @@
   }
   LeaveFunction("");
   rv = HandleNSSError(prerr, false);
   net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR,
                     make_scoped_refptr(new SSLErrorParams(rv, prerr)));
   return rv;
 }
 
 void SSLClientSocketNSS::LogConnectionTypeMetrics() const {
   UpdateConnectionTypeHistograms(CONNECTION_SSL);
-  if (server_cert_verify_result_->has_md5)
-    UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5);
-  if (server_cert_verify_result_->has_md2)
-    UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2);
-  if (server_cert_verify_result_->has_md4)
-    UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4);
-  if (server_cert_verify_result_->has_md5_ca)
-    UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA);
-  if (server_cert_verify_result_->has_md2_ca)
-    UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
+
+  if (server_cert_verify_result_) {
+    if (server_cert_verify_result_->has_md5)
+      UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5);
+    if (server_cert_verify_result_->has_md2)
+      UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2);
+    if (server_cert_verify_result_->has_md4)
+      UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4);
+    if (server_cert_verify_result_->has_md5_ca)
+      UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA);
+    if (server_cert_verify_result_->has_md2_ca)
+      UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
+  }
+
   int ssl_version = SSLConnectionStatusToVersion(ssl_connection_status_);
   switch (ssl_version) {
     case SSL_CONNECTION_VERSION_SSL2:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2);
       break;
     case SSL_CONNECTION_VERSION_SSL3:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL3);
       break;
     case SSL_CONNECTION_VERSION_TLS1:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1);
       break;
     case SSL_CONNECTION_VERSION_TLS1_1:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1);
       break;
     case SSL_CONNECTION_VERSION_TLS1_2:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2);
       break;
   };
+
+  if (!authenticated_tls_username_.empty())
+    UpdateConnectionTypeHistograms(CONNECTION_TLS_PASSWORD_AUTH);
 }
 
 // SaveSnapStartInfo extracts the information needed to perform a Snap Start
 // with this server in the future (if any) and tells |ssl_host_info_| to
 // preserve it.
 void SSLClientSocketNSS::SaveSnapStartInfo() {
   if (!ssl_host_info_.get())
     return;
 
   // If the SSLHostInfo hasn't managed to load from disk yet then we can't save
@@ skipping 638 matching lines @@
 // NSS calls this when handshake is completed.
 // After the SSL handshake is finished, use CertVerifier to verify
 // the saved server certificate.
 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket,
                                            void* arg) {
   SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
 
   that->handshake_callback_called_ = true;
 
   that->UpdateServerCert();
+  that->UpdateAuth();
   that->UpdateConnectionStatus();
 }
 
 }  // namespace net