Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(103)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.h

Issue 6804032: Add TLS-SRP (RFC 5054) support Base URL: http://git.chromium.org/git/chromium.git@trunk
Patch Set: remove "httpsv" scheme, minor NSS/OpenSSL changes Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
7 #pragma once 7 #pragma once
8 8
9 #include <certt.h> 9 #include <certt.h>
10 #include <keyt.h> 10 #include <keyt.h>
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
90 STATE_VERIFY_DNSSEC_COMPLETE, 90 STATE_VERIFY_DNSSEC_COMPLETE,
91 STATE_VERIFY_CERT, 91 STATE_VERIFY_CERT,
92 STATE_VERIFY_CERT_COMPLETE, 92 STATE_VERIFY_CERT_COMPLETE,
93 }; 93 };
94 94
95 int Init(); 95 int Init();
96 96
97 // Initializes NSS SSL options. Returns a net error code. 97 // Initializes NSS SSL options. Returns a net error code.
98 int InitializeSSLOptions(); 98 int InitializeSSLOptions();
99 99
100 // Enables SRP ciphers. If |disable_non_srp_ciphers| is true, then non-SRP
101 // ciphers will be disabled. Returns a net error code.
102 int SetCiphersForTLSAuth(bool set_srp_ciphers, bool disable_non_srp_ciphers);
103
100 // Initializes the socket peer name in SSL. Returns a net error code. 104 // Initializes the socket peer name in SSL. Returns a net error code.
101 int InitializeSSLPeerName(); 105 int InitializeSSLPeerName();
102 106
103 #if defined(OS_MACOSX) || defined(OS_WIN) 107 #if defined(OS_MACOSX) || defined(OS_WIN)
104 // Creates an OS certificate from a DER-encoded certificate. 108 // Creates an OS certificate from a DER-encoded certificate.
105 static X509Certificate::OSCertHandle CreateOSCert(const SECItem& der_cert); 109 static X509Certificate::OSCertHandle CreateOSCert(const SECItem& der_cert);
106 #endif 110 #endif
107 X509Certificate* UpdateServerCert(); 111 X509Certificate* UpdateServerCert();
108 void UpdateConnectionStatus(); 112 void UpdateConnectionStatus();
113 void UpdateAuth();
109 void DoReadCallback(int result); 114 void DoReadCallback(int result);
110 void DoWriteCallback(int result); 115 void DoWriteCallback(int result);
111 void DoConnectCallback(int result); 116 void DoConnectCallback(int result);
112 void OnHandshakeIOComplete(int result); 117 void OnHandshakeIOComplete(int result);
113 void OnSendComplete(int result); 118 void OnSendComplete(int result);
114 void OnRecvComplete(int result); 119 void OnRecvComplete(int result);
115 120
116 int DoHandshakeLoop(int last_io_result); 121 int DoHandshakeLoop(int last_io_result);
117 int DoReadLoop(int result); 122 int DoReadLoop(int result);
118 int DoWriteLoop(int result); 123 int DoWriteLoop(int result);
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
154 CERTDistNames* ca_names, 159 CERTDistNames* ca_names,
155 CERTCertList** result_certs, 160 CERTCertList** result_certs,
156 void** result_private_key); 161 void** result_private_key);
157 #else 162 #else
158 static SECStatus ClientAuthHandler(void* arg, 163 static SECStatus ClientAuthHandler(void* arg,
159 PRFileDesc* socket, 164 PRFileDesc* socket,
160 CERTDistNames* ca_names, 165 CERTDistNames* ca_names,
161 CERTCertificate** result_certificate, 166 CERTCertificate** result_certificate,
162 SECKEYPrivateKey** result_private_key); 167 SECKEYPrivateKey** result_private_key);
163 #endif 168 #endif
169
170 // NSS calls this when password authentication is requested (for TLS-SRP).
171 static SECStatus TLSAuthCallback(PRFileDesc *socket, SECItem *pw, void *arg);
172
164 // NSS calls this when handshake is completed. We pass 'this' as the second 173 // NSS calls this when handshake is completed. We pass 'this' as the second
165 // argument. 174 // argument.
166 static void HandshakeCallback(PRFileDesc* socket, void* arg); 175 static void HandshakeCallback(PRFileDesc* socket, void* arg);
167 176
168 CompletionCallbackImpl<SSLClientSocketNSS> buffer_send_callback_; 177 CompletionCallbackImpl<SSLClientSocketNSS> buffer_send_callback_;
169 CompletionCallbackImpl<SSLClientSocketNSS> buffer_recv_callback_; 178 CompletionCallbackImpl<SSLClientSocketNSS> buffer_recv_callback_;
170 bool transport_send_busy_; 179 bool transport_send_busy_;
171 bool transport_recv_busy_; 180 bool transport_recv_busy_;
172 // corked_ is true if we are currently suspending writes to the network. This 181 // corked_ is true if we are currently suspending writes to the network. This
173 // is named after the similar kernel flag, TCP_CORK. 182 // is named after the similar kernel flag, TCP_CORK.
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
207 int ssl_connection_status_; 216 int ssl_connection_status_;
208 217
209 // Stores client authentication information between ClientAuthHandler and 218 // Stores client authentication information between ClientAuthHandler and
210 // GetSSLCertRequestInfo calls. 219 // GetSSLCertRequestInfo calls.
211 std::vector<scoped_refptr<X509Certificate> > client_certs_; 220 std::vector<scoped_refptr<X509Certificate> > client_certs_;
212 bool client_auth_cert_needed_; 221 bool client_auth_cert_needed_;
213 222
214 CertVerifier* const cert_verifier_; 223 CertVerifier* const cert_verifier_;
215 scoped_ptr<SingleRequestCertVerifier> verifier_; 224 scoped_ptr<SingleRequestCertVerifier> verifier_;
216 225
226 // The mutually authenticated TLS username for the connection. This is only
227 // set after the handshake has succeeded with this username.
228 // If none, this is the empty string.
229 std::string authenticated_tls_username_;
230
217 // True if NSS has called HandshakeCallback. 231 // True if NSS has called HandshakeCallback.
218 bool handshake_callback_called_; 232 bool handshake_callback_called_;
219 233
220 // True if the SSL handshake has been completed. 234 // True if the SSL handshake has been completed.
221 bool completed_handshake_; 235 bool completed_handshake_;
222 236
223 // True if we are lying about being connected in order to merge the first 237 // True if we are lying about being connected in order to merge the first
224 // Write call into a Snap Start handshake. 238 // Write call into a Snap Start handshake.
225 bool pseudo_connected_; 239 bool pseudo_connected_;
226 240
227 // True iff we believe that the user has an ESET product intercepting our 241 // True iff we believe that the user has an ESET product intercepting our
228 // HTTPS connections. 242 // HTTPS connections.
229 bool eset_mitm_detected_; 243 bool eset_mitm_detected_;
230 244
245 // False iff we are using an SRP cipher suite that doesn't use server certs.
246 // Default is true.
247 bool server_cert_needed_;
248
231 // True iff |ssl_host_info_| contained a predicted certificate chain and 249 // True iff |ssl_host_info_| contained a predicted certificate chain and
232 // that we found the prediction to be correct. 250 // that we found the prediction to be correct.
233 bool predicted_cert_chain_correct_; 251 bool predicted_cert_chain_correct_;
234 252
235 // True if the peer name has been initialized. 253 // True if the peer name has been initialized.
236 bool peername_initialized_; 254 bool peername_initialized_;
237 255
238 // This pointer is owned by the caller of UseDNSSEC. 256 // This pointer is owned by the caller of UseDNSSEC.
239 DNSSECProvider* dnssec_provider_; 257 DNSSECProvider* dnssec_provider_;
240 // The time when we started waiting for DNSSEC records. 258 // The time when we started waiting for DNSSEC records.
(...skipping 19 matching lines...) Expand all
260 278
261 base::TimeTicks start_cert_verification_time_; 279 base::TimeTicks start_cert_verification_time_;
262 280
263 scoped_ptr<SSLHostInfo> ssl_host_info_; 281 scoped_ptr<SSLHostInfo> ssl_host_info_;
264 DnsCertProvenanceChecker* const dns_cert_checker_; 282 DnsCertProvenanceChecker* const dns_cert_checker_;
265 }; 283 };
266 284
267 } // namespace net 285 } // namespace net
268 286
269 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ 287 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698