Add support for fetching Certificate Transparency SCTs over a TLS extension

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 396 matching lines @@
 struct HandshakeState {
   HandshakeState() { Reset(); }
 
   void Reset() {
     next_proto_status = SSLClientSocket::kNextProtoUnsupported;
     next_proto.clear();
     server_protos.clear();
     channel_id_sent = false;
     server_cert_chain.Reset(NULL);
     server_cert = NULL;
+    sct_list_from_tls_extension.clear();
     resumed_handshake = false;
     ssl_connection_status = 0;
   }
 
   // Set to kNextProtoNegotiated if NPN was successfully negotiated, with the
   // negotiated protocol stored in |next_proto|.
   SSLClientSocket::NextProtoStatus next_proto_status;
   std::string next_proto;
   // If the server supports NPN, the protocols supported by the server.
   std::string server_protos;
 
   // True if a channel ID was sent.
   bool channel_id_sent;
 
   // List of DER-encoded X.509 DistinguishedName of certificate authorities
   // allowed by the server.
   std::vector<std::string> cert_authorities;
 
   // Set when the handshake fully completes.
   //
   // The server certificate is first received from NSS as an NSS certificate
   // chain (|server_cert_chain|) and then converted into a platform-specific
   // X509Certificate object (|server_cert|). It's possible for some
   // certificates to be successfully parsed by NSS, and not by the platform
   // libraries (i.e.: when running within a sandbox, different parsing
   // algorithms, etc), so it's not safe to assume that |server_cert| will
   // always be non-NULL.
   PeerCertificateChain server_cert_chain;
   scoped_refptr<X509Certificate> server_cert;
+  // SignedCertificateTimestampList received via TLS extension (RFC 6962).
+  std::string sct_list_from_tls_extension;
 
   // True if the current handshake was the result of TLS session resumption.
   bool resumed_handshake;
 
   // The negotiated security parameters (TLS version, cipher, extensions) of
   // the SSL connection.
   int ssl_connection_status;
 };
 
 // Client-side error mapping functions.
@@ skipping 299 matching lines @@
   // Updates the NSS and platform specific certificates.
   void UpdateServerCert();
   // Updates the nss_handshake_state_ with the negotiated security parameters.
   void UpdateConnectionStatus();
   // Record histograms for channel id support during full handshakes - resumed
   // handshakes are ignored.
   void RecordChannelIDSupportOnNSSTaskRunner();
   // UpdateNextProto gets any application-layer protocol that may have been
   // negotiated by the TLS connection.
   void UpdateNextProto();
+  // Update the nss_handshake_state_ with SignedCertificateTimestampLists
+  // received in the handshake, via a TLS extension or (to be implemented)
+  // OCSP stapling.
+  void UpdateSignedCertTimestamps();

[wtc, 2013/11/26 17:32:55]

Nit: declare this immediately after UpdateServerCert() because they are related.

[ekasper, 2013/11/26 19:33:54]

Done.

 
   ////////////////////////////////////////////////////////////////////////////
   // Methods that are ONLY called on the network task runner:
   ////////////////////////////////////////////////////////////////////////////
   int DoBufferRecv(IOBuffer* buffer, int len);
   int DoBufferSend(IOBuffer* buffer, int len);
   int DoGetDomainBoundCert(const std::string& host);
 
   void OnGetDomainBoundCertComplete(int result);
   void OnHandshakeStateUpdated(const HandshakeState& state);
@@ skipping 872 matching lines @@
   if (rv == SECSuccess && last_handshake_resumed) {
     nss_handshake_state_.resumed_handshake = true;
   } else {
     nss_handshake_state_.resumed_handshake = false;
   }
 
   RecordChannelIDSupportOnNSSTaskRunner();
   UpdateServerCert();
   UpdateConnectionStatus();
   UpdateNextProto();
+  UpdateSignedCertTimestamps();

[wtc, 2013/11/26 17:32:55]

Nit: call this immediately after UpdateServerCert() because they are related.

[ekasper, 2013/11/26 19:33:54]

Done.

 
   // Update the network task runners view of the handshake state whenever
   // a handshake has completed.
   PostOrRunCallback(
       FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this,
                             nss_handshake_state_));
 }
 
 int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error,
                                              bool handshake_error) {
@@ skipping 845 matching lines @@
       break;
     case SSL_NEXT_PROTO_NO_SUPPORT:
       nss_handshake_state_.next_proto_status = kNextProtoUnsupported;
       break;
     default:
       NOTREACHED();
       break;
   }
 }
 
+void SSLClientSocketNSS::Core::UpdateSignedCertTimestamps() {
+  const SECItem* signed_cert_timestamps =
+      SSL_PeerSignedCertTimestamps(nss_fd_);
+
+  if (!signed_cert_timestamps || !signed_cert_timestamps->len)
+    return;
+
+  nss_handshake_state_.sct_list_from_tls_extension = std::string(
+      reinterpret_cast<char*>(signed_cert_timestamps->data),
+                              signed_cert_timestamps->len);

[wtc, 2013/11/26 17:32:55]

This should be aligned with reinterpret_cast. (I guess you want to highlight the
common "signed_cert_timestamps->" part of these two arguments.

[ekasper, 2013/11/26 19:33:54]

Done. (No reason other than my own sloppiness for the bad indent.)

+}
+
 void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNSSTaskRunner() {
   DCHECK(OnNSSTaskRunner());
   if (nss_handshake_state_.resumed_handshake)
     return;
 
   // Copy the NSS task runner-only state to the network task runner and
   // log histograms from there, since the histograms also need access to the
   // network task runner state.
   PostOrRunCallback(
       FROM_HERE,
@@ skipping 636 matching lines @@
 #ifdef SSL_ENABLE_OCSP_STAPLING
   if (IsOCSPStaplingSupported()) {
     rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
     if (rv != SECSuccess) {
       LogFailedNSSFunction(net_log_, "SSL_OptionSet",
                            "SSL_ENABLE_OCSP_STAPLING");
     }
   }
 #endif
 
+  // Chromium patch to libssl.
+  // TODO(ekasper): does this need a guard? Seems like libssl-only changes
+  // aren't guarded (ChannelID).

[wtc, 2013/11/26 17:32:55]

You can remove this whole comment. Correct, we no longer add #ifdef guard for
libssl-only changes.

[ekasper, 2013/11/26 19:33:54]

Done.

+  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                     ssl_config_.signed_cert_timestamps_enabled);
+  if (rv != SECSuccess)
+    LogFailedNSSFunction(net_log_, "SSL_OptionSet",
+                         "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS");

[wtc, 2013/11/26 17:32:55]

Add curly braces (because the if statement's body spans multiple lines).

[ekasper, 2013/11/26 19:33:54]

Done.

+
 // Chromium patch to libssl
 #ifdef SSL_ENABLE_CACHED_INFO
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO,
                      ssl_config_.cached_info_enabled);
   if (rv != SECSuccess)
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_CACHED_INFO");
 #endif
 
   rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
   if (rv != SECSuccess) {
@@ skipping 125 matching lines @@
 
 int SSLClientSocketNSS::DoHandshakeComplete(int result) {
   EnterFunction(result);
 
   if (result == OK) {
     // SSL handshake is completed. Let's verify the certificate.
     GotoState(STATE_VERIFY_CERT);
     // Done!
   }
   set_channel_id_sent(core_->state().channel_id_sent);
+  set_signed_cert_timestamps_received(
+      !core_->state().sct_list_from_tls_extension.empty());
 
   LeaveFunction(result);
   return result;
 }
 
 
 int SSLClientSocketNSS::DoVerifyCert(int result) {
   DCHECK(!core_->state().server_cert_chain.empty());
   DCHECK(core_->state().server_cert_chain[0]);
 
@@ skipping 164 matching lines @@
   EnsureThreadIdAssigned();
   base::AutoLock auto_lock(lock_);
   return valid_thread_id_ == base::PlatformThread::CurrentId();
 }
 
 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
   return server_bound_cert_service_;
 }
 
 }  // namespace net