diff options
| author | rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-31 18:32:19 +0000 |
|---|---|---|
| committer | rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-07-31 18:32:19 +0000 |
| commit | 81ec7c1ae4386bed9725468d63f18a0e7b6e1241 (patch) | |
| tree | c1157660feeb2e21d12b3849dbdde8af97747d35 /net/socket | |
| parent | 96621a74188115fd95911f2ec2a941cd79e5d8da (diff) | |
| download | chromium_src-81ec7c1ae4386bed9725468d63f18a0e7b6e1241.zip chromium_src-81ec7c1ae4386bed9725468d63f18a0e7b6e1241.tar.gz chromium_src-81ec7c1ae4386bed9725468d63f18a0e7b6e1241.tar.bz2 | |
Add a new GetTlsUniqueChannelBinding method to SSLSocket, and implement nss version.
BUG=139700
Review URL: https://chromiumcodereview.appspot.com/10823084
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149231 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/socket_test_util.cc | 5 | ||||
| -rw-r--r-- | net/socket/socket_test_util.h | 1 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_mac.cc | 4 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_mac.h | 9 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 16 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.h | 7 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 4 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_openssl.h | 9 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_win.cc | 4 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_win.h | 9 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket_nss.cc | 16 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket_nss.h | 3 | ||||
| -rw-r--r-- | net/socket/ssl_socket.h | 3 |
13 files changed, 79 insertions, 11 deletions
diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc index 9a8a638..5b6d05f 100644 --- a/net/socket/socket_test_util.cc +++ b/net/socket/socket_test_util.cc @@ -745,6 +745,11 @@ int MockClientSocket::ExportKeyingMaterial(const base::StringPiece& label, return OK; } +int MockClientSocket::GetTLSUniqueChannelBinding(std::string* out) { + out->assign("MOCK_TLSUNIQ"); + return OK; +} + ServerBoundCertService* MockClientSocket::GetServerBoundCertService() const { NOTREACHED(); return NULL; diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h index 7087640..6cbd4d5 100644 --- a/net/socket/socket_test_util.h +++ b/net/socket/socket_test_util.h @@ -619,6 +619,7 @@ class MockClientSocket : public SSLClientSocket { const base::StringPiece& context, unsigned char* out, unsigned int outlen) OVERRIDE; + virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; virtual NextProtoStatus GetNextProto(std::string* proto, std::string* server_protos) OVERRIDE; virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc index ff43849..fb2e97a 100644 --- a/net/socket/ssl_client_socket_mac.cc +++ b/net/socket/ssl_client_socket_mac.cc @@ -789,6 +789,10 @@ int SSLClientSocketMac::ExportKeyingMaterial(const base::StringPiece& label, return ERR_NOT_IMPLEMENTED; } +int SSLClientSocketMac::GetTLSUniqueChannelBinding(std::string* out) { + return ERR_NOT_IMPLEMENTED; +} + SSLClientSocket::NextProtoStatus SSLClientSocketMac::GetNextProto(std::string* proto, std::string* server_protos) { diff --git a/net/socket/ssl_client_socket_mac.h b/net/socket/ssl_client_socket_mac.h index d7ced45..a3d91f8 100644 --- a/net/socket/ssl_client_socket_mac.h +++ b/net/socket/ssl_client_socket_mac.h @@ -42,14 +42,17 @@ class SSLClientSocketMac : public SSLClientSocket { // SSLClientSocket implementation. virtual void GetSSLCertRequestInfo( SSLCertRequestInfo* cert_request_info) OVERRIDE; + virtual NextProtoStatus GetNextProto(std::string* proto, + std::string* server_protos) OVERRIDE; + virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; + + // SSLSocket implementation. virtual int ExportKeyingMaterial(const base::StringPiece& label, bool has_context, const base::StringPiece& context, unsigned char* out, unsigned int outlen) OVERRIDE; - virtual NextProtoStatus GetNextProto(std::string* proto, - std::string* server_protos) OVERRIDE; - virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; + virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; // StreamSocket implementation. virtual int Connect(const CompletionCallback& callback) OVERRIDE; diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 9d0eea2..46facf1 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -2824,6 +2824,22 @@ int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, return OK; } +int SSLClientSocketNSS::GetTLSUniqueChannelBinding(std::string* out) { + if (!IsConnected()) + return ERR_SOCKET_NOT_CONNECTED; + unsigned char buf[64]; + unsigned int len; + SECStatus result = SSL_GetChannelBinding(nss_fd_, + SSL_CHANNEL_BINDING_TLS_UNIQUE, + buf, &len, arraysize(buf)); + if (result != SECSuccess) { + LogFailedNSSFunction(net_log_, "SSL_GetChannelBinding", ""); + return MapNSSError(PORT_GetError()); + } + out->assign(reinterpret_cast<char*>(buf), len); + return OK; +} + SSLClientSocket::NextProtoStatus SSLClientSocketNSS::GetNextProto(std::string* proto, std::string* server_protos) { diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index 434b7c6..ba34a2c 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -68,13 +68,16 @@ class SSLClientSocketNSS : public SSLClientSocket { // SSLClientSocket implementation. virtual void GetSSLCertRequestInfo( SSLCertRequestInfo* cert_request_info) OVERRIDE; + virtual NextProtoStatus GetNextProto(std::string* proto, + std::string* server_protos) OVERRIDE; + + // SSLSocket implementation. virtual int ExportKeyingMaterial(const base::StringPiece& label, bool has_context, const base::StringPiece& context, unsigned char* out, unsigned int outlen) OVERRIDE; - virtual NextProtoStatus GetNextProto(std::string* proto, - std::string* server_protos) OVERRIDE; + virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; // StreamSocket implementation. virtual int Connect(const CompletionCallback& callback) OVERRIDE; diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 85d0d65..8bdbfd1 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -663,6 +663,10 @@ int SSLClientSocketOpenSSL::ExportKeyingMaterial( return OK; } +int SSLClientSocketOpenSSL::GetTLSUniqueChannelBinding(std::string* out) { + return ERR_NOT_IMPLEMENTED; +} + SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( std::string* proto, std::string* server_protos) { *proto = npn_proto_; diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h index d113f82..dccdb32 100644 --- a/net/socket/ssl_client_socket_openssl.h +++ b/net/socket/ssl_client_socket_openssl.h @@ -57,14 +57,17 @@ class SSLClientSocketOpenSSL : public SSLClientSocket { // SSLClientSocket implementation. virtual void GetSSLCertRequestInfo( SSLCertRequestInfo* cert_request_info) OVERRIDE; + virtual NextProtoStatus GetNextProto(std::string* proto, + std::string* server_protos) OVERRIDE; + virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; + + // SSLSocket implementation. virtual int ExportKeyingMaterial(const base::StringPiece& label, bool has_context, const base::StringPiece& context, unsigned char* out, unsigned int outlen) OVERRIDE; - virtual NextProtoStatus GetNextProto(std::string* proto, - std::string* server_protos) OVERRIDE; - virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; + virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; // StreamSocket implementation. virtual int Connect(const CompletionCallback& callback) OVERRIDE; diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc index d997380..1bf8334 100644 --- a/net/socket/ssl_client_socket_win.cc +++ b/net/socket/ssl_client_socket_win.cc @@ -554,6 +554,10 @@ int SSLClientSocketWin::ExportKeyingMaterial(const base::StringPiece& label, return ERR_NOT_IMPLEMENTED; } +int SSLClientSocketWin::GetTLSUniqueChannelBinding(std::string* out) { + return ERR_NOT_IMPLEMENTED; +} + SSLClientSocket::NextProtoStatus SSLClientSocketWin::GetNextProto(std::string* proto, std::string* server_protos) { diff --git a/net/socket/ssl_client_socket_win.h b/net/socket/ssl_client_socket_win.h index f5c0a4d..0877cbc 100644 --- a/net/socket/ssl_client_socket_win.h +++ b/net/socket/ssl_client_socket_win.h @@ -46,14 +46,17 @@ class SSLClientSocketWin : public SSLClientSocket { // SSLClientSocket implementation. virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); + virtual NextProtoStatus GetNextProto(std::string* proto, + std::string* server_protos); + virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; + + // SSLSocket implementation. virtual int ExportKeyingMaterial(const base::StringPiece& label, bool has_context, const base::StringPiece& context, unsigned char* out, unsigned int outlen); - virtual NextProtoStatus GetNextProto(std::string* proto, - std::string* server_protos); - virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; + virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; // StreamSocket implementation. virtual int Connect(const CompletionCallback& callback) OVERRIDE; diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc index 591b847..7203881 100644 --- a/net/socket/ssl_server_socket_nss.cc +++ b/net/socket/ssl_server_socket_nss.cc @@ -171,6 +171,22 @@ int SSLServerSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, return OK; } +int SSLServerSocketNSS::GetTLSUniqueChannelBinding(std::string* out) { + if (!IsConnected()) + return ERR_SOCKET_NOT_CONNECTED; + unsigned char buf[64]; + unsigned int len; + SECStatus result = SSL_GetChannelBinding(nss_fd_, + SSL_CHANNEL_BINDING_TLS_UNIQUE, + buf, &len, arraysize(buf)); + if (result != SECSuccess) { + LogFailedNSSFunction(net_log_, "SSL_GetChannelBinding", ""); + return MapNSSError(PORT_GetError()); + } + out->assign(reinterpret_cast<char*>(buf), len); + return OK; +} + int SSLServerSocketNSS::Connect(const CompletionCallback& callback) { NOTIMPLEMENTED(); return ERR_NOT_IMPLEMENTED; diff --git a/net/socket/ssl_server_socket_nss.h b/net/socket/ssl_server_socket_nss.h index ba55649..bc4239a 100644 --- a/net/socket/ssl_server_socket_nss.h +++ b/net/socket/ssl_server_socket_nss.h @@ -32,11 +32,14 @@ class SSLServerSocketNSS : public SSLServerSocket { // SSLServerSocket interface. virtual int Handshake(const CompletionCallback& callback) OVERRIDE; + + // SSLSocket interface. virtual int ExportKeyingMaterial(const base::StringPiece& label, bool has_context, const base::StringPiece& context, unsigned char* out, unsigned int outlen) OVERRIDE; + virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; // Socket interface (via StreamSocket). virtual int Read(IOBuffer* buf, int buf_len, diff --git a/net/socket/ssl_socket.h b/net/socket/ssl_socket.h index bd063a4..86c03db 100644 --- a/net/socket/ssl_socket.h +++ b/net/socket/ssl_socket.h @@ -27,6 +27,9 @@ public: const base::StringPiece& context, unsigned char* out, unsigned int outlen) = 0; + + // Stores the the tls-unique channel binding (see RFC 5929) in |*out|. + virtual int GetTLSUniqueChannelBinding(std::string* out) = 0; }; } // namespace net |