1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 7 8 #include <string> 9 10 #include "base/compiler_specific.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "base/memory/weak_ptr.h" 13 #include "net/base/completion_callback.h" 14 #include "net/base/io_buffer.h" 15 #include "net/cert/cert_verify_result.h" 16 #include "net/cert/ct_verify_result.h" 17 #include "net/socket/client_socket_handle.h" 18 #include "net/socket/ssl_client_socket.h" 19 #include "net/ssl/channel_id_service.h" 20 #include "net/ssl/ssl_client_cert_type.h" 21 #include "net/ssl/ssl_config_service.h" 22 23 // Avoid including misc OpenSSL headers, i.e.: 24 // <openssl/bio.h> 25 typedef struct bio_st BIO; 26 // <openssl/evp.h> 27 typedef struct evp_pkey_st EVP_PKEY; 28 // <openssl/ssl.h> 29 typedef struct ssl_st SSL; 30 // <openssl/x509.h> 31 typedef struct x509_st X509; 32 // <openssl/ossl_type.h> 33 typedef struct x509_store_ctx_st X509_STORE_CTX; 34 35 namespace net { 36 37 class CertVerifier; 38 class CTVerifier; 39 class SingleRequestCertVerifier; 40 class SSLCertRequestInfo; 41 class SSLInfo; 42 43 // An SSL client socket implemented with OpenSSL. 44 class SSLClientSocketOpenSSL : public SSLClientSocket { 45 public: 46 // Takes ownership of the transport_socket, which may already be connected. 47 // The given hostname will be compared with the name(s) in the server's 48 // certificate during the SSL handshake. ssl_config specifies the SSL 49 // settings. 50 SSLClientSocketOpenSSL(scoped_ptr<ClientSocketHandle> transport_socket, 51 const HostPortPair& host_and_port, 52 const SSLConfig& ssl_config, 53 const SSLClientSocketContext& context); 54 virtual ~SSLClientSocketOpenSSL(); 55 host_and_port()56 const HostPortPair& host_and_port() const { return host_and_port_; } ssl_session_cache_shard()57 const std::string& ssl_session_cache_shard() const { 58 return ssl_session_cache_shard_; 59 } 60 61 // SSLClientSocket implementation. 62 virtual std::string GetSessionCacheKey() const OVERRIDE; 63 virtual bool InSessionCache() const OVERRIDE; 64 virtual void SetHandshakeCompletionCallback( 65 const base::Closure& callback) OVERRIDE; 66 virtual void GetSSLCertRequestInfo( 67 SSLCertRequestInfo* cert_request_info) OVERRIDE; 68 virtual NextProtoStatus GetNextProto(std::string* proto) OVERRIDE; 69 virtual ChannelIDService* GetChannelIDService() const OVERRIDE; 70 71 // SSLSocket implementation. 72 virtual int ExportKeyingMaterial(const base::StringPiece& label, 73 bool has_context, 74 const base::StringPiece& context, 75 unsigned char* out, 76 unsigned int outlen) OVERRIDE; 77 virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; 78 79 // StreamSocket implementation. 80 virtual int Connect(const CompletionCallback& callback) OVERRIDE; 81 virtual void Disconnect() OVERRIDE; 82 virtual bool IsConnected() const OVERRIDE; 83 virtual bool IsConnectedAndIdle() const OVERRIDE; 84 virtual int GetPeerAddress(IPEndPoint* address) const OVERRIDE; 85 virtual int GetLocalAddress(IPEndPoint* address) const OVERRIDE; 86 virtual const BoundNetLog& NetLog() const OVERRIDE; 87 virtual void SetSubresourceSpeculation() OVERRIDE; 88 virtual void SetOmniboxSpeculation() OVERRIDE; 89 virtual bool WasEverUsed() const OVERRIDE; 90 virtual bool UsingTCPFastOpen() const OVERRIDE; 91 virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE; 92 93 // Socket implementation. 94 virtual int Read(IOBuffer* buf, int buf_len, 95 const CompletionCallback& callback) OVERRIDE; 96 virtual int Write(IOBuffer* buf, int buf_len, 97 const CompletionCallback& callback) OVERRIDE; 98 virtual int SetReceiveBufferSize(int32 size) OVERRIDE; 99 virtual int SetSendBufferSize(int32 size) OVERRIDE; 100 101 protected: 102 // SSLClientSocket implementation. 103 virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain() 104 const OVERRIDE; 105 106 private: 107 class PeerCertificateChain; 108 class SSLContext; 109 friend class SSLClientSocket; 110 friend class SSLContext; 111 112 int Init(); 113 void DoReadCallback(int result); 114 void DoWriteCallback(int result); 115 116 void OnHandshakeCompletion(); 117 118 bool DoTransportIO(); 119 int DoHandshake(); 120 int DoChannelIDLookup(); 121 int DoChannelIDLookupComplete(int result); 122 int DoVerifyCert(int result); 123 int DoVerifyCertComplete(int result); 124 void DoConnectCallback(int result); 125 void UpdateServerCert(); 126 void VerifyCT(); 127 128 void OnHandshakeIOComplete(int result); 129 void OnSendComplete(int result); 130 void OnRecvComplete(int result); 131 132 int DoHandshakeLoop(int last_io_result); 133 int DoReadLoop(); 134 int DoWriteLoop(); 135 int DoPayloadRead(); 136 int DoPayloadWrite(); 137 138 int BufferSend(); 139 int BufferRecv(); 140 void BufferSendComplete(int result); 141 void BufferRecvComplete(int result); 142 void TransportWriteComplete(int result); 143 int TransportReadComplete(int result); 144 145 // Callback from the SSL layer that indicates the remote server is requesting 146 // a certificate for this client. 147 int ClientCertRequestCallback(SSL* ssl); 148 149 // CertVerifyCallback is called to verify the server's certificates. We do 150 // verification after the handshake so this function only enforces that the 151 // certificates don't change during renegotiation. 152 int CertVerifyCallback(X509_STORE_CTX *store_ctx); 153 154 // Callback from the SSL layer to check which NPN protocol we are supporting 155 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, 156 const unsigned char* in, unsigned int inlen); 157 158 // Called during an operation on |transport_bio_|'s peer. Checks saved 159 // transport error state and, if appropriate, returns an error through 160 // OpenSSL's error system. 161 long MaybeReplayTransportError(BIO *bio, 162 int cmd, 163 const char *argp, int argi, long argl, 164 long retvalue); 165 166 // Callback from the SSL layer when an operation is performed on 167 // |transport_bio_|'s peer. 168 static long BIOCallback(BIO *bio, 169 int cmd, 170 const char *argp, int argi, long argl, 171 long retvalue); 172 173 // Callback that is used to obtain information about the state of the SSL 174 // handshake. 175 static void InfoCallback(const SSL* ssl, int type, int val); 176 177 void CheckIfHandshakeFinished(); 178 179 // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|. 180 // SCTs are held in three separate vectors in ct_verify_result, each 181 // vetor representing a particular verification state, this method associates 182 // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to 183 // the |ssl_info|.signed_certificate_timestamps list. 184 void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const; 185 186 bool transport_send_busy_; 187 bool transport_recv_busy_; 188 189 scoped_refptr<DrainableIOBuffer> send_buffer_; 190 scoped_refptr<IOBuffer> recv_buffer_; 191 192 CompletionCallback user_connect_callback_; 193 CompletionCallback user_read_callback_; 194 CompletionCallback user_write_callback_; 195 196 // Used by Read function. 197 scoped_refptr<IOBuffer> user_read_buf_; 198 int user_read_buf_len_; 199 200 // Used by Write function. 201 scoped_refptr<IOBuffer> user_write_buf_; 202 int user_write_buf_len_; 203 204 // Used by DoPayloadRead() when attempting to fill the caller's buffer with 205 // as much data as possible without blocking. 206 // If DoPayloadRead() encounters an error after having read some data, stores 207 // the result to return on the *next* call to DoPayloadRead(). A value > 0 208 // indicates there is no pending result, otherwise 0 indicates EOF and < 0 209 // indicates an error. 210 int pending_read_error_; 211 212 // Used by TransportReadComplete() to signify an error reading from the 213 // transport socket. A value of OK indicates the socket is still 214 // readable. EOFs are mapped to ERR_CONNECTION_CLOSED. 215 int transport_read_error_; 216 217 // Used by TransportWriteComplete() and TransportReadComplete() to signify an 218 // error writing to the transport socket. A value of OK indicates no error. 219 int transport_write_error_; 220 221 // Set when Connect finishes. 222 scoped_ptr<PeerCertificateChain> server_cert_chain_; 223 scoped_refptr<X509Certificate> server_cert_; 224 CertVerifyResult server_cert_verify_result_; 225 bool completed_connect_; 226 227 // Set when Read() or Write() successfully reads or writes data to or from the 228 // network. 229 bool was_ever_used_; 230 231 // Stores client authentication information between ClientAuthHandler and 232 // GetSSLCertRequestInfo calls. 233 bool client_auth_cert_needed_; 234 // List of DER-encoded X.509 DistinguishedName of certificate authorities 235 // allowed by the server. 236 std::vector<std::string> cert_authorities_; 237 // List of SSLClientCertType values for client certificates allowed by the 238 // server. 239 std::vector<SSLClientCertType> cert_key_types_; 240 241 CertVerifier* const cert_verifier_; 242 scoped_ptr<SingleRequestCertVerifier> verifier_; 243 base::TimeTicks start_cert_verification_time_; 244 245 // Certificate Transparency: Verifier and result holder. 246 ct::CTVerifyResult ct_verify_result_; 247 CTVerifier* cert_transparency_verifier_; 248 249 // The service for retrieving Channel ID keys. May be NULL. 250 ChannelIDService* channel_id_service_; 251 252 // Callback that is invoked when the connection finishes. 253 // 254 // Note: this callback will be run in Disconnect(). It will not alter 255 // any member variables of the SSLClientSocketOpenSSL. 256 base::Closure handshake_completion_callback_; 257 258 // OpenSSL stuff 259 SSL* ssl_; 260 BIO* transport_bio_; 261 262 scoped_ptr<ClientSocketHandle> transport_; 263 const HostPortPair host_and_port_; 264 SSLConfig ssl_config_; 265 // ssl_session_cache_shard_ is an opaque string that partitions the SSL 266 // session cache. i.e. sessions created with one value will not attempt to 267 // resume on the socket with a different value. 268 const std::string ssl_session_cache_shard_; 269 270 // Used for session cache diagnostics. 271 bool trying_cached_session_; 272 273 enum State { 274 STATE_NONE, 275 STATE_HANDSHAKE, 276 STATE_CHANNEL_ID_LOOKUP, 277 STATE_CHANNEL_ID_LOOKUP_COMPLETE, 278 STATE_VERIFY_CERT, 279 STATE_VERIFY_CERT_COMPLETE, 280 }; 281 State next_handshake_state_; 282 NextProtoStatus npn_status_; 283 std::string npn_proto_; 284 // Written by the |channel_id_service_|. 285 std::string channel_id_private_key_; 286 std::string channel_id_cert_; 287 // True if channel ID extension was negotiated. 288 bool channel_id_xtn_negotiated_; 289 // True if InfoCallback has been run with result = SSL_CB_HANDSHAKE_DONE. 290 bool handshake_succeeded_; 291 // True if MarkSSLSessionAsGood has been called for this socket's 292 // SSL session. 293 bool marked_session_as_good_; 294 // The request handle for |channel_id_service_|. 295 ChannelIDService::RequestHandle channel_id_request_handle_; 296 297 TransportSecurityState* transport_security_state_; 298 299 // pinning_failure_log contains a message produced by 300 // TransportSecurityState::CheckPublicKeyPins in the event of a 301 // pinning failure. It is a (somewhat) human-readable string. 302 std::string pinning_failure_log_; 303 304 BoundNetLog net_log_; 305 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_; 306 }; 307 308 } // namespace net 309 310 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 311