Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Side by Side Diff: net/third_party/nss/patches/channelid.patch

Issue 10424013: Support TLS Channel IDs in NSS (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Update error messages Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/SSLerrs.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff --git a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs .h
2 index e3f9a1c..2d92514 100644
3 --- a/net/third_party/nss/ssl/SSLerrs.h
4 +++ b/net/third_party/nss/ssl/SSLerrs.h
5 @@ -429,3 +429,12 @@ ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR _BASE + 122),
6
7 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123),
8 "SSL received an unexpected Hello Verify Request handshake message.")
9 +
10 +ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 124),
11 +"SSL received a malformed TLS Channel ID extension.")
12 +
13 +ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 125),
14 +"The application provided an invalid TLS Channel ID key.")
15 +
16 +ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 126),
17 +"The application could not get a TLS Channel ID.")
18 diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
19 index 1368e2f..3d8fdcb 100644
20 --- a/net/third_party/nss/ssl/ssl.h
21 +++ b/net/third_party/nss/ssl/ssl.h
22 @@ -945,6 +945,25 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFil eDesc * socket,
23 SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
24 PRBool *last_handshake_resumed );
25
26 +/* See SSL_SetClientChannelIDCallback for usage. The callback must return
27 + * SECFailure or SECSuccess (not SECWouldBlock). On SECSuccess, the callback
28 + * must have written a P-256, EC key pair to |*out_public_key| and
29 + * |*out_private_key|. */
30 +typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)(
31 + void *arg,
32 + PRFileDesc *fd,
33 + SECKEYPublicKey **out_public_key,
34 + SECKEYPrivateKey **out_private_key);
35 +
36 +/* SSL_SetClientChannelIDCallback sets a callback function that will be called
37 + * just before a Channel ID is sent. This is only applicable to a client socket
38 + * and setting this callback causes the TLS Channel ID extension to be
39 + * advertised. */
40 +SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
41 + PRFileDesc *fd,
42 + SSLClientChannelIDCallback callback,
43 + void *arg);
44 +
45 /*
46 ** How long should we wait before retransmitting the next flight of
47 ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
48 diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con .c
49 index db9fad3..f714a98 100644
50 --- a/net/third_party/nss/ssl/ssl3con.c
51 +++ b/net/third_party/nss/ssl/ssl3con.c
52 @@ -86,6 +86,7 @@ static SECStatus ssl3_SendCertificate( sslSocket *ss);
53 static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
54 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
55 static SECStatus ssl3_SendNextProto( sslSocket *ss);
56 +static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss);
57 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
58 static SECStatus ssl3_SendServerHello( sslSocket *ss);
59 static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
60 @@ -6239,6 +6240,10 @@ ssl3_SendClientSecondRound(sslSocket *ss)
61 goto loser; /* err code was set. */
62 }
63 }
64 + rv = ssl3_SendEncryptedExtensions(ss);
65 + if (rv != SECSuccess) {
66 + goto loser; /* err code was set. */
67 + }
68
69 rv = ssl3_SendFinished(ss, 0);
70 if (rv != SECSuccess) {
71 @@ -8855,6 +8860,130 @@ ssl3_SendNextProto(sslSocket *ss)
72 return rv;
73 }
74
75 +/* called from ssl3_SendClientSecondRound
76 + * ssl3_HandleFinished
77 + */
78 +static SECStatus
79 +ssl3_SendEncryptedExtensions(sslSocket *ss)
80 +{
81 + static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature";
82 + /* This is the ASN.1 prefix for a P-256 public key. Specifically it's:
83 + * SEQUENCE
84 + * SEQUENCE
85 + * OID id-ecPublicKey
86 + * OID prime256v1
87 + * BIT STRING, length 66, 0 trailing bits: 0x04
88 + *
89 + * The 0x04 in the BIT STRING is the prefix for an uncompressed, X9.62
90 + * public key. Following that are the two field elements as 32-byte,
91 + * big-endian numbers, as required by the Channel ID. */
92 + static const unsigned char P256_SPKI_PREFIX[] = {
93 + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
94 + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
95 + 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
96 + 0x42, 0x00, 0x04
97 + };
98 + /* ChannelIDs are always 128 bytes long: 64 bytes of P-256 public key and 6 4
99 + * bytes of ECDSA signature. */
100 + static const int CHANNEL_ID_PUBLIC_KEY_LENGTH = 64;
101 + static const int CHANNEL_ID_LENGTH = 128;
102 +
103 + SECStatus rv = SECFailure;
104 + SECItem *spki = NULL;
105 + SSL3Hashes hashes;
106 + const unsigned char *pub_bytes;
107 + unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)];
108 + unsigned char digest[SHA256_LENGTH];
109 + SECItem digest_item;
110 + unsigned char signature[64];
111 + SECItem signature_item;
112 + SECKEYPrivateKey *channelID = NULL;
113 + SECKEYPublicKey *channelIDPub = NULL;
114 +
115 + PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
116 + PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
117 +
118 + if (ss->getChannelID == NULL ||
119 + !ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
120 + return SECSuccess;
121 + }
122 +
123 + rv = ss->getChannelID(ss->getChannelIDArg, ss->fd,
124 + &channelIDPub, &channelID);
125 + if (rv != SECSuccess) {
126 + PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED);
127 + goto loser;
128 + }
129 +
130 + if (SECKEY_GetPrivateKeyType(channelID) != ecKey ||
131 + PK11_SignatureLen(channelID) != sizeof(signature)) {
132 + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
133 + rv = SECFailure;
134 + goto loser;
135 + }
136 +
137 + ssl_GetSpecReadLock(ss);
138 + rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
139 + ssl_ReleaseSpecReadLock(ss);
140 +
141 + if (rv != SECSuccess)
142 + goto loser;
143 +
144 + rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions,
145 + 2 + 2 + CHANNEL_ID_LENGTH);
146 + if (rv != SECSuccess)
147 + goto loser; /* error code set by AppendHandshakeHeader */
148 + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
149 + if (rv != SECSuccess)
150 + goto loser; /* error code set by AppendHandshake */
151 + rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2);
152 + if (rv != SECSuccess)
153 + goto loser; /* error code set by AppendHandshake */
154 +
155 + spki = SECKEY_EncodeDERSubjectPublicKeyInfo(channelIDPub);
156 +
157 + if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH ||
158 + memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) {
159 + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
160 + rv = SECFailure;
161 + goto loser;
162 + }
163 +
164 + pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX);
165 +
166 + memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC));
167 + memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes));
168 +
169 + rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data)) ;
170 + if (rv != SECSuccess)
171 + goto loser;
172 +
173 + digest_item.data = digest;
174 + digest_item.len = sizeof(digest);
175 +
176 + signature_item.data = signature;
177 + signature_item.len = sizeof(signature);
178 +
179 + rv = PK11_Sign(channelID, &signature_item, &digest_item);
180 + if (rv != SECSuccess)
181 + goto loser;
182 +
183 + rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH);
184 + if (rv != SECSuccess)
185 + goto loser;
186 + rv = ssl3_AppendHandshake(ss, signature, sizeof(signature));
187 +
188 +loser:
189 + if (spki)
190 + SECITEM_FreeItem(spki, PR_TRUE);
191 + if (channelID)
192 + SECKEY_DestroyPrivateKey(channelID);
193 + if (channelIDPub)
194 + SECKEY_DestroyPublicKey(channelIDPub);
195 +
196 + return rv;
197 +}
198 +
199 /* called from ssl3_HandleServerHelloDone
200 * ssl3_HandleClientHello
201 * ssl3_HandleFinished
202 @@ -9105,11 +9234,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint 32 length,
203 flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
204 }
205
206 - if (!isServer && !ss->firstHsDone) {
207 - rv = ssl3_SendNextProto(ss);
208 - if (rv != SECSuccess) {
209 - goto xmit_loser; /* err code was set. */
210 + if (!isServer) {
211 + if (!ss->firstHsDone) {
212 + rv = ssl3_SendNextProto(ss);
213 + if (rv != SECSuccess) {
214 + goto xmit_loser; /* err code was set. */
215 + }
216 }
217 + rv = ssl3_SendEncryptedExtensions(ss);
218 + if (rv != SECSuccess)
219 + goto xmit_loser; /* err code was set. */
220 }
221
222 if (IS_DTLS(ss)) {
223 diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext .c
224 index b9fd6e7..029487e 100644
225 --- a/net/third_party/nss/ssl/ssl3ext.c
226 +++ b/net/third_party/nss/ssl/ssl3ext.c
227 @@ -80,10 +80,14 @@ static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket * ss,
228 PRUint16 ex_type, SECItem *data);
229 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
230 PRUint16 ex_type, SECItem *data);
231 +static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss,
232 + PRUint16 ex_type, SECItem *data);
233 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
234 PRUint16 ex_type, SECItem *data);
235 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
236 PRUint32 maxBytes);
237 +static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
238 + PRUint32 maxBytes);
239
240 /*
241 * Write bytes. Using this function means the SECItem structure
242 @@ -253,6 +257,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTL S[] = {
243 { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
244 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
245 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
246 + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
247 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
248 { -1, NULL }
249 };
250 @@ -278,6 +283,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTEN SIONS] = {
251 #endif
252 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
253 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
254 + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
255 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
256 /* any extra entries will appear as { 0, NULL } */
257 };
258 @@ -668,6 +674,52 @@ loser:
259 return -1;
260 }
261
262 +static SECStatus
263 +ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
264 + SECItem *data)
265 +{
266 + PORT_Assert(ss->getChannelID != NULL);
267 +
268 + if (data->len) {
269 + PORT_SetError(SSL_ERROR_BAD_CHANNEL_ID_DATA);
270 + return SECFailure;
271 + }
272 + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
273 + return SECSuccess;
274 +}
275 +
276 +static PRInt32
277 +ssl3_ClientSendChannelIDXtn(sslSocket * ss, PRBool append,
278 + PRUint32 maxBytes)
279 +{
280 + PRInt32 extension_length = 4;
281 +
282 + if (!ss->getChannelID)
283 + return 0;
284 +
285 + if (maxBytes < extension_length) {
286 + PORT_Assert(0);
287 + return 0;
288 + }
289 +
290 + if (append) {
291 + SECStatus rv;
292 + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
293 + if (rv != SECSuccess)
294 + goto loser;
295 + rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
296 + if (rv != SECSuccess)
297 + goto loser;
298 + ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
299 + ssl_channel_id_xtn;
300 + }
301 +
302 + return extension_length;
303 +
304 +loser:
305 + return -1;
306 +}
307 +
308 SECStatus
309 ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
310 SECItem *data)
311 diff --git a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3pr ot.h
312 index 550c341..11f9624 100644
313 --- a/net/third_party/nss/ssl/ssl3prot.h
314 +++ b/net/third_party/nss/ssl/ssl3prot.h
315 @@ -163,7 +163,8 @@ typedef enum {
316 client_key_exchange = 16,
317 finished = 20,
318 certificate_status = 22,
319 - next_proto = 67
320 + next_proto = 67,
321 + encrypted_extensions= 203
322 } SSL3HandshakeType;
323
324 typedef struct {
325 diff --git a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth .c
326 index 8ccd1a4..e8b4acb 100644
327 --- a/net/third_party/nss/ssl/sslauth.c
328 +++ b/net/third_party/nss/ssl/sslauth.c
329 @@ -251,6 +251,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthDa ta func,
330 return SECSuccess;
331 }
332
333 +SECStatus
334 +SSL_SetClientChannelIDCallback(PRFileDesc *fd,
335 + SSLClientChannelIDCallback callback,
336 + void *arg) {
337 + sslSocket *ss = ssl_FindSocket(fd);
338 +
339 + if (!ss) {
340 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetClientChannelIDCallback",
341 + SSL_GETPID(), fd));
342 + return SECFailure;
343 + }
344 +
345 + ss->getChannelID = callback;
346 + ss->getChannelIDArg = arg;
347 +
348 + return SECSuccess;
349 +}
350 +
351 #ifdef NSS_PLATFORM_CLIENT_AUTH
352 /* NEED LOCKS IN HERE. */
353 SECStatus
354 diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
355 index 9d3bebc..53c897c 100644
356 --- a/net/third_party/nss/ssl/sslerr.h
357 +++ b/net/third_party/nss/ssl/sslerr.h
358 @@ -218,6 +218,10 @@ SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 121),
359 SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122),
360 SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123),
361
362 +SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 124),
363 +SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 125),
364 +SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 126),
365 +
366 SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
367 } SSLErrorCodes;
368 #endif /* NO_SECURITY_ERROR_ENUM */
369 diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl .h
370 index 8ab865a..7cd2298 100644
371 --- a/net/third_party/nss/ssl/sslimpl.h
372 +++ b/net/third_party/nss/ssl/sslimpl.h
373 @@ -1198,6 +1198,8 @@ const unsigned char * preferredCipher;
374 void *pkcs11PinArg;
375 SSLNextProtoCallback nextProtoCallback;
376 void *nextProtoArg;
377 + SSLClientChannelIDCallback getChannelID;
378 + void *getChannelIDArg;
379
380 PRIntervalTime rTimeout; /* timeout for NSPR I/O */
381 PRIntervalTime wTimeout; /* timeout for NSPR I/O */
382 diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock .c
383 index ebc245a..9498828 100644
384 --- a/net/third_party/nss/ssl/sslsock.c
385 +++ b/net/third_party/nss/ssl/sslsock.c
386 @@ -374,6 +374,8 @@ ssl_DupSocket(sslSocket *os)
387 ss->handshakeCallback = os->handshakeCallback;
388 ss->handshakeCallbackData = os->handshakeCallbackData;
389 ss->pkcs11PinArg = os->pkcs11PinArg;
390 + ss->getChannelID = os->getChannelID;
391 + ss->getChannelIDArg = os->getChannelIDArg;
392
393 /* Create security data */
394 rv = ssl_CopySecurityInfo(ss, os);
395 @@ -1688,6 +1690,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
396 ss->handshakeCallbackData = sm->handshakeCallbackData;
397 if (sm->pkcs11PinArg)
398 ss->pkcs11PinArg = sm->pkcs11PinArg;
399 + if (sm->getChannelID)
400 + ss->getChannelID = sm->getChannelID;
401 + if (sm->getChannelIDArg)
402 + ss->getChannelIDArg = sm->getChannelIDArg;
403 return fd;
404 loser:
405 return NULL;
406 @@ -2938,6 +2944,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protoco lVariant)
407 ss->handleBadCert = NULL;
408 ss->badCertArg = NULL;
409 ss->pkcs11PinArg = NULL;
410 + ss->getChannelID = NULL;
411 + ss->getChannelIDArg = NULL;
412
413 ssl_ChooseOps(ss);
414 ssl2_InitSocketPolicy(ss);
415 diff --git a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h
416 index 0636570..978b1cb 100644
417 --- a/net/third_party/nss/ssl/sslt.h
418 +++ b/net/third_party/nss/ssl/sslt.h
419 @@ -215,9 +215,10 @@ typedef enum {
420 #endif
421 ssl_session_ticket_xtn = 35,
422 ssl_next_proto_nego_xtn = 13172,
423 + ssl_channel_id_xtn = 30031,
424 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
425 } SSLExtensionType;
426
427 -#define SSL_MAX_EXTENSIONS 7
428 +#define SSL_MAX_EXTENSIONS 8
429
430 #endif /* __sslt_h_ */
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/SSLerrs.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698