1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
6#define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
7
8#include <string>
9
10#include "base/compiler_specific.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/memory/weak_ptr.h"
13#include "net/base/completion_callback.h"
14#include "net/base/io_buffer.h"
15#include "net/cert/cert_verify_result.h"
16#include "net/cert/ct_verify_result.h"
17#include "net/socket/client_socket_handle.h"
18#include "net/socket/ssl_client_socket.h"
19#include "net/ssl/channel_id_service.h"
20#include "net/ssl/ssl_client_cert_type.h"
21#include "net/ssl/ssl_config_service.h"
22
23// Avoid including misc OpenSSL headers, i.e.:
24// <openssl/bio.h>
25typedef struct bio_st BIO;
26// <openssl/evp.h>
27typedef struct evp_pkey_st EVP_PKEY;
28// <openssl/ssl.h>
29typedef struct ssl_st SSL;
30// <openssl/x509.h>
31typedef struct x509_st X509;
32// <openssl/ossl_type.h>
33typedef struct x509_store_ctx_st X509_STORE_CTX;
34
35namespace net {
36
37class CertVerifier;
38class CTVerifier;
39class SingleRequestCertVerifier;
40class SSLCertRequestInfo;
41class SSLInfo;
42
43// An SSL client socket implemented with OpenSSL.
44class SSLClientSocketOpenSSL : public SSLClientSocket {
45 public:
46  // Takes ownership of the transport_socket, which may already be connected.
47  // The given hostname will be compared with the name(s) in the server's
48  // certificate during the SSL handshake.  ssl_config specifies the SSL
49  // settings.
50  SSLClientSocketOpenSSL(scoped_ptr<ClientSocketHandle> transport_socket,
51                         const HostPortPair& host_and_port,
52                         const SSLConfig& ssl_config,
53                         const SSLClientSocketContext& context);
54  virtual ~SSLClientSocketOpenSSL();
55
56  const HostPortPair& host_and_port() const { return host_and_port_; }
57  const std::string& ssl_session_cache_shard() const {
58    return ssl_session_cache_shard_;
59  }
60
61  // SSLClientSocket implementation.
62  virtual std::string GetSessionCacheKey() const OVERRIDE;
63  virtual bool InSessionCache() const OVERRIDE;
64  virtual void SetHandshakeCompletionCallback(
65      const base::Closure& callback) OVERRIDE;
66  virtual void GetSSLCertRequestInfo(
67      SSLCertRequestInfo* cert_request_info) OVERRIDE;
68  virtual NextProtoStatus GetNextProto(std::string* proto) OVERRIDE;
69  virtual ChannelIDService* GetChannelIDService() const OVERRIDE;
70
71  // SSLSocket implementation.
72  virtual int ExportKeyingMaterial(const base::StringPiece& label,
73                                   bool has_context,
74                                   const base::StringPiece& context,
75                                   unsigned char* out,
76                                   unsigned int outlen) OVERRIDE;
77  virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE;
78
79  // StreamSocket implementation.
80  virtual int Connect(const CompletionCallback& callback) OVERRIDE;
81  virtual void Disconnect() OVERRIDE;
82  virtual bool IsConnected() const OVERRIDE;
83  virtual bool IsConnectedAndIdle() const OVERRIDE;
84  virtual int GetPeerAddress(IPEndPoint* address) const OVERRIDE;
85  virtual int GetLocalAddress(IPEndPoint* address) const OVERRIDE;
86  virtual const BoundNetLog& NetLog() const OVERRIDE;
87  virtual void SetSubresourceSpeculation() OVERRIDE;
88  virtual void SetOmniboxSpeculation() OVERRIDE;
89  virtual bool WasEverUsed() const OVERRIDE;
90  virtual bool UsingTCPFastOpen() const OVERRIDE;
91  virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE;
92
93  // Socket implementation.
94  virtual int Read(IOBuffer* buf, int buf_len,
95                   const CompletionCallback& callback) OVERRIDE;
96  virtual int Write(IOBuffer* buf, int buf_len,
97                    const CompletionCallback& callback) OVERRIDE;
98  virtual int SetReceiveBufferSize(int32 size) OVERRIDE;
99  virtual int SetSendBufferSize(int32 size) OVERRIDE;
100
101 protected:
102  // SSLClientSocket implementation.
103  virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain()
104      const OVERRIDE;
105
106 private:
107  class PeerCertificateChain;
108  class SSLContext;
109  friend class SSLClientSocket;
110  friend class SSLContext;
111
112  int Init();
113  void DoReadCallback(int result);
114  void DoWriteCallback(int result);
115
116  void OnHandshakeCompletion();
117
118  bool DoTransportIO();
119  int DoHandshake();
120  int DoChannelIDLookup();
121  int DoChannelIDLookupComplete(int result);
122  int DoVerifyCert(int result);
123  int DoVerifyCertComplete(int result);
124  void DoConnectCallback(int result);
125  void UpdateServerCert();
126  void VerifyCT();
127
128  void OnHandshakeIOComplete(int result);
129  void OnSendComplete(int result);
130  void OnRecvComplete(int result);
131
132  int DoHandshakeLoop(int last_io_result);
133  int DoReadLoop();
134  int DoWriteLoop();
135  int DoPayloadRead();
136  int DoPayloadWrite();
137
138  int BufferSend();
139  int BufferRecv();
140  void BufferSendComplete(int result);
141  void BufferRecvComplete(int result);
142  void TransportWriteComplete(int result);
143  int TransportReadComplete(int result);
144
145  // Callback from the SSL layer that indicates the remote server is requesting
146  // a certificate for this client.
147  int ClientCertRequestCallback(SSL* ssl);
148
149  // CertVerifyCallback is called to verify the server's certificates. We do
150  // verification after the handshake so this function only enforces that the
151  // certificates don't change during renegotiation.
152  int CertVerifyCallback(X509_STORE_CTX *store_ctx);
153
154  // Callback from the SSL layer to check which NPN protocol we are supporting
155  int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen,
156                              const unsigned char* in, unsigned int inlen);
157
158  // Called during an operation on |transport_bio_|'s peer. Checks saved
159  // transport error state and, if appropriate, returns an error through
160  // OpenSSL's error system.
161  long MaybeReplayTransportError(BIO *bio,
162                                 int cmd,
163                                 const char *argp, int argi, long argl,
164                                 long retvalue);
165
166  // Callback from the SSL layer when an operation is performed on
167  // |transport_bio_|'s peer.
168  static long BIOCallback(BIO *bio,
169                          int cmd,
170                          const char *argp, int argi, long argl,
171                          long retvalue);
172
173  // Callback that is used to obtain information about the state of the SSL
174  // handshake.
175  static void InfoCallback(const SSL* ssl, int type, int val);
176
177  void CheckIfHandshakeFinished();
178
179  // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|.
180  // SCTs are held in three separate vectors in ct_verify_result, each
181  // vetor representing a particular verification state, this method associates
182  // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to
183  // the |ssl_info|.signed_certificate_timestamps list.
184  void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const;
185
186  bool transport_send_busy_;
187  bool transport_recv_busy_;
188
189  scoped_refptr<DrainableIOBuffer> send_buffer_;
190  scoped_refptr<IOBuffer> recv_buffer_;
191
192  CompletionCallback user_connect_callback_;
193  CompletionCallback user_read_callback_;
194  CompletionCallback user_write_callback_;
195
196  // Used by Read function.
197  scoped_refptr<IOBuffer> user_read_buf_;
198  int user_read_buf_len_;
199
200  // Used by Write function.
201  scoped_refptr<IOBuffer> user_write_buf_;
202  int user_write_buf_len_;
203
204  // Used by DoPayloadRead() when attempting to fill the caller's buffer with
205  // as much data as possible without blocking.
206  // If DoPayloadRead() encounters an error after having read some data, stores
207  // the result to return on the *next* call to DoPayloadRead().  A value > 0
208  // indicates there is no pending result, otherwise 0 indicates EOF and < 0
209  // indicates an error.
210  int pending_read_error_;
211
212  // Used by TransportReadComplete() to signify an error reading from the
213  // transport socket. A value of OK indicates the socket is still
214  // readable. EOFs are mapped to ERR_CONNECTION_CLOSED.
215  int transport_read_error_;
216
217  // Used by TransportWriteComplete() and TransportReadComplete() to signify an
218  // error writing to the transport socket. A value of OK indicates no error.
219  int transport_write_error_;
220
221  // Set when Connect finishes.
222  scoped_ptr<PeerCertificateChain> server_cert_chain_;
223  scoped_refptr<X509Certificate> server_cert_;
224  CertVerifyResult server_cert_verify_result_;
225  bool completed_connect_;
226
227  // Set when Read() or Write() successfully reads or writes data to or from the
228  // network.
229  bool was_ever_used_;
230
231  // Stores client authentication information between ClientAuthHandler and
232  // GetSSLCertRequestInfo calls.
233  bool client_auth_cert_needed_;
234  // List of DER-encoded X.509 DistinguishedName of certificate authorities
235  // allowed by the server.
236  std::vector<std::string> cert_authorities_;
237  // List of SSLClientCertType values for client certificates allowed by the
238  // server.
239  std::vector<SSLClientCertType> cert_key_types_;
240
241  CertVerifier* const cert_verifier_;
242  scoped_ptr<SingleRequestCertVerifier> verifier_;
243  base::TimeTicks start_cert_verification_time_;
244
245  // Certificate Transparency: Verifier and result holder.
246  ct::CTVerifyResult ct_verify_result_;
247  CTVerifier* cert_transparency_verifier_;
248
249  // The service for retrieving Channel ID keys.  May be NULL.
250  ChannelIDService* channel_id_service_;
251
252  // Callback that is invoked when the connection finishes.
253  //
254  // Note: this callback will be run in Disconnect(). It will not alter
255  // any member variables of the SSLClientSocketOpenSSL.
256  base::Closure handshake_completion_callback_;
257
258  // OpenSSL stuff
259  SSL* ssl_;
260  BIO* transport_bio_;
261
262  scoped_ptr<ClientSocketHandle> transport_;
263  const HostPortPair host_and_port_;
264  SSLConfig ssl_config_;
265  // ssl_session_cache_shard_ is an opaque string that partitions the SSL
266  // session cache. i.e. sessions created with one value will not attempt to
267  // resume on the socket with a different value.
268  const std::string ssl_session_cache_shard_;
269
270  // Used for session cache diagnostics.
271  bool trying_cached_session_;
272
273  enum State {
274    STATE_NONE,
275    STATE_HANDSHAKE,
276    STATE_CHANNEL_ID_LOOKUP,
277    STATE_CHANNEL_ID_LOOKUP_COMPLETE,
278    STATE_VERIFY_CERT,
279    STATE_VERIFY_CERT_COMPLETE,
280  };
281  State next_handshake_state_;
282  NextProtoStatus npn_status_;
283  std::string npn_proto_;
284  // Written by the |channel_id_service_|.
285  std::string channel_id_private_key_;
286  std::string channel_id_cert_;
287  // True if channel ID extension was negotiated.
288  bool channel_id_xtn_negotiated_;
289  // True if InfoCallback has been run with result = SSL_CB_HANDSHAKE_DONE.
290  bool handshake_succeeded_;
291  // True if MarkSSLSessionAsGood has been called for this socket's
292  // SSL session.
293  bool marked_session_as_good_;
294  // The request handle for |channel_id_service_|.
295  ChannelIDService::RequestHandle channel_id_request_handle_;
296
297  TransportSecurityState* transport_security_state_;
298
299  // pinning_failure_log contains a message produced by
300  // TransportSecurityState::CheckPublicKeyPins in the event of a
301  // pinning failure. It is a (somewhat) human-readable string.
302  std::string pinning_failure_log_;
303
304  BoundNetLog net_log_;
305  base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_;
306};
307
308}  // namespace net
309
310#endif  // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
311