Implement ALPS in SSLClientSocketImpl and SSLServerSocketImpl.

Change-Id: I6e15414d2b591781da0103384018575e80eb81a4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2650785
Commit-Queue: Bence Béky <bnc@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#851757}

Author: Bence Béky

net/socket/ssl_client_socket_impl.cc

@@ -8,6 +8,7 @@
 #include <string.h>
 
 #include <algorithm>
+#include <cstring>
 #include <map>
 #include <utility>
 
@@ -551,6 +552,18 @@ NextProto SSLClientSocketImpl::GetNegotiatedProtocol() const {
   return negotiated_protocol_;
 }
 
+base::Optional<base::StringPiece>
+SSLClientSocketImpl::GetPeerApplicationSettings() const {
+  if (!SSL_has_application_settings(ssl_.get())) {
+    return base::nullopt;
+  }
+
+  const uint8_t* out_data;
+  size_t out_len;
+  SSL_get0_peer_application_settings(ssl_.get(), &out_data, &out_len);
+  return base::StringPiece{reinterpret_cast<const char*>(out_data), out_len};
+}
+
 bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->Reset();
   if (!server_cert_)
@@ -846,6 +859,16 @@ int SSLClientSocketImpl::Init() {
     SSL_set_alpn_protos(ssl_.get(), wire_protos.data(), wire_protos.size());
   }
 
+  for (const auto& alps : ssl_config_.application_settings) {
+    const char* proto_string = NextProtoToString(alps.first);
+    const auto& data = alps.second;
+    if (!SSL_add_application_settings(
+            ssl_.get(), reinterpret_cast<const uint8_t*>(proto_string),
+            strlen(proto_string), data.data(), data.size())) {
+      return ERR_UNEXPECTED;
+    }
+  }
+
   SSL_enable_signed_cert_timestamps(ssl_.get());
   SSL_enable_ocsp_stapling(ssl_.get());
 

net/socket/ssl_client_socket_impl.h

@@ -17,6 +17,7 @@
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
+#include "base/optional.h"
 #include "net/base/completion_once_callback.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/io_buffer.h"
@@ -85,6 +86,7 @@ class SSLClientSocketImpl : public SSLClientSocket,
   bool WasEverUsed() const override;
   bool WasAlpnNegotiated() const override;
   NextProto GetNegotiatedProtocol() const override;
+  base::Optional<base::StringPiece> GetPeerApplicationSettings() const override;
   bool GetSSLInfo(SSLInfo* ssl_info) override;
   void GetConnectionAttempts(ConnectionAttempts* out) const override;
   void ClearConnectionAttempts() override {}

net/socket/ssl_client_socket_unittest.cc

@@ -101,9 +101,11 @@ using net::test::IsError;
 using net::test::IsOk;
 
 using testing::_;
-using testing::AnyOf;
+using testing::Bool;
+using testing::Combine;
 using testing::Return;
-using testing::Truly;
+using testing::Values;
+using testing::ValuesIn;
 
 namespace net {
 
@@ -1105,13 +1107,12 @@ class SSLClientSocketReadTest
   std::unique_ptr<ClientSocketFactory> wrapped_socket_factory_;
 };
 
-INSTANTIATE_TEST_SUITE_P(
-    All,
-    SSLClientSocketReadTest,
-    ::testing::Combine(::testing::Values(READ_IF_READY_SUPPORTED,
-                                         READ_IF_READY_NOT_SUPPORTED),
-                       ::testing::Values(TEST_SSL_READ_IF_READY, TEST_SSL_READ),
-                       ::testing::ValuesIn(GetTLSVersions())));
+INSTANTIATE_TEST_SUITE_P(All,
+                         SSLClientSocketReadTest,
+                         Combine(Values(READ_IF_READY_SUPPORTED,
+                                        READ_IF_READY_NOT_SUPPORTED),
+                                 Values(TEST_SSL_READ_IF_READY, TEST_SSL_READ),
+                                 ValuesIn(GetTLSVersions())));
 
 // Verifies the correctness of GetSSLCertRequestInfo.
 class SSLClientSocketCertRequestInfoTest : public SSLClientSocketVersionTest {
@@ -1476,7 +1477,7 @@ class HangingCertVerifier : public CertVerifier {
 
 INSTANTIATE_TEST_SUITE_P(TLSVersion,
                          SSLClientSocketVersionTest,
-                         ::testing::ValuesIn(GetTLSVersions()));
+                         ValuesIn(GetTLSVersions()));
 
 TEST_P(SSLClientSocketVersionTest, Connect) {
   ASSERT_TRUE(
@@ -2717,7 +2718,7 @@ TEST_P(SSLClientSocketVersionTest, VerifyReturnChainProperlyOrdered) {
 
 INSTANTIATE_TEST_SUITE_P(TLSVersion,
                          SSLClientSocketCertRequestInfoTest,
-                         ::testing::ValuesIn(GetTLSVersions()));
+                         ValuesIn(GetTLSVersions()));
 
 TEST_P(SSLClientSocketCertRequestInfoTest,
        DontRequestClientCertsIfServerCertInvalid) {
@@ -4046,7 +4047,7 @@ TEST_P(SSLClientSocketKeyUsageTest, RSAKeyUsageEnforcedForKnownRoot) {
 
 INSTANTIATE_TEST_SUITE_P(RSAKeyUsageInstantiation,
                          SSLClientSocketKeyUsageTest,
-                         ::testing::ValuesIn(kKeyUsageTests));
+                         ValuesIn(kKeyUsageTests));
 
 // Test that when CT is required (in this case, by the delegate), the
 // absence of CT information is a socket error.
@@ -5483,13 +5484,11 @@ class TLS13DowngradeTest
 INSTANTIATE_TEST_SUITE_P(
     All,
     TLS13DowngradeTest,
-    ::testing::Combine(
-        ::testing::Values(
-            SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_0,
-            SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_1,
-            SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_2),
-        ::testing::Values(false, true),
-        ::testing::Values(false, true)));
+    Combine(Values(SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_0,
+                   SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_1,
+                   SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_2),
+            Bool(),
+            Bool()));
 
 TEST_P(TLS13DowngradeTest, DowngradeEnforced) {
   SpawnedTestServer::SSLOptions ssl_options;
@@ -5565,7 +5564,7 @@ class SSLHandshakeDetailsTest
 
 INSTANTIATE_TEST_SUITE_P(All,
                          SSLHandshakeDetailsTest,
-                         ::testing::ValuesIn(kSSLHandshakeDetailsParams));
+                         ValuesIn(kSSLHandshakeDetailsParams));
 
 TEST_P(SSLHandshakeDetailsTest, Metrics) {
   // Enable all test features in the server.
@@ -5945,4 +5944,62 @@ TEST_F(SSLClientSocketTest, VersionMinOverride) {
   EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
 }
 
+class SSLClientSocketAlpsTest
+    : public SSLClientSocketTest,
+      public ::testing::WithParamInterface<std::tuple<bool, bool>> {
+ public:
+  SSLClientSocketAlpsTest()
+      : client_alps_enabled_(std::get<0>(GetParam())),
+        server_alps_enabled_(std::get<1>(GetParam())) {}
+  ~SSLClientSocketAlpsTest() override = default;
+  const bool client_alps_enabled_;
+  const bool server_alps_enabled_;
+};
+
+INSTANTIATE_TEST_SUITE_P(All, SSLClientSocketAlpsTest, Combine(Bool(), Bool()));
+
+TEST_P(SSLClientSocketAlpsTest, Alps) {
+  const std::string server_data = "server sends some test data";
+  const std::string client_data = "client also sends some data";
+
+  SSLServerConfig server_config;
+  server_config.alpn_protos = {kProtoHTTP2};
+  if (server_alps_enabled_) {
+    server_config.application_settings[kProtoHTTP2] =
+        std::vector<uint8_t>(server_data.begin(), server_data.end());
+  }
+  ASSERT_TRUE(
+      StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
+
+  SSLConfig client_config;
+  client_config.alpn_protos = {kProtoHTTP2};
+  if (client_alps_enabled_) {
+    client_config.application_settings[kProtoHTTP2] =
+        std::vector<uint8_t>(client_data.begin(), client_data.end());
+  }
+
+  int rv;
+  ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
+  EXPECT_THAT(rv, IsOk());
+
+  SSLInfo info;
+  ASSERT_TRUE(sock_->GetSSLInfo(&info));
+  EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
+            SSLConnectionStatusToVersion(info.connection_status));
+  EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, info.handshake_type);
+
+  EXPECT_EQ(true, sock_->WasAlpnNegotiated());
+  EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
+
+  // ALPS is negotiated only if ALPS is enabled both on client and server.
+  const auto alps_data_received_by_client = sock_->GetPeerApplicationSettings();
+
+  if (client_alps_enabled_ && server_alps_enabled_) {
+    ASSERT_TRUE(alps_data_received_by_client.has_value());
+    EXPECT_EQ(server_data, alps_data_received_by_client.value());
+  } else {
+    EXPECT_FALSE(alps_data_received_by_client.has_value());
+  }
+}
+
 }  // namespace net

net/socket/ssl_server_socket_impl.cc

@@ -11,6 +11,7 @@
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/weak_ptr.h"
+#include "base/optional.h"
 #include "base/strings/string_util.h"
 #include "crypto/openssl_util.h"
 #include "crypto/rsa_private_key.h"
@@ -106,6 +107,7 @@ class SSLServerContextImpl::SocketImpl : public SSLServerSocket,
   bool WasEverUsed() const override;
   bool WasAlpnNegotiated() const override;
   NextProto GetNegotiatedProtocol() const override;
+  base::Optional<base::StringPiece> GetPeerApplicationSettings() const override;
   bool GetSSLInfo(SSLInfo* ssl_info) override;
   void GetConnectionAttempts(ConnectionAttempts* out) const override;
   void ClearConnectionAttempts() override {}
@@ -347,6 +349,7 @@ void SSLServerContextImpl::SocketImpl::OnPrivateKeyComplete(
   DoHandshakeLoop(ERR_IO_PENDING);
 }
 
+// static
 int SSLServerContextImpl::SocketImpl::ALPNSelectCallback(SSL* ssl,
                                                          const uint8_t** out,
                                                          uint8_t* out_len,
@@ -375,6 +378,16 @@ int SSLServerContextImpl::SocketImpl::ALPNSelectCallback(SSL* ssl,
               CBS_len(&client_proto)) == server_proto_str) {
         *out = CBS_data(&client_proto);
         *out_len = CBS_len(&client_proto);
+
+        const auto& application_settings =
+            socket->context_->ssl_server_config_.application_settings;
+        auto it = application_settings.find(server_proto);
+        if (it != application_settings.end()) {
+          const std::vector<uint8_t>& data = it->second;
+          SSL_add_application_settings(ssl, CBS_data(&client_proto),
+                                       CBS_len(&client_proto), data.data(),
+                                       data.size());
+        }
         return SSL_TLSEXT_ERR_OK;
       }
     }
@@ -545,6 +558,18 @@ NextProto SSLServerContextImpl::SocketImpl::GetNegotiatedProtocol() const {
   return negotiated_protocol_;
 }
 
+base::Optional<base::StringPiece>
+SSLServerContextImpl::SocketImpl::GetPeerApplicationSettings() const {
+  if (!SSL_has_application_settings(ssl_.get())) {
+    return base::nullopt;
+  }
+
+  const uint8_t* out_data;
+  size_t out_len;
+  SSL_get0_peer_application_settings(ssl_.get(), &out_data, &out_len);
+  return base::StringPiece{reinterpret_cast<const char*>(out_data), out_len};
+}
+
 bool SSLServerContextImpl::SocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->Reset();
   if (!completed_handshake_)

net/socket/ssl_server_socket_unittest.cc

@@ -1301,4 +1301,69 @@ TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyRequireEcdhe) {
   ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
 }
 
+class SSLServerSocketAlpsTest
+    : public SSLServerSocketTest,
+      public ::testing::WithParamInterface<std::tuple<bool, bool>> {
+ public:
+  SSLServerSocketAlpsTest()
+      : client_alps_enabled_(std::get<0>(GetParam())),
+        server_alps_enabled_(std::get<1>(GetParam())) {}
+  ~SSLServerSocketAlpsTest() override = default;
+  const bool client_alps_enabled_;
+  const bool server_alps_enabled_;
+};
+
+INSTANTIATE_TEST_SUITE_P(All,
+                         SSLServerSocketAlpsTest,
+                         ::testing::Combine(::testing::Bool(),
+                                            ::testing::Bool()));
+
+TEST_P(SSLServerSocketAlpsTest, Alps) {
+  const std::string server_data = "server sends some test data";
+  const std::string client_data = "client also sends some data";
+
+  server_ssl_config_.alpn_protos = {kProtoHTTP2};
+  if (server_alps_enabled_) {
+    server_ssl_config_.application_settings[kProtoHTTP2] =
+        std::vector<uint8_t>(server_data.begin(), server_data.end());
+  }
+
+  client_ssl_config_.alpn_protos = {kProtoHTTP2};
+  if (client_alps_enabled_) {
+    client_ssl_config_.application_settings[kProtoHTTP2] =
+        std::vector<uint8_t>(client_data.begin(), client_data.end());
+  }
+
+  ASSERT_NO_FATAL_FAILURE(CreateContext());
+  ASSERT_NO_FATAL_FAILURE(CreateSockets());
+
+  TestCompletionCallback handshake_callback;
+  int server_ret = server_socket_->Handshake(handshake_callback.callback());
+
+  TestCompletionCallback connect_callback;
+  int client_ret = client_socket_->Connect(connect_callback.callback());
+
+  client_ret = connect_callback.GetResult(client_ret);
+  server_ret = handshake_callback.GetResult(server_ret);
+
+  ASSERT_THAT(client_ret, IsOk());
+  ASSERT_THAT(server_ret, IsOk());
+
+  // ALPS is negotiated only if ALPS is enabled both on client and server.
+  const auto alps_data_received_by_client =
+      client_socket_->GetPeerApplicationSettings();
+  const auto alps_data_received_by_server =
+      server_socket_->GetPeerApplicationSettings();
+
+  if (client_alps_enabled_ && server_alps_enabled_) {
+    ASSERT_TRUE(alps_data_received_by_client.has_value());
+    EXPECT_EQ(server_data, alps_data_received_by_client.value());
+    ASSERT_TRUE(alps_data_received_by_server.has_value());
+    EXPECT_EQ(client_data, alps_data_received_by_server.value());
+  } else {
+    EXPECT_FALSE(alps_data_received_by_client.has_value());
+    EXPECT_FALSE(alps_data_received_by_server.has_value());
+  }
+}
+
 }  // namespace net

net/socket/stream_socket.cc

@@ -13,6 +13,11 @@ void StreamSocket::SetBeforeConnectCallback(
   NOTREACHED();
 }
 
+base::Optional<base::StringPiece> StreamSocket::GetPeerApplicationSettings()
+    const {
+  return base::nullopt;
+}
+
 void StreamSocket::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) const {
   NOTREACHED();

net/socket/stream_socket.h

@@ -9,6 +9,7 @@
 
 #include "base/bind.h"
 #include "base/macros.h"
+#include "base/optional.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_export.h"
 #include "net/dns/public/resolve_error_info.h"
@@ -136,6 +137,11 @@ class NET_EXPORT StreamSocket : public Socket {
   // kProtoUnknown will be returned if ALPN is not applicable.
   virtual NextProto GetNegotiatedProtocol() const = 0;
 
+  // Get data received from peer in ALPS TLS extension.
+  // Returns a (possibly empty) value if a TLS version supporting ALPS was used
+  // and ALPS was negotiated, nullopt otherwise.
+  virtual base::Optional<base::StringPiece> GetPeerApplicationSettings() const;
+
   // Gets the SSL connection information of the socket.  Returns false if
   // SSL was not used by this socket.
   virtual bool GetSSLInfo(SSLInfo* ssl_info) = 0;

net/ssl/ssl_config.h

@@ -127,6 +127,10 @@ struct NET_EXPORT SSLConfig {
   // The list of application-level protocols to enable renegotiation for.
   NextProtoVector renego_allowed_for_protos;
 
+  // ALPS TLS extension is enabled and corresponding data is sent to server
+  // for each NextProto in |application_settings|.  Data might be empty.
+  base::flat_map<NextProto, std::vector<uint8_t>> application_settings;
+
   // If the PartitionSSLSessionsByNetworkIsolationKey feature is enabled, the
   // session cache is partitioned by this value.
   NetworkIsolationKey network_isolation_key;