net/quic/crypto/proof_verifier.h - Issue 17385010: OpenSSL/NSS implementation of ProofVerfifier.

Side by Side Diff: net/quic/crypto/proof_verifier.h

Issue 17385010: OpenSSL/NSS implementation of ProofVerfifier. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix compiler error Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_	5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_

6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_	6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_

7	7

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

	11 #include "net/base/completion_callback.h"

11 #include "net/base/net_export.h"	12 #include "net/base/net_export.h"

12	13

13 namespace net {	14 namespace net {

14	15

15 // A ProofVerifier checks the signature on a server config, and the certificate	16 // A ProofVerifier checks the signature on a server config, and the certificate

16 // chain that backs the public key.	17 // chain that backs the public key.

17 class NET_EXPORT_PRIVATE ProofVerifier {	18 class NET_EXPORT_PRIVATE ProofVerifier {

18 public:	19 public:

19 virtual ~ProofVerifier() {}	20 virtual ~ProofVerifier() {}

20	21

21 // VerifyProof checks that \|signature\| is a valid signature of	22 // VerifyProof checks that \|signature\| is a valid signature of

22 // \|server_config\| by the public key in the leaf certificate of \|certs\|, and	23 // \|server_config\| by the public key in the leaf certificate of \|certs\|, and

23 // that \|certs\| is a valid chain for \|hostname\|. On success, it returns true.	24 // that \|certs\| is a valid chain for \|hostname\|. On success, it returns OK.

24 // On failure, it returns false and sets \|*error_details\| to a description of	25 // On failure, it returns false and sets \|*error_details\| to a description of

25 // the problem.	26 // the problem and returns ERR_FAILED.
	wtc 2013/06/24 22:36:56 "returns ERR_FAILED" should replace the "returns f "returns ERR_FAILED" should replace the "returns false" on the previous line. We also need to add comments to document the \|callback\| argument and the async behavior (the function may return ERR_IO_PENDING, in which case the \|callback\| will be run with the final OK/ERR_FAILED result when the proof is verified). ramant (doing other things) 2013/06/28 19:16:56 Done. Show quoted text On 2013/06/24 22:36:56, wtc wrote: > > "returns ERR_FAILED" should replace the "returns false" on the previous line. > > We also need to add comments to document the \|callback\| argument and the > async behavior (the function may return ERR_IO_PENDING, in which case the > \|callback\| will be run with the final OK/ERR_FAILED result when the proof is > verified). Done.
26 //	27 //

27 // The signature uses SHA-256 as the hash function and PSS padding in the	28 // The signature uses SHA-256 as the hash function and PSS padding in the

28 // case of RSA.	29 // case of RSA.

29 //	30 //

30 // Note: this is just for testing. The CN of the certificate is ignored and	31 // Note: this is just for testing. The CN of the certificate is ignored and

31 // wildcards in the SANs are not supported.	32 // wildcards in the SANs are not supported.

32 virtual bool VerifyProof(const std::string& hostname,	33 virtual int VerifyProof(const std::string& hostname,

33 const std::string& server_config,	34 const std::string& server_config,

34 const std::vector<std::string>& certs,	35 const std::vector<std::string>& certs,

35 const std::string& signature,	36 const std::string& signature,

36 std::string* error_details) const = 0;	37 const CompletionCallback& callback,
	wtc 2013/06/24 22:36:56 The \|callback\| argument seems to be the last argum The \|callback\| argument seems to be the last argument by convention. Could you check some other methods in net that take a \|callback\| argument? Thanks. ramant (doing other things) 2013/06/28 19:16:56 ./socket/client_socket_pool_manager.h:106, socet_t Show quoted text On 2013/06/24 22:36:56, wtc wrote: > > The \|callback\| argument seems to be the last argument by convention. > Could you check some other methods in net that take a \|callback\| argument? > Thanks. ./socket/client_socket_pool_manager.h:106, socet_test_util.h and others don't seem to follow that convention (they have callback argument in the middle). Should I change it? thanks.
	38 std::string* error_details) = 0;

37 };	39 };

38	40

39 } // namespace net	41 } // namespace net

40	42

41 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_H_	43 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_H_

OLD	NEW

« net/quic/crypto/proof_test.cc ('K') | « net/quic/crypto/proof_test.cc ('k') | net/quic/crypto/proof_verifier_chromium.h » ('j') | net/quic/crypto/proof_verifier_chromium.h » ('J')