extensions/browser/api/cast_channel/cast_auth_util.h - Issue 2709523008: [Cast Channel] Add support for nonce challenge to Cast channel authentication.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 2709523008: [Cast Channel] Add support for nonce challenge to Cast channel authentication. (Closed)

Patch Set: Added a comment Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « components/test/data/cast_certificate/certificates/test_tls_cert.pem ('k') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: extensions/browser/api/cast_channel/cast_auth_util.h

diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h

index 1f66395413963a1ea21c95dc40503927dcaf36da..b29ab727cf9a0e3bb80a534d2b5c1c5745b9ce2a 100644

--- a/extensions/browser/api/cast_channel/cast_auth_util.h

+++ b/extensions/browser/api/cast_channel/cast_auth_util.h

@@ -46,6 +46,7 @@ struct AuthResult {

ERROR_TLS_CERT_EXPIRED,

ERROR_CRL_INVALID,

ERROR_CERT_REVOKED,

+ ERROR_SENDER_NONCE_MISMATCH,

};

enum PolicyType { POLICY_NONE = 0, POLICY_AUDIO_ONLY = 1 << 0 };

@@ -67,11 +68,37 @@ struct AuthResult {

unsigned int channel_policies;

};

+class AuthContext {

+ public:

+ explicit AuthContext(const std::string& nonce);

mark a. foltz 2017/03/17 17:15:39 Nit: Make this private, it looks like all code and

ryanchung 2017/03/17 17:34:07 Done.

+ ~AuthContext();

+ // Get an auth challenge context.

+ // The same context must be used in the challenge and reply.

+ static AuthContext Create();

+ // Verifies the nonce received in the response is equivalent to the one sent.

+ // Returns success if |nonce_response| matches nonce_

+ AuthResult VerifySenderNonce(const std::string& nonce_response) const;

+ // The nonce challenge.

+ const std::string& nonce() const { return nonce_; }

+ private:

+ const std::string nonce_;

+};

// Authenticates the given |challenge_reply|:

// 1. Signature contained in the reply is valid.

// 2. Certficate used to sign is rooted to a trusted CA.

AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,

- const net::X509Certificate& peer_cert);

+ const net::X509Certificate& peer_cert,

+ const AuthContext& auth_context);

+// Performs a quick check of the TLS certificate for time validity requirements.

+AuthResult VerifyTLSCertificate(const net::X509Certificate& peer_cert,

+ std::string* peer_cert_der,

+ const base::Time& verification_time);

// Auth-library specific implementation of cryptographic signature

// verification routines. Verifies that |response| contains a