extensions/browser/api/cast_channel/cast_auth_util.h - Issue 687733004: Implement crypto signature verification routines using OpenSSL.

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 687733004: Implement crypto signature verification routines using OpenSSL. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed code review feedback Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « extensions/browser/api/cast_channel/cast_auth_ica.cc ('k') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/common/api/cast_channel/logging.proto » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

7	7

8 #include <string>	8 #include <string>

	9 #include <vector>

9	10

10 namespace extensions {	11 namespace extensions {

11 namespace core_api {	12 namespace core_api {

12 namespace cast_channel {	13 namespace cast_channel {

13	14

	15 class AuthResponse;

14 class CastMessage;	16 class CastMessage;

15 class DeviceAuthMessage;	17 class DeviceAuthMessage;

16	18

	19 struct OpenSslErrorEntry {

	20 std::string filename;

	21 int line_number;

	22 };

	23

17 struct AuthResult {	24 struct AuthResult {

18 public:	25 public:

19 enum ErrorType {	26 enum ErrorType {

20 ERROR_NONE,	27 ERROR_NONE,

21 ERROR_PEER_CERT_EMPTY,	28 ERROR_PEER_CERT_EMPTY,

22 ERROR_WRONG_PAYLOAD_TYPE,	29 ERROR_WRONG_PAYLOAD_TYPE,

23 ERROR_NO_PAYLOAD,	30 ERROR_NO_PAYLOAD,

24 ERROR_PAYLOAD_PARSING_FAILED,	31 ERROR_PAYLOAD_PARSING_FAILED,

25 ERROR_MESSAGE_ERROR,	32 ERROR_MESSAGE_ERROR,

26 ERROR_NO_RESPONSE,	33 ERROR_NO_RESPONSE,

27 ERROR_FINGERPRINT_NOT_FOUND,	34 ERROR_FINGERPRINT_NOT_FOUND,

28 ERROR_NSS_CERT_PARSING_FAILED,	35 ERROR_CERT_PARSING_FAILED,

29 ERROR_NSS_CERT_NOT_SIGNED_BY_TRUSTED_CA,	36 ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,

30 ERROR_NSS_CANNOT_EXTRACT_PUBLIC_KEY,	37 ERROR_CANNOT_EXTRACT_PUBLIC_KEY,

31 ERROR_NSS_SIGNED_BLOBS_MISMATCH	38 ERROR_SIGNED_BLOBS_MISMATCH,

	39 ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT,

32 };	40 };

33	41

34 // Constructs a AuthResult that corresponds to success.	42 // Constructs a AuthResult that corresponds to success.

35 AuthResult();	43 AuthResult();

36 ~AuthResult();	44 ~AuthResult();

37	45

	46 AuthResult(const AuthResult& rvalue);

	47

38 static AuthResult CreateWithParseError(const std::string& error_message,	48 static AuthResult CreateWithParseError(const std::string& error_message,

39 ErrorType error_type);	49 ErrorType error_type);

	50 static AuthResult CreateWithOpenSSLErrors(

	51 const std::string& error_message,

	52 ErrorType error_type,

	53 const std::vector<OpenSslErrorEntry>& openssl_errors);

40 static AuthResult CreateWithNSSError(const std::string& error_message,	54 static AuthResult CreateWithNSSError(const std::string& error_message,

41 ErrorType error_type,	55 ErrorType error_type,

42 int nss_error_code);	56 int nss_error_code);

43	57

44 bool success() const { return error_type == ERROR_NONE; }	58 bool success() const { return error_type == ERROR_NONE; }

45	59

46 std::string error_message;	60 std::string error_message;

47 ErrorType error_type;	61 ErrorType error_type;

48 int nss_error_code;	62 int nss_error_code;

	63 std::vector<OpenSslErrorEntry> openssl_error_stack;

49	64

50 private:	65 private:

51 AuthResult(const std::string& error_message,	66 AuthResult(const std::string& error_message,

52 ErrorType error_type,	67 ErrorType error_type,

53 int nss_error_code);	68 int nss_error_code,

	69 const std::vector<OpenSslErrorEntry>& openssl_errors);

54 };	70 };

55	71

56 // Authenticates the given \|challenge_reply\|:	72 // Authenticates the given \|challenge_reply\|:

57 // 1. Signature contained in the reply is valid.	73 // 1. Signature contained in the reply is valid.

58 // 2. Certficate used to sign is rooted to a trusted CA.	74 // 2. Certficate used to sign is rooted to a trusted CA.

59 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,	75 AuthResult AuthenticateChallengeReply(

60 const std::string& peer_cert);	76 const CastMessage& challenge_reply,

	77 const std::string& peer_cert);

61	78

62 // Parses a DeviceAuthMessage payload from a challenge reply.	79 // Auth-library specific implementation of cryptographic signature

63 // Returns an AuthResult to indicate success or failure.	80 // verification routines. Verifies that \|response\| contains a

64 AuthResult ParseAuthMessage(const CastMessage& challenge_reply,	81 // valid signed form of \|peer_cert\|.

65 DeviceAuthMessage* auth_message);	82 AuthResult VerifyCredentials(const AuthResponse& response,

	83 const std::string& peer_cert);

66	84

67 } // namespace cast_channel	85 } // namespace cast_channel

68 } // namespace core_api	86 } // namespace core_api

69 } // namespace extensions	87 } // namespace extensions

70	88

71 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	89 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

OLD	NEW