Chromium Code Reviews Chromium Code Reviews
Issue 687733004:
Implement crypto signature verification routines using OpenSSL. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" | 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "extensions/browser/api/cast_channel/cast_message_util.h" | 10 #include "extensions/browser/api/cast_channel/cast_message_util.h" |
| 11 #include "extensions/common/api/cast_channel/cast_channel.pb.h" | 11 #include "extensions/common/api/cast_channel/cast_channel.pb.h" |
| 12 | 12 |
| 13 namespace extensions { | 13 namespace extensions { |
| 14 namespace core_api { | 14 namespace core_api { |
| 15 namespace cast_channel { | 15 namespace cast_channel { |
| 16 namespace { | 16 namespace { |
| 17 | 17 |
| 18 const char* const kParseErrorPrefix = "Failed to parse auth message: "; | 18 const char* const kParseErrorPrefix = "Failed to parse auth message: "; |
| 19 | 19 |
| 20 // Extracts an embedded DeviceAuthMessage payload from an auth challenge reply | |
| 21 // message. | |
| 22 AuthResult ParseAuthMessage(const CastMessage& challenge_reply, | |
| 23 DeviceAuthMessage* auth_message) { | |
| 24 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) { | |
| 25 return AuthResult::CreateWithParseError( | |
| 26 "Wrong payload type in challenge reply", | |
| 27 AuthResult::ERROR_WRONG_PAYLOAD_TYPE); | |
| 28 } | |
| 29 if (!challenge_reply.has_payload_binary()) { | |
| 30 return AuthResult::CreateWithParseError( | |
| 31 "Payload type is binary but payload_binary field not set", | |
| 32 AuthResult::ERROR_NO_PAYLOAD); | |
| 33 } | |
| 34 if (!auth_message->ParseFromString(challenge_reply.payload_binary())) { | |
| 35 return AuthResult::CreateWithParseError( | |
| 36 "Cannot parse binary payload into DeviceAuthMessage", | |
| 37 AuthResult::ERROR_PAYLOAD_PARSING_FAILED); | |
| 38 } | |
| 39 | |
| 40 VLOG(1) << "Auth message: " << AuthMessageToString(*auth_message); | |
| 41 | |
| 42 if (auth_message->has_error()) { | |
| 43 return AuthResult::CreateWithParseError( | |
| 44 "Auth message error: " + | |
| 45 base::IntToString(auth_message->error().error_type()), | |
| 46 AuthResult::ERROR_MESSAGE_ERROR); | |
| 47 } | |
| 48 if (!auth_message->has_response()) { | |
| 49 return AuthResult::CreateWithParseError( | |
| 50 "Auth message has no response field", AuthResult::ERROR_NO_RESPONSE); | |
| 51 } | |
| 52 return AuthResult(); | |
| 53 } | |
| 54 | |
| 20 } // namespace | 55 } // namespace |
| 21 | 56 |
| 22 AuthResult::AuthResult() : error_type(ERROR_NONE), nss_error_code(0) { | 57 AuthResult::AuthResult() : error_type(ERROR_NONE), nss_error_code(0) { |
| 23 } | 58 } |
| 24 | 59 |
| 25 AuthResult::~AuthResult() { | 60 AuthResult::~AuthResult() { |
| 26 } | 61 } |
| 27 | 62 |
| 28 // static | 63 // static |
| 29 AuthResult AuthResult::CreateWithParseError(const std::string& error_message, | 64 AuthResult AuthResult::CreateWithParseError(const std::string& error_message, |
| 30 ErrorType error_type) { | 65 ErrorType error_type) { |
| 31 return AuthResult(kParseErrorPrefix + error_message, error_type, 0); | 66 return AuthResult(kParseErrorPrefix + error_message, error_type, 0); |
| 32 } | 67 } |
| 33 | 68 |
| 34 // static | 69 // static |
| 35 AuthResult AuthResult::CreateWithNSSError(const std::string& error_message, | 70 AuthResult AuthResult::CreateWithNSSError(const std::string& error_message, |
| 36 ErrorType error_type, | 71 ErrorType error_type, |
| 37 int nss_error_code) { | 72 int nss_error_code) { |
| 38 return AuthResult(error_message, error_type, nss_error_code); | 73 return AuthResult(error_message, error_type, nss_error_code); |
| 39 } | 74 } |
| 40 | 75 |
| 41 AuthResult::AuthResult(const std::string& error_message, | 76 AuthResult::AuthResult(const std::string& error_message, |
| 42 ErrorType error_type, | 77 ErrorType error_type, |
| 43 int nss_error_code) | 78 int nss_error_code) |
| 44 : error_message(error_message), | 79 : error_message(error_message), |
| 45 error_type(error_type), | 80 error_type(error_type), |
| 46 nss_error_code(nss_error_code) { | 81 nss_error_code(nss_error_code) { |
| 47 } | 82 } |
| 48 | 83 |
| 49 AuthResult ParseAuthMessage(const CastMessage& challenge_reply, | 84 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, |
| 50 DeviceAuthMessage* auth_message) { | 85 const std::string& peer_cert) { |
| 51 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) { | 86 if (peer_cert.empty()) { |
| 52 return AuthResult::CreateWithParseError( | 87 AuthResult result = AuthResult::CreateWithParseError( |
| 53 "Wrong payload type in challenge reply", | 88 "Peer cert was empty.", AuthResult::ERROR_PEER_CERT_EMPTY); |
| 54 AuthResult::ERROR_WRONG_PAYLOAD_TYPE); | 89 VLOG(1) << result.error_message; |
|
mark a. foltz
2014/11/03 19:06:27
Perhaps the caller should have this log statement
Kevin M
2014/11/03 19:41:55
Huh, that is already the case. Removed the redunda
| |
| 55 } | 90 return result; |
| 56 if (!challenge_reply.has_payload_binary()) { | |
| 57 return AuthResult::CreateWithParseError( | |
| 58 "Payload type is binary but payload_binary field not set", | |
| 59 AuthResult::ERROR_NO_PAYLOAD); | |
| 60 } | |
| 61 if (!auth_message->ParseFromString(challenge_reply.payload_binary())) { | |
| 62 return AuthResult::CreateWithParseError( | |
| 63 "Cannot parse binary payload into DeviceAuthMessage", | |
| 64 AuthResult::ERROR_PAYLOAD_PARSING_FAILED); | |
| 65 } | 91 } |
| 66 | 92 |
| 67 VLOG(1) << "Auth message: " << AuthMessageToString(*auth_message); | 93 DeviceAuthMessage auth_message; |
| 94 AuthResult result = ParseAuthMessage(challenge_reply, &auth_message); | |
| 95 if (!result.success()) { | |
| 96 VLOG(1) << result.error_message; | |
| 97 return result; | |
| 98 } | |
| 68 | 99 |
| 69 if (auth_message->has_error()) { | 100 const AuthResponse& response = auth_message.response(); |
| 70 return AuthResult::CreateWithParseError( | 101 result = VerifyCredentials(response, peer_cert); |
| 71 "Auth message error: " + | 102 if (!result.success()) { |
| 72 base::IntToString(auth_message->error().error_type()), | 103 VLOG(1) << result.error_message; |
| 73 AuthResult::ERROR_MESSAGE_ERROR); | 104 return result; |
| 74 } | 105 } |
| 75 if (!auth_message->has_response()) { | 106 |
| 76 return AuthResult::CreateWithParseError( | |
| 77 "Auth message has no response field", AuthResult::ERROR_NO_RESPONSE); | |
| 78 } | |
| 79 return AuthResult(); | 107 return AuthResult(); |
| 80 } | 108 } |
| 81 | 109 |
| 82 } // namespace cast_channel | 110 } // namespace cast_channel |
| 83 } // namespace core_api | 111 } // namespace core_api |
| 84 } // namespace extensions | 112 } // namespace extensions |
| OLD | NEW |
