extensions/browser/api/cast_channel/cast_auth_util.h - Issue 687733004: Implement crypto signature verification routines using OpenSSL.

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 687733004: Implement crypto signature verification routines using OpenSSL. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Broke off error reporting into separate branch, made unit tests security lib agnostic Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « extensions/browser/api/cast_channel/cast_auth_ica.cc ('k') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	5 #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	6 #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

7	7

8 #include <string>	8 #include <string>

9	9

10 namespace extensions {	10 namespace extensions {

11 namespace core_api {	11 namespace core_api {

12 namespace cast_channel {	12 namespace cast_channel {

13	13

	14 class AuthResponse;

14 class CastMessage;	15 class CastMessage;

15 class DeviceAuthMessage;	16 class DeviceAuthMessage;

16	17

17 struct AuthResult {	18 struct AuthResult {

18 public:	19 public:

19 enum ErrorType {	20 enum ErrorType {

20 ERROR_NONE,	21 ERROR_NONE,

21 ERROR_PEER_CERT_EMPTY,	22 ERROR_PEER_CERT_EMPTY,

22 ERROR_WRONG_PAYLOAD_TYPE,	23 ERROR_WRONG_PAYLOAD_TYPE,

23 ERROR_NO_PAYLOAD,	24 ERROR_NO_PAYLOAD,

24 ERROR_PAYLOAD_PARSING_FAILED,	25 ERROR_PAYLOAD_PARSING_FAILED,

25 ERROR_MESSAGE_ERROR,	26 ERROR_MESSAGE_ERROR,

26 ERROR_NO_RESPONSE,	27 ERROR_NO_RESPONSE,

27 ERROR_FINGERPRINT_NOT_FOUND,	28 ERROR_FINGERPRINT_NOT_FOUND,

28 ERROR_NSS_CERT_PARSING_FAILED,	29 ERROR_CERT_PARSING_FAILED,

29 ERROR_NSS_CERT_NOT_SIGNED_BY_TRUSTED_CA,	30 ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,

30 ERROR_NSS_CANNOT_EXTRACT_PUBLIC_KEY,	31 ERROR_CANNOT_EXTRACT_PUBLIC_KEY,

31 ERROR_NSS_SIGNED_BLOBS_MISMATCH	32 ERROR_SIGNED_BLOBS_MISMATCH,

	33 ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT,
	mark a. foltz 2014/11/03 19:06:27 Omit trailing comma Omit trailing comma Kevin M 2014/11/03 19:41:55 Done. Show quoted text On 2014/11/03 19:06:27, mark a. foltz wrote: > Omit trailing comma Done.
32 };	34 };

33	35

34 // Constructs a AuthResult that corresponds to success.	36 // Constructs a AuthResult that corresponds to success.

35 AuthResult();	37 AuthResult();

36 ~AuthResult();	38 ~AuthResult();

37	39

38 static AuthResult CreateWithParseError(const std::string& error_message,	40 static AuthResult CreateWithParseError(const std::string& error_message,

39 ErrorType error_type);	41 ErrorType error_type);

40 static AuthResult CreateWithNSSError(const std::string& error_message,	42 static AuthResult CreateWithNSSError(const std::string& error_message,

41 ErrorType error_type,	43 ErrorType error_type,

42 int nss_error_code);	44 int nss_error_code);

43	45

44 bool success() const { return error_type == ERROR_NONE; }	46 bool success() const { return error_type == ERROR_NONE; }

45	47

46 std::string error_message;	48 std::string error_message;

47 ErrorType error_type;	49 ErrorType error_type;

48 int nss_error_code;	50 int nss_error_code;

49	51

50 private:	52 private:

51 AuthResult(const std::string& error_message,	53 AuthResult(const std::string& error_message,

52 ErrorType error_type,	54 ErrorType error_type,

53 int nss_error_code);	55 int nss_error_code);

54 };	56 };

55	57

56 // Authenticates the given \|challenge_reply\|:	58 // Authenticates the given \|challenge_reply\|:

57 // 1. Signature contained in the reply is valid.	59 // 1. Signature contained in the reply is valid.

58 // 2. Certficate used to sign is rooted to a trusted CA.	60 // 2. Certficate used to sign is rooted to a trusted CA.

59 AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,	61 AuthResult AuthenticateChallengeReply(

60 const std::string& peer_cert);	62 const CastMessage& challenge_reply,

	63 const std::string& peer_cert);
	davidben 2014/11/03 19:01:50 Nit: Why reformat this one? Nit: Why reformat this one? Kevin M 2014/11/03 19:41:55 I think I renamed it to something else previously Show quoted text On 2014/11/03 19:01:50, David Benjamin wrote: > Nit: Why reformat this one? I think I renamed it to something else previously and reformatted around that - switched back to the previous format.
61	64

62 // Parses a DeviceAuthMessage payload from a challenge reply.	65 // Auth-library specific implementation of cryptographic signature

63 // Returns an AuthResult to indicate success or failure.	66 // verification routines. Verifies that \|response\| contains a

64 AuthResult ParseAuthMessage(const CastMessage& challenge_reply,	67 // valid signed form of \|peer_cert\|.

65 DeviceAuthMessage* auth_message);	68 AuthResult VerifyCredentials(const AuthResponse& response,

	69 const std::string& peer_cert);

66	70

67 } // namespace cast_channel	71 } // namespace cast_channel

68 } // namespace core_api	72 } // namespace core_api

69 } // namespace extensions	73 } // namespace extensions

70	74

71 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_	75 #endif // EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_

OLD	NEW