extensions/browser/api/cast_channel/cast_auth_util.h - Issue 687733004: Implement crypto signature verification routines using OpenSSL.

Unified Diff: extensions/browser/api/cast_channel/cast_auth_util.h

Issue 687733004: Implement crypto signature verification routines using OpenSSL. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Broke off error reporting into separate branch, made unit tests security lib agnostic Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « extensions/browser/api/cast_channel/cast_auth_ica.cc ('k') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('j') | extensions/browser/api/cast_channel/cast_auth_util.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: extensions/browser/api/cast_channel/cast_auth_util.h

diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h

index fa00d8173e297fcca78d0466e65c75735506241e..fd26eb5cf1e18d895a621fdffdf82b156da77042 100644

--- a/extensions/browser/api/cast_channel/cast_auth_util.h

+++ b/extensions/browser/api/cast_channel/cast_auth_util.h

@@ -11,6 +11,7 @@ namespace extensions {

namespace core_api {

namespace cast_channel {

+class AuthResponse;

class CastMessage;

class DeviceAuthMessage;

@@ -25,10 +26,11 @@ struct AuthResult {

ERROR_MESSAGE_ERROR,

ERROR_NO_RESPONSE,

ERROR_FINGERPRINT_NOT_FOUND,

- ERROR_NSS_CERT_PARSING_FAILED,

- ERROR_NSS_CERT_NOT_SIGNED_BY_TRUSTED_CA,

- ERROR_NSS_CANNOT_EXTRACT_PUBLIC_KEY,

- ERROR_NSS_SIGNED_BLOBS_MISMATCH

+ ERROR_CERT_PARSING_FAILED,

+ ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA,

+ ERROR_CANNOT_EXTRACT_PUBLIC_KEY,

+ ERROR_SIGNED_BLOBS_MISMATCH,

+ ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT,

mark a. foltz 2014/11/03 19:06:27 Omit trailing comma

Kevin M 2014/11/03 19:41:55 Done.

};

// Constructs a AuthResult that corresponds to success.

@@ -56,13 +58,15 @@ struct AuthResult {

// Authenticates the given |challenge_reply|:

// 1. Signature contained in the reply is valid.

// 2. Certficate used to sign is rooted to a trusted CA.

-AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,

- const std::string& peer_cert);

+AuthResult AuthenticateChallengeReply(

+ const CastMessage& challenge_reply,

+ const std::string& peer_cert);

davidben 2014/11/03 19:01:50 Nit: Why reformat this one?

Kevin M 2014/11/03 19:41:55 I think I renamed it to something else previously

-// Parses a DeviceAuthMessage payload from a challenge reply.

-// Returns an AuthResult to indicate success or failure.

-AuthResult ParseAuthMessage(const CastMessage& challenge_reply,

- DeviceAuthMessage* auth_message);

+// Auth-library specific implementation of cryptographic signature

+// verification routines. Verifies that |response| contains a

+// valid signed form of |peer_cert|.

+AuthResult VerifyCredentials(const AuthResponse& response,

+ const std::string& peer_cert);

} // namespace cast_channel

} // namespace core_api