Chromium Code Reviews Chromium Code Reviews
Issue 687733004:
Implement crypto signature verification routines using OpenSSL. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: extensions/browser/api/cast_channel/cast_auth_util.h |
| diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h |
| index fa00d8173e297fcca78d0466e65c75735506241e..cd3d1032f5c06aecd1ad37793c7aa04a8de3d3c5 100644 |
| --- a/extensions/browser/api/cast_channel/cast_auth_util.h |
| +++ b/extensions/browser/api/cast_channel/cast_auth_util.h |
| @@ -6,11 +6,13 @@ |
| #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_ |
| #include <string> |
| +#include <vector> |
| namespace extensions { |
| namespace core_api { |
| namespace cast_channel { |
| +class AuthResponse; |
| class CastMessage; |
| class DeviceAuthMessage; |
| @@ -25,18 +27,25 @@ struct AuthResult { |
| ERROR_MESSAGE_ERROR, |
| ERROR_NO_RESPONSE, |
| ERROR_FINGERPRINT_NOT_FOUND, |
| - ERROR_NSS_CERT_PARSING_FAILED, |
| - ERROR_NSS_CERT_NOT_SIGNED_BY_TRUSTED_CA, |
| - ERROR_NSS_CANNOT_EXTRACT_PUBLIC_KEY, |
| - ERROR_NSS_SIGNED_BLOBS_MISMATCH |
| + ERROR_CERT_PARSING_FAILED, |
| + ERROR_CERT_NOT_SIGNED_BY_TRUSTED_CA, |
| + ERROR_CANNOT_EXTRACT_PUBLIC_KEY, |
| + ERROR_SIGNED_BLOBS_MISMATCH, |
| + ERROR_UNEXPECTED_AUTH_LIBRARY_RESULT, |
| }; |
| // Constructs a AuthResult that corresponds to success. |
| AuthResult(); |
| ~AuthResult(); |
| + AuthResult(const AuthResult& rvalue); |
| + |
| static AuthResult CreateWithParseError(const std::string& error_message, |
| ErrorType error_type); |
| + static AuthResult CreateWithOpenSSLErrors( |
| + const std::string& error_message, |
| + ErrorType error_type, |
| + const std::vector<std::pair<std::string, int>>& openssl_errors); |
| static AuthResult CreateWithNSSError(const std::string& error_message, |
| ErrorType error_type, |
| int nss_error_code); |
| @@ -47,22 +56,29 @@ struct AuthResult { |
| ErrorType error_type; |
| int nss_error_code; |
| + // Vector of filename, line number pairs that comprise the stack |
| + // of OpenSSL errors. |
|
mark a. foltz
2014/10/31 22:29:25
So each entry is just part of a stack trace for a
Kevin M
2014/11/01 00:03:05
It's a stack of errors.
https://code.google.com/p/
davidben
2014/11/01 00:19:34
Including the error values is fine as long as it's
Kevin M
2014/11/03 18:31:46
Done in a separate Git branch.
|
| + std::vector<std::pair<std::string, int>> openssl_errors; |
|
mark a. foltz
2014/10/31 22:29:25
Slight preference for declaring a struct to hold t
Kevin M
2014/11/01 00:03:05
How's this?
|
| + |
| private: |
| AuthResult(const std::string& error_message, |
| ErrorType error_type, |
| - int nss_error_code); |
| + int nss_error_code, |
| + const std::vector<std::pair<std::string, int>>& openssl_errors); |
|
mark a. foltz
2014/10/31 22:29:25
Maybe this should be openssl_error_stack?
Kevin M
2014/11/01 00:03:05
Done.
|
| }; |
| // Authenticates the given |challenge_reply|: |
| // 1. Signature contained in the reply is valid. |
| // 2. Certficate used to sign is rooted to a trusted CA. |
| -AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, |
| - const std::string& peer_cert); |
| +AuthResult AuthenticateChallengeReply( |
| + const CastMessage& challenge_reply, |
| + const std::string& peer_cert); |
| -// Parses a DeviceAuthMessage payload from a challenge reply. |
| -// Returns an AuthResult to indicate success or failure. |
| -AuthResult ParseAuthMessage(const CastMessage& challenge_reply, |
| - DeviceAuthMessage* auth_message); |
| +// Auth-library specific implementation of cryptographic signature |
| +// verification routines. Verifies that |response| contains a |
| +// valid signed form of |peer_cert|. |
| +AuthResult VerifyCredentials(const AuthResponse& response, |
| + const std::string& peer_cert); |
| } // namespace cast_channel |
| } // namespace core_api |
