diff options
| author | dilmah@chromium.org <dilmah@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-18 11:58:44 +0000 |
|---|---|---|
| committer | dilmah@chromium.org <dilmah@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-18 11:58:44 +0000 |
| commit | c6e584c20129f8745e6fc9170a220eb58e13e172 (patch) | |
| tree | 6491e890f845af7443f6be07d15d9e60c89ec998 /crypto/symmetric_key_mac.cc | |
| parent | 37e7790801761dc99be00d69f102b7319f2d6a8e (diff) | |
| download | chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.zip chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.tar.gz chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.tar.bz2 | |
Private API for extensions like ssh-client that need access to websocket-to-tcp proxy.
Access to TCP is obtained in following way:
(1) extension requests authentication token via call to private API like:
chrome.webSocketProxyPrivate.getPassportForTCP('netbsd.org', 25, callback);
if API validates this request
then extension obtains some string token (in callback).
(2) open websocket connection to local websocket-to-tcp proxy ws://127.0.0.1:10101/tcpproxy
(3) pass header containing hostname, port and token obtained at step (1)
(4) communicate (in base64 encoding at this moment).
Proxy (running in chrome process) verifies those tokens by calls to InternalAuthVerification::VerifyPassport
Passports are one-time; no passport can be reused.
Passports expire in short period of time (20 seconds).
BUG=chromium-os:9667
TEST=unit_test,apitest
Review URL: http://codereview.chromium.org/6683060
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@85757 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/symmetric_key_mac.cc')
| -rw-r--r-- | crypto/symmetric_key_mac.cc | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/crypto/symmetric_key_mac.cc b/crypto/symmetric_key_mac.cc index 47193a08..a92c43a 100644 --- a/crypto/symmetric_key_mac.cc +++ b/crypto/symmetric_key_mac.cc @@ -32,7 +32,7 @@ CSSM_KEY_TYPE CheckKeyParams(crypto::SymmetricKey::Algorithm algorithm, } } -void* CreateRandomBytes(size_t size) { +uint8_t* CreateRandomBytes(size_t size) { CSSM_RETURN err; CSSM_CC_HANDLE ctx; err = CSSM_CSP_CreateRandomGenContext(crypto::GetSharedCSPHandle(), @@ -50,7 +50,7 @@ void* CreateRandomBytes(size_t size) { random_data.Data = NULL; } CSSM_DeleteContext(ctx); - return random_data.Data; // Caller responsible for freeing this + return random_data.Data; // Caller responsible for freeing this. } inline CSSM_DATA StringToData(const std::string& str) { @@ -65,16 +65,20 @@ inline CSSM_DATA StringToData(const std::string& str) { namespace crypto { -SymmetricKey::~SymmetricKey() {} +SymmetricKey::~SymmetricKey() { + std::fill(key_.begin(), key_.end(), 0); +} // static SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, size_t key_size_in_bits) { CheckKeyParams(algorithm, key_size_in_bits); - void* random_bytes = CreateRandomBytes((key_size_in_bits + 7) / 8); + size_t key_size_in_bytes = (key_size_in_bits + 7) / 8; + uint8_t* random_bytes = CreateRandomBytes(key_size_in_bytes); if (!random_bytes) return NULL; SymmetricKey *key = new SymmetricKey(random_bytes, key_size_in_bits); + std::fill(random_bytes, random_bytes + key_size_in_bytes, 0); free(random_bytes); return key; } @@ -139,9 +143,9 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm, return new SymmetricKey(raw_key.data(), raw_key.size() * 8); } -SymmetricKey::SymmetricKey(const void *key_data, size_t key_size_in_bits) - : key_(reinterpret_cast<const char*>(key_data), - key_size_in_bits / 8) {} +SymmetricKey::SymmetricKey(const void* key_data, size_t key_size_in_bits) + : key_(reinterpret_cast<const char*>(key_data), key_size_in_bits / 8) { +} bool SymmetricKey::GetRawKey(std::string* raw_key) { *raw_key = key_; |