diff options
| author | dilmah@chromium.org <dilmah@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-18 11:58:44 +0000 |
|---|---|---|
| committer | dilmah@chromium.org <dilmah@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-18 11:58:44 +0000 |
| commit | c6e584c20129f8745e6fc9170a220eb58e13e172 (patch) | |
| tree | 6491e890f845af7443f6be07d15d9e60c89ec998 /crypto | |
| parent | 37e7790801761dc99be00d69f102b7319f2d6a8e (diff) | |
| download | chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.zip chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.tar.gz chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.tar.bz2 | |
Private API for extensions like ssh-client that need access to websocket-to-tcp proxy.
Access to TCP is obtained in following way:
(1) extension requests authentication token via call to private API like:
chrome.webSocketProxyPrivate.getPassportForTCP('netbsd.org', 25, callback);
if API validates this request
then extension obtains some string token (in callback).
(2) open websocket connection to local websocket-to-tcp proxy ws://127.0.0.1:10101/tcpproxy
(3) pass header containing hostname, port and token obtained at step (1)
(4) communicate (in base64 encoding at this moment).
Proxy (running in chrome process) verifies those tokens by calls to InternalAuthVerification::VerifyPassport
Passports are one-time; no passport can be reused.
Passports expire in short period of time (20 seconds).
BUG=chromium-os:9667
TEST=unit_test,apitest
Review URL: http://codereview.chromium.org/6683060
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@85757 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/hmac.h | 4 | ||||
| -rw-r--r-- | crypto/hmac_mac.cc | 2 | ||||
| -rw-r--r-- | crypto/hmac_nss.cc | 2 | ||||
| -rw-r--r-- | crypto/hmac_openssl.cc | 2 | ||||
| -rw-r--r-- | crypto/hmac_win.cc | 2 | ||||
| -rw-r--r-- | crypto/symmetric_key_mac.cc | 18 |
6 files changed, 18 insertions, 12 deletions
diff --git a/crypto/hmac.h b/crypto/hmac.h index 7852797..c0706d8 100644 --- a/crypto/hmac.h +++ b/crypto/hmac.h @@ -51,7 +51,9 @@ class HMAC { // to the constructor and the key supplied to the Init method. The HMAC is // returned in |digest|, which has |digest_length| bytes of storage available. // TODO(abarth): digest_length should be a size_t. - bool Sign(const std::string& data, unsigned char* digest, int digest_length); + bool Sign(const std::string& data, + unsigned char* digest, + int digest_length) const; // TODO(albertb): Add a Verify method. diff --git a/crypto/hmac_mac.cc b/crypto/hmac_mac.cc index d7cec61..fefd6e7 100644 --- a/crypto/hmac_mac.cc +++ b/crypto/hmac_mac.cc @@ -41,7 +41,7 @@ HMAC::~HMAC() { bool HMAC::Sign(const std::string& data, unsigned char* digest, - int digest_length) { + int digest_length) const { CCHmacAlgorithm algorithm; int algorithm_digest_length; switch (hash_alg_) { diff --git a/crypto/hmac_nss.cc b/crypto/hmac_nss.cc index 957f9db..722fcf1 100644 --- a/crypto/hmac_nss.cc +++ b/crypto/hmac_nss.cc @@ -75,7 +75,7 @@ bool HMAC::Init(const unsigned char *key, int key_length) { bool HMAC::Sign(const std::string& data, unsigned char* digest, - int digest_length) { + int digest_length) const { if (!plat_->sym_key_.get()) { // Init has not been called before Sign. NOTREACHED(); diff --git a/crypto/hmac_openssl.cc b/crypto/hmac_openssl.cc index 6fbc437..8b7b96d 100644 --- a/crypto/hmac_openssl.cc +++ b/crypto/hmac_openssl.cc @@ -42,7 +42,7 @@ HMAC::~HMAC() { bool HMAC::Sign(const std::string& data, unsigned char* digest, - int digest_length) { + int digest_length) const { DCHECK_GE(digest_length, 0); DCHECK(!plat_->key.empty()); // Init must be called before Sign. diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc index e5511e0..1e6954a 100644 --- a/crypto/hmac_win.cc +++ b/crypto/hmac_win.cc @@ -156,7 +156,7 @@ HMAC::~HMAC() { bool HMAC::Sign(const std::string& data, unsigned char* digest, - int digest_length) { + int digest_length) const { if (hash_alg_ == SHA256) { if (plat_->raw_key_.empty()) return false; diff --git a/crypto/symmetric_key_mac.cc b/crypto/symmetric_key_mac.cc index 47193a08..a92c43a 100644 --- a/crypto/symmetric_key_mac.cc +++ b/crypto/symmetric_key_mac.cc @@ -32,7 +32,7 @@ CSSM_KEY_TYPE CheckKeyParams(crypto::SymmetricKey::Algorithm algorithm, } } -void* CreateRandomBytes(size_t size) { +uint8_t* CreateRandomBytes(size_t size) { CSSM_RETURN err; CSSM_CC_HANDLE ctx; err = CSSM_CSP_CreateRandomGenContext(crypto::GetSharedCSPHandle(), @@ -50,7 +50,7 @@ void* CreateRandomBytes(size_t size) { random_data.Data = NULL; } CSSM_DeleteContext(ctx); - return random_data.Data; // Caller responsible for freeing this + return random_data.Data; // Caller responsible for freeing this. } inline CSSM_DATA StringToData(const std::string& str) { @@ -65,16 +65,20 @@ inline CSSM_DATA StringToData(const std::string& str) { namespace crypto { -SymmetricKey::~SymmetricKey() {} +SymmetricKey::~SymmetricKey() { + std::fill(key_.begin(), key_.end(), 0); +} // static SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, size_t key_size_in_bits) { CheckKeyParams(algorithm, key_size_in_bits); - void* random_bytes = CreateRandomBytes((key_size_in_bits + 7) / 8); + size_t key_size_in_bytes = (key_size_in_bits + 7) / 8; + uint8_t* random_bytes = CreateRandomBytes(key_size_in_bytes); if (!random_bytes) return NULL; SymmetricKey *key = new SymmetricKey(random_bytes, key_size_in_bits); + std::fill(random_bytes, random_bytes + key_size_in_bytes, 0); free(random_bytes); return key; } @@ -139,9 +143,9 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm, return new SymmetricKey(raw_key.data(), raw_key.size() * 8); } -SymmetricKey::SymmetricKey(const void *key_data, size_t key_size_in_bits) - : key_(reinterpret_cast<const char*>(key_data), - key_size_in_bits / 8) {} +SymmetricKey::SymmetricKey(const void* key_data, size_t key_size_in_bits) + : key_(reinterpret_cast<const char*>(key_data), key_size_in_bits / 8) { +} bool SymmetricKey::GetRawKey(std::string* raw_key) { *raw_key = key_; |