1a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// found in the LICENSE file. 458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 5a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#ifndef CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_ 6a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#define CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_ 758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 85f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include <stdint.h> 95f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include <string> 11a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include <vector> 125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "base/basictypes.h" 1458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 156e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)namespace networking_private_crypto { 166e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 176e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Verify that the credentials described by |certificate| and |signed_data| 186e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// are valid as follows: 196e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// 1) The MAC address listed in the certificate matches |connected_mac|. 206e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// 2) The certificate is a valid PEM encoded certificate signed by trusted CA. 216e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// 3) |signature| is a valid signature for |data|, using the public key in 226e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// |certificate| 236e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)bool VerifyCredentials(const std::string& certificate, 246e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::string& signature, 256e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::string& data, 266e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::string& connected_mac); 276e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 286e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Encrypt |data| with |public_key|. |public_key| is a DER-encoded 296e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// RSAPublicKey. |data| is some string of bytes that is smaller than the 306e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size. 316e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// 326e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Returns true on success, storing the encrypted result in 336e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// |encrypted_output|. 346e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)bool EncryptByteString(const std::vector<uint8_t>& public_key, 356e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::string& data, 366e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) std::vector<uint8_t>* encrypted_output); 376e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 386e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the 396e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with 406e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test. 416e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Returns true on success, storing the decrypted result in 426e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// |decrypted_output|. 436e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)bool DecryptByteString(const std::string& private_key_pem, 446e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::vector<uint8_t>& encrypted_data, 456e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) std::string* decrypted_output); 466e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 476e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// The trusted public key as a DER-encoded PKCS#1 RSAPublicKey structure. 486e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)extern const uint8_t kTrustedCAPublicKeyDER[]; 496e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 506e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// The length of |kTrustedCAPublicKeyDER| in bytes. 516e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)extern const size_t kTrustedCAPublicKeyDERLength; 526e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 536e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)} // namespace networking_private_crypto 5458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 55a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif // CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_ 56