networking_private_crypto.h revision 58537e28ecd584eab876aee8be7156509866d23a
158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved.
258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// found in the LICENSE file.
458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#ifndef CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#define CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include <string>
958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "base/basictypes.h"
1058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
1158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Implementation of Crypto support for networking private API.
1258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Based on chromeos_public//src/platform/shill/shims/crypto_util.cc
1358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)class NetworkingPrivateCrypto {
1458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) public:
1558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  NetworkingPrivateCrypto();
1658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  ~NetworkingPrivateCrypto();
1758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
1858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Verify that credentials described by |certificate| and |signed_data| are
1958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // valid.
2058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  //
2158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // 1) The MAC address listed in the certificate matches |connected_mac|.
2258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
2358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // 3) |signature| is a valid signature for |data|, using the public key in
2458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // |certificate|
2558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  bool VerifyCredentials(const std::string& certificate,
2658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& signature,
2758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& data,
2858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& connected_mac);
2958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
3058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Encrypt |data| with |public_key|. |public_key| is a DER-encoded
3158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // RSAPublicKey. |data| is some string of bytes at smaller than the
3258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // maximum length permissable for encryption with a key of |public_key| size.
3358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  //
3458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Returns true on success, storing the encrypted result in
3558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // |encrypted_output|.
3658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  bool EncryptByteString(const std::string& public_key,
3758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& data,
3858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         std::string* encrypted_output);
3958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
4058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) private:
4158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  friend class NetworkingPrivateCryptoTest;
4258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
4358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
4458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
4558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test.
4658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  //
4758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Returns true on success, storing the decrypted result in
4858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // |decrypted_output|.
4958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  bool DecryptByteString(const std::string& private_key_pem,
5058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& encrypted_data,
5158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         std::string* decrypted_output);
5258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
5358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  DISALLOW_COPY_AND_ASSIGN(NetworkingPrivateCrypto);
5458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)};
5558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
5658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#endif  // CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
5758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
58