networking_private_crypto.h revision 6e8cce623b6e4fe0c9e4af605d675dd9d0338c38
1a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved.
258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// found in the LICENSE file.
458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
5a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#ifndef CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
6a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#define CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
85f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include <stdint.h>
95f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)
1058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include <string>
11a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include <vector>
125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)
1358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "base/basictypes.h"
1458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
156e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)namespace networking_private_crypto {
166e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)
176e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Verify that the credentials described by |certificate| and |signed_data|
186e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// are valid as follows:
196e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// 1) The MAC address listed in the certificate matches |connected_mac|.
206e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
216e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// 3) |signature| is a valid signature for |data|, using the public key in
226e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// |certificate|
236e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)bool VerifyCredentials(const std::string& certificate,
246e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)                       const std::string& signature,
256e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)                       const std::string& data,
266e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)                       const std::string& connected_mac);
276e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)
286e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Encrypt |data| with |public_key|. |public_key| is a DER-encoded
296e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// RSAPublicKey. |data| is some string of bytes that is smaller than the
306e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size.
316e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)//
326e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Returns true on success, storing the encrypted result in
336e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// |encrypted_output|.
346e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)bool EncryptByteString(const std::vector<uint8_t>& public_key,
356e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)                       const std::string& data,
366e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)                       std::vector<uint8_t>* encrypted_output);
376e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)
386e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
396e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
406e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test.
416e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// Returns true on success, storing the decrypted result in
426e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// |decrypted_output|.
436e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)bool DecryptByteString(const std::string& private_key_pem,
446e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)                       const std::vector<uint8_t>& encrypted_data,
456e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)                       std::string* decrypted_output);
466e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)
476e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// The trusted public key as a DER-encoded PKCS#1 RSAPublicKey structure.
486e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)extern const uint8_t kTrustedCAPublicKeyDER[];
496e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)
506e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// The length of |kTrustedCAPublicKeyDER| in bytes.
516e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)extern const size_t kTrustedCAPublicKeyDERLength;
526e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)
536e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)}  // namespace networking_private_crypto
5458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
55a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif  // CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
56