networking_private_crypto.h revision a1401311d1ab56c4ed0a474bd38c108f75cb0cd9
1a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved.
258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// found in the LICENSE file.
458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
5a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#ifndef CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
6a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#define CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include <string>
9a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include <vector>
1058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "base/basictypes.h"
1158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
1258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Implementation of Crypto support for networking private API.
1358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)// Based on chromeos_public//src/platform/shill/shims/crypto_util.cc
1458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)class NetworkingPrivateCrypto {
1558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) public:
1658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  NetworkingPrivateCrypto();
1758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  ~NetworkingPrivateCrypto();
1858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
1958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Verify that credentials described by |certificate| and |signed_data| are
2058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // valid.
2158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  //
2258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // 1) The MAC address listed in the certificate matches |connected_mac|.
2358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
2458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // 3) |signature| is a valid signature for |data|, using the public key in
2558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // |certificate|
2658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  bool VerifyCredentials(const std::string& certificate,
2758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& signature,
2858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& data,
2958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& connected_mac);
3058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
3158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Encrypt |data| with |public_key|. |public_key| is a DER-encoded
32f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)  // RSAPublicKey. |data| is some string of bytes that is smaller than the
33f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)  // maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size.
3458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  //
3558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Returns true on success, storing the encrypted result in
3658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // |encrypted_output|.
37a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)  bool EncryptByteString(const std::vector<uint8>& public_key,
3858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         const std::string& data,
39a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)                         std::vector<uint8>* encrypted_output);
4058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
4158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) private:
4258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  friend class NetworkingPrivateCryptoTest;
4358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
4458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
4558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
4658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test.
4758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  //
4858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // Returns true on success, storing the decrypted result in
4958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  // |decrypted_output|.
5058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  bool DecryptByteString(const std::string& private_key_pem,
51a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)                         const std::vector<uint8>& encrypted_data,
5258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)                         std::string* decrypted_output);
5358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
5458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)  DISALLOW_COPY_AND_ASSIGN(NetworkingPrivateCrypto);
5558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)};
5658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)
57a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif  // CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
58