networking_private_crypto.h revision 5f1c94371a64b3196d4be9466099bb892df9b88e
1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
6#define CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
7
8#include <stdint.h>
9
10#include <string>
11#include <vector>
12
13#include "base/basictypes.h"
14
15// Implementation of Crypto support for networking private API.
16// Based on chromeos_public//src/platform/shill/shims/crypto_util.cc
17class NetworkingPrivateCrypto {
18 public:
19  NetworkingPrivateCrypto();
20  ~NetworkingPrivateCrypto();
21
22  // Verify that credentials described by |certificate| and |signed_data| are
23  // valid.
24  //
25  // 1) The MAC address listed in the certificate matches |connected_mac|.
26  // 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
27  // 3) |signature| is a valid signature for |data|, using the public key in
28  // |certificate|
29  bool VerifyCredentials(const std::string& certificate,
30                         const std::string& signature,
31                         const std::string& data,
32                         const std::string& connected_mac);
33
34  // Encrypt |data| with |public_key|. |public_key| is a DER-encoded
35  // RSAPublicKey. |data| is some string of bytes that is smaller than the
36  // maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size.
37  //
38  // Returns true on success, storing the encrypted result in
39  // |encrypted_output|.
40  bool EncryptByteString(const std::vector<uint8_t>& public_key,
41                         const std::string& data,
42                         std::vector<uint8_t>* encrypted_output);
43
44 private:
45  friend class NetworkingPrivateCryptoTest;
46
47  // Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
48  // PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
49  // EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test.
50  //
51  // Returns true on success, storing the decrypted result in
52  // |decrypted_output|.
53  bool DecryptByteString(const std::string& private_key_pem,
54                         const std::vector<uint8_t>& encrypted_data,
55                         std::string* decrypted_output);
56
57  // The trusted public key as a DER-encoded PKCS#1 RSAPublicKey
58  // structure.
59  static const uint8_t kTrustedCAPublicKeyDER[];
60
61  // The length of |kTrustedCAPublicKeyDER| in bytes.
62  static const size_t kTrustedCAPublicKeyDERLength;
63
64  DISALLOW_COPY_AND_ASSIGN(NetworkingPrivateCrypto);
65};
66
67#endif  // CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
68