diff options
author | stevenjb@chromium.org <stevenjb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-08 18:26:29 +0000 |
---|---|---|
committer | stevenjb@chromium.org <stevenjb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-08 18:26:29 +0000 |
commit | 7ae46cc29e676f6239f3df465d67cf4a4df38921 (patch) | |
tree | fad28282c7892e87c4ce5d3eed5db9963bce1caa | |
parent | a2f63aaa30570dfdc1d94ec880c6702ccfbd096b (diff) | |
download | chromium_src-7ae46cc29e676f6239f3df465d67cf4a4df38921.zip chromium_src-7ae46cc29e676f6239f3df465d67cf4a4df38921.tar.gz chromium_src-7ae46cc29e676f6239f3df465d67cf4a4df38921.tar.bz2 |
Separate CryptoVerifyImpl into its own file.
This eliminates some dependencies from NetworkingPrivateServiceClient
that will allow it to be moved to src/extensions.
It also changes NetworkingPrivatCrypto from a class to a namespace since that is how we use it.
BUG=363776
Review URL: https://codereview.chromium.org/442073003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@288396 0039d316-1c4b-4281-b951-d872f2087c98
12 files changed, 239 insertions, 177 deletions
diff --git a/chrome/browser/extensions/api/networking_private/crypto_verify_impl.cc b/chrome/browser/extensions/api/networking_private/crypto_verify_impl.cc new file mode 100644 index 0000000..66b89e7 --- /dev/null +++ b/chrome/browser/extensions/api/networking_private/crypto_verify_impl.cc @@ -0,0 +1,82 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/browser/extensions/api/networking_private/crypto_verify_impl.h" + +#include "base/base64.h" +#include "chrome/browser/extensions/api/networking_private/networking_private_credentials_getter.h" +#include "chrome/browser/extensions/api/networking_private/networking_private_service_client.h" +#include "chrome/common/extensions/api/networking_private/networking_private_crypto.h" + +namespace { + +bool VerifyCredentials(const CryptoVerifyImpl::Credentials& credentials) { + return networking_private_crypto::VerifyCredentials(credentials.certificate, + credentials.signed_data, + credentials.unsigned_data, + credentials.device_bssid); +} + +} // namespace + +using extensions::NetworkingPrivateServiceClient; +using extensions::NetworkingPrivateCredentialsGetter; + +NetworkingPrivateServiceClient::CryptoVerify* +NetworkingPrivateServiceClient::CryptoVerify::Create() { + return new CryptoVerifyImpl(); +} + +CryptoVerifyImpl::CryptoVerifyImpl() { +} + +CryptoVerifyImpl::~CryptoVerifyImpl() { +} + +void CryptoVerifyImpl::VerifyDestination(const Credentials& credentials, + bool* verified, + std::string* error) { + *verified = VerifyCredentials(credentials); +} + +void CryptoVerifyImpl::VerifyAndEncryptCredentials( + const std::string& network_guid, + const Credentials& credentials, + const VerifyAndEncryptCredentialsCallback& callback) { + if (!VerifyCredentials(credentials)) { + callback.Run("", "VerifyError"); + return; + } + + scoped_ptr<NetworkingPrivateCredentialsGetter> credentials_getter( + NetworkingPrivateCredentialsGetter::Create()); + + // Start getting credentials. On Windows |callback| will be called + // asynchronously on a different thread after |credentials_getter| + // is deleted. + credentials_getter->Start(network_guid, credentials.public_key, callback); +} + +void CryptoVerifyImpl::VerifyAndEncryptData( + const Credentials& credentials, + const std::string& data, + std::string* base64_encoded_ciphertext, + std::string* error) { + if (!VerifyCredentials(credentials)) { + *error = "VerifyError"; + return; + } + + std::vector<uint8> public_key_data(credentials.public_key.begin(), + credentials.public_key.end()); + std::vector<uint8> ciphertext; + if (!networking_private_crypto::EncryptByteString( + public_key_data, data, &ciphertext)) { + *error = "EncryptError"; + return; + } + + base::Base64Encode(std::string(ciphertext.begin(), ciphertext.end()), + base64_encoded_ciphertext); +} diff --git a/chrome/browser/extensions/api/networking_private/crypto_verify_impl.h b/chrome/browser/extensions/api/networking_private/crypto_verify_impl.h new file mode 100644 index 0000000..17a01b1 --- /dev/null +++ b/chrome/browser/extensions/api/networking_private/crypto_verify_impl.h @@ -0,0 +1,37 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_ +#define CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_ + +#include "base/compiler_specific.h" +#include "base/macros.h" +#include "chrome/browser/extensions/api/networking_private/networking_private_service_client.h" + +// Implementation of NetworkingPrivateServiceClient::CryptoVerify using +// networking_private_crypto. +class CryptoVerifyImpl + : public extensions::NetworkingPrivateServiceClient::CryptoVerify { + public: + CryptoVerifyImpl(); + virtual ~CryptoVerifyImpl(); + + // NetworkingPrivateServiceClient::CryptoVerify + virtual void VerifyDestination(const Credentials& credentials, + bool* verified, + std::string* error) OVERRIDE; + virtual void VerifyAndEncryptCredentials( + const std::string& network_guid, + const Credentials& credentials, + const VerifyAndEncryptCredentialsCallback& callback) OVERRIDE; + virtual void VerifyAndEncryptData(const Credentials& credentials, + const std::string& data, + std::string* base64_encoded_ciphertext, + std::string* error) OVERRIDE; + + private: + DISALLOW_COPY_AND_ASSIGN(CryptoVerifyImpl); +}; + +#endif // CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_ diff --git a/chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc b/chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc index f2e2ff8..a272646 100644 --- a/chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc +++ b/chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc @@ -56,10 +56,10 @@ void NetworkingPrivateCredentialsGetterMac::Start( return; } - NetworkingPrivateCrypto crypto; std::vector<uint8> public_key_data(public_key.begin(), public_key.end()); std::vector<uint8> ciphertext; - if (!crypto.EncryptByteString(public_key_data, key_data, &ciphertext)) { + if (!networking_private_crypto::EncryptByteString( + public_key_data, key_data, &ciphertext)) { callback.Run("", kErrorEncryption); return; } diff --git a/chrome/browser/extensions/api/networking_private/networking_private_service_client.cc b/chrome/browser/extensions/api/networking_private/networking_private_service_client.cc index f93a835..b3b0cee 100644 --- a/chrome/browser/extensions/api/networking_private/networking_private_service_client.cc +++ b/chrome/browser/extensions/api/networking_private/networking_private_service_client.cc @@ -12,11 +12,8 @@ #include "base/threading/worker_pool.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/extensions/api/networking_private/networking_private_api.h" -#include "chrome/browser/extensions/api/networking_private/networking_private_credentials_getter.h" #include "chrome/common/extensions/api/networking_private.h" -#include "chrome/common/extensions/api/networking_private/networking_private_crypto.h" #include "content/public/browser/browser_thread.h" -#include "content/public/browser/utility_process_host.h" using content::BrowserThread; @@ -49,66 +46,6 @@ bool GetVerificationCredentials( return true; } -// Implementation of Verify* methods using NetworkingPrivateCrypto. -// TODO(mef): Move this into NetworkingPrivateCrypto class. -class CryptoVerifyImpl : public NetworkingPrivateServiceClient::CryptoVerify { - bool VerifyCredentials(const Credentials& credentials) { - NetworkingPrivateCrypto crypto; - return crypto.VerifyCredentials(credentials.certificate, - credentials.signed_data, - credentials.unsigned_data, - credentials.device_bssid); - } - - // NetworkingPrivateServiceClient::CryptoVerify - - virtual void VerifyDestination(const Credentials& credentials, - bool* verified, - std::string* error) OVERRIDE { - *verified = VerifyCredentials(credentials); - } - - virtual void VerifyAndEncryptCredentials( - const std::string& network_guid, - const Credentials& credentials, - const VerifyAndEncryptCredentialsCallback& callback) OVERRIDE { - if (!VerifyCredentials(credentials)) { - callback.Run("", "VerifyError"); - return; - } - - scoped_ptr<NetworkingPrivateCredentialsGetter> credentials_getter( - NetworkingPrivateCredentialsGetter::Create()); - - // Start getting credentials. On Windows |callback| will be called - // asynchronously on a different thread after |credentials_getter| - // is deleted. - credentials_getter->Start(network_guid, credentials.public_key, callback); - } - - virtual void VerifyAndEncryptData(const Credentials& credentials, - const std::string& data, - std::string* base64_encoded_ciphertext, - std::string* error) OVERRIDE { - if (!VerifyCredentials(credentials)) { - *error = "VerifyError"; - return; - } - - NetworkingPrivateCrypto crypto; - std::vector<uint8> public_key_data( - credentials.public_key.begin(), credentials.public_key.end()); - std::vector<uint8> ciphertext; - if (!crypto.EncryptByteString(public_key_data, data, &ciphertext)) { - *error = "EncryptError"; - return; - } - - base::Base64Encode(std::string(ciphertext.begin(), ciphertext.end()), - base64_encoded_ciphertext); - } -}; - // Deletes WiFiService and CryptoVerify objects on worker thread. void ShutdownServicesOnWorkerThread( scoped_ptr<wifi::WiFiService> wifi_service, @@ -131,6 +68,9 @@ void AfterVerifyAndEncryptCredentialsRelay( } // namespace +NetworkingPrivateServiceClient::CryptoVerify::CryptoVerify() {} +NetworkingPrivateServiceClient::CryptoVerify::~CryptoVerify() {} + NetworkingPrivateServiceClient::CryptoVerify::Credentials::Credentials() {} NetworkingPrivateServiceClient::CryptoVerify::Credentials::~Credentials() {} @@ -175,11 +115,6 @@ NetworkingPrivateServiceClient::~NetworkingPrivateServiceClient() { DCHECK(!crypto_verify_.get()); } -NetworkingPrivateServiceClient::CryptoVerify* - NetworkingPrivateServiceClient::CryptoVerify::Create() { - return new CryptoVerifyImpl(); -} - NetworkingPrivateServiceClient::ServiceCallbacks::ServiceCallbacks() {} NetworkingPrivateServiceClient::ServiceCallbacks::~ServiceCallbacks() {} @@ -433,6 +368,11 @@ void NetworkingPrivateServiceClient::VerifyDestination( const VerificationProperties& verification_properties, const BoolCallback& success_callback, const FailureCallback& failure_callback) { + if (!crypto_verify_) { + failure_callback.Run(networking_private::kErrorNotSupported); + return; + } + ServiceCallbacks* service_callbacks = AddServiceCallbacks(); service_callbacks->failure_callback = failure_callback; service_callbacks->verify_destination_callback = success_callback; @@ -465,6 +405,11 @@ void NetworkingPrivateServiceClient::VerifyAndEncryptCredentials( const VerificationProperties& verification_properties, const StringCallback& success_callback, const FailureCallback& failure_callback) { + if (!crypto_verify_) { + failure_callback.Run(networking_private::kErrorNotSupported); + return; + } + ServiceCallbacks* service_callbacks = AddServiceCallbacks(); service_callbacks->failure_callback = failure_callback; service_callbacks->verify_and_encrypt_credentials_callback = success_callback; @@ -496,6 +441,11 @@ void NetworkingPrivateServiceClient::VerifyAndEncryptData( const std::string& data, const StringCallback& success_callback, const FailureCallback& failure_callback) { + if (!crypto_verify_) { + failure_callback.Run(networking_private::kErrorNotSupported); + return; + } + ServiceCallbacks* service_callbacks = AddServiceCallbacks(); service_callbacks->failure_callback = failure_callback; service_callbacks->verify_and_encrypt_data_callback = success_callback; diff --git a/chrome/browser/extensions/api/networking_private/networking_private_service_client.h b/chrome/browser/extensions/api/networking_private/networking_private_service_client.h index beb55ea..63708c5 100644 --- a/chrome/browser/extensions/api/networking_private/networking_private_service_client.h +++ b/chrome/browser/extensions/api/networking_private/networking_private_service_client.h @@ -64,9 +64,11 @@ class NetworkingPrivateServiceClient std::string public_key; }; - CryptoVerify() {} - virtual ~CryptoVerify() {} + CryptoVerify(); + virtual ~CryptoVerify(); + // Must be provided by the implementation. May return NULL if certificate + // verification is unavailable, see NetworkingPrivateServiceClient(). static CryptoVerify* Create(); virtual void VerifyDestination(const Credentials& credentials, @@ -104,7 +106,8 @@ class NetworkingPrivateServiceClient // Takes ownership of |wifi_service| and |crypto_verify|. They are accessed // and deleted on the worker thread. The deletion task is posted during the - // NetworkingPrivateServiceClient shutdown. + // NetworkingPrivateServiceClient shutdown. |crypto_verify| may be NULL in + // which case Verify* will return a 'not implemented' error. NetworkingPrivateServiceClient(wifi::WiFiService* wifi_service, CryptoVerify* crypto_verify); @@ -254,6 +257,7 @@ class NetworkingPrivateServiceClient // Observers to Network Events. ObserverList<Observer> network_events_observers_; // Interface for Verify* methods. Used and deleted on the worker thread. + // May be NULL. scoped_ptr<CryptoVerify> crypto_verify_; // Interface to WiFiService. Used and deleted on the worker thread. scoped_ptr<wifi::WiFiService> wifi_service_; diff --git a/chrome/chrome_browser_extensions.gypi b/chrome/chrome_browser_extensions.gypi index aa3f5be..a8b3149 100644 --- a/chrome/chrome_browser_extensions.gypi +++ b/chrome/chrome_browser_extensions.gypi @@ -922,6 +922,8 @@ 'browser/extensions/extension_tab_util_android.cc', ], 'chrome_browser_extensions_networking_private_sources': [ + 'browser/extensions/api/networking_private/crypto_verify_impl.cc', + 'browser/extensions/api/networking_private/crypto_verify_impl.h', 'browser/extensions/api/networking_private/networking_private_api.h', 'browser/extensions/api/networking_private/networking_private_credentials_getter.h', 'browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc', diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto.cc b/chrome/common/extensions/api/networking_private/networking_private_crypto.cc index feec2e6..34c2776 100644 --- a/chrome/common/extensions/api/networking_private/networking_private_crypto.cc +++ b/chrome/common/extensions/api/networking_private/networking_private_crypto.cc @@ -4,7 +4,9 @@ #include "chrome/common/extensions/api/networking_private/networking_private_crypto.h" -const uint8 NetworkingPrivateCrypto::kTrustedCAPublicKeyDER[] = { +namespace networking_private_crypto { + +const uint8 kTrustedCAPublicKeyDER[] = { 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc, 0x22, 0x80, 0xbd, 0x80, 0xf6, 0x3a, 0x21, 0x00, 0x3b, 0xae, 0x76, 0x5e, 0x35, 0x7f, 0x3d, 0xc3, 0x64, 0x5c, 0x55, 0x94, 0x86, 0x34, 0x2f, 0x05, 0x87, 0x28, @@ -29,11 +31,6 @@ const uint8 NetworkingPrivateCrypto::kTrustedCAPublicKeyDER[] = { 0x61, 0x47, 0x9e, 0xab, 0x80, 0xb7, 0xe4, 0x48, 0x80, 0x2a, 0x92, 0xc5, 0x1b, 0x02, 0x03, 0x01, 0x00, 0x01}; -const size_t NetworkingPrivateCrypto::kTrustedCAPublicKeyDERLength = - sizeof(kTrustedCAPublicKeyDER); - -NetworkingPrivateCrypto::NetworkingPrivateCrypto() { -} +const size_t kTrustedCAPublicKeyDERLength = sizeof(kTrustedCAPublicKeyDER); -NetworkingPrivateCrypto::~NetworkingPrivateCrypto() { -} +} // namespace networking_private_crypto diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto.h b/chrome/common/extensions/api/networking_private/networking_private_crypto.h index ffdb997..e613293 100644 --- a/chrome/common/extensions/api/networking_private/networking_private_crypto.h +++ b/chrome/common/extensions/api/networking_private/networking_private_crypto.h @@ -12,56 +12,44 @@ #include "base/basictypes.h" -// Implementation of Crypto support for networking private API. -// Based on chromeos_public//src/platform/shill/shims/crypto_util.cc -class NetworkingPrivateCrypto { - public: - NetworkingPrivateCrypto(); - ~NetworkingPrivateCrypto(); - - // Verify that credentials described by |certificate| and |signed_data| are - // valid. - // - // 1) The MAC address listed in the certificate matches |connected_mac|. - // 2) The certificate is a valid PEM encoded certificate signed by trusted CA. - // 3) |signature| is a valid signature for |data|, using the public key in - // |certificate| - bool VerifyCredentials(const std::string& certificate, - const std::string& signature, - const std::string& data, - const std::string& connected_mac); - - // Encrypt |data| with |public_key|. |public_key| is a DER-encoded - // RSAPublicKey. |data| is some string of bytes that is smaller than the - // maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size. - // - // Returns true on success, storing the encrypted result in - // |encrypted_output|. - bool EncryptByteString(const std::vector<uint8_t>& public_key, - const std::string& data, - std::vector<uint8_t>* encrypted_output); - - private: - friend class NetworkingPrivateCryptoTest; - - // Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the - // PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with - // EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test. - // - // Returns true on success, storing the decrypted result in - // |decrypted_output|. - bool DecryptByteString(const std::string& private_key_pem, - const std::vector<uint8_t>& encrypted_data, - std::string* decrypted_output); - - // The trusted public key as a DER-encoded PKCS#1 RSAPublicKey - // structure. - static const uint8_t kTrustedCAPublicKeyDER[]; - - // The length of |kTrustedCAPublicKeyDER| in bytes. - static const size_t kTrustedCAPublicKeyDERLength; - - DISALLOW_COPY_AND_ASSIGN(NetworkingPrivateCrypto); -}; +namespace networking_private_crypto { + +// Verify that the credentials described by |certificate| and |signed_data| +// are valid as follows: +// 1) The MAC address listed in the certificate matches |connected_mac|. +// 2) The certificate is a valid PEM encoded certificate signed by trusted CA. +// 3) |signature| is a valid signature for |data|, using the public key in +// |certificate| +bool VerifyCredentials(const std::string& certificate, + const std::string& signature, + const std::string& data, + const std::string& connected_mac); + +// Encrypt |data| with |public_key|. |public_key| is a DER-encoded +// RSAPublicKey. |data| is some string of bytes that is smaller than the +// maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size. +// +// Returns true on success, storing the encrypted result in +// |encrypted_output|. +bool EncryptByteString(const std::vector<uint8_t>& public_key, + const std::string& data, + std::vector<uint8_t>* encrypted_output); + +// Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the +// PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with +// EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test. +// Returns true on success, storing the decrypted result in +// |decrypted_output|. +bool DecryptByteString(const std::string& private_key_pem, + const std::vector<uint8_t>& encrypted_data, + std::string* decrypted_output); + +// The trusted public key as a DER-encoded PKCS#1 RSAPublicKey structure. +extern const uint8_t kTrustedCAPublicKeyDER[]; + +// The length of |kTrustedCAPublicKeyDER| in bytes. +extern const size_t kTrustedCAPublicKeyDERLength; + +} // namespace networking_private_crypto #endif // CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_ diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc b/chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc index 42c76e0..2cdc33b 100644 --- a/chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc +++ b/chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc @@ -44,11 +44,12 @@ bool GetDERFromPEM(const std::string& pem_data, } // namespace -bool NetworkingPrivateCrypto::VerifyCredentials( - const std::string& certificate, - const std::string& signature, - const std::string& data, - const std::string& connected_mac) { +namespace networking_private_crypto { + +bool VerifyCredentials(const std::string& certificate, + const std::string& signature, + const std::string& data, + const std::string& connected_mac) { crypto::EnsureNSSInit(); std::vector<uint8_t> cert_data; @@ -133,10 +134,9 @@ bool NetworkingPrivateCrypto::VerifyCredentials( return true; } -bool NetworkingPrivateCrypto::EncryptByteString( - const std::vector<uint8_t>& pub_key_der, - const std::string& data, - std::vector<uint8_t>* encrypted_output) { +bool EncryptByteString(const std::vector<uint8_t>& pub_key_der, + const std::string& data, + std::vector<uint8_t>* encrypted_output) { crypto::EnsureNSSInit(); SECItem pub_key_der_item; @@ -175,10 +175,9 @@ bool NetworkingPrivateCrypto::EncryptByteString( return true; } -bool NetworkingPrivateCrypto::DecryptByteString( - const std::string& private_key_pem, - const std::vector<uint8_t>& encrypted_data, - std::string* decrypted_output) { +bool DecryptByteString(const std::string& private_key_pem, + const std::vector<uint8_t>& encrypted_data, + std::string* decrypted_output) { crypto::EnsureNSSInit(); std::vector<uint8_t> private_key_data; @@ -211,3 +210,5 @@ bool NetworkingPrivateCrypto::DecryptByteString( output_length); return true; } + +} // namespace networking_private_crypto diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc b/chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc index 75033cf..e08b51d 100644 --- a/chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc +++ b/chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc @@ -39,11 +39,12 @@ bool GetDERFromPEM(const std::string& pem_data, } // namespace -bool NetworkingPrivateCrypto::VerifyCredentials( - const std::string& certificate, - const std::string& signature, - const std::string& data, - const std::string& connected_mac) { +namespace networking_private_crypto { + +bool VerifyCredentials(const std::string& certificate, + const std::string& signature, + const std::string& data, + const std::string& connected_mac) { crypto::EnsureOpenSSLInit(); crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); @@ -140,10 +141,9 @@ bool NetworkingPrivateCrypto::VerifyCredentials( return true; } -bool NetworkingPrivateCrypto::EncryptByteString( - const std::vector<uint8_t>& pub_key_der, - const std::string& data, - std::vector<uint8_t>* encrypted_output) { +bool EncryptByteString(const std::vector<uint8_t>& pub_key_der, + const std::string& data, + std::vector<uint8_t>* encrypted_output) { crypto::EnsureOpenSSLInit(); crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); @@ -171,10 +171,9 @@ bool NetworkingPrivateCrypto::EncryptByteString( return true; } -bool NetworkingPrivateCrypto::DecryptByteString( - const std::string& private_key_pem, - const std::vector<uint8_t>& encrypted_data, - std::string* decrypted_output) { +bool DecryptByteString(const std::string& private_key_pem, + const std::vector<uint8_t>& encrypted_data, + std::string* decrypted_output) { crypto::EnsureOpenSSLInit(); crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); @@ -210,3 +209,5 @@ bool NetworkingPrivateCrypto::DecryptByteString( output_length); return true; } + +} // namespace networking_private_crypto diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc b/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc index 0cfb564..d482d59 100644 --- a/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc +++ b/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc @@ -8,7 +8,7 @@ #include "base/strings/stringprintf.h" #include "testing/gtest/include/gtest/gtest.h" -// Tests of NetworkingPrivateCrypto support for Networking Private API. +// Tests of networking_private_crypto support for Networking Private API. class NetworkingPrivateCryptoTest : public testing::Test { protected: // Verify that decryption of |encrypted| data using |private_key_pem| matches @@ -16,15 +16,15 @@ class NetworkingPrivateCryptoTest : public testing::Test { bool VerifyByteString(const std::string& private_key_pem, const std::string& plain, const std::vector<uint8>& encrypted) { - NetworkingPrivateCrypto crypto; std::string decrypted; - if (crypto.DecryptByteString(private_key_pem, encrypted, &decrypted)) + if (networking_private_crypto::DecryptByteString( + private_key_pem, encrypted, &decrypted)) return decrypted == plain; return false; } }; -// Test that NetworkingPrivateCrypto::VerifyCredentials behaves as expected. +// Test that networking_private_crypto::VerifyCredentials behaves as expected. TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) { static const char kCertData[] = "-----BEGIN CERTIFICATE-----" @@ -89,34 +89,32 @@ TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) { std::string signed_data; base::Base64Decode(kSignedData, &signed_data); - NetworkingPrivateCrypto crypto; // Checking basic verification operation. - EXPECT_TRUE(crypto.VerifyCredentials( + EXPECT_TRUE(networking_private_crypto::VerifyCredentials( kCertData, signed_data, unsigned_data, kHotspotBssid)); // Checking that verification fails when the certificate is signed, but // subject is malformed. - EXPECT_FALSE(crypto.VerifyCredentials( + EXPECT_FALSE(networking_private_crypto::VerifyCredentials( kBadSubjectCertData, signed_data, unsigned_data, kHotspotBssid)); // Checking that verification fails when certificate has invalid format. - EXPECT_FALSE(crypto.VerifyCredentials( + EXPECT_FALSE(networking_private_crypto::VerifyCredentials( kBadCertData, signed_data, unsigned_data, kHotspotBssid)); // Checking that verification fails when Hotspot Bssid is invalid. - EXPECT_FALSE(crypto.VerifyCredentials( + EXPECT_FALSE(networking_private_crypto::VerifyCredentials( kCertData, signed_data, unsigned_data, kBadHotspotBssid)); // Checking that verification fails when there is bad nonce in unsigned_data. unsigned_data = base::StringPrintf( "%s,%s,%s,%s,%s", kName, kSsdpUdn, kHotspotBssid, kPublicKey, kBadNonce); - EXPECT_FALSE(crypto.VerifyCredentials( + EXPECT_FALSE(networking_private_crypto::VerifyCredentials( kCertData, signed_data, unsigned_data, kHotspotBssid)); } -// Test that NetworkingPrivateCrypto::EncryptByteString behaves as expected. +// Test that networking_private_crypto::EncryptByteString behaves as expected. TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) { - NetworkingPrivateCrypto crypto; static const char kPublicKey[] = "MIGJAoGBANTjeoILNkSKHVkd3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aI" "XDXVHrjgjcS80bPE0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqH" @@ -151,18 +149,20 @@ TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) { // Checking basic encryption operation. plain = kTestData; - EXPECT_TRUE(crypto.EncryptByteString(public_key, plain, &encrypted_output)); + EXPECT_TRUE(networking_private_crypto::EncryptByteString( + public_key, plain, &encrypted_output)); EXPECT_TRUE(VerifyByteString(kPrivateKey, plain, encrypted_output)); // Checking that we can encrypt the empty string. plain = kEmptyData; - EXPECT_TRUE(crypto.EncryptByteString(public_key, plain, &encrypted_output)); + EXPECT_TRUE(networking_private_crypto::EncryptByteString( + public_key, plain, &encrypted_output)); // Checking graceful fail for too much data to encrypt. - EXPECT_FALSE(crypto.EncryptByteString( + EXPECT_FALSE(networking_private_crypto::EncryptByteString( public_key, std::string(500, 'x'), &encrypted_output)); // Checking graceful fail for a bad key format. - EXPECT_FALSE( - crypto.EncryptByteString(kBadKeyData, kTestData, &encrypted_output)); + EXPECT_FALSE(networking_private_crypto::EncryptByteString( + kBadKeyData, kTestData, &encrypted_output)); } diff --git a/chrome/utility/extensions/extensions_handler.cc b/chrome/utility/extensions/extensions_handler.cc index 0786b9e..4866a20 100644 --- a/chrome/utility/extensions/extensions_handler.cc +++ b/chrome/utility/extensions/extensions_handler.cc @@ -278,8 +278,8 @@ void ExtensionsHandler::OnGetAndEncryptWiFiCredentials( std::vector<uint8> ciphertext; bool success = error.empty() && !key_data.empty(); if (success) { - NetworkingPrivateCrypto crypto; - success = crypto.EncryptByteString(public_key, key_data, &ciphertext); + success = networking_private_crypto::EncryptByteString( + public_key, key_data, &ciphertext); } Send(new ChromeUtilityHostMsg_GotEncryptedWiFiCredentials(ciphertext, |