summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorstevenjb@chromium.org <stevenjb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-08-08 18:26:29 +0000
committerstevenjb@chromium.org <stevenjb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-08-08 18:26:29 +0000
commit7ae46cc29e676f6239f3df465d67cf4a4df38921 (patch)
treefad28282c7892e87c4ce5d3eed5db9963bce1caa
parenta2f63aaa30570dfdc1d94ec880c6702ccfbd096b (diff)
downloadchromium_src-7ae46cc29e676f6239f3df465d67cf4a4df38921.zip
chromium_src-7ae46cc29e676f6239f3df465d67cf4a4df38921.tar.gz
chromium_src-7ae46cc29e676f6239f3df465d67cf4a4df38921.tar.bz2
Separate CryptoVerifyImpl into its own file.
This eliminates some dependencies from NetworkingPrivateServiceClient that will allow it to be moved to src/extensions. It also changes NetworkingPrivatCrypto from a class to a namespace since that is how we use it. BUG=363776 Review URL: https://codereview.chromium.org/442073003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@288396 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--chrome/browser/extensions/api/networking_private/crypto_verify_impl.cc82
-rw-r--r--chrome/browser/extensions/api/networking_private/crypto_verify_impl.h37
-rw-r--r--chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc4
-rw-r--r--chrome/browser/extensions/api/networking_private/networking_private_service_client.cc86
-rw-r--r--chrome/browser/extensions/api/networking_private/networking_private_service_client.h10
-rw-r--r--chrome/chrome_browser_extensions.gypi2
-rw-r--r--chrome/common/extensions/api/networking_private/networking_private_crypto.cc13
-rw-r--r--chrome/common/extensions/api/networking_private/networking_private_crypto.h90
-rw-r--r--chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc27
-rw-r--r--chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc27
-rw-r--r--chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc34
-rw-r--r--chrome/utility/extensions/extensions_handler.cc4
12 files changed, 239 insertions, 177 deletions
diff --git a/chrome/browser/extensions/api/networking_private/crypto_verify_impl.cc b/chrome/browser/extensions/api/networking_private/crypto_verify_impl.cc
new file mode 100644
index 0000000..66b89e7
--- /dev/null
+++ b/chrome/browser/extensions/api/networking_private/crypto_verify_impl.cc
@@ -0,0 +1,82 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/extensions/api/networking_private/crypto_verify_impl.h"
+
+#include "base/base64.h"
+#include "chrome/browser/extensions/api/networking_private/networking_private_credentials_getter.h"
+#include "chrome/browser/extensions/api/networking_private/networking_private_service_client.h"
+#include "chrome/common/extensions/api/networking_private/networking_private_crypto.h"
+
+namespace {
+
+bool VerifyCredentials(const CryptoVerifyImpl::Credentials& credentials) {
+ return networking_private_crypto::VerifyCredentials(credentials.certificate,
+ credentials.signed_data,
+ credentials.unsigned_data,
+ credentials.device_bssid);
+}
+
+} // namespace
+
+using extensions::NetworkingPrivateServiceClient;
+using extensions::NetworkingPrivateCredentialsGetter;
+
+NetworkingPrivateServiceClient::CryptoVerify*
+NetworkingPrivateServiceClient::CryptoVerify::Create() {
+ return new CryptoVerifyImpl();
+}
+
+CryptoVerifyImpl::CryptoVerifyImpl() {
+}
+
+CryptoVerifyImpl::~CryptoVerifyImpl() {
+}
+
+void CryptoVerifyImpl::VerifyDestination(const Credentials& credentials,
+ bool* verified,
+ std::string* error) {
+ *verified = VerifyCredentials(credentials);
+}
+
+void CryptoVerifyImpl::VerifyAndEncryptCredentials(
+ const std::string& network_guid,
+ const Credentials& credentials,
+ const VerifyAndEncryptCredentialsCallback& callback) {
+ if (!VerifyCredentials(credentials)) {
+ callback.Run("", "VerifyError");
+ return;
+ }
+
+ scoped_ptr<NetworkingPrivateCredentialsGetter> credentials_getter(
+ NetworkingPrivateCredentialsGetter::Create());
+
+ // Start getting credentials. On Windows |callback| will be called
+ // asynchronously on a different thread after |credentials_getter|
+ // is deleted.
+ credentials_getter->Start(network_guid, credentials.public_key, callback);
+}
+
+void CryptoVerifyImpl::VerifyAndEncryptData(
+ const Credentials& credentials,
+ const std::string& data,
+ std::string* base64_encoded_ciphertext,
+ std::string* error) {
+ if (!VerifyCredentials(credentials)) {
+ *error = "VerifyError";
+ return;
+ }
+
+ std::vector<uint8> public_key_data(credentials.public_key.begin(),
+ credentials.public_key.end());
+ std::vector<uint8> ciphertext;
+ if (!networking_private_crypto::EncryptByteString(
+ public_key_data, data, &ciphertext)) {
+ *error = "EncryptError";
+ return;
+ }
+
+ base::Base64Encode(std::string(ciphertext.begin(), ciphertext.end()),
+ base64_encoded_ciphertext);
+}
diff --git a/chrome/browser/extensions/api/networking_private/crypto_verify_impl.h b/chrome/browser/extensions/api/networking_private/crypto_verify_impl.h
new file mode 100644
index 0000000..17a01b1
--- /dev/null
+++ b/chrome/browser/extensions/api/networking_private/crypto_verify_impl.h
@@ -0,0 +1,37 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_
+#define CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_
+
+#include "base/compiler_specific.h"
+#include "base/macros.h"
+#include "chrome/browser/extensions/api/networking_private/networking_private_service_client.h"
+
+// Implementation of NetworkingPrivateServiceClient::CryptoVerify using
+// networking_private_crypto.
+class CryptoVerifyImpl
+ : public extensions::NetworkingPrivateServiceClient::CryptoVerify {
+ public:
+ CryptoVerifyImpl();
+ virtual ~CryptoVerifyImpl();
+
+ // NetworkingPrivateServiceClient::CryptoVerify
+ virtual void VerifyDestination(const Credentials& credentials,
+ bool* verified,
+ std::string* error) OVERRIDE;
+ virtual void VerifyAndEncryptCredentials(
+ const std::string& network_guid,
+ const Credentials& credentials,
+ const VerifyAndEncryptCredentialsCallback& callback) OVERRIDE;
+ virtual void VerifyAndEncryptData(const Credentials& credentials,
+ const std::string& data,
+ std::string* base64_encoded_ciphertext,
+ std::string* error) OVERRIDE;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(CryptoVerifyImpl);
+};
+
+#endif // CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_
diff --git a/chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc b/chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc
index f2e2ff8..a272646 100644
--- a/chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc
+++ b/chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc
@@ -56,10 +56,10 @@ void NetworkingPrivateCredentialsGetterMac::Start(
return;
}
- NetworkingPrivateCrypto crypto;
std::vector<uint8> public_key_data(public_key.begin(), public_key.end());
std::vector<uint8> ciphertext;
- if (!crypto.EncryptByteString(public_key_data, key_data, &ciphertext)) {
+ if (!networking_private_crypto::EncryptByteString(
+ public_key_data, key_data, &ciphertext)) {
callback.Run("", kErrorEncryption);
return;
}
diff --git a/chrome/browser/extensions/api/networking_private/networking_private_service_client.cc b/chrome/browser/extensions/api/networking_private/networking_private_service_client.cc
index f93a835..b3b0cee 100644
--- a/chrome/browser/extensions/api/networking_private/networking_private_service_client.cc
+++ b/chrome/browser/extensions/api/networking_private/networking_private_service_client.cc
@@ -12,11 +12,8 @@
#include "base/threading/worker_pool.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/extensions/api/networking_private/networking_private_api.h"
-#include "chrome/browser/extensions/api/networking_private/networking_private_credentials_getter.h"
#include "chrome/common/extensions/api/networking_private.h"
-#include "chrome/common/extensions/api/networking_private/networking_private_crypto.h"
#include "content/public/browser/browser_thread.h"
-#include "content/public/browser/utility_process_host.h"
using content::BrowserThread;
@@ -49,66 +46,6 @@ bool GetVerificationCredentials(
return true;
}
-// Implementation of Verify* methods using NetworkingPrivateCrypto.
-// TODO(mef): Move this into NetworkingPrivateCrypto class.
-class CryptoVerifyImpl : public NetworkingPrivateServiceClient::CryptoVerify {
- bool VerifyCredentials(const Credentials& credentials) {
- NetworkingPrivateCrypto crypto;
- return crypto.VerifyCredentials(credentials.certificate,
- credentials.signed_data,
- credentials.unsigned_data,
- credentials.device_bssid);
- }
-
- // NetworkingPrivateServiceClient::CryptoVerify
-
- virtual void VerifyDestination(const Credentials& credentials,
- bool* verified,
- std::string* error) OVERRIDE {
- *verified = VerifyCredentials(credentials);
- }
-
- virtual void VerifyAndEncryptCredentials(
- const std::string& network_guid,
- const Credentials& credentials,
- const VerifyAndEncryptCredentialsCallback& callback) OVERRIDE {
- if (!VerifyCredentials(credentials)) {
- callback.Run("", "VerifyError");
- return;
- }
-
- scoped_ptr<NetworkingPrivateCredentialsGetter> credentials_getter(
- NetworkingPrivateCredentialsGetter::Create());
-
- // Start getting credentials. On Windows |callback| will be called
- // asynchronously on a different thread after |credentials_getter|
- // is deleted.
- credentials_getter->Start(network_guid, credentials.public_key, callback);
- }
-
- virtual void VerifyAndEncryptData(const Credentials& credentials,
- const std::string& data,
- std::string* base64_encoded_ciphertext,
- std::string* error) OVERRIDE {
- if (!VerifyCredentials(credentials)) {
- *error = "VerifyError";
- return;
- }
-
- NetworkingPrivateCrypto crypto;
- std::vector<uint8> public_key_data(
- credentials.public_key.begin(), credentials.public_key.end());
- std::vector<uint8> ciphertext;
- if (!crypto.EncryptByteString(public_key_data, data, &ciphertext)) {
- *error = "EncryptError";
- return;
- }
-
- base::Base64Encode(std::string(ciphertext.begin(), ciphertext.end()),
- base64_encoded_ciphertext);
- }
-};
-
// Deletes WiFiService and CryptoVerify objects on worker thread.
void ShutdownServicesOnWorkerThread(
scoped_ptr<wifi::WiFiService> wifi_service,
@@ -131,6 +68,9 @@ void AfterVerifyAndEncryptCredentialsRelay(
} // namespace
+NetworkingPrivateServiceClient::CryptoVerify::CryptoVerify() {}
+NetworkingPrivateServiceClient::CryptoVerify::~CryptoVerify() {}
+
NetworkingPrivateServiceClient::CryptoVerify::Credentials::Credentials() {}
NetworkingPrivateServiceClient::CryptoVerify::Credentials::~Credentials() {}
@@ -175,11 +115,6 @@ NetworkingPrivateServiceClient::~NetworkingPrivateServiceClient() {
DCHECK(!crypto_verify_.get());
}
-NetworkingPrivateServiceClient::CryptoVerify*
- NetworkingPrivateServiceClient::CryptoVerify::Create() {
- return new CryptoVerifyImpl();
-}
-
NetworkingPrivateServiceClient::ServiceCallbacks::ServiceCallbacks() {}
NetworkingPrivateServiceClient::ServiceCallbacks::~ServiceCallbacks() {}
@@ -433,6 +368,11 @@ void NetworkingPrivateServiceClient::VerifyDestination(
const VerificationProperties& verification_properties,
const BoolCallback& success_callback,
const FailureCallback& failure_callback) {
+ if (!crypto_verify_) {
+ failure_callback.Run(networking_private::kErrorNotSupported);
+ return;
+ }
+
ServiceCallbacks* service_callbacks = AddServiceCallbacks();
service_callbacks->failure_callback = failure_callback;
service_callbacks->verify_destination_callback = success_callback;
@@ -465,6 +405,11 @@ void NetworkingPrivateServiceClient::VerifyAndEncryptCredentials(
const VerificationProperties& verification_properties,
const StringCallback& success_callback,
const FailureCallback& failure_callback) {
+ if (!crypto_verify_) {
+ failure_callback.Run(networking_private::kErrorNotSupported);
+ return;
+ }
+
ServiceCallbacks* service_callbacks = AddServiceCallbacks();
service_callbacks->failure_callback = failure_callback;
service_callbacks->verify_and_encrypt_credentials_callback = success_callback;
@@ -496,6 +441,11 @@ void NetworkingPrivateServiceClient::VerifyAndEncryptData(
const std::string& data,
const StringCallback& success_callback,
const FailureCallback& failure_callback) {
+ if (!crypto_verify_) {
+ failure_callback.Run(networking_private::kErrorNotSupported);
+ return;
+ }
+
ServiceCallbacks* service_callbacks = AddServiceCallbacks();
service_callbacks->failure_callback = failure_callback;
service_callbacks->verify_and_encrypt_data_callback = success_callback;
diff --git a/chrome/browser/extensions/api/networking_private/networking_private_service_client.h b/chrome/browser/extensions/api/networking_private/networking_private_service_client.h
index beb55ea..63708c5 100644
--- a/chrome/browser/extensions/api/networking_private/networking_private_service_client.h
+++ b/chrome/browser/extensions/api/networking_private/networking_private_service_client.h
@@ -64,9 +64,11 @@ class NetworkingPrivateServiceClient
std::string public_key;
};
- CryptoVerify() {}
- virtual ~CryptoVerify() {}
+ CryptoVerify();
+ virtual ~CryptoVerify();
+ // Must be provided by the implementation. May return NULL if certificate
+ // verification is unavailable, see NetworkingPrivateServiceClient().
static CryptoVerify* Create();
virtual void VerifyDestination(const Credentials& credentials,
@@ -104,7 +106,8 @@ class NetworkingPrivateServiceClient
// Takes ownership of |wifi_service| and |crypto_verify|. They are accessed
// and deleted on the worker thread. The deletion task is posted during the
- // NetworkingPrivateServiceClient shutdown.
+ // NetworkingPrivateServiceClient shutdown. |crypto_verify| may be NULL in
+ // which case Verify* will return a 'not implemented' error.
NetworkingPrivateServiceClient(wifi::WiFiService* wifi_service,
CryptoVerify* crypto_verify);
@@ -254,6 +257,7 @@ class NetworkingPrivateServiceClient
// Observers to Network Events.
ObserverList<Observer> network_events_observers_;
// Interface for Verify* methods. Used and deleted on the worker thread.
+ // May be NULL.
scoped_ptr<CryptoVerify> crypto_verify_;
// Interface to WiFiService. Used and deleted on the worker thread.
scoped_ptr<wifi::WiFiService> wifi_service_;
diff --git a/chrome/chrome_browser_extensions.gypi b/chrome/chrome_browser_extensions.gypi
index aa3f5be..a8b3149 100644
--- a/chrome/chrome_browser_extensions.gypi
+++ b/chrome/chrome_browser_extensions.gypi
@@ -922,6 +922,8 @@
'browser/extensions/extension_tab_util_android.cc',
],
'chrome_browser_extensions_networking_private_sources': [
+ 'browser/extensions/api/networking_private/crypto_verify_impl.cc',
+ 'browser/extensions/api/networking_private/crypto_verify_impl.h',
'browser/extensions/api/networking_private/networking_private_api.h',
'browser/extensions/api/networking_private/networking_private_credentials_getter.h',
'browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc',
diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto.cc b/chrome/common/extensions/api/networking_private/networking_private_crypto.cc
index feec2e6..34c2776 100644
--- a/chrome/common/extensions/api/networking_private/networking_private_crypto.cc
+++ b/chrome/common/extensions/api/networking_private/networking_private_crypto.cc
@@ -4,7 +4,9 @@
#include "chrome/common/extensions/api/networking_private/networking_private_crypto.h"
-const uint8 NetworkingPrivateCrypto::kTrustedCAPublicKeyDER[] = {
+namespace networking_private_crypto {
+
+const uint8 kTrustedCAPublicKeyDER[] = {
0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc, 0x22, 0x80,
0xbd, 0x80, 0xf6, 0x3a, 0x21, 0x00, 0x3b, 0xae, 0x76, 0x5e, 0x35, 0x7f,
0x3d, 0xc3, 0x64, 0x5c, 0x55, 0x94, 0x86, 0x34, 0x2f, 0x05, 0x87, 0x28,
@@ -29,11 +31,6 @@ const uint8 NetworkingPrivateCrypto::kTrustedCAPublicKeyDER[] = {
0x61, 0x47, 0x9e, 0xab, 0x80, 0xb7, 0xe4, 0x48, 0x80, 0x2a, 0x92, 0xc5,
0x1b, 0x02, 0x03, 0x01, 0x00, 0x01};
-const size_t NetworkingPrivateCrypto::kTrustedCAPublicKeyDERLength =
- sizeof(kTrustedCAPublicKeyDER);
-
-NetworkingPrivateCrypto::NetworkingPrivateCrypto() {
-}
+const size_t kTrustedCAPublicKeyDERLength = sizeof(kTrustedCAPublicKeyDER);
-NetworkingPrivateCrypto::~NetworkingPrivateCrypto() {
-}
+} // namespace networking_private_crypto
diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto.h b/chrome/common/extensions/api/networking_private/networking_private_crypto.h
index ffdb997..e613293 100644
--- a/chrome/common/extensions/api/networking_private/networking_private_crypto.h
+++ b/chrome/common/extensions/api/networking_private/networking_private_crypto.h
@@ -12,56 +12,44 @@
#include "base/basictypes.h"
-// Implementation of Crypto support for networking private API.
-// Based on chromeos_public//src/platform/shill/shims/crypto_util.cc
-class NetworkingPrivateCrypto {
- public:
- NetworkingPrivateCrypto();
- ~NetworkingPrivateCrypto();
-
- // Verify that credentials described by |certificate| and |signed_data| are
- // valid.
- //
- // 1) The MAC address listed in the certificate matches |connected_mac|.
- // 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
- // 3) |signature| is a valid signature for |data|, using the public key in
- // |certificate|
- bool VerifyCredentials(const std::string& certificate,
- const std::string& signature,
- const std::string& data,
- const std::string& connected_mac);
-
- // Encrypt |data| with |public_key|. |public_key| is a DER-encoded
- // RSAPublicKey. |data| is some string of bytes that is smaller than the
- // maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size.
- //
- // Returns true on success, storing the encrypted result in
- // |encrypted_output|.
- bool EncryptByteString(const std::vector<uint8_t>& public_key,
- const std::string& data,
- std::vector<uint8_t>* encrypted_output);
-
- private:
- friend class NetworkingPrivateCryptoTest;
-
- // Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
- // PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
- // EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test.
- //
- // Returns true on success, storing the decrypted result in
- // |decrypted_output|.
- bool DecryptByteString(const std::string& private_key_pem,
- const std::vector<uint8_t>& encrypted_data,
- std::string* decrypted_output);
-
- // The trusted public key as a DER-encoded PKCS#1 RSAPublicKey
- // structure.
- static const uint8_t kTrustedCAPublicKeyDER[];
-
- // The length of |kTrustedCAPublicKeyDER| in bytes.
- static const size_t kTrustedCAPublicKeyDERLength;
-
- DISALLOW_COPY_AND_ASSIGN(NetworkingPrivateCrypto);
-};
+namespace networking_private_crypto {
+
+// Verify that the credentials described by |certificate| and |signed_data|
+// are valid as follows:
+// 1) The MAC address listed in the certificate matches |connected_mac|.
+// 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
+// 3) |signature| is a valid signature for |data|, using the public key in
+// |certificate|
+bool VerifyCredentials(const std::string& certificate,
+ const std::string& signature,
+ const std::string& data,
+ const std::string& connected_mac);
+
+// Encrypt |data| with |public_key|. |public_key| is a DER-encoded
+// RSAPublicKey. |data| is some string of bytes that is smaller than the
+// maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size.
+//
+// Returns true on success, storing the encrypted result in
+// |encrypted_output|.
+bool EncryptByteString(const std::vector<uint8_t>& public_key,
+ const std::string& data,
+ std::vector<uint8_t>* encrypted_output);
+
+// Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
+// PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
+// EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test.
+// Returns true on success, storing the decrypted result in
+// |decrypted_output|.
+bool DecryptByteString(const std::string& private_key_pem,
+ const std::vector<uint8_t>& encrypted_data,
+ std::string* decrypted_output);
+
+// The trusted public key as a DER-encoded PKCS#1 RSAPublicKey structure.
+extern const uint8_t kTrustedCAPublicKeyDER[];
+
+// The length of |kTrustedCAPublicKeyDER| in bytes.
+extern const size_t kTrustedCAPublicKeyDERLength;
+
+} // namespace networking_private_crypto
#endif // CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc b/chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc
index 42c76e0..2cdc33b 100644
--- a/chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc
+++ b/chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc
@@ -44,11 +44,12 @@ bool GetDERFromPEM(const std::string& pem_data,
} // namespace
-bool NetworkingPrivateCrypto::VerifyCredentials(
- const std::string& certificate,
- const std::string& signature,
- const std::string& data,
- const std::string& connected_mac) {
+namespace networking_private_crypto {
+
+bool VerifyCredentials(const std::string& certificate,
+ const std::string& signature,
+ const std::string& data,
+ const std::string& connected_mac) {
crypto::EnsureNSSInit();
std::vector<uint8_t> cert_data;
@@ -133,10 +134,9 @@ bool NetworkingPrivateCrypto::VerifyCredentials(
return true;
}
-bool NetworkingPrivateCrypto::EncryptByteString(
- const std::vector<uint8_t>& pub_key_der,
- const std::string& data,
- std::vector<uint8_t>* encrypted_output) {
+bool EncryptByteString(const std::vector<uint8_t>& pub_key_der,
+ const std::string& data,
+ std::vector<uint8_t>* encrypted_output) {
crypto::EnsureNSSInit();
SECItem pub_key_der_item;
@@ -175,10 +175,9 @@ bool NetworkingPrivateCrypto::EncryptByteString(
return true;
}
-bool NetworkingPrivateCrypto::DecryptByteString(
- const std::string& private_key_pem,
- const std::vector<uint8_t>& encrypted_data,
- std::string* decrypted_output) {
+bool DecryptByteString(const std::string& private_key_pem,
+ const std::vector<uint8_t>& encrypted_data,
+ std::string* decrypted_output) {
crypto::EnsureNSSInit();
std::vector<uint8_t> private_key_data;
@@ -211,3 +210,5 @@ bool NetworkingPrivateCrypto::DecryptByteString(
output_length);
return true;
}
+
+} // namespace networking_private_crypto
diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc b/chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc
index 75033cf..e08b51d 100644
--- a/chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc
+++ b/chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc
@@ -39,11 +39,12 @@ bool GetDERFromPEM(const std::string& pem_data,
} // namespace
-bool NetworkingPrivateCrypto::VerifyCredentials(
- const std::string& certificate,
- const std::string& signature,
- const std::string& data,
- const std::string& connected_mac) {
+namespace networking_private_crypto {
+
+bool VerifyCredentials(const std::string& certificate,
+ const std::string& signature,
+ const std::string& data,
+ const std::string& connected_mac) {
crypto::EnsureOpenSSLInit();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
@@ -140,10 +141,9 @@ bool NetworkingPrivateCrypto::VerifyCredentials(
return true;
}
-bool NetworkingPrivateCrypto::EncryptByteString(
- const std::vector<uint8_t>& pub_key_der,
- const std::string& data,
- std::vector<uint8_t>* encrypted_output) {
+bool EncryptByteString(const std::vector<uint8_t>& pub_key_der,
+ const std::string& data,
+ std::vector<uint8_t>* encrypted_output) {
crypto::EnsureOpenSSLInit();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
@@ -171,10 +171,9 @@ bool NetworkingPrivateCrypto::EncryptByteString(
return true;
}
-bool NetworkingPrivateCrypto::DecryptByteString(
- const std::string& private_key_pem,
- const std::vector<uint8_t>& encrypted_data,
- std::string* decrypted_output) {
+bool DecryptByteString(const std::string& private_key_pem,
+ const std::vector<uint8_t>& encrypted_data,
+ std::string* decrypted_output) {
crypto::EnsureOpenSSLInit();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
@@ -210,3 +209,5 @@ bool NetworkingPrivateCrypto::DecryptByteString(
output_length);
return true;
}
+
+} // namespace networking_private_crypto
diff --git a/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc b/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc
index 0cfb564..d482d59 100644
--- a/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc
+++ b/chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc
@@ -8,7 +8,7 @@
#include "base/strings/stringprintf.h"
#include "testing/gtest/include/gtest/gtest.h"
-// Tests of NetworkingPrivateCrypto support for Networking Private API.
+// Tests of networking_private_crypto support for Networking Private API.
class NetworkingPrivateCryptoTest : public testing::Test {
protected:
// Verify that decryption of |encrypted| data using |private_key_pem| matches
@@ -16,15 +16,15 @@ class NetworkingPrivateCryptoTest : public testing::Test {
bool VerifyByteString(const std::string& private_key_pem,
const std::string& plain,
const std::vector<uint8>& encrypted) {
- NetworkingPrivateCrypto crypto;
std::string decrypted;
- if (crypto.DecryptByteString(private_key_pem, encrypted, &decrypted))
+ if (networking_private_crypto::DecryptByteString(
+ private_key_pem, encrypted, &decrypted))
return decrypted == plain;
return false;
}
};
-// Test that NetworkingPrivateCrypto::VerifyCredentials behaves as expected.
+// Test that networking_private_crypto::VerifyCredentials behaves as expected.
TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) {
static const char kCertData[] =
"-----BEGIN CERTIFICATE-----"
@@ -89,34 +89,32 @@ TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) {
std::string signed_data;
base::Base64Decode(kSignedData, &signed_data);
- NetworkingPrivateCrypto crypto;
// Checking basic verification operation.
- EXPECT_TRUE(crypto.VerifyCredentials(
+ EXPECT_TRUE(networking_private_crypto::VerifyCredentials(
kCertData, signed_data, unsigned_data, kHotspotBssid));
// Checking that verification fails when the certificate is signed, but
// subject is malformed.
- EXPECT_FALSE(crypto.VerifyCredentials(
+ EXPECT_FALSE(networking_private_crypto::VerifyCredentials(
kBadSubjectCertData, signed_data, unsigned_data, kHotspotBssid));
// Checking that verification fails when certificate has invalid format.
- EXPECT_FALSE(crypto.VerifyCredentials(
+ EXPECT_FALSE(networking_private_crypto::VerifyCredentials(
kBadCertData, signed_data, unsigned_data, kHotspotBssid));
// Checking that verification fails when Hotspot Bssid is invalid.
- EXPECT_FALSE(crypto.VerifyCredentials(
+ EXPECT_FALSE(networking_private_crypto::VerifyCredentials(
kCertData, signed_data, unsigned_data, kBadHotspotBssid));
// Checking that verification fails when there is bad nonce in unsigned_data.
unsigned_data = base::StringPrintf(
"%s,%s,%s,%s,%s", kName, kSsdpUdn, kHotspotBssid, kPublicKey, kBadNonce);
- EXPECT_FALSE(crypto.VerifyCredentials(
+ EXPECT_FALSE(networking_private_crypto::VerifyCredentials(
kCertData, signed_data, unsigned_data, kHotspotBssid));
}
-// Test that NetworkingPrivateCrypto::EncryptByteString behaves as expected.
+// Test that networking_private_crypto::EncryptByteString behaves as expected.
TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) {
- NetworkingPrivateCrypto crypto;
static const char kPublicKey[] =
"MIGJAoGBANTjeoILNkSKHVkd3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aI"
"XDXVHrjgjcS80bPE0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqH"
@@ -151,18 +149,20 @@ TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) {
// Checking basic encryption operation.
plain = kTestData;
- EXPECT_TRUE(crypto.EncryptByteString(public_key, plain, &encrypted_output));
+ EXPECT_TRUE(networking_private_crypto::EncryptByteString(
+ public_key, plain, &encrypted_output));
EXPECT_TRUE(VerifyByteString(kPrivateKey, plain, encrypted_output));
// Checking that we can encrypt the empty string.
plain = kEmptyData;
- EXPECT_TRUE(crypto.EncryptByteString(public_key, plain, &encrypted_output));
+ EXPECT_TRUE(networking_private_crypto::EncryptByteString(
+ public_key, plain, &encrypted_output));
// Checking graceful fail for too much data to encrypt.
- EXPECT_FALSE(crypto.EncryptByteString(
+ EXPECT_FALSE(networking_private_crypto::EncryptByteString(
public_key, std::string(500, 'x'), &encrypted_output));
// Checking graceful fail for a bad key format.
- EXPECT_FALSE(
- crypto.EncryptByteString(kBadKeyData, kTestData, &encrypted_output));
+ EXPECT_FALSE(networking_private_crypto::EncryptByteString(
+ kBadKeyData, kTestData, &encrypted_output));
}
diff --git a/chrome/utility/extensions/extensions_handler.cc b/chrome/utility/extensions/extensions_handler.cc
index 0786b9e..4866a20 100644
--- a/chrome/utility/extensions/extensions_handler.cc
+++ b/chrome/utility/extensions/extensions_handler.cc
@@ -278,8 +278,8 @@ void ExtensionsHandler::OnGetAndEncryptWiFiCredentials(
std::vector<uint8> ciphertext;
bool success = error.empty() && !key_data.empty();
if (success) {
- NetworkingPrivateCrypto crypto;
- success = crypto.EncryptByteString(public_key, key_data, &ciphertext);
+ success = networking_private_crypto::EncryptByteString(
+ public_key, key_data, &ciphertext);
}
Send(new ChromeUtilityHostMsg_GotEncryptedWiFiCredentials(ciphertext,