chrome/browser/extensions/api/networking_private/networking_private_crypto.h - Issue 23710003: Added NetworkingPrivateCrypto and its unit test.

Side by Side Diff: chrome/browser/extensions/api/networking_private/networking_private_crypto.h

Issue 23710003: Added NetworkingPrivateCrypto and its unit test. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « no previous file | chrome/browser/extensions/api/networking_private/networking_private_crypto.cc » ('j') | chrome/browser/extensions/api/networking_private/networking_private_crypto.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 // Implementation of Crypto support for networking private API.

	6

	7 #ifndef CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYP TO_H_

	8 #define CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYP TO_H_

	9

	10 #include <string>

	11 #include "base/basictypes.h"

	12

	13 // Forward declaration.

	14 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;

	15 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;

	16 typedef struct CERTCertificateStr CERTCertificate;

	17

	18 class NetworkingPrivateCrypto {

	19 public:

	20 NetworkingPrivateCrypto();

	21 ~NetworkingPrivateCrypto();

	22 // Verify that the destination described by \|certificate\| is valid.
	Ryan Sleevi 2013/08/28 19:02:37 nit: line break between dtor. nit: line break between dtor. mef 2013/08/28 21:28:58 Done. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > nit: line break between dtor. Done.
	23 //

	24 // 1) The MAC address listed in the certificate matches \|connected_mac\|.

	25 // 2) The certificate is a valid PEM encoded certificate signed by our

	26 // trusted CA.
	Ryan Sleevi 2013/08/28 19:02:37 comment nit: drop our. Explain exactly what the re comment nit: drop our. Explain exactly what the requirements are without the use of possessive pronouns. mef 2013/08/28 21:28:58 Done. This comment was copied from original code. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > comment nit: drop our. Explain exactly what the requirements are without the use > of possessive pronouns. Done. This comment was copied from original code.
	27 // 3) \|signed_data\| matches the hashed \|unsigned_data\| encrypted with

	28 // the public key in \|certificate\|.
	Ryan Sleevi 2013/08/28 19:02:37 nit: "Verify that the destination" describes what nit: "Verify that the destination" describes what it does, but then you say "VerifyCredentials" for the name. It seems like the comment and name should be in alignment. mef 2013/08/28 21:28:58 Done. This comment was copied from original code. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > nit: "Verify that the destination" describes what it does, but then you say > "VerifyCredentials" for the name. It seems like the comment and name should be > in alignment. Done. This comment was copied from original code.
	29 bool VerifyCredentials(const std::string& certificate,

	30 const std::string& signed_data,

	31 const std::string& unsigned_data,

	32 const std::string& connected_mac);

	33

	34 // Encrypt \|data\| with \|public_key\|. \|public_key\| is the raw bytes of a key

	35 // in

	36 // RSAPublicKey format. \|data\| is some string of bytes smaller than the
	Ryan Sleevi 2013/08/28 19:02:37 nit: comment style - awkward line wrap. nit: Use S nit: comment style - awkward line wrap. nit: Use StringPiece rather than string? mef 2013/08/28 21:28:58 Done. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > nit: comment style - awkward line wrap. > nit: Use StringPiece rather than string? Done.
	37 // maximum length permissable for encryption with a key of \|public_key\| size.

	38 //

	39 // Returns the encrypted result in \|encrypted_output\| and returns true on

	40 // success. Returns false on failure.
	Ryan Sleevi 2013/08/28 19:02:37 nit: Returns true on success, storing the encrypte nit: Returns true on success, storing the encrypted result in \|encrypted_output\|. drop the "Returns false" mef 2013/08/28 21:28:58 Done. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > nit: Returns true on success, storing the encrypted result in > \|encrypted_output\|. > > drop the "Returns false" Done.
	41 bool EncryptByteString(const std::string& public_key,

	42 const std::string& data,

	43 std::string* encrypted_output);

	44

	45 // Decrypt \|encrypted_data\| with \|private_key_pem\|. \|private_key_pem\| is the

	46 // PEM-encoded private key. \|encrypted_data\| is data encrypted with
	Ryan Sleevi 2013/08/28 19:02:37 nit: "PEM-encoded private key" is an undefined for nit: "PEM-encoded private key" is an undefined format. Please clarify. mef 2013/08/28 21:28:58 Done. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > nit: "PEM-encoded private key" is an undefined format. Please clarify. Done.
	47 // EncryptByteString.

	48 // Returns the decrypted result in \|decrypted_output\| and returns true on

	49 // success. Returns false on failure.
	Ryan Sleevi 2013/08/28 19:02:37 nit: same comments as above apply here. nit: same comments as above apply here. mef 2013/08/28 21:28:58 Done. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > nit: same comments as above apply here. Done.
	50 bool DecryptByteString(const std::string& private_key_pem,

	51 const std::string& encrypted_data,

	52 std::string* decrypted_output);

	53

	54 private:

	55 SECKEYPublicKey* ca_public_key_;
	mef 2013/08/28 18:05:59 These member variables are here only to ease the c These member variables are here only to ease the cleanup (in destructor). Is there some better way to employ something like scoped_ptr for NSS objects? Ryan Sleevi 2013/08/28 19:02:37 Using the NSS objects directly here presumes !Andr Show quoted text On 2013/08/28 18:05:59, mef wrote: > These member variables are here only to ease the cleanup (in destructor). Is > there some better way to employ something like scoped_ptr for NSS objects? Using the NSS objects directly here presumes !Android, which is a big presumption, however accurate. It would be better to use a pimpl/context type that you keep hidden here. eg: private: struct [some name here]; scoped_ptr<[some name here]> context_; The compiler should (IIRC) be able to undo the double pointer indirection. mef 2013/08/28 21:28:58 Done. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > On 2013/08/28 18:05:59, mef wrote: > > These member variables are here only to ease the cleanup (in destructor). Is > > there some better way to employ something like scoped_ptr for NSS objects? > > Using the NSS objects directly here presumes !Android, which is a big > presumption, however accurate. > > It would be better to use a pimpl/context type that you keep hidden here. eg: > > private: > struct [some name here]; > scoped_ptr<[some name here]> context_; > > The compiler should (IIRC) be able to undo the double pointer indirection. Done.
	56 SECKEYPublicKey* cert_public_key_;

	57 CERTCertificate* cert_;

	58 SECKEYPublicKey* enc_public_key_;
	Ryan Sleevi 2013/08/28 19:02:37 nit: Naming enc_ is not a clear abbreviation. nit: Naming enc_ is not a clear abbreviation. mef 2013/08/28 21:28:58 Done. Show quoted text On 2013/08/28 19:02:37, Ryan Sleevi wrote: > nit: Naming > > enc_ is not a clear abbreviation. Done.
	59

	60 DISALLOW_COPY_AND_ASSIGN(NetworkingPrivateCrypto);

	61 };

	62

	63 #endif // CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_C RYPTO_H_

OLD	NEW