Added NetworkingPrivateCrypto and its unit test.

chrome/browser/extensions/api/networking_private/networking_private_crypto.h

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Implementation of Crypto support for networking private API.
+// Based on chromeos_public//src/platform/shill/shims/crypto_util.cc
+
+#ifndef CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
+#define CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_
+
+#include <string>
+#include "base/basictypes.h"
+
+class NetworkingPrivateCrypto {

[Greg Spencer (Chromium), 2013/08/30 18:38:17]

Document what the function of this class is, and why it exists.

[mef, 2013/08/30 20:07:17]

Done.

+ public:
+  NetworkingPrivateCrypto();
+  ~NetworkingPrivateCrypto();
+
+  // Verify that credentials described by |certificate| and |signed_data| are
+  // valid.
+  //
+  // 1) The MAC address listed in the certificate matches |connected_mac|.
+  // 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
+  // 3) |signature| is a valid signature for |data|, using the public key in
+  // |certificate|
+  bool VerifyCredentials(const std::string& certificate,
+                         const std::string& signature,
+                         const std::string& data,
+                         const std::string& connected_mac);
+
+  // Encrypt |data| with |public_key|.  |public_key| is the raw bytes of a key
+  // in RSAPublicKey format. |data| is some string of bytes smaller than the

[Ryan Sleevi, 2013/08/30 18:40:26]

comment nit: |public_key| is a DER-encoded RSAPublicKey.

[mef, 2013/08/30 20:07:17]

Done.

+  // maximum length permissable for encryption with a key of |public_key| size.
+  //
+  // Returns the encrypted result in |encrypted_output| and returns true on
+  // success.

[Ryan Sleevi, 2013/08/30 18:40:26]

comment nit: You can avoid the double returns (which reads a little weird)
"Returns true on success, storing the encrypted result in |encrypted_output|"

Same for 44/45.

[mef, 2013/08/30 20:07:17]

Done.

+  bool EncryptByteString(const std::string& public_key,
+                         const std::string& data,
+                         std::string* encrypted_output);
+
+  // Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
+  // PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
+  // EncryptByteString.
+  // Returns the decrypted result in |decrypted_output| and returns true on
+  // success.
+  bool DecryptByteString(const std::string& private_key_pem,

[Ryan Sleevi, 2013/08/30 18:40:26]

If this is only used for unittesting, make it private and friend test the tests.
Better to not expose interfaces unless necessary.

[mef, 2013/08/30 20:07:17]

Done.

+                         const std::string& encrypted_data,
+                         std::string* decrypted_output);
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(NetworkingPrivateCrypto);
+};
+
+#endif  // CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_