Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(515)

Side by Side Diff: chrome/browser/chromeos/platform_keys/platform_keys.h

Issue 884073002: Implement chrome.platformKeys.getKeyPair(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2
Patch Set: Bundled Sign() arguments into a struct. Renamed to SignRSA. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/callback_forward.h" 11 #include "base/callback_forward.h"
12 #include "base/macros.h" 12 #include "base/macros.h"
13 #include "base/memory/ref_counted.h" 13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/scoped_ptr.h"
15 #include "net/cert/x509_certificate.h"
15 #include "net/ssl/ssl_client_cert_type.h" 16 #include "net/ssl/ssl_client_cert_type.h"
16 17
17 namespace content { 18 namespace content {
18 class BrowserContext; 19 class BrowserContext;
19 } 20 }
20 21
21 namespace net {
22 class X509Certificate;
23 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
24 }
25
26 namespace chromeos { 22 namespace chromeos {
27 23
28 namespace platform_keys { 24 namespace platform_keys {
29 25
30 // A token is a store for keys or certs and can provide cryptographic 26 // A token is a store for keys or certs and can provide cryptographic
31 // operations. 27 // operations.
32 // ChromeOS provides itself a user token and conditionally a system wide token, 28 // ChromeOS provides itself a user token and conditionally a system wide token,
33 // thus these tokens use static identifiers. The platform keys API is designed 29 // thus these tokens use static identifiers. The platform keys API is designed
34 // to support arbitrary other tokens in the future, which could then use 30 // to support arbitrary other tokens in the future, which could then use
35 // run-time generated IDs. 31 // run-time generated IDs.
36 extern const char kTokenIdUser[]; 32 extern const char kTokenIdUser[];
37 extern const char kTokenIdSystem[]; 33 extern const char kTokenIdSystem[];
38 34
39 // Supported hash algorithms. 35 // Supported hash algorithms.
40 enum HashAlgorithm { 36 enum HashAlgorithm {
37 HASH_ALGORITHM_NONE, // The value if no hash function is selected.
41 HASH_ALGORITHM_SHA1, 38 HASH_ALGORITHM_SHA1,
42 HASH_ALGORITHM_SHA256, 39 HASH_ALGORITHM_SHA256,
43 HASH_ALGORITHM_SHA384, 40 HASH_ALGORITHM_SHA384,
44 HASH_ALGORITHM_SHA512 41 HASH_ALGORITHM_SHA512
45 }; 42 };
46 43
44 // Parameters to the SignRSA function.
45 struct SignRSAParams {
46 // The data that will be signed.
47 std::string data;
48
49 // Must be the DER encoding of a SubjectPublicKeyInfo.
50 std::string public_key;
51
52 // If true, |data| will not be hashed before signing. Only PKCS#1 v1.5 padding
53 // will be applied before signing.
54 // If false, |hash_algorithm| must be set to a value != NONE.
55 bool sign_direct_pkcs_padded = false;
Ryan Sleevi 2015/02/07 02:09:40 It feels like by moving this into a struct, you're
pneubeck (no reviews) 2015/02/08 10:52:00 The possibility of using this as default arguments
56
57 // Determines the hash algorithm that is used to digest |data| before signing.
58 // Ignored if |sign_direct_pkcs_padded| is true.
59 HashAlgorithm hash_algorithm = HASH_ALGORITHM_NONE;
60 };
61
47 struct ClientCertificateRequest { 62 struct ClientCertificateRequest {
48 ClientCertificateRequest(); 63 ClientCertificateRequest();
49 ~ClientCertificateRequest(); 64 ~ClientCertificateRequest();
50 65
51 // The list of the types of certificates requested, sorted in order of the 66 // The list of the types of certificates requested, sorted in order of the
52 // server's preference. 67 // server's preference.
53 std::vector<net::SSLClientCertType> certificate_key_types; 68 std::vector<net::SSLClientCertType> certificate_key_types;
54 69
55 // List of distinguished names of certificate authorities allowed by the 70 // List of distinguished names of certificate authorities allowed by the
56 // server. Each entry must be a DER-encoded X.509 DistinguishedName. 71 // server. Each entry must be a DER-encoded X.509 DistinguishedName.
57 std::vector<std::string> certificate_authorities; 72 std::vector<std::string> certificate_authorities;
58 }; 73 };
59 74
75 // Holds details about a certificate's (subject) key, i.e. the X.509 Subject
76 // Public Key Info (SPKI) of the certificate.
77 // As this class supports only specific types of keys (currently only RSA), this
78 // does not necessarily mirror the internal structure of a X.509 SPKI.
79 struct SubjectPublicKeyInfo {
80 SubjectPublicKeyInfo();
81 ~SubjectPublicKeyInfo();
82
83 std::string public_key_spki_der;
84 net::X509Certificate::PublicKeyType key_type;
85
86 // For RSA a public exponent of 65537 is assumed, so there is no member for
87 // that.
88
89 size_t key_size_bits = 0;
90 };
Ryan Sleevi 2015/02/07 02:09:40 Ditto this. I don't really understand this structu
pneubeck (no reviews) 2015/02/08 10:52:00 I can only guess what you find problematic here. A
Ryan Sleevi 2015/02/10 00:59:32 Sorry I wasn't clearer: I don't understand why yo
91
60 namespace subtle { 92 namespace subtle {
61 // Functions of this namespace shouldn't be called directly from the context of 93 // Functions of this namespace shouldn't be called directly from the context of
62 // an extension. Instead use PlatformKeysService which enforces restrictions 94 // an extension. Instead use PlatformKeysService which enforces restrictions
63 // upon extensions. 95 // upon extensions.
64 96
65 typedef base::Callback<void(const std::string& public_key_spki_der, 97 typedef base::Callback<void(const std::string& public_key_spki_der,
66 const std::string& error_message)> 98 const std::string& error_message)>
67 GenerateKeyCallback; 99 GenerateKeyCallback;
68 100
69 // Generates a RSA key pair with |modulus_length_bits|. |token_id| is currently 101 // Generates a RSA key pair with |modulus_length_bits|. |token_id| is currently
70 // ignored, instead the user token associated with |browser_context| is always 102 // ignored, instead the user token associated with |browser_context| is always
71 // used. |callback| will be invoked with the resulting public key or an error. 103 // used. |callback| will be invoked with the resulting public key or an error.
72 void GenerateRSAKey(const std::string& token_id, 104 void GenerateRSAKey(const std::string& token_id,
73 unsigned int modulus_length_bits, 105 unsigned int modulus_length_bits,
74 const GenerateKeyCallback& callback, 106 const GenerateKeyCallback& callback,
75 content::BrowserContext* browser_context); 107 content::BrowserContext* browser_context);
76 108
77 typedef base::Callback<void(const std::string& signature, 109 typedef base::Callback<void(const std::string& signature,
78 const std::string& error_message)> SignCallback; 110 const std::string& error_message)> SignCallback;
79 111
80 // Digests |data| with |hash_algorithm| and afterwards signs the digest with the 112 // Optionally digests |data|, applies PKCS1 padding and afterwards signs the
81 // private key matching |public_key|, if that key is stored in the given token. 113 // data with the private key matching |params.public_key|. If a non empty token
82 // |token_id| is currently ignored, instead the user token associated with 114 // id is provided and the key is not found in that token, the operation aborts.
83 // |browser_context| is always used. |public_key| must be the DER encoding of a 115 // |callback| will be invoked with the signature or an error message.
84 // SubjectPublicKeyInfo. |callback| will be invoked with the signature or an 116 void SignRSA(const std::string& token_id,
85 // error message. 117 scoped_ptr<SignRSAParams> params,
86 // Currently supports RSA keys only. 118 const SignCallback& callback,
87 void Sign(const std::string& token_id, 119 content::BrowserContext* browser_context);
88 const std::string& public_key,
89 HashAlgorithm hash_algorithm,
90 const std::string& data,
91 const SignCallback& callback,
92 content::BrowserContext* browser_context);
93 120
94 // If the certificate request could be processed successfully, |matches| will 121 // If the certificate request could be processed successfully, |matches| will
95 // contain the list of matching certificates (which may be empty) and 122 // contain the list of matching certificates (which may be empty) and
96 // |error_message| will be empty. If an error occurred, |matches| will be null 123 // |error_message| will be empty. If an error occurred, |matches| will be null
97 // and |error_message| contain an error message. 124 // and |error_message| contain an error message.
98 typedef base::Callback<void(scoped_ptr<net::CertificateList> matches, 125 typedef base::Callback<void(scoped_ptr<net::CertificateList> matches,
99 const std::string& error_message)> 126 const std::string& error_message)>
100 SelectCertificatesCallback; 127 SelectCertificatesCallback;
101 128
102 // Returns the list of all certificates that match |request|. |callback| will be 129 // Returns the list of all certificates that match |request|. |callback| will be
103 // invoked with these matches or an error message. 130 // invoked with these matches or an error message.
104 void SelectClientCertificates(const ClientCertificateRequest& request, 131 void SelectClientCertificates(const ClientCertificateRequest& request,
105 const SelectCertificatesCallback& callback, 132 const SelectCertificatesCallback& callback,
106 content::BrowserContext* browser_context); 133 content::BrowserContext* browser_context);
107 134
108 } // namespace subtle 135 } // namespace subtle
109 136
137 // Fills |info| with information about the key certified by |certificate|.
138 bool GetPublicKey(scoped_refptr<net::X509Certificate> certificate,
139 SubjectPublicKeyInfo* info);
140
110 // If the list of certificates could be successfully retrieved, |certs| will 141 // If the list of certificates could be successfully retrieved, |certs| will
111 // contain the list of available certificates (maybe empty) and |error_message| 142 // contain the list of available certificates (maybe empty) and |error_message|
112 // will be empty. If an error occurred, |certs| will be empty and 143 // will be empty. If an error occurred, |certs| will be empty and
113 // |error_message| contain an error message. 144 // |error_message| contain an error message.
114 typedef base::Callback<void(scoped_ptr<net::CertificateList> certs, 145 typedef base::Callback<void(scoped_ptr<net::CertificateList> certs,
115 const std::string& error_message)> 146 const std::string& error_message)>
116 GetCertificatesCallback; 147 GetCertificatesCallback;
117 148
118 // Returns the list of all certificates with stored private key available from 149 // Returns the list of all certificates with stored private key available from
119 // the given token. |token_id| is currently ignored, instead the user token 150 // the given token. |token_id| is currently ignored, instead the user token
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
163 // of available tokens is determined, possibly with an error message. 194 // of available tokens is determined, possibly with an error message.
164 // Must be called and calls |callback| on the UI thread. 195 // Must be called and calls |callback| on the UI thread.
165 void GetTokens(const GetTokensCallback& callback, 196 void GetTokens(const GetTokensCallback& callback,
166 content::BrowserContext* browser_context); 197 content::BrowserContext* browser_context);
167 198
168 } // namespace platform_keys 199 } // namespace platform_keys
169 200
170 } // namespace chromeos 201 } // namespace chromeos
171 202
172 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 203 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698