Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(471)

Side by Side Diff: chrome/browser/chromeos/platform_keys/platform_keys.h

Issue 884073002: Implement chrome.platformKeys.getKeyPair(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2
Patch Set: Fix typo in basic.js. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/callback_forward.h" 11 #include "base/callback_forward.h"
12 #include "base/macros.h" 12 #include "base/macros.h"
13 #include "base/memory/ref_counted.h" 13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/scoped_ptr.h"
15 #include "net/cert/x509_certificate.h"
15 #include "net/ssl/ssl_client_cert_type.h" 16 #include "net/ssl/ssl_client_cert_type.h"
16 17
17 namespace content { 18 namespace content {
18 class BrowserContext; 19 class BrowserContext;
19 } 20 }
20 21
21 namespace net {
22 class X509Certificate;
23 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
24 }
25
26 namespace chromeos { 22 namespace chromeos {
27 23
28 namespace platform_keys { 24 namespace platform_keys {
29 25
30 // A token is a store for keys or certs and can provide cryptographic 26 // A token is a store for keys or certs and can provide cryptographic
31 // operations. 27 // operations.
32 // ChromeOS provides itself a user token and conditionally a system wide token, 28 // ChromeOS provides itself a user token and conditionally a system wide token,
33 // thus these tokens use static identifiers. The platform keys API is designed 29 // thus these tokens use static identifiers. The platform keys API is designed
34 // to support arbitrary other tokens in the future, which could then use 30 // to support arbitrary other tokens in the future, which could then use
35 // run-time generated IDs. 31 // run-time generated IDs.
36 extern const char kTokenIdUser[]; 32 extern const char kTokenIdUser[];
37 extern const char kTokenIdSystem[]; 33 extern const char kTokenIdSystem[];
38 34
39 // Supported hash algorithms. 35 // Supported hash algorithms.
40 enum HashAlgorithm { 36 enum HashAlgorithm {
37 HASH_ALGORITHM_NONE, // The value if no hash function is selected.
41 HASH_ALGORITHM_SHA1, 38 HASH_ALGORITHM_SHA1,
42 HASH_ALGORITHM_SHA256, 39 HASH_ALGORITHM_SHA256,
43 HASH_ALGORITHM_SHA384, 40 HASH_ALGORITHM_SHA384,
44 HASH_ALGORITHM_SHA512 41 HASH_ALGORITHM_SHA512
45 }; 42 };
46 43
47 struct ClientCertificateRequest { 44 struct ClientCertificateRequest {
48 ClientCertificateRequest(); 45 ClientCertificateRequest();
49 ~ClientCertificateRequest(); 46 ~ClientCertificateRequest();
50 47
(...skipping 19 matching lines...) Expand all
70 // ignored, instead the user token associated with |browser_context| is always 67 // ignored, instead the user token associated with |browser_context| is always
71 // used. |callback| will be invoked with the resulting public key or an error. 68 // used. |callback| will be invoked with the resulting public key or an error.
72 void GenerateRSAKey(const std::string& token_id, 69 void GenerateRSAKey(const std::string& token_id,
73 unsigned int modulus_length_bits, 70 unsigned int modulus_length_bits,
74 const GenerateKeyCallback& callback, 71 const GenerateKeyCallback& callback,
75 content::BrowserContext* browser_context); 72 content::BrowserContext* browser_context);
76 73
77 typedef base::Callback<void(const std::string& signature, 74 typedef base::Callback<void(const std::string& signature,
78 const std::string& error_message)> SignCallback; 75 const std::string& error_message)> SignCallback;
79 76
80 // Digests |data| with |hash_algorithm| and afterwards signs the digest with the 77 // Digests |data|, applies PKCS1 padding and afterwards signs the data with the
81 // private key matching |public_key|, if that key is stored in the given token. 78 // private key matching |params.public_key|. If a non empty token id is provided
82 // |token_id| is currently ignored, instead the user token associated with 79 // and the key is not found in that token, the operation aborts. |callback| will
83 // |browser_context| is always used. |public_key| must be the DER encoding of a 80 // be invoked with the signature or an error message.
84 // SubjectPublicKeyInfo. |callback| will be invoked with the signature or an 81 void SignRSAPKCS1Digest(const std::string& token_id,
85 // error message. 82 const std::string& data,
86 // Currently supports RSA keys only. 83 const std::string& public_key,
87 void Sign(const std::string& token_id, 84 HashAlgorithm hash_algorithm,
88 const std::string& public_key, 85 const SignCallback& callback,
89 HashAlgorithm hash_algorithm, 86 content::BrowserContext* browser_context);
90 const std::string& data, 87
91 const SignCallback& callback, 88 // Applies PKCS1 padding and afterwards signs the data with the private key
92 content::BrowserContext* browser_context); 89 // matching |params.public_key|. |data| is not digested. If a non empty token id
90 // is provided and the key is not found in that token, the operation aborts.
91 // The size of |data| (number of octets) must be smaller than k - 11, where k
92 // is the key size in octets.
93 // |callback| will be invoked with the signature or an error message.
94 void SignRSAPKCS1Raw(const std::string& token_id,
95 const std::string& data,
96 const std::string& public_key,
97 const SignCallback& callback,
98 content::BrowserContext* browser_context);
93 99
94 // If the certificate request could be processed successfully, |matches| will 100 // If the certificate request could be processed successfully, |matches| will
95 // contain the list of matching certificates (which may be empty) and 101 // contain the list of matching certificates (which may be empty) and
96 // |error_message| will be empty. If an error occurred, |matches| will be null 102 // |error_message| will be empty. If an error occurred, |matches| will be null
97 // and |error_message| contain an error message. 103 // and |error_message| contain an error message.
98 typedef base::Callback<void(scoped_ptr<net::CertificateList> matches, 104 typedef base::Callback<void(scoped_ptr<net::CertificateList> matches,
99 const std::string& error_message)> 105 const std::string& error_message)>
100 SelectCertificatesCallback; 106 SelectCertificatesCallback;
101 107
102 // Returns the list of all certificates that match |request|. |callback| will be 108 // Returns the list of all certificates that match |request|. |callback| will be
103 // invoked with these matches or an error message. 109 // invoked with these matches or an error message.
104 void SelectClientCertificates(const ClientCertificateRequest& request, 110 void SelectClientCertificates(const ClientCertificateRequest& request,
105 const SelectCertificatesCallback& callback, 111 const SelectCertificatesCallback& callback,
106 content::BrowserContext* browser_context); 112 content::BrowserContext* browser_context);
107 113
108 } // namespace subtle 114 } // namespace subtle
109 115
116 // If possible, fills the output arguments with information about the key
117 // certified by |certificate| and returns true.
118 // If an error occurs, does not modify the output arguments and returns false.
119 // It is handled as an error, if the key is an RSA key with public exponent
120 // not equal to 65537.
Ryan Sleevi 2015/02/10 21:25:28 Comment nit: This reads somewhat weird. Perhaps re
pneubeck (no reviews) 2015/02/11 14:37:04 adapted the implementation to ensure that false is
121 // |public_key_spki_der|: Will be assigned the the X.509 Subject Public Key Info
122 // of the key in DER encoding, if not null.
123 // |key_type|: Will be assigned the type of the key, if not null.
124 // |key_size_bits|: Will the size of the key in bits, if not null.
125 bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate,
126 std::string* out_public_key_spki_der,
127 net::X509Certificate::PublicKeyType* out_key_type,
128 size_t* out_key_size_bits);
Ryan Sleevi 2015/02/10 21:25:28 naming nit: None of these need to be named |out_|
pneubeck (no reviews) 2015/02/11 14:37:04 Done.
129
110 // If the list of certificates could be successfully retrieved, |certs| will 130 // If the list of certificates could be successfully retrieved, |certs| will
111 // contain the list of available certificates (maybe empty) and |error_message| 131 // contain the list of available certificates (maybe empty) and |error_message|
112 // will be empty. If an error occurred, |certs| will be empty and 132 // will be empty. If an error occurred, |certs| will be empty and
113 // |error_message| contain an error message. 133 // |error_message| contain an error message.
114 typedef base::Callback<void(scoped_ptr<net::CertificateList> certs, 134 typedef base::Callback<void(scoped_ptr<net::CertificateList> certs,
115 const std::string& error_message)> 135 const std::string& error_message)>
116 GetCertificatesCallback; 136 GetCertificatesCallback;
117 137
118 // Returns the list of all certificates with stored private key available from 138 // Returns the list of all certificates with stored private key available from
119 // the given token. |token_id| is currently ignored, instead the user token 139 // the given token. |token_id| is currently ignored, instead the user token
120 // associated with |browser_context| is always used. |callback| will be invoked 140 // associated with |browser_context| is always used. |callback| will be invoked
121 // with the list of available certificates or an error message. 141 // with the list of available certificates or an error message.
122 void GetCertificates(const std::string& token_id, 142 void GetCertificates(const std::string& token_id,
123 const GetCertificatesCallback& callback, 143 const GetCertificatesCallback& callback,
124 content::BrowserContext* browser_context); 144 content::BrowserContext* browser_context);
125 145
126 // If an error occurred during import, |error_message| will be set to an error 146 // If an error occurred during import, |error_message| will be set to an error
127 // message. 147 // message.
128 typedef base::Callback<void(const std::string& error_message)> 148 typedef base::Callback<void(const std::string& error_message)>
129 ImportCertificateCallback; 149 ImportCertificateCallback;
130 150
131 // Imports |certificate| to the given token if the certified key is already 151 // Imports |certificate| to the given token if the certified key is already
132 // stored in this token. Any intermediate of |certificate| will be ignored. 152 // stored in this token. Any intermediate of |certificate| will be ignored.
133 // |token_id| is currently ignored, instead the user token associated with 153 // |token_id| is currently ignored, instead the user token associated with
134 // |browser_context| is always used. |callback| will be invoked when the import 154 // |browser_context| is always used. |callback| will be invoked when the import
135 // is finished, possibly with an error message. 155 // is finished, possibly with an error message.
136 void ImportCertificate(const std::string& token_id, 156 void ImportCertificate(const std::string& token_id,
137 scoped_refptr<net::X509Certificate> certificate, 157 const scoped_refptr<net::X509Certificate>& certificate,
138 const ImportCertificateCallback& callback, 158 const ImportCertificateCallback& callback,
139 content::BrowserContext* browser_context); 159 content::BrowserContext* browser_context);
140 160
141 // If an error occurred during removal, |error_message| will be set to an error 161 // If an error occurred during removal, |error_message| will be set to an error
142 // message. 162 // message.
143 typedef base::Callback<void(const std::string& error_message)> 163 typedef base::Callback<void(const std::string& error_message)>
144 RemoveCertificateCallback; 164 RemoveCertificateCallback;
145 165
146 // Removes |certificate| from the given token if present. Any intermediate of 166 // Removes |certificate| from the given token if present. Any intermediate of
147 // |certificate| will be ignored. |token_id| is currently ignored, instead the 167 // |certificate| will be ignored. |token_id| is currently ignored, instead the
148 // user token associated with |browser_context| is always used. |callback| will 168 // user token associated with |browser_context| is always used. |callback| will
149 // be invoked when the removal is finished, possibly with an error message. 169 // be invoked when the removal is finished, possibly with an error message.
150 void RemoveCertificate(const std::string& token_id, 170 void RemoveCertificate(const std::string& token_id,
151 scoped_refptr<net::X509Certificate> certificate, 171 const scoped_refptr<net::X509Certificate>& certificate,
152 const RemoveCertificateCallback& callback, 172 const RemoveCertificateCallback& callback,
153 content::BrowserContext* browser_context); 173 content::BrowserContext* browser_context);
154 174
155 // If the list of available tokens could be successfully retrieved, |token_ids| 175 // If the list of available tokens could be successfully retrieved, |token_ids|
156 // will contain the token ids. If an error occurs, |token_ids| will be NULL and 176 // will contain the token ids. If an error occurs, |token_ids| will be NULL and
157 // |error_message| will be set to an error message. 177 // |error_message| will be set to an error message.
158 typedef base::Callback<void(scoped_ptr<std::vector<std::string> > token_ids, 178 typedef base::Callback<void(scoped_ptr<std::vector<std::string> > token_ids,
159 const std::string& error_message)> 179 const std::string& error_message)>
160 GetTokensCallback; 180 GetTokensCallback;
161 181
162 // Gets the list of available tokens. |callback| will be invoked when the list 182 // Gets the list of available tokens. |callback| will be invoked when the list
163 // of available tokens is determined, possibly with an error message. 183 // of available tokens is determined, possibly with an error message.
164 // Must be called and calls |callback| on the UI thread. 184 // Must be called and calls |callback| on the UI thread.
165 void GetTokens(const GetTokensCallback& callback, 185 void GetTokens(const GetTokensCallback& callback,
166 content::BrowserContext* browser_context); 186 content::BrowserContext* browser_context);
167 187
168 } // namespace platform_keys 188 } // namespace platform_keys
169 189
170 } // namespace chromeos 190 } // namespace chromeos
171 191
172 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 192 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698