Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1066)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/platform_keys/platform_keys_service.h

Issue 884073002: Implement chrome.platformKeys.getKeyPair(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2
Patch Set: Rebased. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/platform_keys/platform_keys_nss.cc ('k') | chrome/browser/chromeos/platform_keys/platform_keys_service.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/platform_keys/platform_keys_service.h
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_service.h b/chrome/browser/chromeos/platform_keys/platform_keys_service.h
index c7def45464a001a254616b60d04e6132c5754dab..444e058412499db11dbb2d87155663f73885fa0b 100644
--- a/chrome/browser/chromeos/platform_keys/platform_keys_service.h
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_service.h
@@ -49,7 +49,7 @@ class PlatformKeysService : public KeyedService {
~PlatformKeysService() override;
// Disables the checks whether an extension is allowed to read client
- // certificates.
+ // certificates or allowed to use the signing function of a key.
// TODO(pneubeck): Remove this once a permissions are implemented.
void DisablePermissionCheckForTesting();
@@ -61,7 +61,7 @@ class PlatformKeysService : public KeyedService {
const std::string& error_message)>
GenerateKeyCallback;
- // Generates a RSA key pair with |modulus_length_bits| and registers the key
+ // Generates an RSA key pair with |modulus_length_bits| and registers the key
// to allow a single sign operation by the given extension. |token_id| is
// currently ignored, instead the user token associated with |browser_context|
// is always used. |callback| will be invoked with the resulting public key or
@@ -78,22 +78,39 @@ class PlatformKeysService : public KeyedService {
typedef base::Callback<void(const std::string& signature,
const std::string& error_message)> SignCallback;
- // Digests |data| with |hash_algorithm| and afterwards signs the digest with
- // the private key matching |public_key_spki_der|, if that key is stored in
- // the given token and wasn't used for signing before.
- // Unregisters the key so that every future attempt to sign data with this key
- // is rejected. |token_id| is currently ignored, instead the user token
- // associated with |browser_context| is always used. |public_key_spki_der|
- // must be the DER encoding of a SubjectPublicKeyInfo. |callback| will be
- // invoked with the signature or an error message. Currently supports RSA keys
- // only.
+ // Digests |data|, applies PKCS1 padding and afterwards signs the data with
+ // the private key matching |params.public_key|. If a non empty token id is
+ // provided and the key is not found in that token, the operation aborts.
+ // If the extension does not have permissions for signing with this key, the
+ // operation aborts. In case of a one time permission (granted after
+ // generating the key), this function also removes the permission to prevent
+ // future signing attempts.
+ // |callback| will be invoked with the signature or an error message.
// Will only call back during the lifetime of this object.
- void Sign(const std::string& token_id,
- const std::string& public_key_spki_der,
- platform_keys::HashAlgorithm hash_algorithm,
- const std::string& data,
- const std::string& extension_id,
- const SignCallback& callback);
+ void SignRSAPKCS1Digest(const std::string& token_id,
+ const std::string& data,
+ const std::string& public_key,
+ platform_keys::HashAlgorithm hash_algorithm,
+ const std::string& extension_id,
+ const SignCallback& callback);
+
+ // Applies PKCS1 padding and afterwards signs the data with the private key
+ // matching |params.public_key|. |data| is not digested. If a non empty token
+ // id is provided and the key is not found in that token, the operation
+ // aborts.
+ // The size of |data| (number of octets) must be smaller than k - 11, where k
+ // is the key size in octets.
+ // If the extension does not have permissions for signing with this key, the
+ // operation aborts. In case of a one time permission (granted after
+ // generating the key), this function also removes the permission to prevent
+ // future signing attempts.
+ // |callback| will be invoked with the signature or an error message.
+ // Will only call back during the lifetime of this object.
+ void SignRSAPKCS1Raw(const std::string& token_id,
+ const std::string& data,
+ const std::string& public_key,
+ const std::string& extension_id,
+ const SignCallback& callback);
// If the certificate request could be processed successfully, |matches| will
// contain the list of matching certificates (maybe empty) and |error_message|
« no previous file with comments | « chrome/browser/chromeos/platform_keys/platform_keys_nss.cc ('k') | chrome/browser/chromeos/platform_keys/platform_keys_service.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698