Home | History | Annotate | Download | only in crypto 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_QUIC_CRYPTO_CHANNEL_ID_H_
      6 #define NET_QUIC_CRYPTO_CHANNEL_ID_H_
      7 
      8 #include <string>
      9 
     10 #include "base/strings/string_piece.h"
     11 #include "net/base/net_export.h"
     12 
     13 namespace net {
     14 
     15 // ChannelIDSigner is an abstract interface that implements signing by
     16 // ChannelID keys.
     17 class NET_EXPORT_PRIVATE ChannelIDSigner {
     18  public:
     19   virtual ~ChannelIDSigner() { }
     20 
     21   // Sign signs |signed_data| using the ChannelID key for |hostname| and puts
     22   // the serialized public key into |out_key| and the signature into
     23   // |out_signature|. It returns true on success.
     24   virtual bool Sign(const std::string& hostname,
     25                     base::StringPiece signed_data,
     26                     std::string* out_key,
     27                     std::string* out_signature) = 0;
     28 
     29   // GetKeyForHostname returns the ChannelID key that |ChannelIDSigner| will use
     30   // for the given hostname.
     31   virtual std::string GetKeyForHostname(const std::string& hostname) = 0;
     32 };
     33 
     34 // ChannelIDVerifier verifies ChannelID signatures.
     35 class NET_EXPORT_PRIVATE ChannelIDVerifier {
     36  public:
     37   // kContextStr is prepended to the data to be signed in order to ensure that
     38   // a ChannelID signature cannot be used in a different context. (The
     39   // terminating NUL byte is inclued.)
     40   static const char kContextStr[];
     41   // kClientToServerStr follows kContextStr to specify that the ChannelID is
     42   // being used in the client to server direction. (The terminating NUL byte is
     43   // included.)
     44   static const char kClientToServerStr[];
     45 
     46   // Verify returns true iff |signature| is a valid signature of |signed_data|
     47   // by |key|.
     48   static bool Verify(base::StringPiece key,
     49                      base::StringPiece signed_data,
     50                      base::StringPiece signature);
     51 
     52   // FOR TESTING ONLY: VerifyRaw returns true iff |signature| is a valid
     53   // signature of |signed_data| by |key|. |is_channel_id_signature| indicates
     54   // whether |signature| is a ChannelID signature (with kContextStr prepended
     55   // to the data to be signed).
     56   static bool VerifyRaw(base::StringPiece key,
     57                         base::StringPiece signed_data,
     58                         base::StringPiece signature,
     59                         bool is_channel_id_signature);
     60 };
     61 
     62 }  // namespace net
     63 
     64 #endif  // NET_QUIC_CRYPTO_CHANNEL_ID_H_
     65