1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_QUIC_CRYPTO_CHANNEL_ID_H_ 6 #define NET_QUIC_CRYPTO_CHANNEL_ID_H_ 7 8 #include <string> 9 10 #include "base/memory/scoped_ptr.h" 11 #include "base/strings/string_piece.h" 12 #include "net/base/net_export.h" 13 #include "net/quic/quic_types.h" 14 15 namespace net { 16 17 // ChannelIDKey is an interface that supports signing with and serializing a 18 // ChannelID key. 19 class NET_EXPORT_PRIVATE ChannelIDKey { 20 public: 21 virtual ~ChannelIDKey() {} 22 23 // Sign signs |signed_data| using the ChannelID private key and puts the 24 // signature into |out_signature|. It returns true on success. 25 virtual bool Sign(base::StringPiece signed_data, 26 std::string* out_signature) const = 0; 27 28 // SerializeKey returns the serialized ChannelID public key. 29 virtual std::string SerializeKey() const = 0; 30 }; 31 32 // ChannelIDSourceCallback provides a generic mechanism for a ChannelIDSource 33 // to call back after an asynchronous GetChannelIDKey operation. 34 class ChannelIDSourceCallback { 35 public: 36 virtual ~ChannelIDSourceCallback() {} 37 38 // Run is called on the original thread to mark the completion of an 39 // asynchonous GetChannelIDKey operation. If |*channel_id_key| is not NULL 40 // then the channel ID lookup is successful. |Run| may take ownership of 41 // |*channel_id_key| by calling |release| on it. 42 virtual void Run(scoped_ptr<ChannelIDKey>* channel_id_key) = 0; 43 }; 44 45 // ChannelIDSource is an abstract interface by which a QUIC client can obtain 46 // a ChannelIDKey for a given hostname. 47 class NET_EXPORT_PRIVATE ChannelIDSource { 48 public: 49 virtual ~ChannelIDSource() {} 50 51 // GetChannelIDKey looks up the ChannelIDKey for |hostname|. On success it 52 // returns QUIC_SUCCESS and stores the ChannelIDKey in |*channel_id_key|, 53 // which the caller takes ownership of. On failure, it returns QUIC_FAILURE. 54 // 55 // This function may also return QUIC_PENDING, in which case the 56 // ChannelIDSource will call back, on the original thread, via |callback| 57 // when complete. In this case, the ChannelIDSource will take ownership of 58 // |callback|. 59 virtual QuicAsyncStatus GetChannelIDKey( 60 const std::string& hostname, 61 scoped_ptr<ChannelIDKey>* channel_id_key, 62 ChannelIDSourceCallback* callback) = 0; 63 }; 64 65 // ChannelIDVerifier verifies ChannelID signatures. 66 class NET_EXPORT_PRIVATE ChannelIDVerifier { 67 public: 68 // kContextStr is prepended to the data to be signed in order to ensure that 69 // a ChannelID signature cannot be used in a different context. (The 70 // terminating NUL byte is inclued.) 71 static const char kContextStr[]; 72 // kClientToServerStr follows kContextStr to specify that the ChannelID is 73 // being used in the client to server direction. (The terminating NUL byte is 74 // included.) 75 static const char kClientToServerStr[]; 76 77 // Verify returns true iff |signature| is a valid signature of |signed_data| 78 // by |key|. 79 static bool Verify(base::StringPiece key, 80 base::StringPiece signed_data, 81 base::StringPiece signature); 82 83 // FOR TESTING ONLY: VerifyRaw returns true iff |signature| is a valid 84 // signature of |signed_data| by |key|. |is_channel_id_signature| indicates 85 // whether |signature| is a ChannelID signature (with kContextStr prepended 86 // to the data to be signed). 87 static bool VerifyRaw(base::StringPiece key, 88 base::StringPiece signed_data, 89 base::StringPiece signature, 90 bool is_channel_id_signature); 91 92 private: 93 DISALLOW_COPY_AND_ASSIGN(ChannelIDVerifier); 94 }; 95 96 } // namespace net 97 98 #endif // NET_QUIC_CRYPTO_CHANNEL_ID_H_ 99
