Separate CryptoVerifyImpl into its own file.

This eliminates some dependencies from NetworkingPrivateServiceClient
that will allow it to be moved to src/extensions.

It also changes NetworkingPrivatCrypto from a class to a namespace since that is how we use it.

BUG=363776

Review URL: https://codereview.chromium.org/442073003

Cr-Commit-Position: refs/heads/master@{#288396}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@288396 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/extensions/api/networking_private/crypto_verify_impl.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/extensions/api/networking_private/crypto_verify_impl.h"
+
+#include "base/base64.h"
+#include "chrome/browser/extensions/api/networking_private/networking_private_credentials_getter.h"
+#include "chrome/browser/extensions/api/networking_private/networking_private_service_client.h"
+#include "chrome/common/extensions/api/networking_private/networking_private_crypto.h"
+
+namespace {
+
+bool VerifyCredentials(const CryptoVerifyImpl::Credentials& credentials) {
+  return networking_private_crypto::VerifyCredentials(credentials.certificate,
+                                                      credentials.signed_data,
+                                                      credentials.unsigned_data,
+                                                      credentials.device_bssid);
+}
+
+}  // namespace
+
+using extensions::NetworkingPrivateServiceClient;
+using extensions::NetworkingPrivateCredentialsGetter;
+
+NetworkingPrivateServiceClient::CryptoVerify*
+NetworkingPrivateServiceClient::CryptoVerify::Create() {
+  return new CryptoVerifyImpl();
+}
+
+CryptoVerifyImpl::CryptoVerifyImpl() {
+}
+
+CryptoVerifyImpl::~CryptoVerifyImpl() {
+}
+
+void CryptoVerifyImpl::VerifyDestination(const Credentials& credentials,
+                                         bool* verified,
+                                         std::string* error) {
+  *verified = VerifyCredentials(credentials);
+}
+
+void CryptoVerifyImpl::VerifyAndEncryptCredentials(
+    const std::string& network_guid,
+    const Credentials& credentials,
+    const VerifyAndEncryptCredentialsCallback& callback) {
+  if (!VerifyCredentials(credentials)) {
+    callback.Run("", "VerifyError");
+    return;
+  }
+
+  scoped_ptr<NetworkingPrivateCredentialsGetter> credentials_getter(
+      NetworkingPrivateCredentialsGetter::Create());
+
+  // Start getting credentials. On Windows |callback| will be called
+  // asynchronously on a different thread after |credentials_getter|
+  // is deleted.
+  credentials_getter->Start(network_guid, credentials.public_key, callback);
+}
+
+void CryptoVerifyImpl::VerifyAndEncryptData(
+    const Credentials& credentials,
+    const std::string& data,
+    std::string* base64_encoded_ciphertext,
+    std::string* error) {
+  if (!VerifyCredentials(credentials)) {
+    *error = "VerifyError";
+    return;
+  }
+
+  std::vector<uint8> public_key_data(credentials.public_key.begin(),
+                                     credentials.public_key.end());
+  std::vector<uint8> ciphertext;
+  if (!networking_private_crypto::EncryptByteString(
+          public_key_data, data, &ciphertext)) {
+    *error = "EncryptError";
+    return;
+  }
+
+  base::Base64Encode(std::string(ciphertext.begin(), ciphertext.end()),
+                     base64_encoded_ciphertext);
+}

chrome/browser/extensions/api/networking_private/crypto_verify_impl.h

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_
+#define CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_
+
+#include "base/compiler_specific.h"
+#include "base/macros.h"
+#include "chrome/browser/extensions/api/networking_private/networking_private_service_client.h"
+
+// Implementation of NetworkingPrivateServiceClient::CryptoVerify using
+// networking_private_crypto.
+class CryptoVerifyImpl
+    : public extensions::NetworkingPrivateServiceClient::CryptoVerify {
+ public:
+  CryptoVerifyImpl();
+  virtual ~CryptoVerifyImpl();
+
+  // NetworkingPrivateServiceClient::CryptoVerify
+  virtual void VerifyDestination(const Credentials& credentials,
+                                 bool* verified,
+                                 std::string* error) OVERRIDE;
+  virtual void VerifyAndEncryptCredentials(
+      const std::string& network_guid,
+      const Credentials& credentials,
+      const VerifyAndEncryptCredentialsCallback& callback) OVERRIDE;
+  virtual void VerifyAndEncryptData(const Credentials& credentials,
+                                    const std::string& data,
+                                    std::string* base64_encoded_ciphertext,
+                                    std::string* error) OVERRIDE;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(CryptoVerifyImpl);
+};
+
+#endif  // CHROME_BROWSER_EXTENSIONS_API_NETWORKING_PRIVATE_CRYPTO_VERIFY_IMPL_H_

chrome/browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc

@@ -56,10 +56,10 @@ void NetworkingPrivateCredentialsGetterMac::Start(
     return;
   }
 
-  NetworkingPrivateCrypto crypto;
   std::vector<uint8> public_key_data(public_key.begin(), public_key.end());
   std::vector<uint8> ciphertext;
-  if (!crypto.EncryptByteString(public_key_data, key_data, &ciphertext)) {
+  if (!networking_private_crypto::EncryptByteString(
+          public_key_data, key_data, &ciphertext)) {
     callback.Run("", kErrorEncryption);
     return;
   }

chrome/browser/extensions/api/networking_private/networking_private_service_client.cc

@@ -12,11 +12,8 @@
 #include "base/threading/worker_pool.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/extensions/api/networking_private/networking_private_api.h"
-#include "chrome/browser/extensions/api/networking_private/networking_private_credentials_getter.h"
 #include "chrome/common/extensions/api/networking_private.h"
-#include "chrome/common/extensions/api/networking_private/networking_private_crypto.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/browser/utility_process_host.h"
 
 using content::BrowserThread;
 
@@ -49,66 +46,6 @@ bool GetVerificationCredentials(
   return true;
 }
 
-// Implementation of Verify* methods using NetworkingPrivateCrypto.
-// TODO(mef): Move this into NetworkingPrivateCrypto class.
-class CryptoVerifyImpl : public NetworkingPrivateServiceClient::CryptoVerify {
-  bool VerifyCredentials(const Credentials& credentials) {
-    NetworkingPrivateCrypto crypto;
-    return crypto.VerifyCredentials(credentials.certificate,
-                                    credentials.signed_data,
-                                    credentials.unsigned_data,
-                                    credentials.device_bssid);
-  }
-
-  // NetworkingPrivateServiceClient::CryptoVerify
-
-  virtual void VerifyDestination(const Credentials& credentials,
-                                 bool* verified,
-                                 std::string* error) OVERRIDE {
-    *verified = VerifyCredentials(credentials);
-  }
-
-  virtual void VerifyAndEncryptCredentials(
-      const std::string& network_guid,
-      const Credentials& credentials,
-      const VerifyAndEncryptCredentialsCallback& callback) OVERRIDE {
-    if (!VerifyCredentials(credentials)) {
-      callback.Run("", "VerifyError");
-      return;
-    }
-
-    scoped_ptr<NetworkingPrivateCredentialsGetter> credentials_getter(
-        NetworkingPrivateCredentialsGetter::Create());
-
-    // Start getting credentials. On Windows |callback| will be called
-    // asynchronously on a different thread after |credentials_getter|
-    // is deleted.
-    credentials_getter->Start(network_guid, credentials.public_key, callback);
-  }
-
-  virtual void VerifyAndEncryptData(const Credentials& credentials,
-                                    const std::string& data,
-                                    std::string* base64_encoded_ciphertext,
-                                    std::string* error) OVERRIDE {
-    if (!VerifyCredentials(credentials)) {
-      *error = "VerifyError";
-      return;
-    }
-
-    NetworkingPrivateCrypto crypto;
-    std::vector<uint8> public_key_data(
-      credentials.public_key.begin(), credentials.public_key.end());
-    std::vector<uint8> ciphertext;
-    if (!crypto.EncryptByteString(public_key_data, data, &ciphertext)) {
-      *error = "EncryptError";
-      return;
-    }
-
-    base::Base64Encode(std::string(ciphertext.begin(), ciphertext.end()),
-                       base64_encoded_ciphertext);
-  }
-};
-
 // Deletes WiFiService and CryptoVerify objects on worker thread.
 void ShutdownServicesOnWorkerThread(
     scoped_ptr<wifi::WiFiService> wifi_service,
@@ -131,6 +68,9 @@ void AfterVerifyAndEncryptCredentialsRelay(
 
 }  // namespace
 
+NetworkingPrivateServiceClient::CryptoVerify::CryptoVerify() {}
+NetworkingPrivateServiceClient::CryptoVerify::~CryptoVerify() {}
+
 NetworkingPrivateServiceClient::CryptoVerify::Credentials::Credentials() {}
 NetworkingPrivateServiceClient::CryptoVerify::Credentials::~Credentials() {}
 
@@ -175,11 +115,6 @@ NetworkingPrivateServiceClient::~NetworkingPrivateServiceClient() {
   DCHECK(!crypto_verify_.get());
 }
 
-NetworkingPrivateServiceClient::CryptoVerify*
-    NetworkingPrivateServiceClient::CryptoVerify::Create() {
-  return new CryptoVerifyImpl();
-}
-
 NetworkingPrivateServiceClient::ServiceCallbacks::ServiceCallbacks() {}
 
 NetworkingPrivateServiceClient::ServiceCallbacks::~ServiceCallbacks() {}
@@ -433,6 +368,11 @@ void NetworkingPrivateServiceClient::VerifyDestination(
     const VerificationProperties& verification_properties,
     const BoolCallback& success_callback,
     const FailureCallback& failure_callback) {
+  if (!crypto_verify_) {
+    failure_callback.Run(networking_private::kErrorNotSupported);
+    return;
+  }
+
   ServiceCallbacks* service_callbacks = AddServiceCallbacks();
   service_callbacks->failure_callback = failure_callback;
   service_callbacks->verify_destination_callback = success_callback;
@@ -465,6 +405,11 @@ void NetworkingPrivateServiceClient::VerifyAndEncryptCredentials(
     const VerificationProperties& verification_properties,
     const StringCallback& success_callback,
     const FailureCallback& failure_callback) {
+  if (!crypto_verify_) {
+    failure_callback.Run(networking_private::kErrorNotSupported);
+    return;
+  }
+
   ServiceCallbacks* service_callbacks = AddServiceCallbacks();
   service_callbacks->failure_callback = failure_callback;
   service_callbacks->verify_and_encrypt_credentials_callback = success_callback;
@@ -496,6 +441,11 @@ void NetworkingPrivateServiceClient::VerifyAndEncryptData(
     const std::string& data,
     const StringCallback& success_callback,
     const FailureCallback& failure_callback) {
+  if (!crypto_verify_) {
+    failure_callback.Run(networking_private::kErrorNotSupported);
+    return;
+  }
+
   ServiceCallbacks* service_callbacks = AddServiceCallbacks();
   service_callbacks->failure_callback = failure_callback;
   service_callbacks->verify_and_encrypt_data_callback = success_callback;

chrome/browser/extensions/api/networking_private/networking_private_service_client.h

@@ -64,9 +64,11 @@ class NetworkingPrivateServiceClient
       std::string public_key;
     };
 
-    CryptoVerify() {}
-    virtual ~CryptoVerify() {}
+    CryptoVerify();
+    virtual ~CryptoVerify();
 
+    // Must be provided by the implementation. May return NULL if certificate
+    // verification is unavailable, see NetworkingPrivateServiceClient().
     static CryptoVerify* Create();
 
     virtual void VerifyDestination(const Credentials& credentials,
@@ -104,7 +106,8 @@ class NetworkingPrivateServiceClient
 
   // Takes ownership of |wifi_service| and |crypto_verify|. They are accessed
   // and deleted on the worker thread. The deletion task is posted during the
-  // NetworkingPrivateServiceClient shutdown.
+  // NetworkingPrivateServiceClient shutdown. |crypto_verify| may be NULL in
+  // which case Verify* will return a 'not implemented' error.
   NetworkingPrivateServiceClient(wifi::WiFiService* wifi_service,
                                  CryptoVerify* crypto_verify);
 
@@ -254,6 +257,7 @@ class NetworkingPrivateServiceClient
   // Observers to Network Events.
   ObserverList<Observer> network_events_observers_;
   // Interface for Verify* methods. Used and deleted on the worker thread.
+  // May be NULL.
   scoped_ptr<CryptoVerify> crypto_verify_;
   // Interface to WiFiService. Used and deleted on the worker thread.
   scoped_ptr<wifi::WiFiService> wifi_service_;

chrome/chrome_browser_extensions.gypi

@@ -922,6 +922,8 @@
       'browser/extensions/extension_tab_util_android.cc',
     ],
     'chrome_browser_extensions_networking_private_sources': [
+      'browser/extensions/api/networking_private/crypto_verify_impl.cc',
+      'browser/extensions/api/networking_private/crypto_verify_impl.h',
       'browser/extensions/api/networking_private/networking_private_api.h',
       'browser/extensions/api/networking_private/networking_private_credentials_getter.h',
       'browser/extensions/api/networking_private/networking_private_credentials_getter_mac.cc',

chrome/common/extensions/api/networking_private/networking_private_crypto.cc

@@ -4,7 +4,9 @@
 
 #include "chrome/common/extensions/api/networking_private/networking_private_crypto.h"
 
-const uint8 NetworkingPrivateCrypto::kTrustedCAPublicKeyDER[] = {
+namespace networking_private_crypto {
+
+const uint8 kTrustedCAPublicKeyDER[] = {
     0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc, 0x22, 0x80,
     0xbd, 0x80, 0xf6, 0x3a, 0x21, 0x00, 0x3b, 0xae, 0x76, 0x5e, 0x35, 0x7f,
     0x3d, 0xc3, 0x64, 0x5c, 0x55, 0x94, 0x86, 0x34, 0x2f, 0x05, 0x87, 0x28,
@@ -29,11 +31,6 @@ const uint8 NetworkingPrivateCrypto::kTrustedCAPublicKeyDER[] = {
     0x61, 0x47, 0x9e, 0xab, 0x80, 0xb7, 0xe4, 0x48, 0x80, 0x2a, 0x92, 0xc5,
     0x1b, 0x02, 0x03, 0x01, 0x00, 0x01};
 
-const size_t NetworkingPrivateCrypto::kTrustedCAPublicKeyDERLength =
-    sizeof(kTrustedCAPublicKeyDER);
-
-NetworkingPrivateCrypto::NetworkingPrivateCrypto() {
-}
+const size_t kTrustedCAPublicKeyDERLength = sizeof(kTrustedCAPublicKeyDER);
 
-NetworkingPrivateCrypto::~NetworkingPrivateCrypto() {
-}
+}  // namespace networking_private_crypto

chrome/common/extensions/api/networking_private/networking_private_crypto.h

@@ -12,56 +12,44 @@
 
 #include "base/basictypes.h"
 
-// Implementation of Crypto support for networking private API.
-// Based on chromeos_public//src/platform/shill/shims/crypto_util.cc
-class NetworkingPrivateCrypto {
- public:
-  NetworkingPrivateCrypto();
-  ~NetworkingPrivateCrypto();
-
-  // Verify that credentials described by |certificate| and |signed_data| are
-  // valid.
-  //
-  // 1) The MAC address listed in the certificate matches |connected_mac|.
-  // 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
-  // 3) |signature| is a valid signature for |data|, using the public key in
-  // |certificate|
-  bool VerifyCredentials(const std::string& certificate,
+namespace networking_private_crypto {
+
+// Verify that the credentials described by |certificate| and |signed_data|
+// are valid as follows:
+// 1) The MAC address listed in the certificate matches |connected_mac|.
+// 2) The certificate is a valid PEM encoded certificate signed by trusted CA.
+// 3) |signature| is a valid signature for |data|, using the public key in
+// |certificate|
+bool VerifyCredentials(const std::string& certificate,
                        const std::string& signature,
                        const std::string& data,
                        const std::string& connected_mac);
 
-  // Encrypt |data| with |public_key|. |public_key| is a DER-encoded
-  // RSAPublicKey. |data| is some string of bytes that is smaller than the
-  // maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size.
-  //
-  // Returns true on success, storing the encrypted result in
-  // |encrypted_output|.
-  bool EncryptByteString(const std::vector<uint8_t>& public_key,
+// Encrypt |data| with |public_key|. |public_key| is a DER-encoded
+// RSAPublicKey. |data| is some string of bytes that is smaller than the
+// maximum length permissible for PKCS#1 v1.5 with a key of |public_key| size.
+//
+// Returns true on success, storing the encrypted result in
+// |encrypted_output|.
+bool EncryptByteString(const std::vector<uint8_t>& public_key,
                        const std::string& data,
                        std::vector<uint8_t>* encrypted_output);
 
- private:
-  friend class NetworkingPrivateCryptoTest;
-
-  // Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
-  // PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
-  // EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test.
-  //
-  // Returns true on success, storing the decrypted result in
-  // |decrypted_output|.
-  bool DecryptByteString(const std::string& private_key_pem,
+// Decrypt |encrypted_data| with |private_key_pem|. |private_key_pem| is the
+// PKCS8 PEM-encoded private key. |encrypted_data| is data encrypted with
+// EncryptByteString. Used in NetworkingPrivateCryptoTest::EncryptString test.
+// Returns true on success, storing the decrypted result in
+// |decrypted_output|.
+bool DecryptByteString(const std::string& private_key_pem,
                        const std::vector<uint8_t>& encrypted_data,
                        std::string* decrypted_output);
 
-  // The trusted public key as a DER-encoded PKCS#1 RSAPublicKey
-  // structure.
-  static const uint8_t kTrustedCAPublicKeyDER[];
+// The trusted public key as a DER-encoded PKCS#1 RSAPublicKey structure.
+extern const uint8_t kTrustedCAPublicKeyDER[];
 
-  // The length of |kTrustedCAPublicKeyDER| in bytes.
-  static const size_t kTrustedCAPublicKeyDERLength;
+// The length of |kTrustedCAPublicKeyDER| in bytes.
+extern const size_t kTrustedCAPublicKeyDERLength;
 
-  DISALLOW_COPY_AND_ASSIGN(NetworkingPrivateCrypto);
-};
+}  // namespace networking_private_crypto
 
 #endif  // CHROME_COMMON_EXTENSIONS_API_NETWORKING_PRIVATE_NETWORKING_PRIVATE_CRYPTO_H_

chrome/common/extensions/api/networking_private/networking_private_crypto_nss.cc

@@ -44,8 +44,9 @@ bool GetDERFromPEM(const std::string& pem_data,
 
 }  // namespace
 
-bool NetworkingPrivateCrypto::VerifyCredentials(
-    const std::string& certificate,
+namespace networking_private_crypto {
+
+bool VerifyCredentials(const std::string& certificate,
                        const std::string& signature,
                        const std::string& data,
                        const std::string& connected_mac) {
@@ -133,8 +134,7 @@ bool NetworkingPrivateCrypto::VerifyCredentials(
   return true;
 }
 
-bool NetworkingPrivateCrypto::EncryptByteString(
-    const std::vector<uint8_t>& pub_key_der,
+bool EncryptByteString(const std::vector<uint8_t>& pub_key_der,
                        const std::string& data,
                        std::vector<uint8_t>* encrypted_output) {
   crypto::EnsureNSSInit();
@@ -175,8 +175,7 @@ bool NetworkingPrivateCrypto::EncryptByteString(
   return true;
 }
 
-bool NetworkingPrivateCrypto::DecryptByteString(
-    const std::string& private_key_pem,
+bool DecryptByteString(const std::string& private_key_pem,
                        const std::vector<uint8_t>& encrypted_data,
                        std::string* decrypted_output) {
   crypto::EnsureNSSInit();
@@ -211,3 +210,5 @@ bool NetworkingPrivateCrypto::DecryptByteString(
                            output_length);
   return true;
 }
+
+}  // namespace networking_private_crypto

chrome/common/extensions/api/networking_private/networking_private_crypto_openssl.cc

@@ -39,8 +39,9 @@ bool GetDERFromPEM(const std::string& pem_data,
 
 }  // namespace
 
-bool NetworkingPrivateCrypto::VerifyCredentials(
-    const std::string& certificate,
+namespace networking_private_crypto {
+
+bool VerifyCredentials(const std::string& certificate,
                        const std::string& signature,
                        const std::string& data,
                        const std::string& connected_mac) {
@@ -140,8 +141,7 @@ bool NetworkingPrivateCrypto::VerifyCredentials(
   return true;
 }
 
-bool NetworkingPrivateCrypto::EncryptByteString(
-    const std::vector<uint8_t>& pub_key_der,
+bool EncryptByteString(const std::vector<uint8_t>& pub_key_der,
                        const std::string& data,
                        std::vector<uint8_t>* encrypted_output) {
   crypto::EnsureOpenSSLInit();
@@ -171,8 +171,7 @@ bool NetworkingPrivateCrypto::EncryptByteString(
   return true;
 }
 
-bool NetworkingPrivateCrypto::DecryptByteString(
-    const std::string& private_key_pem,
+bool DecryptByteString(const std::string& private_key_pem,
                        const std::vector<uint8_t>& encrypted_data,
                        std::string* decrypted_output) {
   crypto::EnsureOpenSSLInit();
@@ -210,3 +209,5 @@ bool NetworkingPrivateCrypto::DecryptByteString(
                            output_length);
   return true;
 }
+
+}  // namespace networking_private_crypto

chrome/common/extensions/api/networking_private/networking_private_crypto_unittest.cc

@@ -8,7 +8,7 @@
 #include "base/strings/stringprintf.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-// Tests of NetworkingPrivateCrypto support for Networking Private API.
+// Tests of networking_private_crypto support for Networking Private API.
 class NetworkingPrivateCryptoTest : public testing::Test {
  protected:
   // Verify that decryption of |encrypted| data using |private_key_pem| matches
@@ -16,15 +16,15 @@ class NetworkingPrivateCryptoTest : public testing::Test {
   bool VerifyByteString(const std::string& private_key_pem,
                         const std::string& plain,
                         const std::vector<uint8>& encrypted) {
-    NetworkingPrivateCrypto crypto;
     std::string decrypted;
-    if (crypto.DecryptByteString(private_key_pem, encrypted, &decrypted))
+    if (networking_private_crypto::DecryptByteString(
+            private_key_pem, encrypted, &decrypted))
       return decrypted == plain;
     return false;
   }
 };
 
-// Test that NetworkingPrivateCrypto::VerifyCredentials behaves as expected.
+// Test that networking_private_crypto::VerifyCredentials behaves as expected.
 TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) {
   static const char kCertData[] =
       "-----BEGIN CERTIFICATE-----"
@@ -89,34 +89,32 @@ TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) {
   std::string signed_data;
   base::Base64Decode(kSignedData, &signed_data);
 
-  NetworkingPrivateCrypto crypto;
   // Checking basic verification operation.
-  EXPECT_TRUE(crypto.VerifyCredentials(
+  EXPECT_TRUE(networking_private_crypto::VerifyCredentials(
       kCertData, signed_data, unsigned_data, kHotspotBssid));
 
   // Checking that verification fails when the certificate is signed, but
   // subject is malformed.
-  EXPECT_FALSE(crypto.VerifyCredentials(
+  EXPECT_FALSE(networking_private_crypto::VerifyCredentials(
       kBadSubjectCertData, signed_data, unsigned_data, kHotspotBssid));
 
   // Checking that verification fails when certificate has invalid format.
-  EXPECT_FALSE(crypto.VerifyCredentials(
+  EXPECT_FALSE(networking_private_crypto::VerifyCredentials(
       kBadCertData, signed_data, unsigned_data, kHotspotBssid));
 
   // Checking that verification fails when Hotspot Bssid is invalid.
-  EXPECT_FALSE(crypto.VerifyCredentials(
+  EXPECT_FALSE(networking_private_crypto::VerifyCredentials(
       kCertData, signed_data, unsigned_data, kBadHotspotBssid));
 
   // Checking that verification fails when there is bad nonce in unsigned_data.
   unsigned_data = base::StringPrintf(
       "%s,%s,%s,%s,%s", kName, kSsdpUdn, kHotspotBssid, kPublicKey, kBadNonce);
-  EXPECT_FALSE(crypto.VerifyCredentials(
+  EXPECT_FALSE(networking_private_crypto::VerifyCredentials(
       kCertData, signed_data, unsigned_data, kHotspotBssid));
 }
 
-// Test that NetworkingPrivateCrypto::EncryptByteString behaves as expected.
+// Test that networking_private_crypto::EncryptByteString behaves as expected.
 TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) {
-  NetworkingPrivateCrypto crypto;
   static const char kPublicKey[] =
       "MIGJAoGBANTjeoILNkSKHVkd3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aI"
       "XDXVHrjgjcS80bPE0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqH"
@@ -151,18 +149,20 @@ TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) {
 
   // Checking basic encryption operation.
   plain = kTestData;
-  EXPECT_TRUE(crypto.EncryptByteString(public_key, plain, &encrypted_output));
+  EXPECT_TRUE(networking_private_crypto::EncryptByteString(
+      public_key, plain, &encrypted_output));
   EXPECT_TRUE(VerifyByteString(kPrivateKey, plain, encrypted_output));
 
   // Checking that we can encrypt the empty string.
   plain = kEmptyData;
-  EXPECT_TRUE(crypto.EncryptByteString(public_key, plain, &encrypted_output));
+  EXPECT_TRUE(networking_private_crypto::EncryptByteString(
+      public_key, plain, &encrypted_output));
 
   // Checking graceful fail for too much data to encrypt.
-  EXPECT_FALSE(crypto.EncryptByteString(
+  EXPECT_FALSE(networking_private_crypto::EncryptByteString(
       public_key, std::string(500, 'x'), &encrypted_output));
 
   // Checking graceful fail for a bad key format.
-  EXPECT_FALSE(
-      crypto.EncryptByteString(kBadKeyData, kTestData, &encrypted_output));
+  EXPECT_FALSE(networking_private_crypto::EncryptByteString(
+      kBadKeyData, kTestData, &encrypted_output));
 }

chrome/utility/extensions/extensions_handler.cc

@@ -278,8 +278,8 @@ void ExtensionsHandler::OnGetAndEncryptWiFiCredentials(
   std::vector<uint8> ciphertext;
   bool success = error.empty() && !key_data.empty();
   if (success) {
-    NetworkingPrivateCrypto crypto;
-    success = crypto.EncryptByteString(public_key, key_data, &ciphertext);
+    success = networking_private_crypto::EncryptByteString(
+        public_key, key_data, &ciphertext);
   }
 
   Send(new ChromeUtilityHostMsg_GotEncryptedWiFiCredentials(ciphertext,