| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef SYNC_UTIL_NIGORI_H_ | |
| 6 #define SYNC_UTIL_NIGORI_H_ | |
| 7 | |
| 8 #include <stddef.h> | |
| 9 | |
| 10 #include <memory> | |
| 11 #include <string> | |
| 12 | |
| 13 #include "sync/base/sync_export.h" | |
| 14 | |
| 15 namespace crypto { | |
| 16 class SymmetricKey; | |
| 17 } // namespace crypto | |
| 18 | |
| 19 namespace syncer { | |
| 20 | |
| 21 // A (partial) implementation of Nigori, a protocol to securely store secrets in | |
| 22 // the cloud. This implementation does not support server authentication or | |
| 23 // assisted key derivation. | |
| 24 // | |
| 25 // To store secrets securely, use the |Permute| method to derive a lookup name | |
| 26 // for your secret (basically a map key), and |Encrypt| and |Decrypt| to store | |
| 27 // and retrieve the secret. | |
| 28 // | |
| 29 // https://www.cl.cam.ac.uk/~drt24/nigori/nigori-overview.pdf | |
| 30 class SYNC_EXPORT Nigori { | |
| 31 public: | |
| 32 enum Type { | |
| 33 Password = 1, | |
| 34 }; | |
| 35 | |
| 36 Nigori(); | |
| 37 virtual ~Nigori(); | |
| 38 | |
| 39 // Initialize the client with the given |hostname|, |username| and |password|. | |
| 40 bool InitByDerivation(const std::string& hostname, | |
| 41 const std::string& username, | |
| 42 const std::string& password); | |
| 43 | |
| 44 // Initialize the client by importing the given keys instead of deriving new | |
| 45 // ones. | |
| 46 bool InitByImport(const std::string& user_key, | |
| 47 const std::string& encryption_key, | |
| 48 const std::string& mac_key); | |
| 49 | |
| 50 // Derives a secure lookup name from |type| and |name|. If |hostname|, | |
| 51 // |username| and |password| are kept constant, a given |type| and |name| pair | |
| 52 // always yields the same |permuted| value. Note that |permuted| will be | |
| 53 // Base64 encoded. | |
| 54 bool Permute(Type type, const std::string& name, std::string* permuted) const; | |
| 55 | |
| 56 // Encrypts |value|. Note that on success, |encrypted| will be Base64 | |
| 57 // encoded. | |
| 58 bool Encrypt(const std::string& value, std::string* encrypted) const; | |
| 59 | |
| 60 // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64 | |
| 61 // encoded. | |
| 62 bool Decrypt(const std::string& value, std::string* decrypted) const; | |
| 63 | |
| 64 // Exports the raw derived keys. | |
| 65 bool ExportKeys(std::string* user_key, | |
| 66 std::string* encryption_key, | |
| 67 std::string* mac_key) const; | |
| 68 | |
| 69 static const char kSaltSalt[]; // The salt used to derive the user salt. | |
| 70 static const size_t kSaltKeySizeInBits = 128; | |
| 71 static const size_t kDerivedKeySizeInBits = 128; | |
| 72 static const size_t kIvSize = 16; | |
| 73 static const size_t kHashSize = 32; | |
| 74 | |
| 75 static const size_t kSaltIterations = 1001; | |
| 76 static const size_t kUserIterations = 1002; | |
| 77 static const size_t kEncryptionIterations = 1003; | |
| 78 static const size_t kSigningIterations = 1004; | |
| 79 | |
| 80 private: | |
| 81 std::unique_ptr<crypto::SymmetricKey> user_key_; | |
| 82 std::unique_ptr<crypto::SymmetricKey> encryption_key_; | |
| 83 std::unique_ptr<crypto::SymmetricKey> mac_key_; | |
| 84 }; | |
| 85 | |
| 86 } // namespace syncer | |
| 87 | |
| 88 #endif // SYNC_UTIL_NIGORI_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2130453004:
[Sync] Move //sync to //components/sync. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master