OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | |
6 #define CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | |
7 #pragma once | |
8 | |
9 #include <string> | |
10 | |
11 #include "base/memory/scoped_ptr.h" | |
12 #include "crypto/symmetric_key.h" | |
13 | |
14 namespace browser_sync { | |
15 | |
16 // A (partial) implementation of Nigori, a protocol to securely store secrets in | |
17 // the cloud. This implementation does not support server authentication or | |
18 // assisted key derivation. | |
19 // | |
20 // To store secrets securely, use the |Permute| method to derive a lookup name | |
21 // for your secret (basically a map key), and |Encrypt| and |Decrypt| to store | |
22 // and retrieve the secret. | |
23 // | |
24 // TODO: Link to doc. | |
25 class Nigori { | |
26 public: | |
27 enum Type { | |
28 Password = 1, | |
29 }; | |
30 | |
31 Nigori(); | |
32 virtual ~Nigori(); | |
33 | |
34 // Initialize the client with the given |hostname|, |username| and |password|. | |
35 bool InitByDerivation(const std::string& hostname, | |
36 const std::string& username, | |
37 const std::string& password); | |
38 | |
39 // Initialize the client by importing the given keys instead of deriving new | |
40 // ones. | |
41 bool InitByImport(const std::string& user_key, | |
42 const std::string& encryption_key, | |
43 const std::string& mac_key); | |
44 | |
45 // Derives a secure lookup name from |type| and |name|. If |hostname|, | |
46 // |username| and |password| are kept constant, a given |type| and |name| pair | |
47 // always yields the same |permuted| value. Note that |permuted| will be | |
48 // Base64 encoded. | |
49 bool Permute(Type type, const std::string& name, std::string* permuted) const; | |
50 | |
51 // Encrypts |value|. Note that on success, |encrypted| will be Base64 | |
52 // encoded. | |
53 bool Encrypt(const std::string& value, std::string* encrypted) const; | |
54 | |
55 // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64 | |
56 // encoded. | |
57 bool Decrypt(const std::string& value, std::string* decrypted) const; | |
58 | |
59 // Exports the raw derived keys. | |
60 bool ExportKeys(std::string* user_key, | |
61 std::string* encryption_key, | |
62 std::string* mac_key) const; | |
63 | |
64 static const char kSaltSalt[]; // The salt used to derive the user salt. | |
65 static const size_t kSaltKeySizeInBits = 128; | |
66 static const size_t kDerivedKeySizeInBits = 128; | |
67 static const size_t kIvSize = 16; | |
68 static const size_t kHashSize = 32; | |
69 | |
70 static const size_t kSaltIterations = 1001; | |
71 static const size_t kUserIterations = 1002; | |
72 static const size_t kEncryptionIterations = 1003; | |
73 static const size_t kSigningIterations = 1004; | |
74 | |
75 private: | |
76 scoped_ptr<crypto::SymmetricKey> user_key_; | |
77 scoped_ptr<crypto::SymmetricKey> encryption_key_; | |
78 scoped_ptr<crypto::SymmetricKey> mac_key_; | |
79 }; | |
80 | |
81 } // namespace browser_sync | |
82 | |
83 #endif // CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | |
OLD | NEW |