| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | 5 #ifndef CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ |
| 6 #define CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | 6 #define CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 // for your secret (basically a map key), and |Encrypt| and |Decrypt| to store | 21 // for your secret (basically a map key), and |Encrypt| and |Decrypt| to store |
| 22 // and retrieve the secret. | 22 // and retrieve the secret. |
| 23 // | 23 // |
| 24 // TODO: Link to doc. | 24 // TODO: Link to doc. |
| 25 class Nigori { | 25 class Nigori { |
| 26 public: | 26 public: |
| 27 enum Type { | 27 enum Type { |
| 28 Password = 1, | 28 Password = 1, |
| 29 }; | 29 }; |
| 30 | 30 |
| 31 // Creates a Nigori client for communicating with |hostname|. Note that | 31 Nigori(); |
| 32 // |hostname| is used to derive the keys used to encrypt and decrypt data. | |
| 33 explicit Nigori(const std::string& hostname); | |
| 34 virtual ~Nigori(); | 32 virtual ~Nigori(); |
| 35 | 33 |
| 36 // Initialize the client with the supplied |username| and |password|. | 34 // Initialize the client with the given |hostname|, |username| and |password|. |
| 37 bool Init(const std::string& username, const std::string& password); | 35 bool InitByDerivation(const std::string& hostname, |
| 36 const std::string& username, |
| 37 const std::string& password); |
| 38 |
| 39 // Initialize the client by importing the given keys instead of deriving new |
| 40 // ones. |
| 41 bool InitByImport(const std::string& user_key, |
| 42 const std::string& encryption_key, |
| 43 const std::string& mac_key); |
| 38 | 44 |
| 39 // Derives a secure lookup name from |type| and |name|. If |hostname|, | 45 // Derives a secure lookup name from |type| and |name|. If |hostname|, |
| 40 // |username| and |password| are kept constant, a given |type| and |name| pair | 46 // |username| and |password| are kept constant, a given |type| and |name| pair |
| 41 // always yields the same |permuted| value. Note that |permuted| will be | 47 // always yields the same |permuted| value. Note that |permuted| will be |
| 42 // Base64 encoded. | 48 // Base64 encoded. |
| 43 bool Permute(Type type, const std::string& name, std::string* permuted) const; | 49 bool Permute(Type type, const std::string& name, std::string* permuted) const; |
| 44 | 50 |
| 45 // Encrypts |value|. Note that on success, |encrypted| will be Base64 | 51 // Encrypts |value|. Note that on success, |encrypted| will be Base64 |
| 46 // encoded. | 52 // encoded. |
| 47 bool Encrypt(const std::string& value, std::string* encrypted) const; | 53 bool Encrypt(const std::string& value, std::string* encrypted) const; |
| 48 | 54 |
| 49 // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64 | 55 // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64 |
| 50 // encoded. | 56 // encoded. |
| 51 bool Decrypt(const std::string& value, std::string* decrypted) const; | 57 bool Decrypt(const std::string& value, std::string* decrypted) const; |
| 52 | 58 |
| 59 // Exports the raw derived keys. |
| 60 bool ExportKeys(std::string* user_key, |
| 61 std::string* encryption_key, |
| 62 std::string* mac_key) const; |
| 63 |
| 53 // The next three getters return the parameters used to initialize the keys. | 64 // The next three getters return the parameters used to initialize the keys. |
| 54 // Given the hostname, username and password, another Nigori object capable of | 65 // Given the hostname, username and password, another Nigori object capable of |
| 55 // encrypting and decrypting the same data as this one could be initialized. | 66 // encrypting and decrypting the same data as this one could be initialized. |
| 56 const std::string& hostname() const { return hostname_; } | 67 const std::string& hostname() const { return hostname_; } |
| 57 const std::string& username() const { return username_; } | 68 const std::string& username() const { return username_; } |
| 58 const std::string& password() const { return password_; } | 69 const std::string& password() const { return password_; } |
| 59 | 70 |
| 60 static const char kSaltSalt[]; // The salt used to derive the user salt. | 71 static const char kSaltSalt[]; // The salt used to derive the user salt. |
| 61 static const size_t kSaltKeySizeInBits = 128; | 72 static const size_t kSaltKeySizeInBits = 128; |
| 62 static const size_t kDerivedKeySizeInBits = 128; | 73 static const size_t kDerivedKeySizeInBits = 128; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 74 std::string password_; | 85 std::string password_; |
| 75 | 86 |
| 76 scoped_ptr<base::SymmetricKey> user_key_; | 87 scoped_ptr<base::SymmetricKey> user_key_; |
| 77 scoped_ptr<base::SymmetricKey> encryption_key_; | 88 scoped_ptr<base::SymmetricKey> encryption_key_; |
| 78 scoped_ptr<base::SymmetricKey> mac_key_; | 89 scoped_ptr<base::SymmetricKey> mac_key_; |
| 79 }; | 90 }; |
| 80 | 91 |
| 81 } // namespace browser_sync | 92 } // namespace browser_sync |
| 82 | 93 |
| 83 #endif // CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | 94 #endif // CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3013047:
Let the Nigori client import and export raw encryption keys. (Closed)
