| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | |
| 6 #define CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | |
| 7 #pragma once | |
| 8 | |
| 9 #include <string> | |
| 10 | |
| 11 #include "base/memory/scoped_ptr.h" | |
| 12 #include "crypto/symmetric_key.h" | |
| 13 | |
| 14 namespace browser_sync { | |
| 15 | |
| 16 // A (partial) implementation of Nigori, a protocol to securely store secrets in | |
| 17 // the cloud. This implementation does not support server authentication or | |
| 18 // assisted key derivation. | |
| 19 // | |
| 20 // To store secrets securely, use the |Permute| method to derive a lookup name | |
| 21 // for your secret (basically a map key), and |Encrypt| and |Decrypt| to store | |
| 22 // and retrieve the secret. | |
| 23 // | |
| 24 // TODO: Link to doc. | |
| 25 class Nigori { | |
| 26 public: | |
| 27 enum Type { | |
| 28 Password = 1, | |
| 29 }; | |
| 30 | |
| 31 Nigori(); | |
| 32 virtual ~Nigori(); | |
| 33 | |
| 34 // Initialize the client with the given |hostname|, |username| and |password|. | |
| 35 bool InitByDerivation(const std::string& hostname, | |
| 36 const std::string& username, | |
| 37 const std::string& password); | |
| 38 | |
| 39 // Initialize the client by importing the given keys instead of deriving new | |
| 40 // ones. | |
| 41 bool InitByImport(const std::string& user_key, | |
| 42 const std::string& encryption_key, | |
| 43 const std::string& mac_key); | |
| 44 | |
| 45 // Derives a secure lookup name from |type| and |name|. If |hostname|, | |
| 46 // |username| and |password| are kept constant, a given |type| and |name| pair | |
| 47 // always yields the same |permuted| value. Note that |permuted| will be | |
| 48 // Base64 encoded. | |
| 49 bool Permute(Type type, const std::string& name, std::string* permuted) const; | |
| 50 | |
| 51 // Encrypts |value|. Note that on success, |encrypted| will be Base64 | |
| 52 // encoded. | |
| 53 bool Encrypt(const std::string& value, std::string* encrypted) const; | |
| 54 | |
| 55 // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64 | |
| 56 // encoded. | |
| 57 bool Decrypt(const std::string& value, std::string* decrypted) const; | |
| 58 | |
| 59 // Exports the raw derived keys. | |
| 60 bool ExportKeys(std::string* user_key, | |
| 61 std::string* encryption_key, | |
| 62 std::string* mac_key) const; | |
| 63 | |
| 64 static const char kSaltSalt[]; // The salt used to derive the user salt. | |
| 65 static const size_t kSaltKeySizeInBits = 128; | |
| 66 static const size_t kDerivedKeySizeInBits = 128; | |
| 67 static const size_t kIvSize = 16; | |
| 68 static const size_t kHashSize = 32; | |
| 69 | |
| 70 static const size_t kSaltIterations = 1001; | |
| 71 static const size_t kUserIterations = 1002; | |
| 72 static const size_t kEncryptionIterations = 1003; | |
| 73 static const size_t kSigningIterations = 1004; | |
| 74 | |
| 75 private: | |
| 76 scoped_ptr<crypto::SymmetricKey> user_key_; | |
| 77 scoped_ptr<crypto::SymmetricKey> encryption_key_; | |
| 78 scoped_ptr<crypto::SymmetricKey> mac_key_; | |
| 79 }; | |
| 80 | |
| 81 } // namespace browser_sync | |
| 82 | |
| 83 #endif // CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8468023:
Move encryption related files from util folder to encryption folder. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src