components/proximity_auth/cryptauth/secure_message_delegate.h - Issue 1060483002: Add SecureMessage definitions to CryptAuth.

Side by Side Diff: components/proximity_auth/cryptauth/secure_message_delegate.h

Issue 1060483002: Add SecureMessage definitions to CryptAuth. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« components/proximity_auth/cryptauth/proto/securemessage.proto ('K') | « components/proximity_auth/cryptauth/proto/securemessage.proto ('k') | components/proximity_auth/cryptauth/secure_message_delegate.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H

	6 #define COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H

	7

	8 #include <string>

	9

	10 #include "base/callback_forward.h"

	11 #include "components/proximity_auth/cryptauth/proto/securemessage.pb.h"

	12

	13 namespace proximity_auth {

	14

	15 // Interface of delegate responsible for cryptographic operations based on the

	16 // secure message library. This interface is asynchronous as the current

	17 // implementation on ChromeOS communicates with a daemon process over IPC.

	18 class SecureMessageDelegate {

	19 public:

	20 // Fields specifying how to create a SecureMessage.

	21 struct CreateOptions final {
	Ilya Sherman 2015/04/03 02:13:05 nit: What's up with the use of final? I haven't s nit: What's up with the use of final? I haven't seen it used before -- i.e. it doesn't seem to be a common Chromium style. Tim Song 2015/04/03 02:46:34 I didn't want implementations to subclass these st Show quoted text On 2015/04/03 02:13:05, Ilya Sherman wrote: > nit: What's up with the use of final? I haven't seen it used before -- i.e. it > doesn't seem to be a common Chromium style. I didn't want implementations to subclass these structs themselves. I'll remove the final if it's not commonly used.
	22 CreateOptions();

	23 ~CreateOptions();

	24

	25 // The scheme used to encrypt the message.

	26 securemessage::EncScheme encryption_scheme;

	27 // The scheme used to sign the message.

	28 securemessage::SigScheme signature_scheme;

	29 // Additional data that is used as part of the signature computation but not

	30 // included in the message contents.

	31 std::string associated_data;

	32 // Plain-text data included in the message header.

	33 std::string public_metadata;

	34 // Key to use for verifying the message signature.

	35 std::string verification_key_id;
	Ilya Sherman 2015/04/03 02:13:05 nit: What does the "id" part of this name refer to nit: What does the "id" part of this name refer to? Tim Song 2015/04/03 02:46:34 It identifies the key you should use to verify the Show quoted text On 2015/04/03 02:13:05, Ilya Sherman wrote: > nit: What does the "id" part of this name refer to? It identifies the key you should use to verify the signature, and is not the actual key. In our system, the \|verification_key_id\| is the public key of the remote device, which identifies to the remote device that it should use it's corresponding private key. Ilya Sherman 2015/04/03 22:43:41 Please update the comment to clarify, then, that t Show quoted text On 2015/04/03 02:46:34, Tim Song wrote: > On 2015/04/03 02:13:05, Ilya Sherman wrote: > > nit: What does the "id" part of this name refer to? > > It identifies the key you should use to verify the signature, and is not the > actual key. > > In our system, the \|verification_key_id\| is the public key of the remote device, > which identifies to the remote device that it should use it's corresponding > private key. Please update the comment to clarify, then, that this not a key (or at least, not the verification key), but is rather an identifier for a key. Same below. Tim Song 2015/04/04 05:06:14 Done. Show quoted text On 2015/04/03 22:43:41, Ilya Sherman wrote: > On 2015/04/03 02:46:34, Tim Song wrote: > > On 2015/04/03 02:13:05, Ilya Sherman wrote: > > > nit: What does the "id" part of this name refer to? > > > > It identifies the key you should use to verify the signature, and is not the > > actual key. > > > > In our system, the \|verification_key_id\| is the public key of the remote > device, > > which identifies to the remote device that it should use it's corresponding > > private key. > > Please update the comment to clarify, then, that this not a key (or at least, > not the verification key), but is rather an identifier for a key. Same below. Done.
	36 // Key to use for decrypting the message.

	37 std::string decryption_key_id;

	38 };

	39

	40 // Fields specifying how to unwrap a SecureMessage.

	41 struct UnwrapOptions final {

	42 UnwrapOptions();

	43 ~UnwrapOptions();

	44

	45 // The scheme used to decrypt the message.

	46 securemessage::EncScheme encryption_scheme;

	47 // The scheme used to verify the message signature.

	48 securemessage::SigScheme signature_scheme;

	49 // Additional data that is used as part of the signature computation but not

	50 // included in the message contents.

	51 std::string associated_data;

	52 };

	53

	54 SecureMessageDelegate();

	55 virtual ~SecureMessageDelegate();

	56

	57 // Generates a new asymmetric key pair.

	58 typedef base::Callback<void(const std::string& public_key,

	59 const std::string& private_key)>

	60 GenerateKeyPairCallback;

	61 virtual void GenerateKeyPair(const GenerateKeyPairCallback& callback) = 0;

	62

	63 // Derives a symmetric key from our private key and the remote device's

	64 // public key.

	65 typedef base::Callback<void(const std::string& derived_key)>

	66 DeriveKeyCallback;

	67 virtual void DeriveKey(const std::string& private_key,

	68 const std::string& public_key,

	69 const DeriveKeyCallback& callback) = 0;

	70

	71 // Creates a new secure message with a \|payload\| given the \|key\| and

	72 // \|create_options\| specifying the cryptographic details.

	73 // \|callback\| will be invoked with the serialized SecureMessage upon success

	74 // or the empty string upon failure.

	75 typedef base::Callback<void(const std::string& secure_message)>

	76 CreateSecureMessageCallback;

	77 virtual void CreateSecureMessage(

	78 const std::string& payload,

	79 const std::string& key,

	80 const CreateOptions& create_options,

	81 const CreateSecureMessageCallback& callback) = 0;

	82

	83 // Unwraps \|secure_message\| given the \|key\| and \|unwrap_options\| specifying

	84 // the cryptographic details.

	85 // \|callback\| will be invoked with true for the \|verified\| argument if the

	86 // message was verified and decrypted successfully. The \|payload\| and

	87 // \|header\| fields will be non-emptyif the message was verified successfully.
	Ilya Sherman 2015/04/03 02:13:05 nit: "emptyif" -> "empty if" nit: "emptyif" -> "empty if" Tim Song 2015/04/03 02:46:34 Done. Show quoted text On 2015/04/03 02:13:05, Ilya Sherman wrote: > nit: "emptyif" -> "empty if" Done.
	88 typedef base::Callback<void(bool verified,

	89 const std::string& payload,

	90 const securemessage::Header& header)>

	91 UnwrapSecureMessageCallback;

	92 virtual void UnwrapSecureMessage(

	93 const std::string& serialized_message,

	94 const std::string& key,

	95 const UnwrapOptions& unwrap_options,

	96 const UnwrapSecureMessageCallback& callback) = 0;

	97 };

	98

	99 } // namespace proximity_auth

	100

	101 #endif // COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H

OLD	NEW