Add SecureMessage definitions to CryptAuth.

components/proximity_auth/cryptauth/secure_message_delegate.h

Index: components/proximity_auth/cryptauth/secure_message_delegate.h
diff --git a/components/proximity_auth/cryptauth/secure_message_delegate.h b/components/proximity_auth/cryptauth/secure_message_delegate.h
new file mode 100644
index 0000000000000000000000000000000000000000..7e87bf7439f6342348d4e546d0f9de84682fcacc
--- /dev/null
+++ b/components/proximity_auth/cryptauth/secure_message_delegate.h
@@ -0,0 +1,101 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H
+#define COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H
+
+#include <string>
+
+#include "base/callback_forward.h"
+#include "components/proximity_auth/cryptauth/proto/securemessage.pb.h"
+
+namespace proximity_auth {
+
+// Interface of delegate responsible for cryptographic operations based on the
+// secure message library. This interface is asynchronous as the current
+// implementation on ChromeOS communicates with a daemon process over IPC.
+class SecureMessageDelegate {
+ public:
+  // Fields specifying how to create a SecureMessage.
+  struct CreateOptions final {

[Ilya Sherman, 2015/04/03 02:13:05]

nit: What's up with the use of final?  I haven't seen it used before -- i.e. it
doesn't seem to be a common Chromium style.

[Tim Song, 2015/04/03 02:46:34]

I didn't want implementations to subclass these structs themselves. I'll remove
the final if it's not commonly used.

+    CreateOptions();
+    ~CreateOptions();
+
+    // The scheme used to encrypt the message.
+    securemessage::EncScheme encryption_scheme;
+    // The scheme used to sign the message.
+    securemessage::SigScheme signature_scheme;
+    // Additional data that is used as part of the signature computation but not
+    // included in the message contents.
+    std::string associated_data;
+    // Plain-text data included in the message header.
+    std::string public_metadata;
+    // Key to use for verifying the message signature.
+    std::string verification_key_id;

[Ilya Sherman, 2015/04/03 02:13:05]

nit: What does the "id" part of this name refer to?

[Tim Song, 2015/04/03 02:46:34]

It identifies the key you should use to verify the signature, and is not the
actual key.

In our system, the |verification_key_id| is the public key of the remote device,
which identifies to the remote device that it should use it's corresponding
private key.

[Ilya Sherman, 2015/04/03 22:43:41]

Please update the comment to clarify, then, that this not a key (or at least,
not the verification key), but is rather an identifier for a key.  Same below.

[Tim Song, 2015/04/04 05:06:14]

Done.

+    // Key to use for decrypting the message.
+    std::string decryption_key_id;
+  };
+
+  // Fields specifying how to unwrap a SecureMessage.
+  struct UnwrapOptions final {
+    UnwrapOptions();
+    ~UnwrapOptions();
+
+    // The scheme used to decrypt the message.
+    securemessage::EncScheme encryption_scheme;
+    // The scheme used to verify the message signature.
+    securemessage::SigScheme signature_scheme;
+    // Additional data that is used as part of the signature computation but not
+    // included in the message contents.
+    std::string associated_data;
+  };
+
+  SecureMessageDelegate();
+  virtual ~SecureMessageDelegate();
+
+  // Generates a new asymmetric key pair.
+  typedef base::Callback<void(const std::string& public_key,
+                              const std::string& private_key)>
+      GenerateKeyPairCallback;
+  virtual void GenerateKeyPair(const GenerateKeyPairCallback& callback) = 0;
+
+  // Derives a symmetric key from our private key and the remote device's
+  // public key.
+  typedef base::Callback<void(const std::string& derived_key)>
+      DeriveKeyCallback;
+  virtual void DeriveKey(const std::string& private_key,
+                         const std::string& public_key,
+                         const DeriveKeyCallback& callback) = 0;
+
+  // Creates a new secure message with a |payload| given the |key| and
+  // |create_options| specifying the cryptographic details.
+  // |callback| will be invoked with the serialized SecureMessage upon success
+  // or the empty string upon failure.
+  typedef base::Callback<void(const std::string& secure_message)>
+      CreateSecureMessageCallback;
+  virtual void CreateSecureMessage(
+      const std::string& payload,
+      const std::string& key,
+      const CreateOptions& create_options,
+      const CreateSecureMessageCallback& callback) = 0;
+
+  // Unwraps |secure_message| given the |key| and |unwrap_options| specifying
+  // the cryptographic details.
+  // |callback| will be invoked with true for the |verified| argument if the
+  // message was verified and decrypted successfully. The |payload| and
+  // |header| fields will be non-emptyif the message was verified successfully.

[Ilya Sherman, 2015/04/03 02:13:05]

nit: "emptyif" -> "empty if"

[Tim Song, 2015/04/03 02:46:34]

Done.

+  typedef base::Callback<void(bool verified,
+                              const std::string& payload,
+                              const securemessage::Header& header)>
+      UnwrapSecureMessageCallback;
+  virtual void UnwrapSecureMessage(
+      const std::string& serialized_message,
+      const std::string& key,
+      const UnwrapOptions& unwrap_options,
+      const UnwrapSecureMessageCallback& callback) = 0;
+};
+
+}  // namespace proximity_auth
+
+#endif  // COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H