OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ | 5 #ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ |
6 #define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ | 6 #define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <stdint.h> | 9 #include <stdint.h> |
10 #include <memory> | 10 #include <memory> |
11 #include <string> | 11 #include <string> |
12 | 12 |
13 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
14 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
15 #include "base/strings/string_piece.h" | 15 #include "base/strings/string_piece.h" |
16 | 16 |
17 namespace gcm { | 17 namespace gcm { |
18 | 18 |
19 // Messages delivered through GCM may be encrypted according to the IETF Web | 19 // Messages delivered through GCM may be encrypted according to the IETF Web |
20 // Push protocol. We support the third draft of ietf-webpush-encryption: | 20 // Push protocol. We support two versions of ietf-webpush-encryption. The user |
| 21 // of this class must pass in the version to use when constructing an instance. |
21 // | 22 // |
22 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03 | 23 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03 |
| 24 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-08 (WGLC) |
23 // | 25 // |
24 // This class implements the ability to encrypt or decrypt such messages using | 26 // This class implements the ability to encrypt or decrypt such messages using |
25 // AEAD_AES_128_GCM with a 16-octet authentication tag. The encrypted payload | 27 // AEAD_AES_128_GCM with a 16-octet authentication tag. The encrypted payload |
26 // will be stored in a single record. | 28 // will be stored in a single record. |
27 // | 29 // |
28 // Note that while this class is not responsible for creating or storing the | 30 // Note that while this class is not responsible for creating or storing the |
29 // actual keys, it uses a key derivation function for the actual message | 31 // actual keys, it uses a key derivation function for the actual message |
30 // encryption/decryption, thus allowing for the safe re-use of keys in multiple | 32 // encryption/decryption, thus allowing for the safe re-use of keys in multiple |
31 // messages provided that a cryptographically-strong random salt is used. | 33 // messages provided that a cryptographically-strong random salt is used. |
32 class GCMMessageCryptographer { | 34 class GCMMessageCryptographer { |
33 public: | 35 public: |
| 36 // Size, in bytes, of the authentication tag included in the messages. |
| 37 static const size_t kAuthenticationTagBytes; |
| 38 |
34 // Salt size, in bytes, that will be used together with the key to create a | 39 // Salt size, in bytes, that will be used together with the key to create a |
35 // unique content encryption key for a given message. | 40 // unique content encryption key for a given message. |
36 static const size_t kSaltSize; | 41 static const size_t kSaltSize; |
37 | 42 |
38 // Version of the encryption scheme desired by the consumer. | 43 // Version of the encryption scheme desired by the consumer. |
39 enum class Version { | 44 enum class Version { |
40 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03 | 45 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03 |
41 DRAFT_03 | 46 DRAFT_03, |
42 | 47 |
43 // TODO(peter): Add support for ietf-webpush-encryption-08. | 48 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-08 (WGLC) |
| 49 DRAFT_08 |
44 }; | 50 }; |
45 | 51 |
46 // Interface that different versions of the encryption scheme must implement. | 52 // Interface that different versions of the encryption scheme must implement. |
47 class EncryptionScheme { | 53 class EncryptionScheme { |
48 public: | 54 public: |
49 virtual ~EncryptionScheme() {} | 55 virtual ~EncryptionScheme() {} |
50 | 56 |
51 // Type of encoding to produce in GenerateInfoForContentEncoding(). | 57 // Type of encoding to produce in GenerateInfoForContentEncoding(). |
52 enum class EncodingType { CONTENT_ENCRYPTION_KEY, NONCE }; | 58 enum class EncodingType { CONTENT_ENCRYPTION_KEY, NONCE }; |
53 | 59 |
54 // Derives the pseudo random key (PRK) to use for deriving the content | 60 // Derives the pseudo random key (PRK) to use for deriving the content |
55 // encryption key and the nonce. | 61 // encryption key and the nonce. |
56 virtual std::string DerivePseudoRandomKey( | 62 virtual std::string DerivePseudoRandomKey( |
| 63 const base::StringPiece& recipient_public_key, |
| 64 const base::StringPiece& sender_public_key, |
57 const base::StringPiece& ecdh_shared_secret, | 65 const base::StringPiece& ecdh_shared_secret, |
58 const base::StringPiece& auth_secret) = 0; | 66 const base::StringPiece& auth_secret) = 0; |
59 | 67 |
60 // Generates the info string used for generating the content encryption key | 68 // Generates the info string used for generating the content encryption key |
61 // and the nonce used for the cryptographic transformation. | 69 // and the nonce used for the cryptographic transformation. |
62 virtual std::string GenerateInfoForContentEncoding( | 70 virtual std::string GenerateInfoForContentEncoding( |
63 EncodingType type, | 71 EncodingType type, |
64 const base::StringPiece& recipient_public_key, | 72 const base::StringPiece& recipient_public_key, |
65 const base::StringPiece& sender_public_key) = 0; | 73 const base::StringPiece& sender_public_key) = 0; |
66 | 74 |
67 // Creates an encryption record to contain the given |plaintext|. | 75 // Creates an encryption record to contain the given |plaintext|. |
68 virtual std::string CreateRecord(const base::StringPiece& plaintext) = 0; | 76 virtual std::string CreateRecord(const base::StringPiece& plaintext) = 0; |
69 | 77 |
| 78 // Validates that the |ciphertext_size| is valid following the scheme. |
| 79 virtual bool ValidateCiphertextSize(size_t ciphertext_size, |
| 80 size_t record_size) = 0; |
| 81 |
70 // Verifies that the padding included in |record| is valid and removes it | 82 // Verifies that the padding included in |record| is valid and removes it |
71 // from the StringPiece. Returns whether the padding was valid. | 83 // from the StringPiece. Returns whether the padding was valid. |
72 virtual bool ValidateAndRemovePadding(base::StringPiece& record) = 0; | 84 virtual bool ValidateAndRemovePadding(base::StringPiece& record) = 0; |
73 }; | 85 }; |
74 | 86 |
75 // Creates a new cryptographer for |version| of the encryption scheme. | 87 // Creates a new cryptographer for |version| of the encryption scheme. |
76 explicit GCMMessageCryptographer(Version version); | 88 explicit GCMMessageCryptographer(Version version); |
77 ~GCMMessageCryptographer(); | 89 ~GCMMessageCryptographer(); |
78 | 90 |
79 // Encrypts the |plaintext| in accordance with the Web Push Encryption scheme | 91 // Encrypts the |plaintext| in accordance with the Web Push Encryption scheme |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
116 const base::StringPiece& auth_secret, | 128 const base::StringPiece& auth_secret, |
117 const base::StringPiece& salt, | 129 const base::StringPiece& salt, |
118 const base::StringPiece& ciphertext, | 130 const base::StringPiece& ciphertext, |
119 size_t record_size, | 131 size_t record_size, |
120 std::string* plaintext) const WARN_UNUSED_RESULT; | 132 std::string* plaintext) const WARN_UNUSED_RESULT; |
121 | 133 |
122 private: | 134 private: |
123 FRIEND_TEST_ALL_PREFIXES(GCMMessageCryptographerTest, AuthSecretAffectsPRK); | 135 FRIEND_TEST_ALL_PREFIXES(GCMMessageCryptographerTest, AuthSecretAffectsPRK); |
124 FRIEND_TEST_ALL_PREFIXES(GCMMessageCryptographerTest, InvalidRecordPadding); | 136 FRIEND_TEST_ALL_PREFIXES(GCMMessageCryptographerTest, InvalidRecordPadding); |
125 | 137 |
126 // Size, in bytes, of the authentication tag included in the messages. | |
127 static const size_t kAuthenticationTagBytes; | |
128 | |
129 enum class Direction { ENCRYPT, DECRYPT }; | 138 enum class Direction { ENCRYPT, DECRYPT }; |
130 | 139 |
131 // Derives the content encryption key from |ecdh_shared_secret| and |salt|. | 140 // Derives the content encryption key from |ecdh_shared_secret| and |salt|. |
132 std::string DeriveContentEncryptionKey( | 141 std::string DeriveContentEncryptionKey( |
133 const base::StringPiece& recipient_public_key, | 142 const base::StringPiece& recipient_public_key, |
134 const base::StringPiece& sender_public_key, | 143 const base::StringPiece& sender_public_key, |
135 const base::StringPiece& ecdh_shared_secret, | 144 const base::StringPiece& ecdh_shared_secret, |
136 const base::StringPiece& salt) const; | 145 const base::StringPiece& salt) const; |
137 | 146 |
138 // Derives the nonce from |ecdh_shared_secret| and |salt|. | 147 // Derives the nonce from |ecdh_shared_secret| and |salt|. |
(...skipping 10 matching lines...) Expand all Loading... |
149 std::string* output) const; | 158 std::string* output) const; |
150 | 159 |
151 // Implementation of the encryption scheme. Set in the constructor depending | 160 // Implementation of the encryption scheme. Set in the constructor depending |
152 // on the version requested by the consumer. | 161 // on the version requested by the consumer. |
153 std::unique_ptr<EncryptionScheme> encryption_scheme_; | 162 std::unique_ptr<EncryptionScheme> encryption_scheme_; |
154 }; | 163 }; |
155 | 164 |
156 } // namespace gcm | 165 } // namespace gcm |
157 | 166 |
158 #endif // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ | 167 #endif // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ |
OLD | NEW |