OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ | 5 #ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ |
6 #define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ | 6 #define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <stdint.h> | 9 #include <stdint.h> |
10 #include <memory> | 10 #include <memory> |
11 #include <string> | 11 #include <string> |
12 | 12 |
13 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
14 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
15 #include "base/strings/string_piece.h" | 15 #include "base/strings/string_piece.h" |
16 | 16 |
17 namespace gcm { | 17 namespace gcm { |
18 | 18 |
19 // Messages delivered through GCM may be encrypted according to the IETF Web | 19 // Messages delivered through GCM may be encrypted according to the IETF Web |
20 // Push protocol. We support the third draft of ietf-webpush-encryption: | 20 // Push protocol. We support two versions of ietf-webpush-encryption. The user |
| 21 // of this class must pass in the version to use when constructing an instance. |
21 // | 22 // |
22 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03 | 23 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03 |
| 24 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-08 (WGLC) |
23 // | 25 // |
24 // This class implements the ability to encrypt or decrypt such messages using | 26 // This class implements the ability to encrypt or decrypt such messages using |
25 // AEAD_AES_128_GCM with a 16-octet authentication tag. The encrypted payload | 27 // AEAD_AES_128_GCM with a 16-octet authentication tag. The encrypted payload |
26 // will be stored in a single record. | 28 // will be stored in a single record. |
27 // | 29 // |
28 // Note that while this class is not responsible for creating or storing the | 30 // Note that while this class is not responsible for creating or storing the |
29 // actual keys, it uses a key derivation function for the actual message | 31 // actual keys, it uses a key derivation function for the actual message |
30 // encryption/decryption, thus allowing for the safe re-use of keys in multiple | 32 // encryption/decryption, thus allowing for the safe re-use of keys in multiple |
31 // messages provided that a cryptographically-strong random salt is used. | 33 // messages provided that a cryptographically-strong random salt is used. |
32 class GCMMessageCryptographer { | 34 class GCMMessageCryptographer { |
33 public: | 35 public: |
34 // Salt size, in bytes, that will be used together with the key to create a | 36 // Salt size, in bytes, that will be used together with the key to create a |
35 // unique content encryption key for a given message. | 37 // unique content encryption key for a given message. |
36 static const size_t kSaltSize; | 38 static const size_t kSaltSize; |
37 | 39 |
38 // Version of the encryption scheme desired by the consumer. | 40 // Version of the encryption scheme desired by the consumer. |
39 enum class Version { | 41 enum class Version { |
40 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03 | 42 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03 |
41 DRAFT_03 | 43 DRAFT_03, |
42 | 44 |
43 // TODO(peter): Add support for ietf-webpush-encryption-08. | 45 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-08 (WGLC) |
| 46 DRAFT_08 |
44 }; | 47 }; |
45 | 48 |
46 // Interface that different versions of the encryption scheme must implement. | 49 // Interface that different versions of the encryption scheme must implement. |
47 class EncryptionScheme { | 50 class EncryptionScheme { |
48 public: | 51 public: |
49 virtual ~EncryptionScheme() {} | 52 virtual ~EncryptionScheme() {} |
50 | 53 |
51 // Type of encoding to produce in GenerateInfoForContentEncoding(). | 54 // Type of encoding to produce in GenerateInfoForContentEncoding(). |
52 enum class EncodingType { CONTENT_ENCRYPTION_KEY, NONCE }; | 55 enum class EncodingType { CONTENT_ENCRYPTION_KEY, NONCE }; |
53 | 56 |
54 // Derives the pseuro random key (PRK) to use for deriving the content | 57 // Derives the pseuro random key (PRK) to use for deriving the content |
55 // encryption key and the nonce. | 58 // encryption key and the nonce. |
56 virtual std::string DerivePseudoRandomKey( | 59 virtual std::string DerivePseudoRandomKey( |
| 60 const base::StringPiece& recipient_public_key, |
| 61 const base::StringPiece& sender_public_key, |
57 const base::StringPiece& ecdh_shared_secret, | 62 const base::StringPiece& ecdh_shared_secret, |
58 const base::StringPiece& auth_secret) = 0; | 63 const base::StringPiece& auth_secret) = 0; |
59 | 64 |
60 // Generates the info string used for generating the content encryption key | 65 // Generates the info string used for generating the content encryption key |
61 // and the nonce used for the cryptographic transformation. | 66 // and the nonce used for the cryptographic transformation. |
62 virtual std::string GenerateInfoForContentEncoding( | 67 virtual std::string GenerateInfoForContentEncoding( |
63 EncodingType type, | 68 EncodingType type, |
64 const base::StringPiece& recipient_public_key, | 69 const base::StringPiece& recipient_public_key, |
65 const base::StringPiece& sender_public_key) = 0; | 70 const base::StringPiece& sender_public_key) = 0; |
66 | 71 |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
149 std::string* output) const; | 154 std::string* output) const; |
150 | 155 |
151 // Implementation of the encryption scheme. Set in the constructor depending | 156 // Implementation of the encryption scheme. Set in the constructor depending |
152 // on the version requested by the consumer. | 157 // on the version requested by the consumer. |
153 std::unique_ptr<EncryptionScheme> encryption_scheme_; | 158 std::unique_ptr<EncryptionScheme> encryption_scheme_; |
154 }; | 159 }; |
155 | 160 |
156 } // namespace gcm | 161 } // namespace gcm |
157 | 162 |
158 #endif // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ | 163 #endif // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_ |
OLD | NEW |