Implement support for draft-ietf-webpush-encryption-08

components/gcm_driver/crypto/gcm_message_cryptographer.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_
 #define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_
 
 #include <stddef.h>
 #include <stdint.h>
 #include <memory>
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/gtest_prod_util.h"
 #include "base/strings/string_piece.h"
 
 namespace gcm {
 
 // Messages delivered through GCM may be encrypted according to the IETF Web
-// Push protocol. We support the third draft of ietf-webpush-encryption:
+// Push protocol. We support two versions of ietf-webpush-encryption. The user
+// of this class must pass in the version to use when constructing an instance.
 //
 // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03
+// https://tools.ietf.org/html/draft-ietf-webpush-encryption-08 (WGLC)
 //
 // This class implements the ability to encrypt or decrypt such messages using
 // AEAD_AES_128_GCM with a 16-octet authentication tag. The encrypted payload
 // will be stored in a single record.
 //
 // Note that while this class is not responsible for creating or storing the
 // actual keys, it uses a key derivation function for the actual message
 // encryption/decryption, thus allowing for the safe re-use of keys in multiple
 // messages provided that a cryptographically-strong random salt is used.
 class GCMMessageCryptographer {
  public:
   // Salt size, in bytes, that will be used together with the key to create a
   // unique content encryption key for a given message.
   static const size_t kSaltSize;
 
   // Version of the encryption scheme desired by the consumer.
   enum class Version {
     // https://tools.ietf.org/html/draft-ietf-webpush-encryption-03
-    DRAFT_03
+    DRAFT_03,
 
-    // TODO(peter): Add support for ietf-webpush-encryption-08.
+    // https://tools.ietf.org/html/draft-ietf-webpush-encryption-08 (WGLC)
+    DRAFT_08
   };
 
   // Interface that different versions of the encryption scheme must implement.
   class EncryptionScheme {
    public:
     virtual ~EncryptionScheme() {}
 
     // Type of encoding to produce in GenerateInfoForContentEncoding().
     enum class EncodingType { CONTENT_ENCRYPTION_KEY, NONCE };
 
     // Derives the pseuro random key (PRK) to use for deriving the content
     // encryption key and the nonce.
     virtual std::string DerivePseudoRandomKey(
+        const base::StringPiece& recipient_public_key,
+        const base::StringPiece& sender_public_key,
         const base::StringPiece& ecdh_shared_secret,
         const base::StringPiece& auth_secret) = 0;
 
     // Generates the info string used for generating the content encryption key
     // and the nonce used for the cryptographic transformation.
     virtual std::string GenerateInfoForContentEncoding(
         EncodingType type,
         const base::StringPiece& recipient_public_key,
         const base::StringPiece& sender_public_key) = 0;
 
@@ skipping 82 matching lines @@
                        std::string* output) const;
 
   // Implementation of the encryption scheme. Set in the constructor depending
   // on the version requested by the consumer.
   std::unique_ptr<EncryptionScheme> encryption_scheme_;
 };
 
 }  // namespace gcm
 
 #endif  // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_MESSAGE_CRYPTOGRAPHER_H_