| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_DBUS_EASY_UNLOCK_CLIENT_H_ | 5 #ifndef CHROMEOS_DBUS_EASY_UNLOCK_CLIENT_H_ |
| 6 #define CHROMEOS_DBUS_EASY_UNLOCK_CLIENT_H_ | 6 #define CHROMEOS_DBUS_EASY_UNLOCK_CLIENT_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 // Chrome. To work around this, the message processing will be done in ChromeOS, | 23 // Chrome. To work around this, the message processing will be done in ChromeOS, |
| 24 // where OpenSSL is already supported. | 24 // where OpenSSL is already supported. |
| 25 // TODO(tbarzic): Get rid of this client when Chrome switches from NSS to | 25 // TODO(tbarzic): Get rid of this client when Chrome switches from NSS to |
| 26 // OpenSSL (http://crbug.com/338888). | 26 // OpenSSL (http://crbug.com/338888). |
| 27 class CHROMEOS_EXPORT EasyUnlockClient : public DBusClient { | 27 class CHROMEOS_EXPORT EasyUnlockClient : public DBusClient { |
| 28 public: | 28 public: |
| 29 virtual ~EasyUnlockClient(); | 29 virtual ~EasyUnlockClient(); |
| 30 | 30 |
| 31 typedef base::Callback<void(const std::string& data)> DataCallback; | 31 typedef base::Callback<void(const std::string& data)> DataCallback; |
| 32 | 32 |
| 33 // Callback for |GenerateEcP256KeyPair|. Carries the generated keys. | 33 // Callback for |GenerateEcP256KeyAgreement|. Carries the generated keys. |
| 34 typedef base::Callback<void(const std::string& private_key, | 34 typedef base::Callback<void(const std::string& public_key, |
| 35 const std::string& public_key)> | 35 const std::string& private_key)> |
| 36 KeyPairCallback; | 36 KeyPairCallback; |
| 37 | 37 |
| 38 // Generates ECDSA key pair using P256 curve. | 38 // Generates ECDSA key pair using P256 curve. |
| 39 // The created keys should only be used with this client. | 39 // The created keys should only be used with this client. |
| 40 virtual void GenerateEcP256KeyPair(const KeyPairCallback& callback) = 0; | 40 virtual void GenerateEcP256KeyPair(const KeyPairCallback& callback) = 0; |
| 41 | 41 |
| 42 // Parameters used to create a secure message. | |
| 43 struct CreateSecureMessageOptions { | |
| 44 CreateSecureMessageOptions(); | |
| 45 ~CreateSecureMessageOptions(); | |
| 46 | |
| 47 // The key used to sign, and if needed, encrypt the message. If encryption | |
| 48 // is required, the key must be symetric. | |
| 49 std::string key; | |
| 50 | |
| 51 // Data associated with the message. The data will not actually be added to | |
| 52 // the message, but it will be used while signing the message (the receiver | |
| 53 // will use the same data to authenticate the signature). | |
| 54 std::string associated_data; | |
| 55 | |
| 56 // Metadata added to the message header. | |
| 57 std::string public_metadata; | |
| 58 | |
| 59 // The key id added to the message header. Has to be set if the message is | |
| 60 // signed with private asymetric key. This value is used by the receiver to | |
| 61 // identify the key that should be used to verify the signature. | |
| 62 std::string verification_key_id; | |
| 63 | |
| 64 // Key id added to the message header. Used by the message receiver to | |
| 65 // identify the key that should be used to decrypt the message. | |
| 66 std::string decryption_key_id; | |
| 67 | |
| 68 // The encryption algorithm to use for encrypting the message. | |
| 69 std::string encryption_type; | |
| 70 | |
| 71 // The algorithm to use to sign the message. | |
| 72 std::string signature_type; | |
| 73 | |
| 74 private: | |
| 75 DISALLOW_COPY_AND_ASSIGN(CreateSecureMessageOptions); | |
| 76 }; | |
| 77 | |
| 78 // Parameters used to unwrap a securemessage. | |
| 79 struct UnwrapSecureMessageOptions { | |
| 80 UnwrapSecureMessageOptions(); | |
| 81 ~UnwrapSecureMessageOptions(); | |
| 82 | |
| 83 // The key used to authenticate message signature and, if needed, decrypt | |
| 84 // the message. If the message is encrypted, only symetric key can be used. | |
| 85 std::string key; | |
| 86 | |
| 87 // Data associated with the message. Message authentication will succeed | |
| 88 // only if the message was created with the same associated data. | |
| 89 std::string associated_data; | |
| 90 | |
| 91 // The encryption algorithm to use for decrypting the message. | |
| 92 std::string encryption_type; | |
| 93 | |
| 94 // The algorithm that should be used to verify the message signature. | |
| 95 std::string signature_type; | |
| 96 | |
| 97 private: | |
| 98 DISALLOW_COPY_AND_ASSIGN(UnwrapSecureMessageOptions); | |
| 99 }; | |
| 100 | |
| 101 // Given a private and a public key, creates a symetric secret key using | 42 // Given a private and a public key, creates a symetric secret key using |
| 102 // EC Diffe-Hellman key exchange. The provided keys come from different | 43 // EC Diffe-Hellman key exchange. The provided keys come from different |
| 103 // asymetric key pairs, and are expected to be in the same format as the ones | 44 // asymetric key pairs, and are expected to be in the same format as the ones |
| 104 // returned by |GenerateEcP256KeyAgreement|. Reversing key pairs from which | 45 // returned by |GenerateEcP256KeyAgreement|. Reversing key pairs from which |
| 105 // private and public key come generates the same secret key. | 46 // private and public key come generates the same secret key. |
| 106 virtual void PerformECDHKeyAgreement(const std::string& private_key, | 47 virtual void PerformECDHKeyAgreement(const std::string& private_key, |
| 107 const std::string& public_key, | 48 const std::string& public_key, |
| 108 const DataCallback& callback) = 0; | 49 const DataCallback& callback) = 0; |
| 109 | 50 |
| 110 // Creates signed and, if specified, encrypted message in format used by Easy | 51 // Creates signed and, if specified, encrypted message in format used by Easy |
| 111 // Unlock. | 52 // Unlock. |
| 112 // |payload|: The cleartext message body. | 53 // |payload|: The cleartext message body. |
| 113 // |options|: The message parameters used for creating the secure message. | 54 // |key|: The key used to sign, and if needed, encrypt the message. If |
| 55 // encryption is required, the key must be symetric. |
| 56 // |associated_data|: Data associated with the message. The data will not |
| 57 // actually be added to the message, but it will be used while |
| 58 // signing the message (the receiver will use the same data to |
| 59 // authenticate the signature). |
| 60 // |public_metadata|: Metadata added to the message header. |
| 61 // |verification_key_id|: The key id added to the message header. Has to be |
| 62 // set if the message is signed with private asymetric key. This value |
| 63 // is used by the receiver to identify the public key that should be used |
| 64 // to verify the signature. |
| 65 // |decryption_key_id|: Key id added to the message header. Used by the |
| 66 // message receiver to identify the key that should be used to decrypt |
| 67 // the message. |
| 68 // |encryption_type|: The encryption algorithm to use for encrypting the |
| 69 // message. (May be set to none). |
| 70 // |signature_type|: The algorithm to use to sign the message. |
| 114 // |callback|: Called with the created message. On failure, the message will | 71 // |callback|: Called with the created message. On failure, the message will |
| 115 // be empty. | 72 // be empty. |
| 116 virtual void CreateSecureMessage(const std::string& payload, | 73 virtual void CreateSecureMessage(const std::string& payload, |
| 117 const CreateSecureMessageOptions& options, | 74 const std::string& secret_key, |
| 75 const std::string& associated_data, |
| 76 const std::string& public_metadata, |
| 77 const std::string& verification_key_id, |
| 78 const std::string& decryption_key_id, |
| 79 const std::string& encryption_type, |
| 80 const std::string& signature_type, |
| 118 const DataCallback& callback) = 0; | 81 const DataCallback& callback) = 0; |
| 119 | 82 |
| 120 // Authenticates and, if specified, decrypts a secure message. | 83 // Authenticates and, if specified, decrypts a secure message. |
| 121 // |message|: The message to unwrap. It is in the same format as the message | 84 // |message|: The message to unwrap. It is in the same format as the message |
| 122 // returned by |CreateSecureMessage|. | 85 // returned by |CreateSecureMessage|. |
| 123 // |options|: The parameters that should be used to unwrap the message. | 86 // |key|: The key used to authenticate message signature and, if needed, |
| 87 // decrypt the message. If the message is encrypted, only symetric key |
| 88 // can be used. |
| 89 // |associated_data|: Data associated with the message. Message |
| 90 // authentication will succeed only if the message was created with the |
| 91 // associated data. |
| 92 // |encryption_type|: The encryption algorithm to use for decrypting the |
| 93 // message. (May be set to none). |
| 94 // |signature_type|: The algorithm to use to verify the message signature. |
| 124 // |callback|: Called with the cleartext message header and body in a signle | 95 // |callback|: Called with the cleartext message header and body in a signle |
| 125 // protobuf. If the message could not be authenticated or decrypted, it | 96 // protobuf. If the message could not be authenticated or decrypted, it |
| 126 // will be called with an empty string. | 97 // will be called with an empty string. |
| 127 virtual void UnwrapSecureMessage(const std::string& message, | 98 virtual void UnwrapSecureMessage(const std::string& message, |
| 128 const UnwrapSecureMessageOptions& options, | 99 const std::string& secret_key, |
| 100 const std::string& associated_data, |
| 101 const std::string& encryption_type, |
| 102 const std::string& signature_type, |
| 129 const DataCallback& callback) = 0; | 103 const DataCallback& callback) = 0; |
| 130 | 104 |
| 131 // Factory function, creates a new instance and returns ownership. | 105 // Factory function, creates a new instance and returns ownership. |
| 132 // For normal usage, access the singleton via DBusThreadManager::Get(). | 106 // For normal usage, access the singleton via DBusThreadManager::Get(). |
| 133 static EasyUnlockClient* Create(); | 107 static EasyUnlockClient* Create(); |
| 134 | 108 |
| 135 protected: | 109 protected: |
| 136 // Create() should be used instead. | 110 // Create() should be used instead. |
| 137 EasyUnlockClient(); | 111 EasyUnlockClient(); |
| 138 | 112 |
| 139 private: | 113 private: |
| 140 DISALLOW_COPY_AND_ASSIGN(EasyUnlockClient); | 114 DISALLOW_COPY_AND_ASSIGN(EasyUnlockClient); |
| 141 }; | 115 }; |
| 142 | 116 |
| 143 } // namespace chromeos | 117 } // namespace chromeos |
| 144 | 118 |
| 145 #endif // CHROMEOS_DBUS_EASY_UNLOCK_CLIENT_H_ | 119 #endif // CHROMEOS_DBUS_EASY_UNLOCK_CLIENT_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 577443004:
Revert of Minor cleanup in EasyUnlockClient (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master