1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H_
#define COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H_
#include <string>
#include "base/callback_forward.h"
#include "components/cryptauth/proto/securemessage.pb.h"
namespace cryptauth {
// Interface of delegate responsible for cryptographic operations based on the
// secure message library. This interface is asynchronous as the current
// implementation on ChromeOS communicates with a daemon process over IPC.
class SecureMessageDelegate {
public:
// Fields specifying how to create a SecureMessage.
struct CreateOptions {
CreateOptions();
CreateOptions(const CreateOptions& other);
~CreateOptions();
// The scheme used to encrypt the message.
securemessage::EncScheme encryption_scheme;
// The scheme used to sign the message.
securemessage::SigScheme signature_scheme;
// Additional data that is used as part of the signature computation but not
// included in the message contents.
std::string associated_data;
// Plain-text data included in the message header.
std::string public_metadata;
// Identifies the key to use for verifying the message signature.
std::string verification_key_id;
// Identifies the key to use for decrypting the message.
std::string decryption_key_id;
};
// Fields specifying how to unwrap a SecureMessage.
struct UnwrapOptions {
UnwrapOptions();
~UnwrapOptions();
// The scheme used to decrypt the message.
securemessage::EncScheme encryption_scheme;
// The scheme used to verify the message signature.
securemessage::SigScheme signature_scheme;
// Additional data that is used as part of the signature computation but not
// included in the message contents.
std::string associated_data;
};
SecureMessageDelegate();
virtual ~SecureMessageDelegate();
// Generates a new asymmetric key pair.
typedef base::Callback<void(const std::string& public_key,
const std::string& private_key)>
GenerateKeyPairCallback;
virtual void GenerateKeyPair(const GenerateKeyPairCallback& callback) = 0;
// Derives a symmetric key from our private key and the remote device's
// public key.
typedef base::Callback<void(const std::string& derived_key)>
DeriveKeyCallback;
virtual void DeriveKey(const std::string& private_key,
const std::string& public_key,
const DeriveKeyCallback& callback) = 0;
// Creates a new secure message with a |payload| given the |key| and
// |create_options| specifying the cryptographic details.
// |callback| will be invoked with the serialized SecureMessage upon success
// or the empty string upon failure.
typedef base::Callback<void(const std::string& secure_message)>
CreateSecureMessageCallback;
virtual void CreateSecureMessage(
const std::string& payload,
const std::string& key,
const CreateOptions& create_options,
const CreateSecureMessageCallback& callback) = 0;
// Unwraps |secure_message| given the |key| and |unwrap_options| specifying
// the cryptographic details.
// |callback| will be invoked with true for the |verified| argument if the
// message was verified and decrypted successfully. The |payload| and
// |header| fields will be non-empty if the message was verified successfully.
typedef base::Callback<void(bool verified,
const std::string& payload,
const securemessage::Header& header)>
UnwrapSecureMessageCallback;
virtual void UnwrapSecureMessage(
const std::string& serialized_message,
const std::string& key,
const UnwrapOptions& unwrap_options,
const UnwrapSecureMessageCallback& callback) = 0;
};
} // namespace cryptauth
#endif // COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H_
|
