Home | History | Annotate | Download | only in util 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_SYNC_UTIL_NIGORI_H_
      6 #define CHROME_BROWSER_SYNC_UTIL_NIGORI_H_
      7 #pragma once
      8 
      9 #include <string>
     10 
     11 #include "base/memory/scoped_ptr.h"
     12 #include "crypto/symmetric_key.h"
     13 
     14 namespace browser_sync {
     15 
     16 // A (partial) implementation of Nigori, a protocol to securely store secrets in
     17 // the cloud. This implementation does not support server authentication or
     18 // assisted key derivation.
     19 //
     20 // To store secrets securely, use the |Permute| method to derive a lookup name
     21 // for your secret (basically a map key), and |Encrypt| and |Decrypt| to store
     22 // and retrieve the secret.
     23 //
     24 // TODO: Link to doc.
     25 class Nigori {
     26  public:
     27   enum Type {
     28     Password = 1,
     29   };
     30 
     31   Nigori();
     32   virtual ~Nigori();
     33 
     34   // Initialize the client with the given |hostname|, |username| and |password|.
     35   bool InitByDerivation(const std::string& hostname,
     36                         const std::string& username,
     37                         const std::string& password);
     38 
     39   // Initialize the client by importing the given keys instead of deriving new
     40   // ones.
     41   bool InitByImport(const std::string& user_key,
     42                     const std::string& encryption_key,
     43                     const std::string& mac_key);
     44 
     45   // Derives a secure lookup name from |type| and |name|. If |hostname|,
     46   // |username| and |password| are kept constant, a given |type| and |name| pair
     47   // always yields the same |permuted| value. Note that |permuted| will be
     48   // Base64 encoded.
     49   bool Permute(Type type, const std::string& name, std::string* permuted) const;
     50 
     51   // Encrypts |value|. Note that on success, |encrypted| will be Base64
     52   // encoded.
     53   bool Encrypt(const std::string& value, std::string* encrypted) const;
     54 
     55   // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64
     56   // encoded.
     57   bool Decrypt(const std::string& value, std::string* decrypted) const;
     58 
     59   // Exports the raw derived keys.
     60   bool ExportKeys(std::string* user_key,
     61                   std::string* encryption_key,
     62                   std::string* mac_key) const;
     63 
     64   static const char kSaltSalt[];  // The salt used to derive the user salt.
     65   static const size_t kSaltKeySizeInBits = 128;
     66   static const size_t kDerivedKeySizeInBits = 128;
     67   static const size_t kIvSize = 16;
     68   static const size_t kHashSize = 32;
     69 
     70   static const size_t kSaltIterations = 1001;
     71   static const size_t kUserIterations = 1002;
     72   static const size_t kEncryptionIterations = 1003;
     73   static const size_t kSigningIterations = 1004;
     74 
     75  private:
     76   scoped_ptr<crypto::SymmetricKey> user_key_;
     77   scoped_ptr<crypto::SymmetricKey> encryption_key_;
     78   scoped_ptr<crypto::SymmetricKey> mac_key_;
     79 };
     80 
     81 }  // namespace browser_sync
     82 
     83 #endif  // CHROME_BROWSER_SYNC_UTIL_NIGORI_H_
     84