blob: df6bf9ad481fb8a6e467fddb29a55e8fbb258a0e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef BASE_CRYPTO_NIGORI_H_
#define BASE_CRYPTO_NIGORI_H_
#include <string>
#include "base/crypto/symmetric_key.h"
#include "base/scoped_ptr.h"
namespace base {
// A (partial) implementation of Nigori, a protocol to securely store secrets in
// the cloud. This implementation does not support server authentication or
// assisted key derivation.
//
// To store secrets securely, use the |Permute| method to derive a lookup name
// for your secret (basically a map key), and |Encrypt| and |Decrypt| to store
// and retrieve the secret.
//
// TODO: Link to doc.
class Nigori {
public:
enum Type {
Password = 1,
};
// Creates a Nigori client for communicating with |hostname|. Note that
// |hostname| is used to derive the keys used to encrypt and decrypt data.
explicit Nigori(const std::string& hostname);
virtual ~Nigori();
// Initialize the client with the supplied |username| and |password|.
bool Init(const std::string& username, const std::string& password);
// Derives a secure lookup name from |type| and |name|. If |hostname|,
// |username| and |password| are kept constant, a given |type| and |name| pair
// always yields the same |permuted| value. Note that |permuted| will be
// Base64 encoded.
bool Permute(Type type, const std::string& name, std::string* permuted);
// Encrypts |value|. Note that on success, |encrypted| will be Base64
// encoded.
bool Encrypt(const std::string& value, std::string* encrypted);
// Decrypts |value| into |decrypted|. It is assumed that |value| is Base64
// encoded.
bool Decrypt(const std::string& value, std::string* decrypted);
static const char kSaltSalt[]; // The salt used to derive the user salt.
static const size_t kSaltKeySize = 8;
static const size_t kDerivedKeySizeInBits = 128;
static const size_t kIvSize = 16;
static const size_t kHashSize = 32;
static const size_t kSaltIterations = 1001;
static const size_t kUserIterations = 1002;
static const size_t kEncryptionIterations = 1003;
static const size_t kSigningIterations = 1004;
private:
const std::string hostname_;
scoped_ptr<SymmetricKey> user_key_;
scoped_ptr<SymmetricKey> encryption_key_;
scoped_ptr<SymmetricKey> mac_key_;
};
} // namespace base
#endif // BASE_CRYPTO_NIGORI_H_
|
