| // Copyright 2019 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CHROMEOS_SERVICES_DEVICE_SYNC_CRYPTAUTH_KEY_CREATOR_H_ |
| #define CHROMEOS_SERVICES_DEVICE_SYNC_CRYPTAUTH_KEY_CREATOR_H_ |
| |
| #include <string> |
| |
| #include "base/callback.h" |
| #include "base/containers/flat_map.h" |
| #include "base/macros.h" |
| #include "base/optional.h" |
| #include "chromeos/services/device_sync/cryptauth_key.h" |
| #include "chromeos/services/device_sync/cryptauth_key_bundle.h" |
| #include "chromeos/services/device_sync/proto/cryptauth_common.pb.h" |
| |
| namespace chromeos { |
| |
| namespace device_sync { |
| |
| // The lone method CreateKeys() takes a map from key-bundle name to key-creation |
| // data and returns a map from key-bundle name to newly created key via the |
| // callback, |create_keys_callback|. |
| // |
| // Requirements: |
| // - An instance of this class should only be used once. |
| // - The input map, |keys_to_create|, cannot be empty. |
| // - Currently, the only supported key types are RAW128 and RAW256 for |
| // symmetric keys and P256 for asymmetric keys. |
| // - If symmetric keys are being created, the CryptAuth server's |
| // Diffie-Hellman public key needs to be passed into |server_ephemeral_dh| |
| // of CreateKeys(). |
| // |
| // Note about symmetric key creation: |
| // The CryptAuth v2 Enrollment protocol demands that symmetric keys be derived |
| // from a secret key, obtained by performing a Diffie-Hellman handshake with |
| // the CryptAuth server. Specifically, |
| // |
| // |derived_key| = |
| // Hkdf(|secret|, salt="CryptAuth Enrollment", info=|derived_key_handle|). |
| // |
| // The CryptAuth server's Diffie-Hellman key is passed into CreateKeys(), |
| // CreateKeys() generates the client side of the Diffie-Hellman handshake, and |
| // this asymmetric key is returned in the callback. |
| class CryptAuthKeyCreator { |
| public: |
| struct CreateKeyData { |
| CreateKeyData(CryptAuthKey::Status status, |
| cryptauthv2::KeyType type, |
| base::Optional<std::string> handle = base::nullopt); |
| ~CreateKeyData(); |
| CreateKeyData(const CreateKeyData&); |
| |
| CryptAuthKey::Status status; |
| cryptauthv2::KeyType type; |
| base::Optional<std::string> handle; |
| }; |
| |
| CryptAuthKeyCreator(); |
| virtual ~CryptAuthKeyCreator(); |
| |
| using CreateKeysCallback = base::OnceCallback<void( |
| const base::flat_map<CryptAuthKeyBundle::Name, |
| CryptAuthKey>& /* new_keys */, |
| const base::Optional<CryptAuthKey>& /* client_ephemeral_dh */)>; |
| virtual void CreateKeys( |
| const base::flat_map<CryptAuthKeyBundle::Name, CreateKeyData>& |
| keys_to_create, |
| const base::Optional<CryptAuthKey>& server_ephemeral_dh, |
| CreateKeysCallback create_keys_callback) = 0; |
| |
| DISALLOW_COPY_AND_ASSIGN(CryptAuthKeyCreator); |
| }; |
| |
| } // namespace device_sync |
| |
| } // namespace chromeos |
| |
| #endif // CHROMEOS_SERVICES_DEVICE_SYNC_CRYPTAUTH_KEY_CREATOR_H_ |