components/gcm_driver/crypto/gcm_encryption_provider.h - chromium/src - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_
 #define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_

 #include <stdint.h>

 #include <memory>
 #include <string>

 #include "base/callback_forward.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
 #include "components/gcm_driver/crypto/gcm_message_cryptographer.h"

 namespace base {
 class FilePath;
 class SequencedTaskRunner;
 }

 namespace crypto {
 class ECPrivateKey;
 }

 namespace gcm {

 enum class GCMDecryptionResult;
 class GCMKeyStore;
 struct IncomingMessage;

 // Provider that enables the GCM Driver to deal with encryption key management
 // and decryption of incoming messages.
 class GCMEncryptionProvider {
  public:
   // Callback to be invoked when the public key and auth secret are available.
   using EncryptionInfoCallback =
       base::OnceCallback<void(const std::string& p256dh,
                               const std::string& auth_secret)>;

   // Callback to be invoked when a message may have been decrypted, as indicated
   // by the |result|. The |message| contains the dispatchable message in success
   // cases, or will be initialized to an empty, default state for failure.
   using MessageCallback = base::Callback<void(GCMDecryptionResult result,
                                               const IncomingMessage& message)>;

   GCMEncryptionProvider();
   ~GCMEncryptionProvider();

   // Initializes the encryption provider with the |store_path| and the
   // |blocking_task_runner|. Done separately from the constructor in order to
   // avoid needing a blocking task runner for anything using GCMDriver.
   void Init(
       const base::FilePath& store_path,
       const scoped_refptr<base::SequencedTaskRunner>& blocking_task_runner);

   // Retrieves the public key and authentication secret associated with the
   // |app_id| + |authorized_entity| pair. Will create this info if necessary.
   // |authorized_entity| should be the InstanceID token's authorized entity, or
   // "" for non-InstanceID GCM registrations.
   void GetEncryptionInfo(const std::string& app_id,
                          const std::string& authorized_entity,
                          EncryptionInfoCallback callback);

   // Removes all encryption information associated with the |app_id| +
   // |authorized_entity| pair, then invokes |callback|. |authorized_entity|
   // should be the InstanceID token's authorized entity, or "*" to remove for
   // all InstanceID tokens, or "" for non-InstanceID GCM registrations.
   void RemoveEncryptionInfo(const std::string& app_id,
                             const std::string& authorized_entity,
                             const base::Closure& callback);

   // Determines whether |message| contains encrypted content.
   bool IsEncryptedMessage(const IncomingMessage& message) const;

   // Attempts to decrypt the |message|. If the |message| is not encrypted, the
   // |callback| will be invoked immediately. Otherwise |callback| will be called
   // asynchronously when |message| has been decrypted. A dispatchable message
   // will be used in case of success, an empty message in case of failure.
   void DecryptMessage(const std::string& app_id,
                       const IncomingMessage& message,
                       const MessageCallback& callback);

  private:
   friend class GCMEncryptionProviderTest;
   FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest,
                            EncryptionRoundTripGCMRegistration);
   FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest,
                            EncryptionRoundTripInstanceIDToken);

   void DidGetEncryptionInfo(const std::string& app_id,
                             const std::string& authorized_entity,
                             EncryptionInfoCallback callback,
                             std::unique_ptr<crypto::ECPrivateKey> key,
                             const std::string& auth_secret);

   void DidCreateEncryptionInfo(EncryptionInfoCallback callback,
                                std::unique_ptr<crypto::ECPrivateKey> key,
                                const std::string& auth_secret);

   void DecryptMessageWithKey(const std::string& collapse_key,
                              const std::string& sender_id,
                              const std::string& salt,
                              const std::string& public_key,
                              uint32_t record_size,
                              const std::string& ciphertext,
                              GCMMessageCryptographer::Version version,
                              const MessageCallback& callback,
                              std::unique_ptr<crypto::ECPrivateKey> key,
                              const std::string& auth_secret);

   std::unique_ptr<GCMKeyStore> key_store_;

   base::WeakPtrFactory<GCMEncryptionProvider> weak_ptr_factory_;

   DISALLOW_COPY_AND_ASSIGN(GCMEncryptionProvider);
 };

 }  // namespace gcm

 #endif  // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_
	#define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_

	#include <stdint.h>

	#include <memory>
	#include <string>

	#include "base/callback_forward.h"
	#include "base/gtest_prod_util.h"
	#include "base/macros.h"
	#include "base/memory/weak_ptr.h"
	#include "components/gcm_driver/crypto/gcm_message_cryptographer.h"

	namespace base {
	class FilePath;
	class SequencedTaskRunner;
	}

	namespace crypto {
	class ECPrivateKey;
	}

	namespace gcm {

	enum class GCMDecryptionResult;
	class GCMKeyStore;
	struct IncomingMessage;

	// Provider that enables the GCM Driver to deal with encryption key management
	// and decryption of incoming messages.
	class GCMEncryptionProvider {
	public:
	// Callback to be invoked when the public key and auth secret are available.
	using EncryptionInfoCallback =
	base::OnceCallback<void(const std::string& p256dh,
	const std::string& auth_secret)>;

	// Callback to be invoked when a message may have been decrypted, as indicated
	// by the \|result\|. The \|message\| contains the dispatchable message in success
	// cases, or will be initialized to an empty, default state for failure.
	using MessageCallback = base::Callback<void(GCMDecryptionResult result,
	const IncomingMessage& message)>;

	GCMEncryptionProvider();
	~GCMEncryptionProvider();

	// Initializes the encryption provider with the \|store_path\| and the
	// \|blocking_task_runner\|. Done separately from the constructor in order to
	// avoid needing a blocking task runner for anything using GCMDriver.
	void Init(
	const base::FilePath& store_path,
	const scoped_refptr<base::SequencedTaskRunner>& blocking_task_runner);

	// Retrieves the public key and authentication secret associated with the
	// \|app_id\| + \|authorized_entity\| pair. Will create this info if necessary.
	// \|authorized_entity\| should be the InstanceID token's authorized entity, or
	// "" for non-InstanceID GCM registrations.
	void GetEncryptionInfo(const std::string& app_id,
	const std::string& authorized_entity,
	EncryptionInfoCallback callback);

	// Removes all encryption information associated with the \|app_id\| +
	// \|authorized_entity\| pair, then invokes \|callback\|. \|authorized_entity\|
	// should be the InstanceID token's authorized entity, or "*" to remove for
	// all InstanceID tokens, or "" for non-InstanceID GCM registrations.
	void RemoveEncryptionInfo(const std::string& app_id,
	const std::string& authorized_entity,
	const base::Closure& callback);

	// Determines whether \|message\| contains encrypted content.
	bool IsEncryptedMessage(const IncomingMessage& message) const;

	// Attempts to decrypt the \|message\|. If the \|message\| is not encrypted, the
	// \|callback\| will be invoked immediately. Otherwise \|callback\| will be called
	// asynchronously when \|message\| has been decrypted. A dispatchable message
	// will be used in case of success, an empty message in case of failure.
	void DecryptMessage(const std::string& app_id,
	const IncomingMessage& message,
	const MessageCallback& callback);

	private:
	friend class GCMEncryptionProviderTest;
	FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest,
	EncryptionRoundTripGCMRegistration);
	FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest,
	EncryptionRoundTripInstanceIDToken);

	void DidGetEncryptionInfo(const std::string& app_id,
	const std::string& authorized_entity,
	EncryptionInfoCallback callback,
	std::unique_ptr<crypto::ECPrivateKey> key,
	const std::string& auth_secret);

	void DidCreateEncryptionInfo(EncryptionInfoCallback callback,
	std::unique_ptr<crypto::ECPrivateKey> key,
	const std::string& auth_secret);

	void DecryptMessageWithKey(const std::string& collapse_key,
	const std::string& sender_id,
	const std::string& salt,
	const std::string& public_key,
	uint32_t record_size,
	const std::string& ciphertext,
	GCMMessageCryptographer::Version version,
	const MessageCallback& callback,
	std::unique_ptr<crypto::ECPrivateKey> key,
	const std::string& auth_secret);

	std::unique_ptr<GCMKeyStore> key_store_;

	base::WeakPtrFactory<GCMEncryptionProvider> weak_ptr_factory_;

	DISALLOW_COPY_AND_ASSIGN(GCMEncryptionProvider);
	};

	} // namespace gcm

	#endif // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_