blob: 243868d74da7ecfa432928ed1ed083896d921233 [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include "base/callback.h"
#include "base/containers/flat_map.h"
#include "base/macros.h"
#include "base/optional.h"
#include "chromeos/services/device_sync/cryptauth_key.h"
#include "chromeos/services/device_sync/cryptauth_key_bundle.h"
#include "chromeos/services/device_sync/proto/cryptauth_common.pb.h"
namespace chromeos {
namespace device_sync {
// The lone method CreateKeys() takes a map from key-bundle name to key-creation
// data and returns a map from key-bundle name to newly created key via the
// callback, |create_keys_callback|.
// Requirements:
// - An instance of this class should only be used once.
// - The input map, |keys_to_create|, cannot be empty.
// - Currently, the only supported key types are RAW128 and RAW256 for
// symmetric keys and P256 for asymmetric keys.
// - If symmetric keys are being created, the CryptAuth server's
// Diffie-Hellman public key needs to be passed into |server_ephemeral_dh|
// of CreateKeys().
// Note about symmetric key creation:
// The CryptAuth v2 Enrollment protocol demands that symmetric keys be derived
// from a secret key, obtained by performing a Diffie-Hellman handshake with
// the CryptAuth server. Specifically,
// |derived_key| =
// Hkdf(|secret|, salt="CryptAuth Enrollment", info=|derived_key_handle|).
// The CryptAuth server's Diffie-Hellman key is passed into CreateKeys(),
// CreateKeys() generates the client side of the Diffie-Hellman handshake, and
// this asymmetric key is returned in the callback.
class CryptAuthKeyCreator {
struct CreateKeyData {
CreateKeyData(CryptAuthKey::Status status,
cryptauthv2::KeyType type,
base::Optional<std::string> handle = base::nullopt);
CreateKeyData(const CreateKeyData&);
CryptAuthKey::Status status;
cryptauthv2::KeyType type;
base::Optional<std::string> handle;
virtual ~CryptAuthKeyCreator();
using CreateKeysCallback = base::OnceCallback<void(
const base::flat_map<CryptAuthKeyBundle::Name,
CryptAuthKey>& /* new_keys */,
const base::Optional<CryptAuthKey>& /* client_ephemeral_dh */)>;
virtual void CreateKeys(
const base::flat_map<CryptAuthKeyBundle::Name, CreateKeyData>&
const base::Optional<CryptAuthKey>& server_ephemeral_dh,
CreateKeysCallback create_keys_callback) = 0;
} // namespace device_sync
} // namespace chromeos