1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ 6#define CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ 7#pragma once 8 9#include <string> 10 11#include "base/memory/scoped_ptr.h" 12#include "crypto/symmetric_key.h" 13 14namespace browser_sync { 15 16// A (partial) implementation of Nigori, a protocol to securely store secrets in 17// the cloud. This implementation does not support server authentication or 18// assisted key derivation. 19// 20// To store secrets securely, use the |Permute| method to derive a lookup name 21// for your secret (basically a map key), and |Encrypt| and |Decrypt| to store 22// and retrieve the secret. 23// 24// TODO: Link to doc. 25class Nigori { 26 public: 27 enum Type { 28 Password = 1, 29 }; 30 31 Nigori(); 32 virtual ~Nigori(); 33 34 // Initialize the client with the given |hostname|, |username| and |password|. 35 bool InitByDerivation(const std::string& hostname, 36 const std::string& username, 37 const std::string& password); 38 39 // Initialize the client by importing the given keys instead of deriving new 40 // ones. 41 bool InitByImport(const std::string& user_key, 42 const std::string& encryption_key, 43 const std::string& mac_key); 44 45 // Derives a secure lookup name from |type| and |name|. If |hostname|, 46 // |username| and |password| are kept constant, a given |type| and |name| pair 47 // always yields the same |permuted| value. Note that |permuted| will be 48 // Base64 encoded. 49 bool Permute(Type type, const std::string& name, std::string* permuted) const; 50 51 // Encrypts |value|. Note that on success, |encrypted| will be Base64 52 // encoded. 53 bool Encrypt(const std::string& value, std::string* encrypted) const; 54 55 // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64 56 // encoded. 57 bool Decrypt(const std::string& value, std::string* decrypted) const; 58 59 // Exports the raw derived keys. 60 bool ExportKeys(std::string* user_key, 61 std::string* encryption_key, 62 std::string* mac_key) const; 63 64 static const char kSaltSalt[]; // The salt used to derive the user salt. 65 static const size_t kSaltKeySizeInBits = 128; 66 static const size_t kDerivedKeySizeInBits = 128; 67 static const size_t kIvSize = 16; 68 static const size_t kHashSize = 32; 69 70 static const size_t kSaltIterations = 1001; 71 static const size_t kUserIterations = 1002; 72 static const size_t kEncryptionIterations = 1003; 73 static const size_t kSigningIterations = 1004; 74 75 private: 76 scoped_ptr<crypto::SymmetricKey> user_key_; 77 scoped_ptr<crypto::SymmetricKey> encryption_key_; 78 scoped_ptr<crypto::SymmetricKey> mac_key_; 79}; 80 81} // namespace browser_sync 82 83#endif // CHROME_BROWSER_SYNC_UTIL_NIGORI_H_ 84