diff options
Diffstat (limited to 'chromium/components/gcm_driver/crypto/gcm_encryption_provider.h')
-rw-r--r-- | chromium/components/gcm_driver/crypto/gcm_encryption_provider.h | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/chromium/components/gcm_driver/crypto/gcm_encryption_provider.h b/chromium/components/gcm_driver/crypto/gcm_encryption_provider.h new file mode 100644 index 00000000000..bdb6cd3d15e --- /dev/null +++ b/chromium/components/gcm_driver/crypto/gcm_encryption_provider.h @@ -0,0 +1,157 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_ +#define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_ + +#include <stdint.h> + +#include <memory> +#include <string> + +#include "base/callback_forward.h" +#include "base/gtest_prod_util.h" +#include "base/memory/weak_ptr.h" +#include "components/gcm_driver/crypto/gcm_message_cryptographer.h" + +namespace base { +class FilePath; +class SequencedTaskRunner; +} // namespace base + +namespace crypto { +class ECPrivateKey; +} // namespace crypto + +namespace gcm { + +enum class GCMDecryptionResult; +enum class GCMEncryptionResult; +class GCMKeyStore; +struct IncomingMessage; + +// Provider that enables the GCM Driver to deal with encryption key management +// and decryption of incoming messages. +class GCMEncryptionProvider { + public: + // Callback to be invoked when the public key and auth secret are available. + using EncryptionInfoCallback = + base::OnceCallback<void(std::string p256dh, std::string auth_secret)>; + + // Callback to be invoked when a message may have been decrypted, as indicated + // by the |result|. The |message| contains the dispatchable message in success + // cases, or will be initialized to an empty, default state for failure. + using DecryptMessageCallback = + base::OnceCallback<void(GCMDecryptionResult result, + IncomingMessage message)>; + + // Callback to be invoked when a message may have been encrypted, as indicated + // by the |result|. The |message| contains the dispatchable message in success + // cases, or will be initialized to an empty, default state for failure. + using EncryptMessageCallback = + base::OnceCallback<void(GCMEncryptionResult result, std::string message)>; + + static const char kContentEncodingProperty[]; + + // Content coding name defined by ietf-httpbis-encryption-encoding. + static const char kContentCodingAes128Gcm[]; + + GCMEncryptionProvider(); + + GCMEncryptionProvider(const GCMEncryptionProvider&) = delete; + GCMEncryptionProvider& operator=(const GCMEncryptionProvider&) = delete; + + ~GCMEncryptionProvider(); + + // Initializes the encryption provider with the |store_path| and the + // |blocking_task_runner|. Done separately from the constructor in order to + // avoid needing a blocking task runner for anything using GCMDriver. + void Init( + const base::FilePath& store_path, + const scoped_refptr<base::SequencedTaskRunner>& blocking_task_runner); + + // Retrieves the public key and authentication secret associated with the + // |app_id| + |authorized_entity| pair. Will create this info if necessary. + // |authorized_entity| should be the InstanceID token's authorized entity, or + // "" for non-InstanceID GCM registrations. + void GetEncryptionInfo(const std::string& app_id, + const std::string& authorized_entity, + EncryptionInfoCallback callback); + + // Removes all encryption information associated with the |app_id| + + // |authorized_entity| pair, then invokes |callback|. |authorized_entity| + // should be the InstanceID token's authorized entity, or "*" to remove for + // all InstanceID tokens, or "" for non-InstanceID GCM registrations. + void RemoveEncryptionInfo(const std::string& app_id, + const std::string& authorized_entity, + base::OnceClosure callback); + + // Determines whether |message| contains encrypted content. + bool IsEncryptedMessage(const IncomingMessage& message) const; + + // Attempts to decrypt the |message|. If the |message| is not encrypted, the + // |callback| will be invoked immediately. Otherwise |callback| will be called + // asynchronously when |message| has been decrypted. A dispatchable message + // will be used in case of success, an empty message in case of failure. + void DecryptMessage(const std::string& app_id, + const IncomingMessage& message, + DecryptMessageCallback callback); + + // Attempts to encrypt the |message| using draft-ietf-webpush-encryption-08 + // scheme. |callback| will be called asynchronously when |message| has been + // encrypted. A dispatchable message will be used in case of success, an empty + // message in case of failure. + void EncryptMessage(const std::string& app_id, + const std::string& authorized_entity, + const std::string& p256dh, + const std::string& auth_secret, + const std::string& message, + EncryptMessageCallback callback); + + private: + friend class GCMEncryptionProviderTest; + FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest, + EncryptionRoundTripGCMRegistration); + FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest, + EncryptionRoundTripInstanceIDToken); + + void DidGetEncryptionInfo(const std::string& app_id, + const std::string& authorized_entity, + EncryptionInfoCallback callback, + std::unique_ptr<crypto::ECPrivateKey> key, + const std::string& auth_secret); + + void DidCreateEncryptionInfo(EncryptionInfoCallback callback, + std::unique_ptr<crypto::ECPrivateKey> key, + const std::string& auth_secret); + + void DecryptMessageWithKey(const std::string& message_id, + const std::string& collapse_key, + const std::string& sender_id, + const std::string& salt, + const std::string& public_key, + uint32_t record_size, + const std::string& ciphertext, + GCMMessageCryptographer::Version version, + DecryptMessageCallback callback, + std::unique_ptr<crypto::ECPrivateKey> key, + const std::string& auth_secret); + + void EncryptMessageWithKey(const std::string& app_id, + const std::string& authorized_entity, + const std::string& p256dh, + const std::string& auth_secret, + const std::string& message, + EncryptMessageCallback callback, + std::unique_ptr<crypto::ECPrivateKey> key, + const std::string& sender_auth_secret); + + std::unique_ptr<GCMKeyStore> key_store_; + + base::WeakPtrFactory<GCMEncryptionProvider> weak_ptr_factory_{this}; +}; + +} // namespace gcm + +#endif // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_ |