• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2020 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef SECURITY_CRYPTAUTH_LIB_SECUREGCM_D2D_CRYPTO_OPS_H_
16 #define SECURITY_CRYPTAUTH_LIB_SECUREGCM_D2D_CRYPTO_OPS_H_
17 
18 #include <memory>
19 #include <string>
20 
21 #include "proto/securegcm.pb.h"
22 #include "securemessage/crypto_ops.h"
23 
24 namespace securegcm {
25 
26 // A collection of static utility methods for the Device to Device communication
27 // (D2D) library.
28 //
29 // A class is used here in preference to a namespace to provide a closer
30 // correspondence with the Java equivalent class:
31 // //java/com/google/security/cryptauth/lib/securegcm/D2DCryptoOps.java
32 class D2DCryptoOps {
33  public:
34   // Encapsulates a payload type specifier, and a corresponding message as the
35   // raw payload.
36   //
37   // Note: Type is defined in securegcm.proto.
38   class Payload {
39    public:
40     Payload(Type type, const std::string& message);
41 
type()42     Type type() const { return type_; }
43 
message()44     const std::string& message() const { return message_; }
45 
46    private:
47     const Type type_;
48     const std::string message_;
49   };
50 
51   // The salt, SHA256 of "D2D".
52   static const uint8_t kSalt[];
53   static const size_t kSaltLength;
54 
55   // Used by a device to send a secure |Payload| to another device.
56   static std::unique_ptr<std::string> SigncryptPayload(
57       const Payload& payload,
58       const securemessage::CryptoOps::SecretKey& secret_key);
59 
60   // Used by a device to recover a secure |Payload| sent by another device.
61   static std::unique_ptr<Payload> VerifyDecryptPayload(
62       const std::string& signcrypted_message,
63       const securemessage::CryptoOps::SecretKey& secret_key);
64 
65   // Used to derive a distinct key for each initiator and responder from the
66   // |master_key|. Use a different |purpose| for each role.
67   static std::unique_ptr<securemessage::CryptoOps::SecretKey>
68   DeriveNewKeyForPurpose(const securemessage::CryptoOps::SecretKey& master_key,
69                          const std::string& purpose);
70 
71  private:
72   // Prevent instantiation.
73   D2DCryptoOps();
74 };
75 
76 }  // namespace securegcm
77 
78 #endif  // SECURITY_CRYPTAUTH_LIB_SECUREGCM_D2D_CRYPTO_OPS_H_
79