1 // Copyright 2024 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_SUBTLE_PASSKEY_H_ 6 #define CRYPTO_SUBTLE_PASSKEY_H_ 7 8 #include "crypto/crypto_export.h" 9 10 namespace syncer { 11 class Nigori; 12 } 13 14 namespace crypto { 15 class SubtlePassKey; 16 } // namespace crypto 17 18 namespace chromeos::onc { 19 crypto::SubtlePassKey MakeCryptoPassKey(); 20 } 21 22 namespace crypto { 23 24 // A crypto::SubtlePassKey allows you to call subtle, difficult-to-get-right, or 25 // mistake-prone APIs, or APIs that allow you to make detailed cryptographic 26 // choices for yourself. See //docs/patterns/passkey.md for details. 27 // 28 // Note: this has no relation at all to the "passkey" WebAuthN mechanism. 29 class CRYPTO_EXPORT SubtlePassKey final { 30 public: 31 ~SubtlePassKey(); 32 33 // Test code is always allowed to use these APIs. 34 static SubtlePassKey ForTesting(); 35 36 private: 37 SubtlePassKey(); 38 39 // Deprecated: remove this once the DeriveKey*() methods are deleted from 40 // SymmetricKey. 41 friend class SymmetricKey; 42 43 // This class uses custom PBKDF2 parameters - the Nigori spec requires this. 44 friend class syncer::Nigori; 45 46 // ONC EncryptedConfiguration objects can contain and require us to use 47 // arbitrary (possibly attacker-supplied) PBKDF2 parameters. 48 friend SubtlePassKey chromeos::onc::MakeCryptoPassKey(); 49 }; 50 51 } // namespace crypto 52 53 #endif // CRYPTO_SUBTLE_PASSKEY_H_ 54