Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / components / proximity_auth / device_to_device_initiator_operations.h
blobbce148d4423fabcda918ccd1a4cd344ea49581f3
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_PROXIMITY_AUTH_DEVICE_TO_DEVICE_INITIATOR_OPERATIONS_H
6 #define COMPONENTS_PROXIMITY_AUTH_DEVICE_TO_DEVICE_INITIATOR_OPERATIONS_H
8 #include <string>
10 #include "base/callback_forward.h"
11 #include "base/macros.h"
13 namespace proximity_auth {
15 class SecureMessageDelegate;
17 // Utility class containing operations in the DeviceToDevice protocol that the
18 // initiator needs to perform. For Smart Lock, in which a phone unlocks a
19 // laptop, the initiator is laptop.
21 // All operations are asynchronous because we use the SecureMessageDelegate for
22 // crypto operations, whose implementation may be asynchronous.
24 // In the DeviceToDevice protocol, the initiator needs to send two messages to
25 // the responder and parse one message from the responder:
26 // 1. Send [Hello] Message
27 // This message contains a public key that the initiator generates for the
28 // current session. This message is signed by the long term symmetric key.
29 // 2. Parse [Responder Auth] Message
30 // The responder parses [Hello] and sends this message, which contains the
31 // responder's session public key. This message also contains sufficient
32 // information for the initiator to authenticate the responder.
33 // 3. Send [Initiator Auth] Message
34 // After receiving the responder's session public key, the initiator crafts
35 // and sends this message so the responder can authenticate the initiator.
36 class DeviceToDeviceInitiatorOperations {
37 public:
38 // Callback for operations that create a message. Invoked with the serialized
39 // SecureMessage upon success or the empty string upon failure.
40 typedef base::Callback<void(const std::string&)> MessageCallback;
42 // Callback for ValidateResponderAuthMessage. The first argument will be
43 // called with the validation outcome. If validation succeeded, then the
44 // second argument will contain the session symmetric key derived from the
45 // [Responder Auth] message.
46 typedef base::Callback<void(bool, const std::string&)>
47 ValidateResponderAuthCallback;
49 // Creates the [Hello] message, which is the first message that is sent:
50 // |session_public_key|: This session public key will be stored in plaintext
51 // (but signed) so the responder can parse it.
52 // |persistent_symmetric_key|: The long-term symmetric key that is shared by
53 // the initiator and responder.
54 // |secure_message_delegate|: Delegate for SecureMessage operations. This
55 // instance is not owned, and must live until after |callback| is invoked.
56 // |callback|: Invoked upon operation completion with the serialized message
57 // or an empty string.
58 static void CreateHelloMessage(const std::string& session_public_key,
59 const std::string& persistent_symmetric_key,
60 SecureMessageDelegate* secure_message_delegate,
61 const MessageCallback& callback);
63 // Validates that the [Responder Auth] message, received from the responder,
64 // is properly signed and encrypted.
65 // |responder_auth_message|: The bytes of the [Responder Auth] message to
66 // validate.
67 // |persistent_responder_public_key|: The long-term public key possessed by
68 // the responder device.
69 // |persistent_symmetric_key|: The long-term symmetric key that is shared by
70 // the initiator and responder.
71 // |session_private_key|: The session private key is used in an Diffie-Helmann
72 // key exchange once the responder public key is extracted. The derived
73 // session symmetric key is used in the validation process.
74 // |hello_message|: The initial [Hello] message that was sent, which is used
75 // in the signature calculation.
76 // |secure_message_delegate|: Delegate for SecureMessage operations. This
77 // instance is not owned, and must live until after |callback| is invoked.
78 // |callback|: Invoked upon operation completion with whether
79 // |responder_auth_message| is validated successfully.
80 static void ValidateResponderAuthMessage(
81 const std::string& responder_auth_message,
82 const std::string& persistent_responder_public_key,
83 const std::string& persistent_symmetric_key,
84 const std::string& session_private_key,
85 const std::string& hello_message,
86 SecureMessageDelegate* secure_message_delegate,
87 const ValidateResponderAuthCallback& callback);
89 // Creates the [Initiator Auth] message, which allows the responder to
90 // authenticate the initiator:
91 // |persistent_symmetric_key|: The long-term symmetric key that is shared by
92 // the initiator and responder.
93 // |responder_auth_message|: The [Responder Auth] message sent previously to
94 // the responder. These bytes are used in the signature calculation.
95 // |secure_message_delegate|: Delegate for SecureMessage operations. This
96 // instance is not owned, and must live until after |callback| is invoked.
97 // |callback|: Invoked upon operation completion with the serialized message
98 // or an empty string.
99 static void CreateInitiatorAuthMessage(
100 const std::string& session_symmetric_key,
101 const std::string& persistent_symmetric_key,
102 const std::string& responder_auth_message,
103 SecureMessageDelegate* secure_message_delegate,
104 const MessageCallback& callback);
106 private:
107 DISALLOW_IMPLICIT_CONSTRUCTORS(DeviceToDeviceInitiatorOperations);
110 } // proximity_auth
112 #endif // COMPONENTS_PROXIMITY_AUTH_DEVICE_TO_DEVICE_INITIATOR_OPERATIONS_H