| Elly | 4046edf | 2024-10-10 20:51:36 | [diff] [blame] | 1 | // Copyright 2024 The Chromium Authors |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CRYPTO_SUBTLE_PASSKEY_H_ |
| 6 | #define CRYPTO_SUBTLE_PASSKEY_H_ |
| 7 | |
| 8 | #include "crypto/crypto_export.h" |
| 9 | |
| Elly | 11005ea | 2024-12-11 16:39:25 | [diff] [blame] | 10 | namespace ash { |
| 11 | class CryptohomeTokenEncryptor; |
| Elly | 7f0b5a87 | 2025-02-13 01:51:13 | [diff] [blame] | 12 | class Key; |
| Elly | 11005ea | 2024-12-11 16:39:25 | [diff] [blame] | 13 | } |
| 14 | |
| Elly | 5be8ea0 | 2024-10-29 15:00:54 | [diff] [blame] | 15 | namespace syncer { |
| 16 | class Nigori; |
| 17 | } |
| 18 | |
| Elly | 4046edf | 2024-10-10 20:51:36 | [diff] [blame] | 19 | namespace crypto { |
| Elly | 28e72c26 | 2024-12-03 01:06:35 | [diff] [blame] | 20 | class SubtlePassKey; |
| 21 | } // namespace crypto |
| 22 | |
| 23 | namespace chromeos::onc { |
| 24 | crypto::SubtlePassKey MakeCryptoPassKey(); |
| 25 | } |
| 26 | |
| Tom Anderson | c4f70972 | 2025-01-11 01:49:19 | [diff] [blame] | 27 | namespace os_crypt_async { |
| 28 | class FreedesktopSecretKeyProvider; |
| 29 | } |
| 30 | |
| Elly | c4eea4e | 2024-12-10 19:34:31 | [diff] [blame] | 31 | class OSCryptImpl; |
| 32 | |
| Elly | 28e72c26 | 2024-12-03 01:06:35 | [diff] [blame] | 33 | namespace crypto { |
| Elly | 4046edf | 2024-10-10 20:51:36 | [diff] [blame] | 34 | |
| 35 | // A crypto::SubtlePassKey allows you to call subtle, difficult-to-get-right, or |
| 36 | // mistake-prone APIs, or APIs that allow you to make detailed cryptographic |
| 37 | // choices for yourself. See //docs/patterns/passkey.md for details. |
| 38 | // |
| 39 | // Note: this has no relation at all to the "passkey" WebAuthN mechanism. |
| 40 | class CRYPTO_EXPORT SubtlePassKey final { |
| 41 | public: |
| 42 | ~SubtlePassKey(); |
| 43 | |
| 44 | // Test code is always allowed to use these APIs. |
| 45 | static SubtlePassKey ForTesting(); |
| 46 | |
| 47 | private: |
| 48 | SubtlePassKey(); |
| 49 | |
| 50 | // Deprecated: remove this once the DeriveKey*() methods are deleted from |
| 51 | // SymmetricKey. |
| 52 | friend class SymmetricKey; |
| Elly | 5be8ea0 | 2024-10-29 15:00:54 | [diff] [blame] | 53 | |
| Elly | 11005ea | 2024-12-11 16:39:25 | [diff] [blame] | 54 | // This class uses custom PBKDF2 parameters, and has to keep doing so for |
| 55 | // compatibility with persisted data on disk. |
| 56 | friend class ash::CryptohomeTokenEncryptor; |
| 57 | |
| Elly | 5be8ea0 | 2024-10-29 15:00:54 | [diff] [blame] | 58 | // This class uses custom PBKDF2 parameters - the Nigori spec requires this. |
| 59 | friend class syncer::Nigori; |
| Elly | 28e72c26 | 2024-12-03 01:06:35 | [diff] [blame] | 60 | |
| 61 | // ONC EncryptedConfiguration objects can contain and require us to use |
| 62 | // arbitrary (possibly attacker-supplied) PBKDF2 parameters. |
| 63 | friend SubtlePassKey chromeos::onc::MakeCryptoPassKey(); |
| Elly | c4eea4e | 2024-12-10 19:34:31 | [diff] [blame] | 64 | |
| Tom Anderson | c4f70972 | 2025-01-11 01:49:19 | [diff] [blame] | 65 | // These classes use custom PBKDF2 parameters and have to keep doing so for |
| Elly | c4eea4e | 2024-12-10 19:34:31 | [diff] [blame] | 66 | // compatibility with existing persisted data. |
| 67 | friend class ::OSCryptImpl; |
| Tom Anderson | c4f70972 | 2025-01-11 01:49:19 | [diff] [blame] | 68 | friend class os_crypt_async::FreedesktopSecretKeyProvider; |
| Elly | 7f0b5a87 | 2025-02-13 01:51:13 | [diff] [blame] | 69 | |
| 70 | // This class uses custom PBKDF2 parameters which cannot be changed for |
| 71 | // compatibility with persisted data. |
| 72 | friend class ash::Key; |
| Elly | 4046edf | 2024-10-10 20:51:36 | [diff] [blame] | 73 | }; |
| 74 | |
| 75 | } // namespace crypto |
| 76 | |
| 77 | #endif // CRYPTO_SUBTLE_PASSKEY_H_ |
