| Benjamin Wright | b3f887b | 2018-10-30 20:53:30 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2018 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
| 11 | #ifndef RTC_BASE_KEY_DERIVATION_H_ |
| 12 | #define RTC_BASE_KEY_DERIVATION_H_ |
| 13 | |
| Yves Gerey | 3e70781 | 2018-11-28 15:47:49 | [diff] [blame] | 14 | #include <stddef.h> |
| 15 | #include <stdint.h> |
| Benjamin Wright | b3f887b | 2018-10-30 20:53:30 | [diff] [blame] | 16 | #include <memory> |
| 17 | |
| 18 | #include "absl/types/optional.h" |
| 19 | #include "api/array_view.h" |
| 20 | #include "rtc_base/buffer.h" |
| Steve Anton | 10542f2 | 2019-01-11 17:11:00 | [diff] [blame] | 21 | #include "rtc_base/constructor_magic.h" |
| Benjamin Wright | b3f887b | 2018-10-30 20:53:30 | [diff] [blame] | 22 | |
| 23 | namespace rtc { |
| 24 | |
| 25 | // Defines the set of key derivation algorithms that are supported. It is ideal |
| 26 | // to keep this list as small as possible. |
| 27 | enum class KeyDerivationAlgorithm { |
| 28 | // This algorithm is not suitable to generate a key from a password. Please |
| 29 | // only use with a cryptographically random master secret. |
| 30 | HKDF_SHA256 |
| 31 | }; |
| 32 | |
| 33 | // KeyDerivation provides a generic interface for deriving keys in WebRTC. This |
| 34 | // class should be used over directly accessing openssl or boringssl primitives |
| 35 | // so that we can maintain seperate implementations. |
| 36 | // Example: |
| 37 | // auto kd = KeyDerivation::Create(KeyDerivationAlgorithm::HDKF_SHA526); |
| 38 | // if (kd == nullptr) return; |
| 39 | // auto derived_key_or = kd->DeriveKey(secret, salt, label); |
| 40 | // if (!derived_key_or.ok()) return; |
| 41 | // DoSomethingWithKey(derived_key_or.value()); |
| 42 | class KeyDerivation { |
| 43 | public: |
| 44 | KeyDerivation(); |
| 45 | virtual ~KeyDerivation(); |
| 46 | |
| 47 | // Derives a new key from existing key material. |
| 48 | // secret - The random secret value you wish to derive a key from. |
| 49 | // salt - Optional but recommended (non secret) cryptographically random. |
| 50 | // label - A non secret but unique label value to determine the derivation. |
| 51 | // derived_key_byte_size - This must be at least 128 bits. |
| 52 | // return - An optional ZeroOnFreeBuffer containing the derived key or |
| 53 | // absl::nullopt. Nullopt indicates a failure in derivation. |
| 54 | virtual absl::optional<ZeroOnFreeBuffer<uint8_t>> DeriveKey( |
| 55 | rtc::ArrayView<const uint8_t> secret, |
| 56 | rtc::ArrayView<const uint8_t> salt, |
| 57 | rtc::ArrayView<const uint8_t> label, |
| 58 | size_t derived_key_byte_size) = 0; |
| 59 | |
| 60 | // Static factory that will return an implementation that is capable of |
| 61 | // handling the key derivation with the requested algorithm. If no |
| 62 | // implementation is available nullptr will be returned. |
| 63 | static std::unique_ptr<KeyDerivation> Create( |
| 64 | KeyDerivationAlgorithm key_derivation_algorithm); |
| 65 | |
| 66 | private: |
| 67 | RTC_DISALLOW_COPY_AND_ASSIGN(KeyDerivation); |
| 68 | }; |
| 69 | |
| 70 | } // namespace rtc |
| 71 | |
| 72 | #endif // RTC_BASE_KEY_DERIVATION_H_ |
