1 #pragma once
2 
3 /// @file
4 /// @brief Header with SSSS related types.
5 
6 #include <cstdint>
7 #include <map>
8 #include <optional>
9 #include <string>
10 
11 #if __has_include(<nlohmann/json_fwd.hpp>)
12 #include <nlohmann/json_fwd.hpp>
13 #else
14 #include <nlohmann/json.hpp>
15 #endif
16 
17 namespace mtx {
18 //! SSSS related types to store encrypted data on the server.
19 namespace secret_storage {
20 //! Names of secrets used in the spec.
21 namespace secrets {
22 //! Decryption key for online key backup.
23 constexpr const char megolm_backup_v1[] = "m.megolm_backup.v1";
24 //! Key to sign own devices
25 constexpr const char cross_signing_self_signing[] = "m.cross_signing.self_signing";
26 //! Key to sign other users
27 constexpr const char cross_signing_user_signing[] = "m.cross_signing.user_signing";
28 //! Key to sign your own keys like user and self signing keys.
29 constexpr const char cross_signing_master[] = "m.cross_signing.master";
30 }
31 
32 //! A aes-hmac-sha2 encrypted secret.
33 struct AesHmacSha2EncryptedData
34 {
35     std::string iv;         //!< Required. The 16-byte initialization vector, encoded as base64.
36     std::string ciphertext; //!< Required. The AES-CTR-encrypted data, encoded as base64.
37     std::string mac;        //!< Required. The MAC, encoded as base64.
38 };
39 
40 void
41 to_json(nlohmann::json &obj, const AesHmacSha2EncryptedData &data);
42 
43 void
44 from_json(const nlohmann::json &obj, AesHmacSha2EncryptedData &data);
45 
46 //! A secret, encrypted with one or more algorithms.
47 struct Secret
48 {
49     /// @brief Required. Map from key ID the encrypted data.
50     ///
51     /// The exact format for the encrypted data is dependent on the key algorithm. See the
52     /// definition of AesHmacSha2EncryptedData in the m.secret_storage.v1.aes-hmac-sha2 section.
53     std::map<std::string, AesHmacSha2EncryptedData> encrypted;
54 };
55 
56 void
57 to_json(nlohmann::json &obj, const Secret &secret);
58 
59 void
60 from_json(const nlohmann::json &obj, Secret &secret);
61 
62 //! Information about the key derivation from a passphrase.
63 struct PBKDF2
64 {
65     //! Required. Must be m.pbkdf2
66     std::string algorithm;
67     //! Required. The salt used in PBKDF2.
68     std::string salt;
69     //! Required. The number of iterations to use in PBKDF2.
70     uint32_t iterations;
71     //! Optional. The number of bits to generate for the key. Defaults to 256.
72     uint32_t bits = 256;
73 };
74 
75 void
76 to_json(nlohmann::json &obj, const PBKDF2 &desc);
77 
78 void
79 from_json(const nlohmann::json &obj, PBKDF2 &desc);
80 
81 //! Description of the key for a secret.
82 struct AesHmacSha2KeyDescription
83 {
84     std::string name; //!< Required. The name of the key.
85     /// @brief Required. The encryption algorithm to be used for this key.
86     /// Currently, only m.secret_storage.v1.aes-hmac-sha2 is supported.
87     std::string algorithm;
88     //! See deriving keys from passphrases section for a description of this property.
89     std::optional<PBKDF2> passphrase;
90     std::string iv;  //!< The 16-byte initialization vector, encoded as base64.
91     std::string mac; //!< The MAC of the result of encrypting 32 bytes of 0, encoded as base64.
92 
93     //! userid -> key -> key (undocumented)
94     std::map<std::string, std::map<std::string, std::string>> signatures;
95 };
96 
97 void
98 to_json(nlohmann::json &obj, const AesHmacSha2KeyDescription &desc);
99 
100 void
101 from_json(const nlohmann::json &obj, AesHmacSha2KeyDescription &desc);
102 }
103 }
104