1 #pragma once 2 3 /// @file 4 /// @brief Header with SSSS related types. 5 6 #include <cstdint> 7 #include <map> 8 #include <optional> 9 #include <string> 10 11 #if __has_include(<nlohmann/json_fwd.hpp>) 12 #include <nlohmann/json_fwd.hpp> 13 #else 14 #include <nlohmann/json.hpp> 15 #endif 16 17 namespace mtx { 18 //! SSSS related types to store encrypted data on the server. 19 namespace secret_storage { 20 //! Names of secrets used in the spec. 21 namespace secrets { 22 //! Decryption key for online key backup. 23 constexpr const char megolm_backup_v1[] = "m.megolm_backup.v1"; 24 //! Key to sign own devices 25 constexpr const char cross_signing_self_signing[] = "m.cross_signing.self_signing"; 26 //! Key to sign other users 27 constexpr const char cross_signing_user_signing[] = "m.cross_signing.user_signing"; 28 //! Key to sign your own keys like user and self signing keys. 29 constexpr const char cross_signing_master[] = "m.cross_signing.master"; 30 } 31 32 //! A aes-hmac-sha2 encrypted secret. 33 struct AesHmacSha2EncryptedData 34 { 35 std::string iv; //!< Required. The 16-byte initialization vector, encoded as base64. 36 std::string ciphertext; //!< Required. The AES-CTR-encrypted data, encoded as base64. 37 std::string mac; //!< Required. The MAC, encoded as base64. 38 }; 39 40 void 41 to_json(nlohmann::json &obj, const AesHmacSha2EncryptedData &data); 42 43 void 44 from_json(const nlohmann::json &obj, AesHmacSha2EncryptedData &data); 45 46 //! A secret, encrypted with one or more algorithms. 47 struct Secret 48 { 49 /// @brief Required. Map from key ID the encrypted data. 50 /// 51 /// The exact format for the encrypted data is dependent on the key algorithm. See the 52 /// definition of AesHmacSha2EncryptedData in the m.secret_storage.v1.aes-hmac-sha2 section. 53 std::map<std::string, AesHmacSha2EncryptedData> encrypted; 54 }; 55 56 void 57 to_json(nlohmann::json &obj, const Secret &secret); 58 59 void 60 from_json(const nlohmann::json &obj, Secret &secret); 61 62 //! Information about the key derivation from a passphrase. 63 struct PBKDF2 64 { 65 //! Required. Must be m.pbkdf2 66 std::string algorithm; 67 //! Required. The salt used in PBKDF2. 68 std::string salt; 69 //! Required. The number of iterations to use in PBKDF2. 70 uint32_t iterations; 71 //! Optional. The number of bits to generate for the key. Defaults to 256. 72 uint32_t bits = 256; 73 }; 74 75 void 76 to_json(nlohmann::json &obj, const PBKDF2 &desc); 77 78 void 79 from_json(const nlohmann::json &obj, PBKDF2 &desc); 80 81 //! Description of the key for a secret. 82 struct AesHmacSha2KeyDescription 83 { 84 std::string name; //!< Required. The name of the key. 85 /// @brief Required. The encryption algorithm to be used for this key. 86 /// Currently, only m.secret_storage.v1.aes-hmac-sha2 is supported. 87 std::string algorithm; 88 //! See deriving keys from passphrases section for a description of this property. 89 std::optional<PBKDF2> passphrase; 90 std::string iv; //!< The 16-byte initialization vector, encoded as base64. 91 std::string mac; //!< The MAC of the result of encrypting 32 bytes of 0, encoded as base64. 92 93 //! userid -> key -> key (undocumented) 94 std::map<std::string, std::map<std::string, std::string>> signatures; 95 }; 96 97 void 98 to_json(nlohmann::json &obj, const AesHmacSha2KeyDescription &desc); 99 100 void 101 from_json(const nlohmann::json &obj, AesHmacSha2KeyDescription &desc); 102 } 103 } 104