secret_storage.hpp source code [mtxclient/include/mtx/secret_storage.hpp]

1	#pragma once
2
3	/// @file
4	/// @brief Header with SSSS related types.
5
6	#include <cstdint>
7	#include <map>
8	#include <optional>
9	#include <string>
10
11	#if __has_include(<nlohmann/json_fwd.hpp>)
12	#include <nlohmann/json_fwd.hpp>
13	#else
14	#include <nlohmann/json.hpp>
15	#endif
16
17	namespace mtx {
18	//! SSSS related types to store encrypted data on the server.
19	namespace secret_storage {
20	//! Names of secrets used in the spec.
21	namespace secrets {
22	//! Decryption key for online key backup.
23	inline constexpr char megolm_backup_v1[] = "m.megolm_backup.v1";
24	//! Key to sign own devices
25	inline constexpr char cross_signing_self_signing[] = "m.cross_signing.self_signing";
26	//! Key to sign other users
27	inline constexpr char cross_signing_user_signing[] = "m.cross_signing.user_signing";
28	//! Key to sign your own keys like user and self signing keys.
29	inline constexpr char cross_signing_master[] = "m.cross_signing.master";
30	}
31
32	//! A aes-hmac-sha2 encrypted secret.
33	struct AesHmacSha2EncryptedData
34	{
35	std::string iv; //!< Required. The 16-byte initialization vector, encoded as base64.
36	std::string ciphertext; //!< Required. The AES-CTR-encrypted data, encoded as base64.
37	std::string mac; //!< Required. The MAC, encoded as base64.
38
39	friend void to_json(nlohmann::json &obj, const AesHmacSha2EncryptedData &data);
40	friend void from_json(const nlohmann::json &obj, AesHmacSha2EncryptedData &data);
41	};
42
43	//! A secret, encrypted with one or more algorithms.
44	struct Secret
45	{
46	/// @brief Required. Map from key ID the encrypted data.
47	///
48	/// The exact format for the encrypted data is dependent on the key algorithm. See the
49	/// definition of AesHmacSha2EncryptedData in the m.secret_storage.v1.aes-hmac-sha2 section.
50	std::map<std::string, AesHmacSha2EncryptedData> encrypted;
51
52	friend void to_json(nlohmann::json &obj, const Secret &secret);
53	friend void from_json(const nlohmann::json &obj, Secret &secret);
54	};
55
56	//! Information about the key derivation from a passphrase.
57	struct PBKDF2
58	{
59	//! Required. Must be m.pbkdf2
60	std::string algorithm;
61	//! Required. The salt used in PBKDF2.
62	std::string salt;
63	//! Required. The number of iterations to use in PBKDF2.
64	uint32_t iterations;
65	//! Optional. The number of bits to generate for the key. Defaults to 256.
66	uint32_t bits = `256`;
67
68	friend void to_json(nlohmann::json &obj, const PBKDF2 &desc);
69	friend void from_json(const nlohmann::json &obj, PBKDF2 &desc);
70	};
71
72	//! Description of the key for a secret.
73	struct AesHmacSha2KeyDescription
74	{
75	std::string name; //!< Required. The name of the key.
76	/// @brief Required. The encryption algorithm to be used for this key.
77	/// Currently, only m.secret_storage.v1.aes-hmac-sha2 is supported.
78	std::string algorithm;
79	//! See deriving keys from passphrases section for a description of this property.
80	std::optional<PBKDF2> passphrase;
81	std::string iv; //!< The 16-byte initialization vector, encoded as base64.
82	std::string mac; //!< The MAC of the result of encrypting 32 bytes of 0, encoded as base64.
83
84	//! userid -> key -> key (undocumented)
85	std::map<std::string, std::map<std::string, std::string>> signatures;
86
87	friend void to_json(nlohmann::json &obj, const AesHmacSha2KeyDescription &desc);
88	friend void from_json(const nlohmann::json &obj, AesHmacSha2KeyDescription &desc);
89	};
90	}
91	}
92

Browse the source code of mtxclient/include/mtx/secret_storage.hpp