Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(297)

Side by Side Diff: sync/util/cryptographer.h

Issue 10878015: [Sync] Move keystore key handling to SyncEncryptionHandlerImpl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SYNC_UTIL_CRYPTOGRAPHER_H_ 5 #ifndef SYNC_UTIL_CRYPTOGRAPHER_H_
6 #define SYNC_UTIL_CRYPTOGRAPHER_H_ 6 #define SYNC_UTIL_CRYPTOGRAPHER_H_
7 7
8 #include <map> 8 #include <map>
9 #include <string> 9 #include <string>
10 10
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
56 // Cryptographer instance into the ready state (is_ready will be true). 56 // Cryptographer instance into the ready state (is_ready will be true).
57 // It must be a string that was previously built by the 57 // It must be a string that was previously built by the
58 // GetSerializedBootstrapToken function. It is possible that the token is no 58 // GetSerializedBootstrapToken function. It is possible that the token is no
59 // longer valid (due to server key change), in which case the normal 59 // longer valid (due to server key change), in which case the normal
60 // decryption code paths will fail and the user will need to provide a new 60 // decryption code paths will fail and the user will need to provide a new
61 // passphrase. 61 // passphrase.
62 // It is an error to call this if is_ready() == true, though it is fair to 62 // It is an error to call this if is_ready() == true, though it is fair to
63 // never call Bootstrap at all. 63 // never call Bootstrap at all.
64 void Bootstrap(const std::string& restored_bootstrap_token); 64 void Bootstrap(const std::string& restored_bootstrap_token);
65 65
66 // Bootstrap the keystore key.
67 void BootstrapKeystoreKey(
68 const std::string& restored_keystore_bootstrap_token);
69
70 // Returns whether we can decrypt |encrypted| using the keys we currently know 66 // Returns whether we can decrypt |encrypted| using the keys we currently know
71 // about. 67 // about.
72 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; 68 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const;
73 69
74 // Returns whether |encrypted| can be decrypted using the default encryption 70 // Returns whether |encrypted| can be decrypted using the default encryption
75 // key. 71 // key.
76 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; 72 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const;
77 73
78 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if 74 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if
79 // |message| already matches the decrypted data within |encrypted| and 75 // |message| already matches the decrypted data within |encrypted| and
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
131 // is updated. 127 // is updated.
132 bool DecryptPendingKeys(const KeyParams& params); 128 bool DecryptPendingKeys(const KeyParams& params);
133 129
134 // Sets the default key to the nigori with name |key_name|. |key_name| must 130 // Sets the default key to the nigori with name |key_name|. |key_name| must
135 // correspond to a nigori that has already been installed into the keybag. 131 // correspond to a nigori that has already been installed into the keybag.
136 void SetDefaultKey(const std::string& key_name); 132 void SetDefaultKey(const std::string& key_name);
137 133
138 bool is_initialized() const { return !nigoris_.empty() && default_nigori_; } 134 bool is_initialized() const { return !nigoris_.empty() && default_nigori_; }
139 135
140 // Returns whether this Cryptographer is ready to encrypt and decrypt data. 136 // Returns whether this Cryptographer is ready to encrypt and decrypt data.
141 bool is_ready() const { return is_initialized() && 137 bool is_ready() const {
142 has_pending_keys() == false; } 138 return is_initialized() &&
akalin 2012/08/22 22:09:33 one line?
Nicolas Zea 2012/08/22 22:48:59 Done.
139 has_pending_keys() == false;
140 }
143 141
144 // Returns whether there is a pending set of keys that needs to be decrypted. 142 // Returns whether there is a pending set of keys that needs to be decrypted.
145 bool has_pending_keys() const { return NULL != pending_keys_.get(); } 143 bool has_pending_keys() const { return NULL != pending_keys_.get(); }
146 144
147 // Obtain a token that can be provided on construction to a future 145 // Obtain a token that can be provided on construction to a future
148 // Cryptographer instance to bootstrap itself. Returns false if such a token 146 // Cryptographer instance to bootstrap itself. Returns false if such a token
149 // can't be created (i.e. if this Cryptograhper doesn't have valid keys). 147 // can't be created (i.e. if this Cryptograhper doesn't have valid keys).
150 bool GetBootstrapToken(std::string* token) const; 148 bool GetBootstrapToken(std::string* token) const;
151 149
152 // Obtain the bootstrap token based on the keystore encryption key.
153 bool GetKeystoreKeyBootstrapToken(std::string* token) const;
154
155 // Set the keystore-derived nigori from the provided key.
156 // Returns true if we succesfully create the keystore derived nigori from the
157 // provided key, false otherwise.
158 bool SetKeystoreKey(const std::string& keystore_key);
159
160 // Returns true if we currently have a keystore-derived nigori, false
161 // otherwise.
162 bool HasKeystoreKey() const;
163
164 Encryptor* encryptor() const { return encryptor_; } 150 Encryptor* encryptor() const { return encryptor_; }
165 151
166 private: 152 private:
167 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack); 153 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack);
168 154
169 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; 155 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap;
170 156
171 // Helper method to instantiate Nigori instances for each set of key 157 // Helper method to instantiate Nigori instances for each set of key
172 // parameters in |bag|. 158 // parameters in |bag|.
173 // Does not update the default nigori. 159 // Does not update the default nigori.
174 void InstallKeyBag(const sync_pb::NigoriKeyBag& bag); 160 void InstallKeyBag(const sync_pb::NigoriKeyBag& bag);
175 161
176 // Helper method to add a nigori as either the new default nigori or the new 162 // Helper method to add a nigori as the default key.
177 // keystore nigori. 163 bool AddKeyImpl(Nigori* nigori);
178 bool AddKeyImpl(Nigori* nigori, bool is_keystore_key);
179 164
180 // Functions to serialize + encrypt a Nigori object in an opaque format for 165 // Functions to serialize + encrypt a Nigori object in an opaque format for
181 // persistence by sync infrastructure. 166 // persistence by sync infrastructure.
182 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; 167 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const;
183 Nigori* UnpackBootstrapToken(const std::string& token) const; 168 Nigori* UnpackBootstrapToken(const std::string& token) const;
184 169
185 Encryptor* const encryptor_; 170 Encryptor* const encryptor_;
186 171
187 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. 172 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name.
188 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. 173 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption.
189 NigoriMap::value_type* keystore_nigori_; // Nigori generated from keystore.
190 174
191 scoped_ptr<sync_pb::EncryptedData> pending_keys_; 175 scoped_ptr<sync_pb::EncryptedData> pending_keys_;
192 176
193 DISALLOW_COPY_AND_ASSIGN(Cryptographer); 177 DISALLOW_COPY_AND_ASSIGN(Cryptographer);
194 }; 178 };
195 179
196 } // namespace syncer 180 } // namespace syncer
197 181
198 #endif // SYNC_UTIL_CRYPTOGRAPHER_H_ 182 #endif // SYNC_UTIL_CRYPTOGRAPHER_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698