Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Side by Side Diff: sync/util/cryptographer.cc

Issue 10878015: [Sync] Move keystore key handling to SyncEncryptionHandlerImpl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Change observer registration ordering Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sync/util/cryptographer.h" 5 #include "sync/util/cryptographer.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "base/base64.h" 9 #include "base/base64.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "sync/protocol/nigori_specifics.pb.h" 11 #include "sync/protocol/nigori_specifics.pb.h"
12 #include "sync/util/encryptor.h" 12 #include "sync/util/encryptor.h"
13 13
14 namespace syncer { 14 namespace syncer {
15 15
16 const char kNigoriTag[] = "google_chrome_nigori"; 16 const char kNigoriTag[] = "google_chrome_nigori";
17 17
18 // We name a particular Nigori instance (ie. a triplet consisting of a hostname, 18 // We name a particular Nigori instance (ie. a triplet consisting of a hostname,
19 // a username, and a password) by calling Permute on this string. Since the 19 // a username, and a password) by calling Permute on this string. Since the
20 // output of Permute is always the same for a given triplet, clients will always 20 // output of Permute is always the same for a given triplet, clients will always
21 // assign the same name to a particular triplet. 21 // assign the same name to a particular triplet.
22 const char kNigoriKeyName[] = "nigori-key"; 22 const char kNigoriKeyName[] = "nigori-key";
23 23
24 Cryptographer::Cryptographer(Encryptor* encryptor) 24 Cryptographer::Cryptographer(Encryptor* encryptor)
25 : encryptor_(encryptor), 25 : encryptor_(encryptor),
26 default_nigori_(NULL), 26 default_nigori_(NULL) {
27 keystore_nigori_(NULL) {
28 DCHECK(encryptor); 27 DCHECK(encryptor);
29 } 28 }
30 29
31 Cryptographer::~Cryptographer() {} 30 Cryptographer::~Cryptographer() {}
32 31
33 32
34 void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) { 33 void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) {
35 if (is_initialized()) { 34 if (is_initialized()) {
36 NOTREACHED(); 35 NOTREACHED();
37 return; 36 return;
38 } 37 }
39 38
40 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); 39 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
41 if (nigori.get()) 40 if (nigori.get())
42 AddKeyImpl(nigori.release(), false); 41 AddKeyImpl(nigori.release());
akalin 2012/08/22 22:09:34 consider making AddKeyImpl take a scoped_ptr<>?
Nicolas Zea 2012/08/22 22:48:59 Done.
43 }
44
45 void Cryptographer::BootstrapKeystoreKey(
46 const std::string& restored_bootstrap_token) {
47 if (keystore_nigori_) {
48 NOTREACHED();
49 return;
50 }
51
52 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
53 if (nigori.get())
54 AddKeyImpl(nigori.release(), true);
55 } 42 }
56 43
57 bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const { 44 bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const {
58 return nigoris_.end() != nigoris_.find(data.key_name()); 45 return nigoris_.end() != nigoris_.find(data.key_name());
59 } 46 }
60 47
61 bool Cryptographer::CanDecryptUsingDefaultKey( 48 bool Cryptographer::CanDecryptUsingDefaultKey(
62 const sync_pb::EncryptedData& data) const { 49 const sync_pb::EncryptedData& data) const {
63 return default_nigori_ && (data.key_name() == default_nigori_->first); 50 return default_nigori_ && (data.key_name() == default_nigori_->first);
64 } 51 }
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
140 127
141 bool Cryptographer::AddKey(const KeyParams& params) { 128 bool Cryptographer::AddKey(const KeyParams& params) {
142 // Create the new Nigori and make it the default encryptor. 129 // Create the new Nigori and make it the default encryptor.
143 scoped_ptr<Nigori> nigori(new Nigori); 130 scoped_ptr<Nigori> nigori(new Nigori);
144 if (!nigori->InitByDerivation(params.hostname, 131 if (!nigori->InitByDerivation(params.hostname,
145 params.username, 132 params.username,
146 params.password)) { 133 params.password)) {
147 NOTREACHED(); // Invalid username or password. 134 NOTREACHED(); // Invalid username or password.
148 return false; 135 return false;
149 } 136 }
150 return AddKeyImpl(nigori.release(), false); 137 return AddKeyImpl(nigori.release());
151 } 138 }
152 139
153 bool Cryptographer::AddKeyFromBootstrapToken( 140 bool Cryptographer::AddKeyFromBootstrapToken(
154 const std::string restored_bootstrap_token) { 141 const std::string restored_bootstrap_token) {
155 // Create the new Nigori and make it the default encryptor. 142 // Create the new Nigori and make it the default encryptor.
156 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); 143 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
157 if (!nigori.get()) 144 if (!nigori.get())
158 return false; 145 return false;
159 return AddKeyImpl(nigori.release(), false); 146 return AddKeyImpl(nigori.release());
160 } 147 }
161 148
162 bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori, 149 bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori) {
163 bool is_keystore_key) {
164 scoped_ptr<Nigori> nigori(initialized_nigori); 150 scoped_ptr<Nigori> nigori(initialized_nigori);
165 std::string name; 151 std::string name;
166 if (!nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) { 152 if (!nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) {
167 NOTREACHED(); 153 NOTREACHED();
168 return false; 154 return false;
169 } 155 }
170 nigoris_[name] = make_linked_ptr(nigori.release()); 156 nigoris_[name] = make_linked_ptr(nigori.release());
171 if (is_keystore_key) 157 default_nigori_ = &*nigoris_.find(name);
172 keystore_nigori_ = &*nigoris_.find(name);
173 else
174 default_nigori_ = &*nigoris_.find(name);
175 return true; 158 return true;
176 } 159 }
177 160
178 void Cryptographer::InstallKeys(const sync_pb::EncryptedData& encrypted) { 161 void Cryptographer::InstallKeys(const sync_pb::EncryptedData& encrypted) {
179 DCHECK(CanDecrypt(encrypted)); 162 DCHECK(CanDecrypt(encrypted));
180 163
181 sync_pb::NigoriKeyBag bag; 164 sync_pb::NigoriKeyBag bag;
182 if (!Decrypt(encrypted, &bag)) 165 if (!Decrypt(encrypted, &bag))
183 return; 166 return;
184 InstallKeyBag(bag); 167 InstallKeyBag(bag);
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
227 } 210 }
228 211
229 bool Cryptographer::GetBootstrapToken(std::string* token) const { 212 bool Cryptographer::GetBootstrapToken(std::string* token) const {
230 DCHECK(token); 213 DCHECK(token);
231 if (!is_initialized()) 214 if (!is_initialized())
232 return false; 215 return false;
233 216
234 return PackBootstrapToken(default_nigori_->second.get(), token); 217 return PackBootstrapToken(default_nigori_->second.get(), token);
235 } 218 }
236 219
237 bool Cryptographer::GetKeystoreKeyBootstrapToken(
238 std::string* token) const {
239 DCHECK(token);
240 if (!HasKeystoreKey())
241 return false;
242
243 return PackBootstrapToken(keystore_nigori_->second.get(), token);
244 }
245
246 bool Cryptographer::PackBootstrapToken(const Nigori* nigori, 220 bool Cryptographer::PackBootstrapToken(const Nigori* nigori,
247 std::string* pack_into) const { 221 std::string* pack_into) const {
248 DCHECK(pack_into); 222 DCHECK(pack_into);
249 DCHECK(nigori); 223 DCHECK(nigori);
250 224
251 sync_pb::NigoriKey key; 225 sync_pb::NigoriKey key;
252 if (!nigori->ExportKeys(key.mutable_user_key(), 226 if (!nigori->ExportKeys(key.mutable_user_key(),
253 key.mutable_encryption_key(), 227 key.mutable_encryption_key(),
254 key.mutable_mac_key())) { 228 key.mutable_mac_key())) {
255 NOTREACHED(); 229 NOTREACHED();
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
300 scoped_ptr<Nigori> nigori(new Nigori); 274 scoped_ptr<Nigori> nigori(new Nigori);
301 if (!nigori->InitByImport(key.user_key(), key.encryption_key(), 275 if (!nigori->InitByImport(key.user_key(), key.encryption_key(),
302 key.mac_key())) { 276 key.mac_key())) {
303 NOTREACHED(); 277 NOTREACHED();
304 return NULL; 278 return NULL;
305 } 279 }
306 280
307 return nigori.release(); 281 return nigori.release();
308 } 282 }
309 283
310 bool Cryptographer::SetKeystoreKey(const std::string& keystore_key) {
311 if (keystore_key.empty())
312 return false;
313 KeyParams params = {"localhost", "dummy", keystore_key};
314
315 // Create the new Nigori and make it the default keystore encryptor.
316 scoped_ptr<Nigori> nigori(new Nigori);
317 if (!nigori->InitByDerivation(params.hostname,
318 params.username,
319 params.password)) {
320 NOTREACHED(); // Invalid username or password.
321 return false;
322 }
323
324 return AddKeyImpl(nigori.release(), true);
325 }
326
327 bool Cryptographer::HasKeystoreKey() const {
328 return keystore_nigori_ != NULL;
329 }
330
331 void Cryptographer::InstallKeyBag(const sync_pb::NigoriKeyBag& bag) { 284 void Cryptographer::InstallKeyBag(const sync_pb::NigoriKeyBag& bag) {
332 int key_size = bag.key_size(); 285 int key_size = bag.key_size();
333 for (int i = 0; i < key_size; ++i) { 286 for (int i = 0; i < key_size; ++i) {
334 const sync_pb::NigoriKey key = bag.key(i); 287 const sync_pb::NigoriKey key = bag.key(i);
335 // Only use this key if we don't already know about it. 288 // Only use this key if we don't already know about it.
336 if (nigoris_.end() == nigoris_.find(key.name())) { 289 if (nigoris_.end() == nigoris_.find(key.name())) {
337 scoped_ptr<Nigori> new_nigori(new Nigori); 290 scoped_ptr<Nigori> new_nigori(new Nigori);
338 if (!new_nigori->InitByImport(key.user_key(), 291 if (!new_nigori->InitByImport(key.user_key(),
339 key.encryption_key(), 292 key.encryption_key(),
340 key.mac_key())) { 293 key.mac_key())) {
341 NOTREACHED(); 294 NOTREACHED();
342 continue; 295 continue;
343 } 296 }
344 nigoris_[key.name()] = make_linked_ptr(new_nigori.release()); 297 nigoris_[key.name()] = make_linked_ptr(new_nigori.release());
345 } 298 }
346 } 299 }
347 } 300 }
348 301
349 } // namespace syncer 302 } // namespace syncer
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698