Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sync/util/cryptographer.h" | 5 #include "sync/util/cryptographer.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "sync/protocol/nigori_specifics.pb.h" | 11 #include "sync/protocol/nigori_specifics.pb.h" |
| 12 #include "sync/util/encryptor.h" | 12 #include "sync/util/encryptor.h" |
| 13 | 13 |
| 14 namespace syncer { | 14 namespace syncer { |
| 15 | 15 |
| 16 const char kNigoriTag[] = "google_chrome_nigori"; | 16 const char kNigoriTag[] = "google_chrome_nigori"; |
| 17 | 17 |
| 18 // We name a particular Nigori instance (ie. a triplet consisting of a hostname, | 18 // We name a particular Nigori instance (ie. a triplet consisting of a hostname, |
| 19 // a username, and a password) by calling Permute on this string. Since the | 19 // a username, and a password) by calling Permute on this string. Since the |
| 20 // output of Permute is always the same for a given triplet, clients will always | 20 // output of Permute is always the same for a given triplet, clients will always |
| 21 // assign the same name to a particular triplet. | 21 // assign the same name to a particular triplet. |
| 22 const char kNigoriKeyName[] = "nigori-key"; | 22 const char kNigoriKeyName[] = "nigori-key"; |
| 23 | 23 |
| 24 Cryptographer::Cryptographer(Encryptor* encryptor) | 24 Cryptographer::Cryptographer(Encryptor* encryptor) |
| 25 : encryptor_(encryptor), | 25 : encryptor_(encryptor), |
| 26 default_nigori_(NULL), | 26 default_nigori_(NULL) { |
| 27 keystore_nigori_(NULL) { | |
| 28 DCHECK(encryptor); | 27 DCHECK(encryptor); |
| 29 } | 28 } |
| 30 | 29 |
| 31 Cryptographer::~Cryptographer() {} | 30 Cryptographer::~Cryptographer() {} |
| 32 | 31 |
| 33 | 32 |
| 34 void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) { | 33 void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) { |
| 35 if (is_initialized()) { | 34 if (is_initialized()) { |
| 36 NOTREACHED(); | 35 NOTREACHED(); |
| 37 return; | 36 return; |
| 38 } | 37 } |
| 39 | 38 |
| 40 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); | 39 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); |
| 41 if (nigori.get()) | 40 if (nigori.get()) |
| 42 AddKeyImpl(nigori.release(), false); | 41 AddKeyImpl(nigori.release()); |
|
akalin
2012/08/22 22:09:34
consider making AddKeyImpl take a scoped_ptr<>?
Nicolas Zea
2012/08/22 22:48:59
Done.
| |
| 43 } | |
| 44 | |
| 45 void Cryptographer::BootstrapKeystoreKey( | |
| 46 const std::string& restored_bootstrap_token) { | |
| 47 if (keystore_nigori_) { | |
| 48 NOTREACHED(); | |
| 49 return; | |
| 50 } | |
| 51 | |
| 52 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); | |
| 53 if (nigori.get()) | |
| 54 AddKeyImpl(nigori.release(), true); | |
| 55 } | 42 } |
| 56 | 43 |
| 57 bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const { | 44 bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const { |
| 58 return nigoris_.end() != nigoris_.find(data.key_name()); | 45 return nigoris_.end() != nigoris_.find(data.key_name()); |
| 59 } | 46 } |
| 60 | 47 |
| 61 bool Cryptographer::CanDecryptUsingDefaultKey( | 48 bool Cryptographer::CanDecryptUsingDefaultKey( |
| 62 const sync_pb::EncryptedData& data) const { | 49 const sync_pb::EncryptedData& data) const { |
| 63 return default_nigori_ && (data.key_name() == default_nigori_->first); | 50 return default_nigori_ && (data.key_name() == default_nigori_->first); |
| 64 } | 51 } |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 140 | 127 |
| 141 bool Cryptographer::AddKey(const KeyParams& params) { | 128 bool Cryptographer::AddKey(const KeyParams& params) { |
| 142 // Create the new Nigori and make it the default encryptor. | 129 // Create the new Nigori and make it the default encryptor. |
| 143 scoped_ptr<Nigori> nigori(new Nigori); | 130 scoped_ptr<Nigori> nigori(new Nigori); |
| 144 if (!nigori->InitByDerivation(params.hostname, | 131 if (!nigori->InitByDerivation(params.hostname, |
| 145 params.username, | 132 params.username, |
| 146 params.password)) { | 133 params.password)) { |
| 147 NOTREACHED(); // Invalid username or password. | 134 NOTREACHED(); // Invalid username or password. |
| 148 return false; | 135 return false; |
| 149 } | 136 } |
| 150 return AddKeyImpl(nigori.release(), false); | 137 return AddKeyImpl(nigori.release()); |
| 151 } | 138 } |
| 152 | 139 |
| 153 bool Cryptographer::AddKeyFromBootstrapToken( | 140 bool Cryptographer::AddKeyFromBootstrapToken( |
| 154 const std::string restored_bootstrap_token) { | 141 const std::string restored_bootstrap_token) { |
| 155 // Create the new Nigori and make it the default encryptor. | 142 // Create the new Nigori and make it the default encryptor. |
| 156 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); | 143 scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); |
| 157 if (!nigori.get()) | 144 if (!nigori.get()) |
| 158 return false; | 145 return false; |
| 159 return AddKeyImpl(nigori.release(), false); | 146 return AddKeyImpl(nigori.release()); |
| 160 } | 147 } |
| 161 | 148 |
| 162 bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori, | 149 bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori) { |
| 163 bool is_keystore_key) { | |
| 164 scoped_ptr<Nigori> nigori(initialized_nigori); | 150 scoped_ptr<Nigori> nigori(initialized_nigori); |
| 165 std::string name; | 151 std::string name; |
| 166 if (!nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) { | 152 if (!nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) { |
| 167 NOTREACHED(); | 153 NOTREACHED(); |
| 168 return false; | 154 return false; |
| 169 } | 155 } |
| 170 nigoris_[name] = make_linked_ptr(nigori.release()); | 156 nigoris_[name] = make_linked_ptr(nigori.release()); |
| 171 if (is_keystore_key) | 157 default_nigori_ = &*nigoris_.find(name); |
| 172 keystore_nigori_ = &*nigoris_.find(name); | |
| 173 else | |
| 174 default_nigori_ = &*nigoris_.find(name); | |
| 175 return true; | 158 return true; |
| 176 } | 159 } |
| 177 | 160 |
| 178 void Cryptographer::InstallKeys(const sync_pb::EncryptedData& encrypted) { | 161 void Cryptographer::InstallKeys(const sync_pb::EncryptedData& encrypted) { |
| 179 DCHECK(CanDecrypt(encrypted)); | 162 DCHECK(CanDecrypt(encrypted)); |
| 180 | 163 |
| 181 sync_pb::NigoriKeyBag bag; | 164 sync_pb::NigoriKeyBag bag; |
| 182 if (!Decrypt(encrypted, &bag)) | 165 if (!Decrypt(encrypted, &bag)) |
| 183 return; | 166 return; |
| 184 InstallKeyBag(bag); | 167 InstallKeyBag(bag); |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 227 } | 210 } |
| 228 | 211 |
| 229 bool Cryptographer::GetBootstrapToken(std::string* token) const { | 212 bool Cryptographer::GetBootstrapToken(std::string* token) const { |
| 230 DCHECK(token); | 213 DCHECK(token); |
| 231 if (!is_initialized()) | 214 if (!is_initialized()) |
| 232 return false; | 215 return false; |
| 233 | 216 |
| 234 return PackBootstrapToken(default_nigori_->second.get(), token); | 217 return PackBootstrapToken(default_nigori_->second.get(), token); |
| 235 } | 218 } |
| 236 | 219 |
| 237 bool Cryptographer::GetKeystoreKeyBootstrapToken( | |
| 238 std::string* token) const { | |
| 239 DCHECK(token); | |
| 240 if (!HasKeystoreKey()) | |
| 241 return false; | |
| 242 | |
| 243 return PackBootstrapToken(keystore_nigori_->second.get(), token); | |
| 244 } | |
| 245 | |
| 246 bool Cryptographer::PackBootstrapToken(const Nigori* nigori, | 220 bool Cryptographer::PackBootstrapToken(const Nigori* nigori, |
| 247 std::string* pack_into) const { | 221 std::string* pack_into) const { |
| 248 DCHECK(pack_into); | 222 DCHECK(pack_into); |
| 249 DCHECK(nigori); | 223 DCHECK(nigori); |
| 250 | 224 |
| 251 sync_pb::NigoriKey key; | 225 sync_pb::NigoriKey key; |
| 252 if (!nigori->ExportKeys(key.mutable_user_key(), | 226 if (!nigori->ExportKeys(key.mutable_user_key(), |
| 253 key.mutable_encryption_key(), | 227 key.mutable_encryption_key(), |
| 254 key.mutable_mac_key())) { | 228 key.mutable_mac_key())) { |
| 255 NOTREACHED(); | 229 NOTREACHED(); |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 300 scoped_ptr<Nigori> nigori(new Nigori); | 274 scoped_ptr<Nigori> nigori(new Nigori); |
| 301 if (!nigori->InitByImport(key.user_key(), key.encryption_key(), | 275 if (!nigori->InitByImport(key.user_key(), key.encryption_key(), |
| 302 key.mac_key())) { | 276 key.mac_key())) { |
| 303 NOTREACHED(); | 277 NOTREACHED(); |
| 304 return NULL; | 278 return NULL; |
| 305 } | 279 } |
| 306 | 280 |
| 307 return nigori.release(); | 281 return nigori.release(); |
| 308 } | 282 } |
| 309 | 283 |
| 310 bool Cryptographer::SetKeystoreKey(const std::string& keystore_key) { | |
| 311 if (keystore_key.empty()) | |
| 312 return false; | |
| 313 KeyParams params = {"localhost", "dummy", keystore_key}; | |
| 314 | |
| 315 // Create the new Nigori and make it the default keystore encryptor. | |
| 316 scoped_ptr<Nigori> nigori(new Nigori); | |
| 317 if (!nigori->InitByDerivation(params.hostname, | |
| 318 params.username, | |
| 319 params.password)) { | |
| 320 NOTREACHED(); // Invalid username or password. | |
| 321 return false; | |
| 322 } | |
| 323 | |
| 324 return AddKeyImpl(nigori.release(), true); | |
| 325 } | |
| 326 | |
| 327 bool Cryptographer::HasKeystoreKey() const { | |
| 328 return keystore_nigori_ != NULL; | |
| 329 } | |
| 330 | |
| 331 void Cryptographer::InstallKeyBag(const sync_pb::NigoriKeyBag& bag) { | 284 void Cryptographer::InstallKeyBag(const sync_pb::NigoriKeyBag& bag) { |
| 332 int key_size = bag.key_size(); | 285 int key_size = bag.key_size(); |
| 333 for (int i = 0; i < key_size; ++i) { | 286 for (int i = 0; i < key_size; ++i) { |
| 334 const sync_pb::NigoriKey key = bag.key(i); | 287 const sync_pb::NigoriKey key = bag.key(i); |
| 335 // Only use this key if we don't already know about it. | 288 // Only use this key if we don't already know about it. |
| 336 if (nigoris_.end() == nigoris_.find(key.name())) { | 289 if (nigoris_.end() == nigoris_.find(key.name())) { |
| 337 scoped_ptr<Nigori> new_nigori(new Nigori); | 290 scoped_ptr<Nigori> new_nigori(new Nigori); |
| 338 if (!new_nigori->InitByImport(key.user_key(), | 291 if (!new_nigori->InitByImport(key.user_key(), |
| 339 key.encryption_key(), | 292 key.encryption_key(), |
| 340 key.mac_key())) { | 293 key.mac_key())) { |
| 341 NOTREACHED(); | 294 NOTREACHED(); |
| 342 continue; | 295 continue; |
| 343 } | 296 } |
| 344 nigoris_[key.name()] = make_linked_ptr(new_nigori.release()); | 297 nigoris_[key.name()] = make_linked_ptr(new_nigori.release()); |
| 345 } | 298 } |
| 346 } | 299 } |
| 347 } | 300 } |
| 348 | 301 |
| 349 } // namespace syncer | 302 } // namespace syncer |
| OLD | NEW |