Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SYNC_UTIL_CRYPTOGRAPHER_H_ | 5 #ifndef SYNC_UTIL_CRYPTOGRAPHER_H_ |
| 6 #define SYNC_UTIL_CRYPTOGRAPHER_H_ | 6 #define SYNC_UTIL_CRYPTOGRAPHER_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 56 // Cryptographer instance into the ready state (is_ready will be true). | 56 // Cryptographer instance into the ready state (is_ready will be true). |
| 57 // It must be a string that was previously built by the | 57 // It must be a string that was previously built by the |
| 58 // GetSerializedBootstrapToken function. It is possible that the token is no | 58 // GetSerializedBootstrapToken function. It is possible that the token is no |
| 59 // longer valid (due to server key change), in which case the normal | 59 // longer valid (due to server key change), in which case the normal |
| 60 // decryption code paths will fail and the user will need to provide a new | 60 // decryption code paths will fail and the user will need to provide a new |
| 61 // passphrase. | 61 // passphrase. |
| 62 // It is an error to call this if is_ready() == true, though it is fair to | 62 // It is an error to call this if is_ready() == true, though it is fair to |
| 63 // never call Bootstrap at all. | 63 // never call Bootstrap at all. |
| 64 void Bootstrap(const std::string& restored_bootstrap_token); | 64 void Bootstrap(const std::string& restored_bootstrap_token); |
| 65 | 65 |
| 66 // Bootstrap the keystore key. | |
| 67 void BootstrapKeystoreKey( | |
| 68 const std::string& restored_keystore_bootstrap_token); | |
| 69 | |
| 70 // Returns whether we can decrypt |encrypted| using the keys we currently know | 66 // Returns whether we can decrypt |encrypted| using the keys we currently know |
| 71 // about. | 67 // about. |
| 72 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; | 68 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; |
| 73 | 69 |
| 74 // Returns whether |encrypted| can be decrypted using the default encryption | 70 // Returns whether |encrypted| can be decrypted using the default encryption |
| 75 // key. | 71 // key. |
| 76 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; | 72 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; |
| 77 | 73 |
| 78 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if | 74 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if |
| 79 // |message| already matches the decrypted data within |encrypted| and | 75 // |message| already matches the decrypted data within |encrypted| and |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 131 // is updated. | 127 // is updated. |
| 132 bool DecryptPendingKeys(const KeyParams& params); | 128 bool DecryptPendingKeys(const KeyParams& params); |
| 133 | 129 |
| 134 // Sets the default key to the nigori with name |key_name|. |key_name| must | 130 // Sets the default key to the nigori with name |key_name|. |key_name| must |
| 135 // correspond to a nigori that has already been installed into the keybag. | 131 // correspond to a nigori that has already been installed into the keybag. |
| 136 void SetDefaultKey(const std::string& key_name); | 132 void SetDefaultKey(const std::string& key_name); |
| 137 | 133 |
| 138 bool is_initialized() const { return !nigoris_.empty() && default_nigori_; } | 134 bool is_initialized() const { return !nigoris_.empty() && default_nigori_; } |
| 139 | 135 |
| 140 // Returns whether this Cryptographer is ready to encrypt and decrypt data. | 136 // Returns whether this Cryptographer is ready to encrypt and decrypt data. |
| 141 bool is_ready() const { return is_initialized() && | 137 bool is_ready() const { |
| 142 has_pending_keys() == false; } | 138 return is_initialized() && |
| 139 has_pending_keys() == false; | |
| 140 } | |
| 143 | 141 |
| 144 // Returns whether there is a pending set of keys that needs to be decrypted. | 142 // Returns whether there is a pending set of keys that needs to be decrypted. |
| 145 bool has_pending_keys() const { return NULL != pending_keys_.get(); } | 143 bool has_pending_keys() const { return NULL != pending_keys_.get(); } |
| 146 | 144 |
| 147 // Obtain a token that can be provided on construction to a future | 145 // Obtain a token that can be provided on construction to a future |
| 148 // Cryptographer instance to bootstrap itself. Returns false if such a token | 146 // Cryptographer instance to bootstrap itself. Returns false if such a token |
| 149 // can't be created (i.e. if this Cryptograhper doesn't have valid keys). | 147 // can't be created (i.e. if this Cryptograhper doesn't have valid keys). |
| 150 bool GetBootstrapToken(std::string* token) const; | 148 bool GetBootstrapToken(std::string* token) const; |
| 151 | 149 |
| 152 // Obtain the bootstrap token based on the keystore encryption key. | |
| 153 bool GetKeystoreKeyBootstrapToken(std::string* token) const; | |
| 154 | |
| 155 // Set the keystore-derived nigori from the provided key. | |
| 156 // Returns true if we succesfully create the keystore derived nigori from the | |
| 157 // provided key, false otherwise. | |
| 158 bool SetKeystoreKey(const std::string& keystore_key); | |
| 159 | |
| 160 // Returns true if we currently have a keystore-derived nigori, false | |
| 161 // otherwise. | |
| 162 bool HasKeystoreKey() const; | |
| 163 | |
| 164 Encryptor* encryptor() const { return encryptor_; } | 150 Encryptor* encryptor() const { return encryptor_; } |
| 165 | 151 |
| 166 private: | 152 private: |
| 167 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack); | 153 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack); |
| 168 | 154 |
| 169 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; | 155 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; |
| 170 | 156 |
| 171 // Helper method to instantiate Nigori instances for each set of key | 157 // Helper method to instantiate Nigori instances for each set of key |
| 172 // parameters in |bag|. | 158 // parameters in |bag|. |
| 173 // Does not update the default nigori. | 159 // Does not update the default nigori. |
| 174 void InstallKeyBag(const sync_pb::NigoriKeyBag& bag); | 160 void InstallKeyBag(const sync_pb::NigoriKeyBag& bag); |
| 175 | 161 |
| 176 // Helper method to add a nigori as either the new default nigori or the new | 162 // Helper method to add a nigori as the default key. |
| 177 // keystore nigori. | 163 bool AddKeyImpl(Nigori* nigori); |
| 178 bool AddKeyImpl(Nigori* nigori, bool is_keystore_key); | |
| 179 | 164 |
| 180 // Functions to serialize + encrypt a Nigori object in an opaque format for | 165 // Functions to serialize + encrypt a Nigori object in an opaque format for |
| 181 // persistence by sync infrastructure. | 166 // persistence by sync infrastructure. |
| 182 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; | 167 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; |
| 183 Nigori* UnpackBootstrapToken(const std::string& token) const; | 168 Nigori* UnpackBootstrapToken(const std::string& token) const; |
| 184 | 169 |
| 185 Encryptor* const encryptor_; | 170 Encryptor* const encryptor_; |
| 186 | 171 |
| 187 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. | 172 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. |
| 188 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. | 173 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. |
|
akalin
2012/08/22 22:09:34
it seems unsafe to me to have this as a pointer in
Nicolas Zea
2012/08/22 22:48:59
Hmm. I don't think an iterator would have any bene
| |
| 189 NigoriMap::value_type* keystore_nigori_; // Nigori generated from keystore. | |
| 190 | 174 |
| 191 scoped_ptr<sync_pb::EncryptedData> pending_keys_; | 175 scoped_ptr<sync_pb::EncryptedData> pending_keys_; |
| 192 | 176 |
| 193 DISALLOW_COPY_AND_ASSIGN(Cryptographer); | 177 DISALLOW_COPY_AND_ASSIGN(Cryptographer); |
| 194 }; | 178 }; |
| 195 | 179 |
| 196 } // namespace syncer | 180 } // namespace syncer |
| 197 | 181 |
| 198 #endif // SYNC_UTIL_CRYPTOGRAPHER_H_ | 182 #endif // SYNC_UTIL_CRYPTOGRAPHER_H_ |
| OLD | NEW |