Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SYNC_UTIL_CRYPTOGRAPHER_H_ | 5 #ifndef SYNC_UTIL_CRYPTOGRAPHER_H_ |
| 6 #define SYNC_UTIL_CRYPTOGRAPHER_H_ | 6 #define SYNC_UTIL_CRYPTOGRAPHER_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 56 // Cryptographer instance into the ready state (is_ready will be true). | 56 // Cryptographer instance into the ready state (is_ready will be true). |
| 57 // It must be a string that was previously built by the | 57 // It must be a string that was previously built by the |
| 58 // GetSerializedBootstrapToken function. It is possible that the token is no | 58 // GetSerializedBootstrapToken function. It is possible that the token is no |
| 59 // longer valid (due to server key change), in which case the normal | 59 // longer valid (due to server key change), in which case the normal |
| 60 // decryption code paths will fail and the user will need to provide a new | 60 // decryption code paths will fail and the user will need to provide a new |
| 61 // passphrase. | 61 // passphrase. |
| 62 // It is an error to call this if is_ready() == true, though it is fair to | 62 // It is an error to call this if is_ready() == true, though it is fair to |
| 63 // never call Bootstrap at all. | 63 // never call Bootstrap at all. |
| 64 void Bootstrap(const std::string& restored_bootstrap_token); | 64 void Bootstrap(const std::string& restored_bootstrap_token); |
| 65 | 65 |
| 66 // Bootstrap the keystore key. | |
| 67 void BootstrapKeystoreKey( | |
| 68 const std::string& restored_keystore_bootstrap_token); | |
| 69 | |
| 70 // Returns whether we can decrypt |encrypted| using the keys we currently know | 66 // Returns whether we can decrypt |encrypted| using the keys we currently know |
| 71 // about. | 67 // about. |
| 72 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; | 68 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; |
| 73 | 69 |
| 74 // Returns whether |encrypted| can be decrypted using the default encryption | 70 // Returns whether |encrypted| can be decrypted using the default encryption |
| 75 // key. | 71 // key. |
| 76 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; | 72 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; |
| 77 | 73 |
| 78 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if | 74 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if |
| 79 // |message| already matches the decrypted data within |encrypted| and | 75 // |message| already matches the decrypted data within |encrypted| and |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 128 // Attempts to decrypt the set of keys that was copied in the previous call to | 124 // Attempts to decrypt the set of keys that was copied in the previous call to |
| 129 // SetPendingKeys using |params|. Returns true if the pending keys were | 125 // SetPendingKeys using |params|. Returns true if the pending keys were |
| 130 // successfully decrypted and installed. If successful, the default key | 126 // successfully decrypted and installed. If successful, the default key |
| 131 // is updated. | 127 // is updated. |
| 132 bool DecryptPendingKeys(const KeyParams& params); | 128 bool DecryptPendingKeys(const KeyParams& params); |
| 133 | 129 |
| 134 // Sets the default key to the nigori with name |key_name|. |key_name| must | 130 // Sets the default key to the nigori with name |key_name|. |key_name| must |
| 135 // correspond to a nigori that has already been installed into the keybag. | 131 // correspond to a nigori that has already been installed into the keybag. |
| 136 void SetDefaultKey(const std::string& key_name); | 132 void SetDefaultKey(const std::string& key_name); |
| 137 | 133 |
| 138 bool is_initialized() const { return !nigoris_.empty() && default_nigori_; } | 134 bool is_initialized() const { |
| 135 return !nigoris_.empty() && default_nigori_.get(); | |
| 136 } | |
| 139 | 137 |
| 140 // Returns whether this Cryptographer is ready to encrypt and decrypt data. | 138 // Returns whether this Cryptographer is ready to encrypt and decrypt data. |
| 141 bool is_ready() const { return is_initialized() && | 139 bool is_ready() const { |
| 142 has_pending_keys() == false; } | 140 return is_initialized() && has_pending_keys() == false; |
|
akalin
2012/08/27 22:06:55
has_pending_keys() == false -> !has_pending_keys()
Nicolas Zea
2012/08/28 01:18:50
Done.
| |
| 141 } | |
| 143 | 142 |
| 144 // Returns whether there is a pending set of keys that needs to be decrypted. | 143 // Returns whether there is a pending set of keys that needs to be decrypted. |
| 145 bool has_pending_keys() const { return NULL != pending_keys_.get(); } | 144 bool has_pending_keys() const { return NULL != pending_keys_.get(); } |
| 146 | 145 |
| 147 // Obtain a token that can be provided on construction to a future | 146 // Obtain a token that can be provided on construction to a future |
| 148 // Cryptographer instance to bootstrap itself. Returns false if such a token | 147 // Cryptographer instance to bootstrap itself. Returns false if such a token |
| 149 // can't be created (i.e. if this Cryptograhper doesn't have valid keys). | 148 // can't be created (i.e. if this Cryptograhper doesn't have valid keys). |
| 150 bool GetBootstrapToken(std::string* token) const; | 149 bool GetBootstrapToken(std::string* token) const; |
| 151 | 150 |
| 152 // Obtain the bootstrap token based on the keystore encryption key. | |
| 153 bool GetKeystoreKeyBootstrapToken(std::string* token) const; | |
| 154 | |
| 155 // Set the keystore-derived nigori from the provided key. | |
| 156 // Returns true if we succesfully create the keystore derived nigori from the | |
| 157 // provided key, false otherwise. | |
| 158 bool SetKeystoreKey(const std::string& keystore_key); | |
| 159 | |
| 160 // Returns true if we currently have a keystore-derived nigori, false | |
| 161 // otherwise. | |
| 162 bool HasKeystoreKey() const; | |
| 163 | |
| 164 Encryptor* encryptor() const { return encryptor_; } | 151 Encryptor* encryptor() const { return encryptor_; } |
| 165 | 152 |
| 166 private: | 153 private: |
| 167 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack); | 154 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack); |
| 168 | 155 |
| 169 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; | 156 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; |
| 170 | 157 |
| 171 // Helper method to instantiate Nigori instances for each set of key | 158 // Helper method to instantiate Nigori instances for each set of key |
| 172 // parameters in |bag|. | 159 // parameters in |bag|. |
| 173 // Does not update the default nigori. | 160 // Does not update the default nigori. |
| 174 void InstallKeyBag(const sync_pb::NigoriKeyBag& bag); | 161 void InstallKeyBag(const sync_pb::NigoriKeyBag& bag); |
| 175 | 162 |
| 176 // Helper method to add a nigori as either the new default nigori or the new | 163 // Helper method to add a nigori as the default key. |
| 177 // keystore nigori. | 164 bool AddKeyImpl(scoped_ptr<Nigori> nigori); |
| 178 bool AddKeyImpl(Nigori* nigori, bool is_keystore_key); | |
| 179 | 165 |
| 180 // Functions to serialize + encrypt a Nigori object in an opaque format for | 166 // Functions to serialize + encrypt a Nigori object in an opaque format for |
| 181 // persistence by sync infrastructure. | 167 // persistence by sync infrastructure. |
| 182 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; | 168 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; |
| 183 Nigori* UnpackBootstrapToken(const std::string& token) const; | 169 Nigori* UnpackBootstrapToken(const std::string& token) const; |
| 184 | 170 |
| 185 Encryptor* const encryptor_; | 171 Encryptor* const encryptor_; |
| 186 | 172 |
| 187 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. | 173 // The Nigoris we know about, mapped by key name. |
| 188 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. | 174 NigoriMap nigoris_; |
| 189 NigoriMap::value_type* keystore_nigori_; // Nigori generated from keystore. | 175 // The Nigori used for encryption. |
| 176 NigoriMap::value_type::second_type default_nigori_; | |
|
akalin
2012/08/27 22:06:55
i think it's clearer to just specify linked_ptr<co
Nicolas Zea
2012/08/28 01:18:50
Done.
| |
| 177 // The key name associated with |default_nigori_|. | |
|
akalin
2012/08/27 22:06:55
Maybe I'm just OCD, but I prefer default_nigori_na
Nicolas Zea
2012/08/28 01:18:50
Done.
| |
| 178 std::string default_nigori_name_; | |
|
akalin
2012/08/27 22:06:55
Add a comment saying that the pair (default_nigori
Nicolas Zea
2012/08/28 01:18:50
Actually, I realize the worst case is we encrypt w
| |
| 190 | 179 |
| 191 scoped_ptr<sync_pb::EncryptedData> pending_keys_; | 180 scoped_ptr<sync_pb::EncryptedData> pending_keys_; |
| 192 | 181 |
| 193 DISALLOW_COPY_AND_ASSIGN(Cryptographer); | 182 DISALLOW_COPY_AND_ASSIGN(Cryptographer); |
| 194 }; | 183 }; |
| 195 | 184 |
| 196 } // namespace syncer | 185 } // namespace syncer |
| 197 | 186 |
| 198 #endif // SYNC_UTIL_CRYPTOGRAPHER_H_ | 187 #endif // SYNC_UTIL_CRYPTOGRAPHER_H_ |
| OLD | NEW |