Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(606)

Side by Side Diff: sync/util/cryptographer.h

Issue 10878015: [Sync] Move keystore key handling to SyncEncryptionHandlerImpl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address comments Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SYNC_UTIL_CRYPTOGRAPHER_H_ 5 #ifndef SYNC_UTIL_CRYPTOGRAPHER_H_
6 #define SYNC_UTIL_CRYPTOGRAPHER_H_ 6 #define SYNC_UTIL_CRYPTOGRAPHER_H_
7 7
8 #include <map> 8 #include <map>
9 #include <string> 9 #include <string>
10 10
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
56 // Cryptographer instance into the ready state (is_ready will be true). 56 // Cryptographer instance into the ready state (is_ready will be true).
57 // It must be a string that was previously built by the 57 // It must be a string that was previously built by the
58 // GetSerializedBootstrapToken function. It is possible that the token is no 58 // GetSerializedBootstrapToken function. It is possible that the token is no
59 // longer valid (due to server key change), in which case the normal 59 // longer valid (due to server key change), in which case the normal
60 // decryption code paths will fail and the user will need to provide a new 60 // decryption code paths will fail and the user will need to provide a new
61 // passphrase. 61 // passphrase.
62 // It is an error to call this if is_ready() == true, though it is fair to 62 // It is an error to call this if is_ready() == true, though it is fair to
63 // never call Bootstrap at all. 63 // never call Bootstrap at all.
64 void Bootstrap(const std::string& restored_bootstrap_token); 64 void Bootstrap(const std::string& restored_bootstrap_token);
65 65
66 // Bootstrap the keystore key.
67 void BootstrapKeystoreKey(
68 const std::string& restored_keystore_bootstrap_token);
69
70 // Returns whether we can decrypt |encrypted| using the keys we currently know 66 // Returns whether we can decrypt |encrypted| using the keys we currently know
71 // about. 67 // about.
72 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; 68 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const;
73 69
74 // Returns whether |encrypted| can be decrypted using the default encryption 70 // Returns whether |encrypted| can be decrypted using the default encryption
75 // key. 71 // key.
76 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; 72 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const;
77 73
78 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if 74 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if
79 // |message| already matches the decrypted data within |encrypted| and 75 // |message| already matches the decrypted data within |encrypted| and
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
128 // Attempts to decrypt the set of keys that was copied in the previous call to 124 // Attempts to decrypt the set of keys that was copied in the previous call to
129 // SetPendingKeys using |params|. Returns true if the pending keys were 125 // SetPendingKeys using |params|. Returns true if the pending keys were
130 // successfully decrypted and installed. If successful, the default key 126 // successfully decrypted and installed. If successful, the default key
131 // is updated. 127 // is updated.
132 bool DecryptPendingKeys(const KeyParams& params); 128 bool DecryptPendingKeys(const KeyParams& params);
133 129
134 // Sets the default key to the nigori with name |key_name|. |key_name| must 130 // Sets the default key to the nigori with name |key_name|. |key_name| must
135 // correspond to a nigori that has already been installed into the keybag. 131 // correspond to a nigori that has already been installed into the keybag.
136 void SetDefaultKey(const std::string& key_name); 132 void SetDefaultKey(const std::string& key_name);
137 133
138 bool is_initialized() const { return !nigoris_.empty() && default_nigori_; } 134 bool is_initialized() const {
135 return !nigoris_.empty() && default_nigori_.get();
136 }
139 137
140 // Returns whether this Cryptographer is ready to encrypt and decrypt data. 138 // Returns whether this Cryptographer is ready to encrypt and decrypt data.
141 bool is_ready() const { return is_initialized() && 139 bool is_ready() const {
142 has_pending_keys() == false; } 140 return is_initialized() && !has_pending_keys();
141 }
143 142
144 // Returns whether there is a pending set of keys that needs to be decrypted. 143 // Returns whether there is a pending set of keys that needs to be decrypted.
145 bool has_pending_keys() const { return NULL != pending_keys_.get(); } 144 bool has_pending_keys() const { return NULL != pending_keys_.get(); }
146 145
147 // Obtain a token that can be provided on construction to a future 146 // Obtain a token that can be provided on construction to a future
148 // Cryptographer instance to bootstrap itself. Returns false if such a token 147 // Cryptographer instance to bootstrap itself. Returns false if such a token
149 // can't be created (i.e. if this Cryptograhper doesn't have valid keys). 148 // can't be created (i.e. if this Cryptograhper doesn't have valid keys).
150 bool GetBootstrapToken(std::string* token) const; 149 bool GetBootstrapToken(std::string* token) const;
151 150
152 // Obtain the bootstrap token based on the keystore encryption key.
153 bool GetKeystoreKeyBootstrapToken(std::string* token) const;
154
155 // Set the keystore-derived nigori from the provided key.
156 // Returns true if we succesfully create the keystore derived nigori from the
157 // provided key, false otherwise.
158 bool SetKeystoreKey(const std::string& keystore_key);
159
160 // Returns true if we currently have a keystore-derived nigori, false
161 // otherwise.
162 bool HasKeystoreKey() const;
163
164 Encryptor* encryptor() const { return encryptor_; } 151 Encryptor* encryptor() const { return encryptor_; }
165 152
166 private: 153 private:
167 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack); 154 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack);
168 155
169 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; 156 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap;
170 157
171 // Helper method to instantiate Nigori instances for each set of key 158 // Helper method to instantiate Nigori instances for each set of key
172 // parameters in |bag|. 159 // parameters in |bag|.
173 // Does not update the default nigori. 160 // Does not update the default nigori.
174 void InstallKeyBag(const sync_pb::NigoriKeyBag& bag); 161 void InstallKeyBag(const sync_pb::NigoriKeyBag& bag);
175 162
176 // Helper method to add a nigori as either the new default nigori or the new 163 // Helper method to add a nigori as the default key.
177 // keystore nigori. 164 bool AddKeyImpl(scoped_ptr<Nigori> nigori);
178 bool AddKeyImpl(Nigori* nigori, bool is_keystore_key);
179 165
180 // Functions to serialize + encrypt a Nigori object in an opaque format for 166 // Functions to serialize + encrypt a Nigori object in an opaque format for
181 // persistence by sync infrastructure. 167 // persistence by sync infrastructure.
182 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; 168 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const;
183 Nigori* UnpackBootstrapToken(const std::string& token) const; 169 Nigori* UnpackBootstrapToken(const std::string& token) const;
184 170
185 Encryptor* const encryptor_; 171 Encryptor* const encryptor_;
186 172
187 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. 173 // The Nigoris we know about, mapped by key name.
188 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. 174 NigoriMap nigoris_;
189 NigoriMap::value_type* keystore_nigori_; // Nigori generated from keystore. 175 // The following are cached separately for speed of access, and must exist
176 // within |nigoris_| if set.
177 // The key name associated with |default_nigori_|.
178 std::string default_nigori_name_;
179 // The Nigori used for encryption.
180 linked_ptr<const Nigori> default_nigori_;
190 181
191 scoped_ptr<sync_pb::EncryptedData> pending_keys_; 182 scoped_ptr<sync_pb::EncryptedData> pending_keys_;
192 183
193 DISALLOW_COPY_AND_ASSIGN(Cryptographer); 184 DISALLOW_COPY_AND_ASSIGN(Cryptographer);
194 }; 185 };
195 186
196 } // namespace syncer 187 } // namespace syncer
197 188
198 #endif // SYNC_UTIL_CRYPTOGRAPHER_H_ 189 #endif // SYNC_UTIL_CRYPTOGRAPHER_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698