Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(562)

Unified Diff: sync/util/cryptographer.cc

Issue 10878015: [Sync] Move keystore key handling to SyncEncryptionHandlerImpl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase + fix cryptographer Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: sync/util/cryptographer.cc
diff --git a/sync/util/cryptographer.cc b/sync/util/cryptographer.cc
index 92f97954fa0e741fe1368ebd6ad021448f775ee8..a4bbf44b42f054e1073246f9fcb2a0a9e99a4955 100644
--- a/sync/util/cryptographer.cc
+++ b/sync/util/cryptographer.cc
@@ -22,9 +22,7 @@ const char kNigoriTag[] = "google_chrome_nigori";
const char kNigoriKeyName[] = "nigori-key";
Cryptographer::Cryptographer(Encryptor* encryptor)
- : encryptor_(encryptor),
- default_nigori_(NULL),
- keystore_nigori_(NULL) {
+ : encryptor_(encryptor) {
DCHECK(encryptor);
}
@@ -39,19 +37,7 @@ void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) {
scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
if (nigori.get())
- AddKeyImpl(nigori.release(), false);
-}
-
-void Cryptographer::BootstrapKeystoreKey(
- const std::string& restored_bootstrap_token) {
- if (keystore_nigori_) {
- NOTREACHED();
- return;
- }
-
- scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
- if (nigori.get())
- AddKeyImpl(nigori.release(), true);
+ AddKeyImpl(nigori.Pass());
}
bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const {
@@ -60,17 +46,20 @@ bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const {
bool Cryptographer::CanDecryptUsingDefaultKey(
const sync_pb::EncryptedData& data) const {
- return default_nigori_ && (data.key_name() == default_nigori_->first);
+ return default_nigori_.get() && (data.key_name() == default_nigori_name_);
}
bool Cryptographer::Encrypt(
const ::google::protobuf::MessageLite& message,
sync_pb::EncryptedData* encrypted) const {
DCHECK(encrypted);
- if (!default_nigori_) {
+ if (!default_nigori_.get()) {
LOG(ERROR) << "Cryptographer not ready, failed to encrypt.";
return false;
}
+ DCHECK(nigoris_.find(default_nigori_name_) != nigoris_.end());
akalin 2012/08/27 22:06:55 do we want to return false if either of these chec
Nicolas Zea 2012/08/28 01:18:50 Given that getting this wrong runs the risk of cor
+ DCHECK_EQ(default_nigori_.get(),
+ nigoris_.find(default_nigori_name_)->second.get());
std::string serialized;
if (!message.SerializeToString(&serialized)) {
@@ -86,9 +75,9 @@ bool Cryptographer::Encrypt(
}
}
- encrypted->set_key_name(default_nigori_->first);
- if (!default_nigori_->second->Encrypt(serialized,
- encrypted->mutable_blob())) {
+ encrypted->set_key_name(default_nigori_name_);
+ if (!default_nigori_->Encrypt(serialized,
+ encrypted->mutable_blob())) {
LOG(ERROR) << "Failed to encrypt data.";
return false;
}
@@ -147,7 +136,7 @@ bool Cryptographer::AddKey(const KeyParams& params) {
NOTREACHED(); // Invalid username or password.
return false;
}
- return AddKeyImpl(nigori.release(), false);
+ return AddKeyImpl(nigori.Pass());
}
bool Cryptographer::AddKeyFromBootstrapToken(
@@ -156,22 +145,18 @@ bool Cryptographer::AddKeyFromBootstrapToken(
scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
if (!nigori.get())
return false;
- return AddKeyImpl(nigori.release(), false);
+ return AddKeyImpl(nigori.Pass());
}
-bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori,
- bool is_keystore_key) {
- scoped_ptr<Nigori> nigori(initialized_nigori);
+bool Cryptographer::AddKeyImpl(scoped_ptr<Nigori> initialized_nigori) {
std::string name;
- if (!nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) {
+ if (!initialized_nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) {
NOTREACHED();
return false;
}
- nigoris_[name] = make_linked_ptr(nigori.release());
- if (is_keystore_key)
- keystore_nigori_ = &*nigoris_.find(name);
- else
- default_nigori_ = &*nigoris_.find(name);
+ default_nigori_ = make_linked_ptr(initialized_nigori.release());
+ nigoris_[name] = default_nigori_;
+ default_nigori_name_ = name;
return true;
}
@@ -186,7 +171,8 @@ void Cryptographer::InstallKeys(const sync_pb::EncryptedData& encrypted) {
void Cryptographer::SetDefaultKey(const std::string& key_name) {
DCHECK(nigoris_.end() != nigoris_.find(key_name));
- default_nigori_ = &*nigoris_.find(key_name);
+ default_nigori_ = nigoris_.find(key_name)->second;
akalin 2012/08/27 22:06:55 it seems like this'll crash (in release) if the DC
Nicolas Zea 2012/08/28 01:18:50 I think a crash would be appropriate here. If this
+ default_nigori_name_ = key_name;
}
void Cryptographer::SetPendingKeys(const sync_pb::EncryptedData& encrypted) {
@@ -221,7 +207,8 @@ bool Cryptographer::DecryptPendingKeys(const KeyParams& params) {
InstallKeyBag(bag);
const std::string& new_default_key_name = pending_keys_->key_name();
akalin 2012/08/27 22:06:55 can you use SetDefaultKey here?
Nicolas Zea 2012/08/28 01:18:50 Done.
DCHECK(nigoris_.end() != nigoris_.find(new_default_key_name));
- default_nigori_ = &*nigoris_.find(new_default_key_name);
+ default_nigori_ = nigoris_.find(new_default_key_name)->second;
+ default_nigori_name_ = new_default_key_name;
pending_keys_.reset();
return true;
}
@@ -231,16 +218,7 @@ bool Cryptographer::GetBootstrapToken(std::string* token) const {
if (!is_initialized())
return false;
- return PackBootstrapToken(default_nigori_->second.get(), token);
-}
-
-bool Cryptographer::GetKeystoreKeyBootstrapToken(
- std::string* token) const {
- DCHECK(token);
- if (!HasKeystoreKey())
- return false;
-
- return PackBootstrapToken(keystore_nigori_->second.get(), token);
+ return PackBootstrapToken(default_nigori_.get(), token);
}
bool Cryptographer::PackBootstrapToken(const Nigori* nigori,
@@ -307,27 +285,6 @@ Nigori* Cryptographer::UnpackBootstrapToken(const std::string& token) const {
return nigori.release();
}
-bool Cryptographer::SetKeystoreKey(const std::string& keystore_key) {
- if (keystore_key.empty())
- return false;
- KeyParams params = {"localhost", "dummy", keystore_key};
-
- // Create the new Nigori and make it the default keystore encryptor.
- scoped_ptr<Nigori> nigori(new Nigori);
- if (!nigori->InitByDerivation(params.hostname,
- params.username,
- params.password)) {
- NOTREACHED(); // Invalid username or password.
- return false;
- }
-
- return AddKeyImpl(nigori.release(), true);
-}
-
-bool Cryptographer::HasKeystoreKey() const {
- return keystore_nigori_ != NULL;
-}
-
void Cryptographer::InstallKeyBag(const sync_pb::NigoriKeyBag& bag) {
int key_size = bag.key_size();
for (int i = 0; i < key_size; ++i) {

Powered by Google App Engine
This is Rietveld 408576698