| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ | 5 #ifndef CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ |
| 6 #define CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ | 6 #define CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <string> | 10 #include <string> |
| 11 | 11 |
| 12 #include "base/gtest_prod_util.h" | 12 #include "base/gtest_prod_util.h" |
| 13 #include "base/memory/linked_ptr.h" | 13 #include "base/memory/linked_ptr.h" |
| 14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "base/observer_list.h" |
| 15 #include "chrome/browser/sync/protocol/nigori_specifics.pb.h" | 16 #include "chrome/browser/sync/protocol/nigori_specifics.pb.h" |
| 16 #include "chrome/browser/sync/syncable/model_type.h" | 17 #include "chrome/browser/sync/syncable/model_type.h" |
| 17 #include "chrome/browser/sync/util/nigori.h" | 18 #include "chrome/browser/sync/util/nigori.h" |
| 18 | 19 |
| 19 namespace browser_sync { | 20 namespace browser_sync { |
| 20 | 21 |
| 21 extern const char kNigoriTag[]; | 22 extern const char kNigoriTag[]; |
| 22 | 23 |
| 23 // The parameters used to initialize a Nigori instance. | 24 // The parameters used to initialize a Nigori instance. |
| 24 struct KeyParams { | 25 struct KeyParams { |
| (...skipping 11 matching lines...) Expand all Loading... |
| 36 // Most likely, an updated Nigori node means that a new passphrase has been set | 37 // Most likely, an updated Nigori node means that a new passphrase has been set |
| 37 // and that future node updates won't be decryptable. To remedy this, the user | 38 // and that future node updates won't be decryptable. To remedy this, the user |
| 38 // should be prompted for the new passphrase and DecryptPendingKeys be called. | 39 // should be prompted for the new passphrase and DecryptPendingKeys be called. |
| 39 // | 40 // |
| 40 // Whenever a update to an encrypted node is received from the server, | 41 // Whenever a update to an encrypted node is received from the server, |
| 41 // CanDecrypt should be used to verify whether the Cryptographer can decrypt | 42 // CanDecrypt should be used to verify whether the Cryptographer can decrypt |
| 42 // that node. If it cannot, then the application of that update should be | 43 // that node. If it cannot, then the application of that update should be |
| 43 // delayed until after it can be decrypted. | 44 // delayed until after it can be decrypted. |
| 44 class Cryptographer { | 45 class Cryptographer { |
| 45 public: | 46 public: |
| 47 // All Observer methods are done synchronously, so they're called |
| 48 // under a transaction (since all Cryptographer operations are done |
| 49 // under a transaction). |
| 50 class Observer { |
| 51 public: |
| 52 // Called when the set of encrypted types or the encrypt |
| 53 // everything flag has been changed. Note that this doesn't |
| 54 // necessarily mean that encryption has completed for the given |
| 55 // types. |
| 56 // |
| 57 // |encrypted_types| will always be a superset of |
| 58 // SensitiveTypes(). If |encrypt_everything| is true, |
| 59 // |encrypted_types| will be the set of all known types. |
| 60 // |
| 61 // Until this function is called, observers can assume that the |
| 62 // set of encrypted types is SensitiveTypes() and that the encrypt |
| 63 // everything flag is false. |
| 64 virtual void OnEncryptedTypesChanged( |
| 65 const syncable::ModelTypeSet& encrypted_types, |
| 66 bool encrypt_everything) = 0; |
| 67 |
| 68 protected: |
| 69 virtual ~Observer(); |
| 70 }; |
| 71 |
| 46 Cryptographer(); | 72 Cryptographer(); |
| 47 ~Cryptographer(); | 73 ~Cryptographer(); |
| 48 | 74 |
| 49 // When update on cryptographer is called this enum tells if the | 75 // When update on cryptographer is called this enum tells if the |
| 50 // cryptographer was succesfully able to update using the nigori node or if | 76 // cryptographer was succesfully able to update using the nigori node or if |
| 51 // it needs a key to decrypt the nigori node. | 77 // it needs a key to decrypt the nigori node. |
| 52 enum UpdateResult { | 78 enum UpdateResult { |
| 53 SUCCESS, | 79 SUCCESS, |
| 54 NEEDS_PASSPHRASE | 80 NEEDS_PASSPHRASE |
| 55 }; | 81 }; |
| 56 | 82 |
| 83 // Manage observers. |
| 84 void AddObserver(Observer* observer); |
| 85 void RemoveObserver(Observer* observer); |
| 86 |
| 57 // |restored_bootstrap_token| can be provided via this method to bootstrap | 87 // |restored_bootstrap_token| can be provided via this method to bootstrap |
| 58 // Cryptographer instance into the ready state (is_ready will be true). | 88 // Cryptographer instance into the ready state (is_ready will be true). |
| 59 // It must be a string that was previously built by the | 89 // It must be a string that was previously built by the |
| 60 // GetSerializedBootstrapToken function. It is possible that the token is no | 90 // GetSerializedBootstrapToken function. It is possible that the token is no |
| 61 // longer valid (due to server key change), in which case the normal | 91 // longer valid (due to server key change), in which case the normal |
| 62 // decryption code paths will fail and the user will need to provide a new | 92 // decryption code paths will fail and the user will need to provide a new |
| 63 // passphrase. | 93 // passphrase. |
| 64 // It is an error to call this if is_ready() == true, though it is fair to | 94 // It is an error to call this if is_ready() == true, though it is fair to |
| 65 // never call Bootstrap at all. | 95 // never call Bootstrap at all. |
| 66 void Bootstrap(const std::string& restored_bootstrap_token); | 96 void Bootstrap(const std::string& restored_bootstrap_token); |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 135 // The set of types that are always encrypted. | 165 // The set of types that are always encrypted. |
| 136 static syncable::ModelTypeSet SensitiveTypes(); | 166 static syncable::ModelTypeSet SensitiveTypes(); |
| 137 | 167 |
| 138 // Reset our set of encrypted types based on the contents of the nigori | 168 // Reset our set of encrypted types based on the contents of the nigori |
| 139 // specifics. | 169 // specifics. |
| 140 void UpdateEncryptedTypesFromNigori(const sync_pb::NigoriSpecifics& nigori); | 170 void UpdateEncryptedTypesFromNigori(const sync_pb::NigoriSpecifics& nigori); |
| 141 | 171 |
| 142 // Update the nigori to reflect the current set of encrypted types. | 172 // Update the nigori to reflect the current set of encrypted types. |
| 143 void UpdateNigoriFromEncryptedTypes(sync_pb::NigoriSpecifics* nigori) const; | 173 void UpdateNigoriFromEncryptedTypes(sync_pb::NigoriSpecifics* nigori) const; |
| 144 | 174 |
| 145 // Setter/getter for whether all current and future datatypes should be | 175 // Setter/getter for whether all current and future datatypes should |
| 146 // encrypted. Once set you cannot unset without reading from a new nigori | 176 // be encrypted. Once set you cannot unset without reading from a |
| 147 // node. | 177 // new nigori node. set_encrypt_everything() emits a notification |
| 178 // the first time it's called. |
| 148 void set_encrypt_everything(); | 179 void set_encrypt_everything(); |
| 149 bool encrypt_everything() const; | 180 bool encrypt_everything() const; |
| 150 | 181 |
| 151 // Set all types in |new_types| as requiring encryption (in addition to the | |
| 152 // currently encrypted types). Note: once a type requires encryption it can | |
| 153 // never stop requiring encryption without clearing the server data. | |
| 154 void SetEncryptedTypes(syncable::ModelTypeSet new_types); | |
| 155 | |
| 156 // Return the set of encrypted types. | 182 // Return the set of encrypted types. |
| 157 syncable::ModelTypeSet GetEncryptedTypes() const; | 183 syncable::ModelTypeSet GetEncryptedTypes() const; |
| 158 | 184 |
| 185 // Forwards to SetEncryptedTypes. |
| 186 void SetEncryptedTypesForTest( |
| 187 const syncable::ModelTypeSet& encrypted_types); |
| 188 |
| 159 private: | 189 private: |
| 160 FRIEND_TEST_ALL_PREFIXES(CryptographerTest, PackUnpack); | 190 FRIEND_TEST_ALL_PREFIXES(CryptographerTest, PackUnpack); |
| 161 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; | 191 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; |
| 162 | 192 |
| 193 // Changes the set of encrypted types and emits a notification if |
| 194 // necessary. |
| 195 void SetEncryptedTypes(const syncable::ModelTypeSet& encrypted_types); |
| 196 |
| 197 void EmitEncryptedTypesChangedNotification(); |
| 198 |
| 163 // Helper method to instantiate Nigori instances for each set of key | 199 // Helper method to instantiate Nigori instances for each set of key |
| 164 // parameters in |bag| and setting the default encryption key to | 200 // parameters in |bag| and setting the default encryption key to |
| 165 // |default_key_name|. | 201 // |default_key_name|. |
| 166 void InstallKeys(const std::string& default_key_name, | 202 void InstallKeys(const std::string& default_key_name, |
| 167 const sync_pb::NigoriKeyBag& bag); | 203 const sync_pb::NigoriKeyBag& bag); |
| 168 | 204 |
| 169 bool AddKeyImpl(Nigori* nigori); | 205 bool AddKeyImpl(Nigori* nigori); |
| 170 | 206 |
| 171 // Functions to serialize + encrypt a Nigori object in an opaque format for | 207 // Functions to serialize + encrypt a Nigori object in an opaque format for |
| 172 // persistence by sync infrastructure. | 208 // persistence by sync infrastructure. |
| 173 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; | 209 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; |
| 174 Nigori* UnpackBootstrapToken(const std::string& token) const; | 210 Nigori* UnpackBootstrapToken(const std::string& token) const; |
| 175 | 211 |
| 212 ObserverList<Observer> observers_; |
| 213 |
| 176 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. | 214 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. |
| 177 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. | 215 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. |
| 178 | 216 |
| 179 scoped_ptr<sync_pb::EncryptedData> pending_keys_; | 217 scoped_ptr<sync_pb::EncryptedData> pending_keys_; |
| 180 | 218 |
| 181 syncable::ModelTypeSet encrypted_types_; | 219 syncable::ModelTypeSet encrypted_types_; |
| 182 bool encrypt_everything_; | 220 bool encrypt_everything_; |
| 183 | 221 |
| 184 DISALLOW_COPY_AND_ASSIGN(Cryptographer); | 222 DISALLOW_COPY_AND_ASSIGN(Cryptographer); |
| 185 }; | 223 }; |
| 186 | 224 |
| 187 } // namespace browser_sync | 225 } // namespace browser_sync |
| 188 | 226 |
| 189 #endif // CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ | 227 #endif // CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8356026:
[Sync] Cache encrypted types info in ProfileSyncService (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src