Chromium Code Reviews Chromium Code Reviews
Issue 8759019:
[Sync] Add intelligent re-encryption support. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <algorithm> | 5 #include <algorithm> |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "chrome/browser/sync/util/cryptographer.h" | 8 #include "chrome/browser/sync/util/cryptographer.h" |
| 9 #include "chrome/browser/password_manager/encryptor.h" | 9 #include "chrome/browser/password_manager/encryptor.h" |
| 10 | 10 |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 | 50 |
| 51 bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const { | 51 bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const { |
| 52 return nigoris_.end() != nigoris_.find(data.key_name()); | 52 return nigoris_.end() != nigoris_.find(data.key_name()); |
| 53 } | 53 } |
| 54 | 54 |
| 55 bool Cryptographer::CanDecryptUsingDefaultKey( | 55 bool Cryptographer::CanDecryptUsingDefaultKey( |
| 56 const sync_pb::EncryptedData& data) const { | 56 const sync_pb::EncryptedData& data) const { |
| 57 return default_nigori_ && (data.key_name() == default_nigori_->first); | 57 return default_nigori_ && (data.key_name() == default_nigori_->first); |
| 58 } | 58 } |
| 59 | 59 |
| 60 bool Cryptographer::EncryptIfDifferent( | |
| 61 const ::google::protobuf::MessageLite& message, | |
| 62 sync_pb::EncryptedData* encrypted) const { | |
| 63 DCHECK(encrypted); | |
| 64 if (!default_nigori_) { | |
| 65 LOG(ERROR) << "Cryptographer not ready, failed to encrypt."; | |
| 66 return false; | |
| 67 } | |
| 68 | |
| 69 std::string serialized; | |
| 70 if (!message.SerializeToString(&serialized)) { | |
| 71 LOG(ERROR) << "Message is invalid/missing a required field."; | |
| 72 return false; | |
| 73 } | |
| 74 | |
| 75 if (CanDecryptUsingDefaultKey(*encrypted)) { | |
| 76 std::string original_serialized = DecryptToString(*encrypted); | |
|
akalin
2011/12/09 23:52:42
const ref
Nicolas Zea
2011/12/12 20:12:26
Done.
| |
| 77 if (original_serialized == serialized) { | |
| 78 DVLOG(2) << "Re-encryption unnecessary, encrypted data already matches."; | |
| 79 return true; | |
| 80 } | |
| 81 } | |
| 82 | |
| 83 return EncryptImpl(serialized, default_nigori_, encrypted); | |
| 84 } | |
| 85 | |
| 60 bool Cryptographer::Encrypt(const ::google::protobuf::MessageLite& message, | 86 bool Cryptographer::Encrypt(const ::google::protobuf::MessageLite& message, |
| 61 sync_pb::EncryptedData* encrypted) const { | 87 sync_pb::EncryptedData* encrypted) const { |
| 62 if (!encrypted || !default_nigori_) { | 88 DCHECK(encrypted); |
| 89 if (!default_nigori_) { | |
| 63 LOG(ERROR) << "Cryptographer not ready, failed to encrypt."; | 90 LOG(ERROR) << "Cryptographer not ready, failed to encrypt."; |
| 64 return false; | 91 return false; |
| 65 } | 92 } |
| 66 | 93 |
| 67 std::string serialized; | 94 std::string serialized; |
| 68 if (!message.SerializeToString(&serialized)) { | 95 if (!message.SerializeToString(&serialized)) { |
| 69 LOG(ERROR) << "Message is invalid/missing a required field."; | 96 LOG(ERROR) << "Message is invalid/missing a required field."; |
| 70 return false; | 97 return false; |
| 71 } | 98 } |
| 72 | 99 |
| 100 return EncryptImpl(serialized, default_nigori_, encrypted); | |
| 101 } | |
| 102 | |
| 103 bool Cryptographer::EncryptImpl(const std::string& serialized, | |
| 104 const NigoriMap::value_type* nigori, | |
| 105 sync_pb::EncryptedData* encrypted) const { | |
| 73 encrypted->set_key_name(default_nigori_->first); | 106 encrypted->set_key_name(default_nigori_->first); |
| 74 if (!default_nigori_->second->Encrypt(serialized, | 107 if (!nigori->second->Encrypt(serialized, |
| 75 encrypted->mutable_blob())) { | 108 encrypted->mutable_blob())) { |
| 76 LOG(ERROR) << "Failed to encrypt data."; | 109 LOG(ERROR) << "Failed to encrypt data."; |
| 77 return false; | 110 return false; |
| 78 } | 111 } |
| 79 return true; | 112 return true; |
| 80 } | 113 } |
| 81 | 114 |
| 82 bool Cryptographer::Decrypt(const sync_pb::EncryptedData& encrypted, | 115 bool Cryptographer::Decrypt(const sync_pb::EncryptedData& encrypted, |
| 83 ::google::protobuf::MessageLite* message) const { | 116 ::google::protobuf::MessageLite* message) const { |
| 84 DCHECK(message); | 117 DCHECK(message); |
| 85 std::string plaintext = DecryptToString(encrypted); | 118 std::string plaintext = DecryptToString(encrypted); |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 112 ++it) { | 145 ++it) { |
| 113 const Nigori& nigori = *it->second; | 146 const Nigori& nigori = *it->second; |
| 114 sync_pb::NigoriKey* key = bag.add_key(); | 147 sync_pb::NigoriKey* key = bag.add_key(); |
| 115 key->set_name(it->first); | 148 key->set_name(it->first); |
| 116 nigori.ExportKeys(key->mutable_user_key(), | 149 nigori.ExportKeys(key->mutable_user_key(), |
| 117 key->mutable_encryption_key(), | 150 key->mutable_encryption_key(), |
| 118 key->mutable_mac_key()); | 151 key->mutable_mac_key()); |
| 119 } | 152 } |
| 120 | 153 |
| 121 // Encrypt the bag with the default Nigori. | 154 // Encrypt the bag with the default Nigori. |
| 122 return Encrypt(bag, encrypted); | 155 return EncryptIfDifferent(bag, encrypted); |
| 123 } | 156 } |
| 124 | 157 |
| 125 bool Cryptographer::AddKey(const KeyParams& params) { | 158 bool Cryptographer::AddKey(const KeyParams& params) { |
| 126 DCHECK(NULL == pending_keys_.get()); | 159 DCHECK(NULL == pending_keys_.get()); |
| 127 | 160 |
| 128 // Create the new Nigori and make it the default encryptor. | 161 // Create the new Nigori and make it the default encryptor. |
| 129 scoped_ptr<Nigori> nigori(new Nigori); | 162 scoped_ptr<Nigori> nigori(new Nigori); |
| 130 if (!nigori->InitByDerivation(params.hostname, | 163 if (!nigori->InitByDerivation(params.hostname, |
| 131 params.username, | 164 params.username, |
| 132 params.password)) { | 165 params.password)) { |
| (...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 414 continue; | 447 continue; |
| 415 } | 448 } |
| 416 nigoris_[key.name()] = make_linked_ptr(new_nigori.release()); | 449 nigoris_[key.name()] = make_linked_ptr(new_nigori.release()); |
| 417 } | 450 } |
| 418 } | 451 } |
| 419 DCHECK(nigoris_.end() != nigoris_.find(default_key_name)); | 452 DCHECK(nigoris_.end() != nigoris_.find(default_key_name)); |
| 420 default_nigori_ = &*nigoris_.find(default_key_name); | 453 default_nigori_ = &*nigoris_.find(default_key_name); |
| 421 } | 454 } |
| 422 | 455 |
| 423 } // namespace browser_sync | 456 } // namespace browser_sync |
| OLD | NEW |
