chrome/browser/sync/util/cryptographer.h - Issue 8759019: [Sync] Add intelligent re-encryption support.

Side by Side Diff: chrome/browser/sync/util/cryptographer.h

Issue 8759019: [Sync] Add intelligent re-encryption support. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Self review Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_	5 #ifndef CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_

6 #define CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_	6 #define CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_

7 #pragma once	7 #pragma once

8	8

9 #include <map>	9 #include <map>

10 #include <string>	10 #include <string>

(...skipping 85 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
96 void Bootstrap(const std::string& restored_bootstrap_token);	96 void Bootstrap(const std::string& restored_bootstrap_token);

97	97

98 // Returns whether we can decrypt \|encrypted\| using the keys we currently know	98 // Returns whether we can decrypt \|encrypted\| using the keys we currently know

99 // about.	99 // about.

100 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const;	100 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const;

101	101

102 // Returns whether \|encrypted\| can be decrypted using the default encryption	102 // Returns whether \|encrypted\| can be decrypted using the default encryption

103 // key.	103 // key.

104 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const;	104 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const;

105	105

	106 // Same as Encrypt(..), except exits early and returns true if \|message\|

	107 // matches the decrypted data within \|encrypted\| and \|encrypted\| was encrypted

	108 // with the current default key. This avoids unnecessarily modifying

	109 // \|encrypted\| if the change had no practical effect.

	110 bool EncryptIfDifferent(const ::google::protobuf::MessageLite& message,

	111 sync_pb::EncryptedData* encrypted) const;

	112

106 // Encrypts \|message\| into \|encrypted\|. Returns true unless encryption fails.	113 // Encrypts \|message\| into \|encrypted\|. Returns true unless encryption fails.

107 // Note that encryption will fail if \|message\| isn't valid (eg. a required	114 // Note that encryption will fail if \|message\| isn't valid (eg. a required

108 // field isn't set).	115 // field isn't set).

109 bool Encrypt(const ::google::protobuf::MessageLite& message,	116 bool Encrypt(const ::google::protobuf::MessageLite& message,
	akalin 2011/12/06 18:28:02 Is there anything now besides tests that use Encry Is there anything now besides tests that use Encrypt(), and can those tests use EncryptIfDifferent? It would be nice to have a single entry point for encryption. Nicolas Zea 2011/12/06 20:45:36 There isn't, but I'm not sure that we want to remo Show quoted text On 2011/12/06 18:28:02, akalin wrote: > Is there anything now besides tests that use Encrypt(), and can those tests use > EncryptIfDifferent? It would be nice to have a single entry point for > encryption. There isn't, but I'm not sure that we want to remove the ability to force a re-encryption with salting. akalin 2011/12/09 23:52:42 That's true. But I'd like to remove it for now; w Show quoted text On 2011/12/06 20:45:36, nzea wrote: > On 2011/12/06 18:28:02, akalin wrote: > > Is there anything now besides tests that use Encrypt(), and can those tests > use > > EncryptIfDifferent? It would be nice to have a single entry point for > > encryption. > > There isn't, but I'm not sure that we want to remove the ability to force a > re-encryption with salting. That's true. But I'd like to remove it for now; we can always add it back in if we need to. If we do, we should probably rename it ForceEncryption or something. Nicolas Zea 2011/12/12 20:12:26 Done. Show quoted text On 2011/12/09 23:52:42, akalin wrote: > On 2011/12/06 20:45:36, nzea wrote: > > On 2011/12/06 18:28:02, akalin wrote: > > > Is there anything now besides tests that use Encrypt(), and can those tests > > use > > > EncryptIfDifferent? It would be nice to have a single entry point for > > > encryption. > > > > There isn't, but I'm not sure that we want to remove the ability to force a > > re-encryption with salting. > > That's true. But I'd like to remove it for now; we can always add it back in if > we need to. If we do, we should probably rename it ForceEncryption or > something. Done.
110 sync_pb::EncryptedData* encrypted) const;	117 sync_pb::EncryptedData* encrypted) const;

111	118

112 // Decrypts \|encrypted\| into \|message\|. Returns true unless decryption fails,	119 // Decrypts \|encrypted\| into \|message\|. Returns true unless decryption fails,

113 // or \|message\| fails to parse the decrypted data.	120 // or \|message\| fails to parse the decrypted data.

114 bool Decrypt(const sync_pb::EncryptedData& encrypted,	121 bool Decrypt(const sync_pb::EncryptedData& encrypted,

115 ::google::protobuf::MessageLite* message) const;	122 ::google::protobuf::MessageLite* message) const;

116	123

117 // Decrypts \|encrypted\| and returns plaintext decrypted data. If decryption	124 // Decrypts \|encrypted\| and returns plaintext decrypted data. If decryption

118 // fails, returns empty string.	125 // fails, returns empty string.

119 std::string DecryptToString(const sync_pb::EncryptedData& encrypted) const;	126 std::string DecryptToString(const sync_pb::EncryptedData& encrypted) const;

120	127

121 // Encrypts the set of currently known keys into \|encrypted\|. Returns true if	128 // Encrypts the set of currently known keys into \|encrypted\|. Returns true if

122 // successful.	129 // successful.
	akalin 2011/12/06 18:28:02 update comment to reflect change-only-if-different update comment to reflect change-only-if-different semantics Nicolas Zea 2011/12/06 20:45:36 Done. Show quoted text On 2011/12/06 18:28:02, akalin wrote: > update comment to reflect change-only-if-different semantics Done.
123 bool GetKeys(sync_pb::EncryptedData* encrypted) const;	130 bool GetKeys(sync_pb::EncryptedData* encrypted) const;

124	131

125 // Creates a new Nigori instance using \|params\|. If successful, \|params\| will	132 // Creates a new Nigori instance using \|params\|. If successful, \|params\| will

126 // become the default encryption key and be used for all future calls to	133 // become the default encryption key and be used for all future calls to

127 // Encrypt.	134 // Encrypt.

128 bool AddKey(const KeyParams& params);	135 bool AddKey(const KeyParams& params);

129	136

130 // Decrypts \|encrypted\| and uses its contents to initialize Nigori instances.	137 // Decrypts \|encrypted\| and uses its contents to initialize Nigori instances.

131 // Returns true unless decryption of \|encrypted\| fails. The caller is	138 // Returns true unless decryption of \|encrypted\| fails. The caller is

132 // responsible for checking that CanDecrypt(encrypted) == true.	139 // responsible for checking that CanDecrypt(encrypted) == true.

(...skipping 50 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
183 syncable::ModelTypeSet GetEncryptedTypes() const;	190 syncable::ModelTypeSet GetEncryptedTypes() const;

184	191

185 // Forwards to MergeEncryptedTypes.	192 // Forwards to MergeEncryptedTypes.

186 void MergeEncryptedTypesForTest(	193 void MergeEncryptedTypesForTest(

187 const syncable::ModelTypeSet& encrypted_types);	194 const syncable::ModelTypeSet& encrypted_types);

188	195

189 private:	196 private:

190 FRIEND_TEST_ALL_PREFIXES(CryptographerTest, PackUnpack);	197 FRIEND_TEST_ALL_PREFIXES(CryptographerTest, PackUnpack);

191 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap;	198 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap;

192	199

	200 bool EncryptImpl(const std::string& serialized,

	201 const NigoriMap::value_type* nigori,

	202 sync_pb::EncryptedData* encrypted) const;

	203

193 // Merges the given set of encrypted types with the existing set and emits a	204 // Merges the given set of encrypted types with the existing set and emits a

194 // notification if necessary.	205 // notification if necessary.

195 void MergeEncryptedTypes(const syncable::ModelTypeSet& encrypted_types);	206 void MergeEncryptedTypes(const syncable::ModelTypeSet& encrypted_types);

196	207

197 void EmitEncryptedTypesChangedNotification();	208 void EmitEncryptedTypesChangedNotification();

198	209

199 // Helper method to instantiate Nigori instances for each set of key	210 // Helper method to instantiate Nigori instances for each set of key

200 // parameters in \|bag\| and setting the default encryption key to	211 // parameters in \|bag\| and setting the default encryption key to

201 // \|default_key_name\|.	212 // \|default_key_name\|.

202 void InstallKeys(const std::string& default_key_name,	213 void InstallKeys(const std::string& default_key_name,

(...skipping 15 matching lines...) Expand all Loading...
218	229

219 syncable::ModelTypeSet encrypted_types_;	230 syncable::ModelTypeSet encrypted_types_;

220 bool encrypt_everything_;	231 bool encrypt_everything_;

221	232

222 DISALLOW_COPY_AND_ASSIGN(Cryptographer);	233 DISALLOW_COPY_AND_ASSIGN(Cryptographer);

223 };	234 };

224	235

225 } // namespace browser_sync	236 } // namespace browser_sync

226	237

227 #endif // CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_	238 #endif // CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_

OLD	NEW

« chrome/browser/sync/internal_api/write_node.cc ('K') | « chrome/browser/sync/internal_api/write_node.cc ('k') | chrome/browser/sync/util/cryptographer.cc » ('j') | no next file with comments »