Encrypt all stored cookies on selected operating systems.

chrome/browser/profiles/profile_impl_io_data.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/profiles/profile_impl_io_data.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/metrics/field_trial.h"
@@ skipping 13 matching lines @@
 #include "chrome/browser/net/chrome_network_delegate.h"
 #include "chrome/browser/net/connect_interceptor.h"
 #include "chrome/browser/net/http_server_properties_manager.h"
 #include "chrome/browser/net/predictor.h"
 #include "chrome/browser/net/sqlite_server_bound_cert_store.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/url_constants.h"
+#include "components/webdata/encryptor/encryptor.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/cookie_crypto_delegate.h"
 #include "content/public/browser/cookie_store_factory.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/resource_context.h"
 #include "content/public/browser/storage_partition.h"
 #include "extensions/common/constants.h"
 #include "net/base/cache_type.h"
 #include "net/ftp/ftp_network_layer.h"
 #include "net/http/http_cache.h"
 #include "net/ssl/server_bound_cert_service.h"
 #include "net/url_request/protocol_intercept_job_factory.h"
 #include "net/url_request/url_request_job_factory_impl.h"
 #include "webkit/browser/quota/special_storage_policy.h"
 
 #if defined(OS_ANDROID)
 #include "chrome/app/android/chrome_data_reduction_proxy_android.h"
 #endif
 
+// On operating systems that support an encryption API but don't
+// automatically protect all user data, encrypt the cookie.
+#if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
+#define CRYPT_COOKIES
+#endif
+
 namespace {
 
+#if defined(CRYPT_COOKIES)
+class CookieOSCryptoDelegate : public content::CookieCryptoDelegate {
+ public:
+  virtual bool EncryptString(const std::string& plaintext,
+                             std::string* ciphertext) OVERRIDE;
+  virtual bool DecryptString(const std::string& ciphertext,
+                             std::string* plaintext) OVERRIDE;
+};
+
+bool CookieOSCryptoDelegate::EncryptString(const std::string& plaintext,
+                                           std::string* ciphertext) {
+  return Encryptor::EncryptString(plaintext, ciphertext);
+}
+
+bool CookieOSCryptoDelegate::DecryptString(const std::string& ciphertext,
+                                           std::string* plaintext) {
+  return Encryptor::DecryptString(ciphertext, plaintext);
+}
+#endif  // CRYPT_COOKIES
+
+
 net::BackendType ChooseCacheBackendType() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kUseSimpleCacheBackend)) {
     const std::string opt_value =
         command_line.GetSwitchValueASCII(switches::kUseSimpleCacheBackend);
     if (LowerCaseEqualsASCII(opt_value, "off"))
       return net::CACHE_BACKEND_BLOCKFILE;
     if (opt_value == "" || LowerCaseEqualsASCII(opt_value, "on"))
       return net::CACHE_BACKEND_SIMPLE;
   }
@@ skipping 323 matching lines @@
 
   // setup cookie store
   if (!cookie_store.get()) {
     DCHECK(!lazy_params_->cookie_path.empty());
 
     cookie_store = content::CreatePersistentCookieStore(
         lazy_params_->cookie_path,
         lazy_params_->restore_old_session_cookies,
         lazy_params_->special_storage_policy.get(),
         profile_params->cookie_monster_delegate.get(),
-        scoped_refptr<base::SequencedTaskRunner>());
+        scoped_refptr<base::SequencedTaskRunner>(),
+#if defined(CRYPT_COOKIES)
+        new CookieOSCryptoDelegate
+#else
+        NULL
+#endif
+    );

[Scott Hess - ex-Googler, 2013/10/08 17:35:55]

Definitely defer to Erik on this, but ...

Would it make sense to have CookieOSCryptoDelegate::Create(), and have it handle
returning NULL if the OS doesn't support it?

[bcwhite, 2013/10/08 18:23:36]

All OS support it.  It's only some OS that it's necessary.  And actually, Linux
doesn't support it but we do call it in order to be consistent with how OAuth
tokens are protected.

But the condition can certainly be moved there, perhaps "::IfDesired()" instead
of "::Create()"?

[erikwright (departed), 2013/10/08 18:41:53]

It makes me a bit ill, but maybe "MaybeCreate()"?

[Scott Hess - ex-Googler, 2013/10/08 19:13:51]

I don't feel strongly about it.  Repeated #ifdef and contorting the call to
accomodate is just a bit of a red flag.  Heaven forbid we ever add an additional
parameter to CreatePersistentCookieStore().

Actually, since it's in the anonymous namespace, it doesn't need to be a static
method, it could just be a helper function like CreateCryptoDelegateIfNeeded(). 
Though IMHO "IfNeeded" implies a level of choice which really isn't present
here, like a given Chrome build might sometimes return one, sometimes not.  It's
more "IfSupported", which seems implied (if you return one, it was supported).

[bcwhite, 2013/10/08 20:18:09]

It makes sense just to get rid of the repeated #ifdef.

However, I just wanted to note that it is supported on all platforms.  It's just
not necessary on some -- ChromeOS, for example, encrypts the entire profile
directory so also-encrypting the cookies adds no benefit.

[Scott Hess - ex-Googler, 2013/10/08 21:22:13]

Except to make the code more convoluted!

I am not questioning your reasoning, but the comment about the CRYPT_COOKIES
definition does not make me think "This is supported everywhere, but is
unnecessary on ChromeOS".  It makes me think "Some platforms support this, some
do not."

[bcwhite, 2013/10/10 17:19:30]

Comment improved.

     cookie_store->GetCookieMonster()->SetPersistSessionCookies(true);
   }
 
   main_context->set_cookie_store(cookie_store.get());
 
   // Setup server bound cert service.
   if (!server_bound_cert_service) {
     DCHECK(!lazy_params_->server_bound_cert_path.empty());
 
     scoped_refptr<SQLiteServerBoundCertStore> server_bound_cert_db =
@@ skipping 75 matching lines @@
 
   extensions_context->set_throttler_manager(
       io_thread_globals->throttler_manager.get());
 
   net::CookieStore* extensions_cookie_store =
       content::CreatePersistentCookieStore(
           lazy_params_->extensions_cookie_path,
           lazy_params_->restore_old_session_cookies,
           NULL,
           NULL,
-          scoped_refptr<base::SequencedTaskRunner>());
+          scoped_refptr<base::SequencedTaskRunner>(),
+#if defined(CRYPT_COOKIES)
+          new CookieOSCryptoDelegate
+#else
+          NULL
+#endif
+      );
   // Enable cookies for devtools and extension URLs.
   const char* schemes[] = {chrome::kChromeDevToolsScheme,
                            extensions::kExtensionScheme};
   extensions_cookie_store->GetCookieMonster()->SetCookieableSchemes(schemes, 2);
   extensions_context->set_cookie_store(extensions_cookie_store);
 
   scoped_ptr<net::URLRequestJobFactoryImpl> extensions_job_factory(
       new net::URLRequestJobFactoryImpl());
   // TODO(shalev): The extensions_job_factory has a NULL NetworkDelegate.
   // Without a network_delegate, this protocol handler will never
@@ skipping 66 matching lines @@
     DCHECK(!cookie_path.empty());
 
     // TODO(creis): We should have a cookie delegate for notifying the cookie
     // extensions API, but we need to update it to understand isolated apps
     // first.
     cookie_store = content::CreatePersistentCookieStore(
         cookie_path,
         false,
         NULL,
         NULL,
-        scoped_refptr<base::SequencedTaskRunner>());
+        scoped_refptr<base::SequencedTaskRunner>(),
+#if defined(CRYPT_COOKIES)
+        new CookieOSCryptoDelegate
+#else
+        NULL
+#endif
+    );
   }
 
   // Transfer ownership of the cookies and cache to AppRequestContext.
   context->SetCookieStore(cookie_store.get());
   context->SetHttpTransactionFactory(
       scoped_ptr<net::HttpTransactionFactory>(app_http_cache));
 
   scoped_ptr<net::URLRequestJobFactoryImpl> job_factory(
       new net::URLRequestJobFactoryImpl());
   InstallProtocolHandlers(job_factory.get(), protocol_handlers);
@@ skipping 102 matching lines @@
     const base::Closure& completion) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   DCHECK(initialized());
 
   DCHECK(transport_security_state());
   // Completes synchronously.
   transport_security_state()->DeleteAllDynamicDataSince(time);
   DCHECK(http_server_properties_manager_);
   http_server_properties_manager_->Clear(completion);
 }