Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(274)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/sync/base/nigori.cc

Issue 2813453004: [sync] Fix decryption failure caused by missing user_key (Closed)
Patch Set: Restore derivation check, add tests Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/sync/base/nigori.h ('k') | components/sync/base/nigori_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/sync/base/nigori.h" 5 #include "components/sync/base/nigori.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include <sstream> 9 #include <sstream>
10 #include <vector> 10 #include <vector>
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
72 // Suser = PBKDF2(Username || Servername, "saltsalt", Nsalt, 8) 72 // Suser = PBKDF2(Username || Servername, "saltsalt", Nsalt, 8)
73 std::unique_ptr<SymmetricKey> user_salt(SymmetricKey::DeriveKeyFromPassword( 73 std::unique_ptr<SymmetricKey> user_salt(SymmetricKey::DeriveKeyFromPassword(
74 SymmetricKey::HMAC_SHA1, salt_password.str(), kSaltSalt, kSaltIterations, 74 SymmetricKey::HMAC_SHA1, salt_password.str(), kSaltSalt, kSaltIterations,
75 kSaltKeySizeInBits)); 75 kSaltKeySizeInBits));
76 DCHECK(user_salt); 76 DCHECK(user_salt);
77 77
78 std::string raw_user_salt; 78 std::string raw_user_salt;
79 if (!user_salt->GetRawKey(&raw_user_salt)) 79 if (!user_salt->GetRawKey(&raw_user_salt))
80 return false; 80 return false;
81 81
82 // Kuser = PBKDF2(P, Suser, Nuser, 16)
83 user_key_ = SymmetricKey::DeriveKeyFromPassword(
84 SymmetricKey::AES, password, raw_user_salt, kUserIterations,
85 kDerivedKeySizeInBits);
86 DCHECK(user_key_);
87
82 // Kenc = PBKDF2(P, Suser, Nenc, 16) 88 // Kenc = PBKDF2(P, Suser, Nenc, 16)
83 encryption_key_ = SymmetricKey::DeriveKeyFromPassword( 89 encryption_key_ = SymmetricKey::DeriveKeyFromPassword(
84 SymmetricKey::AES, password, raw_user_salt, kEncryptionIterations, 90 SymmetricKey::AES, password, raw_user_salt, kEncryptionIterations,
85 kDerivedKeySizeInBits); 91 kDerivedKeySizeInBits);
86 DCHECK(encryption_key_); 92 DCHECK(encryption_key_);
87 93
88 // Kmac = PBKDF2(P, Suser, Nmac, 16) 94 // Kmac = PBKDF2(P, Suser, Nmac, 16)
89 mac_key_ = SymmetricKey::DeriveKeyFromPassword( 95 mac_key_ = SymmetricKey::DeriveKeyFromPassword(
90 SymmetricKey::HMAC_SHA1, password, raw_user_salt, kSigningIterations, 96 SymmetricKey::HMAC_SHA1, password, raw_user_salt, kSigningIterations,
91 kDerivedKeySizeInBits); 97 kDerivedKeySizeInBits);
92 DCHECK(mac_key_); 98 DCHECK(mac_key_);
93 99
94 return encryption_key_ && mac_key_; 100 return user_key_ && encryption_key_ && mac_key_;
95 } 101 }
96 102
97 bool Nigori::InitByImport(const std::string& encryption_key, 103 bool Nigori::InitByImport(const std::string& user_key,
104 const std::string& encryption_key,
98 const std::string& mac_key) { 105 const std::string& mac_key) {
106 user_key_ = SymmetricKey::Import(SymmetricKey::AES, user_key);
107
99 encryption_key_ = SymmetricKey::Import(SymmetricKey::AES, encryption_key); 108 encryption_key_ = SymmetricKey::Import(SymmetricKey::AES, encryption_key);
100 DCHECK(encryption_key_); 109 DCHECK(encryption_key_);
101 110
102 mac_key_ = SymmetricKey::Import(SymmetricKey::HMAC_SHA1, mac_key); 111 mac_key_ = SymmetricKey::Import(SymmetricKey::HMAC_SHA1, mac_key);
103 DCHECK(mac_key_); 112 DCHECK(mac_key_);
104 113
105 return encryption_key_ && mac_key_; 114 return encryption_key_ && mac_key_;
106 } 115 }
107 116
108 // Permute[Kenc,Kmac](type || name) 117 // Permute[Kenc,Kmac](type || name)
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
216 Encryptor encryptor; 225 Encryptor encryptor;
217 if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC, iv)) 226 if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC, iv))
218 return false; 227 return false;
219 228
220 if (!encryptor.Decrypt(ciphertext, value)) 229 if (!encryptor.Decrypt(ciphertext, value))
221 return false; 230 return false;
222 231
223 return true; 232 return true;
224 } 233 }
225 234
226 bool Nigori::ExportKeys(std::string* encryption_key, 235 bool Nigori::ExportKeys(std::string* user_key,
236 std::string* encryption_key,
227 std::string* mac_key) const { 237 std::string* mac_key) const {
228 DCHECK(encryption_key); 238 DCHECK(encryption_key);
229 DCHECK(mac_key); 239 DCHECK(mac_key);
230 240
241 user_key_->GetRawKey(user_key);
242
231 return encryption_key_->GetRawKey(encryption_key) && 243 return encryption_key_->GetRawKey(encryption_key) &&
232 mac_key_->GetRawKey(mac_key); 244 mac_key_->GetRawKey(mac_key);
233 } 245 }
234 246
235 } // namespace syncer 247 } // namespace syncer
OLDNEW
« no previous file with comments | « components/sync/base/nigori.h ('k') | components/sync/base/nigori_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698