Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(264)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/sync/base/nigori.h

Issue 2813453004: [sync] Fix decryption failure caused by missing user_key (Closed)
Patch Set: Restore derivation check, add tests Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/sync/base/cryptographer.cc ('k') | components/sync/base/nigori.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 The Chromium Authors. All rights reserved. 1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef COMPONENTS_SYNC_BASE_NIGORI_H_ 5 #ifndef COMPONENTS_SYNC_BASE_NIGORI_H_
6 #define COMPONENTS_SYNC_BASE_NIGORI_H_ 6 #define COMPONENTS_SYNC_BASE_NIGORI_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 9
10 #include <memory> 10 #include <memory>
(...skipping 23 matching lines...) Expand all
34 Nigori(); 34 Nigori();
35 virtual ~Nigori(); 35 virtual ~Nigori();
36 36
37 // Initialize the client with the given |hostname|, |username| and |password|. 37 // Initialize the client with the given |hostname|, |username| and |password|.
38 bool InitByDerivation(const std::string& hostname, 38 bool InitByDerivation(const std::string& hostname,
39 const std::string& username, 39 const std::string& username,
40 const std::string& password); 40 const std::string& password);
41 41
42 // Initialize the client by importing the given keys instead of deriving new 42 // Initialize the client by importing the given keys instead of deriving new
43 // ones. 43 // ones.
44 bool InitByImport(const std::string& encryption_key, 44 bool InitByImport(const std::string& user_key,
45 const std::string& encryption_key,
45 const std::string& mac_key); 46 const std::string& mac_key);
46 47
47 // Derives a secure lookup name from |type| and |name|. If |hostname|, 48 // Derives a secure lookup name from |type| and |name|. If |hostname|,
48 // |username| and |password| are kept constant, a given |type| and |name| pair 49 // |username| and |password| are kept constant, a given |type| and |name| pair
49 // always yields the same |permuted| value. Note that |permuted| will be 50 // always yields the same |permuted| value. Note that |permuted| will be
50 // Base64 encoded. 51 // Base64 encoded.
51 bool Permute(Type type, const std::string& name, std::string* permuted) const; 52 bool Permute(Type type, const std::string& name, std::string* permuted) const;
52 53
53 // Encrypts |value|. Note that on success, |encrypted| will be Base64 54 // Encrypts |value|. Note that on success, |encrypted| will be Base64
54 // encoded. 55 // encoded.
55 bool Encrypt(const std::string& value, std::string* encrypted) const; 56 bool Encrypt(const std::string& value, std::string* encrypted) const;
56 57
57 // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64 58 // Decrypts |value| into |decrypted|. It is assumed that |value| is Base64
58 // encoded. 59 // encoded.
59 bool Decrypt(const std::string& value, std::string* decrypted) const; 60 bool Decrypt(const std::string& value, std::string* decrypted) const;
60 61
61 // Exports the raw derived keys. 62 // Exports the raw derived keys.
62 bool ExportKeys(std::string* encryption_key, std::string* mac_key) const; 63 bool ExportKeys(std::string* user_key,
64 std::string* encryption_key,
65 std::string* mac_key) const;
63 66
64 static const char kSaltSalt[]; // The salt used to derive the user salt. 67 static const char kSaltSalt[]; // The salt used to derive the user salt.
65 static const size_t kSaltKeySizeInBits = 128; 68 static const size_t kSaltKeySizeInBits = 128;
66 static const size_t kDerivedKeySizeInBits = 128; 69 static const size_t kDerivedKeySizeInBits = 128;
67 static const size_t kIvSize = 16; 70 static const size_t kIvSize = 16;
68 static const size_t kHashSize = 32; 71 static const size_t kHashSize = 32;
69 72
70 static const size_t kSaltIterations = 1001; 73 static const size_t kSaltIterations = 1001;
74 static const size_t kUserIterations = 1002;
71 static const size_t kEncryptionIterations = 1003; 75 static const size_t kEncryptionIterations = 1003;
72 static const size_t kSigningIterations = 1004; 76 static const size_t kSigningIterations = 1004;
73 77
74 private: 78 private:
79 // user_key isn't used any more, but legacy clients will fail to import a
80 // nigori node without one. We preserve it for the sake of those clients, but
81 // it should be removed once enough clients have upgraded to code that doesn't
82 // enforce its presence.
83 std::unique_ptr<crypto::SymmetricKey> user_key_;
75 std::unique_ptr<crypto::SymmetricKey> encryption_key_; 84 std::unique_ptr<crypto::SymmetricKey> encryption_key_;
76 std::unique_ptr<crypto::SymmetricKey> mac_key_; 85 std::unique_ptr<crypto::SymmetricKey> mac_key_;
77 }; 86 };
78 87
79 } // namespace syncer 88 } // namespace syncer
80 89
81 #endif // COMPONENTS_SYNC_BASE_NIGORI_H_ 90 #endif // COMPONENTS_SYNC_BASE_NIGORI_H_
OLDNEW
« no previous file with comments | « components/sync/base/cryptographer.cc ('k') | components/sync/base/nigori.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698