1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ 6 #define CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ 7 #pragma once 8 9 #include <map> 10 #include <string> 11 12 #include "base/gtest_prod_util.h" 13 #include "base/memory/linked_ptr.h" 14 #include "base/memory/scoped_ptr.h" 15 #include "chrome/browser/sync/protocol/nigori_specifics.pb.h" 16 #include "chrome/browser/sync/util/nigori.h" 17 18 namespace browser_sync { 19 20 extern const char kNigoriTag[]; 21 22 // The parameters used to initialize a Nigori instance. 23 struct KeyParams { 24 std::string hostname; 25 std::string username; 26 std::string password; 27 }; 28 29 // This class manages the Nigori objects used to encrypt and decrypt sensitive 30 // sync data (eg. passwords). Each Nigori object knows how to handle data 31 // protected with a particular passphrase. 32 // 33 // Whenever an update to the Nigori sync node is received from the server, 34 // SetPendingKeys should be called with the encrypted contents of that node. 35 // Most likely, an updated Nigori node means that a new passphrase has been set 36 // and that future node updates won't be decryptable. To remedy this, the user 37 // should be prompted for the new passphrase and DecryptPendingKeys be called. 38 // 39 // Whenever a update to an encrypted node is received from the server, 40 // CanDecrypt should be used to verify whether the Cryptographer can decrypt 41 // that node. If it cannot, then the application of that update should be 42 // delayed until after it can be decrypted. 43 class Cryptographer { 44 public: 45 Cryptographer(); 46 ~Cryptographer(); 47 48 // |restored_bootstrap_token| can be provided via this method to bootstrap 49 // Cryptographer instance into the ready state (is_ready will be true). 50 // It must be a string that was previously built by the 51 // GetSerializedBootstrapToken function. It is possible that the token is no 52 // longer valid (due to server key change), in which case the normal 53 // decryption code paths will fail and the user will need to provide a new 54 // passphrase. 55 // It is an error to call this if is_ready() == true, though it is fair to 56 // never call Bootstrap at all. 57 void Bootstrap(const std::string& restored_bootstrap_token); 58 59 // Returns whether we can decrypt |encrypted| using the keys we currently know 60 // about. 61 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; 62 63 // Returns whether |encrypted| can be decrypted using the default encryption 64 // key. 65 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; 66 67 // Encrypts |message| into |encrypted|. Returns true unless encryption fails. 68 // Note that encryption will fail if |message| isn't valid (eg. a required 69 // field isn't set). 70 bool Encrypt(const ::google::protobuf::MessageLite& message, 71 sync_pb::EncryptedData* encrypted) const; 72 73 // Decrypts |encrypted| into |message|. Returns true unless decryption fails, 74 // or |message| fails to parse the decrypted data. 75 bool Decrypt(const sync_pb::EncryptedData& encrypted, 76 ::google::protobuf::MessageLite* message) const; 77 78 // Decrypts |encrypted| and returns plaintext decrypted data. If decryption 79 // fails, returns empty string. 80 std::string DecryptToString(const sync_pb::EncryptedData& encrypted) const; 81 82 // Encrypts the set of currently known keys into |encrypted|. Returns true if 83 // successful. 84 bool GetKeys(sync_pb::EncryptedData* encrypted) const; 85 86 // Creates a new Nigori instance using |params|. If successful, |params| will 87 // become the default encryption key and be used for all future calls to 88 // Encrypt. 89 bool AddKey(const KeyParams& params); 90 91 // Decrypts |encrypted| and uses its contents to initialize Nigori instances. 92 // Returns true unless decryption of |encrypted| fails. The caller is 93 // responsible for checking that CanDecrypt(encrypted) == true. 94 bool SetKeys(const sync_pb::EncryptedData& encrypted); 95 96 // Makes a local copy of |encrypted| to later be decrypted by 97 // DecryptPendingKeys. This should only be used if CanDecrypt(encrypted) == 98 // false. 99 void SetPendingKeys(const sync_pb::EncryptedData& encrypted); 100 101 // Attempts to decrypt the set of keys that was copied in the previous call to 102 // SetPendingKeys using |params|. Returns true if the pending keys were 103 // successfully decrypted and installed. 104 bool DecryptPendingKeys(const KeyParams& params); 105 106 // Returns whether this Cryptographer is ready to encrypt and decrypt data. is_ready()107 bool is_ready() const { return !nigoris_.empty() && default_nigori_; } 108 109 // Returns whether there is a pending set of keys that needs to be decrypted. has_pending_keys()110 bool has_pending_keys() const { return NULL != pending_keys_.get(); } 111 112 // Obtain a token that can be provided on construction to a future 113 // Cryptographer instance to bootstrap itself. Returns false if such a token 114 // can't be created (i.e. if this Cryptograhper doesn't have valid keys). 115 bool GetBootstrapToken(std::string* token) const; 116 117 private: 118 FRIEND_TEST_ALL_PREFIXES(CryptographerTest, PackUnpack); 119 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; 120 121 // Helper method to instantiate Nigori instances for each set of key 122 // parameters in |bag| and setting the default encryption key to 123 // |default_key_name|. 124 void InstallKeys(const std::string& default_key_name, 125 const sync_pb::NigoriKeyBag& bag); 126 127 bool AddKeyImpl(Nigori* nigori); 128 129 // Functions to serialize + encrypt a Nigori object in an opaque format for 130 // persistence by sync infrastructure. 131 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; 132 Nigori* UnpackBootstrapToken(const std::string& token) const; 133 134 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. 135 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. 136 137 scoped_ptr<sync_pb::EncryptedData> pending_keys_; 138 139 DISALLOW_COPY_AND_ASSIGN(Cryptographer); 140 }; 141 142 } // namespace browser_sync 143 144 #endif // CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ 145