• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_
6 #define CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_
7 #pragma once
8 
9 #include <map>
10 #include <string>
11 
12 #include "base/gtest_prod_util.h"
13 #include "base/memory/linked_ptr.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "chrome/browser/sync/protocol/nigori_specifics.pb.h"
16 #include "chrome/browser/sync/util/nigori.h"
17 
18 namespace browser_sync {
19 
20 extern const char kNigoriTag[];
21 
22 // The parameters used to initialize a Nigori instance.
23 struct KeyParams {
24   std::string hostname;
25   std::string username;
26   std::string password;
27 };
28 
29 // This class manages the Nigori objects used to encrypt and decrypt sensitive
30 // sync data (eg. passwords). Each Nigori object knows how to handle data
31 // protected with a particular passphrase.
32 //
33 // Whenever an update to the Nigori sync node is received from the server,
34 // SetPendingKeys should be called with the encrypted contents of that node.
35 // Most likely, an updated Nigori node means that a new passphrase has been set
36 // and that future node updates won't be decryptable. To remedy this, the user
37 // should be prompted for the new passphrase and DecryptPendingKeys be called.
38 //
39 // Whenever a update to an encrypted node is received from the server,
40 // CanDecrypt should be used to verify whether the Cryptographer can decrypt
41 // that node. If it cannot, then the application of that update should be
42 // delayed until after it can be decrypted.
43 class Cryptographer {
44  public:
45   Cryptographer();
46   ~Cryptographer();
47 
48   // |restored_bootstrap_token| can be provided via this method to bootstrap
49   // Cryptographer instance into the ready state (is_ready will be true).
50   // It must be a string that was previously built by the
51   // GetSerializedBootstrapToken function.  It is possible that the token is no
52   // longer valid (due to server key change), in which case the normal
53   // decryption code paths will fail and the user will need to provide a new
54   // passphrase.
55   // It is an error to call this if is_ready() == true, though it is fair to
56   // never call Bootstrap at all.
57   void Bootstrap(const std::string& restored_bootstrap_token);
58 
59   // Returns whether we can decrypt |encrypted| using the keys we currently know
60   // about.
61   bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const;
62 
63   // Returns whether |encrypted| can be decrypted using the default encryption
64   // key.
65   bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const;
66 
67   // Encrypts |message| into |encrypted|. Returns true unless encryption fails.
68   // Note that encryption will fail if |message| isn't valid (eg. a required
69   // field isn't set).
70   bool Encrypt(const ::google::protobuf::MessageLite& message,
71                sync_pb::EncryptedData* encrypted) const;
72 
73   // Decrypts |encrypted| into |message|. Returns true unless decryption fails,
74   // or |message| fails to parse the decrypted data.
75   bool Decrypt(const sync_pb::EncryptedData& encrypted,
76                ::google::protobuf::MessageLite* message) const;
77 
78   // Decrypts |encrypted| and returns plaintext decrypted data. If decryption
79   // fails, returns empty string.
80   std::string DecryptToString(const sync_pb::EncryptedData& encrypted) const;
81 
82   // Encrypts the set of currently known keys into |encrypted|. Returns true if
83   // successful.
84   bool GetKeys(sync_pb::EncryptedData* encrypted) const;
85 
86   // Creates a new Nigori instance using |params|. If successful, |params| will
87   // become the default encryption key and be used for all future calls to
88   // Encrypt.
89   bool AddKey(const KeyParams& params);
90 
91   // Decrypts |encrypted| and uses its contents to initialize Nigori instances.
92   // Returns true unless decryption of |encrypted| fails. The caller is
93   // responsible for checking that CanDecrypt(encrypted) == true.
94   bool SetKeys(const sync_pb::EncryptedData& encrypted);
95 
96   // Makes a local copy of |encrypted| to later be decrypted by
97   // DecryptPendingKeys. This should only be used if CanDecrypt(encrypted) ==
98   // false.
99   void SetPendingKeys(const sync_pb::EncryptedData& encrypted);
100 
101   // Attempts to decrypt the set of keys that was copied in the previous call to
102   // SetPendingKeys using |params|. Returns true if the pending keys were
103   // successfully decrypted and installed.
104   bool DecryptPendingKeys(const KeyParams& params);
105 
106   // Returns whether this Cryptographer is ready to encrypt and decrypt data.
is_ready()107   bool is_ready() const { return !nigoris_.empty() && default_nigori_; }
108 
109   // Returns whether there is a pending set of keys that needs to be decrypted.
has_pending_keys()110   bool has_pending_keys() const { return NULL != pending_keys_.get(); }
111 
112   // Obtain a token that can be provided on construction to a future
113   // Cryptographer instance to bootstrap itself.  Returns false if such a token
114   // can't be created (i.e. if this Cryptograhper doesn't have valid keys).
115   bool GetBootstrapToken(std::string* token) const;
116 
117  private:
118   FRIEND_TEST_ALL_PREFIXES(CryptographerTest, PackUnpack);
119   typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap;
120 
121   // Helper method to instantiate Nigori instances for each set of key
122   // parameters in |bag| and setting the default encryption key to
123   // |default_key_name|.
124   void InstallKeys(const std::string& default_key_name,
125                    const sync_pb::NigoriKeyBag& bag);
126 
127   bool AddKeyImpl(Nigori* nigori);
128 
129   // Functions to serialize + encrypt a Nigori object in an opaque format for
130   // persistence by sync infrastructure.
131   bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const;
132   Nigori* UnpackBootstrapToken(const std::string& token) const;
133 
134   NigoriMap nigoris_;  // The Nigoris we know about, mapped by key name.
135   NigoriMap::value_type* default_nigori_;  // The Nigori used for encryption.
136 
137   scoped_ptr<sync_pb::EncryptedData> pending_keys_;
138 
139   DISALLOW_COPY_AND_ASSIGN(Cryptographer);
140 };
141 
142 }  // namespace browser_sync
143 
144 #endif  // CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_
145