1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "sync/util/cryptographer.h"
6
7 #include <algorithm>
8
9 #include "base/base64.h"
10 #include "base/basictypes.h"
11 #include "base/logging.h"
12 #include "sync/protocol/nigori_specifics.pb.h"
13 #include "sync/util/encryptor.h"
14
15 namespace syncer {
16
17 const char kNigoriTag[] = "google_chrome_nigori";
18
19 // We name a particular Nigori instance (ie. a triplet consisting of a hostname,
20 // a username, and a password) by calling Permute on this string. Since the
21 // output of Permute is always the same for a given triplet, clients will always
22 // assign the same name to a particular triplet.
23 const char kNigoriKeyName[] = "nigori-key";
24
Cryptographer(Encryptor * encryptor)25 Cryptographer::Cryptographer(Encryptor* encryptor)
26 : encryptor_(encryptor) {
27 DCHECK(encryptor);
28 }
29
~Cryptographer()30 Cryptographer::~Cryptographer() {}
31
32
Bootstrap(const std::string & restored_bootstrap_token)33 void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) {
34 if (is_initialized()) {
35 NOTREACHED();
36 return;
37 }
38
39 std::string serialized_nigori_key =
40 UnpackBootstrapToken(restored_bootstrap_token);
41 if (serialized_nigori_key.empty())
42 return;
43 ImportNigoriKey(serialized_nigori_key);
44 }
45
CanDecrypt(const sync_pb::EncryptedData & data) const46 bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const {
47 return nigoris_.end() != nigoris_.find(data.key_name());
48 }
49
CanDecryptUsingDefaultKey(const sync_pb::EncryptedData & data) const50 bool Cryptographer::CanDecryptUsingDefaultKey(
51 const sync_pb::EncryptedData& data) const {
52 return !default_nigori_name_.empty() &&
53 data.key_name() == default_nigori_name_;
54 }
55
Encrypt(const::google::protobuf::MessageLite & message,sync_pb::EncryptedData * encrypted) const56 bool Cryptographer::Encrypt(
57 const ::google::protobuf::MessageLite& message,
58 sync_pb::EncryptedData* encrypted) const {
59 DCHECK(encrypted);
60 if (default_nigori_name_.empty()) {
61 LOG(ERROR) << "Cryptographer not ready, failed to encrypt.";
62 return false;
63 }
64
65 std::string serialized;
66 if (!message.SerializeToString(&serialized)) {
67 LOG(ERROR) << "Message is invalid/missing a required field.";
68 return false;
69 }
70
71 return EncryptString(serialized, encrypted);
72 }
73
EncryptString(const std::string & serialized,sync_pb::EncryptedData * encrypted) const74 bool Cryptographer::EncryptString(
75 const std::string& serialized,
76 sync_pb::EncryptedData* encrypted) const {
77 if (CanDecryptUsingDefaultKey(*encrypted)) {
78 const std::string& original_serialized = DecryptToString(*encrypted);
79 if (original_serialized == serialized) {
80 DVLOG(2) << "Re-encryption unnecessary, encrypted data already matches.";
81 return true;
82 }
83 }
84
85 NigoriMap::const_iterator default_nigori =
86 nigoris_.find(default_nigori_name_);
87 if (default_nigori == nigoris_.end()) {
88 LOG(ERROR) << "Corrupt default key.";
89 return false;
90 }
91
92 encrypted->set_key_name(default_nigori_name_);
93 if (!default_nigori->second->Encrypt(serialized,
94 encrypted->mutable_blob())) {
95 LOG(ERROR) << "Failed to encrypt data.";
96 return false;
97 }
98 return true;
99 }
100
Decrypt(const sync_pb::EncryptedData & encrypted,::google::protobuf::MessageLite * message) const101 bool Cryptographer::Decrypt(const sync_pb::EncryptedData& encrypted,
102 ::google::protobuf::MessageLite* message) const {
103 DCHECK(message);
104 std::string plaintext = DecryptToString(encrypted);
105 return message->ParseFromString(plaintext);
106 }
107
DecryptToString(const sync_pb::EncryptedData & encrypted) const108 std::string Cryptographer::DecryptToString(
109 const sync_pb::EncryptedData& encrypted) const {
110 NigoriMap::const_iterator it = nigoris_.find(encrypted.key_name());
111 if (nigoris_.end() == it) {
112 NOTREACHED() << "Cannot decrypt message";
113 return std::string(); // Caller should have called CanDecrypt(encrypt).
114 }
115
116 std::string plaintext;
117 if (!it->second->Decrypt(encrypted.blob(), &plaintext)) {
118 return std::string();
119 }
120
121 return plaintext;
122 }
123
GetKeys(sync_pb::EncryptedData * encrypted) const124 bool Cryptographer::GetKeys(sync_pb::EncryptedData* encrypted) const {
125 DCHECK(encrypted);
126 DCHECK(!nigoris_.empty());
127
128 // Create a bag of all the Nigori parameters we know about.
129 sync_pb::NigoriKeyBag bag;
130 for (NigoriMap::const_iterator it = nigoris_.begin(); it != nigoris_.end();
131 ++it) {
132 const Nigori& nigori = *it->second;
133 sync_pb::NigoriKey* key = bag.add_key();
134 key->set_name(it->first);
135 nigori.ExportKeys(key->mutable_user_key(),
136 key->mutable_encryption_key(),
137 key->mutable_mac_key());
138 }
139
140 // Encrypt the bag with the default Nigori.
141 return Encrypt(bag, encrypted);
142 }
143
AddKey(const KeyParams & params)144 bool Cryptographer::AddKey(const KeyParams& params) {
145 // Create the new Nigori and make it the default encryptor.
146 scoped_ptr<Nigori> nigori(new Nigori);
147 if (!nigori->InitByDerivation(params.hostname,
148 params.username,
149 params.password)) {
150 NOTREACHED(); // Invalid username or password.
151 return false;
152 }
153 return AddKeyImpl(nigori.Pass(), true);
154 }
155
AddNonDefaultKey(const KeyParams & params)156 bool Cryptographer::AddNonDefaultKey(const KeyParams& params) {
157 DCHECK(is_initialized());
158 // Create the new Nigori and add it to the keybag.
159 scoped_ptr<Nigori> nigori(new Nigori);
160 if (!nigori->InitByDerivation(params.hostname,
161 params.username,
162 params.password)) {
163 NOTREACHED(); // Invalid username or password.
164 return false;
165 }
166 return AddKeyImpl(nigori.Pass(), false);
167 }
168
AddKeyFromBootstrapToken(const std::string restored_bootstrap_token)169 bool Cryptographer::AddKeyFromBootstrapToken(
170 const std::string restored_bootstrap_token) {
171 // Create the new Nigori and make it the default encryptor.
172 std::string serialized_nigori_key = UnpackBootstrapToken(
173 restored_bootstrap_token);
174 return ImportNigoriKey(serialized_nigori_key);
175 }
176
AddKeyImpl(scoped_ptr<Nigori> initialized_nigori,bool set_as_default)177 bool Cryptographer::AddKeyImpl(scoped_ptr<Nigori> initialized_nigori,
178 bool set_as_default) {
179 std::string name;
180 if (!initialized_nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) {
181 NOTREACHED();
182 return false;
183 }
184
185 nigoris_[name] = make_linked_ptr(initialized_nigori.release());
186
187 // Check if the key we just added can decrypt the pending keys and add them
188 // too if so.
189 if (pending_keys_.get() && CanDecrypt(*pending_keys_)) {
190 sync_pb::NigoriKeyBag pending_bag;
191 Decrypt(*pending_keys_, &pending_bag);
192 InstallKeyBag(pending_bag);
193 SetDefaultKey(pending_keys_->key_name());
194 pending_keys_.reset();
195 }
196
197 // The just-added key takes priority over the pending keys as default.
198 if (set_as_default) SetDefaultKey(name);
199 return true;
200 }
201
InstallKeys(const sync_pb::EncryptedData & encrypted)202 void Cryptographer::InstallKeys(const sync_pb::EncryptedData& encrypted) {
203 DCHECK(CanDecrypt(encrypted));
204
205 sync_pb::NigoriKeyBag bag;
206 if (!Decrypt(encrypted, &bag))
207 return;
208 InstallKeyBag(bag);
209 }
210
SetDefaultKey(const std::string & key_name)211 void Cryptographer::SetDefaultKey(const std::string& key_name) {
212 DCHECK(nigoris_.end() != nigoris_.find(key_name));
213 default_nigori_name_ = key_name;
214 }
215
SetPendingKeys(const sync_pb::EncryptedData & encrypted)216 void Cryptographer::SetPendingKeys(const sync_pb::EncryptedData& encrypted) {
217 DCHECK(!CanDecrypt(encrypted));
218 DCHECK(!encrypted.blob().empty());
219 pending_keys_.reset(new sync_pb::EncryptedData(encrypted));
220 }
221
GetPendingKeys() const222 const sync_pb::EncryptedData& Cryptographer::GetPendingKeys() const {
223 DCHECK(has_pending_keys());
224 return *(pending_keys_.get());
225 }
226
DecryptPendingKeys(const KeyParams & params)227 bool Cryptographer::DecryptPendingKeys(const KeyParams& params) {
228 Nigori nigori;
229 if (!nigori.InitByDerivation(params.hostname,
230 params.username,
231 params.password)) {
232 NOTREACHED();
233 return false;
234 }
235
236 std::string plaintext;
237 if (!nigori.Decrypt(pending_keys_->blob(), &plaintext))
238 return false;
239
240 sync_pb::NigoriKeyBag bag;
241 if (!bag.ParseFromString(plaintext)) {
242 NOTREACHED();
243 return false;
244 }
245 InstallKeyBag(bag);
246 const std::string& new_default_key_name = pending_keys_->key_name();
247 SetDefaultKey(new_default_key_name);
248 pending_keys_.reset();
249 return true;
250 }
251
GetBootstrapToken(std::string * token) const252 bool Cryptographer::GetBootstrapToken(std::string* token) const {
253 DCHECK(token);
254 std::string unencrypted_token = GetDefaultNigoriKey();
255 if (unencrypted_token.empty())
256 return false;
257
258 std::string encrypted_token;
259 if (!encryptor_->EncryptString(unencrypted_token, &encrypted_token)) {
260 NOTREACHED();
261 return false;
262 }
263
264 base::Base64Encode(encrypted_token, token);
265
266 return true;
267 }
268
UnpackBootstrapToken(const std::string & token) const269 std::string Cryptographer::UnpackBootstrapToken(
270 const std::string& token) const {
271 if (token.empty())
272 return std::string();
273
274 std::string encrypted_data;
275 if (!base::Base64Decode(token, &encrypted_data)) {
276 DLOG(WARNING) << "Could not decode token.";
277 return std::string();
278 }
279
280 std::string unencrypted_token;
281 if (!encryptor_->DecryptString(encrypted_data, &unencrypted_token)) {
282 DLOG(WARNING) << "Decryption of bootstrap token failed.";
283 return std::string();
284 }
285 return unencrypted_token;
286 }
287
InstallKeyBag(const sync_pb::NigoriKeyBag & bag)288 void Cryptographer::InstallKeyBag(const sync_pb::NigoriKeyBag& bag) {
289 int key_size = bag.key_size();
290 for (int i = 0; i < key_size; ++i) {
291 const sync_pb::NigoriKey key = bag.key(i);
292 // Only use this key if we don't already know about it.
293 if (nigoris_.end() == nigoris_.find(key.name())) {
294 scoped_ptr<Nigori> new_nigori(new Nigori);
295 if (!new_nigori->InitByImport(key.user_key(),
296 key.encryption_key(),
297 key.mac_key())) {
298 NOTREACHED();
299 continue;
300 }
301 nigoris_[key.name()] = make_linked_ptr(new_nigori.release());
302 }
303 }
304 }
305
KeybagIsStale(const sync_pb::EncryptedData & encrypted_bag) const306 bool Cryptographer::KeybagIsStale(
307 const sync_pb::EncryptedData& encrypted_bag) const {
308 if (!is_ready())
309 return false;
310 if (encrypted_bag.blob().empty())
311 return true;
312 if (!CanDecrypt(encrypted_bag))
313 return false;
314 if (!CanDecryptUsingDefaultKey(encrypted_bag))
315 return true;
316 sync_pb::NigoriKeyBag bag;
317 if (!Decrypt(encrypted_bag, &bag)) {
318 LOG(ERROR) << "Failed to decrypt keybag for stale check. "
319 << "Assuming keybag is corrupted.";
320 return true;
321 }
322 if (static_cast<size_t>(bag.key_size()) < nigoris_.size())
323 return true;
324 return false;
325 }
326
GetDefaultNigoriKey() const327 std::string Cryptographer::GetDefaultNigoriKey() const {
328 if (!is_initialized())
329 return std::string();
330 NigoriMap::const_iterator iter = nigoris_.find(default_nigori_name_);
331 if (iter == nigoris_.end())
332 return std::string();
333 sync_pb::NigoriKey key;
334 if (!iter->second->ExportKeys(key.mutable_user_key(),
335 key.mutable_encryption_key(),
336 key.mutable_mac_key()))
337 return std::string();
338 return key.SerializeAsString();
339 }
340
ImportNigoriKey(const std::string serialized_nigori_key)341 bool Cryptographer::ImportNigoriKey(const std::string serialized_nigori_key) {
342 if (serialized_nigori_key.empty())
343 return false;
344
345 sync_pb::NigoriKey key;
346 if (!key.ParseFromString(serialized_nigori_key))
347 return false;
348
349 scoped_ptr<Nigori> nigori(new Nigori);
350 if (!nigori->InitByImport(key.user_key(), key.encryption_key(),
351 key.mac_key())) {
352 NOTREACHED();
353 return false;
354 }
355
356 if (!AddKeyImpl(nigori.Pass(), true))
357 return false;
358 return true;
359 }
360
361 } // namespace syncer
362