| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ | |
| 6 #define CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ | |
| 7 #pragma once | |
| 8 | |
| 9 #include <map> | |
| 10 #include <string> | |
| 11 | |
| 12 #include "base/gtest_prod_util.h" | |
| 13 #include "base/memory/linked_ptr.h" | |
| 14 #include "base/memory/scoped_ptr.h" | |
| 15 #include "base/observer_list.h" | |
| 16 #include "chrome/browser/sync/syncable/model_type.h" | |
| 17 #include "chrome/browser/sync/util/nigori.h" | |
| 18 #include "sync/protocol/encryption.pb.h" | |
| 19 #include "sync/protocol/nigori_specifics.pb.h" | |
| 20 | |
| 21 namespace browser_sync { | |
| 22 | |
| 23 class Encryptor; | |
| 24 | |
| 25 extern const char kNigoriTag[]; | |
| 26 | |
| 27 // The parameters used to initialize a Nigori instance. | |
| 28 struct KeyParams { | |
| 29 std::string hostname; | |
| 30 std::string username; | |
| 31 std::string password; | |
| 32 }; | |
| 33 | |
| 34 // This class manages the Nigori objects used to encrypt and decrypt sensitive | |
| 35 // sync data (eg. passwords). Each Nigori object knows how to handle data | |
| 36 // protected with a particular passphrase. | |
| 37 // | |
| 38 // Whenever an update to the Nigori sync node is received from the server, | |
| 39 // SetPendingKeys should be called with the encrypted contents of that node. | |
| 40 // Most likely, an updated Nigori node means that a new passphrase has been set | |
| 41 // and that future node updates won't be decryptable. To remedy this, the user | |
| 42 // should be prompted for the new passphrase and DecryptPendingKeys be called. | |
| 43 // | |
| 44 // Whenever a update to an encrypted node is received from the server, | |
| 45 // CanDecrypt should be used to verify whether the Cryptographer can decrypt | |
| 46 // that node. If it cannot, then the application of that update should be | |
| 47 // delayed until after it can be decrypted. | |
| 48 class Cryptographer { | |
| 49 public: | |
| 50 // All Observer methods are done synchronously, so they're called | |
| 51 // under a transaction (since all Cryptographer operations are done | |
| 52 // under a transaction). | |
| 53 class Observer { | |
| 54 public: | |
| 55 // Called when the set of encrypted types or the encrypt | |
| 56 // everything flag has been changed. Note that this doesn't | |
| 57 // necessarily mean that encryption has completed for the given | |
| 58 // types. | |
| 59 // | |
| 60 // |encrypted_types| will always be a superset of | |
| 61 // SensitiveTypes(). If |encrypt_everything| is true, | |
| 62 // |encrypted_types| will be the set of all known types. | |
| 63 // | |
| 64 // Until this function is called, observers can assume that the | |
| 65 // set of encrypted types is SensitiveTypes() and that the encrypt | |
| 66 // everything flag is false. | |
| 67 virtual void OnEncryptedTypesChanged( | |
| 68 syncable::ModelTypeSet encrypted_types, | |
| 69 bool encrypt_everything) = 0; | |
| 70 | |
| 71 protected: | |
| 72 virtual ~Observer(); | |
| 73 }; | |
| 74 | |
| 75 // Does not take ownership of |encryptor|. | |
| 76 explicit Cryptographer(Encryptor* encryptor); | |
| 77 ~Cryptographer(); | |
| 78 | |
| 79 // When update on cryptographer is called this enum tells if the | |
| 80 // cryptographer was succesfully able to update using the nigori node or if | |
| 81 // it needs a key to decrypt the nigori node. | |
| 82 enum UpdateResult { | |
| 83 SUCCESS, | |
| 84 NEEDS_PASSPHRASE | |
| 85 }; | |
| 86 | |
| 87 // Manage observers. | |
| 88 void AddObserver(Observer* observer); | |
| 89 void RemoveObserver(Observer* observer); | |
| 90 | |
| 91 // |restored_bootstrap_token| can be provided via this method to bootstrap | |
| 92 // Cryptographer instance into the ready state (is_ready will be true). | |
| 93 // It must be a string that was previously built by the | |
| 94 // GetSerializedBootstrapToken function. It is possible that the token is no | |
| 95 // longer valid (due to server key change), in which case the normal | |
| 96 // decryption code paths will fail and the user will need to provide a new | |
| 97 // passphrase. | |
| 98 // It is an error to call this if is_ready() == true, though it is fair to | |
| 99 // never call Bootstrap at all. | |
| 100 void Bootstrap(const std::string& restored_bootstrap_token); | |
| 101 | |
| 102 // Returns whether we can decrypt |encrypted| using the keys we currently know | |
| 103 // about. | |
| 104 bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; | |
| 105 | |
| 106 // Returns whether |encrypted| can be decrypted using the default encryption | |
| 107 // key. | |
| 108 bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; | |
| 109 | |
| 110 // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if | |
| 111 // |message| already matches the decrypted data within |encrypted| and | |
| 112 // |encrypted| was encrypted with the current default key. This avoids | |
| 113 // unnecessarily modifying |encrypted| if the change had no practical effect. | |
| 114 // Returns true unless encryption fails or |message| isn't valid (e.g. a | |
| 115 // required field isn't set). | |
| 116 bool Encrypt(const ::google::protobuf::MessageLite& message, | |
| 117 sync_pb::EncryptedData* encrypted) const; | |
| 118 | |
| 119 // Decrypts |encrypted| into |message|. Returns true unless decryption fails, | |
| 120 // or |message| fails to parse the decrypted data. | |
| 121 bool Decrypt(const sync_pb::EncryptedData& encrypted, | |
| 122 ::google::protobuf::MessageLite* message) const; | |
| 123 | |
| 124 // Decrypts |encrypted| and returns plaintext decrypted data. If decryption | |
| 125 // fails, returns empty string. | |
| 126 std::string DecryptToString(const sync_pb::EncryptedData& encrypted) const; | |
| 127 | |
| 128 // Encrypts the set of currently known keys into |encrypted|. Returns true if | |
| 129 // successful. | |
| 130 bool GetKeys(sync_pb::EncryptedData* encrypted) const; | |
| 131 | |
| 132 // Creates a new Nigori instance using |params|. If successful, |params| will | |
| 133 // become the default encryption key and be used for all future calls to | |
| 134 // Encrypt. | |
| 135 bool AddKey(const KeyParams& params); | |
| 136 | |
| 137 // Same as AddKey(..), but builds the new Nigori from a previously persisted | |
| 138 // bootstrap token. This can be useful when consuming a bootstrap token | |
| 139 // with a cryptographer that has already been initialized. | |
| 140 bool AddKeyFromBootstrapToken(const std::string restored_bootstrap_token); | |
| 141 | |
| 142 // Decrypts |encrypted| and uses its contents to initialize Nigori instances. | |
| 143 // Returns true unless decryption of |encrypted| fails. The caller is | |
| 144 // responsible for checking that CanDecrypt(encrypted) == true. | |
| 145 bool SetKeys(const sync_pb::EncryptedData& encrypted); | |
| 146 | |
| 147 // Makes a local copy of |encrypted| to later be decrypted by | |
| 148 // DecryptPendingKeys. This should only be used if CanDecrypt(encrypted) == | |
| 149 // false. | |
| 150 void SetPendingKeys(const sync_pb::EncryptedData& encrypted); | |
| 151 | |
| 152 // Makes |pending_keys_| available to callers that may want to cache its | |
| 153 // value for later use on the UI thread. It is illegal to call this if the | |
| 154 // cryptographer has no pending keys. Like other calls that access the | |
| 155 // cryptographer, this method must be called from within a transaction. | |
| 156 const sync_pb::EncryptedData& GetPendingKeys() const; | |
| 157 | |
| 158 // Attempts to decrypt the set of keys that was copied in the previous call to | |
| 159 // SetPendingKeys using |params|. Returns true if the pending keys were | |
| 160 // successfully decrypted and installed. | |
| 161 bool DecryptPendingKeys(const KeyParams& params); | |
| 162 | |
| 163 bool is_initialized() const { return !nigoris_.empty() && default_nigori_; } | |
| 164 | |
| 165 // Returns whether this Cryptographer is ready to encrypt and decrypt data. | |
| 166 bool is_ready() const { return is_initialized() && | |
| 167 has_pending_keys() == false; } | |
| 168 | |
| 169 // Returns whether there is a pending set of keys that needs to be decrypted. | |
| 170 bool has_pending_keys() const { return NULL != pending_keys_.get(); } | |
| 171 | |
| 172 // Obtain a token that can be provided on construction to a future | |
| 173 // Cryptographer instance to bootstrap itself. Returns false if such a token | |
| 174 // can't be created (i.e. if this Cryptograhper doesn't have valid keys). | |
| 175 bool GetBootstrapToken(std::string* token) const; | |
| 176 | |
| 177 // Update the cryptographer based on the contents of the nigori specifics. | |
| 178 // This updates both the encryption keys and the set of encrypted types. | |
| 179 // Returns NEEDS_PASSPHRASE if was unable to decrypt the pending keys, | |
| 180 // SUCCESS otherwise. | |
| 181 UpdateResult Update(const sync_pb::NigoriSpecifics& nigori); | |
| 182 | |
| 183 // The set of types that are always encrypted. | |
| 184 static syncable::ModelTypeSet SensitiveTypes(); | |
| 185 | |
| 186 // Reset our set of encrypted types based on the contents of the nigori | |
| 187 // specifics. | |
| 188 void UpdateEncryptedTypesFromNigori(const sync_pb::NigoriSpecifics& nigori); | |
| 189 | |
| 190 // Update the nigori to reflect the current set of encrypted types. | |
| 191 void UpdateNigoriFromEncryptedTypes(sync_pb::NigoriSpecifics* nigori) const; | |
| 192 | |
| 193 // Setter/getter for whether all current and future datatypes should | |
| 194 // be encrypted. Once set you cannot unset without reading from a | |
| 195 // new nigori node. set_encrypt_everything() emits a notification | |
| 196 // the first time it's called. | |
| 197 void set_encrypt_everything(); | |
| 198 bool encrypt_everything() const; | |
| 199 | |
| 200 // Return the set of encrypted types. | |
| 201 syncable::ModelTypeSet GetEncryptedTypes() const; | |
| 202 | |
| 203 // Forwards to MergeEncryptedTypes. | |
| 204 void MergeEncryptedTypesForTest( | |
| 205 syncable::ModelTypeSet encrypted_types); | |
| 206 | |
| 207 private: | |
| 208 FRIEND_TEST_ALL_PREFIXES(SyncCryptographerTest, PackUnpack); | |
| 209 typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; | |
| 210 | |
| 211 // Merges the given set of encrypted types with the existing set and emits a | |
| 212 // notification if necessary. | |
| 213 void MergeEncryptedTypes(syncable::ModelTypeSet encrypted_types); | |
| 214 | |
| 215 void EmitEncryptedTypesChangedNotification(); | |
| 216 | |
| 217 // Helper method to instantiate Nigori instances for each set of key | |
| 218 // parameters in |bag| and setting the default encryption key to | |
| 219 // |default_key_name|. | |
| 220 void InstallKeys(const std::string& default_key_name, | |
| 221 const sync_pb::NigoriKeyBag& bag); | |
| 222 | |
| 223 bool AddKeyImpl(Nigori* nigori); | |
| 224 | |
| 225 // Functions to serialize + encrypt a Nigori object in an opaque format for | |
| 226 // persistence by sync infrastructure. | |
| 227 bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const; | |
| 228 Nigori* UnpackBootstrapToken(const std::string& token) const; | |
| 229 | |
| 230 Encryptor* const encryptor_; | |
| 231 | |
| 232 ObserverList<Observer> observers_; | |
| 233 | |
| 234 NigoriMap nigoris_; // The Nigoris we know about, mapped by key name. | |
| 235 NigoriMap::value_type* default_nigori_; // The Nigori used for encryption. | |
| 236 | |
| 237 scoped_ptr<sync_pb::EncryptedData> pending_keys_; | |
| 238 | |
| 239 syncable::ModelTypeSet encrypted_types_; | |
| 240 bool encrypt_everything_; | |
| 241 | |
| 242 DISALLOW_COPY_AND_ASSIGN(Cryptographer); | |
| 243 }; | |
| 244 | |
| 245 } // namespace browser_sync | |
| 246 | |
| 247 #endif // CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9699057:
[Sync] Move 'sync' target to sync/ (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src