Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(17)

Unified Diff: chrome/browser/sync/util/nigori.cc

Issue 9699057: [Sync] Move 'sync' target to sync/ (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address Tim's comments Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/sync/util/nigori.h ('k') | chrome/browser/sync/util/nigori_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/sync/util/nigori.cc
diff --git a/chrome/browser/sync/util/nigori.cc b/chrome/browser/sync/util/nigori.cc
deleted file mode 100644
index 799a3f41c0d0ba5b6493541440a12d6b75b66198..0000000000000000000000000000000000000000
--- a/chrome/browser/sync/util/nigori.cc
+++ /dev/null
@@ -1,256 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/sync/util/nigori.h"
-
-#include <sstream>
-#include <vector>
-
-#include "base/base64.h"
-#include "base/logging.h"
-#include "base/rand_util.h"
-#include "base/string_util.h"
-#include "base/sys_byteorder.h"
-#include "crypto/encryptor.h"
-#include "crypto/hmac.h"
-
-using base::Base64Encode;
-using base::Base64Decode;
-using base::RandInt;
-using crypto::Encryptor;
-using crypto::HMAC;
-using crypto::SymmetricKey;
-
-namespace browser_sync {
-
-// NigoriStream simplifies the concatenation operation of the Nigori protocol.
-class NigoriStream {
- public:
- // Append the big-endian representation of the length of |value| with 32 bits,
- // followed by |value| itself to the stream.
- NigoriStream& operator<<(const std::string& value) {
- uint32 size = htonl(value.size());
- stream_.write((char *) &size, sizeof(uint32));
- stream_ << value;
- return *this;
- }
-
- // Append the big-endian representation of the length of |type| with 32 bits,
- // followed by the big-endian representation of the value of |type|, with 32
- // bits, to the stream.
- NigoriStream& operator<<(const Nigori::Type type) {
- uint32 size = htonl(sizeof(uint32));
- stream_.write((char *) &size, sizeof(uint32));
- uint32 value = htonl(type);
- stream_.write((char *) &value, sizeof(uint32));
- return *this;
- }
-
- std::string str() {
- return stream_.str();
- }
-
- private:
- std::ostringstream stream_;
-};
-
-// static
-const char Nigori::kSaltSalt[] = "saltsalt";
-
-Nigori::Nigori() {
-}
-
-Nigori::~Nigori() {
-}
-
-bool Nigori::InitByDerivation(const std::string& hostname,
- const std::string& username,
- const std::string& password) {
- NigoriStream salt_password;
- salt_password << username << hostname;
-
- // Suser = PBKDF2(Username || Servername, "saltsalt", Nsalt, 8)
- scoped_ptr<SymmetricKey> user_salt(SymmetricKey::DeriveKeyFromPassword(
- SymmetricKey::HMAC_SHA1, salt_password.str(),
- kSaltSalt,
- kSaltIterations,
- kSaltKeySizeInBits));
- DCHECK(user_salt.get());
-
- std::string raw_user_salt;
- if (!user_salt->GetRawKey(&raw_user_salt))
- return false;
-
- // Kuser = PBKDF2(P, Suser, Nuser, 16)
- user_key_.reset(SymmetricKey::DeriveKeyFromPassword(SymmetricKey::AES,
- password, raw_user_salt, kUserIterations, kDerivedKeySizeInBits));
- DCHECK(user_key_.get());
-
- // Kenc = PBKDF2(P, Suser, Nenc, 16)
- encryption_key_.reset(SymmetricKey::DeriveKeyFromPassword(SymmetricKey::AES,
- password, raw_user_salt, kEncryptionIterations, kDerivedKeySizeInBits));
- DCHECK(encryption_key_.get());
-
- // Kmac = PBKDF2(P, Suser, Nmac, 16)
- mac_key_.reset(SymmetricKey::DeriveKeyFromPassword(
- SymmetricKey::HMAC_SHA1, password, raw_user_salt, kSigningIterations,
- kDerivedKeySizeInBits));
- DCHECK(mac_key_.get());
-
- return user_key_.get() && encryption_key_.get() && mac_key_.get();
-}
-
-bool Nigori::InitByImport(const std::string& user_key,
- const std::string& encryption_key,
- const std::string& mac_key) {
- user_key_.reset(SymmetricKey::Import(SymmetricKey::AES, user_key));
- DCHECK(user_key_.get());
-
- encryption_key_.reset(SymmetricKey::Import(SymmetricKey::AES,
- encryption_key));
- DCHECK(encryption_key_.get());
-
- mac_key_.reset(SymmetricKey::Import(SymmetricKey::HMAC_SHA1, mac_key));
- DCHECK(mac_key_.get());
-
- return user_key_.get() && encryption_key_.get() && mac_key_.get();
-}
-
-// Permute[Kenc,Kmac](type || name)
-bool Nigori::Permute(Type type, const std::string& name,
- std::string* permuted) const {
- DCHECK_LT(0U, name.size());
-
- NigoriStream plaintext;
- plaintext << type << name;
-
- Encryptor encryptor;
- if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC,
- std::string(kIvSize, 0)))
- return false;
-
- std::string ciphertext;
- if (!encryptor.Encrypt(plaintext.str(), &ciphertext))
- return false;
-
- std::string raw_mac_key;
- if (!mac_key_->GetRawKey(&raw_mac_key))
- return false;
-
- HMAC hmac(HMAC::SHA256);
- if (!hmac.Init(raw_mac_key))
- return false;
-
- std::vector<unsigned char> hash(kHashSize);
- if (!hmac.Sign(ciphertext, &hash[0], hash.size()))
- return false;
-
- std::string output;
- output.assign(ciphertext);
- output.append(hash.begin(), hash.end());
-
- return Base64Encode(output, permuted);
-}
-
-std::string GenerateRandomString(size_t size) {
- // TODO(albertb): Use a secure random function.
- std::string random(size, 0);
- for (size_t i = 0; i < size; ++i)
- random[i] = RandInt(0, 0xff);
- return random;
-}
-
-// Enc[Kenc,Kmac](value)
-bool Nigori::Encrypt(const std::string& value, std::string* encrypted) const {
- if (0U >= value.size())
- return false;
-
- std::string iv = GenerateRandomString(kIvSize);
-
- Encryptor encryptor;
- if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC, iv))
- return false;
-
- std::string ciphertext;
- if (!encryptor.Encrypt(value, &ciphertext))
- return false;
-
- std::string raw_mac_key;
- if (!mac_key_->GetRawKey(&raw_mac_key))
- return false;
-
- HMAC hmac(HMAC::SHA256);
- if (!hmac.Init(raw_mac_key))
- return false;
-
- std::vector<unsigned char> hash(kHashSize);
- if (!hmac.Sign(ciphertext, &hash[0], hash.size()))
- return false;
-
- std::string output;
- output.assign(iv);
- output.append(ciphertext);
- output.append(hash.begin(), hash.end());
-
- return Base64Encode(output, encrypted);
-}
-
-bool Nigori::Decrypt(const std::string& encrypted, std::string* value) const {
- std::string input;
- if (!Base64Decode(encrypted, &input))
- return false;
-
- if (input.size() < kIvSize * 2 + kHashSize)
- return false;
-
- // The input is:
- // * iv (16 bytes)
- // * ciphertext (multiple of 16 bytes)
- // * hash (32 bytes)
- std::string iv(input.substr(0, kIvSize));
- std::string ciphertext(input.substr(kIvSize,
- input.size() - (kIvSize + kHashSize)));
- std::string hash(input.substr(input.size() - kHashSize, kHashSize));
-
- std::string raw_mac_key;
- if (!mac_key_->GetRawKey(&raw_mac_key))
- return false;
-
- HMAC hmac(HMAC::SHA256);
- if (!hmac.Init(raw_mac_key))
- return false;
-
- std::vector<unsigned char> expected(kHashSize);
- if (!hmac.Sign(ciphertext, &expected[0], expected.size()))
- return false;
-
- if (hash.compare(0, hash.size(),
- reinterpret_cast<char *>(&expected[0]),
- expected.size()))
- return false;
-
- Encryptor encryptor;
- if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC, iv))
- return false;
-
- std::string plaintext;
- if (!encryptor.Decrypt(ciphertext, value))
- return false;
-
- return true;
-}
-
-bool Nigori::ExportKeys(std::string* user_key,
- std::string* encryption_key,
- std::string* mac_key) const {
- DCHECK(user_key);
- DCHECK(encryption_key);
- DCHECK(mac_key);
-
- return user_key_->GetRawKey(user_key) &&
- encryption_key_->GetRawKey(encryption_key) &&
- mac_key_->GetRawKey(mac_key);
-}
-
-} // namespace browser_sync
« no previous file with comments | « chrome/browser/sync/util/nigori.h ('k') | chrome/browser/sync/util/nigori_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698