Home | History | Annotate | Download | only in util 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_
      6 #define CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_
      7 #pragma once
      8 
      9 #include <map>
     10 #include <string>
     11 
     12 #include "base/gtest_prod_util.h"
     13 #include "base/memory/linked_ptr.h"
     14 #include "base/memory/scoped_ptr.h"
     15 #include "chrome/browser/sync/protocol/nigori_specifics.pb.h"
     16 #include "chrome/browser/sync/util/nigori.h"
     17 
     18 namespace browser_sync {
     19 
     20 extern const char kNigoriTag[];
     21 
     22 // The parameters used to initialize a Nigori instance.
     23 struct KeyParams {
     24   std::string hostname;
     25   std::string username;
     26   std::string password;
     27 };
     28 
     29 // This class manages the Nigori objects used to encrypt and decrypt sensitive
     30 // sync data (eg. passwords). Each Nigori object knows how to handle data
     31 // protected with a particular passphrase.
     32 //
     33 // Whenever an update to the Nigori sync node is received from the server,
     34 // SetPendingKeys should be called with the encrypted contents of that node.
     35 // Most likely, an updated Nigori node means that a new passphrase has been set
     36 // and that future node updates won't be decryptable. To remedy this, the user
     37 // should be prompted for the new passphrase and DecryptPendingKeys be called.
     38 //
     39 // Whenever a update to an encrypted node is received from the server,
     40 // CanDecrypt should be used to verify whether the Cryptographer can decrypt
     41 // that node. If it cannot, then the application of that update should be
     42 // delayed until after it can be decrypted.
     43 class Cryptographer {
     44  public:
     45   Cryptographer();
     46   ~Cryptographer();
     47 
     48   // |restored_bootstrap_token| can be provided via this method to bootstrap
     49   // Cryptographer instance into the ready state (is_ready will be true).
     50   // It must be a string that was previously built by the
     51   // GetSerializedBootstrapToken function.  It is possible that the token is no
     52   // longer valid (due to server key change), in which case the normal
     53   // decryption code paths will fail and the user will need to provide a new
     54   // passphrase.
     55   // It is an error to call this if is_ready() == true, though it is fair to
     56   // never call Bootstrap at all.
     57   void Bootstrap(const std::string& restored_bootstrap_token);
     58 
     59   // Returns whether we can decrypt |encrypted| using the keys we currently know
     60   // about.
     61   bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const;
     62 
     63   // Returns whether |encrypted| can be decrypted using the default encryption
     64   // key.
     65   bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const;
     66 
     67   // Encrypts |message| into |encrypted|. Returns true unless encryption fails.
     68   // Note that encryption will fail if |message| isn't valid (eg. a required
     69   // field isn't set).
     70   bool Encrypt(const ::google::protobuf::MessageLite& message,
     71                sync_pb::EncryptedData* encrypted) const;
     72 
     73   // Decrypts |encrypted| into |message|. Returns true unless decryption fails,
     74   // or |message| fails to parse the decrypted data.
     75   bool Decrypt(const sync_pb::EncryptedData& encrypted,
     76                ::google::protobuf::MessageLite* message) const;
     77 
     78   // Decrypts |encrypted| and returns plaintext decrypted data. If decryption
     79   // fails, returns empty string.
     80   std::string DecryptToString(const sync_pb::EncryptedData& encrypted) const;
     81 
     82   // Encrypts the set of currently known keys into |encrypted|. Returns true if
     83   // successful.
     84   bool GetKeys(sync_pb::EncryptedData* encrypted) const;
     85 
     86   // Creates a new Nigori instance using |params|. If successful, |params| will
     87   // become the default encryption key and be used for all future calls to
     88   // Encrypt.
     89   bool AddKey(const KeyParams& params);
     90 
     91   // Decrypts |encrypted| and uses its contents to initialize Nigori instances.
     92   // Returns true unless decryption of |encrypted| fails. The caller is
     93   // responsible for checking that CanDecrypt(encrypted) == true.
     94   bool SetKeys(const sync_pb::EncryptedData& encrypted);
     95 
     96   // Makes a local copy of |encrypted| to later be decrypted by
     97   // DecryptPendingKeys. This should only be used if CanDecrypt(encrypted) ==
     98   // false.
     99   void SetPendingKeys(const sync_pb::EncryptedData& encrypted);
    100 
    101   // Attempts to decrypt the set of keys that was copied in the previous call to
    102   // SetPendingKeys using |params|. Returns true if the pending keys were
    103   // successfully decrypted and installed.
    104   bool DecryptPendingKeys(const KeyParams& params);
    105 
    106   // Returns whether this Cryptographer is ready to encrypt and decrypt data.
    107   bool is_ready() const { return !nigoris_.empty() && default_nigori_; }
    108 
    109   // Returns whether there is a pending set of keys that needs to be decrypted.
    110   bool has_pending_keys() const { return NULL != pending_keys_.get(); }
    111 
    112   // Obtain a token that can be provided on construction to a future
    113   // Cryptographer instance to bootstrap itself.  Returns false if such a token
    114   // can't be created (i.e. if this Cryptograhper doesn't have valid keys).
    115   bool GetBootstrapToken(std::string* token) const;
    116 
    117  private:
    118   FRIEND_TEST_ALL_PREFIXES(CryptographerTest, PackUnpack);
    119   typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap;
    120 
    121   // Helper method to instantiate Nigori instances for each set of key
    122   // parameters in |bag| and setting the default encryption key to
    123   // |default_key_name|.
    124   void InstallKeys(const std::string& default_key_name,
    125                    const sync_pb::NigoriKeyBag& bag);
    126 
    127   bool AddKeyImpl(Nigori* nigori);
    128 
    129   // Functions to serialize + encrypt a Nigori object in an opaque format for
    130   // persistence by sync infrastructure.
    131   bool PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const;
    132   Nigori* UnpackBootstrapToken(const std::string& token) const;
    133 
    134   NigoriMap nigoris_;  // The Nigoris we know about, mapped by key name.
    135   NigoriMap::value_type* default_nigori_;  // The Nigori used for encryption.
    136 
    137   scoped_ptr<sync_pb::EncryptedData> pending_keys_;
    138 
    139   DISALLOW_COPY_AND_ASSIGN(Cryptographer);
    140 };
    141 
    142 }  // namespace browser_sync
    143 
    144 #endif  // CHROME_BROWSER_SYNC_UTIL_CRYPTOGRAPHER_H_
    145