blob: e2ab5e288d96f501489013da7393c83f61c39047 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "sync/util/cryptographer.h"
#include <algorithm>
#include "base/base64.h"
#include "base/logging.h"
#include "sync/util/encryptor.h"
namespace browser_sync {
const char kNigoriTag[] = "google_chrome_nigori";
// We name a particular Nigori instance (ie. a triplet consisting of a hostname,
// a username, and a password) by calling Permute on this string. Since the
// output of Permute is always the same for a given triplet, clients will always
// assign the same name to a particular triplet.
const char kNigoriKeyName[] = "nigori-key";
Cryptographer::Observer::~Observer() {}
Cryptographer::Cryptographer(Encryptor* encryptor)
: encryptor_(encryptor),
default_nigori_(NULL),
encrypted_types_(SensitiveTypes()),
encrypt_everything_(false) {
DCHECK(encryptor);
}
Cryptographer::~Cryptographer() {}
void Cryptographer::AddObserver(Observer* observer) {
observers_.AddObserver(observer);
}
void Cryptographer::RemoveObserver(Observer* observer) {
observers_.RemoveObserver(observer);
}
void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) {
if (is_initialized()) {
NOTREACHED();
return;
}
scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
if (nigori.get())
AddKeyImpl(nigori.release());
}
bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const {
return nigoris_.end() != nigoris_.find(data.key_name());
}
bool Cryptographer::CanDecryptUsingDefaultKey(
const sync_pb::EncryptedData& data) const {
return default_nigori_ && (data.key_name() == default_nigori_->first);
}
bool Cryptographer::Encrypt(
const ::google::protobuf::MessageLite& message,
sync_pb::EncryptedData* encrypted) const {
DCHECK(encrypted);
if (!default_nigori_) {
LOG(ERROR) << "Cryptographer not ready, failed to encrypt.";
return false;
}
std::string serialized;
if (!message.SerializeToString(&serialized)) {
LOG(ERROR) << "Message is invalid/missing a required field.";
return false;
}
if (CanDecryptUsingDefaultKey(*encrypted)) {
const std::string& original_serialized = DecryptToString(*encrypted);
if (original_serialized == serialized) {
DVLOG(2) << "Re-encryption unnecessary, encrypted data already matches.";
return true;
}
}
encrypted->set_key_name(default_nigori_->first);
if (!default_nigori_->second->Encrypt(serialized,
encrypted->mutable_blob())) {
LOG(ERROR) << "Failed to encrypt data.";
return false;
}
return true;
}
bool Cryptographer::Decrypt(const sync_pb::EncryptedData& encrypted,
::google::protobuf::MessageLite* message) const {
DCHECK(message);
std::string plaintext = DecryptToString(encrypted);
return message->ParseFromString(plaintext);
}
std::string Cryptographer::DecryptToString(
const sync_pb::EncryptedData& encrypted) const {
NigoriMap::const_iterator it = nigoris_.find(encrypted.key_name());
if (nigoris_.end() == it) {
NOTREACHED() << "Cannot decrypt message";
return std::string(""); // Caller should have called CanDecrypt(encrypt).
}
std::string plaintext;
if (!it->second->Decrypt(encrypted.blob(), &plaintext)) {
return std::string("");
}
return plaintext;
}
bool Cryptographer::GetKeys(sync_pb::EncryptedData* encrypted) const {
DCHECK(encrypted);
DCHECK(!nigoris_.empty());
// Create a bag of all the Nigori parameters we know about.
sync_pb::NigoriKeyBag bag;
for (NigoriMap::const_iterator it = nigoris_.begin(); it != nigoris_.end();
++it) {
const Nigori& nigori = *it->second;
sync_pb::NigoriKey* key = bag.add_key();
key->set_name(it->first);
nigori.ExportKeys(key->mutable_user_key(),
key->mutable_encryption_key(),
key->mutable_mac_key());
}
// Encrypt the bag with the default Nigori.
return Encrypt(bag, encrypted);
}
bool Cryptographer::AddKey(const KeyParams& params) {
// Create the new Nigori and make it the default encryptor.
scoped_ptr<Nigori> nigori(new Nigori);
if (!nigori->InitByDerivation(params.hostname,
params.username,
params.password)) {
NOTREACHED(); // Invalid username or password.
return false;
}
return AddKeyImpl(nigori.release());
}
bool Cryptographer::AddKeyFromBootstrapToken(
const std::string restored_bootstrap_token) {
// Create the new Nigori and make it the default encryptor.
scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
if (!nigori.get())
return false;
return AddKeyImpl(nigori.release());
}
bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori) {
scoped_ptr<Nigori> nigori(initialized_nigori);
std::string name;
if (!nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) {
NOTREACHED();
return false;
}
nigoris_[name] = make_linked_ptr(nigori.release());
default_nigori_ = &*nigoris_.find(name);
return true;
}
void Cryptographer::InstallKeys(const sync_pb::EncryptedData& encrypted) {
DCHECK(CanDecrypt(encrypted));
sync_pb::NigoriKeyBag bag;
if (!Decrypt(encrypted, &bag))
return;
InstallKeyBag(bag);
}
void Cryptographer::SetPendingKeys(const sync_pb::EncryptedData& encrypted) {
DCHECK(!CanDecrypt(encrypted));
pending_keys_.reset(new sync_pb::EncryptedData(encrypted));
}
const sync_pb::EncryptedData& Cryptographer::GetPendingKeys() const {
DCHECK(has_pending_keys());
return *(pending_keys_.get());
}
bool Cryptographer::DecryptPendingKeys(const KeyParams& params) {
Nigori nigori;
if (!nigori.InitByDerivation(params.hostname,
params.username,
params.password)) {
NOTREACHED();
return false;
}
std::string plaintext;
if (!nigori.Decrypt(pending_keys_->blob(), &plaintext))
return false;
sync_pb::NigoriKeyBag bag;
if (!bag.ParseFromString(plaintext)) {
NOTREACHED();
return false;
}
InstallKeyBag(bag);
const std::string& new_default_key_name = pending_keys_->key_name();
DCHECK(nigoris_.end() != nigoris_.find(new_default_key_name));
default_nigori_ = &*nigoris_.find(new_default_key_name);
pending_keys_.reset();
return true;
}
bool Cryptographer::GetBootstrapToken(std::string* token) const {
DCHECK(token);
if (!is_initialized())
return false;
return PackBootstrapToken(default_nigori_->second.get(), token);
}
bool Cryptographer::PackBootstrapToken(const Nigori* nigori,
std::string* pack_into) const {
DCHECK(pack_into);
DCHECK(nigori);
sync_pb::NigoriKey key;
if (!nigori->ExportKeys(key.mutable_user_key(),
key.mutable_encryption_key(),
key.mutable_mac_key())) {
NOTREACHED();
return false;
}
std::string unencrypted_token;
if (!key.SerializeToString(&unencrypted_token)) {
NOTREACHED();
return false;
}
std::string encrypted_token;
if (!encryptor_->EncryptString(unencrypted_token, &encrypted_token)) {
NOTREACHED();
return false;
}
if (!base::Base64Encode(encrypted_token, pack_into)) {
NOTREACHED();
return false;
}
return true;
}
Nigori* Cryptographer::UnpackBootstrapToken(const std::string& token) const {
if (token.empty())
return NULL;
std::string encrypted_data;
if (!base::Base64Decode(token, &encrypted_data)) {
DLOG(WARNING) << "Could not decode token.";
return NULL;
}
std::string unencrypted_token;
if (!encryptor_->DecryptString(encrypted_data, &unencrypted_token)) {
DLOG(WARNING) << "Decryption of bootstrap token failed.";
return NULL;
}
sync_pb::NigoriKey key;
if (!key.ParseFromString(unencrypted_token)) {
DLOG(WARNING) << "Parsing of bootstrap token failed.";
return NULL;
}
scoped_ptr<Nigori> nigori(new Nigori);
if (!nigori->InitByImport(key.user_key(), key.encryption_key(),
key.mac_key())) {
NOTREACHED();
return NULL;
}
return nigori.release();
}
Cryptographer::UpdateResult Cryptographer::Update(
const sync_pb::NigoriSpecifics& nigori) {
UpdateEncryptedTypesFromNigori(nigori);
if (!nigori.encrypted().blob().empty()) {
if (CanDecrypt(nigori.encrypted())) {
InstallKeys(nigori.encrypted());
// We only update the default passphrase if this was a new explicit
// passphrase. Else, since it was decryptable, it must not have been a new
// key.
if (nigori.using_explicit_passphrase()) {
std::string new_default_key_name = nigori.encrypted().key_name();
DCHECK(nigoris_.end() != nigoris_.find(new_default_key_name));
default_nigori_ = &*nigoris_.find(new_default_key_name);
}
return Cryptographer::SUCCESS;
} else {
SetPendingKeys(nigori.encrypted());
return Cryptographer::NEEDS_PASSPHRASE;
}
}
return Cryptographer::SUCCESS;
}
// Static
syncable::ModelTypeSet Cryptographer::SensitiveTypes() {
// Both of these have their own encryption schemes, but we include them
// anyways.
syncable::ModelTypeSet types;
types.Put(syncable::PASSWORDS);
types.Put(syncable::NIGORI);
return types;
}
void Cryptographer::UpdateEncryptedTypesFromNigori(
const sync_pb::NigoriSpecifics& nigori) {
if (nigori.encrypt_everything()) {
set_encrypt_everything();
return;
}
syncable::ModelTypeSet encrypted_types(SensitiveTypes());
if (nigori.encrypt_bookmarks())
encrypted_types.Put(syncable::BOOKMARKS);
if (nigori.encrypt_preferences())
encrypted_types.Put(syncable::PREFERENCES);
if (nigori.encrypt_autofill_profile())
encrypted_types.Put(syncable::AUTOFILL_PROFILE);
if (nigori.encrypt_autofill())
encrypted_types.Put(syncable::AUTOFILL);
if (nigori.encrypt_themes())
encrypted_types.Put(syncable::THEMES);
if (nigori.encrypt_typed_urls())
encrypted_types.Put(syncable::TYPED_URLS);
if (nigori.encrypt_extension_settings())
encrypted_types.Put(syncable::EXTENSION_SETTINGS);
if (nigori.encrypt_extensions())
encrypted_types.Put(syncable::EXTENSIONS);
if (nigori.encrypt_search_engines())
encrypted_types.Put(syncable::SEARCH_ENGINES);
if (nigori.encrypt_sessions())
encrypted_types.Put(syncable::SESSIONS);
if (nigori.encrypt_app_settings())
encrypted_types.Put(syncable::APP_SETTINGS);
if (nigori.encrypt_apps())
encrypted_types.Put(syncable::APPS);
if (nigori.encrypt_app_notifications())
encrypted_types.Put(syncable::APP_NOTIFICATIONS);
// Note: the initial version with encryption did not support the
// encrypt_everything field. If anything more than the sensitive types were
// encrypted, it meant we were encrypting everything.
if (!nigori.has_encrypt_everything() &&
!Difference(encrypted_types, SensitiveTypes()).Empty()) {
set_encrypt_everything();
return;
}
MergeEncryptedTypes(encrypted_types);
}
void Cryptographer::UpdateNigoriFromEncryptedTypes(
sync_pb::NigoriSpecifics* nigori) const {
nigori->set_encrypt_everything(encrypt_everything_);
nigori->set_encrypt_bookmarks(
encrypted_types_.Has(syncable::BOOKMARKS));
nigori->set_encrypt_preferences(
encrypted_types_.Has(syncable::PREFERENCES));
nigori->set_encrypt_autofill_profile(
encrypted_types_.Has(syncable::AUTOFILL_PROFILE));
nigori->set_encrypt_autofill(encrypted_types_.Has(syncable::AUTOFILL));
nigori->set_encrypt_themes(encrypted_types_.Has(syncable::THEMES));
nigori->set_encrypt_typed_urls(
encrypted_types_.Has(syncable::TYPED_URLS));
nigori->set_encrypt_extension_settings(
encrypted_types_.Has(syncable::EXTENSION_SETTINGS));
nigori->set_encrypt_extensions(
encrypted_types_.Has(syncable::EXTENSIONS));
nigori->set_encrypt_search_engines(
encrypted_types_.Has(syncable::SEARCH_ENGINES));
nigori->set_encrypt_sessions(encrypted_types_.Has(syncable::SESSIONS));
nigori->set_encrypt_app_settings(
encrypted_types_.Has(syncable::APP_SETTINGS));
nigori->set_encrypt_apps(encrypted_types_.Has(syncable::APPS));
nigori->set_encrypt_app_notifications(
encrypted_types_.Has(syncable::APP_NOTIFICATIONS));
}
void Cryptographer::set_encrypt_everything() {
if (encrypt_everything_) {
DCHECK(encrypted_types_.Equals(syncable::ModelTypeSet::All()));
return;
}
encrypt_everything_ = true;
// Change |encrypted_types_| directly to avoid sending more than one
// notification.
encrypted_types_ = syncable::ModelTypeSet::All();
EmitEncryptedTypesChangedNotification();
}
bool Cryptographer::encrypt_everything() const {
return encrypt_everything_;
}
syncable::ModelTypeSet Cryptographer::GetEncryptedTypes() const {
return encrypted_types_;
}
void Cryptographer::MergeEncryptedTypesForTest(
syncable::ModelTypeSet encrypted_types) {
MergeEncryptedTypes(encrypted_types);
}
void Cryptographer::MergeEncryptedTypes(
syncable::ModelTypeSet encrypted_types) {
if (encrypted_types_.HasAll(encrypted_types)) {
return;
}
encrypted_types_ = encrypted_types;
EmitEncryptedTypesChangedNotification();
}
void Cryptographer::EmitEncryptedTypesChangedNotification() {
FOR_EACH_OBSERVER(
Observer, observers_,
OnEncryptedTypesChanged(encrypted_types_, encrypt_everything_));
}
void Cryptographer::InstallKeyBag(const sync_pb::NigoriKeyBag& bag) {
int key_size = bag.key_size();
for (int i = 0; i < key_size; ++i) {
const sync_pb::NigoriKey key = bag.key(i);
// Only use this key if we don't already know about it.
if (nigoris_.end() == nigoris_.find(key.name())) {
scoped_ptr<Nigori> new_nigori(new Nigori);
if (!new_nigori->InitByImport(key.user_key(),
key.encryption_key(),
key.mac_key())) {
NOTREACHED();
continue;
}
nigoris_[key.name()] = make_linked_ptr(new_nigori.release());
}
}
}
} // namespace browser_sync