blob: 2b546509e7eae67613e3400453a66d4bbe2eb46c [file]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/sync/nigori/keystore_keys_cryptographer.h"
#include <utility>
#include "base/memory/ptr_util.h"
#include "components/sync/nigori/cryptographer_impl.h"
#include "components/sync/protocol/encryption.pb.h"
#include "components/sync/protocol/nigori_specifics.pb.h"
namespace syncer {
// static
std::unique_ptr<KeystoreKeysCryptographer>
KeystoreKeysCryptographer::CreateEmpty() {
return base::WrapUnique(new KeystoreKeysCryptographer(
CryptographerImpl::CreateEmpty(),
/*keystore_keys=*/std::vector<std::string>()));
}
// static
std::unique_ptr<KeystoreKeysCryptographer>
KeystoreKeysCryptographer::FromKeystoreKeys(
const std::vector<std::string>& keystore_keys) {
if (keystore_keys.empty()) {
return CreateEmpty();
}
std::unique_ptr<CryptographerImpl> cryptographer =
CryptographerImpl::CreateEmpty();
std::string last_key_name;
for (const std::string& key : keystore_keys) {
last_key_name =
cryptographer->EmplaceKey(key, KeyDerivationParams::CreateForPbkdf2());
// TODO(crbug.com/922900): possible behavioral change. Old implementation
// fails only if we failed to add current keystore key. Failing to add any
// of these keys doesn't seem valid. This line seems to be a good candidate
// for UMA, as it's not a normal situation, if we fail to add any key.
if (last_key_name.empty()) {
return nullptr;
}
}
DCHECK(!last_key_name.empty());
cryptographer->SelectDefaultEncryptionKey(last_key_name);
return base::WrapUnique(
new KeystoreKeysCryptographer(std::move(cryptographer), keystore_keys));
}
KeystoreKeysCryptographer::KeystoreKeysCryptographer(
std::unique_ptr<CryptographerImpl> cryptographer,
const std::vector<std::string>& keystore_keys)
: cryptographer_(std::move(cryptographer)), keystore_keys_(keystore_keys) {
DCHECK(cryptographer_);
}
KeystoreKeysCryptographer::~KeystoreKeysCryptographer() = default;
std::string KeystoreKeysCryptographer::GetLastKeystoreKeyName() const {
return cryptographer_->GetDefaultEncryptionKeyName();
}
bool KeystoreKeysCryptographer::IsEmpty() const {
return keystore_keys_.empty();
}
std::unique_ptr<KeystoreKeysCryptographer> KeystoreKeysCryptographer::Clone()
const {
return base::WrapUnique(new KeystoreKeysCryptographer(
cryptographer_->CloneImpl(), keystore_keys_));
}
std::unique_ptr<CryptographerImpl>
KeystoreKeysCryptographer::ToCryptographerImpl() const {
return cryptographer_->CloneImpl();
}
bool KeystoreKeysCryptographer::EncryptKeystoreDecryptorToken(
const sync_pb::NigoriKey& keystore_decryptor_key,
sync_pb::EncryptedData* keystore_decryptor_token) const {
DCHECK(keystore_decryptor_token);
if (IsEmpty()) {
return false;
}
return cryptographer_->EncryptString(
keystore_decryptor_key.SerializeAsString(), keystore_decryptor_token);
}
bool KeystoreKeysCryptographer::DecryptKeystoreDecryptorToken(
const sync_pb::EncryptedData& keystore_decryptor_token,
sync_pb::NigoriKey* keystore_decryptor_key) const {
return cryptographer_->Decrypt(keystore_decryptor_token,
keystore_decryptor_key);
}
} // namespace syncer