12a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Copyright 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef SYNC_UTIL_CRYPTOGRAPHER_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SYNC_UTIL_CRYPTOGRAPHER_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <map> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/gtest_prod_util.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/linked_ptr.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "sync/base/sync_export.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sync/protocol/encryption.pb.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sync/util/nigori.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sync_pb { 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class NigoriKeyBag; 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class NigoriSpecifics; 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace syncer { 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class Encryptor; 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)SYNC_EXPORT_PRIVATE extern const char kNigoriTag[]; 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// The parameters used to initialize a Nigori instance. 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct KeyParams { 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string hostname; 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string username; 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string password; 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This class manages the Nigori objects used to encrypt and decrypt sensitive 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// sync data (eg. passwords). Each Nigori object knows how to handle data 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// protected with a particular passphrase. 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Whenever an update to the Nigori sync node is received from the server, 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// SetPendingKeys should be called with the encrypted contents of that node. 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Most likely, an updated Nigori node means that a new passphrase has been set 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// and that future node updates won't be decryptable. To remedy this, the user 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// should be prompted for the new passphrase and DecryptPendingKeys be called. 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Whenever a update to an encrypted node is received from the server, 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// CanDecrypt should be used to verify whether the Cryptographer can decrypt 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// that node. If it cannot, then the application of that update should be 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// delayed until after it can be decrypted. 502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)class SYNC_EXPORT Cryptographer { 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Does not take ownership of |encryptor|. 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) explicit Cryptographer(Encryptor* encryptor); 5403b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) explicit Cryptographer(const Cryptographer& other); 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ~Cryptographer(); 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |restored_bootstrap_token| can be provided via this method to bootstrap 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Cryptographer instance into the ready state (is_ready will be true). 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // It must be a string that was previously built by the 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // GetSerializedBootstrapToken function. It is possible that the token is no 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // longer valid (due to server key change), in which case the normal 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // decryption code paths will fail and the user will need to provide a new 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // passphrase. 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // It is an error to call this if is_ready() == true, though it is fair to 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // never call Bootstrap at all. 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void Bootstrap(const std::string& restored_bootstrap_token); 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns whether we can decrypt |encrypted| using the keys we currently know 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // about. 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const; 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns whether |encrypted| can be decrypted using the default encryption 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // key. 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool CanDecryptUsingDefaultKey(const sync_pb::EncryptedData& encrypted) const; 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Encrypts |message| into |encrypted|. Does not overwrite |encrypted| if 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |message| already matches the decrypted data within |encrypted| and 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |encrypted| was encrypted with the current default key. This avoids 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // unnecessarily modifying |encrypted| if the change had no practical effect. 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns true unless encryption fails or |message| isn't valid (e.g. a 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // required field isn't set). 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool Encrypt(const ::google::protobuf::MessageLite& message, 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sync_pb::EncryptedData* encrypted) const; 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Encrypted |serialized| into |encrypted|. Does not overwrite |encrypted| if 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |message| already matches the decrypted data within |encrypted| and 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |encrypted| was encrypted with the current default key. This avoids 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // unnecessarily modifying |encrypted| if the change had no practical effect. 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns true unless encryption fails or |message| isn't valid (e.g. a 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // required field isn't set). 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool EncryptString(const std::string& serialized, 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sync_pb::EncryptedData* encrypted) const; 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Decrypts |encrypted| into |message|. Returns true unless decryption fails, 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // or |message| fails to parse the decrypted data. 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool Decrypt(const sync_pb::EncryptedData& encrypted, 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ::google::protobuf::MessageLite* message) const; 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Decrypts |encrypted| and returns plaintext decrypted data. If decryption 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // fails, returns empty string. 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string DecryptToString(const sync_pb::EncryptedData& encrypted) const; 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Encrypts the set of currently known keys into |encrypted|. Returns true if 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // successful. 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool GetKeys(sync_pb::EncryptedData* encrypted) const; 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Creates a new Nigori instance using |params|. If successful, |params| will 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // become the default encryption key and be used for all future calls to 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Encrypt. 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Will decrypt the pending keys and install them if possible (pending key 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // will not overwrite default). 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool AddKey(const KeyParams& params); 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Same as AddKey(..), but builds the new Nigori from a previously persisted 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // bootstrap token. This can be useful when consuming a bootstrap token 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // with a cryptographer that has already been initialized. 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Updates the default key. 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Will decrypt the pending keys and install them if possible (pending key 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // will not overwrite default). 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool AddKeyFromBootstrapToken(const std::string restored_bootstrap_token); 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Creates a new Nigori instance using |params|. If successful, |params| 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // will be added to the nigori keybag, but will not be the default encryption 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // key (default_nigori_ will remain the same). 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Prereq: is_initialized() must be true. 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Will decrypt the pending keys and install them if possible (pending key 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // will become the new default). 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool AddNonDefaultKey(const KeyParams& params); 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Decrypts |encrypted| and uses its contents to initialize Nigori instances. 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns true unless decryption of |encrypted| fails. The caller is 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // responsible for checking that CanDecrypt(encrypted) == true. 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Does not modify the default key. 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void InstallKeys(const sync_pb::EncryptedData& encrypted); 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Makes a local copy of |encrypted| to later be decrypted by 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // DecryptPendingKeys. This should only be used if CanDecrypt(encrypted) == 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // false. 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void SetPendingKeys(const sync_pb::EncryptedData& encrypted); 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Makes |pending_keys_| available to callers that may want to cache its 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // value for later use on the UI thread. It is illegal to call this if the 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // cryptographer has no pending keys. Like other calls that access the 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // cryptographer, this method must be called from within a transaction. 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const sync_pb::EncryptedData& GetPendingKeys() const; 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Attempts to decrypt the set of keys that was copied in the previous call to 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // SetPendingKeys using |params|. Returns true if the pending keys were 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // successfully decrypted and installed. If successful, the default key 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // is updated. 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool DecryptPendingKeys(const KeyParams& params); 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Sets the default key to the nigori with name |key_name|. |key_name| must 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // correspond to a nigori that has already been installed into the keybag. 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void SetDefaultKey(const std::string& key_name); 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool is_initialized() const { 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return !nigoris_.empty() && !default_nigori_name_.empty(); 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns whether this Cryptographer is ready to encrypt and decrypt data. 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool is_ready() const { 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return is_initialized() && !has_pending_keys(); 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns whether there is a pending set of keys that needs to be decrypted. 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool has_pending_keys() const { return NULL != pending_keys_.get(); } 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Obtain a token that can be provided on construction to a future 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Cryptographer instance to bootstrap itself. Returns false if such a token 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // can't be created (i.e. if this Cryptograhper doesn't have valid keys). 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool GetBootstrapToken(std::string* token) const; 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Encryptor* encryptor() const { return encryptor_; } 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns true if |keybag| is decryptable and either is a subset of nigoris_ 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // and/or has a different default key. 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool KeybagIsStale(const sync_pb::EncryptedData& keybag) const; 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Returns the name of the Nigori key currently used for encryption. 1815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) std::string GetDefaultNigoriKeyName() const; 1825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns a serialized sync_pb::NigoriKey version of current default 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // encryption key. 1855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) std::string GetDefaultNigoriKeyData() const; 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Generates a new Nigori from |serialized_nigori_key|, and if successful 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // installs the new nigori as the default key. 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool ImportNigoriKey(const std::string serialized_nigori_key); 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) typedef std::map<std::string, linked_ptr<const Nigori> > NigoriMap; 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Helper method to instantiate Nigori instances for each set of key 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // parameters in |bag|. 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Does not update the default nigori. 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void InstallKeyBag(const sync_pb::NigoriKeyBag& bag); 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Helper method to add a nigori to the keybag, optionally making it the 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // default as well. 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool AddKeyImpl(scoped_ptr<Nigori> nigori, bool set_as_default); 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Helper to unencrypt a bootstrap token into a serialized sync_pb::NigoriKey. 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string UnpackBootstrapToken(const std::string& token) const; 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Encryptor* const encryptor_; 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The Nigoris we know about, mapped by key name. 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NigoriMap nigoris_; 21003b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The key name associated with the default nigori. If non-empty, must 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // correspond to a nigori within |nigoris_|. 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string default_nigori_name_; 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<sync_pb::EncryptedData> pending_keys_; 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 21703b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) DISALLOW_ASSIGN(Cryptographer); 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace syncer 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // SYNC_UTIL_CRYPTOGRAPHER_H_ 223