diff options
| author | zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-01 01:13:38 +0000 |
|---|---|---|
| committer | zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-01 01:13:38 +0000 |
| commit | dc58763688f198a48493bfb472d0d0f45f2b34be (patch) | |
| tree | 2eb473939395a5b0aeac4171702069ec3eabebe3 /sync/util/cryptographer.cc | |
| parent | 8d3d7ea57ac19413cdbac93c60d9fdf9803f78e0 (diff) | |
| download | chromium_src-dc58763688f198a48493bfb472d0d0f45f2b34be.zip chromium_src-dc58763688f198a48493bfb472d0d0f45f2b34be.tar.gz chromium_src-dc58763688f198a48493bfb472d0d0f45f2b34be.tar.bz2 | |
[Sync] Persist keystore key across restarts
Adds the preference for the bootstrap token and the bootstrapping functionality
in the cryptographer so that we persist the keystore key across restarts. With
this, we should only ever do one GetKey per client, and only on the first time
that client signs in/restarts on a version with GetKey support (although it's
not persisted across signouts/profile nukes)
BUG=129665
TEST=unit_tests
Review URL: https://chromiumcodereview.appspot.com/10540149
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149344 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sync/util/cryptographer.cc')
| -rw-r--r-- | sync/util/cryptographer.cc | 54 |
1 files changed, 40 insertions, 14 deletions
diff --git a/sync/util/cryptographer.cc b/sync/util/cryptographer.cc index d63166b..c512ab6 100644 --- a/sync/util/cryptographer.cc +++ b/sync/util/cryptographer.cc @@ -49,7 +49,19 @@ void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) { scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); if (nigori.get()) - AddKeyImpl(nigori.release()); + AddKeyImpl(nigori.release(), false); +} + +void Cryptographer::BootstrapKeystoreKey( + const std::string& restored_bootstrap_token) { + if (keystore_nigori_) { + NOTREACHED(); + return; + } + + scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); + if (nigori.get()) + AddKeyImpl(nigori.release(), true); } bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const { @@ -145,7 +157,7 @@ bool Cryptographer::AddKey(const KeyParams& params) { NOTREACHED(); // Invalid username or password. return false; } - return AddKeyImpl(nigori.release()); + return AddKeyImpl(nigori.release(), false); } bool Cryptographer::AddKeyFromBootstrapToken( @@ -154,10 +166,11 @@ bool Cryptographer::AddKeyFromBootstrapToken( scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token)); if (!nigori.get()) return false; - return AddKeyImpl(nigori.release()); + return AddKeyImpl(nigori.release(), false); } -bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori) { +bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori, + bool is_keystore_key) { scoped_ptr<Nigori> nigori(initialized_nigori); std::string name; if (!nigori->Permute(Nigori::Password, kNigoriKeyName, &name)) { @@ -165,7 +178,10 @@ bool Cryptographer::AddKeyImpl(Nigori* initialized_nigori) { return false; } nigoris_[name] = make_linked_ptr(nigori.release()); - default_nigori_ = &*nigoris_.find(name); + if (is_keystore_key) + keystore_nigori_ = &*nigoris_.find(name); + else + default_nigori_ = &*nigoris_.find(name); return true; } @@ -222,6 +238,15 @@ bool Cryptographer::GetBootstrapToken(std::string* token) const { return PackBootstrapToken(default_nigori_->second.get(), token); } +bool Cryptographer::GetKeystoreKeyBootstrapToken( + std::string* token) const { + DCHECK(token); + if (!HasKeystoreKey()) + return false; + + return PackBootstrapToken(keystore_nigori_->second.get(), token); +} + bool Cryptographer::PackBootstrapToken(const Nigori* nigori, std::string* pack_into) const { DCHECK(pack_into); @@ -314,18 +339,19 @@ bool Cryptographer::SetKeystoreKey(const std::string& keystore_key) { return false; KeyParams params = {"localhost", "dummy", keystore_key}; - // AddKey updates the default nigori, so we save the current default and - // make sure the keystore_nigori_ gets updated instead. - NigoriMap::value_type* old_default = default_nigori_; - if (AddKey(params)) { - keystore_nigori_ = default_nigori_; - default_nigori_ = old_default; - return true; + // Create the new Nigori and make it the default keystore encryptor. + scoped_ptr<Nigori> nigori(new Nigori); + if (!nigori->InitByDerivation(params.hostname, + params.username, + params.password)) { + NOTREACHED(); // Invalid username or password. + return false; } - return false; + + return AddKeyImpl(nigori.release(), true); } -bool Cryptographer::HasKeystoreKey() { +bool Cryptographer::HasKeystoreKey() const { return keystore_nigori_ != NULL; } |