1 // Copyright 2019 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef COMPONENTS_SYNC_NIGORI_CRYPTOGRAPHER_H_
6 #define COMPONENTS_SYNC_NIGORI_CRYPTOGRAPHER_H_
7 
8 #include <memory>
9 #include <string>
10 
11 #include "base/macros.h"
12 #include "components/sync/protocol/encryption.pb.h"
13 
14 namespace syncer {
15 
16 // Interface used to encrypt and decrypt sensitive sync data (eg. passwords).
17 class Cryptographer {
18  public:
19   Cryptographer();
20   virtual ~Cryptographer();
21 
22   virtual std::unique_ptr<Cryptographer> Clone() const = 0;
23 
24   // Returns whether this cryptographer is ready to encrypt data, using
25   // EncryptString(). This usually means that a default encryption key is
26   // available and there are no pending keys.
27   virtual bool CanEncrypt() const = 0;
28 
29   // Returns whether this cryptographer can decrypt |encrypted| using any of
30   // the known keys.
31   virtual bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const = 0;
32 
33   // Returns a name that uniquely identifies the key used for encryption.
34   virtual std::string GetDefaultEncryptionKeyName() const = 0;
35 
36   // Encrypted |decrypted| into |*encrypted|. |encrypted| must not be null.
37   // Returns false in case of error, which most notably includes the case
38   // where CanEncrypt() returns false.
39   virtual bool EncryptString(const std::string& decrypted,
40                              sync_pb::EncryptedData* encrypted) const = 0;
41 
42   // Decrypts |encrypted| as a plaintext decrypted data into |*decrypted|.
43   // |decrypted| must not be null. Returns false in case of error, which most
44   // notably includes the case where CanDecrypt() would have returned false.
45   virtual bool DecryptToString(const sync_pb::EncryptedData& encrypted,
46                                std::string* decrypted) const = 0;
47 
48   // Convenience function to deal with protocol buffers. It uses EncryptString()
49   // after serialization.
50   bool Encrypt(const ::google::protobuf::MessageLite& message,
51                sync_pb::EncryptedData* encrypted) const;
52 
53   // Convenience function to deal with protocol buffers. After decryption, it
54   // parses the decrypted content into a protocol buffer.
55   bool Decrypt(const sync_pb::EncryptedData& encrypted,
56                ::google::protobuf::MessageLite* message) const;
57 
58  private:
59   DISALLOW_ASSIGN(Cryptographer);
60 };
61 
62 }  // namespace syncer
63 
64 #endif  // COMPONENTS_SYNC_NIGORI_CRYPTOGRAPHER_H_
65