1 // Copyright 2019 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_SYNC_NIGORI_CRYPTOGRAPHER_H_ 6 #define COMPONENTS_SYNC_NIGORI_CRYPTOGRAPHER_H_ 7 8 #include <memory> 9 #include <string> 10 11 #include "base/macros.h" 12 #include "components/sync/protocol/encryption.pb.h" 13 14 namespace syncer { 15 16 // Interface used to encrypt and decrypt sensitive sync data (eg. passwords). 17 class Cryptographer { 18 public: 19 Cryptographer(); 20 virtual ~Cryptographer(); 21 22 virtual std::unique_ptr<Cryptographer> Clone() const = 0; 23 24 // Returns whether this cryptographer is ready to encrypt data, using 25 // EncryptString(). This usually means that a default encryption key is 26 // available and there are no pending keys. 27 virtual bool CanEncrypt() const = 0; 28 29 // Returns whether this cryptographer can decrypt |encrypted| using any of 30 // the known keys. 31 virtual bool CanDecrypt(const sync_pb::EncryptedData& encrypted) const = 0; 32 33 // Returns a name that uniquely identifies the key used for encryption. 34 virtual std::string GetDefaultEncryptionKeyName() const = 0; 35 36 // Encrypted |decrypted| into |*encrypted|. |encrypted| must not be null. 37 // Returns false in case of error, which most notably includes the case 38 // where CanEncrypt() returns false. 39 virtual bool EncryptString(const std::string& decrypted, 40 sync_pb::EncryptedData* encrypted) const = 0; 41 42 // Decrypts |encrypted| as a plaintext decrypted data into |*decrypted|. 43 // |decrypted| must not be null. Returns false in case of error, which most 44 // notably includes the case where CanDecrypt() would have returned false. 45 virtual bool DecryptToString(const sync_pb::EncryptedData& encrypted, 46 std::string* decrypted) const = 0; 47 48 // Convenience function to deal with protocol buffers. It uses EncryptString() 49 // after serialization. 50 bool Encrypt(const ::google::protobuf::MessageLite& message, 51 sync_pb::EncryptedData* encrypted) const; 52 53 // Convenience function to deal with protocol buffers. After decryption, it 54 // parses the decrypted content into a protocol buffer. 55 bool Decrypt(const sync_pb::EncryptedData& encrypted, 56 ::google::protobuf::MessageLite* message) const; 57 58 private: 59 DISALLOW_ASSIGN(Cryptographer); 60 }; 61 62 } // namespace syncer 63 64 #endif // COMPONENTS_SYNC_NIGORI_CRYPTOGRAPHER_H_ 65