gecko/services/sync/modules/crypto.js

/* ***** BEGIN LICENSE BLOCK *****
 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is Bookmarks Sync.
 *
 * The Initial Developer of the Original Code is Mozilla.
 * Portions created by the Initial Developer are Copyright (C) 2007
 * the Initial Developer. All Rights Reserved.
 *
 * Contributor(s):
 *  Dan Mills <thunder@mozilla.com>
 *  Justin Dolske <dolske@mozilla.com>
 *
 * Alternatively, the contents of this file may be used under the terms of
 * either the GNU General Public License Version 2 or later (the "GPL"), or
 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 * in which case the provisions of the GPL or the LGPL are applicable instead
 * of those above. If you wish to allow use of your version of this file only
 * under the terms of either the GPL or the LGPL, and not to allow others to
 * use your version of this file under the terms of the MPL, indicate your
 * decision by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL or the LGPL. If you do not delete
 * the provisions above, a recipient may use your version of this file under
 * the terms of any one of the MPL, the GPL or the LGPL.
 *
 * ***** END LICENSE BLOCK ***** */

const EXPORTED_SYMBOLS = ['Crypto'];

const Cc = Components.classes;
const Ci = Components.interfaces;
const Cr = Components.results;
const Cu = Components.utils;

Cu.import("resource://gre/modules/XPCOMUtils.jsm");
Cu.import("resource://weave/log4moz.js");
Cu.import("resource://weave/constants.js");
Cu.import("resource://weave/util.js");
Cu.import("resource://weave/async.js");

Function.prototype.async = Async.sugar;

Utils.lazy(this, 'Crypto', CryptoSvc);

function CryptoSvc() {
  this._init();
}
CryptoSvc.prototype = {
  _logName: "Crypto",

  __os: null,
  get _os() {
    if (!this.__os)
      this.__os = Cc["@mozilla.org/observer-service;1"]
        .getService(Ci.nsIObserverService);
    return this.__os;
  },

  __crypto: null,
  get _crypto() {
    if (!this.__crypto)
         this.__crypto = Cc["@labs.mozilla.com/Weave/Crypto;1"].
                         createInstance(Ci.IWeaveCrypto);
    return this.__crypto;
  },


  get defaultAlgorithm() {
    return Utils.prefs.getCharPref("encryption");
  },
  set defaultAlgorithm(value) {
    if (value != Utils.prefs.getCharPref("encryption"))
      Utils.prefs.setCharPref("encryption", value);
  },

  _init: function Crypto__init() {
    this._log = Log4Moz.repository.getLogger("Service." + this._logName);
    this._log.level =
      Log4Moz.Level[Utils.prefs.getCharPref("log.logger.service.crypto")];
    let branch = Cc["@mozilla.org/preferences-service;1"]
      .getService(Ci.nsIPrefBranch2);
    branch.addObserver("extensions.weave.encryption", this, false);
  },

  QueryInterface: XPCOMUtils.generateQI([Ci.nsIObserver, Ci.nsISupports]),

  // nsIObserver

  observe: function Sync_observe(subject, topic, data) {
    switch (topic) {
    case "extensions.weave.encryption": {
      if (Utils.pref.getCharPref("encryption") == data)
        return;

      switch (data) {
        case "none":
          this._log.info("Encryption disabled");
          break;

        default:
          this._log.warn("Unknown encryption algorithm, resetting");
          branch.clearUserPref("extensions.weave.encryption");
          return; // otherwise we'll send the alg changed event twice
      }
      // FIXME: listen to this bad boy somewhere
      this._os.notifyObservers(null, "weave:encryption:algorithm-changed", "");
    } break;
    default:
      this._log.warn("Unknown encryption preference changed - ignoring");
    }
  },

  checkModule: function Crypto_checkModule() {
    let ok = false;

    try {
      let svc = Cc["@labs.mozilla.com/Weave/Crypto;1"].
        createInstance(Ci.IWeaveCrypto);
      let iv = svc.generateRandomIV();
      if (iv.length == 24)
        ok = true;

    } catch (e) {}

    return ok;
  },

  // Crypto

  encryptData: function Crypto_encryptData(data, identity) {
    let self = yield;
    let ret;

    this._log.trace("encrypt called. [id=" + identity.realm + "]");

    if ("none" == this.defaultAlgorithm) {
      this._log.debug("NOT encrypting data");
      ret = data;
    } else {
      let symkey = identity.bulkKey;
      let iv     = identity.bulkIV;
      ret = this._crypto.encrypt(data, symkey, iv);
    }

    self.done(ret);
  },

  decryptData: function Crypto_decryptData(data, identity) {
    let self = yield;
    let ret;

    this._log.trace("decrypt called. [id=" + identity.realm + "]");

    if ("none" == this.defaultAlgorithm) {
      this._log.debug("NOT decrypting data");
      ret = data;
    } else {
      let symkey = identity.bulkKey;
      let iv     = identity.bulkIV;
      ret = this._crypto.decrypt(data, symkey, iv);
    }

    self.done(ret);
  },

  /*
   * randomKeyGen
   *
   * Generates a random symmetric key and IV, and puts them in the specified
   * identity.
   */
  randomKeyGen: function Crypto_randomKeyGen(identity) {
    let self = yield;

    this._log.trace("randomKeyGen called. [id=" + identity.realm + "]");

    let symkey = this._crypto.generateRandomKey();
    let iv     = this._crypto.generateRandomIV();

    identity.bulkKey = symkey;
    identity.bulkIV  = iv;
  },

  /*
   * RSAkeygen
   *
   * Generates a new RSA keypair, as well as the salt/IV used for protecting
   * the private key, and puts them in the specified identity.
   */
  RSAkeygen: function Crypto_RSAkeygen(identity) {
    let self = yield;

    this._log.trace("RSAkeygen called. [id=" + identity.realm + "]");
    let privOut = {};
    let pubOut  = {};

    // Generate a blob of random data for salting the passphrase used to
    // encrypt the private key.
    let salt = this._crypto.generateRandomBytes(32);
    let iv   = this._crypto.generateRandomIV();

    this._crypto.generateKeypair(identity.password,
                                 salt, iv,
                                 pubOut, privOut);

    identity.keypairAlg     = "RSA";
    identity.pubkey         = pubOut.value;
    identity.privkey        = privOut.value;
    identity.passphraseSalt = salt;
    identity.privkeyWrapIV  = iv;
  },

  wrapKey : function Crypto_wrapKey(data, identity) {
    let self = yield;

    this._log.trace("wrapKey called. [id=" + identity.realm + "]");
    let ret = this._crypto.wrapSymmetricKey(data, identity.pubkey);

    self.done(ret);
  },

  unwrapKey: function Crypto_unwrapKey(data, identity) {
    let self = yield;

    this._log.trace("upwrapKey called. [id=" + identity.realm + "]");
    let ret = this._crypto.unwrapSymmetricKey(data,
                                              identity.privkey,
                                              identity.password,
                                              identity.passphraseSalt,
                                              identity.privkeyWrapIV);
    self.done(ret);
  },

  // This function tests to see if the passphrase which encrypts
  // the private key for the given identity is valid.
  isPassphraseValid: function Crypto_isPassphraseValid(identity) {
    var self = yield;

    // We do this in a somewhat roundabout way; an alternative is
    // to use a hard-coded symmetric key, but even that is still
    // roundabout--ideally, the IWeaveCrypto interface should
    // expose some sort of functionality to make this easier,
    // or perhaps it should just offer this very function. -AV

    // Generate a temporary fake identity.
    var idTemp = {realm: "Temporary passphrase validation"};

    // Generate a random symmetric key.
    this.randomKeyGen.async(Crypto, self.cb, idTemp);
    yield;

    // Encrypt the symmetric key with the user's public key.
    this.wrapKey.async(Crypto, self.cb, idTemp.bulkKey, identity);
    let wrappedKey = yield;
    let unwrappedKey;

    // Decrypt the symmetric key with the user's private key.
    try {
      this.unwrapKey.async(Crypto, self.cb, wrappedKey, identity);
      unwrappedKey = yield;
    } catch (e) {
      self.done(false);
      return;
    }

    // Ensure that the original symmetric key is identical to
    // the decrypted version.
    if (unwrappedKey != idTemp.bulkKey)
      throw new Error("Unwrapped key is not identical to original key.");

    self.done(true);
  }
};