[Sync] Persist keystore key across restarts

sync/util/cryptographer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sync/util/cryptographer.h"
 
 #include <algorithm>
 
 #include "base/base64.h"
 #include "base/logging.h"
@@ skipping 34 matching lines @@
   if (is_initialized()) {
     NOTREACHED();
     return;
   }
 
   scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
   if (nigori.get())
     AddKeyImpl(nigori.release());
 }
 
+ void Cryptographer::BootstrapKeystoreKey(
+    const std::string& restored_bootstrap_token) {
+  if (keystore_nigori_) {
+    NOTREACHED();
+    return;
+  }
+
+  scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
+  if (!nigori.get())
+    return;
+  // AddKeyImpl updates the default nigori, so we save the current default and
+  // make sure the keystore_nigori_ gets updated instead.
+  NigoriMap::value_type* old_default = default_nigori_;

[rlarocque, 2012/06/13 23:35:04]

Why use linked_ptr<>*?

[Nicolas Zea, 2012/06/15 00:42:07]

Because they're also contained within the nigori keybag (an array of
linked_ptr<Nigori>'s), and I'm making a copy of it.

That said, I didn't like this hacky swap, so I've gone ahead and added an extra
param to AddKeyImpl so I could use it properly, removing the need for this
logic.

+  if (AddKeyImpl(nigori.release())) {
+    keystore_nigori_ = default_nigori_;
+    default_nigori_ = old_default;
+  }
+}
+
 bool Cryptographer::CanDecrypt(const sync_pb::EncryptedData& data) const {
   return nigoris_.end() != nigoris_.find(data.key_name());
 }
 
 bool Cryptographer::CanDecryptUsingDefaultKey(
     const sync_pb::EncryptedData& data) const {
   return default_nigori_ && (data.key_name() == default_nigori_->first);
 }
 
 bool Cryptographer::Encrypt(
@@ skipping 150 matching lines @@
 }
 
 bool Cryptographer::GetBootstrapToken(std::string* token) const {
   DCHECK(token);
   if (!is_initialized())
     return false;
 
   return PackBootstrapToken(default_nigori_->second.get(), token);
 }
 
+bool Cryptographer::GetKeystoreKeyBootstrapToken(
+    std::string* token) const {
+  DCHECK(token);
+  if (!HasKeystoreKey())
+    return false;
+
+  return PackBootstrapToken(keystore_nigori_->second.get(), token);
+}
+
 bool Cryptographer::PackBootstrapToken(const Nigori* nigori,
                                        std::string* pack_into) const {
   DCHECK(pack_into);
   DCHECK(nigori);
 
   sync_pb::NigoriKey key;
   if (!nigori->ExportKeys(key.mutable_user_key(),
                           key.mutable_encryption_key(),
                           key.mutable_mac_key())) {
     NOTREACHED();
@@ skipping 83 matching lines @@
   // make sure the keystore_nigori_ gets updated instead.
   NigoriMap::value_type* old_default = default_nigori_;
   if (AddKey(params)) {
     keystore_nigori_ = default_nigori_;
     default_nigori_ = old_default;
     return true;
   }
   return false;
 }
 
-bool Cryptographer::HasKeystoreKey() {
+bool Cryptographer::HasKeystoreKey() const {
   return keystore_nigori_ != NULL;
 }
 
 // Static
 syncable::ModelTypeSet Cryptographer::SensitiveTypes() {
   // Both of these have their own encryption schemes, but we include them
   // anyways.
   syncable::ModelTypeSet types;
   types.Put(syncable::PASSWORDS);
   types.Put(syncable::NIGORI);
@@ skipping 126 matching lines @@
                                     key.mac_key())) {
         NOTREACHED();
         continue;
       }
       nigoris_[key.name()] = make_linked_ptr(new_nigori.release());
     }
   }
 }
 
 }  // namespace browser_sync