Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1643)

Side by Side Diff: sync/internal_api/sync_encryption_handler_impl.h

Issue 10916036: [Sync] Implement keystore migration support. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Self review Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_ 5 #ifndef SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_
6 #define SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_ 6 #define SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
55 virtual void AddObserver(Observer* observer) OVERRIDE; 55 virtual void AddObserver(Observer* observer) OVERRIDE;
56 virtual void RemoveObserver(Observer* observer) OVERRIDE; 56 virtual void RemoveObserver(Observer* observer) OVERRIDE;
57 virtual void Init() OVERRIDE; 57 virtual void Init() OVERRIDE;
58 virtual void SetEncryptionPassphrase(const std::string& passphrase, 58 virtual void SetEncryptionPassphrase(const std::string& passphrase,
59 bool is_explicit) OVERRIDE; 59 bool is_explicit) OVERRIDE;
60 virtual void SetDecryptionPassphrase(const std::string& passphrase) OVERRIDE; 60 virtual void SetDecryptionPassphrase(const std::string& passphrase) OVERRIDE;
61 virtual void EnableEncryptEverything() OVERRIDE; 61 virtual void EnableEncryptEverything() OVERRIDE;
62 virtual bool EncryptEverythingEnabled() const OVERRIDE; 62 virtual bool EncryptEverythingEnabled() const OVERRIDE;
63 virtual PassphraseState GetPassphraseState() const OVERRIDE; 63 virtual PassphraseState GetPassphraseState() const OVERRIDE;
64 64
65 // TODO(zea): provide a method for getting the time at which the nigori
66 // node was migrated.
67
65 // NigoriHandler implementation. 68 // NigoriHandler implementation.
66 // Note: all methods are invoked while the caller holds a transaction. 69 // Note: all methods are invoked while the caller holds a transaction.
67 virtual void ApplyNigoriUpdate( 70 virtual void ApplyNigoriUpdate(
68 const sync_pb::NigoriSpecifics& nigori, 71 const sync_pb::NigoriSpecifics& nigori,
69 syncable::BaseTransaction* const trans) OVERRIDE; 72 syncable::BaseTransaction* const trans) OVERRIDE;
70 virtual void UpdateNigoriFromEncryptedTypes( 73 virtual void UpdateNigoriFromEncryptedTypes(
71 sync_pb::NigoriSpecifics* nigori, 74 sync_pb::NigoriSpecifics* nigori,
72 syncable::BaseTransaction* const trans) const OVERRIDE; 75 syncable::BaseTransaction* const trans) const OVERRIDE;
73 virtual bool NeedKeystoreKey( 76 virtual bool NeedKeystoreKey(
74 syncable::BaseTransaction* const trans) const OVERRIDE; 77 syncable::BaseTransaction* const trans) const OVERRIDE;
75 virtual bool SetKeystoreKey( 78 virtual bool SetKeystoreKey(
76 const std::string& key, 79 const std::string& key,
77 syncable::BaseTransaction* const trans) OVERRIDE; 80 syncable::BaseTransaction* const trans) OVERRIDE;
78 // Can be called from any thread. 81 // Can be called from any thread.
79 virtual ModelTypeSet GetEncryptedTypes( 82 virtual ModelTypeSet GetEncryptedTypes(
80 syncable::BaseTransaction* const trans) const OVERRIDE; 83 syncable::BaseTransaction* const trans) const OVERRIDE;
81 84
82 // Unsafe getters. Use only if sync is not up and running and there is no risk 85 // Unsafe getters. Use only if sync is not up and running and there is no risk
83 // of other threads calling this. 86 // of other threads calling this.
84 Cryptographer* GetCryptographerUnsafe(); 87 Cryptographer* GetCryptographerUnsafe();
85 ModelTypeSet GetEncryptedTypesUnsafe(); 88 ModelTypeSet GetEncryptedTypesUnsafe();
86 89
90 bool MigratedToKeystore();
91
87 private: 92 private:
88 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, 93 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
89 NigoriEncryptionTypes); 94 NigoriEncryptionTypes);
90 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, 95 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
91 EncryptEverythingExplicit); 96 EncryptEverythingExplicit);
92 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, 97 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
93 EncryptEverythingImplicit); 98 EncryptEverythingImplicit);
94 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, 99 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
95 UnknownSensitiveTypes); 100 UnknownSensitiveTypes);
101 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
102 GetKeystoreBootstrap);
103 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
104 ReceiveMigratedNigoriKeystorePass);
105 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
106 ReceiveUmigratedNigoriAfterMigration);
107 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
108 SetKeystoreAfterReceivingMigratedNigori);
109 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
110 SetCustomPassAfterMigration);
111 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
112 SetCustomPassAfterMigrationNoKeystoreKey);
113 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
114 SetImplicitPassAfterMigrationNoKeystoreKey);
115 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
116 MigrateOnEncryptEverythingKeystorePassphrase);
96 117
97 // Container for members that require thread safety protection. All members 118 // Container for members that require thread safety protection. All members
98 // that can be accessed from more than one thread should be held here and 119 // that can be accessed from more than one thread should be held here and
99 // accessed via UnlockVault(..) and UnlockVaultMutable(..), which enforce 120 // accessed via UnlockVault(..) and UnlockVaultMutable(..), which enforce
100 // that a transaction is held. 121 // that a transaction is held.
101 struct Vault { 122 struct Vault {
102 Vault(Encryptor* encryptor, ModelTypeSet encrypted_types); 123 Vault(Encryptor* encryptor, ModelTypeSet encrypted_types);
103 ~Vault(); 124 ~Vault();
104 125
105 // Sync's cryptographer. Used for encrypting and decrypting sync data. 126 // Sync's cryptographer. Used for encrypting and decrypting sync data.
(...skipping 27 matching lines...) Expand all
133 // Updates local encrypted types from |nigori|. 154 // Updates local encrypted types from |nigori|.
134 // Returns true if the local set of encrypted types either matched or was 155 // Returns true if the local set of encrypted types either matched or was
135 // a subset of that in |nigori|. Returns false if the local state already 156 // a subset of that in |nigori|. Returns false if the local state already
136 // had stricter encryption than |nigori|, and the nigori node needs to be 157 // had stricter encryption than |nigori|, and the nigori node needs to be
137 // updated with the newer encryption state. 158 // updated with the newer encryption state.
138 // Note: must be called from within a transaction. 159 // Note: must be called from within a transaction.
139 bool UpdateEncryptedTypesFromNigori( 160 bool UpdateEncryptedTypesFromNigori(
140 const sync_pb::NigoriSpecifics& nigori, 161 const sync_pb::NigoriSpecifics& nigori,
141 syncable::BaseTransaction* const trans); 162 syncable::BaseTransaction* const trans);
142 163
164 // TODO(zea): make these public and have them replace SetEncryptionPassphrase
165 // and SetDecryptionPassphrase.
166 // Helper methods for handling passphrases once keystore migration has taken
167 // place.
168 //
169 // Sets a new custom passphrase. Should only be called if a custom passphrase
170 // is not already set.
171 // Triggers OnPassphraseAccepted on success, OnPassphraseRequired if a custom
172 // passphrase already existed.
173 void SetCustomPassphrase(const std::string& passphrase,
174 WriteTransaction* trans,
175 WriteNode* nigori_node);
176 // Decrypt the encryption keybag using a user provided passphrase.
177 // Should only be called if the current passphrase is a frozen implicit
178 // passphrase or a custom passphrase.
179 // Triggers OnPassphraseAccepted on success, OnPassphraseRequired on failure.
180 void DecryptExplicitPassphrase(const std::string& passphrase,
181 WriteTransaction* trans,
182 WriteNode* nigori_node);
183
143 // The final step of SetEncryptionPassphrase and SetDecryptionPassphrase that 184 // The final step of SetEncryptionPassphrase and SetDecryptionPassphrase that
144 // notifies observers of the result of the set passphrase operation, updates 185 // notifies observers of the result of the set passphrase operation, updates
145 // the nigori node, and does re-encryption. 186 // the nigori node, and does re-encryption.
146 // |success|: true if the operation was successful and false otherwise. If 187 // |success|: true if the operation was successful and false otherwise. If
147 // success == false, we send an OnPassphraseRequired notification. 188 // success == false, we send an OnPassphraseRequired notification.
148 // |bootstrap_token|: used to inform observers if the cryptographer's 189 // |bootstrap_token|: used to inform observers if the cryptographer's
149 // bootstrap token was updated. 190 // bootstrap token was updated.
150 // |is_explicit|: used to differentiate between a custom passphrase (true) and 191 // |is_explicit|: used to differentiate between a custom passphrase (true) and
151 // a GAIA passphrase that is implicitly used for encryption 192 // a GAIA passphrase that is implicitly used for encryption
152 // (false). 193 // (false).
153 // |trans| and |nigori_node|: used to access data in the cryptographer. 194 // |trans| and |nigori_node|: used to access data in the cryptographer.
154 void FinishSetPassphrase(bool success, 195 void FinishSetPassphrase(bool success,
155 const std::string& bootstrap_token, 196 const std::string& bootstrap_token,
156 bool is_explicit,
157 WriteTransaction* trans, 197 WriteTransaction* trans,
158 WriteNode* nigori_node); 198 WriteNode* nigori_node);
159 199
160 // Merges the given set of encrypted types with the existing set and emits a 200 // Merges the given set of encrypted types with the existing set and emits a
161 // notification if necessary. 201 // notification if necessary.
162 // Note: must be called from within a transaction. 202 // Note: must be called from within a transaction.
163 void MergeEncryptedTypes(ModelTypeSet new_encrypted_types, 203 void MergeEncryptedTypes(ModelTypeSet new_encrypted_types,
164 syncable::BaseTransaction* const trans); 204 syncable::BaseTransaction* const trans);
165 205
166 // Helper methods for ensuring transactions are held when accessing 206 // Helper methods for ensuring transactions are held when accessing
167 // |vault_unsafe_|. 207 // |vault_unsafe_|.
168 Vault* UnlockVaultMutable(syncable::BaseTransaction* const trans); 208 Vault* UnlockVaultMutable(syncable::BaseTransaction* const trans);
169 const Vault& UnlockVault(syncable::BaseTransaction* const trans) const; 209 const Vault& UnlockVault(syncable::BaseTransaction* const trans) const;
170 210
211 // Helper method for determining if migratino of a nigori node should be
tim (not reviewing) 2012/09/06 01:04:20 migratino!
Nicolas Zea 2012/09/06 21:45:27 Done.
212 // triggered or not.
213 // Conditions for triggering migration:
214 // 1. Cryptographer has no pending keys
215 // 2. Nigori node isn't already properly migrated.
216 // 3. Keystore key is available (if we are not migrated yet).
217 // Note: if the nigori node is migrated but has an invalid state, will return
218 // true (e.g. node has KEYSTORE_PASSPHRASE, local is CUSTOM_PASSPHRASE).
219 bool ShouldTriggerMigration(const sync_pb::NigoriSpecifics& nigori,
220 const Cryptographer& cryptographer) const;
221
222 // Performs the actual migration of the |nigori_node| to support keystore
223 // encryption iff ShouldTriggerMigration(..) returns true.
224 bool AttemptToMigrateNigoriToKeystore(WriteTransaction* trans,
225 WriteNode* nigori_node);
226
227 // Fill |encrypted_blob| with the keystore bootstrap key if |encrypted_blob|'s
228 // contents didn't already contain the key.
229 bool GetKeystoreBootstrapKey(
230 const Cryptographer& cryptographer,
231 const std::string& keystore_key,
232 sync_pb::EncryptedData* encrypted_blob);
233
234 // Helper method for installing the keys encrypted in |encryption_keybag|
235 // into |cryptographer|.
236 // Returns true on success, false if we were unable to install the keybag.
237 // Will not update the default key.
238 bool AttemptToInstallKeybag(const sync_pb::EncryptedData& keybag,
239 bool update_default,
240 Cryptographer* cryptographer);
241
242 // Helper method for decrypting pending keys with the keystore bootstrap.
243 // If successful, the default will become the key encrypted in the keystore
244 // bootstrap, and will return true. Else will return false.
245 bool DecryptPendingKeysWithKeystoreKey(
246 const std::string& keystore_key,
247 const sync_pb::EncryptedData& keystore_bootstrap,
248 Cryptographer* cryptographer);
249
250 // Helper to enable encrypt everything, notifying observers if necessary.
251 // Will not perform re-encryption.
252 void EnableEncryptEverythingImpl(syncable::BaseTransaction* const trans);
253
171 base::ThreadChecker thread_checker_; 254 base::ThreadChecker thread_checker_;
172 255
173 base::WeakPtrFactory<SyncEncryptionHandlerImpl> weak_ptr_factory_; 256 base::WeakPtrFactory<SyncEncryptionHandlerImpl> weak_ptr_factory_;
174 257
175 ObserverList<SyncEncryptionHandler::Observer> observers_; 258 ObserverList<SyncEncryptionHandler::Observer> observers_;
176 259
177 // The current user share (for creating transactions). 260 // The current user share (for creating transactions).
178 UserShare* user_share_; 261 UserShare* user_share_;
179 262
180 // Container for all data that can be accessed from multiple threads. Do not 263 // Container for all data that can be accessed from multiple threads. Do not
(...skipping 10 matching lines...) Expand all
191 PassphraseState passphrase_state_; 274 PassphraseState passphrase_state_;
192 275
193 // The keystore key provided by the server. 276 // The keystore key provided by the server.
194 std::string keystore_key_; 277 std::string keystore_key_;
195 278
196 // The number of times we've automatically (i.e. not via SetPassphrase or 279 // The number of times we've automatically (i.e. not via SetPassphrase or
197 // conflict resolver) updated the nigori's encryption keys in this chrome 280 // conflict resolver) updated the nigori's encryption keys in this chrome
198 // instantiation. 281 // instantiation.
199 int nigori_overwrite_count_; 282 int nigori_overwrite_count_;
200 283
284 // The time (in ms) the nigori was migrated to support keystore encryption.
285 int64 migration_time_ms_;
286
201 DISALLOW_COPY_AND_ASSIGN(SyncEncryptionHandlerImpl); 287 DISALLOW_COPY_AND_ASSIGN(SyncEncryptionHandlerImpl);
202 }; 288 };
203 289
204 } // namespace syncer 290 } // namespace syncer
205 291
206 #endif // SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_IMPL_H_ 292 #endif // SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_IMPL_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698