Take 2: sync changes to support encryption

chrome/browser/sync/engine/syncapi.cc

 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/engine/syncapi.h"
 
 #include "build/build_config.h"
 
 #include <iomanip>
 #include <list>
@@ skipping 22 matching lines @@
 #include "chrome/browser/sync/engine/syncer.h"
 #include "chrome/browser/sync/engine/syncer_thread.h"
 #include "chrome/browser/sync/notifier/server_notifier_thread.h"
 #include "chrome/browser/sync/protocol/autofill_specifics.pb.h"
 #include "chrome/browser/sync/protocol/bookmark_specifics.pb.h"
 #include "chrome/browser/sync/protocol/extension_specifics.pb.h"
 #include "chrome/browser/sync/protocol/nigori_specifics.pb.h"
 #include "chrome/browser/sync/protocol/password_specifics.pb.h"
 #include "chrome/browser/sync/protocol/preference_specifics.pb.h"
 #include "chrome/browser/sync/protocol/service_constants.h"
+#include "chrome/browser/sync/protocol/sync.pb.h"
 #include "chrome/browser/sync/protocol/theme_specifics.pb.h"
 #include "chrome/browser/sync/protocol/typed_url_specifics.pb.h"
 #include "chrome/browser/sync/sessions/sync_session_context.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/syncable/syncable.h"
 #include "chrome/browser/sync/util/character_set_converters.h"
 #include "chrome/browser/sync/util/closure.h"
 #include "chrome/browser/sync/util/crypto_helpers.h"
 #include "chrome/browser/sync/util/path_helpers.h"
 #include "chrome/browser/sync/util/user_settings.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/deprecated/event_sys.h"
 #include "chrome/common/net/gaia/gaia_authenticator.h"
 #include "chrome/common/net/network_change_notifier_proxy.h"
 #include "chrome/common/net/notifier/listener/mediator_thread_impl.h"
 #include "chrome/common/net/notifier/listener/notification_constants.h"
 #include "chrome/common/net/notifier/listener/talk_mediator.h"
 #include "chrome/common/net/notifier/listener/talk_mediator_impl.h"
 #include "net/base/network_change_notifier.h"
 
 using browser_sync::AllStatus;
 using browser_sync::AllStatusEvent;
 using browser_sync::AuthWatcher;
 using browser_sync::AuthWatcherEvent;
+using browser_sync::Cryptographer;
+using browser_sync::KeyParams;
 using browser_sync::ModelSafeRoutingInfo;
 using browser_sync::ModelSafeWorker;
 using browser_sync::ModelSafeWorkerRegistrar;
 using browser_sync::Syncer;
 using browser_sync::SyncerEvent;
 using browser_sync::SyncerThread;
 using browser_sync::UserSettings;
+using browser_sync::kNigoriTag;
 using browser_sync::sessions::SyncSessionContext;
 using notifier::TalkMediator;
 using notifier::TalkMediatorImpl;
 using std::list;
 using std::hex;
 using std::string;
 using std::vector;
 using syncable::Directory;
 using syncable::DirectoryManager;
+using syncable::Entry;
 using syncable::SPECIFICS;
 
 typedef GoogleServiceAuthError AuthError;
 
 static const int kThreadExitTimeoutMsec = 60000;
 static const int kSSLPort = 443;
 
 // We manage the lifetime of sync_api::SyncManager::SyncInternal ourselves.
 DISABLE_RUNNABLE_METHOD_REFCOUNT(sync_api::SyncManager::SyncInternal);
 
@@ skipping 74 matching lines @@
   syncable::AddDefaultExtensionValue(model_type, &serialized_type);
   std::string hash_input;
   serialized_type.AppendToString(&hash_input);
   hash_input.append(client_tag);
 
   std::string encode_output;
   CHECK(base::Base64Encode(base::SHA1HashString(hash_input), &encode_output));
   return encode_output;
 }
 
+bool BaseNode::DecryptIfNecessary(Entry* entry) {
+  if (GetIsFolder()) return true;  // Ignore the top-level password folder.
+  const sync_pb::EntitySpecifics& specifics =
+      entry->Get(syncable::SPECIFICS);
+  if (specifics.HasExtension(sync_pb::password)) {
+    const sync_pb::EncryptedData& encrypted =
+        specifics.GetExtension(sync_pb::password).encrypted();
+    scoped_ptr<sync_pb::PasswordSpecificsData> data(
+        new sync_pb::PasswordSpecificsData);
+    if (!GetTransaction()->GetCryptographer()->Decrypt(encrypted,
+                                                       data.get()))
+      return false;
+    password_data_.swap(data);
+  }
+  return true;
+}
+
 int64 BaseNode::GetParentId() const {
   return IdToMetahandle(GetTransaction()->GetWrappedTrans(),
                         GetEntry()->Get(syncable::PARENT_ID));
 }
 
 int64 BaseNode::GetId() const {
   return GetEntry()->Get(syncable::META_HANDLE);
 }
 
 bool BaseNode::GetIsFolder() const {
@@ skipping 55 matching lines @@
 const sync_pb::BookmarkSpecifics& BaseNode::GetBookmarkSpecifics() const {
   DCHECK(GetModelType() == syncable::BOOKMARKS);
   return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::bookmark);
 }
 
 const sync_pb::NigoriSpecifics& BaseNode::GetNigoriSpecifics() const {
   DCHECK(GetModelType() == syncable::NIGORI);
   return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::nigori);
 }
 
-bool BaseNode::GetPasswordSpecifics(sync_pb::PasswordSpecificsData* data)
-    const {
+const sync_pb::PasswordSpecificsData& BaseNode::GetPasswordSpecifics() const {
   DCHECK(GetModelType() == syncable::PASSWORDS);
-  DCHECK(data);
-  const sync_pb::PasswordSpecifics& specifics =
-      GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::password);
-  return data->ParseFromString(specifics.blob());
+  DCHECK(password_data_.get());
+  return *password_data_;
 }
 
 const sync_pb::PreferenceSpecifics& BaseNode::GetPreferenceSpecifics() const {
   DCHECK(GetModelType() == syncable::PREFERENCES);
   return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::preference);
 }
 
 const sync_pb::ThemeSpecifics& BaseNode::GetThemeSpecifics() const {
   DCHECK(GetModelType() == syncable::THEMES);
   return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::theme);
@@ skipping 80 matching lines @@
   entity_specifics.MutableExtension(sync_pb::nigori)->CopyFrom(new_value);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetPasswordSpecifics(
     const sync_pb::PasswordSpecificsData& data) {
   DCHECK(GetModelType() == syncable::PASSWORDS);
   std::string serialized_data;
   data.SerializeToString(&serialized_data);
   sync_pb::PasswordSpecifics new_value;
-  new_value.set_blob(serialized_data);
+  if (!GetTransaction()->GetCryptographer()->Encrypt(
+      data,
+      new_value.mutable_encrypted()))
+    NOTREACHED();
+
   PutPasswordSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetPreferenceSpecifics(
     const sync_pb::PreferenceSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::PREFERENCES);
   PutPreferenceSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetThemeSpecifics(
@@ skipping 74 matching lines @@
   delete entry_;
 }
 
 // Find an existing node matching the ID |id|, and bind this WriteNode to it.
 // Return true on success.
 bool WriteNode::InitByIdLookup(int64 id) {
   DCHECK(!entry_) << "Init called twice";
   DCHECK_NE(id, kInvalidId);
   entry_ = new syncable::MutableEntry(transaction_->GetWrappedWriteTrans(),
                                       syncable::GET_BY_HANDLE, id);
-  return (entry_->good() && !entry_->Get(syncable::IS_DEL));
+  return (entry_->good() && !entry_->Get(syncable::IS_DEL) &&
+          DecryptIfNecessary(entry_));
 }
 
 // Find a node by client tag, and bind this WriteNode to it.
 // Return true if the write node was found, and was not deleted.
 // Undeleting a deleted node is possible by ClientTag.
 bool WriteNode::InitByClientTagLookup(syncable::ModelType model_type,
                                       const std::string& tag) {
   DCHECK(!entry_) << "Init called twice";
   if (tag.empty())
     return false;
 
   const std::string hash = GenerateSyncableHash(model_type, tag);
 
   entry_ = new syncable::MutableEntry(transaction_->GetWrappedWriteTrans(),
                                       syncable::GET_BY_CLIENT_TAG, hash);
-  return (entry_->good() && !entry_->Get(syncable::IS_DEL));
+  return (entry_->good() && !entry_->Get(syncable::IS_DEL) &&
+          DecryptIfNecessary(entry_));
 }
 
 bool WriteNode::InitByTagLookup(const std::string& tag) {
   DCHECK(!entry_) << "Init called twice";
   if (tag.empty())
     return false;
   entry_ = new syncable::MutableEntry(transaction_->GetWrappedWriteTrans(),
                                       syncable::GET_BY_SERVER_TAG, tag);
   if (!entry_->good())
     return false;
@@ skipping 215 matching lines @@
   syncable::BaseTransaction* trans = transaction_->GetWrappedTrans();
   entry_ = new syncable::Entry(trans, syncable::GET_BY_HANDLE, id);
   if (!entry_->good())
     return false;
   if (entry_->Get(syncable::IS_DEL))
     return false;
   syncable::ModelType model_type = GetModelType();
   LOG_IF(WARNING, model_type == syncable::UNSPECIFIED ||
                   model_type == syncable::TOP_LEVEL_FOLDER)
       << "SyncAPI InitByIdLookup referencing unusual object.";
-  return true;
+  return DecryptIfNecessary(entry_);
 }
 
 bool ReadNode::InitByClientTagLookup(syncable::ModelType model_type,
                                      const std::string& tag) {
   DCHECK(!entry_) << "Init called twice";
   if (tag.empty())
     return false;
 
   const std::string hash = GenerateSyncableHash(model_type, tag);
 
   entry_ = new syncable::Entry(transaction_->GetWrappedTrans(),
                                syncable::GET_BY_CLIENT_TAG, hash);
-  return (entry_->good() && !entry_->Get(syncable::IS_DEL));
+  return (entry_->good() && !entry_->Get(syncable::IS_DEL) &&
+          DecryptIfNecessary(entry_));
 }
 
 const syncable::Entry* ReadNode::GetEntry() const {
   return entry_;
 }
 
 const BaseTransaction* ReadNode::GetTransaction() const {
   return transaction_;
 }
 
 bool ReadNode::InitByTagLookup(const std::string& tag) {
   DCHECK(!entry_) << "Init called twice";
   if (tag.empty())
     return false;
   syncable::BaseTransaction* trans = transaction_->GetWrappedTrans();
   entry_ = new syncable::Entry(trans, syncable::GET_BY_SERVER_TAG, tag);
   if (!entry_->good())
     return false;
   if (entry_->Get(syncable::IS_DEL))
     return false;
   syncable::ModelType model_type = GetModelType();
   LOG_IF(WARNING, model_type == syncable::UNSPECIFIED ||
                   model_type == syncable::TOP_LEVEL_FOLDER)
       << "SyncAPI InitByTagLookup referencing unusually typed object.";
-  return true;
+  return DecryptIfNecessary(entry_);
 }
 
 //////////////////////////////////////////////////////////////////////////
 // ReadTransaction member definitions
 ReadTransaction::ReadTransaction(UserShare* share)
     : BaseTransaction(share),
       transaction_(NULL) {
   transaction_ = new syncable::ReadTransaction(GetLookup(), __FILE__, __LINE__);
 }
 
@@ skipping 129 matching lines @@
   // If authentication fails, an event will be broadcast all the way up to
   // the SyncManager::Observer. It may, in turn, decide to try again with new
   // credentials. Calling this method again is the appropriate course of action
   // to "retry".
   void Authenticate(const std::string& username, const std::string& password,
                     const std::string& captcha);
 
   // Tell the sync engine to start the syncing process.
   void StartSyncing();
 
+  void SetPassphrase(const std::string& passphrase);
+
   // Call periodically from a database-safe thread to persist recent changes
   // to the syncapi model.
   void SaveChanges();
 
   // This listener is called upon completion of a syncable transaction, and
   // builds the list of sync-engine initiated changes that will be forwarded to
   // the SyncManager's Observers.
   virtual void HandleChannelEvent(const syncable::DirectoryChangeEvent& event);
   void HandleTransactionCompleteChangeEvent(
       const syncable::DirectoryChangeEvent& event);
@@ skipping 304 matching lines @@
 void SyncManager::Authenticate(const char* username, const char* password,
     const char* captcha) {
   data_->Authenticate(std::string(username), std::string(password),
                       std::string(captcha));
 }
 
 void SyncManager::StartSyncing() {
   data_->StartSyncing();
 }
 
+void SyncManager::SetPassphrase(const std::string& passphrase) {
+  data_->SetPassphrase(passphrase);
+}
+
 bool SyncManager::RequestPause() {
   return data_->syncer_thread()->RequestPause();
 }
 
 bool SyncManager::RequestResume() {
   return data_->syncer_thread()->RequestResume();
 }
 
 void SyncManager::RequestNudge() {
   data_->syncer_thread()->NudgeSyncer(0, SyncerThread::kLocal);
@@ skipping 247 matching lines @@
   auth_watcher()->AuthenticateWithToken(username, auth_token);
   return true;
 }
 
 void SyncManager::SyncInternal::RaiseAuthNeededEvent() {
   auth_problem_ = AuthError::INVALID_GAIA_CREDENTIALS;
   if (observer_)
     observer_->OnAuthError(AuthError(auth_problem_));
 }
 
+void SyncManager::SyncInternal::SetPassphrase(
+    const std::string& passphrase) {
+  Cryptographer* cryptographer = dir_manager()->cryptographer();
+  KeyParams params = {"localhost", "dummy", passphrase};
+  if (cryptographer->has_pending_keys()) {
+    if (!cryptographer->DecryptPendingKeys(params)) {
+      observer_->OnPassphraseRequired();
+      return;
+    }
+    // Nudge the syncer so that passwords updates that were waiting for this
+    // passphrase get applied as soon as possible.
+    sync_manager_->RequestNudge();
+  } else {
+    cryptographer->AddKey(params);
+    // TODO(albertb): Update the Nigori node on the server with the new keys.
+  }
+  observer_->OnPassphraseAccepted();
+}
+
 SyncManager::~SyncManager() {
   delete data_;
 }
 
 void SyncManager::SetObserver(Observer* observer) {
   data_->set_observer(observer);
 }
 
 void SyncManager::RemoveObserver() {
   data_->set_observer(NULL);
@@ skipping 265 matching lines @@
         allstatus_.status().max_consecutive_errors};
   return return_status;
 }
 
 void SyncManager::SyncInternal::HandleChannelEvent(const SyncerEvent& event) {
   if (!initialized()) {
     // This could be the first time that the syncer has completed a full
     // download; if so, we should signal that initialization is complete.
     if (event.snapshot->is_share_usable)
       MarkAndNotifyInitializationComplete();
-    return;
   }
 
   if (!observer_)
     return;
 
   // Only send an event if this is due to a cycle ending and this cycle
   // concludes a canonical "sync" process; that is, based on what is known
   // locally we are "all happy" and up-to-date.  There may be new changes on
   // the server, but we'll get them on a subsequent sync.
   //
   // Notifications are sent at the end of every sync cycle, regardless of
   // whether we should sync again.
   if (event.what_happened == SyncerEvent::SYNC_CYCLE_ENDED) {
+
+    ModelSafeRoutingInfo enabled_types;
+    registrar_->GetModelSafeRoutingInfo(&enabled_types);
+    if (enabled_types.count(syncable::PASSWORDS) > 0) {
+      Cryptographer* cryptographer =
+          GetUserShare()->dir_manager->cryptographer();
+      if (!cryptographer->is_ready() && !cryptographer->has_pending_keys()) {
+        sync_api::ReadTransaction trans(GetUserShare());
+        sync_api::ReadNode node(&trans);
+        if (!node.InitByTagLookup(kNigoriTag)) {
+          NOTREACHED();
+          return;
+        }
+        const sync_pb::NigoriSpecifics& nigori = node.GetNigoriSpecifics();
+        if (!nigori.encrypted().blob().empty()) {
+          if (cryptographer->CanDecrypt(nigori.encrypted())) {
+            cryptographer->SetKeys(nigori.encrypted());
+          } else {
+            cryptographer->SetPendingKeys(nigori.encrypted());
+          }
+        }
+      }
+      // If we've completed a sync cycle and the cryptographer isn't ready yet,
+      // prompt the user for a passphrase.
+      if (!cryptographer->is_ready()) {
+        observer_->OnPassphraseRequired();
+      }
+    }
+
+    if (!initialized())
+      return;
+
     if (!event.snapshot->has_more_to_sync) {
       observer_->OnSyncCycleCompleted(event.snapshot);
     }
 
     if (notification_method_ != browser_sync::NOTIFICATION_SERVER) {
       // TODO(chron): Consider changing this back to track has_more_to_sync
       // only notify peers if a successful commit has occurred.
       bool new_pending_notification =
           (event.snapshot->syncer_status.num_successful_commits > 0);
       core_message_loop_->PostTask(
@@ skipping 225 matching lines @@
   }
   MarkAndNotifyInitializationComplete();
 }
 
 //////////////////////////////////////////////////////////////////////////
 // BaseTransaction member definitions
 BaseTransaction::BaseTransaction(UserShare* share)
     : lookup_(NULL) {
   DCHECK(share && share->dir_manager.get());
   lookup_ = new syncable::ScopedDirLookup(share->dir_manager.get(),
-                                        share->authenticated_name);
+                                          share->authenticated_name);
+  cryptographer_ = share->dir_manager->cryptographer();
   if (!(lookup_->good()))
     DCHECK(false) << "ScopedDirLookup failed on valid DirManager.";
 }
 BaseTransaction::~BaseTransaction() {
   delete lookup_;
 }
 
 UserShare* SyncManager::GetUserShare() const {
   DCHECK(data_->initialized()) << "GetUserShare requires initialization!";
   return data_->GetUserShare();
 }
 
 SyncManager::ExtraAutofillChangeRecordData::~ExtraAutofillChangeRecordData() {
   delete pre_deletion_data;
 }
 
 }  // namespace sync_api