[Sync] Initial support for encrypting any datatype (no UI hookup yet).

chrome/browser/sync/engine/syncapi.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/engine/syncapi.h"
 
+#include <algorithm>
 #include <bitset>
 #include <iomanip>
 #include <list>
+#include <queue>
 #include <string>
 #include <vector>
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
 #include "base/scoped_ptr.h"
 #include "base/sha1.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
@@ skipping 24 matching lines @@
 #include "chrome/browser/sync/protocol/proto_value_conversions.h"
 #include "chrome/browser/sync/protocol/service_constants.h"
 #include "chrome/browser/sync/protocol/session_specifics.pb.h"
 #include "chrome/browser/sync/protocol/sync.pb.h"
 #include "chrome/browser/sync/protocol/theme_specifics.pb.h"
 #include "chrome/browser/sync/protocol/typed_url_specifics.pb.h"
 #include "chrome/browser/sync/sessions/sync_session.h"
 #include "chrome/browser/sync/sessions/sync_session_context.h"
 #include "chrome/browser/sync/syncable/autofill_migration.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
+#include "chrome/browser/sync/syncable/nigori_util.h"
 #include "chrome/browser/sync/syncable/syncable.h"
 #include "chrome/browser/sync/util/crypto_helpers.h"
 #include "chrome/common/deprecated/event_sys.h"
 #include "chrome/common/net/gaia/gaia_authenticator.h"
 #include "jingle/notifier/listener/mediator_thread_impl.h"
 #include "jingle/notifier/listener/notification_constants.h"
 #include "jingle/notifier/listener/talk_mediator.h"
 #include "jingle/notifier/listener/talk_mediator_impl.h"
 #include "net/base/network_change_notifier.h"
 
@@ skipping 134 matching lines @@
   if (!crypto->Decrypt(encrypted, data.get()))
     return NULL;
   return data.release();
 }
 
 bool BaseNode::DecryptIfNecessary(Entry* entry) {
   if (GetIsFolder()) return true;  // Ignore the top-level password folder.
   const sync_pb::EntitySpecifics& specifics =
       entry->Get(syncable::SPECIFICS);
   if (specifics.HasExtension(sync_pb::password)) {
+    // Passwords have their own legacy encryption structure.
     scoped_ptr<sync_pb::PasswordSpecificsData> data(DecryptPasswordSpecifics(
         specifics, GetTransaction()->GetCryptographer()));
     if (!data.get())
       return false;
     password_data_.swap(data);
+    return true;
+  }
+
+  // We assume any node with the encrypted field set has encrypted data.
+  if (!specifics.has_encrypted())
+    return true;
+
+  const sync_pb::EncryptedData& encrypted =
+      specifics.encrypted();
+  std::string plaintext_data = GetTransaction()->GetCryptographer()->
+      DecryptToString(encrypted);
+  if (plaintext_data.length() == 0)
+    return false;
+  if (!unencrypted_data_.ParseFromString(plaintext_data)) {
+    LOG(ERROR) << "Failed to decrypt encrypted node of type " <<
+      syncable::ModelTypeToString(entry->GetModelType()) << ".";
+    return false;
   }
   return true;
 }
 
+const sync_pb::EntitySpecifics& BaseNode::GetUnencryptedSpecifics(
+    const syncable::Entry* entry) const {
+  const sync_pb::EntitySpecifics& specifics = entry->Get(SPECIFICS);
+  if (specifics.has_encrypted()) {
+    DCHECK(syncable::GetModelTypeFromSpecifics(unencrypted_data_) !=
+           syncable::UNSPECIFIED);
+    return unencrypted_data_;
+  } else {
+    DCHECK(syncable::GetModelTypeFromSpecifics(unencrypted_data_) ==
+           syncable::UNSPECIFIED);
+    return specifics;
+  }
+}
+
 int64 BaseNode::GetParentId() const {
   return IdToMetahandle(GetTransaction()->GetWrappedTrans(),
                         GetEntry()->Get(syncable::PARENT_ID));
 }
 
 int64 BaseNode::GetId() const {
   return GetEntry()->Get(syncable::META_HANDLE);
 }
 
 int64 BaseNode::GetModificationTime() const {
@@ skipping 81 matching lines @@
   output->assign(reinterpret_cast<const unsigned char*>(favicon.data()),
       reinterpret_cast<const unsigned char*>(favicon.data() +
                                              favicon.length()));
 }
 
 int64 BaseNode::GetExternalId() const {
   return GetEntry()->Get(syncable::LOCAL_EXTERNAL_ID);
 }
 
 const sync_pb::AppSpecifics& BaseNode::GetAppSpecifics() const {
-  DCHECK(GetModelType() == syncable::APPS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::app);
+  DCHECK_EQ(syncable::APPS, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::app);
 }
 
 const sync_pb::AutofillSpecifics& BaseNode::GetAutofillSpecifics() const {
-  DCHECK(GetModelType() == syncable::AUTOFILL);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::autofill);
+  DCHECK_EQ(syncable::AUTOFILL, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::autofill);
 }
 
 const AutofillProfileSpecifics& BaseNode::GetAutofillProfileSpecifics() const {
   DCHECK_EQ(GetModelType(), syncable::AUTOFILL_PROFILE);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::autofill_profile);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::autofill_profile);
 }
 
 const sync_pb::BookmarkSpecifics& BaseNode::GetBookmarkSpecifics() const {
-  DCHECK(GetModelType() == syncable::BOOKMARKS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::bookmark);
+  DCHECK_EQ(syncable::BOOKMARKS, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::bookmark);
 }
 
 const sync_pb::NigoriSpecifics& BaseNode::GetNigoriSpecifics() const {
-  DCHECK(GetModelType() == syncable::NIGORI);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::nigori);
+  DCHECK_EQ(syncable::NIGORI, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::nigori);
 }
 
 const sync_pb::PasswordSpecificsData& BaseNode::GetPasswordSpecifics() const {
-  DCHECK(GetModelType() == syncable::PASSWORDS);
+  DCHECK_EQ(syncable::PASSWORDS, GetModelType());
   DCHECK(password_data_.get());
   return *password_data_;
 }
 
 const sync_pb::PreferenceSpecifics& BaseNode::GetPreferenceSpecifics() const {
-  DCHECK(GetModelType() == syncable::PREFERENCES);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::preference);
+  DCHECK_EQ(syncable::PREFERENCES, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::preference);
 }
 
 const sync_pb::ThemeSpecifics& BaseNode::GetThemeSpecifics() const {
-  DCHECK(GetModelType() == syncable::THEMES);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::theme);
+  DCHECK_EQ(syncable::THEMES, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::theme);
 }
 
 const sync_pb::TypedUrlSpecifics& BaseNode::GetTypedUrlSpecifics() const {
-  DCHECK(GetModelType() == syncable::TYPED_URLS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::typed_url);
+  DCHECK_EQ(syncable::TYPED_URLS, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::typed_url);
 }
 
 const sync_pb::ExtensionSpecifics& BaseNode::GetExtensionSpecifics() const {
-  DCHECK(GetModelType() == syncable::EXTENSIONS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::extension);
+  DCHECK_EQ(syncable::EXTENSIONS, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::extension);
 }
 
 const sync_pb::SessionSpecifics& BaseNode::GetSessionSpecifics() const {
-  DCHECK(GetModelType() == syncable::SESSIONS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::session);
+  DCHECK_EQ(syncable::SESSIONS, GetModelType());
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::session);
 }
 
 syncable::ModelType BaseNode::GetModelType() const {
   return GetEntry()->GetModelType();
 }
 
 ////////////////////////////////////
 // WriteNode member definitions
+void WriteNode::EncryptIfNecessary(sync_pb::EntitySpecifics* unencrypted) {
+  syncable::ModelType type = syncable::GetModelTypeFromSpecifics(*unencrypted);
+  DCHECK_NE(type, syncable::UNSPECIFIED);
+  DCHECK_NE(type, syncable::PASSWORDS);  // Passwords use their own encryption.
+  DCHECK_NE(type, syncable::NIGORI);     // Nigori is encrypted separately.
+
+  syncable::ModelTypeSet encrypted_types =
+      GetEncryptedDataTypesFromSyncer(GetTransaction()->GetWrappedTrans());
+  if (encrypted_types.count(type) == 0) {
+    // This datatype does not require encryption.
+    return;
+  }
+
+  if (unencrypted->has_encrypted()) {
+    // This specifics is already encrypted, our work is done.
+    LOG(WARNING) << "Attempted to encrypt an already encrypted entity"
+      << " specifics of type " << syncable::ModelTypeToString(type)
+      << ". Dropping.";
+    return;
+  }
+  sync_pb::EntitySpecifics encrypted;
+  syncable::AddDefaultExtensionValue(type, &encrypted);
+  VLOG(2) << "Encrypted specifics of type " << syncable::ModelTypeToString(type)
+          << " with content: " << unencrypted->SerializeAsString() << "\n";
+  if (!GetTransaction()->GetCryptographer()->Encrypt(
+      *unencrypted,
+      encrypted.mutable_encrypted())) {
+    LOG(ERROR) << "Could not encrypt data for node of type " <<
+      syncable::ModelTypeToString(type);
+    NOTREACHED();
+  }
+  unencrypted->CopyFrom(encrypted);
+}
+
 void WriteNode::SetIsFolder(bool folder) {
   if (entry_->Get(syncable::IS_DIR) == folder)
     return;  // Skip redundant changes.
 
   entry_->Put(syncable::IS_DIR, folder);
   MarkForSyncing();
 }
 
 void WriteNode::SetTitle(const std::wstring& title) {
   std::string server_legal_name;
   SyncAPINameToServerName(title, &server_legal_name);
 
   string old_name = entry_->Get(syncable::NON_UNIQUE_NAME);
 
   if (server_legal_name == old_name)
     return;  // Skip redundant changes.
 
   entry_->Put(syncable::NON_UNIQUE_NAME, server_legal_name);
   MarkForSyncing();
 }
 
 void WriteNode::SetURL(const GURL& url) {
   sync_pb::BookmarkSpecifics new_value = GetBookmarkSpecifics();
   new_value.set_url(url.spec());
   SetBookmarkSpecifics(new_value);
 }
 
 void WriteNode::SetAppSpecifics(
     const sync_pb::AppSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::APPS);
+  DCHECK_EQ(syncable::APPS, GetModelType());
   PutAppSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetAutofillSpecifics(
     const sync_pb::AutofillSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::AUTOFILL);
+  DCHECK_EQ(syncable::AUTOFILL, GetModelType());
   PutAutofillSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutAutofillSpecificsAndMarkForSyncing(
     const sync_pb::AutofillSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::autofill)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetAutofillProfileSpecifics(
     const sync_pb::AutofillProfileSpecifics& new_value) {
   DCHECK_EQ(GetModelType(), syncable::AUTOFILL_PROFILE);
   PutAutofillProfileSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutAutofillProfileSpecificsAndMarkForSyncing(
     const sync_pb::AutofillProfileSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::autofill_profile)->CopyFrom(
       new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetBookmarkSpecifics(
     const sync_pb::BookmarkSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::BOOKMARKS);
+  DCHECK_EQ(syncable::BOOKMARKS, GetModelType());
   PutBookmarkSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutBookmarkSpecificsAndMarkForSyncing(
     const sync_pb::BookmarkSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::bookmark)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetNigoriSpecifics(
     const sync_pb::NigoriSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::NIGORI);
+  DCHECK_EQ(syncable::NIGORI, GetModelType());
   PutNigoriSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutNigoriSpecificsAndMarkForSyncing(
     const sync_pb::NigoriSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::nigori)->CopyFrom(new_value);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetPasswordSpecifics(
     const sync_pb::PasswordSpecificsData& data) {
-  DCHECK(GetModelType() == syncable::PASSWORDS);
-
+  DCHECK_EQ(syncable::PASSWORDS, GetModelType());
   sync_pb::PasswordSpecifics new_value;
   if (!GetTransaction()->GetCryptographer()->Encrypt(
       data,
       new_value.mutable_encrypted())) {
     NOTREACHED();
   }
-
   PutPasswordSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetPreferenceSpecifics(
     const sync_pb::PreferenceSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::PREFERENCES);
+  DCHECK_EQ(syncable::PREFERENCES, GetModelType());
   PutPreferenceSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetThemeSpecifics(
     const sync_pb::ThemeSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::THEMES);
+  DCHECK_EQ(syncable::THEMES, GetModelType());
   PutThemeSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetSessionSpecifics(
     const sync_pb::SessionSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::SESSIONS);
+  DCHECK_EQ(syncable::SESSIONS, GetModelType());
   PutSessionSpecificsAndMarkForSyncing(new_value);
 }
 
+void WriteNode::ResetFromSpecifics() {
+  sync_pb::EntitySpecifics new_data;
+  new_data.CopyFrom(GetUnencryptedSpecifics(GetEntry()));
+  EncryptIfNecessary(&new_data);
+  PutSpecificsAndMarkForSyncing(new_data);
+}
 
 void WriteNode::PutPasswordSpecificsAndMarkForSyncing(
     const sync_pb::PasswordSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::password)->CopyFrom(new_value);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::PutPreferenceSpecificsAndMarkForSyncing(
     const sync_pb::PreferenceSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::preference)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetTypedUrlSpecifics(
     const sync_pb::TypedUrlSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::TYPED_URLS);
+  DCHECK_EQ(syncable::TYPED_URLS, GetModelType());
   PutTypedUrlSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetExtensionSpecifics(
     const sync_pb::ExtensionSpecifics& new_value) {
-  DCHECK(GetModelType() == syncable::EXTENSIONS);
+  DCHECK_EQ(syncable::EXTENSIONS, GetModelType());
   PutExtensionSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutAppSpecificsAndMarkForSyncing(
     const sync_pb::AppSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::app)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::PutThemeSpecificsAndMarkForSyncing(
     const sync_pb::ThemeSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::theme)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::PutTypedUrlSpecificsAndMarkForSyncing(
     const sync_pb::TypedUrlSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::typed_url)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::PutExtensionSpecificsAndMarkForSyncing(
     const sync_pb::ExtensionSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::extension)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
-
 void WriteNode::PutSessionSpecificsAndMarkForSyncing(
     const sync_pb::SessionSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::session)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
-
 void WriteNode::PutSpecificsAndMarkForSyncing(
     const sync_pb::EntitySpecifics& specifics) {
   // Skip redundant changes.
   if (specifics.SerializeAsString() ==
       entry_->Get(SPECIFICS).SerializeAsString()) {
     return;
   }
   entry_->Put(SPECIFICS, specifics);
   MarkForSyncing();
 }
@@ skipping 44 matching lines @@
   DCHECK(!entry_) << "Init called twice";
   if (tag.empty())
     return false;
   entry_ = new syncable::MutableEntry(transaction_->GetWrappedWriteTrans(),
                                       syncable::GET_BY_SERVER_TAG, tag);
   if (!entry_->good())
     return false;
   if (entry_->Get(syncable::IS_DEL))
     return false;
   syncable::ModelType model_type = GetModelType();
-  DCHECK(model_type == syncable::NIGORI);
+  DCHECK_EQ(syncable::NIGORI, model_type);
   return true;
 }
 
 void WriteNode::PutModelType(syncable::ModelType model_type) {
   // Set an empty specifics of the appropriate datatype.  The presence
   // of the specific extension will identify the model type.
   DCHECK(GetModelType() == model_type ||
          GetModelType() == syncable::UNSPECIFIED);  // Immutable once set.
 
   sync_pb::EntitySpecifics specifics;
   syncable::AddDefaultExtensionValue(model_type, &specifics);
   PutSpecificsAndMarkForSyncing(specifics);
-  DCHECK(GetModelType() == model_type);
+  DCHECK_EQ(model_type, GetModelType());
 }
 
 // Create a new node with default properties, and bind this WriteNode to it.
 // Return true on success.
 bool WriteNode::InitByCreation(syncable::ModelType model_type,
                                const BaseNode& parent,
                                const BaseNode* predecessor) {
   DCHECK(!entry_) << "Init called twice";
   // |predecessor| must be a child of |parent| or NULL.
   if (predecessor && predecessor->GetParentId() != parent.GetId()) {
@@ skipping 345 matching lines @@
 
   // Update tokens that we're using in Sync. Email must stay the same.
   void UpdateCredentials(const SyncCredentials& credentials);
 
   // Tell the sync engine to start the syncing process.
   void StartSyncing();
 
   // Whether or not the Nigori node is encrypted using an explicit passphrase.
   bool IsUsingExplicitPassphrase();
 
+  // Set the datatypes we want to encrypt and encrypt any nodes as necessary.
+  void EncryptDataTypes(const syncable::ModelTypeSet& encrypted_types);
+
   // Try to set the current passphrase to |passphrase|, and record whether
   // it is an explicit passphrase or implicitly using gaia in the Nigori
   // node.
   void SetPassphrase(const std::string& passphrase, bool is_explicit);
 
   // Call periodically from a database-safe thread to persist recent changes
   // to the syncapi model.
   void SaveChanges();
 
   // This listener is called upon completion of a syncable transaction, and
@@ skipping 52 matching lines @@
   // See SyncManager::Shutdown for information.
   void Shutdown();
 
   // Whether we're initialized to the point of being able to accept changes
   // (and hence allow transaction creation). See initialized_ for details.
   bool initialized() const {
     base::AutoLock lock(initialized_mutex_);
     return initialized_;
   }
 
+  // If this is a deletion for a password, sets the legacy
+  // ExtraPasswordChangeRecordData field of |buffer|. Otherwise sets
+  // |buffer|'s specifics field to contain the unencrypted data.
   void SetExtraChangeRecordData(int64 id,
                                 syncable::ModelType type,
                                 ChangeReorderBuffer* buffer,
                                 Cryptographer* cryptographer,
                                 const syncable::EntryKernel& original,
                                 bool existed_before,
                                 bool exists_now);
 
   // Called only by our NetworkChangeNotifier.
   virtual void OnIPAddressChanged();
@@ skipping 105 matching lines @@
       return true;
     if (a.ref(syncable::PARENT_ID) != b.Get(syncable::PARENT_ID))
       return true;
     return false;
   }
 
   // Determine if any of the fields made visible to clients of the Sync API
   // differ between the versions of an entry stored in |a| and |b|. A return
   // value of false means that it should be OK to ignore this change.
   static bool VisiblePropertiesDiffer(const syncable::EntryKernel& a,
-                                      const syncable::Entry& b) {
+                                      const syncable::Entry& b,
+                                      Cryptographer* cryptographer) {
     syncable::ModelType model_type = b.GetModelType();
     // Suppress updates to items that aren't tracked by any browser model.
     if (model_type == syncable::UNSPECIFIED ||
         model_type == syncable::TOP_LEVEL_FOLDER) {
       return false;
     }
     if (a.ref(syncable::NON_UNIQUE_NAME) != b.Get(syncable::NON_UNIQUE_NAME))
       return true;
     if (a.ref(syncable::IS_DIR) != b.Get(syncable::IS_DIR))
       return true;
-    if (a.ref(SPECIFICS).SerializeAsString() !=
-        b.Get(SPECIFICS).SerializeAsString()) {
+    // Check if data has changed (account for encryption).
+    std::string a_str, b_str;
+    if (a.ref(SPECIFICS).has_encrypted()) {
+      const sync_pb::EncryptedData& encrypted = a.ref(SPECIFICS).encrypted();
+      a_str = cryptographer->DecryptToString(encrypted);
+    } else {
+      a_str = a.ref(SPECIFICS).SerializeAsString();
+    }
+    if (b.Get(SPECIFICS).has_encrypted()) {
+      const sync_pb::EncryptedData& encrypted = b.Get(SPECIFICS).encrypted();
+      b_str = cryptographer->DecryptToString(encrypted);
+    } else {
+      b_str = b.Get(SPECIFICS).SerializeAsString();
+    }
+    if (a_str != b_str) {
       return true;
     }
     if (VisiblePositionsDiffer(a, b))
       return true;
     return false;
   }
 
   bool ChangeBuffersAreEmpty() {
     for (int i = 0; i < syncable::MODEL_TYPE_COUNT; ++i) {
       if (!change_buffers_[i].IsEmpty())
@@ skipping 176 matching lines @@
     syncable::AutofillMigrationDebugInfo::PropertyToSet property_to_set,
     const syncable::AutofillMigrationDebugInfo& info) {
   return data_->SetAutofillMigrationDebugInfo(property_to_set, info);
 }
 
 void SyncManager::SetPassphrase(const std::string& passphrase,
      bool is_explicit) {
   data_->SetPassphrase(passphrase, is_explicit);
 }
 
+void SyncManager::EncryptDataTypes(
+    const syncable::ModelTypeSet& encrypted_types) {
+  data_->EncryptDataTypes(encrypted_types);
+}
+
 bool SyncManager::IsUsingExplicitPassphrase() {
   return data_ && data_->IsUsingExplicitPassphrase();
 }
 
 bool SyncManager::RequestPause() {
   if (data_->syncer_thread())
     return data_->syncer_thread()->RequestPause();
   return false;
 }
 
@@ skipping 85 matching lines @@
     NOTREACHED();
     return;
   }
 
   if (!lookup->initial_sync_ended_for_type(syncable::NIGORI))
     return;
 
   Cryptographer* cryptographer = share_.dir_manager->cryptographer();
   cryptographer->Bootstrap(restored_key_for_bootstrapping);
 
-  ReadTransaction trans(GetUserShare());
-  ReadNode node(&trans);
-  if (!node.InitByTagLookup(kNigoriTag)) {
-    NOTREACHED();
-    return;
+  sync_pb::NigoriSpecifics nigori;
+  {
+    ReadTransaction trans(GetUserShare());
+    ReadNode node(&trans);
+    if (!node.InitByTagLookup(kNigoriTag)) {
+      NOTREACHED();
+      return;
+    }
+
+    nigori.CopyFrom(node.GetNigoriSpecifics());
+    if (!nigori.encrypted().blob().empty()) {
+      if (cryptographer->CanDecrypt(nigori.encrypted())) {
+        cryptographer->SetKeys(nigori.encrypted());
+      } else {
+        cryptographer->SetPendingKeys(nigori.encrypted());
+        observer_->OnPassphraseRequired(true);
+      }
+    }
   }
 
-  const sync_pb::NigoriSpecifics& nigori = node.GetNigoriSpecifics();
-  if (!nigori.encrypted().blob().empty()) {
-    if (cryptographer->CanDecrypt(nigori.encrypted())) {
-      cryptographer->SetKeys(nigori.encrypted());
-    } else {
-      cryptographer->SetPendingKeys(nigori.encrypted());
-      observer_->OnPassphraseRequired(true);
-    }
-  }
+  // Refresh list of encrypted datatypes.
+  syncable::ModelTypeSet encrypted_types =
+      syncable::GetEncryptedDataTypesFromNigori(nigori);
+
+  // Ensure any datatypes that need encryption are encrypted.
+  EncryptDataTypes(encrypted_types);
 }
 
 void SyncManager::SyncInternal::StartSyncing() {
   if (syncer_thread())  // NULL during certain unittests.
     syncer_thread()->Start();  // Start the syncer thread. This won't actually
                                // result in any syncing until at least the
                                // DirectoryManager broadcasts the OPENED event,
                                // and a valid server connection is detected.
 }
 
@@ skipping 90 matching lines @@
 
   if (!setup_for_test_mode_) {
     UpdateCredentials(credentials);
   }
   return true;
 }
 
 void SyncManager::SyncInternal::UpdateCredentials(
     const SyncCredentials& credentials) {
   DCHECK_EQ(MessageLoop::current(), core_message_loop_);
-  DCHECK(share_.name == credentials.email);
+  DCHECK_EQ(credentials.email, share_.name);
   connection_manager()->set_auth_token(credentials.sync_token);
   TalkMediatorLogin(credentials.email, credentials.sync_token);
   CheckServerReachable();
   sync_manager_->RequestNudge();
 }
 
 void SyncManager::SyncInternal::InitializeTalkMediator() {
   if (notifier_options_.notification_method ==
       notifier::NOTIFICATION_SERVER) {
     syncable::ScopedDirLookup lookup(dir_manager(), username_for_share());
@@ skipping 54 matching lines @@
       observer_->OnPassphraseRequired(true);
       return;
     }
 
     // TODO(tim): If this is the first time the user has entered a passphrase
     // since the protocol changed to store passphrase preferences in the cloud,
     // make sure we update this preference. See bug 62103.
     if (is_explicit)
       SetUsingExplicitPassphrasePrefForMigration();
 
-    // Nudge the syncer so that passwords updates that were waiting for this
-    // passphrase get applied as soon as possible.
+    // Nudge the syncer so that encrypted datatype updates that were waiting for
+    // this passphrase get applied as soon as possible.
     sync_manager_->RequestNudge();
   } else {
     WriteTransaction trans(GetUserShare());
     WriteNode node(&trans);
     if (!node.InitByTagLookup(kNigoriTag)) {
       // TODO(albertb): Plumb an UnrecoverableError all the way back to the PSS.
       NOTREACHED();
       return;
     }
 
@@ skipping 25 matching lines @@
   ReadNode node(&trans);
   if (!node.InitByTagLookup(kNigoriTag)) {
     // TODO(albertb): Plumb an UnrecoverableError all the way back to the PSS.
     NOTREACHED();
     return false;
   }
 
   return node.GetNigoriSpecifics().using_explicit_passphrase();
 }
 
-void SyncManager::SyncInternal::ReEncryptEverything(WriteTransaction* trans) {
-  // TODO(tim): bug 59242.  We shouldn't lookup by data type and instead use
-  // a protocol flag or existence of an EncryptedData message, but for now,
-  // encryption is on if-and-only-if the type is passwords, and we haven't
-  // ironed out the protocol for generic encryption.
-  static const char* passwords_tag = "google_chrome_passwords";
-  ReadNode passwords_root(trans);
-  if (!passwords_root.InitByTagLookup(passwords_tag)) {
-    LOG(WARNING) << "No passwords to reencrypt.";
+void SyncManager::SyncInternal::EncryptDataTypes(
+    const syncable::ModelTypeSet& encrypted_types) {
+  // Verify the encrypted types are all enabled.
+  ModelSafeRoutingInfo routes;
+  registrar_->GetModelSafeRoutingInfo(&routes);
+  for (syncable::ModelTypeSet::iterator iter = encrypted_types.begin();
+       iter != encrypted_types.end(); ++iter) {
+    if (routes.count(*iter) == 0){
+      LOG(ERROR) << "Attempted to encrypt non-enabled datatype "
+                 << syncable::ModelTypeToString(*iter);

[tim (not reviewing), 2011/02/15 00:10:57]

Does SyncBackendHost enforce that registrar can't change while re-encryption is
in process?  'Cause it seems like this call to Encrypt could be referring to an
older version of routing info.  Not sure if that breaks anything but maybe we
don't want the NOTREACHED()?

[Nicolas Zea, 2011/02/15 19:52:18]

Good point. It's probably better to just remove any types that we don't have
routing info for (with a warning), and continue. Done.

On 2011/02/15 00:10:57, timsteele wrote:

+      NOTREACHED();
+      return;
+    }
+  }
+  if (routes.count(syncable::PASSWORDS) > 0 &&
+      encrypted_types.count(syncable::PASSWORDS) == 0) {
+    LOG(ERROR) << "Attempted to set PASSWORDS datatype as unencrypted";
+    NOTREACHED();
+    return;
+  }
+  WriteTransaction trans(GetUserShare());
+  WriteNode node(&trans);
+  if (!node.InitByTagLookup(kNigoriTag)) {
+    LOG(ERROR) << "Unable to set encrypted datatypes because Nigori node not "
+               << "found.";
+    NOTREACHED();
     return;
   }
 
-  int64 child_id = passwords_root.GetFirstChildId();
-  while (child_id != kInvalidId) {
-    WriteNode child(trans);
-    if (!child.InitByIdLookup(child_id)) {
+  // Update the Nigori node set of encrypted datatypes so other machines notice.
+  sync_pb::NigoriSpecifics nigori;
+  nigori.CopyFrom(node.GetNigoriSpecifics());
+  syncable::FillNigoriEncryptedTypes(encrypted_types, &nigori);
+  node.SetNigoriSpecifics(nigori);
+
+  // TODO(zea): only reencrypt this datatype? ReEncrypting everything is a
+  // safer approach, and should not impact anything that is already encrypted
+  // (redundant changes are ignored).
+  ReEncryptEverything(&trans);
+  return;
+}
+
+void SyncManager::SyncInternal::ReEncryptEverything(WriteTransaction* trans) {
+  syncable::ModelTypeSet encrypted_types =
+      GetEncryptedDataTypesFromSyncer(trans->GetWrappedTrans());
+  std::string tag;
+  for (syncable::ModelTypeSet::iterator iter = encrypted_types.begin();
+       iter != encrypted_types.end(); ++iter) {
+    if (*iter == syncable::PASSWORDS)
+      continue;  // Has special implementation below.
+    ReadNode type_root(trans);
+    tag = syncable::ModelTypeToRootTag(*iter);
+    if (!type_root.InitByTagLookup(tag)) {
       NOTREACHED();
       return;
     }
-    child.SetPasswordSpecifics(child.GetPasswordSpecifics());
-    child_id = child.GetSuccessorId();
+
+    // Iterate through all children of this datatype.
+    std::queue<int64> to_visit;
+    int64 child_id = type_root.GetFirstChildId();
+    to_visit.push(child_id);
+    while (!to_visit.empty()) {
+      child_id = to_visit.front();
+      to_visit.pop();
+      if (child_id == kInvalidId)
+        continue;
+
+      WriteNode child(trans);
+      if (!child.InitByIdLookup(child_id)) {
+        NOTREACHED();
+        return;
+      }
+      if (child.GetIsFolder()) {
+        to_visit.push(child.GetFirstChildId());
+      } else {
+        // Rewrite the specifics of the node with encrypted data if necessary.
+        child.ResetFromSpecifics();
+      }
+      to_visit.push(child.GetSuccessorId());
+    }
   }
+
+  if (encrypted_types.count(syncable::PASSWORDS) > 0) {
+    // Passwords are encrypted with their own legacy scheme.
+    ReadNode passwords_root(trans);
+    std::string passwords_tag =
+        syncable::ModelTypeToRootTag(syncable::PASSWORDS);
+    if (!passwords_root.InitByTagLookup(passwords_tag)) {
+      LOG(WARNING) << "No passwords to reencrypt.";
+      return;
+    }
+
+    int64 child_id = passwords_root.GetFirstChildId();
+    while (child_id != kInvalidId) {
+      WriteNode child(trans);
+      if (!child.InitByIdLookup(child_id)) {
+        NOTREACHED();
+        return;
+      }
+      child.SetPasswordSpecifics(child.GetPasswordSpecifics());
+      child_id = child.GetSuccessorId();
+    }
+  }
+
+  observer_->OnEncryptionComplete(encrypted_types);
 }
 
 SyncManager::~SyncManager() {
   delete data_;
 }
 
 void SyncManager::SetObserver(Observer* observer) {
   data_->set_observer(observer);
 }
 
@@ skipping 219 matching lines @@
         nudge_delay,
         SyncerThread::kLocal,
         model_types);
   }
 }
 
 void SyncManager::SyncInternal::SetExtraChangeRecordData(int64 id,
     syncable::ModelType type, ChangeReorderBuffer* buffer,
     Cryptographer* cryptographer, const syncable::EntryKernel& original,
     bool existed_before, bool exists_now) {
-  // If this is a deletion, attach the entity specifics as extra data
-  // so that the delete can be processed.
+  // If this is a deletion and the datatype was encrypted, we need to decrypt it
+  // and attach it to the buffer.
   if (!exists_now && existed_before) {
-    buffer->SetSpecificsForId(id, original.ref(SPECIFICS));
+    sync_pb::EntitySpecifics original_specifics(original.ref(SPECIFICS));
     if (type == syncable::PASSWORDS) {
-      // Need to dig a bit deeper as passwords are encrypted.
+      // Passwords must use their own legacy ExtraPasswordChangeRecordData.
       scoped_ptr<sync_pb::PasswordSpecificsData> data(
-          DecryptPasswordSpecifics(original.ref(SPECIFICS), cryptographer));
+          DecryptPasswordSpecifics(original_specifics, cryptographer));
       if (!data.get()) {
         NOTREACHED();
         return;
       }
       buffer->SetExtraDataForId(id, new ExtraPasswordChangeRecordData(*data));
+    } else if (original_specifics.has_encrypted()) {
+      // All other datatypes can just create a new unencrypted specifics and
+      // attach it.
+      const sync_pb::EncryptedData& encrypted = original_specifics.encrypted();
+      if (!cryptographer->Decrypt(encrypted, &original_specifics)) {
+        NOTREACHED();
+        return;
+      }
     }
+    buffer->SetSpecificsForId(id, original_specifics);
   }
 }
 
 void SyncManager::SyncInternal::HandleCalculateChangesChangeEventFromSyncer(
     const syncable::DirectoryChangeEvent& event) {
   // We only expect one notification per sync step, so change_buffers_ should
   // contain no pending entries.
   DCHECK_EQ(event.todo, syncable::DirectoryChangeEvent::CALCULATE_CHANGES);
   DCHECK(event.writer == syncable::SYNCER ||
          event.writer == syncable::UNITTEST);
@@ skipping 10 matching lines @@
 
     // Omit items that aren't associated with a model.
     syncable::ModelType type = e.GetModelType();
     if (type == syncable::TOP_LEVEL_FOLDER || type == syncable::UNSPECIFIED)
       continue;
 
     if (exists_now && !existed_before)
       change_buffers_[type].PushAddedItem(id);
     else if (!exists_now && existed_before)
       change_buffers_[type].PushDeletedItem(id);
-    else if (exists_now && existed_before && VisiblePropertiesDiffer(*i, e))
+    else if (exists_now && existed_before &&
+             VisiblePropertiesDiffer(*i, e, dir_manager()->cryptographer())) {
       change_buffers_[type].PushUpdatedItem(id, VisiblePositionsDiffer(*i, e));
+    }
 
     SetExtraChangeRecordData(id, type, &change_buffers_[type],
                              dir_manager()->cryptographer(), *i,
                              existed_before, exists_now);
   }
 }
 
 SyncManager::Status SyncManager::SyncInternal::GetStatus() {
   return allstatus_.status();
 }
 
 void SyncManager::SyncInternal::OnSyncEngineEvent(
     const SyncEngineEvent& event) {
   if (!observer_)
     return;
 
   // Only send an event if this is due to a cycle ending and this cycle
   // concludes a canonical "sync" process; that is, based on what is known
   // locally we are "all happy" and up-to-date.  There may be new changes on
   // the server, but we'll get them on a subsequent sync.
   //
   // Notifications are sent at the end of every sync cycle, regardless of
   // whether we should sync again.
   if (event.what_happened == SyncEngineEvent::SYNC_CYCLE_ENDED) {
     ModelSafeRoutingInfo enabled_types;
     registrar_->GetModelSafeRoutingInfo(&enabled_types);
-    if (enabled_types.count(syncable::PASSWORDS) > 0) {
-      Cryptographer* cryptographer =
-          GetUserShare()->dir_manager->cryptographer();
-      if (!cryptographer->is_ready() && !cryptographer->has_pending_keys()) {
-        sync_api::ReadTransaction trans(GetUserShare());
-        sync_api::ReadNode node(&trans);
-        if (!node.InitByTagLookup(kNigoriTag)) {
-          DCHECK(!event.snapshot->is_share_usable);
-          return;
+    {
+      // Check to see if we need to notify the frontend that we have newly
+      // encrypted types or that we require a passphrase.
+      sync_api::ReadTransaction trans(GetUserShare());
+      sync_api::ReadNode node(&trans);
+      if (!node.InitByTagLookup(kNigoriTag)) {
+        DCHECK(!event.snapshot->is_share_usable);
+        return;
+      }
+      const sync_pb::NigoriSpecifics& nigori = node.GetNigoriSpecifics();
+      syncable::ModelTypeSet encrypted_types =
+          syncable::GetEncryptedDataTypesFromNigori(nigori);
+      // If this is a first time sync with encryption, it's possible Passwords
+      // hasn't been added to the encryption types list.
+      if (enabled_types.count(syncable::PASSWORDS) > 0)
+        encrypted_types.insert(syncable::PASSWORDS);
+      if (encrypted_types.size() > 0) {
+        Cryptographer* cryptographer =
+            GetUserShare()->dir_manager->cryptographer();
+        if (!cryptographer->is_ready() && !cryptographer->has_pending_keys()) {
+          if (!nigori.encrypted().blob().empty()) {
+            DCHECK(!cryptographer->CanDecrypt(nigori.encrypted()));
+            cryptographer->SetPendingKeys(nigori.encrypted());
+          }
         }
-        const sync_pb::NigoriSpecifics& nigori = node.GetNigoriSpecifics();
-        if (!nigori.encrypted().blob().empty()) {
-          DCHECK(!cryptographer->CanDecrypt(nigori.encrypted()));
-          cryptographer->SetPendingKeys(nigori.encrypted());
+
+        // If we've completed a sync cycle and the cryptographer isn't ready
+        // yet, prompt the user for a passphrase.
+        if (cryptographer->has_pending_keys()) {
+          observer_->OnPassphraseRequired(true);
+        } else if (!cryptographer->is_ready()) {
+          observer_->OnPassphraseRequired(false);
+        } else {
+          observer_->OnEncryptionComplete(encrypted_types);
         }
       }
-
-      // If we've completed a sync cycle and the cryptographer isn't ready yet,
-      // prompt the user for a passphrase.
-      if (cryptographer->has_pending_keys()) {
-        observer_->OnPassphraseRequired(true);
-      } else if (!cryptographer->is_ready()) {
-        observer_->OnPassphraseRequired(false);
-      }
     }
 
     if (!initialized())
       return;
 
     if (!event.snapshot->has_more_to_sync) {
       observer_->OnSyncCycleCompleted(event.snapshot);
     }
 
     if (notifier_options_.notification_method !=
@@ skipping 330 matching lines @@
 
 void SyncManager::TriggerOnIncomingNotificationForTest(
     const syncable::ModelTypeBitSet& model_types) {
   IncomingNotificationData notification_data;
   notification_data.service_url = model_types.to_string();
   // Here we rely on the default notification method being SERVER.
   data_->OnIncomingNotification(notification_data);
 }
 
 }  // namespace sync_api