[Sync] Initial support for encrypting any datatype (no UI hookup yet).

chrome/browser/sync/engine/syncapi.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/engine/syncapi.h"
 
+#include <algorithm>
 #include <bitset>
 #include <iomanip>
 #include <list>
+#include <queue>
 #include <string>
 #include <vector>
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
 #include "base/scoped_ptr.h"
 #include "base/sha1.h"
 #include "base/string_util.h"
 #include "base/synchronization/lock.h"
@@ skipping 18 matching lines @@
 #include "chrome/browser/sync/protocol/preference_specifics.pb.h"
 #include "chrome/browser/sync/protocol/session_specifics.pb.h"
 #include "chrome/browser/sync/protocol/service_constants.h"
 #include "chrome/browser/sync/protocol/sync.pb.h"
 #include "chrome/browser/sync/protocol/theme_specifics.pb.h"
 #include "chrome/browser/sync/protocol/typed_url_specifics.pb.h"
 #include "chrome/browser/sync/sessions/sync_session.h"
 #include "chrome/browser/sync/sessions/sync_session_context.h"
 #include "chrome/browser/sync/syncable/autofill_migration.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
+#include "chrome/browser/sync/syncable/nigori_util.h"
 #include "chrome/browser/sync/syncable/syncable.h"
 #include "chrome/browser/sync/util/crypto_helpers.h"
 #include "chrome/common/deprecated/event_sys.h"
 #include "chrome/common/net/gaia/gaia_authenticator.h"
 #include "jingle/notifier/listener/mediator_thread_impl.h"
 #include "jingle/notifier/listener/notification_constants.h"
 #include "jingle/notifier/listener/talk_mediator.h"
 #include "jingle/notifier/listener/talk_mediator_impl.h"
 #include "net/base/network_change_notifier.h"
 
@@ skipping 134 matching lines @@
   if (!crypto->Decrypt(encrypted, data.get()))
     return NULL;
   return data.release();
 }
 
 bool BaseNode::DecryptIfNecessary(Entry* entry) {
   if (GetIsFolder()) return true;  // Ignore the top-level password folder.
   const sync_pb::EntitySpecifics& specifics =
       entry->Get(syncable::SPECIFICS);
   if (specifics.HasExtension(sync_pb::password)) {
+    // Passwords have their own legacy encryption structure.
     scoped_ptr<sync_pb::PasswordSpecificsData> data(DecryptPasswordSpecifics(
         specifics, GetTransaction()->GetCryptographer()));
     if (!data.get())
       return false;
     password_data_.swap(data);
+    return true;
+  }
+
+  // We assume any node with the encrypted field set has encrypted data.
+  if (!specifics.has_encrypted())
+    return true;
+
+  const sync_pb::EncryptedData& encrypted =
+      specifics.encrypted();
+  std::string plaintext_data = GetTransaction()->GetCryptographer()->
+      DecryptToString(encrypted);
+  if (plaintext_data.length() == 0)
+    return false;
+  if (!unencrypted_data_.ParseFromString(plaintext_data)) {
+    LOG(ERROR) << "Failed to decrypt encrypted node of type " <<
+      syncable::ModelTypeToString(entry->GetModelType()) << ".";
+    return false;
   }
   return true;
 }
 
+const sync_pb::EntitySpecifics& BaseNode::GetUnencryptedSpecifics(
+    const syncable::Entry* entry) const {
+  const sync_pb::EntitySpecifics& specifics = entry->Get(SPECIFICS);
+  if (specifics.has_encrypted()) {
+    DCHECK(syncable::GetModelTypeFromSpecifics(unencrypted_data_) !=
+           syncable::UNSPECIFIED);
+    return unencrypted_data_;
+  } else {
+    DCHECK(syncable::GetModelTypeFromSpecifics(unencrypted_data_) ==
+           syncable::UNSPECIFIED);
+    return specifics;
+  }
+}
+
 int64 BaseNode::GetParentId() const {
   return IdToMetahandle(GetTransaction()->GetWrappedTrans(),
                         GetEntry()->Get(syncable::PARENT_ID));
 }
 
 int64 BaseNode::GetId() const {
   return GetEntry()->Get(syncable::META_HANDLE);
 }
 
 int64 BaseNode::GetModificationTime() const {
@@ skipping 46 matching lines @@
       reinterpret_cast<const unsigned char*>(favicon.data() +
                                              favicon.length()));
 }
 
 int64 BaseNode::GetExternalId() const {
   return GetEntry()->Get(syncable::LOCAL_EXTERNAL_ID);
 }
 
 const sync_pb::AppSpecifics& BaseNode::GetAppSpecifics() const {
   DCHECK(GetModelType() == syncable::APPS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::app);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::app);
 }
 
 const sync_pb::AutofillSpecifics& BaseNode::GetAutofillSpecifics() const {
   DCHECK(GetModelType() == syncable::AUTOFILL);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::autofill);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::autofill);
 }
 
 const AutofillProfileSpecifics& BaseNode::GetAutofillProfileSpecifics() const {
   DCHECK_EQ(GetModelType(), syncable::AUTOFILL_PROFILE);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::autofill_profile);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::autofill_profile);
 }
 
 const sync_pb::BookmarkSpecifics& BaseNode::GetBookmarkSpecifics() const {
   DCHECK(GetModelType() == syncable::BOOKMARKS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::bookmark);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::bookmark);
 }
 
 const sync_pb::NigoriSpecifics& BaseNode::GetNigoriSpecifics() const {
   DCHECK(GetModelType() == syncable::NIGORI);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::nigori);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::nigori);
 }
 
 const sync_pb::PasswordSpecificsData& BaseNode::GetPasswordSpecifics() const {
   DCHECK(GetModelType() == syncable::PASSWORDS);
   DCHECK(password_data_.get());
   return *password_data_;
 }
 
 const sync_pb::PreferenceSpecifics& BaseNode::GetPreferenceSpecifics() const {
   DCHECK(GetModelType() == syncable::PREFERENCES);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::preference);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::preference);
 }
 
 const sync_pb::ThemeSpecifics& BaseNode::GetThemeSpecifics() const {
   DCHECK(GetModelType() == syncable::THEMES);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::theme);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::theme);
 }
 
 const sync_pb::TypedUrlSpecifics& BaseNode::GetTypedUrlSpecifics() const {
   DCHECK(GetModelType() == syncable::TYPED_URLS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::typed_url);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::typed_url);
 }
 
 const sync_pb::ExtensionSpecifics& BaseNode::GetExtensionSpecifics() const {
   DCHECK(GetModelType() == syncable::EXTENSIONS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::extension);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::extension);
 }
 
 const sync_pb::SessionSpecifics& BaseNode::GetSessionSpecifics() const {
   DCHECK(GetModelType() == syncable::SESSIONS);
-  return GetEntry()->Get(SPECIFICS).GetExtension(sync_pb::session);
+  const sync_pb::EntitySpecifics& unencrypted =
+      GetUnencryptedSpecifics(GetEntry());
+  return unencrypted.GetExtension(sync_pb::session);
 }
 
 syncable::ModelType BaseNode::GetModelType() const {
   return GetEntry()->GetModelType();
 }
 
 ////////////////////////////////////
 // WriteNode member definitions
+void WriteNode::EncryptIfNecessary(sync_pb::EntitySpecifics* unencrypted) {
+  syncable::ModelType type = syncable::GetModelTypeFromSpecifics(*unencrypted);
+  DCHECK(type != syncable::UNSPECIFIED);

[tim (not reviewing), 2011/02/11 06:52:31]

DCHECK_NE

[Nicolas Zea, 2011/02/14 21:18:41]

Done.

+  DCHECK(type != syncable::PASSWORDS);    // Passwords use their own encryption.
+  DCHECK(type != syncable::NIGORI);       // Nigori is encrypted separately.
+
+  syncable::ModelTypeSet encrypted_types = GetTransaction()->GetWrappedTrans()->
+      GetEncryptedDatatypes();
+  if (encrypted_types.count(type) == 0) {
+    // This datatype does not require encryption.
+    return;
+  }
+
+  if (unencrypted->has_encrypted()) {
+    // This specifics is already encrypted, our work is done.
+    LOG(WARNING) << "Attempted to encrypt an already encrypted entity"
+      << " specifics of type " << syncable::ModelTypeToString(type)
+      << ". Dropping.";
+    return;
+  }
+  sync_pb::EntitySpecifics encrypted;
+  syncable::AddDefaultExtensionValue(type, &encrypted);
+  VLOG(2) << "Encrypted specifics of type " << syncable::ModelTypeToString(type)
+          << " with content: " << unencrypted->SerializeAsString() << "\n";
+  if (!GetTransaction()->GetCryptographer()->Encrypt(
+      *unencrypted,
+      encrypted.mutable_encrypted())) {
+    LOG(ERROR) << "Could not encrypt data for node of type " <<
+      syncable::ModelTypeToString(type);
+    NOTREACHED();
+  }
+  unencrypted->CopyFrom(encrypted);
+}
+
 void WriteNode::SetIsFolder(bool folder) {
   if (entry_->Get(syncable::IS_DIR) == folder)
     return;  // Skip redundant changes.
 
   entry_->Put(syncable::IS_DIR, folder);
   MarkForSyncing();
 }
 
 void WriteNode::SetTitle(const std::wstring& title) {
   std::string server_legal_name;
@@ skipping 23 matching lines @@
 void WriteNode::SetAutofillSpecifics(
     const sync_pb::AutofillSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::AUTOFILL);
   PutAutofillSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutAutofillSpecificsAndMarkForSyncing(
     const sync_pb::AutofillSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::autofill)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetAutofillProfileSpecifics(
     const sync_pb::AutofillProfileSpecifics& new_value) {
   DCHECK_EQ(GetModelType(), syncable::AUTOFILL_PROFILE);
   PutAutofillProfileSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutAutofillProfileSpecificsAndMarkForSyncing(
     const sync_pb::AutofillProfileSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::autofill_profile)->CopyFrom(
       new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetBookmarkSpecifics(
     const sync_pb::BookmarkSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::BOOKMARKS);
   PutBookmarkSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutBookmarkSpecificsAndMarkForSyncing(
     const sync_pb::BookmarkSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::bookmark)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetNigoriSpecifics(
     const sync_pb::NigoriSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::NIGORI);
   PutNigoriSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutNigoriSpecificsAndMarkForSyncing(
     const sync_pb::NigoriSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::nigori)->CopyFrom(new_value);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetPasswordSpecifics(
     const sync_pb::PasswordSpecificsData& data) {
   DCHECK(GetModelType() == syncable::PASSWORDS);
-
   sync_pb::PasswordSpecifics new_value;
   if (!GetTransaction()->GetCryptographer()->Encrypt(
       data,
       new_value.mutable_encrypted())) {
     NOTREACHED();
   }
-
   PutPasswordSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetPreferenceSpecifics(
     const sync_pb::PreferenceSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::PREFERENCES);
   PutPreferenceSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetThemeSpecifics(
     const sync_pb::ThemeSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::THEMES);
   PutThemeSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetSessionSpecifics(
     const sync_pb::SessionSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::SESSIONS);
   PutSessionSpecificsAndMarkForSyncing(new_value);
 }
 
+void WriteNode::ResetFromSpecifics() {
+  sync_pb::EntitySpecifics new_data;
+  new_data.CopyFrom(GetUnencryptedSpecifics(GetEntry()));
+  EncryptIfNecessary(&new_data);
+  PutSpecificsAndMarkForSyncing(new_data);
+}
 
 void WriteNode::PutPasswordSpecificsAndMarkForSyncing(
     const sync_pb::PasswordSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::password)->CopyFrom(new_value);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::PutPreferenceSpecificsAndMarkForSyncing(
     const sync_pb::PreferenceSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::preference)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::SetTypedUrlSpecifics(
     const sync_pb::TypedUrlSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::TYPED_URLS);
   PutTypedUrlSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::SetExtensionSpecifics(
     const sync_pb::ExtensionSpecifics& new_value) {
   DCHECK(GetModelType() == syncable::EXTENSIONS);
   PutExtensionSpecificsAndMarkForSyncing(new_value);
 }
 
 void WriteNode::PutAppSpecificsAndMarkForSyncing(
     const sync_pb::AppSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::app)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::PutThemeSpecificsAndMarkForSyncing(
     const sync_pb::ThemeSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::theme)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::PutTypedUrlSpecificsAndMarkForSyncing(
     const sync_pb::TypedUrlSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::typed_url)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
 void WriteNode::PutExtensionSpecificsAndMarkForSyncing(
     const sync_pb::ExtensionSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::extension)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
-
 void WriteNode::PutSessionSpecificsAndMarkForSyncing(
     const sync_pb::SessionSpecifics& new_value) {
   sync_pb::EntitySpecifics entity_specifics;
   entity_specifics.MutableExtension(sync_pb::session)->CopyFrom(new_value);
+  EncryptIfNecessary(&entity_specifics);
   PutSpecificsAndMarkForSyncing(entity_specifics);
 }
 
-
 void WriteNode::PutSpecificsAndMarkForSyncing(
     const sync_pb::EntitySpecifics& specifics) {
   // Skip redundant changes.
   if (specifics.SerializeAsString() ==
       entry_->Get(SPECIFICS).SerializeAsString()) {
     return;
   }
   entry_->Put(SPECIFICS, specifics);
   MarkForSyncing();
 }
@@ skipping 468 matching lines @@
 
   // Update tokens that we're using in Sync. Email must stay the same.
   void UpdateCredentials(const SyncCredentials& credentials);
 
   // Tell the sync engine to start the syncing process.
   void StartSyncing();
 
   // Whether or not the Nigori node is encrypted using an explicit passphrase.
   bool IsUsingExplicitPassphrase();
 
+  // Set the datatypes we want to encrypt and encrypt any nodes as necessary.
+  void EncryptDataTypes(const syncable::ModelTypeSet& encrypted_types);
+
   // Try to set the current passphrase to |passphrase|, and record whether
   // it is an explicit passphrase or implicitly using gaia in the Nigori
   // node.
   void SetPassphrase(const std::string& passphrase, bool is_explicit);
 
   // Call periodically from a database-safe thread to persist recent changes
   // to the syncapi model.
   void SaveChanges();
 
   // This listener is called upon completion of a syncable transaction, and
@@ skipping 52 matching lines @@
   // See SyncManager::Shutdown for information.
   void Shutdown();
 
   // Whether we're initialized to the point of being able to accept changes
   // (and hence allow transaction creation). See initialized_ for details.
   bool initialized() const {
     base::AutoLock lock(initialized_mutex_);
     return initialized_;
   }
 
+  // If this is a deletion for a password, sets the legacy
+  // ExtraPasswordChangeRecordData field of |buffer|. Otherwise sets
+  // |buffer|'s specifics field to contain the unencrypted data.
   void SetExtraChangeRecordData(int64 id,
                                 syncable::ModelType type,
                                 ChangeReorderBuffer* buffer,
                                 Cryptographer* cryptographer,
                                 const syncable::EntryKernel& original,
                                 bool existed_before,
                                 bool exists_now);
 
   // Called only by our NetworkChangeNotifier.
   virtual void OnIPAddressChanged();
@@ skipping 96 matching lines @@
       return true;
     if (a.ref(syncable::PARENT_ID) != b.Get(syncable::PARENT_ID))
       return true;
     return false;
   }
 
   // Determine if any of the fields made visible to clients of the Sync API
   // differ between the versions of an entry stored in |a| and |b|. A return
   // value of false means that it should be OK to ignore this change.
   static bool VisiblePropertiesDiffer(const syncable::EntryKernel& a,
-                                      const syncable::Entry& b) {
+                                      const syncable::Entry& b,
+                                      Cryptographer* cryptographer) {
     syncable::ModelType model_type = b.GetModelType();
     // Suppress updates to items that aren't tracked by any browser model.
     if (model_type == syncable::UNSPECIFIED ||
         model_type == syncable::TOP_LEVEL_FOLDER) {
       return false;
     }
     if (a.ref(syncable::NON_UNIQUE_NAME) != b.Get(syncable::NON_UNIQUE_NAME))
       return true;
     if (a.ref(syncable::IS_DIR) != b.Get(syncable::IS_DIR))
       return true;
-    if (a.ref(SPECIFICS).SerializeAsString() !=
-        b.Get(SPECIFICS).SerializeAsString()) {
+    // Check if data has changed (account for encryption).
+    std::string a_str, b_str;
+    if (a.ref(SPECIFICS).has_encrypted()) {
+      const sync_pb::EncryptedData& encrypted = a.ref(SPECIFICS).encrypted();
+      a_str = cryptographer->DecryptToString(encrypted);
+    } else {
+      a_str = a.ref(SPECIFICS).SerializeAsString();
+    }
+    if (b.Get(SPECIFICS).has_encrypted()) {
+      const sync_pb::EncryptedData& encrypted = b.Get(SPECIFICS).encrypted();
+      b_str = cryptographer->DecryptToString(encrypted);
+    } else {
+      b_str = b.Get(SPECIFICS).SerializeAsString();
+    }
+    if (a_str != b_str) {
       return true;
     }
     if (VisiblePositionsDiffer(a, b))
       return true;
     return false;
   }
 
   bool ChangeBuffersAreEmpty() {
     for (int i = 0; i < syncable::MODEL_TYPE_COUNT; ++i) {
       if (!change_buffers_[i].IsEmpty())
@@ skipping 170 matching lines @@
     syncable::AutofillMigrationDebugInfo::PropertyToSet property_to_set,
     const syncable::AutofillMigrationDebugInfo& info) {
   return data_->SetAutofillMigrationDebugInfo(property_to_set, info);
 }
 
 void SyncManager::SetPassphrase(const std::string& passphrase,
      bool is_explicit) {
   data_->SetPassphrase(passphrase, is_explicit);
 }
 
+void SyncManager::EncryptDataTypes(
+    const syncable::ModelTypeSet& encrypted_types) {
+  data_->EncryptDataTypes(encrypted_types);
+}
+
 bool SyncManager::IsUsingExplicitPassphrase() {
   return data_ && data_->IsUsingExplicitPassphrase();
 }
 
 bool SyncManager::RequestPause() {
   if (data_->syncer_thread())
     return data_->syncer_thread()->RequestPause();
   return false;
 }
 
@@ skipping 85 matching lines @@
     NOTREACHED();
     return;
   }
 
   if (!lookup->initial_sync_ended_for_type(syncable::NIGORI))
     return;
 
   Cryptographer* cryptographer = share_.dir_manager->cryptographer();
   cryptographer->Bootstrap(restored_key_for_bootstrapping);
 
-  ReadTransaction trans(GetUserShare());
-  ReadNode node(&trans);
-  if (!node.InitByTagLookup(kNigoriTag)) {
-    NOTREACHED();
-    return;
+  sync_pb::NigoriSpecifics nigori;
+  {
+    ReadTransaction trans(GetUserShare());
+    ReadNode node(&trans);
+    if (!node.InitByTagLookup(kNigoriTag)) {
+      NOTREACHED();
+      return;
+    }
+
+    nigori.CopyFrom(node.GetNigoriSpecifics());
+    if (!nigori.encrypted().blob().empty()) {
+      if (cryptographer->CanDecrypt(nigori.encrypted())) {
+        cryptographer->SetKeys(nigori.encrypted());
+      } else {
+        cryptographer->SetPendingKeys(nigori.encrypted());
+        observer_->OnPassphraseRequired(true);
+      }
+    }
   }
 
-  const sync_pb::NigoriSpecifics& nigori = node.GetNigoriSpecifics();
-  if (!nigori.encrypted().blob().empty()) {
-    if (cryptographer->CanDecrypt(nigori.encrypted())) {
-      cryptographer->SetKeys(nigori.encrypted());
-    } else {
-      cryptographer->SetPendingKeys(nigori.encrypted());
-      observer_->OnPassphraseRequired(true);
-    }
-  }
+  // Refresh list of encrypted datatypes.
+  syncable::ModelTypeSet encrypted_types =
+      syncable::GetEncryptedDatatypesFromNigori(nigori);
+  encrypted_types.insert(syncable::PASSWORDS);  // Always on.
+
+  // Ensure any datatypes that need encryption are encrypted.
+  EncryptDataTypes(encrypted_types);
 }
 
 void SyncManager::SyncInternal::StartSyncing() {
   if (syncer_thread())  // NULL during certain unittests.
     syncer_thread()->Start();  // Start the syncer thread. This won't actually
                                // result in any syncing until at least the
                                // DirectoryManager broadcasts the OPENED event,
                                // and a valid server connection is detected.
 }
 
@@ skipping 163 matching lines @@
       observer_->OnPassphraseRequired(true);
       return;
     }
 
     // TODO(tim): If this is the first time the user has entered a passphrase
     // since the protocol changed to store passphrase preferences in the cloud,
     // make sure we update this preference. See bug 62103.
     if (is_explicit)
       SetUsingExplicitPassphrasePrefForMigration();
 
-    // Nudge the syncer so that passwords updates that were waiting for this
-    // passphrase get applied as soon as possible.
+    // Nudge the syncer so that encrypted datatype updates that were waiting for
+    // this passphrase get applied as soon as possible.
     sync_manager_->RequestNudge();
   } else {
     WriteTransaction trans(GetUserShare());
     WriteNode node(&trans);
     if (!node.InitByTagLookup(kNigoriTag)) {
       // TODO(albertb): Plumb an UnrecoverableError all the way back to the PSS.
       NOTREACHED();
       return;
     }
 
@@ skipping 25 matching lines @@
   ReadNode node(&trans);
   if (!node.InitByTagLookup(kNigoriTag)) {
     // TODO(albertb): Plumb an UnrecoverableError all the way back to the PSS.
     NOTREACHED();
     return false;
   }
 
   return node.GetNigoriSpecifics().using_explicit_passphrase();
 }
 
+void SyncManager::SyncInternal::EncryptDataTypes(
+    const syncable::ModelTypeSet& encrypted_types) {
+  // Verify the encrypted types are all enabled.
+  ModelSafeRoutingInfo routes;
+  registrar_->GetModelSafeRoutingInfo(&routes);
+  size_t count = 0;
+  for (ModelSafeRoutingInfo::iterator iter = routes.begin();
+       iter != routes.end(); ++iter, ++count) {
+    if (iter->first == syncable::PASSWORDS &&
+        encrypted_types.count(syncable::PASSWORDS) == 0) {
+      LOG(ERROR) << "Attempted to set PASSWORDS as unencrypted.";
+      NOTREACHED();
+      return;
+    }
+  }
+  WriteTransaction trans(GetUserShare());
+  WriteNode node(&trans);
+  if (!node.InitByTagLookup(kNigoriTag)) {
+    LOG(ERROR) << "Unable to set encrypted datatypes because Nigori node not "
+        "found.";
+    NOTREACHED();
+    return;
+  }
+
+  // Update the Nigori node set of encrypted datatypes so other machines notice.
+  sync_pb::NigoriSpecifics nigori = node.GetNigoriSpecifics();
+  syncable::FillNigoriEncryptedTypes(encrypted_types, &nigori);
+  node.SetNigoriSpecifics(nigori);
+
+  // Update syncable::directory's cache of encrypted datatypes.
+  trans.GetWrappedTrans()->SetEncryptedDataTypes(encrypted_types);
+
+  // TODO(zea): only reencrypt this datatype? ReEncrypting everything is a
+  // safer approach, and should not impact anything that is already encrypted
+  // (redundant changes are ignored).
+  ReEncryptEverything(&trans);
+  return;
+}
+
+// TODO(zea): unit tests.
 void SyncManager::SyncInternal::ReEncryptEverything(WriteTransaction* trans) {
-  // TODO(tim): bug 59242.  We shouldn't lookup by data type and instead use
-  // a protocol flag or existence of an EncryptedData message, but for now,
-  // encryption is on if-and-only-if the type is passwords, and we haven't
-  // ironed out the protocol for generic encryption.
-  static const char* passwords_tag = "google_chrome_passwords";
+  syncable::ModelTypeSet encrypted_types = trans->GetWrappedTrans()->
+      GetEncryptedDatatypes();
+  std::string tag;
+  for (syncable::ModelTypeSet::iterator iter = encrypted_types.begin();
+       iter != encrypted_types.end(); ++iter) {
+    if (*iter == syncable::PASSWORDS)
+      continue;  // Has special implementation below.
+    ReadNode type_root(trans);
+    tag = syncable::ModelTypeToRootTag(*iter);
+    if (!type_root.InitByTagLookup(tag)) {
+      NOTREACHED();
+      return;
+    }
+
+    // Iterate through all children of this datatype.
+    std::queue<int64> to_visit;
+    int64 child_id = type_root.GetFirstChildId();
+    to_visit.push(child_id);
+    while (!to_visit.empty()) {
+      child_id = to_visit.front();
+      to_visit.pop();
+      if (child_id == kInvalidId)
+        continue;
+
+      WriteNode child(trans);
+      if (!child.InitByIdLookup(child_id)) {
+        NOTREACHED();
+        return;
+      }
+      if (child.GetIsFolder()) {
+        to_visit.push(child.GetFirstChildId());
+      } else {
+        // Rewrite the specifics of the node with encrypted data if necessary.
+        child.ResetFromSpecifics();
+      }
+      to_visit.push(child.GetSuccessorId());
+    }
+  }
+
   ReadNode passwords_root(trans);
+  std::string passwords_tag = syncable::ModelTypeToRootTag(syncable::PASSWORDS);
   if (!passwords_root.InitByTagLookup(passwords_tag)) {
     LOG(WARNING) << "No passwords to reencrypt.";
     return;
   }
 
   int64 child_id = passwords_root.GetFirstChildId();
   while (child_id != kInvalidId) {
     WriteNode child(trans);
     if (!child.InitByIdLookup(child_id)) {
       NOTREACHED();
       return;
     }
     child.SetPasswordSpecifics(child.GetPasswordSpecifics());
     child_id = child.GetSuccessorId();
   }
+  observer_->OnEncryptionComplete(encrypted_types);
 }
 
 SyncManager::~SyncManager() {
   delete data_;
 }
 
 void SyncManager::SetObserver(Observer* observer) {
   data_->set_observer(observer);
 }
 
@@ skipping 215 matching lines @@
         nudge_delay,
         SyncerThread::kLocal,
         model_types);
   }
 }
 
 void SyncManager::SyncInternal::SetExtraChangeRecordData(int64 id,
     syncable::ModelType type, ChangeReorderBuffer* buffer,
     Cryptographer* cryptographer, const syncable::EntryKernel& original,
     bool existed_before, bool exists_now) {
-  // If this is a deletion, attach the entity specifics as extra data
-  // so that the delete can be processed.
+  // If this is a deletion and the datatype was encrypted, we need to decrypt it
+  // and attach it to the buffer.
   if (!exists_now && existed_before) {
-    buffer->SetSpecificsForId(id, original.ref(SPECIFICS));
+    sync_pb::EntitySpecifics original_specifics(original.ref(SPECIFICS));
     if (type == syncable::PASSWORDS) {
-      // Need to dig a bit deeper as passwords are encrypted.
+      // Passwords must use their own legacy ExtraPasswordChangeRecordData.
       scoped_ptr<sync_pb::PasswordSpecificsData> data(
-          DecryptPasswordSpecifics(original.ref(SPECIFICS), cryptographer));
+          DecryptPasswordSpecifics(original_specifics, cryptographer));
       if (!data.get()) {
         NOTREACHED();
         return;
       }
       buffer->SetExtraDataForId(id, new ExtraPasswordChangeRecordData(*data));
+    } else if (original_specifics.has_encrypted()) {
+      // All other datatypes can just create a new unencrypted specifics and
+      // attach it.
+      const sync_pb::EncryptedData& encrypted = original_specifics.encrypted();
+      if (!cryptographer->Decrypt(encrypted, &original_specifics)) {
+        NOTREACHED();
+        return;
+      }
     }
+    buffer->SetSpecificsForId(id, original_specifics);
   }
 }
 
 void SyncManager::SyncInternal::HandleCalculateChangesChangeEventFromSyncer(
     const syncable::DirectoryChangeEvent& event) {
   // We only expect one notification per sync step, so change_buffers_ should
   // contain no pending entries.
   DCHECK_EQ(event.todo, syncable::DirectoryChangeEvent::CALCULATE_CHANGES);
   DCHECK(event.writer == syncable::SYNCER ||
          event.writer == syncable::UNITTEST);
@@ skipping 10 matching lines @@
 
     // Omit items that aren't associated with a model.
     syncable::ModelType type = e.GetModelType();
     if (type == syncable::TOP_LEVEL_FOLDER || type == syncable::UNSPECIFIED)
       continue;
 
     if (exists_now && !existed_before)
       change_buffers_[type].PushAddedItem(id);
     else if (!exists_now && existed_before)
       change_buffers_[type].PushDeletedItem(id);
-    else if (exists_now && existed_before && VisiblePropertiesDiffer(*i, e))
+    else if (exists_now && existed_before &&
+             VisiblePropertiesDiffer(*i, e, dir_manager()->cryptographer())) {
       change_buffers_[type].PushUpdatedItem(id, VisiblePositionsDiffer(*i, e));
+    }
 
     SetExtraChangeRecordData(id, type, &change_buffers_[type],
                              dir_manager()->cryptographer(), *i,
                              existed_before, exists_now);
   }
 }
 
 SyncManager::Status SyncManager::SyncInternal::GetStatus() {
   return allstatus_.status();
 }
 
 void SyncManager::SyncInternal::OnSyncEngineEvent(
     const SyncEngineEvent& event) {
   if (!observer_)
     return;
 
   // Only send an event if this is due to a cycle ending and this cycle
   // concludes a canonical "sync" process; that is, based on what is known
   // locally we are "all happy" and up-to-date.  There may be new changes on
   // the server, but we'll get them on a subsequent sync.
   //
   // Notifications are sent at the end of every sync cycle, regardless of
   // whether we should sync again.
   if (event.what_happened == SyncEngineEvent::SYNC_CYCLE_ENDED) {
     ModelSafeRoutingInfo enabled_types;
     registrar_->GetModelSafeRoutingInfo(&enabled_types);
-    if (enabled_types.count(syncable::PASSWORDS) > 0) {
-      Cryptographer* cryptographer =
-          GetUserShare()->dir_manager->cryptographer();
-      if (!cryptographer->is_ready() && !cryptographer->has_pending_keys()) {
-        sync_api::ReadTransaction trans(GetUserShare());
-        sync_api::ReadNode node(&trans);
-        if (!node.InitByTagLookup(kNigoriTag)) {
-          DCHECK(!event.snapshot->is_share_usable);
-          return;
+    {
+      // Check to see if we need to notify the frontend that we have newly
+      // encrypted types or that we require a passphrase.
+      sync_api::ReadTransaction trans(GetUserShare());
+      sync_api::ReadNode node(&trans);
+      if (!node.InitByTagLookup(kNigoriTag)) {
+        DCHECK(!event.snapshot->is_share_usable);
+        return;
+      }
+      const sync_pb::NigoriSpecifics& nigori = node.GetNigoriSpecifics();
+      syncable::ModelTypeSet encrypted_types =
+          syncable::GetEncryptedDatatypesFromNigori(nigori);
+      // If this is a first time sync with encryption, it's possible Passwords
+      // hasn't been added to the encryption types list.
+      if (enabled_types.count(syncable::PASSWORDS) > 0)
+        encrypted_types.insert(syncable::PASSWORDS);
+      if (encrypted_types.size() > 0) {
+        syncable::ModelTypeSet old_types =
+            trans.GetWrappedTrans()->GetEncryptedDatatypes();
+        if (encrypted_types != old_types) {
+          if (!includes(encrypted_types.begin(), encrypted_types.end(),
+                        old_types.begin(), old_types.end())) {
+            // The set of encrypted datatypes should only ever increase.
+            NOTREACHED();
+            encrypted_types = old_types;
+          } else {
+            // We have some newly encrypted types. Notify the frontend.
+            trans.GetWrappedTrans()->SetEncryptedDataTypes(encrypted_types);
+            observer_->OnEncryptionComplete(encrypted_types);
+          }
         }
-        const sync_pb::NigoriSpecifics& nigori = node.GetNigoriSpecifics();
-        if (!nigori.encrypted().blob().empty()) {
-          DCHECK(!cryptographer->CanDecrypt(nigori.encrypted()));
-          cryptographer->SetPendingKeys(nigori.encrypted());
+
+        Cryptographer* cryptographer =
+            GetUserShare()->dir_manager->cryptographer();
+        if (!cryptographer->is_ready() && !cryptographer->has_pending_keys()) {
+          if (!nigori.encrypted().blob().empty()) {
+            DCHECK(!cryptographer->CanDecrypt(nigori.encrypted()));
+            cryptographer->SetPendingKeys(nigori.encrypted());
+          }
         }
-      }
 
-      // If we've completed a sync cycle and the cryptographer isn't ready yet,
-      // prompt the user for a passphrase.
-      if (cryptographer->has_pending_keys()) {
-        observer_->OnPassphraseRequired(true);
-      } else if (!cryptographer->is_ready()) {
-        observer_->OnPassphraseRequired(false);
+        // If we've completed a sync cycle and the cryptographer isn't ready
+        // yet, prompt the user for a passphrase.
+        if (cryptographer->has_pending_keys()) {
+          observer_->OnPassphraseRequired(true);
+        } else if (!cryptographer->is_ready()) {
+          observer_->OnPassphraseRequired(false);
+        }
       }
     }
 
     if (!initialized())
       return;
 
     if (!event.snapshot->has_more_to_sync) {
       observer_->OnSyncCycleCompleted(event.snapshot);
     }
 
@@ skipping 204 matching lines @@
   DCHECK(data_->initialized()) << "GetUserShare requires initialization!";
   return data_->GetUserShare();
 }
 
 bool SyncManager::HasUnsyncedItems() const {
   sync_api::ReadTransaction trans(GetUserShare());
   return (trans.GetWrappedTrans()->directory()->unsynced_entity_count() != 0);
 }
 
 }  // namespace sync_api