| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/sync/syncable/nigori_util.h" |
| 6 |
| 7 #include <queue> |
| 8 #include <string> |
| 9 #include <vector> |
| 10 |
| 11 #include "chrome/browser/sync/engine/syncer_util.h" |
| 12 #include "chrome/browser/sync/syncable/syncable.h" |
| 13 #include "chrome/browser/sync/util/cryptographer.h" |
| 14 |
| 15 namespace syncable { |
| 16 |
| 17 ModelTypeSet GetEncryptedDataTypes(BaseTransaction* const trans) { |
| 18 std::string nigori_tag = ModelTypeToRootTag(syncable::NIGORI); |
| 19 Entry entry(trans, GET_BY_SERVER_TAG, nigori_tag); |
| 20 if (!entry.good()) { |
| 21 VLOG(1) << "Nigori node not found, assuming no encrypted datatypes."; |
| 22 return ModelTypeSet(); |
| 23 } |
| 24 if (NIGORI != entry.GetModelType()) { |
| 25 // Can happen if we fail to apply the nigori node due to a conflict. |
| 26 VLOG(1) << "Nigori node does not have nigori extension. Assuming no" |
| 27 << " encrypted datatypes."; |
| 28 return ModelTypeSet(); |
| 29 } |
| 30 const sync_pb::EntitySpecifics& specifics = entry.Get(SPECIFICS); |
| 31 return GetEncryptedDataTypesFromNigori( |
| 32 specifics.GetExtension(sync_pb::nigori)); |
| 33 } |
| 34 |
| 35 ModelTypeSet GetEncryptedDataTypesFromNigori( |
| 36 const sync_pb::NigoriSpecifics& nigori) { |
| 37 // We don't check NIGORI datatype, it uses its own encryption scheme. |
| 38 ModelTypeSet encrypted_types; |
| 39 if (nigori.encrypt_bookmarks()) |
| 40 encrypted_types.insert(BOOKMARKS); |
| 41 if (nigori.encrypt_preferences()) |
| 42 encrypted_types.insert(PREFERENCES); |
| 43 if (nigori.encrypt_passwords()) |
| 44 encrypted_types.insert(PASSWORDS); |
| 45 if (nigori.encrypt_autofill_profile()) |
| 46 encrypted_types.insert(AUTOFILL_PROFILE); |
| 47 if (nigori.encrypt_autofill()) |
| 48 encrypted_types.insert(AUTOFILL); |
| 49 if (nigori.encrypt_themes()) |
| 50 encrypted_types.insert(THEMES); |
| 51 if (nigori.encrypt_typed_urls()) |
| 52 encrypted_types.insert(TYPED_URLS); |
| 53 if (nigori.encrypt_extensions()) |
| 54 encrypted_types.insert(EXTENSIONS); |
| 55 if (nigori.encrypt_sessions()) |
| 56 encrypted_types.insert(SESSIONS); |
| 57 if (nigori.encrypt_apps()) |
| 58 encrypted_types.insert(APPS); |
| 59 return encrypted_types; |
| 60 } |
| 61 |
| 62 void FillNigoriEncryptedTypes(const ModelTypeSet& types, |
| 63 sync_pb::NigoriSpecifics* nigori) { |
| 64 DCHECK(nigori); |
| 65 nigori->set_encrypt_bookmarks(types.count(BOOKMARKS) > 0); |
| 66 nigori->set_encrypt_preferences(types.count(PREFERENCES) > 0); |
| 67 nigori->set_encrypt_passwords(types.count(PASSWORDS) > 0); |
| 68 nigori->set_encrypt_autofill_profile(types.count(AUTOFILL_PROFILE) > 0); |
| 69 nigori->set_encrypt_autofill(types.count(AUTOFILL) > 0); |
| 70 nigori->set_encrypt_themes(types.count(THEMES) > 0); |
| 71 nigori->set_encrypt_typed_urls(types.count(TYPED_URLS) > 0); |
| 72 nigori->set_encrypt_extensions(types.count(EXTENSIONS) > 0); |
| 73 nigori->set_encrypt_sessions(types.count(SESSIONS) > 0); |
| 74 nigori->set_encrypt_apps(types.count(APPS) > 0); |
| 75 } |
| 76 |
| 77 bool ProcessUnsyncedChangesForEncryption( |
| 78 WriteTransaction* const trans, |
| 79 const ModelTypeSet& encrypted_types, |
| 80 browser_sync::Cryptographer* cryptographer) { |
| 81 // Get list of all datatypes with unsynced changes. It's possible that our |
| 82 // local changes need to be encrypted if encryption for that datatype was |
| 83 // just turned on (and vice versa). This should never affect passwords. |
| 84 std::vector<int64> handles; |
| 85 browser_sync::SyncerUtil::GetUnsyncedEntries(trans, &handles); |
| 86 for (size_t i = 0; i < handles.size(); ++i) { |
| 87 MutableEntry entry(trans, GET_BY_HANDLE, handles[i]); |
| 88 sync_pb::EntitySpecifics new_specifics; |
| 89 const sync_pb::EntitySpecifics& entry_specifics = entry.Get(SPECIFICS); |
| 90 ModelType type = entry.GetModelType(); |
| 91 if (type == PASSWORDS) |
| 92 continue; |
| 93 if (encrypted_types.count(type) > 0 && |
| 94 !entry_specifics.has_encrypted()) { |
| 95 // This entry now requires encryption. |
| 96 AddDefaultExtensionValue(type, &new_specifics); |
| 97 if (!cryptographer->Encrypt( |
| 98 entry_specifics, |
| 99 new_specifics.mutable_encrypted())) { |
| 100 LOG(ERROR) << "Could not encrypt data for newly encrypted type " << |
| 101 ModelTypeToString(type); |
| 102 NOTREACHED(); |
| 103 return false; |
| 104 } else { |
| 105 VLOG(1) << "Encrypted change for newly encrypted type " << |
| 106 ModelTypeToString(type); |
| 107 entry.Put(SPECIFICS, new_specifics); |
| 108 } |
| 109 } else if (encrypted_types.count(type) == 0 && |
| 110 entry_specifics.has_encrypted()) { |
| 111 // This entry no longer requires encryption. |
| 112 if (!cryptographer->Decrypt(entry_specifics.encrypted(), |
| 113 &new_specifics)) { |
| 114 LOG(ERROR) << "Could not decrypt data for newly unencrypted type " << |
| 115 ModelTypeToString(type); |
| 116 NOTREACHED(); |
| 117 return false; |
| 118 } else { |
| 119 VLOG(1) << "Decrypted change for newly unencrypted type " << |
| 120 ModelTypeToString(type); |
| 121 entry.Put(SPECIFICS, new_specifics); |
| 122 } |
| 123 } |
| 124 } |
| 125 return true; |
| 126 } |
| 127 |
| 128 bool VerifyUnsyncedChangesAreEncrypted( |
| 129 BaseTransaction* const trans, |
| 130 const ModelTypeSet& encrypted_types) { |
| 131 std::vector<int64> handles; |
| 132 browser_sync::SyncerUtil::GetUnsyncedEntries(trans, &handles); |
| 133 for (size_t i = 0; i < handles.size(); ++i) { |
| 134 Entry entry(trans, GET_BY_HANDLE, handles[i]); |
| 135 if (!entry.good()) { |
| 136 NOTREACHED(); |
| 137 return false; |
| 138 } |
| 139 const sync_pb::EntitySpecifics& entry_specifics = entry.Get(SPECIFICS); |
| 140 ModelType type = entry.GetModelType(); |
| 141 if (type == PASSWORDS) |
| 142 continue; |
| 143 if (encrypted_types.count(type) > 0 && |
| 144 !entry_specifics.has_encrypted()) { |
| 145 // This datatype requires encryption but this data is not encrypted. |
| 146 return false; |
| 147 } |
| 148 } |
| 149 return true; |
| 150 } |
| 151 |
| 152 // Mainly for testing. |
| 153 bool VerifyDataTypeEncryption(BaseTransaction* const trans, |
| 154 ModelType type, |
| 155 bool is_encrypted) { |
| 156 if (type == PASSWORDS || type == NIGORI) { |
| 157 NOTREACHED(); |
| 158 return true; |
| 159 } |
| 160 std::string type_tag = ModelTypeToRootTag(type); |
| 161 Entry type_root(trans, GET_BY_SERVER_TAG, type_tag); |
| 162 if (!type_root.good()) { |
| 163 NOTREACHED(); |
| 164 return false; |
| 165 } |
| 166 |
| 167 std::queue<Id> to_visit; |
| 168 Id id_string = |
| 169 trans->directory()->GetFirstChildId(trans, type_root.Get(ID)); |
| 170 to_visit.push(id_string); |
| 171 while (!to_visit.empty()) { |
| 172 id_string = to_visit.front(); |
| 173 to_visit.pop(); |
| 174 if (id_string.IsRoot()) |
| 175 continue; |
| 176 |
| 177 Entry child(trans, GET_BY_ID, id_string); |
| 178 if (!child.good()) { |
| 179 NOTREACHED(); |
| 180 return false; |
| 181 } |
| 182 if (child.Get(IS_DIR)) { |
| 183 // Traverse the children. |
| 184 to_visit.push( |
| 185 trans->directory()->GetFirstChildId(trans, child.Get(ID))); |
| 186 } else { |
| 187 const sync_pb::EntitySpecifics& specifics = child.Get(SPECIFICS); |
| 188 DCHECK_EQ(type, child.GetModelType()); |
| 189 DCHECK_EQ(type, GetModelTypeFromSpecifics(specifics)); |
| 190 if (specifics.has_encrypted() != is_encrypted) |
| 191 return false; |
| 192 } |
| 193 // Push the successor. |
| 194 to_visit.push(child.Get(NEXT_ID)); |
| 195 } |
| 196 return true; |
| 197 } |
| 198 |
| 199 } // namespace syncable |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6465005:
[Sync] Initial support for encrypting any datatype (no UI hookup yet). (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src