[Sync] Initial support for encrypting any datatype (no UI hookup yet).

chrome/browser/sync/engine/syncapi.h

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file defines the "sync API", an interface to the syncer
 // backend that exposes (1) the core functionality of maintaining a consistent
 // local snapshot of a hierarchical object set; (2) a means to transactionally
 // access and modify those objects; (3) a means to control client/server
 // synchronization tasks, namely: pushing local object modifications to a
 // server, pulling nonlocal object modifications from a server to this client,
@@ skipping 248 matching lines @@
  protected:
   BaseNode();
   virtual ~BaseNode();
   // The server has a size limit on client tags, so we generate a fixed length
   // hash locally. This also ensures that ModelTypes have unique namespaces.
   static std::string GenerateSyncableHash(syncable::ModelType model_type,
       const std::string& client_tag);
 
   // Determines whether part of the entry is encrypted, and if so attempts to
   // decrypt it. Unless decryption is necessary and fails, this will always
-  // return |true|.
+  // return |true|. If the contents are encrypted, the decrypted data will be
+  // stored in |unencrypted_data_|.
+  // This method is invoked once when the BaseNode is initialized.
   bool DecryptIfNecessary(syncable::Entry* entry);
 
+  // Returns the unencrypted specifics associated with |entry|. If |entry| was
+  // not encrypted, it directly returns |entry|'s EntitySpecifics. Otherwise,
+  // returns |unencrypted_data_|.
+  // This method is invoked by the datatype specific Get<datatype>Specifics
+  // methods.
+  const sync_pb::EntitySpecifics& GetUnencryptedSpecifics(
+      const syncable::Entry* entry) const;
+
  private:
   void* operator new(size_t size);  // Node is meant for stack use only.
 
-  // If this node represents a password, this field will hold the actual
-  // decrypted password data.
+  // A holder for the unencrypted data stored in an encrypted node.
+  sync_pb::EntitySpecifics unencrypted_data_;
+
+  // Same as |unencrypted_data_|, but for legacy password encryption.
   scoped_ptr<sync_pb::PasswordSpecificsData> password_data_;
 
   friend class SyncApiTest;
   FRIEND_TEST_ALL_PREFIXES(SyncApiTest, GenerateSyncableHash);
 
   DISALLOW_COPY_AND_ASSIGN(BaseNode);
 };
 
 // WriteNode extends BaseNode to add mutation, and wraps
 // syncable::MutableEntry. A WriteTransaction is needed to create a WriteNode.
@@ skipping 94 matching lines @@
   void SetTypedUrlSpecifics(const sync_pb::TypedUrlSpecifics& specifics);
 
   // Set the extension specifics (id, update url, enabled state, etc).
   // Should only be called if GetModelType() == EXTENSIONS.
   void SetExtensionSpecifics(const sync_pb::ExtensionSpecifics& specifics);
 
   // Set the session specifics (windows, tabs, navigations etc.).
   // Should only be called if GetModelType() == SESSIONS.
   void SetSessionSpecifics(const sync_pb::SessionSpecifics& specifics);
 
+  // Resets the EntitySpecifics for this node based on the unencrypted data.
+  // Will encrypt if necessary.
+  void ResetFromSpecifics();
+
   // Implementation of BaseNode's abstract virtual accessors.
   virtual const syncable::Entry* GetEntry() const;
 
   virtual const BaseTransaction* GetTransaction() const;
 
  private:
   void* operator new(size_t size);  // Node is meant for stack use only.
 
   // Helper to set model type. This will clear any specifics data.
   void PutModelType(syncable::ModelType model_type);
@@ skipping 28 matching lines @@
       const sync_pb::ExtensionSpecifics& new_value);
   void PutSessionSpecificsAndMarkForSyncing(
       const sync_pb::SessionSpecifics& new_value);
   void PutSpecificsAndMarkForSyncing(
       const sync_pb::EntitySpecifics& specifics);
 
   // Sets IS_UNSYNCED and SYNCING to ensure this entry is considered in an
   // upcoming commit pass.
   void MarkForSyncing();
 
+  // Encrypt the specifics if the datatype requries it.
+  void EncryptIfNecessary(sync_pb::EntitySpecifics* new_value);
+
   // The underlying syncable object which this class wraps.
   syncable::MutableEntry* entry_;
 
   // The sync API transaction that is the parent of this node.
   WriteTransaction* transaction_;
 
   DISALLOW_COPY_AND_ASSIGN(WriteNode);
 };
 
 // ReadNode wraps a syncable::Entry to provide the functionality of a
@@ skipping 131 matching lines @@
 // multiple threads interact with the same local sync repository (i.e. the
 // same sqlite database), they should share a single SyncManager instance.  The
 // caller should typically create one SyncManager for the lifetime of a user
 // session.
 class SyncManager {
  public:
   // SyncInternal contains the implementation of SyncManager, while abstracting
   // internal types from clients of the interface.
   class SyncInternal;
 
-  // TODO(tim): Depending on how multi-type encryption pans out, maybe we
-  // should turn ChangeRecord itself into a class.  Or we could template this
-  // wrapper / add a templated method to return unencrypted protobufs.
-  class ExtraChangeRecordData {
+  // TODO(zea): One day get passwords playing nicely with the rest of encryption
+  // and get rid of this.
+  class ExtraPasswordChangeRecordData {
    public:
-    virtual ~ExtraChangeRecordData();
+    ExtraPasswordChangeRecordData();
+    explicit ExtraPasswordChangeRecordData(
+        const sync_pb::PasswordSpecificsData& data);
+    virtual ~ExtraPasswordChangeRecordData();
 
     // Transfers ownership of the DictionaryValue to the caller.
-    virtual DictionaryValue* ToValue() const = 0;
+    virtual DictionaryValue* ToValue() const;
+
+    const sync_pb::PasswordSpecificsData& unencrypted() const;
+   private:
+    sync_pb::PasswordSpecificsData unencrypted_;
   };
 
   // ChangeRecord indicates a single item that changed as a result of a sync
   // operation.  This gives the sync id of the node that changed, and the type
   // of change.  To get the actual property values after an ADD or UPDATE, the
   // client should get the node with InitByIdLookup(), using the provided id.
   struct ChangeRecord {
     enum Action {
       ACTION_ADD,
       ACTION_DELETE,
       ACTION_UPDATE,
     };
     ChangeRecord();
     ~ChangeRecord();
 
     // Transfers ownership of the DictionaryValue to the caller.
     DictionaryValue* ToValue(const BaseTransaction* trans) const;
 
     int64 id;
     Action action;
     sync_pb::EntitySpecifics specifics;
-    linked_ptr<ExtraChangeRecordData> extra;
-  };
-
-  // Since PasswordSpecifics is just an encrypted blob, we extend to provide
-  // access to unencrypted bits.
-  class ExtraPasswordChangeRecordData : public ExtraChangeRecordData {
-   public:
-    explicit ExtraPasswordChangeRecordData(
-        const sync_pb::PasswordSpecificsData& data);
-    virtual ~ExtraPasswordChangeRecordData();
-
-    // Transfers ownership of the DictionaryValue to the caller.
-    virtual DictionaryValue* ToValue() const;
-
-    const sync_pb::PasswordSpecificsData& unencrypted() const;
-
-   private:
-    sync_pb::PasswordSpecificsData unencrypted_;
+    linked_ptr<ExtraPasswordChangeRecordData> extra;
   };
 
   // Status encapsulates detailed state about the internals of the SyncManager.
   struct Status {
     // Summary is a distilled set of important information that the end-user may
     // wish to be informed about (through UI, for example). Note that if a
     // summary state requires user interaction (such as auth failures), more
     // detailed information may be contained in additional status fields.
     enum Summary {
       // The internal instance is in an unrecognizable state. This should not
@@ skipping 146 matching lines @@
     // The syncer thread has been resumed.
     virtual void OnResumed() = 0;
 
     // We are no longer permitted to communicate with the server. Sync should
     // be disabled and state cleaned up at once.  This can happen for a number
     // of reasons, e.g. swapping from a test instance to production, or a
     // global stop syncing operation has wiped the store.
     virtual void OnStopSyncingPermanently() = 0;
 
     // After a request to clear server data, these callbacks are invoked to
-    // indicate success or failure
+    // indicate success or failure.
     virtual void OnClearServerDataSucceeded() = 0;
     virtual void OnClearServerDataFailed() = 0;
 
+    // Called after we finish encrypting all appropriate datatypes.
+    virtual void OnEncryptionComplete(
+        const syncable::ModelTypeSet& encrypted_types) = 0;
+
    protected:
     virtual ~Observer();
   };
 
   // Create an uninitialized SyncManager.  Callers must Init() before using.
   SyncManager();
   virtual ~SyncManager();
 
   // Initialize the sync manager.  |database_location| specifies the path of
   // the directory in which to locate a sqlite repository storing the syncer
@@ skipping 60 matching lines @@
   // passphrase gets applied as soon as possible.
   // If the passphrase in invalid, OnPassphraseRequired will be fired.
   // Calling this metdod again is the appropriate course of action to "retry"
   // with a new passphrase.
   // |is_explicit| is true if the call is in response to the user explicitly
   // setting a passphrase as opposed to implicitly (from the users' perspective)
   // using their Google Account password.  An implicit SetPassphrase will *not*
   // *not* override an explicit passphrase set previously.
   void SetPassphrase(const std::string& passphrase, bool is_explicit);
 
+  // Set the datatypes we want to encrypt and encrypt any nodes as necessary.
+  void EncryptDataTypes(const syncable::ModelTypeSet& encrypted_types);
+
   // Requests the syncer thread to pause.  The observer's OnPause
   // method will be called when the syncer thread is paused.  Returns
   // false if the syncer thread can not be paused (e.g. if it is not
   // started).
   bool RequestPause();
 
   // Requests the syncer thread to resume.  The observer's OnResume
   // method will be called when the syncer thread is resumed.  Returns
   // false if the syncer thread can not be resumed (e.g. if it is not
   // paused).
@@ skipping 158 matching lines @@
   // This allows actual HttpPostProvider subclass implementations to be
   // reference counted, which is useful if a particular implementation uses
   // multiple threads to serve network requests.
   virtual void Destroy(HttpPostProviderInterface* http) = 0;
   virtual ~HttpPostProviderFactory() { }
 };
 
 }  // namespace sync_api
 
 #endif  // CHROME_BROWSER_SYNC_ENGINE_SYNCAPI_H_