[Sync] Add intelligent re-encryption support.

chrome/browser/sync/internal_api/sync_manager.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/internal_api/sync_manager.h"
 
 #include <string>
 
 #include "base/base64.h"
 #include "base/command_line.h"
@@ skipping 836 matching lines @@
   Cryptographer::UpdateResult result = cryptographer->Update(nigori);
   if (result == Cryptographer::NEEDS_PASSPHRASE) {
     FOR_EACH_OBSERVER(SyncManager::Observer, observers_,
                       OnPassphraseRequired(sync_api::REASON_DECRYPTION));
   }
 
   // Due to http://crbug.com/102526, we must check if the encryption keys
   // are present in the nigori node. If they're not, we write the current set of
   // keys.
   if (!nigori.has_encrypted() && cryptographer->is_ready()) {
-    cryptographer->GetKeys(nigori.mutable_encrypted());
+    DCHECK(cryptographer->GetKeys(nigori.mutable_encrypted()));

[akalin, 2011/12/09 23:52:42]

Change to a CHECK, or rewrite as:

if (!...) {
  NOTREACHED();
}

Otherwise, this will get compiled out in a release build!

[Nicolas Zea, 2011/12/12 20:12:26]

Done.

   }
 
   // Ensure the nigori node reflects the most recent set of sensitive types
   // and properly sets encrypt_everything. This is a no-op if nothing changes.
   cryptographer->UpdateNigoriFromEncryptedTypes(&nigori);
   node.SetNigoriSpecifics(nigori);
 
   allstatus_.SetCryptographerReady(cryptographer->is_ready());
   allstatus_.SetCryptoHasPendingKeys(cryptographer->has_pending_keys());
   allstatus_.SetEncryptedTypes(cryptographer->GetEncryptedTypes());
@@ skipping 186 matching lines @@
     RequestNudge(FROM_HERE);
   } else {
     DVLOG(1) << "No pending keys, adding provided passphrase.";
 
     // Prevent an implicit SetPassphrase request from changing an explicitly
     // set passphrase.
     if (!is_explicit && node.GetNigoriSpecifics().using_explicit_passphrase())
       return;
 
     cryptographer->AddKey(params);
+  }
 
-    // TODO(tim): Bug 58231. It would be nice if SetPassphrase didn't require
-    // messing with the Nigori node, because we can't call SetPassphrase until
-    // download conditions are met vs Cryptographer init.  It seems like it's
-    // safe to defer this work.
-    sync_pb::NigoriSpecifics specifics(node.GetNigoriSpecifics());
-    specifics.clear_encrypted();
-    cryptographer->GetKeys(specifics.mutable_encrypted());
-    specifics.set_using_explicit_passphrase(is_explicit);
-    node.SetNigoriSpecifics(specifics);
-  }
+  // TODO(tim): Bug 58231. It would be nice if SetPassphrase didn't require
+  // messing with the Nigori node, because we can't call SetPassphrase until
+  // download conditions are met vs Cryptographer init.  It seems like it's
+  // safe to defer this work.
+  sync_pb::NigoriSpecifics specifics(node.GetNigoriSpecifics());
+  // Does not modify specifics.encrypted() if the original decrypted data was
+  // the same.
+  DCHECK(cryptographer->GetKeys(specifics.mutable_encrypted()));

[akalin, 2011/12/09 23:52:42]

here, too

[Nicolas Zea, 2011/12/12 20:12:26]

Done.

+  specifics.set_using_explicit_passphrase(is_explicit);
+  node.SetNigoriSpecifics(specifics);
 
   // Does nothing if everything is already encrypted or the cryptographer has
   // pending keys.
   ReEncryptEverything(&trans);
 
   DVLOG(1) << "Passphrase accepted, bootstrapping encryption.";
   std::string bootstrap_token;
   cryptographer->GetBootstrapToken(&bootstrap_token);
   FOR_EACH_OBSERVER(SyncManager::Observer, observers_,
                     OnPassphraseAccepted(bootstrap_token));
@@ skipping 41 matching lines @@
   nigori.CopyFrom(node.GetNigoriSpecifics());
   cryptographer->UpdateNigoriFromEncryptedTypes(&nigori);
   node.SetNigoriSpecifics(nigori);
   allstatus_.SetEncryptedTypes(cryptographer->GetEncryptedTypes());
 
   // We reencrypt everything regardless of whether the set of encrypted
   // types changed to ensure that any stray unencrypted entries are overwritten.
   ReEncryptEverything(&trans);
 }
 
-// TODO(zea): Add unit tests that ensure no sync changes are made when not
-// needed.
 void SyncManager::SyncInternal::ReEncryptEverything(WriteTransaction* trans) {
   Cryptographer* cryptographer = trans->GetCryptographer();
   if (!cryptographer || !cryptographer->is_ready())
     return;
   syncable::ModelTypeSet encrypted_types = GetEncryptedTypes(trans);
   ModelSafeRoutingInfo routes;
   registrar_->GetModelSafeRoutingInfo(&routes);
   std::string tag;
   for (syncable::ModelTypeSet::iterator iter = encrypted_types.begin();
        iter != encrypted_types.end(); ++iter) {
@@ skipping 934 matching lines @@
     lookup->GetDownloadProgress(*i, &marker);
 
     if (marker.token().empty())
       result.insert(*i);
 
   }
   return result;
 }
 
 }  // namespace sync_api