[Sync] Add intelligent re-encryption support.

chrome/browser/sync/internal_api/sync_manager.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/internal_api/sync_manager.h"
 
 #include <string>
 
 #include "base/base64.h"
 #include "base/command_line.h"
@@ skipping 1048 matching lines @@
     RequestNudge(FROM_HERE);
   } else {
     DVLOG(1) << "No pending keys, adding provided passphrase.";
 
     // Prevent an implicit SetPassphrase request from changing an explicitly
     // set passphrase.
     if (!is_explicit && node.GetNigoriSpecifics().using_explicit_passphrase())
       return;
 
     cryptographer->AddKey(params);
+  }
 
-    // TODO(tim): Bug 58231. It would be nice if SetPassphrase didn't require
-    // messing with the Nigori node, because we can't call SetPassphrase until
-    // download conditions are met vs Cryptographer init.  It seems like it's
-    // safe to defer this work.
-    sync_pb::NigoriSpecifics specifics(node.GetNigoriSpecifics());
-    specifics.clear_encrypted();
-    cryptographer->GetKeys(specifics.mutable_encrypted());
-    specifics.set_using_explicit_passphrase(is_explicit);
-    node.SetNigoriSpecifics(specifics);
-  }
+  // TODO(tim): Bug 58231. It would be nice if SetPassphrase didn't require

[akalin, 2011/12/06 18:28:02]

any reason why you moved this out of the if statement?  Maybe mention it in the
CL description.

[Nicolas Zea, 2011/12/06 20:45:36]

To ensure we always have the full set of keys, now that we don't need to worry
about unnecessary changes. This becomes more relevant during nigori conflicts
(which are handled in a separate CL). Updated CL description.

+  // messing with the Nigori node, because we can't call SetPassphrase until
+  // download conditions are met vs Cryptographer init.  It seems like it's
+  // safe to defer this work.
+  sync_pb::NigoriSpecifics specifics(node.GetNigoriSpecifics());
+  // Does not modify specifics.encrypted() if the original decrypted data was
+  // the same.
+  cryptographer->GetKeys(specifics.mutable_encrypted());

[akalin, 2011/12/06 18:28:02]

check return value?

[Nicolas Zea, 2011/12/06 20:45:36]

Done.

+  specifics.set_using_explicit_passphrase(is_explicit);
+  node.SetNigoriSpecifics(specifics);
 
   // Does nothing if everything is already encrypted or the cryptographer has
   // pending keys.
   ReEncryptEverything(&trans);
 
   DVLOG(1) << "Passphrase accepted, bootstrapping encryption.";
   std::string bootstrap_token;
   cryptographer->GetBootstrapToken(&bootstrap_token);
   FOR_EACH_OBSERVER(SyncManager::Observer, observers_,
                     OnPassphraseAccepted(bootstrap_token));
@@ skipping 41 matching lines @@
   nigori.CopyFrom(node.GetNigoriSpecifics());
   cryptographer->UpdateNigoriFromEncryptedTypes(&nigori);
   node.SetNigoriSpecifics(nigori);
   allstatus_.SetEncryptedTypes(cryptographer->GetEncryptedTypes());
 
   // We reencrypt everything regardless of whether the set of encrypted
   // types changed to ensure that any stray unencrypted entries are overwritten.
   ReEncryptEverything(&trans);
 }
 
-// TODO(zea): Add unit tests that ensure no sync changes are made when not
-// needed.
 void SyncManager::SyncInternal::ReEncryptEverything(WriteTransaction* trans) {
   Cryptographer* cryptographer = trans->GetCryptographer();
   if (!cryptographer || !cryptographer->is_ready())
     return;
   syncable::ModelTypeSet encrypted_types = GetEncryptedTypes(trans);
   ModelSafeRoutingInfo routes;
   registrar_->GetModelSafeRoutingInfo(&routes);
   std::string tag;
   for (syncable::ModelTypeSet::iterator iter = encrypted_types.begin();
        iter != encrypted_types.end(); ++iter) {
@@ skipping 934 matching lines @@
     lookup->GetDownloadProgress(*i, &marker);
 
     if (marker.token().empty())
       result.insert(*i);
 
   }
   return result;
 }
 
 }  // namespace sync_api