| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ | 5 #ifndef SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ |
| 6 #define SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ | 6 #define SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "sync/internal_api/public/base/model_type.h" | 10 #include "sync/internal_api/public/base/model_type.h" |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 REASON_PASSPHRASE_NOT_REQUIRED = 0, // Initial value. | 22 REASON_PASSPHRASE_NOT_REQUIRED = 0, // Initial value. |
| 23 REASON_ENCRYPTION = 1, // The cryptographer requires a | 23 REASON_ENCRYPTION = 1, // The cryptographer requires a |
| 24 // passphrase for its first attempt at | 24 // passphrase for its first attempt at |
| 25 // encryption. Happens only during | 25 // encryption. Happens only during |
| 26 // migration or upgrade. | 26 // migration or upgrade. |
| 27 REASON_DECRYPTION = 2, // The cryptographer requires a | 27 REASON_DECRYPTION = 2, // The cryptographer requires a |
| 28 // passphrase for its first attempt at | 28 // passphrase for its first attempt at |
| 29 // decryption. | 29 // decryption. |
| 30 }; | 30 }; |
| 31 | 31 |
| 32 // The different states for the encryption passphrase. These control if and how |
| 33 // the user should be prompted for a decryption passphrase. |
| 34 enum PassphraseState { |
| 35 IMPLICIT_PASSPHRASE = 0, // GAIA-based passphrase (deprecated). |
| 36 KEYSTORE_PASSPHRASE = 1, // Keystore passphrase. |
| 37 FROZEN_IMPLICIT_PASSPHRASE = 2, // Frozen GAIA passphrase. |
| 38 CUSTOM_PASSPHRASE = 3, // User-provided passphrase. |
| 39 }; |
| 40 |
| 32 // Sync's encryption handler. Handles tracking encrypted types, ensuring the | 41 // Sync's encryption handler. Handles tracking encrypted types, ensuring the |
| 33 // cryptographer encrypts with the proper key and has the most recent keybag, | 42 // cryptographer encrypts with the proper key and has the most recent keybag, |
| 34 // and keeps the nigori node up to date. | 43 // and keeps the nigori node up to date. |
| 44 // Implementations of this class must be assumed to be non-thread-safe. All |
| 45 // methods must be invoked on the sync thread. |
| 35 class SyncEncryptionHandler { | 46 class SyncEncryptionHandler { |
| 36 public: | 47 public: |
| 37 // All Observer methods are done synchronously from within a transaction and | 48 // All Observer methods are done synchronously from within a transaction and |
| 38 // on the sync thread. | 49 // on the sync thread. |
| 39 class Observer { | 50 class Observer { |
| 40 public: | 51 public: |
| 41 Observer(); | 52 Observer(); |
| 42 | 53 |
| 43 // Called when user interaction is required to obtain a valid passphrase. | 54 // Called when user interaction is required to obtain a valid passphrase. |
| 44 // - If the passphrase is required for encryption, |reason| will be | 55 // - If the passphrase is required for encryption, |reason| will be |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 86 | 97 |
| 87 // Called after we finish encrypting the current set of encrypted | 98 // Called after we finish encrypting the current set of encrypted |
| 88 // types. | 99 // types. |
| 89 virtual void OnEncryptionComplete() = 0; | 100 virtual void OnEncryptionComplete() = 0; |
| 90 | 101 |
| 91 // The cryptographer has been updated. Listeners should check that their | 102 // The cryptographer has been updated. Listeners should check that their |
| 92 // own state matches the cryptographer. | 103 // own state matches the cryptographer. |
| 93 // Used primarily for debugging. | 104 // Used primarily for debugging. |
| 94 virtual void OnCryptographerStateChanged(Cryptographer* cryptographer) = 0; | 105 virtual void OnCryptographerStateChanged(Cryptographer* cryptographer) = 0; |
| 95 | 106 |
| 107 // The passprhase state has changed. |
| 108 virtual void OnPassphraseStateChanged(PassphraseState state) = 0; |
| 109 |
| 96 protected: | 110 protected: |
| 97 virtual ~Observer(); | 111 virtual ~Observer(); |
| 98 }; | 112 }; |
| 99 | 113 |
| 100 SyncEncryptionHandler(); | 114 SyncEncryptionHandler(); |
| 101 virtual ~SyncEncryptionHandler(); | 115 virtual ~SyncEncryptionHandler(); |
| 102 | 116 |
| 103 // Add/Remove SyncEncryptionHandler::Observer's. | 117 // Add/Remove SyncEncryptionHandler::Observers. |
| 104 // Must be called from sync thread. | |
| 105 virtual void AddObserver(Observer* observer) = 0; | 118 virtual void AddObserver(Observer* observer) = 0; |
| 106 virtual void RemoveObserver(Observer* observer) = 0; | 119 virtual void RemoveObserver(Observer* observer) = 0; |
| 107 | 120 |
| 108 // Reads the nigori node, updates internal state as needed, and, if an | 121 // Reads the nigori node, updates internal state as needed, and, if an |
| 109 // empty/stale nigori node is detected, overwrites the existing | 122 // empty/stale nigori node is detected, overwrites the existing |
| 110 // nigori node. Upon completion, if the cryptographer is still ready | 123 // nigori node. Upon completion, if the cryptographer is still ready |
| 111 // attempts to re-encrypt all sync data. | 124 // attempts to re-encrypt all sync data. |
| 112 // Note: This method is expensive (it iterates through all encrypted types), | 125 // Note: This method is expensive (it iterates through all encrypted types), |
| 113 // so should only be used sparingly (e.g. on startup). | 126 // so should only be used sparingly (e.g. on startup). |
| 114 virtual void Init() = 0; | 127 virtual void Init() = 0; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 131 // error to call this when we don't have pending keys. | 144 // error to call this when we don't have pending keys. |
| 132 virtual void SetDecryptionPassphrase(const std::string& passphrase) = 0; | 145 virtual void SetDecryptionPassphrase(const std::string& passphrase) = 0; |
| 133 | 146 |
| 134 // Enables encryption of all datatypes. | 147 // Enables encryption of all datatypes. |
| 135 virtual void EnableEncryptEverything() = 0; | 148 virtual void EnableEncryptEverything() = 0; |
| 136 | 149 |
| 137 // Whether encryption of all datatypes is enabled. If false, only sensitive | 150 // Whether encryption of all datatypes is enabled. If false, only sensitive |
| 138 // types are encrypted. | 151 // types are encrypted. |
| 139 virtual bool EncryptEverythingEnabled() const = 0; | 152 virtual bool EncryptEverythingEnabled() const = 0; |
| 140 | 153 |
| 141 // Whether the account requires a user-provided passphrase to decrypt | 154 // Returns the current state of the passphrase needed to decrypt the |
| 142 // encrypted data. | 155 // bag of encryption keys in the nigori node. |
| 143 virtual bool IsUsingExplicitPassphrase() const = 0; | 156 virtual PassphraseState GetPassphraseState() const = 0; |
| 144 | 157 |
| 145 // The set of types that are always encrypted. | 158 // The set of types that are always encrypted. |
| 146 static ModelTypeSet SensitiveTypes(); | 159 static ModelTypeSet SensitiveTypes(); |
| 147 }; | 160 }; |
| 148 | 161 |
| 149 } // namespace syncer | 162 } // namespace syncer |
| 150 | 163 |
| 151 #endif // SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ | 164 #endif // SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10824410:
[Sync] Refactor passphrase state handling (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src