| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sync/internal_api/sync_encryption_handler_impl.h" | 5 #include "sync/internal_api/sync_encryption_handler_impl.h" |
| 6 | 6 |
| 7 #include <queue> | 7 #include <queue> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 570 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 581 | 581 |
| 582 bool SyncEncryptionHandlerImpl::MigratedToKeystore() { | 582 bool SyncEncryptionHandlerImpl::MigratedToKeystore() { |
| 583 DCHECK(thread_checker_.CalledOnValidThread()); | 583 DCHECK(thread_checker_.CalledOnValidThread()); |
| 584 ReadTransaction trans(FROM_HERE, user_share_); | 584 ReadTransaction trans(FROM_HERE, user_share_); |
| 585 ReadNode nigori_node(&trans); | 585 ReadNode nigori_node(&trans); |
| 586 if (nigori_node.InitByTagLookup(kNigoriTag) != BaseNode::INIT_OK) | 586 if (nigori_node.InitByTagLookup(kNigoriTag) != BaseNode::INIT_OK) |
| 587 return false; | 587 return false; |
| 588 return IsNigoriMigratedToKeystore(nigori_node.GetNigoriSpecifics()); | 588 return IsNigoriMigratedToKeystore(nigori_node.GetNigoriSpecifics()); |
| 589 } | 589 } |
| 590 | 590 |
| 591 base::Time SyncEncryptionHandlerImpl::GetKeystoreMigrationTime() const { |
| 592 if (migration_time_ms_ != 0) |
| 593 return ProtoTimeToTime(migration_time_ms_); |
| 594 else |
| 595 return base::Time(); |
| 596 } |
| 597 |
| 591 // This function iterates over all encrypted types. There are many scenarios in | 598 // This function iterates over all encrypted types. There are many scenarios in |
| 592 // which data for some or all types is not currently available. In that case, | 599 // which data for some or all types is not currently available. In that case, |
| 593 // the lookup of the root node will fail and we will skip encryption for that | 600 // the lookup of the root node will fail and we will skip encryption for that |
| 594 // type. | 601 // type. |
| 595 void SyncEncryptionHandlerImpl::ReEncryptEverything( | 602 void SyncEncryptionHandlerImpl::ReEncryptEverything( |
| 596 WriteTransaction* trans) { | 603 WriteTransaction* trans) { |
| 597 DCHECK(thread_checker_.CalledOnValidThread()); | 604 DCHECK(thread_checker_.CalledOnValidThread()); |
| 598 DCHECK(UnlockVault(trans->GetWrappedTrans()).cryptographer.is_ready()); | 605 DCHECK(UnlockVault(trans->GetWrappedTrans()).cryptographer.is_ready()); |
| 599 for (ModelTypeSet::Iterator iter = | 606 for (ModelTypeSet::Iterator iter = |
| 600 UnlockVault(trans->GetWrappedTrans()).encrypted_types.First(); | 607 UnlockVault(trans->GetWrappedTrans()).encrypted_types.First(); |
| (...skipping 528 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1129 DCHECK(thread_checker_.CalledOnValidThread()); | 1136 DCHECK(thread_checker_.CalledOnValidThread()); |
| 1130 const sync_pb::NigoriSpecifics& old_nigori = | 1137 const sync_pb::NigoriSpecifics& old_nigori = |
| 1131 nigori_node->GetNigoriSpecifics(); | 1138 nigori_node->GetNigoriSpecifics(); |
| 1132 Cryptographer* cryptographer = | 1139 Cryptographer* cryptographer = |
| 1133 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; | 1140 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; |
| 1134 | 1141 |
| 1135 if (!ShouldTriggerMigration(old_nigori, *cryptographer)) | 1142 if (!ShouldTriggerMigration(old_nigori, *cryptographer)) |
| 1136 return false; | 1143 return false; |
| 1137 | 1144 |
| 1138 DVLOG(1) << "Starting nigori migration to keystore support."; | 1145 DVLOG(1) << "Starting nigori migration to keystore support."; |
| 1139 if (migration_time_ms_ == 0) | |
| 1140 migration_time_ms_ = TimeToProtoTime(base::Time::Now()); | |
| 1141 sync_pb::NigoriSpecifics migrated_nigori(old_nigori); | 1146 sync_pb::NigoriSpecifics migrated_nigori(old_nigori); |
| 1142 migrated_nigori.set_keystore_migration_time(migration_time_ms_); | |
| 1143 | 1147 |
| 1144 PassphraseType new_passphrase_type = passphrase_type_; | 1148 PassphraseType new_passphrase_type = passphrase_type_; |
| 1145 bool new_encrypt_everything = encrypt_everything_; | 1149 bool new_encrypt_everything = encrypt_everything_; |
| 1146 if (encrypt_everything_ && !IsExplicitPassphrase(passphrase_type_)) { | 1150 if (encrypt_everything_ && !IsExplicitPassphrase(passphrase_type_)) { |
| 1147 DVLOG(1) << "Switching to frozen implicit passphrase due to already having " | 1151 DVLOG(1) << "Switching to frozen implicit passphrase due to already having " |
| 1148 << "full encryption."; | 1152 << "full encryption."; |
| 1149 new_passphrase_type = FROZEN_IMPLICIT_PASSPHRASE; | 1153 new_passphrase_type = FROZEN_IMPLICIT_PASSPHRASE; |
| 1150 migrated_nigori.clear_keystore_decryptor_token(); | 1154 migrated_nigori.clear_keystore_decryptor_token(); |
| 1151 } else if (IsExplicitPassphrase(passphrase_type_)) { | 1155 } else if (IsExplicitPassphrase(passphrase_type_)) { |
| 1152 DVLOG_IF(1, !encrypt_everything_) << "Enabling encrypt everything due to " | 1156 DVLOG_IF(1, !encrypt_everything_) << "Enabling encrypt everything due to " |
| (...skipping 23 matching lines...) Expand all Loading... |
| 1176 keystore_key_, | 1180 keystore_key_, |
| 1177 migrated_nigori.mutable_keystore_decryptor_token())) { | 1181 migrated_nigori.mutable_keystore_decryptor_token())) { |
| 1178 LOG(ERROR) << "Failed to extract keystore decryptor token."; | 1182 LOG(ERROR) << "Failed to extract keystore decryptor token."; |
| 1179 return false; | 1183 return false; |
| 1180 } | 1184 } |
| 1181 if (!cryptographer->GetKeys(migrated_nigori.mutable_encryption_keybag())) { | 1185 if (!cryptographer->GetKeys(migrated_nigori.mutable_encryption_keybag())) { |
| 1182 LOG(ERROR) << "Failed to extract encryption keybag."; | 1186 LOG(ERROR) << "Failed to extract encryption keybag."; |
| 1183 return false; | 1187 return false; |
| 1184 } | 1188 } |
| 1185 | 1189 |
| 1190 if (migration_time_ms_ == 0) |
| 1191 migration_time_ms_ = TimeToProtoTime(base::Time::Now()); |
| 1192 migrated_nigori.set_keystore_migration_time(migration_time_ms_); |
| 1193 |
| 1186 DVLOG(1) << "Completing nigori migration to keystore support."; | 1194 DVLOG(1) << "Completing nigori migration to keystore support."; |
| 1187 nigori_node->SetNigoriSpecifics(migrated_nigori); | 1195 nigori_node->SetNigoriSpecifics(migrated_nigori); |
| 1196 |
| 1197 FOR_EACH_OBSERVER( |
| 1198 SyncEncryptionHandler::Observer, |
| 1199 observers_, |
| 1200 OnCryptographerStateChanged(cryptographer)); |
| 1188 if (passphrase_type_ != new_passphrase_type) { | 1201 if (passphrase_type_ != new_passphrase_type) { |
| 1189 passphrase_type_ = new_passphrase_type; | 1202 passphrase_type_ = new_passphrase_type; |
| 1190 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1203 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
| 1191 OnPassphraseTypeChanged(passphrase_type_)); | 1204 OnPassphraseTypeChanged(passphrase_type_)); |
| 1192 } | 1205 } |
| 1206 |
| 1193 if (new_encrypt_everything && !encrypt_everything_) { | 1207 if (new_encrypt_everything && !encrypt_everything_) { |
| 1194 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); | 1208 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); |
| 1195 ReEncryptEverything(trans); | 1209 ReEncryptEverything(trans); |
| 1196 } | 1210 } |
| 1197 return true; | 1211 return true; |
| 1198 } | 1212 } |
| 1199 | 1213 |
| 1200 bool SyncEncryptionHandlerImpl::GetKeystoreDecryptor( | 1214 bool SyncEncryptionHandlerImpl::GetKeystoreDecryptor( |
| 1201 const Cryptographer& cryptographer, | 1215 const Cryptographer& cryptographer, |
| 1202 const std::string& keystore_key, | 1216 const std::string& keystore_key, |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1286 SyncEncryptionHandler::Observer, | 1300 SyncEncryptionHandler::Observer, |
| 1287 observers_, | 1301 observers_, |
| 1288 OnCryptographerStateChanged(cryptographer)); | 1302 OnCryptographerStateChanged(cryptographer)); |
| 1289 return true; | 1303 return true; |
| 1290 } | 1304 } |
| 1291 } | 1305 } |
| 1292 return false; | 1306 return false; |
| 1293 } | 1307 } |
| 1294 | 1308 |
| 1295 } // namespace browser_sync | 1309 } // namespace browser_sync |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10917246:
[Sync] Add keystore encryption info to about:sync (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src